[krbdev.mit.edu #7919] git commit

[Tom Yu via RT]

Treat LDAP KrbKey salt field as optional

Per the ASN.1 definition, the KrbKey salt field is optional.  Since
1.7, we have been treating it as mandatory in the encoder; since 1.11,
we have been treating it as mandatory in the decoder.  Mostly by luck,
we have been encoding a salt type of 0 when key_data_ver is 1, but we
really should not be looking at key_data_type[1] or key_data_length[1]
in this situation.  Treat the salt field as optional in the encoder
and decoder.  Although the previous commit ensures that we continue to
always encode a salt (without any dangerous assumptions about
krb5_key_data constructors), this change will allow us to decode key
data encoded by 1.6 without salt fields.

This also fixes issue #7918, by properly setting key_data_ver to 2 if
a salt type but no salt value is present.  It is difficult to get the
decoder to actually assign 2 to key_data_ver just because the salt
field is there, so take care of that in asn1_decode_sequence_of_keys.

Adjust kdbtest.c to match the new behavior by setting key_data_ver to
2 in both test keys.

(cherry picked from commit fb5cd8df0dbd04dac4f610e68cba5b80a3cb8d48)

https://github.com/krb5/krb5/commit/cd957d3f62623168bcde3d66633f3d2fd4e775ba
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: cd957d3f62623168bcde3d66633f3d2fd4e775ba
Branch: krb5-1.12
 src/lib/krb5/asn.1/ldap_key_seq.c                  |   19 ++++++++++++++++---
 src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c |    6 ++++--
 src/tests/kdbtest.c                                |    2 +-
 3 files changed, 21 insertions(+), 6 deletions(-)