From 9fe2a01ec0fefa8b764bb6e9d7f9a09d11fed7ff Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Tue, 27 Jun 2000 21:00:02 +0000 Subject: pullup from 1.2 branch git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12442 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/ChangeLog | 4 ++++ src/lib/crypto/Makefile.in | 4 ++-- src/lib/crypto/dk/ChangeLog | 14 ++++++++++++++ src/lib/crypto/dk/derive.c | 4 ++-- src/lib/crypto/dk/dk_decrypt.c | 20 ++++++++++++++++++-- src/lib/crypto/dk/dk_encrypt.c | 30 ++++++++++++++++++++++++++---- src/lib/crypto/old/ChangeLog | 6 ++++++ src/lib/crypto/old/old_decrypt.c | 19 ++++++++++++++++++- src/lib/crypto/old/old_encrypt.c | 9 ++++++++- src/lib/crypto/prng.c | 2 +- 10 files changed, 99 insertions(+), 13 deletions(-) (limited to 'src/lib/crypto') diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index f451cbe0d..f1fbfff04 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,7 @@ +2000-06-03 Tom Yu + + * Makefile.in(LIBMAJOR, LIBMINOR): Bump library version. + 2000-05-31 Wilfredo Sanchez * configure.in, nfold.c: Check for existance of . diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index 71bddf5c4..64f19d18e 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -106,8 +106,8 @@ SRCS=\ LIB=k5crypto -LIBMAJOR=2 -LIBMINOR=1 +LIBMAJOR=3 +LIBMINOR=0 RELDIR=crypto STOBJLISTS=crc32/OBJS.ST des/OBJS.ST dk/OBJS.ST enc_provider/OBJS.ST \ diff --git a/src/lib/crypto/dk/ChangeLog b/src/lib/crypto/dk/ChangeLog index a9bdafe99..1929ff6a1 100644 --- a/src/lib/crypto/dk/ChangeLog +++ b/src/lib/crypto/dk/ChangeLog @@ -1,3 +1,17 @@ +2000-06-03 Tom Yu + + * dk_encrypt.c (krb5_dk_encrypt, krb5_marc_dk_encrypt): Chain + ivecs. + + * dk_decrypt.c (krb5_dk_decrypt, krb5_marc_dk_decrypt): Chain + ivecs. + +2000-04-28 Ken Raeburn + + * derive.c (krb5_derive_key): If memory allocation fails, release + other allocated blocks before returning, instead of trying to + release them after returning. + 2000-01-21 Ken Raeburn * checksum.c (krb5_dk_make_checksum): enc_providers are now diff --git a/src/lib/crypto/dk/derive.c b/src/lib/crypto/dk/derive.c index 8765605fb..dbd4a2a2d 100644 --- a/src/lib/crypto/dk/derive.c +++ b/src/lib/crypto/dk/derive.c @@ -51,14 +51,14 @@ krb5_derive_key(enc, inkey, outkey, in_constant) return(ENOMEM); if ((outblockdata = (unsigned char *) malloc(blocksize)) == NULL) { - return(ENOMEM); free(inblockdata); + return(ENOMEM); } if ((rawkey = (unsigned char *) malloc(keybytes)) == NULL) { - return(ENOMEM); free(outblockdata); free(inblockdata); + return(ENOMEM); } inblock.data = inblockdata; diff --git a/src/lib/crypto/dk/dk_decrypt.c b/src/lib/crypto/dk/dk_decrypt.c index d3077615f..d6e7c0db3 100644 --- a/src/lib/crypto/dk/dk_decrypt.c +++ b/src/lib/crypto/dk/dk_decrypt.c @@ -41,7 +41,7 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output) { krb5_error_code ret; size_t hashsize, blocksize, keybytes, keylength, enclen, plainlen; - unsigned char *plaindata, *kedata, *kidata, *cksum; + unsigned char *plaindata, *kedata, *kidata, *cksum, *cn; krb5_keyblock ke, ki; krb5_data d1, d2; unsigned char constantdata[K5CLENGTH]; @@ -108,6 +108,11 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output) if ((ret = ((*(enc->decrypt))(&ke, ivec, &d1, &d2))) != 