summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/asn.1
Commit message (Collapse)AuthorAgeFilesLines
* Re-run make depend without autoconf.h in the source treeGreg Hudson2009-09-161-84/+79
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj.: Move prf and random-to-key ops from backend to krbZhanna Tsitkov2009-09-161-79/+84
| | | | | | bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
* Implement s4u extensionsGreg Hudson2009-09-134-0/+91
| | | | | | | | | Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
* Close a memory leak in asn1_decode_etype_info2_entry_1_3Greg Hudson2009-04-231-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22275 dc483132-0cff-0310-8789-dd5450dbe970
* CVE-2009-0846 asn1_decode_generaltime can free uninitialized pointerTom Yu2009-04-071-0/+1
| | | | | | | | | | | The asn1_decode_generaltime() function can free an uninitialized pointer if asn1buf_remove_charstring() fails. ticket: 6445 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22176 dc483132-0cff-0310-8789-dd5450dbe970
* CVE-2009-0847 asn1buf_imbed incorrect length validationTom Yu2009-04-071-2/+4
| | | | | | | | | | | | | | | | | | asn1buf_imbed() can perform pointer arithmetic that causes the "bound" pointer of the subbuffer to be less than the "next" pointer. This can lead to malloc() failure or crash. In asn1buf_imbed(), check the length before doing arithmetic to set subbuf->bound. In asn1buf_remove_octetstring() and asn1buf_remove_charstring(), check for invalid buffer pointers before executing an unsigned length check against a (casted to size_t) negative number. ticket: 6444 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22175 dc483132-0cff-0310-8789-dd5450dbe970
* Merge fast branch at 22166 onto trunkSam Hartman2009-04-032-6/+6
| | | | | | ticket: 6436 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22167 dc483132-0cff-0310-8789-dd5450dbe970
* Make FAST changes build when pkinit is disabledTom Yu2009-03-314-19/+23
| | | | | | ticket: 6436 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22153 dc483132-0cff-0310-8789-dd5450dbe970
* Implement FAST from draft-ietf-krb-wg-preauth-frameworkSam Hartman2009-03-314-2/+242
| | | | | | | | | | | | Merge fast branch at 22146 onto trunk Implement the kerberos pre-authentication framework FAST feature per Projects/FAST on the wiki. ticket: 6436 Target_Version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
* Fix error handling issue in ASN.1 decoderGreg Hudson2009-03-171-1/+2
| | | | | | | | | | | In asn1_k_decode.c, check the return value of end_sequence_of_no_tagvars_helper. ticket: 6427 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22107 dc483132-0cff-0310-8789-dd5450dbe970
* Correct numerous memory leaks on error conditions in the ASN.1Greg Hudson2009-02-133-299/+1030
| | | | | | decoder functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22004 dc483132-0cff-0310-8789-dd5450dbe970
* Remove useless unsigned >=0 testsKen Raeburn2009-02-121-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21983 dc483132-0cff-0310-8789-dd5450dbe970
* Modify asn12krb5_buf and asn1_do_full_encode to make output parameterGreg Hudson2009-02-122-18/+27
| | | | | | | values well-defined on error. Clean up memory handling and an unused variable in asn1_do_full_encode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21981 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust the structure of krb5_decode.c functions to initialize outputGreg Hudson2009-02-101-375/+432
| | | | | | | | parameters to NULL and not set them to the real values until a successful return is guaranteed. Also fix get_eoc which was returning without clean_return. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21940 dc483132-0cff-0310-8789-dd5450dbe970
* Make asn1buf_destroy return void, since it's a free function. InGreg Hudson2009-02-093-23/+23
| | | | | | | krb5_encode.c functions, make *code well-defined in case of error, and clean up some memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21928 dc483132-0cff-0310-8789-dd5450dbe970
* In asn1_k_encode.c, stop inconsistently destroying buf on some errors.Greg Hudson2009-02-091-23/+7
| | | | | | It belongs to the caller. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21927 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-021-1/+0
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* In asn1_decode_pa_for_user(), ensure that user member is allocatedLuke Howard2009-01-261-0/+1
| | | | | | before assigning a value to it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21805 dc483132-0cff-0310-8789-dd5450dbe970
* fix trailing whitespaceTom Yu2009-01-222-5/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21779 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceTom Yu2009-01-228-27/+27
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21778 dc483132-0cff-0310-8789-dd5450dbe970
* If USE_VALGRIND, check readability of byte string before copyingKen Raeburn2009-01-221-0/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21774 dc483132-0cff-0310-8789-dd5450dbe970
* move generated dependencies out of Makefile.inKen Raeburn2009-01-052-127/+125
