[16842] in Kerberos-V5-bugs

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[krbdev.mit.edu #9066] git commit

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu Jul 7 17:49:44 2022

From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: 
Message-ID: <rt-4.4.3-2-3416257-1657230576-460.9066-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9066":;
Date: Thu, 07 Jul 2022 17:49:36 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu


Thu Jul 07 17:49:36 2022: Request 9066 was acted upon.
 Transaction: Ticket created by ghudson@mit.edu
       Queue: krb5
     Subject: git commit
       Owner: ghudson@mit.edu
  Requestors: 
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9066 >



Set reasonable supportedCMSTypes in PKINIT

The PKINIT client uses AuthPack.supportedCMSTypes to let the KDC know
the algorithms it supports for verification of the CMS data signature.
(The MIT krb5 KDC currently ignores this list, but other
implementations use it.)

Replace 3DES with sha512WithRSAEncryption and sha256WithRSAEncryption.

[ghudson@mit.edu: simplified code and used appropriate helpers; edited
commit message]

https://github.com/krb5/krb5/commit/1417c64807e8f618c0c8b230246668a50425ec0c
Author: Julien Rische <jrische@redhat.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 1417c64807e8f618c0c8b230246668a50425ec0c
Branch: master
 src/plugins/preauth/pkinit/pkinit_constants.c      | 33 ++++++++++++++-
 src/plugins/preauth/pkinit/pkinit_crypto.h         |  4 ++
 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 49 +++++++++++-----------
 3 files changed, 60 insertions(+), 26 deletions(-)

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

home	help	back	first	fref	pref	prev	next	nref	lref	last	post