CVS commit: src/crypto/external/bsd/heimdal/dist
Module Name:src Committed By: christos Date: Mon Sep 11 15:12:12 UTC 2023 Modified Files: src/crypto/external/bsd/heimdal/dist/include: crypto-headers.h src/crypto/external/bsd/heimdal/dist/lib/krb5: context.c Log Message: Explicitly load the legacy provider instead of using EVP_CIPHER_fetch() which leaks memory. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h cvs rdiff -u -r1.7 -r1.8 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/context.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h diff -u src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h:1.6 src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h:1.7 --- src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h:1.6 Mon Jun 19 19:10:48 2023 +++ src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Mon Sep 11 11:12:12 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: crypto-headers.h,v 1.6 2023/06/19 23:10:48 christos Exp $ */ +/* $NetBSD: crypto-headers.h,v 1.7 2023/09/11 15:12:12 christos Exp $ */ #ifndef __crypto_header__ #define __crypto_header__ @@ -33,9 +33,6 @@ # define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0) # define BN_is_negative(bn) ((bn)->neg != 0) # endif -#if OPENSSL_VERSION_NUMBER >= 0x3000UL -# define EVP_rc4() EVP_CIPHER_fetch(NULL, "rc4", "provider=legacy") -#endif #endif #include Index: src/crypto/external/bsd/heimdal/dist/lib/krb5/context.c diff -u src/crypto/external/bsd/heimdal/dist/lib/krb5/context.c:1.7 src/crypto/external/bsd/heimdal/dist/lib/krb5/context.c:1.8 --- src/crypto/external/bsd/heimdal/dist/lib/krb5/context.c:1.7 Mon Jun 19 17:41:44 2023 +++ src/crypto/external/bsd/heimdal/dist/lib/krb5/context.c Mon Sep 11 11:12:12 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: context.c,v 1.7 2023/06/19 21:41:44 christos Exp $ */ +/* $NetBSD: context.c,v 1.8 2023/09/11 15:12:12 christos Exp $ */ /* * Copyright (c) 1997 - 2010 Kungliga Tekniska Högskolan @@ -38,6 +38,9 @@ #include "krb5_locl.h" #include #include +#if OPENSSL_VERSION_NUMBER >= 0x3000UL +#include +#endif #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -396,6 +399,9 @@ init_context_once(void *ctx) krb5_config_free_strings(dirs); bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR); +#if OPENSSL_VERSION_NUMBER >= 0x3000UL +OSSL_PROVIDER_load(NULL, "legacy"); +#endif }
CVS commit: src/crypto/external/bsd/heimdal/dist
Module Name:src Committed By: christos Date: Mon Sep 11 15:12:12 UTC 2023 Modified Files: src/crypto/external/bsd/heimdal/dist/include: crypto-headers.h src/crypto/external/bsd/heimdal/dist/lib/krb5: context.c Log Message: Explicitly load the legacy provider instead of using EVP_CIPHER_fetch() which leaks memory. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h cvs rdiff -u -r1.7 -r1.8 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/context.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/heimdal/dist/include
Module Name:src Committed By: christos Date: Mon Jun 19 23:10:48 UTC 2023 Modified Files: src/crypto/external/bsd/heimdal/dist/include: crypto-headers.h Log Message: need the hcrypto/ui.h header for UI_UTIL_read_pw_string/UI_UTIL_FLAG_VERIFY* To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h diff -u src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h:1.5 src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h:1.6 --- src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h:1.5 Mon Jun 19 17:41:41 2023 +++ src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Mon Jun 19 19:10:48 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: crypto-headers.h,v 1.5 2023/06/19 21:41:41 christos Exp $ */ +/* $NetBSD: crypto-headers.h,v 1.6 2023/06/19 23:10:48 christos Exp $ */ #ifndef __crypto_header__ #define __crypto_header__ @@ -38,6 +38,8 @@ #endif #endif +#include + #else /* !HAVE_HCRYPTO_W_OPENSSL */ #ifdef KRB5
CVS commit: src/crypto/external/bsd/heimdal/dist/include
Module Name:src Committed By: christos Date: Mon Jun 19 23:10:48 UTC 2023 Modified Files: src/crypto/external/bsd/heimdal/dist/include: crypto-headers.h Log Message: need the hcrypto/ui.h header for UI_UTIL_read_pw_string/UI_UTIL_FLAG_VERIFY* To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/heimdal/dist
