From 1825455ede7e61ab934b16262fb5b12b78a52f1a Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sat, 24 May 2014 22:58:26 -0400 Subject: Always include salt in LDAP KrbKey encoding In the LDAP KDB module, ensure that every krb5_key_data we pass to asn1_encode_sequence_of_keys includes a salt type, for compatibility with the decoder in unpatched krb5 1.11 and 1.12. This is not a behavior change by itself; since 1.7 the encoder has always included a KrbKey salt field because it erroneously treats that field as non-optional. (Luckily, the encoded salt always happens to have salt type 0 because krb5_key_data constructors start with zeroed memory.) The next commit will fix the encoder and decoder to properly treat the KrbKey salt field as optional, so we need this change to ensure that our encodings remain compatible. Also fix the ASN.1 tests to set key_data_ver correctly for the sample test key data. ticket: 7919 --- src/tests/asn.1/ktest.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/tests') diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c index 4ce9f70..e4b3764 100644 --- a/src/tests/asn.1/ktest.c +++ b/src/tests/asn.1/ktest.c @@ -908,6 +908,7 @@ ktest_make_sample_key_data(krb5_key_data *p, int i) len = asprintf(&str, "key%d", i); if (len < 0) abort(); + p->key_data_ver = 2; p->key_data_type[0] = 2; p->key_data_length[0] = (unsigned int) len; p->key_data_contents[0] = (krb5_octet *)str; -- cgit v1.1