* k5seal.c k5unseal.c util_cksum.c:

author Richard Basch <probe@mit.edu>

Wed, 15 May 1996 01:05:28 +0000 (01:05 +0000)

committer Richard Basch <probe@mit.edu>

Wed, 15 May 1996 01:05:28 +0000 (01:05 +0000)
author Richard Basch <probe@mit.edu>
Wed, 15 May 1996 01:05:28 +0000 (01:05 +0000)
committer Richard Basch <probe@mit.edu>
Wed, 15 May 1996 01:05:28 +0000 (01:05 +0000)
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog

index b58ed1ee88f8842dff7f54dbd759d2e153bf6c25..88112479a843b3983ec1390891004715da5b704c 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,9 @@
+Tue May 14 19:09:49 1996  Richard Basch  <basch@lehman.com>
+
+       * k5seal.c k5unseal.c util_cksum.c:
+               setup krb5_checksum "contents" and "length" field prior to
+               calling krb5_calculate_checksum().
+
  Tue May 14 04:42:11 1996  Theodore Y. Ts'o  <tytso@mit.edu>
  
         * init_sec_context.c (make_ap_req): Change call to
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c

index bb8818c99e95c552d5d7aa91e7fe8eef6bb49764..4e5c78bd1a878ed9aa1d8264a15134bf881c3208 100644 (file)
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -40,6 +40,7 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
     krb5_error_code code;
     krb5_MD5_CTX md5;
     krb5_checksum desmac;
+   krb5_octet cbc_checksum[KRB5_MIT_DES_KEYSIZE];
     int tmsglen, tlen;
     unsigned char *t, *ptr;
  
@@ -146,6 +147,8 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
     /* XXX this depends on the key being a single-des key, but that's
        all that kerberos supports right now */
  
+   desmac.length = sizeof(cbc_checksum);
+   desmac.contents = cbc_checksum;
     if (code = krb5_calculate_checksum(context, CKSUMTYPE_DESCBC, md5.digest, 16,
                                       seq_ed->key->contents, 
                                       seq_ed->key->length,
@@ -156,9 +159,6 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
  
     memcpy(ptr+14, desmac.contents, 8);
  
-   /* XXX krb5_free_checksum_contents? */
-   xfree(desmac.contents);
-
     /* create the seq_num */
  
     if (code = kg_make_seq_num(seq_ed, direction?0:0xff, *seqnum,
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c

index e8219de3fd5edf3b4a3deb144a67bae03d3df92a..1b4288c0cca08e96cf6de43602ef27f5267a3d11 100644 (file)
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -49,6 +49,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
     gss_buffer_desc token;
     unsigned char *ptr;
     krb5_checksum desmac;
+   krb5_octet cbc_checksum[KRB5_MIT_DES_KEYSIZE];
     krb5_MD5_CTX md5;
     unsigned char *cksum;
     krb5_timestamp now;
@@ -174,7 +175,8 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
  
        /* XXX this depends on the key being a single-des key, but that's
          all that kerberos supports right now */
-
+      desmac.length = sizeof(cbc_checksum);
+      desmac.contents = cbc_checksum;
        if (code = krb5_calculate_checksum(context, CKSUMTYPE_DESCBC, md5.digest,
                                          16, ctx->seq.key->contents, 
                                          ctx->seq.key->length,
@@ -217,17 +219,12 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
     /* compare the computed checksum against the transmitted checksum */
  
     if (memcmp(cksum, ptr+14, 8) != 0) {
-      if (signalg == 0)
-        xfree(desmac.contents);
        if ((toktype == KG_TOK_SEAL_MSG) || (toktype == KG_TOK_WRAP_MSG))
          xfree(token.value);
        *minor_status = 0;
        return(GSS_S_BAD_SIG);
     }
  
-   if (signalg == 0)
-      xfree(desmac.contents);
-
     /* XXX this is where the seq_num check would go */
     
     /* it got through unscathed.  Make sure the context is unexpired */
diff --git a/src/lib/gssapi/krb5/util_cksum.c b/src/lib/gssapi/krb5/util_cksum.c

index b762aa1ac2edf3c221c8bb5bee3da4e4652aeb83..0b46d0e5e7c1adba0e1e129ed6f8319c90f2fd0a 100644 (file)
--- a/src/lib/gssapi/krb5/util_cksum.c
+++ b/src/lib/gssapi/krb5/util_cksum.c
@@ -61,8 +61,8 @@ kg_checksum_channel_bindings(cb, cksum, bigend)
        return(ENOMEM);
  
     /* allocate the cksum contents buffer */
-   if ((cksum->contents = (krb5_octet *)
-       xmalloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5))) == NULL) {
+   cksum->length = krb5_checksum_size(context, CKSUMTYPE_RSA_MD5);
+   if ((cksum->contents = (krb5_octet *) xmalloc(cksum->length)) == NULL) {
        free(buf);
        return(ENOMEM);
     }
author	Richard Basch <probe@mit.edu>
	Wed, 15 May 1996 01:05:28 +0000 (01:05 +0000)
committer	Richard Basch <probe@mit.edu>
	Wed, 15 May 1996 01:05:28 +0000 (01:05 +0000)
src/lib/gssapi/krb5/ChangeLog		patch \| blob \| history
src/lib/gssapi/krb5/k5seal.c		patch \| blob \| history
src/lib/gssapi/krb5/k5unseal.c		patch \| blob \| history
src/lib/gssapi/krb5/util_cksum.c		patch \| blob \| history