diff options
author | Stefan Metzmacher <metze@samba.org> | 2016-11-22 13:42:31 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-12-20 07:51:14 +0100 |
commit | 05cc099499ef3a07d140981ef82937c842a3ffef (patch) | |
tree | a9ceeaf9c817840f07efdccf22a0bc9ab3a04aad /source4/heimdal | |
parent | ab25cdfa9dd071652985eb9ab98255cda3c3de57 (diff) | |
download | samba-05cc099499ef3a07d140981ef82937c842a3ffef.tar.gz |
HEIMDAL:lib/krb5: move checksum vs. enctype checks into get_checksum_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4/heimdal')
-rw-r--r-- | source4/heimdal/lib/krb5/crypto.c | 51 |
1 files changed, 20 insertions, 31 deletions
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 75d0a099d48..98b4554edbc 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -305,6 +305,24 @@ get_checksum_key(krb5_context context, struct _krb5_key_data **key) { krb5_error_code ret = 0; + struct _krb5_checksum_type *kct = NULL; + + if (crypto == NULL) { + krb5_set_error_message(context, KRB5_BAD_ENCTYPE, + N_("Checksum type %s is keyed but no " + "crypto context (key) was passed in", ""), + ct->name); + return KRB5_BAD_ENCTYPE; + } + kct = crypto->et->keyed_checksum; + if (kct == NULL || kct->type != ct->type) { + krb5_set_error_message(context, KRB5_BAD_ENCTYPE, + N_("Checksum type %s is keyed, but " + "the key type %s passed didnt have that checksum " + "type as the keyed type", ""), + ct->name, crypto->et->name); + return KRB5_BAD_ENCTYPE; + } if(ct->flags & F_DERIVED) ret = _get_derived_key(context, crypto, usage, key); @@ -340,21 +358,12 @@ create_checksum (krb5_context context, { krb5_error_code ret; struct _krb5_key_data *dkey; - int keyed_checksum; if (ct->flags & F_DISABLED) { krb5_clear_error_message (context); return KRB5_PROG_SUMTYPE_NOSUPP; } - keyed_checksum = (ct->flags & F_KEYED) != 0; - if(keyed_checksum && crypto == NULL) { - krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - N_("Checksum type %s is keyed but no " - "crypto context (key) was passed in", ""), - ct->name); - return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ - } - if(keyed_checksum) { + if (ct->flags & F_KEYED) { ret = get_checksum_key(context, crypto, usage, ct, &dkey); if (ret) return ret; @@ -422,7 +431,6 @@ verify_checksum(krb5_context context, { krb5_error_code ret; struct _krb5_key_data *dkey; - int keyed_checksum; Checksum c; struct _krb5_checksum_type *ct; @@ -443,26 +451,7 @@ verify_checksum(krb5_context context, return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ } - keyed_checksum = (ct->flags & F_KEYED) != 0; - if(keyed_checksum) { - struct _krb5_checksum_type *kct; - if (crypto == NULL) { - krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP, - N_("Checksum type %s is keyed but no " - "crypto context (key) was passed in", ""), - ct->name); - return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ - } - kct = crypto->et->keyed_checksum; - if (kct == NULL || kct->type != ct->type) { - krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP, - N_("Checksum type %s is keyed, but " - "the key type %s passed didnt have that checksum " - "type as the keyed type", ""), - ct->name, crypto->et->name); - return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ - } - + if (ct->flags & F_KEYED) { ret = get_checksum_key(context, crypto, usage, ct, &dkey); if (ret) return ret; |