svn rev #25689: trunk/src/ include/ lib/krb5/asn.1/ lib/krb5/os/ plugins/preauth/pkinit/ ...
ghudson@MIT.EDU
ghudson at MIT.EDU
Sat Feb 11 18:25:12 EST 2012
http://src.mit.edu/fisheye/changelog/krb5/?cs=25689
Commit By: ghudson
Log Message:
Minimize draft9 PKINIT code by removing dead code
The PKINIT client code doesn't use decode_krb5_pa_pk_as_rep_draft9,
which is fortunate because it doesn't work (see issue #7072).
Instead, it passes both kinds of PKINIT replies through
decode_krb5_pa_pk_as_rep, then decodes the un-enveloped CMS data in
alternative 1 (encKeyPack) as either an RFC or draft9 ReplyKeyPack.
So, remove the unused broken pa_pk_as_rep_draft9 decoder.
For pa_pk_as_req_draft9, we only use two of the fields on encode and
only one of those on decode. So, get rid of the unused fields and
the krb5_trusted_ca structure, and reduce the encoder and decoder
sequences to the minimum necessary fields.
Changed Files:
U trunk/src/include/k5-int-pkinit.h
U trunk/src/include/k5-int.h
U trunk/src/lib/krb5/asn.1/asn1_k_decode.c
U trunk/src/lib/krb5/asn.1/asn1_k_decode.h
U trunk/src/lib/krb5/asn.1/asn1_k_decode_kdc.c
U trunk/src/lib/krb5/asn.1/asn1_k_encode.c
U trunk/src/lib/krb5/asn.1/krb5_decode.c
U trunk/src/lib/krb5/os/accessor.c
U trunk/src/plugins/preauth/pkinit/pkinit.h
U trunk/src/plugins/preauth/pkinit/pkinit_accessor.c
U trunk/src/plugins/preauth/pkinit/pkinit_accessor.h
U trunk/src/plugins/preauth/pkinit/pkinit_clnt.c
U trunk/src/plugins/preauth/pkinit/pkinit_crypto.h
U trunk/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
U trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
U trunk/src/plugins/preauth/pkinit/pkinit_lib.c
U trunk/src/tests/asn.1/krb5_decode_test.c
U trunk/src/tests/asn.1/ktest.c
U trunk/src/tests/asn.1/ktest_equal.c
U trunk/src/tests/asn.1/ktest_equal.h
U trunk/src/tests/asn.1/pkinit_encode.out
U trunk/src/tests/asn.1/pkinit_trval.out
Modified: trunk/src/include/k5-int-pkinit.h
===================================================================
--- trunk/src/include/k5-int-pkinit.h 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/include/k5-int-pkinit.h 2012-02-11 23:25:12 UTC (rev 25689)
@@ -86,27 +86,12 @@
krb5_data subjectKeyIdentifier; /* Optional */
} krb5_external_principal_identifier;
-/* TrustedCas */
-typedef struct _krb5_trusted_ca {
- enum krb5_trusted_ca_selection {
- choice_trusted_cas_UNKNOWN = -1,
- choice_trusted_cas_principalName = 0,
- choice_trusted_cas_caName = 1,
- choice_trusted_cas_issuerAndSerial = 2
- } choice;
- union krb5_trusted_ca_choices {
- krb5_principal principalName;
- krb5_data caName; /* fully-qualified X.500 "Name" as defined by X.509 (der-encoded) */
- krb5_data issuerAndSerial; /* Optional -- IssuerAndSerialNumber (der-encoded) */
- } u;
-} krb5_trusted_ca;
-
/* PA-PK-AS-REQ (Draft 9 -- PA TYPE 14) */
+/* This has four fields, but we only care about the first and third for
+ * encoding, and the only about the first for decoding. */
typedef struct _krb5_pa_pk_as_req_draft9 {
krb5_data signedAuthPack;
- krb5_trusted_ca **trustedCertifiers; /* Optional array */
krb5_data kdcCert; /* Optional */
- krb5_data encryptionCert;
} krb5_pa_pk_as_req_draft9;
/* PA-PK-AS-REQ (rfc4556 -- PA TYPE 16) */
@@ -259,10 +244,6 @@
decode_krb5_pa_pk_as_rep(const krb5_data *, krb5_pa_pk_as_rep **);
krb5_error_code
-decode_krb5_pa_pk_as_rep_draft9(const krb5_data *,
- krb5_pa_pk_as_rep_draft9 **);
-
-krb5_error_code
decode_krb5_auth_pack(const krb5_data *, krb5_auth_pack **);
krb5_error_code
Modified: trunk/src/include/k5-int.h
===================================================================
--- trunk/src/include/k5-int.h 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/include/k5-int.h 2012-02-11 23:25:12 UTC (rev 25689)
@@ -1956,7 +1956,7 @@
/* To keep happy libraries which are (for now) accessing internal stuff */
/* Make sure to increment by one when changing the struct */
-#define KRB5INT_ACCESS_STRUCT_VERSION 20
+#define KRB5INT_ACCESS_STRUCT_VERSION 21
typedef struct _krb5int_access {
krb5_error_code (*auth_con_get_subkey_enctype)(krb5_context,
@@ -2047,10 +2047,6 @@
(*decode_krb5_pa_pk_as_rep)(const krb5_data *, krb5_pa_pk_as_rep **);
krb5_error_code
- (*decode_krb5_pa_pk_as_rep_draft9)(const krb5_data *,
- krb5_pa_pk_as_rep_draft9 **);
-
- krb5_error_code
(*decode_krb5_kdc_dh_key_info)(const krb5_data *, krb5_kdc_dh_key_info **);
krb5_error_code
Modified: trunk/src/lib/krb5/asn.1/asn1_k_decode.c
===================================================================
--- trunk/src/lib/krb5/asn.1/asn1_k_decode.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/lib/krb5/asn.1/asn1_k_decode.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -1195,124 +1195,6 @@
