diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-03-02 05:29:29 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-03-02 05:29:29 +0000 |
| commit | ce6d249fdf1dd7dda5b202836ed387500324ae2a (patch) | |
| tree | b0550b898743ddfdff76ac6647fca7a12d6db284 /src/lib/crypto/openssl | |
| parent | e2d6d9ce23b878334d70a0f9c697064873619b75 (diff) | |
| download | krb5-ce6d249fdf1dd7dda5b202836ed387500324ae2a.tar.gz krb5-ce6d249fdf1dd7dda5b202836ed387500324ae2a.tar.xz krb5-ce6d249fdf1dd7dda5b202836ed387500324ae2a.zip | |
Consolidate almost all lib/crypto/krb headers into a single
crypto_int.h. In that header, define and document responsibilities
for crypto modules, some of which are satisfied through a
module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove
many of the headers and sources providing functionality which isn't
needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and
SHA-1 hashing, as well as DES weak key testing). Change most
Makefile.ins to only include headers from lib/crypto/krb and
lib/crypto/$(CRYPTO_IMPL), instead of from many different directories.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/openssl')
43 files changed, 197 insertions, 1140 deletions
diff --git a/src/lib/crypto/openssl/Makefile.in b/src/lib/crypto/openssl/Makefile.in index f3992c21ac..c889cbed1f 100644 --- a/src/lib/crypto/openssl/Makefile.in +++ b/src/lib/crypto/openssl/Makefile.in @@ -1,16 +1,7 @@ mydir=lib$(S)crypto$(S)openssl BUILDTOP=$(REL)..$(S)..$(S).. SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider -LOCALINCLUDES = -I$(srcdir)/../krb \ - -I$(srcdir)/../krb/hash_provider \ - -I$(srcdir)/des \ - -I$(srcdir)/aes \ - -I$(srcdir)/sha1 \ - -I$(srcdir)/sha2 \ - -I$(srcdir)/md4 \ - -I$(srcdir)/md5 \ - -I$(srcdir)/enc_provider \ - -I$(srcdir)/hash_provider +LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir) PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) DEFS= diff --git a/src/lib/crypto/openssl/camellia/Makefile.in b/src/lib/crypto/openssl/camellia/Makefile.in index c300cd4550..b805e9fad5 100644 --- a/src/lib/crypto/openssl/camellia/Makefile.in +++ b/src/lib/crypto/openssl/camellia/Makefile.in @@ -4,12 +4,9 @@ mydir=lib$(S)crypto$(S)openssl$(S)camellia BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb/dk -I$(srcdir)/../../../../include +LOCALINCLUDES = DEFS= -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) - STLIBOBJS= OBJS= diff --git a/src/lib/crypto/openssl/aes/aes.h b/src/lib/crypto/openssl/crypto_mod.h index 4aa9eb8480..56fb168960 100644 --- a/src/lib/crypto/openssl/aes/aes.h +++ b/src/lib/crypto/openssl/crypto_mod.h @@ -1,8 +1,8 @@ /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/openssl/aes/aes.h - AES translation macros */ +/* lib/crypto/openssl/crypto_mod.h - OpenSSL crypto module declarations */ /* - * Copyright 2011 by the Massachusetts Institute of Technology. - * All Rights Reserved. + * Copyright (C) 2011 by the Massachusetts Institute of Technology. + * All rights reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -24,15 +24,23 @@ * or implied warranty. */ -#ifndef _AES_H -#define _AES_H +/* + * This header is included from lib/crypto/krb/crypto_int.h to provide + * module-specific declarations. It is not included directly from source + * files. + */ + +#ifndef CRYPTO_MOD_H +#define CRYPTO_MOD_H -/* This header maps some of the names of the built-in AES types and functions - * (those used by the Fortuna PRNG) to the OpenSSL equivalents. */ #include <openssl/aes.h> +#include <openssl/sha.h> #define aes_ctx AES_KEY #define krb5int_aes_enc_key(k, len, ctx) AES_set_encrypt_key(k, 8*(len), ctx) #define krb5int_aes_enc_blk(in, out, ctx) AES_encrypt(in, out, ctx) +#define k5_sha256_init SHA256_Init +#define k5_sha256_update SHA256_Update +#define k5_sha256_final SHA256_Final -#endif /* _AES_H */ +#endif /* CRYPTO_MOD_H */ diff --git a/src/lib/crypto/openssl/deps b/src/lib/crypto/openssl/deps index e72befff56..3e63b63a94 100644 --- a/src/lib/crypto/openssl/deps +++ b/src/lib/crypto/openssl/deps @@ -3,8 +3,7 @@ # hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/aead.h \ - $(srcdir)/../krb/cksumtypes.h $(srcdir)/../krb/etypes.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ @@ -12,11 +11,21 @@ hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h hmac.c -init.so init.po $(OUTPRE)init.$(OBJEXT): init.c + $(top_srcdir)/include/socket-utils.h crypto_mod.h hmac.c +init.so init.po $(OUTPRE)init.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h crypto_mod.h init.c pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/hash_provider/hash_provider.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ @@ -24,15 +33,15 @@ pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h pbkdf2.c + $(top_srcdir)/include/socket-utils.h crypto_mod.h pbkdf2.c stubs.so stubs.po $(OUTPRE)stubs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - stubs.c + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h crypto_mod.h stubs.c diff --git a/src/lib/crypto/openssl/des/Makefile.in b/src/lib/crypto/openssl/des/Makefile.in index 335c7e53cb..4907bc89d9 100644 --- a/src/lib/crypto/openssl/des/Makefile.in +++ b/src/lib/crypto/openssl/des/Makefile.in @@ -1,6 +1,6 @@ mydir=lib$(S)crypto$(S)openssl$(S)des BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. -I$(srcdir)/../../krb +LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. DEFS= RUN_SETUP = @KRB5_RUN_ENV@ @@ -10,20 +10,16 @@ PROG_RPATH=$(KRB5_LIBDIR) STLIBOBJS= des_oldapis.o \ f_parity.o \ - string2key.o \ - weak_key.o + string2key.o OBJS= $(OUTPRE)f_parity.$(OBJEXT) \ $(OUTPRE)des_oldapis.$(OBJEXT) \ - $(OUTPRE)string2key.$(OBJEXT) \ - $(OUTPRE)weak_key.$(OBJEXT) + $(OUTPRE)string2key.$(OBJEXT) SRCS= $(srcdir)/f_parity.c \ $(srcdir)/des_oldapis.c \ - $(srcdir)/weak_key.c \ $(srcdir)/string2key.c - all-unix:: all-libobjs includes:: depend diff --git a/src/lib/crypto/openssl/des/deps b/src/lib/crypto/openssl/des/deps index 0c269398d6..50a5ca0290 100644 --- a/src/lib/crypto/openssl/des/deps +++ b/src/lib/crypto/openssl/des/deps @@ -4,44 +4,36 @@ f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des_int.h f_parity.c + $(top_srcdir)/include/socket-utils.h f_parity.c des_oldapis.so des_oldapis.po $(OUTPRE)des_oldapis.