diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-01-08 21:27:59 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-01-08 21:27:59 +0000 |
commit | 94cfb9542c15bb54a786fa62c26f357d183cea41 (patch) | |
tree | 7b891f5ca161bbd8eed38e5d4cd6e9f8cf1e1793 /src/lib/krb5/asn.1/asn1_k_encode.c | |
parent | 4e51ef754ee49ce6e48869df9aca47572ab1b4f8 (diff) | |
download | krb5-94cfb9542c15bb54a786fa62c26f357d183cea41.zip krb5-94cfb9542c15bb54a786fa62c26f357d183cea41.tar.gz krb5-94cfb9542c15bb54a786fa62c26f357d183cea41.tar.bz2 |
Fix PKINIT serverDHNonce encoding
Use an explicit tag for serverDHNonce, as specified in RFC 4556,
rather than the implicit tag we historically used. This bug had no
practical effect (and creates no interoperability issues) because we
never generate a serverDHNonce.
ticket: 7061
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25623 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/asn.1/asn1_k_encode.c')
-rw-r--r-- | src/lib/krb5/asn.1/asn1_k_encode.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index b23a3ef..a811e7e 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -1574,15 +1574,9 @@ dh_rep_info_optional(const void *p) return optional; } -/* - * RFC 4556 specifies serverDHNonce as an explicitly tagged octet string. - * Historically we encode it as an implicitly tagged octet string. This may be - * harmless (and fixable) since we don't appear to include a serverDHNonce in - * our PKINIT server code, but we would want to change this carefully. - */ static const struct field_info dh_rep_info_fields[] = { FIELDOF_NORM(krb5_dh_rep_info, ostring_data, dhSignedData, 0, 1), - FIELDOF_OPT(krb5_dh_rep_info, ostring_data, serverDHNonce, 1, 1, 1), + FIELDOF_OPT(krb5_dh_rep_info, ostring_data, serverDHNonce, 1, 0, 1), FIELDOF_OPT(krb5_dh_rep_info, kdf_alg_id_ptr, kdfID, 2, 0, 2), }; DEFSEQTYPE(dh_rep_info, krb5_dh_rep_info, |