From 1de9ecd91564da40a5588ca024704cdbde84ea37 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Tue, 23 Sep 1997 07:35:52 +0000 Subject: [PATCH] fix check for keyed and collision-proof checksum git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3546 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kdc/kerberos5.c | 6 ++---- lib/krb5/rd_safe.c | 4 ++-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index 4440ae6bb..307dd75cd 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -1001,10 +1001,8 @@ tgs_check_authenticator(krb5_auth_context ac, ret = KRB5KRB_AP_ERR_INAPP_CKSUM; goto out; } - /* XXX */ - if (auth->cksum->cksumtype != CKSUMTYPE_RSA_MD4 && - auth->cksum->cksumtype != CKSUMTYPE_RSA_MD5 && - auth->cksum->cksumtype != CKSUMTYPE_RSA_MD5_DES){ + if (!krb5_checksum_is_keyed(auth->cksum->cksumtype) + || !krb5_checksum_is_collision_proof(auth->cksum->cksumtype)) { kdc_log(0, "Bad checksum type in authenticator: %d", auth->cksum->cksumtype); ret = KRB5KRB_AP_ERR_INAPP_CKSUM; diff --git a/lib/krb5/rd_safe.c b/lib/krb5/rd_safe.c index 54e4a6fc7..693773cea 100644 --- a/lib/krb5/rd_safe.c +++ b/lib/krb5/rd_safe.c @@ -62,8 +62,8 @@ krb5_rd_safe(krb5_context context, r = KRB5KRB_AP_ERR_MSG_TYPE; goto failure; } - /* XXX - checksum collision-proff and keyed */ - if (safe.cksum.cksumtype != CKSUMTYPE_RSA_MD5_DES) { + if (!krb5_checksum_is_keyed(safe.cksum.cksumtype) + || !krb5_checksum_is_collision_proof(safe.cksum.cksumtype)) { r = KRB5KRB_AP_ERR_INAPP_CKSUM; goto failure; }