#define ANDREWFLAGSVALUE (0x80)
#define TICKET_LABEL "TicketEnd"
+/* This union is used to insure we allocate enough space for a key
+ * schedule even if we are linked against a library that uses OpenSSL's
+ * larger representation. This is necessary so we don't lose if an
+ * application uses both rxkad and openssl.
+ */
+union Key_schedule_safe {
+ Key_schedule schedule;
+ struct {
+ union {
+ char cblock[8];
+ long deslong[2];
+ } ks;
+ int weak_key;
+ } openssl_schedule[16];
+};
+
/* This is called to interpret a ticket. It is assumed that the necessary keys
have been added so that the key version number in the ticket will indicate a
valid key for decrypting the ticket. The various fields inside the ticket
char *sessionKey, afs_int32 *host, afs_int32 *start, afs_int32 *end)
{ char clear_ticket[MAXKTCTICKETLEN];
char *ticket;
- Key_schedule schedule;
+ union Key_schedule_safe schedule;
/* unsigned char flags; */
int code;
((ticketLen) % 8 != 0)) /* enc. part must be (0 mod 8) bytes */
return RXKADBADTICKET;
- if (key_sched (key, schedule)) return RXKADBADKEY;
+ if (key_sched (key, schedule.schedule)) return RXKADBADKEY;
ticket = clear_ticket;
- pcbc_encrypt (asecret, ticket, ticketLen, schedule, key, DECRYPT);
+ pcbc_encrypt (asecret, ticket, ticketLen, schedule.schedule, key, DECRYPT);
/* flags = *ticket; */ /* get the first byte: the flags */
#if 0
afs_uint32 start, afs_uint32 end, struct ktc_encryptionKey *sessionKey,
afs_uint32 host, char *sname, char *sinst)
{ int code;
- Key_schedule schedule;
+ union Key_schedule_safe schedule;
*ticketLen = 0; /* in case we return early */
code = assemble_athena_ticket (ticket, ticketLen, name, inst, cell,
if (code) return -1;
/* encrypt ticket */
- if ((code = key_sched (key, schedule))) {
- printf ("In tkt_MakeTicket: key_sched returned %d\n", code);
- return RXKADBADKEY;
+ if (code = key_sched (key, schedule.schedule)) {
+ printf ("In tkt_MakeTicket: key_sched returned %d\n", code);
+ return RXKADBADKEY;
}
- pcbc_encrypt (ticket, ticket, *ticketLen, schedule, key, ENCRYPT);
+ pcbc_encrypt (ticket, ticket, *ticketLen, schedule.schedule, key, ENCRYPT);
return 0;
}