From noreply at github.com Mon Apr 11 00:08:56 2016 From: noreply at github.com (GitHub) Date: Sun, 10 Apr 2016 15:08:56 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 0f9785: hcrypto: config/roken cleanup Message-ID: <570acef8ebc17_4b413f9454f972c010285b@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 0f97855826c070ac5539696b7797ce2ba219f5c5 https://github.com/heimdal/heimdal/commit/0f97855826c070ac5539696b7797ce2ba219f5c5 Author: Jeffrey Altman Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/hcrypto/aes.c M lib/hcrypto/bn.c M lib/hcrypto/camellia-ntt.c M lib/hcrypto/camellia.c M lib/hcrypto/common.c M lib/hcrypto/des.c M lib/hcrypto/destest.c M lib/hcrypto/dh-ltm.c M lib/hcrypto/dh-tfm.c M lib/hcrypto/dh.c M lib/hcrypto/dsa.c M lib/hcrypto/ec.c M lib/hcrypto/engine.c M lib/hcrypto/evp-cc.c M lib/hcrypto/evp-crypt.c M lib/hcrypto/evp-hcrypto.c M lib/hcrypto/evp-pkcs11.c M lib/hcrypto/evp-w32.c M lib/hcrypto/evp-wincng.c M lib/hcrypto/evp.c M lib/hcrypto/example_evp_cipher.c M lib/hcrypto/hmac.c M lib/hcrypto/md2.c M lib/hcrypto/md4.c M lib/hcrypto/md5.c M lib/hcrypto/md5crypt_test.c M lib/hcrypto/mdtest.c M lib/hcrypto/passwd_dlg.c M lib/hcrypto/pkcs12.c M lib/hcrypto/pkcs5.c M lib/hcrypto/rand-fortuna.c M lib/hcrypto/rand-timer.c M lib/hcrypto/rand-unix.c M lib/hcrypto/rand-w32.c M lib/hcrypto/rand.c M lib/hcrypto/rc2.c M lib/hcrypto/rc2test.c M lib/hcrypto/rc4.c M lib/hcrypto/rctest.c M lib/hcrypto/rijndael-alg-fst.c M lib/hcrypto/rnd_keys.c M lib/hcrypto/rsa-gmp.c M lib/hcrypto/rsa-ltm.c M lib/hcrypto/rsa-tfm.c M lib/hcrypto/rsa.c M lib/hcrypto/sha.c M lib/hcrypto/sha256.c M lib/hcrypto/sha512.c M lib/hcrypto/test_bn.c M lib/hcrypto/test_bulk.c M lib/hcrypto/test_cipher.c M lib/hcrypto/test_dh.c M lib/hcrypto/test_engine_dso.c M lib/hcrypto/test_hmac.c M lib/hcrypto/test_pkcs12.c M lib/hcrypto/test_pkcs5.c M lib/hcrypto/test_rand.c M lib/hcrypto/test_rsa.c M lib/hcrypto/ui.c M lib/hcrypto/validate.c Log Message: ----------- hcrypto: config/roken cleanup All source files in lib/hcrypto should be built the same way. Since this source directory is dependent on libroken then all source files must be built using the roken.h declarations and included headers. Also, there is no config.h in the local directory so angle brackets include of quotes should be used. Finally, because roken.h includes stdio.h, stdlib.h, stdarg.h, limits.h, strings.h, sys/types.h, etc., do not include them separately. Start all source files with #include #include Change-Id: I09ab47f8a5472018efe6c8b59a0e51fde8f24724 Commit: 1953b0bd397025458e931ab9de8c6f6920021c01 https://github.com/heimdal/heimdal/commit/1953b0bd397025458e931ab9de8c6f6920021c01 Author: Jeffrey Altman Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/krb5/fcache.c M lib/krb5/krb5_get_init_creds.3 M lib/krb5/principal.c Log Message: ----------- krb5: pricipal -> principal fix the spelling errors Change-Id: I6769ecc50009c11a296766961c1873f4836f33a7 Commit: 1dcfceb0905b02e9c097970faf2bd6dbf7266c3f https://github.com/heimdal/heimdal/commit/1dcfceb0905b02e9c097970faf2bd6dbf7266c3f Author: Jeffrey Altman Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/base/test_base.c Log Message: ----------- lib/base: add tests for mutex and rwlock Add a basic set of tests for the HEIMDAL_MUTEX and HEIMDAL_RWLOCK abstraction using both static and dynamic initialization. Change-Id: Iaeb16e5dfcf00d29be7eaa4f2e6970c4f1268fb0 Commit: 1f53a40827beef38eb568d290d321df58f738137 https://github.com/heimdal/heimdal/commit/1f53a40827beef38eb568d290d321df58f738137 Author: Nicolas Williams Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M include/heim_threads.h Log Message: ----------- threads: Windows mutex and rwlock implementation Change-Id: I087bd5884eca9f232f4b5a2a6463b06b38a488e7 Commit: c80816f9c31f036f0b0390c6e2f9708044ba784a https://github.com/heimdal/heimdal/commit/c80816f9c31f036f0b0390c6e2f9708044ba784a Author: Nicolas Williams Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/krb5/context.c M lib/krb5/crypto-stubs.c M lib/krb5/deprecated.c M lib/krb5/error_string.c M lib/krb5/krb5_locl.h Log Message: ----------- krb5_context: embed mutex in structure Instead of allocating a separate mutex object on the heap, include the HEIMDAL_MUTEX in the krb5_context structure. Change-Id: If6db484177410487176985e43e3b43e0f2166518 Commit: b0e7dc5106e5f86b850f058e473b9e4ff52fa1ab https://github.com/heimdal/heimdal/commit/b0e7dc5106e5f86b850f058e473b9e4ff52fa1ab Author: Jeffrey Altman Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/krb5/get_host_realm.c Log Message: ----------- krb5: DNS TXT records test for invalid gTLD As per https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf prior to a new top-level domain being put into service there is a controlled interuption service which will return explicit responses to DNS A, MX, SRV, and TXT queries that can be used to detect private namespace collisions. Modify the signature of copy_txt_to_realm() to accept a krb5_context so that meaningful errors can be recorded. Write a warning to the log (if any). Change-Id: I51ff8feed4f9d2af8b956bd4ba26e1c4644247c2 Commit: 4b45355162371d2692e7bb6b8c3ad5e730885556 https://github.com/heimdal/heimdal/commit/4b45355162371d2692e7bb6b8c3ad5e730885556 Author: Jeffrey