diff options
| author | Sam Hartman <hartmans@mit.edu> | 2009-01-03 23:19:42 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2009-01-03 23:19:42 +0000 |
| commit | 0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d (patch) | |
| tree | 2049c9c2cb135fe36b14c0a171711259258d18ec /src/lib/crypto/arcfour | |
| parent | ff0a6514c9f4230938c29922d69cbd4e83691adf (diff) | |
| download | krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.tar.gz krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.tar.xz krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.zip | |
Merge mskrb-integ onto trunk
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/arcfour')
| -rw-r--r-- | src/lib/crypto/arcfour/Makefile.in | 9 | ||||
| -rw-r--r-- | src/lib/crypto/arcfour/arcfour_aead.c | 4 | ||||
| -rw-r--r-- | src/lib/crypto/arcfour/arcfour_s2k.c | 67 |
3 files changed, 15 insertions, 65 deletions
diff --git a/src/lib/crypto/arcfour/Makefile.in b/src/lib/crypto/arcfour/Makefile.in index e73521aba..b82369f32 100644 --- a/src/lib/crypto/arcfour/Makefile.in +++ b/src/lib/crypto/arcfour/Makefile.in @@ -74,7 +74,8 @@ arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \ $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../md4/rsa-md4.h \ - arcfour-int.h arcfour.h arcfour_s2k.c + $(SRCTOP)/include/k5-utf8.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../md4/rsa-md4.h arcfour-int.h arcfour.h \ + arcfour_s2k.c diff --git a/src/lib/crypto/arcfour/arcfour_aead.c b/src/lib/crypto/arcfour/arcfour_aead.c index af4852423..025118ed7 100644 --- a/src/lib/crypto/arcfour/arcfour_aead.c +++ b/src/lib/crypto/arcfour/arcfour_aead.c @@ -176,7 +176,7 @@ krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead, header->data.length -= hash->hashsize; header->data.data += hash->hashsize; - ret = krb5_hmac_iov(hash, &k2, data, num_data, &checksum); + ret = krb5int_hmac_iov(hash, &k2, data, num_data, &checksum); if (ret != 0) goto cleanup; @@ -289,7 +289,7 @@ krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead, if (ret != 0) goto cleanup; - ret = krb5_hmac_iov(hash, &k2, data, num_data, &d1); + ret = krb5int_hmac_iov(hash, &k2, data, num_data, &d1); if (ret != 0) goto cleanup; diff --git a/src/lib/crypto/arcfour/arcfour_s2k.c b/src/lib/crypto/arcfour/arcfour_s2k.c index 75bdd2a09..41053ed17 100644 --- a/src/lib/crypto/arcfour/arcfour_s2k.c +++ b/src/lib/crypto/arcfour/arcfour_s2k.c @@ -1,4 +1,5 @@ #include "k5-int.h" +#include "k5-utf8.h" #include "rsa-md4.h" #include "arcfour-int.h" @@ -6,58 +7,15 @@ #include <CoreFoundation/CFString.h> #endif -static krb5_error_code -utf8to16(unsigned char *utf16_buf, const char *utf8_str, size_t *len) -{ - krb5_error_code err = 0; - -#if TARGET_OS_MAC && !defined(DEPEND) - CFStringRef string = NULL; - CFIndex length = *len; - - string = CFStringCreateWithCString (kCFAllocatorDefault, - utf8_str, kCFStringEncodingUTF8); - if (!string) { err = ENOMEM; } - - if (!err) { - CFIndex copied = 0; - CFRange range = CFRangeMake (0, CFStringGetLength (string)); - - copied = CFStringGetBytes (string, range, kCFStringEncodingUTF16LE, - 0, false, utf16_buf, length, &length); - if (copied != range.length) { err = ENOMEM; } - } - - if (!err) { - *len = length; - } - - if (string) { CFRelease (string); } - -#else - /* - * This should be re-evaluated in the future, it makes the assumption that - * the user's password is in ascii, not utf-8. Use iconv? - */ - size_t counter; - for (counter=0;counter<*len;counter++) { - utf16_buf[2*counter]=utf8_str[counter]; - utf16_buf[2*counter + 1]=0x00; - } -#endif - - return err; -} - krb5_error_code krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, const krb5_data *string, const krb5_data *salt, const krb5_data *params, krb5_keyblock *key) { krb5_error_code err = 0; - size_t len; - unsigned char *copystr; krb5_MD4_CTX md4_context; + unsigned char *copystr; + size_t copystrlen; if (params != NULL) return KRB5_ERR_BAD_S2K_PARAMS; @@ -71,22 +29,14 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, Since the password must be stored in unicode, we need to increase that number by 2x. */ - if (string->length > (SIZE_MAX/2)) - return (KRB5_BAD_MSIZE); - len= string->length * 2; - - copystr = malloc(len); - if (copystr == NULL) - return ENOMEM; - - /* make the string. start by creating the unicode version of the password*/ - err = utf8to16(copystr, string->data, &len); - if (err) goto cleanup; + err = krb5int_utf8cs_to_ucs2les(string->data, string->length, ©str, ©strlen); + if (err) + return err; /* the actual MD4 hash of the data */ krb5_MD4Init(&md4_context); - krb5_MD4Update(&md4_context, (unsigned char *)copystr, len); + krb5_MD4Update(&md4_context, copystr, copystrlen); krb5_MD4Final(&md4_context); memcpy(key->contents, md4_context.digest, 16); @@ -101,9 +51,8 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, } #endif /* 0 */ -cleanup: /* Zero out the data behind us */ - memset (copystr, 0, len); + memset(copystr, 0, copystrlen); memset(&md4_context, 0, sizeof(md4_context)); free(copystr); return err; |