Age | Commit message (Collapse) | Author | Files | Lines |
|
instead of lists of krb5_data. Make the base HMAC APIs take
crypto_iov lists and drop the _iov variants.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23450 dc483132-0cff-0310-8789-dd5450dbe970
|
|
validate_and_schedule, and drop the _iov suffix from the one we do
use. (Cleanup from r23444.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23449 dc483132-0cff-0310-8789-dd5450dbe970
|
|
caller requests zero bytes, by allocating one byte instead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23448 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23447 dc483132-0cff-0310-8789-dd5450dbe970
|
|
internal interface can't return an error.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23446 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23445 dc483132-0cff-0310-8789-dd5450dbe970
|
|
drop the _iov suffix from most encryption- and decryption-related
functions. The enc_provider encrypt and decrypt functions take IOVs,
as do the enctype entries in etypes.c, and there are no separate
encrypt_iov or decrypt_iov functions.
aead_provider is gone. Enctype functions now take pointers to the
enctype entry instead of pointers to the enc/hash/aead providers; this
allows dk_encrypt and dk_decrypt to be polymorphic in the length
function they use now that AES and DES3 can't differentiate by aead
provider.
aes_string_to_key needed to be moved into the krb/ fold for this since
it's an enctype function; it was duplicated between builtin/ and
openssl/ before. This leaves openssl/aes empty; the build system
currently demands that all modules have the same directory structure,
so the directory and Makefile will stick around for now.
Three separate copies of the derive_random logic are also now
consolidated into one.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23443 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23442 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23441 dc483132-0cff-0310-8789-dd5450dbe970
|
|
When using my previous patch, if a local hostname like "foobar.local"
is looked up, you may get back a link-local IPv6 address. However,
the KDC seems to be unable to respond from that address, resulting in
a ~1s delay for each KDC exchange while waiting for the client to fail
over to another address (in my case, another IPv6 address).
Create a new object for holding whatever auxiliary information might
be needed to properly transmit the response to the client. Currently,
that only means the interface index number under IPv6. Fill it in on
receipt, always; copy it back to the pktinfo structure when
transmitting, ONLY if the local source address is link-local.
If an error occurs while transmitting the reply, print both the remote
destination address and the local source address. Use getnameinfo
instead of inet_ntop.
Apply the same changes to kadmind, to keep the versions of network.c
more or less in sync.
ticket: 6591
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23440 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Many of the tests are set up to fail if the local hostname can't be
mapped to an address and back to a name again. If the name results in
an address, and we can get a fully-qualified name or something that
looks like it, though, we should be able to just go ahead and run some
tests.
This is also closer to the current behavior of sname_to_principal when
reverse DNS is enabled.
ticket: 6590
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23439 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23438 dc483132-0cff-0310-8789-dd5450dbe970
|
|
functions don't need excessive conditionals internally.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23437 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23436 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23435 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23434 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23433 dc483132-0cff-0310-8789-dd5450dbe970
|
|
functions for loading and storing potentially-unaligned values.
Improves bulk AES encryption performance by 2% or so on 32-bit x86
with gcc 4.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23432 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23431 dc483132-0cff-0310-8789-dd5450dbe970
|
|
avoiding function calls and copies in the case where the next block
is wholly contained within the current buffer. To do this, introduce
two new inline functions in aead.h called iov_next_block and
iov_store_block.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23430 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23429 dc483132-0cff-0310-8789-dd5450dbe970
|
|
char blocks, casting input->data and output->data once each upon entry
to the non-IOV encrypt and decrypt functions, rather than casting our
working buffers each time we need to work with an outside function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23428 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23427 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23426 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_change_set_password and some reindentation/reformating
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23425 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23398 dc483132-0cff-0310-8789-dd5450dbe970
|
|
AES messages never need to be padded because the confounder ensures
that the plaintext is at least one block long. Remove a check in
krb5int_dk_decrypt_iov which was rejecting short AES messages because
it didn't count the header length.
ticket: 6589
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23397 dc483132-0cff-0310-8789-dd5450dbe970
|
|
buffers explicitly rather than using stream decryption. Sidesteps
some machinery and avoids copying the output.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23396 dc483132-0cff-0310-8789-dd5450dbe970
|
|
encryption with a keyblock since this makes four uses of it in one
file.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23395 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23394 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23393 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23392 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23391 dc483132-0cff-0310-8789-dd5450dbe970
|
|
dk_encrypt.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23390 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5int_des_cbc_decrypt_iov was using a plaintext block to update the
ivec. Fix it to use the last cipher block, borrowing from the
corresponding des3 function. The impact of this bug is not serious
since ivec chaining is not typically used with IOV encryption in 1.7.
ticket: 6588
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23389 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_old_decrypt; this makes every enctype have an AEAD provider. To
make this work, expose make_unkeyed_checksum_iov to other files (under
the name krb5int_hash_iov) and make krb5int_c_padding_length take into
account the header length.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23388 dc483132-0cff-0310-8789-dd5450dbe970
|
|
well as data and padding blocks when checking for correctly padded
input.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23387 dc483132-0cff-0310-8789-dd5450dbe970
|
|
so that it returns the same result if you pass it one big buffer or
many small buffers containing the same data. To do this, change the
contract of mit_crc32 so that the cksum parameter is in-out.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23386 dc483132-0cff-0310-8789-dd5450dbe970
|
|
lingering checks in the dk and raw aead providers from before that
was introduced.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23385 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6585
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23384 dc483132-0cff-0310-8789-dd5450dbe970
|
|
iterations.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23382 dc483132-0cff-0310-8789-dd5450dbe970
|
|
to use the iov entry point at both call sites. Rename the iov entry
point to remove the "_iov" suffix since it's no longer needed to
disambiguate.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23381 dc483132-0cff-0310-8789-dd5450dbe970
|
|
produces a (spurious) Coverity defect. Fix a memory leak in
krb5int_arcfour_encrypt.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23380 dc483132-0cff-0310-8789-dd5450dbe970
|
|
consistent and elegant emacs auto-formatting.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23379 dc483132-0cff-0310-8789-dd5450dbe970
|
|
arcfour encryption of GSS tokens. This factors out derivation of
the usage and encryption keys, and removes the need for the provider
structures to be visible to all of krb5 via k5-int.h.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23378 dc483132-0cff-0310-8789-dd5450dbe970
|
|
making use of newer convenience functions and by factoring out the
derivation of the usage and encryption keys.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23377 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_data structure with allocated memory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23376 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23374 dc483132-0cff-0310-8789-dd5450dbe970
|
|
to simplify the gss-krb5 code a little bit.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23372 dc483132-0cff-0310-8789-dd5450dbe970
|