use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3

This allows a strict link between checksum types and key types to be enforced. Andrew Bartlett Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-12-15 16:17:09 +11:00
parent 81db1ebce2
commit 5ce504c1fb
1 changed files with 8 additions and 0 deletions
--- a/lib/gssapi/krb5/verify_mic.c
+++ b/lib/gssapi/krb5/verify_mic.c
@@ -251,6 +251,14 @@ retry:
  csum.checksum.length = 20;
  csum.checksum.data   = p + 8;

+  krb5_crypto_destroy (context, crypto);
+  ret = krb5_crypto_init(context, key,
+			 ETYPE_DES3_CBC_SHA1, &crypto);
+  if (ret){
+      *minor_status = ret;
+      return GSS_S_FAILURE;
+  }
+
  ret = krb5_verify_checksum (context, crypto,
 			      KRB5_KU_USAGE_SIGN,
 			      tmp, message_buffer->length + 8,