Fix krb5int_c_combine_keys

When krb5int_c_combine_keys was updated to use the new crypto
interface, a small bug was introduced.  It turns out the temporary
keyblock created needs to have its enctype set; otherwise, when
krb5int_derive_keyblock() is called later, it will fail with
KRB5_BAD_ENCTYPE.

(cherry picked from commit 89803a5a781107365d5a4534eebf48dbaf010f96)

ticket: 8098 (new)
version_fixed: 1.11.6
status: resolved

diff --git a/src/lib/crypto/krb/combine_keys.c b/src/lib/crypto/krb/combine_keys.c
index d9235dd730893bd72cae4683b9413d2d14dbfe17..baf39ffbbe1ab2b5fdc75900a32ecd9641e4aceb 100644 (file)
--- a/src/lib/crypto/krb/combine_keys.c
+++ b/src/lib/crypto/krb/combine_keys.c
@@ -155,6 +155,7 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
     randbits.data = (char *) rnd;
     tkeyblock.length = keylength;
     tkeyblock.contents = output;
+    tkeyblock.enctype = key1->enctype;
 
     ret = (*ktp->rand2key)(&randbits, &tkeyblock);
     if (ret)