free_external_principal_identifier);
}
-#if 0 /* XXX This needs to be tested!!! XXX */
-asn1_error_code
-asn1_decode_trusted_ca(asn1buf *buf, krb5_trusted_ca *val)
-{
- setup();
- val->choice = choice_trusted_cas_UNKNOWN;
- {
- char *start, *end;
- size_t alloclen;
-
- begin_explicit_choice();
- if (t.tagnum == choice_trusted_cas_principalName) {
- val->choice = choice_trusted_cas_principalName;
- } else if (t.tagnum == choice_trusted_cas_caName) {
- val->choice = choice_trusted_cas_caName;
- val->u.caName.data = NULL;
- start = subbuf.next;
- {
- sequence_of_no_tagvars(&subbuf);
- unused_var(size);
- end_sequence_of_no_tagvars(&subbuf);
- }
- end = subbuf.next;
- alloclen = end - start;
- val->u.caName.data = malloc(alloclen);
- if (val->u.caName.data == NULL)
- clean_return(ENOMEM);
- memcpy(val->u.caName.data, start, alloclen);
- val->u.caName.length = alloclen;
- next_tag();
- } else if (t.tagnum == choice_trusted_cas_issuerAndSerial) {
- val->choice = choice_trusted_cas_issuerAndSerial;
- val->u.issuerAndSerial.data = NULL;
- start = subbuf.next;
- {
- sequence_of_no_tagvars(&subbuf);
- unused_var(size);
- end_sequence_of_no_tagvars(&subbuf);
- }
- end = subbuf.next;
- alloclen = end - start;
- val->u.issuerAndSerial.data = malloc(alloclen);
- if (val->u.issuerAndSerial.data == NULL)
- clean_return(ENOMEM);
- memcpy(val->u.issuerAndSerial.data, start, alloclen);
- val->u.issuerAndSerial.length = alloclen;
- next_tag();
- } else clean_return(ASN1_BAD_ID);
- end_explicit_choice();
- }
- return 0;
-error_out:
- if (val->choice == choice_trusted_cas_caName)
- free(val->u.caName.data);
- else if (val->choice == choice_trusted_cas_issuerAndSerial)
- free(val->u.issuerAndSerial.data);
- val->choice = choice_trusted_cas_UNKNOWN;
- return retval;
-}
-#else
-asn1_error_code
-asn1_decode_trusted_ca(asn1buf *buf, krb5_trusted_ca *val)
-{
- setup();
- val->choice = choice_trusted_cas_UNKNOWN;
- { begin_choice();
- if (tagnum == choice_trusted_cas_principalName) {
- val->choice = choice_trusted_cas_principalName;
- val->u.principalName = NULL;
- asn1_decode_krb5_principal_name(&subbuf, &(val->u.principalName));
- } else if (tagnum == choice_trusted_cas_caName) {
- val->choice = choice_trusted_cas_caName;
- val->u.caName.data = NULL;
- get_implicit_charstring(val->u.caName.length, val->u.caName.data,
- choice_trusted_cas_caName);
- } else if (tagnum == choice_trusted_cas_issuerAndSerial) {
- val->choice = choice_trusted_cas_issuerAndSerial;
- val->u.issuerAndSerial.data = NULL;
- get_implicit_charstring(val->u.issuerAndSerial.length,
- val->u.issuerAndSerial.data,
- choice_trusted_cas_issuerAndSerial);
- } else clean_return(ASN1_BAD_ID);
- end_choice();
- }
- return 0;
-error_out:
- if (val->choice == choice_trusted_cas_caName)
- free(val->u.caName.data);
- else if (val->choice == choice_trusted_cas_issuerAndSerial)
- free(val->u.issuerAndSerial.data);
- val->choice = choice_trusted_cas_UNKNOWN;
- return retval;
-}
-#endif /* if 0 */
-
-asn1_error_code
-asn1_decode_trusted_ca_ptr(asn1buf *buf, krb5_trusted_ca **valptr)
-{
- decode_ptr(krb5_trusted_ca *, asn1_decode_trusted_ca);
-}
-
-static void
-free_trusted_ca(void *dummy, krb5_trusted_ca *val)
-{
- if (val->choice == choice_trusted_cas_caName)
- free(val->u.caName.data);
- else if (val->choice == choice_trusted_cas_issuerAndSerial)
- free(val->u.issuerAndSerial.data);
- free(val);
-}
-
-asn1_error_code
-asn1_decode_sequence_of_trusted_ca(asn1buf *buf, krb5_trusted_ca ***val)
-{
- decode_array_body(krb5_trusted_ca, asn1_decode_trusted_ca_ptr,
- free_trusted_ca);
-}
-
static asn1_error_code
asn1_decode_kdf_alg_id_ptr(asn1buf *buf, krb5_data **valptr)
{
@@ -1626,39 +1508,6 @@
}
asn1_error_code
-asn1_decode_pa_pk_as_rep_draft9(asn1buf *buf, krb5_pa_pk_as_rep_draft9 *val)
-{
- setup();
- val->choice = choice_pa_pk_as_rep_draft9_UNKNOWN;
- { begin_structure();
- if (tagnum == choice_pa_pk_as_rep_draft9_dhSignedData) {
- val->choice = choice_pa_pk_as_rep_draft9_dhSignedData;
- val->u.dhSignedData.data = NULL;
- get_lenfield(val->u.dhSignedData.length, val->u.dhSignedData.data,
- choice_pa_pk_as_rep_draft9_dhSignedData,
- asn1_decode_charstring);
- } else if (tagnum == choice_pa_pk_as_rep_draft9_encKeyPack) {
- val->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
- val->u.encKeyPack.data = NULL;
- get_lenfield(val->u.encKeyPack.length, val->u.encKeyPack.data,
- choice_pa_pk_as_rep_draft9_encKeyPack,
- asn1_decode_charstring);
- } else {
- val->choice = choice_pa_pk_as_rep_draft9_UNKNOWN;
- }
- end_structure();
- }
