diff --git a/.gitignore b/.gitignore index f9809d6..045d4b9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/krb5-1.17-pdfs.tar -SOURCES/krb5-1.17.tar.gz +SOURCES/krb5-1.18.2-pdfs.tar +SOURCES/krb5-1.18.2.tar.gz diff --git a/.krb5.metadata b/.krb5.metadata index 5858b94..d1787a9 100644 --- a/.krb5.metadata +++ b/.krb5.metadata @@ -1,2 +1,2 @@ -494c62bea08e5d26e01d47c409ac745b65e509c8 SOURCES/krb5-1.17-pdfs.tar -0c404b081db9c996c581f636ce450ee28778f338 SOURCES/krb5-1.17.tar.gz +db930a6653503c36027a4f65d761f8838c7636ae SOURCES/krb5-1.18.2-pdfs.tar +547c4e4afa06dd39c888a9ee89397ec3c3425c90 SOURCES/krb5-1.18.2.tar.gz diff --git a/SOURCES/Add-channel-bindings-tests.patch b/SOURCES/Add-channel-bindings-tests.patch new file mode 100644 index 0000000..92c803d --- /dev/null +++ b/SOURCES/Add-channel-bindings-tests.patch @@ -0,0 +1,420 @@ +From 6af3fd382e99a9724413929af7eee7c86326ffd9 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris +Date: Fri, 20 Mar 2020 00:17:28 +0100 +Subject: [PATCH] Add channel bindings tests + +[ghudson@mit.edu: adjusted test program to output channel-bound state +instead of optionally enforcing it; adjusted tests to check program +output; split out tests into separate Python script; made cosmetic +changes] + +ticket: 8900 +(cherry picked from commit b0b21b6d25b06f3e2b365dfe9dd4c99b3d43bf57) +[rharwood@redhat.com: .gitignore] +(cherry picked from commit 3e92520c1417f22447751cd9172d5ab30c2e0ad8) +--- + src/plugins/gssapi/negoextest/main.c | 18 +++++ + src/tests/gssapi/Makefile.in | 49 ++++++------ + src/tests/gssapi/common.c | 25 ++++-- + src/tests/gssapi/common.h | 9 +++ + src/tests/gssapi/deps | 4 + + src/tests/gssapi/t_bindings.c | 111 +++++++++++++++++++++++++++ + src/tests/gssapi/t_bindings.py | 43 +++++++++++ + src/tests/gssapi/t_negoex.py | 7 ++ + 8 files changed, 237 insertions(+), 29 deletions(-) + create mode 100644 src/tests/gssapi/t_bindings.c + create mode 100644 src/tests/gssapi/t_bindings.py + +diff --git a/src/plugins/gssapi/negoextest/main.c b/src/plugins/gssapi/negoextest/main.c +index 6c340f41b..72fc5273a 100644 +--- a/src/plugins/gssapi/negoextest/main.c ++++ b/src/plugins/gssapi/negoextest/main.c +@@ -57,6 +57,15 @@ gss_init_sec_context(OM_uint32 *minor_status, + const char *envstr; + uint8_t hops, mech_last_octet; + ++ envstr = getenv("GSS_INIT_BINDING"); ++ if (envstr != NULL) { ++ assert(strlen(envstr) > 0); ++ assert(input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS); ++ assert(strlen(envstr) == input_chan_bindings->application_data.length); ++ assert(strcmp((char *)input_chan_bindings->application_data.value, ++ envstr) == 0); ++ } ++ + if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) { + envstr = getenv("HOPS"); + hops = (envstr != NULL) ? atoi(envstr) : 1; +@@ -112,6 +121,15 @@ gss_accept_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, + uint8_t hops, mech_last_octet; + const char *envstr; + ++ envstr = getenv("GSS_ACCEPT_BINDING"); ++ if (envstr != NULL) { ++ assert(strlen(envstr) > 0); ++ assert(input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS); ++ assert(strlen(envstr) == input_chan_bindings->application_data.length); ++ assert(strcmp((char *)input_chan_bindings->application_data.value, ++ envstr) == 0); ++ } ++ + /* + * The unwrapped token sits at the end and is just one byte giving the + * remaining number of hops. The final octet of the mech encoding should +diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in +index 5cc1e0f58..68c132b79 100644 +--- a/src/tests/gssapi/Makefile.in ++++ b/src/tests/gssapi/Makefile.in +@@ -9,33 +9,33 @@ LOCALINCLUDES = -I$(srcdir)/../../lib/gssapi/mechglue \ + -I../../lib/gssapi/generic + + SRCS= $(srcdir)/ccinit.c $(srcdir)/ccrefresh.c $(srcdir)/common.c \ +- $(srcdir)/t_accname.c $(srcdir)/t_add_cred.c $(srcdir)/t_ccselect.c \ +- $(srcdir)/t_ciflags.c $(srcdir)/t_context.c $(srcdir)/t_credstore.c \ +- $(srcdir)/t_enctypes.c $(srcdir)/t_err.c $(srcdir)/t_export_cred.c \ +- $(srcdir)/t_export_name.c $(srcdir)/t_gssexts.c \ +- $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c $(srcdir)/t_invalid.c \ +- $(srcdir)/t_inq_cred.c $(srcdir)/t_inq_ctx.c \ ++ $(srcdir)/t_accname.c $(srcdir)/t_add_cred.c $(srcdir)/t_bindings.c \ ++ $(srcdir)/t_ccselect.c $(srcdir)/t_ciflags.c $(srcdir)/t_context.c \ ++ $(srcdir)/t_credstore.c $(srcdir)/t_enctypes.c $(srcdir)/t_err.c \ ++ $(srcdir)/t_export_cred.c $(srcdir)/t_export_name.c \ ++ $(srcdir)/t_gssexts.c $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c \ ++ $(srcdir)/t_invalid.c $(srcdir)/t_inq_cred.c $(srcdir)/t_inq_ctx.c \ + $(srcdir)/t_inq_mechs_name.c $(srcdir)/t_iov.c \ + $(srcdir)/t_lifetime.c $(srcdir)/t_namingexts.c $(srcdir)/t_oid.c \ + $(srcdir)/t_pcontok.c $(srcdir)/t_prf.c $(srcdir)/t_s4u.c \ + $(srcdir)/t_s4u2proxy_krb5.c $(srcdir)/t_saslname.c \ + $(srcdir)/t_spnego.c $(srcdir)/t_srcattrs.c + +-OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_add_cred.o t_ccselect.o \ +- t_ciflags.o t_context.o t_credstore.o t_enctypes.o t_err.o \ +- t_export_cred.o t_export_name.o t_gssexts.o t_imp_cred.o t_imp_name.o \ +- t_invalid.o t_inq_cred.o t_inq_ctx.o t_inq_mechs_name.o t_iov.o \ +- t_lifetime.o t_namingexts.o t_oid.o t_pcontok.o t_prf.o t_s4u.o \ +- t_s4u2proxy_krb5.o t_saslname.o t_spnego.o t_srcattrs.o ++OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_add_cred.o t_bindings.o \ ++ t_ccselect.o t_ciflags.o t_context.o t_credstore.o t_enctypes.o \ ++ t_err.o t_export_cred.o t_export_name.o t_gssexts.o t_imp_cred.o \ ++ t_imp_name.o t_invalid.o t_inq_cred.o t_inq_ctx.o t_inq_mechs_name.o \ ++ t_iov.o t_lifetime.o t_namingexts.o t_oid.o t_pcontok.o t_prf.o \ ++ t_s4u.o t_s4u2proxy_krb5.o t_saslname.o t_spnego.o t_srcattrs.o + + COMMON_DEPS= common.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS) + COMMON_LIBS= common.o $(GSS_LIBS) $(KRB5_BASE_LIBS) + +-all: ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags t_context \ +- t_credstore t_enctypes t_err t_export_cred t_export_name t_gssexts \ +- t_imp_cred t_imp_name t_invalid t_inq_cred t_inq_ctx t_inq_mechs_name \ +- t_iov t_lifetime t_namingexts t_oid t_pcontok t_prf t_s4u \ +- t_s4u2proxy_krb5 t_saslname t_spnego t_srcattrs ++all: ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect t_ciflags \ ++ t_context t_credstore t_enctypes t_err t_export_cred t_export_name \ ++ t_gssexts t_imp_cred t_imp_name t_invalid t_inq_cred t_inq_ctx \ ++ t_inq_mechs_name t_iov t_lifetime t_namingexts t_oid t_pcontok t_prf \ ++ t_s4u t_s4u2proxy_krb5 t_saslname t_spnego t_srcattrs + + check-unix: t_oid + $(RUN_TEST) ./t_invalid +@@ -43,11 +43,12 @@ check-unix: t_oid + $(RUN_TEST) ./t_prf + $(RUN_TEST) ./t_imp_name + +-check-pytests: ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags \ +- t_context t_credstore t_enctypes t_err t_export_cred t_export_name \ +- t_imp_cred t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime \ +- t_pcontok t_s4u t_s4u2proxy_krb5 t_spnego t_srcattrs ++check-pytests: ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect \ ++ t_ciflags t_context t_credstore t_enctypes t_err t_export_cred \ ++ t_export_name t_imp_cred t_inq_cred t_inq_ctx t_inq_mechs_name t_iov \ ++ t_lifetime t_pcontok t_s4u t_s4u2proxy_krb5 t_spnego t_srcattrs + $(RUNPYTEST) $(srcdir)/t_gssapi.py $(PYTESTFLAGS) ++ $(RUNPYTEST) $(srcdir)/t_bindings.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_ccselect.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_client_keytab.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_enctypes.py $(PYTESTFLAGS) +@@ -64,6 +65,8 @@ t_accname: t_accname.o $(COMMON_DEPS) + $(CC_LINK) -o $@ t_accname.o $(COMMON_LIBS) + t_add_cred: t_add_cred.o $(COMMON_DEPS) + $(CC_LINK) -o $@ t_add_cred.o $(COMMON_LIBS) ++t_bindings: t_bindings.o $(COMMON_DEPS) ++ $(CC_LINK) -o $@ t_bindings.o $(COMMON_LIBS) + t_ccselect: t_ccselect.o $(COMMON_DEPS) + $(CC_LINK) -o $@ t_ccselect.o $(COMMON_LIBS) + t_ciflags: t_ciflags.o $(COMMON_DEPS) +@@ -118,8 +121,8 @@ t_srcattrs: t_srcattrs.o $(COMMON_DEPS) + $(CC_LINK) -o $@ t_srcattrs.o $(COMMON_LIBS) + + clean: +- $(RM) ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags +- $(RM) t_context t_credstore t_enctypes t_err t_export_cred ++ $(RM) ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect ++ $(RM) t_ciflags t_context t_credstore t_enctypes t_err t_export_cred + $(RM) t_export_name t_gssexts t_imp_cred t_imp_name t_invalid + $(RM) t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime + $(RM) t_namingexts t_oid t_pcontok t_prf t_s4u t_s4u2proxy_krb5 +diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c +index 83e9d9bb8..7ba72f7b2 100644 +--- a/src/tests/gssapi/common.c ++++ b/src/tests/gssapi/common.c +@@ -115,6 +115,20 @@ establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, + gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx, + gss_ctx_id_t *actx, gss_name_t *src_name, gss_OID *amech, + gss_cred_id_t *deleg_cred) ++{ ++ return establish_contexts_ex(imech, icred, acred, tname, flags, ictx, actx, ++ GSS_C_NO_CHANNEL_BINDINGS, ++ GSS_C_NO_CHANNEL_BINDINGS, NULL, src_name, ++ amech, deleg_cred); ++} ++ ++void ++establish_contexts_ex(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, ++ gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx, ++ gss_ctx_id_t *actx, gss_channel_bindings_t icb, ++ gss_channel_bindings_t acb, OM_uint32 *aret_flags, ++ gss_name_t *src_name, gss_OID *amech, ++ gss_cred_id_t *deleg_cred) + { + OM_uint32 minor, imaj, amaj; + gss_buffer_desc itok, atok; +@@ -126,17 +140,16 @@ establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, + for (;;) { + (void)gss_release_buffer(&minor, &itok); + imaj = gss_init_sec_context(&minor, icred, ictx, tname, imech, flags, +- GSS_C_INDEFINITE, +- GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL, +- &itok, NULL, NULL); ++ GSS_C_INDEFINITE, icb, &atok, NULL, &itok, ++ NULL, NULL); + check_gsserr("gss_init_sec_context", imaj, minor); + if (amaj == GSS_S_COMPLETE) + break; + + (void)gss_release_buffer(&minor, &atok); +- amaj = gss_accept_sec_context(&minor, actx, acred, &itok, +- GSS_C_NO_CHANNEL_BINDINGS, src_name, +- amech, &atok, NULL, NULL, deleg_cred); ++ amaj = gss_accept_sec_context(&minor, actx, acred, &itok, acb, ++ src_name, amech, &atok, aret_flags, NULL, ++ deleg_cred); + check_gsserr("gss_accept_sec_context", amaj, minor); + (void)gss_release_buffer(&minor, &itok); + if (imaj == GSS_S_COMPLETE) +diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h +index ae11b51d4..a5c8f87e6 100644 +--- a/src/tests/gssapi/common.h ++++ b/src/tests/gssapi/common.h +@@ -62,6 +62,15 @@ void establish_contexts(gss_OID imech, gss_cred_id_t icred, + gss_name_t *src_name, gss_OID *amech, + gss_cred_id_t *deleg_cred); + ++/* Establish contexts with channel bindings. */ ++void establish_contexts_ex(gss_OID imech, gss_cred_id_t icred, ++ gss_cred_id_t acred, gss_name_t tname, ++ OM_uint32 flags, gss_ctx_id_t *ictx, ++ gss_ctx_id_t *actx, gss_channel_bindings_t icb, ++ gss_channel_bindings_t acb, OM_uint32 *aret_flags, ++ gss_name_t *src_name, gss_OID *amech, ++ gss_cred_id_t *deleg_cred); ++ + /* Export *cred to a token, then release *cred and replace it by re-importing + * the token. */ + void export_import_cred(gss_cred_id_t *cred); +diff --git a/src/tests/gssapi/deps b/src/tests/gssapi/deps +index acd0e96f8..73e4d9a74 100644 +--- a/src/tests/gssapi/deps ++++ b/src/tests/gssapi/deps +@@ -33,6 +33,10 @@ $(OUTPRE)t_add_cred.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ + common.h t_add_cred.c ++$(OUTPRE)t_bindings.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ ++ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ ++ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ ++ common.h t_bindings.c + $(OUTPRE)t_ccselect.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ +diff --git a/src/tests/gssapi/t_bindings.c b/src/tests/gssapi/t_bindings.c +new file mode 100644 +index 000000000..e8906715b +--- /dev/null ++++ b/src/tests/gssapi/t_bindings.c +@@ -0,0 +1,111 @@ ++/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ ++/* ++ * Copyright (C) 2020 by Red Hat, Inc. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ++ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include ++#include ++#include ++ ++#include "common.h" ++ ++/* ++ * Establish contexts (without and with GSS_C_DCE_STYLE) with the default ++ * initiator name, a specified principal name as target name, initiator ++ * bindings, and acceptor bindings. If any call is unsuccessful, display an ++ * error message. Output "yes" or "no" to indicate whether the contexts were ++ * reported as channel-bound on the acceptor. Exit with status 0 if all ++ * operations are successful, or 1 if not. ++ * ++ * Usage: ./t_bindings [-s] targetname icb acb ++ * ++ * An icb or abc value of "-" will not specify channel bindings. ++ */ ++ ++int ++main(int argc, char *argv[]) ++{ ++ OM_uint32 minor, flags1, flags2; ++ gss_name_t target_name; ++ gss_ctx_id_t ictx, actx; ++ struct gss_channel_bindings_struct icb_data = {0}, acb_data = {0}; ++ gss_channel_bindings_t icb = GSS_C_NO_CHANNEL_BINDINGS; ++ gss_channel_bindings_t acb = GSS_C_NO_CHANNEL_BINDINGS; ++ gss_OID_desc *mech; ++ ++ argv++; ++ argc--; ++ if (*argv != NULL && strcmp(*argv, "-s") == 0) { ++ mech = &mech_spnego; ++ argv++; ++ argc--; ++ } else { ++ mech = &mech_krb5; ++ } ++ ++ if (argc != 3) { ++ fprintf(stderr, "Usage: t_bindings [-s] targetname icb acb\n"); ++ return 1; ++ } ++ ++ target_name = import_name(argv[0]); ++ ++ if (strcmp(argv[1], "-") != 0) { ++ icb_data.application_data.length = strlen(argv[1]); ++ icb_data.application_data.value = argv[1]; ++ icb = &icb_data; ++ } ++ ++ if (strcmp(argv[2], "-") != 0) { ++ acb_data.application_data.length = strlen(argv[2]); ++ acb_data.application_data.value = argv[2]; ++ acb = &acb_data; ++ } ++ ++ establish_contexts_ex(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, ++ target_name, 0, &ictx, &actx, icb, acb, &flags1, ++ NULL, NULL, NULL); ++ ++ /* Try again with GSS_C_DCE_STYLE */ ++ (void)gss_delete_sec_context(&minor, &ictx, NULL); ++ (void)gss_delete_sec_context(&minor, &actx, NULL); ++ ++ establish_contexts_ex(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, ++ target_name, GSS_C_DCE_STYLE, &ictx, &actx, icb, acb, ++ &flags2, NULL, NULL, NULL); ++ assert((flags1 & GSS_C_CHANNEL_BOUND_FLAG) == ++ (flags2 & GSS_C_CHANNEL_BOUND_FLAG)); ++ printf("%s\n", (flags1 & GSS_C_CHANNEL_BOUND_FLAG) ? "yes" : "no"); ++ ++ (void)gss_delete_sec_context(&minor, &ictx, NULL); ++ (void)gss_delete_sec_context(&minor, &actx, NULL); ++ (void)gss_release_name(&minor, &target_name); ++ ++ return 0; ++} +diff --git a/src/tests/gssapi/t_bindings.py b/src/tests/gssapi/t_bindings.py +new file mode 100644 +index 000000000..f377977b6 +--- /dev/null ++++ b/src/tests/gssapi/t_bindings.py +@@ -0,0 +1,43 @@ ++from k5test import * ++ ++realm = K5Realm() ++server = 'p:' + realm.host_princ ++ ++mark('krb5 channel bindings') ++realm.run(['./t_bindings', server, '-', '-'], expected_msg='no') ++realm.run(['./t_bindings', server, 'a', '-'], expected_msg='no') ++realm.run(['./t_bindings', server, 'a', 'a'], expected_msg='yes') ++realm.run(['./t_bindings', server, '-', 'a'], expected_msg='no') ++realm.run(['./t_bindings', server, 'a', 'x'], ++ expected_code=1, expected_msg='Incorrect channel bindings') ++ ++mark('SPNEGO channel bindings') ++realm.run(['./t_bindings', '-s', server, '-', '-'], expected_msg='no') ++realm.run(['./t_bindings', '-s', server, 'a', '-'], expected_msg='no') ++realm.run(['./t_bindings', '-s', server, 'a', 'a'], expected_msg='yes') ++realm.run(['./t_bindings', '-s', server, '-', 'a'], expected_msg='no') ++realm.run(['./t_bindings', '-s', server, 'a', 'x'], ++ expected_code=1, expected_msg='Incorrect channel bindings') ++ ++client_aware_conf = {'libdefaults': {'client_aware_channel_bindings': 'true'}} ++e = realm.special_env('cb_aware', False, krb5_conf=client_aware_conf) ++ ++mark('krb5 client_aware_channel_bindings') ++realm.run(['./t_bindings', server, '-', '-'], env=e, expected_msg='no') ++realm.run(['./t_bindings', server, 'a', '-'], env=e, expected_msg='no') ++realm.run(['./t_bindings', server, 'a', 'a'], env=e, expected_msg='yes') ++realm.run(['./t_bindings', server, '-', 'a'], env=e, ++ expected_code=1, expected_msg='Incorrect channel bindings') ++realm.run(['./t_bindings', server, 'a', 'x'], env=e, ++ expected_code=1, expected_msg='Incorrect channel bindings') ++ ++mark('SPNEGO client_aware_channel_bindings') ++realm.run(['./t_bindings', '-s', server, '-', '-'], env=e, expected_msg='no') ++realm.run(['./t_bindings', '-s', server, 'a', '-'], env=e, expected_msg='no') ++realm.run(['./t_bindings', '-s', server, 'a', 'a'], env=e, expected_msg='yes') ++realm.run(['./t_bindings', '-s', server, '-', 'a'], env=e, ++ expected_code=1, expected_msg='Incorrect channel bindings') ++realm.run(['./t_bindings', '-s', server, 'a', 'x'], env=e, ++ expected_code=1, expected_msg='Incorrect channel bindings') ++ ++success('channel bindings tests') +diff --git a/src/tests/gssapi/t_negoex.py b/src/tests/gssapi/t_negoex.py +index 88470d2fa..a218899c4 100644 +--- a/src/tests/gssapi/t_negoex.py ++++ b/src/tests/gssapi/t_negoex.py +@@ -139,4 +139,11 @@ msgs = ('sending [3]AP_REQUEST', 'sending [7]CHALLENGE', 'sending [8]VERIFY', + 'sending [11]CHALLENGE', 'sending [12]VERIFY', 'sending [13]VERIFY') + test({'HOPS': '4', 'KEY': 'accept-always'}, expected_trace=()) + ++mark('channel bindings') ++e = realm.env.copy() ++e.update({'HOPS': '1', 'GSS_INIT_BINDING': 'a', 'GSS_ACCEPT_BINDING': 'b'}) ++# The test mech will verify that the bindings are communicated to the ++# mech, but does not set the channel-bound flag. ++realm.run(['./t_bindings', '-s', 'h:host', 'a', 'b'], env=e, expected_msg='no') ++ + success('NegoEx tests') diff --git a/SOURCES/Add-client_aware_channel_bindings-option.patch b/SOURCES/Add-client_aware_channel_bindings-option.patch new file mode 100644 index 0000000..b8faf33 --- /dev/null +++ b/SOURCES/Add-client_aware_channel_bindings-option.patch @@ -0,0 +1,265 @@ +From fe50c57f6428d7512868663bd226bdc9007148a9 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris +Date: Tue, 10 Mar 2020 13:13:17 +0100 +Subject: [PATCH] Add client_aware_channel_bindings option + +Add client support for KERB_AP_OPTIONS_CBT in the form of a profile +option "client_aware_gss_bindings". Adjust the make_etype_list() +helper so that enctype negotiation and AP_OPTIONS can be included in +the same IF-RELEVANT wrapper. + +[ghudson@mit.edu: refactored; edited documentation; wrote commit +message] + +ticket: 8900 +(cherry picked from commit 225e6ef7f021cd1a8ef2a054af0ca58b7288fd81) +(cherry picked from commit 2a08fe3d2d1972df4ffe37d4bb64b161889ff988) +--- + doc/admin/conf_files/krb5_conf.rst | 6 + + src/include/k5-int.h | 1 + + src/lib/krb5/krb/mk_req_ext.c | 177 +++++++++++++++-------------- + 3 files changed, 98 insertions(+), 86 deletions(-) + +diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst +index 1d2aa7f68..1d8ffc1e4 100644 +--- a/doc/admin/conf_files/krb5_conf.rst ++++ b/doc/admin/conf_files/krb5_conf.rst +@@ -383,6 +383,12 @@ The libdefaults section may contain any of the following relations: + credentials will fail if the client machine does not have a + keytab. The default value is false. + ++**client_aware_channel_bindings** ++ If this flag is true, then all application protocol authentication ++ requests will be flagged to indicate that the application supports ++ channel bindings when operating over a secure channel. The ++ default value is false. ++ + .. _realms: + + [realms] +diff --git a/src/include/k5-int.h b/src/include/k5-int.h +index 0d9af3d95..eb18a4cd6 100644 +--- a/src/include/k5-int.h ++++ b/src/include/k5-int.h +@@ -299,6 +299,7 @@ typedef unsigned char u_char; + #define KRB5_CONF_V4_INSTANCE_CONVERT "v4_instance_convert" + #define KRB5_CONF_V4_REALM "v4_realm" + #define KRB5_CONF_VERIFY_AP_REQ_NOFAIL "verify_ap_req_nofail" ++#define KRB5_CONF_CLIENT_AWARE_GSS_BINDINGS "client_aware_channel_bindings" + + /* Cache configuration variables */ + #define KRB5_CC_CONF_FAST_AVAIL "fast_avail" +diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c +index 9fc6a0e52..08504860c 100644 +--- a/src/lib/krb5/krb/mk_req_ext.c ++++ b/src/lib/krb5/krb/mk_req_ext.c +@@ -68,10 +68,9 @@ + */ + + static krb5_error_code +-make_etype_list(krb5_context context, +- krb5_enctype *desired_etypes, +- krb5_enctype tkt_enctype, +- krb5_authdata ***authdata); ++make_ap_authdata(krb5_context context, krb5_enctype *desired_enctypes, ++ krb5_enctype tkt_enctype, krb5_boolean client_aware_cb, ++ krb5_authdata ***authdata_out); + + static krb5_error_code + generate_authenticator(krb5_context, +@@ -263,7 +262,8 @@ generate_authenticator(krb5_context context, krb5_authenticator *authent, + krb5_enctype tkt_enctype) + { + krb5_error_code retval; +- krb5_authdata **ext_authdata = NULL; ++ krb5_authdata **ext_authdata = NULL, **ap_authdata, **combined; ++ int client_aware_cb; + + authent->client = client; + authent->checksum = cksum; +@@ -297,99 +297,104 @@ generate_authenticator(krb5_context context, krb5_authenticator *authent, + krb5_free_authdata(context, ext_authdata); + } + +- /* Only send EtypeList if we prefer another enctype to tkt_enctype */ +- if (desired_etypes != NULL && desired_etypes[0] != tkt_enctype) { +- TRACE_MK_REQ_ETYPES(context, desired_etypes); +- retval = make_etype_list(context, desired_etypes, tkt_enctype, +- &authent->authorization_data); ++ retval = profile_get_boolean(context->profile, KRB5_CONF_LIBDEFAULTS, ++ KRB5_CONF_CLIENT_AWARE_GSS_BINDINGS, NULL, ++ FALSE, &client_aware_cb); ++ if (retval) ++ return retval; ++ ++ /* Add etype negotiation or channel-binding awareness authdata to the ++ * front, if appropriate. */ ++ retval = make_ap_authdata(context, desired_etypes, tkt_enctype, ++ client_aware_cb, &ap_authdata); ++ if (retval) ++ return retval; ++ if (ap_authdata != NULL) { ++ retval = krb5_merge_authdata(context, ap_authdata, ++ authent->authorization_data, &combined); ++ krb5_free_authdata(context, ap_authdata); + if (retval) + return retval; ++ krb5_free_authdata(context, authent->authorization_data); ++ authent->authorization_data = combined; + } + + return(krb5_us_timeofday(context, &authent->ctime, &authent->cusec)); + } + +-/* RFC 4537 */ ++/* Set *out to a DER-encoded RFC 4537 etype list, or to NULL if no etype list ++ * should be sent. */ + static krb5_error_code +-make_etype_list(krb5_context context, +- krb5_enctype *desired_etypes, +- krb5_enctype tkt_enctype, +- krb5_authdata ***authdata) ++make_etype_list(krb5_context context, krb5_enctype *desired_enctypes, ++ krb5_enctype tkt_enctype, krb5_data **out) + { +- krb5_error_code code; +- krb5_etype_list etypes; +- krb5_data *enc_etype_list; +- krb5_data *ad_if_relevant; +- krb5_authdata *etype_adata[2], etype_adatum, **adata; +- int i; ++ krb5_etype_list etlist; ++ int count; + +- etypes.etypes = desired_etypes; ++ *out = NULL; + +- for (etypes.length = 0; +- etypes.etypes[etypes.length] != ENCTYPE_NULL; +- etypes.length++) +- { +- /* +- * RFC 4537: +- * +- * If the enctype of the ticket session key is included in the enctype +- * list sent by the client, it SHOULD be the last on the list; +- */ +- if (etypes.length && etypes.etypes[etypes.length - 1] == tkt_enctype) ++ /* Only send a list if we prefer another enctype to tkt_enctype. */ ++ if (desired_enctypes == NULL || desired_enctypes[0] == tkt_enctype) ++ return 0; ++ ++ /* Count elements of desired_etypes, stopping at tkt_enctypes if present. ++ * (Per RFC 4537, it must be the last option if it is included.) */ ++ for (count = 0; desired_enctypes[count] != ENCTYPE_NULL; count++) { ++ if (count > 0 && desired_enctypes[count - 1] == tkt_enctype) + break; + } + +- code = encode_krb5_etype_list(&etypes, &enc_etype_list); +- if (code) { +- return code; +- } +- +- etype_adatum.magic = KV5M_AUTHDATA; +- etype_adatum.ad_type = KRB5_AUTHDATA_ETYPE_NEGOTIATION; +- etype_adatum.length = enc_etype_list->length; +- etype_adatum.contents = (krb5_octet *)enc_etype_list->data; +- +- etype_adata[0] = &etype_adatum; +- etype_adata[1] = NULL; +- +- /* Wrap in AD-IF-RELEVANT container */ +- code = encode_krb5_authdata(etype_adata, &ad_if_relevant); +- if (code) { +- krb5_free_data(context, enc_etype_list); +- return code; +- } +- +- krb5_free_data(context, enc_etype_list); +- +- adata = *authdata; +- if (adata == NULL) { +- adata = (krb5_authdata **)calloc(2, sizeof(krb5_authdata *)); +- i = 0; +- } else { +- for (i = 0; adata[i] != NULL; i++) +- ; +- +- adata = (krb5_authdata **)realloc(*authdata, +- (i + 2) * sizeof(krb5_authdata *)); +- } +- if (adata == NULL) { +- krb5_free_data(context, ad_if_relevant); +- return ENOMEM; +- } +- *authdata = adata; +- +- adata[i] = (krb5_authdata *)malloc(sizeof(krb5_authdata)); +- if (adata[i] == NULL) { +- krb5_free_data(context, ad_if_relevant); +- return ENOMEM; +- } +- adata[i]->magic = KV5M_AUTHDATA; +- adata[i]->ad_type = KRB5_AUTHDATA_IF_RELEVANT; +- adata[i]->length = ad_if_relevant->length; +- adata[i]->contents = (krb5_octet *)ad_if_relevant->data; +- free(ad_if_relevant); /* contents owned by adata[i] */ +- +- adata[i + 1] = NULL; +- +- return 0; ++ etlist.etypes = desired_enctypes; ++ etlist.length = count; ++ return encode_krb5_etype_list(&etlist, out); ++} ++ ++/* Set *authdata_out to appropriate authenticator authdata for the request, ++ * encoded in a single AD_IF_RELEVANT element. */ ++static krb5_error_code ++make_ap_authdata(krb5_context context, krb5_enctype *desired_enctypes, ++ krb5_enctype tkt_enctype, krb5_boolean client_aware_cb, ++ krb5_authdata ***authdata_out) ++{ ++ krb5_error_code ret; ++ krb5_authdata etypes_ad, flags_ad, *list[3]; ++ krb5_data *der_etypes = NULL; ++ size_t count = 0; ++ uint8_t flagbuf[4]; ++ const uint32_t KERB_AP_OPTIONS_CBT = 0x4000; ++ ++ *authdata_out = NULL; ++ ++ /* Include an ETYPE_NEGOTIATION element if appropriate. */ ++ ret = make_etype_list(context, desired_enctypes, tkt_enctype, &der_etypes); ++ if (ret) ++ goto cleanup; ++ if (der_etypes != NULL) { ++ etypes_ad.magic = KV5M_AUTHDATA; ++ etypes_ad.ad_type = KRB5_AUTHDATA_ETYPE_NEGOTIATION; ++ etypes_ad.length = der_etypes->length; ++ etypes_ad.contents = (uint8_t *)der_etypes->data; ++ list[count++] = &etypes_ad; ++ } ++ ++ /* Include an AP_OPTIONS element if the CBT flag is configured. */ ++ if (client_aware_cb != 0) { ++ store_32_le(KERB_AP_OPTIONS_CBT, flagbuf); ++ flags_ad.magic = KV5M_AUTHDATA; ++ flags_ad.ad_type = KRB5_AUTHDATA_AP_OPTIONS; ++ flags_ad.length = 4; ++ flags_ad.contents = flagbuf; ++ list[count++] = &flags_ad; ++ } ++ ++ if (count > 0) { ++ list[count] = NULL; ++ ret = krb5_encode_authdata_container(context, ++ KRB5_AUTHDATA_IF_RELEVANT, ++ list, authdata_out); ++ } ++ ++cleanup: ++ krb5_free_data(context, der_etypes); ++ return ret; + } diff --git a/SOURCES/Add-finalization-safety-check-to-com_err.patch b/SOURCES/Add-finalization-safety-check-to-com_err.patch new file mode 100644 index 0000000..f7c9d54 --- /dev/null +++ b/SOURCES/Add-finalization-safety-check-to-com_err.patch @@ -0,0 +1,54 @@ +From 2ea85d8228663c9592705a13edecbd4d3c70aac1 Mon Sep 17 00:00:00 2001 +From: Jiri Sasek +Date: Fri, 13 Mar 2020 19:02:58 +0100 +Subject: [PATCH] Add finalization safety check to com_err + +If the linker erroneously runs the libkrb5 finalizer after the +libcom_err finalizer, the consequent remove_error_table() calls could +crash due to accessing a destroyed mutex or an invalid et_list +pointer. Add an unsynchronized check on finalized in +remove_error_table(), and set et_list to null in com_err_terminate() +after destroying the list. + +[ghudson@mit.edu: minimized code hanges; rewrote comment and commit +message] + +ticket: 8890 (new) +(cherry picked from commit 9d654aa05e26bbf22f140abde3436afeff2fdf8d) +(cherry picked from commit c7a37d3e87132864ebc44710baf1d50a69682b5c) +--- + src/util/et/error_message.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c +index d7069a9df..7dc02a34e 100644 +--- a/src/util/et/error_message.c ++++ b/src/util/et/error_message.c +@@ -26,7 +26,7 @@ + + static struct et_list *et_list; + static k5_mutex_t et_list_lock = K5_MUTEX_PARTIAL_INITIALIZER; +-static int terminated = 0; /* for debugging shlib fini sequence errors */ ++static int terminated = 0; /* for safety and finalization debugging */ + + MAKE_INIT_FUNCTION(com_err_initialize); + MAKE_FINI_FUNCTION(com_err_terminate); +@@ -69,6 +69,7 @@ void com_err_terminate(void) + enext = e->next; + free(e); + } ++ et_list = NULL; + k5_mutex_unlock(&et_list_lock); + k5_mutex_destroy(&et_list_lock); + terminated = 1; +@@ -280,6 +281,10 @@ remove_error_table(const struct error_table *et) + { + struct et_list **ep, *e; + ++ /* Safety check in case libraries are finalized in the wrong order. */ ++ if (terminated) ++ return ENOENT; ++ + if (CALL_INIT_FUNCTION(com_err_initialize)) + return 0; + k5_mutex_lock(&et_list_lock); diff --git a/SOURCES/Add-function-and-enctype-flag-for-deprecations.patch b/SOURCES/Add-function-and-enctype-flag-for-deprecations.patch deleted file mode 100644 index 2a094e7..0000000 --- a/SOURCES/Add-function-and-enctype-flag-for-deprecations.patch +++ /dev/null @@ -1,183 +0,0 @@ -From ba1fd0a44c74089d42af244ff2b315baf506fd2f Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 15 Jan 2019 16:16:57 -0500 -Subject: [PATCH] Add function and enctype flag for deprecations - -krb5int_c_deprecated_enctype() checks for the ETYPE_DEPRECATED flag on -enctypes. All ENCTYPE_WEAK enctypes are currently deprecated; not all -deprecated enctypes are considered weak. Deprecations follow RFC 6649 -and RFC 8429. - -(cherry picked from commit 484a6e7712f9b66e782b2520f07b0883889e116f) ---- - src/include/k5-int.h | 1 + - src/lib/crypto/krb/crypto_int.h | 9 ++++++++- - src/lib/crypto/krb/enctype_util.c | 7 +++++++ - src/lib/crypto/krb/etypes.c | 19 ++++++++++--------- - src/lib/crypto/libk5crypto.exports | 1 + - src/lib/krb5_32.def | 3 +++ - 6 files changed, 30 insertions(+), 10 deletions(-) - -diff --git a/src/include/k5-int.h b/src/include/k5-int.h -index 8f9329c59..255cee822 100644 ---- a/src/include/k5-int.h -+++ b/src/include/k5-int.h -@@ -2077,6 +2077,7 @@ krb5_get_tgs_ktypes(krb5_context, krb5_const_principal, krb5_enctype **); - krb5_boolean krb5_is_permitted_enctype(krb5_context, krb5_enctype); - - krb5_boolean KRB5_CALLCONV krb5int_c_weak_enctype(krb5_enctype); -+krb5_boolean KRB5_CALLCONV krb5int_c_deprecated_enctype(krb5_enctype); - krb5_error_code k5_enctype_to_ssf(krb5_enctype enctype, unsigned int *ssf_out); - - krb5_error_code krb5_kdc_rep_decrypt_proc(krb5_context, const krb5_keyblock *, -diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h -index e5099291e..6c1c77cac 100644 ---- a/src/lib/crypto/krb/crypto_int.h -+++ b/src/lib/crypto/krb/crypto_int.h -@@ -114,7 +114,14 @@ struct krb5_keytypes { - unsigned int ssf; - }; - --#define ETYPE_WEAK 1 -+/* -+ * "Weak" means the enctype is believed to be vulnerable to practical attacks, -+ * and will be disabled unless allow_weak_crypto is set to true. "Deprecated" -+ * means the enctype has been deprecated by the IETF, and affects display and -+ * logging. -+ */ -+#define ETYPE_WEAK (1 << 0) -+#define ETYPE_DEPRECATED (1 << 1) - - extern const struct krb5_keytypes krb5int_enctypes_list[]; - extern const int krb5int_enctypes_length; -diff --git a/src/lib/crypto/krb/enctype_util.c b/src/lib/crypto/krb/enctype_util.c -index b1b40e7ec..e394f4e19 100644 ---- a/src/lib/crypto/krb/enctype_util.c -+++ b/src/lib/crypto/krb/enctype_util.c -@@ -51,6 +51,13 @@ krb5int_c_weak_enctype(krb5_enctype etype) - return (ktp != NULL && (ktp->flags & ETYPE_WEAK) != 0); - } - -+krb5_boolean KRB5_CALLCONV -+krb5int_c_deprecated_enctype(krb5_enctype etype) -+{ -+ const struct krb5_keytypes *ktp = find_enctype(etype); -+ return ktp != NULL && (ktp->flags & ETYPE_DEPRECATED) != 0; -+} -+ - krb5_error_code KRB5_CALLCONV - krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2, - krb5_boolean *similar) -diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c -index 53d4a5c79..8f44c37e7 100644 ---- a/src/lib/crypto/krb/etypes.c -+++ b/src/lib/crypto/krb/etypes.c -@@ -33,6 +33,7 @@ - that the keytypes are all near each other. I'd rather not make - that assumption. */ - -+/* Deprecations come from RFC 6649 and RFC 8249. */ - const struct krb5_keytypes krb5int_enctypes_list[] = { - { ENCTYPE_DES_CBC_CRC, - "des-cbc-crc", { 0 }, "DES cbc mode with CRC-32", -@@ -42,7 +43,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_des_string_to_key, k5_rand2key_des, - krb5int_des_prf, - CKSUMTYPE_RSA_MD5_DES, -- ETYPE_WEAK, 56 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 56 }, - { ENCTYPE_DES_CBC_MD4, - "des-cbc-md4", { 0 }, "DES cbc mode with RSA-MD4", - &krb5int_enc_des, &krb5int_hash_md4, -@@ -51,7 +52,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_des_string_to_key, k5_rand2key_des, - krb5int_des_prf, - CKSUMTYPE_RSA_MD4_DES, -- ETYPE_WEAK, 56 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 56 }, - { ENCTYPE_DES_CBC_MD5, - "des-cbc-md5", { "des" }, "DES cbc mode with RSA-MD5", - &krb5int_enc_des, &krb5int_hash_md5, -@@ -60,7 +61,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_des_string_to_key, k5_rand2key_des, - krb5int_des_prf, - CKSUMTYPE_RSA_MD5_DES, -- ETYPE_WEAK, 56 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 56 }, - { ENCTYPE_DES_CBC_RAW, - "des-cbc-raw", { 0 }, "DES cbc mode raw", - &krb5int_enc_des, NULL, -@@ -69,7 +70,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_des_string_to_key, k5_rand2key_des, - krb5int_des_prf, - 0, -- ETYPE_WEAK, 56 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 56 }, - { ENCTYPE_DES3_CBC_RAW, - "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw", - &krb5int_enc_des3, NULL, -@@ -78,7 +79,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_dk_string_to_key, k5_rand2key_des3, - NULL, /*PRF*/ - 0, -- ETYPE_WEAK, 112 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 112 }, - - { ENCTYPE_DES3_CBC_SHA1, - "des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" }, -@@ -89,7 +90,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_dk_string_to_key, k5_rand2key_des3, - krb5int_dk_prf, - CKSUMTYPE_HMAC_SHA1_DES3, -- 0 /*flags*/, 112 }, -+ ETYPE_DEPRECATED, 112 }, - - { ENCTYPE_DES_HMAC_SHA1, - "des-hmac-sha1", { 0 }, "DES with HMAC/sha1", -@@ -99,7 +100,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_dk_string_to_key, k5_rand2key_des, - NULL, /*PRF*/ - 0, -- ETYPE_WEAK, 56 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 56 }, - - /* rc4-hmac uses a 128-bit key, but due to weaknesses in the RC4 cipher, we - * consider its strength degraded and assign it an SSF value of 64. */ -@@ -113,7 +114,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key, - k5_rand2key_direct, krb5int_arcfour_prf, - CKSUMTYPE_HMAC_MD5_ARCFOUR, -- 0 /*flags*/, 64 }, -+ ETYPE_DEPRECATED, 64 }, - { ENCTYPE_ARCFOUR_HMAC_EXP, - "arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" }, - "Exportable ArcFour with HMAC/md5", -@@ -124,7 +125,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key, - k5_rand2key_direct, krb5int_arcfour_prf, - CKSUMTYPE_HMAC_MD5_ARCFOUR, -- ETYPE_WEAK, 40 -+ ETYPE_WEAK | ETYPE_DEPRECATED, 40 - }, - - { ENCTYPE_AES128_CTS_HMAC_SHA1_96, -diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports -index 82eb5f30c..90afdf5f7 100644 ---- a/src/lib/crypto/libk5crypto.exports -+++ b/src/lib/crypto/libk5crypto.exports -@@ -109,3 +109,4 @@ k5_allow_weak_pbkdf2iter - krb5_c_prfplus - krb5_c_derive_prfplus - k5_enctype_to_ssf -+krb5int_c_deprecated_enctype -diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def -index c35022931..e6a487593 100644 ---- a/src/lib/krb5_32.def -+++ b/src/lib/krb5_32.def -@@ -487,3 +487,6 @@ EXPORTS - encode_krb5_pa_spake @444 ; PRIVATE - decode_krb5_pa_spake @445 ; PRIVATE - k5_free_pa_spake @446 ; PRIVATE -+ -+; new in 1.18 -+ krb5int_c_deprecated_enctype @450 ; PRIVATE diff --git a/SOURCES/Add-soft-pkcs11-source-code.patch b/SOURCES/Add-soft-pkcs11-source-code.patch deleted file mode 100644 index 25488b5..0000000 --- a/SOURCES/Add-soft-pkcs11-source-code.patch +++ /dev/null @@ -1,2072 +0,0 @@ -From c4626f17ece51265eaa5446e96104b115ecbe31c Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Thu, 20 Jun 2019 10:45:18 -0400 -Subject: [PATCH] Add soft-pkcs11 source code - -soft-pkcs11 is no longer available upstream and is not generally -packaged in distributions, making it inconvenient to use for tests. -Import the 1.8 source code, detabified and with trailing whitespace -removed but otherwise unmodified. - -(cherry picked from commit a4bc3e513a58b0d1292f3506ac3b35be8c178086) -(cherry picked from commit a186597238ae40e167ce041857b5bd1f94ee2383) ---- - src/tests/softpkcs11/main.c | 2049 +++++++++++++++++++++++++++++++++++ - 1 file changed, 2049 insertions(+) - create mode 100644 src/tests/softpkcs11/main.c - -diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c -new file mode 100644 -index 000000000..2acec5169 ---- /dev/null -+++ b/src/tests/softpkcs11/main.c -@@ -0,0 +1,2049 @@ -+/* -+ * Copyright (c) 2004-2006, Stockholms universitet -+ * (Stockholm University, Stockholm Sweden) -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * -+ * 3. Neither the name of the university nor the names of its contributors -+ * may be used to endorse or promote products derived from this software -+ * without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -+ * POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include "locl.h" -+ -+/* RCSID("$Id: main.c,v 1.24 2006/01/11 12:42:53 lha Exp $"); */ -+ -+#define OBJECT_ID_MASK 0xfff -+#define HANDLE_OBJECT_ID(h) ((h) & OBJECT_ID_MASK) -+#define OBJECT_ID(obj) HANDLE_OBJECT_ID((obj)->object_handle) -+ -+struct st_attr { -+ CK_ATTRIBUTE attribute; -+ int secret; -+}; -+ -+struct st_object { -+ CK_OBJECT_HANDLE object_handle; -+ struct st_attr *attrs; -+ int num_attributes; -+ enum { -+ STO_T_CERTIFICATE, -+ STO_T_PRIVATE_KEY, -+ STO_T_PUBLIC_KEY -+ } type; -+ union { -+ X509 *cert; -+ EVP_PKEY *public_key; -+ struct { -+ const char *file; -+ EVP_PKEY *key; -+ X509 *cert; -+ } private_key; -+ } u; -+}; -+ -+static struct soft_token { -+ CK_VOID_PTR application; -+ CK_NOTIFY notify; -+ struct { -+ struct st_object **objs; -+ int num_objs; -+ } object; -+ struct { -+ int hardware_slot; -+ int app_error_fatal; -+ int login_done; -+ } flags; -+ int open_sessions; -+ struct session_state { -+ CK_SESSION_HANDLE session_handle; -+ -+ struct { -+ CK_ATTRIBUTE *attributes; -+ CK_ULONG num_attributes; -+ int next_object; -+ } find; -+ -+ int encrypt_object; -+ CK_MECHANISM_PTR encrypt_mechanism; -+ int decrypt_object; -+ CK_MECHANISM_PTR decrypt_mechanism; -+ int sign_object; -+ CK_MECHANISM_PTR sign_mechanism; -+ int verify_object; -+ CK_MECHANISM_PTR verify_mechanism; -+ int digest_object; -+ } state[10]; -+#define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0])) -+ FILE *logfile; -+} soft_token; -+ -+static void -+application_error(const char *fmt, ...) -+{ -+ va_list ap; -+ va_start(ap, fmt); -+ vprintf(fmt, ap); -+ va_end(ap); -+ if (soft_token.flags.app_error_fatal) -+ abort(); -+} -+ -+static void -+st_logf(const char *fmt, ...) -+{ -+ va_list ap; -+ if (soft_token.logfile == NULL) -+ return; -+ va_start(ap, fmt); -+ vfprintf(soft_token.logfile, fmt, ap); -+ va_end(ap); -+ fflush(soft_token.logfile); -+} -+ -+static void -+snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...) -+{ -+ int len; -+ va_list ap; -+ len = vsnprintf(str, size, fmt, ap); -+ va_end(ap); -+ if (len < 0 || len > size) -+ return; -+ while(len < size) -+ str[len++] = fillchar; -+} -+ -+#ifndef TEST_APP -+#define printf error_use_st_logf -+#endif -+ -+#define VERIFY_SESSION_HANDLE(s, state) \ -+{ \ -+ CK_RV ret; \ -+ ret = verify_session_handle(s, state); \ -+ if (ret != CKR_OK) { \ -+ /* return CKR_OK */; \ -+ } \ -+} -+ -+static CK_RV -+verify_session_handle(CK_SESSION_HANDLE hSession, -+ struct session_state **state) -+{ -+ int i; -+ -+ for (i = 0; i < MAX_NUM_SESSION; i++){ -+ if (soft_token.state[i].session_handle == hSession) -+ break; -+ } -+ if (i == MAX_NUM_SESSION) { -+ application_error("use of invalid handle: 0x%08lx\n", -+ (unsigned long)hSession); -+ return CKR_SESSION_HANDLE_INVALID; -+ } -+ if (state) -+ *state = &soft_token.state[i]; -+ return CKR_OK; -+} -+ -+static CK_RV -+object_handle_to_object(CK_OBJECT_HANDLE handle, -+ struct st_object **object) -+{ -+ int i = HANDLE_OBJECT_ID(handle); -+ -+ *object = NULL; -+ if (i >= soft_token.object.num_objs) -+ return CKR_ARGUMENTS_BAD; -+ if (soft_token.object.objs[i] == NULL) -+ return CKR_ARGUMENTS_BAD; -+ if (soft_token.object.objs[i]->object_handle != handle) -+ return CKR_ARGUMENTS_BAD; -+ *object = soft_token.object.objs[i]; -+ return CKR_OK; -+} -+ -+static int -+attributes_match(const struct st_object *obj, -+ const CK_ATTRIBUTE *attributes, -+ CK_ULONG num_attributes) -+{ -+ CK_ULONG i; -+ int j; -+ st_logf("attributes_match: %ld\n", (unsigned long)OBJECT_ID(obj)); -+ -+ for (i = 0; i < num_attributes; i++) { -+ int match = 0; -+ for (j = 0; j < obj->num_attributes; j++) { -+ if (attributes[i].type == obj->attrs[j].attribute.type && -+ attributes[i].ulValueLen == obj->attrs[j].attribute.ulValueLen && -+ memcmp(attributes[i].pValue, obj->attrs[j].attribute.pValue, -+ attributes[i].ulValueLen) == 0) { -+ match = 1; -+ break; -+ } -+ } -+ if (match == 0) { -+ st_logf("type %d attribute have no match\n", attributes[i].type); -+ return 0; -+ } -+ } -+ st_logf("attribute matches\n"); -+ return 1; -+} -+ -+static void -+print_attributes(const CK_ATTRIBUTE *attributes, -+ CK_ULONG num_attributes) -+{ -+ CK_ULONG i; -+ -+ st_logf("find objects: attrs: %lu\n", (unsigned long)num_attributes); -+ -+ for (i = 0; i < num_attributes; i++) { -+ st_logf(" type: "); -+ switch (attributes[i].type) { -+ case CKA_TOKEN: { -+ CK_BBOOL *ck_true; -+ if (attributes[i].ulValueLen != sizeof(CK_BBOOL)) { -+ application_error("token attribute wrong length\n"); -+ break; -+ } -+ ck_true = attributes[i].pValue; -+ st_logf("token: %s", *ck_true ? "TRUE" : "FALSE"); -+ break; -+ } -+ case CKA_CLASS: { -+ CK_OBJECT_CLASS *class; -+ if (attributes[i].ulValueLen != sizeof(CK_ULONG)) { -+ application_error("class attribute wrong length\n"); -+ break; -+ } -+ class = attributes[i].pValue; -+ st_logf("class "); -+ switch (*class) { -+ case CKO_CERTIFICATE: -+ st_logf("certificate"); -+ break; -+ case CKO_PUBLIC_KEY: -+ st_logf("public key"); -+ break; -+ case CKO_PRIVATE_KEY: -+ st_logf("private key"); -+ break; -+ case CKO_SECRET_KEY: -+ st_logf("secret key"); -+ break; -+ case CKO_DOMAIN_PARAMETERS: -+ st_logf("domain parameters"); -+ break; -+ default: -+ st_logf("[class %lx]", (long unsigned)*class); -+ break; -+ } -+ break; -+ } -+ case CKA_PRIVATE: -+ st_logf("private"); -+ break; -+ case CKA_LABEL: -+ st_logf("label"); -+ break; -+ case CKA_APPLICATION: -+ st_logf("application"); -+ break; -+ case CKA_VALUE: -+ st_logf("value"); -+ break; -+ case CKA_ID: -+ st_logf("id"); -+ break; -+ default: -+ st_logf("[unknown 0x%08lx]", (unsigned long)attributes[i].type); -+ break; -+ } -+ st_logf("\n"); -+ } -+} -+ -+static struct st_object * -+add_st_object(void) -+{ -+ struct st_object *o, **objs; -+ int i; -+ -+ o = malloc(sizeof(*o)); -+ if (o == NULL) -+ return NULL; -+ memset(o, 0, sizeof(*o)); -+ o->attrs = NULL; -+ o->num_attributes = 0; -+ -+ for (i = 0; i < soft_token.object.num_objs; i++) { -+ if (soft_token.object.objs == NULL) { -+ soft_token.object.objs[i] = o; -+ break; -+ } -+ } -+ if (i == soft_token.object.num_objs) { -+ objs = realloc(soft_token.object.objs, -+ (soft_token.object.num_objs + 1) * sizeof(soft_token.object.objs[0])); -+ if (objs == NULL) { -+ free(o); -+ return NULL; -+ } -+ soft_token.object.objs = objs; -+ soft_token.object.objs[soft_token.object.num_objs++] = o; -+ } -+ soft_token.object.objs[i]->object_handle = -+ (random() & (~OBJECT_ID_MASK)) | i; -+ -+ return o; -+} -+ -+static CK_RV -+add_object_attribute(struct st_object *o, -+ int secret, -+ CK_ATTRIBUTE_TYPE type, -+ CK_VOID_PTR pValue, -+ CK_ULONG ulValueLen) -+{ -+ struct st_attr *a; -+ int i; -+ -+ i = o->num_attributes; -+ a = realloc(o->attrs, (i + 1) * sizeof(o->attrs[0])); -+ if (a == NULL) -+ return CKR_DEVICE_MEMORY; -+ o->attrs = a; -+ o->attrs[i].secret = secret; -+ o->attrs[i].attribute.type = type; -+ o->attrs[i].attribute.pValue = malloc(ulValueLen); -+ if (o->attrs[i].attribute.pValue == NULL && ulValueLen != 0) -+ return CKR_DEVICE_MEMORY; -+ memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen); -+ o->attrs[i].attribute.ulValueLen = ulValueLen; -+ o->num_attributes++; -+ -+ return CKR_OK; -+} -+ -+static CK_RV -+add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key) -+{ -+ switch (key_type) { -+ case CKK_RSA: { -+ CK_BYTE *modulus = NULL; -+ size_t modulus_len = 0; -+ CK_ULONG modulus_bits = 0; -+ CK_BYTE *exponent = NULL; -+ size_t exponent_len = 0; -+ -+ modulus_bits = BN_num_bits(key->pkey.rsa->n); -+ -+ modulus_len = BN_num_bytes(key->pkey.rsa->n); -+ modulus = malloc(modulus_len); -+ BN_bn2bin(key->pkey.rsa->n, modulus); -+ -+ exponent_len = BN_num_bytes(key->pkey.rsa->e); -+ exponent = malloc(exponent_len); -+ BN_bn2bin(key->pkey.rsa->e, exponent); -+ -+ add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len); -+ add_object_attribute(o, 0, CKA_MODULUS_BITS, -+ &modulus_bits, sizeof(modulus_bits)); -+ add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT, -+ exponent, exponent_len); -+ -+ RSA_set_method(key->pkey.rsa, RSA_PKCS1_SSLeay()); -+ -+ free(modulus); -+ free(exponent); -+ } -+ default: -+ /* XXX */ -+ break; -+ } -+ return CKR_OK; -+} -+ -+ -+static int -+pem_callback(char *buf, int num, int w, void *key) -+{ -+ return -1; -+} -+ -+ -+static CK_RV -+add_certificate(char *label, -+ const char *cert_file, -+ const char *private_key_file, -+ char *id, -+ int anchor) -+{ -+ struct st_object *o = NULL; -+ CK_BBOOL bool_true = CK_TRUE; -+ CK_BBOOL bool_false = CK_FALSE; -+ CK_OBJECT_CLASS c; -+ CK_CERTIFICATE_TYPE cert_type = CKC_X_509; -+ CK_KEY_TYPE key_type; -+ CK_MECHANISM_TYPE mech_type; -+ void *cert_data = NULL; -+ size_t cert_length; -+ void *subject_data = NULL; -+ size_t subject_length; -+ void *issuer_data = NULL; -+ size_t issuer_length; -+ void *serial_data = NULL; -+ size_t serial_length; -+ CK_RV ret = CKR_GENERAL_ERROR; -+ X509 *cert; -+ EVP_PKEY *public_key; -+ -+ size_t id_len = strlen(id); -+ -+ { -+ FILE *f; -+ -+ f = fopen(cert_file, "r"); -+ if (f == NULL) { -+ st_logf("failed to open file %s\n", cert_file); -+ return CKR_GENERAL_ERROR; -+ } -+ -+ cert = PEM_read_X509(f, NULL, NULL, NULL); -+ fclose(f); -+ if (cert == NULL) { -+ st_logf("failed reading PEM cert\n"); -+ return CKR_GENERAL_ERROR; -+ } -+ -+ OPENSSL_ASN1_MALLOC_ENCODE(X509, cert_data, cert_length, cert, ret); -+ if (ret) -+ goto out; -+ -+ OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, issuer_data, issuer_length, -+ X509_get_issuer_name(cert), ret); -+ if (ret) -+ goto out; -+ -+ OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, subject_data, subject_length, -+ X509_get_subject_name(cert), ret); -+ if (ret) -+ goto out; -+ -+ OPENSSL_ASN1_MALLOC_ENCODE(ASN1_INTEGER, serial_data, serial_length, -+ X509_get_serialNumber(cert), ret); -+ if (ret) -+ goto out; -+ -+ } -+ -+ st_logf("done parsing, adding to internal structure\n"); -+ -+ o = add_st_object(); -+ if (o == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ o->type = STO_T_CERTIFICATE; -+ o->u.cert = cert; -+ public_key = X509_get_pubkey(o->u.cert); -+ -+ switch (EVP_PKEY_type(public_key->type)) { -+ case EVP_PKEY_RSA: -+ key_type = CKK_RSA; -+ break; -+ case EVP_PKEY_DSA: -+ key_type = CKK_DSA; -+ break; -+ default: -+ /* XXX */ -+ break; -+ } -+ -+ c = CKO_CERTIFICATE; -+ add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c)); -+ add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_LABEL, label, strlen(label)); -+ -+ add_object_attribute(o, 0, CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type)); -+ add_object_attribute(o, 0, CKA_ID, id, id_len); -+ -+ add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length); -+ add_object_attribute(o, 0, CKA_ISSUER, issuer_data, issuer_length); -+ add_object_attribute(o, 0, CKA_SERIAL_NUMBER, serial_data, serial_length); -+ add_object_attribute(o, 0, CKA_VALUE, cert_data, cert_length); -+ if (anchor) -+ add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true)); -+ else -+ add_object_attribute(o, 0, CKA_TRUSTED, &bool_false, sizeof(bool_false)); -+ -+ st_logf("add cert ok: %lx\n", (unsigned long)OBJECT_ID(o)); -+ -+ o = add_st_object(); -+ if (o == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ o->type = STO_T_PUBLIC_KEY; -+ o->u.public_key = public_key; -+ -+ c = CKO_PUBLIC_KEY; -+ add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c)); -+ add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_LABEL, label, strlen(label)); -+ -+ add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type)); -+ add_object_attribute(o, 0, CKA_ID, id, id_len); -+ add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */ -+ add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */ -+ add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false)); -+ mech_type = CKM_RSA_X_509; -+ add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type)); -+ -+ add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length); -+ add_object_attribute(o, 0, CKA_ENCRYPT, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_VERIFY, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_VERIFY_RECOVER, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_WRAP, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true)); -+ -+ add_pubkey_info(o, key_type, public_key); -+ -+ st_logf("add key ok: %lx\n", (unsigned long)OBJECT_ID(o)); -+ -+ if (private_key_file) { -+ CK_FLAGS flags; -+ FILE *f; -+ -+ o = add_st_object(); -+ if (o == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ o->type = STO_T_PRIVATE_KEY; -+ o->u.private_key.file = strdup(private_key_file); -+ o->u.private_key.key = NULL; -+ -+ o->u.private_key.cert = cert; -+ -+ c = CKO_PRIVATE_KEY; -+ add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c)); -+ add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_PRIVATE, &bool_true, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_LABEL, label, strlen(label)); -+ -+ add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type)); -+ add_object_attribute(o, 0, CKA_ID, id, id_len); -+ add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */ -+ add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */ -+ add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false)); -+ mech_type = CKM_RSA_X_509; -+ add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type)); -+ -+ add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length); -+ add_object_attribute(o, 0, CKA_SENSITIVE, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_SECONDARY_AUTH, &bool_false, sizeof(bool_true)); -+ flags = 0; -+ add_object_attribute(o, 0, CKA_AUTH_PIN_FLAGS, &flags, sizeof(flags)); -+ -+ add_object_attribute(o, 0, CKA_DECRYPT, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_SIGN, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_SIGN_RECOVER, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_UNWRAP, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_EXTRACTABLE, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_NEVER_EXTRACTABLE, &bool_false, sizeof(bool_false)); -+ -+ add_pubkey_info(o, key_type, public_key); -+ -+ f = fopen(private_key_file, "r"); -+ if (f == NULL) { -+ st_logf("failed to open private key\n"); -+ return CKR_GENERAL_ERROR; -+ } -+ -+ o->u.private_key.key = PEM_read_PrivateKey(f, NULL, pem_callback, NULL); -+ fclose(f); -+ if (o->u.private_key.key == NULL) { -+ st_logf("failed to read private key a startup\n"); -+ /* don't bother with this failure for now, -+ fix it at C_Login time */; -+ } else { -+ /* XXX verify keytype */ -+ -+ if (key_type == CKK_RSA) -+ RSA_set_method(o->u.private_key.key->pkey.rsa, -+ RSA_PKCS1_SSLeay()); -+ -+ if (X509_check_private_key(cert, o->u.private_key.key) != 1) { -+ EVP_PKEY_free(o->u.private_key.key); -+ o->u.private_key.key = NULL; -+ st_logf("private key doesn't verify\n"); -+ } else { -+ st_logf("private key usable\n"); -+ soft_token.flags.login_done = 1; -+ } -+ } -+ } -+ -+ ret = CKR_OK; -+ out: -+ if (ret != CKR_OK) { -+ st_logf("something went wrong when adding cert!\n"); -+ -+ /* XXX wack o */; -+ } -+ free(cert_data); -+ free(serial_data); -+ free(issuer_data); -+ free(subject_data); -+ -+ return ret; -+} -+ -+static void -+find_object_final(struct session_state *state) -+{ -+ if (state->find.attributes) { -+ CK_ULONG i; -+ -+ for (i = 0; i < state->find.num_attributes; i++) { -+ if (state->find.attributes[i].pValue) -+ free(state->find.attributes[i].pValue); -+ } -+ free(state->find.attributes); -+ state->find.attributes = NULL; -+ state->find.num_attributes = 0; -+ state->find.next_object = -1; -+ } -+} -+ -+static void -+reset_crypto_state(struct session_state *state) -+{ -+ state->encrypt_object = -1; -+ if (state->encrypt_mechanism) -+ free(state->encrypt_mechanism); -+ state->encrypt_mechanism = NULL_PTR; -+ state->decrypt_object = -1; -+ if (state->decrypt_mechanism) -+ free(state->decrypt_mechanism); -+ state->decrypt_mechanism = NULL_PTR; -+ state->sign_object = -1; -+ if (state->sign_mechanism) -+ free(state->sign_mechanism); -+ state->sign_mechanism = NULL_PTR; -+ state->verify_object = -1; -+ if (state->verify_mechanism) -+ free(state->verify_mechanism); -+ state->verify_mechanism = NULL_PTR; -+ state->digest_object = -1; -+} -+ -+static void -+close_session(struct session_state *state) -+{ -+ if (state->find.attributes) { -+ application_error("application didn't do C_FindObjectsFinal\n"); -+ find_object_final(state); -+ } -+ -+ state->session_handle = CK_INVALID_HANDLE; -+ soft_token.application = NULL_PTR; -+ soft_token.notify = NULL_PTR; -+ reset_crypto_state(state); -+} -+ -+static const char * -+has_session(void) -+{ -+ return soft_token.open_sessions > 0 ? "yes" : "no"; -+} -+ -+static void -+read_conf_file(const char *fn) -+{ -+ char buf[1024], *cert, *key, *id, *label, *s, *p; -+ int anchor; -+ FILE *f; -+ -+ f = fopen(fn, "r"); -+ if (f == NULL) { -+ st_logf("can't open configuration file %s\n", fn); -+ return; -+ } -+ -+ while(fgets(buf, sizeof(buf), f) != NULL) { -+ buf[strcspn(buf, "\n")] = '\0'; -+ -+ anchor = 0; -+ -+ st_logf("line: %s\n", buf); -+ -+ p = buf; -+ while (isspace(*p)) -+ p++; -+ if (*p == '#') -+ continue; -+ while (isspace(*p)) -+ p++; -+ -+ s = NULL; -+ id = strtok_r(p, "\t", &s); -+ if (id == NULL) -+ continue; -+ label = strtok_r(NULL, "\t", &s); -+ if (label == NULL) -+ continue; -+ cert = strtok_r(NULL, "\t", &s); -+ if (cert == NULL) -+ continue; -+ key = strtok_r(NULL, "\t", &s); -+ -+ /* XXX */ -+ if (strcmp(id, "anchor") == 0) { -+ id = "\x00\x00"; -+ anchor = 1; -+ } -+ -+ st_logf("adding: %s\n", label); -+ -+ add_certificate(label, cert, key, id, anchor); -+ } -+} -+ -+static CK_RV -+func_not_supported(void) -+{ -+ st_logf("function not supported\n"); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_Initialize(CK_VOID_PTR a) -+{ -+ CK_C_INITIALIZE_ARGS_PTR args = a; -+ st_logf("Initialize\n"); -+ int i; -+ -+ OpenSSL_add_all_algorithms(); -+ ERR_load_crypto_strings(); -+ -+ srandom(getpid() ^ time(NULL)); -+ -+ for (i = 0; i < MAX_NUM_SESSION; i++) { -+ soft_token.state[i].session_handle = CK_INVALID_HANDLE; -+ soft_token.state[i].find.attributes = NULL; -+ soft_token.state[i].find.num_attributes = 0; -+ soft_token.state[i].find.next_object = -1; -+ reset_crypto_state(&soft_token.state[i]); -+ } -+ -+ soft_token.flags.hardware_slot = 1; -+ soft_token.flags.app_error_fatal = 0; -+ soft_token.flags.login_done = 0; -+ -+ soft_token.object.objs = NULL; -+ soft_token.object.num_objs = 0; -+ -+ soft_token.logfile = NULL; -+#if 0 -+ soft_token.logfile = stdout; -+#endif -+#if 0 -+ soft_token.logfile = fopen("/tmp/log-pkcs11.txt", "a"); -+#endif -+ -+ if (a != NULL_PTR) { -+ st_logf("\tCreateMutex:\t%p\n", args->CreateMutex); -+ st_logf("\tDestroyMutext\t%p\n", args->DestroyMutex); -+ st_logf("\tLockMutext\t%p\n", args->LockMutex); -+ st_logf("\tUnlockMutext\t%p\n", args->UnlockMutex); -+ st_logf("\tFlags\t%04x\n", (unsigned int)args->flags); -+ } -+ -+ { -+ char *fn = NULL, *home = NULL; -+ -+ if (getuid() == geteuid()) { -+ fn = getenv("SOFTPKCS11RC"); -+ if (fn) -+ fn = strdup(fn); -+ home = getenv("HOME"); -+ } -+ if (fn == NULL && home == NULL) { -+ struct passwd *pw = getpwuid(getuid()); -+ if(pw != NULL) -+ home = pw->pw_dir; -+ } -+ if (fn == NULL) { -+ if (home) -+ asprintf(&fn, "%s/.soft-token.rc", home); -+ else -+ fn = strdup("/etc/soft-token.rc"); -+ } -+ -+ read_conf_file(fn); -+ free(fn); -+ } -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_Finalize(CK_VOID_PTR args) -+{ -+ int i; -+ -+ st_logf("Finalize\n"); -+ -+ for (i = 0; i < MAX_NUM_SESSION; i++) { -+ if (soft_token.state[i].session_handle != CK_INVALID_HANDLE) { -+ application_error("application finalized without " -+ "closing session\n"); -+ close_session(&soft_token.state[i]); -+ } -+ } -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetInfo(CK_INFO_PTR args) -+{ -+ st_logf("GetInfo\n"); -+ -+ memset(args, 17, sizeof(*args)); -+ args->cryptokiVersion.major = 2; -+ args->cryptokiVersion.minor = 10; -+ snprintf_fill((char *)args->manufacturerID, -+ sizeof(args->manufacturerID), -+ ' ', -+ "SoftToken"); -+ snprintf_fill((char *)args->libraryDescription, -+ sizeof(args->libraryDescription), ' ', -+ "SoftToken"); -+ args->libraryVersion.major = 1; -+ args->libraryVersion.minor = 8; -+ -+ return CKR_OK; -+} -+ -+extern CK_FUNCTION_LIST funcs; -+ -+CK_RV -+C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) -+{ -+ *ppFunctionList = &funcs; -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetSlotList(CK_BBOOL tokenPresent, -+ CK_SLOT_ID_PTR pSlotList, -+ CK_ULONG_PTR pulCount) -+{ -+ st_logf("GetSlotList: %s\n", -+ tokenPresent ? "tokenPresent" : "token not Present"); -+ if (pSlotList) -+ pSlotList[0] = 1; -+ *pulCount = 1; -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetSlotInfo(CK_SLOT_ID slotID, -+ CK_SLOT_INFO_PTR pInfo) -+{ -+ st_logf("GetSlotInfo: slot: %d : %s\n", (int)slotID, has_session()); -+ -+ memset(pInfo, 18, sizeof(*pInfo)); -+ -+ if (slotID != 1) -+ return CKR_ARGUMENTS_BAD; -+ -+ snprintf_fill((char *)pInfo->slotDescription, -+ sizeof(pInfo->slotDescription), -+ ' ', -+ "SoftToken (slot)"); -+ snprintf_fill((char *)pInfo->manufacturerID, -+ sizeof(pInfo->manufacturerID), -+ ' ', -+ "SoftToken (slot)"); -+ pInfo->flags = CKF_TOKEN_PRESENT; -+ if (soft_token.flags.hardware_slot) -+ pInfo->flags |= CKF_HW_SLOT; -+ pInfo->hardwareVersion.major = 1; -+ pInfo->hardwareVersion.minor = 0; -+ pInfo->firmwareVersion.major = 1; -+ pInfo->firmwareVersion.minor = 0; -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetTokenInfo(CK_SLOT_ID slotID, -+ CK_TOKEN_INFO_PTR pInfo) -+{ -+ st_logf("GetTokenInfo: %s\n", has_session()); -+ -+ memset(pInfo, 19, sizeof(*pInfo)); -+ -+ snprintf_fill((char *)pInfo->label, -+ sizeof(pInfo->label), -+ ' ', -+ "SoftToken (token)"); -+ snprintf_fill((char *)pInfo->manufacturerID, -+ sizeof(pInfo->manufacturerID), -+ ' ', -+ "SoftToken (token)"); -+ snprintf_fill((char *)pInfo->model, -+ sizeof(pInfo->model), -+ ' ', -+ "SoftToken (token)"); -+ snprintf_fill((char *)pInfo->serialNumber, -+ sizeof(pInfo->serialNumber), -+ ' ', -+ "4711"); -+ pInfo->flags = -+ CKF_TOKEN_INITIALIZED | -+ CKF_USER_PIN_INITIALIZED; -+ -+ if (soft_token.flags.login_done == 0) -+ pInfo->flags |= CKF_LOGIN_REQUIRED; -+ -+ /* CFK_RNG | -+ CKF_RESTORE_KEY_NOT_NEEDED | -+ */ -+ pInfo->ulMaxSessionCount = MAX_NUM_SESSION; -+ pInfo->ulSessionCount = soft_token.open_sessions; -+ pInfo->ulMaxRwSessionCount = MAX_NUM_SESSION; -+ pInfo->ulRwSessionCount = soft_token.open_sessions; -+ pInfo->ulMaxPinLen = 1024; -+ pInfo->ulMinPinLen = 0; -+ pInfo->ulTotalPublicMemory = 4711; -+ pInfo->ulFreePublicMemory = 4712; -+ pInfo->ulTotalPrivateMemory = 4713; -+ pInfo->ulFreePrivateMemory = 4714; -+ pInfo->hardwareVersion.major = 2; -+ pInfo->hardwareVersion.minor = 0; -+ pInfo->firmwareVersion.major = 2; -+ pInfo->firmwareVersion.minor = 0; -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetMechanismList(CK_SLOT_ID slotID, -+ CK_MECHANISM_TYPE_PTR pMechanismList, -+ CK_ULONG_PTR pulCount) -+{ -+ st_logf("GetMechanismList\n"); -+ -+ *pulCount = 2; -+ if (pMechanismList == NULL_PTR) -+ return CKR_OK; -+ pMechanismList[0] = CKM_RSA_X_509; -+ pMechanismList[1] = CKM_RSA_PKCS; -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetMechanismInfo(CK_SLOT_ID slotID, -+ CK_MECHANISM_TYPE type, -+ CK_MECHANISM_INFO_PTR pInfo) -+{ -+ st_logf("GetMechanismInfo: slot %d type: %d\n", -+ (int)slotID, (int)type); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_InitToken(CK_SLOT_ID slotID, -+ CK_UTF8CHAR_PTR pPin, -+ CK_ULONG ulPinLen, -+ CK_UTF8CHAR_PTR pLabel) -+{ -+ st_logf("InitToken: slot %d\n", (int)slotID); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_OpenSession(CK_SLOT_ID slotID, -+ CK_FLAGS flags, -+ CK_VOID_PTR pApplication, -+ CK_NOTIFY Notify, -+ CK_SESSION_HANDLE_PTR phSession) -+{ -+ int i; -+ -+ st_logf("OpenSession: slot: %d\n", (int)slotID); -+ -+ if (soft_token.open_sessions == MAX_NUM_SESSION) -+ return CKR_SESSION_COUNT; -+ -+ soft_token.application = pApplication; -+ soft_token.notify = Notify; -+ -+ for (i = 0; i < MAX_NUM_SESSION; i++) -+ if (soft_token.state[i].session_handle == CK_INVALID_HANDLE) -+ break; -+ if (i == MAX_NUM_SESSION) -+ abort(); -+ -+ soft_token.open_sessions++; -+ -+ soft_token.state[i].session_handle = -+ (CK_SESSION_HANDLE)(random() & 0xfffff); -+ *phSession = soft_token.state[i].session_handle; -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_CloseSession(CK_SESSION_HANDLE hSession) -+{ -+ struct session_state *state; -+ st_logf("CloseSession\n"); -+ -+ if (verify_session_handle(hSession, &state) != CKR_OK) -+ application_error("closed session not open"); -+ else -+ close_session(state); -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_CloseAllSessions(CK_SLOT_ID slotID) -+{ -+ int i; -+ -+ st_logf("CloseAllSessions\n"); -+ -+ for (i = 0; i < MAX_NUM_SESSION; i++) -+ if (soft_token.state[i].session_handle != CK_INVALID_HANDLE) -+ close_session(&soft_token.state[i]); -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetSessionInfo(CK_SESSION_HANDLE hSession, -+ CK_SESSION_INFO_PTR pInfo) -+{ -+ st_logf("GetSessionInfo\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ -+ memset(pInfo, 20, sizeof(*pInfo)); -+ -+ pInfo->slotID = 1; -+ if (soft_token.flags.login_done) -+ pInfo->state = CKS_RO_USER_FUNCTIONS; -+ else -+ pInfo->state = CKS_RO_PUBLIC_SESSION; -+ pInfo->flags = CKF_SERIAL_SESSION; -+ pInfo->ulDeviceError = 0; -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_Login(CK_SESSION_HANDLE hSession, -+ CK_USER_TYPE userType, -+ CK_UTF8CHAR_PTR pPin, -+ CK_ULONG ulPinLen) -+{ -+ char *pin = NULL; -+ int i; -+ -+ st_logf("Login\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ -+ if (pPin != NULL_PTR) { -+ asprintf(&pin, "%.