From noreply at github.com Thu Apr 2 19:21:31 2020 From: noreply at github.com (Jeffrey Altman) Date: Thu, 02 Apr 2020 10:21:31 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] cd7656: lib/krb5: context.c do not include com_err.h Message-ID: Branch: refs/heads/jaltman/issue-634 Home: https://github.com/heimdal/heimdal Commit: cd7656f3de95bc79112b5c83ae4bd4407a83cd52 https://github.com/heimdal/heimdal/commit/cd7656f3de95bc79112b5c83ae4bd4407a83cd52 Author: Jeffrey Altman Date: 2020-04-02 (Thu, 02 Apr 2020) Changed paths: M lib/krb5/context.c Log Message: ----------- lib/krb5: context.c do not include com_err.h com_err.h is already included by krb5_locl.h. Change-Id: I283313bcc55a9d5e1b7cadf4c63b107bd1c252af Commit: ccd8b61974031bb3554203f3f3ed842421c4ee46 https://github.com/heimdal/heimdal/commit/ccd8b61974031bb3554203f3f3ed842421c4ee46 Author: Jeffrey Altman Date: 2020-04-02 (Thu, 02 Apr 2020) Changed paths: M lib/krb5/context.c M lib/krb5/krb5_locl.h Log Message: ----------- lib/krb5: initialize hdb error table for krb5_get_error_message Initialize the hdb error table so that message such as kdc-prod1 kdc[825]: Server not found in database: \ myserverprd1$@example.com: Unknown code hdb 3 become kdc-prod1 kdc[825]: Server not found in database: \ myserverprd1$@example.com: No such entry in the database Change-Id: I2b406b13dc385b7ca24b2b7f97c180a31a042c7b Compare: https://github.com/heimdal/heimdal/compare/cd7656f3de95%5E...ccd8b6197403 From noreply at github.com Tue Apr 7 20:10:48 2020 From: noreply at github.com (Luke Howard) Date: Tue, 07 Apr 2020 11:10:48 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] a53b48: hcrypto: Fix Makefile build race Message-ID: Branch: refs/heads/heimdal-7-1-branch Home: https://github.com/heimdal/heimdal Commit: a53b48f814e1ac89e56f2c2d10e22dfb9915d2b8 https://github.com/heimdal/heimdal/commit/a53b48f814e1ac89e56f2c2d10e22dfb9915d2b8 Author: Nicolas Williams Date: 2020-04-07 (Tue, 07 Apr 2020) Changed paths: M lib/hcrypto/Makefile.am Log Message: ----------- hcrypto: Fix Makefile build race Commit: c4cff6859d183a40fb35a76e2bc1ce084b3a6d67 https://github.com/heimdal/heimdal/commit/c4cff6859d183a40fb35a76e2bc1ce084b3a6d67 Author: Luke Howard Date: 2020-04-07 (Tue, 07 Apr 2020) Changed paths: M lib/hx509/Makefile.am Log Message: ----------- hx509: fix dependency, hxtool requires ASN.1 headers Compare: https://github.com/heimdal/heimdal/compare/bc216adeb602...c4cff6859d18 From noreply at github.com Sat Apr 11 02:06:33 2020 From: noreply at github.com (Luke Howard) Date: Fri, 10 Apr 2020 17:06:33 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 30bf21: gss: fix copy/paste error in gss_destroy_cred() Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 30bf21401c900c07eaac2231467aa5044dfd7bc7 https://github.com/heimdal/heimdal/commit/30bf21401c900c07eaac2231467aa5044dfd7bc7 Author: Luke Howard Date: 2020-04-11 (Sat, 11 Apr 2020) Changed paths: M lib/gssapi/mech/gss_destroy_cred.c Log Message: ----------- gss: fix copy/paste error in gss_destroy_cred() gss_destroy_cred() was missing a calling convention, instead had the import declaration twice Commit: 4f7dc7694e720e70bfbbc2373727ac849ce28515 https://github.com/heimdal/heimdal/commit/4f7dc7694e720e70bfbbc2373727ac849ce28515 Author: Luke Howard Date: 2020-04-11 (Sat, 11 Apr 2020) Changed paths: M lib/gssapi/mech/gss_aeap.c Log Message: ----------- gss: __gss_c_attr_stream_sizes_oid_desc declspec __gss_c_attr_stream_sizes_oid_desc was tagged with GSSAPI_LIB_FUNCTION instead of GSSAPI_LIB_VARIABLE; whilst the macro expansion is identical, fix for cleanliness Compare: https://github.com/heimdal/heimdal/compare/7055365f47d9...4f7dc7694e72 From noreply at github.com Sun Apr 12 18:03:15 2020 From: noreply at github.com (Luke Howard) Date: Sun, 12 Apr 2020 09:03:15 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] c5ba2c: libhcrypto: UI_UTIL_FLAG_VERIFY_SILENT Message-ID: Branch: refs/heads/jaltman/issue/616 Home: https://github.com/heimdal/heimdal Commit: c5ba2cf9233a47b48c718d205ed326733c390d32 https://github.com/heimdal/heimdal/commit/c5ba2cf9233a47b48c718d205ed326733c390d32 Author: Luke Howard Date: 2020-04-12 (Sun, 12 Apr 2020) Changed paths: M admin/add.c M appl/otp/otp.c M kadmin/ank.c M kadmin/cpw.c M kadmin/stash.c M kdc/kstash.c M kpasswd/kpasswd.c M lib/hcrypto/ui.c M lib/hcrypto/ui.h Log Message: ----------- libhcrypto: UI_UTIL_FLAG_VERIFY_SILENT (cherry picked from commit 014f16883c7c911b2804fb081e885e0571528e85) Change-Id: I566b159cc12a916981e439b6549c0d44ad2d02be From noreply at github.com Sun Apr 12 20:25:23 2020 From: noreply at github.com (Luke Howard) Date: Sun, 12 Apr 2020 11:25:23 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 1c74af: roken: add mergesort_r() Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 1c74afb01a070134446fb73d77f4f720627afd5a https://github.com/heimdal/heimdal/commit/1c74afb01a070134446fb73d77f4f720627afd5a Author: Luke Howard Date: 2020-04-12 (Sun, 12 Apr 2020) Changed paths: M cf/roken-frag.m4 M lib/roken/NTMakefile A lib/roken/mergesort.c A lib/roken/mergesort_r.c M lib/roken/roken.h.in M lib/roken/version-script.map Log Message: ----------- roken: add mergesort_r() Add mergesort_r() as a stable sort function that can be used by other components of Heimdal. Note that there is no standardized prototype for this function, however it appears that both FreeBSD and glibc would adopt the glibc convention (where the private data argument appears last). See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214248 Commit: 3b7aae7fce15de0bd9fd7334ed41f4782ee51b50 https://github.com/heimdal/heimdal/commit/3b7aae7fce15de0bd9fd7334ed41f4782ee51b50 Author: Luke Howard Date: 2020-04-12 (Sun, 12 Apr 2020) Changed paths: M lib/gssapi/spnego/accept_sec_context.c M lib/gssapi/spnego/compat.c M lib/gssapi/spnego/init_sec_context.c Log Message: ----------- gss: order SPNEGO proposed mechs by req_flags Sort the list of mechanisms proposed by the initiator so that mechanisms are preferred by their advertised support for GSS flags. For example, if GSS_C_MUTUAL_FLAG is requested, a mechanism that offers GSS_C_MA_AUTH_TARG will be preferred over one that doesn't. The flag/mechanism attribute combinations are also assigned a weight (mutual trumps anonymous, for example). Compare: https://github.com/heimdal/heimdal/compare/4f7dc7694e72...3b7aae7fce15 From noreply at github.com Mon Apr 13 01:50:38 2020 From: noreply at github.com (Luke Howard) Date: Sun, 12 Apr 2020 16:50:38 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 0cb752: gss: remove GSS_C_MA_AUTH_INIT_ANON from krb5 mech Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 0cb752258e7975dd30673aca53a9e3a010730a97 https://github.com/heimdal/heimdal/commit/0cb752258e7975dd30673aca53a9e3a010730a97 Author: Luke Howard Date: 2020-04-13 (Mon, 13 Apr 2020) Changed paths: M lib/gssapi/krb5/external.c Log Message: ----------- gss: remove GSS_C_MA_AUTH_INIT_ANON from krb5 mech Pending integration of #551, the krb5 mechanism does not support GSS_C_ANON_FLAG. Remove the GSS_C_MA_AUTH_INIT_ANON mechanism attribute until such time it does. From noreply at github.com Mon Apr 13 02:26:51 2020 From: noreply at github.com (Luke Howard) Date: Sun, 12 Apr 2020 17:26:51 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 7df019: gss: fix downlevel Windows interop regression Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 7df0195c26634576f498f1b5da18c1b479001f1b https://github.com/heimdal/heimdal/commit/7df0195c26634576f498f1b5da18c1b479001f1b Author: Luke Howard Date: 2020-04-13 (Mon, 13 Apr 2020) Changed paths: M lib/gssapi/gssapi/gssapi_oid.h M lib/gssapi/krb5/inquire_sec_context_by_oid.c M lib/gssapi/libgssapi-exports.def M lib/gssapi/mech/gss_oid.c M lib/gssapi/oid.txt M lib/gssapi/spnego/compat.c M lib/gssapi/version-script.map Log Message: ----------- gss: fix downlevel Windows interop regression The recent changes to SPNEGO removed support for GSS_C_PEER_HAS_UPDATED_SPNEGO, through which the Kerberos mechanism could indicate to SPNEGO that the peer did not suffer from SPNEGO conformance bugs present in some versions of Windows.* This patch restores this workaround, documented in [MS-SPNG] Appendix A <7> Section 3.1.5.1. Whilst improving interoperability with these admittedly now unsupported versions of Windows, it does introduce a risk that Kerberos with pre-AES ciphers could be negotiated in lieu of a stronger and more preferred mechanism. Note: this patch inverts the mechanism interface from GSS_C_PEER_HAS_UPDATED_SPNEGO to GSS_C_INQ_PEER_HAS_BUGGY_SPNEGO, so that new mechanisms (which did not ship with these older versions of Windows) are not required to implement it. * Windows 2000, Windows 2003, and Windows XP From noreply at github.com Mon Apr 13 08:40:04 2020 From: noreply at github.com (Luke Howard) Date: Sun, 12 Apr 2020 23:40:04 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 2d2d8a: gss: fix test_acquire_cred usage description Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 2d2d8a097920d32ffa0b7c11836fd545bd6bdad1 https://github.com/heimdal/heimdal/commit/2d2d8a097920d32ffa0b7c11836fd545bd6bdad1 Author: Luke Howard Date: 2020-04-13 (Mon, 13 Apr 2020) Changed paths: M lib/gssapi/test_acquire_cred.c Log Message: ----------- gss: fix test_acquire_cred usage description From noreply at github.com Mon Apr 13 13:07:15 2020 From: noreply at github.com (Luke Howard) Date: Mon, 13 Apr 2020 04:07:15 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9eb01c: gss: remove superfluous SPNEGO cred wrappers Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9eb01c66e961e8561d1ded69082bc89ecd3b4860 https://github.com/heimdal/heimdal/commit/9eb01c66e961e8561d1ded69082bc89ecd3b4860 Author: Luke Howard Date: 2020-04-13 (Mon, 13 Apr 2020) Changed paths: M lib/gssapi/spnego/cred_stubs.c M lib/gssapi/spnego/external.c Log Message: ----------- gss: remove superfluous SPNEGO cred wrappers SPNEGO credentials are mechglue credentials. SPNEGO credential wrapper functions can be replaced with direct calls into the mechglue, unless a specific check is required to avoid infinite recursion (as is the case where the mechglue enumerates all mechanism when passed a null credential handle). Commit: b73c9cc063c3837b8c773c2d0da2000b82b1c8b8 https://github.com/heimdal/heimdal/commit/b73c9cc063c3837b8c773c2d0da2000b82b1c8b8 Author: Luke Howard Date: 2020-04-13 (Mon, 13 Apr 2020) Changed paths: M lib/gssapi/spnego/external.c Log Message: ----------- gss: add support for gss_duplicate_cred() in SPNEGO The SPNEGO dispatch table does not include gss_duplicate_cred(). It can call directly into the mechglue because a SPNEGO credential is a mechglue credential. Compare: https://github.com/heimdal/heimdal/compare/2d2d8a097920...b73c9cc063c3 From noreply at github.com Mon Apr 13 17:52:35 2020 From: noreply at github.com (Jeffrey Altman) Date: Mon, 13 Apr 2020 08:52:35 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 48d701: Update ui.c Message-ID: Branch: refs/heads/jaltman/issue/616 Home: https://github.com/heimdal/heimdal Commit: 48d701a35f22a4a62fe3882823c6a07af24bd3d3 https://github.com/heimdal/heimdal/commit/48d701a35f22a4a62fe3882823c6a07af24bd3d3 Author: Jeffrey Altman Date: 2020-04-13 (Mon, 13 Apr 2020) Changed paths: M lib/hcrypto/ui.c Log Message: ----------- Update ui.c add missing braces From noreply at github.com Tue Apr 14 08:27:44 2020 From: noreply at github.com (Nico Williams) Date: Mon, 13 Apr 2020 23:27:44 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 568f77: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: 568f77d9d53457c9f2631ad05c2bbe53338e6555 https://github.com/heimdal/heimdal/commit/568f77d9d53457c9f2631ad05c2bbe53338e6555 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Tue Apr 14 08:35:41 2020 From: noreply at github.com (Nico Williams) Date: Mon, 13 Apr 2020 23:35:41 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] bfa572: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: bfa57244d063764e2f0fba9d8fb191b8b9dbafc1 https://github.com/heimdal/heimdal/commit/bfa57244d063764e2f0fba9d8fb191b8b9dbafc1 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Tue Apr 14 09:04:51 2020 From: noreply at github.com (Luke Howard) Date: Tue, 14 Apr 2020 00:04:51 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9a9aaa: gss: allow gss_set_sec_context_option() to allocat... Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9a9aaa078cdf062a87b947860a77815f4b8ae8fb https://github.com/heimdal/heimdal/commit/9a9aaa078cdf062a87b947860a77815f4b8ae8fb Author: Luke Howard Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M lib/gssapi/mech/gss_set_sec_context_option.c Log Message: ----------- gss: allow gss_set_sec_context_option() to allocate a context The prototype for gss_set_sec_context_option() allows it to return a new context, however this was not implemented. This functionality is required by GSS_KRB5_IMPORT_RFC4121_CONTEXT_X. Commit: 846c839cbffa6e588053779e23f2514ad64f5fed https://github.com/heimdal/heimdal/commit/846c839cbffa6e588053779e23f2514ad64f5fed Author: Luke Howard Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M lib/gssapi/test_context.c M tests/gss/check-context.in Log Message: ----------- gss: add tests for importing and exporting contexts Add the --export-import-context flag to test_context, for validating that security contexts round-trip through GSS_Export_sec_context() and GSS_Import_sec_context(). Commit: 73a5bc84999adb895f43fd9efc5c667f03656fdb https://github.com/heimdal/heimdal/commit/73a5bc84999adb895f43fd9efc5c667f03656fdb Author: Luke Howard Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M lib/gssapi/mech/gss_compare_name.c Log Message: ----------- gss: make gss_compare_name comply with RFC2743 Anonymous names should always compare FALSE in GSS_Compare_name(). If the names are being compared at the mechglue layer then we should check for GSS_C_NT_ANONYMOUS. Compare: https://github.com/heimdal/heimdal/compare/b73c9cc063c3...73a5bc84999a From noreply at github.com Tue Apr 14 09:20:57 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 00:20:57 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] a5717f: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: a5717ffa2bfeb1172e86a8f7f96b597b1a723365 https://github.com/heimdal/heimdal/commit/a5717ffa2bfeb1172e86a8f7f96b597b1a723365 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Tue Apr 14 09:22:15 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 00:22:15 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 35dae7: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: 35dae7406ca1fbf08aecaf97f85db2cb289f610e https://github.com/heimdal/heimdal/commit/35dae7406ca1fbf08aecaf97f85db2cb289f610e Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Tue Apr 14 09:28:36 2020 From: noreply at github.com (Luke Howard) Date: Tue, 14 Apr 2020 00:28:36 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 8fad2c: gss: don't use heim_assert() in test_context Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 8fad2cf5c38db4394cbc3b2e393cd157d13f5394 https://github.com/heimdal/heimdal/commit/8fad2cf5c38db4394cbc3b2e393cd157d13f5394 Author: Luke Howard Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M lib/gssapi/test_context.c Log Message: ----------- gss: don't use heim_assert() in test_context Use errx() rather than heim_assert() in test_context From noreply at github.com Tue Apr 14 12:03:55 2020 From: noreply at github.com (Luke Howard) Date: Tue, 14 Apr 2020 03:03:55 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] baeebd: gss: check for replays in test_context Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: baeebd4113c1b09353dbeed6f3ccc80cfbd082dc https://github.com/heimdal/heimdal/commit/baeebd4113c1b09353dbeed6f3ccc80cfbd082dc Author: Luke Howard Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M lib/gssapi/test_context.c Log Message: ----------- gss: check for replays in test_context Add GSS_C_REPLAY_FLAG to the default set of flags in test_context. From noreply at github.com Tue Apr 14 12:05:03 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 03:05:03 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 1ca2ad: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: 1ca2add843ff5faae4298709aeda851b6882790c https://github.com/heimdal/heimdal/commit/1ca2add843ff5faae4298709aeda851b6882790c Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Tue Apr 14 12:22:32 2020 From: noreply at github.com (Luke Howard) Date: Tue, 14 Apr 2020 03:22:32 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] ed4159: krb5: use memset_s() in krb5_free_keyblock_contents() Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: ed41592876c64c56b5e333abe3a86af1f5b7202d https://github.com/heimdal/heimdal/commit/ed41592876c64c56b5e333abe3a86af1f5b7202d Author: Luke Howard Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M lib/krb5/keyblock.c Log Message: ----------- krb5: use memset_s() in krb5_free_keyblock_contents() krb5_free_keyblock_contents() should use memset_s() to ensure that the key is zero'd before freeing From noreply at github.com Tue Apr 14 12:57:50 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 03:57:50 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 485d62: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: 485d62d14d6d4082366c1f6d78468d802b698915 https://github.com/heimdal/heimdal/commit/485d62d14d6d4082366c1f6d78468d802b698915 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Tue Apr 14 13:25:03 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 04:25:03 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] c2f727: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: c2f7270e01106429a691e4b9f6dc6285dcfc6518 https://github.com/heimdal/heimdal/commit/c2f7270e01106429a691e4b9f6dc6285dcfc6518 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Tue Apr 14 19:20:19 2020 From: noreply at github.com (Jeffrey Altman) Date: Tue, 14 Apr 2020 10:20:19 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 2f611f: cherry pick libhcrypto: UI_UTIL_FLAG_VERIFY_SILENT... Message-ID: Branch: refs/heads/heimdal-7-1-branch Home: https://github.com/heimdal/heimdal Commit: 2f611f7f577665fb5d2f37ce3c2ea755966022b6 https://github.com/heimdal/heimdal/commit/2f611f7f577665fb5d2f37ce3c2ea755966022b6 Author: Jeffrey Altman Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M admin/add.c M appl/otp/otp.c M kadmin/ank.c M kadmin/cpw.c M kadmin/stash.c M kdc/kstash.c M kpasswd/kpasswd.c M lib/hcrypto/ui.c M lib/hcrypto/ui.h Log Message: ----------- cherry pick libhcrypto: UI_UTIL_FLAG_VERIFY_SILENT (#690) * libhcrypto: UI_UTIL_FLAG_VERIFY_SILENT (cherry picked from commit 014f16883c7c911b2804fb081e885e0571528e85) From noreply at github.com Tue Apr 14 19:20:24 2020 From: noreply at github.com (Jeffrey Altman) Date: Tue, 14 Apr 2020 10:20:24 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/jaltman/issue/616 Home: https://github.com/heimdal/heimdal From noreply at github.com Tue Apr 14 20:00:16 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 11:00:16 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] fe666f: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: fe666fb4baa5698ecf4176b03d3913d942970a56 https://github.com/heimdal/heimdal/commit/fe666fb4baa5698ecf4176b03d3913d942970a56 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Tue Apr 14 20:25:55 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 11:25:55 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 28bd61: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: 28bd61e0db5009af3218c7ecc7f907b6d0122345 https://github.com/heimdal/heimdal/commit/28bd61e0db5009af3218c7ecc7f907b6d0122345 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Tue Apr 14 21:24:24 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 12:24:24 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 266a37: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: 266a376d1edc896e847004cfe9d7900b1caa9c77 https://github.com/heimdal/heimdal/commit/266a376d1edc896e847004cfe9d7900b1caa9c77 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Tue Apr 14 23:19:49 