projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f0af05c) | patch
Minimize draft9 PKINIT code by removing dead code
authorGreg Hudson <ghudson@mit.edu>
Sat, 11 Feb 2012 23:25:12 +0000 (23:25 +0000)
committerGreg Hudson <ghudson@mit.edu>
Sat, 11 Feb 2012 23:25:12 +0000 (23:25 +0000)
commitbeb36f85c88fab20e95c4a0d8f109c3d0ab942f5
tree87bf5d167d9ab3fb9fcabaf4bdf5e0a0c71d4adctree | snapshot
parentf0af05cf4d4fbfea0b418e94ab5f60031db57a66commit | diff
Minimize draft9 PKINIT code by removing dead code

The PKINIT client code doesn't use decode_krb5_pa_pk_as_rep_draft9,
which is fortunate because it doesn't work (see issue #7072).
Instead, it passes both kinds of PKINIT replies through
decode_krb5_pa_pk_as_rep, then decodes the un-enveloped CMS data in
alternative 1 (encKeyPack) as either an RFC or draft9 ReplyKeyPack.
So, remove the unused broken pa_pk_as_rep_draft9 decoder.

For pa_pk_as_req_draft9, we only use two of the fields on encode and
only one of those on decode.  So, get rid of the unused fields and
the krb5_trusted_ca structure, and reduce the encoder and decoder
sequences to the minimum necessary fields.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25689 dc483132-0cff-0310-8789-dd5450dbe970
22 files changed:
src/include/k5-int-pkinit.h diff | blob | history
src/include/k5-int.h diff | blob | history
src/lib/krb5/asn.1/asn1_k_decode.c diff | blob | history
src/lib/krb5/asn.1/asn1_k_decode.h diff | blob | history
src/lib/krb5/asn.1/asn1_k_decode_kdc.c diff | blob | history
src/lib/krb5/asn.1/asn1_k_encode.c diff | blob | history
src/lib/krb5/asn.1/krb5_decode.c diff | blob | history
src/lib/krb5/os/accessor.c diff | blob | history
src/plugins/preauth/pkinit/pkinit.h diff | blob | history
src/plugins/preauth/pkinit/pkinit_accessor.c diff | blob | history
src/plugins/preauth/pkinit/pkinit_accessor.h diff | blob | history
src/plugins/preauth/pkinit/pkinit_clnt.c diff | blob | history
src/plugins/preauth/pkinit/pkinit_crypto.h diff | blob | history
src/plugins/preauth/pkinit/pkinit_crypto_nss.c diff | blob | history
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c diff | blob | history
src/plugins/preauth/pkinit/pkinit_lib.c diff | blob | history
src/tests/asn.1/krb5_decode_test.c diff | blob | history
src/tests/asn.1/ktest.c diff | blob | history
src/tests/asn.1/ktest_equal.c diff | blob | history
src/tests/asn.1/ktest_equal.h diff | blob | history
src/tests/asn.1/pkinit_encode.out diff | blob | history
src/tests/asn.1/pkinit_trval.out diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.