oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,266 Commits 2 Branches 2 Tags
f0f07ff408031a76cf892515f5f72a0d5e30fabf
Commit Graph

286 Commits

Author SHA1 Message Date
Roland C. Dowdeswell
f0f07ff408 Use krb5_enomem() more consistently in lib/krb5. 2013-02-13 16:15:00 +08:00
Kumar Thangavelu
0cc458463d unning "kinit --fast-armor-cache=xxx" against a Win2K3 domain resulted in a crash with the attached backtrace. FAST is not supported with RC4 keys which are used in Win2K3. The code already handles this but the error code is not propagated up the stack. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2012-12-09 15:22:55 -08:00
Roland C. Dowdeswell
6de861263a Provide support for enctype aliases for ease of use. 
This should be compatible with MIT krb5 at least from my memory.
 2012-03-06 09:34:43 +00:00
Andrew Bartlett
7a89f14aa5 Revert "make paranoia check less paranoid" - check that key types strictly match 
This reverts commit c25af51232 because
otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a
KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2012-01-10 22:54:16 +01:00
Nicolas Williams
3bebbe5323 Fixes to make Heimdal -Wall -Werror clean 
These fixes make developer mode build, at least on Ubuntu.
 2011-11-02 21:42:08 -05:00
Love Hornquist Astrand
777b24fbb5 add krb5_is_enctype_weak 2011-09-26 08:47:37 +02:00
Love Hornquist Astrand
f1a6f9a9fa remove warning, remove forward declaration by moving the function up, ident 2011-09-02 05:20:47 -07:00
Harald Barth
38df403d45 Move common code to krb5_unsupported_enctype() and make error message contain string instead of error number 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-09-02 05:15:47 -07:00
Love Hörnquist Åstrand
8060a561db switch to KRB5_ENCTYPE 2011-07-24 16:02:22 -07:00
Love Hörnquist Åstrand
f60ec15834 partly unify enctype/keytype since there is only enctypes 2011-07-24 14:03:08 -07:00
Love Hörnquist Åstrand
f79183821f sprinkle doxygen and kode more like the rest of the code base 2011-07-19 21:29:19 -07:00
Roland C. Dowdeswell
3ef06de67b Fix a couple of bugs in krb5_c_valid_enctype(): 
1.  on errors, it appears to core dump, and

      2.  the sense of the return code is inverted from the
          MIT implementation.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-19 21:25:15 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
305596d9ad Rename subsystem_DEPRECATED to subsystem_DEPRECATED_FUNCTION(X) 
Start to explain what the replacement function is.
Generate the #define/#undef logic in generated header files.
Use gcc style where the deprecation warning is after the prototype.
 2011-05-17 23:12:51 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Love Hornquist Astrand
1bb482e168 prefix internal structures with _krb5_ 2011-03-12 13:50:39 -08:00
Love Hornquist Astrand
03806492d9 prefix symbols that are _krb5_ structures 2011-03-12 13:45:09 -08:00
Andrew Bartlett
e189d712ce Don't dereference NULL in error verify_checksum error path 
Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-28 09:46:43 -08:00
Asanka C. Herath
0f853405fe Add missing export and calling convention annotations 2010-11-24 15:32:49 -05:00
Asanka C. Herath
2f2dca748d Don't dereference a possible NULL pointer 2010-11-24 15:32:35 -05:00
Love Hornquist Astrand
5a801c8f4a use krb5_data_ct_cmp 2010-11-06 20:52:53 +01:00
Simon Wilkinson
1d9072f026 krb5: reorganise crypto.c 
lib/krb5/crypto.c was a large, monolithic block of code which made
it very difficult to selectively enable and disable particular
alogrithms.

