[krbdev.mit.edu #7914] Problem with krb5int_c_combine_keys()
kenh@cmf.nrl.navy.mil via RT
rt-comment at krbdev.mit.edu
Tue May 20 11:59:30 EDT 2014
When krb5int_c_combine_keys() was updated to use the new crypto interface,
a small bug was introduced. It turns out the temporary keyblock created
needs to have it's enctype set, otherwise when krb5int_derive_keyblock()
is called later it will fail with KRB5_BAD_ENCTYPE. The patch is trivial.
--Ken
--- a/src/lib/crypto/krb/combine_keys.c
+++ b/src/lib/crypto/krb/combine_keys.c
@@ -155,6 +155,7 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
randbits.data = (char *) rnd;
tkeyblock.length = keylength;
tkeyblock.contents = output;
+ tkeyblock.enctype = key1->enctype;
ret = (*ktp->rand2key)(&randbits, &tkeyblock);
if (ret)
More information about the krb5-bugs
mailing list