From c0961b8d4103fab37c360461bcde30c56d24f483 Mon Sep 17 00:00:00 2001 From: Heimdal Developers Date: Thu, 3 Nov 2011 12:37:36 -0500 Subject: [PATCH] Import of code from heimdal This commit updates the code imported from heimdal to ee7340860a22f81fb869cc431efc1fd4e5c77d34 (switch-from-svn-to-git-2542-gee73408) Upstream changes are: Jeffrey Altman (2): Windows: fallback to PROV_RNG if no PROV_RSA_FULL roken: posix errnos for windows Love Hornquist Astrand (3): drop __restrict to please old compilers add krb5_is_enctype_weak Don't export tests from library, reported in bug from Tom Payeire New files are: roken/setenv.c roken/unsetenv.c Change-Id: I7e3b3db2a58eaaae9de91431565176921d79af3b Reviewed-on: http://gerrit.openafs.org/5798 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- src/external/heimdal-last | 2 +- src/external/heimdal/hcrypto/rand-w32.c | 31 +++++++++-- src/external/heimdal/hcrypto/validate.c | 6 +- src/external/heimdal/krb5/crypto.c | 20 +++++++ src/external/heimdal/roken/roken.h.in | 19 ++++++- src/external/heimdal/roken/search.hin | 2 +- src/external/heimdal/roken/setenv.c | 74 +++++++++++++++++++++++++ src/external/heimdal/roken/tsearch.c | 2 +- src/external/heimdal/roken/unsetenv.c | 68 +++++++++++++++++++++++ 9 files changed, 211 insertions(+), 13 deletions(-) create mode 100644 src/external/heimdal/roken/setenv.c create mode 100644 src/external/heimdal/roken/unsetenv.c diff --git a/src/external/heimdal-last b/src/external/heimdal-last index 2ed5b6cb8..629da3b3f 100644 --- a/src/external/heimdal-last +++ b/src/external/heimdal-last @@ -1 +1 @@ -b118610a9c56835c4ac5dc49ce8124cae8078346 +ee7340860a22f81fb869cc431efc1fd4e5c77d34 diff --git a/src/external/heimdal/hcrypto/rand-w32.c b/src/external/heimdal/hcrypto/rand-w32.c index 07f52ca4c..4bb21c938 100644 --- a/src/external/heimdal/hcrypto/rand-w32.c +++ b/src/external/heimdal/hcrypto/rand-w32.c @@ -56,13 +56,30 @@ _hc_CryptProvider(void) rv = CryptAcquireContext(&cryptprovider, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, - 0); + CRYPT_VERIFYCONTEXT); if (GetLastError() == NTE_BAD_KEYSET) { - if(!rv) + rv = CryptAcquireContext(&cryptprovider, NULL, + MS_ENHANCED_PROV, PROV_RSA_FULL, + CRYPT_NEWKEYSET); + } + + if (rv) { + /* try the default provider */ + rv = CryptAcquireContext(&cryptprovider, NULL, 0, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT); + + if (GetLastError() == NTE_BAD_KEYSET) { rv = CryptAcquireContext(&cryptprovider, NULL, - MS_ENHANCED_PROV, PROV_RSA_FULL, - CRYPT_NEWKEYSET); + MS_ENHANCED_PROV, PROV_RSA_FULL, + CRYPT_NEWKEYSET); + } + } + + if (rv) { + /* try just a default random number generator */ + rv = CryptAcquireContext(&cryptprovider, NULL, 0, PROV_RNG, + CRYPT_VERIFYCONTEXT); } if (rv && @@ -98,6 +115,12 @@ w32crypto_bytes(unsigned char *outdata, int size) static void w32crypto_cleanup(void) { + HCRYPTPROV cryptprovider; + + if (InterlockedCompareExchangePointer((PVOID *) &cryptprovider, + 0, (PVOID) g_cryptprovider) == 0) { + CryptReleaseContext(cryptprovider, 0); + } } static void diff --git a/src/external/heimdal/hcrypto/validate.c b/src/external/heimdal/hcrypto/validate.c index 48b9bfc6e..6f61cc53b 100644 --- a/src/external/heimdal/hcrypto/validate.c +++ b/src/external/heimdal/hcrypto/validate.c @@ -56,7 +56,7 @@ struct tests { void *outiv; }; -struct tests tests[] = { +static struct tests hc_tests[] = { { EVP_aes_256_cbc, "aes-256", @@ -300,8 +300,8 @@ hcrypto_validate(void) return; validated++; - for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) - test_cipher(&tests[i]); + for (i = 0; i < sizeof(hc_tests) / sizeof(hc_tests[0]); i++) + test_cipher(&hc_tests[i]); check_hmac(); } diff --git a/src/external/heimdal/krb5/crypto.c b/src/external/heimdal/krb5/crypto.c index c707efe56..d43b70418 100644 --- a/src/external/heimdal/krb5/crypto.c +++ b/src/external/heimdal/krb5/crypto.c @@ -2280,6 +2280,26 @@ krb5_allow_weak_crypto(krb5_context context, return 0; } +/** + * Returns is the encryption is strong or weak + * + * @param context Kerberos 5 context + * @param enctype encryption type to probe + * + * @return Returns true if encryption type is weak or is not supported. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_is_enctype_weak(krb5_context context, krb5_enctype enctype) +{ + struct _krb5_encryption_type *et = _krb5_find_enctype(enctype); + if(et == NULL || (et->flags & F_WEAK)) + return TRUE; + return FALSE; +} + static size_t wrapped_length (krb5_context context, krb5_crypto crypto, diff --git a/src/external/heimdal/roken/roken.h.in b/src/external/heimdal/roken/roken.h.in index e5b8616d9..d6985d5b9 100644 --- a/src/external/heimdal/roken/roken.h.in +++ b/src/external/heimdal/roken/roken.h.in @@ -79,9 +79,22 @@ typedef SOCKET rk_socket_t; ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_SOCK_IOCTL(SOCKET s, long cmd, int * argp); -#define ETIMEDOUT WSAETIMEDOUT -#define EWOULDBLOCK WSAEWOULDBLOCK -#define ENOTSOCK WSAENOTSOCK +/* Microsoft VC 2010 POSIX definitions */ +#ifndef ENOTSOCK +#define ENOTSOCK 128 +#endif +#ifndef ENOTSUP +#define ENOTSUP 129 +#endif +#ifndef EOVERFLOW +#define EOVERFLOW 132 +#endif +#ifndef ETIMEDOUT +#define ETIMEDOUT 138 +#endif +#ifndef EWOULDBLOCK +#define EWOULDBLOCK 140 +#endif #define rk_SOCK_INIT() rk_WSAStartup() #define rk_SOCK_EXIT() rk_WSACleanup() diff --git a/src/external/heimdal/roken/search.hin b/src/external/heimdal/roken/search.hin index b4edcffbb..f8592c481 100644 --- a/src/external/heimdal/roken/search.hin +++ b/src/external/heimdal/roken/search.hin @@ -32,7 +32,7 @@ typedef enum { ROKEN_CPP_START -ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL rk_tdelete(const void * __restrict, void ** __restrict, +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL rk_tdelete(const void *, void **, int (*)(const void *, const void *)); ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL rk_tfind(const void *, void * const *, int (*)(const void *, const void *)); diff --git a/src/external/heimdal/roken/setenv.c b/src/external/heimdal/roken/setenv.c new file mode 100644 index 000000000..b4dbefef2 --- /dev/null +++ b/src/external/heimdal/roken/setenv.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#include "roken.h" + +#include +#include + +/* + * This is the easy way out, use putenv to implement setenv. We might + * leak some memory but that is ok since we are usally about to exec + * anyway. + */ + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +setenv(const char *var, const char *val, int rewrite) +{ +#ifndef _WIN32 + char *t = NULL; + + if (!rewrite && getenv(var) != 0) + return 0; + + if (asprintf (&t, "%s=%s", var, val) < 0 || t == NULL) + return -1; + + if (putenv(t) == 0) + return 0; + else + return -1; +#else /* Win32 */ + char dummy[8]; + + if (!rewrite && GetEnvironmentVariable(var, dummy, sizeof(dummy)/sizeof(char)) != 0) + return 0; + + if (SetEnvironmentVariable(var, val) == 0) + return -1; + else + return 0; +#endif +} diff --git a/src/external/heimdal/roken/tsearch.c b/src/external/heimdal/roken/tsearch.c index c51a64339..65328d367 100644 --- a/src/external/heimdal/roken/tsearch.c +++ b/src/external/heimdal/roken/tsearch.c @@ -113,7 +113,7 @@ rk_twalk(const void *vroot, * compar: function to carry out node comparisons */ ROKEN_LIB_FUNCTION void * -rk_tdelete(const void * __restrict vkey, void ** __restrict vrootp, +rk_tdelete(const void * vkey, void ** vrootp, int (*compar)(const void *, const void *)) { node_t **rootp = (node_t **)vrootp; diff --git a/src/external/heimdal/roken/unsetenv.c b/src/external/heimdal/roken/unsetenv.c new file mode 100644 index 000000000..b34965477 --- /dev/null +++ b/src/external/heimdal/roken/unsetenv.c @@ -0,0 +1,68 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#include +#include + +#include "roken.h" + +#if !HAVE_DECL_ENVIRON +extern char **environ; +#endif + +/* + * unsetenv -- + */ +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +unsetenv(const char *name) +{ + int len; + const char *np; + char **p; + + if (name == 0 || environ == 0) + return; + + for (np = name; *np && *np != '='; np++) + /* nop */; + len = np - name; + + for (p = environ; *p != 0; p++) + if (strncmp(*p, name, len) == 0 && (*p)[len] == '=') + break; + + for (; *p != 0; p++) + *p = *(p + 1); +} -- 2.39.5