Define MD4_K5BETA_COMPAT and MD4_K5BETA_COMP_DEF so that we continue

doing things the wrong (broken) way.  All hail backwards
compatibility....  The code now generates the old checksum, but it
will verify both the old and the correct checksum formats.

Also fixed two bugs in the "correct" MD4_CRYPTO implementation; use a
zero initialization vector, and calculate the confounder at the
beginning of the message, not at the end.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8043 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 22 insertions, 6 deletions

diff --git a/src/lib/crypto/md4/ChangeLog b/src/lib/crypto/md4/ChangeLog
index 06783a21dc..8d3ca2ee5a 100644
--- a/src/lib/crypto/md4/ChangeLog
+++ b/src/lib/crypto/md4/ChangeLog
@@ -1,3 +1,16 @@
+Sat May 18 01:49:33 1996  Theodore Y. Ts'o  <tytso@mit.edu>
+
+	* md4crypto.c: Define MD4_K5BETA_COMPAT and MD4_K5BETA_COMP_DEF so
+ 		that we continue doing things the wrong (broken) way.  All
+ 		hail backwards compatibility....  The code now generates
+ 		the old checksum, but it will verify both the old and the
+ 		correct checksum formats.
+
+		Also fixed two bugs in the "correct" MD4_CRYPTO
+		implementation; use a zero initialization vector, and
+		calculate the confounder at the beginning of the message,
+		not at the end.  
+
 Tue May 14 19:31:58 1996  Richard Basch  <basch@lehman.com>
 
 	* md4crypto.c md4glue.c:
diff --git a/src/lib/crypto/md4/configure.in b/src/lib/crypto/md4/configure.in
index 7e467a202a..7eff1bc8b9 100644
--- a/src/lib/crypto/md4/configure.in
+++ b/src/lib/crypto/md4/configure.in
@@ -1,6 +1,5 @@
 AC_INIT(configure.in)
 CONFIG_RULES
-AC_DEFINE(MD4_K5BETA_COMPAT)
 V5_SHARED_LIB_OBJS
 SubdirLibraryRule([${OBJS}])
 V5_AC_OUTPUT_MAKEFILE
diff --git a/src/lib/crypto/md4/md4crypto.c b/src/lib/crypto/md4/md4crypto.c
index b6c2f94737..a0b7fc6260 100644
--- a/src/lib/crypto/md4/md4crypto.c
+++ b/src/lib/crypto/md4/md4crypto.c
@@ -38,6 +38,8 @@ krb5_error_code
 krb5_md4_crypto_verify_func PROTOTYPE((krb5_checksum FAR *cksum, krb5_pointer in,
 	size_t in_length, krb5_pointer seed, size_t seed_length));
 
+static mit_des_cblock zero_ivec = { 0 };
+
 /*
  * In Kerberos V5 Beta 5 and previous releases the RSA-MD4-DES implementation
  * did not follow RFC1510.  The folowing definitions control the compatibility
@@ -51,14 +53,16 @@ krb5_md4_crypto_verify_func PROTOTYPE((krb5_checksum FAR *cksum, krb5_pointer in
  * the compatible behaviour becomes the default.
  *
  */
+#define MD4_K5BETA_COMPAT
+#define MD4_K5BETA_COMPAT_DEF
 
 static void
-krb5_md4_calculate_cksum(md4ctx, in, in_length, confound, confound_length)
+krb5_md4_calculate_cksum(md4ctx, confound, confound_length, in, in_length)
     krb5_MD4_CTX		*md4ctx;
-    krb5_pointer	in;
-    size_t		in_length;
     krb5_pointer	confound;
     size_t		confound_length;
+    krb5_pointer	in;
+    size_t		in_length;
 {
     krb5_MD4Init(md4ctx);
     if (confound && confound_length)
@@ -184,7 +188,7 @@ krb5_checksum FAR *outcksum;
 				 RSA_MD4_DES_CKSUM_LENGTH +
 				 RSA_MD4_DES_CONFOUND_LENGTH,
 				 (struct mit_des_ks_struct *)eblock.priv,
-				 keyblock.contents,
+				 zero_ivec,
 				 MIT_DES_ENCRYPT);
     if (retval) {
 	(void) mit_des_finish_key(&eblock);
@@ -293,7 +297,7 @@ size_t seed_length;
 					 RSA_MD4_DES_CONFOUND_LENGTH,
 					 (struct mit_des_ks_struct *)
 					 	eblock.priv,
-					 keyblock.contents,
+					 zero_ivec,
 					 MIT_DES_DECRYPT);
 	    if (retval) {
 		(void) mit_des_finish_key(&eblock);