svn rev #25193: trunk/src/plugins/preauth/pkinit/
hartmans@MIT.EDU
hartmans at MIT.EDU
Sun Sep 18 20:35:06 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=25193
Commit By: hartmans
Log Message:
Refactor to use oid instead of algorithm_id in KDF interface
Changed Files:
U trunk/src/plugins/preauth/pkinit/pkinit_crypto.h
U trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
U trunk/src/plugins/preauth/pkinit/pkinit_kdf_test.c
Modified: trunk/src/plugins/preauth/pkinit/pkinit_crypto.h
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_crypto.h 2011-09-19 00:35:01 UTC (rev 25192)
+++ trunk/src/plugins/preauth/pkinit/pkinit_crypto.h 2011-09-19 00:35:06 UTC (rev 25193)
@@ -634,7 +634,7 @@
krb5_error_code
pkinit_alg_agility_kdf(krb5_context context,
krb5_octet_data *secret,
- krb5_algorithm_identifier *alg_id,
+ krb5_octet_data *alg_oid,
krb5_principal party_u_info,
krb5_principal party_v_info,
krb5_enctype enctype,
Modified: trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2011-09-19 00:35:01 UTC (rev 25192)
+++ trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2011-09-19 00:35:06 UTC (rev 25193)
@@ -2172,28 +2172,28 @@
*/
static krb5_error_code
pkinit_alg_values(krb5_context context,
- krb5_algorithm_identifier *alg_id,
+ const krb5_octet_data *alg_id,
size_t *hash_bytes,
const EVP_MD *(**func)(void))
{
*hash_bytes = 0;
*func = NULL;
- if ((alg_id->algorithm.length == krb5_pkinit_sha1_oid_len) &&
- (0 == memcmp(alg_id->algorithm.data, &krb5_pkinit_sha1_oid,
+ if ((alg_id->length == krb5_pkinit_sha1_oid_len) &&
+ (0 == memcmp(alg_id->data, &krb5_pkinit_sha1_oid,
krb5_pkinit_sha1_oid_len))) {
*hash_bytes = 20;
*func = &EVP_sha1;
return 0;
}
- else if ((alg_id->algorithm.length == krb5_pkinit_sha256_oid_len) &&
- (0 == memcmp(alg_id->algorithm.data, krb5_pkinit_sha256_oid,
+ else if ((alg_id->length == krb5_pkinit_sha256_oid_len) &&
+ (0 == memcmp(alg_id->data, krb5_pkinit_sha256_oid,
krb5_pkinit_sha256_oid_len))) {
*hash_bytes = 32;
*func = &EVP_sha256;
return 0;
}
- else if ((alg_id->algorithm.length == krb5_pkinit_sha512_oid_len) &&
- (0 == memcmp(alg_id->algorithm.data, krb5_pkinit_sha512_oid,
+ else if ((alg_id->length == krb5_pkinit_sha512_oid_len) &&
+ (0 == memcmp(alg_id->data, krb5_pkinit_sha512_oid,
krb5_pkinit_sha512_oid_len))) {
*hash_bytes = 32;
*func = &EVP_sha512;
@@ -2227,7 +2227,7 @@
krb5_error_code
pkinit_alg_agility_kdf(krb5_context context,
krb5_octet_data *secret,
- krb5_algorithm_identifier *alg_id,
+ krb5_octet_data *alg_oid,
krb5_principal party_u_info,
krb5_principal party_v_info,
krb5_enctype enctype,
@@ -2248,6 +2248,7 @@
krb5_pkinit_supp_pub_info supp_pub_info_fields;
krb5_data *other_info = NULL;
krb5_data *supp_pub_info = NULL;
+ krb5_algorithm_identifier alg_id;
const EVP_MD *(*EVP_func)(void);
/* initialize random_data here to make clean-up safe */
@@ -2266,7 +2267,7 @@
}
memset (key_block->contents, 0, key_block->length);
- if (0 != (retval = pkinit_alg_values(context, alg_id, &hash_len, &EVP_func)))
+ if (0 != (retval = pkinit_alg_values(context, alg_oid, &hash_len, &EVP_func)))
goto cleanup;
/* 1. reps = keydatalen (K) / hash length (H) */
@@ -2297,7 +2298,10 @@
goto cleanup;
/* Now encode the ASN.1 octet string for "OtherInfo" */
- other_info_fields.algorithm_identifier = *alg_id;
+ memset(&alg_id, 0, sizeof alg_id);
+ alg_id.algorithm = *alg_oid; /*alias*/
+
+ other_info_fields.algorithm_identifier = alg_id;
other_info_fields.party_u_info = party_u_info;
other_info_fields.party_v_info = party_v_info;
other_info_fields.supp_pub_info = *supp_pub_info;
Modified: trunk/src/plugins/preauth/pkinit/pkinit_kdf_test.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_kdf_test.c 2011-09-19 00:35:01 UTC (rev 25192)
+++ trunk/src/plugins/preauth/pkinit/pkinit_kdf_test.c 2011-09-19 00:35:06 UTC (rev 25193)
@@ -149,7 +149,7 @@
}
/* call krb5_pkinit_alg_agility_kdf() with test vector values*/
- if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, &alg_id,
+ if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, &alg_id.algorithm,
u_principal, v_principal,
enctype, &as_req, &pk_as_rep,
&test_ticket, &key_block))) {
More information about the cvs-krb5
mailing list