Inside tkt_DecodeTicket5 (rxkad/ticket5.c) function, keysize is calculated
using krb5_enctype_keybits and then dividing number of bits by 8. For 3DES
number of keybits are 168, so keysize comes out to 21(168/8). However
actual keysize of 3DES key is 24. This keysize is passed to
_afsconf_GetRxkadKrb5Key where keysize comparison happens, since there is
keysize mismatch it returns AFSCONF_BADKEY.
To fix this issue get keysize from krb5_enctype_keysize function instead
of krb5_enctype_keybits. Thanks to John Janosik (jpjanosi@us.ibm.com)
for analyzing and fixing this issue.
Change-Id: Ia6f70b878feaa91855f9544ec1de81a6196a85a8
Reviewed-on: https://gerrit.openafs.org/14203
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
oafs_h_krb5_copy_keyblock_contents @13
oafs_h_krb5_free_keyblock @14
oafs_h_krb5_free_keyblock_contents @15
+ oafs_h_krb5_enctype_keysize @16
krb5_free_context(context);
goto unknown_key;
}
- code = krb5_enctype_keybits(context, t5.enc_part.etype, &keysize);
+ code = krb5_enctype_keysize(context, t5.enc_part.etype, &keysize);
if (code != 0) {
krb5_free_context(context);
goto unknown_key;
}
- keysize = keysize / 8;
allocsiz = keysize;
keybuf = rxi_Alloc(allocsiz);
/* this is not quite a hole for afsconf_GetKeyByTypes. A wrapper