Altman Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/krb5/krbhst.c Log Message: ----------- krb5: DNS SRV records test for invalid gTLD As per https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf prior to a new top-level domain being put into service there is a controlled interuption service which will return explicit responses to DNS A, MX, SRV, and TXT queries that can be used to detect private namespace collisions. Modify SRV records lookups to detect the special hostname returned in the SRV response, skip the response, and record an appropriate error if it is detected. Write a warning to the log (if any). Change-Id: I47e049b617e39e49939bc92d513a547de1d04624 Commit: 13568961ecdf5edd12644c1ff1d3c2b9e8823c4b https://github.com/heimdal/heimdal/commit/13568961ecdf5edd12644c1ff1d3c2b9e8823c4b Author: Jeffrey Altman Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/krb5/krbhst.c Log Message: ----------- krb5: DNS A record fallback test for invalid gTLD As per https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf prior to a new top-level domain being put into service there is controlled interuption service which will return explicit responses to DNS A, MX, SRV, and TXT queries that can be used to detect private namespace collisions. When performing fallback_get_hosts() check the AF_INET responses to ensure that they are not the gTLD name collision address 127.0.53.53. If so, add an error message to the context and return KRB5_KDC_UNREACH. Write a warning to the log (if any). Change-Id: I2578f13948b8327cc3f06542c1e489f02410143a Commit: eb1545382ae5be11bdaa82b6a08f892924ef78eb https://github.com/heimdal/heimdal/commit/eb1545382ae5be11bdaa82b6a08f892924ef78eb Author: Jeffrey Altman Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/krb5/cache.c Log Message: ----------- lib/krb5: fallback Windows default ccname to HLKM Windows queries the default ccache name via the registry. Prior to this change only the HKEY_CURRENT_USER hive. Fallback to HKEY_LOCAL_MACHINE if there is no "ccname" value specified for the user. This permits system or domain administrators to set the default ccache to MSLSA: for all users. Change-Id: Ide3b51358f8fc6944ca698e4a68295be9463d4e0 Commit: 338b4a1fba17044f6f01bc9560fc99626f2e0735 https://github.com/heimdal/heimdal/commit/338b4a1fba17044f6f01bc9560fc99626f2e0735 Author: Jeffrey Altman Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/krb5/cache.c Log Message: ----------- lib/krb5: reformat krb5_cc_set_default_name Remove unnecessary levels of indentation. Switch the conditional from "(e == NULL)" to "(p == NULL)" since it the variable 'p' that is actually used to store the name of the default credential cache. Change-Id: Id884e2cd80b42e47d3c219ac3777161087467a14 Commit: 1b95a70e4ff3aa58788d970f95b2c4f3228f8fba https://github.com/heimdal/heimdal/commit/1b95a70e4ff3aa58788d970f95b2c4f3228f8fba Author: Jeffrey Altman Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/krb5/cache.c Log Message: ----------- lib/krb5: krb5_cc_set_default_name Windows MSLSA: If there is no default credential cache obtained from the registry or from configuration files, then check to see if there is a valid principal available from the MSLSA: credential cache. If so, use "MSLSA:" as the default credential cache. This will simply configuration for users on domain joined Windows machines when logged in using a domain account. Change-Id: I4c4392e0fdcec89aff3d258ce1b753e6458e3eec Commit: 924f7b919023f744cdcbb30c4df5b67b7a912e91 https://github.com/heimdal/heimdal/commit/924f7b919023f744cdcbb30c4df5b67b7a912e91 Author: Jeffrey Altman Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/krb5/cache.c Log Message: ----------- lib/krb5: Windows API:krb5cc ccache fallback If there is no MSLSA: credential cache principal, then try to fallback to the MIT default MIT credential cache name, API:krb5cc. Change-Id: I8f981c5401b4f962cf808e7b0dc782e42bc03023 Compare: https://github.com/heimdal/heimdal/compare/62f982a87b5c...924f7b919023 From noreply at github.com Mon Apr 11 02:05:13 2016 From: noreply at github.com (GitHub) Date: Sun, 10 Apr 2016 17:05:13 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] ffc525: lib/kadm5: do not prototype imported _krb5_put_int Message-ID: <570aea3950f21_24243fb37356b2b81008d5@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: ffc525aad1802247c1e1ef8bd1667ff045b00f1f https://github.com/heimdal/heimdal/commit/ffc525aad1802247c1e1ef8bd1667ff045b00f1f Author: Jeffrey Altman Date: 2016-04-10 (Sun, 10 Apr 2016) Changed paths: M lib/kadm5/get_s.c Log Message: ----------- lib/kadm5: do not prototype imported _krb5_put_int The function _krb5_put_int() is a private function exported from lib/krb5. Its declaration should come from krb5-private.h. A local declaration will not result in the proper import qualifiers on Windows. Change-Id: I53e7aeea9f2f34cab105f2e331f3c6522847ccfe From noreply at github.com Mon Apr 11 07:34:15 2016 From: noreply at github.com (GitHub) Date: Sun, 10 Apr 2016 22:34:15 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 278cd6: lib/hdb: hdb_method functions !KRB5_LIB_CALL Message-ID: <570b37578a9f8_50053fbe3a27d2a0121263@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 278cd6330631b99bab52ffbd22527501a1b68e5e