allow optional q in DH DomainParameters
This commit is contained in:
Love Hornquist Astrand
@@ -361,7 +361,7 @@ get_dh_param(krb5_context context,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
|
ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
|
||||||
&dhparam.p, &dhparam.g, &dhparam.q, moduli,
|
&dhparam.p, &dhparam.g, dhparam.q, moduli,
|
||||||
&client_params->dh_group_name);
|
&client_params->dh_group_name);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
/* XXX send back proposal of better group */
|
/* XXX send back proposal of better group */
|
||||||
|
|||||||
@@ -239,7 +239,7 @@ ValidationParms ::= SEQUENCE {
|
|||||||
DomainParameters ::= SEQUENCE {
|
DomainParameters ::= SEQUENCE {
|
||||||
p INTEGER, -- odd prime, p=jq +1
|
p INTEGER, -- odd prime, p=jq +1
|
||||||
g INTEGER, -- generator, g
|
g INTEGER, -- generator, g
|
||||||
q INTEGER, -- factor of p-1
|
q INTEGER OPTIONAL, -- factor of p-1
|
||||||
j INTEGER OPTIONAL, -- subgroup factor
|
j INTEGER OPTIONAL, -- subgroup factor
|
||||||
validationParms ValidationParms OPTIONAL -- ValidationParms
|
validationParms ValidationParms OPTIONAL -- ValidationParms
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -492,7 +492,12 @@ build_auth_pack(krb5_context context,
|
|||||||
free_DomainParameters(&dp);
|
free_DomainParameters(&dp);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
ret = BN_to_integer(context, dh->q, &dp.q);
|
dp.q = calloc(1, sizeof(*dp.q));
|
||||||
|
if (dp.q == NULL) {
|
||||||
|
free_DomainParameters(&dp);
|
||||||
|
return ENOMEM;
|
||||||
|
}
|
||||||
|
ret = BN_to_integer(context, dh->q, dp.q);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
free_DomainParameters(&dp);
|
free_DomainParameters(&dp);
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
Reference in New Issue
Block a user