oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,468 Commits 2 Branches 2 Tags
f727a4bdfd56590e72996c65df8e67cc45d2dbab
Commit Graph

59 Commits

Author SHA1 Message Date
Benjamin Kaduk
e21866f7a2 GSS unwrap: wipe copy of DES key when done with it 
Zero out the DES_cblock structure instead of the (not yet used at this point
in the function) key schedule.  The contents could potentially be left
on the stack in the case of an error return from _gssapi_verify_pad().
 2018-12-14 06:18:26 -05:00
Benjamin Kaduk
56fe2f8620 Clear DES key (schedule) in unwrap BAD_MIC case 
We generally clear out the cryptographic key and key schedule from
local variables before relinquishing control flow, but this case was
missed.  Reported by jhb@FreeBSD.org.
 2018-09-22 13:25:00 -04:00
Nicolas Williams
774f166e31 First attempt s/\<const gss_.*_t/gss_const_.*_t/g 2013-06-02 15:30:58 -05:00
Love Hörnquist Åstrand
8060a561db switch to KRB5_ENCTYPE 2011-07-24 16:02:22 -07:00
ghudson@MIT.EDU
3c725a465e Initialize zero before using it in unwrap_des(). 
Heimdal since fc702a97f5 (August 2009)
can't process DES wrap tokens unless the stack garbage in the zero
array happens to be all zeros.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-13 21:18:07 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Asanka Herath
5dcc605f6b Fix calling conventions for Windows 2010-08-20 13:14:10 -04:00
Love Hornquist Astrand
f465930be7 switch to EVP_MD_CTX_create() and thus make smaller 2009-08-21 07:16:19 -07:00
Love Hornquist Astrand
88d55a1d06 Make compile for weak crypto global (HEIM_WEAK_CRYPTO) and use it for GSSAPI too 2009-08-17 18:06:42 +02:00
Love Hornquist Astrand
fc702a97f5 switch to use EVP interface instead of old crypto interface 2009-08-17 17:30:59 +02:00
Love Hornquist Astrand
fcfa32b0b9 Use constant time memcmp 2009-08-17 12:04:51 +02:00
Love Hornquist Astrand
639e93d436 switch to use EVP interface instead of old MDX_ style interface 2009-08-17 10:14:24 +02:00
Stefan Metzmacher
0297d047a4 gsskrb5: add support for DCE_STYLE and des and des3 keys 
Only the des keys are tested as windows doesn't support des3

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-04 20:21:20 +02:00
Love Hörnquist Åstrand
c99b2003e2 Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25286 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-22 17:56:41 +00:00
Love Hörnquist Åstrand
269a7a057b flatten include headers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24382 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 00:35:00 +00:00
Love Hörnquist Åstrand
d24b24e07e init content before use coverity #149 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24092 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:58:18 +00:00
Love Hörnquist Åstrand
9586101a49 use the krb5_crypto directly, skipping some per packet calculation, make cfx handling simpler 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24067 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:52:10 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
81d68d4ee2 use DES_set_key_unchecked() 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23112 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-27 18:51:26 +00:00
Love Hörnquist Åstrand
00bcd44370 Switch from using a specific error message context in the TLS to have 
a whole krb5_context in TLS. This have some interestion side-effekts
for the configruration setting options since they operate on
per-thread basis now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19031 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-13 18:02:57 +00:00
Love Hörnquist Åstrand
b391925d80 try new subkey handling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18559 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-18 15:59:33 +00:00
Love Hörnquist Åstrand
dfa6f7b248 reference all include files using krb5/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18334 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 22:16:04 +00:00
Love Hörnquist Åstrand
ee09f98c15 Rename local include file, remove global files. 
Stop exposing global gssapi symbols.
Rename gss_context_id_t and gss_cred_id_t to local names.
Remove SPNEGO code, its now in its own gssapi module.
Add mechglue inquire functions.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:54:04 +00:00
Love Hörnquist Åstrand
0e90681917 Less pointer signedness warnings. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17564 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-13 15:35:54 +00:00
Love Hörnquist Åstrand
d0443e2058 prefix all sequence symbols with _, they are not part of the GSS-API api. By comment from Wynn Wilkes <wynnw@vintela.com> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14989 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-04-27 17:51:27 +00:00
Luke Howard
ebc3e1a658 support KEYTYPE_ARCFOUR_56 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14460 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-01-05 02:52:12 +00:00
Luke Howard
847cb0fa5b use gss_krb5_get_subkey() instead of gss_krb5_get_{local,remote}key() 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14450 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-01-05 02:32:44 +00:00
Love Hörnquist Åstrand
b28cb7da78 mutex buglet, From: Luke Howard <lukeh@PADL.COM> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14098 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-08-07 14:31:52 +00:00
Love Hörnquist Åstrand
1e4a6015a7 support cfx, try to handle acceptor asserted subkey 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13523 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-14 16:38:46 +00:00
Love Hörnquist Åstrand
33efaf1f26 switch from the des_ to the DES_ api 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12752 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-03 09:29:36 +00:00
Love Hörnquist Åstrand
9673c61169 prefix cfx symbols with _gssapi_ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12692 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-08-28 10:54:06 +00:00
Love Hörnquist Åstrand
bdf7544c1b (unwrap_des3): use _gssapi_verify_pad 
(unwrap_des): use _gssapi_verify_pad


