diff options
| -rw-r--r-- | src/lib/crypto/enc_provider/ChangeLog | 8 | ||||
| -rw-r--r-- | src/lib/crypto/enc_provider/des3.c | 56 |
2 files changed, 45 insertions, 19 deletions
diff --git a/src/lib/crypto/enc_provider/ChangeLog b/src/lib/crypto/enc_provider/ChangeLog index 649f204e6e..bd0a5febec 100644 --- a/src/lib/crypto/enc_provider/ChangeLog +++ b/src/lib/crypto/enc_provider/ChangeLog @@ -1,3 +1,11 @@ +2003-07-22 Ken Raeburn <raeburn@mit.edu> + + * des3.c (validate_and_schedule): Split out from old + k5_des3_docrypt. + (k5_des3_encrypt, k5_des3_decrypt): Call it, and + krb5int_des3_cbc_encrypt or _decrypt, instead of + k5_des3_docrypt. Zap key schedules before returning. + 2003-07-17 Ken Raeburn <raeburn@mit.edu> * Makefile.in (LIBNAME) [##WIN16##]: Don't define. diff --git a/src/lib/crypto/enc_provider/des3.c b/src/lib/crypto/enc_provider/des3.c index 91579c6ab7..54fbb69afc 100644 --- a/src/lib/crypto/enc_provider/des3.c +++ b/src/lib/crypto/enc_provider/des3.c @@ -43,11 +43,10 @@ k5_des3_keysize(size_t *keybytes, size_t *keylength) } static krb5_error_code -k5_des3_docrypt(const krb5_keyblock *key, const krb5_data *ivec, - const krb5_data *input, krb5_data *output, int enc) +validate_and_schedule(const krb5_keyblock *key, const krb5_data *ivec, + const krb5_data *input, const krb5_data *output, + mit_des3_key_schedule *schedule) { - mit_des3_key_schedule schedule; - /* key->enctype was checked by the caller */ if (key->length != 24) @@ -60,38 +59,57 @@ k5_des3_docrypt(const krb5_keyblock *key, const krb5_data *ivec, return(KRB5_BAD_MSIZE); switch (mit_des3_key_sched(*(mit_des3_cblock *)key->contents, - schedule)) { + *schedule)) { case -1: return(KRB5DES_BAD_KEYPAR); case -2: return(KRB5DES_WEAK_KEY); } - - /* this has a return value, but the code always returns zero */ - - mit_des3_cbc_encrypt((krb5_pointer) input->data, - (krb5_pointer) output->data, input->length, - schedule[0], schedule[1], schedule[2], - ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock, - enc); - - memset(schedule, 0, sizeof(schedule)); - - return(0); + return 0; } static krb5_error_code k5_des3_encrypt(const krb5_keyblock *key, const krb5_data *ivec, const krb5_data *input, krb5_data *output) { - return(k5_des3_docrypt(key, ivec, input, output, 1)); + mit_des3_key_schedule schedule; + krb5_error_code err; + + err = validate_and_schedule(key, ivec, input, output, &schedule); + if (err) + return err; + + /* this has a return value, but the code always returns zero */ + krb5int_des3_cbc_encrypt((krb5_pointer) input->data, + (krb5_pointer) output->data, input->length, + schedule[0], schedule[1], schedule[2], + ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock); + + zap(schedule, sizeof(schedule)); + + return(0); } static krb5_error_code k5_des3_decrypt(const krb5_keyblock *key, const krb5_data *ivec, const krb5_data *input, krb5_data *output) { - return(k5_des3_docrypt(key, ivec, input, output, 0)); + mit_des3_key_schedule schedule; + krb5_error_code err; + + err = validate_and_schedule(key, ivec, input, output, &schedule); + if (err) + return err; + + /* this has a return value, but the code always returns zero */ + krb5int_des3_cbc_decrypt((krb5_pointer) input->data, + (krb5_pointer) output->data, input->length, + schedule[0], schedule[1], schedule[2], + ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock); + + zap(schedule, sizeof(schedule)); + + return(0); } static krb5_error_code |