* Use right key usage for seal without encryption.

Now tested and working against win2k ldap server; wrap and unwrap
of  encrypted and unencrypted data tested.
So far no test of getmic or verify_mic.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13870 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 2bc1ca9a6de22f472222a80ced6bf31f5367c338..61f853aadd972b7d67c77b3276583037992dff61 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,7 @@
+2001-10-27  Sam Hartman  <hartmans@mit.edu>
+
+       * k5seal.c (make_seal_token_v1): Use usage 15 only for  mic tokens, not for seal tokens without encryption
+
 2001-10-26  Ezra Peisach  <epeisach@mit.edu>
 
        * k5seal.c (make_seal_token_v1): Correct errors in code pertaining

diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index 7ba53db27cc5af96b106929b7475358e5d52a571..e9d2985d183b6795b2f41124e2df3934b3711457 100644 (file)
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -150,7 +150,7 @@ make_seal_token_v1 (krb5_context context,
       break;
     case SGN_ALG_HMAC_MD5:
       md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
-      if (!encrypt)
+      if (toktype != KG_TOK_SEAL_MSG)
        sign_usage = 15;
       break;
     default: