encode_kdc.c (krb5_encode_kdc_rep): Now requires that the

	caller pass in the encryption block to be used for
	encrpyting the ticket.  That way, this routine doesn't
	need to create its own encryption block.

encrypt_tk.c (krb5_encrypt_tkt_part): Now requires that the
	caller pass in the encryption block to be used for
	encrpyting the ticket.  That way, this routine doesn't
	need to create its own encryption block.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4710 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 40 insertions, 27 deletions

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index b68f11e415..a9ed389f9a 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,20 @@
+Mon Nov 21 15:30:07 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+	* encode_kdc.c (krb5_encode_kdc_rep): Now requires that the
+		caller pass in the encryption block to be used for
+		encrpyting the ticket.  That way, this routine doesn't
+		need to create its own encryption block.
+
+	* encrypt_tk.c (krb5_encrypt_tkt_part): Now requires that the
+		caller pass in the encryption block to be used for
+		encrpyting the ticket.  That way, this routine doesn't
+		need to create its own encryption block.
+
+Fri Nov 18 17:30:44 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+	* mk_req_ext.c (krb5_mk_req_extended): Encrypt the authenticator
+		using the same encryption system used to encrypt the ticket.
+
 Thu Nov 17 01:56:05 1994  Theodore Y. Ts'o  (tytso@dcl)
 
 	* gc_via_tgt.c (krb5_get_cred_via_tgt): 
diff --git a/src/lib/krb5/krb/encode_kdc.c b/src/lib/krb5/krb/encode_kdc.c
index 4270c57b4c..6b01b64d2d 100644
--- a/src/lib/krb5/krb/encode_kdc.c
+++ b/src/lib/krb5/krb/encode_kdc.c
@@ -46,17 +46,18 @@
 krb5_error_code
 krb5_encode_kdc_rep(DECLARG(const krb5_msgtype, type),
 		    DECLARG(const krb5_enc_kdc_rep_part *, encpart),
+		    DECLARG(krb5_encrypt_block *, eblock),
 		    DECLARG(const krb5_keyblock *, client_key),
 		    DECLARG(krb5_kdc_rep *, dec_rep),
 		    DECLARG(krb5_data **, enc_rep))
 OLDDECLARG(const krb5_msgtype, type)
 OLDDECLARG(const krb5_enc_kdc_rep_part *, encpart)
+OLDDECLARG(krb5_encrypt_block *, eblock)
 OLDDECLARG(const krb5_keyblock *, client_key)
 OLDDECLARG(krb5_kdc_rep *, dec_rep)
 OLDDECLARG(krb5_data **, enc_rep)
 {
     krb5_data *scratch;
-    krb5_encrypt_block eblock;
     krb5_error_code retval;
     krb5_enc_kdc_rep_part tmp_encpart;
 
@@ -77,7 +78,7 @@ OLDDECLARG(krb5_data **, enc_rep)
      * type correct.
      * 
      * Although note that it may be doing nothing with the message
-     * type, to be compatible with old versions of Kerberos that ways
+     * type, to be compatible with old versions of Kerberos that always
      * encode this as a TGS_REP regardly of what it really should be;
      * also note that the reason why we are passing it in a structure
      * instead of as an argument to encode_krb5_enc_kdc_rep_part (the
@@ -95,11 +96,8 @@ OLDDECLARG(krb5_data **, enc_rep)
 #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
 krb5_free_data(scratch); }
 
-    /* put together an eblock for this encryption */
-
-    krb5_use_cstype(&eblock, dec_rep->enc_part.etype);
     dec_rep->enc_part.ciphertext.length =
-	krb5_encrypt_size(scratch->length, eblock.crypto_entry);
+	krb5_encrypt_size(scratch->length, eblock->crypto_entry);
     /* add padding area, and zero it */
     if (!(scratch->data = realloc(scratch->data,
 				  dec_rep->enc_part.ciphertext.length))) {
@@ -122,24 +120,26 @@ free(dec_rep->enc_part.ciphertext.data); \
 dec_rep->enc_part.ciphertext.length = 0; \
 dec_rep->enc_part.ciphertext.data = 0;}
 
-    retval = krb5_process_key(&eblock, client_key);
+    retval = krb5_process_key(eblock, client_key);
     if (retval) {
 	goto clean_encpart;
     }
 
