From: | Ken Hornstein <kenh@cmf.nrl.navy.mil> |
To: | krb5-bugs@mit.edu |
Subject: | Problem with krb5int_c_combine_keys() |
Date: | Tue, 20 May 2014 11:31:33 -0400 |
When krb5int_c_combine_keys() was updated to use the new crypto interface,
a small bug was introduced. It turns out the temporary keyblock created
needs to have it's enctype set, otherwise when krb5int_derive_keyblock()
is called later it will fail with KRB5_BAD_ENCTYPE. The patch is trivial.
--Ken
--- a/src/lib/crypto/krb/combine_keys.c
+++ b/src/lib/crypto/krb/combine_keys.c
@@ -155,6 +155,7 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
randbits.data = (char *) rnd;
tkeyblock.length = keylength;
tkeyblock.contents = output;
+ tkeyblock.enctype = key1->enctype;
ret = (*ktp->rand2key)(&randbits, &tkeyblock);
if (ret)
a small bug was introduced. It turns out the temporary keyblock created
needs to have it's enctype set, otherwise when krb5int_derive_keyblock()
is called later it will fail with KRB5_BAD_ENCTYPE. The patch is trivial.
--Ken
--- a/src/lib/crypto/krb/combine_keys.c
+++ b/src/lib/crypto/krb/combine_keys.c
@@ -155,6 +155,7 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
randbits.data = (char *) rnd;
tkeyblock.length = keylength;
tkeyblock.contents = output;
+ tkeyblock.enctype = key1->enctype;
ret = (*ktp->rand2key)(&randbits, &tkeyblock);
if (ret)