From: Tom Yu <tlyu@mit.edu>
Date: Tue, 12 Jan 2010 04:44:29 +0000 (+0000)
Subject: pull up r23629 from trunk
X-Git-Tag: krb5-1.7.1-beta1~8
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=969ea73b9d96b684ab7ac90a9ac85cea12f6a250;p=krb5.git

pull up r23629 from trunk

 ------------------------------------------------------------------------
 r23629 | ghudson | 2010-01-11 20:07:48 -0500 (Mon, 11 Jan 2010) | 9 lines

 ticket: 6633
 subject: Use keyed checksum type for DES FAST
 target_version: 1.7
 tags: pullup

 DES enctypes have unkeyed mandatory-to-implement checksums.  Since
 FAST requires a keyed checksum, we must pick something else in that
 case.

ticket: 6633
version_fixed: 1.7.1
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23646 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c
index ef57e6d83..5231065fe 100644
--- a/src/lib/krb5/krb/fast.c
+++ b/src/lib/krb5/krb/fast.c
@@ -209,6 +209,9 @@ krb5int_fast_prep_req (krb5_context context, struct krb5int_fast_request_state *
     if (retval == 0)
 	retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype,
 					       &cksumtype);
+    /* DES enctypes have unkeyed mandatory checksums; need a keyed one. */
+    if (retval == 0 && !krb5_c_is_keyed_cksum(cksumtype))
+	cksumtype = CKSUMTYPE_RSA_MD5_DES;
     if (retval ==0)
 	retval = krb5_c_make_checksum(context, cksumtype, state->armor_key,
 				      KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed,