summaryrefslogtreecommitdiffstats
path: root/src/lib/crypto
Commit message (Collapse)AuthorAgeFilesLines
* Include autoconf.h before system headersGreg Hudson2014-07-082-6/+1
| | | | | | | | | Include autoconf.h (either directly or via proxy) before system headers, so that feature test macros defined there can affect the system namespace. Where include order was changed, eliminate some redundant or unnecessary includes. ticket: 7961
* Add tests for krb5int_c_combine_keysGreg Hudson2014-05-213-3/+98
| | | | | | | | | | | | krb5int_c_combine_keys is used only by SAM-2 preauth with neither the send-encrypted-sad nor use-sad-as-key flags, so it isn't covered by any automated function tests. Add some unit tests to make sure that it works and returns the expected results for two randomly generated test vectors. ticket: 7914 target_version: 1.12.2 tags: pullup
* Fix krb5int_c_combine_keysKen Hornstein2014-05-211-0/+1
| | | | | | | | | | | | When krb5int_c_combine_keys was updated to use the new crypto interface, a small bug was introduced. It turns out the temporary keyblock created needs to have its enctype set; otherwise, when krb5int_derive_keyblock() is called later, it will fail with KRB5_BAD_ENCTYPE. ticket: 7914 target_version: 1.12.2 tags: pullup
* Modernize default_state.cGreg Hudson2014-03-252-18/+11
| | | | | | | Use alloc_data() and empty_data() where appropriate. Keep mainline logic to the left where possible. Name the output parameter of krb5int_des_init_state with an _out suffix. Use a professional tone in comments. Partly based on a patch from Alok Menghrajani.
* Eliminate internal fixed-width type wrappersGreg Hudson2014-02-261-1/+1
| | | | | Directly use stdint.h names for integer types in preference to the various internal names we have made up for them.
* Get rid of builtin AES uitypes.hGreg Hudson2014-02-2611-749/+612
| | | | | Remove uitypes.h and just include stdint.h; all we need from it is uint{8,16,32}_t.
* Clean up AES-NI codeTom Yu2014-01-102-98/+2
| | | | | Items in .data other than shuffle_mask are unused; delete them. Delete the unused macro load_and_inc4. Move shuffle_mask to .rodata.
* Avoid text relocations in iaesx86.sTom Yu2014-01-101-2/+8
| | | | | | | | | | Use PC-relative addressing to avoid runtime text relocations on i386. Adapted patch from Nalin Dahyabhai. ticket: 7815 target_version: 1.12.1 tags: pullup
* Mark AESNI files as not needing executable stacksGreg Hudson2014-01-032-0/+22
| | | | | | | | | | | | | | | Some Linux systems now come with facilities to mark the stack as non-executable, making it more difficult to exploit buffer overrun bugs. For this to work, object files built from assembly need a section added to note whether they require an executable stack. Patch from Dhiru Kholia with comments added. More information at: https://bugzilla.redhat.com/show_bug.cgi?id=1045699 https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart ticket: 7813 target_version: 1.12.1 tags: pullup
* Remove a warning in AES string-to-keyGreg Hudson2013-11-151-7/+4
| | | | | | | On 32-bit platforms, the code to translate an iteration count of 0 to 2^32 can trigger a compiler warning. Since we will basically never accept an iteration count that high (right now we reject anything above 2^24), just reject it out of hand.
* Enforce minimum PBKDF2 iteration countTom Yu2013-11-153-65/+233
| | | | | | | | | Also add a testing interface to allow weak iteration counts. (Published test vectors use weak iteration counts.) ticket: 7465 target_version: 1.12 tags: pullup
* Use constant-time comparisons for checksumsGreg Hudson2013-10-036-7/+7
|
* Use k5calloc instead of k5alloc where appropriateGreg Hudson2013-07-115-6/+6
| | | | | Wherever we use k5alloc with a multiplication in the size parameter,, use the new k5calloc helper function instead.
* Fix various warningsGreg Hudson2013-06-075-20/+24
|
* Fix non-builtin crypto module buildsGreg Hudson2013-05-2911-24/+39
| | | | | | | Commit 4b0985f8573840838bcfa8ec1df3dcd39a3dbf15 went a bit too far in pruning the placeholder makefiles for the openssl and nss crypto modules. We need enough boilerplate to create OBJS.SH in each directory.
* Add AES-NI support on LinuxGreg Hudson2013-05-242-5/+138
| | | | | | | If yasm and cpuid.h are present on a Linux i686 or x64 system, compile the modified Intel AES-NI assembly sources. In the builtin AES enc provider, check at runtime whether the CPU supports AES-NI instructions and use the assembly functions if so.
