]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c1e0348) | patch
Add PKINIT paChecksum2 from MS-PKCA v20230920 1411/head
authorJulien Rische <jrische@redhat.com>
Tue, 14 Jan 2025 12:31:11 +0000 (13:31 +0100)
committerGreg Hudson <ghudson@mit.edu>
Thu, 13 Mar 2025 22:43:40 +0000 (18:43 -0400)
commit310793ba63782af5ffa3a95d20e41f8f03ca7e00
tree56ea1b39c4b23fa901006e180e84faccbab7775dtree
parentc1e0348c95f00c352faeb849b6e7fabb57b8b159commit | diff
Add PKINIT paChecksum2 from MS-PKCA v20230920

In 2023, Microsoft updated MS-PKCA to add the optional paChecksum2
element in the PKAuthenticator sequence.  This checksum accepts SHA-1,
SHA-256, SHA-384, and SHA-512 digests.

In Windows Server 2025, this checksum becomes mandatory when using
PKINIT with FFDH (but strangely not with ECDH if SHA-1 is configured as
allowed).

[ghudson@mit.edu: refactored crypto interfaces to reduce complexity of
calling code]

ticket: 9166 (new)
16 files changed:
src/include/k5-int-pkinit.h diff | blob | blame | history
src/lib/krb5/asn.1/asn1_k_encode.c diff | blob | blame | history
src/plugins/preauth/pkinit/pkinit.h diff | blob | blame | history
src/plugins/preauth/pkinit/pkinit_clnt.c diff | blob | blame | history
src/plugins/preauth/pkinit/pkinit_constants.c diff | blob | blame | history
src/plugins/preauth/pkinit/pkinit_crypto.h diff | blob | blame | history
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c diff | blob | blame | history
src/plugins/preauth/pkinit/pkinit_kdf_test.c diff | blob | blame | history
src/plugins/preauth/pkinit/pkinit_lib.c diff | blob | blame | history
src/plugins/preauth/pkinit/pkinit_srv.c diff | blob | blame | history
src/plugins/preauth/pkinit/pkinit_trace.h diff | blob | blame | history
src/tests/asn.1/krb5_decode_test.c diff | blob | blame | history
src/tests/asn.1/ktest.c diff | blob | blame | history
src/tests/asn.1/ktest_equal.c diff | blob | blame | history
src/tests/asn.1/pkinit_encode.out diff | blob | blame | history
src/tests/asn.1/pkinit_trval.out diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git