summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTom Yu <tlyu@mit.edu>2013-03-28 19:09:04 -0400
committerTom Yu <tlyu@mit.edu>2013-04-12 16:09:11 -0400
commited77a25c53ed6afd41372838f205a98a561a89fb (patch)
treeb6102a2e19f79a2f6d8b9463a00cfa7fbae6558f
parent6e2a5464d5900eebfa84aaf8255645edeada3311 (diff)
downloadkrb5-ed77a25c53ed6afd41372838f205a98a561a89fb.tar.gz
krb5-ed77a25c53ed6afd41372838f205a98a561a89fb.tar.xz
krb5-ed77a25c53ed6afd41372838f205a98a561a89fb.zip
Ignore missing Q in dh_params
Some implementations don't send the required Q value in dh_params, so allow it to be absent. ticket: 7596 target_version: 1.11.3 tags: pullup
Diffstat
-rw-r--r--src/plugins/preauth/pkinit/pkinit_crypto_openssl.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 7186ce857f..c39a9a7d22 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2997,9 +2997,9 @@ pkinit_decode_dh_params(DH ** a, unsigned char **pp, unsigned int len)
}
}
- M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER);
- if (aip == NULL)
- return NULL;
+ M_ASN1_D2I_get_opt(aip, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
+ if (aip == NULL || ai.data == NULL)
+ (*a)->q = NULL;
else {
(*a)->q = ASN1_INTEGER_to_BN(aip, NULL);
if ((*a)->q == NULL)
@@ -3322,7 +3322,7 @@ pkinit_check_dh_params(BIGNUM * p1, BIGNUM * p2, BIGNUM * g1, BIGNUM * q1)
if (!BN_cmp(g1, g2)) {
q2 = BN_new();
BN_rshift1(q2, p1);
- if (!BN_cmp(q1, q2)) {
+ if (q1 == NULL || !BN_cmp(q1, q2)) {
pkiDebug("good %d dhparams\n", BN_num_bits(p1));
retval = 0;
} else
generated by cgit (git 2.34.1) at 2024-05-01 09:22:35 +0000