Commit 7eee495d authored by Jian Yu's avatar Jian Yu Committed by Oleg Drokin
Browse files

LU-14116 autoconf: check if DES3 enctype is supported



krb5 releases 1.18 and later completely remove support for
all DES3 enctypes (des3-cbc-raw, des3-hmac-sha1, des3-cbc-sha1-kd).

This patch adds HAVE_DES3_SUPPORT to check if DES3 enctype
is supported.

Change-Id: Ibb51ec7961e8c775ea92dec6119f4de01e2d9b1d
Signed-off-by: default avatarJian Yu <yujian@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/40560


Tested-by: default avatarjenkins <devops@whamcloud.com>
Tested-by: default avatarMaloo <maloo@whamcloud.com>
Reviewed-by: default avatarAndreas Dilger <adilger@whamcloud.com>
Reviewed-by: default avatarSebastien Buisson <sbuisson@ddn.com>
parent 6655fbfb
......@@ -134,6 +134,17 @@ krb5int_derive_key and krb5_derive_key functions!
])
])
dnl Version 1.18 removed support for all DES3 enctypes (des3-cbc-raw,
dnl des3-hmac-sha1, des3-cbc-sha1-kd).
AC_MSG_CHECKING([for DES3 enctype support by krb5])
if test $K5VERS -lt 1180; then
AC_DEFINE(HAVE_DES3_SUPPORT, 1,
[DES3 enctype is supported by krb5])
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
fi
dnl If they specified a directory and it didn't work, give them a warning
if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then
AC_MSG_WARN([
......
......@@ -94,6 +94,7 @@ static struct krb5_enctype enctypes[] = {
.ke_hash_size = 16,
.ke_conf_size = 8,
},
#ifdef HAVE_DES3_SUPPORT
[ENCTYPE_DES3_CBC_RAW] = { /* des3-hmac-sha1 */
.ke_dispname = "des3-hmac-sha1",
.ke_enc_name = "cbc(des3_ede)",
......@@ -102,6 +103,7 @@ static struct krb5_enctype enctypes[] = {
.ke_conf_size = 8,
.ke_hash_hmac = 1,
},
#endif
[ENCTYPE_AES128_CTS_HMAC_SHA1_96] = { /* aes128-cts */
.ke_dispname = "aes128-cts-hmac-sha1-96",
.ke_enc_name = "cbc(aes)",
......
......@@ -197,7 +197,9 @@ enum seal_alg {
* structures located in libk5crypto
*/
extern void *krb5int_enc_arcfour;
#ifdef HAVE_DES3_SUPPORT
extern void *krb5int_enc_des3;
#endif
extern void *krb5int_enc_aes128;
extern void *krb5int_enc_aes256;
......@@ -276,6 +278,7 @@ derive_key_lucid(const gss_krb5_lucid_key_t *in, gss_krb5_lucid_key_t *out,
* values and structures located in libk5crypto
*/
switch (in->type) {
#ifdef HAVE_DES3_SUPPORT
case ENCTYPE_DES3_CBC_SHA1:
#ifdef HAVE_KRB5
case ENCTYPE_DES3_CBC_RAW:
......@@ -285,6 +288,7 @@ derive_key_lucid(const gss_krb5_lucid_key_t *in, gss_krb5_lucid_key_t *out,
enc = &krb5int_enc_des3;
#endif
break;
#endif
case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
keylength = 16;
#ifdef HAVE_KRB5
......
......@@ -177,8 +177,10 @@ enum seal_alg {
#define KEY_USAGE_SEED_CHECKSUM 0x99
#define K5CLENGTH 5
#ifdef HAVE_DES3_SUPPORT
extern void krb5_enc_des3;
extern void krb5int_enc_des3;
#endif
extern void krb5int_enc_arcfour;
extern void krb5int_enc_aes128;
extern void krb5int_enc_aes256;
......@@ -209,7 +211,7 @@ derive_key(const krb5_keyblock *in, krb5_keyblock *out, int usage, char extra)
void *enc;
switch (in->enctype) {
#ifdef ENCTYPE_DES3_CBC_RAW
#if defined ENCTYPE_DES3_CBC_RAW && defined HAVE_DES3_SUPPORT
case ENCTYPE_DES3_CBC_RAW:
keylength = 24;
/* Extra hack, the structure was renamed as rc4 was added... */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment