Skip Menu |
 

Subject: implement draft-ietf-krb-wg-gssapi-cfx (AES etc for GSSAPI)
(I thought we had a ticket on this, can't find one though.)

We need to implement the generic crypto support for GSSAPI. The current
spec is draft-ietf-krb-wg-gssapi-cfx-04.txt in the internet-drafts area.
From: raeburn@mit.edu
Subject: CVS Commit
Download (untitled) / with headers
text/plain 1.3KiB
Add 64-bit sequence number support. Do sequence number ordering tests relative
to the initial value rather than absolute. Support tokens without pseudo-ASN.1
wrappers. Don't restrict enctype lists. Implement CFX token support.

With CFX_EXERCISE defined, use random padding, random rotates, and bogus
initial tokens, to exercise the associated code paths.


To generate a diff of this commit:



cvs diff -r1.131 -r1.132 krb5/src/lib/gssapi/generic/ChangeLog
cvs diff -r1.34 -r1.35
krb5/src/lib/gssapi/generic/gssapiP_generic.h
cvs diff -r1.7 -r1.8 krb5/src/lib/gssapi/generic/util_ordering.c
cvs diff -r1.20 -r1.21 krb5/src/lib/gssapi/generic/util_token.c
cvs diff -r1.229 -r1.230 krb5/src/lib/gssapi/krb5/ChangeLog
cvs diff -r1.67 -r1.68 krb5/src/lib/gssapi/krb5/Makefile.in
cvs diff -r1.80 -r1.81
krb5/src/lib/gssapi/krb5/accept_sec_context.c
cvs diff -r1.15 -r1.16
krb5/src/lib/gssapi/krb5/delete_sec_context.c
cvs diff -r1.53 -r1.54 krb5/src/lib/gssapi/krb5/gssapiP_krb5.h
cvs diff -r1.71 -r1.72 krb5/src/lib/gssapi/krb5/init_sec_context.c
cvs diff -r1.31 -r1.32 krb5/src/lib/gssapi/krb5/k5seal.c
cvs diff -r1.1 -r1.2 krb5/src/lib/gssapi/krb5/k5sealv3.c
cvs diff -r1.29 -r1.30 krb5/src/lib/gssapi/krb5/k5unseal.c
cvs diff -r1.16 -r1.17 krb5/src/lib/gssapi/krb5/ser_sctx.c
cvs diff -r1.10 -r1.11 krb5/src/lib/gssapi/krb5/wrap_size_limit.c
src/lib/gssapi/krb5/k5sealv3.c refers to SIZE_MAX.

at least on Windows, this preprocessor define or constant variable is
not defined. what is its value? and where should it be declared?

Jeffrey Altman
Date: Mon, 15 Dec 2003 11:43:21 -0500
Subject: Re: [krbdev.mit.edu #2040] implement draft-ietf-krb-wg-gssapi-cfx (AES etc for GSSAPI)
Cc: Ken Raeburn <raeburn@mit.edu>, krb5-prs@mit.edu
To: rt-comment@krbdev.mit.edu
From: Ken Raeburn <raeburn@MIT.EDU>
RT-Send-Cc:
Oops. SIZE_MAX is a C99 addition, defined in stdint.h. I should check
whether Windows and other platforms have it, or if a default is
needed... It's the limit of size_t, like LONG_MAX is for long.

Ken
Date: Mon, 15 Dec 2003 12:19:29 -0500
From: Jeffrey Altman <jaltman@columbia.edu>
To: Ken Raeburn <raeburn@MIT.EDU>
Cc: rt-comment@krbdev.mit.edu, krb5-prs@MIT.EDU
Subject: Re: [krbdev.mit.edu #2040] implement draft-ietf-krb-wg-gssapi-cfx (AES etc for GSSAPI)
RT-Send-Cc:
Download (untitled) / with headers
text/plain 3.3KiB
The closest that Microsoft has is the limits.h file which defines:

limits.h:#define _POSIX_SSIZE_MAX 32767
limits.h:#define SSIZE_MAX _POSIX_SSIZE_MAX

but only if _POSIX_ is defined.

The other xxx_MAX preprocessor variables which are declared in all cases
are:

#define CHAR_BIT 8 /* number of bits in a char */
#define SCHAR_MIN (-128) /* minimum signed char value */
#define SCHAR_MAX 127 /* maximum signed char value */
#define UCHAR_MAX 0xff /* maximum unsigned char value */

#ifndef _CHAR_UNSIGNED
#define CHAR_MIN SCHAR_MIN /* mimimum char value */
#define CHAR_MAX SCHAR_MAX /* maximum char value */
#else
#define CHAR_MIN 0
#define CHAR_MAX UCHAR_MAX
#endif /* _CHAR_UNSIGNED */

#define MB_LEN_MAX 2 /* max. # bytes in multibyte char */
#define SHRT_MIN (-32768) /* minimum (signed) short value */
#define SHRT_MAX 32767 /* maximum (signed) short value */
#define USHRT_MAX 0xffff /* maximum unsigned short value */
#define INT_MIN (-2147483647 - 1) /* minimum (signed) int value */
#define INT_MAX 2147483647 /* maximum (signed) int value */
#define UINT_MAX 0xffffffff /* maximum unsigned int value */
#define LONG_MIN (-2147483647L - 1) /* minimum (signed) long value */
#define LONG_MAX 2147483647L /* maximum (signed) long value */
#define ULONG_MAX 0xffffffffUL /* maximum unsigned long value */

#if _INTEGRAL_MAX_BITS >= 8
#define _I8_MIN (-127i8 - 1) /* minimum signed 8 bit value */
#define _I8_MAX 127i8 /* maximum signed 8 bit value */
#define _UI8_MAX 0xffui8 /* maximum unsigned 8 bit value */
#endif

#if _INTEGRAL_MAX_BITS >= 16
#define _I16_MIN (-32767i16 - 1) /* minimum signed 16 bit value */
#define _I16_MAX 32767i16 /* maximum signed 16 bit value */
#define _UI16_MAX 0xffffui16 /* maximum unsigned 16 bit value */
#endif

#if _INTEGRAL_MAX_BITS >= 32
#define _I32_MIN (-2147483647i32 - 1) /* minimum signed 32 bit
value */
#define _I32_MAX 2147483647i32 /* maximum signed 32 bit value */
#define _UI32_MAX 0xffffffffui32 /* maximum unsigned 32 bit value */
#endif

#if _INTEGRAL_MAX_BITS >= 64
/* minimum signed 64 bit value */
#define _I64_MIN (-9223372036854775807i64 - 1)
/* maximum signed 64 bit value */
#define _I64_MAX 9223372036854775807i64
/* maximum unsigned 64 bit value */
#define _UI64_MAX 0xffffffffffffffffui64
#endif

#if _INTEGRAL_MAX_BITS >= 128
/* minimum signed 128 bit value */
#define _I128_MIN (-170141183460469231731687303715884105727i128 - 1)
/* maximum signed 128 bit value */
#define _I128_MAX 170141183460469231731687303715884105727i128
/* maximum unsigned 128 bit value */
#define _UI128_MAX 0xffffffffffffffffffffffffffffffffui128
#endif




Ken Raeburn wrote:

Show quoted text
> Oops. SIZE_MAX is a C99 addition, defined in stdint.h. I should
> check whether Windows and other platforms have it, or if a default is
> needed... It's the limit of size_t, like LONG_MAX is for long.
>
> Ken
>
> _______________________________________________
> krb5-bugs mailing list
> krb5-bugs@mit.edu
> http://mailman.mit.edu/mailman/listinfo/krb5-bugs
Download smime.p7s
application/x-pkcs7-signature 3.3KiB

Message body not shown because it is not plain text.

