svn rev #24563: trunk/src/lib/gssapi/krb5/
tlyu@MIT.EDU
tlyu at MIT.EDU
Tue Dec 7 18:45:15 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24563
Commit By: tlyu
Log Message:
ticket: 6835
Add comment noting that RFC 4121 appears to omit RC4-HMAC from the
list of "not-newer" enctypes, even though RFC 4757 effectively treats
it as one. Suggested by Derrick Brashear.
Changed Files:
U trunk/src/lib/gssapi/krb5/accept_sec_context.c
U trunk/src/lib/gssapi/krb5/util_crypt.c
Modified: trunk/src/lib/gssapi/krb5/accept_sec_context.c
===================================================================
--- trunk/src/lib/gssapi/krb5/accept_sec_context.c 2010-12-06 23:23:17 UTC (rev 24562)
+++ trunk/src/lib/gssapi/krb5/accept_sec_context.c 2010-12-07 23:45:15 UTC (rev 24563)
@@ -1042,6 +1042,8 @@
case ENCTYPE_DES3_CBC_SHA1:
case ENCTYPE_ARCFOUR_HMAC:
case ENCTYPE_ARCFOUR_HMAC_EXP:
+ /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer"
+ * enctype, even though RFC 4757 treats it as one. */
ap_req_options &= ~(AP_OPTS_USE_SUBKEY);
break;
}
Modified: trunk/src/lib/gssapi/krb5/util_crypt.c
===================================================================
--- trunk/src/lib/gssapi/krb5/util_crypt.c 2010-12-06 23:23:17 UTC (rev 24562)
+++ trunk/src/lib/gssapi/krb5/util_crypt.c 2010-12-07 23:45:15 UTC (rev 24563)
@@ -158,6 +158,8 @@
break;
case ENCTYPE_ARCFOUR_HMAC:
case ENCTYPE_ARCFOUR_HMAC_EXP:
+ /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" enctype,
+ * even though RFC 4757 treats it as one. */
code = kg_copy_keys(context, ctx, subkey);
if (code != 0)
return code;
More information about the cvs-krb5
mailing list