rxkad: Use krb5_enctype_keysize in tkt_DecodeTicket5 03/14203/5
authorYadavendra Yadav <yadayada@in.ibm.com>
Wed, 29 Apr 2020 05:10:05 +0000 (05:10 +0000)
committerBenjamin Kaduk <kaduk@mit.edu>
Fri, 15 May 2020 04:10:58 +0000 (00:10 -0400)
commit5d53ed0bdab6fea6d2426691bdef2b6f9cb7f2fe
tree47c49d2a9761f12d89b17e0429c12639e5414b52
parent9866511bb0a5323853e97e3ee92524198813776e
rxkad: Use krb5_enctype_keysize in tkt_DecodeTicket5

Inside tkt_DecodeTicket5 (rxkad/ticket5.c) function, keysize is calculated
using krb5_enctype_keybits and then dividing number of bits by 8. For 3DES
number of keybits are 168, so keysize comes out to 21(168/8). However
actual keysize of 3DES key is 24. This keysize is passed to
_afsconf_GetRxkadKrb5Key where keysize comparison happens, since there is
keysize mismatch it returns AFSCONF_BADKEY.

To fix this issue get keysize from krb5_enctype_keysize function instead
of krb5_enctype_keybits. Thanks to John Janosik (jpjanosi@us.ibm.com)
for analyzing and fixing this issue.

Change-Id: Ia6f70b878feaa91855f9544ec1de81a6196a85a8
Reviewed-on: https://gerrit.openafs.org/14203
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
src/crypto/rfc3961/afsrfc3961.def
src/rxkad/ticket5.c