krb5.git/src/lib/crypto, branch proxymech

Check alloc_data result in krb5int_old_encrypt

2012-05-13T19:42:50+00:00

Stop using SALT_TYPE_AFS_LENGTH

2012-04-27T21:11:04+00:00

In krb5_init_creds_ctx and krb5_clpreauth_rock_st, use a boolean to
track whether we're still using the default salt instead of
overloading salt.length.  In preauth2.c, process afs3 salt values like
we would in krb5int_des_string_to_key, and set an s2kparams indicator
instead of overloading salt.length.  Also use an s2kparams indicator
in kdb_cpw.c's add_key_pwd.  Remove the s2k code to handle overloaded
salt lengths, except for a sanity check.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25837 dc483132-0cff-0310-8789-dd5450dbe970

Avoid side effects in assert expressions

2012-03-09T18:30:31+00:00

asserts may be compiled out with -DNDEBUG, so it's wrong to use an
assert expression with an important side effect.

(We also have scores of side-effecting asserts in test programs, but
those are less important and can be dealt with separately.)

ticket: 7105

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25760 dc483132-0cff-0310-8789-dd5450dbe970

Fix intermediate key length in hmac-md5 checksum

2011-10-28T15:45:03+00:00

When using hmac-md5, the intermediate key length is the output of the
hash function (128 bits), not the input key length.  Relevant if the
input key is not an RC4 key.

ticket: 6994
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25418 dc483132-0cff-0310-8789-dd5450dbe970

Make reindent

2011-10-17T19:11:01+00:00

Also fix pkinit_crypto_nss.c struct initializers and add parens to a
ternary operator in do_as_req.c for better indentation.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970

Fix windows fork detection

2011-10-14T14:40:20+00:00

Signed-off-by: Kevin Wasserman 

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25334 dc483132-0cff-0310-8789-dd5450dbe970

Don't need to check for fork on windows

2011-10-05T21:30:55+00:00

Signed-off-by: Kevin Wasserman 

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25311 dc483132-0cff-0310-8789-dd5450dbe970

Improve k5_get_os_entropy for Windows

2011-10-04T15:11:45+00:00

When acquiring a crypto context for CryptGenRandom, pass
CRYPT_VERIFYCONTEXT to indicate that we don't need access to private
keys.  Appears to make OS entropy work on Windows XP.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25297 dc483132-0cff-0310-8789-dd5450dbe970

Fix a Fortuna PRNG failure case

2011-10-03T19:32:28+00:00

If we don't have entropy when krb5_c_random_make_octets is called,
unlock the mutex before returning an error.  From
kevin.wasserman@painless-security.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25295 dc483132-0cff-0310-8789-dd5450dbe970

In pkinit_crypto_openssl.c, modified pkinit_octetstring2key() to

2011-09-19T00:34:48+00:00

eliminate a possible memory leak in the error path, where the
key_block->length was set to zero but the key_block->contents were
not freed.  Also, changed calloc() call to a malloc() call to avoid
allocating up to 8 times as much buffer space as needed.

In keyblocks.c, modified kr5_free_keyblock_contents() to set the
key->length to zero after the key->contents have been freed.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25189 dc483132-0cff-0310-8789-dd5450dbe970