Revert "make paranoia check less paranoid" - check that key types strictly match

This reverts commit c25af51232 because otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key. Andrew Bartlett Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-12-15 12:29:01 +11:00
parent cdc04ce0ff
commit 7a89f14aa5
1 changed files with 1 additions and 1 deletions
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -467,7 +467,7 @@ verify_checksum(krb5_context context,
 	    return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
 	}
 	kct = crypto->et->keyed_checksum;
-	if (kct != NULL && kct->type != ct->type) {
+	if (kct == NULL || kct->type != ct->type) {
 	    krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP,
 				   N_("Checksum type %s is keyed, but "
 				      "the key type %s passed didnt have that checksum "