oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,026 Commits 2 Branches 2 Tags
5dcad4635b548ff6b880ee6ea32c6db41503a19d
Commit Graph

1315 Commits

Author SHA1 Message Date
Nicolas Williams
038ed5ec31 hx509: check Name RDN attribute size bounds 2019-10-07 21:32:00 -05:00
Nicolas Williams
cb2db14ed1 asn1: support DEFAULTed sequence fields 
Prior to this commit the Heimdal ASN.1 compiler supported DEFAULTing
SEQUENCE fields on the encoder side, but not the decoder side, where
ASN1_MISSING_FIELD would inevitably result when fields were defaulted.

This patch adds the missing decode-side support for DEFAULT.
 2019-10-07 21:32:00 -05:00
Nicolas Williams
330ced5b9e asn1: add missing symbols on Windows 2019-10-07 21:32:00 -05:00
Nicolas Williams
d657528e91 asn1: work around OpenSSL conflict 2019-10-07 21:32:00 -05:00
Nicolas Williams
5465b2ddec libasn1: Add OID symbol resolution 
This commit adds functions for finding OIDs by symbolic name, meaning by
their symbolic names given in the ASN.1 modules that define them.

TBD:

 - Resolve OIDs to names.
 - Support a file in /etc for additional OID resolution.
 - Add support for resolving OID arc names.
 2019-10-07 21:32:00 -05:00
Nicolas Williams
6471fcaa54 Move ASN.1 modules from lib/hx509 to lib/asn1 
This will help us generate a directory of OIDs from all the ASN.1
modules in lib/asn1, which will then help us create an hx509 API for
resolving OIDs to/from friendly names, which ultimately will help us
make hxtool more user-friendly.
 2019-10-07 21:32:00 -05:00
Nicolas Williams
120619dbd0 asn1: use rfc2459.opt 2019-10-07 21:32:00 -05:00
Luke Howard
cf940e15f4 krb5: rename constrained-delegatiom to cname-in-addl-tkt 
For consistency with [MS-SFU] rename the constrained-delegation KDC option to
cname-in-addl-tkt (client name in additional ticket).
 2019-06-02 14:44:11 +10:00
Daria Phoebe Brashear
c3e2c048c3 tests: generate test_template_asn1-template.c for testing 
the rule to generate test_template_asn1-template.c from
test_template_asn1-template.x was missing. add it.
 2019-05-15 14:12:28 -04:00
Nicolas Williams
18226819cd ASN.1 compiler: check write errors 2019-01-15 13:21:25 -06:00
Nicolas Williams
a3a8c1e4a4 ASN.1: Support wider bit sets (fix #514) 2019-01-15 13:21:25 -06:00
Jeffrey Altman
dcfcdd00d8 lib/asn1: WIN32 suppress "unreferenced local variable" warning 
the code generated by asn1_compile.exe includes a large number
of unreferenced local variables.  The resulting warnings drown
out other potentially more serious warnings.

This change suppresses the C4101 warnings in the generated
source files.

Change-Id: I17642ff427f457c885b1eb0e62436f3bc9057ee1
 2019-01-14 06:12:36 -05:00
Nicolas Williams
ffc4ac1d8d Fix warnings in ASN.1 template test 2019-01-02 13:56:04 -05:00
Luke Howard
5180a4ed75 asn1: maximum unsigned INTEGER range is 2^63 (#458) 
As ranges are stored as signed 64-bit integers, they will be clamped to 2^63.
Do not use a maximum range of 2^64 in the test suite.
 2018-12-20 12:23:13 +11:00
Chris Lamb
946caad7d0 Correct "extention" typos. 
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from Samba commit afa9bb4ac55d616fe7816e3830bab5e3a51aed7a)
 2018-09-10 14:42:18 -04:00
Nicolas Williams
5a13323b68 Fix Appveyor build: lib/asn1 2017-05-26 23:24:30 -04:00
Nicolas Williams
6a0f45c4d7 Use __attribute__ ((__name__)) form 
Protect against macros named noreturn and so on.
 2017-03-13 18:39:41 -04:00
Nicolas Williams
3e65dfbc32 Fix make dist missing files (#228) 2016-12-15 12:15:56 -06:00
Nicolas Williams
1c81ddf4e2 Round #2 of scan-build warnings cleanup 2016-11-16 17:03:14 -06:00
Viktor Dukhovni
f9749627f0 New test case detects previous template bug 2016-11-09 18:34:24 -05:00
Viktor Dukhovni
9be93ad9ff Fix typo 2016-11-09 11:50:07 -05:00
Viktor Dukhovni
be2527500d Restored check-gen.c inadvertently deleted 2016-11-09 11:40:57 -05:00
Viktor Dukhovni
3d590d651f Reapply incorectly reverted gen_template bugfix 
Without this, template memory allocation is incorrect for nested
sequences, which, as luck would have it, breaks tests on NetBSD
(whose malloc seems to give tighter allocations).

