diff options
| author | John Kohl <jtkohl@mit.edu> | 1990-02-05 15:33:32 +0000 |
|---|---|---|
| committer | John Kohl <jtkohl@mit.edu> | 1990-02-05 15:33:32 +0000 |
| commit | 93c6396e991b4e4acffbb35b1f13ec00f93d52d6 (patch) | |
| tree | cdcaaeeb4ea29a6a354756f338698f79a0dd9b7b /src/lib/kdb/encrypt_key.c | |
| parent | 509ce0aaff8af4d160a938a3029337ab18c591a4 (diff) | |
| download | krb5-93c6396e991b4e4acffbb35b1f13ec00f93d52d6.tar.gz krb5-93c6396e991b4e4acffbb35b1f13ec00f93d52d6.tar.xz krb5-93c6396e991b4e4acffbb35b1f13ec00f93d52d6.zip | |
need to put length of key into encrypted stuff
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@284 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kdb/encrypt_key.c')
| -rw-r--r-- | src/lib/kdb/encrypt_key.c | 49 |
1 files changed, 43 insertions, 6 deletions
diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c index 59a290938..435a60ee2 100644 --- a/src/lib/kdb/encrypt_key.c +++ b/src/lib/kdb/encrypt_key.c @@ -17,6 +17,7 @@ static char rcsid_encrypt_key_c [] = #include <krb5/copyright.h> #include <krb5/krb5.h> +#include <krb5/kdb5_err.h> #include <krb5/ext-proto.h> #include <errno.h> @@ -26,17 +27,33 @@ krb5_keyblock *in; krb5_keyblock *out; krb5_encrypt_block *eblock; { + /* encrypted rep has a length encrypted along with the key, + so that we win if the keysize != blocksize. + However, this means an extra block (at least) if + keysize == blocksize. */ + + krb5_error_code retval; + *out = *in; out->length = krb5_encrypt_size(in->length, eblock->crypto_entry); + out->length += sizeof(out->length); out->contents = (krb5_octet *)malloc(out->length); if (!out->contents) { out->contents = 0; out->length = 0; return ENOMEM; } - return (*eblock->crypto_entry->encrypt_func)((krb5_pointer) in->contents, - (krb5_pointer) out->contents, - in->length, eblock); + bcopy(&out->length, out->contents, sizeof(out->length)); + if (retval = (*eblock->crypto_entry-> + encrypt_func)((krb5_pointer) in->contents, + ((krb5_pointer) out->contents) + + sizeof(out->length), + in->length, eblock)) { + free((char *)out->contents); + out->contents = 0; + out->length = 0; + } + return retval; } krb5_error_code @@ -45,6 +62,8 @@ krb5_keyblock *in; krb5_keyblock *out; krb5_encrypt_block *eblock; { + krb5_error_code retval; + *out = *in; out->length = krb5_encrypt_size(in->length, eblock->crypto_entry); out->contents = (krb5_octet *)malloc(out->length); @@ -53,7 +72,25 @@ krb5_encrypt_block *eblock; out->length = 0; return ENOMEM; } - return (*eblock->crypto_entry->decrypt_func)((krb5_pointer) in->contents, - (krb5_pointer) out->contents, - in->length, eblock); + if (retval = (*eblock->crypto_entry-> + decrypt_func)((krb5_pointer) in->contents, + (krb5_pointer) out->contents, + in->length, eblock)) { + free((char *)out->contents); + out->contents = 0; + out->length = 0; + return retval; + } + out->length -= sizeof(out->length); + if (out->length < 0) { + free((char *)out->contents); + out->contents = 0; + out->length = 0; + return KRB5_KDB_INVALIDKEYSIZE; + } + /* shift key down to beginning of contents, and ignore extra wasted + space */ + bcopy(out->contents, ((krb5_pointer) out->contents ) + sizeof(out->length), + out->length); + return retval; } |