diff options
author | Love Hornquist Astrand <lha@h5l.org> | 2013-04-29 11:37:39 -0700 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-08-28 11:18:15 +0200 |
commit | 9f245aafdca8397df7dc050e25cfd858aeb1cc7f (patch) | |
tree | 411698d7c154c5404db658d96825735bbc187e23 /source4/heimdal | |
parent | 51f40a0e1d10069f55a5884ff1579e8f15f10a1e (diff) | |
download | samba-9f245aafdca8397df7dc050e25cfd858aeb1cc7f.tar.gz |
HEIMDAL: allow optional q in DH DomainParameters
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from heimdal commit e8317b955f5a390c4f296871ba6987ad05478c95)
Diffstat (limited to 'source4/heimdal')
-rw-r--r-- | source4/heimdal/kdc/pkinit.c | 2 | ||||
-rw-r--r-- | source4/heimdal/lib/asn1/rfc2459.asn1 | 2 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/pkinit.c | 7 |
3 files changed, 8 insertions, 3 deletions
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index d85b1565007..3a9e8f266ce 100644 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -361,7 +361,7 @@ get_dh_param(krb5_context context, } ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits, - &dhparam.p, &dhparam.g, &dhparam.q, moduli, + &dhparam.p, &dhparam.g, dhparam.q, moduli, &client_params->dh_group_name); if (ret) { /* XXX send back proposal of better group */ diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1 index bf82f81d9e3..7843f65d0f6 100644 --- a/source4/heimdal/lib/asn1/rfc2459.asn1 +++ b/source4/heimdal/lib/asn1/rfc2459.asn1 @@ -239,7 +239,7 @@ ValidationParms ::= SEQUENCE { DomainParameters ::= SEQUENCE { p INTEGER, -- odd prime, p=jq +1 g INTEGER, -- generator, g - q INTEGER, -- factor of p-1 + q INTEGER OPTIONAL, -- factor of p-1 j INTEGER OPTIONAL, -- subgroup factor validationParms ValidationParms OPTIONAL -- ValidationParms } diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 1103a17807b..c30a298a15c 100644 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -497,7 +497,12 @@ build_auth_pack(krb5_context context, free_DomainParameters(&dp); return ret; } - ret = BN_to_integer(context, dh->q, &dp.q); + dp.q = calloc(1, sizeof(*dp.q)); + if (dp.q == NULL) { + free_DomainParameters(&dp); + return ENOMEM; + } + ret = BN_to_integer(context, dh->q, dp.q); if (ret) { free_DomainParameters(&dp); return ret; |