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 14:19:49 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 5814cb: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: 5814cb142ed64094e8c47196c36b75ed30ec5370 https://github.com/heimdal/heimdal/commit/5814cb142ed64094e8c47196c36b75ed30ec5370 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Tue Apr 14 23:39:06 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 14:39:06 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 581f10: Travis -> Coveralls Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: 581f107d12bb7cf6aa7b7ba61ce38bf8052e8611 https://github.com/heimdal/heimdal/commit/581f107d12bb7cf6aa7b7ba61ce38bf8052e8611 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Travis -> Coveralls From noreply at github.com Wed Apr 15 00:01:33 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 15:01:33 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 4ac8d4: Send coverage data from Travis to Coveralls Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 4ac8d44f14dd5d74ca7f34260b203755a3714273 https://github.com/heimdal/heimdal/commit/4ac8d44f14dd5d74ca7f34260b203755a3714273 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M .travis.yml A tools/coveralls-tool A tools/fixgcov-source-paths.sh Log Message: ----------- Send coverage data from Travis to Coveralls From noreply at github.com Wed Apr 15 00:45:05 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 15:45:05 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] a7c332: Add Coveralls badge to README.md Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: a7c332700d01caecea78b45e974957fcbe1d01c4 https://github.com/heimdal/heimdal/commit/a7c332700d01caecea78b45e974957fcbe1d01c4 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M README.md Log Message: ----------- Add Coveralls badge to README.md From noreply at github.com Wed Apr 15 01:00:51 2020 From: noreply at github.com (Luke Howard) Date: Tue, 14 Apr 2020 16:00:51 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 441144: krb5: always zero elastic storage Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 4411448bfdefc0cd72edefafd071126cceaa8071 https://github.com/heimdal/heimdal/commit/4411448bfdefc0cd72edefafd071126cceaa8071 Author: Luke Howard Date: 2020-04-15 (Wed, 15 Apr 2020) Changed paths: M lib/krb5/store_emem.c Log Message: ----------- krb5: always zero elastic storage Elastic storage (returned from krb5_storage_emem()) often contains secret keys. Ensure memory is zeroed on free using memset_s() rather than memset(). From noreply at github.com Wed Apr 15 02:24:07 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 17:24:07 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 20819f: Recover coverage on more files Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal Commit: 20819fe717d590ae83c041ab30c086e074dc724a https://github.com/heimdal/heimdal/commit/20819fe717d590ae83c041ab30c086e074dc724a Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M tools/coveralls-tool Log Message: ----------- Recover coverage on more files From noreply at github.com Wed Apr 15 03:16:06 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 18:16:06 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 3bdd07: Recover coverage data on more files Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 3bdd0745951058d212831ba89c5d43d7d58a2696 https://github.com/heimdal/heimdal/commit/3bdd0745951058d212831ba89c5d43d7d58a2696 Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M tools/coveralls-tool Log Message: ----------- Recover coverage data on more files From noreply at github.com Wed Apr 15 03:17:34 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 18:17:34 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/coveralls.io Home: https://github.com/heimdal/heimdal From noreply at github.com Wed Apr 15 03:48:42 2020 From: noreply at github.com (Nico Williams) Date: Tue, 14 Apr 2020 18:48:42 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] d28804: Fix Coveralls badge to master branch Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: d2880425e559b0babedd525765c0dae98bf24aca https://github.com/heimdal/heimdal/commit/d2880425e559b0babedd525765c0dae98bf24aca Author: Nicolas Williams Date: 2020-04-14 (Tue, 14 Apr 2020) Changed paths: M README.md Log Message: ----------- Fix Coveralls badge to master branch From noreply at github.com Wed Apr 15 08:23:53 2020 From: noreply at github.com (Luke Howard) Date: Tue, 14 Apr 2020 23:23:53 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 1611ac: krb5: allow NULL authenticator in krb5_auth_con_fr... Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 1611ac457fc9a89e39728a8b486a6633cda08b15 https://github.com/heimdal/heimdal/commit/1611ac457fc9a89e39728a8b486a6633cda08b15 Author: Luke Howard Date: 2020-04-15 (Wed, 15 Apr 2020) Changed paths: M lib/krb5/auth_context.c Log Message: ----------- krb5: allow NULL authenticator in krb5_auth_con_free() When freeing an auth context, allow the authenticator to be NULL. Useful for freeing partially allocated authentication context. Commit: b2eb5b0edf24f93b76671dad3dde7f0a81f18555 https://github.com/heimdal/heimdal/commit/b2eb5b0edf24f93b76671dad3dde7f0a81f18555 Author: Luke Howard Date: 2020-04-15 (Wed, 15 Apr 2020) Changed paths: M lib/gssapi/mech/gss_utils.c M lib/gssapi/mech/utils.h Log Message: ----------- gss: add _gss_secure_release_buffer() Add _gss_secure_release_buffer() helper function that zeros buffer Commit: 689eef20eccc74c9fbe4ecc267da88e530bcd317 https://github.com/heimdal/heimdal/commit/689eef20eccc74c9fbe4ecc267da88e530bcd317 Author: Luke Howard Date: 2020-04-15 (Wed, 15 Apr 2020) Changed paths: M lib/gssapi/mech/gss_utils.c M lib/gssapi/mech/utils.h Log Message: ----------- gss: add _gss_secure_release_buffer_set() Add _gss_secure_release_buffer_set() helper function for zeroing buffer set contents before release. Commit: 2c8fa272240f17e4d9d801abad9710c6c09f63ab https://github.com/heimdal/heimdal/commit/2c8fa272240f17e4d9d801abad9710c6c09f63ab Author: Luke Howard Date: 2020-04-15 (Wed, 15 Apr 2020) Changed paths: M lib/gssapi/krb5/export_sec_context.c M lib/gssapi/krb5/gsskrb5_locl.h M lib/gssapi/mech/gss_cred.c M lib/gssapi/mech/gss_duplicate_cred.c M lib/gssapi/mech/gss_export_sec_context.c M lib/gssapi/mech/gss_inquire_cred_by_oid.c M lib/gssapi/mech/gss_krb5.c M lib/gssapi/spnego/negoex_ctx.c Log Message: ----------- gss: use _gss_secure_release_buffer_[set] Use new helper APIs for securely zeroing and releasing buffers and buffer sets. Compare: https://github.com/heimdal/heimdal/compare/d2880425e559...2c8fa272240f From noreply at github.com Thu Apr 16 01:48:50 2020 From: noreply at github.com (Nico Williams) Date: Wed, 15 Apr 2020 16:48:50 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 98aedd: Improve coverage script a bit Message-ID: Branch: refs/heads/coverals.io Home: https://github.com/heimdal/heimdal Commit: 98aedd2684c06ce927309348275c41c02c73b7b0 https://github.com/heimdal/heimdal/commit/98aedd2684c06ce927309348275c41c02c73b7b0 Author: Nicolas Williams Date: 2020-04-15 (Wed, 15 Apr 2020) Changed paths: M .travis.yml M tools/coveralls-tool Log Message: ----------- Improve coverage script a bit From noreply at github.com Thu Apr 16 02:05:40 2020 From: noreply at github.com (Nico Williams) Date: Wed, 15 Apr 2020 17:05:40 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 354d76: Improve coverage script a bit Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 354d76f63a045c8de5b838065f745757331a57fc https://github.com/heimdal/heimdal/commit/354d76f63a045c8de5b838065f745757331a57fc Author: Nicolas Williams Date: 2020-04-15 (Wed, 15 Apr 2020) Changed paths: M .travis.yml M tools/coveralls-tool Log Message: ----------- Improve coverage script a bit From noreply at github.com Thu Apr 16 02:06:02 2020 From: noreply at github.com (Nico Williams) Date: Wed, 15 Apr 2020 17:06:02 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/coverals.io Home: https://github.com/heimdal/heimdal From noreply at github.com Thu Apr 16 02:46:01 2020 From: noreply at github.com (Luke Howard) Date: Wed, 15 Apr 2020 17:46:01 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 865fff: gss: fix typo regression in setting minor_status Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 865fffb0f5e8958afb91c95dcac2a68edbd25c04 https://github.com/heimdal/heimdal/commit/865fffb0f5e8958afb91c95dcac2a68edbd25c04 Author: Luke Howard Date: 2020-04-16 (Thu, 16 Apr 2020) Changed paths: M lib/gssapi/mech/gss_inquire_cred_by_oid.c Log Message: ----------- gss: fix typo regression in setting minor_status _gss_secure_release_buffer_set() patch changed minor_status to 0, not *minor_status as correct. No behavioural change as _gss_secure_release_buffer_set() would have set it anyway, but obviously this was unintentional. From noreply at github.com Thu Apr 16 07:20:31 2020 From: noreply at github.com (Luke Howard) Date: Wed, 15 Apr 2020 22:20:31 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 33137a: gss: allow source/target to be null on export/import Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 33137a8c8246ef239c49a103bb1484cb389f5101 https://github.com/heimdal/heimdal/commit/33137a8c8246ef239c49a103bb1484cb389f5101 Author: Luke Howard Date: 2020-04-16 (Thu, 16 Apr 2020) Changed paths: M lib/gssapi/krb5/export_sec_context.c M lib/gssapi/krb5/gsskrb5_locl.h M lib/gssapi/krb5/import_sec_context.c Log Message: ----------- gss: allow source/target to be null on export/import Allow the source and target names to be NULL when exporting or importing a security context for the krb5 mechanism. This will be used in the future to support skeletal contexts that only provide RFC4121 message protection services. From noreply at github.com Thu Apr 16 09:53:46 2020 From: noreply at github.com (Luke Howard) Date: Thu, 16 Apr 2020 00:53:46 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9eab34: gss: don't leak client_cred in test_context Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9eab344d35786444cde0eab100e976e195cc5f89 