svn rev #21319: branches/mskrb-integ/src/lib/gssapi/krb5/

lhoward@MIT.EDU lhoward at MIT.EDU
Thu Dec 11 08:02:37 EST 2008


http://src.mit.edu/fisheye/changelog/krb5/?cs=21319
Commit By: lhoward
Log Message: 
For CFX with IOV APIs, do not use a PADDING buffer; instead, place EC
bytes in the TRAILER or HEADER buffer (if the former is absent). This
simplifies the code and more clearly reflects the different abstraction
layers (PADDING represents cryptosystem padding, EC effectively
eliminates PADDING).

Finally, it appears that Windows requires AEAD wrap tokens to have a
non-zero EC. For DCE, Windows always sends 16 (recall that DCE always
pads to 16 bytes), which suggests that it is using EC to pad to the next
block (even though CTS doesn't require padding). So, for DCE_STYLE, we
now do the following: (a) set EC to the blocksize if the padding length
is zero and (b) reflecting the underlying Windows bug, rotate by EC +
RRC rather than RRC.



Changed Files:
U   branches/mskrb-integ/src/lib/gssapi/krb5/k5sealiov.c
U   branches/mskrb-integ/src/lib/gssapi/krb5/k5sealv3iov.c



More information about the cvs-krb5 mailing list