From noreply at github.com Fri Sep 2 00:14:16 2016 From: noreply at github.com (GitHub) Date: Thu, 01 Sep 2016 15:14:16 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] f76d1b: krb5: implement draft-ietf-kitten-aes-cts-hmac-sha... Message-ID: <57c8a838d7e4f_1bc73fc77adf114c66491@hookshot-fe4-cp1-prd.iad.github.net.mail> Branch: refs/heads/lukeh/aes-cts-hmac-sha2 Home: https://github.com/heimdal/heimdal Commit: f76d1b8e9330b1208f198990a7c2a706735859cd https://github.com/heimdal/heimdal/commit/f76d1b8e9330b1208f198990a7c2a706735859cd Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M kdc/kerberos5.c M lib/asn1/krb5.asn1 M lib/hcrypto/evp.h M lib/hcrypto/libhcrypto-exports.def M lib/hcrypto/pkcs5.c M lib/hcrypto/test_pkcs5.c M lib/hcrypto/version-script.map M lib/hdb/keys.c M lib/hdb/mkey.c M lib/krb5/Makefile.am M lib/krb5/NTMakefile M lib/krb5/aes-test.c A lib/krb5/crypto-aes-sha1.c A lib/krb5/crypto-aes-sha2.c R lib/krb5/crypto-aes.c M lib/krb5/crypto-algs.c M lib/krb5/crypto.c M lib/krb5/crypto.h M lib/krb5/derived-key-test.c M lib/krb5/krb5.h M lib/krb5/libkrb5-exports.def.in A lib/krb5/pseudo-random-test.c A lib/krb5/salt-aes-sha1.c A lib/krb5/salt-aes-sha2.c R lib/krb5/salt-aes.c A lib/krb5/sp800-108-kdf.c M lib/krb5/test_crypto.c M lib/krb5/test_crypto_wrapping.c M lib/krb5/test_rfc3961.c M lib/krb5/version-script.map Log Message: ----------- krb5: implement draft-ietf-kitten-aes-cts-hmac-sha2-07 Commit: e309484083bda5ba3713d30de0b462980d4b1052 https://github.com/heimdal/heimdal/commit/e309484083bda5ba3713d30de0b462980d4b1052 Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/krb5/crypto-aes-sha2.c M lib/krb5/crypto.c M lib/krb5/crypto.h M lib/krb5/sp800-108-kdf.c Log Message: ----------- slight refactor Commit: e9b625b00b038d37438072b19ade82baadf119ba https://github.com/heimdal/heimdal/commit/e9b625b00b038d37438072b19ade82baadf119ba Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/asn1/krb5.asn1 Log Message: ----------- match temp enctypes with Greg Hudson's MIT branch Commit: b8233856dcdbcd89f682b20215df7781bebec757 https://github.com/heimdal/heimdal/commit/b8233856dcdbcd89f682b20215df7781bebec757 Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/krb5/crypto-aes-sha2.c Log Message: ----------- match enctype alias names with Greg Hudson's MIT branch Commit: 608e81922edc7c1d1bb03699f68ad97261406258 https://github.com/heimdal/heimdal/commit/608e81922edc7c1d1bb03699f68ad97261406258 Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/krb5/context.c Log Message: ----------- add aes-sha2 enctypes to default enctype list Commit: f3d7fa84a5d65158bc3e8e9038fedbc84d691a7f https://github.com/heimdal/heimdal/commit/f3d7fa84a5d65158bc3e8e9038fedbc84d691a7f Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-des3.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- factor out KDF selection into separate functions Commit: e98367900fd3ba6f3f1a8710e5f6d3f985435508 https://github.com/heimdal/heimdal/commit/e98367900fd3ba6f3f1a8710e5f6d3f985435508 Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/krb5/crypto.c Log Message: ----------- reorder KDFs Commit: f58ccaf2e565d65a50f1c5f2b7738f648b42d690 https://github.com/heimdal/heimdal/commit/f58ccaf2e565d65a50f1c5f2b7738f648b42d690 Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/krb5/crypto-aes-sha1.c M lib/krb5/crypto-des3.c M lib/krb5/crypto.c M lib/krb5/crypto.h Log Message: ----------- convert big crypto if statement to switch Commit: 4d35ac6250ee31c3e2ec9e43a0331d5d42635841 https://github.com/heimdal/heimdal/commit/4d35ac6250ee31c3e2ec9e43a0331d5d42635841 Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/krb5/crypto.c Log Message: ----------- reorder ENC_THEN_CKSUM Commit: 484e691d86c9423040c5ac1430e8d8ee35ec7919 https://github.com/heimdal/heimdal/commit/484e691d86c9423040c5ac1430e8d8ee35ec7919 Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/gssapi/krb5/init_sec_context.c Log Message: ----------- unbreak RFC4537 by only setting enctypes if cred has them Commit: 720b6ee94b48efd8f6f6563fc2e09b1355490d0b https://github.com/heimdal/heimdal/commit/720b6ee94b48efd8f6f6563fc2e09b1355490d0b Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/krb5/crypto.c Log Message: ----------- for aes-cts-hmac-sha2, checksum is over OLD ivec Commit: 514d586ae1d18ba8ca275186e254bfbd85ff5dee https://github.com/heimdal/heimdal/commit/514d586ae1d18ba8ca275186e254bfbd85ff5dee Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/krb5/crypto.c Log Message: ----------- use EVP_MAX_IV_LENGTH not EVP_MAX_BLOCK_LENGTH Commit: 1d9e0c98e22ec4bdbd705f2f6cc782d83f3572f9 https://github.com/heimdal/heimdal/commit/1d9e0c98e22ec4bdbd705f2f6cc782d83f3572f9 Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/krb5/crypto.c Log Message: ----------- checksum old IV for aes-cts-hmac-sha2 non-IOV path Commit: c7f7b1cc1d6c3ab0a33b7e640939a55c582d2509 https://github.com/heimdal/heimdal/commit/c7f7b1cc1d6c3ab0a33b7e640939a55c582d2509 Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/krb5/crypto-aes-sha2.c M lib/krb5/pseudo-random-test.c M lib/krb5/sp800-108-kdf.c Log Message: ----------- update for draft-ietf-kitten-aes-cts-hmac-sha2-10 Commit: 6c5e14637dfdea75099638025e3ada509b6d32d8 https://github.com/heimdal/heimdal/commit/6c5e14637dfdea75099638025e3ada509b6d32d8 Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/hcrypto/undef.h Log Message: ----------- unbreak OpenSSL hcrypto backend Commit: 981d5bfee92e5d6f76774d55767cf05ba8a05750 https://github.com/heimdal/heimdal/commit/981d5bfee92e5d6f76774d55767cf05ba8a05750 Author: Luke Howard Date: 2016-09-02 (Fri, 02 Sep 2016) Changed paths: M lib/hdb/keys.c Log Message: ----------- unbreak rebase to master in hdb Compare: https://github.com/heimdal/heimdal/compare/45de19a7f4e1...981d5bfee92e From noreply at github.com Fri Sep 2 00:39:32 2016 From: noreply at github.com (GitHub) Date: Thu, 01 Sep 2016 15:39:32 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] aa87e0: Use C99 designated initializers in a couple places Message-ID: <57c8ae24d02a8_1ba23f8d90887130156111@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: aa87e08cc72fdf708cfc353020a713970991a21b https://github.com/heimdal/heimdal/commit/aa87e08cc72fdf708cfc353020a713970991a21b Author: Benjamin Kaduk Date: 2016-09-01 (Thu, 01 Sep 2016) Changed paths: M lib/hcrypto/rand-fortuna.c M lib/hcrypto/rand-timer.c Log Message: ----------- Use C99 designated initializers in a couple places Some portions of libhcrypto are reused by other projects in diverse environments, including within operating system kernel modules. In some such build environments, hardening measures such as grsecurity can (randomly) reorder structure elements, so as to make it harder for an attacker to determine the offset from a known field's address to a different field that is needed for an attack. However, doing so requires the use of C99 designated initializers to make the source code compatible with such structure rearrangement, as opposed to the "traditional" C aggregate type initializers, which just list fields in order. This feature is also available as a GCC extension since early versions of GCC. However, it is not provided by many common versions of visual studio (and presumably also not by the vendor compiler for various commercial Unixes), so the traditional initializers must remain, behind a conditional. __GNUC__ or __STDC_VERSION__ >= 199901 should be enough to get most cases with support for designated initializers, at least for now. Signed-off-by: Nicolas Williams From noreply at github.com Mon Sep 19 23:37:00 2016 From: noreply at github.com (GitHub) Date: Mon, 19 Sep 2016 14:37:00 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 316387: Fix typo in rand-fortuna.c Message-ID: <57e05a7c745b2_496d3ff95fe3b140130269@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 316387f61949cf4347d7fb5dd089f5a110f67e11 https://github.com/heimdal/heimdal/commit/316387f61949cf4347d7fb5dd089f5a110f67e11 Author: Sean Davis Date: 2016-09-19 (Mon, 19 Sep 2016) Changed paths: M lib/hcrypto/rand-fortuna.c Log Message: ----------- Fix typo in rand-fortuna.c `__GNUC__` was written as `__GUNC__`, which could have interesting results as it'll never be defined. Commit: a16a9cc93984c707e190fb923f3e5666b628ad95 https://github.com/heimdal/heimdal/commit/a16a9cc93984c707e190fb923f3e5666b628ad95 Author: Jeffrey Altman Date: 2016-09-19 (Mon, 19 Sep 2016) Changed paths: M lib/hcrypto/rand-fortuna.c Log Message: ----------- Merge pull request #203 from sdigit/patch-1 Fix typo in rand-fortuna.c Compare: https://github.com/heimdal/heimdal/compare/aa87e08cc72f...a16a9cc93984 From noreply at github.com Fri Sep 30 17:37:07 2016 From: noreply at github.com (GitHub) Date: Fri, 30 Sep 2016 08:37:07 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] a3bece: lib/krb5: keep a copy of config etypes in the cont... Message-ID: <57ee86a3fed2_5c843fc70269d13459962@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: a3bece16c741723b2a04bc5b4669aba26c69bda4 https://github.com/heimdal/heimdal/commit/a3bece16c741723b2a04bc5b4669aba26c69bda4 Author: Uri Simchoni Date: 2016-09-30 (Fri, 30 Sep 2016) Changed paths: M lib/krb5/context.c M lib/krb5/krb5_locl.h Log Message: ----------- lib/krb5: keep a copy of config etypes in the context When reading configuration file, keep an extra copy of the encryption types, and use this when resetting the encryption types to default. GSSAPI always resets the enctypes to default before obtaining a TGS, because the enctypes might have previously altered, so this prevents changing the etypes from the configured ones to the full set of supported etypes. Signed-off-by: Uri Simchoni