From d8166808a98fd1c3772de5d75e27656ed2ab124d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 27 Feb 2018 11:59:25 -0500 Subject: [PATCH] Always use the encype we selected The enctype is selected from the keytab or from the fallback code. Either way make sure to use the enctype stored in the key block. Signed-off-by: Simo Sorce Reviewed-by: Robbie Harwood Merges: #226 (cherry picked from commit d73c96d658059ce64ecd41ff2924071d86f2b54f) --- proxy/src/gp_export.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c index c9f5fd4..5e8e160 100644 --- a/proxy/src/gp_export.c +++ b/proxy/src/gp_export.c @@ -168,11 +168,10 @@ uint32_t gp_init_creds_handle(uint32_t *min, const char *svc_name, GP_CREDS_HANDLE_KEY_ENCTYPE, 0, &handle->key); if (ret == 0) { - ret = krb5_c_make_random_key(handle->context, - GP_CREDS_HANDLE_KEY_ENCTYPE, + ret = krb5_c_make_random_key(handle->context, handle->key->enctype, handle->key); GPDEBUG("Service: %s, Enckey: [ephemeral], Enctype: %d\n", - svc_name, GP_CREDS_HANDLE_KEY_ENCTYPE); + svc_name, handle->key->enctype); } if (ret) { ret_min = ret; @@ -254,7 +253,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key, memset(&enc_handle, '\0', sizeof(krb5_enc_data)); - enc_handle.enctype = GP_CREDS_HANDLE_KEY_ENCTYPE; + enc_handle.enctype = key->enctype; enc_handle.ciphertext.data = in->octet_string_val; enc_handle.ciphertext.length = in->octet_string_len;