From: Greg Hudson Date: Sun, 3 Feb 2013 18:21:34 +0000 (-0500) Subject: Make kprop/kpropd work with RC4 session key X-Git-Tag: krb5-1.12-alpha1~300 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d01455ec9ed88bd3ccae939961a6e123bb3d45f;p=thirdparty%2Fkrb5.git Make kprop/kpropd work with RC4 session key In krb5_auth_con_initivector and mk_priv/rd_priv, stop assuming that the enctype's block size is the size of the cipher state. Instead, make and discard a cipher state to get the size. ticket: 7561 target_version: 1.11.1 tags: pullup --- diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c index 0a2c5a98bd..54a579fa99 100644 --- a/src/lib/krb5/krb/auth_con.c +++ b/src/lib/krb5/krb/auth_con.c @@ -315,18 +315,18 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context) { krb5_error_code ret; - krb5_enctype enctype; + krb5_data cstate; if (auth_context->key) { - size_t blocksize; - - enctype = krb5_k_key_enctype(context, auth_context->key); - if ((ret = krb5_c_block_size(context, enctype, &blocksize))) - return(ret); - if ((auth_context->i_vector = (krb5_pointer)calloc(1,blocksize))) { - return 0; - } - return ENOMEM; + ret = krb5_c_init_state(context, &auth_context->key->keyblock, 0, + &cstate); + if (ret) + return ret; + auth_context->i_vector = (krb5_pointer)calloc(1,cstate.length); + krb5_c_free_state(context, &auth_context->key->keyblock, &cstate); + if (auth_context->i_vector == NULL) + return ENOMEM; + return 0; } return EINVAL; /* XXX need an error for no keyblock */ } diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c index 62c99340ff..4b63f25a4f 100644 --- a/src/lib/krb5/krb/mk_priv.c +++ b/src/lib/krb5/krb/mk_priv.c @@ -38,8 +38,8 @@ mk_priv_basic(krb5_context context, const krb5_data *userdata, krb5_error_code retval; krb5_priv privmsg; krb5_priv_enc_part privmsg_enc_part; - krb5_data *scratch1, *scratch2, ivdata; - size_t blocksize, enclen; + krb5_data *scratch1, *scratch2, cstate, ivdata; + size_t enclen; privmsg.enc_part.kvno = 0; /* XXX allow user-set? */ privmsg.enc_part.enctype = enctype; @@ -71,11 +71,12 @@ mk_priv_basic(krb5_context context, const krb5_data *userdata, /* call the encryption routine */ if (i_vector) { - if ((retval = krb5_c_block_size(context, enctype, &blocksize))) + if ((retval = krb5_c_init_state(context, &key->keyblock, 0, &cstate))) goto clean_encpart; - ivdata.length = blocksize; + ivdata.length = cstate.length; ivdata.data = i_vector; + krb5_c_free_state(context, &key->keyblock, &cstate); } if ((retval = krb5_k_encrypt(context, key, diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 6724586a92..94f6a66a6c 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -51,9 +51,7 @@ rd_priv_basic(krb5_context context, krb5_auth_context ac, krb5_priv * privmsg; krb5_data scratch; krb5_priv_enc_part * privmsg_enc_part; - size_t blocksize; - krb5_data ivdata, *iv = NULL; - krb5_enctype enctype; + krb5_data cstate, ivdata, *iv = NULL; if (!krb5_is_krb_priv(inbuf)) return KRB5KRB_AP_ERR_MSG_TYPE; @@ -63,11 +61,11 @@ rd_priv_basic(krb5_context context, krb5_auth_context ac, return retval; if (ac->i_vector != NULL) { - enctype = krb5_k_key_enctype(context, key); - if ((retval = krb5_c_block_size(context, enctype, &blocksize))) + if ((retval = krb5_c_init_state(context, &key->keyblock, 0, &cstate))) goto cleanup_privmsg; - ivdata = make_data(ac->i_vector, blocksize); + ivdata = make_data(ac->i_vector, cstate.length); iv = &ivdata; + krb5_c_free_state(context, &key->keyblock, &cstate); } scratch.length = privmsg->enc_part.ciphertext.length;