summaryrefslogtreecommitdiffstats
path: root/src/lib/crypto/krb
Commit message (Collapse)AuthorAgeFilesLines
...
* Make enc provider free_state function return voidGreg Hudson2011-03-052-7/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24682 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the init_state and free_state enctype functions and go back toGreg Hudson2011-03-053-49/+2
| | | | | | | always delegating state to the enc provider. (We needed enctype- specific state initialization for CCM enctypes when we had them.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24681 dc483132-0cff-0310-8789-dd5450dbe970
* Move t_cf2 from lib/crypto/builtin to lib/crypto/crypto_tests, as itGreg Hudson2011-03-051-0/+104
| | | | | | is not specific to the builtin module. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24680 dc483132-0cff-0310-8789-dd5450dbe970
* Flatten lib/crypto/krb, as its seven subdirectories only contained aGreg Hudson2011-03-0540-1010/+115
| | | | | | few source file each (often only 1-2). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24679 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate almost all lib/crypto/krb headers into a singleGreg Hudson2011-03-0288-1494/+1261
| | | | | | | | | | | | | crypto_int.h. In that header, define and document responsibilities for crypto modules, some of which are satisfied through a module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove many of the headers and sources providing functionality which isn't needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and SHA-1 hashing, as well as DES weak key testing). Change most Makefile.ins to only include headers from lib/crypto/krb and lib/crypto/$(CRYPTO_IMPL), instead of from many different directories. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify lib/crypto/krb/arcfour in the wake of r23444. Move theGreg Hudson2011-02-2811-393/+305
| | | | | | | contents of arcfour_aead.c into arcfour.c, turn the key derivation helper functions into static functions, and eliminate arcfour-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24673 dc483132-0cff-0310-8789-dd5450dbe970
* Use the hash provider interface in krb5int_arcfour_string_to_key soGreg Hudson2011-02-282-34/+13
| | | | | | | that we don't need a direct interface to MD4 in the crypto modules. Also clean up the code a bit. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24672 dc483132-0cff-0310-8789-dd5450dbe970
* Reference random-to-key handlers through the enctype instead of theGreg Hudson2011-02-2721-428/+129
| | | | | | | | | | | | enc_provider, for consistency with string-to-key and the place of implementation (other enc_provider functions are implemented in the back end, but random-to-key handlers are in krb). Use a single handler for non-DES/DES3 enctypes since it's always just directly copying the bits. Collapse the three implementations (des, des3, and direct) into random_to_key.c, as they're very short, and eliminate the lib/crypto/krb/rand2key directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24669 dc483132-0cff-0310-8789-dd5450dbe970
* Namespace-protect SHA-256 symbols. Build SHA-256 code independently ofGreg Hudson2011-02-251-7/+7
| | | | | | whether Fortuna was selected. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24666 dc483132-0cff-0310-8789-dd5450dbe970
* Add Fortuna test program to file list for dependency generationGreg Hudson2011-02-252-9/+23
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24665 dc483132-0cff-0310-8789-dd5450dbe970
* Add a non-default PRNG module which just retrieves entropy fromGreg Hudson2011-02-251-0/+94
| | | | | | /dev/urandom without any cryptographic post-processing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24664 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unnecessary includes from prng_fortuna.cGreg Hudson2011-02-251-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24663 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-259-236/+240
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* Now that all PRNG modules fit nicely into a single source file,Greg Hudson2011-02-2515-344/+75
| | | | | | | | | simplify the PRNG abstraction, flattening the implementations into crypto/krb and removing the indirection through function pointers. Move the guts of the NSS PRNG implementation into the nss subdir so that crypto/krb doesn't need to be built with CRYPTO_IMPL_CFLAGS. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24661 dc483132-0cff-0310-8789-dd5450dbe970
