Add test vectors from RFC 3961 for DES and DES3 to t_str2key.c. Fix

OpenSSL module handling of salts in its DES string-to-key.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24686 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 12 insertions, 1 deletions

diff --git a/src/lib/crypto/openssl/des/string2key.c b/src/lib/crypto/openssl/des/string2key.c
index bc37da63b0..923cee52b5 100644
--- a/src/lib/crypto/openssl/des/string2key.c
+++ b/src/lib/crypto/openssl/des/string2key.c
@@ -33,7 +33,18 @@ mit_des_string_to_key_int(krb5_keyblock *key, const krb5_data *pw,
                           const krb5_data *salt)
 {
     DES_cblock outkey;
-    DES_string_to_key(pw->data, &outkey);
+    char *str;
+    krb5_data s = (salt == NULL) ? empty_data() : *salt;
+
+    /* AFS string-to-key isn't implemented. */
+    if (s.length == SALT_TYPE_AFS_LENGTH)
+        return KRB5_CRYPTO_INTERNAL;
+
+    /* Concatenate password and salt. */
+    if (asprintf(&str, "%.*s%.*s", pw->length, pw->data, s.length, s.data) < 0)
+        return ENOMEM;
+    DES_string_to_key(str, &outkey);
+    free(str);
     if (key->length < sizeof(outkey))
         return KRB5_CRYPTO_INTERNAL;
     key->length = sizeof(outkey);