Ticket History #7914: Problem with krb5int_c_combine

# Tue May 20 11:59:30 2014 <kenh@cmf.nrl.navy.mil> - Ticket created

From:	Ken Hornstein <kenh@cmf.nrl.navy.mil>
To:	krb5-bugs@mit.edu
Subject:	Problem with krb5int_c_combine_keys()
Date:	Tue, 20 May 2014 11:31:33 -0400

Download (untitled) / with headers
text/plain 683B

When krb5int_c_combine_keys() was updated to use the new crypto interface,
a small bug was introduced. It turns out the temporary keyblock created
needs to have it's enctype set, otherwise when krb5int_derive_keyblock()
is called later it will fail with KRB5_BAD_ENCTYPE. The patch is trivial.

--Ken

--- a/src/lib/crypto/krb/combine_keys.c
+++ b/src/lib/crypto/krb/combine_keys.c
@@ -155,6 +155,7 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
randbits.data = (char *) rnd;
tkeyblock.length = keylength;
tkeyblock.contents = output;
+ tkeyblock.enctype = key1->enctype;

ret = (*ktp->rand2key)(&randbits, &tkeyblock);
if (ret)

# Wed May 21 11:34:09 2014 ghudson@mit.edu (Greg Hudson) - Given to ghudson@mit.edu (Greg Hudson)

# Wed May 21 11:34:09 2014 ghudson@mit.edu (Greg Hudson) - Target_Version 1.12.2 added

# Wed May 21 11:34:09 2014 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'review'

# Wed May 21 11:34:09 2014 ghudson@mit.edu (Greg Hudson) - Tags pullup added

# Wed May 21 11:34:09 2014 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 624B

Fix krb5int_c_combine_keys

When krb5int_c_combine_keys was updated to use the new crypto
interface, a small bug was introduced. It turns out the temporary
keyblock created needs to have its enctype set; otherwise, when
krb5int_derive_keyblock() is called later, it will fail with
KRB5_BAD_ENCTYPE.

https://github.com/krb5/krb5/commit/89803a5a781107365d5a4534eebf48dbaf010f96
Author: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 89803a5a781107365d5a4534eebf48dbaf010f96
Branch: master
src/lib/crypto/krb/combine_keys.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

# Wed May 21 11:34:10 2014 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 796B

Add tests for krb5int_c_combine_keys

krb5int_c_combine_keys is used only by SAM-2 preauth with neither the
send-encrypted-sad nor use-sad-as-key flags, so it isn't covered by
any automated function tests. Add some unit tests to make sure that
it works and returns the expected results for two randomly generated
test vectors.

https://github.com/krb5/krb5/commit/6e8b2fba84df2ef74ce071330b4c3f843f4b7541
Author: Greg Hudson <ghudson@mit.edu>
Commit: 6e8b2fba84df2ef74ce071330b4c3f843f4b7541
Branch: master
.gitignore | 1 +
src/lib/crypto/crypto_tests/Makefile.in | 11 +++-
src/lib/crypto/crypto_tests/deps | 10 ++++
src/lib/crypto/crypto_tests/t_combine.c | 80 +++++++++++++++++++++++++++++++
4 files changed, 99 insertions(+), 3 deletions(-)

# Fri Jun 27 12:34:51 2014 tlyu (Taylor Yu) - Status changed from 'review' to 'resolved'

# Fri Jun 27 12:34:52 2014 tlyu (Taylor Yu) - Version_Fixed 1.12.2 added

# Fri Jun 27 12:34:52 2014 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 689B

Fix krb5int_c_combine_keys

When krb5int_c_combine_keys was updated to use the new crypto
interface, a small bug was introduced. It turns out the temporary
keyblock created needs to have its enctype set; otherwise, when
krb5int_derive_keyblock() is called later, it will fail with
KRB5_BAD_ENCTYPE.

(cherry picked from commit 89803a5a781107365d5a4534eebf48dbaf010f96)

https://github.com/krb5/krb5/commit/c72126bf1a4a4e40006e1bc12dd5a3ef96d98aa2
Author: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Committer: Tom Yu <tlyu@mit.edu>
Commit: c72126bf1a4a4e40006e1bc12dd5a3ef96d98aa2
Branch: krb5-1.12
src/lib/crypto/krb/combine_keys.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

# Fri Jun 27 12:34:53 2014 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 902B

Add tests for krb5int_c_combine_keys

krb5int_c_combine_keys is used only by SAM-2 preauth with neither the
send-encrypted-sad nor use-sad-as-key flags, so it isn't covered by
any automated function tests. Add some unit tests to make sure that
it works and returns the expected results for two randomly generated
test vectors.

(cherry picked from commit 6e8b2fba84df2ef74ce071330b4c3f843f4b7541)

https://github.com/krb5/krb5/commit/fdd7eca3ada4b0a038850dd0207a70c7f1a8b59c
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: fdd7eca3ada4b0a038850dd0207a70c7f1a8b59c
Branch: krb5-1.12
.gitignore | 1 +
src/lib/crypto/crypto_tests/Makefile.in | 11 +++-
src/lib/crypto/crypto_tests/deps | 10 ++++
src/lib/crypto/crypto_tests/t_combine.c | 80 +++++++++++++++++++++++++++++++
4 files changed, 99 insertions(+), 3 deletions(-)

# Wed Dec 16 18:03:02 2015 tlyu (Taylor Yu) - CustomField pullup deleted

Ticket History #7914: Problem with krb5int_c_combine_keys()