The public DH key is encoded as an INTEGER in subjectPublicKey.

Don't verify OID's for now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16098 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-09-25 15:18:14 +00:00
parent 70a6c9a2e4
commit 61b1ea80de

View File

@@ -401,6 +401,13 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info,
goto out;
}
if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
ret = KRB5_BADMSGTYPE;
krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned "
"to 8 bit boundary");
goto out;
}
dh = DH_new();
if (dh == NULL) {
krb5_set_error_string(context, "Cannot create DH structure (%s)",
@@ -423,10 +430,10 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info,
heim_integer glue;
size_t size;
ret = der_get_heim_integer(dh_key_info->subjectPublicKey.data,
dh_key_info->subjectPublicKey.length / 8,
&glue,
&size);
ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data,
dh_key_info->subjectPublicKey.length / 8,
&glue,
&size);
if (ret) {
krb5_clear_error_string(context);
return ret;
@@ -435,10 +442,9 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info,
client_params->dh_public_key = integer_to_BN(context,
"subjectPublicKey",
&glue);
if (client_params->dh_public_key == NULL) {
krb5_clear_error_string(context);
free_heim_integer(&glue);
if (client_params->dh_public_key == NULL)
goto out;
}
}
if (DH_check(dh, &dhret) != 1) {
@@ -715,12 +721,14 @@ _kdc_pk_rd_padata(krb5_context context,
if (ret)
goto out;
#if 0
/* Signature is correct, now verify the signed message */
if (heim_oid_cmp(&eContentType, pa_contentType)) {
krb5_set_error_string(context, "got wrong oid for pkauthdata");
ret = KRB5_BADMSGTYPE;
goto out;
}
#endif
if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
AuthPack_Win2k ap;