- return 0;
-error_out:
- if (val->choice == choice_pa_pk_as_rep_draft9_dhSignedData)
- free(val->u.dhSignedData.data);
- else if (val->choice == choice_pa_pk_as_rep_draft9_encKeyPack)
- free(val->u.encKeyPack.data);
- val->choice = choice_pa_pk_as_rep_draft9_UNKNOWN;
- return retval;
-}
-
-asn1_error_code
asn1_decode_kdf_alg_id( asn1buf *buf, krb5_data *val)
{
setup();
Modified: trunk/src/lib/krb5/asn.1/asn1_k_decode.h
===================================================================
--- trunk/src/lib/krb5/asn.1/asn1_k_decode.h 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/lib/krb5/asn.1/asn1_k_decode.h 2012-02-11 23:25:12 UTC (rev 25689)
@@ -156,9 +156,6 @@
asn1_error_code asn1_decode_external_principal_identifier_ptr(
asn1buf *buf, krb5_external_principal_identifier **valptr);
asn1_error_code asn1_decode_pa_pk_as_req(asn1buf *buf, krb5_pa_pk_as_req *val);
-asn1_error_code asn1_decode_trusted_ca(asn1buf *buf, krb5_trusted_ca *val);
-asn1_error_code asn1_decode_trusted_ca_ptr(asn1buf *buf,
- krb5_trusted_ca **valptr);
asn1_error_code asn1_decode_pa_pk_as_req_draft9(asn1buf *buf,
krb5_pa_pk_as_req_draft9 *val);
asn1_error_code asn1_decode_dh_rep_info(asn1buf *buf, krb5_dh_rep_info *val);
@@ -179,8 +176,6 @@
krb5_auth_pack_draft9 *val);
asn1_error_code asn1_decode_pa_pk_as_rep(asn1buf *buf,
krb5_pa_pk_as_rep *val);
-asn1_error_code asn1_decode_pa_pk_as_rep_draft9(asn1buf *buf,
- krb5_pa_pk_as_rep_draft9 *val);
asn1_error_code asn1_decode_kdc_dh_key_info(asn1buf *buf,
krb5_kdc_dh_key_info *val);
asn1_error_code asn1_decode_krb5_principal_name(asn1buf *buf,
@@ -221,8 +216,6 @@
krb5_boolean v1_3_behavior);
asn1_error_code asn1_decode_sequence_of_external_principal_identifier(
asn1buf *buf, krb5_external_principal_identifier ***val);
-asn1_error_code asn1_decode_sequence_of_trusted_ca(asn1buf *buf,
- krb5_trusted_ca ***val);
asn1_error_code asn1_decode_sequence_of_algorithm_identifier(
asn1buf *buf, krb5_algorithm_identifier ***val);
Modified: trunk/src/lib/krb5/asn.1/asn1_k_decode_kdc.c
===================================================================
--- trunk/src/lib/krb5/asn.1/asn1_k_decode_kdc.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/lib/krb5/asn.1/asn1_k_decode_kdc.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -147,16 +147,6 @@
return retval;
}
-static void
-free_trusted_ca(void *dummy, krb5_trusted_ca *val)
-{
- if (val->choice == choice_trusted_cas_caName)
- free(val->u.caName.data);
- else if (val->choice == choice_trusted_cas_issuerAndSerial)
- free(val->u.issuerAndSerial.data);
- free(val);
-}
-
asn1_error_code
asn1_decode_pa_pk_as_req_draft9(asn1buf *buf, krb5_pa_pk_as_req_draft9 *val)
{
@@ -164,29 +154,16 @@
setup();
val->signedAuthPack.data = NULL;
val->kdcCert.data = NULL;
- val->encryptionCert.data = NULL;
- val->trustedCertifiers = NULL;
{ begin_structure();
+ /* PA-PK-AS-REQ in draft9 has four fields, but we only care about the
+ * first one. */
get_implicit_charstring(val->signedAuthPack.length, val->signedAuthPack.data, 0);
- opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_trusted_ca, NULL);
- opt_lenfield(val->kdcCert.length, val->kdcCert.data, 2, asn1_decode_charstring);
- opt_lenfield(val->encryptionCert.length, val->encryptionCert.data, 2, asn1_decode_charstring);
end_structure();
}
return 0;
error_out:
free(val->signedAuthPack.data);
- free(val->kdcCert.data);
- free(val->encryptionCert.data);
- if (val->trustedCertifiers) {
- for (i = 0; val->trustedCertifiers[i]; i++)
- free_trusted_ca(NULL, val->trustedCertifiers[i]);
- free(val->trustedCertifiers);
- }
val->signedAuthPack.data = NULL;
- val->kdcCert.data = NULL;
- val->encryptionCert.data = NULL;
- val->trustedCertifiers = NULL;
return retval;
}
Modified: trunk/src/lib/krb5/asn.1/asn1_k_encode.c
===================================================================
--- trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -1425,64 +1425,26 @@
pa_pk_as_req_optional);
/*
- * draft-ietf-cat-kerberos-pk-init-09 specifies these fields as explicitly
- * tagged KerberosName, Name, and IssuerAndSerialNumber respectively, which
- * means they should have constructed context tags. However, our historical
- * behavior is to use primitive context-specific tags, and we don't want to
- * change that behavior without interop testing. For the principal name, which
- * we encode ourselves, use a DEFTAGGEDTYPE to wrap the principal encoding in a
- * primitive [0] tag. For the other two types, we have the encoding in a
- * krb5_data object; pretend that they are wrapped in IMPLICIT OCTET STRING in
- * order to wrap them in primitive [1] and [2] tags.
