Review of Kerberos AEAP API

Sam Hartman hartmans at MIT.EDU
Thu Dec 4 09:01:00 EST 2008

>>>>> "Love" == Love Hörnquist Åstrand <lha at> writes:

    Love> Hello here is my comments from the initial pass over the
    Love> document.  Limiting to only on DATA buffer is overly
    Love> restrictive.
The implementation doesn't have this restriction so I'll remove it from the API.

    Love> On decryption, the HEADER/TRAILER data should be define to
    Love> be read only as well as the ivec content, ie it should be
    Love> possible to setup an recv'er ivec array and keep reusing it
    Love> over and over again w/o re-init the data.
The implementation meets this restriction; I'm adding to the API.

Note that the contents of pad buffers may be modified on decrypt: you
may end up decrypting the padding.  I don't think this creates a
problem for your use.

More information about the krbdev mailing list