https://github.com/heimdal/heimdal/commit/278cd6330631b99bab52ffbd22527501a1b68e5e Author: Jeffrey Altman Date: 2016-04-11 (Mon, 11 Apr 2016) Changed paths: M lib/hdb/hdb.h M lib/hdb/test_hdbplugin.c Log Message: ----------- lib/hdb: hdb_method functions !KRB5_LIB_CALL The hdb_method functions cannot be KRB5_LIB_CALL as lib/hdb is not lib/krb5. KRB5_LIB_CALL will be inconsistently defined. This inconsistency resulted in crashes of test_hdbplugin on 32-bit Windows. Change-Id: I4cf8d3ef76f31a3cae923df234a19610d956e7ee From noreply at github.com Mon Apr 11 21:43:25 2016 From: noreply at github.com (GitHub) Date: Mon, 11 Apr 2016 12:43:25 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] f1d73a: Revert "lib/kadm5: do not prototype imported _krb5... Message-ID: <570bfe5deed88_526c3fd0ce85f2bc54012@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: f1d73a8e46c032fe933970c35fecac6f0a8e1b7d https://github.com/heimdal/heimdal/commit/f1d73a8e46c032fe933970c35fecac6f0a8e1b7d Author: Jeffrey Altman Date: 2016-04-11 (Mon, 11 Apr 2016) Changed paths: M lib/kadm5/get_s.c Log Message: ----------- Revert "lib/kadm5: do not prototype imported _krb5_put_int" krb5_locl.h cannot be included from within lib/kadm5 in the current UNIX builds. Reverting this change which is necessary to properly build on Windows until an alternate solution is agreed upon. This reverts commit ffc525aad1802247c1e1ef8bd1667ff045b00f1f. From noreply at github.com Mon Apr 11 23:12:49 2016 From: noreply at github.com (GitHub) Date: Mon, 11 Apr 2016 14:12:49 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] e1a244: Make it possible to include krb5_locl.h in kadm5 Message-ID: <570c1351175ad_45b73fa7677132b81512a7@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: e1a244f0aaef4ee8b3030ea16ef45080fa9fece0 https://github.com/heimdal/heimdal/commit/e1a244f0aaef4ee8b3030ea16ef45080fa9fece0 Author: Nicolas Williams Date: 2016-04-11 (Mon, 11 Apr 2016) Changed paths: M lib/kadm5/Makefile.am Log Message: ----------- Make it possible to include krb5_locl.h in kadm5 This and ffc525aad1802247c1e1ef8bd1667ff045b00f1f are the correct fix rather than f1d73a8e46c032fe933970c35fecac6f0a8e1b7d. The next commit reverts f1d73a8 by re-applying ffc525a. Commit: 1007d104fad73a931139768fbf009079b0ce2520 https://github.com/heimdal/heimdal/commit/1007d104fad73a931139768fbf009079b0ce2520 Author: Jeffrey Altman Date: 2016-04-11 (Mon, 11 Apr 2016) Changed paths: M lib/kadm5/get_s.c Log Message: ----------- lib/kadm5: do not prototype imported _krb5_put_int The function _krb5_put_int() is a private function exported from lib/krb5. Its declaration should come from krb5-private.h. A local declaration will not result in the proper import qualifiers on Windows. See also: e1a244f Make it possible to include krb5_locl.h in kadm5 Change-Id: I53e7aeea9f2f34cab105f2e331f3c6522847ccfe Compare: https://github.com/heimdal/heimdal/compare/f1d73a8e46c0...1007d104fad7 From noreply at github.com Thu Apr 14 01:53:32 2016 From: noreply at github.com (GitHub) Date: Wed, 13 Apr 2016 16:53:32 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] cc62c1: lib/krb5: fix srv_find_realm invalid gTLD test Message-ID: <570edbfc6fcf4_69ca3fc97f50f2c069214@hookshot-fe5-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: cc62c1a4aed3090bc75802327173a4ed66bcfc43 https://github.com/heimdal/heimdal/commit/cc62c1a4aed3090bc75802327173a4ed66bcfc43 Author: Jeffrey Altman Date: 2016-04-13 (Wed, 13 Apr 2016) Changed paths: M lib/krb5/krbhst.c Log Message: ----------- lib/krb5: fix srv_find_realm invalid gTLD test In srv_find_realm() the conditional for testing whether an entry is the invalid gTLD response was inverted. Refactor the conditional into a helper function is_invalid_tld_srv_target(). Use the helper to simplify the conditional making it easier to confirm that the test is correct. Change-Id: I3220753b5585ac535862c4617030377c7a1f4bbe From noreply at github.com Thu Apr 14 02:39:17 2016 From: noreply at github.com (GitHub) Date: Wed, 13 Apr 2016 17:39:17 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 15a253: lib/ntlm: double quote backslash in error tables Message-ID: <570ee6b58e89a_62bb3f7e2b5612b8128846@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 15a2537a79ea242ed3d96c5208d567503430cfc8 https://github.com/heimdal/heimdal/commit/15a2537a79ea242ed3d96c5208d567503430cfc8 Author: Jeffrey Altman Date: 2016-04-13 (Wed, 13 Apr 2016) Changed paths: M lib/ntlm/ntlm_err.et Log Message: ----------- lib/ntlm: double quote backslash in error tables The error string missing @ or \ in name must have the backslash double quoted as missing @ or \\\\ in name because of how compile_et parses the input and generates its output. Otherwise, when compiling the generated ntlm_err.c a warning will be produced because of invalid quoting of a space. Change-Id: I994d3eb896098914702e418a0ef5cad783d16a5a From noreply at github.com Fri Apr 15 07:26:32 2016 From: noreply at github.com (GitHub) Date: Thu, 14 Apr 2016 22:26:32 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 4b37c2: Make aes-test.c more useful Message-ID: <57107b88a7955_5e9f3fd7803792bc1720a0@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 4b37c27515e8072187987445b09912e28b944d7c