+ * In draft-ietf-cat-kerberos-pk-init-09, this sequence has four fields, but we
+ * only ever use the first and third. The fields are specified as explicitly
+ * tagged, but our historical behavior is to pretend that they are wrapped in
+ * IMPLICIT OCTET STRING (i.e., generate primitive context tags), and we don't
+ * want to change that without interop testing.
*/
-DEFTAGGEDTYPE(trusted_ca_0, CONTEXT_SPECIFIC, PRIMITIVE, 0, 0, principal);
-DEFCTAGGEDTYPE_IMPLICIT(trusted_ca_1, 1, ostring_data);
-DEFCTAGGEDTYPE_IMPLICIT(trusted_ca_2, 2, ostring_data);
-static const struct atype_info *trusted_ca_alternatives[] = {
- &k5_atype_trusted_ca_0, &k5_atype_trusted_ca_1, &k5_atype_trusted_ca_2
-};
-DEFCHOICETYPE(trusted_ca_choice, union krb5_trusted_ca_choices,
- enum krb5_trusted_ca_selection, trusted_ca_alternatives);
-DEFCOUNTEDTYPE_SIGNED(trusted_ca, krb5_trusted_ca, u, choice,
- trusted_ca_choice);
-DEFPTRTYPE(trusted_ca_ptr, trusted_ca);
-
-DEFNULLTERMSEQOFTYPE(seqof_trusted_ca, trusted_ca_ptr);
-DEFPTRTYPE(ptr_seqof_trusted_ca, seqof_trusted_ca);
-
-/*
- * draft-ietf-cat-kerberos-pk-init-09 specifies signedAuthPack, kdcCert, and
- * EncryptionCert as explictly tagged SignedData, IssuerAndSerialNumber, and
- * IssuerAndSerialNumber, which means they should have constructed context
- * tags. However, our historical behavior is to use a primitive context tag,
- * and we don't want to change that without interop testing. We have the DER
- * encodings of these fields in krb5_data objects; pretend that they are
- * wrapped in IMPLICIT OCTET STRING in order to generate primitive context
- * tags.
- */
DEFFIELD_IMPLICIT(pa_pk_as_req9_0, krb5_pa_pk_as_req_draft9, signedAuthPack, 0,
ostring_data);
-DEFFIELD(pa_pk_as_req9_1, krb5_pa_pk_as_req_draft9, trustedCertifiers, 1,
- ptr_seqof_trusted_ca);
DEFFIELD_IMPLICIT(pa_pk_as_req9_2, krb5_pa_pk_as_req_draft9, kdcCert, 2,
ostring_data);
-DEFFIELD_IMPLICIT(pa_pk_as_req9_3, krb5_pa_pk_as_req_draft9, encryptionCert, 3,
- ostring_data);
static const struct atype_info *pa_pk_as_req_draft9_fields[] = {
- &k5_atype_pa_pk_as_req9_0, &k5_atype_pa_pk_as_req9_1,
- &k5_atype_pa_pk_as_req9_2, &k5_atype_pa_pk_as_req9_3
+ &k5_atype_pa_pk_as_req9_0, &k5_atype_pa_pk_as_req9_2
};
static unsigned int
pa_pk_as_req_draft9_optional(const void *p)
{
unsigned int not_present = 0;
const krb5_pa_pk_as_req_draft9 *val = p;
- if (val->trustedCertifiers == NULL)
- not_present |= (1u << 1);
if (val->kdcCert.length == 0)
- not_present |= (1u << 2);
- if (val->encryptionCert.length == 0)
- not_present |= (1u << 3);
+ not_present |= (1u << 1);
return not_present;
}
DEFSEQTYPE(pa_pk_as_req_draft9, krb5_pa_pk_as_req_draft9,
Modified: trunk/src/lib/krb5/asn.1/krb5_decode.c
===================================================================
--- trunk/src/lib/krb5/asn.1/krb5_decode.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/lib/krb5/asn.1/krb5_decode.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -852,19 +852,6 @@
}
krb5_error_code
-decode_krb5_pa_pk_as_rep_draft9(const krb5_data *code,
- krb5_pa_pk_as_rep_draft9 **repptr)
-{
- setup_buf_only(krb5_pa_pk_as_rep_draft9 *);
- alloc_field(rep);
-
- retval = asn1_decode_pa_pk_as_rep_draft9(&buf, rep);
- if (retval) clean_return(retval);
-
- cleanup(free);
-}
-
-krb5_error_code
decode_krb5_auth_pack(const krb5_data *code, krb5_auth_pack **repptr)
{
setup_buf_only(krb5_auth_pack *);
Modified: trunk/src/lib/krb5/os/accessor.c
===================================================================
--- trunk/src/lib/krb5/os/accessor.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/lib/krb5/os/accessor.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -91,7 +91,6 @@
SC (decode_krb5_pa_pk_as_req, decode_krb5_pa_pk_as_req),
SC (decode_krb5_pa_pk_as_req_draft9, decode_krb5_pa_pk_as_req_draft9),
SC (decode_krb5_pa_pk_as_rep, decode_krb5_pa_pk_as_rep),
- SC (decode_krb5_pa_pk_as_rep_draft9, decode_krb5_pa_pk_as_rep_draft9),
SC (decode_krb5_auth_pack, decode_krb5_auth_pack),
SC (decode_krb5_auth_pack_draft9, decode_krb5_auth_pack_draft9),
SC (decode_krb5_kdc_dh_key_info, decode_krb5_kdc_dh_key_info),
Modified: trunk/src/plugins/preauth/pkinit/pkinit.h
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit.h 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/plugins/preauth/pkinit/pkinit.h 2012-02-11 23:25:12 UTC (rev 25689)
