| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24682 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
always delegating state to the enc provider. (We needed enctype-
specific state initialization for CCM enctypes when we had them.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24681 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
is not specific to the builtin module.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24680 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
few source file each (often only 1-2).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24679 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
crypto_int.h. In that header, define and document responsibilities
for crypto modules, some of which are satisfied through a
module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove
many of the headers and sources providing functionality which isn't
needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and
SHA-1 hashing, as well as DES weak key testing). Change most
Makefile.ins to only include headers from lib/crypto/krb and
lib/crypto/$(CRYPTO_IMPL), instead of from many different directories.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
contents of arcfour_aead.c into arcfour.c, turn the key derivation
helper functions into static functions, and eliminate arcfour-int.h.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24673 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
that we don't need a direct interface to MD4 in the crypto modules.
Also clean up the code a bit.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24672 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
enc_provider, for consistency with string-to-key and the place of
implementation (other enc_provider functions are implemented in the
back end, but random-to-key handlers are in krb). Use a single
handler for non-DES/DES3 enctypes since it's always just directly
copying the bits. Collapse the three implementations (des, des3, and
direct) into random_to_key.c, as they're very short, and eliminate the
lib/crypto/krb/rand2key directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24669 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
whether Fortuna was selected.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24666 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24665 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
/dev/urandom without any cryptographic post-processing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24664 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24663 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
simplify the PRNG abstraction, flattening the implementations into
crypto/krb and removing the indirection through function pointers.
Move the guts of the NSS PRNG implementation into the nss subdir so
that crypto/krb doesn't need to be built with CRYPTO_IMPL_CFLAGS.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24661 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24660 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
PRNG.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24659 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
(Fortuna as default PRNG), and remove some unnecessary related files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24656 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24655 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24654 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rewrite prng_fortuna.c to much more closely match the description of
Fortuna in chapter 9 of Cryptography Engineering. Add a facility to
get OS entropy and implement it for Unix and Windows (not yet tested
on Windows) to replace prng/fortuna/entropy.c. Rewrite the test
harness to always ensure stable output and perform a statistical test
on the predictable internal state resulting from the stable-output
tests.
ticket: 6874
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24652 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
should be the hash's output size, not its block size. (The bug did
not show up in testing because it is harmless in practice; MD5 has a
larger block size than output size.)
ticket: 6869
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24641 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC.
The container for this key should be allocated using the HMAC output
size (which is the hash blocksize), not the original key size. This
bug was causing the function to fail with DES keys, which can be used
with hmac-md5 in PAC signatures.
ticket: 6869
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24639 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24583 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24561 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix multiple checksum handling bugs, as described in:
CVE-2010-1324
CVE-2010-1323
CVE-2010-4020
CVE-2010-4021
* Return the correct (keyed) checksums as the mandatory checksum type
for DES enctypes.
* Restrict simplified-profile checksums to their corresponding etypes.
* Add internal checks to reduce the risk of stream ciphers being used
with simplified-profile key derivation or other algorithms relying
on the block encryption primitive.
* Use the mandatory checksum type for the PKINIT KDC signature,
instead of the first-listed keyed checksum.
* Use the mandatory checksum type when sending KRB-SAFE messages by
default, instead of the first-listed keyed checksum.
* Use the mandatory checksum type for the t_kperf test program.
* Use the mandatory checksum type (without additional logic) for the
FAST request checksum.
* Preserve the existing checksum choices (unkeyed checksums for DES
enctypes) for the authenticator checksum, using explicit logic.
* Ensure that SAM checksums received from the KDC are keyed.
* Ensure that PAC checksums are keyed.
ticket: 6827
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24538 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
verbiage in Makefile.in files. For correctness of output, every
Makefile.in mydir= definition is changed to use $(S) instead of /.
ticket: 6826
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Repair the Windows build. Tested with the prepare-on-Unix method.
Some specific changes include:
* Removed the IPC finalizer (no longer used after r20787) from
ccapi/lib/ccapi_ipc.c, as it was creating a difficult dependency
chain for the pingtest build in ccapi/test. Also updated pingtest
to use the k5_ipc_stream interfaces since cci_stream is gone.
* Reverted the apparently non-functional r20277.
* klist -V prints just "Kerberos for Windows", since it has no access
to PACKAGE_NAME and PACKAGE_VERSION from autoconf. This should be
addressed correctly.
* krb5, telnet, gssftp, and NIM are removed from the build.
* Some files had CRLFs; these were replaced with LFs and the
svn:eol-style property set on the files. Otherwise the CRLFs became
CRCRLFs after the zip transfer.
