EC is not included in the checksum since the length might change
depending on the data. From: Luke Howard <lukeh@PADL.COM> git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12746 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -253,9 +253,13 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
|
|||||||
* In Wrap tokens without confidentiality, the EC field is
|
* In Wrap tokens without confidentiality, the EC field is
|
||||||
* used to encode the size (in bytes) of the trailing
|
* used to encode the size (in bytes) of the trailing
|
||||||
* checksum.
|
* checksum.
|
||||||
|
*
|
||||||
|
* This is not used in the checksum calcuation itself,
|
||||||
|
* because the checksum length could potentially vary
|
||||||
|
* depending on the data length.
|
||||||
*/
|
*/
|
||||||
token->EC[0] = (cksumsize >> 0) & 0xFF;
|
token->EC[0] = 0;
|
||||||
token->EC[1] = (cksumsize >> 8) & 0xFF;
|
token->EC[1] = 0;
|
||||||
}
|
}
|
||||||
token->RRC[0] = (rrc >> 0) & 0xFF;
|
token->RRC[0] = (rrc >> 0) & 0xFF;
|
||||||
token->RRC[1] = (rrc >> 8) & 0xFF;
|
token->RRC[1] = (rrc >> 8) & 0xFF;
|
||||||
@@ -355,6 +359,10 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
|
|||||||
|
|
||||||
free(buf);
|
free(buf);
|
||||||
|
|
||||||
|
assert(cksum.checksum.length == cksumsize);
|
||||||
|
token->EC[0] = (cksum.checksum.length >> 0) & 0xFF;
|
||||||
|
token->EC[1] = (cksum.checksum.length >> 8) & 0xFF;
|
||||||
|
|
||||||
p += sizeof(*token);
|
p += sizeof(*token);
|
||||||
memcpy(p, input_message_buffer->value, input_message_buffer->length);
|
memcpy(p, input_message_buffer->value, input_message_buffer->length);
|
||||||
memcpy(p + input_message_buffer->length,
|
memcpy(p + input_message_buffer->length,
|
||||||
@@ -555,6 +563,12 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
|
|||||||
memcpy((u_char *)output_message_buffer->value + len,
|
memcpy((u_char *)output_message_buffer->value + len,
|
||||||
token, sizeof(*token));
|
token, sizeof(*token));
|
||||||
|
|
||||||
|
/* EC is not included in checksum calculation */
|
||||||
|
token = (gss_cfx_wrap_token)((u_char *)output_message_buffer->value +
|
||||||
|
len);
|
||||||
|
token->EC[0] = 0;
|
||||||
|
token->EC[1] = 0;
|
||||||
|
|
||||||
ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
|
ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
|
||||||
usage,
|
usage,
|
||||||
output_message_buffer->value,
|
output_message_buffer->value,
|
||||||
|
|||||||
@@ -253,9 +253,13 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
|
|||||||
* In Wrap tokens without confidentiality, the EC field is
|
* In Wrap tokens without confidentiality, the EC field is
|
||||||
* used to encode the size (in bytes) of the trailing
|
* used to encode the size (in bytes) of the trailing
|
||||||
* checksum.
|
* checksum.
|
||||||
|
*
|
||||||
|
* This is not used in the checksum calcuation itself,
|
||||||
|
* because the checksum length could potentially vary
|
||||||
|
* depending on the data length.
|
||||||
*/
|
*/
|
||||||
token->EC[0] = (cksumsize >> 0) & 0xFF;
|
token->EC[0] = 0;
|
||||||
token->EC[1] = (cksumsize >> 8) & 0xFF;
|
token->EC[1] = 0;
|
||||||
}
|
}
|
||||||
token->RRC[0] = (rrc >> 0) & 0xFF;
|
token->RRC[0] = (rrc >> 0) & 0xFF;
|
||||||
token->RRC[1] = (rrc >> 8) & 0xFF;
|
token->RRC[1] = (rrc >> 8) & 0xFF;
|
||||||
@@ -355,6 +359,10 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
|
|||||||
|
|
||||||
free(buf);
|
free(buf);
|
||||||
|
|
||||||
|
assert(cksum.checksum.length == cksumsize);
|
||||||
|
token->EC[0] = (cksum.checksum.length >> 0) & 0xFF;
|
||||||
|
token->EC[1] = (cksum.checksum.length >> 8) & 0xFF;
|
||||||
|
|
||||||
p += sizeof(*token);
|
p += sizeof(*token);
|
||||||
memcpy(p, input_message_buffer->value, input_message_buffer->length);
|
memcpy(p, input_message_buffer->value, input_message_buffer->length);
|
||||||
memcpy(p + input_message_buffer->length,
|
memcpy(p + input_message_buffer->length,
|
||||||
@@ -555,6 +563,12 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
|
|||||||
memcpy((u_char *)output_message_buffer->value + len,
|
memcpy((u_char *)output_message_buffer->value + len,
|
||||||
token, sizeof(*token));
|
token, sizeof(*token));
|
||||||
|
|
||||||
|
/* EC is not included in checksum calculation */
|
||||||
|
token = (gss_cfx_wrap_token)((u_char *)output_message_buffer->value +
|
||||||
|
len);
|
||||||
|
token->EC[0] = 0;
|
||||||
|
token->EC[1] = 0;
|
||||||
|
|
||||||
ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
|
ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
|
||||||
usage,
|
usage,
|
||||||
output_message_buffer->value,
|
output_message_buffer->value,
|
||||||
|
|||||||
Reference in New Issue
Block a user