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des_int.h des_oldapis.c -weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des_int.h weak_key.c + $(top_srcdir)/include/socket-utils.h des_oldapis.c string2key.so string2key.po $(OUTPRE)string2key.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des_int.h string2key.c + $(top_srcdir)/include/socket-utils.h string2key.c diff --git a/src/lib/crypto/openssl/des/des_int.h b/src/lib/crypto/openssl/des/des_int.h deleted file mode 100644 index 9443c96edf..0000000000 --- a/src/lib/crypto/openssl/des/des_int.h +++ /dev/null @@ -1,194 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * lib/crypto/des/des_int.h - * - * Copyright 1987, 1988, 1990, 2002, 2009 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Private include file for the Data Encryption Standard library. - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -/* only do the whole thing once */ -#ifndef DES_INTERNAL_DEFS -#define DES_INTERNAL_DEFS - -#include "k5-int.h" -/* - * Begin "mit-des.h" - */ -#ifndef KRB5_MIT_DES__ -#define KRB5_MIT_DES__ - -#if defined(__MACH__) && defined(__APPLE__) -#include <TargetConditionals.h> -#include <AvailabilityMacros.h> -#if TARGET_RT_MAC_CFM -#error "Use KfM 4.0 SDK headers for CFM compilation." -#endif -#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) -#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 -#endif -#endif /* defined(__MACH__) && defined(__APPLE__) */ - -/* Macro to add deprecated attribute to DES types and functions */ -/* Currently only defined on Mac OS X 10.5 and later. */ -#ifndef KRB5INT_DES_DEPRECATED -#define KRB5INT_DES_DEPRECATED -#endif - -#include <limits.h> - -#if UINT_MAX >= 0xFFFFFFFFUL -#define DES_INT32 int -#define DES_UINT32 unsigned int -#else -#define DES_INT32 long -#define DES_UINT32 unsigned long -#endif - -typedef unsigned char des_cblock[8] /* crypto-block size */ -KRB5INT_DES_DEPRECATED; - -/* - * Key schedule. - * - * This used to be - * - * typedef struct des_ks_struct { - * union { DES_INT32 pad; des_cblock _;} __; - * } des_key_schedule[16]; - * - * but it would cause trouble if DES_INT32 were ever more than 4 - * bytes. The reason is that all the encryption functions cast it to - * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If - * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the - * caller-allocated des_key_schedule will be overflowed by the key - * scheduling functions. We can't assume that every platform will - * have an exact 32-bit int, and nothing should be looking inside a - * des_key_schedule anyway. - */ -typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] -KRB5INT_DES_DEPRECATED; - -typedef des_cblock mit_des_cblock; -typedef des_key_schedule mit_des_key_schedule; - -/* Triple-DES structures */ -typedef mit_des_cblock mit_des3_cblock[3]; -typedef mit_des_key_schedule mit_des3_key_schedule[3]; - -#define MIT_DES_ENCRYPT 1 -#define MIT_DES_DECRYPT 0 - -typedef struct mit_des_ran_key_seed { - krb5_encrypt_block eblock; - krb5_data sequence; -} mit_des_random_state; - -/* the first byte of the key is already in the keyblock */ - -#define MIT_DES_BLOCK_LENGTH (8*sizeof(krb5_octet)) -#define MIT_DES_CBC_CRC_PAD_MINIMUM CRC32_CKSUM_LENGTH -/* This used to be 8*sizeof(krb5_octet) */ -#define MIT_DES_KEYSIZE 8 - -#define MIT_DES_CBC_CKSUM_LENGTH (4*sizeof(krb5_octet)) - -/* - * Check if k5-int.h has been included before us. If so, then check to see - * that our view of the DES key size is the same as k5-int.h's. - */ -#ifdef KRB5_MIT_DES_KEYSIZE -#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE -error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) -#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ -#endif /* KRB5_MIT_DES_KEYSIZE */ -#endif /* KRB5_MIT_DES__ */ -/* - * End "mit-des.h" - */ - -#define mit_des_zeroblock krb5int_c_mit_des_zeroblock -extern const mit_des_cblock mit_des_zeroblock; - -/* des_oldapis.c */ -extern krb5_error_code mit_afs_string_to_key(krb5_keyblock *keyblock, - const krb5_data *data, - const krb5_data *salt); - -/* key_parity.c */ -extern void mit_des_fixup_key_parity (mit_des_cblock ); -extern int mit_des_check_key_parity (mit_des_cblock ); - -/* string2key.c */ -extern krb5_error_code mit_des_string_to_key -( const krb5_encrypt_block *, - krb5_keyblock *, const krb5_data *, const krb5_data *); -extern krb5_error_code mit_des_string_to_key_int -(krb5_keyblock *, const krb5_data *, const krb5_data *); - -/* weak_key.c */ -extern int mit_des_is_weak_key (mit_des_cblock ); - -/* misc.c */ -extern void swap_bits (char *); -extern unsigned long long_swap_bits (unsigned long ); -extern unsigned long swap_six_bits_to_ansi (unsigned long ); -extern unsigned long swap_four_bits_to_ansi (unsigned long ); -extern unsigned long swap_bit_pos_1 (unsigned long ); -extern unsigned long swap_bit_pos_0 (unsigned long ); -extern unsigned long swap_bit_pos_0_to_ansi (unsigned long ); -extern unsigned long rev_swap_bit_pos_0 (unsigned long ); -extern unsigned long swap_byte_bits (unsigned long ); -extern unsigned long swap_long_bytes_bit_number (unsigned long ); -#ifdef FILE -/* XXX depends on FILE being a #define! */ -extern void test_set (FILE *, const char *, int, const char *, int); -#endif -#endif /*DES_INTERNAL_DEFS*/ diff --git a/src/lib/crypto/openssl/des/des_oldapis.c b/src/lib/crypto/openssl/des/des_oldapis.c index eb1e586333..79163c40c7 100644 --- a/src/lib/crypto/openssl/des/des_oldapis.c +++ b/src/lib/crypto/openssl/des/des_oldapis.c @@ -26,31 +26,11 @@ * */ -#include "k5-int.h" -#include "des_int.h" -#include <ctype.h> - -const mit_des_cblock mit_des_zeroblock /* = all zero */; - -unsigned long -mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out, - unsigned long length, const mit_des_key_schedule schedule, - const krb5_octet *ivec) -{ - /* Unsupported operation */ - return KRB5_CRYPTO_INTERNAL; -} +#include "crypto_int.h" krb5_error_code -mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data, - const krb5_data *salt) -{ - return KRB5_CRYPTO_INTERNAL; -} - -int -mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule) +mit_afs_string_to_key(krb5_keyblock *keyblock, const krb5_data *data, + const krb5_data *salt) { - /* Unsupported operation */ return KRB5_CRYPTO_INTERNAL; } diff --git a/src/lib/crypto/openssl/des/f_parity.c b/src/lib/crypto/openssl/des/f_parity.c index b8baac9d20..4956af266c 100644 --- a/src/lib/crypto/openssl/des/f_parity.c +++ b/src/lib/crypto/openssl/des/f_parity.c @@ -25,24 +25,11 @@ * or implied warranty. */ -#include "des_int.h" +#include "crypto_int.h" #include <openssl/des.h> void -mit_des_fixup_key_parity(mit_des_cblock key) +mit_des_fixup_key_parity(unsigned char *key) { DES_set_odd_parity(key); } - -/* - * des_check_key_parity: returns true iff key has the correct des parity. - * See des_fix_key_parity for the definition of - * correct des parity. - */ -int -mit_des_check_key_parity(mit_des_cblock key) -{ - if (!DES_check_key_parity(key)) - return(0); - return (1); -} diff --git a/src/lib/crypto/openssl/des/string2key.c b/src/lib/crypto/openssl/des/string2key.c index c192734ceb..bc37da63b0 100644 --- a/src/lib/crypto/openssl/des/string2key.c +++ b/src/lib/crypto/openssl/des/string2key.c @@ -25,17 +25,16 @@ * or implied warranty. */ -#include "des_int.h" +#include "crypto_int.h" #include <openssl/des.h> - krb5_error_code -mit_des_string_to_key_int (krb5_keyblock *key, - const krb5_data *pw, const krb5_data *salt) +mit_des_string_to_key_int(krb5_keyblock *key, const krb5_data *pw, + const krb5_data *salt) { DES_cblock outkey; DES_string_to_key(pw->data, &outkey); - if ( key->length < sizeof(outkey)) + if (key->length < sizeof(outkey)) return KRB5_CRYPTO_INTERNAL; key->length = sizeof(outkey); memcpy(key->contents, outkey, key->length); diff --git a/src/lib/crypto/openssl/des/weak_key.c b/src/lib/crypto/openssl/des/weak_key.c deleted file mode 100644 index c739bc29f6..0000000000 --- a/src/lib/crypto/openssl/des/weak_key.c +++ /dev/null @@ -1,88 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * lib/crypto/openssl/des/weak_key.c - * - * Copyright 1989,1990,2009 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Under U.S. law, this software may not be exported outside the US - * without license from the U.S. Commerce department. - * - * These routines form the library interface to the DES facilities. - * - * Originally written 8/85 by Steve Miller, MIT Project Athena. - */ - -#include "des_int.h" -#include <openssl/des.h> - -/* - * The following are the weak DES keys: - */ -static const mit_des_cblock weak[16] = { - /* weak keys */ - {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, - {0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe}, - {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e}, - {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1}, - - /* semi-weak */ - {0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe}, - {0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01}, - - {0x1f,0xe0,0x1f,0xe0,0x0e,0xf1,0x0e,0xf1}, - {0xe0,0x1f,0xe0,0x1f,0xf1,0x0e,0xf1,0x0e}, - - {0x01,0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1}, - {0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1,0x01}, - - {0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e,0xfe}, - {0xfe,0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e}, - - {0x01,0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e}, - {0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e,0x01}, - - {0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1,0xfe}, - {0xfe,0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1} -}; - -/* - * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key. - * - * Requires: key has correct odd parity. - */ -int -mit_des_is_weak_key(mit_des_cblock key) -{ - unsigned int i; - const mit_des_cblock *weak_p = weak; - - for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) { - if (!memcmp(weak_p++,key,sizeof(mit_des_cblock))) - return 1; - } - if ( DES_is_weak_key(key) == 1) /* Also OpenSSL's check */ - return 1; - - return 0; -} diff --git a/src/lib/crypto/openssl/enc_provider/Makefile.in b/src/lib/crypto/openssl/enc_provider/Makefile.in index 4d184ef803..fd0335f436 100644 --- a/src/lib/crypto/openssl/enc_provider/Makefile.in +++ b/src/lib/crypto/openssl/enc_provider/Makefile.in @@ -1,11 +1,6 @@ mydir=lib$(S)crypto$(S)openssl$(S)enc_provider BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/../des \ - -I$(srcdir)/../arcfour \ - -I$(srcdir)/../aes \ - -I$(srcdir)/../camellia \ - -I$(srcdir)/../../krb \ - -I$(srcdir)/.. -I$(srcdir)/. +LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. DEFS= PROG_LIBPATH=-L$(TOPLIBD) diff --git a/src/lib/crypto/openssl/enc_provider/aes.c b/src/lib/crypto/openssl/enc_provider/aes.c index 624e79d849..1b16c0ca4a 100644 --- a/src/lib/crypto/openssl/enc_provider/aes.c +++ b/src/lib/crypto/openssl/enc_provider/aes.c @@ -25,10 +25,7 @@ * or implied warranty. */ -#include "k5-int.h" -#include "enc_provider.h" -#include "aead.h" -#include "hash_provider/hash_provider.h" +#include "crypto_int.h" #include <openssl/evp.h> #include <openssl/aes.h> #include <openssl/modes.h> diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c index 0aeee99aeb..ab7370feb8 100644 --- a/src/lib/crypto/openssl/enc_provider/camellia.c +++ b/src/lib/crypto/openssl/enc_provider/camellia.c @@ -25,10 +25,7 @@ * or implied warranty. */ -#include "k5-int.h" -#include "enc_provider.h" -#include "aead.h" -#include "hash_provider/hash_provider.h" +#include "crypto_int.h" #include <openssl/evp.h> #include <openssl/camellia.h> #include <openssl/modes.h> diff --git a/src/lib/crypto/openssl/enc_provider/deps b/src/lib/crypto/openssl/enc_provider/deps index b1296195f1..163864bc5e 100644 --- a/src/lib/crypto/openssl/enc_provider/deps +++ b/src/lib/crypto/openssl/enc_provider/deps @@ -3,9 +3,8 @@ # des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \ - $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \ - $(srcdir)/../des/des_int.h $(top_srcdir)/include/k5-buf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ @@ -16,9 +15,8 @@ des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ des.c des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \ - $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \ - $(srcdir)/../des/des_int.h $(top_srcdir)/include/k5-buf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ @@ -29,9 +27,8 @@ des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ des3.c aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \ - $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \ - $(srcdir)/../hash_provider/hash_provider.h $(top_srcdir)/include/k5-buf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ @@ -39,12 +36,11 @@ aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - aes.c enc_provider.h + aes.c camellia.so camellia.po $(OUTPRE)camellia.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \ - $(srcdir)/../../krb/etypes.h $(srcdir)/../hash_provider/hash_provider.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ @@ -52,16 +48,16 @@ camellia.so camellia.po $(OUTPRE)camellia.$(OBJEXT): \ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h camellia.c enc_provider.h + $(top_srcdir)/include/socket-utils.h camellia.c rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \ - $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h rc4.c + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + rc4.c diff --git a/src/lib/crypto/openssl/enc_provider/des.c b/src/lib/crypto/openssl/enc_provider/des.c index 34da10b541..151b6ddfb2 100644 --- a/src/lib/crypto/openssl/enc_provider/des.c +++ b/src/lib/crypto/openssl/enc_provider/des.c @@ -50,13 +50,12 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#include "k5-int.h" -#include <aead.h> +#include "crypto_int.h" #include <openssl/evp.h> -#include "des_int.h" -#define DES_BLOCK_SIZE 8 -#define DES_KEY_BYTES 7 +#define DES_BLOCK_SIZE 8 +#define DES_KEY_SIZE 8 +#define DES_KEY_BYTES 7 static krb5_error_code validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data, @@ -70,7 +69,7 @@ validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data, input_length += iov->data.length; } - if (key->keyblock.length != KRB5_MIT_DES_KEYSIZE) + if (key->keyblock.length != DES_KEY_SIZE) return(KRB5_BAD_KEYSIZE); if ((input_length%DES_BLOCK_SIZE) != 0) return(KRB5_BAD_MSIZE); @@ -85,8 +84,8 @@ static krb5_error_code k5_des_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data) { - int ret, olen = MIT_DES_BLOCK_LENGTH; - unsigned char iblock[MIT_DES_BLOCK_LENGTH], oblock[MIT_DES_BLOCK_LENGTH]; + int ret, olen = DES_BLOCK_SIZE; + unsigned char iblock[DES_BLOCK_SIZE], oblock[DES_BLOCK_SIZE]; struct iov_block_state input_pos, output_pos; EVP_CIPHER_CTX ciph_ctx; krb5_boolean empty; @@ -109,21 +108,21 @@ k5_des_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, for (;;) { - if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, + if (!krb5int_c_iov_get_block(iblock, DES_BLOCK_SIZE, data, num_data, &input_pos)) break; ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &olen, - (unsigned char *)iblock, MIT_DES_BLOCK_LENGTH); + (unsigned char *)iblock, DES_BLOCK_SIZE); if (!ret) break; - krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, + krb5int_c_iov_put_block(data, num_data, oblock, DES_BLOCK_SIZE, &output_pos); } if (ivec != NULL) - memcpy(ivec->data, oblock, MIT_DES_BLOCK_LENGTH); + memcpy(ivec->data, oblock, DES_BLOCK_SIZE); EVP_CIPHER_CTX_cleanup(&ciph_ctx); @@ -139,8 +138,8 @@ static krb5_error_code k5_des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data) { - int ret, olen = MIT_DES_BLOCK_LENGTH; - unsigned char iblock[MIT_DES_BLOCK_LENGTH], oblock[MIT_DES_BLOCK_LENGTH]; + int ret, olen = DES_BLOCK_SIZE; + unsigned char iblock[DES_BLOCK_SIZE], oblock[DES_BLOCK_SIZE]; struct iov_block_state input_pos, output_pos; EVP_CIPHER_CTX ciph_ctx; krb5_boolean empty; @@ -164,20 +163,20 @@ k5_des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, for (;;) { - if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, + if (!krb5int_c_iov_get_block(iblock, DES_BLOCK_SIZE, data, num_data, &input_pos)) break; ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &olen, - iblock, MIT_DES_BLOCK_LENGTH); + iblock, DES_BLOCK_SIZE); if (!ret) break; krb5int_c_iov_put_block(data, num_data, oblock, - MIT_DES_BLOCK_LENGTH, &output_pos); + DES_BLOCK_SIZE, &output_pos); } if (ivec != NULL) - memcpy(ivec->data, iblock, MIT_DES_BLOCK_LENGTH); + memcpy(ivec->data, iblock, DES_BLOCK_SIZE); EVP_CIPHER_CTX_cleanup(&ciph_ctx); @@ -191,7 +190,7 @@ k5_des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, const struct krb5_enc_provider krb5int_enc_des = { DES_BLOCK_SIZE, - DES_KEY_BYTES, KRB5_MIT_DES_KEYSIZE, + DES_KEY_BYTES, DES_KEY_SIZE, k5_des_encrypt, k5_des_decrypt, NULL, diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c index 68a91beddf..fe41ef7727 100644 --- a/src/lib/crypto/openssl/enc_provider/des3.c +++ b/src/lib/crypto/openssl/enc_provider/des3.c @@ -49,13 +49,13 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#include "k5-int.h" -#include "des_int.h" -#include <aead.h> +#include "crypto_int.h" #include <openssl/evp.h> -#define DES_BLOCK_SIZE 8 +#define DES3_BLOCK_SIZE 8 +#define DES3_KEY_SIZE 24 +#define DES3_KEY_BYTES 21 static krb5_error_code validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data, @@ -69,9 +69,9 @@ validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data, input_length += iov->data.length; } - if (key->keyblock.length != KRB5_MIT_DES3_KEYSIZE) + if (key->keyblock.length != DES3_KEY_SIZE) return(KRB5_BAD_KEYSIZE); - if ((input_length%DES_BLOCK_SIZE) != 0) + if ((input_length%DES3_BLOCK_SIZE) != 0) return(KRB5_BAD_MSIZE); if (ivec && (ivec->length != 8)) return(KRB5_BAD_MSIZE); @@ -84,8 +84,8 @@ static krb5_error_code k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data) { - int ret, olen = MIT_DES_BLOCK_LENGTH; - unsigned char iblock[MIT_DES_BLOCK_LENGTH], oblock[MIT_DES_BLOCK_LENGTH]; + int