oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Pick out header and trailer first before treating data and sign_only data.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23655 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-08-21 21:25:53 +00:00
parent 0f18ec866a
commit 27e06ef268
1 changed files with 40 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
lib/krb5/crypto.c
View File

@@ -3309,9 +3309,9 @@ krb5_encrypt_iov_ivec(krb5_context context,
* XXX CTS EVP is broken, can't handle multi buffers :( * XXX CTS EVP is broken, can't handle multi buffers :(
*/ */
for (len = 0, i = 0; i < num_data; i++) { len = hiv->data.length;
if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && for (i = 0; i < num_data; i++) {
data[i].flags != KRB5_CRYPTO_TYPE_DATA && if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
continue; continue;
len += data[i].data.length; len += data[i].data.length;
@@ -3319,9 +3319,10 @@ krb5_encrypt_iov_ivec(krb5_context context,
p = q = malloc(len); p = q = malloc(len);
memcpy(q, hiv->data.data, hiv->data.length);
q += hiv->data.length;
for (i = 0; i < num_data; i++) { for (i = 0; i < num_data; i++) {
if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
continue; continue;
memcpy(q, data[i].data.data, data[i].data.length); memcpy(q, data[i].data.data, data[i].data.length);
@@ -3342,7 +3343,7 @@ krb5_encrypt_iov_ivec(krb5_context context,
ret = KRB5_CRYPTO_INTERNAL; ret = KRB5_CRYPTO_INTERNAL;
} }
if(ret) if(ret)
goto fail; return ret;
/* save cksum at end */ /* save cksum at end */
memcpy(tiv->data.data, cksum.checksum.data, cksum.checksum.length); memcpy(tiv->data.data, cksum.checksum.data, cksum.checksum.length);
@@ -3352,26 +3353,29 @@ krb5_encrypt_iov_ivec(krb5_context context,
ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
if(ret) if(ret)
goto fail; return ret;
ret = _key_schedule(context, dkey); ret = _key_schedule(context, dkey);
if(ret) if(ret)
goto fail; return ret;
/* XXX replace with EVP_Cipher */ /* XXX replace with EVP_Cipher */
for (len = 0, i = 0; i < num_data; i++) { len = hiv->data.length;
if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && for (i = 0; i < num_data; i++) {
data[i].flags != KRB5_CRYPTO_TYPE_DATA && if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
data[i].flags != KRB5_CRYPTO_TYPE_PADDING) data[i].flags != KRB5_CRYPTO_TYPE_PADDING)
continue; continue;
len += data[i].data.length; len += data[i].data.length;
} }
p = q = malloc(len); p = q = malloc(len);
if(p == NULL)
return ENOMEM;
memcpy(q, hiv->data.data, hiv->data.length);
q += hiv->data.length;
for (i = 0; i < num_data; i++) { for (i = 0; i < num_data; i++) {
if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
data[i].flags != KRB5_CRYPTO_TYPE_PADDING) data[i].flags != KRB5_CRYPTO_TYPE_PADDING)
continue; continue;
memcpy(q, data[i].data.data, data[i].data.length); memcpy(q, data[i].data.data, data[i].data.length);
@@ -3392,24 +3396,23 @@ krb5_encrypt_iov_ivec(krb5_context context,
ret = (*et->encrypt)(context, dkey, p, len, 1, usage, ivec); ret = (*et->encrypt)(context, dkey, p, len, 1, usage, ivec);
if (ret) { if (ret) {
free(p); free(p);
goto fail; return ret;
} }
/* now copy data back to buffers */ /* now copy data back to buffers */
for (q = p, i = 0; i < num_data; i++) { q = p;
if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && memcpy(hiv->data.data, q, hiv->data.length);
data[i].flags != KRB5_CRYPTO_TYPE_DATA && q += hiv->data.length;
for (i = 0; i < num_data; i++) {
if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
data[i].flags != KRB5_CRYPTO_TYPE_PADDING) data[i].flags != KRB5_CRYPTO_TYPE_PADDING)
continue; continue;
memcpy(data[i].data.data, q, data[i].data.length); memcpy(data[i].data.data, q, data[i].data.length);
q += data[i].data.length; q += data[i].data.length;
len -= data[i].data.length;
} }
if (len)
krb5_abortx(context, "crypto: failed to get padsize right");
free(p); free(p);
fail:
return ret; return ret;
} }
@@ -3477,9 +3480,10 @@ krb5_decrypt_iov_ivec(krb5_context context,
if (p == NULL) if (p == NULL)
return ENOMEM; return ENOMEM;
memcpy(q, hiv->data.data, hiv->data.length);
q += hiv->data.length;
for (i = 0; i < num_data; i++) { for (i = 0; i < num_data; i++) {
if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && if (data[i].flags != KRB5_CRYPTO_TYPE_DATA)
data[i].flags != KRB5_CRYPTO_TYPE_DATA)
continue; continue;
memcpy(q, data[i].data.data, data[i].data.length); memcpy(q, data[i].data.data, data[i].data.length);
q += data[i].data.length; q += data[i].data.length;
@@ -3503,9 +3507,13 @@ krb5_decrypt_iov_ivec(krb5_context context,
} }
/* XXX now copy data back to buffers */ /* XXX now copy data back to buffers */
for (q = p, i = 0; i < num_data; i++) { q = p;
if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && memcpy(hiv->data.data, q, hiv->data.length);
data[i].flags != KRB5_CRYPTO_TYPE_DATA) q += hiv->data.length;
len -= hiv->data.length;
for (i = 0; i < num_data; i++) {
if (data[i].flags != KRB5_CRYPTO_TYPE_DATA)
continue; continue;
if (len < data[i].data.length) if (len < data[i].data.length)
data[i].data.length = len; data[i].data.length = len;
@@ -3517,9 +3525,9 @@ krb5_decrypt_iov_ivec(krb5_context context,
if (len) if (len)
krb5_abortx(context, "data still in the buffer"); krb5_abortx(context, "data still in the buffer");
for (len = 0, i = 0; i < num_data; i++) { len = hiv->data.length;
if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && for (i = 0; i < num_data; i++) {
data[i].flags != KRB5_CRYPTO_TYPE_DATA && if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
continue; continue;
len += data[i].data.length; len += data[i].data.length;
@@ -3527,9 +3535,10 @@ krb5_decrypt_iov_ivec(krb5_context context,
p = q = malloc(len); p = q = malloc(len);
memcpy(q, hiv->data.data, hiv->data.length);
q += hiv->data.length;
for (i = 0; i < num_data; i++) { for (i = 0; i < num_data; i++) {
if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
continue; continue;
memcpy(q, data[i].data.data, data[i].data.length); memcpy(q, data[i].data.data, data[i].data.length);