https://github.com/heimdal/heimdal/commit/9eab344d35786444cde0eab100e976e195cc5f89 Author: Luke Howard Date: 2020-04-16 (Thu, 16 Apr 2020) Changed paths: M lib/gssapi/test_context.c Log Message: ----------- gss: don't leak client_cred in test_context Don't leak client credential handle in test_context. Commit: c70540480bc357f844f4785a784ba3aac0d6f922 https://github.com/heimdal/heimdal/commit/c70540480bc357f844f4785a784ba3aac0d6f922 Author: Luke Howard Date: 2020-04-16 (Thu, 16 Apr 2020) Changed paths: M lib/gssapi/krb5/acquire_cred.c Log Message: ----------- gss: free user keytab before resolving system keytab get_client_keytab() leaked the user keytab if it resolved but we could not find the client principal. Free it before trying the system keytab. Commit: 9383a88a86a361fcd9c4e9d40cc179e99d5c8b92 https://github.com/heimdal/heimdal/commit/9383a88a86a361fcd9c4e9d40cc179e99d5c8b92 Author: Luke Howard Date: 2020-04-16 (Thu, 16 Apr 2020) Changed paths: M lib/gssapi/mech/gssspi_exchange_meta_data.c M lib/gssapi/mech/gssspi_query_meta_data.c Log Message: ----------- gss: honor allocated_ctx in gss_{exchange,query}_meta_data The NegoEx gss_{exchange,query}_meta_data functions set allocated_ctx but never did anything with it. Use it to determine whether we should free the context handle on error. Compare: https://github.com/heimdal/heimdal/compare/33137a8c8246...9383a88a86a3 From noreply at github.com Fri Apr 17 03:04:52 2020 From: noreply at github.com (Luke Howard) Date: Thu, 16 Apr 2020 18:04:52 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 26a698: gss: GSS_KRB5_IMPORT_RFC4121_CONTEXT_X / _gss_mg_i... Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 26a69856f624b2d5e375ce348d1f559e0d404a7b https://github.com/heimdal/heimdal/commit/26a69856f624b2d5e375ce348d1f559e0d404a7b Author: Luke Howard Date: 2020-04-17 (Fri, 17 Apr 2020) Changed paths: M lib/gssapi/Makefile.am M lib/gssapi/NTMakefile M lib/gssapi/gssapi/gssapi_oid.h M lib/gssapi/krb5/set_sec_context_option.c M lib/gssapi/mech/gss_oid.c A lib/gssapi/mech/gss_rfc4121.c M lib/gssapi/mech/utils.h M lib/gssapi/oid.txt Log Message: ----------- gss: GSS_KRB5_IMPORT_RFC4121_CONTEXT_X / _gss_mg_import_rfc4121_context() Add a new private interface (accessed through _gss_mg_import_rfc4121_context()) through which a skeletal krb5 mechanism context can be created, suitable for RFC4121 message protection and PRF services. From noreply at github.com Fri Apr 17 03:12:45 2020 From: noreply at github.com (Luke Howard) Date: Thu, 16 Apr 2020 18:12:45 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 419911: gss: fix gss_decapsulate_token() return codes Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 4199118c7670ebe8604b4b839850fa7e08a4077f https://github.com/heimdal/heimdal/commit/4199118c7670ebe8604b4b839850fa7e08a4077f Author: Luke Howard Date: 2020-04-17 (Fri, 17 Apr 2020) Changed paths: M lib/gssapi/mech/gss_decapsulate_token.c Log Message: ----------- gss: fix gss_decapsulate_token() return codes gss_decapsulate_token() should return GSS_S_BAD_MECH if the mechanism did not match the expected one, and GSS_S_DEFECTIVE_TOKEN if the token could not be parsed for some other reason, rather than GSS_S_FAILURE in both cases From noreply at github.com Fri Apr 17 21:37:55 2020 From: noreply at github.com (Nico Williams) Date: Fri, 17 Apr 2020 12:37:55 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 92c288: Better support for "non-standard" GSS mechs Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 92c288994ad2ecc4e6842bf74dabd0c1c21ca28f https://github.com/heimdal/heimdal/commit/92c288994ad2ecc4e6842bf74dabd0c1c21ca28f Author: Nicolas Williams Date: 2020-04-17 (Fri, 17 Apr 2020) Changed paths: M lib/gssapi/krb5/accept_sec_context.c M lib/gssapi/mech/gss_accept_sec_context.c M lib/gssapi/ntlm/accept_sec_context.c M lib/gssapi/ntlm/init_sec_context.c Log Message: ----------- Better support for "non-standard" GSS mechs If an initial security context token doesn't have a standard header per RFC2743 then try all mechanisms until one succeeds or all fail. We still try to guess NTLMSSP, raw Kerberos, and SPNEGO, from tasting the initial security context token. From noreply at github.com Tue Apr 21 07:17:55 2020 From: noreply at github.com (Luke Howard) Date: Mon, 20 Apr 2020 22:17:55 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9f3d9e: Add gss_duplicate_oid_set() Message-ID: Branch: refs/heads/pull/695/head Home: https://github.com/heimdal/heimdal Commit: 9f3d9e1a0a6c2173b44f019b46134f0da2a00797 https://github.com/heimdal/heimdal/commit/9f3d9e1a0a6c2173b44f019b46134f0da2a00797 Author: Nicolas Williams Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/Makefile.am M lib/gssapi/NTMakefile M lib/gssapi/gssapi/gssapi.h M lib/gssapi/libgssapi-exports.def A lib/gssapi/mech/gss_duplicate_oid_set.c M lib/gssapi/version-script.map Log Message: ----------- Add gss_duplicate_oid_set() Commit: 2ec9e1704287a7a31c696fd92c577eb8fb88b7bc https://github.com/heimdal/heimdal/commit/2ec9e1704287a7a31c696fd92c577eb8fb88b7bc Author: Luke Howard Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/mech/gss_add_oid_set_member.c Log Message: ----------- gss: intern OID before adding to OID set gss_add_oid_set_member() should according to RFC2744 add a copy of the OID to the set; the current implementation just stored a pointer (which may not be stable). As we have _gss_intern_oid(), call that before adding. Commit: 9f5e7507bbb9bdb41883ea47a235b01de23ce7db https://github.com/heimdal/heimdal/commit/9f5e7507bbb9bdb41883ea47a235b01de23ce7db Author: Nicolas Williams Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/Makefile.am M lib/gssapi/NTMakefile M lib/gssapi/gssapi_mech.h M lib/gssapi/krb5/external.c M lib/gssapi/mech/cred.c M lib/gssapi/mech/cred.h M lib/gssapi/mech/gss_acquire_cred_from.c M lib/gssapi/mech/gss_add_cred_from.c M lib/gssapi/mech/gss_cred.c M lib/gssapi/mech/gss_get_neg_mechs.c M lib/gssapi/mech/gss_inquire_cred.c M lib/gssapi/mech/gss_mech_switch.c M lib/gssapi/mech/gss_set_neg_mechs.c M lib/gssapi/netlogon/external.c M lib/gssapi/ntlm/external.c M lib/gssapi/spnego/accept_sec_context.c M lib/gssapi/spnego/compat.c R lib/gssapi/spnego/cred_stubs.c M lib/gssapi/spnego/external.c M lib/gssapi/test_context.c Log Message: ----------- Properly implement neg_mechs & GM_USE_MG_CRED SPNEGO was already using union creds. Now make the mechglue know about it, delete all of the cred-related SPNEGO stubs that are now not called (lib/gssapi/spnego/cred_stubs.c), and implement gss_get/set_neg_mechs() by storing the OID set in the union cred. Commit: 51a701b396fa3e6c0972b2af5e05be501a3f1215 https://github.com/heimdal/heimdal/commit/51a701b396fa3e6c0972b2af5e05be501a3f1215 Author: Luke Howard Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/gssapi/gssapi.h M lib/gssapi/libgssapi-exports.def M lib/gssapi/mech/cred.c M lib/gssapi/version-script.map Log Message: ----------- gss: remove gss_release_cred_by_mech() gss_release_cred_by_mech() was previously used by SPNEGO's implementation of gss_set_neg_mechs(). This is now implemented in the mechanism glue. As we never shipped gss_release_cred_by_mech(), it is safe to remove it and its exported symbol. Compare: https://github.com/heimdal/heimdal/compare/9f3d9e1a0a6c%5E...51a701b396fa From noreply at github.com Tue Apr 21 07:19:49 2020 From: noreply at github.com (Nico Williams) Date: Mon, 20 Apr 2020 22:19:49 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/pull/695/head Home: https://github.com/heimdal/heimdal From noreply at github.com Tue Apr 21 07:19:55 2020 From: noreply at github.com (Luke Howard) Date: Mon, 20 Apr 2020 22:19:55 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9f3d9e: Add gss_duplicate_oid_set() Message-ID: Branch: refs/heads/pull/695 Home: https://github.com/heimdal/heimdal Commit: 9f3d9e1a0a6c2173b44f019b46134f0da2a00797 https://github.com/heimdal/heimdal/commit/9f3d9e1a0a6c2173b44f019b46134f0da2a00797 Author: Nicolas Williams Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/Makefile.am M lib/gssapi/NTMakefile M lib/gssapi/gssapi/gssapi.h M lib/gssapi/libgssapi-exports.def A lib/gssapi/mech/gss_duplicate_oid_set.c M lib/gssapi/version-script.map Log Message: ----------- Add gss_duplicate_oid_set() Commit: 2ec9e1704287a7a31c696fd92c577eb8fb88b7bc https://github.com/heimdal/heimdal/commit/2ec9e1704287a7a31c696fd92c577eb8fb88b7bc Author: Luke Howard Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/mech/gss_add_oid_set_member.c Log Message: ----------- gss: intern OID before adding to OID set gss_add_oid_set_member() should according to RFC2744 add a copy of the OID to the set; the current implementation just stored a pointer (which may not be stable). As we have _gss_intern_oid(), call that before adding. Commit: 9f5e7507bbb9bdb41883ea47a235b01de23ce7db https://github.com/heimdal/heimdal/commit/9f5e7507bbb9bdb41883ea47a235b01de23ce7db Author: Nicolas Williams Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/Makefile.am M lib/gssapi/NTMakefile M lib/gssapi/gssapi_mech.h M lib/gssapi/krb5/external.c M lib/gssapi/mech/cred.c M lib/gssapi/mech/cred.h M lib/gssapi/mech/gss_acquire_cred_from.c M lib/gssapi/mech/gss_add_cred_from.c M lib/gssapi/mech/gss_cred.c M lib/gssapi/mech/gss_get_neg_mechs.c M lib/gssapi/mech/gss_inquire_cred.c M lib/gssapi/mech/gss_mech_switch.c M lib/gssapi/mech/gss_set_neg_mechs.c M lib/gssapi/netlogon/external.c M lib/gssapi/ntlm/external.c M lib/gssapi/spnego/accept_sec_context.c M lib/gssapi/spnego/compat.c R lib/gssapi/spnego/cred_stubs.c M lib/gssapi/spnego/external.c M lib/gssapi/test_context.c Log Message: ----------- Properly implement neg_mechs & GM_USE_MG_CRED SPNEGO was already using union creds. Now make the mechglue know about it, delete all of the cred-related SPNEGO stubs that are now not called (lib/gssapi/spnego/cred_stubs.c), and implement gss_get/set_neg_mechs() by storing the OID set in the union cred. Commit: 51a701b396fa3e6c0972b2af5e05be501a3f1215 https://github.com/heimdal/heimdal/commit/51a701b396fa3e6c0972b2af5e05be501a3f1215 