krb5.git/src/lib/crypto/krb, branch kinit-c MIT Kerberos patches Modify k5buf interfaces for easier use 2014-07-30T16:11:38+00:00 Greg Hudson ghudson@mit.edu 2014-07-02T16:03:54+00:00 651f3af251d172361a954f55f2d87561ae42c2d0 Make struct k5buf less opaque and get rid of k5buf-int.h. Make it easy to initialize a k5buf in an error state so that it can be freed in a cleanup handler. Add a function k5_buf_status which returns 0 or ENOMEM. Remove k5_buf_data and k5_buf_len. Rename k5_free_buf to k5_buf_free. Adjust all callers to match. 
Make struct k5buf less opaque and get rid of k5buf-int.h.  Make it
easy to initialize a k5buf in an error state so that it can be freed
in a cleanup handler.  Add a function k5_buf_status which returns 0 or
ENOMEM.  Remove k5_buf_data and k5_buf_len.  Rename k5_free_buf to
k5_buf_free.  Adjust all callers to match.
Improve error message for PRNG seeding failure 2014-07-16T01:19:33+00:00 Greg Hudson ghudson@mit.edu 2014-07-16T00:23:15+00:00 4f41a0d4a6a62439f21aacdd650595a065f15056 In prng_fortuna.c, if krb5_c_random_make_octets detects that we do not have entropy, set an error message saying that the random number generator could not be seeded, as we likely failed previously to read from /dev/urandom or the Windows equivalent. ticket: 7968 (new) 
In prng_fortuna.c, if krb5_c_random_make_octets detects that we do not
have entropy, set an error message saying that the random number
generator could not be seeded, as we likely failed previously to read
from /dev/urandom or the Windows equivalent.

ticket: 7968 (new)
Fix krb5int_c_combine_keys 2014-05-21T15:33:24+00:00 Ken Hornstein kenh@cmf.nrl.navy.mil 2014-05-20T18:50:22+00:00 89803a5a781107365d5a4534eebf48dbaf010f96 When krb5int_c_combine_keys was updated to use the new crypto interface, a small bug was introduced. It turns out the temporary keyblock created needs to have its enctype set; otherwise, when krb5int_derive_keyblock() is called later, it will fail with KRB5_BAD_ENCTYPE. ticket: 7914 target_version: 1.12.2 tags: pullup 
When krb5int_c_combine_keys was updated to use the new crypto
interface, a small bug was introduced.  It turns out the temporary
keyblock created needs to have its enctype set; otherwise, when
krb5int_derive_keyblock() is called later, it will fail with
KRB5_BAD_ENCTYPE.

ticket: 7914
target_version: 1.12.2
tags: pullup
Modernize default_state.c 2014-03-25T22:08:21+00:00 Greg Hudson ghudson@mit.edu 2014-03-25T14:52:38+00:00 7d87754d7d4c0398c0504f2cae0937c0d005a339 Use alloc_data() and empty_data() where appropriate. Keep mainline logic to the left where possible. Name the output parameter of krb5int_des_init_state with an _out suffix. Use a professional tone in comments. Partly based on a patch from Alok Menghrajani. 
Use alloc_data() and empty_data() where appropriate.  Keep mainline
logic to the left where possible.  Name the output parameter of
krb5int_des_init_state with an _out suffix.  Use a professional tone
in comments.  Partly based on a patch from Alok Menghrajani.
Eliminate internal fixed-width type wrappers 2014-02-26T21:15:20+00:00 Greg Hudson ghudson@mit.edu 2014-02-01T21:26:51+00:00 1041af9f85e4be342339475cf5c8878fef1de10d Directly use stdint.h names for integer types in preference to the various internal names we have made up for them. 
Directly use stdint.h names for integer types in preference to the
various internal names we have made up for them.
Get rid of builtin AES uitypes.h 2014-02-26T21:15:20+00:00 Greg Hudson ghudson@mit.edu 2014-02-01T20:23:58+00:00 42cc0d3cd2cfa02a6ba9b3e0b94000e73d83ff92 Remove uitypes.h and just include stdint.h; all we need from it is uint{8,16,32}_t. 
Remove uitypes.h and just include stdint.h; all we need from it is
uint{8,16,32}_t.
Remove a warning in AES string-to-key 2013-11-16T04:38:15+00:00 Greg Hudson ghudson@mit.edu 2013-11-16T04:38:15+00:00 e08db4b3097e31c9fd42e870b641ad97155cab39 On 32-bit platforms, the code to translate an iteration count of 0 to 2^32 can trigger a compiler warning. Since we will basically never accept an iteration count that high (right now we reject anything above 2^24), just reject it out of hand. 
On 32-bit platforms, the code to translate an iteration count of 0 to
2^32 can trigger a compiler warning.  Since we will basically never
accept an iteration count that high (right now we reject anything
above 2^24), just reject it out of hand.
Enforce minimum PBKDF2 iteration count 2013-11-15T22:42:37+00:00 Tom Yu tlyu@mit.edu 2013-11-15T21:11:32+00:00 7a7736a3ea321aeb4b281ae2712e27becb00d720 Also add a testing interface to allow weak iteration counts. (Published test vectors use weak iteration counts.) ticket: 7465 target_version: 1.12 tags: pullup 
Also add a testing interface to allow weak iteration counts.
(Published test vectors use weak iteration counts.)

ticket: 7465
target_version: 1.12
tags: pullup
Use constant-time comparisons for checksums 2013-10-03T19:26:00+00:00 Greg Hudson ghudson@mit.edu 2013-10-02T21:58:06+00:00 07d68eec2788bfe80686608813f644838707c168 






Use k5calloc instead of k5alloc where appropriate
2013-07-12T00:39:51+00:00

Greg Hudson
ghudson@mit.edu

2013-07-12T00:39:51+00:00

443ce5fef316e3dc324fe84557a06b069dbe33f9

Wherever we use k5alloc with a multiplication in the size parameter,,
use the new k5calloc helper function instead.





Wherever we use k5alloc with a multiplication in the size parameter,,
use the new k5calloc helper function instead.