@@ -316,7 +316,6 @@
void free_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in);
void free_krb5_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 **in);
void free_krb5_external_principal_identifier(krb5_external_principal_identifier ***in);
-void free_krb5_trusted_ca(krb5_trusted_ca ***in);
void free_krb5_algorithm_identifiers(krb5_algorithm_identifier ***in);
void free_krb5_algorithm_identifier(krb5_algorithm_identifier *in);
void free_krb5_kdc_dh_key_info(krb5_kdc_dh_key_info **in);
Modified: trunk/src/plugins/preauth/pkinit/pkinit_accessor.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_accessor.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/plugins/preauth/pkinit/pkinit_accessor.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -44,7 +44,6 @@
DEF_FUNC_PTRS(krb5_auth_pack_draft9);
DEF_FUNC_PTRS(krb5_kdc_dh_key_info);
DEF_FUNC_PTRS(krb5_pa_pk_as_rep);
-DEF_FUNC_PTRS(krb5_pa_pk_as_rep_draft9);
DEF_FUNC_PTRS(krb5_pa_pk_as_req);
DEF_FUNC_PTRS(krb5_pa_pk_as_req_draft9);
DEF_FUNC_PTRS(krb5_reply_key_pack);
@@ -55,6 +54,10 @@
(*k5int_decode_krb5_principal_name)(const krb5_data *, krb5_principal_data **);
krb5_error_code
+(*k5int_encode_krb5_pa_pk_as_rep_draft9)(const krb5_pa_pk_as_rep_draft9 *,
+ krb5_data **code);
+
+krb5_error_code
(*k5int_encode_krb5_td_dh_parameters)(const krb5_algorithm_identifier **,
krb5_data **code);
krb5_error_code
@@ -101,7 +104,6 @@
SET_PTRS(krb5_auth_pack_draft9);
SET_PTRS(krb5_kdc_dh_key_info);
SET_PTRS(krb5_pa_pk_as_rep);
- SET_PTRS(krb5_pa_pk_as_rep_draft9);
SET_PTRS(krb5_pa_pk_as_req);
SET_PTRS(krb5_pa_pk_as_req_draft9);
SET_PTRS(krb5_reply_key_pack);
@@ -112,6 +114,8 @@
/* special cases... */
k5int_decode_krb5_principal_name = k5int.decode_krb5_principal_name;
k5int_encode_krb5_kdc_req_body = k5int.encode_krb5_kdc_req_body;
+ k5int_encode_krb5_pa_pk_as_rep_draft9 = \
+ k5int.encode_krb5_pa_pk_as_rep_draft9;
k5int_krb5_free_kdc_req = k5int.free_kdc_req;
k5int_set_prompt_types = k5int.set_prompt_types;
return 0;
Modified: trunk/src/plugins/preauth/pkinit/pkinit_accessor.h
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_accessor.h 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/plugins/preauth/pkinit/pkinit_accessor.h 2012-02-11 23:25:12 UTC (rev 25689)
@@ -48,7 +48,6 @@
DEF_EXT_FUNC_PTRS(krb5_auth_pack_draft9);
DEF_EXT_FUNC_PTRS(krb5_kdc_dh_key_info);
DEF_EXT_FUNC_PTRS(krb5_pa_pk_as_rep);
-DEF_EXT_FUNC_PTRS(krb5_pa_pk_as_rep_draft9);
DEF_EXT_FUNC_PTRS(krb5_pa_pk_as_req);
DEF_EXT_FUNC_PTRS(krb5_pa_pk_as_req_draft9);
DEF_EXT_FUNC_PTRS(krb5_reply_key_pack);
@@ -58,6 +57,9 @@
extern krb5_error_code (*k5int_decode_krb5_principal_name)
(const krb5_data *, krb5_principal_data **);
+extern krb5_error_code (*k5int_encode_krb5_pa_pk_as_rep_draft9)
+ (const krb5_pa_pk_as_rep_draft9 *, krb5_data **code);
+
extern krb5_error_code (*k5int_encode_krb5_td_dh_parameters)
(const krb5_algorithm_identifier **, krb5_data **code);
extern krb5_error_code (*k5int_decode_krb5_td_dh_parameters)
Modified: trunk/src/plugins/preauth/pkinit/pkinit_clnt.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_clnt.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/plugins/preauth/pkinit/pkinit_clnt.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -431,14 +431,6 @@
retval = k5int_encode_krb5_pa_pk_as_req(req, as_req);
break;
case KRB5_PADATA_PK_AS_REQ_OLD:
-#if 0
- /* W2K3 KDC doesn't like this */
- retval = create_krb5_trustedCas(context, plgctx->cryptoctx,
- reqctx->cryptoctx, reqctx->idctx, 1, &req9->trustedCertifiers);
- if (retval)
- goto cleanup;
-
-#endif
retval = create_issuerAndSerial(context, plgctx->cryptoctx,
reqctx->cryptoctx, reqctx->idctx,
(unsigned char **)&req9->kdcCert.data,
Modified: trunk/src/plugins/preauth/pkinit/pkinit_crypto.h
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_crypto.h 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/plugins/preauth/pkinit/pkinit_crypto.h 2012-02-11 23:25:12 UTC (rev 25689)
@@ -400,22 +400,6 @@
krb5_external_principal_identifier ***trustedCertifiers); /* OUT */
/*
- * this functions takes in crypto specific representation of
- * trustedCas (draft9) and creates a list of krb5_trusted_ca (draft9).
- * draft9 trustedCAs is a CHOICE. we only support choices for
- * [1] caName and [2] issuerAndSerial. there is no config
- * option available to select the choice yet. default = 1.
