The Samba-Bugzilla – Attachment 13505 Details for
Bug 12986
Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible backport patches for master
tmp.diff.txt (text/plain), 3.27 KB, created by
Stefan Metzmacher
on 2017-08-25 15:59:59 UTC
(
hide
)
Description:
Possible backport patches for master
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2017-08-25 15:59:59 UTC
Size:
3.27 KB
patch
obsolete
>From 358e3cbbe8788e1d670b33e3c7c65e2315d0c503 Mon Sep 17 00:00:00 2001 >From: Love Hornquist Astrand <lha@h5l.org> >Date: Mon, 29 Apr 2013 11:37:39 -0700 >Subject: [PATCH 1/2] HEIMDAL: allow optional q in DH DomainParameters > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986 > >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from heimdal commit e8317b955f5a390c4f296871ba6987ad05478c95) >--- > source4/heimdal/kdc/pkinit.c | 2 +- > source4/heimdal/lib/asn1/rfc2459.asn1 | 2 +- > source4/heimdal/lib/krb5/pkinit.c | 7 ++++++- > 3 files changed, 8 insertions(+), 3 deletions(-) > >diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c >index d85b156..3a9e8f2 100644 >--- a/source4/heimdal/kdc/pkinit.c >+++ b/source4/heimdal/kdc/pkinit.c >@@ -361,7 +361,7 @@ get_dh_param(krb5_context context, > } > > ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits, >- &dhparam.p, &dhparam.g, &dhparam.q, moduli, >+ &dhparam.p, &dhparam.g, dhparam.q, moduli, > &client_params->dh_group_name); > if (ret) { > /* XXX send back proposal of better group */ >diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1 >index bf82f81..7843f65 100644 >--- a/source4/heimdal/lib/asn1/rfc2459.asn1 >+++ b/source4/heimdal/lib/asn1/rfc2459.asn1 >@@ -239,7 +239,7 @@ ValidationParms ::= SEQUENCE { > DomainParameters ::= SEQUENCE { > p INTEGER, -- odd prime, p=jq +1 > g INTEGER, -- generator, g >- q INTEGER, -- factor of p-1 >+ q INTEGER OPTIONAL, -- factor of p-1 > j INTEGER OPTIONAL, -- subgroup factor > validationParms ValidationParms OPTIONAL -- ValidationParms > } >diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c >index 1103a17..c30a298 100644 >--- a/source4/heimdal/lib/krb5/pkinit.c >+++ b/source4/heimdal/lib/krb5/pkinit.c >@@ -497,7 +497,12 @@ build_auth_pack(krb5_context context, > free_DomainParameters(&dp); > return ret; > } >- ret = BN_to_integer(context, dh->q, &dp.q); >+ dp.q = calloc(1, sizeof(*dp.q)); >+ if (dp.q == NULL) { >+ free_DomainParameters(&dp); >+ return ENOMEM; >+ } >+ ret = BN_to_integer(context, dh->q, dp.q); > if (ret) { > free_DomainParameters(&dp); > return ret; >-- >1.9.1 > > >From a9d6691d4d6608ba9bd00775e58604eddaf57e38 Mon Sep 17 00:00:00 2001 >From: Love Hornquist Astrand <lha@h5l.org> >Date: Mon, 29 Apr 2013 11:42:46 -0700 >Subject: [PATCH 2/2] HEIMDAL: don't bother seeing q if not sent > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986 > >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from heimdal commit 19f9fdbcea11013cf13ac72c416f161ee55dee2b) >--- > source4/heimdal/kdc/pkinit.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > >diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c >index 3a9e8f2..c874847 100644 >--- a/source4/heimdal/kdc/pkinit.c >+++ b/source4/heimdal/kdc/pkinit.c >@@ -381,9 +381,12 @@ get_dh_param(krb5_context context, > dh->g = integer_to_BN(context, "DH base", &dhparam.g); > if (dh->g == NULL) > goto out; >- dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q); >- if (dh->g == NULL) >- goto out; >+ >+ if (dhparam.q) { >+ dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q); >+ if (dh->g == NULL) >+ goto out; >+ } > > { > heim_integer glue; >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 12986
:
13504
| 13505 |
13510
|
13511
|
13858
|
13859
|
13860