ret, olen = DES3_BLOCK_SIZE; + unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE]; struct iov_block_state input_pos, output_pos; EVP_CIPHER_CTX ciph_ctx; krb5_boolean empty; @@ -109,21 +109,21 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, for (;;) { - if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, + if (!krb5int_c_iov_get_block(iblock, DES3_BLOCK_SIZE, data, num_data, &input_pos)) break; ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &olen, - (unsigned char *)iblock, MIT_DES_BLOCK_LENGTH); + (unsigned char *)iblock, DES3_BLOCK_SIZE); if (!ret) break; krb5int_c_iov_put_block(data, num_data, - oblock, MIT_DES_BLOCK_LENGTH, &output_pos); + oblock, DES3_BLOCK_SIZE, &output_pos); } if (ivec != NULL) - memcpy(ivec->data, oblock, MIT_DES_BLOCK_LENGTH); + memcpy(ivec->data, oblock, DES3_BLOCK_SIZE); EVP_CIPHER_CTX_cleanup(&ciph_ctx); @@ -139,8 +139,8 @@ static krb5_error_code k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data) { - int ret, olen = MIT_DES_BLOCK_LENGTH; - unsigned char iblock[MIT_DES_BLOCK_LENGTH], oblock[MIT_DES_BLOCK_LENGTH]; + int ret, olen = DES3_BLOCK_SIZE; + unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE]; struct iov_block_state input_pos, output_pos; EVP_CIPHER_CTX ciph_ctx; krb5_boolean empty; @@ -164,21 +164,21 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, for (;;) { - if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, + if (!krb5int_c_iov_get_block(iblock, DES3_BLOCK_SIZE, data, num_data, &input_pos)) break; ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &olen, - (unsigned char *)iblock, MIT_DES_BLOCK_LENGTH); + (unsigned char *)iblock, DES3_BLOCK_SIZE); if (!ret) break; - krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, + krb5int_c_iov_put_block(data, num_data, oblock, DES3_BLOCK_SIZE, &output_pos); } if (ivec != NULL) - memcpy(ivec->data, iblock, MIT_DES_BLOCK_LENGTH); + memcpy(ivec->data, iblock, DES3_BLOCK_SIZE); EVP_CIPHER_CTX_cleanup(&ciph_ctx); @@ -191,8 +191,8 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, } const struct krb5_enc_provider krb5int_enc_des3 = { - DES_BLOCK_SIZE, - KRB5_MIT_DES3_KEY_BYTES, KRB5_MIT_DES3_KEYSIZE, + DES3_BLOCK_SIZE, + DES3_KEY_BYTES, DES3_KEY_SIZE, k5_des3_encrypt, k5_des3_decrypt, NULL, diff --git a/src/lib/crypto/openssl/enc_provider/enc_provider.h b/src/lib/crypto/openssl/enc_provider/enc_provider.h deleted file mode 100644 index 4365255ab4..0000000000 --- a/src/lib/crypto/openssl/enc_provider/enc_provider.h +++ /dev/null @@ -1,40 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "k5-int.h" - -extern const struct krb5_enc_provider krb5int_enc_des; -extern const struct krb5_enc_provider krb5int_enc_des3; -extern const struct krb5_enc_provider krb5int_enc_arcfour; -extern const struct krb5_enc_provider krb5int_enc_aes128; -extern const struct krb5_enc_provider krb5int_enc_aes256; -extern const struct krb5_enc_provider krb5int_enc_aes128_ctr; -extern const struct krb5_enc_provider krb5int_enc_aes256_ctr; -#ifdef CAMELLIA -extern const struct krb5_enc_provider krb5int_enc_camellia128; -extern const struct krb5_enc_provider krb5int_enc_camellia256; -#endif diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c index fcaec944fd..73e25bc7a8 100644 --- a/src/lib/crypto/openssl/enc_provider/rc4.c +++ b/src/lib/crypto/openssl/enc_provider/rc4.c @@ -35,8 +35,7 @@ */ -#include "k5-int.h" -#include <aead.h> +#include "crypto_int.h" #include <openssl/evp.h> /* diff --git a/src/lib/crypto/openssl/hash_provider/Makefile.in b/src/lib/crypto/openssl/hash_provider/Makefile.in index 472dbd3935..47dfe72f37 100644 --- a/src/lib/crypto/openssl/hash_provider/Makefile.in +++ b/src/lib/crypto/openssl/hash_provider/Makefile.in @@ -1,7 +1,6 @@ mydir=lib$(S)crypto$(S)openssl$(S)hash_provider BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/../../krb/crc32 -I$(srcdir)/../md4 \ - -I$(srcdir)/../md5 -I$(srcdir)/../sha1 -I$(srcdir)/../../krb +LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. DEFS= PROG_LIBPATH=-L$(TOPLIBD) diff --git a/src/lib/crypto/openssl/hash_provider/deps b/src/lib/crypto/openssl/hash_provider/deps index b31059e434..1aea7bbfba 100644 --- a/src/lib/crypto/openssl/hash_provider/deps +++ b/src/lib/crypto/openssl/hash_provider/deps @@ -4,8 +4,7 @@ hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \ - $(srcdir)/../../krb/crc32/crc-32.h $(srcdir)/../../krb/etypes.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ @@ -13,12 +12,11 @@ hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h hash_crc32.c hash_provider.h + $(top_srcdir)/include/socket-utils.h hash_crc32.c hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \ - $(srcdir)/../../krb/etypes.h $(srcdir)/../md4/rsa-md4.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ @@ -26,12 +24,11 @@ hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h hash_md4.c hash_provider.h + $(top_srcdir)/include/socket-utils.h hash_md4.c hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \ - $(srcdir)/../../krb/etypes.h $(srcdir)/../md5/rsa-md5.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ @@ -39,12 +36,11 @@ hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h hash_md5.c hash_provider.h + $(top_srcdir)/include/socket-utils.h hash_md5.c hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \ - $(srcdir)/../../krb/etypes.h $(srcdir)/../sha1/shs.