Module Name:src Committed By: christos Date: Thu Jun 1 20:40:19 UTC 2023 Modified Files: src/crypto/external/bsd/heimdal/dist/include: crypto-headers.h src/crypto/external/bsd/heimdal/dist/kdc: digest.c src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5: arcfour.c get_mic.c unwrap.c verify_mic.c wrap.c src/crypto/external/bsd/heimdal/dist/lib/hcrypto: example_evp_cipher.c src/crypto/external/bsd/heimdal/dist/lib/hx509: ks_file.c src/crypto/external/bsd/heimdal/dist/lib/krb5: crypto-aes-sha1.c crypto-arcfour.c crypto-des-common.c crypto-des.c crypto-des3.c crypto-evp.c src/crypto/external/bsd/heimdal/dist/lib/ntlm: ntlm.c Log Message: Add checks to EVP_CipherInit_ex() where they were missing and add a cheesy define to get the RC4 cipher from the legacy provider, since the legacy provider is not loaded by default now. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/heimdal/dist/kdc/digest.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c \ src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/get_mic.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/unwrap.c \ src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/wrap.c cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/verify_mic.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/heimdal/dist/lib/hcrypto/example_evp_cipher.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/heimdal/dist/lib/hx509/ks_file.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-aes-sha1.c \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des.c \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-evp.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-arcfour.c \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des-common.c cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des3.c cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/heimdal/dist/lib/ntlm/ntlm.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h diff -u src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h:1.3 src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h:1.4 --- src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h:1.3 Mon Feb 5 11:00:52 2018 +++ src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Thu Jun 1 16:40:18 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: crypto-headers.h,v 1.3 2018/02/05 16:00:52 christos Exp $ */ +/* $NetBSD: crypto-headers.h,v 1.4 2023/06/01 20:40:18 christos Exp $ */ #ifndef __crypto_header__ #define __crypto_header__ @@ -33,6 +33,9 @@ # define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0) # define BN_is_negative(bn) ((bn)->neg != 0) # endif +#if OPENSSL_VERSION_NUMBER >= 0x3000UL +# define EVP_rc4() EVP_CIPHER_fetch(NULL, "rc4", "provider=legacy") +#endif #endif #else /* !HAVE_HCRYPTO_W_OPENSSL */ Index: src/crypto/external/bsd/heimdal/dist/kdc/digest.c diff -u src/crypto/external/bsd/heimdal/dist/kdc/digest.c:1.3 src/crypto/external/bsd/heimdal/dist/kdc/digest.c:1.4 --- src/crypto/external/bsd/heimdal/dist/kdc/digest.c:1.3 Mon Feb 5 11:00:52 2018 +++ src/crypto/external/bsd/heimdal/dist/kdc/digest.c Thu Jun 1 16:40:18 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: digest.c,v 1.3 2018/02/05 16:00:52 christos Exp $ */ +/* $NetBSD: digest.c,v 1.4 2023/06/01 20:40:18 christos Exp $ */ /* * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan @@ -1368,7 +1368,9 @@ _kdc_do_digest(krb5_context context, #else rc4 = EVP_CIPHER_CTX_new(); #endif - EVP_CipherInit_ex(rc4, EVP_rc4(), NULL, sessionkey, NULL, 1); + if (!EVP_CipherInit_ex(rc4, EVP_rc4(), NULL, sessionkey, NULL, 1)) + krb5_set_error_message(context, EINVAL, + "RC4 cipher not supported"); EVP_Cipher(rc4, masterkey, ireq.u.ntlmRequest.sessionkey->data, sizeof(masterkey)); Index: src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c diff -u src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c:1.4 src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c:1.5 --- src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c:1.4 Sun Dec 15 17:50:47 2019 +++ src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c Thu Jun 1 16:40:18 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: arcfour.c,v 1.4 2019/12/15 22:50:47 christos Exp $ */ +/* $NetBSD: arcfour.c,v 1.5 2023/06/01 20:40:18 christos Exp $ */ /* * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan @@ -308,7 +308,11 @@
CVS commit: src/crypto/external/bsd/heimdal/dist
Module Name:src Committed By: christos Date: Thu Jun 1 20:40:19 UTC 2023 Modified Files: src/crypto/external/bsd/heimdal/dist/include: crypto-headers.h src/crypto/external/bsd/heimdal/dist/kdc: digest.c src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5: arcfour.c get_mic.c unwrap.c verify_mic.c wrap.c src/crypto/external/bsd/heimdal/dist/lib/hcrypto: example_evp_cipher.c src/crypto/external/bsd/heimdal/dist/lib/hx509: ks_file.c src/crypto/external/bsd/heimdal/dist/lib/krb5: crypto-aes-sha1.c crypto-arcfour.c crypto-des-common.c crypto-des.c crypto-des3.c crypto-evp.c src/crypto/external/bsd/heimdal/dist/lib/ntlm: ntlm.c Log Message: Add checks to EVP_CipherInit_ex() where they were missing and add a cheesy define to get the RC4 cipher from the legacy provider, since the legacy provider is not loaded by default now. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/heimdal/dist/include/crypto-headers.h cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/heimdal/dist/kdc/digest.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c \ src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/get_mic.