diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2008-10-25 07:03:11 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2008-10-25 07:03:11 +0000 |
| commit | 2637c91329faa84bd91a343f07bfbe2810a39833 (patch) | |
| tree | 825cbc69bfa090eae2849162b1728ec200f8b5c7 /src/include | |
| parent | 887c33561e4731da0238c14420a277f0609680c9 (diff) | |
| download | krb5-2637c91329faa84bd91a343f07bfbe2810a39833.tar.gz krb5-2637c91329faa84bd91a343f07bfbe2810a39833.tar.xz krb5-2637c91329faa84bd91a343f07bfbe2810a39833.zip | |
partial rewrite of the ASN.1 encoders
Instead of a pile of macros generating code, that have to be threaded
together in just the right way to get a valid ASN.1 encoding, we now
have a pile of macros for defining data structures describing the
objects and the ASN.1 types they should be encoded as, which
structures are interpreted by recursive invocations of an encoder
engine; there should be somewhat less rope for accidentally creating
invalid encodings. The new macros are commented in asn1_k_encode.c.
Putting most of the work into the encoder engine also reduces the code
size (in one configuration, including LDAP-KDB and PKINIT encoders,
code size went from 37K to <16K, though 10K of tables were added, and
the PKINIT encoders are still open-coded).
Some encoder interfaces have been revised to be more regular -- all
now take one pointer to const argument (no two-input encoders, no
pointer-to-non-const-pointer-to-const). A few encoders were
eliminated or disabled because they were neither used nor exported
from the library.
The LDAP-KDB encoder has been converted, but the PKINIT encoders have
not as there are no regression tests for them currently.
There is still plenty of room for improvement; some notes on specific
ideas have been added.
String encoding primitives have been combined to reduce code size. A
primitive for encoding bit strings has been added.
Some miscellaneous warnings in the decoders have been cleaned up.
A new dejagnu test case is added that ensures that KRB-SAFE messages
get exercised.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20923 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/k5-int.h | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index bd038db50..a42fb7493 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1376,8 +1376,12 @@ krb5_error_code encode_krb5_kdc_req_body krb5_error_code encode_krb5_safe (const krb5_safe *rep, krb5_data **code); +struct krb5_safe_with_body { + krb5_safe *safe; + krb5_data *body; +}; krb5_error_code encode_krb5_safe_with_body - (const krb5_safe *rep, const krb5_data *body, krb5_data **code); + (const struct krb5_safe_with_body *rep, krb5_data **code); krb5_error_code encode_krb5_priv (const krb5_priv *rep, krb5_data **code); @@ -1395,7 +1399,7 @@ krb5_error_code encode_krb5_error (const krb5_error *rep, krb5_data **code); krb5_error_code encode_krb5_authdata - (const krb5_authdata **rep, krb5_data **code); + (krb5_authdata *const *rep, krb5_data **code); krb5_error_code encode_krb5_authdata_elt (const krb5_authdata *rep, krb5_data **code); @@ -1407,15 +1411,15 @@ krb5_error_code encode_krb5_pwd_data (const krb5_pwd_data *rep, krb5_data **code); krb5_error_code encode_krb5_padata_sequence - (const krb5_pa_data ** rep, krb5_data **code); + (krb5_pa_data *const *rep, krb5_data **code); krb5_error_code encode_krb5_alt_method (const krb5_alt_method *, krb5_data **code); krb5_error_code encode_krb5_etype_info - (const krb5_etype_info_entry **, krb5_data **code); + (krb5_etype_info_entry *const *, krb5_data **code); krb5_error_code encode_krb5_etype_info2 - (const krb5_etype_info_entry **, krb5_data **code); + (krb5_etype_info_entry *const *, krb5_data **code); krb5_error_code encode_krb5_enc_data (const krb5_enc_data *, krb5_data **); @@ -1435,11 +1439,13 @@ krb5_error_code encode_krb5_enc_sam_response_enc krb5_error_code encode_krb5_sam_response (const krb5_sam_response * , krb5_data **); +#if 0 /* currently not compiled because we never use them */ krb5_error_code encode_krb5_sam_challenge_2 (const krb5_sam_challenge_2 * , krb5_data **); krb5_error_code encode_krb5_sam_challenge_2_body (const krb5_sam_challenge_2_body * , krb5_data **); +#endif krb5_error_code encode_krb5_enc_sam_response_enc_2 (const krb5_enc_sam_response_enc_2 * , krb5_data **); @@ -1450,8 +1456,12 @@ krb5_error_code encode_krb5_sam_response_2 krb5_error_code encode_krb5_predicted_sam_response (const krb5_predicted_sam_response * , krb5_data **); +struct krb5_setpw_req { + krb5_principal target; + krb5_data password; +}; krb5_error_code encode_krb5_setpw_req -(const krb5_principal target, char *password, krb5_data **code); +(const struct krb5_setpw_req *rep, krb5_data **code); /************************************************************************* * End of prototypes for krb5_encode.c @@ -1604,7 +1614,7 @@ struct ldap_seqof_key_data { typedef struct ldap_seqof_key_data ldap_seqof_key_data; krb5_error_code -krb5int_ldap_encode_sequence_of_keys (ldap_seqof_key_data *val, +krb5int_ldap_encode_sequence_of_keys (const ldap_seqof_key_data *val, krb5_data **code); krb5_error_code |