* Adjust AESNI sources for krb5 treeGreg Hudson2013-05-242-2588/+17
| | | | | Remove functions we don't need. Add macros to redefine functions with an appropriate namespace prefix.
* Add Intel AESNI assembly filesGreg Hudson2013-05-242-0/+4280
| | | | | | Add assembly files from the Intel AESNI Sample Library, version 1.2, which implement AES encryption using AES-NI instructions. Trailing whitespace was removed.
* Refactor AES, Camellia builtin enc providersGreg Hudson2013-05-242-302/+309
| | | | | | | In preparation for AES-NI support, adjust the block encryption helpers in the AES enc provider so that the cache is only touched by helpers, and reframe the CTS operations in terms of CBC operations. Change the Camellia enc provider as well for consistency.
* Simplify crypto IOV helpersGreg Hudson2013-05-2415-768/+375
| | | | | | | | Expand the concept of an IOV block state into a cursor which remembers the IOV set being iterated over, the block size, and both input and output positions. Eliminate the no-copy inline block getter for now, but provide helpers to grab contiguous chains of blocks from a cursor. Also provide an inline helper to sum the total length of an iov chain.
* Reduce boilerplate in makefilesGreg Hudson2013-05-1633-329/+8
| | | | | | | | | Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH, SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make sure to use DEFINES for local defines (not DEFS). Remove some other unnecessary makefile content.
* Fix NSS crypto back end for mutex changesGreg Hudson2013-05-161-5/+2
| | | | | Adjust a stray k5_mutex_lock invocation in the NSS crypto back end after 6350fd0c909d84c00200885e722cc902049ada05.
* Assume mutex locking cannot failGreg Hudson2013-05-141-7/+2
| | | | | | | | | | | | Locking and unlocking a non-recursive mutex is a simple memory operation and should not fail on any reasonable platform with correct usage. A pthread mutex can return EDEADLK on lock or EPERM on unlock, or EINVAL if the mutex is uninitialized, but all of these conditions would reflect serious bugs in the calling code. Change the k5_mutex_lock and k5_mutex_unlock wrappers to return void and adjust all call sites. Propagate this change through k5_cc_mutex_lock and k5_cc_mutex_unlock as well.
* Rename internal Camellia symbolsGreg Hudson2013-05-131-0/+12
| | | | | | | | | | | Symbols from the NTT Camellia sources, used in the builtin crypto provider, could conflict with symbols from other libraries such as OpenSSL's libcrypto. Rename those like we rename the Gladman AES symbols. ticket: 7626 target_version: 1.11.3 tags: pullup
* fix crypto openssl hmac warningGilles Espinasse2013-05-091-1/+1
| | | | ticket: 7634
* Fix link line for t_fortunaGilles Espinasse2013-05-011-1/+1
| | | | ticket: 7628
* Avoid passing null pointers to memcpy/memcmpGreg Hudson2013-04-083-9/+16
| | | | | | | | | | | | | | | By a strict reading of the C standard, memcpy and memcmp have undefined behavior if their pointer arguments aren't valid object pointers, even if the length argument is 0. Compilers are becoming more aggressive about breaking code with undefined behavior, so we should try to avoid it when possible. In a krb5_data object, we frequently use NULL as the data value when the length is 0. Accordingly, we should avoid copying from or comparing the data field of a length-0 krb5_data object. Add checks to our wrapper functions (like data_eq and k5_memdup) and to code which works with possibly-empty krb5_data objects. In a few places, use wrapper functions to simplify the code rather than adding checks.
* Fix zap size in confounder checksum mk_xorkeyGreg Hudson2013-03-291-1/+1
|
* Clean up cksum handling in CMAC token functionsGreg Hudson2013-03-291-3/+1
| | | | | | In krb5int_dk_cmac_encrypt, cksum wasn't used. In krb5int_dk_cmac_decrypt, cksum needs to be initialized since we clean it up.
* make dependGreg Hudson2013-03-2410-345/+292
|
* Move a bunch of stuff out of k5-int.hGreg Hudson2013-03-243-11/+2
| | | | | | | | | Move internal declarations from k5-int.h to more localized headers (like int-proto.h) where appropriate. Rename many symbols whose prototypes were moved to use the k5_ prefix instead of krb5int_. Remove some unused declarations or move them to the single source file they were needed in. Remove krb5_creds_compare since it isn't used any more.
* Allocate space for NUL byte in test codeDavid Benjamin2013-03-151-1/+1
| | | | Caught by ASan.