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12689 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-08-28 10:24:45 +00:00
Love Hörnquist Åstrand
7911b7e907 hook in arcfour unwrap 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12674 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-08-28 00:07:25 +00:00
Love Hörnquist Åstrand
bb7b50eba4 encap/decap now takes a oid 
if the enctype/keytype is arcfour, return error
add hook for cfx


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12640 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-08-25 20:06:04 +00:00
Love Hörnquist Åstrand
5b4a741593 reorder code so sequence numbers can can be used 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12371 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-06-17 04:08:20 +00:00
Love Hörnquist Åstrand
42f3fc029a - do some basic locking (no reference counting so contexts can be 
removed while still used)
- don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct
- make sure all lifetime are returned in seconds left until expired,
  not in unix epoch


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12317 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-05-21 14:52:14 +00:00
Love Hörnquist Åstrand
cc84c8d575 set minor_status 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11760 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-03-16 17:54:43 +00:00
Johan Danielsson
b553209764 (unwrap_des3): use ETYPE_DES3_CBC_NONE 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11344 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-09-03 17:33:11 +00:00
Jacques A. Vidrine
5d8e2e5a3c In gss_verify_mic and gss_unwrap, initialize the qop_state parameter 
if non-NULL.  We do this prior to calling the encryption-system specific
functions in case some day they set qop_state.

Doug Rabson <dfr@nlsystems.com> encountered this bug while working on
RPCSEC_GSS code from UMich's NFSv4 project.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11015 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-05-20 15:14:00 +00:00
Assar Westerlund
e129105771 handle minor_status more consistently 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10533 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-08-23 04:35:55 +00:00
Assar Westerlund
4449713b87 replace gss_krb5_getsomekey with gss_krb5_get_localkey and 
gss_krb5_get_remotekey


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10100 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-06-18 02:53:52 +00:00
Assar Westerlund
e55eee640b try to return the error string from krb5 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9902 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-05-11 09:16:47 +00:00
Assar Westerlund
11eeed3017 add missing setting of minor_status and failure checks 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-02-18 03:39:09 +00:00
Assar Westerlund
59a594bad4 use the openssl api for md4/md5/sha. handle openssl/*.h 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9559 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-01-29 02:09:01 +00:00
Assar Westerlund
5d542aef42 (unwrap_des3): use the checksum as ivec when encrypting the sequence 
number


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9313 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-12-08 05:05:19 +00:00
Assar Westerlund
8180bca1d4 re-organize and add 3DES code 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9004 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-08-27 04:26:12 +00:00
Assar Westerlund
eba6c2d786 be compatible with libdes's des_cbc_* prototypes 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8856 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-27 10:30:12 +00:00
Assar Westerlund
1799ccfdaf update to pseudo-standard APIs for md4,md5,sha. 
some changes to libdes calls to make them more portable.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7820 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-01-25 23:15:44 +00:00
Johan Danielsson
c5b916ca6f remove advertising clause 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7464 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-02 17:05:13 +00:00