From 168f7bfc5927ab8bf6faad3e08ad8f32a99ee2fb Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 7 Dec 2010 23:45:15 +0000 Subject: [PATCH] Add comment noting that RFC 4121 appears to omit RC4-HMAC from the list of "not-newer" enctypes, even though RFC 4757 effectively treats it as one. Suggested by Derrick Brashear. ticket: 6835 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24563 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/accept_sec_context.c | 2 ++ src/lib/gssapi/krb5/util_crypt.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 0c0b3a547..9d40f68c6 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -1042,6 +1042,8 @@ kg_accept_krb5(minor_status, context_handle, case ENCTYPE_DES3_CBC_SHA1: case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP: + /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" + * enctype, even though RFC 4757 treats it as one. */ ap_req_options &= ~(AP_OPTS_USE_SUBKEY); break; } diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c index 36c5ef380..cd431ce34 100644 --- a/src/lib/gssapi/krb5/util_crypt.c +++ b/src/lib/gssapi/krb5/util_crypt.c @@ -158,6 +158,8 @@ kg_setup_keys(krb5_context context, krb5_gss_ctx_id_rec *ctx, krb5_key subkey, break; case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP: + /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" enctype, + * even though RFC 4757 treats it as one. */ code = kg_copy_keys(context, ctx, subkey); if (code != 0) return code; -- 2.26.2