Make compile for weak crypto global (HEIM_WEAK_CRYPTO) and use it for GSSAPI too
This commit is contained in:
@@ -61,6 +61,8 @@ LT_INIT([shared static win32-dll])
|
||||
AM_CONDITIONAL(ENABLE_SHARED, test "$enable_shared" = "yes")
|
||||
rk_VERSIONSCRIPT
|
||||
|
||||
AC_DEFINE(HEIM_WEAK_CRYPTO, 1, [Define if you want support for weak crypto])
|
||||
|
||||
rk_TEST_PACKAGE(openldap,
|
||||
[#include <lber.h>
|
||||
#include <ldap.h>],
|
||||
|
@@ -33,6 +33,8 @@
|
||||
|
||||
#include "gsskrb5_locl.h"
|
||||
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
|
||||
static OM_uint32
|
||||
mic_des
|
||||
(OM_uint32 * minor_status,
|
||||
@@ -125,6 +127,7 @@ mic_des
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
#endif
|
||||
|
||||
static OM_uint32
|
||||
mic_des3
|
||||
@@ -301,8 +304,12 @@ OM_uint32 _gsskrb5_get_mic
|
||||
|
||||
switch (keytype) {
|
||||
case KEYTYPE_DES :
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
ret = mic_des (minor_status, ctx, context, qop_req,
|
||||
message_buffer, message_token, key);
|
||||
#else
|
||||
ret = GSS_S_FAILURE;
|
||||
#endif
|
||||
break;
|
||||
case KEYTYPE_DES3 :
|
||||
ret = mic_des3 (minor_status, ctx, context, qop_req,
|
||||
|
@@ -33,6 +33,8 @@
|
||||
|
||||
#include "gsskrb5_locl.h"
|
||||
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
|
||||
static OM_uint32
|
||||
unwrap_des
|
||||
(OM_uint32 * minor_status,
|
||||
@@ -182,6 +184,7 @@ unwrap_des
|
||||
output_message_buffer->length);
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
#endif
|
||||
|
||||
static OM_uint32
|
||||
unwrap_des3
|
||||
@@ -416,9 +419,13 @@ OM_uint32 _gsskrb5_unwrap
|
||||
|
||||
switch (keytype) {
|
||||
case KEYTYPE_DES :
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
ret = unwrap_des (minor_status, ctx,
|
||||
input_message_buffer, output_message_buffer,
|
||||
conf_state, qop_state, key);
|
||||
#else
|
||||
ret = GSS_S_FAILURE;
|
||||
#endif
|
||||
break;
|
||||
case KEYTYPE_DES3 :
|
||||
ret = unwrap_des3 (minor_status, ctx, context,
|
||||
|
@@ -33,6 +33,8 @@
|
||||
|
||||
#include "gsskrb5_locl.h"
|
||||
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
|
||||
static OM_uint32
|
||||
verify_mic_des
|
||||
(OM_uint32 * minor_status,
|
||||
@@ -129,6 +131,7 @@ verify_mic_des
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
#endif
|
||||
|
||||
static OM_uint32
|
||||
verify_mic_des3
|
||||
@@ -296,9 +299,13 @@ _gsskrb5_verify_mic_internal
|
||||
krb5_enctype_to_keytype (context, key->keytype, &keytype);
|
||||
switch (keytype) {
|
||||
case KEYTYPE_DES :
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
ret = verify_mic_des (minor_status, ctx, context,
|
||||
message_buffer, token_buffer, qop_state, key,
|
||||
type);
|
||||
#else
|
||||
ret = GSS_S_FAILURE;
|
||||
#endif
|
||||
break;
|
||||
case KEYTYPE_DES3 :
|
||||
ret = verify_mic_des3 (minor_status, ctx, context,
|
||||
|
@@ -168,7 +168,11 @@ _gsskrb5_wrap_size_limit (
|
||||
|
||||
switch (keytype) {
|
||||
case KEYTYPE_DES :
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
|
||||
#else
|
||||
ret = GSS_S_FAILURE;
|
||||
#endif
|
||||
break;
|
||||
case KEYTYPE_ARCFOUR:
|
||||
case KEYTYPE_ARCFOUR_56:
|
||||
@@ -188,6 +192,8 @@ _gsskrb5_wrap_size_limit (
