diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-04-27 21:11:04 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-04-27 21:11:04 +0000 |
commit | bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41 (patch) | |
tree | 9921ea248714b444781e3cb25e12842f55b3d2a8 /src/lib/crypto | |
parent | b886919f6478e8c55811c5b790cb5a4a69f9c341 (diff) | |
download | krb5-bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41.tar.gz krb5-bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41.tar.xz krb5-bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41.zip |
Stop using SALT_TYPE_AFS_LENGTH
In krb5_init_creds_ctx and krb5_clpreauth_rock_st, use a boolean to
track whether we're still using the default salt instead of
overloading salt.length. In preauth2.c, process afs3 salt values like
we would in krb5int_des_string_to_key, and set an s2kparams indicator
instead of overloading salt.length. Also use an s2kparams indicator
in kdb_cpw.c's add_key_pwd. Remove the s2k code to handle overloaded
salt lengths, except for a sanity check.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25837 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto')
-rw-r--r-- | src/lib/crypto/krb/s2k_des.c | 8 | ||||
-rw-r--r-- | src/lib/crypto/krb/string_to_key.c | 18 |
2 files changed, 3 insertions, 23 deletions
diff --git a/src/lib/crypto/krb/s2k_des.c b/src/lib/crypto/krb/s2k_des.c index fd2143054b..61b3c0f012 100644 --- a/src/lib/crypto/krb/s2k_des.c +++ b/src/lib/crypto/krb/s2k_des.c @@ -670,7 +670,6 @@ krb5int_des_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *parm, krb5_keyblock *keyblock) { int type; - krb5_data afssalt; if (parm != NULL) { if (parm->length != 1) @@ -685,12 +684,5 @@ krb5int_des_string_to_key(const struct krb5_keytypes *ktp, if (type == 1) return afs_s2k(string, salt, keyblock->contents); - /* Also use AFS string to key if the salt indicates it. */ - if (salt != NULL && (salt->length == SALT_TYPE_AFS_LENGTH - || salt->length == (unsigned)-1)) { - afssalt = make_data(salt->data, strcspn(salt->data, "@")); - return afs_s2k(string, &afssalt, keyblock->contents); - } - return des_s2k(string, salt, keyblock->contents); } diff --git a/src/lib/crypto/krb/string_to_key.c b/src/lib/crypto/krb/string_to_key.c index cd46d454a8..b55ee75d2f 100644 --- a/src/lib/crypto/krb/string_to_key.c +++ b/src/lib/crypto/krb/string_to_key.c @@ -51,21 +51,9 @@ krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype, return KRB5_BAD_ENCTYPE; keylength = ktp->enc->keylength; - /* - * xxx AFS string2key function is indicated by a special length in - * the salt in much of the code. However only the DES enctypes can - * deal with this. Using s2kparams would be a much better solution. - */ - if (salt && salt->length == SALT_TYPE_AFS_LENGTH) { - switch (enctype) { - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD4: - case ENCTYPE_DES_CBC_MD5: - break; - default: - return KRB5_CRYPTO_INTERNAL; - } - } + /* Fail gracefully if someone is using the old AFS string-to-key hack. */ + if (salt != NULL && salt->length == SALT_TYPE_AFS_LENGTH) + return EINVAL; key->contents = malloc(keylength); if (key->contents == NULL) |