Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/krb5/patches/065-no_MD5_in_rcache.patch
author Shawn Emery <shawn.emery@oracle.com>
Tue, 09 Aug 2016 21:10:38 -0700
changeset 6599 1d033832c5e7
parent 5490 9bf0bc57423a
child 6978 14cbeb78966a
permissions -rw-r--r--
24377741 Update Userland krb5 to MIT 1.14.3 24379666 problem in UTILITY/KERBEROS
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
5490
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
     1
 
#
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
     2
 
# Replace MD5 use in rcache with SHA1.
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
     3
 
#
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
     4
 
# rcache uses an unkeyed MD5 hash of the authenticator to distinguish
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
     5
 
# between different request with equal client principal, server principal
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
     6
 
# and microsecond time. When OpenSSL crypto provider is used and
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
     7
 
# underlying OpenSSL is run in FIPS mode, MD5 algorithm is disabled and
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
     8
 
# gss_accept_sec_context() results in an abort in rcache processing
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
     9
 
#
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    10
 
# This patch effectively implements a different rcache extension.
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    11
 
# The new extension identifier is 'SHA1:' (instead of 'HASH:')
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    12
 
# and the checksum type is CKSUMTYPE_NIST_SHA (instead of CKSUMTYPE_RSA_MD5).
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    13
 
#
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    14
 
# This change has been brought for discussion with upstream:
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    15
 
# http://mailman.mit.edu/pipermail/krbdev/2015-December/012508.html
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    16
 
# Patch source: in-house
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    17
 
#
6599
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents: 5490
diff changeset 
    18
 
diff --git a/src/lib/krb5/rcache/rc_conv.c b/src/lib/krb5/rcache/rc_conv.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents: 5490
diff changeset 
    19
 
--- a/src/lib/krb5/rcache/rc_conv.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents: 5490
diff changeset 
    20
 
+++ b/src/lib/krb5/rcache/rc_conv.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents: 5490
diff changeset 
    21
 
@@ -55,7 +55,7 @@ krb5_rc_hash_message(krb5_context context, const krb5_data *message,
5490
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    22
 
     *out = NULL;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    23
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    24
 
     /* Calculate the binary checksum. */
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    25
 
-    retval = krb5_c_make_checksum(context, CKSUMTYPE_RSA_MD5, 0, 0,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    26
 
+    retval = krb5_c_make_checksum(context, CKSUMTYPE_NIST_SHA, 0, 0,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    27
 
                                   message, &cksum);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    28
 
     if (retval)
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    29
 
         return retval;
6599
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents: 5490
diff changeset 
    30
 
diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents: 5490
diff changeset 
    31
 
--- a/src/lib/krb5/rcache/rc_dfl.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents: 5490
diff changeset 
    32
 
+++ b/src/lib/krb5/rcache/rc_dfl.c
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents: 5490
diff changeset 
    33
 
@@ -391,7 +391,7 @@ parse_counted_string(char **strptr, char **result)
5490
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    34
 
 /*
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    35
 
  * Hash extension records have the format:
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    36
 
  *  client = <empty string>
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    37
 
- *  server = HASH:<msghash> <clientlen>:<client> <serverlen>:<server>
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    38
 
+ *  server = SHA1:<msghash> <clientlen>:<client> <serverlen>:<server>
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    39
 
  * Spaces in the client and server string are represented with
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    40
 
  * with backslashes.  Client and server lengths are represented in
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    41
 
  * ASCII decimal (which is different from the 32-bit binary we use
6599
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents: 5490
diff changeset 
    42
 
@@ -408,7 +408,7 @@ check_hash_extension(krb5_donot_replay *rep)
5490
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    43
 
     /* Check if this appears to match the hash extension format. */
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    44
 
     if (*rep->client)
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    45
 
         return 0;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    46
 
-    if (strncmp(rep->server, "HASH:", 5) != 0)
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    47
 
+    if (strncmp(rep->server, "SHA1:", 5) != 0)
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    48
 
         return 0;
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    49
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    50
 
     /* Parse out the message hash. */
6599
1d033832c5e7 24377741 Update Userland krb5 to MIT 1.14.3
Shawn Emery <shawn.emery@oracle.com>
parents: 5490
diff changeset 
    51
 
@@ -664,7 +664,7 @@ krb5_rc_io_store(krb5_context context, struct dfl_data *t,
5490
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    52
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    53
 
         /* Format the extension value so we know its length. */
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    54
 
         k5_buf_init_dynamic(&extbuf);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    55
 
-        k5_buf_add_fmt(&extbuf, "HASH:%s %lu:%s %lu:%s", rep->msghash,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    56
 
+        k5_buf_add_fmt(&extbuf, "SHA1:%s %lu:%s %lu:%s", rep->msghash,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    57
 
                        (unsigned long)clientlen, rep->client,
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    58
 
                        (unsigned long)serverlen, rep->server);
9bf0bc57423a PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff changeset 
    59
 
         if (k5_buf_status(&extbuf) != 0)
upstream/oracle/userland-gate