- */
-krb5_error_code create_krb5_trustedCas
- (krb5_context context, /* IN */
- pkinit_plg_crypto_context plg_cryptoctx, /* IN */
- pkinit_req_crypto_context req_cryptoctx, /* IN */
- pkinit_identity_crypto_context id_cryptoctx, /* IN */
- int flag, /* IN
- specifies the tag of the CHOICE */
- krb5_trusted_ca ***trustedCas); /* OUT */
-
-/*
* this functions takes in crypto specific representation of the
* KDC's certificate and creates a DER encoded kdcPKId
*/
Modified: trunk/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_crypto_nss.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/plugins/preauth/pkinit/pkinit_crypto_nss.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -1765,18 +1765,6 @@
return 0;
}
-#if 0
-krb5_error_code
-create_krb5_trustedCas(krb5_context context,
- pkinit_plg_crypto_context plg_cryptoctx,
- pkinit_req_crypto_context req_cryptoctx,
- pkinit_identity_crypto_context id_cryptoctx,
- int flag, krb5_trusted_ca ***trustedCas)
-{
- return ENOSYS;
-}
-#endif
-
/* Populate a list of trusted certifiers with the list of the root certificates
* that we trust. */
static void
Modified: trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -5591,92 +5591,6 @@
}
krb5_error_code
-create_krb5_trustedCas(krb5_context context,
- pkinit_plg_crypto_context plg_cryptoctx,
- pkinit_req_crypto_context req_cryptoctx,
- pkinit_identity_crypto_context id_cryptoctx,
- int flag,
- krb5_trusted_ca *** ids)
-{
- krb5_error_code retval = ENOMEM;
- STACK_OF(X509) *sk = id_cryptoctx->trustedCAs;
- int i = 0, len = 0, sk_size = sk_X509_num(sk);
- krb5_trusted_ca **krb5_cas = NULL;
- X509 *x = NULL;
- char buf[DN_BUF_LEN];
- X509_NAME *xn = NULL;
- unsigned char *p = NULL;
- PKCS7_ISSUER_AND_SERIAL *is = NULL;
-
- *ids = NULL;
- if (id_cryptoctx->trustedCAs == NULL)
- return KRB5KDC_ERR_PREAUTH_FAILED;
-
- krb5_cas = malloc((sk_size + 1) * sizeof(krb5_trusted_ca *));
- if (krb5_cas == NULL)
- return ENOMEM;
- krb5_cas[sk_size] = NULL;
-
- for (i = 0; i < sk_size; i++) {
- krb5_cas[i] = malloc(sizeof(krb5_trusted_ca));
- if (krb5_cas[i] == NULL)
- goto cleanup;
- x = sk_X509_value(sk, i);
-
- X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
- pkiDebug("#%d cert= %s\n", i, buf);
-
- switch (flag) {
- case choice_trusted_cas_principalName:
- krb5_cas[i]->choice = choice_trusted_cas_principalName;
- break;
- case choice_trusted_cas_caName:
- krb5_cas[i]->choice = choice_trusted_cas_caName;
- krb5_cas[i]->u.caName.data = NULL;
- krb5_cas[i]->u.caName.length = 0;
- xn = X509_get_subject_name(x);
- len = i2d_X509_NAME(xn, NULL);
- if ((p = malloc((size_t) len)) == NULL)
- goto cleanup;
- krb5_cas[i]->u.caName.data = (char *)p;
- i2d_X509_NAME(xn, &p);
- krb5_cas[i]->u.caName.length = len;
- break;
- case choice_trusted_cas_issuerAndSerial:
- krb5_cas[i]->choice = choice_trusted_cas_issuerAndSerial;
- krb5_cas[i]->u.issuerAndSerial.data = NULL;
- krb5_cas[i]->u.issuerAndSerial.length = 0;
- is = PKCS7_ISSUER_AND_SERIAL_new();
- X509_NAME_set(&is->issuer, X509_get_issuer_name(x));
- M_ASN1_INTEGER_free(is->serial);
- is->serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(x));
- len = i2d_PKCS7_ISSUER_AND_SERIAL(is, NULL);
- if ((p = malloc((size_t) len)) == NULL)
- goto cleanup;
- krb5_cas[i]->u.issuerAndSerial.data = (char *)p;
- i2d_PKCS7_ISSUER_AND_SERIAL(is, &p);
- krb5_cas[i]->u.issuerAndSerial.length = len;
- if (is != NULL) {
- if (is->issuer != NULL)
- X509_NAME_free(is->issuer);
- if (is->serial != NULL)
- ASN1_INTEGER_free(is->serial);
- free(is);
- }
- break;
- default: break;
- }
- }
- retval = 0;
- *ids = krb5_cas;
-cleanup:
- if (retval)
- free_krb5_trusted_ca(&krb5_cas);
-
- return retval;
-}
-
-krb5_error_code
create_issuerAndSerial(krb5_context context,
pkinit_plg_crypto_context plg_cryptoctx,
pkinit_req_crypto_context req_cryptoctx,
Modified: trunk/src/plugins/preauth/pkinit/pkinit_lib.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_lib.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/plugins/preauth/pkinit/pkinit_lib.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -126,9 +126,6 @@
if (*in == NULL) return;
free((*in)->signedAuthPack.data);
free((*in)->kdcCert.data);
- free((*in)->encryptionCert.data);
- if ((*in)->trustedCertifiers != NULL)
- free_krb5_trusted_ca(&(*in)->trustedCertifiers);
free(*in);
}
@@ -223,30 +220,6 @@
}
void
-free_krb5_trusted_ca(krb5_trusted_ca ***in)
-{
- int i = 0;
- if (*in == NULL) return;
- while ((*in)[i] != NULL) {
- switch((*in)[i]->choice) {
- case choice_trusted_cas_principalName:
- break;
- case choice_trusted_cas_caName:
- free((*in)[i]->u.caName.data);
- break;
- case choice_trusted_cas_issuerAndSerial:
- free((*in)[i]->u.issuerAndSerial.data);
- break;
- case choice_trusted_cas_UNKNOWN:
- break;
- }
- free((*in)[i]);
- i++;
- }
- free(*in);
-}
-
-void
free_krb5_algorithm_identifier(krb5_algorithm_identifier *in)
{
if (in == NULL)
@@ -304,11 +277,8 @@
if ((*in) == NULL) return;
(*in)->signedAuthPack.data = NULL;
(*in)->signedAuthPack.length = 0;
- (*in)->trustedCertifiers = NULL;
(*in)->kdcCert.data = NULL;
(*in)->kdcCert.length = 0;
- (*in)->encryptionCert.data = NULL;
- (*in)->encryptionCert.length = 0;
}
void
Modified: trunk/src/tests/asn.1/krb5_decode_test.c
===================================================================
--- trunk/src/tests/asn.1/krb5_decode_test.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/tests/asn.1/krb5_decode_test.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -49,8 +49,6 @@
krb5_pa_pk_as_req *val);
static void ktest_free_pa_pk_as_rep(krb5_context context,
krb5_pa_pk_as_rep *val);
-static void ktest_free_pa_pk_as_rep_draft9(krb5_context context,
- krb5_pa_pk_as_rep_draft9 *val);
static void ktest_free_reply_key_pack(krb5_context context,
krb5_reply_key_pack *val);
static void ktest_free_reply_key_pack_draft9(krb5_context context,
@@ -1008,30 +1006,6 @@
}
/****************************************************************/
- /* decode_krb5_pa_pk_as_rep_draft9 */
- /*
- * NOTE: These are NOT the encodings produced by
- * encode_krb5_pa_pk_as_rep_draft9; they are hand-generated to match what
- * the decoder expects. The decoder expects a sequence containing an
- * explicitly tagged octet string, while the encoder produces an implicitly
- * tagged octet string. See issue #7072.
