aboutsummaryrefslogtreecommitdiff
path: root/src/lib/crypto/krb/verify_checksum.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/crypto/krb/verify_checksum.c')
-rw-r--r--src/lib/crypto/krb/verify_checksum.c51
1 files changed, 16 insertions, 35 deletions
diff --git a/src/lib/crypto/krb/verify_checksum.c b/src/lib/crypto/krb/verify_checksum.c
index 177c5eb..cb19c23 100644
--- a/src/lib/crypto/krb/verify_checksum.c
+++ b/src/lib/crypto/krb/verify_checksum.c
@@ -33,58 +33,39 @@ krb5_k_verify_checksum(krb5_context context, krb5_key key,
krb5_keyusage usage, const krb5_data *data,
const krb5_checksum *cksum, krb5_boolean *valid)
{
- unsigned int i;
const struct krb5_cksumtypes *ctp;
- const struct krb5_keyhash_provider *keyhash;
- size_t hashsize;
+ krb5_crypto_iov iov;
krb5_error_code ret;
- krb5_data indata;
+ krb5_data cksum_data;
krb5_checksum computed;
- for (i=0; i<krb5int_cksumtypes_length; i++) {
- if (krb5int_cksumtypes_list[i].ctype == cksum->checksum_type)
- break;
- }
- if (i == krb5int_cksumtypes_length)
+ iov.flags = KRB5_CRYPTO_TYPE_DATA;
+ iov.data = *data;
+
+ ctp = find_cksumtype(cksum->checksum_type);
+ if (ctp == NULL)
return KRB5_BAD_ENCTYPE;
- ctp = &krb5int_cksumtypes_list[i];
- indata.length = cksum->length;
- indata.data = (char *) cksum->contents;
+ ret = verify_key(ctp, key);
+ if (ret != 0)
+ return ret;
/* If there's actually a verify function, call it. */
- if (ctp->keyhash) {
- keyhash = ctp->keyhash;
-
- if (keyhash->verify == NULL && keyhash->verify_iov != NULL) {
- krb5_crypto_iov iov[1];
-
- iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
- iov[0].data.data = data->data;
- iov[0].data.length = data->length;
-
- return (*keyhash->verify_iov)(key, usage, iov, 1, &indata, valid);
- } else if (keyhash->verify != NULL) {
- return (*keyhash->verify)(key, usage, data, &indata, valid);
- }
- }
+ cksum_data = make_data(cksum->contents, cksum->length);
+ if (ctp->verify != NULL)
+ return ctp->verify(ctp, key, usage, &iov, 1, &cksum_data, valid);
/* Otherwise, make the checksum again, and compare. */
- ret = krb5_c_checksum_length(context, cksum->checksum_type, &hashsize);
- if (ret)
- return ret;
-
- if (cksum->length != hashsize)
+ if (cksum->length != ctp->output_size)
return KRB5_BAD_MSIZE;
- computed.length = hashsize;
-
ret = krb5_k_make_checksum(context, cksum->checksum_type, key, usage,
data, &computed);
if (ret)
return ret;
- *valid = (memcmp(computed.contents, cksum->contents, hashsize) == 0);
+ *valid = (memcmp(computed.contents, cksum->contents,
+ ctp->output_size) == 0);
free(computed.contents);
return 0;
generated by cgit v1.1 at 2024-08-01 12:33:07 +0000