summaryrefslogtreecommitdiffstats
path: root/src/lib/crypto
Commit message (Collapse)AuthorAgeFilesLines
...
* comment needed some grammatical/typographical fixes tooKen Raeburn2009-02-021-11/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21864 dc483132-0cff-0310-8789-dd5450dbe970
* comment whitespaceKen Raeburn2009-02-021-11/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21863 dc483132-0cff-0310-8789-dd5450dbe970
* handle freeing null keyblockKen Raeburn2009-01-311-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21846 dc483132-0cff-0310-8789-dd5450dbe970
* disable single-DES by defaultTom Yu2009-01-284-11/+47
| | | | | | | | | | Mark all single-DES enctypes as "weak", and create a new libdefaults variable "allow_weak_crypto", which defaults to "false". ticket: 6353 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21823 dc483132-0cff-0310-8789-dd5450dbe970
* Start to phase out krb5_xfree macro, which just casts its argument toKen Raeburn2009-01-283-5/+5
| | | | | | | | | | | char* and calls free. Replace most uses, outside of the LDAP KDB plugin, which doesn't build on my test system of the moment because of version dependencies. Add one explicit cast to make the change warning-neutral (under gcc 4.0.1 on Mac OS X 10.5.6). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21812 dc483132-0cff-0310-8789-dd5450dbe970
* Use 16/32-bit big/little-endian store functions in more placesKen Raeburn2009-01-2610-68/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21796 dc483132-0cff-0310-8789-dd5450dbe970
* Change 16/32/64-bit big-/little-endian/native unaligned load/storeKen Raeburn2009-01-241-2/+2
| | | | | | | | routines to take void pointers, so they can operate on both plain and unsigned char buffers, or other types. Remove some now-unneeded casts. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21793 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize ds.magic in k5_md5_hmac_hash, to avoid harmlessly copyingGreg Hudson2009-01-231-0/+1
| | | | | | around its uninitialized value in krb5_hmac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21787 dc483132-0cff-0310-8789-dd5450dbe970
* Include cksumtypes.h from aead.h to get struct krb5_cksumtypes (movedKen Raeburn2009-01-239-23/+33
| | | | | | | | in rev 21753). Protect cksumtypes.h from multiple inclusions. Update dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21780 dc483132-0cff-0310-8789-dd5450dbe970
* Make enctype and checksumtype name mapping table types private to theKen Raeburn2009-01-156-124/+120
| | | | | | | | crypto library. Add a field for aliases to the record type so that aliases don't have to be implemented by duplicating all the other information. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21753 dc483132-0cff-0310-8789-dd5450dbe970
* move generated dependencies out of Makefile.inKen Raeburn2009-01-0530-1105/+1075
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Move automatically-generated dependencies into separate files in the source tree, and take the data out of Makefile.in. Keep the "make depend" rules for stripping out the dependencies from Makefile.in, in case some optional directories were missed, but everything that builds on my UNIX build has been converted. (Converting a directory just requires creating an empty "deps" file so that config.status can build the makefile, and then later running "make depend" in that directory to get the correct content for it.) Change configure scripts to incorporate the "deps" file when building each Makefile. This change requires the existence of a file "deps" in each source directory where we build a makefile, even if there are no sources for which to compute dependencies; a switch to GNU make would let us conditionalize that, but we can assess that later. Update dependencies for the generate Makefile itself to list the deps file. This will also require some minor tweaking of the Windows build, to make it incorporate the new deps file. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
* fix minor comment typosKen Raeburn2009-01-051-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21699 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-0330-135/+714
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* I don't know what it was that someone else didn't know, but it doesn'tKen Raeburn2008-12-311-5/+3
| | | | | | belong in the copyright header. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21642 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb524, lib/des425, lib/krb4, and include/kerberosIV.Greg Hudson2008-12-186-87/+120
| | | | | | | | | | Remove krb4 build system references and conditionals. Move des425 header stuff referenced by des_int.h into des_int.h. Remove krb4 test cases. ticket: 6303 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21544 dc483132-0cff-0310-8789-dd5450dbe970
* Merge in fix from ms-krb-integ branch to avoid modifying input data on ↵Sam Hartman2008-12-051-4/+15
| | | | | | | | | aead_decrypt_compat ticket: 6274 Status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21287 dc483132-0cff-0310-8789-dd5450dbe970
* Cleanup warningsSam Hartman2008-12-044-19/+19
| | | | | | | ticket: 6274 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21280 dc483132-0cff-0310-8789-dd5450dbe970
* Merge R21122 from mskrb-integSam Hartman2008-12-046-60/+60
| | | | | | | | | Namespace cleanup ticket: 6274 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21279 dc483132-0cff-0310-8789-dd5450dbe970
* Merge r21120 from mskrb-integSam Hartman2008-12-046-39/+210
| | | | | | | | | | | | Refactor code such that an AEAD provider does not need to implement the older, non-IOV SPIs. Instead, the older APIs will implement their behaviour on top of the AEAD SPIs, using the wrapper functions in aead.c. ticket: 6274 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21278 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2008-12-026-17/+117
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21266 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto IOV API per Projects/AEAD encryption APISam Hartman2008-12-0232-50/+2560
| | | | | | | | | | | | | | Merge in the mskrb-crypto-iov branch at r21259 in order to move an implementation of http://k5wiki.kerberos.org/wiki/Projects/AEAD_encryption_API onto the trunk. This branch contains a subset of the commits on the mskrb-integ branch that implement the krb5 library part of the crypto IOV API. ticket: new Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21263 dc483132-0cff-0310-8789-dd5450dbe970
* Convert many uses of sprintf to snprintf or asprintfGreg Hudson2008-12-011-4/+4
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21258 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5int_buf_cstr to krb5int_buf_data, since k5bufs can be usedGreg Hudson2008-11-051-1/+1
| | | | | | | | | | | for binary data as well as C string data. The buffer will always have a null byte at krb5int_buf_len bytes regardless of whether it contains C string data. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21003 dc483132-0cff-0310-8789-dd5450dbe970
* Don't build dependencies for v4rcp.c.Ken Raeburn2008-11-0415-550/+597
| | | | | | Rebuild dependencies for k5-buf.h, and without krb4 support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20964 dc483132-0cff-0310-8789-dd5450dbe970
* Apply Apple patch to null out key->contents after freeing on failure,Greg Hudson2008-11-031-0/+2
| | | | | | | | eliminating the possibility that the pointer will be used after free. ticket: 6247 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20961 dc483132-0cff-0310-8789-dd5450dbe970
* Use the k5buf module instead of strcpy/strcat in several placesGreg Hudson2008-10-301-4/+6
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20941 dc483132-0cff-0310-8789-dd5450dbe970
* Use strlcpy instead of strcpy in many placesGreg Hudson2008-10-242-6/+4
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970
* makedependKen Raeburn2008-09-1815-507/+546
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
* Based on patch from lxs, with some changes:Ken Raeburn2008-08-2722-27/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add several new gcc warning flags, used in the KfM build process. Put declarations before code. Fix a bunch of signed/unsigned type mixes, mostly by changing variable types to unsigned int. Fix constness in handling name of default ccache name. Make sure functions get declared with prototypes: krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get. Don't shadow global names: stat accept index open encrypt. Fix variable shadowing in LDAP ASN.1 support. Don't define unused krb5int_local_addresses. Don't export internal krb5_change_set_password. Fix error return indications from gssint_oid_to_mech. Create and use k5-gmt_mktime.h to provide one global declaration of krb5int_gmt_mktime, needed before we've generated krb5.h on some platforms. Not incorporated from initial patch: const changes in function signatures. ticket: 6096 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
* Use a valid UTF8 password for randkey passwordAlexandra Ellwood2008-08-131-3/+5
| | | | | | | | KfM RC4 string to key function expects password to be valid UTF8 ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20650 dc483132-0cff-0310-8789-dd5450dbe970
* If CONFIG_SMALL_NO_CRYPTO is defined, turn off CONFIG_SMALL changes for ↵Ken Raeburn2008-08-126-12/+12
| | | | | | crypto code only git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20648 dc483132-0cff-0310-8789-dd5450dbe970
* Update copyright notices to reflect donation of DES implementation byTom Yu2008-08-125-25/+120
| | | | | | | | Dennis Ferguson. ticket: 6070 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20642 dc483132-0cff-0310-8789-dd5450dbe970
* Make more uses of load/store_32_be/le, which on x86 at least expandsKen Raeburn2008-08-027-67/+22
