diff --git a/.gitignore b/.gitignore index f9809d6..045d4b9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/krb5-1.17-pdfs.tar -SOURCES/krb5-1.17.tar.gz +SOURCES/krb5-1.18.2-pdfs.tar +SOURCES/krb5-1.18.2.tar.gz diff --git a/.krb5.metadata b/.krb5.metadata index 5858b94..d1787a9 100644 --- a/.krb5.metadata +++ b/.krb5.metadata @@ -1,2 +1,2 @@ -494c62bea08e5d26e01d47c409ac745b65e509c8 SOURCES/krb5-1.17-pdfs.tar -0c404b081db9c996c581f636ce450ee28778f338 SOURCES/krb5-1.17.tar.gz +db930a6653503c36027a4f65d761f8838c7636ae SOURCES/krb5-1.18.2-pdfs.tar +547c4e4afa06dd39c888a9ee89397ec3c3425c90 SOURCES/krb5-1.18.2.tar.gz diff --git a/SOURCES/Add-channel-bindings-tests.patch b/SOURCES/Add-channel-bindings-tests.patch new file mode 100644 index 0000000..92c803d --- /dev/null +++ b/SOURCES/Add-channel-bindings-tests.patch @@ -0,0 +1,420 @@ +From 6af3fd382e99a9724413929af7eee7c86326ffd9 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris +Date: Fri, 20 Mar 2020 00:17:28 +0100 +Subject: [PATCH] Add channel bindings tests + +[ghudson@mit.edu: adjusted test program to output channel-bound state +instead of optionally enforcing it; adjusted tests to check program +output; split out tests into separate Python script; made cosmetic +changes] + +ticket: 8900 +(cherry picked from commit b0b21b6d25b06f3e2b365dfe9dd4c99b3d43bf57) +[rharwood@redhat.com: .gitignore] +(cherry picked from commit 3e92520c1417f22447751cd9172d5ab30c2e0ad8) +--- + src/plugins/gssapi/negoextest/main.c | 18 +++++ + src/tests/gssapi/Makefile.in | 49 ++++++------ + src/tests/gssapi/common.c | 25 ++++-- + src/tests/gssapi/common.h | 9 +++ + src/tests/gssapi/deps | 4 + + src/tests/gssapi/t_bindings.c | 111 +++++++++++++++++++++++++++ + src/tests/gssapi/t_bindings.py | 43 +++++++++++ + src/tests/gssapi/t_negoex.py | 7 ++ + 8 files changed, 237 insertions(+), 29 deletions(-) + create mode 100644 src/tests/gssapi/t_bindings.c + create mode 100644 src/tests/gssapi/t_bindings.py + +diff --git a/src/plugins/gssapi/negoextest/main.c b/src/plugins/gssapi/negoextest/main.c +index 6c340f41b..72fc5273a 100644 +--- a/src/plugins/gssapi/negoextest/main.c ++++ b/src/plugins/gssapi/negoextest/main.c +@@ -57,6 +57,15 @@ gss_init_sec_context(OM_uint32 *minor_status, + const char *envstr; + uint8_t hops, mech_last_octet; + ++ envstr = getenv("GSS_INIT_BINDING"); ++ if (envstr != NULL) { ++ assert(strlen(envstr) > 0); ++ assert(input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS); ++ assert(strlen(envstr) == input_chan_bindings->application_data.length); ++ assert(strcmp((char *)input_chan_bindings->application_data.value, ++ envstr) == 0); ++ } ++ + if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) { + envstr = getenv("HOPS"); + hops = (envstr != NULL) ? atoi(envstr) : 1; +@@ -112,6 +121,15 @@ gss_accept_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, + uint8_t hops, mech_last_octet; + const char *envstr; + ++ envstr = getenv("GSS_ACCEPT_BINDING"); ++ if (envstr != NULL) { ++ assert(strlen(envstr) > 0); ++ assert(input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS); ++ assert(strlen(envstr) == input_chan_bindings->application_data.length); ++ assert(strcmp((char *)input_chan_bindings->application_data.value, ++ envstr) == 0); ++ } ++ + /* + * The unwrapped token sits at the end and is just one byte giving the + * remaining number of hops. The final octet of the mech encoding should +diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in +index 5cc1e0f58..68c132b79 100644 +--- a/src/tests/gssapi/Makefile.in ++++ b/src/tests/gssapi/Makefile.in +@@ -9,33 +9,33 @@ LOCALINCLUDES = -I$(srcdir)/../../lib/gssapi/mechglue \ + -I../../lib/gssapi/generic + + SRCS= $(srcdir)/ccinit.c $(srcdir)/ccrefresh.c $(srcdir)/common.c \ +- $(srcdir)/t_accname.c $(srcdir)/t_add_cred.c $(srcdir)/t_ccselect.c \ +- $(srcdir)/t_ciflags.c $(srcdir)/t_context.c $(srcdir)/t_credstore.c \ +- $(srcdir)/t_enctypes.c $(srcdir)/t_err.c $(srcdir)/t_export_cred.c \ +- $(srcdir)/t_export_name.c $(srcdir)/t_gssexts.c \ +- $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c $(srcdir)/t_invalid.c \ +- $(srcdir)/t_inq_cred.c $(srcdir)/t_inq_ctx.c \ ++ $(srcdir)/t_accname.c $(srcdir)/t_add_cred.c $(srcdir)/t_bindings.c \ ++ $(srcdir)/t_ccselect.c $(srcdir)/t_ciflags.c $(srcdir)/t_context.c \ ++ $(srcdir)/t_credstore.c $(srcdir)/t_enctypes.c $(srcdir)/t_err.c \ ++ $(srcdir)/t_export_cred.c $(srcdir)/t_export_name.c \ ++ $(srcdir)/t_gssexts.c $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c \ ++ $(srcdir)/t_invalid.c $(srcdir)/t_inq_cred.c $(srcdir)/t_inq_ctx.c \ + $(srcdir)/t_inq_mechs_name.c $(srcdir)/t_iov.c \ + $(srcdir)/t_lifetime.c $(srcdir)/t_namingexts.c $(srcdir)/t_oid.c \ + $(srcdir)/t_pcontok.c $(srcdir)/t_prf.c $(srcdir)/t_s4u.c \ + $(srcdir)/t_s4u2proxy_krb5.c $(srcdir)/t_saslname.c \ + $(srcdir)/t_spnego.c $(srcdir)/t_srcattrs.c + +-OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_add_cred.o t_ccselect.o \ +- t_ciflags.o t_context.o t_credstore.o t_enctypes.o t_err.o \ +- t_export_cred.o t_export_name.o t_gssexts.o t_imp_cred.o t_imp_name.o \ +- t_invalid.o t_inq_cred.o t_inq_ctx.o t_inq_mechs_name.o t_iov.o \ +- t_lifetime.o t_namingexts.o t_oid.o t_pcontok.o t_prf.o t_s4u.o \ +- t_s4u2proxy_krb5.o t_saslname.o t_spnego.o t_srcattrs.o ++OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_add_cred.o t_bindings.o \ ++ t_ccselect.o t_ciflags.o t_context.o t_credstore.o t_enctypes.o \ ++ t_err.o t_export_cred.o t_export_name.o t_gssexts.o t_imp_cred.o \ ++ t_imp_name.o t_invalid.o t_inq_cred.o t_inq_ctx.o t_inq_mechs_name.o \ ++ t_iov.o t_lifetime.o t_namingexts.o t_oid.o t_pcontok.o t_prf.o \ ++ t_s4u.o t_s4u2proxy_krb5.o t_saslname.o t_spnego.o t_srcattrs.o + + COMMON_DEPS= common.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS) + COMMON_LIBS= common.o $(GSS_LIBS) $(KRB5_BASE_LIBS) + +-all: ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags t_context \ +- t_credstore t_enctypes t_err t_export_cred t_export_name t_gssexts \ +- t_imp_cred t_imp_name t_invalid t_inq_cred t_inq_ctx t_inq_mechs_name \ +- t_iov t_lifetime t_namingexts t_oid t_pcontok t_prf t_s4u \ +- t_s4u2proxy_krb5 t_saslname t_spnego t_srcattrs ++all: ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect t_ciflags \ ++ t_context t_credstore t_enctypes t_err t_export_cred t_export_name \ ++ t_gssexts t_imp_cred t_imp_name t_invalid t_inq_cred t_inq_ctx \ ++ t_inq_mechs_name t_iov t_lifetime t_namingexts t_oid t_pcontok t_prf \ ++ t_s4u t_s4u2proxy_krb5 t_saslname t_spnego t_srcattrs + + check-unix: t_oid + $(RUN_TEST) ./t_invalid +@@ -43,11 +43,12 @@ check-unix: t_oid + $(RUN_TEST) ./t_prf + $(RUN_TEST) ./t_imp_name + +-check-pytests: ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags \ +- t_context t_credstore t_enctypes t_err t_export_cred t_export_name \ +- t_imp_cred t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime \ +- t_pcontok t_s4u t_s4u2proxy_krb5 t_spnego t_srcattrs ++check-pytests: ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect \ ++ t_ciflags t_context t_credstore t_enctypes t_err t_export_cred \ ++ t_export_name t_imp_cred t_inq_cred t_inq_ctx t_inq_mechs_name t_iov \ ++ t_lifetime t_pcontok t_s4u t_s4u2proxy_krb5 t_spnego t_srcattrs + $(RUNPYTEST) $(srcdir)/t_gssapi.py $(PYTESTFLAGS) ++ $(RUNPYTEST) $(srcdir)/t_bindings.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_ccselect.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_client_keytab.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_enctypes.py $(PYTESTFLAGS) +@@ -64,6 +65,8 @@ t_accname: t_accname.o $(COMMON_DEPS) + $(CC_LINK) -o $@ t_accname.o $(COMMON_LIBS) + t_add_cred: t_add_cred.o $(COMMON_DEPS) + $(CC_LINK) -o $@ t_add_cred.o $(COMMON_LIBS) ++t_bindings: t_bindings.o $(COMMON_DEPS) ++ $(CC_LINK) -o $@ t_bindings.o $(COMMON_LIBS) + t_ccselect: t_ccselect.o $(COMMON_DEPS) + $(CC_LINK) -o $@ t_ccselect.o $(COMMON_LIBS) + t_ciflags: t_ciflags.o $(COMMON_DEPS) +@@ -118,8 +121,8 @@ t_srcattrs: t_srcattrs.o $(COMMON_DEPS) + $(CC_LINK) -o $@ t_srcattrs.o $(COMMON_LIBS) + + clean: +- $(RM) ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags +- $(RM) t_context t_credstore t_enctypes t_err t_export_cred ++ $(RM) ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect ++ $(RM) t_ciflags t_context t_credstore t_enctypes t_err t_export_cred + $(RM) t_export_name t_gssexts t_imp_cred t_imp_name t_invalid + $(RM) t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime + $(RM) t_namingexts t_oid t_pcontok t_prf t_s4u t_s4u2proxy_krb5 +diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c +index 83e9d9bb8..7ba72f7b2 100644 +--- a/src/tests/gssapi/common.c ++++ b/src/tests/gssapi/common.c +@@ -115,6 +115,20 @@ establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, + gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx, + gss_ctx_id_t *actx, gss_name_t *src_name, gss_OID *amech, + gss_cred_id_t *deleg_cred) ++{ ++ return establish_contexts_ex(imech, icred, acred, tname, flags, ictx, actx, ++ GSS_C_NO_CHANNEL_BINDINGS, ++ GSS_C_NO_CHANNEL_BINDINGS, NULL, src_name, ++ amech, deleg_cred); ++} ++ ++void ++establish_contexts_ex(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, ++ gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx, ++ gss_ctx_id_t *actx, gss_channel_bindings_t icb, ++ gss_channel_bindings_t acb, OM_uint32 *aret_flags, ++ gss_name_t *src_name, gss_OID *amech, ++ gss_cred_id_t *deleg_cred) + { + OM_uint32 minor, imaj, amaj; + gss_buffer_desc itok, atok; +@@ -126,17 +140,16 @@ establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, + for (;;) { + (void)gss_release_buffer(&minor, &itok); + imaj = gss_init_sec_context(&minor, icred, ictx, tname, imech, flags, +- GSS_C_INDEFINITE, +- GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL, +- &itok, NULL, NULL); ++ GSS_C_INDEFINITE, icb, &atok, NULL, &itok, ++ NULL, NULL); + check_gsserr("gss_init_sec_context", imaj, minor); + if (amaj == GSS_S_COMPLETE) + break; + + (void)gss_release_buffer(&minor, &atok); +- amaj = gss_accept_sec_context(&minor, actx, acred, &itok, +- GSS_C_NO_CHANNEL_BINDINGS, src_name, +- amech, &atok, NULL, NULL, deleg_cred); ++ amaj = gss_accept_sec_context(&minor, actx, acred, &itok, acb, ++ src_name, amech, &atok, aret_flags, NULL, ++ deleg_cred); + check_gsserr("gss_accept_sec_context", amaj, minor); + (void)gss_release_buffer(&minor, &itok); + if (imaj == GSS_S_COMPLETE) +diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h +index ae11b51d4..a5c8f87e6 100644 +--- a/src/tests/gssapi/common.h ++++ b/src/tests/gssapi/common.h +@@ -62,6 +62,15 @@ void establish_contexts(gss_OID imech, gss_cred_id_t icred, + gss_name_t *src_name, gss_OID *amech, + gss_cred_id_t *deleg_cred); + ++/* Establish contexts with channel bindings. */ ++void establish_contexts_ex(gss_OID imech, gss_cred_id_t icred, ++ gss_cred_id_t acred, gss_name_t tname, ++ OM_uint32 flags, gss_ctx_id_t *ictx, ++ gss_ctx_id_t *actx, gss_channel_bindings_t icb, ++ gss_channel_bindings_t acb, OM_uint32 *aret_flags, ++ gss_name_t *src_name, gss_OID *amech, ++ gss_cred_id_t *deleg_cred); ++ + /* Export *cred to a token, then release *cred and replace it by re-importing + * the token. */ + void export_import_cred(gss_cred_id_t *cred); +diff --git a/src/tests/gssapi/deps b/src/tests/gssapi/deps +index acd0e96f8..73e4d9a74 100644 +--- a/src/tests/gssapi/deps ++++ b/src/tests/gssapi/deps +@@ -33,6 +33,10 @@ $(OUTPRE)t_add_cred.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ + common.h t_add_cred.c ++$(OUTPRE)t_bindings.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ ++ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ ++ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ ++ common.h t_bindings.c + $(OUTPRE)t_ccselect.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ +diff --git a/src/tests/gssapi/t_bindings.c b/src/tests/gssapi/t_bindings.c +new file mode 100644 +index 000000000..e8906715b +--- /dev/null ++++ b/src/tests/gssapi/t_bindings.c +@@ -0,0 +1,111 @@ ++/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ ++/* ++ * Copyright (C) 2020 by Red Hat, Inc. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ++ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include ++#include ++#include ++ ++#include "common.h" ++ ++/* ++ * Establish contexts (without and with GSS_C_DCE_STYLE) with the default ++ * initiator name, a specified principal name as target name, initiator ++ * bindings, and acceptor bindings. If any call is unsuccessful, display an ++ * error message. Output "yes" or "no" to indicate whether the contexts were ++ * reported as channel-bound on the acceptor. Exit with status 0 if all ++ * operations are successful, or 1 if not. ++ * ++ * Usage: ./t_bindings [-s] targetname icb acb ++ * ++ * An icb or abc value of "-" will not specify channel bindings. ++ */ ++ ++int ++main(int argc, char *argv[]) ++{ ++ OM_uint32 minor, flags1, flags2; ++ gss_name_t target_name; ++ gss_ctx_id_t ictx, actx; ++ struct gss_channel_bindings_struct icb_data = {0}, acb_data = {0}; ++ gss_channel_bindings_t icb = GSS_C_NO_CHANNEL_BINDINGS; ++ gss_channel_bindings_t acb = GSS_C_NO_CHANNEL_BINDINGS; ++ gss_OID_desc *mech; ++ ++ argv++; ++ argc--; ++ if (*argv != NULL && strcmp(*argv, "-s") == 0) { ++ mech = &mech_spnego; ++ argv++; ++ argc--; ++ } else { ++ mech = &mech_krb5; ++ } ++ ++ if (argc != 3) { ++ fprintf(stderr, "Usage: t_bindings [-s] targetname icb acb\n"); ++ return 1; ++ } ++ ++ target_name = import_name(argv[0]); ++ ++ if (strcmp(argv[1], "-") != 0) { ++ icb_data.application_data.length = strlen(argv[1]); ++ icb_data.application_data.value = argv[1]; ++ icb = &icb_data; ++ } ++ ++ if (strcmp(argv[2], "-") != 0) { ++ acb_data.application_data.length = strlen(argv[2]); ++ acb_data.application_data.value = argv[2]; ++ acb = &acb_data; ++ } ++ ++ establish_contexts_ex(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, ++ target_name, 0, &ictx, &actx, icb, acb, &flags1, ++ NULL, NULL, NULL); ++ ++ /* Try again with GSS_C_DCE_STYLE */ ++ (void)gss_delete_sec_context(&minor, &ictx, NULL); ++ (void)gss_delete_sec_context(&minor, &actx, NULL); ++ ++ establish_contexts_ex(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, ++ target_name, GSS_C_DCE_STYLE, &ictx, &actx, icb, acb, ++ &flags2, NULL, NULL, NULL); ++ assert((flags1 & GSS_C_CHANNEL_BOUND_FLAG) == ++ (flags2 & GSS_C_CHANNEL_BOUND_FLAG)); ++ printf("%s\n", (flags1 & GSS_C_CHANNEL_BOUND_FLAG) ? "yes" : "no"); ++ ++ (void)gss_delete_sec_context(&minor, &ictx, NULL); ++ (void)gss_delete_sec_context(&minor, &actx, NULL); ++ (void)gss_release_name(&minor, &target_name); ++ ++ return 0; ++} +diff --git a/src/tests/gssapi/t_bindings.py b/src/tests/gssapi/t_bindings.py +new file mode 100644 +index 000000000..f377977b6 +--- /dev/null ++++ b/src/tests/gssapi/t_bindings.py +@@ -0,0 +1,43 @@ ++from k5test import * ++ ++realm = K5Realm() ++server = 'p:' + realm.host_princ ++ ++mark('krb5 channel bindings') ++realm.run(['./t_bindings', server, '-', '-'], expected_msg='no') ++realm.run(['./t_bindings', server, 'a', '-'], expected_msg='no') ++realm.run(['./t_bindings', server, 'a', 'a'], expected_msg='yes') ++realm.run(['./t_bindings', server, '-', 'a'], expected_msg='no') ++realm.run(['./t_bindings', server, 'a', 'x'], ++ expected_code=1, expected_msg='Incorrect channel bindings') ++ ++mark('SPNEGO channel bindings') ++realm.run(['./t_bindings', '-s', server, '-', '-'], expected_msg='no') ++realm.run(['./t_bindings', '-s', server, 'a', '-'], expected_msg='no') ++realm.run(['./t_bindings', '-s', server, 'a', 'a'], expected_msg='yes') ++realm.run(['./t_bindings', '-s', server, '-', 'a'], expected_msg='no') ++realm.run(['./t_bindings', '-s', server, 'a', 'x'], ++ expected_code=1, expected_msg='Incorrect channel bindings') ++ ++client_aware_conf = {'libdefaults': {'client_aware_channel_bindings': 'true'}} ++e = realm.special_env('cb_aware', False, krb5_conf=client_aware_conf) ++ ++mark('krb5 client_aware_channel_bindings') ++realm.run(['./t_bindings', server, '-', '-'], env=e, expected_msg='no') ++realm.run(['./t_bindings', server, 'a', '-'], env=e, expected_msg='no') ++realm.run(['./t_bindings', server, 'a', 'a'], env=e, expected_msg='yes') ++realm.run(['./t_bindings', server, '-', 'a'], env=e, ++ expected_code=1, expected_msg='Incorrect channel bindings') ++realm.run(['./t_bindings', server, 'a', 'x'], env=e, ++ expected_code=1, expected_msg='Incorrect channel bindings') ++ ++mark('SPNEGO client_aware_channel_bindings') ++realm.run(['./t_bindings', '-s', server, '-', '-'], env=e, expected_msg='no') ++realm.run(['./t_bindings', '-s', server, 'a', '-'], env=e, expected_msg='no') ++realm.run(['./t_bindings', '-s', server, 'a', 'a'], env=e, expected_msg='yes') ++realm.run(['./t_bindings', '-s', server, '-', 'a'], env=e, ++ expected_code=1, expected_msg='Incorrect channel bindings') ++realm.run(['./t_bindings', '-s', server, 'a', 'x'], env=e, ++ expected_code=1, expected_msg='Incorrect channel bindings') ++ ++success('channel bindings tests') +diff --git a/src/tests/gssapi/t_negoex.py b/src/tests/gssapi/t_negoex.py +index 88470d2fa..a218899c4 100644 +--- a/src/tests/gssapi/t_negoex.py ++++ b/src/tests/gssapi/t_negoex.py +@@ -139,4 +139,11 @@ msgs = ('sending [3]AP_REQUEST', 'sending [7]CHALLENGE', 'sending [8]VERIFY', + 'sending [11]CHALLENGE', 'sending [12]VERIFY', 'sending [13]VERIFY') + test({'HOPS': '4', 'KEY': 'accept-always'}, expected_trace=()) + ++mark('channel bindings') ++e = realm.env.copy() ++e.update({'HOPS': '1', 'GSS_INIT_BINDING': 'a', 'GSS_ACCEPT_BINDING': 'b'}) ++# The test mech will verify that the bindings are communicated to the ++# mech, but does not set the channel-bound flag. ++realm.run(['./t_bindings', '-s', 'h:host', 'a', 'b'], env=e, expected_msg='no') ++ + success('NegoEx tests') diff --git a/SOURCES/Add-client_aware_channel_bindings-option.patch b/SOURCES/Add-client_aware_channel_bindings-option.patch new file mode 100644 index 0000000..b8faf33 --- /dev/null +++ b/SOURCES/Add-client_aware_channel_bindings-option.patch @@ -0,0 +1,265 @@ +From fe50c57f6428d7512868663bd226bdc9007148a9 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris +Date: Tue, 10 Mar 2020 13:13:17 +0100 +Subject: [PATCH] Add client_aware_channel_bindings option + +Add client support for KERB_AP_OPTIONS_CBT in the form of a profile +option "client_aware_gss_bindings". Adjust the make_etype_list() +helper so that enctype negotiation and AP_OPTIONS can be included in +the same IF-RELEVANT wrapper. + +[ghudson@mit.edu: refactored; edited documentation; wrote commit +message] + +ticket: 8900 +(cherry picked from commit 225e6ef7f021cd1a8ef2a054af0ca58b7288fd81) +(cherry picked from commit 2a08fe3d2d1972df4ffe37d4bb64b161889ff988) +--- + doc/admin/conf_files/krb5_conf.rst | 6 + + src/include/k5-int.h | 1 + + src/lib/krb5/krb/mk_req_ext.c | 177 +++++++++++++++-------------- + 3 files changed, 98 insertions(+), 86 deletions(-) + +diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst +index 1d2aa7f68..1d8ffc1e4 100644 +--- a/doc/admin/conf_files/krb5_conf.rst ++++ b/doc/admin/conf_files/krb5_conf.rst +@@ -383,6 +383,12 @@ The libdefaults section may contain any of the following relations: + credentials will fail if the client machine does not have a + keytab. The default value is false. + ++**client_aware_channel_bindings** ++ If this flag is true, then all application protocol authentication ++ requests will be flagged to indicate that the application supports ++ channel bindings when operating over a secure channel. The ++ default value is false. ++ + .. _realms: + + [realms] +diff --git a/src/include/k5-int.h b/src/include/k5-int.h +index 0d9af3d95..eb18a4cd6 100644 +--- a/src/include/k5-int.h ++++ b/src/include/k5-int.h +@@ -299,6 +299,7 @@ typedef unsigned char u_char; + #define KRB5_CONF_V4_INSTANCE_CONVERT "v4_instance_convert" + #define KRB5_CONF_V4_REALM "v4_realm" + #define KRB5_CONF_VERIFY_AP_REQ_NOFAIL "verify_ap_req_nofail" ++#define KRB5_CONF_CLIENT_AWARE_GSS_BINDINGS "client_aware_channel_bindings" + + /* Cache configuration variables */ + #define KRB5_CC_CONF_FAST_AVAIL "fast_avail" +diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c +index 9fc6a0e52..08504860c 100644 +--- a/src/lib/krb5/krb/mk_req_ext.c ++++ b/src/lib/krb5/krb/mk_req_ext.c +@@ -68,10 +68,9 @@ + */ + + static krb5_error_code +-make_etype_list(krb5_context context, +- krb5_enctype *desired_etypes, +- krb5_enctype tkt_enctype, +- krb5_authdata ***authdata); ++make_ap_authdata(krb5_context context, krb5_enctype *desired_enctypes, ++ krb5_enctype tkt_enctype, krb5_boolean client_aware_cb, ++ krb5_authdata ***authdata_out); + + static krb5_error_code + generate_authenticator(krb5_context, +@@ -263,7 +262,8 @@ generate_authenticator(krb5_context context, krb5_authenticator *authent, + krb5_enctype tkt_enctype) + { + krb5_error_code retval; +- krb5_authdata **ext_authdata = NULL; ++ krb5_authdata **ext_authdata = NULL, **ap_authdata, **combined; ++ int client_aware_cb; + + authent->client = client; + authent->checksum = cksum; +@@ -297,99 +297,104 @@ generate_authenticator(krb5_context context, krb5_authenticator *authent, + krb5_free_authdata(context, ext_authdata); + } + +- /* Only send EtypeList if we prefer another enctype to tkt_enctype */ +- if (desired_etypes != NULL && desired_etypes[0] != tkt_enctype) { +- TRACE_MK_REQ_ETYPES(context, desired_etypes); +- retval = make_etype_list(context, desired_etypes, tkt_enctype, +- &authent->authorization_data); ++ retval = profile_get_boolean(context->profile, KRB5_CONF_LIBDEFAULTS, ++ KRB5_CONF_CLIENT_AWARE_GSS_BINDINGS, NULL, ++ FALSE, &client_aware_cb); ++ if (retval) ++ return retval; ++ ++ /* Add etype negotiation or channel-binding awareness authdata to the ++ * front, if appropriate. */ ++ retval = make_ap_authdata(context, desired_etypes, tkt_enctype, ++ client_aware_cb, &ap_authdata); ++ if (retval) ++ return retval; ++ if (ap_authdata != NULL) { ++ retval = krb5_merge_authdata(context, ap_authdata, ++ authent->authorization_data, &combined); ++ krb5_free_authdata(context, ap_authdata); + if (retval) + return retval; ++ krb5_free_authdata(context, authent->authorization_data); ++ authent->authorization_data = combined; + } + + return(krb5_us_timeofday(context, &authent->ctime, &authent->cusec)); + } + +-/* RFC 4537 */ ++/* Set *out to a DER-encoded RFC 4537 etype list, or to NULL if no etype list ++ * should be sent. */ + static krb5_error_code +-make_etype_list(krb5_context context, +- krb5_enctype *desired_etypes, +- krb5_enctype tkt_enctype, +- krb5_authdata ***authdata) ++make_etype_list(krb5_context context, krb5_enctype *desired_enctypes, ++ krb5_enctype tkt_enctype, krb5_data **out) + { +- krb5_error_code code; +- krb5_etype_list etypes; +- krb5_data *enc_etype_list; +- krb5_data *ad_if_relevant; +- krb5_authdata *etype_adata[2], etype_adatum, **adata; +- int i; ++ krb5_etype_list etlist; ++ int count; + +- etypes.etypes = desired_etypes; ++ *out = NULL; + +- for (etypes.length = 0; +- etypes.etypes[etypes.length] != ENCTYPE_NULL; +- etypes.length++) +- { +- /* +- * RFC 4537: +- * +- * If the enctype of the ticket session key is included in the enctype +- * list sent by the client, it SHOULD be the last on the list; +- */ +- if (etypes.length && etypes.etypes[etypes.length - 1] == tkt_enctype) ++ /* Only send a list if we prefer another enctype to tkt_enctype. */ ++ if (desired_enctypes == NULL || desired_enctypes[0] == tkt_enctype) ++ return 0; ++ ++ /* Count elements of desired_etypes, stopping at tkt_enctypes if present. ++ * (Per RFC 4537, it must be the last option if it is included.) */ ++ for (count = 0; desired_enctypes[count] != ENCTYPE_NULL; count++) { ++ if (count > 0 && desired_enctypes[count - 1] == tkt_enctype) + break; + } + +- code = encode_krb5_etype_list(&etypes, &enc_etype_list); +- if (code) { +- return code; +- } +- +- etype_adatum.magic = KV5M_AUTHDATA; +- etype_adatum.ad_type = KRB5_AUTHDATA_ETYPE_NEGOTIATION; +- etype_adatum.length = enc_etype_list->length; +- etype_adatum.contents = (krb5_octet *)enc_etype_list->data; +- +- etype_adata[0] = &etype_adatum; +- etype_adata[1] = NULL; +- +- /* Wrap in AD-IF-RELEVANT container */ +- code = encode_krb5_authdata(etype_adata, &ad_if_relevant); +- if (code) { +- krb5_free_data(context, enc_etype_list); +- return code; +- } +- +- krb5_free_data(context, enc_etype_list); +- +- adata = *authdata; +- if (adata == NULL) { +- adata = (krb5_authdata **)calloc(2, sizeof(krb5_authdata *)); +- i = 0; +- } else { +- for (i = 0; adata[i] != NULL; i++) +- ; +- +- adata = (krb5_authdata **)realloc(*authdata, +- (i + 2) * sizeof(krb5_authdata *)); +- } +- if (adata == NULL) { +- krb5_free_data(context, ad_if_relevant); +- return ENOMEM; +- } +- *authdata = adata; +- +- adata[i] = (krb5_authdata *)malloc(sizeof(krb5_authdata)); +- if (adata[i] == NULL) { +- krb5_free_data(context, ad_if_relevant); +- return ENOMEM; +- } +- adata[i]->magic = KV5M_AUTHDATA; +- adata[i]->ad_type = KRB5_AUTHDATA_IF_RELEVANT; +- adata[i]->length = ad_if_relevant->length; +- adata[i]->contents = (krb5_octet *)ad_if_relevant->data; +- free(ad_if_relevant); /* contents owned by adata[i] */ +- +- adata[i + 1] = NULL; +- +- return 0; ++ etlist.etypes = desired_enctypes; ++ etlist.length = count; ++ return encode_krb5_etype_list(&etlist, out); ++} ++ ++/* Set *authdata_out to appropriate authenticator authdata for the request, ++ * encoded in a single AD_IF_RELEVANT element. */ ++static krb5_error_code ++make_ap_authdata(krb5_context context, krb5_enctype *desired_enctypes, ++ krb5_enctype tkt_enctype, krb5_boolean client_aware_cb, ++ krb5_authdata ***authdata_out) ++{ ++ krb5_error_code ret; ++ krb5_authdata etypes_ad, flags_ad, *list[3]; ++ krb5_data *der_etypes = NULL; ++ size_t count = 0; ++ uint8_t flagbuf[4]; ++ const uint32_t KERB_AP_OPTIONS_CBT = 0x4000; ++ ++ *authdata_out = NULL; ++ ++ /* Include an ETYPE_NEGOTIATION element if appropriate. */ ++ ret = make_etype_list(context, desired_enctypes, tkt_enctype, &der_etypes); ++ if (ret) ++ goto cleanup; ++ if (der_etypes != NULL) { ++ etypes_ad.magic = KV5M_AUTHDATA; ++ etypes_ad.ad_type = KRB5_AUTHDATA_ETYPE_NEGOTIATION; ++ etypes_ad.length = der_etypes->length; ++ etypes_ad.contents = (uint8_t *)der_etypes->data; ++ list[count++] = &etypes_ad; ++ } ++ ++ /* Include an AP_OPTIONS element if the CBT flag is configured. */ ++ if (client_aware_cb != 0) { ++ store_32_le(KERB_AP_OPTIONS_CBT, flagbuf); ++ flags_ad.magic = KV5M_AUTHDATA; ++ flags_ad.ad_type = KRB5_AUTHDATA_AP_OPTIONS; ++ flags_ad.length = 4; ++ flags_ad.contents = flagbuf; ++ list[count++] = &flags_ad; ++ } ++ ++ if (count > 0) { ++ list[count] = NULL; ++ ret = krb5_encode_authdata_container(context, ++ KRB5_AUTHDATA_IF_RELEVANT, ++ list, authdata_out); ++ } ++ ++cleanup: ++ krb5_free_data(context, der_etypes); ++ return ret; + } diff --git a/SOURCES/Add-finalization-safety-check-to-com_err.patch b/SOURCES/Add-finalization-safety-check-to-com_err.patch new file mode 100644 index 0000000..f7c9d54 --- /dev/null +++ b/SOURCES/Add-finalization-safety-check-to-com_err.patch @@ -0,0 +1,54 @@ +From 2ea85d8228663c9592705a13edecbd4d3c70aac1 Mon Sep 17 00:00:00 2001 +From: Jiri Sasek +Date: Fri, 13 Mar 2020 19:02:58 +0100 +Subject: [PATCH] Add finalization safety check to com_err + +If the linker erroneously runs the libkrb5 finalizer after the +libcom_err finalizer, the consequent remove_error_table() calls could +crash due to accessing a destroyed mutex or an invalid et_list +pointer. Add an unsynchronized check on finalized in +remove_error_table(), and set et_list to null in com_err_terminate() +after destroying the list. + +[ghudson@mit.edu: minimized code hanges; rewrote comment and commit +message] + +ticket: 8890 (new) +(cherry picked from commit 9d654aa05e26bbf22f140abde3436afeff2fdf8d) +(cherry picked from commit c7a37d3e87132864ebc44710baf1d50a69682b5c) +--- + src/util/et/error_message.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c +index d7069a9df..7dc02a34e 100644 +--- a/src/util/et/error_message.c ++++ b/src/util/et/error_message.c +@@ -26,7 +26,7 @@ + + static struct et_list *et_list; + static k5_mutex_t et_list_lock = K5_MUTEX_PARTIAL_INITIALIZER; +-static int terminated = 0; /* for debugging shlib fini sequence errors */ ++static int terminated = 0; /* for safety and finalization debugging */ + + MAKE_INIT_FUNCTION(com_err_initialize); + MAKE_FINI_FUNCTION(com_err_terminate); +@@ -69,6 +69,7 @@ void com_err_terminate(void) + enext = e->next; + free(e); + } ++ et_list = NULL; + k5_mutex_unlock(&et_list_lock); + k5_mutex_destroy(&et_list_lock); + terminated = 1; +@@ -280,6 +281,10 @@ remove_error_table(const struct error_table *et) + { + struct et_list **ep, *e; + ++ /* Safety check in case libraries are finalized in the wrong order. */ ++ if (terminated) ++ return ENOENT; ++ + if (CALL_INIT_FUNCTION(com_err_initialize)) + return 0; + k5_mutex_lock(&et_list_lock); diff --git a/SOURCES/Add-function-and-enctype-flag-for-deprecations.patch b/SOURCES/Add-function-and-enctype-flag-for-deprecations.patch deleted file mode 100644 index 2a094e7..0000000 --- a/SOURCES/Add-function-and-enctype-flag-for-deprecations.patch +++ /dev/null @@ -1,183 +0,0 @@ -From ba1fd0a44c74089d42af244ff2b315baf506fd2f Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 15 Jan 2019 16:16:57 -0500 -Subject: [PATCH] Add function and enctype flag for deprecations - -krb5int_c_deprecated_enctype() checks for the ETYPE_DEPRECATED flag on -enctypes. All ENCTYPE_WEAK enctypes are currently deprecated; not all -deprecated enctypes are considered weak. Deprecations follow RFC 6649 -and RFC 8429. - -(cherry picked from commit 484a6e7712f9b66e782b2520f07b0883889e116f) ---- - src/include/k5-int.h | 1 + - src/lib/crypto/krb/crypto_int.h | 9 ++++++++- - src/lib/crypto/krb/enctype_util.c | 7 +++++++ - src/lib/crypto/krb/etypes.c | 19 ++++++++++--------- - src/lib/crypto/libk5crypto.exports | 1 + - src/lib/krb5_32.def | 3 +++ - 6 files changed, 30 insertions(+), 10 deletions(-) - -diff --git a/src/include/k5-int.h b/src/include/k5-int.h -index 8f9329c59..255cee822 100644 ---- a/src/include/k5-int.h -+++ b/src/include/k5-int.h -@@ -2077,6 +2077,7 @@ krb5_get_tgs_ktypes(krb5_context, krb5_const_principal, krb5_enctype **); - krb5_boolean krb5_is_permitted_enctype(krb5_context, krb5_enctype); - - krb5_boolean KRB5_CALLCONV krb5int_c_weak_enctype(krb5_enctype); -+krb5_boolean KRB5_CALLCONV krb5int_c_deprecated_enctype(krb5_enctype); - krb5_error_code k5_enctype_to_ssf(krb5_enctype enctype, unsigned int *ssf_out); - - krb5_error_code krb5_kdc_rep_decrypt_proc(krb5_context, const krb5_keyblock *, -diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h -index e5099291e..6c1c77cac 100644 ---- a/src/lib/crypto/krb/crypto_int.h -+++ b/src/lib/crypto/krb/crypto_int.h -@@ -114,7 +114,14 @@ struct krb5_keytypes { - unsigned int ssf; - }; - --#define ETYPE_WEAK 1 -+/* -+ * "Weak" means the enctype is believed to be vulnerable to practical attacks, -+ * and will be disabled unless allow_weak_crypto is set to true. "Deprecated" -+ * means the enctype has been deprecated by the IETF, and affects display and -+ * logging. -+ */ -+#define ETYPE_WEAK (1 << 0) -+#define ETYPE_DEPRECATED (1 << 1) - - extern const struct krb5_keytypes krb5int_enctypes_list[]; - extern const int krb5int_enctypes_length; -diff --git a/src/lib/crypto/krb/enctype_util.c b/src/lib/crypto/krb/enctype_util.c -index b1b40e7ec..e394f4e19 100644 ---- a/src/lib/crypto/krb/enctype_util.c -+++ b/src/lib/crypto/krb/enctype_util.c -@@ -51,6 +51,13 @@ krb5int_c_weak_enctype(krb5_enctype etype) - return (ktp != NULL && (ktp->flags & ETYPE_WEAK) != 0); - } - -+krb5_boolean KRB5_CALLCONV -+krb5int_c_deprecated_enctype(krb5_enctype etype) -+{ -+ const struct krb5_keytypes *ktp = find_enctype(etype); -+ return ktp != NULL && (ktp->flags & ETYPE_DEPRECATED) != 0; -+} -+ - krb5_error_code KRB5_CALLCONV - krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2, - krb5_boolean *similar) -diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c -index 53d4a5c79..8f44c37e7 100644 ---- a/src/lib/crypto/krb/etypes.c -+++ b/src/lib/crypto/krb/etypes.c -@@ -33,6 +33,7 @@ - that the keytypes are all near each other. I'd rather not make - that assumption. */ - -+/* Deprecations come from RFC 6649 and RFC 8249. */ - const struct krb5_keytypes krb5int_enctypes_list[] = { - { ENCTYPE_DES_CBC_CRC, - "des-cbc-crc", { 0 }, "DES cbc mode with CRC-32", -@@ -42,7 +43,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_des_string_to_key, k5_rand2key_des, - krb5int_des_prf, - CKSUMTYPE_RSA_MD5_DES, -- ETYPE_WEAK, 56 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 56 }, - { ENCTYPE_DES_CBC_MD4, - "des-cbc-md4", { 0 }, "DES cbc mode with RSA-MD4", - &krb5int_enc_des, &krb5int_hash_md4, -@@ -51,7 +52,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_des_string_to_key, k5_rand2key_des, - krb5int_des_prf, - CKSUMTYPE_RSA_MD4_DES, -- ETYPE_WEAK, 56 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 56 }, - { ENCTYPE_DES_CBC_MD5, - "des-cbc-md5", { "des" }, "DES cbc mode with RSA-MD5", - &krb5int_enc_des, &krb5int_hash_md5, -@@ -60,7 +61,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_des_string_to_key, k5_rand2key_des, - krb5int_des_prf, - CKSUMTYPE_RSA_MD5_DES, -- ETYPE_WEAK, 56 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 56 }, - { ENCTYPE_DES_CBC_RAW, - "des-cbc-raw", { 0 }, "DES cbc mode raw", - &krb5int_enc_des, NULL, -@@ -69,7 +70,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_des_string_to_key, k5_rand2key_des, - krb5int_des_prf, - 0, -- ETYPE_WEAK, 56 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 56 }, - { ENCTYPE_DES3_CBC_RAW, - "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw", - &krb5int_enc_des3, NULL, -@@ -78,7 +79,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_dk_string_to_key, k5_rand2key_des3, - NULL, /*PRF*/ - 0, -- ETYPE_WEAK, 112 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 112 }, - - { ENCTYPE_DES3_CBC_SHA1, - "des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" }, -@@ -89,7 +90,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_dk_string_to_key, k5_rand2key_des3, - krb5int_dk_prf, - CKSUMTYPE_HMAC_SHA1_DES3, -- 0 /*flags*/, 112 }, -+ ETYPE_DEPRECATED, 112 }, - - { ENCTYPE_DES_HMAC_SHA1, - "des-hmac-sha1", { 0 }, "DES with HMAC/sha1", -@@ -99,7 +100,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_dk_string_to_key, k5_rand2key_des, - NULL, /*PRF*/ - 0, -- ETYPE_WEAK, 56 }, -+ ETYPE_WEAK | ETYPE_DEPRECATED, 56 }, - - /* rc4-hmac uses a 128-bit key, but due to weaknesses in the RC4 cipher, we - * consider its strength degraded and assign it an SSF value of 64. */ -@@ -113,7 +114,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key, - k5_rand2key_direct, krb5int_arcfour_prf, - CKSUMTYPE_HMAC_MD5_ARCFOUR, -- 0 /*flags*/, 64 }, -+ ETYPE_DEPRECATED, 64 }, - { ENCTYPE_ARCFOUR_HMAC_EXP, - "arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" }, - "Exportable ArcFour with HMAC/md5", -@@ -124,7 +125,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { - krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key, - k5_rand2key_direct, krb5int_arcfour_prf, - CKSUMTYPE_HMAC_MD5_ARCFOUR, -- ETYPE_WEAK, 40 -+ ETYPE_WEAK | ETYPE_DEPRECATED, 40 - }, - - { ENCTYPE_AES128_CTS_HMAC_SHA1_96, -diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports -index 82eb5f30c..90afdf5f7 100644 ---- a/src/lib/crypto/libk5crypto.exports -+++ b/src/lib/crypto/libk5crypto.exports -@@ -109,3 +109,4 @@ k5_allow_weak_pbkdf2iter - krb5_c_prfplus - krb5_c_derive_prfplus - k5_enctype_to_ssf -+krb5int_c_deprecated_enctype -diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def -index c35022931..e6a487593 100644 ---- a/src/lib/krb5_32.def -+++ b/src/lib/krb5_32.def -@@ -487,3 +487,6 @@ EXPORTS - encode_krb5_pa_spake @444 ; PRIVATE - decode_krb5_pa_spake @445 ; PRIVATE - k5_free_pa_spake @446 ; PRIVATE -+ -+; new in 1.18 -+ krb5int_c_deprecated_enctype @450 ; PRIVATE diff --git a/SOURCES/Add-soft-pkcs11-source-code.patch b/SOURCES/Add-soft-pkcs11-source-code.patch deleted file mode 100644 index 25488b5..0000000 --- a/SOURCES/Add-soft-pkcs11-source-code.patch +++ /dev/null @@ -1,2072 +0,0 @@ -From c4626f17ece51265eaa5446e96104b115ecbe31c Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Thu, 20 Jun 2019 10:45:18 -0400 -Subject: [PATCH] Add soft-pkcs11 source code - -soft-pkcs11 is no longer available upstream and is not generally -packaged in distributions, making it inconvenient to use for tests. -Import the 1.8 source code, detabified and with trailing whitespace -removed but otherwise unmodified. - -(cherry picked from commit a4bc3e513a58b0d1292f3506ac3b35be8c178086) -(cherry picked from commit a186597238ae40e167ce041857b5bd1f94ee2383) ---- - src/tests/softpkcs11/main.c | 2049 +++++++++++++++++++++++++++++++++++ - 1 file changed, 2049 insertions(+) - create mode 100644 src/tests/softpkcs11/main.c - -diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c -new file mode 100644 -index 000000000..2acec5169 ---- /dev/null -+++ b/src/tests/softpkcs11/main.c -@@ -0,0 +1,2049 @@ -+/* -+ * Copyright (c) 2004-2006, Stockholms universitet -+ * (Stockholm University, Stockholm Sweden) -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * -+ * 3. Neither the name of the university nor the names of its contributors -+ * may be used to endorse or promote products derived from this software -+ * without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -+ * POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include "locl.h" -+ -+/* RCSID("$Id: main.c,v 1.24 2006/01/11 12:42:53 lha Exp $"); */ -+ -+#define OBJECT_ID_MASK 0xfff -+#define HANDLE_OBJECT_ID(h) ((h) & OBJECT_ID_MASK) -+#define OBJECT_ID(obj) HANDLE_OBJECT_ID((obj)->object_handle) -+ -+struct st_attr { -+ CK_ATTRIBUTE attribute; -+ int secret; -+}; -+ -+struct st_object { -+ CK_OBJECT_HANDLE object_handle; -+ struct st_attr *attrs; -+ int num_attributes; -+ enum { -+ STO_T_CERTIFICATE, -+ STO_T_PRIVATE_KEY, -+ STO_T_PUBLIC_KEY -+ } type; -+ union { -+ X509 *cert; -+ EVP_PKEY *public_key; -+ struct { -+ const char *file; -+ EVP_PKEY *key; -+ X509 *cert; -+ } private_key; -+ } u; -+}; -+ -+static struct soft_token { -+ CK_VOID_PTR application; -+ CK_NOTIFY notify; -+ struct { -+ struct st_object **objs; -+ int num_objs; -+ } object; -+ struct { -+ int hardware_slot; -+ int app_error_fatal; -+ int login_done; -+ } flags; -+ int open_sessions; -+ struct session_state { -+ CK_SESSION_HANDLE session_handle; -+ -+ struct { -+ CK_ATTRIBUTE *attributes; -+ CK_ULONG num_attributes; -+ int next_object; -+ } find; -+ -+ int encrypt_object; -+ CK_MECHANISM_PTR encrypt_mechanism; -+ int decrypt_object; -+ CK_MECHANISM_PTR decrypt_mechanism; -+ int sign_object; -+ CK_MECHANISM_PTR sign_mechanism; -+ int verify_object; -+ CK_MECHANISM_PTR verify_mechanism; -+ int digest_object; -+ } state[10]; -+#define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0])) -+ FILE *logfile; -+} soft_token; -+ -+static void -+application_error(const char *fmt, ...) -+{ -+ va_list ap; -+ va_start(ap, fmt); -+ vprintf(fmt, ap); -+ va_end(ap); -+ if (soft_token.flags.app_error_fatal) -+ abort(); -+} -+ -+static void -+st_logf(const char *fmt, ...) -+{ -+ va_list ap; -+ if (soft_token.logfile == NULL) -+ return; -+ va_start(ap, fmt); -+ vfprintf(soft_token.logfile, fmt, ap); -+ va_end(ap); -+ fflush(soft_token.logfile); -+} -+ -+static void -+snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...) -+{ -+ int len; -+ va_list ap; -+ len = vsnprintf(str, size, fmt, ap); -+ va_end(ap); -+ if (len < 0 || len > size) -+ return; -+ while(len < size) -+ str[len++] = fillchar; -+} -+ -+#ifndef TEST_APP -+#define printf error_use_st_logf -+#endif -+ -+#define VERIFY_SESSION_HANDLE(s, state) \ -+{ \ -+ CK_RV ret; \ -+ ret = verify_session_handle(s, state); \ -+ if (ret != CKR_OK) { \ -+ /* return CKR_OK */; \ -+ } \ -+} -+ -+static CK_RV -+verify_session_handle(CK_SESSION_HANDLE hSession, -+ struct session_state **state) -+{ -+ int i; -+ -+ for (i = 0; i < MAX_NUM_SESSION; i++){ -+ if (soft_token.state[i].session_handle == hSession) -+ break; -+ } -+ if (i == MAX_NUM_SESSION) { -+ application_error("use of invalid handle: 0x%08lx\n", -+ (unsigned long)hSession); -+ return CKR_SESSION_HANDLE_INVALID; -+ } -+ if (state) -+ *state = &soft_token.state[i]; -+ return CKR_OK; -+} -+ -+static CK_RV -+object_handle_to_object(CK_OBJECT_HANDLE handle, -+ struct st_object **object) -+{ -+ int i = HANDLE_OBJECT_ID(handle); -+ -+ *object = NULL; -+ if (i >= soft_token.object.num_objs) -+ return CKR_ARGUMENTS_BAD; -+ if (soft_token.object.objs[i] == NULL) -+ return CKR_ARGUMENTS_BAD; -+ if (soft_token.object.objs[i]->object_handle != handle) -+ return CKR_ARGUMENTS_BAD; -+ *object = soft_token.object.objs[i]; -+ return CKR_OK; -+} -+ -+static int -+attributes_match(const struct st_object *obj, -+ const CK_ATTRIBUTE *attributes, -+ CK_ULONG num_attributes) -+{ -+ CK_ULONG i; -+ int j; -+ st_logf("attributes_match: %ld\n", (unsigned long)OBJECT_ID(obj)); -+ -+ for (i = 0; i < num_attributes; i++) { -+ int match = 0; -+ for (j = 0; j < obj->num_attributes; j++) { -+ if (attributes[i].type == obj->attrs[j].attribute.type && -+ attributes[i].ulValueLen == obj->attrs[j].attribute.ulValueLen && -+ memcmp(attributes[i].pValue, obj->attrs[j].attribute.pValue, -+ attributes[i].ulValueLen) == 0) { -+ match = 1; -+ break; -+ } -+ } -+ if (match == 0) { -+ st_logf("type %d attribute have no match\n", attributes[i].type); -+ return 0; -+ } -+ } -+ st_logf("attribute matches\n"); -+ return 1; -+} -+ -+static void -+print_attributes(const CK_ATTRIBUTE *attributes, -+ CK_ULONG num_attributes) -+{ -+ CK_ULONG i; -+ -+ st_logf("find objects: attrs: %lu\n", (unsigned long)num_attributes); -+ -+ for (i = 0; i < num_attributes; i++) { -+ st_logf(" type: "); -+ switch (attributes[i].type) { -+ case CKA_TOKEN: { -+ CK_BBOOL *ck_true; -+ if (attributes[i].ulValueLen != sizeof(CK_BBOOL)) { -+ application_error("token attribute wrong length\n"); -+ break; -+ } -+ ck_true = attributes[i].pValue; -+ st_logf("token: %s", *ck_true ? "TRUE" : "FALSE"); -+ break; -+ } -+ case CKA_CLASS: { -+ CK_OBJECT_CLASS *class; -+ if (attributes[i].ulValueLen != sizeof(CK_ULONG)) { -+ application_error("class attribute wrong length\n"); -+ break; -+ } -+ class = attributes[i].pValue; -+ st_logf("class "); -+ switch (*class) { -+ case CKO_CERTIFICATE: -+ st_logf("certificate"); -+ break; -+ case CKO_PUBLIC_KEY: -+ st_logf("public key"); -+ break; -+ case CKO_PRIVATE_KEY: -+ st_logf("private key"); -+ break; -+ case CKO_SECRET_KEY: -+ st_logf("secret key"); -+ break; -+ case CKO_DOMAIN_PARAMETERS: -+ st_logf("domain parameters"); -+ break; -+ default: -+ st_logf("[class %lx]", (long unsigned)*class); -+ break; -+ } -+ break; -+ } -+ case CKA_PRIVATE: -+ st_logf("private"); -+ break; -+ case CKA_LABEL: -+ st_logf("label"); -+ break; -+ case CKA_APPLICATION: -+ st_logf("application"); -+ break; -+ case CKA_VALUE: -+ st_logf("value"); -+ break; -+ case CKA_ID: -+ st_logf("id"); -+ break; -+ default: -+ st_logf("[unknown 0x%08lx]", (unsigned long)attributes[i].type); -+ break; -+ } -+ st_logf("\n"); -+ } -+} -+ -+static struct st_object * -+add_st_object(void) -+{ -+ struct st_object *o, **objs; -+ int i; -+ -+ o = malloc(sizeof(*o)); -+ if (o == NULL) -+ return NULL; -+ memset(o, 0, sizeof(*o)); -+ o->attrs = NULL; -+ o->num_attributes = 0; -+ -+ for (i = 0; i < soft_token.object.num_objs; i++) { -+ if (soft_token.object.objs == NULL) { -+ soft_token.object.objs[i] = o; -+ break; -+ } -+ } -+ if (i == soft_token.object.num_objs) { -+ objs = realloc(soft_token.object.objs, -+ (soft_token.object.num_objs + 1) * sizeof(soft_token.object.objs[0])); -+ if (objs == NULL) { -+ free(o); -+ return NULL; -+ } -+ soft_token.object.objs = objs; -+ soft_token.object.objs[soft_token.object.num_objs++] = o; -+ } -+ soft_token.object.objs[i]->object_handle = -+ (random() & (~OBJECT_ID_MASK)) | i; -+ -+ return o; -+} -+ -+static CK_RV -+add_object_attribute(struct st_object *o, -+ int secret, -+ CK_ATTRIBUTE_TYPE type, -+ CK_VOID_PTR pValue, -+ CK_ULONG ulValueLen) -+{ -+ struct st_attr *a; -+ int i; -+ -+ i = o->num_attributes; -+ a = realloc(o->attrs, (i + 1) * sizeof(o->attrs[0])); -+ if (a == NULL) -+ return CKR_DEVICE_MEMORY; -+ o->attrs = a; -+ o->attrs[i].secret = secret; -+ o->attrs[i].attribute.type = type; -+ o->attrs[i].attribute.pValue = malloc(ulValueLen); -+ if (o->attrs[i].attribute.pValue == NULL && ulValueLen != 0) -+ return CKR_DEVICE_MEMORY; -+ memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen); -+ o->attrs[i].attribute.ulValueLen = ulValueLen; -+ o->num_attributes++; -+ -+ return CKR_OK; -+} -+ -+static CK_RV -+add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key) -+{ -+ switch (key_type) { -+ case CKK_RSA: { -+ CK_BYTE *modulus = NULL; -+ size_t modulus_len = 0; -+ CK_ULONG modulus_bits = 0; -+ CK_BYTE *exponent = NULL; -+ size_t exponent_len = 0; -+ -+ modulus_bits = BN_num_bits(key->pkey.rsa->n); -+ -+ modulus_len = BN_num_bytes(key->pkey.rsa->n); -+ modulus = malloc(modulus_len); -+ BN_bn2bin(key->pkey.rsa->n, modulus); -+ -+ exponent_len = BN_num_bytes(key->pkey.rsa->e); -+ exponent = malloc(exponent_len); -+ BN_bn2bin(key->pkey.rsa->e, exponent); -+ -+ add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len); -+ add_object_attribute(o, 0, CKA_MODULUS_BITS, -+ &modulus_bits, sizeof(modulus_bits)); -+ add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT, -+ exponent, exponent_len); -+ -+ RSA_set_method(key->pkey.rsa, RSA_PKCS1_SSLeay()); -+ -+ free(modulus); -+ free(exponent); -+ } -+ default: -+ /* XXX */ -+ break; -+ } -+ return CKR_OK; -+} -+ -+ -+static int -+pem_callback(char *buf, int num, int w, void *key) -+{ -+ return -1; -+} -+ -+ -+static CK_RV -+add_certificate(char *label, -+ const char *cert_file, -+ const char *private_key_file, -+ char *id, -+ int anchor) -+{ -+ struct st_object *o = NULL; -+ CK_BBOOL bool_true = CK_TRUE; -+ CK_BBOOL bool_false = CK_FALSE; -+ CK_OBJECT_CLASS c; -+ CK_CERTIFICATE_TYPE cert_type = CKC_X_509; -+ CK_KEY_TYPE key_type; -+ CK_MECHANISM_TYPE mech_type; -+ void *cert_data = NULL; -+ size_t cert_length; -+ void *subject_data = NULL; -+ size_t subject_length; -+ void *issuer_data = NULL; -+ size_t issuer_length; -+ void *serial_data = NULL; -+ size_t serial_length; -+ CK_RV ret = CKR_GENERAL_ERROR; -+ X509 *cert; -+ EVP_PKEY *public_key; -+ -+ size_t id_len = strlen(id); -+ -+ { -+ FILE *f; -+ -+ f = fopen(cert_file, "r"); -+ if (f == NULL) { -+ st_logf("failed to open file %s\n", cert_file); -+ return CKR_GENERAL_ERROR; -+ } -+ -+ cert = PEM_read_X509(f, NULL, NULL, NULL); -+ fclose(f); -+ if (cert == NULL) { -+ st_logf("failed reading PEM cert\n"); -+ return CKR_GENERAL_ERROR; -+ } -+ -+ OPENSSL_ASN1_MALLOC_ENCODE(X509, cert_data, cert_length, cert, ret); -+ if (ret) -+ goto out; -+ -+ OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, issuer_data, issuer_length, -+ X509_get_issuer_name(cert), ret); -+ if (ret) -+ goto out; -+ -+ OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, subject_data, subject_length, -+ X509_get_subject_name(cert), ret); -+ if (ret) -+ goto out; -+ -+ OPENSSL_ASN1_MALLOC_ENCODE(ASN1_INTEGER, serial_data, serial_length, -+ X509_get_serialNumber(cert), ret); -+ if (ret) -+ goto out; -+ -+ } -+ -+ st_logf("done parsing, adding to internal structure\n"); -+ -+ o = add_st_object(); -+ if (o == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ o->type = STO_T_CERTIFICATE; -+ o->u.cert = cert; -+ public_key = X509_get_pubkey(o->u.cert); -+ -+ switch (EVP_PKEY_type(public_key->type)) { -+ case EVP_PKEY_RSA: -+ key_type = CKK_RSA; -+ break; -+ case EVP_PKEY_DSA: -+ key_type = CKK_DSA; -+ break; -+ default: -+ /* XXX */ -+ break; -+ } -+ -+ c = CKO_CERTIFICATE; -+ add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c)); -+ add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_LABEL, label, strlen(label)); -+ -+ add_object_attribute(o, 0, CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type)); -+ add_object_attribute(o, 0, CKA_ID, id, id_len); -+ -+ add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length); -+ add_object_attribute(o, 0, CKA_ISSUER, issuer_data, issuer_length); -+ add_object_attribute(o, 0, CKA_SERIAL_NUMBER, serial_data, serial_length); -+ add_object_attribute(o, 0, CKA_VALUE, cert_data, cert_length); -+ if (anchor) -+ add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true)); -+ else -+ add_object_attribute(o, 0, CKA_TRUSTED, &bool_false, sizeof(bool_false)); -+ -+ st_logf("add cert ok: %lx\n", (unsigned long)OBJECT_ID(o)); -+ -+ o = add_st_object(); -+ if (o == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ o->type = STO_T_PUBLIC_KEY; -+ o->u.public_key = public_key; -+ -+ c = CKO_PUBLIC_KEY; -+ add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c)); -+ add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_LABEL, label, strlen(label)); -+ -+ add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type)); -+ add_object_attribute(o, 0, CKA_ID, id, id_len); -+ add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */ -+ add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */ -+ add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false)); -+ mech_type = CKM_RSA_X_509; -+ add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type)); -+ -+ add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length); -+ add_object_attribute(o, 0, CKA_ENCRYPT, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_VERIFY, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_VERIFY_RECOVER, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_WRAP, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true)); -+ -+ add_pubkey_info(o, key_type, public_key); -+ -+ st_logf("add key ok: %lx\n", (unsigned long)OBJECT_ID(o)); -+ -+ if (private_key_file) { -+ CK_FLAGS flags; -+ FILE *f; -+ -+ o = add_st_object(); -+ if (o == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ o->type = STO_T_PRIVATE_KEY; -+ o->u.private_key.file = strdup(private_key_file); -+ o->u.private_key.key = NULL; -+ -+ o->u.private_key.cert = cert; -+ -+ c = CKO_PRIVATE_KEY; -+ add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c)); -+ add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_PRIVATE, &bool_true, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_LABEL, label, strlen(label)); -+ -+ add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type)); -+ add_object_attribute(o, 0, CKA_ID, id, id_len); -+ add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */ -+ add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */ -+ add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false)); -+ mech_type = CKM_RSA_X_509; -+ add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type)); -+ -+ add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length); -+ add_object_attribute(o, 0, CKA_SENSITIVE, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_SECONDARY_AUTH, &bool_false, sizeof(bool_true)); -+ flags = 0; -+ add_object_attribute(o, 0, CKA_AUTH_PIN_FLAGS, &flags, sizeof(flags)); -+ -+ add_object_attribute(o, 0, CKA_DECRYPT, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_SIGN, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_SIGN_RECOVER, &bool_false, sizeof(bool_false)); -+ add_object_attribute(o, 0, CKA_UNWRAP, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_EXTRACTABLE, &bool_true, sizeof(bool_true)); -+ add_object_attribute(o, 0, CKA_NEVER_EXTRACTABLE, &bool_false, sizeof(bool_false)); -+ -+ add_pubkey_info(o, key_type, public_key); -+ -+ f = fopen(private_key_file, "r"); -+ if (f == NULL) { -+ st_logf("failed to open private key\n"); -+ return CKR_GENERAL_ERROR; -+ } -+ -+ o->u.private_key.key = PEM_read_PrivateKey(f, NULL, pem_callback, NULL); -+ fclose(f); -+ if (o->u.private_key.key == NULL) { -+ st_logf("failed to read private key a startup\n"); -+ /* don't bother with this failure for now, -+ fix it at C_Login time */; -+ } else { -+ /* XXX verify keytype */ -+ -+ if (key_type == CKK_RSA) -+ RSA_set_method(o->u.private_key.key->pkey.rsa, -+ RSA_PKCS1_SSLeay()); -+ -+ if (X509_check_private_key(cert, o->u.private_key.key) != 1) { -+ EVP_PKEY_free(o->u.private_key.key); -+ o->u.private_key.key = NULL; -+ st_logf("private key doesn't verify\n"); -+ } else { -+ st_logf("private key usable\n"); -+ soft_token.flags.login_done = 1; -+ } -+ } -+ } -+ -+ ret = CKR_OK; -+ out: -+ if (ret != CKR_OK) { -+ st_logf("something went wrong when adding cert!\n"); -+ -+ /* XXX wack o */; -+ } -+ free(cert_data); -+ free(serial_data); -+ free(issuer_data); -+ free(subject_data); -+ -+ return ret; -+} -+ -+static void -+find_object_final(struct session_state *state) -+{ -+ if (state->find.attributes) { -+ CK_ULONG i; -+ -+ for (i = 0; i < state->find.num_attributes; i++) { -+ if (state->find.attributes[i].pValue) -+ free(state->find.attributes[i].pValue); -+ } -+ free(state->find.attributes); -+ state->find.attributes = NULL; -+ state->find.num_attributes = 0; -+ state->find.next_object = -1; -+ } -+} -+ -+static void -+reset_crypto_state(struct session_state *state) -+{ -+ state->encrypt_object = -1; -+ if (state->encrypt_mechanism) -+ free(state->encrypt_mechanism); -+ state->encrypt_mechanism = NULL_PTR; -+ state->decrypt_object = -1; -+ if (state->decrypt_mechanism) -+ free(state->decrypt_mechanism); -+ state->decrypt_mechanism = NULL_PTR; -+ state->sign_object = -1; -+ if (state->sign_mechanism) -+ free(state->sign_mechanism); -+ state->sign_mechanism = NULL_PTR; -+ state->verify_object = -1; -+ if (state->verify_mechanism) -+ free(state->verify_mechanism); -+ state->verify_mechanism = NULL_PTR; -+ state->digest_object = -1; -+} -+ -+static void -+close_session(struct session_state *state) -+{ -+ if (state->find.attributes) { -+ application_error("application didn't do C_FindObjectsFinal\n"); -+ find_object_final(state); -+ } -+ -+ state->session_handle = CK_INVALID_HANDLE; -+ soft_token.application = NULL_PTR; -+ soft_token.notify = NULL_PTR; -+ reset_crypto_state(state); -+} -+ -+static const char * -+has_session(void) -+{ -+ return soft_token.open_sessions > 0 ? "yes" : "no"; -+} -+ -+static void -+read_conf_file(const char *fn) -+{ -+ char buf[1024], *cert, *key, *id, *label, *s, *p; -+ int anchor; -+ FILE *f; -+ -+ f = fopen(fn, "r"); -+ if (f == NULL) { -+ st_logf("can't open configuration file %s\n", fn); -+ return; -+ } -+ -+ while(fgets(buf, sizeof(buf), f) != NULL) { -+ buf[strcspn(buf, "\n")] = '\0'; -+ -+ anchor = 0; -+ -+ st_logf("line: %s\n", buf); -+ -+ p = buf; -+ while (isspace(*p)) -+ p++; -+ if (*p == '#') -+ continue; -+ while (isspace(*p)) -+ p++; -+ -+ s = NULL; -+ id = strtok_r(p, "\t", &s); -+ if (id == NULL) -+ continue; -+ label = strtok_r(NULL, "\t", &s); -+ if (label == NULL) -+ continue; -+ cert = strtok_r(NULL, "\t", &s); -+ if (cert == NULL) -+ continue; -+ key = strtok_r(NULL, "\t", &s); -+ -+ /* XXX */ -+ if (strcmp(id, "anchor") == 0) { -+ id = "\x00\x00"; -+ anchor = 1; -+ } -+ -+ st_logf("adding: %s\n", label); -+ -+ add_certificate(label, cert, key, id, anchor); -+ } -+} -+ -+static CK_RV -+func_not_supported(void) -+{ -+ st_logf("function not supported\n"); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_Initialize(CK_VOID_PTR a) -+{ -+ CK_C_INITIALIZE_ARGS_PTR args = a; -+ st_logf("Initialize\n"); -+ int i; -+ -+ OpenSSL_add_all_algorithms(); -+ ERR_load_crypto_strings(); -+ -+ srandom(getpid() ^ time(NULL)); -+ -+ for (i = 0; i < MAX_NUM_SESSION; i++) { -+ soft_token.state[i].session_handle = CK_INVALID_HANDLE; -+ soft_token.state[i].find.attributes = NULL; -+ soft_token.state[i].find.num_attributes = 0; -+ soft_token.state[i].find.next_object = -1; -+ reset_crypto_state(&soft_token.state[i]); -+ } -+ -+ soft_token.flags.hardware_slot = 1; -+ soft_token.flags.app_error_fatal = 0; -+ soft_token.flags.login_done = 0; -+ -+ soft_token.object.objs = NULL; -+ soft_token.object.num_objs = 0; -+ -+ soft_token.logfile = NULL; -+#if 0 -+ soft_token.logfile = stdout; -+#endif -+#if 0 -+ soft_token.logfile = fopen("/tmp/log-pkcs11.txt", "a"); -+#endif -+ -+ if (a != NULL_PTR) { -+ st_logf("\tCreateMutex:\t%p\n", args->CreateMutex); -+ st_logf("\tDestroyMutext\t%p\n", args->DestroyMutex); -+ st_logf("\tLockMutext\t%p\n", args->LockMutex); -+ st_logf("\tUnlockMutext\t%p\n", args->UnlockMutex); -+ st_logf("\tFlags\t%04x\n", (unsigned int)args->flags); -+ } -+ -+ { -+ char *fn = NULL, *home = NULL; -+ -+ if (getuid() == geteuid()) { -+ fn = getenv("SOFTPKCS11RC"); -+ if (fn) -+ fn = strdup(fn); -+ home = getenv("HOME"); -+ } -+ if (fn == NULL && home == NULL) { -+ struct passwd *pw = getpwuid(getuid()); -+ if(pw != NULL) -+ home = pw->pw_dir; -+ } -+ if (fn == NULL) { -+ if (home) -+ asprintf(&fn, "%s/.soft-token.rc", home); -+ else -+ fn = strdup("/etc/soft-token.rc"); -+ } -+ -+ read_conf_file(fn); -+ free(fn); -+ } -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_Finalize(CK_VOID_PTR args) -+{ -+ int i; -+ -+ st_logf("Finalize\n"); -+ -+ for (i = 0; i < MAX_NUM_SESSION; i++) { -+ if (soft_token.state[i].session_handle != CK_INVALID_HANDLE) { -+ application_error("application finalized without " -+ "closing session\n"); -+ close_session(&soft_token.state[i]); -+ } -+ } -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetInfo(CK_INFO_PTR args) -+{ -+ st_logf("GetInfo\n"); -+ -+ memset(args, 17, sizeof(*args)); -+ args->cryptokiVersion.major = 2; -+ args->cryptokiVersion.minor = 10; -+ snprintf_fill((char *)args->manufacturerID, -+ sizeof(args->manufacturerID), -+ ' ', -+ "SoftToken"); -+ snprintf_fill((char *)args->libraryDescription, -+ sizeof(args->libraryDescription), ' ', -+ "SoftToken"); -+ args->libraryVersion.major = 1; -+ args->libraryVersion.minor = 8; -+ -+ return CKR_OK; -+} -+ -+extern CK_FUNCTION_LIST funcs; -+ -+CK_RV -+C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) -+{ -+ *ppFunctionList = &funcs; -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetSlotList(CK_BBOOL tokenPresent, -+ CK_SLOT_ID_PTR pSlotList, -+ CK_ULONG_PTR pulCount) -+{ -+ st_logf("GetSlotList: %s\n", -+ tokenPresent ? "tokenPresent" : "token not Present"); -+ if (pSlotList) -+ pSlotList[0] = 1; -+ *pulCount = 1; -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetSlotInfo(CK_SLOT_ID slotID, -+ CK_SLOT_INFO_PTR pInfo) -+{ -+ st_logf("GetSlotInfo: slot: %d : %s\n", (int)slotID, has_session()); -+ -+ memset(pInfo, 18, sizeof(*pInfo)); -+ -+ if (slotID != 1) -+ return CKR_ARGUMENTS_BAD; -+ -+ snprintf_fill((char *)pInfo->slotDescription, -+ sizeof(pInfo->slotDescription), -+ ' ', -+ "SoftToken (slot)"); -+ snprintf_fill((char *)pInfo->manufacturerID, -+ sizeof(pInfo->manufacturerID), -+ ' ', -+ "SoftToken (slot)"); -+ pInfo->flags = CKF_TOKEN_PRESENT; -+ if (soft_token.flags.hardware_slot) -+ pInfo->flags |= CKF_HW_SLOT; -+ pInfo->hardwareVersion.major = 1; -+ pInfo->hardwareVersion.minor = 0; -+ pInfo->firmwareVersion.major = 1; -+ pInfo->firmwareVersion.minor = 0; -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetTokenInfo(CK_SLOT_ID slotID, -+ CK_TOKEN_INFO_PTR pInfo) -+{ -+ st_logf("GetTokenInfo: %s\n", has_session()); -+ -+ memset(pInfo, 19, sizeof(*pInfo)); -+ -+ snprintf_fill((char *)pInfo->label, -+ sizeof(pInfo->label), -+ ' ', -+ "SoftToken (token)"); -+ snprintf_fill((char *)pInfo->manufacturerID, -+ sizeof(pInfo->manufacturerID), -+ ' ', -+ "SoftToken (token)"); -+ snprintf_fill((char *)pInfo->model, -+ sizeof(pInfo->model), -+ ' ', -+ "SoftToken (token)"); -+ snprintf_fill((char *)pInfo->serialNumber, -+ sizeof(pInfo->serialNumber), -+ ' ', -+ "4711"); -+ pInfo->flags = -+ CKF_TOKEN_INITIALIZED | -+ CKF_USER_PIN_INITIALIZED; -+ -+ if (soft_token.flags.login_done == 0) -+ pInfo->flags |= CKF_LOGIN_REQUIRED; -+ -+ /* CFK_RNG | -+ CKF_RESTORE_KEY_NOT_NEEDED | -+ */ -+ pInfo->ulMaxSessionCount = MAX_NUM_SESSION; -+ pInfo->ulSessionCount = soft_token.open_sessions; -+ pInfo->ulMaxRwSessionCount = MAX_NUM_SESSION; -+ pInfo->ulRwSessionCount = soft_token.open_sessions; -+ pInfo->ulMaxPinLen = 1024; -+ pInfo->ulMinPinLen = 0; -+ pInfo->ulTotalPublicMemory = 4711; -+ pInfo->ulFreePublicMemory = 4712; -+ pInfo->ulTotalPrivateMemory = 4713; -+ pInfo->ulFreePrivateMemory = 4714; -+ pInfo->hardwareVersion.major = 2; -+ pInfo->hardwareVersion.minor = 0; -+ pInfo->firmwareVersion.major = 2; -+ pInfo->firmwareVersion.minor = 0; -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetMechanismList(CK_SLOT_ID slotID, -+ CK_MECHANISM_TYPE_PTR pMechanismList, -+ CK_ULONG_PTR pulCount) -+{ -+ st_logf("GetMechanismList\n"); -+ -+ *pulCount = 2; -+ if (pMechanismList == NULL_PTR) -+ return CKR_OK; -+ pMechanismList[0] = CKM_RSA_X_509; -+ pMechanismList[1] = CKM_RSA_PKCS; -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetMechanismInfo(CK_SLOT_ID slotID, -+ CK_MECHANISM_TYPE type, -+ CK_MECHANISM_INFO_PTR pInfo) -+{ -+ st_logf("GetMechanismInfo: slot %d type: %d\n", -+ (int)slotID, (int)type); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_InitToken(CK_SLOT_ID slotID, -+ CK_UTF8CHAR_PTR pPin, -+ CK_ULONG ulPinLen, -+ CK_UTF8CHAR_PTR pLabel) -+{ -+ st_logf("InitToken: slot %d\n", (int)slotID); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_OpenSession(CK_SLOT_ID slotID, -+ CK_FLAGS flags, -+ CK_VOID_PTR pApplication, -+ CK_NOTIFY Notify, -+ CK_SESSION_HANDLE_PTR phSession) -+{ -+ int i; -+ -+ st_logf("OpenSession: slot: %d\n", (int)slotID); -+ -+ if (soft_token.open_sessions == MAX_NUM_SESSION) -+ return CKR_SESSION_COUNT; -+ -+ soft_token.application = pApplication; -+ soft_token.notify = Notify; -+ -+ for (i = 0; i < MAX_NUM_SESSION; i++) -+ if (soft_token.state[i].session_handle == CK_INVALID_HANDLE) -+ break; -+ if (i == MAX_NUM_SESSION) -+ abort(); -+ -+ soft_token.open_sessions++; -+ -+ soft_token.state[i].session_handle = -+ (CK_SESSION_HANDLE)(random() & 0xfffff); -+ *phSession = soft_token.state[i].session_handle; -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_CloseSession(CK_SESSION_HANDLE hSession) -+{ -+ struct session_state *state; -+ st_logf("CloseSession\n"); -+ -+ if (verify_session_handle(hSession, &state) != CKR_OK) -+ application_error("closed session not open"); -+ else -+ close_session(state); -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_CloseAllSessions(CK_SLOT_ID slotID) -+{ -+ int i; -+ -+ st_logf("CloseAllSessions\n"); -+ -+ for (i = 0; i < MAX_NUM_SESSION; i++) -+ if (soft_token.state[i].session_handle != CK_INVALID_HANDLE) -+ close_session(&soft_token.state[i]); -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_GetSessionInfo(CK_SESSION_HANDLE hSession, -+ CK_SESSION_INFO_PTR pInfo) -+{ -+ st_logf("GetSessionInfo\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ -+ memset(pInfo, 20, sizeof(*pInfo)); -+ -+ pInfo->slotID = 1; -+ if (soft_token.flags.login_done) -+ pInfo->state = CKS_RO_USER_FUNCTIONS; -+ else -+ pInfo->state = CKS_RO_PUBLIC_SESSION; -+ pInfo->flags = CKF_SERIAL_SESSION; -+ pInfo->ulDeviceError = 0; -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_Login(CK_SESSION_HANDLE hSession, -+ CK_USER_TYPE userType, -+ CK_UTF8CHAR_PTR pPin, -+ CK_ULONG ulPinLen) -+{ -+ char *pin = NULL; -+ int i; -+ -+ st_logf("Login\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ -+ if (pPin != NULL_PTR) { -+ asprintf(&pin, "%.*s", (int)ulPinLen, pPin); -+ st_logf("type: %d password: %s\n", (int)userType, pin); -+ } -+ -+ for (i = 0; i < soft_token.object.num_objs; i++) { -+ struct st_object *o = soft_token.object.objs[i]; -+ FILE *f; -+ -+ if (o->type != STO_T_PRIVATE_KEY) -+ continue; -+ -+ if (o->u.private_key.key) -+ continue; -+ -+ f = fopen(o->u.private_key.file, "r"); -+ if (f == NULL) { -+ st_logf("can't open private file: %s\n", o->u.private_key.file); -+ continue; -+ } -+ -+ o->u.private_key.key = PEM_read_PrivateKey(f, NULL, NULL, pin); -+ fclose(f); -+ if (o->u.private_key.key == NULL) { -+ st_logf("failed to read key: %s error: %s\n", -+ o->u.private_key.file, -+ ERR_error_string(ERR_get_error(), NULL)); -+ /* just ignore failure */; -+ continue; -+ } -+ -+ /* XXX check keytype */ -+ RSA_set_method(o->u.private_key.key->pkey.rsa, RSA_PKCS1_SSLeay()); -+ -+ if (X509_check_private_key(o->u.private_key.cert, o->u.private_key.key) != 1) { -+ EVP_PKEY_free(o->u.private_key.key); -+ o->u.private_key.key = NULL; -+ st_logf("private key %s doesn't verify\n", o->u.private_key.file); -+ continue; -+ } -+ -+ soft_token.flags.login_done = 1; -+ } -+ free(pin); -+ -+ return soft_token.flags.login_done ? CKR_OK : CKR_PIN_INCORRECT; -+} -+ -+CK_RV -+C_Logout(CK_SESSION_HANDLE hSession) -+{ -+ st_logf("Logout\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_GetObjectSize(CK_SESSION_HANDLE hSession, -+ CK_OBJECT_HANDLE hObject, -+ CK_ULONG_PTR pulSize) -+{ -+ st_logf("GetObjectSize\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_GetAttributeValue(CK_SESSION_HANDLE hSession, -+ CK_OBJECT_HANDLE hObject, -+ CK_ATTRIBUTE_PTR pTemplate, -+ CK_ULONG ulCount) -+{ -+ struct session_state *state; -+ struct st_object *obj; -+ CK_ULONG i; -+ CK_RV ret; -+ int j; -+ -+ st_logf("GetAttributeValue: %lx\n", -+ (unsigned long)HANDLE_OBJECT_ID(hObject)); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if ((ret = object_handle_to_object(hObject, &obj)) != CKR_OK) { -+ st_logf("object not found: %lx\n", -+ (unsigned long)HANDLE_OBJECT_ID(hObject)); -+ return ret; -+ } -+ -+ for (i = 0; i < ulCount; i++) { -+ st_logf(" getting 0x%08lx\n", (unsigned long)pTemplate[i].type); -+ for (j = 0; j < obj->num_attributes; j++) { -+ if (obj->attrs[j].secret) { -+ pTemplate[i].ulValueLen = (CK_ULONG)-1; -+ break; -+ } -+ if (pTemplate[i].type == obj->attrs[j].attribute.type) { -+ if (pTemplate[i].pValue != NULL_PTR && obj->attrs[j].secret == 0) { -+ if (pTemplate[i].ulValueLen >= obj->attrs[j].attribute.ulValueLen) -+ memcpy(pTemplate[i].pValue, obj->attrs[j].attribute.pValue, -+ obj->attrs[j].attribute.ulValueLen); -+ } -+ pTemplate[i].ulValueLen = obj->attrs[j].attribute.ulValueLen; -+ break; -+ } -+ } -+ if (j == obj->num_attributes) { -+ st_logf("key type: 0x%08lx not found\n", (unsigned long)pTemplate[i].type); -+ pTemplate[i].ulValueLen = (CK_ULONG)-1; -+ } -+ -+ } -+ return CKR_OK; -+} -+ -+CK_RV -+C_FindObjectsInit(CK_SESSION_HANDLE hSession, -+ CK_ATTRIBUTE_PTR pTemplate, -+ CK_ULONG ulCount) -+{ -+ struct session_state *state; -+ -+ st_logf("FindObjectsInit\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->find.next_object != -1) { -+ application_error("application didn't do C_FindObjectsFinal\n"); -+ find_object_final(state); -+ } -+ if (ulCount) { -+ CK_ULONG i; -+ size_t len; -+ -+ print_attributes(pTemplate, ulCount); -+ -+ state->find.attributes = -+ calloc(1, ulCount * sizeof(state->find.attributes[0])); -+ if (state->find.attributes == NULL) -+ return CKR_DEVICE_MEMORY; -+ for (i = 0; i < ulCount; i++) { -+ state->find.attributes[i].pValue = -+ malloc(pTemplate[i].ulValueLen); -+ if (state->find.attributes[i].pValue == NULL) { -+ find_object_final(state); -+ return CKR_DEVICE_MEMORY; -+ } -+ memcpy(state->find.attributes[i].pValue, -+ pTemplate[i].pValue, pTemplate[i].ulValueLen); -+ state->find.attributes[i].type = pTemplate[i].type; -+ state->find.attributes[i].ulValueLen = pTemplate[i].ulValueLen; -+ } -+ state->find.num_attributes = ulCount; -+ state->find.next_object = 0; -+ } else { -+ st_logf("find all objects\n"); -+ state->find.attributes = NULL; -+ state->find.num_attributes = 0; -+ state->find.next_object = 0; -+ } -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_FindObjects(CK_SESSION_HANDLE hSession, -+ CK_OBJECT_HANDLE_PTR phObject, -+ CK_ULONG ulMaxObjectCount, -+ CK_ULONG_PTR pulObjectCount) -+{ -+ struct session_state *state; -+ int i; -+ -+ st_logf("FindObjects\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->find.next_object == -1) { -+ application_error("application didn't do C_FindObjectsInit\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ if (ulMaxObjectCount == 0) { -+ application_error("application asked for 0 objects\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ *pulObjectCount = 0; -+ for (i = state->find.next_object; i < soft_token.object.num_objs; i++) { -+ st_logf("FindObjects: %d\n", i); -+ state->find.next_object = i + 1; -+ if (attributes_match(soft_token.object.objs[i], -+ state->find.attributes, -+ state->find.num_attributes)) { -+ *phObject++ = soft_token.object.objs[i]->object_handle; -+ ulMaxObjectCount--; -+ (*pulObjectCount)++; -+ if (ulMaxObjectCount == 0) -+ break; -+ } -+ } -+ return CKR_OK; -+} -+ -+CK_RV -+C_FindObjectsFinal(CK_SESSION_HANDLE hSession) -+{ -+ struct session_state *state; -+ -+ st_logf("FindObjectsFinal\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ find_object_final(state); -+ return CKR_OK; -+} -+ -+static CK_RV -+commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len, -+ const CK_MECHANISM_TYPE *mechs, int mechs_len, -+ const CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, -+ struct st_object **o) -+{ -+ CK_RV ret; -+ int i; -+ -+ *o = NULL; -+ if ((ret = object_handle_to_object(hKey, o)) != CKR_OK) -+ return ret; -+ -+ ret = attributes_match(*o, attr_match, attr_match_len); -+ if (!ret) { -+ application_error("called commonInit on key that doesn't " -+ "support required attr"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ for (i = 0; i < mechs_len; i++) -+ if (mechs[i] == pMechanism->mechanism) -+ break; -+ if (i == mechs_len) { -+ application_error("called mech (%08lx) not supported\n", -+ pMechanism->mechanism); -+ return CKR_ARGUMENTS_BAD; -+ } -+ return CKR_OK; -+} -+ -+ -+static CK_RV -+dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism) -+{ -+ CK_MECHANISM_PTR p; -+ -+ p = malloc(sizeof(*p)); -+ if (p == NULL) -+ return CKR_DEVICE_MEMORY; -+ -+ if (*dup) -+ free(*dup); -+ *dup = p; -+ memcpy(p, pMechanism, sizeof(*p)); -+ -+ return CKR_OK; -+} -+ -+ -+CK_RV -+C_EncryptInit(CK_SESSION_HANDLE hSession, -+ CK_MECHANISM_PTR pMechanism, -+ CK_OBJECT_HANDLE hKey) -+{ -+ struct session_state *state; -+ CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 }; -+ CK_BBOOL bool_true = CK_TRUE; -+ CK_ATTRIBUTE attr[] = { -+ { CKA_ENCRYPT, &bool_true, sizeof(bool_true) } -+ }; -+ struct st_object *o; -+ CK_RV ret; -+ -+ st_logf("EncryptInit\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), -+ mechs, sizeof(mechs)/sizeof(mechs[0]), -+ pMechanism, hKey, &o); -+ if (ret) -+ return ret; -+ -+ ret = dup_mechanism(&state->encrypt_mechanism, pMechanism); -+ if (ret == CKR_OK) -+ state->encrypt_object = OBJECT_ID(o); -+ -+ return ret; -+} -+ -+CK_RV -+C_Encrypt(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pData, -+ CK_ULONG ulDataLen, -+ CK_BYTE_PTR pEncryptedData, -+ CK_ULONG_PTR pulEncryptedDataLen) -+{ -+ struct session_state *state; -+ struct st_object *o; -+ void *buffer = NULL; -+ CK_RV ret; -+ RSA *rsa; -+ int padding, len, buffer_len, padding_len; -+ -+ st_logf("Encrypt\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->encrypt_object == -1) -+ return CKR_ARGUMENTS_BAD; -+ -+ o = soft_token.object.objs[state->encrypt_object]; -+ -+ if (o->u.public_key == NULL) { -+ st_logf("public key NULL\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ rsa = o->u.public_key->pkey.rsa; -+ -+ if (rsa == NULL) -+ return CKR_ARGUMENTS_BAD; -+ -+ RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */ -+ -+ buffer_len = RSA_size(rsa); -+ -+ buffer = malloc(buffer_len); -+ if (buffer == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ -+ ret = CKR_OK; -+ switch(state->encrypt_mechanism->mechanism) { -+ case CKM_RSA_PKCS: -+ padding = RSA_PKCS1_PADDING; -+ padding_len = RSA_PKCS1_PADDING_SIZE; -+ break; -+ case CKM_RSA_X_509: -+ padding = RSA_NO_PADDING; -+ padding_len = 0; -+ break; -+ default: -+ ret = CKR_FUNCTION_NOT_SUPPORTED; -+ goto out; -+ } -+ -+ if (buffer_len + padding_len < ulDataLen) { -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pulEncryptedDataLen == NULL) { -+ st_logf("pulEncryptedDataLen NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pData == NULL_PTR) { -+ st_logf("data NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ len = RSA_public_encrypt(ulDataLen, pData, buffer, rsa, padding); -+ if (len <= 0) { -+ ret = CKR_DEVICE_ERROR; -+ goto out; -+ } -+ if (len > buffer_len) -+ abort(); -+ -+ if (pEncryptedData != NULL_PTR) -+ memcpy(pEncryptedData, buffer, len); -+ *pulEncryptedDataLen = len; -+ -+ out: -+ if (buffer) { -+ memset(buffer, 0, buffer_len); -+ free(buffer); -+ } -+ return ret; -+} -+ -+CK_RV -+C_EncryptUpdate(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pPart, -+ CK_ULONG ulPartLen, -+ CK_BYTE_PTR pEncryptedPart, -+ CK_ULONG_PTR pulEncryptedPartLen) -+{ -+ st_logf("EncryptUpdate\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+ -+CK_RV -+C_EncryptFinal(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pLastEncryptedPart, -+ CK_ULONG_PTR pulLastEncryptedPartLen) -+{ -+ st_logf("EncryptFinal\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+ -+/* C_DecryptInit initializes a decryption operation. */ -+CK_RV -+C_DecryptInit(CK_SESSION_HANDLE hSession, -+ CK_MECHANISM_PTR pMechanism, -+ CK_OBJECT_HANDLE hKey) -+{ -+ struct session_state *state; -+ CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 }; -+ CK_BBOOL bool_true = CK_TRUE; -+ CK_ATTRIBUTE attr[] = { -+ { CKA_DECRYPT, &bool_true, sizeof(bool_true) } -+ }; -+ struct st_object *o; -+ CK_RV ret; -+ -+ st_logf("DecryptInit\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), -+ mechs, sizeof(mechs)/sizeof(mechs[0]), -+ pMechanism, hKey, &o); -+ if (ret) -+ return ret; -+ -+ ret = dup_mechanism(&state->decrypt_mechanism, pMechanism); -+ if (ret == CKR_OK) -+ state->decrypt_object = OBJECT_ID(o); -+ -+ return CKR_OK; -+} -+ -+ -+CK_RV -+C_Decrypt(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pEncryptedData, -+ CK_ULONG ulEncryptedDataLen, -+ CK_BYTE_PTR pData, -+ CK_ULONG_PTR pulDataLen) -+{ -+ struct session_state *state; -+ struct st_object *o; -+ void *buffer = NULL; -+ CK_RV ret; -+ RSA *rsa; -+ int padding, len, buffer_len, padding_len; -+ -+ st_logf("Decrypt\n"); -+ -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->decrypt_object == -1) -+ return CKR_ARGUMENTS_BAD; -+ -+ o = soft_token.object.objs[state->decrypt_object]; -+ -+ if (o->u.private_key.key == NULL) { -+ st_logf("private key NULL\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ rsa = o->u.private_key.key->pkey.rsa; -+ -+ if (rsa == NULL) -+ return CKR_ARGUMENTS_BAD; -+ -+ RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */ -+ -+ buffer_len = RSA_size(rsa); -+ -+ buffer = malloc(buffer_len); -+ if (buffer == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ -+ ret = CKR_OK; -+ switch(state->decrypt_mechanism->mechanism) { -+ case CKM_RSA_PKCS: -+ padding = RSA_PKCS1_PADDING; -+ padding_len = RSA_PKCS1_PADDING_SIZE; -+ break; -+ case CKM_RSA_X_509: -+ padding = RSA_NO_PADDING; -+ padding_len = 0; -+ break; -+ default: -+ ret = CKR_FUNCTION_NOT_SUPPORTED; -+ goto out; -+ } -+ -+ if (buffer_len + padding_len < ulEncryptedDataLen) { -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pulDataLen == NULL) { -+ st_logf("pulDataLen NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pEncryptedData == NULL_PTR) { -+ st_logf("data NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ len = RSA_private_decrypt(ulEncryptedDataLen, pEncryptedData, buffer, -+ rsa, padding); -+ if (len <= 0) { -+ ret = CKR_DEVICE_ERROR; -+ goto out; -+ } -+ if (len > buffer_len) -+ abort(); -+ -+ if (pData != NULL_PTR) -+ memcpy(pData, buffer, len); -+ *pulDataLen = len; -+ -+ out: -+ if (buffer) { -+ memset(buffer, 0, buffer_len); -+ free(buffer); -+ } -+ return ret; -+} -+ -+ -+CK_RV -+C_DecryptUpdate(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pEncryptedPart, -+ CK_ULONG ulEncryptedPartLen, -+ CK_BYTE_PTR pPart, -+ CK_ULONG_PTR pulPartLen) -+ -+{ -+ st_logf("DecryptUpdate\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+ -+CK_RV -+C_DecryptFinal(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pLastPart, -+ CK_ULONG_PTR pulLastPartLen) -+{ -+ st_logf("DecryptFinal\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_DigestInit(CK_SESSION_HANDLE hSession, -+ CK_MECHANISM_PTR pMechanism) -+{ -+ st_logf("DigestInit\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_SignInit(CK_SESSION_HANDLE hSession, -+ CK_MECHANISM_PTR pMechanism, -+ CK_OBJECT_HANDLE hKey) -+{ -+ struct session_state *state; -+ CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 }; -+ CK_BBOOL bool_true = CK_TRUE; -+ CK_ATTRIBUTE attr[] = { -+ { CKA_SIGN, &bool_true, sizeof(bool_true) } -+ }; -+ struct st_object *o; -+ CK_RV ret; -+ -+ st_logf("SignInit\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), -+ mechs, sizeof(mechs)/sizeof(mechs[0]), -+ pMechanism, hKey, &o); -+ if (ret) -+ return ret; -+ -+ ret = dup_mechanism(&state->sign_mechanism, pMechanism); -+ if (ret == CKR_OK) -+ state->sign_object = OBJECT_ID(o); -+ -+ return CKR_OK; -+} -+ -+CK_RV -+C_Sign(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pData, -+ CK_ULONG ulDataLen, -+ CK_BYTE_PTR pSignature, -+ CK_ULONG_PTR pulSignatureLen) -+{ -+ struct session_state *state; -+ struct st_object *o; -+ void *buffer = NULL; -+ CK_RV ret; -+ RSA *rsa; -+ int padding, len, buffer_len, padding_len; -+ -+ st_logf("Sign\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->sign_object == -1) -+ return CKR_ARGUMENTS_BAD; -+ -+ o = soft_token.object.objs[state->sign_object]; -+ -+ if (o->u.private_key.key == NULL) { -+ st_logf("private key NULL\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ rsa = o->u.private_key.key->pkey.rsa; -+ -+ if (rsa == NULL) -+ return CKR_ARGUMENTS_BAD; -+ -+ RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */ -+ -+ buffer_len = RSA_size(rsa); -+ -+ buffer = malloc(buffer_len); -+ if (buffer == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ -+ switch(state->sign_mechanism->mechanism) { -+ case CKM_RSA_PKCS: -+ padding = RSA_PKCS1_PADDING; -+ padding_len = RSA_PKCS1_PADDING_SIZE; -+ break; -+ case CKM_RSA_X_509: -+ padding = RSA_NO_PADDING; -+ padding_len = 0; -+ break; -+ default: -+ ret = CKR_FUNCTION_NOT_SUPPORTED; -+ goto out; -+ } -+ -+ if (buffer_len < ulDataLen + padding_len) { -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pulSignatureLen == NULL) { -+ st_logf("signature len NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pData == NULL_PTR) { -+ st_logf("data NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ len = RSA_private_encrypt(ulDataLen, pData, buffer, rsa, padding); -+ st_logf("private encrypt done\n"); -+ if (len <= 0) { -+ ret = CKR_DEVICE_ERROR; -+ goto out; -+ } -+ if (len > buffer_len) -+ abort(); -+ -+ if (pSignature != NULL_PTR) -+ memcpy(pSignature, buffer, len); -+ *pulSignatureLen = len; -+ -+ ret = CKR_OK; -+ -+ out: -+ if (buffer) { -+ memset(buffer, 0, buffer_len); -+ free(buffer); -+ } -+ return ret; -+} -+ -+CK_RV -+C_SignUpdate(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pPart, -+ CK_ULONG ulPartLen) -+{ -+ st_logf("SignUpdate\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+ -+CK_RV -+C_SignFinal(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pSignature, -+ CK_ULONG_PTR pulSignatureLen) -+{ -+ st_logf("SignUpdate\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_VerifyInit(CK_SESSION_HANDLE hSession, -+ CK_MECHANISM_PTR pMechanism, -+ CK_OBJECT_HANDLE hKey) -+{ -+ struct session_state *state; -+ CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 }; -+ CK_BBOOL bool_true = CK_TRUE; -+ CK_ATTRIBUTE attr[] = { -+ { CKA_VERIFY, &bool_true, sizeof(bool_true) } -+ }; -+ struct st_object *o; -+ CK_RV ret; -+ -+ st_logf("VerifyInit\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), -+ mechs, sizeof(mechs)/sizeof(mechs[0]), -+ pMechanism, hKey, &o); -+ if (ret) -+ return ret; -+ -+ ret = dup_mechanism(&state->verify_mechanism, pMechanism); -+ if (ret == CKR_OK) -+ state->verify_object = OBJECT_ID(o); -+ -+ return ret; -+} -+ -+CK_RV -+C_Verify(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pData, -+ CK_ULONG ulDataLen, -+ CK_BYTE_PTR pSignature, -+ CK_ULONG ulSignatureLen) -+{ -+ struct session_state *state; -+ struct st_object *o; -+ void *buffer = NULL; -+ CK_RV ret; -+ RSA *rsa; -+ int padding, len, buffer_len; -+ -+ st_logf("Verify\n"); -+ VERIFY_SESSION_HANDLE(hSession, &state); -+ -+ if (state->verify_object == -1) -+ return CKR_ARGUMENTS_BAD; -+ -+ o = soft_token.object.objs[state->verify_object]; -+ -+ if (o->u.public_key == NULL) { -+ st_logf("public key NULL\n"); -+ return CKR_ARGUMENTS_BAD; -+ } -+ -+ rsa = o->u.public_key->pkey.rsa; -+ -+ if (rsa == NULL) -+ return CKR_ARGUMENTS_BAD; -+ -+ RSA_blinding_off(rsa); /* XXX RAND is broken while running in mozilla ? */ -+ -+ buffer_len = RSA_size(rsa); -+ -+ buffer = malloc(buffer_len); -+ if (buffer == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } -+ -+ ret = CKR_OK; -+ switch(state->verify_mechanism->mechanism) { -+ case CKM_RSA_PKCS: -+ padding = RSA_PKCS1_PADDING; -+ break; -+ case CKM_RSA_X_509: -+ padding = RSA_NO_PADDING; -+ break; -+ default: -+ ret = CKR_FUNCTION_NOT_SUPPORTED; -+ goto out; -+ } -+ -+ if (buffer_len < ulDataLen) { -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pSignature == NULL) { -+ st_logf("signature NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ if (pData == NULL_PTR) { -+ st_logf("data NULL\n"); -+ ret = CKR_ARGUMENTS_BAD; -+ goto out; -+ } -+ -+ len = RSA_public_decrypt(ulDataLen, pData, buffer, rsa, padding); -+ st_logf("private encrypt done\n"); -+ if (len <= 0) { -+ ret = CKR_DEVICE_ERROR; -+ goto out; -+ } -+ if (len > buffer_len) -+ abort(); -+ -+ if (len != ulSignatureLen) { -+ ret = CKR_GENERAL_ERROR; -+ goto out; -+ } -+ -+ if (memcmp(pSignature, buffer, len) != 0) { -+ ret = CKR_GENERAL_ERROR; -+ goto out; -+ } -+ -+ out: -+ if (buffer) { -+ memset(buffer, 0, buffer_len); -+ free(buffer); -+ } -+ return ret; -+} -+ -+ -+CK_RV -+C_VerifyUpdate(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pPart, -+ CK_ULONG ulPartLen) -+{ -+ st_logf("VerifyUpdate\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_VerifyFinal(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR pSignature, -+ CK_ULONG ulSignatureLen) -+{ -+ st_logf("VerifyFinal\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+CK_RV -+C_GenerateRandom(CK_SESSION_HANDLE hSession, -+ CK_BYTE_PTR RandomData, -+ CK_ULONG ulRandomLen) -+{ -+ st_logf("GenerateRandom\n"); -+ VERIFY_SESSION_HANDLE(hSession, NULL); -+ return CKR_FUNCTION_NOT_SUPPORTED; -+} -+ -+ -+CK_FUNCTION_LIST funcs = { -+ { 2, 11 }, -+ C_Initialize, -+ C_Finalize, -+ C_GetInfo, -+ C_GetFunctionList, -+ C_GetSlotList, -+ C_GetSlotInfo, -+ C_GetTokenInfo, -+ C_GetMechanismList, -+ C_GetMechanismInfo, -+ C_InitToken, -+ (void *)func_not_supported, /* C_InitPIN */ -+ (void *)func_not_supported, /* C_SetPIN */ -+ C_OpenSession, -+ C_CloseSession, -+ C_CloseAllSessions, -+ C_GetSessionInfo, -+ (void *)func_not_supported, /* C_GetOperationState */ -+ (void *)func_not_supported, /* C_SetOperationState */ -+ C_Login, -+ C_Logout, -+ (void *)func_not_supported, /* C_CreateObject */ -+ (void *)func_not_supported, /* C_CopyObject */ -+ (void *)func_not_supported, /* C_DestroyObject */ -+ (void *)func_not_supported, /* C_GetObjectSize */ -+ C_GetAttributeValue, -+ (void *)func_not_supported, /* C_SetAttributeValue */ -+ C_FindObjectsInit, -+ C_FindObjects, -+ C_FindObjectsFinal, -+ C_EncryptInit, -+ C_Encrypt, -+ C_EncryptUpdate, -+ C_EncryptFinal, -+ C_DecryptInit, -+ C_Decrypt, -+ C_DecryptUpdate, -+ C_DecryptFinal, -+ C_DigestInit, -+ (void *)func_not_supported, /* C_Digest */ -+ (void *)func_not_supported, /* C_DigestUpdate */ -+ (void *)func_not_supported, /* C_DigestKey */ -+ (void *)func_not_supported, /* C_DigestFinal */ -+ C_SignInit, -+ C_Sign, -+ C_SignUpdate, -+ C_SignFinal, -+ (void *)func_not_supported, /* C_SignRecoverInit */ -+ (void *)func_not_supported, /* C_SignRecover */ -+ C_VerifyInit, -+ C_Verify, -+ C_VerifyUpdate, -+ C_VerifyFinal, -+ (void *)func_not_supported, /* C_VerifyRecoverInit */ -+ (void *)func_not_supported, /* C_VerifyRecover */ -+ (void *)func_not_supported, /* C_DigestEncryptUpdate */ -+ (void *)func_not_supported, /* C_DecryptDigestUpdate */ -+ (void *)func_not_supported, /* C_SignEncryptUpdate */ -+ (void *)func_not_supported, /* C_DecryptVerifyUpdate */ -+ (void *)func_not_supported, /* C_GenerateKey */ -+ (void *)func_not_supported, /* C_GenerateKeyPair */ -+ (void *)func_not_supported, /* C_WrapKey */ -+ (void *)func_not_supported, /* C_UnwrapKey */ -+ (void *)func_not_supported, /* C_DeriveKey */ -+ (void *)func_not_supported, /* C_SeedRandom */ -+ C_GenerateRandom, -+ (void *)func_not_supported, /* C_GetFunctionStatus */ -+ (void *)func_not_supported, /* C_CancelFunction */ -+ (void *)func_not_supported /* C_WaitForSlotEvent */ -+}; diff --git a/SOURCES/Add-tests-for-KCM-ccache-type.patch b/SOURCES/Add-tests-for-KCM-ccache-type.patch deleted file mode 100644 index f572041..0000000 --- a/SOURCES/Add-tests-for-KCM-ccache-type.patch +++ /dev/null @@ -1,295 +0,0 @@ -From 7ab0bbac058d2b82aa3432759c600b22012f8afe Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Thu, 22 Nov 2018 00:27:35 -0500 -Subject: [PATCH] Add tests for KCM ccache type - -Using a trivial Python implementation of a KCM server, run the -t_ccache.py tests against the KCM ccache type. - -(cherry picked from commit f0bcb86131e385b2603ccf0f3c7d65aa3891b220) -(cherry picked from commit 5ecbe8d3ab4f53c0923a0442273bf18a9ff04fd5) ---- - src/tests/kcmserver.py | 246 +++++++++++++++++++++++++++++++++++++++++ - src/tests/t_ccache.py | 9 +- - 2 files changed, 254 insertions(+), 1 deletion(-) - create mode 100644 src/tests/kcmserver.py - -diff --git a/src/tests/kcmserver.py b/src/tests/kcmserver.py -new file mode 100644 -index 000000000..57432e5a7 ---- /dev/null -+++ b/src/tests/kcmserver.py -@@ -0,0 +1,246 @@ -+# This is a simple KCM test server, used to exercise the KCM ccache -+# client code. It will generally throw an uncaught exception if the -+# client sends anything unexpected, so is unsuitable for production. -+# (It also imposes no namespace or access constraints, and blocks -+# while reading requests and writing responses.) -+ -+# This code knows nothing about how to marshal and unmarshal principal -+# names and credentials as is required in the KCM protocol; instead, -+# it just remembers the marshalled forms and replays them to the -+# client when asked. This works because marshalled creds and -+# principal names are always the last part of marshalled request -+# arguments, and because we don't need to implement remove_cred (which -+# would need to know how to match a cred tag against previously stored -+# credentials). -+ -+# The following code is useful for debugging if anything appears to be -+# going wrong in the server, since daemon output is generally not -+# visible in Python test scripts. -+# -+# import sys, traceback -+# def ehook(etype, value, tb): -+# with open('/tmp/exception', 'w') as f: -+# traceback.print_exception(etype, value, tb, file=f) -+# sys.excepthook = ehook -+ -+import select -+import socket -+import struct -+import sys -+ -+caches = {} -+cache_uuidmap = {} -+defname = b'default' -+next_unique = 1 -+next_uuid = 1 -+ -+class KCMOpcodes(object): -+ GEN_NEW = 3 -+ INITIALIZE = 4 -+ DESTROY = 5 -+ STORE = 6 -+ GET_PRINCIPAL = 8 -+ GET_CRED_UUID_LIST = 9 -+ GET_CRED_BY_UUID = 10 -+ REMOVE_CRED = 11 -+ GET_CACHE_UUID_LIST = 18 -+ GET_CACHE_BY_UUID = 19 -+ GET_DEFAULT_CACHE = 20 -+ SET_DEFAULT_CACHE = 21 -+ GET_KDC_OFFSET = 22 -+ SET_KDC_OFFSET = 23 -+ -+ -+class KRB5Errors(object): -+ KRB5_CC_END = -1765328242 -+ KRB5_CC_NOSUPP = -1765328137 -+ KRB5_FCC_NOFILE = -1765328189 -+ -+ -+def make_uuid(): -+ global next_uuid -+ uuid = bytes(12) + struct.pack('>L', next_uuid) -+ next_uuid = next_uuid + 1 -+ return uuid -+ -+ -+class Cache(object): -+ def __init__(self, name): -+ self.name = name -+ self.princ = None -+ self.uuid = make_uuid() -+ self.cred_uuids = [] -+ self.creds = {} -+ self.time_offset = 0 -+ -+ -+def get_cache(name): -+ if name in caches: -+ return caches[name] -+ cache = Cache(name) -+ caches[name] = cache -+ cache_uuidmap[cache.uuid] = cache -+ return cache -+ -+ -+def unmarshal_name(argbytes): -+ offset = argbytes.find(b'\0') -+ return argbytes[0:offset], argbytes[offset+1:] -+ -+ -+def op_gen_new(argbytes): -+ # Does not actually check for uniqueness. -+ global next_unique -+ name = b'unique' + str(next_unique).encode('ascii') -+ next_unique += 1 -+ return 0, name + b'\0' -+ -+ -+def op_initialize(argbytes): -+ name, princ = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ cache.princ = princ -+ cache.cred_uuids = [] -+ cache.creds = {} -+ cache.time_offset = 0 -+ return 0, b'' -+ -+ -+def op_destroy(argbytes): -+ name, rest = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ del cache_uuidmap[cache.uuid] -+ del caches[name] -+ return 0, b'' -+ -+ -+def op_store(argbytes): -+ name, cred = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ uuid = make_uuid() -+ cache.creds[uuid] = cred -+ cache.cred_uuids.append(uuid) -+ return 0, b'' -+ -+ -+def op_get_principal(argbytes): -+ name, rest = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ if cache.princ is None: -+ return KRB5Errors.KRB5_FCC_NOFILE, b'' -+ return 0, cache.princ + b'\0' -+ -+ -+def op_get_cred_uuid_list(argbytes): -+ name, rest = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ return 0, b''.join(cache.cred_uuids) -+ -+ -+def op_get_cred_by_uuid(argbytes): -+ name, uuid = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ if uuid not in cache.creds: -+ return KRB5Errors.KRB5_CC_END, b'' -+ return 0, cache.creds[uuid] -+ -+ -+def op_remove_cred(argbytes): -+ return KRB5Errors.KRB5_CC_NOSUPP, b'' -+ -+ -+def op_get_cache_uuid_list(argbytes): -+ return 0, b''.join(cache_uuidmap.keys()) -+ -+ -+def op_get_cache_by_uuid(argbytes): -+ uuid = argbytes -+ if uuid not in cache_uuidmap: -+ return KRB5Errors.KRB5_CC_END, b'' -+ return 0, cache_uuidmap[uuid].name + b'\0' -+ -+ -+def op_get_default_cache(argbytes): -+ return 0, defname + b'\0' -+ -+ -+def op_set_default_cache(argbytes): -+ global defname -+ defname, rest = unmarshal_name(argbytes) -+ return 0, b'' -+ -+ -+def op_get_kdc_offset(argbytes): -+ name, rest = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ return 0, struct.pack('>l', cache.time_offset) -+ -+ -+def op_set_kdc_offset(argbytes): -+ name, obytes = unmarshal_name(argbytes) -+ cache = get_cache(name) -+ cache.time_offset, = struct.unpack('>l', obytes) -+ return 0, b'' -+ -+ -+ophandlers = { -+ KCMOpcodes.GEN_NEW : op_gen_new, -+ KCMOpcodes.INITIALIZE : op_initialize, -+ KCMOpcodes.DESTROY : op_destroy, -+ KCMOpcodes.STORE : op_store, -+ KCMOpcodes.GET_PRINCIPAL : op_get_principal, -+ KCMOpcodes.GET_CRED_UUID_LIST : op_get_cred_uuid_list, -+ KCMOpcodes.GET_CRED_BY_UUID : op_get_cred_by_uuid, -+ KCMOpcodes.REMOVE_CRED : op_remove_cred, -+ KCMOpcodes.GET_CACHE_UUID_LIST : op_get_cache_uuid_list, -+ KCMOpcodes.GET_CACHE_BY_UUID : op_get_cache_by_uuid, -+ KCMOpcodes.GET_DEFAULT_CACHE : op_get_default_cache, -+ KCMOpcodes.SET_DEFAULT_CACHE : op_set_default_cache, -+ KCMOpcodes.GET_KDC_OFFSET : op_get_kdc_offset, -+ KCMOpcodes.SET_KDC_OFFSET : op_set_kdc_offset -+} -+ -+# Read and respond to a request from the socket s. -+def service_request(s): -+ lenbytes = b'' -+ while len(lenbytes) < 4: -+ lenbytes += s.recv(4 - len(lenbytes)) -+ if lenbytes == b'': -+ return False -+ -+ reqlen, = struct.unpack('>L', lenbytes) -+ req = b'' -+ while len(req) < reqlen: -+ req += s.recv(reqlen - len(req)) -+ -+ majver, minver, op = struct.unpack('>BBH', req[:4]) -+ argbytes = req[4:] -+ code, payload = ophandlers[op](argbytes) -+ -+ # The KCM response is the code (4 bytes) and the response payload. -+ # The Heimdal IPC response is the length of the KCM response (4 -+ # bytes), a status code which is essentially always 0 (4 bytes), -+ # and the KCM response. -+ kcm_response = struct.pack('>l', code) + payload -+ hipc_response = struct.pack('>LL', len(kcm_response), 0) + kcm_response -+ s.sendall(hipc_response) -+ return True -+ -+ -+server = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) -+server.bind(sys.argv[1]) -+server.listen(5) -+select_input = [server,] -+sys.stderr.write('starting...\n') -+sys.stderr.flush() -+ -+while True: -+ iready, oready, xready = select.select(select_input, [], []) -+ for s in iready: -+ if s == server: -+ client, addr = server.accept() -+ select_input.append(client) -+ else: -+ if not service_request(s): -+ select_input.remove(s) -+ s.close() -diff --git a/src/tests/t_ccache.py b/src/tests/t_ccache.py -index fcf1a611e..66804afa5 100755 ---- a/src/tests/t_ccache.py -+++ b/src/tests/t_ccache.py -@@ -22,7 +22,10 @@ - - from k5test import * - --realm = K5Realm(create_host=False) -+kcm_socket_path = os.path.join(os.getcwd(), 'testdir', 'kcm') -+conf = {'libdefaults': {'kcm_socket': kcm_socket_path, -+ 'kcm_mach_service': '-'}} -+realm = K5Realm(create_host=False, krb5_conf=conf) - - keyctl = which('keyctl') - out = realm.run([klist, '-c', 'KEYRING:process:abcd'], expected_code=1) -@@ -122,6 +125,10 @@ def collection_test(realm, ccname): - - - collection_test(realm, 'DIR:' + os.path.join(realm.testdir, 'cc')) -+kcmserver_path = os.path.join(srctop, 'tests', 'kcmserver.py') -+realm.start_server([sys.executable, kcmserver_path, kcm_socket_path], -+ 'starting...') -+collection_test(realm, 'KCM:') - if test_keyring: - def cleanup_keyring(anchor, name): - out = realm.run(['keyctl', 'list', anchor]) diff --git a/SOURCES/Address-some-optimized-out-memset-calls.patch b/SOURCES/Address-some-optimized-out-memset-calls.patch deleted file mode 100644 index 372e527..0000000 --- a/SOURCES/Address-some-optimized-out-memset-calls.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 722247aa6201d18a7ee69c4a9a05315226fe6383 Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Sun, 30 Dec 2018 16:40:28 -0500 -Subject: [PATCH] Address some optimized-out memset() calls - -Ilja Van Sprundel reported a list of memset() calls which gcc -optimizes out. In krb_auth_su.c, use zap() to clear the password, and -remove two memset() calls when there is no password to clear. In -iakerb.c, remove an unnecessary memset() before setting the only two -fields of the IAKERB header structure. In svr_principal.c, use -krb5_free_key_keyblock_contents() instead of hand-freeing key data. -In asn1_k_encode.c, remove an unnecessary memset() of the kdc_req_hack -shell before returning. - -(cherry picked from commit 1057b0befec1f1c0e9d4da5521a58496e2dc0997) -(cherry picked from commit 1dfff7202448a950c9133cdfe43d650092d930fd) ---- - src/clients/ksu/krb_auth_su.c | 4 +--- - src/lib/gssapi/krb5/iakerb.c | 1 - - src/lib/kadm5/srv/svr_principal.c | 10 ++-------- - src/lib/krb5/asn.1/asn1_k_encode.c | 1 - - 4 files changed, 3 insertions(+), 13 deletions(-) - -diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c -index 7af48195c..e39685fff 100644 ---- a/src/clients/ksu/krb_auth_su.c -+++ b/src/clients/ksu/krb_auth_su.c -@@ -183,21 +183,19 @@ krb5_boolean ksu_get_tgt_via_passwd(context, client, options, zero_password, - if (code ) { - com_err(prog_name, code, _("while reading password for '%s'\n"), - client_name); -- memset(password, 0, sizeof(password)); - return (FALSE); - } - - if ( pwsize == 0) { - fprintf(stderr, _("No password given\n")); - *zero_password = TRUE; -- memset(password, 0, sizeof(password)); - return (FALSE); - } - - code = krb5_get_init_creds_password(context, &creds, client, password, - krb5_prompter_posix, NULL, 0, NULL, - options); -- memset(password, 0, sizeof(password)); -+ zap(password, sizeof(password)); - - - if (code) { -diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c -index bb1072fe4..47c161ec9 100644 ---- a/src/lib/gssapi/krb5/iakerb.c -+++ b/src/lib/gssapi/krb5/iakerb.c -@@ -262,7 +262,6 @@ iakerb_make_token(iakerb_ctx_id_t ctx, - /* - * Assemble the IAKERB-HEADER from the realm and cookie - */ -- memset(&iah, 0, sizeof(iah)); - iah.target_realm = *realm; - iah.cookie = cookie; - -diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c -index 21c53ece1..9ab2c5a74 100644 ---- a/src/lib/kadm5/srv/svr_principal.c -+++ b/src/lib/kadm5/srv/svr_principal.c -@@ -2093,14 +2093,8 @@ static int decrypt_key_data(krb5_context context, - ret = krb5_dbe_decrypt_key_data(context, NULL, &key_data[i], &keys[i], - NULL); - if (ret) { -- for (; i >= 0; i--) { -- if (keys[i].contents) { -- memset (keys[i].contents, 0, keys[i].length); -- free( keys[i].contents ); -- } -- } -- -- memset(keys, 0, n_key_data*sizeof(krb5_keyblock)); -+ for (; i >= 0; i--) -+ krb5_free_keyblock_contents(context, &keys[i]); - free(keys); - return ret; - } -diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c -index 65c84be2f..81a34bac9 100644 ---- a/src/lib/krb5/asn.1/asn1_k_encode.c -+++ b/src/lib/krb5/asn.1/asn1_k_encode.c -@@ -528,7 +528,6 @@ decode_kdc_req_body(const taginfo *t, const uint8_t *asn1, size_t len, - if (ret) { - free_kdc_req_body(b); - free(h.server_realm.data); -- memset(&h, 0, sizeof(h)); - return ret; - } - b->server->realm = h.server_realm; diff --git a/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch b/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch new file mode 100644 index 0000000..f728c1c --- /dev/null +++ b/SOURCES/Allow-certauth-modules-to-set-hw-authent-flag.patch @@ -0,0 +1,242 @@ +From b4dba5a4c16b2585c38445e3067b5e3399f38a10 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Mon, 24 Feb 2020 15:58:59 -0500 +Subject: [PATCH] Allow certauth modules to set hw-authent flag + +In PKINIT, if a certauth module returns KRB5_CERTAUTH_HWAUTH from its +authorize method, set the hw-authent flag in the ticket. + +ticket: 8879 (new) +(cherry picked from commit 50fb43b4a2d97ce2cd53e1ced30e8e8224fede70) +(cherry picked from commit d23b2ed4f06fa77cd021814834dd1391ef6f452f) +--- + doc/plugindev/certauth.rst | 7 +++++-- + src/include/krb5/certauth_plugin.h | 9 ++++++--- + src/lib/krb5/error_tables/k5e1_err.et | 1 + + src/plugins/certauth/test/Makefile.in | 4 ++-- + src/plugins/certauth/test/main.c | 11 +++++++++-- + src/plugins/preauth/pkinit/pkinit_srv.c | 24 ++++++++++++++++-------- + src/tests/t_certauth.py | 13 +++++++++++++ + 7 files changed, 52 insertions(+), 17 deletions(-) + +diff --git a/doc/plugindev/certauth.rst b/doc/plugindev/certauth.rst +index 8a7f7c5eb..3b715f738 100644 +--- a/doc/plugindev/certauth.rst ++++ b/doc/plugindev/certauth.rst +@@ -15,8 +15,11 @@ principal. **authorize** receives the DER-encoded certificate, the + requested client principal, and a pointer to the client's + krb5_db_entry (for modules that link against libkdb5). It returns the + authorization status and optionally outputs a list of authentication +-indicator strings to be added to the ticket. A module must use its +-own internal or library-provided ASN.1 certificate decoder. ++indicator strings to be added to the ticket. Beginning in release ++1.19, the authorize method can request that the hardware ++authentication bit be set in the ticket by returning ++**KRB5_CERTAUTH_HWAUTH**. A module must use its own internal or ++library-provided ASN.1 certificate decoder. + + A module can optionally create and destroy module data with the + **init** and **fini** methods. Module data objects last for the +diff --git a/src/include/krb5/certauth_plugin.h b/src/include/krb5/certauth_plugin.h +index 3074790f8..3466cf345 100644 +--- a/src/include/krb5/certauth_plugin.h ++++ b/src/include/krb5/certauth_plugin.h +@@ -85,14 +85,17 @@ typedef void + (*krb5_certauth_fini_fn)(krb5_context context, krb5_certauth_moddata moddata); + + /* +- * Mandatory: +- * Return 0 if the DER-encoded cert is authorized for PKINIT authentication by +- * princ; otherwise return one of the following error codes: ++ * Mandatory: return 0 or KRB5_CERTAUTH_HWAUTH if the DER-encoded cert is ++ * authorized for PKINIT authentication by princ; otherwise return one of the ++ * following error codes: + * - KRB5KDC_ERR_CLIENT_NAME_MISMATCH - incorrect SAN value + * - KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE - incorrect EKU + * - KRB5KDC_ERR_CERTIFICATE_MISMATCH - other extension error + * - KRB5_PLUGIN_NO_HANDLE - the module has no opinion about cert + * ++ * Returning KRB5_CERTAUTH_HWAUTH will cause the hw-authent flag to be set in ++ * the issued ticket (new in release 1.19). ++ * + * - opts is used by built-in modules to receive internal data, and must be + * ignored by other modules. + * - db_entry receives the client principal database entry, and can be ignored +diff --git a/src/lib/krb5/error_tables/k5e1_err.et b/src/lib/krb5/error_tables/k5e1_err.et +index ade5caecf..abd9f3bfe 100644 +--- a/src/lib/krb5/error_tables/k5e1_err.et ++++ b/src/lib/krb5/error_tables/k5e1_err.et +@@ -42,4 +42,5 @@ error_code KRB5_KCM_MALFORMED_REPLY, "Malformed reply from KCM daemon" + error_code KRB5_KCM_RPC_ERROR, "Mach RPC error communicating with KCM daemon" + error_code KRB5_KCM_REPLY_TOO_BIG, "KCM daemon reply too big" + error_code KRB5_KCM_NO_SERVER, "No KCM server found" ++error_code KRB5_CERTAUTH_HWAUTH, "Authorize and set hw-authent ticket flag" + end +diff --git a/src/plugins/certauth/test/Makefile.in b/src/plugins/certauth/test/Makefile.in +index d3524084c..e94c13845 100644 +--- a/src/plugins/certauth/test/Makefile.in ++++ b/src/plugins/certauth/test/Makefile.in +@@ -5,8 +5,8 @@ LIBBASE=certauth_test + LIBMAJOR=0 + LIBMINOR=0 + RELDIR=../plugins/certauth/test +-SHLIB_EXPDEPS=$(KRB5_BASE_DEPLIBS) +-SHLIB_EXPLIBS=$(KRB5_BASE_LIBS) ++SHLIB_EXPDEPS=$(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS) ++SHLIB_EXPLIBS=$(KDB5_LIBS) $(KRB5_BASE_LIBS) + + STLIBOBJS=main.o + +diff --git a/src/plugins/certauth/test/main.c b/src/plugins/certauth/test/main.c +index 77641230c..d4633b8cd 100644 +--- a/src/plugins/certauth/test/main.c ++++ b/src/plugins/certauth/test/main.c +@@ -31,6 +31,7 @@ + */ + + #include ++#include + #include "krb5/certauth_plugin.h" + + struct krb5_certauth_moddata_st { +@@ -131,7 +132,8 @@ has_cn(krb5_context context, const uint8_t *cert, size_t cert_len, + + /* + * Test module 2 returns OK if princ matches the CN part of the subject name, +- * and returns indicators of the module name and princ. ++ * and returns indicators of the module name and princ. If the "hwauth" string ++ * attribute is set on db_entry, it returns KRB5_CERTAUTH_HWAUTH. + */ + static krb5_error_code + test2_authorize(krb5_context context, krb5_certauth_moddata moddata, +@@ -141,7 +143,7 @@ test2_authorize(krb5_context context, krb5_certauth_moddata moddata, + char ***authinds_out) + { + krb5_error_code ret; +- char *name = NULL, **ais = NULL; ++ char *name = NULL, *strval = NULL, **ais = NULL; + + *authinds_out = NULL; + +@@ -167,6 +169,11 @@ test2_authorize(krb5_context context, krb5_certauth_moddata moddata, + + ais = NULL; + ++ ret = krb5_dbe_get_string(context, (krb5_db_entry *)db_entry, "hwauth", ++ &strval); ++ ret = (strval != NULL) ? KRB5_CERTAUTH_HWAUTH : 0; ++ krb5_dbe_free_string(context, strval); ++ + cleanup: + krb5_free_unparsed_name(context, name); + return ret; +diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c +index feca11806..3ae56c064 100644 +--- a/src/plugins/preauth/pkinit/pkinit_srv.c ++++ b/src/plugins/preauth/pkinit/pkinit_srv.c +@@ -320,12 +320,12 @@ static krb5_error_code + authorize_cert(krb5_context context, certauth_handle *certauth_modules, + pkinit_kdc_context plgctx, pkinit_kdc_req_context reqctx, + krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, +- krb5_principal client) ++ krb5_principal client, krb5_boolean *hwauth_out) + { + krb5_error_code ret; + certauth_handle h; + struct certauth_req_opts opts; +- krb5_boolean accepted = FALSE; ++ krb5_boolean accepted = FALSE, hwauth = FALSE; + uint8_t *cert; + size_t i, cert_len; + void *db_ent = NULL; +@@ -347,9 +347,10 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules, + + /* + * Check the certificate against each certauth module. For the certificate +- * to be authorized at least one module must return 0, and no module can an +- * error code other than KRB5_PLUGIN_NO_HANDLE (pass). Add indicators from +- * modules that return 0 or pass. ++ * to be authorized at least one module must return 0 or ++ * KRB5_CERTAUTH_HWAUTH, and no module can return an error code other than ++ * KRB5_PLUGIN_NO_HANDLE (pass). Add indicators from modules that return 0 ++ * or pass. + */ + ret = KRB5_PLUGIN_NO_HANDLE; + for (i = 0; certauth_modules != NULL && certauth_modules[i] != NULL; i++) { +@@ -359,6 +360,8 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules, + &opts, db_ent, &ais); + if (ret == 0) + accepted = TRUE; ++ else if (ret == KRB5_CERTAUTH_HWAUTH) ++ accepted = hwauth = TRUE; + else if (ret != KRB5_PLUGIN_NO_HANDLE) + goto cleanup; + +@@ -374,6 +377,7 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules, + } + } + ++ *hwauth_out = hwauth; + ret = accepted ? 0 : KRB5KDC_ERR_CLIENT_NAME_MISMATCH; + + cleanup: +@@ -430,7 +434,7 @@ pkinit_server_verify_padata(krb5_context context, + int is_signed = 1; + krb5_pa_data **e_data = NULL; + krb5_kdcpreauth_modreq modreq = NULL; +- krb5_boolean valid_freshness_token = FALSE; ++ krb5_boolean valid_freshness_token = FALSE, hwauth = FALSE; + char **sp; + + pkiDebug("pkinit_verify_padata: entered!\n"); +@@ -494,7 +498,7 @@ pkinit_server_verify_padata(krb5_context context, + } + if (is_signed) { + retval = authorize_cert(context, moddata->certauth_modules, plgctx, +- reqctx, cb, rock, request->client); ++ reqctx, cb, rock, request->client, &hwauth); + if (retval) + goto cleanup; + +@@ -613,6 +617,8 @@ pkinit_server_verify_padata(krb5_context context, + + /* remember to set the PREAUTH flag in the reply */ + enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; ++ if (hwauth) ++ enc_tkt_reply->flags |= TKT_FLG_HW_AUTH; + modreq = (krb5_kdcpreauth_modreq)reqctx; + reqctx = NULL; + +@@ -1044,7 +1050,9 @@ pkinit_server_get_flags(krb5_context kcontext, krb5_preauthtype patype) + { + if (patype == KRB5_PADATA_PKINIT_KX) + return PA_INFO; +- return PA_SUFFICIENT | PA_REPLACES_KEY | PA_TYPED_E_DATA; ++ /* PKINIT does not normally set the hw-authent ticket flag, but a ++ * certauth module can cause it to do so. */ ++ return PA_SUFFICIENT | PA_REPLACES_KEY | PA_TYPED_E_DATA | PA_HARDWARE; + } + + static krb5_preauthtype supported_server_pa_types[] = { +diff --git a/src/tests/t_certauth.py b/src/tests/t_certauth.py +index 9c7094525..0fe0fdb4a 100644 +--- a/src/tests/t_certauth.py ++++ b/src/tests/t_certauth.py +@@ -43,4 +43,17 @@ out = realm.kinit("user2@KRBTEST.COM", + expected_code=1, + expected_msg='kinit: Certificate mismatch') + ++# Test the KRB5_CERTAUTH_HWAUTH return code. ++mark('hw-authent flag tests') ++# First test +requires_hwauth without causing the hw-authent ticket ++# flag to be set. This currently results in a preauth loop. ++realm.run([kadminl, 'modprinc', '+requires_hwauth', realm.user_princ]) ++realm.kinit(realm.user_princ, ++ flags=['-X', 'X509_user_identity=%s' % file_identity], ++ expected_code=1, expected_msg='Looping detected') ++# Cause the test2 module to return KRB5_CERTAUTH_HWAUTH and try again. ++realm.run([kadminl, 'setstr', realm.user_princ, 'hwauth', 'x']) ++realm.kinit(realm.user_princ, ++ flags=['-X', 'X509_user_identity=%s' % file_identity]) ++ + success("certauth tests") diff --git a/SOURCES/Avoid-alignment-warnings-in-openssl-rc4.c.patch b/SOURCES/Avoid-alignment-warnings-in-openssl-rc4.c.patch deleted file mode 100644 index e684c88..0000000 --- a/SOURCES/Avoid-alignment-warnings-in-openssl-rc4.c.patch +++ /dev/null @@ -1,63 +0,0 @@ -From e22f3e2439903aa05321ca339be6a12067b2c4db Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Mon, 6 May 2019 15:14:49 -0400 -Subject: [PATCH] Avoid alignment warnings in openssl rc4.c - -Add a comment to k5_arcfour_init_state() explaining how we stretch the -krb5_data cipher state contract. Use void * casts when interpreting -the data pointer to avoid alignment warnings. - -[ghudson@mit.edu: moved and expanded comment; rewrote commit message] - -(cherry picked from commit 1cd41d76c12fc1cea0a8bf0d6a40f34623c60d6d) ---- - src/lib/crypto/openssl/enc_provider/rc4.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c -index 7f3c086ed..a65d57b7a 100644 ---- a/src/lib/crypto/openssl/enc_provider/rc4.c -+++ b/src/lib/crypto/openssl/enc_provider/rc4.c -@@ -57,7 +57,7 @@ struct arcfour_state { - - /* In-place IOV crypto */ - static krb5_error_code --k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data, -+k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, - size_t num_data) - { - size_t i; -@@ -66,7 +66,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx = NULL; - struct arcfour_state *arcstate; - -- arcstate = (state != NULL) ? (struct arcfour_state *) state->data : NULL; -+ arcstate = (state != NULL) ? (void *)state->data : NULL; - if (arcstate != NULL) { - ctx = arcstate->ctx; - if (arcstate->loopback != arcstate) -@@ -113,7 +113,7 @@ k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data, - static void - k5_arcfour_free_state(krb5_data *state) - { -- struct arcfour_state *arcstate = (struct arcfour_state *) state->data; -+ struct arcfour_state *arcstate = (void *)state->data; - - EVP_CIPHER_CTX_free(arcstate->ctx); - free(arcstate); -@@ -125,6 +125,15 @@ k5_arcfour_init_state(const krb5_keyblock *key, - { - struct arcfour_state *arcstate; - -+ /* -+ * The cipher state here is a saved pointer to a struct arcfour_state -+ * object, rather than a flat byte array as in most enc providers. The -+ * object includes a loopback pointer to detect if if the caller made a -+ * copy of the krb5_data value or otherwise assumed it was a simple byte -+ * array. When we cast the data pointer back, we need to go through void * -+ * to avoid increased alignment warnings. -+ */ -+ - /* Create a state structure with an uninitialized context. */ - arcstate = calloc(1, sizeof(*arcstate)); - if (arcstate == NULL) diff --git a/SOURCES/Correctly-import-service-GSS-host-based-name.patch b/SOURCES/Correctly-import-service-GSS-host-based-name.patch new file mode 100644 index 0000000..5c03863 --- /dev/null +++ b/SOURCES/Correctly-import-service-GSS-host-based-name.patch @@ -0,0 +1,53 @@ +From abcbd3d12b0c92aa37384627edb6e1e6fad9b47a Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Mon, 30 Mar 2020 15:26:02 -0400 +Subject: [PATCH] Correctly import "service@" GSS host-based name + +The intended way to specify only a service in a GSS host-based name is +to omit the "@" separator. Some applications include the separator +but no hostname, and this happened to yield wildcard hostname behavior +prior to commit 996353767fe8afa7f67a3b5b465e4d70e18bad7c when +shortname qualification was added. To restore this behavior, check in +parse_hostbased() that at least one character is present after the "@" +separator before copying the hostname. Add a test case to t_gssapi.py. + +ticket: 8892 +tags: pullup +target_version: 1.18-next + +(cherry picked from commit a2f047af0400ba8080dc26033fae2b17534501e2) +(cherry picked from commit dd4364d76925ce1fe21c2ab995554d6af3a2ea12) +--- + src/lib/gssapi/krb5/import_name.c | 4 ++-- + src/tests/gssapi/t_gssapi.py | 3 +++ + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c +index da2ab1423..21023dd76 100644 +--- a/src/lib/gssapi/krb5/import_name.c ++++ b/src/lib/gssapi/krb5/import_name.c +@@ -102,8 +102,8 @@ parse_hostbased(const char *str, size_t len, + memcpy(service, str, servicelen); + service[servicelen] = '\0'; + +- /* If present, copy the hostname. */ +- if (at != NULL) { ++ /* Copy the hostname if present (at least one character after '@'). */ ++ if (len - servicelen > 1) { + hostlen = len - servicelen - 1; + host = malloc(hostlen + 1); + if (host == NULL) { +diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py +index 54d5cf549..ecf982604 100755 +--- a/src/tests/gssapi/t_gssapi.py ++++ b/src/tests/gssapi/t_gssapi.py +@@ -47,6 +47,9 @@ realm.run(['./t_accname', 'p:service2/calvin', 'h:service2'], + expected_msg='service2/calvin') + realm.run(['./t_accname', 'p:service2/calvin', 'h:service1'], expected_code=1, + expected_msg=' found in keytab but does not match server principal') ++# Regression test for #8892 (trailing @ in name). ++realm.run(['./t_accname', 'p:service1/andrew', 'h:service1@'], ++ expected_msg='service1/abraham') + + # Test with acceptor name containing service and host. Use the + # client's un-canonicalized hostname as acceptor input to mirror what diff --git a/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch b/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch new file mode 100644 index 0000000..d4cb2c4 --- /dev/null +++ b/SOURCES/Do-expiration-warnings-for-all-init_creds-APIs.patch @@ -0,0 +1,426 @@ +From 640ba4fe0c5d7423431d649f8e5e6ac72341f4ab Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 28 Feb 2020 10:11:49 +0100 +Subject: [PATCH] Do expiration warnings for all init_creds APIs + +Move the password expiration warning code from gic_pwd.c to +get_in_tkt.c. Call it from init_creds_step_reply() on successful +completion. + +[ghudson@mit.edu: added test case; simplified doc comment; moved call +site to init_creds_step_reply(); rewrote commit message] + +ticket: 8893 (new) +(cherry picked from commit e1efb890f7ac31b32c68ab816ef118dbfb5a8c7e) +(cherry picked from commit c136cfe050d203c910624573a33247fde2889b09) +--- + src/include/krb5/krb5.hin | 9 ++- + src/lib/krb5/krb/get_in_tkt.c | 112 ++++++++++++++++++++++++++++++ + src/lib/krb5/krb/gic_pwd.c | 110 ----------------------------- + src/lib/krb5/krb/t_expire_warn.c | 47 +++++++++---- + src/lib/krb5/krb/t_expire_warn.py | 22 ++++-- + 5 files changed, 165 insertions(+), 135 deletions(-) + +diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin +index 6355e6540..f8269fb17 100644 +--- a/src/include/krb5/krb5.hin ++++ b/src/include/krb5/krb5.hin +@@ -7174,11 +7174,10 @@ typedef void + * + * Set a callback to receive password and account expiration times. + * +- * This option only applies to krb5_get_init_creds_password(). @a cb will be +- * invoked if and only if credentials are successfully acquired. The callback +- * will receive the @a context from the krb5_get_init_creds_password() call and +- * the @a data argument supplied with this API. The remaining arguments should +- * be interpreted as follows: ++ * @a cb will be invoked if and only if credentials are successfully acquired. ++ * The callback will receive the @a context from the calling function and the ++ * @a data argument supplied with this API. The remaining arguments should be ++ * interpreted as follows: + * + * If @a is_last_req is true, then the KDC reply contained last-req entries + * which unambiguously indicated the password expiration, account expiration, +diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c +index 870df62a1..cc0f70e83 100644 +--- a/src/lib/krb5/krb/get_in_tkt.c ++++ b/src/lib/krb5/krb/get_in_tkt.c +@@ -1482,6 +1482,116 @@ accept_method_data(krb5_context context, krb5_init_creds_context ctx) + ctx->method_padata); + } + ++/* Return the password expiry time indicated by enc_part2. Set *is_last_req ++ * if the information came from a last_req value. */ ++static void ++get_expiry_times(krb5_enc_kdc_rep_part *enc_part2, krb5_timestamp *pw_exp, ++ krb5_timestamp *acct_exp, krb5_boolean *is_last_req) ++{ ++ krb5_last_req_entry **last_req; ++ krb5_int32 lr_type; ++ ++ *pw_exp = 0; ++ *acct_exp = 0; ++ *is_last_req = FALSE; ++ ++ /* Look for last-req entries for password or account expiration. */ ++ if (enc_part2->last_req) { ++ for (last_req = enc_part2->last_req; *last_req; last_req++) { ++ lr_type = (*last_req)->lr_type; ++ if (lr_type == KRB5_LRQ_ALL_PW_EXPTIME || ++ lr_type == KRB5_LRQ_ONE_PW_EXPTIME) { ++ *is_last_req = TRUE; ++ *pw_exp = (*last_req)->value; ++ } else if (lr_type == KRB5_LRQ_ALL_ACCT_EXPTIME || ++ lr_type == KRB5_LRQ_ONE_ACCT_EXPTIME) { ++ *is_last_req = TRUE; ++ *acct_exp = (*last_req)->value; ++ } ++ } ++ } ++ ++ /* If we didn't find any, use the ambiguous key_exp field. */ ++ if (*is_last_req == FALSE) ++ *pw_exp = enc_part2->key_exp; ++} ++ ++/* ++ * Send an appropriate warning prompter if as_reply indicates that the password ++ * is going to expire soon. If an expire callback was provided, use that ++ * instead. ++ */ ++static void ++warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options, ++ krb5_prompter_fct prompter, void *data, ++ const char *in_tkt_service, krb5_kdc_rep *as_reply) ++{ ++ krb5_error_code ret; ++ krb5_expire_callback_func expire_cb; ++ void *expire_data; ++ krb5_timestamp pw_exp, acct_exp, now; ++ krb5_boolean is_last_req; ++ krb5_deltat delta; ++ char ts[256], banner[1024]; ++ ++ if (as_reply == NULL || as_reply->enc_part2 == NULL) ++ return; ++ ++ get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req); ++ ++ k5_gic_opt_get_expire_cb(options, &expire_cb, &expire_data); ++ if (expire_cb != NULL) { ++ /* Invoke the expire callback and don't send prompter warnings. */ ++ (*expire_cb)(context, expire_data, pw_exp, acct_exp, is_last_req); ++ return; ++ } ++ ++ /* Don't warn if no password expiry value was sent. */ ++ if (pw_exp == 0) ++ return; ++ ++ /* Don't warn if the password is being changed. */ ++ if (in_tkt_service && strcmp(in_tkt_service, "kadmin/changepw") == 0) ++ return; ++ ++ /* ++ * If the expiry time came from a last_req field, assume the KDC wants us ++ * to warn. Otherwise, warn only if the expiry time is less than a week ++ * from now. ++ */ ++ ret = krb5_timeofday(context, &now); ++ if (ret != 0) ++ return; ++ if (!is_last_req && ++ (ts_after(now, pw_exp) || ts_delta(pw_exp, now) > 7 * 24 * 60 * 60)) ++ return; ++ ++ if (!prompter) ++ return; ++ ++ ret = krb5_timestamp_to_string(pw_exp, ts, sizeof(ts)); ++ if (ret != 0) ++ return; ++ ++ delta = ts_delta(pw_exp, now); ++ if (delta < 3600) { ++ snprintf(banner, sizeof(banner), ++ _("Warning: Your password will expire in less than one hour " ++ "on %s"), ts); ++ } else if (delta < 86400 * 2) { ++ snprintf(banner, sizeof(banner), ++ _("Warning: Your password will expire in %d hour%s on %s"), ++ delta / 3600, delta < 7200 ? "" : "s", ts); ++ } else { ++ snprintf(banner, sizeof(banner), ++ _("Warning: Your password will expire in %d days on %s"), ++ delta / 86400, ts); ++ } ++ ++ /* PROMPTER_INVOCATION */ ++ (*prompter)(context, data, 0, banner, 0, 0); ++} ++ + static krb5_error_code + init_creds_step_reply(krb5_context context, + krb5_init_creds_context ctx, +@@ -1693,6 +1803,8 @@ init_creds_step_reply(krb5_context context, + + /* success */ + ctx->complete = TRUE; ++ warn_pw_expiry(context, ctx->opt, ctx->prompter, ctx->prompter_data, ++ ctx->in_tkt_service, ctx->reply); + + cleanup: + krb5_free_pa_data(context, kdc_padata); +diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c +index 14ce23ba4..54e0a8ebe 100644 +--- a/src/lib/krb5/krb/gic_pwd.c ++++ b/src/lib/krb5/krb/gic_pwd.c +@@ -133,113 +133,6 @@ krb5_init_creds_set_password(krb5_context context, + return 0; + } + +-/* Return the password expiry time indicated by enc_part2. Set *is_last_req +- * if the information came from a last_req value. */ +-static void +-get_expiry_times(krb5_enc_kdc_rep_part *enc_part2, krb5_timestamp *pw_exp, +- krb5_timestamp *acct_exp, krb5_boolean *is_last_req) +-{ +- krb5_last_req_entry **last_req; +- krb5_int32 lr_type; +- +- *pw_exp = 0; +- *acct_exp = 0; +- *is_last_req = FALSE; +- +- /* Look for last-req entries for password or account expiration. */ +- if (enc_part2->last_req) { +- for (last_req = enc_part2->last_req; *last_req; last_req++) { +- lr_type = (*last_req)->lr_type; +- if (lr_type == KRB5_LRQ_ALL_PW_EXPTIME || +- lr_type == KRB5_LRQ_ONE_PW_EXPTIME) { +- *is_last_req = TRUE; +- *pw_exp = (*last_req)->value; +- } else if (lr_type == KRB5_LRQ_ALL_ACCT_EXPTIME || +- lr_type == KRB5_LRQ_ONE_ACCT_EXPTIME) { +- *is_last_req = TRUE; +- *acct_exp = (*last_req)->value; +- } +- } +- } +- +- /* If we didn't find any, use the ambiguous key_exp field. */ +- if (*is_last_req == FALSE) +- *pw_exp = enc_part2->key_exp; +-} +- +-/* +- * Send an appropriate warning prompter if as_reply indicates that the password +- * is going to expire soon. If an expire callback was provided, use that +- * instead. +- */ +-static void +-warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options, +- krb5_prompter_fct prompter, void *data, +- const char *in_tkt_service, krb5_kdc_rep *as_reply) +-{ +- krb5_error_code ret; +- krb5_expire_callback_func expire_cb; +- void *expire_data; +- krb5_timestamp pw_exp, acct_exp, now; +- krb5_boolean is_last_req; +- krb5_deltat delta; +- char ts[256], banner[1024]; +- +- get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req); +- +- k5_gic_opt_get_expire_cb(options, &expire_cb, &expire_data); +- if (expire_cb != NULL) { +- /* Invoke the expire callback and don't send prompter warnings. */ +- (*expire_cb)(context, expire_data, pw_exp, acct_exp, is_last_req); +- return; +- } +- +- /* Don't warn if no password expiry value was sent. */ +- if (pw_exp == 0) +- return; +- +- /* Don't warn if the password is being changed. */ +- if (in_tkt_service && strcmp(in_tkt_service, "kadmin/changepw") == 0) +- return; +- +- /* +- * If the expiry time came from a last_req field, assume the KDC wants us +- * to warn. Otherwise, warn only if the expiry time is less than a week +- * from now. +- */ +- ret = krb5_timeofday(context, &now); +- if (ret != 0) +- return; +- if (!is_last_req && +- (ts_after(now, pw_exp) || ts_delta(pw_exp, now) > 7 * 24 * 60 * 60)) +- return; +- +- if (!prompter) +- return; +- +- ret = krb5_timestamp_to_string(pw_exp, ts, sizeof(ts)); +- if (ret != 0) +- return; +- +- delta = ts_delta(pw_exp, now); +- if (delta < 3600) { +- snprintf(banner, sizeof(banner), +- _("Warning: Your password will expire in less than one hour " +- "on %s"), ts); +- } else if (delta < 86400*2) { +- snprintf(banner, sizeof(banner), +- _("Warning: Your password will expire in %d hour%s on %s"), +- delta / 3600, delta < 7200 ? "" : "s", ts); +- } else { +- snprintf(banner, sizeof(banner), +- _("Warning: Your password will expire in %d days on %s"), +- delta / 86400, ts); +- } +- +- /* PROMPTER_INVOCATION */ +- (*prompter)(context, data, 0, banner, 0, 0); +-} +- + /* + * Create a temporary options structure for getting a kadmin/changepw ticket, + * based on the appplication-specified options. Propagate all application +@@ -496,9 +389,6 @@ krb5_get_init_creds_password(krb5_context context, + goto cleanup; + + cleanup: +- if (ret == 0) +- warn_pw_expiry(context, options, prompter, data, in_tkt_service, +- as_reply); + free(chpw_opts); + zapfree(gakpw.storage.data, gakpw.storage.length); + memset(pw0array, 0, sizeof(pw0array)); +diff --git a/src/lib/krb5/krb/t_expire_warn.c b/src/lib/krb5/krb/t_expire_warn.c +index 1e59acba1..dc8dc8fb3 100644 +--- a/src/lib/krb5/krb/t_expire_warn.c ++++ b/src/lib/krb5/krb/t_expire_warn.c +@@ -28,6 +28,13 @@ + + static int exp_dummy, prompt_dummy; + ++static void ++check(krb5_error_code code) ++{ ++ if (code != 0) ++ abort(); ++} ++ + static krb5_error_code + prompter_cb(krb5_context ctx, void *data, const char *name, + const char *banner, int num_prompts, krb5_prompt prompts[]) +@@ -52,36 +59,48 @@ int + main(int argc, char **argv) + { + krb5_context ctx; ++ krb5_init_creds_context icctx; + krb5_get_init_creds_opt *opt; + char *user, *password, *service = NULL; +- krb5_boolean use_cb; ++ krb5_boolean use_cb, stepwise; + krb5_principal client; + krb5_creds creds; + +- if (argc < 4) { +- fprintf(stderr, "Usage: %s username password {1|0} [service]\n", ++ if (argc < 5) { ++ fprintf(stderr, "Usage: %s username password {1|0} {1|0} [service]\n", + argv[0]); + return 1; + } + user = argv[1]; + password = argv[2]; + use_cb = atoi(argv[3]); +- if (argc >= 5) +- service = argv[4]; ++ stepwise = atoi(argv[4]); ++ if (argc >= 6) ++ service = argv[5]; + +- assert(krb5_init_context(&ctx) == 0); +- assert(krb5_get_init_creds_opt_alloc(ctx, &opt) == 0); ++ check(krb5_init_context(&ctx)); ++ check(krb5_get_init_creds_opt_alloc(ctx, &opt)); + if (use_cb) { +- assert(krb5_get_init_creds_opt_set_expire_callback(ctx, opt, expire_cb, +- &exp_dummy) == 0); ++ check(krb5_get_init_creds_opt_set_expire_callback(ctx, opt, expire_cb, ++ &exp_dummy)); ++ } ++ check(krb5_parse_name(ctx, user, &client)); ++ if (stepwise) { ++ check(krb5_init_creds_init(ctx, client, prompter_cb, &prompt_dummy, 0, ++ opt, &icctx)); ++ krb5_init_creds_set_password(ctx, icctx, password); ++ if (service != NULL) ++ check(krb5_init_creds_set_service(ctx, icctx, service)); ++ check(krb5_init_creds_get(ctx, icctx)); ++ krb5_init_creds_free(ctx, icctx); ++ } else { ++ check(krb5_get_init_creds_password(ctx, &creds, client, password, ++ prompter_cb, &prompt_dummy, 0, ++ service, opt)); ++ krb5_free_cred_contents(ctx, &creds); + } +- assert(krb5_parse_name(ctx, user, &client) == 0); +- assert(krb5_get_init_creds_password(ctx, &creds, client, password, +- prompter_cb, &prompt_dummy, 0, service, +- opt) == 0); + krb5_get_init_creds_opt_free(ctx, opt); + krb5_free_principal(ctx, client); +- krb5_free_cred_contents(ctx, &creds); + krb5_free_context(ctx); + return 0; + } +diff --git a/src/lib/krb5/krb/t_expire_warn.py b/src/lib/krb5/krb/t_expire_warn.py +index 781f2728a..e163cc7e4 100755 +--- a/src/lib/krb5/krb/t_expire_warn.py ++++ b/src/lib/krb5/krb/t_expire_warn.py +@@ -34,23 +34,33 @@ realm.run([kadminl, 'addprinc', '-pw', 'pass', '-pwexpire', '12 hours', + realm.run([kadminl, 'addprinc', '-pw', 'pass', '-pwexpire', '3 days', 'days']) + + # Check for expected prompter warnings when no expire callback is used. +-output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '0']) ++output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '0', '0']) + if output: + fail('Unexpected output for noexpire') +-realm.run(['./t_expire_warn', 'minutes', 'pass', '0'], ++realm.run(['./t_expire_warn', 'minutes', 'pass', '0', '0'], + expected_msg=' less than one hour on ') +-realm.run(['./t_expire_warn', 'hours', 'pass', '0'], expected_msg=' hours on ') +-realm.run(['./t_expire_warn', 'days', 'pass', '0'], expected_msg=' days on ') ++realm.run(['./t_expire_warn', 'hours', 'pass', '0', '0'], ++ expected_msg=' hours on ') ++realm.run(['./t_expire_warn', 'days', 'pass', '0', '0'], ++ expected_msg=' days on ') ++# Try one case with the stepwise interface. ++realm.run(['./t_expire_warn', 'days', 'pass', '0', '1'], ++ expected_msg=' days on ') + + # Check for expected expire callback behavior. These tests are + # carefully agnostic about whether the KDC supports last_req fields, + # and could be made more specific if last_req support is added. +-output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '1']) ++output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '1', '0']) + if 'password_expiration = 0\n' not in output or \ + 'account_expiration = 0\n' not in output or \ + 'is_last_req = ' not in output: + fail('Expected callback output not seen for noexpire') +-output = realm.run(['./t_expire_warn', 'days', 'pass', '1']) ++output = realm.run(['./t_expire_warn', 'days', 'pass', '1', '0']) ++if 'password_expiration = ' not in output or \ ++ 'password_expiration = 0\n' in output: ++ fail('Expected non-zero password expiration not seen for days') ++# Try one case with the stepwise interface. ++output = realm.run(['./t_expire_warn', 'days', 'pass', '1', '1']) + if 'password_expiration = ' not in output or \ + 'password_expiration = 0\n' in output: + fail('Expected non-zero password expiration not seen for days') diff --git a/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch b/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch new file mode 100644 index 0000000..7e70423 --- /dev/null +++ b/SOURCES/Eliminate-redundant-PKINIT-responder-invocation.patch @@ -0,0 +1,94 @@ +From fa5d09798a56960c34f28296726ed4525e6950d9 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Mon, 23 Mar 2020 19:10:03 -0400 +Subject: [PATCH] Eliminate redundant PKINIT responder invocation + +In pkinit_client_prep_questions(), only act if the input padata type +is KRB5_PADATA_PK_AS_REQ. Otherwise we will ask questions again when +the KDC issues a ticket. + +Commit 7621d2f9a87214327ca3b2594e34dc7cea84596b (ticket 8242) +unintentionally changed the behavior of pkinit_load_fs_cert_and_key(), +causing pkinit_client_prep_questions() to do nothing on its first +call. Restore the original behavior of returning 0 when prompting is +deferred. + +Modify the existing "FILE identity, password on key (responder)" +PKINIT test to check that the responder is only invoked once. + +ticket: 8885 +(cherry picked from commit f1286842ce7b9e507a4ce0a47f44ab361a98be63) +(cherry picked from commit 4a05805eb39ba088c07f782fb52a6538ec3f2db6) +--- + src/plugins/preauth/pkinit/pkinit_clnt.c | 5 +++++ + src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 13 +++++++------ + src/tests/t_pkinit.py | 11 +++++++---- + 3 files changed, 19 insertions(+), 10 deletions(-) + +diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c +index 2f0431991..9b991ffe0 100644 +--- a/src/plugins/preauth/pkinit/pkinit_clnt.c ++++ b/src/plugins/preauth/pkinit/pkinit_clnt.c +@@ -897,6 +897,11 @@ pkinit_client_prep_questions(krb5_context context, + k5_json_object jval = NULL; + k5_json_number jflag = NULL; + ++ /* Don't ask questions for the informational padata items or when the ++ * ticket is issued. */ ++ if (pa_data->pa_type != KRB5_PADATA_PK_AS_REQ) ++ return 0; ++ + if (!reqctx->identity_initialized) { + pkinit_client_profile(context, plgctx, reqctx, cb, rock, + &request->server->realm); +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index dd718c2be..dbb054378 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -4362,17 +4362,18 @@ pkinit_load_fs_cert_and_key(krb5_context context, + + /* Load the certificate. */ + retval = get_cert(certname, &x); +- if (retval != 0 || x == NULL) { +- retval = oerr(context, 0, _("Cannot read certificate file '%s'"), ++ if (retval) { ++ retval = oerr(context, retval, _("Cannot read certificate file '%s'"), + certname); +- goto cleanup; + } ++ if (retval || x == NULL) ++ goto cleanup; + /* Load the key. */ + retval = get_key(context, id_cryptoctx, keyname, fsname, &y, password); +- if (retval != 0 || y == NULL) { +- retval = oerr(context, 0, _("Cannot read key file '%s'"), fsname); ++ if (retval) ++ retval = oerr(context, retval, _("Cannot read key file '%s'"), fsname); ++ if (retval || y == NULL) + goto cleanup; +- } + + id_cryptoctx->creds[cindex] = malloc(sizeof(struct _pkinit_cred_info)); + if (id_cryptoctx->creds[cindex] == NULL) { +diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py +index 69daf4987..ecd450e8a 100755 +--- a/src/tests/t_pkinit.py ++++ b/src/tests/t_pkinit.py +@@ -248,10 +248,13 @@ realm.run(['./adata', realm.host_princ], + # supplied by the responder. + # Supply the response in raw form. + mark('FILE identity, password on key (responder)') +-realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % file_enc_identity, +- '-r', 'pkinit={"%s": "encrypted"}' % file_enc_identity, +- '-X', 'X509_user_identity=%s' % file_enc_identity, +- realm.user_princ]) ++out = realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % file_enc_identity, ++ '-r', 'pkinit={"%s": "encrypted"}' % file_enc_identity, ++ '-X', 'X509_user_identity=%s' % file_enc_identity, ++ realm.user_princ]) ++# Regression test for #8885 (password question asked twice). ++if out.count('OK: ') != 1: ++ fail('Wrong number of responder calls') + # Supply the response through the convenience API. + realm.run(['./responder', '-X', 'X509_user_identity=%s' % file_enc_identity, + '-p', '%s=%s' % (file_enc_identity, 'encrypted'), realm.user_princ]) diff --git a/SOURCES/Fix-Coverity-defects-in-soft-pkcs11-test-code.patch b/SOURCES/Fix-Coverity-defects-in-soft-pkcs11-test-code.patch deleted file mode 100644 index 359335d..0000000 --- a/SOURCES/Fix-Coverity-defects-in-soft-pkcs11-test-code.patch +++ /dev/null @@ -1,207 +0,0 @@ -From 44b429df9ac4bb8ad84a090fee1bd70d83adcf23 Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Sat, 20 Jul 2019 00:51:52 -0400 -Subject: [PATCH] Fix Coverity defects in soft-pkcs11 test code - -Nothing in the code removes objects from soft_token.object.obs, so -simplify add_st_object() not to search for an empty slot. Avoid using -random() by using a counter for session handles and just the array -slot number for object handles. Add a helper get_rcfilename() to -facilitate checking the result of asprintf(). Properly initialize ap -in sprintf_fill(). Close the file handle in read_conf_file(). - -(cherry picked from commit b4831515b2f3b6fd7d7fd4bff4558c10c710891d) -(cherry picked from commit 28db01445d2807d51b5045c0a04d5e49905de504) ---- - src/tests/softpkcs11/main.c | 102 +++++++++++++++++++----------------- - 1 file changed, 53 insertions(+), 49 deletions(-) - -diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c -index 5255323d3..2d1448ca2 100644 ---- a/src/tests/softpkcs11/main.c -+++ b/src/tests/softpkcs11/main.c -@@ -78,6 +78,7 @@ compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, - (BL) = i2d_##T((S), &p); \ - if ((BL) <= 0) { \ - free((B)); \ -+ (B) = NULL; \ - (R) = EINVAL; \ - } \ - } \ -@@ -149,6 +150,7 @@ static struct soft_token { - } state[10]; - #define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0])) - FILE *logfile; -+ CK_SESSION_HANDLE next_session_handle; - } soft_token; - - static void -@@ -179,6 +181,7 @@ snprintf_fill(char *str, int size, char fillchar, const char *fmt, ...) - { - int len; - va_list ap; -+ va_start(ap, fmt); - len = vsnprintf(str, size, fmt, ap); - va_end(ap); - if (len < 0 || len > size) -@@ -344,7 +347,13 @@ static struct st_object * - add_st_object(void) - { - struct st_object *o, **objs; -- int i; -+ -+ objs = realloc(soft_token.object.objs, -+ (soft_token.object.num_objs + 1) * -+ sizeof(soft_token.object.objs[0])); -+ if (objs == NULL) -+ return NULL; -+ soft_token.object.objs = objs; - - o = malloc(sizeof(*o)); - if (o == NULL) -@@ -352,26 +361,9 @@ add_st_object(void) - memset(o, 0, sizeof(*o)); - o->attrs = NULL; - o->num_attributes = 0; -+ o->object_handle = soft_token.object.num_objs; - -- for (i = 0; i < soft_token.object.num_objs; i++) { -- if (soft_token.object.objs == NULL) { -- soft_token.object.objs[i] = o; -- break; -- } -- } -- if (i == soft_token.object.num_objs) { -- objs = realloc(soft_token.object.objs, -- (soft_token.object.num_objs + 1) * sizeof(soft_token.object.objs[0])); -- if (objs == NULL) { -- free(o); -- return NULL; -- } -- soft_token.object.objs = objs; -- soft_token.object.objs[soft_token.object.num_objs++] = o; -- } -- soft_token.object.objs[i]->object_handle = -- (random() & (~OBJECT_ID_MASK)) | i; -- -+ soft_token.object.objs[soft_token.object.num_objs++] = o; - return o; - } - -@@ -797,6 +789,8 @@ read_conf_file(const char *fn) - - add_certificate(label, cert, key, id, anchor); - } -+ -+ fclose(f); - } - - static CK_RV -@@ -806,19 +800,47 @@ func_not_supported(void) - return CKR_FUNCTION_NOT_SUPPORTED; - } - -+static char * -+get_rcfilename() -+{ -+ struct passwd *pw; -+ const char *home = NULL; -+ char *fn; -+ -+ if (getuid() == geteuid()) { -+ fn = getenv("SOFTPKCS11RC"); -+ if (fn != NULL) -+ return strdup(fn); -+ -+ home = getenv("HOME"); -+ } -+ -+ if (home == NULL) { -+ pw = getpwuid(getuid()); -+ if (pw != NULL) -+ home = pw->pw_dir; -+ } -+ -+ if (home == NULL) -+ return strdup("/etc/soft-token.rc"); -+ -+ if (asprintf(&fn, "%s/.soft-token.rc", home) < 0) -+ return NULL; -+ return fn; -+} -+ - CK_RV - C_Initialize(CK_VOID_PTR a) - { - CK_C_INITIALIZE_ARGS_PTR args = a; - size_t i; -+ char *fn; - - st_logf("Initialize\n"); - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - -- srandom(getpid() ^ time(NULL)); -- - for (i = 0; i < MAX_NUM_SESSION; i++) { - soft_token.state[i].session_handle = CK_INVALID_HANDLE; - soft_token.state[i].find.attributes = NULL; -@@ -850,31 +872,13 @@ C_Initialize(CK_VOID_PTR a) - st_logf("\tFlags\t%04x\n", (unsigned int)args->flags); - } - -- { -- char *fn = NULL, *home = NULL; -- -- if (getuid() == geteuid()) { -- fn = getenv("SOFTPKCS11RC"); -- if (fn) -- fn = strdup(fn); -- home = getenv("HOME"); -- } -- if (fn == NULL && home == NULL) { -- struct passwd *pw = getpwuid(getuid()); -- if(pw != NULL) -- home = pw->pw_dir; -- } -- if (fn == NULL) { -- if (home) -- asprintf(&fn, "%s/.soft-token.rc", home); -- else -- fn = strdup("/etc/soft-token.rc"); -- } -- -- read_conf_file(fn); -- free(fn); -- } -+ soft_token.next_session_handle = 0; - -+ fn = get_rcfilename(); -+ if (fn == NULL) -+ return CKR_DEVICE_MEMORY; -+ read_conf_file(fn); -+ free(fn); - return CKR_OK; - } - -@@ -1082,8 +1086,7 @@ C_OpenSession(CK_SLOT_ID slotID, - - soft_token.open_sessions++; - -- soft_token.state[i].session_handle = -- (CK_SESSION_HANDLE)(random() & 0xfffff); -+ soft_token.state[i].session_handle = soft_token.next_session_handle++; - *phSession = soft_token.state[i].session_handle; - - return CKR_OK; -@@ -1152,7 +1155,8 @@ C_Login(CK_SESSION_HANDLE hSession, - VERIFY_SESSION_HANDLE(hSession, NULL); - - if (pPin != NULL_PTR) { -- asprintf(&pin, "%.*s", (int)ulPinLen, pPin); -+ if (asprintf(&pin, "%.*s", (int)ulPinLen, pPin) < 0) -+ return CKR_DEVICE_MEMORY; - st_logf("type: %d password: %s\n", (int)userType, pin); - } - diff --git a/SOURCES/Fix-KCM-client-time-offset-propagation.patch b/SOURCES/Fix-KCM-client-time-offset-propagation.patch deleted file mode 100644 index eedc4c0..0000000 --- a/SOURCES/Fix-KCM-client-time-offset-propagation.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 7e4576cc62a16fa77030c42dcc43c61cdfa5b4e6 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 14 Aug 2019 13:52:27 -0400 -Subject: [PATCH] Fix KCM client time offset propagation - -An inverted status check in get_kdc_offset() would cause querying the -offset time from the ccache to always fail (silently) on KCM. Fix the -status check so that KCM can properly handle desync. - -ticket: 8826 (new) -tags: pullup -target_version: 1.17-next -target_verison: 1.16-next - -(cherry picked from commit 323abb6d1ebe5469d6c2167c29aa5d696d099b90) -(cherry picked from commit 7e81b8077cf2cf186dadb96b064573f7c221fbf3) ---- - src/lib/krb5/ccache/cc_kcm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib/krb5/ccache/cc_kcm.c b/src/lib/krb5/ccache/cc_kcm.c -index 092ab7daf..fe93ca3dc 100644 ---- a/src/lib/krb5/ccache/cc_kcm.c -+++ b/src/lib/krb5/ccache/cc_kcm.c -@@ -583,7 +583,7 @@ get_kdc_offset(krb5_context context, krb5_ccache cache) - if (cache_call(context, cache, &req, FALSE) != 0) - goto cleanup; - time_offset = k5_input_get_uint32_be(&req.reply); -- if (!req.reply.status) -+ if (req.reply.status) - goto cleanup; - context->os_context.time_offset = time_offset; - context->os_context.usec_offset = 0; diff --git a/SOURCES/Fix-argument-order-on-strlcpy-in-enctype_name.patch b/SOURCES/Fix-argument-order-on-strlcpy-in-enctype_name.patch deleted file mode 100644 index 99648bd..0000000 --- a/SOURCES/Fix-argument-order-on-strlcpy-in-enctype_name.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 9a38af6aa136fdc92d5e0f1591c1647aec498f5a Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 17 Sep 2019 18:29:15 -0400 -Subject: [PATCH] Fix argument order on strlcpy() in enctype_name() - ---- - src/kdc/kdc_util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c -index 96c88edc1..6d1861a3b 100644 ---- a/src/kdc/kdc_util.c -+++ b/src/kdc/kdc_util.c -@@ -1081,7 +1081,7 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen) - else - return krb5_enctype_to_name(ktype, FALSE, buf, buflen); - -- if (strlcpy(name, buf, buflen) >= buflen) -+ if (strlcpy(buf, name, buflen) >= buflen) - return ENOMEM; - return 0; - } diff --git a/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch b/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch new file mode 100644 index 0000000..6632968 --- /dev/null +++ b/SOURCES/Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch @@ -0,0 +1,60 @@ +From 7b5ed3cffcfe2bc21f3157e883b078983947a113 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Fri, 24 Jul 2020 16:05:24 -0400 +Subject: [PATCH] Fix leak in KERB_AP_OPTIONS_CBT server support + +In check_cbt(), use a local variable to hold the retrieved authdata +list, and free it before returning. + +ticket: 8900 +(cherry picked from commit bf2ddff13c178e0c291f8fb382b040080d159e4f) +(cherry picked from commit 044e2209586fd1935d9a637df76d52f48c4f3e6e) +--- + src/lib/gssapi/krb5/accept_sec_context.c | 23 +++++++++++++---------- + 1 file changed, 13 insertions(+), 10 deletions(-) + +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index 175a24c4e..3d5b84b15 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -433,27 +433,30 @@ static const uint8_t null_cb[CB_MD5_LEN]; + /* Look for AP_OPTIONS in authdata. If present and the options include + * KERB_AP_OPTIONS_CBT, set *cbt_out to true. */ + static krb5_error_code +-check_cbt(krb5_context context, krb5_authdata **authdata, ++check_cbt(krb5_context context, krb5_authdata *const *authdata, + krb5_boolean *cbt_out) + { + krb5_error_code code; ++ krb5_authdata **ad; + uint32_t ad_ap_options; + const uint32_t KERB_AP_OPTIONS_CBT = 0x4000; + + *cbt_out = FALSE; + + code = krb5_find_authdata(context, NULL, authdata, +- KRB5_AUTHDATA_AP_OPTIONS, &authdata); +- if (code || authdata == NULL) ++ KRB5_AUTHDATA_AP_OPTIONS, &ad); ++ if (code || ad == NULL) + return code; +- if (authdata[1] != NULL || authdata[0]->length != 4) +- return KRB5KRB_AP_ERR_MSG_TYPE; ++ if (ad[1] != NULL || ad[0]->length != 4) { ++ code = KRB5KRB_AP_ERR_MSG_TYPE; ++ } else { ++ ad_ap_options = load_32_le(ad[0]->contents); ++ if (ad_ap_options & KERB_AP_OPTIONS_CBT) ++ *cbt_out = TRUE; ++ } + +- ad_ap_options = load_32_le(authdata[0]->contents); +- if (ad_ap_options & KERB_AP_OPTIONS_CBT) +- *cbt_out = TRUE; +- +- return 0; ++ krb5_free_authdata(context, ad); ++ return code; + } + + /* diff --git a/SOURCES/Fix-memory-leak-in-none-replay-cache-type.patch b/SOURCES/Fix-memory-leak-in-none-replay-cache-type.patch deleted file mode 100644 index 166ef05..0000000 --- a/SOURCES/Fix-memory-leak-in-none-replay-cache-type.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 74a3b8448949130d91417b261c3e1c316ffa8796 Mon Sep 17 00:00:00 2001 -From: Corene Casper -Date: Sat, 16 Feb 2019 00:49:26 -0500 -Subject: [PATCH] Fix memory leak in 'none' replay cache type - -Commit 0f06098e2ab419d02e89a1ca6bc9f2828f6bdb1e fixed part of a memory -leak in the 'none' replay cache type by freeing the outer container, -but we also need to free the mutex. - -[ghudson@mit.edu: wrote commit message] - -ticket: 8783 -tags: pullup -target_version: 1.17-next -target_version: 1.16-next - -(cherry picked from commit af2a3115cb8feb5174151b4b40223ae45aa9db17) -(cherry picked from commit ff79351c4755d6df7c3245274708454311c25731) ---- - src/lib/krb5/rcache/rc_none.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c -index e30aed09f..0b2274df7 100644 ---- a/src/lib/krb5/rcache/rc_none.c -+++ b/src/lib/krb5/rcache/rc_none.c -@@ -50,6 +50,7 @@ krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc) - static krb5_error_code KRB5_CALLCONV - krb5_rc_none_close(krb5_context ctx, krb5_rcache rc) - { -+ k5_mutex_destroy(&rc->lock); - free (rc); - return 0; - } diff --git a/SOURCES/Fix-memory-leaks-in-soft-pkcs11-code.patch b/SOURCES/Fix-memory-leaks-in-soft-pkcs11-code.patch deleted file mode 100644 index 01e41fc..0000000 --- a/SOURCES/Fix-memory-leaks-in-soft-pkcs11-code.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 604f5dcbb018fca8ea27e00314ed615133b861e1 Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Mon, 5 Aug 2019 01:53:51 -0400 -Subject: [PATCH] Fix memory leaks in soft-pkcs11 code - -Fix leaks detected by asan in t_pkinit.py. Add a helper to free a -struct st_object and free objects in C_Finalize(). Duplicate the X509 -cert in add_certificate() instead of creating aliases so it can be -properly freed. Start the session handle counter at 1 so that -C_Finalize() won't confuse the first session handle with -CK_INVALID_HANDLE (defined to 0 in pkinit.h) and will properly clean -the session object. - -(cherry picked from commit 15bcaf8bcb4af25ff89820ad3bf23ad5a324e863) -(cherry picked from commit 5cc80472e7a8b0fb3002f229ffb104dccf8bd120) ---- - src/tests/softpkcs11/main.c | 44 +++++++++++++++++++++++++++++++++---- - 1 file changed, 40 insertions(+), 4 deletions(-) - -diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c -index 2d1448ca2..a4c3ae78e 100644 ---- a/src/tests/softpkcs11/main.c -+++ b/src/tests/softpkcs11/main.c -@@ -109,7 +109,7 @@ struct st_object { - X509 *cert; - EVP_PKEY *public_key; - struct { -- const char *file; -+ char *file; - EVP_PKEY *key; - X509 *cert; - } private_key; -@@ -343,6 +343,26 @@ print_attributes(const CK_ATTRIBUTE *attributes, - } - } - -+static void -+free_st_object(struct st_object *o) -+{ -+ int i; -+ -+ for (i = 0; i < o->num_attributes; i++) -+ free(o->attrs[i].attribute.pValue); -+ free(o->attrs); -+ if (o->type == STO_T_CERTIFICATE) { -+ X509_free(o->u.cert); -+ } else if (o->type == STO_T_PRIVATE_KEY) { -+ free(o->u.private_key.file); -+ EVP_PKEY_free(o->u.private_key.key); -+ X509_free(o->u.private_key.cert); -+ } else if (o->type == STO_T_PUBLIC_KEY) { -+ EVP_PKEY_free(o->u.public_key); -+ } -+ free(o); -+} -+ - static struct st_object * - add_st_object(void) - { -@@ -518,7 +538,11 @@ add_certificate(char *label, - goto out; - } - o->type = STO_T_CERTIFICATE; -- o->u.cert = cert; -+ o->u.cert = X509_dup(cert); -+ if (o->u.cert == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } - public_key = X509_get_pubkey(o->u.cert); - - switch (EVP_PKEY_base_id(public_key)) { -@@ -602,7 +626,11 @@ add_certificate(char *label, - o->u.private_key.file = strdup(private_key_file); - o->u.private_key.key = NULL; - -- o->u.private_key.cert = cert; -+ o->u.private_key.cert = X509_dup(cert); -+ if (o->u.private_key.cert == NULL) { -+ ret = CKR_DEVICE_MEMORY; -+ goto out; -+ } - - c = CKO_PRIVATE_KEY; - add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c)); -@@ -676,6 +704,7 @@ add_certificate(char *label, - free(serial_data); - free(issuer_data); - free(subject_data); -+ X509_free(cert); - - return ret; - } -@@ -872,7 +901,7 @@ C_Initialize(CK_VOID_PTR a) - st_logf("\tFlags\t%04x\n", (unsigned int)args->flags); - } - -- soft_token.next_session_handle = 0; -+ soft_token.next_session_handle = 1; - - fn = get_rcfilename(); - if (fn == NULL) -@@ -886,6 +915,7 @@ CK_RV - C_Finalize(CK_VOID_PTR args) - { - size_t i; -+ int j; - - st_logf("Finalize\n"); - -@@ -897,6 +927,12 @@ C_Finalize(CK_VOID_PTR args) - } - } - -+ for (j = 0; j < soft_token.object.num_objs; j++) -+ free_st_object(soft_token.object.objs[j]); -+ free(soft_token.object.objs); -+ soft_token.object.objs = NULL; -+ soft_token.object.num_objs = 0; -+ - return CKR_OK; - } - diff --git a/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch b/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch new file mode 100644 index 0000000..0d2f2ef --- /dev/null +++ b/SOURCES/Fix-typo-in-in-in-the-ksu-man-page.patch @@ -0,0 +1,38 @@ +From 117681ff995f7a271ded83ff4615e7945c72a942 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Thu, 14 May 2020 15:01:18 -0400 +Subject: [PATCH] Fix typo ("in in") in the ksu man page + +(cherry picked from commit 1011841acdc1020f308ef4f569c6622f279d8c3f) +(cherry picked from commit 8de669742ae4190542741f0dc61119a6a0dad666) +--- + doc/user/user_commands/ksu.rst | 2 +- + src/man/ksu.man | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/doc/user/user_commands/ksu.rst b/doc/user/user_commands/ksu.rst +index 8d6c7ef79..933738229 100644 +--- a/doc/user/user_commands/ksu.rst ++++ b/doc/user/user_commands/ksu.rst +@@ -155,7 +155,7 @@ wrong password is typed in, ksu fails. + .. note:: + + During authentication, only the tickets that could be +- obtained without providing a password are cached in in the ++ obtained without providing a password are cached in the + source cache. + + +diff --git a/src/man/ksu.man b/src/man/ksu.man +index 81e34815d..8d4c6a359 100644 +--- a/src/man/ksu.man ++++ b/src/man/ksu.man +@@ -176,7 +176,7 @@ wrong password is typed in, ksu fails. + .INDENT 0.0 + .INDENT 3.5 + During authentication, only the tickets that could be +-obtained without providing a password are cached in in the ++obtained without providing a password are cached in the + source cache. + .UNINDENT + .UNINDENT diff --git a/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch b/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch new file mode 100644 index 0000000..5e7fc6c --- /dev/null +++ b/SOURCES/Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch @@ -0,0 +1,38 @@ +From e339ad300caafc2a98e86ab48a9ac278cfe3bb85 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 15 Jul 2020 15:42:20 -0400 +Subject: [PATCH] Ignore bad enctypes in krb5_string_to_keysalts() + +Fixes a problem where the presence of legacy/unrecognized keysalts in +supported_enctypes would prevent the kadmin programs from starting. + +[ghudson@mit.edu: ideally we would put a warning in the kadmind log, +but that is difficult to do when the parsing is done inside a library. +Even adding a trace log is difficult because the kadm5 str_conv +functions do not accept contexts.] + +ticket: 8929 (new) +(cherry picked from commit be5396ada0e8dabd68bd0aceb733cfca39a609bc) +(cherry picked from commit 3f873868fb08b77da2d30e164a0ef6c71c17c607) +--- + src/lib/kadm5/str_conv.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c +index 7cf51d316..798295606 100644 +--- a/src/lib/kadm5/str_conv.c ++++ b/src/lib/kadm5/str_conv.c +@@ -340,9 +340,10 @@ krb5_string_to_keysalts(const char *string, const char *tupleseps, + while ((ksp = strtok_r(p, tseps, &tlasts)) != NULL) { + /* Pass a null pointer to subsequent calls to strtok_r(). */ + p = NULL; +- ret = string_to_keysalt(ksp, ksaltseps, &etype, &stype); +- if (ret) +- goto cleanup; ++ ++ /* Discard unrecognized keysalts. */ ++ if (string_to_keysalt(ksp, ksaltseps, &etype, &stype) != 0) ++ continue; + + /* Ignore duplicate keysalts if caller asks. */ + if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype)) diff --git a/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch b/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch new file mode 100644 index 0000000..347c0fb --- /dev/null +++ b/SOURCES/Implement-GSS_C_CHANNEL_BOUND_FLAG.patch @@ -0,0 +1,92 @@ +From 3c15e9724dae95a4bf0899a8b8efc3e9e3f486ab Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Wed, 5 Jul 2017 11:38:30 -0400 +Subject: [PATCH] Implement GSS_C_CHANNEL_BOUND_FLAG + +Define a new channel-bound GSS return flag, and set it in the krb5 +mech if the initiator sent channel bindings matching the acceptor's. +Do not error out if the acceptor specifies channel bindings and the +initiator does not send them. + +[ghudson@mit.edu: simplified code changes; fleshed out commit message] + +[iboukris: cherry-picked from another PR and reduced in scope] + +ticket: 8899 (new) +(cherry picked from commit 429a31146083fac21958631c2af572b08ec91022) +(cherry picked from commit 3ea1d6296ced3a998e79356f9be212e4c5e6a5d5) +--- + src/lib/gssapi/generic/gssapi_ext.h | 2 ++ + src/lib/gssapi/krb5/accept_sec_context.c | 18 +++++++++++++----- + 2 files changed, 15 insertions(+), 5 deletions(-) + +diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h +index 218456e44..c675e8ebb 100644 +--- a/src/lib/gssapi/generic/gssapi_ext.h ++++ b/src/lib/gssapi/generic/gssapi_ext.h +@@ -595,6 +595,8 @@ gss_store_cred_into( + * attribute (along with any applicable RFC 5587 attributes). + */ + ++#define GSS_C_CHANNEL_BOUND_FLAG 2048 /* 0x00000800 */ ++ + OM_uint32 KRB5_CALLCONV + gssspi_query_meta_data( + OM_uint32 *minor_status, +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index 70dd7fc0c..9d3e2f4fe 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -427,6 +427,9 @@ kg_process_extension(krb5_context context, + GSS_C_SEQUENCE_FLAG | GSS_C_DCE_STYLE | \ + GSS_C_IDENTIFY_FLAG | GSS_C_EXTENDED_ERROR_FLAG) + ++/* A zero-value channel binding, for comparison */ ++static const uint8_t null_cb[CB_MD5_LEN]; ++ + /* + * The krb5 GSS mech appropriates the authenticator checksum field from RFC + * 4120 to store structured data instead of a checksum, indicated with checksum +@@ -435,9 +438,10 @@ kg_process_extension(krb5_context context, + * + * Interpret the checksum. Read delegated creds into *deleg_out if it is not + * NULL. Set *flags_out to the allowed subset of token flags, plus +- * GSS_C_DELEG_FLAG if a delegated credential was present. Process any +- * extensions found using exts. On error, set *code_out to a krb5_error code +- * for use as a minor status value. ++ * GSS_C_DELEG_FLAG if a delegated credential was present and ++ * GSS_C_CHANNEL_BOUND_FLAG if matching channel bindings are present. Process ++ * any extensions found using exts. On error, set *code_out to a krb5_error ++ * code for use as a minor status value. + */ + static OM_uint32 + process_checksum(OM_uint32 *minor_status, krb5_context context, +@@ -450,7 +454,7 @@ process_checksum(OM_uint32 *minor_status, krb5_context context, + krb5_error_code code = 0; + OM_uint32 status, option_id, token_flags; + size_t cb_len, option_len; +- krb5_boolean valid; ++ krb5_boolean valid, token_cb_present = FALSE, cb_match = FALSE; + krb5_key subkey; + krb5_data option, empty = empty_data(); + krb5_checksum cb_cksum; +@@ -516,7 +520,9 @@ process_checksum(OM_uint32 *minor_status, krb5_context context, + goto fail; + } + assert(cb_cksum.length == cb_len); +- if (k5_bcmp(token_cb, cb_cksum.contents, cb_len) != 0) { ++ token_cb_present = (k5_bcmp(token_cb, null_cb, cb_len) != 0); ++ cb_match = (k5_bcmp(token_cb, cb_cksum.contents, cb_len) == 0); ++ if (token_cb_present && !cb_match) { + status = GSS_S_BAD_BINDINGS; + goto fail; + } +@@ -525,6 +531,8 @@ process_checksum(OM_uint32 *minor_status, krb5_context context, + /* Read the token flags and accept some of them as context flags. */ + token_flags = k5_input_get_uint32_le(&in); + *flags_out = token_flags & INITIATOR_FLAGS; ++ if (cb_match) ++ *flags_out |= GSS_C_CHANNEL_BOUND_FLAG; + + /* Read the delegated credential if present. */ + if (in.len >= 4 && (token_flags & GSS_C_DELEG_FLAG)) { diff --git a/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch b/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch new file mode 100644 index 0000000..156088b --- /dev/null +++ b/SOURCES/Implement-KERB_AP_OPTIONS_CBT-server-side.patch @@ -0,0 +1,103 @@ +From 7aea9fc73fb508e3168581990eb2e2ff7a1aea31 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris +Date: Mon, 9 Mar 2020 16:04:21 +0100 +Subject: [PATCH] Implement KERB_AP_OPTIONS_CBT (server side) + +Add server support for Microsoft's KERB_AP_OPTIONS_CBT as described in +MS-KILE. If the client includes the AP option in the authenticator +authdata and the server passed channel bindings, require the bindings +to match. + +[ghudson@mit.edu: refactored to put more logic in the helper function; +added a comment; clarified commit message] + +ticket: 8900 (new) +(cherry picked from commit 4f7c77b64a048ca5e3199b26b31493698c777a9c) +(cherry picked from commit 6407bf087fe53088d91efd09df736e979cd4e8db) +--- + src/include/krb5/krb5.hin | 1 + + src/lib/gssapi/krb5/accept_sec_context.c | 45 +++++++++++++++++++++++- + 2 files changed, 45 insertions(+), 1 deletion(-) + +diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin +index f8269fb17..9264bede1 100644 +--- a/src/include/krb5/krb5.hin ++++ b/src/include/krb5/krb5.hin +@@ -1915,6 +1915,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, + #define KRB5_AUTHDATA_SIGNTICKET 512 /**< formerly 142 in krb5 1.8 */ + #define KRB5_AUTHDATA_FX_ARMOR 71 + #define KRB5_AUTHDATA_AUTH_INDICATOR 97 ++#define KRB5_AUTHDATA_AP_OPTIONS 143 + /** @} */ /* end of KRB5_AUTHDATA group */ + + /* password change constants */ +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index 9d3e2f4fe..175a24c4e 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -430,6 +430,32 @@ kg_process_extension(krb5_context context, + /* A zero-value channel binding, for comparison */ + static const uint8_t null_cb[CB_MD5_LEN]; + ++/* Look for AP_OPTIONS in authdata. If present and the options include ++ * KERB_AP_OPTIONS_CBT, set *cbt_out to true. */ ++static krb5_error_code ++check_cbt(krb5_context context, krb5_authdata **authdata, ++ krb5_boolean *cbt_out) ++{ ++ krb5_error_code code; ++ uint32_t ad_ap_options; ++ const uint32_t KERB_AP_OPTIONS_CBT = 0x4000; ++ ++ *cbt_out = FALSE; ++ ++ code = krb5_find_authdata(context, NULL, authdata, ++ KRB5_AUTHDATA_AP_OPTIONS, &authdata); ++ if (code || authdata == NULL) ++ return code; ++ if (authdata[1] != NULL || authdata[0]->length != 4) ++ return KRB5KRB_AP_ERR_MSG_TYPE; ++ ++ ad_ap_options = load_32_le(authdata[0]->contents); ++ if (ad_ap_options & KERB_AP_OPTIONS_CBT) ++ *cbt_out = TRUE; ++ ++ return 0; ++} ++ + /* + * The krb5 GSS mech appropriates the authenticator checksum field from RFC + * 4120 to store structured data instead of a checksum, indicated with checksum +@@ -454,7 +480,7 @@ process_checksum(OM_uint32 *minor_status, krb5_context context, + krb5_error_code code = 0; + OM_uint32 status, option_id, token_flags; + size_t cb_len, option_len; +- krb5_boolean valid, token_cb_present = FALSE, cb_match = FALSE; ++ krb5_boolean valid, client_cbt, token_cb_present = FALSE, cb_match = FALSE; + krb5_key subkey; + krb5_data option, empty = empty_data(); + krb5_checksum cb_cksum; +@@ -582,6 +608,23 @@ process_checksum(OM_uint32 *minor_status, krb5_context context, + } + } + ++ /* ++ * If the client asserts the KERB_AP_OPTIONS_CBT flag (from MS-KILE) in the ++ * authenticator authdata, and the acceptor passed channel bindings, ++ * require matching channel bindings from the client. The intent is to ++ * prevent an authenticator generated for use outside of a TLS channel from ++ * being used inside of one. ++ */ ++ code = check_cbt(context, authenticator->authorization_data, &client_cbt); ++ if (code) { ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ if (client_cbt && acceptor_cb != GSS_C_NO_CHANNEL_BINDINGS && !cb_match) { ++ status = GSS_S_BAD_BINDINGS; ++ goto fail; ++ } ++ + status = GSS_S_COMPLETE; + + fail: diff --git a/SOURCES/Improve-negoex_parse_token-code-hygiene.patch b/SOURCES/Improve-negoex_parse_token-code-hygiene.patch new file mode 100644 index 0000000..c7136e1 --- /dev/null +++ b/SOURCES/Improve-negoex_parse_token-code-hygiene.patch @@ -0,0 +1,31 @@ +From ca72aa3a2e4ca8bc1b1c33e46ca59ed4b3f20393 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 9 Jun 2020 16:23:37 -0400 +Subject: [PATCH] Improve negoex_parse_token() code hygiene + +If the while loop in negoex_parse_token() runs for zero iterations, +major will be used initialized. Currently this cannot happen, but +only because both of the call sites check for zero-length tokens. +Initialize major for safety. + +[ghudson@mit.edu: rewrote commit message] + +(cherry picked from commit 4f91b6f8fa6fe1de662b3fdac0d59b7758ec642a) +(cherry picked from commit c726a72c68244129eb08b840b92144acfa776573) +--- + src/lib/gssapi/spnego/negoex_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/gssapi/spnego/negoex_util.c b/src/lib/gssapi/spnego/negoex_util.c +index 700368456..99580fd79 100644 +--- a/src/lib/gssapi/spnego/negoex_util.c ++++ b/src/lib/gssapi/spnego/negoex_util.c +@@ -454,7 +454,7 @@ negoex_parse_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, + gss_const_buffer_t token, + struct negoex_message **messages_out, size_t *count_out) + { +- OM_uint32 major; ++ OM_uint32 major = GSS_S_COMPLETE; + size_t count = 0; + struct k5input in; + struct negoex_message *messages = NULL, *newptr; diff --git a/SOURCES/In-kpropd-debug-log-proper-ticket-enctype-names.patch b/SOURCES/In-kpropd-debug-log-proper-ticket-enctype-names.patch deleted file mode 100644 index 8a20e3d..0000000 --- a/SOURCES/In-kpropd-debug-log-proper-ticket-enctype-names.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 30f112f8dc1c5241da5ba301cb45a06bb5bb4c01 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 15 Jan 2019 13:41:16 -0500 -Subject: [PATCH] In kpropd, debug-log proper ticket enctype names - -This change replaces the last call of krb5_enctype_to_string() in our -sources with krb5_enctype_to_name(), ensuring that we log consistently -to users using readily discoverable strings. - -(cherry picked from commit 30e12a2ecdf7e2a034a91626a03b5c9909e4c68d) ---- - src/kprop/kpropd.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c -index 4cc035dc6..0c7bffa24 100644 ---- a/src/kprop/kpropd.c -+++ b/src/kprop/kpropd.c -@@ -1279,7 +1279,8 @@ kerberos_authenticate(krb5_context context, int fd, krb5_principal *clientp, - exit(1); - } - -- retval = krb5_enctype_to_string(*etype, etypebuf, sizeof(etypebuf)); -+ retval = krb5_enctype_to_name(*etype, FALSE, etypebuf, -+ sizeof(etypebuf)); - if (retval) { - com_err(progname, retval, _("while unparsing ticket etype")); - exit(1); diff --git a/SOURCES/In-rd_req_dec-always-log-non-permitted-enctypes.patch b/SOURCES/In-rd_req_dec-always-log-non-permitted-enctypes.patch deleted file mode 100644 index 6ca3da0..0000000 --- a/SOURCES/In-rd_req_dec-always-log-non-permitted-enctypes.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 2b4521f3ba3dad064e3f64bfd56b88d5cb5d0955 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Mon, 14 Jan 2019 17:14:42 -0500 -Subject: [PATCH] In rd_req_dec, always log non-permitted enctypes - -The buffer specified in negotiate_etype() is too small for use with -the AES enctypes when used with krb5_enctype_to_string(), so switch to -using krb5_enctype_to_name(). - -(cherry picked from commit bf75ebf583a51bf00005a96d17924818d19377be) ---- - src/lib/krb5/krb/rd_req_dec.c | 5 ++--- - src/tests/gssapi/t_enctypes.py | 5 +++-- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c -index 4cd429a11..e75192fee 100644 ---- a/src/lib/krb5/krb/rd_req_dec.c -+++ b/src/lib/krb5/krb/rd_req_dec.c -@@ -864,9 +864,8 @@ negotiate_etype(krb5_context context, - if (permitted == FALSE) { - char enctype_name[30]; - -- if (krb5_enctype_to_string(desired_etypes[i], -- enctype_name, -- sizeof(enctype_name)) == 0) -+ if (krb5_enctype_to_name(desired_etypes[i], FALSE, enctype_name, -+ sizeof(enctype_name)) == 0) - k5_setmsg(context, KRB5_NOPERM_ETYPE, - _("Encryption type %s not permitted"), enctype_name); - return KRB5_NOPERM_ETYPE; -diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py -index ee43ff028..5d9f80e04 100755 ---- a/src/tests/gssapi/t_enctypes.py -+++ b/src/tests/gssapi/t_enctypes.py -@@ -85,7 +85,8 @@ test('both aes128', 'aes128-cts', 'aes128-cts', - # If only the acceptor constrains the permitted session enctypes to - # aes128, subkey negotiation fails because the acceptor considers the - # aes256 session key to be non-permitted. --test_err('acc aes128', None, 'aes128-cts', 'Encryption type not permitted') -+test_err('acc aes128', None, 'aes128-cts', -+ 'Encryption type aes256-cts-hmac-sha1-96 not permitted') - - # If the initiator constrains the permitted session enctypes to des3, - # no acceptor subkey will be generated because we can't upgrade to a -@@ -128,7 +129,7 @@ test('upgrade init des3+rc4', 'des3 rc4', None, - # is only for the sake of the kernel, since we could upgrade to an - # aes128 subkey, but it's the current semantics.) - test_err('upgrade acc aes128', None, 'aes128-cts', -- 'Encryption type ArcFour with HMAC/md5 not permitted') -+ 'Encryption type arcfour-hmac not permitted') - - # If the acceptor permits rc4 but prefers aes128, it will negotiate an - # upgrade to aes128. diff --git a/SOURCES/Make-etype-names-in-KDC-logs-human-readable.patch b/SOURCES/Make-etype-names-in-KDC-logs-human-readable.patch deleted file mode 100644 index 8b3413b..0000000 --- a/SOURCES/Make-etype-names-in-KDC-logs-human-readable.patch +++ /dev/null @@ -1,296 +0,0 @@ -From f815140182976e882445a38ee5a0a77f56da7c8a Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 8 Jan 2019 17:42:35 -0500 -Subject: [PATCH] Make etype names in KDC logs human-readable - -Introduce enctype_name() as a wrapper over krb5_enctype_to_name for -converting between registered constants and names. Adjust signatures -and rewrite ktypes2str() and rep_etypes2str() to operate on dynamic -buffers. - -ticket: 8772 (new) -(cherry picked from commit a649279727490687d54becad91fde8cf7429d951) ---- - src/kdc/kdc_log.c | 42 +++++++-------- - src/kdc/kdc_util.c | 131 +++++++++++++++++++++++---------------------- - src/kdc/kdc_util.h | 6 +-- - 3 files changed, 90 insertions(+), 89 deletions(-) - -diff --git a/src/kdc/kdc_log.c b/src/kdc/kdc_log.c -index 4eec50373..b160ba21a 100644 ---- a/src/kdc/kdc_log.c -+++ b/src/kdc/kdc_log.c -@@ -65,7 +65,7 @@ log_as_req(krb5_context context, - { - const char *fromstring = 0; - char fromstringbuf[70]; -- char ktypestr[128]; -+ char *ktypestr = NULL; - const char *cname2 = cname ? cname : ""; - const char *sname2 = sname ? sname : ""; - -@@ -74,26 +74,29 @@ log_as_req(krb5_context context, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = ""; -- ktypes2str(ktypestr, sizeof(ktypestr), -- request->nktypes, request->ktype); -+ -+ ktypestr = ktypes2str(request->ktype, request->nktypes); - - if (status == NULL) { - /* success */ -- char rep_etypestr[128]; -- rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply); -+ char *rep_etypestr = rep_etypes2str(reply); - krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: ISSUE: authtime %u, %s, " - "%s for %s"), -- ktypestr, fromstring, (unsigned int)authtime, -- rep_etypestr, cname2, sname2); -+ ktypestr ? ktypestr : "", fromstring, -+ (unsigned int)authtime, -+ rep_etypestr ? rep_etypestr : "", cname2, sname2); -+ free(rep_etypestr); - } else { - /* fail */ - krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: %s: %s for %s%s%s"), -- ktypestr, fromstring, status, -- cname2, sname2, emsg ? ", " : "", emsg ? emsg : ""); -+ ktypestr ? ktypestr : "", fromstring, status, cname2, -+ sname2, emsg ? ", " : "", emsg ? emsg : ""); - } - krb5_db_audit_as_req(context, request, - local_addr->address, remote_addr->address, - client, server, authtime, errcode); -+ -+ free(ktypestr); - } - - /* -@@ -122,10 +125,9 @@ log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, - unsigned int c_flags, - const char *status, krb5_error_code errcode, const char *emsg) - { -- char ktypestr[128]; -+ char *ktypestr = NULL, *rep_etypestr = NULL; - const char *fromstring = 0; - char fromstringbuf[70]; -- char rep_etypestr[128]; - char *cname = NULL, *sname = NULL, *altcname = NULL; - char *logcname = NULL, *logsname = NULL, *logaltcname = NULL; - -@@ -134,11 +136,6 @@ log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = ""; -- ktypes2str(ktypestr, sizeof(ktypestr), request->nktypes, request->ktype); -- if (!errcode) -- rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply); -- else -- rep_etypestr[0] = 0; - - unparse_and_limit(ctx, cprinc, &cname); - logcname = (cname != NULL) ? cname : ""; -@@ -151,10 +148,14 @@ log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, - name (useful), and doesn't log ktypestr (probably not - important). */ - if (errcode != KRB5KDC_ERR_SERVER_NOMATCH) { -+ ktypestr = ktypes2str(request->ktype, request->nktypes); -+ rep_etypestr = rep_etypes2str(reply); - krb5_klog_syslog(LOG_INFO, _("TGS_REQ (%s) %s: %s: authtime %u, %s%s " - "%s for %s%s%s"), -- ktypestr, fromstring, status, (unsigned int)authtime, -- rep_etypestr, !errcode ? "," : "", logcname, logsname, -+ ktypestr ? ktypestr : "", fromstring, status, -+ (unsigned int)authtime, -+ rep_etypestr ? rep_etypestr : "", -+ !errcode ? "," : "", logcname, logsname, - errcode ? ", " : "", errcode ? emsg : ""); - if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) - krb5_klog_syslog(LOG_INFO, -@@ -171,9 +172,8 @@ log_tgs_req(krb5_context ctx, const krb5_fulladdr *from, - fromstring, status, (unsigned int)authtime, - logcname, logsname, logaltcname); - -- /* OpenSolaris: audit_krb5kdc_tgs_req(...) or -- audit_krb5kdc_tgs_req_2ndtktmm(...) */ -- -+ free(rep_etypestr); -+ free(ktypestr); - krb5_free_unparsed_name(ctx, cname); - krb5_free_unparsed_name(ctx, sname); - krb5_free_unparsed_name(ctx, altcname); -diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c -index 0155c28c6..f5c581c82 100644 ---- a/src/kdc/kdc_util.c -+++ b/src/kdc/kdc_util.c -@@ -1043,84 +1043,87 @@ void limit_string(char *name) - return; - } - --/* -- * L10_2 = log10(2**x), rounded up; log10(2) ~= 0.301. -- */ --#define L10_2(x) ((int)(((x * 301) + 999) / 1000)) -- --/* -- * Max length of sprintf("%ld") for an int of type T; includes leading -- * minus sign and terminating NUL. -- */ --#define D_LEN(t) (L10_2(sizeof(t) * CHAR_BIT) + 2) -- --void --ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype) -+/* Wrapper of krb5_enctype_to_name() to include the PKINIT types. */ -+static krb5_error_code -+enctype_name(krb5_enctype ktype, char *buf, size_t buflen) - { -- int i; -- char stmp[D_LEN(krb5_enctype) + 1]; -- char *p; -+ char *name; - -- if (nktypes < 0 -- || len < (sizeof(" etypes {...}") + D_LEN(int))) { -- *s = '\0'; -- return; -- } -+ if (buflen == 0) -+ return EINVAL; -+ *buf = '\0'; /* ensure these are always valid C-strings */ - -- snprintf(s, len, "%d etypes {", nktypes); -- for (i = 0; i < nktypes; i++) { -- snprintf(stmp, sizeof(stmp), "%s%ld", i ? " " : "", (long)ktype[i]); -- if (strlen(s) + strlen(stmp) + sizeof("}") > len) -- break; -- strlcat(s, stmp, len); -- } -- if (i < nktypes) { -- /* -- * We broke out of the loop. Try to truncate the list. -- */ -- p = s + strlen(s); -- while (p - s + sizeof("...}") > len) { -- while (p > s && *p != ' ' && *p != '{') -- *p-- = '\0'; -- if (p > s && *p == ' ') { -- *p-- = '\0'; -- continue; -- } -- } -- strlcat(s, "...", len); -- } -- strlcat(s, "}", len); -- return; -+ /* rfc4556 recommends that clients wishing to indicate support for these -+ * pkinit algorithms include them in the etype field of the AS-REQ. */ -+ if (ktype == ENCTYPE_DSA_SHA1_CMS) -+ name = "id-dsa-with-sha1-CmsOID"; -+ else if (ktype == ENCTYPE_MD5_RSA_CMS) -+ name = "md5WithRSAEncryption-CmsOID"; -+ else if (ktype == ENCTYPE_SHA1_RSA_CMS) -+ name = "sha-1WithRSAEncryption-CmsOID"; -+ else if (ktype == ENCTYPE_RC2_CBC_ENV) -+ name = "rc2-cbc-EnvOID"; -+ else if (ktype == ENCTYPE_RSA_ENV) -+ name = "rsaEncryption-EnvOID"; -+ else if (ktype == ENCTYPE_RSA_ES_OAEP_ENV) -+ name = "id-RSAES-OAEP-EnvOID"; -+ else if (ktype == ENCTYPE_DES3_CBC_ENV) -+ name = "des-ede3-cbc-EnvOID"; -+ else -+ return krb5_enctype_to_name(ktype, FALSE, buf, buflen); -+ -+ if (strlcpy(name, buf, buflen) >= buflen) -+ return ENOMEM; -+ return 0; - } - --void --rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep) -+char * -+ktypes2str(krb5_enctype *ktype, int nktypes) - { -- char stmp[sizeof("ses=") + D_LEN(krb5_enctype)]; -+ struct k5buf buf; -+ int i; -+ char name[64]; - -- if (len < (3 * D_LEN(krb5_enctype) -- + sizeof("etypes {rep= tkt= ses=}"))) { -- *s = '\0'; -- return; -+ if (nktypes < 0) -+ return NULL; -+ -+ k5_buf_init_dynamic(&buf); -+ k5_buf_add_fmt(&buf, "%d etypes {", nktypes); -+ for (i = 0; i < nktypes; i++) { -+ enctype_name(ktype[i], name, sizeof(name)); -+ k5_buf_add_fmt(&buf, "%s%s(%ld)", i ? ", " : "", name, (long)ktype[i]); - } -+ k5_buf_add(&buf, "}"); -+ return buf.data; -+} - -- snprintf(s, len, "etypes {rep=%ld", (long)rep->enc_part.enctype); -+char * -+rep_etypes2str(krb5_kdc_rep *rep) -+{ -+ struct k5buf buf; -+ char name[64]; -+ krb5_enctype etype; -+ -+ k5_buf_init_dynamic(&buf); -+ k5_buf_add(&buf, "etypes {rep="); -+ enctype_name(rep->enc_part.enctype, name, sizeof(name)); -+ k5_buf_add_fmt(&buf, "%s(%ld)", name, (long)rep->enc_part.enctype); - - if (rep->ticket != NULL) { -- snprintf(stmp, sizeof(stmp), -- " tkt=%ld", (long)rep->ticket->enc_part.enctype); -- strlcat(s, stmp, len); -+ etype = rep->ticket->enc_part.enctype; -+ enctype_name(etype, name, sizeof(name)); -+ k5_buf_add_fmt(&buf, ", tkt=%s(%ld)", name, (long)etype); - } - -- if (rep->ticket != NULL -- && rep->ticket->enc_part2 != NULL -- && rep->ticket->enc_part2->session != NULL) { -- snprintf(stmp, sizeof(stmp), " ses=%ld", -- (long)rep->ticket->enc_part2->session->enctype); -- strlcat(s, stmp, len); -+ if (rep->ticket != NULL && rep->ticket->enc_part2 != NULL && -+ rep->ticket->enc_part2->session != NULL) { -+ etype = rep->ticket->enc_part2->session->enctype; -+ enctype_name(etype, name, sizeof(name)); -+ k5_buf_add_fmt(&buf, ", ses=%s(%ld)", name, (long)etype); - } -- strlcat(s, "}", len); -- return; -+ -+ k5_buf_add(&buf, "}"); -+ return buf.data; - } - - static krb5_error_code -diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h -index 6ec645fc3..25077cbf5 100644 ---- a/src/kdc/kdc_util.h -+++ b/src/kdc/kdc_util.h -@@ -110,11 +110,9 @@ select_session_keytype (kdc_realm_t *kdc_active_realm, - - void limit_string (char *name); - --void --ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype); -+char *ktypes2str(krb5_enctype *ktype, int nktypes); - --void --rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep); -+char *rep_etypes2str(krb5_kdc_rep *rep); - - /* authind.c */ - krb5_boolean diff --git a/SOURCES/Mark-deprecated-enctypes-when-used.patch b/SOURCES/Mark-deprecated-enctypes-when-used.patch deleted file mode 100644 index 4ded20a..0000000 --- a/SOURCES/Mark-deprecated-enctypes-when-used.patch +++ /dev/null @@ -1,250 +0,0 @@ -From 6306a2a8697c94f968a02d66204f7d357aa0e7f6 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Thu, 10 Jan 2019 16:34:54 -0500 -Subject: [PATCH] Mark deprecated enctypes when used - -Preface ETYPE_DEPRECATED enctypes with "DEPRECATED:" in klist output, -KDC logs, and kadmin interactions. Also complain in krb5kdc when the -stash file has a deprecated enctype or a deprecated enctype is -requested with -k. - -ticket: 8773 (new) -(cherry picked from commit 8d8e68283b599e680f9fe45eff8af397e827bd6c) ---- - src/clients/klist/klist.c | 14 ++++++++++---- - src/kadmin/cli/kadmin.c | 6 +++++- - src/kdc/kdc_util.c | 9 +++++++++ - src/kdc/main.c | 19 +++++++++++++++++++ - src/tests/gssapi/t_enctypes.py | 15 +++++++++------ - src/tests/t_keyrollover.py | 8 +++++--- - src/tests/t_sesskeynego.py | 4 ++-- - 7 files changed, 59 insertions(+), 16 deletions(-) - -diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c -index 70adb54e8..8c307151a 100644 ---- a/src/clients/klist/klist.c -+++ b/src/clients/klist/klist.c -@@ -571,11 +571,17 @@ static char * - etype_string(krb5_enctype enctype) - { - static char buf[100]; -- krb5_error_code ret; -+ char *bp = buf; -+ size_t deplen, buflen = sizeof(buf); - -- ret = krb5_enctype_to_name(enctype, FALSE, buf, sizeof(buf)); -- if (ret) -- snprintf(buf, sizeof(buf), "etype %d", enctype); -+ if (krb5int_c_deprecated_enctype(enctype)) { -+ deplen = strlcpy(bp, "DEPRECATED:", buflen); -+ buflen -= deplen; -+ bp += deplen; -+ } -+ -+ if (krb5_enctype_to_name(enctype, FALSE, bp, buflen)) -+ snprintf(bp, buflen, "etype %d", enctype); - return buf; - } - -diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c -index ed581ee79..cc74921bf 100644 ---- a/src/kadmin/cli/kadmin.c -+++ b/src/kadmin/cli/kadmin.c -@@ -1451,12 +1451,16 @@ kadmin_getprinc(int argc, char *argv[]) - for (i = 0; i < dprinc.n_key_data; i++) { - krb5_key_data *key_data = &dprinc.key_data[i]; - char enctype[BUFSIZ], salttype[BUFSIZ]; -+ char *deprecated = ""; - - if (krb5_enctype_to_name(key_data->key_data_type[0], FALSE, - enctype, sizeof(enctype))) - snprintf(enctype, sizeof(enctype), _(""), - key_data->key_data_type[0]); -- printf("Key: vno %d, %s", key_data->key_data_kvno, enctype); -+ if (krb5int_c_deprecated_enctype(key_data->key_data_type[0])) -+ deprecated = "DEPRECATED:"; -+ printf("Key: vno %d, %s%s", key_data->key_data_kvno, deprecated, -+ enctype); - if (key_data->key_data_ver > 1 && - key_data->key_data_type[1] != KRB5_KDB_SALTTYPE_NORMAL) { - if (krb5_salttype_to_string(key_data->key_data_type[1], -diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c -index f5c581c82..96c88edc1 100644 ---- a/src/kdc/kdc_util.c -+++ b/src/kdc/kdc_util.c -@@ -1048,11 +1048,20 @@ static krb5_error_code - enctype_name(krb5_enctype ktype, char *buf, size_t buflen) - { - char *name; -+ size_t len; - - if (buflen == 0) - return EINVAL; - *buf = '\0'; /* ensure these are always valid C-strings */ - -+ if (krb5int_c_deprecated_enctype(ktype)) { -+ len = strlcpy(buf, "DEPRECATED:", buflen); -+ if (len >= buflen) -+ return ENOMEM; -+ buflen -= len; -+ buf += len; -+ } -+ - /* rfc4556 recommends that clients wishing to indicate support for these - * pkinit algorithms include them in the etype field of the AS-REQ. */ - if (ktype == ENCTYPE_DSA_SHA1_CMS) -diff --git a/src/kdc/main.c b/src/kdc/main.c -index 663fd6303..60092a0df 100644 ---- a/src/kdc/main.c -+++ b/src/kdc/main.c -@@ -210,12 +210,23 @@ init_realm(kdc_realm_t * rdp, krb5_pointer aprof, char *realm, - char *svalue = NULL; - const char *hierarchy[4]; - krb5_kvno mkvno = IGNORE_VNO; -+ char ename[32]; - - memset(rdp, 0, sizeof(kdc_realm_t)); - if (!realm) { - kret = EINVAL; - goto whoops; - } -+ -+ if (def_enctype != ENCTYPE_UNKNOWN && -+ krb5int_c_deprecated_enctype(def_enctype)) { -+ if (krb5_enctype_to_name(def_enctype, FALSE, ename, sizeof(ename))) -+ ename[0] = '\0'; -+ fprintf(stderr, -+ _("Requested master password enctype %s in %s is DEPRECATED!"), -+ ename, realm); -+ } -+ - hierarchy[0] = KRB5_CONF_REALMS; - hierarchy[1] = realm; - hierarchy[3] = NULL; -@@ -370,6 +381,14 @@ init_realm(kdc_realm_t * rdp, krb5_pointer aprof, char *realm, - goto whoops; - } - -+ if (krb5int_c_deprecated_enctype(rdp->realm_mkey.enctype)) { -+ if (krb5_enctype_to_name(rdp->realm_mkey.enctype, FALSE, ename, -+ sizeof(ename))) -+ ename[0] = '\0'; -+ fprintf(stderr, _("Stash file %s uses DEPRECATED enctype %s!"), -+ rdp->realm_stash, ename); -+ } -+ - if ((kret = krb5_db_fetch_mkey_list(rdp->realm_context, rdp->realm_mprinc, - &rdp->realm_mkey))) { - kdc_err(rdp->realm_context, kret, -diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py -index 5d9f80e04..ca3d32d21 100755 ---- a/src/tests/gssapi/t_enctypes.py -+++ b/src/tests/gssapi/t_enctypes.py -@@ -9,8 +9,11 @@ from k5test import * - aes256 = 'aes256-cts-hmac-sha1-96' - aes128 = 'aes128-cts-hmac-sha1-96' - des3 = 'des3-cbc-sha1' -+d_des3 = 'DEPRECATED:des3-cbc-sha1' - des3raw = 'des3-cbc-raw' -+d_des3raw = 'DEPRECATED:des3-cbc-raw' - rc4 = 'arcfour-hmac' -+d_rc4 = 'DEPRECATED:arcfour-hmac' - - # These tests make assumptions about the default enctype lists, so set - # them explicitly rather than relying on the library defaults. -@@ -92,7 +95,7 @@ test_err('acc aes128', None, 'aes128-cts', - # no acceptor subkey will be generated because we can't upgrade to a - # CFX enctype. - test('init des3', 'des3', None, -- tktenc=aes256, tktsession=des3, -+ tktenc=aes256, tktsession=d_des3, - proto='rfc1964', isubkey=des3raw, asubkey=None) - - # Force the ticket session key to be rc4, so we can test some subkey -@@ -103,7 +106,7 @@ realm.run([kadminl, 'setstr', realm.host_princ, 'session_enctypes', 'rc4']) - # [aes256 aes128 des3] and the acceptor should upgrade to an aes256 - # subkey. - test('upgrade noargs', None, None, -- tktenc=aes256, tktsession=rc4, -+ tktenc=aes256, tktsession=d_rc4, - proto='cfx', isubkey=rc4, asubkey=aes256) - - # If the initiator won't permit rc4 as a session key, it won't be able -@@ -113,14 +116,14 @@ test_err('upgrade init aes', 'aes', None, 'no support for encryption type') - # If the initiator permits rc4 but prefers aes128, it will send an - # upgrade list of [aes128] and the acceptor will upgrade to aes128. - test('upgrade init aes128+rc4', 'aes128-cts rc4', None, -- tktenc=aes256, tktsession=rc4, -+ tktenc=aes256, tktsession=d_rc4, - proto='cfx', isubkey=rc4, asubkey=aes128) - - # If the initiator permits rc4 but prefers des3, it will send an - # upgrade list of [des3], but the acceptor won't generate a subkey - # because des3 isn't a CFX enctype. - test('upgrade init des3+rc4', 'des3 rc4', None, -- tktenc=aes256, tktsession=rc4, -+ tktenc=aes256, tktsession=d_rc4, - proto='rfc1964', isubkey=rc4, asubkey=None) - - # If the acceptor permits only aes128, subkey negotiation will fail -@@ -134,14 +137,14 @@ test_err('upgrade acc aes128', None, 'aes128-cts', - # If the acceptor permits rc4 but prefers aes128, it will negotiate an - # upgrade to aes128. - test('upgrade acc aes128 rc4', None, 'aes128-cts rc4', -- tktenc=aes256, tktsession=rc4, -+ tktenc=aes256, tktsession=d_rc4, - proto='cfx', isubkey=rc4, asubkey=aes128) - - # In this test, the initiator and acceptor each prefer an AES enctype - # to rc4, but they can't agree on which one, so no subkey is - # generated. - test('upgrade mismatch', 'aes128-cts rc4', 'aes256-cts rc4', -- tktenc=aes256, tktsession=rc4, -+ tktenc=aes256, tktsession=d_rc4, - proto='rfc1964', isubkey=rc4, asubkey=None) - - success('gss_krb5_set_allowable_enctypes tests') -diff --git a/src/tests/t_keyrollover.py b/src/tests/t_keyrollover.py -index 7c8d828f0..4af6804f2 100755 ---- a/src/tests/t_keyrollover.py -+++ b/src/tests/t_keyrollover.py -@@ -22,8 +22,9 @@ realm.run([kvno, princ1]) - realm.run([kadminl, 'purgekeys', realm.krbtgt_princ]) - # Make sure an old TGT fails after purging old TGS key. - realm.run([kvno, princ2], expected_code=1) --msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): des-cbc-crc, des-cbc-crc' % \ -- (realm.realm, realm.realm) -+ddes = "DEPRECATED:des-cbc-crc" -+msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): %s, %s' % \ -+ (realm.realm, realm.realm, ddes, ddes) - realm.run([klist, '-e'], expected_msg=msg) - - # Check that new key actually works. -@@ -48,7 +49,8 @@ realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes256-cts', - realm.krbtgt_princ]) - realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ]) - out = realm.run([kadminl, 'getprinc', realm.krbtgt_princ]) --if 'vno 1, aes256' not in out or 'vno 1, des3' not in out: -+if 'vno 1, aes256-cts' not in out or \ -+ 'vno 1, DEPRECATED:des3-cbc-sha1' not in out: - fail('keyrollover: setup for TGS enctype test failed') - # Now present the DES3 ticket to the KDC and make sure it's rejected. - realm.run([kvno, realm.host_princ], expected_code=1) -diff --git a/src/tests/t_sesskeynego.py b/src/tests/t_sesskeynego.py -index 448092387..da02f224a 100755 ---- a/src/tests/t_sesskeynego.py -+++ b/src/tests/t_sesskeynego.py -@@ -62,11 +62,11 @@ test_kvno(realm, 'aes128-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96') - # 3b: Negotiate rc4-hmac session key when principal only has aes256 long-term. - realm.run([kadminl, 'setstr', 'server', 'session_enctypes', - 'rc4-hmac,aes128-cts,aes256-cts']) --test_kvno(realm, 'arcfour-hmac', 'aes256-cts-hmac-sha1-96') -+test_kvno(realm, 'DEPRECATED:arcfour-hmac', 'aes256-cts-hmac-sha1-96') - - # 3c: Test des-cbc-crc default assumption. - realm.run([kadminl, 'delstr', 'server', 'session_enctypes']) --test_kvno(realm, 'des-cbc-crc', 'aes256-cts-hmac-sha1-96') -+test_kvno(realm, 'DEPRECATED:des-cbc-crc', 'aes256-cts-hmac-sha1-96') - realm.stop() - - # Last go: test that we can disable the des-cbc-crc assumption diff --git a/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch b/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch new file mode 100644 index 0000000..c1d53b3 --- /dev/null +++ b/SOURCES/Omit-KDC-indicator-check-for-S4U2Self-requests.patch @@ -0,0 +1,49 @@ +From 61f3943f9fc237936ed9fd098edcd8dcc43b8da7 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Wed, 6 May 2020 16:03:13 -0400 +Subject: [PATCH] Omit KDC indicator check for S4U2Self requests + +As there was no initial ticket exchange from the client for an +S4U2Self request, the auth indicator check is inapplicable (and would +always fail if any auth indicators are required). + +ticket: 8902 (new) +(cherry picked from commit 183631fbf72351c2d5fc7d60b2d9fc4d09fe7465) +(cherry picked from commit 442f1fa5b2e4034954a51048414cc0863b914379) +--- + src/kdc/do_tgs_req.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c +index 241f34e2a..463a9c0dd 100644 +--- a/src/kdc/do_tgs_req.c ++++ b/src/kdc/do_tgs_req.c +@@ -392,8 +392,8 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt, + } + authtime = subject_tkt->times.authtime; + +- /* Extract auth indicators from the subject ticket, except for S4U2Self +- * requests (where the client didn't authenticate). */ ++ /* Extract and check auth indicators from the subject ticket, except for ++ * S4U2Self requests (where the client didn't authenticate). */ + if (s4u_x509_user == NULL) { + errcode = get_auth_indicators(kdc_context, subject_tkt, local_tgt, + &local_tgt_key, &auth_indicators); +@@ -401,12 +401,12 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt, + status = "GET_AUTH_INDICATORS"; + goto cleanup; + } +- } + +- errcode = check_indicators(kdc_context, server, auth_indicators); +- if (errcode) { +- status = "HIGHER_AUTHENTICATION_REQUIRED"; +- goto cleanup; ++ errcode = check_indicators(kdc_context, server, auth_indicators); ++ if (errcode) { ++ status = "HIGHER_AUTHENTICATION_REQUIRED"; ++ goto cleanup; ++ } + } + + if (is_referral) diff --git a/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch b/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch new file mode 100644 index 0000000..a852fa7 --- /dev/null +++ b/SOURCES/Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch @@ -0,0 +1,35 @@ +From 4c4c22639eb2794e563370a2ee48a34dbdddc639 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris +Date: Sat, 6 Jun 2020 11:03:37 +0200 +Subject: [PATCH] Omit PA_FOR_USER if we can't compute its checksum + +OpenSSL in FIPS mode will refuse to perform hmac-md5. Omit the legacy +PA_FOR_USER element in this case rather than failing out. + +[ghudson@mit.edu: minor code and comment edits; wrote commit message] + +ticket: 8912 (new) +(cherry picked from commit 03f122bdb22cfa53c7d855ed929c9541e56365e0) +(cherry picked from commit 086de78292b8ae89aba8a72926831124da44205d) +--- + src/lib/krb5/krb/s4u_creds.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c +index fc5c886d6..d8f486dc6 100644 +--- a/src/lib/krb5/krb/s4u_creds.c ++++ b/src/lib/krb5/krb/s4u_creds.c +@@ -534,6 +534,13 @@ krb5_get_self_cred_from_kdc(krb5_context context, + if (s4u_user.user_id.user != NULL && s4u_user.user_id.user->length) { + code = build_pa_for_user(context, tgtptr, &s4u_user.user_id, + &in_padata[1]); ++ /* ++ * If we couldn't compute the hmac-md5 checksum, send only the ++ * KRB5_PADATA_S4U_X509_USER; this will still work against modern ++ * Windows and MIT KDCs. ++ */ ++ if (code == KRB5_CRYPTO_INTERNAL) ++ code = 0; + if (code != 0) { + krb5_free_pa_data(context, in_padata); + goto cleanup; diff --git a/SOURCES/Pass-channel-bindings-through-SPNEGO.patch b/SOURCES/Pass-channel-bindings-through-SPNEGO.patch new file mode 100644 index 0000000..8ab4bbf --- /dev/null +++ b/SOURCES/Pass-channel-bindings-through-SPNEGO.patch @@ -0,0 +1,257 @@ +From d98f8867f8245b3c9dd506271897d0f03d69ae49 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris +Date: Tue, 28 Apr 2020 18:15:55 +0200 +Subject: [PATCH] Pass channel bindings through SPNEGO + +ticket: 8907 (new) +(cherry picked from commit d16325a24c34ec9a5f6fb4910987f162e0d4d9cd) +(cherry picked from commit ee79bd43005245d3e5a2d3ec6d61146945e77717) +--- + src/lib/gssapi/spnego/gssapiP_negoex.h | 8 ++--- + src/lib/gssapi/spnego/negoex_ctx.c | 34 +++++++++++---------- + src/lib/gssapi/spnego/spnego_mech.c | 41 +++++++++++++------------- + 3 files changed, 43 insertions(+), 40 deletions(-) + +diff --git a/src/lib/gssapi/spnego/gssapiP_negoex.h b/src/lib/gssapi/spnego/gssapiP_negoex.h +index 44b08f523..489ab7c42 100644 +--- a/src/lib/gssapi/spnego/gssapiP_negoex.h ++++ b/src/lib/gssapi/spnego/gssapiP_negoex.h +@@ -201,10 +201,10 @@ negoex_restrict_auth_schemes(spnego_gss_ctx_id_t ctx, + OM_uint32 + negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req, +- gss_buffer_t input_token, gss_buffer_t output_token, +- OM_uint32 *time_rec); ++ gss_buffer_t input_token, gss_channel_bindings_t bindings, ++ gss_buffer_t output_token, OM_uint32 *time_rec); + + OM_uint32 + negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, +- gss_buffer_t input_token, gss_buffer_t output_token, +- OM_uint32 *time_rec); ++ gss_buffer_t input_token, gss_channel_bindings_t bindings, ++ gss_buffer_t output_token, OM_uint32 *time_rec); +diff --git a/src/lib/gssapi/spnego/negoex_ctx.c b/src/lib/gssapi/spnego/negoex_ctx.c +index 18d9d4147..8848ee4db 100644 +--- a/src/lib/gssapi/spnego/negoex_ctx.c ++++ b/src/lib/gssapi/spnego/negoex_ctx.c +@@ -276,7 +276,8 @@ static OM_uint32 + mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + gss_name_t target, OM_uint32 req_flags, OM_uint32 time_req, + struct negoex_message *messages, size_t nmessages, +- gss_buffer_t output_token, OM_uint32 *time_rec) ++ gss_channel_bindings_t bindings, gss_buffer_t output_token, ++ OM_uint32 *time_rec) + { + OM_uint32 major, first_major = 0, first_minor = 0; + struct negoex_auth_mech *mech = NULL; +@@ -316,10 +317,9 @@ mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + mech = K5_TAILQ_FIRST(&ctx->negoex_mechs); + + major = gss_init_sec_context(minor, cred, &mech->mech_context, target, +- mech->oid, req_flags, time_req, +- GSS_C_NO_CHANNEL_BINDINGS, input_token, +- &ctx->actual_mech, output_token, +- &ctx->ctx_flags, time_rec); ++ mech->oid, req_flags, time_req, bindings, ++ input_token, &ctx->actual_mech, ++ output_token, &ctx->ctx_flags, time_rec); + + if (major == GSS_S_COMPLETE) + mech->complete = 1; +@@ -351,7 +351,8 @@ mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + static OM_uint32 + mech_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, + gss_cred_id_t cred, struct negoex_message *messages, +- size_t nmessages, gss_buffer_t output_token, OM_uint32 *time_rec) ++ size_t nmessages, gss_channel_bindings_t bindings, ++ gss_buffer_t output_token, OM_uint32 *time_rec) + { + OM_uint32 major, tmpmin; + struct negoex_auth_mech *mech; +@@ -395,10 +396,10 @@ mech_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, + gss_release_cred(&tmpmin, &ctx->deleg_cred); + + major = gss_accept_sec_context(minor, &mech->mech_context, cred, +- &msg->token, GSS_C_NO_CHANNEL_BINDINGS, +- &ctx->internal_name, &ctx->actual_mech, +- output_token, &ctx->ctx_flags, +- time_rec, &ctx->deleg_cred); ++ &msg->token, bindings, &ctx->internal_name, ++ &ctx->actual_mech, output_token, ++ &ctx->ctx_flags, time_rec, ++ &ctx->deleg_cred); + + if (major == GSS_S_COMPLETE) + mech->complete = 1; +@@ -609,8 +610,8 @@ make_output_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, + OM_uint32 + negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req, +- gss_buffer_t input_token, gss_buffer_t output_token, +- OM_uint32 *time_rec) ++ gss_buffer_t input_token, gss_channel_bindings_t bindings, ++ gss_buffer_t output_token, OM_uint32 *time_rec) + { + OM_uint32 major, tmpmin; + gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER; +@@ -663,7 +664,8 @@ negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + /* Process the input token and/or produce an output token. This may prune + * the mech list, but on success there will be at least one mech entry. */ + major = mech_init(minor, ctx, cred, target_name, req_flags, time_req, +- messages, nmessages, &mech_output_token, time_rec); ++ messages, nmessages, bindings, &mech_output_token, ++ time_rec); + if (major != GSS_S_COMPLETE) + goto cleanup; + assert(!K5_TAILQ_EMPTY(&ctx->negoex_mechs)); +@@ -701,8 +703,8 @@ cleanup: + + OM_uint32 + negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, +- gss_buffer_t input_token, gss_buffer_t output_token, +- OM_uint32 *time_rec) ++ gss_buffer_t input_token, gss_channel_bindings_t bindings, ++ gss_buffer_t output_token, OM_uint32 *time_rec) + { + OM_uint32 major, tmpmin; + gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER; +@@ -754,7 +756,7 @@ negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, + * prune the list to a single mech. Continue on error if an output token + * is generated, so that we send the token to the initiator. + */ +- major = mech_accept(minor, ctx, cred, messages, nmessages, ++ major = mech_accept(minor, ctx, cred, messages, nmessages, bindings, + &mech_output_token, time_rec); + if (major != GSS_S_COMPLETE && mech_output_token.length == 0) + goto cleanup; +diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c +index 594fc5894..4cf011143 100644 +--- a/src/lib/gssapi/spnego/spnego_mech.c ++++ b/src/lib/gssapi/spnego/spnego_mech.c +@@ -130,6 +130,7 @@ init_ctx_reselect(OM_uint32 *, spnego_gss_ctx_id_t, OM_uint32, + static OM_uint32 + init_ctx_call_init(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t, + OM_uint32, gss_name_t, OM_uint32, OM_uint32, gss_buffer_t, ++ gss_channel_bindings_t, + gss_buffer_t, OM_uint32 *, send_token_flag *); + + static OM_uint32 +@@ -144,8 +145,8 @@ acc_ctx_vfy_oid(OM_uint32 *, spnego_gss_ctx_id_t, gss_OID, + OM_uint32 *, send_token_flag *); + static OM_uint32 + acc_ctx_call_acc(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t, +- gss_buffer_t, gss_buffer_t, OM_uint32 *, OM_uint32 *, +- send_token_flag *); ++ gss_buffer_t, gss_channel_bindings_t, gss_buffer_t, ++ OM_uint32 *, OM_uint32 *, send_token_flag *); + + static gss_OID + negotiate_mech(spnego_gss_ctx_id_t, gss_OID_set, OM_uint32 *); +@@ -905,6 +906,7 @@ init_ctx_call_init(OM_uint32 *minor_status, + OM_uint32 req_flags, + OM_uint32 time_req, + gss_buffer_t mechtok_in, ++ gss_channel_bindings_t bindings, + gss_buffer_t mechtok_out, + OM_uint32 *time_rec, + send_token_flag *send_token) +@@ -921,15 +923,14 @@ init_ctx_call_init(OM_uint32 *minor_status, + if (gss_oid_equal(sc->internal_mech, &negoex_mech)) { + ret = negoex_init(minor_status, sc, mcred, target_name, + mech_req_flags, time_req, mechtok_in, +- mechtok_out, time_rec); ++ bindings, mechtok_out, time_rec); + } else { + ret = gss_init_sec_context(minor_status, mcred, + &sc->ctx_handle, target_name, + sc->internal_mech, mech_req_flags, +- time_req, GSS_C_NO_CHANNEL_BINDINGS, +- mechtok_in, &sc->actual_mech, +- mechtok_out, &sc->ctx_flags, +- time_rec); ++ time_req, bindings, mechtok_in, ++ &sc->actual_mech, mechtok_out, ++ &sc->ctx_flags, time_rec); + } + + /* Bail out if the acceptor gave us an error token but the mech didn't +@@ -981,8 +982,8 @@ init_ctx_call_init(OM_uint32 *minor_status, + gss_delete_sec_context(&tmpmin, &sc->ctx_handle, GSS_C_NO_BUFFER); + tmpret = init_ctx_call_init(&tmpmin, sc, spcred, acc_negState, + target_name, req_flags, time_req, +- mechtok_in, mechtok_out, time_rec, +- send_token); ++ mechtok_in, bindings, mechtok_out, ++ time_rec, send_token); + if (HARD_ERROR(tmpret)) + goto fail; + *minor_status = tmpmin; +@@ -1004,7 +1005,7 @@ spnego_gss_init_sec_context( + gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, +- gss_channel_bindings_t input_chan_bindings, ++ gss_channel_bindings_t bindings, + gss_buffer_t input_token, + gss_OID *actual_mech, + gss_buffer_t output_token, +@@ -1084,8 +1085,8 @@ spnego_gss_init_sec_context( + if (!spnego_ctx->mech_complete) { + ret = init_ctx_call_init(minor_status, spnego_ctx, spcred, + acc_negState, target_name, req_flags, +- time_req, mechtok_in, &mechtok_out, +- time_rec, &send_token); ++ time_req, mechtok_in, bindings, ++ &mechtok_out, time_rec, &send_token); + if (ret != GSS_S_COMPLETE) + goto cleanup; + +@@ -1542,8 +1543,9 @@ cleanup: + static OM_uint32 + acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc, + spnego_gss_cred_id_t spcred, gss_buffer_t mechtok_in, +- gss_buffer_t mechtok_out, OM_uint32 *time_rec, +- OM_uint32 *negState, send_token_flag *tokflag) ++ gss_channel_bindings_t bindings, gss_buffer_t mechtok_out, ++ OM_uint32 *time_rec, OM_uint32 *negState, ++ send_token_flag *tokflag) + { + OM_uint32 ret, tmpmin; + gss_OID_desc mechoid; +@@ -1568,13 +1570,12 @@ acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc, + mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred; + if (negoex) { + ret = negoex_accept(minor_status, sc, mcred, mechtok_in, +- mechtok_out, time_rec); ++ bindings, mechtok_out, time_rec); + } else { + (void) gss_release_name(&tmpmin, &sc->internal_name); + (void) gss_release_cred(&tmpmin, &sc->deleg_cred); + ret = gss_accept_sec_context(minor_status, &sc->ctx_handle, +- mcred, mechtok_in, +- GSS_C_NO_CHANNEL_BINDINGS, ++ mcred, mechtok_in, bindings, + &sc->internal_name, + &sc->actual_mech, mechtok_out, + &sc->ctx_flags, time_rec, +@@ -1620,7 +1621,7 @@ spnego_gss_accept_sec_context( + gss_ctx_id_t *context_handle, + gss_cred_id_t verifier_cred_handle, + gss_buffer_t input_token, +- gss_channel_bindings_t input_chan_bindings, ++ gss_channel_bindings_t bindings, + gss_name_t *src_name, + gss_OID *mech_type, + gss_buffer_t output_token, +@@ -1734,8 +1735,8 @@ spnego_gss_accept_sec_context( + */ + if (negState != REQUEST_MIC && mechtok_in != GSS_C_NO_BUFFER) { + ret = acc_ctx_call_acc(minor_status, sc, spcred, mechtok_in, +- &mechtok_out, time_rec, &negState, +- &return_token); ++ bindings, &mechtok_out, time_rec, ++ &negState, &return_token); + } + + /* Step 3: process or generate the MIC, if the negotiated mech is diff --git a/SOURCES/Pass-gss_localname-through-SPNEGO.patch b/SOURCES/Pass-gss_localname-through-SPNEGO.patch new file mode 100644 index 0000000..90804e0 --- /dev/null +++ b/SOURCES/Pass-gss_localname-through-SPNEGO.patch @@ -0,0 +1,59 @@ +From 64b1fdf0732b094e174b484fd9aac29f06e482bd Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Sun, 26 Apr 2020 19:55:54 -0400 +Subject: [PATCH] Pass gss_localname() through SPNEGO + +ticket: 8897 (new) +(cherry picked from commit f7b8a6432bd289bdc528017be122305f95b8e285) +(cherry picked from commit 646212314a580a8cdffdacda9cb3c8f806471b08) +--- + src/lib/gssapi/spnego/gssapiP_spnego.h | 8 ++++++++ + src/lib/gssapi/spnego/spnego_mech.c | 9 ++++++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h +index a93763314..066ec736f 100644 +--- a/src/lib/gssapi/spnego/gssapiP_spnego.h ++++ b/src/lib/gssapi/spnego/gssapiP_spnego.h +@@ -357,6 +357,14 @@ OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit + OM_uint32 *max_input_size + ); + ++OM_uint32 KRB5_CALLCONV spnego_gss_localname ++( ++ OM_uint32 *minor_status, ++ const gss_name_t pname, ++ const gss_const_OID mech_type, ++ gss_buffer_t localname ++); ++ + OM_uint32 KRB5_CALLCONV spnego_gss_get_mic + ( + OM_uint32 *minor_status, +diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c +index ec0bae6a4..594fc5894 100644 +--- a/src/lib/gssapi/spnego/spnego_mech.c ++++ b/src/lib/gssapi/spnego/spnego_mech.c +@@ -237,7 +237,7 @@ static struct gss_config spnego_mechanism = + spnego_gss_inquire_context, /* gss_inquire_context */ + NULL, /* gss_internal_release_oid */ + spnego_gss_wrap_size_limit, /* gss_wrap_size_limit */ +- NULL, /* gssd_pname_to_uid */ ++ spnego_gss_localname, + NULL, /* gss_userok */ + NULL, /* gss_export_name */ + spnego_gss_duplicate_name, /* gss_duplicate_name */ +@@ -2371,6 +2371,13 @@ spnego_gss_wrap_size_limit( + return (ret); + } + ++OM_uint32 KRB5_CALLCONV ++spnego_gss_localname(OM_uint32 *minor_status, const gss_name_t pname, ++ const gss_const_OID mech_type, gss_buffer_t localname) ++{ ++ return gss_localname(minor_status, pname, GSS_C_NO_OID, localname); ++} ++ + OM_uint32 KRB5_CALLCONV + spnego_gss_get_mic( + OM_uint32 *minor_status, diff --git a/SOURCES/Properly-size-ifdef-in-k5_cccol_lock.patch b/SOURCES/Properly-size-ifdef-in-k5_cccol_lock.patch deleted file mode 100644 index b1e4563..0000000 --- a/SOURCES/Properly-size-ifdef-in-k5_cccol_lock.patch +++ /dev/null @@ -1,34 +0,0 @@ -From bad6d4390e6e23099cc2295d94e2553575687561 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Thu, 14 Feb 2019 11:50:35 -0500 -Subject: [PATCH] Properly size #ifdef in k5_cccol_lock() - -The cleanup code only could get executed in the USE_CCAPI_V3 case, so -move it inside that block. Reported by Coverity. - -(cherry picked from commit 444a15f9cf82b9a6c1bca3f20307f82fee91c228) -(cherry picked from commit e2a0e04fb3be9297a8c532dd35a7c1045cae88f4) ---- - src/lib/krb5/ccache/ccbase.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib/krb5/ccache/ccbase.c b/src/lib/krb5/ccache/ccbase.c -index 8198f2b9b..2702bef69 100644 ---- a/src/lib/krb5/ccache/ccbase.c -+++ b/src/lib/krb5/ccache/ccbase.c -@@ -511,7 +511,6 @@ krb5_cccol_lock(krb5_context context) - #endif - #ifdef USE_CCAPI_V3 - ret = krb5_stdccv3_context_lock(context); --#endif - if (ret) { - k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); -@@ -519,6 +518,7 @@ krb5_cccol_lock(krb5_context context) - k5_cc_mutex_unlock(context, &cccol_lock); - return ret; - } -+#endif - k5_mutex_unlock(&cc_typelist_lock); - return ret; - } diff --git a/SOURCES/Put-KDB-authdata-first.patch b/SOURCES/Put-KDB-authdata-first.patch deleted file mode 100644 index 998fa0e..0000000 --- a/SOURCES/Put-KDB-authdata-first.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 684821fc68fd27ddcc5f809a37819edd35365a9d Mon Sep 17 00:00:00 2001 -From: Isaac Boukris -Date: Sat, 1 Feb 2020 16:13:30 +0100 -Subject: [PATCH] Put KDB authdata first - -Windows services, as well as some versions of Samba, may refuse -tickets if the PAC is not in the first AD-IF-RELEVANT container. In -fetch_kdb_authdata(), change the merge order so that authdata from the -KDB module appears first. - -[ghudson@mit.edu: added comment and clarified commit message] - -ticket: 8872 (new) -tags: pullup -target_version: 1.18 -target_version: 1.17-next - -(cherry picked from commit 331fa4bdd34263ea20667a0f51338cb84357fdaa) -(cherry picked from commit 1678270de3fda699114122447b1f06b08fb4e53e) ---- - src/kdc/kdc_authdata.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c -index 1b067cb0b..616c3eadc 100644 ---- a/src/kdc/kdc_authdata.c -+++ b/src/kdc/kdc_authdata.c -@@ -383,11 +383,14 @@ fetch_kdb_authdata(krb5_context context, unsigned int flags, - if (ret) - return (ret == KRB5_PLUGIN_OP_NOTSUPP) ? 0 : ret; - -- /* Add the KDB authdata to the ticket, without copying or filtering. */ -- ret = merge_authdata(context, db_authdata, -- &enc_tkt_reply->authorization_data, FALSE, FALSE); -+ /* Put the KDB authdata first in the ticket. A successful merge places the -+ * combined list in db_authdata and releases the old ticket authdata. */ -+ ret = merge_authdata(context, enc_tkt_reply->authorization_data, -+ &db_authdata, FALSE, FALSE); - if (ret) - krb5_free_authdata(context, db_authdata); -+ else -+ enc_tkt_reply->authorization_data = db_authdata; - return ret; - } - diff --git a/SOURCES/Refactor-krb5-GSS-checksum-handling.patch b/SOURCES/Refactor-krb5-GSS-checksum-handling.patch new file mode 100644 index 0000000..8e97028 --- /dev/null +++ b/SOURCES/Refactor-krb5-GSS-checksum-handling.patch @@ -0,0 +1,480 @@ +From c4a49f5b42916fdbb34c72a11adb42ff879c50c3 Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Fri, 30 Jun 2017 16:03:01 -0400 +Subject: [PATCH] Refactor krb5 GSS checksum handling + +Separate out checksum handling from kg_accept_krb5() into a new helper +process_checksum(). + +[ghudson@mit.edu: simplified checksum processing and made it use +k5-input.h instead of TREAD_ macros; moved more flag handling into +helper] + +[iboukris: adjusted helper function arguments, allowing access to the +full authenticator for subsequent changes] + +(cherry picked from commit 64d56233f9816a2a93f6e8d3030c8ed6ce397735) +[rharwood@redhat.com: problem with typo fix commit, I think] +(cherry picked from commit a34b7c50e62c19f80d39ece6a72017dac781df64) +--- + src/lib/gssapi/krb5/accept_sec_context.c | 383 +++++++++++------------ + 1 file changed, 179 insertions(+), 204 deletions(-) + +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index c5bddb1e8..70dd7fc0c 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -98,6 +98,7 @@ + */ + + #include "k5-int.h" ++#include "k5-input.h" + #include "gssapiP_krb5.h" + #ifdef HAVE_MEMORY_H + #include +@@ -413,6 +414,174 @@ kg_process_extension(krb5_context context, + return code; + } + ++/* The length of the MD5 channel bindings in an 0x8003 checksum */ ++#define CB_MD5_LEN 16 ++ ++/* The minimum length of an 0x8003 checksum value (4-byte channel bindings ++ * length, 16-byte channel bindings, 4-byte flags) */ ++#define MIN_8003_LEN (4 + CB_MD5_LEN + 4) ++ ++/* The flags we accept from the initiator's authenticator checksum. */ ++#define INITIATOR_FLAGS (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | \ ++ GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \ ++ GSS_C_SEQUENCE_FLAG | GSS_C_DCE_STYLE | \ ++ GSS_C_IDENTIFY_FLAG | GSS_C_EXTENDED_ERROR_FLAG) ++ ++/* ++ * The krb5 GSS mech appropriates the authenticator checksum field from RFC ++ * 4120 to store structured data instead of a checksum, indicated with checksum ++ * type 0x8003 (see RFC 4121 section 4.1.1). Some implementations instead send ++ * no checksum, or a regular checksum over empty data. ++ * ++ * Interpret the checksum. Read delegated creds into *deleg_out if it is not ++ * NULL. Set *flags_out to the allowed subset of token flags, plus ++ * GSS_C_DELEG_FLAG if a delegated credential was present. Process any ++ * extensions found using exts. On error, set *code_out to a krb5_error code ++ * for use as a minor status value. ++ */ ++static OM_uint32 ++process_checksum(OM_uint32 *minor_status, krb5_context context, ++ gss_channel_bindings_t acceptor_cb, ++ krb5_auth_context auth_context, krb5_flags ap_req_options, ++ krb5_authenticator *authenticator, krb5_gss_ctx_ext_t exts, ++ krb5_gss_cred_id_t *deleg_out, krb5_ui_4 *flags_out, ++ krb5_error_code *code_out) ++{ ++ krb5_error_code code = 0; ++ OM_uint32 status, option_id, token_flags; ++ size_t cb_len, option_len; ++ krb5_boolean valid; ++ krb5_key subkey; ++ krb5_data option, empty = empty_data(); ++ krb5_checksum cb_cksum; ++ const uint8_t *token_cb, *option_bytes; ++ struct k5input in; ++ const krb5_checksum *cksum = authenticator->checksum; ++ ++ cb_cksum.contents = NULL; ++ ++ if (cksum == NULL) { ++ /* ++ * Some SMB client implementations use handcrafted GSSAPI code that ++ * does not provide a checksum. MS-KILE documents that the Microsoft ++ * implementation considers a missing checksum acceptable; the server ++ * assumes all flags are unset in this case, and does not check channel ++ * bindings. ++ */ ++ *flags_out = 0; ++ } else if (cksum->checksum_type != CKSUMTYPE_KG_CB) { ++ /* Samba sends a regular checksum. */ ++ code = krb5_auth_con_getkey_k(context, auth_context, &subkey); ++ if (code) { ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ ++ /* Verifying the checksum ensures that this authenticator wasn't ++ * replayed from one with a checksum over actual data. */ ++ code = krb5_k_verify_checksum(context, subkey, ++ KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, &empty, ++ cksum, &valid); ++ krb5_k_free_key(context, subkey); ++ if (code || !valid) { ++ status = GSS_S_BAD_SIG; ++ goto fail; ++ } ++ ++ /* Use ap_options from the request to guess the mutual flag. */ ++ *flags_out = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; ++ if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) ++ *flags_out |= GSS_C_MUTUAL_FLAG; ++ } else { ++ /* The checksum must contain at least a fixed 24-byte part. */ ++ if (cksum->length < MIN_8003_LEN) { ++ status = GSS_S_BAD_BINDINGS; ++ goto fail; ++ } ++ ++ k5_input_init(&in, cksum->contents, cksum->length); ++ cb_len = k5_input_get_uint32_le(&in); ++ if (cb_len != CB_MD5_LEN) { ++ code = KG_BAD_LENGTH; ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ ++ token_cb = k5_input_get_bytes(&in, cb_len); ++ if (acceptor_cb != GSS_C_NO_CHANNEL_BINDINGS) { ++ code = kg_checksum_channel_bindings(context, acceptor_cb, ++ &cb_cksum); ++ if (code) { ++ status = GSS_S_BAD_BINDINGS; ++ goto fail; ++ } ++ assert(cb_cksum.length == cb_len); ++ if (k5_bcmp(token_cb, cb_cksum.contents, cb_len) != 0) { ++ status = GSS_S_BAD_BINDINGS; ++ goto fail; ++ } ++ } ++ ++ /* Read the token flags and accept some of them as context flags. */ ++ token_flags = k5_input_get_uint32_le(&in); ++ *flags_out = token_flags & INITIATOR_FLAGS; ++ ++ /* Read the delegated credential if present. */ ++ if (in.len >= 4 && (token_flags & GSS_C_DELEG_FLAG)) { ++ option_id = k5_input_get_uint16_le(&in); ++ option_len = k5_input_get_uint16_le(&in); ++ option_bytes = k5_input_get_bytes(&in, option_len); ++ option = make_data((uint8_t *)option_bytes, option_len); ++ if (in.status) { ++ code = KG_BAD_LENGTH; ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ if (option_id != KRB5_GSS_FOR_CREDS_OPTION) { ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ ++ /* Store the delegated credential. */ ++ code = rd_and_store_for_creds(context, auth_context, &option, ++ deleg_out); ++ if (code) { ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ *flags_out |= GSS_C_DELEG_FLAG; ++ } ++ ++ /* Process any extensions at the end of the checksum. Extensions use ++ * 4-byte big-endian tag and length instead of 2-byte little-endian. */ ++ while (in.len > 0) { ++ option_id = k5_input_get_uint32_be(&in); ++ option_len = k5_input_get_uint32_be(&in); ++ option_bytes = k5_input_get_bytes(&in, option_len); ++ option = make_data((uint8_t *)option_bytes, option_len); ++ if (in.status) { ++ code = KG_BAD_LENGTH; ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ ++ code = kg_process_extension(context, auth_context, option_id, ++ &option, exts); ++ if (code) { ++ status = GSS_S_FAILURE; ++ goto fail; ++ } ++ } ++ } ++ ++ status = GSS_S_COMPLETE; ++ ++fail: ++ free(cb_cksum.contents); ++ *code_out = code; ++ return status; ++} ++ + static OM_uint32 + kg_accept_krb5(minor_status, context_handle, + verifier_cred_handle, input_token, +@@ -433,17 +602,13 @@ kg_accept_krb5(minor_status, context_handle, + krb5_gss_ctx_ext_t exts; + { + krb5_context context; +- unsigned char *ptr, *ptr2; ++ unsigned char *ptr; + char *sptr; +- OM_uint32 tmp; +- size_t md5len; + krb5_gss_cred_id_t cred = 0; + krb5_data ap_rep, ap_req; +- unsigned int i; + krb5_error_code code; + krb5_address addr, *paddr; + krb5_authenticator *authdat = 0; +- krb5_checksum reqcksum; + krb5_gss_name_t name = NULL; + krb5_ui_4 gss_flags = 0; + krb5_gss_ctx_id_rec *ctx = NULL; +@@ -451,8 +616,6 @@ kg_accept_krb5(minor_status, context_handle, + gss_buffer_desc token; + krb5_auth_context auth_context = NULL; + krb5_ticket * ticket = NULL; +- int option_id; +- krb5_data option; + const gss_OID_desc *mech_used = NULL; + OM_uint32 major_status = GSS_S_FAILURE; + OM_uint32 tmp_minor_status; +@@ -463,7 +626,6 @@ kg_accept_krb5(minor_status, context_handle, + krb5int_access kaccess; + int cred_rcache = 0; + int no_encap = 0; +- int token_deleg_flag = 0; + krb5_flags ap_req_options = 0; + krb5_enctype negotiated_etype; + krb5_authdata_context ad_context = NULL; +@@ -489,7 +651,6 @@ kg_accept_krb5(minor_status, context_handle, + output_token->length = 0; + output_token->value = NULL; + token.value = 0; +- reqcksum.contents = 0; + ap_req.data = 0; + ap_rep.data = 0; + +@@ -654,195 +815,16 @@ kg_accept_krb5(minor_status, context_handle, + + krb5_auth_con_getauthenticator(context, auth_context, &authdat); + +- if (authdat->checksum == NULL) { +- /* +- * Some SMB client implementations use handcrafted GSSAPI code that +- * does not provide a checksum. MS-KILE documents that the Microsoft +- * implementation considers a missing checksum acceptable; the server +- * assumes all flags are unset in this case, and does not check channel +- * bindings. +- */ +- gss_flags = 0; +- } else if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) { +- /* Samba does not send 0x8003 GSS-API checksums */ +- krb5_boolean valid; +- krb5_key subkey; +- krb5_data zero; ++ major_status = process_checksum(minor_status, context, input_chan_bindings, ++ auth_context, ap_req_options, ++ authdat, exts, ++ delegated_cred_handle ? &deleg_cred : NULL, ++ &gss_flags, &code); + +- code = krb5_auth_con_getkey_k(context, auth_context, &subkey); +- if (code) { +- major_status = GSS_S_FAILURE; +- goto fail; +- } ++ if (major_status != GSS_S_COMPLETE) ++ goto fail; + +- zero.length = 0; +- zero.data = ""; +- +- code = krb5_k_verify_checksum(context, +- subkey, +- KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, +- &zero, +- authdat->checksum, +- &valid); +- krb5_k_free_key(context, subkey); +- if (code || !valid) { +- major_status = GSS_S_BAD_SIG; +- goto fail; +- } +- +- /* Use ap_options from the request to guess the mutual flag. */ +- gss_flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; +- if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) +- gss_flags |= GSS_C_MUTUAL_FLAG; +- } else { +- /* gss krb5 v1 */ +- +- /* stash this now, for later. */ +- code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &md5len); +- if (code) { +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- +- /* verify that the checksum is correct */ +- +- /* +- The checksum may be either exactly 24 bytes, in which case +- no options are specified, or greater than 24 bytes, in which case +- one or more options are specified. Currently, the only valid +- option is KRB5_GSS_FOR_CREDS_OPTION ( = 1 ). +- */ +- +- if ((authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) || +- (authdat->checksum->length < 24)) { +- code = 0; +- major_status = GSS_S_BAD_BINDINGS; +- goto fail; +- } +- +- ptr = (unsigned char *) authdat->checksum->contents; +- +- TREAD_INT(ptr, tmp, 0); +- +- if (tmp != md5len) { +- code = KG_BAD_LENGTH; +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- +- /* +- The following section of code attempts to implement the +- optional channel binding facility as described in RFC2743. +- +- Since this facility is optional channel binding may or may +- not have been provided by either the client or the server. +- +- If the server has specified input_chan_bindings equal to +- GSS_C_NO_CHANNEL_BINDINGS then we skip the check. If +- the server does provide channel bindings then we compute +- a checksum and compare against those provided by the +- client. */ +- +- if ((code = kg_checksum_channel_bindings(context, +- input_chan_bindings, +- &reqcksum))) { +- major_status = GSS_S_BAD_BINDINGS; +- goto fail; +- } +- +- /* Always read the clients bindings - eventhough we might ignore them */ +- TREAD_STR(ptr, ptr2, reqcksum.length); +- +- if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS ) { +- if (memcmp(ptr2, reqcksum.contents, reqcksum.length) != 0) { +- xfree(reqcksum.contents); +- reqcksum.contents = 0; +- code = 0; +- major_status = GSS_S_BAD_BINDINGS; +- goto fail; +- } +- +- } +- +- xfree(reqcksum.contents); +- reqcksum.contents = 0; +- +- /* Read the token flags. Remember if GSS_C_DELEG_FLAG was set, but +- * mask it out until we actually read a delegated credential. */ +- TREAD_INT(ptr, gss_flags, 0); +- token_deleg_flag = (gss_flags & GSS_C_DELEG_FLAG); +- gss_flags &= ~GSS_C_DELEG_FLAG; +- +- /* if the checksum length > 24, there are options to process */ +- +- i = authdat->checksum->length - 24; +- if (i && token_deleg_flag) { +- if (i >= 4) { +- TREAD_INT16(ptr, option_id, 0); +- TREAD_INT16(ptr, option.length, 0); +- i -= 4; +- +- if (i < option.length) { +- code = KG_BAD_LENGTH; +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- +- /* have to use ptr2, since option.data is wrong type and +- macro uses ptr as both lvalue and rvalue */ +- +- TREAD_STR(ptr, ptr2, option.length); +- option.data = (char *) ptr2; +- +- i -= option.length; +- +- if (option_id != KRB5_GSS_FOR_CREDS_OPTION) { +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- +- /* store the delegated credential */ +- +- code = rd_and_store_for_creds(context, auth_context, &option, +- (delegated_cred_handle) ? +- &deleg_cred : NULL); +- if (code) { +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- +- gss_flags |= GSS_C_DELEG_FLAG; +- } /* if i >= 4 */ +- /* ignore any additional trailing data, for now */ +- } +- while (i > 0) { +- /* Process Type-Length-Data options */ +- if (i < 8) { +- code = KG_BAD_LENGTH; +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- TREAD_INT(ptr, option_id, 1); +- TREAD_INT(ptr, option.length, 1); +- i -= 8; +- if (i < option.length) { +- code = KG_BAD_LENGTH; +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- TREAD_STR(ptr, ptr2, option.length); +- option.data = (char *)ptr2; +- +- i -= option.length; +- +- code = kg_process_extension(context, auth_context, +- option_id, &option, exts); +- if (code != 0) { +- major_status = GSS_S_FAILURE; +- goto fail; +- } +- } +- } ++ major_status = GSS_S_FAILURE; + + if (exts->iakerb.conv && !exts->iakerb.verified) { + major_status = GSS_S_BAD_SIG; +@@ -869,12 +851,7 @@ kg_accept_krb5(minor_status, context_handle, + ctx->mech_used = (gss_OID) mech_used; + ctx->auth_context = auth_context; + ctx->initiate = 0; +- ctx->gss_flags = (GSS_C_TRANS_FLAG | +- ((gss_flags) & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | +- GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | +- GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG | +- GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG | +- GSS_C_EXTENDED_ERROR_FLAG))); ++ ctx->gss_flags = gss_flags | GSS_C_TRANS_FLAG; + ctx->seed_init = 0; + ctx->cred_rcache = cred_rcache; + +@@ -1161,8 +1138,6 @@ fail: + + krb5_auth_con_free(context, auth_context); + } +- if (reqcksum.contents) +- xfree(reqcksum.contents); + if (ap_rep.data) + krb5_free_data_contents(context, &ap_rep); + if (major_status == GSS_S_COMPLETE || diff --git a/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch b/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch new file mode 100644 index 0000000..c8c6cd8 --- /dev/null +++ b/SOURCES/Refresh-manually-acquired-creds-from-client-keytab.patch @@ -0,0 +1,79 @@ +From fdd97fe6c9f0a3a6ff8d2580ca9f3c46826449b7 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 26 Feb 2020 18:27:17 -0500 +Subject: [PATCH] Refresh manually acquired creds from client keytab + +If a client keytab is present but credentials are acquired manually, +the credentials would not be refreshed because no refresh_time config +var is set in the cache. Change kg_cred_time_to_refresh() to attempt +a refresh from the client keytab on any credentials which will expire +in the next 30 seconds. + +[ghudson@mit.edu: adjused code and added test case] + +ticket: 7976 +(cherry picked from commit 729896467e3c77904666019d6cbbda583ae49b95) +(cherry picked from commit 685aada9eae420cb5156ca7b71c2c7614c0b6e2c) +--- + src/lib/gssapi/krb5/acquire_cred.c | 14 +++++++++++--- + src/tests/gssapi/t_client_keytab.py | 18 ++++++++++++++++++ + 2 files changed, 29 insertions(+), 3 deletions(-) + +diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c +index acc1868f8..4062f4741 100644 +--- a/src/lib/gssapi/krb5/acquire_cred.c ++++ b/src/lib/gssapi/krb5/acquire_cred.c +@@ -557,15 +557,23 @@ set_refresh_time(krb5_context context, krb5_ccache ccache, + krb5_boolean + kg_cred_time_to_refresh(krb5_context context, krb5_gss_cred_id_rec *cred) + { +- krb5_timestamp now; ++ krb5_timestamp now, soon; + + if (krb5_timeofday(context, &now)) + return FALSE; ++ soon = ts_incr(now, 30); + if (cred->refresh_time != 0 && !ts_after(cred->refresh_time, now)) { +- set_refresh_time(context, cred->ccache, +- ts_incr(cred->refresh_time, 30)); ++ set_refresh_time(context, cred->ccache, soon); + return TRUE; + } ++ ++ /* If the creds will expire soon, try to refresh even if they weren't ++ * acquired with a client keytab. */ ++ if (ts_after(soon, cred->expire)) { ++ set_refresh_time(context, cred->ccache, soon); ++ return TRUE; ++ } ++ + return FALSE; + } + +diff --git a/src/tests/gssapi/t_client_keytab.py b/src/tests/gssapi/t_client_keytab.py +index e474a27c7..7847b3ecd 100755 +--- a/src/tests/gssapi/t_client_keytab.py ++++ b/src/tests/gssapi/t_client_keytab.py +@@ -124,4 +124,22 @@ realm.kinit(realm.user_princ, password('user')) + realm.run(['./t_ccselect', phost], env=bad_cktname, + expected_msg=realm.user_princ) + ++mark('refresh of manually acquired creds') ++ ++# Test 17: no name/ccache specified, manually acquired creds which ++# will expire soon. Verify that creds are refreshed using the current ++# client name, with refresh_time set in the refreshed ccache. ++realm.kinit('bob', password('bob'), ['-l', '15s']) ++realm.run(['./t_ccselect', phost], expected_msg='bob') ++realm.run([klist, '-C'], expected_msg='refresh_time = ') ++ ++# Test 18: no name/ccache specified, manually acquired creds with a ++# client principal not present in the client keytab. A refresh is ++# attempted but fails, and an expired ticket error results. ++realm.kinit(realm.admin_princ, password('admin'), ['-l', '-1s']) ++msgs = ('Getting initial credentials for user/admin@KRBTEST.COM', ++ '/Matching credential not found') ++realm.run(['./t_ccselect', phost], expected_code=1, ++ expected_msg='Ticket expired', expected_trace=msgs) ++ + success('Client keytab tests') diff --git a/SOURCES/Use-backported-version-of-OpenSSL-3-KDF-interface.patch b/SOURCES/Use-backported-version-of-OpenSSL-3-KDF-interface.patch deleted file mode 100644 index b8d3916..0000000 --- a/SOURCES/Use-backported-version-of-OpenSSL-3-KDF-interface.patch +++ /dev/null @@ -1,751 +0,0 @@ -From 5e147f7f2924edfd278940dea8b1d8ed09d6872c Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Fri, 15 Nov 2019 20:05:16 +0000 -Subject: [PATCH] Use backported version of OpenSSL-3 KDF interface - -(cherry picked from commit 0e20daf7ccfe50518c89735c3dae2fde08d92325) ---- - src/configure.in | 4 + - src/lib/crypto/krb/derive.c | 356 +++++++++++++----- - .../preauth/pkinit/pkinit_crypto_openssl.c | 257 ++++++++----- - 3 files changed, 428 insertions(+), 189 deletions(-) - -diff --git a/src/configure.in b/src/configure.in -index 9f6b67b44..cf4b1139a 100644 ---- a/src/configure.in -+++ b/src/configure.in -@@ -269,6 +269,10 @@ AC_SUBST(CRYPTO_IMPL) - AC_SUBST(CRYPTO_IMPL_CFLAGS) - AC_SUBST(CRYPTO_IMPL_LIBS) - -+AC_CHECK_FUNCS(EVP_KDF_CTX_new_id EVP_KDF_ctrl EVP_KDF_derive, -+ AC_DEFINE(OSSL_KDFS, 1, [Define if using OpenSSL KDFs]), -+ AC_MSG_ERROR([backported OpenSSL KDFs not found])) -+ - AC_ARG_WITH([prng-alg], - AC_HELP_STRING([--with-prng-alg=ALG], [use specified PRNG algorithm. @<:@fortuna@:>@]), - [PRNG_ALG=$withval -diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c -index 6707a7308..915a173dd 100644 ---- a/src/lib/crypto/krb/derive.c -+++ b/src/lib/crypto/krb/derive.c -@@ -27,6 +27,13 @@ - - #include "crypto_int.h" - -+#ifdef OSSL_KDFS -+#include -+#include -+#else -+#error "Refusing to build without OpenSSL KDFs!" -+#endif -+ - static krb5_key - find_cached_dkey(struct derived_key *list, const krb5_data *constant) - { -@@ -77,55 +84,193 @@ cleanup: - return ENOMEM; - } - -+#ifdef OSSL_KDFS - static krb5_error_code --derive_random_rfc3961(const struct krb5_enc_provider *enc, -- krb5_key inkey, krb5_data *outrnd, -- const krb5_data *in_constant) -+openssl_kbdkf_counter_hmac(const struct krb5_hash_provider *hash, -+ krb5_key inkey, krb5_data *outrnd, -+ const krb5_data *label, const krb5_data *context) - { -- size_t blocksize, keybytes, n; -+ krb5_error_code ret = KRB5_CRYPTO_INTERNAL; -+ EVP_KDF_CTX *ctx = NULL; -+ const EVP_MD *digest; -+ -+ if (!strcmp(hash->hash_name, "SHA1")) -+ digest = EVP_sha1(); -+ else if (!strcmp(hash->hash_name, "SHA-256")) -+ digest = EVP_sha256(); -+ else if (!strcmp(hash->hash_name, "SHA-384")) -+ digest = EVP_sha384(); -+ else -+ goto done; -+ -+ ctx = EVP_KDF_CTX_new_id(EVP_KDF_KB); -+ if (!ctx) -+ goto done; -+ -+ if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD, digest) != 1 || -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, -+ EVP_KDF_KB_MAC_TYPE_HMAC) != 1 || -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, inkey->keyblock.contents, -+ inkey->keyblock.length) != 1 || -+ (context->length > 0 && -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_INFO, context->data, -+ context->length) != 1) || -+ (label->length > 0 && -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SALT, label->data, -+ label->length) != 1) || -+ EVP_KDF_derive(ctx, (unsigned char *)outrnd->data, -+ outrnd->length) != 1) -+ goto done; -+ -+ ret = 0; -+done: -+ if (ret) -+ zap(outrnd->data, outrnd->length); -+ EVP_KDF_CTX_free(ctx); -+ return ret; -+} -+ -+static krb5_error_code -+openssl_kbkdf_feedback_cmac(const struct krb5_enc_provider *enc, -+ krb5_key inkey, krb5_data *outrnd, -+ const krb5_data *in_constant) -+{ -+ krb5_error_code ret = KRB5_CRYPTO_INTERNAL; -+ EVP_KDF_CTX *ctx = NULL; -+ const EVP_CIPHER *cipher; -+ static unsigned char zeroes[16]; -+ -+ memset(zeroes, 0, sizeof(zeroes)); -+ -+ if (enc->keylength == 16) -+ cipher = EVP_camellia_128_cbc(); -+ else if (enc->keylength == 32) -+ cipher = EVP_camellia_256_cbc(); -+ else -+ goto done; -+ -+ ctx = EVP_KDF_CTX_new_id(EVP_KDF_KB); -+ if (!ctx) -+ goto done; -+ -+ if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_MODE, -+ EVP_KDF_KB_MODE_FEEDBACK) != 1 || -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, -+ EVP_KDF_KB_MAC_TYPE_CMAC) != 1 || -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_CIPHER, cipher) != 1 || -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, inkey->keyblock.contents, -+ inkey->keyblock.length) != 1 || -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SALT, in_constant->data, -+ in_constant->length) != 1 || -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_SEED, zeroes, -+ sizeof(zeroes)) != 1 || -+ EVP_KDF_derive(ctx, (unsigned char *)outrnd->data, -+ outrnd->length) != 1) -+ goto done; -+ -+ ret = 0; -+done: -+ if (ret) -+ zap(outrnd->data, outrnd->length); -+ EVP_KDF_CTX_free(ctx); -+ return ret; -+} -+ -+static krb5_error_code -+openssl_krb5kdf(const struct krb5_enc_provider *enc, krb5_key inkey, -+ krb5_data *outrnd, const krb5_data *in_constant) -+{ -+ krb5_error_code ret = KRB5_CRYPTO_INTERNAL; -+ EVP_KDF_CTX *ctx = NULL; -+ const EVP_CIPHER *cipher; -+ -+ if (inkey->keyblock.length != enc->keylength || -+ outrnd->length != enc->keybytes) { -+ return KRB5_CRYPTO_INTERNAL; -+ } -+ -+ if (enc->encrypt == krb5int_aes_encrypt && enc->keylength == 16) -+ cipher = EVP_aes_128_cbc(); -+ else if (enc->encrypt == krb5int_aes_encrypt && enc->keylength == 32) -+ cipher = EVP_aes_256_cbc(); -+ else if (enc->keylength == 24) -+ cipher = EVP_des_ede3_cbc(); -+ else -+ goto done; -+ -+ ctx = EVP_KDF_CTX_new_id(EVP_KDF_KRB5KDF); -+ if (ctx == NULL) -+ goto done; -+ -+ if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_CIPHER, cipher) != 1 || -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, inkey->keyblock.contents, -+ inkey->keyblock.length) != 1 || -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KRB5KDF_CONSTANT, -+ in_constant->data, in_constant->length) != 1 || -+ EVP_KDF_derive(ctx, (unsigned char *)outrnd->data, -+ outrnd->length) != 1) -+ goto done; -+ -+ ret = 0; -+done: -+ if (ret) -+ zap(outrnd->data, outrnd->length); -+ EVP_KDF_CTX_free(ctx); -+ return ret; -+} -+ -+#else /* OSSL_KDFS */ -+ -+/* -+ * NIST SP800-108 KDF in counter mode (section 5.1). -+ * Parameters: -+ * - HMAC (with hash as the hash provider) is the PRF. -+ * - A block counter of four bytes is used. -+ * - Four bytes are used to encode the output length in the PRF input. -+ * -+ * There are no uses requiring more than a single PRF invocation. -+ */ -+static krb5_error_code -+builtin_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, -+ krb5_key inkey, krb5_data *outrnd, -+ const krb5_data *label, -+ const krb5_data *context) -+{ -+ krb5_crypto_iov iov[5]; - krb5_error_code ret; -- krb5_data block = empty_data(); -+ krb5_data prf; -+ unsigned char ibuf[4], lbuf[4]; - -- blocksize = enc->block_size; -- keybytes = enc->keybytes; -- -- if (blocksize == 1) -- return KRB5_BAD_ENCTYPE; -- if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes) -+ if (hash == NULL || outrnd->length > hash->hashsize) - return KRB5_CRYPTO_INTERNAL; - - /* Allocate encryption data buffer. */ -- ret = alloc_data(&block, blocksize); -+ ret = alloc_data(&prf, hash->hashsize); - if (ret) - return ret; - -- /* Initialize the input block. */ -- if (in_constant->length == blocksize) { -- memcpy(block.data, in_constant->data, blocksize); -- } else { -- krb5int_nfold(in_constant->length * 8, -- (unsigned char *) in_constant->data, -- blocksize * 8, (unsigned char *) block.data); -- } -+ /* [i]2: four-byte big-endian binary string giving the block counter (1) */ -+ iov[0].flags = KRB5_CRYPTO_TYPE_DATA; -+ iov[0].data = make_data(ibuf, sizeof(ibuf)); -+ store_32_be(1, ibuf); -+ /* Label */ -+ iov[1].flags = KRB5_CRYPTO_TYPE_DATA; -+ iov[1].data = *label; -+ /* 0x00: separator byte */ -+ iov[2].flags = KRB5_CRYPTO_TYPE_DATA; -+ iov[2].data = make_data("", 1); -+ /* Context */ -+ iov[3].flags = KRB5_CRYPTO_TYPE_DATA; -+ iov[3].data = *context; -+ /* [L]2: four-byte big-endian binary string giving the output length */ -+ iov[4].flags = KRB5_CRYPTO_TYPE_DATA; -+ iov[4].data = make_data(lbuf, sizeof(lbuf)); -+ store_32_be(outrnd->length * 8, lbuf); - -- /* Loop encrypting the blocks until enough key bytes are generated. */ -- n = 0; -- while (n < keybytes) { -- ret = encrypt_block(enc, inkey, &block); -- if (ret) -- goto cleanup; -- -- if ((keybytes - n) <= blocksize) { -- memcpy(outrnd->data + n, block.data, (keybytes - n)); -- break; -- } -- -- memcpy(outrnd->data + n, block.data, blocksize); -- n += blocksize; -- } -- --cleanup: -- zapfree(block.data, blocksize); -+ ret = krb5int_hmac(hash, inkey, iov, 5, &prf); -+ if (!ret) -+ memcpy(outrnd->data, prf.data, outrnd->length); -+ zapfree(prf.data, prf.length); - return ret; - } - -@@ -139,9 +284,9 @@ cleanup: - * - Four bytes are used to encode the output length in the PRF input. - */ - static krb5_error_code --derive_random_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, -- krb5_key inkey, krb5_data *outrnd, -- const krb5_data *in_constant) -+builtin_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, -+ krb5_key inkey, krb5_data *outrnd, -+ const krb5_data *in_constant) - { - size_t blocksize, keybytes, n; - krb5_crypto_iov iov[6]; -@@ -204,56 +349,94 @@ cleanup: - return ret; - } - --/* -- * NIST SP800-108 KDF in counter mode (section 5.1). -- * Parameters: -- * - HMAC (with hash as the hash provider) is the PRF. -- * - A block counter of four bytes is used. -- * - Four bytes are used to encode the output length in the PRF input. -- * -- * There are no uses requiring more than a single PRF invocation. -- */ -+static krb5_error_code -+builtin_derive_random_rfc3961(const struct krb5_enc_provider *enc, -+ krb5_key inkey, krb5_data *outrnd, -+ const krb5_data *in_constant) -+{ -+ size_t blocksize, keybytes, n; -+ krb5_error_code ret; -+ krb5_data block = empty_data(); -+ -+ blocksize = enc->block_size; -+ keybytes = enc->keybytes; -+ -+ if (blocksize == 1) -+ return KRB5_BAD_ENCTYPE; -+ if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes) -+ return KRB5_CRYPTO_INTERNAL; -+ -+ /* Allocate encryption data buffer. */ -+ ret = alloc_data(&block, blocksize); -+ if (ret) -+ return ret; -+ -+ /* Initialize the input block. */ -+ if (in_constant->length == blocksize) { -+ memcpy(block.data, in_constant->data, blocksize); -+ } else { -+ krb5int_nfold(in_constant->length * 8, -+ (unsigned char *) in_constant->data, -+ blocksize * 8, (unsigned char *) block.data); -+ } -+ -+ /* Loop encrypting the blocks until enough key bytes are generated. */ -+ n = 0; -+ while (n < keybytes) { -+ ret = encrypt_block(enc, inkey, &block); -+ if (ret) -+ goto cleanup; -+ -+ if ((keybytes - n) <= blocksize) { -+ memcpy(outrnd->data + n, block.data, (keybytes - n)); -+ break; -+ } -+ -+ memcpy(outrnd->data + n, block.data, blocksize); -+ n += blocksize; -+ } -+ -+cleanup: -+ zapfree(block.data, blocksize); -+ return ret; -+} -+#endif /* OSSL_KDFS */ -+ - krb5_error_code - k5_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, - krb5_key inkey, krb5_data *outrnd, - const krb5_data *label, const krb5_data *context) - { -- krb5_crypto_iov iov[5]; -- krb5_error_code ret; -- krb5_data prf; -- unsigned char ibuf[4], lbuf[4]; -+#ifdef OSSL_KDFS -+ return openssl_kbdkf_counter_hmac(hash, inkey, outrnd, label, context); -+#else -+ return builtin_sp800_108_counter_hmac(hash, inkey, outrnd, label, -+ context); -+#endif -+} - -- if (hash == NULL || outrnd->length > hash->hashsize) -- return KRB5_CRYPTO_INTERNAL; -+static krb5_error_code -+k5_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, -+ krb5_key inkey, krb5_data *outrnd, -+ const krb5_data *in_constant) -+{ -+#ifdef OSSL_KDFS -+ return openssl_kbkdf_feedback_cmac(enc, inkey, outrnd, in_constant); -+#else -+ return builtin_sp800_108_feedback_cmac(enc, inkey, outrnd, in_constant); -+#endif -+} - -- /* Allocate encryption data buffer. */ -- ret = alloc_data(&prf, hash->hashsize); -- if (ret) -- return ret; -- -- /* [i]2: four-byte big-endian binary string giving the block counter (1) */ -- iov[0].flags = KRB5_CRYPTO_TYPE_DATA; -- iov[0].data = make_data(ibuf, sizeof(ibuf)); -- store_32_be(1, ibuf); -- /* Label */ -- iov[1].flags = KRB5_CRYPTO_TYPE_DATA; -- iov[1].data = *label; -- /* 0x00: separator byte */ -- iov[2].flags = KRB5_CRYPTO_TYPE_DATA; -- iov[2].data = make_data("", 1); -- /* Context */ -- iov[3].flags = KRB5_CRYPTO_TYPE_DATA; -- iov[3].data = *context; -- /* [L]2: four-byte big-endian binary string giving the output length */ -- iov[4].flags = KRB5_CRYPTO_TYPE_DATA; -- iov[4].data = make_data(lbuf, sizeof(lbuf)); -- store_32_be(outrnd->length * 8, lbuf); -- -- ret = krb5int_hmac(hash, inkey, iov, 5, &prf); -- if (!ret) -- memcpy(outrnd->data, prf.data, outrnd->length); -- zapfree(prf.data, prf.length); -- return ret; -+static krb5_error_code -+k5_derive_random_rfc3961(const struct krb5_enc_provider *enc, -+ krb5_key inkey, krb5_data *outrnd, -+ const krb5_data *in_constant) -+{ -+#ifdef OSSL_KDFS -+ return openssl_krb5kdf(enc, inkey, outrnd, in_constant); -+#else -+ return builtin_derive_random_rfc3961(enc, inkey, outrnd, in_constant); -+#endif - } - - krb5_error_code -@@ -266,10 +449,9 @@ krb5int_derive_random(const struct krb5_enc_provider *enc, - - switch (alg) { - case DERIVE_RFC3961: -- return derive_random_rfc3961(enc, inkey, outrnd, in_constant); -+ return k5_derive_random_rfc3961(enc, inkey, outrnd, in_constant); - case DERIVE_SP800_108_CMAC: -- return derive_random_sp800_108_feedback_cmac(enc, inkey, outrnd, -- in_constant); -+ return k5_sp800_108_feedback_cmac(enc, inkey, outrnd, in_constant); - case DERIVE_SP800_108_HMAC: - return k5_sp800_108_counter_hmac(hash, inkey, outrnd, in_constant, - &empty); -diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -index 5ff81d8cf..8d2c230c8 100644 ---- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c -@@ -38,6 +38,13 @@ - #include - #include - -+#ifdef OSSL_KDFS -+#include -+#include -+#else -+#error "Refusing to build without OpenSSL KDFs!" -+#endif -+ - static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context ); - static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ); - -@@ -2460,11 +2467,51 @@ pkinit_alg_values(krb5_context context, - } - } /* pkinit_alg_values() */ - -+#ifdef OSSL_KDFS -+static krb5_error_code -+openssl_sskdf(krb5_context context, size_t hash_bytes, krb5_data *key, -+ krb5_data *info, char *out, size_t out_len) -+{ -+ krb5_error_code ret = KRB5_CRYPTO_INTERNAL; -+ EVP_KDF_CTX *ctx = NULL; -+ const EVP_MD *digest; - --/* pkinit_alg_agility_kdf() -- -- * This function generates a key using the KDF described in -- * draft_ietf_krb_wg_pkinit_alg_agility-04.txt. The algorithm is -- * described as follows: -+ /* RFC 8636 defines a SHA384 variant, but we don't use it. */ -+ if (hash_bytes == 20) { -+ digest = EVP_sha1(); -+ } else if (hash_bytes == 32) { -+ digest = EVP_sha256(); -+ } else if (hash_bytes == 64) { -+ digest = EVP_sha512(); -+ } else { -+ krb5_set_error_message(context, ret, "Bad hash type for SSKDF"); -+ goto done; -+ } -+ -+ ctx = EVP_KDF_CTX_new_id(EVP_KDF_SS); -+ if (!ctx) { -+ oerr(context, ret, _("Failed to instantiate SSKDF")); -+ goto done; -+ } -+ -+ if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD, digest) != 1 || -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key->data, -+ key->length) != 1 || -+ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSKDF_INFO, info->data, -+ info->length) != 1 || -+ EVP_KDF_derive(ctx, (unsigned char *)out, out_len) != 1) -+ goto done; -+ -+ ret = 0; -+done: -+ EVP_KDF_CTX_free(ctx); -+ return ret; -+} -+#else -+/* -+ * Generate a key using the KDF described in RFC 8636, also known as SSKDF -+ * (single-step kdf). Our caller precomputes `reps`, but otherwise the -+ * algorithm is as follows: - * - * 1. reps = keydatalen (K) / hash length (H) - * -@@ -2478,95 +2525,16 @@ pkinit_alg_values(krb5_context context, - * - * 4. Set key = Hash1 || Hash2 || ... so that length of key is K bytes. - */ --krb5_error_code --pkinit_alg_agility_kdf(krb5_context context, -- krb5_data *secret, -- krb5_data *alg_oid, -- krb5_const_principal party_u_info, -- krb5_const_principal party_v_info, -- krb5_enctype enctype, -- krb5_data *as_req, -- krb5_data *pk_as_rep, -- krb5_keyblock *key_block) -+static krb5_error_code -+builtin_sskdf(krb5_context context, unsigned int reps, size_t hash_len, -+ const EVP_MD *(*EVP_func)(void), krb5_data *secret, -+ krb5_data *other_info, char *out, size_t out_len) - { - krb5_error_code retval = 0; - -- unsigned int reps = 0; -- uint32_t counter = 1; /* Does this type work on Windows? */ -+ uint32_t counter = 1; - size_t offset = 0; -- size_t hash_len = 0; -- size_t rand_len = 0; -- size_t key_len = 0; -- krb5_data random_data; -- krb5_sp80056a_other_info other_info_fields; -- krb5_pkinit_supp_pub_info supp_pub_info_fields; -- krb5_data *other_info = NULL; -- krb5_data *supp_pub_info = NULL; -- krb5_algorithm_identifier alg_id; - EVP_MD_CTX *ctx = NULL; -- const EVP_MD *(*EVP_func)(void); -- -- /* initialize random_data here to make clean-up safe */ -- random_data.length = 0; -- random_data.data = NULL; -- -- /* allocate and initialize the key block */ -- key_block->magic = 0; -- key_block->enctype = enctype; -- if (0 != (retval = krb5_c_keylengths(context, enctype, &rand_len, -- &key_len))) -- goto cleanup; -- -- random_data.length = rand_len; -- key_block->length = key_len; -- -- if (NULL == (key_block->contents = malloc(key_block->length))) { -- retval = ENOMEM; -- goto cleanup; -- } -- -- memset (key_block->contents, 0, key_block->length); -- -- /* If this is anonymous pkinit, use the anonymous principle for party_u_info */ -- if (party_u_info && krb5_principal_compare_any_realm(context, party_u_info, -- krb5_anonymous_principal())) -- party_u_info = (krb5_principal)krb5_anonymous_principal(); -- -- if (0 != (retval = pkinit_alg_values(context, alg_oid, &hash_len, &EVP_func))) -- goto cleanup; -- -- /* 1. reps = keydatalen (K) / hash length (H) */ -- reps = key_block->length/hash_len; -- -- /* ... and round up, if necessary */ -- if (key_block->length > (reps * hash_len)) -- reps++; -- -- /* Allocate enough space in the random data buffer to hash directly into -- * it, even if the last hash will make it bigger than the key length. */ -- if (NULL == (random_data.data = malloc(reps * hash_len))) { -- retval = ENOMEM; -- goto cleanup; -- } -- -- /* Encode the ASN.1 octet string for "SuppPubInfo" */ -- supp_pub_info_fields.enctype = enctype; -- supp_pub_info_fields.as_req = *as_req; -- supp_pub_info_fields.pk_as_rep = *pk_as_rep; -- if (0 != ((retval = encode_krb5_pkinit_supp_pub_info(&supp_pub_info_fields, -- &supp_pub_info)))) -- goto cleanup; -- -- /* Now encode the ASN.1 octet string for "OtherInfo" */ -- memset(&alg_id, 0, sizeof alg_id); -- alg_id.algorithm = *alg_oid; /*alias*/ -- -- other_info_fields.algorithm_identifier = alg_id; -- other_info_fields.party_u_info = (krb5_principal) party_u_info; -- other_info_fields.party_v_info = (krb5_principal) party_v_info; -- other_info_fields.supp_pub_info = *supp_pub_info; -- if (0 != (retval = encode_krb5_sp80056a_other_info(&other_info_fields, &other_info))) -- goto cleanup; - - /* 2. Initialize a 32-bit, big-endian bit string counter as 1. - * 3. For i = 1 to reps by 1, do the following: -@@ -2600,8 +2568,9 @@ pkinit_alg_agility_kdf(krb5_context context, - goto cleanup; - } - -- /* 4. Set key = Hash1 || Hash2 || ... so that length of key is K bytes. */ -- if (!EVP_DigestFinal(ctx, (uint8_t *)random_data.data + offset, &s)) { -+ /* 4. Set key = Hash1 || Hash2 || ... so that length of key is K -+ * bytes. */ -+ if (!EVP_DigestFinal(ctx, (unsigned char *)out + offset, &s)) { - krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL, - "Call to OpenSSL EVP_DigestUpdate() returned an error."); - retval = KRB5_CRYPTO_INTERNAL; -@@ -2613,26 +2582,110 @@ pkinit_alg_agility_kdf(krb5_context context, - EVP_MD_CTX_free(ctx); - ctx = NULL; - } -- -- retval = krb5_c_random_to_key(context, enctype, &random_data, -- key_block); -- - cleanup: - EVP_MD_CTX_free(ctx); -+ return retval; -+} /* builtin_sskdf() */ -+#endif /* OSSL_KDFS */ - -- /* If this has been an error, free the allocated key_block, if any */ -- if (retval) { -- krb5_free_keyblock_contents(context, key_block); -+/* id-pkinit-kdf family, as specified by RFC 8636. */ -+krb5_error_code -+pkinit_alg_agility_kdf(krb5_context context, krb5_data *secret, -+ krb5_data *alg_oid, krb5_const_principal party_u_info, -+ krb5_const_principal party_v_info, -+ krb5_enctype enctype, krb5_data *as_req, -+ krb5_data *pk_as_rep, krb5_keyblock *key_block) -+{ -+ krb5_error_code retval; -+ size_t hash_len = 0, rand_len = 0, key_len = 0; -+ const EVP_MD *(*EVP_func)(void); -+ krb5_sp80056a_other_info other_info_fields; -+ krb5_pkinit_supp_pub_info supp_pub_info_fields; -+ krb5_data *other_info = NULL, *supp_pub_info = NULL; -+ krb5_data random_data = empty_data(); -+ krb5_algorithm_identifier alg_id; -+ unsigned int reps; -+ -+ /* Allocate and initialize the key block. */ -+ key_block->magic = 0; -+ key_block->enctype = enctype; -+ -+ /* Use separate variables to avoid alignment restriction problems. */ -+ retval = krb5_c_keylengths(context, enctype, &rand_len, &key_len); -+ if (retval) -+ goto cleanup; -+ random_data.length = rand_len; -+ key_block->length = key_len; -+ -+ key_block->contents = k5calloc(key_block->length, 1, &retval); -+ if (key_block->contents == NULL) -+ goto cleanup; -+ -+ /* If this is anonymous pkinit, use the anonymous principle for -+ * party_u_info. */ -+ if (party_u_info && -+ krb5_principal_compare_any_realm(context, party_u_info, -+ krb5_anonymous_principal())) { -+ party_u_info = (krb5_principal)krb5_anonymous_principal(); - } - -- /* free other allocated resources, either way */ -- if (random_data.data) -- free(random_data.data); -+ retval = pkinit_alg_values(context, alg_oid, &hash_len, &EVP_func); -+ if (retval) -+ goto cleanup; -+ -+ /* 1. reps = keydatalen (K) / hash length (H) */ -+ reps = key_block->length / hash_len; -+ -+ /* ... and round up, if necessary. */ -+ if (key_block->length > (reps * hash_len)) -+ reps++; -+ -+ /* Allocate enough space in the random data buffer to hash directly into -+ * it, even if the last hash will make it bigger than the key length. */ -+ random_data.data = k5alloc(reps * hash_len, &retval); -+ if (random_data.data == NULL) -+ goto cleanup; -+ -+ /* Encode the ASN.1 octet string for "SuppPubInfo". */ -+ supp_pub_info_fields.enctype = enctype; -+ supp_pub_info_fields.as_req = *as_req; -+ supp_pub_info_fields.pk_as_rep = *pk_as_rep; -+ retval = encode_krb5_pkinit_supp_pub_info(&supp_pub_info_fields, -+ &supp_pub_info); -+ if (retval) -+ goto cleanup; -+ -+ /* Now encode the ASN.1 octet string for "OtherInfo". */ -+ memset(&alg_id, 0, sizeof(alg_id)); -+ alg_id.algorithm = *alg_oid; -+ other_info_fields.algorithm_identifier = alg_id; -+ other_info_fields.party_u_info = (krb5_principal)party_u_info; -+ other_info_fields.party_v_info = (krb5_principal)party_v_info; -+ other_info_fields.supp_pub_info = *supp_pub_info; -+ retval = encode_krb5_sp80056a_other_info(&other_info_fields, &other_info); -+ if (retval) -+ goto cleanup; -+ -+#ifdef OSSL_KDFS -+ retval = openssl_sskdf(context, hash_len, secret, other_info, -+ random_data.data, key_block->length); -+#else -+ retval = builtin_sskdf(context, reps, hash_len, EVP_func, secret, -+ other_info, random_data.data, key_block->length); -+#endif -+ if (retval) -+ goto cleanup; -+ -+ retval = krb5_c_random_to_key(context, enctype, &random_data, key_block); -+cleanup: -+ if (retval) -+ krb5_free_keyblock_contents(context, key_block); -+ -+ zapfree(random_data.data, random_data.length); - krb5_free_data(context, other_info); - krb5_free_data(context, supp_pub_info); -- - return retval; --} /*pkinit_alg_agility_kdf() */ -+} - - /* Call DH_compute_key() and ensure that we left-pad short results instead of - * leaving junk bytes at the end of the buffer. */ diff --git a/SOURCES/Use-imported-soft-pkcs11-for-tests.patch b/SOURCES/Use-imported-soft-pkcs11-for-tests.patch deleted file mode 100644 index 0be2d97..0000000 --- a/SOURCES/Use-imported-soft-pkcs11-for-tests.patch +++ /dev/null @@ -1,472 +0,0 @@ -From 43f5837eecd5022c525efcfb3605af16958dc59a Mon Sep 17 00:00:00 2001 -From: Greg Hudson -Date: Thu, 20 Jun 2019 13:41:57 -0400 -Subject: [PATCH] Use imported soft-pkcs11 for tests - -Update the soft-pkcs11 code for OpenSSL 1.1, fix some warnings, -integrate it into the build system, and use it for the PKINIT tests. - -(cherry picked from commit e5ef7b69765353ea62ad8712a229ed4e90a8fe17) -(cherry picked from commit 47e66724b9d5cfef84965d99c83d29e4739932e3) ---- - src/configure.in | 1 + - src/tests/Makefile.in | 2 +- - src/tests/softpkcs11/Makefile.in | 21 ++++ - src/tests/softpkcs11/deps | 6 ++ - src/tests/softpkcs11/main.c | 124 +++++++++++++++++------- - src/tests/softpkcs11/softpkcs11.exports | 39 ++++++++ - src/tests/t_pkinit.py | 18 +--- - 7 files changed, 162 insertions(+), 49 deletions(-) - create mode 100644 src/tests/softpkcs11/Makefile.in - create mode 100644 src/tests/softpkcs11/deps - create mode 100644 src/tests/softpkcs11/softpkcs11.exports - -diff --git a/src/configure.in b/src/configure.in -index 93aec682e..9f6b67b44 100644 ---- a/src/configure.in -+++ b/src/configure.in -@@ -1086,6 +1086,7 @@ int i = 1; - fi - if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then - K5_GEN_MAKEFILE(plugins/preauth/pkinit) -+ K5_GEN_MAKEFILE(tests/softpkcs11) - PKINIT=yes - AC_CHECK_LIB(crypto, CMS_get0_content, [AC_DEFINE([HAVE_OPENSSL_CMS], 1, [Define if OpenSSL supports cms.])]) - elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then -diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in -index e27617ee2..ab958eb4c 100644 ---- a/src/tests/Makefile.in -+++ b/src/tests/Makefile.in -@@ -1,7 +1,7 @@ - mydir=tests - BUILDTOP=$(REL).. - SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \ -- gss-threads misc threads -+ gss-threads misc threads softpkcs11 - - RUN_DB_TEST = $(RUN_SETUP) KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf \ - LC_ALL=C $(VALGRIND) -diff --git a/src/tests/softpkcs11/Makefile.in b/src/tests/softpkcs11/Makefile.in -new file mode 100644 -index 000000000..e89678154 ---- /dev/null -+++ b/src/tests/softpkcs11/Makefile.in -@@ -0,0 +1,21 @@ -+mydir=tests$(S)softpkcs11 -+BUILDTOP=$(REL)..$(S).. -+ -+LOCALINCLUDES = -I$(top_srcdir)/plugins/preauth/pkinit -+ -+LIBBASE=softpkcs11 -+LIBMAJOR=0 -+LIBMINOR=0 -+ -+SHLIB_EXPLIBS=$(SUPPORT_LIB) -lcrypto -+SHLIB_EXPDEPS=$(SUPPORT_DEPLIB) -+ -+STLIBOBJS=main.o -+ -+SRCS=$(srcdir)/main.c -+ -+all-unix: all-libs -+clean-unix:: clean-libs clean-libobjs -+ -+@libnover_frag@ -+@libobj_frag@ -diff --git a/src/tests/softpkcs11/deps b/src/tests/softpkcs11/deps -new file mode 100644 -index 000000000..1e82d9572 ---- /dev/null -+++ b/src/tests/softpkcs11/deps -@@ -0,0 +1,6 @@ -+# -+# Generated makefile dependencies follow. -+# -+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ -+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \ -+ $(top_srcdir)/plugins/preauth/pkinit/pkcs11.h main.c -diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c -index 2acec5169..5255323d3 100644 ---- a/src/tests/softpkcs11/main.c -+++ b/src/tests/softpkcs11/main.c -@@ -1,3 +1,4 @@ -+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ - /* - * Copyright (c) 2004-2006, Stockholms universitet - * (Stockholm University, Stockholm Sweden) -@@ -31,7 +32,57 @@ - * POSSIBILITY OF SUCH DAMAGE. - */ - --#include "locl.h" -+#include "k5-platform.h" -+ -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+ -+#include -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa) -+#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay -+#define RSA_get0_key compat_rsa_get0_key -+static void -+compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, -+ const BIGNUM **d) -+{ -+ if (n != NULL) -+ *n = rsa->n; -+ if (e != NULL) -+ *e = rsa->e; -+ if (d != NULL) -+ *d = rsa->d; -+} -+#endif -+ -+#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ -+ { \ -+ unsigned char *p; \ -+ (BL) = i2d_##T((S), NULL); \ -+ if ((BL) <= 0) { \ -+ (R) = EINVAL; \ -+ } else { \ -+ (B) = malloc((BL)); \ -+ if ((B) == NULL) { \ -+ (R) = ENOMEM; \ -+ } else { \ -+ p = (B); \ -+ (R) = 0; \ -+ (BL) = i2d_##T((S), &p); \ -+ if ((BL) <= 0) { \ -+ free((B)); \ -+ (R) = EINVAL; \ -+ } \ -+ } \ -+ } \ -+ } - - /* RCSID("$Id: main.c,v 1.24 2006/01/11 12:42:53 lha Exp $"); */ - -@@ -124,7 +175,7 @@ st_logf(const char *fmt, ...) - } - - static void --snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...) -+snprintf_fill(char *str, int size, char fillchar, const char *fmt, ...) - { - int len; - va_list ap; -@@ -141,19 +192,19 @@ snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...) - #endif - - #define VERIFY_SESSION_HANDLE(s, state) \ --{ \ -- CK_RV ret; \ -- ret = verify_session_handle(s, state); \ -- if (ret != CKR_OK) { \ -- /* return CKR_OK */; \ -- } \ --} -+ { \ -+ CK_RV vshret; \ -+ vshret = verify_session_handle(s, state); \ -+ if (vshret != CKR_OK) { \ -+ /* return CKR_OK */; \ -+ } \ -+ } - - static CK_RV - verify_session_handle(CK_SESSION_HANDLE hSession, - struct session_state **state) - { -- int i; -+ size_t i; - - for (i = 0; i < MAX_NUM_SESSION; i++){ - if (soft_token.state[i].session_handle == hSession) -@@ -361,16 +412,20 @@ add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key) - CK_ULONG modulus_bits = 0; - CK_BYTE *exponent = NULL; - size_t exponent_len = 0; -+ RSA *rsa; -+ const BIGNUM *n, *e; - -- modulus_bits = BN_num_bits(key->pkey.rsa->n); -+ rsa = EVP_PKEY_get0_RSA(key); -+ RSA_get0_key(rsa, &n, &e, NULL); -+ modulus_bits = BN_num_bits(n); - -- modulus_len = BN_num_bytes(key->pkey.rsa->n); -+ modulus_len = BN_num_bytes(n); - modulus = malloc(modulus_len); -- BN_bn2bin(key->pkey.rsa->n, modulus); -+ BN_bn2bin(n, modulus); - -- exponent_len = BN_num_bytes(key->pkey.rsa->e); -+ exponent_len = BN_num_bytes(e); - exponent = malloc(exponent_len); -- BN_bn2bin(key->pkey.rsa->e, exponent); -+ BN_bn2bin(e, exponent); - - add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len); - add_object_attribute(o, 0, CKA_MODULUS_BITS, -@@ -378,7 +433,7 @@ add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key) - add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT, - exponent, exponent_len); - -- RSA_set_method(key->pkey.rsa, RSA_PKCS1_SSLeay()); -+ RSA_set_method(rsa, RSA_PKCS1_OpenSSL()); - - free(modulus); - free(exponent); -@@ -474,7 +529,7 @@ add_certificate(char *label, - o->u.cert = cert; - public_key = X509_get_pubkey(o->u.cert); - -- switch (EVP_PKEY_type(public_key->type)) { -+ switch (EVP_PKEY_base_id(public_key)) { - case EVP_PKEY_RSA: - key_type = CKK_RSA; - break; -@@ -604,8 +659,8 @@ add_certificate(char *label, - /* XXX verify keytype */ - - if (key_type == CKK_RSA) -- RSA_set_method(o->u.private_key.key->pkey.rsa, -- RSA_PKCS1_SSLeay()); -+ RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key), -+ RSA_PKCS1_OpenSSL()); - - if (X509_check_private_key(cert, o->u.private_key.key) != 1) { - EVP_PKEY_free(o->u.private_key.key); -@@ -755,8 +810,9 @@ CK_RV - C_Initialize(CK_VOID_PTR a) - { - CK_C_INITIALIZE_ARGS_PTR args = a; -+ size_t i; -+ - st_logf("Initialize\n"); -- int i; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); -@@ -825,7 +881,7 @@ C_Initialize(CK_VOID_PTR a) - CK_RV - C_Finalize(CK_VOID_PTR args) - { -- int i; -+ size_t i; - - st_logf("Finalize\n"); - -@@ -1008,7 +1064,7 @@ C_OpenSession(CK_SLOT_ID slotID, - CK_NOTIFY Notify, - CK_SESSION_HANDLE_PTR phSession) - { -- int i; -+ size_t i; - - st_logf("OpenSession: slot: %d\n", (int)slotID); - -@@ -1050,7 +1106,7 @@ C_CloseSession(CK_SESSION_HANDLE hSession) - CK_RV - C_CloseAllSessions(CK_SLOT_ID slotID) - { -- int i; -+ size_t i; - - st_logf("CloseAllSessions\n"); - -@@ -1127,7 +1183,8 @@ C_Login(CK_SESSION_HANDLE hSession, - } - - /* XXX check keytype */ -- RSA_set_method(o->u.private_key.key->pkey.rsa, RSA_PKCS1_SSLeay()); -+ RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key), -+ RSA_PKCS1_OpenSSL()); - - if (X509_check_private_key(o->u.private_key.cert, o->u.private_key.key) != 1) { - EVP_PKEY_free(o->u.private_key.key); -@@ -1226,7 +1283,6 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession, - } - if (ulCount) { - CK_ULONG i; -- size_t len; - - print_attributes(pTemplate, ulCount); - -@@ -1415,7 +1471,7 @@ C_Encrypt(CK_SESSION_HANDLE hSession, - return CKR_ARGUMENTS_BAD; - } - -- rsa = o->u.public_key->pkey.rsa; -+ rsa = EVP_PKEY_get0_RSA(o->u.public_key); - - if (rsa == NULL) - return CKR_ARGUMENTS_BAD; -@@ -1445,7 +1501,7 @@ C_Encrypt(CK_SESSION_HANDLE hSession, - goto out; - } - -- if (buffer_len + padding_len < ulDataLen) { -+ if ((CK_ULONG)buffer_len + padding_len < ulDataLen) { - ret = CKR_ARGUMENTS_BAD; - goto out; - } -@@ -1566,7 +1622,7 @@ C_Decrypt(CK_SESSION_HANDLE hSession, - return CKR_ARGUMENTS_BAD; - } - -- rsa = o->u.private_key.key->pkey.rsa; -+ rsa = EVP_PKEY_get0_RSA(o->u.private_key.key); - - if (rsa == NULL) - return CKR_ARGUMENTS_BAD; -@@ -1596,7 +1652,7 @@ C_Decrypt(CK_SESSION_HANDLE hSession, - goto out; - } - -- if (buffer_len + padding_len < ulEncryptedDataLen) { -+ if ((CK_ULONG)buffer_len + padding_len < ulEncryptedDataLen) { - ret = CKR_ARGUMENTS_BAD; - goto out; - } -@@ -1725,7 +1781,7 @@ C_Sign(CK_SESSION_HANDLE hSession, - return CKR_ARGUMENTS_BAD; - } - -- rsa = o->u.private_key.key->pkey.rsa; -+ rsa = EVP_PKEY_get0_RSA(o->u.private_key.key); - - if (rsa == NULL) - return CKR_ARGUMENTS_BAD; -@@ -1754,7 +1810,7 @@ C_Sign(CK_SESSION_HANDLE hSession, - goto out; - } - -- if (buffer_len < ulDataLen + padding_len) { -+ if ((CK_ULONG)buffer_len < ulDataLen + padding_len) { - ret = CKR_ARGUMENTS_BAD; - goto out; - } -@@ -1872,7 +1928,7 @@ C_Verify(CK_SESSION_HANDLE hSession, - return CKR_ARGUMENTS_BAD; - } - -- rsa = o->u.public_key->pkey.rsa; -+ rsa = EVP_PKEY_get0_RSA(o->u.public_key); - - if (rsa == NULL) - return CKR_ARGUMENTS_BAD; -@@ -1900,7 +1956,7 @@ C_Verify(CK_SESSION_HANDLE hSession, - goto out; - } - -- if (buffer_len < ulDataLen) { -+ if ((CK_ULONG)buffer_len < ulDataLen) { - ret = CKR_ARGUMENTS_BAD; - goto out; - } -@@ -1926,7 +1982,7 @@ C_Verify(CK_SESSION_HANDLE hSession, - if (len > buffer_len) - abort(); - -- if (len != ulSignatureLen) { -+ if ((CK_ULONG)len != ulSignatureLen) { - ret = CKR_GENERAL_ERROR; - goto out; - } -diff --git a/src/tests/softpkcs11/softpkcs11.exports b/src/tests/softpkcs11/softpkcs11.exports -new file mode 100644 -index 000000000..aa7284511 ---- /dev/null -+++ b/src/tests/softpkcs11/softpkcs11.exports -@@ -0,0 +1,39 @@ -+C_CloseAllSessions -+C_CloseSession -+C_Decrypt -+C_DecryptFinal -+C_DecryptInit -+C_DecryptUpdate -+C_DigestInit -+C_Encrypt -+C_EncryptFinal -+C_EncryptInit -+C_EncryptUpdate -+C_Finalize -+C_FindObjects -+C_FindObjectsFinal -+C_FindObjectsInit -+C_GenerateRandom -+C_GetAttributeValue -+C_GetFunctionList -+C_GetInfo -+C_GetMechanismInfo -+C_GetMechanismList -+C_GetObjectSize -+C_GetSessionInfo -+C_GetSlotInfo -+C_GetSlotList -+C_GetTokenInfo -+C_Initialize -+C_InitToken -+C_Login -+C_Logout -+C_OpenSession -+C_Sign -+C_SignFinal -+C_SignInit -+C_SignUpdate -+C_Verify -+C_VerifyFinal -+C_VerifyInit -+C_VerifyUpdate -diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py -index 1dadb1b96..384bf1426 100755 ---- a/src/tests/t_pkinit.py -+++ b/src/tests/t_pkinit.py -@@ -4,14 +4,7 @@ from k5test import * - if not os.path.exists(os.path.join(plugins, 'preauth', 'pkinit.so')): - skip_rest('PKINIT tests', 'PKINIT module not built') - --# Check if soft-pkcs11.so is available. --try: -- import ctypes -- lib = ctypes.LibraryLoader(ctypes.CDLL).LoadLibrary('soft-pkcs11.so') -- del lib -- have_soft_pkcs11 = True --except: -- have_soft_pkcs11 = False -+soft_pkcs11 = os.path.join(buildtop, 'tests', 'softpkcs11', 'softpkcs11.so') - - # Construct a krb5.conf fragment configuring pkinit. - certs = os.path.join(srctop, 'tests', 'dejagnu', 'pkinit-certs') -@@ -69,9 +62,9 @@ p12_upn2_identity = 'PKCS12:%s' % user_upn2_p12 - p12_upn3_identity = 'PKCS12:%s' % user_upn3_p12 - p12_generic_identity = 'PKCS12:%s' % generic_p12 - p12_enc_identity = 'PKCS12:%s' % user_enc_p12 --p11_identity = 'PKCS11:soft-pkcs11.so' --p11_token_identity = ('PKCS11:module_name=soft-pkcs11.so:' -- 'slotid=1:token=SoftToken (token)') -+p11_identity = 'PKCS11:' + soft_pkcs11 -+p11_token_identity = ('PKCS11:module_name=' + soft_pkcs11 + -+ ':slotid=1:token=SoftToken (token)') - - # Start a realm with the test kdb module for the following UPN SAN tests. - realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=alias_kdc_conf, -@@ -398,9 +391,6 @@ realm.klist(realm.user_princ) - realm.kinit(realm.user_princ, flags=['-X', 'X509_user_identity=,'], - expected_code=1, expected_msg='Preauthentication failed while') - --if not have_soft_pkcs11: -- skip_rest('PKINIT PKCS11 tests', 'soft-pkcs11.so not found') -- - softpkcs11rc = os.path.join(os.getcwd(), 'testdir', 'soft-pkcs11.rc') - realm.env['SOFTPKCS11RC'] = softpkcs11rc - diff --git a/SOURCES/downstream-Adjust-build-configuration.patch b/SOURCES/downstream-Adjust-build-configuration.patch new file mode 100644 index 0000000..68a7878 --- /dev/null +++ b/SOURCES/downstream-Adjust-build-configuration.patch @@ -0,0 +1,73 @@ +From 4e42a6786a06b7223f27536267492a463a700c76 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 23 Aug 2016 16:45:26 -0400 +Subject: [PATCH] [downstream] Adjust build configuration + +Build binaries in this package as RELRO PIEs, libraries as partial RELRO, +and install shared libraries with the execute bit set on them. Prune out +the -L/usr/lib* and PIE flags where they might leak out and affect +apps which just want to link with the libraries. FIXME: needs to check and +not just assume that the compiler supports using these flags. + +Last-updated: krb5-1.15-beta1 +(cherry picked from commit 92508996ed4c69fa6f5cf855fdf10f34cfa07ec9) +--- + src/build-tools/krb5-config.in | 7 +++++++ + src/config/pre.in | 2 +- + src/config/shlib.conf | 5 +++-- + 3 files changed, 11 insertions(+), 3 deletions(-) + +diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in +index c17cb5eb5..1891dea99 100755 +--- a/src/build-tools/krb5-config.in ++++ b/src/build-tools/krb5-config.in +@@ -226,6 +226,13 @@ if test -n "$do_libs"; then + -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ + -e 's#\$(CFLAGS)##'` + ++ if test `dirname $libdir` = /usr ; then ++ lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"` ++ fi ++ lib_flags=`echo $lib_flags | sed -e "s#-fPIE##g" -e "s#-pie##g"` ++ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,relro##g"` ++ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,now##g"` ++ + if test $library = 'kdb'; then + lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" + library=krb5 +diff --git a/src/config/pre.in b/src/config/pre.in +index 917357df9..a8540ae2a 100644 +--- a/src/config/pre.in ++++ b/src/config/pre.in +@@ -185,7 +185,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) + INSTALL_SCRIPT=@INSTALL_PROGRAM@ + INSTALL_DATA=@INSTALL_DATA@ + INSTALL_SHLIB=@INSTALL_SHLIB@ +-INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root ++INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 + ## This is needed because autoconf will sometimes define @exec_prefix@ to be + ## ${prefix}. + prefix=@prefix@ +diff --git a/src/config/shlib.conf b/src/config/shlib.conf +index 3e4af6c02..2b20c3fda 100644 +--- a/src/config/shlib.conf ++++ b/src/config/shlib.conf +@@ -423,7 +423,7 @@ mips-*-netbsd*) + # Linux ld doesn't default to stuffing the SONAME field... + # Use objdump -x to examine the fields of the library + # UNDEF_CHECK is suppressed by --enable-asan +- LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK)' ++ LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK) -Wl,-z,relro -Wl,--warn-shared-textrel' + UNDEF_CHECK='-Wl,--no-undefined' + # $(EXPORT_CHECK) runs export-check.pl when in maintainer mode. + LDCOMBINE_TAIL='-Wl,--version-script binutils.versions $(EXPORT_CHECK)' +@@ -435,7 +435,8 @@ mips-*-netbsd*) + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + PROFFLAGS=-pg + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' +- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' ++ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)' ++ INSTALL_SHLIB='${INSTALL} -m755' + CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch new file mode 100644 index 0000000..913c6c3 --- /dev/null +++ b/SOURCES/downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch @@ -0,0 +1,569 @@ +From a3f9d8f66a7f2e01aa7b12ef4e2a289d867bb276 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 9 Nov 2018 15:12:21 -0500 +Subject: [PATCH] [downstream] FIPS with PRNG and RADIUS and MD4 + +NB: Use openssl's PRNG in FIPS mode and taint within krad. + +A lot of the FIPS error conditions from OpenSSL are incredibly +mysterious (at best, things return NULL unexpectedly; at worst, +internal assertions are tripped; most of the time, you just get +ENOMEM). In order to cope with this, we need to have some level of +awareness of what we can and can't safely call. + +This will slow down some calls slightly (FIPS_mode() takes multiple +locks), but not for any ciphers we care about - which is to say that +AES is fine. Shame about SPAKE though. + +post6 restores MD4 (and therefore keygen-only RC4). + +Last-updated: krb5-1.17 +(cherry picked from commit a721df13d09b5fdad32de15e6aa973b732727aa9) +--- + src/lib/crypto/krb/prng.c | 11 ++++- + .../crypto/openssl/enc_provider/camellia.c | 6 +++ + src/lib/crypto/openssl/enc_provider/rc4.c | 13 +++++- + .../crypto/openssl/hash_provider/hash_evp.c | 12 +++++ + src/lib/crypto/openssl/hmac.c | 6 ++- + src/lib/krad/attr.c | 45 ++++++++++++++----- + src/lib/krad/attrset.c | 5 ++- + src/lib/krad/internal.h | 13 +++++- + src/lib/krad/packet.c | 22 ++++----- + src/lib/krad/remote.c | 10 ++++- + src/lib/krad/t_attr.c | 3 +- + src/lib/krad/t_attrset.c | 4 +- + src/plugins/preauth/spake/spake_client.c | 6 +++ + src/plugins/preauth/spake/spake_kdc.c | 6 +++ + 14 files changed, 129 insertions(+), 33 deletions(-) + +diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c +index cb9ca9b98..f0e9984ca 100644 +--- a/src/lib/crypto/krb/prng.c ++++ b/src/lib/crypto/krb/prng.c +@@ -26,6 +26,8 @@ + + #include "crypto_int.h" + ++#include ++ + krb5_error_code KRB5_CALLCONV + krb5_c_random_seed(krb5_context context, krb5_data *data) + { +@@ -99,9 +101,16 @@ krb5_boolean + k5_get_os_entropy(unsigned char *buf, size_t len, int strong) + { + const char *device; +-#if defined(__linux__) && defined(SYS_getrandom) + int r; + ++ /* A wild FIPS mode appeared! */ ++ if (FIPS_mode()) { ++ /* The return codes on this API are not good */ ++ r = RAND_bytes(buf, len); ++ return r == 1; ++ } ++ ++#if defined(__linux__) && defined(SYS_getrandom) + while (len > 0) { + /* + * Pull from the /dev/urandom pool, but require it to have been seeded. +diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c +index 2da691329..f79679a0b 100644 +--- a/src/lib/crypto/openssl/enc_provider/camellia.c ++++ b/src/lib/crypto/openssl/enc_provider/camellia.c +@@ -304,6 +304,9 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, + unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE]; + struct iov_cursor cursor; + ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + if (output->length < CAMELLIA_BLOCK_SIZE) + return KRB5_BAD_MSIZE; + +@@ -331,6 +334,9 @@ static krb5_error_code + krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage, + krb5_data *state) + { ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + state->length = 16; + state->data = (void *) malloc(16); + if (state->data == NULL) +diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c +index a65d57b7a..6ccaca94a 100644 +--- a/src/lib/crypto/openssl/enc_provider/rc4.c ++++ b/src/lib/crypto/openssl/enc_provider/rc4.c +@@ -66,6 +66,9 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, + EVP_CIPHER_CTX *ctx = NULL; + struct arcfour_state *arcstate; + ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + arcstate = (state != NULL) ? (void *)state->data : NULL; + if (arcstate != NULL) { + ctx = arcstate->ctx; +@@ -113,7 +116,12 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, + static void + k5_arcfour_free_state(krb5_data *state) + { +- struct arcfour_state *arcstate = (void *)state->data; ++ struct arcfour_state *arcstate; ++ ++ if (FIPS_mode()) ++ return; ++ ++ arcstate = (void *) state->data; + + EVP_CIPHER_CTX_free(arcstate->ctx); + free(arcstate); +@@ -125,6 +133,9 @@ k5_arcfour_init_state(const krb5_keyblock *key, + { + struct arcfour_state *arcstate; + ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + /* + * The cipher state here is a saved pointer to a struct arcfour_state + * object, rather than a flat byte array as in most enc providers. The +diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c +index 1e0fb8fc3..feb5eda99 100644 +--- a/src/lib/crypto/openssl/hash_provider/hash_evp.c ++++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c +@@ -49,6 +49,11 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, + if (ctx == NULL) + return ENOMEM; + ++ if (type == EVP_md4()) { ++ /* See comment below in hash_md4(). */ ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); ++ } ++ + ok = EVP_DigestInit_ex(ctx, type, NULL); + for (i = 0; i < num_data; i++) { + if (!SIGN_IOV(&data[i])) +@@ -64,12 +69,19 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, + static krb5_error_code + hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) + { ++ /* ++ * MD4 is needed in FIPS mode to perform key generation for RC4 keys used ++ * by IPA. These keys are only used along a (separately) secured channel ++ * for legacy reasons when performing trusts to Active Directory. ++ */ + return hash_evp(EVP_md4(), data, num_data, output); + } + + static krb5_error_code + hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) + { ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; + return hash_evp(EVP_md5(), data, num_data, output); + } + +diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c +index 7dc59dcc0..769a50c00 100644 +--- a/src/lib/crypto/openssl/hmac.c ++++ b/src/lib/crypto/openssl/hmac.c +@@ -103,7 +103,11 @@ map_digest(const struct krb5_hash_provider *hash) + return EVP_sha256(); + else if (!strncmp(hash->hash_name, "SHA-384",7)) + return EVP_sha384(); +- else if (!strncmp(hash->hash_name, "MD5", 3)) ++ ++ if (FIPS_mode()) ++ return NULL; ++ ++ if (!strncmp(hash->hash_name, "MD5", 3)) + return EVP_md5(); + else if (!strncmp(hash->hash_name, "MD4", 3)) + return EVP_md4(); +diff --git a/src/lib/krad/attr.c b/src/lib/krad/attr.c +index 9c13d9d75..275327e67 100644 +--- a/src/lib/krad/attr.c ++++ b/src/lib/krad/attr.c +@@ -30,6 +30,7 @@ + #include + #include "internal.h" + ++#include + #include + + /* RFC 2865 */ +@@ -38,7 +39,8 @@ + typedef krb5_error_code + (*attribute_transform_fn)(krb5_context ctx, const char *secret, + const unsigned char *auth, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *is_fips); + + typedef struct { + const char *name; +@@ -51,12 +53,14 @@ typedef struct { + static krb5_error_code + user_password_encode(krb5_context ctx, const char *secret, + const unsigned char *auth, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *is_fips); + + static krb5_error_code + user_password_decode(krb5_context ctx, const char *secret, + const unsigned char *auth, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *ignored); + + static const attribute_record attributes[UCHAR_MAX] = { + {"User-Name", 1, MAX_ATTRSIZE, NULL, NULL}, +@@ -128,7 +132,8 @@ static const attribute_record attributes[UCHAR_MAX] = { + static krb5_error_code + user_password_encode(krb5_context ctx, const char *secret, + const unsigned char *auth, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *is_fips) + { + const unsigned char *indx; + krb5_error_code retval; +@@ -154,8 +159,14 @@ user_password_encode(krb5_context ctx, const char *secret, + for (blck = 0, indx = auth; blck * BLOCKSIZE < len; blck++) { + memcpy(tmp.data + seclen, indx, BLOCKSIZE); + +- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp, +- &sum); ++ if (FIPS_mode()) { ++ /* Skip encryption here. Taint so that we won't pass it out of ++ * the machine by accident. */ ++ *is_fips = TRUE; ++ sum.contents = calloc(1, BLOCKSIZE); ++ } else ++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp, ++ &sum); + if (retval != 0) { + zap(tmp.data, tmp.length); + zap(outbuf, len); +@@ -180,7 +191,8 @@ user_password_encode(krb5_context ctx, const char *secret, + static krb5_error_code + user_password_decode(krb5_context ctx, const char *secret, + const unsigned char *auth, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *is_fips) + { + const unsigned char *indx; + krb5_error_code retval; +@@ -204,8 +216,14 @@ user_password_decode(krb5_context ctx, const char *secret, + for (blck = 0, indx = auth; blck * BLOCKSIZE < in->length; blck++) { + memcpy(tmp.data + seclen, indx, BLOCKSIZE); + +- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, +- &tmp, &sum); ++ if (FIPS_mode()) { ++ /* Skip encryption here. Taint so that we won't pass it out of ++ * the machine by accident. */ ++ *is_fips = TRUE; ++ sum.contents = calloc(1, BLOCKSIZE); ++ } else ++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, ++ &tmp, &sum); + if (retval != 0) { + zap(tmp.data, tmp.length); + zap(outbuf, in->length); +@@ -248,7 +266,7 @@ krb5_error_code + kr_attr_encode(krb5_context ctx, const char *secret, + const unsigned char *auth, krad_attr type, + const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE], +- size_t *outlen) ++ size_t *outlen, krb5_boolean *is_fips) + { + krb5_error_code retval; + +@@ -265,7 +283,8 @@ kr_attr_encode(krb5_context ctx, const char *secret, + return 0; + } + +- return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen); ++ return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen, ++ is_fips); + } + + krb5_error_code +@@ -274,6 +293,7 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, + unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) + { + krb5_error_code retval; ++ krb5_boolean ignored; + + retval = kr_attr_valid(type, in); + if (retval != 0) +@@ -288,7 +308,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, + return 0; + } + +- return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen); ++ return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen, ++ &ignored); + } + + krad_attr +diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c +index 03c613716..d89982a13 100644 +--- a/src/lib/krad/attrset.c ++++ b/src/lib/krad/attrset.c +@@ -167,7 +167,8 @@ krad_attrset_copy(const krad_attrset *set, krad_attrset **copy) + krb5_error_code + kr_attrset_encode(const krad_attrset *set, const char *secret, + const unsigned char *auth, +- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen) ++ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, ++ krb5_boolean *is_fips) + { + unsigned char buffer[MAX_ATTRSIZE]; + krb5_error_code retval; +@@ -181,7 +182,7 @@ kr_attrset_encode(const krad_attrset *set, const char *secret, + + K5_TAILQ_FOREACH(a, &set->list, list) { + retval = kr_attr_encode(set->ctx, secret, auth, a->type, &a->attr, +- buffer, &attrlen); ++ buffer, &attrlen, is_fips); + if (retval != 0) + return retval; + +diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h +index 996a89372..a53ce31ce 100644 +--- a/src/lib/krad/internal.h ++++ b/src/lib/krad/internal.h +@@ -49,6 +49,13 @@ + + typedef struct krad_remote_st krad_remote; + ++struct krad_packet_st { ++ char buffer[KRAD_PACKET_SIZE_MAX]; ++ krad_attrset *attrset; ++ krb5_data pkt; ++ krb5_boolean is_fips; ++}; ++ + /* Validate constraints of an attribute. */ + krb5_error_code + kr_attr_valid(krad_attr type, const krb5_data *data); +@@ -57,7 +64,8 @@ kr_attr_valid(krad_attr type, const krb5_data *data); + krb5_error_code + kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth, + krad_attr type, const krb5_data *in, +- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); ++ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, ++ krb5_boolean *is_fips); + + /* Decode an attribute. */ + krb5_error_code +@@ -69,7 +77,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, + krb5_error_code + kr_attrset_encode(const krad_attrset *set, const char *secret, + const unsigned char *auth, +- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen); ++ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, ++ krb5_boolean *is_fips); + + /* Decode attributes from a buffer. */ + krb5_error_code +diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c +index c597174b6..794ac84c4 100644 +--- a/src/lib/krad/packet.c ++++ b/src/lib/krad/packet.c +@@ -32,6 +32,7 @@ + #include + + #include ++#include + + typedef unsigned char uchar; + +@@ -53,12 +54,6 @@ typedef unsigned char uchar; + #define pkt_auth(p) ((uchar *)offset(&(p)->pkt, OFFSET_AUTH)) + #define pkt_attr(p) ((unsigned char *)offset(&(p)->pkt, OFFSET_ATTR)) + +-struct krad_packet_st { +- char buffer[KRAD_PACKET_SIZE_MAX]; +- krad_attrset *attrset; +- krb5_data pkt; +-}; +- + typedef struct { + uchar x[(UCHAR_MAX + 1) / 8]; + } idmap; +@@ -187,8 +182,13 @@ auth_generate_response(krb5_context ctx, const char *secret, + memcpy(data.data + response->pkt.length, secret, strlen(secret)); + + /* Hash it. */ +- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data, +- &hash); ++ if (FIPS_mode()) { ++ /* This checksum does very little security-wise anyway, so don't ++ * taint. */ ++ hash.contents = calloc(1, AUTH_FIELD_SIZE); ++ } else ++ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data, ++ &hash); + free(data.data); + if (retval != 0) + return retval; +@@ -276,7 +276,7 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code, + + /* Encode the attributes. */ + retval = kr_attrset_encode(set, secret, pkt_auth(pkt), pkt_attr(pkt), +- &attrset_len); ++ &attrset_len, &pkt->is_fips); + if (retval != 0) + goto error; + +@@ -314,7 +314,7 @@ krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code, + + /* Encode the attributes. */ + retval = kr_attrset_encode(set, secret, pkt_auth(request), pkt_attr(pkt), +- &attrset_len); ++ &attrset_len, &pkt->is_fips); + if (retval != 0) + goto error; + +@@ -451,6 +451,8 @@ krad_packet_decode_response(krb5_context ctx, const char *secret, + const krb5_data * + krad_packet_encode(const krad_packet *pkt) + { ++ if (pkt->is_fips) ++ return NULL; + return &pkt->pkt; + } + +diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c +index 437f7e91a..0f90443ce 100644 +--- a/src/lib/krad/remote.c ++++ b/src/lib/krad/remote.c +@@ -263,7 +263,7 @@ on_io_write(krad_remote *rr) + request *r; + + K5_TAILQ_FOREACH(r, &rr->list, list) { +- tmp = krad_packet_encode(r->request); ++ tmp = &r->request->pkt; + + /* If the packet has already been sent, do nothing. */ + if (r->sent == tmp->length) +@@ -359,7 +359,7 @@ on_io_read(krad_remote *rr) + if (req != NULL) { + K5_TAILQ_FOREACH(r, &rr->list, list) { + if (r->request == req && +- r->sent == krad_packet_encode(req)->length) { ++ r->sent == req->pkt.length) { + request_finish(r, 0, rsp); + break; + } +@@ -455,6 +455,12 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs, + (krad_packet_iter_cb)iterator, &r, &tmp); + if (retval != 0) + goto error; ++ else if (tmp->is_fips && rr->info->ai_family != AF_LOCAL && ++ rr->info->ai_family != AF_UNIX) { ++ /* This would expose cleartext passwords, so abort. */ ++ retval = ESOCKTNOSUPPORT; ++ goto error; ++ } + + K5_TAILQ_FOREACH(r, &rr->list, list) { + if (r->request == tmp) { +diff --git a/src/lib/krad/t_attr.c b/src/lib/krad/t_attr.c +index eb2a780c8..4d285ad9d 100644 +--- a/src/lib/krad/t_attr.c ++++ b/src/lib/krad/t_attr.c +@@ -50,6 +50,7 @@ main() + const char *tmp; + krb5_data in; + size_t len; ++ krb5_boolean is_fips = FALSE; + + noerror(krb5_init_context(&ctx)); + +@@ -73,7 +74,7 @@ main() + in = string2data((char *)decoded); + retval = kr_attr_encode(ctx, secret, auth, + krad_attr_name2num("User-Password"), +- &in, outbuf, &len); ++ &in, outbuf, &len, &is_fips); + insist(retval == 0); + insist(len == sizeof(encoded)); + insist(memcmp(outbuf, encoded, len) == 0); +diff --git a/src/lib/krad/t_attrset.c b/src/lib/krad/t_attrset.c +index 7928335ca..0f9576253 100644 +--- a/src/lib/krad/t_attrset.c ++++ b/src/lib/krad/t_attrset.c +@@ -49,6 +49,7 @@ main() + krb5_context ctx; + size_t len = 0, encode_len; + krb5_data tmp; ++ krb5_boolean is_fips = FALSE; + + noerror(krb5_init_context(&ctx)); + noerror(krad_attrset_new(ctx, &set)); +@@ -62,7 +63,8 @@ main() + noerror(krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp)); + + /* Encode attrset. */ +- noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len)); ++ noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len, ++ &is_fips)); + krad_attrset_free(set); + + /* Manually encode User-Name. */ +diff --git a/src/plugins/preauth/spake/spake_client.c b/src/plugins/preauth/spake/spake_client.c +index 00734a13b..a3ce22b70 100644 +--- a/src/plugins/preauth/spake/spake_client.c ++++ b/src/plugins/preauth/spake/spake_client.c +@@ -38,6 +38,8 @@ + #include "groups.h" + #include + ++#include ++ + typedef struct reqstate_st { + krb5_pa_spake *msg; /* set in prep_questions, used in process */ + krb5_keyblock *initial_key; +@@ -375,6 +377,10 @@ clpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, + + if (maj_ver != 1) + return KRB5_PLUGIN_VER_NOTSUPP; ++ ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + vt = (krb5_clpreauth_vtable)vtable; + vt->name = "spake"; + vt->pa_type_list = pa_types; +diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c +index 88c964ce1..c7df0392f 100644 +--- a/src/plugins/preauth/spake/spake_kdc.c ++++ b/src/plugins/preauth/spake/spake_kdc.c +@@ -41,6 +41,8 @@ + + #include + ++#include ++ + /* + * The SPAKE kdcpreauth module uses a secure cookie containing the following + * concatenated fields (all integer fields are big-endian): +@@ -571,6 +573,10 @@ kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, + + if (maj_ver != 1) + return KRB5_PLUGIN_VER_NOTSUPP; ++ ++ if (FIPS_mode()) ++ return KRB5_CRYPTO_INTERNAL; ++ + vt = (krb5_kdcpreauth_vtable)vtable; + vt->name = "spake"; + vt->pa_type_list = pa_types; diff --git a/SOURCES/downstream-Remove-3des-support.patch b/SOURCES/downstream-Remove-3des-support.patch new file mode 100644 index 0000000..22251b9 --- /dev/null +++ b/SOURCES/downstream-Remove-3des-support.patch @@ -0,0 +1,6465 @@ +From 3c1f235c1c82b1cebfd2eba800cd2cd2610f0535 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 26 Mar 2019 18:51:10 -0400 +Subject: [PATCH] [downstream] Remove 3des support + +Completely remove support for all DES3 enctypes (des3-cbc-raw, +des3-hmac-sha1, des3-cbc-sha1-kd). Update all tests and documentation +to user other enctypes. Mark the 3DES enctypes UNSUPPORTED and retain +their constants. + +Last-updated: 1.18-beta2 +(cherry picked from commit e9cd83237b54e2f6010a063f523217b0a442ecbf) +--- + doc/admin/advanced/retiring-des.rst | 11 + + doc/admin/conf_files/kdc_conf.rst | 7 +- + doc/admin/enctypes.rst | 13 +- + doc/admin/troubleshoot.rst | 9 +- + doc/appdev/refs/macros/index.rst | 1 - + doc/conf.py | 2 +- + doc/mitK5features.rst | 2 +- + src/Makefile.in | 4 +- + src/configure.ac | 1 - + src/include/krb5/krb5.hin | 10 +- + src/kadmin/testing/proto/kdc.conf.proto | 4 +- + src/kdc/kdc_util.c | 4 - + src/lib/crypto/Makefile.in | 8 +- + src/lib/crypto/builtin/Makefile.in | 6 +- + src/lib/crypto/builtin/des/ISSUES | 13 - + src/lib/crypto/builtin/des/Makefile.in | 80 ---- + src/lib/crypto/builtin/des/d3_aead.c | 133 ------ + src/lib/crypto/builtin/des/d3_kysched.c | 51 --- + src/lib/crypto/builtin/des/deps | 148 ------- + src/lib/crypto/builtin/des/des_int.h | 285 ------------- + src/lib/crypto/builtin/des/des_keys.c | 40 -- + src/lib/crypto/builtin/des/destest.c | 240 ----------- + src/lib/crypto/builtin/des/doc/libdes.doc | 208 --------- + src/lib/crypto/builtin/des/f_aead.c | 173 -------- + src/lib/crypto/builtin/des/f_cbc.c | 256 ------------ + src/lib/crypto/builtin/des/f_cksum.c | 136 ------ + src/lib/crypto/builtin/des/f_parity.c | 56 --- + src/lib/crypto/builtin/des/f_sched.c | 359 ---------------- + src/lib/crypto/builtin/des/f_tables.c | 370 ---------------- + src/lib/crypto/builtin/des/f_tables.h | 285 ------------- + src/lib/crypto/builtin/des/key_sched.c | 62 --- + src/lib/crypto/builtin/des/keytest.data | 171 -------- + src/lib/crypto/builtin/des/t_verify.c | 395 ------------------ + src/lib/crypto/builtin/des/weak_key.c | 86 ---- + .../crypto/builtin/enc_provider/Makefile.in | 6 +- + src/lib/crypto/builtin/enc_provider/deps | 12 - + src/lib/crypto/builtin/enc_provider/des3.c | 105 ----- + src/lib/crypto/crypto_tests/t_cf2.expected | 1 - + src/lib/crypto/crypto_tests/t_cf2.in | 5 - + src/lib/crypto/crypto_tests/t_cksums.c | 10 - + src/lib/crypto/crypto_tests/t_decrypt.c | 57 --- + src/lib/crypto/crypto_tests/t_derive.c | 36 -- + src/lib/crypto/crypto_tests/t_encrypt.c | 1 - + src/lib/crypto/crypto_tests/t_short.c | 1 - + src/lib/crypto/crypto_tests/t_str2key.c | 52 --- + src/lib/crypto/krb/Makefile.in | 3 - + src/lib/crypto/krb/cksumtypes.c | 6 - + src/lib/crypto/krb/crypto_int.h | 16 - + src/lib/crypto/krb/default_state.c | 10 - + src/lib/crypto/krb/enctype_util.c | 3 + + src/lib/crypto/krb/etypes.c | 21 - + src/lib/crypto/krb/prf_des.c | 47 --- + src/lib/crypto/krb/random_to_key.c | 45 -- + src/lib/crypto/libk5crypto.exports | 1 - + src/lib/crypto/openssl/Makefile.in | 8 +- + src/lib/crypto/openssl/des/Makefile.in | 20 - + src/lib/crypto/openssl/des/deps | 15 - + src/lib/crypto/openssl/des/des_keys.c | 40 -- + .../crypto/openssl/enc_provider/Makefile.in | 3 - + src/lib/crypto/openssl/enc_provider/deps | 11 - + src/lib/crypto/openssl/enc_provider/des3.c | 184 -------- + src/lib/gssapi/krb5/accept_sec_context.c | 1 - + src/lib/gssapi/krb5/gssapiP_krb5.h | 6 +- + src/lib/gssapi/krb5/k5seal.c | 35 +- + src/lib/gssapi/krb5/k5sealiov.c | 27 +- + src/lib/gssapi/krb5/k5unseal.c | 102 ++--- + src/lib/gssapi/krb5/k5unsealiov.c | 38 +- + src/lib/gssapi/krb5/util_crypt.c | 11 - + .../api.current/chpass-principal-v2.exp | 4 +- + .../api.current/get-principal-v2.exp | 4 +- + .../api.current/randkey-principal-v2.exp | 4 +- + src/lib/krb5/krb/init_ctx.c | 3 - + src/lib/krb5/krb/s4u_creds.c | 2 - + src/lib/krb5/krb/t_copy_context.c | 2 +- + src/lib/krb5/krb/t_etypes.c | 48 +-- + src/lib/krb5/os/t_trace.c | 4 +- + src/lib/krb5/os/t_trace.ref | 2 +- + src/plugins/preauth/pkinit/pkcs11.h | 6 +- + src/plugins/preauth/pkinit/pkinit_clnt.c | 8 - + src/plugins/preauth/pkinit/pkinit_crypto.h | 12 - + .../preauth/pkinit/pkinit_crypto_openssl.c | 38 -- + src/plugins/preauth/pkinit/pkinit_kdf_test.c | 31 -- + src/plugins/preauth/spake/t_vectors.c | 25 -- + src/tests/dejagnu/config/default.exp | 78 ---- + src/tests/dejagnu/krb-standalone/kprop.exp | 2 +- + src/tests/gssapi/t_enctypes.py | 33 +- + src/tests/gssapi/t_invalid.c | 12 - + src/tests/gssapi/t_pcontok.c | 16 +- + src/tests/gssapi/t_prf.c | 7 - + src/tests/t_authdata.py | 2 +- + src/tests/t_etype_info.py | 18 +- + src/tests/t_keyrollover.py | 8 +- + src/tests/t_mkey.py | 35 -- + src/tests/t_salt.py | 5 +- + src/util/k5test.py | 7 - + .../leash/htmlhelp/html/Encryption_Types.htm | 13 - + 96 files changed, 163 insertions(+), 4834 deletions(-) + delete mode 100644 src/lib/crypto/builtin/des/ISSUES + delete mode 100644 src/lib/crypto/builtin/des/Makefile.in + delete mode 100644 src/lib/crypto/builtin/des/d3_aead.c + delete mode 100644 src/lib/crypto/builtin/des/d3_kysched.c + delete mode 100644 src/lib/crypto/builtin/des/deps + delete mode 100644 src/lib/crypto/builtin/des/des_int.h + delete mode 100644 src/lib/crypto/builtin/des/des_keys.c + delete mode 100644 src/lib/crypto/builtin/des/destest.c + delete mode 100644 src/lib/crypto/builtin/des/doc/libdes.doc + delete mode 100644 src/lib/crypto/builtin/des/f_aead.c + delete mode 100644 src/lib/crypto/builtin/des/f_cbc.c + delete mode 100644 src/lib/crypto/builtin/des/f_cksum.c + delete mode 100644 src/lib/crypto/builtin/des/f_parity.c + delete mode 100644 src/lib/crypto/builtin/des/f_sched.c + delete mode 100644 src/lib/crypto/builtin/des/f_tables.c + delete mode 100644 src/lib/crypto/builtin/des/f_tables.h + delete mode 100644 src/lib/crypto/builtin/des/key_sched.c + delete mode 100644 src/lib/crypto/builtin/des/keytest.data + delete mode 100644 src/lib/crypto/builtin/des/t_verify.c + delete mode 100644 src/lib/crypto/builtin/des/weak_key.c + delete mode 100644 src/lib/crypto/builtin/enc_provider/des3.c + delete mode 100644 src/lib/crypto/krb/prf_des.c + delete mode 100644 src/lib/crypto/openssl/des/Makefile.in + delete mode 100644 src/lib/crypto/openssl/des/deps + delete mode 100644 src/lib/crypto/openssl/des/des_keys.c + delete mode 100644 src/lib/crypto/openssl/enc_provider/des3.c + +diff --git a/doc/admin/advanced/retiring-des.rst b/doc/admin/advanced/retiring-des.rst +index 4a964c15c..cb6258d77 100644 +--- a/doc/admin/advanced/retiring-des.rst ++++ b/doc/admin/advanced/retiring-des.rst +@@ -10,6 +10,13 @@ ability have rendered DES vulnerable to brute force attacks on its 56-bit + keyspace. As such, it is now considered insecure and should not be + used (:rfc:`6649`). + ++In 1999, MIT krb5 added support for Triple-DES (3DES) encryption types. ++However, due to weakenings of DES and other security concerns, it is now also ++considered insecure and should not be used (:rfc:`8429`). AES encryption ++types were added to MIT in 2003, meaning that the number of deployments with ++3DES as the strongest encryption type is hopefully small. The rotation ++procedure described herein works for both DES and 3DES. ++ + History + ------- + +@@ -27,6 +34,10 @@ and removed DES (single-DES) support in release 1.18. As a + consequence, a release prior to 1.18 is required to perform these + migrations. + ++3DES (a flagged deprecated encryption type) was also removed downstream by ++rharwood@redhat.com starting in 1.18; likewise, a pre-1.18 release is required ++to perform these migrations. ++ + Types of keys + ------------- + +diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst +index 9759756a2..cf8a12547 100644 +--- a/doc/admin/conf_files/kdc_conf.rst ++++ b/doc/admin/conf_files/kdc_conf.rst +@@ -843,8 +843,6 @@ Encryption types marked as "weak" are available for compatibility but + not recommended for use. + + ==================================================== ========================================================= +-des3-cbc-raw Triple DES cbc mode raw (weak) +-des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd Triple DES cbc mode with HMAC/sha1 + aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1 AES-256 CTS mode with 96-bit SHA-1 HMAC + aes128-cts-hmac-sha1-96 aes128-cts aes128-sha1 AES-128 CTS mode with 96-bit SHA-1 HMAC + aes256-cts-hmac-sha384-192 aes256-sha2 AES-256 CTS mode with 192-bit SHA-384 HMAC +@@ -853,7 +851,6 @@ arcfour-hmac rc4-hmac arcfour-hmac-md5 RC4 with HMAC/MD5 + arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp Exportable RC4 with HMAC/MD5 (weak) + camellia256-cts-cmac camellia256-cts Camellia-256 CTS mode with CMAC + camellia128-cts-cmac camellia128-cts Camellia-128 CTS mode with CMAC +-des3 The triple DES family: des3-cbc-sha1 + aes The AES family: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha384-192, and aes128-cts-hmac-sha256-128 + rc4 The RC4 family: arcfour-hmac + camellia The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac +@@ -865,8 +862,8 @@ from the current list by prefixing them with a minus sign ("-"). + Types or families can be prefixed with a plus sign ("+") for symmetry; + it has the same meaning as just listing the type or family. For + example, "``DEFAULT -rc4``" would be the default set of encryption +-types with RC4 types removed, and "``des3 DEFAULT``" would be the +-default set of encryption types with triple DES types moved to the ++types with RC4 types removed, and "``aes128-sha2 DEFAULT``" would be ++the default set of encryption types with aes128-sha2 moved to the + front. + + While **aes128-cts** and **aes256-cts** are supported for all Kerberos +diff --git a/doc/admin/enctypes.rst b/doc/admin/enctypes.rst +index caf6d9267..65b55cdb9 100644 +--- a/doc/admin/enctypes.rst ++++ b/doc/admin/enctypes.rst +@@ -129,7 +129,7 @@ enctype weak? krb5 Windows + des-cbc-crc weak <1.18 >=2000 + des-cbc-md4 weak <1.18 ? + des-cbc-md5 weak <1.18 >=2000 +-des3-cbc-sha1 >=1.1 none ++des3-cbc-sha1 <1.18 none + arcfour-hmac >=1.3 >=2000 + arcfour-hmac-exp weak >=1.3 >=2000 + aes128-cts-hmac-sha1-96 >=1.3 >=Vista +@@ -140,7 +140,10 @@ camellia128-cts-cmac >=1.9 none + camellia256-cts-cmac >=1.9 none + ========================== ===== ======== ======= + +-krb5 releases 1.18 and later do not support single-DES. krb5 releases +-1.8 and later disable the single-DES enctypes by default. Microsoft +-Windows releases Windows 7 and later disable single-DES enctypes by +-default. ++krb5 releases 1.8 and later disable the single-DES enctypes by ++default. Microsoft Windows releases Windows 7 and later disable ++single-DES enctypes by default. ++ ++krb5 releases 1.18 and later remove single-DES and 3DES ++(downstream-only patch) enctype support. Microsoft Windows never ++supported 3DES. +diff --git a/doc/admin/troubleshoot.rst b/doc/admin/troubleshoot.rst +index 6a0c7f89b..263fc9c97 100644 +--- a/doc/admin/troubleshoot.rst ++++ b/doc/admin/troubleshoot.rst +@@ -73,11 +73,10 @@ credential verification failed: KDC has no support for encryption type + ...................................................................... + + This most commonly happens when trying to use a principal with only +-DES keys, in a release (MIT krb5 1.7 or later) which disables DES by +-default. DES encryption is considered weak due to its inadequate key +-size. If you cannot migrate away from its use, you can re-enable DES +-by adding ``allow_weak_crypto = true`` to the :ref:`libdefaults` +-section of :ref:`krb5.conf(5)`. ++DES/3DES keys, in a release (MIT krb5 1.7 or later) which disables DES ++by default. DES encryption is considered weak due to its inadequate ++key size and has been removed upstream; 3DES is not recommended, and ++has been removed downstream by rharwood@redhat.com. + + + .. _err_cert_chain_cert_expired: +diff --git a/doc/appdev/refs/macros/index.rst b/doc/appdev/refs/macros/index.rst +index 68debe714..788d094bf 100644 +--- a/doc/appdev/refs/macros/index.rst ++++ b/doc/appdev/refs/macros/index.rst +@@ -36,7 +36,6 @@ Public + CKSUMTYPE_HMAC_SHA1_96_AES256.rst + CKSUMTYPE_HMAC_SHA256_128_AES128.rst + CKSUMTYPE_HMAC_SHA384_192_AES256.rst +- CKSUMTYPE_HMAC_SHA1_DES3.rst + CKSUMTYPE_MD5_HMAC_ARCFOUR.rst + CKSUMTYPE_NIST_SHA.rst + CKSUMTYPE_RSA_MD4.rst +diff --git a/doc/conf.py b/doc/conf.py +index c32b2882a..5eeafc30f 100644 +--- a/doc/conf.py ++++ b/doc/conf.py +@@ -272,7 +272,7 @@ else: + rst_epilog += ''' + .. |krb5conf| replace:: ``/etc/krb5.conf`` + .. |defkeysalts| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal`` +-.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac`` ++.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac`` + .. |defmkey| replace:: ``aes256-cts-hmac-sha1-96`` + .. |copy| unicode:: U+000A9 + ''' +diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst +index 5d286b6ee..f4594ed13 100644 +--- a/doc/mitK5features.rst ++++ b/doc/mitK5features.rst +@@ -37,7 +37,7 @@ Database backends: LDAP, DB2, LMDB + + krb4 support: Kerberos 5 release < 1.8 + +-DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`) ++DES/3DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`) + + Interoperability + ---------------- +diff --git a/src/Makefile.in b/src/Makefile.in +index 56c7a4e6f..70db82a30 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -130,7 +130,7 @@ WINMAKEFILES=Makefile \ + lib\Makefile lib\crypto\Makefile lib\crypto\krb\Makefile \ + lib\crypto\builtin\Makefile lib\crypto\builtin\aes\Makefile \ + lib\crypto\builtin\enc_provider\Makefile \ +- lib\crypto\builtin\des\Makefile lib\crypto\builtin\md5\Makefile \ ++ lib\crypto\builtin\md5\Makefile \ + lib\crypto\builtin\camellia\Makefile lib\crypto\builtin\md4\Makefile \ + lib\crypto\builtin\hash_provider\Makefile \ + lib\crypto\builtin\sha2\Makefile lib\crypto\builtin\sha1\Makefile \ +@@ -202,8 +202,6 @@ WINMAKEFILES=Makefile \ + ##DOS## $(WCONFIG) config < $@.in > $@ + ##DOS##lib\crypto\builtin\enc_provider\Makefile: lib\crypto\builtin\enc_provider\Makefile.in $(MKFDEP) + ##DOS## $(WCONFIG) config < $@.in > $@ +-##DOS##lib\crypto\builtin\des\Makefile: lib\crypto\builtin\des\Makefile.in $(MKFDEP) +-##DOS## $(WCONFIG) config < $@.in > $@ + ##DOS##lib\crypto\builtin\md5\Makefile: lib\crypto\builtin\md5\Makefile.in $(MKFDEP) + ##DOS## $(WCONFIG) config < $@.in > $@ + ##DOS##lib\crypto\builtin\camellia\Makefile: lib\crypto\builtin\camellia\Makefile.in $(MKFDEP) +diff --git a/src/configure.ac b/src/configure.ac +index 440a22bd9..d4e4da525 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -1481,7 +1481,6 @@ V5_AC_OUTPUT_MAKEFILE(. + lib/crypto lib/crypto/krb lib/crypto/$CRYPTO_IMPL + lib/crypto/$CRYPTO_IMPL/enc_provider + lib/crypto/$CRYPTO_IMPL/hash_provider +- lib/crypto/$CRYPTO_IMPL/des + lib/crypto/$CRYPTO_IMPL/md4 lib/crypto/$CRYPTO_IMPL/md5 + lib/crypto/$CRYPTO_IMPL/sha1 lib/crypto/$CRYPTO_IMPL/sha2 + lib/crypto/$CRYPTO_IMPL/aes lib/crypto/$CRYPTO_IMPL/camellia +diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin +index e9435c693..6355e6540 100644 +--- a/src/include/krb5/krb5.hin ++++ b/src/include/krb5/krb5.hin +@@ -426,8 +426,8 @@ typedef struct _krb5_crypto_iov { + #define ENCTYPE_DES_CBC_MD4 0x0002 /**< @deprecated no longer supported */ + #define ENCTYPE_DES_CBC_MD5 0x0003 /**< @deprecated no longer supported */ + #define ENCTYPE_DES_CBC_RAW 0x0004 /**< @deprecated no longer supported */ +-#define ENCTYPE_DES3_CBC_SHA 0x0005 /**< @deprecated DES-3 cbc with SHA1 */ +-#define ENCTYPE_DES3_CBC_RAW 0x0006 /**< @deprecated DES-3 cbc mode raw */ ++#define ENCTYPE_DES3_CBC_SHA 0x0005 /**< @deprecated no longer supported */ ++#define ENCTYPE_DES3_CBC_RAW 0x0006 /**< @deprecated no longer supported */ + #define ENCTYPE_DES_HMAC_SHA1 0x0008 /**< @deprecated no longer supported */ + /* PKINIT */ + #define ENCTYPE_DSA_SHA1_CMS 0x0009 /**< DSA with SHA1, CMS signature */ +@@ -436,9 +436,9 @@ typedef struct _krb5_crypto_iov { + #define ENCTYPE_RC2_CBC_ENV 0x000c /**< RC2 cbc mode, CMS enveloped data */ + #define ENCTYPE_RSA_ENV 0x000d /**< RSA encryption, CMS enveloped data */ + #define ENCTYPE_RSA_ES_OAEP_ENV 0x000e /**< RSA w/OEAP encryption, CMS enveloped data */ +-#define ENCTYPE_DES3_CBC_ENV 0x000f /**< DES-3 cbc mode, CMS enveloped data */ ++#define ENCTYPE_DES3_CBC_ENV 0x000f /**< @deprecated no longer supported */ + +-#define ENCTYPE_DES3_CBC_SHA1 0x0010 ++#define ENCTYPE_DES3_CBC_SHA1 0x0010 /**< @deprecated removed */ + #define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 /**< RFC 3962 */ + #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 /**< RFC 3962 */ + #define ENCTYPE_AES128_CTS_HMAC_SHA256_128 0x0013 /**< RFC 8009 */ +@@ -458,7 +458,7 @@ typedef struct _krb5_crypto_iov { + #define CKSUMTYPE_RSA_MD5 0x0007 + #define CKSUMTYPE_RSA_MD5_DES 0x0008 + #define CKSUMTYPE_NIST_SHA 0x0009 +-#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c ++#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c /* @deprecated removed */ + #define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f /**< RFC 3962. Used with + ENCTYPE_AES128_CTS_HMAC_SHA1_96 */ + #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 /**< RFC 3962. Used with +diff --git a/src/kadmin/testing/proto/kdc.conf.proto b/src/kadmin/testing/proto/kdc.conf.proto +index 8a4b87de1..d7f1d076b 100644 +--- a/src/kadmin/testing/proto/kdc.conf.proto ++++ b/src/kadmin/testing/proto/kdc.conf.proto +@@ -11,6 +11,6 @@ + dict_file = __K5ROOT__/ovsec_adm.dict + kadmind_port = 1751 + kpasswd_port = 1752 +- master_key_type = des3-hmac-sha1 +- supported_enctypes = des3-hmac-sha1:normal aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal ++ master_key_type = aes256-cts ++ supported_enctypes = aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal + } +diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c +index ba0ce0b71..e3352f9cc 100644 +--- a/src/kdc/kdc_util.c ++++ b/src/kdc/kdc_util.c +@@ -1103,8 +1103,6 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen) + name = "rsaEncryption-EnvOID"; + else if (ktype == ENCTYPE_RSA_ES_OAEP_ENV) + name = "id-RSAES-OAEP-EnvOID"; +- else if (ktype == ENCTYPE_DES3_CBC_ENV) +- name = "des-ede3-cbc-EnvOID"; + else + return krb5_enctype_to_name(ktype, FALSE, buf, buflen); + +@@ -1826,8 +1824,6 @@ krb5_boolean + enctype_requires_etype_info_2(krb5_enctype enctype) + { + switch(enctype) { +- case ENCTYPE_DES3_CBC_SHA1: +- case ENCTYPE_DES3_CBC_RAW: + case ENCTYPE_ARCFOUR_HMAC: + case ENCTYPE_ARCFOUR_HMAC_EXP : + return 0; +diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in +index c3fcfd7e8..890d54adf 100644 +--- a/src/lib/crypto/Makefile.in ++++ b/src/lib/crypto/Makefile.in +@@ -13,7 +13,7 @@ STOBJLISTS=$(CRYPTO_IMPL)/enc_provider/OBJS.ST \ + $(CRYPTO_IMPL)/hash_provider/OBJS.ST \ + $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \ + $(CRYPTO_IMPL)/sha1/OBJS.ST $(CRYPTO_IMPL)/sha2/OBJS.ST \ +- $(CRYPTO_IMPL)/aes/OBJS.ST $(CRYPTO_IMPL)/des/OBJS.ST \ ++ $(CRYPTO_IMPL)/aes/OBJS.ST \ + $(CRYPTO_IMPL)/camellia/OBJS.ST krb/OBJS.ST \ + $(CRYPTO_IMPL)/OBJS.ST + +@@ -21,7 +21,7 @@ SUBDIROBJLISTS=$(CRYPTO_IMPL)/enc_provider/OBJS.ST \ + $(CRYPTO_IMPL)/hash_provider/OBJS.ST \ + $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \ + $(CRYPTO_IMPL)/sha1/OBJS.ST $(CRYPTO_IMPL)/sha2/OBJS.ST \ +- $(CRYPTO_IMPL)/aes/OBJS.ST $(CRYPTO_IMPL)/des/OBJS.ST \ ++ $(CRYPTO_IMPL)/aes/OBJS.ST \ + $(CRYPTO_IMPL)/camellia/OBJS.ST krb/OBJS.ST \ + $(CRYPTO_IMPL)/OBJS.ST + +@@ -34,8 +34,8 @@ SHLIB_EXPDEPLIBS= $(SUPPORT_DEPLIB) + SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@ + + ##DOS##LIBNAME=$(OUTPRE)crypto.lib +-##DOS##OBJFILEDEP=$(OUTPRE)krb.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst +-##DOS##OBJFILELIST=@$(OUTPRE)krb.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst ++##DOS##OBJFILEDEP=$(OUTPRE)krb.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst ++##DOS##OBJFILELIST=@$(OUTPRE)krb.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst + + all-unix: all-liblinks + install-unix: install-libs +diff --git a/src/lib/crypto/builtin/Makefile.in b/src/lib/crypto/builtin/Makefile.in +index baf5d974f..82adf1dec 100644 +--- a/src/lib/crypto/builtin/Makefile.in ++++ b/src/lib/crypto/builtin/Makefile.in +@@ -1,6 +1,6 @@ + mydir=lib$(S)crypto$(S)builtin + BUILDTOP=$(REL)..$(S)..$(S).. +-SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider ++SUBDIRS=camellia aes md4 md5 sha1 sha2 enc_provider hash_provider + LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir) + + ##DOS##BUILDTOP = ..\..\.. +@@ -22,7 +22,7 @@ SRCS=\ + $(srcdir)/init.c \ + $(srcdir)/pbkdf2.c + +-STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ ++STOBJLISTS= md4/OBJS.ST \ + md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ + enc_provider/OBJS.ST \ + hash_provider/OBJS.ST \ +@@ -30,7 +30,7 @@ STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ + camellia/OBJS.ST \ + OBJS.ST + +-SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ ++SUBDIROBJLISTS= md4/OBJS.ST \ + md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ + enc_provider/OBJS.ST \ + hash_provider/OBJS.ST \ +diff --git a/src/lib/crypto/builtin/des/ISSUES b/src/lib/crypto/builtin/des/ISSUES +deleted file mode 100644 +index 157891103..000000000 +--- a/src/lib/crypto/builtin/des/ISSUES ++++ /dev/null +@@ -1,13 +0,0 @@ +-Issues to be addressed for src/lib/crypto/des: -*- text -*- +- +- +-"const" could be used in more places +- +- +-Array types are used in calling interfaces. Under ANSI C, a value of +-type "arraytype *" cannot be assigned to a variable of type "const +-arraytype *", so we get compilation warnings. +- +-Possible fix: Rewrite internal interfaces to not use arrays this way. +-Provide external routines compatible with old API, but not using +-const? +diff --git a/src/lib/crypto/builtin/des/Makefile.in b/src/lib/crypto/builtin/des/Makefile.in +deleted file mode 100644 +index ed25dab7c..000000000 +--- a/src/lib/crypto/builtin/des/Makefile.in ++++ /dev/null +@@ -1,80 +0,0 @@ +-mydir=lib$(S)crypto$(S)builtin$(S)des +-BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +-LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb +- +-##DOS##BUILDTOP = ..\..\..\.. +-##DOS##PREFIXDIR = builtin\des +-##DOS##OBJFILE = ..\..\$(OUTPRE)des.lst +- +-STLIBOBJS=\ +- d3_aead.o \ +- d3_kysched.o \ +- des_keys.o \ +- f_aead.o \ +- f_cksum.o \ +- f_parity.o \ +- f_sched.o \ +- f_tables.o \ +- key_sched.o \ +- weak_key.o +- +-OBJS= $(OUTPRE)d3_aead.$(OBJEXT) \ +- $(OUTPRE)d3_kysched.$(OBJEXT) \ +- $(OUTPRE)des_keys.$(OBJEXT) \ +- $(OUTPRE)f_aead.$(OBJEXT) \ +- $(OUTPRE)f_cksum.$(OBJEXT) \ +- $(OUTPRE)f_parity.$(OBJEXT) \ +- $(OUTPRE)f_sched.$(OBJEXT) \ +- $(OUTPRE)f_tables.$(OBJEXT) \ +- $(OUTPRE)key_sched.$(OBJEXT) \ +- $(OUTPRE)weak_key.$(OBJEXT) +- +-SRCS= $(srcdir)/d3_aead.c \ +- $(srcdir)/d3_kysched.c \ +- $(srcdir)/des_keys.c \ +- $(srcdir)/f_aead.c \ +- $(srcdir)/f_cksum.c \ +- $(srcdir)/f_parity.c \ +- $(srcdir)/f_sched.c \ +- $(srcdir)/f_tables.c \ +- $(srcdir)/key_sched.c \ +- $(srcdir)/weak_key.c +- +-EXTRADEPSRCS = $(srcdir)/destest.c $(srcdir)/f_cbc.c $(srcdir)/t_verify.c +- +-##DOS##LIBOBJS = $(OBJS) +- +-TOBJS = $(OUTPRE)key_sched.$(OBJEXT) $(OUTPRE)f_sched.$(OBJEXT) \ +- $(OUTPRE)f_cbc.$(OBJEXT) $(OUTPRE)f_tables.$(OBJEXT) \ +- $(OUTPRE)f_cksum.$(OBJEXT) +- +-verify$(EXEEXT): t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \ +- $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) +- $(CC_LINK) -o $@ t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \ +- -lcom_err $(SUPPORT_LIB) +- +-destest$(EXEEXT): destest.$(OBJEXT) $(TOBJS) $(SUPPORT_DEPLIB) +- $(CC_LINK) -o $@ destest.$(OBJEXT) $(TOBJS) $(SUPPORT_LIB) +- +-all-unix: all-libobjs +- +-check-unix: verify destest +- $(RUN_TEST) ./verify -z +- $(RUN_TEST) ./verify -m +- $(RUN_TEST) ./verify +- $(RUN_TEST) ./destest < $(srcdir)/keytest.data +- +-includes: depend +- +-depend: $(SRCS) +- +-check-windows: +- +-clean: +- $(RM) destest.$(OBJEXT) destest$(EXEEXT) verify$(EXEEXT) \ +- t_verify.$(OBJEXT) $(TOBJS) +- +-clean-unix:: clean-libobjs +- +-@libobj_frag@ +- +diff --git a/src/lib/crypto/builtin/des/d3_aead.c b/src/lib/crypto/builtin/des/d3_aead.c +deleted file mode 100644 +index bddf75a47..000000000 +--- a/src/lib/crypto/builtin/des/d3_aead.c ++++ /dev/null +@@ -1,133 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * Copyright (C) 2008 by the Massachusetts Institute of Technology. +- * Copyright 1995 by Richard P. Basch. All Rights Reserved. +- * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used +- * in advertising or publicity pertaining to distribution of the software +- * without specific, written prior permission. Richard P. Basch, +- * Lehman Brothers and M.I.T. make no representations about the suitability +- * of this software for any purpose. It is provided "as is" without +- * express or implied warranty. +- */ +- +-#include "crypto_int.h" +-#include "des_int.h" +-#include "f_tables.h" +- +-void +-krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule ks1, +- const mit_des_key_schedule ks2, +- const mit_des_key_schedule ks3, +- mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp1, *kp2, *kp3; +- const unsigned char *ip; +- struct iov_cursor cursor; +- unsigned char block[MIT_DES_BLOCK_LENGTH]; +- +- /* Get key pointers here. These won't need to be reinitialized. */ +- kp1 = (const unsigned DES_INT32 *)ks1; +- kp2 = (const unsigned DES_INT32 *)ks2; +- kp3 = (const unsigned DES_INT32 *)ks3; +- +- /* Initialize left and right with the contents of the initial vector. */ +- ip = (ivec != NULL) ? ivec : mit_des_zeroblock; +- left = load_32_be(ip); +- right = load_32_be(ip + 4); +- +- k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); +- while (k5_iov_cursor_get(&cursor, block)) { +- /* xor this block with the previous ciphertext. */ +- left ^= load_32_be(block); +- right ^= load_32_be(block + 4); +- +- /* Encrypt what we have and store it back into block. */ +- DES_DO_ENCRYPT(left, right, kp1); +- DES_DO_DECRYPT(left, right, kp2); +- DES_DO_ENCRYPT(left, right, kp3); +- store_32_be(left, block); +- store_32_be(right, block + 4); +- +- k5_iov_cursor_put(&cursor, block); +- } +- +- if (ivec != NULL) { +- store_32_be(left, ivec); +- store_32_be(right, ivec + 4); +- } +-} +- +-void +-krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule ks1, +- const mit_des_key_schedule ks2, +- const mit_des_key_schedule ks3, +- mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp1, *kp2, *kp3; +- const unsigned char *ip; +- unsigned DES_INT32 ocipherl, ocipherr; +- unsigned DES_INT32 cipherl, cipherr; +- struct iov_cursor cursor; +- unsigned char block[MIT_DES_BLOCK_LENGTH]; +- +- /* Get key pointers here. These won't need to be reinitialized. */ +- kp1 = (const unsigned DES_INT32 *)ks1; +- kp2 = (const unsigned DES_INT32 *)ks2; +- kp3 = (const unsigned DES_INT32 *)ks3; +- +- /* +- * Decrypting is harder than encrypting because of +- * the necessity of remembering a lot more things. +- * Should think about this a little more... +- */ +- +- /* Prime the old cipher with ivec.*/ +- ip = (ivec != NULL) ? ivec : mit_des_zeroblock; +- ocipherl = load_32_be(ip); +- ocipherr = load_32_be(ip + 4); +- +- k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); +- while (k5_iov_cursor_get(&cursor, block)) { +- /* Split this block into left and right. */ +- cipherl = left = load_32_be(block); +- cipherr = right = load_32_be(block + 4); +- +- /* Decrypt and xor with the old cipher to get plain text. */ +- DES_DO_DECRYPT(left, right, kp3); +- DES_DO_ENCRYPT(left, right, kp2); +- DES_DO_DECRYPT(left, right, kp1); +- left ^= ocipherl; +- right ^= ocipherr; +- +- /* Store the encrypted halves back into block. */ +- store_32_be(left, block); +- store_32_be(right, block + 4); +- +- /* Save current cipher block halves. */ +- ocipherl = cipherl; +- ocipherr = cipherr; +- +- k5_iov_cursor_put(&cursor, block); +- } +- +- if (ivec != NULL) { +- store_32_be(ocipherl, ivec); +- store_32_be(ocipherr, ivec + 4); +- } +-} +diff --git a/src/lib/crypto/builtin/des/d3_kysched.c b/src/lib/crypto/builtin/des/d3_kysched.c +deleted file mode 100644 +index ebd1050b1..000000000 +--- a/src/lib/crypto/builtin/des/d3_kysched.c ++++ /dev/null +@@ -1,51 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * Copyright 1995 by Richard P. Basch. All Rights Reserved. +- * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used +- * in advertising or publicity pertaining to distribution of the software +- * without specific, written prior permission. Richard P. Basch, +- * Lehman Brothers and M.I.T. make no representations about the suitability +- * of this software for any purpose. It is provided "as is" without +- * express or implied warranty. +- */ +- +-#include "k5-int.h" +-#include "des_int.h" +- +-int +-mit_des3_key_sched(mit_des3_cblock k, mit_des3_key_schedule schedule) +-{ +- mit_des_make_key_sched(k[0],schedule[0]); +- mit_des_make_key_sched(k[1],schedule[1]); +- mit_des_make_key_sched(k[2],schedule[2]); +- +- if (!mit_des_check_key_parity(k[0])) /* bad parity --> return -1 */ +- return(-1); +- if (mit_des_is_weak_key(k[0])) +- return(-2); +- +- if (!mit_des_check_key_parity(k[1])) +- return(-1); +- if (mit_des_is_weak_key(k[1])) +- return(-2); +- +- if (!mit_des_check_key_parity(k[2])) +- return(-1); +- if (mit_des_is_weak_key(k[2])) +- return(-2); +- +- /* if key was good, return 0 */ +- return 0; +-} +diff --git a/src/lib/crypto/builtin/des/deps b/src/lib/crypto/builtin/des/deps +deleted file mode 100644 +index df2a31dac..000000000 +--- a/src/lib/crypto/builtin/des/deps ++++ /dev/null +@@ -1,148 +0,0 @@ +-# +-# Generated makefile dependencies follow. +-# +-d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +- $(srcdir)/../aes/aes.h $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ +- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- d3_aead.c des_int.h f_tables.h +-d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- d3_kysched.c des_int.h +-des_keys.so des_keys.po $(OUTPRE)des_keys.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../aes/aes.h \ +- $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ +- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h des_keys.c +-f_aead.so f_aead.po $(OUTPRE)f_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +- $(srcdir)/../aes/aes.h $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ +- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h f_aead.c f_tables.h +-f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des_int.h f_cksum.c \ +- f_tables.h +-f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h f_parity.c +-f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des_int.h f_sched.c +-f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h f_tables.c f_tables.h +-key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h key_sched.c +-weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h weak_key.c +-destest.so destest.po $(OUTPRE)destest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des_int.h destest.c +-f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des_int.h f_cbc.c \ +- f_tables.h +-t_verify.so t_verify.po $(OUTPRE)t_verify.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_int.h t_verify.c +diff --git a/src/lib/crypto/builtin/des/des_int.h b/src/lib/crypto/builtin/des/des_int.h +deleted file mode 100644 +index f8dc6b296..000000000 +--- a/src/lib/crypto/builtin/des/des_int.h ++++ /dev/null +@@ -1,285 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/des_int.h */ +-/* +- * Copyright 1987, 1988, 1990, 2002 by the Massachusetts Institute of +- * Technology. All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +-/* +- * Copyright (C) 1998 by the FundsXpress, INC. +- * +- * All rights reserved. +- * +- * Export of this software from the United States of America may require +- * a specific license from the United States Government. It is the +- * responsibility of any person or organization contemplating export to +- * obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of FundsXpress. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. FundsXpress makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +- */ +- +-/* Private include file for the Data Encryption Standard library. */ +- +-/* only do the whole thing once */ +-#ifndef DES_INTERNAL_DEFS +-#define DES_INTERNAL_DEFS +- +-#include "k5-int.h" +-/* +- * Begin "mit-des.h" +- */ +-#ifndef KRB5_MIT_DES__ +-#define KRB5_MIT_DES__ +- +-#if defined(__MACH__) && defined(__APPLE__) +-#include +-#include +-#if TARGET_RT_MAC_CFM +-#error "Use KfM 4.0 SDK headers for CFM compilation." +-#endif +-#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) +-#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 +-#endif +-#endif /* defined(__MACH__) && defined(__APPLE__) */ +- +-/* Macro to add deprecated attribute to DES types and functions */ +-/* Currently only defined on macOS 10.5 and later. */ +-#ifndef KRB5INT_DES_DEPRECATED +-#define KRB5INT_DES_DEPRECATED +-#endif +- +-#include +- +-#if UINT_MAX >= 0xFFFFFFFFUL +-#define DES_INT32 int +-#define DES_UINT32 unsigned int +-#else +-#define DES_INT32 long +-#define DES_UINT32 unsigned long +-#endif +- +-typedef unsigned char des_cblock[8] /* crypto-block size */ +-KRB5INT_DES_DEPRECATED; +- +-/* +- * Key schedule. +- * +- * This used to be +- * +- * typedef struct des_ks_struct { +- * union { DES_INT32 pad; des_cblock _;} __; +- * } des_key_schedule[16]; +- * +- * but it would cause trouble if DES_INT32 were ever more than 4 +- * bytes. The reason is that all the encryption functions cast it to +- * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If +- * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the +- * caller-allocated des_key_schedule will be overflowed by the key +- * scheduling functions. We can't assume that every platform will +- * have an exact 32-bit int, and nothing should be looking inside a +- * des_key_schedule anyway. +- */ +-typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] +-KRB5INT_DES_DEPRECATED; +- +-typedef des_cblock mit_des_cblock; +-typedef des_key_schedule mit_des_key_schedule; +- +-/* Triple-DES structures */ +-typedef mit_des_cblock mit_des3_cblock[3]; +-typedef mit_des_key_schedule mit_des3_key_schedule[3]; +- +-#define MIT_DES_ENCRYPT 1 +-#define MIT_DES_DECRYPT 0 +- +-typedef struct mit_des_ran_key_seed { +- krb5_encrypt_block eblock; +- krb5_data sequence; +-} mit_des_random_state; +- +-/* the first byte of the key is already in the keyblock */ +- +-#define MIT_DES_BLOCK_LENGTH (8*sizeof(krb5_octet)) +-/* This used to be 8*sizeof(krb5_octet) */ +-#define MIT_DES_KEYSIZE 8 +- +-#define MIT_DES_CBC_CKSUM_LENGTH (4*sizeof(krb5_octet)) +- +-#endif /* KRB5_MIT_DES__ */ +-/* +- * End "mit-des.h" +- */ +- +-/* afsstring2key.c */ +-krb5_error_code mit_afs_string_to_key(krb5_keyblock *keyblock, +- const krb5_data *data, +- const krb5_data *salt); +-char *mit_afs_crypt(const char *pw, const char *salt, char *iobuf); +- +-/* f_cksum.c */ +-unsigned long mit_des_cbc_cksum(const krb5_octet *, krb5_octet *, +- unsigned long, const mit_des_key_schedule, +- const krb5_octet *); +- +-/* f_cbc.c (used by test programs) */ +-int +-mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, +- unsigned long length, const mit_des_key_schedule schedule, +- const mit_des_cblock ivec, int enc); +- +-#define mit_des_zeroblock krb5int_c_mit_des_zeroblock +-extern const mit_des_cblock mit_des_zeroblock; +- +-/* fin_rndkey.c */ +-krb5_error_code mit_des_finish_random_key(const krb5_encrypt_block *, +- krb5_pointer *); +- +-/* finish_key.c */ +-krb5_error_code mit_des_finish_key(krb5_encrypt_block *); +- +-/* init_rkey.c */ +-krb5_error_code mit_des_init_random_key(const krb5_encrypt_block *, +- const krb5_keyblock *, +- krb5_pointer *); +- +-/* key_parity.c */ +-void mit_des_fixup_key_parity(mit_des_cblock); +-int mit_des_check_key_parity(mit_des_cblock); +- +-/* key_sched.c */ +-int mit_des_key_sched(mit_des_cblock, mit_des_key_schedule); +- +-/* process_ky.c */ +-krb5_error_code mit_des_process_key(krb5_encrypt_block *, +- const krb5_keyblock *); +- +-/* random_key.c */ +-krb5_error_code mit_des_random_key(const krb5_encrypt_block *, +- krb5_pointer, krb5_keyblock **); +- +-/* string2key.c */ +-krb5_error_code mit_des_string_to_key(const krb5_encrypt_block *, +- krb5_keyblock *, const krb5_data *, +- const krb5_data *); +-krb5_error_code mit_des_string_to_key_int(krb5_keyblock *, const krb5_data *, +- const krb5_data *); +- +-/* weak_key.c */ +-int mit_des_is_weak_key(mit_des_cblock); +- +-/* cmb_keys.c */ +-krb5_error_code mit_des_combine_subkeys(const krb5_keyblock *, +- const krb5_keyblock *, +- krb5_keyblock **); +- +-/* f_pcbc.c */ +-int mit_des_pcbc_encrypt(); +- +-/* f_sched.c */ +-int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule); +- +- +-/* misc.c */ +-extern void swap_bits(char *); +-extern unsigned long long_swap_bits(unsigned long); +-extern unsigned long swap_six_bits_to_ansi(unsigned long); +-extern unsigned long swap_four_bits_to_ansi(unsigned long); +-extern unsigned long swap_bit_pos_1(unsigned long); +-extern unsigned long swap_bit_pos_0(unsigned long); +-extern unsigned long swap_bit_pos_0_to_ansi(unsigned long); +-extern unsigned long rev_swap_bit_pos_0(unsigned long); +-extern unsigned long swap_byte_bits(unsigned long); +-extern unsigned long swap_long_bytes_bit_number(unsigned long); +-#ifdef FILE +-/* XXX depends on FILE being a #define! */ +-extern void test_set(FILE *, const char *, int, const char *, int); +-#endif +- +-void +-krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule ks1, +- const mit_des_key_schedule ks2, +- const mit_des_key_schedule ks3, +- mit_des_cblock ivec); +- +-void +-krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule ks1, +- const mit_des_key_schedule ks2, +- const mit_des_key_schedule ks3, +- mit_des_cblock ivec); +- +-void +-krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, +- mit_des_cblock ivec); +- +-void +-krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, +- mit_des_cblock ivec); +- +-void +-krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, mit_des_cblock ivec, +- mit_des_cblock out); +- +-/* d3_procky.c */ +-krb5_error_code mit_des3_process_key(krb5_encrypt_block *eblock, +- const krb5_keyblock *keyblock); +- +-/* d3_kysched.c */ +-int mit_des3_key_sched(mit_des3_cblock key, mit_des3_key_schedule schedule); +- +-/* d3_str2ky.c */ +-krb5_error_code mit_des3_string_to_key(const krb5_encrypt_block *eblock, +- krb5_keyblock *keyblock, +- const krb5_data *data, +- const krb5_data *salt); +- +-/* u_nfold.c */ +-krb5_error_code mit_des_n_fold(const krb5_octet *input, const size_t in_len, +- krb5_octet *output, const size_t out_len); +- +-/* u_rn_key.c */ +-int mit_des_is_weak_keyblock(krb5_keyblock *keyblock); +- +-void mit_des_fixup_keyblock_parity(krb5_keyblock *keyblock); +- +-krb5_error_code mit_des_set_random_generator_seed(const krb5_data *seed, +- krb5_pointer random_state); +- +-krb5_error_code mit_des_set_random_sequence_number(const krb5_data *sequence, +- krb5_pointer random_state); +-#endif /*DES_INTERNAL_DEFS*/ +diff --git a/src/lib/crypto/builtin/des/des_keys.c b/src/lib/crypto/builtin/des/des_keys.c +deleted file mode 100644 +index 32b119aad..000000000 +--- a/src/lib/crypto/builtin/des/des_keys.c ++++ /dev/null +@@ -1,40 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/des_keys.c - Key functions used by Kerberos code */ +-/* +- * Copyright (C) 2011 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-#include "crypto_int.h" +-#include "des_int.h" +- +-void +-k5_des_fixup_key_parity(unsigned char *keybits) +-{ +- mit_des_fixup_key_parity(keybits); +-} +- +-krb5_boolean +-k5_des_is_weak_key(unsigned char *keybits) +-{ +- return mit_des_is_weak_key(keybits); +-} +diff --git a/src/lib/crypto/builtin/des/destest.c b/src/lib/crypto/builtin/des/destest.c +deleted file mode 100644 +index 52114304e..000000000 +--- a/src/lib/crypto/builtin/des/destest.c ++++ /dev/null +@@ -1,240 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/destest.c */ +-/* +- * Copyright 1990,1991 by the Massachusetts Institute of Technology. +- * All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +-/* +- * Copyright (C) 1998 by the FundsXpress, INC. +- * +- * All rights reserved. +- * +- * Export of this software from the United States of America may require +- * a specific license from the United States Government. It is the +- * responsibility of any person or organization contemplating export to +- * obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of FundsXpress. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. FundsXpress makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +- */ +- +-/* Test a DES implementation against known inputs & outputs. */ +- +-#include "des_int.h" +-#include +-#include +- +-void convert (char *, unsigned char []); +- +-void des_cblock_print_file (mit_des_cblock, FILE *); +- +-krb5_octet zeroblock[8] = {0,0,0,0,0,0,0,0}; +- +-int +-main(argc, argv) +- int argc; +- char *argv[]; +-{ +- char block1[17], block2[17], block3[17]; +- /* Force tests of unaligned accesses. */ +- union { unsigned char c[8*4+3]; long l; } u; +- unsigned char *ioblocks = u.c; +- unsigned char *input = ioblocks+1; +- unsigned char *output = ioblocks+10; +- unsigned char *output2 = ioblocks+19; +- unsigned char *key = ioblocks+27; +- mit_des_key_schedule sched; +- int num = 0; +- int retval; +- +- int error = 0; +- +- while (scanf("%16s %16s %16s", block1, block2, block3) == 3) { +- convert(block1, key); +- convert(block2, input); +- convert(block3, output); +- +- retval = mit_des_key_sched(key, sched); +- if (retval) { +- fprintf(stderr, "des test: can't process key: %d\n", retval); +- fprintf(stderr, "des test: %s %s %s\n", block1, block2, block3); +- exit(1); +- } +- mit_des_cbc_encrypt((const mit_des_cblock *) input, +- (mit_des_cblock *) output2, 8, +- sched, zeroblock, 1); +- +- if (memcmp((char *)output2, (char *)output, 8)) { +- fprintf(stderr, +- "DES ENCRYPT ERROR, key %s, text %s, real cipher %s, computed cyphertext %02X%02X%02X%02X%02X%02X%02X%02X\n", +- block1, block2, block3, +- output2[0],output2[1],output2[2],output2[3], +- output2[4],output2[5],output2[6],output2[7]); +- error++; +- } +- +- /* +- * Now try decrypting.... +- */ +- mit_des_cbc_encrypt((const mit_des_cblock *) output, +- (mit_des_cblock *) output2, 8, +- sched, zeroblock, 0); +- +- if (memcmp((char *)output2, (char *)input, 8)) { +- fprintf(stderr, +- "DES DECRYPT ERROR, key %s, text %s, real cipher %s, computed cleartext %02X%02X%02X%02X%02X%02X%02X%02X\n", +- block1, block2, block3, +- output2[0],output2[1],output2[2],output2[3], +- output2[4],output2[5],output2[6],output2[7]); +- error++; +- } +- +- num++; +- } +- +- if (error) +- printf("destest: failed to pass the test\n"); +- else +- printf("destest: %d tests passed successfully\n", num); +- +- exit( (error > 256 && error % 256) ? 1 : error); +-} +- +-int value[128] = { +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- 0, 1, 2, 3, 4, 5, 6, 7, +- 8, 9, -1, -1, -1, -1, -1, -1, +- -1, 10, 11, 12, 13, 14, 15, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, +-}; +- +-void +-convert(text, cblock) +- char *text; +- unsigned char cblock[]; +-{ +- int i; +- for (i = 0; i < 8; i++) { +- if (!isascii((unsigned char)text[i * 2])) +- abort (); +- if (value[(int) text[i*2]] == -1 || value[(int) text[i*2+1]] == -1) { +- printf("Bad value byte %d in %s\n", i, text); +- exit(1); +- } +- cblock[i] = 16*value[(int) text[i*2]] + value[(int) text[i*2+1]]; +- } +- return; +-} +- +-/* +- * Fake out the DES library, for the purposes of testing. +- */ +- +-int +-mit_des_is_weak_key(key) +- mit_des_cblock key; +-{ +- return 0; /* fake it out for testing */ +-} +- +-void +-des_cblock_print_file(x, fp) +- mit_des_cblock x; +- FILE *fp; +-{ +- unsigned char *y = (unsigned char *) x; +- int i = 0; +- fprintf(fp," 0x { "); +- +- while (i++ < 8) { +- fprintf(fp,"%x",*y++); +- if (i < 8) +- fprintf(fp,", "); +- } +- fprintf(fp," }"); +-} +- +- +-#define smask(step) ((1<>step)&smask(step))) +-#define parity_char(x) pstep(pstep(pstep((x),4),2),1) +- +-/* +- * des_check_key_parity: returns true iff key has the correct des parity. +- * See des_fix_key_parity for the definition of +- * correct des parity. +- */ +-int +-mit_des_check_key_parity(key) +- mit_des_cblock key; +-{ +- unsigned int i; +- +- for (i=0; i decrypt, else encrypt */ +- Key_schedule schedule; /* addr of key schedule */ +- +-This is the low level routine that encrypts or decrypts a single 8-byte +-block in electronic code book mode. Always transforms the input +-data into the output data. +- +-If encrypt is non-zero, the input (cleartext) is encrypted into the +-output (ciphertext) using the specified key_schedule, pre-set via "des_set_key". +- +-If encrypt is zero, the input (now ciphertext) is decrypted into +-the output (now cleartext). +- +-Input and output may be the same space. +- +-Does not return any meaningful value. Void is not used for compatibility +-with other compilers. +- +-/* -------------------------------------------------------------- */ +- +-int +- cbc_encrypt(input,output,length,schedule,ivec,encrypt) +- +- C_Block *input; /* ptr to input data */ +- C_Block *output; /* ptr to output data */ +- int length; /* desired length, in bytes */ +- Key_schedule schedule; /* addr of precomputed schedule */ +- C_Block *ivec; /* pointer to 8 byte initialization +- * vector +- */ +- int encrypt /* 0 ==> decrypt; else encrypt*/ +- +- +- If encrypt is non-zero, the routine cipher-block-chain encrypts +- the INPUT (cleartext) into the OUTPUT (ciphertext) using the provided +- key schedule and initialization vector. If the length is not an integral +- multiple of eight bytes, the last block is copied to a temp and zero +- filled (highest addresses). The output is ALWAYS an integral multiple +- of eight bytes. +- +- If encrypt is zero, the routine cipher-block chain decrypts the INPUT +- (ciphertext) into the OUTPUT (cleartext) using the provided key schedule +- and initialization vector. Decryption ALWAYS operates on integral +- multiples of 8 bytes, so will round the length provided up to the +- appropriate multiple. Consequently, it will always produce the rounded-up +- number of bytes of output cleartext. The application must determine if +- the output cleartext was zero-padded due to cleartext lengths not integral +- multiples of 8. +- +- No errors or meaningful value are returned. Void is not used for +- compatibility with other compilers. +- +- +-/* cbc checksum (MAC) only routine ---------------------------------------- */ +-int +- cbc_cksum(input,output,length,schedule,ivec) +- +- C_Block *input; /* >= length bytes of inputtext */ +- C_Block *output; /* >= length bytes of outputtext */ +- int length; /* in bytes */ +- Key_schedule schedule; /* precomputed key schedule */ +- C_Block *ivec; /* 8 bytes of ivec */ +- +- +- Produces a cryptographic checksum, 8 bytes, by cipher-block-chain +- encrypting the input, discarding the ciphertext output, and only retaining +- the last ciphertext 8-byte block. Uses the provided key schedule and ivec. +- The input is effectively zero-padded to an integral multiple of +- eight bytes, though the original input is not modified. +- +- No meaningful value is returned. Void is not used for compatibility +- with other compilers. +- +- +-/* random_key ----------------------------------------*/ +-int +- random_key(key) +- +- C_Block *key; +- +- The start for the random number generated is set from the current time +- in microseconds, then the random number generator is invoked +- to create an eight byte output key (not a schedule). The key +- generated is set to odd parity per FIPS spec. +- +- The caller must supply space for the output key, pointed to +- by "*key", then after getting a new key, call the des_set_key() +- routine when needed. +- +- No meaningfull value is returned. Void is not used for compatibility +- with other compilers. +- +- +-/* string_to_key --------------------------------------------*/ +- +-int +- string_to_key(str,key) +- char *str; +- C_Block *key; +- +- This routines converts an arbitrary length, null terminated string +- to an 8 byte DES key, with each byte parity set to odd, per FIPS spec. +- +- The algorithm is as follows: +- +-| Take the first 8 bytes and remove the parity (leaving 56 bits). +-| Do the same for the second 8 bytes, and the third, etc. Do this for +-| as many sets of 8 bytes as necessary, filling in the remainder of the +-| last set with nulls. Fold the second set back on the first (i.e. bit +-| 0 over bit 55, and bit 55 over bit 0). Fold the third over the second +-| (bit 0 of the third set is now over bit 0 of the first set). Repeat +-| until you have done this to all sets. Xor the folded sets. Break the +-| result into 8 7 bit bytes, and generate odd parity for each byte. You +-| now have 64 bits. Note that DES takes a 64 bit key, and uses only the +-| non parity bits. +- +- +-/* read_password -------------------------------------------*/ +- +-read_password(k,prompt,verify) +- C_Block *k; +- char *prompt; +- int verify; +- +-This routine issues the supplied prompt, turns off echo, if possible, and +-reads an input string. If verify is non-zero, it does it again, for use +-in applications such as changing a password. If verify is non-zero, both +-versions are compared, and the input is requested repeatedly until they +-match. Then, the input string is mapped into a valid DES key, internally +-using the string_to_key routine. The newly created key is copied to the +-area pointed to by parameter "k". +- +-No meaningful value is returned. If an error occurs trying to manipulate +-the terminal echo, the routine forces the process to exit. +- +-/* get_line ------------------------*/ +-long get_line(p,max) +- char *p; +- long max; +- +-Reads input characters from standard input until either a newline appears or +-else the max length is reached. The characters read are stuffed into +-the string pointed to, which will always be null terminated. The newline +-is not inserted in the string. The max parameter includes the byte needed +-for the null terminator, so allocate and pass one more than the maximum +-string length desired. +diff --git a/src/lib/crypto/builtin/des/f_aead.c b/src/lib/crypto/builtin/des/f_aead.c +deleted file mode 100644 +index 71b8dff4d..000000000 +--- a/src/lib/crypto/builtin/des/f_aead.c ++++ /dev/null +@@ -1,173 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * Copyright (C) 2008 by the Massachusetts Institute of Technology. +- * Copyright 1995 by Richard P. Basch. All Rights Reserved. +- * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used +- * in advertising or publicity pertaining to distribution of the software +- * without specific, written prior permission. Richard P. Basch, +- * Lehman Brothers and M.I.T. make no representations about the suitability +- * of this software for any purpose. It is provided "as is" without +- * express or implied warranty. +- */ +- +-#include "crypto_int.h" +-#include "des_int.h" +-#include "f_tables.h" +- +-const mit_des_cblock mit_des_zeroblock /* = all zero */; +- +-void +-krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, +- mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- struct iov_cursor cursor; +- unsigned char block[MIT_DES_BLOCK_LENGTH]; +- +- /* Get key pointer here. This won't need to be reinitialized. */ +- kp = (const unsigned DES_INT32 *)schedule; +- +- /* Initialize left and right with the contents of the initial vector. */ +- ip = (ivec != NULL) ? ivec : mit_des_zeroblock; +- left = load_32_be(ip); +- right = load_32_be(ip + 4); +- +- k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); +- while (k5_iov_cursor_get(&cursor, block)) { +- /* Decompose this block and xor it with the previous ciphertext. */ +- left ^= load_32_be(block); +- right ^= load_32_be(block + 4); +- +- /* Encrypt what we have and put back into block. */ +- DES_DO_ENCRYPT(left, right, kp); +- store_32_be(left, block); +- store_32_be(right, block + 4); +- +- k5_iov_cursor_put(&cursor, block); +- } +- +- if (ivec != NULL) { +- store_32_be(left, ivec); +- store_32_be(right, ivec + 4); +- } +-} +- +-void +-krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, +- mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- unsigned DES_INT32 ocipherl, ocipherr; +- unsigned DES_INT32 cipherl, cipherr; +- struct iov_cursor cursor; +- unsigned char block[MIT_DES_BLOCK_LENGTH]; +- +- /* Get key pointer here. This won't need to be reinitialized. */ +- kp = (const unsigned DES_INT32 *)schedule; +- +- /* +- * Decrypting is harder than encrypting because of +- * the necessity of remembering a lot more things. +- * Should think about this a little more... +- */ +- +- /* Prime the old cipher with ivec. */ +- ip = (ivec != NULL) ? ivec : mit_des_zeroblock; +- ocipherl = load_32_be(ip); +- ocipherr = load_32_be(ip + 4); +- +- k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); +- while (k5_iov_cursor_get(&cursor, block)) { +- /* Split this block into left and right. */ +- cipherl = left = load_32_be(block); +- cipherr = right = load_32_be(block + 4); +- +- /* Decrypt and xor with the old cipher to get plain text. */ +- DES_DO_DECRYPT(left, right, kp); +- left ^= ocipherl; +- right ^= ocipherr; +- +- /* Store the encrypted halves back into block. */ +- store_32_be(left, block); +- store_32_be(right, block + 4); +- +- /* Save current cipher block halves. */ +- ocipherl = cipherl; +- ocipherr = cipherr; +- +- k5_iov_cursor_put(&cursor, block); +- } +- +- if (ivec != NULL) { +- store_32_be(ocipherl, ivec); +- store_32_be(ocipherr, ivec + 4); +- } +-} +- +-void +-krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data, +- const mit_des_key_schedule schedule, mit_des_cblock ivec, +- mit_des_cblock out) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- struct iov_cursor cursor; +- unsigned char block[MIT_DES_BLOCK_LENGTH]; +- +- /* Get key pointer here. This won't need to be reinitialized. */ +- kp = (const unsigned DES_INT32 *)schedule; +- +- /* Initialize left and right with the contents of the initial vector. */ +- ip = (ivec != NULL) ? ivec : mit_des_zeroblock; +- left = load_32_be(ip); +- right = load_32_be(ip + 4); +- +- k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, TRUE); +- while (k5_iov_cursor_get(&cursor, block)) { +- /* Decompose this block and xor it with the previous ciphertext. */ +- left ^= load_32_be(block); +- right ^= load_32_be(block + 4); +- +- /* Encrypt what we have. */ +- DES_DO_ENCRYPT(left, right, kp); +- } +- +- /* Output the final ciphertext block. */ +- store_32_be(left, out); +- store_32_be(right, out + 4); +-} +- +-#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO) +-void krb5int_des_do_encrypt_2 (unsigned DES_INT32 *left, +- unsigned DES_INT32 *right, +- const unsigned DES_INT32 *kp) +-{ +- DES_DO_ENCRYPT_1 (*left, *right, kp); +-} +- +-void krb5int_des_do_decrypt_2 (unsigned DES_INT32 *left, +- unsigned DES_INT32 *right, +- const unsigned DES_INT32 *kp) +-{ +- DES_DO_DECRYPT_1 (*left, *right, kp); +-} +-#endif +diff --git a/src/lib/crypto/builtin/des/f_cbc.c b/src/lib/crypto/builtin/des/f_cbc.c +deleted file mode 100644 +index 84d5382f2..000000000 +--- a/src/lib/crypto/builtin/des/f_cbc.c ++++ /dev/null +@@ -1,256 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/f_cbc.c */ +-/* +- * Copyright (C) 1990 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* +- * CBC functions; used only by the test programs at this time. (krb5 uses the +- * functions in f_aead.c instead.) +- */ +- +-/* +- * des_cbc_encrypt.c - an implementation of the DES cipher function in cbc mode +- */ +-#include "des_int.h" +-#include "f_tables.h" +- +-/* +- * des_cbc_encrypt - {en,de}crypt a stream in CBC mode +- */ +- +-/* +- * This routine performs DES cipher-block-chaining operation, either +- * encrypting from cleartext to ciphertext, if encrypt != 0 or +- * decrypting from ciphertext to cleartext, if encrypt == 0. +- * +- * The key schedule is passed as an arg, as well as the cleartext or +- * ciphertext. The cleartext and ciphertext should be in host order. +- * +- * NOTE-- the output is ALWAYS an multiple of 8 bytes long. If not +- * enough space was provided, your program will get trashed. +- * +- * For encryption, the cleartext string is null padded, at the end, to +- * an integral multiple of eight bytes. +- * +- * For decryption, the ciphertext will be used in integral multiples +- * of 8 bytes, but only the first "length" bytes returned into the +- * cleartext. +- */ +- +-const mit_des_cblock mit_des_zeroblock /* = all zero */; +- +-static void +-des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, +- unsigned long length, const mit_des_key_schedule schedule, +- const mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- unsigned char *op; +- +- /* +- * Get key pointer here. This won't need to be reinitialized +- */ +- kp = (const unsigned DES_INT32 *)schedule; +- +- /* +- * Initialize left and right with the contents of the initial +- * vector. +- */ +- ip = ivec; +- GET_HALF_BLOCK(left, ip); +- GET_HALF_BLOCK(right, ip); +- +- /* +- * Suitably initialized, now work the length down 8 bytes +- * at a time. +- */ +- ip = *in; +- op = *out; +- while (length > 0) { +- /* +- * Get more input, xor it in. If the length is +- * greater than or equal to 8 this is straight +- * forward. Otherwise we have to fart around. +- */ +- if (length >= 8) { +- unsigned DES_INT32 temp; +- GET_HALF_BLOCK(temp, ip); +- left ^= temp; +- GET_HALF_BLOCK(temp, ip); +- right ^= temp; +- length -= 8; +- } else { +- /* +- * Oh, shoot. We need to pad the +- * end with zeroes. Work backwards +- * to do this. +- */ +- ip += (int) length; +- switch(length) { +- case 7: +- right ^= (*(--ip) & FF_UINT32) << 8; +- case 6: +- right ^= (*(--ip) & FF_UINT32) << 16; +- case 5: +- right ^= (*(--ip) & FF_UINT32) << 24; +- case 4: +- left ^= *(--ip) & FF_UINT32; +- case 3: +- left ^= (*(--ip) & FF_UINT32) << 8; +- case 2: +- left ^= (*(--ip) & FF_UINT32) << 16; +- case 1: +- left ^= (*(--ip) & FF_UINT32) << 24; +- break; +- } +- length = 0; +- } +- +- /* +- * Encrypt what we have +- */ +- DES_DO_ENCRYPT(left, right, kp); +- +- /* +- * Copy the results out +- */ +- PUT_HALF_BLOCK(left, op); +- PUT_HALF_BLOCK(right, op); +- } +-} +- +-static void +-des_cbc_decrypt(const mit_des_cblock *in, mit_des_cblock *out, +- unsigned long length, const mit_des_key_schedule schedule, +- const mit_des_cblock ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- unsigned char *op; +- unsigned DES_INT32 ocipherl, ocipherr; +- unsigned DES_INT32 cipherl, cipherr; +- +- /* +- * Get key pointer here. This won't need to be reinitialized +- */ +- kp = (const unsigned DES_INT32 *)schedule; +- +- /* +- * Decrypting is harder than encrypting because of +- * the necessity of remembering a lot more things. +- * Should think about this a little more... +- */ +- +- if (length <= 0) +- return; +- +- /* +- * Prime the old cipher with ivec. +- */ +- ip = ivec; +- GET_HALF_BLOCK(ocipherl, ip); +- GET_HALF_BLOCK(ocipherr, ip); +- +- /* +- * Now do this in earnest until we run out of length. +- */ +- ip = *in; +- op = *out; +- for (;;) { /* check done inside loop */ +- /* +- * Read a block from the input into left and +- * right. Save this cipher block for later. +- */ +- GET_HALF_BLOCK(left, ip); +- GET_HALF_BLOCK(right, ip); +- cipherl = left; +- cipherr = right; +- +- /* +- * Decrypt this. +- */ +- DES_DO_DECRYPT(left, right, kp); +- +- /* +- * Xor with the old cipher to get plain +- * text. Output 8 or less bytes of this. +- */ +- left ^= ocipherl; +- right ^= ocipherr; +- if (length > 8) { +- length -= 8; +- PUT_HALF_BLOCK(left, op); +- PUT_HALF_BLOCK(right, op); +- /* +- * Save current cipher block here +- */ +- ocipherl = cipherl; +- ocipherr = cipherr; +- } else { +- /* +- * Trouble here. Start at end of output, +- * work backwards. +- */ +- op += (int) length; +- switch(length) { +- case 8: +- *(--op) = (unsigned char) (right & 0xff); +- case 7: +- *(--op) = (unsigned char) ((right >> 8) & 0xff); +- case 6: +- *(--op) = (unsigned char) ((right >> 16) & 0xff); +- case 5: +- *(--op) = (unsigned char) ((right >> 24) & 0xff); +- case 4: +- *(--op) = (unsigned char) (left & 0xff); +- case 3: +- *(--op) = (unsigned char) ((left >> 8) & 0xff); +- case 2: +- *(--op) = (unsigned char) ((left >> 16) & 0xff); +- case 1: +- *(--op) = (unsigned char) ((left >> 24) & 0xff); +- break; +- } +- break; /* we're done */ +- } +- } +-} +- +-int +-mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, +- unsigned long length, const mit_des_key_schedule schedule, +- const mit_des_cblock ivec, int enc) +-{ +- /* +- * Deal with encryption and decryption separately. +- */ +- if (enc) +- des_cbc_encrypt(in, out, length, schedule, ivec); +- else +- des_cbc_decrypt(in, out, length, schedule, ivec); +- return 0; +-} +diff --git a/src/lib/crypto/builtin/des/f_cksum.c b/src/lib/crypto/builtin/des/f_cksum.c +deleted file mode 100644 +index cb482b009..000000000 +--- a/src/lib/crypto/builtin/des/f_cksum.c ++++ /dev/null +@@ -1,136 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/f_cksum.c */ +-/* +- * Copyright (C) 1990 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* DES implementation donated by Dennis Ferguson */ +- +-/* +- * des_cbc_cksum.c - compute an 8 byte checksum using DES in CBC mode +- */ +-#include "des_int.h" +-#include "f_tables.h" +- +-/* +- * This routine performs DES cipher-block-chaining checksum operation, +- * a.k.a. Message Authentication Code. It ALWAYS encrypts from input +- * to a single 64 bit output MAC checksum. +- * +- * The key schedule is passed as an arg, as well as the cleartext or +- * ciphertext. The cleartext and ciphertext should be in host order. +- * +- * NOTE-- the output is ALWAYS 8 bytes long. If not enough space was +- * provided, your program will get trashed. +- * +- * The input is null padded, at the end (highest addr), to an integral +- * multiple of eight bytes. +- */ +- +-unsigned long +-mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out, +- unsigned long length, const mit_des_key_schedule schedule, +- const krb5_octet *ivec) +-{ +- unsigned DES_INT32 left, right; +- const unsigned DES_INT32 *kp; +- const unsigned char *ip; +- unsigned char *op; +- DES_INT32 len; +- +- /* +- * Initialize left and right with the contents of the initial +- * vector. +- */ +- ip = ivec; +- GET_HALF_BLOCK(left, ip); +- GET_HALF_BLOCK(right, ip); +- +- /* +- * Suitably initialized, now work the length down 8 bytes +- * at a time. +- */ +- ip = in; +- len = length; +- while (len > 0) { +- /* +- * Get more input, xor it in. If the length is +- * greater than or equal to 8 this is straight +- * forward. Otherwise we have to fart around. +- */ +- if (len >= 8) { +- unsigned DES_INT32 temp; +- GET_HALF_BLOCK(temp, ip); +- left ^= temp; +- GET_HALF_BLOCK(temp, ip); +- right ^= temp; +- len -= 8; +- } else { +- /* +- * Oh, shoot. We need to pad the +- * end with zeroes. Work backwards +- * to do this. +- */ +- ip += (int) len; +- switch(len) { +- case 7: +- right ^= (*(--ip) & FF_UINT32) << 8; +- case 6: +- right ^= (*(--ip) & FF_UINT32) << 16; +- case 5: +- right ^= (*(--ip) & FF_UINT32) << 24; +- case 4: +- left ^= *(--ip) & FF_UINT32; +- case 3: +- left ^= (*(--ip) & FF_UINT32) << 8; +- case 2: +- left ^= (*(--ip) & FF_UINT32) << 16; +- case 1: +- left ^= (*(--ip) & FF_UINT32) << 24; +- break; +- } +- len = 0; +- } +- +- /* +- * Encrypt what we have +- */ +- kp = (const unsigned DES_INT32 *)schedule; +- DES_DO_ENCRYPT(left, right, kp); +- } +- +- /* +- * Done. Left and right have the checksum. Put it into +- * the output. +- */ +- op = out; +- PUT_HALF_BLOCK(left, op); +- PUT_HALF_BLOCK(right, op); +- +- /* +- * Return right. I'll bet the MIT code returns this +- * inconsistantly (with the low order byte of the checksum +- * not always in the low order byte of the DES_INT32). We won't. +- */ +- return right & 0xFFFFFFFFUL; +-} +diff --git a/src/lib/crypto/builtin/des/f_parity.c b/src/lib/crypto/builtin/des/f_parity.c +deleted file mode 100644 +index 460b5061b..000000000 +--- a/src/lib/crypto/builtin/des/f_parity.c ++++ /dev/null +@@ -1,56 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * These routines check and fix parity of encryption keys for the DES +- * algorithm. +- * +- * They are a replacement for routines in key_parity.c, that don't require +- * the table building that they do. +- * +- * Mark Eichin -- Cygnus Support +- */ +- +- +-#include "des_int.h" +- +-/* +- * des_fixup_key_parity: Forces odd parity per byte; parity is bits +- * 8,16,...64 in des order, implies 0, 8, 16, ... +- * vax order. +- */ +-#define smask(step) ((1<>step)&smask(step))) +-#define parity_char(x) pstep(pstep(pstep((x),4),2),1) +- +-void +-mit_des_fixup_key_parity(mit_des_cblock key) +-{ +- unsigned int i; +- for (i=0; i> 29) & 0x7] +- | (PC1_CL[(tmp >> 21) & 0x7] << 1) +- | (PC1_CL[(tmp >> 13) & 0x7] << 2) +- | (PC1_CL[(tmp >> 5) & 0x7] << 3); +- d = PC1_DL[(tmp >> 25) & 0xf] +- | (PC1_DL[(tmp >> 17) & 0xf] << 1) +- | (PC1_DL[(tmp >> 9) & 0xf] << 2) +- | (PC1_DL[(tmp >> 1) & 0xf] << 3); +- +- tmp = load_32_be(k), k += 4; +- +- c |= PC1_CR[(tmp >> 28) & 0xf] +- | (PC1_CR[(tmp >> 20) & 0xf] << 1) +- | (PC1_CR[(tmp >> 12) & 0xf] << 2) +- | (PC1_CR[(tmp >> 4) & 0xf] << 3); +- d |= PC1_DR[(tmp >> 25) & 0x7] +- | (PC1_DR[(tmp >> 17) & 0x7] << 1) +- | (PC1_DR[(tmp >> 9) & 0x7] << 2) +- | (PC1_DR[(tmp >> 1) & 0x7] << 3); +- } +- +- { +- /* +- * Need several temporaries in here +- */ +- unsigned DES_INT32 ltmp, rtmp; +- unsigned DES_INT32 *k; +- int two_bit_shifts; +- int i; +- /* +- * Now iterate to compute the key schedule. Note that we +- * record the entire set of subkeys in 6 bit chunks since +- * they are used that way. At 6 bits/char, we need +- * 48/6 char's/subkey * 16 subkeys/encryption == 128 bytes. +- * The schedule must be this big. +- */ +- k = (unsigned DES_INT32 *)schedule; +- two_bit_shifts = TWO_BIT_SHIFTS; +- for (i = 16; i > 0; i--) { +- /* +- * Do the rotation. One bit and two bit rotations +- * are done separately. Note C and D are 28 bits. +- */ +- if (two_bit_shifts & 0x1) { +- c = ((c << 2) & 0xffffffc) | (c >> 26); +- d = ((d << 2) & 0xffffffc) | (d >> 26); +- } else { +- c = ((c << 1) & 0xffffffe) | (c >> 27); +- d = ((d << 1) & 0xffffffe) | (d >> 27); +- } +- two_bit_shifts >>= 1; +- +- /* +- * Apply permutted choice 2 to C to get the first +- * 24 bits worth of keys. Note that bits 9, 18, 22 +- * and 25 (using DES numbering) in C are unused. The +- * shift-mask stuff is done to delete these bits from +- * the indices, since this cuts the table size in half. +- * +- * The table is torqued, by the way. If the standard +- * byte order for this (high to low order) is 1234, +- * the table actually gives us 4132. +- */ +- ltmp = PC2_C[0][((c >> 22) & 0x3f)] +- | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)] +- | PC2_C[2][((c >> 4) & 0x3) | ((c >> 9) & 0x3c)] +- | PC2_C[3][((c ) & 0x7) | ((c >> 4) & 0x38)]; +- /* +- * Apply permutted choice 2 to D to get the other half. +- * Here, bits 7, 10, 15 and 26 go unused. The sqeezing +- * actually turns out to be cheaper here. +- * +- * This table is similarly torqued. If the standard +- * byte order is 5678, the table has the bytes permuted +- * to give us 7685. +- */ +- rtmp = PC2_D[0][((d >> 22) & 0x3f)] +- | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)] +- | PC2_D[2][((d >> 7) & 0x3f)] +- | PC2_D[3][((d ) & 0x3) | ((d >> 1) & 0x3c)]; +- +- /* +- * Make up two words of the key schedule, with a +- * byte order which is convenient for the DES +- * inner loop. The high order (first) word will +- * hold bytes 7135 (high to low order) while the +- * second holds bytes 4682. +- */ +- *k++ = (ltmp & 0x00ffff00) | (rtmp & 0xff0000ff); +- *k++ = (ltmp & 0xff0000ff) | (rtmp & 0x00ffff00); +- } +- } +- return (0); +-} +diff --git a/src/lib/crypto/builtin/des/f_tables.c b/src/lib/crypto/builtin/des/f_tables.c +deleted file mode 100644 +index 6308cb0d5..000000000 +--- a/src/lib/crypto/builtin/des/f_tables.c ++++ /dev/null +@@ -1,370 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/f_tables.c */ +-/* +- * Copyright (C) 1990 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* DES implementation donated by Dennis Ferguson */ +- +-/* +- * des_tables.c - precomputed tables used for the DES cipher function +- */ +- +-/* +- * Include the header file so something will complain if the +- * declarations get out of sync +- */ +-#include "des_int.h" +-#include "f_tables.h" +- +-/* +- * These tables may be declared const if you want. Many compilers +- * don't support this, though. +- */ +- +-/* +- * The DES algorithm which uses these is intended to be fairly speedy +- * at the expense of some memory. All the standard hacks are used. +- * The S boxes and the P permutation are precomputed into one table. +- * The E box never actually appears explicitly since it is easy to apply +- * this algorithmically as needed. The initial permutation and final +- * (inverse initial) permutation are computed from tables designed to +- * permute one byte at a time. This should run pretty fast on machines +- * with 32 bit words and bit field/multiple bit shift instructions which +- * are fast. +- */ +- +-/* +- * The initial permutation array. This is used to compute both the +- * left and the right halves of the initial permutation using bytes +- * from words made from the following operations: +- * +- * ((left & 0x55555555) << 1) | (right & 0x55555555) for left half +- * (left & 0xaaaaaaaa) | ((right & 0xaaaaaaaa) >> 1) for right half +- * +- * The scheme is that we index into the table using each byte. The +- * result from the high order byte is or'd with the result from the +- * next byte shifted left once is or'd with the result from the next +- * byte shifted left twice if or'd with the result from the low order +- * byte shifted left by three. Clear? +- */ +- +-const unsigned DES_INT32 des_IP_table[256] = { +- 0x00000000, 0x00000010, 0x00000001, 0x00000011, +- 0x00001000, 0x00001010, 0x00001001, 0x00001011, +- 0x00000100, 0x00000110, 0x00000101, 0x00000111, +- 0x00001100, 0x00001110, 0x00001101, 0x00001111, +- 0x00100000, 0x00100010, 0x00100001, 0x00100011, +- 0x00101000, 0x00101010, 0x00101001, 0x00101011, +- 0x00100100, 0x00100110, 0x00100101, 0x00100111, +- 0x00101100, 0x00101110, 0x00101101, 0x00101111, +- 0x00010000, 0x00010010, 0x00010001, 0x00010011, +- 0x00011000, 0x00011010, 0x00011001, 0x00011011, +- 0x00010100, 0x00010110, 0x00010101, 0x00010111, +- 0x00011100, 0x00011110, 0x00011101, 0x00011111, +- 0x00110000, 0x00110010, 0x00110001, 0x00110011, +- 0x00111000, 0x00111010, 0x00111001, 0x00111011, +- 0x00110100, 0x00110110, 0x00110101, 0x00110111, +- 0x00111100, 0x00111110, 0x00111101, 0x00111111, +- 0x10000000, 0x10000010, 0x10000001, 0x10000011, +- 0x10001000, 0x10001010, 0x10001001, 0x10001011, +- 0x10000100, 0x10000110, 0x10000101, 0x10000111, +- 0x10001100, 0x10001110, 0x10001101, 0x10001111, +- 0x10100000, 0x10100010, 0x10100001, 0x10100011, +- 0x10101000, 0x10101010, 0x10101001, 0x10101011, +- 0x10100100, 0x10100110, 0x10100101, 0x10100111, +- 0x10101100, 0x10101110, 0x10101101, 0x10101111, +- 0x10010000, 0x10010010, 0x10010001, 0x10010011, +- 0x10011000, 0x10011010, 0x10011001, 0x10011011, +- 0x10010100, 0x10010110, 0x10010101, 0x10010111, +- 0x10011100, 0x10011110, 0x10011101, 0x10011111, +- 0x10110000, 0x10110010, 0x10110001, 0x10110011, +- 0x10111000, 0x10111010, 0x10111001, 0x10111011, +- 0x10110100, 0x10110110, 0x10110101, 0x10110111, +- 0x10111100, 0x10111110, 0x10111101, 0x10111111, +- 0x01000000, 0x01000010, 0x01000001, 0x01000011, +- 0x01001000, 0x01001010, 0x01001001, 0x01001011, +- 0x01000100, 0x01000110, 0x01000101, 0x01000111, +- 0x01001100, 0x01001110, 0x01001101, 0x01001111, +- 0x01100000, 0x01100010, 0x01100001, 0x01100011, +- 0x01101000, 0x01101010, 0x01101001, 0x01101011, +- 0x01100100, 0x01100110, 0x01100101, 0x01100111, +- 0x01101100, 0x01101110, 0x01101101, 0x01101111, +- 0x01010000, 0x01010010, 0x01010001, 0x01010011, +- 0x01011000, 0x01011010, 0x01011001, 0x01011011, +- 0x01010100, 0x01010110, 0x01010101, 0x01010111, +- 0x01011100, 0x01011110, 0x01011101, 0x01011111, +- 0x01110000, 0x01110010, 0x01110001, 0x01110011, +- 0x01111000, 0x01111010, 0x01111001, 0x01111011, +- 0x01110100, 0x01110110, 0x01110101, 0x01110111, +- 0x01111100, 0x01111110, 0x01111101, 0x01111111, +- 0x11000000, 0x11000010, 0x11000001, 0x11000011, +- 0x11001000, 0x11001010, 0x11001001, 0x11001011, +- 0x11000100, 0x11000110, 0x11000101, 0x11000111, +- 0x11001100, 0x11001110, 0x11001101, 0x11001111, +- 0x11100000, 0x11100010, 0x11100001, 0x11100011, +- 0x11101000, 0x11101010, 0x11101001, 0x11101011, +- 0x11100100, 0x11100110, 0x11100101, 0x11100111, +- 0x11101100, 0x11101110, 0x11101101, 0x11101111, +- 0x11010000, 0x11010010, 0x11010001, 0x11010011, +- 0x11011000, 0x11011010, 0x11011001, 0x11011011, +- 0x11010100, 0x11010110, 0x11010101, 0x11010111, +- 0x11011100, 0x11011110, 0x11011101, 0x11011111, +- 0x11110000, 0x11110010, 0x11110001, 0x11110011, +- 0x11111000, 0x11111010, 0x11111001, 0x11111011, +- 0x11110100, 0x11110110, 0x11110101, 0x11110111, +- 0x11111100, 0x11111110, 0x11111101, 0x11111111 +-}; +- +-/* +- * The final permutation array. Like the IP array, used +- * to compute both the left and right results from the bytes +- * of words computed from: +- * +- * ((left & 0x0f0f0f0f) << 4) | (right & 0x0f0f0f0f) for left result +- * (left & 0xf0f0f0f0) | ((right & 0xf0f0f0f0) >> 4) for right result +- * +- * The result from the high order byte is shifted left 6 bits and +- * or'd with the result from the next byte shifted left 4 bits, which +- * is or'd with the result from the next byte shifted left 2 bits, +- * which is or'd with the result from the low byte. +- */ +-const unsigned DES_INT32 des_FP_table[256] = { +- 0x00000000, 0x02000000, 0x00020000, 0x02020000, +- 0x00000200, 0x02000200, 0x00020200, 0x02020200, +- 0x00000002, 0x02000002, 0x00020002, 0x02020002, +- 0x00000202, 0x02000202, 0x00020202, 0x02020202, +- 0x01000000, 0x03000000, 0x01020000, 0x03020000, +- 0x01000200, 0x03000200, 0x01020200, 0x03020200, +- 0x01000002, 0x03000002, 0x01020002, 0x03020002, +- 0x01000202, 0x03000202, 0x01020202, 0x03020202, +- 0x00010000, 0x02010000, 0x00030000, 0x02030000, +- 0x00010200, 0x02010200, 0x00030200, 0x02030200, +- 0x00010002, 0x02010002, 0x00030002, 0x02030002, +- 0x00010202, 0x02010202, 0x00030202, 0x02030202, +- 0x01010000, 0x03010000, 0x01030000, 0x03030000, +- 0x01010200, 0x03010200, 0x01030200, 0x03030200, +- 0x01010002, 0x03010002, 0x01030002, 0x03030002, +- 0x01010202, 0x03010202, 0x01030202, 0x03030202, +- 0x00000100, 0x02000100, 0x00020100, 0x02020100, +- 0x00000300, 0x02000300, 0x00020300, 0x02020300, +- 0x00000102, 0x02000102, 0x00020102, 0x02020102, +- 0x00000302, 0x02000302, 0x00020302, 0x02020302, +- 0x01000100, 0x03000100, 0x01020100, 0x03020100, +- 0x01000300, 0x03000300, 0x01020300, 0x03020300, +- 0x01000102, 0x03000102, 0x01020102, 0x03020102, +- 0x01000302, 0x03000302, 0x01020302, 0x03020302, +- 0x00010100, 0x02010100, 0x00030100, 0x02030100, +- 0x00010300, 0x02010300, 0x00030300, 0x02030300, +- 0x00010102, 0x02010102, 0x00030102, 0x02030102, +- 0x00010302, 0x02010302, 0x00030302, 0x02030302, +- 0x01010100, 0x03010100, 0x01030100, 0x03030100, +- 0x01010300, 0x03010300, 0x01030300, 0x03030300, +- 0x01010102, 0x03010102, 0x01030102, 0x03030102, +- 0x01010302, 0x03010302, 0x01030302, 0x03030302, +- 0x00000001, 0x02000001, 0x00020001, 0x02020001, +- 0x00000201, 0x02000201, 0x00020201, 0x02020201, +- 0x00000003, 0x02000003, 0x00020003, 0x02020003, +- 0x00000203, 0x02000203, 0x00020203, 0x02020203, +- 0x01000001, 0x03000001, 0x01020001, 0x03020001, +- 0x01000201, 0x03000201, 0x01020201, 0x03020201, +- 0x01000003, 0x03000003, 0x01020003, 0x03020003, +- 0x01000203, 0x03000203, 0x01020203, 0x03020203, +- 0x00010001, 0x02010001, 0x00030001, 0x02030001, +- 0x00010201, 0x02010201, 0x00030201, 0x02030201, +- 0x00010003, 0x02010003, 0x00030003, 0x02030003, +- 0x00010203, 0x02010203, 0x00030203, 0x02030203, +- 0x01010001, 0x03010001, 0x01030001, 0x03030001, +- 0x01010201, 0x03010201, 0x01030201, 0x03030201, +- 0x01010003, 0x03010003, 0x01030003, 0x03030003, +- 0x01010203, 0x03010203, 0x01030203, 0x03030203, +- 0x00000101, 0x02000101, 0x00020101, 0x02020101, +- 0x00000301, 0x02000301, 0x00020301, 0x02020301, +- 0x00000103, 0x02000103, 0x00020103, 0x02020103, +- 0x00000303, 0x02000303, 0x00020303, 0x02020303, +- 0x01000101, 0x03000101, 0x01020101, 0x03020101, +- 0x01000301, 0x03000301, 0x01020301, 0x03020301, +- 0x01000103, 0x03000103, 0x01020103, 0x03020103, +- 0x01000303, 0x03000303, 0x01020303, 0x03020303, +- 0x00010101, 0x02010101, 0x00030101, 0x02030101, +- 0x00010301, 0x02010301, 0x00030301, 0x02030301, +- 0x00010103, 0x02010103, 0x00030103, 0x02030103, +- 0x00010303, 0x02010303, 0x00030303, 0x02030303, +- 0x01010101, 0x03010101, 0x01030101, 0x03030101, +- 0x01010301, 0x03010301, 0x01030301, 0x03030301, +- 0x01010103, 0x03010103, 0x01030103, 0x03030103, +- 0x01010303, 0x03010303, 0x01030303, 0x03030303 +-}; +- +- +-/* +- * The SP table is actually the S boxes and the P permutation +- * table combined. This table is actually reordered from the +- * spec, to match the order of key application we follow. +- */ +-const unsigned DES_INT32 des_SP_table[8][64] = { +- { +- 0x00100000, 0x02100001, 0x02000401, 0x00000000, /* 7 */ +- 0x00000400, 0x02000401, 0x00100401, 0x02100400, +- 0x02100401, 0x00100000, 0x00000000, 0x02000001, +- 0x00000001, 0x02000000, 0x02100001, 0x00000401, +- 0x02000400, 0x00100401, 0x00100001, 0x02000400, +- 0x02000001, 0x02100000, 0x02100400, 0x00100001, +- 0x02100000, 0x00000400, 0x00000401, 0x02100401, +- 0x00100400, 0x00000001, 0x02000000, 0x00100400, +- 0x02000000, 0x00100400, 0x00100000, 0x02000401, +- 0x02000401, 0x02100001, 0x02100001, 0x00000001, +- 0x00100001, 0x02000000, 0x02000400, 0x00100000, +- 0x02100400, 0x00000401, 0x00100401, 0x02100400, +- 0x00000401, 0x02000001, 0x02100401, 0x02100000, +- 0x00100400, 0x00000000, 0x00000001, 0x02100401, +- 0x00000000, 0x00100401, 0x02100000, 0x00000400, +- 0x02000001, 0x02000400, 0x00000400, 0x00100001, +- }, +- { +- 0x00808200, 0x00000000, 0x00008000, 0x00808202, /* 1 */ +- 0x00808002, 0x00008202, 0x00000002, 0x00008000, +- 0x00000200, 0x00808200, 0x00808202, 0x00000200, +- 0x00800202, 0x00808002, 0x00800000, 0x00000002, +- 0x00000202, 0x00800200, 0x00800200, 0x00008200, +- 0x00008200, 0x00808000, 0x00808000, 0x00800202, +- 0x00008002, 0x00800002, 0x00800002, 0x00008002, +- 0x00000000, 0x00000202, 0x00008202, 0x00800000, +- 0x00008000, 0x00808202, 0x00000002, 0x00808000, +- 0x00808200, 0x00800000, 0x00800000, 0x00000200, +- 0x00808002, 0x00008000, 0x00008200, 0x00800002, +- 0x00000200, 0x00000002, 0x00800202, 0x00008202, +- 0x00808202, 0x00008002, 0x00808000, 0x00800202, +- 0x00800002, 0x00000202, 0x00008202, 0x00808200, +- 0x00000202, 0x00800200, 0x00800200, 0x00000000, +- 0x00008002, 0x00008200, 0x00000000, 0x00808002, +- }, +- { +- 0x00000104, 0x04010100, 0x00000000, 0x04010004, /* 3 */ +- 0x04000100, 0x00000000, 0x00010104, 0x04000100, +- 0x00010004, 0x04000004, 0x04000004, 0x00010000, +- 0x04010104, 0x00010004, 0x04010000, 0x00000104, +- 0x04000000, 0x00000004, 0x04010100, 0x00000100, +- 0x00010100, 0x04010000, 0x04010004, 0x00010104, +- 0x04000104, 0x00010100, 0x00010000, 0x04000104, +- 0x00000004, 0x04010104, 0x00000100, 0x04000000, +- 0x04010100, 0x04000000, 0x00010004, 0x00000104, +- 0x00010000, 0x04010100, 0x04000100, 0x00000000, +- 0x00000100, 0x00010004, 0x04010104, 0x04000100, +- 0x04000004, 0x00000100, 0x00000000, 0x04010004, +- 0x04000104, 0x00010000, 0x04000000, 0x04010104, +- 0x00000004, 0x00010104, 0x00010100, 0x04000004, +- 0x04010000, 0x04000104, 0x00000104, 0x04010000, +- 0x00010104, 0x00000004, 0x04010004, 0x00010100, +- }, +- { +- 0x00000080, 0x01040080, 0x01040000, 0x21000080, /* 5 */ +- 0x00040000, 0x00000080, 0x20000000, 0x01040000, +- 0x20040080, 0x00040000, 0x01000080, 0x20040080, +- 0x21000080, 0x21040000, 0x00040080, 0x20000000, +- 0x01000000, 0x20040000, 0x20040000, 0x00000000, +- 0x20000080, 0x21040080, 0x21040080, 0x01000080, +- 0x21040000, 0x20000080, 0x00000000, 0x21000000, +- 0x01040080, 0x01000000, 0x21000000, 0x00040080, +- 0x00040000, 0x21000080, 0x00000080, 0x01000000, +- 0x20000000, 0x01040000, 0x21000080, 0x20040080, +- 0x01000080, 0x20000000, 0x21040000, 0x01040080, +- 0x20040080, 0x00000080, 0x01000000, 0x21040000, +- 0x21040080, 0x00040080, 0x21000000, 0x21040080, +- 0x01040000, 0x00000000, 0x20040000, 0x21000000, +- 0x00040080, 0x01000080, 0x20000080, 0x00040000, +- 0x00000000, 0x20040000, 0x01040080, 0x20000080, +- }, +- { +- 0x80401000, 0x80001040, 0x80001040, 0x00000040, /* 4 */ +- 0x00401040, 0x80400040, 0x80400000, 0x80001000, +- 0x00000000, 0x00401000, 0x00401000, 0x80401040, +- 0x80000040, 0x00000000, 0x00400040, 0x80400000, +- 0x80000000, 0x00001000, 0x00400000, 0x80401000, +- 0x00000040, 0x00400000, 0x80001000, 0x00001040, +- 0x80400040, 0x80000000, 0x00001040, 0x00400040, +- 0x00001000, 0x00401040, 0x80401040, 0x80000040, +- 0x00400040, 0x80400000, 0x00401000, 0x80401040, +- 0x80000040, 0x00000000, 0x00000000, 0x00401000, +- 0x00001040, 0x00400040, 0x80400040, 0x80000000, +- 0x80401000, 0x80001040, 0x80001040, 0x00000040, +- 0x80401040, 0x80000040, 0x80000000, 0x00001000, +- 0x80400000, 0x80001000, 0x00401040, 0x80400040, +- 0x80001000, 0x00001040, 0x00400000, 0x80401000, +- 0x00000040, 0x00400000, 0x00001000, 0x00401040, +- }, +- { +- 0x10000008, 0x10200000, 0x00002000, 0x10202008, /* 6 */ +- 0x10200000, 0x00000008, 0x10202008, 0x00200000, +- 0x10002000, 0x00202008, 0x00200000, 0x10000008, +- 0x00200008, 0x10002000, 0x10000000, 0x00002008, +- 0x00000000, 0x00200008, 0x10002008, 0x00002000, +- 0x00202000, 0x10002008, 0x00000008, 0x10200008, +- 0x10200008, 0x00000000, 0x00202008, 0x10202000, +- 0x00002008, 0x00202000, 0x10202000, 0x10000000, +- 0x10002000, 0x00000008, 0x10200008, 0x00202000, +- 0x10202008, 0x00200000, 0x00002008, 0x10000008, +- 0x00200000, 0x10002000, 0x10000000, 0x00002008, +- 0x10000008, 0x10202008, 0x00202000, 0x10200000, +- 0x00202008, 0x10202000, 0x00000000, 0x10200008, +- 0x00000008, 0x00002000, 0x10200000, 0x00202008, +- 0x00002000, 0x00200008, 0x10002008, 0x00000000, +- 0x10202000, 0x10000000, 0x00200008, 0x10002008, +- }, +- { +- 0x08000820, 0x00000800, 0x00020000, 0x08020820, /* 8 */ +- 0x08000000, 0x08000820, 0x00000020, 0x08000000, +- 0x00020020, 0x08020000, 0x08020820, 0x00020800, +- 0x08020800, 0x00020820, 0x00000800, 0x00000020, +- 0x08020000, 0x08000020, 0x08000800, 0x00000820, +- 0x00020800, 0x00020020, 0x08020020, 0x08020800, +- 0x00000820, 0x00000000, 0x00000000, 0x08020020, +- 0x08000020, 0x08000800, 0x00020820, 0x00020000, +- 0x00020820, 0x00020000, 0x08020800, 0x00000800, +- 0x00000020, 0x08020020, 0x00000800, 0x00020820, +- 0x08000800, 0x00000020, 0x08000020, 0x08020000, +- 0x08020020, 0x08000000, 0x00020000, 0x08000820, +- 0x00000000, 0x08020820, 0x00020020, 0x08000020, +- 0x08020000, 0x08000800, 0x08000820, 0x00000000, +- 0x08020820, 0x00020800, 0x00020800, 0x00000820, +- 0x00000820, 0x00020020, 0x08000000, 0x08020800, +- }, +- { +- 0x40084010, 0x40004000, 0x00004000, 0x00084010, /* 2 */ +- 0x00080000, 0x00000010, 0x40080010, 0x40004010, +- 0x40000010, 0x40084010, 0x40084000, 0x40000000, +- 0x40004000, 0x00080000, 0x00000010, 0x40080010, +- 0x00084000, 0x00080010, 0x40004010, 0x00000000, +- 0x40000000, 0x00004000, 0x00084010, 0x40080000, +- 0x00080010, 0x40000010, 0x00000000, 0x00084000, +- 0x00004010, 0x40084000, 0x40080000, 0x00004010, +- 0x00000000, 0x00084010, 0x40080010, 0x00080000, +- 0x40004010, 0x40080000, 0x40084000, 0x00004000, +- 0x40080000, 0x40004000, 0x00000010, 0x40084010, +- 0x00084010, 0x00000010, 0x00004000, 0x40000000, +- 0x00004010, 0x40084000, 0x00080000, 0x40000010, +- 0x00080010, 0x40004010, 0x40000010, 0x00080010, +- 0x00084000, 0x00000000, 0x40004000, 0x00004010, +- 0x40000000, 0x40080010, 0x40084010, 0x00084000 +- }, +-}; +diff --git a/src/lib/crypto/builtin/des/f_tables.h b/src/lib/crypto/builtin/des/f_tables.h +deleted file mode 100644 +index fc91b566c..000000000 +--- a/src/lib/crypto/builtin/des/f_tables.h ++++ /dev/null +@@ -1,285 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/f_tables.h */ +-/* +- * Copyright (C) 1990 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* +- * DES implementation donated by Dennis Ferguson +- */ +- +-/* +- * des_tables.h - declarations to import the DES tables, used internally +- * by some of the library routines. +- */ +-#ifndef __DES_TABLES_H__ +-#define __DES_TABLES_H__ /* nothing */ +- +-#include "k5-platform.h" +-/* +- * These may be declared const if you wish. Be sure to change the +- * declarations in des_tables.c as well. +- */ +-extern const unsigned DES_INT32 des_IP_table[256]; +-extern const unsigned DES_INT32 des_FP_table[256]; +-extern const unsigned DES_INT32 des_SP_table[8][64]; +- +-/* +- * Use standard shortforms to reference these to save typing +- */ +-#define IP des_IP_table +-#define FP des_FP_table +-#define SP des_SP_table +- +-#ifdef DEBUG +-#define DEB(foofraw) printf foofraw +-#else +-#define DEB(foofraw) /* nothing */ +-#endif +- +-/* +- * Code to do a DES round using the tables. Note that the E expansion +- * is easy to compute algorithmically, especially if done out-of-order. +- * Take a look at its form and compare it to everything involving temp +- * below. Since SP[0-7] don't have any bits in common set it is okay +- * to do the successive xor's. +- * +- * Note too that the SP table has been reordered to match the order of +- * the keys (if the original order of SP was 12345678, the reordered +- * table is 71354682). This is unnecessary, but was done since some +- * compilers seem to like you going through the matrix from beginning +- * to end. +- * +- * There is a difference in the best way to do this depending on whether +- * one is encrypting or decrypting. If encrypting we move forward through +- * the keys and hence should move forward through the table. If decrypting +- * we go back. Part of the need for this comes from trying to emulate +- * existing software which generates a single key schedule and uses it +- * both for encrypting and decrypting. Generating separate encryption +- * and decryption key schedules would allow one to use the same code +- * for both. +- * +- * left, right and temp should be unsigned DES_INT32 values. left and right +- * should be the high and low order parts of the cipher block at the +- * current stage of processing (this makes sense if you read the spec). +- * kp should be an unsigned DES_INT32 pointer which points at the current +- * set of subkeys in the key schedule. It is advanced to the next set +- * (i.e. by 8 bytes) when this is done. +- * +- * This occurs in the innermost loop of the DES function. The four +- * variables should really be in registers. +- * +- * When using this, the inner loop of the DES function might look like: +- * +- * for (i = 0; i < 8; i++) { +- * DES_SP_{EN,DE}CRYPT_ROUND(left, right, temp, kp); +- * DES_SP_{EN,DE}CRYPT_ROUND(right, left, temp, kp); +- * } +- * +- * Note the trick above. You are supposed to do 16 rounds, swapping +- * left and right at the end of each round. By doing two rounds at +- * a time and swapping left and right in the code we can avoid the +- * swaps altogether. +- */ +-#define DES_SP_ENCRYPT_ROUND(left, right, temp, kp) do { \ +- (temp) = (((right) >> 11) | ((right) << 21)) ^ *(kp)++; \ +- (left) ^= SP[0][((temp) >> 24) & 0x3f] \ +- | SP[1][((temp) >> 16) & 0x3f] \ +- | SP[2][((temp) >> 8) & 0x3f] \ +- | SP[3][((temp) ) & 0x3f]; \ +- (temp) = (((right) >> 23) | ((right) << 9)) ^ *(kp)++; \ +- (left) ^= SP[4][((temp) >> 24) & 0x3f] \ +- | SP[5][((temp) >> 16) & 0x3f] \ +- | SP[6][((temp) >> 8) & 0x3f] \ +- | SP[7][((temp) ) & 0x3f]; \ +- } while(0); +- +-#define DES_SP_DECRYPT_ROUND(left, right, temp, kp) do { \ +- (temp) = (((right) >> 23) | ((right) << 9)) ^ *(--(kp)); \ +- (left) ^= SP[7][((temp) ) & 0x3f] \ +- | SP[6][((temp) >> 8) & 0x3f] \ +- | SP[5][((temp) >> 16) & 0x3f] \ +- | SP[4][((temp) >> 24) & 0x3f]; \ +- (temp) = (((right) >> 11) | ((right) << 21)) ^ *(--(kp)); \ +- (left) ^= SP[3][((temp) ) & 0x3f] \ +- | SP[2][((temp) >> 8) & 0x3f] \ +- | SP[1][((temp) >> 16) & 0x3f] \ +- | SP[0][((temp) >> 24) & 0x3f]; \ +- } while (0); +- +-/* +- * Macros to help deal with the initial permutation table. Note +- * the IP table only deals with 32 bits at a time, allowing us to +- * collect the bits we need to deal with each half into an unsigned +- * DES_INT32. By carefully selecting how the bits are ordered we also +- * take advantages of symmetries in the table so that we can use a +- * single table to compute the permutation of all bytes. This sounds +- * complicated, but if you go through the process of designing the +- * table you'll find the symmetries fall right out. +- * +- * The follow macros compute the set of bits used to index the +- * table for produce the left and right permuted result. +- * +- * The inserted cast to unsigned DES_INT32 circumvents a bug in +- * the Macintosh MPW 3.2 C compiler which loses the unsignedness and +- * propagates the high-order bit in the shift. +- */ +-#define DES_IP_LEFT_BITS(left, right) \ +- ((((left) & 0x55555555) << 1) | ((right) & 0x55555555)) +-#define DES_IP_RIGHT_BITS(left, right) \ +- (((left) & 0xaaaaaaaa) | \ +- ( ( (unsigned DES_INT32) ((right) & 0xaaaaaaaa) ) >> 1)) +- +-/* +- * The following macro does an in-place initial permutation given +- * the current left and right parts of the block and a single +- * temporary. Use this more as a guide for rolling your own, though. +- * The best way to do the IP depends on the form of the data you +- * are dealing with. If you use this, though, try to make left, +- * right and temp unsigned DES_INT32s. +- */ +-#define DES_INITIAL_PERM(left, right, temp) do { \ +- (temp) = DES_IP_RIGHT_BITS((left), (right)); \ +- (right) = DES_IP_LEFT_BITS((left), (right)); \ +- (left) = IP[((right) >> 24) & 0xff] \ +- | (IP[((right) >> 16) & 0xff] << 1) \ +- | (IP[((right) >> 8) & 0xff] << 2) \ +- | (IP[(right) & 0xff] << 3); \ +- (right) = IP[((temp) >> 24) & 0xff] \ +- | (IP[((temp) >> 16) & 0xff] << 1) \ +- | (IP[((temp) >> 8) & 0xff] << 2) \ +- | (IP[(temp) & 0xff] << 3); \ +- } while(0); +- +-/* +- * Now the final permutation stuff. The same comments apply to +- * this as to the initial permutation, except that we use different +- * bits and shifts. +- * +- * The inserted cast to unsigned DES_INT32 circumvents a bug in +- * the Macintosh MPW 3.2 C compiler which loses the unsignedness and +- * propagates the high-order bit in the shift. +- */ +-#define DES_FP_LEFT_BITS(left, right) \ +- ((((left) & 0x0f0f0f0f) << 4) | ((right) & 0x0f0f0f0f)) +-#define DES_FP_RIGHT_BITS(left, right) \ +- (((left) & 0xf0f0f0f0) | \ +- ( ( (unsigned DES_INT32) ((right) & 0xf0f0f0f0) ) >> 4)) +- +- +-/* +- * Here is a sample final permutation. Note that there is a trick +- * here. DES requires swapping the left and right parts after the +- * last cipher round but before the final permutation. We do this +- * swapping internally, which is why left and right are confused +- * at the beginning. +- */ +-#define DES_FINAL_PERM(left, right, temp) do { \ +- (temp) = DES_FP_RIGHT_BITS((right), (left)); \ +- (right) = DES_FP_LEFT_BITS((right), (left)); \ +- (left) = (FP[((right) >> 24) & 0xff] << 6) \ +- | (FP[((right) >> 16) & 0xff] << 4) \ +- | (FP[((right) >> 8) & 0xff] << 2) \ +- | FP[(right) & 0xff]; \ +- (right) = (FP[((temp) >> 24) & 0xff] << 6) \ +- | (FP[((temp) >> 16) & 0xff] << 4) \ +- | (FP[((temp) >> 8) & 0xff] << 2) \ +- | FP[temp & 0xff]; \ +- } while(0); +- +- +-/* +- * Finally, as a sample of how all this might be held together, the +- * following two macros do in-place encryptions and decryptions. left +- * and right are two unsigned DES_INT32 variables which at the beginning +- * are expected to hold the clear (encrypted) block in host byte order +- * (left the high order four bytes, right the low order). At the end +- * they will contain the encrypted (clear) block. temp is an unsigned DES_INT32 +- * used as a temporary. kp is an unsigned DES_INT32 pointer pointing at +- * the start of the key schedule. All these should be in registers. +- * +- * You can probably do better than these by rewriting for particular +- * situations. These aren't bad, though. +- * +- * The DEB macros enable debugging when this code breaks (typically +- * when a buggy compiler breaks it), by printing the intermediate values +- * at each stage of the encryption, so that by comparing the output to +- * a known good machine, the location of the first error can be found. +- */ +-#define DES_DO_ENCRYPT_1(left, right, kp) \ +- do { \ +- int i; \ +- unsigned DES_INT32 temp1; \ +- DEB (("do_encrypt %8lX %8lX \n", left, right)); \ +- DES_INITIAL_PERM((left), (right), (temp1)); \ +- DEB ((" after IP %8lX %8lX\n", left, right)); \ +- for (i = 0; i < 8; i++) { \ +- DES_SP_ENCRYPT_ROUND((left), (right), (temp1), (kp)); \ +- DEB ((" round %2d %8lX %8lX \n", i*2, left, right)); \ +- DES_SP_ENCRYPT_ROUND((right), (left), (temp1), (kp)); \ +- DEB ((" round %2d %8lX %8lX \n", 1+i*2, left, right)); \ +- } \ +- DES_FINAL_PERM((left), (right), (temp1)); \ +- (kp) -= (2 * 16); \ +- DEB ((" after FP %8lX %8lX \n", left, right)); \ +- } while (0) +- +-#define DES_DO_DECRYPT_1(left, right, kp) \ +- do { \ +- int i; \ +- unsigned DES_INT32 temp2; \ +- DES_INITIAL_PERM((left), (right), (temp2)); \ +- (kp) += (2 * 16); \ +- for (i = 0; i < 8; i++) { \ +- DES_SP_DECRYPT_ROUND((left), (right), (temp2), (kp)); \ +- DES_SP_DECRYPT_ROUND((right), (left), (temp2), (kp)); \ +- } \ +- DES_FINAL_PERM((left), (right), (temp2)); \ +- } while (0) +- +-#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO) +-extern void krb5int_des_do_encrypt_2(unsigned DES_INT32 *l, +- unsigned DES_INT32 *r, +- const unsigned DES_INT32 *k); +-extern void krb5int_des_do_decrypt_2(unsigned DES_INT32 *l, +- unsigned DES_INT32 *r, +- const unsigned DES_INT32 *k); +-#define DES_DO_ENCRYPT(L,R,K) krb5int_des_do_encrypt_2(&(L), &(R), (K)) +-#define DES_DO_DECRYPT(L,R,K) krb5int_des_do_decrypt_2(&(L), &(R), (K)) +-#else +-#define DES_DO_ENCRYPT DES_DO_ENCRYPT_1 +-#define DES_DO_DECRYPT DES_DO_DECRYPT_1 +-#endif +- +-/* +- * These are handy dandy utility thingies for straightening out bytes. +- * Included here because they're used a couple of places. +- */ +-#define GET_HALF_BLOCK(lr, ip) ((lr) = load_32_be(ip), (ip) += 4) +-#define PUT_HALF_BLOCK(lr, op) (store_32_be(lr, op), (op) += 4) +- +-/* Shorthand that we'll need in several places, for creating values that +- really can hold 32 bits regardless of the prevailing int size. */ +-#define FF_UINT32 ((unsigned DES_INT32) 0xFF) +- +-#endif /* __DES_TABLES_H__ */ +diff --git a/src/lib/crypto/builtin/des/key_sched.c b/src/lib/crypto/builtin/des/key_sched.c +deleted file mode 100644 +index 87f02b6a9..000000000 +--- a/src/lib/crypto/builtin/des/key_sched.c ++++ /dev/null +@@ -1,62 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/key_sched.c */ +-/* +- * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute +- * of Technology. +- * All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* +- * This routine computes the DES key schedule given a key. The +- * permutations and shifts have been done at compile time, resulting +- * in a direct one-step mapping from the input key to the key +- * schedule. +- * +- * Also checks parity and weak keys. +- * +- * Watch out for the subscripts -- most effectively start at 1 instead +- * of at zero. Maybe some bugs in that area. +- * +- * In case the user wants to cache the computed key schedule, it is +- * passed as an arg. Also implies that caller has explicit control +- * over zeroing both the key schedule and the key. +- * +- * Originally written 6/85 by Steve Miller, MIT Project Athena. +- */ +- +-#include "k5-int.h" +-#include "des_int.h" +- +-int +-mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule) +-{ +- mit_des_make_key_sched(k,schedule); +- +- if (!mit_des_check_key_parity(k)) /* bad parity --> return -1 */ +- return(-1); +- +- if (mit_des_is_weak_key(k)) +- return(-2); +- +- /* if key was good, return 0 */ +- return 0; +-} +diff --git a/src/lib/crypto/builtin/des/keytest.data b/src/lib/crypto/builtin/des/keytest.data +deleted file mode 100644 +index 7ff34eedc..000000000 +--- a/src/lib/crypto/builtin/des/keytest.data ++++ /dev/null +@@ -1,171 +0,0 @@ +-0101010101010101 95F8A5E5DD31D900 8000000000000000 +-0101010101010101 DD7F121CA5015619 4000000000000000 +-0101010101010101 2E8653104F3834EA 2000000000000000 +-0101010101010101 4BD388FF6CD81D4F 1000000000000000 +-0101010101010101 20B9E767B2FB1456 0800000000000000 +-0101010101010101 55579380D77138EF 0400000000000000 +-0101010101010101 6CC5DEFAAF04512F 0200000000000000 +-0101010101010101 0D9F279BA5D87260 0100000000000000 +-0101010101010101 D9031B0271BD5A0A 0080000000000000 +-0101010101010101 424250B37C3DD951 0040000000000000 +-0101010101010101 B8061B7ECD9A21E5 0020000000000000 +-0101010101010101 F15D0F286B65BD28 0010000000000000 +-0101010101010101 ADD0CC8D6E5DEBA1 0008000000000000 +-0101010101010101 E6D5F82752AD63D1 0004000000000000 +-0101010101010101 ECBFE3BD3F591A5E 0002000000000000 +-0101010101010101 F356834379D165CD 0001000000000000 +-0101010101010101 2B9F982F20037FA9 0000800000000000 +-0101010101010101 889DE068A16F0BE6 0000400000000000 +-0101010101010101 E19E275D846A1298 0000200000000000 +-0101010101010101 329A8ED523D71AEC 0000100000000000 +-0101010101010101 E7FCE22557D23C97 0000080000000000 +-0101010101010101 12A9F5817FF2D65D 0000040000000000 +-0101010101010101 A484C3AD38DC9C19 0000020000000000 +-0101010101010101 FBE00A8A1EF8AD72 0000010000000000 +-0101010101010101 750D079407521363 0000008000000000 +-0101010101010101 64FEED9C724C2FAF 0000004000000000 +-0101010101010101 F02B263B328E2B60 0000002000000000 +-0101010101010101 9D64555A9A10B852 0000001000000000 +-0101010101010101 D106FF0BED5255D7 0000000800000000 +-0101010101010101 E1652C6B138C64A5 0000000400000000 +-0101010101010101 E428581186EC8F46 0000000200000000 +-0101010101010101 AEB5F5EDE22D1A36 0000000100000000 +-0101010101010101 E943D7568AEC0C5C 0000000080000000 +-0101010101010101 DF98C8276F54B04B 0000000040000000 +-0101010101010101 B160E4680F6C696F 0000000020000000 +-0101010101010101 FA0752B07D9C4AB8 0000000010000000 +-0101010101010101 CA3A2B036DBC8502 0000000008000000 +-0101010101010101 5E0905517BB59BCF 0000000004000000 +-0101010101010101 814EEB3B91D90726 0000000002000000 +-0101010101010101 4D49DB1532919C9F 0000000001000000 +-0101010101010101 25EB5FC3F8CF0621 0000000000800000 +-0101010101010101 AB6A20C0620D1C6F 0000000000400000 +-0101010101010101 79E90DBC98F92CCA 0000000000200000 +-0101010101010101 866ECEDD8072BB0E 0000000000100000 +-0101010101010101 8B54536F2F3E64A8 0000000000080000 +-0101010101010101 EA51D3975595B86B 0000000000040000 +-0101010101010101 CAFFC6AC4542DE31 0000000000020000 +-0101010101010101 8DD45A2DDF90796C 0000000000010000 +-0101010101010101 1029D55E880EC2D0 0000000000008000 +-0101010101010101 5D86CB23639DBEA9 0000000000004000 +-0101010101010101 1D1CA853AE7C0C5F 0000000000002000 +-0101010101010101 CE332329248F3228 0000000000001000 +-0101010101010101 8405D1ABE24FB942 0000000000000800 +-0101010101010101 E643D78090CA4207 0000000000000400 +-0101010101010101 48221B9937748A23 0000000000000200 +-0101010101010101 DD7C0BBD61FAFD54 0000000000000100 +-0101010101010101 2FBC291A570DB5C4 0000000000000080 +-0101010101010101 E07C30D7E4E26E12 0000000000000040 +-0101010101010101 0953E2258E8E90A1 0000000000000020 +-0101010101010101 5B711BC4CEEBF2EE 0000000000000010 +-0101010101010101 CC083F1E6D9E85F6 0000000000000008 +-0101010101010101 D2FD8867D50D2DFE 0000000000000004 +-0101010101010101 06E7EA22CE92708F 0000000000000002 +-0101010101010101 166B40B44ABA4BD6 0000000000000001 +-8001010101010101 0000000000000000 95A8D72813DAA94D +-4001010101010101 0000000000000000 0EEC1487DD8C26D5 +-2001010101010101 0000000000000000 7AD16FFB79C45926 +-1001010101010101 0000000000000000 D3746294CA6A6CF3 +-0801010101010101 0000000000000000 809F5F873C1FD761 +-0401010101010101 0000000000000000 C02FAFFEC989D1FC +-0201010101010101 0000000000000000 4615AA1D33E72F10 +-0180010101010101 0000000000000000 2055123350C00858 +-0140010101010101 0000000000000000 DF3B99D6577397C8 +-0120010101010101 0000000000000000 31FE17369B5288C9 +-0110010101010101 0000000000000000 DFDD3CC64DAE1642 +-0108010101010101 0000000000000000 178C83CE2B399D94 +-0104010101010101 0000000000000000 50F636324A9B7F80 +-0102010101010101 0000000000000000 A8468EE3BC18F06D +-0101800101010101 0000000000000000 A2DC9E92FD3CDE92 +-0101400101010101 0000000000000000 CAC09F797D031287 +-0101200101010101 0000000000000000 90BA680B22AEB525 +-0101100101010101 0000000000000000 CE7A24F350E280B6 +-0101080101010101 0000000000000000 882BFF0AA01A0B87 +-0101040101010101 0000000000000000 25610288924511C2 +-0101020101010101 0000000000000000 C71516C29C75D170 +-0101018001010101 0000000000000000 5199C29A52C9F059 +-0101014001010101 0000000000000000 C22F0A294A71F29F +-0101012001010101 0000000000000000 EE371483714C02EA +-0101011001010101 0000000000000000 A81FBD448F9E522F +-0101010801010101 0000000000000000 4F644C92E192DFED +-0101010401010101 0000000000000000 1AFA9A66A6DF92AE +-0101010201010101 0000000000000000 B3C1CC715CB879D8 +-0101010180010101 0000000000000000 19D032E64AB0BD8B +-0101010140010101 0000000000000000 3CFAA7A7DC8720DC +-0101010120010101 0000000000000000 B7265F7F447AC6F3 +-0101010110010101 0000000000000000 9DB73B3C0D163F54 +-0101010108010101 0000000000000000 8181B65BABF4A975 +-0101010104010101 0000000000000000 93C9B64042EAA240 +-0101010102010101 0000000000000000 5570530829705592 +-0101010101800101 0000000000000000 8638809E878787A0 +-0101010101400101 0000000000000000 41B9A79AF79AC208 +-0101010101200101 0000000000000000 7A9BE42F2009A892 +-0101010101100101 0000000000000000 29038D56BA6D2745 +-0101010101080101 0000000000000000 5495C6ABF1E5DF51 +-0101010101040101 0000000000000000 AE13DBD561488933 +-0101010101020101 0000000000000000 024D1FFA8904E389 +-0101010101018001 0000000000000000 D1399712F99BF02E +-0101010101014001 0000000000000000 14C1D7C1CFFEC79E +-0101010101012001 0000000000000000 1DE5279DAE3BED6F +-0101010101011001 0000000000000000 E941A33F85501303 +-0101010101010801 0000000000000000 DA99DBBC9A03F379 +-0101010101010401 0000000000000000 B7FC92F91D8E92E9 +-0101010101010201 0000000000000000 AE8E5CAA3CA04E85 +-0101010101010180 0000000000000000 9CC62DF43B6EED74 +-0101010101010140 0000000000000000 D863DBB5C59A91A0 +-0101010101010120 0000000000000000 A1AB2190545B91D7 +-0101010101010110 0000000000000000 0875041E64C570F7 +-0101010101010108 0000000000000000 5A594528BEBEF1CC +-0101010101010104 0000000000000000 FCDB3291DE21F0C0 +-0101010101010102 0000000000000000 869EFD7F9F265A09 +-1046913489980131 0000000000000000 88D55E54F54C97B4 +-1007103489988020 0000000000000000 0C0CC00C83EA48FD +-10071034C8980120 0000000000000000 83BC8EF3A6570183 +-1046103489988020 0000000000000000 DF725DCAD94EA2E9 +-1086911519190101 0000000000000000 E652B53B550BE8B0 +-1086911519580101 0000000000000000 AF527120C485CBB0 +-5107B01519580101 0000000000000000 0F04CE393DB926D5 +-1007B01519190101 0000000000000000 C9F00FFC74079067 +-3107915498080101 0000000000000000 7CFD82A593252B4E +-3107919498080101 0000000000000000 CB49A2F9E91363E3 +-10079115B9080140 0000000000000000 00B588BE70D23F56 +-3107911598080140 0000000000000000 406A9A6AB43399AE +-1007D01589980101 0000000000000000 6CB773611DCA9ADA +-9107911589980101 0000000000000000 67FD21C17DBB5D70 +-9107D01589190101 0000000000000000 9592CB4110430787 +-1007D01598980120 0000000000000000 A6B7FF68A318DDD3 +-1007940498190101 0000000000000000 4D102196C914CA16 +-0107910491190401 0000000000000000 2DFA9F4573594965 +-0107910491190101 0000000000000000 B46604816C0E0774 +-0107940491190401 0000000000000000 6E7E6221A4F34E87 +-19079210981A0101 0000000000000000 AA85E74643233199 +-1007911998190801 0000000000000000 2E5A19DB4D1962D6 +-10079119981A0801 0000000000000000 23A866A809D30894 +-1007921098190101 0000000000000000 D812D961F017D320 +-100791159819010B 0000000000000000 055605816E58608F +-1004801598190101 0000000000000000 ABD88E8B1B7716F1 +-1004801598190102 0000000000000000 537AC95BE69DA1E1 +-1004801598190108 0000000000000000 AED0F6AE3C25CDD8 +-1002911598100104 0000000000000000 B3E35A5EE53E7B8D +-1002911598190104 0000000000000000 61C79C71921A2EF8 +-1002911598100201 0000000000000000 E2F5728F0995013C +-1002911698100101 0000000000000000 1AEAC39A61F0A464 +-7CA110454A1A6E57 01A1D6D039776742 690F5B0D9A26939B +-0131D9619DC1376E 5CD54CA83DEF57DA 7A389D10354BD271 +-07A1133E4A0B2686 0248D43806F67172 868EBB51CAB4599A +-3849674C2602319E 51454B582DDF440A 7178876E01F19B2A +-04B915BA43FEB5B6 42FD443059577FA2 AF37FB421F8C4095 +-0113B970FD34F2CE 059B5E0851CF143A 86A560F10EC6D85B +-0170F175468FB5E6 0756D8E0774761D2 0CD3DA020021DC09 +-43297FAD38E373FE 762514B829BF486A EA676B2CB7DB2B7A +-07A7137045DA2A16 3BDD119049372802 DFD64A815CAF1A0F +-04689104C2FD3B2F 26955F6835AF609A 5C513C9C4886C088 +-37D06BB516CB7546 164D5E404F275232 0A2AEEAE3FF4AB77 +-1F08260D1AC2465E 6B056E18759F5CCA EF1BF03E5DFA575A +-584023641ABA6176 004BD6EF09176062 88BF0DB6D70DEE56 +-025816164629B007 480D39006EE762F2 A1F9915541020B56 +-49793EBC79B3258F 437540C8698F3CFA 6FBF1CAFCFFD0556 +-4FB05E1515AB73A7 072D43A077075292 2F22E49BAB7CA1AC +-49E95D6D4CA229BF 02FE55778117F12A 5A6B612CC26CCE4A +-018310DC409B26D6 1D9D5C5018F728C2 5F4C038ED12B2E41 +-1C587F1C13924FEF 305532286D6F295A 63FAC0D034D9F793 +diff --git a/src/lib/crypto/builtin/des/t_verify.c b/src/lib/crypto/builtin/des/t_verify.c +deleted file mode 100644 +index f4332f5c0..000000000 +--- a/src/lib/crypto/builtin/des/t_verify.c ++++ /dev/null +@@ -1,395 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/t_verify.c */ +-/* +- * Copyright 1988, 1990 by the Massachusetts Institute of Technology. +- * All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +-/* +- * Copyright (C) 1998 by the FundsXpress, INC. +- * +- * All rights reserved. +- * +- * Export of this software from the United States of America may require +- * a specific license from the United States Government. It is the +- * responsibility of any person or organization contemplating export to +- * obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of FundsXpress. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. FundsXpress makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +- */ +- +-/* +- * +- * Program to test the correctness of the DES library +- * implementation. +- * +- * exit returns 0 ==> success +- * -1 ==> error +- */ +- +-#include "k5-int.h" +-#include "des_int.h" +-#include +-#include "com_err.h" +- +-static void do_encrypt(unsigned char *, unsigned char *); +-static void do_decrypt(unsigned char *, unsigned char *); +- +-char *progname; +-int nflag = 2; +-int vflag; +-int mflag; +-int zflag; +-int pid; +-int mit_des_debug; +- +-unsigned char cipher_text[64]; +-unsigned char clear_text[64] = "Now is the time for all " ; +-unsigned char clear_text2[64] = "7654321 Now is the time for "; +-unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0}; +-unsigned char output[64]; +-unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0}; +-unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */ +-unsigned char *input; +- +-/* 0x0123456789abcdef */ +-unsigned char default_key[8] = { +- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef +-}; +-unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f }; +-unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 }; +-mit_des_cblock s_key; +-unsigned char default_ivec[8] = { +- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef +-}; +-unsigned char *ivec; +-unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */ +- +-unsigned char cipher1[8] = { +- 0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67 +-}; +-unsigned char cipher2[8] = { +- 0x3f,0xa4,0x0e,0x8a,0x98,0x4d,0x48,0x15 +-}; +-unsigned char cipher3[64] = { +- 0xe5,0xc7,0xcd,0xde,0x87,0x2b,0xf2,0x7c, +- 0x43,0xe9,0x34,0x00,0x8c,0x38,0x9c,0x0f, +- 0x68,0x37,0x88,0x49,0x9a,0x7c,0x05,0xf6 +-}; +-unsigned char checksum[8] = { +- 0x58,0xd2,0xe7,0x7e,0x86,0x06,0x27,0x33 +-}; +- +-unsigned char zresult[8] = { +- 0x8c, 0xa6, 0x4d, 0xe9, 0xc1, 0xb1, 0x23, 0xa7 +-}; +- +-unsigned char mresult[8] = { +- 0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96 +-}; +- +- +-/* +- * Can also add : +- * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) +- */ +- +-mit_des_key_schedule sched; +- +-int +-main(argc,argv) +- int argc; +- char *argv[]; +-{ +- /* Local Declarations */ +- size_t in_length; +- int retval; +- int i, j; +- +-#ifdef WINDOWS +- /* Set screen window buffer to infinite size -- MS default is tiny. */ +- _wsetscreenbuf (fileno (stdout), _WINBUFINF); +-#endif +- progname=argv[0]; /* salt away invoking program */ +- +- while (--argc > 0 && (*++argv)[0] == '-') +- for (i=1; argv[0][i] != '\0'; i++) { +- switch (argv[0][i]) { +- +- /* debug flag */ +- case 'd': +- mit_des_debug=3; +- continue; +- +- case 'z': +- zflag = 1; +- continue; +- +- case 'm': +- mflag = 1; +- continue; +- +- default: +- printf("%s: illegal flag \"%c\" ", +- progname,argv[0][i]); +- exit(1); +- } +- }; +- +- if (argc) { +- fprintf(stderr, "Usage: %s [-dmz]\n", progname); +- exit(1); +- } +- +- /* do some initialisation */ +- +- /* use known input and key */ +- +- /* ECB zero text zero key */ +- if (zflag) { +- input = zero_text; +- mit_des_key_sched(zero_key, sched); +- printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n"); +- do_encrypt(input,cipher_text); +- printf("\tcipher = (low to high bytes)\n\t\t"); +- for (j = 0; j<=7; j++) +- printf("%02x ",cipher_text[j]); +- printf("\n"); +- do_decrypt(output,cipher_text); +- if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) { +- printf("verify: error in zero key test\n"); +- exit(-1); +- } +- +- exit(0); +- } +- +- if (mflag) { +- input = msb_text; +- mit_des_key_sched(key3, sched); +- printf("plaintext = 0x00 00 00 00 00 00 00 40, "); +- printf("key = 0x80 01 01 01 01 01 01 01\n"); +- printf(" cipher = 0xa380e02a6be54696\n"); +- do_encrypt(input,cipher_text); +- printf("\tcipher = (low to high bytes)\n\t\t"); +- for (j = 0; j<=7; j++) { +- printf("%02x ",cipher_text[j]); +- } +- printf("\n"); +- do_decrypt(output,cipher_text); +- if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) { +- printf("verify: error in msb test\n"); +- exit(-1); +- } +- exit(0); +- } +- +- /* ECB mode Davies and Price */ +- { +- input = zero_text; +- mit_des_key_sched(key2, sched); +- printf("Examples per FIPS publication 81, keys ivs and cipher\n"); +- printf("in hex. These are the correct answers, see below for\n"); +- printf("the actual answers.\n\n"); +- printf("Examples per Davies and Price.