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ @@ -52,5 +48,4 @@ hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h hash_provider.h \ - hash_sha1.c + $(top_srcdir)/include/socket-utils.h hash_sha1.c diff --git a/src/lib/crypto/openssl/hash_provider/hash_crc32.c b/src/lib/crypto/openssl/hash_provider/hash_crc32.c index 68a01cb137..4013843edf 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_crc32.c +++ b/src/lib/crypto/openssl/hash_provider/hash_crc32.c @@ -25,10 +25,7 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#include "k5-int.h" -#include "crc-32.h" -#include "hash_provider.h" -#include "aead.h" +#include "crypto_int.h" static krb5_error_code k5_crc32_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) diff --git a/src/lib/crypto/openssl/hash_provider/hash_md4.c b/src/lib/crypto/openssl/hash_provider/hash_md4.c index 85f18f66d7..0fc1a34fc6 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_md4.c +++ b/src/lib/crypto/openssl/hash_provider/hash_md4.c @@ -25,39 +25,34 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#include "k5-int.h" -#include "rsa-md4.h" -#include "hash_provider.h" -#include "aead.h" +#include "crypto_int.h" +#include <openssl/evp.h> +#include <openssl/md4.h> static krb5_error_code k5_md4_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { - krb5_MD4_CTX ctx; + EVP_MD_CTX ctx; unsigned int i; - if (output->length != RSA_MD4_CKSUM_LENGTH) - return(KRB5_CRYPTO_INTERNAL); + if (output->length != MD4_DIGEST_LENGTH) + return KRB5_CRYPTO_INTERNAL; - krb5int_MD4Init(&ctx); + EVP_MD_CTX_init(&ctx); + EVP_DigestInit_ex(&ctx, EVP_md4(), NULL); for (i = 0; i < num_data; i++) { - const krb5_crypto_iov *iov = &data[i]; - - if (SIGN_IOV(iov)) { - krb5int_MD4Update(&ctx, (unsigned char *) iov->data.data, - iov->data.length); - } + const krb5_data *d = &data[i].data; + if (SIGN_IOV(&data[i])) + EVP_DigestUpdate(&ctx, (unsigned char *)d->data, d->length); } - krb5int_MD4Final(&ctx); - - memcpy(output->data, ctx.digest, RSA_MD4_CKSUM_LENGTH); - - return(0); + EVP_DigestFinal_ex(&ctx, (unsigned char *)output->data, NULL); + EVP_MD_CTX_cleanup(&ctx); + return 0; } const struct krb5_hash_provider krb5int_hash_md4 = { "MD4", - RSA_MD4_CKSUM_LENGTH, + MD4_DIGEST_LENGTH, 64, k5_md4_hash }; diff --git a/src/lib/crypto/openssl/hash_provider/hash_md5.c b/src/lib/crypto/openssl/hash_provider/hash_md5.c index 182e6c08e2..5c1b3a9ff4 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_md5.c +++ b/src/lib/crypto/openssl/hash_provider/hash_md5.c @@ -25,39 +25,34 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#include "k5-int.h" -#include "rsa-md5.h" -#include "hash_provider.h" -#include "aead.h" +#include "crypto_int.h" +#include <openssl/evp.h> +#include <openssl/md5.h> static krb5_error_code k5_md5_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { - krb5_MD5_CTX ctx; + EVP_MD_CTX ctx; unsigned int i; - if (output->length != RSA_MD5_CKSUM_LENGTH) - return(KRB5_CRYPTO_INTERNAL); + if (output->length != MD5_DIGEST_LENGTH) + return KRB5_CRYPTO_INTERNAL; - krb5int_MD5Init(&ctx); + EVP_MD_CTX_init(&ctx); + EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); for (i = 0; i < num_data; i++) { - const krb5_crypto_iov *iov = &data[i]; - - if (SIGN_IOV(iov)) { - krb5int_MD5Update(&ctx, (unsigned char *) iov->data.data, - iov->data.length); - } + const krb5_data *d = &data[i].data; + if (SIGN_IOV(&data[i])) + EVP_DigestUpdate(&ctx, (unsigned char *)d->data, d->length); } - krb5int_MD5Final(&ctx); - - memcpy(output->data, ctx.digest, RSA_MD5_CKSUM_LENGTH); - - return(0); + EVP_DigestFinal_ex(&ctx, (unsigned char *)output->data, NULL); + EVP_MD_CTX_cleanup(&ctx); + return 0; } const struct krb5_hash_provider krb5int_hash_md5 = { "MD5", - RSA_MD5_CKSUM_LENGTH, + MD5_DIGEST_LENGTH, 64, k5_md5_hash }; diff --git a/src/lib/crypto/openssl/hash_provider/hash_provider.h b/src/lib/crypto/openssl/hash_provider/hash_provider.h deleted file mode 100644 index eebe84588c..0000000000 --- a/src/lib/crypto/openssl/hash_provider/hash_provider.h +++ /dev/null @@ -1,33 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "k5-int.h" - -extern const struct krb5_hash_provider krb5int_hash_crc32; -extern const struct krb5_hash_provider krb5int_hash_md4; -extern const struct krb5_hash_provider krb5int_hash_md5; -extern const struct krb5_hash_provider krb5int_hash_sha1; diff --git a/src/lib/crypto/openssl/hash_provider/hash_sha1.c b/src/lib/crypto/openssl/hash_provider/hash_sha1.c index f602411074..f6f1a65696 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_sha1.c +++ b/src/lib/crypto/openssl/hash_provider/hash_sha1.c @@ -26,42 +26,34 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#include "k5-int.h" -#include "shs.h" -#include "hash_provider.h" -#include "aead.h" +#include "crypto_int.h" +#include <openssl/evp.h> +#include <openssl/sha.h> static krb5_error_code k5_sha1_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { - SHS_INFO ctx; + EVP_MD_CTX ctx; unsigned int i; - if (output->length != SHS_DIGESTSIZE) - return(KRB5_CRYPTO_INTERNAL); + if (output->length != SHA_DIGEST_LENGTH) + return KRB5_CRYPTO_INTERNAL; - shsInit(&ctx); + EVP_MD_CTX_init(&ctx); + EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL); for (i = 0; i < num_data; i++) { - const krb5_crypto_iov *iov = &data[i]; - - if (SIGN_IOV(iov)) { - shsUpdate(&ctx, (unsigned char *) iov->data.data, - iov->data.length); - } - } - shsFinal(&ctx); - - if (ctx.digestLen > 0 && ctx.digestLen <= output->length){ - output->length = ctx.digestLen; - memcpy(output->data, ctx.digestBuf,ctx.digestLen); + const krb5_data *d = &data[i].data; + if (SIGN_IOV(&data[i])) + EVP_DigestUpdate(&ctx, (unsigned char *)d->data, d->length); } - - return(0); + EVP_DigestFinal_ex(&ctx, (unsigned char *)output->data, NULL); + EVP_MD_CTX_cleanup(&ctx); + return 0; } const struct krb5_hash_provider krb5int_hash_sha1 = { "SHA1", - SHS_DIGESTSIZE, - SHS_DATASIZE, + SHA_DIGEST_LENGTH, + 64, k5_sha1_hash }; diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c index 7ef3d3f600..ac5af3fc0b 100644 --- a/src/lib/crypto/openssl/hmac.c +++ b/src/lib/crypto/openssl/hmac.c @@ -51,8 +51,7 @@ */ -#include "k5-int.h" -#include "aead.h" +#include "crypto_int.h" #include <openssl/hmac.h> #include <openssl/evp.h> diff --git a/src/lib/crypto/openssl/init.c b/src/lib/crypto/openssl/init.c index aaa13ccd34..b3db6c214d 100644 --- a/src/lib/crypto/openssl/init.c +++ b/src/lib/crypto/openssl/init.c @@ -28,6 +28,8 @@ * OpenSSL back-end library init functions */ +#include "crypto_int.h" + int krb5int_crypto_impl_init(void) { diff --git a/src/lib/crypto/openssl/md4/Makefile.in b/src/lib/crypto/openssl/md4/Makefile.in index 550d7df60c..0b95690005 100644 --- a/src/lib/crypto/openssl/md4/Makefile.in +++ b/src/lib/crypto/openssl/md4/Makefile.in @@ -1,16 +1,13 @@ mydir=lib$(S)crypto$(S)openssl$(S)md4 BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir) +LOCALINCLUDES = DEFS= -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) +STLIBOBJS= -STLIBOBJS= md4.o +OBJS= -OBJS= $(OUTPRE)md4.