From da9d96e6f471b38cd31931132629be9a44db056b Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 12 Jan 2010 01:07:48 +0000 Subject: [PATCH] Use keyed checksum type for DES FAST DES enctypes have unkeyed mandatory-to-implement checksums. Since FAST requires a keyed checksum, we must pick something else in that case. ticket: 6633 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23629 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/fast.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index 48199815a..db95adca7 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -238,6 +238,9 @@ krb5int_fast_prep_req(krb5_context context, if (retval == 0) retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype, &cksumtype); + /* DES enctypes have unkeyed mandatory checksums; need a keyed one. */ + if (retval == 0 && !krb5_c_is_keyed_cksum(cksumtype)) + cksumtype = CKSUMTYPE_RSA_MD5_DES; if (retval ==0) retval = krb5_c_make_checksum(context, cksumtype, state->armor_key, KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed, -- 2.26.2