\n\n"); +- printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n"); +- printf("\tclear = 0\n"); +- printf("\tcipher = 25 dd ac 3e 96 17 64 67\n"); +- printf("ACTUAL ECB\n"); +- printf("\tclear \"%s\"\n", input); +- do_encrypt(input,cipher_text); +- printf("\tcipher = (low to high bytes)\n\t\t"); +- for (j = 0; j<=7; j++) +- printf("%02x ",cipher_text[j]); +- printf("\n\n"); +- do_decrypt(output,cipher_text); +- if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) { +- printf("verify: error in ECB encryption\n"); +- exit(-1); +- } +- else +- printf("verify: ECB encryption is correct\n\n"); +- } +- +- /* ECB mode */ +- { +- mit_des_key_sched(default_key, sched); +- input = clear_text; +- ivec = default_ivec; +- printf("EXAMPLE ECB\tkey = 0123456789abcdef\n"); +- printf("\tclear = \"Now is the time for all \"\n"); +- printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n"); +- printf("ACTUAL ECB\n\tclear \"%s\"",input); +- do_encrypt(input,cipher_text); +- printf("\n\tcipher = (low to high bytes)\n\t\t"); +- for (j = 0; j<=7; j++) { +- printf("%02x ",cipher_text[j]); +- } +- printf("\n\n"); +- do_decrypt(output,cipher_text); +- if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) { +- printf("verify: error in ECB encryption\n"); +- exit(-1); +- } +- else +- printf("verify: ECB encryption is correct\n\n"); +- } +- +- /* CBC mode */ +- printf("EXAMPLE CBC\tkey = 0123456789abcdef"); +- printf("\tiv = 1234567890abcdef\n"); +- printf("\tclear = \"Now is the time for all \"\n"); +- printf("\tcipher =\te5 c7 cd de 87 2b f2 7c\n"); +- printf("\t\t\t43 e9 34 00 8c 38 9c 0f\n"); +- printf("\t\t\t68 37 88 49 9a 7c 05 f6\n"); +- +- printf("ACTUAL CBC\n\tclear \"%s\"\n",input); +- in_length = strlen((char *)input); +- if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) input, +- (mit_des_cblock *) cipher_text, +- (size_t) in_length, +- sched, +- ivec, +- MIT_DES_ENCRYPT))) { +- com_err("des verify", retval, "can't encrypt"); +- exit(-1); +- } +- printf("\tciphertext = (low to high bytes)\n"); +- for (i = 0; i <= 2; i++) { +- printf("\t\t"); +- for (j = 0; j <= 7; j++) { +- printf("%02x ",cipher_text[i*8+j]); +- } +- printf("\n"); +- } +- if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) cipher_text, +- (mit_des_cblock *) clear_text, +- (size_t) in_length, +- sched, +- ivec, +- MIT_DES_DECRYPT))) { +- com_err("des verify", retval, "can't decrypt"); +- exit(-1); +- } +- printf("\tdecrypted clear_text = \"%s\"\n",clear_text); +- +- if ( memcmp((char *)cipher_text, (char *)cipher3, in_length) ) { +- printf("verify: error in CBC encryption\n"); +- exit(-1); +- } +- else +- printf("verify: CBC encryption is correct\n\n"); +- +- printf("EXAMPLE CBC checksum"); +- printf("\tkey = 0123456789abcdef\tiv = 1234567890abcdef\n"); +- printf("\tclear =\t\t\"7654321 Now is the time for \"\n"); +- printf("\tchecksum\t58 d2 e7 7e 86 06 27 33, "); +- printf("or some part thereof\n"); +- input = clear_text2; +- mit_des_cbc_cksum(input,cipher_text, strlen((char *)input), +- sched,ivec); +- printf("ACTUAL CBC checksum\n"); +- printf("\t\tencrypted cksum = (low to high bytes)\n\t\t"); +- for (j = 0; j<=7; j++) +- printf("%02x ",cipher_text[j]); +- printf("\n\n"); +- if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) { +- printf("verify: error in CBC cheksum\n"); +- exit(-1); +- } +- else +- printf("verify: CBC checksum is correct\n\n"); +- +- exit(0); +-} +- +-static void +-do_encrypt(in,out) +- unsigned char *in; +- unsigned char *out; +-{ +- int i, j; +- for (i =1; i<=nflag; i++) { +- mit_des_cbc_encrypt((const mit_des_cblock *)in, +- (mit_des_cblock *)out, +- 8, +- sched, +- zero_text, +- MIT_DES_ENCRYPT); +- if (mit_des_debug) { +- printf("\nclear %s\n",in); +- for (j = 0; j<=7; j++) +- printf("%02X ",in[j] & 0xff); +- printf("\tcipher "); +- for (j = 0; j<=7; j++) +- printf("%02X ",out[j] & 0xff); +- } +- } +-} +- +-static void +-do_decrypt(in,out) +- unsigned char *out; +- unsigned char *in; +- /* try to invert it */ +-{ +- int i, j; +- for (i =1; i<=nflag; i++) { +- mit_des_cbc_encrypt((const mit_des_cblock *)out, +- (mit_des_cblock *)in, +- 8, +- sched, +- zero_text, +- MIT_DES_DECRYPT); +- if (mit_des_debug) { +- printf("clear %s\n",in); +- for (j = 0; j<=7; j++) +- printf("%02X ",in[j] & 0xff); +- printf("\tcipher "); +- for (j = 0; j<=7; j++) +- printf("%02X ",out[j] & 0xff); +- } +- } +-} +- +-/* +- * Fake out the DES library, for the purposes of testing. +- */ +- +-int +-mit_des_is_weak_key(key) +- mit_des_cblock key; +-{ +- return 0; /* fake it out for testing */ +-} +diff --git a/src/lib/crypto/builtin/des/weak_key.c b/src/lib/crypto/builtin/des/weak_key.c +deleted file mode 100644 +index eb41b267d..000000000 +--- a/src/lib/crypto/builtin/des/weak_key.c ++++ /dev/null +@@ -1,86 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/builtin/des/weak_key.c */ +-/* +- * Copyright 1989,1990 by the Massachusetts Institute of Technology. +- * All Rights Reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-/* +- * Under U.S. law, this software may not be exported outside the US +- * without license from the U.S. Commerce department. +- * +- * These routines form the library interface to the DES facilities. +- * +- * Originally written 8/85 by Steve Miller, MIT Project Athena. +- */ +- +-#include "k5-int.h" +-#include "des_int.h" +- +-/* +- * The following are the weak DES keys: +- */ +-static const mit_des_cblock weak[16] = { +- /* weak keys */ +- {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, +- {0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe}, +- {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e}, +- {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1}, +- +- /* semi-weak */ +- {0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe}, +- {0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01}, +- +- {0x1f,0xe0,0x1f,0xe0,0x0e,0xf1,0x0e,0xf1}, +- {0xe0,0x1f,0xe0,0x1f,0xf1,0x0e,0xf1,0x0e}, +- +- {0x01,0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1}, +- {0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1,0x01}, +- +- {0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e,0xfe}, +- {0xfe,0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e}, +- +- {0x01,0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e}, +- {0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e,0x01}, +- +- {0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1,0xfe}, +- {0xfe,0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1} +-}; +- +-/* +- * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key. +- * +- * Requires: key has correct odd parity. +- */ +-int +-mit_des_is_weak_key(mit_des_cblock key) +-{ +- unsigned int i; +- const mit_des_cblock *weak_p = weak; +- +- for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) { +- if (!memcmp(weak_p++,key,sizeof(mit_des_cblock))) +- return 1; +- } +- +- return 0; +-} +diff --git a/src/lib/crypto/builtin/enc_provider/Makefile.in b/src/lib/crypto/builtin/enc_provider/Makefile.in +index 3459e1d0e..af6276b96 100644 +--- a/src/lib/crypto/builtin/enc_provider/Makefile.in ++++ b/src/lib/crypto/builtin/enc_provider/Makefile.in +@@ -1,7 +1,6 @@ + mydir=lib$(S)crypto$(S)builtin$(S)enc_provider + BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +-LOCALINCLUDES = -I$(srcdir)/../des \ +- -I$(srcdir)/../aes \ ++LOCALINCLUDES = -I$(srcdir)/../aes \ + -I$(srcdir)/../camellia \ + -I$(srcdir)/../../krb \ + -I$(srcdir)/.. +@@ -11,19 +10,16 @@ LOCALINCLUDES = -I$(srcdir)/../des \ + ##DOS##OBJFILE = ..\..\$(OUTPRE)enc_provider.lst + + STLIBOBJS= \ +- des3.o \ + rc4.o \ + aes.o \ + camellia.o + + OBJS= \ +- $(OUTPRE)des3.$(OBJEXT) \ + $(OUTPRE)aes.$(OBJEXT) \ + $(OUTPRE)camellia.$(OBJEXT) \ + $(OUTPRE)rc4.$(OBJEXT) + + SRCS= \ +- $(srcdir)/des3.c \ + $(srcdir)/aes.c \ + $(srcdir)/camellia.c \ + $(srcdir)/rc4.c +diff --git a/src/lib/crypto/builtin/enc_provider/deps b/src/lib/crypto/builtin/enc_provider/deps +index 7a3324c44..c1201cc1a 100644 +--- a/src/lib/crypto/builtin/enc_provider/deps ++++ b/src/lib/crypto/builtin/enc_provider/deps +@@ -1,18 +1,6 @@ + # + # Generated makefile dependencies follow. + # +-des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +- $(srcdir)/../aes/aes.h $(srcdir)/../crypto_mod.h $(srcdir)/../des/des_int.h \ +- $(srcdir)/../sha2/sha2.h $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des3.c + aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +diff --git a/src/lib/crypto/builtin/enc_provider/des3.c b/src/lib/crypto/builtin/enc_provider/des3.c +deleted file mode 100644 +index 9b8244223..000000000 +--- a/src/lib/crypto/builtin/enc_provider/des3.c ++++ /dev/null +@@ -1,105 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * Copyright (C) 1998 by the FundsXpress, INC. +- * +- * All rights reserved. +- * +- * Export of this software from the United States of America may require +- * a specific license from the United States Government. It is the +- * responsibility of any person or organization contemplating export to +- * obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of FundsXpress. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. FundsXpress makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +- */ +- +-#include "crypto_int.h" +-#include "des_int.h" +- +-static krb5_error_code +-validate_and_schedule(krb5_key key, const krb5_data *ivec, +- const krb5_crypto_iov *data, size_t num_data, +- mit_des3_key_schedule *schedule) +-{ +- if (key->keyblock.length != 24) +- return(KRB5_BAD_KEYSIZE); +- if (iov_total_length(data, num_data, FALSE) % 8 != 0) +- return(KRB5_BAD_MSIZE); +- if (ivec && (ivec->length != 8)) +- return(KRB5_BAD_MSIZE); +- +- switch (mit_des3_key_sched(*(mit_des3_cblock *)key->keyblock.contents, +- *schedule)) { +- case -1: +- return(KRB5DES_BAD_KEYPAR); +- case -2: +- return(KRB5DES_WEAK_KEY); +- } +- return 0; +-} +- +-static krb5_error_code +-k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, +- size_t num_data) +-{ +- mit_des3_key_schedule schedule; +- krb5_error_code err; +- +- err = validate_and_schedule(key, ivec, data, num_data, &schedule); +- if (err) +- return err; +- +- /* this has a return value, but the code always returns zero */ +- krb5int_des3_cbc_encrypt(data, num_data, +- schedule[0], schedule[1], schedule[2], +- ivec != NULL ? (unsigned char *) ivec->data : +- NULL); +- +- zap(schedule, sizeof(schedule)); +- +- return(0); +-} +- +-static krb5_error_code +-k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, +- size_t num_data) +-{ +- mit_des3_key_schedule schedule; +- krb5_error_code err; +- +- err = validate_and_schedule(key, ivec, data, num_data, &schedule); +- if (err) +- return err; +- +- /* this has a return value, but the code always returns zero */ +- krb5int_des3_cbc_decrypt(data, num_data, +- schedule[0], schedule[1], schedule[2], +- ivec != NULL ? (unsigned char *) ivec->data : +- NULL); +- +- zap(schedule, sizeof(schedule)); +- +- return 0; +-} +- +-const struct krb5_enc_provider krb5int_enc_des3 = { +- 8, +- 21, 24, +- k5_des3_encrypt, +- k5_des3_decrypt, +- NULL, +- krb5int_des_init_state, +- krb5int_default_free_state +-}; +diff --git a/src/lib/crypto/crypto_tests/t_cf2.expected b/src/lib/crypto/crypto_tests/t_cf2.expected +index f8251a16c..bc6aa50c8 100644 +--- a/src/lib/crypto/crypto_tests/t_cf2.expected ++++ b/src/lib/crypto/crypto_tests/t_cf2.expected +@@ -1,6 +1,5 @@ + 97df97e4b798b29eb31ed7280287a92a + 4d6ca4e629785c1f01baf55e2e548566b9617ae3a96868c337cb93b5e72b1c7b +-e58f9eb643862c13ad38e529313462a7f73e62834fe54a01 + 24d7f6b6bae4e5c00d2082c5ebab3672 + edd02a39d2dbde31611c16e610be062c + 67f6ea530aea85a37dcbb23349ea52dcc61ca8493ff557252327fd8304341584 +diff --git a/src/lib/crypto/crypto_tests/t_cf2.in b/src/lib/crypto/crypto_tests/t_cf2.in +index 73e2f8fbc..c4d23b506 100644 +--- a/src/lib/crypto/crypto_tests/t_cf2.in ++++ b/src/lib/crypto/crypto_tests/t_cf2.in +@@ -8,11 +8,6 @@ key1 + key2 + a + b +-16 +-key1 +-key2 +-a +-b + 23 + key1 + key2 +diff --git a/src/lib/crypto/crypto_tests/t_cksums.c b/src/lib/crypto/crypto_tests/t_cksums.c +index 4da14ea43..84408fb68 100644 +--- a/src/lib/crypto/crypto_tests/t_cksums.c ++++ b/src/lib/crypto/crypto_tests/t_cksums.c +@@ -59,16 +59,6 @@ struct test { + "\xDA\x39\xA3\xEE\x5E\x6B\x4B\x0D\x32\x55\xBF\xEF\x95\x60\x18\x90" + "\xAF\xD8\x07\x09" } + }, +- { +- { KV5M_DATA, 9, "six seven" }, +- CKSUMTYPE_HMAC_SHA1_DES3, ENCTYPE_DES3_CBC_SHA1, 2, +- { KV5M_DATA, 24, +- "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23" +- "\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" }, +- { KV5M_DATA, 20, +- "\x0E\xEF\xC9\xC3\xE0\x49\xAA\xBC\x1B\xA5\xC4\x01\x67\x7D\x9A\xB6" +- "\x99\x08\x2B\xB4" } +- }, + { + { KV5M_DATA, 37, "eight nine ten eleven twelve thirteen" }, + CKSUMTYPE_HMAC_SHA1_96_AES128, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 3, +diff --git a/src/lib/crypto/crypto_tests/t_decrypt.c b/src/lib/crypto/crypto_tests/t_decrypt.c +index a40a85500..716f2c337 100644 +--- a/src/lib/crypto/crypto_tests/t_decrypt.c ++++ b/src/lib/crypto/crypto_tests/t_decrypt.c +@@ -39,62 +39,6 @@ struct test { + krb5_data keybits; + krb5_data ciphertext; + } test_cases[] = { +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 0, "", }, 0, +- { KV5M_DATA, 24, +- "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23" +- "\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" }, +- { KV5M_DATA, 28, +- "\x54\x8A\xF4\xD5\x04\xF7\xD7\x23\x30\x3F\x12\x17\x5F\xE8\x38\x6B" +- "\x7B\x53\x35\xA9\x67\xBA\xD6\x1F\x3B\xF0\xB1\x43" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 1, "1", }, 1, +- { KV5M_DATA, 24, +- "\xBC\x07\x83\x89\x15\x13\xD5\xCE\x57\xBC\x13\x8F\xD3\xC1\x1A\xE6" +- "\x40\x45\x23\x85\x32\x29\x62\xB6" }, +- { KV5M_DATA, 36, +- "\x9C\x3C\x1D\xBA\x47\x47\xD8\x5A\xF2\x91\x6E\x47\x45\xF2\xDC\xE3" +- "\x80\x46\x79\x6E\x51\x04\xBC\xCD\xFB\x66\x9A\x91\xD4\x4B\xC3\x56" +- "\x66\x09\x45\xC7" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 9, "9 bytesss", }, 2, +- { KV5M_DATA, 24, +- "\x2F\xD0\xF7\x25\xCE\x04\x10\x0D\x2F\xC8\xA1\x80\x98\x83\x1F\x85" +- "\x0B\x45\xD9\xEF\x85\x0B\xD9\x20" }, +- { KV5M_DATA, 44, +- "\xCF\x91\x44\xEB\xC8\x69\x79\x81\x07\x5A\x8B\xAD\x8D\x74\xE5\xD7" +- "\xD5\x91\xEB\x7D\x97\x70\xC7\xAD\xA2\x5E\xE8\xC5\xB3\xD6\x94\x44" +- "\xDF\xEC\x79\xA5\xB7\xA0\x14\x82\xD9\xAF\x74\xE6" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 13, "13 bytes byte", }, 3, +- { KV5M_DATA, 24, +- "\x0D\xD5\x20\x94\xE0\xF4\x1C\xEC\xCB\x5B\xE5\x10\xA7\x64\xB3\x51" +- "\x76\xE3\x98\x13\x32\xF1\xE5\x98" }, +- { KV5M_DATA, 44, +- "\x83\x9A\x17\x08\x1E\xCB\xAF\xBC\xDC\x91\xB8\x8C\x69\x55\xDD\x3C" +- "\x45\x14\x02\x3C\xF1\x77\xB7\x7B\xF0\xD0\x17\x7A\x16\xF7\x05\xE8" +- "\x49\xCB\x77\x81\xD7\x6A\x31\x6B\x19\x3F\x8D\x30" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, +- { KV5M_DATA, 24, +- "\xF1\x16\x86\xCB\xBC\x9E\x23\xEA\x54\xFE\xCD\x2A\x3D\xCD\xFB\x20" +- "\xB6\xFE\x98\xBF\x26\x45\xC4\xC4" }, +- { KV5M_DATA, 60, +- "\x89\x43\x3E\x83\xFD\x0E\xA3\x66\x6C\xFF\xCD\x18\xD8\xDE\xEB\xC5" +- "\x3B\x9A\x34\xED\xBE\xB1\x59\xD9\xF6\x67\xC6\xC2\xB9\xA9\x64\x40" +- "\x1D\x55\xE7\xE9\xC6\x8D\x64\x8D\x65\xC3\xAA\x84\xFF\xA3\x79\x0C" +- "\x14\xA8\x64\xDA\x80\x73\xA9\xA9\x5C\x4B\xA2\xBC" } +- }, +- + { + ENCTYPE_ARCFOUR_HMAC, + { KV5M_DATA, 0, "", }, 0, +@@ -524,7 +468,6 @@ printhex(const char *head, void *data, size_t len) + + static krb5_enctype + enctypes[] = { +- ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_ARCFOUR_HMAC_EXP, + ENCTYPE_AES128_CTS_HMAC_SHA1_96, +diff --git a/src/lib/crypto/crypto_tests/t_derive.c b/src/lib/crypto/crypto_tests/t_derive.c +index afbf7477f..93ce30da2 100644 +--- a/src/lib/crypto/crypto_tests/t_derive.c ++++ b/src/lib/crypto/crypto_tests/t_derive.c +@@ -38,41 +38,6 @@ struct test { + enum deriv_alg alg; + krb5_data expected_key; + } test_cases[] = { +- /* Kc, Ke, Kei for a DES3 key */ +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 24, +- "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" +- "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, +- { KV5M_DATA, 5, "\0\0\0\2\x99" }, +- DERIVE_RFC3961, +- { KV5M_DATA, 24, +- "\xF7\x8C\x49\x6D\x16\xE6\xC2\xDA\xE0\xE0\xB6\xC2\x40\x57\xA8\x4C" +- "\x04\x26\xAE\xEF\x26\xFD\x6D\xCE" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 24, +- "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" +- "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, +- { KV5M_DATA, 5, "\0\0\0\2\xAA" }, +- DERIVE_RFC3961, +- { KV5M_DATA, 24, +- "\x5B\x57\x23\xD0\xB6\x34\xCB\x68\x4C\x3E\xBA\x52\x64\xE9\xA7\x0D" +- "\x52\xE6\x83\x23\x1A\xD3\xC4\xCE" } +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- { KV5M_DATA, 24, +- "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" +- "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, +- { KV5M_DATA, 5, "\0\0\0\2\x55" }, +- DERIVE_RFC3961, +- { KV5M_DATA, 24, +- "\xA7\x7C\x94\x98\x0E\x9B\x73\x45\xA8\x15\x25\xC4\x23\xA7\x37\xCE" +- "\x67\xF4\xCD\x91\xB6\xB3\xDA\x45" } +- }, +- + /* Kc, Ke, Ki for an AES-128 key */ + { + ENCTYPE_AES128_CTS_HMAC_SHA1_96, +@@ -286,7 +251,6 @@ static const struct krb5_enc_provider * + get_enc_provider(krb5_enctype enctype) + { + switch (enctype) { +- case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3; + case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128; + case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256; + case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128; +diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c +index bd9b94691..290a72e1e 100644 +--- a/src/lib/crypto/crypto_tests/t_encrypt.c ++++ b/src/lib/crypto/crypto_tests/t_encrypt.c +@@ -37,7 +37,6 @@ + + /* What enctypes should we test?*/ + krb5_enctype interesting_enctypes[] = { +- ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_ARCFOUR_HMAC_EXP, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, +diff --git a/src/lib/crypto/crypto_tests/t_short.c b/src/lib/crypto/crypto_tests/t_short.c +index d4c2b97df..4466b7115 100644 +--- a/src/lib/crypto/crypto_tests/t_short.c ++++ b/src/lib/crypto/crypto_tests/t_short.c +@@ -34,7 +34,6 @@ + #include "k5-int.h" + + krb5_enctype interesting_enctypes[] = { +- ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_ARCFOUR_HMAC_EXP, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, +diff --git a/src/lib/crypto/crypto_tests/t_str2key.c b/src/lib/crypto/crypto_tests/t_str2key.c +index cdb1acc6d..ef4c4a7d3 100644 +--- a/src/lib/crypto/crypto_tests/t_str2key.c ++++ b/src/lib/crypto/crypto_tests/t_str2key.c +@@ -35,58 +35,6 @@ struct test { + krb5_error_code expected_err; + krb5_boolean allow_weak; + } test_cases[] = { +- /* Test vectors from RFC 3961 appendix A.4. */ +- { +- ENCTYPE_DES3_CBC_SHA1, +- "password", +- { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, +- { KV5M_DATA, 0, NULL }, +- { KV5M_DATA, 24, "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C" +- "\x31\x3E\x3B\xFE\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, +- 0, +- FALSE +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- "potatoe", +- { KV5M_DATA, 19, "WHITEHOUSE.GOVdanny" }, +- { KV5M_DATA, 0, NULL }, +- { KV5M_DATA, 24, "\xDF\xCD\x23\x3D\xD0\xA4\x32\x04\xEA\x6D\xC4\x37" +- "\xFB\x15\xE0\x61\xB0\x29\x79\xC1\xF7\x4F\x37\x7A" }, +- 0, +- FALSE +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- "penny", +- { KV5M_DATA, 19, "EXAMPLE.COMbuckaroo" }, +- { KV5M_DATA, 0, NULL }, +- { KV5M_DATA, 24, "\x6D\x2F\xCD\xF2\xD6\xFB\xBC\x3D\xDC\xAD\xB5\xDA" +- "\x57\x10\xA2\x34\x89\xB0\xD3\xB6\x9D\x5D\x9D\x4A" }, +- 0, +- FALSE +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- "\xC3\x9F", +- { KV5M_DATA, 23, "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87" }, +- { KV5M_DATA, 0, NULL }, +- { KV5M_DATA, 24, "\x16\xD5\xA4\x0E\x1C\xE3\xBA\xCB\x61\xB9\xDC\xE0" +- "\x04\x70\x32\x4C\x83\x19\x73\xA7\xB9\x52\xFE\xB0" }, +- 0, +- FALSE +- }, +- { +- ENCTYPE_DES3_CBC_SHA1, +- "\xF0\x9D\x84\x9E", +- { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, +- { KV5M_DATA, 0, NULL }, +- { KV5M_DATA, 24, "\x85\x76\x37\x26\x58\x5D\xBC\x1C\xCE\x6E\xC4\x3E" +- "\x1F\x75\x1F\x07\xF1\xC4\xCB\xB0\x98\xF4\x0B\x19" }, +- 0, +- FALSE +- }, +- + /* Test vectors from RFC 3962 appendix B. */ + { + ENCTYPE_AES128_CTS_HMAC_SHA1_96, +diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in +index b74e6f7cc..2b0c4163d 100644 +--- a/src/lib/crypto/krb/Makefile.in ++++ b/src/lib/crypto/krb/Makefile.in +@@ -50,7 +50,6 @@ STLIBOBJS=\ + prf.o \ + prf_aes2.o \ + prf_cmac.o \ +- prf_des.o \ + prf_dk.o \ + prf_rc4.o \ + prng.o \ +@@ -109,7 +108,6 @@ OBJS=\ + $(OUTPRE)prf.$(OBJEXT) \ + $(OUTPRE)prf_aes2.$(OBJEXT) \ + $(OUTPRE)prf_cmac.$(OBJEXT) \ +- $(OUTPRE)prf_des.$(OBJEXT) \ + $(OUTPRE)prf_dk.$(OBJEXT) \ + $(OUTPRE)prf_rc4.$(OBJEXT) \ + $(OUTPRE)prng.$(OBJEXT) \ +@@ -168,7 +166,6 @@ SRCS=\ + $(srcdir)/prf.c \ + $(srcdir)/prf_aes2.c \ + $(srcdir)/prf_cmac.c \ +- $(srcdir)/prf_des.c \ + $(srcdir)/prf_dk.c \ + $(srcdir)/prf_rc4.c \ + $(srcdir)/prng.c \ +diff --git a/src/lib/crypto/krb/cksumtypes.c b/src/lib/crypto/krb/cksumtypes.c +index ecc2e08c9..f5fbe8a2a 100644 +--- a/src/lib/crypto/krb/cksumtypes.c ++++ b/src/lib/crypto/krb/cksumtypes.c +@@ -46,12 +46,6 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = { + krb5int_unkeyed_checksum, NULL, + 20, 20, CKSUM_UNKEYED }, + +- { CKSUMTYPE_HMAC_SHA1_DES3, +- "hmac-sha1-des3", { "hmac-sha1-des3-kd" }, "HMAC-SHA1 DES3 key", +- &krb5int_enc_des3, &krb5int_hash_sha1, +- krb5int_dk_checksum, NULL, +- 20, 20, 0 }, +- + { CKSUMTYPE_HMAC_MD5_ARCFOUR, + "hmac-md5-rc4", { "hmac-md5-enc", "hmac-md5-earcfour" }, + "Microsoft HMAC MD5", +diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h +index ba693f8a4..5cc1f8e43 100644 +--- a/src/lib/crypto/krb/crypto_int.h ++++ b/src/lib/crypto/krb/crypto_int.h +@@ -276,10 +276,6 @@ krb5_error_code krb5int_aes2_string_to_key(const struct krb5_keytypes *enc, + /* Random to key */ + krb5_error_code k5_rand2key_direct(const krb5_data *randombits, + krb5_keyblock *keyblock); +-krb5_error_code k5_rand2key_des(const krb5_data *randombits, +- krb5_keyblock *keyblock); +-krb5_error_code k5_rand2key_des3(const krb5_data *randombits, +- krb5_keyblock *keyblock); + + /* Pseudo-random function */ + krb5_error_code krb5int_des_prf(const struct krb5_keytypes *ktp, +@@ -368,11 +364,6 @@ krb5_keyusage krb5int_arcfour_translate_usage(krb5_keyusage usage); + /* Ensure library initialization has occurred. */ + int krb5int_crypto_init(void); + +-/* DES default state initialization handler (used by module enc providers). */ +-krb5_error_code krb5int_des_init_state(const krb5_keyblock *key, +- krb5_keyusage keyusage, +- krb5_data *state_out); +- + /* Default state cleanup handler (used by module enc providers). */ + void krb5int_default_free_state(krb5_data *state); + +@@ -425,7 +416,6 @@ void k5_iov_cursor_put(struct iov_cursor *cursor, unsigned char *block); + /* Modules must implement the k5_sha256() function prototyped in k5-int.h. */ + + /* Modules must implement the following enc_providers and hash_providers: */ +-extern const struct krb5_enc_provider krb5int_enc_des3; + extern const struct krb5_enc_provider krb5int_enc_arcfour; + extern const struct krb5_enc_provider krb5int_enc_aes128; + extern const struct krb5_enc_provider krb5int_enc_aes256; +@@ -442,12 +432,6 @@ extern const struct krb5_hash_provider krb5int_hash_sha384; + + /* Modules must implement the following functions. */ + +-/* Set the parity bits to the correct values in keybits. */ +-void k5_des_fixup_key_parity(unsigned char *keybits); +- +-/* Return true if keybits is a weak or semi-weak DES key. */ +-krb5_boolean k5_des_is_weak_key(unsigned char *keybits); +- + /* Compute an HMAC using the provided hash function, key, and data, storing the + * result into output (caller-allocated). */ + krb5_error_code krb5int_hmac(const struct krb5_hash_provider *hash, +diff --git a/src/lib/crypto/krb/default_state.c b/src/lib/crypto/krb/default_state.c +index 0757c8b02..f89dc7902 100644 +--- a/src/lib/crypto/krb/default_state.c ++++ b/src/lib/crypto/krb/default_state.c +@@ -32,16 +32,6 @@ + + #include "crypto_int.h" + +-krb5_error_code +-krb5int_des_init_state(const krb5_keyblock *key, krb5_keyusage usage, +- krb5_data *state_out) +-{ +- if (alloc_data(state_out, 8)) +- return ENOMEM; +- +- return 0; +-} +- + void + krb5int_default_free_state(krb5_data *state) + { +diff --git a/src/lib/crypto/krb/enctype_util.c b/src/lib/crypto/krb/enctype_util.c +index 1542d4062..a0037912a 100644 +--- a/src/lib/crypto/krb/enctype_util.c ++++ b/src/lib/crypto/krb/enctype_util.c +@@ -45,6 +45,9 @@ struct { + { ENCTYPE_DES_CBC_MD5, "des-cbc-md5" }, + { ENCTYPE_DES_CBC_RAW, "des-cbc-raw" }, + { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1" }, ++ { ENCTYPE_DES3_CBC_SHA, "des3-cbc-sha1" }, ++ { ENCTYPE_DES3_CBC_RAW, "des3-cbc-raw" }, ++ { ENCTYPE_DES3_CBC_SHA1, "des3-hmac-sha1" }, + { ENCTYPE_NULL, NULL } + }; + +diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c +index fc278783b..7635393a4 100644 +--- a/src/lib/crypto/krb/etypes.c ++++ b/src/lib/crypto/krb/etypes.c +@@ -35,27 +35,6 @@ + + /* Deprecations come from RFC 6649 and RFC 8249. */ + const struct krb5_keytypes krb5int_enctypes_list[] = { +- { ENCTYPE_DES3_CBC_RAW, +- "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw", +- &krb5int_enc_des3, NULL, +- 16, +- krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt, +- krb5int_dk_string_to_key, k5_rand2key_des3, +- NULL, /*PRF*/ +- 0, +- ETYPE_WEAK | ETYPE_DEPRECATED, 112 }, +- +- { ENCTYPE_DES3_CBC_SHA1, +- "des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" }, +- "Triple DES cbc mode with HMAC/sha1", +- &krb5int_enc_des3, &krb5int_hash_sha1, +- 16, +- krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt, +- krb5int_dk_string_to_key, k5_rand2key_des3, +- krb5int_dk_prf, +- CKSUMTYPE_HMAC_SHA1_DES3, +- ETYPE_DEPRECATED, 112 }, +- + /* rc4-hmac uses a 128-bit key, but due to weaknesses in the RC4 cipher, we + * consider its strength degraded and assign it an SSF value of 64. */ + { ENCTYPE_ARCFOUR_HMAC, +diff --git a/src/lib/crypto/krb/prf_des.c b/src/lib/crypto/krb/prf_des.c +deleted file mode 100644 +index 7a2d719c5..000000000 +--- a/src/lib/crypto/krb/prf_des.c ++++ /dev/null +@@ -1,47 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/krb/prf_des.c - RFC 3961 DES-based PRF */ +-/* +- * Copyright (C) 2004, 2009 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-#include "crypto_int.h" +- +-krb5_error_code +-krb5int_des_prf(const struct krb5_keytypes *ktp, krb5_key key, +- const krb5_data *in, krb5_data *out) +-{ +- const struct krb5_hash_provider *hash = &krb5int_hash_md5; +- krb5_crypto_iov iov; +- krb5_error_code ret; +- +- /* Compute a hash of the input, storing into the output buffer. */ +- iov.flags = KRB5_CRYPTO_TYPE_DATA; +- iov.data = *in; +- ret = hash->hash(&iov, 1, out); +- if (ret != 0) +- return ret; +- +- /* Encrypt the hash in place. */ +- iov.data = *out; +- return ktp->enc->encrypt(key, NULL, &iov, 1); +-} +diff --git a/src/lib/crypto/krb/random_to_key.c b/src/lib/crypto/krb/random_to_key.c +index 157462526..863090beb 100644 +--- a/src/lib/crypto/krb/random_to_key.c ++++ b/src/lib/crypto/krb/random_to_key.c +@@ -71,48 +71,3 @@ k5_rand2key_direct(const krb5_data *randombits, krb5_keyblock *keyblock) + memcpy(keyblock->contents, randombits->data, randombits->length); + return 0; + } +- +-static inline void +-eighth_byte(unsigned char *b) +-{ +- b[7] = (((b[0] & 1) << 1) | ((b[1] & 1) << 2) | ((b[2] & 1) << 3) | +- ((b[3] & 1) << 4) | ((b[4] & 1) << 5) | ((b[5] & 1) << 6) | +- ((b[6] & 1) << 7)); +-} +- +-krb5_error_code +-k5_rand2key_des(const krb5_data *randombits, krb5_keyblock *keyblock) +-{ +- if (randombits->length != 7) +- return(KRB5_CRYPTO_INTERNAL); +- +- keyblock->magic = KV5M_KEYBLOCK; +- +- /* Take the seven bytes, move them around into the top 7 bits of the +- * 8 key bytes, then compute the parity bits. */ +- memcpy(keyblock->contents, randombits->data, randombits->length); +- eighth_byte(keyblock->contents); +- k5_des_fixup_key_parity(keyblock->contents); +- +- return 0; +-} +- +-krb5_error_code +-k5_rand2key_des3(const krb5_data *randombits, krb5_keyblock *keyblock) +-{ +- int i; +- +- if (randombits->length != 21) +- return KRB5_CRYPTO_INTERNAL; +- +- keyblock->magic = KV5M_KEYBLOCK; +- +- /* Take the seven bytes, move them around into the top 7 bits of the +- * 8 key bytes, then compute the parity bits. Do this three times. */ +- for (i = 0; i < 3; i++) { +- memcpy(&keyblock->contents[i * 8], &randombits->data[i * 7], 7); +- eighth_byte(&keyblock->contents[i * 8]); +- k5_des_fixup_key_parity(&keyblock->contents[i * 8]); +- } +- return 0; +-} +diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports +index 451d5e035..9db181381 100644 +--- a/src/lib/crypto/libk5crypto.exports ++++ b/src/lib/crypto/libk5crypto.exports +@@ -86,7 +86,6 @@ krb5_k_verify_checksum + krb5_k_verify_checksum_iov + krb5int_aes_encrypt + krb5int_aes_decrypt +-krb5int_enc_des3 + krb5int_arcfour_gsscrypt + krb5int_camellia_cbc_mac + krb5int_cmac_checksum +diff --git a/src/lib/crypto/openssl/Makefile.in b/src/lib/crypto/openssl/Makefile.in +index aa434b168..234fc0e76 100644 +--- a/src/lib/crypto/openssl/Makefile.in ++++ b/src/lib/crypto/openssl/Makefile.in +@@ -1,6 +1,6 @@ + mydir=lib$(S)crypto$(S)openssl + BUILDTOP=$(REL)..$(S)..$(S).. +-SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider ++SUBDIRS=camellia aes md4 md5 sha1 sha2 enc_provider hash_provider + LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir) + + STLIBOBJS=\ +@@ -24,14 +24,14 @@ SRCS=\ + $(srcdir)/sha256.c \ + $(srcdir)/stubs.c + +-STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ ++STOBJLISTS= md4/OBJS.ST \ + md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ + enc_provider/OBJS.ST \ + hash_provider/OBJS.ST \ + aes/OBJS.ST \ + OBJS.ST + +-SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ ++SUBDIROBJLISTS= md4/OBJS.ST \ + md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ + enc_provider/OBJS.ST \ + hash_provider/OBJS.ST \ +@@ -42,7 +42,7 @@ includes: depend + + depend: $(SRCS) + +-clean-unix:: clean-libobjs ++clean-unix:: clean-libobjsn + + @lib_frag@ + @libobj_frag@ +diff --git a/src/lib/crypto/openssl/des/Makefile.in b/src/lib/crypto/openssl/des/Makefile.in +deleted file mode 100644 +index 4392fb8ea..000000000 +--- a/src/lib/crypto/openssl/des/Makefile.in ++++ /dev/null +@@ -1,20 +0,0 @@ +-mydir=lib$(S)crypto$(S)openssl$(S)des +-BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +-LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. +- +-STLIBOBJS= des_keys.o +- +-OBJS= $(OUTPRE)des_keys.$(OBJEXT) +- +-SRCS= $(srcdir)/des_keys.c +- +-all-unix: all-libobjs +- +-includes: depend +- +-depend: $(SRCS) +- +-clean-unix:: clean-libobjs +- +-@libobj_frag@ +- +diff --git a/src/lib/crypto/openssl/des/deps b/src/lib/crypto/openssl/des/deps +deleted file mode 100644 +index 21b904f89..000000000 +--- a/src/lib/crypto/openssl/des/deps ++++ /dev/null +@@ -1,15 +0,0 @@ +-# +-# Generated makefile dependencies follow. +-# +-des_keys.so des_keys.po $(OUTPRE)des_keys.$(OBJEXT): \ +- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ +- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ +- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ +- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ +- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ +- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- des_keys.c +diff --git a/src/lib/crypto/openssl/des/des_keys.c b/src/lib/crypto/openssl/des/des_keys.c +deleted file mode 100644 +index 51d9db216..000000000 +--- a/src/lib/crypto/openssl/des/des_keys.c ++++ /dev/null +@@ -1,40 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/openssl/des/des_keys.c - Key functions used by Kerberos code */ +-/* +- * Copyright (C) 2011 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +- +-#include "crypto_int.h" +-#include +- +-void +-k5_des_fixup_key_parity(unsigned char *keybits) +-{ +- DES_set_odd_parity((DES_cblock *)keybits); +-} +- +-krb5_boolean +-k5_des_is_weak_key(unsigned char *keybits) +-{ +- return DES_is_weak_key((DES_cblock *)keybits); +-} +diff --git a/src/lib/crypto/openssl/enc_provider/Makefile.in b/src/lib/crypto/openssl/enc_provider/Makefile.in +index a9069d22d..2b32c3ac4 100644 +--- a/src/lib/crypto/openssl/enc_provider/Makefile.in ++++ b/src/lib/crypto/openssl/enc_provider/Makefile.in +@@ -3,19 +3,16 @@ BUILDTOP=$(REL)..$(S)..$(S)..$(S).. + LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. + + STLIBOBJS= \ +- des3.o \ + rc4.o \ + aes.o \ + camellia.o + + OBJS= \ +- $(OUTPRE)des3.$(OBJEXT) \ + $(OUTPRE)aes.$(OBJEXT) \ + $(OUTPRE)camellia.$(OBJEXT) \ + $(OUTPRE)rc4.$(OBJEXT) + + SRCS= \ +- $(srcdir)/des3.c \ + $(srcdir)/aes.c \ + $(srcdir)/camellia.c \ + $(srcdir)/rc4.c +diff --git a/src/lib/crypto/openssl/enc_provider/deps b/src/lib/crypto/openssl/enc_provider/deps +index 1c28cc842..91ba48234 100644 +--- a/src/lib/crypto/openssl/enc_provider/deps ++++ b/src/lib/crypto/openssl/enc_provider/deps +@@ -1,17 +1,6 @@ + # + # Generated makefile dependencies follow. + # +-des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ +- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +- $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ +- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ +- $(top_srcdir)/include/socket-utils.h des3.c + aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ +diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c +deleted file mode 100644 +index 1c439c2cd..000000000 +--- a/src/lib/crypto/openssl/enc_provider/des3.c ++++ /dev/null +@@ -1,184 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* lib/crypto/openssl/enc_provider/des3.c */ +-/* +- * Copyright (C) 2009 by the Massachusetts Institute of Technology. +- * All rights reserved. +- * +- * Export of this software from the United States of America may +- * require a specific license from the United States Government. +- * It is the responsibility of any person or organization contemplating +- * export to obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of M.I.T. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. Furthermore if you modify this software you must label +- * your software as modified software and not distribute it in such a +- * fashion that it might be confused with the original M.I.T. software. +- * M.I.T. makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- */ +-/* +- * Copyright (C) 1998 by the FundsXpress, INC. +- * +- * All rights reserved. +- * +- * Export of this software from the United States of America may require +- * a specific license from the United States Government. It is the +- * responsibility of any person or organization contemplating export to +- * obtain such a license before exporting. +- * +- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +- * distribute this software and its documentation for any purpose and +- * without fee is hereby granted, provided that the above copyright +- * notice appear in all copies and that both that copyright notice and +- * this permission notice appear in supporting documentation, and that +- * the name of FundsXpress. not be used in advertising or publicity pertaining +- * to distribution of the software without specific, written prior +- * permission. FundsXpress makes no representations about the suitability of +- * this software for any purpose. It is provided "as is" without express +- * or implied warranty. +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +- */ +- +-#include "crypto_int.h" +-#include +- +- +-#define DES3_BLOCK_SIZE 8 +-#define DES3_KEY_SIZE 24 +-#define DES3_KEY_BYTES 21 +- +-static krb5_error_code +-validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data, +- size_t num_data, krb5_boolean *empty) +-{ +- size_t input_length = iov_total_length(data, num_data, FALSE); +- +- if (key->keyblock.length != DES3_KEY_SIZE) +- return(KRB5_BAD_KEYSIZE); +- if ((input_length%DES3_BLOCK_SIZE) != 0) +- return(KRB5_BAD_MSIZE); +- if (ivec && (ivec->length != 8)) +- return(KRB5_BAD_MSIZE); +- +- *empty = (input_length == 0); +- return 0; +-} +- +-static krb5_error_code +-k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, +- size_t num_data) +-{ +- int ret, olen = DES3_BLOCK_SIZE; +- unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE]; +- struct iov_cursor cursor; +- EVP_CIPHER_CTX *ctx; +- krb5_boolean empty; +- +- ret = validate(key, ivec, data, num_data, &empty); +- if (ret != 0 || empty) +- return ret; +- +- ctx = EVP_CIPHER_CTX_new(); +- if (ctx == NULL) +- return ENOMEM; +- +- ret = EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, +- key->keyblock.contents, +- (ivec) ? (unsigned char*)ivec->data : NULL); +- if (!ret) { +- EVP_CIPHER_CTX_free(ctx); +- return KRB5_CRYPTO_INTERNAL; +- } +- +- EVP_CIPHER_CTX_set_padding(ctx,0); +- +- k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE); +- while (k5_iov_cursor_get(&cursor, iblock)) { +- ret = EVP_EncryptUpdate(ctx, oblock, &olen, iblock, DES3_BLOCK_SIZE); +- if (!ret) +- break; +- k5_iov_cursor_put(&cursor, oblock); +- } +- +- if (ivec != NULL) +- memcpy(ivec->data, oblock, DES3_BLOCK_SIZE); +- +- EVP_CIPHER_CTX_free(ctx); +- +- zap(iblock, sizeof(iblock)); +- zap(oblock, sizeof(oblock)); +- +- if (ret != 1) +- return KRB5_CRYPTO_INTERNAL; +- return 0; +-} +- +-static krb5_error_code +-k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, +- size_t num_data) +-{ +- int ret, olen = DES3_BLOCK_SIZE; +- unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE]; +- struct iov_cursor cursor; +- EVP_CIPHER_CTX *ctx; +- krb5_boolean empty; +- +- ret = validate(key, ivec, data, num_data, &empty); +- if (ret != 0 || empty) +- return ret; +- +- ctx = EVP_CIPHER_CTX_new(); +- if (ctx == NULL) +- return ENOMEM; +- +- ret = EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, +- key->keyblock.contents, +- (ivec) ? (unsigned char*)ivec->data : NULL); +- if (!ret) { +- EVP_CIPHER_CTX_free(ctx); +- return KRB5_CRYPTO_INTERNAL; +- } +- +- EVP_CIPHER_CTX_set_padding(ctx,0); +- +- k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE); +- while (k5_iov_cursor_get(&cursor, iblock)) { +- ret = EVP_DecryptUpdate(ctx, oblock, &olen, +- (unsigned char *)iblock, DES3_BLOCK_SIZE); +- if (!ret) +- break; +- k5_iov_cursor_put(&cursor, oblock); +- } +- +- if (ivec != NULL) +- memcpy(ivec->data, iblock, DES3_BLOCK_SIZE); +- +- EVP_CIPHER_CTX_free(ctx); +- +- zap(iblock, sizeof(iblock)); +- zap(oblock, sizeof(oblock)); +- +- if (ret != 1) +- return KRB5_CRYPTO_INTERNAL; +- return 0; +-} +- +-const struct krb5_enc_provider krb5int_enc_des3 = { +- DES3_BLOCK_SIZE, +- DES3_KEY_BYTES, DES3_KEY_SIZE, +- k5_des3_encrypt, +- k5_des3_decrypt, +- NULL, +- krb5int_des_init_state, +- krb5int_default_free_state +-}; +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index c821cc830..c5bddb1e8 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -1010,7 +1010,6 @@ kg_accept_krb5(minor_status, context_handle, + } + + switch (negotiated_etype) { +- case ENCTYPE_DES3_CBC_SHA1: + case ENCTYPE_ARCFOUR_HMAC: + case ENCTYPE_ARCFOUR_HMAC_EXP: + /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" +diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h +index 2e2c775d6..f5b0fede6 100644 +--- a/src/lib/gssapi/krb5/gssapiP_krb5.h ++++ b/src/lib/gssapi/krb5/gssapiP_krb5.h +@@ -125,14 +125,14 @@ enum sgn_alg { + /* SGN_ALG_DES_MAC = 0x0002, */ + /* SGN_ALG_3 = 0x0003, /\* not published *\/ */ + SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */ +- SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 ++ /* SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 */ + }; + enum seal_alg { + SEAL_ALG_NONE = 0xffff, + /* SEAL_ALG_DES = 0x0000, */ + /* SEAL_ALG_1 = 0x0001, /\* not published *\/ */ + SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */ +- SEAL_ALG_DES3KD = 0x0002 ++ /* SEAL_ALG_DES3KD = 0x0002 */ + }; + + /* for 3DES */ +@@ -153,7 +153,7 @@ enum qop { + GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004, + GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff, + /* GSS_KRB5_CONF_C_QOP_DES = 0x0100, */ +- GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, ++ /* GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, */ + GSS_KRB5_CONF_C_QOP_MASK = 0xff00 + }; + +diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c +index d1cdce486..7f7146a0a 100644 +--- a/src/lib/gssapi/krb5/k5seal.c ++++ b/src/lib/gssapi/krb5/k5seal.c +@@ -136,19 +136,12 @@ make_seal_token_v1 (krb5_context context, + + /* pad the plaintext, encrypt if needed, and stick it in the token */ + +- /* initialize the the checksum */ +- switch (signalg) { +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; +- break; +- case SGN_ALG_HMAC_MD5: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; +- if (toktype != KG_TOK_SEAL_MSG) +- sign_usage = 15; +- break; +- default: +- abort (); +- } ++ if (signalg != SGN_ALG_HMAC_MD5) ++ abort(); ++ ++ md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; ++ if (toktype != KG_TOK_SEAL_MSG) ++ sign_usage = 15; + + code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); + if (code) { +@@ -196,20 +189,8 @@ make_seal_token_v1 (krb5_context context, + gssalloc_free(t); + return(code); + } +- switch(signalg) { +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- /* +- * Using key derivation, the call to krb5_c_make_checksum +- * already dealt with encrypting. +- */ +- if (md5cksum.length != cksum_size) +- abort (); +- memcpy (ptr+14, md5cksum.contents, md5cksum.length); +- break; +- case SGN_ALG_HMAC_MD5: +- memcpy (ptr+14, md5cksum.contents, cksum_size); +- break; +- } ++ ++ memcpy (ptr+14, md5cksum.contents, cksum_size); + + krb5_free_checksum_contents(context, &md5cksum); + +diff --git a/src/lib/gssapi/krb5/k5sealiov.c b/src/lib/gssapi/krb5/k5sealiov.c +index 9bb2ee109..9147bb2c7 100644 +--- a/src/lib/gssapi/krb5/k5sealiov.c ++++ b/src/lib/gssapi/krb5/k5sealiov.c +@@ -144,18 +144,11 @@ make_seal_token_v1_iov(krb5_context context, + /* pad the plaintext, encrypt if needed, and stick it in the token */ + + /* initialize the checksum */ +- switch (ctx->signalg) { +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; +- break; +- case SGN_ALG_HMAC_MD5: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; +- if (toktype != KG_TOK_WRAP_MSG) +- sign_usage = 15; +- break; +- default: +- abort (); +- } ++ if (ctx->signalg != SGN_ALG_HMAC_MD5) ++ abort(); ++ md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; ++ if (toktype != KG_TOK_WRAP_MSG) ++ sign_usage = 15; + + code = krb5_c_checksum_length(context, md5cksum.checksum_type, &k5_trailerlen); + if (code != 0) +@@ -177,15 +170,7 @@ make_seal_token_v1_iov(krb5_context context, + if (code != 0) + goto cleanup; + +- switch (ctx->signalg) { +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- assert(md5cksum.length == ctx->cksum_size); +- memcpy(ptr + 14, md5cksum.contents, md5cksum.length); +- break; +- case SGN_ALG_HMAC_MD5: +- memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size); +- break; +- } ++ memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size); + + /* create the seq_num */ + code = kg_make_seq_num(context, ctx->seq, ctx->initiate ? 0 : 0xFF, +diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c +index 9b183bc33..f0cc4a680 100644 +--- a/src/lib/gssapi/krb5/k5unseal.c ++++ b/src/lib/gssapi/krb5/k5unseal.c +@@ -131,28 +131,21 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, + but few enough that we can try them all. */ + + if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || +- (ctx->sealalg == SEAL_ALG_DES3KD && +- signalg != SGN_ALG_HMAC_SHA1_DES3_KD)|| + (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 && + signalg != SGN_ALG_HMAC_MD5)) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + +- switch (signalg) { +- case SGN_ALG_HMAC_MD5: +- cksum_len = 8; +- if (toktype != KG_TOK_SEAL_MSG) +- sign_usage = 15; +- break; +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- cksum_len = 20; +- break; +- default: ++ if (signalg != SGN_ALG_HMAC_MD5) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + ++ cksum_len = 8; ++ if (toktype != KG_TOK_SEAL_MSG) ++ sign_usage = 15; ++ + if ((size_t)bodysize < 14 + cksum_len) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; +@@ -252,64 +245,53 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, + /* compute the checksum of the message */ + + /* initialize the the cksum */ +- switch (signalg) { +- case SGN_ALG_HMAC_MD5: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; +- break; +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; +- break; +- default: +- abort (); +- } ++ if (signalg != SGN_ALG_HMAC_MD5) ++ abort(); ++ md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + + code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); + if (code) + return(code); + md5cksum.length = sumlen; + +- switch (signalg) { +- default: ++ if (signalg != SGN_ALG_HMAC_MD5) { + *minor_status = 0; + return(GSS_S_DEFECTIVE_TOKEN); +- +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- case SGN_ALG_HMAC_MD5: +- /* compute the checksum of the message */ +- +- /* 8 = bytes of token body to be checksummed according to spec */ +- +- if (! (data_ptr = xmalloc(8 + plainlen))) { +- if (sealalg != 0xffff) +- xfree(plain); +- if (toktype == KG_TOK_SEAL_MSG) +- gssalloc_free(token.value); +- *minor_status = ENOMEM; +- return(GSS_S_FAILURE); +- } +- +- (void) memcpy(data_ptr, ptr-2, 8); +- +- (void) memcpy(data_ptr+8, plain, plainlen); +- +- plaind.length = 8 + plainlen; +- plaind.data = data_ptr; +- code = krb5_k_make_checksum(context, md5cksum.checksum_type, +- ctx->seq, sign_usage, +- &plaind, &md5cksum); +- xfree(data_ptr); +- +- if (code) { +- if (toktype == KG_TOK_SEAL_MSG) +- gssalloc_free(token.value); +- *minor_status = code; +- return(GSS_S_FAILURE); +- } +- +- code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); +- break; + } + ++ /* compute the checksum of the message */ ++ ++ /* 8 = bytes of token body to be checksummed according to spec */ ++ ++ if (! (data_ptr = xmalloc(8 + plainlen))) { ++ if (sealalg != 0xffff) ++ xfree(plain); ++ if (toktype == KG_TOK_SEAL_MSG) ++ gssalloc_free(token.value); ++ *minor_status = ENOMEM; ++ return(GSS_S_FAILURE); ++ } ++ ++ (void) memcpy(data_ptr, ptr-2, 8); ++ ++ (void) memcpy(data_ptr+8, plain, plainlen); ++ ++ plaind.length = 8 + plainlen; ++ plaind.data = data_ptr; ++ code = krb5_k_make_checksum(context, md5cksum.checksum_type, ++ ctx->seq, sign_usage, ++ &plaind, &md5cksum); ++ xfree(data_ptr); ++ ++ if (code) { ++ if (toktype == KG_TOK_SEAL_MSG) ++ gssalloc_free(token.value); ++ *minor_status = code; ++ return(GSS_S_FAILURE); ++ } ++ ++ code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); ++ + krb5_free_checksum_contents(context, &md5cksum); + if (sealalg != 0xffff) + xfree(plain); +diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c +index 85a9574f3..3ce2a90ce 100644 +--- a/src/lib/gssapi/krb5/k5unsealiov.c ++++ b/src/lib/gssapi/krb5/k5unsealiov.c +@@ -102,28 +102,21 @@ kg_unseal_v1_iov(krb5_context context, + } + + if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || +- (ctx->sealalg == SEAL_ALG_DES3KD && +- signalg != SGN_ALG_HMAC_SHA1_DES3_KD)|| + (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 && + signalg != SGN_ALG_HMAC_MD5)) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + +- switch (signalg) { +- case SGN_ALG_HMAC_MD5: +- cksum_len = 8; +- if (toktype != KG_TOK_WRAP_MSG) +- sign_usage = 15; +- break; +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- cksum_len = 20; +- break; +- default: ++ if (signalg != SGN_ALG_HMAC_MD5) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + ++ cksum_len = 8; ++ if (toktype != KG_TOK_WRAP_MSG) ++ sign_usage = 15; ++ + /* get the token parameters */ + code = kg_get_seq_num(context, ctx->seq, ptr + 14, ptr + 6, &direction, + &seqnum); +@@ -181,16 +174,10 @@ kg_unseal_v1_iov(krb5_context context, + + /* initialize the checksum */ + +- switch (signalg) { +- case SGN_ALG_HMAC_MD5: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; +- break; +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; +- break; +- default: ++ if (signalg != SGN_ALG_HMAC_MD5) + abort(); +- } ++ ++ md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + + code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); + if (code != 0) { +@@ -209,18 +196,13 @@ kg_unseal_v1_iov(krb5_context context, + goto cleanup; + } + +- switch (signalg) { +- case SGN_ALG_HMAC_SHA1_DES3_KD: +- case SGN_ALG_HMAC_MD5: +- code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); +- break; +- default: ++ if (signalg != SGN_ALG_HMAC_MD5) { + code = 0; + retval = GSS_S_DEFECTIVE_TOKEN; + goto cleanup; +- break; + } + ++ code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); + if (code != 0) { + code = 0; + retval = GSS_S_BAD_SIG; +diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c +index 80954aff7..f7d3e92c4 100644 +--- a/src/lib/gssapi/krb5/util_crypt.c ++++ b/src/lib/gssapi/krb5/util_crypt.c +@@ -97,17 +97,6 @@ kg_setup_keys(krb5_context context, krb5_gss_ctx_id_rec *ctx, krb5_key subkey, + return code; + + switch (subkey->keyblock.enctype) { +- case ENCTYPE_DES3_CBC_SHA1: +- code = kg_copy_keys(context, ctx, subkey); +- if (code != 0) +- return code; +- +- ctx->enc->keyblock.enctype = ENCTYPE_DES3_CBC_RAW; +- ctx->seq->keyblock.enctype = ENCTYPE_DES3_CBC_RAW; +- ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD; +- ctx->cksum_size = 20; +- ctx->sealalg = SEAL_ALG_DES3KD; +- break; + case ENCTYPE_ARCFOUR_HMAC: + case ENCTYPE_ARCFOUR_HMAC_EXP: + /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" enctype, +diff --git a/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp +index 740425c69..6b45f5f72 100644 +--- a/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp ++++ b/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp +@@ -53,10 +53,10 @@ proc test200 {} { + } + + # XXX Perhaps I should actually check the key type returned. +- if {$num_keys == 5} { ++ if {$num_keys == 4} { + pass "$test" + } else { +- fail "$test: $num_keys keys, should be 5" ++ fail "$test: $num_keys keys, should be 4" + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" +diff --git a/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp +index 3ea1ba29b..d2c6d1afa 100644 +--- a/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp ++++ b/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp +@@ -143,8 +143,8 @@ proc test101_102 {rpc} { + } + + set failed 0 +- if {$num_keys != 5} { +- fail "$test: num_keys $num_keys should be 5" ++ if {$num_keys != 4} { ++ fail "$test: num_keys $num_keys should be 4" + set failed 1 + } + for {set i 0} {$i < $num_keys} {incr i} { +diff --git a/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp +index 2925c1c43..2f76c8b43 100644 +--- a/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp ++++ b/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp +@@ -46,10 +46,10 @@ proc test100 {} { + } + + # XXX Perhaps I should actually check the key type returned. +- if {$num_keys == 5} { ++ if {$num_keys == 4} { + pass "$test" + } else { +- fail "$test: $num_keys keys, should be 5" ++ fail "$test: $num_keys keys, should be 4" + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" +diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c +index e7d67cca4..9a4741fa6 100644 +--- a/src/lib/krb5/krb/init_ctx.c ++++ b/src/lib/krb5/krb/init_ctx.c +@@ -59,7 +59,6 @@ + static krb5_enctype default_enctype_list[] = { + ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, +- ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, + 0 +@@ -479,8 +478,6 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey, + /* Set all enctypes in the default list. */ + for (i = 0; default_list[i]; i++) + mod_list(default_list[i], sel, weak, &list); +- } else if (strcasecmp(token, "des3") == 0) { +- mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, &list); + } else if (strcasecmp(token, "aes") == 0) { + mod_list(ENCTYPE_AES256_CTS_HMAC_SHA1_96, sel, weak, &list); + mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list); +diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c +index 504eb557f..fc5c886d6 100644 +--- a/src/lib/krb5/krb/s4u_creds.c ++++ b/src/lib/krb5/krb/s4u_creds.c +@@ -287,8 +287,6 @@ verify_s4u2self_reply(krb5_context context, + assert(req_s4u_user != NULL); + + switch (subkey->enctype) { +- case ENCTYPE_DES3_CBC_SHA1: +- case ENCTYPE_DES3_CBC_RAW: + case ENCTYPE_ARCFOUR_HMAC: + case ENCTYPE_ARCFOUR_HMAC_EXP : + not_newer = TRUE; +diff --git a/src/lib/krb5/krb/t_copy_context.c b/src/lib/krb5/krb/t_copy_context.c +index 2970a8cea..fb82daf19 100644 +--- a/src/lib/krb5/krb/t_copy_context.c ++++ b/src/lib/krb5/krb/t_copy_context.c +@@ -113,7 +113,7 @@ main(int argc, char **argv) + { + krb5_context ctx, ctx2; + krb5_plugin_initvt_fn *mods; +- const krb5_enctype etypes1[] = { ENCTYPE_DES3_CBC_SHA1, 0 }; ++ const krb5_enctype etypes1[] = { ENCTYPE_AES128_CTS_HMAC_SHA256_128, 0 }; + const krb5_enctype etypes2[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }; + krb5_prompt_type ptypes[] = { KRB5_PROMPT_TYPE_PASSWORD }; +diff --git a/src/lib/krb5/krb/t_etypes.c b/src/lib/krb5/krb/t_etypes.c +index f609e938a..248ffea90 100644 +--- a/src/lib/krb5/krb/t_etypes.c ++++ b/src/lib/krb5/krb/t_etypes.c +@@ -50,17 +50,6 @@ static struct { + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }, + 0, 0 + }, +- /* Family followed by enctype */ +- { "aes des3-cbc-sha1-kd", +- { 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, +- ENCTYPE_DES3_CBC_SHA1, 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, +- ENCTYPE_DES3_CBC_SHA1, 0 }, +- 0, 0 +- }, + /* Family with enctype removed */ + { "camellia -camellia256-cts-cmac", + { 0 }, +@@ -69,46 +58,15 @@ static struct { + }, + /* Default set with family added and enctype removed */ + { "DEFAULT +aes -arcfour-hmac-md5", +- { ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES3_CBC_SHA1, 0 }, +- { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, ++ { ENCTYPE_ARCFOUR_HMAC, 0 }, ++ { ENCTYPE_AES256_CTS_HMAC_SHA1_96, + ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, + ENCTYPE_AES128_CTS_HMAC_SHA256_128, 0 }, +- { ENCTYPE_DES3_CBC_SHA1, +- ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, ++ { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, + 0 }, + 0, 0 + }, +- /* Default set with families removed and enctypes added (one redundant) */ +- { "DEFAULT -des3 rc4-hmac rc4-hmac-exp", +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_ARCFOUR_HMAC, 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, 0 }, +- 0, 0 +- }, +- /* Default set with family moved to front */ +- { "des3 +DEFAULT", +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, +- ENCTYPE_DES3_CBC_SHA1, 0 }, +- { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, +- ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 }, +- { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, +- ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 }, +- 0, 0 +- }, +- /* Two families with default set removed (exotic case), enctype added */ +- { "aes +rc4 -DEFaulT des3-hmac-sha1", +- { ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_DES3_CBC_SHA1, +- ENCTYPE_ARCFOUR_HMAC, 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, +- ENCTYPE_AES128_CTS_HMAC_SHA256_128, ENCTYPE_DES3_CBC_SHA1, 0 }, +- { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, +- ENCTYPE_AES128_CTS_HMAC_SHA256_128, ENCTYPE_DES3_CBC_SHA1, 0 }, +- 0, 0 +- }, + /* Test krb5_set_default_in_tkt_ktypes */ + { NULL, + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }, +diff --git a/src/lib/krb5/os/t_trace.c b/src/lib/krb5/os/t_trace.c +index 10ba8d0ac..24064ffcf 100644 +--- a/src/lib/krb5/os/t_trace.c ++++ b/src/lib/krb5/os/t_trace.c +@@ -65,8 +65,8 @@ main (int argc, char *argv[]) + krb5_principal princ = &principal_data; + krb5_pa_data padata, padata2, **padatap; + krb5_enctype enctypes[4] = { +- ENCTYPE_DES3_CBC_SHA, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_UNKNOWN, +- ENCTYPE_NULL}; ++ ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_ARCFOUR_HMAC_EXP, ++ ENCTYPE_UNKNOWN, ENCTYPE_NULL}; + krb5_ccache ccache; + krb5_keytab keytab; + krb5_creds creds; +diff --git a/src/lib/krb5/os/t_trace.ref b/src/lib/krb5/os/t_trace.ref +index 044a66999..98fb14f3f 100644 +--- a/src/lib/krb5/os/t_trace.ref ++++ b/src/lib/krb5/os/t_trace.ref +@@ -41,7 +41,7 @@ int, krb5_principal type: ? + krb5_pa_data **, display list of padata type numbers: PA-PW-SALT (3), 0 + krb5_pa_data **, display list of padata type numbers: (empty) + krb5_enctype, display shortest name of enctype: aes128-cts +-krb5_enctype *, display list of enctypes: 5, rc4-hmac-exp, 511 ++krb5_enctype *, display list of enctypes: aes128-cts, rc4-hmac-exp, 511 + krb5_enctype *, display list of enctypes: (empty) + krb5_ccache, display type:name: FILE:/path/to/ccache + krb5_keytab, display name: FILE:/etc/krb5.keytab +diff --git a/src/plugins/preauth/pkinit/pkcs11.h b/src/plugins/preauth/pkinit/pkcs11.h +index e3d284631..586661bb7 100644 +--- a/src/plugins/preauth/pkinit/pkcs11.h ++++ b/src/plugins/preauth/pkinit/pkcs11.h +@@ -339,9 +339,9 @@ typedef unsigned long ck_key_type_t; + #define CKK_GENERIC_SECRET (0x10) + #define CKK_RC2 (0x11) + #define CKK_RC4 (0x12) +-#define CKK_DES (0x13) +-#define CKK_DES2 (0x14) +-#define CKK_DES3 (0x15) ++/* #define CKK_DES (0x13) */ ++/* #define CKK_DES2 (0x14) */ ++/* #define CKK_DES3 (0x15) */ + #define CKK_CAST (0x16) + #define CKK_CAST3 (0x17) + #define CKK_CAST128 (0x18) +diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c +index 1a642139a..2f0431991 100644 +--- a/src/plugins/preauth/pkinit/pkinit_clnt.c ++++ b/src/plugins/preauth/pkinit/pkinit_clnt.c +@@ -212,14 +212,6 @@ pkinit_as_req_create(krb5_context context, + auth_pack.clientPublicValue = &info; + auth_pack.supportedKDFs = (krb5_data **)supported_kdf_alg_ids; + +- /* add List of CMS algorithms */ +- retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx, +- reqctx->cryptoctx, +- reqctx->idctx, &cmstypes); +- auth_pack.supportedCMSTypes = cmstypes; +- if (retval) +- goto cleanup; +- + switch(protocol) { + case DH_PROTOCOL: + TRACE_PKINIT_CLIENT_REQ_DH(context); +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto.h b/src/plugins/preauth/pkinit/pkinit_crypto.h +index 8064a07d0..a291889b0 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto.h ++++ b/src/plugins/preauth/pkinit/pkinit_crypto.h +@@ -380,18 +380,6 @@ krb5_error_code server_process_dh + unsigned int *server_key_len_out); /* OUT + receives length of DH secret key */ + +-/* +- * this functions takes in crypto specific representation of +- * supportedCMSTypes and creates a list of +- * krb5_algorithm_identifier +- */ +-krb5_error_code create_krb5_supportedCMSTypes +- (krb5_context context, /* IN */ +- pkinit_plg_crypto_context plg_cryptoctx, /* IN */ +- pkinit_req_crypto_context req_cryptoctx, /* IN */ +- pkinit_identity_crypto_context id_cryptoctx, /* IN */ +- krb5_algorithm_identifier ***supportedCMSTypes); /* OUT */ +- + /* + * this functions takes in crypto specific representation of + * trustedCertifiers and creates a list of +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index 8c7fd0cca..52976895b 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -5487,44 +5487,6 @@ cleanup: + return retval; + } + +-krb5_error_code +-create_krb5_supportedCMSTypes(krb5_context context, +- pkinit_plg_crypto_context plg_cryptoctx, +- pkinit_req_crypto_context req_cryptoctx, +- pkinit_identity_crypto_context id_cryptoctx, +- krb5_algorithm_identifier ***oids) +-{ +- +- krb5_error_code retval = ENOMEM; +- krb5_algorithm_identifier **loids = NULL; +- krb5_data des3oid = {0, 8, "\x2A\x86\x48\x86\xF7\x0D\x03\x07" }; +- +- *oids = NULL; +- loids = malloc(2 * sizeof(krb5_algorithm_identifier *)); +- if (loids == NULL) +- goto cleanup; +- loids[1] = NULL; +- loids[0] = malloc(sizeof(krb5_algorithm_identifier)); +- if (loids[0] == NULL) { +- free(loids); +- goto cleanup; +- } +- retval = pkinit_copy_krb5_data(&loids[0]->algorithm, &des3oid); +- if (retval) { +- free(loids[0]); +- free(loids); +- goto cleanup; +- } +- loids[0]->parameters.length = 0; +- loids[0]->parameters.data = NULL; +- +- *oids = loids; +- retval = 0; +-cleanup: +- +- return retval; +-} +- + krb5_error_code + create_krb5_trustedCertifiers(krb5_context context, + pkinit_plg_crypto_context plg_cryptoctx, +diff --git a/src/plugins/preauth/pkinit/pkinit_kdf_test.c b/src/plugins/preauth/pkinit/pkinit_kdf_test.c +index 7acbd0d28..cd998a29a 100644 +--- a/src/plugins/preauth/pkinit/pkinit_kdf_test.c ++++ b/src/plugins/preauth/pkinit/pkinit_kdf_test.c +@@ -49,7 +49,6 @@ char eighteen_bs[9]; + char party_u_name[] = "lha@SU.SE"; + char party_v_name[] = "krbtgt/SU.SE@SU.SE"; + int enctype_aes = ENCTYPE_AES256_CTS_HMAC_SHA1_96; +-int enctype_des3 = ENCTYPE_DES3_CBC_SHA1; + const krb5_data lha_data = DATA_FROM_STRING("lha"); + + krb5_octet key1_hex[] = +@@ -185,36 +184,6 @@ main(int argc, char **argv) + goto cleanup; + } + +- /* TEST 3: SHA-512/DES3 */ +- /* set up algorithm id */ +- alg_id.algorithm.data = (char *)krb5_pkinit_sha512_oid; +- alg_id.algorithm.length = krb5_pkinit_sha512_oid_len; +- +- enctype = enctype_des3; +- +- /* call pkinit_alg_agility_kdf() with test vector values*/ +- if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, +- &alg_id.algorithm, +- u_principal, v_principal, +- enctype, &as_req, &pk_as_rep, +- &key_block))) { +- printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d", +- retval); +- goto cleanup; +- } +- +- /* compare key to expected key value */ +- +- if ((key_block.length == sizeof(key3_hex)) && +- (0 == memcmp(key_block.contents, key3_hex, key_block.length))) { +- printf("SUCCESS: TEST 3 (SHA-512/DES3), Correct key value generated.\n"); +- retval = 0; +- } else { +- printf("FAILURE: TEST 2 (SHA-512/DES3), Incorrect key value generated!\n"); +- retval = 1; +- goto cleanup; +- } +- + cleanup: + /* release all allocated resources, whether good or bad return */ + free(secret.data); +diff --git a/src/plugins/preauth/spake/t_vectors.c b/src/plugins/preauth/spake/t_vectors.c +index 2279202d3..96b0307d7 100644 +--- a/src/plugins/preauth/spake/t_vectors.c ++++ b/src/plugins/preauth/spake/t_vectors.c +@@ -56,31 +56,6 @@ struct test { + const char *K2; + const char *K3; + } tests[] = { +- { ENCTYPE_DES3_CBC_SHA1, SPAKE_GROUP_EDWARDS25519, +- /* initial key, w, x, y, T, S, K */ +- "850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E", +- "686D84730CB8679AE95416C6567C6A63F2C9CEF124F7A3371AE81E11CAD42A37", +- "201012D07BFD48DDFA33C4AAC4FB1E229FB0D043CFE65EBFB14399091C71A723", +- "500B294797B8B042ACA1BEDC0F5931A4F52C537B3608B2D05CC8A2372F439F25", +- "18F511E750C97B592ACD30DB7D9E5FCA660389102E6BF610C1BFBED4616C8362", +- "5D10705E0D1E43D5DBF30240CCFBDE4A0230C70D4C79147AB0B317EDAD2F8AE7", +- "25BDE0D875F0FEB5755F45BA5E857889D916ECF7476F116AA31DC3E037EC4292", +- /* support, challenge, thash, body */ +- "A0093007A0053003020101", +- "A1363034A003020101A122042018F511E750C97B592ACD30DB7D9E5FCA660389" +- "102E6BF610C1BFBED4616C8362A20930073005A003020101", +- "EAAA08807D0616026FF51C849EFBF35BA0CE3C5300E7D486DA46351B13D4605B", +- "3075A00703050000000000A1143012A003020101A10B30091B07726165627572" +- "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018" +- "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730" +- "303130313030303030305AA703020100A8053003020110", +- /* K'[0], K'[1], K'[2], K'[3] */ +- "BAF12FAE7CD958CBF1A29BFBC71F89CE49E03E295D89DAFD", +- "64F73DD9C41908206BCEC1F719026B574F9D13463D7A2520", +- "0454520B086B152C455829E6BAEFF78A61DFE9E3D04A895D", +- "4A92260B25E3EF94C125D5C24C3E5BCED5B37976E67F25C4", +- }, +- + { ENCTYPE_ARCFOUR_HMAC, SPAKE_GROUP_EDWARDS25519, + /* initial key, w, x, y, T, S, K */ + "8846F7EAEE8FB117AD06BDD830B7586C", +diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp +index b047ef1f7..4d8c917cd 100644 +--- a/src/tests/dejagnu/config/default.exp ++++ b/src/tests/dejagnu/config/default.exp +@@ -15,8 +15,6 @@ set timeout 100 + set stty_init {erase \^h kill \^u} + set env(TERM) dumb + +-set des3_krbtgt 0 +- + if { [string length $VALGRIND] } { + rename spawn valgrind_aux_spawn + proc spawn { args } { +@@ -105,17 +103,9 @@ if { $PRIOCNTL_HACK } { + # particularly with regards to encryption types. + + set passes { +- { +- des3 +- mode=udp +- des3_krbtgt=1 +- {supported_enctypes=des3-cbc-sha1:normal} +- {dummy=[verbose -log "DES3 TGT, DES3 enctype"]} +- } + { + aes-only + mode=udp +- des3_krbtgt=0 + {supported_enctypes=aes256-cts-hmac-sha1-96:normal} + {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96} + {permitted_enctypes(client)=aes256-cts-hmac-sha1-96} +@@ -130,7 +120,6 @@ set passes { + { + aes-sha2-only + mode=udp +- des3_krbtgt=0 + {supported_enctypes=aes256-sha2:normal} + {permitted_enctypes(kdc)=aes256-sha2} + {permitted_enctypes(replica)=aes256-sha2} +@@ -146,7 +135,6 @@ set passes { + { + camellia-only + mode=udp +- des3_krbtgt=0 + {supported_enctypes=camellia256-cts:normal} + {permitted_enctypes(kdc)=camellia256-cts} + {permitted_enctypes(replica)=camellia256-cts} +@@ -159,32 +147,9 @@ set passes { + {master_key_type=camellia256-cts} + {dummy=[verbose -log "Camellia-256 enctype"]} + } +- { +- aes-des3 +- mode=udp +- des3_krbtgt=0 +- {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal} +- {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {master_key_type=aes256-cts-hmac-sha1-96} +- {dummy=[verbose -log "AES + DES3 + DES enctypes"]} +- } +- { +- aes-des3tgt +- mode=udp +- des3_krbtgt=1 +- {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal} +- {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} +- {master_key_type=aes256-cts-hmac-sha1-96} +- {dummy=[verbose -log "AES enctypes, DES3 TGT"]} +- } + { + all-enctypes + mode=udp +- des3_krbtgt=0 + {allow_weak_crypto(kdc)=false} + {allow_weak_crypto(replica)=false} + {allow_weak_crypto(client)=false} +@@ -946,7 +911,6 @@ proc setup_kerberos_db { standalone } { + global REALMNAME KDB5_UTIL KADMIN_LOCAL KEY + global tmppwd hostname + global spawn_id +- global des3_krbtgt + global multipass_name last_passname_db + + set failall 0 +@@ -1143,48 +1107,6 @@ proc setup_kerberos_db { standalone } { + } + } + +- if $des3_krbtgt { +- # Set the TGT key to DES3. +- set test "kadmin.local TGT to DES3" +- set body { +- if $failall { +- break +- } +- spawn $KADMIN_LOCAL -r $REALMNAME -e des3-cbc-sha1:normal +- verbose "starting $test" +- expect_after $def_exp_after +- +- expect "kadmin.local: " +- send "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" +- # It echos... +- expect "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" +- expect { +- "Key for \"krbtgt/$REALMNAME@$REALMNAME\" randomized." { } +- } +- expect "kadmin.local: " +- send "quit\r" +- expect eof +- catch expect_after +- if ![check_exit_status kadmin_local] { +- break +- } +- } +- set ret [catch $body] +- catch "expect eof" +- catch expect_after +- if $ret { +- set failall 1 +- if $standalone { +- fail $test +- } else { +- delete_db +- } +- } else { +- if $standalone { +- pass $test +- } +- } +- } + envstack_pop + + # create the admin database lock file +diff --git a/src/tests/dejagnu/krb-standalone/kprop.exp b/src/tests/dejagnu/krb-standalone/kprop.exp +index f71ee8638..8c08cf42f 100644 +--- a/src/tests/dejagnu/krb-standalone/kprop.exp ++++ b/src/tests/dejagnu/krb-standalone/kprop.exp +@@ -54,7 +54,7 @@ proc doit { } { + global REALMNAME KEY + global KADMIN_LOCAL KTUTIL KDB5_UTIL KPROPLOG KPROP kpropd_spawn_id + global hostname tmppwd spawn_id timeout +- global KRBIV supported_enctypes portbase mode ulog des3_krbtgt ++ global KRBIV supported_enctypes portbase mode ulog + + # Delete any db, ulog files + delete_db +diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py +index 7494d7fcd..2f95d8996 100755 +--- a/src/tests/gssapi/t_enctypes.py ++++ b/src/tests/gssapi/t_enctypes.py +@@ -1,24 +1,17 @@ + from k5test import * + +-# Define some convenience abbreviations for enctypes we will see in +-# test program output. For background, aes256 and aes128 are "CFX +-# enctypes", meaning that they imply support for RFC 4121, while des3 +-# and rc4 are not. DES3 keys will appear as 'des3-cbc-raw' in +-# t_enctypes output because that's how GSSAPI does raw triple-DES +-# encryption without the RFC3961 framing. ++# Define some convenience abbreviations for enctypes we will see in test ++# program output. For background, aes256 and aes128 are "CFX enctypes", ++# meaning that they imply support for RFC 4121, while rc4 does not. + aes256 = 'aes256-cts-hmac-sha1-96' + aes128 = 'aes128-cts-hmac-sha1-96' +-des3 = 'des3-cbc-sha1' +-d_des3 = 'DEPRECATED:des3-cbc-sha1' +-des3raw = 'des3-cbc-raw' +-d_des3raw = 'DEPRECATED:des3-cbc-raw' + rc4 = 'arcfour-hmac' + d_rc4 = 'DEPRECATED:arcfour-hmac' + + # These tests make assumptions about the default enctype lists, so set + # them explicitly rather than relying on the library defaults. +-supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal' +-conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4'}, ++supp='aes256-cts:normal aes128-cts:normal rc4-hmac:normal' ++conf = {'libdefaults': {'permitted_enctypes': 'aes rc4'}, + 'realms': {'$realm': {'supported_enctypes': supp}}} + realm = K5Realm(krb5_conf=conf) + shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save')) +@@ -87,19 +80,12 @@ test('both aes128', 'aes128-cts', 'aes128-cts', + test_err('acc aes128', None, 'aes128-cts', + 'Encryption type aes256-cts-hmac-sha1-96 not permitted') + +-# If the initiator constrains the permitted session enctypes to des3, +-# no acceptor subkey will be generated because we can't upgrade to a +-# CFX enctype. +-test('init des3', 'des3', None, +- tktenc=aes256, tktsession=d_des3, +- proto='rfc1964', isubkey=des3raw, asubkey=None) +- + # Force the ticket session key to be rc4, so we can test some subkey + # upgrade cases. The ticket encryption key remains aes256. + realm.run([kadminl, 'setstr', realm.host_princ, 'session_enctypes', 'rc4']) + + # With no arguments, the initiator should send an upgrade list of +-# [aes256 aes128 des3] and the acceptor should upgrade to an aes256 ++# [aes256 aes128] and the acceptor should upgrade to an aes256 + # subkey. + test('upgrade noargs', None, None, + tktenc=aes256, tktsession=d_rc4, +@@ -115,13 +101,6 @@ test('upgrade init aes128+rc4', 'aes128-cts rc4', None, + tktenc=aes256, tktsession=d_rc4, + proto='cfx', isubkey=rc4, asubkey=aes128) + +-# If the initiator permits rc4 but prefers des3, it will send an +-# upgrade list of [des3], but the acceptor won't generate a subkey +-# because des3 isn't a CFX enctype. +-test('upgrade init des3+rc4', 'des3 rc4', None, +- tktenc=aes256, tktsession=d_rc4, +- proto='rfc1964', isubkey=rc4, asubkey=None) +- + # If the acceptor permits only aes128, subkey negotiation will fail + # because the ticket session key and initiator subkey are + # non-permitted. (This is unfortunate if the acceptor's restriction +diff --git a/src/tests/gssapi/t_invalid.c b/src/tests/gssapi/t_invalid.c +index 9876a11e6..fb8fe5511 100644 +--- a/src/tests/gssapi/t_invalid.c ++++ b/src/tests/gssapi/t_invalid.c +@@ -84,18 +84,6 @@ struct test { + size_t toklen; + const char *token; + } tests[] = { +- { +- ENCTYPE_DES3_CBC_SHA1, ENCTYPE_DES3_CBC_RAW, +- SEAL_ALG_DES3KD, SGN_ALG_HMAC_SHA1_DES3_KD, 20, +- 24, +- "\x4F\xEA\x19\x19\x5E\x0E\x10\xDF\x3D\x29\xB5\x13\x8F\x01\xC7\xA7" +- "\x92\x3D\x38\xF7\x26\x73\x0D\x6D", +- 65, +- "\x60\x3F\x06\x09\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x02\x01\x04" +- "\x00\x02\x00\xFF\xFF\xEB\xF3\x9A\x89\x24\x57\xB8\x63\x95\x25\xE8" +- "\x6E\x8E\x79\xE6\x2E\xCA\xD3\xFF\x57\x9F\x8C\xAB\xEF\xDD\x28\x10" +- "\x2F\x93\x21\x2E\xF2\x52\xB6\x6F\xA8\xBB\x8A\x6D\xAA\x6F\xB7\xF4\xD4" +- }, + { + ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC, + SEAL_ALG_MICROSOFT_RC4, SGN_ALG_HMAC_MD5, 8, +diff --git a/src/tests/gssapi/t_pcontok.c b/src/tests/gssapi/t_pcontok.c +index 7368f752f..bf22bd3da 100644 +--- a/src/tests/gssapi/t_pcontok.c ++++ b/src/tests/gssapi/t_pcontok.c +@@ -43,7 +43,6 @@ + #include "k5-int.h" + #include "common.h" + +-#define SGN_ALG_HMAC_SHA1_DES3_KD 0x04 + #define SGN_ALG_HMAC_MD5 0x11 + + /* +@@ -77,17 +76,12 @@ make_delete_token(gss_krb5_lucid_context_v1_t *lctx, gss_buffer_desc *out) + ret = krb5_k_create_key(context, &seqkb, &seq); + check_k5err(context, "krb5_k_create_key", ret); + +- if (signalg == SGN_ALG_HMAC_SHA1_DES3_KD) { +- cktype = CKSUMTYPE_HMAC_SHA1_DES3; +- cksize = 20; +- ckusage = 23; +- } else if (signalg == SGN_ALG_HMAC_MD5) { +- cktype = CKSUMTYPE_HMAC_MD5_ARCFOUR; +- cksize = 8; +- ckusage = 15; +- } else { ++ if (signalg != SGN_ALG_HMAC_MD5) + abort(); +- } ++ ++ cktype = CKSUMTYPE_HMAC_MD5_ARCFOUR; ++ cksize = 8; ++ ckusage = 15; + + tlen = 20 + mech_krb5.length + cksize; + token = malloc(tlen); +diff --git a/src/tests/gssapi/t_prf.c b/src/tests/gssapi/t_prf.c +index f71774cdc..d1857c433 100644 +--- a/src/tests/gssapi/t_prf.c ++++ b/src/tests/gssapi/t_prf.c +@@ -41,13 +41,6 @@ static struct { + const char *key2; + const char *out2; + } tests[] = { +- { ENCTYPE_DES3_CBC_SHA1, +- "70378A19CD64134580C27C0115D6B34A1CF2FEECEF9886A2", +- "9F8D127C520BB826BFF3E0FE5EF352389C17E0C073D9" +- "AC4A333D644D21BA3EF24F4A886D143F85AC9F6377FB", +- "3452A167DF1094BA1089E0A20E9E51ABEF1525922558B69E", +- "6BF24FABC858F8DD9752E4FCD331BB831F238B5BE190" +- "4EEA42E38F7A60C588F075C5C96A67E7F8B7BD0AECF4" }, + { ENCTYPE_ARCFOUR_HMAC, + "3BB3AE288C12B3B9D06B208A4151B3B6", + "9AEA11A3BCF3C53F1F91F5A0BA2132E2501ADF5F3C28" +diff --git a/src/tests/t_authdata.py b/src/tests/t_authdata.py +index c589adf2a..4fbdbec05 100644 +--- a/src/tests/t_authdata.py ++++ b/src/tests/t_authdata.py +@@ -174,7 +174,7 @@ realm.run([kvno, 'restricted']) + # preferred krbtgt enctype changes. + mark('#8139 regression test') + realm.kinit(realm.user_princ, password('user'), ['-f']) +-realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'des3-cbc-sha1', ++realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes256-sha2', + realm.krbtgt_princ]) + realm.run(['./forward']) + realm.run([kvno, realm.host_princ]) +diff --git a/src/tests/t_etype_info.py b/src/tests/t_etype_info.py +index 2a052fc17..ace0edc3c 100644 +--- a/src/tests/t_etype_info.py ++++ b/src/tests/t_etype_info.py +@@ -1,6 +1,6 @@ + from k5test import * + +-supported_enctypes = 'aes128-cts des3-cbc-sha1 rc4-hmac' ++supported_enctypes = 'aes128-cts rc4-hmac' + conf = {'libdefaults': {'allow_weak_crypto': 'true'}, + 'realms': {'$realm': {'supported_enctypes': supported_enctypes}}} + realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf) +@@ -24,9 +24,9 @@ def test_etinfo(princ, enctypes, expected_lines): + # With no newer enctypes in the request, PA-ETYPE-INFO2, + # PA-ETYPE-INFO, and PA-PW-SALT appear in the AS-REP, each listing one + # key for the most preferred matching enctype. +-test_etinfo('user', 'rc4-hmac-exp des3 rc4', +- ['asrep etype_info2 des3-cbc-sha1 KRBTEST.COMuser', +- 'asrep etype_info des3-cbc-sha1 KRBTEST.COMuser', ++test_etinfo('user', 'rc4-hmac-exp rc4', ++ ['asrep etype_info2 rc4-hmac KRBTEST.COMuser', ++ 'asrep etype_info rc4-hmac KRBTEST.COMuser', + 'asrep pw_salt KRBTEST.COMuser']) + + # With a newer enctype in the request (even if it is not the most +@@ -37,9 +37,9 @@ test_etinfo('user', 'rc4 aes256-cts', + + # In preauth-required errors, PA-PW-SALT does not appear, but the same + # etype-info2 values are expected. +-test_etinfo('preauthuser', 'rc4-hmac-exp des3 rc4', +- ['error etype_info2 des3-cbc-sha1 KRBTEST.COMpreauthuser', +- 'error etype_info des3-cbc-sha1 KRBTEST.COMpreauthuser']) ++test_etinfo('preauthuser', 'rc4-hmac-exp rc4', ++ ['error etype_info2 rc4-hmac KRBTEST.COMpreauthuser', ++ 'error etype_info rc4-hmac KRBTEST.COMpreauthuser']) + test_etinfo('preauthuser', 'rc4 aes256-cts', + ['error etype_info2 rc4-hmac KRBTEST.COMpreauthuser']) + +@@ -48,8 +48,8 @@ test_etinfo('preauthuser', 'rc4 aes256-cts', + # (to allow for preauth mechs which don't depend on long-term keys). + # An AS-REP cannot be generated without preauth as there is no reply + # key. +-test_etinfo('rc4user', 'des3', []) +-test_etinfo('nokeyuser', 'des3', []) ++test_etinfo('rc4user', 'aes128-cts', []) ++test_etinfo('nokeyuser', 'aes128-cts', []) + + # Verify that etype-info2 is included in a MORE_PREAUTH_DATA_REQUIRED + # error if the client does optimistic preauth. +diff --git a/src/tests/t_keyrollover.py b/src/tests/t_keyrollover.py +index 2c825a692..f29e0d550 100755 +--- a/src/tests/t_keyrollover.py ++++ b/src/tests/t_keyrollover.py +@@ -37,9 +37,9 @@ realm.run([klist, '-e'], expected_msg=msg) + + # Test that the KDC only accepts the first enctype for a kvno, for a + # local-realm TGS request. To set this up, we abuse an edge-case +-# behavior of modprinc -kvno. First, set up a DES3 krbtgt entry at ++# behavior of modprinc -kvno. First, set up an aes128-sha2 krbtgt entry at + # kvno 1 and cache a krbtgt ticket. +-realm.run([kadminl, 'cpw', '-randkey', '-e', 'des3-cbc-sha1', ++realm.run([kadminl, 'cpw', '-randkey', '-e', 'aes128-cts-hmac-sha256-128', + realm.krbtgt_princ]) + realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ]) + realm.kinit(realm.user_princ, password('user')) +@@ -50,9 +50,9 @@ realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes256-cts', + realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ]) + out = realm.run([kadminl, 'getprinc', realm.krbtgt_princ]) + if 'vno 1, aes256-cts' not in out or \ +- 'vno 1, DEPRECATED:des3-cbc-sha1' not in out: ++ 'vno 1, aes128-cts-hmac-sha256-128' not in out: + fail('keyrollover: setup for TGS enctype test failed') +-# Now present the DES3 ticket to the KDC and make sure it's rejected. ++# Now present the aes128-sha2 ticket to the KDC and make sure it's rejected. + realm.run([kvno, realm.host_princ], expected_code=1) + + realm.stop() +diff --git a/src/tests/t_mkey.py b/src/tests/t_mkey.py +index 99273c907..f84041ca4 100755 +--- a/src/tests/t_mkey.py ++++ b/src/tests/t_mkey.py +@@ -7,7 +7,6 @@ import struct + # default enctype for master keys. + aes256 = 'aes256-cts-hmac-sha1-96' + aes128 = 'aes128-cts-hmac-sha1-96' +-des3 = 'des3-cbc-sha1' + defetype = aes256 + + realm = K5Realm(create_host=False, start_kadmind=True) +@@ -300,40 +299,6 @@ if 'Decrypt integrity check failed' in out or 'added to keytab' not in out: + + realm.stop() + +-# Load a dump file created with krb5 1.6, before the master key +-# rollover changes were introduced. Write out an old-format stash +-# file consistent with the dump's master password ("footes"). The K/M +-# entry in this database will not have actkvno tl-data because it was +-# created prior to master key rollover support. Verify that: +-# 1. We can access the database using the old-format stash file. +-# 2. list_mkeys displays the same list as for a post-1.7 KDB. +-mark('pre-1.7 stash file') +-dumpfile = os.path.join(srctop, 'tests', 'dumpfiles', 'dump.16') +-os.remove(stash_file) +-f = open(stash_file, 'wb') +-f.write(struct.pack('=HL24s', 16, 24, +- b'\xF8\x3E\xFB\xBA\x6D\x80\xD9\x54\xE5\x5D\xF2\xE0' +- b'\x94\xAD\x6D\x86\xB5\x16\x37\xEC\x7C\x8A\xBC\x86')) +-f.close() +-realm.run([kdb5_util, 'load', dumpfile]) +-nprincs = len(realm.run([kadminl, 'listprincs']).splitlines()) +-check_mkvno('K/M', 1) +-check_mkey_list((1, des3, True, True)) +- +-# Create a new master key and verify that, without actkvkno tl-data: +-# 1. list_mkeys displays the same as for a post-1.7 KDB. +-# 2. update_princ_encryption still targets mkvno 1. +-# 3. libkadm5 still uses mkvno 1 for key changes. +-# 4. use_mkey creates the same list as for a post-1.7 KDB. +-mark('rollover from pre-1.7 KDB') +-add_mkey([]) +-check_mkey_list((2, defetype, False, False), (1, des3, True, True)) +-update_princ_encryption(False, 1, 0, nprincs - 1) +-realm.run([kadminl, 'addprinc', '-randkey', realm.user_princ]) +-check_mkvno(realm.user_princ, 1) +-realm.run([kdb5_util, 'use_mkey', '2', 'now-1day']) +-check_mkey_list((2, defetype, True, True), (1, des3, True, False)) +- + # Regression test for #8395. Purge the master key and verify that a + # master key fetch does not segfault. + mark('#8395 regression test') +diff --git a/src/tests/t_salt.py b/src/tests/t_salt.py +index 65084bbf3..55ca89745 100755 +--- a/src/tests/t_salt.py ++++ b/src/tests/t_salt.py +@@ -16,13 +16,12 @@ def test_salt(realm, e1, salt, e2): + + # Enctype/salt pairs chosen with non-default salt types. + # The enctypes are mostly arbitrary. +-salts = [('des3-cbc-sha1', 'norealm'), ++salts = [('aes128-cts-hmac-sha1-96', 'norealm'), + ('arcfour-hmac', 'onlyrealm'), + ('aes128-cts-hmac-sha1-96', 'special')] + # These enctypes are chosen to cover the different string-to-key routines. + # Omit ":normal" from aes256 to check that salttype defaulting works. +-second_kstypes = ['aes256-cts-hmac-sha1-96', 'arcfour-hmac:normal', +- 'des3-cbc-sha1:normal'] ++second_kstypes = ['aes256-cts-hmac-sha1-96', 'arcfour-hmac:normal'] + + # Test using different salt types in a principal's key list. + # Parameters from one key in the list must not leak over to later ones. +diff --git a/src/util/k5test.py b/src/util/k5test.py +index 442a4e4f7..eea92275d 100644 +--- a/src/util/k5test.py ++++ b/src/util/k5test.py +@@ -1299,13 +1299,6 @@ _passes = [ + # No special settings; exercises AES256. + ('default', None, None, None), + +- # Exercise the DES3 enctype. +- ('des3', None, +- {'libdefaults': {'permitted_enctypes': 'des3'}}, +- {'realms': {'$realm': { +- 'supported_enctypes': 'des3-cbc-sha1:normal', +- 'master_key_type': 'des3-cbc-sha1'}}}), +- + # Exercise the arcfour enctype. + ('arcfour', None, + {'libdefaults': {'permitted_enctypes': 'rc4'}}, +diff --git a/src/windows/leash/htmlhelp/html/Encryption_Types.htm b/src/windows/leash/htmlhelp/html/Encryption_Types.htm +index 1aebdd0b4..c38eefd2b 100644 +--- a/src/windows/leash/htmlhelp/html/Encryption_Types.htm ++++ b/src/windows/leash/htmlhelp/html/Encryption_Types.htm +@@ -79,19 +79,6 @@ will have an entry in the Encryption type column.
+ Description + + +- des3- +- The triple DES family improves on +-the original DES (Data Encryption Standard) by using 3 separate 56-bit +-keys. Some modes of 3DES are considered weak while others are strong +-(if slow).
