From e10e6f2c263e3820d6aef14b0499a5e66c301b1f Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Fri, 8 Dec 2000 05:06:04 +0000 Subject: [PATCH] (wrap_des3): use the checksum as ivec when encrypting the sequence number git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9314 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/krb5/wrap.c | 17 ++++++++++++----- lib/gssapi/wrap.c | 17 ++++++++++++----- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/lib/gssapi/krb5/wrap.c b/lib/gssapi/krb5/wrap.c index 3816d4620..0ac1f3998 100644 --- a/lib/gssapi/krb5/wrap.c +++ b/lib/gssapi/krb5/wrap.c @@ -302,7 +302,8 @@ wrap_des3 (context_handle->more_flags & LOCAL) ? 0 : 0xFF, 4); - ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, + + ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE_IVEC, &crypto); if (ret) { free (output_message_buffer->value); @@ -310,10 +311,16 @@ wrap_des3 return GSS_S_FAILURE; } - ret = krb5_encrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata); + { + des_cblock ivec; + + memcpy (&ivec, p + 8, 8); + ret = krb5_encrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + seq, 8, &encdata, + &ivec); + } krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { free (output_message_buffer->value); diff --git a/lib/gssapi/wrap.c b/lib/gssapi/wrap.c index 3816d4620..0ac1f3998 100644 --- a/lib/gssapi/wrap.c +++ b/lib/gssapi/wrap.c @@ -302,7 +302,8 @@ wrap_des3 (context_handle->more_flags & LOCAL) ? 0 : 0xFF, 4); - ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, + + ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE_IVEC, &crypto); if (ret) { free (output_message_buffer->value); @@ -310,10 +311,16 @@ wrap_des3 return GSS_S_FAILURE; } - ret = krb5_encrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata); + { + des_cblock ivec; + + memcpy (&ivec, p + 8, 8); + ret = krb5_encrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + seq, 8, &encdata, + &ivec); + } krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { free (output_message_buffer->value);