oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Revert "make paranoia check less paranoid" - check that key types strictly match

Browse Source 
This reverts commit c25af51232 because
otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a
KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
This commit is contained in:
Andrew Bartlett
2011-12-15 12:29:01 +11:00
committed by Love Hornquist Astrand
parent cdc04ce0ff
commit 7a89f14aa5
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/krb5/crypto.c
View File

@@ -467,7 +467,7 @@ verify_checksum(krb5_context context,
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
} }
kct = crypto->et->keyed_checksum; kct = crypto->et->keyed_checksum;
if (kct != NULL && kct->type != ct->type) { if (kct == NULL || kct->type != ct->type) {
krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP, krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("Checksum type %s is keyed, but " N_("Checksum type %s is keyed, but "
"the key type %s passed didnt have that checksum " "the key type %s passed didnt have that checksum "