Reorganise crypto.c into individual files for each encryption and
salt time, and place the structures which tie everything together
into their own file (crypto-algs.c)

Add a non-installed library (librfc3961) and test program
(test_rfc3961) which builds a minimal rfc3961 crypto library, and
checks that it is usable.
 2010-11-03 11:12:24 +00:00
Love Hornquist Astrand
0a608964a4 only set error code in case of failure, add comment 2010-10-02 12:13:19 -07:00
Love Hornquist Astrand
0789271ebb indent, return error code 2010-10-02 11:59:53 -07:00
Andrew Bartlett
7ea9ccf737 heimdal: added verbose logging of hemimdal crypto errors 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 11:56:26 -07:00
Love Hornquist Astrand
856c1c0a86 accept >= 0 and valid return codes from RAND_bytes due to broken engine from the isc bind implementation, reported by Sam Liddicott 2010-09-01 21:00:07 -07:00
Asanka Herath
3a8922fe2d Change return type of checksum_type::checksum 
struct checksum_type::checksum had a return value of krb5_enctype,
even though implementations returned krb5_error_code.  Change
declaration to match implementation.
 2010-08-20 13:03:39 -04:00
Love Hornquist Astrand
4660ec8358 check for underruns 2010-03-21 21:05:21 -07:00
Matthias Dieter Wallnöfer
69ea9b38e9 heimdal - fix overlapped identifiers in the "krb5" library 
heimdal - fix overlapped identifiers in the "krb5" library

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-16 10:05:35 -07:00
Russ Allbery
8a57d5cb08 Add krb5_allow_weak_crypto API to enable weak enctypes 
Add krb5_allow_weak_crypto parallel to the API introduced in MIT
Kerberos 1.8.  Enables or disables all enctypes marked as weak.
Add a new enctype flag marking weak enctypes (all of the ones that
are disabled by default).

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-27 21:50:58 -08:00
Love Hornquist Astrand
687db64c56 Patch from Secure Endpoints/Asanka Herath for windows support 2009-12-21 08:45:28 +01:00
Love Hornquist Astrand
1f0da1963a deprecated warning 2009-11-22 16:09:46 -08:00
Love Hornquist Astrand
316fc6ff8f Simplify subkey usage for tgs-req, don't rewrite tgs-rep-sub-key keyuage for arcfour, its correct 2009-11-15 21:31:25 -08:00
Love Hornquist Astrand
a7d5b2a15e make zero_ivec unsigned 2009-09-20 22:37:27 -07:00
Love Hornquist Astrand
1b07597123 drop EVP_cts support 2009-08-25 20:29:23 -07:00
Love Hornquist Astrand
6ead770ad1 Implement CTS in terms of CBC 2009-08-25 20:26:01 -07:00
Love Hornquist Astrand
8286ff8ec4 document more 2009-08-18 18:58:53 +02:00
Love Hornquist Astrand
65f40a25c3 Always include md5, its needed for HMAC-MD5 that arcfour enctypes uses 2009-08-18 15:57:37 +02:00
Love Hornquist Astrand
4afb61a24a allow compiling out weak enctype support 2009-08-18 13:54:35 +02:00
Love Hornquist Astrand
88d55a1d06 Make compile for weak crypto global (HEIM_WEAK_CRYPTO) and use it for GSSAPI too 2009-08-17 18:06:42 +02:00
Love Hornquist Astrand
a6bfd9bb41 use constant time memcmp 2009-08-17 12:01:06 +02:00
Love Hornquist Astrand
f01ca1a10e doxygen 2009-08-14 13:46:45 +02:00
Love Hornquist Astrand
550a6c9427 doxygen fixes, include <evp-hcrypto.h> if not using openssl 2009-08-14 11:45:18 +02:00
Love Hornquist Astrand
33fcc11b3f Replace last SHA1_ with EVP_ replacement 2009-08-11 10:00:30 +02:00
Love Hornquist Astrand
18a4b69b48 Switch more cases to EVP crypto layer 2009-08-10 17:51:17 +02:00
Love Hornquist Astrand
9b710bed81 store is never read again 2009-07-29 22:37:58 +02:00
Love Hörnquist Åstrand
c99b2003e2 Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25286 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-22 17:56:41 +00:00
Love Hörnquist Åstrand
65e7108f79 use oid variable 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25235 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-28 01:17:52 +00:00
Love Hörnquist Åstrand
942a821fab remove RCSID 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25171 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-04 06:17:40 +00:00
Love Hörnquist Åstrand
628c662250 doxygen 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25150 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-27 02:42:42 +00:00