Revert "krb5: zero nonce before encoding for GSS preauth"

This reverts commit 34b374b5e4.

We are revising the GSS-API pre-authentication draft to include the nonce from
the first request in the GSS channel bindings, to avoid re-encoding issues that
may surface with Kerberos implementations that do not correctly implement DER.

lib/krb5/init_creds_pw.c

@@ -1211,7 +1211,6 @@ gss_pa_step(krb5_context context,
     krb5_data req_body;
     PA_DATA *pa;
     krb5_data *input_token;
-    KDC_REQ_BODY kdc_req_body;
 
     krb5_data_zero(&req_body);
     krb5_data_zero(output_token);
@@ -1239,16 +1238,8 @@ gss_pa_step(krb5_context context,
 	goto out;
     }
 
-    /*
-     * Zero the nonce before encoding, as the nonce may change between
-     * AS-REQs and we don't know which step the GSS mechanism will
-     * honor the channel binding data.
-     */
-    kdc_req_body = ctx->as_req.req_body;
-    kdc_req_body.nonce = 0;
-
     ASN1_MALLOC_ENCODE(KDC_REQ_BODY, req_body.data, req_body.length,
-		       &kdc_req_body, &len, ret);
+		       &ctx->as_req.req_body, &len, ret);
     if (ret)
 	goto out;
     heim_assert(req_body.length == len, "ASN.1 internal error");