* SUCH DAMAGE.
*/
-#define KRB5_DEPRECATED
-
#include "krb5_locl.h"
struct _krb5_key_usage {
unsigned char *ipad, *opad;
unsigned char *key;
size_t key_len;
- int i;
+ size_t i;
ipad = malloc(cm->blocksize + len);
if (ipad == NULL)
if(ct->flags & F_DERIVED)
ret = _get_derived_key(context, crypto, usage, key);
else if(ct->flags & F_VARIANT) {
- int i;
+ size_t i;
*key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
if(*key == NULL) {
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
kct = crypto->et->keyed_checksum;
- if (kct != NULL && kct->type != ct->type) {
+ if (kct == NULL || kct->type != ct->type) {
krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("Checksum type %s is keyed, but "
"the key type %s passed didnt have that checksum "
if(ct->verify) {
ret = (*ct->verify)(context, dkey, data, len, usage, cksum);
if (ret)
- krb5_set_error_message(context, ret,
+ krb5_set_error_message(context, ret,
N_("Decrypt integrity check failed for checksum "
"type %s, key type %s", ""),
ct->name, (crypto != NULL)? crypto->et->name : "(none)");
return 0;
}
+/**
+ * Check if a enctype is valid, return 0 if it is.
+ *
+ * @param context Kerberos context
+ * @param etype enctype to check if its valid or not
+ *
+ * @return Return an error code for an failure or 0 on success (enctype valid).
+ * @ingroup krb5_crypto
+ */
+
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_valid(krb5_context context,
krb5_enctype etype)
{
struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
+ if(e && (e->flags & F_DISABLED) == 0)
+ return 0;
+ if (context == NULL)
+ return KRB5_PROG_ETYPE_NOSUPP;
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
- if (e->flags & F_DISABLED) {
- krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %s is disabled", ""),
- e->name);
- return KRB5_PROG_ETYPE_NOSUPP;
- }
- return 0;
+ /* Must be (e->flags & F_DISABLED) */
+ krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
+ N_("encryption type %s is disabled", ""),
+ e->name);
+ return KRB5_PROG_ETYPE_NOSUPP;
}
/**
}
static krb5_crypto_iov *
-find_iv(krb5_crypto_iov *data, int num_data, int type)
+find_iv(krb5_crypto_iov *data, size_t num_data, unsigned type)
{
- int i;
+ size_t i;
for (i = 0; i < num_data; i++)
if (data[i].flags == type)
return &data[i];
struct _krb5_encryption_type *et = crypto->et;
krb5_crypto_iov *tiv, *hiv;
- if (num_data < 0) {
- krb5_clear_error_message(context);
- return KRB5_CRYPTO_INTERNAL;
- }
-
if(!derived_crypto(context, crypto)) {
krb5_clear_error_message(context);
return KRB5_CRYPTO_INTERNAL;
Checksum cksum;
krb5_crypto_iov *civ;
krb5_error_code ret;
- int i;
+ size_t i;
size_t len;
char *p, *q;
- if (num_data < 0) {
- krb5_clear_error_message(context);
- return KRB5_CRYPTO_INTERNAL;
- }
-
if(!derived_crypto(context, crypto)) {
krb5_clear_error_message(context);
return KRB5_CRYPTO_INTERNAL;
Checksum cksum;
krb5_crypto_iov *civ;
krb5_error_code ret;
- int i;
+ size_t i;
size_t len;
char *p, *q;
- if (num_data < 0) {
- krb5_clear_error_message(context);
- return KRB5_CRYPTO_INTERNAL;
- }
-
if(!derived_crypto(context, crypto)) {
krb5_clear_error_message(context);
return KRB5_CRYPTO_INTERNAL;
krb5_set_error_message(context, EINVAL, "not a derived crypto");
return EINVAL;
}
-
+
switch(type) {
case KRB5_CRYPTO_TYPE_EMPTY:
*len = 0;
unsigned int num_data)
{
krb5_error_code ret;
- int i;
+ size_t i;
for (i = 0; i < num_data; i++) {
ret = krb5_crypto_length(context, crypto,
/* XXX keytype dependent post-processing */
switch(kt->type) {
- case KEYTYPE_DES3:
+ case KRB5_ENCTYPE_OLD_DES3_CBC_SHA1:
_krb5_DES3_random_to_key(context, key->key, k, nblocks * et->blocksize);
break;
- case KEYTYPE_AES128:
- case KEYTYPE_AES256:
+ case KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96:
+ case KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96:
memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length);
break;
default:
/**
* Return the blocksize used algorithm referenced by the crypto context
- *
+ *
* @param context Kerberos context
* @param crypto crypto context to query
* @param blocksize the resulting blocksize
/**
* Return the encryption type used by the crypto context
- *
+ *
* @param context Kerberos context
* @param crypto crypto context to query
* @param enctype the resulting encryption type
/**
* Return the padding size used by the crypto context
- *
+ *
* @param context Kerberos context
* @param crypto crypto context to query
* @param padsize the return padding size
/**
* Return the confounder size used by the crypto context
- *
+ *
* @param context Kerberos context
* @param crypto crypto context to query
* @param confoundersize the returned confounder size
* @ingroup krb5_deprecated
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_keytype_to_enctypes (krb5_context context,
krb5_keytype keytype,
unsigned *len,
krb5_enctype **val)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
int i;
unsigned n = 0;
*/
/* if two enctypes have compatible keys */
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_enctypes_compatible_keys(krb5_context context,
krb5_enctype etype1,
krb5_enctype etype2)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1);
struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2);
git.samba.org / abartlet / samba-debian.git / blobdiff