From 35140ccefab4f0f1ac5ca7ec8b2631929a5cf5a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Wed, 21 Apr 2004 11:30:20 +0000 Subject: [PATCH] at least try to handle diffrent enveloped enctypes git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13737 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kdc/pkinit.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/kdc/pkinit.c b/kdc/pkinit.c index 62c976199..17968470c 100644 --- a/kdc/pkinit.c +++ b/kdc/pkinit.c @@ -601,19 +601,16 @@ pk_mk_pa_reply_enckey(krb5_context context, { KeyTransRecipientInfo *ri; EnvelopedData ed; - krb5_error_code ret; krb5_crypto crypto; - krb5_data buf, sd_data, enc_sd_data; - krb5_keyblock tmp_key; - krb5_enctype enctype = ETYPE_DES3_CBC_NONE; + krb5_enctype enveloped_enctype; heim_oid *enc_type_oid = NULL; X509_NAME *issuer_name; heim_integer *serial; - size_t size; + int i; krb5_data_zero(&enc_sd_data); krb5_data_zero(&sd_data); @@ -621,12 +618,26 @@ pk_mk_pa_reply_enckey(krb5_context context, memset(&tmp_key, 0, sizeof(tmp_key)); memset(&ed, 0, sizeof(ed)); - switch (enctype) { + /* default to DES3 if client doesn't tell us */ + enveloped_enctype = ETYPE_DES3_CBC_NONE; + + for (i = 0; i < req->req_body.etype.len; i++) { + switch(req->req_body.etype.val[i]) { + case 15: /* des-ede3-cbc-Env-OID */ + enveloped_enctype = ETYPE_DES3_CBC_NONE; + break; + default: + break; + } + } + + switch (enveloped_enctype) { case ETYPE_DES3_CBC_NONE: enc_type_oid = &heim_des_ede3_cbc_oid; break; default: - krb5_set_error_string(context, "not support for enctype %d", enctype); + krb5_set_error_string(context, "not support for enctype %d", + enveloped_enctype); return KRB5_PROG_KEYTYPE_NOSUPP; } @@ -665,7 +676,7 @@ pk_mk_pa_reply_enckey(krb5_context context, if (ret) goto out; - ret = krb5_generate_random_keyblock(context, enctype, &tmp_key); + ret = krb5_generate_random_keyblock(context, enveloped_enctype, &tmp_key); if (ret) goto out;