From dc2b3cf973f269c5845398481141633c989c3e08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Mon, 27 Jan 2003 14:11:16 +0000 Subject: [PATCH] (mic_des3): fix 3des get_mic to conform to rfc (and mit kerberos), provide backward compat hook git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11623 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/get_mic.c | 16 +++++++++++----- lib/gssapi/krb5/get_mic.c | 16 +++++++++++----- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/lib/gssapi/get_mic.c b/lib/gssapi/get_mic.c index 8f138cf04..2a335f143 100644 --- a/lib/gssapi/get_mic.c +++ b/lib/gssapi/get_mic.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -139,6 +139,7 @@ mic_des3 krb5_error_code kret; krb5_data encdata; char *tmp; + char ivec[8]; gssapi_krb5_encap_length (36, &len, &total_len); @@ -219,10 +220,15 @@ mic_des3 return GSS_S_FAILURE; } - kret = krb5_encrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata); + if (context_handle->more_flags & COMPAT_OLD_DES3) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); + + kret = krb5_encrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + seq, 8, &encdata, ivec); krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); diff --git a/lib/gssapi/krb5/get_mic.c b/lib/gssapi/krb5/get_mic.c index 8f138cf04..2a335f143 100644 --- a/lib/gssapi/krb5/get_mic.c +++ b/lib/gssapi/krb5/get_mic.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -139,6 +139,7 @@ mic_des3 krb5_error_code kret; krb5_data encdata; char *tmp; + char ivec[8]; gssapi_krb5_encap_length (36, &len, &total_len); @@ -219,10 +220,15 @@ mic_des3 return GSS_S_FAILURE; } - kret = krb5_encrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata); + if (context_handle->more_flags & COMPAT_OLD_DES3) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); + + kret = krb5_encrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + seq, 8, &encdata, ivec); krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value);