parent
0018db9e38
commit
aec30dcfcb
@ -1,4 +1,4 @@
|
|||||||
From 64a276e3485b7066a3c630d018ca44dabeb7b6c7 Mon Sep 17 00:00:00 2001
|
From ea62d96f5b1e47818ab9f33ad143c4ffb460b3af Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Sat, 15 May 2021 21:18:06 -0400
|
Date: Sat, 15 May 2021 21:18:06 -0400
|
||||||
Subject: [PATCH] Handle OpenSSL 3's providers
|
Subject: [PATCH] Handle OpenSSL 3's providers
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From f135f51b0ec59d320f79cd961411231084364489 Mon Sep 17 00:00:00 2001
|
From a57ebca127a49869296ee2790e28eb37fdd20488 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Wed, 19 May 2021 19:33:34 -0400
|
Date: Wed, 19 May 2021 19:33:34 -0400
|
||||||
Subject: [PATCH] Handle SSL_read changed behavior on server hangup
|
Subject: [PATCH] Handle SSL_read changed behavior on server hangup
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 454a1a84ad161bd892c5b388edac09322c08cd06 Mon Sep 17 00:00:00 2001
|
From d8540c91db499761148ec681eb46a455f0808e22 Mon Sep 17 00:00:00 2001
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
Date: Fri, 4 Oct 2019 14:49:29 -0400
|
Date: Fri, 4 Oct 2019 14:49:29 -0400
|
||||||
Subject: [PATCH] Use OpenSSL's KBKDF and KRB5KDF for deriving long-term keys
|
Subject: [PATCH] Use OpenSSL's KBKDF and KRB5KDF for deriving long-term keys
|
||||||
@ -8,12 +8,13 @@ KRB5KDF (3des and aes-sha1). We already use OpenSSL's PBKDF2 where
|
|||||||
appropriate. OpenSSL added support for these KDFs in 3.0.
|
appropriate. OpenSSL added support for these KDFs in 3.0.
|
||||||
|
|
||||||
(cherry picked from commit ef8d11f6fb1232201c9efd2ae2ed567023fb85d2)
|
(cherry picked from commit ef8d11f6fb1232201c9efd2ae2ed567023fb85d2)
|
||||||
|
[rharwood@redhat.com: 3des removal]
|
||||||
---
|
---
|
||||||
src/lib/crypto/krb/derive.c | 411 ++++++++++++++++++++++++++++--------
|
src/lib/crypto/krb/derive.c | 409 ++++++++++++++++++++++++++++--------
|
||||||
1 file changed, 326 insertions(+), 85 deletions(-)
|
1 file changed, 324 insertions(+), 85 deletions(-)
|
||||||
|
|
||||||
diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c
|
diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c
|
||||||
index 6707a7308..1f07464e0 100644
|
index 6707a7308..8e474b38e 100644
|
||||||
--- a/src/lib/crypto/krb/derive.c
|
--- a/src/lib/crypto/krb/derive.c
|
||||||
+++ b/src/lib/crypto/krb/derive.c
|
+++ b/src/lib/crypto/krb/derive.c
|
||||||
@@ -27,6 +27,12 @@
|
@@ -27,6 +27,12 @@
|
||||||
@ -29,7 +30,7 @@ index 6707a7308..1f07464e0 100644
|
|||||||
static krb5_key
|
static krb5_key
|
||||||
find_cached_dkey(struct derived_key *list, const krb5_data *constant)
|
find_cached_dkey(struct derived_key *list, const krb5_data *constant)
|
||||||
{
|
{
|
||||||
@@ -77,55 +83,253 @@ cleanup:
|
@@ -77,55 +83,251 @@ cleanup:
|
||||||
return ENOMEM;
|
return ENOMEM;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -195,8 +196,6 @@ index 6707a7308..1f07464e0 100644
|
|||||||
+ cipher = "AES-128-CBC";
|
+ cipher = "AES-128-CBC";
|
||||||
+ } else if (!memcmp(enc, &krb5int_enc_aes256, sizeof(*enc))) {
|
+ } else if (!memcmp(enc, &krb5int_enc_aes256, sizeof(*enc))) {
|
||||||
+ cipher = "AES-256-CBC";
|
+ cipher = "AES-256-CBC";
|
||||||
+ } else if (!memcmp(enc, &krb5int_enc_des3, sizeof(*enc))) {
|
|
||||||
+ cipher = "DES-EDE3-CBC";
|
|
||||||
+ } else {
|
+ } else {
|
||||||
+ ret = KRB5_CRYPTO_INTERNAL;
|
+ ret = KRB5_CRYPTO_INTERNAL;
|
||||||
+ goto done;
|
+ goto done;
|
||||||
@ -320,7 +319,7 @@ index 6707a7308..1f07464e0 100644
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -139,9 +343,9 @@ cleanup:
|
@@ -139,9 +341,9 @@ cleanup:
|
||||||
* - Four bytes are used to encode the output length in the PRF input.
|
* - Four bytes are used to encode the output length in the PRF input.
|
||||||
*/
|
*/
|
||||||
static krb5_error_code
|
static krb5_error_code
|
||||||
@ -333,7 +332,7 @@ index 6707a7308..1f07464e0 100644
|
|||||||
{
|
{
|
||||||
size_t blocksize, keybytes, n;
|
size_t blocksize, keybytes, n;
|
||||||
krb5_crypto_iov iov[6];
|
krb5_crypto_iov iov[6];
|
||||||
@@ -204,56 +408,94 @@ cleanup:
|
@@ -204,56 +406,94 @@ cleanup:
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -471,7 +470,7 @@ index 6707a7308..1f07464e0 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
krb5_error_code
|
krb5_error_code
|
||||||
@@ -268,8 +510,7 @@ krb5int_derive_random(const struct krb5_enc_provider *enc,
|
@@ -268,8 +508,7 @@ krb5int_derive_random(const struct krb5_enc_provider *enc,
|
||||||
case DERIVE_RFC3961:
|
case DERIVE_RFC3961:
|
||||||
return derive_random_rfc3961(enc, inkey, outrnd, in_constant);
|
return derive_random_rfc3961(enc, inkey, outrnd, in_constant);
|
||||||
case DERIVE_SP800_108_CMAC:
|
case DERIVE_SP800_108_CMAC:
|
||||||
|
@ -42,7 +42,7 @@
|
|||||||
Summary: The Kerberos network authentication system
|
Summary: The Kerberos network authentication system
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.19.1
|
Version: 1.19.1
|
||||||
Release: %{?zdpd}4%{?dist}
|
Release: %{?zdpd}5%{?dist}
|
||||||
|
|
||||||
# rharwood has trust path to signing key and verifies on check-in
|
# rharwood has trust path to signing key and verifies on check-in
|
||||||
Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz
|
Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz
|
||||||
@ -640,6 +640,10 @@ exit 0
|
|||||||
%{_libdir}/libkadm5srv_mit.so.*
|
%{_libdir}/libkadm5srv_mit.so.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 20 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-5
|
||||||
|
- Fix DES3 mention in KDFs
|
||||||
|
- Resolves: #1955873
|
||||||
|
|
||||||
* Wed May 19 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-4
|
* Wed May 19 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-4
|
||||||
- Port to OpenSSL 3 (alpha 15)
|
- Port to OpenSSL 3 (alpha 15)
|
||||||
- Resolves: #1955873
|
- Resolves: #1955873
|
||||||
|
Loading…
Reference in New Issue
Block a user