aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2010-09-07Conditionalize the Camellia-CCM code, requiring the builder to defineGreg Hudson26-38/+166
local-use enctype and cksumtype numbers at build time in order to enable it. Disable tests which aren't easily conditionalized on C preprocessor defines. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24293 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-09Make the camellia-ccm cipher state just the counter value, forGreg Hudson5-9/+85
consistency with the spec. (Previously it was the whole counter block, but only the counter value was used.) To accomplish this, add methods to allow enctypes to manage cipher state. Non-CCM enctypes will simply delegate these methods to the enc provider. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24236 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-09Amendment to r24234: add t_camellia_ccm to check-unix dependenciesGreg Hudson1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24235 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-06Add two more crypto test programs on the camellia-ccm branch: one forGreg Hudson3-2/+612
string-to-key test vectors for AES and Camellia, and one for encryption and checksum test vectors for Camellia. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24234 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-03General style pass over camellia-ccm branch changesGreg Hudson5-42/+38
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24228 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-03Remove krb5int_camellia_crypto_length; it's no longer needed withoutGreg Hudson2-22/+0
the camellia-cts enctypes. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24227 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-03Simplify krb5int_dk_cmac_checksum since ctp->enc is set for theGreg Hudson1-12/+1
relevant checksum types (and thus key verification occurs in the caller). git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24226 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-03Massage the CCM encrypt/decrypt code. Mostly minor comment and styleGreg Hudson1-110/+100
changes. Remove the unused usage parameter from ccm_encrypt and ccm_decrypt. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24225 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-02Rename derive_random_sp800_cmac to include the full name of the NISTGreg Hudson1-12/+20
document, and flesh out the comments a bit. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24224 dc483132-0cff-0310-8789-dd5450dbe970
2010-08-02Parameterize krb5int_derive_random() instead of guessing whichGreg Hudson14-74/+91
algorithm to use based on the enc provider methods. Add an encrypt_block() helper function, since the introduce of counter-mode enc providers makes it a little trickier to do simple block encryption. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24223 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-30Fix/clarify some comments in the CMAC test program and untabify itGreg Hudson1-12/+13
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24222 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-30Add comments to the CMAC implementation relating it to specific stepsGreg Hudson4-14/+168
in the RFC 4493 algorithm description, and adjust the code to make it clearer what we're doing with the ivecs we're passing to the enc provider cbc_mac method. Add a test program for CMAC with Camellia-128, using the RFC 4493 test vector inputs. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24221 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-30Remove some unnecessary casts in the camellia-ccm code. (make_dataGreg Hudson2-10/+10
takes void * as its first argument.) git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24220 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-29Merge and edit some of the changes from r23983 of trunk to r24216 ofGreg Hudson56-291/+5309
users/lhoward/camellia-ccm. Keep only the code for the camellia-ccm enctypes, not camellia-cts or aes-ccm or camellia/aes-gcm. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24219 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-26Use xdr_int32 instead of xdr_u_int in xdr_krb5_enctype(), sinceGreg Hudson1-1/+1
enctypes are signed 32-bit values. Wire representation does not change. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24211 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-26Fix XDR decoding of large values in xdr_u_intGreg Hudson1-1/+1
Our ancient RPC value internally decodes 32-bit wire values into a signed long, which is then casted to the appropriate type. xdr_u_int() contains a check intended to catch wire values that don't fit into a u_int on platforms with 16-ints, but on platforms with 64-bit longs it was failing on values of 2^31 or larger because the sign-extended value appeared larger than UINT_MAX. Fix the check by casting the value to uint32_t before comparing. This bug, in combination with a poor choice of types in kadm_rpc_xdr.c's xdr_krb5_enctype(), prevented negative enctype values from being transported properly in kadmin's change_password command result. ticket: 6753 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24210 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-21Addendum to r24200: fix kdb5_ldap_util call site ofGreg Hudson1-1/+1
krb5_ldap_lib_init. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24201 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-21Revert the part of r24157 which added the dal_version argument to theGreg Hudson7-20/+19
init_library interface. Instead use the already existing maj_ver field of the DAL vtable to detect incompatibilities. Since maj_ver is a short int, use an incrementing number instead of a date for the major version. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24200 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-20Get the kdb_hdb module to compile again. Probably still buggy,Greg Hudson4-293/+161
particularly around the master key logic. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24193 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-19In kdb5_util's kdb5_ldap_create(), add back the assignment ofGreg Hudson1-0/+1
rblock.key which was erroneously removed in r24162. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24192 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-19Allow Microsoft HMAC-MD5 checksum types to use non-RC4 keysGreg Hudson2-4/+6
