Add comment noting that RFC 4121 appears to omit RC4-HMAC from the

list of "not-newer" enctypes, even though RFC 4757 effectively treats
it as one.  Suggested by Derrick Brashear.

ticket: 6835

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24563 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 4 insertions, 0 deletions

diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 0c0b3a547..9d40f68c6 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -1042,6 +1042,8 @@ kg_accept_krb5(minor_status, context_handle,
             case ENCTYPE_DES3_CBC_SHA1:
             case ENCTYPE_ARCFOUR_HMAC:
             case ENCTYPE_ARCFOUR_HMAC_EXP:
+                /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer"
+                 * enctype, even though RFC 4757 treats it as one. */
                 ap_req_options &= ~(AP_OPTS_USE_SUBKEY);
                 break;
             }
diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c
index 36c5ef380..cd431ce34 100644
--- a/src/lib/gssapi/krb5/util_crypt.c
+++ b/src/lib/gssapi/krb5/util_crypt.c
@@ -158,6 +158,8 @@ kg_setup_keys(krb5_context context, krb5_gss_ctx_id_rec *ctx, krb5_key subkey,
         break;
     case ENCTYPE_ARCFOUR_HMAC:
     case ENCTYPE_ARCFOUR_HMAC_EXP:
+        /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" enctype,
+         * even though RFC 4757 treats it as one. */
         code = kg_copy_keys(context, ctx, subkey);
         if (code != 0)
             return code;