+2003-06-05 Sam Hartman <hartmans@mit.edu>
+
+ * string_to_key.c (krb5_c_string_to_key_with_params): Only allow
+ AFS s2k for DES enctypes
+
2003-05-15 Sam Hartman <hartmans@mit.edu>
* combine_keys.c (enctype_ok): new function to determine if we support combine_keys for a particular enctype
return(KRB5_BAD_ENCTYPE);
enc = krb5_enctypes_list[i].enc;
+/* xxx AFS string2key function is indicated by a special length in
+ * the salt in much of the code. However only the DES enctypes can
+ * deal with this. Using s2kparams would be a much better solution.*/
+ if (salt && salt->length == SALT_TYPE_AFS_LENGTH) {
+ switch (enctype) {
+ case ENCTYPE_DES_CBC_CRC:
+ case ENCTYPE_DES_CBC_MD4:
+ case ENCTYPE_DES_CBC_MD5:
+ break;
+ default:
+ return (KRB5_CRYPTO_INTERNAL);
+ }
+ }
+
(*(enc->keysize))(&keybytes, &keylength);
if ((key->contents = (krb5_octet *) malloc(keylength)) == NULL)
projects / krb5.git / commitdiff