* mk_req_ext.c mk_safe.c send_tgs.c:

        set the length field of the krb5_checksum structure before
        calling krb5_calculate_checksum.

* str_conv.c: replaced sha-des3 cksum with hmac-sha.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8021 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index c94c31cfa18d1465e280ef5952cdeb49296e1d57..1696cb5dce2cb792272e0479c72419983b8a821e 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,11 @@
+Tue May 14 18:39:22 1996  Richard Basch  <basch@lehman.com>
+
+       * mk_req_ext.c mk_safe.c send_tgs.c:
+               set the length field of the krb5_checksum structure before
+               calling krb5_calculate_checksum.
+
+       * str_conv.c: replaced sha-des3 cksum with hmac-sha.
+
 Tue May 14 02:53:42 1996  Theodore Y. Ts'o  <tytso@mit.edu>
 
        * ser_ctx.c (krb5_context_size, krb5_context_externalize,

diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index 8193d3016c1de14e1ba97a5d41459c9995351949..733dd319ccd4f386520ff7e5074bf273edd73a25 100644 (file)
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -137,27 +137,28 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds,
 
 
     if (in_data) {
-      if ((*auth_context)->req_cksumtype == 0x8003) {
-       /* XXX Special hack for GSSAPI */
-       checksum.checksum_type = 0x8003;
-       checksum.length = in_data->length;
-       checksum.contents = (krb5_octet *) in_data->data;
-      } else  {
-       /* Generate checksum, XXX What should the seed be? */
-       if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context,
-                                (*auth_context)->req_cksumtype))) == NULL) {
-         retval = ENOMEM;
-         goto cleanup;
+       if ((*auth_context)->req_cksumtype == 0x8003) {
+           /* XXX Special hack for GSSAPI */
+           checksum.checksum_type = 0x8003;
+           checksum.length = in_data->length;
+           checksum.contents = (krb5_octet *) in_data->data;
+       } else  {
+           /* Generate checksum, XXX What should the seed be? */
+           checksum.length =
+               krb5_checksum_size(context, (*auth_context)->req_cksumtype);
+           if ((checksum.contents = (krb5_octet *)malloc(checksum.length)) == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+           if ((retval = krb5_calculate_checksum(context, 
+                                       (*auth_context)->req_cksumtype, 
+                                       in_data->data, in_data->length,
+                                       (*auth_context)->keyblock->contents,
+                                       (*auth_context)->keyblock->length,
+                                       &checksum)))
+               goto cleanup_cksum;
        }
-       if ((retval = krb5_calculate_checksum(context, 
-                                             (*auth_context)->req_cksumtype, 
-                                             in_data->data, in_data->length,
-                                             (*auth_context)->keyblock->contents,
-                                             (*auth_context)->keyblock->length,
-                                             &checksum)))
-         goto cleanup_cksum;
-      }
-      checksump = &checksum;
+       checksump = &checksum;
     }
 
     /* Generate authenticator */

diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c
index 816b26d861a6cf43f838f83cc2b9bf363c029a69..dfa253a4eda42aab79522cd385ae4013a1a9c5dd 100644 (file)
--- a/src/lib/krb5/krb/mk_safe.c
+++ b/src/lib/krb5/krb/mk_safe.c
@@ -90,8 +90,9 @@ krb5_mk_safe_basic(context, userdata, keyblock, replaydata, local_addr,
     if ((retval = encode_krb5_safe(&safemsg, &scratch1)))
        return retval;
 
-    if (!(safe_checksum.contents =
-         (krb5_octet *) malloc(krb5_checksum_size(context, sumtype)))) {
+    safe_checksum.length = krb5_checksum_size(context, sumtype);
+    if (!(safe_checksum.contents = (krb5_octet *) malloc(safe_checksum.length))) {
+
        retval = ENOMEM;
        goto cleanup_scratch;
     }

diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c
index 16f00c095f489845176afe15c6a97c4824ad52e5..ac4e27735b67523e502031b5834cbd12adbaf620 100644 (file)
--- a/src/lib/krb5/krb/send_tgs.c
+++ b/src/lib/krb5/krb/send_tgs.c
@@ -60,9 +60,8 @@ krb5_send_tgs_basic(context, in_data, in_cred, outbuf)
     krb5_data           * toutbuf;
 
     /* Generate checksum */
-    if ((checksum.contents = (krb5_octet *)
-        malloc(krb5_checksum_size(context,
-                                  context->kdc_req_sumtype))) == NULL) 
+    checksum.length = krb5_checksum_size(context, context->kdc_req_sumtype);
+    if ((checksum.contents = (krb5_octet *) malloc(checksum.length)) == NULL)
         return(ENOMEM);
 
     if ((retval = krb5_calculate_checksum(context, context->kdc_req_sumtype,

diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c
index 32182cbbf03615ed5be4ef1eb4e61d66f5699a8e..c45321ee6a4bec92c53e1ab83c3c89ed6b4c4703 100644 (file)
--- a/src/lib/krb5/krb/str_conv.c
+++ b/src/lib/krb5/krb/str_conv.c
@@ -120,7 +120,7 @@ static const char cstype_descbc_in[]        = "des-cbc";
 static const char cstype_md5_in[]      = "md5";
 static const char cstype_md5des_in[]   = "md5-des";
 static const char cstype_sha_in[]      = "sha";
-static const char cstype_shades3_in[]  = "sha-des3";
+static const char cstype_hmacsha_in[]  = "hmac-sha";
 static const char cstype_crc32_out[]   = "CRC-32";
 static const char cstype_md4_out[]     = "RSA-MD4";
 static const char cstype_md4des_out[]  = "RSA-MD4 with DES cbc mode";
@@ -128,7 +128,7 @@ static const char cstype_descbc_out[]       = "DES cbc mode";
 static const char cstype_md5_out[]     = "RSA-MD5";
 static const char cstype_md5des_out[]  = "RSA-MD5 with DES cbc mode";
 static const char cstype_sha_out[]     = "NIST-SHA";
-static const char cstype_shades3_out[] = "NIST-SHA with DES-3 cbc mode";
+static const char cstype_hmacsha_out[] = "HMAC-SHA";
 
 /* Absolute time strings */
 static const char atime_full_digits[]  = "%y%m%d%H%M%S";
@@ -217,7 +217,7 @@ static const struct cksumtype_lookup_entry cksumtype_table[] = {
 { CKSUMTYPE_RSA_MD5,      cstype_md5_in,       cstype_md5_out          },
 { CKSUMTYPE_RSA_MD5_DES,  cstype_md5des_in,    cstype_md5des_out       },
 { CKSUMTYPE_NIST_SHA,     cstype_sha_in,       cstype_sha_out          },
-{ CKSUMTYPE_NIST_SHA_DES3,cstype_shades3_in,   cstype_shades3_out      }
+{ CKSUMTYPE_HMAC_SHA,    cstype_hmacsha_in,    cstype_hmacsha_out      }
 };
 static const int cksumtype_table_nents = sizeof(cksumtype_table)/
                                         sizeof(cksumtype_table[0]);