[39562] in Kerberos
Re: Failing ASN.1 tests with PKINIT on HP-UX
daemon@ATHENA.MIT.EDU (Osipov, Michael \(IN IT IN\) via K)
Sun Sep 28 08:17:13 2025
Message-ID: <45e4e37f-7447-4912-9b13-58fc6bced665@innomotics.com>
Date: Sun, 28 Sep 2025 14:16:49 +0200
Content-Language: en-US
To: Greg Hudson <ghudson@mit.edu>, Kerberos@mit.edu
In-Reply-To: <7bb38cb7-0d12-4612-aff5-e455484bb9ef@mit.edu>
MIME-Version: 1.0
From: "Osipov, Michael \(IN IT IN\) via Kerberos" <kerberos@mit.edu>
Reply-To: "Osipov, Michael \(IN IT IN\)" <michael.osipov@innomotics.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 2025-09-28 07:21, Greg Hudson wrote:
> On 9/27/25 06:17, Osipov, Michael (IN IT IN) via Kerberos wrote:
>>> (gdb) where
>>> #0 0x60000000c8a788d0:0 in get_tag () at asn1_encode.c:370
>>> #1 0x60000000c8a79f70:0 in split_der () at asn1_encode.c:605
> [...]
>>> 777 encode_run(req, "pa_pk_as_req", "",
>>> acc.encode_krb5_pa_pk_as_req);
>
> I'd be interested in the stack trace going back to near this call site--
> specifically, which encode_krb5_*() function is called.
>
> The reason I ask is that encode_krb5_pa_pk_as_req() should not reach
> split_der(). So I wonder if a different function is being executed
> somehow, like encode_krb5_auth_pack().
>
> If I'm right, then we'll have the mystery of why
> acc_encode_krb5_pa_pk_as_req contains the wrong function pointer. The
> structure is populated by krb5int_accessor().
>
I can both functions through the preprocessor. May this helps:
> krb5_error_code
> krb5int_accessor(krb5int_access *internals, krb5_int32 version)
> {
> if (version == (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) | (23 << 16))) & 0xFFFFFFFF)) {
> static const krb5int_access internals_temp = {
> . auth_con_get_subkey_enctype = krb5_auth_con_get_subkey_enctype,
> . ser_pack_int64 = krb5_ser_pack_int64,
> . ser_unpack_int64 = krb5_ser_unpack_int64,
> . asn1_ldap_encode_sequence_of_keys = 0,
> . asn1_ldap_decode_sequence_of_keys = 0,
> . encode_krb5_pa_pk_as_req = encode_krb5_pa_pk_as_req,
> . encode_krb5_pa_pk_as_rep = encode_krb5_pa_pk_as_rep,
> . encode_krb5_auth_pack = encode_krb5_auth_pack,
> . encode_krb5_kdc_dh_key_info = encode_krb5_kdc_dh_key_info,
> . encode_krb5_reply_key_pack = encode_krb5_reply_key_pack,
> . encode_krb5_td_trusted_certifiers = encode_krb5_td_trusted_certifiers,
> . encode_krb5_td_dh_parameters = encode_krb5_td_dh_parameters,
> . decode_krb5_pa_pk_as_req = decode_krb5_pa_pk_as_req,
> . decode_krb5_pa_pk_as_rep = decode_krb5_pa_pk_as_rep,
> . decode_krb5_auth_pack = decode_krb5_auth_pack,
> . decode_krb5_kdc_dh_key_info = decode_krb5_kdc_dh_key_info,
> . decode_krb5_principal_name = decode_krb5_principal_name,
> . decode_krb5_reply_key_pack = decode_krb5_reply_key_pack,
> . decode_krb5_td_trusted_certifiers = decode_krb5_td_trusted_certifiers,
> . decode_krb5_td_dh_parameters = decode_krb5_td_dh_parameters,
> . encode_krb5_kdc_req_body = encode_krb5_kdc_req_body,
> . free_kdc_req = krb5_free_kdc_req,
> . set_prompt_types = k5_set_prompt_types,
> };
> *internals = internals_temp;
> return 0;
> }
> return (-1765328146L);
> }
and
> {
> krb5_pa_pk_as_req req;
> ktest_make_sample_pa_pk_as_req(&req);
> retval = acc . encode_krb5_pa_pk_as_req(&(req),&(code)); if (retval) { com_err("krb5_encode_test", retval,"while encoding %s", "pa_pk_as_req"); exit(1); } encoder_print_results(code, "pa_pk_as_req", ""); ktest_empty_pa_pk_as_req(&req);
> }
Michael
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