- */
- {
- setup(krb5_pa_pk_as_rep_draft9,ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData);
- decode_run("krb5_pa_pk_as_rep_draft9","(dhSignedData)","30 0C A0 0A 04 08 6B 72 62 35 64 61 74 61",
- acc.decode_krb5_pa_pk_as_rep_draft9,
- ktest_equal_pa_pk_as_rep_draft9,ktest_free_pa_pk_as_rep_draft9);
- ktest_empty_pa_pk_as_rep_draft9(&ref);
- }
- {
- setup(krb5_pa_pk_as_rep_draft9,ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack);
- decode_run("krb5_pa_pk_as_rep_draft9","(encKeyPack)","30 0C A1 0A 04 08 6B 72 62 35 64 61 74 61",
- acc.decode_krb5_pa_pk_as_rep_draft9,
- ktest_equal_pa_pk_as_rep_draft9,ktest_free_pa_pk_as_rep_draft9);
- ktest_empty_pa_pk_as_rep_draft9(&ref);
- }
-
- /****************************************************************/
/* decode_krb5_auth_pack */
{
setup(krb5_auth_pack,ktest_make_sample_auth_pack);
@@ -1170,15 +1144,6 @@
}
static void
-ktest_free_pa_pk_as_rep_draft9(krb5_context context,
- krb5_pa_pk_as_rep_draft9 *val)
-{
- if (val)
- ktest_empty_pa_pk_as_rep_draft9(val);
- free(val);
-}
-
-static void
ktest_free_reply_key_pack(krb5_context context, krb5_reply_key_pack *val)
{
if (val)
Modified: trunk/src/tests/asn.1/ktest.c
===================================================================
--- trunk/src/tests/asn.1/ktest.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/tests/asn.1/ktest.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -674,27 +674,6 @@
ktest_make_sample_data(&p->subjectKeyIdentifier);
}
-static void
-ktest_make_sample_trusted_ca_principalName(krb5_trusted_ca *p)
-{
- p->choice = choice_trusted_cas_principalName;
- ktest_make_sample_principal(&p->u.principalName);
-}
-
-static void
-ktest_make_sample_trusted_ca_caName(krb5_trusted_ca *p)
-{
- p->choice = choice_trusted_cas_caName;
- ktest_make_sample_data(&p->u.caName);
-}
-
-static void
-ktest_make_sample_trusted_ca_issuerAndSerial(krb5_trusted_ca *p)
-{
- p->choice = choice_trusted_cas_issuerAndSerial;
- ktest_make_sample_data(&p->u.issuerAndSerial);
-}
-
void
ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p)
{
@@ -714,15 +693,7 @@
int i;
ktest_make_sample_data(&p->signedAuthPack);
- p->trustedCertifiers = ealloc(4 * sizeof(krb5_trusted_ca *));
- for (i = 0; i < 3; i++)
- p->trustedCertifiers[i] = ealloc(sizeof(krb5_trusted_ca));
- ktest_make_sample_trusted_ca_principalName(p->trustedCertifiers[0]);
- ktest_make_sample_trusted_ca_caName(p->trustedCertifiers[1]);
- ktest_make_sample_trusted_ca_issuerAndSerial(p->trustedCertifiers[2]);
- p->trustedCertifiers[3] = NULL;
ktest_make_sample_data(&p->kdcCert);
- ktest_make_sample_data(&p->encryptionCert);
}
static void
@@ -1466,18 +1437,6 @@
ktest_empty_data(&p->subjectKeyIdentifier);
}
-static void
-ktest_empty_trusted_ca(krb5_trusted_ca *p)
-{
- if (p->choice == choice_trusted_cas_principalName)
- ktest_destroy_principal(&p->u.principalName);
- else if (p->choice == choice_trusted_cas_caName)
- ktest_empty_data(&p->u.caName);
- else if (p->choice == choice_trusted_cas_issuerAndSerial)
- ktest_empty_data(&p->u.issuerAndSerial);
- p->choice = choice_trusted_cas_UNKNOWN;
-}
-
void
ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p)
{
@@ -1496,19 +1455,8 @@
void
ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p)
{
- krb5_trusted_ca **ca;
-
ktest_empty_data(&p->signedAuthPack);
- if (p->trustedCertifiers != NULL) {
- for (ca = p->trustedCertifiers; *ca != NULL; ca++) {
- ktest_empty_trusted_ca(*ca);
- free(*ca);
- }
- free(p->trustedCertifiers);
- p->trustedCertifiers = NULL;
- }
ktest_empty_data(&p->kdcCert);
- ktest_empty_data(&p->encryptionCert);
}
static void
Modified: trunk/src/tests/asn.1/ktest_equal.c
===================================================================
--- trunk/src/tests/asn.1/ktest_equal.c 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/tests/asn.1/ktest_equal.c 2012-02-11 23:25:12 UTC (rev 25689)
@@ -854,29 +854,6 @@
array_compare(ktest_equal_external_principal_identifier);
}
-static int
-ktest_equal_trusted_ca(krb5_trusted_ca *ref, krb5_trusted_ca *var)
