summaryrefslogtreecommitdiffstats
path: root/src/lib/crypto/openssl/enc_provider
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2013-05-06 00:43:27 -0400
committerGreg Hudson <ghudson@mit.edu>2013-05-24 14:15:03 -0400
commit3b142e5746e7db1939a9cf8095faecfed6222054 (patch)
treeef9496f0e47a52e58a88b7f0aac8e3cc77fcf797 /src/lib/crypto/openssl/enc_provider
parent48c9a082940373b82d4b8e3c338e9eb9d0d3c3f2 (diff)
downloadkrb5-3b142e5746e7db1939a9cf8095faecfed6222054.tar.gz
krb5-3b142e5746e7db1939a9cf8095faecfed6222054.tar.xz
krb5-3b142e5746e7db1939a9cf8095faecfed6222054.zip
Simplify crypto IOV helpers
Expand the concept of an IOV block state into a cursor which remembers the IOV set being iterated over, the block size, and both input and output positions. Eliminate the no-copy inline block getter for now, but provide helpers to grab contiguous chains of blocks from a cursor. Also provide an inline helper to sum the total length of an iov chain.
Diffstat (limited to 'src/lib/crypto/openssl/enc_provider')
-rw-r--r--src/lib/crypto/openssl/enc_provider/aes.c77
-rw-r--r--src/lib/crypto/openssl/enc_provider/camellia.c93
-rw-r--r--src/lib/crypto/openssl/enc_provider/des.c54
-rw-r--r--src/lib/crypto/openssl/enc_provider/des3.c42
4 files changed, 77 insertions, 189 deletions
diff --git a/src/lib/crypto/openssl/enc_provider/aes.c b/src/lib/crypto/openssl/enc_provider/aes.c
index ced93f742..8afa1a757 100644
--- a/src/lib/crypto/openssl/enc_provider/aes.c
+++ b/src/lib/crypto/openssl/enc_provider/aes.c
@@ -66,7 +66,7 @@ cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
int ret, olen = BLOCK_SIZE;
unsigned char iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
EVP_CIPHER_CTX ciph_ctx;
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
EVP_CIPHER_CTX_init(&ciph_ctx);
ret = EVP_EncryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length),
@@ -74,15 +74,12 @@ cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
if (ret == 0)
return KRB5_CRYPTO_INTERNAL;
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
- krb5int_c_iov_get_block(iblock, BLOCK_SIZE, data, num_data, &input_pos);
+ k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
+ k5_iov_cursor_get(&cursor, iblock);
EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &olen, iblock, BLOCK_SIZE);
- if (ret == 1) {
- krb5int_c_iov_put_block(data, num_data, oblock, BLOCK_SIZE,
- &output_pos);
- }
+ if (ret == 1)
+ k5_iov_cursor_put(&cursor, oblock);
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
zap(iblock, BLOCK_SIZE);
@@ -98,7 +95,7 @@ cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
int ret = 0, olen = BLOCK_SIZE;
unsigned char iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
EVP_CIPHER_CTX ciph_ctx;
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
EVP_CIPHER_CTX_init(&ciph_ctx);
ret = EVP_DecryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length),
@@ -106,15 +103,12 @@ cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
if (ret == 0)
return KRB5_CRYPTO_INTERNAL;
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
- krb5int_c_iov_get_block(iblock, BLOCK_SIZE, data, num_data, &input_pos);
+ k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
+ k5_iov_cursor_get(&cursor, iblock);
EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &olen, iblock, BLOCK_SIZE);
- if (ret == 1) {
- krb5int_c_iov_put_block(data, num_data, oblock, BLOCK_SIZE,
- &output_pos);
- }
+ if (ret == 1)
+ k5_iov_cursor_put(&cursor, oblock);
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
zap(iblock, BLOCK_SIZE);
@@ -130,7 +124,7 @@ cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
size_t size = 0;
unsigned char *oblock = NULL, *dbuf = NULL;
unsigned char iv_cts[IV_CTS_BUF_SIZE];
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
AES_KEY enck;
memset(iv_cts,0,sizeof(iv_cts));
@@ -150,22 +144,18 @@ cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
