Differential D17276 Diff 48455 crypto/heimdal/lib/gssapi/krb5/get_mic.c

Changeset View

Standalone View

crypto/heimdal/lib/gssapi/krb5/get_mic.c

Show First 20 Lines • Show All 44 Lines • ▼ Show 20 Lines	mic_des
gss_buffer_t message_token,		gss_buffer_t message_token,
krb5_keyblock *key		krb5_keyblock *key
)		)
{		{
u_char *p;		u_char *p;
EVP_MD_CTX *md5;		EVP_MD_CTX *md5;
u_char hash[16];		u_char hash[16];
DES_key_schedule schedule;		DES_key_schedule schedule;
EVP_CIPHER_CTX des_ctx;		EVP_CIPHER_CTX *des_ctx;
DES_cblock deskey;		DES_cblock deskey;
DES_cblock zero;		DES_cblock zero;
int32_t seq_number;		int32_t seq_number;
size_t len, total_len;		size_t len, total_len;

_gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);		_gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);

message_token->length = total_len;		message_token->length = total_len;
Show All 29 Lines	mic_des

memset (&zero, 0, sizeof(zero));		memset (&zero, 0, sizeof(zero));
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));		memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
DES_set_key_unchecked (&deskey, &schedule);		DES_set_key_unchecked (&deskey, &schedule);
DES_cbc_cksum ((void )hash, (void )hash, sizeof(hash),		DES_cbc_cksum ((void )hash, (void )hash, sizeof(hash),
&schedule, &zero);		&schedule, &zero);
memcpy (p - 8, hash, 8); /* SGN_CKSUM */		memcpy (p - 8, hash, 8); /* SGN_CKSUM */

		des_ctx = EVP_CIPHER_CTX_new();
		if (des_ctx == NULL) {
		memset (deskey, 0, sizeof(deskey));
		memset (&schedule, 0, sizeof(schedule));
		free (message_token->value);
		message_token->value = NULL;
		message_token->length = 0;
		bjkUnsubmitted Done Inline Actions This is basically inlining _gsskrb5_release_buffer(), but the present path of not introducing a call to that function from a file with no existing references seems like a fine plan. bjk: This is basically inlining _gsskrb5_release_buffer(), but the present path of not introducing a…
		*minor_status = ENOMEM;
		return GSS_S_FAILURE;
		}

HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);		HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
/* sequence number */		/* sequence number */
krb5_auth_con_getlocalseqnumber (context,		krb5_auth_con_getlocalseqnumber (context,
ctx->auth_context,		ctx->auth_context,
&seq_number);		&seq_number);

p -= 16; /* SND_SEQ */		p -= 16; /* SND_SEQ */
p[0] = (seq_number >> 0) & 0xFF;		p[0] = (seq_number >> 0) & 0xFF;
p[1] = (seq_number >> 8) & 0xFF;		p[1] = (seq_number >> 8) & 0xFF;
p[2] = (seq_number >> 16) & 0xFF;		p[2] = (seq_number >> 16) & 0xFF;
p[3] = (seq_number >> 24) & 0xFF;		p[3] = (seq_number >> 24) & 0xFF;
memset (p + 4,		memset (p + 4,
(ctx->more_flags & LOCAL) ? 0 : 0xFF,		(ctx->more_flags & LOCAL) ? 0 : 0xFF,
4);		4);

EVP_CIPHER_CTX_init(&des_ctx);		EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);		EVP_Cipher(des_ctx, p, p, 8);
EVP_Cipher(&des_ctx, p, p, 8);		EVP_CIPHER_CTX_free(des_ctx);
		jhbAuthorUnsubmitted Done Inline Actions This needs to drop the ctx_id_mutex and probably needs to memset 'deskey' and 'schedule' on failure. Some other places I moved the malloc up above the mutex, so I should probably do that here as well. jhb: This needs to drop the ctx_id_mutex and probably needs to memset 'deskey' and 'schedule' on…
EVP_CIPHER_CTX_cleanup(&des_ctx);

krb5_auth_con_setlocalseqnumber (context,		krb5_auth_con_setlocalseqnumber (context,
ctx->auth_context,		ctx->auth_context,
++seq_number);		++seq_number);
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);		HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);

memset (deskey, 0, sizeof(deskey));		memset (deskey, 0, sizeof(deskey));
memset (&schedule, 0, sizeof(schedule));		memset (&schedule, 0, sizeof(schedule));
▲ Show 20 Lines • Show All 204 Lines • Show Last 20 Lines