$(OBJEXT) - -SRCS= $(srcdir)/md4.c +SRCS= all-unix:: all-libobjs diff --git a/src/lib/crypto/openssl/md4/deps b/src/lib/crypto/openssl/md4/deps index b7e9615e47..2feac3c9d3 100644 --- a/src/lib/crypto/openssl/md4/deps +++ b/src/lib/crypto/openssl/md4/deps @@ -1,14 +1 @@ -# -# Generated makefile dependencies follow. -# -md4.so md4.po $(OUTPRE)md4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - md4.c rsa-md4.h +# No dependencies here. diff --git a/src/lib/crypto/openssl/md4/md4.c b/src/lib/crypto/openssl/md4/md4.c deleted file mode 100644 index 8d2cd48a2e..0000000000 --- a/src/lib/crypto/openssl/md4/md4.c +++ /dev/null @@ -1,51 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * lib/crypto/openssl/md4/md4.c - * - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "rsa-md4.h" -#include <openssl/evp.h> -#include <openssl/md4.h> - -void -krb5int_MD4Init (krb5_MD4_CTX *mdContext) -{ - EVP_MD_CTX_init(&mdContext->ossl_md4_ctx ); - EVP_DigestInit_ex(&mdContext->ossl_md4_ctx, EVP_md4(), NULL); - -} -void -krb5int_MD4Update (krb5_MD4_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen) -{ - EVP_DigestUpdate(&mdContext->ossl_md4_ctx, inBuf, inLen); -} - -void -krb5int_MD4Final (krb5_MD4_CTX *mdContext) -{ - EVP_DigestFinal_ex(&mdContext->ossl_md4_ctx, mdContext->digest , NULL); - EVP_MD_CTX_cleanup(&mdContext->ossl_md4_ctx ); -} diff --git a/src/lib/crypto/openssl/md4/rsa-md4.h b/src/lib/crypto/openssl/md4/rsa-md4.h deleted file mode 100644 index 3d32f08577..0000000000 --- a/src/lib/crypto/openssl/md4/rsa-md4.h +++ /dev/null @@ -1,100 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * lib/crypto/md4/rsa-md4.h - * - * Copyright 1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * RSA MD4 header file, with Kerberos/STDC additions. - */ - -#ifndef __KRB5_RSA_MD4_H__ -#define __KRB5_RSA_MD4_H__ - -#ifdef unicos61 -#include <sys/types.h> -#endif /* unicos61 */ - -#include <openssl/evp.h> -#include <openssl/md5.h> - -/* 16 u_char's in the digest */ -#define RSA_MD4_CKSUM_LENGTH 16 -/* des blocksize is 8, so this works nicely... */ -#define OLD_RSA_MD4_DES_CKSUM_LENGTH 16 -#define NEW_RSA_MD4_DES_CKSUM_LENGTH 24 -#define RSA_MD4_DES_CONFOUND_LENGTH 8 - -/* -********************************************************************** -** md4.h -- Header file for implementation of MD4 ** -** RSA Data Security, Inc. MD4 Message Digest Algorithm ** -** Created: 2/17/90 RLR ** -** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version ** -********************************************************************** -*/ - -/* -********************************************************************** -** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** -** ** -** License to copy and use this software is granted provided that ** -** it is identified as the "RSA Data Security, Inc. MD4 Message ** -** Digest Algorithm" in all material mentioning or referencing this ** -** software or this function. ** -** ** -** License is also granted to make and use derivative works ** -** provided that such works are identified as "derived from the RSA ** -** Data Security, Inc. MD4 Message Digest Algorithm" in all ** -** material mentioning or referencing the derived work. ** -** ** -** RSA Data Security, Inc. makes no representations concerning ** -** either the merchantability of this software or the suitability ** -** of this software for any particular purpose. It is provided "as ** -** is" without express or implied warranty of any kind. ** -** ** -** These notices must be retained in any copies of any part of this ** -** documentation and/or software. ** -********************************************************************** -*/ - -/* Data structure for MD4 (Message Digest) computation */ -typedef struct { - EVP_MD_CTX ossl_md4_ctx; - krb5_int32 * digest_len; - krb5_ui_4 i[2]; /* number of _bits_ handled mod 2^64 */ - krb5_ui_4 buf[4]; /* scratch buffer */ - unsigned char in[64]; /* input buffer */ - unsigned char digest[16]; /* actual digest after MD4Final call */ -} krb5_MD4_CTX; - -extern void krb5int_MD4Init(krb5_MD4_CTX *); -extern void krb5int_MD4Update(krb5_MD4_CTX *, const unsigned char *, unsigned int); -extern void krb5int_MD4Final(krb5_MD4_CTX *); - -/* -********************************************************************** -** End of md4.h ** -******************************* (cut) ******************************** -*/ -#endif /* __KRB5_RSA_MD4_H__ */ diff --git a/src/lib/crypto/openssl/md5/Makefile.in b/src/lib/crypto/openssl/md5/Makefile.in index 9c3d340912..4128e98c5b 100644 --- a/src/lib/crypto/openssl/md5/Makefile.in +++ b/src/lib/crypto/openssl/md5/Makefile.in @@ -2,14 +2,11 @@ mydir=lib$(S)crypto$(S)openssl$(S)md5 BUILDTOP=$(REL)..$(S)..$(S)..$(S).. DEFS= -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) +STLIBOBJS= -STLIBOBJS= md5.o +OBJS= -OBJS= $(OUTPRE)md5.$(OBJEXT) - -SRCS= $(srcdir)/md5.c +SRCS= all-unix:: all-libobjs diff --git a/src/lib/crypto/openssl/md5/deps b/src/lib/crypto/openssl/md5/deps index f32dbe9c71..2feac3c9d3 100644 --- a/src/lib/crypto/openssl/md5/deps +++ b/src/lib/crypto/openssl/md5/deps @@ -1,14 +1 @@ -# -# Generated makefile dependencies follow. -# -md5.so md5.po $(OUTPRE)md5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - md5.c rsa-md5.h +# No dependencies here. diff --git a/src/lib/crypto/openssl/md5/md5.c b/src/lib/crypto/openssl/md5/md5.c deleted file mode 100644 index 41a8498f36..0000000000 --- a/src/lib/crypto/openssl/md5/md5.c +++ /dev/null @@ -1,60 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/openssl/md5/md5.c - * - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "rsa-md5.h" -#include <openssl/evp.h> -#include <openssl/md5.h> - -/* The routine krb5int_MD5Init initializes the message-digest context - mdContext. All fields