This partly undoes:

    commit 060474df16
    Author: Love Hornquist Astrand <lha@h5l.org>
    Date:   Mon Jun 3 21:45:51 2013 -0700

	quel 64bit warnings, fixup implicit encoding for template,
	fix spelling

Restoring changes from:

    commit 5e081aa4a6
    Author: Viktor Dukhovni <viktor@dukhovni.org>
    Date:   Sun May 27 08:07:28 2012 +0000

	Fix ASN.1 template compiler bug and add test cases more
	likely to trip on similar (structure size/type) errors

For example, without the bugfix, the sizeof(...) argument in multiple
generated nested structure templates is wrong, as seen in the bad vs.
good diff:

    --- test_template_asn1-template.c	2016-11-09 08:23:21.000000000 +0000
    +++ test_template_asn1-template.c	2016-11-09 08:23:40.000000000 +0000
    @@ -593,3 +593,3 @@
     const struct asn1_template asn1_TESTImplicit_tag_ti2_26[] = {
    -/* 0 */ { 0, sizeof(struct TESTImplicit), ((void *)1) },
    +/* 0 */ { 0, sizeof(struct TESTImplicit_ti2), ((void *)1) },
     /* 1 */ { A1_TAG_T(ASN1_C_CONTEXT,CONS,127), offsetof(struct TESTImplicit_ti2, foo), asn1_TESTLargeTag_tag_foo_4 }
    @@ -1618,3 +1618,3 @@
     const struct asn1_template asn1_TESTSeqOf2_tag_strings_68[] = {
    -/* 0 */ { 0, sizeof(struct TESTSeqOf2), ((void *)1) },
    +/* 0 */ { 0, sizeof(struct TESTSeqOf2_strings), ((void *)1) },
     /* 1 */ { A1_OP_SEQOF, 0, asn1_TESTSeqOfSeq2_val_tag_string_60 }
    @@ -1679,3 +1679,3 @@
     const struct asn1_template asn1_TESTSeqOf3_tag_strings_71[] = {
    -/* 0 */ { 0, sizeof(struct TESTSeqOf3), ((void *)1) },
    +/* 0 */ { 0, sizeof(struct TESTSeqOf3_strings), ((void *)1) },
     /* 1 */ { A1_OP_SEQOF, 0, asn1_TESTSeqOfSeq2_val_tag_string_60 }
    @@ -1760,3 +1760,3 @@
     const struct asn1_template asn1_TESTSeqOf4_tag_b1_75[] = {
    -/* 0 */ { 0, sizeof(struct TESTSeqOf4), ((void *)1) },
    +/* 0 */ { 0, sizeof(struct TESTSeqOf4_b1), ((void *)1) },
     /* 1 */ { A1_OP_SEQOF, 0, asn1_TESTSeqOf4_seofTstruct_10 }
    @@ -1765,3 +1765,3 @@
     const struct asn1_template asn1_TESTSeqOf4_tag_b1_74[] = {
    -/* 0 */ { 0, sizeof(struct TESTSeqOf4), ((void *)1) },
    +/* 0 */ { 0, sizeof(struct TESTSeqOf4_b1), ((void *)1) },
     /* 1 */ { A1_TAG_T(ASN1_C_UNIV,CONS,UT_Sequence), 0, asn1_TESTSeqOf4_tag_b1_75 }
    @@ -1801,3 +1801,3 @@
     const struct asn1_template asn1_TESTSeqOf4_tag_b2_79[] = {
    -/* 0 */ { 0, sizeof(struct TESTSeqOf4), ((void *)1) },
    +/* 0 */ { 0, sizeof(struct TESTSeqOf4_b2), ((void *)1) },
     /* 1 */ { A1_OP_SEQOF, 0, asn1_TESTSeqOf4_seofTstruct_11 }
    @@ -1842,3 +1842,3 @@
     const struct asn1_template asn1_TESTSeqOf4_tag_b3_84[] = {
    -/* 0 */ { 0, sizeof(struct TESTSeqOf4), ((void *)1) },
    +/* 0 */ { 0, sizeof(struct TESTSeqOf4_b3), ((void *)1) },
     /* 1 */ { A1_OP_SEQOF, 0, asn1_TESTSeqOf4_seofTstruct_12 }
 2016-11-09 03:33:34 -05:00
Luke Howard
7b720cf61c krb5: implement draft-ietf-kitten-aes-cts-hmac-sha2-07 2016-10-08 08:17:11 +02:00
Jeffrey Altman
6234073499 add missing principal types 
Add the WELLKNOWN and NT-HST-DOMAIN principal types to the nametype
table and asn.1

Change-Id: Ife9c3860f375bac1a06152b0d261c63ec071a763
 2016-07-17 00:44:50 -04:00
Viktor Dukhovni
131c8dd30e Export new ASN1 oid symbols and fix build 
We added some new OID symbols in libasn1, make them public.

