From a7169a17a6e724c486680c9b2863646e30b85e00 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 5 Jun 2007 17:23:44 +0000
Subject: [PATCH] Use oid_id_pkcs7_data for pkinit-9 encKey reply to match
 windows DC behavior better.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20927 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/pkinit.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/kdc/pkinit.c b/kdc/pkinit.c
index 1fbafcd35..1b57d9b86 100644
--- a/kdc/pkinit.c
+++ b/kdc/pkinit.c
@@ -679,7 +679,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
 		      krb5_keyblock *reply_key,
 		      ContentInfo *content_info)
 {
-    const heim_oid *envelopedAlg = NULL;
+    const heim_oid *envelopedAlg = NULL, *sdAlg = NULL;
     krb5_error_code ret;
     krb5_data buf, signed_data;
     size_t size;
@@ -693,6 +693,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
 	memset(&kp, 0, sizeof(kp));
 
 	envelopedAlg = oid_id_rsadsi_des_ede3_cbc();
+	sdAlg = oid_id_pkcs7_data();
 
 	ret = copy_EncryptionKey(reply_key, &kp.replyKey);
 	if (ret) {
@@ -712,6 +713,8 @@ pk_mk_pa_reply_enckey(krb5_context context,
 	ReplyKeyPack kp;
 	memset(&kp, 0, sizeof(kp));
 
+	sdAlg = oid_id_pkrkeydata();
+
 	ret = copy_EncryptionKey(reply_key, &kp.replyKey);
 	if (ret) {
 	    krb5_clear_error_string(context);
@@ -773,7 +776,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
 	
 	ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
 					0,
-					oid_id_pkrkeydata(),
+					sdAlg,
 					buf.data,
 					buf.length,
 					NULL,