https://github.com/heimdal/heimdal/commit/4b37c27515e8072187987445b09912e28b944d7c Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/krb5/aes-test.c Log Message: ----------- Make aes-test.c more useful Commit: c2fafff9927570c239066632cb7302aadc3a07b7 https://github.com/heimdal/heimdal/commit/c2fafff9927570c239066632cb7302aadc3a07b7 Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M include/heim_threads.h Log Message: ----------- WIN32 thread primitives must return int Also, zero return means "success", non-zero means "failure" and the non-zero value is a system error. That's how it is for the other platforms' thread primitives. (The no-threads defaults are still wrong though, as then are macros that expand into do..while, which can't be used as expressions and don't "return" values.) Commit: 22934bae7cfbb59c88ef73c0384d9e3d30562be4 https://github.com/heimdal/heimdal/commit/22934bae7cfbb59c88ef73c0384d9e3d30562be4 Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M include/heim_threads.h Log Message: ----------- Fix heim_threads.h rwlocks macros for pthreads Commit: 9f2642acae08767d4ad846445455be17fccb25c0 https://github.com/heimdal/heimdal/commit/9f2642acae08767d4ad846445455be17fccb25c0 Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/base/test_base.c Log Message: ----------- Fix lib/base/test_base rwlock test Commit: bfa1d9ba0957bc6275c93b3ce9cb64cc970a2012 https://github.com/heimdal/heimdal/commit/bfa1d9ba0957bc6275c93b3ce9cb64cc970a2012 Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M cf/db.m4 Log Message: ----------- Remove debug echo in cf/db.m4 Commit: 2d52e5240127ec99b976f6ebb82991aa223da84e https://github.com/heimdal/heimdal/commit/2d52e5240127ec99b976f6ebb82991aa223da84e Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/Makefile.am Log Message: ----------- Always build lib/sqlite in maintainer mode Commit: d3f9bea491e0be492f874a8e0dd6ff3c64f3433d https://github.com/heimdal/heimdal/commit/d3f9bea491e0be492f874a8e0dd6ff3c64f3433d Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/gssapi/ntlm/crypto.c Log Message: ----------- Fix lib/gssapi/ntlm/crypto.c includes Commit: 1e6f88f721e0cd74af4970cfa5acd0b0e76dfe7e https://github.com/heimdal/heimdal/commit/1e6f88f721e0cd74af4970cfa5acd0b0e76dfe7e Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/hcrypto/evp.c Log Message: ----------- Fix hcrypto evp_md cleanup call protocol Commit: 0b3055fdade4fa77970810036b4eaeac5761daec https://github.com/heimdal/heimdal/commit/0b3055fdade4fa77970810036b4eaeac5761daec Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- hcrypto-pkcs11: rc2_cbc is variable length Commit: d494f2f679fb655fcc3a111a22cb33369f4e1bf5 https://github.com/heimdal/heimdal/commit/d494f2f679fb655fcc3a111a22cb33369f4e1bf5 Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- hcrypto-pkcs11: fix MD4 block size Commit: 0f138cf2d59891bed94dcedcc4fb271e663a2520 https://github.com/heimdal/heimdal/commit/0f138cf2d59891bed94dcedcc4fb271e663a2520 Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/hcrypto/bn.h M lib/hcrypto/ec.h M lib/hcrypto/engine.h M lib/hcrypto/evp.h M lib/hcrypto/rsa.h Log Message: ----------- Add missing hcrypto rename macros Commit: 5c2a3cb25a8b0b1e1701a55c277e8ee165d4ffce https://github.com/heimdal/heimdal/commit/5c2a3cb25a8b0b1e1701a55c277e8ee165d4ffce Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M doc/Makefile.am M lib/Makefile.am M lib/NTMakefile Log Message: ----------- Always build hcrypto Commit: 8033eb298b1fa363632db0cac9880dfe923fbbdc https://github.com/heimdal/heimdal/commit/8033eb298b1fa363632db0cac9880dfe923fbbdc Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/hcrypto/evp.c Log Message: ----------- lib/hcrypto/evp.c: missing MD guards Commit: 6bbe7f0ffa65251b02cfcc64839775b200d3d0de https://github.com/heimdal/heimdal/commit/6bbe7f0ffa65251b02cfcc64839775b200d3d0de Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/hcrypto/evp.c Log Message: ----------- Implement EVP_CIPH_CTRL_INIT Commit: 9df88205ba69b286ee14b3ad7cb02c053526001d https://github.com/heimdal/heimdal/commit/9df88205ba69b286ee14b3ad7cb02c053526001d Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/hx509/crypto.c Log Message: ----------- Fix double-free in lib/hx509/crypto.c Commit: 490337f4f9a81afdf180d1a56ba83b8513335dbd https://github.com/heimdal/heimdal/commit/490337f4f9a81afdf180d1a56ba83b8513335dbd Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M admin/Makefile.am M appl/ftp/ftp/Makefile.am M appl/otp/Makefile.am M appl/su/Makefile.am M cf/crypto.m4 M include/config.h.w32 M include/crypto-headers.h M include/hcrypto/Makefile.am M include/heim_threads.h M kadmin/Makefile.am M kcm/Makefile.am M kdc/Makefile.am M kdc/NTMakefile A kdc/pkinit-ec.c M kdc/pkinit.c M kpasswd/Makefile.am M kuser/Makefile.am M lib/NTMakefile M lib/base/test_base.c M lib/gssapi/Makefile.am M lib/gssapi/ntlm/crypto.c M lib/hcrypto/Makefile.am M lib/hcrypto/NTMakefile M lib/hcrypto/bn.h M lib/hcrypto/dh.h M lib/hcrypto/dsa.h M lib/hcrypto/ec.h M lib/hcrypto/engine.h A lib/hcrypto/evp-openssl.c A lib/hcrypto/evp-openssl.h M lib/hcrypto/evp-pkcs11.c M lib/hcrypto/evp.c M lib/hcrypto/evp.h M lib/hcrypto/libhcrypto-exports.def M lib/hcrypto/mdtest.c M lib/hcrypto/rand.h M lib/hcrypto/rsa.h M lib/hcrypto/test_cipher.c M lib/hcrypto/version-script.map M lib/hdb/Makefile.am