svn rev #23611: trunk/src/lib/crypto/crypto_tests/
hartmans at MIT.EDU
Mon Jan 11 12:25:21 EST 2010
>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
Greg> On Fri, 2010-01-08 at 07:59 -0500, Ezra Peisach wrote:
>> I added an assertion in the free code to see if enctype was 0...
>> Get hit in a number of programs... The kdc in verify_checksum
>> from the kdc_find_fast. I think it using an empty krb5_keyblock
>> - with zero length - so in theory who cares about the encryption
Greg> This code is a little special:
Greg> /* * We need to confirm that a keyed checksum is used for
Greg> the * fast_req checksum. In April 2009, the best way to do
Greg> this is * to try verifying the checksum with a keyblock with
Greg> an zero * length; if it succeeds, then an unkeyed checksum is
Greg> used. */ ret = krb5_c_verify_checksum(kdc_context,
Greg> &empty_keyblock, ...);
Greg> I think that comment is ignoring the existence of
It is. Neither Tom nor I remembered that function when I asked about
this issue at the interop event.
Greg> Even if not, passing a NULL keyblock
Greg> should work as well as passing an invalid one.
You'd think that. Something segfaulted on a null keyblock though.
I don't remember what now.
More information about the krbdev