oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(_krb5_pk_create_sign): always set the digestAlgorithm to sha1 (both

Browse Source 
for SignerInfo and SignedData, add new function _set_digest_alg to set it


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13759 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-04-24 12:26:38 +00:00
parent c68ce70373
commit 76d1e32354
1 changed files with 48 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
lib/krb5/pkinit.c
View File

@@ -166,6 +166,36 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
return 0; return 0;
} }
static krb5_error_code
set_digest_alg(DigestAlgorithmIdentifier *id,
const heim_oid *oid,
void *param, size_t length)
{
krb5_error_code ret;
if (param) {
id->parameters = malloc(sizeof(*id->parameters));
if (id->parameters == NULL)
return ENOMEM;
id->parameters->data = malloc(length);
if (id->parameters->data == NULL) {
free(id->parameters);
id->parameters = NULL;
return ENOMEM;
}
memcpy(id->parameters->data, param, length);
}
ret = copy_oid(oid, &id->algorithm);
if (ret) {
if (id->parameters) {
free(id->parameters->data);
free(id->parameters);
id->parameters = NULL;
}
return ret;
}
return 0;
}
krb5_error_code krb5_error_code
_krb5_pk_create_sign(krb5_context context, _krb5_pk_create_sign(krb5_context context,
const heim_oid *eContentType, const heim_oid *eContentType,
@@ -173,7 +203,6 @@ _krb5_pk_create_sign(krb5_context context,
struct krb5_pk_identity *id, struct krb5_pk_identity *id,
krb5_data *sd_data) krb5_data *sd_data)
{ {
const heim_oid *digest_oid;
SignerInfo *signer_info; SignerInfo *signer_info;
X509 *user_cert; X509 *user_cert;
heim_integer *serial; heim_integer *serial;
@@ -272,39 +301,19 @@ _krb5_pk_create_sign(krb5_context context,
} }
} }
if (context->pkinit_flags & KRB5_PKINIT_PACKET_CABLE) if ((context->pkinit_flags & KRB5_PKINIT_WIN2K) == 0)
digest_oid = &heim_sha1_oid; ret = set_digest_alg(&signer_info->digestAlgorithm,
&heim_sha1_oid,
"\x05\x00", 2);
else else
digest_oid = &heim_sha1WithRSAEncryption_oid; ret = set_digest_alg(&signer_info->digestAlgorithm,
&heim_sha1_oid,
ret = copy_oid(digest_oid, &signer_info->digestAlgorithm.algorithm); NULL, 0);
signer_info->digestAlgorithm.parameters = NULL;
if (ret) { if (ret) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out; goto out;
} }
/* CMS really requires NULL, but Windows gets unhappy then */
if ((context->pkinit_flags & KRB5_PKINIT_WIN2K) == 0) {
signer_info->digestAlgorithm.parameters =
malloc(sizeof(*signer_info->digestAlgorithm.parameters));
if (signer_info->digestAlgorithm.parameters == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
signer_info->digestAlgorithm.parameters->data = malloc(2);
if (signer_info->digestAlgorithm.parameters->data == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
memcpy(signer_info->digestAlgorithm.parameters->data, "\x05\x00", 2);
signer_info->digestAlgorithm.parameters->length = 2;
}
signer_info->signedAttrs = NULL; signer_info->signedAttrs = NULL;
signer_info->unsignedAttrs = NULL; signer_info->unsignedAttrs = NULL;
@@ -343,13 +352,18 @@ _krb5_pk_create_sign(krb5_context context,
goto out; goto out;
} }
if (context->pkinit_flags & KRB5_PKINIT_WIN2K) if ((context->pkinit_flags & KRB5_PKINIT_WIN2K) == 0)
digest_oid = &heim_sha1_oid; ret = set_digest_alg(&sd.digestAlgorithms.val[0],
&heim_sha1_oid,
"\x05\x00", 2);
else else
digest_oid = &heim_rsaEncryption_oid; ret = set_digest_alg(&sd.digestAlgorithms.val[0],
&heim_sha1_oid,
copy_oid(digest_oid, &sd.digestAlgorithms.val[0].algorithm); NULL, 0);
sd.digestAlgorithms.val[0].parameters = NULL; if (ret) {
krb5_set_error_string(context, "malloc: out of memory");
goto out;
}
ALLOC(sd.certificates, 1); ALLOC(sd.certificates, 1);
if (sd.certificates == NULL) { if (sd.certificates == NULL) {