(verify_mic_des3): fix 3des verify_mic to conform to rfc (and mit
kerberos), provide backward compat hook git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11624 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -141,6 +141,7 @@ verify_mic_des3
|
|||||||
int cmp;
|
int cmp;
|
||||||
Checksum csum;
|
Checksum csum;
|
||||||
char *tmp;
|
char *tmp;
|
||||||
|
char ivec[8];
|
||||||
|
|
||||||
p = token_buffer->value;
|
p = token_buffer->value;
|
||||||
ret = gssapi_krb5_verify_header (&p,
|
ret = gssapi_krb5_verify_header (&p,
|
||||||
@@ -167,11 +168,15 @@ verify_mic_des3
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* verify sequence number */
|
/* verify sequence number */
|
||||||
|
if (context_handle->more_flags & COMPAT_OLD_DES3)
|
||||||
|
memset(ivec, 0, 8);
|
||||||
|
else
|
||||||
|
memcpy(ivec, p + 8, 8);
|
||||||
|
|
||||||
ret = krb5_decrypt (gssapi_krb5_context,
|
ret = krb5_decrypt_ivec (gssapi_krb5_context,
|
||||||
crypto,
|
crypto,
|
||||||
KRB5_KU_USAGE_SEQ,
|
KRB5_KU_USAGE_SEQ,
|
||||||
p, 8, &seq_data);
|
p, 8, &seq_data, ivec);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -141,6 +141,7 @@ verify_mic_des3
|
|||||||
int cmp;
|
int cmp;
|
||||||
Checksum csum;
|
Checksum csum;
|
||||||
char *tmp;
|
char *tmp;
|
||||||
|
char ivec[8];
|
||||||
|
|
||||||
p = token_buffer->value;
|
p = token_buffer->value;
|
||||||
ret = gssapi_krb5_verify_header (&p,
|
ret = gssapi_krb5_verify_header (&p,
|
||||||
@@ -167,11 +168,15 @@ verify_mic_des3
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* verify sequence number */
|
/* verify sequence number */
|
||||||
|
if (context_handle->more_flags & COMPAT_OLD_DES3)
|
||||||
|
memset(ivec, 0, 8);
|
||||||
|
else
|
||||||
|
memcpy(ivec, p + 8, 8);
|
||||||
|
|
||||||
ret = krb5_decrypt (gssapi_krb5_context,
|
ret = krb5_decrypt_ivec (gssapi_krb5_context,
|
||||||
crypto,
|
crypto,
|
||||||
KRB5_KU_USAGE_SEQ,
|
KRB5_KU_USAGE_SEQ,
|
||||||
p, 8, &seq_data);
|
p, 8, &seq_data, ivec);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
gssapi_krb5_set_error_string ();
|
gssapi_krb5_set_error_string ();
|
||||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||||
|
|||||||
Reference in New Issue
Block a user