diff options
| author | Tom Yu <tlyu@mit.edu> | 2001-04-05 00:29:16 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2001-04-05 00:29:16 +0000 |
| commit | c64f5ef88710f27e16ca9ad1a4981b7c8b084421 (patch) | |
| tree | d96aa8267f768ec0e2c327434ce1ce4120ac1f06 /src | |
| parent | 7335d6ddadb9d2d15c9718a593200f081e6327cc (diff) | |
| download | krb5-c64f5ef88710f27e16ca9ad1a4981b7c8b084421.zip krb5-c64f5ef88710f27e16ca9ad1a4981b7c8b084421.tar.gz krb5-c64f5ef88710f27e16ca9ad1a4981b7c8b084421.tar.bz2 | |
* mk_safe.c (krb5_mk_safe): Only use safe_cksumtype from the
auth_context (derived from the config file or hardcoded default)
if it's suitable for the enctype of the key we're going to
use. [pullup from krb5-1-2-2-branch]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13144 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 7 | ||||
| -rw-r--r-- | src/lib/krb5/krb/mk_safe.c | 27 |
2 files changed, 33 insertions, 1 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 5f2ba28..f30cd42 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +2001-04-04 Tom Yu <tlyu@mit.edu> + + * mk_safe.c (krb5_mk_safe): Only use safe_cksumtype from the + auth_context (derived from the config file or hardcoded default) + if it's suitable for the enctype of the key we're going to + use. [pullup from krb5-1-2-2-branch] + 2001-03-28 Ken Raeburn <raeburn@mit.edu> * init_ctx.c (DEFAULT_ETYPE_LIST): New macro. Old etype list, diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c index 5d1e3bf..063b3db 100644 --- a/src/lib/krb5/krb/mk_safe.c +++ b/src/lib/krb5/krb/mk_safe.c @@ -168,6 +168,7 @@ krb5_mk_safe(context, auth_context, userdata, outbuf, outdata) krb5_address * plocal_fulladdr = NULL; krb5_address remote_fulladdr; krb5_address local_fulladdr; + krb5_cksumtype sumtype; CLEANUP_INIT(2); @@ -203,9 +204,33 @@ krb5_mk_safe(context, auth_context, userdata, outbuf, outdata) } } + { + unsigned int nsumtypes; + unsigned int i; + krb5_cksumtype *sumtypes; + retval = krb5_c_keyed_checksum_types (context, keyblock->enctype, + &nsumtypes, &sumtypes); + if (retval) { + CLEANUP_DONE (); + goto error; + } + if (nsumtypes == 0) { + retval = KRB5_BAD_ENCTYPE; + krb5_free_cksumtypes (context, sumtypes); + CLEANUP_DONE (); + goto error; + } + for (i = 0; i < nsumtypes; i++) + if (auth_context->safe_cksumtype == sumtypes[i]) + break; + if (i == nsumtypes) + i = 0; + sumtype = sumtypes[i]; + krb5_free_cksumtypes (context, sumtypes); + } if ((retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata, plocal_fulladdr, premote_fulladdr, - auth_context->safe_cksumtype, outbuf))) { + sumtype, outbuf))) { CLEANUP_DONE(); goto error; } |