From e9d5ef4aefdc14736c9bba9b7a4834652657098f Mon Sep 17 00:00:00 2001 From: Richard Basch Date: Wed, 15 May 1996 00:57:15 +0000 Subject: [PATCH] * mk_req_ext.c mk_safe.c send_tgs.c: set the length field of the krb5_checksum structure before calling krb5_calculate_checksum. * str_conv.c: replaced sha-des3 cksum with hmac-sha. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8021 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 8 +++++++ src/lib/krb5/krb/mk_req_ext.c | 41 ++++++++++++++++++----------------- src/lib/krb5/krb/mk_safe.c | 5 +++-- src/lib/krb5/krb/send_tgs.c | 5 ++--- src/lib/krb5/krb/str_conv.c | 6 ++--- 5 files changed, 37 insertions(+), 28 deletions(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index c94c31cfa..1696cb5dc 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,11 @@ +Tue May 14 18:39:22 1996 Richard Basch + + * mk_req_ext.c mk_safe.c send_tgs.c: + set the length field of the krb5_checksum structure before + calling krb5_calculate_checksum. + + * str_conv.c: replaced sha-des3 cksum with hmac-sha. + Tue May 14 02:53:42 1996 Theodore Y. Ts'o * ser_ctx.c (krb5_context_size, krb5_context_externalize, diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index 8193d3016..733dd319c 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -137,27 +137,28 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds, if (in_data) { - if ((*auth_context)->req_cksumtype == 0x8003) { - /* XXX Special hack for GSSAPI */ - checksum.checksum_type = 0x8003; - checksum.length = in_data->length; - checksum.contents = (krb5_octet *) in_data->data; - } else { - /* Generate checksum, XXX What should the seed be? */ - if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context, - (*auth_context)->req_cksumtype))) == NULL) { - retval = ENOMEM; - goto cleanup; + if ((*auth_context)->req_cksumtype == 0x8003) { + /* XXX Special hack for GSSAPI */ + checksum.checksum_type = 0x8003; + checksum.length = in_data->length; + checksum.contents = (krb5_octet *) in_data->data; + } else { + /* Generate checksum, XXX What should the seed be? */ + checksum.length = + krb5_checksum_size(context, (*auth_context)->req_cksumtype); + if ((checksum.contents = (krb5_octet *)malloc(checksum.length)) == NULL) { + retval = ENOMEM; + goto cleanup; + } + if ((retval = krb5_calculate_checksum(context, + (*auth_context)->req_cksumtype, + in_data->data, in_data->length, + (*auth_context)->keyblock->contents, + (*auth_context)->keyblock->length, + &checksum))) + goto cleanup_cksum; } - if ((retval = krb5_calculate_checksum(context, - (*auth_context)->req_cksumtype, - in_data->data, in_data->length, - (*auth_context)->keyblock->contents, - (*auth_context)->keyblock->length, - &checksum))) - goto cleanup_cksum; - } - checksump = &checksum; + checksump = &checksum; } /* Generate authenticator */ diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c index 816b26d86..dfa253a4e 100644 --- a/src/lib/krb5/krb/mk_safe.c +++ b/src/lib/krb5/krb/mk_safe.c @@ -90,8 +90,9 @@ krb5_mk_safe_basic(context, userdata, keyblock, replaydata, local_addr, if ((retval = encode_krb5_safe(&safemsg, &scratch1))) return retval; - if (!(safe_checksum.contents = - (krb5_octet *) malloc(krb5_checksum_size(context, sumtype)))) { + safe_checksum.length = krb5_checksum_size(context, sumtype); + if (!(safe_checksum.contents = (krb5_octet *) malloc(safe_checksum.length))) { + retval = ENOMEM; goto cleanup_scratch; } diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c index 16f00c095..ac4e27735 100644 --- a/src/lib/krb5/krb/send_tgs.c +++ b/src/lib/krb5/krb/send_tgs.c @@ -60,9 +60,8 @@ krb5_send_tgs_basic(context, in_data, in_cred, outbuf) krb5_data * toutbuf; /* Generate checksum */ - if ((checksum.contents = (krb5_octet *) - malloc(krb5_checksum_size(context, - context->kdc_req_sumtype))) == NULL) + checksum.length = krb5_checksum_size(context, context->kdc_req_sumtype); + if ((checksum.contents = (krb5_octet *) malloc(checksum.length)) == NULL) return(ENOMEM); if ((retval = krb5_calculate_checksum(context, context->kdc_req_sumtype, diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c index 32182cbbf..c45321ee6 100644 --- a/src/lib/krb5/krb/str_conv.c +++ b/src/lib/krb5/krb/str_conv.c @@ -120,7 +120,7 @@ static const char cstype_descbc_in[] = "des-cbc"; static const char cstype_md5_in[] = "md5"; static const char cstype_md5des_in[] = "md5-des"; static const char cstype_sha_in[] = "sha"; -static const char cstype_shades3_in[] = "sha-des3"; +static const char cstype_hmacsha_in[] = "hmac-sha"; static const char cstype_crc32_out[] = "CRC-32"; static const char cstype_md4_out[] = "RSA-MD4"; static const char cstype_md4des_out[] = "RSA-MD4 with DES cbc mode"; @@ -128,7 +128,7 @@ static const char cstype_descbc_out[] = "DES cbc mode"; static const char cstype_md5_out[] = "RSA-MD5"; static const char cstype_md5des_out[] = "RSA-MD5 with DES cbc mode"; static const char cstype_sha_out[] = "NIST-SHA"; -static const char cstype_shades3_out[] = "NIST-SHA with DES-3 cbc mode"; +static const char cstype_hmacsha_out[] = "HMAC-SHA"; /* Absolute time strings */ static const char atime_full_digits[] = "%y%m%d%H%M%S"; @@ -217,7 +217,7 @@ static const struct cksumtype_lookup_entry cksumtype_table[] = { { CKSUMTYPE_RSA_MD5, cstype_md5_in, cstype_md5_out }, { CKSUMTYPE_RSA_MD5_DES, cstype_md5des_in, cstype_md5des_out }, { CKSUMTYPE_NIST_SHA, cstype_sha_in, cstype_sha_out }, -{ CKSUMTYPE_NIST_SHA_DES3,cstype_shades3_in, cstype_shades3_out } +{ CKSUMTYPE_HMAC_SHA, cstype_hmacsha_in, cstype_hmacsha_out } }; static const int cksumtype_table_nents = sizeof(cksumtype_table)/ sizeof(cksumtype_table[0]); -- 2.26.2