mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-22 02:37:15 +00:00
Add warnings for Kerberos GSS algorithms deprecated in RFCs 6649 and 8429.
All of these algorithms are explicitly marked SHOULD NOT in one of these RFCs. Specifically, RFC 6649 deprecates all algorithms using DES as well as the "export-friendly" variant of RC4. RFC 8429 deprecates Triple DES and the remaining RC4 algorithms. Reviewed by: cem MFC after: 1 month Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D20343
This commit is contained in:
parent
0b96ca3310
commit
db4709c579
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=348875
|
@ -46,8 +46,12 @@ __FBSDID("$FreeBSD$");
|
|||
static void
|
||||
arcfour_init(struct krb5_key_state *ks)
|
||||
{
|
||||
static struct timeval lastwarn;
|
||||
static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };
|
||||
|
||||
ks->ks_priv = NULL;
|
||||
if (ratecheck(&lastwarn, &warninterval))
|
||||
gone_in(13, "RC4 cipher for Kerberos GSS");
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
|
@ -53,11 +53,15 @@ struct des1_state {
|
|||
static void
|
||||
des1_init(struct krb5_key_state *ks)
|
||||
{
|
||||
static struct timeval lastwarn;
|
||||
static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };
|
||||
struct des1_state *ds;
|
||||
|
||||
ds = malloc(sizeof(struct des1_state), M_GSSAPI, M_WAITOK|M_ZERO);
|
||||
mtx_init(&ds->ds_lock, "gss des lock", NULL, MTX_DEF);
|
||||
ks->ks_priv = ds;
|
||||
if (ratecheck(&lastwarn, &warninterval))
|
||||
gone_in(13, "DES cipher for Kerberos GSS");
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
|
@ -54,11 +54,15 @@ struct des3_state {
|
|||
static void
|
||||
des3_init(struct krb5_key_state *ks)
|
||||
{
|
||||
static struct timeval lastwarn;
|
||||
static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };
|
||||
struct des3_state *ds;
|
||||
|
||||
ds = malloc(sizeof(struct des3_state), M_GSSAPI, M_WAITOK|M_ZERO);
|
||||
mtx_init(&ds->ds_lock, "gss des3 lock", NULL, MTX_DEF);
|
||||
ks->ks_priv = ds;
|
||||
if (ratecheck(&lastwarn, &warninterval))
|
||||
gone_in(13, "DES3 cipher for Kerberos GSS");
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
Loading…
Reference in a new issue