switch to EVP_MD_CTX_create() and thus make smaller
This commit is contained in:
184
kdc/digest.c
184
kdc/digest.c
@@ -613,7 +613,7 @@ _kdc_do_digest(krb5_context context,
|
||||
}
|
||||
|
||||
if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) {
|
||||
EVP_MD_CTX ctx;
|
||||
EVP_MD_CTX *ctx;
|
||||
unsigned char md[MD5_DIGEST_LENGTH];
|
||||
char *mdx;
|
||||
char id;
|
||||
@@ -642,15 +642,15 @@ _kdc_do_digest(krb5_context context,
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
ctx = EVP_MD_CTX_create();
|
||||
|
||||
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&ctx, &id, 1);
|
||||
EVP_DigestUpdate(&ctx, password, strlen(password));
|
||||
EVP_DigestUpdate(&ctx, serverNonce.data, serverNonce.length);
|
||||
EVP_DigestFinal_ex(&ctx, md, NULL);
|
||||
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(ctx, &id, 1);
|
||||
EVP_DigestUpdate(ctx, password, strlen(password));
|
||||
EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
|
||||
EVP_DigestFinal_ex(ctx, md, NULL);
|
||||
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
|
||||
hex_encode(md, sizeof(md), &mdx);
|
||||
if (mdx == NULL) {
|
||||
@@ -673,7 +673,7 @@ _kdc_do_digest(krb5_context context,
|
||||
}
|
||||
|
||||
} else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) {
|
||||
EVP_MD_CTX ctx;
|
||||
EVP_MD_CTX *ctx;
|
||||
unsigned char md[MD5_DIGEST_LENGTH];
|
||||
char *mdx;
|
||||
char *A1, *A2;
|
||||
@@ -698,53 +698,53 @@ _kdc_do_digest(krb5_context context,
|
||||
if (ret)
|
||||
goto failed;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
ctx = EVP_MD_CTX_create();
|
||||
|
||||
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&ctx, ireq.u.digestRequest.username,
|
||||
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(ctx, ireq.u.digestRequest.username,
|
||||
strlen(ireq.u.digestRequest.username));
|
||||
EVP_DigestUpdate(&ctx, ":", 1);
|
||||
EVP_DigestUpdate(&ctx, *ireq.u.digestRequest.realm,
|
||||
EVP_DigestUpdate(ctx, ":", 1);
|
||||
EVP_DigestUpdate(ctx, *ireq.u.digestRequest.realm,
|
||||
strlen(*ireq.u.digestRequest.realm));
|
||||
EVP_DigestUpdate(&ctx, ":", 1);
|
||||
EVP_DigestUpdate(&ctx, password, strlen(password));
|
||||
EVP_DigestFinal_ex(&ctx, md, NULL);
|
||||
EVP_DigestUpdate(ctx, ":", 1);
|
||||
EVP_DigestUpdate(ctx, password, strlen(password));
|
||||
EVP_DigestFinal_ex(ctx, md, NULL);
|
||||
|
||||
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&ctx, md, sizeof(md));
|
||||
EVP_DigestUpdate(&ctx, ":", 1);
|
||||
EVP_DigestUpdate(&ctx, ireq.u.digestRequest.serverNonce,
|
||||
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(ctx, md, sizeof(md));
|
||||
EVP_DigestUpdate(ctx, ":", 1);
|
||||
EVP_DigestUpdate(ctx, ireq.u.digestRequest.serverNonce,
|
||||
strlen(ireq.u.digestRequest.serverNonce));
|
||||
EVP_DigestUpdate(&ctx, ":", 1);
|
||||
EVP_DigestUpdate(&ctx, *ireq.u.digestRequest.nonceCount,
|
||||
EVP_DigestUpdate(ctx, ":", 1);
|
||||
EVP_DigestUpdate(ctx, *ireq.u.digestRequest.nonceCount,
|
||||
strlen(*ireq.u.digestRequest.nonceCount));
|
||||
if (ireq.u.digestRequest.authid) {
|
||||
EVP_DigestUpdate(&ctx, ":", 1);
|
||||
EVP_DigestUpdate(&ctx, *ireq.u.digestRequest.authid,
|
||||
EVP_DigestUpdate(ctx, ":", 1);
|
||||
EVP_DigestUpdate(ctx, *ireq.u.digestRequest.authid,
|
||||
strlen(*ireq.u.digestRequest.authid));
|
||||
}
|
||||
EVP_DigestFinal_ex(&ctx, md, NULL);
|
||||
EVP_DigestFinal_ex(ctx, md, NULL);
|
||||
hex_encode(md, sizeof(md), &A1);
|
||||
if (A1 == NULL) {
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret, "malloc: out of memory");
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&ctx,
|
||||
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(ctx,
|
||||
"AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
|
||||
EVP_DigestUpdate(&ctx, *ireq.u.digestRequest.uri,
|
||||
EVP_DigestUpdate(ctx, *ireq.u.digestRequest.uri,
|
||||
strlen(*ireq.u.digestRequest.uri));
|
||||
|
||||
/* conf|int */
|
||||
if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) {
|
||||
static char conf_zeros[] = ":00000000000000000000000000000000";
|
||||
EVP_DigestUpdate(&ctx, conf_zeros, sizeof(conf_zeros) - 1);
|
||||
EVP_DigestUpdate(ctx, conf_zeros, sizeof(conf_zeros) - 1);
|
||||
}
|
||||
|
||||
EVP_DigestFinal_ex(&ctx, md, NULL);
|
||||
EVP_DigestFinal_ex(ctx, md, NULL);
|
||||
|
||||
hex_encode(md, sizeof(md), &A2);
|
||||
if (A2 == NULL) {
|
||||
@@ -754,26 +754,26 @@ _kdc_do_digest(krb5_context context,
|
||||
goto failed;
|
||||
}
|
||||
|
||||
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&ctx, A1, strlen(A2));
|
||||
EVP_DigestUpdate(&ctx, ":", 1);
|
||||
EVP_DigestUpdate(&ctx, ireq.u.digestRequest.serverNonce,
|
||||
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(ctx, A1, strlen(A2));
|
||||
EVP_DigestUpdate(ctx, ":", 1);
|
||||
EVP_DigestUpdate(ctx, ireq.u.digestRequest.serverNonce,
|
||||
strlen(ireq.u.digestRequest.serverNonce));
|
||||
EVP_DigestUpdate(&ctx, ":", 1);
|
||||
EVP_DigestUpdate(&ctx, *ireq.u.digestRequest.nonceCount,
|
||||
EVP_DigestUpdate(ctx, ":", 1);
|
||||
EVP_DigestUpdate(ctx, *ireq.u.digestRequest.nonceCount,
|
||||
strlen(*ireq.u.digestRequest.nonceCount));
|
||||
EVP_DigestUpdate(&ctx, ":", 1);
|
||||
EVP_DigestUpdate(&ctx, *ireq.u.digestRequest.clientNonce,
|
||||
EVP_DigestUpdate(ctx, ":", 1);
|
||||
EVP_DigestUpdate(ctx, *ireq.u.digestRequest.clientNonce,
|
||||
strlen(*ireq.u.digestRequest.clientNonce));
|
||||
EVP_DigestUpdate(&ctx, ":", 1);
|
||||
EVP_DigestUpdate(&ctx, *ireq.u.digestRequest.qop,
|
||||
EVP_DigestUpdate(ctx, ":", 1);
|
||||
EVP_DigestUpdate(ctx, *ireq.u.digestRequest.qop,
|
||||
strlen(*ireq.u.digestRequest.qop));
|
||||
EVP_DigestUpdate(&ctx, ":", 1);
|
||||
EVP_DigestUpdate(&ctx, A2, strlen(A2));
|
||||
EVP_DigestUpdate(ctx, ":", 1);
|
||||
EVP_DigestUpdate(ctx, A2, strlen(A2));
|
||||
|
||||
EVP_DigestFinal_ex(&ctx, md, NULL);
|
||||
EVP_DigestFinal_ex(ctx, md, NULL);
|
||||
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
|
||||
free(A1);
|
||||
free(A2);
|
||||
@@ -804,7 +804,7 @@ _kdc_do_digest(krb5_context context,
|
||||
const char *username;
|
||||
struct ntlm_buf answer;
|
||||
Key *key = NULL;
|
||||
EVP_MD_CTX ctx;
|
||||
EVP_MD_CTX *ctx;
|
||||
|
||||
if ((config->digests_allowed & MS_CHAP_V2) == 0) {
|
||||
kdc_log(context, config, 0, "MS-CHAP-V2 not allowed");
|
||||
@@ -831,10 +831,10 @@ _kdc_do_digest(krb5_context context,
|
||||
