oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(hdb_unseal_keys_mkey, hdb_seal_keys_mkey, hdb_unseal_keys,

Browse Source 
hdb_seal_keys): check that we have the correct master key and that we
manage to decrypt the key properly, returning an error code.  fix all
callers to check return value.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9594 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2001-01-30 01:20:57 +00:00
parent f7ab4f7ac3
commit 0e0d1336bd
1 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
lib/hdb/mkey.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000, 2001 Kungliga Tekniska H<>gskolan * Copyright (c) 2000 - 2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -335,13 +335,14 @@ find_master_key(Key *key, hdb_master_key mkey)
return ret; return ret;
} }
void krb5_error_code
hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
{ {
int i; int i;
krb5_error_code ret; krb5_error_code ret;
krb5_data res; krb5_data res;
Key *k; Key *k;
for(i = 0; i < ent->keys.len; i++){ for(i = 0; i < ent->keys.len; i++){
hdb_master_key key; hdb_master_key key;
@@ -351,10 +352,15 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
key = find_master_key(&ent->keys.val[i], mkey); key = find_master_key(&ent->keys.val[i], mkey);
if (key == NULL)
return HDB_ERR_NO_MKEY;
ret = krb5_decrypt(context, key->crypto, HDB_KU_MKEY, ret = krb5_decrypt(context, key->crypto, HDB_KU_MKEY,
k->key.keyvalue.data, k->key.keyvalue.data,
k->key.keyvalue.length, k->key.keyvalue.length,
&res); &res);
if (ret)
return ret;
memset(k->key.keyvalue.data, 0, k->key.keyvalue.length); memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
free(k->key.keyvalue.data); free(k->key.keyvalue.data);
@@ -362,17 +368,18 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
free(k->mkvno); free(k->mkvno);
k->mkvno = NULL; k->mkvno = NULL;
} }
return 0;
} }
void krb5_error_code
hdb_unseal_keys(krb5_context context, HDB *db, hdb_entry *ent) hdb_unseal_keys(krb5_context context, HDB *db, hdb_entry *ent)
{ {
if (db->master_key_set == 0) if (db->master_key_set == 0)
return; return 0;
hdb_unseal_keys_mkey(context, ent, db->master_key); return hdb_unseal_keys_mkey(context, ent, db->master_key);
} }
void krb5_error_code
hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
{ {
int i; int i;
@@ -387,27 +394,35 @@ hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
key = find_master_key(k, mkey); key = find_master_key(k, mkey);
if (key == NULL)
return HDB_ERR_NO_MKEY;
ret = krb5_encrypt(context, key->crypto, HDB_KU_MKEY, ret = krb5_encrypt(context, key->crypto, HDB_KU_MKEY,
k->key.keyvalue.data, k->key.keyvalue.data,
k->key.keyvalue.length, k->key.keyvalue.length,
&res); &res);
if (ret)
return ret;
memset(k->key.keyvalue.data, 0, k->key.keyvalue.length); memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
free(k->key.keyvalue.data); free(k->key.keyvalue.data);
k->key.keyvalue = res; k->key.keyvalue = res;
k->mkvno = malloc(sizeof(*k->mkvno)); k->mkvno = malloc(sizeof(*k->mkvno));
if (k->mkvno == NULL)
return ENOMEM;
*k->mkvno = key->keytab.vno; *k->mkvno = key->keytab.vno;
} }
return 0;
} }
void krb5_error_code
hdb_seal_keys(krb5_context context, HDB *db, hdb_entry *ent) hdb_seal_keys(krb5_context context, HDB *db, hdb_entry *ent)
{ {
if (db->master_key_set == 0) if (db->master_key_set == 0)
return; return 0;
hdb_seal_keys_mkey(context, ent, db->master_key); return hdb_seal_keys_mkey(context, ent, db->master_key);
} }
krb5_error_code krb5_error_code