* Remove Yarrow PRNG implementationGreg Hudson2011-02-2520-2361/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24660 dc483132-0cff-0310-8789-dd5450dbe970
* A couple more Windows build system adjustments for Fortuna as defaultGreg Hudson2011-02-251-0/+6
| | | | | | PRNG. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24659 dc483132-0cff-0310-8789-dd5450dbe970
* Unbreak the OpenSSL and NSS crypto builds in the wake of r24652Greg Hudson2011-02-241-3/+1
| | | | | | (Fortuna as default PRNG), and remove some unnecessary related files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24656 dc483132-0cff-0310-8789-dd5450dbe970
* Fix dangling Makefile reference after r24652Greg Hudson2011-02-241-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24655 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-241-9/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24654 dc483132-0cff-0310-8789-dd5450dbe970
* Fortuna as default PRNGGreg Hudson2011-02-2411-839/+492
| | | | | | | | | | | | | | Rewrite prng_fortuna.c to much more closely match the description of Fortuna in chapter 9 of Cryptography Engineering. Add a facility to get OS entropy and implement it for Unix and Windows (not yet tested on Windows) to replace prng/fortuna/entropy.c. Rewrite the test harness to always ensure stable output and perform a statistical test on the predictable internal state resulting from the stable-output tests. ticket: 6874 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24652 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a conceptual bug in r24639: the intermediate key container lengthGreg Hudson2011-02-181-1/+1
| | | | | | | | | | should be the hash's output size, not its block size. (The bug did not show up in testing because it is harmless in practice; MD5 has a larger block size than output size.) ticket: 6869 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24641 dc483132-0cff-0310-8789-dd5450dbe970
* hmac-md5 checksum doesn't work with DES keysGreg Hudson2011-02-161-1/+1
| | | | | | | | | | | | | | krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC. The container for this key should be allocated using the HMAC output size (which is the hash blocksize), not the original key size. This bug was causing the function to fail with DES keys, which can be used with hmac-md5 in PAC signatures. ticket: 6869 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24639 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate some unused variable warningsGreg Hudson2010-12-201-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24583 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2010-12-053-42/+32
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24561 dc483132-0cff-0310-8789-dd5450dbe970
* SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)Greg Hudson2010-11-305-18/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix multiple checksum handling bugs, as described in: CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021 * Return the correct (keyed) checksums as the mandatory checksum type for DES enctypes. * Restrict simplified-profile checksums to their corresponding etypes. * Add internal checks to reduce the risk of stream ciphers being used with simplified-profile key derivation or other algorithms relying on the block encryption primitive. * Use the mandatory checksum type for the PKINIT KDC signature, instead of the first-listed keyed checksum. * Use the mandatory checksum type when sending KRB-SAFE messages by default, instead of the first-listed keyed checksum. * Use the mandatory checksum type for the t_kperf test program. * Use the mandatory checksum type (without additional logic) for the FAST request checksum. * Preserve the existing checksum choices (unkeyed checksums for DES enctypes) for the authenticator checksum, using explicit logic. * Ensure that SAM checksums received from the KDC are keyed. * Ensure that PAC checksums are keyed. ticket: 6827 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24538 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-2813-130/+14
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Fix Windows buildGreg Hudson2010-11-2513-93/+123
