Change rxgk_getkey_func semantics

Take kvno and enctype as pointers, so that 0 can be passed in as a wildcard and the actual values returned back. This is needed for using the getkey function to obtain a key with which to encrypt a token for returning to the client. Weaken the bound checks in dummy_getkey accordingly; the CheckResponse caller already checks for nonzero-ness. Change-Id: Id48409381d644990418196732830e43e5f6c173f
kaduk · Aug 30, 2013 · c438c97 · c438c97
1 parent bbda53b
commit c438c97
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 12 deletions.
diff --git a/src/rxgk/rxgk.h b/src/rxgk/rxgk.h
@@ -81,7 +81,7 @@ void rxgk_update_kvno(struct rx_connection *aconn, afs_uint32 kvno);
 void print_data(void *p, int len);
 
 /* rxgk_crypto.c */
-afs_int32 dummy_getkey(void *rock, afs_int32 kvno, afs_int32 enctype,
+afs_int32 dummy_getkey(void *rock, afs_int32 *kvno, afs_int32 *enctype,
 		       rxgk_key *key);
 afs_int32 make_key(rxgk_key *key_out, void *raw_key, afs_int32 length,
 		   afs_int32 enctype);
@@ -102,8 +102,8 @@ afs_int32 derive_tk(rxgk_key *tk, rxgk_key k0, afs_uint32 epoch,
 afs_int32 rxgk_cipher_expansion(rxgk_key k0, int *len_out);
 
 /* rxgk_server.c */
-typedef afs_int32 (*rxgk_getkey_func)(void *rock, afs_int32 kvno,
-				      afs_int32 enctype, rxgk_key *key);
+typedef afs_int32 (*rxgk_getkey_func)(void *rock, afs_int32 *kvno,
+				      afs_int32 *enctype, rxgk_key *key);
 struct rx_securityClass * rxgk_NewServerSecurityObject(void *getkey_rock,
 						       rxgk_getkey_func getkey);
 

diff --git a/src/rxgk/rxgk_crypto_mit.c b/src/rxgk/rxgk_crypto_mit.c
@@ -152,13 +152,13 @@ etype_to_len(int etype)
  * the key from file every time.
  */
 afs_int32
-dummy_getkey(void *rock, afs_int32 kvno, afs_int32 enctype, rxgk_key *key)
+dummy_getkey(void *rock, afs_int32 *kvno, afs_int32 *enctype, rxgk_key *key)
 {
-    if (kvno <= 0)
+    if (kvno == NULL || *kvno < 0)
 	return RXGK_BADKEYNO;
-    if (enctype <= 0)
+    if (enctype == NULL || *enctype < 0)
 	return RXGK_BADETYPE;
-    return get_server_key(key, &kvno, &enctype);
+    return get_server_key(key, kvno, enctype);
 }
 
 /*

diff --git a/src/rxgk/rxgk_crypto_rfc3961.c b/src/rxgk/rxgk_crypto_rfc3961.c
@@ -134,13 +134,13 @@ etype_to_len(int etype)
  * the key from file every time.
  */
 afs_int32
-dummy_getkey(void *rock, afs_int32 kvno, afs_int32 enctype, rxgk_key *key)
+dummy_getkey(void *rock, afs_int32 *kvno, afs_int32 *enctype, rxgk_key *key)
 {
-    if (kvno <= 0)
+    if (kvno == NULL || *kvno < 0)
 	return RXGK_BADKEYNO;
-    if (enctype <= 0)
+    if (enctype == NULL || *enctype < 0)
 	return RXGK_BADETYPE;
-    return get_server_key(key, &kvno, &enctype);
+    return get_server_key(key, kvno, enctype);
 }
 
 /*

diff --git a/src/rxgk/rxgk_server.c b/src/rxgk/rxgk_server.c
@@ -211,7 +211,10 @@ decrypt_token(RXGK_Data *out, struct rx_opaque *encopaque, afs_int32 kvno,
     service_key = NULL;
     zero_rxgkdata(&enctoken);
 
-    ret = sp->getkey(sp->rock, kvno, enctype, &service_key);
+    if (kvno <= 0 || enctype <= 0)
+	return RXGK_BAD_TOKEN;
+
+    ret = sp->getkey(sp->rock, &kvno, &enctype, &service_key);
     if (ret != 0)
 	goto cleanup;
     /* Must alias for type compliance */