    +-
  • des3-cbc-sha1
  • +-
  • des3-cbc-raw (weak)
  • +-
  • des3-hmac-sha1
  • +-
  • des3-cbc-sha1-kd
  • +-
+- +- +- + aes + The AES Advanced Encryption Standard + family, like 3DES, is a symmetric block cipher and was designed diff --git a/SOURCES/downstream-SELinux-integration.patch b/SOURCES/downstream-SELinux-integration.patch new file mode 100644 index 0000000..13aa0b6 --- /dev/null +++ b/SOURCES/downstream-SELinux-integration.patch @@ -0,0 +1,1035 @@ +From 791fe183bf67dcab6d044b23d8daaf4a3a96be48 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 23 Aug 2016 16:30:53 -0400 +Subject: [PATCH] [downstream] SELinux integration + +SELinux bases access to files on the domain of the requesting process, +the operation being performed, and the context applied to the file. + +In many cases, applications needn't be SELinux aware to work properly, +because SELinux can apply a default label to a file based on the label +of the directory in which it's created. + +In the case of files such as /etc/krb5.keytab, however, this isn't +sufficient, as /etc/krb5.keytab will almost always need to be given a +label which differs from that of /etc/issue or /etc/resolv.conf. The +the kdb stash file needs a different label than the database for which +it's holding a master key, even though both typically live in the same +directory. + +To give the file the correct label, we can either force a "restorecon" +call to fix a file's label after it's created, or create the file with +the right label, as we attempt to do here. We lean on THREEPARAMOPEN +and define a similar macro named WRITABLEFOPEN with which we replace +several uses of fopen(). + +The file creation context that we're manipulating here is a process-wide +attribute. While for the most part, applications which need to label +files when they're created have tended to be single-threaded, there's +not much we can do to avoid interfering with an application that +manipulates the creation context directly. Right now we're mediating +access using a library-local mutex, but that can only work for consumers +that are part of this package -- an unsuspecting application will still +stomp all over us. + +The selabel APIs for looking up the context should be thread-safe (per +Red Hat #273081), so switching to using them instead of matchpathcon(), +which we used earlier, is some improvement. + +Last-updated: krb5-1.18-beta1 +(cherry picked from commit 0f8851a23a7b6fa0e195e01d0475e9e55707adf2) +--- + src/aclocal.m4 | 48 +++ + src/build-tools/krb5-config.in | 3 +- + src/config/pre.in | 3 +- + src/configure.ac | 2 + + src/include/k5-int.h | 1 + + src/include/k5-label.h | 32 ++ + src/include/krb5/krb5.hin | 6 + + src/kadmin/dbutil/dump.c | 11 +- + src/kdc/main.c | 2 +- + src/kprop/kpropd.c | 9 + + src/lib/kadm5/logger.c | 4 +- + src/lib/kdb/kdb_log.c | 2 +- + src/lib/krb5/ccache/cc_dir.c | 26 +- + src/lib/krb5/keytab/kt_file.c | 4 +- + src/lib/krb5/os/trace.c | 2 +- + src/plugins/kdb/db2/adb_openclose.c | 2 +- + src/plugins/kdb/db2/kdb_db2.c | 4 +- + src/plugins/kdb/db2/libdb2/btree/bt_open.c | 3 +- + src/plugins/kdb/db2/libdb2/hash/hash.c | 3 +- + src/plugins/kdb/db2/libdb2/recno/rec_open.c | 4 +- + .../kdb/ldap/ldap_util/kdb5_ldap_services.c | 11 +- + src/util/profile/prof_file.c | 3 +- + src/util/support/Makefile.in | 3 +- + src/util/support/selinux.c | 406 ++++++++++++++++++ + 24 files changed, 573 insertions(+), 21 deletions(-) + create mode 100644 src/include/k5-label.h + create mode 100644 src/util/support/selinux.c + +diff --git a/src/aclocal.m4 b/src/aclocal.m4 +index 830203683..6796fec53 100644 +--- a/src/aclocal.m4 ++++ b/src/aclocal.m4 +@@ -89,6 +89,7 @@ AC_SUBST_FILE(libnodeps_frag) + dnl + KRB5_AC_PRAGMA_WEAK_REF + WITH_LDAP ++KRB5_WITH_SELINUX + KRB5_LIB_PARAMS + KRB5_AC_INITFINI + KRB5_AC_ENABLE_THREADS +@@ -1743,4 +1744,51 @@ AC_SUBST(PAM_LIBS) + AC_SUBST(PAM_MAN) + AC_SUBST(NON_PAM_MAN) + ])dnl ++dnl ++dnl Use libselinux to set file contexts on newly-created files. ++dnl ++AC_DEFUN(KRB5_WITH_SELINUX,[ ++AC_ARG_WITH(selinux,[AC_HELP_STRING(--with-selinux,[compile with SELinux labeling support])], ++ withselinux="$withval",withselinux=auto) ++old_LIBS="$LIBS" ++if test "$withselinux" != no ; then ++ AC_MSG_RESULT([checking for libselinux...]) ++ SELINUX_LIBS= ++ AC_CHECK_HEADERS(selinux/selinux.h selinux/label.h) ++ if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then ++ if test "$withselinux" = auto ; then ++ AC_MSG_RESULT([Unable to locate selinux/selinux.h.]) ++ withselinux=no ++ else ++ AC_MSG_ERROR([Unable to locate selinux/selinux.h.]) ++ fi ++ fi + ++ LIBS= ++ unset ac_cv_func_setfscreatecon ++ AC_CHECK_FUNCS(setfscreatecon selabel_open) ++ if test "x$ac_cv_func_setfscreatecon" = xno ; then ++ AC_CHECK_LIB(selinux,setfscreatecon) ++ unset ac_cv_func_setfscreatecon ++ AC_CHECK_FUNCS(setfscreatecon selabel_open) ++ if test "x$ac_cv_func_setfscreatecon" = xyes ; then ++ SELINUX_LIBS="$LIBS" ++ else ++ if test "$withselinux" = auto ; then ++ AC_MSG_RESULT([Unable to locate libselinux.]) ++ withselinux=no ++ else ++ AC_MSG_ERROR([Unable to locate libselinux.]) ++ fi ++ fi ++ fi ++ if test "$withselinux" != no ; then ++ AC_MSG_NOTICE([building with SELinux labeling support]) ++ AC_DEFINE(USE_SELINUX,1,[Define if Kerberos-aware tools should set SELinux file contexts when creating files.]) ++ SELINUX_LIBS="$LIBS" ++ EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_labeled_open krb5int_labeled_fopen krb5int_push_fscreatecon_for krb5int_pop_fscreatecon" ++ fi ++fi ++LIBS="$old_LIBS" ++AC_SUBST(SELINUX_LIBS) ++])dnl +diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in +index f6184da3f..c17cb5eb5 100755 +--- a/src/build-tools/krb5-config.in ++++ b/src/build-tools/krb5-config.in +@@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@' + DEFCCNAME='@DEFCCNAME@' + DEFKTNAME='@DEFKTNAME@' + DEFCKTNAME='@DEFCKTNAME@' ++SELINUX_LIBS='@SELINUX_LIBS@' + + LIBS='@LIBS@' + GEN_LIB=@GEN_LIB@ +@@ -255,7 +256,7 @@ if test -n "$do_libs"; then + fi + + # If we ever support a flag to generate output suitable for static +- # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB" ++ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB" + # here. + + echo $lib_flags +diff --git a/src/config/pre.in b/src/config/pre.in +index ce87e21ca..917357df9 100644 +--- a/src/config/pre.in ++++ b/src/config/pre.in +@@ -177,6 +177,7 @@ LD = $(PURE) @LD@ + KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include + LDFLAGS = @LDFLAGS@ + LIBS = @LIBS@ ++SELINUX_LIBS=@SELINUX_LIBS@ + + INSTALL=@INSTALL@ + INSTALL_STRIP= +@@ -402,7 +403,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME) + # HESIOD_LIBS is -lhesiod... + HESIOD_LIBS = @HESIOD_LIBS@ + +-KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB) ++KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(SELINUX_LIBS) $(DL_LIB) + KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS) + GSS_LIBS = $(GSS_KRB5_LIB) + # needs fixing if ever used on macOS! +diff --git a/src/configure.ac b/src/configure.ac +index d1f576124..440a22bd9 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -1392,6 +1392,8 @@ AC_PATH_PROG(GROFF, groff) + + KRB5_WITH_PAM + ++KRB5_WITH_SELINUX ++ + # Make localedir work in autoconf 2.5x. + if test "${localedir+set}" != set; then + localedir='$(datadir)/locale' +diff --git a/src/include/k5-int.h b/src/include/k5-int.h +index 9616b24bf..0d9af3d95 100644 +--- a/src/include/k5-int.h ++++ b/src/include/k5-int.h +@@ -128,6 +128,7 @@ typedef unsigned char u_char; + + + #include "k5-platform.h" ++#include "k5-label.h" + + #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ + #define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */ +diff --git a/src/include/k5-label.h b/src/include/k5-label.h +new file mode 100644 +index 000000000..dfaaa847c +--- /dev/null ++++ b/src/include/k5-label.h +@@ -0,0 +1,32 @@ ++#ifndef _KRB5_LABEL_H ++#define _KRB5_LABEL_H ++ ++#ifdef THREEPARAMOPEN ++#undef THREEPARAMOPEN ++#endif ++#ifdef WRITABLEFOPEN ++#undef WRITABLEFOPEN ++#endif ++ ++/* Wrapper functions which help us create files and directories with the right ++ * context labels. */ ++#ifdef USE_SELINUX ++#include ++#include ++#include ++#include ++#include ++FILE *krb5int_labeled_fopen(const char *path, const char *mode); ++int krb5int_labeled_creat(const char *path, mode_t mode); ++int krb5int_labeled_open(const char *path, int flags, ...); ++int krb5int_labeled_mkdir(const char *path, mode_t mode); ++int krb5int_labeled_mknod(const char *path, mode_t mode, dev_t device); ++#define THREEPARAMOPEN(x,y,z) krb5int_labeled_open(x,y,z) ++#define WRITABLEFOPEN(x,y) krb5int_labeled_fopen(x,y) ++void *krb5int_push_fscreatecon_for(const char *pathname); ++void krb5int_pop_fscreatecon(void *previous); ++#else ++#define WRITABLEFOPEN(x,y) fopen(x,y) ++#define THREEPARAMOPEN(x,y,z) open(x,y,z) ++#endif ++#endif +diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin +index 79761f6d2..e9435c693 100644 +--- a/src/include/krb5/krb5.hin ++++ b/src/include/krb5/krb5.hin +@@ -87,6 +87,12 @@ + #define THREEPARAMOPEN(x,y,z) open(x,y,z) + #endif + ++#if KRB5_PRIVATE ++#ifndef WRITABLEFOPEN ++#define WRITABLEFOPEN(x,y) fopen(x,y) ++#endif ++#endif ++ + #define KRB5_OLD_CRYPTO + + #include +diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c +index 301e3476d..19f2cc230 100644 +--- a/src/kadmin/dbutil/dump.c ++++ b/src/kadmin/dbutil/dump.c +@@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname) + { + int fd = -1; + FILE *f; ++#ifdef USE_SELINUX ++ void *selabel; ++#endif + + *tmpname = NULL; + if (asprintf(tmpname, "%s-XXXXXX", ofile) < 0) + goto error; + ++#ifdef USE_SELINUX ++ selabel = krb5int_push_fscreatecon_for(ofile); ++#endif + fd = mkstemp(*tmpname); ++#ifdef USE_SELINUX ++ krb5int_pop_fscreatecon(selabel); ++#endif + if (fd == -1) + goto error; + +@@ -197,7 +206,7 @@ prep_ok_file(krb5_context context, char *file_name, int *fd_out) + goto cleanup; + } + +- fd = open(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600); ++ fd = THREEPARAMOPEN(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600); + if (fd == -1) { + com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok); + goto cleanup; +diff --git a/src/kdc/main.c b/src/kdc/main.c +index fdcd694d7..1ede4bf2f 100644 +--- a/src/kdc/main.c ++++ b/src/kdc/main.c +@@ -872,7 +872,7 @@ write_pid_file(const char *path) + FILE *file; + unsigned long pid; + +- file = fopen(path, "w"); ++ file = WRITABLEFOPEN(path, "w"); + if (file == NULL) + return errno; + pid = (unsigned long) getpid(); +diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c +index 5622d56e1..356e3e0e6 100644 +--- a/src/kprop/kpropd.c ++++ b/src/kprop/kpropd.c +@@ -487,6 +487,9 @@ doit(int fd) + krb5_enctype etype; + int database_fd; + char host[INET6_ADDRSTRLEN + 1]; ++#ifdef USE_SELINUX ++ void *selabel; ++#endif + + signal_wrapper(SIGALRM, alarm_handler); + alarm(params.iprop_resync_timeout); +@@ -542,9 +545,15 @@ doit(int fd) + free(name); + exit(1); + } ++#ifdef USE_SELINUX ++ selabel = krb5int_push_fscreatecon_for(file); ++#endif + omask = umask(077); + lock_fd = open(temp_file_name, O_RDWR | O_CREAT, 0600); + (void)umask(omask); ++#ifdef USE_SELINUX ++ krb5int_pop_fscreatecon(selabel); ++#endif + retval = krb5_lock_file(kpropd_context, lock_fd, + KRB5_LOCKMODE_EXCLUSIVE | KRB5_LOCKMODE_DONTBLOCK); + if (retval) { +diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c +index c6885edf2..9aec3c05e 100644 +--- a/src/lib/kadm5/logger.c ++++ b/src/lib/kadm5/logger.c +@@ -309,7 +309,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do + */ + append = (cp[4] == ':') ? O_APPEND : 0; + if (append || cp[4] == '=') { +- fd = open(&cp[5], O_CREAT | O_WRONLY | append, ++ fd = THREEPARAMOPEN(&cp[5], O_CREAT | O_WRONLY | append, + S_IRUSR | S_IWUSR | S_IRGRP); + if (fd != -1) + f = fdopen(fd, append ? "a" : "w"); +@@ -776,7 +776,7 @@ krb5_klog_reopen(krb5_context kcontext) + * In case the old logfile did not get moved out of the + * way, open for append to prevent squashing the old logs. + */ +- f = fopen(log_control.log_entries[lindex].lfu_fname, "a+"); ++ f = WRITABLEFOPEN(log_control.log_entries[lindex].lfu_fname, "a+"); + if (f) { + set_cloexec_file(f); + log_control.log_entries[lindex].lfu_filep = f; +diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c +index 2659a2501..e9b95fce5 100644 +--- a/src/lib/kdb/kdb_log.c ++++ b/src/lib/kdb/kdb_log.c +@@ -480,7 +480,7 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries) + return ENOMEM; + + if (stat(logname, &st) == -1) { +- log_ctx->ulogfd = open(logname, O_RDWR | O_CREAT, 0600); ++ log_ctx->ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600); + if (log_ctx->ulogfd == -1) { + retval = errno; + goto cleanup; +diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c +index 7b100a0ec..5683a0433 100644 +--- a/src/lib/krb5/ccache/cc_dir.c ++++ b/src/lib/krb5/ccache/cc_dir.c +@@ -183,10 +183,19 @@ write_primary_file(const char *primary_path, const char *contents) + char *newpath = NULL; + FILE *fp = NULL; + int fd = -1, status; ++#ifdef USE_SELINUX ++ void *selabel; ++#endif + + if (asprintf(&newpath, "%s.XXXXXX", primary_path) < 0) + return ENOMEM; ++#ifdef USE_SELINUX ++ selabel = krb5int_push_fscreatecon_for(primary_path); ++#endif + fd = mkstemp(newpath); ++#ifdef USE_SELINUX ++ krb5int_pop_fscreatecon(selabel); ++#endif + if (fd < 0) + goto cleanup; + #ifdef HAVE_CHMOD +@@ -221,10 +230,23 @@ static krb5_error_code + verify_dir(krb5_context context, const char *dirname) + { + struct stat st; ++ int status; ++#ifdef USE_SELINUX ++ void *selabel; ++#endif + + if (stat(dirname, &st) < 0) { +- if (errno == ENOENT && mkdir(dirname, S_IRWXU) == 0) +- return 0; ++ if (errno == ENOENT) { ++#ifdef USE_SELINUX ++ selabel = krb5int_push_fscreatecon_for(dirname); ++#endif ++ status = mkdir(dirname, S_IRWXU); ++#ifdef USE_SELINUX ++ krb5int_pop_fscreatecon(selabel); ++#endif ++ if (status == 0) ++ return 0; ++ } + k5_setmsg(context, KRB5_FCC_NOFILE, + _("Credential cache directory %s does not exist"), + dirname); +diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c +index 021c94398..aaf573439 100644 +--- a/src/lib/krb5/keytab/kt_file.c ++++ b/src/lib/krb5/keytab/kt_file.c +@@ -735,14 +735,14 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) + + KTCHECKLOCK(id); + errno = 0; +- KTFILEP(id) = fopen(KTFILENAME(id), ++ KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id), + (mode == KRB5_LOCKMODE_EXCLUSIVE) ? "rb+" : "rb"); + if (!KTFILEP(id)) { + if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) { + /* try making it first time around */ + k5_create_secure_file(context, KTFILENAME(id)); + errno = 0; +- KTFILEP(id) = fopen(KTFILENAME(id), "rb+"); ++ KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id), "rb+"); + if (!KTFILEP(id)) + goto report_errno; + writevno = 1; +diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c +index 7073459f0..e9b99f4ca 100644 +--- a/src/lib/krb5/os/trace.c ++++ b/src/lib/krb5/os/trace.c +@@ -458,7 +458,7 @@ krb5_set_trace_filename(krb5_context context, const char *filename) + fd = malloc(sizeof(*fd)); + if (fd == NULL) + return ENOMEM; +- *fd = open(filename, O_WRONLY|O_CREAT|O_APPEND, 0600); ++ *fd = THREEPARAMOPEN(filename, O_WRONLY|O_CREAT|O_APPEND, 0600); + if (*fd == -1) { + free(fd); + return errno; +diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c +index 7db30a33b..2b9d01921 100644 +--- a/src/plugins/kdb/db2/adb_openclose.c ++++ b/src/plugins/kdb/db2/adb_openclose.c +@@ -152,7 +152,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename, + * needs be open read/write so that write locking can work with + * POSIX systems + */ +- if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) { ++ if ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "r+")) == NULL) { + /* + * maybe someone took away write permission so we could only + * get shared locks? +diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c +index 5106a5c99..e481e8121 100644 +--- a/src/plugins/kdb/db2/kdb_db2.c ++++ b/src/plugins/kdb/db2/kdb_db2.c +@@ -694,8 +694,8 @@ ctx_create_db(krb5_context context, krb5_db2_context *dbc) + if (retval) + return retval; + +- dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC, +- 0600); ++ dbc->db_lf_file = THREEPARAMOPEN(dbc->db_lf_name, ++ O_CREAT | O_RDWR | O_TRUNC, 0600); + if (dbc->db_lf_file < 0) { + retval = errno; + goto cleanup; +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c +index 2977b17f3..d5809a5a9 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c +@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.11 (Berkeley) 11/2/95"; + #include + #include + ++#include "k5-int.h" + #include "db-int.h" + #include "btree.h" + +@@ -203,7 +204,7 @@ __bt_open(fname, flags, mode, openinfo, dflags) + goto einval; + } + +- if ((t->bt_fd = open(fname, flags | O_BINARY, mode)) < 0) ++ if ((t->bt_fd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0) + goto err; + + } else { +diff --git a/src/plugins/kdb/db2/libdb2/hash/hash.c b/src/plugins/kdb/db2/libdb2/hash/hash.c +index 862dbb164..686a960c9 100644 +--- a/src/plugins/kdb/db2/libdb2/hash/hash.c ++++ b/src/plugins/kdb/db2/libdb2/hash/hash.c +@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12 (Berkeley) 11/7/95"; + #include + #endif + ++#include "k5-int.h" + #include "db-int.h" + #include "hash.h" + #include "page.h" +@@ -129,7 +130,7 @@ __kdb2_hash_open(file, flags, mode, info, dflags) + new_table = 1; + } + if (file) { +- if ((hashp->fp = open(file, flags|O_BINARY, mode)) == -1) ++ if ((hashp->fp = THREEPARAMOPEN(file, flags|O_BINARY, mode)) == -1) + RETURN_ERROR(errno, error0); + (void)fcntl(hashp->fp, F_SETFD, 1); + } +diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_open.c b/src/plugins/kdb/db2/libdb2/recno/rec_open.c +index d8b26e701..b0daa7c02 100644 +--- a/src/plugins/kdb/db2/libdb2/recno/rec_open.c ++++ b/src/plugins/kdb/db2/libdb2/recno/rec_open.c +@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8.12 (Berkeley) 11/18/94"; + #include + #include + ++#include "k5-int.h" + #include "db-int.h" + #include "recno.h" + +@@ -68,7 +69,8 @@ __rec_open(fname, flags, mode, openinfo, dflags) + int rfd = -1, sverrno; + + /* Open the user's file -- if this fails, we're done. */ +- if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0) ++ if (fname != NULL && ++ (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0) + return (NULL); + + if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) { +diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +index b92cb58c7..0a95101ad 100644 +--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c ++++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +@@ -190,7 +190,7 @@ kdb5_ldap_stash_service_password(int argc, char **argv) + + /* set password in the file */ + old_mode = umask(0177); +- pfile = fopen(file_name, "a+"); ++ pfile = WRITABLEFOPEN(file_name, "a+"); + if (pfile == NULL) { + com_err(me, errno, _("Failed to open file %s: %s"), file_name, + strerror (errno)); +@@ -231,6 +231,9 @@ kdb5_ldap_stash_service_password(int argc, char **argv) + * Delete the existing entry and add the new entry + */ + FILE *newfile; ++#ifdef USE_SELINUX ++ void *selabel; ++#endif + + mode_t omask; + +@@ -242,7 +245,13 @@ kdb5_ldap_stash_service_password(int argc, char **argv) + } + + omask = umask(077); ++#ifdef USE_SELINUX ++ selabel = krb5int_push_fscreatecon_for(file_name); ++#endif + newfile = fopen(tmp_file, "w"); ++#ifdef USE_SELINUX ++ krb5int_pop_fscreatecon(selabel); ++#endif + umask (omask); + if (newfile == NULL) { + com_err(me, errno, _("Error creating file %s"), tmp_file); +diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c +index aa951df05..79f9500f6 100644 +--- a/src/util/profile/prof_file.c ++++ b/src/util/profile/prof_file.c +@@ -33,6 +33,7 @@ + #endif + + #include "k5-platform.h" ++#include "k5-label.h" + + struct global_shared_profile_data { + /* This is the head of the global list of shared trees */ +@@ -391,7 +392,7 @@ static errcode_t write_data_to_file(prf_data_t data, const char *outfile, + + errno = 0; + +- f = fopen(new_file, "w"); ++ f = WRITABLEFOPEN(new_file, "w"); + if (!f) { + retval = errno; + if (retval == 0) +diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in +index 86d5a950a..1052d53a1 100644 +--- a/src/util/support/Makefile.in ++++ b/src/util/support/Makefile.in +@@ -74,6 +74,7 @@ IPC_SYMS= \ + + STLIBOBJS= \ + threads.o \ ++ selinux.o \ + init-addrinfo.o \ + plugins.o \ + errors.o \ +@@ -168,7 +169,7 @@ SRCS=\ + + SHLIB_EXPDEPS = + # Add -lm if dumping thread stats, for sqrt. +-SHLIB_EXPLIBS= $(LIBS) $(DL_LIB) ++SHLIB_EXPLIBS= $(LIBS) $(SELINUX_LIBS) $(DL_LIB) + + DEPLIBS= + +diff --git a/src/util/support/selinux.c b/src/util/support/selinux.c +new file mode 100644 +index 000000000..6d41f3244 +--- /dev/null ++++ b/src/util/support/selinux.c +@@ -0,0 +1,406 @@ ++/* ++ * Copyright 2007,2008,2009,2011,2012,2013,2016 Red Hat, Inc. All Rights Reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions are met: ++ * ++ * Redistributions of source code must retain the above copyright notice, this ++ * list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright notice, ++ * this list of conditions and the following disclaimer in the documentation ++ * and/or other materials provided with the distribution. ++ * ++ * Neither the name of Red Hat, Inc. nor the names of its contributors may be ++ * used to endorse or promote products derived from this software without ++ * specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" ++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE ++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ++ * POSSIBILITY OF SUCH DAMAGE. ++ * ++ * File-opening wrappers for creating correctly-labeled files. So far, we can ++ * assume that this is Linux-specific, so we make many simplifying assumptions. ++ */ ++ ++#include "../../include/autoconf.h" ++ ++#ifdef USE_SELINUX ++ ++#include ++#include ++ ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++ ++/* #define DEBUG 1 */ ++static void ++debug_log(const char *fmt, ...) ++{ ++#ifdef DEBUG ++ va_list ap; ++ va_start(ap, fmt); ++ if (isatty(fileno(stderr))) { ++ vfprintf(stderr, fmt, ap); ++ } ++ va_end(ap); ++#endif ++ ++ return; ++} ++ ++/* Mutex used to serialize use of the process-global file creation context. */ ++k5_mutex_t labeled_mutex = K5_MUTEX_PARTIAL_INITIALIZER; ++ ++/* Make sure we finish initializing that mutex before attempting to use it. */ ++k5_once_t labeled_once = K5_ONCE_INIT; ++static void ++label_mutex_init(void) ++{ ++ k5_mutex_finish_init(&labeled_mutex); ++} ++ ++static struct selabel_handle *selabel_ctx; ++static time_t selabel_last_changed; ++ ++MAKE_FINI_FUNCTION(cleanup_fscreatecon); ++ ++static void ++cleanup_fscreatecon(void) ++{ ++ if (selabel_ctx != NULL) { ++ selabel_close(selabel_ctx); ++ selabel_ctx = NULL; ++ } ++} ++ ++static security_context_t ++push_fscreatecon(const char *pathname, mode_t mode) ++{ ++ security_context_t previous, configuredsc, currentsc, derivedsc; ++ context_t current, derived; ++ const char *fullpath, *currentuser; ++ char *genpath; ++ ++ previous = configuredsc = currentsc = derivedsc = NULL; ++ current = derived = NULL; ++ genpath = NULL; ++ ++ fullpath = pathname; ++ ++ if (!is_selinux_enabled()) { ++ goto fail; ++ } ++ ++ if (getfscreatecon(&previous) != 0) { ++ goto fail; ++ } ++ ++ /* Canonicalize pathname */ ++ if (pathname[0] != '/') { ++ char *wd; ++ size_t len; ++ len = 0; ++ ++ wd = getcwd(NULL, len); ++ if (wd == NULL) { ++ goto fail; ++ } ++ ++ len = strlen(wd) + 1 + strlen(pathname) + 1; ++ genpath = malloc(len); ++ if (genpath == NULL) { ++ free(wd); ++ goto fail; ++ } ++ ++ sprintf(genpath, "%s/%s", wd, pathname); ++ free(wd); ++ fullpath = genpath; ++ } ++ ++ debug_log("Looking up context for \"%s\"(%05o).\n", fullpath, mode); ++ ++ /* Check whether context file has changed under us */ ++ if (selabel_ctx != NULL || selabel_last_changed == 0) { ++ const char *cpath; ++ struct stat st; ++ int i = -1; ++ ++ cpath = selinux_file_context_path(); ++ if (cpath == NULL || (i = stat(cpath, &st)) != 0 || ++ st.st_mtime != selabel_last_changed) { ++ cleanup_fscreatecon(); ++ ++ selabel_last_changed = i ? time(NULL) : st.st_mtime; ++ } ++ } ++ ++ if (selabel_ctx == NULL) { ++ selabel_ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0); ++ } ++ ++ if (selabel_ctx != NULL && ++ selabel_lookup(selabel_ctx, &configuredsc, fullpath, mode) != 0) { ++ goto fail; ++ } ++ ++ if (genpath != NULL) { ++ free(genpath); ++ genpath = NULL; ++ } ++ ++ if (configuredsc == NULL) { ++ goto fail; ++ } ++ ++ getcon(¤tsc); ++ ++ /* AAAAAAAA */ ++ if (currentsc != NULL) { ++ derived = context_new(configuredsc); ++ ++ if (derived != NULL) { ++ current = context_new(currentsc); ++ ++ if (current != NULL) { ++ currentuser = context_user_get(current); ++ ++ if (currentuser != NULL) { ++ if (context_user_set(derived, ++ currentuser) == 0) { ++ derivedsc = context_str(derived); ++ ++ if (derivedsc != NULL) { ++ freecon(configuredsc); ++ configuredsc = strdup(derivedsc); ++ } ++ } ++ } ++ ++ context_free(current); ++ } ++ ++ context_free(derived); ++ } ++ ++ freecon(currentsc); ++ } ++ ++ debug_log("Setting file creation context to \"%s\".\n", configuredsc); ++ if (setfscreatecon(configuredsc) != 0) { ++ debug_log("Unable to determine current context.\n"); ++ goto fail; ++ } ++ ++ freecon(configuredsc); ++ return previous; ++ ++fail: ++ if (previous != NULL) { ++ freecon(previous); ++ } ++ if (genpath != NULL) { ++ free(genpath); ++ } ++ if (configuredsc != NULL) { ++ freecon(configuredsc); ++ } ++ ++ cleanup_fscreatecon(); ++ return NULL; ++} ++ ++static void ++pop_fscreatecon(security_context_t previous) ++{ ++ if (!is_selinux_enabled()) { ++ return; ++ } ++ ++ if (previous != NULL) { ++ debug_log("Resetting file creation context to \"%s\".\n", previous); ++ } else { ++ debug_log("Resetting file creation context to default.\n"); ++ } ++ ++ /* NULL resets to default */ ++ setfscreatecon(previous); ++ ++ if (previous != NULL) { ++ freecon(previous); ++ } ++ ++ /* Need to clean this up here otherwise it leaks */ ++ cleanup_fscreatecon(); ++} ++ ++void * ++krb5int_push_fscreatecon_for(const char *pathname) ++{ ++ struct stat st; ++ void *retval; ++ ++ k5_once(&labeled_once, label_mutex_init); ++ k5_mutex_lock(&labeled_mutex); ++ ++ if (stat(pathname, &st) != 0) { ++ st.st_mode = S_IRUSR | S_IWUSR; ++ } ++ ++ retval = push_fscreatecon(pathname, st.st_mode); ++ return retval ? retval : (void *) -1; ++} ++ ++void ++krb5int_pop_fscreatecon(void *con) ++{ ++ if (con != NULL) { ++ pop_fscreatecon((con == (void *) -1) ? NULL : con); ++ k5_mutex_unlock(&labeled_mutex); ++ } ++} ++ ++FILE * ++krb5int_labeled_fopen(const char *path, const char *mode) ++{ ++ FILE *fp; ++ int errno_save; ++ security_context_t ctx; ++ ++ if ((strcmp(mode, "r") == 0) || ++ (strcmp(mode, "rb") == 0)) { ++ return fopen(path, mode); ++ } ++ ++ k5_once(&labeled_once, label_mutex_init); ++ k5_mutex_lock(&labeled_mutex); ++ ctx = push_fscreatecon(path, 0); ++ ++ fp = fopen(path, mode); ++ errno_save = errno; ++ ++ pop_fscreatecon(ctx); ++ k5_mutex_unlock(&labeled_mutex); ++ ++ errno = errno_save; ++ return fp; ++} ++ ++int ++krb5int_labeled_creat(const char *path, mode_t mode) ++{ ++ int fd; ++ int errno_save; ++ security_context_t ctx; ++ ++ k5_once(&labeled_once, label_mutex_init); ++ k5_mutex_lock(&labeled_mutex); ++ ctx = push_fscreatecon(path, 0); ++ ++ fd = creat(path, mode); ++ errno_save = errno; ++ ++ pop_fscreatecon(ctx); ++ k5_mutex_unlock(&labeled_mutex); ++ ++ errno = errno_save; ++ return fd; ++} ++ ++int ++krb5int_labeled_mknod(const char *path, mode_t mode, dev_t dev) ++{ ++ int ret; ++ int errno_save; ++ security_context_t ctx; ++ ++ k5_once(&labeled_once, label_mutex_init); ++ k5_mutex_lock(&labeled_mutex); ++ ctx = push_fscreatecon(path, mode); ++ ++ ret = mknod(path, mode, dev); ++ errno_save = errno; ++ ++ pop_fscreatecon(ctx); ++ k5_mutex_unlock(&labeled_mutex); ++ ++ errno = errno_save; ++ return ret; ++} ++ ++int ++krb5int_labeled_mkdir(const char *path, mode_t mode) ++{ ++ int ret; ++ int errno_save; ++ security_context_t ctx; ++ ++ k5_once(&labeled_once, label_mutex_init); ++ k5_mutex_lock(&labeled_mutex); ++ ctx = push_fscreatecon(path, S_IFDIR); ++ ++ ret = mkdir(path, mode); ++ errno_save = errno; ++ ++ pop_fscreatecon(ctx); ++ k5_mutex_unlock(&labeled_mutex); ++ ++ errno = errno_save; ++ return ret; ++} ++ ++int ++krb5int_labeled_open(const char *path, int flags, ...) ++{ ++ int fd; ++ int errno_save; ++ security_context_t ctx; ++ mode_t mode; ++ va_list ap; ++ ++ if ((flags & O_CREAT) == 0) { ++ return open(path, flags); ++ } ++ ++ k5_once(&labeled_once, label_mutex_init); ++ k5_mutex_lock(&labeled_mutex); ++ ctx = push_fscreatecon(path, 0); ++ ++ va_start(ap, flags); ++ mode = va_arg(ap, mode_t); ++ fd = open(path, flags, mode); ++ va_end(ap); ++ ++ errno_save = errno; ++ ++ pop_fscreatecon(ctx); ++ k5_mutex_unlock(&labeled_mutex); ++ ++ errno = errno_save; ++ return fd; ++} ++ ++#endif /* USE_SELINUX */ diff --git a/SOURCES/downstream-fix-debuginfo-with-y.tab.c.patch b/SOURCES/downstream-fix-debuginfo-with-y.tab.c.patch new file mode 100644 index 0000000..fc1c8a4 --- /dev/null +++ b/SOURCES/downstream-fix-debuginfo-with-y.tab.c.patch @@ -0,0 +1,42 @@ +From 7f382fc40e082416e90f1e80c9fd0c91afa5baf7 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 23 Aug 2016 16:49:25 -0400 +Subject: [PATCH] [downstream] fix debuginfo with y.tab.c + +We want to keep these y.tab.c files around because the debuginfo points to +them. It would be more elegant at the end to use symbolic links, but that +could mess up people working in the tree on other things. + +Last-updated: krb5-1.9 +(cherry picked from commit f4002f246332695d8ea12ec803139fcac18fbba2) +--- + src/kadmin/cli/Makefile.in | 5 +++++ + src/plugins/kdb/ldap/ldap_util/Makefile.in | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in +index adfea6e2b..d1327e400 100644 +--- a/src/kadmin/cli/Makefile.in ++++ b/src/kadmin/cli/Makefile.in +@@ -37,3 +37,8 @@ clean-unix:: + # CC_LINK is not meant for compilation and this use may break in the future. + datetest: getdate.c + $(CC_LINK) $(ALL_CFLAGS) -DTEST -o datetest getdate.c ++ ++%.c: %.y ++ $(RM) y.tab.c $@ ++ $(YACC.y) $< ++ $(CP) y.tab.c $@ +diff --git a/src/plugins/kdb/ldap/ldap_util/Makefile.in b/src/plugins/kdb/ldap/ldap_util/Makefile.in +index 8669c2436..a22f23c02 100644 +--- a/src/plugins/kdb/ldap/ldap_util/Makefile.in ++++ b/src/plugins/kdb/ldap/ldap_util/Makefile.in +@@ -20,7 +20,7 @@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIB) $(GETDATE) + getdate.c: $(GETDATE) + $(RM) getdate.c y.tab.c + $(YACC) $(GETDATE) +- $(MV) y.tab.c getdate.c ++ $(CP) y.tab.c getdate.c + + install: + $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) diff --git a/SOURCES/downstream-ksu-pam-integration.patch b/SOURCES/downstream-ksu-pam-integration.patch new file mode 100644 index 0000000..d21ed37 --- /dev/null +++ b/SOURCES/downstream-ksu-pam-integration.patch @@ -0,0 +1,775 @@ +From 664bdd73b620f00d42e36e3888805fe0f035c8ee Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 23 Aug 2016 16:29:58 -0400 +Subject: [PATCH] [downstream] ksu pam integration + +Modify ksu so that it performs account and session management on behalf of +the target user account, mimicking the action of regular su. The default +service name is "ksu", because on Fedora at least the configuration used +is determined by whether or not a login shell is being opened, and so +this may need to vary, too. At run-time, ksu's behavior can be reset to +the earlier, non-PAM behavior by setting "use_pam" to false in the [ksu] +section of /etc/krb5.conf. + +When enabled, ksu gains a dependency on libpam. + +Originally RT#5939, though it's changed since then to perform the account +and session management before dropping privileges, and to apply on top of +changes we're proposing for how it handles cache collections. + +Last-updated: krb5-1.18-beta1 +(cherry picked from commit a7322a84657752c886c317a6994a9fc7a4a70ca5) +--- + src/aclocal.m4 | 69 +++++++ + src/clients/ksu/Makefile.in | 8 +- + src/clients/ksu/main.c | 88 +++++++- + src/clients/ksu/pam.c | 389 ++++++++++++++++++++++++++++++++++++ + src/clients/ksu/pam.h | 57 ++++++ + src/configure.ac | 2 + + 6 files changed, 610 insertions(+), 3 deletions(-) + create mode 100644 src/clients/ksu/pam.c + create mode 100644 src/clients/ksu/pam.h + +diff --git a/src/aclocal.m4 b/src/aclocal.m4 +index 2394f7e33..830203683 100644 +--- a/src/aclocal.m4 ++++ b/src/aclocal.m4 +@@ -1675,3 +1675,72 @@ if test "$with_ldap" = yes; then + OPENLDAP_PLUGIN=yes + fi + ])dnl ++dnl ++dnl ++dnl Use PAM instead of local crypt() compare for checking local passwords, ++dnl and perform PAM account, session management, and password-changing where ++dnl appropriate. ++dnl ++AC_DEFUN(KRB5_WITH_PAM,[ ++AC_ARG_WITH(pam,[AC_HELP_STRING(--with-pam,[compile with PAM support])], ++ withpam="$withval",withpam=auto) ++AC_ARG_WITH(pam-ksu-service,[AC_HELP_STRING(--with-ksu-service,[PAM service name for ksu ["ksu"]])], ++ withksupamservice="$withval",withksupamservice=ksu) ++old_LIBS="$LIBS" ++if test "$withpam" != no ; then ++ AC_MSG_RESULT([checking for PAM...]) ++ PAM_LIBS= ++ ++ AC_CHECK_HEADERS(security/pam_appl.h) ++ if test "x$ac_cv_header_security_pam_appl_h" != xyes ; then ++ if test "$withpam" = auto ; then ++ AC_MSG_RESULT([Unable to locate security/pam_appl.h.]) ++ withpam=no ++ else ++ AC_MSG_ERROR([Unable to locate security/pam_appl.h.]) ++ fi ++ fi ++ ++ LIBS= ++ unset ac_cv_func_pam_start ++ AC_CHECK_FUNCS(putenv pam_start) ++ if test "x$ac_cv_func_pam_start" = xno ; then ++ unset ac_cv_func_pam_start ++ AC_CHECK_LIB(dl,dlopen) ++ AC_CHECK_FUNCS(pam_start) ++ if test "x$ac_cv_func_pam_start" = xno ; then ++ AC_CHECK_LIB(pam,pam_start) ++ unset ac_cv_func_pam_start ++ unset ac_cv_func_pam_getenvlist ++ AC_CHECK_FUNCS(pam_start pam_getenvlist) ++ if test "x$ac_cv_func_pam_start" = xyes ; then ++ PAM_LIBS="$LIBS" ++ else ++ if test "$withpam" = auto ; then ++ AC_MSG_RESULT([Unable to locate libpam.]) ++ withpam=no ++ else ++ AC_MSG_ERROR([Unable to locate libpam.]) ++ fi ++ fi ++ fi ++ fi ++ if test "$withpam" != no ; then ++ AC_MSG_NOTICE([building with PAM support]) ++ AC_DEFINE(USE_PAM,1,[Define if Kerberos-aware tools should support PAM]) ++ AC_DEFINE_UNQUOTED(KSU_PAM_SERVICE,"$withksupamservice", ++ [Define to the name of the PAM service name to be used by ksu.]) ++ PAM_LIBS="$LIBS" ++ NON_PAM_MAN=".\\\" " ++ PAM_MAN= ++ else ++ PAM_MAN=".\\\" " ++ NON_PAM_MAN= ++ fi ++fi ++LIBS="$old_LIBS" ++AC_SUBST(PAM_LIBS) ++AC_SUBST(PAM_MAN) ++AC_SUBST(NON_PAM_MAN) ++])dnl ++ +diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in +index 8b4edce4d..9d58f29b5 100644 +--- a/src/clients/ksu/Makefile.in ++++ b/src/clients/ksu/Makefile.in +@@ -3,12 +3,14 @@ BUILDTOP=$(REL)..$(S).. + DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"' + + KSU_LIBS=@KSU_LIBS@ ++PAM_LIBS=@PAM_LIBS@ + + SRCS = \ + $(srcdir)/krb_auth_su.c \ + $(srcdir)/ccache.c \ + $(srcdir)/authorization.c \ + $(srcdir)/main.c \ ++ $(srcdir)/pam.c \ + $(srcdir)/heuristic.c \ + $(srcdir)/xmalloc.c \ + $(srcdir)/setenv.c +@@ -17,13 +19,17 @@ OBJS = \ + ccache.o \ + authorization.o \ + main.o \ ++ pam.o \ + heuristic.o \ + xmalloc.o @SETENVOBJ@ + + all: ksu + + ksu: $(OBJS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) ++ $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) $(PAM_LIBS) ++ ++pam.o: pam.c ++ $(CC) $(ALL_CFLAGS) -c $< + + clean: + $(RM) ksu +diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c +index 57c349200..508242e0e 100644 +--- a/src/clients/ksu/main.c ++++ b/src/clients/ksu/main.c +@@ -26,6 +26,7 @@ + * KSU was writen by: Ari Medvinsky, ari@isi.edu + */ + ++#include "autoconf.h" + #include "ksu.h" + #include "adm_proto.h" + #include +@@ -33,6 +34,10 @@ + #include + #include + ++#ifdef USE_PAM ++#include "pam.h" ++#endif ++ + /* globals */ + char * prog_name; + int auth_debug =0; +@@ -40,6 +45,7 @@ char k5login_path[MAXPATHLEN]; + char k5users_path[MAXPATHLEN]; + char * gb_err = NULL; + int quiet = 0; ++int force_fork = 0; + /***********/ + + #define KS_TEMPORARY_CACHE "MEMORY:_ksu" +@@ -536,6 +542,23 @@ main (argc, argv) + prog_name,target_user,client_name, + source_user,ontty()); + ++#ifdef USE_PAM ++ if (appl_pam_enabled(ksu_context, "ksu")) { ++ if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL, ++ NULL, source_user, ++ ttyname(STDERR_FILENO)) != 0) { ++ fprintf(stderr, "Access denied for %s.\n", target_user); ++ exit(1); ++ } ++ if (appl_pam_requires_chauthtok()) { ++ fprintf(stderr, "Password change required for %s.\n", ++ target_user); ++ exit(1); ++ } ++ force_fork++; ++ } ++#endif ++ + /* Run authorization as target.*/ + if (krb5_seteuid(target_uid)) { + com_err(prog_name, errno, _("while switching to target for " +@@ -596,6 +619,24 @@ main (argc, argv) + + exit(1); + } ++#ifdef USE_PAM ++ } else { ++ /* we always do PAM account management, even for root */ ++ if (appl_pam_enabled(ksu_context, "ksu")) { ++ if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL, ++ NULL, source_user, ++ ttyname(STDERR_FILENO)) != 0) { ++ fprintf(stderr, "Access denied for %s.\n", target_user); ++ exit(1); ++ } ++ if (appl_pam_requires_chauthtok()) { ++ fprintf(stderr, "Password change required for %s.\n", ++ target_user); ++ exit(1); ++ } ++ force_fork++; ++ } ++#endif + } + + if( some_rest_copy){ +@@ -653,6 +694,30 @@ main (argc, argv) + exit(1); + } + ++#ifdef USE_PAM ++ if (appl_pam_enabled(ksu_context, "ksu")) { ++ if (appl_pam_session_open() != 0) { ++ fprintf(stderr, "Error opening session for %s.\n", target_user); ++ exit(1); ++ } ++#ifdef DEBUG ++ if (auth_debug){ ++ printf(" Opened PAM session.\n"); ++ } ++#endif ++ if (appl_pam_cred_init()) { ++ fprintf(stderr, "Error initializing credentials for %s.\n", ++ target_user); ++ exit(1); ++ } ++#ifdef DEBUG ++ if (auth_debug){ ++ printf(" Initialized PAM credentials.\n"); ++ } ++#endif ++ } ++#endif ++ + /* set permissions */ + if (setgid(target_pwd->pw_gid) < 0) { + perror("ksu: setgid"); +@@ -750,7 +815,7 @@ main (argc, argv) + fprintf(stderr, "program to be execed %s\n",params[0]); + } + +- if( keep_target_cache ) { ++ if( keep_target_cache && !force_fork ) { + execv(params[0], params); + com_err(prog_name, errno, _("while trying to execv %s"), params[0]); + sweep_up(ksu_context, cc_target); +@@ -780,16 +845,35 @@ main (argc, argv) + if (ret_pid == -1) { + com_err(prog_name, errno, _("while calling waitpid")); + } +- sweep_up(ksu_context, cc_target); ++ if( !keep_target_cache ) { ++ sweep_up(ksu_context, cc_target); ++ } + exit (statusp); + case -1: + com_err(prog_name, errno, _("while trying to fork.")); + sweep_up(ksu_context, cc_target); + exit (1); + case 0: ++#ifdef USE_PAM ++ if (appl_pam_enabled(ksu_context, "ksu")) { ++ if (appl_pam_setenv() != 0) { ++ fprintf(stderr, "Error setting up environment for %s.\n", ++ target_user); ++ exit (1); ++ } ++#ifdef DEBUG ++ if (auth_debug){ ++ printf(" Set up PAM environment.\n"); ++ } ++#endif ++ } ++#endif + execv(params[0], params); + com_err(prog_name, errno, _("while trying to execv %s"), + params[0]); ++ if( keep_target_cache ) { ++ sweep_up(ksu_context, cc_target); ++ } + exit (1); + } + } +diff --git a/src/clients/ksu/pam.c b/src/clients/ksu/pam.c +new file mode 100644 +index 000000000..cbfe48704 +--- /dev/null ++++ b/src/clients/ksu/pam.c +@@ -0,0 +1,389 @@ ++/* ++ * src/clients/ksu/pam.c ++ * ++ * Copyright 2007,2009,2010 Red Hat, Inc. ++ * ++ * All Rights Reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions are met: ++ * ++ * Redistributions of source code must retain the above copyright notice, this ++ * list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright notice, ++ * this list of conditions and the following disclaimer in the documentation ++ * and/or other materials provided with the distribution. ++ * ++ * Neither the name of Red Hat, Inc. nor the names of its contributors may be ++ * used to endorse or promote products derived from this software without ++ * specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" ++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE ++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ++ * POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Convenience wrappers for using PAM. ++ */ ++ ++#include "autoconf.h" ++#ifdef USE_PAM ++#include ++#include ++#include ++#include ++#include ++#include "k5-int.h" ++#include "pam.h" ++ ++#ifndef MAXPWSIZE ++#define MAXPWSIZE 128 ++#endif ++ ++static int appl_pam_started; ++static pid_t appl_pam_starter = -1; ++static int appl_pam_session_opened; ++static int appl_pam_creds_initialized; ++static int appl_pam_pwchange_required; ++static pam_handle_t *appl_pamh; ++static struct pam_conv appl_pam_conv; ++static char *appl_pam_user; ++struct appl_pam_non_interactive_args { ++ const char *user; ++ const char *password; ++}; ++ ++int ++appl_pam_enabled(krb5_context context, const char *section) ++{ ++ int enabled = 1; ++ if ((context != NULL) && (context->profile != NULL)) { ++ if (profile_get_boolean(context->profile, ++ section, ++ USE_PAM_CONFIGURATION_KEYWORD, ++ NULL, ++ enabled, &enabled) != 0) { ++ enabled = 1; ++ } ++ } ++ return enabled; ++} ++ ++void ++appl_pam_cleanup(void) ++{ ++ if (getpid() != appl_pam_starter) { ++ return; ++ } ++#ifdef DEBUG ++ printf("Called to clean up PAM.\n"); ++#endif ++ if (appl_pam_creds_initialized) { ++#ifdef DEBUG ++ printf("Deleting PAM credentials.\n"); ++#endif ++ pam_setcred(appl_pamh, PAM_DELETE_CRED); ++ appl_pam_creds_initialized = 0; ++ } ++ if (appl_pam_session_opened) { ++#ifdef DEBUG ++ printf("Closing PAM session.\n"); ++#endif ++ pam_close_session(appl_pamh, 0); ++ appl_pam_session_opened = 0; ++ } ++ appl_pam_pwchange_required = 0; ++ if (appl_pam_started) { ++#ifdef DEBUG ++ printf("Shutting down PAM.\n"); ++#endif ++ pam_end(appl_pamh, 0); ++ appl_pam_started = 0; ++ appl_pam_starter = -1; ++ free(appl_pam_user); ++ appl_pam_user = NULL; ++ } ++} ++static int ++appl_pam_interactive_converse(int num_msg, const struct pam_message **msg, ++ struct pam_response **presp, void *appdata_ptr) ++{ ++ const struct pam_message *message; ++ struct pam_response *resp; ++ int i, code; ++ char *pwstring, pwbuf[MAXPWSIZE]; ++ unsigned int pwsize; ++ resp = malloc(sizeof(struct pam_response) * num_msg); ++ if (resp == NULL) { ++ return PAM_BUF_ERR; ++ } ++ memset(resp, 0, sizeof(struct pam_response) * num_msg); ++ code = PAM_SUCCESS; ++ for (i = 0; i < num_msg; i++) { ++ message = &(msg[0][i]); /* XXX */ ++ message = msg[i]; /* XXX */ ++ pwstring = NULL; ++ switch (message->msg_style) { ++ case PAM_TEXT_INFO: ++ case PAM_ERROR_MSG: ++ printf("[%s]\n", message->msg ? message->msg : ""); ++ fflush(stdout); ++ resp[i].resp = NULL; ++ resp[i].resp_retcode = PAM_SUCCESS; ++ break; ++ case PAM_PROMPT_ECHO_ON: ++ case PAM_PROMPT_ECHO_OFF: ++ if (message->msg_style == PAM_PROMPT_ECHO_ON) { ++ if (fgets(pwbuf, sizeof(pwbuf), ++ stdin) != NULL) { ++ pwbuf[strcspn(pwbuf, "\r\n")] = '\0'; ++ pwstring = pwbuf; ++ } ++ } else { ++ pwstring = getpass(message->msg ? ++ message->msg : ++ ""); ++ } ++ if ((pwstring != NULL) && (pwstring[0] != '\0')) { ++ pwsize = strlen(pwstring); ++ resp[i].resp = malloc(pwsize + 1); ++ if (resp[i].resp == NULL) { ++ resp[i].resp_retcode = PAM_BUF_ERR; ++ } else { ++ memcpy(resp[i].resp, pwstring, pwsize); ++ resp[i].resp[pwsize] = '\0'; ++ resp[i].resp_retcode = PAM_SUCCESS; ++ } ++ } else { ++ resp[i].resp_retcode = PAM_CONV_ERR; ++ code = PAM_CONV_ERR; ++ } ++ break; ++ default: ++ break; ++ } ++ } ++ *presp = resp; ++ return code; ++} ++static int ++appl_pam_non_interactive_converse(int num_msg, ++ const struct pam_message **msg, ++ struct pam_response **presp, ++ void *appdata_ptr) ++{ ++ const struct pam_message *message; ++ struct pam_response *resp; ++ int i, code; ++ unsigned int pwsize; ++ struct appl_pam_non_interactive_args *args; ++ const char *pwstring; ++ resp = malloc(sizeof(struct pam_response) * num_msg); ++ if (resp == NULL) { ++ return PAM_BUF_ERR; ++ } ++ args = appdata_ptr; ++ memset(resp, 0, sizeof(struct pam_response) * num_msg); ++ code = PAM_SUCCESS; ++ for (i = 0; i < num_msg; i++) { ++ message = &((*msg)[i]); ++ message = msg[i]; ++ pwstring = NULL; ++ switch (message->msg_style) { ++ case PAM_TEXT_INFO: ++ case PAM_ERROR_MSG: ++ break; ++ case PAM_PROMPT_ECHO_ON: ++ case PAM_PROMPT_ECHO_OFF: ++ if (message->msg_style == PAM_PROMPT_ECHO_ON) { ++ /* assume "user" */ ++ pwstring = args->user; ++ } else { ++ /* assume "password" */ ++ pwstring = args->password; ++ } ++ if ((pwstring != NULL) && (pwstring[0] != '\0')) { ++ pwsize = strlen(pwstring); ++ resp[i].resp = malloc(pwsize + 1); ++ if (resp[i].resp == NULL) { ++ resp[i].resp_retcode = PAM_BUF_ERR; ++ } else { ++ memcpy(resp[i].resp, pwstring, pwsize); ++ resp[i].resp[pwsize] = '\0'; ++ resp[i].resp_retcode = PAM_SUCCESS; ++ } ++ } else { ++ resp[i].resp_retcode = PAM_CONV_ERR; ++ code = PAM_CONV_ERR; ++ } ++ break; ++ default: ++ break; ++ } ++ } ++ *presp = resp; ++ return code; ++} ++static int ++appl_pam_start(const char *service, int interactive, ++ const char *login_username, ++ const char *non_interactive_password, ++ const char *hostname, ++ const char *ruser, ++ const char *tty) ++{ ++ static int exit_handler_registered; ++ static struct appl_pam_non_interactive_args args; ++ int ret = 0; ++ if (appl_pam_started && ++ (strcmp(login_username, appl_pam_user) != 0)) { ++ appl_pam_cleanup(); ++ appl_pam_user = NULL; ++ } ++ if (!appl_pam_started) { ++#ifdef DEBUG ++ printf("Starting PAM up (service=\"%s\",user=\"%s\").\n", ++ service, login_username); ++#endif ++ memset(&appl_pam_conv, 0, sizeof(appl_pam_conv)); ++ appl_pam_conv.conv = interactive ? ++ &appl_pam_interactive_converse : ++ &appl_pam_non_interactive_converse; ++ memset(&args, 0, sizeof(args)); ++ args.user = strdup(login_username); ++ args.password = non_interactive_password ? ++ strdup(non_interactive_password) : ++ NULL; ++ appl_pam_conv.appdata_ptr = &args; ++ ret = pam_start(service, login_username, ++ &appl_pam_conv, &appl_pamh); ++ if (ret == 0) { ++ if (hostname != NULL) { ++#ifdef DEBUG ++ printf("Setting PAM_RHOST to \"%s\".\n", hostname); ++#endif ++ pam_set_item(appl_pamh, PAM_RHOST, hostname); ++ } ++ if (ruser != NULL) { ++#ifdef DEBUG ++ printf("Setting PAM_RUSER to \"%s\".\n", ruser); ++#endif ++ pam_set_item(appl_pamh, PAM_RUSER, ruser); ++ } ++ if (tty != NULL) { ++#ifdef DEBUG ++ printf("Setting PAM_TTY to \"%s\".\n", tty); ++#endif ++ pam_set_item(appl_pamh, PAM_TTY, tty); ++ } ++ if (!exit_handler_registered && ++ (atexit(appl_pam_cleanup) != 0)) { ++ pam_end(appl_pamh, 0); ++ appl_pamh = NULL; ++ ret = -1; ++ } else { ++ appl_pam_started = 1; ++ appl_pam_starter = getpid(); ++ appl_pam_user = strdup(login_username); ++ exit_handler_registered = 1; ++ } ++ } ++ } ++ return ret; ++} ++int ++appl_pam_acct_mgmt(const char *service, int interactive, ++ const char *login_username, ++ const char *non_interactive_password, ++ const char *hostname, ++ const char *ruser, ++ const char *tty) ++{ ++ int ret; ++ appl_pam_pwchange_required = 0; ++ ret = appl_pam_start(service, interactive, login_username, ++ non_interactive_password, hostname, ruser, tty); ++ if (ret == 0) { ++#ifdef DEBUG ++ printf("Calling pam_acct_mgmt().\n"); ++#endif ++ ret = pam_acct_mgmt(appl_pamh, 0); ++ switch (ret) { ++ case PAM_IGNORE: ++ ret = 0; ++ break; ++ case PAM_NEW_AUTHTOK_REQD: ++ appl_pam_pwchange_required = 1; ++ ret = 0; ++ break; ++ default: ++ break; ++ } ++ } ++ return ret; ++} ++int ++appl_pam_requires_chauthtok(void) ++{ ++ return appl_pam_pwchange_required; ++} ++int ++appl_pam_session_open(void) ++{ ++ int ret = 0; ++ if (appl_pam_started) { ++#ifdef DEBUG ++ printf("Opening PAM session.\n"); ++#endif ++ ret = pam_open_session(appl_pamh, 0); ++ if (ret == 0) { ++ appl_pam_session_opened = 1; ++ } ++ } ++ return ret; ++} ++int ++appl_pam_setenv(void) ++{ ++ int ret = 0; ++#ifdef HAVE_PAM_GETENVLIST ++#ifdef HAVE_PUTENV ++ int i; ++ char **list; ++ if (appl_pam_started) { ++ list = pam_getenvlist(appl_pamh); ++ for (i = 0; ((list != NULL) && (list[i] != NULL)); i++) { ++#ifdef DEBUG ++ printf("Setting \"%s\" in environment.\n", list[i]); ++#endif ++ putenv(list[i]); ++ } ++ } ++#endif ++#endif ++ return ret; ++} ++int ++appl_pam_cred_init(void) ++{ ++ int ret = 0; ++ if (appl_pam_started) { ++#ifdef DEBUG ++ printf("Initializing PAM credentials.\n"); ++#endif ++ ret = pam_setcred(appl_pamh, PAM_ESTABLISH_CRED); ++ if (ret == 0) { ++ appl_pam_creds_initialized = 1; ++ } ++ } ++ return ret; ++} ++#endif +diff --git a/src/clients/ksu/pam.h b/src/clients/ksu/pam.h +new file mode 100644 +index 000000000..0ab76569c +--- /dev/null ++++ b/src/clients/ksu/pam.h +@@ -0,0 +1,57 @@ ++/* ++ * src/clients/ksu/pam.h ++ * ++ * Copyright 2007,2009,2010 Red Hat, Inc. ++ * ++ * All Rights Reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions are met: ++ * ++ * Redistributions of source code must retain the above copyright notice, this ++ * list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright notice, ++ * this list of conditions and the following disclaimer in the documentation ++ * and/or other materials provided with the distribution. ++ * ++ * Neither the name of Red Hat, Inc. nor the names of its contributors may be ++ * used to endorse or promote products derived from this software without ++ * specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" ++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE ++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ++ * POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Convenience wrappers for using PAM. ++ */ ++ ++#include ++#ifdef HAVE_SECURITY_PAM_APPL_H ++#include ++#endif ++ ++#define USE_PAM_CONFIGURATION_KEYWORD "use_pam" ++ ++#ifdef USE_PAM ++int appl_pam_enabled(krb5_context context, const char *section); ++int appl_pam_acct_mgmt(const char *service, int interactive, ++ const char *local_username, ++ const char *non_interactive_password, ++ const char *hostname, ++ const char *ruser, ++ const char *tty); ++int appl_pam_requires_chauthtok(void); ++int appl_pam_session_open(void); ++int appl_pam_setenv(void); ++int appl_pam_cred_init(void); ++void appl_pam_cleanup(void); ++#endif +diff --git a/src/configure.ac b/src/configure.ac +index 234f4281c..d1f576124 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -1390,6 +1390,8 @@ AC_SUBST([VERTO_VERSION]) + + AC_PATH_PROG(GROFF, groff) + ++KRB5_WITH_PAM ++ + # Make localedir work in autoconf 2.5x. + if test "${localedir+set}" != set; then + localedir='$(datadir)/locale' diff --git a/SOURCES/downstream-netlib-and-dns.patch b/SOURCES/downstream-netlib-and-dns.patch new file mode 100644 index 0000000..b966083 --- /dev/null +++ b/SOURCES/downstream-netlib-and-dns.patch @@ -0,0 +1,25 @@ +From 0a164c9c53a6f8ce20cfe5c6ef94ae5a2c2e9e28 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 23 Aug 2016 16:46:21 -0400 +Subject: [PATCH] [downstream] netlib and dns + +We want to be able to use --with-netlib and --enable-dns at the same time. + +Last-updated: krb5-1.3.1 +(cherry picked from commit 355dd481511af4d517ee540854f95a6fb12116a9) +--- + src/aclocal.m4 | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/aclocal.m4 b/src/aclocal.m4 +index 6796fec53..c4358988a 100644 +--- a/src/aclocal.m4 ++++ b/src/aclocal.m4 +@@ -724,6 +724,7 @@ AC_HELP_STRING([--with-netlib=LIBS], use user defined resolver library), + LIBS="$LIBS $withval" + AC_MSG_RESULT("netlib will use \'$withval\'") + fi ++ KRB5_AC_ENABLE_DNS + ],dnl + [AC_LIBRARY_NET] + )])dnl diff --git a/SOURCES/kdc.conf b/SOURCES/kdc.conf index b2e5e9b..f21c761 100644 --- a/SOURCES/kdc.conf +++ b/SOURCES/kdc.conf @@ -9,5 +9,5 @@ EXAMPLE.COM = { acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab - supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal + supported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal } diff --git a/SOURCES/krb5-1.11-kpasswdtest.patch b/SOURCES/krb5-1.11-kpasswdtest.patch deleted file mode 100644 index 7da7384..0000000 --- a/SOURCES/krb5-1.11-kpasswdtest.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 174fddfa0c7d0d5c0f12d1531bc791865b630596 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:52:01 -0400 -Subject: [PATCH] krb5-1.11-kpasswdtest.patch - ---- - src/kadmin/testing/proto/krb5.conf.proto | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto -index 00c442978..9c4bc1de7 100644 ---- a/src/kadmin/testing/proto/krb5.conf.proto -+++ b/src/kadmin/testing/proto/krb5.conf.proto -@@ -9,6 +9,7 @@ - __REALM__ = { - kdc = __KDCHOST__:1750 - admin_server = __KDCHOST__:1751 -+ kpasswd_server = __KDCHOST__:1752 - database_module = foobar_db2_module_blah - } - diff --git a/SOURCES/krb5-1.11-run_user_0.patch b/SOURCES/krb5-1.11-run_user_0.patch deleted file mode 100644 index 7a38d43..0000000 --- a/SOURCES/krb5-1.11-run_user_0.patch +++ /dev/null @@ -1,44 +0,0 @@ -From f19ee759c49fac6477ef77eb4a0be41118add1f5 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:49:57 -0400 -Subject: [PATCH] krb5-1.11-run_user_0.patch - -A hack: if we're looking at creating a ccache directory directly below -the /run/user/0 directory, and /run/user/0 doesn't exist, try to create -it, too. ---- - src/lib/krb5/ccache/cc_dir.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c -index 73f0fe62d..4850c0d07 100644 ---- a/src/lib/krb5/ccache/cc_dir.c -+++ b/src/lib/krb5/ccache/cc_dir.c -@@ -61,6 +61,8 @@ - - #include - -+#define ROOT_SPECIAL_DCC_PARENT "/run/user/0" -+ - extern const krb5_cc_ops krb5_dcc_ops; - extern const krb5_cc_ops krb5_fcc_ops; - -@@ -237,6 +239,18 @@ verify_dir(krb5_context context, const char *dirname) - - if (stat(dirname, &st) < 0) { - if (errno == ENOENT) { -+ if (strncmp(dirname, ROOT_SPECIAL_DCC_PARENT "/", -+ sizeof(ROOT_SPECIAL_DCC_PARENT)) == 0 && -+ stat(ROOT_SPECIAL_DCC_PARENT, &st) < 0 && -+ errno == ENOENT) { -+#ifdef USE_SELINUX -+ selabel = krb5int_push_fscreatecon_for(ROOT_SPECIAL_DCC_PARENT); -+#endif -+ status = mkdir(ROOT_SPECIAL_DCC_PARENT, S_IRWXU); -+#ifdef USE_SELINUX -+ krb5int_pop_fscreatecon(selabel); -+#endif -+ } - #ifdef USE_SELINUX - selabel = krb5int_push_fscreatecon_for(dirname); - #endif diff --git a/SOURCES/krb5-1.12-api.patch b/SOURCES/krb5-1.12-api.patch deleted file mode 100644 index 4e42414..0000000 --- a/SOURCES/krb5-1.12-api.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3bac1a71756c634fe6b8cb3858ee9df87b1a660d Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:47:00 -0400 -Subject: [PATCH] krb5-1.12-api.patch - -Reference docs don't define what happens if you call krb5_realm_compare() with -malformed krb5_principal structures. Define a behavior which keeps it from -crashing if applications don't check ahead of time. ---- - src/lib/krb5/krb/princ_comp.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c -index a6936107d..0ed78833b 100644 ---- a/src/lib/krb5/krb/princ_comp.c -+++ b/src/lib/krb5/krb/princ_comp.c -@@ -36,6 +36,10 @@ realm_compare_flags(krb5_context context, - const krb5_data *realm1 = &princ1->realm; - const krb5_data *realm2 = &princ2->realm; - -+ if (princ1 == NULL || princ2 == NULL) -+ return FALSE; -+ if (realm1 == NULL || realm2 == NULL) -+ return FALSE; - if (realm1->length != realm2->length) - return FALSE; - if (realm1->length == 0) -@@ -88,6 +92,9 @@ krb5_principal_compare_flags(krb5_context context, - krb5_principal upn2 = NULL; - krb5_boolean ret = FALSE; - -+ if (princ1 == NULL || princ2 == NULL) -+ return FALSE; -+ - if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) { - /* Treat UPNs as if they were real principals */ - if (princ1->type == KRB5_NT_ENTERPRISE_PRINCIPAL) { diff --git a/SOURCES/krb5-1.12-ksu-path.patch b/SOURCES/krb5-1.12-ksu-path.patch deleted file mode 100644 index 25b805a..0000000 --- a/SOURCES/krb5-1.12-ksu-path.patch +++ /dev/null @@ -1,22 +0,0 @@ -From ef8aa0a18c2bd2f960942380202a5fa992e2c7b3 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:32:09 -0400 -Subject: [PATCH] krb5-1.12-ksu-path.patch - -Set the default PATH to the one set by login. ---- - src/clients/ksu/Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in -index 5755bb58a..9d58f29b5 100644 ---- a/src/clients/ksu/Makefile.in -+++ b/src/clients/ksu/Makefile.in -@@ -1,6 +1,6 @@ - mydir=clients$(S)ksu - BUILDTOP=$(REL)..$(S).. --DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' -+DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"' - - KSU_LIBS=@KSU_LIBS@ - PAM_LIBS=@PAM_LIBS@ diff --git a/SOURCES/krb5-1.12-ktany.patch b/SOURCES/krb5-1.12-ktany.patch deleted file mode 100644 index 26d36df..0000000 --- a/SOURCES/krb5-1.12-ktany.patch +++ /dev/null @@ -1,366 +0,0 @@ -From 2ca8d242b1cac8abdb35bf0068e5d78300e07c3c Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:33:53 -0400 -Subject: [PATCH] krb5-1.12-ktany.patch - -Adds an "ANY" keytab type which is a list of other keytab locations to search -when searching for a specific entry. When iterated through, it only presents -the contents of the first keytab. ---- - src/lib/krb5/keytab/Makefile.in | 3 + - src/lib/krb5/keytab/kt_any.c | 292 ++++++++++++++++++++++++++++++++ - src/lib/krb5/keytab/ktbase.c | 7 +- - 3 files changed, 301 insertions(+), 1 deletion(-) - create mode 100644 src/lib/krb5/keytab/kt_any.c - -diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in -index 2a8fceb00..ffd179fb2 100644 ---- a/src/lib/krb5/keytab/Makefile.in -+++ b/src/lib/krb5/keytab/Makefile.in -@@ -12,6 +12,7 @@ STLIBOBJS= \ - ktfr_entry.o \ - ktremove.o \ - ktfns.o \ -+ kt_any.o \ - kt_file.o \ - kt_memory.o \ - kt_srvtab.o \ -@@ -24,6 +25,7 @@ OBJS= \ - $(OUTPRE)ktfr_entry.$(OBJEXT) \ - $(OUTPRE)ktremove.$(OBJEXT) \ - $(OUTPRE)ktfns.$(OBJEXT) \ -+ $(OUTPRE)kt_any.$(OBJEXT) \ - $(OUTPRE)kt_file.$(OBJEXT) \ - $(OUTPRE)kt_memory.$(OBJEXT) \ - $(OUTPRE)kt_srvtab.$(OBJEXT) \ -@@ -36,6 +38,7 @@ SRCS= \ - $(srcdir)/ktfr_entry.c \ - $(srcdir)/ktremove.c \ - $(srcdir)/ktfns.c \ -+ $(srcdir)/kt_any.c \ - $(srcdir)/kt_file.c \ - $(srcdir)/kt_memory.c \ - $(srcdir)/kt_srvtab.c \ -diff --git a/src/lib/krb5/keytab/kt_any.c b/src/lib/krb5/keytab/kt_any.c -new file mode 100644 -index 000000000..1b9b7765b ---- /dev/null -+++ b/src/lib/krb5/keytab/kt_any.c -@@ -0,0 +1,292 @@ -+/* -+ * lib/krb5/keytab/kt_any.c -+ * -+ * Copyright 1998, 1999 by the Massachusetts Institute of Technology. -+ * All Rights Reserved. -+ * -+ * Export of this software from the United States of America may -+ * require a specific license from the United States Government. -+ * It is the responsibility of any person or organization contemplating -+ * export to obtain such a license before exporting. -+ * -+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -+ * distribute this software and its documentation for any purpose and -+ * without fee is hereby granted, provided that the above copyright -+ * notice appear in all copies and that both that copyright notice and -+ * this permission notice appear in supporting documentation, and that -+ * the name of M.I.T. not be used in advertising or publicity pertaining -+ * to distribution of the software without specific, written prior -+ * permission. M.I.T. makes no representations about the suitability of -+ * this software for any purpose. It is provided "as is" without express -+ * or implied warranty. -+ * -+ * -+ * krb5_kta_ops -+ */ -+ -+#include "k5-int.h" -+ -+typedef struct _krb5_ktany_data { -+ char *name; -+ krb5_keytab *choices; -+ int nchoices; -+} krb5_ktany_data; -+ -+typedef struct _krb5_ktany_cursor_data { -+ int which; -+ krb5_kt_cursor cursor; -+} krb5_ktany_cursor_data; -+ -+static krb5_error_code krb5_ktany_resolve -+ (krb5_context, -+ const char *, -+ krb5_keytab *); -+static krb5_error_code krb5_ktany_get_name -+ (krb5_context context, -+ krb5_keytab id, -+ char *name, -+ unsigned int len); -+static krb5_error_code krb5_ktany_close -+ (krb5_context context, -+ krb5_keytab id); -+static krb5_error_code krb5_ktany_get_entry -+ (krb5_context context, -+ krb5_keytab id, -+ krb5_const_principal principal, -+ krb5_kvno kvno, -+ krb5_enctype enctype, -+ krb5_keytab_entry *entry); -+static krb5_error_code krb5_ktany_start_seq_get -+ (krb5_context context, -+ krb5_keytab id, -+ krb5_kt_cursor *cursorp); -+static krb5_error_code krb5_ktany_next_entry -+ (krb5_context context, -+ krb5_keytab id, -+ krb5_keytab_entry *entry, -+ krb5_kt_cursor *cursor); -+static krb5_error_code krb5_ktany_end_seq_get -+ (krb5_context context, -+ krb5_keytab id, -+ krb5_kt_cursor *cursor); -+static void cleanup -+ (krb5_context context, -+ krb5_ktany_data *data, -+ int nchoices); -+ -+struct _krb5_kt_ops krb5_kta_ops = { -+ 0, -+ "ANY", /* Prefix -- this string should not appear anywhere else! */ -+ krb5_ktany_resolve, -+ krb5_ktany_get_name, -+ krb5_ktany_close, -+ krb5_ktany_get_entry, -+ krb5_ktany_start_seq_get, -+ krb5_ktany_next_entry, -+ krb5_ktany_end_seq_get, -+ NULL, -+ NULL, -+ NULL, -+}; -+ -+static krb5_error_code -+krb5_ktany_resolve(context, name, id) -+ krb5_context context; -+ const char *name; -+ krb5_keytab *id; -+{ -+ const char *p, *q; -+ char *copy; -+ krb5_error_code kerror; -+ krb5_ktany_data *data; -+ int i; -+ -+ /* Allocate space for our data and remember a copy of the name. */ -+ if ((data = (krb5_ktany_data *)malloc(sizeof(krb5_ktany_data))) == NULL) -+ return(ENOMEM); -+ if ((data->name = (char *)malloc(strlen(name) + 1)) == NULL) { -+ free(data); -+ return(ENOMEM); -+ } -+ strcpy(data->name, name); -+ -+ /* Count the number of choices and allocate memory for them. */ -+ data->nchoices = 1; -+ for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1) -+ data->nchoices++; -+ if ((data->choices = (krb5_keytab *) -+ malloc(data->nchoices * sizeof(krb5_keytab))) == NULL) { -+ free(data->name); -+ free(data); -+ return(ENOMEM); -+ } -+ -+ /* Resolve each of the choices. */ -+ i = 0; -+ for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1) { -+ /* Make a copy of the choice name so we can terminate it. */ -+ if ((copy = (char *)malloc(q - p + 1)) == NULL) { -+ cleanup(context, data, i); -+ return(ENOMEM); -+ } -+ memcpy(copy, p, q - p); -+ copy[q - p] = 0; -+ -+ /* Try resolving the choice name. */ -+ kerror = krb5_kt_resolve(context, copy, &data->choices[i]); -+ free(copy); -+ if (kerror) { -+ cleanup(context, data, i); -+ return(kerror); -+ } -+ i++; -+ } -+ if ((kerror = krb5_kt_resolve(context, p, &data->choices[i]))) { -+ cleanup(context, data, i); -+ return(kerror); -+ } -+ -+ /* Allocate and fill in an ID for the caller. */ -+ if ((*id = (krb5_keytab)malloc(sizeof(**id))) == NULL) { -+ cleanup(context, data, i); -+ return(ENOMEM); -+ } -+ (*id)->ops = &krb5_kta_ops; -+ (*id)->data = (krb5_pointer)data; -+ (*id)->magic = KV5M_KEYTAB; -+ -+ return(0); -+} -+ -+static krb5_error_code -+krb5_ktany_get_name(context, id, name, len) -+ krb5_context context; -+ krb5_keytab id; -+ char *name; -+ unsigned int len; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ -+ if (len < strlen(data->name) + 1) -+ return(KRB5_KT_NAME_TOOLONG); -+ strcpy(name, data->name); -+ return(0); -+} -+ -+static krb5_error_code -+krb5_ktany_close(context, id) -+ krb5_context context; -+ krb5_keytab id; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ -+ cleanup(context, data, data->nchoices); -+ id->ops = 0; -+ free(id); -+ return(0); -+} -+ -+static krb5_error_code -+krb5_ktany_get_entry(context, id, principal, kvno, enctype, entry) -+ krb5_context context; -+ krb5_keytab id; -+ krb5_const_principal principal; -+ krb5_kvno kvno; -+ krb5_enctype enctype; -+ krb5_keytab_entry *entry; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ krb5_error_code kerror = KRB5_KT_NOTFOUND; -+ int i; -+ -+ for (i = 0; i < data->nchoices; i++) { -+ if ((kerror = krb5_kt_get_entry(context, data->choices[i], principal, -+ kvno, enctype, entry)) != ENOENT) -+ return kerror; -+ } -+ return kerror; -+} -+ -+static krb5_error_code -+krb5_ktany_start_seq_get(context, id, cursorp) -+ krb5_context context; -+ krb5_keytab id; -+ krb5_kt_cursor *cursorp; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ krb5_ktany_cursor_data *cdata; -+ krb5_error_code kerror = ENOENT; -+ int i; -+ -+ if ((cdata = (krb5_ktany_cursor_data *) -+ malloc(sizeof(krb5_ktany_cursor_data))) == NULL) -+ return(ENOMEM); -+ -+ /* Find a choice which can handle the serialization request. */ -+ for (i = 0; i < data->nchoices; i++) { -+ if ((kerror = krb5_kt_start_seq_get(context, data->choices[i], -+ &cdata->cursor)) == 0) -+ break; -+ else if (kerror != ENOENT) { -+ free(cdata); -+ return(kerror); -+ } -+ } -+ -+ if (i == data->nchoices) { -+ /* Everyone returned ENOENT, so no go. */ -+ free(cdata); -+ return(kerror); -+ } -+ -+ cdata->which = i; -+ *cursorp = (krb5_kt_cursor)cdata; -+ return(0); -+} -+ -+static krb5_error_code -+krb5_ktany_next_entry(context, id, entry, cursor) -+ krb5_context context; -+ krb5_keytab id; -+ krb5_keytab_entry *entry; -+ krb5_kt_cursor *cursor; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor; -+ krb5_keytab choice_id; -+ -+ choice_id = data->choices[cdata->which]; -+ return(krb5_kt_next_entry(context, choice_id, entry, &cdata->cursor)); -+} -+ -+static krb5_error_code -+krb5_ktany_end_seq_get(context, id, cursor) -+ krb5_context context; -+ krb5_keytab id; -+ krb5_kt_cursor *cursor; -+{ -+ krb5_ktany_data *data = (krb5_ktany_data *)id->data; -+ krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor; -+ krb5_keytab choice_id; -+ krb5_error_code kerror; -+ -+ choice_id = data->choices[cdata->which]; -+ kerror = krb5_kt_end_seq_get(context, choice_id, &cdata->cursor); -+ free(cdata); -+ return(kerror); -+} -+ -+static void -+cleanup(context, data, nchoices) -+ krb5_context context; -+ krb5_ktany_data *data; -+ int nchoices; -+{ -+ int i; -+ -+ free(data->name); -+ for (i = 0; i < nchoices; i++) -+ krb5_kt_close(context, data->choices[i]); -+ free(data->choices); -+ free(data); -+} -diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c -index 0d39b2940..6534d7c52 100644 ---- a/src/lib/krb5/keytab/ktbase.c -+++ b/src/lib/krb5/keytab/ktbase.c -@@ -57,14 +57,19 @@ extern const krb5_kt_ops krb5_ktf_ops; - extern const krb5_kt_ops krb5_ktf_writable_ops; - extern const krb5_kt_ops krb5_kts_ops; - extern const krb5_kt_ops krb5_mkt_ops; -+extern const krb5_kt_ops krb5_kta_ops; - - struct krb5_kt_typelist { - const krb5_kt_ops *ops; - const struct krb5_kt_typelist *next; - }; -+static struct krb5_kt_typelist krb5_kt_typelist_any = { -+ &krb5_kta_ops, -+ NULL -+}; - const static struct krb5_kt_typelist krb5_kt_typelist_srvtab = { - &krb5_kts_ops, -- NULL -+ &krb5_kt_typelist_any - }; - const static struct krb5_kt_typelist krb5_kt_typelist_memory = { - &krb5_mkt_ops, diff --git a/SOURCES/krb5-1.12.1-pam.patch b/SOURCES/krb5-1.12.1-pam.patch deleted file mode 100644 index c5b5e78..0000000 --- a/SOURCES/krb5-1.12.1-pam.patch +++ /dev/null @@ -1,770 +0,0 @@ -From 02a10f4b9a8decc8d10f3e045282a0ae7ed1c00d Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:29:58 -0400 -Subject: [PATCH] krb5-1.12.1-pam.patch - -Modify ksu so that it performs account and session management on behalf of -the target user account, mimicking the action of regular su. The default -service name is "ksu", because on Fedora at least the configuration used -is determined by whether or not a login shell is being opened, and so -this may need to vary, too. At run-time, ksu's behavior can be reset to -the earlier, non-PAM behavior by setting "use_pam" to false in the [ksu] -section of /etc/krb5.conf. - -When enabled, ksu gains a dependency on libpam. - -Originally RT#5939, though it's changed since then to perform the account -and session management before dropping privileges, and to apply on top of -changes we're proposing for how it handles cache collections. ---- - src/aclocal.m4 | 67 +++++++ - src/clients/ksu/Makefile.in | 8 +- - src/clients/ksu/main.c | 88 +++++++- - src/clients/ksu/pam.c | 389 ++++++++++++++++++++++++++++++++++++ - src/clients/ksu/pam.h | 57 ++++++ - src/configure.in | 2 + - 6 files changed, 608 insertions(+), 3 deletions(-) - create mode 100644 src/clients/ksu/pam.c - create mode 100644 src/clients/ksu/pam.h - -diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index 3752d9bd5..340546d80 100644 ---- a/src/aclocal.m4 -+++ b/src/aclocal.m4 -@@ -1697,3 +1697,70 @@ AC_DEFUN(KRB5_AC_PERSISTENT_KEYRING,[ - ])) - ])dnl - dnl -+dnl -+dnl Use PAM instead of local crypt() compare for checking local passwords, -+dnl and perform PAM account, session management, and password-changing where -+dnl appropriate. -+dnl -+AC_DEFUN(KRB5_WITH_PAM,[ -+AC_ARG_WITH(pam,[AC_HELP_STRING(--with-pam,[compile with PAM support])], -+ withpam="$withval",withpam=auto) -+AC_ARG_WITH(pam-ksu-service,[AC_HELP_STRING(--with-ksu-service,[PAM service name for ksu ["ksu"]])], -+ withksupamservice="$withval",withksupamservice=ksu) -+old_LIBS="$LIBS" -+if test "$withpam" != no ; then -+ AC_MSG_RESULT([checking for PAM...]) -+ PAM_LIBS= -+ -+ AC_CHECK_HEADERS(security/pam_appl.h) -+ if test "x$ac_cv_header_security_pam_appl_h" != xyes ; then -+ if test "$withpam" = auto ; then -+ AC_MSG_RESULT([Unable to locate security/pam_appl.h.]) -+ withpam=no -+ else -+ AC_MSG_ERROR([Unable to locate security/pam_appl.h.]) -+ fi -+ fi -+ -+ LIBS= -+ unset ac_cv_func_pam_start -+ AC_CHECK_FUNCS(putenv pam_start) -+ if test "x$ac_cv_func_pam_start" = xno ; then -+ unset ac_cv_func_pam_start -+ AC_CHECK_LIB(dl,dlopen) -+ AC_CHECK_FUNCS(pam_start) -+ if test "x$ac_cv_func_pam_start" = xno ; then -+ AC_CHECK_LIB(pam,pam_start) -+ unset ac_cv_func_pam_start -+ unset ac_cv_func_pam_getenvlist -+ AC_CHECK_FUNCS(pam_start pam_getenvlist) -+ if test "x$ac_cv_func_pam_start" = xyes ; then -+ PAM_LIBS="$LIBS" -+ else -+ if test "$withpam" = auto ; then -+ AC_MSG_RESULT([Unable to locate libpam.]) -+ withpam=no -+ else -+ AC_MSG_ERROR([Unable to locate libpam.]) -+ fi -+ fi -+ fi -+ fi -+ if test "$withpam" != no ; then -+ AC_MSG_NOTICE([building with PAM support]) -+ AC_DEFINE(USE_PAM,1,[Define if Kerberos-aware tools should support PAM]) -+ AC_DEFINE_UNQUOTED(KSU_PAM_SERVICE,"$withksupamservice", -+ [Define to the name of the PAM service name to be used by ksu.]) -+ PAM_LIBS="$LIBS" -+ NON_PAM_MAN=".\\\" " -+ PAM_MAN= -+ else -+ PAM_MAN=".\\\" " -+ NON_PAM_MAN= -+ fi -+fi -+LIBS="$old_LIBS" -+AC_SUBST(PAM_LIBS) -+AC_SUBST(PAM_MAN) -+AC_SUBST(NON_PAM_MAN) -+])dnl -diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in -index b2fcbf240..5755bb58a 100644 ---- a/src/clients/ksu/Makefile.in -+++ b/src/clients/ksu/Makefile.in -@@ -3,12 +3,14 @@ BUILDTOP=$(REL)..$(S).. - DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' - - KSU_LIBS=@KSU_LIBS@ -+PAM_LIBS=@PAM_LIBS@ - - SRCS = \ - $(srcdir)/krb_auth_su.c \ - $(srcdir)/ccache.c \ - $(srcdir)/authorization.c \ - $(srcdir)/main.c \ -+ $(srcdir)/pam.c \ - $(srcdir)/heuristic.c \ - $(srcdir)/xmalloc.c \ - $(srcdir)/setenv.c -@@ -17,13 +19,17 @@ OBJS = \ - ccache.o \ - authorization.o \ - main.o \ -+ pam.o \ - heuristic.o \ - xmalloc.o @SETENVOBJ@ - - all: ksu - - ksu: $(OBJS) $(KRB5_BASE_DEPLIBS) -- $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) -+ $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) $(PAM_LIBS) -+ -+pam.o: pam.c -+ $(CC) $(ALL_CFLAGS) -c $< - - clean: - $(RM) ksu -diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c -index d9596d948..ec06788bc 100644 ---- a/src/clients/ksu/main.c -+++ b/src/clients/ksu/main.c -@@ -26,6 +26,7 @@ - * KSU was writen by: Ari Medvinsky, ari@isi.edu - */ - -+#include "autoconf.h" - #include "ksu.h" - #include "adm_proto.h" - #include -@@ -33,6 +34,10 @@ - #include - #include - -+#ifdef USE_PAM -+#include "pam.h" -+#endif -+ - /* globals */ - char * prog_name; - int auth_debug =0; -@@ -40,6 +45,7 @@ char k5login_path[MAXPATHLEN]; - char k5users_path[MAXPATHLEN]; - char * gb_err = NULL; - int quiet = 0; -+int force_fork = 0; - /***********/ - - #define KS_TEMPORARY_CACHE "MEMORY:_ksu" -@@ -528,6 +534,23 @@ main (argc, argv) - prog_name,target_user,client_name, - source_user,ontty()); - -+#ifdef USE_PAM -+ if (appl_pam_enabled(ksu_context, "ksu")) { -+ if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL, -+ NULL, source_user, -+ ttyname(STDERR_FILENO)) != 0) { -+ fprintf(stderr, "Access denied for %s.\n", target_user); -+ exit(1); -+ } -+ if (appl_pam_requires_chauthtok()) { -+ fprintf(stderr, "Password change required for %s.\n", -+ target_user); -+ exit(1); -+ } -+ force_fork++; -+ } -+#endif -+ - /* Run authorization as target.*/ - if (krb5_seteuid(target_uid)) { - com_err(prog_name, errno, _("while switching to target for " -@@ -588,6 +611,24 @@ main (argc, argv) - - exit(1); - } -+#ifdef USE_PAM -+ } else { -+ /* we always do PAM account management, even for root */ -+ if (appl_pam_enabled(ksu_context, "ksu")) { -+ if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL, -+ NULL, source_user, -+ ttyname(STDERR_FILENO)) != 0) { -+ fprintf(stderr, "Access denied for %s.\n", target_user); -+ exit(1); -+ } -+ if (appl_pam_requires_chauthtok()) { -+ fprintf(stderr, "Password change required for %s.\n", -+ target_user); -+ exit(1); -+ } -+ force_fork++; -+ } -+#endif - } - - if( some_rest_copy){ -@@ -645,6 +686,30 @@ main (argc, argv) - exit(1); - } - -+#ifdef USE_PAM -+ if (appl_pam_enabled(ksu_context, "ksu")) { -+ if (appl_pam_session_open() != 0) { -+ fprintf(stderr, "Error opening session for %s.\n", target_user); -+ exit(1); -+ } -+#ifdef DEBUG -+ if (auth_debug){ -+ printf(" Opened PAM session.\n"); -+ } -+#endif -+ if (appl_pam_cred_init()) { -+ fprintf(stderr, "Error initializing credentials for %s.\n", -+ target_user); -+ exit(1); -+ } -+#ifdef DEBUG -+ if (auth_debug){ -+ printf(" Initialized PAM credentials.\n"); -+ } -+#endif -+ } -+#endif -+ - /* set permissions */ - if (setgid(target_pwd->pw_gid) < 0) { - perror("ksu: setgid"); -@@ -742,7 +807,7 @@ main (argc, argv) - fprintf(stderr, "program to be execed %s\n",params[0]); - } - -- if( keep_target_cache ) { -+ if( keep_target_cache && !force_fork ) { - execv(params[0], params); - com_err(prog_name, errno, _("while trying to execv %s"), params[0]); - sweep_up(ksu_context, cc_target); -@@ -772,16 +837,35 @@ main (argc, argv) - if (ret_pid == -1) { - com_err(prog_name, errno, _("while calling waitpid")); - } -- sweep_up(ksu_context, cc_target); -+ if( !keep_target_cache ) { -+ sweep_up(ksu_context, cc_target); -+ } - exit (statusp); - case -1: - com_err(prog_name, errno, _("while trying to fork.")); - sweep_up(ksu_context, cc_target); - exit (1); - case 0: -+#ifdef USE_PAM -+ if (appl_pam_enabled(ksu_context, "ksu")) { -+ if (appl_pam_setenv() != 0) { -+ fprintf(stderr, "Error setting up environment for %s.\n", -+ target_user); -+ exit (1); -+ } -+#ifdef DEBUG -+ if (auth_debug){ -+ printf(" Set up PAM environment.\n"); -+ } -+#endif -+ } -+#endif - execv(params[0], params); - com_err(prog_name, errno, _("while trying to execv %s"), - params[0]); -+ if( keep_target_cache ) { -+ sweep_up(ksu_context, cc_target); -+ } - exit (1); - } - } -diff --git a/src/clients/ksu/pam.c b/src/clients/ksu/pam.c -new file mode 100644 -index 000000000..cbfe48704 ---- /dev/null -+++ b/src/clients/ksu/pam.c -@@ -0,0 +1,389 @@ -+/* -+ * src/clients/ksu/pam.c -+ * -+ * Copyright 2007,2009,2010 Red Hat, Inc. -+ * -+ * All Rights Reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions are met: -+ * -+ * Redistributions of source code must retain the above copyright notice, this -+ * list of conditions and the following disclaimer. -+ * -+ * Redistributions in binary form must reproduce the above copyright notice, -+ * this list of conditions and the following disclaimer in the documentation -+ * and/or other materials provided with the distribution. -+ * -+ * Neither the name of Red Hat, Inc. nor the names of its contributors may be -+ * used to endorse or promote products derived from this software without -+ * specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -+ * POSSIBILITY OF SUCH DAMAGE. -+ * -+ * Convenience wrappers for using PAM. -+ */ -+ -+#include "autoconf.h" -+#ifdef USE_PAM -+#include -+#include -+#include -+#include -+#include -+#include "k5-int.h" -+#include "pam.h" -+ -+#ifndef MAXPWSIZE -+#define MAXPWSIZE 128 -+#endif -+ -+static int appl_pam_started; -+static pid_t appl_pam_starter = -1; -+static int appl_pam_session_opened; -+static int appl_pam_creds_initialized; -+static int appl_pam_pwchange_required; -+static pam_handle_t *appl_pamh; -+static struct pam_conv appl_pam_conv; -+static char *appl_pam_user; -+struct appl_pam_non_interactive_args { -+ const char *user; -+ const char *password; -+}; -+ -+int -+appl_pam_enabled(krb5_context context, const char *section) -+{ -+ int enabled = 1; -+ if ((context != NULL) && (context->profile != NULL)) { -+ if (profile_get_boolean(context->profile, -+ section, -+ USE_PAM_CONFIGURATION_KEYWORD, -+ NULL, -+ enabled, &enabled) != 0) { -+ enabled = 1; -+ } -+ } -+ return enabled; -+} -+ -+void -+appl_pam_cleanup(void) -+{ -+ if (getpid() != appl_pam_starter) { -+ return; -+ } -+#ifdef DEBUG -+ printf("Called to clean up PAM.\n"); -+#endif -+ if (appl_pam_creds_initialized) { -+#ifdef DEBUG -+ printf("Deleting PAM credentials.\n"); -+#endif -+ pam_setcred(appl_pamh, PAM_DELETE_CRED); -+ appl_pam_creds_initialized = 0; -+ } -+ if (appl_pam_session_opened) { -+#ifdef DEBUG -+ printf("Closing PAM session.\n"); -+#endif -+ pam_close_session(appl_pamh, 0); -+ appl_pam_session_opened = 0; -+ } -+ appl_pam_pwchange_required = 0; -+ if (appl_pam_started) { -+#ifdef DEBUG -+ printf("Shutting down PAM.\n"); -+#endif -+ pam_end(appl_pamh, 0); -+ appl_pam_started = 0; -+ appl_pam_starter = -1; -+ free(appl_pam_user); -+ appl_pam_user = NULL; -+ } -+} -+static int -+appl_pam_interactive_converse(int num_msg, const struct pam_message **msg, -+ struct pam_response **presp, void *appdata_ptr) -+{ -+ const struct pam_message *message; -+ struct pam_response *resp; -+ int i, code; -+ char *pwstring, pwbuf[MAXPWSIZE]; -+ unsigned int pwsize; -+ resp = malloc(sizeof(struct pam_response) * num_msg); -+ if (resp == NULL) { -+ return PAM_BUF_ERR; -+ } -+ memset(resp, 0, sizeof(struct pam_response) * num_msg); -+ code = PAM_SUCCESS; -+ for (i = 0; i < num_msg; i++) { -+ message = &(msg[0][i]); /* XXX */ -+ message = msg[i]; /* XXX */ -+ pwstring = NULL; -+ switch (message->msg_style) { -+ case PAM_TEXT_INFO: -+ case PAM_ERROR_MSG: -+ printf("[%s]\n", message->msg ? message->msg : ""); -+ fflush(stdout); -+ resp[i].resp = NULL; -+ resp[i].resp_retcode = PAM_SUCCESS; -+ break; -+ case PAM_PROMPT_ECHO_ON: -+ case PAM_PROMPT_ECHO_OFF: -+ if (message->msg_style == PAM_PROMPT_ECHO_ON) { -+ if (fgets(pwbuf, sizeof(pwbuf), -+ stdin) != NULL) { -+ pwbuf[strcspn(pwbuf, "\r\n")] = '\0'; -+ pwstring = pwbuf; -+ } -+ } else { -+ pwstring = getpass(message->msg ? -+ message->msg : -+ ""); -+ } -+ if ((pwstring != NULL) && (pwstring[0] != '\0')) { -+ pwsize = strlen(pwstring); -+ resp[i].resp = malloc(pwsize + 1); -+ if (resp[i].resp == NULL) { -+ resp[i].resp_retcode = PAM_BUF_ERR; -+ } else { -+ memcpy(resp[i].resp, pwstring, pwsize); -+ resp[i].resp[pwsize] = '\0'; -+ resp[i].resp_retcode = PAM_SUCCESS; -+ } -+ } else { -+ resp[i].resp_retcode = PAM_CONV_ERR; -+ code = PAM_CONV_ERR; -+ } -+ break; -+ default: -+ break; -+ } -+ } -+ *presp = resp; -+ return code; -+} -+static int -+appl_pam_non_interactive_converse(int num_msg, -+ const struct pam_message **msg, -+ struct pam_response **presp, -+ void *appdata_ptr) -+{ -+ const struct pam_message *message; -+ struct pam_response *resp; -+ int i, code; -+ unsigned int pwsize; -+ struct appl_pam_non_interactive_args *args; -+ const char *pwstring; -+ resp = malloc(sizeof(struct pam_response) * num_msg); -+ if (resp == NULL) { -+ return PAM_BUF_ERR; -+ } -+ args = appdata_ptr; -+ memset(resp, 0, sizeof(struct pam_response) * num_msg); -+ code = PAM_SUCCESS; -+ for (i = 0; i < num_msg; i++) { -+ message = &((*msg)[i]); -+ message = msg[i]; -+ pwstring = NULL; -+ switch (message->msg_style) { -+ case PAM_TEXT_INFO: -+ case PAM_ERROR_MSG: -+ break; -+ case PAM_PROMPT_ECHO_ON: -+ case PAM_PROMPT_ECHO_OFF: -+ if (message->msg_style == PAM_PROMPT_ECHO_ON) { -+ /* assume "user" */ -+ pwstring = args->user; -+ } else { -+ /* assume "password" */ -+ pwstring = args->password; -+ } -+ if ((pwstring != NULL) && (pwstring[0] != '\0')) { -+ pwsize = strlen(pwstring); -+ resp[i].resp = malloc(pwsize + 1); -+ if (resp[i].resp == NULL) { -+ resp[i].resp_retcode = PAM_BUF_ERR; -+ } else { -+ memcpy(resp[i].resp, pwstring, pwsize); -+ resp[i].resp[pwsize] = '\0'; -+ resp[i].resp_retcode = PAM_SUCCESS; -+ } -+ } else { -+ resp[i].resp_retcode = PAM_CONV_ERR; -+ code = PAM_CONV_ERR; -+ } -+ break; -+ default: -+ break; -+ } -+ } -+ *presp = resp; -+ return code; -+} -+static int -+appl_pam_start(const char *service, int interactive, -+ const char *login_username, -+ const char *non_interactive_password, -+ const char *hostname, -+ const char *ruser, -+ const char *tty) -+{ -+ static int exit_handler_registered; -+ static struct appl_pam_non_interactive_args args; -+ int ret = 0; -+ if (appl_pam_started && -+ (strcmp(login_username, appl_pam_user) != 0)) { -+ appl_pam_cleanup(); -+ appl_pam_user = NULL; -+ } -+ if (!appl_pam_started) { -+#ifdef DEBUG -+ printf("Starting PAM up (service=\"%s\",user=\"%s\").\n", -+ service, login_username); -+#endif -+ memset(&appl_pam_conv, 0, sizeof(appl_pam_conv)); -+ appl_pam_conv.conv = interactive ? -+ &appl_pam_interactive_converse : -+ &appl_pam_non_interactive_converse; -+ memset(&args, 0, sizeof(args)); -+ args.user = strdup(login_username); -+ args.password = non_interactive_password ? -+ strdup(non_interactive_password) : -+ NULL; -+ appl_pam_conv.appdata_ptr = &args; -+ ret = pam_start(service, login_username, -+ &appl_pam_conv, &appl_pamh); -+ if (ret == 0) { -+ if (hostname != NULL) { -+#ifdef DEBUG -+ printf("Setting PAM_RHOST to \"%s\".\n", hostname); -+#endif -+ pam_set_item(appl_pamh, PAM_RHOST, hostname); -+ } -+ if (ruser != NULL) { -+#ifdef DEBUG -+ printf("Setting PAM_RUSER to \"%s\".\n", ruser); -+#endif -+ pam_set_item(appl_pamh, PAM_RUSER, ruser); -+ } -+ if (tty != NULL) { -+#ifdef DEBUG -+ printf("Setting PAM_TTY to \"%s\".\n", tty); -+#endif -+ pam_set_item(appl_pamh, PAM_TTY, tty); -+ } -+ if (!exit_handler_registered && -+ (atexit(appl_pam_cleanup) != 0)) { -+ pam_end(appl_pamh, 0); -+ appl_pamh = NULL; -+ ret = -1; -+ } else { -+ appl_pam_started = 1; -+ appl_pam_starter = getpid(); -+ appl_pam_user = strdup(login_username); -+ exit_handler_registered = 1; -+ } -+ } -+ } -+ return ret; -+} -+int -+appl_pam_acct_mgmt(const char *service, int interactive, -+ const char *login_username, -+ const char *non_interactive_password, -+ const char *hostname, -+ const char *ruser, -+ const char *tty) -+{ -+ int ret; -+ appl_pam_pwchange_required = 0; -+ ret = appl_pam_start(service, interactive, login_username, -+ non_interactive_password, hostname, ruser, tty); -+ if (ret == 0) { -+#ifdef DEBUG -+ printf("Calling pam_acct_mgmt().\n"); -+#endif -+ ret = pam_acct_mgmt(appl_pamh, 0); -+ switch (ret) { -+ case PAM_IGNORE: -+ ret = 0; -+ break; -+ case PAM_NEW_AUTHTOK_REQD: -+ appl_pam_pwchange_required = 1; -+ ret = 0; -+ break; -+ default: -+ break; -+ } -+ } -+ return ret; -+} -+int -+appl_pam_requires_chauthtok(void) -+{ -+ return appl_pam_pwchange_required; -+} -+int -+appl_pam_session_open(void) -+{ -+ int ret = 0; -+ if (appl_pam_started) { -+#ifdef DEBUG -+ printf("Opening PAM session.\n"); -+#endif -+ ret = pam_open_session(appl_pamh, 0); -+ if (ret == 0) { -+ appl_pam_session_opened = 1; -+ } -+ } -+ return ret; -+} -+int -+appl_pam_setenv(void) -+{ -+ int ret = 0; -+#ifdef HAVE_PAM_GETENVLIST -+#ifdef HAVE_PUTENV -+ int i; -+ char **list; -+ if (appl_pam_started) { -+ list = pam_getenvlist(appl_pamh); -+ for (i = 0; ((list != NULL) && (list[i] != NULL)); i++) { -+#ifdef DEBUG -+ printf("Setting \"%s\" in environment.\n", list[i]); -+#endif -+ putenv(list[i]); -+ } -+ } -+#endif -+#endif -+ return ret; -+} -+int -+appl_pam_cred_init(void) -+{ -+ int ret = 0; -+ if (appl_pam_started) { -+#ifdef DEBUG -+ printf("Initializing PAM credentials.\n"); -+#endif -+ ret = pam_setcred(appl_pamh, PAM_ESTABLISH_CRED); -+ if (ret == 0) { -+ appl_pam_creds_initialized = 1; -+ } -+ } -+ return ret; -+} -+#endif -diff --git a/src/clients/ksu/pam.h b/src/clients/ksu/pam.h -new file mode 100644 -index 000000000..0ab76569c ---- /dev/null -+++ b/src/clients/ksu/pam.h -@@ -0,0 +1,57 @@ -+/* -+ * src/clients/ksu/pam.h -+ * -+ * Copyright 2007,2009,2010 Red Hat, Inc. -+ * -+ * All Rights Reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions are met: -+ * -+ * Redistributions of source code must retain the above copyright notice, this -+ * list of conditions and the following disclaimer. -+ * -+ * Redistributions in binary form must reproduce the above copyright notice, -+ * this list of conditions and the following disclaimer in the documentation -+ * and/or other materials provided with the distribution. -+ * -+ * Neither the name of Red Hat, Inc. nor the names of its contributors may be -+ * used to endorse or promote products derived from this software without -+ * specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -+ * POSSIBILITY OF SUCH DAMAGE. -+ * -+ * Convenience wrappers for using PAM. -+ */ -+ -+#include -+#ifdef HAVE_SECURITY_PAM_APPL_H -+#include -+#endif -+ -+#define USE_PAM_CONFIGURATION_KEYWORD "use_pam" -+ -+#ifdef USE_PAM -+int appl_pam_enabled(krb5_context context, const char *section); -+int appl_pam_acct_mgmt(const char *service, int interactive, -+ const char *local_username, -+ const char *non_interactive_password, -+ const char *hostname, -+ const char *ruser, -+ const char *tty); -+int appl_pam_requires_chauthtok(void); -+int appl_pam_session_open(void); -+int appl_pam_setenv(void); -+int appl_pam_cred_init(void); -+void appl_pam_cleanup(void); -+#endif -diff --git a/src/configure.in b/src/configure.in -index 61ef738dc..e9a12ac16 100644 ---- a/src/configure.in -+++ b/src/configure.in -@@ -1352,6 +1352,8 @@ AC_SUBST([VERTO_VERSION]) - - AC_PATH_PROG(GROFF, groff) - -+KRB5_WITH_PAM -+ - # Make localedir work in autoconf 2.5x. - if test "${localedir+set}" != set; then - localedir='$(datadir)/locale' diff --git a/SOURCES/krb5-1.13-dirsrv-accountlock.patch b/SOURCES/krb5-1.13-dirsrv-accountlock.patch deleted file mode 100644 index db48910..0000000 --- a/SOURCES/krb5-1.13-dirsrv-accountlock.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 1dc051d5964aba0b8cd3d01f063ffc28253456de Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:47:44 -0400 -Subject: [PATCH] krb5-1.13-dirsrv-accountlock.patch - -Treat 'nsAccountLock: true' the same as 'loginDisabled: true'. Updated from -original version filed as RT#5891. ---- - src/aclocal.m4 | 9 +++++++++ - src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 17 +++++++++++++++++ - .../kdb/ldap/libkdb_ldap/ldap_principal.c | 3 +++ - 3 files changed, 29 insertions(+) - -diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index db18226ed..518b1a547 100644 ---- a/src/aclocal.m4 -+++ b/src/aclocal.m4 -@@ -1678,6 +1678,15 @@ if test "$with_ldap" = yes; then - AC_MSG_NOTICE(enabling OpenLDAP database backend module support) - OPENLDAP_PLUGIN=yes - fi -+AC_ARG_WITH([dirsrv-account-locking], -+[ --with-dirsrv-account-locking compile 389/Red Hat/Fedora/Netscape Directory Server database backend module], -+[case "$withval" in -+ yes | no) ;; -+ *) AC_MSG_ERROR(Invalid option value --with-dirsrv-account-locking="$withval") ;; -+esac], with_dirsrv_account_locking=no) -+if test $with_dirsrv_account_locking = yes; then -+ AC_DEFINE(HAVE_DIRSRV_ACCOUNT_LOCKING,1,[Define if LDAP KDB interface should heed 389 DS's nsAccountLock attribute.]) -+fi - ])dnl - dnl - dnl If libkeyutils exists (on Linux) include it and use keyring ccache -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -index 5b9d1e9fa..4e7270065 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c -@@ -1652,6 +1652,23 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context, - ret = krb5_dbe_update_tl_data(context, entry, &userinfo_tl_data); - if (ret) - goto cleanup; -+#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING -+ { -+ krb5_timestamp expiretime=0; -+ char *is_login_disabled=NULL; -+ -+ /* LOGIN DISABLED */ -+ ret = krb5_ldap_get_string(ld, ent, "nsAccountLock", &is_login_disabled, -+ &attr_present); -+ if (ret) -+ goto cleanup; -+ if (attr_present == TRUE) { -+ if (strcasecmp(is_login_disabled, "TRUE")== 0) -+ entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX; -+ free (is_login_disabled); -+ } -+ } -+#endif - - ret = krb5_read_tkt_policy(context, ldap_context, entry, tktpolname); - if (ret) -diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c -index d722dbfa6..5e8e9a897 100644 ---- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c -+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c -@@ -54,6 +54,9 @@ char *principal_attributes[] = { "krbprincipalname", - "krbLastFailedAuth", - "krbLoginFailedCount", - "krbLastSuccessfulAuth", -+#ifdef HAVE_DIRSRV_ACCOUNT_LOCKING -+ "nsAccountLock", -+#endif - "krbLastPwdChange", - "krbLastAdminUnlock", - "krbPrincipalAuthInd", diff --git a/SOURCES/krb5-1.15-beta1-buildconf.patch b/SOURCES/krb5-1.15-beta1-buildconf.patch deleted file mode 100644 index 6d1e151..0000000 --- a/SOURCES/krb5-1.15-beta1-buildconf.