svn rev #23629: trunk/src/lib/krb5/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Mon Jan 11 20:07:48 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23629
Commit By: ghudson
Log Message:
ticket: 6633
subject: Use keyed checksum type for DES FAST
target_version: 1.7
tags: pullup
DES enctypes have unkeyed mandatory-to-implement checksums. Since
FAST requires a keyed checksum, we must pick something else in that
case.
Changed Files:
U trunk/src/lib/krb5/krb/fast.c
Modified: trunk/src/lib/krb5/krb/fast.c
===================================================================
--- trunk/src/lib/krb5/krb/fast.c 2010-01-12 01:05:37 UTC (rev 23628)
+++ trunk/src/lib/krb5/krb/fast.c 2010-01-12 01:07:48 UTC (rev 23629)
@@ -238,6 +238,9 @@
if (retval == 0)
retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype,
&cksumtype);
+ /* DES enctypes have unkeyed mandatory checksums; need a keyed one. */
+ if (retval == 0 && !krb5_c_is_keyed_cksum(cksumtype))
+ cksumtype = CKSUMTYPE_RSA_MD5_DES;
if (retval ==0)
retval = krb5_c_make_checksum(context, cksumtype, state->armor_key,
KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed,
More information about the cvs-krb5
mailing list