*s", (int)ulPinLen, pPin); -+ st_logf("type: %d password: %s\n", (int)userType, pin); -+ } -+ -+ for (i = 0; i < soft_token.object.num_objs; i++) { -+ struct st_object *o = soft_token.object.objs[i]; -+ FILE *f; -+ -+ if (o->type != STO_T_PRIVATE_KEY) -+ continue; -+ -+ if (o->u.private_key.key) -+ continue; -+ -+ f = fopen(o->u.private_key.file, "r"); -+ if (f == NULL) { -+ st_logf("can't open private file: %s\n", o->u.private_key.file); -+ continue; -+ } -+ -+ o->u.private_key.key = PEM_read_PrivateKey(f, NULL, NULL, pin); -+ fclose(f); -+ if (o->u.private_key.key == NULL) { -+ st_logf("failed to read key: %s error: %s\n", -+ o->u.private_key.file, -+ ERR_error_string(ERR_get_error(), NULL)); -+ /* just ignore failure */; -+ continue; -+ } -+ -+ /* XXX check keytype */ -+ RSA_set_method(o->u.private_key.key->pkey.rsa, RSA_PKCS1_SSLeay()); -+ -+ if (X509_check_private_key(o->u.private_key.cert, o->u.private_key.key) != 1) { -+ EVP_PKEY_free(o->u.private_key.key); -+ o->u.private_key.key = NULL; -+ st_logf("private key %s doesn't verify\n", o->u.private_key.file); -+ continue; -+ } -+ -+ soft_token.flags.login_done = 1; -+ } -+ free(pin); -+ -+ return soft_token.flags.login_done ? CKR_OK : CKR_PIN_INCORRECT; -+} -+ -+CK_RV -+C_Logout(CK_SESSION_HANDLE hSession) -+{ -+ st_logf("Logout\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_GetObjectSize(CK_SESSION_HANDLE hSession, -+ CK_OBJECT_HANDLE hObject, -+ CK_ULONG_PTR pulSize) -+{ -+ st_logf("GetObjectSize\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_GetAttributeValue(CK_SESSION_HANDLE hSession, -+ CK_OBJECT_HANDLE hObject, -+ CK_ATTRIBUTE_PTR pTemplate, -+ CK_ULONG ulCount) -+{ -+ struct session_state *state; -+ struct st_object *obj; -+ CK_ULONG i; -+ CK_RV ret; -+ int j; -+ -+ st_logf("GetAttributeValue: %lx\n", -+ (unsigned long)HANDLE_OBJECT_ID(hObject)); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if ((ret = object_handle_to_object(hObject, &obj)) != CKR_OK) { -+ st_logf("object not found: %lx\n", -+ (unsigned long)HANDLE_OBJECT_ID(hObject)); -+ return ret; -+ } -+ -+ for (i = 0; i < ulCount; i++) { -+ st_logf(" getting 0x%08lx\n", (unsigned long)pTemplate[i].type); -+ for (j = 0; j < obj->num_attributes; j++) { -+ if (obj->attrs[j].secret) { -+ pTemplate[i].ulValueLen = (CK_ULONG)-1; -+ break; -+ } -+ if (pTemplate[i].type == obj->attrs[j].attribute.type) { -+ if (pTemplate[i].pValue != NULL_PTR && obj->attrs[j].secret == 0) { -+ if (pTemplate[i].ulValueLen >= obj->attrs[j].attribute.ulValueLen) -+ memcpy(pTemplate[i].pValue, obj->attrs[j].attribute.pValue, -+ obj->attrs[j].attribute.ulValueLen); -+ } -+ pTemplate[i].ulValueLen = obj->attrs[j].attribute.ulValueLen; -+ break; -+ } -+ } -+ if (j == obj->num_attributes) { -+ st_logf("key type: 0x%08lx not found\n", (unsigned long)pTemplate[i].type); -+ pTemplate[i].ulValueLen = (CK_ULONG)-1; -+ } -+ -+ } -+ return CKR_OK; -+} -+ -+CK_RV -+C_FindObjectsInit(CK_SESSION_HANDLE hSession, -+ CK_ATTRIBUTE_PTR pTemplate, -+ CK_ULONG ulCount) -+{ -+ struct session_state *state; -+ -+ st_logf("FindObjectsInit\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->find.next_object != -1) { -+ application_error("application didn't do C_FindObjectsFinal\n"); -+ find_object_final(state); -+ } -+ if (ulCount) { -+ CK_ULONG i; -+ size_t len; -+ -+ print_attributes(pTemplate, ulCount); -+ -+ state->find.attributes = -+ calloc(1, ulCount * sizeof(state->find.attributes[0])); -+ if (state->find.attributes == NULL) -+ return CKR_DEVICE_MEMORY; -+ for (i = 0; i < ulCount; i++) { -+ state->find.attributes[i].pValue = -+ malloc(pTemplate[i].ulValueLen); -+ if (state->find.attributes[i].pValue == NULL) { -+ find_object_final(state); -+ return CKR_DEVICE_MEMORY; -+ } -+ memcpy(state->find.attributes[i].pValue, -+ pTemplate[i].pValue, pTemplate[i].ulValueLen); -+ state->find.attributes[i].type = pTemplate[i].type; -+ state->find.attributes[i].ulValueLen = pTemplate[i].ulValueLen; -+ } -+ state->find.num_attributes = ulCount; -+ state->find.next_object = 0; -+ } else { -+ st_logf("find all objects\n"); -+ state->find.attributes = NULL; -+ state->find.num_attributes = 0; -+ state->find.next_object = 0; -+ } -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_FindObjects(CK_SESSION_HANDLE hSession, -+ CK_OBJECT_HANDLE_PTR phObject, -+ CK_ULONG ulMaxObjectCount, -+ CK_ULONG_PTR pulObjectCount) -+{ -+ struct session_state *state; -+ int i; -+ -+ st_logf("FindObjects\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->find.next_object == -1) { -+ application_error("application didn't do C_FindObjectsInit\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ if (ulMaxObjectCount == 0) { -+ application_error("application asked for 0 objects\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ *pulObjectCount = 0; -+ for (i = state->find.next_object; i < soft_token.object.num_objs; i++) { -+ st_logf("FindObjects: %d\n", i); -+ state->find.next_object = i + 1; -+ if (attributes_match(soft_token.object.objs[i], -+ state->find.attributes, -+ state->find.num_attributes)) { -+ *phObject++ = soft_token.object.objs[i]->object_handle; -+ ulMaxObjectCount--; -+ (*pulObjectCount)++; -+ if (ulMaxObjectCount == 0) -+ break; -+ } -+ } -+ return CKR_OK; -+} -+ -+CK_RV -+C_FindObjectsFinal(CK_SESSION_HANDLE hSession) -+{ -+ struct session_state *state; -+ -+ st_logf("FindObjectsFinal\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ find_object_final(state); -+ return CKR_OK; -+} -+ -+static CK_RV -+commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len, -+ const CK_MECHANISM_TYPE *mechs, int mechs_len, -+ const CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, -+ struct st_object **o) -+{ -+ CK_RV ret; -+ int i; -+ -+ *o = NULL; -+ if ((ret = object_handle_to_object(hKey, o)) != CKR_OK) -+ return ret; -+ -+ ret = attributes_match(*o, attr_match, attr_match_len); -+ if (!ret) { -+ application_error("called commonInit on key that doesn't " -+ "support required attr"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ for (i = 0; i < mechs_len; i++) -+ if (mechs[i] == pMechanism->mechanism) -+ break; -+ if (i == mechs_len) { -+ application_error("called mech (%08lx) not supported\n", -+ pMechanism->mechanism); -+ return CKR_ARGUMENTS_BAD; -+ } -+ return CKR_OK; -+} -+ -+ -+static CK_RV -+dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism) -+{ -+ CK_MECHANISM_PTR p; -+ -+ p = malloc(sizeof(*p)); -+ if (p == NULL) -+ return CKR_DEVICE_MEMORY; -+ -+ if (*dup) -+ free(*dup); -+ *dup = p; -+ memcpy(p, pMechanism, sizeof(*p)); -+ -+ return CKR_OK; -+} -+ -+ -+CK_RV -+C_EncryptInit(CK_SESSION_HANDLE hSession, -+ CK_MECHANISM_PTR pMechanism, -+ CK_OBJECT_HANDLE hKey) -+{ -+ struct session_state *state; -+ CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 }; -+ CK_BBOOL bool_true = CK_TRUE; -+ CK_ATTRIBUTE attr[] = { -+ { CKA_ENCRYPT, &bool_true, sizeof(bool_true) } -+ }; -+ struct st_object *o; -+ CK_RV ret; -+ -+ st_logf("EncryptInit\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), -+ mechs, sizeof(mechs)/sizeof(mechs[0]), -+ pMechanism, hKey, &o); -+ if (ret) -+ return ret; -+ -+ ret = dup_mechanism(&state->encrypt_mechanism, pMechanism); -+ if (ret == CKR_OK) -+ state->encrypt_object = OBJECT_ID(o); -+ -+ return ret; -+} -+ -+CK_RV -+C_Encrypt(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pData, -+ CK_ULONG ulDataLen, -+ CK_BYTE_PTR pEncryptedData, -+ CK_ULONG_PTR pulEncryptedDataLen) -+{ -+ struct session_state *state; -+ struct st_object *o; -+ void *buffer = NULL; -+ CK_RV ret; -+ RSA *rsa; -+ int padding, len, buffer_len, padding_len; -+ -+ st_logf("Encrypt\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->encrypt_object == -1) -+ return CKR_ARGUMENTS_BAD; -+ -+ o = soft_token.object.objs[state->encrypt_object]; -+ -+ if (o->u.public_key == NULL) { -+ st_logf("public key NULL\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ rsa = o->u.public_key->pkey.rsa; -+ -+ if (rsa == NULL) -+ return CKR_ARGUMENTS_BAD; -+ -+ RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */ -+ -+ buffer_len = RSA_size(rsa); -+ -+ buffer = malloc(buffer_len); -+ if (buffer == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ -+ ret = CKR_OK; -+ switch(state->encrypt_mechanism->mechanism) { -+ case CKM_RSA_PKCS: -+ padding = RSA_PKCS1_PADDING; -+ padding_len = RSA_PKCS1_PADDING_SIZE; -+ break; -+ case CKM_RSA_X_509: -+ padding = RSA_NO_PADDING; -+ padding_len = 0; -+ break; -+ default: -+ ret = CKR_FUNCTION_NOT_SUPPORTED; -+ goto out; -+ } -+ -+ if (buffer_len + padding_len < ulDataLen) { -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pulEncryptedDataLen == NULL) { -+ st_logf("pulEncryptedDataLen NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pData == NULL_PTR) { -+ st_logf("data NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ len = RSA_public_encrypt(ulDataLen, pData, buffer, rsa, padding); -+ if (len <= 0) { -+ ret = CKR_DEVICE_ERROR; -+ goto out; -+ } -+ if (len > buffer_len) -+ abort(); -+ -+ if (pEncryptedData != NULL_PTR) -+ memcpy(pEncryptedData, buffer, len); -+ *pulEncryptedDataLen = len; -+ -+ out: -+ if (buffer) { -+ memset(buffer, 0, buffer_len); -+ free(buffer); -+ } -+ return ret; -+} -+ -+CK_RV -+C_EncryptUpdate(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pPart, -+ CK_ULONG ulPartLen, -+ CK_BYTE_PTR pEncryptedPart, -+ CK_ULONG_PTR pulEncryptedPartLen) -+{ -+ st_logf("EncryptUpdate\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+ -+CK_RV -+C_EncryptFinal(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pLastEncryptedPart, -+ CK_ULONG_PTR pulLastEncryptedPartLen) -+{ -+ st_logf("EncryptFinal\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+ -+/* C_DecryptInit initializes a decryption operation. */ -+CK_RV -+C_DecryptInit(CK_SESSION_HANDLE hSession, -+ CK_MECHANISM_PTR pMechanism, -+ CK_OBJECT_HANDLE hKey) -+{ -+ struct session_state *state; -+ CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 }; -+ CK_BBOOL bool_true = CK_TRUE; -+ CK_ATTRIBUTE attr[] = { -+ { CKA_DECRYPT, &bool_true, sizeof(bool_true) } -+ }; -+ struct st_object *o; -+ CK_RV ret; -+ -+ st_logf("DecryptInit\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), -+ mechs, sizeof(mechs)/sizeof(mechs[0]), -+ pMechanism, hKey, &o); -+ if (ret) -+ return ret; -+ -+ ret = dup_mechanism(&state->decrypt_mechanism, pMechanism); -+ if (ret == CKR_OK) -+ state->decrypt_object = OBJECT_ID(o); -+ -+ return CKR_OK; -+} -+ -+ -+CK_RV -+C_Decrypt(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pEncryptedData, -+ CK_ULONG ulEncryptedDataLen, -+ CK_BYTE_PTR pData, -+ CK_ULONG_PTR pulDataLen) -+{ -+ struct session_state *state; -+ struct st_object *o; -+ void *buffer = NULL; -+ CK_RV ret; -+ RSA *rsa; -+ int padding, len, buffer_len, padding_len; -+ -+ st_logf("Decrypt\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->decrypt_object == -1) -+ return CKR_ARGUMENTS_BAD; -+ -+ o = soft_token.object.objs[state->decrypt_object]; -+ -+ if (o->u.private_key.key == NULL) { -+ st_logf("private key NULL\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ rsa = o->u.private_key.key->pkey.rsa; -+ -+ if (rsa == NULL) -+ return CKR_ARGUMENTS_BAD; -+ -+ RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */ -+ -+ buffer_len = RSA_size(rsa); -+ -+ buffer = malloc(buffer_len); -+ if (buffer == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ -+ ret = CKR_OK; -+ switch(state->decrypt_mechanism->mechanism) { -+ case CKM_RSA_PKCS: -+ padding = RSA_PKCS1_PADDING; -+ padding_len = RSA_PKCS1_PADDING_SIZE; -+ break; -+ case CKM_RSA_X_509: -+ padding = RSA_NO_PADDING; -+ padding_len = 0; -+ break; -+ default: -+ ret = CKR_FUNCTION_NOT_SUPPORTED; -+ goto out; -+ } -+ -+ if (buffer_len + padding_len < ulEncryptedDataLen) { -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pulDataLen == NULL) { -+ st_logf("pulDataLen NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pEncryptedData == NULL_PTR) { -+ st_logf("data NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ len = RSA_private_decrypt(ulEncryptedDataLen, pEncryptedData, buffer, -+ rsa, padding); -+ if (len <= 0) { -+ ret = CKR_DEVICE_ERROR; -+ goto out; -+ } -+ if (len > buffer_len) -+ abort(); -+ -+ if (pData != NULL_PTR) -+ memcpy(pData, buffer, len); -+ *pulDataLen = len; -+ -+ out: -+ if (buffer) { -+ memset(buffer, 0, buffer_len); -+ free(buffer); -+ } -+ return ret; -+} -+ -+ -+CK_RV -+C_DecryptUpdate(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pEncryptedPart, -+ CK_ULONG ulEncryptedPartLen, -+ CK_BYTE_PTR pPart, -+ CK_ULONG_PTR pulPartLen) -+ -+{ -+ st_logf("DecryptUpdate\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+ -+CK_RV -+C_DecryptFinal(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pLastPart, -+ CK_ULONG_PTR pulLastPartLen) -+{ -+ st_logf("DecryptFinal\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_DigestInit(CK_SESSION_HANDLE hSession, -+ CK_MECHANISM_PTR pMechanism) -+{ -+ st_logf("DigestInit\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_SignInit(CK_SESSION_HANDLE hSession, -+ CK_MECHANISM_PTR pMechanism, -+ CK_OBJECT_HANDLE hKey) -+{ -+ struct session_state *state; -+ CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 }; -+ CK_BBOOL bool_true = CK_TRUE; -+ CK_ATTRIBUTE attr[] = { -+ { CKA_SIGN, &bool_true, sizeof(bool_true) } -+ }; -+ struct st_object *o; -+ CK_RV ret; -+ -+ st_logf("SignInit\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), -+ mechs, sizeof(mechs)/sizeof(mechs[0]), -+ pMechanism, hKey, &o); -+ if (ret) -+ return ret; -+ -+ ret = dup_mechanism(&state->sign_mechanism, pMechanism); -+ if (ret == CKR_OK) -+ state->sign_object = OBJECT_ID(o); -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_Sign(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pData, -+ CK_ULONG ulDataLen, -+ CK_BYTE_PTR pSignature, -+ CK_ULONG_PTR pulSignatureLen) -+{ -+ struct session_state *state; -+ struct st_object *o; -+ void *buffer = NULL; -+ CK_RV ret; -+ RSA *rsa; -+ int padding, len, buffer_len, padding_len; -+ -+ st_logf("Sign\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->sign_object == -1) -+ return CKR_ARGUMENTS_BAD; -+ -+ o = soft_token.object.objs[state->sign_object]; -+ -+ if (o->u.private_key.key == NULL) { -+ st_logf("private key NULL\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ rsa = o->u.private_key.key->pkey.rsa; -+ -+ if (rsa == NULL) -+ return CKR_ARGUMENTS_BAD; -+ -+ RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */ -+ -+ buffer_len = RSA_size(rsa); -+ -+ buffer = malloc(buffer_len); -+ if (buffer == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ -+ switch(state->sign_mechanism->mechanism) { -+ case CKM_RSA_PKCS: -+ padding = RSA_PKCS1_PADDING; -+ padding_len = RSA_PKCS1_PADDING_SIZE; -+ break; -+ case CKM_RSA_X_509: -+ padding = RSA_NO_PADDING; -+ padding_len = 0; -+ break; -+ default: -+ ret = CKR_FUNCTION_NOT_SUPPORTED; -+ goto out; -+ } -+ -+ if (buffer_len < ulDataLen + padding_len) { -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pulSignatureLen == NULL) { -+ st_logf("signature len NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pData == NULL_PTR) { -+ st_logf("data NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ len = RSA_private_encrypt(ulDataLen, pData, buffer, rsa, padding); -+ st_logf("private encrypt done\n"); -+ if (len <= 0) { -+ ret = CKR_DEVICE_ERROR; -+ goto out; -+ } -+ if (len > buffer_len) -+ abort(); -+ -+ if (pSignature != NULL_PTR) -+ memcpy(pSignature, buffer, len); -+ *pulSignatureLen = len; -+ -+ ret = CKR_OK; -+ -+ out: -+ if (buffer) { -+ memset(buffer, 0, buffer_len); -+ free(buffer); -+ } -+ return ret; -+} -+ -+CK_RV -+C_SignUpdate(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pPart, -+ CK_ULONG ulPartLen) -+{ -+ st_logf("SignUpdate\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+ -+CK_RV -+C_SignFinal(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pSignature, -+ CK_ULONG_PTR pulSignatureLen) -+{ -+ st_logf("SignUpdate\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_VerifyInit(CK_SESSION_HANDLE hSession, -+ CK_MECHANISM_PTR pMechanism, -+ CK_OBJECT_HANDLE hKey) -+{ -+ struct session_state *state; -+ CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 }; -+ CK_BBOOL bool_true = CK_TRUE; -+ CK_ATTRIBUTE attr[] = { -+ { CKA_VERIFY, &bool_true, sizeof(bool_true) } -+ }; -+ struct st_object *o; -+ CK_RV ret; -+ -+ st_logf("VerifyInit\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), -+ mechs, sizeof(mechs)/sizeof(mechs[0]), -+ pMechanism, hKey, &o); -+ if (ret) -+ return ret; -+ -+ ret = dup_mechanism(&state->verify_mechanism, pMechanism); -+ if (ret == CKR_OK) -+ state->verify_object = OBJECT_ID(o); -+ -+ return ret; -+} -+ -+CK_RV -+C_Verify(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pData, -+ CK_ULONG ulDataLen, -+ CK_BYTE_PTR pSignature, -+ CK_ULONG ulSignatureLen) -+{ -+ struct session_state *state; -+ struct st_object *o; -+ void *buffer = NULL; -+ CK_RV ret; -+ RSA *rsa; -+ int padding, len, buffer_len; -+ -+ st_logf("Verify\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->verify_object == -1) -+ return CKR_ARGUMENTS_BAD; -+ -+ o = soft_token.object.objs[state->verify_object]; -+ -+ if (o->u.public_key == NULL) { -+ st_logf("public key NULL\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ rsa = o->u.public_key->pkey.rsa; -+ -+ if (rsa == NULL) -+ return CKR_ARGUMENTS_BAD; -+ -+ RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */ -+ -+ buffer_len = RSA_size(rsa); -+ -+ buffer = malloc(buffer_len); -+ if (buffer == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ -+ ret = CKR_OK; -+ switch(state->verify_mechanism->mechanism) { -+ case CKM_RSA_PKCS: -+ padding = RSA_PKCS1_PADDING; -+ break; -+ case CKM_RSA_X_509: -+ padding = RSA_NO_PADDING; -+ break; -+ default: -+ ret = CKR_FUNCTION_NOT_SUPPORTED; -+ goto out; -+ } -+ -+ if (buffer_len < ulDataLen) { -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pSignature == NULL) { -+ st_logf("signature NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pData == NULL_PTR) { -+ st_logf("data NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ len = RSA_public_decrypt(ulDataLen, pData, buffer, rsa, padding); -+ st_logf("private encrypt done\n"); -+ if (len <= 0) { -+ ret = CKR_DEVICE_ERROR; -+ goto out; -+ } -+ if (len > buffer_len) -+ abort(); -+ -+ if (len != ulSignatureLen) { -+ ret = CKR_GENERAL_ERROR; -+ goto out; -+ } -+ -+ if (memcmp(pSignature, buffer, len) != 0) { -+ ret = CKR_GENERAL_ERROR; -+ goto out; -+ } -+ -+ out: -+ if (buffer) { -+ memset(buffer, 0, buffer_len); -+ free(buffer); -+ } -+ return ret; -+} -+ -+ -+CK_RV -+C_VerifyUpdate(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pPart, -+ CK_ULONG ulPartLen) -+{ -+ st_logf("VerifyUpdate\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_VerifyFinal(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pSignature, -+ CK_ULONG ulSignatureLen) -+{ -+ st_logf("VerifyFinal\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_GenerateRandom(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR RandomData, -+ CK_ULONG ulRandomLen) -+{ -+ st_logf("GenerateRandom\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+ -+CK_FUNCTION_LIST funcs = { -+ { 2, 11 }, -+ C_Initialize, -+ C_Finalize, -+ C_GetInfo, -+ C_GetFunctionList, -+ C_GetSlotList, -+ C_GetSlotInfo, -+ C_GetTokenInfo, -+ C_GetMechanismList, -+ C_GetMechanismInfo, -+ C_InitToken, -+ (void *)func_not_supported, /* C_InitPIN */ -+ (void *)func_not_supported, /* C_SetPIN */ -+ C_OpenSession, -+ C_CloseSession, -+ C_CloseAllSessions, -+ C_GetSessionInfo, -+ (void *)func_not_supported, /* C_GetOperationState */ -+ (void *)func_not_supported, /* C_SetOperationState */ -+ C_Login, -+ C_Logout, -+ (void *)func_not_supported, /* C_CreateObject */ -+ (void *)func_not_supported, /* C_CopyObject */ -+ (void *)func_not_supported, /* C_DestroyObject */ -+ (void *)func_not_supported, /* C_GetObjectSize */ -+ C_GetAttributeValue, -+ (void *)func_not_supported, /* C_SetAttributeValue */ -+ C_FindObjectsInit, -+ C_FindObjects, -+ C_FindObjectsFinal, -+ C_EncryptInit, -+ C_Encrypt, -+ C_EncryptUpdate, -+ C_EncryptFinal, -+ C_DecryptInit, -+ C_Decrypt, -+ C_DecryptUpdate, -+ C_DecryptFinal, -+ C_DigestInit, -+ (void *)func_not_supported, /* C_Digest */ -+ (void *)func_not_supported, /* C_DigestUpdate */ -+ (void *)func_not_supported, /* C_DigestKey */ -+ (void *)func_not_supported, /* C_DigestFinal */ -+ C_SignInit, -+ C_Sign, -+ C_SignUpdate, -+ C_SignFinal, -+ (void *)func_not_supported, /* C_SignRecoverInit */ -+ (void *)func_not_supported, /* C_SignRecover */ -+ C_VerifyInit, -+ C_Verify, -+ C_VerifyUpdate, -+ C_VerifyFinal, -+ (void *)func_not_supported, /* C_VerifyRecoverInit */ -+ (void *)func_not_supported, /* C_VerifyRecover */ -+ (void *)func_not_supported, /* C_DigestEncryptUpdate */ -+ (void *)func_not_supported, /* C_DecryptDigestUpdate */ -+ (void *)func_not_supported, /* C_SignEncryptUpdate */ -+ (void *)func_not_supported, /* C_DecryptVerifyUpdate */ -+ (void *)func_not_supported, /* C_GenerateKey */ -+ (void *)func_not_supported, /* C_GenerateKeyPair */ -+ (void *)func_not_supported, /* C_WrapKey */ -+ (void *)func_not_supported, /* C_UnwrapKey */ -+ (void *)func_not_supported, /* C_DeriveKey */ -+ (void *)func_not_supported, /* C_SeedRandom */ -+ C_GenerateRandom, -+ (void *)func_not_supported, /* C_GetFunctionStatus */ -+ (void *)func_not_supported, /* C_CancelFunction */ -+ (void *)func_not_supported /* C_WaitForSlotEvent */ -+}; diff --git a/SOURCES/Add-tests-for-KCM-ccache-type.patch b/SOURCES/Add-tests-for-KCM-ccache-type.patch deleted file mode 100644 index f572041..0000000 --- a/SOURCES/Add-tests-for-KCM-ccache-type.patch +++ /dev/null @@ -1,295 +0,0 @@ -From 7ab0bbac058d2b82aa3432759c600b22012f8afe Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Thu, 22 Nov 2018 00:27:35 -0500 -Subject: [PATCH] Add tests for KCM ccache type - -Using a trivial Python implementation of a KCM server, run the -t_ccache.py tests against the KCM ccache type. - -(cherry picked from commit f0bcb86131e385b2603ccf0f3c7d65aa3891b220) -(cherry picked from commit 5ecbe8d3ab4f53c0923a0442273bf18a9ff04fd5) ---- - src/tests/kcmserver.py | 246 +++++++++++++++++++++++++++++++++++++++++ - src/tests/t_ccache.py | 9 +- - 2 files changed, 254 insertions(+), 1 deletion(-) - create mode 100644 src/tests/kcmserver.py - -diff --git a/src/tests/kcmserver.py b/src/tests/kcmserver.py -new file mode 100644 -index 000000000..57432e5a7 ---- /dev/null -+++ b/src/tests/kcmserver.py -@@ -0,0 +1,246 @@ -+# This is a simple KCM test server, used to exercise the KCM ccache -+# client code. It will generally throw an uncaught exception if the -+# client sends anything unexpected, so is unsuitable for production. -+# (It also imposes no namespace or access constraints, and blocks -+# while reading requests and writing responses.) -+ -+# This code knows nothing about how to marshal and unmarshal principal -+# names and credentials as is required in the KCM protocol; instead, -+# it just remembers the marshalled forms and replays them to the -+# client when asked. This works because marshalled creds and -+# principal names are always the last part of marshalled request -+# arguments, and because we don't need to implement remove_cred (which -+# would need to know how to match a cred tag against previously stored -+# credentials). -+ -+# The following code is useful for debugging if anything appears to be -+# going wrong in the server, since daemon output is generally not -+# visible in Python test scripts. -+# -+# import sys, traceback -+# def ehook(etype, value, tb): -+# with open('/tmp/exception', 'w') as f: -+# traceback.print_exception(etype, value, tb, file=f) -+# sys.excepthook = ehook -+ -+import select -+import socket -+import struct -+import sys -+ -+caches = {} -+cache_uuidmap = {} -+defname = b'default' -+next_unique = 1 -+next_uuid = 1 -+ -+class KCMOpcodes(object): -+ GEN_NEW = 3 -+ INITIALIZE = 4 -+ DESTROY = 5 -+ STORE = 6 -+ GET_PRINCIPAL = 8 -+ GET_CRED_UUID_LIST = 9 -+ GET_CRED_BY_UUID = 10 -+ REMOVE_CRED = 11 -+ GET_CACHE_UUID_LIST = 18 -+ GET_CACHE_BY_UUID = 19 -+ GET_DEFAULT_CACHE = 20 -+ SET_DEFAULT_CACHE = 21 -+ GET_KDC_OFFSET = 22 -+ SET_KDC_OFFSET = 23 -+ -+ -+class KRB5Errors(object): -+ KRB5_CC_END = -1765328242 -+ KRB5_CC_NOSUPP = -1765328137 -+ KRB5_FCC_NOFILE = -1765328189 -+ -+ -+def make_uuid(): -+ global next_uuid -+ uuid = bytes(12) + struct.pack('>L', next_uuid) -+ next_uuid = next_uuid + 1 -+ return uuid -+ -+ -+class Cache(object): -+ def __init__(self, name): -+ self.name = name -+ self.princ = None -+ self.uuid = make_uuid() -+ self.cred_uuids = [] -+ self.creds = {} -+ self.time_offset = 0 -+ -+ -+def get_cache(name): -+ if name in caches: -+ return caches[name] -+ cache = Cache(name) -+ caches[name] = cache -+ cache_uuidmap[cache.uuid] = cache -+ return cache -+ -+ -+def unmarshal_name(argbytes): -+ offset = argbytes.find(b'\0') -+ return argbytes[0:offset], argbytes[offset+1:] -+ -+ -+def op_gen_new(argbytes): -+ # Does not actually check for uniqueness. -+ global next_unique -+ name = b'unique' + str(next_unique).encode('ascii') -+ next_unique += 1 -+ return 0, name + b'\0' -+ -+ -+def op_initialize(argbytes): -+ name, princ = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ cache.princ = princ -+ cache.cred_uuids = [] -+ cache.creds = {} -+ cache.time_offset = 0 -+ return 0, b'' -+ -+ -+def op_destroy(argbytes): -+ name, rest = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ del cache_uuidmap[cache.uuid] -+ del caches[name] -+ return 0, b'' -+ -+ -+def op_store(argbytes): -+ name, cred = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ uuid = make_uuid() -+ cache.creds[uuid] = cred -+ cache.cred_uuids.append(uuid) -+ return 0, b'' -+ -+ -+def op_get_principal(argbytes): -+ name, rest = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ if cache.princ is None: -+ return KRB5Errors.KRB5_FCC_NOFILE, b'' -+ return 0, cache.princ + b'\0' -+ -+ -+def op_get_cred_uuid_list(argbytes): -+ name, rest = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ return 0, b''.join(cache.cred_uuids) -+ -+ -+def op_get_cred_by_uuid(argbytes): -+ name, uuid = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ if uuid not in cache.creds: -+ return KRB5Errors.KRB5_CC_END, b'' -+ return 0, cache.creds[uuid] -+ -+ -+def op_remove_cred(argbytes): -+ return KRB5Errors.KRB5_CC_NOSUPP, b'' -+ -+ -+def op_get_cache_uuid_list(argbytes): -+ return 0, b''.join(cache_uuidmap.keys()) -+ -+ -+def op_get_cache_by_uuid(argbytes): -+ uuid = argbytes -+ if uuid not in cache_uuidmap: -+ return KRB5Errors.KRB5_CC_END, b'' -+ return 0, cache_uuidmap[uuid].name + b'\0' -+ -+ -+def op_get_default_cache(argbytes): -+ return 0, defname + b'\0' -+ -+ -+def op_set_default_cache(argbytes): -+ global defname -+ defname, rest = unmarshal_name(argbytes) -+ return 0, b'' -+ -+ -+def op_get_kdc_offset(argbytes): -+ name, rest = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ return 0, struct.pack('>l', cache.time_offset) -+ -+ -+def op_set_kdc_offset(argbytes): -+ name, obytes = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ cache.time_offset, = struct.unpack('>l', obytes) -+ return 0, b'' -+ -+ -+ophandlers = { -+ KCMOpcodes.GEN_NEW : op_gen_new, -+ KCMOpcodes.INITIALIZE : op_initialize, -+ KCMOpcodes.DESTROY : op_destroy, -+ KCMOpcodes.STORE : op_store, -+ KCMOpcodes.GET_PRINCIPAL : op_get_principal, -+ KCMOpcodes.GET_CRED_UUID_LIST : op_get_cred_uuid_list, -+ KCMOpcodes.GET_CRED_BY_UUID : op_get_cred_by_uuid, -+ KCMOpcodes.REMOVE_CRED : op_remove_cred, -+ KCMOpcodes.GET_CACHE_UUID_LIST : op_get_cache_uuid_list, -+ KCMOpcodes.GET_CACHE_BY_UUID : op_get_cache_by_uuid, -+ KCMOpcodes.GET_DEFAULT_CACHE : op_get_default_cache, -+ KCMOpcodes.SET_DEFAULT_CACHE : op_set_default_cache, -+ KCMOpcodes.GET_KDC_OFFSET : op_get_kdc_offset, -+ KCMOpcodes.SET_KDC_OFFSET : op_set_kdc_offset -+} -+ -+# Read and respond to a request from the socket s. -+def service_request(s): -+ lenbytes = b'' -+ while len(lenbytes) < 4: -+ lenbytes += s.recv(4 - len(lenbytes)) -+ if lenbytes == b'': -+ return False -+ -+ reqlen, = struct.unpack('>L', lenbytes) -+ req = b'' -+ while len(req) < reqlen: -+ req += s.recv(reqlen - len(req)) -+ -+ majver, minver, op = struct.unpack('>BBH', req[:4]) -+ argbytes = req[4:] -+ code, payload = ophandlers[op](argbytes) -+ -+ # The KCM response is the code (4 bytes) and the response payload. -+ # The Heimdal IPC response is the length of the KCM response (4 -+ # bytes), a status code which is essentially always 0 (4 bytes), -+ # and the KCM response. -+ kcm_response = struct.pack('>l', code) + payload -+ hipc_response = struct.pack('>LL', len(kcm_response), 0) + kcm_response -+ s.sendall(hipc_response) -+ return True -+ -+ -+server = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) -+server.bind(sys.argv[1]) -+server.listen(5) -+select_input = [server,] -+sys.stderr.write('starting...\n') -+sys.stderr.flush() -+ -+while True: -+ iready, oready, xready = select.select(select_input, [], []) -+ for s in iready: -+ if s == server: -+ client, addr = server.accept() -+ select_input.append(client) -+ else: -+ if not service_request(s): -+ select_input.remove(s) -+ s.close() -diff --git a/src/tests/t_ccache.py b/src/tests/t_ccache.py -index fcf1a611e..66804afa5 100755 ---- a/src/tests/t_ccache.py -+++ b/src/tests/t_ccache.py -@@ -22,7 +22,10 @@ - - from k5test import * - --realm = K5Realm(create_host=False) -+kcm_socket_path = os.path.join(os.getcwd(), 'testdir', 'kcm') -+conf = {'libdefaults': {'kcm_socket': kcm_socket_path, -+ 'kcm_mach_service': '-'}} -+realm = K5Realm(create_host=False, krb5_conf=conf) - - keyctl = which('keyctl') - out = realm.run([klist, '-c', 'KEYRING:process:abcd'], expected_code=1) -@@ -122,6 +125,10 @@ def collection_test(realm, ccname): - - - collection_test(realm, 'DIR:' + os.path.join(realm.testdir, 'cc')) -+kcmserver_path = os.path.join(srctop, 'tests', 'kcmserver.py') -+realm.start_server([sys.executable, kcmserver_path, kcm_socket_path], -+ 'starting...') -+collection_test(realm, 'KCM:') - if test_keyring: - def cleanup_keyring(anchor, name): - out = realm.run(['keyctl', 'list', anchor]) diff --git a/SOURCES/Address-some-optimized-out-memset-calls.patch b/SOURCES/Address-some-optimized-out-memset-calls.patch deleted file mode 100644 index 372e527..0000000 --- a/SOURCES/Address-some-optimized-out-memset-calls.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 722247aa6201d18a7ee69c4a9a05315226fe6383 Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Sun, 30 Dec 2018 16:40:28 -0500 -Subject: [PATCH] Address some optimized-out memset() calls - -Ilja Van Sprundel reported a list of memset() calls which gcc -optimizes out. In krb_auth_su.c, use zap() to clear the password, and -remove two memset() calls when there is no password to clear. In -iakerb.c, remove an unnecessary memset() before setting the only two -fields of the IAKERB header structure. In svr_principal.c, use -krb5_free_key_keyblock_contents() instead of hand-freeing key data. -In asn1_k_encode.c, remove an unnecessary memset() of the kdc_req_hack -shell before returning. - -(cherry picked from commit 1057b0befec1f1c0e9d4da5521a58496e2dc0997) -(cherry picked from commit 1dfff7202448a950c9133cdfe43d650092d930fd) ---- - src/clients/ksu/krb_auth_su.c | 4 +--- - src/lib/gssapi/krb5/iakerb.c | 1 - - src/lib/kadm5/srv/svr_principal.c | 10 ++-------- - src/lib/krb5/asn.1/asn1_k_encode.c | 1 - - 4 files changed, 3 insertions(+), 13 deletions(-) - -diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c -index 7af48195c..e39685fff 100644 ---- a/src/clients/ksu/krb_auth_su.c -+++ b/src/clients/ksu/krb_auth_su.c -@@ -183,21 +183,19 @@ krb5_boolean ksu_get_tgt_via_passwd(context, client, options, zero_password, - if (code ) { - com_err(prog_name, code, _("while reading password for '%s'\n"), - client_name); -- memset(password, 0, sizeof(password)); - return (FALSE); - } - - if ( pwsize == 0) { - fprintf(stderr, _("No password given\n")); - *zero_password = TRUE; -- memset(password, 0, sizeof(password)); - return (FALSE); - } - - code = krb5_get_init_creds_password(context, &creds, client, password, - krb5_prompter_posix, NULL, 0, NULL, - options); -- memset(password, 0, sizeof(password)); -+ zap(password, sizeof(password)); - - - if (code) { -diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c -index bb1072fe4..47c161ec9 100644 ---- a/src/lib/gssapi/krb5/iakerb.c -+++ b/src/lib/gssapi/krb5/iakerb.c -@@ -262,7 +262,6 @@ iakerb_make_token(iakerb_ctx_id_t ctx, - /* - * Assemble the IAKERB-HEADER from the realm and cookie - */ -- memset(&iah, 0, sizeof(iah)); - iah.target_realm = *realm; - iah.cookie = cookie; - -diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c -index 21c53ece1..9ab2c5a74 100644 ---- a/src/lib/kadm5/srv/svr_principal.c -+++ b/src/lib/kadm5/srv/svr_principal.c -@@ -2093,14 +2093,8 @@ static int decrypt_key_data(krb5_context context, - ret = krb5_dbe_decrypt_key_data(context, NULL, &key_data[i], &keys[i], - NULL); - if (ret) { -- for (; i >= 0; i--) { -- if (keys[i].contents) { -- memset (keys[i].contents, 0, keys[i].length); -- free( keys[i].contents ); -- } -- } -- -- memset(keys, 0, n_key_data*sizeof(krb5_keyblock)); -+ for (; i >= 0; i--) -+ krb5_free_keyblock_contents(context, &keys[i]); - free(keys); - return ret; - } -diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c -index 65c84be2f..81a34bac9 100644 ---- a/src/lib/krb5/asn.1/asn1_k_encode.c -+++ b/src/lib/krb5/asn.1/asn1_k_encode.c -@@ -528,7 +528,6 @@ decode_kdc_req_body(const taginfo *t, const uint8_t *asn1, size_t len, - if (ret) { - free_kdc_req_body(b); - free(h.server_realm.data); -- memset(&h, 0, sizeof(h)); - return ret; - } - b->server->realm = h.server_realm; diff --git a/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch b/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch new file mode 100644 index 0000000..f728c1c --- /dev/null +++ b/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch @@ -0,0 +1,242 @@ +From b4dba5a4c16b2585c38445e3067b5e3399f38a10 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Mon, 24 Feb 2020 15:58:59 -0500 +Subject: [PATCH] Allow certauth modules to set hw-authent flag + +In PKINIT, if a certauth module returns KRB5_CERTAUTH_HWAUTH from its +authorize method, set the hw-authent flag in the ticket. + +ticket: 8879 (new) +(cherry picked from commit 50fb43b4a2d97ce2cd53e1ced30e8e8224fede70) +(cherry picked from commit d23b2ed4f06fa77cd021814834dd1391ef6f452f) +--- + doc/plugindev/certauth.rst | 7 +++++-- + src/include/krb5/certauth_plugin.h | 9 ++++++--- + src/lib/krb5/error_tables/k5e1_err.et | 1 + + src/plugins/certauth/test/Makefile.in | 4 ++-- + src/plugins/certauth/test/main.c | 11 +++++++++-- + src/plugins/preauth/pkinit/pkinit_srv.c | 24 ++++++++++++++++-------- + src/tests/t_certauth.py | 13 +++++++++++++ + 7 files changed, 52 insertions(+), 17 deletions(-) + +diff --git a/doc/plugindev/certauth.rst b/doc/plugindev/certauth.rst +index 8a7f7c5eb..3b715f738 100644 +--- a/doc/plugindev/certauth.rst ++++ b/doc/plugindev/certauth.rst +@@ -15,8 +15,11 @@ principal. **authorize** receives the DER-encoded certificate, the + requested client principal, and a pointer to the client's + krb5_db_entry (for modules that link against libkdb5). It returns the + authorization status and optionally outputs a list of authentication +-indicator strings to be added to the ticket. A module must use its +-own internal or library-provided ASN.1 certificate decoder. ++indicator strings to be added to the ticket. Beginning in release ++1.19, the authorize method can request that the hardware ++authentication bit be set in the ticket by returning ++**KRB5_CERTAUTH_HWAUTH**. A module must use its own internal or ++library-provided ASN.1 certificate decoder. + + A module can optionally create and destroy module data with the + **init** and **fini** methods. Module data objects last for the +diff --git a/src/include/krb5/certauth_plugin.h b/src/include/krb5/certauth_plugin.h +index 3074790f8..3466cf345 100644 +--- a/src/include/krb5/certauth_plugin.h ++++ b/src/include/krb5/certauth_plugin.h +@@ -85,14 +85,17 @@ typedef void + (*krb5_certauth_fini_fn)(krb5_context context, krb5_certauth_moddata moddata); + + /* +- * Mandatory: +- * Return 0 if the DER-encoded cert is authorized for PKINIT authentication by +- * princ; otherwise return one of the following error codes: ++ * Mandatory: return 0 or KRB5_CERTAUTH_HWAUTH if the DER-encoded cert is ++ * authorized for PKINIT authentication by princ; otherwise return one of the ++ * following error codes: + * - KRB5KDC_ERR_CLIENT_NAME_MISMATCH - incorrect SAN value + * - KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE - incorrect EKU + * - KRB5KDC_ERR_CERTIFICATE_MISMATCH - other extension error + * - KRB5_PLUGIN_NO_HANDLE - the module has no opinion about cert + * ++ * Returning KRB5_CERTAUTH_HWAUTH will cause the hw-authent flag to be set in ++ * the issued ticket (new in release 1.19). ++ * + * - opts is used by built-in modules to receive internal data, and must be + * ignored by other modules. + * - db_entry receives the client principal database entry, and can be ignored +diff --git a/src/lib/krb5/error_tables/k5e1_err.et b/src/lib/krb5/error_tables/k5e1_err.et +index ade5caecf..abd9f3bfe 100644 +--- a/src/lib/krb5/error_tables/k5e1_err.et ++++ b/src/lib/krb5/error_tables/k5e1_err.et +@@ -42,4 +42,5 @@ error_code KRB5_KCM_MALFORMED_REPLY, "Malformed reply from KCM daemon" + error_code KRB5_KCM_RPC_ERROR, "Mach RPC error communicating with KCM daemon" + error_code KRB5_KCM_REPLY_TOO_BIG, "KCM daemon reply too big" + error_code KRB5_KCM_NO_SERVER, "No KCM server found" ++error_code KRB5_CERTAUTH_HWAUTH, "Authorize and set hw-authent ticket flag" + end +diff --git a/src/plugins/certauth/test/Makefile.in b/src/plugins/certauth/test/Makefile.in +index d3524084c..e94c13845 100644 +--- a/src/plugins/certauth/test/Makefile.in ++++ b/src/plugins/certauth/test/Makefile.in +@@ -5,8 +5,8 @@ LIBBASE=certauth_test + LIBMAJOR=0 + LIBMINOR=0 + RELDIR=../plugins/certauth/test +-SHLIB_EXPDEPS=$(KRB5_BASE_DEPLIBS) +-SHLIB_EXPLIBS=$(KRB5_BASE_LIBS) ++SHLIB_EXPDEPS=$(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS) ++SHLIB_EXPLIBS=$(KDB5_LIBS) $(KRB5_BASE_LIBS) + + STLIBOBJS=main.o + +diff --git a/src/plugins/certauth/test/main.c b/src/plugins/certauth/test/main.c +index 77641230c..d4633b8cd 100644 +--- a/src/plugins/certauth/test/main.c ++++ b/src/plugins/certauth/test/main.c +@@ -31,6 +31,7 @@ + */ + + #include ++#include + #include "krb5/certauth_plugin.h" + + struct krb5_certauth_moddata_st { +@@ -131,7 +132,8 @@ has_cn(krb5_context context, const uint8_t *cert, size_t cert_len, + + /* + * Test module 2 returns OK if princ matches the CN part of the subject name, +- * and returns indicators of the module name and princ. ++ * and returns indicators of the module name and princ. If the "hwauth" string ++ * attribute is set on db_entry, it returns KRB5_CERTAUTH_HWAUTH. + */ + static krb5_error_code + test2_authorize(krb5_context context, krb5_certauth_moddata moddata, +@@ -141,7 +143,7 @@ test2_authorize(krb5_context context, krb5_certauth_moddata moddata, + char ***authinds_out) + { + krb5_error_code ret; +- char *name = NULL, **ais = NULL; ++ char *name = NULL, *strval = NULL, **ais = NULL; + + *authinds_out = NULL; + +@@ -167,6 +169,11 @@ test2_authorize(krb5_context context, krb5_certauth_moddata moddata, + + ais = NULL; + ++ ret = krb5_dbe_get_string(context, (krb5_db_entry *)db_entry, "hwauth", ++ &strval); ++ ret = (strval != NULL) ? KRB5_CERTAUTH_HWAUTH : 0; ++ krb5_dbe_free_string(context, strval); ++ + cleanup: + krb5_free_unparsed_name(context, name); + return ret; +diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c +index feca11806..3ae56c064 100644 +--- a/src/plugins/preauth/pkinit/pkinit_srv.c ++++ b/src/plugins/preauth/pkinit/pkinit_srv.c +@@ -320,12 +320,12 @@ static krb5_error_code + authorize_cert(krb5_context context, certauth_handle *certauth_modules, + pkinit_kdc_context plgctx, pkinit_kdc_req_context reqctx, + krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, +- krb5_principal client) ++ krb5_principal client, krb5_boolean *hwauth_out) + { + krb5_error_code ret; + certauth_handle h; + struct certauth_req_opts opts; +- krb5_boolean accepted = FALSE; ++ krb5_boolean accepted = FALSE, hwauth = FALSE; + uint8_t *cert; + size_t i, cert_len; + void *db_ent = NULL; +@@ -347,9 +347,10 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules, + + /* + * Check the certificate against each certauth module. For the certificate +- * to be authorized at least one module must return 0, and no module can an +- * error code other than KRB5_PLUGIN_NO_HANDLE (pass). Add indicators from +- * modules that return 0 or pass. ++ * to be authorized at least one module must return 0 or ++ * KRB5_CERTAUTH_HWAUTH, and no module can return an error code other than ++ * KRB5_PLUGIN_NO_HANDLE (pass). Add indicators from modules that return 0 ++ * or pass. + */ + ret = KRB5_PLUGIN_NO_HANDLE; + for (i = 0; certauth_modules != NULL && certauth_modules[i] != NULL; i++) { +@@ -359,6 +360,8 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules, + &opts, db_ent, &ais); + if (ret == 0) + accepted = TRUE; ++ else if (ret == KRB5_CERTAUTH_HWAUTH) ++ accepted = hwauth = TRUE; + else if (ret != KRB5_PLUGIN_NO_HANDLE) + goto cleanup; + +@@ -374,6 +377,7 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules, + } + } + ++ *hwauth_out = hwauth; + ret = accepted ? 0 : KRB5KDC_ERR_CLIENT_NAME_MISMATCH; + + cleanup: +@@ -430,7 +434,7 @@ pkinit_server_verify_padata(krb5_context context, + int is_signed = 1; + krb5_pa_data **e_data = NULL; + krb5_kdcpreauth_modreq modreq = NULL; +- krb5_boolean valid_freshness_token = FALSE; ++ krb5_boolean valid_freshness_token = FALSE, hwauth = FALSE; + char **sp; + + pkiDebug("pkinit_verify_padata: entered!\n"); +@@ -494,7 +498,7 @@ pkinit_server_verify_padata(krb5_context context, + } + if (is_signed) { + retval = authorize_cert(context, moddata->certauth_modules, plgctx, +- reqctx, cb, rock, request->client); ++ reqctx, cb, rock, request->client, &hwauth); + if (retval) + goto cleanup; + +@@ -613,6 +617,8 @@ pkinit_server_verify_padata(krb5_context context, + + /* remember to set the PREAUTH flag in the reply */ + enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; ++ if (hwauth) ++ enc_tkt_reply->flags |= TKT_FLG_HW_AUTH; + modreq = (krb5_kdcpreauth_modreq)reqctx; + reqctx = NULL; + +@@ -1044,7 +1050,9 @@ pkinit_server_get_flags(krb5_context kcontext, krb5_preauthtype patype) + { + if (patype == KRB5_PADATA_PKINIT_KX) + return PA_INFO; +- return PA_SUFFICIENT | PA_REPLACES_KEY | PA_TYPED_E_DATA; ++ /* PKINIT does not normally set the hw-authent ticket flag, but a ++ * certauth module can cause it to do so. */ ++ return PA_SUFFICIENT | PA_REPLACES_KEY | PA_TYPED_E_DATA | PA_HARDWARE; + } + + static krb5_preauthtype supported_server_pa_types[] = { +diff --git a/src/tests/t_certauth.py b/src/tests/t_certauth.py +index 9c7094525..0fe0fdb4a 100644 +--- a/src/tests/t_certauth.py ++++ b/src/tests/t_certauth.py +@@ -43,4 +43,17 @@ out = realm.kinit("user2@KRBTEST.COM", + expected_code=1, + expected_msg='kinit: Certificate mismatch') + ++# Test the KRB5_CERTAUTH_HWAUTH return code. ++mark('hw-authent flag tests') ++# First test +requires_hwauth without causing the hw-authent ticket ++# flag to be set. This currently results in a preauth loop. ++realm.run([kadminl, 'modprinc', '+requires_hwauth', realm.user_princ]) ++realm.kinit(realm.user_princ, ++ flags=['-X', 'X509_user_identity=%s' % file_identity], ++ expected_code=1, expected_msg='Looping detected') ++# Cause the test2 module to return KRB5_CERTAUTH_HWAUTH and try again. ++realm.run([kadminl, 'setstr', realm.user_princ, 'hwauth', 'x']) ++realm.kinit(realm.user_princ, ++ flags=['-X', 'X509_user_identity=%s' % file_identity]) ++ + success("certauth tests") diff --git a/SOURCES/Avoid-alignment-warnings-in-openssl-rc4.c.patch b/SOURCES/Avoid-alignment-warnings-in-openssl-rc4.c.patch deleted file mode 100644 index e684c88..0000000 --- a/SOURCES/Avoid-alignment-warnings-in-openssl-rc4.c.patch +++ /dev/null @@ -1,63 +0,0 @@ -From e22f3e2439903aa05321ca339be6a12067b2c4db Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Mon, 6 May 2019 15:14:49 -0400 -Subject: [PATCH] Avoid alignment warnings in openssl rc4.c - -Add a comment to k5_arcfour_init_state() explaining how we stretch the -krb5_data cipher state contract. Use void * casts when interpreting -the data pointer to avoid alignment warnings. - -[ghudson@mit.edu: moved and expanded comment; rewrote commit message] - -(cherry picked from commit 1cd41d76c12fc1cea0a8bf0d6a40f34623c60d6d) ---- - src/lib/crypto/openssl/enc_provider/rc4.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c -index 7f3c086ed..a65d57b7a 100644 ---- a/src/lib/crypto/openssl/enc_provider/rc4.c -+++ b/src/lib/crypto/openssl/enc_provider/rc4.c -@@ -57,7 +57,7 @@ struct arcfour_state { - - /* In-place IOV crypto */ - static krb5_error_code --k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data, -+k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, - size_t num_data) - { - size_t i; -@@ -66,7 +66,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx = NULL; - struct arcfour_state *arcstate; - -- arcstate = (state != NULL) ? (struct arcfour_state *) state->data : NULL; -+ arcstate = (state != NULL) ? (void *)state->data : NULL; - if (arcstate != NULL) { - ctx = arcstate->ctx; - if (arcstate->loopback != arcstate) -@@ -113,7 +113,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data, - static void - k5_arcfour_free_state(krb5_data *state) - { -- struct arcfour_state *arcstate = (struct arcfour_state *) state->data; -+ struct arcfour_state *arcstate = (void *)state->data; - - EVP_CIPHER_CTX_free(arcstate->ctx); - free(arcstate); -@@ -125,6 +125,15 @@ k5_arcfour_init_state(const krb5_keyblock *key, - { - struct arcfour_state *arcstate; - -+ /* -+ * The cipher state here is a saved pointer to a struct arcfour_state -+ * object, rather than a flat byte array as in most enc providers. The -+ * object includes a loopback pointer to detect if if the caller made a -+ * copy of the krb5_data value or otherwise assumed it was a simple byte -+ * array. When we cast the data pointer back, we need to go through void * -+ * to avoid increased alignment warnings. -+ */ -+ - /* Create a state structure with an uninitialized context. */ - arcstate = calloc(1, sizeof(*arcstate)); - if (arcstate == NULL) diff --git a/SOURCES/Correctly-import-service-GSS-host-based-name.patch b/SOURCES/Correctly-import-service-GSS-host-based-name.patch new file mode 100644 index 0000000..5c03863 --- /dev/null +++ b/SOURCES/Correctly-import-service-GSS-host-based-name.patch @@ -0,0 +1,53 @@ +From abcbd3d12b0c92aa37384627edb6e1e6fad9b47a Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Mon, 30 Mar 2020 15:26:02 -0400 +Subject: [PATCH] Correctly import "service@" GSS host-based name + +The intended way to specify only a service in a GSS host-based name is +to omit the "@" separator. Some applications include the separator +but no hostname, and this happened to yield wildcard hostname behavior +prior to commit 996353767fe8afa7f67a3b5b465e4d70e18bad7c when +shortname qualification was added. To restore this behavior, check in +parse_hostbased() that at least one character is present after the "@" +separator before copying the hostname. Add a test case to t_gssapi.py. + +ticket: 8892 +tags: pullup +target_version: 1.18-next + +(cherry picked from commit a2f047af0400ba8080dc26033fae2b17534501e2) +(cherry picked from commit dd4364d76925ce1fe21c2ab995554d6af3a2ea12) +--- + src/lib/gssapi/krb5/import_name.c | 4 ++-- + src/tests/gssapi/t_gssapi.py | 3 +++ + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c +index da2ab1423..21023dd76 100644 +--- a/src/lib/gssapi/krb5/import_name.c ++++ b/src/lib/gssapi/krb5/import_name.c +@@ -102,8 +102,8 @@ parse_hostbased(const char *str, size_t len, + memcpy(service, str, servicelen); + service[servicelen] = '\0'; + +- /* If present, copy the hostname. */ +- if (at != NULL) { ++ /* Copy the hostname if present (at least one character after '@'). */ ++ if (len - servicelen > 1) { + hostlen = len - servicelen - 1; + host = malloc(hostlen + 1); + if (host == NULL) { +diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py +index 54d5cf549..ecf982604 100755 +--- a/src/tests/gssapi/t_gssapi.py ++++ b/src/tests/gssapi/t_gssapi.py +@@ -47,6 +47,9 @@ realm.run(['./t_accname', 'p:service2/calvin', 'h:service2'], + expected_msg='service2/calvin') + realm.run(['./t_accname', 'p:service2/calvin', 'h:service1'], expected_code=1, + expected_msg=' found in keytab but does not match server principal') ++# Regression test for #8892 (trailing @ in name). ++realm.run(['./t_accname', 'p:service1/andrew', 'h:service1@'], ++ expected_msg='service1/abraham') + + # Test with acceptor name containing service and host. Use the + # client's un-canonicalized hostname as acceptor input to mirror what diff --git a/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch b/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch new file mode 100644 index 0000000..d4cb2c4 --- /dev/null +++ b/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch @@ -0,0 +1,426 @@ +From 640ba4fe0c5d7423431d649f8e5e6ac72341f4ab Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 28 Feb 2020 10:11:49 +0100 +Subject: [PATCH] Do expiration warnings for all init_creds APIs + +Move the password expiration warning code from gic_pwd.c to +get_in_tkt.c. Call it from init_creds_step_reply() on successful +completion. + +[ghudson@mit.edu: added test case; simplified doc comment; moved call +site to init_creds_step_reply(); rewrote commit message] + +ticket: 8893 (new) +(cherry picked from commit e1efb890f7ac31b32c68ab816ef118dbfb5a8c7e) +(cherry picked from commit c136cfe050d203c910624573a33247fde2889b09) +--- + src/include/krb5/krb5.hin | 9 ++- + src/lib/krb5/krb/get_in_tkt.c | 112 ++++++++++++++++++++++++++++++ + src/lib/krb5/krb/gic_pwd.c | 110 ----------------------------- + src/lib/krb5/krb/t_expire_warn.c | 47 +++++++++---- + src/lib/krb5/krb/t_expire_warn.py | 22 ++++-- + 5 files changed, 165 insertions(+), 135 deletions(-) + +diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin +index 6355e6540..f8269fb17 100644 +--- a/src/include/krb5/krb5.hin ++++ b/src/include/krb5/krb5.hin +@@ -7174,11 +7174,10 @@ typedef void + * + * Set a callback to receive password and account expiration times. + * +- * This option only applies to krb5_get_init_creds_password(). @a cb will be +- * invoked if and only if credentials are successfully acquired. The callback +- * will receive the @a context from the krb5_get_init_creds_password() call and +- * the @a data argument supplied with this API. The remaining arguments should +- * be interpreted as follows: ++ * @a cb will be invoked if and only if credentials are successfully acquired. ++ * The callback will receive the @a context from the calling function and the ++ * @a data argument supplied with this API. The remaining arguments should be ++ * interpreted as follows: + * + * If @a is_last_req is true, then the KDC reply contained last-req entries + * which unambiguously indicated the password expiration, account expiration, +diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c +index 870df62a1..cc0f70e83 100644 +--- a/src/lib/krb5/krb/get_in_tkt.c ++++ b/src/lib/krb5/krb/get_in_tkt.c +@@ -1482,6 +1482,116 @@ accept_method_data(krb5_context context, krb5_init_creds_context ctx) + ctx->method_padata); + } + ++/* Return the password expiry time indicated by enc_part2. Set *is_last_req ++ * if the information came from a last_req value. */ ++static void ++get_expiry_times(krb5_enc_kdc_rep_part *enc_part2, krb5_timestamp *pw_exp, ++ krb5_timestamp *acct_exp, krb5_boolean *is_last_req) ++{ ++ krb5_last_req_entry **last_req; ++ krb5_int32 lr_type; ++ ++ *pw_exp = 0; ++ *acct_exp = 0; ++ *is_last_req = FALSE; ++ ++ /* Look for last-req entries for password or account expiration. */ ++ if (enc_part2->last_req) { ++ for (last_req = enc_part2->last_req; *last_req; last_req++) { ++ lr_type = (*last_req)->lr_type; ++ if (lr_type == KRB5_LRQ_ALL_PW_EXPTIME || ++ lr_type == KRB5_LRQ_ONE_PW_EXPTIME) { ++ *is_last_req = TRUE; ++ *pw_exp = (*last_req)->value; ++ } else if (lr_type == KRB5_LRQ_ALL_ACCT_EXPTIME || ++ lr_type == KRB5_LRQ_ONE_ACCT_EXPTIME) { ++ *is_last_req = TRUE; ++ *acct_exp = (*last_req)->value; ++ } ++ } ++ } ++ ++ /* If we didn't find any, use the ambiguous key_exp field. */ ++ if (*is_last_req == FALSE) ++ *pw_exp = enc_part2->key_exp; ++} ++ ++/* ++ * Send an appropriate warning prompter if as_reply indicates that the password ++ * is going to expire soon. If an expire callback was provided, use that ++ * instead. ++ */ ++static void ++warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options, ++ krb5_prompter_fct prompter, void *data, ++ const char *in_tkt_service, krb5_kdc_rep *as_reply) ++{ ++ krb5_error_code ret; ++ krb5_expire_callback_func expire_cb; ++ void *expire_data; ++ krb5_timestamp pw_exp, acct_exp, now; ++ krb5_boolean is_last_req; ++ krb5_deltat delta; ++ char ts[256], banner[1024]; ++ ++ if (as_reply == NULL || as_reply->enc_part2 == NULL) ++ return; ++ ++ get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req); ++ ++ k5_gic_opt_get_expire_cb(options, &expire_cb, &expire_data); ++ if (expire_cb != NULL) { ++ /* Invoke the expire callback and don't send prompter warnings. */ ++ (*expire_cb)(context, expire_data, pw_exp, acct_exp, is_last_req); ++ return; ++ } ++ ++ /* Don't warn if no password expiry value was sent. */ ++ if (pw_exp == 0) ++ return; ++ ++ /* Don't warn if the password is being changed. */ ++ if (in_tkt_service && strcmp(in_tkt_service, "kadmin/changepw") == 0) ++ return; ++ ++ /* ++ * If the expiry time came from a last_req field, assume the KDC wants us ++ * to warn. Otherwise, warn only if the expiry time is less than a week ++ * from now. ++ */ ++ ret = krb5_timeofday(context, &now); ++ if (ret != 0) ++ return; ++ if (!is_last_req && ++ (ts_after(now, pw_exp) || ts_delta(pw_exp, now) > 7 * 24 * 60 * 60)) ++ return; ++ ++ if (!prompter) ++ return; ++ ++ ret = krb5_timestamp_to_string(pw_exp, ts, sizeof(ts)); ++ if (ret != 0) ++ return; ++ ++ delta = ts_delta(pw_exp, now); ++ if (delta < 3600) { ++ snprintf(banner, sizeof(banner), ++ _("Warning: Your password will expire in less than one hour " ++ "on %s"), ts); ++ } else if (delta < 86400 * 2) { ++ snprintf(banner, sizeof(banner), ++ _("Warning: Your password will expire in %d hour%s on %s"), ++ delta / 3600, delta < 7200 ? "" : "s", ts); ++ } else { ++ snprintf(banner, sizeof(banner), ++ _("Warning: Your password will expire in %d days on %s"), ++ delta / 86400, ts); ++ } ++ ++ /* PROMPTER_INVOCATION */ ++ (*prompter)(context, data, 0, banner, 0, 0); ++} ++ + static krb5_error_code + init_creds_step_reply(krb5_context context, + krb5_init_creds_context ctx, +@@ -1693,6 +1803,8 @@ init_creds_step_reply(krb5_context context, + + /* success */ + ctx->complete = TRUE; ++ warn_pw_expiry(context, ctx->opt, ctx->prompter, ctx->prompter_data, ++ ctx->in_tkt_service, ctx->reply); + + cleanup: + krb5_free_pa_data(context, kdc_padata); +diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c +index 14ce23ba4..54e0a8ebe 100644 +--- a/src/lib/krb5/krb/gic_pwd.c ++++ b/src/lib/krb5/krb/gic_pwd.c +@@ -133,113 +133,6 @@ krb5_init_creds_set_password(krb5_context context, + return 0; + } + +-/* Return the password expiry time indicated by enc_part2. Set *is_last_req +- * if the information came from a last_req value. */ +-static void +-get_expiry_times(krb5_enc_kdc_rep_part *enc_part2, krb5_timestamp *pw_exp, +- krb5_timestamp *acct_exp, krb5_boolean *is_last_req) +-{ +- krb5_last_req_entry **last_req; +- krb5_int32 lr_type; +- +- *pw_exp = 0; +- *acct_exp = 0; +- *is_last_req = FALSE; +- +- /* Look for last-req entries for password or account expiration. */ +- if (enc_part2->last_req) { +- for (last_req = enc_part2->last_req; *last_req; last_req++) { +- lr_type = (*last_req)->lr_type; +- if (lr_type == KRB5_LRQ_ALL_PW_EXPTIME || +- lr_type == KRB5_LRQ_ONE_PW_EXPTIME) { +- *is_last_req = TRUE; +- *pw_exp = (*last_req)->value; +- } else if (lr_type == KRB5_LRQ_ALL_ACCT_EXPTIME || +- lr_type == KRB5_LRQ_ONE_ACCT_EXPTIME) { +- *is_last_req = TRUE; +- *acct_exp = (*last_req)->value; +- } +- } +- } +- +- /* If we didn't find any, use the ambiguous key_exp field. */ +- if (*is_last_req == FALSE) +- *pw_exp = enc_part2->key_exp; +-} +- +-/* +- * Send an appropriate warning prompter if as_reply indicates that the password +- * is going to expire soon. If an expire callback was provided, use that +- * instead. +- */ +-static void +-warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options, +- krb5_prompter_fct prompter, void *data, +- const char *in_tkt_service, krb5_kdc_rep *as_reply) +-{ +- krb5_error_code ret; +- krb5_expire_callback_func expire_cb; +- void *expire_data; +- krb5_timestamp pw_exp, acct_exp, now; +- krb5_boolean is_last_req; +- krb5_deltat delta; +- char ts[256], banner[1024]; +- +- get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req); +- +- k5_gic_opt_get_expire_cb(options, &expire_cb, &expire_data); +- if (expire_cb != NULL) { +- /* Invoke the expire callback and don't send prompter warnings. */ +- (*expire_cb)(context, expire_data, pw_exp, acct_exp, is_last_req); +- return; +- } +- +- /* Don't warn if no password expiry value was sent. */ +- if (pw_exp == 0) +- return; +- +- /* Don't warn if the password is being changed. */ +- if (in_tkt_service && strcmp(in_tkt_service, "kadmin/changepw") == 0) +- return; +- +- /* +- * If the expiry time came from a last_req field, assume the KDC wants us +- * to warn. Otherwise, warn only if the expiry time is less than a week +- * from now. +- */ +- ret = krb5_timeofday(context, &now); +- if (ret != 0) +- return; +- if (!is_last_req && +- (ts_after(now, pw_exp) || ts_delta(pw_exp, now) > 7 * 24 * 60 * 60)) +- return; +- +- if (!prompter) +- return; +- +- ret = krb5_timestamp_to_string(pw_exp, ts, sizeof(ts)); +- if (ret != 0) +- return; +- +- delta = ts_delta(pw_exp, now); +- if (delta < 3600) { +- snprintf(banner, sizeof(banner), +- _("Warning: Your password will expire in less than one hour " +- "on %s"), ts); +- } else if (delta < 86400*2) { +- snprintf(banner, sizeof(banner), +- _("Warning: Your password will expire in %d hour%s on %s"), +- delta / 3600, delta < 7200 ? "" : "s", ts); +- } else { +- snprintf(banner, sizeof(banner), +- _("Warning: Your password will expire in %d days on %s"), +- delta / 86400, ts); +- } +- +- /* PROMPTER_INVOCATION */ +- (*prompter)(context, data, 0, banner, 0, 0); +-} +- + /* + * Create a temporary options structure for getting a kadmin/changepw ticket, + * based on the appplication-specified options. Propagate all application +@@ -496,9 +389,6 @@ krb5_get_init_creds_password(krb5_context context, + goto cleanup; + + cleanup: +- if (ret == 0) +- warn_pw_expiry(context, options, prompter, data, in_tkt_service, +- as_reply); + free(chpw_opts); + zapfree(gakpw.storage.data, gakpw.storage.length); + memset(pw0array, 