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 90bf9e3c4a80e7e46e6e00b9d541c6144968cad4 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:45:26 -0400 -Subject: [PATCH] krb5-1.15-beta1-buildconf.patch - -Build binaries in this package as RELRO PIEs, libraries as partial RELRO, -and install shared libraries with the execute bit set on them. Prune out -the -L/usr/lib* and PIE flags where they might leak out and affect -apps which just want to link with the libraries. FIXME: needs to check and -not just assume that the compiler supports using these flags. ---- - src/build-tools/krb5-config.in | 7 +++++++ - src/config/pre.in | 2 +- - src/config/shlib.conf | 5 +++-- - 3 files changed, 11 insertions(+), 3 deletions(-) - -diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in -index c17cb5eb5..1891dea99 100755 ---- a/src/build-tools/krb5-config.in -+++ b/src/build-tools/krb5-config.in -@@ -226,6 +226,13 @@ if test -n "$do_libs"; then - -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ - -e 's#\$(CFLAGS)##'` - -+ if test `dirname $libdir` = /usr ; then -+ lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"` -+ fi -+ lib_flags=`echo $lib_flags | sed -e "s#-fPIE##g" -e "s#-pie##g"` -+ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,relro##g"` -+ lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,now##g"` -+ - if test $library = 'kdb'; then - lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" - library=krb5 -diff --git a/src/config/pre.in b/src/config/pre.in -index 917357df9..a8540ae2a 100644 ---- a/src/config/pre.in -+++ b/src/config/pre.in -@@ -185,7 +185,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) - INSTALL_SCRIPT=@INSTALL_PROGRAM@ - INSTALL_DATA=@INSTALL_DATA@ - INSTALL_SHLIB=@INSTALL_SHLIB@ --INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root -+INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 - ## This is needed because autoconf will sometimes define @exec_prefix@ to be - ## ${prefix}. - prefix=@prefix@ -diff --git a/src/config/shlib.conf b/src/config/shlib.conf -index 3e4af6c02..2b20c3fda 100644 ---- a/src/config/shlib.conf -+++ b/src/config/shlib.conf -@@ -423,7 +423,7 @@ mips-*-netbsd*) - # Linux ld doesn't default to stuffing the SONAME field... - # Use objdump -x to examine the fields of the library - # UNDEF_CHECK is suppressed by --enable-asan -- LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK)' -+ LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK) -Wl,-z,relro -Wl,--warn-shared-textrel' - UNDEF_CHECK='-Wl,--no-undefined' - # $(EXPORT_CHECK) runs export-check.pl when in maintainer mode. - LDCOMBINE_TAIL='-Wl,--version-script binutils.versions $(EXPORT_CHECK)' -@@ -435,7 +435,8 @@ mips-*-netbsd*) - SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' - PROFFLAGS=-pg - PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' -- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' -+ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)' -+ INSTALL_SHLIB='${INSTALL} -m755' - CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' - CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/SOURCES/krb5-1.17-beta1-selinux-label.patch b/SOURCES/krb5-1.17-beta1-selinux-label.patch deleted file mode 100644 index 3f874f5..0000000 --- a/SOURCES/krb5-1.17-beta1-selinux-label.patch +++ /dev/null @@ -1,1065 +0,0 @@ -From 46946e305e4536a56866ff21ac1f6e8ed7c3b814 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:30:53 -0400 -Subject: [PATCH] krb5-1.17-beta1-selinux-label.patch - -SELinux bases access to files on the domain of the requesting process, -the operation being performed, and the context applied to the file. - -In many cases, applications needn't be SELinux aware to work properly, -because SELinux can apply a default label to a file based on the label -of the directory in which it's created. - -In the case of files such as /etc/krb5.keytab, however, this isn't -sufficient, as /etc/krb5.keytab will almost always need to be given a -label which differs from that of /etc/issue or /etc/resolv.conf. The -the kdb stash file needs a different label than the database for which -it's holding a master key, even though both typically live in the same -directory. - -To give the file the correct label, we can either force a "restorecon" -call to fix a file's label after it's created, or create the file with -the right label, as we attempt to do here. We lean on THREEPARAMOPEN -and define a similar macro named WRITABLEFOPEN with which we replace -several uses of fopen(). - -The file creation context that we're manipulating here is a process-wide -attribute. While for the most part, applications which need to label -files when they're created have tended to be single-threaded, there's -not much we can do to avoid interfering with an application that -manipulates the creation context directly. Right now we're mediating -access using a library-local mutex, but that can only work for consumers -that are part of this package -- an unsuspecting application will still -stomp all over us. - -The selabel APIs for looking up the context should be thread-safe (per -Red Hat #273081), so switching to using them instead of matchpathcon(), -which we used earlier, is some improvement. ---- - src/aclocal.m4 | 49 +++ - src/build-tools/krb5-config.in | 3 +- - src/config/pre.in | 3 +- - src/configure.in | 2 + - src/include/k5-int.h | 1 + - src/include/k5-label.h | 32 ++ - src/include/krb5/krb5.hin | 6 + - src/kadmin/dbutil/dump.c | 11 +- - src/kdc/main.c | 2 +- - src/kprop/kpropd.c | 9 + - src/lib/kadm5/logger.c | 4 +- - src/lib/kdb/kdb_log.c | 2 +- - src/lib/krb5/ccache/cc_dir.c | 26 +- - src/lib/krb5/keytab/kt_file.c | 4 +- - src/lib/krb5/os/trace.c | 2 +- - src/lib/krb5/rcache/rc_dfl.c | 13 + - src/plugins/kdb/db2/adb_openclose.c | 2 +- - src/plugins/kdb/db2/kdb_db2.c | 4 +- - src/plugins/kdb/db2/libdb2/btree/bt_open.c | 3 +- - src/plugins/kdb/db2/libdb2/hash/hash.c | 3 +- - src/plugins/kdb/db2/libdb2/recno/rec_open.c | 4 +- - .../kdb/ldap/ldap_util/kdb5_ldap_services.c | 11 +- - src/util/profile/prof_file.c | 3 +- - src/util/support/Makefile.in | 3 +- - src/util/support/selinux.c | 406 ++++++++++++++++++ - 25 files changed, 587 insertions(+), 21 deletions(-) - create mode 100644 src/include/k5-label.h - create mode 100644 src/util/support/selinux.c - -diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index 340546d80..a7afec09e 100644 ---- a/src/aclocal.m4 -+++ b/src/aclocal.m4 -@@ -89,6 +89,7 @@ AC_SUBST_FILE(libnodeps_frag) - dnl - KRB5_AC_PRAGMA_WEAK_REF - WITH_LDAP -+KRB5_WITH_SELINUX - KRB5_LIB_PARAMS - KRB5_AC_INITFINI - KRB5_AC_ENABLE_THREADS -@@ -1764,3 +1765,51 @@ AC_SUBST(PAM_LIBS) - AC_SUBST(PAM_MAN) - AC_SUBST(NON_PAM_MAN) - ])dnl -+dnl -+dnl Use libselinux to set file contexts on newly-created files. -+dnl -+AC_DEFUN(KRB5_WITH_SELINUX,[ -+AC_ARG_WITH(selinux,[AC_HELP_STRING(--with-selinux,[compile with SELinux labeling support])], -+ withselinux="$withval",withselinux=auto) -+old_LIBS="$LIBS" -+if test "$withselinux" != no ; then -+ AC_MSG_RESULT([checking for libselinux...]) -+ SELINUX_LIBS= -+ AC_CHECK_HEADERS(selinux/selinux.h selinux/label.h) -+ if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then -+ if test "$withselinux" = auto ; then -+ AC_MSG_RESULT([Unable to locate selinux/selinux.h.]) -+ withselinux=no -+ else -+ AC_MSG_ERROR([Unable to locate selinux/selinux.h.]) -+ fi -+ fi -+ -+ LIBS= -+ unset ac_cv_func_setfscreatecon -+ AC_CHECK_FUNCS(setfscreatecon selabel_open) -+ if test "x$ac_cv_func_setfscreatecon" = xno ; then -+ AC_CHECK_LIB(selinux,setfscreatecon) -+ unset ac_cv_func_setfscreatecon -+ AC_CHECK_FUNCS(setfscreatecon selabel_open) -+ if test "x$ac_cv_func_setfscreatecon" = xyes ; then -+ SELINUX_LIBS="$LIBS" -+ else -+ if test "$withselinux" = auto ; then -+ AC_MSG_RESULT([Unable to locate libselinux.]) -+ withselinux=no -+ else -+ AC_MSG_ERROR([Unable to locate libselinux.]) -+ fi -+ fi -+ fi -+ if test "$withselinux" != no ; then -+ AC_MSG_NOTICE([building with SELinux labeling support]) -+ AC_DEFINE(USE_SELINUX,1,[Define if Kerberos-aware tools should set SELinux file contexts when creating files.]) -+ SELINUX_LIBS="$LIBS" -+ EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_labeled_open krb5int_labeled_fopen krb5int_push_fscreatecon_for krb5int_pop_fscreatecon" -+ fi -+fi -+LIBS="$old_LIBS" -+AC_SUBST(SELINUX_LIBS) -+])dnl -diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in -index f6184da3f..c17cb5eb5 100755 ---- a/src/build-tools/krb5-config.in -+++ b/src/build-tools/krb5-config.in -@@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@' - DEFCCNAME='@DEFCCNAME@' - DEFKTNAME='@DEFKTNAME@' - DEFCKTNAME='@DEFCKTNAME@' -+SELINUX_LIBS='@SELINUX_LIBS@' - - LIBS='@LIBS@' - GEN_LIB=@GEN_LIB@ -@@ -255,7 +256,7 @@ if test -n "$do_libs"; then - fi - - # If we ever support a flag to generate output suitable for static -- # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB" -+ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB" - # here. - - echo $lib_flags -diff --git a/src/config/pre.in b/src/config/pre.in -index ce87e21ca..917357df9 100644 ---- a/src/config/pre.in -+++ b/src/config/pre.in -@@ -177,6 +177,7 @@ LD = $(PURE) @LD@ - KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include - LDFLAGS = @LDFLAGS@ - LIBS = @LIBS@ -+SELINUX_LIBS=@SELINUX_LIBS@ - - INSTALL=@INSTALL@ - INSTALL_STRIP= -@@ -402,7 +403,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME) - # HESIOD_LIBS is -lhesiod... - HESIOD_LIBS = @HESIOD_LIBS@ - --KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB) -+KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(SELINUX_LIBS) $(DL_LIB) - KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS) - GSS_LIBS = $(GSS_KRB5_LIB) - # needs fixing if ever used on macOS! -diff --git a/src/configure.in b/src/configure.in -index e9a12ac16..93aec682e 100644 ---- a/src/configure.in -+++ b/src/configure.in -@@ -1354,6 +1354,8 @@ AC_PATH_PROG(GROFF, groff) - - KRB5_WITH_PAM - -+KRB5_WITH_SELINUX -+ - # Make localedir work in autoconf 2.5x. - if test "${localedir+set}" != set; then - localedir='$(datadir)/locale' -diff --git a/src/include/k5-int.h b/src/include/k5-int.h -index 652242207..8f9329c59 100644 ---- a/src/include/k5-int.h -+++ b/src/include/k5-int.h -@@ -128,6 +128,7 @@ typedef unsigned char u_char; - - - #include "k5-platform.h" -+#include "k5-label.h" - - #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ - #define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */ -diff --git a/src/include/k5-label.h b/src/include/k5-label.h -new file mode 100644 -index 000000000..dfaaa847c ---- /dev/null -+++ b/src/include/k5-label.h -@@ -0,0 +1,32 @@ -+#ifndef _KRB5_LABEL_H -+#define _KRB5_LABEL_H -+ -+#ifdef THREEPARAMOPEN -+#undef THREEPARAMOPEN -+#endif -+#ifdef WRITABLEFOPEN -+#undef WRITABLEFOPEN -+#endif -+ -+/* Wrapper functions which help us create files and directories with the right -+ * context labels. */ -+#ifdef USE_SELINUX -+#include -+#include -+#include -+#include -+#include -+FILE *krb5int_labeled_fopen(const char *path, const char *mode); -+int krb5int_labeled_creat(const char *path, mode_t mode); -+int krb5int_labeled_open(const char *path, int flags, ...); -+int krb5int_labeled_mkdir(const char *path, mode_t mode); -+int krb5int_labeled_mknod(const char *path, mode_t mode, dev_t device); -+#define THREEPARAMOPEN(x,y,z) krb5int_labeled_open(x,y,z) -+#define WRITABLEFOPEN(x,y) krb5int_labeled_fopen(x,y) -+void *krb5int_push_fscreatecon_for(const char *pathname); -+void krb5int_pop_fscreatecon(void *previous); -+#else -+#define WRITABLEFOPEN(x,y) fopen(x,y) -+#define THREEPARAMOPEN(x,y,z) open(x,y,z) -+#endif -+#endif -diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin -index c40a6cca8..3ff86d7ff 100644 ---- a/src/include/krb5/krb5.hin -+++ b/src/include/krb5/krb5.hin -@@ -87,6 +87,12 @@ - #define THREEPARAMOPEN(x,y,z) open(x,y,z) - #endif - -+#if KRB5_PRIVATE -+#ifndef WRITABLEFOPEN -+#define WRITABLEFOPEN(x,y) fopen(x,y) -+#endif -+#endif -+ - #define KRB5_OLD_CRYPTO - - #include -diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c -index c9574c6e1..8301a33d0 100644 ---- a/src/kadmin/dbutil/dump.c -+++ b/src/kadmin/dbutil/dump.c -@@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname) - { - int fd = -1; - FILE *f; -+#ifdef USE_SELINUX -+ void *selabel; -+#endif - - *tmpname = NULL; - if (asprintf(tmpname, "%s-XXXXXX", ofile) < 0) - goto error; - -+#ifdef USE_SELINUX -+ selabel = krb5int_push_fscreatecon_for(ofile); -+#endif - fd = mkstemp(*tmpname); -+#ifdef USE_SELINUX -+ krb5int_pop_fscreatecon(selabel); -+#endif - if (fd == -1) - goto error; - -@@ -197,7 +206,7 @@ prep_ok_file(krb5_context context, char *file_name, int *fd_out) - goto cleanup; - } - -- fd = open(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600); -+ fd = THREEPARAMOPEN(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600); - if (fd == -1) { - com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok); - goto cleanup; -diff --git a/src/kdc/main.c b/src/kdc/main.c -index 408c723f5..663fd6303 100644 ---- a/src/kdc/main.c -+++ b/src/kdc/main.c -@@ -858,7 +858,7 @@ write_pid_file(const char *path) - FILE *file; - unsigned long pid; - -- file = fopen(path, "w"); -+ file = WRITABLEFOPEN(path, "w"); - if (file == NULL) - return errno; - pid = (unsigned long) getpid(); -diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c -index 68323dd0f..4cc035dc6 100644 ---- a/src/kprop/kpropd.c -+++ b/src/kprop/kpropd.c -@@ -488,6 +488,9 @@ doit(int fd) - krb5_enctype etype; - int database_fd; - char host[INET6_ADDRSTRLEN + 1]; -+#ifdef USE_SELINUX -+ void *selabel; -+#endif - - signal_wrapper(SIGALRM, alarm_handler); - alarm(params.iprop_resync_timeout); -@@ -543,9 +546,15 @@ doit(int fd) - free(name); - exit(1); - } -+#ifdef USE_SELINUX -+ selabel = krb5int_push_fscreatecon_for(file); -+#endif - omask = umask(077); - lock_fd = open(temp_file_name, O_RDWR | O_CREAT, 0600); - (void)umask(omask); -+#ifdef USE_SELINUX -+ krb5int_pop_fscreatecon(selabel); -+#endif - retval = krb5_lock_file(kpropd_context, lock_fd, - KRB5_LOCKMODE_EXCLUSIVE | KRB5_LOCKMODE_DONTBLOCK); - if (retval) { -diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c -index c6885edf2..9aec3c05e 100644 ---- a/src/lib/kadm5/logger.c -+++ b/src/lib/kadm5/logger.c -@@ -309,7 +309,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do - */ - append = (cp[4] == ':') ? O_APPEND : 0; - if (append || cp[4] == '=') { -- fd = open(&cp[5], O_CREAT | O_WRONLY | append, -+ fd = THREEPARAMOPEN(&cp[5], O_CREAT | O_WRONLY | append, - S_IRUSR | S_IWUSR | S_IRGRP); - if (fd != -1) - f = fdopen(fd, append ? "a" : "w"); -@@ -776,7 +776,7 @@ krb5_klog_reopen(krb5_context kcontext) - * In case the old logfile did not get moved out of the - * way, open for append to prevent squashing the old logs. - */ -- f = fopen(log_control.log_entries[lindex].lfu_fname, "a+"); -+ f = WRITABLEFOPEN(log_control.log_entries[lindex].lfu_fname, "a+"); - if (f) { - set_cloexec_file(f); - log_control.log_entries[lindex].lfu_filep = f; -diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c -index 2659a2501..e9b95fce5 100644 ---- a/src/lib/kdb/kdb_log.c -+++ b/src/lib/kdb/kdb_log.c -@@ -480,7 +480,7 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries) - return ENOMEM; - - if (stat(logname, &st) == -1) { -- log_ctx->ulogfd = open(logname, O_RDWR | O_CREAT, 0600); -+ log_ctx->ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600); - if (log_ctx->ulogfd == -1) { - retval = errno; - goto cleanup; -diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c -index bba64e516..73f0fe62d 100644 ---- a/src/lib/krb5/ccache/cc_dir.c -+++ b/src/lib/krb5/ccache/cc_dir.c -@@ -183,10 +183,19 @@ write_primary_file(const char *primary_path, const char *contents) - char *newpath = NULL; - FILE *fp = NULL; - int fd = -1, status; -+#ifdef USE_SELINUX -+ void *selabel; -+#endif - - if (asprintf(&newpath, "%s.XXXXXX", primary_path) < 0) - return ENOMEM; -+#ifdef USE_SELINUX -+ selabel = krb5int_push_fscreatecon_for(primary_path); -+#endif - fd = mkstemp(newpath); -+#ifdef USE_SELINUX -+ krb5int_pop_fscreatecon(selabel); -+#endif - if (fd < 0) - goto cleanup; - #ifdef HAVE_CHMOD -@@ -221,10 +230,23 @@ static krb5_error_code - verify_dir(krb5_context context, const char *dirname) - { - struct stat st; -+ int status; -+#ifdef USE_SELINUX -+ void *selabel; -+#endif - - if (stat(dirname, &st) < 0) { -- if (errno == ENOENT && mkdir(dirname, S_IRWXU) == 0) -- return 0; -+ if (errno == ENOENT) { -+#ifdef USE_SELINUX -+ selabel = krb5int_push_fscreatecon_for(dirname); -+#endif -+ status = mkdir(dirname, S_IRWXU); -+#ifdef USE_SELINUX -+ krb5int_pop_fscreatecon(selabel); -+#endif -+ if (status == 0) -+ return 0; -+ } - k5_setmsg(context, KRB5_FCC_NOFILE, - _("Credential cache directory %s does not exist"), - dirname); -diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c -index 89cb68680..21c80d419 100644 ---- a/src/lib/krb5/keytab/kt_file.c -+++ b/src/lib/krb5/keytab/kt_file.c -@@ -1024,14 +1024,14 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) - - KTCHECKLOCK(id); - errno = 0; -- KTFILEP(id) = fopen(KTFILENAME(id), -+ KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id), - (mode == KRB5_LOCKMODE_EXCLUSIVE) ? "rb+" : "rb"); - if (!KTFILEP(id)) { - if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) { - /* try making it first time around */ - k5_create_secure_file(context, KTFILENAME(id)); - errno = 0; -- KTFILEP(id) = fopen(KTFILENAME(id), "rb+"); -+ KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id), "rb+"); - if (!KTFILEP(id)) - goto report_errno; - writevno = 1; -diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c -index 4fff8f38c..40a9e7b10 100644 ---- a/src/lib/krb5/os/trace.c -+++ b/src/lib/krb5/os/trace.c -@@ -458,7 +458,7 @@ krb5_set_trace_filename(krb5_context context, const char *filename) - fd = malloc(sizeof(*fd)); - if (fd == NULL) - return ENOMEM; -- *fd = open(filename, O_WRONLY|O_CREAT|O_APPEND, 0600); -+ *fd = THREEPARAMOPEN(filename, O_WRONLY|O_CREAT|O_APPEND, 0600); - if (*fd == -1) { - free(fd); - return errno; -diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c -index 1e0cb22c9..f5e93b1ab 100644 ---- a/src/lib/krb5/rcache/rc_dfl.c -+++ b/src/lib/krb5/rcache/rc_dfl.c -@@ -793,6 +793,9 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id) - krb5_error_code retval = 0; - krb5_rcache tmp; - krb5_deltat lifespan = t->lifespan; /* save original lifespan */ -+#ifdef USE_SELINUX -+ void *selabel; -+#endif - - if (! t->recovering) { - name = t->name; -@@ -814,7 +817,17 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id) - retval = krb5_rc_resolve(context, tmp, 0); - if (retval) - goto cleanup; -+#ifdef USE_SELINUX -+ if (t->d.fn != NULL) -+ selabel = krb5int_push_fscreatecon_for(t->d.fn); -+ else -+ selabel = NULL; -+#endif - retval = krb5_rc_initialize(context, tmp, lifespan); -+#ifdef USE_SELINUX -+ if (selabel != NULL) -+ krb5int_pop_fscreatecon(selabel); -+#endif - if (retval) - goto cleanup; - for (q = t->a; q; q = q->na) { -diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c -index 7db30a33b..2b9d01921 100644 ---- a/src/plugins/kdb/db2/adb_openclose.c -+++ b/src/plugins/kdb/db2/adb_openclose.c -@@ -152,7 +152,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename, - * needs be open read/write so that write locking can work with - * POSIX systems - */ -- if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) { -+ if ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "r+")) == NULL) { - /* - * maybe someone took away write permission so we could only - * get shared locks? -diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c -index 5106a5c99..e481e8121 100644 ---- a/src/plugins/kdb/db2/kdb_db2.c -+++ b/src/plugins/kdb/db2/kdb_db2.c -@@ -694,8 +694,8 @@ ctx_create_db(krb5_context context, krb5_db2_context *dbc) - if (retval) - return retval; - -- dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC, -- 0600); -+ dbc->db_lf_file = THREEPARAMOPEN(dbc->db_lf_name, -+ O_CREAT | O_RDWR | O_TRUNC, 0600); - if (dbc->db_lf_file < 0) { - retval = errno; - goto cleanup; -diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c -index 2977b17f3..d5809a5a9 100644 ---- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c -+++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c -@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.11 (Berkeley) 11/2/95"; - #include - #include - -+#include "k5-int.h" - #include "db-int.h" - #include "btree.h" - -@@ -203,7 +204,7 @@ __bt_open(fname, flags, mode, openinfo, dflags) - goto einval; - } - -- if ((t->bt_fd = open(fname, flags | O_BINARY, mode)) < 0) -+ if ((t->bt_fd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0) - goto err; - - } else { -diff --git a/src/plugins/kdb/db2/libdb2/hash/hash.c b/src/plugins/kdb/db2/libdb2/hash/hash.c -index 862dbb164..686a960c9 100644 ---- a/src/plugins/kdb/db2/libdb2/hash/hash.c -+++ b/src/plugins/kdb/db2/libdb2/hash/hash.c -@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12 (Berkeley) 11/7/95"; - #include - #endif - -+#include "k5-int.h" - #include "db-int.h" - #include "hash.h" - #include "page.h" -@@ -129,7 +130,7 @@ __kdb2_hash_open(file, flags, mode, info, dflags) - new_table = 1; - } - if (file) { -- if ((hashp->fp = open(file, flags|O_BINARY, mode)) == -1) -+ if ((hashp->fp = THREEPARAMOPEN(file, flags|O_BINARY, mode)) == -1) - RETURN_ERROR(errno, error0); - (void)fcntl(hashp->fp, F_SETFD, 1); - } -diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_open.c b/src/plugins/kdb/db2/libdb2/recno/rec_open.c -index d8b26e701..b0daa7c02 100644 ---- a/src/plugins/kdb/db2/libdb2/recno/rec_open.c -+++ b/src/plugins/kdb/db2/libdb2/recno/rec_open.c -@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8.12 (Berkeley) 11/18/94"; - #include - #include - -+#include "k5-int.h" - #include "db-int.h" - #include "recno.h" - -@@ -68,7 +69,8 @@ __rec_open(fname, flags, mode, openinfo, dflags) - int rfd = -1, sverrno; - - /* Open the user's file -- if this fails, we're done. */ -- if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0) -+ if (fname != NULL && -+ (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0) - return (NULL); - - if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) { -diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c -index 1ed72afe9..ce038fc3d 100644 ---- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c -+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c -@@ -194,7 +194,7 @@ kdb5_ldap_stash_service_password(int argc, char **argv) - - /* set password in the file */ - old_mode = umask(0177); -- pfile = fopen(file_name, "a+"); -+ pfile = WRITABLEFOPEN(file_name, "a+"); - if (pfile == NULL) { - com_err(me, errno, _("Failed to open file %s: %s"), file_name, - strerror (errno)); -@@ -235,6 +235,9 @@ kdb5_ldap_stash_service_password(int argc, char **argv) - * Delete the existing entry and add the new entry - */ - FILE *newfile; -+#ifdef USE_SELINUX -+ void *selabel; -+#endif - - mode_t omask; - -@@ -246,7 +249,13 @@ kdb5_ldap_stash_service_password(int argc, char **argv) - } - - omask = umask(077); -+#ifdef USE_SELINUX -+ selabel = krb5int_push_fscreatecon_for(file_name); -+#endif - newfile = fopen(tmp_file, "w"); -+#ifdef USE_SELINUX -+ krb5int_pop_fscreatecon(selabel); -+#endif - umask (omask); - if (newfile == NULL) { - com_err(me, errno, _("Error creating file %s"), tmp_file); -diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c -index 24e41fb80..0dcb6b543 100644 ---- a/src/util/profile/prof_file.c -+++ b/src/util/profile/prof_file.c -@@ -33,6 +33,7 @@ - #endif - - #include "k5-platform.h" -+#include "k5-label.h" - - struct global_shared_profile_data { - /* This is the head of the global list of shared trees */ -@@ -391,7 +392,7 @@ static errcode_t write_data_to_file(prf_data_t data, const char *outfile, - - errno = 0; - -- f = fopen(new_file, "w"); -+ f = WRITABLEFOPEN(new_file, "w"); - if (!f) { - retval = errno; - if (retval == 0) -diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in -index db7b030b8..321672bcb 100644 ---- a/src/util/support/Makefile.in -+++ b/src/util/support/Makefile.in -@@ -69,6 +69,7 @@ IPC_SYMS= \ - - STLIBOBJS= \ - threads.o \ -+ selinux.o \ - init-addrinfo.o \ - plugins.o \ - errors.o \ -@@ -160,7 +161,7 @@ SRCS=\ - - SHLIB_EXPDEPS = - # Add -lm if dumping thread stats, for sqrt. --SHLIB_EXPLIBS= $(LIBS) $(DL_LIB) -+SHLIB_EXPLIBS= $(LIBS) $(SELINUX_LIBS) $(DL_LIB) - - DEPLIBS= - -diff --git a/src/util/support/selinux.c b/src/util/support/selinux.c -new file mode 100644 -index 000000000..6d41f3244 ---- /dev/null -+++ b/src/util/support/selinux.c -@@ -0,0 +1,406 @@ -+/* -+ * Copyright 2007,2008,2009,2011,2012,2013,2016 Red Hat, Inc. All Rights Reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions are met: -+ * -+ * Redistributions of source code must retain the above copyright notice, this -+ * list of conditions and the following disclaimer. -+ * -+ * Redistributions in binary form must reproduce the above copyright notice, -+ * this list of conditions and the following disclaimer in the documentation -+ * and/or other materials provided with the distribution. -+ * -+ * Neither the name of Red Hat, Inc. nor the names of its contributors may be -+ * used to endorse or promote products derived from this software without -+ * specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -+ * POSSIBILITY OF SUCH DAMAGE. -+ * -+ * File-opening wrappers for creating correctly-labeled files. So far, we can -+ * assume that this is Linux-specific, so we make many simplifying assumptions. -+ */ -+ -+#include "../../include/autoconf.h" -+ -+#ifdef USE_SELINUX -+ -+#include -+#include -+ -+#include -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+ -+/* #define DEBUG 1 */ -+static void -+debug_log(const char *fmt, ...) -+{ -+#ifdef DEBUG -+ va_list ap; -+ va_start(ap, fmt); -+ if (isatty(fileno(stderr))) { -+ vfprintf(stderr, fmt, ap); -+ } -+ va_end(ap); -+#endif -+ -+ return; -+} -+ -+/* Mutex used to serialize use of the process-global file creation context. */ -+k5_mutex_t labeled_mutex = K5_MUTEX_PARTIAL_INITIALIZER; -+ -+/* Make sure we finish initializing that mutex before attempting to use it. */ -+k5_once_t labeled_once = K5_ONCE_INIT; -+static void -+label_mutex_init(void) -+{ -+ k5_mutex_finish_init(&labeled_mutex); -+} -+ -+static struct selabel_handle *selabel_ctx; -+static time_t selabel_last_changed; -+ -+MAKE_FINI_FUNCTION(cleanup_fscreatecon); -+ -+static void -+cleanup_fscreatecon(void) -+{ -+ if (selabel_ctx != NULL) { -+ selabel_close(selabel_ctx); -+ selabel_ctx = NULL; -+ } -+} -+ -+static security_context_t -+push_fscreatecon(const char *pathname, mode_t mode) -+{ -+ security_context_t previous, configuredsc, currentsc, derivedsc; -+ context_t current, derived; -+ const char *fullpath, *currentuser; -+ char *genpath; -+ -+ previous = configuredsc = currentsc = derivedsc = NULL; -+ current = derived = NULL; -+ genpath = NULL; -+ -+ fullpath = pathname; -+ -+ if (!is_selinux_enabled()) { -+ goto fail; -+ } -+ -+ if (getfscreatecon(&previous) != 0) { -+ goto fail; -+ } -+ -+ /* Canonicalize pathname */ -+ if (pathname[0] != '/') { -+ char *wd; -+ size_t len; -+ len = 0; -+ -+ wd = getcwd(NULL, len); -+ if (wd == NULL) { -+ goto fail; -+ } -+ -+ len = strlen(wd) + 1 + strlen(pathname) + 1; -+ genpath = malloc(len); -+ if (genpath == NULL) { -+ free(wd); -+ goto fail; -+ } -+ -+ sprintf(genpath, "%s/%s", wd, pathname); -+ free(wd); -+ fullpath = genpath; -+ } -+ -+ debug_log("Looking up context for \"%s\"(%05o).\n", fullpath, mode); -+ -+ /* Check whether context file has changed under us */ -+ if (selabel_ctx != NULL || selabel_last_changed == 0) { -+ const char *cpath; -+ struct stat st; -+ int i = -1; -+ -+ cpath = selinux_file_context_path(); -+ if (cpath == NULL || (i = stat(cpath, &st)) != 0 || -+ st.st_mtime != selabel_last_changed) { -+ cleanup_fscreatecon(); -+ -+ selabel_last_changed = i ? time(NULL) : st.st_mtime; -+ } -+ } -+ -+ if (selabel_ctx == NULL) { -+ selabel_ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0); -+ } -+ -+ if (selabel_ctx != NULL && -+ selabel_lookup(selabel_ctx, &configuredsc, fullpath, mode) != 0) { -+ goto fail; -+ } -+ -+ if (genpath != NULL) { -+ free(genpath); -+ genpath = NULL; -+ } -+ -+ if (configuredsc == NULL) { -+ goto fail; -+ } -+ -+ getcon(¤tsc); -+ -+ /* AAAAAAAA */ -+ if (currentsc != NULL) { -+ derived = context_new(configuredsc); -+ -+ if (derived != NULL) { -+ current = context_new(currentsc); -+ -+ if (current != NULL) { -+ currentuser = context_user_get(current); -+ -+ if (currentuser != NULL) { -+ if (context_user_set(derived, -+ currentuser) == 0) { -+ derivedsc = context_str(derived); -+ -+ if (derivedsc != NULL) { -+ freecon(configuredsc); -+ configuredsc = strdup(derivedsc); -+ } -+ } -+ } -+ -+ context_free(current); -+ } -+ -+ context_free(derived); -+ } -+ -+ freecon(currentsc); -+ } -+ -+ debug_log("Setting file creation context to \"%s\".\n", configuredsc); -+ if (setfscreatecon(configuredsc) != 0) { -+ debug_log("Unable to determine current context.\n"); -+ goto fail; -+ } -+ -+ freecon(configuredsc); -+ return previous; -+ -+fail: -+ if (previous != NULL) { -+ freecon(previous); -+ } -+ if (genpath != NULL) { -+ free(genpath); -+ } -+ if (configuredsc != NULL) { -+ freecon(configuredsc); -+ } -+ -+ cleanup_fscreatecon(); -+ return NULL; -+} -+ -+static void -+pop_fscreatecon(security_context_t previous) -+{ -+ if (!is_selinux_enabled()) { -+ return; -+ } -+ -+ if (previous != NULL) { -+ debug_log("Resetting file creation context to \"%s\".\n", previous); -+ } else { -+ debug_log("Resetting file creation context to default.\n"); -+ } -+ -+ /* NULL resets to default */ -+ setfscreatecon(previous); -+ -+ if (previous != NULL) { -+ freecon(previous); -+ } -+ -+ /* Need to clean this up here otherwise it leaks */ -+ cleanup_fscreatecon(); -+} -+ -+void * -+krb5int_push_fscreatecon_for(const char *pathname) -+{ -+ struct stat st; -+ void *retval; -+ -+ k5_once(&labeled_once, label_mutex_init); -+ k5_mutex_lock(&labeled_mutex); -+ -+ if (stat(pathname, &st) != 0) { -+ st.st_mode = S_IRUSR | S_IWUSR; -+ } -+ -+ retval = push_fscreatecon(pathname, st.st_mode); -+ return retval ? retval : (void *) -1; -+} -+ -+void -+krb5int_pop_fscreatecon(void *con) -+{ -+ if (con != NULL) { -+ pop_fscreatecon((con == (void *) -1) ? NULL : con); -+ k5_mutex_unlock(&labeled_mutex); -+ } -+} -+ -+FILE * -+krb5int_labeled_fopen(const char *path, const char *mode) -+{ -+ FILE *fp; -+ int errno_save; -+ security_context_t ctx; -+ -+ if ((strcmp(mode, "r") == 0) || -+ (strcmp(mode, "rb") == 0)) { -+ return fopen(path, mode); -+ } -+ -+ k5_once(&labeled_once, label_mutex_init); -+ k5_mutex_lock(&labeled_mutex); -+ ctx = push_fscreatecon(path, 0); -+ -+ fp = fopen(path, mode); -+ errno_save = errno; -+ -+ pop_fscreatecon(ctx); -+ k5_mutex_unlock(&labeled_mutex); -+ -+ errno = errno_save; -+ return fp; -+} -+ -+int -+krb5int_labeled_creat(const char *path, mode_t mode) -+{ -+ int fd; -+ int errno_save; -+ security_context_t ctx; -+ -+ k5_once(&labeled_once, label_mutex_init); -+ k5_mutex_lock(&labeled_mutex); -+ ctx = push_fscreatecon(path, 0); -+ -+ fd = creat(path, mode); -+ errno_save = errno; -+ -+ pop_fscreatecon(ctx); -+ k5_mutex_unlock(&labeled_mutex); -+ -+ errno = errno_save; -+ return fd; -+} -+ -+int -+krb5int_labeled_mknod(const char *path, mode_t mode, dev_t dev) -+{ -+ int ret; -+ int errno_save; -+ security_context_t ctx; -+ -+ k5_once(&labeled_once, label_mutex_init); -+ k5_mutex_lock(&labeled_mutex); -+ ctx = push_fscreatecon(path, mode); -+ -+ ret = mknod(path, mode, dev); -+ errno_save = errno; -+ -+ pop_fscreatecon(ctx); -+ k5_mutex_unlock(&labeled_mutex); -+ -+ errno = errno_save; -+ return ret; -+} -+ -+int -+krb5int_labeled_mkdir(const char *path, mode_t mode) -+{ -+ int ret; -+ int errno_save; -+ security_context_t ctx; -+ -+ k5_once(&labeled_once, label_mutex_init); -+ k5_mutex_lock(&labeled_mutex); -+ ctx = push_fscreatecon(path, S_IFDIR); -+ -+ ret = mkdir(path, mode); -+ errno_save = errno; -+ -+ pop_fscreatecon(ctx); -+ k5_mutex_unlock(&labeled_mutex); -+ -+ errno = errno_save; -+ return ret; -+} -+ -+int -+krb5int_labeled_open(const char *path, int flags, ...) -+{ -+ int fd; -+ int errno_save; -+ security_context_t ctx; -+ mode_t mode; -+ va_list ap; -+ -+ if ((flags & O_CREAT) == 0) { -+ return open(path, flags); -+ } -+ -+ k5_once(&labeled_once, label_mutex_init); -+ k5_mutex_lock(&labeled_mutex); -+ ctx = push_fscreatecon(path, 0); -+ -+ va_start(ap, flags); -+ mode = va_arg(ap, mode_t); -+ fd = open(path, flags, mode); -+ va_end(ap); -+ -+ errno_save = errno; -+ -+ pop_fscreatecon(ctx); -+ k5_mutex_unlock(&labeled_mutex); -+ -+ errno = errno_save; -+ return fd; -+} -+ -+#endif /* USE_SELINUX */ diff --git a/SOURCES/krb5-1.17.tar.gz.asc b/SOURCES/krb5-1.17.tar.gz.asc deleted file mode 100644 index 90f7148..0000000 --- a/SOURCES/krb5-1.17.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJcNMxOAAoJEAy6CFdfg3LfjAwP/2/oQe+4Bs/XwZTwNfakTbBl -YHSY8MNAHIKsLh6Bn+SJBQQXSE0fEsm0hYH+JWz85+mzlZk7TbNZUI+zeikhLxi6 -+d8MMQBpk2mQN0dkIeWjTdfkcThGCDSL7l0fh3MuEfN5C7QPAPD1JL1ZeqXPH5AV -PSQRC9s2wiOTwwuHM2i27rZ7gdhL/xfJ3ZPUFJH4klRgszwp9j10I/nh4/XyS/wB -82umjfusFPa9VNSPzm1jm94oRmALkR3CHGvmku2XD3YOv/f5yO8C1cHWNNLxg+5h -EqVv05ddb6iLku4fRhkEjfN3VgCtEvXuMkuAXppkDJJ7wWxMBWgCIr1DS/x7LfbL -CI0ZTejn8HCUBNmRWsKkUuebgHJ7ccch8p/Fp0cV4eT1FL35N2oV51u7+/zK6R8y -1dygUF2VWFOqwm8cyczdFue7dFQVDGCw7R2eK5lXY3NpZVmJblQ/gNLMcbOxGBis -H2dOzSn+CnxlD/2LqOZnhQ1WnGBhOMxoINwX/MQsIvkwAFaM1EsdhPIP/6mSVA/g -p04+YQ2u2ag7Pq3zHsMIonC18w4ZqDPcvXvOXqCHtlQBDAMtb927XvjoTNj5W8Ei -jywxqdWuuqalmrKGPEsKVOJZN6xg7UTgaKzcvQTvW7D3gLbrTT2iM++VKB3vh9V9 -SkULnR3c7fKMzFeLb/Q2 -=4hZX ------END PGP SIGNATURE----- diff --git a/SOURCES/krb5-1.17post2-DES-3DES-fixups.patch b/SOURCES/krb5-1.17post2-DES-3DES-fixups.patch deleted file mode 100644 index 0fcb76c..0000000 --- a/SOURCES/krb5-1.17post2-DES-3DES-fixups.patch +++ /dev/null @@ -1,103 +0,0 @@ -From fe66536c1b7aec67233739df97cbe0301ee6475e Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 19 Nov 2019 15:03:19 -0500 -Subject: [PATCH] krb5-1.17post2 DES/3DES fixups - -Kept separate from the other patch because rawhide doesn't have DES. - -post2 adds krb5kdf workarounds. ---- - src/lib/crypto/krb/derive.c | 6 +++++- - src/lib/crypto/openssl/enc_provider/des.c | 9 +++++++++ - src/lib/crypto/openssl/enc_provider/des3.c | 6 ++++++ - 3 files changed, 20 insertions(+), 1 deletion(-) - -diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c -index 915a173dd..ebdab69bc 100644 ---- a/src/lib/crypto/krb/derive.c -+++ b/src/lib/crypto/krb/derive.c -@@ -348,6 +348,7 @@ cleanup: - zapfree(prf.data, blocksize); - return ret; - } -+#endif /* OSSL_KDFS */ - - static krb5_error_code - builtin_derive_random_rfc3961(const struct krb5_enc_provider *enc, -@@ -400,7 +401,6 @@ cleanup: - zapfree(block.data, blocksize); - return ret; - } --#endif /* OSSL_KDFS */ - - krb5_error_code - k5_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, -@@ -432,6 +432,10 @@ k5_derive_random_rfc3961(const struct krb5_enc_provider *enc, - krb5_key inkey, krb5_data *outrnd, - const krb5_data *in_constant) - { -+ /* DES (single and triple). They'll be gone very soon. */ -+ if (enc->keylength == 8 || enc->keylength == 24) -+ return builtin_derive_random_rfc3961(enc, inkey, outrnd, in_constant); -+ - #ifdef OSSL_KDFS - return openssl_krb5kdf(enc, inkey, outrnd, in_constant); - #else -diff --git a/src/lib/crypto/openssl/enc_provider/des.c b/src/lib/crypto/openssl/enc_provider/des.c -index a662db512..7d17d287e 100644 ---- a/src/lib/crypto/openssl/enc_provider/des.c -+++ b/src/lib/crypto/openssl/enc_provider/des.c -@@ -85,6 +85,9 @@ k5_des_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx; - krb5_boolean empty; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0 || empty) - return ret; -@@ -133,6 +136,9 @@ k5_des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx; - krb5_boolean empty; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0 || empty) - return ret; -@@ -182,6 +188,9 @@ k5_des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data, - DES_key_schedule sched; - krb5_boolean empty; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0) - return ret; -diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c -index 1c439c2cd..8be555a8d 100644 ---- a/src/lib/crypto/openssl/enc_provider/des3.c -+++ b/src/lib/crypto/openssl/enc_provider/des3.c -@@ -84,6 +84,9 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx; - krb5_boolean empty; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0 || empty) - return ret; -@@ -133,6 +136,9 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx; - krb5_boolean empty; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0 || empty) - return ret; diff --git a/SOURCES/krb5-1.17post6-FIPS-with-PRNG-and-RADIUS-and-MD4.patch b/SOURCES/krb5-1.17post6-FIPS-with-PRNG-and-RADIUS-and-MD4.patch deleted file mode 100644 index 308137f..0000000 --- a/SOURCES/krb5-1.17post6-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +++ /dev/null @@ -1,568 +0,0 @@ -From 2a4e2418875b41c3273db5f6b4e9e1b01c1fb5ff Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Fri, 9 Nov 2018 15:12:21 -0500 -Subject: [PATCH] krb5-1.17post6 FIPS with PRNG and RADIUS and MD4 - -NB: Use openssl's PRNG in FIPS mode and taint within krad. - -A lot of the FIPS error conditions from OpenSSL are incredibly -mysterious (at best, things return NULL unexpectedly; at worst, -internal assertions are tripped; most of the time, you just get -ENOMEM). In order to cope with this, we need to have some level of -awareness of what we can and can't safely call. - -This will slow down some calls slightly (FIPS_mode() takes multiple -locks), but not for any ciphers we care about - which is to say that -AES is fine. Shame about SPAKE though. - -post6 restores MD4 (and therefore keygen-only RC4). - -(cherry picked from commit 80b56b04d90fcacd9f78fed305c7d5528d863b38) ---- - src/lib/crypto/krb/prng.c | 11 ++++- - .../crypto/openssl/enc_provider/camellia.c | 6 +++ - src/lib/crypto/openssl/enc_provider/rc4.c | 13 +++++- - .../crypto/openssl/hash_provider/hash_evp.c | 12 +++++ - src/lib/crypto/openssl/hmac.c | 6 ++- - src/lib/krad/attr.c | 45 ++++++++++++++----- - src/lib/krad/attrset.c | 5 ++- - src/lib/krad/internal.h | 13 +++++- - src/lib/krad/packet.c | 22 ++++----- - src/lib/krad/remote.c | 10 ++++- - src/lib/krad/t_attr.c | 3 +- - src/lib/krad/t_attrset.c | 4 +- - src/plugins/preauth/spake/spake_client.c | 6 +++ - src/plugins/preauth/spake/spake_kdc.c | 6 +++ - 14 files changed, 129 insertions(+), 33 deletions(-) - -diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c -index cb9ca9b98..f0e9984ca 100644 ---- a/src/lib/crypto/krb/prng.c -+++ b/src/lib/crypto/krb/prng.c -@@ -26,6 +26,8 @@ - - #include "crypto_int.h" - -+#include -+ - krb5_error_code KRB5_CALLCONV - krb5_c_random_seed(krb5_context context, krb5_data *data) - { -@@ -99,9 +101,16 @@ krb5_boolean - k5_get_os_entropy(unsigned char *buf, size_t len, int strong) - { - const char *device; --#if defined(__linux__) && defined(SYS_getrandom) - int r; - -+ /* A wild FIPS mode appeared! */ -+ if (FIPS_mode()) { -+ /* The return codes on this API are not good */ -+ r = RAND_bytes(buf, len); -+ return r == 1; -+ } -+ -+#if defined(__linux__) && defined(SYS_getrandom) - while (len > 0) { - /* - * Pull from the /dev/urandom pool, but require it to have been seeded. -diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c -index 2da691329..f79679a0b 100644 ---- a/src/lib/crypto/openssl/enc_provider/camellia.c -+++ b/src/lib/crypto/openssl/enc_provider/camellia.c -@@ -304,6 +304,9 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, - unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE]; - struct iov_cursor cursor; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - if (output->length < CAMELLIA_BLOCK_SIZE) - return KRB5_BAD_MSIZE; - -@@ -331,6 +334,9 @@ static krb5_error_code - krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage, - krb5_data *state) - { -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - state->length = 16; - state->data = (void *) malloc(16); - if (state->data == NULL) -diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c -index a65d57b7a..6ccaca94a 100644 ---- a/src/lib/crypto/openssl/enc_provider/rc4.c -+++ b/src/lib/crypto/openssl/enc_provider/rc4.c -@@ -66,6 +66,9 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, - EVP_CIPHER_CTX *ctx = NULL; - struct arcfour_state *arcstate; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - arcstate = (state != NULL) ? (void *)state->data : NULL; - if (arcstate != NULL) { - ctx = arcstate->ctx; -@@ -113,7 +116,12 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, - static void - k5_arcfour_free_state(krb5_data *state) - { -- struct arcfour_state *arcstate = (void *)state->data; -+ struct arcfour_state *arcstate; -+ -+ if (FIPS_mode()) -+ return; -+ -+ arcstate = (void *) state->data; - - EVP_CIPHER_CTX_free(arcstate->ctx); - free(arcstate); -@@ -125,6 +133,9 @@ k5_arcfour_init_state(const krb5_keyblock *key, - { - struct arcfour_state *arcstate; - -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - /* - * The cipher state here is a saved pointer to a struct arcfour_state - * object, rather than a flat byte array as in most enc providers. The -diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c -index 957ed8d9c..915da9dbe 100644 ---- a/src/lib/crypto/openssl/hash_provider/hash_evp.c -+++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c -@@ -49,6 +49,11 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, - if (ctx == NULL) - return ENOMEM; - -+ if (type == EVP_md4()) { -+ /* See comment below in hash_md4(). */ -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -+ } -+ - ok = EVP_DigestInit_ex(ctx, type, NULL); - for (i = 0; i < num_data; i++) { - if (!SIGN_IOV(&data[i])) -@@ -64,12 +69,19 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, - static krb5_error_code - hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) - { -+ /* -+ * MD4 is needed in FIPS mode to perform key generation for RC4 keys used -+ * by IPA. These keys are only used along a (separately) secured channel -+ * for legacy reasons when performing trusts to Active Directory. -+ */ - return hash_evp(EVP_md4(), data, num_data, output); - } - - static krb5_error_code - hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) - { -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; - return hash_evp(EVP_md5(), data, num_data, output); - } - -diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c -index b2db6ec02..d94d9ac94 100644 ---- a/src/lib/crypto/openssl/hmac.c -+++ b/src/lib/crypto/openssl/hmac.c -@@ -103,7 +103,11 @@ map_digest(const struct krb5_hash_provider *hash) - return EVP_sha256(); - else if (!strncmp(hash->hash_name, "SHA-384",7)) - return EVP_sha384(); -- else if (!strncmp(hash->hash_name, "MD5", 3)) -+ -+ if (FIPS_mode()) -+ return NULL; -+ -+ if (!strncmp(hash->hash_name, "MD5", 3)) - return EVP_md5(); - else if (!strncmp(hash->hash_name, "MD4", 3)) - return EVP_md4(); -diff --git a/src/lib/krad/attr.c b/src/lib/krad/attr.c -index 9c13d9d75..275327e67 100644 ---- a/src/lib/krad/attr.c -+++ b/src/lib/krad/attr.c -@@ -30,6 +30,7 @@ - #include - #include "internal.h" - -+#include - #include - - /* RFC 2865 */ -@@ -38,7 +39,8 @@ - typedef krb5_error_code - (*attribute_transform_fn)(krb5_context ctx, const char *secret, - const unsigned char *auth, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *is_fips); - - typedef struct { - const char *name; -@@ -51,12 +53,14 @@ typedef struct { - static krb5_error_code - user_password_encode(krb5_context ctx, const char *secret, - const unsigned char *auth, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *is_fips); - - static krb5_error_code - user_password_decode(krb5_context ctx, const char *secret, - const unsigned char *auth, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *ignored); - - static const attribute_record attributes[UCHAR_MAX] = { - {"User-Name", 1, MAX_ATTRSIZE, NULL, NULL}, -@@ -128,7 +132,8 @@ static const attribute_record attributes[UCHAR_MAX] = { - static krb5_error_code - user_password_encode(krb5_context ctx, const char *secret, - const unsigned char *auth, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *is_fips) - { - const unsigned char *indx; - krb5_error_code retval; -@@ -154,8 +159,14 @@ user_password_encode(krb5_context ctx, const char *secret, - for (blck = 0, indx = auth; blck * BLOCKSIZE < len; blck++) { - memcpy(tmp.data + seclen, indx, BLOCKSIZE); - -- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp, -- &sum); -+ if (FIPS_mode()) { -+ /* Skip encryption here. Taint so that we won't pass it out of -+ * the machine by accident. */ -+ *is_fips = TRUE; -+ sum.contents = calloc(1, BLOCKSIZE); -+ } else -+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp, -+ &sum); - if (retval != 0) { - zap(tmp.data, tmp.length); - zap(outbuf, len); -@@ -180,7 +191,8 @@ user_password_encode(krb5_context ctx, const char *secret, - static krb5_error_code - user_password_decode(krb5_context ctx, const char *secret, - const unsigned char *auth, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *is_fips) - { - const unsigned char *indx; - krb5_error_code retval; -@@ -204,8 +216,14 @@ user_password_decode(krb5_context ctx, const char *secret, - for (blck = 0, indx = auth; blck * BLOCKSIZE < in->length; blck++) { - memcpy(tmp.data + seclen, indx, BLOCKSIZE); - -- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, -- &tmp, &sum); -+ if (FIPS_mode()) { -+ /* Skip encryption here. Taint so that we won't pass it out of -+ * the machine by accident. */ -+ *is_fips = TRUE; -+ sum.contents = calloc(1, BLOCKSIZE); -+ } else -+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, -+ &tmp, &sum); - if (retval != 0) { - zap(tmp.data, tmp.length); - zap(outbuf, in->length); -@@ -248,7 +266,7 @@ krb5_error_code - kr_attr_encode(krb5_context ctx, const char *secret, - const unsigned char *auth, krad_attr type, - const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE], -- size_t *outlen) -+ size_t *outlen, krb5_boolean *is_fips) - { - krb5_error_code retval; - -@@ -265,7 +283,8 @@ kr_attr_encode(krb5_context ctx, const char *secret, - return 0; - } - -- return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen); -+ return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen, -+ is_fips); - } - - krb5_error_code -@@ -274,6 +293,7 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, - unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) - { - krb5_error_code retval; -+ krb5_boolean ignored; - - retval = kr_attr_valid(type, in); - if (retval != 0) -@@ -288,7 +308,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, - return 0; - } - -- return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen); -+ return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen, -+ &ignored); - } - - krad_attr -diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c -index 03c613716..d89982a13 100644 ---- a/src/lib/krad/attrset.c -+++ b/src/lib/krad/attrset.c -@@ -167,7 +167,8 @@ krad_attrset_copy(const krad_attrset *set, krad_attrset **copy) - krb5_error_code - kr_attrset_encode(const krad_attrset *set, const char *secret, - const unsigned char *auth, -- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen) -+ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, -+ krb5_boolean *is_fips) - { - unsigned char buffer[MAX_ATTRSIZE]; - krb5_error_code retval; -@@ -181,7 +182,7 @@ kr_attrset_encode(const krad_attrset *set, const char *secret, - - K5_TAILQ_FOREACH(a, &set->list, list) { - retval = kr_attr_encode(set->ctx, secret, auth, a->type, &a->attr, -- buffer, &attrlen); -+ buffer, &attrlen, is_fips); - if (retval != 0) - return retval; - -diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h -index 996a89372..a53ce31ce 100644 ---- a/src/lib/krad/internal.h -+++ b/src/lib/krad/internal.h -@@ -49,6 +49,13 @@ - - typedef struct krad_remote_st krad_remote; - -+struct krad_packet_st { -+ char buffer[KRAD_PACKET_SIZE_MAX]; -+ krad_attrset *attrset; -+ krb5_data pkt; -+ krb5_boolean is_fips; -+}; -+ - /* Validate constraints of an attribute. */ - krb5_error_code - kr_attr_valid(krad_attr type, const krb5_data *data); -@@ -57,7 +64,8 @@ kr_attr_valid(krad_attr type, const krb5_data *data); - krb5_error_code - kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth, - krad_attr type, const krb5_data *in, -- unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); -+ unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, -+ krb5_boolean *is_fips); - - /* Decode an attribute. */ - krb5_error_code -@@ -69,7 +77,8 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, - krb5_error_code - kr_attrset_encode(const krad_attrset *set, const char *secret, - const unsigned char *auth, -- unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen); -+ unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, -+ krb5_boolean *is_fips); - - /* Decode attributes from a buffer. */ - krb5_error_code -diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c -index c597174b6..794ac84c4 100644 ---- a/src/lib/krad/packet.c -+++ b/src/lib/krad/packet.c -@@ -32,6 +32,7 @@ - #include - - #include -+#include - - typedef unsigned char uchar; - -@@ -53,12 +54,6 @@ typedef unsigned char uchar; - #define pkt_auth(p) ((uchar *)offset(&(p)->pkt, OFFSET_AUTH)) - #define pkt_attr(p) ((unsigned char *)offset(&(p)->pkt, OFFSET_ATTR)) - --struct krad_packet_st { -- char buffer[KRAD_PACKET_SIZE_MAX]; -- krad_attrset *attrset; -- krb5_data pkt; --}; -- - typedef struct { - uchar x[(UCHAR_MAX + 1) / 8]; - } idmap; -@@ -187,8 +182,13 @@ auth_generate_response(krb5_context ctx, const char *secret, - memcpy(data.data + response->pkt.length, secret, strlen(secret)); - - /* Hash it. */ -- retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data, -- &hash); -+ if (FIPS_mode()) { -+ /* This checksum does very little security-wise anyway, so don't -+ * taint. */ -+ hash.contents = calloc(1, AUTH_FIELD_SIZE); -+ } else -+ retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data, -+ &hash); - free(data.data); - if (retval != 0) - return retval; -@@ -276,7 +276,7 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code, - - /* Encode the attributes. */ - retval = kr_attrset_encode(set, secret, pkt_auth(pkt), pkt_attr(pkt), -- &attrset_len); -+ &attrset_len, &pkt->is_fips); - if (retval != 0) - goto error; - -@@ -314,7 +314,7 @@ krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code, - - /* Encode the attributes. */ - retval = kr_attrset_encode(set, secret, pkt_auth(request), pkt_attr(pkt), -- &attrset_len); -+ &attrset_len, &pkt->is_fips); - if (retval != 0) - goto error; - -@@ -451,6 +451,8 @@ krad_packet_decode_response(krb5_context ctx, const char *secret, - const krb5_data * - krad_packet_encode(const krad_packet *pkt) - { -+ if (pkt->is_fips) -+ return NULL; - return &pkt->pkt; - } - -diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c -index 437f7e91a..0f90443ce 100644 ---- a/src/lib/krad/remote.c -+++ b/src/lib/krad/remote.c -@@ -263,7 +263,7 @@ on_io_write(krad_remote *rr) - request *r; - - K5_TAILQ_FOREACH(r, &rr->list, list) { -- tmp = krad_packet_encode(r->request); -+ tmp = &r->request->pkt; - - /* If the packet has already been sent, do nothing. */ - if (r->sent == tmp->length) -@@ -359,7 +359,7 @@ on_io_read(krad_remote *rr) - if (req != NULL) { - K5_TAILQ_FOREACH(r, &rr->list, list) { - if (r->request == req && -- r->sent == krad_packet_encode(req)->length) { -+ r->sent == req->pkt.length) { - request_finish(r, 0, rsp); - break; - } -@@ -455,6 +455,12 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs, - (krad_packet_iter_cb)iterator, &r, &tmp); - if (retval != 0) - goto error; -+ else if (tmp->is_fips && rr->info->ai_family != AF_LOCAL && -+ rr->info->ai_family != AF_UNIX) { -+ /* This would expose cleartext passwords, so abort. */ -+ retval = ESOCKTNOSUPPORT; -+ goto error; -+ } - - K5_TAILQ_FOREACH(r, &rr->list, list) { - if (r->request == tmp) { -diff --git a/src/lib/krad/t_attr.c b/src/lib/krad/t_attr.c -index eb2a780c8..4d285ad9d 100644 ---- a/src/lib/krad/t_attr.c -+++ b/src/lib/krad/t_attr.c -@@ -50,6 +50,7 @@ main() - const char *tmp; - krb5_data in; - size_t len; -+ krb5_boolean is_fips = FALSE; - - noerror(krb5_init_context(&ctx)); - -@@ -73,7 +74,7 @@ main() - in = string2data((char *)decoded); - retval = kr_attr_encode(ctx, secret, auth, - krad_attr_name2num("User-Password"), -- &in, outbuf, &len); -+ &in, outbuf, &len, &is_fips); - insist(retval == 0); - insist(len == sizeof(encoded)); - insist(memcmp(outbuf, encoded, len) == 0); -diff --git a/src/lib/krad/t_attrset.c b/src/lib/krad/t_attrset.c -index 7928335ca..0f9576253 100644 ---- a/src/lib/krad/t_attrset.c -+++ b/src/lib/krad/t_attrset.c -@@ -49,6 +49,7 @@ main() - krb5_context ctx; - size_t len = 0, encode_len; - krb5_data tmp; -+ krb5_boolean is_fips = FALSE; - - noerror(krb5_init_context(&ctx)); - noerror(krad_attrset_new(ctx, &set)); -@@ -62,7 +63,8 @@ main() - noerror(krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp)); - - /* Encode attrset. */ -- noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len)); -+ noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len, -+ &is_fips)); - krad_attrset_free(set); - - /* Manually encode User-Name. */ -diff --git a/src/plugins/preauth/spake/spake_client.c b/src/plugins/preauth/spake/spake_client.c -index 00734a13b..a3ce22b70 100644 ---- a/src/plugins/preauth/spake/spake_client.c -+++ b/src/plugins/preauth/spake/spake_client.c -@@ -38,6 +38,8 @@ - #include "groups.h" - #include - -+#include -+ - typedef struct reqstate_st { - krb5_pa_spake *msg; /* set in prep_questions, used in process */ - krb5_keyblock *initial_key; -@@ -375,6 +377,10 @@ clpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, - - if (maj_ver != 1) - return KRB5_PLUGIN_VER_NOTSUPP; -+ -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - vt = (krb5_clpreauth_vtable)vtable; - vt->name = "spake"; - vt->pa_type_list = pa_types; -diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c -index 59e88409e..1b3e569e9 100644 ---- a/src/plugins/preauth/spake/spake_kdc.c -+++ b/src/plugins/preauth/spake/spake_kdc.c -@@ -41,6 +41,8 @@ - - #include - -+#include -+ - /* - * The SPAKE kdcpreauth module uses a secure cookie containing the following - * concatenated fields (all integer fields are big-endian): -@@ -578,6 +580,10 @@ kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, - - if (maj_ver != 1) - return KRB5_PLUGIN_VER_NOTSUPP; -+ -+ if (FIPS_mode()) -+ return KRB5_CRYPTO_INTERNAL; -+ - vt = (krb5_kdcpreauth_vtable)vtable; - vt->name = "spake"; - vt->pa_type_list = pa_types; diff --git a/SOURCES/krb5-1.18.2.tar.gz.asc b/SOURCES/krb5-1.18.2.tar.gz.asc new file mode 100644 index 0000000..aea279d --- /dev/null +++ b/SOURCES/krb5-1.18.2.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAl7H9FAACgkQDLoIV1+D +ct+rjxAAqLlDjeExNw1sJyyjaAKzo7vGzK0tFVouMglmmGcyluVwsqu9B2uHw3UC +TIm4bn1rgGtUB5oKWmbeD+hiuoAghLDa6gSrmDDkJfFR+o/K/vE7BGZewrrp7QJ5 +jJnEhjuY9O+ZFM/ZNEwHa4/RNG1ga5uJUrfdlNkTUMFje5d1TXvx/ozuSk4bAUTF +nqHuJsyRAuhKcqTOZ9nr5a54me97CbWj7Be6sA7LQVaFDPyWcJCQsBHjFyextTOF +3ewsF7330B3oO8yE9/f+nxFq/x9ot6CctMXZqLzhbvdzcO2GwmwbvXy73ibhvjVU +w9n/zQ1xDjRO0z1wfM54Vq1upQW78+YXA33fEX6od0WBzdiR/o7hfU3arg/WraUy +pVcD9V7jvYhGPpqYwEdRhs4qROhAh/yvebZ+MVe/1Pd8kA4tTXtR+VmVkp21X3cq ++19eTz7actQemfdsUvfcL8guub0Mea/l+1l3cEHl20FOEeZ8RjpPMisYS9IrJ52O +3lro26vYFSWS4+U9j4gwdjuQwLS3xHuPZFwS7aykKGsIQ1r8l5Yb0xorDXXKKLjm +z4DNPaZbxxfcGhDWKTlDudrXEIAGTOD4FC1SJBV3hbqUsv4EH+EJnf92rmVMJ5z/ +AmeUKsL02Abl3BjhwaLWmhIwoXIUhcI/5xNsoI6ePCAT2HLyJlE= +=fGT7 +-----END PGP SIGNATURE----- diff --git a/SOURCES/krb5-1.3.1-dns.patch b/SOURCES/krb5-1.3.1-dns.patch deleted file mode 100644 index 819bf9f..0000000 --- a/SOURCES/krb5-1.3.1-dns.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 19f0dc268c127fb51c4bb8c106104eee67119cca Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:46:21 -0400 -Subject: [PATCH] krb5-1.3.1-dns.patch - -We want to be able to use --with-netlib and --enable-dns at the same time. ---- - src/aclocal.m4 | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/aclocal.m4 b/src/aclocal.m4 -index a7afec09e..db18226ed 100644 ---- a/src/aclocal.m4 -+++ b/src/aclocal.m4 -@@ -726,6 +726,7 @@ AC_HELP_STRING([--with-netlib=LIBS], use user defined resolver library), - LIBS="$LIBS $withval" - AC_MSG_RESULT("netlib will use \'$withval\'") - fi -+ KRB5_AC_ENABLE_DNS - ],dnl - [AC_LIBRARY_NET] - )])dnl diff --git a/SOURCES/krb5-1.9-debuginfo.patch b/SOURCES/krb5-1.9-debuginfo.patch deleted file mode 100644 index 21971ff..0000000 --- a/SOURCES/krb5-1.9-debuginfo.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 56954a72afe83cce5168bc139139d7f74c3685d6 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2016 16:49:25 -0400 -Subject: [PATCH] krb5-1.9-debuginfo.patch - -We want to keep these y.tab.c files around because the debuginfo points to -them. It would be more elegant at the end to use symbolic links, but that -could mess up people working in the tree on other things. ---- - src/kadmin/cli/Makefile.in | 5 +++++ - src/plugins/kdb/ldap/ldap_util/Makefile.in | 2 +- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in -index adfea6e2b..d1327e400 100644 ---- a/src/kadmin/cli/Makefile.in -+++ b/src/kadmin/cli/Makefile.in -@@ -37,3 +37,8 @@ clean-unix:: - # CC_LINK is not meant for compilation and this use may break in the future. - datetest: getdate.c - $(CC_LINK) $(ALL_CFLAGS) -DTEST -o datetest getdate.c -+ -+%.c: %.y -+ $(RM) y.tab.c $@ -+ $(YACC.y) $< -+ $(CP) y.tab.c $@ -diff --git a/src/plugins/kdb/ldap/ldap_util/Makefile.in b/src/plugins/kdb/ldap/ldap_util/Makefile.in -index 8669c2436..a22f23c02 100644 ---- a/src/plugins/kdb/ldap/ldap_util/Makefile.in -+++ b/src/plugins/kdb/ldap/ldap_util/Makefile.in -@@ -20,7 +20,7 @@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIB) $(GETDATE) - getdate.c: $(GETDATE) - $(RM) getdate.c y.tab.c - $(YACC) $(GETDATE) -- $(MV) y.tab.c getdate.c -+ $(CP) y.tab.c getdate.c - - install: - $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) diff --git a/SOURCES/rhel-Use-backported-version-of-OpenSSL-3-KDF-interfa.patch b/SOURCES/rhel-Use-backported-version-of-OpenSSL-3-KDF-interfa.patch new file mode 100644 index 0000000..cbbfd2d --- /dev/null +++ b/SOURCES/rhel-Use-backported-version-of-OpenSSL-3-KDF-interfa.patch @@ -0,0 +1,751 @@ +From 396ce77f48f758efa090aadd00cd7208e7e97491 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 15 Nov 2019 20:05:16 +0000 +Subject: [PATCH] [rhel] Use backported version of OpenSSL-3 KDF interface + +(cherry picked from commit 0e20daf7ccfe50518c89735c3dae2fde08d92325) +--- + src/configure.ac | 4 + + src/lib/crypto/krb/derive.c | 356 +++++++++++++----- + .../preauth/pkinit/pkinit_crypto_openssl.c | 257 ++++++++----- + 3 files changed, 428 insertions(+), 189 deletions(-) + +diff --git a/src/configure.ac b/src/configure.ac +index d4e4da525..29be532cb 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -282,6 +282,10 @@ AC_SUBST(CRYPTO_IMPL) + AC_SUBST(CRYPTO_IMPL_CFLAGS) + AC_SUBST(CRYPTO_IMPL_LIBS) + ++AC_CHECK_FUNCS(EVP_KDF_CTX_new_id EVP_KDF_ctrl EVP_KDF_derive, ++ AC_DEFINE(OSSL_KDFS, 1, [Define if using OpenSSL KDFs]), ++ AC_MSG_ERROR([backported OpenSSL KDFs not found])) ++ + AC_ARG_WITH([prng-alg], + AC_HELP_STRING([--with-prng-alg=ALG], [use specified PRNG algorithm. @<:@fortuna@:>@]), + [PRNG_ALG=$withval +diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c +index 6707a7308..915a173dd 100644 +--- a/src/lib/crypto/krb/derive.c ++++ b/src/lib/crypto/krb/derive.c +@@ -27,6 +27,13 @@ + + #include "crypto_int.h" + ++#ifdef OSSL_KDFS ++#include ++#include ++#else ++#error "Refusing to build without OpenSSL KDFs!" ++#endif ++ + static krb5_key + find_cached_dkey(struct derived_key *list, const krb5_data *constant) + { +@@ -77,55 +84,193 @@ cleanup: + return ENOMEM; + } + ++#ifdef OSSL_KDFS + static krb5_error_code +-derive_random_rfc3961(const struct krb5_enc_provider *enc, +- krb5_key inkey, krb5_data *outrnd, +- const krb5_data *in_constant) ++openssl_kbdkf_counter_hmac(const struct krb5_hash_provider *hash, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *label, const krb5_data *context) + { +- size_t blocksize, keybytes, n; ++ krb5_error_code ret = KRB5_CRYPTO_INTERNAL; ++ EVP_KDF_CTX *ctx = NULL; ++ const EVP_MD *digest; ++ ++ if (!strcmp(hash->hash_name, "SHA1")) ++ digest = EVP_sha1(); ++ else if (!strcmp(hash->hash_name, "SHA-256")) ++ digest = EVP_sha256(); ++ else if (!strcmp(hash->hash_name, "SHA-384")) ++ digest = EVP_sha384(); ++ else ++ goto done; ++ ++ ctx = EVP_KDF_CTX_new_id(EVP_KDF_KB); ++ if (!ctx) ++ goto done; ++ ++ if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD, digest) != 1 || ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, ++ EVP_KDF_KB_MAC_TYPE_HMAC) != 1 || ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, inkey->keyblock.contents, ++ inkey->keyblock.length) != 1 || ++ (context->length > 0 && ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_INFO, context->data, ++ context->length) != 1) || ++ (label->length > 0 && ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SALT, label->data, ++ label->length) != 1) || ++ EVP_KDF_derive(ctx, (unsigned char *)outrnd->data, ++ outrnd->length) != 1) ++ goto done; ++ ++ ret = 0; ++done: ++ if (ret) ++ zap(outrnd->data, outrnd->length); ++ EVP_KDF_CTX_free(ctx); ++ return ret; ++} ++ ++static krb5_error_code ++openssl_kbkdf_feedback_cmac(const struct krb5_enc_provider *enc, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *in_constant) ++{ ++ krb5_error_code ret = KRB5_CRYPTO_INTERNAL; ++ EVP_KDF_CTX *ctx = NULL; ++ const EVP_CIPHER *cipher; ++ static unsigned char zeroes[16]; ++ ++ memset(zeroes, 0, sizeof(zeroes)); ++ ++ if (enc->keylength == 16) ++ cipher = EVP_camellia_128_cbc(); ++ else if (enc->keylength == 32) ++ cipher = EVP_camellia_256_cbc(); ++ else ++ goto done; ++ ++ ctx = EVP_KDF_CTX_new_id(EVP_KDF_KB); ++ if (!ctx) ++ goto done; ++ ++ if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_MODE, ++ EVP_KDF_KB_MODE_FEEDBACK) != 1 || ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, ++ EVP_KDF_KB_MAC_TYPE_CMAC) != 1 || ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_CIPHER, cipher) != 1 || ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, inkey->keyblock.contents, ++ inkey->keyblock.length) != 1 || ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SALT, in_constant->data, ++ in_constant->length) != 1 || ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_SEED, zeroes, ++ sizeof(zeroes)) != 1 || ++ EVP_KDF_derive(ctx, (unsigned char *)outrnd->data, ++ outrnd->length) != 1) ++ goto done; ++ ++ ret = 0; ++done: ++ if (ret) ++ zap(outrnd->data, outrnd->length); ++ EVP_KDF_CTX_free(ctx); ++ return ret; ++} ++ ++static krb5_error_code ++openssl_krb5kdf(const struct krb5_enc_provider *enc, krb5_key inkey, ++ krb5_data *outrnd, const krb5_data *in_constant) ++{ ++ krb5_error_code ret = KRB5_CRYPTO_INTERNAL; ++ EVP_KDF_CTX *ctx = NULL; ++ const EVP_CIPHER *cipher; ++ ++ if (inkey->keyblock.length != enc->keylength || ++ outrnd->length != enc->keybytes) { ++ return KRB5_CRYPTO_INTERNAL; ++ } ++ ++ if (enc->encrypt == krb5int_aes_encrypt && enc->keylength == 16) ++ cipher = EVP_aes_128_cbc(); ++ else if (enc->encrypt == krb5int_aes_encrypt && enc->keylength == 32) ++ cipher = EVP_aes_256_cbc(); ++ else if (enc->keylength == 24) ++ cipher = EVP_des_ede3_cbc(); ++ else ++ goto done; ++ ++ ctx = EVP_KDF_CTX_new_id(EVP_KDF_KRB5KDF); ++ if (ctx == NULL) ++ goto done; ++ ++ if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_CIPHER, cipher) != 1 || ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, inkey->keyblock.contents, ++ inkey->keyblock.length) != 1 || ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KRB5KDF_CONSTANT, ++ in_constant->data, in_constant->length) != 1 || ++ EVP_KDF_derive(ctx, (unsigned char *)outrnd->data, ++ outrnd->length) != 1) ++ goto done; ++ ++ ret = 0; ++done: ++ if (ret) ++ zap(outrnd->data, outrnd->length); ++ EVP_KDF_CTX_free(ctx); ++ return ret; ++} ++ ++#else /* OSSL_KDFS */ ++ ++/* ++ * NIST SP800-108 KDF in counter mode (section 5.1). ++ * Parameters: ++ * - HMAC (with hash as the hash provider) is the PRF. ++ * - A block counter of four bytes is used. ++ * - Four bytes are used to encode the output length in the PRF input. ++ * ++ * There are no uses requiring more than a single PRF invocation. ++ */ ++static krb5_error_code ++builtin_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *label, ++ const krb5_data *context) ++{ ++ krb5_crypto_iov iov[5]; + krb5_error_code ret; +- krb5_data block = empty_data(); ++ krb5_data prf; ++ unsigned char ibuf[4], lbuf[4]; + +- blocksize = enc->block_size; +- keybytes = enc->keybytes; +- +- if (blocksize == 1) +- return KRB5_BAD_ENCTYPE; +- if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes) ++ if (hash == NULL || outrnd->length > hash->hashsize) + return KRB5_CRYPTO_INTERNAL; + + /* Allocate encryption data buffer. */ +- ret = alloc_data(&block, blocksize); ++ ret = alloc_data(&prf, hash->hashsize); + if (ret) + return ret; + +- /* Initialize the input block. */ +- if (in_constant->length == blocksize) { +- memcpy(block.data, in_constant->data, blocksize); +- } else { +- krb5int_nfold(in_constant->length * 8, +- (unsigned char *) in_constant->data, +- blocksize * 8, (unsigned char *) block.data); +- } ++ /* [i]2: four-byte big-endian binary string giving the block counter (1) */ ++ iov[0].flags = KRB5_CRYPTO_TYPE_DATA; ++ iov[0].data = make_data(ibuf, sizeof(ibuf)); ++ store_32_be(1, ibuf); ++ /* Label */ ++ iov[1].flags = KRB5_CRYPTO_TYPE_DATA; ++ iov[1].data = *label; ++ /* 0x00: separator byte */ ++ iov[2].flags = KRB5_CRYPTO_TYPE_DATA; ++ iov[2].data = make_data("", 1); ++ /* Context */ ++ iov[3].flags = KRB5_CRYPTO_TYPE_DATA; ++ iov[3].data = *context; ++ /* [L]2: four-byte big-endian binary string giving the output length */ ++ iov[4].flags = KRB5_CRYPTO_TYPE_DATA; ++ iov[4].data = make_data(lbuf, sizeof(lbuf)); ++ store_32_be(outrnd->length * 8, lbuf); + +- /* Loop encrypting the blocks until enough key bytes are generated. */ +- n = 0; +- while (n < keybytes) { +- ret = encrypt_block(enc, inkey, &block); +- if (ret) +- goto cleanup; +- +- if ((keybytes - n) <= blocksize) { +- memcpy(outrnd->data + n, block.data, (keybytes - n)); +- break; +- } +- +- memcpy(outrnd->data + n, block.data, blocksize); +- n += blocksize; +- } +- +-cleanup: +- zapfree(block.data, blocksize); ++ ret = krb5int_hmac(hash, inkey, iov, 5, &prf); ++ if (!ret) ++ memcpy(outrnd->data, prf.data, outrnd->length); ++ zapfree(prf.data, prf.length); + return ret; + } + +@@ -139,9 +284,9 @@ cleanup: + * - Four bytes are used to encode the output length in the PRF input. + */ + static krb5_error_code +-derive_random_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, +- krb5_key inkey, krb5_data *outrnd, +- const krb5_data *in_constant) ++builtin_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *in_constant) + { + size_t blocksize, keybytes, n; + krb5_crypto_iov iov[6]; +@@ -204,56 +349,94 @@ cleanup: + return ret; + } + +-/* +- * NIST SP800-108 KDF in counter mode (section 5.1). +- * Parameters: +- * - HMAC (with hash as the hash provider) is the PRF. +- * - A block counter of four bytes is used. +- * - Four bytes are used to encode the output length in the PRF input. +- * +- * There are no uses requiring more than a single PRF invocation. +- */ ++static krb5_error_code ++builtin_derive_random_rfc3961(const struct krb5_enc_provider *enc, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *in_constant) ++{ ++ size_t blocksize, keybytes, n; ++ krb5_error_code ret; ++ krb5_data block = empty_data(); ++ ++ blocksize = enc->block_size; ++ keybytes = enc->keybytes; ++ ++ if (blocksize == 1) ++ return KRB5_BAD_ENCTYPE; ++ if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes) ++ return KRB5_CRYPTO_INTERNAL; ++ ++ /* Allocate encryption data buffer. */ ++ ret = alloc_data(&block, blocksize); ++ if (ret) ++ return ret; ++ ++ /* Initialize the input block. */ ++ if (in_constant->length == blocksize) { ++ memcpy(block.data, in_constant->data, blocksize); ++ } else { ++ krb5int_nfold(in_constant->length * 8, ++ (unsigned char *) in_constant->data, ++ blocksize * 8, (unsigned char *) block.data); ++ } ++ ++ /* Loop encrypting the blocks until enough key bytes are generated. */ ++ n = 0; ++ while (n < keybytes) { ++ ret = encrypt_block(enc, inkey, &block); ++ if (ret) ++ goto cleanup; ++ ++ if ((keybytes - n) <= blocksize) { ++ memcpy(outrnd->data + n, block.data, (keybytes - n)); ++ break; ++ } ++ ++ memcpy(outrnd->data + n, block.data, blocksize); ++ n += blocksize; ++ } ++ ++cleanup: ++ zapfree(block.data, blocksize); ++ return ret; ++} ++#endif /* OSSL_KDFS */ ++ + krb5_error_code + k5_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, + krb5_key inkey, krb5_data *outrnd, + const krb5_data *label, const krb5_data *context) + { +- krb5_crypto_iov iov[5]; +- krb5_error_code ret; +- krb5_data prf; +- unsigned char ibuf[4], lbuf[4]; ++#ifdef OSSL_KDFS ++ return openssl_kbdkf_counter_hmac(hash, inkey, outrnd, label, context); ++#else ++ return builtin_sp800_108_counter_hmac(hash, inkey, outrnd, label, ++ context); ++#endif ++} + +- if (hash == NULL || outrnd->length > hash->hashsize) +- return KRB5_CRYPTO_INTERNAL; ++static krb5_error_code ++k5_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *in_constant) ++{ ++#ifdef OSSL_KDFS ++ return openssl_kbkdf_feedback_cmac(enc, inkey, outrnd, in_constant); ++#else ++ return builtin_sp800_108_feedback_cmac(enc, inkey, outrnd, in_constant); ++#endif ++} + +- /* Allocate encryption data buffer. */ +- ret = alloc_data(&prf, hash->hashsize); +- if (ret) +- return ret; +- +- /* [i]2: four-byte big-endian binary string giving the block counter (1) */ +- iov[0].flags = KRB5_CRYPTO_TYPE_DATA; +- iov[0].data = make_data(ibuf, sizeof(ibuf)); +- store_32_be(1, ibuf); +- /* Label */ +- iov[1].flags = KRB5_CRYPTO_TYPE_DATA; +- iov[1].data = *label; +- /* 0x00: separator byte */ +- iov[2].flags = KRB5_CRYPTO_TYPE_DATA; +- iov[2].data = make_data("", 1); +- /* Context */ +- iov[3].flags = KRB5_CRYPTO_TYPE_DATA; +- iov[3].data = *context; +- /* [L]2: four-byte big-endian binary string giving the output length */ +- iov[4].flags = KRB5_CRYPTO_TYPE_DATA; +- iov[4].data = make_data(lbuf, sizeof(lbuf)); +- store_32_be(outrnd->length * 8, lbuf); +- +- ret = krb5int_hmac(hash, inkey, iov, 5, &prf); +- if (!ret) +- memcpy(outrnd->data, prf.data, outrnd->length); +- zapfree(prf.data, prf.length); +- return ret; ++static krb5_error_code ++k5_derive_random_rfc3961(const struct krb5_enc_provider *enc, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *in_constant) ++{ ++#ifdef OSSL_KDFS ++ return openssl_krb5kdf(enc, inkey, outrnd, in_constant); ++#else ++ return builtin_derive_random_rfc3961(enc, inkey, outrnd, in_constant); ++#endif + } + + krb5_error_code +@@ -266,10 +449,9 @@ krb5int_derive_random(const struct krb5_enc_provider *enc, + + switch (alg) { + case DERIVE_RFC3961: +- return derive_random_rfc3961(enc, inkey, outrnd, in_constant); ++ return k5_derive_random_rfc3961(enc, inkey, outrnd, in_constant); + case DERIVE_SP800_108_CMAC: +- return derive_random_sp800_108_feedback_cmac(enc, inkey, outrnd, +- in_constant); ++ return k5_sp800_108_feedback_cmac(enc, inkey, outrnd, in_constant); + case DERIVE_SP800_108_HMAC: + return k5_sp800_108_counter_hmac(hash, inkey, outrnd, in_constant, + &empty); +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index 52976895b..dd718c2be 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -38,6 +38,13 @@ + #include + #include + ++#ifdef OSSL_KDFS ++#include ++#include ++#else ++#error "Refusing to build without OpenSSL KDFs!" ++#endif ++ + static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context ); + static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ); + +@@ -2331,11 +2338,51 @@ pkinit_alg_values(krb5_context context, + } + } /* pkinit_alg_values() */ + ++#ifdef OSSL_KDFS ++static krb5_error_code ++openssl_sskdf(krb5_context context, size_t hash_bytes, krb5_data *key, ++ krb5_data *info, char *out, size_t out_len) ++{ ++ krb5_error_code ret = KRB5_CRYPTO_INTERNAL; ++ EVP_KDF_CTX *ctx = NULL; ++ const EVP_MD *digest; + +-/* pkinit_alg_agility_kdf() -- +- * This function generates a key using the KDF described in +- * draft_ietf_krb_wg_pkinit_alg_agility-04.txt. The algorithm is +- * described as follows: ++ /* RFC 8636 defines a SHA384 variant, but we don't use it. */ ++ if (hash_bytes == 20) { ++ digest = EVP_sha1(); ++ } else if (hash_bytes == 32) { ++ digest = EVP_sha256(); ++ } else if (hash_bytes == 64) { ++ digest = EVP_sha512(); ++ } else { ++ krb5_set_error_message(context, ret, "Bad hash type for SSKDF"); ++ goto done; ++ } ++ ++ ctx = EVP_KDF_CTX_new_id(EVP_KDF_SS); ++ if (!ctx) { ++ oerr(context, ret, _("Failed to instantiate SSKDF")); ++ goto done; ++ } ++ ++ if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD, digest) != 1 || ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key->data, ++ key->length) != 1 || ++ EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSKDF_INFO, info->data, ++ info->length) != 1 || ++ EVP_KDF_derive(ctx, (unsigned char *)out, out_len) != 1) ++ goto done; ++ ++ ret = 0; ++done: ++ EVP_KDF_CTX_free(ctx); ++ return ret; ++} ++#else ++/* ++ * Generate a key using the KDF described in RFC 8636, also known as SSKDF ++ * (single-step kdf). Our caller precomputes `reps`, but otherwise the ++ * algorithm is as follows: + * + * 1. reps = keydatalen (K) / hash length (H) + * +@@ -2349,95 +2396,16 @@ pkinit_alg_values(krb5_context context, + * + * 4. Set key = Hash1 || Hash2 || ... so that length of key is K bytes. + */ +-krb5_error_code +-pkinit_alg_agility_kdf(krb5_context context, +- krb5_data *secret, +- krb5_data *alg_oid, +- krb5_const_principal party_u_info, +- krb5_const_principal party_v_info, +- krb5_enctype enctype, +- krb5_data *as_req, +- krb5_data *pk_as_rep, +- krb5_keyblock *key_block) ++static krb5_error_code ++builtin_sskdf(krb5_context context, unsigned int reps, size_t hash_len, ++ const EVP_MD *(*EVP_func)(void), krb5_data *secret, ++ krb5_data *other_info, char *out, size_t out_len) + { + krb5_error_code retval = 0; + +- unsigned int reps = 0; +- uint32_t counter = 1; /* Does this type work on Windows? */ ++ uint32_t counter = 1; + size_t offset = 0; +- size_t hash_len = 0; +- size_t rand_len = 0; +- size_t key_len = 0; +- krb5_data random_data; +- krb5_sp80056a_other_info other_info_fields; +- krb5_pkinit_supp_pub_info supp_pub_info_fields; +- krb5_data *other_info = NULL; +- krb5_data *supp_pub_info = NULL; +- krb5_algorithm_identifier alg_id; + EVP_MD_CTX *ctx = NULL; +- const EVP_MD *(*EVP_func)(void); +- +- /* initialize random_data here to make clean-up safe */ +- random_data.length = 0; +- random_data.data = NULL; +- +- /* allocate and initialize the key block */ +- key_block->magic = 0; +- key_block->enctype = enctype; +- if (0 != (retval = krb5_c_keylengths(context, enctype, &rand_len, +- &key_len))) +- goto cleanup; +- +- random_data.length = rand_len; +- key_block->length = key_len; +- +- if (NULL == (key_block->contents = malloc(key_block->length))) { +- retval = ENOMEM; +- goto cleanup; +- } +- +- memset (key_block->contents, 0, key_block->length); +- +- /* If this is anonymous pkinit, use the anonymous principle for party_u_info */ +- if (party_u_info && krb5_principal_compare_any_realm(context, party_u_info, +- krb5_anonymous_principal())) +- party_u_info = (krb5_principal)krb5_anonymous_principal(); +- +- if (0 != (retval = pkinit_alg_values(context, alg_oid, &hash_len, &EVP_func))) +- goto cleanup; +- +- /* 1. reps = keydatalen (K) / hash length (H) */ +- reps = key_block->length/hash_len; +- +- /* ... and round up, if necessary */ +- if (key_block->length > (reps * hash_len)) +- reps++; +- +- /* Allocate enough space in the random data buffer to hash directly into +- * it, even if the last hash will make it bigger than the key length. */ +- if (NULL == (random_data.data = malloc(reps * hash_len))) { +- retval = ENOMEM; +- goto cleanup; +- } +- +- /* Encode the ASN.1 octet string for "SuppPubInfo" */ +- supp_pub_info_fields.enctype = enctype; +- supp_pub_info_fields.as_req = *as_req; +- supp_pub_info_fields.pk_as_rep = *pk_as_rep; +- if (0 != ((retval = encode_krb5_pkinit_supp_pub_info(&supp_pub_info_fields, +- &supp_pub_info)))) +- goto cleanup; +- +- /* Now encode the ASN.1 octet string for "OtherInfo" */ +- memset(&alg_id, 0, sizeof alg_id); +- alg_id.algorithm = *alg_oid; /*alias*/ +- +- other_info_fields.algorithm_identifier = alg_id; +- other_info_fields.party_u_info = (krb5_principal) party_u_info; +- other_info_fields.party_v_info = (krb5_principal) party_v_info; +- other_info_fields.supp_pub_info = *supp_pub_info; +- if (0 != (retval = encode_krb5_sp80056a_other_info(&other_info_fields, &other_info))) +- goto cleanup; + + /* 2. Initialize a 32-bit, big-endian bit string counter as 1. + * 3. For i = 1 to reps by 1, do the following: +@@ -2471,8 +2439,9 @@ pkinit_alg_agility_kdf(krb5_context context, + goto cleanup; + } + +- /* 4. Set key = Hash1 || Hash2 || ... so that length of key is K bytes. */ +- if (!EVP_DigestFinal(ctx, (uint8_t *)random_data.data + offset, &s)) { ++ /* 4. Set key = Hash1 || Hash2 || ... so that length of key is K ++ * bytes. */ ++ if (!EVP_DigestFinal(ctx, (unsigned char *)out + offset, &s)) { + krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL, + "Call to OpenSSL EVP_DigestUpdate() returned an error."); + retval = KRB5_CRYPTO_INTERNAL; +@@ -2484,26 +2453,110 @@ pkinit_alg_agility_kdf(krb5_context context, + EVP_MD_CTX_free(ctx); + ctx = NULL; + } +- +- retval = krb5_c_random_to_key(context, enctype, &random_data, +- key_block); +- + cleanup: + EVP_MD_CTX_free(ctx); ++ return retval; ++} /* builtin_sskdf() */ ++#endif /* OSSL_KDFS */ + +- /* If this has been an error, free the allocated key_block, if any */ +- if (retval) { +- krb5_free_keyblock_contents(context, key_block); ++/* id-pkinit-kdf family, as specified by RFC 8636. */ ++krb5_error_code ++pkinit_alg_agility_kdf(krb5_context context, krb5_data *secret, ++ krb5_data *alg_oid, krb5_const_principal party_u_info, ++ krb5_const_principal party_v_info, ++ krb5_enctype enctype, krb5_data *as_req, ++ krb5_data *pk_as_rep, krb5_keyblock *key_block) ++{ ++ krb5_error_code retval; ++ size_t hash_len = 0, rand_len = 0, key_len = 0; ++ const EVP_MD *(*EVP_func)(void); ++ krb5_sp80056a_other_info other_info_fields; ++ krb5_pkinit_supp_pub_info supp_pub_info_fields; ++ krb5_data *other_info = NULL, *supp_pub_info = NULL; ++ krb5_data random_data = empty_data(); ++ krb5_algorithm_identifier alg_id; ++ unsigned int reps; ++ ++ /* Allocate and initialize the key block. */ ++ key_block->magic = 0; ++ key_block->enctype = enctype; ++ ++ /* Use separate variables to avoid alignment restriction problems. */ ++ retval = krb5_c_keylengths(context, enctype, &rand_len, &key_len); ++ if (retval) ++ goto cleanup; ++ random_data.length = rand_len; ++ key_block->length = key_len; ++ ++ key_block->contents = k5calloc(key_block->length, 1, &retval); ++ if (key_block->contents == NULL) ++ goto cleanup; ++ ++ /* If this is anonymous pkinit, use the anonymous principle for ++ * party_u_info. */ ++ if (party_u_info && ++ krb5_principal_compare_any_realm(context, party_u_info, ++ krb5_anonymous_principal())) { ++ party_u_info = (krb5_principal)krb5_anonymous_principal(); + } + +- /* free other allocated resources, either way */ +- if (random_data.data) +- free(random_data.data); ++ retval = pkinit_alg_values(context, alg_oid, &hash_len, &EVP_func); ++ if (retval) ++ goto cleanup; ++ ++ /* 1. reps = keydatalen (K) / hash length (H) */ ++ reps = key_block->length / hash_len; ++ ++ /* ... and round up, if necessary. */ ++ if (key_block->length > (reps * hash_len)) ++ reps++; ++ ++ /* Allocate enough space in the random data buffer to hash directly into ++ * it, even if the last hash will make it bigger than the key length. */ ++ random_data.data = k5alloc(reps * hash_len, &retval); ++ if (random_data.data == NULL) ++ goto cleanup; ++ ++ /* Encode the ASN.1 octet string for "SuppPubInfo". */ ++ supp_pub_info_fields.enctype = enctype; ++ supp_pub_info_fields.as_req = *as_req; ++ supp_pub_info_fields.pk_as_rep = *pk_as_rep; ++ retval = encode_krb5_pkinit_supp_pub_info(&supp_pub_info_fields, ++ &supp_pub_info); ++ if (retval) ++ goto cleanup; ++ ++ /* Now encode the ASN.1 octet string for "OtherInfo". */ ++ memset(&alg_id, 0, sizeof(alg_id)); ++ alg_id.algorithm = *alg_oid; ++ other_info_fields.algorithm_identifier = alg_id; ++ other_info_fields.party_u_info = (krb5_principal)party_u_info; ++ other_info_fields.party_v_info = (krb5_principal)party_v_info; ++ other_info_fields.supp_pub_info = *supp_pub_info; ++ retval = encode_krb5_sp80056a_other_info(&other_info_fields, &other_info); ++ if (retval) ++ goto cleanup; ++ ++#ifdef OSSL_KDFS ++ retval = openssl_sskdf(context, hash_len, secret, other_info, ++ random_data.data, key_block->length); ++#else ++ retval = builtin_sskdf(context, reps, hash_len, EVP_func, secret, ++ other_info, random_data.data, key_block->length); ++#endif ++ if (retval) ++ goto cleanup; ++ ++ retval = krb5_c_random_to_key(context, enctype, &random_data, key_block); ++cleanup: ++ if (retval) ++ krb5_free_keyblock_contents(context, key_block); ++ ++ zapfree(random_data.data, random_data.length); + krb5_free_data(context, other_info); + krb5_free_data(context, supp_pub_info); +- + return retval; +-} /*pkinit_alg_agility_kdf() */ ++} + + /* Call DH_compute_key() and ensure that we left-pad short results instead of + * leaving junk bytes at the end of the buffer. */ diff --git a/SPECS/krb5.spec b/SPECS/krb5.spec index b285a4b..5b9949a 100644 --- a/SPECS/krb5.spec +++ b/SPECS/krb5.spec @@ -12,13 +12,13 @@ %global prerelease %{nil} # Should be in form 5.0, 6.1, etc. -%global kdbversion 7.0 +%global kdbversion 8.0 Summary: The Kerberos network authentication system Name: krb5 -Version: 1.17 +Version: 1.18.2 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 18%{?dist} +Release: 5%{?dist} # lookaside-cached sources; two downloads and a build artifact Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz @@ -46,37 +46,33 @@ Source33: krb5kdc.logrotate Source34: kadmind.logrotate Source39: krb5-krb5kdc.conf -Patch26: krb5-1.12.1-pam.patch -Patch27: krb5-1.17-beta1-selinux-label.patch -Patch28: krb5-1.12-ksu-path.patch -Patch29: krb5-1.12-ktany.patch -Patch30: krb5-1.15-beta1-buildconf.patch -Patch31: krb5-1.3.1-dns.patch -Patch32: krb5-1.12-api.patch -Patch33: krb5-1.13-dirsrv-accountlock.patch -Patch34: krb5-1.9-debuginfo.patch -Patch35: krb5-1.11-run_user_0.patch -Patch36: krb5-1.11-kpasswdtest.patch -Patch88: Add-tests-for-KCM-ccache-type.patch -Patch89: Properly-size-ifdef-in-k5_cccol_lock.patch -Patch90: Fix-memory-leak-in-none-replay-cache-type.patch -Patch91: Address-some-optimized-out-memset-calls.patch -Patch95: In-rd_req_dec-always-log-non-permitted-enctypes.patch -Patch96: In-kpropd-debug-log-proper-ticket-enctype-names.patch -Patch97: Make-etype-names-in-KDC-logs-human-readable.patch -Patch98: Mark-deprecated-enctypes-when-used.patch -Patch99: Add-function-and-enctype-flag-for-deprecations.patch -Patch100: Fix-argument-order-on-strlcpy-in-enctype_name.patch -Patch101: Fix-KCM-client-time-offset-propagation.patch -Patch102: Add-soft-pkcs11-source-code.patch -Patch103: Use-imported-soft-pkcs11-for-tests.patch -Patch104: Fix-Coverity-defects-in-soft-pkcs11-test-code.patch -Patch105: Fix-memory-leaks-in-soft-pkcs11-code.patch -Patch106: Avoid-alignment-warnings-in-openssl-rc4.c.patch -Patch107: Use-backported-version-of-OpenSSL-3-KDF-interface.patch -Patch108: krb5-1.17post6-FIPS-with-PRNG-and-RADIUS-and-MD4.patch -Patch109: krb5-1.17post2-DES-3DES-fixups.patch -Patch110: Put-KDB-authdata-first.patch +Patch1: downstream-ksu-pam-integration.patch +Patch2: downstream-SELinux-integration.patch +Patch3: downstream-Adjust-build-configuration.patch +Patch4: downstream-netlib-and-dns.patch +Patch5: downstream-fix-debuginfo-with-y.tab.c.patch +Patch6: downstream-Remove-3des-support.patch +Patch7: rhel-Use-backported-version-of-OpenSSL-3-KDF-interfa.patch +Patch108: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch +Patch110: Allow-certauth-modules-to-set-hw-authent-flag.patch +Patch112: Refresh-manually-acquired-creds-from-client-keytab.patch +Patch114: Add-finalization-safety-check-to-com_err.patch +Patch115: Eliminate-redundant-PKINIT-responder-invocation.patch +Patch116: Correctly-import-service-GSS-host-based-name.patch +Patch117: Do-expiration-warnings-for-all-init_creds-APIs.patch +Patch118: Pass-gss_localname-through-SPNEGO.patch +Patch119: Omit-KDC-indicator-check-for-S4U2Self-requests.patch +Patch120: Fix-typo-in-in-in-the-ksu-man-page.patch +Patch121: Omit-PA_FOR_USER-if-we-can-t-compute-its-checksum.patch +Patch122: Improve-negoex_parse_token-code-hygiene.patch +Patch123: Refactor-krb5-GSS-checksum-handling.patch +Patch124: Implement-GSS_C_CHANNEL_BOUND_FLAG.patch +Patch125: Implement-KERB_AP_OPTIONS_CBT-server-side.patch +Patch126: Add-client_aware_channel_bindings-option.patch +Patch127: Pass-channel-bindings-through-SPNEGO.patch +Patch128: Add-channel-bindings-tests.patch +Patch129: Ignore-bad-enctypes-in-krb5_string_to_keysalts.patch +Patch130: Fix-leak-in-KERB_AP_OPTIONS_CBT-server-support.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -262,9 +258,6 @@ interface is not considered stable. %autosetup -S git -n %{name}-%{version}%{prerelease} -a 3 ln NOTICE LICENSE -# Take the execute bit off of documentation. -chmod -x doc/ccapi/*.html - # Generate an FDS-compatible LDIF file. inldif=src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif cat > '60kerberos.ldif' << EOF @@ -690,6 +683,46 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Tue Aug 04 2020 Robbie Harwood - 1.18.2-5 +- Fix leak in KERB_AP_OPTIONS_CBT server support +- Resolves: #1860831 + +* Tue Jul 28 2020 Robbie Harwood - 1.18.2-4 +- Ignore bad enctypes in krb5_string_to_keysalts() +- Resolves: #1858322 + +* Mon Jun 15 2020 Robbie Harwood - 1.18.2-3 +- Match Heimdal behavior for channel bindings +- Code hygiene + test stability fix included +- Resolves: #1840518 + +* Wed May 27 2020 Robbie Harwood - 1.18.2-2 +- Drop DES3 from sample kdc.conf +- Resolves: #1802334 + +* Fri May 22 2020 Robbie Harwood - 1.18.2-1 +- New upstream release (1.18.2) +- Resolves: #1802334 + +* Fri May 08 2020 Robbie Harwood - 1.18.1-3 +- Omit KDC indicator check for S4U2Self requests +- Resolves: #1802334 + +* Tue Apr 28 2020 Robbie Harwood - 1.18.1-2 +- Pass gss_localname() through SPNEGO +- Resolves: #1802334 + +* Tue Apr 14 2020 Robbie Harwood - 1.18.1-1 +- New upstream version (1.18.1) +- Resolves: #1802334 + +* Tue Apr 07 2020 Robbie Harwood - 1.18-1 +- New upstream version (1.18) +- Resolves: #1802334 +- Resolves: #1820311 +- Resolves: #1791062 +- Resolves: #1784655 + * Wed Feb 19 2020 Robbie Harwood - 1.17-18 - Put KDB authdata first - Resolves: #1800575