| | | | | | | to a single unaligned load/store instruction, instead of open-coding the shifts and masks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20599 dc483132-0cff-0310-8789-dd5450dbe970
* Use GET_HALF_BLOCK to fetch new values instead of open-codingKen Raeburn2008-08-022-16/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20598 dc483132-0cff-0310-8789-dd5450dbe970
* Don't set LOCAL_SUBDIRS in many places and SUBDIRS in a few andKen Raeburn2008-07-201-1/+1
| | | | | | | default SUBDIRS to LOCAL_SUBDIRS via pre.in. Instead, just set SUBDIRS in each directory, and don't do anything in pre.in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20546 dc483132-0cff-0310-8789-dd5450dbe970
* add copyright to lib/crypto/enc_provider/aes.cTom Yu2008-07-091-0/+26
| | | | | | | | | | | | lib/crypto/enc_provider/aes.c was missing a copyright statement. Added. ticket: new tags: pullup component: krb5-libs target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20503 dc483132-0cff-0310-8789-dd5450dbe970
* stop exporting a few symbols internal to aes implementationKen Raeburn2008-07-031-5/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20497 dc483132-0cff-0310-8789-dd5450dbe970
* When returning an error, don't also pass back an invalid pointerKen Raeburn2008-06-271-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20484 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a few incompatible-pointer warnings that aren't just about signednessKen Raeburn2008-06-021-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20351 dc483132-0cff-0310-8789-dd5450dbe970
* After malloc/realloc/calloc failures, return ENOMEM explicitly insteadKen Raeburn2008-04-303-6/+6
| | | | | | | of reading it from errno. This may make static analysis tools less confused about when we return zero vs nonzero values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20312 dc483132-0cff-0310-8789-dd5450dbe970
* Multiple assignments without sequence points invoke undefinedKen Raeburn2008-04-251-6/+12
| | | | | | | behavior, even if the assignments all compute and store the same value. Don't put an assignment in the argument to macro ff(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20309 dc483132-0cff-0310-8789-dd5450dbe970
* Don't do UTF-8 bits (and include Apple headers) when just rebuilding ↵Ken Raeburn2008-04-241-2/+2
| | | | | | dependencies git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20306 dc483132-0cff-0310-8789-dd5450dbe970
* Add "-framework CoreFoundation" to crypto library link command in darwin-modeKen Raeburn2008-03-041-1/+1
| | | | | | | | | build on mac. ticket: 5894 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20253 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_arcfour_string_to_key does not support utf-8 stringsAlexandra Ellwood2008-02-261-9/+47
| | | | | | | | | | | | | | | | krb5int_arcfour_string_to_key converts C strings to UTF-16 before passing them to the string to key function. Currently the UTF-16 conversion assumes the input string is ASCII only. Added support to convert UTF-8 strings to UTF-16 on Mac OS X. Leaving the bug open until we discuss if we want to have implementations for Unix and Windows platforms. ticket: new status: open target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20242 dc483132-0cff-0310-8789-dd5450dbe970
* Set close-on-exec flag in most places where file descriptors areKen Raeburn2007-10-221-6/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. ticket: 5561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
* read_entropy_from_device on partial read will not fill bufferEzra Peisach2007-08-201-4/+6
| | | | | | | | | | | | | | | read_entropy_from_device() will loop in read until the desired number of bytes are read from the device (/dev/random, /dev/urandom). I have observed that for /dev/random, if there is not enough bits available for reading - it will return a partial read. The code would loop in this case, but never advance the location to place the new bytes - hence the start of the buffer would be filled again - leaving the tail end as stack garbage. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19845 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-08-1615-482/+529
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
* Fix various gcc warnings about pointer target signedness and qualifiersKen Raeburn2007-05-1010-34/+50
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19548 dc483132-0cff-0310-8789-dd5450dbe970
* Rewrite weak key check to use a small custom struct instead of wedgingKen Raeburn2007-05-101-10/+12
| | | | | | | data into krb5_data, and use the array size rather than a sentinel for loop control. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19547 dc483132-0cff-0310-8789-dd5450dbe970
* We're requiring that 'inline' work nowadays, so don't conditionalize its useKen Raeburn2007-05-101-7/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19546 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 19:03:41 +0000