0, sizeof(pw0array)); +diff --git a/src/lib/krb5/krb/t_expire_warn.c b/src/lib/krb5/krb/t_expire_warn.c +index 1e59acba1..dc8dc8fb3 100644 +--- a/src/lib/krb5/krb/t_expire_warn.c ++++ b/src/lib/krb5/krb/t_expire_warn.c +@@ -28,6 +28,13 @@ + + static int exp_dummy, prompt_dummy; + ++static void ++check(krb5_error_code code) ++{ ++ if (code != 0) ++ abort(); ++} ++ + static krb5_error_code + prompter_cb(krb5_context ctx, void *data, const char *name, + const char *banner, int num_prompts, krb5_prompt prompts[]) +@@ -52,36 +59,48 @@ int + main(int argc, char **argv) + { + krb5_context ctx; ++ krb5_init_creds_context icctx; + krb5_get_init_creds_opt *opt; + char *user, *password, *service = NULL; +- krb5_boolean use_cb; ++ krb5_boolean use_cb, stepwise; + krb5_principal client; + krb5_creds creds; + +- if (argc < 4) { +- fprintf(stderr, "Usage: %s username password {1|0} [service]\n", ++ if (argc < 5) { ++ fprintf(stderr, "Usage: %s username password {1|0} {1|0} [service]\n", + argv[0]); + return 1; + } + user = argv[1]; + password = argv[2]; + use_cb = atoi(argv[3]); +- if (argc >= 5) +- service = argv[4]; ++ stepwise = atoi(argv[4]); ++ if (argc >= 6) ++ service = argv[5]; + +- assert(krb5_init_context(&ctx) == 0); +- assert(krb5_get_init_creds_opt_alloc(ctx, &opt) == 0); ++ check(krb5_init_context(&ctx)); ++ check(krb5_get_init_creds_opt_alloc(ctx, &opt)); + if (use_cb) { +- assert(krb5_get_init_creds_opt_set_expire_callback(ctx, opt, expire_cb, +- &exp_dummy) == 0); ++ check(krb5_get_init_creds_opt_set_expire_callback(ctx, opt, expire_cb, ++ &exp_dummy)); ++ } ++ check(krb5_parse_name(ctx, user, &client)); ++ if (stepwise) { ++ check(krb5_init_creds_init(ctx, client, prompter_cb, &prompt_dummy, 0, ++ opt, &icctx)); ++ krb5_init_creds_set_password(ctx, icctx, password); ++ if (service != NULL) ++ check(krb5_init_creds_set_service(ctx, icctx, service)); ++ check(krb5_init_creds_get(ctx, icctx)); ++ krb5_init_creds_free(ctx, icctx); ++ } else { ++ check(krb5_get_init_creds_password(ctx, &creds, client, password, ++ prompter_cb, &prompt_dummy, 0, ++ service, opt)); ++ krb5_free_cred_contents(ctx, &creds); + } +- assert(krb5_parse_name(ctx, user, &client) == 0); +- assert(krb5_get_init_creds_password(ctx, &creds, client, password, +- prompter_cb, &prompt_dummy, 0, service, +- opt) == 0); + krb5_get_init_creds_opt_free(ctx, opt); + krb5_free_principal(ctx, client); +- krb5_free_cred_contents(ctx, &creds); + krb5_free_context(ctx); + return 0; + } +diff --git a/src/lib/krb5/krb/t_expire_warn.py b/src/lib/krb5/krb/t_expire_warn.py +index 781f2728a..e163cc7e4 100755 +--- a/src/lib/krb5/krb/t_expire_warn.py ++++ b/src/lib/krb5/krb/t_expire_warn.py +@@ -34,23 +34,33 @@ realm.run([kadminl, 'addprinc', '-pw', 'pass', '-pwexpire', '12 hours', + realm.run([kadminl, 'addprinc', '-pw', 'pass', '-pwexpire', '3 days', 'days']) + + # Check for expected prompter warnings when no expire callback is used. +-output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '0']) ++output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '0', '0']) + if output: + fail('Unexpected output for noexpire') +-realm.run(['./t_expire_warn', 'minutes', 'pass', '0'], ++realm.run(['./t_expire_warn', 'minutes', 'pass', '0', '0'], + expected_msg=' less than one hour on ') +-realm.run(['./t_expire_warn', 'hours', 'pass', '0'], expected_msg=' hours on ') +-realm.run(['./t_expire_warn', 'days', 'pass', '0'], expected_msg=' days on ') ++realm.run(['./t_expire_warn', 'hours', 'pass', '0', '0'], ++ expected_msg=' hours on ') ++realm.run(['./t_expire_warn', 'days', 'pass', '0', '0'], ++ expected_msg=' days on ') ++# Try one case with the stepwise interface. ++realm.run(['./t_expire_warn', 'days', 'pass', '0', '1'], ++ expected_msg=' days on ') + + # Check for expected expire callback behavior. These tests are + # carefully agnostic about whether the KDC supports last_req fields, + # and could be made more specific if last_req support is added. +-output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '1']) ++output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '1', '0']) + if 'password_expiration = 0\n' not in output or \ + 'account_expiration = 0\n' not in output or \ + 'is_last_req = ' not in output: + fail('Expected callback output not seen for noexpire') +-output = realm.run(['./t_expire_warn', 'days', 'pass', '1']) ++output = realm.run(['./t_expire_warn', 'days', 'pass', '1', '0']) ++if 'password_expiration = ' not in output or \ ++ 'password_expiration = 0\n' in output: ++ fail('Expected non-zero password expiration not seen for days') ++# Try one case with the stepwise interface. ++output = realm.run(['./t_expire_warn', 'days', 'pass', '1', '1']) + if 'password_expiration = ' not in output or \ + 'password_expiration = 0\n' in output: + fail('Expected non-zero password expiration not seen for days') diff --git a/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch b/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch new file mode 100644 index 0000000..7e70423 --- /dev/null +++ b/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch @@ -0,0 +1,94 @@ +From fa5d09798a56960c34f28296726ed4525e6950d9 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Mon, 23 Mar 2020 19:10:03 -0400 +Subject: [PATCH] Eliminate redundant PKINIT responder invocation + +In pkinit_client_prep_questions(), only act if the input padata type +is KRB5_PADATA_PK_AS_REQ. Otherwise we will ask questions again when +the KDC issues a ticket. + +Commit 7621d2f9a87214327ca3b2594e34dc7cea84596b (ticket 8242) +unintentionally changed the behavior of pkinit_load_fs_cert_and_key(), +causing pkinit_client_prep_questions() to do nothing on its first +call. Restore the original behavior of returning 0 when prompting is +deferred. + +Modify the existing "FILE identity, password on key (responder)" +PKINIT test to check that the responder is only invoked once. + +ticket: 8885 +(cherry picked from commit f1286842ce7b9e507a4ce0a47f44ab361a98be63) +(cherry picked from commit 4a05805eb39ba088c07f782fb52a6538ec3f2db6) +--- + src/plugins/preauth/pkinit/pkinit_clnt.c | 5 +++++ + src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 13 +++++++------ + src/tests/t_pkinit.py | 11 +++++++---- + 3 files changed, 19 insertions(+), 10 deletions(-) + +diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c +index 2f0431991..9b991ffe0 100644 +--- a/src/plugins/preauth/pkinit/pkinit_clnt.c ++++ b/src/plugins/preauth/pkinit/pkinit_clnt.c +@@ -897,6 +897,11 @@ pkinit_client_prep_questions(krb5_context context, + k5_json_object jval = NULL; + k5_json_number jflag = NULL; + ++ /* Don't ask questions for the informational padata items or when the ++ * ticket is issued. */ ++ if (pa_data->pa_type != KRB5_PADATA_PK_AS_REQ) ++ return 0; ++ + if (!reqctx->identity_initialized) { + pkinit_client_profile(context, plgctx, reqctx, cb, rock, + &request->server->realm); +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index dd718c2be..dbb054378 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -4362,17 +4362,18 @@ pkinit_load_fs_cert_and_key(krb5_context context, + + /* Load the certificate. */ + retval = get_cert(certname, &x); +- if (retval != 0 || x == NULL) { +- retval = oerr(context, 0, _("Cannot read certificate file '%s'"), ++ if (retval) { ++ retval = oerr(context, retval, _("Cannot read certificate file '%s'"), + certname); +- goto cleanup; + } ++ if (retval || x == NULL) ++ goto cleanup; + /* Load the key. */ + retval = get_key(context, id_cryptoctx, keyname, fsname, &y, password); +- if (retval != 0 || y == NULL) { +- retval = oerr(context, 0, _("Cannot read key file '%s'"), fsname); ++ if (retval) ++ retval = oerr(context, retval, _("Cannot read key file '%s'"), fsname); ++ if (retval || y == NULL) + goto cleanup; +- } + + id_cryptoctx->creds[cindex] = malloc(sizeof(struct _pkinit_cred_info)); + if (id_cryptoctx->creds[cindex] == NULL) { +diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py +index 69daf4987..ecd450e8a 100755 +--- a/src/tests/t_pkinit.py ++++ b/src/tests/t_pkinit.py +@@ -248,10 +248,13 @@ realm.run(['./adata', realm.host_princ], + # supplied by the responder. + # Supply the response in raw form. + mark('FILE identity, password on key (responder)') +-realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % file_enc_identity, +- '-r', 'pkinit={"%s": "encrypted"}' % file_enc_identity, +- '-X', 'X509_user_identity=%s' % file_enc_identity, +- realm.user_princ]) ++out = realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % file_enc_identity, ++ '-r', 'pkinit={"%s": "encrypted"}' % file_enc_identity, ++ '-X', 'X509_user_identity=%s' % file_enc_identity, ++ realm.user_princ]) ++# Regression test for #8885 (password question asked twice). ++if out.count('OK: ') != 1: ++ fail('Wrong number of responder calls') + # Supply the response through the convenience API. + realm.run(['./responder', '-X', 'X509_user_identity=%s' % file_enc_identity, + '-p', '%s=%s' % (file_enc_identity, 'encrypted'), realm.user_princ]) diff --git a/SOURCES/Fix-Coverity-defects-in-soft-pkcs11-test-code.patch b/SOURCES/Fix-Coverity-defects-in-soft-pkcs11-test-code.patch deleted file mode 100644 index 359335d..0000000 --- a/SOURCES/Fix-Coverity-defects-in-soft-pkcs11-test-code.patch +++ /dev/null @@ -1,207 +0,0 @@ -From 44b429df9ac4bb8ad84a090fee1bd70d83adcf23 Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Sat, 20 Jul 2019 00:51:52 -0400 -Subject: [PATCH] Fix Coverity defects in soft-pkcs11 test code - -Nothing in the code removes objects from soft_token.object.obs, so -simplify add_st_object() not to search for an empty slot. Avoid using -random() by using a counter for session handles and just the array -slot number for object handles. Add a helper get_rcfilename() to -facilitate checking the result of asprintf(). Properly initialize ap -in sprintf_fill(). Close the file handle in read_conf_file(). - -(cherry picked from commit b4831515b2f3b6fd7d7fd4bff4558c10c710891d) -(cherry picked from commit 28db01445d2807d51b5045c0a04d5e49905de504) ---- - src/tests/softpkcs11/main.c | 102 +++++++++++++++++++----------------- - 1 file changed, 53 insertions(+), 49 deletions(-) - -diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c -index 5255323d3..2d1448ca2 100644 ---- a/src/tests/softpkcs11/main.c -+++ b/src/tests/softpkcs11/main.c -@@ -78,6 +78,7 @@ compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, - (BL) = i2d_##T((S), &p); \ - if ((BL) <= 0) { \ - free((B)); \ -+ (B) = NULL; \ - (R) = EINVAL; \ - } \ - } \ -@@ -149,6 +150,7 @@ static struct soft_token { - } state[10]; - #define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0])) - FILE *logfile; -+ CK_SESSION_HANDLE next_session_handle; - } soft_token; - - static void -@@ -179,6 +181,7 @@ snprintf_fill(char *str, int size, char fillchar, const char *fmt, ...) - { - int len; - va_list ap; -+ va_start(ap, fmt); - len = vsnprintf(str, size, fmt, ap); - va_end(ap); - if (len < 0 || len > size) -@@ -344,7 +347,13 @@ static struct st_object * - add_st_object(void) - { - struct st_object *o, **objs; -- int i; -+ -+ objs = realloc(soft_token.object.objs, -+ (soft_token.object.num_objs + 1) * -+ sizeof(soft_token.object.objs[0])); -+ if (objs == NULL) -+ return NULL; -+ soft_token.object.objs = objs; - - o = malloc(sizeof(*o)); - if (o == NULL) -@@ -352,26 +361,9 @@ add_st_object(void) - memset(o, 0, sizeof(*o)); - o->attrs = NULL; - o->num_attributes = 0; -+ o->object_handle = soft_token.object.num_objs; - -- for (i = 0; i < soft_token.object.num_objs; i++) { -- if (soft_token.object.objs == NULL) { -- soft_token.object.objs[i] = o; -- break; -- } -- } -- if (i == soft_token.object.num_objs) { -- objs = realloc(soft_token.object.objs, -- (soft_token.object.num_objs + 1) * sizeof(soft_token.object.objs[0])); -- if (objs == NULL) { -- free(o); -- return NULL; -- } -- soft_token.object.objs = objs; -- soft_token.object.objs[soft_token.object.num_objs++] = o; -- } -- soft_token.object.objs[i]->object_handle = -- (random() & (~OBJECT_ID_MASK)) | i; -- -+ soft_token.object.objs[soft_token.object.num_objs++] = o; - return o; - } - -@@ -797,6 +789,8 @@ read_conf_file(const char *fn) - - add_certificate(label, cert, key, id, anchor); - } -+ -+ fclose(f); - } - - static CK_RV -@@ -806,19 +800,47 @@ func_not_supported(void) - return CKR_FUNCTION_NOT_SUPPORTED; - } - -+static char * -+get_rcfilename() -+{ -+ struct passwd *pw; -+ const char *home = NULL; -+ char *fn; -+ -+ if (getuid() == geteuid()) { -+ fn = getenv("SOFTPKCS11RC"); -+ if (fn != NULL) -+ return strdup(fn); -+ -+ home = getenv("HOME"); -+ } -+ -+ if (home == NULL) { -+ pw = getpwuid(getuid()); -+ if (pw != NULL) -+ home = pw->pw_dir; -+ } -+ -+ if (home == NULL) -+ return strdup("/etc/soft-token.rc"); -+ -+ if (asprintf(&fn, "%s/.soft-token.rc", home) < 0) -+ return NULL; -+ return fn; -+} -+ - CK_RV - C_Initialize(CK_VOID_PTR a) - { - CK_C_INITIALIZE_ARGS_PTR args = a; - size_t i; -+ char *fn; - - st_logf("Initialize\n"); - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - -- srandom(getpid() ^ time(NULL)); -- - for (i = 0; i < MAX_NUM_SESSION; i++) { - soft_token.state[i].session_handle = CK_INVALID_HANDLE; - soft_token.state[i].find.attributes = NULL; -@@ -850,31 +872,13 @@ C_Initialize(CK_VOID_PTR a) - st_logf("\tFlags\t%04x\n", (unsigned int)args->flags); - } - -- { -- char *fn = NULL, *home = NULL; -- -- if (getuid() == geteuid()) { -- fn = getenv("SOFTPKCS11RC"); -- if (fn) -- fn = strdup(fn); -- home = getenv("HOME"); -- } -- if (fn == NULL && home == NULL) { -- struct passwd *pw = getpwuid(getuid()); -- if(pw != NULL) -- home = pw->pw_dir; -- } -- if (fn == NULL) { -- if (home) -- asprintf(&fn, "%s/.soft-token.rc", home); -- else -- fn = strdup("/etc/soft-token.rc"); -- } -- -- read_conf_file(fn); -- free(fn); -- } -+ soft_token.next_session_handle = 0; - -+ fn = get_rcfilename(); -+ if (fn == NULL) -+ return CKR_DEVICE_MEMORY; -+ read_conf_file(fn); -+ free(fn); - return CKR_OK; - } - -@@ -1082,8 +1086,7 @@ C_OpenSession(CK_SLOT_ID slotID, - - soft_token.open_sessions++; - -- soft_token.state[i].session_handle = -- (CK_SESSION_HANDLE)(random() & 0xfffff); -+ soft_token.state[i].session_handle = soft_token.next_session_handle++; - *phSession = soft_token.state[i].session_handle; - - return CKR_OK; -@@ -1152,7 +1155,8 @@ C_Login(CK_SESSION_HANDLE hSession, - VERIFY_SESSION_HANDLE(hSession, NULL); - - if (pPin != NULL_PTR) { -- asprintf(&pin, "%.*s", (int)ulPinLen, pPin); -+ if (asprintf(&pin, "%.*s", (int)ulPinLen, pPin) < 0) -+ return CKR_DEVICE_MEMORY; - st_logf("type: %d password: %s\n", (int)userType, pin); - } - diff --git a/SOURCES/Fix-KCM-client-time-offset-propagation.patch b/SOURCES/Fix-KCM-client-time-offset-propagation.patch deleted file mode 100644 index eedc4c0..0000000 --- a/SOURCES/Fix-KCM-client-time-offset-propagation.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 7e4576cc62a16fa77030c42dcc43c61cdfa5b4e6 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 14 Aug 2019 13:52:27 -0400 -Subject: [PATCH] Fix KCM client time offset propagation - -An inverted status check in get_kdc_offset() would cause querying the -offset time from the ccache to always fail (silently) on KCM. Fix the -status check so that KCM can properly handle desync. - -ticket: 8826 (new) -tags: pullup -target_version: 1.17-next -target_verison: 1.16-next - -(cherry picked from commit 323abb6d1ebe5469d6c2167c29aa5d696d099b90) -(cherry picked from commit 7e81b8077cf2cf186dadb96b064573f7c221fbf3) ---- - src/lib/krb5/ccache/cc_kcm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib/krb5/ccache/cc_kcm.c b/src/lib/krb5/ccache/cc_kcm.c -index 092ab7daf..fe93ca3dc 100644 ---- a/src/lib/krb5/ccache/cc_kcm.c -+++ b/src/lib/krb5/ccache/cc_kcm.c -@@ -583,7 +583,7 @@ get_kdc_offset(krb5_context context, krb5_ccache cache) - if (cache_call(context, cache, &req, FALSE) != 0) - goto cleanup; - time_offset = k5_input_get_uint32_be(&req.reply); -- if (!req.reply.status) -+ if (req.reply.status) - goto cleanup; - context->os_context.time_offset = time_offset; - context->os_context.usec_offset = 0; diff --git a/SOURCES/Fix-argument-order-on-strlcpy-in-enctype_name.patch b/SOURCES/Fix-argument-order-on-strlcpy-in-enctype_name.patch deleted file mode 100644 index 99648bd..0000000 --- a/SOURCES/Fix-argument-order-on-strlcpy-in-enctype_name.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 9a38af6aa136fdc92d5e0f1591c1647aec498f5a Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 17 Sep 2019 18:29:15 -0400 -Subject: [PATCH] Fix argument order on strlcpy() in enctype_name() - ---- - src/kdc/kdc_util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c -index 96c88edc1..6d1861a3b 100644 ---- a/src/kdc/kdc_util.c -+++ b/src/kdc/kdc_util.c -@@ -1081,7 +1081,7 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen) - else - return krb5_enctype_to_name(ktype, FALSE, buf, buflen); - -- if (strlcpy(name, buf, buflen) >= buflen) -+ if (strlcpy(buf, name, buflen) >= buflen) - return ENOMEM; - return 0; - } diff --git a/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch b/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch new file mode 100644 index 0000000..6632968 --- /dev/null +++ b/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch @@ -0,0 +1,60 @@ +From 7b5ed3cffcfe2bc21f3157e883b078983947a113 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Fri, 24 Jul 2020 16:05:24 -0400 +Subject: [PATCH] Fix leak in KERB_AP_OPTIONS_CBT server support + +In check_cbt(), use a local variable to hold the retrieved authdata +list, and free it before returning. + +ticket: 8900 +(cherry picked from commit bf2ddff13c178e0c291f8fb382b040080d159e4f) +(cherry picked from commit 044e2209586fd1935d9a637df76d52f48c4f3e6e) +--- + src/lib/gssapi/krb5/accept_sec_context.c | 23 +++++++++++++---------- + 1 file changed, 13 insertions(+), 10 deletions(-) + +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index 175a24c4e..3d5b84b15 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -433,27 +433,30 @@ static const uint8_t null_cb[CB_MD5_LEN]; + /* Look for AP_OPTIONS in authdata. If present and the options include + * KERB_AP_OPTIONS_CBT, set *cbt_out to true. */ + static krb5_error_code +-check_cbt(krb5_context context, krb5_authdata **authdata, ++check_cbt(krb5_context context, krb5_authdata *const *authdata, + krb5_boolean *cbt_out) + { + krb5_error_code code; ++ krb5_authdata **ad; + uint32_t ad_ap_options; + const uint32_t KERB_AP_OPTIONS_CBT = 0x4000; + + *cbt_out = FALSE; + + code = krb5_find_authdata(context, NULL, authdata, +- KRB5_AUTHDATA_AP_OPTIONS, &authdata); +- if (code || authdata == NULL) ++ KRB5_AUTHDATA_AP_OPTIONS, &ad); ++ if (code || ad == NULL) + return code; +- if (authdata[1] != NULL || authdata[0]->length != 4) +- return KRB5KRB_AP_ERR_MSG_TYPE; ++ if (ad[1] != NULL || ad[0]->length != 4) { ++ code = KRB5KRB_AP_ERR_MSG_TYPE; ++ } else { ++ ad_ap_options = load_32_le(ad[0]->contents); ++ if (ad_ap_options & KERB_AP_OPTIONS_CBT) ++ *cbt_out = TRUE; ++ } + +- ad_ap_options = load_32_le(authdata[0]->contents); +- if (ad_ap_options & KERB_AP_OPTIONS_CBT) +- *cbt_out = TRUE; +- +- return 0; ++ krb5_free_authdata(context, ad); ++ return code; + } + + /* diff --git a/SOURCES/Fix-memory-leak-in-none-replay-cache-type.patch b/SOURCES/Fix-memory-leak-in-none-replay-cache-type.patch deleted file mode 100644 index 166ef05..0000000 --- a/SOURCES/Fix-memory-leak-in-none-replay-cache-type.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 74a3b8448949130d91417b261c3e1c316ffa8796 Mon Sep 17 00:00:00 2001 -From: Corene Casper -Date: Sat, 16 Feb 2019 00:49:26 -0500 -Subject: [PATCH] Fix memory leak in 'none' replay cache type - -Commit 0f06098e2ab419d02e89a1ca6bc9f2828f6bdb1e fixed part of a memory -leak in the 'none' replay cache type by freeing the outer container, -but we also need to free the mutex. - -[ghudson@mit.edu: wrote commit message] - -ticket: 8783 -tags: pullup -target_version: 1.17-next -target_version: 1.16-next - -(cherry picked from commit af2a3115cb8feb5174151b4b40223ae45aa9db17) -(cherry picked from commit ff79351c4755d6df7c3245274708454311c25731) ---- - src/lib/krb5/rcache/rc_none.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c -index e30aed09f..0b2274df7 100644 ---- a/src/lib/krb5/rcache/rc_none.c -+++ b/src/lib/krb5/rcache/rc_none.c -@@ -50,6 +50,7 @@ krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc) - static krb5_error_code KRB5_CALLCONV - krb5_rc_none_close(krb5_context ctx, krb5_rcache rc) - { -+ k5_mutex_destroy(&rc->lock); - free (rc); - return 0; - } diff --git a/SOURCES/Fix-memory-leaks-in-soft-pkcs11-code.patch b/SOURCES/Fix-memory-leaks-in-soft-pkcs11-code.patch deleted file mode 100644 index 01e41fc..0000000 --- a/SOURCES/Fix-memory-leaks-in-soft-pkcs11-code.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 604f5dcbb018fca8ea27e00314ed615133b861e1 Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Mon, 5 Aug 2019 01:53:51 -0400 -Subject: [PATCH] Fix memory leaks in soft-pkcs11 code - -Fix leaks detected by asan in t_pkinit.py. Add a helper to free a -struct st_object and free objects in C_Finalize(). Duplicate the X509 -cert in add_certificate() instead of creating aliases so it can be -properly freed. Start the session handle counter at 1 so that -C_Finalize() won't confuse the first session handle with -CK_INVALID_HANDLE (defined to 0 in pkinit.h) and will properly clean -the session object. - -(cherry picked from commit 15bcaf8bcb4af25ff89820ad3bf23ad5a324e863) -(cherry picked from commit 5cc80472e7a8b0fb3002f229ffb104dccf8bd120) ---- - src/tests/softpkcs11/main.c | 44 +++++++++++++++++++++++++++++++++---- - 1 file changed, 40 insertions(+), 4 deletions(-) - -diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c -index 2d1448ca2..a4c3ae78e 100644 ---- a/src/tests/softpkcs11/main.c -+++ b/src/tests/softpkcs11/main.c -@@ -109,7 +109,7 @@ struct st_object { - X509 *cert; - EVP_PKEY *public_key; - struct { -- const char *file; -+ char *file; - EVP_PKEY *key; - X509 *cert; - } private_key; -@@ -343,6 +343,26 @@ print_attributes(const CK_ATTRIBUTE *attributes, - } - } - -+static void -+free_st_object(struct st_object *o) -+{ -+ int i; -+ -+ for (i = 0; i < o->num_attributes; i++) -+ free(o->attrs[i].attribute.pValue); -+ free(o->attrs); -+ if (o->type == STO_T_CERTIFICATE) { -+ X509_free(o->u.cert); -+ } else if (o->type == STO_T_PRIVATE_KEY) { -+ free(o->u.private_key.file); -+ EVP_PKEY_free(o->u.private_key.key); -+ X509_free(o->u.private_key.cert); -+ } else if (o->type == STO_T_PUBLIC_KEY) { -+ EVP_PKEY_free(o->u.public_key); -+ } -+ free(o); -+} -+ - static struct st_object * - add_st_object(void) - { -@@ -518,7 +538,11 @@ add_certificate(char *label, - goto out; - } - o->type = STO_T_CERTIFICATE; -- o->u.cert = cert; -+ o->u.cert = X509_dup(cert); -+ if (o->u.cert == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } - public_key = X509_get_pubkey(o->u.cert); - - switch (EVP_PKEY_base_id(public_key)) { -@@ -602,7 +626,11 @@ add_certificate(char *label, - o->u.private_key.file = strdup(private_key_file); - o->u.private_key.key = NULL; - -- o->u.private_key.cert = cert; -+ o->u.private_key.cert = X509_dup(cert); -+ if (o->u.private_key.cert == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } - - c = CKO_PRIVATE_KEY; - add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c)); -@@ -676,6 +704,7 @@ add_certificate(char *label, - free(serial_data); - free(issuer_data); - free(subject_data); -+ X509_free(cert); - - return ret; - } -@@ -872,7 +901,7 @@ C_Initialize(CK_VOID_PTR a) - st_logf("\tFlags\t%04x\n", (unsigned int)args->flags); - } - -- soft_token.next_session_handle = 0; -+ soft_token.next_session_handle = 1; - - fn = get_rcfilename(); - if (fn == NULL) -@@ -886,6 +915,7 @@ CK_RV - C_Finalize(CK_VOID_PTR args) - { - size_t i; -+ int j; - - st_logf("Finalize\n"); - -@@ -897,6 +927,12 @@ C_Finalize(CK_VOID_PTR args) - } - } - -+ for (j = 0; j < soft_token.object.num_objs; j++) -+ free_st_object(soft_token.object.objs[j]); -+ free(soft_token.object.objs); -+ soft_token.object.objs = NULL; -+ soft_token.object.num_objs = 0; -+ - return CKR_OK; - } - diff --git a/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch b/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch new file mode 100644 index 0000000..0d2f2ef --- /dev/null +++ b/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch @@ -0,0 +1,38 @@ +From 117681ff995f7a271ded83ff4615e7945c72a942 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Thu, 14 May 2020 15:01:18 -0400 +Subject: [PATCH] Fix typo ("in in") in the ksu man page + +(cherry picked from commit 1011841acdc1020f308ef4f569c6622f279d8c3f) +(cherry picked from commit 8de669742ae4190542741f0dc61119a6a0dad666) +--- + doc/user/user_commands/ksu.rst | 2 +- + src/man/ksu.man | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/doc/user/user_commands/ksu.rst b/doc/user/user_commands/ksu.rst +index 8d6c7ef79..933738229 100644 +--- a/doc/user/user_commands/ksu.rst ++++ b/doc/user/user_commands/ksu.rst +@@ -155,7 +155,7 @@ wrong password is typed in, ksu fails. + .. note:: + + During authentication, only the tickets that could be +- obtained without providing a password are cached in in the ++ obtained without providing a password are cached in the + source cache. + + +diff --git a/src/man/ksu.man b/src/man/ksu.man +index 81e34815d..8d4c6a359 100644 +--- a/src/man/ksu.man ++++ b/src/man/ksu.man +@@ -176,7 +176,7 @@ wrong password is typed in, ksu fails. + .INDENT 0.0 + .INDENT 3.5 + During authentication, only the tickets that could be +-obtained without providing a password are cached in in the ++obtained without providing a password are cached in the + source cache. + .UNINDENT + .UNINDENT diff --git a/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch b/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch new file mode 100644 index 0000000..5e7fc6c --- /dev/null +++ b/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch @@ -0,0 +1,38 @@ +From e339ad300caafc2a98e86ab48a9ac278cfe3bb85 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 15 Jul 2020 15:42:20 -0400 +Subject: [PATCH] Ignore bad enctypes in krb5_string_to_keysalts() + +Fixes a problem where the presence of legacy/unrecognized keysalts in +supported_enctypes would prevent the kadmin programs from starting. + +[ghudson@mit.edu: ideally we would put a warning in the kadmind log, +but that is difficult to do when the parsing is done inside a library. +Even adding a trace log is difficult because the kadm5 str_conv +functions do not accept contexts.] + +ticket: 8929 (new) +(cherry picked from commit be5396ada0e8dabd68bd0aceb733cfca39a609bc) +(cherry picked from commit 3f873868fb08b77da2d30e164a0ef6c71c17c607) +--- + src/lib/kadm5/str_conv.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c +index 7cf51d316..798295606 100644 +--- a/src/lib/kadm5/str_conv.c ++++ b/src/lib/kadm5/str_conv.c +@@ -340,9 +340,10 @@ krb5_string_to_keysalts(const char *string, const char *tupleseps, + while ((ksp = strtok_r(p, tseps, &tlasts)) != NULL) { + /* Pass a null pointer to subsequent calls to strtok_r(). */ + p = NULL; +- ret = string_to_keysalt(ksp, ksaltseps, &etype, &stype); +- if (ret) +- goto cleanup; ++ ++ /* Discard unrecognized keysalts. */ ++ if (string_to_keysalt(ksp, ksaltseps, &etype, &stype) != 0) ++ continue; + + /* Ignore duplicate keysalts if caller asks. */ + if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype)) diff --git a/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch b/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch new file mode 100644 index 0000000..347c0fb --- /dev/null +++ b/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch @@ -0,0 +1,92 @@ +From 3c15e9724dae95a4bf0899a8b8efc3e9e3f486ab Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Wed, 5 Jul 2017 11:38:30 -0400 +Subject: [PATCH] Implement GSS_C_CHANNEL_BOUND_FLAG + +Define a new channel-bound GSS return flag, and set it in the krb5 +mech if the initiator sent channel bindings matching the acceptor's. +Do not error out if the acceptor specifies channel bindings and the +initiator does not send them. + +[ghudson@mit.edu: simplified code changes; fleshed out commit message] + +[iboukris: cherry-picked from another PR and reduced in scope] + +ticket: 8899 (new) +(cherry picked from commit 429a31146083fac21958631c2af572b08ec91022) +(cherry picked from commit 3ea1d6296ced3a998e79356f9be212e4c5e6a5d5) +--- + src/lib/gssapi/generic/gssapi_ext.h | 2 ++ + src/lib/gssapi/krb5/accept_sec_context.c | 18 +++++++++++++----- + 2 files changed, 15 insertions(+), 5 deletions(-) + +diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h +index 218456e44..c675e8ebb 100644 +--- a/src/lib/gssapi/generic/gssapi_ext.h ++++ b/src/lib/gssapi/generic/gssapi_ext.h +@@ -595,6 +595,8 @@ gss_store_cred_into( + * attribute (along with any applicable RFC 5587 attributes). + */ + ++#define GSS_C_CHANNEL_BOUND_FLAG 2048 /* 0x00000800 */ ++ + OM_uint32 KRB5_CALLCONV + gssspi_query_meta_data( + OM_uint32 *minor_status, +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index 70dd7fc0c..9d3e2f4fe 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -427,6 +427,9 @@ kg_process_extension(krb5_context context, + GSS_C_SEQUENCE_FLAG | GSS_C_DCE_STYLE | \ + GSS_C_IDENTIFY_FLAG | GSS_C_EXTENDED_ERROR_FLAG) + ++/* A zero-value channel binding, for comparison */ ++static const uint8_t null_cb[CB_MD5_LEN]; ++ + /* + * The krb5 GSS mech appropriates the authenticator checksum field from RFC + * 4120 to store structured data instead of a checksum, indicated with checksum +@@ -435,9 +438,10 @@ kg_process_extension(krb5_context context, + * + * Interpret the checksum. Read delegated creds into *deleg_out if it is not + * NULL. Set *flags_out to the allowed subset of token flags, plus +- * GSS_C_DELEG_FLAG if a delegated credential was present. Process any +- * extensions found using exts. On error, set *code_out to a krb5_error code +- * for use as a minor status value. ++ * GSS_C_DELEG_FLAG if a delegated credential was present and ++ * GSS_C_CHANNEL_BOUND_FLAG if matching channel bindings are present. Process ++ * any extensions found using exts. On error, set *code_out to a krb5_error ++ * code for use as a minor status value. + */ + static OM_uint32 + process_checksum(OM_uint32 *minor_status, krb5_context context, +@@ -450,7 +454,7 @@ process_checksum(OM_uint32 *minor_status, krb5_context context, + krb5_error_code code = 0; + OM_uint32 status, option_id, token_flags; + size_t cb_len, option_len; +- krb5_boolean valid; ++ krb5_boolean valid, token_cb_present = FALSE, cb_match = FALSE; + krb5_key subkey; + krb5_data option, empty = empty_data(); + krb5_checksum cb_cksum; +@@ -516,7 +520,9 @@ process_checksum(OM_uint32 *minor_status, krb5_context context, + goto fail; + } + assert(cb_cksum.length == cb_len); +- if (k5_bcmp(token_cb, cb_cksum.contents, cb_len) != 0) { ++ token_cb_present = (k5_bcmp(token_cb, null_cb, cb_len) != 0); ++ cb_match = (k5_bcmp(token_cb, cb_cksum.contents, cb_len) == 0); ++ if (token_cb_present && !cb_match) { + status = GSS_S_BAD_BINDINGS; + goto fail; + } +@@ -525,6 +531,8 @@ process_checksum(OM_uint32 *minor_status, krb5_context context, + /* Read the token flags and accept some of them as context flags. */ + token_flags = k5_input_get_uint32_le(&in); + *flags_out = token_flags & INITIATOR_FLAGS; ++ if (cb_match) ++ *flags_out |= GSS_C_CHANNEL_BOUND_FLAG; + + /* Read the delegated credential if present. */ + if (in.len >= 4 && (token_flags & GSS_C_DELEG_FLAG)) { diff --git a/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch b/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch new file mode 100644 index 0000000..156088b --- /dev/null +++ b/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch @@ -0,0 +1,103 @@ +From 7aea9fc73fb508e3168581990eb2e2ff7a1aea31 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris +Date: Mon, 9 Mar 2020 16:04:21 +0100 +Subject: [PATCH] Implement KERB_AP_OPTIONS_CBT (server side) + +Add server support for Microsoft's KERB_AP_OPTIONS_CBT as described in +MS-KILE. If the client includes the AP option in the authenticator +authdata and the server passed channel bindings, require the bindings +to match. + +[ghudson@mit.edu: refactored to put more logic in the helper function; +added a comment; clarified commit message] + +ticket: 8900 (new) +(cherry picked from commit 4f7c77b64a048ca5e3199b26b31493698c777a9c) +(cherry picked from commit 6407bf087fe53088d91efd09df736e979cd4e8db) +--- + src/include/krb5/krb5.hin | 1 + + src/lib/gssapi/krb5/accept_sec_context.c | 45 +++++++++++++++++++++++- + 2 files changed, 45 insertions(+), 1 deletion(-) + +diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin +index f8269fb17..9264bede1 100644 +--- a/src/include/krb5/krb5.hin ++++ b/src/include/krb5/krb5.hin +@@ -1915,6 +1915,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, + #define KRB5_AUTHDATA_SIGNTICKET 512 /**< formerly 142 in krb5 1.8 */ + #define KRB5_AUTHDATA_FX_ARMOR 71 + #define KRB5_AUTHDATA_AUTH_INDICATOR 97 ++#define KRB5_AUTHDATA_AP_OPTIONS 143 + /** @} */ /* end of KRB5_AUTHDATA group */ + + /* password change constants */ +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index 9d3e2f4fe..175a24c4e 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -430,6 +430,32 @@ kg_process_extension(krb5_context context, + /* A zero-value channel binding, for comparison */ + static const uint8_t null_cb[CB_MD5_LEN]; + ++/* Look for AP_OPTIONS in authdata. If present and the options include ++ * KERB_AP_OPTIONS_CBT, set *cbt_out to true. */ ++static krb5_error_code ++check_cbt(krb5_context context, krb5_authdata **authdata, ++ krb5_boolean *cbt_out) ++{ ++ krb5_error_code code; ++ uint32_t ad_ap_options; ++ const uint32_t KERB_AP_OPTIONS_CBT = 0x4000; ++ ++ *cbt_out = FALSE; ++ ++ code = krb5_find_authdata(context, NULL, authdata, ++ KRB5_AUTHDATA_AP_OPTIONS, &authdata); ++ if (code || authdata == NULL) ++ return code; ++ if (authdata[1] != NULL || authdata[0]->length != 4) ++ return KRB5KRB_AP_ERR_MSG_TYPE; ++ ++ ad_ap_options = load_32_le(authdata[0]->contents); ++ if (ad_ap_options & KERB_AP_OPTIONS_CBT) ++ *cbt_out = TRUE; ++ ++ return 0; ++} ++ + /* + * The krb5 GSS mech appropriates the authenticator checksum field from RFC + * 4120 to store structured data instead of a checksum, indicated with checksum +@@ -454,7 +480,7 @@ process_checksum(OM_uint32 *minor_status, krb5_context context, + krb5_error_code code = 0; + OM_uint32 status, option_id, token_flags; + size_t cb_len, option_len; +- krb5_boolean valid, token_cb_present = FALSE, cb_match = FALSE; ++ krb5_boolean valid, client_cbt, token_cb_present = FALSE, cb_match = FALSE; + krb5_key subkey; + krb5_data option, empty = empty_data(); + krb5_checksum cb_cksum; +@@ -582,6 +608,23 @@ process_checksum(OM_uint32 *minor_status, krb5_context context, + } + } + ++ /* ++ * If the client asserts the KERB_AP_OPTIONS_CBT flag (from MS-KILE) in the ++ * authenticator authdata, and the acceptor passed channel bindings, ++ * require matching channel bindings from the client. The intent is to ++ * prevent an authenticator generated for use outside of a TLS channel from ++ * being used inside of one. ++ */ ++ code = check_cbt(context, authenticator->authorization_data, &client_cbt); ++ if (code) { ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ if (client_cbt && acceptor_cb != GSS_C_NO_CHANNEL_BINDINGS && !cb_match) { ++ status = GSS_S_BAD_BINDINGS; ++ goto fail; ++ } ++ + status = GSS_S_COMPLETE; + + fail: diff --git a/SOURCES/Improve-negoex_parse_token-code-hygiene.patch b/SOURCES/Improve-negoex_parse_token-code-hygiene.patch new file mode 100644 index 0000000..c7136e1 --- /dev/null +++ b/SOURCES/Improve-negoex_parse_token-code-hygiene.patch @@ -0,0 +1,31 @@ +From ca72aa3a2e4ca8bc1b1c33e46ca59ed4b3f20393 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 9 Jun 2020 16:23:37 -0400 +Subject: [PATCH] Improve negoex_parse_token() code hygiene + +If the while loop in negoex_parse_token() runs for zero iterations, +major will be used initialized. Currently this cannot happen, but +only because both of the call sites check for zero-length tokens. +Initialize major for safety. + +[ghudson@mit.edu: rewrote commit message] + +(cherry picked from commit 4f91b6f8fa6fe1de662b3fdac0d59b7758ec642a) +(cherry picked from commit c726a72c68244129eb08b840b92144acfa776573) +--- + src/lib/gssapi/spnego/negoex_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/gssapi/spnego/negoex_util.c b/src/lib/gssapi/spnego/negoex_util.c +index 700368456..99580fd79 100644 +--- a/src/lib/gssapi/spnego/negoex_util.c ++++ b/src/lib/gssapi/spnego/negoex_util.c +@@ -454,7 +454,7 @@ negoex_parse_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, + gss_const_buffer_t token, + struct negoex_message **messages_out, size_t *count_out) + { +- OM_uint32 major; ++ OM_uint32 major = GSS_S_COMPLETE; + size_t count = 0; + struct k5input in; + struct negoex_message *messages = NULL, *newptr; diff --git a/SOURCES/In-kpropd-debug-log-proper-ticket-enctype-names.patch b/SOURCES/In-kpropd-debug-log-proper-ticket-enctype-names.patch deleted file mode 100644 index 8a20e3d..0000000 --- a/SOURCES/In-kpropd-debug-log-proper-ticket-enctype-names.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 30f112f8dc1c5241da5ba301cb45a06bb5bb4c01 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 15 Jan 2019 13:41:16 -0500 -Subject: [PATCH] In kpropd, debug-log proper ticket enctype names - -This change replaces the last call of krb5_enctype_to_string() in our -sources with krb5_enctype_to_name(), ensuring that we log consistently -to users using readily discoverable strings. - -(cherry picked from commit 30e12a2ecdf7e2a034a91626a03b5c9909e4c68d) ---- - src/kprop/kpropd.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c -index 4cc035dc6..0c7bffa24 100644 ---- a/src/kprop/kpropd.c -+++ b/src/kprop/kpropd.c -@@ -1279,7 +1279,8 @@ kerberos_authenticate(krb5_context context, int fd, krb5_principal *clientp, - exit(1); - } - -- retval = krb5_enctype_to_string(*etype, etypebuf, sizeof(etypebuf)); -+ retval = krb5_enctype_to_name(*etype, FALSE, etypebuf, -+ sizeof(etypebuf)); - if (retval) { - com_err(progname, retval, _("while unparsing ticket etype")); - exit(1); diff --git a/SOURCES/In-rd_req_dec-always-log-non-permitted-enctypes.patch b/SOURCES/In-rd_req_dec-always-log-non-permitted-enctypes.patch deleted file mode 100644 index 6ca3da0..0000000 --- a/SOURCES/In-rd_req_dec-always-log-non-permitted-enctypes.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 2b4521f3ba3dad064e3f64bfd56b88d5cb5d0955 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Mon, 14 Jan 2019 17:14:42 -0500 -Subject: [PATCH] In rd_req_dec, always log non-permitted enctypes - -The buffer specified in negotiate_etype() is too small for use with -the AES enctypes when used with krb5_enctype_to_string(), so switch to -using krb5_enctype_to_name(). - -(cherry picked from commit bf75ebf583a51bf00005a96d17924818d19377be) ---- - src/lib/krb5/krb/rd_req_dec.c | 5 ++--- - src/tests/gssapi/t_enctypes.py | 5 +++-- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c -index 4cd429a11..e75192fee 100644 ---- a/src/lib/krb5/krb/rd_req_dec.c -+++ b/src/lib/krb5/krb/rd_req_dec.c -@@ -864,9 +864,8 @@ negotiate_etype(krb5_context context, - if (permitted == FALSE) { - char enctype_name[30]; - -- if (krb5_enctype_to_string(desired_etypes[i], -- enctype_name, -- sizeof(enctype_name)) == 0) -+ if (krb5_enctype_to_name(desired_etypes[i], FALSE, enctype_name, -+ sizeof(enctype_name)) == 0) - k5_setmsg(context, KRB5_NOPERM_ETYPE, - _("Encryption type %s not permitted"), enctype_name); - return KRB5_NOPERM_ETYPE; -diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py -index ee43ff028..5d9f80e04 100755 ---- a/src/tests/gssapi/t_enctypes.py -+++ b/src/tests/gssapi/t_enctypes.py -@@ -85,7 +85,8 @@ test('both aes128', 'aes128-cts', 'aes128-cts', - # If only the acceptor constrains the permitted session enctypes to - # aes128, subkey negotiation fails because the acceptor considers the - # aes256 session key to be non-permitted. --test_err('acc aes128', None, 'aes128-cts', 'Encryption type not permitted') -+test_err('acc aes128', None, 'aes128-cts', -+ 'Encryption type aes256-cts-hmac-sha1-96 not permitted') - - # If the initiator constrains the permitted session enctypes to des3, - # no acceptor subkey will be generated because we can't upgrade to a -@@ -128,7 +129,7 @@ test('upgrade init des3+rc4', 'des3 rc4', None, - # is only for the sake of the kernel, since we could upgrade to an - # aes128 subkey, but it's the current semantics.) - test_err('upgrade acc aes128', None, 'aes128-cts', -- 'Encryption type ArcFour with HMAC/md5 not permitted') -+ 'Encryption type arcfour-hmac not permitted') - - # If the acceptor permits rc4 but prefers aes128, it will negotiate an - # upgrade to aes128. diff --git a/SOURCES/Make-etype-names-in-KDC-logs-human-readable.patch b/SOURCES/Make-etype-names-in-KDC-logs-human-readable.patch deleted file mode 100644 index 8b3413b..0000000 --- a/SOURCES/Make-etype-names-in-KDC-logs-human-readable.patch +++ /dev/null @@ -1,296 +0,0 @@ -From f815140182976e882445a38ee5a0a77f56da7c8a Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 8 Jan 2019 17:42:35 -0500 -Subject: [PATCH] Make etype names in KDC logs human-readable - -Introduce enctype_name() as a wrapper over krb5_enctype_to_name for -converting between registered constants and names. Adjust signatures -and rewrite ktypes2str() and rep_etypes2str() to operate on dynamic -buffers. - -ticket: 8772 (new) -(cherry picked from commit a649279727490687d54becad91fde8cf7429d951) ---- - src/kdc/kdc_log.c | 42 +++++++-------- - src/kdc/kdc_util.c | 131 +++++++++++++++++++++++---------------------- - src/kdc/kdc_util.h | 6 +-- - 3 files changed, 90 insertions(+), 89 deletions(-) - -diff --git a/src/kdc/kdc_log.c b/src/kdc/kdc_log.c -index 4eec50373..b160ba21a 100644 ---- a/src/kdc/kdc_log.c -+++ b/src/kdc/kdc_log.c -@@ -65,7 +65,7 @@ log_as_req(krb5_context context, - { - const char *fromstring = 0; - char fromstringbuf[70]; -- char ktypestr[128]; -+ char *ktypestr = NULL; - const char *cname2 = cname ? cname : ""; - const char *sname2 = sname ? sname : ""; - -@@ -74,26 +74,29 @@ log_as_req(krb5_context context, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = ""; -- ktypes2str(ktypestr, sizeof(ktypestr), -- request->nktypes, request->ktype); -+ -+ ktypestr = ktypes2str(request->ktype, request->nktypes); - - if (status == NULL) { - /* success */ -- char rep_etypestr[128]; -- rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply); -+ char *rep_etypestr = rep_etypes2str(reply); - krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: ISSUE: authtime %u, %s, " - "%s for %s"), -- ktypestr, fromstring, (unsigned int)authtime, -- rep_etypestr, cname2, sname2); -+ ktypestr ? ktypestr : "", fromstring, -+ (unsigned int)authtime, -+ rep_etypestr ? rep_etypestr : "", cname2, sname2); -+ free(rep_etypestr); - } else { - /* fail */ - krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: %s: %s for %s%s%s"), -- ktypestr, fromstring, status, -- cname2, sname2, emsg ? ", " : "", emsg ? emsg : ""); -+ ktypestr ? ktypestr : "", fromstring, status, cname2, -+ sname2, emsg ? ", " : "", emsg ? emsg : ""); - } - krb5_db_audit_as_req(context, request, - local_addr->address, remote_addr->address, - client, server, authtime, errcode); -+ -+ free(ktypestr); - } - - /* -@@ -122,10 +125,9 @@ log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, - unsigned int c_flags, - const char *status, krb5_error_code errcode, const char *emsg) - { -- char ktypestr[128]; -+ char *ktypestr = NULL, *rep_etypestr = NULL; - const char *fromstring = 0; - char fromstringbuf[70]; -- char rep_etypestr[128]; - char *cname = NULL, *sname = NULL, *altcname = NULL; - char *logcname = NULL, *logsname = NULL, *logaltcname = NULL; - -@@ -134,11 +136,6 @@ log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = ""; -- ktypes2str(ktypestr, sizeof(ktypestr), request->nktypes, request->ktype); -- if (!errcode) -- rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply); -- else -- rep_etypestr[0] = 0; - - unparse_and_limit(ctx, cprinc, &cname); - logcname = (cname != NULL) ? cname : ""; -@@ -151,10 +148,14 @@ log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, - name (useful), and doesn't log ktypestr (probably not - important). */ - if (errcode != KRB5KDC_ERR_SERVER_NOMATCH) { -+ ktypestr = ktypes2str(request->ktype, request->nktypes); -+ rep_etypestr = rep_etypes2str(reply); - krb5_klog_syslog(LOG_INFO, _("TGS_REQ (%s) %s: %s: authtime %u, %s%s " - "%s for %s%s%s"), -- ktypestr, fromstring, status, (unsigned int)authtime, -- rep_etypestr, !errcode ? "," : "", logcname, logsname, -+ ktypestr ? ktypestr : "", fromstring, status, -+ (unsigned int)authtime, -+ rep_etypestr ? rep_etypestr : "", -+ !errcode ? "," : "", logcname, logsname, - errcode ? ", " : "", errcode ? emsg : ""); - if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) - krb5_klog_syslog(LOG_INFO, -@@ -171,9 +172,8 @@ log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, - fromstring, status, (unsigned int)authtime, - logcname, logsname, logaltcname); - -- /* OpenSolaris: audit_krb5kdc_tgs_req(...) or -- audit_krb5kdc_tgs_req_2ndtktmm(...) */ -- -+ free(rep_etypestr); -+ free(ktypestr); - krb5_free_unparsed_name(ctx, cname); - krb5_free_unparsed_name(ctx, sname); - krb5_free_unparsed_name(ctx, altcname); -diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c -index 0155c28c6..f5c581c82 100644 ---- a/src/kdc/kdc_util.c -+++ b/src/kdc/kdc_util.c -@@ -1043,84 +1043,87 @@ void limit_string(char *name) - return; - } - --/* -- * L10_2 = log10(2**x), rounded up; log10(2) ~= 0.301. -- */ --#define L10_2(x) ((int)(((x * 301) + 999) / 1000)) -- --/* -- * Max length of sprintf("%ld") for an int of type T; includes leading -- * minus sign and terminating NUL. -- */ --#define D_LEN(t) (L10_2(sizeof(t) * CHAR_BIT) + 2) -- --void --ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype) -+/* Wrapper of krb5_enctype_to_name() to include the PKINIT types. */ -+static krb5_error_code -+enctype_name(krb5_enctype ktype, char *buf, size_t buflen) - { -- int i; -- char stmp[D_LEN(krb5_enctype) + 1]; -- char *p; -+ char *name; - -- if (nktypes < 0 -- || len < (sizeof(" etypes {...}") + D_LEN(int))) { -- *s = '\0'; -- return; -- } -+ if (buflen == 0) -+ return EINVAL; -+ *buf = '\0'; /* ensure these are always valid C-strings */ - -- snprintf(s, len, "%d etypes {", nktypes); -- for (i = 0; i < nktypes; i++) { -- snprintf(stmp, sizeof(stmp), "%s%ld", i ? " " : "", (long)ktype[i]); -- if (strlen(s) + strlen(stmp) + sizeof("}") > len) -- break; -- strlcat(s, stmp, len); -- } -- if (i < nktypes) { -- /* -- * We broke out of the loop. Try to truncate the list. -- */ -- p = s + strlen(s); -- while (p - s + sizeof("...}") > len) { -- while (p > s && *p != ' ' && *p != '{') -- *p-- = '\0'; -- if (p > s && *p == ' ') { -- *p-- = '\0'; -- continue; -- } -- } -- strlcat(s, "...", len); -- } -- strlcat(s, "}", len); -- return; -+ /* rfc4556 recommends that clients wishing to indicate support for these -+ * pkinit algorithms include them in the etype field of the AS-REQ. */ -+ if (ktype == ENCTYPE_DSA_SHA1_CMS) -+ name = "id-dsa-with-sha1-CmsOID"; -+ else if (ktype == ENCTYPE_MD5_RSA_CMS) -+ name = "md5WithRSAEncryption-CmsOID"; -+ else if (ktype == ENCTYPE_SHA1_RSA_CMS) -+ name = "sha-1WithRSAEncryption-CmsOID"; -+ else if (ktype == ENCTYPE_RC2_CBC_ENV) -+ name = "rc2-cbc-EnvOID"; -+ else if (ktype == ENCTYPE_RSA_ENV) -+ name = "rsaEncryption-EnvOID"; -+ else if (ktype == ENCTYPE_RSA_ES_OAEP_ENV) -+ name = "id-RSAES-OAEP-EnvOID"; -+ else if (ktype == ENCTYPE_DES3_CBC_ENV) -+ name = "des-ede3-cbc-EnvOID"; -+ else -+ return krb5_enctype_to_name(ktype, FALSE, buf, buflen); -+ -+ if (strlcpy(name, buf, buflen) >= buflen) -+ return ENOMEM; -+ return 0; - } - --void --rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep) -+char * -+ktypes2str(krb5_enctype *ktype, int nktypes) - { -- char stmp[sizeof("ses=") + D_LEN(krb5_enctype)]; -+ struct k5buf buf; -+ int i; -+ char name[64]; - -- if (len < (3 * D_LEN(krb5_enctype) -- + sizeof("etypes {rep= tkt= ses=}"))) { -- *s = '\0'; -- return; -+ if (nktypes < 0) -+ return NULL; -+ -+ k5_buf_init_dynamic(&buf); -+ k5_buf_add_fmt(&buf, "%d etypes {", nktypes); -+ for (i = 0; i < nktypes; i++) { -+ enctype_name(ktype[i], name, sizeof(name)); -+ k5_buf_add_fmt(&buf, "%s%s(%ld)", i ? ", " : "", name, (long)ktype[i]); - } -+ k5_buf_add(&buf, "}"); -+ return buf.data; -+} - -- snprintf(s, len, "etypes {rep=%ld", (long)rep->enc_part.enctype); -+char * -+rep_etypes2str(krb5_kdc_rep *rep) -+{ -+ struct k5buf buf; -+ char name[64]; -+ krb5_enctype etype; -+ -+ k5_buf_init_dynamic(&buf); -+ k5_buf_add(&buf, "etypes {rep="); -+ enctype_name(rep->enc_part.enctype, name, sizeof(name)); -+ k5_buf_add_fmt(&buf, "%s(%ld)", name, (long)rep->enc_part.enctype); - - if (rep->ticket != NULL) { -- snprintf(stmp, sizeof(stmp), -- " tkt=%ld", (long)rep->ticket->enc_part.enctype); -- strlcat(s, stmp, len); -+ etype = rep->ticket->enc_part.enctype; -+ enctype_name(etype, name, sizeof(name)); -+ k5_buf_add_fmt(&buf, ", tkt=%s(%ld)", name, (long)etype); - } - -- if (rep->ticket != NULL -- && rep->ticket->enc_part2 != NULL -- && rep->ticket->enc_part2->session != NULL) { -- snprintf(stmp, sizeof(stmp), " ses=%ld", -- (long)rep->ticket->enc_part2->session->enctype); -- strlcat(s, stmp, len); -+ if (rep->ticket != NULL && rep->ticket->enc_part2 != NULL && -+ rep->ticket->enc_part2->session != NULL) { -+ etype = rep->ticket->enc_part2->session->enctype; -+ enctype_name(etype, name, sizeof(name)); -+ k5_buf_add_fmt(&buf, ", ses=%s(%ld)", name, (long)etype); - } -- strlcat(s, "}", len); -- return; -+ -+ k5_buf_add(&buf, "}"); -+ return buf.data; - } - - static krb5_error_code -diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h -index 6ec645fc3..25077cbf5 100644 ---- a/src/kdc/kdc_util.h -+++ b/src/kdc/kdc_util.h -@@ -110,11 +110,9 @@ select_session_keytype (kdc_realm_t *kdc_active_realm, - - void limit_string (char *name); - --void --ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype); -+char *ktypes2str(krb5_enctype *ktype, int nktypes); - --void --rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep); -+char *rep_etypes2str(krb5_kdc_rep *rep); - - /* authind.c */ - krb5_boolean diff --git a/SOURCES/Mark-deprecated-enctypes-when-used.patch b/SOURCES/Mark-deprecated-enctypes-when-used.patch deleted file mode 100644 index 4ded20a..0000000 --- a/SOURCES/Mark-deprecated-enctypes-when-used.patch +++ /dev/null @@ -1,250 +0,0 @@ -From 6306a2a8697c94f968a02d66204f7d357aa0e7f6 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Thu, 10 Jan 2019 16:34:54 -0500 -Subject: [PATCH] Mark deprecated enctypes when used - -Preface ETYPE_DEPRECATED enctypes with "DEPRECATED:" in klist output, -KDC logs, and kadmin interactions. Also complain in krb5kdc when the -stash file has a deprecated enctype or a deprecated enctype is -requested with -k. - -ticket: 8773 (new) -(cherry picked from commit 8d8e68283b599e680f9fe45eff8af397e827bd6c) ---- - src/clients/klist/klist.c | 14 ++++++++++---- - src/kadmin/cli/kadmin.c | 6 +++++- - src/kdc/kdc_util.c | 9 +++++++++ - src/kdc/main.c | 19 +++++++++++++++++++ - src/tests/gssapi/t_enctypes.py | 15 +++++++++------ - src/tests/t_keyrollover.py | 8 +++++--- - src/tests/t_sesskeynego.py | 4 ++-- - 7 files changed, 59 insertions(+), 16 deletions(-) - -diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c -index 70adb54e8..8c307151a 100644 ---- a/src/clients/klist/klist.c -+++ b/src/clients/klist/klist.c -@@ -571,11 +571,17 @@ static char * - etype_string(krb5_enctype enctype) - { - static char buf[100]; -- krb5_error_code ret; -+ char *bp = buf; -+ size_t deplen, buflen = sizeof(buf); - -- ret = krb5_enctype_to_name(enctype, FALSE, buf, sizeof(buf)); -- if (ret) -- snprintf(buf, sizeof(buf), "etype %d", enctype); -+ if (krb5int_c_deprecated_enctype(enctype)) { -+ deplen = strlcpy(bp, "DEPRECATED:", buflen); -+ buflen -= deplen; -+ bp += deplen; -+ } -+ -+ if (krb5_enctype_to_name(enctype, FALSE, bp, buflen)) -+ snprintf(bp, buflen, "etype %d", enctype); - return buf; - } - -diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c -index ed581ee79..cc74921bf 100644 ---- a/src/kadmin/cli/kadmin.c -+++ b/src/kadmin/cli/kadmin.c -@@ -1451,12 +1451,16 @@ kadmin_getprinc(int argc, char *argv[]) - for (i = 0; i < dprinc.n_key_data; i++) { - krb5_key_data *key_data = &dprinc.key_data[i]; - char enctype[BUFSIZ], salttype[BUFSIZ]; -+ char *deprecated = ""; - - if (krb5_enctype_to_name(key_data->key_data_type[0], FALSE, - enctype, sizeof(enctype))) - snprintf(enctype, sizeof(enctype), _(""), - key_data->key_data_type[0]); -- printf("Key: vno %d, %s", key_data->key_data_kvno, enctype); -+ if (krb5int_c_deprecated_enctype(key_data->key_data_type[0])) -+ deprecated = "DEPRECATED:"; -+ printf("Key: vno %d, %s%s", key_data->key_data_kvno, deprecated, -+ enctype); - if (key_data->key_data_ver > 1 && - key_data->key_data_type[1] != KRB5_KDB_SALTTYPE_NORMAL) { - if (krb5_salttype_to_string(key_data->key_data_type[1], -diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c -index f5c581c82..96c88edc1 100644 ---- a/src/kdc/kdc_util.c -+++ b/src/kdc/kdc_util.c -@@ -1048,11 +1048,20 @@ static krb5_error_code - enctype_name(krb5_enctype ktype, char *buf, size_t buflen) - { - char *name; -+ size_t len; - - if (buflen == 0) - return EINVAL; - *buf = '\0'; /* ensure these are always valid C-strings */ - -+ if (krb5int_c_deprecated_enctype(ktype)) { -+ len = strlcpy(buf, "DEPRECATED:", buflen); -+ if (len >= buflen) -+ return ENOMEM; -+ buflen -= len; -+ buf += len; -+ } -+ - /* rfc4556 recommends that clients wishing to indicate support for these - * pkinit algorithms include them in the etype field of the AS-REQ. */ - if (ktype == ENCTYPE_DSA_SHA1_CMS) -diff --git a/src/kdc/main.c b/src/kdc/main.c -index 663fd6303..60092a0df 100644 ---- a/src/kdc/main.c -+++ b/src/kdc/main.c -@@ -210,12 +210,23 @@ init_realm(kdc_realm_t * rdp, krb5_pointer aprof, char *realm, - char *svalue = NULL; - const char *hierarchy[4]; - krb5_kvno mkvno = IGNORE_VNO; -+ char ename[32]; - - memset(rdp, 0, sizeof(kdc_realm_t)); - if (!realm) { - kret = EINVAL; - goto whoops; - } -+ -+ if (def_enctype != ENCTYPE_UNKNOWN && -+ krb5int_c_deprecated_enctype(def_enctype)) { -+ if (krb5_enctype_to_name(def_enctype, FALSE, ename, sizeof(ename))) -+ ename[0] = '\0'; -+ fprintf(stderr, -+ _("Requested master password enctype %s in %s is DEPRECATED!"), -+ ename, realm); -+ } -+ - hierarchy[0] = KRB5_CONF_REALMS; - hierarchy[1] = realm; - hierarchy[3] = NULL; -@@ -370,6 +381,14 @@ init_realm(kdc_realm_t * rdp, krb5_pointer aprof, char *realm, - goto whoops; - } - -+ if (krb5int_c_deprecated_enctype(rdp->realm_mkey.enctype)) { -+ if (krb5_enctype_to_name(rdp->realm_mkey.enctype, FALSE, ename, -+ sizeof(ename))) -+ ename[0] = '\0'; -+ fprintf(stderr, _("Stash file %s uses DEPRECATED enctype %s!"), -+ rdp->realm_stash, ename); -+ } -+ - if ((kret = krb5_db_fetch_mkey_list(rdp->realm_context, rdp->realm_mprinc, - &rdp->realm_mkey))) { - kdc_err(rdp->realm_context, kret, -diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py -index 5d9f80e04..ca3d32d21 100755 ---- a/src/tests/gssapi/t_enctypes.py -+++ b/src/tests/gssapi/t_enctypes.py -@@ -9,8 +9,11 @@ from k5test import * - aes256 = 'aes256-cts-hmac-sha1-96' - aes128 = 'aes128-cts-hmac-sha1-96' - des3 = 'des3-cbc-sha1' -+d_des3 = 'DEPRECATED:des3-cbc-sha1' - des3raw = 'des3-cbc-raw' -+d_des3raw = 'DEPRECATED:des3-cbc-raw' - rc4 = 'arcfour-hmac' -+d_rc4 = 'DEPRECATED:arcfour-hmac' - - # These tests make assumptions about the default enctype lists, so set - # them explicitly rather than relying on the library defaults. -@@ -92,7 +95,7 @@ test_err('acc aes128', None, 'aes128-cts', - # no acceptor subkey will be generated because we can't upgrade to a - # CFX enctype. - test('init des3', 'des3', None, -- tktenc=aes256, tktsession=des3, -+ tktenc=aes256, tktsession=d_des3, - proto='rfc1964', isubkey=des3raw, asubkey=None) - - # Force the ticket session key to be rc4, so we can test some subkey -@@ -103,7 +106,7 @@ realm.run([kadminl, 'setstr', realm.host_princ, 'session_enctypes', 'rc4']) - # [aes256 aes128 des3] and the acceptor should upgrade to an aes256 - # subkey. - test('upgrade noargs', None, None, -- tktenc=aes256, tktsession=rc4, -+ tktenc=aes256, tktsession=d_rc4, - proto='cfx', isubkey=rc4, asubkey=aes256) - - # If the initiator won't permit rc4 as a session key, it won't be able -@@ -113,14 +116,14 @@ test_err('upgrade init aes', 'aes', None, 'no support for encryption type') - # If the initiator permits rc4 but prefers aes128, it will send an - # upgrade list of [aes128] and the acceptor will upgrade to aes128. - test('upgrade init aes128+rc4', 'aes128-cts rc4', None, -- tktenc=aes256, tktsession=rc4, -+ tktenc=aes256, tktsession=d_rc4, - proto='cfx', isubkey=rc4, asubkey=aes128) - - # If the initiator permits rc4 but prefers des3, it will send an - # upgrade list of [des3], but the acceptor won't generate a subkey - # because des3 isn't a CFX enctype. - test('upgrade init des3+rc4', 'des3 rc4', None, -- tktenc=aes256, tktsession=rc4, -+ tktenc=aes256, tktsession=d_rc4, - proto='rfc1964', isubkey=rc4, asubkey=None) - - # If the acceptor permits only aes128, subkey negotiation will fail -@@ -134,14 +137,14 @@ test_err('upgrade acc aes128', None, 'aes128-cts', - # If the acceptor permits rc4 but prefers aes128, it will negotiate an - # upgrade to aes128. - test('upgrade acc aes128 rc4', None, 'aes128-cts rc4', -- tktenc=aes256, tktsession=rc4, -+ tktenc=aes256, tktsession=d_rc4, - proto='cfx', isubkey=rc4, asubkey=aes128) - - # In this test, the initiator and acceptor each prefer an AES enctype - # to rc4, but they can't agree on which one, so no subkey is - # generated. - test('upgrade mismatch', 'aes128-cts rc4', 'aes256-cts rc4', -- tktenc=aes256, tktsession=rc4, -+ tktenc=aes256, tktsession=d_rc4, - proto='rfc1964', isubkey=rc4, asubkey=None) - - success('gss_krb5_set_allowable_enctypes tests') -diff --git a/src/tests/t_keyrollover.py b/src/tests/t_keyrollover.py -index 7c8d828f0..4af6804f2 100755 ---- a/src/tests/t_keyrollover.py -+++ b/src/tests/t_keyrollover.py -@@ -22,8 +22,9 @@ realm.run([kvno, princ1]) - realm.run([kadminl, 'purgekeys', realm.krbtgt_princ]) - # Make sure an old TGT fails after purging old TGS key. - realm.run([kvno, princ2], expected_code=1) --msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): des-cbc-crc, des-cbc-crc' % \ -- (realm.realm, realm.realm) -+ddes = "DEPRECATED:des-cbc-crc" -+msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): %s, %s' % \ -+ (realm.realm, realm.realm, ddes, ddes) - realm.run([klist, '-e'], expected_msg=msg) - - # Check that new key actually works. -@@ -48,7 +49,8 @@ realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes256-cts', - realm.krbtgt_princ]) - realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ]) - out = realm.run([kadminl, 'getprinc', realm.krbtgt_princ]) --if 'vno 1, aes256' not in out or 'vno 1, des3' not in out: -+if 'vno 1, aes256-cts' not in out or \ -+ 'vno 1, DEPRECATED:des3-cbc-sha1' not in out: - fail('keyrollover: setup for TGS enctype test failed') - # Now present the DES3 ticket to the KDC and make sure it's rejected. - realm.run([kvno, realm.host_princ], expected_code=1) -diff --git a/src/tests/t_sesskeynego.py b/src/tests/t_sesskeynego.py -index 448092387..da02f224a 100755 ---- a/src/tests/t_sesskeynego.py -+++ b/src/tests/t_sesskeynego.py -@@ -62,11 +62,11 @@ test_kvno(realm, 'aes128-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96') - # 3b: Negotiate rc4-hmac session key when principal only has aes256 long-term. - realm.run([kadminl, 'setstr', 'server', 'session_enctypes', - 'rc4-hmac,aes128-cts,aes256-cts']) --test_kvno(realm, 'arcfour-hmac', 'aes256-cts-hmac-sha1-96') -+test_kvno(realm, 'DEPRECATED:arcfour-hmac', 'aes256-cts-hmac-sha1-96') - - # 3c: Test des-cbc-crc default assumption. - realm.run([kadminl, 'delstr', 'server', 'session_enctypes']) --test_kvno(realm, 'des-cbc-crc', 'aes256-cts-hmac-sha1-96') -+test_kvno(realm, 'DEPRECATED:des-cbc-crc', 'aes256-cts-hmac-sha1-96') - realm.stop() - - # Last go: test that we can disable the des-cbc-crc assumption diff --git a/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch b/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch new file mode 100644 index 0000000..c1d53b3 --- /dev/null +++ b/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch @@ -0,0 +1,49 @@ +From 61f3943f9fc237936ed9fd098edcd8dcc43b8da7 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Wed, 6 May 2020 16:03:13 -0400 +Subject: [PATCH] Omit KDC indicator check for S4U2Self requests + +As there was no initial ticket exchange from the client for an +S4U2Self request, the auth indicator check is inapplicable (and would +always fail if any auth indicators are required). + +ticket: 8902 (new) +(cherry picked from commit 183631fbf72351c2d5fc7d60b2d9fc4d09fe7465) +(cherry picked from commit 442f1fa5b2e4034954a51048414cc0863b914379) +--- + src/kdc/do_tgs_req.