From: Jeffrey Hutzelman <jhutz@cmu.edu>
Date: Sat, 11 Jan 2003 07:31:08 +0000 (+0000)
Subject: rxkad-be-openssl-keyschedule-safe-20030111
X-Git-Tag: openafs-devel-1_3_50~441
X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=2be60b7ee43cb3baa1709506d685c86ea643815e

rxkad-be-openssl-keyschedule-safe-20030111


openssl has larger keyschedules than we do

crypto api is all so unfortunate
---

diff --git a/src/rxkad/ticket.c b/src/rxkad/ticket.c
index f49ed51..7b53628 100644
--- a/src/rxkad/ticket.c
+++ b/src/rxkad/ticket.c
@@ -58,6 +58,22 @@ static int assemble_athena_ticket (char *ticket, int *ticketLen, char *name,
 #define ANDREWFLAGSVALUE (0x80)
 #define TICKET_LABEL "TicketEnd"
 
+/* This union is used to insure we allocate enough space for a key
+ * schedule even if we are linked against a library that uses OpenSSL's
+ * larger representation.  This is necessary so we don't lose if an
+ * application uses both rxkad and openssl.
+ */
+union Key_schedule_safe {
+  Key_schedule schedule;
+  struct {
+    union {
+      char cblock[8];
+      long deslong[2];
+    } ks;
+    int weak_key;
+  } openssl_schedule[16];
+};
+ 
 /* This is called to interpret a ticket.  It is assumed that the necessary keys
    have been added so that the key version number in the ticket will indicate a
    valid key for decrypting the ticket.  The various fields inside the ticket
@@ -70,7 +86,7 @@ int tkt_DecodeTicket (char *asecret, afs_int32 ticketLen,
 	char *sessionKey, afs_int32 *host, afs_int32 *start, afs_int32 *end)
 {   char	   clear_ticket[MAXKTCTICKETLEN];
     char	  *ticket;
-    Key_schedule   schedule;
+    union Key_schedule_safe   schedule;
     /* unsigned char  flags; */
     int		   code;
 
@@ -79,10 +95,10 @@ int tkt_DecodeTicket (char *asecret, afs_int32 ticketLen,
 	((ticketLen) % 8 != 0))		/* enc. part must be (0 mod 8) bytes */
 	return RXKADBADTICKET;
 
-    if (key_sched (key, schedule)) return RXKADBADKEY;
+    if (key_sched (key, schedule.schedule)) return RXKADBADKEY;
 
     ticket = clear_ticket;
-    pcbc_encrypt (asecret, ticket, ticketLen, schedule, key, DECRYPT);
+    pcbc_encrypt (asecret, ticket, ticketLen, schedule.schedule, key, DECRYPT);
 
     /* flags = *ticket; */		/* get the first byte: the flags */
 #if 0
@@ -136,7 +152,7 @@ int tkt_MakeTicket (char *ticket, int *ticketLen,
 	afs_uint32 start, afs_uint32 end, struct ktc_encryptionKey *sessionKey, 
 	afs_uint32 host, char *sname, char *sinst)
 {   int		 code;
-    Key_schedule schedule;
+    union Key_schedule_safe schedule;
 
     *ticketLen = 0;			/* in case we return early */
     code = assemble_athena_ticket (ticket, ticketLen, name, inst, cell,
@@ -145,11 +161,11 @@ int tkt_MakeTicket (char *ticket, int *ticketLen,
     if (code) return -1;
 
     /* encrypt ticket */
-    if ((code = key_sched (key, schedule))) {
-	printf ("In tkt_MakeTicket: key_sched returned %d\n", code);
-	return RXKADBADKEY;
+    if (code = key_sched (key, schedule.schedule)) {
+        printf ("In tkt_MakeTicket: key_sched returned %d\n", code);
+        return RXKADBADKEY;
     }
-    pcbc_encrypt (ticket, ticket, *ticketLen, schedule, key, ENCRYPT);
+    pcbc_encrypt (ticket, ticket, *ticketLen, schedule.schedule, key, ENCRYPT);
     return 0;
 }