After the for loop 'key' cannot have the value -1. The loop
must execute at least once resulting either in the function
returning to the caller or the value of 'key' getting set to
a value other than -1.
Change-Id: Idaf65e3cf3d22a27828ad0dd04650a4f54ba94fc
At the completion of the while loop the value of 'ret' cannot
be zero. The expected value is KRB5_CC_END. Any other value
is an error to return to the caller. If 'ret' is KRB5_CC_END
then return krcc_end_get() result().
Change-Id: Ic2afb5a754e03d521c10a259c53fc70b86b4a132
krb5_get_init_creds_opt_set_change_password_prompt() was being ignored by
krb5_init_creds_step() which broke pam_krb5 tests. MIT doesn't handle password
expiration within krb5_init_creds_step(), instead deferring to higher level
functions such as krb5_get_init_creds_password(). However, Heimdal kinit uses
krb5_init_creds_step() directly and thus requires this behaviour to be
implemented to pass its own tests.
This fixes compilation with -Wstrict-overflow=2.
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
addr_families.c: In function ‘krb5_sockaddr2address’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:851:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr2address (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr2port’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:879:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr2port (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_addr2sockaddr’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:914:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_addr2sockaddr (krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_max_sockaddr_size’:
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for(a = at; a < at + num_addrs; ++a)
^
addr_families.c:950:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_max_sockaddr_size (void)
^
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for(a = at; a < at + num_addrs; ++a)
^
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr_uninteresting’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:974:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr_uninteresting(const struct sockaddr *sa)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr_is_loopback’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:983:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr_is_loopback(const struct sockaddr *sa)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_h_addr2sockaddr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1011:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_h_addr2sockaddr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_h_addr2addr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1042:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_h_addr2addr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_anyaddr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1073:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_anyaddr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_print_address’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1108:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_print_address (const krb5_address *addr,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_address_order’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1238:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_address_order(krb5_context context,
^
addr_families.c:1238:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c: In function ‘krb5_free_address’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1333:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_free_address(krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_copy_address’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1383:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_copy_address(krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_address_prefixlen_boundary’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1537:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_address_prefixlen_boundary(krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
CC libkrb5_la-config_file.lo
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(Similar to Samba commit aa17db1f4061920512396032fcd3c7c8a4a8f38f)
This fixes compilation with -Wstrict-overflow=2
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
config_file.c: In function ‘krb5_config_vget_strings’:
config_file.c:1122:10: warning: assuming signed overflow does not occur when simplifying conditional to constant [-Wstrict-overflow]
while(nstr--)
^
Upstream pull request:
https://github.com/heimdal/heimdal/pull/354
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to Samba commit 72979d1d60ca2eab1e7903c2e77b8cca69667691,
cut down to just the config_file.c and keytab_any.c changes reproduced
above by abartlet)
The size of portstr is too small to print an integer.
Instead just let snprintf do the work.
This fixes building with GCC 7.1
Based on feedback by Jeffrey Altman
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
(Inspired by Samba commit abd74c3ba5e3ee3f5320bff6ed7dff4fbcb79373)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
keytab_any.c: In function ‘any_remove_entry’:
keytab_any.c:241:7: warning: assuming signed overflow does not occur when simplifying conditional to constant [-Wstrict-overflow]
if(!found)
^
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Without this, in an AS-REQ that has no local key for FAST
we would send the AS-REQ again, which can bump the bad
password count on the KDC twice.
So only try again if FAST was actually tried.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
The iovec encryption code doesn't handle 0 length iovecs correctly.
Instead of just skipping them, _krb5_evp_encrypt_iov_cts() will spin
on the 0 length iovec.
Modify the _krb5_evp_iov_cursor_expand helper so that iovec expansion
simply skips 0 length iovecs, and make _krb5_evp_iov_cursor_nextcrypt
do the same.
Original bug report and tests from Andrew Bartlett <abartlet@samba.org>
The struct krb5_context_data field can be passed to plugins
which might not be aware of the new structure layout. To
reduce the risk of data corruption, fields must never be
removed, modified or reordered. Old unused fields are marked
deprecated and new fields are appended to the end of the structure.
This change moves two fields that were added to master which
are not present in Heimdal 7.x:
fe43be8558 added config_include_depth.