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c +index 241f34e2a..463a9c0dd 100644 +--- a/src/kdc/do_tgs_req.c ++++ b/src/kdc/do_tgs_req.c +@@ -392,8 +392,8 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt, + } + authtime = subject_tkt->times.authtime; + +- /* Extract auth indicators from the subject ticket, except for S4U2Self +- * requests (where the client didn't authenticate). */ ++ /* Extract and check auth indicators from the subject ticket, except for ++ * S4U2Self requests (where the client didn't authenticate). */ + if (s4u_x509_user == NULL) { + errcode = get_auth_indicators(kdc_context, subject_tkt, local_tgt, + &local_tgt_key, &auth_indicators); +@@ -401,12 +401,12 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt, + status = "GET_AUTH_INDICATORS"; + goto cleanup; + } +- } + +- errcode = check_indicators(kdc_context, server, auth_indicators); +- if (errcode) { +- status = "HIGHER_AUTHENTICATION_REQUIRED"; +- goto cleanup; ++ errcode = check_indicators(kdc_context, server, auth_indicators); ++ if (errcode) { ++ status = "HIGHER_AUTHENTICATION_REQUIRED"; ++ goto cleanup; ++ } + } + + if (is_referral) diff --git a/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch b/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch new file mode 100644 index 0000000..a852fa7 --- /dev/null +++ b/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch @@ -0,0 +1,35 @@ +From 4c4c22639eb2794e563370a2ee48a34dbdddc639 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris +Date: Sat, 6 Jun 2020 11:03:37 +0200 +Subject: [PATCH] Omit PA_FOR_USER if we can't compute its checksum + +OpenSSL in FIPS mode will refuse to perform hmac-md5. Omit the legacy +PA_FOR_USER element in this case rather than failing out. + +[ghudson@mit.edu: minor code and comment edits; wrote commit message] + +ticket: 8912 (new) +(cherry picked from commit 03f122bdb22cfa53c7d855ed929c9541e56365e0) +(cherry picked from commit 086de78292b8ae89aba8a72926831124da44205d) +--- + src/lib/krb5/krb/s4u_creds.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c +index fc5c886d6..d8f486dc6 100644 +--- a/src/lib/krb5/krb/s4u_creds.c ++++ b/src/lib/krb5/krb/s4u_creds.c +@@ -534,6 +534,13 @@ krb5_get_self_cred_from_kdc(krb5_context context, + if (s4u_user.user_id.user != NULL && s4u_user.user_id.user->length) { + code = build_pa_for_user(context, tgtptr, &s4u_user.user_id, + &in_padata[1]); ++ /* ++ * If we couldn't compute the hmac-md5 checksum, send only the ++ * KRB5_PADATA_S4U_X509_USER; this will still work against modern ++ * Windows and MIT KDCs. ++ */ ++ if (code == KRB5_CRYPTO_INTERNAL) ++ code = 0; + if (code != 0) { + krb5_free_pa_data(context, in_padata); + goto cleanup; diff --git a/SOURCES/Pass-channel-bindings-through-SPNEGO.patch b/SOURCES/Pass-channel-bindings-through-SPNEGO.patch new file mode 100644 index 0000000..8ab4bbf --- /dev/null +++ b/SOURCES/Pass-channel-bindings-through-SPNEGO.patch @@ -0,0 +1,257 @@ +From d98f8867f8245b3c9dd506271897d0f03d69ae49 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris +Date: Tue, 28 Apr 2020 18:15:55 +0200 +Subject: [PATCH] Pass channel bindings through SPNEGO + +ticket: 8907 (new) +(cherry picked from commit d16325a24c34ec9a5f6fb4910987f162e0d4d9cd) +(cherry picked from commit ee79bd43005245d3e5a2d3ec6d61146945e77717) +--- + src/lib/gssapi/spnego/gssapiP_negoex.h | 8 ++--- + src/lib/gssapi/spnego/negoex_ctx.c | 34 +++++++++++---------- + src/lib/gssapi/spnego/spnego_mech.c | 41 +++++++++++++------------- + 3 files changed, 43 insertions(+), 40 deletions(-) + +diff --git a/src/lib/gssapi/spnego/gssapiP_negoex.h b/src/lib/gssapi/spnego/gssapiP_negoex.h +index 44b08f523..489ab7c42 100644 +--- a/src/lib/gssapi/spnego/gssapiP_negoex.h ++++ b/src/lib/gssapi/spnego/gssapiP_negoex.h +@@ -201,10 +201,10 @@ negoex_restrict_auth_schemes(spnego_gss_ctx_id_t ctx, + OM_uint32 + negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req, +- gss_buffer_t input_token, gss_buffer_t output_token, +- OM_uint32 *time_rec); ++ gss_buffer_t input_token, gss_channel_bindings_t bindings, ++ gss_buffer_t output_token, OM_uint32 *time_rec); + + OM_uint32 + negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, +- gss_buffer_t input_token, gss_buffer_t output_token, +- OM_uint32 *time_rec); ++ gss_buffer_t input_token, gss_channel_bindings_t bindings, ++ gss_buffer_t output_token, OM_uint32 *time_rec); +diff --git a/src/lib/gssapi/spnego/negoex_ctx.c b/src/lib/gssapi/spnego/negoex_ctx.c +index 18d9d4147..8848ee4db 100644 +--- a/src/lib/gssapi/spnego/negoex_ctx.c ++++ b/src/lib/gssapi/spnego/negoex_ctx.c +@@ -276,7 +276,8 @@ static OM_uint32 + mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + gss_name_t target, OM_uint32 req_flags, OM_uint32 time_req, + struct negoex_message *messages, size_t nmessages, +- gss_buffer_t output_token, OM_uint32 *time_rec) ++ gss_channel_bindings_t bindings, gss_buffer_t output_token, ++ OM_uint32 *time_rec) + { + OM_uint32 major, first_major = 0, first_minor = 0; + struct negoex_auth_mech *mech = NULL; +@@ -316,10 +317,9 @@ mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + mech = K5_TAILQ_FIRST(&ctx->negoex_mechs); + + major = gss_init_sec_context(minor, cred, &mech->mech_context, target, +- mech->oid, req_flags, time_req, +- GSS_C_NO_CHANNEL_BINDINGS, input_token, +- &ctx->actual_mech, output_token, +- &ctx->ctx_flags, time_rec); ++ mech->oid, req_flags, time_req, bindings, ++ input_token, &ctx->actual_mech, ++ output_token, &ctx->ctx_flags, time_rec); + + if (major == GSS_S_COMPLETE) + mech->complete = 1; +@@ -351,7 +351,8 @@ mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + static OM_uint32 + mech_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, + gss_cred_id_t cred, struct negoex_message *messages, +- size_t nmessages, gss_buffer_t output_token, OM_uint32 *time_rec) ++ size_t nmessages, gss_channel_bindings_t bindings, ++ gss_buffer_t output_token, OM_uint32 *time_rec) + { + OM_uint32 major, tmpmin; + struct negoex_auth_mech *mech; +@@ -395,10 +396,10 @@ mech_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, + gss_release_cred(&tmpmin, &ctx->deleg_cred); + + major = gss_accept_sec_context(minor, &mech->mech_context, cred, +- &msg->token, GSS_C_NO_CHANNEL_BINDINGS, +- &ctx->internal_name, &ctx->actual_mech, +- output_token, &ctx->ctx_flags, +- time_rec, &ctx->deleg_cred); ++ &msg->token, bindings, &ctx->internal_name, ++ &ctx->actual_mech, output_token, ++ &ctx->ctx_flags, time_rec, ++ &ctx->deleg_cred); + + if (major == GSS_S_COMPLETE) + mech->complete = 1; +@@ -609,8 +610,8 @@ make_output_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, + OM_uint32 + negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req, +- gss_buffer_t input_token, gss_buffer_t output_token, +- OM_uint32 *time_rec) ++ gss_buffer_t input_token, gss_channel_bindings_t bindings, ++ gss_buffer_t output_token, OM_uint32 *time_rec) + { + OM_uint32 major, tmpmin; + gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER; +@@ -663,7 +664,8 @@ negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + /* Process the input token and/or produce an output token. This may prune + * the mech list, but on success there will be at least one mech entry. */ + major = mech_init(minor, ctx, cred, target_name, req_flags, time_req, +- messages, nmessages, &mech_output_token, time_rec); ++ messages, nmessages, bindings, &mech_output_token, ++ time_rec); + if (major != GSS_S_COMPLETE) + goto cleanup; + assert(!K5_TAILQ_EMPTY(&ctx->negoex_mechs)); +@@ -701,8 +703,8 @@ cleanup: + + OM_uint32 + negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, +- gss_buffer_t input_token, gss_buffer_t output_token, +- OM_uint32 *time_rec) ++ gss_buffer_t input_token, gss_channel_bindings_t bindings, ++ gss_buffer_t output_token, OM_uint32 *time_rec) + { + OM_uint32 major, tmpmin; + gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER; +@@ -754,7 +756,7 @@ negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + * prune the list to a single mech. Continue on error if an output token + * is generated, so that we send the token to the initiator. + */ +- major = mech_accept(minor, ctx, cred, messages, nmessages, ++ major = mech_accept(minor, ctx, cred, messages, nmessages, bindings, + &mech_output_token, time_rec); + if (major != GSS_S_COMPLETE && mech_output_token.length == 0) + goto cleanup; +diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c +index 594fc5894..4cf011143 100644 +--- a/src/lib/gssapi/spnego/spnego_mech.c ++++ b/src/lib/gssapi/spnego/spnego_mech.c +@@ -130,6 +130,7 @@ init_ctx_reselect(OM_uint32 *, spnego_gss_ctx_id_t, OM_uint32, + static OM_uint32 + init_ctx_call_init(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t, + OM_uint32, gss_name_t, OM_uint32, OM_uint32, gss_buffer_t, ++ gss_channel_bindings_t, + gss_buffer_t, OM_uint32 *, send_token_flag *); + + static OM_uint32 +@@ -144,8 +145,8 @@ acc_ctx_vfy_oid(OM_uint32 *, spnego_gss_ctx_id_t, gss_OID, + OM_uint32 *, send_token_flag *); + static OM_uint32 + acc_ctx_call_acc(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t, +- gss_buffer_t, gss_buffer_t, OM_uint32 *, OM_uint32 *, +- send_token_flag *); ++ gss_buffer_t, gss_channel_bindings_t, gss_buffer_t, ++ OM_uint32 *, OM_uint32 *, send_token_flag *); + + static gss_OID + negotiate_mech(spnego_gss_ctx_id_t, gss_OID_set, OM_uint32 *); +@@ -905,6 +906,7 @@ init_ctx_call_init(OM_uint32 *minor_status, + OM_uint32 req_flags, + OM_uint32 time_req, + gss_buffer_t mechtok_in, ++ gss_channel_bindings_t bindings, + gss_buffer_t mechtok_out, + OM_uint32 *time_rec, + send_token_flag *send_token) +@@ -921,15 +923,14 @@ init_ctx_call_init(OM_uint32 *minor_status, + if (gss_oid_equal(sc->internal_mech, &negoex_mech)) { + ret = negoex_init(minor_status, sc, mcred, target_name, + mech_req_flags, time_req, mechtok_in, +- mechtok_out, time_rec); ++ bindings, mechtok_out, time_rec); + } else { + ret = gss_init_sec_context(minor_status, mcred, + &sc->ctx_handle, target_name, + sc->internal_mech, mech_req_flags, +- time_req, GSS_C_NO_CHANNEL_BINDINGS, +- mechtok_in, &sc->actual_mech, +- mechtok_out, &sc->ctx_flags, +- time_rec); ++ time_req, bindings, mechtok_in, ++ &sc->actual_mech, mechtok_out, ++ &sc->ctx_flags, time_rec); + } + + /* Bail out if the acceptor gave us an error token but the mech didn't +@@ -981,8 +982,8 @@ init_ctx_call_init(OM_uint32 *minor_status, + gss_delete_sec_context(&tmpmin, &sc->ctx_handle, GSS_C_NO_BUFFER); + tmpret = init_ctx_call_init(&tmpmin, sc, spcred, acc_negState, + target_name, req_flags, time_req, +- mechtok_in, mechtok_out, time_rec, +- send_token); ++ mechtok_in, bindings, mechtok_out, ++ time_rec, send_token); + if (HARD_ERROR(tmpret)) + goto fail; + *minor_status = tmpmin; +@@ -1004,7 +1005,7 @@ spnego_gss_init_sec_context( + gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, +- gss_channel_bindings_t input_chan_bindings, ++ gss_channel_bindings_t bindings, + gss_buffer_t input_token, + gss_OID *actual_mech, + gss_buffer_t output_token, +@@ -1084,8 +1085,8 @@ spnego_gss_init_sec_context( + if (!spnego_ctx->mech_complete) { + ret = init_ctx_call_init(minor_status, spnego_ctx, spcred, + acc_negState, target_name, req_flags, +- time_req, mechtok_in, &mechtok_out, +- time_rec, &send_token); ++ time_req, mechtok_in, bindings, ++ &mechtok_out, time_rec, &send_token); + if (ret != GSS_S_COMPLETE) + goto cleanup; + +@@ -1542,8 +1543,9 @@ cleanup: + static OM_uint32 + acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc, + spnego_gss_cred_id_t spcred, gss_buffer_t mechtok_in, +- gss_buffer_t mechtok_out, OM_uint32 *time_rec, +- OM_uint32 *negState, send_token_flag *tokflag) ++ gss_channel_bindings_t bindings, gss_buffer_t mechtok_out, ++ OM_uint32 *time_rec, OM_uint32 *negState, ++ send_token_flag *tokflag) + { + OM_uint32 ret, tmpmin; + gss_OID_desc mechoid; +@@ -1568,13 +1570,12 @@ acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc, + mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred; + if (negoex) { + ret = negoex_accept(minor_status, sc, mcred, mechtok_in, +- mechtok_out, time_rec); ++ bindings, mechtok_out, time_rec); + } else { + (void) gss_release_name(&tmpmin, &sc->internal_name); + (void) gss_release_cred(&tmpmin, &sc->deleg_cred); + ret = gss_accept_sec_context(minor_status, &sc->ctx_handle, +- mcred, mechtok_in, +- GSS_C_NO_CHANNEL_BINDINGS, ++ mcred, mechtok_in, bindings, + &sc->internal_name, + &sc->actual_mech, mechtok_out, + &sc->ctx_flags, time_rec, +@@ -1620,7 +1621,7 @@ spnego_gss_accept_sec_context( + gss_ctx_id_t *context_handle, + gss_cred_id_t verifier_cred_handle, + gss_buffer_t input_token, +- gss_channel_bindings_t input_chan_bindings, ++ gss_channel_bindings_t bindings, + gss_name_t *src_name, + gss_OID *mech_type, + gss_buffer_t output_token, +@@ -1734,8 +1735,8 @@ spnego_gss_accept_sec_context( + */ + if (negState != REQUEST_MIC && mechtok_in != GSS_C_NO_BUFFER) { + ret = acc_ctx_call_acc(minor_status, sc, spcred, mechtok_in, +- &mechtok_out, time_rec, &negState, +- &return_token); ++ bindings, &mechtok_out, time_rec, ++ &negState, &return_token); + } + + /* Step 3: process or generate the MIC, if the negotiated mech is diff --git a/SOURCES/Pass-gss_localname-through-SPNEGO.patch b/SOURCES/Pass-gss_localname-through-SPNEGO.patch new file mode 100644 index 0000000..90804e0 --- /dev/null +++ b/SOURCES/Pass-gss_localname-through-SPNEGO.patch @@ -0,0 +1,59 @@ +From 64b1fdf0732b094e174b484fd9aac29f06e482bd Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Sun, 26 Apr 2020 19:55:54 -0400 +Subject: [PATCH] Pass gss_localname() through SPNEGO + +ticket: 8897 (new) +(cherry picked from commit f7b8a6432bd289bdc528017be122305f95b8e285) +(cherry picked from commit 646212314a580a8cdffdacda9cb3c8f806471b08) +--- + src/lib/gssapi/spnego/gssapiP_spnego.h | 8 ++++++++ + src/lib/gssapi/spnego/spnego_mech.c | 9 ++++++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h +index a93763314..066ec736f 100644 +--- a/src/lib/gssapi/spnego/gssapiP_spnego.h ++++ b/src/lib/gssapi/spnego/gssapiP_spnego.h +@@ -357,6 +357,14 @@ OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit + OM_uint32 *max_input_size + ); + ++OM_uint32 KRB5_CALLCONV spnego_gss_localname ++( ++ OM_uint32 *minor_status, ++ const gss_name_t pname, ++ const gss_const_OID mech_type, ++ gss_buffer_t localname ++); ++ + OM_uint32 KRB5_CALLCONV spnego_gss_get_mic + ( + OM_uint32 *minor_status, +diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c +index ec0bae6a4..594fc5894 100644 +--- a/src/lib/gssapi/spnego/spnego_mech.c ++++ b/src/lib/gssapi/spnego/spnego_mech.c +@@ -237,7 +237,7 @@ static struct gss_config spnego_mechanism = + spnego_gss_inquire_context, /* gss_inquire_context */ + NULL, /* gss_internal_release_oid */ + spnego_gss_wrap_size_limit, /* gss_wrap_size_limit */ +- NULL, /* gssd_pname_to_uid */ ++ spnego_gss_localname, + NULL, /* gss_userok */ + NULL, /* gss_export_name */ + spnego_gss_duplicate_name, /* gss_duplicate_name */ +@@ -2371,6 +2371,13 @@ spnego_gss_wrap_size_limit( + return (ret); + } + ++OM_uint32 KRB5_CALLCONV ++spnego_gss_localname(OM_uint32 *minor_status, const gss_name_t pname, ++ const gss_const_OID mech_type, gss_buffer_t localname) ++{ ++ return gss_localname(minor_status, pname, GSS_C_NO_OID, localname); ++} ++ + OM_uint32 KRB5_CALLCONV + spnego_gss_get_mic( + OM_uint32 *minor_status, diff --git a/SOURCES/Properly-size-ifdef-in-k5_cccol_lock.patch b/SOURCES/Properly-size-ifdef-in-k5_cccol_lock.patch deleted file mode 100644 index b1e4563..0000000 --- a/SOURCES/Properly-size-ifdef-in-k5_cccol_lock.patch +++ /dev/null @@ -1,34 +0,0 @@ -From bad6d4390e6e23099cc2295d94e2553575687561 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Thu, 14 Feb 2019 11:50:35 -0500 -Subject: [PATCH] Properly size #ifdef in k5_cccol_lock() - -The cleanup code only could get executed in the USE_CCAPI_V3 case, so -move it inside that block. Reported by Coverity. - -(cherry picked from commit 444a15f9cf82b9a6c1bca3f20307f82fee91c228) -(cherry picked from commit e2a0e04fb3be9297a8c532dd35a7c1045cae88f4) ---- - src/lib/krb5/ccache/ccbase.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib/krb5/ccache/ccbase.c b/src/lib/krb5/ccache/ccbase.c -index 8198f2b9b..2702bef69 100644 ---- a/src/lib/krb5/ccache/ccbase.c -+++ b/src/lib/krb5/ccache/ccbase.c -@@ -511,7 +511,6 @@ krb5_cccol_lock(krb5_context context) - #endif - #ifdef USE_CCAPI_V3 - ret = krb5_stdccv3_context_lock(context); --#endif - if (ret) { - k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); -@@ -519,6 +518,7 @@ krb5_cccol_lock(krb5_context context) - k5_cc_mutex_unlock(context, &cccol_lock); - return ret; - } -+#endif - k5_mutex_unlock(&cc_typelist_lock); - return ret; - } diff --git a/SOURCES/Put-KDB-authdata-first.patch b/SOURCES/Put-KDB-authdata-first.patch deleted file mode 100644 index 998fa0e..0000000 --- a/SOURCES/Put-KDB-authdata-first.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 684821fc68fd27ddcc5f809a37819edd35365a9d Mon Sep 17 00:00:00 2001 -From: Isaac Boukris -Date: Sat, 1 Feb 2020 16:13:30 +0100 -Subject: [PATCH] Put KDB authdata first - -Windows services, as well as some versions of Samba, may refuse -tickets if the PAC is not in the first AD-IF-RELEVANT container. In -fetch_kdb_authdata(), change the merge order so that authdata from the -KDB module appears first. - -[ghudson@mit.edu: added comment and clarified commit message] - -ticket: 8872 (new) -tags: pullup -target_version: 1.18 -target_version: 1.17-next - -(cherry picked from commit 331fa4bdd34263ea20667a0f51338cb84357fdaa) -(cherry picked from commit 1678270de3fda699114122447b1f06b08fb4e53e) ---- - src/kdc/kdc_authdata.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c -index 1b067cb0b..616c3eadc 100644 ---- a/src/kdc/kdc_authdata.c -+++ b/src/kdc/kdc_authdata.c -@@ -383,11 +383,14 @@ fetch_kdb_authdata(krb5_context context, unsigned int flags, - if (ret) - return (ret == KRB5_PLUGIN_OP_NOTSUPP) ? 0 : ret; - -- /* Add the KDB authdata to the ticket, without copying or filtering. */ -- ret = merge_authdata(context, db_authdata, -- &enc_tkt_reply->authorization_data, FALSE, FALSE); -+ /* Put the KDB authdata first in the ticket. A successful merge places the -+ * combined list in db_authdata and releases the old ticket authdata. */ -+ ret = merge_authdata(context, enc_tkt_reply->authorization_data, -+ &db_authdata, FALSE, FALSE); - if (ret) - krb5_free_authdata(context, db_authdata); -+ else -+ enc_tkt_reply->authorization_data = db_authdata; - return ret; - } - diff --git a/SOURCES/Refactor-krb5-GSS-checksum-handling.patch b/SOURCES/Refactor-krb5-GSS-checksum-handling.patch new file mode 100644 index 0000000..8e97028 --- /dev/null +++ b/SOURCES/Refactor-krb5-GSS-checksum-handling.patch @@ -0,0 +1,480 @@ +From c4a49f5b42916fdbb34c72a11adb42ff879c50c3 Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Fri, 30 Jun 2017 16:03:01 -0400 +Subject: [PATCH] Refactor krb5 GSS checksum handling + +Separate out checksum handling from kg_accept_krb5() into a new helper +process_checksum(). + +[ghudson@mit.edu: simplified checksum processing and made it use +k5-input.h instead of TREAD_ macros; moved more flag handling into +helper] + +[iboukris: adjusted helper function arguments, allowing access to the +full authenticator for subsequent changes] + +(cherry picked from commit 64d56233f9816a2a93f6e8d3030c8ed6ce397735) +[rharwood@redhat.com: problem with typo fix commit, I think] +(cherry picked from commit a34b7c50e62c19f80d39ece6a72017dac781df64) +--- + src/lib/gssapi/krb5/accept_sec_context.c | 383 +++++++++++------------ + 1 file changed, 179 insertions(+), 204 deletions(-) + +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index c5bddb1e8..70dd7fc0c 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -98,6 +98,7 @@ + */ + + #include "k5-int.h" ++#include "k5-input.h" + #include "gssapiP_krb5.h" + #ifdef HAVE_MEMORY_H + #include +@@ -413,6 +414,174 @@ kg_process_extension(krb5_context context, + return code; + } + ++/* The length of the MD5 channel bindings in an 0x8003 checksum */ ++#define CB_MD5_LEN 16 ++ ++/* The minimum length of an 0x8003 checksum value (4-byte channel bindings ++ * length, 16-byte channel bindings, 4-byte flags) */ ++#define MIN_8003_LEN (4 + CB_MD5_LEN + 4) ++ ++/* The flags we accept from the initiator's authenticator checksum. */ ++#define INITIATOR_FLAGS (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | \ ++ GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \ ++ GSS_C_SEQUENCE_FLAG | GSS_C_DCE_STYLE | \ ++ GSS_C_IDENTIFY_FLAG | GSS_C_EXTENDED_ERROR_FLAG) ++ ++/* ++ * The krb5 GSS mech appropriates the authenticator checksum field from RFC ++ * 4120 to store structured data instead of a checksum, indicated with checksum ++ * type 0x8003 (see RFC 4121 section 4.1.1). Some implementations instead send ++ * no checksum, or a regular checksum over empty data. ++ * ++ * Interpret the checksum. Read delegated creds into *deleg_out if it is not ++ * NULL. Set *flags_out to the allowed subset of token flags, plus ++ * GSS_C_DELEG_FLAG if a delegated credential was present. Process any ++ * extensions found using exts. On error, set *code_out to a krb5_error code ++ * for use as a minor status value. ++ */ ++static OM_uint32 ++process_checksum(OM_uint32 *minor_status, krb5_context context, ++ gss_channel_bindings_t acceptor_cb, ++ krb5_auth_context auth_context, krb5_flags ap_req_options, ++ krb5_authenticator *authenticator, krb5_gss_ctx_ext_t exts, ++ krb5_gss_cred_id_t *deleg_out, krb5_ui_4 *flags_out, ++ krb5_error_code *code_out) ++{ ++ krb5_error_code code = 0; ++ OM_uint32 status, option_id, token_flags; ++ size_t cb_len, option_len; ++ krb5_boolean valid; ++ krb5_key subkey; ++ krb5_data option, empty = empty_data(); ++ krb5_checksum cb_cksum; ++ const uint8_t *token_cb, *option_bytes; ++ struct k5input in; ++ const krb5_checksum *cksum = authenticator->checksum; ++ ++ cb_cksum.contents = NULL; ++ ++ if (cksum == NULL) { ++ /* ++ * Some SMB client implementations use handcrafted GSSAPI code that ++ * does not provide a checksum. MS-KILE documents that the Microsoft ++ * implementation considers a missing checksum acceptable; the server ++ * assumes all flags are unset in this case, and does not check channel ++ * bindings. ++ */ ++ *flags_out = 0; ++ } else if (cksum->checksum_type != CKSUMTYPE_KG_CB) { ++ /* Samba sends a regular checksum. */ ++ code = krb5_auth_con_getkey_k(context, auth_context, &subkey); ++ if (code) { ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ ++ /* Verifying the checksum ensures that this authenticator wasn't ++ * replayed from one with a checksum over actual data. */ ++ code = krb5_k_verify_checksum(context, subkey, ++ KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, &empty, ++ cksum, &valid); ++ krb5_k_free_key(context, subkey); ++ if (code || !valid) { ++ status = GSS_S_BAD_SIG; ++ goto fail; ++ } ++ ++ /* Use ap_options from the request to guess the mutual flag. */ ++ *flags_out = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; ++ if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) ++ *flags_out |= GSS_C_MUTUAL_FLAG; ++ } else { ++ /* The checksum must contain at least a fixed 24-byte part. */ ++ if (cksum->length < MIN_8003_LEN) { ++ status = GSS_S_BAD_BINDINGS; ++ goto fail; ++ } ++ ++ k5_input_init(&in, cksum->contents, cksum->length); ++ cb_len = k5_input_get_uint32_le(&in); ++ if (cb_len != CB_MD5_LEN) { ++ code = KG_BAD_LENGTH; ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ ++ token_cb = k5_input_get_bytes(&in, cb_len); ++ if (acceptor_cb != GSS_C_NO_CHANNEL_BINDINGS) { ++ code = kg_checksum_channel_bindings(context, acceptor_cb, ++ &cb_cksum); ++ if (code) { ++ status = GSS_S_BAD_BINDINGS; ++ goto fail; ++ } ++ assert(cb_cksum.length == cb_len); ++ if (k5_bcmp(token_cb, cb_cksum.contents, cb_len) != 0) { ++ status = GSS_S_BAD_BINDINGS; ++ goto fail; ++ } ++ } ++ ++ /* Read the token flags and accept some of them as context flags. */ ++ token_flags = k5_input_get_uint32_le(&in); ++ *flags_out = token_flags & INITIATOR_FLAGS; ++ ++ /* Read the delegated credential if present. */ ++ if (in.len >= 4 && (token_flags & GSS_C_DELEG_FLAG)) { ++ option_id = k5_input_get_uint16_le(&in); ++ option_len = k5_input_get_uint16_le(&in); ++ option_bytes = k5_input_get_bytes(&in, option_len); ++ option = make_data((uint8_t *)option_bytes, option_len); ++ if (in.status) { ++ code = KG_BAD_LENGTH; ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ if (option_id != KRB5_GSS_FOR_CREDS_OPTION) { ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ ++ /* Store the delegated credential. */ ++ code = rd_and_store_for_creds(context, auth_context, &option, ++ deleg_out); ++ if (code) { ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ *flags_out |= GSS_C_DELEG_FLAG; ++ } ++ ++ /* Process any extensions at the end of the checksum. Extensions use ++ * 4-byte big-endian tag and length instead of 2-byte little-endian. */ ++ while (in.len > 0) { ++ option_id = k5_input_get_uint32_be(&in); ++ option_len = k5_input_get_uint32_be(&in); ++ option_bytes = k5_input_get_bytes(&in, option_len); ++ option = make_data((uint8_t *)option_bytes, option_len); ++ if (in.status) { ++ code = KG_BAD_LENGTH; ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ ++ code = kg_process_extension(context, auth_context, option_id, ++ &option, exts); ++ if (code) { ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ } ++ } ++ ++ status = GSS_S_COMPLETE; ++ ++fail: ++ free(cb_cksum.contents); ++ *code_out = code; ++ return status; ++} ++ + static OM_uint32 + kg_accept_krb5(minor_status, context_handle, + verifier_cred_handle, input_token, +@@ -433,17 +602,13 @@ kg_accept_krb5(minor_status, context_handle, + krb5_gss_ctx_ext_t exts; + { + krb5_context context; +- unsigned char *ptr, *ptr2; ++ unsigned char *ptr; + char *sptr; +- OM_uint32 tmp; +- size_t md5len; + krb5_gss_cred_id_t cred = 0; + krb5_data ap_rep, ap_req; +- unsigned int i; + krb5_error_code code; + krb5_address addr, *paddr; + krb5_authenticator *authdat = 0; +- krb5_checksum reqcksum; + krb5_gss_name_t name = NULL; + krb5_ui_4 gss_flags = 0; + krb5_gss_ctx_id_rec *ctx = NULL; +@@ -451,8 +616,6 @@ kg_accept_krb5(minor_status, context_handle, + gss_buffer_desc token; + krb5_auth_context auth_context = NULL; + krb5_ticket * ticket = NULL; +- int option_id; +- krb5_data option; + const gss_OID_desc *mech_used = NULL; + OM_uint32 major_status = GSS_S_FAILURE; + OM_uint32 tmp_minor_status; +@@ -463,7 +626,6 @@ kg_accept_krb5(minor_status, context_handle, + krb5int_access kaccess; + int cred_rcache = 0; + int no_encap = 0; +- int token_deleg_flag = 0; + krb5_flags ap_req_options = 0; + krb5_enctype negotiated_etype; + krb5_authdata_context ad_context = NULL; +@@ -489,7 +651,6 @@ kg_accept_krb5(minor_status, context_handle, + output_token->length = 0; + output_token->value = NULL; + token.value = 0; +- reqcksum.contents = 0; + ap_req.data = 0; + ap_rep.data = 0; + +@@ -654,195 +815,16 @@ kg_accept_krb5(minor_status, context_handle, + + krb5_auth_con_getauthenticator(context, auth_context, &authdat); + +- if (authdat->checksum == NULL) { +- /* +- * Some SMB client implementations use handcrafted GSSAPI code that +- * does not provide a checksum. MS-KILE documents that the Microsoft +- * implementation considers a missing checksum acceptable; the server +- * assumes all flags are unset in this case, and does not check channel +- * bindings. +- */ +- gss_flags = 0; +- } else if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) { +- /* Samba does not send 0x8003 GSS-API checksums */ +- krb5_boolean valid; +- krb5_key subkey; +- krb5_data zero; ++ major_status = process_checksum(minor_status, context, input_chan_bindings, ++ auth_context, ap_req_options, ++ authdat, exts, ++ delegated_cred_handle ? &deleg_cred : NULL, ++ &gss_flags, &code); + +- code = krb5_auth_con_getkey_k(context, auth_context, &subkey); +- if (code) { +- major_status = GSS_S_FAILURE; +- goto fail; +- } ++ if (major_status != GSS_S_COMPLETE) ++ goto fail; + +- zero.length = 0; +- zero.data = ""; +- +- code = krb5_k_verify_checksum(context, +- subkey, +- KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, +- &zero, +- authdat->checksum, +- &valid); +- krb5_k_free_key(context, subkey); +- if (code || !valid) { +- major_status = GSS_S_BAD_SIG; +- goto fail; +- } +- +- /* Use ap_options from the request to guess the mutual flag. */ +- gss_flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; +- if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) +- gss_flags |= GSS_C_MUTUAL_FLAG; +- } else { +- /* gss krb5 v1 */ +- +- /* stash this now, for later. */ +- code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &md5len); +- if (code) { +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- +- /* verify that the checksum is correct */ +- +- /* +- The checksum may be either exactly 24 bytes, in which case +- no options are specified, or greater than 24 bytes, in which case +- one or more options are specified. Currently, the only valid +- option is KRB5_GSS_FOR_CREDS_OPTION ( = 1 ). +- */ +- +- if ((authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) || +- (authdat->checksum->length < 24)) { +- code = 0; +- major_status = GSS_S_BAD_BINDINGS; +- goto fail; +- } +- +- ptr = (unsigned char *) authdat->checksum->contents; +- +- TREAD_INT(ptr, tmp, 0); +- +- if (tmp != md5len) { +- code = KG_BAD_LENGTH; +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- +- /* +- The following section of code attempts to implement the +- optional channel binding facility as described in RFC2743. +- +- Since this facility is optional channel binding may or may +- not have been provided by either the client or the server. +- +- If the server has specified input_chan_bindings equal to +- GSS_C_NO_CHANNEL_BINDINGS then we skip the check. If +- the server does provide channel bindings then we compute +- a checksum and compare against those provided by the +- client. */ +- +- if ((code = kg_checksum_channel_bindings(context, +- input_chan_bindings, +- &reqcksum))) { +- major_status = GSS_S_BAD_BINDINGS; +- goto fail; +- } +- +- /* Always read the clients bindings - eventhough we might ignore them */ +- TREAD_STR(ptr, ptr2, reqcksum.length); +- +- if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS ) { +- if (memcmp(ptr2, reqcksum.contents, reqcksum.length) != 0) { +- xfree(reqcksum.contents); +- reqcksum.contents = 0; +- code = 0; +- major_status = GSS_S_BAD_BINDINGS; +- goto fail; +- } +- +- } +- +- xfree(reqcksum.contents); +- reqcksum.contents = 0; +- +- /* Read the token flags. Remember if GSS_C_DELEG_FLAG was set, but +- * mask it out until we actually read a delegated credential. */ +- TREAD_INT(ptr, gss_flags, 0); +- token_deleg_flag = (gss_flags & GSS_C_DELEG_FLAG); +- gss_flags &= ~GSS_C_DELEG_FLAG; +- +- /* if the checksum length > 24, there are options to process */ +- +- i = authdat->checksum->length - 24; +- if (i && token_deleg_flag) { +- if (i >= 4) { +- TREAD_INT16(ptr, option_id, 0); +- TREAD_INT16(ptr, option.length, 0); +- i -= 4; +- +- if (i < option.length) { +- code = KG_BAD_LENGTH; +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- +- /* have to use ptr2, since option.data is wrong type and +- macro uses ptr as both lvalue and rvalue */ +- +- TREAD_STR(ptr, ptr2, option.length); +- option.data = (char *) ptr2; +- +- i -= option.length; +- +- if (option_id != KRB5_GSS_FOR_CREDS_OPTION) { +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- +- /* store the delegated credential */ +- +- code = rd_and_store_for_creds(context, auth_context, &option, +- (delegated_cred_handle) ? +- &deleg_cred : NULL); +- if (code) { +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- +- gss_flags |= GSS_C_DELEG_FLAG; +- } /* if i >= 4 */ +- /* ignore any additional trailing data, for now */ +- } +- while (i > 0) { +- /* Process Type-Length-Data options */ +- if (i < 8) { +- code = KG_BAD_LENGTH; +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- TREAD_INT(ptr, option_id, 1); +- TREAD_INT(ptr, option.length, 1); +- i -= 8; +- if (i < option.length) { +- code = KG_BAD_LENGTH; +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- TREAD_STR(ptr, ptr2, option.length); +- option.data = (char *)ptr2; +- +- i -= option.length; +- +- code = kg_process_extension(context, auth_context, +- option_id, &option, exts); +- if (code != 0) { +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- } +- } ++ major_status = GSS_S_FAILURE; + + if (exts->iakerb.conv && !exts->iakerb.verified) { + major_status = GSS_S_BAD_SIG; +@@ -869,12 +851,7 @@ kg_accept_krb5(minor_status, context_handle, + ctx->mech_used = (gss_OID) mech_used; + ctx->auth_context = auth_context; + ctx->initiate = 0; +- ctx->gss_flags = (GSS_C_TRANS_FLAG | +- ((gss_flags) & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | +- GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | +- GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG | +- GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG | +- GSS_C_EXTENDED_ERROR_FLAG))); ++ ctx->gss_flags = gss_flags | GSS_C_TRANS_FLAG; + ctx->seed_init = 0; + ctx->cred_rcache = cred_rcache; + +@@ -1161,8 +1138,6 @@ fail: + + krb5_auth_con_free(context, auth_context); + } +- if (reqcksum.contents) +- xfree(reqcksum.contents); + if (ap_rep.data) + krb5_free_data_contents(context, &ap_rep); + if (major_status == GSS_S_COMPLETE || diff --git a/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch b/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch new file mode 100644 index 0000000..c8c6cd8 --- /dev/null +++ b/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch @@ -0,0 +1,79 @@ +From fdd97fe6c9f0a3a6ff8d2580ca9f3c46826449b7 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 26 Feb 2020 18:27:17 -0500 +Subject: [PATCH] Refresh manually acquired creds from client keytab + +If a client keytab is present but credentials are acquired manually, +the credentials would not be refreshed because no refresh_time config +var is set in the cache. Change kg_cred_time_to_refresh() to attempt +a refresh from the client keytab on any credentials which will expire +in the next 30 seconds. + +[ghudson@mit.edu: adjused code and added test case] + +ticket: 7976 +(cherry picked from commit 729896467e3c77904666019d6cbbda583ae49b95) +(cherry picked from commit 685aada9eae420cb5156ca7b71c2c7614c0b6e2c) +--- + src/lib/gssapi/krb5/acquire_cred.c | 14 +++++++++++--- + src/tests/gssapi/t_client_keytab.py | 18 ++++++++++++++++++ + 2 files changed, 29 insertions(+), 3 deletions(-) + +diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c +index acc1868f8..4062f4741 100644 +--- a/src/lib/gssapi/krb5/acquire_cred.c ++++ b/src/lib/gssapi/krb5/acquire_cred.c +@@ -557,15 +557,23 @@ set_refresh_time(krb5_context context, krb5_ccache ccache, + krb5_boolean + kg_cred_time_to_refresh(krb5_context context, krb5_gss_cred_id_rec *cred) + { +- krb5_timestamp now; ++ krb5_timestamp now, soon; + + if (krb5_timeofday(context, &now)) + return FALSE; ++ soon = ts_incr(now, 30); + if (cred->refresh_time != 0 && !ts_after(cred->refresh_time, now)) { +- set_refresh_time(context, cred->ccache, +- ts_incr(cred->refresh_time, 30)); ++ set_refresh_time(context, cred->ccache, soon); + return TRUE; + } ++ ++ /* If the creds will expire soon, try to refresh even if they weren't ++ * acquired with a client keytab. */ ++ if (ts_after(soon, cred->expire)) { ++ set_refresh_time(context, cred->ccache, soon); ++ return TRUE; ++ } ++ + return FALSE; + } + +diff --git a/src/tests/gssapi/t_client_keytab.py b/src/tests/gssapi/t_client_keytab.py +index e474a27c7..7847b3ecd 100755 +--- a/src/tests/gssapi/t_client_keytab.py ++++ b/src/tests/gssapi/t_client_keytab.py +@@ -124,4 +124,22 @@ realm.kinit(realm.user_princ, password('user')) + realm.run(['./t_ccselect', phost], env=bad_cktname, + expected_msg=realm.user_princ) + ++mark('refresh of manually acquired creds') ++ ++# Test 17: no name/ccache specified, manually acquired creds which ++# will expire soon. Verify that creds are refreshed using the current ++# client name, with refresh_time set in the refreshed ccache. ++realm.kinit('bob', password('bob'), ['-l', '15s']) ++realm.run(['./t_ccselect', phost], expected_msg='bob') ++realm.run([klist, '-C'], expected_msg='refresh_time = ') ++ ++# Test 18: no name/ccache specified, manually acquired creds with a ++# client principal not present in the client keytab. A refresh is ++# attempted but fails, and an expired ticket error results. ++realm.kinit(realm.admin_princ, password('admin'), ['-l', '-1s']) ++msgs = ('Getting initial credentials for user/admin@KRBTEST.COM', ++ '/Matching credential not found') ++realm.run(['./t_ccselect', phost], expected_code=1, ++ expected_msg='Ticket expired', expected_trace=msgs) ++ + success('Client keytab tests') diff --git a/SOURCES/Use-imported-soft-pkcs11-for-tests.patch b/SOURCES/Use-imported-soft-pkcs11-for-tests.patch deleted file mode 100644 index 0be2d97..0000000 --- a/SOURCES/Use-imported-soft-pkcs11-for-tests.patch +++ /dev/null @@ -1,472 +0,0 @@ -From 43f5837eecd5022c525efcfb3605af16958dc59a Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Thu, 20 Jun 2019 13:41:57 -0400 -Subject: [PATCH] Use imported soft-pkcs11 for tests - -Update the soft-pkcs11 code for OpenSSL 1.1, fix some warnings, -integrate it into the build system, and use it for the PKINIT tests. - -(cherry picked from commit e5ef7b69765353ea62ad8712a229ed4e90a8fe17) -(cherry picked from commit 47e66724b9d5cfef84965d99c83d29e4739932e3) ---- - src/configure.in | 1 + - src/tests/Makefile.in | 2 +- - src/tests/softpkcs11/Makefile.in | 21 ++++ - src/tests/softpkcs11/deps | 6 ++ - src/tests/softpkcs11/main.c | 124 +++++++++++++++++------- - src/tests/softpkcs11/softpkcs11.exports | 39 ++++++++ - src/tests/t_pkinit.py | 18 +--- - 7 files changed, 162 insertions(+), 49 deletions(-) - create mode 100644 src/tests/softpkcs11/Makefile.in - create mode 100644 src/tests/softpkcs11/deps - create mode 100644 src/tests/softpkcs11/softpkcs11.exports - -diff --git a/src/configure.in b/src/configure.in -index 93aec682e..9f6b67b44 100644 ---- a/src/configure.in -+++ b/src/configure.in -@@ -1086,6 +1086,7 @@ int i = 1; - fi - if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then - K5_GEN_MAKEFILE(plugins/preauth/pkinit) -+ K5_GEN_MAKEFILE(tests/softpkcs11) - PKINIT=yes - AC_CHECK_LIB(crypto, CMS_get0_content, [AC_DEFINE([HAVE_OPENSSL_CMS], 1, [Define if OpenSSL supports cms.])]) - elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then -diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in -index e27617ee2..ab958eb4c 100644 ---- a/src/tests/Makefile.in -+++ b/src/tests/Makefile.in -@@ -1,7 +1,7 @@ - mydir=tests - BUILDTOP=$(REL).. - SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \ -- gss-threads misc threads -+ gss-threads misc threads softpkcs11 - - RUN_DB_TEST = $(RUN_SETUP) KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf \ - LC_ALL=C $(VALGRIND) -diff --git a/src/tests/softpkcs11/Makefile.in b/src/tests/softpkcs11/Makefile.in -new file mode 100644 -index 000000000..e89678154 ---- /dev/null -+++ b/src/tests/softpkcs11/Makefile.in -@@ -0,0 +1,21 @@ -+mydir=tests$(S)softpkcs11 -+BUILDTOP=$(REL)..$(S).. -+ -+LOCALINCLUDES = -I$(top_srcdir)/plugins/preauth/pkinit -+ -+LIBBASE=softpkcs11 -+LIBMAJOR=0 -+LIBMINOR=0 -+ -+SHLIB_EXPLIBS=$(SUPPORT_LIB) -lcrypto -+SHLIB_EXPDEPS=$(SUPPORT_DEPLIB) -+ -+STLIBOBJS=main.o -+ -+SRCS=$(srcdir)/main.c -+ -+all-unix: all-libs -+clean-unix:: clean-libs clean-libobjs -+ -+@libnover_frag@ -+@libobj_frag@ -diff --git a/src/tests/softpkcs11/deps b/src/tests/softpkcs11/deps -new file mode 100644 -index 000000000..1e82d9572 ---- /dev/null -+++ b/src/tests/softpkcs11/deps -@@ -0,0 +1,6 @@ -+# -+# Generated makefile dependencies follow. -+# -+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ -+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \ -+ $(top_srcdir)/plugins/preauth/pkinit/pkcs11.h main.c -diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c -index 2acec5169..5255323d3 100644 ---- a/src/tests/softpkcs11/main.c -+++ b/src/tests/softpkcs11/main.c -@@ -1,3 +1,4 @@ -+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ - /* - * Copyright (c) 2004-2006, Stockholms universitet - * (Stockholm University, Stockholm Sweden) -@@ -31,7 +32,57 @@ - * POSSIBILITY OF SUCH DAMAGE. - */ - --#include "locl.h" -+#include "k5-platform.h" -+ -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+ -+#include -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa) -+#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay -+#define RSA_get0_key compat_rsa_get0_key -+static void -+compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, -+ const BIGNUM **d) -+{ -+ if (n != NULL) -+ *n = rsa->n; -+ if (e != NULL) -+ *e = rsa->e; -+ if (d != NULL) -+ *d = rsa->d; -+} -+#endif -+ -+#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ -+ { \ -+ unsigned char *p; \ -+ (BL) = i2d_##T((S), NULL); \ -+ if ((BL) <= 0) { \ -+ (R) = EINVAL; \ -+ } else { \ -+ (B) = malloc((BL)); \ -+ if ((B) == NULL) { \ -+ (R) = ENOMEM; \ -+ } else { \ -+ p = (B); \ -+ (R) = 0; \ -+ (BL) = i2d_##T((S), &p); \ -+ if ((BL) <= 0) { \ -+ free((B)); \ -+ (R) = EINVAL; \ -+ } \ -+ } \ -+ } \ -+ } - - /* RCSID("$Id: main.c,v 1.24 2006/01/11 12:42:53 lha Exp $"); */ - -@@ -124,7 +175,7 @@ st_logf(const char *fmt, ...) - } - - static void --snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...) -+snprintf_fill(char *str, int size, char fillchar, const char *fmt, ...) - { - int len; - va_list ap; -@@ -141,19 +192,19 @@ snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...) - #endif - - #define VERIFY_SESSION_HANDLE(s, state) \ --{ \ -- CK_RV ret; \ -- ret = verify_session_handle(s, state); \ -- if (ret != CKR_OK) { \ -- /* return CKR_OK */; \ -- } \ --} -+ { \ -+ CK_RV vshret; \ -+ vshret = verify_session_handle(s, state); \ -+ if (vshret != CKR_OK) { \ -+ /* return CKR_OK */; \ -+ } \ -+ } - - static CK_RV - verify_session_handle(CK_SESSION_HANDLE hSession, - struct session_state **state) - { -- int i; -+ size_t i; - - for (i = 0; i < MAX_NUM_SESSION; i++){ - if (soft_token.state[i].session_handle == hSession) -@@ -361,16 +412,20 @@ add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key) - CK_ULONG modulus_bits = 0; - CK_BYTE *exponent = NULL; - size_t exponent_len = 0; -+ RSA *rsa; -+ const BIGNUM *n, *e; - -- modulus_bits = BN_num_bits(key->pkey.rsa->n); -+ rsa = EVP_PKEY_get0_RSA(key); -+ RSA_get0_key(rsa, &n, &e, NULL); -+ modulus_bits = BN_num_bits(n); - -- modulus_len = BN_num_bytes(key->pkey.rsa->n); -+ modulus_len = BN_num_bytes(n); - modulus = malloc(modulus_len); -- BN_bn2bin(key->pkey.rsa->n, modulus); -+ BN_bn2bin(n, modulus); - -- exponent_len = BN_num_bytes(key->pkey.rsa->e); -+ exponent_len = BN_num_bytes(e); - exponent = malloc(exponent_len); -- BN_bn2bin(key->pkey.rsa->e, exponent); -+ BN_bn2bin(e, exponent); - - add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len); - add_object_attribute(o, 0, CKA_MODULUS_BITS, -@@ -378,7 +433,7 @@ add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key) - add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT, - exponent, exponent_len); - -- RSA_set_method(key->pkey.rsa, RSA_PKCS1_SSLeay()); -+ RSA_set_method(rsa, RSA_PKCS1_OpenSSL()); - - free(modulus); - free(exponent); -@@ -474,7 +529,7 @@ add_certificate(char *label, - o->u.cert = cert; - public_key = X509_get_pubkey(o->u.cert); - -- switch (EVP_PKEY_type(public_key->type)) { -+ switch (EVP_PKEY_base_id(public_key)) { - case EVP_PKEY_RSA: - key_type = CKK_RSA; - break; -@@ -604,8 +659,8 @@ add_certificate(char *label, - /* XXX verify keytype */ - - if (key_type == CKK_RSA) -- RSA_set_method(o->u.private_key.key->pkey.rsa, -- RSA_PKCS1_SSLeay()); -+ RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key), -+ RSA_PKCS1_OpenSSL()); - - if (X509_check_private_key(cert, o->u.private_key.key) != 1) { - EVP_PKEY_free(o->u.private_key.key); -@@ -755,8 +810,9 @@ CK_RV - C_Initialize(CK_VOID_PTR a) - { - CK_C_INITIALIZE_ARGS_PTR args = a; -+ size_t i; -+ - st_logf("Initialize\n"); -- int i; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); -@@ -825,7 +881,7 @@ C_Initialize(CK_VOID_PTR a) - CK_RV - C_Finalize(CK_VOID_PTR args) - { -- int i; -+ size_t i; - - st_logf("Finalize\n"); - -@@ -1008,7 +1064,7 @@ C_OpenSession(CK_SLOT_ID slotID, - CK_NOTIFY Notify, - CK_SESSION_HANDLE_PTR phSession) - { -- int i; -+ size_t i; - - st_logf("OpenSession: slot: %d\n", (int)slotID); - -@@ -1050,7 +1106,7 @@ C_CloseSession(CK_SESSION_HANDLE hSession) - CK_RV - C_CloseAllSessions(CK_SLOT_ID slotID) - { -- int i; -+ size_t i; - - st_logf("CloseAllSessions\n"); - -@@ -1127,7 +1183,8 @@ C_Login(CK_SESSION_HANDLE hSession, - } - - /* XXX check keytype */ -- RSA_set_method(o->u.private_key.key->pkey.rsa, RSA_PKCS1_SSLeay()); -+ RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key), -+ RSA_PKCS1_OpenSSL()); - - if (X509_check_private_key(o->u.private_key.cert, o->u.private_key.key) != 1) { - EVP_PKEY_free(o->u.private_key.key); -@@ -1226,7 +1283,6 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession, - } - if (ulCount) { - CK_ULONG i; -- size_t len; - - print_attributes(pTemplate, ulCount); - -@@ -1415,7 +1471,7 @@ C_Encrypt(CK_SESSION_HANDLE hSession, - return CKR_ARGUMENTS_BAD; - } - -- rsa = o->u.public_key->pkey.rsa; -+ rsa = EVP_PKEY_get0_RSA(o->u.public_key); - - if (rsa == NULL) - return CKR_ARGUMENTS_BAD; -@@ -1445,7 +1501,7 @@ C_Encrypt(CK_SESSION_HANDLE hSession, - goto out; - } - -- if (buffer_len + padding_len < ulDataLen) { -+ if ((CK_ULONG)buffer_len + padding_len < ulDataLen) { - ret = CKR_ARGUMENTS_BAD; - goto out; - } -@@ -1566,7 +1622,7 @@ C_Decrypt(CK_SESSION_HANDLE hSession, - return CKR_ARGUMENTS_BAD; - } - -- rsa = o->u.private_key.key->pkey.rsa; -+ rsa = EVP_PKEY_get0_RSA(o->u.private_key.key); - - if (rsa == NULL) - return CKR_ARGUMENTS_BAD; -@@ -1596,7 +1652,7 @@ C_Decrypt(CK_SESSION_HANDLE hSession, - goto out; - } - -- if (buffer_len + padding_len < ulEncryptedDataLen) { -+ if ((CK_ULONG)buffer_len + padding_len < ulEncryptedDataLen) { - ret = CKR_ARGUMENTS_BAD; - goto out; - } -@@ -1725,7 +1781,7 @@ C_Sign(CK_SESSION_HANDLE hSession, - return CKR_ARGUMENTS_BAD; - } - -- rsa = o->u.private_key.key->pkey.rsa; -+ rsa = EVP_PKEY_get0_RSA(o->u.private_key.key); - - if (rsa == NULL) - return CKR_ARGUMENTS_BAD; -@@ -1754,7 +1810,7 @@ C_Sign(CK_SESSION_HANDLE hSession, - goto out; - } - -- if (buffer_len < ulDataLen + padding_len) { -+ if ((CK_ULONG)buffer_len < ulDataLen + padding_len) { - ret = CKR_ARGUMENTS_BAD; - goto out; - } -@@ -1872,7 +1928,7 @@ C_Verify(CK_SESSION_HANDLE hSession, - return CKR_ARGUMENTS_BAD; - } - -- rsa = o->u.public_key->pkey.rsa; -+ rsa = EVP_PKEY_get0_RSA(o->u.public_key); - - if (rsa == NULL) - return CKR_ARGUMENTS_BAD; -@@ -1900,7 +1956,7 @@ C_Verify(CK_SESSION_HANDLE hSession, - goto out; - } - -- if (buffer_len < ulDataLen) { -+ if ((CK_ULONG)buffer_len < ulDataLen) { - ret = CKR_ARGUMENTS_BAD; - goto out; - } -@@ -1926,7 +1982,7 @@ C_Verify(CK_SESSION_HANDLE hSession, - if (len > buffer_len) - abort(); - -- if (len != ulSignatureLen) { -+ if ((CK_ULONG)len != ulSignatureLen) { - ret = CKR_GENERAL_ERROR; - goto out; - } -diff --git a/src/tests/softpkcs11/softpkcs11.exports b/src/tests/softpkcs11/softpkcs11.exports -new file mode 100644 -index 000000000..aa7284511 ---- /dev/null -+++ b/src/tests/softpkcs11/softpkcs11.exports -@@ -0,0 +1,39 @@ -+C_CloseAllSessions -+C_CloseSession -+C_Decrypt -+C_DecryptFinal -+C_DecryptInit -+C_DecryptUpdate -+C_DigestInit -+C_Encrypt -+C_EncryptFinal -+C_EncryptInit -+C_EncryptUpdate -+C_Finalize -+C_FindObjects -+C_FindObjectsFinal -+C_FindObjectsInit -+C_GenerateRandom -+C_GetAttributeValue -+C_GetFunctionList -+C_GetInfo -+C_GetMechanismInfo -+C_GetMechanismList -+C_GetObjectSize -+C_GetSessionInfo -+C_GetSlotInfo -+C_GetSlotList -+C_GetTokenInfo -+C_Initialize -+C_InitToken -+C_Login -+C_Logout -+C_OpenSession -+C_Sign -+C_SignFinal -+C_SignInit -+C_SignUpdate -+C_Verify -+C_VerifyFinal -+C_VerifyInit -+C_VerifyUpdate -diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py -index 1dadb1b96..384bf1426 100755 ---- a/src/tests/t_pkinit.py -+++ b/src/tests/t_pkinit.py -@@ -4,14 +4,7 @@ from k5test import * - if not os.path.exists(os.path.join(plugins, 'preauth', 'pkinit.so')): - skip_rest('PKINIT tests', 'PKINIT module not built') - --# Check if soft-pkcs11.so is available. --try: -- import ctypes -- lib = ctypes.LibraryLoader(ctypes.CDLL).LoadLibrary('soft-pkcs11.so') -- del lib -- have_soft_pkcs11 = True --except: -- have_soft_pkcs11 = False -+soft_pkcs11 = os.path.join(buildtop, 'tests', 'softpkcs11', 'softpkcs11.so') - - # Construct a krb5.conf fragment configuring pkinit. - certs = os.path.join(srctop, 'tests', 'dejagnu', 'pkinit-certs') -@@ -69,9 +62,9 @@ p12_upn2_identity = 'PKCS12:%s' % user_upn2_p12 - p12_upn3_identity = 'PKCS12:%s' % user_upn3_p12 - p12_generic_identity = 'PKCS12:%s' % generic_p12 - p12_enc_identity = 'PKCS12:%s' % user_enc_p12 --p11_identity = 'PKCS11:soft-pkcs11.so' --p11_token_identity = ('PKCS11:module_name=soft-pkcs11.so:' -- 'slotid=1:token=SoftToken (token)') -+p11_identity = 'PKCS11:' + soft_pkcs11 -+p11_token_identity = ('PKCS11:module_name=' + soft_pkcs11 + -+ ':slotid=1:token=SoftToken (token)') - - # Start a realm with the test kdb module for the following UPN SAN tests. - realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=alias_kdc_conf, -@@ -398,9 +391,6 @@ realm.klist(realm.user_princ) - realm.kinit(realm.user_princ, flags=['-X', 'X509_user_identity=,'], - expected_code=1, expected_msg='Preauthentication failed while') - --if not have_soft_pkcs11: -- skip_rest('PKINIT PKCS11 tests', 'soft-pkcs11.so not found') -- - softpkcs11rc = os.path.join(os.getcwd(), 'testdir', 'soft-pkcs11.rc') - realm.env['SOFTPKCS11RC'] = softpkcs11rc - diff --git a/SOURCES/krb5-1.15-beta1-buildconf.patch b/SOURCES/downstream-Adjust-build-configuration.patch similarity index 93% rename from SOURCES/krb5-1.15-beta1-buildconf.patch rename to SOURCES/downstream-Adjust-build-configuration.patch index 6d1e151..68a7878 100644 --- a/SOURCES/krb5-1.15-beta1-buildconf.patch +++ b/SOURCES/downstream-Adjust-build-configuration.patch @@ -1,13 +1,16 @@ -From 90bf9e3c4a80e7e46e6e00b9d541c6144968cad4 Mon Sep 17 00:00:00 2001 +From 4e42a6786a06b7223f27536267492a463a700c76 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:45:26 -0400 -Subject: [PATCH] krb5-1.15-beta1-buildconf.patch +Subject: [PATCH] [downstream] Adjust build configuration Build binaries in this package as RELRO PIEs, libraries as partial RELRO, and install shared libraries with the execute bit set on them. Prune out the -L/usr/lib* and PIE flags where they might leak out and affect apps which just want to link with the libraries. FIXME: needs to check and not just assume that the compiler supports using these flags. + +Last-updated: krb5-1.15-beta1 +(cherry picked from commit 92508996ed4c69fa6f5cf855fdf10f34cfa07ec9) --- src/build-tools/krb5-config.in | 7 +++++++ src/config/pre.in | 2 +- diff --git a/SOURCES/krb5-1.17post6-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch similarity index 98% rename from SOURCES/krb5-1.17post6-FIPS-with-PRNG-and-RADIUS-and-MD4.patch rename to SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch index 308137f..913c6c3 100644 --- a/SOURCES/krb5-1.17post6-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +++ b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch @@ -1,7 +1,7 @@ -From 2a4e2418875b41c3273db5f6b4e9e1b01c1fb5ff Mon Sep 17 00:00:00 2001 +From a3f9d8f66a7f2e01aa7b12ef4e2a289d867bb276 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 9 Nov 2018 15:12:21 -0500 -Subject: [PATCH] krb5-1.17post6 FIPS with PRNG and RADIUS and MD4 +Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4 NB: Use openssl's PRNG in FIPS mode and taint within krad. @@ -17,7 +17,8 @@ AES is fine. Shame about SPAKE though. post6 restores MD4 (and therefore keygen-only RC4). -(cherry picked from commit 80b56b04d90fcacd9f78fed305c7d5528d863b38) +Last-updated: krb5-1.17 +(cherry picked from commit a721df13d09b5fdad32de15e6aa973b732727aa9) --- src/lib/crypto/krb/prng.c | 11 ++++- .../crypto/openssl/enc_provider/camellia.c | 6 +++ @@ -129,7 +130,7 @@ index a65d57b7a..6ccaca94a 100644 * The cipher state here is a saved pointer to a struct arcfour_state * object, rather than a flat byte array as in most enc providers. The diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c -index 957ed8d9c..915da9dbe 100644 +index 1e0fb8fc3..feb5eda99 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_evp.c +++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c @@ -49,6 +49,11 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, @@ -165,7 +166,7 @@ index 957ed8d9c..915da9dbe 100644 } diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c -index b2db6ec02..d94d9ac94 100644 +index 7dc59dcc0..769a50c00 100644 --- a/src/lib/crypto/openssl/hmac.c +++ b/src/lib/crypto/openssl/hmac.c @@ -103,7 +103,11 @@ map_digest(const struct krb5_hash_provider *hash) @@ -543,7 +544,7 @@ index 00734a13b..a3ce22b70 100644 vt->name = "spake"; vt->pa_type_list = pa_types; diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c -index 59e88409e..1b3e569e9 100644 +index 88c964ce1..c7df0392f 100644 --- a/src/plugins/preauth/spake/spake_kdc.c +++ b/src/plugins/preauth/spake/spake_kdc.c @@ -41,6 +41,8 @@ @@ -555,7 +556,7 @@ index 59e88409e..1b3e569e9 100644 /* * The SPAKE kdcpreauth module uses a secure cookie containing the following * concatenated fields (all integer fields are big-endian): -@@ -578,6 +580,10 @@ kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, +@@ -571,6 +573,10 @@ kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, if (maj_ver != 1) return KRB5_PLUGIN_VER_NOTSUPP; diff --git a/SOURCES/downstream-Remove-3des-support.patch b/SOURCES/downstream-Remove-3des-support.patch new file mode 100644 index 0000000..22251b9 --- /dev/null +++ b/SOURCES/downstream-Remove-3des-support.patch @@ -0,0 +1,6465 @@ +From 3c1f235c1c82b1cebfd2eba800cd2cd2610f0535 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 26 Mar 2019 18:51:10 -0400 +Subject: [PATCH] [downstream] Remove 3des support + +Completely remove support for all DES3 enctypes (des3-cbc-raw, +des3-hmac-sha1, des3-cbc-sha1-kd). Update all tests and documentation +to user other enctypes. Mark the 3DES enctypes UNSUPPORTED and retain +their constants. + +Last-updated: 1.18-beta2 +(cherry picked from commit e9cd83237b54e2f6010a063f523217b0a442ecbf) +--- + doc/admin/advanced/retiring-des.rst | 11 + + doc/admin/conf_files/kdc_conf.rst | 7 +- + doc/admin/enctypes.rst | 13 +- + doc/admin/troubleshoot.rst | 9 +- + doc/appdev/refs/macros/index.rst | 1 - + doc/conf.py | 2 +- + doc/mitK5features.rst | 2 +- + src/Makefile.in | 4 +- + src/configure.ac | 1 - + src/include/krb5/krb5.hin | 10 +- + src/kadmin/testing/proto/kdc.conf.proto | 4 +- + src/kdc/kdc_util.c | 4 - + src/lib/crypto/Makefile.in | 8 +- + src/lib/crypto/builtin/Makefile.in | 6 +- + src/lib/crypto/builtin/des/ISSUES | 13 - + src/lib/crypto/builtin/des/Makefile.in | 80 ---- + src/lib/crypto/builtin/des/d3_aead.c | 133 ------ + src/lib/crypto/builtin/des/d3_kysched.c | 51 --- + src/lib/crypto/builtin/des/deps | 148 ------- + src/lib/crypto/builtin/des/des_int.h | 285 ------------- + src/lib/crypto/builtin/des/des_keys.c | 40 -- + src/lib/crypto/builtin/des/destest.c | 240 ----------- + src/lib/crypto/builtin/des/doc/libdes.doc | 208 --------- + src/lib/crypto/builtin/des/f_aead.c | 173 -------- + src/lib/crypto/builtin/des/f_cbc.c | 256 ------------ + src/lib/crypto/builtin/des/f_cksum.c | 136 ------ + src/lib/crypto/builtin/des/f_parity.c | 56 --- + src/lib/crypto/builtin/des/f_sched.c | 359 ---------------- + src/lib/crypto/builtin/des/f_tables.c | 370 ---------------- + src/lib/crypto/builtin/des/f_tables.h | 285 ------------- + src/lib/crypto/builtin/des/key_sched.c | 62 --- + src/lib/crypto/builtin/des/keytest.data | 171 -------- + src/lib/crypto/builtin/des/t_verify.c | 395 ------------------ + src/lib/crypto/builtin/des/weak_key.c | 86 ---- + .../crypto/builtin/enc_provider/Makefile.in | 6 +- + src/lib/crypto/builtin/enc_provider/deps | 12 - + src/lib/crypto/builtin/enc_provider/des3.c | 105 ----- + src/lib/crypto/crypto_tests/t_cf2.expected | 1 - + src/lib/crypto/crypto_tests/t_cf2.in | 5 - + src/lib/crypto/crypto_tests/t_cksums.c | 10 - + src/lib/crypto/crypto_tests/t_decrypt.c | 57 --- + src/lib/crypto/crypto_tests/t_derive.c | 36 -- + src/lib/crypto/crypto_tests/t_encrypt.c | 1 - + src/lib/crypto/crypto_tests/t_short.c | 1 - + src/lib/crypto/crypto_tests/t_str2key.c | 52 --- + src/lib/crypto/krb/Makefile.in | 3 - + src/lib/crypto/krb/cksumtypes.c | 6 - + src/lib/crypto/krb/crypto_int.h | 16 - + src/lib/crypto/krb/default_state.c | 10 - + src/lib/crypto/krb/enctype_util.c | 3 + + src/lib/crypto/krb/etypes.c | 21 - + src/lib/crypto/krb/prf_des.c | 47 --- + src/lib/crypto/krb/random_to_key.c | 45 -- + src/lib/crypto/libk5crypto.exports | 1 - + src/lib/crypto/openssl/Makefile.in | 8 +- + src/lib/crypto/openssl/des/Makefile.in | 20 - + src/lib/crypto/openssl/des/deps | 15 - + src/lib/crypto/openssl/des/des_keys.c | 40 -- + .../crypto/openssl/enc_provider/Makefile.in | 3 - + src/lib/crypto/openssl/enc_provider/deps | 11 - + src/lib/crypto/openssl/enc_provider/des3.c | 184 -------- + src/lib/gssapi/krb5/accept_sec_context.c | 1 - + src/lib/gssapi/krb5/gssapiP_krb5.h | 6 +- + src/lib/gssapi/krb5/k5seal.c | 35 +- + src/lib/gssapi/krb5/k5sealiov.c | 27 +- + src/lib/gssapi/krb5/k5unseal.c | 102 ++--- + src/lib/gssapi/krb5/k5unsealiov.c | 38 +- + src/lib/gssapi/krb5/util_crypt.c | 11 - + .../api.current/chpass-principal-v2.exp | 4 +- + .../api.current/get-principal-v2.exp | 4 +- + .../api.current/randkey-principal-v2.exp | 4 +- + src/lib/krb5/krb/init_ctx.c | 3 - + src/lib/krb5/krb/s4u_creds.c | 2 - + src/lib/krb5/krb/t_copy_context.c | 2 +- + src/lib/krb5/krb/t_etypes.c | 48 +-- + src/lib/krb5/os/t_trace.c | 4 +- + src/lib/krb5/os/t_trace.ref | 2 +- + src/plugins/preauth/pkinit/pkcs11.h | 6 +- + src/plugins/preauth/pkinit/pkinit_clnt.c | 8 - + src/plugins/preauth/pkinit/pkinit_crypto.h | 12 - + .../preauth/pkinit/pkinit_crypto_openssl.c | 38 -- + src/plugins/preauth/pkinit/pkinit_kdf_test.c | 31 -- + src/plugins/preauth/spake/t_vectors.c | 25 -- + src/tests/dejagnu/config/default.exp | 78 ---- + src/tests/dejagnu/krb-standalone/kprop.exp | 2 +- + src/tests/gssapi/t_enctypes.py | 33 +- + src/tests/gssapi/t_invalid.c | 12 - + src/tests/gssapi/t_pcontok.c | 16 +- + src/tests/gssapi/t_prf.c | 7 - + src/tests/t_authdata.py | 2 +- + src/tests/t_etype_info.py | 18 +- + src/tests/t_keyrollover.py | 8 +- + src/tests/t_mkey.py | 35 -- + src/tests/t_salt.py | 5 +- + src/util/k5test.py | 7 - + .../leash/htmlhelp/html/Encryption_Types.htm | 13 - + 96 files changed, 163 insertions(+), 4834 deletions(-) + delete mode 100644 src/lib/crypto/builtin/des/ISSUES + delete mode 100644 src/lib/crypto/builtin/des/Makefile.in + delete mode 100644 src/lib/crypto/builtin/des/d3_aead.c + delete mode 100644 src/lib/crypto/builtin/des/d3_kysched.c + delete mode 100644 src/lib/crypto/builtin/des/deps + delete mode 100644 src/lib/crypto/builtin/des/des_int.h + delete mode 100644 src/lib/crypto/builtin/des/des_keys.c + delete mode 100644 src/lib/crypto/builtin/des/destest.c + delete mode 100644 src/lib/crypto/builtin/des/doc/libdes.doc + delete mode 100644 src/lib/crypto/builtin/des/f_aead.c + delete mode 100644 src/lib/crypto/builtin/des/f_cbc.c + delete mode 100644 src/lib/crypto/builtin/des/f_cksum.c + delete mode 100644 src/lib/crypto/builtin/des/f_parity.c + delete mode 100644 src/lib/crypto/builtin/des/f_sched.c + delete mode 100644 src/lib/crypto/builtin/des/f_tables.c + delete mode 100644 src/lib/crypto/builtin/des/f_tables.h + delete mode 100644 src/lib/crypto/builtin/des/key_sched.c + delete mode 100644 src/lib/crypto/builtin/des/keytest.data + delete mode 100644 src/lib/crypto/builtin/des/t_verify.c + delete mode 100644 src/lib/crypto/builtin/des/weak_key.c + delete mode 100644 src/lib/crypto/builtin/enc_provider/des3.c + delete mode 100644 src/lib/crypto/krb/prf_des.c + delete mode 100644 src/lib/crypto/openssl/des/Makefile.in + delete mode 100644 src/lib/crypto/openssl/des/deps + delete mode 100644 src/lib/crypto/openssl/des/des_keys.c + delete mode 100644 src/lib/crypto/openssl/enc_provider/des3.c + +diff --git a/doc/admin/advanced/retiring-des.rst b/doc/admin/advanced/retiring-des.rst +index 4a964c15c..cb6258d77 100644 +--- a/doc/admin/advanced/retiring-des.rst ++++ b/doc/admin/advanced/retiring-des.rst +@@ -10,6 +10,13 @@ ability have rendered DES vulnerable to brute force attacks on its 56-bit + keyspace. As such, it is now considered insecure and should not be + used (:rfc:`6649`). + ++In 1999, MIT krb5 added support for Triple-DES (3DES) encryption types. ++However, due to weakenings of DES and other security concerns, it is now also ++considered insecure and should not be used (:rfc:`8429`). AES encryption ++types were added to MIT in 2003, meaning that the number of deployments with ++3DES as the strongest encryption type is hopefully small. The rotation ++procedure described herein works for both DES and 3DES. ++ + History + ------- + +@@ -27,6 +34,10 @@ and removed DES (single-DES) support in release 1.18. As a + consequence, a release prior to 1.18 is required to perform these + migrations. + ++3DES (a flagged deprecated encryption type) was also removed downstream by ++rharwood@redhat.com starting in 1.18; likewise, a pre-1.18 release is required ++to perform these migrations. ++ + Types of keys + ------------- + +diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst +index 9759756a2..cf8a12547 100644 +--- a/doc/admin/conf_files/kdc_conf.rst ++++ b/doc/admin/conf_files/kdc_conf.rst +@@ -843,8 +843,6 @@ Encryption types marked as "weak" are available for compatibility but + not recommended for use. + + ==================================================== ========================================================= +-des3-cbc-raw Triple DES cbc mode raw (weak) +-des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd Triple DES cbc mode with HMAC/sha1 + aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1 AES-256 CTS mode with 96-bit SHA-1 HMAC + aes128-cts-hmac-sha1-96 aes128-cts aes128-sha1 AES-128 CTS mode with 96-bit SHA-1 HMAC + aes256-cts-hmac-sha384-192 aes256-sha2 AES-256 CTS mode with 192-bit SHA-384 HMAC +@@ -853,7 +851,6 @@ arcfour-hmac rc4-hmac arcfour-hmac-md5 RC4 with HMAC/MD5 + arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp Exportable RC4 with HMAC/MD5 (weak) + camellia256-cts-cmac camellia256-cts Camellia-256 CTS mode with CMAC + camellia128-cts-cmac camellia128-cts Camellia-128 CTS mode with CMAC +-des3 The triple DES family: des3-cbc-sha1 + aes The AES family: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha384-192, and aes128-cts-hmac-sha256-128 + rc4 The RC4 family: arcfour-hmac + camellia The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac +@@ -865,8 +862,8 @@ from the current list by prefixing them with a minus sign ("-"). + Types or families can be prefixed with a plus sign ("+") for symmetry; + it has the same meaning as just listing the type or family. For + example, "``DEFAULT -rc4``" would be the default set of encryption +-types with RC4 types removed, and "``des3 DEFAULT``" would be the +-default set of encryption types with triple DES types moved to the ++types with RC4 types removed, and "``aes128-sha2 DEFAULT``" would be ++the default set of encryption types with aes128-sha2 moved to the + front. + + While **aes128-cts** and **aes256-cts** are supported for all Kerberos +diff --git a/doc/admin/enctypes.rst b/doc/admin/enctypes.rst +index caf6d9267..65b55cdb9 100644 +--- a/doc/admin/enctypes.rst ++++ b/doc/admin/enctypes.rst +@@ -129,7 +129,7 @@ enctype weak? krb5 Windows + des-cbc-crc weak <1.18 >=2000 + des-cbc-md4 weak <1.18 ? + des-cbc-md5 weak <1.18 >=2000 +-des3-cbc-sha1 >=1.1 none ++des3-cbc-sha1 <1.18 none + arcfour-hmac >=1.3 >=2000 + arcfour-hmac-exp weak >=1.3 >=2000 + aes128-cts-hmac-sha1-96 >=1.3 >=Vista +@@ -140,7 +140,10 @@ camellia128-cts-cmac >=1.9 none + camellia256-cts-cmac >=1.9 none + ========================== ===== ======== ======= + +-krb5 releases 1.18 and later do not support single-DES. krb5 releases +-1.8 and later disable the single-DES enctypes by default. Microsoft +-Windows releases Windows 7 and later disable single-DES enctypes by +-default. ++krb5 releases 1.8 and later disable the single-DES enctypes by ++default. Microsoft Windows releases Windows 7 and later disable ++single-DES enctypes by default. ++ ++krb5 releases 1.18 and later remove single-DES and 3DES ++(downstream-only patch) enctype support. Microsoft Windows never ++supported 3DES. +diff --git a/doc/admin/troubleshoot.rst b/doc/admin/troubleshoot.rst +index 6a0c7f89b..263fc9c97 100644 +--- a/doc/admin/troubleshoot.rst ++++ b/doc/admin/troubleshoot.rst +@@ -73,11 +73,10 @@ credential verification failed: KDC has no support for encryption type + ...................................................................... + + This most commonly happens when trying to use a principal with only +-DES keys, in a release (MIT krb5 1.7 or later) which disables DES by +-default. DES encryption is considered weak due to its inadequate key +-size. If you cannot migrate away from its use, you can re-enable DES +-by adding ``allow_weak_crypto = true`` to the :ref:`libdefaults` +-section of :ref:`krb5.conf(5)`. ++DES/3DES keys, in a release (MIT krb5 1.7 or later) which disables DES ++by default. DES encryption is considered weak due to its inadequate ++key size and has been removed upstream; 3DES is not recommended, and ++has been removed downstream by rharwood@redhat.com. + + + .. _err_cert_chain_cert_expired: +diff --git a/doc/appdev/refs/macros/index.rst b/doc/appdev/refs/macros/index.rst +index 68debe714..788d094bf 100644 +--- a/doc/appdev/refs/macros/index.rst ++++ b/doc/appdev/refs/macros/index.rst +@@ -36,7 +36,6 @@ Public + CKSUMTYPE_HMAC_SHA1_96_AES256.rst + CKSUMTYPE_HMAC_SHA256_128_AES128.rst + CKSUMTYPE_HMAC_SHA384_192_AES256.rst +- CKSUMTYPE_HMAC_SHA1_DES3.rst + CKSUMTYPE_MD5_HMAC_ARCFOUR.rst + CKSUMTYPE_NIST_SHA.rst + CKSUMTYPE_RSA_MD4.rst +diff --git a/doc/conf.py b/doc/conf.py +index c32b2882a..5eeafc30f 100644 +--- a/doc/conf.py ++++ b/doc/conf.py +@@ -272,7 +272,7 @@ else: + rst_epilog += ''' + .. |krb5conf| replace:: ``/etc/krb5.conf`` + .. |defkeysalts| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal`` +-.