return ENOMEM;
}
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
-
- krb5int_c_iov_get_block(dbuf, dlen, data, num_data, &input_pos);
+ k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+ k5_iov_cursor_get(&cursor, dbuf);
AES_set_encrypt_key(key->keyblock.contents,
NUM_BITS * key->keyblock.length, &enck);
size = CRYPTO_cts128_encrypt((unsigned char *)dbuf, oblock, dlen, &enck,
iv_cts, (cbc128_f)AES_cbc_encrypt);
- if (size <= 0) {
+ if (size <= 0)
ret = KRB5_CRYPTO_INTERNAL;
- } else {
- krb5int_c_iov_put_block(data, num_data,
- oblock, dlen, &output_pos);
- }
+ else
+ k5_iov_cursor_put(&cursor, oblock);
if (!ret && ivec && ivec->data)
memcpy(ivec->data, iv_cts, sizeof(iv_cts));
@@ -187,7 +177,7 @@ cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
unsigned char *oblock = NULL;
unsigned char *dbuf = NULL;
unsigned char iv_cts[IV_CTS_BUF_SIZE];
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
AES_KEY deck;
memset(iv_cts,0,sizeof(iv_cts));
@@ -197,9 +187,6 @@ cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
memcpy(iv_cts, ivec->data,ivec->length);
}
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
-
oblock = OPENSSL_malloc(dlen);
if (!oblock)
return ENOMEM;
@@ -212,16 +199,16 @@ cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
AES_set_decrypt_key(key->keyblock.contents,
NUM_BITS * key->keyblock.length, &deck);
- krb5int_c_iov_get_block(dbuf, dlen, data, num_data, &input_pos);
+ k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+ k5_iov_cursor_get(&cursor, dbuf);
size = CRYPTO_cts128_decrypt((unsigned char *)dbuf, oblock,
dlen, &deck,
iv_cts, (cbc128_f)AES_cbc_encrypt);
if (size <= 0)
ret = KRB5_CRYPTO_INTERNAL;
- else {
- krb5int_c_iov_put_block(data, num_data, oblock, dlen, &output_pos);
- }
+ else
+ k5_iov_cursor_put(&cursor, oblock);
if (!ret && ivec && ivec->data)
memcpy(ivec->data, iv_cts, sizeof(iv_cts));
@@ -239,16 +226,9 @@ krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
int ret = 0;
- int nblocks = 0;
- size_t input_length, i;
-
- for (i = 0, input_length = 0; i < num_data; i++){
- krb5_crypto_iov *iov = &data[i];
-
- if (ENCRYPT_IOV(iov))
- input_length += iov->data.length;
- }
+ size_t input_length, nblocks;
+ input_length = iov_total_length(data, num_data, FALSE);
nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
if (nblocks == 1) {
if (input_length != BLOCK_SIZE)
@@ -266,16 +246,9 @@ krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
int ret = 0;
- int nblocks = 0;
- size_t input_length, i;
-
- for (i = 0, input_length = 0; i < num_data; i++) {
- krb5_crypto_iov *iov = &data[i];
-
- if (ENCRYPT_IOV(iov))
- input_length += iov->data.length;
- }
+ size_t input_length, nblocks;
+ input_length = iov_total_length(data, num_data, FALSE);
nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
if (nblocks == 1) {
if (input_length != BLOCK_SIZE)
diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c
index 2173db6a8..3ac3fd999 100644
--- a/src/lib/crypto/openssl/enc_provider/camellia.c
+++ b/src/lib/crypto/openssl/enc_provider/camellia.c
@@ -90,7 +90,7 @@ cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
int ret, olen = BLOCK_SIZE;
unsigned char iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
EVP_CIPHER_CTX ciph_ctx;
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
EVP_CIPHER_CTX_init(&ciph_ctx);
ret = EVP_EncryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length),
@@ -98,15 +98,12 @@ cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
if (ret == 0)
return KRB5_CRYPTO_INTERNAL;
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
- krb5int_c_iov_get_block(iblock, BLOCK_SIZE, data, num_data, &input_pos);
+ k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
+ k5_iov_cursor_get(&cursor, iblock);
EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &olen, iblock, BLOCK_SIZE);
- if (ret == 1) {