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Move automatically-generated dependencies into separate files in the source tree, and take the data out of Makefile.in. Keep the "make depend" rules for stripping out the dependencies from Makefile.in, in case some optional directories were missed, but everything that builds on my UNIX build has been converted. (Converting a directory just requires creating an empty "deps" file so that config.status can build the makefile, and then later running "make depend" in that directory to get the correct content for it.) Change configure scripts to incorporate the "deps" file when building each Makefile. This change requires the existence of a file "deps" in each source directory where we build a makefile, even if there are no sources for which to compute dependencies; a switch to GNU make would let us conditionalize that, but we can assess that later. Update dependencies for the generate Makefile itself to list the deps file. This will also require some minor tweaking of the Windows build, to make it incorporate the new deps file. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-039-14/+197
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some lingering Saber C cruftGreg Hudson2008-12-051-4/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21293 dc483132-0cff-0310-8789-dd5450dbe970
* Lite Client - the following calls are server-side functions:Zhanna Tsitkov2008-11-171-0/+2
| | | | | | | | | | decode_krb5_authenticator, krb5_auth_con_getauthenticator, krb5_copy_authenticator, krb5_ser_authenticator_init Take them out for the Lite CLient. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21129 dc483132-0cff-0310-8789-dd5450dbe970
* Don't build dependencies for v4rcp.c.Ken Raeburn2008-11-041-75/+82
| | | | | | Rebuild dependencies for k5-buf.h, and without krb4 support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20964 dc483132-0cff-0310-8789-dd5450dbe970
* Fix conditionals from last changeKen Raeburn2008-11-032-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20960 dc483132-0cff-0310-8789-dd5450dbe970
* If we're not making asn1buf_insert_octet an inline function, then makeKen Raeburn2008-11-034-29/+20
| | | | | | | | | | | | asn1buf_size, asn1buf_ensure_space, and asn1buf_expand static in asn1buf.c, for better optimization. Recode asn1buf_ensure_space to directly return the result of asn1buf_expand. Don't check for NULL before malloc/realloc in asn1buf_expand. Fix a couple minor signedness warnings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20957 dc483132-0cff-0310-8789-dd5450dbe970
* partial rewrite of the ASN.1 encodersKen Raeburn2008-10-2511-2191/+2317
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of a pile of macros generating code, that have to be threaded together in just the right way to get a valid ASN.1 encoding, we now have a pile of macros for defining data structures describing the objects and the ASN.1 types they should be encoded as, which structures are interpreted by recursive invocations of an encoder engine; there should be somewhat less rope for accidentally creating invalid encodings. The new macros are commented in asn1_k_encode.c. Putting most of the work into the encoder engine also reduces the code size (in one configuration, including LDAP-KDB and PKINIT encoders, code size went from 37K to <16K, though 10K of tables were added, and the PKINIT encoders are still open-coded). Some encoder interfaces have been revised to be more regular -- all now take one pointer to const argument (no two-input encoders, no pointer-to-non-const-pointer-to-const). A few encoders were eliminated or disabled because they were neither used nor exported from the library. The LDAP-KDB encoder has been converted, but the PKINIT encoders have not as there are no regression tests for them currently. There is still plenty of room for improvement; some notes on specific ideas have been added. String encoding primitives have been combined to reduce code size. A primitive for encoding bit strings has been added. Some miscellaneous warnings in the decoders have been cleaned up. A new dejagnu test case is added that ensures that KRB-SAFE messages get exercised. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20923 dc483132-0cff-0310-8789-dd5450dbe970
* Use strdup in place of malloc/strcpy in many placesGreg Hudson2008-10-201-8/+4
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20898 dc483132-0cff-0310-8789-dd5450dbe970
* Change LDAP key-sequence encoder to use a single data structureKen Raeburn2008-10-061-7/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20829 dc483132-0cff-0310-8789-dd5450dbe970
* makedependKen Raeburn2008-09-181-70/+75
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
* Untabify; trim trailing whitespace; add emacs local variables to avoid tabsKen Raeburn2008-09-0921-2285/+2306
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20711 dc483132-0cff-0310-8789-dd5450dbe970
* Use braces to repair broken emacs indentation, caused by omission of aKen Raeburn2008-09-051-4/+6
| | | | | | semicolon, caused by use of macros that expand to compound statements. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20708 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace changes, mostly horizontal, for consistency with currentKen Raeburn2008-09-0512-3223/+3224
| | | | | | | | | style: indentation levels, spacing around if/else/for/while and braces. Still plenty of inconsistency with current coding standards, especially for when line breaks are to be used. Didn't touch multi-line macro definitions, or .h function declarations. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20707 dc483132-0cff-0310-8789-dd5450dbe970
