| Age | Commit message (Collapse) | Author |
|---|
|
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr)
for memset and memcpy. Remove needless casts for those functions.
For memset, replace alternative forms of zero with 0.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Signed-off-by: mancha security <mancha1@zoho.com>
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
I left many "#if 0" lines, usually because I thought we would
probably want to revisit them later, or because they provided
some useful internal documentation tips.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
This should be a one off operation (subsequent invokation of the
script should not move them)
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Conflicts:
crypto/dsa/dsa_vrf.c
crypto/ec/ec2_smpl.c
crypto/ec/ecp_smpl.c
Conflicts:
demos/bio/saccept.c
ssl/d1_clnt.c
Conflicts:
bugs/dggccbug.c
demos/tunala/cb.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
indent will not alter them when reformatting comments
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Don't need to check auth for NULL since we did when we
assigned to it.
Reviewed-by: Emilia Kasper <emilia@openssl.org>
|
|
|
|
|
|
|
|
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
|
|
|
|
|
|
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
|
|
PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>
|
|
|
|
|
|
will be firmed up as soon as it's been verified not to break anything.
|
|
http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html.
Notified by David Wolfe <dwolfe5272@yahoo.com>
|
|
Avoid more shadow warnings.
|
|
|
|
|
|
In s_server, print the received Kerberos information.
PR: 693
|
|
|
|
Submitted by: Jeffrey Altman <jaltman@columbia.edu>, "Kenneth R. Robinette" <support@securenetterm.com>
|
|
Submitted by: "Kenneth R. Robinette" <support@securenetterm.com>
Reviewed by:
PR:
|
|
I've covered all the memset()s I felt safe modifying, but may have missed some.
|
|
|
|
|
|
duplicate definitions.
Suggested by "Kenneth R. Robinette" <support@securenetterm.com>
|
|
|
|
|
|
string is NUL-terminated
|
|
calls. This patch allows compilation either way.
Submitted by: Jeffrey Altman <jaltman@columbia.edu>
|
|
to digests to retain compatibility.
|
|
depend on the environment, like the presence of the OpenBSD crypto
device or of Kerberos, do not change the dependencies within OpenSSL.
|
|
and rename some local variables to avoid name shadowing.
|
|
His comments are:
First, it corrects a problem introduced in the last patch where the
kssl_map_enc() would intentionally return NULL for valid ENCTYPE
values. This was done to prevent verification of the kerberos 5
authenticator from being performed when Derived Key ciphers were
in use. Unfortunately, the authenticator verification routine was
not the only place that function was used. And it caused core dumps.
Second, it attempt to add to SSL_SESSION the Kerberos 5 Client
Principal Name.
|
|
His comments are:
This patch fixes the problem of modern Kerberos using "derived keys"
to encrypt the authenticator by disabling the authenticator check
for all derived keys enctypes.
I think I've got all the bugfixes that Jeffrey and I discussed rolled
into this. There were some problems with Jeffrey's code to convert
the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900;
it helps to have an actual decryptable authenticator to play with).
So I've shamelessly pushed in my code, while stealing some bits from
Jeffrey.
|
|
Submitted by Jeffrey Altman <jaltman@columbia.edu>
|
|
|
|
His comments are:
. adds use of replay cache to protect against replay attacks
. adds functions kssl_tgt_is_available() and
kssl_keytab_is_available() which are used within s3_lib.c
and ssl_lib.c to determine at runtime whether or not
KRB5 ciphers can be supported during the current session.
|
|
Jeffrey Altman <jaltman@columbia.edu>
(Really, the time that's being parsed is a GeneralizedTime, so if
ASN1_GENERALIZEDTIME_get() ever gets implemented, it should be used
instead)
|
|
His comments are:
. Fixed all of the Windows dynamic loading functions, prototypes, etc.
. Corrected all of the unsigned/signed comparison warnings
. Replaced the references to krb5_cksumarray[] for two reasons.
First, it was an internal variable that should not have been
referenced outside the library; nor could it have been with
a shared library with restricted exports. Second, the
variable is no longer used in current Kerberos implementations.
I replaced the code with equivalent functionality using functions
that are exported from the library.
|
