1 files changed, 35 insertions, 9 deletions

diff --git a/src/lib/crypto/krb/old_api_glue.c b/src/lib/crypto/krb/old_api_glue.c
index 585ed11a3..b5bb28083 100644
--- a/src/lib/crypto/krb/old_api_glue.c
+++ b/src/lib/crypto/krb/old_api_glue.c
@@ -211,6 +211,25 @@ krb5_checksum_size(krb5_context context, krb5_cksumtype ctype)
     return ret;
 }
 
+/* Guess the enctype for an untyped key used with checksum type ctype. */
+static krb5_enctype
+guess_enctype(krb5_cksumtype ctype)
+{
+    const struct krb5_cksumtypes *ctp;
+    int i;
+
+    if (ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR)
+        return ENCTYPE_ARCFOUR_HMAC;
+    ctp = find_cksumtype(ctype);
+    if (ctp == NULL || ctp->enc == NULL)
+        return 0;
+    for (i = 0; i < krb5int_enctypes_length; i++) {
+        if (krb5int_enctypes_list[i].enc == ctp->enc)
+            return i;
+    }
+    return 0;
+}
+
 krb5_error_code KRB5_CALLCONV
 krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
                         krb5_const_pointer in, size_t in_length,
@@ -218,15 +237,18 @@ krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
                         krb5_checksum *outcksum)
 {
     krb5_data input = make_data((void *) in, in_length);
-    krb5_keyblock key;
+    krb5_keyblock keyblock, *kptr = NULL;
     krb5_error_code ret;
     krb5_checksum cksum;
 
-    key.enctype = ENCTYPE_NULL;
-    key.length = seed_length;
-    key.contents = (unsigned char *) seed;
+    if (seed != NULL) {
+        keyblock.enctype = guess_enctype(ctype);
+        keyblock.length = seed_length;
+        keyblock.contents = (unsigned char *) seed;
+        kptr = &keyblock;
+    }
 
-    ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum);
+    ret = krb5_c_make_checksum(context, ctype, kptr, 0, &input, &cksum);
     if (ret)
         return ret;
 
@@ -253,14 +275,18 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
                      size_t seed_length)
 {
     krb5_data input = make_data((void *) in, in_length);
-    krb5_keyblock key;
+    krb5_keyblock keyblock, *kptr = NULL;
     krb5_error_code ret;
     krb5_boolean valid;
 
-    key.length = seed_length;
-    key.contents = (unsigned char *) seed;
+    if (seed != NULL) {
+        keyblock.enctype = guess_enctype(ctype);
+        keyblock.length = seed_length;
+        keyblock.contents = (unsigned char *) seed;
+        kptr = &keyblock;
+    }
 
-    ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum, &valid);
+    ret = krb5_c_verify_checksum(context, kptr, 0, &input, cksum, &valid);
     if (ret)
         return ret;