| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Remove uitypes.h and just include stdint.h; all we need from it is
uint{8,16,32}_t.
|
| |
|
|
|
|
|
| |
If yasm and cpuid.h are present on a Linux i686 or x64 system, compile
the modified Intel AES-NI assembly sources. In the builtin AES enc
provider, check at runtime whether the CPU supports AES-NI
instructions and use the assembly functions if so.
|
| |
|
|
|
|
|
| |
In preparation for AES-NI support, adjust the block encryption helpers
in the AES enc provider so that the cache is only touched by helpers,
and reframe the CTS operations in terms of CBC operations. Change the
Camellia enc provider as well for consistency.
|
| |
|
|
|
|
|
|
| |
Expand the concept of an IOV block state into a cursor which remembers
the IOV set being iterated over, the block size, and both input and
output positions. Eliminate the no-copy inline block getter for now,
but provide helpers to grab contiguous chains of blocks from a cursor.
Also provide an inline helper to sum the total length of an iov chain.
|
| |
|
|
|
|
|
|
|
| |
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make
sure to use DEFINES for local defines (not DEFS). Remove some other
unnecessary makefile content.
|
| | |
|
| |
|
|
|
| |
Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.
|
| |
|
|
|
|
|
| |
Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header. For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.
|
| |
|
|
|
|
|
|
| |
Fix memory leak.
ticket: 7457
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
| |
The Camellia enctypes and cksumtypes have received IANA assignments.
Add #defines using those assignments to krb5.h, remove the CAMELLIA
conditional, and enable testing code as appropriate.
The Camellia draft has not received an RFC number yet, so there is no
Doxygen markup for the enctype and cksumtype #defines. That can be
added once the RFC number is known.
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25140 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
is no standards support for avoiding RC4 weak keys, so rejecting them
causes periodic failures. Heimdal and Microsoft do not check for weak
keys. Attacks based on these weak keys are probably thwarted by the
use of a confounder, and even if not, the reduction in work factor is
not terribly significant for 128-bit keys.
ticket: 6886
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24750 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24703 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24702 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
crypto_int.h. In that header, define and document responsibilities
for crypto modules, some of which are satisfied through a
module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove
many of the headers and sources providing functionality which isn't
needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and
SHA-1 hashing, as well as DES weak key testing). Change most
Makefile.ins to only include headers from lib/crypto/krb and
lib/crypto/$(CRYPTO_IMPL), instead of from many different directories.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
enc_provider, for consistency with string-to-key and the place of
implementation (other enc_provider functions are implemented in the
back end, but random-to-key handlers are in krb). Use a single
handler for non-DES/DES3 enctypes since it's always just directly
copying the bits. Collapse the three implementations (des, des3, and
direct) into random_to_key.c, as they're very short, and eliminate the
lib/crypto/krb/rand2key directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24669 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
verbiage in Makefile.in files. For correctness of output, every
Makefile.in mydir= definition is changed to use $(S) instead of /.
ticket: 6826
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Repair the Windows build. Tested with the prepare-on-Unix method.
Some specific changes include:
* Removed the IPC finalizer (no longer used after r20787) from
ccapi/lib/ccapi_ipc.c, as it was creating a difficult dependency
chain for the pingtest build in ccapi/test. Also updated pingtest
to use the k5_ipc_stream interfaces since cci_stream is gone.
* Reverted the apparently non-functional r20277.
* klist -V prints just "Kerberos for Windows", since it has no access
to PACKAGE_NAME and PACKAGE_VERSION from autoconf. This should be
addressed correctly.
* krb5, telnet, gssftp, and NIM are removed from the build.
* Some files had CRLFs; these were replaced with LFs and the
svn:eol-style property set on the files. Otherwise the CRLFs became
CRCRLFs after the zip transfer.
