Don't combine encrypt and decrypt code paths.

Zap key schedule when done.

* des3.c (validate_and_schedule): Split out from old k5_des3_docrypt.
(k5_des3_encrypt, k5_des3_decrypt): Call it, and krb5int_des3_cbc_encrypt or
_decrypt, instead of k5_des3_docrypt.  Zap key schedules before returning.

ticket: 1404
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15710 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 45 insertions, 19 deletions

diff --git a/src/lib/crypto/enc_provider/ChangeLog b/src/lib/crypto/enc_provider/ChangeLog
index 649f204e6e..bd0a5febec 100644
--- a/src/lib/crypto/enc_provider/ChangeLog
+++ b/src/lib/crypto/enc_provider/ChangeLog
@@ -1,3 +1,11 @@
+2003-07-22  Ken Raeburn  <raeburn@mit.edu>
+
+	* des3.c (validate_and_schedule): Split out from old
+	k5_des3_docrypt.
+	(k5_des3_encrypt, k5_des3_decrypt): Call it, and
+	krb5int_des3_cbc_encrypt or _decrypt, instead of
+	k5_des3_docrypt.  Zap key schedules before returning.
+
 2003-07-17  Ken Raeburn  <raeburn@mit.edu>
 
 	* Makefile.in (LIBNAME) [##WIN16##]: Don't define.
diff --git a/src/lib/crypto/enc_provider/des3.c b/src/lib/crypto/enc_provider/des3.c
index 91579c6ab7..54fbb69afc 100644
--- a/src/lib/crypto/enc_provider/des3.c
+++ b/src/lib/crypto/enc_provider/des3.c
@@ -43,11 +43,10 @@ k5_des3_keysize(size_t *keybytes, size_t *keylength)
 }
 
 static krb5_error_code
-k5_des3_docrypt(const krb5_keyblock *key, const krb5_data *ivec,
-		const krb5_data *input, krb5_data *output, int enc)
+validate_and_schedule(const krb5_keyblock *key, const krb5_data *ivec,
+		      const krb5_data *input, const krb5_data *output,
+		      mit_des3_key_schedule *schedule)
 {
-    mit_des3_key_schedule schedule;
-
     /* key->enctype was checked by the caller */
 
     if (key->length != 24)
@@ -60,38 +59,57 @@ k5_des3_docrypt(const krb5_keyblock *key, const krb5_data *ivec,
 	return(KRB5_BAD_MSIZE);
 
     switch (mit_des3_key_sched(*(mit_des3_cblock *)key->contents,
-				     schedule)) {
+			       *schedule)) {
     case -1:
 	return(KRB5DES_BAD_KEYPAR);
     case -2:
 	return(KRB5DES_WEAK_KEY);
     }
-
-    /* this has a return value, but the code always returns zero */
-
-    mit_des3_cbc_encrypt((krb5_pointer) input->data,
-			 (krb5_pointer) output->data, input->length,
-			 schedule[0], schedule[1], schedule[2],
-			 ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock,
-			 enc);
-
-    memset(schedule, 0, sizeof(schedule));
-
-    return(0);
+    return 0;
 }
 
 static krb5_error_code
 k5_des3_encrypt(const krb5_keyblock *key, const krb5_data *ivec,
 		const krb5_data *input, krb5_data *output)
 {
-    return(k5_des3_docrypt(key, ivec, input, output, 1));
+    mit_des3_key_schedule schedule;
+    krb5_error_code err;
+
+    err = validate_and_schedule(key, ivec, input, output, &schedule);
+    if (err)
+	return err;
+
+    /* this has a return value, but the code always returns zero */
+    krb5int_des3_cbc_encrypt((krb5_pointer) input->data,
+			     (krb5_pointer) output->data, input->length,
+			     schedule[0], schedule[1], schedule[2],
+			     ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock);
+
+    zap(schedule, sizeof(schedule));
+
+    return(0);
 }
 
 static krb5_error_code
 k5_des3_decrypt(const krb5_keyblock *key, const krb5_data *ivec,
 		const krb5_data *input, krb5_data *output)
 {
-    return(k5_des3_docrypt(key, ivec, input, output, 0));
+    mit_des3_key_schedule schedule;
+    krb5_error_code err;
+
+    err = validate_and_schedule(key, ivec, input, output, &schedule);
+    if (err)
+	return err;
+
+    /* this has a return value, but the code always returns zero */
+    krb5int_des3_cbc_decrypt((krb5_pointer) input->data,
+			     (krb5_pointer) output->data, input->length,
+			     schedule[0], schedule[1], schedule[2],
+			     ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock);
+
+    zap(schedule, sizeof(schedule));
+
+    return(0);
 }
 
 static krb5_error_code