Make compile for weak crypto global (HEIM_WEAK_CRYPTO) and use it for GSSAPI too
This commit is contained in:
Love Hornquist Astrand
@@ -61,6 +61,8 @@ LT_INIT([shared static win32-dll])
|
|||||||
AM_CONDITIONAL(ENABLE_SHARED, test "$enable_shared" = "yes")
|
AM_CONDITIONAL(ENABLE_SHARED, test "$enable_shared" = "yes")
|
||||||
rk_VERSIONSCRIPT
|
rk_VERSIONSCRIPT
|
||||||
|
|
||||||
|
AC_DEFINE(HEIM_WEAK_CRYPTO, 1, [Define if you want support for weak crypto])
|
||||||
|
|
||||||
rk_TEST_PACKAGE(openldap,
|
rk_TEST_PACKAGE(openldap,
|
||||||
[#include <lber.h>
|
[#include <lber.h>
|
||||||
#include <ldap.h>],
|
#include <ldap.h>],
|
||||||
|
|||||||
@@ -33,6 +33,8 @@
|
|||||||
|
|
||||||
#include "gsskrb5_locl.h"
|
#include "gsskrb5_locl.h"
|
||||||
|
|
||||||
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
|
|
||||||
static OM_uint32
|
static OM_uint32
|
||||||
mic_des
|
mic_des
|
||||||
(OM_uint32 * minor_status,
|
(OM_uint32 * minor_status,
|
||||||
@@ -125,6 +127,7 @@ mic_des
|
|||||||
*minor_status = 0;
|
*minor_status = 0;
|
||||||
return GSS_S_COMPLETE;
|
return GSS_S_COMPLETE;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static OM_uint32
|
static OM_uint32
|
||||||
mic_des3
|
mic_des3
|
||||||
@@ -301,8 +304,12 @@ OM_uint32 _gsskrb5_get_mic
|
|||||||
|
|
||||||
switch (keytype) {
|
switch (keytype) {
|
||||||
case KEYTYPE_DES :
|
case KEYTYPE_DES :
|
||||||
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
ret = mic_des (minor_status, ctx, context, qop_req,
|
ret = mic_des (minor_status, ctx, context, qop_req,
|
||||||
message_buffer, message_token, key);
|
message_buffer, message_token, key);
|
||||||
|
#else
|
||||||
|
ret = GSS_S_FAILURE;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case KEYTYPE_DES3 :
|
case KEYTYPE_DES3 :
|
||||||
ret = mic_des3 (minor_status, ctx, context, qop_req,
|
ret = mic_des3 (minor_status, ctx, context, qop_req,
|
||||||
|
|||||||
@@ -33,6 +33,8 @@
|
|||||||
|
|
||||||
#include "gsskrb5_locl.h"
|
#include "gsskrb5_locl.h"
|
||||||
|
|
||||||
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
|
|
||||||
static OM_uint32
|
static OM_uint32
|
||||||
unwrap_des
|
unwrap_des
|
||||||
(OM_uint32 * minor_status,
|
(OM_uint32 * minor_status,
|
||||||
@@ -182,6 +184,7 @@ unwrap_des
|
|||||||
output_message_buffer->length);
|
output_message_buffer->length);
|
||||||
return GSS_S_COMPLETE;
|
return GSS_S_COMPLETE;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static OM_uint32
|
static OM_uint32
|
||||||
unwrap_des3
|
unwrap_des3
|
||||||
@@ -416,9 +419,13 @@ OM_uint32 _gsskrb5_unwrap
|
|||||||
|
|
||||||
switch (keytype) {
|
switch (keytype) {
|
||||||
case KEYTYPE_DES :
|
case KEYTYPE_DES :
|
||||||
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
ret = unwrap_des (minor_status, ctx,
|
ret = unwrap_des (minor_status, ctx,
|
||||||
input_message_buffer, output_message_buffer,
|
input_message_buffer, output_message_buffer,
|
||||||
conf_state, qop_state, key);
|
conf_state, qop_state, key);
|
||||||
|
#else
|
||||||
|
ret = GSS_S_FAILURE;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case KEYTYPE_DES3 :
|
case KEYTYPE_DES3 :
|
||||||
ret = unwrap_des3 (minor_status, ctx, context,
|
ret = unwrap_des3 (minor_status, ctx, context,
|
||||||
|
|||||||
@@ -33,6 +33,8 @@
|
|||||||
|
|
||||||
#include "gsskrb5_locl.h"
|
#include "gsskrb5_locl.h"
|
||||||