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/unwrap.c \ src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/wrap.c cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/verify_mic.c cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/heimdal/dist/lib/hcrypto/example_evp_cipher.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/heimdal/dist/lib/hx509/ks_file.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-aes-sha1.c \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des.c \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-evp.c cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-arcfour.c \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des-common.c cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des3.c cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/heimdal/dist/lib/ntlm/ntlm.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/heimdal/dist/lib/base
Module Name:src Committed By: joerg Date: Mon Oct 28 18:12:54 UTC 2019 Modified Files: src/crypto/external/bsd/heimdal/dist/lib/base: error.c Log Message: Merge 85acd57c8a288ce92f42bcf62737eebe385bce90 from Heimdal on Github: Fix the numeric error value comparison performed by error_cmp(). To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/heimdal/dist/lib/base/error.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/heimdal/dist/lib/base
Module Name:src Committed By: joerg Date: Mon Oct 28 18:12:54 UTC 2019 Modified Files: src/crypto/external/bsd/heimdal/dist/lib/base: error.c Log Message: Merge 85acd57c8a288ce92f42bcf62737eebe385bce90 from Heimdal on Github: Fix the numeric error value comparison performed by error_cmp(). To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/heimdal/dist/lib/base/error.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/heimdal/dist/lib/base/error.c diff -u src/crypto/external/bsd/heimdal/dist/lib/base/error.c:1.2 src/crypto/external/bsd/heimdal/dist/lib/base/error.c:1.3 --- src/crypto/external/bsd/heimdal/dist/lib/base/error.c:1.2 Sat Jan 28 21:31:45 2017 +++ src/crypto/external/bsd/heimdal/dist/lib/base/error.c Mon Oct 28 18:12:54 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: error.c,v 1.2 2017/01/28 21:31:45 christos Exp $ */ +/* $NetBSD: error.c,v 1.3 2019/10/28 18:12:54 joerg Exp $ */ /* * Copyright (c) 2010 Kungliga Tekniska Högskolan @@ -55,8 +55,8 @@ static int error_cmp(void *a, void *b) { struct heim_error *ap = a, *bp = b; -if (ap->error_code == ap->error_code) - return ap->error_code - ap->error_code; +if (ap->error_code == bp->error_code) + return 0; return heim_cmp(ap->msg, bp->msg); }
CVS commit: src/crypto/external/bsd/heimdal/dist/kuser
Module Name:src Committed By: christos Date: Sat Oct 19 15:55:51 UTC 2019 Modified Files: src/crypto/external/bsd/heimdal/dist/kuser: kinit.c Log Message: - factor out common code - use llabs because time_t can be long long. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/heimdal/dist/kuser/kinit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/heimdal/dist/kuser
Module Name:src Committed By: christos Date: Sat Oct 19 15:55:51 UTC 2019 Modified Files: src/crypto/external/bsd/heimdal/dist/kuser: kinit.c Log Message: - factor out common code - use llabs because time_t can be long long. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/heimdal/dist/kuser/kinit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/heimdal/dist/kuser/kinit.c diff -u src/crypto/external/bsd/heimdal/dist/kuser/kinit.c:1.2 src/crypto/external/bsd/heimdal/dist/kuser/kinit.c:1.3 --- src/crypto/external/bsd/heimdal/dist/kuser/kinit.c:1.2 Sat Jan 28 16:31:45 2017 +++ src/crypto/external/bsd/heimdal/dist/kuser/kinit.c Sat Oct 19 11:55:50 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: kinit.c,v 1.2 2017/01/28 21:31:45 christos Exp $ */ +/* $NetBSD: kinit.c,v 1.3 2019/10/19 15:55:50 christos Exp $ */ /* * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan @@ -711,18 +711,18 @@ get_new_tickets(krb5_context context, } if (ticket_life != 0) { - if (labs(cred.times.endtime - cred.times.starttime - ticket_life) > 30) { + krb5_deltat d = cred.times.endtime - cred.times.starttime; + if (llabs(d - ticket_life) > 30) { char life[64]; - unparse_time_approx(cred.times.endtime - cred.times.starttime, -life, sizeof(life)); + unparse_time_approx(d, life, sizeof(life)); krb5_warnx(context, N_("NOTICE: ticket lifetime is %s", ""), life); } } if (renew_life) { - if (labs(cred.times.renew_till - cred.times.starttime - renew) > 30) { + krb5_deltat d = cred.times.renew_till - cred.times.starttime; + if (llabs(d - renew) > 30) { char life[64]; - unparse_time_approx(cred.times.renew_till - cred.times.starttime, -life, sizeof(life)); + unparse_time_approx(d, life, sizeof(life)); krb5_warnx(context, N_("NOTICE: ticket renewable lifetime is %s", ""), life);