* Windows does not have opendir/readdir, so added Windows code to
prof_parse.c for includedir. Probable fodder for a libkrb5support
portability shim.
ticket: 6826
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24533 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not
compiled in by default since we don't have enctype assignments yet.
ticket: 6822
target_verion: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
assignments for Camellia-CCM enctypes or cksumtypes yet, they are
disabled in a default build. They can be made available by defining
(via CPPFLAGS) local-use enctype numbers for the enctypes and
cksumtypes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24295 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
one encryption operation to another. Use a new function in the
enc_provider structure for cleanup. Implement caching of aes_ctx
values.
Using Greg's performance tests from the derived-key caching work, on a
2.8GHz Xeon, I see 1 million AES-128 encryptions of 16 bytes improved
by 5-6%; encryptions of 1024 bytes and checksums are not significantly
affected.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23574 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
instead of decrypting it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23573 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dependencies on the internals of modules.
* Keyhash providers are gone.
* The cksumtypes table contains checksum and verify functions,
similar to the etypes encrypt and decrypt functions. New checksum
functions parallel the old keyhash providers, and there are also
functions for unkeyed and derived-key HMAC checksums.
* The flags field is now used to indicate whether a checksum is
unkeyed, but not whether it is a derived-key HMAC checksum.
* The descbc checksum is handled through a new enc_provider function
which calculates a CBC MAC.
The OpenSSL module does not implement the CBC MAC function (it didn't
implement descbc before). builtin/des could probably get rid of
f_cksum.c (the old DES CBC routine) with some alterations to
string2key.c.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23462 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
validate_and_schedule, and drop the _iov suffix from the one we do
use. (Cleanup from r23444.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23449 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
drop the _iov suffix from most encryption- and decryption-related
functions. The enc_provider encrypt and decrypt functions take IOVs,
as do the enctype entries in etypes.c, and there are no separate
encrypt_iov or decrypt_iov functions.
aead_provider is gone. Enctype functions now take pointers to the
enctype entry instead of pointers to the enc/hash/aead providers; this
allows dk_encrypt and dk_decrypt to be polymorphic in the length
function they use now that AES and DES3 can't differentiate by aead
provider.
aes_string_to_key needed to be moved into the krb/ fold for this since
it's an enctype function; it was duplicated between builtin/ and
openssl/ before. This leaves openssl/aes empty; the build system
currently demands that all modules have the same directory structure,
so the directory and Makefile will stick around for now.
Three separate copies of the derive_random logic are also now
consolidated into one.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23443 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23436 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
functions for loading and storing potentially-unaligned values.
Improves bulk AES encryption performance by 2% or so on 32-bit x86
with gcc 4.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23432 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
avoiding function calls and copies in the case where the next block
is wholly contained within the current buffer. To do this, introduce
two new inline functions in aead.h called iov_next_block and
iov_store_block.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23430 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
char blocks, casting input->data and output->data once each upon entry
to the non-IOV encrypt and decrypt functions, rather than casting our
working buffers each time we need to work with an outside function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23428 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
well as data and padding blocks when checking for correctly padded
input.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23387 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23374 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
directory contains the token encryption code (similar to dk, old, and
raw) which is Kerberos-specific. The actual stream cipher lives in
enc_provider/rc4.c, which is still in the module dirs.
arcfour/arcfour-int.h contained the definitions of some structures
used only in enc_provider/rc4.c. Move those definitions into that
source file so that everything in arcfour is at the right level of
abstraction to live in krb.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23367 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
configure script:
$(SRCTOP) --> $(top_srcdir)
$(srcdir)/$(thisconfigdir) --> $(top_srcdir)
$(thisconfigdir) --> $(BUILDTOP)
$(myfulldir) --> $(mydir)
ticket: 6583
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23030 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
the requirement for the dir structures to be identical in all crypto implementation and supports impl. dependent tests. Also, minor libk5crypto.exports list reduction ( from f_tables)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22995 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the
krb5_k_* APIs to use them, and caching of derived keys when krb5_k_*
functions are used. Updates the krb5 auth context and GSS id-rec to
use krb5_keys.
ticket: 6576
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22905 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
internals.
Make depend.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
make system to handle new crypto implementations
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22707 dc483132-0cff-0310-8789-dd5450dbe970
|