5b39bd7c1d added no_ticket_store.
Change-Id: I28b157e128732324972c99b246a93a828bc077c1
Some versions of gcc can't follow the logic in the encryption path
of the _krb5_evp_encrypt_iov_cts code, and believe that it is
possible for the lastpos structure to be used uninitialised.
This isn't actually possible. On entry to the loop, remaining is
guaranteed to be both greater than, and a multiple of blocksize.
In order to exit the loop, remaining must be set to 0. If
cursor.current.length >= remaining, then we set remaining to 0 and
also set lastpos. Otherwise, we calculate the number of whole blocks
in the current iovec, which must be less than remaining, and subtract
that from remaining. Remaining must still be a multiple of and greater
than or equal to blocksize. If remaining == blocksize, we set lastpos,
and set remaining to 0. Otherwise we consume a single block, and go
around again. All of the paths which may set remaining to 0 also
set lastpos, so lastpos must be populated when the loop terminates.
Coverity has a similiar misconception, albeit with ivec2, which is
mistaken for the same reasons.
When we have an underlying iovec encryption function, use iovecs for
checksum-then-encrypt alogrithms in decrypt_iov_ivec, rather than
coalescing iovecs into a single memory buffer.
Add a verify operation for this checksum. If a verify operation isn't
defined, then the verify_checksum code has to dynamically allocate and
free a block of memory for the computed checksum, which can be a
significant overhead when performing bulk data encryption.
Add iovec routines for both padded CBC, and CTS EVP based encryption.
These routines go to great lengths to minimise the number of times
we call EVP_Cipher. With some EVP implementations (such as OpenSSL's
AES-NI) there is a significant entrance and exit overhead from this
routine, due to the use of SIMD vectors for the ivec.
Add a encrypt_iov function pointer to all of our encryption types
which can be used to implement an iovec based encryption routine.
Modify krb5_encrypt_iov so that it calls the iovec based routine
if it is available.
Use the iovec checksum routines in krb5_encrypt_iov_ivec. This
still marshalls all of the iovecs together to perform the encryption
operation, but this change halves the amount of time spent on
data marshalling in this function.
When we decide we need to zero the padding iovec, do so with 0, not
with the length that we've determined.
This had no effect because we zero the padding properly later, but it
should be fixed, so that things still work when the later memset() goes
away.
So that we can eventually use iovec hashes with encrypt, as well
as sign operations, add CRYPTO_TYPE_HEADER and CRYPTO_TYPE_PADDING
to the list of iovecs which will be hashed.
Creating and destroying an EVP_CTX_MD structure with every hash
operation is very expensive. Speed things up by caching one within
the krb5_crypto structure. krb5_crypto can already only be safely
used by one thread at a time - adding a message digest context here
shouldn't introduce any further threading risks.
Users of the stashed context must be careful to ensure that they
call no other hash functions whilst they are in the middle of using
the context.
Instead of flattening the iovecs passed into
krb5_verify_checksum_iov, create a new internal verify_checksum_iov
function which passes iovecs down onto the individual ->verify or
->checksum functions.
_krb5_find_enctype is a moderately expensive operation, as it
does a linear search of the enctype lists. Avoid calling it
in _key_schedule when we already have a key schedule in place.
This change makes the most common check the first in the function.
Rather than flattening the iovecs supplied to
krb5_create_checksum_iov into a malloc()'d memory block, refactor
the function so that they can be passed straight through to the
backend hash functions.
Modify the signature of the checksum operation in the
krb5_checksum_type structure so that it processes iovecs rather than
solid blocks of data.
Update all of the implementations of these functions for all of the
checksum types that we support so that they process iovecs, either
by iterating through the iovec in each function, or by calling
_krb5_evp_digest_iov or _krb5_evp_hmac_iov()
Update callers of these functions so that they turn their single blocks
of data into a single iovec of the correct type before calling checksum
Add a function which will perform an HMAC over a set of iovecs,
using the hcrypto provided HMAC functions.
Join contiguous iovecs together before passing them to the hash
function so we make as few calls into the hash as possible.
depending what's available when you compile for iOS it's possible to
be __APPLE__ and not have CF; actually test for it instead of blythely
assuming it can be used