- krb5int_c_iov_put_block(data, num_data, oblock, BLOCK_SIZE,
- &output_pos);
- }
+ if (ret == 1)
+ k5_iov_cursor_put(&cursor, oblock);
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
zap(iblock, BLOCK_SIZE);
@@ -122,7 +119,7 @@ cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
int ret = 0, olen = BLOCK_SIZE;
unsigned char iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
EVP_CIPHER_CTX ciph_ctx;
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
EVP_CIPHER_CTX_init(&ciph_ctx);
ret = EVP_DecryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length),
@@ -130,15 +127,12 @@ cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
if (ret == 0)
return KRB5_CRYPTO_INTERNAL;
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
- krb5int_c_iov_get_block(iblock, BLOCK_SIZE, data, num_data, &input_pos);
+ k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
+ k5_iov_cursor_get(&cursor, iblock);
EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &olen, iblock, BLOCK_SIZE);
- if (ret == 1) {
- krb5int_c_iov_put_block(data, num_data, oblock, BLOCK_SIZE,
- &output_pos);
- }
+ if (ret == 1)
+ k5_iov_cursor_put(&cursor, oblock);
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
zap(iblock, BLOCK_SIZE);
@@ -154,7 +148,7 @@ cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
size_t size = 0;
unsigned char *oblock = NULL, *dbuf = NULL;
unsigned char iv_cts[IV_CTS_BUF_SIZE];
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
CAMELLIA_KEY enck;
memset(iv_cts,0,sizeof(iv_cts));
@@ -174,22 +168,18 @@ cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
return ENOMEM;
}
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
-
- krb5int_c_iov_get_block(dbuf, dlen, data, num_data, &input_pos);
+ k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+ k5_iov_cursor_get(&cursor, dbuf);
Camellia_set_key(key->keyblock.contents, NUM_BITS * key->keyblock.length,
&enck);
size = CRYPTO_cts128_encrypt((unsigned char *)dbuf, oblock, dlen, &enck,
iv_cts, (cbc128_f)Camellia_cbc_encrypt);
- if (size <= 0) {
+ if (size <= 0)
ret = KRB5_CRYPTO_INTERNAL;
- } else {
- krb5int_c_iov_put_block(data, num_data,
- oblock, dlen, &output_pos);
- }
+ else
+ k5_iov_cursor_put(&cursor, oblock);
if (!ret && ivec && ivec->data)
memcpy(ivec->data, iv_cts, sizeof(iv_cts));
@@ -211,7 +201,7 @@ cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
unsigned char *oblock = NULL;
unsigned char *dbuf = NULL;
unsigned char iv_cts[IV_CTS_BUF_SIZE];
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
CAMELLIA_KEY deck;
memset(iv_cts,0,sizeof(iv_cts));
@@ -221,9 +211,6 @@ cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
memcpy(iv_cts, ivec->data,ivec->length);
}
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
-
oblock = OPENSSL_malloc(dlen);
if (!oblock)
return ENOMEM;
@@ -236,16 +223,16 @@ cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
Camellia_set_key(key->keyblock.contents, NUM_BITS * key->keyblock.length,
&deck);
- krb5int_c_iov_get_block(dbuf, dlen, data, num_data, &input_pos);
+ k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+ k5_iov_cursor_get(&cursor, dbuf);
size = CRYPTO_cts128_decrypt((unsigned char *)dbuf, oblock,
dlen, &deck,
iv_cts, (cbc128_f)Camellia_cbc_encrypt);
if (size <= 0)
ret = KRB5_CRYPTO_INTERNAL;
- else {
- krb5int_c_iov_put_block(data, num_data, oblock, dlen, &output_pos);
- }
+ else
+ k5_iov_cursor_put(&cursor, oblock);
if (!ret && ivec && ivec->data)
memcpy(ivec->data, iv_cts, sizeof(iv_cts));
@@ -263,16 +250,9 @@ krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
int ret = 0;
- int nblocks = 0;
- size_t input_length, i;
-
- for (i = 0, input_length = 0; i < num_data; i++){
- krb5_crypto_iov *iov = &data[i];
-
- if (ENCRYPT_IOV(iov))
- input_length += iov->data.length;
- }
+ size_t input_length, nblocks;
+ input_length = iov_total_length(data, num_data, FALSE);
nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
