diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-12-15 16:17:09 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-01-12 18:02:54 +1100 |
commit | 1787efaa006b73cd682f6c27f2b5d367495e7e02 (patch) | |
tree | fd39c2a4c869bd101c494bdeaea409ee85f1bfdc /source4/heimdal/lib/gssapi | |
parent | d087e715fc803eae735636b4ebbb4c0f131f9bb4 (diff) | |
download | samba-1787efaa006b73cd682f6c27f2b5d367495e7e02.tar.gz samba-1787efaa006b73cd682f6c27f2b5d367495e7e02.tar.bz2 samba-1787efaa006b73cd682f6c27f2b5d367495e7e02.zip |
use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3
This allows a strict link between checksum types and key types to be
enforced.
Andrew Bartlett
Diffstat (limited to 'source4/heimdal/lib/gssapi')
-rw-r--r-- | source4/heimdal/lib/gssapi/krb5/verify_mic.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c index af06e0a1e3..0f5612491d 100644 --- a/source4/heimdal/lib/gssapi/krb5/verify_mic.c +++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c @@ -251,6 +251,14 @@ retry: csum.checksum.length = 20; csum.checksum.data = p + 8; + krb5_crypto_destroy (context, crypto); + ret = krb5_crypto_init(context, key, + ETYPE_DES3_CBC_SHA1, &crypto); + if (ret){ + *minor_status = ret; + return GSS_S_FAILURE; + } + ret = krb5_verify_checksum (context, crypto, KRB5_KU_USAGE_SIGN, tmp, message_buffer->length + 8, |