replacing MIT's ASN.1 code
Ezra Peisach
epeisach at bu.edu
Tue Oct 23 14:14:58 EDT 2007
For laughs and giggles I decided to play with the a2c code w/ the
tests/asn1/krb5_decode_test - writing stubs to handle the a2c asn1
decoding to the current krb5 structures.
a) It is pretty straight forward to handle the decoding
b) I am concerned about thread safety. Cursory examination of the code
shows that it would be thread safe - this would have to be examined in full.
c) The implementation still has issues. I know Ken has already reported
some bugs to the maintainers - and I have found one with optional
sequence flagging - assuming they fix them - that will be better.
d) Memory leaks... Initial testing shows that there are memory leaks in
the system... I do not know the cause yet... In their own test examples
there are comments that they should release memory - so they are not
testing this yet...
e) DER vs BER encoding... We have always been generous in what we
receive and strict in what we send over the wire... It looks like DER
does not allow for indefinite encodings - but BER does... May need to
use BER decoding and DER encoding...
So personally, I do not feel the code is production ready for any long running server - but the potential is there. I have always been jealous of Heimdal's asn1 compiler...
Ezra
More information about the krbdev
mailing list