summaryrefslogtreecommitdiffstats
path: root/ssl/kssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/kssl.c')
-rw-r--r--ssl/kssl.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/ssl/kssl.c b/ssl/kssl.c
index d9e1160550..cd9144f2be 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -760,19 +760,14 @@ kssl_map_enc(krb5_enctype enctype)
{
switch (enctype)
{
-#if ! defined(KRB5_MIT_OLD11)
- /* cannot handle derived keys */
- case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */
- return (EVP_CIPHER *) NULL;
- break;
-#endif
case ENCTYPE_DES_CBC_CRC:
case ENCTYPE_DES_CBC_MD4:
case ENCTYPE_DES_CBC_MD5:
case ENCTYPE_DES_CBC_RAW:
return (EVP_CIPHER *) EVP_des_cbc();
break;
+ case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
case ENCTYPE_DES3_CBC_SHA:
case ENCTYPE_DES3_CBC_RAW:
return (EVP_CIPHER *) EVP_des_ede3_cbc();
@@ -1979,6 +1974,15 @@ krb5_error_code kssl_check_authent(
}
enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */
+#if !defined(KRB5_MIT_OLD11)
+ switch ( enctype ) {
+ case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
+ case ENCTYPE_DES3_CBC_SHA:
+ case ENCTYPE_DES3_CBC_RAW:
+ krb5rc = 0; /* Skip, can't handle derived keys */
+ goto err;
+ }
+#endif
enc = kssl_map_enc(enctype);
memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 10:41:52 +0000