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac`` ++.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac`` + .. |defmkey| replace:: ``aes256-cts-hmac-sha1-96`` + .. |copy| unicode:: U+000A9 + ''' +diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst +index 5d286b6ee..f4594ed13 100644 +--- a/doc/mitK5features.rst ++++ b/doc/mitK5features.rst +@@ -37,7 +37,7 @@ Database backends: LDAP, DB2, LMDB + + krb4 support: Kerberos 5 release < 1.8 + +-DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`) ++DES/3DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`) + + Interoperability + ---------------- +diff --git a/src/Makefile.in b/src/Makefile.in +index 56c7a4e6f..70db82a30 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -130,7 +130,7 @@ WINMAKEFILES=Makefile \ + lib\Makefile lib\crypto\Makefile lib\crypto\krb\Makefile \ + lib\crypto\builtin\Makefile lib\crypto\builtin\aes\Makefile \ + lib\crypto\builtin\enc_provider\Makefile \ +- lib\crypto\builtin\des\Makefile lib\crypto\builtin\md5\Makefile \ ++ lib\crypto\builtin\md5\Makefile \ + lib\crypto\builtin\camellia\Makefile lib\crypto\builtin\md4\Makefile \ + lib\crypto\builtin\hash_provider\Makefile \ + lib\crypto\builtin\sha2\Makefile lib\crypto\builtin\sha1\Makefile \ +@@ -202,8 +202,6 @@ WINMAKEFILES=Makefile \ + ##DOS## $(WCONFIG) config < $@.in > $@ + ##DOS##lib\crypto\builtin\enc_provider\Makefile: lib\crypto\builtin\enc_provider\Makefile.in $(MKFDEP) + ##DOS## $(WCONFIG) config < $@.in > $@ +-##DOS##lib\crypto\builtin\des\Makefile: lib\crypto\builtin\des\Makefile.in $(MKFDEP) +-##DOS## $(WCONFIG) config < $@.in > $@ + ##DOS##lib\crypto\builtin\md5\Makefile: lib\crypto\builtin\md5\Makefile.in $(MKFDEP) + ##DOS## $(WCONFIG) config < $@.in > $@ + ##DOS##lib\crypto\builtin\camellia\Makefile: lib\crypto\builtin\camellia\Makefile.in $(MKFDEP) +diff --git a/src/configure.ac b/src/configure.ac +index 440a22bd9..d4e4da525 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -1481,7 +1481,6 @@ V5_AC_OUTPUT_MAKEFILE(. + lib/crypto lib/crypto/krb lib/crypto/$CRYPTO_IMPL + lib/crypto/$CRYPTO_IMPL/enc_provider + lib/crypto/$CRYPTO_IMPL/hash_provider +- lib/crypto/$CRYPTO_IMPL/des + lib/crypto/$CRYPTO_IMPL/md4 lib/crypto/$CRYPTO_IMPL/md5 + lib/crypto/$CRYPTO_IMPL/sha1 lib/crypto/$CRYPTO_IMPL/sha2 + lib/crypto/$CRYPTO_IMPL/aes lib/crypto/$CRYPTO_IMPL/camellia +diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin +index e9435c693..6355e6540 100644 +--- a/src/include/krb5/krb5.hin ++++ b/src/include/krb5/krb5.hin +@@ -426,8 +426,8 @@ typedef struct _krb5_crypto_iov { + #define ENCTYPE_DES_CBC_MD4 0x0002 /**< @deprecated no longer supported */ + #define ENCTYPE_DES_CBC_MD5 0x0003 /**< @deprecated no longer supported */ + #define ENCTYPE_DES_CBC_RAW 0x0004 /**< @deprecated no longer supported */ +-#define ENCTYPE_DES3_CBC_SHA 0x0005 /**< @deprecated DES-3 cbc with SHA1 */ +-#define ENCTYPE_DES3_CBC_RAW 0x0006 /**< @deprecated DES-3 cbc mode raw */ ++#define ENCTYPE_DES3_CBC_SHA 0x0005 /**< @deprecated no longer supported */ ++#define ENCTYPE_DES3_CBC_RAW 0x0006 /**< @deprecated no longer supported */ + #define ENCTYPE_DES_HMAC_SHA1 0x0008 /**< @deprecated no longer supported */ + /* PKINIT */ + #define ENCTYPE_DSA_SHA1_CMS 0x0009 /**< DSA with SHA1, CMS signature */ +@@ -436,9 +436,9 @@ typedef struct _krb5_crypto_iov { + #define ENCTYPE_RC2_CBC_ENV 0x000c /**< RC2 cbc mode, CMS enveloped data */ + #define ENCTYPE_RSA_ENV 0x000d /**< RSA encryption, CMS enveloped data */ + #define ENCTYPE_RSA_ES_OAEP_ENV 0x000e /**< RSA w/OEAP encryption, CMS enveloped data */ +-#define ENCTYPE_DES3_CBC_ENV 0x000f /**< DES-3 cbc mode, CMS enveloped data */ ++#define ENCTYPE_DES3_CBC_ENV 0x000f /**< @deprecated no longer supported */ + +-#define ENCTYPE_DES3_CBC_SHA1 0x0010 ++#define ENCTYPE_DES3_CBC_SHA1 0x0010 /**< @deprecated removed */ + #define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 /**< RFC 3962 */ + #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 /**< RFC 3962 */ + #define ENCTYPE_AES128_CTS_HMAC_SHA256_128 0x0013 /**< RFC 8009 */ +@@ -458,7 +458,7 @@ typedef struct _krb5_crypto_iov { + #define CKSUMTYPE_RSA_MD5 0x0007 + #define CKSUMTYPE_RSA_MD5_DES 0x0008 + #define CKSUMTYPE_NIST_SHA 0x0009 +-#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c ++#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c /* @deprecated removed */ + #define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f /**< RFC 3962. Used with + ENCTYPE_AES128_CTS_HMAC_SHA1_96 */ + #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 /**< RFC 3962. Used with +diff --git a/src/kadmin/testing/proto/kdc.conf.proto b/src/kadmin/testing/proto/kdc.conf.proto +index 8a4b87de1..d7f1d076b 100644 +--- a/src/kadmin/testing/proto/kdc.conf.proto ++++ b/src/kadmin/testing/proto/kdc.conf.proto +@@ -11,6 +11,6 @@ + dict_file = __K5ROOT__/ovsec_adm.dict + kadmind_port = 1751 + kpasswd_port = 1752 +- master_key_type = des3-hmac-sha1 +- supported_enctypes = des3-hmac-sha1:normal aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal ++ master_key_type = aes256-cts ++ supported_enctypes = aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal + } +diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c +index ba0ce0b71..e3352f9cc 100644 +--- a/src/kdc/kdc_util.c ++++ b/src/kdc/kdc_util.c +@@ -1103,8 +1103,6 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen) + name = "rsaEncryption-EnvOID"; + else if (ktype == ENCTYPE_RSA_ES_OAEP_ENV) + name = "id-RSAES-OAEP-EnvOID"; +- else if (ktype == ENCTYPE_DES3_CBC_ENV) +- name = "des-ede3-cbc-EnvOID"; + else + return krb5_enctype_to_name(ktype, FALSE, buf, buflen); + +@@ -1826,8 +1824,6 @@ krb5_boolean + enctype_requires_etype_info_2(krb5_enctype enctype) + { + switch(enctype) { +- case ENCTYPE_DES3_CBC_SHA1: +- case ENCTYPE_DES3_CBC_RAW: + case ENCTYPE_ARCFOUR_HMAC: + case ENCTYPE_ARCFOUR_HMAC_EXP : + return 0; +diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in +index c3fcfd7e8..890d54adf 100644 +--- a/src/lib/crypto/Makefile.in ++++ b/src/lib/crypto/Makefile.in +@@ -13,7 +13,7 @@ STOBJLISTS=$(CRYPTO_IMPL)/enc_provider/OBJS.ST \ + $(CRYPTO_IMPL)/hash_provider/OBJS.ST \ + $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \ + $(CRYPTO_IMPL)/sha1/OBJS.ST $(CRYPTO_IMPL)/sha2/OBJS.ST \ +- $(CRYPTO_IMPL)/aes/OBJS.ST $(CRYPTO_IMPL)/des/OBJS.ST \ ++ $(CRYPTO_IMPL)/aes/OBJS.ST \ + $(CRYPTO_IMPL)/camellia/OBJS.ST krb/OBJS.ST \ + $(CRYPTO_IMPL)/OBJS.ST + +@@ -21,7 +21,7 @@ SUBDIROBJLISTS=$(CRYPTO_IMPL)/enc_provider/OBJS.ST \ + $(CRYPTO_IMPL)/hash_provider/OBJS.ST \ + $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \ + $(CRYPTO_IMPL)/sha1/OBJS.ST $(CRYPTO_IMPL)/sha2/OBJS.ST \ +- $(CRYPTO_IMPL)/aes/OBJS.ST $(CRYPTO_IMPL)/des/OBJS.ST \ ++ $(CRYPTO_IMPL)/aes/OBJS.ST \ + $(CRYPTO_IMPL)/camellia/OBJS.ST krb/OBJS.ST \ + $(CRYPTO_IMPL)/OBJS.ST + +@@ -34,8 +34,8 @@ SHLIB_EXPDEPLIBS= $(SUPPORT_DEPLIB) + SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@ + + ##DOS##LIBNAME=$(OUTPRE)crypto.lib +-##DOS##OBJFILEDEP=$(OUTPRE)krb.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst +-##DOS##OBJFILELIST=@$(OUTPRE)krb.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst ++##DOS##OBJFILEDEP=$(OUTPRE)krb.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst ++##DOS##OBJFILELIST=@$(OUTPRE)krb.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst + + all-unix: all-liblinks + install-unix: install-libs +diff --git a/src/lib/crypto/builtin/Makefile.in b/src/lib/crypto/builtin/Makefile.in +index baf5d974f..82adf1dec 100644 +--- a/src/lib/crypto/builtin/Makefile.in ++++ b/src/lib/crypto/builtin/Makefile.in +@@ -1,6 +1,6 @@ + mydir=lib$(S)crypto$(S)builtin + BUILDTOP=$(REL)..$(S)..$(S).. +-SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider ++SUBDIRS=camellia aes md4 md5 sha1 sha2 enc_provider hash_provider + LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir) + + ##DOS##BUILDTOP = ..\..\.. +@@ -22,7 +22,7 @@ SRCS=\ + $(srcdir)/init.c \ + $(srcdir)/pbkdf2.c + +-STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ ++STOBJLISTS= md4/OBJS.ST \ + md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ + enc_provider/OBJS.ST \ + hash_provider/OBJS.ST \ +@@ -30,7 +30,7 @@ STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ + camellia/OBJS.ST \ + OBJS.ST + +-SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ ++SUBDIROBJLISTS= md4/OBJS.ST \ + md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ + enc_provider/OBJS.ST \ + hash_provider/OBJS.ST \ +diff --git a/src/lib/crypto/builtin/des/ISSUES b/src/lib/crypto/builtin/des/ISSUES +deleted file mode 100644 +index 157891103..000000000 +--- a/src/lib/crypto/builtin/des/ISSUES ++++ /dev/null +@@ -1,13 +0,0 @@ +-Issues to be addressed for src/lib/crypto/des: -*- text -*- +- +- +-"const" could be used in more places +- +- +-Array types are used in calling interfaces. Under ANSI C, a value of +-type "arraytype *" cannot be assigned to a variable of type "const +-arraytype *", so we get compilation warnings. +- +-Possible fix: Rewrite internal interfaces to not use arrays this way. +-Provide external routines compatible with old API, but not using +-const? +diff --git a/src/lib/crypto/builtin/des/Makefile.in b/src/lib/crypto/builtin/des/Makefile.in +deleted file mode 100644 +index ed25dab7c..000000000 +--- a/src/lib/crypto/builtin/des/Makefile.in ++++ /dev/null +@@ -1,80 +0,0 @@ +-mydir=lib$(S)crypto$(S)builtin$(S)des +-BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +-LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb +- +-##DOS##BUILDTOP = ..\..\..\.. +-##DOS##PREFIXDIR = builtin\des +-##DOS##OBJFILE = ..\..\$(OUTPRE)des.lst +- +-STLIBOBJS=\ +- d3_aead.o \ +- d3_kysched.o \ +- des_keys.o \ +- f_aead.o \ +- f_cksum.o \ +- f_parity.o \ +- f_sched.o \ +- f_tables.o \ +- key_sched.o \ +- weak_key.o +- +-OBJS= $(OUTPRE)d3_aead.$(OBJEXT) \ +- $(OUTPRE)d3_kysched.$(OBJEXT) \ +- $(OUTPRE)des_keys.$(OBJEXT) \ +- $(OUTPRE)f_aead.$(OBJEXT) \ +- $(OUTPRE)f_cksum.$(OBJEXT) \ +- $(OUTPRE)f_parity.$(OBJEXT) \ +- $(OUTPRE)f_sched.$(OBJEXT) \ +- $(OUTPRE)f_tables.$(OBJEXT) \ +- $(OUTPRE)key_sched.$(OBJEXT) \ +- $(OUTPRE)weak_key.$(OBJEXT) +- +-SRCS= $(srcdir)/d3_aead.c \ +- $(srcdir)/d3_kysched.c \ +- $(srcdir)/des_keys.c \ +- $(srcdir)/f_aead.c \ +- $(srcdir)/f_cksum.c \ +- $(srcdir)/f_parity.c \ +- $(srcdir)/f_sched.c \ +- $(srcdir)/f_tables.c \ +- $(srcdir)/key_sched.c \ +- $(srcdir)/weak_key.c +- +-EXTRADEPSRCS = $(srcdir)/destest.c $(srcdir)/f_cbc.c $(srcdir)/t_verify.c +- +-##DOS##LIBOBJS = $(OBJS) +- +-TOBJS = $(OUTPRE)key_sched.$(OBJEXT) $(OUTPRE)f_sched.$(OBJEXT) \ +- $(OUTPRE)f_cbc.$(OBJEXT) $(OUTPRE)f_tables.$(OBJEXT) \ +- $(OUTPRE)f_cksum.$(OBJEXT) +- +-verify$(EXEEXT): t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \ +- $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) +- $(CC_LINK) -o $@ t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \ +- -lcom_err $(SUPPORT_LIB) +- +-destest$(EXEEXT): destest.$(OBJEXT) $(TOBJS) $(SUPPORT_DEPLIB) +- $(CC_LINK) -o $@ destest.$(OBJEXT) $(TOBJS) $(SUPPORT_LIB) +- +-all-unix: all-libobjs +- +-check-unix: verify destest +- $(RUN_TEST) ./verify -z +- $(RUN_TEST) ./verify -m +- $(RUN_TEST) ./verify +- $(RUN_TEST) ./destest < $(srcdir)/keytest.data +- +-includes: depend +- +-depend: $(SRCS) +- +-check-windows: +- +-clean: +- $(RM) destest.$(OBJEXT) destest$(EXEEXT) verify$(EXEEXT) \ +- t_verify.$(OBJEXT) $(TOBJS) +- +-clean-unix:: clean-libobjs +- +-@libobj_frag@ +- +diff --git a/src/lib/crypto/builtin/des/d3_aead.c b/src/lib/crypto/builtin/des/d3_aead.c +deleted file mode 100644 +index bddf75a47..000000000 +--- a/src/lib/crypto/builtin/des/d3_aead.c ++++ /dev/null +@@ -1,133 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * Copyright (C) 2008 by the Massachusetts Institute of Technology. +- * Copyright 1995 by Richard P. Basch. All Rights Reserved. +- * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used +- * in advertising or publicity pertaining to distribution of the software +- * without specific, written prior permission. Richard P. Basch, +- * Lehman Brothers and M.I.T. make no representations about the suitability +- * of this software for any purpose. It is provided "as is" without +- * express or implied warranty. +- */ +- +-#include "crypto_int.h" +-#include "des_int.h" +-#include "f_tables.h" +- +-void +-krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule ks1, +- const mit_des_key_schedule ks2, +- const mit_des_key_schedule ks3, +- mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp1, *kp2, *kp3; +- const unsigned char *ip; +- struct iov_cursor cursor; +- unsigned char block[MIT_DES_BLOCK_LENGTH]; +- +- /* Get key pointers here. These won't need to be reinitialized. */ +- kp1 = (const unsigned DES_INT32 *)ks1; +- kp2 = (const unsigned DES_INT32 *)ks2; +- kp3 = (const unsigned DES_INT32 *)ks3; +- +- /* Initialize left and right with the contents of the initial vector. */ +- ip = (ivec != NULL) ? ivec : mit_des_zeroblock; +- left = load_32_be(ip); +- right = load_32_be(ip + 4); +- +- k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); +- while (k5_iov_cursor_get(&cursor, block)) { +- /* xor this block with the previous ciphertext. */ +- left ^= load_32_be(block); +- right ^= load_32_be(block + 4); +- +- /* Encrypt what we have and store it back into block. */ +- DES_DO_ENCRYPT(left, right, kp1); +- DES_DO_DECRYPT(left, right, kp2); +- DES_DO_ENCRYPT(left, right, kp3); +- store_32_be(left, block); +- store_32_be(right, block + 4); +- +- k5_iov_cursor_put(&cursor, block); +- } +- +- if (ivec != NULL) { +- store_32_be(left, ivec); +- store_32_be(right, ivec + 4); +- } +-} +- +-void +-krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule ks1, +- const mit_des_key_schedule ks2, +- const mit_des_key_schedule ks3, +- mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp1, *kp2, *kp3; +- const unsigned char *ip; +- unsigned DES_INT32 ocipherl, ocipherr; +- unsigned DES_INT32 cipherl, cipherr; +- struct iov_cursor cursor; +- unsigned char block[MIT_DES_BLOCK_LENGTH]; +- +- /* Get key pointers here. These won't need to be reinitialized. */ +- kp1 = (const unsigned DES_INT32 *)ks1; +- kp2 = (const unsigned DES_INT32 *)ks2; +- kp3 = (const unsigned DES_INT32 *)ks3; +- +- /* +- * Decrypting is harder than encrypting because of +- * the necessity of remembering a lot more things. +- * Should think about this a little more... +- */ +- +- /* Prime the old cipher with ivec.*/ +- ip = (ivec != NULL) ? ivec : mit_des_zeroblock; +- ocipherl = load_32_be(ip); +- ocipherr = load_32_be(ip + 4); +- +- k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); +- while (k5_iov_cursor_get(&cursor, block)) { +- /* Split this block into left and right. */ +- cipherl = left = load_32_be(block); +- cipherr = right = load_32_be(block + 4); +- +- /* Decrypt and xor with the old cipher to get plain text. */ +- DES_DO_DECRYPT(left, right, kp3); +- DES_DO_ENCRYPT(left, right, kp2); +- DES_DO_DECRYPT(left, right, kp1); +- left ^= ocipherl; +- right ^= ocipherr; +- +- /* Store the encrypted halves back into block. */ +- store_32_be(left, block); +- store_32_be(right, block + 4); +- +- /* Save current cipher block halves. */ +- ocipherl = cipherl; +- ocipherr = cipherr; +- +- k5_iov_cursor_put(&cursor, block); +- } +- +- if (ivec != NULL) { +- store_32_be(ocipherl, ivec); +- store_32_be(ocipherr, ivec + 4); +- } +-} +diff --git a/src/lib/crypto/builtin/des/d3_kysched.c b/src/lib/crypto/builtin/des/d3_kysched.c +deleted file mode 100644 +index ebd1050b1..000000000 +--- a/src/lib/crypto/builtin/des/d3_kysched.c ++++ /dev/null +@@ -1,51 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * Copyright 1995 by Richard P. Basch. All Rights Reserved. +- * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used +- * in advertising or publicity pertaining to distribution of the software +- * without specific, written prior permission. Richard P. Basch, +- * Lehman Brothers and M.I.T. make no representations about the suitability +- * of this software for any purpose. It is provided "as is" without +- * express or implied warranty. +- */ +- +-#include "k5-int.h" +-#include "des_int.h" +- +-int +-mit_des3_key_sched(mit_des3_cblock k, mit_des3_key_schedule schedule) +-{ +- mit_des_make_key_sched(k[0],schedule[0]); +- mit_des_make_key_sched(k[1],schedule[1]); +- mit_des_make_key_sched(k[2],schedule[2]); +- +- if (!mit_des_check_key_parity(k[0])) /* bad parity --> return -1 */ +- return(-1); +- if (mit_des_is_weak_key(k[0])) +- return(-2); +- +- if (!mit_des_check_key_parity(k[1])) +- return(-1); +- if (mit_des_is_weak_key(k[1])) +- return(-2); +- +- if (!mit_des_check_key_parity(k[2])) +- return(-1); +- if (mit_des_is_weak_key(k[2])) +- return(-2); +- +- /* if key was good, return 0 */ +- return 0; +-} +diff --git a/src/lib/crypto/builtin/des/deps b/src/lib/crypto/builtin/des/deps +deleted file mode 100644 +index df2a31dac..000000000 +--- a/src/lib/crypto/builtin/des/deps ++++ /dev/null +@@ -1,148 +0,0 @@ +-# +-# Generated makefile dependencies follow. +-# +-d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +- $(srcdir)/../aes/aes.h $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ +- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- d3_aead.c des_int.h f_tables.h +-d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- d3_kysched.c des_int.h +-des_keys.so des_keys.po $(OUTPRE)des_keys.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../aes/aes.h \ +- $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ +- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h des_keys.c +-f_aead.so f_aead.po $(OUTPRE)f_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +- $(srcdir)/../aes/aes.h $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ +- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h f_aead.c f_tables.h +-f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des_int.h f_cksum.c \ +- f_tables.h +-f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h f_parity.c +-f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des_int.h f_sched.c +-f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h f_tables.c f_tables.h +-key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h key_sched.c +-weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h weak_key.c +-destest.so destest.po $(OUTPRE)destest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des_int.h destest.c +-f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des_int.h f_cbc.c \ +- f_tables.h +-t_verify.so t_verify.po $(OUTPRE)t_verify.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h t_verify.c +diff --git a/src/lib/crypto/builtin/des/des_int.h b/src/lib/crypto/builtin/des/des_int.h +deleted file mode 100644 +index f8dc6b296..000000000 +--- a/src/lib/crypto/builtin/des/des_int.h ++++ /dev/null +@@ -1,285 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/des_int.h */ +-/* +- * Copyright 1987, 1988, 1990, 2002 by the Massachusetts Institute of +- * Technology. All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +-/* +- * Copyright (C) 1998 by the FundsXpress, INC. +- * +- * All rights reserved. +- * +- * Export of this software from the United States of America may require +- * a specific license from the United States Government. It is the +- * responsibility of any person or organization contemplating export to +- * obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of FundsXpress. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. FundsXpress makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +- */ +- +-/* Private include file for the Data Encryption Standard library. */ +- +-/* only do the whole thing once */ +-#ifndef DES_INTERNAL_DEFS +-#define DES_INTERNAL_DEFS +- +-#include "k5-int.h" +-/* +- * Begin "mit-des.h" +- */ +-#ifndef KRB5_MIT_DES__ +-#define KRB5_MIT_DES__ +- +-#if defined(__MACH__) && defined(__APPLE__) +-#include +-#include +-#if TARGET_RT_MAC_CFM +-#error "Use KfM 4.0 SDK headers for CFM compilation." +-#endif +-#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) +-#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 +-#endif +-#endif /* defined(__MACH__) && defined(__APPLE__) */ +- +-/* Macro to add deprecated attribute to DES types and functions */ +-/* Currently only defined on macOS 10.5 and later. */ +-#ifndef KRB5INT_DES_DEPRECATED +-#define KRB5INT_DES_DEPRECATED +-#endif +- +-#include +- +-#if UINT_MAX >= 0xFFFFFFFFUL +-#define DES_INT32 int +-#define DES_UINT32 unsigned int +-#else +-#define DES_INT32 long +-#define DES_UINT32 unsigned long +-#endif +- +-typedef unsigned char des_cblock[8] /* crypto-block size */ +-KRB5INT_DES_DEPRECATED; +- +-/* +- * Key schedule. +- * +- * This used to be +- * +- * typedef struct des_ks_struct { +- * union { DES_INT32 pad; des_cblock _;} __; +- * } des_key_schedule[16]; +- * +- * but it would cause trouble if DES_INT32 were ever more than 4 +- * bytes. The reason is that all the encryption functions cast it to +- * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If +- * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the +- * caller-allocated des_key_schedule will be overflowed by the key +- * scheduling functions. We can't assume that every platform will +- * have an exact 32-bit int, and nothing should be looking inside a +- * des_key_schedule anyway. +- */ +-typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] +-KRB5INT_DES_DEPRECATED; +- +-typedef des_cblock mit_des_cblock; +-typedef des_key_schedule mit_des_key_schedule; +- +-/* Triple-DES structures */ +-typedef mit_des_cblock mit_des3_cblock[3]; +-typedef mit_des_key_schedule mit_des3_key_schedule[3]; +- +-#define MIT_DES_ENCRYPT 1 +-#define MIT_DES_DECRYPT 0 +- +-typedef struct mit_des_ran_key_seed { +- krb5_encrypt_block eblock; +- krb5_data sequence; +-} mit_des_random_state; +- +-/* the first byte of the key is already in the keyblock */ +- +-#define MIT_DES_BLOCK_LENGTH (8*sizeof(krb5_octet)) +-/* This used to be 8*sizeof(krb5_octet) */ +-#define MIT_DES_KEYSIZE 8 +- +-#define MIT_DES_CBC_CKSUM_LENGTH (4*sizeof(krb5_octet)) +- +-#endif /* KRB5_MIT_DES__ */ +-/* +- * End "mit-des.h" +- */ +- +-/* afsstring2key.c */ +-krb5_error_code mit_afs_string_to_key(krb5_keyblock *keyblock, +- const krb5_data *data, +- const krb5_data *salt); +-char *mit_afs_crypt(const char *pw, const char *salt, char *iobuf); +- +-/* f_cksum.c */ +-unsigned long mit_des_cbc_cksum(const krb5_octet *, krb5_octet *, +- unsigned long, const mit_des_key_schedule, +- const krb5_octet *); +- +-/* f_cbc.c (used by test programs) */ +-int +-mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, +- unsigned long length, const mit_des_key_schedule schedule, +- const mit_des_cblock ivec, int enc); +- +-#define mit_des_zeroblock krb5int_c_mit_des_zeroblock +-extern const mit_des_cblock mit_des_zeroblock; +- +-/* fin_rndkey.c */ +-krb5_error_code mit_des_finish_random_key(const krb5_encrypt_block *, +- krb5_pointer *); +- +-/* finish_key.c */ +-krb5_error_code mit_des_finish_key(krb5_encrypt_block *); +- +-/* init_rkey.c */ +-krb5_error_code mit_des_init_random_key(const krb5_encrypt_block *, +- const krb5_keyblock *, +- krb5_pointer *); +- +-/* key_parity.c */ +-void mit_des_fixup_key_parity(mit_des_cblock); +-int mit_des_check_key_parity(mit_des_cblock); +- +-/* key_sched.c */ +-int mit_des_key_sched(mit_des_cblock, mit_des_key_schedule); +- +-/* process_ky.c */ +-krb5_error_code mit_des_process_key(krb5_encrypt_block *, +- const krb5_keyblock *); +- +-/* random_key.c */ +-krb5_error_code mit_des_random_key(const krb5_encrypt_block *, +- krb5_pointer, krb5_keyblock **); +- +-/* string2key.c */ +-krb5_error_code mit_des_string_to_key(const krb5_encrypt_block *, +- krb5_keyblock *, const krb5_data *, +- const krb5_data *); +-krb5_error_code mit_des_string_to_key_int(krb5_keyblock *, const krb5_data *, +- const krb5_data *); +- +-/* weak_key.c */ +-int mit_des_is_weak_key(mit_des_cblock); +- +-/* cmb_keys.c */ +-krb5_error_code mit_des_combine_subkeys(const krb5_keyblock *, +- const krb5_keyblock *, +- krb5_keyblock **); +- +-/* f_pcbc.c */ +-int mit_des_pcbc_encrypt(); +- +-/* f_sched.c */ +-int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule); +- +- +-/* misc.c */ +-extern void swap_bits(char *); +-extern unsigned long long_swap_bits(unsigned long); +-extern unsigned long swap_six_bits_to_ansi(unsigned long); +-extern unsigned long swap_four_bits_to_ansi(unsigned long); +-extern unsigned long swap_bit_pos_1(unsigned long); +-extern unsigned long swap_bit_pos_0(unsigned long); +-extern unsigned long swap_bit_pos_0_to_ansi(unsigned long); +-extern unsigned long rev_swap_bit_pos_0(unsigned long); +-extern unsigned long swap_byte_bits(unsigned long); +-extern unsigned long swap_long_bytes_bit_number(unsigned long); +-#ifdef FILE +-/* XXX depends on FILE being a #define! */ +-extern void test_set(FILE *, const char *, int, const char *, int); +-#endif +- +-void +-krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule ks1, +- const mit_des_key_schedule ks2, +- const mit_des_key_schedule ks3, +- mit_des_cblock ivec); +- +-void +-krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule ks1, +- const mit_des_key_schedule ks2, +- const mit_des_key_schedule ks3, +- mit_des_cblock ivec); +- +-void +-krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, +- mit_des_cblock ivec); +- +-void +-krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, +- mit_des_cblock ivec); +- +-void +-krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, mit_des_cblock ivec, +- mit_des_cblock out); +- +-/* d3_procky.c */ +-krb5_error_code mit_des3_process_key(krb5_encrypt_block *eblock, +- const krb5_keyblock *keyblock); +- +-/* d3_kysched.c */ +-int mit_des3_key_sched(mit_des3_cblock key, mit_des3_key_schedule schedule); +- +-/* d3_str2ky.c */ +-krb5_error_code mit_des3_string_to_key(const krb5_encrypt_block *eblock, +- krb5_keyblock *keyblock, +- const krb5_data *data, +- const krb5_data *salt); +- +-/* u_nfold.c */ +-krb5_error_code mit_des_n_fold(const krb5_octet *input, const size_t in_len, +- krb5_octet *output, const size_t out_len); +- +-/* u_rn_key.c */ +-int mit_des_is_weak_keyblock(krb5_keyblock *keyblock); +- +-void mit_des_fixup_keyblock_parity(krb5_keyblock *keyblock); +- +-krb5_error_code mit_des_set_random_generator_seed(const krb5_data *seed, +- krb5_pointer random_state); +- +-krb5_error_code mit_des_set_random_sequence_number(const krb5_data *sequence, +- krb5_pointer random_state); +-#endif /*DES_INTERNAL_DEFS*/ +diff --git a/src/lib/crypto/builtin/des/des_keys.c b/src/lib/crypto/builtin/des/des_keys.c +deleted file mode 100644 +index 32b119aad..000000000 +--- a/src/lib/crypto/builtin/des/des_keys.c ++++ /dev/null +@@ -1,40 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/des_keys.c - Key functions used by Kerberos code */ +-/* +- * Copyright (C) 2011 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-#include "crypto_int.h" +-#include "des_int.h" +- +-void +-k5_des_fixup_key_parity(unsigned char *keybits) +-{ +- mit_des_fixup_key_parity(keybits); +-} +- +-krb5_boolean +-k5_des_is_weak_key(unsigned char *keybits) +-{ +- return mit_des_is_weak_key(keybits); +-} +diff --git a/src/lib/crypto/builtin/des/destest.c b/src/lib/crypto/builtin/des/destest.c +deleted file mode 100644 +index 52114304e..000000000 +--- a/src/lib/crypto/builtin/des/destest.c ++++ /dev/null +@@ -1,240 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/destest.c */ +-/* +- * Copyright 1990,1991 by the Massachusetts Institute of Technology. +- * All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +-/* +- * Copyright (C) 1998 by the FundsXpress, INC. +- * +- * All rights reserved. +- * +- * Export of this software from the United States of America may require +- * a specific license from the United States Government. It is the +- * responsibility of any person or organization contemplating export to +- * obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of FundsXpress. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. FundsXpress makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +- */ +- +-/* Test a DES implementation against known inputs & outputs. */ +- +-#include "des_int.h" +-#include +-#include +- +-void convert (char *, unsigned char []); +- +-void des_cblock_print_file (mit_des_cblock, FILE *); +- +-krb5_octet zeroblock[8] = {0,0,0,0,0,0,0,0}; +- +-int +-main(argc, argv) +- int argc; +- char *argv[]; +-{ +- char block1[17], block2[17], block3[17]; +- /* Force tests of unaligned accesses. */ +- union { unsigned char c[8*4+3]; long l; } u; +- unsigned char *ioblocks = u.c; +- unsigned char *input = ioblocks+1; +- unsigned char *output = ioblocks+10; +- unsigned char *output2 = ioblocks+19; +- unsigned char *key = ioblocks+27; +- mit_des_key_schedule sched; +- int num = 0; +- int retval; +- +- int error = 0; +- +- while (scanf("%16s %16s %16s", block1, block2, block3) == 3) { +- convert(block1, key); +- convert(block2, input); +- convert(block3, output); +- +- retval = mit_des_key_sched(key, sched); +- if (retval) { +- fprintf(stderr, "des test: can't process key: %d\n", retval); +- fprintf(stderr, "des test: %s %s %s\n", block1, block2, block3); +- exit(1); +- } +- mit_des_cbc_encrypt((const mit_des_cblock *) input, +- (mit_des_cblock *) output2, 8, +- sched, zeroblock, 1); +- +- if (memcmp((char *)output2, (char *)output, 8)) { +- fprintf(stderr, +- "DES ENCRYPT ERROR, key %s, text %s, real cipher %s, computed cyphertext %02X%02X%02X%02X%02X%02X%02X%02X\n", +- block1, block2, block3, +- output2[0],output2[1],output2[2],output2[3], +- output2[4],output2[5],output2[6],output2[7]); +- error++; +- } +- +- /* +- * Now try decrypting.... +- */ +- mit_des_cbc_encrypt((const mit_des_cblock *) output, +- (mit_des_cblock *) output2, 8, +- sched, zeroblock, 0); +- +- if (memcmp((char *)output2, (char *)input, 8)) { +- fprintf(stderr, +- "DES DECRYPT ERROR, key %s, text %s, real cipher %s, computed cleartext %02X%02X%02X%02X%02X%02X%02X%02X\n", +- block1, block2, block3, +- output2[0],output2[1],output2[2],output2[3], +- output2[4],output2[5],output2[6],output2[7]); +- error++; +- } +- +- num++; +- } +- +- if (error) +- printf("destest: failed to pass the test\n"); +- else +- printf("destest: %d tests passed successfully\n", num); +- +- exit( (error > 256 && error % 256) ? 1 : error); +-} +- +-int value[128] = { +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- 0, 1, 2, 3, 4, 5, 6, 7, +- 8, 9, -1, -1, -1, -1, -1, -1, +- -1, 10, 11, 12, 13, 14, 15, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +-}; +- +-void +-convert(text, cblock) +- char *text; +- unsigned char cblock[]; +-{ +- int i; +- for (i = 0; i < 8; i++) { +- if (!isascii((unsigned char)text[i * 2])) +- abort (); +- if (value[(int) text[i*2]] == -1 || value[(int) text[i*2+1]] == -1) { +- printf("Bad value byte %d in %s\n", i, text); +- exit(1); +- } +- cblock[i] = 16*value[(int) text[i*2]] + value[(int) text[i*2+1]]; +- } +- return; +-} +- +-/* +- * Fake out the DES library, for the purposes of testing. +- */ +- +-int +-mit_des_is_weak_key(key) +- mit_des_cblock key; +-{ +- return 0; /* fake it out for testing */ +-} +- +-void +-des_cblock_print_file(x, fp) +- mit_des_cblock x; +- FILE *fp; +-{ +- unsigned char *y = (unsigned char *) x; +- int i = 0; +- fprintf(fp," 0x { "); +- +- while (i++ < 8) { +- fprintf(fp,"%x",*y++); +- if (i < 8) +- fprintf(fp,", "); +- } +- fprintf(fp," }"); +-} +- +- +-#define smask(step) ((1<>step)&smask(step))) +-#define parity_char(x) pstep(pstep(pstep((x),4),2),1) +- +-/* +- * des_check_key_parity: returns true iff key has the correct des parity. +- * See des_fix_key_parity for the definition of +- * correct des parity. +- */ +-int +-mit_des_check_key_parity(key) +- mit_des_cblock key; +-{ +- unsigned int i; +- +- for (i=0; i decrypt, else encrypt */ +- Key_schedule schedule; /* addr of key schedule */ +- +-This is the low level routine that encrypts or decrypts a single 8-byte +-block in electronic code book mode. Always transforms the input +-data into the output data. +- +-If encrypt is non-zero, the input (cleartext) is encrypted into the +-output (ciphertext) using the specified key_schedule, pre-set via "des_set_key". +- +-If encrypt is zero, the input (now ciphertext) is decrypted into +-the output (now cleartext). +- +-Input and output may be the same space. +- +-Does not return any meaningful value. Void is not used for compatibility +-with other compilers. +- +-/* -------------------------------------------------------------- */ +- +-int +- cbc_encrypt(input,output,length,schedule,ivec,encrypt) +- +- C_Block *input; /* ptr to input data */ +- C_Block *output; /* ptr to output data */ +- int length; /* desired length, in bytes */ +- Key_schedule schedule; /* addr of precomputed schedule */ +- C_Block *ivec; /* pointer to 8 byte initialization +- * vector +- */ +- int encrypt /* 0 ==> decrypt; else encrypt*/ +- +- +- If encrypt is non-zero, the routine cipher-block-chain encrypts +- the INPUT (cleartext) into the OUTPUT (ciphertext) using the provided +- key schedule and initialization vector. If the length is not an integral +- multiple of eight bytes, the last block is copied to a temp and zero +- filled (highest addresses). The output is ALWAYS an integral multiple +- of eight bytes. +- +- If encrypt is zero, the routine cipher-block chain decrypts the INPUT +- (ciphertext) into the OUTPUT (cleartext) using the provided key schedule +- and initialization vector. Decryption ALWAYS operates on integral +- multiples of 8 bytes, so will round the length provided up to the +- appropriate multiple. Consequently, it will always produce the rounded-up +- number of bytes of output cleartext. The application must determine if +- the output cleartext was zero-padded due to cleartext lengths not integral +- multiples of 8. +- +- No errors or meaningful value are returned. Void is not used for +- compatibility with other compilers. +- +- +-/* cbc checksum (MAC) only routine ---------------------------------------- */ +-int +- cbc_cksum(input,output,length,schedule,ivec) +- +- C_Block *input; /* >= length bytes of inputtext */ +- C_Block *output; /* >= length bytes of outputtext */ +- int length; /* in bytes */ +- Key_schedule schedule; /* precomputed key schedule */ +- C_Block *ivec; /* 8 bytes of ivec */ +- +- +- Produces a cryptographic checksum, 8 bytes, by cipher-block-chain +- encrypting the input, discarding the ciphertext output, and only retaining +- the last ciphertext 8-byte block. Uses the provided key schedule and ivec. +- The input is effectively zero-padded to an integral multiple of +- eight bytes, though the original input is not modified. +- +- No meaningful value is returned. Void is not used for compatibility +- with other compilers. +- +- +-/* random_key ----------------------------------------*/ +-int +- random_key(key) +- +- C_Block *key; +- +- The start for the random number generated is set from the current time +- in microseconds, then the random number generator is invoked +- to create an eight byte output key (not a schedule). The key +- generated is set to odd parity per FIPS spec. +- +- The caller must supply space for the output key, pointed to +- by "*key", then after getting a new key, call the des_set_key() +- routine when needed. +- +- No meaningfull value is returned. Void is not used for compatibility +- with other compilers. +- +- +-/* string_to_key --------------------------------------------*/ +- +-int +- string_to_key(str,key) +- char *str; +- C_Block *key; +- +- This routines converts an arbitrary length, null terminated string +- to an 8 byte DES key, with each byte parity set to odd, per FIPS spec. +- +- The algorithm is as follows: +- +-| Take the first 8 bytes and remove the parity (leaving 56 bits). +-| Do the same for the second 8 bytes, and the third, etc. Do this for +-| as many sets of 8 bytes as necessary, filling in the remainder of the +-| last set with nulls. Fold the second set back on the first (i.e. bit +-| 0 over bit 55, and bit 55 over bit 0). Fold the third over the second +-| (bit 0 of the third set is now over bit 0 of the first set). Repeat +-| until you have done this to all sets. Xor the folded sets. Break the +-| result into 8 7 bit bytes, and generate odd parity for each byte. You +-| now have 64 bits. Note that DES takes a 64 bit key, and uses only the +-| non parity bits. +- +- +-/* read_password -------------------------------------------*/ +- +-read_password(k,prompt,verify) +- C_Block *k; +- char *prompt; +- int verify; +- +-This routine issues the supplied prompt, turns off echo, if possible, and +-reads an input string. If verify is non-zero, it does it again, for use +-in applications such as changing a password. If verify is non-zero, both +-versions are compared, and the input is requested repeatedly until they +-match. Then, the input string is mapped into a valid DES key, internally +-using the string_to_key routine. The newly created key is copied to the +-area pointed to by parameter "k". +- +-No meaningful value is returned. If an error occurs trying to manipulate +-the terminal echo, the routine forces the process to exit. +- +-/* get_line ------------------------*/ +-long get_line(p,max) +- char *p; +- long max; +- +-Reads input characters from standard input until either a newline appears or +-else the max length is reached. The characters read are stuffed into +-the string pointed to, which will always be null terminated. The newline +-is not inserted in the string. The max parameter includes the byte needed +-for the null terminator, so allocate and pass one more than the maximum +-string length desired. +diff --git a/src/lib/crypto/builtin/des/f_aead.c b/src/lib/crypto/builtin/des/f_aead.c +deleted file mode 100644 +index 71b8dff4d..000000000 +--- a/src/lib/crypto/builtin/des/f_aead.c ++++ /dev/null +@@ -1,173 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * Copyright (C) 2008 by the Massachusetts Institute of Technology. +- * Copyright 1995 by Richard P. Basch. All Rights Reserved. +- * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used +- * in advertising or publicity pertaining to distribution of the software +- * without specific, written prior permission. Richard P. Basch, +- * Lehman Brothers and M.I.T. make no representations about the suitability +- * of this software for any purpose. It is provided "as is" without +- * express or implied warranty. +- */ +- +-#include "crypto_int.h" +-#include "des_int.h" +-#include "f_tables.h" +- +-const mit_des_cblock mit_des_zeroblock /* = all zero */; +- +-void +-krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, +- mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- struct iov_cursor cursor; +- unsigned char block[MIT_DES_BLOCK_LENGTH]; +- +- /* Get key pointer here. This won't need to be reinitialized. */ +- kp = (const unsigned DES_INT32 *)schedule; +- +- /* Initialize left and right with the contents of the initial vector. */ +- ip = (ivec != NULL) ? ivec : mit_des_zeroblock; +- left = load_32_be(ip); +- right = load_32_be(ip + 4); +- +- k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); +- while (k5_iov_cursor_get(&cursor, block)) { +- /* Decompose this block and xor it with the previous ciphertext. */ +- left ^= load_32_be(block); +- right ^= load_32_be(block + 4); +- +- /* Encrypt what we have and put back into block. */ +- DES_DO_ENCRYPT(left, right, kp); +- store_32_be(left, block); +- store_32_be(right, block + 4); +- +- k5_iov_cursor_put(&cursor, block); +- } +- +- if (ivec != NULL) { +- store_32_be(left, ivec); +- store_32_be(right, ivec + 4); +- } +-} +- +-void +-krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, +- mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- unsigned DES_INT32 ocipherl, ocipherr; +- unsigned DES_INT32 cipherl, cipherr; +- struct iov_cursor cursor; +- unsigned char block[MIT_DES_BLOCK_LENGTH]; +- +- /* Get key pointer here. This won't need to be reinitialized. */ +- kp = (const unsigned DES_INT32 *)schedule; +- +- /* +- * Decrypting is harder than encrypting because of +- * the necessity of remembering a lot more things. +- * Should think about this a little more... +- */ +- +- /* Prime the old cipher with ivec. */ +- ip = (ivec != NULL) ? ivec : mit_des_zeroblock; +- ocipherl = load_32_be(ip); +- ocipherr = load_32_be(ip + 4); +- +- k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); +- while (k5_iov_cursor_get(&cursor, block)) { +- /* Split this block into left and right. */ +- cipherl = left = load_32_be(block); +- cipherr = right = load_32_be(block + 4); +- +- /* Decrypt and xor with the old cipher to get plain text. */ +- DES_DO_DECRYPT(left, right, kp); +- left ^= ocipherl; +- right ^= ocipherr; +- +- /* Store the encrypted halves back into block. */ +- store_32_be(left, block); +- store_32_be(right, block + 4); +- +- /* Save current cipher block halves. */ +- ocipherl = cipherl; +- ocipherr = cipherr; +- +- k5_iov_cursor_put(&cursor, block); +- } +- +- if (ivec != NULL) { +- store_32_be(ocipherl, ivec); +- store_32_be(ocipherr, ivec + 4); +- } +-} +- +-void +-krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, mit_des_cblock ivec, +- mit_des_cblock out) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- struct iov_cursor cursor; +- unsigned char block[MIT_DES_BLOCK_LENGTH]; +- +- /* Get key pointer here. This won't need to be reinitialized. */ +- kp = (const unsigned DES_INT32 *)schedule; +- +- /* Initialize left and right with the contents of the initial vector. */ +- ip = (ivec != NULL) ? ivec : mit_des_zeroblock; +- left = load_32_be(ip); +- right = load_32_be(ip + 4); +- +- k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, TRUE); +- while (k5_iov_cursor_get(&cursor, block)) { +- /* Decompose this block and xor it with the previous ciphertext. */ +- left ^= load_32_be(block); +- right ^= load_32_be(block + 4); +- +- /* Encrypt what we have. */ +- DES_DO_ENCRYPT(left, right, kp); +- } +- +- /* Output the final ciphertext block. */ +- store_32_be(left, out); +- store_32_be(right, out + 4); +-} +- +-#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO) +-void krb5int_des_do_encrypt_2 (unsigned DES_INT32 *left, +- unsigned DES_INT32 *right, +- const unsigned DES_INT32 *kp) +-{ +- DES_DO_ENCRYPT_1 (*left, *right, kp); +-} +- +-void krb5int_des_do_decrypt_2 (unsigned DES_INT32 *left, +- unsigned DES_INT32 *right, +- const unsigned DES_INT32 *kp) +-{ +- DES_DO_DECRYPT_1 (*left, *right, kp); +-} +-#endif +diff --git a/src/lib/crypto/builtin/des/f_cbc.c b/src/lib/crypto/builtin/des/f_cbc.c +deleted file mode 100644 +index 84d5382f2..000000000 +--- a/src/lib/crypto/builtin/des/f_cbc.c ++++ /dev/null +@@ -1,256 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/f_cbc.c */ +-/* +- * Copyright (C) 1990 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* +- * CBC functions; used only by the test programs at this time. (krb5 uses the +- * functions in f_aead.c instead.) +- */ +- +-/* +- * des_cbc_encrypt.c - an implementation of the DES cipher function in cbc mode +- */ +-#include "des_int.h" +-#include "f_tables.h" +- +-/* +- * des_cbc_encrypt - {en,de}crypt a stream in CBC mode +- */ +- +-/* +- * This routine performs DES cipher-block-chaining operation, either +- * encrypting from cleartext to ciphertext, if encrypt != 0 or +- * decrypting from ciphertext to cleartext, if encrypt == 0. +- * +- * The key schedule is passed as an arg, as well as the cleartext or +- * ciphertext. The cleartext and ciphertext should be in host order. +- * +- * NOTE-- the output is ALWAYS an multiple of 8 bytes long. If not +- * enough space was provided, your program will get trashed. +- * +- * For encryption, the cleartext string is null padded, at the end, to +- * an integral multiple of eight bytes. +- * +- * For decryption, the ciphertext will be used in integral multiples +- * of 8 bytes, but only the first "length" bytes returned into the +- * cleartext. +- */ +- +-const mit_des_cblock mit_des_zeroblock /* = all zero */; +- +-static void +-des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, +- unsigned long length, const mit_des_key_schedule schedule, +- const mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- unsigned char *op; +- +- /* +- * Get key pointer here. This won't need to be reinitialized +- */ +- kp = (const unsigned DES_INT32 *)schedule; +- +- /* +- * Initialize left and right with the contents of the initial +- * vector. +- */ +- ip = ivec; +- GET_HALF_BLOCK(left, ip); +- GET_HALF_BLOCK(right, ip); +- +- /* +- * Suitably initialized, now work the length down 8 bytes +- * at a time. +- */ +- ip = *in; +- op = *out; +- while (length > 0) { +- /* +- * Get more input, xor it in. If the length is +- * greater than or equal to 8 this is straight +- * forward. Otherwise we have to fart around. +- */ +- if (length >= 8) { +- unsigned DES_INT32 temp; +- GET_HALF_BLOCK(temp, ip); +- left ^= temp; +- GET_HALF_BLOCK(temp, ip); +- right ^= temp; +- length -= 8; +- } else { +- /* +- * Oh, shoot. We need to pad the +- * end with zeroes. Work backwards +- * to do this. +- */ +- ip += (int) length; +- switch(length) { +- case 7: +- right ^= (*(--ip) & FF_UINT32) << 8; +- case 6: +- right ^= (*(--ip) & FF_UINT32) << 16; +- case 5: +- right ^= (*(--ip) & FF_UINT32) << 24; +- case 4: +- left ^= *(--ip) & FF_UINT32; +- case 3: +- left ^= (*(--ip) & FF_UINT32) << 8; +- case 2: +- left ^= (*(--ip) & FF_UINT32) << 16; +- case 1: +- left ^= (*(--ip) & FF_UINT32) << 24; +- break; +- } +- length = 0; +- } +- +- /* +- * Encrypt what we have +- */ +- DES_DO_ENCRYPT(left, right, kp); +- +- /* +- * Copy the results out +- */ +- PUT_HALF_BLOCK(left, op); +- PUT_HALF_BLOCK(right, op); +- } +-} +- +-static void +-des_cbc_decrypt(const mit_des_cblock *in, mit_des_cblock *out, +- unsigned long length, const mit_des_key_schedule schedule, +- const mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- unsigned char *op; +- unsigned DES_INT32 ocipherl, ocipherr; +- unsigned DES_INT32 cipherl, cipherr; +- +- /* +- * Get key pointer here. This won't need to be reinitialized +- */ +- kp = (const unsigned DES_INT32 *)schedule; +- +- /* +- * Decrypting is harder than encrypting because of +- * the necessity of remembering a lot more things. +- * Should think about this a little more... +- */ +- +- if (length <= 0) +- return; +- +- /* +- * Prime the old cipher with ivec. +- */ +- ip = ivec; +- GET_HALF_BLOCK(ocipherl, ip); +- GET_HALF_BLOCK(ocipherr, ip); +- +- /* +- * Now do this in earnest until we run out of length. +- */ +- ip = *in; +- op = *out; +- for (;;) { /* check done inside loop */ +- /* +- * Read a block from the input into left and +- * right. Save this cipher block for later. +- */ +- GET_HALF_BLOCK(left, ip); +- GET_HALF_BLOCK(right, ip); +- cipherl = left; +- cipherr = right; +- +- /* +- * Decrypt this. +- */ +- DES_DO_DECRYPT(left, right, kp); +- +- /* +- * Xor with the old cipher to get plain +- * text. Output 8 or less bytes of this. +- */ +- left ^= ocipherl; +- right ^= ocipherr; +- if (length > 8) { +- length -= 8; +- PUT_HALF_BLOCK(left, op); +- PUT_HALF_BLOCK(right, op); +- /* +- * Save current cipher block here +- */ +- ocipherl = cipherl; +- ocipherr = cipherr; +- } else { +- /* +- * Trouble here. Start at end of output, +- * work backwards. +- */ +- op += (int) length; +- switch(length) { +- case 8: +- *(--op) = (unsigned char) (right & 0xff); +- case 7: +- *(--op) = (unsigned char) ((right >> 8) & 0xff); +- case 6: +- *(--op) = (unsigned char) ((right >> 16) & 0xff); +- case 5: +- *(--op) = (unsigned char) ((right >> 24) & 0xff); +- case 4: +- *(--op) = (unsigned char) (left & 0xff); +- case 3: +- *(--op) = (unsigned char) ((left >> 8) & 0xff); +- case 2: +- *(--op) = (unsigned char) ((left >> 16) & 0xff); +- case 1: +- *(--op) = (unsigned char) ((left >> 24) & 0xff); +- break; +- } +- break; /* we're done */ +- } +- } +-} +- +-int +-mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, +- unsigned long length, const mit_des_key_schedule schedule, +- const mit_des_cblock ivec, int enc) +-{ +- /* +- * Deal with encryption and decryption separately. +- */ +- if (enc) +- des_cbc_encrypt(in, out, length, schedule, ivec); +- else +- des_cbc_decrypt(in, out, length, schedule, ivec); +- return 0; +-} +diff --git a/src/lib/crypto/builtin/des/f_cksum.c b/src/lib/crypto/builtin/des/f_cksum.c +deleted file mode 100644 +index cb482b009..000000000 +--- a/src/lib/crypto/builtin/des/f_cksum.c ++++ /dev/null +@@ -1,136 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/f_cksum.c */ +-/* +- * Copyright (C) 1990 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* DES implementation donated by Dennis Ferguson */ +- +-/* +- * des_cbc_cksum.c - compute an 8 byte checksum using DES in CBC mode +- */ +-#include "des_int.h" +-#include "f_tables.h" +- +-/* +- * This routine performs DES cipher-block-chaining checksum operation, +- * a.k.a. Message Authentication Code. It ALWAYS encrypts from input +- * to a single 64 bit output MAC checksum. +- * +- * The key schedule is passed as an arg, as well as the cleartext or +- * ciphertext. The cleartext and ciphertext should be in host order. +- * +- * NOTE-- the output is ALWAYS 8 bytes long. If not enough space was +- * provided, your program will get trashed. +- * +- * The input is null padded, at the end (highest addr), to an integral +- * multiple of eight bytes. +- */ +- +-unsigned long +-mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out, +- unsigned long length, const mit_des_key_schedule schedule, +- const krb5_octet *ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- unsigned char *op; +- DES_INT32 len; +- +- /* +- * Initialize left and right with the contents of the initial +- * vector. +- */ +- ip = ivec; +- GET_HALF_BLOCK(left, ip); +- GET_HALF_BLOCK(right, ip); +- +- /* +- * Suitably initialized, now work the length down 8 bytes +- * at a time. +- */ +- ip = in; +- len = length; +- while (len > 0) { +- /* +- * Get more input, xor it in. If the length is +- * greater than or equal to 8 this is straight +- * forward. Otherwise we have to fart around. +- */ +- if (len >= 8) { +- unsigned DES_INT32 temp; +- GET_HALF_BLOCK(temp, ip); +- left ^= temp; +- GET_HALF_BLOCK(temp, ip); +- right ^= temp; +- len -= 8; +- } else { +- /* +- * Oh, shoot. We need to pad the +- * end with zeroes. Work backwards +- * to do this. +- */ +- ip += (int) len; +- switch(len) { +- case 7: +- right ^= (*(--ip) & FF_UINT32) << 8; +- case 6: +- right ^= (*(--ip) & FF_UINT32) << 16; +- case 5: +- right ^= (*(--ip) & FF_UINT32) << 24; +- case 4: +- left ^= *(--ip) & FF_UINT32; +- case 3: +- left ^= (*(--ip) & FF_UINT32) << 8; +- case 2: +- left ^= (*(--ip) & FF_UINT32) << 16; +- case 1: +- left ^= (*(--ip) & FF_UINT32) << 24; +- break; +- } +- len = 0; +- } +- +- /* +- * Encrypt what we have +- */ +- kp = (const unsigned DES_INT32 *)schedule; +- DES_DO_ENCRYPT(left, right, kp); +- } +- +- /* +- * Done. Left and right have the checksum. Put it into +- * the output. +- */ +- op = out; +- PUT_HALF_BLOCK(left, op); +- PUT_HALF_BLOCK(right, op); +- +- /* +- * Return right. I'll bet the MIT code returns this +- * inconsistantly (with the low order byte of the checksum +- * not always in the low order byte of the DES_INT32). We won't. +- */ +- return right & 0xFFFFFFFFUL; +-} +diff --git a/src/lib/crypto/builtin/des/f_parity.c b/src/lib/crypto/builtin/des/f_parity.c +deleted file mode 100644 +index 460b5061b..000000000 +--- a/src/lib/crypto/builtin/des/f_parity.c ++++ /dev/null +@@ -1,56 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * These routines check and fix parity of encryption keys for the DES +- * algorithm. +- * +- * They are a replacement for routines in key_parity.c, that don't require +- * the table building that they do. +- * +- * Mark Eichin -- Cygnus Support +- */ +- +- +-#include "des_int.h" +- +-/* +- * des_fixup_key_parity: Forces odd parity per byte; parity is bits +- * 8,16,...64 in des order, implies 0, 8, 16, ... +- * vax order. +- */ +-#define smask(step) ((1<>step)&smask(step))) +-#define parity_char(x) pstep(pstep(pstep((x),4),2),1) +- +-void +-mit_des_fixup_key_parity(mit_des_cblock key) +-{ +- unsigned int i; +- for (i=0; i> 29) & 0x7] +- | (PC1_CL[(tmp >> 21) & 0x7] << 1) +- | (PC1_CL[(tmp >> 13) & 0x7] << 2) +- | (PC1_CL[(tmp >> 5) & 0x7] << 3); +- d = PC1_DL[(tmp >> 25) & 0xf] +- | (PC1_DL[(tmp >> 17) & 0xf] << 1) +- | (PC1_DL[(tmp >> 9) & 0xf] << 2) +- | (PC1_DL[(tmp >> 1) & 0xf] << 3); +- +- tmp = load_32_be(k), k += 4; +- +- c |= PC1_CR[(tmp >> 28) & 0xf] +- | (PC1_CR[(tmp >> 20) & 0xf] << 1) +- | (PC1_CR[(tmp >> 12) & 0xf] << 2) +- | (PC1_CR[(tmp >> 4) & 0xf] << 3); +- d |= PC1_DR[(tmp >> 25) & 0x7] +- | (PC1_DR[(tmp >> 17) & 0x7] << 1) +- | (PC1_DR[(tmp >> 9) & 0x7] << 2) +- | (PC1_DR[(tmp >> 1) & 0x7] << 3); +- } +- +- { +- /* +- * Need several temporaries in here +- */ +- unsigned DES_INT32 ltmp, rtmp; +- unsigned DES_INT32 *k; +- int two_bit_shifts; +- int i; +- /* +- * Now iterate to compute the key schedule. Note that we +- * record the entire set of subkeys in 6 bit chunks since +- * they are used that way. At 6 bits/char, we need +- * 48/6 char's/subkey * 16 subkeys/encryption == 128 bytes. +- * The schedule must be this big. +- */ +- k = (unsigned DES_INT32 *)schedule; +- two_bit_shifts = TWO_BIT_SHIFTS; +- for (i = 16; i > 0; i--) { +- /* +- * Do the rotation. One bit and two bit rotations +- * are done separately. Note C and D are 28 bits. +- */ +- if (two_bit_shifts & 0x1) { +- c = ((c << 2) & 0xffffffc) | (c >> 26); +- d = ((d << 2) & 0xffffffc) | (d >> 26); +- } else { +- c = ((c << 1) & 0xffffffe) | (c >> 27); +- d = ((d << 1) & 0xffffffe) | (d >> 27); +- } +- two_bit_shifts >>= 1; +- +- /* +- * Apply permutted choice 2 to C to get the first +- * 24 bits worth of keys. Note that bits 9, 18, 22 +- * and 25 (using DES numbering) in C are unused. The +- * shift-mask stuff is done to delete these bits from +- * the indices, since this cuts the table size in half. +- * +- * The table is torqued, by the way. If the standard +- * byte order for this (high to low order) is 1234, +- * the table actually gives us 4132. +- */ +- ltmp = PC2_C[0][((c >> 22) & 0x3f)] +- | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)] +- | PC2_C[2][((c >> 4) & 0x3) | ((c >> 9) & 0x3c)] +- | PC2_C[3][((c ) & 0x7) | ((c >> 4) & 0x38)]; +- /* +- * Apply permutted choice 2 to D to get the other half. +- * Here, bits 7, 10, 15 and 26 go unused. The sqeezing +- * actually turns out to be cheaper here. +- * +- * This table is similarly torqued. If the standard +- * byte order is 5678, the table has the bytes permuted +- * to give us 7685. +- */ +- rtmp = PC2_D[0][((d >> 22) & 0x3f)] +- | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)] +- | PC2_D[2][((d >> 7) & 0x3f)] +- | PC2_D[3][((d ) & 0x3) | ((d >> 1) & 0x3c)]; +- +- /* +- * Make up two words of the key schedule, with a +- * byte order which is convenient for the DES +- * inner loop. The high order (first) word will +- * hold bytes 7135 (high to low order) while the +- * second holds bytes 4682. +- */ +- *k++ = (ltmp & 0x00ffff00) | (rtmp & 0xff0000ff); +- *k++ = (ltmp & 0xff0000ff) | (rtmp & 0x00ffff00); +- } +- } +- return (0); +-} +diff --git a/src/lib/crypto/builtin/des/f_tables.c b/src/lib/crypto/builtin/des/f_tables.c +deleted file mode 100644 +index 6308cb0d5..000000000 +--- a/src/lib/crypto/builtin/des/f_tables.c ++++ /dev/null +@@ -1,370 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/f_tables.c */ +-/* +- * Copyright (C) 1990 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* DES implementation donated by Dennis Ferguson */ +- +-/* +- * des_tables.c - precomputed tables used for the DES cipher function +- */ +- +-/* +- * Include the header file so something will complain if the +- * declarations get out of sync +- */ +-#include "des_int.h" +-#include "f_tables.h" +- +-/* +- * These tables may be declared const if you want. Many compilers +- * don't support this, though. +- */ +- +-/* +- * The DES algorithm which uses these is intended to be fairly speedy +- * at the expense of some memory. All the standard hacks are used. +- * The S boxes and the P permutation are precomputed into one table. +- * The E box never actually appears explicitly since it is easy to apply +- * this algorithmically as needed. The initial permutation and final +- * (inverse initial) permutation are computed from tables designed to +- * permute one byte at a time. This should run pretty fast on machines +- * with 32 bit words and bit field/multiple bit shift instructions which +- * are fast. +- */ +- +-/* +- * The initial permutation array. This is used to compute both the +- * left and the right halves of the initial permutation using bytes +- * from words made from the following operations: +- * +- * ((left & 0x55555555) << 1) | (right & 0x55555555) for left half +- * (left & 0xaaaaaaaa) | ((right & 0xaaaaaaaa) >> 1) for right half +- * +- * The scheme is that we index into the table using each byte. The +- * result from the high order byte is or'd with the result from the +- * next byte shifted left once is or'd with the result from the next +- * byte shifted left twice if or'd with the result from the low order +- * byte shifted left by three. Clear? +- */ +- +-const unsigned DES_INT32 des_IP_table[256] = { +- 0x00000000, 0x00000010, 0x00000001, 0x00000011, +- 0x00001000, 0x00001010, 0x00001001, 0x00001011, +- 0x00000100, 0x00000110, 0x00000101, 0x00000111, +- 0x00001100, 0x00001110, 0x00001101, 0x00001111, +- 0x00100000, 0x00100010, 0x00100001, 0x00100011, +- 0x00101000, 0x00101010, 0x00101001, 0x00101011, +- 0x00100100, 0x00100110, 0x00100101, 0x00100111, +- 0x00101100, 0x00101110, 0x00101101, 0x00101111, +- 0x00010000, 0x00010010, 0x00010001, 0x00010011, +- 0x00011000, 0x00011010, 0x00011001, 0x00011011, +- 0x00010100, 0x00010110, 0x00010101, 0x00010111, +- 0x00011100, 0x00011110, 0x00011101, 0x00011111, +- 0x00110000, 0x00110010, 0x00110001, 0x00110011, +- 0x00111000, 0x00111010, 0x00111001, 0x00111011, +- 0x00110100, 0x00110110, 0x00110101, 0x00110111, +- 0x00111100, 0x00111110, 0x00111101, 0x00111111, +- 0x10000000, 0x10000010, 0x10000001, 0x10000011, +- 0x10001000, 0x10001010, 0x10001001, 0x10001011, +- 0x10000100, 0x10000110, 0x10000101, 0x10000111, +- 0x10001100, 0x10001110, 0x10001101, 0x10001111, +- 0x10100000, 0x10100010, 0x10100001, 0x10100011, +- 0x10101000, 0x10101010, 0x10101001, 0x10101011, +- 0x10100100, 0x10100110, 0x10100101, 0x10100111, +- 0x10101100, 0x10101110, 0x10101101, 0x10101111, +- 0x10010000, 0x10010010, 0x10010001, 0x10010011, +- 0x10011000, 0x10011010, 0x10011001, 0x10011011, +- 0x10010100, 0x10010110, 0x10010101, 0x10010111, +- 0x10011100, 0x10011110, 0x10011101, 0x10011111, +- 0x10110000, 0x10110010, 0x10110001, 0x10110011, +- 0x10111000, 0x10111010, 0x10111001, 0x10111011, +- 0x10110100, 0x10110110, 0x10110101, 0x10110111, +- 0x10111100, 0x10111110, 0x10111101, 0x10111111, +- 0x01000000, 0x01000010, 0x01000001, 0x01000011, +- 0x01001000, 0x01001010, 0x01001001, 0x01001011, +- 0x01000100, 0x01000110, 0x01000101, 0x01000111, +- 0x01001100, 0x01001110, 0x01001101, 0x01001111, +- 0x01100000, 0x01100010, 0x01100001, 0x01100011, +- 0x01101000, 0x01101010, 0x01101001, 0x01101011, +- 0x01100100, 0x01100110, 0x01100101, 0x01100111, +- 0x01101100, 0x01101110, 0x01101101, 0x01101111, +- 0x01010000, 0x01010010, 0x01010001, 0x01010011, +- 0x01011000, 0x01011010, 0x01011001, 0x01011011, +- 0x01010100, 0x01010110, 0x01010101, 0x01010111, +- 0x01011100, 0x01011110, 0x01011101, 0x01011111, +- 0x01110000, 0x01110010, 0x01110001, 0x01110011, +- 0x01111000, 0x01111010, 0x01111001, 0x01111011, +- 0x01110100, 0x01110110, 0x01110101, 0x01110111, +- 0x01111100, 0x01111110, 0x01111101, 0x01111111, +- 0x11000000, 0x11000010, 0x11000001, 0x11000011, +- 0x11001000, 0x11001010, 0x11001001, 0x11001011, +- 0x11000100, 0x11000110, 0x11000101, 0x11000111, +- 0x11001100, 0x11001110, 0x11001101, 0x11001111, +- 0x11100000, 0x11100010, 0x11100001, 0x11100011, +- 0x11101000, 0x11101010, 0x11101001, 0x11101011, +- 0x11100100, 0x11100110, 0x11100101, 0x11100111, +- 0x11101100, 0x11101110, 0x11101101, 0x11101111, +- 0x11010000, 0x11010010, 0x11010001, 0x11010011, +- 0x11011000, 0x11011010, 0x11011001, 0x11011011, +- 0x11010100, 0x11010110, 0x11010101, 0x11010111, +- 0x11011100, 0x11011110, 0x11011101, 0x11011111, +- 0x11110000, 0x11110010, 0x11110001, 0x11110011, +- 0x11111000, 0x11111010, 0x11111001, 0x11111011, +- 0x11110100, 0x11110110, 0x11110101, 0x11110111, +- 0x11111100, 0x11111110, 0x11111101, 0x11111111 +-}; +- +-/* +- * The final permutation array. Like the IP array, used +- * to compute both the left and right results from the bytes +- * of words computed from: +- * +- * ((left & 0x0f0f0f0f) << 4) | (right & 0x0f0f0f0f) for left result +- * (left & 0xf0f0f0f0) | ((right & 0xf0f0f0f0) >> 4) for right result +- * +- * The result from the high order byte is shifted left 6 bits and +- * or'd with the result from the next byte shifted left 4 bits, which +- * is or'd with the result from the next byte shifted left 2 bits, +- * which is or'd with the result from the low byte. +- */ +-const unsigned DES_INT32 des_FP_table[256] = { +- 0x00000000, 0x02000000, 0x00020000, 0x02020000, +- 0x00000200, 0x02000200, 0x00020200, 0x02020200, +- 0x00000002, 0x02000002, 0x00020002, 0x02020002, +- 0x00000202, 0x02000202, 0x00020202, 0x02020202, +- 0x01000000, 0x03000000, 0x01020000, 0x03020000, +- 0x01000200, 0x03000200, 0x01020200, 0x03020200, +- 0x01000002, 0x03000002, 0x01020002, 0x03020002, +- 0x01000202, 0x03000202, 0x01020202, 0x03020202, +- 0x00010000, 0x02010000, 0x00030000, 0x02030000, +- 0x00010200, 0x02010200, 0x00030200, 0x02030200, +- 0x00010002, 0x02010002, 0x00030002, 0x02030002, +- 0x00010202, 0x02010202, 0x00030202, 0x02030202, +- 0x01010000, 0x03010000, 0x01030000, 0x03030000, +- 0x01010200, 0x03010200, 0x01030200, 0x03030200, +- 0x01010002, 0x03010002, 0x01030002, 0x03030002, +- 0x01010202, 0x03010202, 0x01030202, 0x03030202, +- 0x00000100, 0x02000100, 0x00020100, 0x02020100, +- 0x00000300, 0x02000300, 0x00020300, 0x02020300, +- 0x00000102, 0x02000102, 0x00020102, 0x02020102, +- 0x00000302, 0x02000302, 0x00020302, 0x02020302, +- 0x01000100, 0x03000100, 0x01020100, 0x03020100, +- 0x01000300, 0x03000300, 0x01020300, 0x03020300, +- 0x01000102, 0x03000102, 0x01020102, 0x03020102, +- 0x01000302, 0x03000302, 0x01020302, 0x03020302, +- 0x00010100, 0x02010100, 0x00030100, 0x02030100, +- 0x00010300, 0x02010300, 0x00030300, 0x02030300, +- 0x00010102, 0x02010102, 0x00030102, 0x02030102, +- 0x00010302, 0x02010302, 0x00030302, 0x02030302, +- 0x01010100, 0x03010100, 0x01030100, 0x03030100, +- 0x01010300, 0x03010300, 0x01030300, 0x03030300, +- 0x01010102, 0x03010102, 0x01030102, 0x03030102, +- 0x01010302, 0x03010302, 0x01030302, 0x03030302, +- 0x00000001, 0x02000001, 0x00020001, 0x02020001, +- 0x00000201, 0x02000201, 0x00020201, 0x02020201, +- 0x00000003, 0x02000003, 0x00020003, 0x02020003, +- 0x00000203, 0x02000203, 0x00020203, 0x02020203, +- 0x01000001, 0x03000001, 0x01020001, 0x03020001, +- 0x01000201, 0x03000201, 0x01020201, 0x03020201, +- 0x01000003, 0x03000003, 0x01020003, 0x03020003, +- 0x01000203, 0x03000203, 0x01020203, 0x03020203, +- 0x00010001, 0x02010001, 0x00030001, 0x02030001, +- 0x00010201, 0x02010201, 0x00030201, 0x02030201, +- 0x00010003, 0x02010003, 0x00030003, 0x02030003, +- 0x00010203, 0x02010203, 0x00030203, 0x02030203, +- 0x01010001, 0x03010001, 0x01030001, 0x03030001, +- 0x01010201, 0x03010201, 0x01030201, 0x03030201, +- 0x01010003, 0x03010003, 0x01030003, 0x03030003, +- 0x01010203, 0x03010203, 0x01030203, 0x03030203, +- 0x00000101, 0x02000101, 0x00020101, 0x02020101, +- 0x00000301, 0x02000301, 0x00020301, 0x02020301, +- 0x00000103, 0x02000103, 0x00020103, 0x02020103, +- 0x00000303, 0x02000303, 0x00020303, 0x02020303, +- 0x01000101, 0x03000101, 0x01020101, 0x03020101, +- 0x01000301, 0x03000301, 0x01020301, 0x03020301, +- 0x01000103, 0x03000103, 0x01020103, 0x03020103, +- 0x01000303, 0x03000303, 0x01020303, 0x03020303, +- 0x00010101, 0x02010101, 0x00030101, 0x02030101, +- 0x00010301, 0x02010301, 0x00030301, 0x02030301, +- 0x00010103, 0x02010103, 0x00030103, 0x02030103, +- 0x00010303, 0x02010303, 0x00030303, 0x02030303, +- 0x01010101, 0x03010101, 0x01030101, 0x03030101, +- 0x01010301, 0x03010301, 0x01030301, 0x03030301, +- 0x01010103, 0x03010103, 0x01030103, 0x03030103, +- 0x01010303, 0x03010303, 0x01030303, 0x03030303 +-}; +- +- +-/* +- * The SP table is actually the S boxes and the P permutation +- * table combined. This table is actually reordered from the +- * spec, to match the order of key application we follow. +- */ +-const unsigned DES_INT32 des_SP_table[8][64] = { +- { +- 0x00100000, 0x02100001, 0x02000401, 0x00000000, /* 7 */ +- 0x00000400, 0x02000401, 0x00100401, 0x02100400, +- 0x02100401, 0x00100000, 0x00000000, 0x02000001, +- 0x00000001, 0x02000000, 0x02100001, 0x00000401, +- 0x02000400, 0x00100401, 0x00100001, 0x02000400, +- 0x02000001, 0x02100000, 0x02100400, 0x00100001, +- 0x02100000, 0x00000400, 0x00000401, 0x02100401, +- 0x00100400, 0x00000001, 0x02000000, 0x00100400, +- 0x02000000, 0x00100400, 0x00100000, 0x02000401, +- 0x02000401, 0x02100001, 0x02100001, 0x00000001, +- 0x00100001, 0x02000000, 0x02000400, 0x00100000, +- 0x02100400, 0x00000401, 0x00100401, 0x02100400, +- 0x00000401, 0x02000001, 0x02100401, 0x02100000, +- 0x00100400, 0x00000000, 0x00000001, 0x02100401, +- 0x00000000, 0x00100401, 0x02100000, 0x00000400, +- 0x02000001, 0x02000400, 0x00000400, 0x00100001, +- }, +- { +- 0x00808200, 0x00000000, 0x00008000, 0x00808202, /* 1 */ +- 0x00808002, 0x00008202, 0x00000002, 0x00008000, +- 0x00000200, 0x00808200, 0x00808202, 0x00000200, +- 0x00800202, 0x00808002, 0x00800000, 0x00000002, +- 0x00000202, 0x00800200, 0x00800200, 0x00008200, +- 0x00008200, 0x00808000, 0x00808000, 0x00800202, +- 0x00008002, 0x00800002, 0x00800002, 0x00008002, +- 0x00000000, 0x00000202, 0x00008202, 0x00800000, +- 0x00008000, 0x00808202, 0x00000002, 0x00808000, +- 0x00808200, 0x00800000, 0x00800000, 0x00000200, +- 0x00808002, 0x00008000, 0x00008200, 0x00800002, +- 0x00000200, 0x00000002, 0x00800202, 0x00008202, +- 0x00808202, 0x00008002, 0x00808000, 0x00800202, +- 0x00800002, 0x00000202, 0x00008202, 0x00808200, +- 0x00000202, 0x00800200, 0x00800200, 0x00000000, +- 0x00008002, 0x00008200, 0x00000000, 0x00808002, +- }, +- { +- 0x00000104, 0x04010100, 0x00000000, 0x04010004, /* 3 */ +- 0x04000100, 0x00000000, 0x00010104, 0x04000100, +- 0x00010004, 0x04000004, 0x04000004, 0x00010000, +- 0x04010104, 0x00010004, 0x04010000, 0x00000104, +- 0x04000000, 0x00000004, 0x04010100, 0x00000100, +- 0x00010100, 0x04010000, 0x04010004, 0x00010104, +- 0x04000104, 0x00010100, 0x00010000, 0x04000104, +- 0x00000004, 0x04010104, 0x00000100, 0x04000000, +- 0x04010100, 0x04000000, 0x00010004, 0x00000104, +- 0x00010000, 0x04010100, 0x04000100, 0x00000000, +- 0x00000100, 0x00010004, 0x04010104, 0x04000100, +- 0x04000004, 0x00000100, 0x00000000, 0x04010004, +- 0x04000104, 0x00010000, 0x04000000, 0x04010104, +- 0x00000004, 0x00010104, 0x00010100, 0x04000004, +- 0x04010000, 0x04000104, 0x00000104, 0x04010000, +- 0x00010104, 0x00000004, 0x04010004, 0x00010100, +- }, +- { +- 0x00000080, 0x01040080, 0x01040000, 0x21000080, /* 5 */ +- 0x00040000, 0x00000080, 0x20000000, 0x01040000, +- 0x20040080, 0x00040000, 0x01000080, 0x20040080, +- 0x21000080, 0x21040000, 0x00040080, 0x20000000, +- 0x01000000, 0x20040000, 0x20040000, 0x00000000, +- 0x20000080, 0x21040080, 0x21040080, 0x01000080, +- 0x21040000, 0x20000080, 0x00000000, 0x21000000, +- 0x01040080, 0x01000000, 0x21000000, 0x00040080, +- 0x00040000, 0x21000080, 0x00000080, 0x01000000, +- 0x20000000, 0x01040000, 0x21000080, 0x20040080, +- 0x01000080, 0x20000000, 0x21040000, 0x01040080, +- 0x20040080, 0x00000080, 0x01000000, 0x21040000, +- 0x21040080, 0x00040080, 0x21000000, 0x21040080, +- 0x01040000, 0x00000000, 0x20040000, 0x21000000, +- 0x00040080, 0x01000080, 0x20000080, 0x00040000, +- 0x00000000, 0x20040000, 0x01040080, 0x20000080, +- }, +- { +- 0x80401000, 0x80001040, 0x80001040, 0x00000040, /* 4 */ +- 0x00401040, 0x80400040, 0x80400000, 0x80001000, +- 0x00000000, 0x00401000, 0x00401000, 0x80401040, +- 0x80000040, 0x00000000, 0x00400040, 0x80400000, +- 0x80000000, 0x00001000, 0x00400000, 0x80401000, +- 0x00000040, 0x00400000, 0x80001000, 0x00001040, +- 0x80400040, 0x80000000, 0x00001040, 0x00400040, +- 0x00001000, 0x00401040, 0x80401040, 0x80000040, +- 0x00400040, 0x80400000, 0x00401000, 0x80401040, +- 0x80000040, 0x00000000, 0x00000000, 0x00401000, +- 0x00001040, 0x00400040, 0x80400040, 0x80000000, +- 0x80401000, 0x80001040, 0x80001040, 0x00000040, +- 0x80401040, 0x80000040, 0x80000000, 0x00001000, +- 0x80400000, 0x80001000, 0x00401040, 0x80400040, +- 0x80001000, 0x00001040, 0x00400000, 0x80401000, +- 0x00000040, 0x00400000, 0x00001000, 0x00401040, +- }, +- { +- 0x10000008, 0x10200000, 0x00002000, 0x10202008, /* 6 */ +- 0x10200000, 0x00000008, 0x10202008, 0x00200000, +- 0x10002000, 0x00202008, 0x00200000, 0x10000008, +- 0x00200008, 0x10002000, 0x10000000, 0x00002008, +- 0x00000000, 0x00200008, 0x10002008, 0x00002000, +- 0x00202000, 0x10002008, 0x00000008, 0x10200008, +- 0x10200008, 0x00000000, 0x00202008, 0x10202000, +- 0x00002008, 0x00202000, 0x10202000, 0x10000000, +- 0x10002000, 0x00000008, 0x10200008, 0x00202000, +- 0x10202008, 0x00200000, 0x00002008, 0x10000008, +- 0x00200000, 0x10002000, 0x10000000, 0x00002008, +- 0x10000008, 0x10202008, 0x00202000, 0x10200000, +- 0x00202008, 0x10202000, 0x00000000, 0x10200008, +- 0x00000008, 0x00002000, 0x10200000, 0x00202008, +- 0x00002000, 0x00200008, 0x10002008, 0x00000000, +- 0x10202000, 0x10000000, 0x00200008, 0x10002008, +- }, +- { +- 0x08000820, 0x00000800, 0x00020000, 0x08020820, /* 8 */ +- 0x08000000, 0x08000820, 0x00000020, 0x08000000, +- 0x00020020, 0x08020000, 0x08020820, 0x00020800, +- 0x08020800, 0x00020820, 0x00000800, 0x00000020, +- 0x08020000, 0x08000020, 0x08000800, 0x00000820, +- 0x00020800, 0x00020020, 0x08020020, 0x08020800, +- 0x00000820, 0x00000000, 0x00000000, 0x08020020, +- 0x08000020, 0x08000800, 0x00020820, 0x00020000, +- 0x00020820, 0x00020000, 0x08020800, 0x00000800, +- 0x00000020, 0x08020020, 0x00000800, 0x00020820, +- 0x08000800, 0x00000020, 0x08000020, 0x08020000, +- 0x08020020, 0x08000000, 0x00020000, 0x08000820, +- 0x00000000, 0x08020820, 0x00020020, 0x08000020, +- 0x08020000, 0x08000800, 0x08000820, 0x00000000, +- 0x08020820, 0x00020800, 0x00020800, 0x00000820, +- 0x00000820, 0x00020020, 0x08000000, 0x08020800, +- }, +- { +- 0x40084010, 0x40004000, 0x00004000, 0x00084010, /* 2 */ +- 0x00080000, 0x00000010, 0x40080010, 0x40004010, +- 0x40000010, 0x40084010, 0x40084000, 0x40000000, +- 0x40004000, 0x00080000, 0x00000010, 0x40080010, +- 0x00084000, 0x00080010, 0x40004010, 0x00000000, +- 0x40000000, 0x00004000, 0x00084010, 0x40080000, +- 0x00080010, 0x40000010, 0x00000000, 0x00084000, +- 0x00004010, 0x40084000, 0x40080000, 0x00004010, +- 0x00000000, 0x00084010, 0x40080010, 0x00080000, +- 0x40004010, 0x40080000, 0x40084000, 0x00004000, +- 0x40080000, 0x40004000, 0x00000010, 0x40084010, +- 0x00084010, 0x00000010, 0x00004000, 0x40000000, +- 0x00004010, 0x40084000, 0x00080000, 0x40000010, +- 0x00080010, 0x40004010, 0x40000010, 0x00080010, +- 0x00084000, 0x00000000, 0x40004000, 0x00004010, +- 0x40000000, 0x40080010, 0x40084010, 0x00084000 +- }, +-}; +diff --git a/src/lib/crypto/builtin/des/f_tables.h b/src/lib/crypto/builtin/des/f_tables.h +deleted file mode 100644 +index fc91b566c..000000000 +--- a/src/lib/crypto/builtin/des/f_tables.h ++++ /dev/null +@@ -1,285 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/f_tables.h */ +-/* +- * Copyright (C) 1990 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* +- * DES implementation donated by Dennis Ferguson +- */ +- +-/* +- * des_tables.h - declarations to import the DES tables, used internally +- * by some of the library routines. +- */ +-#ifndef __DES_TABLES_H__ +-#define __DES_TABLES_H__ /* nothing */ +- +-#include "k5-platform.h" +-/* +- * These may be declared const if you wish. Be sure to change the +- * declarations in des_tables.c as well. +- */ +-extern const unsigned DES_INT32 des_IP_table[256]; +-extern const unsigned DES_INT32 des_FP_table[256]; +-extern const unsigned DES_INT32 des_SP_table[8][64]; +- +-/* +- * Use standard shortforms to reference these to save typing +- */ +-#define IP des_IP_table +-#define FP des_FP_table +-#define SP des_SP_table +- +-#ifdef DEBUG +-#define DEB(foofraw) printf foofraw +-#else +-#define DEB(foofraw) /* nothing */ +-#endif +- +-/* +- * Code to do a DES round using the tables. Note that the E expansion +- * is easy to compute algorithmically, especially if done out-of-order. +- * Take a look at its form and compare it to everything involving temp +- * below. Since SP[0-7] don't have any bits in common set it is okay +- * to do the successive xor's. +- * +- * Note too that the SP table has been reordered to match the order of +- * the keys (if the original order of SP was 12345678, the reordered +- * table is 71354682). This is unnecessary, but was done since some +- * compilers seem to like you going through the matrix from beginning +- * to end. +- * +- * There is a difference in the best way to do this depending on whether +- * one is encrypting or decrypting. If encrypting we move forward through +- * the keys and hence should move forward through the table. If decrypting +- * we go back. Part of the need for this comes from trying to emulate +- * existing software which generates a single key schedule and uses it +- * both for encrypting and decrypting. Generating separate encryption +- * and decryption key schedules would allow one to use the same code +- * for both. +- * +- * left, right and temp should be unsigned DES_INT32 values. left and right +- * should be the high and low order parts of the cipher block at the +- * current stage of processing (this makes sense if you read the spec). +- * kp should be an unsigned DES_INT32 pointer which points at the current +- * set of subkeys in the key schedule. It is advanced to the next set +- * (i.e. by 8 bytes) when this is done. +- * +- * This occurs in the innermost loop of the DES function. The four +- * variables should really be in registers. +- * +- * When using this, the inner loop of the DES function might look like: +- * +- * for (i = 0; i < 8; i++) { +- * DES_SP_{EN,DE}CRYPT_ROUND(left, right, temp, kp); +- * DES_SP_{EN,DE}CRYPT_ROUND(right, left, temp, kp); +- * } +- * +- * Note the trick above. You are supposed to do 16 rounds, swapping +- * left and right at the end of each round. By doing two rounds at +- * a time and swapping left and right in the code we can avoid the +- * swaps altogether. +- */ +-#define DES_SP_ENCRYPT_ROUND(left, right, temp, kp) do { \ +- (temp) = (((right) >> 11) | ((right) << 21)) ^ *(kp)++; \ +- (left) ^= SP[0][((temp) >> 24) & 0x3f] \ +- | SP[1][((temp) >> 16) & 0x3f] \ +- | SP[2][((temp) >> 8) & 0x3f] \ +- | SP[3][((temp) ) & 0x3f]; \ +- (temp) = (((right) >> 23) | ((right) << 9)) ^ *(kp)++; \ +- (left) ^= SP[4][((temp) >> 24) & 0x3f] \ +- | SP[5][((temp) >> 16) & 0x3f] \ +- | SP[6][((temp) >> 8) & 0x3f] \ +- | SP[7][((temp) ) & 0x3f]; \ +- } while(0); +- +-#define DES_SP_DECRYPT_ROUND(left, right, temp, kp) do { \ +- (temp) = (((right) >> 23) | ((right) << 9)) ^ *(--(kp)); \ +- (left) ^= SP[7][((temp) ) & 0x3f] \ +- | SP[6][((temp) >> 8) & 0x3f] \ +- | SP[5][((temp) >> 16) & 0x3f] \ +- | SP[4][((temp) >> 24) & 0x3f]; \ +- (temp) = (((right) >> 11) | ((right) << 21)) ^ *(--(kp)); \ +- (left) ^= SP[3][((temp) ) & 0x3f] \ +- | SP[2][((temp) >> 8) & 0x3f] \ +- | SP[1][((temp) >> 16) & 0x3f] \ +- | SP[0][((temp) >> 24) & 0x3f]; \ +- } while (0); +- +-/* +- * Macros to help deal with the initial permutation table. Note +- * the IP table only deals with 32 bits at a time, allowing us to +- * collect the bits we need to deal with each half into an unsigned +- * DES_INT32. By carefully selecting how the bits are ordered we also +- * take advantages of symmetries in the table so that we can use a +- * single table to compute the permutation of all bytes. This sounds +- * complicated, but if you go through the process of designing the +- * table you'll find the symmetries fall right out. +- * +- * The follow macros compute the set of bits used to index the +- * table for produce the left and right permuted result. +- * +- * The inserted cast to unsigned DES_INT32 circumvents a bug in +- * the Macintosh MPW 3.2 C compiler which loses the unsignedness and +- * propagates the high-order bit in the shift. +- */ +-#define DES_IP_LEFT_BITS(left, right) \ +- ((((left) & 0x55555555) << 1) | ((right) & 0x55555555)) +-#define DES_IP_RIGHT_BITS(left, right) \ +- (((left) & 0xaaaaaaaa) | \ +- ( ( (unsigned DES_INT32) ((right) & 0xaaaaaaaa) ) >> 1)) +- +-/* +- * The following macro does an in-place initial permutation given +- * the current left and right parts of the block and a single +- * temporary. Use this more as a guide for rolling your own, though. +- * The best way to do the IP depends on the form of the data you +- * are dealing with. If you use this, though, try to make left, +- * right and temp unsigned DES_INT32s. +- */ +-#define DES_INITIAL_PERM(left, right, temp) do { \ +- (temp) = DES_IP_RIGHT_BITS((left), (right)); \ +- (right) = DES_IP_LEFT_BITS((left), (right)); \ +- (left) = IP[((right) >> 24) & 0xff] \ +- | (IP[((right) >> 16) & 0xff] << 1) \ +- | (IP[((right) >> 8) & 0xff] << 2) \ +- | (IP[(right) & 0xff] << 3); \ +- (right) = IP[((temp) >> 24) & 0xff] \ +- | (IP[((temp) >> 16) & 0xff] << 1) \ +- | (IP[((temp) >> 8) & 0xff] << 2) \ +- | (IP[(temp) & 0xff] << 3); \ +- } while(0); +- +-/* +- * Now the final permutation stuff. The same comments apply to +- * this as to the initial permutation, except that we use different +- * bits and shifts. +- * +- * The inserted cast to unsigned DES_INT32 circumvents a bug in +- * the Macintosh MPW 3.2 C compiler which loses the unsignedness and +- * propagates the high-order bit in the shift. +- */ +-#define DES_FP_LEFT_BITS(left, right) \ +- ((((left) & 0x0f0f0f0f) << 4) | ((right) & 0x0f0f0f0f)) +-#define DES_FP_RIGHT_BITS(left, right) \ +- (((left) & 0xf0f0f0f0) | \ +- ( ( (unsigned DES_INT32) ((right) & 0xf0f0f0f0) ) >> 4)) +- +- +-/* +- * Here is a sample final permutation. Note that there is a trick +- * here. DES requires swapping the left and right parts after the +- * last cipher round but before the final permutation. We do this +- * swapping internally, which is why left and right are confused +- * at the beginning. +- */ +-#define DES_FINAL_PERM(left, right, temp) do { \ +- (temp) = DES_FP_RIGHT_BITS((right), (left)); \ +- (right) = DES_FP_LEFT_BITS((right), (left)); \ +- (left) = (FP[((right) >> 24) & 0xff] << 6) \ +- | (FP[((right) >> 16) & 0xff] << 4) \ +- | (FP[((right) >> 8) & 0xff] << 2) \ +- | FP[(right) & 0xff]; \ +- (right) = (FP[((temp) >> 24) & 0xff] << 6) \ +- | (FP[((temp) >> 16) & 0xff] << 4) \ +- | (FP[((temp) >> 8) & 0xff] << 2) \ +- | FP[temp & 0xff]; \ +- } while(0); +- +- +-/* +- * Finally, as a sample of how all this might be held together, the +- * following two macros do in-place encryptions and decryptions. left +- * and right are two unsigned DES_INT32 variables which at the beginning +- * are expected to hold the clear (encrypted) block in host byte order +- * (left the high order four bytes, right the low order). At the end +- * they will contain the encrypted (clear) block. temp is an unsigned DES_INT32 +- * used as a temporary. kp is an unsigned DES_INT32 pointer pointing at +- * the start of the key schedule. All these should be in registers. +- * +- * You can probably do better than these by rewriting for particular +- * situations. These aren't bad, though. +- * +- * The DEB macros enable debugging when this code breaks (typically +- * when a buggy compiler breaks it), by printing the intermediate values +- * at each stage of the encryption, so that by comparing the output to +- * a known good machine, the location of the first error can be found. +- */ +-#define DES_DO_ENCRYPT_1(left, right, kp) \ +- do { \ +- int i; \ +- unsigned DES_INT32 temp1; \ +- DEB (("do_encrypt %8lX %8lX \n", left, right)); \ +- DES_INITIAL_PERM((left), (right), (temp1)); \ +- DEB ((" after IP %8lX %8lX\n", left, right)); \ +- for (i = 0; i < 8; i++) { \ +- DES_SP_ENCRYPT_ROUND((left), (right), (temp1), (kp)); \ +- DEB ((" round %2d %8lX %8lX \n", i*2, left, right)); \ +- DES_SP_ENCRYPT_ROUND((right), (left), (temp1), (kp)); \ +- DEB ((" round %2d %8lX %8lX \n", 1+i*2, left, right)); \ +- } \ +- DES_FINAL_PERM((left), (right), (temp1)); \ +- (kp) -= (2 * 16); \ +- DEB ((" after FP %8lX %8lX \n", left, right)); \ +- } while (0) +- +-#define DES_DO_DECRYPT_1(left, right, kp) \ +- do { \ +- int i; \ +- unsigned DES_INT32 temp2; \ +- DES_INITIAL_PERM((left), (right), (temp2)); \ +- (kp) += (2 * 16); \ +- for (i = 0; i < 8; i++) { \ +- DES_SP_DECRYPT_ROUND((left), (right), (temp2), (kp)); \ +- DES_SP_DECRYPT_ROUND((right), (left), (temp2), (kp)); \ +- } \ +- DES_FINAL_PERM((left), (right), (temp2)); \ +- } while (0) +- +-#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO) +-extern void krb5int_des_do_encrypt_2(unsigned DES_INT32 *l, +- unsigned DES_INT32 *r, +- const unsigned DES_INT32 *k); +-extern void krb5int_des_do_decrypt_2(unsigned DES_INT32 *l, +- unsigned DES_INT32 *r, +- const unsigned DES_INT32 *k); +-#define DES_DO_ENCRYPT(L,R,K) krb5int_des_do_encrypt_2(&(L), &(R), (K)) +-#define DES_DO_DECRYPT(L,R,K) krb5int_des_do_decrypt_2(&(L), &(R), (K)) +-#else +-#define DES_DO_ENCRYPT DES_DO_ENCRYPT_1 +-#define DES_DO_DECRYPT DES_DO_DECRYPT_1 +-#endif +- +-/* +- * These are handy dandy utility thingies for straightening out bytes. +- * Included here because they're used a couple of places. +- */ +-#define GET_HALF_BLOCK(lr, ip) ((lr) = load_32_be(ip), (ip) += 4) +-#define PUT_HALF_BLOCK(lr, op) (store_32_be(lr, op), (op) += 4) +- +-/* Shorthand that we'll need in several places, for creating values that +- really can hold 32 bits regardless of the prevailing int size. */ +-#define FF_UINT32 ((unsigned DES_INT32) 0xFF) +- +-#endif /* __DES_TABLES_H__ */ +diff --git a/src/lib/crypto/builtin/des/key_sched.c b/src/lib/crypto/builtin/des/key_sched.c +deleted file mode 100644 +index 87f02b6a9..000000000 +--- a/src/lib/crypto/builtin/des/key_sched.c ++++ /dev/null +@@ -1,62 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/key_sched.c */ +-/* +- * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute +- * of Technology. +- * All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* +- * This routine computes the DES key schedule given a key. The +- * permutations and shifts have been done at compile time, resulting +- * in a direct one-step mapping from the input key to the key +- * schedule. +- * +- * Also checks parity and weak keys. +- * +- * Watch out for the subscripts -- most effectively start at 1 instead +- * of at zero. Maybe some bugs in that area. +- * +- * In case the user wants to cache the computed key schedule, it is +- * passed as an arg. Also implies that caller has explicit control +- * over zeroing both the key schedule and the key. +- * +- * Originally written 6/85 by Steve Miller, MIT Project Athena. +- */ +- +-#include "k5-int.h" +-#include "des_int.h" +- +-int +-mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule) +-{ +- mit_des_make_key_sched(k,schedule); +- +- if (!mit_des_check_key_parity(k)) /* bad parity --> return -1 */ +- return(-1); +- +- if (mit_des_is_weak_key(k)) +- return(-2); +- +- /* if key was good, return 0 */ +- return 0; +-} +diff --git a/src/lib/crypto/builtin/des/keytest.data b/src/lib/crypto/builtin/des/keytest.data +deleted file mode 100644 +index 7ff34eedc..000000000 +--- a/src/lib/crypto/builtin/des/keytest.data ++++ /dev/null +@@ -1,171 +0,0 @@ +-0101010101010101 95F8A5E5DD31D900 8000000000000000 +-0101010101010101 DD7F121CA5015619 4000000000000000 +-0101010101010101 2E8653104F3834EA 2000000000000000 +-0101010101010101 4BD388FF6CD81D4F 1000000000000000 +-0101010101010101 20B9E767B2FB1456 0800000000000000 +-0101010101010101 55579380D77138EF 0400000000000000 +-0101010101010101 6CC5DEFAAF04512F 0200000000000000 +-0101010101010101 0D9F279BA5D87260 0100000000000000 +-0101010101010101 D9031B0271BD5A0A 0080000000000000 +-0101010101010101 424250B37C3DD951 0040000000000000 +-0101010101010101 B8061B7ECD9A21E5 0020000000000000 +-0101010101010101 F15D0F286B65BD28 0010000000000000 +-0101010101010101 ADD0CC8D6E5DEBA1 0008000000000000 +-0101010101010101 E6D5F82752AD63D1 0004000000000000 +-0101010101010101 ECBFE3BD3F591A5E 0002000000000000 +-0101010101010101 F356834379D165CD 0001000000000000 +-0101010101010101 2B9F982F20037FA9 0000800000000000 +-0101010101010101 889DE068A16F0BE6 0000400000000000 +-0101010101010101 E19E275D846A1298 0000200000000000 +-0101010101010101 329A8ED523D71AEC 0000100000000000 +-0101010101010101 E7FCE22557D23C97 0000080000000000 +-0101010101010101 12A9F5817FF2D65D 0000040000000000 +-0101010101010101 A484C3AD38DC9C19 0000020000000000 +-0101010101010101 FBE00A8A1EF8AD72 0000010000000000 +-0101010101010101 750D079407521363 0000008000000000 +-0101010101010101 64FEED9C724C2FAF 0000004000000000 +-0101010101010101 F02B263B328E2B60 0000002000000000 +-0101010101010101 9D64555A9A10B852 0000001000000000 +-0101010101010101 D106FF0BED5255D7 0000000800000000 +-0101010101010101 E1652C6B138C64A5 0000000400000000 +-0101010101010101 E428581186EC8F46 0000000200000000 +-0101010101010101 AEB5F5EDE22D1A36 0000000100000000 +-0101010101010101 E943D7568AEC0C5C 0000000080000000 +-0101010101010101 DF98C8276F54B04B 0000000040000000 +-0101010101010101 B160E4680F6C696F 0000000020000000 +-0101010101010101 FA0752B07D9C4AB8 0000000010000000 +-0101010101010101 CA3A2B036DBC8502 0000000008000000 +-0101010101010101 5E0905517BB59BCF 0000000004000000 +-0101010101010101 814EEB3B91D90726 0000000002000000 +-0101010101010101 4D49DB1532919C9F 0000000001000000 +-0101010101010101 25EB5FC3F8CF0621 0000000000800000 +-0101010101010101 AB6A20C0620D1C6F 0000000000400000 +-0101010101010101 79E90DBC98F92CCA 0000000000200000 +-0101010101010101 866ECEDD8072BB0E 0000000000100000 +-0101010101010101 8B54536F2F3E64A8 0000000000080000 +-0101010101010101 EA51D3975595B86B 0000000000040000 +-0101010101010101 CAFFC6AC4542DE31 0000000000020000 +-0101010101010101 8DD45A2DDF90796C 0000000000010000 +-0101010101010101 1029D55E880EC2D0 0000000000008000 +-0101010101010101 5D86CB23639DBEA9 0000000000004000 +-0101010101010101 1D1CA853AE7C0C5F 0000000000002000 +-0101010101010101 CE332329248F3228 0000000000001000 +-0101010101010101 8405D1ABE24FB942 0000000000000800 +-0101010101010101 E643D78090CA4207 0000000000000400 +-0101010101010101 48221B9937748A23 0000000000000200 +-0101010101010101 DD7C0BBD61FAFD54 0000000000000100 +-0101010101010101 2FBC291A570DB5C4 0000000000000080 +-0101010101010101 E07C30D7E4E26E12 0000000000000040 +-0101010101010101 0953E2258E8E90A1 0000000000000020 +-0101010101010101 5B711BC4CEEBF2EE 0000000000000010 +-0101010101010101 CC083F1E6D9E85F6 0000000000000008 +-0101010101010101 D2FD8867D50D2DFE 0000000000000004 +-0101010101010101 06E7EA22CE92708F 0000000000000002 +-0101010101010101 166B40B44ABA4BD6 0000000000000001 +-8001010101010101 0000000000000000 95A8D72813DAA94D +-4001010101010101 0000000000000000 0EEC1487DD8C26D5 +-2001010101010101 0000000000000000 7AD16FFB79C45926 +-1001010101010101 0000000000000000 D3746294CA6A6CF3 +-0801010101010101 0000000000000000 809F5F873C1FD761 +-0401010101010101 0000000000000000 C02FAFFEC989D1FC +-0201010101010101 0000000000000000 4615AA1D33E72F10 +-0180010101010101 0000000000000000 2055123350C00858 +-0140010101010101 0000000000000000 DF3B99D6577397C8 +-0120010101010101 0000000000000000 31FE17369B5288C9 +-0110010101010101 0000000000000000 DFDD3CC64DAE1642 +-0108010101010101 0000000000000000 178C83CE2B399D94 +-0104010101010101 0000000000000000 50F636324A9B7F80 +-0102010101010101 0000000000000000 A8468EE3BC18F06D +-0101800101010101 0000000000000000 A2DC9E92FD3CDE92 +-0101400101010101 0000000000000000 CAC09F797D031287 +-0101200101010101 0000000000000000 90BA680B22AEB525 +-0101100101010101 0000000000000000 CE7A24F350E280B6 +-0101080101010101 0000000000000000 882BFF0AA01A0B87 +-0101040101010101 0000000000000000 25610288924511C2 +-0101020101010101 0000000000000000 C71516C29C75D170 +-0101018001010101 0000000000000000 5199C29A52C9F059 +-0101014001010101 0000000000000000 C22F0A294A71F29F +-0101012001010101 0000000000000000 EE371483714C02EA +-0101011001010101 0000000000000000 A81FBD448F9E522F +-0101010801010101 0000000000000000 4F644C92E192DFED +-0101010401010101 0000000000000000 1AFA9A66A6DF92AE +-0101010201010101 0000000000000000 B3C1CC715CB879D8 +-0101010180010101 0000000000000000 19D032E64AB0BD8B +-0101010140010101 0000000000000000 3CFAA7A7DC8720DC +-0101010120010101 0000000000000000 B7265F7F447AC6F3 +-0101010110010101 0000000000000000 9DB73B3C0D163F54 +-0101010108010101 0000000000000000 8181B65BABF4A975 +-0101010104010101 0000000000000000 93C9B64042EAA240 +-0101010102010101 0000000000000000 5570530829705592 +-0101010101800101 0000000000000000 8638809E878787A0 +-0101010101400101 0000000000000000 41B9A79AF79AC208 +-0101010101200101 0000000000000000 7A9BE42F2009A892 +-0101010101100101 0000000000000000 29038D56BA6D2745 +-0101010101080101 0000000000000000 5495C6ABF1E5DF51 +-0101010101040101 0000000000000000 AE13DBD561488933 +-0101010101020101 0000000000000000 024D1FFA8904E389 +-0101010101018001 0000000000000000 D1399712F99BF02E +-0101010101014001 0000000000000000 14C1D7C1CFFEC79E +-0101010101012001 0000000000000000 1DE5279DAE3BED6F +-0101010101011001 0000000000000000 E941A33F85501303 +-0101010101010801 0000000000000000 DA99DBBC9A03F379 +-0101010101010401 0000000000000000 B7FC92F91D8E92E9 +-0101010101010201 0000000000000000 AE8E5CAA3CA04E85 +-0101010101010180 0000000000000000 9CC62DF43B6EED74 +-0101010101010140 0000000000000000 D863DBB5C59A91A0 +-0101010101010120 0000000000000000 A1AB2190545B91D7 +-0101010101010110 0000000000000000 0875041E64C570F7 +-0101010101010108 0000000000000000 5A594528BEBEF1CC +-0101010101010104 0000000000000000 FCDB3291DE21F0C0 +-0101010101010102 0000000000000000 869EFD7F9F265A09 +-1046913489980131 0000000000000000 88D55E54F54C97B4 +-1007103489988020 0000000000000000 0C0CC00C83EA48FD +-10071034C8980120 0000000000000000 83BC8EF3A6570183 +-1046103489988020 0000000000000000 DF725DCAD94EA2E9 +-1086911519190101 0000000000000000 E652B53B550BE8B0 +-1086911519580101 0000000000000000 AF527120C485CBB0 +-5107B01519580101 0000000000000000 0F04CE393DB926D5 +-1007B01519190101 0000000000000000 C9F00FFC74079067 +-3107915498080101 0000000000000000 7CFD82A593252B4E +-3107919498080101 0000000000000000 CB49A2F9E91363E3 +-10079115B9080140 0000000000000000 00B588BE70D23F56 +-3107911598080140 0000000000000000 406A9A6AB43399AE +-1007D01589980101 0000000000000000 6CB773611DCA9ADA +-9107911589980101 0000000000000000 67FD21C17DBB5D70 +-9107D01589190101 0000000000000000 9592CB4110430787 +-1007D01598980120 0000000000000000 A6B7FF68A318DDD3 +-1007940498190101 0000000000000000 4D102196C914CA16 +-0107910491190401 0000000000000000 2DFA9F4573594965 +-0107910491190101 0000000000000000 B46604816C0E0774 +-0107940491190401 0000000000000000 6E7E6221A4F34E87 +-19079210981A0101 0000000000000000 AA85E74643233199 +-1007911998190801 0000000000000000 2E5A19DB4D1962D6 +-10079119981A0801 0000000000000000 23A866A809D30894 +-1007921098190101 0000000000000000 D812D961F017D320 +-100791159819010B 0000000000000000 055605816E58608F +-1004801598190101 0000000000000000 ABD88E8B1B7716F1 +-1004801598190102 0000000000000000 537AC95BE69DA1E1 +-1004801598190108 0000000000000000 AED0F6AE3C25CDD8 +-1002911598100104 0000000000000000 B3E35A5EE53E7B8D +-1002911598190104 0000000000000000 61C79C71921A2EF8 +-1002911598100201 0000000000000000 E2F5728F0995013C +-1002911698100101 0000000000000000 1AEAC39A61F0A464 +-7CA110454A1A6E57 01A1D6D039776742 690F5B0D9A26939B +-0131D9619DC1376E 5CD54CA83DEF57DA 7A389D10354BD271 +-07A1133E4A0B2686 0248D43806F67172 868EBB51CAB4599A +-3849674C2602319E 51454B582DDF440A 7178876E01F19B2A +-04B915BA43FEB5B6 42FD443059577FA2 AF37FB421F8C4095 +-0113B970FD34F2CE 059B5E0851CF143A 86A560F10EC6D85B +-0170F175468FB5E6 0756D8E0774761D2 0CD3DA020021DC09 +-43297FAD38E373FE 762514B829BF486A EA676B2CB7DB2B7A +-07A7137045DA2A16 3BDD119049372802 DFD64A815CAF1A0F +-04689104C2FD3B2F 26955F6835AF609A 5C513C9C4886C088 +-37D06BB516CB7546 164D5E404F275232 0A2AEEAE3FF4AB77 +-1F08260D1AC2465E 6B056E18759F5CCA EF1BF03E5DFA575A +-584023641ABA6176 004BD6EF09176062 88BF0DB6D70DEE56 +-025816164629B007 480D39006EE762F2 A1F9915541020B56 +-49793EBC79B3258F 437540C8698F3CFA 6FBF1CAFCFFD0556 +-4FB05E1515AB73A7 072D43A077075292 2F22E49BAB7CA1AC +-49E95D6D4CA229BF 02FE55778117F12A 5A6B612CC26CCE4A +-018310DC409B26D6 1D9D5C5018F728C2 5F4C038ED12B2E41 +-1C587F1C13924FEF 305532286D6F295A 63FAC0D034D9F793 +diff --git a/src/lib/crypto/builtin/des/t_verify.c b/src/lib/crypto/builtin/des/t_verify.c +deleted file mode 100644 +index f4332f5c0..000000000 +--- a/src/lib/crypto/builtin/des/t_verify.c ++++ /dev/null +@@ -1,395 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/t_verify.c */ +-/* +- * Copyright 1988, 1990 by the Massachusetts Institute of Technology. +- * All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +-/* +- * Copyright (C) 1998 by the FundsXpress, INC. +- * +- * All rights reserved. +- * +- * Export of this software from the United States of America may require +- * a specific license from the United States Government. It is the +- * responsibility of any person or organization contemplating export to +- * obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of FundsXpress. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. FundsXpress makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +- */ +- +-/* +- * +- * Program to test the correctness of the DES library +- * implementation. +- * +- * exit returns 0 ==> success +- * -1 ==> error +- */ +- +-#include "k5-int.h" +-#include "des_int.h" +-#include +-#include "com_err.h" +- +-static void do_encrypt(unsigned char *, unsigned char *); +-static void do_decrypt(unsigned char *, unsigned char *); +- +-char *progname; +-int nflag = 2; +-int vflag; +-int mflag; +-int zflag; +-int pid; +-int mit_des_debug; +- +-unsigned char cipher_text[64]; +-unsigned char clear_text[64] = "Now is the time for all " ; +-unsigned char clear_text2[64] = "7654321 Now is the time for "; +-unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0}; +-unsigned char output[64]; +-unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0}; +-unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */ +-unsigned char *input; +- +-/* 0x0123456789abcdef */ +-unsigned char default_key[8] = { +- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef +-}; +-unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f }; +-unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 }; +-mit_des_cblock s_key; +-unsigned char default_ivec[8] = { +- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef +-}; +-unsigned char *ivec; +-unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */ +- +-unsigned char cipher1[8] = { +- 0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67 +-}; +-unsigned char cipher2[8] = { +- 0x3f,0xa4,0x0e,0x8a,0x98,0x4d,0x48,0x15 +-}; +-unsigned char cipher3[64] = { +- 0xe5,0xc7,0xcd,0xde,0x87,0x2b,0xf2,0x7c, +- 0x43,0xe9,0x34,0x00,0x8c,0x38,0x9c,0x0f, +- 0x68,0x37,0x88,0x49,0x9a,0x7c,0x05,0xf6 +-}; +-unsigned char checksum[8] = { +- 0x58,0xd2,0xe7,0x7e,0x86,0x06,0x27,0x33 +-}; +- +-unsigned char zresult[8] = { +- 0x8c, 0xa6, 0x4d, 0xe9, 0xc1, 0xb1, 0x23, 0xa7 +-}; +- +-unsigned char mresult[8] = { +- 0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96 +-}; +- +- +-/* +- * Can also add : +- * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) +- */ +- +-mit_des_key_schedule sched; +- +-int +-main(argc,argv) +- int argc; +- char *argv[]; +-{ +- /* Local Declarations */ +- size_t in_length; +- int retval; +- int i, j; +- +-#ifdef WINDOWS +- /* Set screen window buffer to infinite size -- MS default is tiny. */ +- _wsetscreenbuf (fileno (stdout), _WINBUFINF); +-#endif +- progname=argv[0]; /* salt away invoking program */ +- +- while (--argc > 0 && (*++argv)[0] == '-') +- for (i=1; argv[0][i] != '\0'; i++) { +- switch (argv[0][i]) { +- +- /* debug flag */ +- case 'd': +- mit_des_debug=3; +- continue; +- +- case 'z': +- zflag = 1; +- continue; +- +- case 'm': +- mflag = 1; +- continue; +- +- default: +- printf("%s: illegal flag \"%c\" ", +- progname,argv[0][i]); +- exit(1); +- } +- }; +- +- if (argc) { +- fprintf(stderr, "Usage: %s [-dmz]\n", progname); +- exit(1); +- } +- +- /* do some initialisation */ +- +- /* use known input and key */ +- +- /* ECB zero text zero key */ +- if (zflag) { +- input = zero_text; +- mit_des_key_sched(zero_key, sched); +- printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n"); +- do_encrypt(input,cipher_text); +- printf("\tcipher = (low to high bytes)\n\t\t"); +- for (j = 0; j<=7; j++) +- printf("%02x ",cipher_text[j]); +- printf("\n"); +- do_decrypt(output,cipher_text); +- if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) { +- printf("verify: error in zero key test\n"); +- exit(-1); +- } +- +- exit(0); +- } +- +- if (mflag) { +- input = msb_text; +- mit_des_key_sched(key3, sched); +- printf("plaintext = 0x00 00 00 00 00 00 00 40, "); +- printf("key = 0x80 01 01 01 01 01 01 01\n"); +- printf(" cipher = 0xa380e02a6be54696\n"); +- do_encrypt(input,cipher_text); +- printf("\tcipher = (low to high bytes)\n\t\t"); +- for (j = 0; j<=7; j++) { +- printf("%02x ",cipher_text[j]); +- } +- printf("\n"); +- do_decrypt(output,cipher_text); +- if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) { +- printf("verify: error in msb test\n"); +- exit(-1); +- } +- exit(0); +- } +- +- /* ECB mode Davies and Price */ +- { +- input = zero_text; +- mit_des_key_sched(key2, sched); +- printf("Examples per FIPS publication 81, keys ivs and cipher\n"); +- printf("in hex. These are the correct answers, see below for\n"); +- printf("the actual answers.\n\n"); +- printf("Examples per Davies and Price.\n\n"); +- printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n"); +- printf("\tclear = 0\n"); +- printf("\tcipher = 25 dd ac 3e 96 17 64 67\n"); +- printf("ACTUAL ECB\n"); +- printf("\tclear \"%s\"\n", input); +- do_encrypt(input,cipher_text); +- printf("\tcipher = (low to high bytes)\n\t\t"); +- for (j = 0; j<=7; j++) +- printf("%02x ",cipher_text[j]); +- printf("\n\n"); +- do_decrypt(output,cipher_text); +- if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) { +- printf("verify: error in ECB encryption\n"); +- exit(-1); +- } +- else +- printf("verify: ECB encryption is correct\n\n"); +- } +- +- /* ECB mode */ +- { +- mit_des_key_sched(default_key, sched); +- input = clear_text; +- ivec = default_ivec; +- printf("EXAMPLE ECB\tkey = 0123456789abcdef\n"); +- printf("\tclear = \"Now is the time for all \"\n"); +- printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n"); +- printf("ACTUAL ECB\n\tclear \"%s\"",input); +- do_encrypt(input,cipher_text); +- printf("\n\tcipher = (low to high bytes)\n\t\t"); +- for (j = 0; j<=7; j++) { +- printf("%02x ",cipher_text[j]); +- } +- printf("\n\n"); +- do_decrypt(output,cipher_text); +- if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) { +- printf("verify: error in ECB encryption\n"); +- exit(-1); +- } +- else +- printf("verify: ECB encryption is correct\n\n"); +- } +- +- /* CBC mode */ +- printf("EXAMPLE CBC\tkey = 0123456789abcdef"); +- printf("\tiv = 1234567890abcdef\n"); +- printf("\tclear = \"Now is the time for all \"\n"); +- printf("\tcipher =\te5 c7 cd de 87 2b f2 7c\n"); +- printf("\t\t\t43 e9 34 00 8c 38 9c 0f\n"); +- printf("\t\t\t68 37 88 49 9a 7c 05 f6\n"); +- +- printf("ACTUAL CBC\n\tclear \"%s\"\n",input); +- in_length = strlen((char *)input); +- if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) input, +- (mit_des_cblock *) cipher_text, +- (size_t) in_length, +- sched, +- ivec, +- MIT_DES_ENCRYPT))) { +- com_err("des verify", retval, "can't encrypt"); +- exit(-1); +- } +- printf("\tciphertext = (low to high bytes)\n"); +- for (i = 0; i <= 2; i++) { +- printf("\t\t"); +- for (j = 0; j <= 7; j++) { +- printf("%02x ",cipher_text[i*8+j]); +- } +- printf("\n"); +- } +- if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) cipher_text, +- (mit_des_cblock *) clear_text, +- (size_t) in_length, +- sched, +- ivec, +- MIT_DES_DECRYPT))) { +- com_err("des verify", retval, "can't decrypt"); +- exit(-1); +- } +- printf("\tdecrypted clear_text = \"%s\"\n",clear_text); +- +- if ( memcmp((char *)cipher_text, (char *)cipher3, in_length) ) { +- printf("verify: error in CBC encryption\n"); +- exit(-1); +- } +- else +- printf("verify: CBC encryption is correct\n\n"); +- +- printf("EXAMPLE CBC checksum"); +- printf("\tkey = 0123456789abcdef\tiv = 1234567890abcdef\n"); +- printf("\tclear =\t\t\"7654321 Now is the time for \"\n"); +- printf("\tchecksum\t58 d2 e7 7e 86 06 27 33, "); +- printf("or some part thereof\n"); +- input = clear_text2; +- mit_des_cbc_cksum(input,cipher_text, strlen((char *)input), +- sched,ivec); +- printf("ACTUAL CBC checksum\n"); +- printf("\t\tencrypted cksum = (low to high bytes)\n\t\t"); +- for (j = 0; j<=7; j++) +- printf("%02x ",cipher_text[j]); +- printf("\n\n"); +- if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) { +- printf("verify: error in CBC cheksum\n"); +- exit(-1); +- } +- else +- printf("verify: CBC checksum is correct\n\n"); +- +- exit(0); +-} +- +-static void +-do_encrypt(in,out) +- unsigned char *in; +- unsigned char *out; +-{ +- int i, j; +- for (i =1; i<=nflag; i++) { +- mit_des_cbc_encrypt((const mit_des_cblock *)in, +- (mit_des_cblock *)out, +- 8, +- sched, +- zero_text, +- MIT_DES_ENCRYPT); +- if (mit_des_debug) { +- printf("\nclear %s\n",in); +- for (j = 0; j<=7; j++) +- printf("%02X ",in[j] & 0xff); +- printf("\tcipher "); +- for (j = 0; j<=7; j++) +- printf("%02X ",out[j] & 0xff); +- } +- } +-} +- +-static void +-do_decrypt(in,out) +- unsigned char *out; +- unsigned char *in; +- /* try to invert it */ +-{ +- int i, j; +- for (i =1; i<=nflag; i++) { +- mit_des_cbc_encrypt((const mit_des_cblock *)out, +- (mit_des_cblock *)in, +- 8, +- sched, +- zero_text, +- MIT_DES_DECRYPT); +- if (mit_des_debug) { +- printf("clear %s\n",in); +- for (j = 0; j<=7; j++) +- printf("%02X ",in[j] & 0xff); +- printf("\tcipher "); +- for (j = 0; j<=7; j++) +- printf("%02X ",out[j] & 0xff); +- } +- } +-} +- +-/* +- * Fake out the DES library, for the purposes of testing. +- */ +- +-int +-mit_des_is_weak_key(key) +- mit_des_cblock key; +-{ +- return 0; /* fake it out for testing */ +-} +diff --git a/src/lib/crypto/builtin/des/weak_key.c b/src/lib/crypto/builtin/des/weak_key.c +deleted file mode 100644 +index eb41b267d..000000000 +--- a/src/lib/crypto/builtin/des/weak_key.c ++++ /dev/null +@@ -1,86 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/weak_key.c */ +-/* +- * Copyright 1989,1990 by the Massachusetts Institute of Technology. +- * All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* +- * Under U.S. law, this software may not be exported outside the US +- * without license from the U.S. Commerce department. +- * +- * These routines form the library interface to the DES facilities. +- * +- * Originally written 8/85 by Steve Miller, MIT Project Athena. +- */ +- +-#include "k5-int.h" +-#include "des_int.h" +- +-/* +- * The following are the weak DES keys: +- */ +-static const mit_des_cblock weak[16] = { +- /* weak keys */ +- {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, +- {0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe}, +- {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e}, +- {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1}, +- +- /* semi-weak */ +- {0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe}, +- {0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01}, +- +- {0x1f,0xe0,0x1f,0xe0,0x0e,0xf1,0x0e,0xf1}, +- {0xe0,0x1f,0xe0,0x1f,0xf1,0x0e,0xf1,0x0e}, +- +- {0x01,0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1}, +- {0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1,0x01}, +- +- {0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e,0xfe}, +- {0xfe,0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e}, +- +- {0x01,0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e}, +- {0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e,0x01}, +- +- {0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1,0xfe}, +- {0xfe,0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1} +-}; +- +-/* +- * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key. +- * +- * Requires: key has correct odd parity. +- */ +-int +-mit_des_is_weak_key(mit_des_cblock key) +-{ +- unsigned int i; +- const mit_des_cblock *weak_p = weak; +- +- for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) { +- if (!memcmp(weak_p++,key,sizeof(mit_des_cblock))) +- return 1; +- } +- +- return 0; +-} +diff --git a/src/lib/crypto/builtin/enc_provider/Makefile.in b/src/lib/crypto/builtin/enc_provider/Makefile.in +index 3459e1d0e..af6276b96 100644 +--- a/src/lib/crypto/builtin/enc_provider/Makefile.in ++++ b/src/lib/crypto/builtin/enc_provider/Makefile.in +@@ -1,7 +1,6 @@ + mydir=lib$(S)crypto$(S)builtin$(S)enc_provider + BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +-LOCALINCLUDES = -I$(srcdir)/../des \ +- -I$(srcdir)/../aes \ ++LOCALINCLUDES = -I$(srcdir)/../aes \ + -I$(srcdir)/../camellia \ + -I$(srcdir)/../../krb \ + -I$(srcdir)/.. +@@ -11,19 +10,16 @@ LOCALINCLUDES = -I$(srcdir)/../des \ + ##DOS##OBJFILE = ..\..\$(OUTPRE)enc_provider.lst + + STLIBOBJS= \ +- des3.o \ + rc4.o \ + aes.o \ + camellia.o + + OBJS= \ +- $(OUTPRE)des3.$(OBJEXT) \ + $(OUTPRE)aes.$(OBJEXT) \ + $(OUTPRE)camellia.$(OBJEXT) \ + $(OUTPRE)rc4.$(OBJEXT) + + SRCS= \ +- $(srcdir)/des3.c \ + $(srcdir)/aes.c \ + $(srcdir)/camellia.c \ + $(srcdir)/rc4.c +diff --git a/src/lib/crypto/builtin/enc_provider/deps b/src/lib/crypto/builtin/enc_provider/deps +index 7a3324c44..c1201cc1a 100644 +--- a/src/lib/crypto/builtin/enc_provider/deps ++++ b/src/lib/crypto/builtin/enc_provider/deps +@@ -1,18 +1,6 @@ + # + # Generated makefile dependencies follow. + # +-des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +- $(srcdir)/../aes/aes.h $(srcdir)/../crypto_mod.h $(srcdir)/../des/des_int.h \ +- $(srcdir)/../sha2/sha2.h $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des3.c + aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +diff --git a/src/lib/crypto/builtin/enc_provider/des3.c b/src/lib/crypto/builtin/enc_provider/des3.c +deleted file mode 100644 +index 9b8244223..000000000 +--- a/src/lib/crypto/builtin/enc_provider/des3.c ++++ /dev/null +@@ -1,105 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * Copyright (C) 1998 by the FundsXpress, INC. +- * +- * All rights reserved. +- * +- * Export of this software from the United States of America may require +- * a specific license from the United States Government. It is the +- * responsibility of any person or organization contemplating export to +- * obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of FundsXpress. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. FundsXpress makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +- */ +- +-#include "crypto_int.h" +-#include "des_int.h" +- +-static krb5_error_code +-validate_and_schedule(krb5_key key, const krb5_data *ivec, +- const krb5_crypto_iov *data, size_t num_data, +- mit_des3_key_schedule *schedule) +-{ +- if (key->keyblock.length != 24) +- return(KRB5_BAD_KEYSIZE); +- if (iov_total_length(data, num_data, FALSE) % 8 != 0) +- return(KRB5_BAD_MSIZE); +- if (ivec && (ivec->length != 8)) +- return(KRB5_BAD_MSIZE); +- +- switch (mit_des3_key_sched(*(mit_des3_cblock *)key->keyblock.contents, +- *schedule)) { +- case -1: +- return(KRB5DES_BAD_KEYPAR); +- case -2: +- return(KRB5DES_WEAK_KEY); +- } +- return 0; +-} +- +-static krb5_error_code +-k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, +- size_t num_data) +-{ +- mit_des3_key_schedule schedule; +- krb5_error_code err; +- +- err = validate_and_schedule(key, ivec, data, num_data, &schedule); +- if (err) +- return err; +- +- /* this has a return value, but the code always returns zero */ +- krb5int_des3_cbc_encrypt(data, num_data, +- schedule[0], schedule[1], schedule[2], +- ivec != NULL ? (unsigned char *) ivec->data : +- NULL); +- +- zap(schedule, sizeof(schedule)); +- +- return(0); +-} +- +-static krb5_error_code +-k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, +- size_t num_data) +-{ +- mit_des3_key_schedule schedule; +- krb5_error_code err; +- +- err = validate_and_schedule(key, ivec, data, num_data, &schedule); +- if (err) +- return err; +- +- /* this has a return value, but the code always returns zero */ +- krb5int_des3_cbc_decrypt(data, num_data, +- schedule[0], schedule[1], schedule[2], +- ivec != NULL ? (unsigned char *) ivec->data : +- NULL); +- +- zap(schedule, sizeof(schedule)); +- +- return 0; +-} +- +-const struct krb5_enc_provider krb5int_enc_des3 = { +- 8, +- 21, 24, +- k5_des3_encrypt, +- k5_des3_decrypt, +- NULL, +- krb5int_des_init_state, +- krb5int_default_free_state +-}; +diff --git a/src/lib/crypto/crypto_tests/t_cf2.expected b/src/lib/crypto/crypto_tests/t_cf2.expected +index f8251a16c..bc6aa50c8 100644 +--- a/src/lib/crypto/crypto_tests/t_cf2.expected ++++ b/src/lib/crypto/crypto_tests/t_cf2.expected +@@ -1,6 +1,5 @@ + 97df97e4b798b29eb31ed7280287a92a + 4d6ca4e629785c1f01baf55e2e548566b9617ae3a96868c337cb93b5e72b1c7b +-e58f9eb643862c13ad38e529313462a7f73e62834fe54a01 + 24d7f6b6bae4e5c00d2082c5ebab3672 + edd02a39d2dbde31611c16e610be062c + 67f6ea530aea85a37dcbb23349ea52dcc61ca8493ff557252327fd8304341584 +diff --git a/src/lib/crypto/crypto_tests/t_cf2.in b/src/lib/crypto/crypto_tests/t_cf2.in +index 73e2f8fbc..c4d23b506 100644 +--- a/src/lib/crypto/crypto_tests/t_cf2.in ++++ b/src/lib/crypto/crypto_tests/t_cf2.in +@@ -8,11 +8,6 @@ key1 + key2 + a + b +-16 +-key1 +-key2 +-a +-b + 23 + key1 + key2 +diff --git a/src/lib/crypto/crypto_tests/t_cksums.c b/src/lib/crypto/crypto_tests/t_cksums.c +index 4da14ea43..84408fb68 100644 +--- a/src/lib/crypto/crypto_tests/t_cksums.c ++++ b/src/lib/crypto/crypto_tests/t_cksums.c +@@ -59,16 +59,6 @@ struct test { + "\xDA\x39\xA3\xEE\x5E\x6B\x4B\x0D\x32\x55\xBF\xEF\x95\x60\x18\x90" + "\xAF\xD8\x07\x09" } + }, +- { +- { KV5M_DATA, 9, "six seven" }, +- CKSUMTYPE_HMAC_SHA1_DES3, ENCTYPE_DES3_CBC_SHA1, 2, +- { KV5M_DATA, 24, +- "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23" +- "\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" }, +- { KV5M_DATA, 20, +- "\x0E\xEF\xC9\xC3\xE0\x49\xAA\xBC\x1B\xA5\xC4\x01\x67\x7D\x9A\xB6" +- "\x99\x08\x2B\xB4" } +- }, + { + { KV5M_DATA, 37, "eight nine ten eleven twelve thirteen" }, + CKSUMTYPE_HMAC_SHA1_96_AES128, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 3, +diff --git a/src/lib/crypto/crypto_tests/t_decrypt.c b/src/lib/crypto/crypto_tests/t_decrypt.c +index a40a85500..716f2c337 100644 +--- a/src/lib/crypto/crypto_tests/t_decrypt.c ++++ b/src/lib/crypto/crypto_tests/t_decrypt.c +@@ -39,62 +39,6 @@ struct test { + krb5_data keybits; + krb5_data ciphertext; + } test_cases[] = { +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 0, "", }, 0, +- { KV5M_DATA, 24, +- "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23" +- "\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" }, +- { KV5M_DATA, 28, +- "\x54\x8A\xF4\xD5\x04\xF7\xD7\x23\x30\x3F\x12\x17\x5F\xE8\x38\x6B" +- "\x7B\x53\x35\xA9\x67\xBA\xD6\x1F\x3B\xF0\xB1\x43" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 1, "1", }, 1, +- { KV5M_DATA, 24, +- "\xBC\x07\x83\x89\x15\x13\xD5\xCE\x57\xBC\x13\x8F\xD3\xC1\x1A\xE6" +- "\x40\x45\x23\x85\x32\x29\x62\xB6" }, +- { KV5M_DATA, 36, +- "\x9C\x3C\x1D\xBA\x47\x47\xD8\x5A\xF2\x91\x6E\x47\x45\xF2\xDC\xE3" +- "\x80\x46\x79\x6E\x51\x04\xBC\xCD\xFB\x66\x9A\x91\xD4\x4B\xC3\x56" +- "\x66\x09\x45\xC7" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 9, "9 bytesss", }, 2, +- { KV5M_DATA, 24, +- "\x2F\xD0\xF7\x25\xCE\x04\x10\x0D\x2F\xC8\xA1\x80\x98\x83\x1F\x85" +- "\x0B\x45\xD9\xEF\x85\x0B\xD9\x20" }, +- { KV5M_DATA, 44, +- "\xCF\x91\x44\xEB\xC8\x69\x79\x81\x07\x5A\x8B\xAD\x8D\x74\xE5\xD7" +- "\xD5\x91\xEB\x7D\x97\x70\xC7\xAD\xA2\x5E\xE8\xC5\xB3\xD6\x94\x44" +- "\xDF\xEC\x79\xA5\xB7\xA0\x14\x82\xD9\xAF\x74\xE6" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 13, "13 bytes byte", }, 3, +- { KV5M_DATA, 24, +- "\x0D\xD5\x20\x94\xE0\xF4\x1C\xEC\xCB\x5B\xE5\x10\xA7\x64\xB3\x51" +- "\x76\xE3\x98\x13\x32\xF1\xE5\x98" }, +- { KV5M_DATA, 44, +- "\x83\x9A\x17\x08\x1E\xCB\xAF\xBC\xDC\x91\xB8\x8C\x69\x55\xDD\x3C" +- "\x45\x14\x02\x3C\xF1\x77\xB7\x7B\xF0\xD0\x17\x7A\x16\xF7\x05\xE8" +- "\x49\xCB\x77\x81\xD7\x6A\x31\x6B\x19\x3F\x8D\x30" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, +- { KV5M_DATA, 24, +- "\xF1\x16\x86\xCB\xBC\x9E\x23\xEA\x54\xFE\xCD\x2A\x3D\xCD\xFB\x20" +- "\xB6\xFE\x98\xBF\x26\x45\xC4\xC4" }, +- { KV5M_DATA, 60, +- "\x89\x43\x3E\x83\xFD\x0E\xA3\x66\x6C\xFF\xCD\x18\xD8\xDE\xEB\xC5" +- "\x3B\x9A\x34\xED\xBE\xB1\x59\xD9\xF6\x67\xC6\xC2\xB9\xA9\x64\x40" +- "\x1D\x55\xE7\xE9\xC6\x8D\x64\x8D\x65\xC3\xAA\x84\xFF\xA3\x79\x0C" +- "\x14\xA8\x64\xDA\x80\x73\xA9\xA9\x5C\x4B\xA2\xBC" } +- }, +- + { + ENCTYPE_ARCFOUR_HMAC, + { KV5M_DATA, 0, "", }, 0, +@@ -524,7 +468,6 @@ printhex(const char *head, void *data, size_t len) + + static krb5_enctype + enctypes[] = { +- ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_ARCFOUR_HMAC_EXP, + ENCTYPE_AES128_CTS_HMAC_SHA1_96, +diff --git a/src/lib/crypto/crypto_tests/t_derive.c b/src/lib/crypto/crypto_tests/t_derive.c +index afbf7477f..93ce30da2 100644 +--- a/src/lib/crypto/crypto_tests/t_derive.c ++++ b/src/lib/crypto/crypto_tests/t_derive.c +@@ -38,41 +38,6 @@ struct test { + enum deriv_alg alg; + krb5_data expected_key; + } test_cases[] = { +- /* Kc, Ke, Kei for a DES3 key */ +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 24, +- "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" +- "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, +- { KV5M_DATA, 5, "\0\0\0\2\x99" }, +- DERIVE_RFC3961, +- { KV5M_DATA, 24, +- "\xF7\x8C\x49\x6D\x16\xE6\xC2\xDA\xE0\xE0\xB6\xC2\x40\x57\xA8\x4C" +- "\x04\x26\xAE\xEF\x26\xFD\x6D\xCE" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 24, +- "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" +- "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, +- { KV5M_DATA, 5, "\0\0\0\2\xAA" }, +- DERIVE_RFC3961, +- { KV5M_DATA, 24, +- "\x5B\x57\x23\xD0\xB6\x34\xCB\x68\x4C\x3E\xBA\x52\x64\xE9\xA7\x0D" +- "\x52\xE6\x83\x23\x1A\xD3\xC4\xCE" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 24, +- "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" +- "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, +- { KV5M_DATA, 5, "\0\0\0\2\x55" }, +- DERIVE_RFC3961, +- { KV5M_DATA, 24, +- "\xA7\x7C\x94\x98\x0E\x9B\x73\x45\xA8\x15\x25\xC4\x23\xA7\x37\xCE" +- "\x67\xF4\xCD\x91\xB6\xB3\xDA\x45" } +- }, +- + /* Kc, Ke, Ki for an AES-128 key */ + { + ENCTYPE_AES128_CTS_HMAC_SHA1_96, +@@ -286,7 +251,6 @@ static const struct krb5_enc_provider * + get_enc_provider(krb5_enctype enctype) + { + switch (enctype) { +- case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3; + case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128; + case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256; + case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128; +diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c +index bd9b94691..290a72e1e 100644 +--- a/src/lib/crypto/crypto_tests/t_encrypt.c ++++ b/src/lib/crypto/crypto_tests/t_encrypt.c +@@ -37,7 +37,6 @@ + + /* What enctypes should we test?