From: Sam Hartman <hartmans@debian.org>
authorSam Hartman <hartmans@mit.edu>
Wed, 5 Oct 2011 21:30:31 +0000 (21:30 +0000)
committerSam Hartman <hartmans@mit.edu>
Wed, 5 Oct 2011 21:30:31 +0000 (21:30 +0000)
Pkinit: offer supported KDFs in client

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25308 dc483132-0cff-0310-8789-dd5450dbe970

src/plugins/preauth/pkinit/pkinit_clnt.c

index f8cfac5ad7251bb22221deb9bcdfa98df4861628..a6232e9979da399d592b852034ad84b0bdf76df6 100644 (file)
@@ -282,6 +282,7 @@ pkinit_as_req_create(krb5_context context,
         auth_pack->pkAuthenticator.paChecksum = *cksum;
         auth_pack->clientDHNonce.length = 0;
         auth_pack->clientPublicValue = info;
+        auth_pack->supportedKDFs = (krb5_octet_data **) supported_kdf_alg_ids;
 
         /* add List of CMS algorithms */
         retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx,
@@ -454,6 +455,7 @@ pkinit_as_req_create(krb5_context context,
 cleanup:
     switch((int)reqctx->pa_type) {
     case KRB5_PADATA_PK_AS_REQ:
+        auth_pack->supportedKDFs = NULL; /*alias to global constant*/
         free_krb5_auth_pack(&auth_pack);
         free_krb5_pa_pk_as_req(&req);
         break;