oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Reorder DES algs to work around MIT pre-1.8 GSS

Browse Source 
Pre-1.8 MIT GSS accept_sec_context() has a bug which treats
des-cbc-md4 as if the received token format should be CFX.
The previous DES alg ordering resulted in MIT KDCs issuing
des-cbc-md4 session keys for service tickets which triggered
this bug.  Reorder the list so md4 is not preferred.

Change-Id: I11269498a6eb8494044c618db29c43f62b0ced49
This commit is contained in:
Jeffrey Altman
2010-12-07 00:28:13 -05:00
committed by Jeffrey Altman
parent b45dd13c44
commit 7b1e954ad4
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/krb5/crypto-algs.c
View File

@@ -74,9 +74,9 @@ struct encryption_type *_krb5_etypes[] = {
&_krb5_enctype_old_des3_cbc_sha1, &_krb5_enctype_old_des3_cbc_sha1,
#endif #endif
#ifdef HEIM_WEAK_CRYPTO #ifdef HEIM_WEAK_CRYPTO
&_krb5_enctype_des_cbc_crc,
&_krb5_enctype_des_cbc_md4,
&_krb5_enctype_des_cbc_md5, &_krb5_enctype_des_cbc_md5,
&_krb5_enctype_des_cbc_md4,
&_krb5_enctype_des_cbc_crc,
&_krb5_enctype_des_cbc_none, &_krb5_enctype_des_cbc_none,
&_krb5_enctype_des_cfb64_none, &_krb5_enctype_des_cfb64_none,
&_krb5_enctype_des_pcbc_none, &_krb5_enctype_des_pcbc_none,