oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

lib/krb5: move checksum vs. enctype checks into get_checksum_key()

Browse Source 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from Samba commit 05cc099499ef3a07d140981ef82937c842a3ffef)
This commit is contained in:
Stefan Metzmacher
2016-11-22 13:42:31 +01:00
committed by Nico Williams
parent bcfe538228
commit 641105bfbd
1 changed files with 20 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
lib/krb5/crypto.c
View File

@@ -316,6 +316,24 @@ get_checksum_key(krb5_context context,
struct _krb5_key_data **key) struct _krb5_key_data **key)
{ {
krb5_error_code ret = 0; krb5_error_code ret = 0;
struct _krb5_checksum_type *kct = NULL;
if (crypto == NULL) {
krb5_set_error_message(context, KRB5_BAD_ENCTYPE,
N_("Checksum type %s is keyed but no "
"crypto context (key) was passed in", ""),
ct->name);
return KRB5_BAD_ENCTYPE;
}
kct = crypto->et->keyed_checksum;
if (kct == NULL || kct->type != ct->type) {
krb5_set_error_message(context, KRB5_BAD_ENCTYPE,
N_("Checksum type %s is keyed, but "
"the key type %s passed didnt have that checksum "
"type as the keyed type", ""),
ct->name, crypto->et->name);
return KRB5_BAD_ENCTYPE;
}
if(ct->flags & F_DERIVED) if(ct->flags & F_DERIVED)
ret = _get_derived_key(context, crypto, usage, key); ret = _get_derived_key(context, crypto, usage, key);
@@ -349,21 +367,12 @@ create_checksum (krb5_context context,
{ {
krb5_error_code ret; krb5_error_code ret;
struct _krb5_key_data *dkey; struct _krb5_key_data *dkey;
int keyed_checksum;
if (ct->flags & F_DISABLED) { if (ct->flags & F_DISABLED) {
krb5_clear_error_message (context); krb5_clear_error_message (context);
return KRB5_PROG_SUMTYPE_NOSUPP; return KRB5_PROG_SUMTYPE_NOSUPP;
} }
keyed_checksum = (ct->flags & F_KEYED) != 0; if (ct->flags & F_KEYED) {
if(keyed_checksum && crypto == NULL) {
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("Checksum type %s is keyed but no "
"crypto context (key) was passed in", ""),
ct->name);
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
if(keyed_checksum) {
ret = get_checksum_key(context, crypto, usage, ct, &dkey); ret = get_checksum_key(context, crypto, usage, ct, &dkey);
if (ret) if (ret)
return ret; return ret;
@@ -431,7 +440,6 @@ verify_checksum(krb5_context context,
{ {
krb5_error_code ret; krb5_error_code ret;
struct _krb5_key_data *dkey; struct _krb5_key_data *dkey;
int keyed_checksum;
Checksum c; Checksum c;
struct _krb5_checksum_type *ct; struct _krb5_checksum_type *ct;
@@ -452,26 +460,7 @@ verify_checksum(krb5_context context,
return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
} }
keyed_checksum = (ct->flags & F_KEYED) != 0; if (ct->flags & F_KEYED) {
if(keyed_checksum) {
struct _krb5_checksum_type *kct;
if (crypto == NULL) {
krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("Checksum type %s is keyed but no "
"crypto context (key) was passed in", ""),
ct->name);
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
kct = crypto->et->keyed_checksum;
if (kct == NULL || kct->type != ct->type) {
krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("Checksum type %s is keyed, but "
"the key type %s passed didnt have that checksum "
"type as the keyed type", ""),
ct->name, crypto->et->name);
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
ret = get_checksum_key(context, crypto, usage, ct, &dkey); ret = get_checksum_key(context, crypto, usage, ct, &dkey);
if (ret) if (ret)
return ret; return ret;