The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style. This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
There are exceptions from the expected behaviour of 'checksum type
matches key type' that we must deal with here, or else we can't serve
DES-only servers.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
lib/krb5/crypto.c was a large, monolithic block of code which made
it very difficult to selectively enable and disable particular
alogrithms.
Reorganise crypto.c into individual files for each encryption and
salt time, and place the structures which tie everything together
into their own file (crypto-algs.c)
Add a non-installed library (librfc3961) and test program
(test_rfc3961) which builds a minimal rfc3961 crypto library, and
checks that it is usable.
hcrypto: struct x64 doesn't need bitfields
The bitfield specifications on the struct x64 members do not actually do
anything to guarantee/force packing or endian of the members. Removing
them allows the code to compile on certain compilers that do not support
bitfields on 64-bit types.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
When using 64bit constants for initialisation flag them as LL, so
the compiler doesn't try to cast them down to a long, and throw away
information, on 32 bit platforms.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
667ec8eb81 introduced the flag
HX509_CMS_EV_ID_NAME, without defining a value for that flag.
Assign a value using the next available bit.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
