diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-12-04 05:12:35 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-12-04 05:12:35 +0000 |
commit | 5ffa313d9f6b7c509aa0d7579273150d71ea0f95 (patch) | |
tree | 48f8d5606c919dd09d950c5cbf1609f312f2937d /src/lib/crypto/krb/keyhash_provider/k5_md4des.c | |
parent | ea6f77d42700352fcb2a06444d1dc00acf7c20fc (diff) | |
download | krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.zip krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.tar.gz krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.tar.bz2 |
Consolidate the IOV and non-IOV encryption/decryption code paths, and
drop the _iov suffix from most encryption- and decryption-related
functions. The enc_provider encrypt and decrypt functions take IOVs,
as do the enctype entries in etypes.c, and there are no separate
encrypt_iov or decrypt_iov functions.
aead_provider is gone. Enctype functions now take pointers to the
enctype entry instead of pointers to the enc/hash/aead providers; this
allows dk_encrypt and dk_decrypt to be polymorphic in the length
function they use now that AES and DES3 can't differentiate by aead
provider.
aes_string_to_key needed to be moved into the krb/ fold for this since
it's an enctype function; it was duplicated between builtin/ and
openssl/ before. This leaves openssl/aes empty; the build system
currently demands that all modules have the same directory structure,
so the directory and Makefile will stick around for now.
Three separate copies of the derive_random logic are also now
consolidated into one.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/krb/keyhash_provider/k5_md4des.c')
-rw-r--r-- | src/lib/crypto/krb/keyhash_provider/k5_md4des.c | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/src/lib/crypto/krb/keyhash_provider/k5_md4des.c b/src/lib/crypto/krb/keyhash_provider/k5_md4des.c index 032cf39..89e04bb 100644 --- a/src/lib/crypto/krb/keyhash_provider/k5_md4des.c +++ b/src/lib/crypto/krb/keyhash_provider/k5_md4des.c @@ -72,6 +72,7 @@ k5_md4des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec, krb5_MD4_CTX ctx; unsigned char conf[CONFLENGTH]; krb5_key xorkey = NULL; + krb5_crypto_iov iov; struct krb5_enc_provider *enc = &krb5int_enc_des; if (output->length != (CONFLENGTH+RSA_MD4_CKSUM_LENGTH)) @@ -101,7 +102,9 @@ k5_md4des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec, memcpy(output->data, conf, CONFLENGTH); memcpy(output->data+CONFLENGTH, ctx.digest, RSA_MD4_CKSUM_LENGTH); - ret = enc->encrypt(xorkey, NULL, output, output); + iov.flags = KRB5_CRYPTO_TYPE_DATA; + iov.data = *output; + ret = enc->encrypt(xorkey, NULL, &iov, 1); krb5_k_free_key(NULL, xorkey); @@ -120,7 +123,8 @@ k5_md4des_verify(krb5_key key, krb5_keyusage usage, krb5_key xorkey = NULL; int compathash = 0; struct krb5_enc_provider *enc = &krb5int_enc_des; - krb5_data output, iv; + krb5_data iv; + krb5_crypto_iov iov; iv.data = NULL; iv.length = 0; @@ -152,22 +156,20 @@ k5_md4des_verify(krb5_key key, krb5_keyusage usage, } /* decrypt it */ - output.data = (char *)plaintext; - output.length = hash->length; + iov.flags = KRB5_CRYPTO_TYPE_DATA; + iov.data = make_data(plaintext, hash->length); + memcpy(plaintext, hash->data, hash->length); - if (!compathash) { - ret = enc->decrypt(xorkey, NULL, hash, &output); - krb5_k_free_key(NULL, xorkey); + if (compathash) { + ret = enc->decrypt(key, &iv, &iov, 1); + zapfree(iv.data, iv.length); } else { - ret = enc->decrypt(key, &iv, hash, &output); - zap(iv.data, iv.length); - free(iv.data); + ret = enc->decrypt(xorkey, NULL, &iov, 1); + krb5_k_free_key(NULL, xorkey); } - if (ret) return(ret); - - if (output.length > CONFLENGTH+RSA_MD4_CKSUM_LENGTH) - return KRB5_CRYPTO_INTERNAL; + if (ret) + return ret; /* hash the confounder, then the input data */ |