When an older Heimdal is already installed and its libraries don't
have some newly created symbols we run into build or test problems,
if libtool decides to use installed rather than just-built libraries.
This was happening with a few of test programs in libhx509.  Fixed.
 2016-05-06 21:09:03 -04:00
Viktor Dukhovni
8078e089f1 Add support for ECDSA w/ SHA-2 signature algs 2016-04-15 10:32:50 -05:00
Nicolas Williams
2b6bc1a7dc asn1_compile: fix null deref bug 2016-02-29 19:13:13 -06:00
Jeffrey Altman
c81572ab5d Windows: Remove *_PA_ClientCanon* from export list 
Change 29f6290fe6 removed the
PA_ClientCanon* ASN.1 functionality but failed to remove the generated
symbols from the Windows export list.

Change-Id: I9a46532ed7d8612fbc597dec9848505d4b440e09
 2015-09-13 20:34:41 -04:00
Stefan Metzmacher
be63a2914a heimdal:krb5.asn1: remove KRB5_PADATA_CLIENT_CANONICALIZED handling 
This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt
and the final rfc6806.txt.

The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-06-17 17:41:27 -05:00
Nicolas Williams
41524590be fixup coverity 1164099 2015-04-19 14:03:59 -05:00
Nicolas Williams
0e524f3acb coverity 1164099 2015-04-18 23:19:25 -05:00
Nicolas Williams
487b6820f6 Revamp name canonicalization code 2015-03-24 11:49:58 -05:00
Jeffrey Altman
902aa4ee02 tests on Windows 
Modify the NTMakefile rules for tests so that a failed test does
not prevent subsequent tests from being executed.

Change-Id: I9595ad4a1527feae7c402241bf06ab21a0b76d4a
 2015-03-21 15:44:48 -04:00
Chaskiel Grundman
86554f5a7f Use correct value for anonymous flags 
The KDC Option and Ticket Flag for the anonymous extension were changed
from 14 to 16 due to a conflict with S4U2Proxy in version 11 of the anonymous
draft (now RFC6112). Fix the definitions
 2014-07-02 20:24:49 -04:00
Jeffrey Altman
a5da5bcb96 asn1: check overflow against SIZE_MAX not +1 
A comparison of (len > len + 1) is permitted to be optimized out
as dead code because it can't be true.  Overflowing is an exceptional
condition that results in undefined behavior.  The correct conditional
is (len == SIZE_MAX) when len is size_t.

Change-Id: Ia5586556a973d9fa5228430c4304ea9792c996bb
 2014-06-20 20:15:13 -04:00
Andrew Bartlett
ccc4302a18 lib/asn1: Add extern to declaration of fuzzer string in gen_locl.h 2014-03-24 23:07:51 -05:00
Love Hörnquist Åstrand
514d4d3ef4 remove extra _ 2014-02-16 21:50:03 -08:00
Love Hörnquist Åstrand
dffccabe31 clean files 2014-02-16 11:50:43 -08:00
Love Hörnquist Åstrand
e507f48d24 more roken rename 2014-02-16 09:15:32 -08:00
Jeffrey Altman
543ca2a93e asn1 check-der use roken 
Rely on roken to determine which random function should be
used.

Rename parameter "rand" to "randbytes" to avoid collision with
functions named "rand()".

Change-Id: Ic07cf149daef1cd568b58277773fbe27aef04f7b
 2013-09-10 22:31:31 -04:00
Love Hornquist Astrand
bee5290cc3 add KERB-ARMOR-SERVICE-REPLY 2013-07-16 15:12:43 +02:00
Jeffrey Altman
ab72ccbab3 Export missing asn1 and hx509 functions on Windows 
der_copy_unsigned64
der_free_unsigned64
der_get_integer64
encode_KDCFastCookie
encode_KDCFastState
free_KDCFastCookie
free_KDCFastState
hx509_revoke_print

Change-Id: I29d96705d1ac811109719b6358dc0932c72e8df8
 2013-06-22 21:17:16 -04:00
Jeffrey Altman
a97c9c9be4 avoid "*/" outside of comment warning on Windows 
Separate the "*" meant to indicate a pointer from "/*" which begins
and end of line comment.

Change-Id: Ib671aace4f493b58ea9d43c11642c7c1896f773f
 2013-06-22 21:17:15 -04:00
Nicolas Williams
f80cc553f8 Make build on Windows 2013-06-21 23:09:44 -05:00
Love Hornquist Astrand
7c77f1842a generate .x files for template too 2013-06-05 20:28:56 -07:00
Love Hornquist Astrand
73e5a50a72 use random() if we don't have arc4random() 2013-06-05 20:21:11 -07:00
Love Hornquist Astrand
ac22078116 add missing files 2013-06-05 20:01:11 -07:00
Love Hornquist Astrand
5201dadb62 argh, add missing \t 2013-06-04 01:03:32 -07:00
Love Hornquist Astrand
c696439942 fix up some more 2013-06-04 00:59:41 -07:00