Don't combine encrypt and decrypt code paths.

author Ken Raeburn <raeburn@mit.edu>

Tue, 22 Jul 2003 17:53:10 +0000 (17:53 +0000)

committer Ken Raeburn <raeburn@mit.edu>

Tue, 22 Jul 2003 17:53:10 +0000 (17:53 +0000)
author Ken Raeburn <raeburn@mit.edu>
Tue, 22 Jul 2003 17:53:10 +0000 (17:53 +0000)
committer Ken Raeburn <raeburn@mit.edu>
Tue, 22 Jul 2003 17:53:10 +0000 (17:53 +0000)
diff --git a/src/lib/crypto/enc_provider/ChangeLog b/src/lib/crypto/enc_provider/ChangeLog

index 649f204e6e0e18e5f2f31c7896b5c9abd0cd6e31..bd0a5febec3cdcf66251d387820592897b0cfbbe 100644 (file)
--- a/src/lib/crypto/enc_provider/ChangeLog
+++ b/src/lib/crypto/enc_provider/ChangeLog
@@ -1,3 +1,11 @@
+2003-07-22  Ken Raeburn  <raeburn@mit.edu>
+
+       * des3.c (validate_and_schedule): Split out from old
+       k5_des3_docrypt.
+       (k5_des3_encrypt, k5_des3_decrypt): Call it, and
+       krb5int_des3_cbc_encrypt or _decrypt, instead of
+       k5_des3_docrypt.  Zap key schedules before returning.
+
  2003-07-17  Ken Raeburn  <raeburn@mit.edu>
  
         * Makefile.in (LIBNAME) [##WIN16##]: Don't define.
diff --git a/src/lib/crypto/enc_provider/des3.c b/src/lib/crypto/enc_provider/des3.c

index 91579c6ab7d3705be4515fbd8aba42072fc26d6c..54fbb69afcc452c257712f44bbbaf0f42a19a91e 100644 (file)
--- a/src/lib/crypto/enc_provider/des3.c
+++ b/src/lib/crypto/enc_provider/des3.c
@@ -43,11 +43,10 @@ k5_des3_keysize(size_t *keybytes, size_t *keylength)
  }
  
  static krb5_error_code
-k5_des3_docrypt(const krb5_keyblock *key, const krb5_data *ivec,
-               const krb5_data *input, krb5_data *output, int enc)
+validate_and_schedule(const krb5_keyblock *key, const krb5_data *ivec,
+                     const krb5_data *input, const krb5_data *output,
+                     mit_des3_key_schedule *schedule)
  {
-    mit_des3_key_schedule schedule;
-
      /* key->enctype was checked by the caller */
  
      if (key->length != 24)
@@ -60,38 +59,57 @@ k5_des3_docrypt(const krb5_keyblock *key, const krb5_data *ivec,
         return(KRB5_BAD_MSIZE);
  
      switch (mit_des3_key_sched(*(mit_des3_cblock *)key->contents,
-                                    schedule)) {
+                              *schedule)) {
      case -1:
         return(KRB5DES_BAD_KEYPAR);
      case -2:
         return(KRB5DES_WEAK_KEY);
      }
-
-    /* this has a return value, but the code always returns zero */
-
-    mit_des3_cbc_encrypt((krb5_pointer) input->data,
-                        (krb5_pointer) output->data, input->length,
-                        schedule[0], schedule[1], schedule[2],
-                        ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock,
-                        enc);
-
-    memset(schedule, 0, sizeof(schedule));
-
-    return(0);
+    return 0;
  }
  
  static krb5_error_code
  k5_des3_encrypt(const krb5_keyblock *key, const krb5_data *ivec,
                 const krb5_data *input, krb5_data *output)
  {
-    return(k5_des3_docrypt(key, ivec, input, output, 1));
+    mit_des3_key_schedule schedule;
+    krb5_error_code err;
+
+    err = validate_and_schedule(key, ivec, input, output, &schedule);
+    if (err)
+       return err;
+
+    /* this has a return value, but the code always returns zero */
+    krb5int_des3_cbc_encrypt((krb5_pointer) input->data,
+                            (krb5_pointer) output->data, input->length,
+                            schedule[0], schedule[1], schedule[2],
+                            ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock);
+
+    zap(schedule, sizeof(schedule));
+
+    return(0);
  }
  
  static krb5_error_code
  k5_des3_decrypt(const krb5_keyblock *key, const krb5_data *ivec,
                 const krb5_data *input, krb5_data *output)
  {
-    return(k5_des3_docrypt(key, ivec, input, output, 0));
+    mit_des3_key_schedule schedule;
+    krb5_error_code err;
+
+    err = validate_and_schedule(key, ivec, input, output, &schedule);
+    if (err)
+       return err;
+
+    /* this has a return value, but the code always returns zero */
+    krb5int_des3_cbc_decrypt((krb5_pointer) input->data,
+                            (krb5_pointer) output->data, input->length,
+                            schedule[0], schedule[1], schedule[2],
+                            ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock);
+
+    zap(schedule, sizeof(schedule));
+
+    return(0);
  }
  
  static krb5_error_code
author	Ken Raeburn <raeburn@mit.edu>
	Tue, 22 Jul 2003 17:53:10 +0000 (17:53 +0000)
committer	Ken Raeburn <raeburn@mit.edu>
	Tue, 22 Jul 2003 17:53:10 +0000 (17:53 +0000)
src/lib/crypto/enc_provider/ChangeLog		patch \| blob \| history
src/lib/crypto/enc_provider/des3.c		patch \| blob \| history