Changeset View
Changeset View
Standalone View
Standalone View
projects/openssl111/crypto/heimdal/kdc/pkinit.c
Show First 20 Lines • Show All 325 Lines • ▼ Show 20 Lines | |||||
static krb5_error_code | static krb5_error_code | ||||
get_dh_param(krb5_context context, | get_dh_param(krb5_context context, | ||||
krb5_kdc_configuration *config, | krb5_kdc_configuration *config, | ||||
SubjectPublicKeyInfo *dh_key_info, | SubjectPublicKeyInfo *dh_key_info, | ||||
pk_client_params *client_params) | pk_client_params *client_params) | ||||
{ | { | ||||
DomainParameters dhparam; | DomainParameters dhparam; | ||||
DH *dh = NULL; | DH *dh = NULL; | ||||
BIGNUM *p, *q, *g; | |||||
krb5_error_code ret; | krb5_error_code ret; | ||||
memset(&dhparam, 0, sizeof(dhparam)); | memset(&dhparam, 0, sizeof(dhparam)); | ||||
if ((dh_key_info->subjectPublicKey.length % 8) != 0) { | if ((dh_key_info->subjectPublicKey.length % 8) != 0) { | ||||
ret = KRB5_BADMSGTYPE; | ret = KRB5_BADMSGTYPE; | ||||
krb5_set_error_message(context, ret, | krb5_set_error_message(context, ret, | ||||
"PKINIT: subjectPublicKey not aligned " | "PKINIT: subjectPublicKey not aligned " | ||||
Show All 28 Lines | goto out; | ||||
dh = DH_new(); | dh = DH_new(); | ||||
if (dh == NULL) { | if (dh == NULL) { | ||||
ret = ENOMEM; | ret = ENOMEM; | ||||
krb5_set_error_message(context, ret, "Cannot create DH structure"); | krb5_set_error_message(context, ret, "Cannot create DH structure"); | ||||
goto out; | goto out; | ||||
} | } | ||||
ret = KRB5_BADMSGTYPE; | ret = KRB5_BADMSGTYPE; | ||||
dh->p = integer_to_BN(context, "DH prime", &dhparam.p); | p = integer_to_BN(context, "DH prime", &dhparam.p); | ||||
if (dh->p == NULL) | g = integer_to_BN(context, "DH base", &dhparam.g); | ||||
q = integer_to_BN(context, "DH p-1 factor", &dhparam.q); | |||||
if (p == NULL || g == NULL || q == NULL) { | |||||
BN_free(p); | |||||
BN_free(g); | |||||
BN_free(q); | |||||
goto out; | goto out; | ||||
dh->g = integer_to_BN(context, "DH base", &dhparam.g); | } | ||||
if (dh->g == NULL) | if (DH_set0_pqg(dh, p, g, q) != 1) { | ||||
BN_free(p); | |||||
BN_free(g); | |||||
BN_free(q); | |||||
goto out; | goto out; | ||||
dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q); | } | ||||
if (dh->g == NULL) | |||||
goto out; | |||||
{ | { | ||||
heim_integer glue; | heim_integer glue; | ||||
size_t size; | size_t size; | ||||
ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data, | ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data, | ||||
dh_key_info->subjectPublicKey.length / 8, | dh_key_info->subjectPublicKey.length / 8, | ||||
&glue, | &glue, | ||||
▲ Show 20 Lines • Show All 495 Lines • ▼ Show 20 Lines | *ret_params = cp; | ||||
return ret; | return ret; | ||||
} | } | ||||
/* | /* | ||||
* | * | ||||
*/ | */ | ||||
static krb5_error_code | static krb5_error_code | ||||
BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) | BN_to_integer(krb5_context context, const BIGNUM *bn, heim_integer *integer) | ||||
{ | { | ||||
integer->length = BN_num_bytes(bn); | integer->length = BN_num_bytes(bn); | ||||
integer->data = malloc(integer->length); | integer->data = malloc(integer->length); | ||||
if (integer->data == NULL) { | if (integer->data == NULL) { | ||||
krb5_clear_error_message(context); | krb5_clear_error_message(context); | ||||
return ENOMEM; | return ENOMEM; | ||||
} | } | ||||
BN_bn2bin(bn, integer->data); | BN_bn2bin(bn, integer->data); | ||||
▲ Show 20 Lines • Show All 200 Lines • ▼ Show 20 Lines | pk_mk_pa_reply_dh(krb5_context context, | ||||
memset(&dh_info, 0, sizeof(dh_info)); | memset(&dh_info, 0, sizeof(dh_info)); | ||||
krb5_data_zero(&signed_data); | krb5_data_zero(&signed_data); | ||||
krb5_data_zero(&buf); | krb5_data_zero(&buf); | ||||
*kdc_cert = NULL; | *kdc_cert = NULL; | ||||
if (cp->keyex == USE_DH) { | if (cp->keyex == USE_DH) { | ||||
DH *kdc_dh = cp->u.dh.key; | DH *kdc_dh = cp->u.dh.key; | ||||
const BIGNUM *pub_key; | |||||
heim_integer i; | heim_integer i; | ||||
ret = BN_to_integer(context, kdc_dh->pub_key, &i); | DH_get0_key(kdc_dh, &pub_key, NULL); | ||||
ret = BN_to_integer(context, pub_key, &i); | |||||
if (ret) | if (ret) | ||||
return ret; | return ret; | ||||
ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret); | ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret); | ||||
der_free_heim_integer(&i); | der_free_heim_integer(&i); | ||||
if (ret) { | if (ret) { | ||||
krb5_set_error_message(context, ret, "ASN.1 encoding of " | krb5_set_error_message(context, ret, "ASN.1 encoding of " | ||||
"DHPublicKey failed (%d)", ret); | "DHPublicKey failed (%d)", ret); | ||||
▲ Show 20 Lines • Show All 923 Lines • Show Last 20 Lines |