header->data.length = header_len;
- ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data);
- if (ret != 0)
- goto cleanup;
+ if (ivec != NULL) {
+ if (ivec->length != 16 ||
+ ivec->data[0] & ~(CCM_FLAG_MASK_Q) ||
+ 15 - (unsigned)ivec->data[0] != header_len) {
+ ret = KRB5_BAD_MSIZE;
+ goto cleanup;
+ }
+ memcpy(header->data.data, &ivec->data[1], header_len);
+ } else {
+ ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data);
+ if (ret != 0)
+ goto cleanup;
+ }
sign_data = (krb5_crypto_iov *)calloc(num_data + 1, sizeof(krb5_crypto_iov));
if (sign_data == NULL) {
krb5int_aes_init_state_ctr (const krb5_keyblock *key, krb5_keyusage usage,
krb5_data *state)
{
- state->length = BLOCK_SIZE;
- state->data = calloc(1, state->length);
+ krb5_data nonce;
+ unsigned int n, q;
+ krb5_error_code code;
+
+ code = krb5_c_crypto_length(NULL, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &n);
+ if (code != 0)
+ return code;
+
+ assert(n >= 7 && n <= 13);
+
+ state->length = 16;
+ state->data = malloc(state->length);
if (state->data == NULL)
return ENOMEM;
- state->data[0] = CCM_DEFAULT_COUNTER_LEN - 1;
+
+ q = 15 - n;
+ state->data[0] = q - 1;
+
+ nonce.data = &state->data[1];
+ nonce.length = n;
+
+ code = krb5_c_random_make_octets(NULL, &nonce);
+ if (code != 0) {
+ free(state->data);
+ state->data = NULL;
+ return code;
+ }
+
+ memset(&state->data[1 + n], 0, q);
+
return 0;
}
projects / thirdparty / krb5.git / commitdiff
