replacing MIT's ASN.1 code

Ezra Peisach epeisach at
Tue Oct 23 14:14:58 EDT 2007

For laughs and giggles I decided to play with the a2c code w/ the 
tests/asn1/krb5_decode_test - writing stubs to handle the a2c asn1 
decoding to the current krb5 structures.

 a) It is pretty straight forward to handle the decoding

b) I am concerned about thread safety. Cursory examination of the code 
shows that it would be thread safe - this would have to be examined in full.

c) The implementation still has issues. I know Ken has already reported 
some bugs to the maintainers - and I have found one with optional 
sequence flagging - assuming they fix them - that will be better.

d) Memory leaks... Initial testing shows that there are memory leaks in 
the system... I do not know the cause yet... In their own test examples 
there are comments that they should release memory - so they are not 
testing this yet...

e) DER vs BER encoding... We have always been generous in what we 
receive and strict in what we send over the wire... It looks like DER 
does not allow for indefinite encodings - but BER does... May need to 
use BER decoding and DER encoding...

So personally, I do not feel the code is production ready for any long running server - but the potential is there.  I have always been jealous of Heimdal's asn1 compiler...


More information about the krbdev mailing list