Use keyed checksum type for DES FAST
authorGreg Hudson <ghudson@mit.edu>
Tue, 12 Jan 2010 01:07:48 +0000 (01:07 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 12 Jan 2010 01:07:48 +0000 (01:07 +0000)
DES enctypes have unkeyed mandatory-to-implement checksums.  Since
FAST requires a keyed checksum, we must pick something else in that
case.

ticket: 6633
target_version: 1.7
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23629 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/fast.c

index 48199815aa58aca93fcdf5bb1552f7758cfa7e9a..db95adca7144861bb896220f349151b3fb93eecd 100644 (file)
@@ -238,6 +238,9 @@ krb5int_fast_prep_req(krb5_context context,
     if (retval == 0)
         retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype,
                                                &cksumtype);
+    /* DES enctypes have unkeyed mandatory checksums; need a keyed one. */
+    if (retval == 0 && !krb5_c_is_keyed_cksum(cksumtype))
+        cksumtype = CKSUMTYPE_RSA_MD5_DES;
     if (retval ==0)
         retval = krb5_c_make_checksum(context, cksumtype, state->armor_key,
                                       KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed,