(_krb5_dh_group_ok): if not enough bits are generated from the DH groups, fail.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16211 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-10-21 17:18:38 +00:00
parent 3bfded2697
commit 993ae3a82f

View File

@@ -2639,11 +2639,21 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits,
char **name)
{
int i;
if (name)
*name = NULL;
for (i = 0; moduli[i] != NULL; i++) {
if (heim_integer_cmp(&moduli[i]->g, g) == 0 &&
heim_integer_cmp(&moduli[i]->p, p) == 0 &&
heim_integer_cmp(&moduli[i]->q, q) == 0)
{
if (bits && bits > moduli[i]->bits) {
krb5_set_error_string(context, "PKINIT: DH group parameter %s "
"no accepted, not enough bits generated",
moduli[i]->name);
return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
}
if (name)
*name = strdup(moduli[i]->name);
return 0;