From 244db0dc5ebfe7be1c5e9eca974a4cc27265efe9 Mon Sep 17 00:00:00 2001
From: John Kohl <jtkohl@mit.edu>
Date: Wed, 9 May 1990 17:07:32 +0000
Subject: [PATCH] changes for new encryption & checksum interface add in
 checksum-checking code

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@813 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kdc/kdc_util.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index a87c421f2..9a660c99f 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -121,7 +121,8 @@ const krb5_fulladdr *from;
 	if (retval =
 	    (*eblock.crypto_entry->decrypt_func)((krb5_pointer) tgs_req->tgs_request2->enc_part.data,
 						 (krb5_pointer) scratch.data,
-						 scratch.length, &eblock)) {
+						 scratch.length, &eblock,
+						 0)) {
 	    (void) (*eblock.crypto_entry->finish_key)(&eblock);
 	    free(scratch.data);
 	    return retval;
@@ -260,17 +261,33 @@ const krb5_fulladdr *from;
     }	
     /* check application checksum vs. tgs request */
 #ifdef notdef
+    if (!(our_cksum.contents = (krb5_octet *)
+	  malloc(krb5_cksumarray[our_cksum.checksum_type]->checksum_length))) {
+	krb5_free_authenticator(authdat.authenticator);
+	krb5_free_ticket(authdat.ticket);
+	return ENOMEM; /* XXX cktype nosupp */
+    }
     if (retval = (*krb5_cksumarray[our_cksum.checksum_type]->
 		  sum_func)(in,		/* where to? */
-			    NULL,	/* don't produce output */
-			    authdat.ticket->enc_part2->session->contents, /* seed */
 			    in_length,	/* input length */
+			    authdat.ticket->enc_part2->session->contents, /* seed */
 			    authdat.ticket->enc_part2->session->length,	/* seed length */
 			    &our_cksum)) {
 	krb5_free_authenticator(authdat.authenticator);
 	krb5_free_ticket(authdat.ticket);
+	xfree(our_cksum.contents);
+	return retval;
+    }
+    if (our_cksum.length != authdat.authenticator->checksum->length ||
+	bcmp((char *)our_cksum.contents,
+	     (char *)authdat.authenticator->checksum->contents,
+	     our_cksum.length)) {
+	krb5_free_authenticator(authdat.authenticator);
+	krb5_free_ticket(authdat.ticket);
+	xfree(our_cksum.contents);
 	return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX wrong code? */
     }
+    xfree(our_cksum.contents);
 #endif
     /* don't need authenticator anymore */
     krb5_free_authenticator(authdat.authenticator);
-- 
2.26.2