Skip Menu |
 

From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: krb5-bugs@mit.edu
Subject: Problem with krb5int_c_combine_keys()
Date: Tue, 20 May 2014 11:31:33 -0400
When krb5int_c_combine_keys() was updated to use the new crypto interface,
a small bug was introduced. It turns out the temporary keyblock created
needs to have it's enctype set, otherwise when krb5int_derive_keyblock()
is called later it will fail with KRB5_BAD_ENCTYPE. The patch is trivial.

--Ken

--- a/src/lib/crypto/krb/combine_keys.c
+++ b/src/lib/crypto/krb/combine_keys.c
@@ -155,6 +155,7 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
randbits.data = (char *) rnd;
tkeyblock.length = keylength;
tkeyblock.contents = output;
+ tkeyblock.enctype = key1->enctype;

ret = (*ktp->rand2key)(&randbits, &tkeyblock);
if (ret)
From: ghudson@mit.edu
Subject: git commit

Fix krb5int_c_combine_keys

When krb5int_c_combine_keys was updated to use the new crypto
interface, a small bug was introduced. It turns out the temporary
keyblock created needs to have its enctype set; otherwise, when
krb5int_derive_keyblock() is called later, it will fail with
KRB5_BAD_ENCTYPE.

https://github.com/krb5/krb5/commit/89803a5a781107365d5a4534eebf48dbaf010f96
Author: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 89803a5a781107365d5a4534eebf48dbaf010f96
Branch: master
src/lib/crypto/krb/combine_keys.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Add tests for krb5int_c_combine_keys

krb5int_c_combine_keys is used only by SAM-2 preauth with neither the
send-encrypted-sad nor use-sad-as-key flags, so it isn't covered by
any automated function tests. Add some unit tests to make sure that
it works and returns the expected results for two randomly generated
test vectors.

https://github.com/krb5/krb5/commit/6e8b2fba84df2ef74ce071330b4c3f843f4b7541
Author: Greg Hudson <ghudson@mit.edu>
Commit: 6e8b2fba84df2ef74ce071330b4c3f843f4b7541
Branch: master
.gitignore | 1 +
src/lib/crypto/crypto_tests/Makefile.in | 11 +++-
src/lib/crypto/crypto_tests/deps | 10 ++++
src/lib/crypto/crypto_tests/t_combine.c | 80 +++++++++++++++++++++++++++++++
4 files changed, 99 insertions(+), 3 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Fix krb5int_c_combine_keys

When krb5int_c_combine_keys was updated to use the new crypto
interface, a small bug was introduced. It turns out the temporary
keyblock created needs to have its enctype set; otherwise, when
krb5int_derive_keyblock() is called later, it will fail with
KRB5_BAD_ENCTYPE.

(cherry picked from commit 89803a5a781107365d5a4534eebf48dbaf010f96)

https://github.com/krb5/krb5/commit/c72126bf1a4a4e40006e1bc12dd5a3ef96d98aa2
Author: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Committer: Tom Yu <tlyu@mit.edu>
Commit: c72126bf1a4a4e40006e1bc12dd5a3ef96d98aa2
Branch: krb5-1.12
src/lib/crypto/krb/combine_keys.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Add tests for krb5int_c_combine_keys

krb5int_c_combine_keys is used only by SAM-2 preauth with neither the
send-encrypted-sad nor use-sad-as-key flags, so it isn't covered by
any automated function tests. Add some unit tests to make sure that
it works and returns the expected results for two randomly generated
test vectors.

(cherry picked from commit 6e8b2fba84df2ef74ce071330b4c3f843f4b7541)

https://github.com/krb5/krb5/commit/fdd7eca3ada4b0a038850dd0207a70c7f1a8b59c
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: fdd7eca3ada4b0a038850dd0207a70c7f1a8b59c
Branch: krb5-1.12
.gitignore | 1 +
src/lib/crypto/crypto_tests/Makefile.in | 11 +++-
src/lib/crypto/crypto_tests/deps | 10 ++++
src/lib/crypto/crypto_tests/t_combine.c | 80 +++++++++++++++++++++++++++++++
4 files changed, 99 insertions(+), 3 deletions(-)