Review of Kerberos AEAP API
Sam Hartman
hartmans at MIT.EDU
Thu Dec 4 09:01:00 EST 2008
>>>>> "Love" == Love Hörnquist Åstrand <lha at kth.se> writes:
Love> Hello here is my comments from the initial pass over the
Love> document. Limiting to only on DATA buffer is overly
Love> restrictive.
The implementation doesn't have this restriction so I'll remove it from the API.
Thanks.
Love> On decryption, the HEADER/TRAILER data should be define to
Love> be read only as well as the ivec content, ie it should be
Love> possible to setup an recv'er ivec array and keep reusing it
Love> over and over again w/o re-init the data.
The implementation meets this restriction; I'm adding to the API.
Note that the contents of pad buffers may be modified on decrypt: you
may end up decrypting the padding. I don't think this creates a
problem for your use.
More information about the krbdev
mailing list