summaryrefslogtreecommitdiffstats
path: root/src/lib/crypto/krb
Commit message (Collapse)AuthorAgeFilesLines
* De-conditionalize Camellia codeGreg Hudson2012-10-099-48/+3
| | | | | | | | | | The Camellia enctypes and cksumtypes have received IANA assignments. Add #defines using those assignments to krb5.h, remove the CAMELLIA conditional, and enable testing code as appropriate. The Camellia draft has not received an RFC number yet, so there is no Doxygen markup for the enctype and cksumtype #defines. That can be added once the RFC number is known.
* Check alloc_data result in krb5int_old_encryptGreg Hudson2012-05-131-0/+2
|
* Stop using SALT_TYPE_AFS_LENGTHGreg Hudson2012-04-272-23/+3
| | | | | | | | | | | | In krb5_init_creds_ctx and krb5_clpreauth_rock_st, use a boolean to track whether we're still using the default salt instead of overloading salt.length. In preauth2.c, process afs3 salt values like we would in krb5int_des_string_to_key, and set an s2kparams indicator instead of overloading salt.length. Also use an s2kparams indicator in kdb_cpw.c's add_key_pwd. Remove the s2k code to handle overloaded salt lengths, except for a sanity check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25837 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid side effects in assert expressionsGreg Hudson2012-03-091-1/+2
| | | | | | | | | | | | asserts may be compiled out with -DNDEBUG, so it's wrong to use an assert expression with an important side effect. (We also have scores of side-effecting asserts in test programs, but those are less important and can be dealt with separately.) ticket: 7105 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25760 dc483132-0cff-0310-8789-dd5450dbe970
* Fix intermediate key length in hmac-md5 checksumGreg Hudson2011-10-281-1/+1
| | | | | | | | | | | | When using hmac-md5, the intermediate key length is the output of the hash function (128 bits), not the input key length. Relevant if the input key is not an RC4 key. ticket: 6994 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25418 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-173-3/+5
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* Fix windows fork detectionSam Hartman2011-10-141-6/+10
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25334 dc483132-0cff-0310-8789-dd5450dbe970
* Don't need to check for fork on windowsSam Hartman2011-10-051-3/+8
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25311 dc483132-0cff-0310-8789-dd5450dbe970
* Improve k5_get_os_entropy for WindowsGreg Hudson2011-10-041-1/+2
| | | | | | | | When acquiring a crypto context for CryptGenRandom, pass CRYPT_VERIFYCONTEXT to indicate that we don't need access to private keys. Appears to make OS entropy work on Windows XP. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25297 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a Fortuna PRNG failure caseGreg Hudson2011-10-031-1/+3
| | | | | | | | If we don't have entropy when krb5_c_random_make_octets is called, unlock the mutex before returning an error. From kevin.wasserman@painless-security.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25295 dc483132-0cff-0310-8789-dd5450dbe970
* In pkinit_crypto_openssl.c, modified pkinit_octetstring2key() toSam Hartman2011-09-191-0/+1
| | | | | | | | | | | | eliminate a possible memory leak in the error path, where the key_block->length was set to zero but the key_block->contents were not freed. Also, changed calloc() call to a malloc() call to avoid allocating up to 8 times as much buffer space as needed. In keyblocks.c, modified kr5_free_keyblock_contents() to set the key->length to zero after the key->contents have been freed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25189 dc483132-0cff-0310-8789-dd5450dbe970
* Untabify some files mistakenly created with tabsGreg Hudson2011-09-045-128/+128
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25140 dc483132-0cff-0310-8789-dd5450dbe970
* make-dependKen Raeburn2011-08-201-13/+110
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25108 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2011-08-092-1/+2
| | | | | | Also remove the erroneously added gssapi_err_krb5 error table sources. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25091 dc483132-0cff-0310-8789-dd5450dbe970
* Compile fix for WIN32 implementation of k5_get_os_entropy: declare ↵Sam Hartman2011-08-091-1/+1
| | | | | | | | | HCRYPTPROV provider Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25084 dc483132-0cff-0310-8789-dd5450dbe970
* Updated OBJS and SRCS in lib/crypto/krb/Makefile.inSam Hartman2011-08-091-2/+17
| | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25083 dc483132-0cff-0310-8789-dd5450dbe970
* Legacy checksum APIs usually failGreg Hudson2011-07-261-9/+35
