From 0bd27e0db808dd5017e0495fc0076a2aea73f9cb Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Tue, 22 Jul 2003 17:53:10 +0000 Subject: [PATCH] Don't combine encrypt and decrypt code paths. Zap key schedule when done. * des3.c (validate_and_schedule): Split out from old k5_des3_docrypt. (k5_des3_encrypt, k5_des3_decrypt): Call it, and krb5int_des3_cbc_encrypt or _decrypt, instead of k5_des3_docrypt. Zap key schedules before returning. ticket: 1404 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15710 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/enc_provider/ChangeLog | 8 ++++ src/lib/crypto/enc_provider/des3.c | 56 ++++++++++++++++++--------- 2 files changed, 45 insertions(+), 19 deletions(-) diff --git a/src/lib/crypto/enc_provider/ChangeLog b/src/lib/crypto/enc_provider/ChangeLog index 649f204e6..bd0a5febe 100644 --- a/src/lib/crypto/enc_provider/ChangeLog +++ b/src/lib/crypto/enc_provider/ChangeLog @@ -1,3 +1,11 @@ +2003-07-22 Ken Raeburn + + * des3.c (validate_and_schedule): Split out from old + k5_des3_docrypt. + (k5_des3_encrypt, k5_des3_decrypt): Call it, and + krb5int_des3_cbc_encrypt or _decrypt, instead of + k5_des3_docrypt. Zap key schedules before returning. + 2003-07-17 Ken Raeburn * Makefile.in (LIBNAME) [##WIN16##]: Don't define. diff --git a/src/lib/crypto/enc_provider/des3.c b/src/lib/crypto/enc_provider/des3.c index 91579c6ab..54fbb69af 100644 --- a/src/lib/crypto/enc_provider/des3.c +++ b/src/lib/crypto/enc_provider/des3.c @@ -43,11 +43,10 @@ k5_des3_keysize(size_t *keybytes, size_t *keylength) } static krb5_error_code -k5_des3_docrypt(const krb5_keyblock *key, const krb5_data *ivec, - const krb5_data *input, krb5_data *output, int enc) +validate_and_schedule(const krb5_keyblock *key, const krb5_data *ivec, + const krb5_data *input, const krb5_data *output, + mit_des3_key_schedule *schedule) { - mit_des3_key_schedule schedule; - /* key->enctype was checked by the caller */ if (key->length != 24) @@ -60,38 +59,57 @@ k5_des3_docrypt(const krb5_keyblock *key, const krb5_data *ivec, return(KRB5_BAD_MSIZE); switch (mit_des3_key_sched(*(mit_des3_cblock *)key->contents, - schedule)) { + *schedule)) { case -1: return(KRB5DES_BAD_KEYPAR); case -2: return(KRB5DES_WEAK_KEY); } - - /* this has a return value, but the code always returns zero */ - - mit_des3_cbc_encrypt((krb5_pointer) input->data, - (krb5_pointer) output->data, input->length, - schedule[0], schedule[1], schedule[2], - ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock, - enc); - - memset(schedule, 0, sizeof(schedule)); - - return(0); + return 0; } static krb5_error_code k5_des3_encrypt(const krb5_keyblock *key, const krb5_data *ivec, const krb5_data *input, krb5_data *output) { - return(k5_des3_docrypt(key, ivec, input, output, 1)); + mit_des3_key_schedule schedule; + krb5_error_code err; + + err = validate_and_schedule(key, ivec, input, output, &schedule); + if (err) + return err; + + /* this has a return value, but the code always returns zero */ + krb5int_des3_cbc_encrypt((krb5_pointer) input->data, + (krb5_pointer) output->data, input->length, + schedule[0], schedule[1], schedule[2], + ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock); + + zap(schedule, sizeof(schedule)); + + return(0); } static krb5_error_code k5_des3_decrypt(const krb5_keyblock *key, const krb5_data *ivec, const krb5_data *input, krb5_data *output) { - return(k5_des3_docrypt(key, ivec, input, output, 0)); + mit_des3_key_schedule schedule; + krb5_error_code err; + + err = validate_and_schedule(key, ivec, input, output, &schedule); + if (err) + return err; + + /* this has a return value, but the code always returns zero */ + krb5int_des3_cbc_decrypt((krb5_pointer) input->data, + (krb5_pointer) output->data, input->length, + schedule[0], schedule[1], schedule[2], + ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock); + + zap(schedule, sizeof(schedule)); + + return(0); } static krb5_error_code -- 2.26.2