Use oid_id_pkcs7_data for pkinit-9 encKey reply to match windows DC
behavior better. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20927 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -679,7 +679,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
||||
krb5_keyblock *reply_key,
|
||||
ContentInfo *content_info)
|
||||
{
|
||||
const heim_oid *envelopedAlg = NULL;
|
||||
const heim_oid *envelopedAlg = NULL, *sdAlg = NULL;
|
||||
krb5_error_code ret;
|
||||
krb5_data buf, signed_data;
|
||||
size_t size;
|
||||
@@ -693,6 +693,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
||||
memset(&kp, 0, sizeof(kp));
|
||||
|
||||
envelopedAlg = oid_id_rsadsi_des_ede3_cbc();
|
||||
sdAlg = oid_id_pkcs7_data();
|
||||
|
||||
ret = copy_EncryptionKey(reply_key, &kp.replyKey);
|
||||
if (ret) {
|
||||
@@ -712,6 +713,8 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
||||
ReplyKeyPack kp;
|
||||
memset(&kp, 0, sizeof(kp));
|
||||
|
||||
sdAlg = oid_id_pkrkeydata();
|
||||
|
||||
ret = copy_EncryptionKey(reply_key, &kp.replyKey);
|
||||
if (ret) {
|
||||
krb5_clear_error_string(context);
|
||||
@@ -773,7 +776,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
||||
|
||||
ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
|
||||
0,
|
||||
oid_id_pkrkeydata(),
|
||||
sdAlg,
|
||||
buf.data,
|
||||
buf.length,
|
||||
NULL,
|
||||
|
Reference in New Issue
Block a user