diff --git a/lib/krb5/crypto-des-common.c b/lib/krb5/crypto-des-common.c index c85bd2433..b6d765066 100644 --- a/lib/krb5/crypto-des-common.c +++ b/lib/krb5/crypto-des-common.c @@ -92,8 +92,8 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_des_verify(krb5_context context, const EVP_MD *evp_md, struct _krb5_key_data *key, - const void *data, - size_t len, + const struct krb5_crypto_iov *iov, + int niov, Checksum *C) { struct _krb5_evp_schedule *ctx = key->schedule->data; @@ -102,6 +102,7 @@ _krb5_des_verify(krb5_context context, unsigned char res[16]; DES_cblock ivec; krb5_error_code ret = 0; + int i; m = EVP_MD_CTX_create(); if (m == NULL) @@ -113,7 +114,10 @@ _krb5_des_verify(krb5_context context, EVP_DigestInit_ex(m, evp_md, NULL); EVP_DigestUpdate(m, tmp, 8); /* confounder */ - EVP_DigestUpdate(m, data, len); + for (i = 0; i < niov; i++) { + if (_krb5_crypto_iov_should_sign(&iov[i])) + EVP_DigestUpdate(m, iov[i].data.data, iov[i].data.length); + } EVP_DigestFinal_ex (m, res, NULL); EVP_MD_CTX_destroy(m); if(ct_memcmp(res, tmp + 8, sizeof(res)) != 0) { diff --git a/lib/krb5/crypto-des.c b/lib/krb5/crypto-des.c index 017ce106f..152c01550 100644 --- a/lib/krb5/crypto-des.c +++ b/lib/krb5/crypto-des.c @@ -149,12 +149,12 @@ RSA_MD4_DES_checksum(krb5_context context, static krb5_error_code RSA_MD4_DES_verify(krb5_context context, struct _krb5_key_data *key, - const void *data, - size_t len, unsigned usage, + const struct krb5_crypto_iov *iov, + int niov, Checksum *C) { - return _krb5_des_verify(context, EVP_md4(), key, data, len, C); + return _krb5_des_verify(context, EVP_md4(), key, iov, niov, C); } static krb5_error_code @@ -171,12 +171,12 @@ RSA_MD5_DES_checksum(krb5_context context, static krb5_error_code RSA_MD5_DES_verify(krb5_context context, struct _krb5_key_data *key, - const void *data, - size_t len, unsigned usage, + const struct krb5_crypto_iov *iov, + int niov, Checksum *C) { - return _krb5_des_verify(context, EVP_md5(), key, data, len, C); + return _krb5_des_verify(context, EVP_md5(), key, iov, niov, C); } struct _krb5_checksum_type _krb5_checksum_crc32 = { diff --git a/lib/krb5/crypto-des3.c b/lib/krb5/crypto-des3.c index 36174ff7f..98faed853 100644 --- a/lib/krb5/crypto-des3.c +++ b/lib/krb5/crypto-des3.c @@ -154,12 +154,12 @@ RSA_MD5_DES3_checksum(krb5_context context, static krb5_error_code RSA_MD5_DES3_verify(krb5_context context, struct _krb5_key_data *key, - const void *data, - size_t len, unsigned usage, + const struct krb5_crypto_iov *iov, + int niov, Checksum *C) { - return _krb5_des_verify(context, EVP_md5(), key, data, len, C); + return _krb5_des_verify(context, EVP_md5(), key, iov, niov, C); } struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = { diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 04ace4151..f2c9e4595 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -286,6 +286,7 @@ krb5_hmac(krb5_context context, { struct _krb5_checksum_type *c = _krb5_find_checksum(cktype); struct _krb5_key_data kd; + krb5_error_code ret; if (c == NULL) { @@ -524,7 +525,7 @@ verify_checksum(krb5_context context, iov[0].flags = KRB5_CRYPTO_TYPE_DATA; if(ct->verify) { - ret = (*ct->verify)(context, dkey, data, len, usage, cksum); + ret = (*ct->verify)(context, dkey, usage, iov, 1, cksum); if (ret) krb5_set_error_message(context, ret, N_("Decrypt integrity check failed for checksum " diff --git a/lib/krb5/crypto.h b/lib/krb5/crypto.h index f1ed1a5a3..1480e5ea4 100644 --- a/lib/krb5/crypto.h +++ b/lib/krb5/crypto.h @@ -103,8 +103,8 @@ struct _krb5_checksum_type { Checksum *csum); krb5_error_code (*verify)(krb5_context context, struct _krb5_key_data *key, - const void *buf, size_t len, unsigned usage, + const struct krb5_crypto_iov *iov, int niov, Checksum *csum); };