if (nblocks == 1) {
if (input_length != BLOCK_SIZE)
@@ -290,16 +270,9 @@ krb5int_camellia_decrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
int ret = 0;
- int nblocks = 0;
- size_t input_length, i;
-
- for (i = 0, input_length = 0; i < num_data; i++) {
- krb5_crypto_iov *iov = &data[i];
-
- if (ENCRYPT_IOV(iov))
- input_length += iov->data.length;
- }
+ size_t input_length, nblocks;
+ input_length = iov_total_length(data, num_data, FALSE);
nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
if (nblocks == 1) {
if (input_length != BLOCK_SIZE)
@@ -318,8 +291,8 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
krb5_data *output)
{
CAMELLIA_KEY enck;
- unsigned char blockY[CAMELLIA_BLOCK_SIZE];
- struct iov_block_state iov_state;
+ unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE];
+ struct iov_cursor cursor;
if (output->length < CAMELLIA_BLOCK_SIZE)
return KRB5_BAD_MSIZE;
@@ -332,17 +305,9 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
else
memset(blockY, 0, CAMELLIA_BLOCK_SIZE);
- IOV_BLOCK_STATE_INIT(&iov_state);
-
- for (;;) {
- unsigned char blockB[CAMELLIA_BLOCK_SIZE];
-
- if (!krb5int_c_iov_get_block(blockB, CAMELLIA_BLOCK_SIZE, data,
- num_data, &iov_state))
- break;
-
+ k5_iov_cursor_init(&cursor, data, num_data, CAMELLIA_BLOCK_SIZE, FALSE);
+ while (k5_iov_cursor_get(&cursor, blockB)) {
xorblock(blockB, blockY);
-
Camellia_ecb_encrypt(blockB, blockY, &enck, 1);
}
diff --git a/src/lib/crypto/openssl/enc_provider/des.c b/src/lib/crypto/openssl/enc_provider/des.c
index 644e26633..1db5ef0f4 100644
--- a/src/lib/crypto/openssl/enc_provider/des.c
+++ b/src/lib/crypto/openssl/enc_provider/des.c
@@ -62,13 +62,7 @@ static krb5_error_code
validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data,
size_t num_data, krb5_boolean *empty)
{
- size_t i, input_length;
-
- for (i = 0, input_length = 0; i < num_data; i++) {
- const krb5_crypto_iov *iov = &data[i];
- if (ENCRYPT_IOV(iov))
- input_length += iov->data.length;
- }
+ size_t input_length = iov_total_length(data, num_data, FALSE);
if (key->keyblock.length != DES_KEY_SIZE)
return(KRB5_BAD_KEYSIZE);
@@ -87,13 +81,10 @@ k5_des_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
{
int ret, olen = DES_BLOCK_SIZE;
unsigned char iblock[DES_BLOCK_SIZE], oblock[DES_BLOCK_SIZE];
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
EVP_CIPHER_CTX ciph_ctx;
krb5_boolean empty;
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
-
ret = validate(key, ivec, data, num_data, &empty);
if (ret != 0 || empty)
return ret;
@@ -107,19 +98,13 @@ k5_des_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
- for (;;) {
-
- if (!krb5int_c_iov_get_block(iblock, DES_BLOCK_SIZE, data,
- num_data, &input_pos))
- break;
-
+ k5_iov_cursor_init(&cursor, data, num_data, DES_BLOCK_SIZE, FALSE);
+ while (k5_iov_cursor_get(&cursor, iblock)) {
ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &olen,
(unsigned char *)iblock, DES_BLOCK_SIZE);
if (!ret)
break;
-
- krb5int_c_iov_put_block(data, num_data, oblock, DES_BLOCK_SIZE,
- &output_pos);
+ k5_iov_cursor_put(&cursor, oblock);
}
if (ivec != NULL)
@@ -141,13 +126,10 @@ k5_des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
{
int ret, olen = DES_BLOCK_SIZE;
unsigned char iblock[DES_BLOCK_SIZE], oblock[DES_BLOCK_SIZE];
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
EVP_CIPHER_CTX ciph_ctx;
krb5_boolean empty;
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
-
ret = validate(key, ivec, data, num_data, &empty);
if (ret != 0 || empty)
return ret;
@@ -162,18 +144,13 @@ k5_des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
- for (;;) {
-
- if (!krb5int_c_iov_get_block(iblock, DES_BLOCK_SIZE,
- data, num_data, &input_pos))
- break;
-
+ k5_iov_cursor_init(&cursor, data, num_data, DES_BLOCK_SIZE, FALSE);
+ while (k5_iov_cursor_get(&cursor, iblock)) {
ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &olen,
