Make kerberos ciphersuite code work with newer header files (0858b71b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+8 −0

Original line number	Diff line number	Diff line
		@@ -780,6 +780,14 @@

		Changes between 0.9.7f and 0.9.7g [XX xxx xxxx]

		*) Fixes for newer kerberos headers. NB: the casts are needed because
		the 'length' field is signed on one version and unsigned on another
		with no (?) obvious way to tell the difference, without these VC++
		complains. Also the "definition" of FAR (blank) is no longer included
		nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
		some needed definitions.
		[Steve Henson]

		*) Undo Cygwin change.
		[Ulf Möller]

ssl/kssl.c

+12 −6

Original line number	Diff line number	Diff line
		@@ -73,6 +73,8 @@
		#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
		#include <string.h>

		#define KRB5_PRIVATE 1

		#include <openssl/ssl.h>
		#include <openssl/evp.h>
		#include <openssl/objects.h>
		@@ -80,6 +82,10 @@

		#ifndef OPENSSL_NO_KRB5

		#ifndef ENOMEM
		#define ENOMEM KRB5KRB_ERR_GENERIC
		#endif

		/*
		* When OpenSSL is built on Windows, we do not want to require that
		* the Kerberos DLLs be available in order for the OpenSSL DLLs to
		@@ -932,7 +938,7 @@ print_krb5_data(char label, krb5_data kdata)
		int i;

		printf("%s[%d] ", label, kdata->length);
		for (i=0; i < kdata->length; i++)
		for (i=0; i < (int)kdata->length; i++)
		{
		if (0 && isprint((int) kdata->data[i]))
		printf( "%c ", kdata->data[i]);
		@@ -984,14 +990,14 @@ print_krb5_keyblock(char label, krb5_keyblock keyblk)
		#ifdef KRB5_HEIMDAL
		printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
		keyblk->keyvalue->length);
		for (i=0; i < keyblk->keyvalue->length; i++)
		for (i=0; i < (int)keyblk->keyvalue->length; i++)
		{
		printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
		}
		printf("\n");
		#else
		printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
		for (i=0; i < keyblk->length; i++)
		for (i=0; i < (int)keyblk->length; i++)
		{
		printf("%02x",keyblk->contents[i]);
		}
		@@ -1010,12 +1016,12 @@ print_krb5_princ(char label, krb5_principal_data princ)

		printf("%s principal Realm: ", label);
		if (princ == NULL) return;
		for (ui=0; ui < princ->realm.length; ui++) putchar(princ->realm.data[ui]);
		for (ui=0; ui < (int)princ->realm.length; ui++) putchar(princ->realm.data[ui]);
		printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
		for (i=0; i < princ->length; i++)
		for (i=0; i < (int)princ->length; i++)
		{
		printf("\t%d [%d]: ", i, princ->data[i].length);
		for (uj=0; uj < princ->data[i].length; uj++) {
		for (uj=0; uj < (int)princ->data[i].length; uj++) {
		putchar(princ->data[i].data[uj]);
		}
		printf("\n");

ssl/kssl.h

+6 −0

Original line number	Diff line number	Diff line
		@@ -82,6 +82,12 @@ extern "C" {
		#ifdef KRB5_HEIMDAL
		typedef unsigned char krb5_octet;
		#define FAR
		#else

		#ifndef FAR
		#define FAR
		#endif

		#endif

		/* Uncomment this to debug kssl problems or

ssl/s3_srvr.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1850,8 +1850,8 @@ static int ssl3_get_client_key_exchange(SSL *s)
		goto err;
		}

		if (n != enc_ticket.length + authenticator.length +
		enc_pms.length + 6)
		if (n != (long)(enc_ticket.length + authenticator.length +
		enc_pms.length + 6))
		{
		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
		SSL_R_DATA_LENGTH_TOO_LONG);