Changeset View
Changeset View
Standalone View
Standalone View
crypto/heimdal/lib/gssapi/krb5/wrap.c
Show First 20 Lines • Show All 205 Lines • ▼ Show 20 Lines | wrap_des | ||||
gss_buffer_t output_message_buffer, | gss_buffer_t output_message_buffer, | ||||
krb5_keyblock *key | krb5_keyblock *key | ||||
) | ) | ||||
{ | { | ||||
u_char *p; | u_char *p; | ||||
EVP_MD_CTX *md5; | EVP_MD_CTX *md5; | ||||
u_char hash[16]; | u_char hash[16]; | ||||
DES_key_schedule schedule; | DES_key_schedule schedule; | ||||
EVP_CIPHER_CTX des_ctx; | EVP_CIPHER_CTX *des_ctx; | ||||
DES_cblock deskey; | DES_cblock deskey; | ||||
DES_cblock zero; | DES_cblock zero; | ||||
size_t i; | size_t i; | ||||
int32_t seq_number; | int32_t seq_number; | ||||
size_t len, total_len, padlength, datalen; | size_t len, total_len, padlength, datalen; | ||||
if (IS_DCE_STYLE(ctx)) { | if (IS_DCE_STYLE(ctx)) { | ||||
padlength = 0; | padlength = 0; | ||||
▲ Show 20 Lines • Show All 55 Lines • ▼ Show 20 Lines | wrap_des | ||||
memset (&zero, 0, sizeof(zero)); | memset (&zero, 0, sizeof(zero)); | ||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); | memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); | ||||
DES_set_key_unchecked (&deskey, &schedule); | DES_set_key_unchecked (&deskey, &schedule); | ||||
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), | DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), | ||||
&schedule, &zero); | &schedule, &zero); | ||||
memcpy (p - 8, hash, 8); | memcpy (p - 8, hash, 8); | ||||
des_ctx = EVP_CIPHER_CTX_new(); | |||||
if (des_ctx == NULL) { | |||||
memset (deskey, 0, sizeof(deskey)); | |||||
memset (&schedule, 0, sizeof(schedule)); | |||||
free(output_message_buffer->value); | |||||
output_message_buffer->value = NULL; | |||||
output_message_buffer->length = 0; | |||||
*minor_status = ENOMEM; | |||||
return GSS_S_FAILURE; | |||||
} | |||||
/* sequence number */ | /* sequence number */ | ||||
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); | HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); | ||||
krb5_auth_con_getlocalseqnumber (context, | krb5_auth_con_getlocalseqnumber (context, | ||||
ctx->auth_context, | ctx->auth_context, | ||||
&seq_number); | &seq_number); | ||||
p -= 16; | p -= 16; | ||||
p[0] = (seq_number >> 0) & 0xFF; | p[0] = (seq_number >> 0) & 0xFF; | ||||
p[1] = (seq_number >> 8) & 0xFF; | p[1] = (seq_number >> 8) & 0xFF; | ||||
p[2] = (seq_number >> 16) & 0xFF; | p[2] = (seq_number >> 16) & 0xFF; | ||||
p[3] = (seq_number >> 24) & 0xFF; | p[3] = (seq_number >> 24) & 0xFF; | ||||
memset (p + 4, | memset (p + 4, | ||||
(ctx->more_flags & LOCAL) ? 0 : 0xFF, | (ctx->more_flags & LOCAL) ? 0 : 0xFF, | ||||
4); | 4); | ||||
EVP_CIPHER_CTX_init(&des_ctx); | EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); | ||||
EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); | EVP_Cipher(des_ctx, p, p, 8); | ||||
EVP_Cipher(&des_ctx, p, p, 8); | |||||
EVP_CIPHER_CTX_cleanup(&des_ctx); | |||||
krb5_auth_con_setlocalseqnumber (context, | krb5_auth_con_setlocalseqnumber (context, | ||||
ctx->auth_context, | ctx->auth_context, | ||||
++seq_number); | ++seq_number); | ||||
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); | HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); | ||||
/* encrypt the data */ | /* encrypt the data */ | ||||
p += 16; | p += 16; | ||||
if(conf_req_flag) { | if(conf_req_flag) { | ||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); | memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); | ||||
for (i = 0; i < sizeof(deskey); ++i) | for (i = 0; i < sizeof(deskey); ++i) | ||||
deskey[i] ^= 0xf0; | deskey[i] ^= 0xf0; | ||||
EVP_CIPHER_CTX_init(&des_ctx); | EVP_CIPHER_CTX_reset(des_ctx); | ||||
EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1); | EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1); | ||||
EVP_Cipher(&des_ctx, p, p, datalen); | EVP_Cipher(des_ctx, p, p, datalen); | ||||
jhb: Here I chose to reuse the previously-allocated context to reduce the amount of error handling. | |||||
EVP_CIPHER_CTX_cleanup(&des_ctx); | |||||
} | } | ||||
EVP_CIPHER_CTX_free(des_ctx); | |||||
memset (deskey, 0, sizeof(deskey)); | memset (deskey, 0, sizeof(deskey)); | ||||
memset (&schedule, 0, sizeof(schedule)); | memset (&schedule, 0, sizeof(schedule)); | ||||
if(conf_state != NULL) | if(conf_state != NULL) | ||||
*conf_state = conf_req_flag; | *conf_state = conf_req_flag; | ||||
*minor_status = 0; | *minor_status = 0; | ||||
return GSS_S_COMPLETE; | return GSS_S_COMPLETE; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 258 Lines • Show Last 20 Lines |
Here I chose to reuse the previously-allocated context to reduce the amount of error handling.