Adjust DES_cbc_cksum() so the returned value is the same as MIT's

mit_des_cbc_cksum().  The difference was first observed, then verified by
looking at the MIT source.

diff --git a/CHANGES b/CHANGES
index cde8cca58b875b3a4ebe4435054e630ae946051d..08c01248938aced44e8ef28b8ce30f8fd509764d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -420,6 +420,12 @@ TODO: bug: pad  x  with leading zeros if necessary
 
  Changes between 0.9.7 and 0.9.7a  [XX xxx 2003]
 
+  *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
+     Kerberos function mit_des_cbc_cksum().  Before this change,
+     the value returned by DES_cbc_cksum() was like the one from
+     mit_des_cbc_cksum(), except the bytes were swapped.
+     [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte]
+
   *) Allow an application to disable the automatic SSL chain building.
      Before this a rather primitive chain build was always performed in
      ssl3_output_cert_chain(): an application had no way to send the 

diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c
index 6c5305b99d90515ba00063891408ab755869ab2f..09a7ba56aadad3f8e7c24b77b5903dfde032f5f8 100644 (file)
--- a/crypto/des/cbc_cksm.c
+++ b/crypto/des/cbc_cksm.c
@@ -93,5 +93,14 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
                l2c(tout1,out);
                }
        tout0=tin0=tin1=tin[0]=tin[1]=0;
+       /*
+         Transform the data in tout1 so that it will
+         match the return value that the MIT Kerberos
+         mit_des_cbc_cksum API returns.
+       */
+       tout1 = ((tout1 >> 24L) & 0x000000FF)
+             | ((tout1 >> 8L)  & 0x0000FF00)
+             | ((tout1 << 8L)  & 0x00FF0000)
+             | ((tout1 << 24L) & 0xFF000000);
        return(tout1);
        }