aboutsummaryrefslogtreecommitdiff
path: root/src/lib
AgeCommit message (Collapse)AuthorFilesLines
2009-12-23Code modularity related updatesZhanna Tsitkov13-316/+383
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23484 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-22Remove krb5_ prefix from some static func namesZhanna Tsitkov9-102/+111
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23483 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-21Add a set_cred_option handler for SPNEGO which forwards to theGreg Hudson2-1/+25
underlying mechanism. Fixes SPNEGO credential delegation in 1.7 and copying of SPNEGO initiator creds in both 1.7 and trunk. Patch provided by nalin@redhat.com. ticket: 6594 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23482 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-17Fix a cleanup handler in the store_creds code; krb5_cc_close doesn'tGreg Hudson1-2/+2
handle NULL arguments, so we have to check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23480 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-17Add GSS extensions to store credentials, generate random bitsGreg Hudson15-2/+511
Merge /users/lhoward/gssextras-no-cqa to trunk. Adds gss_pseudo_random and gss_store_cred. ticket: 6597 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23479 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-16Whitespace fixesGreg Hudson1-7/+11
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23477 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-15On Luke's advice, remove krb5_init_creds_store_creds. It is not aGreg Hudson2-12/+0
Heimdal API and its functionality is covered by krb5_get_init_creds_opt_set_out_ccache. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23469 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-15Get rid of the requirement of defining MAX_ENCTYPE inGreg Hudson1-36/+56
krb5int_parse_enctype_list, at the cost of making repeated realloc() calls during parsing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23468 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-15Formatining enhancementZhanna Tsitkov2-18/+21
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23467 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-14fast negotiation projecSam Hartman12-106/+592
Merge branches/fast-negotiate into trunk. This implements http://k5wiki.kerberos.org/wiki/Projects/Fast_negotiation Additional changes: * krb5_c_make_checksum with checksum type 0 uses mandatory checksum for given key enctype Conflicts: src/lib/crypto/krb/make_checksum.c ticket: 6595 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23465 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-10Don't use sizeof(pointertype) to get the length of an allocated arrayTom Yu1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23464 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-10Add comments to make it slightly clearer howGreg Hudson1-1/+2
krb5int_confounder_checksum works. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23463 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-10Restructure the crypto checksum implementation to minimizeGreg Hudson44-1278/+858
dependencies on the internals of modules. * Keyhash providers are gone. * The cksumtypes table contains checksum and verify functions, similar to the etypes encrypt and decrypt functions. New checksum functions parallel the old keyhash providers, and there are also functions for unkeyed and derived-key HMAC checksums. * The flags field is now used to indicate whether a checksum is unkeyed, but not whether it is a derived-key HMAC checksum. * The descbc checksum is handled through a new enc_provider function which calculates a CBC MAC. The OpenSSL module does not implement the CBC MAC function (it didn't implement descbc before). builtin/des could probably get rid of f_cksum.c (the old DES CBC routine) with some alterations to string2key.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23462 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-09Change file holder for krb5int_check_clockskew. Minor Style changes per code ↵Zhanna Tsitkov2-41/+40
practices git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23460 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-08Mark and reindent lib/gssapi, with some exceptionsTom Yu64-312/+312
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23457 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-07Mark lib/apputilsTom Yu1-0/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23456 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-07handle negative enctypes betterTom Yu2-4/+5
krb5_dbe_def_search_enctype and krb5int_parse_enctype_list were making assumptions that enctype numbers are positive. Potentially more code makes this assumption, but these appear to be the major ones. ticket: 6592 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23454 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-06Initialize ihash_iov in case fall through to cleanup handler and tryEzra Peisach1-1/+1
to free garbarge. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23453 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-06Remove the ivec parameters from the keyhash provider functions, asGreg Hudson10-29/+23
they are never used by callers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23452 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-06Make dependGreg Hudson2-52/+64
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23451 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-06Make the libk5crypto hash_provider interface take crypto_iov listsGreg Hudson28-474/+291
instead of lists of krb5_data. Make the base HMAC APIs take crypto_iov lists and drop the _iov variants. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23450 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-06In the built-in des3 provider, remove the unused version ofGreg Hudson1-29/+3
validate_and_schedule, and drop the _iov suffix from the one we do use. (Cleanup from r23444.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23449 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-04Remove some code paths in crypto-length which are dead now that theGreg Hudson1-11/+2
internal interface can't return an error. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23446 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-04Remove CRC32_SHIFT4 code as we are unlikely to ever need itGreg Hudson3-47/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23445 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-04Consolidate the IOV and non-IOV encryption/decryption code paths, andGreg Hudson81-4002/+1084
