Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
85ccacb3
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
85ccacb3
编写于
7月 03, 2019
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8226719: Kerberos login to Windows 2000 failed with "Inappropriate type of checksum in message"
Reviewed-by: xuelei
上级
7da40a32
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
38 addition
and
1 deletion
+38
-1
src/share/classes/sun/security/krb5/Checksum.java
src/share/classes/sun/security/krb5/Checksum.java
+20
-0
src/share/classes/sun/security/krb5/KrbKdcRep.java
src/share/classes/sun/security/krb5/KrbKdcRep.java
+3
-1
src/share/classes/sun/security/krb5/internal/crypto/CksumType.java
.../classes/sun/security/krb5/internal/crypto/CksumType.java
+5
-0
src/share/classes/sun/security/krb5/internal/crypto/RsaMd5CksumType.java
...es/sun/security/krb5/internal/crypto/RsaMd5CksumType.java
+10
-0
未找到文件。
src/share/classes/sun/security/krb5/Checksum.java
浏览文件 @
85ccacb3
...
...
@@ -193,6 +193,26 @@ public class Checksum {
usage
);
}
// =============== ATTENTION! Use with care ==================
// According to https://tools.ietf.org/html/rfc3961#section-6.1,
// An unkeyed checksum should only be used "in limited circumstances
// where the lack of a key does not provide a window for an attack,
// preferably as part of an encrypted message".
public
boolean
verifyAnyChecksum
(
byte
[]
data
,
EncryptionKey
key
,
int
usage
)
throws
KdcErrException
,
KrbCryptoException
{
CksumType
cksumEngine
=
CksumType
.
getInstance
(
cksumType
);
if
(!
cksumEngine
.
isSafe
())
{
return
cksumEngine
.
verifyChecksum
(
data
,
checksum
);
}
else
{
return
cksumEngine
.
verifyKeyedChecksum
(
data
,
data
.
length
,
key
.
getBytes
(),
checksum
,
usage
);
}
}
/*
public Checksum(byte[] data) throws KdcErrException, KrbCryptoException {
this(Checksum.CKSUMTYPE_DEFAULT, data);
...
...
src/share/classes/sun/security/krb5/KrbKdcRep.java
浏览文件 @
85ccacb3
...
...
@@ -143,8 +143,10 @@ abstract class KrbKdcRep {
Checksum
repCksum
=
new
Checksum
(
new
DerInputStream
(
pa
.
getValue
()).
getDerValue
());
// The checksum is inside encKDCRepPart so we don't
// care if it's keyed or not.
repPaReqEncPaRepValid
=
repCksum
.
verify
Keyed
Checksum
(
repCksum
.
verify
Any
Checksum
(
req
.
asn1Encode
(),
replyKey
,
KeyUsage
.
KU_AS_REQ
);
}
catch
(
Exception
e
)
{
...
...
src/share/classes/sun/security/krb5/internal/crypto/CksumType.java
浏览文件 @
85ccacb3
...
...
@@ -156,6 +156,11 @@ public abstract class CksumType {
public
abstract
byte
[]
calculateKeyedChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
int
usage
)
throws
KrbCryptoException
;
public
boolean
verifyChecksum
(
byte
[]
data
,
byte
[]
checksum
)
throws
KrbCryptoException
{
throw
new
UnsupportedOperationException
(
"Not supported"
);
}
public
abstract
boolean
verifyKeyedChecksum
(
byte
[]
data
,
int
size
,
byte
[]
key
,
byte
[]
checksum
,
int
usage
)
throws
KrbCryptoException
;
...
...
src/share/classes/sun/security/krb5/internal/crypto/RsaMd5CksumType.java
浏览文件 @
85ccacb3
...
...
@@ -101,4 +101,14 @@ public final class RsaMd5CksumType extends CksumType {
return
false
;
}
@Override
public
boolean
verifyChecksum
(
byte
[]
data
,
byte
[]
checksum
)
throws
KrbCryptoException
{
try
{
byte
[]
calculated
=
MessageDigest
.
getInstance
(
"MD5"
).
digest
(
data
);
return
CksumType
.
isChecksumEqual
(
calculated
,
checksum
);
}
catch
(
Exception
e
)
{
return
false
;
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录