M lib/hx509/Makefile.am M lib/hx509/NTMakefile A lib/hx509/crypto-ec.c M lib/hx509/crypto.c M lib/hx509/hx_locl.h M lib/hx509/hxtool.c M lib/hx509/ks_file.c M lib/kafs/Makefile.am M lib/krb5/Makefile.am M lib/krb5/NTMakefile M lib/krb5/aes-test.c M lib/krb5/crypto.h M lib/krb5/krb5_locl.h A lib/krb5/pkinit-ec.c M lib/krb5/pkinit.c M lib/ntlm/Makefile.am M lib/otp/Makefile.am M tools/Makefile.am M tools/krb5-config.in M windows/NTMakefile.config Log Message: ----------- Make OpenSSL an hcrypto backend proper This adds a new backend for libhcrypto: the OpenSSL backend. Now libhcrypto has these backends: - hcrypto itself (i.e., the algorithms coded in lib/hcrypto) - Common Crypto (OS X) - PKCS#11 (specifically for Solaris, but not Solaris-specific) - Windows CNG (Windows) - OpenSSL (generic) The ./configure --with-openssl=... option no longer disables the use of hcrypto. Instead it enables the use of OpenSSL as a (and the default) backend in libhcrypto. The libhcrypto framework is now always used. OpenSSL should no longer be used directly within Heimdal, except in the OpenSSL hcrypto backend itself, and files where elliptic curve (EC) crypto is needed. Because libhcrypto's EC support is incomplete, we can only use OpenSSL for EC. Currently that means separating all EC-using code so that it does not use hcrypto, thus the libhx509/hxtool and PKINIT EC code has been moved out of the files it used to be in. Commit: fca9bc45e22ccbfc47506a7216db9a13ea6fdabf https://github.com/heimdal/heimdal/commit/fca9bc45e22ccbfc47506a7216db9a13ea6fdabf Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M cf/crypto.m4 Log Message: ----------- Add --with-hcrypto-default-backend Commit: 2f0c45f7840b66f20b08e1914caee6532dadb768 https://github.com/heimdal/heimdal/commit/2f0c45f7840b66f20b08e1914caee6532dadb768 Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M include/heim_threads.h M lib/base/Makefile.am M lib/base/NTMakefile A lib/base/dll.c M lib/base/heimbase.c M lib/base/heimbasepriv.h M lib/base/version-script.map Log Message: ----------- Add thread-locals for WIN32 Commit: 2cd233db43d0c5696c0e3ffa7f89df28da6369d7 https://github.com/heimdal/heimdal/commit/2cd233db43d0c5696c0e3ffa7f89df28da6369d7 Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M include/heim_threads.h Log Message: ----------- Add HEIMDAL_THREAD_create() macros Commit: f064f2d14baa91a1c9ce0ff8c15803596ebc493c https://github.com/heimdal/heimdal/commit/f064f2d14baa91a1c9ce0ff8c15803596ebc493c Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/hcrypto/rand-unix.c Log Message: ----------- Add seed operation for unix RAND method Commit: 4a023499d31db923660d785889dce955e1a667c9 https://github.com/heimdal/heimdal/commit/4a023499d31db923660d785889dce955e1a667c9 Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M NEWS Log Message: ----------- Update NEWS for some recent changes - CVE-2016-2400 - OpenSSL as hcrypto backend - Thread support on Windows - HDB LMDB backend - iprop revamp Compare: https://github.com/heimdal/heimdal/compare/15a2537a79ea...4a023499d31d From noreply at github.com Fri Apr 15 17:27:35 2016 From: noreply at github.com (GitHub) Date: Fri, 15 Apr 2016 08:27:35 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 7b2107: Fix lib/krb5/test_plugin.c test Message-ID: <57110867c6e75_65853fe6f7bdb2bc4649a@hookshot-fe5-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 7b2107fd2d92da75a39098e4c987889c5ac30b52 https://github.com/heimdal/heimdal/commit/7b2107fd2d92da75a39098e4c987889c5ac30b52 Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/krb5/test_plugin.c Log Message: ----------- Fix lib/krb5/test_plugin.c test The resolver plugin doesn't have a way to say "and stop here", so the lookup done in lib/krb5/test_plugin.c can produce more results than used to be expected, and indeed nowadays it does. The fix is to ensure that we have the desired results and ignore the others. From noreply at github.com Fri Apr 15 18:54:08 2016 From: noreply at github.com (GitHub) Date: Fri, 15 Apr 2016 09:54:08 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 8078e0: Add support for ECDSA w/ SHA-2 signature algs Message-ID: <57111cb026dec_29d03ff06c4e12bc69280@hookshot-fe4-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 8078e089f12dc66a41d76bfd05ed851331356fea https://github.com/heimdal/heimdal/commit/8078e089f12dc66a41d76bfd05ed851331356fea Author: Viktor Dukhovni Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/asn1/rfc2459.asn1 M lib/hx509/crypto-ec.c M lib/hx509/crypto.c Log Message: ----------- Add support for ECDSA w/ SHA-2 signature algs From noreply at github.com Fri Apr 15 22:20:30 2016 From: noreply at github.com (GitHub) Date: Fri, 15 Apr 2016 13:20:30 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 59b47e: Fix lib/gssapi build race (fix #135) Message-ID: <57114d0eb2a4a_5f413fddac94f2b8640a1@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 59b47eb7bb058cdf6e7b414e69a796aeb4eda20c https://github.com/heimdal/heimdal/commit/59b47eb7bb058cdf6e7b414e69a796aeb4eda20c Author: Nicolas Williams Date: 2016-04-15 (Fri, 15 Apr 2016) Changed paths: M lib/gssapi/Makefile.am Log Message: ----------- Fix lib/gssapi build race (fix #135) From noreply at github.com Sat Apr 16 21:03:14 2016 From: noreply at github.com (GitHub) Date: Sat, 16 Apr 2016 12:03:14 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] b2a784: Add missing Message-ID: <57128c72700c1_58a63fc524f0129c1033c9@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: b2a78463de71b0ebf356af8780f788390e029679 https://github.com/heimdal/heimdal/commit/b2a78463de71b0ebf356af8780f788390e029679 Author: Nicolas Williams Date: 2016-04-16 (Sat, 16 Apr 2016) Changed paths: A lib/hcrypto/undef.h Log Message: ----------- Add missing From noreply at github.com Sat Apr 16 23:58:23 2016 From: noreply at github.com (GitHub) Date: Sat, 16 Apr 2016 14:58:23 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 1103fb: Fix re-definition of keyex enum Message-ID: <5712b57feee61_5a413f86856912c01146fa@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 1103fb19df3080787639a6931d646c698534d3a1 https://github.com/heimdal/heimdal/commit/1103fb19df3080787639a6931d646c698534d3a1 Author: Nicolas Williams Date: 2016-04-16 (Sat, 16 Apr 2016) Changed paths: M kdc/pkinit.c M lib/krb5/krb5_locl.h Log Message: ----------- Fix re-definition of keyex enum Commit: 3d4fbf9aac4d27be84c3420449737108792582e9 https://github.com/heimdal/heimdal/commit/3d4fbf9aac4d27be84c3420449737108792582e9 Author: Nicolas Williams Date: 2016-04-16 (Sat, 16 Apr 2016) Changed paths: M lib/hcrypto/NTMakefile M lib/hcrypto/evp-openssl.c Log Message: ----------- Fix lib/hcrypto for Windows Commit: e2137c63f516ccaac3f6f2e403ba9af4d1b36624 https://github.com/heimdal/heimdal/commit/e2137c63f516ccaac3f6f2e403ba9af4d1b36624 Author: Nicolas Williams Date: 2016-04-16 (Sat, 16 Apr 2016) Changed paths: M lib/base/dll.c M lib/base/heimbase.h M lib/base/heimbasepriv.h M lib/krb5/dll.c Log Message: ----------- Fix Windows build Compare: https://github.com/heimdal/heimdal/compare/b2a78463de71...e2137c63f516 From noreply at github.com Sun Apr 17 00:15:58 2016 From: noreply at github.com (GitHub) Date: Sat, 16 Apr 2016 15:15:58 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] c0f621: Fix Windows build (lib/krb5/pkinit-ec.c) Message-ID: <5712b99ed2ef0_31ec3fc35708f2a0273b5@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: c0f6213be796f31f64dfee1e68ecd3b96e33bbfd https://github.com/heimdal/heimdal/commit/c0f6213be796f31f64dfee1e68ecd3b96e33bbfd Author: Nicolas Williams Date: 2016-04-16 (Sat, 16 Apr 2016) Changed paths: M lib/krb5/pkinit-ec.c Log Message: ----------- Fix Windows build (lib/krb5/pkinit-ec.c) From noreply at github.com Sun Apr 17 01:07:09 2016 From: noreply at github.com (GitHub) Date: Sat, 16 Apr 2016 16:07:09 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 514f71: evp-openssl: fallback to hcrypto Message-ID: <5712c59d25cb0_29fa3fcadec692b81045bb@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 514f719e4a6ab7706540a384fa3fea5e59722ce8 https://github.com/heimdal/heimdal/commit/514f719e4a6ab7706540a384fa3fea5e59722ce8 Author: Nicolas Williams Date: 2016-04-16 (Sat, 16 Apr 2016) Changed paths: M lib/hcrypto/evp-openssl.c Log Message: ----------- evp-openssl: fallback to hcrypto The Windows and PKCS#11 backends do this. The Common Crypto (OS X) backend does not. Ideally this should be a ./configure option, and that might be the next step, but right now we need this fallback in order to get tests passing in Travis-CI. From noreply at github.com Sun Apr 17 22:12:48 2016 From: noreply at github.com (GitHub) Date: Sun, 17 Apr 2016 13:12:48 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 22c532: gssmask: check return of krb5_init_context Message-ID: <5713ee40812f6_6fbe3fb6f5ccd29c3714f@hookshot-fe5-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 22c5327287c378e9efb7c730e0d6e5b63798d42f https://github.com/heimdal/heimdal/commit/22c5327287c378e9efb7c730e0d6e5b63798d42f Author: Jeffrey Altman Date: 2016-04-17 (Sun, 17 Apr 2016) Changed paths: M appl/gssmask/gssmask.c Log Message: ----------- gssmask: check return of krb5_init_context Check the return value so that a more obtuse error does not occur later on. Change-Id: I2115cc58e6fc24b63272b2ae811d64a4966de5d4 Commit: a08431b65896fc3340003a9bb72767d492508bf1 https://github.com/heimdal/heimdal/commit/a08431b65896fc3340003a9bb72767d492508bf1 Author: Jeffrey Altman Date: 2016-04-17 (Sun, 17 Apr 2016) Changed paths: M lib/gssapi/mech/gss_mo.c Log Message: ----------- gss/mech: fix make_sasl_name ctx leak The EVP_MD_CTX created in make_sasl_name() must be destroyed to prevent a memory allocation leak. Change-Id: I0b7f5b1b0f4f252bfcdaec755d09ed75de505f75 Commit: 4ad2f5830a66b0fc5ebee34332720b7d9e9527d7 https://github.com/heimdal/heimdal/commit/4ad2f5830a66b0fc5ebee34332720b7d9e9527d7 Author: Jeffrey Altman Date: 2016-04-17 (Sun, 17 Apr 2016) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- hcrypto: p11_module_init_once make handle static global Coverity complains about the leakage of 'handle' when the identifier goes out of scope. Change handle into a static global to hold the value instead of a stack variable. Change-Id: I040707ac731558f7d523f128a006a80b98d45b79 Compare: https://github.com/heimdal/heimdal/compare/514f719e4a6a...4ad2f5830a66 From noreply at github.com Sun Apr 17 22:20:07 2016 From: noreply at github.com (GitHub) Date: Sun, 17 Apr 2016 13:20:07 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 87d56e: kpasswd: check krb5_unparse_name return Message-ID: <5713eff74c15b_6bdc3feebdf2d2bc53162@hookshot-fe5-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 87d56ef018c8fbd72fa3ae6360900ab9a959dbcf https://github.com/heimdal/heimdal/commit/87d56ef018c8fbd72fa3ae6360900ab9a959dbcf Author: Jeffrey Altman Date: 2016-04-17 (Sun, 17 Apr 2016) Changed paths: M kpasswd/kpasswdd.c Log Message: ----------- kpasswd: check krb5_unparse_name return In verify() if krb5_unparse_name() fails 'sname' will be used unitialized in the subsequent krb5_warnx() and free() calls. Change-Id: I5a49bf06879eb5a77cf2d1d3f0d4b9c6549aeff8 From noreply at github.com Mon Apr 18 00:12:23 2016 From: noreply at github.com (GitHub) Date: Sun, 17 Apr 2016 15:12:23 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] ce4fd0: fixup pkinit-ec.c (kdc and lib/krb5) includes Message-ID: <57140a47a6522_53843fd76d7df29c1029ed@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: ce4fd05b1264e9eb4255d4a64ef7bdb74d7c332a https://github.com/heimdal/heimdal/commit/ce4fd05b1264e9eb4255d4a64ef7bdb74d7c332a Author: Jeffrey Altman Date: 2016-04-17 (Sun, 17 Apr 2016) Changed paths: M kdc/pkinit-ec.c M lib/krb5/pkinit-ec.c Log Message: ----------- fixup pkinit-ec.c (kdc and lib/krb5) includes All source files must start with include include when krb5_locl.h or kdc_locl.h are includes, they must come before other Heimdal include files. Do not include stdint.h when roken.h is included. Do not include config.h more than once. Change-Id: I0baecb5d48317996f48b1a6c41b051f42f2fde61 From noreply at github.com Mon Apr 18 01:05:18 2016 From: noreply at github.com (GitHub) Date: Sun, 17 Apr 2016 16:05:18 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 80f832: lib/krb5: krb5_locl.h do not replicate roken.h Message-ID: <571416aee7419_2f8e3fd1c87772a01007fb@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 80f8325c649762c3a778653875c5dd7d26c8dfa5 https://github.com/heimdal/heimdal/commit/80f8325c649762c3a778653875c5dd7d26c8dfa5 Author: Jeffrey Altman Date: 2016-04-17 (Sun, 17 Apr 2016) Changed paths: M lib/krb5/krb5_locl.h Log Message: ----------- lib/krb5: krb5_locl.h do not replicate roken.h Move roken.h to the top of the header after config.h and remove the includes that are duplicated by roken.h. Change-Id: I33e29736519177f17c36e5c5948d7022011ab2b2 From noreply at github.com Tue Apr 19 06:37:23 2016 From: noreply at github.com (GitHub) Date: Mon, 18 Apr 2016 21:37:23 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 4c1728: Windows: code sign gsstool.exe Message-ID: <5715b60389c0c_8f53faf910db29c7997e@hookshot-fe5-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 4c1728ff7300df38e7e1916659605395cb0a3f65 https://github.com/heimdal/heimdal/commit/4c1728ff7300df38e7e1916659605395cb0a3f65 Author: Jeffrey Altman Date: 2016-04-18 (Mon, 18 Apr 2016) Changed paths: M lib/gssapi/NTMakefile Log Message: ----------- Windows: code sign gsstool.exe Change-Id: I1d79de51bdeefe1611eb69248d11d411361ab5d6 Commit: bc20b5fad07103660258b81fcd49597139863a85 https://github.com/heimdal/heimdal/commit/bc20b5fad07103660258b81fcd49597139863a85 Author: Jeffrey Altman Date: 2016-04-18 (Mon, 18 Apr 2016) Changed paths: M windows/NTMakefile.w32 Log Message: ----------- Windows: do not search for signtool.exe Permit an explicit version of signtool.exe to be specified via an environment variable. Now that sha256 signatures are required the version of signtool.exe that matches the SDK or Visual Studio version might not be sufficient to apply code signatures. Change-Id: I694e2b319bd692d6358ae7ce3d241da2da7648f8 Commit: a234ee5265088d7bdf78420b125114eb66ccd56b https://github.com/heimdal/heimdal/commit/a234ee5265088d7bdf78420b125114eb66ccd56b Author: Jeffrey Altman Date: 2016-04-18 (Mon, 18 Apr 2016) Changed paths: M packages/windows/assembly/NTMakefile M windows/NTMakefile.w32 M windows/README.md Log Message: ----------- Windows: Update code signing to support SHA256 Change-Id: I324e7c56fd73a744127c50e8fc136e8b23d860b0 Compare: https://github.com/heimdal/heimdal/compare/80f8325c6497...a234ee526508 From noreply at github.com Tue Apr 19 20:41:19 2016 From: noreply at github.com (GitHub) Date: Tue, 19 Apr 2016 11:41:19 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] e02832: Fix initialization race in evp-openssl.c Message-ID: <57167bcf50c22_4e963fea2865f2a0117953@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: e02832b199454c4a9913be4cc910af0c74be1f4a https://github.com/heimdal/heimdal/commit/e02832b199454c4a9913be4cc910af0c74be1f4a Author: Nicolas Williams Date: 2016-04-19 (Tue, 19 Apr 2016) Changed paths: M lib/hcrypto/evp-openssl.c Log Message: ----------- Fix initialization race in evp-openssl.c Commit: a9887a843fc8001d122db97d1e3dd59ba78a24db https://github.com/heimdal/heimdal/commit/a9887a843fc8001d122db97d1e3dd59ba78a24db Author: Nicolas Williams Date: 2016-04-19 (Tue, 19 Apr 2016) Changed paths: M cf/crypto.m4 Log Message: ----------- cf/crypto.m4: use AC_DEFINE() for hcrypto provider Commit: 12c922266b434fde608095f1ce4391710f9f8b3b https://github.com/heimdal/heimdal/commit/12c922266b434fde608095f1ce4391710f9f8b3b Author: Nicolas Williams Date: 2016-04-19 (Tue, 19 Apr 2016) Changed paths: M lib/krb5/crypto-des-common.c M lib/krb5/crypto-des.c M lib/krb5/crypto-des3.c