From 1be5e6bcc6649258d08d17fa3250f9054b0ef514 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Mon, 27 Jan 2003 14:12:15 +0000 Subject: [PATCH] (verify_mic_des3): fix 3des verify_mic to conform to rfc (and mit kerberos), provide backward compat hook git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11624 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/krb5/verify_mic.c | 15 ++++++++++----- lib/gssapi/verify_mic.c | 15 ++++++++++----- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c index c7e4f7732..c74a8ce75 100644 --- a/lib/gssapi/krb5/verify_mic.c +++ b/lib/gssapi/krb5/verify_mic.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -141,6 +141,7 @@ verify_mic_des3 int cmp; Checksum csum; char *tmp; + char ivec[8]; p = token_buffer->value; ret = gssapi_krb5_verify_header (&p, @@ -167,11 +168,15 @@ verify_mic_des3 } /* verify sequence number */ + if (context_handle->more_flags & COMPAT_OLD_DES3) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); - ret = krb5_decrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - p, 8, &seq_data); + ret = krb5_decrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + p, 8, &seq_data, ivec); if (ret) { gssapi_krb5_set_error_string (); krb5_crypto_destroy (gssapi_krb5_context, crypto); diff --git a/lib/gssapi/verify_mic.c b/lib/gssapi/verify_mic.c index c7e4f7732..c74a8ce75 100644 --- a/lib/gssapi/verify_mic.c +++ b/lib/gssapi/verify_mic.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -141,6 +141,7 @@ verify_mic_des3 int cmp; Checksum csum; char *tmp; + char ivec[8]; p = token_buffer->value; ret = gssapi_krb5_verify_header (&p, @@ -167,11 +168,15 @@ verify_mic_des3 } /* verify sequence number */ + if (context_handle->more_flags & COMPAT_OLD_DES3) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); - ret = krb5_decrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - p, 8, &seq_data); + ret = krb5_decrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + p, 8, &seq_data, ivec); if (ret) { gssapi_krb5_set_error_string (); krb5_crypto_destroy (gssapi_krb5_context, crypto);