diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/crypto/krb/old_api_glue.c | 44 |
1 files changed, 35 insertions, 9 deletions
diff --git a/src/lib/crypto/krb/old_api_glue.c b/src/lib/crypto/krb/old_api_glue.c index 585ed11a3..b5bb28083 100644 --- a/src/lib/crypto/krb/old_api_glue.c +++ b/src/lib/crypto/krb/old_api_glue.c @@ -211,6 +211,25 @@ krb5_checksum_size(krb5_context context, krb5_cksumtype ctype) return ret; } +/* Guess the enctype for an untyped key used with checksum type ctype. */ +static krb5_enctype +guess_enctype(krb5_cksumtype ctype) +{ + const struct krb5_cksumtypes *ctp; + int i; + + if (ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR) + return ENCTYPE_ARCFOUR_HMAC; + ctp = find_cksumtype(ctype); + if (ctp == NULL || ctp->enc == NULL) + return 0; + for (i = 0; i < krb5int_enctypes_length; i++) { + if (krb5int_enctypes_list[i].enc == ctp->enc) + return i; + } + return 0; +} + krb5_error_code KRB5_CALLCONV krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype, krb5_const_pointer in, size_t in_length, @@ -218,15 +237,18 @@ krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype, krb5_checksum *outcksum) { krb5_data input = make_data((void *) in, in_length); - krb5_keyblock key; + krb5_keyblock keyblock, *kptr = NULL; krb5_error_code ret; krb5_checksum cksum; - key.enctype = ENCTYPE_NULL; - key.length = seed_length; - key.contents = (unsigned char *) seed; + if (seed != NULL) { + keyblock.enctype = guess_enctype(ctype); + keyblock.length = seed_length; + keyblock.contents = (unsigned char *) seed; + kptr = &keyblock; + } - ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum); + ret = krb5_c_make_checksum(context, ctype, kptr, 0, &input, &cksum); if (ret) return ret; @@ -253,14 +275,18 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, size_t seed_length) { krb5_data input = make_data((void *) in, in_length); - krb5_keyblock key; + krb5_keyblock keyblock, *kptr = NULL; krb5_error_code ret; krb5_boolean valid; - key.length = seed_length; - key.contents = (unsigned char *) seed; + if (seed != NULL) { + keyblock.enctype = guess_enctype(ctype); + keyblock.length = seed_length; + keyblock.contents = (unsigned char *) seed; + kptr = &keyblock; + } - ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum, &valid); + ret = krb5_c_verify_checksum(context, kptr, 0, &input, cksum, &valid); if (ret) return ret; |