Age | Commit message (Collapse) | Author | Files | Lines |
|
local-use enctype and cksumtype numbers at build time in order to
enable it. Disable tests which aren't easily conditionalized on C
preprocessor defines.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24293 dc483132-0cff-0310-8789-dd5450dbe970
|
|
consistency with the spec. (Previously it was the whole counter block,
but only the counter value was used.) To accomplish this, add methods
to allow enctypes to manage cipher state. Non-CCM enctypes will simply
delegate these methods to the enc provider.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24236 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24235 dc483132-0cff-0310-8789-dd5450dbe970
|
|
string-to-key test vectors for AES and Camellia, and one for encryption
and checksum test vectors for Camellia.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24234 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24228 dc483132-0cff-0310-8789-dd5450dbe970
|
|
the camellia-cts enctypes.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24227 dc483132-0cff-0310-8789-dd5450dbe970
|
|
relevant checksum types (and thus key verification occurs in the
caller).
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24226 dc483132-0cff-0310-8789-dd5450dbe970
|
|
changes. Remove the unused usage parameter from ccm_encrypt and
ccm_decrypt.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24225 dc483132-0cff-0310-8789-dd5450dbe970
|
|
document, and flesh out the comments a bit.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24224 dc483132-0cff-0310-8789-dd5450dbe970
|
|
algorithm to use based on the enc provider methods. Add an
encrypt_block() helper function, since the introduce of counter-mode
enc providers makes it a little trickier to do simple block
encryption.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24223 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24222 dc483132-0cff-0310-8789-dd5450dbe970
|
|
in the RFC 4493 algorithm description, and adjust the code to make it
clearer what we're doing with the ivecs we're passing to the enc
provider cbc_mac method. Add a test program for CMAC with
Camellia-128, using the RFC 4493 test vector inputs.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24221 dc483132-0cff-0310-8789-dd5450dbe970
|
|
takes void * as its first argument.)
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24220 dc483132-0cff-0310-8789-dd5450dbe970
|
|
users/lhoward/camellia-ccm. Keep only the code for the camellia-ccm
enctypes, not camellia-cts or aes-ccm or camellia/aes-gcm.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24219 dc483132-0cff-0310-8789-dd5450dbe970
|
|
enctypes are signed 32-bit values. Wire representation does not
change.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24211 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Our ancient RPC value internally decodes 32-bit wire values into a
signed long, which is then casted to the appropriate type.
xdr_u_int() contains a check intended to catch wire values that don't
fit into a u_int on platforms with 16-ints, but on platforms with
64-bit longs it was failing on values of 2^31 or larger because the
sign-extended value appeared larger than UINT_MAX. Fix the check by
casting the value to uint32_t before comparing.
This bug, in combination with a poor choice of types in
kadm_rpc_xdr.c's xdr_krb5_enctype(), prevented negative enctype values
from being transported properly in kadmin's change_password command
result.
ticket: 6753
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24210 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_ldap_lib_init.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24201 dc483132-0cff-0310-8789-dd5450dbe970
|
|
init_library interface. Instead use the already existing maj_ver
field of the DAL vtable to detect incompatibilities. Since maj_ver
is a short int, use an incrementing number instead of a date for the
major version.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24200 dc483132-0cff-0310-8789-dd5450dbe970
|
|
particularly around the master key logic.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24193 dc483132-0cff-0310-8789-dd5450dbe970
|
|
rblock.key which was erroneously removed in r24162.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24192 dc483132-0cff-0310-8789-dd5450dbe970
|
|
In PAC signatures, the hmac-md5 checksum type can be used with AES
keys. Make this work by removing the enc field from the hmac-md5 and
md5-hmac checksum types, and adding a check in
krb5int_hmacmd5_checksum() for a null key or a key which is longer
than the hash block size (64 bytes for MD5). The checksum algorithm
only uses the key bits; it does invoke the cipher.
The checksum type names are kind of wrong, but we'll leave them alone
for compatibility. The descriptions are updated.
ticket: 6751
target_version: 1.8.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24191 dc483132-0cff-0310-8789-dd5450dbe970
|
|
encrypted padata.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24190 dc483132-0cff-0310-8789-dd5450dbe970
|
|
API, replacing the last method (CHECK_ALLOWED_TO_DELEGATE) of
db_invoke. Remove db_invoke since it no longer has any methods.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24189 dc483132-0cff-0310-8789-dd5450dbe970
|
|
SIGN_DB_AUTHDATA method.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24188 dc483132-0cff-0310-8789-dd5450dbe970
|
|
replacing the REFRESH_POLICY method of db_invoke.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24187 dc483132-0cff-0310-8789-dd5450dbe970
|
|
informational method and we're not going to do anything with the
result.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24186 dc483132-0cff-0310-8789-dd5450dbe970
|
|
replacing the AUDIT_AS_REQ method of db_invoke. Remove the
AUDIT_TGS_REQ method of db_invoke without adding a replacement, as
there was no KDC support for it. (It can be added at a later time if
necessary.)
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
|
|
corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and
CHECK_POLICY_TGS methods of db_invoke.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
|
|
libkdb5 API, replacing the CHECK_TRANSITED_REALMS method of db_invoke.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24183 dc483132-0cff-0310-8789-dd5450dbe970
|
|
replacing the SIGN_AUTH_DATA method of db_invoke.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24182 dc483132-0cff-0310-8789-dd5450dbe970
|
|
parameter in all cases, per coding standards.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24181 dc483132-0cff-0310-8789-dd5450dbe970
|
|
KDB module, and close some unlikely memory leaks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24180 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24179 dc483132-0cff-0310-8789-dd5450dbe970
|
|
should return in-realm aliases. Set it where appropriate, and use it
in the LDAP module instead of intuiting the result based on other
flags.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
|
|
by nalin@redhat.com.
ticket: 6750
target_version: 1.8.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24176 dc483132-0cff-0310-8789-dd5450dbe970
|
|
free_principal, delete_principal, and get_policy. Make get_principal
allocate the DB entry container. Fold krb5_db_get_principal_ext into
krb5_db_get_principal.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_db_store_master_key instead of using the (now removed) default
implementation directly.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24174 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24173 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kdb5.c for consistency with other uses of mandatory vtable functions.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24172 dc483132-0cff-0310-8789-dd5450dbe970
|
|
and promote_db return KRB5_PLUGIN_OP_NOTSUPP if the KDB module does
not implement them, avoiding the need for stub default
implementations.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24171 dc483132-0cff-0310-8789-dd5450dbe970
|
|
not supported by a KDB module. (Previously KRB5_KDB_DBTYPE_NOSUP was
used in some cases and KRB5_PLUGIN_OP_NOTSUPP in others.)
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24170 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24169 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_store_master_key in terms of krb5_store_master_key_list.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24168 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Remove the stale prototype for krb5_db_free_master_key.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24167 dc483132-0cff-0310-8789-dd5450dbe970
|
|
libkdb5 interface. Callers can (and mostly already do) use
krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create,
tests/verify, and kdb5_util dump to do so.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
|
|
consistency. Follow suit inside the DB2 and LDAP modules. (No change
to the caller-facing libkdb5 APIs.)
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24165 dc483132-0cff-0310-8789-dd5450dbe970
|
|
just use the krb5_dbe prefix.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24163 dc483132-0cff-0310-8789-dd5450dbe970
|
|
corresponding libkdb5 APIs, as they were not productively used. In
kdb5_ldap_util, stop using the realm data's mkey field as a container
to communicate the master key to static helper functions, since the
field no longer exists.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
|
|
there is no version mismatch.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24161 dc483132-0cff-0310-8789-dd5450dbe970
|