Attachment 13505 Details for Bug 12986 – Possible backport patches for master

[patch] Possible backport patches for master

tmp.diff.txt (text/plain), 3.27 KB, created by Stefan Metzmacher on 2017-08-25 15:59:59 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Metzmacher

Created: 2017-08-25 15:59:59 UTC

Size: 3.27 KB

patch

obsolete

>From 358e3cbbe8788e1d670b33e3c7c65e2315d0c503 Mon Sep 17 00:00:00 2001
>From: Love Hornquist Astrand <lha@h5l.org>
>Date: Mon, 29 Apr 2013 11:37:39 -0700
>Subject: [PATCH 1/2] HEIMDAL: allow optional q in DH DomainParameters
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986
>
>Reviewed-by: Stefan Metzmacher <metze@samba.org>
>(cherry picked from heimdal commit e8317b955f5a390c4f296871ba6987ad05478c95)
>---
> source4/heimdal/kdc/pkinit.c          | 2 +-
> source4/heimdal/lib/asn1/rfc2459.asn1 | 2 +-
> source4/heimdal/lib/krb5/pkinit.c     | 7 ++++++-
> 3 files changed, 8 insertions(+), 3 deletions(-)
>
>diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
>index d85b156..3a9e8f2 100644
>--- a/source4/heimdal/kdc/pkinit.c
>+++ b/source4/heimdal/kdc/pkinit.c
>@@ -361,7 +361,7 @@ get_dh_param(krb5_context context,
>     }
> 
>     ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
>-			    &dhparam.p, &dhparam.g, &dhparam.q, moduli,
>+			    &dhparam.p, &dhparam.g, dhparam.q, moduli,
> 			    &client_params->dh_group_name);
>     if (ret) {
> 	/* XXX send back proposal of better group */
>diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1
>index bf82f81..7843f65 100644
>--- a/source4/heimdal/lib/asn1/rfc2459.asn1
>+++ b/source4/heimdal/lib/asn1/rfc2459.asn1
>@@ -239,7 +239,7 @@ ValidationParms ::= SEQUENCE {
> DomainParameters ::= SEQUENCE {
> 	p		INTEGER, -- odd prime, p=jq +1
> 	g		INTEGER, -- generator, g
>-	q		INTEGER, -- factor of p-1
>+	q		INTEGER OPTIONAL, -- factor of p-1
> 	j		INTEGER OPTIONAL, -- subgroup factor
> 	validationParms	ValidationParms OPTIONAL -- ValidationParms
> }
>diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
>index 1103a17..c30a298 100644
>--- a/source4/heimdal/lib/krb5/pkinit.c
>+++ b/source4/heimdal/lib/krb5/pkinit.c
>@@ -497,7 +497,12 @@ build_auth_pack(krb5_context context,
> 		free_DomainParameters(&dp);
> 		return ret;
> 	    }
>-	    ret = BN_to_integer(context, dh->q, &dp.q);
>+	    dp.q = calloc(1, sizeof(*dp.q));
>+	    if (dp.q == NULL) {
>+		free_DomainParameters(&dp);
>+		return ENOMEM;
>+	    }
>+	    ret = BN_to_integer(context, dh->q, dp.q);
> 	    if (ret) {
> 		free_DomainParameters(&dp);
> 		return ret;
>-- 
>1.9.1
>
>
>From a9d6691d4d6608ba9bd00775e58604eddaf57e38 Mon Sep 17 00:00:00 2001
>From: Love Hornquist Astrand <lha@h5l.org>
>Date: Mon, 29 Apr 2013 11:42:46 -0700
>Subject: [PATCH 2/2] HEIMDAL: don't bother seeing q if not sent
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986
>
>Reviewed-by: Stefan Metzmacher <metze@samba.org>
>(cherry picked from heimdal commit 19f9fdbcea11013cf13ac72c416f161ee55dee2b)
>---
> source4/heimdal/kdc/pkinit.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
>diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
>index 3a9e8f2..c874847 100644
>--- a/source4/heimdal/kdc/pkinit.c
>+++ b/source4/heimdal/kdc/pkinit.c
>@@ -381,9 +381,12 @@ get_dh_param(krb5_context context,
>     dh->g = integer_to_BN(context, "DH base", &dhparam.g);
>     if (dh->g == NULL)
> 	goto out;
>-    dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q);
>-    if (dh->g == NULL)
>-	goto out;
>+
>+    if (dhparam.q) {
>+	dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q);
>+	if (dh->g == NULL)
>+	    goto out;
>+    }
> 
>     {
> 	heim_integer glue;
>-- 
>1.9.1
>

Actions: View

Attachments on bug 12986: 13504 | 13505 | 13510 | 13511 | 13858 | 13859 | 13860