*/ + krb5_enctype interesting_enctypes[] = { +- ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_ARCFOUR_HMAC_EXP, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, +diff --git a/src/lib/crypto/crypto_tests/t_short.c b/src/lib/crypto/crypto_tests/t_short.c +index d4c2b97df..4466b7115 100644 +--- a/src/lib/crypto/crypto_tests/t_short.c ++++ b/src/lib/crypto/crypto_tests/t_short.c +@@ -34,7 +34,6 @@ + #include "k5-int.h" + + krb5_enctype interesting_enctypes[] = { +- ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_ARCFOUR_HMAC_EXP, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, +diff --git a/src/lib/crypto/crypto_tests/t_str2key.c b/src/lib/crypto/crypto_tests/t_str2key.c +index cdb1acc6d..ef4c4a7d3 100644 +--- a/src/lib/crypto/crypto_tests/t_str2key.c ++++ b/src/lib/crypto/crypto_tests/t_str2key.c +@@ -35,58 +35,6 @@ struct test { + krb5_error_code expected_err; + krb5_boolean allow_weak; + } test_cases[] = { +- /* Test vectors from RFC 3961 appendix A.4. */ +- { +- ENCTYPE_DES3_CBC_SHA1, +- "password", +- { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, +- { KV5M_DATA, 0, NULL }, +- { KV5M_DATA, 24, "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C" +- "\x31\x3E\x3B\xFE\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, +- 0, +- FALSE +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- "potatoe", +- { KV5M_DATA, 19, "WHITEHOUSE.GOVdanny" }, +- { KV5M_DATA, 0, NULL }, +- { KV5M_DATA, 24, "\xDF\xCD\x23\x3D\xD0\xA4\x32\x04\xEA\x6D\xC4\x37" +- "\xFB\x15\xE0\x61\xB0\x29\x79\xC1\xF7\x4F\x37\x7A" }, +- 0, +- FALSE +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- "penny", +- { KV5M_DATA, 19, "EXAMPLE.COMbuckaroo" }, +- { KV5M_DATA, 0, NULL }, +- { KV5M_DATA, 24, "\x6D\x2F\xCD\xF2\xD6\xFB\xBC\x3D\xDC\xAD\xB5\xDA" +- "\x57\x10\xA2\x34\x89\xB0\xD3\xB6\x9D\x5D\x9D\x4A" }, +- 0, +- FALSE +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- "\xC3\x9F", +- { KV5M_DATA, 23, "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87" }, +- { KV5M_DATA, 0, NULL }, +- { KV5M_DATA, 24, "\x16\xD5\xA4\x0E\x1C\xE3\xBA\xCB\x61\xB9\xDC\xE0" +- "\x04\x70\x32\x4C\x83\x19\x73\xA7\xB9\x52\xFE\xB0" }, +- 0, +- FALSE +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- "\xF0\x9D\x84\x9E", +- { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, +- { KV5M_DATA, 0, NULL }, +- { KV5M_DATA, 24, "\x85\x76\x37\x26\x58\x5D\xBC\x1C\xCE\x6E\xC4\x3E" +- "\x1F\x75\x1F\x07\xF1\xC4\xCB\xB0\x98\xF4\x0B\x19" }, +- 0, +- FALSE +- }, +- + /* Test vectors from RFC 3962 appendix B. */ + { + ENCTYPE_AES128_CTS_HMAC_SHA1_96, +diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in +index b74e6f7cc..2b0c4163d 100644 +--- a/src/lib/crypto/krb/Makefile.in ++++ b/src/lib/crypto/krb/Makefile.in +@@ -50,7 +50,6 @@ STLIBOBJS=\ + prf.o \ + prf_aes2.o \ + prf_cmac.o \ +- prf_des.o \ + prf_dk.o \ + prf_rc4.o \ + prng.o \ +@@ -109,7 +108,6 @@ OBJS=\ + $(OUTPRE)prf.$(OBJEXT) \ + $(OUTPRE)prf_aes2.$(OBJEXT) \ + $(OUTPRE)prf_cmac.$(OBJEXT) \ +- $(OUTPRE)prf_des.$(OBJEXT) \ + $(OUTPRE)prf_dk.$(OBJEXT) \ + $(OUTPRE)prf_rc4.$(OBJEXT) \ + $(OUTPRE)prng.$(OBJEXT) \ +@@ -168,7 +166,6 @@ SRCS=\ + $(srcdir)/prf.c \ + $(srcdir)/prf_aes2.c \ + $(srcdir)/prf_cmac.c \ +- $(srcdir)/prf_des.c \ + $(srcdir)/prf_dk.c \ + $(srcdir)/prf_rc4.c \ + $(srcdir)/prng.c \ +diff --git a/src/lib/crypto/krb/cksumtypes.c b/src/lib/crypto/krb/cksumtypes.c +index ecc2e08c9..f5fbe8a2a 100644 +--- a/src/lib/crypto/krb/cksumtypes.c ++++ b/src/lib/crypto/krb/cksumtypes.c +@@ -46,12 +46,6 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = { + krb5int_unkeyed_checksum, NULL, + 20, 20, CKSUM_UNKEYED }, + +- { CKSUMTYPE_HMAC_SHA1_DES3, +- "hmac-sha1-des3", { "hmac-sha1-des3-kd" }, "HMAC-SHA1 DES3 key", +- &krb5int_enc_des3, &krb5int_hash_sha1, +- krb5int_dk_checksum, NULL, +- 20, 20, 0 }, +- + { CKSUMTYPE_HMAC_MD5_ARCFOUR, + "hmac-md5-rc4", { "hmac-md5-enc", "hmac-md5-earcfour" }, + "Microsoft HMAC MD5", +diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h +index ba693f8a4..5cc1f8e43 100644 +--- a/src/lib/crypto/krb/crypto_int.h ++++ b/src/lib/crypto/krb/crypto_int.h +@@ -276,10 +276,6 @@ krb5_error_code krb5int_aes2_string_to_key(const struct krb5_keytypes *enc, + /* Random to key */ + krb5_error_code k5_rand2key_direct(const krb5_data *randombits, + krb5_keyblock *keyblock); +-krb5_error_code k5_rand2key_des(const krb5_data *randombits, +- krb5_keyblock *keyblock); +-krb5_error_code k5_rand2key_des3(const krb5_data *randombits, +- krb5_keyblock *keyblock); + + /* Pseudo-random function */ + krb5_error_code krb5int_des_prf(const struct krb5_keytypes *ktp, +@@ -368,11 +364,6 @@ krb5_keyusage krb5int_arcfour_translate_usage(krb5_keyusage usage); + /* Ensure library initialization has occurred. */ + int krb5int_crypto_init(void); + +-/* DES default state initialization handler (used by module enc providers). */ +-krb5_error_code krb5int_des_init_state(const krb5_keyblock *key, +- krb5_keyusage keyusage, +- krb5_data *state_out); +- + /* Default state cleanup handler (used by module enc providers). */ + void krb5int_default_free_state(krb5_data *state); + +@@ -425,7 +416,6 @@ void k5_iov_cursor_put(struct iov_cursor *cursor, unsigned char *block); + /* Modules must implement the k5_sha256() function prototyped in k5-int.h. */ + + /* Modules must implement the following enc_providers and hash_providers: */ +-extern const struct krb5_enc_provider krb5int_enc_des3; + extern const struct krb5_enc_provider krb5int_enc_arcfour; + extern const struct krb5_enc_provider krb5int_enc_aes128; + extern const struct krb5_enc_provider krb5int_enc_aes256; +@@ -442,12 +432,6 @@ extern const struct krb5_hash_provider krb5int_hash_sha384; + + /* Modules must implement the following functions. */ + +-/* Set the parity bits to the correct values in keybits. */ +-void k5_des_fixup_key_parity(unsigned char *keybits); +- +-/* Return true if keybits is a weak or semi-weak DES key. */ +-krb5_boolean k5_des_is_weak_key(unsigned char *keybits); +- + /* Compute an HMAC using the provided hash function, key, and data, storing the + * result into output (caller-allocated). */ + krb5_error_code krb5int_hmac(const struct krb5_hash_provider *hash, +diff --git a/src/lib/crypto/krb/default_state.c b/src/lib/crypto/krb/default_state.c +index 0757c8b02..f89dc7902 100644 +--- a/src/lib/crypto/krb/default_state.c ++++ b/src/lib/crypto/krb/default_state.c +@@ -32,16 +32,6 @@ + + #include "crypto_int.h" + +-krb5_error_code +-krb5int_des_init_state(const krb5_keyblock *key, krb5_keyusage usage, +- krb5_data *state_out) +-{ +- if (alloc_data(state_out, 8)) +- return ENOMEM; +- +- return 0; +-} +- + void + krb5int_default_free_state(krb5_data *state) + { +diff --git a/src/lib/crypto/krb/enctype_util.c b/src/lib/crypto/krb/enctype_util.c +index 1542d4062..a0037912a 100644 +--- a/src/lib/crypto/krb/enctype_util.c ++++ b/src/lib/crypto/krb/enctype_util.c +@@ -45,6 +45,9 @@ struct { + { ENCTYPE_DES_CBC_MD5, "des-cbc-md5" }, + { ENCTYPE_DES_CBC_RAW, "des-cbc-raw" }, + { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1" }, ++ { ENCTYPE_DES3_CBC_SHA, "des3-cbc-sha1" }, ++ { ENCTYPE_DES3_CBC_RAW, "des3-cbc-raw" }, ++ { ENCTYPE_DES3_CBC_SHA1, "des3-hmac-sha1" }, + { ENCTYPE_NULL, NULL } + }; + +diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c +index fc278783b..7635393a4 100644 +--- a/src/lib/crypto/krb/etypes.c ++++ b/src/lib/crypto/krb/etypes.c +@@ -35,27 +35,6 @@ + + /* Deprecations come from RFC 6649 and RFC 8249. */ + const struct krb5_keytypes krb5int_enctypes_list[] = { +- { ENCTYPE_DES3_CBC_RAW, +- "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw", +- &krb5int_enc_des3, NULL, +- 16, +- krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt, +- krb5int_dk_string_to_key, k5_rand2key_des3, +- NULL, /*PRF*/ +- 0, +- ETYPE_WEAK | ETYPE_DEPRECATED, 112 }, +- +- { ENCTYPE_DES3_CBC_SHA1, +- "des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" }, +- "Triple DES cbc mode with HMAC/sha1", +- &krb5int_enc_des3, &krb5int_hash_sha1, +- 16, +- krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt, +- krb5int_dk_string_to_key, k5_rand2key_des3, +- krb5int_dk_prf, +- CKSUMTYPE_HMAC_SHA1_DES3, +- ETYPE_DEPRECATED, 112 }, +- + /* rc4-hmac uses a 128-bit key, but due to weaknesses in the RC4 cipher, we + * consider its strength degraded and assign it an SSF value of 64. */ + { ENCTYPE_ARCFOUR_HMAC, +diff --git a/src/lib/crypto/krb/prf_des.c b/src/lib/crypto/krb/prf_des.c +deleted file mode 100644 +index 7a2d719c5..000000000 +--- a/src/lib/crypto/krb/prf_des.c ++++ /dev/null +@@ -1,47 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/krb/prf_des.c - RFC 3961 DES-based PRF */ +-/* +- * Copyright (C) 2004, 2009 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-#include "crypto_int.h" +- +-krb5_error_code +-krb5int_des_prf(const struct krb5_keytypes *ktp, krb5_key key, +- const krb5_data *in, krb5_data *out) +-{ +- const struct krb5_hash_provider *hash = &krb5int_hash_md5; +- krb5_crypto_iov iov; +- krb5_error_code ret; +- +- /* Compute a hash of the input, storing into the output buffer. */ +- iov.flags = KRB5_CRYPTO_TYPE_DATA; +- iov.data = *in; +- ret = hash->hash(&iov, 1, out); +- if (ret != 0) +- return ret; +- +- /* Encrypt the hash in place. */ +- iov.data = *out; +- return ktp->enc->encrypt(key, NULL, &iov, 1); +-} +diff --git a/src/lib/crypto/krb/random_to_key.c b/src/lib/crypto/krb/random_to_key.c +index 157462526..863090beb 100644 +--- a/src/lib/crypto/krb/random_to_key.c ++++ b/src/lib/crypto/krb/random_to_key.c +@@ -71,48 +71,3 @@ k5_rand2key_direct(const krb5_data *randombits, krb5_keyblock *keyblock) + memcpy(keyblock->contents, randombits->data, randombits->length); + return 0; + } +- +-static inline void +-eighth_byte(unsigned char *b) +-{ +- b[7] = (((b[0] & 1) << 1) | ((b[1] & 1) << 2) | ((b[2] & 1) << 3) | +- ((b[3] & 1) << 4) | ((b[4] & 1) << 5) | ((b[5] & 1) << 6) | +- ((b[6] & 1) << 7)); +-} +- +-krb5_error_code +-k5_rand2key_des(const krb5_data *randombits, krb5_keyblock *keyblock) +-{ +- if (randombits->length != 7) +- return(KRB5_CRYPTO_INTERNAL); +- +- keyblock->magic = KV5M_KEYBLOCK; +- +- /* Take the seven bytes, move them around into the top 7 bits of the +- * 8 key bytes, then compute the parity bits. */ +- memcpy(keyblock->contents, randombits->data, randombits->length); +- eighth_byte(keyblock->contents); +- k5_des_fixup_key_parity(keyblock->contents); +- +- return 0; +-} +- +-krb5_error_code +-k5_rand2key_des3(const krb5_data *randombits, krb5_keyblock *keyblock) +-{ +- int i; +- +- if (randombits->length != 21) +- return KRB5_CRYPTO_INTERNAL; +- +- keyblock->magic = KV5M_KEYBLOCK; +- +- /* Take the seven bytes, move them around into the top 7 bits of the +- * 8 key bytes, then compute the parity bits. Do this three times. */ +- for (i = 0; i < 3; i++) { +- memcpy(&keyblock->contents[i * 8], &randombits->data[i * 7], 7); +- eighth_byte(&keyblock->contents[i * 8]); +- k5_des_fixup_key_parity(&keyblock->contents[i * 8]); +- } +- return 0; +-} +diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports +index 451d5e035..9db181381 100644 +--- a/src/lib/crypto/libk5crypto.exports ++++ b/src/lib/crypto/libk5crypto.exports +@@ -86,7 +86,6 @@ krb5_k_verify_checksum + krb5_k_verify_checksum_iov + krb5int_aes_encrypt + krb5int_aes_decrypt +-krb5int_enc_des3 + krb5int_arcfour_gsscrypt + krb5int_camellia_cbc_mac + krb5int_cmac_checksum +diff --git a/src/lib/crypto/openssl/Makefile.in b/src/lib/crypto/openssl/Makefile.in +index aa434b168..234fc0e76 100644 +--- a/src/lib/crypto/openssl/Makefile.in ++++ b/src/lib/crypto/openssl/Makefile.in +@@ -1,6 +1,6 @@ + mydir=lib$(S)crypto$(S)openssl + BUILDTOP=$(REL)..$(S)..$(S).. +-SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider ++SUBDIRS=camellia aes md4 md5 sha1 sha2 enc_provider hash_provider + LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir) + + STLIBOBJS=\ +@@ -24,14 +24,14 @@ SRCS=\ + $(srcdir)/sha256.c \ + $(srcdir)/stubs.c + +-STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ ++STOBJLISTS= md4/OBJS.ST \ + md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ + enc_provider/OBJS.ST \ + hash_provider/OBJS.ST \ + aes/OBJS.ST \ + OBJS.ST + +-SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ ++SUBDIROBJLISTS= md4/OBJS.ST \ + md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ + enc_provider/OBJS.ST \ + hash_provider/OBJS.ST \ +@@ -42,7 +42,7 @@ includes: depend + + depend: $(SRCS) + +-clean-unix:: clean-libobjs ++clean-unix:: clean-libobjsn + + @lib_frag@ + @libobj_frag@ +diff --git a/src/lib/crypto/openssl/des/Makefile.in b/src/lib/crypto/openssl/des/Makefile.in +deleted file mode 100644 +index 4392fb8ea..000000000 +--- a/src/lib/crypto/openssl/des/Makefile.in ++++ /dev/null +@@ -1,20 +0,0 @@ +-mydir=lib$(S)crypto$(S)openssl$(S)des +-BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +-LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. +- +-STLIBOBJS= des_keys.o +- +-OBJS= $(OUTPRE)des_keys.$(OBJEXT) +- +-SRCS= $(srcdir)/des_keys.c +- +-all-unix: all-libobjs +- +-includes: depend +- +-depend: $(SRCS) +- +-clean-unix:: clean-libobjs +- +-@libobj_frag@ +- +diff --git a/src/lib/crypto/openssl/des/deps b/src/lib/crypto/openssl/des/deps +deleted file mode 100644 +index 21b904f89..000000000 +--- a/src/lib/crypto/openssl/des/deps ++++ /dev/null +@@ -1,15 +0,0 @@ +-# +-# Generated makefile dependencies follow. +-# +-des_keys.so des_keys.po $(OUTPRE)des_keys.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ +- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_keys.c +diff --git a/src/lib/crypto/openssl/des/des_keys.c b/src/lib/crypto/openssl/des/des_keys.c +deleted file mode 100644 +index 51d9db216..000000000 +--- a/src/lib/crypto/openssl/des/des_keys.c ++++ /dev/null +@@ -1,40 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/openssl/des/des_keys.c - Key functions used by Kerberos code */ +-/* +- * Copyright (C) 2011 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-#include "crypto_int.h" +-#include +- +-void +-k5_des_fixup_key_parity(unsigned char *keybits) +-{ +- DES_set_odd_parity((DES_cblock *)keybits); +-} +- +-krb5_boolean +-k5_des_is_weak_key(unsigned char *keybits) +-{ +- return DES_is_weak_key((DES_cblock *)keybits); +-} +diff --git a/src/lib/crypto/openssl/enc_provider/Makefile.in b/src/lib/crypto/openssl/enc_provider/Makefile.in +index a9069d22d..2b32c3ac4 100644 +--- a/src/lib/crypto/openssl/enc_provider/Makefile.in ++++ b/src/lib/crypto/openssl/enc_provider/Makefile.in +@@ -3,19 +3,16 @@ BUILDTOP=$(REL)..$(S)..$(S)..$(S).. + LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. + + STLIBOBJS= \ +- des3.o \ + rc4.o \ + aes.o \ + camellia.o + + OBJS= \ +- $(OUTPRE)des3.$(OBJEXT) \ + $(OUTPRE)aes.$(OBJEXT) \ + $(OUTPRE)camellia.$(OBJEXT) \ + $(OUTPRE)rc4.$(OBJEXT) + + SRCS= \ +- $(srcdir)/des3.c \ + $(srcdir)/aes.c \ + $(srcdir)/camellia.c \ + $(srcdir)/rc4.c +diff --git a/src/lib/crypto/openssl/enc_provider/deps b/src/lib/crypto/openssl/enc_provider/deps +index 1c28cc842..91ba48234 100644 +--- a/src/lib/crypto/openssl/enc_provider/deps ++++ b/src/lib/crypto/openssl/enc_provider/deps +@@ -1,17 +1,6 @@ + # + # Generated makefile dependencies follow. + # +-des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +- $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des3.c + aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c +deleted file mode 100644 +index 1c439c2cd..000000000 +--- a/src/lib/crypto/openssl/enc_provider/des3.c ++++ /dev/null +@@ -1,184 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/openssl/enc_provider/des3.c */ +-/* +- * Copyright (C) 2009 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +-/* +- * Copyright (C) 1998 by the FundsXpress, INC. +- * +- * All rights reserved. +- * +- * Export of this software from the United States of America may require +- * a specific license from the United States Government. It is the +- * responsibility of any person or organization contemplating export to +- * obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of FundsXpress. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. FundsXpress makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +- */ +- +-#include "crypto_int.h" +-#include +- +- +-#define DES3_BLOCK_SIZE 8 +-#define DES3_KEY_SIZE 24 +-#define DES3_KEY_BYTES 21 +- +-static krb5_error_code +-validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data, +- size_t num_data, krb5_boolean *empty) +-{ +- size_t input_length = iov_total_length(data, num_data, FALSE); +- +- if (key->keyblock.length != DES3_KEY_SIZE) +- return(KRB5_BAD_KEYSIZE); +- if ((input_length%DES3_BLOCK_SIZE) != 0) +- return(KRB5_BAD_MSIZE); +- if (ivec && (ivec->length != 8)) +- return(KRB5_BAD_MSIZE); +- +- *empty = (input_length == 0); +- return 0; +-} +- +-static krb5_error_code +-k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, +- size_t num_data) +-{ +- int ret, olen = DES3_BLOCK_SIZE; +- unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE]; +- struct iov_cursor cursor; +- EVP_CIPHER_CTX *ctx; +- krb5_boolean empty; +- +- ret = validate(key, ivec, data, num_data, &empty); +- if (ret != 0 || empty) +- return ret; +- +- ctx = EVP_CIPHER_CTX_new(); +- if (ctx == NULL) +- return ENOMEM; +- +- ret = EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, +- key->keyblock.contents, +- (ivec) ? (unsigned char*)ivec->data : NULL); +- if (!ret) { +- EVP_CIPHER_CTX_free(ctx); +- return KRB5_CRYPTO_INTERNAL; +- } +- +- EVP_CIPHER_CTX_set_padding(ctx,0); +- +- k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE); +- while (k5_iov_cursor_get(&cursor, iblock)) { +- ret = EVP_EncryptUpdate(ctx, oblock, &olen, iblock, DES3_BLOCK_SIZE); +- if (!ret) +- break; +- k5_iov_cursor_put(&cursor, oblock); +- } +- +- if (ivec != NULL) +- memcpy(ivec->data, oblock, DES3_BLOCK_SIZE); +- +- EVP_CIPHER_CTX_free(ctx); +- +- zap(iblock, sizeof(iblock)); +- zap(oblock, sizeof(oblock)); +- +- if (ret != 1) +- return KRB5_CRYPTO_INTERNAL; +- return 0; +-} +- +-static krb5_error_code +-k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, +- size_t num_data) +-{ +- int ret, olen = DES3_BLOCK_SIZE; +- unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE]; +- struct iov_cursor cursor; +- EVP_CIPHER_CTX *ctx; +- krb5_boolean empty; +- +- ret = validate(key, ivec, data, num_data, &empty); +- if (ret != 0 || empty) +- return ret; +- +- ctx = EVP_CIPHER_CTX_new(); +- if (ctx == NULL) +- return ENOMEM; +- +- ret = EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, +- key->keyblock.contents, +- (ivec) ? (unsigned char*)ivec->data : NULL); +- if (!ret) { +- EVP_CIPHER_CTX_free(ctx); +- return KRB5_CRYPTO_INTERNAL; +- } +- +- EVP_CIPHER_CTX_set_padding(ctx,0); +- +- k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE); +- while (k5_iov_cursor_get(&cursor, iblock)) { +- ret = EVP_DecryptUpdate(ctx, oblock, &olen, +- (unsigned char *)iblock, DES3_BLOCK_SIZE); +- if (!ret) +- break; +- k5_iov_cursor_put(&cursor, oblock); +- } +- +- if (ivec != NULL) +- memcpy(ivec->data, iblock, DES3_BLOCK_SIZE); +- +- EVP_CIPHER_CTX_free(ctx); +- +- zap(iblock, sizeof(iblock)); +- zap(oblock, sizeof(oblock)); +- +- if (ret != 1) +- return KRB5_CRYPTO_INTERNAL; +- return 0; +-} +- +-const struct krb5_enc_provider krb5int_enc_des3 = { +- DES3_BLOCK_SIZE, +- DES3_KEY_BYTES, DES3_KEY_SIZE, +- k5_des3_encrypt, +- k5_des3_decrypt, +- NULL, +- krb5int_des_init_state, +- krb5int_default_free_state +-}; +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index c821cc830..c5bddb1e8 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -1010,7 +1010,6 @@ kg_accept_krb5(minor_status, context_handle, + } + + switch (negotiated_etype) { +- case ENCTYPE_DES3_CBC_SHA1: + case ENCTYPE_ARCFOUR_HMAC: + case ENCTYPE_ARCFOUR_HMAC_EXP: + /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" +diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h +index 2e2c775d6..f5b0fede6 100644 +--- a/src/lib/gssapi/krb5/gssapiP_krb5.h ++++ b/src/lib/gssapi/krb5/gssapiP_krb5.h +@@ -125,14 +125,14 @@ enum sgn_alg { + /* SGN_ALG_DES_MAC = 0x0002, */ + /* SGN_ALG_3 = 0x0003, /\* not published *\/ */ + SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */ +- SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 ++ /* SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 */ + }; + enum seal_alg { + SEAL_ALG_NONE = 0xffff, + /* SEAL_ALG_DES = 0x0000, */ + /* SEAL_ALG_1 = 0x0001, /\* not published *\/ */ + SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */ +- SEAL_ALG_DES3KD = 0x0002 ++ /* SEAL_ALG_DES3KD = 0x0002 */ + }; + + /* for 3DES */ +@@ -153,7 +153,7 @@ enum qop { + GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004, + GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff, + /* GSS_KRB5_CONF_C_QOP_DES = 0x0100, */ +- GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, ++ /* GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, */ + GSS_KRB5_CONF_C_QOP_MASK = 0xff00 + }; + +diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c +index d1cdce486..7f7146a0a 100644 +--- a/src/lib/gssapi/krb5/k5seal.c ++++ b/src/lib/gssapi/krb5/k5seal.c +@@ -136,19 +136,12 @@ make_seal_token_v1 (krb5_context context, + + /* pad the plaintext, encrypt if needed, and stick it in the token */ + +- /* initialize the the checksum */ +- switch (signalg) { +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; +- break; +- case SGN_ALG_HMAC_MD5: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; +- if (toktype != KG_TOK_SEAL_MSG) +- sign_usage = 15; +- break; +- default: +- abort (); +- } ++ if (signalg != SGN_ALG_HMAC_MD5) ++ abort(); ++ ++ md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; ++ if (toktype != KG_TOK_SEAL_MSG) ++ sign_usage = 15; + + code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); + if (code) { +@@ -196,20 +189,8 @@ make_seal_token_v1 (krb5_context context, + gssalloc_free(t); + return(code); + } +- switch(signalg) { +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- /* +- * Using key derivation, the call to krb5_c_make_checksum +- * already dealt with encrypting. +- */ +- if (md5cksum.length != cksum_size) +- abort (); +- memcpy (ptr+14, md5cksum.contents, md5cksum.length); +- break; +- case SGN_ALG_HMAC_MD5: +- memcpy (ptr+14, md5cksum.contents, cksum_size); +- break; +- } ++ ++ memcpy (ptr+14, md5cksum.contents, cksum_size); + + krb5_free_checksum_contents(context, &md5cksum); + +diff --git a/src/lib/gssapi/krb5/k5sealiov.c b/src/lib/gssapi/krb5/k5sealiov.c +index 9bb2ee109..9147bb2c7 100644 +--- a/src/lib/gssapi/krb5/k5sealiov.c ++++ b/src/lib/gssapi/krb5/k5sealiov.c +@@ -144,18 +144,11 @@ make_seal_token_v1_iov(krb5_context context, + /* pad the plaintext, encrypt if needed, and stick it in the token */ + + /* initialize the checksum */ +- switch (ctx->signalg) { +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; +- break; +- case SGN_ALG_HMAC_MD5: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; +- if (toktype != KG_TOK_WRAP_MSG) +- sign_usage = 15; +- break; +- default: +- abort (); +- } ++ if (ctx->signalg != SGN_ALG_HMAC_MD5) ++ abort(); ++ md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; ++ if (toktype != KG_TOK_WRAP_MSG) ++ sign_usage = 15; + + code = krb5_c_checksum_length(context, md5cksum.checksum_type, &k5_trailerlen); + if (code != 0) +@@ -177,15 +170,7 @@ make_seal_token_v1_iov(krb5_context context, + if (code != 0) + goto cleanup; + +- switch (ctx->signalg) { +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- assert(md5cksum.length == ctx->cksum_size); +- memcpy(ptr + 14, md5cksum.contents, md5cksum.length); +- break; +- case SGN_ALG_HMAC_MD5: +- memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size); +- break; +- } ++ memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size); + + /* create the seq_num */ + code = kg_make_seq_num(context, ctx->seq, ctx->initiate ? 0 : 0xFF, +diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c +index 9b183bc33..f0cc4a680 100644 +--- a/src/lib/gssapi/krb5/k5unseal.c ++++ b/src/lib/gssapi/krb5/k5unseal.c +@@ -131,28 +131,21 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, + but few enough that we can try them all. */ + + if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || +- (ctx->sealalg == SEAL_ALG_DES3KD && +- signalg != SGN_ALG_HMAC_SHA1_DES3_KD)|| + (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 && + signalg != SGN_ALG_HMAC_MD5)) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + +- switch (signalg) { +- case SGN_ALG_HMAC_MD5: +- cksum_len = 8; +- if (toktype != KG_TOK_SEAL_MSG) +- sign_usage = 15; +- break; +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- cksum_len = 20; +- break; +- default: ++ if (signalg != SGN_ALG_HMAC_MD5) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + ++ cksum_len = 8; ++ if (toktype != KG_TOK_SEAL_MSG) ++ sign_usage = 15; ++ + if ((size_t)bodysize < 14 + cksum_len) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; +@@ -252,64 +245,53 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, + /* compute the checksum of the message */ + + /* initialize the the cksum */ +- switch (signalg) { +- case SGN_ALG_HMAC_MD5: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; +- break; +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; +- break; +- default: +- abort (); +- } ++ if (signalg != SGN_ALG_HMAC_MD5) ++ abort(); ++ md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + + code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); + if (code) + return(code); + md5cksum.length = sumlen; + +- switch (signalg) { +- default: ++ if (signalg != SGN_ALG_HMAC_MD5) { + *minor_status = 0; + return(GSS_S_DEFECTIVE_TOKEN); +- +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- case SGN_ALG_HMAC_MD5: +- /* compute the checksum of the message */ +- +- /* 8 = bytes of token body to be checksummed according to spec */ +- +- if (! (data_ptr = xmalloc(8 + plainlen))) { +- if (sealalg != 0xffff) +- xfree(plain); +- if (toktype == KG_TOK_SEAL_MSG) +- gssalloc_free(token.value); +- *minor_status = ENOMEM; +- return(GSS_S_FAILURE); +- } +- +- (void) memcpy(data_ptr, ptr-2, 8); +- +- (void) memcpy(data_ptr+8, plain, plainlen); +- +- plaind.length = 8 + plainlen; +- plaind.data = data_ptr; +- code = krb5_k_make_checksum(context, md5cksum.checksum_type, +- ctx->seq, sign_usage, +- &plaind, &md5cksum); +- xfree(data_ptr); +- +- if (code) { +- if (toktype == KG_TOK_SEAL_MSG) +- gssalloc_free(token.value); +- *minor_status = code; +- return(GSS_S_FAILURE); +- } +- +- code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); +- break; + } + ++ /* compute the checksum of the message */ ++ ++ /* 8 = bytes of token body to be checksummed according to spec */ ++ ++ if (! (data_ptr = xmalloc(8 + plainlen))) { ++ if (sealalg != 0xffff) ++ xfree(plain); ++ if (toktype == KG_TOK_SEAL_MSG) ++ gssalloc_free(token.value); ++ *minor_status = ENOMEM; ++ return(GSS_S_FAILURE); ++ } ++ ++ (void) memcpy(data_ptr, ptr-2, 8); ++ ++ (void) memcpy(data_ptr+8, plain, plainlen); ++ ++ plaind.length = 8 + plainlen; ++ plaind.data = data_ptr; ++ code = krb5_k_make_checksum(context, md5cksum.checksum_type, ++ ctx->seq, sign_usage, ++ &plaind, &md5cksum); ++ xfree(data_ptr); ++ ++ if (code) { ++ if (toktype == KG_TOK_SEAL_MSG) ++ gssalloc_free(token.value); ++ *minor_status = code; ++ return(GSS_S_FAILURE); ++ } ++ ++ code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); ++ + krb5_free_checksum_contents(context, &md5cksum); + if (sealalg != 0xffff) + xfree(plain); +diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c +index 85a9574f3..3ce2a90ce 100644 +--- a/src/lib/gssapi/krb5/k5unsealiov.c ++++ b/src/lib/gssapi/krb5/k5unsealiov.c +@@ -102,28 +102,21 @@ kg_unseal_v1_iov(krb5_context context, + } + + if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || +- (ctx->sealalg == SEAL_ALG_DES3KD && +- signalg != SGN_ALG_HMAC_SHA1_DES3_KD)|| + (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 && + signalg != SGN_ALG_HMAC_MD5)) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + +- switch (signalg) { +- case SGN_ALG_HMAC_MD5: +- cksum_len = 8; +- if (toktype != KG_TOK_WRAP_MSG) +- sign_usage = 15; +- break; +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- cksum_len = 20; +- break; +- default: ++ if (signalg != SGN_ALG_HMAC_MD5) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + ++ cksum_len = 8; ++ if (toktype != KG_TOK_WRAP_MSG) ++ sign_usage = 15; ++ + /* get the token parameters */ + code = kg_get_seq_num(context, ctx->seq, ptr + 14, ptr + 6, &direction, + &seqnum); +@@ -181,16 +174,10 @@ kg_unseal_v1_iov(krb5_context context, + + /* initialize the checksum */ + +- switch (signalg) { +- case SGN_ALG_HMAC_MD5: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; +- break; +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; +- break; +- default: ++ if (signalg != SGN_ALG_HMAC_MD5) + abort(); +- } ++ ++ md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + + code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); + if (code != 0) { +@@ -209,18 +196,13 @@ kg_unseal_v1_iov(krb5_context context, + goto cleanup; + } + +- switch (signalg) { +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- case SGN_ALG_HMAC_MD5: +- code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); +- break; +- default: ++ if (signalg != SGN_ALG_HMAC_MD5) { + code = 0; + retval = GSS_S_DEFECTIVE_TOKEN; + goto cleanup; +- break; + } + ++ code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); + if (code != 0) { + code = 0; + retval = GSS_S_BAD_SIG; +diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c +index 80954aff7..f7d3e92c4 100644 +--- a/src/lib/gssapi/krb5/util_crypt.c ++++ b/src/lib/gssapi/krb5/util_crypt.c +@@ -97,17 +97,6 @@ kg_setup_keys(krb5_context context, krb5_gss_ctx_id_rec *ctx, krb5_key subkey, + return code; + + switch (subkey->keyblock.enctype) { +- case ENCTYPE_DES3_CBC_SHA1: +- code = kg_copy_keys(context, ctx, subkey); +- if (code != 0) +- return code; +- +- ctx->enc->keyblock.enctype = ENCTYPE_DES3_CBC_RAW; +- ctx->seq->keyblock.enctype = ENCTYPE_DES3_CBC_RAW; +- ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD; +- ctx->cksum_size = 20; +- ctx->sealalg = SEAL_ALG_DES3KD; +- break; + case ENCTYPE_ARCFOUR_HMAC: + case ENCTYPE_ARCFOUR_HMAC_EXP: + /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" enctype, +diff --git a/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp +index 740425c69..6b45f5f72 100644 +--- a/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp ++++ b/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp +@@ -53,10 +53,10 @@ proc test200 {} { + } + + # XXX Perhaps I should actually check the key type returned. +- if {$num_keys == 5} { ++ if {$num_keys == 4} { + pass "$test" + } else { +- fail "$test: $num_keys keys, should be 5" ++ fail "$test: $num_keys keys, should be 4" + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" +diff --git a/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp +index 3ea1ba29b..d2c6d1afa 100644 +--- a/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp ++++ b/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp +@@ -143,8 +143,8 @@ proc test101_102 {rpc} { + } + + set failed 0 +- if {$num_keys != 5} { +- fail "$test: num_keys $num_keys should be 5" ++ if {$num_keys != 4} { ++ fail "$test: num_keys $num_keys should be 4" + set failed 1 + } + for {set i 0} {$i < $num_keys} {incr i} { +diff --git a/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp +index 2925c1c43..2f76c8b43 100644 +--- a/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp ++++ b/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp +@@ -46,10 +46,10 @@ proc test100 {} { + } + + # XXX Perhaps I should actually check the key type returned. +- if {$num_keys == 5} { ++ if {$num_keys == 4} { + pass "$test" + } else { +- fail "$test: $num_keys keys, should be 5" ++ fail "$test: $num_keys keys, should be 4" + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" +diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c +index e7d67cca4..9a4741fa6 100644 +--- a/src/lib/krb5/krb/init_ctx.c ++++ b/src/lib/krb5/krb/init_ctx.c +@@ -59,7 +59,6 @@ + static krb5_enctype default_enctype_list[] = { + ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, +- ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, + 0 +@@ -479,8 +478,6 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey, + /* Set all enctypes in the default list. */ + for (i = 0; default_list[i]; i++) + mod_list(default_list[i], sel, weak, &list); +- } else if (strcasecmp(token, "des3") == 0) { +- mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, &list); + } else if (strcasecmp(token, "aes") == 0) { + mod_list(ENCTYPE_AES256_CTS_HMAC_SHA1_96, sel, weak, &list); + mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list); +diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c +index 504eb557f..fc5c886d6 100644 +--- a/src/lib/krb5/krb/s4u_creds.c ++++ b/src/lib/krb5/krb/s4u_creds.c +@@ -287,8 +287,6 @@ verify_s4u2self_reply(krb5_context context, + assert(req_s4u_user != NULL); + + switch (subkey->enctype) { +- case ENCTYPE_DES3_CBC_SHA1: +- case ENCTYPE_DES3_CBC_RAW: + case ENCTYPE_ARCFOUR_HMAC: + case ENCTYPE_ARCFOUR_HMAC_EXP : + not_newer = TRUE; +diff --git a/src/lib/krb5/krb/t_copy_context.c b/src/lib/krb5/krb/t_copy_context.c +index 2970a8cea..fb82daf19 100644 +--- a/src/lib/krb5/krb/t_copy_context.c ++++ b/src/lib/krb5/krb/t_copy_context.c +@@ -113,7 +113,7 @@ main(int argc, char **argv) + { + krb5_context ctx, ctx2; + krb5_plugin_initvt_fn *mods; +- const krb5_enctype etypes1[] = { ENCTYPE_DES3_CBC_SHA1, 0 }; ++ const krb5_enctype etypes1[] = { ENCTYPE_AES128_CTS_HMAC_SHA256_128, 0 }; + const krb5_enctype etypes2[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }; + krb5_prompt_type ptypes[] = { KRB5_PROMPT_TYPE_PASSWORD }; +diff --git a/src/lib/krb5/krb/t_etypes.c b/src/lib/krb5/krb/t_etypes.c +index f609e938a..248ffea90 100644 +--- a/src/lib/krb5/krb/t_etypes.c ++++ b/src/lib/krb5/krb/t_etypes.c +@@ -50,17 +50,6 @@ static struct { + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }, + 0, 0 + }, +- /* Family followed by enctype */ +- { "aes des3-cbc-sha1-kd", +- { 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, +- ENCTYPE_DES3_CBC_SHA1, 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, +- ENCTYPE_DES3_CBC_SHA1, 0 }, +- 0, 0 +- }, + /* Family with enctype removed */ + { "camellia -camellia256-cts-cmac", + { 0 }, +@@ -69,46 +58,15 @@ static struct { + }, + /* Default set with family added and enctype removed */ + { "DEFAULT +aes -arcfour-hmac-md5", +- { ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES3_CBC_SHA1, 0 }, +- { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, ++ { ENCTYPE_ARCFOUR_HMAC, 0 }, ++ { ENCTYPE_AES256_CTS_HMAC_SHA1_96, + ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, + ENCTYPE_AES128_CTS_HMAC_SHA256_128, 0 }, +- { ENCTYPE_DES3_CBC_SHA1, +- ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, ++ { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, + 0 }, + 0, 0 + }, +- /* Default set with families removed and enctypes added (one redundant) */ +- { "DEFAULT -des3 rc4-hmac rc4-hmac-exp", +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_ARCFOUR_HMAC, 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, 0 }, +- 0, 0 +- }, +- /* Default set with family moved to front */ +- { "des3 +DEFAULT", +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_DES3_CBC_SHA1, 0 }, +- { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, +- ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 }, +- { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, +- ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 }, +- 0, 0 +- }, +- /* Two families with default set removed (exotic case), enctype added */ +- { "aes +rc4 -DEFaulT des3-hmac-sha1", +- { ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_DES3_CBC_SHA1, +- ENCTYPE_ARCFOUR_HMAC, 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, +- ENCTYPE_AES128_CTS_HMAC_SHA256_128, ENCTYPE_DES3_CBC_SHA1, 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, +- ENCTYPE_AES128_CTS_HMAC_SHA256_128, ENCTYPE_DES3_CBC_SHA1, 0 }, +- 0, 0 +- }, + /* Test krb5_set_default_in_tkt_ktypes */ + { NULL, + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }, +diff --git a/src/lib/krb5/os/t_trace.c b/src/lib/krb5/os/t_trace.c +index 10ba8d0ac..24064ffcf 100644 +--- a/src/lib/krb5/os/t_trace.c ++++ b/src/lib/krb5/os/t_trace.c +@@ -65,8 +65,8 @@ main (int argc, char *argv[]) + krb5_principal princ = &principal_data; + krb5_pa_data padata, padata2, **padatap; + krb5_enctype enctypes[4] = { +- ENCTYPE_DES3_CBC_SHA, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_UNKNOWN, +- ENCTYPE_NULL}; ++ ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_ARCFOUR_HMAC_EXP, ++ ENCTYPE_UNKNOWN, ENCTYPE_NULL}; + krb5_ccache ccache; + krb5_keytab keytab; + krb5_creds creds; +diff --git a/src/lib/krb5/os/t_trace.ref b/src/lib/krb5/os/t_trace.ref +index 044a66999..98fb14f3f 100644 +--- a/src/lib/krb5/os/t_trace.ref ++++ b/src/lib/krb5/os/t_trace.ref +@@ -41,7 +41,7 @@ int, krb5_principal type: ? + krb5_pa_data **, display list of padata type numbers: PA-PW-SALT (3), 0 + krb5_pa_data **, display list of padata type numbers: (empty) + krb5_enctype, display shortest name of enctype: aes128-cts +-krb5_enctype *, display list of enctypes: 5, rc4-hmac-exp, 511 ++krb5_enctype *, display list of enctypes: aes128-cts, rc4-hmac-exp, 511 + krb5_enctype *, display list of enctypes: (empty) + krb5_ccache, display type:name: FILE:/path/to/ccache + krb5_keytab, display name: FILE:/etc/krb5.keytab +diff --git a/src/plugins/preauth/pkinit/pkcs11.h b/src/plugins/preauth/pkinit/pkcs11.h +index e3d284631..586661bb7 100644 +--- a/src/plugins/preauth/pkinit/pkcs11.h ++++ b/src/plugins/preauth/pkinit/pkcs11.h +@@ -339,9 +339,9 @@ typedef unsigned long ck_key_type_t; + #define CKK_GENERIC_SECRET (0x10) + #define CKK_RC2 (0x11) + #define CKK_RC4 (0x12) +-#define CKK_DES (0x13) +-#define CKK_DES2 (0x14) +-#define CKK_DES3 (0x15) ++/* #define CKK_DES (0x13) */ ++/* #define CKK_DES2 (0x14) */ ++/* #define CKK_DES3 (0x15) */ + #define CKK_CAST (0x16) + #define CKK_CAST3 (0x17) + #define CKK_CAST128 (0x18) +diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c +index 1a642139a..2f0431991 100644 +--- a/src/plugins/preauth/pkinit/pkinit_clnt.c ++++ b/src/plugins/preauth/pkinit/pkinit_clnt.c +@@ -212,14 +212,6 @@ pkinit_as_req_create(krb5_context context, + auth_pack.clientPublicValue = &info; + auth_pack.supportedKDFs = (krb5_data **)supported_kdf_alg_ids; + +- /* add List of CMS algorithms */ +- retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx, +- reqctx->cryptoctx, +- reqctx->idctx, &cmstypes); +- auth_pack.supportedCMSTypes = cmstypes; +- if (retval) +- goto cleanup; +- + switch(protocol) { + case DH_PROTOCOL: + TRACE_PKINIT_CLIENT_REQ_DH(context); +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto.h b/src/plugins/preauth/pkinit/pkinit_crypto.h +index 8064a07d0..a291889b0 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto.h ++++ b/src/plugins/preauth/pkinit/pkinit_crypto.h +@@ -380,18 +380,6 @@ krb5_error_code server_process_dh + unsigned int *server_key_len_out); /* OUT + receives length of DH secret key */ + +-/* +- * this functions takes in crypto specific representation of +- * supportedCMSTypes and creates a list of +- * krb5_algorithm_identifier +- */ +-krb5_error_code create_krb5_supportedCMSTypes +- (krb5_context context, /* IN */ +- pkinit_plg_crypto_context plg_cryptoctx, /* IN */ +- pkinit_req_crypto_context req_cryptoctx, /* IN */ +- pkinit_identity_crypto_context id_cryptoctx, /* IN */ +- krb5_algorithm_identifier ***supportedCMSTypes); /* OUT */ +- + /* + * this functions takes in crypto specific representation of + * trustedCertifiers and creates a list of +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index 8c7fd0cca..52976895b 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -5487,44 +5487,6 @@ cleanup: + return retval; + } + +-krb5_error_code +-create_krb5_supportedCMSTypes(krb5_context context, +- pkinit_plg_crypto_context plg_cryptoctx, +- pkinit_req_crypto_context req_cryptoctx, +- pkinit_identity_crypto_context id_cryptoctx, +- krb5_algorithm_identifier ***oids) +-{ +- +- krb5_error_code retval = ENOMEM; +- krb5_algorithm_identifier **loids = NULL; +- krb5_data des3oid = {0, 8, "\x2A\x86\x48\x86\xF7\x0D\x03\x07" }; +- +- *oids = NULL; +- loids = malloc(2 * sizeof(krb5_algorithm_identifier *)); +- if (loids == NULL) +- goto cleanup; +- loids[1] = NULL; +- loids[0] = malloc(sizeof(krb5_algorithm_identifier)); +- if (loids[0] == NULL) { +- free(loids); +- goto cleanup; +- } +- retval = pkinit_copy_krb5_data(&loids[0]->algorithm, &des3oid); +- if (retval) { +- free(loids[0]); +- free(loids); +- goto cleanup; +- } +- loids[0]->parameters.length = 0; +- loids[0]->parameters.data = NULL; +- +- *oids = loids; +- retval = 0; +-cleanup: +- +- return retval; +-} +- + krb5_error_code + create_krb5_trustedCertifiers(krb5_context context, + pkinit_plg_crypto_context plg_cryptoctx, +diff --git a/src/plugins/preauth/pkinit/pkinit_kdf_test.c b/src/plugins/preauth/pkinit/pkinit_kdf_test.c +index 7acbd0d28..cd998a29a 100644 +--- a/src/plugins/preauth/pkinit/pkinit_kdf_test.c ++++ b/src/plugins/preauth/pkinit/pkinit_kdf_test.c +@@ -49,7 +49,6 @@ char eighteen_bs[9]; + char party_u_name[] = "lha@SU.SE"; + char party_v_name[] = "krbtgt/SU.SE@SU.SE"; + int enctype_aes = ENCTYPE_AES256_CTS_HMAC_SHA1_96; +-int enctype_des3 = ENCTYPE_DES3_CBC_SHA1; + const krb5_data lha_data = DATA_FROM_STRING("lha"); + + krb5_octet key1_hex[] = +@@ -185,36 +184,6 @@ main(int argc, char **argv) + goto cleanup; + } + +- /* TEST 3: SHA-512/DES3 */ +- /* set up algorithm id */ +- alg_id.algorithm.data = (char *)krb5_pkinit_sha512_oid; +- alg_id.algorithm.length = krb5_pkinit_sha512_oid_len; +- +- enctype = enctype_des3; +- +- /* call pkinit_alg_agility_kdf() with test vector values*/ +- if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, +- &alg_id.algorithm, +- u_principal, v_principal, +- enctype, &as_req, &pk_as_rep, +- &key_block))) { +- printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d", +- retval); +- goto cleanup; +- } +- +- /* compare key to expected key value */ +- +- if ((key_block.length == sizeof(key3_hex)) && +- (0 == memcmp(key_block.contents, key3_hex, key_block.length))) { +- printf("SUCCESS: TEST 3 (SHA-512/DES3), Correct key value generated.\n"); +- retval = 0; +- } else { +- printf("FAILURE: TEST 2 (SHA-512/DES3), Incorrect key value generated!\n"); +- retval = 1; +- goto cleanup; +- } +- + cleanup: + /* release all allocated resources, whether good or bad return */ + free(secret.data); +diff --git a/src/plugins/preauth/spake/t_vectors.c b/src/plugins/preauth/spake/t_vectors.c +index 2279202d3..96b0307d7 100644 +--- a/src/plugins/preauth/spake/t_vectors.c ++++ b/src/plugins/preauth/spake/t_vectors.c +@@ -56,31 +56,6 @@ struct test { + const char *K2; + const char *K3; + } tests[] = { +- { ENCTYPE_DES3_CBC_SHA1, SPAKE_GROUP_EDWARDS25519, +- /* initial key, w, x, y, T, S, K */ +- "850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E", +- "686D84730CB8679AE95416C6567C6A63F2C9CEF124F7A3371AE81E11CAD42A37", +- "201012D07BFD48DDFA33C4AAC4FB1E229FB0D043CFE65EBFB14399091C71A723", +- "500B294797B8B042ACA1BEDC0F5931A4F52C537B3608B2D05CC8A2372F439F25", +- "18F511E750C97B592ACD30DB7D9E5FCA660389102E6BF610C1BFBED4616C8362", +- "5D10705E0D1E43D5DBF30240CCFBDE4A0230C70D4C79147AB0B317EDAD2F8AE7", +- "25BDE0D875F0FEB5755F45BA5E857889D916ECF7476F116AA31DC3E037EC4292", +- /* support, challenge, thash, body */ +- "A0093007A0053003020101", +- "A1363034A003020101A122042018F511E750C97B592ACD30DB7D9E5FCA660389" +- "102E6BF610C1BFBED4616C8362A20930073005A003020101", +- "EAAA08807D0616026FF51C849EFBF35BA0CE3C5300E7D486DA46351B13D4605B", +- "3075A00703050000000000A1143012A003020101A10B30091B07726165627572" +- "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018" +- "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730" +- "303130313030303030305AA703020100A8053003020110", +- /* K'[0], K'[1], K'[2], K'[3] */ +- "BAF12FAE7CD958CBF1A29BFBC71F89CE49E03E295D89DAFD", +- "64F73DD9C41908206BCEC1F719026B574F9D13463D7A2520", +- "0454520B086B152C455829E6BAEFF78A61DFE9E3D04A895D", +- "4A92260B25E3EF94C125D5C24C3E5BCED5B37976E67F25C4", +- }, +- + { ENCTYPE_ARCFOUR_HMAC, SPAKE_GROUP_EDWARDS25519, + /* initial key, w, x, y, T, S, K */ + "8846F7EAEE8FB117AD06BDD830B7586C", +diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp +index b047ef1f7..4d8c917cd 100644 +--- a/src/tests/dejagnu/config/default.exp ++++ b/src/tests/dejagnu/config/default.exp +@@ -15,8 +15,6 @@ set timeout 100 + set stty_init {erase \^h kill \^u} + set env(TERM) dumb + +-set des3_krbtgt 0 +- + if { [string length $VALGRIND] } { + rename spawn valgrind_aux_spawn + proc spawn { args } { +@@ -105,17 +103,9 @@ if { $PRIOCNTL_HACK } { + # particularly with regards to encryption types. + + set passes { +- { +- des3 +- mode=udp +- des3_krbtgt=1 +- {supported_enctypes=des3-cbc-sha1:normal} +- {dummy=[verbose -log "DES3 TGT, DES3 enctype"]} +- } + { + aes-only + mode=udp +- des3_krbtgt=0 + {supported_enctypes=aes256-cts-hmac-sha1-96:normal} + {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96} + {permitted_enctypes(client)=aes256-cts-hmac-sha1-96} +@@ -130,7 +120,6 @@ set passes { + { + aes-sha2-only + mode=udp +- des3_krbtgt=0 + {supported_enctypes=aes256-sha2:normal} + {permitted_enctypes(kdc)=aes256-sha2} + {permitted_enctypes(replica)=aes256-sha2} +@@ -146,7 +135,6 @@ set passes { + { + camellia-only + mode=udp +- des3_krbtgt=0 + {supported_enctypes=camellia256-cts:normal} + {permitted_enctypes(kdc)=camellia256-cts} + {permitted_enctypes(replica)=camellia256-cts} +@@ -159,32 +147,9 @@ set passes { + {master_key_type=camellia256-cts} + {dummy=[verbose -log "Camellia-256 enctype"]} + } +- { +- aes-des3 +- mode=udp +- des3_krbtgt=0 +- {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal} +- {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {master_key_type=aes256-cts-hmac-sha1-96} +- {dummy=[verbose -log "AES + DES3 + DES enctypes"]} +- } +- { +- aes-des3tgt +- mode=udp +- des3_krbtgt=1 +- {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal} +- {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {master_key_type=aes256-cts-hmac-sha1-96} +- {dummy=[verbose -log "AES enctypes, DES3 TGT"]} +- } + { + all-enctypes + mode=udp +- des3_krbtgt=0 + {allow_weak_crypto(kdc)=false} + {allow_weak_crypto(replica)=false} + {allow_weak_crypto(client)=false} +@@ -946,7 +911,6 @@ proc setup_kerberos_db { standalone } { + global REALMNAME KDB5_UTIL KADMIN_LOCAL KEY + global tmppwd hostname + global spawn_id +- global des3_krbtgt + global multipass_name last_passname_db + + set failall 0 +@@ -1143,48 +1107,6 @@ proc setup_kerberos_db { standalone } { + } + } + +- if $des3_krbtgt { +- # Set the TGT key to DES3. +- set test "kadmin.local TGT to DES3" +- set body { +- if $failall { +- break +- } +- spawn $KADMIN_LOCAL -r $REALMNAME -e des3-cbc-sha1:normal +- verbose "starting $test" +- expect_after $def_exp_after +- +- expect "kadmin.local: " +- send "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" +- # It echos... +- expect "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" +- expect { +- "Key for \"krbtgt/$REALMNAME@$REALMNAME\" randomized." { } +- } +- expect "kadmin.local: " +- send "quit\r" +- expect eof +- catch expect_after +- if ![check_exit_status kadmin_local] { +- break +- } +- } +- set ret [catch $body] +- catch "expect eof" +- catch expect_after +- if $ret { +- set failall 1 +- if $standalone { +- fail $test +- } else { +- delete_db +- } +- } else { +- if $standalone { +- pass $test +- } +- } +- } + envstack_pop + + # create the admin database lock file +diff --git a/src/tests/dejagnu/krb-standalone/kprop.exp b/src/tests/dejagnu/krb-standalone/kprop.exp +index f71ee8638..8c08cf42f 100644 +--- a/src/tests/dejagnu/krb-standalone/kprop.exp ++++ b/src/tests/dejagnu/krb-standalone/kprop.exp +@@ -54,7 +54,7 @@ proc doit { } { + global REALMNAME KEY + global KADMIN_LOCAL KTUTIL KDB5_UTIL KPROPLOG KPROP kpropd_spawn_id + global hostname tmppwd spawn_id timeout +- global KRBIV supported_enctypes portbase mode ulog des3_krbtgt ++ global KRBIV supported_enctypes portbase mode ulog + + # Delete any db, ulog files + delete_db +diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py +index 7494d7fcd..2f95d8996 100755 +--- a/src/tests/gssapi/t_enctypes.py ++++ b/src/tests/gssapi/t_enctypes.py +@@ -1,24 +1,17 @@ + from k5test import * + +-# Define some convenience abbreviations for enctypes we will see in +-# test program output. For background, aes256 and aes128 are "CFX +-# enctypes", meaning that they imply support for RFC 4121, while des3 +-# and rc4 are not. DES3 keys will appear as 'des3-cbc-raw' in +-# t_enctypes output because that's how GSSAPI does raw triple-DES +-# encryption without the RFC3961 framing. ++# Define some convenience abbreviations for enctypes we will see in test ++# program output. For background, aes256 and aes128 are "CFX enctypes", ++# meaning that they imply support for RFC 4121, while rc4 does not. + aes256 = 'aes256-cts-hmac-sha1-96' + aes128 = 'aes128-cts-hmac-sha1-96' +-des3 = 'des3-cbc-sha1' +-d_des3 = 'DEPRECATED:des3-cbc-sha1' +-des3raw = 'des3-cbc-raw' +-d_des3raw = 'DEPRECATED:des3-cbc-raw' + rc4 = 'arcfour-hmac' + d_rc4 = 'DEPRECATED:arcfour-hmac' + + # These tests make assumptions about the default enctype lists, so set + # them explicitly rather than relying on the library defaults. +-supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal' +-conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4'}, ++supp='aes256-cts:normal aes128-cts:normal rc4-hmac:normal' ++conf = {'libdefaults': {'permitted_enctypes': 'aes rc4'}, + 'realms': {'$realm': {'supported_enctypes': supp}}} + realm = K5Realm(krb5_conf=conf) + shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save')) +@@ -87,19 +80,12 @@ test('both aes128', 'aes128-cts', 'aes128-cts', + test_err('acc aes128', None, 'aes128-cts', + 'Encryption type aes256-cts-hmac-sha1-96 not permitted') + +-# If the initiator constrains the permitted session enctypes to des3, +-# no acceptor subkey will be generated because we can't upgrade to a +-# CFX enctype. +-test('init des3', 'des3', None, +- tktenc=aes256, tktsession=d_des3, +- proto='rfc1964', isubkey=des3raw, asubkey=None) +- + # Force the ticket session key to be rc4, so we can test some subkey + # upgrade cases. The ticket encryption key remains aes256. + realm.run([kadminl, 'setstr', realm.host_princ, 'session_enctypes', 'rc4']) + + # With no arguments, the initiator should send an upgrade list of +-# [aes256 aes128 des3] and the acceptor should upgrade to an aes256 ++# [aes256 aes128] and the acceptor should upgrade to an aes256 + # subkey. + test('upgrade noargs', None, None, + tktenc=aes256, tktsession=d_rc4, +@@ -115,13 +101,6 @@ test('upgrade init aes128+rc4', 'aes128-cts rc4', None, + tktenc=aes256, tktsession=d_rc4, + proto='cfx', isubkey=rc4, asubkey=aes128) + +-# If the initiator permits rc4 but prefers des3, it will send an +-# upgrade list of [des3], but the acceptor won't generate a subkey +-# because des3 isn't a CFX enctype. +-test('upgrade init des3+rc4', 'des3 rc4', None, +- tktenc=aes256, tktsession=d_rc4, +- proto='rfc1964', isubkey=rc4, asubkey=None) +- + # If the acceptor permits only aes128, subkey negotiation will fail + # because the ticket session key and initiator subkey are + # non-permitted. (This is unfortunate if the acceptor's restriction +diff --git a/src/tests/gssapi/t_invalid.c b/src/tests/gssapi/t_invalid.c +index 9876a11e6..fb8fe5511 100644 +--- a/src/tests/gssapi/t_invalid.c ++++ b/src/tests/gssapi/t_invalid.c +@@ -84,18 +84,6 @@ struct test { + size_t toklen; + const char *token; + } tests[] = { +- { +- ENCTYPE_DES3_CBC_SHA1, ENCTYPE_DES3_CBC_RAW, +- SEAL_ALG_DES3KD, SGN_ALG_HMAC_SHA1_DES3_KD, 20, +- 24, +- "\x4F\xEA\x19\x19\x5E\x0E\x10\xDF\x3D\x29\xB5\x13\x8F\x01\xC7\xA7" +- "\x92\x3D\x38\xF7\x26\x73\x0D\x6D", +- 65, +- "\x60\x3F\x06\x09\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x02\x01\x04" +- "\x00\x02\x00\xFF\xFF\xEB\xF3\x9A\x89\x24\x57\xB8\x63\x95\x25\xE8" +- "\x6E\x8E\x79\xE6\x2E\xCA\xD3\xFF\x57\x9F\x8C\xAB\xEF\xDD\x28\x10" +- "\x2F\x93\x21\x2E\xF2\x52\xB6\x6F\xA8\xBB\x8A\x6D\xAA\x6F\xB7\xF4\xD4" +- }, + { + ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC, + SEAL_ALG_MICROSOFT_RC4, SGN_ALG_HMAC_MD5, 8, +diff --git a/src/tests/gssapi/t_pcontok.c b/src/tests/gssapi/t_pcontok.c +index 7368f752f..bf22bd3da 100644 +--- a/src/tests/gssapi/t_pcontok.c ++++ b/src/tests/gssapi/t_pcontok.c +@@ -43,7 +43,6 @@ + #include "k5-int.h" + #include "common.h" + +-#define SGN_ALG_HMAC_SHA1_DES3_KD 0x04 + #define SGN_ALG_HMAC_MD5 0x11 + + /* +@@ -77,17 +76,12 @@ make_delete_token(gss_krb5_lucid_context_v1_t *lctx, gss_buffer_desc *out) + ret = krb5_k_create_key(context, &seqkb, &seq); + check_k5err(context, "krb5_k_create_key", ret); + +- if (signalg == SGN_ALG_HMAC_SHA1_DES3_KD) { +- cktype = CKSUMTYPE_HMAC_SHA1_DES3; +- cksize = 20; +- ckusage = 23; +- } else if (signalg == SGN_ALG_HMAC_MD5) { +- cktype = CKSUMTYPE_HMAC_MD5_ARCFOUR; +- cksize = 8; +- ckusage = 15; +- } else { ++ if (signalg != SGN_ALG_HMAC_MD5) + abort(); +- } ++ ++ cktype = CKSUMTYPE_HMAC_MD5_ARCFOUR; ++ cksize = 8; ++ ckusage = 15; + + tlen = 20 + mech_krb5.length + cksize; + token = malloc(tlen); +diff --git a/src/tests/gssapi/t_prf.c b/src/tests/gssapi/t_prf.c +index f71774cdc..d1857c433 100644 +--- a/src/tests/gssapi/t_prf.c ++++ b/src/tests/gssapi/t_prf.c +@@ -41,13 +41,6 @@ static struct { + const char *key2; + const char *out2; + } tests[] = { +- { ENCTYPE_DES3_CBC_SHA1, +- "70378A19CD64134580C27C0115D6B34A1CF2FEECEF9886A2", +- "9F8D127C520BB826BFF3E0FE5EF352389C17E0C073D9" +- "AC4A333D644D21BA3EF24F4A886D143F85AC9F6377FB", +- "3452A167DF1094BA1089E0A20E9E51ABEF1525922558B69E", +- "6BF24FABC858F8DD9752E4FCD331BB831F238B5BE190" +- "4EEA42E38F7A60C588F075C5C96A67E7F8B7BD0AECF4" }, + { ENCTYPE_ARCFOUR_HMAC, + "3BB3AE288C12B3B9D06B208A4151B3B6", + "9AEA11A3BCF3C53F1F91F5A0BA2132E2501ADF5F3C28" +diff --git a/src/tests/t_authdata.py b/src/tests/t_authdata.py +index c589adf2a..4fbdbec05 100644 +--- a/src/tests/t_authdata.py ++++ b/src/tests/t_authdata.py +@@ -174,7 +174,7 @@ realm.run([kvno, 'restricted']) + # preferred krbtgt enctype changes. + mark('#8139 regression test') + realm.kinit(realm.user_princ, password('user'), ['-f']) +-realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'des3-cbc-sha1', ++realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes256-sha2', + realm.krbtgt_princ]) + realm.run(['./forward']) + realm.run([kvno, realm.host_princ]) +diff --git a/src/tests/t_etype_info.py b/src/tests/t_etype_info.py +index 2a052fc17..ace0edc3c 100644 +--- a/src/tests/t_etype_info.py ++++ b/src/tests/t_etype_info.py +@@ -1,6 +1,6 @@ + from k5test import * + +-supported_enctypes = 'aes128-cts des3-cbc-sha1 rc4-hmac' ++supported_enctypes = 'aes128-cts rc4-hmac' + conf = {'libdefaults': {'allow_weak_crypto': 'true'}, + 'realms': {'$realm': {'supported_enctypes': supported_enctypes}}} + realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf) +@@ -24,9 +24,9 @@ def test_etinfo(princ, enctypes, expected_lines): + # With no newer enctypes in the request, PA-ETYPE-INFO2, + # PA-ETYPE-INFO, and PA-PW-SALT appear in the AS-REP, each listing one + # key for the most preferred matching enctype. +-test_etinfo('user', 'rc4-hmac-exp des3 rc4', +- ['asrep etype_info2 des3-cbc-sha1 KRBTEST.COMuser', +- 'asrep etype_info des3-cbc-sha1 KRBTEST.COMuser', ++test_etinfo('user', 'rc4-hmac-exp rc4', ++ ['asrep etype_info2 rc4-hmac KRBTEST.COMuser', ++ 'asrep etype_info rc4-hmac KRBTEST.COMuser', + 'asrep pw_salt KRBTEST.COMuser']) + + # With a newer enctype in the request (even if it is not the most +@@ -37,9 +37,9 @@ test_etinfo('user', 'rc4 aes256-cts', + + # In preauth-required errors, PA-PW-SALT does not appear, but the same + # etype-info2 values are expected. +-test_etinfo('preauthuser', 'rc4-hmac-exp des3 rc4', +- ['error etype_info2 des3-cbc-sha1 KRBTEST.COMpreauthuser', +- 'error etype_info des3-cbc-sha1 KRBTEST.COMpreauthuser']) ++test_etinfo('preauthuser', 'rc4-hmac-exp rc4', ++ ['error etype_info2 rc4-hmac KRBTEST.COMpreauthuser', ++ 'error etype_info rc4-hmac KRBTEST.COMpreauthuser']) + test_etinfo('preauthuser', 'rc4 aes256-cts', + ['error etype_info2 rc4-hmac KRBTEST.COMpreauthuser']) + +@@ -48,8 +48,8 @@ test_etinfo('preauthuser', 'rc4 aes256-cts', + # (to allow for preauth mechs which don't depend on long-term keys). + # An AS-REP cannot be generated without preauth as there is no reply + # key. +-test_etinfo('rc4user', 'des3', []) +-test_etinfo('nokeyuser', 'des3', []) ++test_etinfo('rc4user', 'aes128-cts', []) ++test_etinfo('nokeyuser', 'aes128-cts', []) + + # Verify that etype-info2 is included in a MORE_PREAUTH_DATA_REQUIRED + # error if the client does optimistic preauth. +diff --git a/src/tests/t_keyrollover.py b/src/tests/t_keyrollover.py +index 2c825a692..f29e0d550 100755 +--- a/src/tests/t_keyrollover.py ++++ b/src/tests/t_keyrollover.py +@@ -37,9 +37,9 @@ realm.run([klist, '-e'], expected_msg=msg) + + # Test that the KDC only accepts the first enctype for a kvno, for a + # local-realm TGS request. To set this up, we abuse an edge-case +-# behavior of modprinc -kvno. First, set up a DES3 krbtgt entry at ++# behavior of modprinc -kvno. First, set up an aes128-sha2 krbtgt entry at + # kvno 1 and cache a krbtgt ticket. +-realm.run([kadminl, 'cpw', '-randkey', '-e', 'des3-cbc-sha1', ++realm.run([kadminl, 'cpw', '-randkey', '-e', 'aes128-cts-hmac-sha256-128', + realm.krbtgt_princ]) + realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ]) + realm.kinit(realm.user_princ, password('user')) +@@ -50,9 +50,9 @@ realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes256-cts', + realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ]) + out = realm.run([kadminl, 'getprinc', realm.krbtgt_princ]) + if 'vno 1, aes256-cts' not in out or \ +- 'vno 1, DEPRECATED:des3-cbc-sha1' not in out: ++ 'vno 1, aes128-cts-hmac-sha256-128' not in out: + fail('keyrollover: setup for TGS enctype test failed') +-# Now present the DES3 ticket to the KDC and make sure it's rejected. ++# Now present the aes128-sha2 ticket to the KDC and make sure it's rejected. + realm.run([kvno, realm.host_princ], expected_code=1) + + realm.stop() +diff --git a/src/tests/t_mkey.py b/src/tests/t_mkey.py +index 99273c907..f84041ca4 100755 +--- a/src/tests/t_mkey.py ++++ b/src/tests/t_mkey.py +@@ -7,7 +7,6 @@ import struct + # default enctype for master keys. + aes256 = 'aes256-cts-hmac-sha1-96' + aes128 = 'aes128-cts-hmac-sha1-96' +-des3 = 'des3-cbc-sha1' + defetype = aes256 + + realm = K5Realm(create_host=False, start_kadmind=True) +@@ -300,40 +299,6 @@ if 'Decrypt integrity check failed' in out or 'added to keytab' not in out: + + realm.stop() + +-# Load a dump file created with krb5 1.6, before the master key +-# rollover changes were introduced. Write out an old-format stash +-# file consistent with the dump's master password ("footes"). The K/M +-# entry in this database will not have actkvno tl-data because it was +-# created prior to master key rollover support. Verify that: +-# 1. We can access the database using the old-format stash file. +-# 2. list_mkeys displays the same list as for a post-1.7 KDB. +-mark('pre-1.7 stash file') +-dumpfile = os.path.join(srctop, 'tests', 'dumpfiles', 'dump.16') +-os.remove(stash_file) +-f = open(stash_file, 'wb') +-f.write(struct.pack('=HL24s', 16, 24, +- b'\xF8\x3E\xFB\xBA\x6D\x80\xD9\x54\xE5\x5D\xF2\xE0' +- b'\x94\xAD\x6D\x86\xB5\x16\x37\xEC\x7C\x8A\xBC\x86')) +-f.close() +-realm.run([kdb5_util, 'load', dumpfile]) +-nprincs = len(realm.run([kadminl, 'listprincs']).splitlines()) +-check_mkvno('K/M', 1) +-check_mkey_list((1, des3, True, True)) +- +-# Create a new master key and verify that, without actkvkno tl-data: +-# 1. list_mkeys displays the same as for a post-1.7 KDB. +-# 2. update_princ_encryption still targets mkvno 1. +-# 3. libkadm5 still uses mkvno 1 for key changes. +-# 4. use_mkey creates the same list as for a post-1.7 KDB. +-mark('rollover from pre-1.7 KDB') +-add_mkey([]) +-check_mkey_list((2, defetype, False, False), (1, des3, True, True)) +-update_princ_encryption(False, 1, 0, nprincs - 1) +-realm.run([kadminl, 'addprinc', '-randkey', realm.user_princ]) +-check_mkvno(realm.user_princ, 1) +-realm.run([kdb5_util, 'use_mkey', '2', 'now-1day']) +-check_mkey_list((2, defetype, True, True), (1, des3, True, False)) +- + # Regression test for #8395. Purge the master key and verify that a + # master key fetch does not segfault. + mark('#8395 regression test') +diff --git a/src/tests/t_salt.py b/src/tests/t_salt.py +index 65084bbf3..55ca89745 100755 +--- a/src/tests/t_salt.py ++++ b/src/tests/t_salt.py +@@ -16,13 +16,12 @@ def test_salt(realm, e1, salt, e2): + + # Enctype/salt pairs chosen with non-default salt types. + # The enctypes are mostly arbitrary. +-salts = [('des3-cbc-sha1', 'norealm'), ++salts = [('aes128-cts-hmac-sha1-96', 'norealm'), + ('arcfour-hmac', 'onlyrealm'), + ('aes128-cts-hmac-sha1-96', 'special')] + # These enctypes are chosen to cover the different string-to-key routines. + # Omit ":normal" from aes256 to check that salttype defaulting works. +-second_kstypes = ['aes256-cts-hmac-sha1-96', 'arcfour-hmac:normal', +- 'des3-cbc-sha1:normal'] ++second_kstypes = ['aes256-cts-hmac-sha1-96', 'arcfour-hmac:normal'] + + # Test using different salt types in a principal's key list. + # Parameters from one key in the list must not leak over to later ones. +diff --git a/src/util/k5test.py b/src/util/k5test.py +index 442a4e4f7..eea92275d 100644 +--- a/src/util/k5test.py ++++ b/src/util/k5test.py +@@ -1299,13 +1299,6 @@ _passes = [ + # No special settings; exercises AES256. + ('default', None, None, None), + +- # Exercise the DES3 enctype. +- ('des3', None, +- {'libdefaults': {'permitted_enctypes': 'des3'}}, +- {'realms': {'$realm': { +- 'supported_enctypes': 'des3-cbc-sha1:normal', +- 'master_key_type': 'des3-cbc-sha1'}}}), +- + # Exercise the arcfour enctype. + ('arcfour', None, + {'libdefaults': {'permitted_enctypes': 'rc4'}}, +diff --git a/src/windows/leash/htmlhelp/html/Encryption_Types.htm b/src/windows/leash/htmlhelp/html/Encryption_Types.htm +index 1aebdd0b4..c38eefd2b 100644 +--- a/src/windows/leash/htmlhelp/html/Encryption_Types.htm ++++ b/src/windows/leash/htmlhelp/html/Encryption_Types.htm +@@ -79,19 +79,6 @@ will have an entry in the Encryption type column.
