rxkad: Use krb5_enctype_keysize in tkt_DecodeTicket5 03/14203/5
authorYadavendra Yadav <yadayada@in.ibm.com>
Wed, 29 Apr 2020 05:10:05 +0000 (05:10 +0000)
committerBenjamin Kaduk <kaduk@mit.edu>
Fri, 15 May 2020 04:10:58 +0000 (00:10 -0400)
Inside tkt_DecodeTicket5 (rxkad/ticket5.c) function, keysize is calculated
using krb5_enctype_keybits and then dividing number of bits by 8. For 3DES
number of keybits are 168, so keysize comes out to 21(168/8). However
actual keysize of 3DES key is 24. This keysize is passed to
_afsconf_GetRxkadKrb5Key where keysize comparison happens, since there is
keysize mismatch it returns AFSCONF_BADKEY.

To fix this issue get keysize from krb5_enctype_keysize function instead
of krb5_enctype_keybits. Thanks to John Janosik (jpjanosi@us.ibm.com)
for analyzing and fixing this issue.

Change-Id: Ia6f70b878feaa91855f9544ec1de81a6196a85a8
Reviewed-on: https://gerrit.openafs.org/14203
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

src/crypto/rfc3961/afsrfc3961.def
src/rxkad/ticket5.c

index 9fad6c9..c43965d 100644 (file)
@@ -14,3 +14,4 @@ EXPORTS
        oafs_h_krb5_copy_keyblock_contents          @13
        oafs_h_krb5_free_keyblock                   @14
        oafs_h_krb5_free_keyblock_contents          @15
+       oafs_h_krb5_enctype_keysize                 @16
index 0c9ef33..f4402f9 100644 (file)
@@ -273,12 +273,11 @@ tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len,
            krb5_free_context(context);
            goto unknown_key;
        }
-       code = krb5_enctype_keybits(context,  t5.enc_part.etype, &keysize);
+       code = krb5_enctype_keysize(context,  t5.enc_part.etype, &keysize);
        if (code != 0) {
            krb5_free_context(context);
            goto unknown_key;
        }
-       keysize = keysize / 8;
        allocsiz = keysize;
        keybuf = rxi_Alloc(allocsiz);
        /* this is not quite a hole for afsconf_GetKeyByTypes. A wrapper