get_in_tkt.c (decrypt_as_reply):
authorTheodore Tso <tytso@mit.edu>
Sat, 18 Nov 1995 03:39:15 +0000 (03:39 +0000)
committerTheodore Tso <tytso@mit.edu>
Sat, 18 Nov 1995 03:39:15 +0000 (03:39 +0000)
preauth.c (process_pw_salt): When fetching the key to decrypting the
encrypted kdc reply, use the etype associated with the etype
reply, not the etype associated with the included ticket.

encode_kdc.c: Remove eblock argument from krb5_encode_kdc_rep;
set the eblock type from the client_key's enctype.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7117 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/ChangeLog
src/lib/krb5/krb/encode_kdc.c
src/lib/krb5/krb/get_in_tkt.c
src/lib/krb5/krb/preauth.c

index 7c307bf10741215e2302078f64ab1a49476f8e43..a85215426807c60004607ea4597c5029df892b94 100644 (file)
@@ -1,3 +1,14 @@
+Fri Nov 17 22:35:52 1995  Theodore Y. Ts'o  <tytso@dcl>
+
+       * get_in_tkt.c (decrypt_as_reply): 
+       * preauth.c (process_pw_salt): When fetching the key to decrypting
+               the encrypted kdc reply, use the etype associated with the
+               etype reply, not the etype associated with the included
+               ticket. 
+
+       * encode_kdc.c: Remove eblock argument from krb5_encode_kdc_rep;
+               set the eblock type from the client_key's enctype.
+
 Thu Nov 16 20:29:17 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
        * srv_rcache.c (krb5_get_server_rcache): Use krb5_rc_default_type
index 502a87ecb0c503c370de3cfdb85cd20f0d3b3a51..bb9311f6af66d21b50612d418a3c4d68b9371fe1 100644 (file)
 /* due to argument promotion rules, we need to use the DECLARG/OLDDECLARG
    stuff... */
 krb5_error_code
-krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep)
+krb5_encode_kdc_rep(context, type, encpart, client_key, dec_rep, enc_rep)
     krb5_context context;
     const krb5_msgtype type;
     const krb5_enc_kdc_rep_part * encpart;
-    krb5_encrypt_block * eblock;
     const krb5_keyblock * client_key;
     krb5_kdc_rep * dec_rep;
     krb5_data ** enc_rep;
@@ -53,6 +52,7 @@ krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep
     krb5_data *scratch;
     krb5_error_code retval;
     krb5_enc_kdc_rep_part tmp_encpart;
+    krb5_encrypt_block eblock;
 
     if (!valid_enctype(dec_rep->enc_part.enctype))
        return KRB5_PROG_ETYPE_NOSUPP;
@@ -89,8 +89,9 @@ krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep
 #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
 krb5_free_data(context, scratch); }
 
+    krb5_use_enctype(context, &eblock, client_key->enctype);
     dec_rep->enc_part.ciphertext.length =
-       krb5_encrypt_size(scratch->length, eblock->crypto_entry);
+       krb5_encrypt_size(scratch->length, eblock.crypto_entry);
     /* add padding area, and zero it */
     if (!(scratch->data = realloc(scratch->data,
                                  dec_rep->enc_part.ciphertext.length))) {
@@ -113,26 +114,26 @@ free(dec_rep->enc_part.ciphertext.data); \
 dec_rep->enc_part.ciphertext.length = 0; \
 dec_rep->enc_part.ciphertext.data = 0;}
 
-    retval = krb5_process_key(context, eblock, client_key);
+    retval = krb5_process_key(context, &eblock, client_key);
     if (retval) {
        goto clean_encpart;
     }
 
-#define cleanup_prockey() {(void) krb5_finish_key(context, eblock);}
+#define cleanup_prockey() {(void) krb5_finish_key(context, &eblock);}
 
     retval = krb5_encrypt(context, (krb5_pointer) scratch->data,
                              (krb5_pointer) dec_rep->enc_part.ciphertext.data,
-                             scratch->length, eblock, 0);
+                             scratch->length, &eblock, 0);
     if (retval) {
        goto clean_prockey;
     }
 
-    dec_rep->enc_part.enctype = krb5_eblock_enctype(context, eblock);
+    dec_rep->enc_part.enctype = krb5_eblock_enctype(context, &eblock);
 
     /* do some cleanup */
     cleanup_scratch();
 
-    retval = krb5_finish_key(context, eblock);
+    retval = krb5_finish_key(context, &eblock);
     if (retval) {
        cleanup_encpart();
        return retval;
index 58bc1225a7898f3c6ee71aef9d64490032f257ac..52b4dd813e753ff8fc6b7fa24f3e11b8f00ea5bf 100644 (file)
@@ -197,7 +197,7 @@ decrypt_as_reply(context, request, as_reply, key_proc, keyseed, key,
        if ((retval = krb5_principal2salt(context, request->client, &salt)))
            return(retval);
     
-       retval = (*key_proc)(context, as_reply->ticket->enc_part.enctype,
+       retval = (*key_proc)(context, as_reply->enc_part.enctype,
                             &salt, keyseed, &decrypt_key);
        krb5_xfree(salt.data);
        if (retval)
index 4bfe9705ac3e456d38508106cd82fbbac1db9b8e..86aa899b5294f4a988e43af641866764e10d1d98 100644 (file)
@@ -305,7 +305,7 @@ process_pw_salt(context, padata, request, as_reply,
     salt.data = (char *) padata->contents;
     salt.length = padata->length;
     
-    if ((retval = (*key_proc)(context, as_reply->ticket->enc_part.enctype,
+    if ((retval = (*key_proc)(context, as_reply->enc_part.enctype,
                              &salt, keyseed, decrypt_key))) {
        *decrypt_key = 0;
        return retval;