else
|
||||
username++;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
ctx = EVP_MD_CTX_create();
|
||||
|
||||
/* ChallangeHash */
|
||||
EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL);
|
||||
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
|
||||
{
|
||||
ssize_t ssize;
|
||||
krb5_data clientNonce;
|
||||
@@ -845,7 +845,7 @@ _kdc_do_digest(krb5_context context,
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret,
|
||||
"malloc: out of memory");
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
goto out;
|
||||
}
|
||||
|
||||
@@ -855,18 +855,18 @@ _kdc_do_digest(krb5_context context,
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_message(context, ret,
|
||||
"Failed to decode clientNonce");
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
goto out;
|
||||
}
|
||||
EVP_DigestUpdate(&ctx, clientNonce.data, ssize);
|
||||
EVP_DigestUpdate(ctx, clientNonce.data, ssize);
|
||||
free(clientNonce.data);
|
||||
}
|
||||
EVP_DigestUpdate(&ctx, serverNonce.data, serverNonce.length);
|
||||
EVP_DigestUpdate(&ctx, username, strlen(username));
|
||||
EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
|
||||
EVP_DigestUpdate(ctx, username, strlen(username));
|
||||
|
||||
EVP_DigestFinal_ex(&ctx, challange, NULL);
|
||||
EVP_DigestFinal_ex(ctx, challange, NULL);
|
||||
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
|
||||
/* NtPasswordHash */
|
||||
ret = krb5_parse_name(context, username, &clientprincipal);
|
||||
@@ -923,39 +923,39 @@ _kdc_do_digest(krb5_context context,
|
||||
|
||||
if (r.u.response.success) {
|
||||
unsigned char hashhash[MD4_DIGEST_LENGTH];
|
||||
EVP_MD_CTX ctx;
|
||||
EVP_MD_CTX *ctx;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
ctx = EVP_MD_CTX_create();
|
||||
|
||||
/* hashhash */
|
||||
{
|
||||
EVP_DigestInit_ex(&ctx, EVP_md4(), NULL);
|
||||
EVP_DigestUpdate(&ctx,
|
||||
EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
|
||||
EVP_DigestUpdate(ctx,
|
||||
key->key.keyvalue.data,
|
||||
key->key.keyvalue.length);
|
||||
EVP_DigestFinal_ex(&ctx, hashhash, NULL);
|
||||
EVP_DigestFinal_ex(ctx, hashhash, NULL);
|
||||
}
|
||||
|
||||
/* GenerateAuthenticatorResponse */
|
||||
EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL);
|
||||
EVP_DigestUpdate(&ctx, hashhash, sizeof(hashhash));
|
||||
EVP_DigestUpdate(&ctx, answer.data, answer.length);
|
||||
EVP_DigestUpdate(&ctx, ms_chap_v2_magic1,
|
||||
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
|
||||
EVP_DigestUpdate(ctx, hashhash, sizeof(hashhash));
|
||||
EVP_DigestUpdate(ctx, answer.data, answer.length);
|
||||
EVP_DigestUpdate(ctx, ms_chap_v2_magic1,
|
||||
sizeof(ms_chap_v2_magic1));
|
||||
EVP_DigestFinal_ex(&ctx, md, NULL);
|
||||
EVP_DigestFinal_ex(ctx, md, NULL);
|
||||
|
||||
EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL);
|
||||
EVP_DigestUpdate(&ctx, md, sizeof(md));
|
||||
EVP_DigestUpdate(&ctx, challange, 8);
|
||||
EVP_DigestUpdate(&ctx, ms_chap_v2_magic2,
|
||||
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
|
||||
EVP_DigestUpdate(ctx, md, sizeof(md));
|
||||
EVP_DigestUpdate(ctx, challange, 8);
|
||||
EVP_DigestUpdate(ctx, ms_chap_v2_magic2,
|
||||
sizeof(ms_chap_v2_magic2));