iblock, DES_BLOCK_SIZE);
- if (!ret) break;
-
- krb5int_c_iov_put_block(data, num_data, oblock,
- DES_BLOCK_SIZE, &output_pos);
+ if (!ret)
+ break;
+ k5_iov_cursor_put(&cursor, oblock);
}
if (ivec != NULL)
@@ -194,7 +171,7 @@ k5_des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data,
const krb5_data *ivec, krb5_data *output)
{
int ret;
- struct iov_block_state iov_state;
+ struct iov_cursor cursor;
DES_cblock blockY, blockB;
DES_key_schedule sched;
krb5_boolean empty;
@@ -214,11 +191,8 @@ k5_des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data,
else
memset(blockY, 0, DES_BLOCK_SIZE);
- IOV_BLOCK_STATE_INIT(&iov_state);
- for (;;) {
- if (!krb5int_c_iov_get_block(blockB, DES_BLOCK_SIZE, data, num_data,
- &iov_state))
- break;
+ k5_iov_cursor_init(&cursor, data, num_data, DES_BLOCK_SIZE, FALSE);
+ while (k5_iov_cursor_get(&cursor, blockB)) {
store_64_n(load_64_n(blockB) ^ load_64_n(blockY), blockB);
DES_ecb_encrypt(&blockB, &blockY, &sched, 1);
}
diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c
index ca843f9f5..d531f1036 100644
--- a/src/lib/crypto/openssl/enc_provider/des3.c
+++ b/src/lib/crypto/openssl/enc_provider/des3.c
@@ -61,13 +61,7 @@ static krb5_error_code
validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data,
size_t num_data, krb5_boolean *empty)
{
- size_t i, input_length;
-
- for (i = 0, input_length = 0; i < num_data; i++) {
- const krb5_crypto_iov *iov = &data[i];
- if (ENCRYPT_IOV(iov))
- input_length += iov->data.length;
- }
+ size_t input_length = iov_total_length(data, num_data, FALSE);
if (key->keyblock.length != DES3_KEY_SIZE)
return(KRB5_BAD_KEYSIZE);
@@ -86,7 +80,7 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
{
int ret, olen = DES3_BLOCK_SIZE;
unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE];
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
EVP_CIPHER_CTX ciph_ctx;
krb5_boolean empty;
@@ -94,9 +88,6 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
if (ret != 0 || empty)
return ret;
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
-
EVP_CIPHER_CTX_init(&ciph_ctx);
ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL,
@@ -107,19 +98,13 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
- for (;;) {
-
- if (!krb5int_c_iov_get_block(iblock, DES3_BLOCK_SIZE,
- data, num_data, &input_pos))
- break;
-
+ k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE);
+ while (k5_iov_cursor_get(&cursor, iblock)) {
ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &olen,
(unsigned char *)iblock, DES3_BLOCK_SIZE);
if (!ret)
break;
-
- krb5int_c_iov_put_block(data, num_data,
- oblock, DES3_BLOCK_SIZE, &output_pos);
+ k5_iov_cursor_put(&cursor, oblock);
}
if (ivec != NULL)
@@ -141,7 +126,7 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
{
int ret, olen = DES3_BLOCK_SIZE;
unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE];
- struct iov_block_state input_pos, output_pos;
+ struct iov_cursor cursor;
EVP_CIPHER_CTX ciph_ctx;
krb5_boolean empty;
@@ -149,9 +134,6 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
if (ret != 0 || empty)
return ret;
- IOV_BLOCK_STATE_INIT(&input_pos);
- IOV_BLOCK_STATE_INIT(&output_pos);
-
EVP_CIPHER_CTX_init(&ciph_ctx);
ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL,
@@ -162,19 +144,13 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
- for (;;) {
-
- if (!krb5int_c_iov_get_block(iblock, DES3_BLOCK_SIZE,
- data, num_data, &input_pos))
- break;
-
+ k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE);
+ while (k5_iov_cursor_get(&cursor, iblock)) {
ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &olen,
(unsigned char *)iblock, DES3_BLOCK_SIZE);
if (!ret)
break;
-
- krb5int_c_iov_put_block(data, num_data, oblock, DES3_BLOCK_SIZE,
- &output_pos);
+ k5_iov_cursor_put(&cursor, oblock);
}
if (ivec != NULL)
generated by cgit (git 2.34.1) at 2026-01-06 12:12:14 +0000