This is an automated email from the git hooks/post-receive script.
rharwood pushed a change to branch master in repository gssproxy.
from c984020 Release version 0.8.0 new d73c96d Always use the encype we selected
The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.
Summary of changes: src/gp_export.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)
This is an automated email from the git hooks/post-receive script.
rharwood pushed a commit to branch master in repository gssproxy.
commit d73c96d658059ce64ecd41ff2924071d86f2b54f Author: Simo Sorce simo@redhat.com Date: Tue Feb 27 11:59:25 2018 -0500
Always use the encype we selected
The enctype is selected from the keytab or from the fallback code. Either way make sure to use the enctype stored in the key block.
Signed-off-by: Simo Sorce simo@redhat.com Reviewed-by: Robbie Harwood rharwood@redhat.com Merges: #226 --- src/gp_export.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/gp_export.c b/src/gp_export.c index c9f5fd4..5e8e160 100644 --- a/src/gp_export.c +++ b/src/gp_export.c @@ -168,11 +168,10 @@ uint32_t gp_init_creds_handle(uint32_t *min, const char *svc_name, GP_CREDS_HANDLE_KEY_ENCTYPE, 0, &handle->key); if (ret == 0) { - ret = krb5_c_make_random_key(handle->context, - GP_CREDS_HANDLE_KEY_ENCTYPE, + ret = krb5_c_make_random_key(handle->context, handle->key->enctype, handle->key); GPDEBUG("Service: %s, Enckey: [ephemeral], Enctype: %d\n", - svc_name, GP_CREDS_HANDLE_KEY_ENCTYPE); + svc_name, handle->key->enctype); } if (ret) { ret_min = ret; @@ -254,7 +253,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
memset(&enc_handle, '\0', sizeof(krb5_enc_data));
- enc_handle.enctype = GP_CREDS_HANDLE_KEY_ENCTYPE; + enc_handle.enctype = key->enctype; enc_handle.ciphertext.data = in->octet_string_val; enc_handle.ciphertext.length = in->octet_string_len;
gss-proxy@lists.fedorahosted.org