From: Paul Park <pjpark@mit.edu>
Date: Fri, 7 Jul 1995 21:06:59 +0000 (+0000)
Subject: Use checksum verifier
X-Git-Tag: krb5-1.0-beta6~1554
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=66c2d98a3de17938643779a3a21368747d5226b2;p=krb5.git

Use checksum verifier

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6262 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c
index 0c9a0be69..328117d96 100644
--- a/src/lib/krb5/krb/rd_safe.c
+++ b/src/lib/krb5/krb/rd_safe.c
@@ -104,8 +104,11 @@ krb5_rd_safe_basic(context, inbuf, keyblock, recv_addr, sender_addr,
     }
 
     /* verify the checksum */
-    /* to do the checksum stuff, we need to re-encode the message with a
-       zero-length zero-type checksum, then checksum the encoding, and verify.
+    /*
+     * In order to recreate what was checksummed, we regenerate the message
+     * without checksum and then have the cryptographic subsystem verify
+     * the checksum for us.  This is because some checksum methods have
+     * a confounder encrypted as part of the checksum.
      */
     his_cksum = message->checksum;
 
@@ -120,28 +123,16 @@ krb5_rd_safe_basic(context, inbuf, keyblock, recv_addr, sender_addr,
 
     message->checksum = his_cksum;
 			 
-    if (!(our_cksum.contents = (krb5_octet *)
-	  malloc(krb5_checksum_size(context, his_cksum->checksum_type)))) {
-	retval = ENOMEM;
-	goto cleanup;
-    }
-
-    retval = krb5_calculate_checksum(context, his_cksum->checksum_type,
-				     scratch->data, scratch->length,
-				     (krb5_pointer) keyblock->contents,
-				     keyblock->length, &our_cksum);
+    retval = krb5_verify_checksum(context, his_cksum->checksum_type,
+				  his_cksum, scratch->data, scratch->length,
+				  (krb5_pointer) keyblock->contents,
+				  keyblock->length);
     (void) memset((char *)scratch->data, 0, scratch->length);
     krb5_free_data(context, scratch);
     
     if (retval) {
-	goto cleanup_cksum;
-    }
-
-    if (our_cksum.length != his_cksum->length ||
-	memcmp((char *)our_cksum.contents, (char *)his_cksum->contents,
-	       our_cksum.length)) {
 	retval = KRB5KRB_AP_ERR_MODIFIED;
-	goto cleanup_cksum;
+	goto cleanup;
     }
 
     replaydata->timestamp = message->timestamp;
@@ -154,9 +145,6 @@ krb5_rd_safe_basic(context, inbuf, keyblock, recv_addr, sender_addr,
     krb5_free_checksum(context, his_cksum);
     return 0;
 
-cleanup_cksum:
-    krb5_xfree(our_cksum.contents);
-
 cleanup:
     krb5_free_safe(context, message);
     return retval;