diff options
Diffstat (limited to 'src/lib/crypto/openssl')
-rw-r--r-- | src/lib/crypto/openssl/hash_provider/Makefile.in | 2 | ||||
-rw-r--r-- | src/lib/crypto/openssl/hash_provider/hash_crc32.c | 12 | ||||
-rw-r--r-- | src/lib/crypto/openssl/hash_provider/hash_md4.c | 14 | ||||
-rw-r--r-- | src/lib/crypto/openssl/hash_provider/hash_md5.c | 14 | ||||
-rw-r--r-- | src/lib/crypto/openssl/hash_provider/hash_sha1.c | 14 | ||||
-rw-r--r-- | src/lib/crypto/openssl/hmac.c | 73 |
6 files changed, 52 insertions, 77 deletions
diff --git a/src/lib/crypto/openssl/hash_provider/Makefile.in b/src/lib/crypto/openssl/hash_provider/Makefile.in index 30737eb..b5a7dcf 100644 --- a/src/lib/crypto/openssl/hash_provider/Makefile.in +++ b/src/lib/crypto/openssl/hash_provider/Makefile.in @@ -1,7 +1,7 @@ mydir=lib/crypto/openssl/hash_provider BUILDTOP=$(REL)..$(S)..$(S)..$(S).. LOCALINCLUDES = -I$(srcdir)/../../krb/crc32 -I$(srcdir)/../md4 \ - -I$(srcdir)/../md5 -I$(srcdir)/../sha1 + -I$(srcdir)/../md5 -I$(srcdir)/../sha1 -I$(srcdir)/../../krb DEFS= ##DOS##BUILDTOP = ..\..\..\.. diff --git a/src/lib/crypto/openssl/hash_provider/hash_crc32.c b/src/lib/crypto/openssl/hash_provider/hash_crc32.c index 58efffe..68a01cb 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_crc32.c +++ b/src/lib/crypto/openssl/hash_provider/hash_crc32.c @@ -28,10 +28,10 @@ #include "k5-int.h" #include "crc-32.h" #include "hash_provider.h" +#include "aead.h" static krb5_error_code -k5_crc32_hash(unsigned int icount, const krb5_data *input, - krb5_data *output) +k5_crc32_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { unsigned long c; unsigned int i; @@ -40,8 +40,12 @@ k5_crc32_hash(unsigned int icount, const krb5_data *input, return(KRB5_CRYPTO_INTERNAL); c = 0; - for (i=0; i<icount; i++) - mit_crc32(input[i].data, input[i].length, &c); + for (i = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (SIGN_IOV(iov)) + mit_crc32(iov->data.data, iov->data.length, &c); + } store_32_le(c, output->data); return(0); diff --git a/src/lib/crypto/openssl/hash_provider/hash_md4.c b/src/lib/crypto/openssl/hash_provider/hash_md4.c index 3a7d0d4..85f18f6 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_md4.c +++ b/src/lib/crypto/openssl/hash_provider/hash_md4.c @@ -28,10 +28,10 @@ #include "k5-int.h" #include "rsa-md4.h" #include "hash_provider.h" +#include "aead.h" static krb5_error_code -k5_md4_hash(unsigned int icount, const krb5_data *input, - krb5_data *output) +k5_md4_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { krb5_MD4_CTX ctx; unsigned int i; @@ -40,8 +40,14 @@ k5_md4_hash(unsigned int icount, const krb5_data *input, return(KRB5_CRYPTO_INTERNAL); krb5int_MD4Init(&ctx); - for (i=0; i<icount; i++) - krb5int_MD4Update(&ctx, (unsigned char *) input[i].data, input[i].length); + for (i = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (SIGN_IOV(iov)) { + krb5int_MD4Update(&ctx, (unsigned char *) iov->data.data, + iov->data.length); + } + } krb5int_MD4Final(&ctx); memcpy(output->data, ctx.digest, RSA_MD4_CKSUM_LENGTH); diff --git a/src/lib/crypto/openssl/hash_provider/hash_md5.c b/src/lib/crypto/openssl/hash_provider/hash_md5.c index 610e414..182e6c0 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_md5.c +++ b/src/lib/crypto/openssl/hash_provider/hash_md5.c @@ -28,10 +28,10 @@ #include "k5-int.h" #include "rsa-md5.h" #include "hash_provider.h" +#include "aead.h" static krb5_error_code -k5_md5_hash(unsigned int icount, const krb5_data *input, - krb5_data *output) +k5_md5_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { krb5_MD5_CTX ctx; unsigned int i; @@ -40,8 +40,14 @@ k5_md5_hash(unsigned int icount, const krb5_data *input, return(KRB5_CRYPTO_INTERNAL); krb5int_MD5Init(&ctx); - for (i=0; i<icount; i++) - krb5int_MD5Update(&ctx, (unsigned char *) input[i].data, input[i].length); + for (i = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (SIGN_IOV(iov)) { + krb5int_MD5Update(&ctx, (unsigned char *) iov->data.data, + iov->data.length); + } + } krb5int_MD5Final(&ctx); memcpy(output->data, ctx.digest, RSA_MD5_CKSUM_LENGTH); diff --git a/src/lib/crypto/openssl/hash_provider/hash_sha1.c