From c64f5ef88710f27e16ca9ad1a4981b7c8b084421 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Thu, 5 Apr 2001 00:29:16 +0000 Subject: [PATCH] * mk_safe.c (krb5_mk_safe): Only use safe_cksumtype from the auth_context (derived from the config file or hardcoded default) if it's suitable for the enctype of the key we're going to use. [pullup from krb5-1-2-2-branch] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13144 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 7 +++++++ src/lib/krb5/krb/mk_safe.c | 27 ++++++++++++++++++++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 5f2ba2847..f30cd42d8 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +2001-04-04 Tom Yu + + * mk_safe.c (krb5_mk_safe): Only use safe_cksumtype from the + auth_context (derived from the config file or hardcoded default) + if it's suitable for the enctype of the key we're going to + use. [pullup from krb5-1-2-2-branch] + 2001-03-28 Ken Raeburn * init_ctx.c (DEFAULT_ETYPE_LIST): New macro. Old etype list, diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c index 5d1e3bf4a..063b3dbf4 100644 --- a/src/lib/krb5/krb/mk_safe.c +++ b/src/lib/krb5/krb/mk_safe.c @@ -168,6 +168,7 @@ krb5_mk_safe(context, auth_context, userdata, outbuf, outdata) krb5_address * plocal_fulladdr = NULL; krb5_address remote_fulladdr; krb5_address local_fulladdr; + krb5_cksumtype sumtype; CLEANUP_INIT(2); @@ -203,9 +204,33 @@ krb5_mk_safe(context, auth_context, userdata, outbuf, outdata) } } + { + unsigned int nsumtypes; + unsigned int i; + krb5_cksumtype *sumtypes; + retval = krb5_c_keyed_checksum_types (context, keyblock->enctype, + &nsumtypes, &sumtypes); + if (retval) { + CLEANUP_DONE (); + goto error; + } + if (nsumtypes == 0) { + retval = KRB5_BAD_ENCTYPE; + krb5_free_cksumtypes (context, sumtypes); + CLEANUP_DONE (); + goto error; + } + for (i = 0; i < nsumtypes; i++) + if (auth_context->safe_cksumtype == sumtypes[i]) + break; + if (i == nsumtypes) + i = 0; + sumtype = sumtypes[i]; + krb5_free_cksumtypes (context, sumtypes); + } if ((retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata, plocal_fulladdr, premote_fulladdr, - auth_context->safe_cksumtype, outbuf))) { + sumtype, outbuf))) { CLEANUP_DONE(); goto error; } -- 2.26.2