- 28 2月, 2002 1 次提交
-
-
由 Richard Levitte 提交于
Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated
-
- 24 11月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
calls. This patch allows compilation either way. Submitted by: Jeffrey Altman <jaltman@columbia.edu>
-
- 17 10月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
to digests to retain compatibility.
-
- 10 10月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
depend on the environment, like the presence of the OpenBSD crypto device or of Kerberos, do not change the dependencies within OpenSSL.
-
- 31 7月, 2001 2 次提交
-
-
由 Richard Levitte 提交于
and rename some local variables to avoid name shadowing.
-
由 Richard Levitte 提交于
His comments are: First, it corrects a problem introduced in the last patch where the kssl_map_enc() would intentionally return NULL for valid ENCTYPE values. This was done to prevent verification of the kerberos 5 authenticator from being performed when Derived Key ciphers were in use. Unfortunately, the authenticator verification routine was not the only place that function was used. And it caused core dumps. Second, it attempt to add to SSL_SESSION the Kerberos 5 Client Principal Name.
-
- 21 7月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
His comments are: This patch fixes the problem of modern Kerberos using "derived keys" to encrypt the authenticator by disabling the authenticator check for all derived keys enctypes. I think I've got all the bugfixes that Jeffrey and I discussed rolled into this. There were some problems with Jeffrey's code to convert the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900; it helps to have an actual decryptable authenticator to play with). So I've shamelessly pushed in my code, while stealing some bits from Jeffrey.
-
- 13 7月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
Submitted by Jeffrey Altman <jaltman@columbia.edu>
-
- 12 7月, 2001 3 次提交
-
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
His comments are: . adds use of replay cache to protect against replay attacks . adds functions kssl_tgt_is_available() and kssl_keytab_is_available() which are used within s3_lib.c and ssl_lib.c to determine at runtime whether or not KRB5 ciphers can be supported during the current session.
-
由 Richard Levitte 提交于
Jeffrey Altman <jaltman@columbia.edu> (Really, the time that's being parsed is a GeneralizedTime, so if ASN1_GENERALIZEDTIME_get() ever gets implemented, it should be used instead)
-
- 11 7月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
His comments are: . Fixed all of the Windows dynamic loading functions, prototypes, etc. . Corrected all of the unsigned/signed comparison warnings . Replaced the references to krb5_cksumarray[] for two reasons. First, it was an internal variable that should not have been referenced outside the library; nor could it have been with a shared library with restricted exports. Second, the variable is no longer used in current Kerberos implementations. I replaced the code with equivalent functionality using functions that are exported from the library.
-
- 10 7月, 2001 2 次提交
-
-
由 Richard Levitte 提交于
things will work much more smoothly.
-
由 Richard Levitte 提交于
SSL according to RFC 2712. His comment is: This is a patch to openssl-SNAP-20010702 to support Kerberized SSL authentication. I'm expecting to have the full kssl-0.5 kit up on sourceforge by the end of the week. The full kit includes patches for mod-ssl, apache, and a few text clients. The sourceforge URL is http://sourceforge.net/projects/kssl/ . Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ message with a real KerberosWrapper struct. I think this is fully RFC 2712 compliant now, including support for the optional authenticator field. I also added openssl-style ASN.1 macros for a few Kerberos structs; see crypto/krb5/ if you're interested.
-
- 20 2月, 2001 3 次提交
-
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.
-
由 Ulf Möller 提交于
It's still inconsistent - probably better to undo the whole OPENSSL_NO_* thing.
-
- 03 12月, 2000 1 次提交
-
-
由 Ben Laurie 提交于
-
- 01 12月, 2000 2 次提交
-
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>
-
- 17 11月, 2000 1 次提交
-
-
由 Richard Levitte 提交于
4 times it's size when bn_sqr_recursive() won't look farther than the original length. Thereby, constification is no longer a problem.
-