Re: Checksum in mk_req_internal

["]ke Sandgren" <ake@cs.umu.se>]

On 15 Apr 1999, Assar Westerlund wrote:

> Ake Sandgren <ake@cs.umu.se> writes:
> > Heimdal 0.1c:
> > In make_pa_tgs_req there is a check of the initial ticket for CBC_CRC
> > encryption where the comment talks about DCE. It sets ac->...checksumtype to
> > RSA_MD4, ac->ecntype to CBC_CRC and then calls krb5_mk_req_internal.
> > It in turn totally ignores that and uses CRC32 instead (as a result of
> > calling crypto_init with CBC_CRC from ac->enctype
> 
> Do you really get that far?  Doesn't krb5_auth_setcksumtype dump core?
Yes i do, after patching setcksumtype to actually do something besides
call abort :-)

> So, it uses CRC32 instead of MD4 which is not optimal, but it doesn't
> break, does it?  As far as I remeber, that kludge was added because
> otherwise the code would try to use MD5 which the DCE code didn't
> understand (or implemented incorrectly).  Is it really worth keeping
> the kludge now that the code seems to work (even if not optimally) but
> itself?
The problem is that the kdc (DCE secd in this case)
returns error (inappro. checksum type or something, i'm sitting on the
wrong machine right now...)

What i can't understand is why init_crypto/create_checksum is done the way
it is.

Ake Sandgren, Dep. of Comp. Sci. & HPC2N, Umea University, S-90187 Umea, Sweden
Internet: ake@{cs,hpc2n}.umu.se	Phone: +46 90 7866134	Fax: +46 90 7866126
WWW: http://www.cs.umu.se/~ake