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Repair the Windows build. Tested with the prepare-on-Unix method. Some specific changes include: * Removed the IPC finalizer (no longer used after r20787) from ccapi/lib/ccapi_ipc.c, as it was creating a difficult dependency chain for the pingtest build in ccapi/test. Also updated pingtest to use the k5_ipc_stream interfaces since cci_stream is gone. * Reverted the apparently non-functional r20277. * klist -V prints just "Kerberos for Windows", since it has no access to PACKAGE_NAME and PACKAGE_VERSION from autoconf. This should be addressed correctly. * krb5, telnet, gssftp, and NIM are removed from the build. * Some files had CRLFs; these were replaced with LFs and the svn:eol-style property set on the files. Otherwise the CRLFs became CRCRLFs after the zip transfer. * Windows does not have opendir/readdir, so added Windows code to prof_parse.c for includedir. Probable fodder for a libkrb5support portability shim. ticket: 6826 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24533 dc483132-0cff-0310-8789-dd5450dbe970
* Implement Camellia-CTS-CMAC instead of Camellia-CCMGreg Hudson2010-11-2011-695/+257
| | | | | | | | | | | Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not compiled in by default since we don't have enctype assignments yet. ticket: 6822 target_verion: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970
* Make it possible to override CRYPTO_IMPL_CFLAGS and CRYPTO_IMPL_LIBS atGreg Hudson2010-10-221-1/+2
| | | | | | make time. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24469 dc483132-0cff-0310-8789-dd5450dbe970
* Minor comments related changed. Zhanna Tsitkov2010-10-065-6/+35
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24433 dc483132-0cff-0310-8789-dd5450dbe970
* Add RUN_SETUP so make check works by setting the proper LD_LIBRARY_PATHEzra Peisach2010-10-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24428 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the NSS PRNG build. Fix the build for non-gmake make. Revert aGreg Hudson2010-10-052-3/+2
| | | | | | no longer necessary change to lib/crypto/krb/Makefile.in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24427 dc483132-0cff-0310-8789-dd5450dbe970
* Some missed files needed for rev #24420Zhanna Tsitkov2010-10-0516-0/+1453
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24421 dc483132-0cff-0310-8789-dd5450dbe970
* Improves prng code modularity. Introduces fortuna-like prng that can be used ↵Zhanna Tsitkov2010-10-0518-181/+90
| | | | | | | | | in lieu of yarrow. Yarrow stays the default prng while fortuna may be engaged during configuration by using "--with-prng-alg=fortuna" flag. Also, nss crypto backend continues to use its own prng. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24420 dc483132-0cff-0310-8789-dd5450dbe970
* Merge branches/nss to trunkGreg Hudson2010-10-023-12/+85
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24416 dc483132-0cff-0310-8789-dd5450dbe970
* Allow a zero checksum type to be passed into krb5_k_verify_checksum_iov;Luke Howard2010-09-091-0/+6
| | | | | | | | this indicates that the mandatory checksum type for the key is to be used. This interface is necessary because there is no public interface through which the mandatory checksum type for an encryption type can be determined. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24304 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_k_make_checksum will use the mandatory checksum type if 0 isLuke Howard2010-09-091-0/+6
| | | | | | | | passed in as the checksum type; however krb5_k_make_checksum_iov does not support this. Add the same logic for the behaviour is consistent. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24303 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-0810-173/+257
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* Merge the camellia-ccm branch to trunk. Since there are no IANAGreg Hudson2010-09-0726-282/+1630
| | | | | | | | | assignments for Camellia-CCM enctypes or cksumtypes yet, they are disabled in a default build. They can be made available by defining (via CPPFLAGS) local-use enctype numbers for the enctypes and cksumtypes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24295 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure valid key in krb5int_yarrow_cipher_encrypt_blockEzra Peisach2010-09-041-0/+6
| | | | | | | | | | Under low memory conditions (or when testing memory allocation failures), the key pointer will be 0 - and not initialized. Test and return failure before deref a NULL. ticket: 6772 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24292 dc483132-0cff-0310-8789-dd5450dbe970
* Allow Microsoft HMAC-MD5 checksum types to use non-RC4 keysGreg Hudson2010-07-192-4/+6
