Use krb5_c_make_checksum hack to determine checksum

[mech_eap.git] / init_sec_context.c

diff --git a/init_sec_context.c b/init_sec_context.c
index 578f923..27d7c06 100644 (file)
--- a/init_sec_context.c
+++ b/init_sec_context.c
@@ -238,9 +238,6 @@ initReady(OM_uint32 *minor, gss_ctx_id_t ctx)
     OM_uint32 major;
     const unsigned char *key;
     size_t keyLength;
-    krb5_context krbContext;
-
-    GSSEAP_KRB_INIT(&krbContext);
 
     /* Cache encryption type derived from selected mechanism OID */
     major = gssEapOidToEnctype(minor, ctx->mechanismUsed, &ctx->encryptionType);
@@ -251,10 +248,15 @@ initReady(OM_uint32 *minor, gss_ctx_id_t ctx)
         eap_key_available(ctx->initiatorCtx.eap)) {
         key = eap_get_eapKeyData(ctx->initiatorCtx.eap, &keyLength);
 
-        major = gssEapDeriveRFC3961Key(minor, key, keyLength,
+        major = gssEapDeriveRfc3961Key(minor, key, keyLength,
                                        ctx->encryptionType, &ctx->rfc3961Key);
         if (GSS_ERROR(major))
             return major;
+
+        major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key,
+                                           &ctx->checksumType);
+        if (GSS_ERROR(major))
+            return major;
     } else {
         /*
          * draft-howlett-eap-gss says that integrity/confidentialty should
@@ -452,17 +454,8 @@ eapGssSmInitGssChannelBindings(OM_uint32 *minor,
     iov[1].buffer.length = 0;
     iov[1].buffer.value = NULL;
 
-#if 0
-    major = gssEapEncodeGssChannelBindings(minor, chanBindings,
-                                            &iov[0].buffer);
-    if (GSS_ERROR(major))
-        goto cleanup;
-
-    iov[0].type |= GSS_IOV_BUFFER_FLAG_ALLOCATED;
-#else
     if (chanBindings != GSS_C_NO_CHANNEL_BINDINGS)
         iov[0].buffer = chanBindings->application_data;
-#endif
 
     major = gssEapWrapOrGetMIC(minor, ctx, FALSE, FALSE, iov, 2,
                                TOK_TYPE_GSS_CB);