* Windows does not have opendir/readdir, so added Windows code to
prof_parse.c for includedir. Probable fodder for a libkrb5support
portability shim.
ticket: 6826
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24533 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not
compiled in by default since we don't have enctype assignments yet.
ticket: 6822
target_verion: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
make time.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24469 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24433 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24428 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
no longer necessary change to lib/crypto/krb/Makefile.in.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24427 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24421 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
in lieu of yarrow.
Yarrow stays the default prng while fortuna may be engaged during configuration by using "--with-prng-alg=fortuna" flag.
Also, nss crypto backend continues to use its own prng.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24420 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24416 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
this indicates that the mandatory checksum type for the key is to be used.
This interface is necessary because there is no public interface through
which the mandatory checksum type for an encryption type can be determined.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24304 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
passed in as the checksum type; however krb5_k_make_checksum_iov
does not support this. Add the same logic for the behaviour is
consistent.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24303 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
assignments for Camellia-CCM enctypes or cksumtypes yet, they are
disabled in a default build. They can be made available by defining
(via CPPFLAGS) local-use enctype numbers for the enctypes and
cksumtypes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24295 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Under low memory conditions (or when testing memory allocation failures),
the key pointer will be 0 - and not initialized. Test and return failure
before deref a NULL.
ticket: 6772
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24292 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In PAC signatures, the hmac-md5 checksum type can be used with AES
keys. Make this work by removing the enc field from the hmac-md5 and
md5-hmac checksum types, and adding a check in
krb5int_hmacmd5_checksum() for a null key or a key which is longer
than the hash block size (64 bytes for MD5). The checksum algorithm
only uses the key bits; it does invoke the cipher.
The checksum type names are kind of wrong, but we'll leave them alone
for compatibility. The descriptions are updated.
ticket: 6751
target_version: 1.8.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24191 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
conflict.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24126 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Add an API to return the input name, or optionally the shortest alias,
of an enctype. Similar to krb5_enctype_to_string() which returns a
description.
ticket: 6736
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24117 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
where appropriate so that magic fields get initialized.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23942 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Failure to set the enctype before invoking krb5_k_create_key results in
potential memory leak.
ticket: 6628
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23612 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The yarrow code uses a keyblock that is partially initialized. This results
in krb5_k_free_key trying to look up the enctype to call the free handler.
One of the valgrind reports: (there are several paths)
==26701== Conditional jump or move depends on uninitialised value(s)
==26701== at 0x40E9AF0: find_enctype (etypes.h:81)
==26701== by 0x40E9C9E: krb5_k_free_key (key.c:91)
==26701== by 0x40D641A: krb5int_yarrow_cipher_init (ycipher.c:49)
==26701== by 0x40D593A: yarrow_gate_locked (yarrow.c:578)
==26701== by 0x40D5349: krb5int_yarrow_output_Block (yarrow.c:423)
==26701== by 0x40D581B: yarrow_output_locked (yarrow.c:553)
==26701== by 0x40D5667: krb5int_yarrow_output (yarrow.c:513)
==26701== by 0x40EBD2D: krb5_c_random_make_octets (prng.c:112)
==26701== by 0x40D4119: krb5int_old_encrypt (old_aead.c:97)
==26701== by 0x40E9696: krb5_k_encrypt_iov (encrypt_iov.c:42)
==26701== by 0x8049554: main (t_encrypt.c:206)
==26701==
ticket: 6625
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23609 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5int_derive_key creates a temporary keyblock to add to the derived cache.
krb5_k_free_key will iterate over the derived keys and for ones with cache will
lookup the enctype for the key_cleanup handler.
Unfortunatly, there isn't a keyblock init function that does not allocate the
keyblock - as I suspect this problem will appear in other places.
The valgrind log of this problem is:
==7281== Conditional jump or move depends on uninitialised value(s)
==7281== at 0x40E9AE8: find_enctype (etypes.h:81)
==7281== by 0x40E9C96: krb5_k_free_key (key.c:91)
==7281== by 0x40E9C52: krb5_k_free_key (key.c:86)
==7281== by 0x40EBB00: krb5_c_prf (prf.c:87)
==7281== by 0x40E7B1B: prf_plus (cf2.c:77)
==7281== by 0x40E7CE6: krb5_c_fx_cf2_simple (cf2.c:125)
==7281== by 0x804899C: main (t_cf2.c:70)
==7281==
with memory leaks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23608 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23575 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
one encryption operation to another. Use a new function in the
enc_provider structure for cleanup. Implement caching of aes_ctx
values.
Using Greg's performance tests from the derived-key caching work, on a
2.8GHz Xeon, I see 1 million AES-128 encryptions of 16 bytes improved
by 5-6%; encryptions of 1024 bytes and checksums are not significantly
affected.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23574 dc483132-0cff-0310-8789-dd5450dbe970
|