kerberos-android-ndk icon indicating copy to clipboard operation
kerberos-android-ndk copied to clipboard

Published 20 hours ago verified publisher icon cconlon

Can't rebuilt the kerberos libraries

Open TC01 opened this issue 10 years ago • 8 comments

Any chance you could update the embedded kerberos libs, since they're a few years old now?

I tried to do this myself using cyassl-android-ndk, but the configure script for krb5 gets as far as "unknown crypto implementation cyassl" and fails to compile a test program, and then gives up.

Any ideas?

TC01 avatar Aug 27 '15 20:08 TC01

Specifically, this is output:

configure: k5crypto will use 'cyassl' configure: error: Unknown crypto implementation cyassl

It looks like it fails to run/compile this (possibly because I can't find a nss.h in cyassl?).

#include <nss.h>
#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 13)
#error
#endif

TC01 avatar Aug 27 '15 20:08 TC01

Hm, for posterity's sake... I had to merge this pull request against the latest MIT krb5; after doing so, it configures successfully.

However, when compiling, it gets a decent way through and then fails because of this:

des.c: In function 'k5_des_encrypt':
des.c:83:28: error: storage size of 'input_pos' isn't known
     struct iov_block_state input_pos, output_pos;
                            ^
des.c:83:39: error: storage size of 'output_pos' isn't known
     struct iov_block_state input_pos, output_pos;
                                       ^
des.c:86:5: error: implicit declaration of function 'IOV_BLOCK_STATE_INIT' [-Werror=implicit-function-declaration]
     IOV_BLOCK_STATE_INIT(&input_pos);
     ^
des.c:105:9: error: implicit declaration of function 'krb5int_c_iov_get_block' [-Werror=implicit-function-declaration]
         if (!krb5int_c_iov_get_block(iblock, DES_BLOCK_SIZE, data, 
         ^
des.c:111:9: error: implicit declaration of function 'krb5int_c_iov_put_block' [-Werror=implicit-function-declaration]
         krb5int_c_iov_put_block(data, num_data, oblock, DES_BLOCK_SIZE, 
         ^
des.c:83:39: warning: unused variable 'output_pos' [-Wunused-variable]
     struct iov_block_state input_pos, output_pos;
                                       ^
des.c:83:28: warning: unused variable 'input_pos' [-Wunused-variable]
     struct iov_block_state input_pos, output_pos;
                            ^
des.c: In function 'k5_des_decrypt':
des.c:145:28: error: storage size of 'input_pos' isn't known
     struct iov_block_state input_pos, output_pos;
                            ^
des.c:145:39: error: storage size of 'output_pos' isn't known
     struct iov_block_state input_pos, output_pos;
                                       ^
des.c:145:39: warning: unused variable 'output_pos' [-Wunused-variable]
des.c:145:28: warning: unused variable 'input_pos' [-Wunused-variable]
     struct iov_block_state input_pos, output_pos;
                            ^
des.c: In function 'k5_des_cbc_mac':
des.c:208:28: error: storage size of 'input_pos' isn't known
     struct iov_block_state input_pos;
                            ^

TC01 avatar Aug 27 '15 21:08 TC01

Hi TC01,

I don't think MIT ever pulled back the changes made for CyaSSL/wolfSSL in the cconlon/krb5 repository to the master, thus why you needed to apply the changes.

Since most of this work was done a couple years ago, there may have been a few things that changed in the master krb5 since then that would need a little massaging to get updated.

Are you working on a project, or just experimenting with Kerberos on Android?

Thanks, Chris

cconlon avatar Aug 27 '15 21:08 cconlon

It's not currently a major project, but I'm experimenting with porting remctl to Android-- since remctl uses Kerberos authentication, that also requires getting Kerberos on Android.

Thanks for the quick response; that all makes sense.

TC01 avatar Aug 27 '15 21:08 TC01

Just FYI that I'm unlikely to have the time to try and upgrade the patch in the near future-- from the errors on des.c alone it looks like "IOV_BLOCK_STATE_INIT" (and possibly other functions) no longer exist in the krb5 source. I also don't really have much of a background in Kerberos or cryptography. :/

I'll have a go at it eventually but I can't make any promises as to when that will be.

TC01 avatar Sep 06 '15 18:09 TC01

Hi, I'm also trying to reproduce build for sake of using latest Android NDK (r10c+) However CyaSSL looks deprecated to me, and simply replacing cyassl with wolfssl (both repositories, build and --with-crypto-impl= config) doesn't work for me

smarek avatar Sep 14 '15 21:09 smarek

@smarek basically, you need to patch MIT krb5 to support wolfssl (or cyassl, but as you say, that's deprecated). There was a patch to do this but it never got accepted into Kerberos, and it looks somewhat nontrivial to rebase against current Kerberos, as things have changed, some functions no longer exist...

(This was as far as I got with this experiment).

TC01 avatar Oct 01 '15 18:10 TC01

Has anyone found a solution to this? I'm trying to do the same thing but I'm getting the same error as @TC01

travisjayday avatar Sep 27 '19 21:09 travisjayday