oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: Use iovecs for krb5_decrypt_iov_ivec

Browse Source 
When we have an underlying iovec encryption function, use iovecs for
checksum-then-encrypt alogrithms in decrypt_iov_ivec, rather than
coalescing iovecs into a single memory buffer.
This commit is contained in:
Simon Wilkinson
2018-05-14 14:27:42 +01:00
committed by Jeffrey Altman
parent a1c8f029b7
commit 8e301d44b1
1 changed files with 35 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/krb5/crypto.c
View File

@@ -1839,10 +1839,6 @@ krb5_decrypt_iov_ivec(krb5_context context,
krb5_data_zero(&sign_data); krb5_data_zero(&sign_data);
if (!(et->flags & F_ENC_THEN_CKSUM)) { if (!(et->flags & F_ENC_THEN_CKSUM)) {
ret = iov_coalesce(context, NULL, data, num_data, FALSE, &enc_data);
if(ret)
goto cleanup;
ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
if(ret) if(ret)
goto cleanup; goto cleanup;
@@ -1851,6 +1847,16 @@ krb5_decrypt_iov_ivec(krb5_context context,
if(ret) if(ret)
goto cleanup; goto cleanup;
if (et->encrypt_iov != NULL) {
ret = (*et->encrypt_iov)(context, dkey, data, num_data,
0, usage, ivec);
if(ret)
goto cleanup;
} else {
ret = iov_coalesce(context, NULL, data, num_data, FALSE, &enc_data);
if(ret)
goto cleanup;
ret = (*et->encrypt)(context, dkey, enc_data.data, enc_data.length, ret = (*et->encrypt)(context, dkey, enc_data.data, enc_data.length,
0, usage, ivec); 0, usage, ivec);
if(ret) if(ret)
@@ -1859,8 +1865,14 @@ krb5_decrypt_iov_ivec(krb5_context context,
ret = iov_uncoalesce(context, &enc_data, data, num_data); ret = iov_uncoalesce(context, &enc_data, data, num_data);
if(ret) if(ret)
goto cleanup; goto cleanup;
}
ret = iov_coalesce(context, NULL, data, num_data, TRUE, &sign_data); cksum.checksum.data = tiv->data.data;
cksum.checksum.length = tiv->data.length;
cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum);
ret = verify_checksum_iov(context, crypto, INTEGRITY_USAGE(usage),
data, num_data, &cksum);
if(ret) if(ret)
goto cleanup; goto cleanup;
} else { } else {
@@ -1876,7 +1888,6 @@ krb5_decrypt_iov_ivec(krb5_context context,
ret = iov_coalesce(context, &ivec_data, data, num_data, TRUE, &sign_data); ret = iov_coalesce(context, &ivec_data, data, num_data, TRUE, &sign_data);
if(ret) if(ret)
goto cleanup; goto cleanup;
}
cksum.checksum.data = tiv->data.data; cksum.checksum.data = tiv->data.data;
cksum.checksum.length = tiv->data.length; cksum.checksum.length = tiv->data.length;
@@ -1891,7 +1902,6 @@ krb5_decrypt_iov_ivec(krb5_context context,
if(ret) if(ret)
goto cleanup; goto cleanup;
if (et->flags & F_ENC_THEN_CKSUM) {
ret = iov_coalesce(context, NULL, data, num_data, FALSE, &enc_data); ret = iov_coalesce(context, NULL, data, num_data, FALSE, &enc_data);
if(ret) if(ret)
goto cleanup; goto cleanup;