| | | | | | | | | | | | | | | | | | In PAC signatures, the hmac-md5 checksum type can be used with AES keys. Make this work by removing the enc field from the hmac-md5 and md5-hmac checksum types, and adding a check in krb5int_hmacmd5_checksum() for a null key or a key which is longer than the hash block size (64 bytes for MD5). The checksum algorithm only uses the key bits; it does invoke the cipher. The checksum type names are kind of wrong, but we'll leave them alone for compatibility. The descriptions are updated. ticket: 6751 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24191 dc483132-0cff-0310-8789-dd5450dbe970
* In yarrow.c, undefine k5-trace.h's TRACE before defining it to avoid aGreg Hudson2010-06-101-0/+1
| | | | | | conflict. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24126 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-0710-257/+298
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_enctype_to_name() APIGreg Hudson2010-06-042-3/+29
| | | | | | | | | | Add an API to return the input name, or optionally the shortest alias, of an enctype. Similar to krb5_enctype_to_string() which returns a description. ticket: 6736 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24117 dc483132-0cff-0310-8789-dd5450dbe970
* Squash some warnings in the old crypto API glue. Use make_data()Greg Hudson2010-04-261-42/+20
| | | | | | where appropriate so that magic fields get initialized. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23942 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_dk_string_to_key fails to set enctypeEzra Peisach2010-01-081-0/+1
| | | | | | | | | | Failure to set the enctype before invoking krb5_k_create_key results in potential memory leak. ticket: 6628 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23612 dc483132-0cff-0310-8789-dd5450dbe970
* yarrow code does not initialize keyblock enctype and uses unitialized valueEzra Peisach2010-01-082-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | The yarrow code uses a keyblock that is partially initialized. This results in krb5_k_free_key trying to look up the enctype to call the free handler. One of the valgrind reports: (there are several paths) ==26701== Conditional jump or move depends on uninitialised value(s) ==26701== at 0x40E9AF0: find_enctype (etypes.h:81) ==26701== by 0x40E9C9E: krb5_k_free_key (key.c:91) ==26701== by 0x40D641A: krb5int_yarrow_cipher_init (ycipher.c:49) ==26701== by 0x40D593A: yarrow_gate_locked (yarrow.c:578) ==26701== by 0x40D5349: krb5int_yarrow_output_Block (yarrow.c:423) ==26701== by 0x40D581B: yarrow_output_locked (yarrow.c:553) ==26701== by 0x40D5667: krb5int_yarrow_output (yarrow.c:513) ==26701== by 0x40EBD2D: krb5_c_random_make_octets (prng.c:112) ==26701== by 0x40D4119: krb5int_old_encrypt (old_aead.c:97) ==26701== by 0x40E9696: krb5_k_encrypt_iov (encrypt_iov.c:42) ==26701== by 0x8049554: main (t_encrypt.c:206) ==26701== ticket: 6625 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23609 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_derive_key results in cache with uninitialized valuesEzra Peisach2010-01-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | krb5int_derive_key creates a temporary keyblock to add to the derived cache. krb5_k_free_key will iterate over the derived keys and for ones with cache will lookup the enctype for the key_cleanup handler. Unfortunatly, there isn't a keyblock init function that does not allocate the keyblock - as I suspect this problem will appear in other places. The valgrind log of this problem is: ==7281== Conditional jump or move depends on uninitialised value(s) ==7281== at 0x40E9AE8: find_enctype (etypes.h:81) ==7281== by 0x40E9C96: krb5_k_free_key (key.c:91) ==7281== by 0x40E9C52: krb5_k_free_key (key.c:86) ==7281== by 0x40EBB00: krb5_c_prf (prf.c:87) ==7281== by 0x40E7B1B: prf_plus (cf2.c:77) ==7281== by 0x40E7CE6: krb5_c_fx_cf2_simple (cf2.c:125) ==7281== by 0x804899C: main (t_cf2.c:70) ==7281== with memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23608 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-01-034-54/+24
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23575 dc483132-0cff-0310-8789-dd5450dbe970
* Enable caching of key-derived context info such as key schedules fromKen Raeburn2010-01-031-0/+8
| | | | | | | | | | | | | one encryption operation to another. Use a new function in the enc_provider structure for cleanup. Implement caching of aes_ctx values. Using Greg's performance tests from the derived-key caching work, on a 2.8GHz Xeon, I see 1 million AES-128 encryptions of 16 bytes improved by 5-6%; encryptions of 1024 bytes and checksums are not significantly affected. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23574 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-10-07 15:26:40 +0000