* Based on patch from lxs, with some changes:Ken Raeburn2008-08-275-31/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add several new gcc warning flags, used in the KfM build process. Put declarations before code. Fix a bunch of signed/unsigned type mixes, mostly by changing variable types to unsigned int. Fix constness in handling name of default ccache name. Make sure functions get declared with prototypes: krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get. Don't shadow global names: stat accept index open encrypt. Fix variable shadowing in LDAP ASN.1 support. Don't define unused krb5int_local_addresses. Don't export internal krb5_change_set_password. Fix error return indications from gssint_oid_to_mech. Create and use k5-gmt_mktime.h to provide one global declaration of krb5int_gmt_mktime, needed before we've generated krb5.h on some platforms. Not incorporated from initial patch: const changes in function signatures. ticket: 6096 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
* Fix broken build -- conditionalize some stuff on DISABLE_PKINIT that IKen Raeburn2008-08-192-1/+5
| | | | | | | | missed last time. ticket: 6076 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20675 dc483132-0cff-0310-8789-dd5450dbe970
* If the LDAP KDB back end is being built, define ENABLE_LDAP. IfKen Raeburn2008-08-141-0/+3
| | | | | | | | ENABLE_LDAP is not defined, don't build the LDAP KDB ASN.1 encoding and decoding functions, and use null pointers for them in the accessor function table. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20659 dc483132-0cff-0310-8789-dd5450dbe970
* Don't build PKINIT ASN.1 support code if not building PKINIT pluginKen Raeburn2008-08-132-1/+5
| | | | | | | | | | | | | | | | | | | If --disable-pkinit is given at configure time, don't build the PKINIT plugin. If the PKINIT plugin is not going to be built, define DISABLE_PKINIT. If DISABLE_PKINIT is defined, don't build the PKINIT-related ASN.1 encoding and decoding routines, and fill their slots in the accessor function table with null pointers. Tweak the accessor table initialization to use conditionally-varying macros rather than conditionally selecting between two blocks of invocations of fixed macros. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20652 dc483132-0cff-0310-8789-dd5450dbe970
* sequence_of_no_tagvars declared variables used only inKen Raeburn2008-08-071-20/+16
| | | | | | | | end_sequence_of_no_tagvars and only as unnecessary temporaries, so get rid of them; also, push most of the work of the latter macro into a helper function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20632 dc483132-0cff-0310-8789-dd5450dbe970
* get_eoc() is always followed by next_tag(), so don't bother settingKen Raeburn2008-08-072-26/+16
| | | | | | | the variables that it's about to clobber. Since we don't need any of the tag info at the call site, push it down into the helper function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20631 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out EOC error checks into separate functionsKen Raeburn2008-08-072-12/+34
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20629 dc483132-0cff-0310-8789-dd5450dbe970
* Use bitfields for class and construction typeKen Raeburn2008-08-071-0/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20628 dc483132-0cff-0310-8789-dd5450dbe970
* Rewrite tagnum-checking code to streamline normal path and push refinedKen Raeburn2008-08-075-33/+40
| | | | | | | | | | | error code selection into error path. Don't expand asn1buf_insert_octet inline or define asn1buf_ensure_space macro if CONFIG_SMALL. Remove some null-before-free checks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20626 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out generic array expansion code from array_append macro into aKen Raeburn2008-04-031-7/+22
| | | | | | | separate function. Add some range checks, and don't bother separating malloc vs realloc depending on previous pointer value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20302 dc483132-0cff-0310-8789-dd5450dbe970
* In the pkinit decoders, set up things properly so that asn1buf_sync()Tom Yu2007-09-131-3/+22
| | | | | | | | | behaves correctly and isn't acting on uninitialized variables. ticket: 5704 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19935 dc483132-0cff-0310-8789-dd5450dbe970
* Change use of choice_pa_pk_as_rep_UNKNOWN toEzra Peisach2007-08-261-1/+1
| | | | | | | | | choice_pa_pk_as_rep_draft9_UNKNOWN to cleanup warning... Value of enum same in both cases... ticket: 5617 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19880 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-08-161-65/+71
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
* Add PKINIT supportKevin Coffman2007-08-016-1/+1270
| | | | | | | | | | | | | | | | Pull up PKINIT support onto the trunk. Changes from the version in branch users/coffman/pkinit are: - Update the preauth plugin interface version to avoid conflict with any existing plugins. - Add a pkcs11.h locally to the pkinit code rather than depending on opensc being installed. ticket: new Target_Version: 1.6.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19745 dc483132-0cff-0310-8789-dd5450dbe970
* If no salt is included with the key data, set the salt length field to 0.Ken Raeburn2007-07-271-1/+2
| | | | | | | | Bug report and patch from Nalin Dahyabhai. ticket: 5545 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19733 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-09-23 12:15:10 +0000