From 2637c91329faa84bd91a343f07bfbe2810a39833 Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Sat, 25 Oct 2008 07:03:11 +0000
Subject: partial rewrite of the ASN.1 encoders

Instead of a pile of macros generating code, that have to be threaded
together in just the right way to get a valid ASN.1 encoding, we now
have a pile of macros for defining data structures describing the
objects and the ASN.1 types they should be encoded as, which
structures are interpreted by recursive invocations of an encoder
engine; there should be somewhat less rope for accidentally creating
invalid encodings.  The new macros are commented in asn1_k_encode.c.

Putting most of the work into the encoder engine also reduces the code
size (in one configuration, including LDAP-KDB and PKINIT encoders,
code size went from 37K to <16K, though 10K of tables were added, and
the PKINIT encoders are still open-coded).

Some encoder interfaces have been revised to be more regular -- all
now take one pointer to const argument (no two-input encoders, no
pointer-to-non-const-pointer-to-const).  A few encoders were
eliminated or disabled because they were neither used nor exported
from the library.

The LDAP-KDB encoder has been converted, but the PKINIT encoders have
not as there are no regression tests for them currently.

There is still plenty of room for improvement; some notes on specific
ideas have been added.

String encoding primitives have been combined to reduce code size.  A
primitive for encoding bit strings has been added.

Some miscellaneous warnings in the decoders have been cleaned up.

A new dejagnu test case is added that ensures that KRB-SAFE messages
get exercised.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20923 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/k5-int.h | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

(limited to 'src/include')

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index bd038db50..a42fb7493 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1376,8 +1376,12 @@ krb5_error_code encode_krb5_kdc_req_body
 krb5_error_code encode_krb5_safe
 	(const krb5_safe *rep, krb5_data **code);
 
+struct krb5_safe_with_body {
+    krb5_safe *safe;
+    krb5_data *body;
+};
 krb5_error_code encode_krb5_safe_with_body
-	(const krb5_safe *rep, const krb5_data *body, krb5_data **code);
+	(const struct krb5_safe_with_body *rep, krb5_data **code);
 
 krb5_error_code encode_krb5_priv
 	(const krb5_priv *rep, krb5_data **code);
@@ -1395,7 +1399,7 @@ krb5_error_code encode_krb5_error
 	(const krb5_error *rep, krb5_data **code);
 
 krb5_error_code encode_krb5_authdata
-	(const krb5_authdata **rep, krb5_data **code);
+	(krb5_authdata *const *rep, krb5_data **code);
 
 krb5_error_code encode_krb5_authdata_elt
 	(const krb5_authdata *rep, krb5_data **code);
@@ -1407,15 +1411,15 @@ krb5_error_code encode_krb5_pwd_data
 	(const krb5_pwd_data *rep, krb5_data **code);
 
 krb5_error_code encode_krb5_padata_sequence
-	(const krb5_pa_data ** rep, krb5_data **code);
+	(krb5_pa_data *const *rep, krb5_data **code);
 
 krb5_error_code encode_krb5_alt_method
 	(const krb5_alt_method *, krb5_data **code);
 
 krb5_error_code encode_krb5_etype_info
-	(const krb5_etype_info_entry **, krb5_data **code);
+	(krb5_etype_info_entry *const *, krb5_data **code);
 krb5_error_code encode_krb5_etype_info2
-	(const krb5_etype_info_entry **, krb5_data **code);
+	(krb5_etype_info_entry *const *, krb5_data **code);
 
 krb5_error_code encode_krb5_enc_data
     	(const krb5_enc_data *, krb5_data **);
@@ -1435,11 +1439,13 @@ krb5_error_code encode_krb5_enc_sam_response_enc
 krb5_error_code encode_krb5_sam_response
 	(const krb5_sam_response * , krb5_data **);
 
+#if 0 /* currently not compiled because we never use them */
 krb5_error_code encode_krb5_sam_challenge_2
 	(const krb5_sam_challenge_2 * , krb5_data **);
 
 krb5_error_code encode_krb5_sam_challenge_2_body
 	(const krb5_sam_challenge_2_body * , krb5_data **);
+#endif
 
 krb5_error_code encode_krb5_enc_sam_response_enc_2
 	(const krb5_enc_sam_response_enc_2 * , krb5_data **);
@@ -1450,8 +1456,12 @@ krb5_error_code encode_krb5_sam_response_2
 krb5_error_code encode_krb5_predicted_sam_response
 	(const krb5_predicted_sam_response * , krb5_data **);
 
+struct krb5_setpw_req {
+    krb5_principal target;
+    krb5_data password;
+};
 krb5_error_code encode_krb5_setpw_req
-(const krb5_principal target, char *password, krb5_data **code);
+(const struct krb5_setpw_req *rep, krb5_data **code);
 
 /*************************************************************************
  * End of prototypes for krb5_encode.c
@@ -1604,7 +1614,7 @@ struct ldap_seqof_key_data {
 typedef struct ldap_seqof_key_data ldap_seqof_key_data;
 
 krb5_error_code
-krb5int_ldap_encode_sequence_of_keys (ldap_seqof_key_data *val,
+krb5int_ldap_encode_sequence_of_keys (const ldap_seqof_key_data *val,
 				      krb5_data **code);
 
 krb5_error_code
-- 
cgit