3e16d622c5
fix ecdsa endif
2009-08-28 15:18:50 -07:00
3553a3e837
pre8
2009-08-28 13:39:14 -07:00
2f1a370cd3
hack for gss-wrap-iov to it work
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-28 13:31:12 -07:00
33019cc597
Spelling, from Guillaume Rousse
2009-08-27 19:11:08 -07:00
f030b4e59a
free context
2009-08-27 18:30:29 -07:00
9a4e91b1de
don't reset handle twice
2009-08-27 18:30:28 -07:00
74538fc2af
Plug memory leak in prf function
2009-08-27 18:30:28 -07:00
6c3f3fafa3
Don't leak kerberos credentials when trying dns canon
2009-08-27 18:30:28 -07:00
45cfe3f971
Fix server context client context order to match callee
2009-08-27 18:30:28 -07:00
1999c85670
Make mech glue layer aware of composite mechs that uses mech glue layer credentials
...
This make it possible to use krb5/ntlm credentials with SPNEGO.
Needs some more work to avoid double fetching credentials.
2009-08-27 12:12:44 -07:00
32ee735d73
drop RCSID
2009-08-26 23:15:35 -07:00
a2820df666
spelling
2009-08-26 22:53:38 -07:00
d18cdee577
don't reset EC
2009-08-26 22:52:26 -07:00
ebb2e72c61
make error message more unique
2009-08-26 22:43:25 -07:00
022e7d4319
Return unwrapped delegated credentials if the actual mech is not the called mech
...
Assumes that pseudo mechs are are of how mechglue credentails look like and
return credentials like that.
Pointed out on krbdev by Nicolas Williams
2009-08-26 22:32:50 -07:00
559103b218
if not trailer set, init EC to 0
2009-08-26 21:40:07 -07:00
ba4909eba5
Link libroken with libcrypt since roken uses crypt() in unix_verify_password
...
Found by Guillaume Rousse
2009-08-26 15:20:51 -07:00
f40805ec75
move iov TODO to generate TODO
2009-08-26 09:10:54 -07:00
13ba2956cc
Check if COM_ERR_BINDDOMAIN_krb5 is defined, if it is, use bindtextdomain()
...
Older versions of compile_et doesn't support gettext/libintl support,
if they don't, there will be no such symbols and we can't load the
text domains for those symbols, so lets skip that.
Pointed out by Guillaume Rousse on heimdal-discuss
2009-08-26 09:02:25 -07:00
e9603a6446
Only try ecdsa if there really is ecdsa support
2009-08-26 00:30:36 -07:00
23aebd619b
Only release keys if they are allocated
2009-08-25 23:54:58 -07:00
03998aeccb
gsskrb5: fix test_context. after gss_wrap_iov changes
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
40a6abd116
gsskrb5: make the check for dcestyle and conf_req_flag == 0 more explicit
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
560cb0c132
gsskrb5: fix ec and padding handling in _gssapi_unwrap_cfx_iov()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
76f0fb9170
gsskrb5: fix ec and padding handling in _gssapi_wrap_cfx_iov()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
f286dd5d64
gsskrb5: fix _gssapi_wrap_iov_length_cfx() - there's more than just krb5 overhead...
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
1a0423fd3d
gsskrb5: make _gk_allocate_buffer() non static
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
60725fd2f5
gsskrb5: add _gk_verify_buffers()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:37 -07:00
a29c65b417
add krb5_free_unparsed_name for OpenSSH + gssapi patch, make it deprecated
2009-08-25 23:07:21 -07:00
19b997c61b
add kswitch.1
2009-08-25 21:34:07 -07:00
02e28048df
simple manpages for kswitch.1
2009-08-25 21:33:51 -07:00
1b07597123
drop EVP_cts support
2009-08-25 20:29:23 -07:00
7e1e9dc2e7
drop cts support
2009-08-25 20:28:33 -07:00
a1aa022f8b
drop evp-aes-cts
2009-08-25 20:27:04 -07:00
a4d850a656
don't include evp-aes-cts.c
2009-08-25 20:26:38 -07:00
0d6e55df3c
don't include evp-aes-cts.c
2009-08-25 20:26:25 -07:00
6ead770ad1
Implement CTS in terms of CBC
2009-08-25 20:26:01 -07:00
31871b4990
deifne KRB5_DEPRECATED
2009-08-25 14:35:42 -07:00
29562070ba
no rpc for kadmin
2009-08-25 13:24:19 -07:00
400cc459fa
deprecate krb5_config_parse_string_multi
2009-08-24 20:24:41 -07:00
46b48bc3e7
Document time function, krb5_config_parse_string_multi is not used
2009-08-24 19:52:10 -07:00
9ccc79c5b6
Don't leak context if nsi_probe failes
...
Deduced from valgrind log produced by Markus Moeller
2009-08-22 10:52:22 -07:00
eb7448156c
export d2i_RSAPublicKey
2009-08-21 21:42:03 -07:00
9f5d22b98a
define and use d2i_RSAPublicKey
2009-08-21 18:57:09 -07:00
72e306c7e3
Push cert down deaper into the stack
2009-08-21 18:34:21 -07:00
aee7858b16
Clean new files
2009-08-21 15:14:57 -07:00
edb688c1e7
don't run EC test if there is broken EC support
2009-08-21 14:04:13 -07:00
30aa8a7166
there is already one verify, don't make two
2009-08-21 13:42:22 -07:00
941b2a1135
1.3.0pre7
2009-08-21 11:38:34 -07:00
796a522b46
always call cipher-init so that we can reset IV when caller wants too
2009-08-21 07:43:50 -07:00
Love Hornquist Astrand