|
|
||||||
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
|
|
||||||
static OM_uint32
|
static OM_uint32
|
||||||
verify_mic_des
|
verify_mic_des
|
||||||
(OM_uint32 * minor_status,
|
(OM_uint32 * minor_status,
|
||||||
@@ -129,6 +131,7 @@ verify_mic_des
|
|||||||
|
|
||||||
return GSS_S_COMPLETE;
|
return GSS_S_COMPLETE;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static OM_uint32
|
static OM_uint32
|
||||||
verify_mic_des3
|
verify_mic_des3
|
||||||
@@ -296,9 +299,13 @@ _gsskrb5_verify_mic_internal
|
|||||||
krb5_enctype_to_keytype (context, key->keytype, &keytype);
|
krb5_enctype_to_keytype (context, key->keytype, &keytype);
|
||||||
switch (keytype) {
|
switch (keytype) {
|
||||||
case KEYTYPE_DES :
|
case KEYTYPE_DES :
|
||||||
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
ret = verify_mic_des (minor_status, ctx, context,
|
ret = verify_mic_des (minor_status, ctx, context,
|
||||||
message_buffer, token_buffer, qop_state, key,
|
message_buffer, token_buffer, qop_state, key,
|
||||||
type);
|
type);
|
||||||
|
#else
|
||||||
|
ret = GSS_S_FAILURE;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case KEYTYPE_DES3 :
|
case KEYTYPE_DES3 :
|
||||||
ret = verify_mic_des3 (minor_status, ctx, context,
|
ret = verify_mic_des3 (minor_status, ctx, context,
|
||||||
|
|||||||
@@ -168,7 +168,11 @@ _gsskrb5_wrap_size_limit (
|
|||||||
|
|
||||||
switch (keytype) {
|
switch (keytype) {
|
||||||
case KEYTYPE_DES :
|
case KEYTYPE_DES :
|
||||||
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
|
ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
|
||||||
|
#else
|
||||||
|
ret = GSS_S_FAILURE;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case KEYTYPE_ARCFOUR:
|
case KEYTYPE_ARCFOUR:
|
||||||
case KEYTYPE_ARCFOUR_56:
|
case KEYTYPE_ARCFOUR_56:
|
||||||
@@ -188,6 +192,8 @@ _gsskrb5_wrap_size_limit (
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
|
|
||||||
static OM_uint32
|
static OM_uint32
|
||||||
wrap_des
|
wrap_des
|
||||||
(OM_uint32 * minor_status,
|
(OM_uint32 * minor_status,
|
||||||
@@ -325,6 +331,8 @@ wrap_des
|
|||||||
return GSS_S_COMPLETE;
|
return GSS_S_COMPLETE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
static OM_uint32
|
static OM_uint32
|
||||||
wrap_des3
|
wrap_des3
|
||||||
(OM_uint32 * minor_status,
|
(OM_uint32 * minor_status,
|
||||||
@@ -553,9 +561,13 @@ OM_uint32 _gsskrb5_wrap
|
|||||||
|
|
||||||
switch (keytype) {
|
switch (keytype) {
|
||||||
case KEYTYPE_DES :
|
case KEYTYPE_DES :
|
||||||
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
ret = wrap_des (minor_status, ctx, context, conf_req_flag,
|
ret = wrap_des (minor_status, ctx, context, conf_req_flag,
|
||||||
qop_req, input_message_buffer, conf_state,
|
qop_req, input_message_buffer, conf_state,
|
||||||
output_message_buffer, key);
|
output_message_buffer, key);
|
||||||
|
#else
|
||||||
|
ret = GSS_S_FAILURE;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case KEYTYPE_DES3 :
|
case KEYTYPE_DES3 :
|
||||||
ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
|
ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
|
||||||
|
|||||||
@@ -36,8 +36,6 @@
|
|||||||
#include "krb5_locl.h"
|
#include "krb5_locl.h"
|
||||||
#include <pkinit_asn1.h>
|
#include <pkinit_asn1.h>
|
||||||
|
|
||||||
#define WEAK_ENCTYPES 1
|
|
||||||
|
|
||||||
#ifndef HEIMDAL_SMALLER
|
#ifndef HEIMDAL_SMALLER