Author: Luke Howard Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/gssapi/gssapi.h M lib/gssapi/libgssapi-exports.def M lib/gssapi/mech/cred.c M lib/gssapi/version-script.map Log Message: ----------- gss: remove gss_release_cred_by_mech() gss_release_cred_by_mech() was previously used by SPNEGO's implementation of gss_set_neg_mechs(). This is now implemented in the mechanism glue. As we never shipped gss_release_cred_by_mech(), it is safe to remove it and its exported symbol. Compare: https://github.com/heimdal/heimdal/compare/9f3d9e1a0a6c%5E...51a701b396fa From noreply at github.com Tue Apr 21 07:35:33 2020 From: noreply at github.com (Luke Howard) Date: Mon, 20 Apr 2020 22:35:33 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 9f3d9e: Add gss_duplicate_oid_set() Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 9f3d9e1a0a6c2173b44f019b46134f0da2a00797 https://github.com/heimdal/heimdal/commit/9f3d9e1a0a6c2173b44f019b46134f0da2a00797 Author: Nicolas Williams Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/Makefile.am M lib/gssapi/NTMakefile M lib/gssapi/gssapi/gssapi.h M lib/gssapi/libgssapi-exports.def A lib/gssapi/mech/gss_duplicate_oid_set.c M lib/gssapi/version-script.map Log Message: ----------- Add gss_duplicate_oid_set() Commit: 2ec9e1704287a7a31c696fd92c577eb8fb88b7bc https://github.com/heimdal/heimdal/commit/2ec9e1704287a7a31c696fd92c577eb8fb88b7bc Author: Luke Howard Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/mech/gss_add_oid_set_member.c Log Message: ----------- gss: intern OID before adding to OID set gss_add_oid_set_member() should according to RFC2744 add a copy of the OID to the set; the current implementation just stored a pointer (which may not be stable). As we have _gss_intern_oid(), call that before adding. Commit: a54761d68ad995ea6c4c3f5f1bad2b2732837499 https://github.com/heimdal/heimdal/commit/a54761d68ad995ea6c4c3f5f1bad2b2732837499 Author: Nicolas Williams Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/Makefile.am M lib/gssapi/NTMakefile M lib/gssapi/gssapi_mech.h M lib/gssapi/krb5/external.c M lib/gssapi/mech/cred.c M lib/gssapi/mech/cred.h M lib/gssapi/mech/gss_acquire_cred_from.c M lib/gssapi/mech/gss_add_cred_from.c M lib/gssapi/mech/gss_cred.c M lib/gssapi/mech/gss_get_neg_mechs.c M lib/gssapi/mech/gss_inquire_cred.c M lib/gssapi/mech/gss_mech_switch.c M lib/gssapi/mech/gss_set_neg_mechs.c M lib/gssapi/netlogon/external.c M lib/gssapi/ntlm/external.c M lib/gssapi/spnego/accept_sec_context.c M lib/gssapi/spnego/compat.c R lib/gssapi/spnego/cred_stubs.c M lib/gssapi/spnego/external.c M lib/gssapi/test_context.c Log Message: ----------- Properly implement neg_mechs & GM_USE_MG_CRED SPNEGO was already using union creds. Now make the mechglue know about it, delete all of the cred-related SPNEGO stubs that are now not called (lib/gssapi/spnego/cred_stubs.c), and implement gss_get/set_neg_mechs() by storing the OID set in the union cred. This commit was essentially authored as much if not more by Luke Howard as much as by the listed author. Commit: 3bfe62df6aba26f20de4356196f92bc12a8db2f9 https://github.com/heimdal/heimdal/commit/3bfe62df6aba26f20de4356196f92bc12a8db2f9 Author: Luke Howard Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/gssapi/gssapi.h M lib/gssapi/libgssapi-exports.def M lib/gssapi/mech/cred.c M lib/gssapi/version-script.map Log Message: ----------- gss: remove gss_release_cred_by_mech() gss_release_cred_by_mech() was previously used by SPNEGO's implementation of gss_set_neg_mechs(). This is now implemented in the mechanism glue. As we never shipped gss_release_cred_by_mech(), it is safe to remove it and its exported symbol. Compare: https://github.com/heimdal/heimdal/compare/92c288994ad2...3bfe62df6aba From noreply at github.com Tue Apr 21 07:36:15 2020 From: noreply at github.com (Nico Williams) Date: Mon, 20 Apr 2020 22:36:15 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/pull/695 Home: https://github.com/heimdal/heimdal From noreply at github.com Wed Apr 22 02:52:23 2020 From: noreply at github.com (Nico Williams) Date: Tue, 21 Apr 2020 17:52:23 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] e48e75: Better support for "non-standard" GSS mechs (fix) Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: e48e75cd229d890a7de3ab12ca5ac3fc5626af03 https://github.com/heimdal/heimdal/commit/e48e75cd229d890a7de3ab12ca5ac3fc5626af03 Author: Nicolas Williams Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/mech/gss_accept_sec_context.c Log Message: ----------- Better support for "non-standard" GSS mechs (fix) Commit: 7181c109d00802c7b2ba5fc0f038468628f17cc7 https://github.com/heimdal/heimdal/commit/7181c109d00802c7b2ba5fc0f038468628f17cc7 Author: Nicolas Williams Date: 2020-04-21 (Tue, 21 Apr 2020) Changed paths: M lib/gssapi/mech/cred.c Log Message: ----------- Properly implement neg_mechs & GM_USE_MG_CRED (fix) Compare: https://github.com/heimdal/heimdal/compare/3bfe62df6aba...7181c109d008 From noreply at github.com Fri Apr 24 04:00:09 2020 From: noreply at github.com (Luke Howard) Date: Thu, 23 Apr 2020 19:00:09 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] c403b6: hcrypto: import libtommath v1.2.0 Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: c403b660825f0f99451a805408f6a8ef354d1cd7 https://github.com/heimdal/heimdal/commit/c403b660825f0f99451a805408f6a8ef354d1cd7 Author: Luke Howard Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M lib/hcrypto/libtommath/LICENSE A lib/hcrypto/libtommath/README.md R lib/hcrypto/libtommath/VERSION A lib/hcrypto/libtommath/appveyor.yml A lib/hcrypto/libtommath/astylerc R lib/hcrypto/libtommath/bn.ilg R lib/hcrypto/libtommath/bn.ind R lib/hcrypto/libtommath/bn.pdf R lib/hcrypto/libtommath/bn.tex A lib/hcrypto/libtommath/bn_cutoffs.c A lib/hcrypto/libtommath/bn_deprecated.c R lib/hcrypto/libtommath/bn_error.c R lib/hcrypto/libtommath/bn_fast_mp_invmod.c R lib/hcrypto/libtommath/bn_fast_mp_montgomery_reduce.c R lib/hcrypto/libtommath/bn_fast_s_mp_mul_digs.c R lib/hcrypto/libtommath/bn_fast_s_mp_mul_high_digs.c R lib/hcrypto/libtommath/bn_fast_s_mp_sqr.c M lib/hcrypto/libtommath/bn_mp_2expt.c M lib/hcrypto/libtommath/bn_mp_abs.c M lib/hcrypto/libtommath/bn_mp_add.c M lib/hcrypto/libtommath/bn_mp_add_d.c M lib/hcrypto/libtommath/bn_mp_addmod.c M lib/hcrypto/libtommath/bn_mp_and.c M lib/hcrypto/libtommath/bn_mp_clamp.c M lib/hcrypto/libtommath/bn_mp_clear.c M lib/hcrypto/libtommath/bn_mp_clear_multi.c M lib/hcrypto/libtommath/bn_mp_cmp.c M lib/hcrypto/libtommath/bn_mp_cmp_d.c M lib/hcrypto/libtommath/bn_mp_cmp_mag.c M lib/hcrypto/libtommath/bn_mp_cnt_lsb.c A lib/hcrypto/libtommath/bn_mp_complement.c M lib/hcrypto/libtommath/bn_mp_copy.c M lib/hcrypto/libtommath/bn_mp_count_bits.c A lib/hcrypto/libtommath/bn_mp_decr.c M lib/hcrypto/libtommath/bn_mp_div.c M lib/hcrypto/libtommath/bn_mp_div_2.c M lib/hcrypto/libtommath/bn_mp_div_2d.c M lib/hcrypto/libtommath/bn_mp_div_3.c M lib/hcrypto/libtommath/bn_mp_div_d.c M lib/hcrypto/libtommath/bn_mp_dr_is_modulus.c M lib/hcrypto/libtommath/bn_mp_dr_reduce.c M lib/hcrypto/libtommath/bn_mp_dr_setup.c A lib/hcrypto/libtommath/bn_mp_error_to_string.c M lib/hcrypto/libtommath/bn_mp_exch.c R lib/hcrypto/libtommath/bn_mp_expt_d.c A lib/hcrypto/libtommath/bn_mp_expt_u32.c M lib/hcrypto/libtommath/bn_mp_exptmod.c R lib/hcrypto/libtommath/bn_mp_exptmod_fast.c M lib/hcrypto/libtommath/bn_mp_exteuclid.c R lib/hcrypto/libtommath/bn_mp_find_prime.c M lib/hcrypto/libtommath/bn_mp_fread.c A lib/hcrypto/libtommath/bn_mp_from_sbin.c A lib/hcrypto/libtommath/bn_mp_from_ubin.c M lib/hcrypto/libtommath/bn_mp_fwrite.c M lib/hcrypto/libtommath/bn_mp_gcd.c A lib/hcrypto/libtommath/bn_mp_get_double.c A lib/hcrypto/libtommath/bn_mp_get_i32.c A lib/hcrypto/libtommath/bn_mp_get_i64.c R lib/hcrypto/libtommath/bn_mp_get_int.c A lib/hcrypto/libtommath/bn_mp_get_l.c A lib/hcrypto/libtommath/bn_mp_get_ll.c A lib/hcrypto/libtommath/bn_mp_get_mag_u32.c A lib/hcrypto/libtommath/bn_mp_get_mag_u64.c A lib/hcrypto/libtommath/bn_mp_get_mag_ul.c A lib/hcrypto/libtommath/bn_mp_get_mag_ull.c M lib/hcrypto/libtommath/bn_mp_grow.c A lib/hcrypto/libtommath/bn_mp_incr.c M lib/hcrypto/libtommath/bn_mp_init.c M lib/hcrypto/libtommath/bn_mp_init_copy.c A lib/hcrypto/libtommath/bn_mp_init_i32.c A lib/hcrypto/libtommath/bn_mp_init_i64.c A lib/hcrypto/libtommath/bn_mp_init_l.c A lib/hcrypto/libtommath/bn_mp_init_ll.c M lib/hcrypto/libtommath/bn_mp_init_multi.c M lib/hcrypto/libtommath/bn_mp_init_set.c R lib/hcrypto/libtommath/bn_mp_init_set_int.c M lib/hcrypto/libtommath/bn_mp_init_size.c A lib/hcrypto/libtommath/bn_mp_init_u32.c A lib/hcrypto/libtommath/bn_mp_init_u64.c A lib/hcrypto/libtommath/bn_mp_init_ul.c A lib/hcrypto/libtommath/bn_mp_init_ull.c M lib/hcrypto/libtommath/bn_mp_invmod.c R lib/hcrypto/libtommath/bn_mp_invmod_slow.c M lib/hcrypto/libtommath/bn_mp_is_square.c A lib/hcrypto/libtommath/bn_mp_iseven.c A lib/hcrypto/libtommath/bn_mp_isodd.c R lib/hcrypto/libtommath/bn_mp_jacobi.c R lib/hcrypto/libtommath/bn_mp_karatsuba_mul.c R lib/hcrypto/libtommath/bn_mp_karatsuba_sqr.c A lib/hcrypto/libtommath/bn_mp_kronecker.c M lib/hcrypto/libtommath/bn_mp_lcm.c A lib/hcrypto/libtommath/bn_mp_log_u32.c M lib/hcrypto/libtommath/bn_mp_lshd.c M lib/hcrypto/libtommath/bn_mp_mod.c M lib/hcrypto/libtommath/bn_mp_mod_2d.c M lib/hcrypto/libtommath/bn_mp_mod_d.c M lib/hcrypto/libtommath/bn_mp_montgomery_calc_normalization.c M lib/hcrypto/libtommath/bn_mp_montgomery_reduce.c M lib/hcrypto/libtommath/bn_mp_montgomery_setup.c M lib/hcrypto/libtommath/bn_mp_mul.c M lib/hcrypto/libtommath/bn_mp_mul_2.c M lib/hcrypto/libtommath/bn_mp_mul_2d.c M lib/hcrypto/libtommath/bn_mp_mul_d.c M lib/hcrypto/libtommath/bn_mp_mulmod.c R lib/hcrypto/libtommath/bn_mp_n_root.c M lib/hcrypto/libtommath/bn_mp_neg.c M lib/hcrypto/libtommath/bn_mp_or.c A lib/hcrypto/libtommath/bn_mp_pack.c A lib/hcrypto/libtommath/bn_mp_pack_count.c M lib/hcrypto/libtommath/bn_mp_prime_fermat.c A lib/hcrypto/libtommath/bn_mp_prime_frobenius_underwood.c R lib/hcrypto/libtommath/bn_mp_prime_is_divisible.c M