|
||||
EVP_DigestFinal_ex(&ctx, md, NULL);
|
||||
EVP_DigestFinal_ex(ctx, md, NULL);
|
||||
|
||||
r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
|
||||
if (r.u.response.rsp == NULL) {
|
||||
free(answer.data);
|
||||
krb5_clear_error_message(context);
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
@@ -964,22 +964,22 @@ _kdc_do_digest(krb5_context context,
|
||||
if (r.u.response.rsp == NULL) {
|
||||
free(answer.data);
|
||||
krb5_clear_error_message(context);
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* get_master, rfc 3079 3.4 */
|
||||
EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL);
|
||||
EVP_DigestUpdate(&ctx, hashhash, 16);
|
||||
EVP_DigestUpdate(&ctx, answer.data, answer.length);
|
||||
EVP_DigestUpdate(&ctx, ms_rfc3079_magic1,
|
||||
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
|
||||
EVP_DigestUpdate(ctx, hashhash, 16);
|
||||
EVP_DigestUpdate(ctx, answer.data, answer.length);
|
||||
EVP_DigestUpdate(ctx, ms_rfc3079_magic1,
|
||||
sizeof(ms_rfc3079_magic1));
|
||||
EVP_DigestFinal_ex(&ctx, md, NULL);
|
||||
EVP_DigestFinal_ex(ctx, md, NULL);
|
||||
|
||||
free(answer.data);
|
||||
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
|
||||
r.u.response.session_key =
|
||||
calloc(1, sizeof(*r.u.response.session_key));
|
||||
@@ -1265,7 +1265,7 @@ _kdc_do_digest(krb5_context context,
|
||||
|
||||
if (flags & NTLM_NEG_NTLM2_SESSION) {
|
||||
unsigned char sessionhash[MD5_DIGEST_LENGTH];
|
||||
EVP_MD_CTX ctx;
|
||||
EVP_MD_CTX *ctx;
|
||||
|
||||
if ((config->digests_allowed & NTLM_V1_SESSION) == 0) {
|
||||
kdc_log(context, config, 0, "NTLM v1-session not allowed");
|
||||
@@ -1280,16 +1280,16 @@ _kdc_do_digest(krb5_context context,
|
||||
goto failed;
|
||||
}
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
ctx = EVP_MD_CTX_create();
|
||||
|
||||
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
|
||||
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
|
||||
|
||||
EVP_DigestUpdate(&ctx, challange, sizeof(challange));
|
||||
EVP_DigestUpdate(&ctx, ireq.u.ntlmRequest.lm.data, 8);
|
||||
EVP_DigestFinal_ex(&ctx, sessionhash, NULL);
|
||||
EVP_DigestUpdate(ctx, challange, sizeof(challange));
|
||||
EVP_DigestUpdate(ctx, ireq.u.ntlmRequest.lm.data, 8);
|
||||
EVP_DigestFinal_ex(ctx, sessionhash, NULL);
|
||||
memcpy(challange, sessionhash, sizeof(challange));
|
||||
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
|
||||
} else {
|
||||
if ((config->digests_allowed & NTLM_V1) == 0) {
|
||||
@@ -1317,17 +1317,17 @@ _kdc_do_digest(krb5_context context,
|
||||
free(answer.data);
|
||||
|
||||
{
|
||||
EVP_MD_CTX ctx;
|
||||
EVP_MD_CTX *ctx;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
ctx = EVP_MD_CTX_create();
|
||||
|
||||
EVP_DigestInit_ex(&ctx, EVP_md4(), NULL);
|
||||
EVP_DigestUpdate(&ctx,
|
||||
EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
|
||||
EVP_DigestUpdate(ctx,
|
||||
key->key.keyvalue.data,
|
||||
key->key.keyvalue.length);
|
||||
EVP_DigestFinal_ex(&ctx, sessionkey, NULL);
|
||||
EVP_DigestFinal_ex(ctx, sessionkey, NULL);
|
||||
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
}
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user