Changeset View
Changeset View
Standalone View
Standalone View
crypto/heimdal/lib/gssapi/krb5/wrap.c
| Show First 20 Lines • Show All 205 Lines • ▼ Show 20 Lines | wrap_des | ||||
| gss_buffer_t output_message_buffer, | gss_buffer_t output_message_buffer, | ||||
| krb5_keyblock *key | krb5_keyblock *key | ||||
| ) | ) | ||||
| { | { | ||||
| u_char *p; | u_char *p; | ||||
| EVP_MD_CTX *md5; | EVP_MD_CTX *md5; | ||||
| u_char hash[16]; | u_char hash[16]; | ||||
| DES_key_schedule schedule; | DES_key_schedule schedule; | ||||
| EVP_CIPHER_CTX des_ctx; | EVP_CIPHER_CTX *des_ctx; | ||||
| DES_cblock deskey; | DES_cblock deskey; | ||||
| DES_cblock zero; | DES_cblock zero; | ||||
| size_t i; | size_t i; | ||||
| int32_t seq_number; | int32_t seq_number; | ||||
| size_t len, total_len, padlength, datalen; | size_t len, total_len, padlength, datalen; | ||||
| if (IS_DCE_STYLE(ctx)) { | if (IS_DCE_STYLE(ctx)) { | ||||
| padlength = 0; | padlength = 0; | ||||
| ▲ Show 20 Lines • Show All 55 Lines • ▼ Show 20 Lines | wrap_des | ||||
| memset (&zero, 0, sizeof(zero)); | memset (&zero, 0, sizeof(zero)); | ||||
| memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); | memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); | ||||
| DES_set_key_unchecked (&deskey, &schedule); | DES_set_key_unchecked (&deskey, &schedule); | ||||
| DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), | DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), | ||||
| &schedule, &zero); | &schedule, &zero); | ||||
| memcpy (p - 8, hash, 8); | memcpy (p - 8, hash, 8); | ||||
| des_ctx = EVP_CIPHER_CTX_new(); | |||||
| if (des_ctx == NULL) { | |||||
| memset (deskey, 0, sizeof(deskey)); | |||||
| memset (&schedule, 0, sizeof(schedule)); | |||||
| free(output_message_buffer->value); | |||||
| output_message_buffer->value = NULL; | |||||
| output_message_buffer->length = 0; | |||||
| *minor_status = ENOMEM; | |||||
| return GSS_S_FAILURE; | |||||
| } | |||||
| /* sequence number */ | /* sequence number */ | ||||
| HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); | HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); | ||||
| krb5_auth_con_getlocalseqnumber (context, | krb5_auth_con_getlocalseqnumber (context, | ||||
| ctx->auth_context, | ctx->auth_context, | ||||
| &seq_number); | &seq_number); | ||||
| p -= 16; | p -= 16; | ||||
| p[0] = (seq_number >> 0) & 0xFF; | p[0] = (seq_number >> 0) & 0xFF; | ||||
| p[1] = (seq_number >> 8) & 0xFF; | p[1] = (seq_number >> 8) & 0xFF; | ||||
| p[2] = (seq_number >> 16) & 0xFF; | p[2] = (seq_number >> 16) & 0xFF; | ||||
| p[3] = (seq_number >> 24) & 0xFF; | p[3] = (seq_number >> 24) & 0xFF; | ||||
| memset (p + 4, | memset (p + 4, | ||||
| (ctx->more_flags & LOCAL) ? 0 : 0xFF, | (ctx->more_flags & LOCAL) ? 0 : 0xFF, | ||||
| 4); | 4); | ||||
| EVP_CIPHER_CTX_init(&des_ctx); | EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); | ||||
| EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); | EVP_Cipher(des_ctx, p, p, 8); | ||||
| EVP_Cipher(&des_ctx, p, p, 8); | |||||
| EVP_CIPHER_CTX_cleanup(&des_ctx); | |||||
| krb5_auth_con_setlocalseqnumber (context, | krb5_auth_con_setlocalseqnumber (context, | ||||
| ctx->auth_context, | ctx->auth_context, | ||||
| ++seq_number); | ++seq_number); | ||||
| HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); | HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); | ||||
| /* encrypt the data */ | /* encrypt the data */ | ||||
| p += 16; | p += 16; | ||||
| if(conf_req_flag) { | if(conf_req_flag) { | ||||
| memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); | memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); | ||||
| for (i = 0; i < sizeof(deskey); ++i) | for (i = 0; i < sizeof(deskey); ++i) | ||||
| deskey[i] ^= 0xf0; | deskey[i] ^= 0xf0; | ||||
| EVP_CIPHER_CTX_init(&des_ctx); | EVP_CIPHER_CTX_reset(des_ctx); | ||||
| EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1); | EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1); | ||||
| EVP_Cipher(&des_ctx, p, p, datalen); | EVP_Cipher(des_ctx, p, p, datalen); | ||||
jhb: Here I chose to reuse the previously-allocated context to reduce the amount of error handling. | |||||
| EVP_CIPHER_CTX_cleanup(&des_ctx); | |||||
| } | } | ||||
| EVP_CIPHER_CTX_free(des_ctx); | |||||
| memset (deskey, 0, sizeof(deskey)); | memset (deskey, 0, sizeof(deskey)); | ||||
| memset (&schedule, 0, sizeof(schedule)); | memset (&schedule, 0, sizeof(schedule)); | ||||
| if(conf_state != NULL) | if(conf_state != NULL) | ||||
| *conf_state = conf_req_flag; | *conf_state = conf_req_flag; | ||||
| *minor_status = 0; | *minor_status = 0; | ||||
| return GSS_S_COMPLETE; | return GSS_S_COMPLETE; | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 258 Lines • Show Last 20 Lines | |||||
Here I chose to reuse the previously-allocated context to reduce the amount of error handling.