Add comment noting that RFC 4121 appears to omit RC4-HMAC from the
authorTom Yu <tlyu@mit.edu>
Tue, 7 Dec 2010 23:45:15 +0000 (23:45 +0000)
committerTom Yu <tlyu@mit.edu>
Tue, 7 Dec 2010 23:45:15 +0000 (23:45 +0000)
list of "not-newer" enctypes, even though RFC 4757 effectively treats
it as one.  Suggested by Derrick Brashear.

ticket: 6835

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24563 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/accept_sec_context.c
src/lib/gssapi/krb5/util_crypt.c

index 0c0b3a547d692d74cc121fb72700b3cbbc2aa15c..9d40f68c605f0e941c3feea52a3d0d602f5c4913 100644 (file)
@@ -1042,6 +1042,8 @@ kg_accept_krb5(minor_status, context_handle,
             case ENCTYPE_DES3_CBC_SHA1:
             case ENCTYPE_ARCFOUR_HMAC:
             case ENCTYPE_ARCFOUR_HMAC_EXP:
+                /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer"
+                 * enctype, even though RFC 4757 treats it as one. */
                 ap_req_options &= ~(AP_OPTS_USE_SUBKEY);
                 break;
             }
index 36c5ef3809725666f4f295076f83775a0c7b679b..cd431ce349893283ac11bb3e3ceb75642a2f7da3 100644 (file)
@@ -158,6 +158,8 @@ kg_setup_keys(krb5_context context, krb5_gss_ctx_id_rec *ctx, krb5_key subkey,
         break;
     case ENCTYPE_ARCFOUR_HMAC:
     case ENCTYPE_ARCFOUR_HMAC_EXP:
+        /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" enctype,
+         * even though RFC 4757 treats it as one. */
         code = kg_copy_keys(context, ctx, subkey);
         if (code != 0)
             return code;