aboutsummaryrefslogtreecommitdiff
path: root/src/share/classes/sun/security/krb5/Checksum.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/share/classes/sun/security/krb5/Checksum.java')
-rw-r--r--src/share/classes/sun/security/krb5/Checksum.java20
1 files changed, 20 insertions, 0 deletions
diff --git a/src/share/classes/sun/security/krb5/Checksum.java b/src/share/classes/sun/security/krb5/Checksum.java
index 377a07b973..f0fa577fc1 100644
--- a/src/share/classes/sun/security/krb5/Checksum.java
+++ b/src/share/classes/sun/security/krb5/Checksum.java
@@ -193,6 +193,26 @@ public class Checksum {
usage);
}
+ // =============== ATTENTION! Use with care ==================
+ // According to https://tools.ietf.org/html/rfc3961#section-6.1,
+ // An unkeyed checksum should only be used "in limited circumstances
+ // where the lack of a key does not provide a window for an attack,
+ // preferably as part of an encrypted message".
+ public boolean verifyAnyChecksum(byte[] data, EncryptionKey key,
+ int usage)
+ throws KdcErrException, KrbCryptoException {
+ CksumType cksumEngine = CksumType.getInstance(cksumType);
+ if (!cksumEngine.isSafe()) {
+ return cksumEngine.verifyChecksum(data, checksum);
+ } else {
+ return cksumEngine.verifyKeyedChecksum(data,
+ data.length,
+ key.getBytes(),
+ checksum,
+ usage);
+ }
+ }
+
/*
public Checksum(byte[] data) throws KdcErrException, KrbCryptoException {
this(Checksum.CKSUMTYPE_DEFAULT, data);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-15 22:57:00 +0000