diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2000-06-27 21:00:02 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2000-06-27 21:00:02 +0000 |
| commit | 9fe2a01ec0fefa8b764bb6e9d7f9a09d11fed7ff (patch) | |
| tree | 2d4fd8b1bf6272f1286ffb7af9ae1d351a347e71 /src/lib/gssapi/krb5/ChangeLog | |
| parent | 0d54ee19a3e5a159f0b86097ebfe193a0d9c26d8 (diff) | |
pullup from 1.2 branch
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12442 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/krb5/ChangeLog')
| -rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 61 |
1 files changed, 60 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index ccb16f49a..087104e70 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,62 @@ +2000-06-09 Tom Yu <tlyu@mit.edu> + Ken Raeburn <raeburn@mit.edu> + + * accept_sec_context.c (krb5_gss_accept_sec_context): Remove + explicit check of mech OID against credential. + + * util_crypt.c (kg_encrypt): Copy ivec, since c_encrypt() now + updates ivecs. + (kg_decrypt): Copy ivec, since c_decrypt() now updates ivecs. + + * init_sec_context.c (get_credentials): Don't check each enctype + against a list from the krb5 library; instead, just try to use it, + and go on to the next if the error code indicates we can't use it. + + * gssapiP_krb5.h (enum qop): New type, derived from spec but + currently not used. + * util_crypt.c (kg_encrypt, kg_decrypt): Added key derivation + usage value as an argument. Prototypes and callers updated; all + callers use KG_USAGE_SEAL, except KG_USAGE_SEQ when encrypting + sequence numbers. + * 3des.txt: New file. + + * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete field + gsskrb5_version. + (struct _krb5_gss_cred_id_rec): Delete field rfcv2_mech. + * accept_sec_context.c, acquire_cred.c, add_cred.c, inq_cred.c, + k5seal.c, k5unseal.c, ser_ctx.c: + Delete krb5-mech2 support. + + * init_sec_context.c (get_credentials): Enctype argument is now a + pointer to a list of enctypes. Explicitly try each in order until + success or an error other than cryptosystem not being supported. + (krb5_gss_init_sec_context): Pass list of cryptosystems, starting + with 3DES. + + * gssapiP_krb5.h (enum sgn_alg, enum seal_alg): New types, + giving symbolic names for values from RFC 1964, a Microsoft win2k + I-D, and our proposed 3des-sha1 values. + (KG_USAGE_SEAL, KG_USAGE_SIGN, KG_USAGE_SEQ): New macros. + + * accept_sec_context.c (rd_req_keyproc): Already-disabled routine + deleted. + (krb5_gss_accept_sec_context): Use sgn_alg and seal_alg symbolic + names. Add a case for des3-hmac-sha1. + * k5seal.c (make_seal_token_v1): Likewise. Do key derivation for + checksums. + * k5unseal.c (kg_unseal_v1): Likewise. + * util_crypt.c (kg_encrypt, kg_decrypt): Do key derivation for + encryption. + + * util_crypt.c (zeros): Unused variable deleted. + + * wrap_size_limit.c: Remove mech2 support. Add MIT copyright. + +2000-06-09 Nalin Dahyabhai <nalin@redhat.com> + + * add_cred.c (krb5_gss_add_cred): Don't overflow buffers "ktboth" + or "ccboth". + 2000-05-31 Wilfredo Sanchez <tritan@mit.edu> * accept_sec_context.c, gssapiP_krb5.h, init_sec_context.c, @@ -21,7 +80,7 @@ The rfc1964 mech always pads and confounds regardless of whether confidentiality is requested. -2000-01-27 Ken Raeburn <raeburn@raeburn.org> +2000-01-27 Ken Raeburn <raeburn@mit.edu> * init_sec_context.c (krb5_gss_init_sec_context): Default to des-cbc-crc. |