M lib/krb5/salt-des3.c Log Message: ----------- Fix 1DES/3DES cast bug and build Commit: 7df276258a328a71b2702067fce9be97bf4ee4a2 https://github.com/heimdal/heimdal/commit/7df276258a328a71b2702067fce9be97bf4ee4a2 Author: Nicolas Williams Date: 2016-04-19 (Tue, 19 Apr 2016) Changed paths: M lib/hcrypto/evp-openssl.c Log Message: ----------- Fix mis-merge in evp-openssl.c Commit: e751e09108fd34a80e1de87ebd7cc0a706ae46b6 https://github.com/heimdal/heimdal/commit/e751e09108fd34a80e1de87ebd7cc0a706ae46b6 Author: Nicolas Williams Date: 2016-04-19 (Tue, 19 Apr 2016) Changed paths: M lib/hcrypto/test_bulk.c Log Message: ----------- Fix warnings in test_bulk.c Commit: 95a996ceaee8e12cefc860d1f6b1f9be66c2ed81 https://github.com/heimdal/heimdal/commit/95a996ceaee8e12cefc860d1f6b1f9be66c2ed81 Author: Nicolas Williams Date: 2016-04-19 (Tue, 19 Apr 2016) Changed paths: M cf/crypto.m4 Log Message: ----------- Add --without-hcrypto-fallback option Commit: 8a749ced784d9c8c172811b029b8f453c5910db9 https://github.com/heimdal/heimdal/commit/8a749ced784d9c8c172811b029b8f453c5910db9 Author: Nicolas Williams Date: 2016-04-19 (Tue, 19 Apr 2016) Changed paths: M lib/hcrypto/evp-openssl.c Log Message: ----------- Check HCRYPTO_FALLBACK in ossl backend Commit: 7f96a2cc1a71423b45bf31f44acce7e9e6d944d9 https://github.com/heimdal/heimdal/commit/7f96a2cc1a71423b45bf31f44acce7e9e6d944d9 Author: Nicolas Williams Date: 2016-04-19 (Tue, 19 Apr 2016) Changed paths: M lib/hcrypto/evp-cc.c Log Message: ----------- Check HCRYPTO_FALLBACK in CC backend Commit: c6c858c0caa7ec7d1a7cc5ca75815b66d3881fbd https://github.com/heimdal/heimdal/commit/c6c858c0caa7ec7d1a7cc5ca75815b66d3881fbd Author: Nicolas Williams Date: 2016-04-19 (Tue, 19 Apr 2016) Changed paths: M lib/hcrypto/evp-pkcs11.c Log Message: ----------- Check HCRYPTO_FALLBACK in PKCS#11 backend Commit: ca0dff891b2c5ade16f3c2a4295f725d78f3a7b8 https://github.com/heimdal/heimdal/commit/ca0dff891b2c5ade16f3c2a4295f725d78f3a7b8 Author: Nicolas Williams Date: 2016-04-19 (Tue, 19 Apr 2016) Changed paths: M lib/hcrypto/evp-w32.c Log Message: ----------- Check HCRYPTO_FALLBACK in W32 backend Compare: https://github.com/heimdal/heimdal/compare/a234ee526508...ca0dff891b2c From noreply at github.com Sun Apr 24 01:02:30 2016 From: noreply at github.com (GitHub) Date: Sat, 23 Apr 2016 16:02:30 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] c75131: Windows: disable weak crypto Message-ID: <571bff06a448f_6bdc3feebdf2d2bc1759d7@hookshot-fe5-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: c7513145010a3e019286ac2d547f930b9ebb4718 https://github.com/heimdal/heimdal/commit/c7513145010a3e019286ac2d547f930b9ebb4718 Author: Jeffrey Altman Date: 2016-04-23 (Sat, 23 Apr 2016) Changed paths: M windows/NTMakefile.config Log Message: ----------- Windows: disable weak crypto Weak crypto is disabled on every other system. OpenAFS no longer requires it and AuriStor doesn't need it. Turn it off. Change-Id: I6fab2328f71d1c38a655560ab0f83b8df9b53c73 Commit: a4dae2513fdf00676285c3fa8a71759ae6461be9 https://github.com/heimdal/heimdal/commit/a4dae2513fdf00676285c3fa8a71759ae6461be9 Author: Jeffrey Altman Date: 2016-04-23 (Sat, 23 Apr 2016) Changed paths: M include/NTMakefile M windows/NTMakefile.config Log Message: ----------- Windows: add HCRYPTO_FALLBACK config to build system HCRYPTO_FALLBACK is a required definition for building lib/hcrypto. However, it wasn't added to the Windows build system. This change does so and enables fallback functionality. Change-Id: I4a711c6da58e8832a61a3c0b2b8d9b10038425f0 Compare: https://github.com/heimdal/heimdal/compare/ca0dff891b2c...a4dae2513fdf From noreply at github.com Sun Apr 24 01:04:06 2016 From: noreply at github.com (GitHub) Date: Sat, 23 Apr 2016 16:04:06 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 6c1ba8: hcrypto: no openssl build requires evp-hcrypto.h i... Message-ID: <571bff666e3f1_67533fcb8bd052a01276e@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 6c1ba826236f899b83377092f017f0d5758c1067 https://github.com/heimdal/heimdal/commit/6c1ba826236f899b83377092f017f0d5758c1067 Author: Jeffrey Altman Date: 2016-04-23 (Sat, 23 Apr 2016) Changed paths: M lib/hcrypto/evp-openssl.c Log Message: ----------- hcrypto: no openssl build requires evp-hcrypto.h include When building evp-openssl.c without support for OpenSSL it is necessary to include evp-hcrypto.h to define the HCRYPTO_FALLBACK functions. Change-Id: Ifd51f9fcd2b1805a534a9f88992162818afffe7d From noreply at github.com Sun Apr 24 02:59:23 2016 From: noreply at github.com (GitHub) Date: Sat, 23 Apr 2016 17:59:23 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 3de56a: Windows: Skip sha256 code sign if !CODESIGN Message-ID: <571c1a6b242a1_4a3f3fd2d2ec329c88028@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 3de56adbcc8a9da242b291cba1416aa39d10de61 https://github.com/heimdal/heimdal/commit/3de56adbcc8a9da242b291cba1416aa39d10de61 Author: Jeffrey Altman Date: 2016-04-23 (Sat, 23 Apr 2016) Changed paths: M windows/NTMakefile.w32 Log Message: ----------- Windows: Skip sha256 code sign if !CODESIGN If we are not code signing we must define an action for _CODESIGN_SHA256 or the build system macros will be unbalanced. Change-Id: I3c545de3c8ee809709defd12faeead358fde26dd