[29749] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.14]: Set alg param correctly for PKCS1
daemon@ATHENA.MIT.EDU (Tom Yu)
Mon Oct 24 15:58:01 2016
Date: Mon, 24 Oct 2016 15:57:54 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201610241957.u9OJvsOA015356@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/a644a1f0ea587d8af25ab72966d24e9ddd55ce05
commit a644a1f0ea587d8af25ab72966d24e9ddd55ce05
Author: Tom Yu <tlyu@mit.edu>
Date: Tue Oct 4 18:14:51 2016 -0400
Set alg param correctly for PKCS1
When using a smart card and constructing a DigestInfo to pass to the
CKM_RSA_PKCS mechanism, make sure to set the AlgorithmIdentifier
parameters correctly. This is typically an ASN.1 NULL value.
Reported to Ubuntu in Launchpad #1629370.
(cherry picked from commit fded9063c23daa3dbd9ffaf32f8145844293f472)
ticket: 8506
version_fixed: 1.14.5
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index d5e2769..10e412f 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -1239,8 +1239,7 @@ cms_signeddata_create(krb5_context context,
alg = X509_ALGOR_new();
if (alg == NULL)
goto cleanup2;
- alg->algorithm = OBJ_nid2obj(NID_sha1);
- alg->parameter = NULL;
+ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_sha1), V_ASN1_NULL, NULL);
alg_len = i2d_X509_ALGOR(alg, NULL);
alg_buf = malloc(alg_len);
if (alg_buf == NULL)
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5