In PAC signatures, the hmac-md5 checksum type can be used with AES keys. Make this work by removing the enc field from the hmac-md5 and md5-hmac checksum types, and adding a check in krb5int_hmacmd5_checksum() for a null key or a key which is longer than the hash block size (64 bytes for MD5). The checksum algorithm only uses the key bits; it does invoke the cipher. The checksum type names are kind of wrong, but we'll leave them alone for compatibility. The descriptions are updated. ticket: 6751 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24191 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-19In the DAL documentation, describe how a module can supply referralGreg Hudson1-1/+4
encrypted padata. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24190 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-15Add check_allowed_to_delegate to the DAL with a corresponding libkdb5Greg Hudson14-236/+72
API, replacing the last method (CHECK_ALLOWED_TO_DELEGATE) of db_invoke. Remove db_invoke since it no longer has any methods. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24189 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-15Addendum to r24182: Fix a comment referencing the db_invokeGreg Hudson1-4/+2
SIGN_DB_AUTHDATA method. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24188 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-15Add refresh_config to the DAL with a corresponding libkdb5 API,Greg Hudson6-9/+25
replacing the REFRESH_POLICY method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-13Addendum to r24185: make audit_as_req return void, since it's anGreg Hudson8-33/+24
informational method and we're not going to do anything with the result. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-13Add audit_as_req to the DAL with a corresponding libkdb5 API,Greg Hudson13-103/+77
replacing the AUDIT_AS_REQ method of db_invoke. Remove the AUDIT_TGS_REQ method of db_invoke without adding a replacement, as there was no KDC support for it. (It can be added at a later time if necessary.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-13Add check_policy_as and check_policy_tgs to the DAL table withGreg Hudson14-174/+156
corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and CHECK_POLICY_TGS methods of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-12Add check_transited_realms to the DAL table with a correspondingGreg Hudson6-40/+40
libkdb5 API, replacing the CHECK_TRANSITED_REALMS method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24183 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-12Add sign_authdata to the DAL table with a corresponding libkdb5 API,Greg Hudson8-116/+111
replacing the SIGN_AUTH_DATA method of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-09Addendum to r24180: make sure osa_adb_get_policy sets its outputGreg Hudson1-0/+1
parameter in all cases, per coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24181 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-09Improve output variable handling of osa_adb_get_policy() in the db2Greg Hudson1-19/+20
KDB module, and close some unlikely memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24180 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-08Fix a memory leak in libkadm5clnt's get_init_creds()Greg Hudson1-4/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24179 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-08Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modulesGreg Hudson5-36/+20
should return in-realm aliases. Set it where appropriate, and use it in the LDAP module instead of intuiting the result based on other flags. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-07Add a missing break in the parsing of krb5kdc's -P option. ReportedGreg Hudson1-0/+1
by nalin@redhat.com. ticket: 6750 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24176 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-06Remove count parameters from get_principal, put_principal,Greg Hudson45-2504/+1908
free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-04Follow-on to r24168: in kdb5_ldap_util, indirect throughGreg Hudson1-5/+5
krb5_db_store_master_key instead of using the (now removed) default implementation directly. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24174 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03In kdb5.c, simplify the code for getting the profile config sectionGreg Hudson1-93/+54
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24173 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03Remove assertions for non-nullity of init_module and fini_module inGreg Hudson1-3/+0
kdb5.c for consistency with other uses of mandatory vtable functions. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24172 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03Make the APIs for iterate, get_master_key_list, set_master_key_list,Greg Hudson3-62/+24
and promote_db return KRB5_PLUGIN_OP_NOTSUPP if the KDB module does not implement them, avoiding the need for stub default implementations. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24171 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03Use KRB5_PLUGIN_OP_NOTSUPP uniformly as the error code for operationsGreg Hudson7-35/+33
not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-03Remove return value from void functionKen Raeburn1-1/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24169 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove store_master_key from the DAL table, and implementGreg Hudson6-52/+7
krb5_store_master_key in terms of krb5_store_master_key_list. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24168 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Make krb5_db_free_principal and krb5_db_free_mkey_list return void.Greg Hudson7-25/+18
Remove the stale prototype for krb5_db_free_master_key. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson12-152/+22
libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove db_ and similar prefixes from DAL function names, forGreg Hudson10-303/+279
consistency. Follow suit inside the DB2 and LDAP modules. (No change to the caller-facing libkdb5 APIs.) ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson20-190/+145
just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove setup_master_key_name from the DAL table as it was not usedGreg Hudson3-8/+1
ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24163 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Remove the set_master_key and get_master_key DAL interfaces and theirGreg Hudson18-269/+24
corresponding libkdb5 APIs, as they were not productively used. In kdb5_ldap_util, stop using the realm data's mkey field as a container to communicate the master key to static helper functions, since the field no longer exists. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
2010-07-02Follow-up to r24157: return correctly from krb5_ldap_lib_init() ifGreg Hudson1-0/+1
there is no version mismatch. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24161 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-07-09 02:18:30 +0000