0) goto cleanup; + if (ivec != NULL && ivec->length == blocksize) + cn = d1.data + d1.length - blocksize; + else + cn = NULL; + /* verify the hash */ d1.length = hashsize; @@ -134,6 +139,9 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output) memcpy(output->data, d2.data+blocksize, output->length); + if (cn != NULL) + memcpy(ivec->data, cn, blocksize); + ret = 0; cleanup: @@ -163,7 +171,7 @@ krb5_marc_dk_decrypt(enc, hash, key, usage, ivec, input, output) { krb5_error_code ret; size_t hashsize, blocksize, keybytes, keylength, enclen, plainlen; - unsigned char *plaindata, *kedata, *kidata, *cksum; + unsigned char *plaindata, *kedata, *kidata, *cksum, *cn; krb5_keyblock ke, ki; krb5_data d1, d2; unsigned char constantdata[K5CLENGTH]; @@ -230,6 +238,11 @@ krb5_marc_dk_decrypt(enc, hash, key, usage, ivec, input, output) if ((ret = ((*(enc->decrypt))(&ke, ivec, &d1, &d2))) != 0) goto cleanup; + if (ivec != NULL && ivec->length == blocksize) + cn = d1.data + d1.length - blocksize; + else + cn = NULL; + /* verify the hash */ d1.length = hashsize; @@ -264,6 +277,9 @@ krb5_marc_dk_decrypt(enc, hash, key, usage, ivec, input, output) memcpy(output->data, d2.data+4+blocksize, output->length); + if (cn != NULL) + memcpy(ivec->data, cn, blocksize); + ret = 0; cleanup: diff --git a/src/lib/crypto/dk/dk_encrypt.c b/src/lib/crypto/dk/dk_encrypt.c index 8627353db..2bc2b6ba4 100644 --- a/src/lib/crypto/dk/dk_encrypt.c +++ b/src/lib/crypto/dk/dk_encrypt.c @@ -65,7 +65,7 @@ krb5_dk_encrypt(enc, hash, key, usage, ivec, input, output) krb5_error_code ret; unsigned char constantdata[K5CLENGTH]; krb5_data d1, d2; - unsigned char *plaintext, *kedata, *kidata; + unsigned char *plaintext, *kedata, *kidata, *cn; krb5_keyblock ke, ki; /* allocate and set up plaintext and to-be-derived keys */ @@ -142,6 +142,11 @@ krb5_dk_encrypt(enc, hash, key, usage, ivec, input, output) if ((ret = ((*(enc->encrypt))(&ke, ivec, &d1, &d2)))) goto cleanup; + if (ivec != NULL && ivec->length == blocksize) + cn = d2.data + d2.length - blocksize; + else + cn = NULL; + /* hash the plaintext */ d2.length = enclen - plainlen; @@ -149,8 +154,14 @@ krb5_dk_encrypt(enc, hash, key, usage, ivec, input, output) output->length = enclen; - if ((ret = krb5_hmac(hash, &ki, 1, &d1, &d2))) + if ((ret = krb5_hmac(hash, &ki, 1, &d1, &d2))) { memset(d2.data, 0, d2.length); + goto cleanup; + } + + /* update ivec */ + if (cn != NULL) + memcpy(ivec->data, cn, blocksize); /* ret is set correctly by the prior call */ @@ -196,7 +207,7 @@ krb5_marc_dk_encrypt(enc, hash, key, usage, ivec, input, output) krb5_error_code ret; unsigned char constantdata[K5CLENGTH]; krb5_data d1, d2; - unsigned char *plaintext, *kedata, *kidata; + unsigned char *plaintext, *kedata, *kidata, *cn; krb5_keyblock ke, ki; /* allocate and set up plaintext and to-be-derived keys */ @@ -278,6 +289,11 @@ krb5_marc_dk_encrypt(enc, hash, key, usage, ivec, input, output) if ((ret = ((*(enc->encrypt))(&ke, ivec, &d1, &d2)))) goto cleanup; + if (ivec != NULL && ivec->length == blocksize) + cn = d2.data + d2.length - blocksize; + else + cn = NULL; + /* hash the plaintext */ d2.length = enclen - plainlen; @@ -285,8 +301,14 @@ krb5_marc_dk_encrypt(enc, hash, key, usage, ivec, input, output) output->length = enclen; - if ((ret = krb5_hmac(hash, &ki, 1, &d1, &d2))) + if ((ret = krb5_hmac(hash, &ki, 1, &d1, &d2))) { memset(d2.data, 0, d2.length); + goto cleanup; + } + + /* update ivec */ + if (cn != NULL) + memcpy(ivec->data, cn, blocksize); /* ret is set correctly by the prior call */ diff --git a/src/lib/crypto/old/ChangeLog b/src/lib/crypto/old/ChangeLog index 0bee167d1..7446daa2c 100644 --- a/src/lib/crypto/old/ChangeLog +++ b/src/lib/crypto/old/ChangeLog @@ -1,3 +1,9 @@ +2000-06-03 Tom Yu + + * old_encrypt.c (krb5_old_encrypt): Chain ivecs. + + * old_decrypt.c (krb5_old_decrypt): Chain ivecs. + 2000-01-21 Ken Raeburn * des_stringtokey.c (mit_des_string_to_key_int): Declare. diff --git a/src/lib/crypto/old/old_decrypt.c b/src/lib/crypto/old/old_decrypt.c index 1bcb0d38b..bfbe56a10 100644 --- a/src/lib/crypto/old/old_decrypt.c +++ b/src/lib/crypto/old/old_decrypt.c @@ -45,7 +45,7 @@ krb5_old_decrypt(enc, hash, key, usage, ivec, input, arg_output) { krb5_error_code ret; size_t blocksize, hashsize, plainsize; - unsigned char *cksumdata; + unsigned char *cksumdata, *cn; krb5_data output, cksum, crcivec; int alloced; @@ -82,6 +82,17 @@ krb5_old_decrypt(enc, hash, key, usage, ivec, input, arg_output) /* decrypt it */ + /* save last ciphertext block in case we decrypt in place */ + if (ivec != NULL && ivec->length == blocksize) { + cn = malloc(blocksize); + if (cn == NULL) { + ret = ENOMEM; + goto cleanup; + } + memcpy(cn, input->data + input->length - blocksize, blocksize); + } else + cn = NULL; + /* XXX this is gross, but I don't have much choice */ if ((key->enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) { crcivec.length = key->length; @@ -119,6 +130,10 @@ krb5_old_decrypt(enc, hash, key, usage, ivec, input, arg_output) } arg_output->length = plainsize; + /* update ivec */ + if (cn != NULL) + memcpy(ivec->data, cn, blocksize); + ret = 0; cleanup: @@ -127,6 +142,8 @@ cleanup: free(output.data); } + if (cn != NULL) + free(cn); memset(cksumdata, 0, hashsize); free(cksumdata); return(ret); diff --git a/src/lib/crypto/old/old_encrypt.c b/src/lib/crypto/old/old_encrypt.c index d90d0f885..8860ba5ff 100644 --- a/src/lib/crypto/old/old_encrypt.c +++ b/src/lib/crypto/old/old_encrypt.c @@ -55,6 +55,7 @@ krb5_old_encrypt(enc, hash, key, usage, ivec, input, output) krb5_error_code ret; size_t blocksize, hashsize, enclen; krb5_data datain, crcivec; + int real_ivec; (*(enc->block_size))(&blocksize); (*(hash->hash_size))(&hashsize); @@ -92,11 +93,17 @@ krb5_old_encrypt(enc, hash, key, usage, ivec, input, output) crcivec.length = key->length; crcivec.data = key->contents; ivec = &crcivec; - } + real_ivec = 0; + } else + real_ivec = 1; if ((ret = ((*(enc->encrypt))(key, ivec, output, output)))) goto cleanup; + /* update ivec */ + if (real_ivec && ivec != NULL && ivec->length == blocksize) + memcpy(ivec->data, output->data + output->length - blocksize, + blocksize); cleanup: if (ret) memset(output->data, 0, output->length); diff --git a/src/lib/crypto/prng.c b/src/lib/crypto/prng.c index 6d401a9bf..b22131e0f 100644 --- a/src/lib/crypto/prng.c +++ b/src/lib/crypto/prng.c @@ -158,4 +158,4 @@ void prng_cleanup (void) { free (random_state); inited = 0; -} \ No newline at end of file +} -- cgit