svn rev #23611: trunk/src/lib/crypto/crypto_tests/
ghudson at mit.edu
Fri Jan 8 11:30:05 EST 2010
On Fri, 2010-01-08 at 07:59 -0500, Ezra Peisach wrote:
> I added an assertion in the free code to see if enctype was 0... Get
> hit in a number of programs... The kdc in verify_checksum from the
> kdc_find_fast. I think it using an empty krb5_keyblock - with zero
> length - so in theory
> who cares about the encryption type...
This code is a little special:
* We need to confirm that a keyed checksum is used for the
* fast_req checksum. In April 2009, the best way to do this is
* to try verifying the checksum with a keyblock with an zero
* length; if it succeeds, then an unkeyed checksum is used.
ret = krb5_c_verify_checksum(kdc_context, &empty_keyblock, ...);
I think that comment is ignoring the existence of krb5_c_is_keyed_cksum.
Even if not, passing a NULL keyblock should work as well as passing an
More information about the krbdev