* k5seal.c k5unseal.c util_cksum.c:

        setup krb5_checksum "contents" and "length" field prior to
        calling krb5_calculate_checksum().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8029 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 14 insertions, 11 deletions

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index b58ed1e..8811247 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,9 @@
+Tue May 14 19:09:49 1996  Richard Basch  <basch@lehman.com>
+
+	* k5seal.c k5unseal.c util_cksum.c:
+		setup krb5_checksum "contents" and "length" field prior to
+		calling krb5_calculate_checksum().
+
 Tue May 14 04:42:11 1996  Theodore Y. Ts'o  <tytso@mit.edu>
 
 	* init_sec_context.c (make_ap_req): Change call to
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index bb8818c..4e5c78b 100644
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -40,6 +40,7 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
    krb5_error_code code;
    krb5_MD5_CTX md5;
    krb5_checksum desmac;
+   krb5_octet cbc_checksum[KRB5_MIT_DES_KEYSIZE];
    int tmsglen, tlen;
    unsigned char *t, *ptr;
 
@@ -146,6 +147,8 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
    /* XXX this depends on the key being a single-des key, but that's
       all that kerberos supports right now */
 
+   desmac.length = sizeof(cbc_checksum);
+   desmac.contents = cbc_checksum;
    if (code = krb5_calculate_checksum(context, CKSUMTYPE_DESCBC, md5.digest, 16,
 				      seq_ed->key->contents, 
 				      seq_ed->key->length,
@@ -156,9 +159,6 @@ make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token,
 
    memcpy(ptr+14, desmac.contents, 8);
 
-   /* XXX krb5_free_checksum_contents? */
-   xfree(desmac.contents);
-
    /* create the seq_num */
 
    if (code = kg_make_seq_num(seq_ed, direction?0:0xff, *seqnum,
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index e8219de..1b4288c 100644
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -49,6 +49,7 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
    gss_buffer_desc token;
    unsigned char *ptr;
    krb5_checksum desmac;
+   krb5_octet cbc_checksum[KRB5_MIT_DES_KEYSIZE];
    krb5_MD5_CTX md5;
    unsigned char *cksum;
    krb5_timestamp now;
@@ -174,7 +175,8 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
 
       /* XXX this depends on the key being a single-des key, but that's
 	 all that kerberos supports right now */
-
+      desmac.length = sizeof(cbc_checksum);
+      desmac.contents = cbc_checksum;
       if (code = krb5_calculate_checksum(context, CKSUMTYPE_DESCBC, md5.digest,
 					 16, ctx->seq.key->contents, 
 					 ctx->seq.key->length,
@@ -217,17 +219,12 @@ kg_unseal(context, minor_status, context_handle, input_token_buffer,
    /* compare the computed checksum against the transmitted checksum */
 
    if (memcmp(cksum, ptr+14, 8) != 0) {
-      if (signalg == 0)
-	 xfree(desmac.contents);
       if ((toktype == KG_TOK_SEAL_MSG) || (toktype == KG_TOK_WRAP_MSG))
 	 xfree(token.value);
       *minor_status = 0;
       return(GSS_S_BAD_SIG);
    }
 
-   if (signalg == 0)
-      xfree(desmac.contents);
-
    /* XXX this is where the seq_num check would go */
    
    /* it got through unscathed.  Make sure the context is unexpired */
diff --git a/src/lib/gssapi/krb5/util_cksum.c b/src/lib/gssapi/krb5/util_cksum.c
index b762aa1..0b46d0e 100644
--- a/src/lib/gssapi/krb5/util_cksum.c
+++ b/src/lib/gssapi/krb5/util_cksum.c
@@ -61,8 +61,8 @@ kg_checksum_channel_bindings(cb, cksum, bigend)
       return(ENOMEM);
 
    /* allocate the cksum contents buffer */
-   if ((cksum->contents = (krb5_octet *)
-	xmalloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5))) == NULL) {
+   cksum->length = krb5_checksum_size(context, CKSUMTYPE_RSA_MD5);
+   if ((cksum->contents = (krb5_octet *) xmalloc(cksum->length)) == NULL) {
       free(buf);
       return(ENOMEM);
    }