+ Description + + +- des3- +- The triple DES family improves on +-the original DES (Data Encryption Standard) by using 3 separate 56-bit +-keys. Some modes of 3DES are considered weak while others are strong +-(if slow).
    +-
  • des3-cbc-sha1
    • +-
  • des3-cbc-raw (weak)
    • +-
  • des3-hmac-sha1
    • +-
  • des3-cbc-sha1-kd
    • +-
+- +- +- + aes + The AES Advanced Encryption Standard + family, like 3DES, is a symmetric block cipher and was designed diff --git a/SOURCES/krb5-1.17-beta1-selinux-label.patch b/SOURCES/downstream-SELinux-integration.patch similarity index 92% rename from SOURCES/krb5-1.17-beta1-selinux-label.patch rename to SOURCES/downstream-SELinux-integration.patch index 3f874f5..13aa0b6 100644 --- a/SOURCES/krb5-1.17-beta1-selinux-label.patch +++ b/SOURCES/downstream-SELinux-integration.patch @@ -1,7 +1,7 @@ -From 46946e305e4536a56866ff21ac1f6e8ed7c3b814 Mon Sep 17 00:00:00 2001 +From 791fe183bf67dcab6d044b23d8daaf4a3a96be48 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:30:53 -0400 -Subject: [PATCH] krb5-1.17-beta1-selinux-label.patch +Subject: [PATCH] [downstream] SELinux integration SELinux bases access to files on the domain of the requesting process, the operation being performed, and the context applied to the file. @@ -35,11 +35,14 @@ stomp all over us. The selabel APIs for looking up the context should be thread-safe (per Red Hat #273081), so switching to using them instead of matchpathcon(), which we used earlier, is some improvement. + +Last-updated: krb5-1.18-beta1 +(cherry picked from commit 0f8851a23a7b6fa0e195e01d0475e9e55707adf2) --- - src/aclocal.m4 | 49 +++ + src/aclocal.m4 | 48 +++ src/build-tools/krb5-config.in | 3 +- src/config/pre.in | 3 +- - src/configure.in | 2 + + src/configure.ac | 2 + src/include/k5-int.h | 1 + src/include/k5-label.h | 32 ++ src/include/krb5/krb5.hin | 6 + @@ -51,7 +54,6 @@ which we used earlier, is some improvement. src/lib/krb5/ccache/cc_dir.c | 26 +- src/lib/krb5/keytab/kt_file.c | 4 +- src/lib/krb5/os/trace.c | 2 +- - src/lib/krb5/rcache/rc_dfl.c | 13 + src/plugins/kdb/db2/adb_openclose.c | 2 +- src/plugins/kdb/db2/kdb_db2.c | 4 +- src/plugins/kdb/db2/libdb2/btree/bt_open.c | 3 +- @@ -61,12 +63,12 @@ which we used earlier, is some improvement. src/util/profile/prof_file.c | 3 +- src/util/support/Makefile.in | 3 +- src/util/support/selinux.c | 406 ++++++++++++++++++ - 25 files changed, 587 insertions(+), 21 deletions(-) + 24 files changed, 573 insertions(+), 21 deletions(-) create mode 100644 src/include/k5-label.h create mode 100644 src/util/support/selinux.c diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index 340546d80..a7afec09e 100644 +index 830203683..6796fec53 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -89,6 +89,7 @@ AC_SUBST_FILE(libnodeps_frag) @@ -77,7 +79,7 @@ index 340546d80..a7afec09e 100644 KRB5_LIB_PARAMS KRB5_AC_INITFINI KRB5_AC_ENABLE_THREADS -@@ -1764,3 +1765,51 @@ AC_SUBST(PAM_LIBS) +@@ -1743,4 +1744,51 @@ AC_SUBST(PAM_LIBS) AC_SUBST(PAM_MAN) AC_SUBST(NON_PAM_MAN) ])dnl @@ -100,7 +102,7 @@ index 340546d80..a7afec09e 100644 + AC_MSG_ERROR([Unable to locate selinux/selinux.h.]) + fi + fi -+ + + LIBS= + unset ac_cv_func_setfscreatecon + AC_CHECK_FUNCS(setfscreatecon selabel_open) @@ -171,11 +173,11 @@ index ce87e21ca..917357df9 100644 KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS) GSS_LIBS = $(GSS_KRB5_LIB) # needs fixing if ever used on macOS! -diff --git a/src/configure.in b/src/configure.in -index e9a12ac16..93aec682e 100644 ---- a/src/configure.in -+++ b/src/configure.in -@@ -1354,6 +1354,8 @@ AC_PATH_PROG(GROFF, groff) +diff --git a/src/configure.ac b/src/configure.ac +index d1f576124..440a22bd9 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -1392,6 +1392,8 @@ AC_PATH_PROG(GROFF, groff) KRB5_WITH_PAM @@ -185,7 +187,7 @@ index e9a12ac16..93aec682e 100644 if test "${localedir+set}" != set; then localedir='$(datadir)/locale' diff --git a/src/include/k5-int.h b/src/include/k5-int.h -index 652242207..8f9329c59 100644 +index 9616b24bf..0d9af3d95 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -128,6 +128,7 @@ typedef unsigned char u_char; @@ -235,7 +237,7 @@ index 000000000..dfaaa847c +#endif +#endif diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin -index c40a6cca8..3ff86d7ff 100644 +index 79761f6d2..e9435c693 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -87,6 +87,12 @@ @@ -252,7 +254,7 @@ index c40a6cca8..3ff86d7ff 100644 #include diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c -index c9574c6e1..8301a33d0 100644 +index 301e3476d..19f2cc230 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname) @@ -287,10 +289,10 @@ index c9574c6e1..8301a33d0 100644 com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok); goto cleanup; diff --git a/src/kdc/main.c b/src/kdc/main.c -index 408c723f5..663fd6303 100644 +index fdcd694d7..1ede4bf2f 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c -@@ -858,7 +858,7 @@ write_pid_file(const char *path) +@@ -872,7 +872,7 @@ write_pid_file(const char *path) FILE *file; unsigned long pid; @@ -300,10 +302,10 @@ index 408c723f5..663fd6303 100644 return errno; pid = (unsigned long) getpid(); diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c -index 68323dd0f..4cc035dc6 100644 +index 5622d56e1..356e3e0e6 100644 --- a/src/kprop/kpropd.c +++ b/src/kprop/kpropd.c -@@ -488,6 +488,9 @@ doit(int fd) +@@ -487,6 +487,9 @@ doit(int fd) krb5_enctype etype; int database_fd; char host[INET6_ADDRSTRLEN + 1]; @@ -313,7 +315,7 @@ index 68323dd0f..4cc035dc6 100644 signal_wrapper(SIGALRM, alarm_handler); alarm(params.iprop_resync_timeout); -@@ -543,9 +546,15 @@ doit(int fd) +@@ -542,9 +545,15 @@ doit(int fd) free(name); exit(1); } @@ -365,7 +367,7 @@ index 2659a2501..e9b95fce5 100644 retval = errno; goto cleanup; diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c -index bba64e516..73f0fe62d 100644 +index 7b100a0ec..5683a0433 100644 --- a/src/lib/krb5/ccache/cc_dir.c +++ b/src/lib/krb5/ccache/cc_dir.c @@ -183,10 +183,19 @@ write_primary_file(const char *primary_path, const char *contents) @@ -415,10 +417,10 @@ index bba64e516..73f0fe62d 100644 _("Credential cache directory %s does not exist"), dirname); diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c -index 89cb68680..21c80d419 100644 +index 021c94398..aaf573439 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c -@@ -1024,14 +1024,14 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) +@@ -735,14 +735,14 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) KTCHECKLOCK(id); errno = 0; @@ -436,7 +438,7 @@ index 89cb68680..21c80d419 100644 goto report_errno; writevno = 1; diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c -index 4fff8f38c..40a9e7b10 100644 +index 7073459f0..e9b99f4ca 100644 --- a/src/lib/krb5/os/trace.c +++ b/src/lib/krb5/os/trace.c @@ -458,7 +458,7 @@ krb5_set_trace_filename(krb5_context context, const char *filename) @@ -448,38 +450,6 @@ index 4fff8f38c..40a9e7b10 100644 if (*fd == -1) { free(fd); return errno; -diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c -index 1e0cb22c9..f5e93b1ab 100644 ---- a/src/lib/krb5/rcache/rc_dfl.c -+++ b/src/lib/krb5/rcache/rc_dfl.c -@@ -793,6 +793,9 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id) - krb5_error_code retval = 0; - krb5_rcache tmp; - krb5_deltat lifespan = t->lifespan; /* save original lifespan */ -+#ifdef USE_SELINUX -+ void *selabel; -+#endif - - if (! t->recovering) { - name = t->name; -@@ -814,7 +817,17 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id) - retval = krb5_rc_resolve(context, tmp, 0); - if (retval) - goto cleanup; -+#ifdef USE_SELINUX -+ if (t->d.fn != NULL) -+ selabel = krb5int_push_fscreatecon_for(t->d.fn); -+ else -+ selabel = NULL; -+#endif - retval = krb5_rc_initialize(context, tmp, lifespan); -+#ifdef USE_SELINUX -+ if (selabel != NULL) -+ krb5int_pop_fscreatecon(selabel); -+#endif - if (retval) - goto cleanup; - for (q = t->a; q; q = q->na) { diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c index 7db30a33b..2b9d01921 100644 --- a/src/plugins/kdb/db2/adb_openclose.c @@ -573,10 +543,10 @@ index d8b26e701..b0daa7c02 100644 if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) { diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c -index 1ed72afe9..ce038fc3d 100644 +index b92cb58c7..0a95101ad 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c -@@ -194,7 +194,7 @@ kdb5_ldap_stash_service_password(int argc, char **argv) +@@ -190,7 +190,7 @@ kdb5_ldap_stash_service_password(int argc, char **argv) /* set password in the file */ old_mode = umask(0177); @@ -585,7 +555,7 @@ index 1ed72afe9..ce038fc3d 100644 if (pfile == NULL) { com_err(me, errno, _("Failed to open file %s: %s"), file_name, strerror (errno)); -@@ -235,6 +235,9 @@ kdb5_ldap_stash_service_password(int argc, char **argv) +@@ -231,6 +231,9 @@ kdb5_ldap_stash_service_password(int argc, char **argv) * Delete the existing entry and add the new entry */ FILE *newfile; @@ -595,7 +565,7 @@ index 1ed72afe9..ce038fc3d 100644 mode_t omask; -@@ -246,7 +249,13 @@ kdb5_ldap_stash_service_password(int argc, char **argv) +@@ -242,7 +245,13 @@ kdb5_ldap_stash_service_password(int argc, char **argv) } omask = umask(077); @@ -610,7 +580,7 @@ index 1ed72afe9..ce038fc3d 100644 if (newfile == NULL) { com_err(me, errno, _("Error creating file %s"), tmp_file); diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c -index 24e41fb80..0dcb6b543 100644 +index aa951df05..79f9500f6 100644 --- a/src/util/profile/prof_file.c +++ b/src/util/profile/prof_file.c @@ -33,6 +33,7 @@ @@ -631,10 +601,10 @@ index 24e41fb80..0dcb6b543 100644 retval = errno; if (retval == 0) diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in -index db7b030b8..321672bcb 100644 +index 86d5a950a..1052d53a1 100644 --- a/src/util/support/Makefile.in +++ b/src/util/support/Makefile.in -@@ -69,6 +69,7 @@ IPC_SYMS= \ +@@ -74,6 +74,7 @@ IPC_SYMS= \ STLIBOBJS= \ threads.o \ @@ -642,7 +612,7 @@ index db7b030b8..321672bcb 100644 init-addrinfo.o \ plugins.o \ errors.o \ -@@ -160,7 +161,7 @@ SRCS=\ +@@ -168,7 +169,7 @@ SRCS=\ SHLIB_EXPDEPS = # Add -lm if dumping thread stats, for sqrt. diff --git a/SOURCES/krb5-1.9-debuginfo.patch b/SOURCES/downstream-fix-debuginfo-with-y.tab.c.patch similarity index 86% rename from SOURCES/krb5-1.9-debuginfo.patch rename to SOURCES/downstream-fix-debuginfo-with-y.tab.c.patch index 21971ff..fc1c8a4 100644 --- a/SOURCES/krb5-1.9-debuginfo.patch +++ b/SOURCES/downstream-fix-debuginfo-with-y.tab.c.patch @@ -1,11 +1,14 @@ -From 56954a72afe83cce5168bc139139d7f74c3685d6 Mon Sep 17 00:00:00 2001 +From 7f382fc40e082416e90f1e80c9fd0c91afa5baf7 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:49:25 -0400 -Subject: [PATCH] krb5-1.9-debuginfo.patch +Subject: [PATCH] [downstream] fix debuginfo with y.tab.c We want to keep these y.tab.c files around because the debuginfo points to them. It would be more elegant at the end to use symbolic links, but that could mess up people working in the tree on other things. + +Last-updated: krb5-1.9 +(cherry picked from commit f4002f246332695d8ea12ec803139fcac18fbba2) --- src/kadmin/cli/Makefile.in | 5 +++++ src/plugins/kdb/ldap/ldap_util/Makefile.in | 2 +- diff --git a/SOURCES/krb5-1.12.1-pam.patch b/SOURCES/downstream-ksu-pam-integration.patch similarity index 95% rename from SOURCES/krb5-1.12.1-pam.patch rename to SOURCES/downstream-ksu-pam-integration.patch index c5b5e78..d21ed37 100644 --- a/SOURCES/krb5-1.12.1-pam.patch +++ b/SOURCES/downstream-ksu-pam-integration.patch @@ -1,7 +1,7 @@ -From 02a10f4b9a8decc8d10f3e045282a0ae7ed1c00d Mon Sep 17 00:00:00 2001 +From 664bdd73b620f00d42e36e3888805fe0f035c8ee Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:29:58 -0400 -Subject: [PATCH] krb5-1.12.1-pam.patch +Subject: [PATCH] [downstream] ksu pam integration Modify ksu so that it performs account and session management on behalf of the target user account, mimicking the action of regular su. The default @@ -16,25 +16,29 @@ When enabled, ksu gains a dependency on libpam. Originally RT#5939, though it's changed since then to perform the account and session management before dropping privileges, and to apply on top of changes we're proposing for how it handles cache collections. + +Last-updated: krb5-1.18-beta1 +(cherry picked from commit a7322a84657752c886c317a6994a9fc7a4a70ca5) --- - src/aclocal.m4 | 67 +++++++ + src/aclocal.m4 | 69 +++++++ src/clients/ksu/Makefile.in | 8 +- src/clients/ksu/main.c | 88 +++++++- src/clients/ksu/pam.c | 389 ++++++++++++++++++++++++++++++++++++ src/clients/ksu/pam.h | 57 ++++++ - src/configure.in | 2 + - 6 files changed, 608 insertions(+), 3 deletions(-) + src/configure.ac | 2 + + 6 files changed, 610 insertions(+), 3 deletions(-) create mode 100644 src/clients/ksu/pam.c create mode 100644 src/clients/ksu/pam.h diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index 3752d9bd5..340546d80 100644 +index 2394f7e33..830203683 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 -@@ -1697,3 +1697,70 @@ AC_DEFUN(KRB5_AC_PERSISTENT_KEYRING,[ - ])) +@@ -1675,3 +1675,72 @@ if test "$with_ldap" = yes; then + OPENLDAP_PLUGIN=yes + fi ])dnl - dnl ++dnl +dnl +dnl Use PAM instead of local crypt() compare for checking local passwords, +dnl and perform PAM account, session management, and password-changing where @@ -102,12 +106,13 @@ index 3752d9bd5..340546d80 100644 +AC_SUBST(PAM_MAN) +AC_SUBST(NON_PAM_MAN) +])dnl ++ diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in -index b2fcbf240..5755bb58a 100644 +index 8b4edce4d..9d58f29b5 100644 --- a/src/clients/ksu/Makefile.in +++ b/src/clients/ksu/Makefile.in @@ -3,12 +3,14 @@ BUILDTOP=$(REL)..$(S).. - DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' + DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"' KSU_LIBS=@KSU_LIBS@ +PAM_LIBS=@PAM_LIBS@ @@ -141,7 +146,7 @@ index b2fcbf240..5755bb58a 100644 clean: $(RM) ksu diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c -index d9596d948..ec06788bc 100644 +index 57c349200..508242e0e 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -26,6 +26,7 @@ @@ -171,7 +176,7 @@ index d9596d948..ec06788bc 100644 /***********/ #define KS_TEMPORARY_CACHE "MEMORY:_ksu" -@@ -528,6 +534,23 @@ main (argc, argv) +@@ -536,6 +542,23 @@ main (argc, argv) prog_name,target_user,client_name, source_user,ontty()); @@ -195,7 +200,7 @@ index d9596d948..ec06788bc 100644 /* Run authorization as target.*/ if (krb5_seteuid(target_uid)) { com_err(prog_name, errno, _("while switching to target for " -@@ -588,6 +611,24 @@ main (argc, argv) +@@ -596,6 +619,24 @@ main (argc, argv) exit(1); } @@ -220,7 +225,7 @@ index d9596d948..ec06788bc 100644 } if( some_rest_copy){ -@@ -645,6 +686,30 @@ main (argc, argv) +@@ -653,6 +694,30 @@ main (argc, argv) exit(1); } @@ -251,7 +256,7 @@ index d9596d948..ec06788bc 100644 /* set permissions */ if (setgid(target_pwd->pw_gid) < 0) { perror("ksu: setgid"); -@@ -742,7 +807,7 @@ main (argc, argv) +@@ -750,7 +815,7 @@ main (argc, argv) fprintf(stderr, "program to be execed %s\n",params[0]); } @@ -260,7 +265,7 @@ index d9596d948..ec06788bc 100644 execv(params[0], params); com_err(prog_name, errno, _("while trying to execv %s"), params[0]); sweep_up(ksu_context, cc_target); -@@ -772,16 +837,35 @@ main (argc, argv) +@@ -780,16 +845,35 @@ main (argc, argv) if (ret_pid == -1) { com_err(prog_name, errno, _("while calling waitpid")); } @@ -755,11 +760,11 @@ index 000000000..0ab76569c +int appl_pam_cred_init(void); +void appl_pam_cleanup(void); +#endif -diff --git a/src/configure.in b/src/configure.in -index 61ef738dc..e9a12ac16 100644 ---- a/src/configure.in -+++ b/src/configure.in -@@ -1352,6 +1352,8 @@ AC_SUBST([VERTO_VERSION]) +diff --git a/src/configure.ac b/src/configure.ac +index 234f4281c..d1f576124 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -1390,6 +1390,8 @@ AC_SUBST([VERTO_VERSION]) AC_PATH_PROG(GROFF, groff) diff --git a/SOURCES/krb5-1.3.1-dns.patch b/SOURCES/downstream-netlib-and-dns.patch similarity index 60% rename from SOURCES/krb5-1.3.1-dns.patch rename to SOURCES/downstream-netlib-and-dns.patch index 819bf9f..b966083 100644 --- a/SOURCES/krb5-1.3.1-dns.patch +++ b/SOURCES/downstream-netlib-and-dns.patch @@ -1,18 +1,21 @@ -From 19f0dc268c127fb51c4bb8c106104eee67119cca Mon Sep 17 00:00:00 2001 +From 0a164c9c53a6f8ce20cfe5c6ef94ae5a2c2e9e28 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 23 Aug 2016 16:46:21 -0400 -Subject: [PATCH] krb5-1.3.1-dns.patch +Subject: [PATCH] [downstream] netlib and dns We want to be able to use --with-netlib and --enable-dns at the same time. + +Last-updated: krb5-1.3.1 +(cherry picked from commit 355dd481511af4d517ee540854f95a6fb12116a9) --- src/aclocal.m4 | 1 + 1 file changed, 1 insertion(+) diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index a7afec09e..db18226ed 100644 +index 6796fec53..c4358988a 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 -@@ -726,6 +726,7 @@ AC_HELP_STRING([--with-netlib=LIBS], use user defined resolver library), +@@ -724,6 +724,7 @@ AC_HELP_STRING([--with-netlib=LIBS], use user defined resolver library), LIBS="$LIBS $withval" AC_MSG_RESULT("netlib will use \'$withval\'") fi diff --git a/SOURCES/kdc.conf b/SOURCES/kdc.conf index b2e5e9b..f21c761 100644 --- a/SOURCES/kdc.conf +++ b/SOURCES/kdc.conf @@ -9,5 +9,5 @@ EXAMPLE.COM = { acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab - supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal + supported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal } diff --git a/SOURCES/krb5-1.11-kpasswdtest.patch b/SOURCES/krb5-1.11-kpasswdtest.patch deleted file mode 100644 index 7da7384..0000000 --- a/SOURCES/krb5-1.11-kpasswdtest.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 174fddfa0c7d0d5c0f12d1531bc791865b630596 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:52:01 -0400 -Subject: [PATCH] krb5-1.11-kpasswdtest.patch - ---- - src/kadmin/testing/proto/krb5.conf.proto | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto -index 00c442978..9c4bc1de7 100644 ---- a/src/kadmin/testing/proto/krb5.conf.proto -+++ b/src/kadmin/testing/proto/krb5.conf.proto -@@ -9,6 +9,7 @@ - __REALM__ = { - kdc = __KDCHOST__:1750 - admin_server = __KDCHOST__:1751 -+ kpasswd_server = __KDCHOST__:1752 - database_module = foobar_db2_module_blah - } - diff --git a/SOURCES/krb5-1.11-run_user_0.patch b/SOURCES/krb5-1.11-run_user_0.patch deleted file mode 100644 index 7a38d43..0000000 --- a/SOURCES/krb5-1.11-run_user_0.patch +++ /dev/null @@ -1,44 +0,0 @@ -From f19ee759c49fac6477ef77eb4a0be41118add1f5 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:49:57 -0400 -Subject: [PATCH] krb5-1.11-run_user_0.patch - -A hack: if we're looking at creating a ccache directory directly below -the /run/user/0 directory, and /run/user/0 doesn't exist, try to create -it, too. ---- - src/lib/krb5/ccache/cc_dir.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c -index 73f0fe62d..4850c0d07 100644 ---- a/src/lib/krb5/ccache/cc_dir.c -+++ b/src/lib/krb5/ccache/cc_dir.c -@@ -61,6 +61,8 @@ - - #include - -+#define ROOT_SPECIAL_DCC_PARENT "/run/user/0" -+ - extern const krb5_cc_ops krb5_dcc_ops; - extern const krb5_cc_ops krb5_fcc_ops; - -@@ -237,6 +239,18 @@ verify_dir(krb5_context context, const char *dirname) - - if (stat(dirname, &st) < 0) { - if (errno == ENOENT) { -+ if (strncmp(dirname, ROOT_SPECIAL_DCC_PARENT "/", -+ sizeof(ROOT_SPECIAL_DCC_PARENT)) == 0 && -+ stat(ROOT_SPECIAL_DCC_PARENT, &st) < 0 && -+ errno == ENOENT) { -+#ifdef USE_SELINUX -+ selabel = krb5int_push_fscreatecon_for(ROOT_SPECIAL_DCC_PARENT); -+#endif -+ status = mkdir(ROOT_SPECIAL_DCC_PARENT, S_IRWXU); -+#ifdef USE_SELINUX -+ krb5int_pop_fscreatecon(selabel); -+#endif -+ } - #ifdef USE_SELINUX - selabel = krb5int_push_fscreatecon_for(dirname); - #endif diff --git a/SOURCES/krb5-1.12-api.patch b/SOURCES/krb5-1.12-api.patch deleted file mode 100644 index 4e42414..0000000 --- a/SOURCES/krb5-1.12-api.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3bac1a71756c634fe6b8cb3858ee9df87b1a660d Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:47:00 -0400 -Subject: [PATCH] krb5-1.12-api.patch - -Reference docs don't define what happens if you call krb5_realm_compare() with -malformed krb5_principal structures. Define a behavior which keeps it from -crashing if applications don't check ahead of time. ---- - src/lib/krb5/krb/princ_comp.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c -index a6936107d..0ed78833b 100644 ---- a/src/lib/krb5/krb/princ_comp.c -+++ b/src/lib/krb5/krb/princ_comp.c -@@ -36,6 +36,10 @@ realm_compare_flags(krb5_context context, - const krb5_data *realm1 = &princ1->realm; - const krb5_data *realm2 = &princ2->realm; - -+ if (princ1 == NULL || princ2 == NULL) -+ return FALSE; -+ if (realm1 == NULL || realm2 == NULL) -+ return FALSE; - if (realm1->length != realm2->length) - return FALSE; - if (realm1->length == 0) -@@ -88,6 +92,9 @@ krb5_principal_compare_flags(krb5_context context, - krb5_principal upn2 = NULL; - krb5_boolean ret = FALSE; - -+ if (princ1 == NULL || princ2 == NULL) -+ return FALSE; -+ - if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) { - /* Treat UPNs as if they were real principals */ - if (princ1->type == KRB5_NT_ENTERPRISE_PRINCIPAL) { diff --git a/SOURCES/krb5-1.12-ksu-path.patch b/SOURCES/krb5-1.12-ksu-path.patch deleted file mode 100644 index 25b805a..0000000 --- a/SOURCES/krb5-1.12-ksu-path.patch +++ /dev/null @@ -1,22 +0,0 @@ -From ef8aa0a18c2bd2f960942380202a5fa992e2c7b3 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:32:09 -0400 -Subject: [PATCH] krb5-1.12-ksu-path.patch - -Set the default PATH to the one set by login. ---- - src/clients/ksu/Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in -index 5755bb58a..9d58f29b5 100644 ---- a/src/clients/ksu/Makefile.in -+++ b/src/clients/ksu/Makefile.in -@@ -1,6 +1,6 @@ - mydir=clients$(S)ksu - BUILDTOP=$(REL)..$(S).. --DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' -+DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"' - - KSU_LIBS=@KSU_LIBS@ - PAM_LIBS=@PAM_LIBS@ diff --git a/SOURCES/krb5-1.12-ktany.patch b/SOURCES/krb5-1.12-ktany.patch deleted file mode 100644 index 26d36df..0000000 --- a/SOURCES/krb5-1.12-ktany.patch +++ /dev/null @@ -1,366 +0,0 @@ -From 2ca8d242b1cac8abdb35bf0068e5d78300e07c3c Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:33:53 -0400 -Subject: [PATCH] krb5-1.12-ktany.patch - -Adds an "ANY" keytab type which is a list of other keytab locations to search -when searching for a specific entry. When iterated through, it only presents -the contents of the first keytab. ---- - src/lib/krb5/keytab/Makefile.in | 3 + - src/lib/krb5/keytab/kt_any.c | 292 ++++++++++++++++++++++++++++++++ - src/lib/krb5/keytab/ktbase.c | 7 +- - 3 files changed, 301 insertions(+), 1 deletion(-) - create mode 100644 src/lib/krb5/keytab/kt_any.c - -diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in -index 2a8fceb00..ffd179fb2 100644 ---- a/src/lib/krb5/keytab/Makefile.in -+++ b/src/lib/krb5/keytab/Makefile.in -@@ -12,6 +12,7 @@ STLIBOBJS= \ - ktfr_entry.o \ - ktremove.o \ - ktfns.o \ -+ kt_any.o \ - kt_file.o \ - kt_memory.o \ - kt_srvtab.o \ -@@ -24,6 +25,7 @@ OBJS= \ - $(OUTPRE)ktfr_entry.$(OBJEXT) \ - $(OUTPRE)ktremove.$(OBJEXT) \ - $(OUTPRE)ktfns.$(OBJEXT) \ -+ $(OUTPRE)kt_any.$(OBJEXT) \ - $(OUTPRE)kt_file.$(OBJEXT) \ - $(OUTPRE)kt_memory.$(OBJEXT) \ - $(OUTPRE)kt_srvtab.$(OBJEXT) \ -@@ -36,6 +38,7 @@ SRCS= \ - $(srcdir)/ktfr_entry.c \ - $(srcdir)/ktremove.c \ - $(srcdir)/ktfns.c \ -+ $(srcdir)/kt_any.c \ - $(srcdir)/kt_file.c \ - $(srcdir)/kt_memory.c \ - $(srcdir)/kt_srvtab.c \ -diff --git a/src/lib/krb5/keytab/kt_any.c b/src/lib/krb5/keytab/kt_any.c -new file mode 100644 -index 000000000..1b9b7765b ---- /dev/null -+++ b/src/lib/krb5/keytab/kt_any.c -@@ -0,0 +1,292 @@ -+/* -+ * lib/krb5/keytab/kt_any.c -+ * -+ * Copyright 1998, 1999 by the Massachusetts Institute of Technology. -+ * All Rights Reserved. -+ * -+ * Export of this software from the United States of America may -+ * require a specific license from the United States Government. -+ * It is the responsibility of any person or organization contemplating -+ * export to obtain such a license before exporting. -+ * -+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -+ * distribute this software and its documentation for any purpose and -+ * without fee is hereby granted, provided that the above copyright -+ * notice appear in all copies and that both that copyright notice and -+ * this permission notice appear in supporting documentation, and that -+ * the name of M.I.T. not be used in advertising or publicity pertaining -+ * to distribution of the software without specific, written prior -+ * permission. M.I.T. makes no representations about the suitability of -+ * this software for any purpose. It is provided "as is" without express -+ * or implied warranty. -+ * -+ * -+ * krb5_kta_ops -+ */ -+ -+#include "k5-int.h" -+ -+typedef struct _krb5_ktany_data { -+ char *name; -+ krb5_keytab *choices; -+ int nchoices; -+} krb5_ktany_data; -+ -+typedef struct _krb5_ktany_cursor_data { -+ int which; -+ krb5_kt_cursor cursor; -+} krb5_ktany_cursor_data; -+ -+static krb5_error_code krb5_ktany_resolve -+ (krb5_context, -+ const char *, -+ krb5_keytab *); -+static krb5_error_code krb5_ktany_get_name -+ (krb5_context context, -+ krb5_keytab id, -+ char *name, -+ unsigned int len); -+static krb5_error_code krb5_ktany_close -+ (krb5_context context, -+ krb5_keytab id); -+static krb5_error_code krb5_ktany_get_entry -+ (krb5_context context, -+ krb5_keytab id, -+ krb5_const_principal principal, -+ krb5_kvno kvno, -+ krb5_enctype enctype, -+ krb5_keytab_entry *entry); -+static krb5_error_code krb5_ktany_start_seq_get -+ (krb5_context context, -+ krb5_keytab id, -+ krb5_kt_cursor *cursorp); -+static krb5_error_code krb5_ktany_next_entry -+ (krb5_context context, -+ krb5_keytab id, -+ krb5_keytab_entry *entry, -+ krb5_kt_cursor *cursor); -+static krb5_error_code krb5_ktany_end_seq_get -+ (krb5_context context, -+ krb5_keytab id, -+ krb5_kt_cursor *cursor); -+static void cleanup -+ (krb5_context context, -+ krb5_ktany_data *data, -+ int nchoices); -+ -+struct _krb5_kt_ops krb5_kta_ops = { -+ 0, -+ "ANY", /* Prefix -- this string should not appear anywhere else! */ -+ krb5_ktany_resolve, -+ krb5_ktany_get_name, -+ krb5_ktany_close, -+ krb5_ktany_get_entry, -+ krb5_ktany_start_seq_get, -+ krb5_ktany_next_entry, -+ krb5_ktany_end_seq_get, -+ NULL, -+ NULL, -+ NULL, -+}; -+ -+static krb5_error_code -+krb5_ktany_resolve(context, name, id) -+ krb5_context context; -+ const char *name; -+ krb5_keytab *id; -+{ -+ const char *p, *q; -+ char *copy; -+ krb5_error_code kerror; -+ krb5_ktany_data *data; -+ int i; -+ -+ /* Allocate space for our data and remember a copy of the name. */ -+ if ((data = (krb5_ktany_data *)malloc(sizeof(krb5_ktany_data))) == NULL) -+ return(ENOMEM); -+ if ((data->name = (char *)malloc(strlen(name) + 1)) == NULL) { -+ free(data); -+ return(ENOMEM); -+ } -+ strcpy(data->name, name); -+ -+ /* Count the number of choices and allocate memory for them. */ -+ data->nchoices = 1; -+ for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1) -+ data->nchoices++; -+ if ((data->choices = (krb5_keytab *) -+ malloc(data->nchoices * sizeof(krb5_keytab))) == NULL) { -+ free(data->name); -+ free(data); -+ return(ENOMEM); -+ } -+ -+ /* Resolve each of the choices. */ -+ i = 0; -+ for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1) { -+ /* Make a copy of the choice name so we can terminate it. */ -+ if ((copy = (char *)malloc(q - p + 1)) == NULL) { -+ cleanup(context, data, i); -+ return(ENOMEM); -+ } -+ memcpy(copy, p, q - p); -+ copy[q - p] = 0; -+ -+ /* Try resolving the choice name. */ -+ kerror = krb5_kt_resolve(context, copy, &data->choices[i]); -+ free(copy); -+ if (kerror) { -+ cleanup(context, data, i); -+ return(kerror); -+ } -+ i++; -+ } -+ if ((kerror = krb5_kt_resolve(context, p, &data->choices[i]))) { -+ cleanup(context, data, i); -+ return(kerror); -+ } -+ -+ /* Allocate and fill in an ID for the caller. */ -+ if ((*id = (krb5_keytab)malloc(sizeof(**id))) == NULL) { -+ cleanup(context, data, i); -+ return(ENOMEM); -+ } -+ (*id)->ops = &krb5_kta_ops; -+ (*id)->data = (krb5_pointer)data; -+ (*id)->magic = KV5M_KEYTAB; -+ -+ return(0); -+} -+ -+static krb5_error_code -+krb5_ktany_get_name(context, id, name, len) -+ krb5_context context; -+ krb5_keytab id; -+ char *name; -+ unsigned int len; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ -+ if (len < strlen(data->name) + 1) -+ return(KRB5_KT_NAME_TOOLONG); -+ strcpy(name, data->name); -+ return(0); -+} -+ -+static krb5_error_code -+krb5_ktany_close(context, id) -+ krb5_context context; -+ krb5_keytab id; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ -+ cleanup(context, data, data->nchoices); -+ id->ops = 0; -+ free(id); -+ return(0); -+} -+ -+static krb5_error_code -+krb5_ktany_get_entry(context, id, principal, kvno, enctype, entry) -+ krb5_context context; -+ krb5_keytab id; -+ krb5_const_principal principal; -+ krb5_kvno kvno; -+ krb5_enctype enctype; -+ krb5_keytab_entry *entry; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ krb5_error_code kerror = KRB5_KT_NOTFOUND; -+ int i; -+ -+ for (i = 0; i < data->nchoices; i++) { -+ if ((kerror = krb5_kt_get_entry(context, data->choices[i], principal, -+ kvno, enctype, entry)) != ENOENT) -+ return kerror; -+ } -+ return kerror; -+} -+ -+static krb5_error_code -+krb5_ktany_start_seq_get(context, id, cursorp) -+ krb5_context context; -+ krb5_keytab id; -+ krb5_kt_cursor *cursorp; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ krb5_ktany_cursor_data *cdata; -+ krb5_error_code kerror = ENOENT; -+ int i; -+ -+ if ((cdata = (krb5_ktany_cursor_data *) -+ malloc(sizeof(krb5_ktany_cursor_data))) == NULL) -+ return(ENOMEM); -+ -+ /* Find a choice which can handle the serialization request. */ -+ for (i = 0; i < data->nchoices; i++) { -+ if ((kerror = krb5_kt_start_seq_get(context, data->choices[i], -+ &cdata->cursor)) == 0) -+ break; -+ else if (kerror != ENOENT) { -+ free(cdata); -+ return(kerror); -+ } -+ } -+ -+ if (i == data->nchoices) { -+ /* Everyone returned ENOENT, so no go. */ -+ free(cdata); -+ return(kerror); -+ } -+ -+ cdata->which = i; -+ *cursorp = (krb5_kt_cursor)cdata; -+ return(0); -+} -+ -+static krb5_error_code -+krb5_ktany_next_entry(context, id, entry, cursor) -+ krb5_context context; -+ krb5_keytab id; -+ krb5_keytab_entry *entry; -+ krb5_kt_cursor *cursor; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor; -+ krb5_keytab choice_id; -+ -+ choice_id = data->choices[cdata->which]; -+ return(krb5_kt_next_entry(context, choice_id, entry, &cdata->cursor)); -+} -+ -+static krb5_error_code -+krb5_ktany_end_seq_get(context, id, cursor) -+ krb5_context context; -+ krb5_keytab id; -+ krb5_kt_cursor *cursor; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor; -+ krb5_keytab choice_id; -+ krb5_error_code kerror; -+ -+ choice_id = data->choices[cdata->which]; -+ kerror = krb5_kt_end_seq_get(context, choice_id, &cdata->cursor); -+ free(cdata); -+ return(kerror); -+} -+ -+static void -+cleanup(context, data, nchoices) -+ krb5_context context; -+ krb5_ktany_data *data; -+ int nchoices; -+{ -+ int i; -+ -+ free(data->name); -+ for (i = 0; i < nchoices; i++) -+ krb5_kt_close(context, data->choices[i]); -+ free(data->choices); -+ free(data); -+} -diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c -index 0d39b2940..6534d7c52 100644 ---- a/src/lib/krb5/keytab/ktbase.c -+++ b/src/lib/krb5/keytab/ktbase.c -@@ -57,14 +57,19 @@ extern const krb5_kt_ops krb5_ktf_ops; - extern const krb5_kt_ops krb5_ktf_writable_ops; - extern const krb5_kt_ops krb5_kts_ops; - extern const krb5_kt_ops krb5_mkt_ops; -+extern const krb5_kt_ops krb5_kta_ops; - - struct krb5_kt_typelist { - const krb5_kt_ops *ops; - const struct krb5_kt_typelist *next; - }; -+static struct krb5_kt_typelist krb5_kt_typelist_any = { -+ &krb5_kta_ops, -+ NULL -+}; - const static struct krb5_kt_typelist krb5_kt_typelist_srvtab = { - &krb5_kts_ops, -- NULL -+ &krb5_kt_typelist_any - }; - const static struct krb5_kt_typelist krb5_kt_typelist_memory = { - &krb5_mkt_ops, diff --git a/SOURCES/krb5-1.13-dirsrv-accountlock.patch b/SOURCES/krb5-1.13-dirsrv-accountlock.patch deleted file mode 100644 index db48910..0000000 --- a/SOURCES/krb5-1.13-dirsrv-accountlock.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 1dc051d5964aba0b8cd3d01f063ffc28253456de Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:47:44 -0400 -Subject: [PATCH] krb5-1.13-dirsrv-accountlock.patch - -Treat 'nsAccountLock: true' the same as 'loginDisabled: true'. Updated from -original version filed as RT#5891. ---- - src/aclocal.m4 | 9 +++++++++ - src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 17 +++++++++++++++++ - .../kdb/ldap/libkdb_ldap/ldap_principal.c | 3 +++ - 3 files changed, 29 insertions(+) - -diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index db18226ed..518b1a547 100644 ---- a/src/aclocal.m4 -+++ b/src/aclocal.m4 -@@ -1678,6 +1678,15 @@ if test "$with_ldap" = yes; then - AC_MSG_NOTICE(enabling OpenLDAP database backend module support) - OPENLDAP_PLUGIN=yes - fi -+AC_ARG_WITH([dirsrv-account-locking], -+[ --with-dirsrv-account-locking compile 389/Red Hat/Fedora/Netscape Directory Server database backend module], -+[case "$withval" in -+ yes | no) ;; -+ *) AC_MSG_ERROR(Invalid option value --with-dirsrv-account-locking="$withval") ;; -+esac], with_dirsrv_account_locking=no) -+if test $with_dirsrv_account_locking = yes; then -+ AC_DEFINE(HAVE_DIRSRV_ACCOUNT_LOCKING,1,[Define if LDAP KDB interface should heed 389 DS's nsAccountLock attribute.]) -+fi - ])dnl - dnl - dnl If libkeyutils exists (on Linux) include it and use keyring ccache -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -index 5b9d1e9fa..4e7270065 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -@@ -1652,6 +1652,23 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context, - ret = krb5_dbe_update_tl_data(context, entry, &userinfo_tl_data); - if (ret) - goto cleanup; -+#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING -+ { -+ krb5_timestamp expiretime=0; -+ char *is_login_disabled=NULL; -+ -+ /* LOGIN DISABLED */ -+ ret = krb5_ldap_get_string(ld, ent, "nsAccountLock", &is_login_disabled, -+ &attr_present); -+ if (ret) -+ goto cleanup; -+ if (attr_present == TRUE) { -+ if (strcasecmp(is_login_disabled, "TRUE")== 0) -+ entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX; -+ free (is_login_disabled); -+ } -+ } -+#endif - - ret = krb5_read_tkt_policy(context, ldap_context, entry, tktpolname); - if (ret) -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c -index d722dbfa6..5e8e9a897 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c -@@ -54,6 +54,9 @@ char *principal_attributes[] = { "krbprincipalname", - "krbLastFailedAuth", - "krbLoginFailedCount", - "krbLastSuccessfulAuth", -+#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING -+ "nsAccountLock", -+#endif - "krbLastPwdChange", - "krbLastAdminUnlock", - "krbPrincipalAuthInd", diff --git a/SOURCES/krb5-1.17.tar.gz.asc b/SOURCES/krb5-1.17.tar.gz.asc deleted file mode 100644 index 90f7148..0000000 --- a/SOURCES/krb5-1.17.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJcNMxOAAoJEAy6CFdfg3LfjAwP/2/oQe+4Bs/XwZTwNfakTbBl -YHSY8MNAHIKsLh6Bn+SJBQQXSE0fEsm0hYH+JWz85+mzlZk7TbNZUI+zeikhLxi6 -+d8MMQBpk2mQN0dkIeWjTdfkcThGCDSL7l0fh3MuEfN5C7QPAPD1JL1ZeqXPH5AV -PSQRC9s2wiOTwwuHM2i27rZ7gdhL/xfJ3ZPUFJH4klRgszwp9j10I/nh4/XyS/wB -82umjfusFPa9VNSPzm1jm94oRmALkR3CHGvmku2XD3YOv/f5yO8C1cHWNNLxg+5h -EqVv05ddb6iLku4fRhkEjfN3VgCtEvXuMkuAXppkDJJ7wWxMBWgCIr1DS/x7LfbL -CI0ZTejn8HCUBNmRWsKkUuebgHJ7ccch8p/Fp0cV4eT1FL35N2oV51u7+/zK6R8y -1dygUF2VWFOqwm8cyczdFue7dFQVDGCw7R2eK5lXY3NpZVmJblQ/gNLMcbOxGBis -H2dOzSn+CnxlD/2LqOZnhQ1WnGBhOMxoINwX/MQsIvkwAFaM1EsdhPIP/6mSVA/g -p04+YQ2u2ag7Pq3zHsMIonC18w4ZqDPcvXvOXqCHtlQBDAMtb927XvjoTNj5W8Ei -jywxqdWuuqalmrKGPEsKVOJZN6xg7UTgaKzcvQTvW7D3gLbrTT2iM++VKB3vh9V9 -SkULnR3c7fKMzFeLb/Q2 -=4hZX ------END PGP SIGNATURE----- diff --git a/SOURCES/krb5-1.17post2-DES-3DES-fixups.patch b/SOURCES/krb5-1.17post2-DES-3DES-fixups.patch deleted file mode 100644 index 0fcb76c..0000000 --- a/SOURCES/krb5-1.17post2-DES-3DES-fixups.patch +++ /dev/null @@ -1,103 +0,0 @@ -From fe66536c1b7aec67233739df97cbe0301ee6475e Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 19 Nov 2019 15:03:19 -0500 -Subject: [PATCH] krb5-1.17post2 DES/3DES fixups - -Kept separate from the other patch because rawhide doesn't have DES. - -post2 adds krb5kdf workarounds. ---- - src/lib/crypto/krb/derive.c | 6 +++++- - src/lib/crypto/openssl/enc_provider/des.c | 9 +++++++++ - src/lib/crypto/openssl/enc_provider/des3.c | 6 ++++++ - 3 files changed, 20 insertions(+), 1 deletion(-) - -diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c -index 915a173dd..ebdab69bc 100644 ---- a/src/lib/crypto/krb/derive.c -+++ b/src/lib/crypto/krb/derive.c -@@ -348,6 +348,7 @@ cleanup: - zapfree(prf.data, blocksize); - return ret; - } -+#endif /* OSSL_KDFS */ - - static krb5_error_code - builtin_derive_random_rfc3961(const struct krb5_enc_provider *enc, -@@ -400,7 +401,6 @@ cleanup: - zapfree(block.data, blocksize); - return ret; - } --#endif /* OSSL_KDFS */ - - krb5_error_code - k5_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, -@@ -432,6 +432,10 @@ k5_derive_random_rfc3961(const struct krb5_enc_provider *enc, - krb5_key inkey, krb5_data *outrnd, - const krb5_data *in_constant) - { -+ /* DES (single and triple). They'll be gone very soon. */ -+ if (enc->keylength == 8 || enc->keylength == 24) -+ return builtin_derive_random_rfc3961(enc, inkey, outrnd, in_constant); -+ - #ifdef OSSL_KDFS - return openssl_krb5kdf(enc, inkey, outrnd, in_constant); - #else -diff --git a/src/lib/crypto/openssl/enc_provider/des.c b/src/lib/crypto/openssl/enc_provider/des.c -index a662db512..7d17d287e 100644 ---- a/src/lib/crypto/openssl/enc_provider/des.c -+++ b/src/lib/crypto/openssl/enc_provider/des.c -@@ -85,6 +85,9 @@ k5_des_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx; - krb5_boolean empty; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0 || empty) - return ret; -@@ -133,6 +136,9 @@ k5_des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx; - krb5_boolean empty; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0 || empty) - return ret; -@@ -182,6 +188,9 @@ k5_des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data, - DES_key_schedule sched; - krb5_boolean empty; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0) - return ret; -diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c -index 1c439c2cd..8be555a8d 100644 ---- a/src/lib/crypto/openssl/enc_provider/des3.c -+++ b/src/lib/crypto/openssl/enc_provider/des3.c -@@ -84,6 +84,9 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx; - krb5_boolean empty; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0 || empty) - return ret; -@@ -133,6 +136,9 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx; - krb5_boolean empty; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0 || empty) - return ret; diff --git a/SOURCES/krb5-1.18.2.tar.gz.asc b/SOURCES/krb5-1.18.2.tar.gz.asc new file mode 100644 index 0000000..aea279d --- /dev/null +++ b/SOURCES/krb5-1.18.2.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAl7H9FAACgkQDLoIV1+D +ct+rjxAAqLlDjeExNw1sJyyjaAKzo7vGzK0tFVouMglmmGcyluVwsqu9B2uHw3UC +TIm4bn1rgGtUB5oKWmbeD+hiuoAghLDa6gSrmDDkJfFR+o/K/vE7BGZewrrp7QJ5 +jJnEhjuY9O+ZFM/ZNEwHa4/RNG1ga5uJUrfdlNkTUMFje5d1TXvx/ozuSk4bAUTF +nqHuJsyRAuhKcqTOZ9nr5a54me97CbWj7Be6sA7LQVaFDPyWcJCQsBHjFyextTOF +3ewsF7330B3oO8yE9/f+nxFq/x9ot6CctMXZqLzhbvdzcO2GwmwbvXy73ibhvjVU +w9n/zQ1xDjRO0z1wfM54Vq1upQW78+YXA33fEX6od0WBzdiR/o7hfU3arg/WraUy +pVcD9V7jvYhGPpqYwEdRhs4qROhAh/yvebZ+MVe/1Pd8kA4tTXtR+VmVkp21X3cq ++19eTz7actQemfdsUvfcL8guub0Mea/l+1l3cEHl20FOEeZ8RjpPMisYS9IrJ52O +3lro26vYFSWS4+U9j4gwdjuQwLS3xHuPZFwS7aykKGsIQ1r8l5Yb0xorDXXKKLjm +z4DNPaZbxxfcGhDWKTlDudrXEIAGTOD4FC1SJBV3hbqUsv4EH+EJnf92rmVMJ5z/ +AmeUKsL02Abl3BjhwaLWmhIwoXIUhcI/5xNsoI6ePCAT2HLyJlE= +=fGT7 +-----END PGP SIGNATURE----- diff --git a/SOURCES/Use-backported-version-of-OpenSSL-3-KDF-interface.patch b/SOURCES/rhel-Use-backported-version-of-OpenSSL-3-KDF-interfa.patch similarity index 97% rename from SOURCES/Use-backported-version-of-OpenSSL-3-KDF-interface.patch rename to SOURCES/rhel-Use-backported-version-of-OpenSSL-3-KDF-interfa.patch index b8d3916..cbbfd2d 100644 --- a/SOURCES/Use-backported-version-of-OpenSSL-3-KDF-interface.patch +++ b/SOURCES/rhel-Use-backported-version-of-OpenSSL-3-KDF-interfa.patch @@ -1,20 +1,20 @@ -From 5e147f7f2924edfd278940dea8b1d8ed09d6872c Mon Sep 17 00:00:00 2001 +From 396ce77f48f758efa090aadd00cd7208e7e97491 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 15 Nov 2019 20:05:16 +0000 -Subject: [PATCH] Use backported version of OpenSSL-3 KDF interface +Subject: [PATCH] [rhel] Use backported version of OpenSSL-3 KDF interface (cherry picked from commit 0e20daf7ccfe50518c89735c3dae2fde08d92325) --- - src/configure.in | 4 + + src/configure.ac | 4 + src/lib/crypto/krb/derive.c | 356 +++++++++++++----- .../preauth/pkinit/pkinit_crypto_openssl.c | 257 ++++++++----- 3 files changed, 428 insertions(+), 189 deletions(-) -diff --git a/src/configure.in b/src/configure.in -index 9f6b67b44..cf4b1139a 100644 ---- a/src/configure.in -+++ b/src/configure.in -@@ -269,6 +269,10 @@ AC_SUBST(CRYPTO_IMPL) +diff --git a/src/configure.ac b/src/configure.ac +index d4e4da525..29be532cb 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -282,6 +282,10 @@ AC_SUBST(CRYPTO_IMPL) AC_SUBST(CRYPTO_IMPL_CFLAGS) AC_SUBST(CRYPTO_IMPL_LIBS) @@ -440,7 +440,7 @@ index 6707a7308..915a173dd 100644 return k5_sp800_108_counter_hmac(hash, inkey, outrnd, in_constant, &empty); diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -index 5ff81d8cf..8d2c230c8 100644 +index 52976895b..dd718c2be 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -38,6 +38,13 @@ @@ -457,7 +457,7 @@ index 5ff81d8cf..8d2c230c8 100644 static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context ); static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ); -@@ -2460,11 +2467,51 @@ pkinit_alg_values(krb5_context context, +@@ -2331,11 +2338,51 @@ pkinit_alg_values(krb5_context context, } } /* pkinit_alg_values() */ @@ -513,7 +513,7 @@ index 5ff81d8cf..8d2c230c8 100644 * * 1. reps = keydatalen (K) / hash length (H) * -@@ -2478,95 +2525,16 @@ pkinit_alg_values(krb5_context context, +@@ -2349,95 +2396,16 @@ pkinit_alg_values(krb5_context context, * * 4. Set key = Hash1 || Hash2 || ... so that length of key is K bytes. */ @@ -614,7 +614,7 @@ index 5ff81d8cf..8d2c230c8 100644 /* 2. Initialize a 32-bit, big-endian bit string counter as 1. * 3. For i = 1 to reps by 1, do the following: -@@ -2600,8 +2568,9 @@ pkinit_alg_agility_kdf(krb5_context context, +@@ -2471,8 +2439,9 @@ pkinit_alg_agility_kdf(krb5_context context, goto cleanup; } @@ -626,7 +626,7 @@ index 5ff81d8cf..8d2c230c8 100644 krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL, "Call to OpenSSL EVP_DigestUpdate() returned an error."); retval = KRB5_CRYPTO_INTERNAL; -@@ -2613,26 +2582,110 @@ pkinit_alg_agility_kdf(krb5_context context, +@@ -2484,26 +2453,110 @@ pkinit_alg_agility_kdf(krb5_context context, EVP_MD_CTX_free(ctx); ctx = NULL; } diff --git a/SPECS/krb5.spec b/SPECS/krb5.spec index b285a4b..5b9949a 100644 --- a/SPECS/krb5.spec +++ b/SPECS/krb5.spec @@ -12,13 +12,13 @@ %global prerelease %{nil} # Should be in form 5.0, 6.1, etc. -%global kdbversion 7.0 +%global kdbversion 8.0 Summary: The Kerberos network authentication system Name: krb5 -Version: 1.17 +Version: 1.18.2 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 18%{?dist} +Release: 5%{?dist} # lookaside-cached sources; two downloads and a build artifact Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz @@ -46,37 +46,33 @@ Source33: krb5kdc.logrotate Source34: kadmind.logrotate Source39: krb5-krb5kdc.conf -Patch26: krb5-1.12.1-pam.patch -Patch27: krb5-1.17-beta1-selinux-label.patch -Patch28: krb5-1.12-ksu-path.patch -Patch29: krb5-1.12-ktany.patch -Patch30: krb5-1.15-beta1-buildconf.patch -Patch31: krb5-1.3.1-dns.patch -Patch32: krb5-1.12-api.patch -Patch33: krb5-1.13-dirsrv-accountlock.patch -Patch34: krb5-1.9-debuginfo.patch -Patch35: krb5-1.11-run_user_0.patch -Patch36: krb5-1.11-kpasswdtest.patch -Patch88: Add-tests-for-KCM-ccache-type.patch -Patch89: Properly-size-ifdef-in-k5_cccol_lock.patch -Patch90: Fix-memory-leak-in-none-replay-cache-type.patch -Patch91: Address-some-optimized-out-memset-calls.patch -Patch95: In-rd_req_dec-always-log-non-permitted-enctypes.patch -Patch96: In-kpropd-debug-log-proper-ticket-enctype-names.patch -Patch97: Make-etype-names-in-KDC-logs-human-readable.patch -Patch98: Mark-deprecated-enctypes-when-used.patch -Patch99: Add-function-and-enctype-flag-for-deprecations.patch -Patch100: Fix-argument-order-on-strlcpy-in-enctype_name.patch -Patch101: Fix-KCM-client-time-offset-propagation.patch -Patch102: Add-soft-pkcs11-source-code.patch -Patch103: Use-imported-soft-pkcs11-for-tests.patch -Patch104: Fix-Coverity-defects-in-soft-pkcs11-test-code.patch -Patch105: Fix-memory-leaks-in-soft-pkcs11-code.patch -Patch106: Avoid-alignment-warnings-in-openssl-rc4.c.patch -Patch107: Use-backported-version-of-OpenSSL-3-KDF-interface.patch -Patch108: krb5-1.17post6-FIPS-with-PRNG-and-RADIUS-and-MD4.patch -Patch109: krb5-1.17post2-DES-3DES-fixups.patch -Patch110: Put-KDB-authdata-first.patch +Patch1: downstream-ksu-pam-integration.patch +Patch2: downstream-SELinux-integration.patch +Patch3: downstream-Adjust-build-configuration.patch +Patch4: downstream-netlib-and-dns.patch +Patch5: downstream-fix-debuginfo-with-y.tab.c.patch +Patch6: downstream-Remove-3des-support.patch +Patch7: rhel-Use-backported-version-of-OpenSSL-3-KDF-interfa.patch +Patch108: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +Patch110: Allow-certauth-modules-to-set-hw-authent-flag.patch +Patch112: Refresh-manually-acquired-creds-from-client-keytab.patch +Patch114: Add-finalization-safety-check-to-com_err.patch +Patch115: Eliminate-redundant-PKINIT-responder-invocation.patch +Patch116: Correctly-import-service-GSS-host-based-name.patch +Patch117: Do-expiration-warnings-for-all-init_creds-APIs.patch +Patch118: Pass-gss_localname-through-SPNEGO.patch +Patch119: Omit-KDC-indicator-check-for-S4U2Self-requests.patch +Patch120: Fix-typo-in-in-in-the-ksu-man-page.patch +Patch121: Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch +Patch122: Improve-negoex_parse_token-code-hygiene.patch +Patch123: Refactor-krb5-GSS-checksum-handling.patch +Patch124: Implement-GSS_C_CHANNEL_BOUND_FLAG.patch +Patch125: Implement-KERB_AP_OPTIONS_CBT-server-side.patch +Patch126: Add-client_aware_channel_bindings-option.patch +Patch127: Pass-channel-bindings-through-SPNEGO.patch +Patch128: Add-channel-bindings-tests.patch +Patch129: Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch +Patch130: Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -262,9 +258,6 @@ interface is not considered stable. %autosetup -S git -n %{name}-%{version}%{prerelease} -a 3 ln NOTICE LICENSE -# Take the execute bit off of documentation. -chmod -x doc/ccapi/*.html - # Generate an FDS-compatible LDIF file. inldif=src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif cat > '60kerberos.ldif' << EOF @@ -690,6 +683,46 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Tue Aug 04 2020 Robbie Harwood - 1.18.2-5 +- Fix leak in KERB_AP_OPTIONS_CBT server support +- Resolves: #1860831 + +* Tue Jul 28 2020 Robbie Harwood - 1.18.2-4 +- Ignore bad enctypes in krb5_string_to_keysalts() +- Resolves: #1858322 + +* Mon Jun 15 2020 Robbie Harwood - 1.18.2-3 +- Match Heimdal behavior for channel bindings +- Code hygiene + test stability fix included +- Resolves: #1840518 + +* Wed May 27 2020 Robbie Harwood - 1.18.2-2 +- Drop DES3 from sample kdc.conf +- Resolves: #1802334 + +* Fri May 22 2020 Robbie Harwood - 1.18.2-1 +- New upstream release (1.18.2) +- Resolves: #1802334 + +* Fri May 08 2020 Robbie Harwood - 1.18.1-3 +- Omit KDC indicator check for S4U2Self requests +- Resolves: #1802334 + +* Tue Apr 28 2020 Robbie Harwood - 1.18.1-2 +- Pass gss_localname() through SPNEGO +- Resolves: #1802334 + +* Tue Apr 14 2020 Robbie Harwood - 1.18.1-1 +- New upstream version (1.18.1) +- Resolves: #1802334 + +* Tue Apr 07 2020 Robbie Harwood - 1.18-1 +- New upstream version (1.18) +- Resolves: #1802334 +- Resolves: #1820311 +- Resolves: #1791062 +- Resolves: #1784655 + * Wed Feb 19 2020 Robbie Harwood - 1.17-18 - Put KDB authdata first - Resolves: #1800575