I am using openssl with the Kerberos ciphers and a w2k3 kdc and was wondering
if adding RC4-HMAC to the list for des_ede3_cbc would be OK or was there a
reason not to include it ?
Thanks
Markus
/* Given KRB5 enctype (basically DES or 3DES),
** return closest
match openssl EVP_ encryption algorithm.
** Return NULL for unknown or
problematic (krb5_dk_encrypt) enctypes.
** Assume ENCTYPE_*_RAW
(krb5_raw_encrypt) are OK.
*/
const EVP_CIPHER *
kssl_map_enc(krb5_enctype enctype)
{
switch (enctype)
{
case ENCTYPE_DES_HMAC_SHA1:
/* EVP_des_cbc(); */
case
ENCTYPE_DES_CBC_CRC:
case
ENCTYPE_DES_CBC_MD4:
case
ENCTYPE_DES_CBC_MD5:
case
ENCTYPE_DES_CBC_RAW:
return
EVP_des_cbc();
break;
case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
case
ENCTYPE_DES3_CBC_SHA:
case
ENCTYPE_DES3_CBC_RAW:
return
EVP_des_ede3_cbc();
break;
default: return
NULL;
break;
}
}
|