lib/hcrypto/libtommath/bn_mp_prime_is_prime.c M lib/hcrypto/libtommath/bn_mp_prime_miller_rabin.c M lib/hcrypto/libtommath/bn_mp_prime_next_prime.c M lib/hcrypto/libtommath/bn_mp_prime_rabin_miller_trials.c A lib/hcrypto/libtommath/bn_mp_prime_rand.c R lib/hcrypto/libtommath/bn_mp_prime_random_ex.c A lib/hcrypto/libtommath/bn_mp_prime_strong_lucas_selfridge.c M lib/hcrypto/libtommath/bn_mp_radix_size.c M lib/hcrypto/libtommath/bn_mp_radix_smap.c M lib/hcrypto/libtommath/bn_mp_rand.c M lib/hcrypto/libtommath/bn_mp_read_radix.c R lib/hcrypto/libtommath/bn_mp_read_signed_bin.c R lib/hcrypto/libtommath/bn_mp_read_unsigned_bin.c M lib/hcrypto/libtommath/bn_mp_reduce.c M lib/hcrypto/libtommath/bn_mp_reduce_2k.c M lib/hcrypto/libtommath/bn_mp_reduce_2k_l.c M lib/hcrypto/libtommath/bn_mp_reduce_2k_setup.c M lib/hcrypto/libtommath/bn_mp_reduce_2k_setup_l.c M lib/hcrypto/libtommath/bn_mp_reduce_is_2k.c M lib/hcrypto/libtommath/bn_mp_reduce_is_2k_l.c M lib/hcrypto/libtommath/bn_mp_reduce_setup.c A lib/hcrypto/libtommath/bn_mp_root_u32.c M lib/hcrypto/libtommath/bn_mp_rshd.c A lib/hcrypto/libtommath/bn_mp_sbin_size.c M lib/hcrypto/libtommath/bn_mp_set.c A lib/hcrypto/libtommath/bn_mp_set_double.c A lib/hcrypto/libtommath/bn_mp_set_i32.c A lib/hcrypto/libtommath/bn_mp_set_i64.c R lib/hcrypto/libtommath/bn_mp_set_int.c A lib/hcrypto/libtommath/bn_mp_set_l.c A lib/hcrypto/libtommath/bn_mp_set_ll.c A lib/hcrypto/libtommath/bn_mp_set_u32.c A lib/hcrypto/libtommath/bn_mp_set_u64.c A lib/hcrypto/libtommath/bn_mp_set_ul.c A lib/hcrypto/libtommath/bn_mp_set_ull.c M lib/hcrypto/libtommath/bn_mp_shrink.c R lib/hcrypto/libtommath/bn_mp_signed_bin_size.c A lib/hcrypto/libtommath/bn_mp_signed_rsh.c M lib/hcrypto/libtommath/bn_mp_sqr.c M lib/hcrypto/libtommath/bn_mp_sqrmod.c M lib/hcrypto/libtommath/bn_mp_sqrt.c A lib/hcrypto/libtommath/bn_mp_sqrtmod_prime.c M lib/hcrypto/libtommath/bn_mp_sub.c M lib/hcrypto/libtommath/bn_mp_sub_d.c M lib/hcrypto/libtommath/bn_mp_submod.c A lib/hcrypto/libtommath/bn_mp_to_radix.c A lib/hcrypto/libtommath/bn_mp_to_sbin.c R lib/hcrypto/libtommath/bn_mp_to_signed_bin.c R lib/hcrypto/libtommath/bn_mp_to_signed_bin_n.c A lib/hcrypto/libtommath/bn_mp_to_ubin.c R lib/hcrypto/libtommath/bn_mp_to_unsigned_bin.c R lib/hcrypto/libtommath/bn_mp_to_unsigned_bin_n.c R lib/hcrypto/libtommath/bn_mp_toom_mul.c R lib/hcrypto/libtommath/bn_mp_toom_sqr.c R lib/hcrypto/libtommath/bn_mp_toradix.c R lib/hcrypto/libtommath/bn_mp_toradix_n.c A lib/hcrypto/libtommath/bn_mp_ubin_size.c A lib/hcrypto/libtommath/bn_mp_unpack.c R lib/hcrypto/libtommath/bn_mp_unsigned_bin_size.c M lib/hcrypto/libtommath/bn_mp_xor.c M lib/hcrypto/libtommath/bn_mp_zero.c R lib/hcrypto/libtommath/bn_mp_zero_multi.c M lib/hcrypto/libtommath/bn_prime_tab.c R lib/hcrypto/libtommath/bn_reverse.c M lib/hcrypto/libtommath/bn_s_mp_add.c A lib/hcrypto/libtommath/bn_s_mp_balance_mul.c M lib/hcrypto/libtommath/bn_s_mp_exptmod.c A lib/hcrypto/libtommath/bn_s_mp_exptmod_fast.c A lib/hcrypto/libtommath/bn_s_mp_get_bit.c A lib/hcrypto/libtommath/bn_s_mp_invmod_fast.c A lib/hcrypto/libtommath/bn_s_mp_invmod_slow.c A lib/hcrypto/libtommath/bn_s_mp_karatsuba_mul.c A lib/hcrypto/libtommath/bn_s_mp_karatsuba_sqr.c A lib/hcrypto/libtommath/bn_s_mp_montgomery_reduce_fast.c M lib/hcrypto/libtommath/bn_s_mp_mul_digs.c A lib/hcrypto/libtommath/bn_s_mp_mul_digs_fast.c M lib/hcrypto/libtommath/bn_s_mp_mul_high_digs.c A lib/hcrypto/libtommath/bn_s_mp_mul_high_digs_fast.c A lib/hcrypto/libtommath/bn_s_mp_prime_is_divisible.c A lib/hcrypto/libtommath/bn_s_mp_rand_jenkins.c A lib/hcrypto/libtommath/bn_s_mp_rand_platform.c A lib/hcrypto/libtommath/bn_s_mp_reverse.c M lib/hcrypto/libtommath/bn_s_mp_sqr.c A lib/hcrypto/libtommath/bn_s_mp_sqr_fast.c M lib/hcrypto/libtommath/bn_s_mp_sub.c A lib/hcrypto/libtommath/bn_s_mp_toom_mul.c A lib/hcrypto/libtommath/bn_s_mp_toom_sqr.c R lib/hcrypto/libtommath/bncore.c R lib/hcrypto/libtommath/booker.pl R lib/hcrypto/libtommath/callgraph.txt M lib/hcrypto/libtommath/changes.txt R lib/hcrypto/libtommath/demo/demo.c A lib/hcrypto/libtommath/demo/mtest_opponent.c A lib/hcrypto/libtommath/demo/shared.c A lib/hcrypto/libtommath/demo/shared.h A lib/hcrypto/libtommath/demo/test.c M lib/hcrypto/libtommath/demo/timing.c R lib/hcrypto/libtommath/dep.pl A lib/hcrypto/libtommath/doc/bn.pdf A lib/hcrypto/libtommath/doc/bn.tex M lib/hcrypto/libtommath/etc/2kprime.c M lib/hcrypto/libtommath/etc/drprime.c M lib/hcrypto/libtommath/etc/makefile M lib/hcrypto/libtommath/etc/makefile.icc M lib/hcrypto/libtommath/etc/makefile.msvc M lib/hcrypto/libtommath/etc/mersenne.c M lib/hcrypto/libtommath/etc/mont.c M lib/hcrypto/libtommath/etc/pprime.c M lib/hcrypto/libtommath/etc/timer.asm M lib/hcrypto/libtommath/etc/tune.c A lib/hcrypto/libtommath/etc/tune_it.sh M lib/hcrypto/libtommath/gen.pl A lib/hcrypto/libtommath/helper.pl R lib/hcrypto/libtommath/libtommath.dsp A lib/hcrypto/libtommath/libtommath.pc.in A lib/hcrypto/libtommath/libtommath_VS2008.sln A lib/hcrypto/libtommath/libtommath_VS2008.vcproj M lib/hcrypto/libtommath/logs/README M lib/hcrypto/libtommath/logs/add.log M lib/hcrypto/libtommath/logs/addsub.png M lib/hcrypto/libtommath/logs/expt.log M lib/hcrypto/libtommath/logs/expt.png M lib/hcrypto/libtommath/logs/expt_2k.log M lib/hcrypto/libtommath/logs/expt_2kl.log M lib/hcrypto/libtommath/logs/expt_dr.log M lib/hcrypto/libtommath/logs/graphs.dem M lib/hcrypto/libtommath/logs/invmod.log M lib/hcrypto/libtommath/logs/invmod.png M lib/hcrypto/libtommath/logs/mult.log M lib/hcrypto/libtommath/logs/mult.png M lib/hcrypto/libtommath/logs/mult_kara.log M lib/hcrypto/libtommath/logs/sqr.log M lib/hcrypto/libtommath/logs/sqr_kara.log M lib/hcrypto/libtommath/logs/sub.log M lib/hcrypto/libtommath/makefile R lib/hcrypto/libtommath/makefile.bcc R lib/hcrypto/libtommath/makefile.cygwin_dll R lib/hcrypto/libtommath/makefile.icc A lib/hcrypto/libtommath/makefile.mingw M lib/hcrypto/libtommath/makefile.msvc M lib/hcrypto/libtommath/makefile.shared A lib/hcrypto/libtommath/makefile.unix A lib/hcrypto/libtommath/makefile_include.mk R lib/hcrypto/libtommath/mess.sh M lib/hcrypto/libtommath/mtest/logtab.h M lib/hcrypto/libtommath/mtest/mpi-config.h M lib/hcrypto/libtommath/mtest/mpi-types.h M lib/hcrypto/libtommath/mtest/mpi.c M lib/hcrypto/libtommath/mtest/mpi.h M lib/hcrypto/libtommath/mtest/mtest.c R lib/hcrypto/libtommath/pics/design_process.sxd R lib/hcrypto/libtommath/pics/design_process.tif R lib/hcrypto/libtommath/pics/expt_state.sxd R lib/hcrypto/libtommath/pics/expt_state.tif R lib/hcrypto/libtommath/pics/makefile R lib/hcrypto/libtommath/pics/primality.tif R lib/hcrypto/libtommath/pics/radix.sxd R lib/hcrypto/libtommath/pics/sliding_window.sxd R lib/hcrypto/libtommath/pics/sliding_window.tif R lib/hcrypto/libtommath/poster.out R lib/hcrypto/libtommath/poster.pdf R lib/hcrypto/libtommath/poster.tex A lib/hcrypto/libtommath/pre_gen/mpi.c R lib/hcrypto/libtommath/pretty.build A lib/hcrypto/libtommath/testme.sh R lib/hcrypto/libtommath/tombc/grammar.txt A lib/hcrypto/libtommath/tommath.def M lib/hcrypto/libtommath/tommath.h R lib/hcrypto/libtommath/tommath.out R lib/hcrypto/libtommath/tommath.pdf R lib/hcrypto/libtommath/tommath.src R lib/hcrypto/libtommath/tommath.tex M lib/hcrypto/libtommath/tommath_class.h A lib/hcrypto/libtommath/tommath_cutoffs.h A lib/hcrypto/libtommath/tommath_private.h M lib/hcrypto/libtommath/tommath_superclass.h Log Message: ----------- hcrypto: import libtommath v1.2.0 Commit: 7eb397834e596ddb28bc0d3ce720b86b3d8d12a9 https://github.com/heimdal/heimdal/commit/7eb397834e596ddb28bc0d3ce720b86b3d8d12a9 Author: Luke Howard Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M .gitignore M lib/hcrypto/Makefile.am M lib/hcrypto/libtommath/NTMakefile M lib/hcrypto/libtommath/bn_s_mp_rand_platform.c M lib/hcrypto/rsa-ltm.c Log Message: ----------- hcrypto: make libtommath v1.2.0 work with Heimdal Commit: dfb1e6fcf8e1b7b0ed507f32ad91e531ea3bcd3e https://github.com/heimdal/heimdal/commit/dfb1e6fcf8e1b7b0ed507f32ad91e531ea3bcd3e Author: Luke Howard Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M lib/hcrypto/rsa-ltm.c Log Message: ----------- hcrypto: trim number of trials in prime number generation Reduce the number of trials when generating RSA keys by calling mp_prime_rabin_miller_trials() with the number of desired bits. See libtom/libtommath#482. Compare: https://github.com/heimdal/heimdal/compare/7181c109d008...dfb1e6fcf8e1 From noreply at github.com Fri Apr 24 07:08:10 2020 From: noreply at github.com (Luke Howard) Date: Thu, 23 Apr 2020 22:08:10 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 8d19f3: gss: pass mechanism error tokens through SPNEGO Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 8d19f3f47f0dbe6b1e00c8b50b7c042d873e3118 https://github.com/heimdal/heimdal/commit/8d19f3f47f0dbe6b1e00c8b50b7c042d873e3118 Author: Luke Howard Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M lib/gssapi/spnego/accept_sec_context.c M lib/gssapi/spnego/init_sec_context.c Log Message: ----------- gss: pass mechanism error tokens through SPNEGO Fix for issue #486 based on a patch by Nico Williams. A GSS-API acceptor can return an error token to be sent to the initiator. Our SPNEGO implementation discarded these when sending a SPNEGO reject response. This patch fixes the SPNEGO acceptor to convey those in the SPNEGO response. The SPNEGO initiator is also updated to not bail out early on receiving a SPNEGO reject response from the acceptor, but instead pass the response token (if any) to gss_init_sec_context(). A reject response with no response token will continue to return an error. From noreply at github.com Fri Apr 24 23:03:21 2020 From: noreply at github.com (Nico Williams) Date: Fri, 24 Apr 2020 14:03:21 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 5eade2: com_err: make error_table_name() thread-safe Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 5eade227ce278e70dde5fa00f91957b39476f85b https://github.com/heimdal/heimdal/commit/5eade227ce278e70dde5fa00f91957b39476f85b Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M lib/com_err/com_err.c