oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: Use iovecs internally for checksum verification

Browse Source 
When verifying checksums, pass iovecs through to the individual
verify routines.
This commit is contained in:
Simon Wilkinson
2018-05-14 15:00:05 +01:00
committed by Jeffrey Altman
parent ca756f0f7f
commit 8f947638c7
5 changed files with 19 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/krb5/crypto-des-common.c
View File

@@ -92,8 +92,8 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_des_verify(krb5_context context, _krb5_des_verify(krb5_context context,
const EVP_MD *evp_md, const EVP_MD *evp_md,
struct _krb5_key_data *key, struct _krb5_key_data *key,
const void *data, const struct krb5_crypto_iov *iov,
size_t len, int niov,
Checksum *C) Checksum *C)
{ {
struct _krb5_evp_schedule *ctx = key->schedule->data; struct _krb5_evp_schedule *ctx = key->schedule->data;
@@ -102,6 +102,7 @@ _krb5_des_verify(krb5_context context,
unsigned char res[16]; unsigned char res[16];
DES_cblock ivec; DES_cblock ivec;
krb5_error_code ret = 0; krb5_error_code ret = 0;
int i;
m = EVP_MD_CTX_create(); m = EVP_MD_CTX_create();
if (m == NULL) if (m == NULL)
@@ -113,7 +114,10 @@ _krb5_des_verify(krb5_context context,
EVP_DigestInit_ex(m, evp_md, NULL); EVP_DigestInit_ex(m, evp_md, NULL);
EVP_DigestUpdate(m, tmp, 8); /* confounder */ EVP_DigestUpdate(m, tmp, 8); /* confounder */
EVP_DigestUpdate(m, data, len); for (i = 0; i < niov; i++) {
if (_krb5_crypto_iov_should_sign(&iov[i]))
EVP_DigestUpdate(m, iov[i].data.data, iov[i].data.length);
}
EVP_DigestFinal_ex (m, res, NULL); EVP_DigestFinal_ex (m, res, NULL);
EVP_MD_CTX_destroy(m); EVP_MD_CTX_destroy(m);
if(ct_memcmp(res, tmp + 8, sizeof(res)) != 0) { if(ct_memcmp(res, tmp + 8, sizeof(res)) != 0) {

12
lib/krb5/crypto-des.c
View File

@@ -149,12 +149,12 @@ RSA_MD4_DES_checksum(krb5_context context,
static krb5_error_code static krb5_error_code
RSA_MD4_DES_verify(krb5_context context, RSA_MD4_DES_verify(krb5_context context,
struct _krb5_key_data *key, struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage, unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *C) Checksum *C)
{ {
return _krb5_des_verify(context, EVP_md4(), key, data, len, C); return _krb5_des_verify(context, EVP_md4(), key, iov, niov, C);
} }
static krb5_error_code static krb5_error_code
@@ -171,12 +171,12 @@ RSA_MD5_DES_checksum(krb5_context context,
static krb5_error_code static krb5_error_code
RSA_MD5_DES_verify(krb5_context context, RSA_MD5_DES_verify(krb5_context context,
struct _krb5_key_data *key, struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage, unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *C) Checksum *C)
{ {
return _krb5_des_verify(context, EVP_md5(), key, data, len, C); return _krb5_des_verify(context, EVP_md5(), key, iov, niov, C);
} }
struct _krb5_checksum_type _krb5_checksum_crc32 = { struct _krb5_checksum_type _krb5_checksum_crc32 = {

6
lib/krb5/crypto-des3.c
View File

@@ -154,12 +154,12 @@ RSA_MD5_DES3_checksum(krb5_context context,
static krb5_error_code static krb5_error_code
RSA_MD5_DES3_verify(krb5_context context, RSA_MD5_DES3_verify(krb5_context context,
struct _krb5_key_data *key, struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage, unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *C) Checksum *C)
{ {
return _krb5_des_verify(context, EVP_md5(), key, data, len, C); return _krb5_des_verify(context, EVP_md5(), key, iov, niov, C);
} }
struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = { struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = {

3
lib/krb5/crypto.c
View File

@@ -286,6 +286,7 @@ krb5_hmac(krb5_context context,
{ {
struct _krb5_checksum_type *c = _krb5_find_checksum(cktype); struct _krb5_checksum_type *c = _krb5_find_checksum(cktype);
struct _krb5_key_data kd; struct _krb5_key_data kd;
krb5_error_code ret; krb5_error_code ret;
if (c == NULL) { if (c == NULL) {
@@ -524,7 +525,7 @@ verify_checksum(krb5_context context,
iov[0].flags = KRB5_CRYPTO_TYPE_DATA; iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
if(ct->verify) { if(ct->verify) {
ret = (*ct->verify)(context, dkey, data, len, usage, cksum); ret = (*ct->verify)(context, dkey, usage, iov, 1, cksum);
if (ret) if (ret)
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
N_("Decrypt integrity check failed for checksum " N_("Decrypt integrity check failed for checksum "

2
lib/krb5/crypto.h
View File

@@ -103,8 +103,8 @@ struct _krb5_checksum_type {
Checksum *csum); Checksum *csum);
krb5_error_code (*verify)(krb5_context context, krb5_error_code (*verify)(krb5_context context,
struct _krb5_key_data *key, struct _krb5_key_data *key,
const void *buf, size_t len,
unsigned usage, unsigned usage,
const struct krb5_crypto_iov *iov, int niov,
Checksum *csum); Checksum *csum);
}; };