b/src/lib/crypto/openssl/hash_provider/hash_sha1.c index a914e34..f602411 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_sha1.c +++ b/src/lib/crypto/openssl/hash_provider/hash_sha1.c @@ -29,10 +29,10 @@ #include "k5-int.h" #include "shs.h" #include "hash_provider.h" +#include "aead.h" static krb5_error_code -k5_sha1_hash(unsigned int icount, const krb5_data *input, - krb5_data *output) +k5_sha1_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { SHS_INFO ctx; unsigned int i; @@ -41,8 +41,14 @@ k5_sha1_hash(unsigned int icount, const krb5_data *input, return(KRB5_CRYPTO_INTERNAL); shsInit(&ctx); - for (i=0; i<icount; i++) - shsUpdate(&ctx, (unsigned char *) input[i].data, input[i].length); + for (i = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (SIGN_IOV(iov)) { + shsUpdate(&ctx, (unsigned char *) iov->data.data, + iov->data.length); + } + } shsFinal(&ctx); if (ctx.digestLen > 0 && ctx.digestLen <= output->length){ diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c index 425223d..7ef3d3f 100644 --- a/src/lib/crypto/openssl/hmac.c +++ b/src/lib/crypto/openssl/hmac.c @@ -83,8 +83,9 @@ map_digest(const struct krb5_hash_provider *hash) krb5_error_code krb5int_hmac_keyblock(const struct krb5_hash_provider *hash, - const krb5_keyblock *key, unsigned int icount, - const krb5_data *input, krb5_data *output) + const krb5_keyblock *keyblock, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) { unsigned int i = 0, md_len = 0; unsigned char md[EVP_MAX_MD_SIZE]; @@ -94,22 +95,21 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash, hashsize = hash->hashsize; blocksize = hash->blocksize; - if (key->length > blocksize) + if (keyblock->length > blocksize) return(KRB5_CRYPTO_INTERNAL); if (output->length < hashsize) return(KRB5_BAD_MSIZE); - /* if this isn't > 0, then there won't be enough space in this - array to compute the outer hash */ - if (icount == 0) - return(KRB5_CRYPTO_INTERNAL); if (!map_digest(hash)) return(KRB5_CRYPTO_INTERNAL); // unsupported alg HMAC_CTX_init(&c); - HMAC_Init(&c, key->contents, key->length, map_digest(hash)); - for ( i = 0; i < icount; i++ ) { - HMAC_Update(&c,(const unsigned char*)input[i].data, input[i].length); + HMAC_Init(&c, keyblock->contents, keyblock->length, map_digest(hash)); + for (i = 0; i < num_data; i++) { + krb5_crypto_iov *iov = &data[i]; + + if (SIGN_IOV(iov)) + HMAC_Update(&c, (unsigned char*) iov->data.data, iov->data.length); } HMAC_Final(&c,(unsigned char *)md, &md_len); if ( md_len <= output->length) { @@ -123,56 +123,9 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash, } krb5_error_code -krb5int_hmac_iov_keyblock(const struct krb5_hash_provider *hash, - const krb5_keyblock *key, - const krb5_crypto_iov *data, size_t num_data, - krb5_data *output) -{ - krb5_data *sign_data; - size_t num_sign_data; - krb5_error_code ret; - size_t i, j; - - /* Create a checksum over all the data to be signed */ - for (i = 0, num_sign_data = 0; i < num_data; i++) { - const krb5_crypto_iov *iov = &data[i]; - - if (SIGN_IOV(iov)) - num_sign_data++; - } - - /* XXX cleanup to avoid alloc */ - sign_data = (krb5_data *)calloc(num_sign_data, sizeof(krb5_data)); - if (sign_data == NULL) - return ENOMEM; - - for (i = 0, j = 0; i < num_data; i++) { - const krb5_crypto_iov *iov = &data[i]; - - if (SIGN_IOV(iov)) - sign_data[j++] = iov->data; - } - - /* caller must store checksum in iov as it may be TYPE_TRAILER or TYPE_CHECKSUM */ - ret = krb5int_hmac_keyblock(hash, key, num_sign_data, sign_data, output); - - free(sign_data); - - return ret; -} - -krb5_error_code krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key, - unsigned int icount, const krb5_data *input, krb5_data *output) -{ - return krb5int_hmac_keyblock(hash, &key->keyblock, icount, input, output); -} - -krb5_error_code -krb5int_hmac_iov(const struct krb5_hash_provider *hash, krb5_key key, - const krb5_crypto_iov *data, size_t num_data, - krb5_data *output) + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) { - return krb5int_hmac_iov_keyblock(hash, &key->keyblock, data, num_data, - output); + return krb5int_hmac_keyblock(hash, &key->keyblock, data, num_data, output); } |