|
||||||
#define DES3_OLD_ENCTYPE 1
|
#define DES3_OLD_ENCTYPE 1
|
||||||
#endif
|
#endif
|
||||||
@@ -182,7 +180,7 @@ struct evp_schedule {
|
|||||||
|
|
||||||
static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
|
static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
|
||||||
|
|
||||||
#ifdef WEAK_ENCTYPES
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
static void
|
static void
|
||||||
krb5_DES_random_key(krb5_context context,
|
krb5_DES_random_key(krb5_context context,
|
||||||
krb5_keyblock *key)
|
krb5_keyblock *key)
|
||||||
@@ -715,7 +713,7 @@ evp_cleanup(krb5_context context, struct key_data *kd)
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifdef WEAK_ENCTYPES
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
static struct salt_type des_salt[] = {
|
static struct salt_type des_salt[] = {
|
||||||
{
|
{
|
||||||
KRB5_PW_SALT,
|
KRB5_PW_SALT,
|
||||||
@@ -786,7 +784,7 @@ static struct key_type keytype_null = {
|
|||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
#ifdef WEAK_ENCTYPES
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
static struct key_type keytype_des_old = {
|
static struct key_type keytype_des_old = {
|
||||||
KEYTYPE_DES,
|
KEYTYPE_DES,
|
||||||
"des-old",
|
"des-old",
|
||||||
@@ -812,7 +810,7 @@ static struct key_type keytype_des = {
|
|||||||
evp_cleanup,
|
evp_cleanup,
|
||||||
EVP_des_cbc
|
EVP_des_cbc
|
||||||
};
|
};
|
||||||
#endif /* WEAK_ENCTYPES */
|
#endif /* HEIM_WEAK_CRYPTO */
|
||||||
|
|
||||||
#ifdef DES3_OLD_ENCTYPE
|
#ifdef DES3_OLD_ENCTYPE
|
||||||
static struct key_type keytype_des3 = {
|
static struct key_type keytype_des3 = {
|
||||||
@@ -2056,7 +2054,7 @@ evp_encrypt(krb5_context context,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WEAK_ENCTYPES
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
static krb5_error_code
|
static krb5_error_code
|
||||||
evp_des_encrypt_null_ivec(krb5_context context,
|
evp_des_encrypt_null_ivec(krb5_context context,
|
||||||
struct key_data *key,
|
struct key_data *key,
|
||||||
@@ -2505,7 +2503,7 @@ static struct encryption_type enctype_des3_cbc_none = {
|
|||||||
0,
|
0,
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
#ifdef WEAK_ENCTYPES
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
static struct encryption_type enctype_des_cbc_crc = {
|
static struct encryption_type enctype_des_cbc_crc = {
|
||||||
ETYPE_DES_CBC_CRC,
|
ETYPE_DES_CBC_CRC,
|
||||||
"des-cbc-crc",
|
"des-cbc-crc",
|
||||||
@@ -2590,7 +2588,7 @@ static struct encryption_type enctype_des_pcbc_none = {
|
|||||||
0,
|
0,
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
#endif /* WEAK_ENCTYPES */
|
#endif /* HEIM_WEAK_CRYPTO */
|
||||||
|
|
||||||
static struct encryption_type *etypes[] = {
|
static struct encryption_type *etypes[] = {
|
||||||
&enctype_aes256_cts_hmac_sha1,
|
&enctype_aes256_cts_hmac_sha1,
|
||||||
@@ -2602,7 +2600,7 @@ static struct encryption_type *etypes[] = {
|
|||||||
&enctype_des3_cbc_md5,
|
&enctype_des3_cbc_md5,
|
||||||
&enctype_old_des3_cbc_sha1,
|
&enctype_old_des3_cbc_sha1,
|
||||||
#endif
|
#endif
|
||||||
#ifdef WEAK_ENCTYPES
|
#ifdef HEIM_WEAK_CRYPTO
|
||||||
&enctype_des_cbc_crc,
|
&enctype_des_cbc_crc,
|
||||||
&enctype_des_cbc_md4,
|
&enctype_des_cbc_md4,
|
||||||
&enctype_des_cbc_md5,
|
&enctype_des_cbc_md5,
|
||||||
|
|||||||
Reference in New Issue
Block a user