From 529e72785f09c36a9aa34fd7f3fc30fb41a1c92e Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 12 Jan 2009 18:29:42 +0000 Subject: Add message hash support to the replay interface, using extension records (with an empty client string) to retain compatibility with old code. For rd_req, the ciphertext of the authenticator (with no ASN.1 wrapping) is hashed; for other uses of the replay cache, no message hash is used at this time. This commit adds a command-line tool for testing the replay cache but does not add any automated tests. ticket: 1201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21723 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/k5-int.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/include') diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 43f130710..9ad55694e 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2177,6 +2177,7 @@ typedef struct _krb5_donot_replay { krb5_ui_4 hash; char *server; /* null-terminated */ char *client; /* null-terminated */ + char *msghash; /* null-terminated */ krb5_int32 cusec; krb5_timestamp ctime; } krb5_donot_replay; @@ -2201,6 +2202,9 @@ krb5_error_code krb5_auth_to_rep (krb5_context, krb5_tkt_authent *, krb5_donot_replay *); +krb5_error_code krb5_rc_hash_message + (krb5_context context, + const krb5_data *message, char **out); krb5_error_code KRB5_CALLCONV krb5_rc_initialize -- cgit