projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f540177) | patch
Fix cipher state chaining in OpenSSL back end
authorGreg Hudson <ghudson@mit.edu>
Thu, 18 Feb 2010 18:04:47 +0000 (18:04 +0000)
committerGreg Hudson <ghudson@mit.edu>
Thu, 18 Feb 2010 18:04:47 +0000 (18:04 +0000)
commit07fb1e7b435ce005fe629be07d05de912d61307f
tree324c2491c700bbb869fa1dd47611b09fed6f832btree | snapshot
parentf540177be7b268ba317aa21334e5be391d20f256commit | diff
Fix cipher state chaining in OpenSSL back end

Make cipher state chaining work in the OpenSSL back end for des, des3,
and arcfour enc providers.  Subtleties:

* DES and DES3 have checks to avoid clobbering ivec with uninitialized
  data if there is no data to encrypt.
* Arcfour saves the OpenSSL cipher context across calls.  To protect
  against a caller improperly copying the state (which happens to work
  with other enc providers), a loopback pointer is used, as in GSSAPI.
* EVP_EncryptFinal_ex is unnecessary with stream ciphers and would
  interfere with cipher state chaining if it did anything, so just
  remove it.

ticket: 6665
target_version: 1.8
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23734 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/crypto/openssl/enc_provider/des.c diff | blob | history
src/lib/crypto/openssl/enc_provider/des3.c diff | blob | history
src/lib/crypto/openssl/enc_provider/rc4.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.