[387] in Kerberos-V5-bugs
krb5 library code out of sync with itself?
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Tue Nov 16 19:21:22 1993
To: tytso@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Date: Tue, 16 Nov 1993 19:21:41 -0500
From: Marc Horowitz <marc@security.ov.com>
From krb5/encryption.h:
#define ETYPE_NULL 0x0000
#define ETYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */
#define ETYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */
#define ETYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */
From cryptoconf.c:
#ifdef PROVIDE_DES_CBC_CRC
#ifndef _DES_DONE__
#include <krb5/mit-des.h>
#define _DES_DONE__
#endif
static krb5_cs_table_entry mit_des_cbc_crc_csentry = {
&mit_des_cryptosystem_entry, 0 };
#define DES_CBC_CRC_CSENTRY &mit_des_cbc_crc_csentry
#else
#define DES_CBC_CRC_CSENTRY 0
#endif
/* ... */
/* WARNING:
make sure the order of entries in these tables matches the #defines in
<krb5/encryption.h>
*/
krb5_cs_table_entry *krb5_csarray[] = {
0,
DES_CBC_CRC_CSENTRY,
LUCIFER_CRC_CSENTRY,
};
int krb5_max_cryptosystem = sizeof(krb5_csarray)/sizeof(krb5_csarray[0]) - 1;
From des/cs_entry.c:
krb5_cs_table_entry krb5_des_cst_entry = {
&mit_des_cryptosystem_entry,
0
};
-------Doesn't this beg for MIME? :-) -------
(Context: I'm working on adding ETYPE_RAW_DES_CBC.)
There are two problems demonstrated by the excerpted code above.
First, you didn't obey your own comment in cryptoconf.c. The
krb5_csarray contains a list of two cryptosystems, which is both
smaller than and different from the #define's in encryption.h. This
is bad, as I have no idea where to add the new cryptosystem.
Second, cs_entry.c defines a krb5_cs_table_entry for use with
mit_des_cbc_crc, but it is never used. Instead, an identical entry is
constructed in cryptoconf.c, and that is used instead. Now, I don't
really care either way, but there's clearly some waste going on here.
What is the right thing to do here?
Marc
