oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

more bits for ECDH

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24688 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-02-14 04:17:05 +00:00
parent b370260466
commit 11876749d4
1 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
kdc/pkinit.c
View File

@@ -281,13 +281,6 @@ get_dh_param(krb5_context context,
memset(&dhparam, 0, sizeof(dhparam));
if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm,
oid_id_dhpublicnumber())) {
krb5_set_error_message(context, KRB5_BADMSGTYPE,
"PKINIT invalid oid in clientPublicValue");
return KRB5_BADMSGTYPE;
}
if (dh_key_info->algorithm.parameters == NULL) {
krb5_set_error_message(context, KRB5_BADMSGTYPE,
"PKINIT missing algorithm parameter "
@@ -313,7 +306,6 @@ get_dh_param(krb5_context context,
goto out;
}
ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
&dhparam.p, &dhparam.g, &dhparam.q, moduli,
&client_params->dh_group_name);
@@ -655,9 +647,18 @@ _kdc_pk_rd_padata(krb5_context context,
client_params->nonce = ap.pkAuthenticator.nonce;
if (ap.clientPublicValue) {
if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_dhpublicnumber) == 0) {
client_params->keyex = USE_DH;
ret = get_dh_param(context, config,
ap.clientPublicValue, client_params);
} else if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_ecPublicKey) == 0) {
client_params->keyex = USE_ECDH;
ret = KRB5_BADMSGTYPE;
krb5_set_error_message(context, ret, "PKINIT ECDH not supported yet");
} else {
ret = KRB5_BADMSGTYPE;
krb5_set_error_message(context, ret, "PKINIT unknown DH mechanism");
}
if (ret) {
free_AuthPack(&ap);
goto out;