diff options
author | Tom Yu <tlyu@mit.edu> | 2013-03-28 19:09:04 -0400 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2013-04-12 16:09:11 -0400 |
commit | ed77a25c53ed6afd41372838f205a98a561a89fb (patch) | |
tree | b6102a2e19f79a2f6d8b9463a00cfa7fbae6558f | |
parent | 6e2a5464d5900eebfa84aaf8255645edeada3311 (diff) | |
download | krb5-ed77a25c53ed6afd41372838f205a98a561a89fb.tar.gz krb5-ed77a25c53ed6afd41372838f205a98a561a89fb.tar.xz krb5-ed77a25c53ed6afd41372838f205a98a561a89fb.zip |
Ignore missing Q in dh_params
Some implementations don't send the required Q value in dh_params, so
allow it to be absent.
ticket: 7596
target_version: 1.11.3
tags: pullup
-rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 7186ce857f..c39a9a7d22 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -2997,9 +2997,9 @@ pkinit_decode_dh_params(DH ** a, unsigned char **pp, unsigned int len) } } - M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); - if (aip == NULL) - return NULL; + M_ASN1_D2I_get_opt(aip, d2i_ASN1_INTEGER, V_ASN1_INTEGER); + if (aip == NULL || ai.data == NULL) + (*a)->q = NULL; else { (*a)->q = ASN1_INTEGER_to_BN(aip, NULL); if ((*a)->q == NULL) @@ -3322,7 +3322,7 @@ pkinit_check_dh_params(BIGNUM * p1, BIGNUM * p2, BIGNUM * g1, BIGNUM * q1) if (!BN_cmp(g1, g2)) { q2 = BN_new(); BN_rshift1(q2, p1); - if (!BN_cmp(q1, q2)) { + if (q1 == NULL || !BN_cmp(q1, q2)) { pkiDebug("good %d dhparams\n", BN_num_bits(p1)); retval = 0; } else |