drop the _iov suffix from most encryption- and decryption-related functions. The enc_provider encrypt and decrypt functions take IOVs, as do the enctype entries in etypes.c, and there are no separate encrypt_iov or decrypt_iov functions. aead_provider is gone. Enctype functions now take pointers to the enctype entry instead of pointers to the enc/hash/aead providers; this allows dk_encrypt and dk_decrypt to be polymorphic in the length function they use now that AES and DES3 can't differentiate by aead provider. aes_string_to_key needed to be moved into the krb/ fold for this since it's an enctype function; it was duplicated between builtin/ and openssl/ before. This leaves openssl/aes empty; the build system currently demands that all modules have the same directory structure, so the directory and Makefile will stick around for now. Three separate copies of the derive_random logic are also now consolidated into one. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-03Revert r23442. Revert r23436 changes unrelated to comment reformattingTom Yu2-12/+141
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23443 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-03Update export list to reflect changes in r23436Tom Yu1-2/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23442 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-03Sense of POINTERS_ARE_ALL_THE_SAME test was backwardsKen Raeburn1-3/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23438 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-02Reformat new block comment per coding styleGreg Hudson1-152/+26
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23436 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-02Actually record dependencies of crypto testsKen Raeburn1-1/+152
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23435 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-02update dependenciesKen Raeburn3-17/+31
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23433 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-02Perform the AES-CBC XOR operations 4 bytes at a time, using the helperKen Raeburn1-2/+18
functions for loading and storing potentially-unaligned values. Improves bulk AES encryption performance by 2% or so on 32-bit x86 with gcc 4. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23432 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-02Speed up the per-block loops of AES, DES3, and DES IOV encryption byGreg Hudson5-197/+160
avoiding function calls and copies in the case where the next block is wholly contained within the current buffer. To do this, introduce two new inline functions in aead.h called iov_next_block and iov_store_block. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23430 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-02Remove t_kperf on make cleanGreg Hudson1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23429 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-02Clean up the AES enc_provider code a bit. Chiefly, work with unsignedGreg Hudson1-80/+64
char blocks, casting input->data and output->data once each upon entry to the non-IOV encrypt and decrypt functions, rather than casting our working buffers each time we need to work with an outside function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23428 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-02In t_kperf, generate a valid ciphertext when testing decryptionGreg Hudson1-0/+8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23427 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-02Fix an incorrect length in the new krb5int_c_decrypt_aead_compatGreg Hudson1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23426 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-02Fixed the conflicting type "static krb5_error_code KRB5_CALLCONV" of ↵Zhanna Tsitkov1-30/+42
krb5_change_set_password and some reindentation/reformating git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23425 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-01Reindent and removed krb5_ prefix from static func nameZhanna Tsitkov1-67/+67
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23398 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-01Fix AES IOV decryption of small messagesGreg Hudson1-13/+8
AES messages never need to be padded because the confounder ensures that the plaintext is at least one block long. Remove a check in krb5int_dk_decrypt_iov which was rejecting short AES messages because it didn't count the header length. ticket: 6589 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23397 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-01Make krb5int_c_decrypt_aead_compat more efficient by building theGreg Hudson1-23/+41
buffers explicitly rather than using stream decryption. Sidesteps some machinery and avoids copying the output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23396 dc483132-0cff-0310-8789-dd5450dbe970
2009-12-01Fix the usage fallback in krb5int_arcfour_decrypt_iov. Factor out IOVGreg Hudson1-25/+29
encryption with a keyblock since this makes four uses of it in one file. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23395 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-30ReindentZhanna Tsitkov3-74/+55
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23393 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-30Remove some stray tabsGreg Hudson1-4/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23391 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-30Use aead_dk instead of aead_old for des-hmac-sha1, since it usesGreg Hudson1-1/+1
dk_encrypt. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23390 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-30Fix ivec chaining for DES iov encryptionGreg Hudson1-2/+5
krb5int_des_cbc_decrypt_iov was using a plaintext block to update the ivec. Fix it to use the last cipher block, borrowing from the corresponding des3 function. The impact of this bug is not serious since ivec chaining is not typically used with IOV encryption in 1.7. ticket: 6588 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23389 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-30Add an AEAD provider for enctypes which use krb5_old_encrypt andGreg Hudson6-17/+245
krb5_old_decrypt; this makes every enctype have an AEAD provider. To make this work, expose make_unkeyed_checksum_iov to other files (under the name krb5int_hash_iov) and make krb5int_c_padding_length take into account the header length. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23388 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-30In the des enc_provider decrypt_iov function, count header blocks asGreg Hudson1-1/+1
well as data and padding blocks when checking for correctly padded input. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23387 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-30Make the crc32 hash provider correctly chain multiple input buffers,Greg Hudson5-12/+13
so that it returns the same result if you pass it one big buffer or many small buffers containing the same data. To do this, change the contract of mit_crc32 so that the cksum parameter is in-out. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23386 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-30Stream decryption is handled in krb5_k_decrypt_iov; remove someGreg Hudson2-12/+0
lingering checks in the dk and raw aead providers from before that was introduced. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23385 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-07-09 02:20:00 +0000