Date: Mon, 15 Dec 2003 12:29:44 -0500
From: Jeffrey Altman <jaltman@columbia.edu>
To: Jeffrey Altman <jaltman@columbia.edu>
Cc: Ken Raeburn <raeburn@MIT.EDU>, krb5-prs@MIT.EDU, rt-comment@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2040] implement draft-ietf-krb-wg-gssapi-cfx (AES etc for GSSAPI)
RT-Send-Cc:
I am testing the following proposed change to src/include/win-mac.h

diff -c -w -r1.30 win-mac.h
*** win-mac.h 2003/08/26 20:23:58 1.30
--- win-mac.h 2003/12/15 17:27:20
***************
*** 30,35 ****
--- 30,40 ----
#define SIZEOF_LONG 4

#include <windows.h>
+ #include <limits.h>
+
+ #ifndef SIZE_MAX /* in case Microsoft defines max size of size_t */
+ #define SIZE_MAX UINT_MAX
+ #endif

#ifndef KRB5_CALLCONV
# define KRB5_CALLCONV __stdcall
Download smime.p7s
application/x-pkcs7-signature 3.3KiB

Message body not shown because it is not plain text.

From: jaltman@mit.edu
Subject: CVS Commit
* win-mac.h: source code written to the C99 standard assumes there
are standard definitions for the MAX sizes of C types including
size_t. The MAX preprocessor variables are declared in limits.h
but limits.h is not included by any of the other header files.
We will therefore include it via win-mac.h. We must also add a
declaration of SIZE_MAX (for size_t) because Microsoft does not
provide one.


To generate a diff of this commit:



cvs diff -r1.395 -r1.396 krb5/src/include/ChangeLog
cvs diff -r1.30 -r1.31 krb5/src/include/win-mac.h
Date: Mon, 15 Dec 2003 13:50:33 -0500
Subject: Re: [krbdev.mit.edu #2040] implement draft-ietf-krb-wg-gssapi-cfx (AES etc for GSSAPI)
Cc: Ken Raeburn <raeburn@mit.edu>, krb5-prs@mit.edu, rt-comment@krbdev.mit.edu
To: Jeffrey Altman <jaltman@columbia.edu>
From: Ken Raeburn <raeburn@MIT.EDU>
RT-Send-Cc:
SIZE_MAX breaks the OSF and IRIX builds too.
I'll be on campus in a little while, a generic default should be easy
enough to whip up then, we shouldn't need Windows-specific versions.
Date: Mon, 15 Dec 2003 13:58:26 -0500
From: Jeffrey Altman <jaltman@columbia.edu>
To: rt-comment@krbdev.mit.edu
Cc: krb5-prs@MIT.EDU
Subject: Re: [krbdev.mit.edu #2040] implement draft-ietf-krb-wg-gssapi-cfx (AES etc for GSSAPI)
RT-Send-Cc:
The Windows changes make sense even if it is not specific for the SIZE_MAX
issue. The other values UINT_MAX, ULONG_MAX, etc. should be available for
future use.
Download smime.p7s
application/x-pkcs7-signature 3.3KiB

Message body not shown because it is not plain text.

From: raeburn@mit.edu
Subject: CVS Commit
* k5-platform.h (SIZE_MAX): Provide default definition if stdint.h doesn't
define it.


To generate a diff of this commit:



cvs diff -r1.396 -r1.397 krb5/src/include/ChangeLog
cvs diff -r1.3 -r1.4 krb5/src/include/k5-platform.h
"make depend" will need to be run after merging this code.
The DLL changes are needed for CFX on Windows.
needs:

cvs diff -r1.376 -r1.377 krb5/src/include/ChangeLog
cvs diff -r1.150 -r1.151 krb5/src/include/k5-int.h

from [1404], for zap macro.
From: tlyu@mit.edu
Subject: CVS Commit
Download (untitled) / with headers
text/plain 1.3KiB
pullup from trunk. leaving ticket open because make depend still
needs to happen.