| | | | | | | | | | | | | krb5_calculate_checksum() and krb5_verify_checksum(), both deprecated, construct invalid keyblocks and pass them to the real functions, which used to work but now doesn't. Try harder to construct valid keyblocks or pass NULL if there's no key. ticket: 6939 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25059 dc483132-0cff-0310-8789-dd5450dbe970
* Rename "ivec" to "cipher_state" in encrypt/decryptGreg Hudson2011-07-222-8/+8
| | | | | | | | This makes the implementations match up with the prototypes, and is more correct for enctypes like RC4 where the cipher state is not an ivec. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25038 dc483132-0cff-0310-8789-dd5450dbe970
* C90 doesn't allow commas at the ends of enumeration listsKen Raeburn2011-07-011-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25012 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-101-1/+1
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation for krb5_c_ and sensauth API.Zhanna Tsitkov2011-05-191-9/+0
| | | | | | Also, removed the second declaration of krb5_c_string_to_key_with_params() from string_to_key.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24935 dc483132-0cff-0310-8789-dd5450dbe970
* In t_fortuna.c, use a static buffer in head_tail_test, and use %f forGreg Hudson2011-04-031-2/+3
| | | | | | a double argument, not %lf. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24830 dc483132-0cff-0310-8789-dd5450dbe970
* Don't allocate over 2MB on the stack; sparc-netbsd3.0 default stackKen Raeburn2011-04-031-1/+1
| | | | | | limit is 2MB. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24829 dc483132-0cff-0310-8789-dd5450dbe970
* Resolve a few miscellaneous warningsGreg Hudson2011-03-141-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24703 dc483132-0cff-0310-8789-dd5450dbe970
* Move the des and AFS string-to-key implementations into lib/crypto/krb,Greg Hudson2011-03-113-23/+664
| | | | | | | | since they aren't standard crypto primitives. Revise the module SPI accordingly. Add tests for AFS string-to-key to t_str2key.c to replace the ones in the (now defunct) t_afss2k.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24699 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-0931-108/+64
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* On make clean remove test programs and object files. In lib/krb5/krbEzra Peisach2011-03-061-0/+1
| | | | | | make depend as a test program was missed from the source list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24687 dc483132-0cff-0310-8789-dd5450dbe970
* Make enc provider free_state function return voidGreg Hudson2011-03-052-7/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24682 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the init_state and free_state enctype functions and go back toGreg Hudson2011-03-053-49/+2
| | | | | | | always delegating state to the enc provider. (We needed enctype- specific state initialization for CCM enctypes when we had them.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24681 dc483132-0cff-0310-8789-dd5450dbe970
* Move t_cf2 from lib/crypto/builtin to lib/crypto/crypto_tests, as itGreg Hudson2011-03-051-0/+104
| | | | | | is not specific to the builtin module. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24680 dc483132-0cff-0310-8789-dd5450dbe970
* Flatten lib/crypto/krb, as its seven subdirectories only contained aGreg Hudson2011-03-0540-1010/+115
| | | | | | few source file each (often only 1-2). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24679 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate almost all lib/crypto/krb headers into a singleGreg Hudson2011-03-0288-1494/+1261
| | | | | | | | | | | | | crypto_int.h. In that header, define and document responsibilities for crypto modules, some of which are satisfied through a module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove many of the headers and sources providing functionality which isn't needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and SHA-1 hashing, as well as DES weak key testing). Change most Makefile.ins to only include headers from lib/crypto/krb and lib/crypto/$(CRYPTO_IMPL), instead of from many different directories. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify lib/crypto/krb/arcfour in the wake of r23444. Move theGreg Hudson2011-02-2811-393/+305
| | | | | | | contents of arcfour_aead.c into arcfour.c, turn the key derivation helper functions into static functions, and eliminate arcfour-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24673 dc483132-0cff-0310-8789-dd5450dbe970
* Use the hash provider interface in krb5int_arcfour_string_to_key soGreg Hudson2011-02-282-34/+13
| | | | | | | that we don't need a direct interface to MD4 in the crypto modules. Also clean up the code a bit. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24672 dc483132-0cff-0310-8789-dd5450dbe970
