* mk_safe.c (krb5_mk_safe): Only use safe_cksumtype from the

	auth_context (derived from the config file or hardcoded default)
	if it's suitable for the enctype of the key we're going to
	use. [pullup from krb5-1-2-2-branch]

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13144 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 5f2ba2847790b10288547fc028af2e93d4b450d9..f30cd42d878d1e283c0928f6df57da343215f27a 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,10 @@
+2001-04-04  Tom Yu  <tlyu@mit.edu>
+
+       * mk_safe.c (krb5_mk_safe): Only use safe_cksumtype from the
+       auth_context (derived from the config file or hardcoded default)
+       if it's suitable for the enctype of the key we're going to
+       use. [pullup from krb5-1-2-2-branch]
+
 2001-03-28  Ken Raeburn  <raeburn@mit.edu>
 
        * init_ctx.c (DEFAULT_ETYPE_LIST): New macro.  Old etype list,

diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c
index 5d1e3bf4abb8d8ba6dcc5f6d50e9095ac7a5bde6..063b3dbf44bb83b6a7f64e5a9968e7f69618cb63 100644 (file)
--- a/src/lib/krb5/krb/mk_safe.c
+++ b/src/lib/krb5/krb/mk_safe.c
@@ -168,6 +168,7 @@ krb5_mk_safe(context, auth_context, userdata, outbuf, outdata)
     krb5_address * plocal_fulladdr = NULL;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
+    krb5_cksumtype sumtype;
 
     CLEANUP_INIT(2);
 
@@ -203,9 +204,33 @@ krb5_mk_safe(context, auth_context, userdata, outbuf, outdata)
         }
     }
 
+    {
+       unsigned int nsumtypes;
+       unsigned int i;
+       krb5_cksumtype *sumtypes;
+       retval = krb5_c_keyed_checksum_types (context, keyblock->enctype,
+                                             &nsumtypes, &sumtypes);
+       if (retval) {
+           CLEANUP_DONE ();
+           goto error;
+       }
+       if (nsumtypes == 0) {
+               retval = KRB5_BAD_ENCTYPE;
+               krb5_free_cksumtypes (context, sumtypes);
+               CLEANUP_DONE ();
+               goto error;
+       }
+       for (i = 0; i < nsumtypes; i++)
+               if (auth_context->safe_cksumtype == sumtypes[i])
+                       break;
+       if (i == nsumtypes)
+               i = 0;
+       sumtype = sumtypes[i];
+       krb5_free_cksumtypes (context, sumtypes);
+    }
     if ((retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata, 
                                     plocal_fulladdr, premote_fulladdr,
-                                    auth_context->safe_cksumtype, outbuf))) {
+                                    sumtype, outbuf))) {
        CLEANUP_DONE();
        goto error;
     }