src - FreeBSD source tree

diff options


context:
space:
mode:

author	Stanislav Sedov <stas@FreeBSD.org>	2011-10-05 07:23:29 +0000
committer	Stanislav Sedov <stas@FreeBSD.org>	2011-10-05 07:23:29 +0000
commit	7c450da7b446c557e05f34a100b597800967d987 (patch)
tree	57a48e7e9b592f2d5b713e80a4455820625c2b7b /lib/gssapi/krb5/8003.c
parent	b4e3a10e9339a8400197298021d6ca9b8e3aa039 (diff)

vendor/heimdal/1.5

Diffstat (limited to 'lib/gssapi/krb5/8003.c')

-rw-r--r--

lib/gssapi/krb5/8003.c

127

1 files changed, 62 insertions, 65 deletions

diff --git a/lib/gssapi/krb5/8003.c b/lib/gssapi/krb5/8003.c
index 619cbf97fcbd..d4555c51042b 100644
--- a/lib/gssapi/krb5/8003.c
+++ b/lib/gssapi/krb5/8003.c

@@ -1,39 +1,37 @@

- * (Royal Institute of Technology, Stockholm, Sweden).

+ * (Royal Institute of Technology, Stockholm, Sweden).

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

- * 1. Redistributions of source code must retain the above copyright

- * notice, this list of conditions and the following disclaimer.

+ * 1. Redistributions of source code must retain the above copyright

+ * notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the

- * documentation and/or other materials provided with the distribution.

+ * 2. Redistributions in binary form must reproduce the above copyright

+ * notice, this list of conditions and the following disclaimer in the

+ * documentation and/or other materials provided with the distribution.

- * 3. Neither the name of the Institute nor the names of its contributors

- * may be used to endorse or promote products derived from this software

- * without specific prior written permission.

+ * 3. Neither the name of the Institute nor the names of its contributors

+ * may be used to endorse or promote products derived from this software

+ * without specific prior written permission.

- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

- * SUCH DAMAGE.

+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

+ * SUCH DAMAGE.

-#include "krb5/gsskrb5_locl.h"

-RCSID("$Id: 8003.c 18334 2006-10-07 22:16:04Z lha $");

+#include "gsskrb5_locl.h"

krb5_error_code

_gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p)

@@ -76,32 +74,36 @@ hash_input_chan_bindings (const gss_channel_bindings_t b,

u_char *p)

{

u_char num[4];

- MD5_CTX md5;

+ EVP_MD_CTX *ctx;

+ ctx = EVP_MD_CTX_create();

+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);

- MD5_Init(&md5);

_gsskrb5_encode_om_uint32 (b->initiator_addrtype, num);

- MD5_Update (&md5, num, sizeof(num));

+ EVP_DigestUpdate(ctx, num, sizeof(num));

_gsskrb5_encode_om_uint32 (b->initiator_address.length, num);

- MD5_Update (&md5, num, sizeof(num));

+ EVP_DigestUpdate(ctx, num, sizeof(num));

if (b->initiator_address.length)

- MD5_Update (&md5,

- b->initiator_address.value,

- b->initiator_address.length);

+ EVP_DigestUpdate(ctx,

+ b->initiator_address.value,

+ b->initiator_address.length);

_gsskrb5_encode_om_uint32 (b->acceptor_addrtype, num);

- MD5_Update (&md5, num, sizeof(num));

+ EVP_DigestUpdate(ctx, num, sizeof(num));

_gsskrb5_encode_om_uint32 (b->acceptor_address.length, num);

- MD5_Update (&md5, num, sizeof(num));

+ EVP_DigestUpdate(ctx, num, sizeof(num));

if (b->acceptor_address.length)

- MD5_Update (&md5,

- b->acceptor_address.value,

- b->acceptor_address.length);

+ EVP_DigestUpdate(ctx,

+ b->acceptor_address.value,

+ b->acceptor_address.length);

_gsskrb5_encode_om_uint32 (b->application_data.length, num);

- MD5_Update (&md5, num, sizeof(num));

+ EVP_DigestUpdate(ctx, num, sizeof(num));

if (b->application_data.length)

- MD5_Update (&md5,

- b->application_data.value,

- b->application_data.length);

- MD5_Final (p, &md5);

+ EVP_DigestUpdate(ctx,

+ b->application_data.value,

+ b->application_data.length);

+ EVP_DigestFinal_ex(ctx, p, NULL);

+ EVP_MD_CTX_destroy(ctx);

return 0;

}

@@ -113,7 +115,7 @@ hash_input_chan_bindings (const gss_channel_bindings_t b,

OM_uint32

_gsskrb5_create_8003_checksum (

- OM_uint32 *minor_status,

+ OM_uint32 *minor_status,

const gss_channel_bindings_t input_chan_bindings,

OM_uint32 flags,

const krb5_data *fwd_data,

@@ -121,20 +123,20 @@ _gsskrb5_create_8003_checksum (

{

u_char *p;

- /*

- * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value

+ /*

+ * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value

* field's format) */

result->cksumtype = CKSUMTYPE_GSSAPI;

if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))

result->checksum.length = 24 + 4 + fwd_data->length;

- else

+ else

result->checksum.length = 24;

result->checksum.data = malloc (result->checksum.length);

if (result->checksum.data == NULL) {

*minor_status = ENOMEM;

return GSS_S_FAILURE;

}

p = result->checksum.data;

_gsskrb5_encode_om_uint32 (16, p);

p += 4;

@@ -157,7 +159,7 @@ _gsskrb5_create_8003_checksum (

p += fwd_data->length;

}

return GSS_S_COMPLETE;

}

@@ -168,7 +170,7 @@ _gsskrb5_create_8003_checksum (

OM_uint32

_gsskrb5_verify_8003_checksum(

- OM_uint32 *minor_status,

+ OM_uint32 *minor_status,

const gss_channel_bindings_t input_chan_bindings,

const Checksum *cksum,

OM_uint32 *flags,

@@ -180,40 +182,35 @@ _gsskrb5_verify_8003_checksum(

int DlgOpt;

static unsigned char zeros[16];

- if (cksum == NULL) {

- *minor_status = 0;

- return GSS_S_BAD_BINDINGS;

- }

/* XXX should handle checksums > 24 bytes */

if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) {

*minor_status = 0;

return GSS_S_BAD_BINDINGS;

}

p = cksum->checksum.data;

_gsskrb5_decode_om_uint32(p, &length);

if(length != sizeof(hash)) {

*minor_status = 0;

return GSS_S_BAD_BINDINGS;

}

p += 4;

if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS

&& memcmp(p, zeros, sizeof(zeros)) != 0) {

if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {

*minor_status = 0;

return GSS_S_BAD_BINDINGS;

}

- if(memcmp(hash, p, sizeof(hash)) != 0) {

+ if(ct_memcmp(hash, p, sizeof(hash)) != 0) {

*minor_status = 0;

return GSS_S_BAD_BINDINGS;

}

p += sizeof(hash);

_gsskrb5_decode_om_uint32(p, flags);

p += 4;

@@ -222,7 +219,7 @@ _gsskrb5_verify_8003_checksum(

*minor_status = 0;

return GSS_S_BAD_BINDINGS;

}

DlgOpt = (p[0] << 0) | (p[1] << 8);

p += 2;

if (DlgOpt != 1) {

@@ -243,6 +240,6 @@ _gsskrb5_verify_8003_checksum(

}

memcpy(fwd_data->data, p, fwd_data->length);

}

return GSS_S_COMPLETE;

}