Log Message: ----------- com_err: make error_table_name() thread-safe Commit: 78a21fdd95925cd7f4733aea2ec790db4d6f36b7 https://github.com/heimdal/heimdal/commit/78a21fdd95925cd7f4733aea2ec790db4d6f36b7 Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M lib/base/NTMakefile M lib/base/context.c M lib/base/version-script.map M lib/krb5/context.c Log Message: ----------- Move more config file code from krb5 to base Commit: 679bcb687286fa72ed7dead3984d9eeb7252661e https://github.com/heimdal/heimdal/commit/679bcb687286fa72ed7dead3984d9eeb7252661e Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M lib/base/context.c M lib/hx509/cert.c M lib/hx509/hx_locl.h M lib/krb5/context.c Log Message: ----------- hx509: Add hx509.conf support Just like krb5.conf, but hx509.conf, with all the same default locations on Windows, OS X, and elsewhere, and HX509_CONFIG as the environment variable equivalent of KRB5_CONFIG. Commit: 01509f553dcc19cf0aef3a175ffc4c1f5b39762f https://github.com/heimdal/heimdal/commit/01509f553dcc19cf0aef3a175ffc4c1f5b39762f Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M kdc/bx509d.c M kdc/kdc_locl.h M kdc/process.c M lib/base/Makefile.am M lib/base/NTMakefile M lib/base/context.c A lib/base/heimbase-svc.h M lib/base/heimbase.h M lib/base/log.c M lib/base/version-script.map Log Message: ----------- Move KDC audit functionality to lib/base/ Commit: e2d435cf2f4efdd2c4afe9e1f97dad902e52b773 https://github.com/heimdal/heimdal/commit/e2d435cf2f4efdd2c4afe9e1f97dad902e52b773 Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: A lib/base/error_string.c R lib/krb5/error_string.c Log Message: ----------- Move lib/krb5/error_string.c to lib/base/ This commit contains only renames. Commit: e8441212d1347992ba6a096981aabd46a3830694 https://github.com/heimdal/heimdal/commit/e8441212d1347992ba6a096981aabd46a3830694 Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M lib/base/Makefile.am M lib/base/NTMakefile M lib/base/baselocl.h M lib/base/context.c M lib/base/error_string.c M lib/base/heimbase.h M lib/base/version-script.map M lib/krb5/add_et_list.c M lib/krb5/context.c M lib/krb5/crypto-stubs.c M lib/krb5/deprecated.c A lib/krb5/error_string.c M lib/krb5/krb5_locl.h Log Message: ----------- Move error functions from krb5 to base Commit: d6e9584d6cdb0fa7aba00b6b1ab691eae4608652 https://github.com/heimdal/heimdal/commit/d6e9584d6cdb0fa7aba00b6b1ab691eae4608652 Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M lib/hx509/cert.c Log Message: ----------- hx509: Fix hx509_context_free() leak Commit: 9794f022455752894f50548cb50dbb34a8c966cf https://github.com/heimdal/heimdal/commit/9794f022455752894f50548cb50dbb34a8c966cf Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M lib/roken/detach.c Log Message: ----------- roken: fix valgrind leak noise Commit: 03a08825d04d285c8b4d3b4fab0806d9d382e3cc https://github.com/heimdal/heimdal/commit/03a08825d04d285c8b4d3b4fab0806d9d382e3cc Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M kadmin/server.c Log Message: ----------- kadmin: fix leak Commit: 6a48aa4a0fb5d53206ebf51ef3b8aabc7af1f52c https://github.com/heimdal/heimdal/commit/6a48aa4a0fb5d53206ebf51ef3b8aabc7af1f52c Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M .travis.yml Log Message: ----------- travis: Allow CI config to make check-valgrind Setting MAKE_CHECK_SUFFIX=-valgrind in the environment will cause Travis to make check-valgrind. Commit: 3ca80a69f4a6d775afcf8997f73ce5fe248c6c20 https://github.com/heimdal/heimdal/commit/3ca80a69f4a6d775afcf8997f73ce5fe248c6c20 Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M .travis.yml Log Message: ----------- travis: Show valgrind output in log This might cause logs to get large. We might need to post the logs to some URI. Compare: https://github.com/heimdal/heimdal/compare/8d19f3f47f0d...3ca80a69f4a6 From noreply at github.com Sat Apr 25 01:02:44 2020 From: noreply at github.com (Nico Williams) Date: Fri, 24 Apr 2020 16:02:44 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 37dee9: travis: Use ccache to speed up builds Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 37dee9bbc3cefdbe772ef68881f54ac743fd8715 https://github.com/heimdal/heimdal/commit/37dee9bbc3cefdbe772ef68881f54ac743fd8715 Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M .travis.yml Log Message: ----------- travis: Use ccache to speed up builds From noreply at github.com Sat Apr 25 02:05:58 2020 From: noreply at github.com (Nico Williams) Date: Fri, 24 Apr 2020 17:05:58 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 511b5e: Revert "travis: Use ccache to speed up builds" Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 511b5e4e97bb9d150ae713fb82d2ce2449a80a26 https://github.com/heimdal/heimdal/commit/511b5e4e97bb9d150ae713fb82d2ce2449a80a26 Author: Nicolas Williams Date: 2020-04-24 (Fri, 24 Apr 2020) Changed paths: M .travis.yml Log Message: ----------- Revert "travis: Use ccache to speed up builds" This reverts commit 37dee9bbc3cefdbe772ef68881f54ac743fd8715, which did not help speed up Travis-CI builds. From noreply at github.com Sun Apr 26 04:22:54 2020 From: noreply at github.com (Nico Williams) Date: Sat, 25 Apr 2020 19:22:54 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 1a8855: spnego: Also use mechglue names Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 1a8855e6c45bbf66dbc82a9ef1f048e8e82af103 https://github.com/heimdal/heimdal/commit/1a8855e6c45bbf66dbc82a9ef1f048e8e82af103 Author: Nicolas Williams Date: 2020-04-25 (Sat, 25 Apr 2020) Changed paths: M lib/gssapi/gssapi_mech.h M lib/gssapi/mech/gss_accept_sec_context.c M lib/gssapi/mech/gss_canonicalize_name.c M lib/gssapi/mech/gss_import_name.c M lib/gssapi/mech/gss_init_sec_context.c M lib/gssapi/mech/gss_inquire_context.c M lib/gssapi/mech/gss_names.c M lib/gssapi/spnego/context_stubs.c M lib/gssapi/spnego/external.c M lib/gssapi/test_context.c M tests/gss/check-context.in M tests/gss/krb5.conf.in M tests/kdc/an2ln-db.txt A tests/kdc/k5login/mapped_user1 Log Message: ----------- spnego: Also use mechglue names Commit: 20f9b2be487f93f55e3ab41ab5e5d6caa828a73d https://github.com/heimdal/heimdal/commit/20f9b2be487f93f55e3ab41ab5e5d6caa828a73d Author: Nicolas Williams Date: 2020-04-25 (Sat, 25 Apr 2020) Changed paths: M lib/gssapi/test_acquire_cred.c M lib/gssapi/test_context.c Log Message: ----------- gss: Fix some test leaks Compare: https://github.com/heimdal/heimdal/compare/511b5e4e97bb...20f9b2be487f From noreply at github.com Sun Apr 26 06:24:16 2020 From: noreply at github.com (Nico Williams) Date: Sat, 25 Apr 2020 21:24:16 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] beda11: hcrypto: Add X25519 Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: beda11a07903b2ad5e37dec2bded209e3e2e5ffc https://github.com/heimdal/heimdal/commit/beda11a07903b2ad5e37dec2bded209e3e2e5ffc Author: Luke Howard Date: 2020-04-25 (Sat, 25 Apr 2020) Changed paths: M lib/hcrypto/Makefile.am M lib/hcrypto/NTMakefile M lib/hcrypto/libhcrypto-exports.def M lib/hcrypto/version-script.map A lib/hcrypto/x25519/NTMakefile A lib/hcrypto/x25519/align.h A lib/hcrypto/x25519/ed25519_ref10.c A lib/hcrypto/x25519/ed25519_ref10.h A lib/hcrypto/x25519/ed25519_ref10_fe_25_5.h A lib/hcrypto/x25519/ed25519_ref10_fe_51.h A lib/hcrypto/x25519/fe_25_5/base.h A lib/hcrypto/x25519/fe_25_5/base2.h A lib/hcrypto/x25519/fe_25_5/constants.h A lib/hcrypto/x25519/fe_25_5/fe.h A lib/hcrypto/x25519/fe_51/base.h A lib/hcrypto/x25519/fe_51/base2.h A lib/hcrypto/x25519/fe_51/constants.h A lib/hcrypto/x25519/fe_51/fe.h A lib/hcrypto/x25519/x25519_ref10.c A lib/hcrypto/x25519_ref10.h Log Message: ----------- hcrypto: Add X25519 The X25519 implementation comes from libsodium. Explicit copyright notices have been added to each file as well as some portability changes (e.g. align.h). Commit: 4a7eb74374a4f429aa4bac712cfc652bc200504f https://github.com/heimdal/heimdal/commit/4a7eb74374a4f429aa4bac712cfc652bc200504f Author: Luke Howard Date: 2020-04-25 (Sat, 25 Apr 2020) Changed paths: M .gitignore A doc/standardisation/draft-howard-gss-sanon-12.txt M lib/gssapi/Makefile.am M lib/gssapi/NTMakefile M lib/gssapi/gssapi/gssapi_oid.h M lib/gssapi/gssapi_mech.h M lib/gssapi/libgssapi-exports.def M lib/gssapi/mech/gss_mech_switch.c M lib/gssapi/mech/gss_oid.c M lib/gssapi/oid.txt A lib/gssapi/sanon/accept_sec_context.c A lib/gssapi/sanon/acquire_cred.c A lib/gssapi/sanon/add_cred.c A lib/gssapi/sanon/canonicalize_name.c A lib/gssapi/sanon/compare_name.c A lib/gssapi/sanon/context_time.c A lib/gssapi/sanon/crypto.c A lib/gssapi/sanon/delete_sec_context.c A lib/gssapi/sanon/display_name.c A lib/gssapi/sanon/display_status.c A lib/gssapi/sanon/duplicate_cred.c A lib/gssapi/sanon/duplicate_name.c A lib/gssapi/sanon/export_cred.c A lib/gssapi/sanon/export_name.c A lib/gssapi/sanon/export_sec_context.c A lib/gssapi/sanon/external.c A lib/gssapi/sanon/import_cred.c A lib/gssapi/sanon/import_name.c A lib/gssapi/sanon/import_sec_context.c A lib/gssapi/sanon/init_sec_context.c A lib/gssapi/sanon/inquire_context.c A lib/gssapi/sanon/inquire_cred.c A lib/gssapi/sanon/inquire_cred_by_mech.c A lib/gssapi/sanon/inquire_mechs_for_name.c A lib/gssapi/sanon/inquire_names_for_mech.c A lib/gssapi/sanon/inquire_sec_context_by_oid.c A lib/gssapi/sanon/negoex.c A lib/gssapi/sanon/process_context_token.c A lib/gssapi/sanon/release_cred.c A lib/gssapi/sanon/release_name.c A lib/gssapi/sanon/sanon_locl.h M lib/gssapi/test_context.c M lib/gssapi/test_cred.c M lib/gssapi/test_names.c M lib/gssapi/version-script.map M lib/hcrypto/x25519/NTMakefile M lib/heimdal/NTMakefile M lib/krb5/libkrb5-exports.def.in M lib/krb5/version-script.map M tests/gss/check-basic.in M tests/gss/check-context.in M tests/gss/check-negoex.in M windows/NTMakefile.w32 Log Message: ----------- gss: SAnon - the Simple Anonymous GSS-API mechanism Add support for SAnon, a simple key agreement protocol that provides no authentication of initiator or acceptor using x25519 ECDH key exchange. See doc/standardization/draft-howard-gss-sanon-xx.txt for a protocol description. Commit: 