Skip Menu |
 

Subject: asn.1 encoding of kvno does not follow rfc4120
Download (untitled) / with headers
text/plain 1.4KiB
rfc4120 requires that kvno be an unsigned integer... We are encoding
as a signed int.

EncryptedData ::= SEQUENCE {
etype [0] Int32 -- EncryptionType --,
kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext
}

Heimdal in 0.7.1 is encoded as a signed integer as well.

A simple fix for this would be the following to lib/krb5/asn1

Index: asn1_k_decode.c
===================================================================
--- asn1_k_decode.c (revision 17399)
+++ asn1_k_decode.c (working copy)
@@ -311,7 +311,7 @@
}
integer_convert(asn1_decode_int,int)
integer_convert(asn1_decode_int32,krb5_int32)
-integer_convert(asn1_decode_kvno,krb5_kvno)
+unsigned_integer_convert(asn1_decode_kvno,krb5_kvno)
integer_convert(asn1_decode_enctype,krb5_enctype)
integer_convert(asn1_decode_cksumtype,krb5_cksumtype)
integer_convert(asn1_decode_octet,krb5_octet)
Index: asn1_k_encode.c
===================================================================
--- asn1_k_encode.c (revision 17399)
+++ asn1_k_encode.c (working copy)
@@ -214,9 +214,8 @@
return ASN1_MISSING_FIELD;


asn1_addlenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_encode_charstring);
- /* krb5_kvno should be int */
if(val->kvno)
- asn1_addfield((int) val->kvno,1,asn1_encode_integer);
+ asn1_addfield(val->kvno,1,asn1_encode_unsigned_integer);
asn1_addfield(val->enctype,0,asn1_encode_integer);

asn1_makeseq();
-------------------------