From e8317b955f5a390c4f296871ba6987ad05478c95 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Mon, 29 Apr 2013 11:37:39 -0700 Subject: [PATCH] allow optional q in DH DomainParameters --- kdc/pkinit.c | 2 +- lib/asn1/rfc2459.asn1 | 2 +- lib/krb5/pkinit.c | 7 ++++++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/kdc/pkinit.c b/kdc/pkinit.c index b6817a19d..2314c2b75 100644 --- a/kdc/pkinit.c +++ b/kdc/pkinit.c @@ -361,7 +361,7 @@ get_dh_param(krb5_context context, } ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits, - &dhparam.p, &dhparam.g, &dhparam.q, moduli, + &dhparam.p, &dhparam.g, dhparam.q, moduli, &client_params->dh_group_name); if (ret) { /* XXX send back proposal of better group */ diff --git a/lib/asn1/rfc2459.asn1 b/lib/asn1/rfc2459.asn1 index 5df9e41ff..d6c273d0e 100644 --- a/lib/asn1/rfc2459.asn1 +++ b/lib/asn1/rfc2459.asn1 @@ -239,7 +239,7 @@ ValidationParms ::= SEQUENCE { DomainParameters ::= SEQUENCE { p INTEGER, -- odd prime, p=jq +1 g INTEGER, -- generator, g - q INTEGER, -- factor of p-1 + q INTEGER OPTIONAL, -- factor of p-1 j INTEGER OPTIONAL, -- subgroup factor validationParms ValidationParms OPTIONAL -- ValidationParms } diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index 901708499..3f7495186 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -492,7 +492,12 @@ build_auth_pack(krb5_context context, free_DomainParameters(&dp); return ret; } - ret = BN_to_integer(context, dh->q, &dp.q); + dp.q = calloc(1, sizeof(*dp.q)); + if (dp.q == NULL) { + free_DomainParameters(&dp); + return ENOMEM; + } + ret = BN_to_integer(context, dh->q, dp.q); if (ret) { free_DomainParameters(&dp); return ret;