5057d04f6a47f05f1ed7c617458722104d4c17dc https://github.com/heimdal/heimdal/commit/5057d04f6a47f05f1ed7c617458722104d4c17dc Author: Nicolas Williams Date: 2020-04-25 (Sat, 25 Apr 2020) Changed paths: M lib/gssapi/krb5/display_status.c Log Message: ----------- krb5: Fix display_status() incorrect major status Compare: https://github.com/heimdal/heimdal/compare/20f9b2be487f...5057d04f6a47 From noreply at github.com Sun Apr 26 08:31:03 2020 From: noreply at github.com (Nico Williams) Date: Sat, 25 Apr 2020 23:31:03 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 51fdb4: krb5: Fix warning in krb5_get_error_string() Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 51fdb4bc04a692ea4adffb13f57dcf58197a285f https://github.com/heimdal/heimdal/commit/51fdb4bc04a692ea4adffb13f57dcf58197a285f Author: Nicolas Williams Date: 2020-04-26 (Sun, 26 Apr 2020) Changed paths: M lib/krb5/deprecated.c Log Message: ----------- krb5: Fix warning in krb5_get_error_string() Commit: 2cb40ed97c92b3c565aa18d97cfbd5f5327bc29c https://github.com/heimdal/heimdal/commit/2cb40ed97c92b3c565aa18d97cfbd5f5327bc29c Author: Nicolas Williams Date: 2020-04-26 (Sun, 26 Apr 2020) Changed paths: M lib/gssapi/sanon/accept_sec_context.c M lib/gssapi/sanon/crypto.c M lib/gssapi/sanon/export_sec_context.c M lib/gssapi/sanon/init_sec_context.c M lib/gssapi/sanon/inquire_context.c M lib/gssapi/sanon/negoex.c M lib/gssapi/sanon/sanon_locl.h Log Message: ----------- sanon: Fix flags and ctx export/import confusion We were passing SANON flags to _gss_mg_import_rfc4121_context(), which wants GSS flags. Meanwhile, I broke gss_inquire_context() on imported SAnon contexts when I did my review of SAnon. This commit fixes both issues and removes SANON_FLAG_*, which were only ever needed because of a flag to track whether a context was locally initiated or accepted. Now we use a separate int field of the sanon_ctx to track whether a context was locally initiated. Once an SAnon context is fully established, we rely on gss_inquire_context() on the rfc4121 sub-context for all metadata that isn't the initiator and acceptor names nor the mechanism OID. Compare: https://github.com/heimdal/heimdal/compare/5057d04f6a47...2cb40ed97c92 From noreply at github.com Mon Apr 27 03:16:29 2020 From: noreply at github.com (Luke Howard) Date: Sun, 26 Apr 2020 18:16:29 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 568425: gss: initialize *minor in _gss_sanon_inquire_cred() Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 56842561f8a101cbed8c7fa9597449f3a5d346b8 https://github.com/heimdal/heimdal/commit/56842561f8a101cbed8c7fa9597449f3a5d346b8 Author: Luke Howard Date: 2020-04-27 (Mon, 27 Apr 2020) Changed paths: M lib/gssapi/sanon/inquire_cred.c Log Message: ----------- gss: initialize *minor in _gss_sanon_inquire_cred() From noreply at github.com Mon Apr 27 06:40:12 2020 From: noreply at github.com (Luke Howard) Date: Sun, 26 Apr 2020 21:40:12 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 7cdc99: gss: initialize output parameters in NegoEx Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 7cdc9934b1f57cd130f9561c624f799485dd980f https://github.com/heimdal/heimdal/commit/7cdc9934b1f57cd130f9561c624f799485dd980f Author: Luke Howard Date: 2020-04-27 (Mon, 27 Apr 2020) Changed paths: M lib/gssapi/spnego/negoex_ctx.c M lib/gssapi/spnego/spnego_locl.h Log Message: ----------- gss: initialize output parameters in NegoEx NegoEx failed to initialize output parameters in _gss_negoex_{init,accept} which could lead it to crash if the underlying mechanism returned an error. From noreply at github.com Mon Apr 27 07:11:15 2020 From: noreply at github.com (Luke Howard) Date: Sun, 26 Apr 2020 22:11:15 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 55a553: gss: don't use mechglue private header in SPNEGO Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 55a553c56dc055bd7d96cdc8ad79805e7ff757fb https://github.com/heimdal/heimdal/commit/55a553c56dc055bd7d96cdc8ad79805e7ff757fb Author: Luke Howard Date: 2020-04-27 (Mon, 27 Apr 2020) Changed paths: M lib/gssapi/spnego/negoex_ctx.c M lib/gssapi/spnego/spnego_locl.h Log Message: ----------- gss: don't use mechglue private header in SPNEGO Unbreak last commit, including mech_locl.h in SPNEGO appears to break Windows builds From noreply at github.com Mon Apr 27 07:18:28 2020 From: noreply at github.com (Luke Howard) Date: Sun, 26 Apr 2020 22:18:28 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] c785af: gss: update SAnon for draft-howard-gss-sanon-13 Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: c785af8b62cc2e4e709645d2824917bb2410a5f5 https://github.com/heimdal/heimdal/commit/c785af8b62cc2e4e709645d2824917bb2410a5f5 Author: Luke Howard Date: 2020-04-27 (Mon, 27 Apr 2020) Changed paths: M lib/gssapi/sanon/accept_sec_context.c M lib/gssapi/sanon/crypto.c M lib/gssapi/sanon/init_sec_context.c M lib/gssapi/sanon/inquire_context.c M lib/gssapi/sanon/negoex.c M lib/gssapi/sanon/sanon_locl.h Log Message: ----------- gss: update SAnon for draft-howard-gss-sanon-13 draft-howard-gss-sanon-13 will move extended (RFC4757) flags from the NegoEx metadata to an optional component of the initial context token From noreply at github.com Mon Apr 27 10:45:42 2020 From: noreply at github.com (Luke Howard) Date: Mon, 27 Apr 2020 01:45:42 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 69b34d: gss: fix signedness on is_initiator bitfield Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 69b34d1b8af1df39bd0e81c92fb85e6c839f1ed6 https://github.com/heimdal/heimdal/commit/69b34d1b8af1df39bd0e81c92fb85e6c839f1ed6 Author: Luke Howard Date: 2020-04-27 (Mon, 27 Apr 2020) Changed paths: M lib/gssapi/sanon/sanon_locl.h Log Message: ----------- gss: fix signedness on is_initiator bitfield In SAnon: The is_initiator bitfield must be unsigned to avoid undefined behaviour, as there is only a single bit defined. Thanks to Nico Williams for explaining this. From noreply at github.com Mon Apr 27 14:35:10 2020 From: noreply at github.com (Luke Howard) Date: Mon, 27 Apr 2020 05:35:10 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 815ea8: gss: mask out SAnon req_flags after computing sess... Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 815ea80b4fe2d755a5c9bad02d4c852ed201ba97 https://github.com/heimdal/heimdal/commit/815ea80b4fe2d755a5c9bad02d4c852ed201ba97 Author: Luke Howard Date: 2020-04-27 (Mon, 27 Apr 2020) Changed paths: M lib/gssapi/sanon/accept_sec_context.c Log Message: ----------- gss: mask out SAnon req_flags after computing session key In SAnon, the optional flags send in the initial context token are input into the key derivation function. Mask out the flags we wish to ignore after (not before) calling the key derivation function, as the initiator may not know which flags we wish to ignore. From noreply at github.com Mon Apr 27 14:38:55 2020 From: noreply at github.com (Luke Howard) Date: Mon, 27 Apr 2020 05:38:55 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 65d7f3: doc: update to draft-howard-gss-sanon-13.txt Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 65d7f35047307e4757f1d73c49a12884b7492e37 https://github.com/heimdal/heimdal/commit/65d7f35047307e4757f1d73c49a12884b7492e37 Author: Luke Howard Date: 2020-04-27 (Mon, 27 Apr 2020) Changed paths: R doc/standardisation/draft-howard-gss-sanon-12.txt A doc/standardisation/draft-howard-gss-sanon-13.txt Log Message: ----------- doc: update to draft-howard-gss-sanon-13.txt From noreply at github.com Mon Apr 27 20:21:56 2020 From: noreply at github.com (Nico Williams) Date: Mon, 27 Apr 2020 11:21:56 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] e4d1a9: hcrypto: Fix warnings in LTM Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: e4d1a91c13f01ad00863e1f98516596d354c7087 https://github.com/heimdal/heimdal/commit/e4d1a91c13f01ad00863e1f98516596d354c7087 Author: Nicolas Williams Date: 2020-04-27 (Mon, 27 Apr 2020) Changed paths: M lib/hcrypto/rsa-ltm.c Log Message: ----------- hcrypto: Fix warnings in LTM Commit: 32517c0627a49e25fa9be0979a86536398349e2d https://github.com/heimdal/heimdal/commit/32517c0627a49e25fa9be0979a86536398349e2d Author: Nicolas Williams Date: 2020-04-27 (Mon, 27 Apr 2020) Changed paths: M lib/hcrypto/rsa-ltm.c Log Message: ----------- hcrypto: Better RSA key generation (ltm) Commit: f88526ae788d2449c7a1b2c2597902377c99a535 https://github.com/heimdal/heimdal/commit/f88526ae788d2449c7a1b2c2597902377c99a535 Author: Nicolas Williams Date: 2020-04-27 (Mon, 27 Apr 2020) Changed paths: M lib/hcrypto/test_rsa.c Log Message: ----------- hcrypto: Fix leaks in test_rsa.c Compare: https://github.com/heimdal/heimdal/compare/65d7f3504730...f88526ae788d From noreply at github.com Mon Apr 27 23:40:11 2020 From: noreply at github.com (Luke Howard) Date: Mon, 27 Apr 2020 14:40:11 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 0d3682: gss: unconditionally set certain flags in SAnon ISC Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 0d3682e6a8216341b4777b249f92f7c481cc5e61 https://github.com/heimdal/heimdal/commit/0d3682e6a8216341b4777b249f92f7c481cc5e61 Author: Luke Howard Date: 2020-04-28 (Tue, 28 Apr 2020) Changed paths: M lib/gssapi/sanon/accept_sec_context.c M lib/gssapi/sanon/init_sec_context.c Log Message: ----------- gss: unconditionally set certain flags in SAnon ISC SAnon unconditionally sets the replay, sequence, confidentiality, and integrity flags on the acceptor; do so on the initiator as well. Some indentation cleanups are also included in this commit. From noreply at github.com Tue Apr 28 00:57:24 2020 From: noreply at github.com (Nico Williams) Date: Mon, 27 Apr 2020 15:57:24 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 001cf3: hcrypto: Fix more warnings (rsa-ltm) Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 001cf39374726317a78aa5708ab8b8a65b6c9a8b https://github.com/heimdal/heimdal/commit/001cf39374726317a78aa5708ab8b8a65b6c9a8b Author: Nicolas Williams Date: 2020-04-27 (Mon, 27 Apr 2020) Changed paths: M lib/hcrypto/rsa-ltm.c Log Message: ----------- hcrypto: Fix more warnings (rsa-ltm)