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
|
||||
static OM_uint32
|
||||
wrap_des
|
||||
(OM_uint32 * minor_status,
|
||||
@@ -325,6 +331,8 @@ wrap_des
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
static OM_uint32
|
||||
wrap_des3
|
||||
(OM_uint32 * minor_status,
|
||||
@@ -553,9 +561,13 @@ OM_uint32 _gsskrb5_wrap
|
||||
|
||||
switch (keytype) {
|
||||
case KEYTYPE_DES :
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
ret = wrap_des (minor_status, ctx, context, conf_req_flag,
|
||||
qop_req, input_message_buffer, conf_state,
|
||||
output_message_buffer, key);
|
||||
#else
|
||||
ret = GSS_S_FAILURE;
|
||||
#endif
|
||||
break;
|
||||
case KEYTYPE_DES3 :
|
||||
ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
|
||||
|
@@ -36,8 +36,6 @@
|
||||
#include "krb5_locl.h"
|
||||
#include <pkinit_asn1.h>
|
||||
|
||||
#define WEAK_ENCTYPES 1
|
||||
|
||||
#ifndef HEIMDAL_SMALLER
|
||||
#define DES3_OLD_ENCTYPE 1
|
||||
#endif
|
||||
@@ -182,7 +180,7 @@ struct evp_schedule {
|
||||
|
||||
static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
|
||||
|
||||
#ifdef WEAK_ENCTYPES
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
static void
|
||||
krb5_DES_random_key(krb5_context context,
|
||||
krb5_keyblock *key)
|
||||
@@ -715,7 +713,7 @@ evp_cleanup(krb5_context context, struct key_data *kd)
|
||||
*
|
||||
*/
|
||||
|
||||
#ifdef WEAK_ENCTYPES
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
static struct salt_type des_salt[] = {
|
||||
{
|
||||
KRB5_PW_SALT,
|
||||
@@ -786,7 +784,7 @@ static struct key_type keytype_null = {
|
||||
NULL
|
||||
};
|
||||
|
||||
#ifdef WEAK_ENCTYPES
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
static struct key_type keytype_des_old = {
|
||||
KEYTYPE_DES,
|
||||
"des-old",
|
||||
@@ -812,7 +810,7 @@ static struct key_type keytype_des = {
|
||||
evp_cleanup,
|
||||
EVP_des_cbc
|
||||
};
|
||||
#endif /* WEAK_ENCTYPES */
|
||||
#endif /* HEIM_WEAK_CRYPTO */
|
||||
|
||||
#ifdef DES3_OLD_ENCTYPE
|
||||
static struct key_type keytype_des3 = {
|
||||
@@ -2056,7 +2054,7 @@ evp_encrypt(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef WEAK_ENCTYPES
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
static krb5_error_code
|
||||
evp_des_encrypt_null_ivec(krb5_context context,
|
||||
struct key_data *key,
|
||||
@@ -2505,7 +2503,7 @@ static struct encryption_type enctype_des3_cbc_none = {
|
||||
0,
|
||||
NULL
|
||||
};
|
||||
#ifdef WEAK_ENCTYPES
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
static struct encryption_type enctype_des_cbc_crc = {
|
||||
ETYPE_DES_CBC_CRC,
|
||||
"des-cbc-crc",
|
||||
@@ -2590,7 +2588,7 @@ static struct encryption_type enctype_des_pcbc_none = {
|
||||
0,
|
||||
NULL
|
||||
};
|
||||
#endif /* WEAK_ENCTYPES */
|
||||
#endif /* HEIM_WEAK_CRYPTO */
|
||||
|
||||
static struct encryption_type *etypes[] = {
|
||||
&enctype_aes256_cts_hmac_sha1,
|
||||
@@ -2602,7 +2600,7 @@ static struct encryption_type *etypes[] = {
|
||||
&enctype_des3_cbc_md5,
|
||||
&enctype_old_des3_cbc_sha1,
|
||||
#endif
|
||||
#ifdef WEAK_ENCTYPES
|
||||
#ifdef HEIM_WEAK_CRYPTO
|
||||
&enctype_des_cbc_crc,
|
||||
&enctype_des_cbc_md4,
|
||||
&enctype_des_cbc_md5,
|
||||
|
Reference in New Issue
Block a user