(encryption_type): make field names more consistent
(create_checksum): separate usage and type (krb5_create_checksum): add a separate type parameter (encrypt_internal): only free once on mismatched checksum length git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9868 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -112,7 +112,7 @@ struct encryption_type {
|
|||||||
size_t blocksize;
|
size_t blocksize;
|
||||||
size_t confoundersize;
|
size_t confoundersize;
|
||||||
struct key_type *keytype;
|
struct key_type *keytype;
|
||||||
struct checksum_type *cksumtype;
|
struct checksum_type *checksum;
|
||||||
struct checksum_type *keyed_checksum;
|
struct checksum_type *keyed_checksum;
|
||||||
unsigned flags;
|
unsigned flags;
|
||||||
krb5_error_code (*encrypt)(struct key_data *key,
|
krb5_error_code (*encrypt)(struct key_data *key,
|
||||||
@@ -1403,7 +1403,7 @@ do_checksum (krb5_context context,
|
|||||||
static krb5_error_code
|
static krb5_error_code
|
||||||
create_checksum(krb5_context context,
|
create_checksum(krb5_context context,
|
||||||
krb5_crypto crypto,
|
krb5_crypto crypto,
|
||||||
unsigned usage, /* not krb5_key_usage */
|
krb5_key_usage usage, /* not krb5_key_usage */
|
||||||
krb5_cksumtype type, /* 0 -> pick from crypto */
|
krb5_cksumtype type, /* 0 -> pick from crypto */
|
||||||
void *data,
|
void *data,
|
||||||
size_t len,
|
size_t len,
|
||||||
@@ -1411,13 +1411,14 @@ create_checksum(krb5_context context,
|
|||||||
{
|
{
|
||||||
struct checksum_type *ct = NULL;
|
struct checksum_type *ct = NULL;
|
||||||
|
|
||||||
if (type)
|
if (type) {
|
||||||
ct = _find_checksum(type);
|
ct = _find_checksum(type);
|
||||||
else if(crypto) {
|
} else if (crypto) {
|
||||||
ct = crypto->et->keyed_checksum;
|
ct = crypto->et->keyed_checksum;
|
||||||
if(ct == NULL)
|
if (ct == NULL)
|
||||||
ct = crypto->et->cksumtype;
|
ct = crypto->et->checksum;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ct == NULL)
|
if(ct == NULL)
|
||||||
return KRB5_PROG_SUMTYPE_NOSUPP;
|
return KRB5_PROG_SUMTYPE_NOSUPP;
|
||||||
return do_checksum (context, ct, crypto, usage, data, len, result);
|
return do_checksum (context, ct, crypto, usage, data, len, result);
|
||||||
@@ -1426,14 +1427,15 @@ create_checksum(krb5_context context,
|
|||||||
krb5_error_code
|
krb5_error_code
|
||||||
krb5_create_checksum(krb5_context context,
|
krb5_create_checksum(krb5_context context,
|
||||||
krb5_crypto crypto,
|
krb5_crypto crypto,
|
||||||
unsigned usage_or_type,
|
krb5_key_usage usage,
|
||||||
|
int type,
|
||||||
void *data,
|
void *data,
|
||||||
size_t len,
|
size_t len,
|
||||||
Checksum *result)
|
Checksum *result)
|
||||||
{
|
{
|
||||||
return create_checksum(context, crypto,
|
return create_checksum(context, crypto,
|
||||||
CHECKSUM_USAGE(usage_or_type),
|
CHECKSUM_USAGE(usage),
|
||||||
usage_or_type, data, len, result);
|
type, data, len, result);
|
||||||
}
|
}
|
||||||
|
|
||||||
static krb5_error_code
|
static krb5_error_code
|
||||||
@@ -2175,7 +2177,7 @@ encrypt_internal_derived(krb5_context context,
|
|||||||
ret = create_checksum(context,
|
ret = create_checksum(context,
|
||||||
crypto,
|
crypto,
|
||||||
INTEGRITY_USAGE(usage),
|
INTEGRITY_USAGE(usage),
|
||||||
0,
|
et->keyed_checksum->type,
|
||||||
p,
|
p,
|
||||||
block_sz,
|
block_sz,
|
||||||
&cksum);
|
&cksum);
|
||||||
@@ -2225,7 +2227,7 @@ encrypt_internal(krb5_context context,
|
|||||||
krb5_error_code ret;
|
krb5_error_code ret;
|
||||||
struct encryption_type *et = crypto->et;
|
struct encryption_type *et = crypto->et;
|
||||||
|
|
||||||
checksum_sz = CHECKSUMSIZE(et->cksumtype);
|
checksum_sz = CHECKSUMSIZE(et->checksum);
|
||||||
|
|
||||||
sz = et->confoundersize + checksum_sz + len;
|
sz = et->confoundersize + checksum_sz + len;