-{
- int p = TRUE;
- if (ref == var) return TRUE;
- else if (ref == NULL || var == NULL) return FALSE;
- if (ref->choice != var->choice) return FALSE;
- if (ref->choice == choice_trusted_cas_principalName)
- p = p && ptr_equal(u.principalName, ktest_equal_principal_data);
- else if (ref->choice == choice_trusted_cas_caName)
- p = p && equal_str(u.caName);
- else if (ref->choice == choice_trusted_cas_issuerAndSerial)
- p = p && equal_str(u.issuerAndSerial);
- return p;
-}
-
-static int
-ktest_equal_sequence_of_trusted_ca(krb5_trusted_ca **ref,
- krb5_trusted_ca **var)
-{
- array_compare(ktest_equal_trusted_ca);
-}
-
int
ktest_equal_pa_pk_as_req(krb5_pa_pk_as_req *ref, krb5_pa_pk_as_req *var)
{
@@ -898,9 +875,7 @@
if (ref == var) return TRUE;
else if (ref == NULL || var == NULL) return FALSE;
p = p && equal_str(signedAuthPack);
- p = p && ptr_equal(trustedCertifiers, ktest_equal_sequence_of_trusted_ca);
p = p && equal_str(kdcCert);
- p = p && equal_str(encryptionCert);
return p;
}
@@ -930,21 +905,6 @@
return p;
}
-int
-ktest_equal_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *ref,
- krb5_pa_pk_as_rep_draft9 *var)
-{
- int p = TRUE;
- if (ref == var) return TRUE;
- else if (ref == NULL || var == NULL) return FALSE;
- if (ref->choice != var->choice) return FALSE;
- if (ref->choice == choice_pa_pk_as_rep_draft9_dhSignedData)
- p = p && equal_str(u.dhSignedData);
- else if (ref->choice == choice_pa_pk_as_rep_draft9_encKeyPack)
- p = p && equal_str(u.encKeyPack);
- return p;
-}
-
static int
ktest_equal_sequence_of_data(krb5_data **ref, krb5_data **var)
{
Modified: trunk/src/tests/asn.1/ktest_equal.h
===================================================================
--- trunk/src/tests/asn.1/ktest_equal.h 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/tests/asn.1/ktest_equal.h 2012-02-11 23:25:12 UTC (rev 25689)
@@ -128,7 +128,6 @@
generic(ktest_equal_pa_pk_as_req, krb5_pa_pk_as_req);
generic(ktest_equal_pa_pk_as_req_draft9, krb5_pa_pk_as_req_draft9);
generic(ktest_equal_pa_pk_as_rep, krb5_pa_pk_as_rep);
-generic(ktest_equal_pa_pk_as_rep_draft9, krb5_pa_pk_as_rep_draft9);
generic(ktest_equal_auth_pack, krb5_auth_pack);
generic(ktest_equal_auth_pack_draft9, krb5_auth_pack_draft9);
generic(ktest_equal_kdc_dh_key_info, krb5_kdc_dh_key_info);
Modified: trunk/src/tests/asn.1/pkinit_encode.out
===================================================================
--- trunk/src/tests/asn.1/pkinit_encode.out 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/tests/asn.1/pkinit_encode.out 2012-02-11 23:25:12 UTC (rev 25689)
@@ -1,5 +1,5 @@
encode_krb5_pa_pk_as_req: 30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61
-encode_krb5_pa_pk_as_req_draft9: 30 52 80 08 6B 72 62 35 64 61 74 61 A1 32 30 30 80 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 83 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_req_draft9: 30 14 80 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61
encode_krb5_pa_pk_as_rep(dhInfo): A0 28 30 26 80 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
encode_krb5_pa_pk_as_rep(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
encode_krb5_pa_pk_as_rep_draft9(dhSignedData): 80 08 6B 72 62 35 64 61 74 61
Modified: trunk/src/tests/asn.1/pkinit_trval.out
===================================================================
--- trunk/src/tests/asn.1/pkinit_trval.out 2012-02-11 23:25:08 UTC (rev 25688)
+++ trunk/src/tests/asn.1/pkinit_trval.out 2012-02-11 23:25:12 UTC (rev 25689)
@@ -19,18 +19,8 @@
[Sequence/Sequence Of]
. [0] <8>
6b 72 62 35 64 61 74 61 krb5data
-. [1] [Sequence/Sequence Of]
-. . [0] <26>
- 30 18 a0 03 02 01 01 a1 11 30 0f 1b 06 68 66 0........0...hf
- 74 73 61 69 1b 05 65 78 74 72 61 tsai..extra
-. . [1] <8>
- 6b 72 62 35 64 61 74 61 krb5data
-. . [2] <8>
- 6b 72 62 35 64 61 74 61 krb5data
. [2] <8>
6b 72 62 35 64 61 74 61 krb5data
-. [3] <8>
- 6b 72 62 35 64 61 74 61 krb5data
encode_krb5_pa_pk_as_rep(dhInfo):
More information about the cvs-krb5
mailing list