Key usage values were inconsistent with spec; fix

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/raeburn-gssapi-cfx@15874 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index cc120d3e22dbc14c84c7bc4736ae85f612d22945..5c2f25a06bd165162cbff3182050f5845c6c20e0 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,8 @@
+2003-12-09  Sam Hartman  <hartmans@avalanche-breakdown.mit.edu>
+
+       * k5sealv3.c (gss_krb5int_unseal_token_v3
+       gss_krb5int_seal_token_v3):  Use correct key usages 
+
 2003-09-25  Ken Raeburn  <raeburn@mit.edu>
 
        * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Deleted fields

diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index b1e092b86b0921f5ab02d57f332076bf0df7f2a8..7fc75db5e3e10d0c8907bdd2d938807f4277eed3 100644 (file)
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -70,7 +70,7 @@
 #include "gssapi_err_krb5.h"
 
 /* for debugging */
-#define CFX_EXERCISE
+#undef CFX_EXERCISE
 
 /** constants **/
 

diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index 706d57c4549532248dcb4062ec641fd0bb529048..9d5024bd339fb36691576cfb02bcf28d44e11615 100644 (file)
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -87,11 +87,11 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
     acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR;
     key_usage = (toktype == KG_TOK_WRAP_MSG
                 ? (ctx->initiate
-                   ? KG_USAGE_INITIATOR_SIGN
-                   : KG_USAGE_ACCEPTOR_SIGN)
-                : (ctx->initiate
                    ? KG_USAGE_INITIATOR_SEAL
-                   : KG_USAGE_ACCEPTOR_SEAL));
+                   : KG_USAGE_ACCEPTOR_SEAL)
+                : (ctx->initiate
+                   ? KG_USAGE_INITIATOR_SIGN
+                   : KG_USAGE_ACCEPTOR_SIGN));
     if (ctx->have_acceptor_subkey) {
        _log("%s:%d: using acceptor subkey\n", SFILE, __LINE__);
        key = ctx->acceptor_subkey;
@@ -342,11 +342,11 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
     acceptor_flag = ctx->initiate ? FLAG_SENDER_IS_ACCEPTOR : 0;
     key_usage = (toktype == KG_TOK_WRAP_MSG
                 ? (!ctx->initiate
-                   ? KG_USAGE_INITIATOR_SIGN
-                   : KG_USAGE_ACCEPTOR_SIGN)
-                : (!ctx->initiate
                    ? KG_USAGE_INITIATOR_SEAL
-                   : KG_USAGE_ACCEPTOR_SEAL));
+                   : KG_USAGE_ACCEPTOR_SEAL)
+                : (!ctx->initiate
+                   ? KG_USAGE_INITIATOR_SIGN
+                   : KG_USAGE_ACCEPTOR_SIGN));
 
 #define LOG()          _log("%s:%d: here\n", SFILE, __LINE__)
 #define DEFECTIVE      do{LOG();goto defective;}while(0)