* Reference random-to-key handlers through the enctype instead of theGreg Hudson2011-02-2721-428/+129
| | | | | | | | | | | | enc_provider, for consistency with string-to-key and the place of implementation (other enc_provider functions are implemented in the back end, but random-to-key handlers are in krb). Use a single handler for non-DES/DES3 enctypes since it's always just directly copying the bits. Collapse the three implementations (des, des3, and direct) into random_to_key.c, as they're very short, and eliminate the lib/crypto/krb/rand2key directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24669 dc483132-0cff-0310-8789-dd5450dbe970
* Namespace-protect SHA-256 symbols. Build SHA-256 code independently ofGreg Hudson2011-02-251-7/+7
| | | | | | whether Fortuna was selected. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24666 dc483132-0cff-0310-8789-dd5450dbe970
* Add Fortuna test program to file list for dependency generationGreg Hudson2011-02-252-9/+23
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24665 dc483132-0cff-0310-8789-dd5450dbe970
* Add a non-default PRNG module which just retrieves entropy fromGreg Hudson2011-02-251-0/+94
| | | | | | /dev/urandom without any cryptographic post-processing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24664 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unnecessary includes from prng_fortuna.cGreg Hudson2011-02-251-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24663 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-259-236/+240
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* Now that all PRNG modules fit nicely into a single source file,Greg Hudson2011-02-2515-344/+75
| | | | | | | | | simplify the PRNG abstraction, flattening the implementations into crypto/krb and removing the indirection through function pointers. Move the guts of the NSS PRNG implementation into the nss subdir so that crypto/krb doesn't need to be built with CRYPTO_IMPL_CFLAGS. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24661 dc483132-0cff-0310-8789-dd5450dbe970
* Remove Yarrow PRNG implementationGreg Hudson2011-02-2520-2361/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24660 dc483132-0cff-0310-8789-dd5450dbe970
* A couple more Windows build system adjustments for Fortuna as defaultGreg Hudson2011-02-251-0/+6
| | | | | | PRNG. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24659 dc483132-0cff-0310-8789-dd5450dbe970
* Unbreak the OpenSSL and NSS crypto builds in the wake of r24652Greg Hudson2011-02-241-3/+1
| | | | | | (Fortuna as default PRNG), and remove some unnecessary related files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24656 dc483132-0cff-0310-8789-dd5450dbe970
* Fix dangling Makefile reference after r24652Greg Hudson2011-02-241-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24655 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-241-9/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24654 dc483132-0cff-0310-8789-dd5450dbe970
* Fortuna as default PRNGGreg Hudson2011-02-2411-839/+492
| | | | | | | | | | | | | | Rewrite prng_fortuna.c to much more closely match the description of Fortuna in chapter 9 of Cryptography Engineering. Add a facility to get OS entropy and implement it for Unix and Windows (not yet tested on Windows) to replace prng/fortuna/entropy.c. Rewrite the test harness to always ensure stable output and perform a statistical test on the predictable internal state resulting from the stable-output tests. ticket: 6874 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24652 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a conceptual bug in r24639: the intermediate key container lengthGreg Hudson2011-02-181-1/+1
| | | | | | | | | | should be the hash's output size, not its block size. (The bug did not show up in testing because it is harmless in practice; MD5 has a larger block size than output size.) ticket: 6869 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24641 dc483132-0cff-0310-8789-dd5450dbe970
* hmac-md5 checksum doesn't work with DES keysGreg Hudson2011-02-161-1/+1
| | | | | | | | | | | | | | krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC. The container for this key should be allocated using the HMAC output size (which is the hash blocksize), not the original key size. This bug was causing the function to fail with DES keys, which can be used with hmac-md5 in PAC signatures. ticket: 6869 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24639 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate some unused variable warningsGreg Hudson2010-12-201-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24583 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 20:32:55 +0000