Make compile for weak crypto global (HEIM_WEAK_CRYPTO) and use it for GSSAPI too

This commit is contained in:
Love Hornquist Astrand
2009-08-17 18:06:42 +02:00
parent 3560c4ed25
commit 88d55a1d06
6 changed files with 43 additions and 10 deletions

View File

@@ -61,6 +61,8 @@ LT_INIT([shared static win32-dll])
AM_CONDITIONAL(ENABLE_SHARED, test "$enable_shared" = "yes")
rk_VERSIONSCRIPT
AC_DEFINE(HEIM_WEAK_CRYPTO, 1, [Define if you want support for weak crypto])
rk_TEST_PACKAGE(openldap,
[#include <lber.h>
#include <ldap.h>],

View File

@@ -33,6 +33,8 @@
#include "gsskrb5_locl.h"
#ifdef HEIM_WEAK_CRYPTO
static OM_uint32
mic_des
(OM_uint32 * minor_status,
@@ -125,6 +127,7 @@ mic_des
*minor_status = 0;
return GSS_S_COMPLETE;
}
#endif
static OM_uint32
mic_des3
@@ -301,8 +304,12 @@ OM_uint32 _gsskrb5_get_mic
switch (keytype) {
case KEYTYPE_DES :
#ifdef HEIM_WEAK_CRYPTO
ret = mic_des (minor_status, ctx, context, qop_req,
message_buffer, message_token, key);
#else
ret = GSS_S_FAILURE;
#endif
break;
case KEYTYPE_DES3 :
ret = mic_des3 (minor_status, ctx, context, qop_req,

View File

@@ -33,6 +33,8 @@
#include "gsskrb5_locl.h"
#ifdef HEIM_WEAK_CRYPTO
static OM_uint32
unwrap_des
(OM_uint32 * minor_status,
@@ -182,6 +184,7 @@ unwrap_des
output_message_buffer->length);
return GSS_S_COMPLETE;
}
#endif
static OM_uint32
unwrap_des3
@@ -416,9 +419,13 @@ OM_uint32 _gsskrb5_unwrap
switch (keytype) {
case KEYTYPE_DES :
#ifdef HEIM_WEAK_CRYPTO
ret = unwrap_des (minor_status, ctx,
input_message_buffer, output_message_buffer,
conf_state, qop_state, key);
#else
ret = GSS_S_FAILURE;
#endif
break;
case KEYTYPE_DES3 :
ret = unwrap_des3 (minor_status, ctx, context,

View File

@@ -33,6 +33,8 @@
#include "gsskrb5_locl.h"
#ifdef HEIM_WEAK_CRYPTO
static OM_uint32
verify_mic_des
(OM_uint32 * minor_status,
@@ -129,6 +131,7 @@ verify_mic_des
return GSS_S_COMPLETE;
}
#endif
static OM_uint32
verify_mic_des3
@@ -296,9 +299,13 @@ _gsskrb5_verify_mic_internal
krb5_enctype_to_keytype (context, key->keytype, &keytype);
switch (keytype) {
case KEYTYPE_DES :
#ifdef HEIM_WEAK_CRYPTO
ret = verify_mic_des (minor_status, ctx, context,
message_buffer, token_buffer, qop_state, key,
type);
#else
ret = GSS_S_FAILURE;
#endif
break;
case KEYTYPE_DES3 :
ret = verify_mic_des3 (minor_status, ctx, context,

View File

@@ -168,7 +168,11 @@ _gsskrb5_wrap_size_limit (
switch (keytype) {
case KEYTYPE_DES :
#ifdef HEIM_WEAK_CRYPTO
ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
#else
ret = GSS_S_FAILURE;
#endif
break;
case KEYTYPE_ARCFOUR:
case KEYTYPE_ARCFOUR_56:
@@ -188,6 +192,8 @@ _gsskrb5_wrap_size_limit (
return ret;
}
#ifdef HEIM_WEAK_CRYPTO
static OM_uint32
wrap_des
(OM_uint32 * minor_status,
@@ -325,6 +331,8 @@ wrap_des
return GSS_S_COMPLETE;
}
#endif
static OM_uint32
wrap_des3
(OM_uint32 * minor_status,
@@ -553,9 +561,13 @@ OM_uint32 _gsskrb5_wrap
switch (keytype) {
case KEYTYPE_DES :
#ifdef HEIM_WEAK_CRYPTO
ret = wrap_des (minor_status, ctx, context, conf_req_flag,
qop_req, input_message_buffer, conf_state,
output_message_buffer, key);
#else
ret = GSS_S_FAILURE;
#endif
break;
case KEYTYPE_DES3 :
ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,

View File

@@ -36,8 +36,6 @@
#include "krb5_locl.h"
#include <pkinit_asn1.h>
#define WEAK_ENCTYPES 1
#ifndef HEIMDAL_SMALLER
#define DES3_OLD_ENCTYPE 1
#endif
@@ -182,7 +180,7 @@ struct evp_schedule {
static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
#ifdef WEAK_ENCTYPES
#ifdef HEIM_WEAK_CRYPTO
static void
krb5_DES_random_key(krb5_context context,
krb5_keyblock *key)
@@ -715,7 +713,7 @@ evp_cleanup(krb5_context context, struct key_data *kd)
*
*/
#ifdef WEAK_ENCTYPES
#ifdef HEIM_WEAK_CRYPTO
static struct salt_type des_salt[] = {
{
KRB5_PW_SALT,
@@ -786,7 +784,7 @@ static struct key_type keytype_null = {
NULL
};
#ifdef WEAK_ENCTYPES
#ifdef HEIM_WEAK_CRYPTO
static struct key_type keytype_des_old = {
KEYTYPE_DES,
"des-old",
@@ -812,7 +810,7 @@ static struct key_type keytype_des = {
evp_cleanup,
EVP_des_cbc
};
#endif /* WEAK_ENCTYPES */
#endif /* HEIM_WEAK_CRYPTO */
#ifdef DES3_OLD_ENCTYPE
static struct key_type keytype_des3 = {
@@ -2056,7 +2054,7 @@ evp_encrypt(krb5_context context,
return 0;
}
#ifdef WEAK_ENCTYPES
#ifdef HEIM_WEAK_CRYPTO
static krb5_error_code
evp_des_encrypt_null_ivec(krb5_context context,
struct key_data *key,
@@ -2505,7 +2503,7 @@ static struct encryption_type enctype_des3_cbc_none = {
0,
NULL
};
#ifdef WEAK_ENCTYPES
#ifdef HEIM_WEAK_CRYPTO
static struct encryption_type enctype_des_cbc_crc = {
ETYPE_DES_CBC_CRC,
"des-cbc-crc",
@@ -2590,7 +2588,7 @@ static struct encryption_type enctype_des_pcbc_none = {
0,
NULL
};
#endif /* WEAK_ENCTYPES */
#endif /* HEIM_WEAK_CRYPTO */
static struct encryption_type *etypes[] = {
&enctype_aes256_cts_hmac_sha1,
@@ -2602,7 +2600,7 @@ static struct encryption_type *etypes[] = {
&enctype_des3_cbc_md5,
&enctype_old_des3_cbc_sha1,
#endif
#ifdef WEAK_ENCTYPES
#ifdef HEIM_WEAK_CRYPTO
&enctype_des_cbc_crc,
&enctype_des_cbc_md4,
&enctype_des_cbc_md5,