From bad149c2a94f20df57f9d51810aff23aeb0921a4 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Thu, 10 Dec 2009 17:10:10 +0000 Subject: Restructure the crypto checksum implementation to minimize dependencies on the internals of modules. * Keyhash providers are gone. * The cksumtypes table contains checksum and verify functions, similar to the etypes encrypt and decrypt functions. New checksum functions parallel the old keyhash providers, and there are also functions for unkeyed and derived-key HMAC checksums. * The flags field is now used to indicate whether a checksum is unkeyed, but not whether it is a derived-key HMAC checksum. * The descbc checksum is handled through a new enc_provider function which calculates a CBC MAC. The OpenSSL module does not implement the CBC MAC function (it didn't implement descbc before). builtin/des could probably get rid of f_cksum.c (the old DES CBC routine) with some alterations to string2key.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23462 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/krb/keyed_cksum.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) (limited to 'src/lib/crypto/krb/keyed_cksum.c') diff --git a/src/lib/crypto/krb/keyed_cksum.c b/src/lib/crypto/krb/keyed_cksum.c index 2f8bed6..b6d3e3d 100644 --- a/src/lib/crypto/krb/keyed_cksum.c +++ b/src/lib/crypto/krb/keyed_cksum.c @@ -31,17 +31,10 @@ krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum(krb5_cksumtype ctype) { - unsigned int i; const struct krb5_cksumtypes *ctp; - for (i = 0; i < krb5int_cksumtypes_length; i++) { - ctp = &krb5int_cksumtypes_list[i]; - if (ctp->ctype == ctype) { - return (ctp->keyhash != NULL || - (ctp->flags & KRB5_CKSUMFLAG_DERIVE)); - } - } - - /* Invalid ctype. This is misleading, but better than dumping core. */ - return FALSE; + ctp = find_cksumtype(ctype); + if (ctp == NULL) + return FALSE; + return !(ctp->flags & CKSUM_UNKEYED); } -- cgit v1.1