-#define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
+#define cleanup_prockey() {(void) krb5_finish_key(eblock);}
 
     retval = krb5_encrypt((krb5_pointer) scratch->data,
 			      (krb5_pointer) dec_rep->enc_part.ciphertext.data,
-			      scratch->length, &eblock, 0);
+			      scratch->length, eblock, 0);
     if (retval) {
 	goto clean_prockey;
     }
 
+    dec_rep->enc_part.etype = krb5_eblock_enctype(eblock);
+
     /* do some cleanup */
     cleanup_scratch();
 
-    retval = krb5_finish_key(&eblock);
+    retval = krb5_finish_key(eblock);
     if (retval) {
 	cleanup_encpart();
 	return retval;
diff --git a/src/lib/krb5/krb/encrypt_tk.c b/src/lib/krb5/krb/encrypt_tk.c
index 4051ca6bb3..bb263da007 100644
--- a/src/lib/krb5/krb/encrypt_tk.c
+++ b/src/lib/krb5/krb/encrypt_tk.c
@@ -44,20 +44,15 @@
 */
 
 krb5_error_code
-krb5_encrypt_tkt_part(srv_key, dec_ticket)
+krb5_encrypt_tkt_part(eblock, srv_key, dec_ticket)
+krb5_encrypt_block *eblock;
 const krb5_keyblock *srv_key;
 register krb5_ticket *dec_ticket;
 {
     krb5_data *scratch;
     krb5_error_code retval;
-    krb5_encrypt_block eblock;
     register krb5_enc_tkt_part *dec_tkt_part = dec_ticket->enc_part2;
 
-    /* encrypt the encrypted part */
-
-    if (!valid_etype(dec_ticket->enc_part.etype))
-	return KRB5_PROG_ETYPE_NOSUPP;
-
     /*  start by encoding the to-be-encrypted part. */
     if (retval = encode_krb5_enc_tkt_part(dec_tkt_part, &scratch)) {
 	return retval;
@@ -66,12 +61,8 @@ register krb5_ticket *dec_ticket;
 #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
 krb5_free_data(scratch); }
 
-    /* put together an eblock for this encryption */
-
-    krb5_use_cstype(&eblock, dec_ticket->enc_part.etype);
     dec_ticket->enc_part.ciphertext.length =
-	krb5_encrypt_size(scratch->length,
-			  eblock.crypto_entry);
+	krb5_encrypt_size(scratch->length, eblock->crypto_entry);
     /* add padding area, and zero it */
     if (!(scratch->data = realloc(scratch->data,
 				  dec_ticket->enc_part.ciphertext.length))) {
@@ -95,23 +86,25 @@ dec_ticket->enc_part.ciphertext.length = 0; \
 dec_ticket->enc_part.ciphertext.data = 0;}
 
     /* do any necessary key pre-processing */
-    if (retval = krb5_process_key(&eblock, srv_key)) {
+    if (retval = krb5_process_key(eblock, srv_key)) {
 	goto clean_encpart;
     }
 
-#define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
+#define cleanup_prockey() {(void) krb5_finish_key(eblock);}
 
     /* call the encryption routine */
     if (retval = krb5_encrypt((krb5_pointer) scratch->data,
 			      (krb5_pointer) dec_ticket->enc_part.ciphertext.data,
-			      scratch->length, &eblock, 0)) {
+			      scratch->length, eblock, 0)) {
 	goto clean_prockey;
     }
 
+    dec_ticket->enc_part.etype = krb5_eblock_enctype(eblock);
+
     /* ticket is now assembled-- do some cleanup */
     cleanup_scratch();
 
-    if (retval = krb5_finish_key(&eblock)) {
+    if (retval = krb5_finish_key(eblock)) {
 	cleanup_encpart();
 	return retval;
     }
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index 39b8f121cd..13003a704a 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -107,7 +107,10 @@ krb5_data *outbuf;
     if (!valid_keytype(creds->keyblock.keytype))
 	return KRB5_PROG_KEYTYPE_NOSUPP;
 
-    etype = krb5_keytype_array[creds->keyblock.keytype]->system->proto_enctype;
+    if (creds->keyblock.etype == ETYPE_UNKNOWN)
+	etype = krb5_keytype_array[creds->keyblock.keytype]->system->proto_enctype;
+    else
+	etype = creds->keyblock.etype;
 
     if (!valid_etype(etype))
 	return KRB5_PROG_ETYPE_NOSUPP;