From 27a69f059a3c57ac7c0c415cfb59656ff3803365 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 19 Sep 2011 00:35:10 +0000 Subject: [PATCH] * Extend auth_pack * extend dh_rep * add krb5_free_octet_data * extend pkinit free functions pkinit: add supportedKDFs and kdfID to structures git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25194 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/k5-int-pkinit.h | 6 ++++-- src/include/krb5/krb5.hin | 17 ++++++++++++++++- src/lib/krb5/krb/kfree.c | 10 ++++++++++ src/lib/krb5/libkrb5.exports | 1 + src/plugins/preauth/pkinit/pkinit_lib.c | 9 +++++++++ 5 files changed, 40 insertions(+), 3 deletions(-) diff --git a/src/include/k5-int-pkinit.h b/src/include/k5-int-pkinit.h index 47e16e1c3..4f22cddb6 100644 --- a/src/include/k5-int-pkinit.h +++ b/src/include/k5-int-pkinit.h @@ -65,12 +65,13 @@ typedef struct _krb5_subject_pk_info { krb5_octet_data subjectPublicKey; /* BIT STRING */ } krb5_subject_pk_info; -/* AuthPack */ +/** AuthPack from RFC 4556*/ typedef struct _krb5_auth_pack { krb5_pk_authenticator pkAuthenticator; krb5_subject_pk_info *clientPublicValue; /* Optional */ krb5_algorithm_identifier **supportedCMSTypes; /* Optional */ krb5_octet_data clientDHNonce; /* Optional */ +krb5_octet_data **supportedKDFs; /*< object identifiers of KDFs; OPTIONAL*/ } krb5_auth_pack; /* AuthPack draft9 */ @@ -116,10 +117,11 @@ typedef struct _krb5_pa_pk_as_req { krb5_octet_data kdcPkId; /* Optional */ } krb5_pa_pk_as_req; -/* DHRepInfo */ +/** Pkinit DHRepInfo */ typedef struct _krb5_dh_rep_info { krb5_octet_data dhSignedData; krb5_octet_data serverDHNonce; /* Optional */ + krb5_octet_data *kdfID; /**< OID of selected KDF OPTIONAL*/ } krb5_dh_rep_info; /* KDCDHKeyInfo */ diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 049bf91f1..5b6f0b9c1 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -4647,7 +4647,22 @@ void KRB5_CALLCONV krb5_free_data(krb5_context context, krb5_data *val); /** - * Free the contents of a krb_data structure. + * @brief Free storage associated with a @c krb5_octet_data structure and its pointer. + * + * @param context Context structure [input, output] + * @param val Pointer to data structure to be freed [input, output] + * + * @return + * None + */ +void KRB5_CALLCONV +krb5_free_octet_data(krb5_context context, krb5_octet_data *val); + +/** + * @brief Free the contents of a @c _krb5_data structure and zero the data field. + * + * @param context Context structure [input, output] + * @param val Pointer to data structure to be freed [input, output] * * @param [in] context Library context * @param [in] val Data structure to free contents of diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index 72b685759..071a97728 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -236,6 +236,16 @@ krb5_free_data(krb5_context context, krb5_data *val) free(val); } + +void KRB5_CALLCONV +krb5_free_octet_data(krb5_context context, krb5_octet_data *val) +{ + if (val == NULL) + return; + free(val->data); + free(val); +} + void KRB5_CALLCONV krb5_free_data_contents(krb5_context context, krb5_data *val) { diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 2637712b9..87f462a7c 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -302,6 +302,7 @@ krb5_free_keytab_entry_contents krb5_free_krbhst krb5_free_ktypes krb5_free_last_req +krb5_free_octet_data krb5_free_pa_data krb5_free_pa_enc_ts krb5_free_pa_for_user diff --git a/src/plugins/preauth/pkinit/pkinit_lib.c b/src/plugins/preauth/pkinit/pkinit_lib.c index fd4c0b528..8eb64019c 100644 --- a/src/plugins/preauth/pkinit/pkinit_lib.c +++ b/src/plugins/preauth/pkinit/pkinit_lib.c @@ -163,6 +163,14 @@ free_krb5_auth_pack(krb5_auth_pack **in) free((*in)->pkAuthenticator.paChecksum.contents); if ((*in)->supportedCMSTypes != NULL) free_krb5_algorithm_identifiers(&((*in)->supportedCMSTypes)); + if (*(*in)->supportedKDFs) { + krb5_octet_data **supportedKDFs = + (*in)->supportedKDFs; + unsigned i; + for (i = 0; supportedKDFs[i]; i++) + krb5_free_octet_data(NULL, supportedKDFs[i]); + free(supportedKDFs); + } free(*in); } @@ -181,6 +189,7 @@ free_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in) if (*in == NULL) return; switch ((*in)->choice) { case choice_pa_pk_as_rep_dhInfo: + krb5_free_octet_data(NULL, (*in)->u.dh_Info.kdfID); free((*in)->u.dh_Info.dhSignedData.data); break; case choice_pa_pk_as_rep_encKeyPack: -- 2.26.2