To generate a diff of this commit:



cvs diff -r1.348.2.27 -r1.348.2.28 krb5/src/include/ChangeLog
cvs diff -r1.135.2.14 -r1.135.2.15 krb5/src/include/k5-int.h
cvs diff -r1.4.2.1 -r1.4.2.2 krb5/src/include/k5-platform.h
cvs diff -r1.29 -r1.29.2.1 krb5/src/include/win-mac.h
cvs diff -r1.129 -r1.129.2.1 krb5/src/lib/gssapi/generic/ChangeLog
cvs diff -r1.34 -r1.34.2.1
krb5/src/lib/gssapi/generic/gssapiP_generic.h
cvs diff -r1.7 -r1.7.14.1
krb5/src/lib/gssapi/generic/util_ordering.c
cvs diff -r1.20 -r1.20.2.1 krb5/src/lib/gssapi/generic/util_token.c
cvs diff -r1.218.2.10 -r1.218.2.11
krb5/src/lib/gssapi/krb5/ChangeLog
cvs diff -r1.65.2.1 -r1.65.2.2 krb5/src/lib/gssapi/krb5/Makefile.in
cvs diff -r1.77.2.3 -r1.77.2.4
krb5/src/lib/gssapi/krb5/accept_sec_context.c
cvs diff -r1.15 -r1.15.14.1
krb5/src/lib/gssapi/krb5/delete_sec_context.c
cvs diff -r1.50.2.3 -r1.50.2.4
krb5/src/lib/gssapi/krb5/gssapiP_krb5.h
cvs diff -r1.66.2.5 -r1.66.2.6
krb5/src/lib/gssapi/krb5/init_sec_context.c
cvs diff -r1.31 -r1.31.2.1 krb5/src/lib/gssapi/krb5/k5seal.c
cvs diff -r1.28.2.1 -r1.28.2.2 krb5/src/lib/gssapi/krb5/k5unseal.c
cvs diff -r1.16 -r1.16.2.1 krb5/src/lib/gssapi/krb5/ser_sctx.c
cvs diff -r1.10 -r1.10.4.1
krb5/src/lib/gssapi/krb5/wrap_size_limit.c
cvs diff -r0 -r1.2.2.1 krb5/src/lib/gssapi/krb5/k5sealv3.c
From: tlyu@mit.edu
Subject: CVS Commit
make depend


To generate a diff of this commit:



cvs diff -r5.73.2.2 -r5.73.2.3 krb5/src/appl/bsd/Makefile.in
cvs diff -r5.29 -r5.29.2.1 krb5/src/appl/telnet/telnet/Makefile.in
cvs diff -r5.31.2.1 -r5.31.2.2
krb5/src/appl/telnet/telnetd/Makefile.in
cvs diff -r1.25.2.1 -r1.25.2.2 krb5/src/clients/ksu/Makefile.in
cvs diff -r1.17.2.1 -r1.17.2.2 krb5/src/kadmin/ktutil/Makefile.in
cvs diff -r1.23.2.1 -r1.23.2.2
krb5/src/kadmin/testing/util/Makefile.in
cvs diff -r1.15.2.1 -r1.15.2.2
krb5/src/kadmin/v5passwdd/Makefile.in
cvs diff -r1.55.2.1 -r1.55.2.2 krb5/src/kdc/Makefile.in
cvs diff -r1.40.2.3 -r1.40.2.4 krb5/src/krb524/Makefile.in
cvs diff -r1.86.2.2 -r1.86.2.3 krb5/src/lib/crypto/Makefile.in
cvs diff -r1.6.2.1 -r1.6.2.2 krb5/src/lib/crypto/aes/Makefile.in
cvs diff -r1.7.2.1 -r1.7.2.2
krb5/src/lib/crypto/arcfour/Makefile.in
cvs diff -r1.37.2.1 -r1.37.2.2
krb5/src/lib/crypto/crc32/Makefile.in
cvs diff -r1.53.2.1 -r1.53.2.2 krb5/src/lib/crypto/des/Makefile.in
cvs diff -r1.15.2.1 -r1.15.2.2 krb5/src/lib/crypto/dk/Makefile.in
cvs diff -r1.19.2.1 -r1.19.2.2
krb5/src/lib/crypto/enc_provider/Makefile.in
cvs diff -r1.15.2.1 -r1.15.2.2
krb5/src/lib/crypto/hash_provider/Makefile.in
cvs diff -r1.24.2.1 -r1.24.2.2
krb5/src/lib/crypto/keyhash_provider/Makefile.in
cvs diff -r1.40.2.1 -r1.40.2.2 krb5/src/lib/crypto/md4/Makefile.in
cvs diff -r1.39.2.1 -r1.39.2.2 krb5/src/lib/crypto/md5/Makefile.in
cvs diff -r1.16.2.1 -r1.16.2.2 krb5/src/lib/crypto/old/Makefile.in
cvs diff -r1.14.2.1 -r1.14.2.2 krb5/src/lib/crypto/raw/Makefile.in
cvs diff -r1.15.2.1 -r1.15.2.2 krb5/src/lib/crypto/sha1/Makefile.in
cvs diff -r1.8.2.1 -r1.8.2.2 krb5/src/lib/crypto/yarrow/Makefile.in
cvs diff -r1.56.2.1 -r1.56.2.2 krb5/src/lib/des425/Makefile.in
cvs diff -r1.58 -r1.58.2.1 krb5/src/lib/gssapi/Makefile.in
cvs diff -r1.68 -r1.68.2.1 krb5/src/lib/gssapi/generic/Makefile.in
cvs diff -r1.65.2.2 -r1.65.2.3 krb5/src/lib/gssapi/krb5/Makefile.in
cvs diff -r1.25.2.1 -r1.25.2.2 krb5/src/lib/kadm5/Makefile.in
cvs diff -r1.28.2.1 -r1.28.2.2 krb5/src/lib/kadm5/clnt/Makefile.in
cvs diff -r1.30.2.2 -r1.30.2.3 krb5/src/lib/kadm5/srv/Makefile.in
cvs diff -r1.62.2.2 -r1.62.2.3 krb5/src/lib/kdb/Makefile.in
cvs diff -r1.55.2.4 -r1.55.2.5 krb5/src/lib/krb4/Makefile.in
cvs diff -r1.35.2.1 -r1.35.2.2 krb5/src/lib/krb5/asn.1/Makefile.in
cvs diff -r1.51.2.2 -r1.51.2.3 krb5/src/lib/krb5/ccache/Makefile.in
cvs diff -r1.50.2.2 -r1.50.2.3
krb5/src/lib/krb5/error_tables/Makefile.in
cvs diff -r1.41.2.1 -r1.41.2.2 krb5/src/lib/krb5/keytab/Makefile.in
cvs diff -r1.85.2.3 -r1.85.2.4 krb5/src/lib/krb5/krb/Makefile.in
cvs diff -r1.81.2.2 -r1.81.2.3 krb5/src/lib/krb5/os/Makefile.in
cvs diff -r1.34.2.1 -r1.34.2.2 krb5/src/lib/krb5/rcache/Makefile.in
cvs diff -r1.29.2.1 -r1.29.2.2 krb5/src/slave/Makefile.in
krb5/src/tests/asn.1/Makefile.in
cvs diff -r5.17.2.1 -r5.17.2.2 krb5/src/tests/create/Makefile.in
cvs diff -r5.16.2.1 -r5.16.2.2 krb5/src/tests/hammer/Makefile.in
cvs diff -r5.17.2.1 -r5.17.2.2 krb5/src/tests/verify/Makefile.in
cvs diff -r1.32 -r1.32.2.1 krb5/src/util/pty/Makefile.in