* Modernize k5bufGreg Hudson2013-02-142-11/+11
| | | | | | Rename the krb5int_buf_ family of functions to use the k5_ prefix for brevity. Reformat some k5buf implementation code to match current practices.
* Add and use k5memdup, k5memdup0 helpersGreg Hudson2013-02-093-9/+6
| | | | | | Add k5-int.h static functions to duplicate byte ranges, optionally with a trailing zero byte, and set an error code like k5alloc does. Use them where they would shorten existing code.
* make dependGreg Hudson2013-01-1012-501/+615
| | | | | Mostly this gets rid of the trailing space on line 2 after bb76891f5386526bdf91bc790c614fc9296cb5fa.
* Separate clpreauth and kdcpreauth interfacesGreg Hudson2012-12-1914-761/+636
| | | | | | | Since there is no overlap between the clpreauth and kdcpreauth interface declarations, there's no particular reason to combine them into one header. For backward compatibility and convenience, leave behind a preauth_plugin.h which includes both.
* Style cleanup for internal error handlingGreg Hudson2012-12-191-3/+4
| | | | | | | Fix style issues in kerrs.c and errors.c. Rename error handling functions to use shorter k5_ prefix. Eliminate an inoperable krb5int_set_error() call in gic_opte_alloc and convert the other call to use krb5_set_error_message().
* Build fixes for windowsBen Kaduk2012-12-051-0/+2
| | | | | | | | | | | | Add entries to OBJS and SRCS as well as STLIBOBJS. Use KRB5_CALLCONV at function definition as well as declaration. Declare missing variable in _WIN32-conditional code. ticket: 7479 (new) tags: pullup target_version: 1.11
* Add camellia_key_cleanupBen Kaduk2012-11-281-1/+9
| | | | | | | | Fix memory leak. ticket: 7457 tags: pullup target_version: 1.11
* make dependTom Yu2012-10-152-19/+12
|
* De-conditionalize Camellia codeGreg Hudson2012-10-0924-160/+6
| | | | | | | | | | The Camellia enctypes and cksumtypes have received IANA assignments. Add #defines using those assignments to krb5.h, remove the CAMELLIA conditional, and enable testing code as appropriate. The Camellia draft has not received an RFC number yet, so there is no Doxygen markup for the enctype and cksumtype #defines. That can be added once the RFC number is known.
* Check alloc_data result in krb5int_old_encryptGreg Hudson2012-05-131-0/+2
|
* Stop using SALT_TYPE_AFS_LENGTHGreg Hudson2012-04-272-23/+3
| | | | | | | | | | | | In krb5_init_creds_ctx and krb5_clpreauth_rock_st, use a boolean to track whether we're still using the default salt instead of overloading salt.length. In preauth2.c, process afs3 salt values like we would in krb5int_des_string_to_key, and set an s2kparams indicator instead of overloading salt.length. Also use an s2kparams indicator in kdb_cpw.c's add_key_pwd. Remove the s2k code to handle overloaded salt lengths, except for a sanity check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25837 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid side effects in assert expressionsGreg Hudson2012-03-091-1/+2
| | | | | | | | | | | | asserts may be compiled out with -DNDEBUG, so it's wrong to use an assert expression with an important side effect. (We also have scores of side-effecting asserts in test programs, but those are less important and can be dealt with separately.) ticket: 7105 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25760 dc483132-0cff-0310-8789-dd5450dbe970
* Fix intermediate key length in hmac-md5 checksumGreg Hudson2011-10-281-1/+1
| | | | | | | | | | | | When using hmac-md5, the intermediate key length is the output of the hash function (128 bits), not the input key length. Relevant if the input key is not an RC4 key. ticket: 6994 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25418 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-1710-54/+55
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* Fix windows fork detectionSam Hartman2011-10-141-6/+10
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25334 dc483132-0cff-0310-8789-dd5450dbe970
* Don't need to check for fork on windowsSam Hartman2011-10-051-3/+8
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25311 dc483132-0cff-0310-8789-dd5450dbe970
* Improve k5_get_os_entropy for WindowsGreg Hudson2011-10-041-1/+2
| | | | | | | | When acquiring a crypto context for CryptGenRandom, pass CRYPT_VERIFYCONTEXT to indicate that we don't need access to private keys. Appears to make OS entropy work on Windows XP. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25297 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a Fortuna PRNG failure caseGreg Hudson2011-10-031-1/+3
| | | | | | | | If we don't have entropy when krb5_c_random_make_octets is called, unlock the mutex before returning an error. From kevin.wasserman@painless-security.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25295 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-02-24 22:30:05 +0000