adapt to asn1 bignum code, use HEIM_PKINIT errors
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13354 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
46
kdc/pkinit.c
46
kdc/pkinit.c
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 2003 - 2004 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -42,12 +42,6 @@ RCSID("$Id$");
|
|||||||
#include <cms_asn1.h>
|
#include <cms_asn1.h>
|
||||||
#include <pkinit_asn1.h>
|
#include <pkinit_asn1.h>
|
||||||
|
|
||||||
#define KRB5_AP_ERR_NO_CERT_OR_KEY EINVAL
|
|
||||||
#define KRB5_AP_ERR_NO_VALID_CA EINVAL
|
|
||||||
#define KRB5_AP_ERR_CERT EINVAL
|
|
||||||
#define KRB5_AP_ERR_PRIVATE_KEY EINVAL
|
|
||||||
#define KRB5_AP_ERR_OPENSSL EINVAL
|
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
@@ -102,7 +96,7 @@ struct pk_principal_mapping {
|
|||||||
(BL) = i2d_##T((S), &p); \
|
(BL) = i2d_##T((S), &p); \
|
||||||
if ((BL) <= 0) { \
|
if ((BL) <= 0) { \
|
||||||
free((B)); \
|
free((B)); \
|
||||||
(R) = KRB5_AP_ERR_OPENSSL; \
|
(R) = ASN1_OVERRUN; \
|
||||||
} \
|
} \
|
||||||
} \
|
} \
|
||||||
} \
|
} \
|
||||||
@@ -140,7 +134,7 @@ pk_check_pkauthenticator(krb5_context context,
|
|||||||
krb5_timeofday (context, &now);
|
krb5_timeofday (context, &now);
|
||||||
|
|
||||||
/* XXX cusec */
|
/* XXX cusec */
|
||||||
if (a->ctime == NULL || abs(a->ctime - now) > context->max_skew) {
|
if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
|
||||||
krb5_clear_error_string(context);
|
krb5_clear_error_string(context);
|
||||||
return KRB5KRB_AP_ERR_SKEW;
|
return KRB5KRB_AP_ERR_SKEW;
|
||||||
}
|
}
|
||||||
@@ -319,7 +313,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static BIGNUM *
|
static BIGNUM *
|
||||||
any_to_BN(krb5_context context, const char *field, heim_any *f)
|
big_integer_to_BN(krb5_context context, const char *field, heim_big_integer *f)
|
||||||
{
|
{
|
||||||
unsigned char *p = f->data;
|
unsigned char *p = f->data;
|
||||||
ASN1_INTEGER *i;
|
ASN1_INTEGER *i;
|
||||||
@@ -384,24 +378,24 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
ret = KRB5_BADMSGTYPE;
|
ret = KRB5_BADMSGTYPE;
|
||||||
dh->p = any_to_BN(context, "DH prime", &dhparam.p);
|
dh->p = big_integer_to_BN(context, "DH prime", &dhparam.p);
|
||||||
if (dh->p == NULL)
|
if (dh->p == NULL)
|
||||||
goto out;
|
goto out;
|
||||||
dh->g = any_to_BN(context, "DH base", &dhparam.g);
|
dh->g = big_integer_to_BN(context, "DH base", &dhparam.g);
|
||||||
if (dh->g == NULL)
|
if (dh->g == NULL)
|
||||||
goto out;
|
goto out;
|
||||||
dh->q = any_to_BN(context, "DH p-1 factor", &dhparam.q);
|
dh->q = big_integer_to_BN(context, "DH p-1 factor", &dhparam.q);
|
||||||
if (dh->g == NULL)
|
if (dh->g == NULL)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
{
|
{
|
||||||
heim_any glue;
|
heim_big_integer glue;
|
||||||
glue.data = dh_key_info->subjectPublicKey.data;
|
glue.data = dh_key_info->subjectPublicKey.data;
|
||||||
glue.length = dh_key_info->subjectPublicKey.length;
|
glue.length = dh_key_info->subjectPublicKey.length;
|
||||||
|
|
||||||
client_params->dh_public_key = any_to_BN(context,
|
client_params->dh_public_key = big_integer_to_BN(context,
|
||||||
"subjectPublicKey",
|
"subjectPublicKey",
|
||||||
&glue);
|
&glue);
|
||||||
if (client_params->dh_public_key == NULL) {
|
if (client_params->dh_public_key == NULL) {
|
||||||
krb5_clear_error_string(context);
|
krb5_clear_error_string(context);
|
||||||
goto out;
|
goto out;
|
||||||
@@ -613,6 +607,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
|||||||
krb5_enctype enctype = ETYPE_DES3_CBC_NONE;
|
krb5_enctype enctype = ETYPE_DES3_CBC_NONE;
|
||||||
heim_oid *enc_type_oid = NULL;
|
heim_oid *enc_type_oid = NULL;
|
||||||
X509_NAME *issuer_name;
|
X509_NAME *issuer_name;
|
||||||
|
heim_big_integer *serial;
|
||||||
|
|
||||||
size_t size;
|
size_t size;
|
||||||
|
|
||||||
@@ -700,13 +695,20 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
|||||||
krb5_clear_error_string(context);
|
krb5_clear_error_string(context);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
ri->rid.u.issuerAndSerialNumber.serialNumber =
|
|
||||||
ASN1_INTEGER_get(
|
|
||||||
X509_get_serialNumber(client_params->certificate->cert));
|
|
||||||
|
|
||||||
ri->rid.u.issuerAndSerialNumber.issuer.data = buf.data;
|
ri->rid.u.issuerAndSerialNumber.issuer.data = buf.data;
|
||||||
ri->rid.u.issuerAndSerialNumber.issuer.length = buf.length;
|
ri->rid.u.issuerAndSerialNumber.issuer.length = buf.length;
|
||||||
|
|
||||||
|
serial = &ri->rid.u.issuerAndSerialNumber.serialNumber;
|
||||||
|
OPENSSL_ASN1_MALLOC_ENCODE(ASN1_INTEGER,
|
||||||
|
serial->data,
|
||||||
|
serial->length,
|
||||||
|
X509_get_serialNumber(client_params->certificate->cert),
|
||||||
|
ret);
|
||||||
|
if (ret) {
|
||||||
|
krb5_clear_error_string(context);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
heim_oid *pk_enc_key_oid;
|
heim_oid *pk_enc_key_oid;
|
||||||
krb5_data enc_tmp_key;
|
krb5_data enc_tmp_key;
|
||||||
@@ -809,7 +811,7 @@ pk_mk_pa_reply_dh(krb5_context context,
|
|||||||
if (dh_pub_key == NULL) {
|
if (dh_pub_key == NULL) {
|
||||||
krb5_set_error_string(context, "BN_to_ASN1_INTEGER() failed (%s)",
|
krb5_set_error_string(context, "BN_to_ASN1_INTEGER() failed (%s)",
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
ERR_error_string(ERR_get_error(), NULL));
|
||||||
ret = KRB5_AP_ERR_OPENSSL;
|
ret = ENOMEM;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user