diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c
index cf307e7159be..40159ad3a34a 100644
--- a/crypto/heimdal/lib/krb5/crypto.c
+++ b/crypto/heimdal/lib/krb5/crypto.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.60 2002/01/06 23:12:51 assar Exp $");
+RCSID("$Id: crypto.c,v 1.64 2002/04/29 16:31:54 joda Exp $");
/* RCSID("$FreeBSD$"); */
#undef CRYPTO_DEBUG
@@ -140,7 +140,7 @@ static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
************************************************************/
static void
-DES_random_key(krb5_context context,
+krb5_DES_random_key(krb5_context context,
krb5_keyblock *key)
{
des_cblock *k = key->keyvalue.data;
@@ -151,7 +151,7 @@ DES_random_key(krb5_context context,
}
static void
-DES_schedule(krb5_context context,
+krb5_DES_schedule(krb5_context context,
struct key_data *key)
{
des_set_key(key->key->keyvalue.data, key->schedule->data);
@@ -189,7 +189,7 @@ DES_string_to_key_int(unsigned char *data, size_t length, des_cblock *key)
}
static krb5_error_code
-DES_string_to_key(krb5_context context,
+krb5_DES_string_to_key(krb5_context context,
krb5_enctype enctype,
krb5_data password,
krb5_salt salt,
@@ -226,7 +226,7 @@ DES_string_to_key(krb5_context context,
* Short passwords, i.e 8 characters or less.
*/
static void
-DES_AFS3_CMU_string_to_key (krb5_data pw,
+krb5_DES_AFS3_CMU_string_to_key (krb5_data pw,
krb5_data cell,
des_cblock *key)
{
@@ -255,7 +255,7 @@ DES_AFS3_CMU_string_to_key (krb5_data pw,
* Long passwords, i.e 9 characters or more.
*/
static void
-DES_AFS3_Transarc_string_to_key (krb5_data pw,
+krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
krb5_data cell,
des_cblock *key)
{
@@ -302,9 +302,9 @@ DES_AFS3_string_to_key(krb5_context context,
{
des_cblock tmp;
if(password.length > 8)
- DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp);
+ krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp);
else
- DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp);
+ krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp);
key->keytype = enctype;
krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
memset(&key, 0, sizeof(key));
@@ -386,7 +386,7 @@ DES3_string_to_key(krb5_context context,
memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
des_set_odd_parity(keys + i);
if(des_is_weak_key(keys + i))
- xor(keys + i, (unsigned char*)"\0\0\0\0\0\0\0\xf0");
+ xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
des_set_key(keys + i, s[i]);
}
memset(&ivec, 0, sizeof(ivec));
@@ -399,7 +399,7 @@ DES3_string_to_key(krb5_context context,
memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
des_set_odd_parity(keys + i);
if(des_is_weak_key(keys + i))
- xor(keys + i, (unsigned char*)"\0\0\0\0\0\0\0\xf0");
+ xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
}
memset(tmp, 0, sizeof(tmp));
}
@@ -509,8 +509,8 @@ struct key_type keytype_des = {
56,
sizeof(des_cblock),
sizeof(des_key_schedule),
- DES_random_key,
- DES_schedule,
+ krb5_DES_random_key,
+ krb5_DES_schedule,
des_salt
};
@@ -572,7 +572,7 @@ struct salt_type des_salt[] = {
{
KRB5_PW_SALT,
"pw-salt",
- DES_string_to_key
+ krb5_DES_string_to_key
},
{
KRB5_AFS3_SALT,
@@ -1868,29 +1868,35 @@ ARCFOUR_subdecrypt(krb5_context context,
* draft-brezak-win2k-krb-rc4-hmac-03.txt
*/
-static int
-usage2arcfour (int usage)
+static krb5_error_code
+usage2arcfour (krb5_context context, int *usage)
{
- switch (usage) {
+ switch (*usage) {
case KRB5_KU_PA_ENC_TIMESTAMP :
- return 1;
+ *usage = 1;
+ return 0;
case KRB5_KU_TICKET :
- return 8;
+ *usage = 8;
case KRB5_KU_AS_REP_ENC_PART :
- return 8;
+ *usage = 8;
+ return 0;
case KRB5_KU_TGS_REQ_AUTH_DAT_SESSION :
case KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY :
case KRB5_KU_TGS_REQ_AUTH_CKSUM :
case KRB5_KU_TGS_REQ_AUTH :
- return 7;
+ *usage = 7;
+ return 0;
case KRB5_KU_TGS_REP_ENC_PART_SESSION :
case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY :
- return 8;
+ *usage = 8;
+ return 0;
case KRB5_KU_AP_REQ_AUTH_CKSUM :
case KRB5_KU_AP_REQ_AUTH :
case KRB5_KU_AP_REQ_ENC_PART :
- return 11;
+ *usage = 11;
+ return 0;
case KRB5_KU_KRB_PRIV :
+ *usage = 0;
return 0;
case KRB5_KU_KRB_CRED :
case KRB5_KU_KRB_SAFE_CKSUM :
@@ -1904,7 +1910,8 @@ usage2arcfour (int usage)
case KRB5_KU_USAGE_SIGN :
case KRB5_KU_USAGE_SEQ :
default :
- abort ();
+ krb5_set_error_string(context, "unknown arcfour usage type %d", *usage);
+ return KRB5_PROG_ETYPE_NOSUPP;
}
}
@@ -1917,7 +1924,9 @@ ARCFOUR_encrypt(krb5_context context,
int usage,
void *ivec)
{
- usage = usage2arcfour (usage);
+ krb5_error_code ret;
+ if((ret = usage2arcfour (context, &usage)) != 0)
+ return ret;
if (encrypt)
return ARCFOUR_subencrypt (context, key, data, len, usage, ivec);
@@ -3002,6 +3011,11 @@ krb5_crypto_init(krb5_context context,
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
+ if((*crypto)->et->keytype->size != key->keyvalue.length) {
+ free(*crypto);
+ krb5_set_error_string (context, "encryption key has bad length");
+ return KRB5_BAD_KEYSIZE;
+ }
ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key);
if(ret) {
free(*crypto);
diff --git a/crypto/heimdal/lib/krb5/krb5_locl.h b/crypto/heimdal/lib/krb5/krb5_locl.h
index 793b7f18b8b8..9d8e99909c20 100644
--- a/crypto/heimdal/lib/krb5/krb5_locl.h
+++ b/crypto/heimdal/lib/krb5/krb5_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
+ * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: krb5_locl.h,v 1.67 2001/08/22 20:30:30 assar Exp $ */
+/* $Id: krb5_locl.h,v 1.69 2002/08/12 15:09:19 joda Exp $ */
/* $FreeBSD$ */
#ifndef __KRB5_LOCL_H__
@@ -106,6 +106,9 @@ struct sockaddr_dl;
#ifdef HAVE_SYS_FILIO_H
#include <sys/filio.h>
#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
#include <roken.h>
#include <parse_time.h>
#include <base64.h>
@@ -136,8 +139,8 @@ struct sockaddr_dl;
#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
/* should this be public? */
-#define KEYTAB_DEFAULT "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab"
-#define KEYTAB_DEFAULT_MODIFY "FILE:/etc/krb5.keytab"
+#define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab"
+#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
#ifndef O_BINARY
#define O_BINARY 0