diff options
| author | Nalin Dahyabhai <nalin@redhat.com> | 2010-11-30 12:19:40 -0500 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@redhat.com> | 2010-11-30 12:19:40 -0500 |
| commit | c1d9e749c9273ac042a7ac7690a55c70c8ad9a6a (patch) | |
| tree | 6f8a03594f2ff4fc639160b5aff5d34f567967a0 | |
| parent | 17532fd0b8c11931a12e5ed751ce3fc44d6d637f (diff) | |
| download | krb5-c1d9e749c9273ac042a7ac7690a55c70c8ad9a6a.tar.gz krb5-c1d9e749c9273ac042a7ac7690a55c70c8ad9a6a.tar.xz krb5-c1d9e749c9273ac042a7ac7690a55c70c8ad9a6a.zip | |
fixup whitespace so that it'll apply cleanly
| -rw-r--r-- | krb5-1.7-MITKRB5SA-2010-007.patch | 155 |
1 files changed, 77 insertions, 78 deletions
diff --git a/krb5-1.7-MITKRB5SA-2010-007.patch b/krb5-1.7-MITKRB5SA-2010-007.patch index 051d6ed..9be516f 100644 --- a/krb5-1.7-MITKRB5SA-2010-007.patch +++ b/krb5-1.7-MITKRB5SA-2010-007.patch @@ -13,46 +13,46 @@ Index: krb5-1.7/src/plugins/preauth/pkinit/pkinit_srv.c pkinit_kdc_context plgctx; pkinit_kdc_req_context reqctx; @@ -851,14 +850,24 @@ - retval = ENOMEM; - goto cleanup; - } -- /* retrieve checksums for a given enctype of the reply key */ -- retval = krb5_c_keyed_checksum_types(context, -- encrypting_key->enctype, &num_types, &cksum_types); -- if (retval) -- goto cleanup; -+ switch (encrypting_key->enctype) { -+ case ENCTYPE_DES_CBC_MD4: -+ cksum_type = CKSUMTYPE_RSA_MD4_DES; -+ break; -+ case ENCTYPE_DES_CBC_MD5: -+ case ENCTYPE_DES_CBC_CRC: -+ cksum_type = CKSUMTYPE_RSA_MD5_DES; -+ break; -+ default: -+ retval = krb5int_c_mandatory_cksumtype(context, -+ encrypting_key->enctype, -+ &cksum_type); -+ if (retval) -+ goto cleanup; -+ break; -+ } + retval = ENOMEM; + goto cleanup; + } +- /* retrieve checksums for a given enctype of the reply key */ +- retval = krb5_c_keyed_checksum_types(context, +- encrypting_key->enctype, &num_types, &cksum_types); +- if (retval) +- goto cleanup; ++ switch (encrypting_key->enctype) { ++ case ENCTYPE_DES_CBC_MD4: ++ cksum_type = CKSUMTYPE_RSA_MD4_DES; ++ break; ++ case ENCTYPE_DES_CBC_MD5: ++ case ENCTYPE_DES_CBC_CRC: ++ cksum_type = CKSUMTYPE_RSA_MD5_DES; ++ break; ++ default: ++ retval = krb5int_c_mandatory_cksumtype(context, ++ encrypting_key->enctype, ++ &cksum_type); ++ if (retval) ++ goto cleanup; ++ break; ++ } -- /* pick the first of acceptable enctypes for the checksum */ -- retval = krb5_c_make_checksum(context, cksum_types[0], -+ retval = krb5_c_make_checksum(context, cksum_type, - encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, - req_pkt, &key_pack->asChecksum); - if (retval) { +- /* pick the first of acceptable enctypes for the checksum */ +- retval = krb5_c_make_checksum(context, cksum_types[0], ++ retval = krb5_c_make_checksum(context, cksum_type, + encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, + req_pkt, &key_pack->asChecksum); + if (retval) { @@ -1006,8 +1015,6 @@ - free(dh_pubkey); + free(dh_pubkey); if (server_key != NULL) - free(server_key); + free(server_key); - if (cksum_types != NULL) -- free(cksum_types); +- free(cksum_types); switch ((int)padata->pa_type) { - case KRB5_PADATA_PK_AS_REQ: + case KRB5_PADATA_PK_AS_REQ: Index: krb5-1.7/src/lib/crypto/keyed_checksum_types.c =================================================================== --- krb5-1.7/src/lib/crypto/keyed_checksum_types.c (revision 24455) @@ -73,7 +73,7 @@ Index: krb5-1.7/src/lib/crypto/keyed_checksum_types.c + c = 0; for (i=0; i<krb5_cksumtypes_length; i++) { - if ((krb5_cksumtypes_list[i].keyhash && + if ((krb5_cksumtypes_list[i].keyhash && Index: krb5-1.7/src/lib/crypto/dk/derive.c =================================================================== --- krb5-1.7/src/lib/crypto/dk/derive.c (revision 24455) @@ -83,10 +83,10 @@ Index: krb5-1.7/src/lib/crypto/dk/derive.c keylength = enc->keylength; + if (blocksize == 1) -+ return(KRB5_BAD_ENCTYPE); ++ return(KRB5_BAD_ENCTYPE); if ((inkey->length != keylength) || - (outkey->length != keylength)) - return(KRB5_CRYPTO_INTERNAL); + (outkey->length != keylength)) + return(KRB5_CRYPTO_INTERNAL); Index: krb5-1.7/src/lib/gssapi/krb5/util_crypt.c =================================================================== --- krb5-1.7/src/lib/gssapi/krb5/util_crypt.c (revision 24455) @@ -141,16 +141,16 @@ Index: krb5-1.7/src/lib/krb5/krb/preauth2.c - while (*cksum) { + for (; *cksum; cksum++) { -+ if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type)) -+ continue; - /* Check this cksum */ - retval = krb5_c_verify_checksum(context, as_key, - KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM, ++ if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type)) ++ continue; + /* Check this cksum */ + retval = krb5_c_verify_checksum(context, as_key, + KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM, @@ -1593,7 +1595,6 @@ - } - if (valid_cksum) - break; -- cksum++; + } + if (valid_cksum) + break; +- cksum++; } if (!valid_cksum) { @@ -159,36 +159,35 @@ Index: krb5-1.7/src/lib/krb5/krb/mk_safe.c --- krb5-1.7/src/lib/krb5/krb/mk_safe.c (revision 24455) +++ krb5-1.7/src/lib/krb5/krb/mk_safe.c (working copy) @@ -213,10 +213,29 @@ - for (i = 0; i < nsumtypes; i++) - if (auth_context->safe_cksumtype == sumtypes[i]) - break; -- if (i == nsumtypes) -- i = 0; -- sumtype = sumtypes[i]; - krb5_free_cksumtypes (context, sumtypes); -+ if (i < nsumtypes) -+ sumtype = auth_context->safe_cksumtype; -+ else { -+ switch (keyblock->enctype) { -+ case ENCTYPE_DES_CBC_MD4: -+ sumtype = CKSUMTYPE_RSA_MD4_DES; -+ break; -+ case ENCTYPE_DES_CBC_MD5: -+ case ENCTYPE_DES_CBC_CRC: -+ sumtype = CKSUMTYPE_RSA_MD5_DES; -+ break; -+ default: -+ retval = krb5int_c_mandatory_cksumtype(context, -+ keyblock->enctype, -+ &sumtype); -+ if (retval) { -+ CLEANUP_DONE(); -+ goto error; -+ } -+ break; -+ } -+ } + for (i = 0; i < nsumtypes; i++) + if (auth_context->safe_cksumtype == sumtypes[i]) + break; +- if (i == nsumtypes) +- i = 0; +- sumtype = sumtypes[i]; + krb5_free_cksumtypes (context, sumtypes); ++ if (i < nsumtypes) ++ sumtype = auth_context->safe_cksumtype; ++ else { ++ switch (keyblock->enctype) { ++ case ENCTYPE_DES_CBC_MD4: ++ sumtype = CKSUMTYPE_RSA_MD4_DES; ++ break; ++ case ENCTYPE_DES_CBC_MD5: ++ case ENCTYPE_DES_CBC_CRC: ++ sumtype = CKSUMTYPE_RSA_MD5_DES; ++ break; ++ default: ++ retval = krb5int_c_mandatory_cksumtype(context, ++ keyblock->enctype, ++ &sumtype); ++ if (retval) { ++ CLEANUP_DONE(); ++ goto error; ++ } ++ break; ++ } ++ } } if ((retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata, - plocal_fulladdr, premote_fulladdr, - + plocal_fulladdr, premote_fulladdr, |