[krbdev.mit.edu #2266] wrap_size_limit broken for CFX
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Mon Feb 23 16:51:37 EST 2004
On Monday, Feb 23, 2004, at 16:23 US/Eastern, Wyllys Ingersoll wrote:
> One more thing - wouldn't it be better to use the newer
> krb5_c_encrypt_length() routine here and get rid of one more
> use of the old 'krb5_encrypt_size' API?
>
*sigh* Yep. Actually, even krb5_c_encrypt_length goes in the wrong
direction (more obvious if you look at enctypes like DES that round up
to a multiple of a block size); we should instead add to the crypto API
a function that implements some sort of encrypt_size_limit
functionality.
The old crypto API is still in our export lists; I think we're probably
going to leave it as is for now, and fix it up properly for a future
release. I've opened a new ticket on that...
More information about the krb5-bugs
mailing list