Groups | Search | Server Info | Login | Register
Groups > comp.protocols.kerberos > #5440
| From | "Osipov, Michael (IN IT IN)" <michael.osipov@innomotics.com> |
|---|---|
| Newsgroups | comp.protocols.kerberos |
| Subject | Re: Failing ASN.1 tests with PKINIT on HP-UX |
| Date | 2025-09-27 17:16 +0200 |
| Organization | TNet Consulting |
| Message-ID | <mailman.16.1758986200.2340612.kerberos@mit.edu> (permalink) |
| References | <090f2934-d321-400a-b21f-729bda1083ea@innomotics.com> <202509271440.58REekdH020200@hedwig.cmf.nrl.navy.mil> <096708bd-e34c-487d-b0dd-cfca5de5846b@innomotics.com> |
On 2025-09-27 16:40, Ken Hornstein wrote:
>>> 771 #ifndef DISABLE_PKINIT
>>> 772 /****************************************************************/
>>> 773 /* encode_krb5_pa_pk_as_req */
>>> 774 {
>>> 775 krb5_pa_pk_as_req req;
>>> 776 ktest_make_sample_pa_pk_as_req(&req);
>>> 777 encode_run(req, "pa_pk_as_req", "", acc.encode_krb5_pa_pk_as_req);
>
> It would be interesting to drill down into the value of "req". I can see
> two possibilities:
>
> - There's a bug somewhere in the ktest_make_sample_pa_pk_as_req() code path
> that is making an invalid krb5_pa_pk_as_req structure.
> - There's a bug in the ASN.1 encoder somewhere.
>
> Either way, assuming you want PKINIT to work, I don't think it's
> something you should ignore. I'd start with looking at "req" and then
> figuring out what part of req it is trying to encode when you get this
> core dump. It looks like you omitted part of the stack trace?
>
I'll try to look into that if I can with my humble C knowledge. I had a
feeling that it could be an endianess issue since HP-UX on IA64 is big
endian. I have seen weird stuff like
https://github.com/cr-marcstevens/sha1collisiondetection/commit/855827c583bc30645ba427885caa40c5b81764d2.
Michael
Back to comp.protocols.kerberos | Previous | Next | Find similar
Re: Failing ASN.1 tests with PKINIT on HP-UX "Osipov, Michael (IN IT IN)" <michael.osipov@innomotics.com> - 2025-09-27 17:16 +0200
csiph-web