3 files changed, 22 insertions, 6 deletions

diff --git a/src/lib/crypto/md4/ChangeLog b/src/lib/crypto/md4/ChangeLog
index 06783a21d..8d3ca2ee5 100644
--- a/src/lib/crypto/md4/ChangeLog
+++ b/src/lib/crypto/md4/ChangeLog
@@ -1,3 +1,16 @@
+Sat May 18 01:49:33 1996  Theodore Y. Ts'o  <tytso@mit.edu>
+
+	* md4crypto.c: Define MD4_K5BETA_COMPAT and MD4_K5BETA_COMP_DEF so
+ 		that we continue doing things the wrong (broken) way.  All
+ 		hail backwards compatibility....  The code now generates
+ 		the old checksum, but it will verify both the old and the
+ 		correct checksum formats.
+
+		Also fixed two bugs in the "correct" MD4_CRYPTO
+		implementation; use a zero initialization vector, and
+		calculate the confounder at the beginning of the message,
+		not at the end.  
+
 Tue May 14 19:31:58 1996  Richard Basch  <basch@lehman.com>
 
 	* md4crypto.c md4glue.c:
diff --git a/src/lib/crypto/md4/configure.in b/src/lib/crypto/md4/configure.in
index 7e467a202..7eff1bc8b 100644
--- a/src/lib/crypto/md4/configure.in
+++ b/src/lib/crypto/md4/configure.in
@@ -1,6 +1,5 @@
 AC_INIT(configure.in)
 CONFIG_RULES
-AC_DEFINE(MD4_K5BETA_COMPAT)
 V5_SHARED_LIB_OBJS
 SubdirLibraryRule([${OBJS}])
 V5_AC_OUTPUT_MAKEFILE
diff --git a/src/lib/crypto/md4/md4crypto.c b/src/lib/crypto/md4/md4crypto.c
index b6c2f9473..a0b7fc626 100644
--- a/src/lib/crypto/md4/md4crypto.c
+++ b/src/lib/crypto/md4/md4crypto.c
@@ -38,6 +38,8 @@ krb5_error_code
 krb5_md4_crypto_verify_func PROTOTYPE((krb5_checksum FAR *cksum, krb5_pointer in,
 	size_t in_length, krb5_pointer seed, size_t seed_length));
 
+static mit_des_cblock zero_ivec = { 0 };
+
 /*
  * In Kerberos V5 Beta 5 and previous releases the RSA-MD4-DES implementation
  * did not follow RFC1510.  The folowing definitions control the compatibility
@@ -51,14 +53,16 @@ krb5_md4_crypto_verify_func PROTOTYPE((krb5_checksum FAR *cksum, krb5_pointer in
  * the compatible behaviour becomes the default.
  *
  */
+#define MD4_K5BETA_COMPAT
+#define MD4_K5BETA_COMPAT_DEF
 
 static void
-krb5_md4_calculate_cksum(md4ctx, in, in_length, confound, confound_length)
+krb5_md4_calculate_cksum(md4ctx, confound, confound_length, in, in_length)
     krb5_MD4_CTX		*md4ctx;
-    krb5_pointer	in;
-    size_t		in_length;
     krb5_pointer	confound;
     size_t		confound_length;
+    krb5_pointer	in;
+    size_t		in_length;
 {
     krb5_MD4Init(md4ctx);
     if (confound && confound_length)
@@ -184,7 +188,7 @@ krb5_checksum FAR *outcksum;
 				 RSA_MD4_DES_CKSUM_LENGTH +
 				 RSA_MD4_DES_CONFOUND_LENGTH,
 				 (struct mit_des_ks_struct *)eblock.priv,
-				 keyblock.contents,
+				 zero_ivec,
 				 MIT_DES_ENCRYPT);
     if (retval) {
 	(void) mit_des_finish_key(&eblock);
@@ -293,7 +297,7 @@ size_t seed_length;
 					 RSA_MD4_DES_CONFOUND_LENGTH,
 					 (struct mit_des_ks_struct *)
 					 	eblock.priv,
-					 keyblock.contents,
+					 zero_ivec,
 					 MIT_DES_DECRYPT);
 	    if (retval) {
 		(void) mit_des_finish_key(&eblock);