|
||||||
block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */
|
block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */
|
||||||
@@ -2243,14 +2245,12 @@ encrypt_internal(krb5_context context,
|
|||||||
ret = create_checksum(context,
|
ret = create_checksum(context,
|
||||||
crypto,
|
crypto,
|
||||||
0,
|
0,
|
||||||
0,
|
et->checksum->type,
|
||||||
p,
|
p,
|
||||||
block_sz,
|
block_sz,
|
||||||
&cksum);
|
&cksum);
|
||||||
if(ret == 0 && cksum.checksum.length != checksum_sz) {
|
if(ret == 0 && cksum.checksum.length != checksum_sz)
|
||||||
free_Checksum (&cksum);
|
|
||||||
ret = KRB5_CRYPTO_INTERNAL;
|
ret = KRB5_CRYPTO_INTERNAL;
|
||||||
}
|
|
||||||
if(ret) {
|
if(ret) {
|
||||||
memset(p, 0, block_sz);
|
memset(p, 0, block_sz);
|
||||||
free(p);
|
free(p);
|
||||||
@@ -2284,7 +2284,7 @@ encrypt_internal_special(krb5_context context,
|
|||||||
void *ivec)
|
void *ivec)
|
||||||
{
|
{
|
||||||
struct encryption_type *et = crypto->et;
|
struct encryption_type *et = crypto->et;
|
||||||
size_t cksum_sz = CHECKSUMSIZE(et->cksumtype);
|
size_t cksum_sz = CHECKSUMSIZE(et->checksum);
|
||||||
size_t sz = len + cksum_sz + et->confoundersize;
|
size_t sz = len + cksum_sz + et->confoundersize;
|
||||||
char *tmp, *p;
|
char *tmp, *p;
|
||||||
|
|
||||||
@@ -2385,7 +2385,7 @@ decrypt_internal(krb5_context context,
|
|||||||
size_t checksum_sz, l;
|
size_t checksum_sz, l;
|
||||||
struct encryption_type *et = crypto->et;
|
struct encryption_type *et = crypto->et;
|
||||||
|
|
||||||
checksum_sz = CHECKSUMSIZE(et->cksumtype);
|
checksum_sz = CHECKSUMSIZE(et->checksum);
|
||||||
p = malloc(len);
|
p = malloc(len);
|
||||||
if(len != 0 && p == NULL)
|
if(len != 0 && p == NULL)
|
||||||
return ENOMEM;
|
return ENOMEM;
|
||||||
@@ -2406,7 +2406,7 @@ decrypt_internal(krb5_context context,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
memset(p + et->confoundersize, 0, checksum_sz);
|
memset(p + et->confoundersize, 0, checksum_sz);
|
||||||
cksum.cksumtype = CHECKSUMTYPE(et->cksumtype);
|
cksum.cksumtype = CHECKSUMTYPE(et->checksum);
|
||||||
ret = verify_checksum(context, NULL, 0, p, len, &cksum);
|
ret = verify_checksum(context, NULL, 0, p, len, &cksum);
|
||||||
free_Checksum(&cksum);
|
free_Checksum(&cksum);
|
||||||
if(ret) {
|
if(ret) {
|
||||||
@@ -2434,7 +2434,7 @@ decrypt_internal_special(krb5_context context,
|
|||||||
void *ivec)
|
void *ivec)
|
||||||
{
|
{
|
||||||
struct encryption_type *et = crypto->et;
|
struct encryption_type *et = crypto->et;
|
||||||
size_t cksum_sz = CHECKSUMSIZE(et->cksumtype);
|
size_t cksum_sz = CHECKSUMSIZE(et->checksum);
|
||||||
size_t sz = len - cksum_sz - et->confoundersize;
|
size_t sz = len - cksum_sz - et->confoundersize;
|
||||||
char *cdata = (char *)data;
|
char *cdata = (char *)data;
|
||||||
char *tmp;
|
char *tmp;
|
||||||
@@ -2905,7 +2905,7 @@ wrapped_length (krb5_context context,
|
|||||||
size_t blocksize = et->blocksize;
|
size_t blocksize = et->blocksize;
|
||||||
size_t res;
|
size_t res;
|
||||||
|
|
||||||
res = et->confoundersize + et->cksumtype->checksumsize + data_len;
|
res = et->confoundersize + et->checksum->checksumsize + data_len;
|
||||||
res = (res + blocksize - 1) / blocksize * blocksize;
|
res = (res + blocksize - 1) / blocksize * blocksize;
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
@@ -2921,7 +2921,7 @@ wrapped_length_dervied (krb5_context context,
|
|||||||
|
|
||||||
res = et->confoundersize + data_len;
|
res = et->confoundersize + data_len;
|
||||||
res = (res + blocksize - 1) / blocksize * blocksize;
|
res = (res + blocksize - 1) / blocksize * blocksize;
|
||||||
res += et->cksumtype->checksumsize;
|
res += et->checksum->checksumsize;
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user