diff options
| author | Tom Yu <tlyu@mit.edu> | 2010-01-05 02:47:58 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2010-01-05 02:47:58 +0000 |
| commit | b19f2a8984321c3e20a29c8a76456cecb99bccca (patch) | |
| tree | 4e34cb973572b321e9e9f32641937e96137ec348 /src/lib | |
| parent | b8b8377845e02bb7e60dd09e01e15d0fad96caf5 (diff) | |
| download | krb5-b19f2a8984321c3e20a29c8a76456cecb99bccca.tar.gz krb5-b19f2a8984321c3e20a29c8a76456cecb99bccca.tar.xz krb5-b19f2a8984321c3e20a29c8a76456cecb99bccca.zip | |
disable weak crypto by default
Set allow_weak_crypto=false by default. Set default master key
enctype to sha256. Adjust test suite to compensate.
ticket: 6621
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/decrypt_tk.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/krb/init_ctx.c | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/krb5/krb/decrypt_tk.c b/src/lib/krb5/krb/decrypt_tk.c index c06353b9e..7ce411552 100644 --- a/src/lib/krb5/krb/decrypt_tk.c +++ b/src/lib/krb5/krb/decrypt_tk.c @@ -49,6 +49,9 @@ krb5_decrypt_tkt_part(krb5_context context, const krb5_keyblock *srv_key, regist if (!krb5_c_valid_enctype(ticket->enc_part.enctype)) return KRB5_PROG_ETYPE_NOSUPP; + if (!krb5_is_permitted_enctype(context, ticket->enc_part.enctype)) + return KRB5_NOPERM_ETYPE; + scratch.length = ticket->enc_part.ciphertext.length; if (!(scratch.data = malloc(ticket->enc_part.ciphertext.length))) return(ENOMEM); diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 8f6a1b3dc..2c2beb6bf 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -165,7 +165,7 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc) goto cleanup; retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS, - KRB5_CONF_ALLOW_WEAK_CRYPTO, NULL, 1, &tmp); + KRB5_CONF_ALLOW_WEAK_CRYPTO, NULL, 0, &tmp); if (retval) goto cleanup; ctx->allow_weak_crypto = tmp; |