diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-02-11 23:25:12 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-02-11 23:25:12 +0000 |
commit | beb36f85c88fab20e95c4a0d8f109c3d0ab942f5 (patch) | |
tree | 87bf5d167d9ab3fb9fcabaf4bdf5e0a0c71d4adc /src/tests | |
parent | f0af05cf4d4fbfea0b418e94ab5f60031db57a66 (diff) | |
download | krb5-beb36f85c88fab20e95c4a0d8f109c3d0ab942f5.tar.gz krb5-beb36f85c88fab20e95c4a0d8f109c3d0ab942f5.tar.xz krb5-beb36f85c88fab20e95c4a0d8f109c3d0ab942f5.zip |
Minimize draft9 PKINIT code by removing dead code
The PKINIT client code doesn't use decode_krb5_pa_pk_as_rep_draft9,
which is fortunate because it doesn't work (see issue #7072).
Instead, it passes both kinds of PKINIT replies through
decode_krb5_pa_pk_as_rep, then decodes the un-enveloped CMS data in
alternative 1 (encKeyPack) as either an RFC or draft9 ReplyKeyPack.
So, remove the unused broken pa_pk_as_rep_draft9 decoder.
For pa_pk_as_req_draft9, we only use two of the fields on encode and
only one of those on decode. So, get rid of the unused fields and
the krb5_trusted_ca structure, and reduce the encoder and decoder
sequences to the minimum necessary fields.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25689 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/asn.1/krb5_decode_test.c | 35 | ||||
-rw-r--r-- | src/tests/asn.1/ktest.c | 52 | ||||
-rw-r--r-- | src/tests/asn.1/ktest_equal.c | 40 | ||||
-rw-r--r-- | src/tests/asn.1/ktest_equal.h | 1 | ||||
-rw-r--r-- | src/tests/asn.1/pkinit_encode.out | 2 | ||||
-rw-r--r-- | src/tests/asn.1/pkinit_trval.out | 10 |
6 files changed, 1 insertions, 139 deletions
diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c index 811f230c6..eb0fc8dbb 100644 --- a/src/tests/asn.1/krb5_decode_test.c +++ b/src/tests/asn.1/krb5_decode_test.c @@ -49,8 +49,6 @@ static void ktest_free_pa_pk_as_req(krb5_context context, krb5_pa_pk_as_req *val); static void ktest_free_pa_pk_as_rep(krb5_context context, krb5_pa_pk_as_rep *val); -static void ktest_free_pa_pk_as_rep_draft9(krb5_context context, - krb5_pa_pk_as_rep_draft9 *val); static void ktest_free_reply_key_pack(krb5_context context, krb5_reply_key_pack *val); static void ktest_free_reply_key_pack_draft9(krb5_context context, @@ -1008,30 +1006,6 @@ int main(argc, argv) } /****************************************************************/ - /* decode_krb5_pa_pk_as_rep_draft9 */ - /* - * NOTE: These are NOT the encodings produced by - * encode_krb5_pa_pk_as_rep_draft9; they are hand-generated to match what - * the decoder expects. The decoder expects a sequence containing an - * explicitly tagged octet string, while the encoder produces an implicitly - * tagged octet string. See issue #7072. - */ - { - setup(krb5_pa_pk_as_rep_draft9,ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData); - decode_run("krb5_pa_pk_as_rep_draft9","(dhSignedData)","30 0C A0 0A 04 08 6B 72 62 35 64 61 74 61", - acc.decode_krb5_pa_pk_as_rep_draft9, - ktest_equal_pa_pk_as_rep_draft9,ktest_free_pa_pk_as_rep_draft9); - ktest_empty_pa_pk_as_rep_draft9(&ref); - } - { - setup(krb5_pa_pk_as_rep_draft9,ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack); - decode_run("krb5_pa_pk_as_rep_draft9","(encKeyPack)","30 0C A1 0A 04 08 6B 72 62 35 64 61 74 61", - acc.decode_krb5_pa_pk_as_rep_draft9, - ktest_equal_pa_pk_as_rep_draft9,ktest_free_pa_pk_as_rep_draft9); - ktest_empty_pa_pk_as_rep_draft9(&ref); - } - - /****************************************************************/ /* decode_krb5_auth_pack */ { setup(krb5_auth_pack,ktest_make_sample_auth_pack); @@ -1170,15 +1144,6 @@ ktest_free_pa_pk_as_rep(krb5_context context, krb5_pa_pk_as_rep *val) } static void -ktest_free_pa_pk_as_rep_draft9(krb5_context context, - krb5_pa_pk_as_rep_draft9 *val) -{ - if (val) - ktest_empty_pa_pk_as_rep_draft9(val); - free(val); -} - -static void ktest_free_reply_key_pack(krb5_context context, krb5_reply_key_pack *val) { if (val) diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c index 330756453..6963c018c 100644 --- a/src/tests/asn.1/ktest.c +++ b/src/tests/asn.1/ktest.c @@ -674,27 +674,6 @@ ktest_make_sample_external_principal_identifier( ktest_make_sample_data(&p->subjectKeyIdentifier); } -static void -ktest_make_sample_trusted_ca_principalName(krb5_trusted_ca *p) -{ - p->choice = choice_trusted_cas_principalName; - ktest_make_sample_principal(&p->u.principalName); -} - -static void -ktest_make_sample_trusted_ca_caName(krb5_trusted_ca *p) -{ - p->choice = choice_trusted_cas_caName; - ktest_make_sample_data(&p->u.caName); -} - -static void -ktest_make_sample_trusted_ca_issuerAndSerial(krb5_trusted_ca *p) -{ - p->choice = choice_trusted_cas_issuerAndSerial; - ktest_make_sample_data(&p->u.issuerAndSerial); -} - void ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p) { @@ -714,15 +693,7 @@ ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p) int i; ktest_make_sample_data(&p->signedAuthPack); - p->trustedCertifiers = ealloc(4 * sizeof(krb5_trusted_ca *)); - for (i = 0; i < 3; i++) - p->trustedCertifiers[i] = ealloc(sizeof(krb5_trusted_ca)); - ktest_make_sample_trusted_ca_principalName(p->trustedCertifiers[0]); - ktest_make_sample_trusted_ca_caName(p->trustedCertifiers[1]); - ktest_make_sample_trusted_ca_issuerAndSerial(p->trustedCertifiers[2]); - p->trustedCertifiers[3] = NULL; ktest_make_sample_data(&p->kdcCert); - ktest_make_sample_data(&p->encryptionCert); } static void @@ -1466,18 +1437,6 @@ ktest_empty_external_principal_identifier( ktest_empty_data(&p->subjectKeyIdentifier); } -static void -ktest_empty_trusted_ca(krb5_trusted_ca *p) -{ - if (p->choice == choice_trusted_cas_principalName) - ktest_destroy_principal(&p->u.principalName); - else if (p->choice == choice_trusted_cas_caName) - ktest_empty_data(&p->u.caName); - else if (p->choice == choice_trusted_cas_issuerAndSerial) - ktest_empty_data(&p->u.issuerAndSerial); - p->choice = choice_trusted_cas_UNKNOWN; -} - void ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p) { @@ -1496,19 +1455,8 @@ ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p) void ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p) { - krb5_trusted_ca **ca; - ktest_empty_data(&p->signedAuthPack); - if (p->trustedCertifiers != NULL) { - for (ca = p->trustedCertifiers; *ca != NULL; ca++) { - ktest_empty_trusted_ca(*ca); - free(*ca); - } - free(p->trustedCertifiers); - p->trustedCertifiers = NULL; - } ktest_empty_data(&p->kdcCert); - ktest_empty_data(&p->encryptionCert); } static void diff --git a/src/tests/asn.1/ktest_equal.c b/src/tests/asn.1/ktest_equal.c index ea218c930..0418e5daf 100644 --- a/src/tests/asn.1/ktest_equal.c +++ b/src/tests/asn.1/ktest_equal.c @@ -854,29 +854,6 @@ ktest_equal_sequence_of_external_principal_identifier( array_compare(ktest_equal_external_principal_identifier); } -static int -ktest_equal_trusted_ca(krb5_trusted_ca *ref, krb5_trusted_ca *var) -{ - int p = TRUE; - if (ref == var) return TRUE; - else if (ref == NULL || var == NULL) return FALSE; - if (ref->choice != var->choice) return FALSE; - if (ref->choice == choice_trusted_cas_principalName) - p = p && ptr_equal(u.principalName, ktest_equal_principal_data); - else if (ref->choice == choice_trusted_cas_caName) - p = p && equal_str(u.caName); - else if (ref->choice == choice_trusted_cas_issuerAndSerial) - p = p && equal_str(u.issuerAndSerial); - return p; -} - -static int -ktest_equal_sequence_of_trusted_ca(krb5_trusted_ca **ref, - krb5_trusted_ca **var) -{ - array_compare(ktest_equal_trusted_ca); -} - int ktest_equal_pa_pk_as_req(krb5_pa_pk_as_req *ref, krb5_pa_pk_as_req *var) { @@ -898,9 +875,7 @@ ktest_equal_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *ref, if (ref == var) return TRUE; else if (ref == NULL || var == NULL) return FALSE; p = p && equal_str(signedAuthPack); - p = p && ptr_equal(trustedCertifiers, ktest_equal_sequence_of_trusted_ca); p = p && equal_str(kdcCert); - p = p && equal_str(encryptionCert); return p; } @@ -930,21 +905,6 @@ ktest_equal_pa_pk_as_rep(krb5_pa_pk_as_rep *ref, krb5_pa_pk_as_rep *var) return p; } -int -ktest_equal_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *ref, - krb5_pa_pk_as_rep_draft9 *var) -{ - int p = TRUE; - if (ref == var) return TRUE; - else if (ref == NULL || var == NULL) return FALSE; - if (ref->choice != var->choice) return FALSE; - if (ref->choice == choice_pa_pk_as_rep_draft9_dhSignedData) - p = p && equal_str(u.dhSignedData); - else if (ref->choice == choice_pa_pk_as_rep_draft9_encKeyPack) - p = p && equal_str(u.encKeyPack); - return p; -} - static int ktest_equal_sequence_of_data(krb5_data **ref, krb5_data **var) { diff --git a/src/tests/asn.1/ktest_equal.h b/src/tests/asn.1/ktest_equal.h index 9e88a8ccd..ab31e2970 100644 --- a/src/tests/asn.1/ktest_equal.h +++ b/src/tests/asn.1/ktest_equal.h @@ -128,7 +128,6 @@ int ktest_equal_ldap_sequence_of_keys(ldap_seqof_key_data *ref, generic(ktest_equal_pa_pk_as_req, krb5_pa_pk_as_req); generic(ktest_equal_pa_pk_as_req_draft9, krb5_pa_pk_as_req_draft9); generic(ktest_equal_pa_pk_as_rep, krb5_pa_pk_as_rep); -generic(ktest_equal_pa_pk_as_rep_draft9, krb5_pa_pk_as_rep_draft9); generic(ktest_equal_auth_pack, krb5_auth_pack); generic(ktest_equal_auth_pack_draft9, krb5_auth_pack_draft9); generic(ktest_equal_kdc_dh_key_info, krb5_kdc_dh_key_info); diff --git a/src/tests/asn.1/pkinit_encode.out b/src/tests/asn.1/pkinit_encode.out index 77b37cd64..463128de0 100644 --- a/src/tests/asn.1/pkinit_encode.out +++ b/src/tests/asn.1/pkinit_encode.out @@ -1,5 +1,5 @@ encode_krb5_pa_pk_as_req: 30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 -encode_krb5_pa_pk_as_req_draft9: 30 52 80 08 6B 72 62 35 64 61 74 61 A1 32 30 30 80 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 83 08 6B 72 62 35 64 61 74 61 +encode_krb5_pa_pk_as_req_draft9: 30 14 80 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 encode_krb5_pa_pk_as_rep(dhInfo): A0 28 30 26 80 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61 encode_krb5_pa_pk_as_rep(encKeyPack): 81 08 6B 72 62 35 64 61 74 61 encode_krb5_pa_pk_as_rep_draft9(dhSignedData): 80 08 6B 72 62 35 64 61 74 61 diff --git a/src/tests/asn.1/pkinit_trval.out b/src/tests/asn.1/pkinit_trval.out index 7ee5b1de5..0393b7f8b 100644 --- a/src/tests/asn.1/pkinit_trval.out +++ b/src/tests/asn.1/pkinit_trval.out @@ -19,18 +19,8 @@ encode_krb5_pa_pk_as_req_draft9: [Sequence/Sequence Of] . [0] <8> 6b 72 62 35 64 61 74 61 krb5data -. [1] [Sequence/Sequence Of] -. . [0] <26> - 30 18 a0 03 02 01 01 a1 11 30 0f 1b 06 68 66 0........0...hf - 74 73 61 69 1b 05 65 78 74 72 61 tsai..extra -. . [1] <8> - 6b 72 62 35 64 61 74 61 krb5data -. . [2] <8> - 6b 72 62 35 64 61 74 61 krb5data . [2] <8> 6b 72 62 35 64 61 74 61 krb5data -. [3] <8> - 6b 72 62 35 64 61 74 61 krb5data encode_krb5_pa_pk_as_rep(dhInfo): |