are set to zero. -*/ -void -krb5int_MD5Init (krb5_MD5_CTX *mdContext) -{ - EVP_MD_CTX_init(&mdContext->ossl_md5_ctx); - EVP_DigestInit_ex(&mdContext->ossl_md5_ctx, EVP_md5(), NULL); -} - -/* The routine krb5int_MD5Update updates the message-digest context to - account for the presence of each of the characters inBuf[0..inLen-1] - in the message whose digest is being computed. -*/ -void -krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen) -{ - EVP_DigestUpdate(&mdContext->ossl_md5_ctx, inBuf, inLen); -} - -/* The routine krb5int_MD5Final terminates the message-digest computation and - ends with the desired message digest in mdContext->digest[0...15]. -*/ -void -krb5int_MD5Final (krb5_MD5_CTX *mdContext) -{ - EVP_DigestFinal_ex(&mdContext->ossl_md5_ctx, mdContext->digest, NULL); - EVP_MD_CTX_cleanup(&mdContext->ossl_md5_ctx); -} diff --git a/src/lib/crypto/openssl/md5/rsa-md5.h b/src/lib/crypto/openssl/md5/rsa-md5.h deleted file mode 100644 index a8380f4498..0000000000 --- a/src/lib/crypto/openssl/md5/rsa-md5.h +++ /dev/null @@ -1,92 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/openssl/md5/rsa-md5.h - * - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* -*********************************************************************** -** md5.h -- header file for implementation of MD5 ** -** RSA Data Security, Inc. MD5 Message-Digest Algorithm ** -** Created: 2/17/90 RLR ** -** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version ** -** Revised (for MD5): RLR 4/27/91 ** -** -- G modified to have y&~z instead of y&z ** -** -- FF, GG, HH modified to add in last register done ** -** -- Access pattern: round 2 works mod 5, round 3 works mod 3 ** -** -- distinct additive constant for each step ** -** -- round 4 added, working mod 7 ** -*********************************************************************** -*/ - -/* -*********************************************************************** -** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** -** ** -** License to copy and use this software is granted provided that ** -** it is identified as the "RSA Data Security, Inc. MD5 Message- ** -** Digest Algorithm" in all material mentioning or referencing this ** -** software or this function. ** -** ** -** License is also granted to make and use derivative works ** -** provided that such works are identified as "derived from the RSA ** -** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** -** material mentioning or referencing the derived work. ** -** ** -** RSA Data Security, Inc. makes no representations concerning ** -** either the merchantability of this software or the suitability ** -** of this software for any particular purpose. It is provided "as ** -** is" without express or implied warranty of any kind. ** -** ** -** These notices must be retained in any copies of any part of this ** -** documentation and/or software. ** -*********************************************************************** -*/ - - -#ifndef KRB5_RSA_MD5__ -#define KRB5_RSA_MD5__ - -#include <openssl/evp.h> -#include <openssl/md5.h> - -/* Data structure for MD5 (Message-Digest) computation */ -typedef struct { - EVP_MD_CTX ossl_md5_ctx; - krb5_int32 * digest_len; - krb5_ui_4 i[2]; /* number of _bits_ handled mod 2^64 */ - krb5_ui_4 buf[4]; /* scratch buffer */ - unsigned char in[64]; /* input buffer */ - unsigned char digest[16]; /* actual digest after MD5Final call */ -} krb5_MD5_CTX; - -extern void krb5int_MD5Init(krb5_MD5_CTX *); -extern void krb5int_MD5Update(krb5_MD5_CTX *,const unsigned char *,unsigned int); -extern void krb5int_MD5Final(krb5_MD5_CTX *); - -#define RSA_MD5_CKSUM_LENGTH 16 -#define OLD_RSA_MD5_DES_CKSUM_LENGTH 16 -#define NEW_RSA_MD5_DES_CKSUM_LENGTH 24 -#define RSA_MD5_DES_CONFOUND_LENGTH 8 - -#endif /* KRB5_RSA_MD5__ */ diff --git a/src/lib/crypto/openssl/pbkdf2.c b/src/lib/crypto/openssl/pbkdf2.c index e64e562e76..ba51ad4a0f 100644 --- a/src/lib/crypto/openssl/pbkdf2.c +++ b/src/lib/crypto/openssl/pbkdf2.c @@ -29,15 +29,11 @@ * Not currently used; likely to be used when we get around to AES support. */ -#include <ctype.h> -#include "k5-int.h" -#include "hash_provider.h" - +#include "crypto_int.h" #include <openssl/x509.h> #include <openssl/evp.h> #include <openssl/hmac.h> - krb5_error_code krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count, const krb5_data *pass, const krb5_data *salt) diff --git a/src/lib/crypto/openssl/sha1/Makefile.in b/src/lib/crypto/openssl/sha1/Makefile.in index b2dcec6b9d..08fe83080e 100644 --- a/src/lib/crypto/openssl/sha1/Makefile.in +++ b/src/lib/crypto/openssl/sha1/Makefile.in @@ -2,14 +2,11 @@ mydir=lib$(S)crypto$(S)openssl$(S)sha1 BUILDTOP=$(REL)..$(S)..$(S)..$(S).. DEFS= -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) +STLIBOBJS= -STLIBOBJS= shs.o +OBJS= -OBJS= $(OUTPRE)shs.$(OBJEXT) - -SRCS= $(srcdir)/shs.c +SRCS= all-unix:: all-libobjs diff --git a/src/lib/crypto/openssl/sha1/deps b/src/lib/crypto/openssl/sha1/deps index 096d304404..2feac3c9d3 100644 --- a/src/lib/crypto/openssl/sha1/deps +++ b/src/lib/crypto/openssl/sha1/deps @@ -1,14 +1 @@ -# -# Generated makefile dependencies follow. -# -shs.so shs.po $(OUTPRE)shs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - shs.c shs.h +# No dependencies here. diff --git a/src/lib/crypto/openssl/sha1/shs.c b/src/lib/crypto/openssl/sha1/shs.c deleted file mode 100644 index 42d260d3d3..0000000000 --- a/src/lib/crypto/openssl/sha1/shs.c +++ /dev/null @@ -1,60 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/openssl/sha1/shs.c - * - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "shs.h" -#ifdef HAVE_SYS_TYPES_H -#include <sys/types.h> -#endif -#include <string.h> -#define h0init 0x67452301L -#define h1init 0xEFCDAB89L -#define h2init 0x98BADCFEL -#define h3init 0x10325476L -#define h4init 0xC3D2E1F0L - -/* Initialize the SHS values */ -void shsInit(SHS_INFO *shsInfo) -{ - EVP_MD_CTX_init(&shsInfo->ossl_sha1_ctx ); - EVP_DigestInit_ex(&shsInfo->ossl_sha1_ctx , EVP_sha1(), NULL); - shsInfo->digestLen = 0; - memset(shsInfo->digestBuf, 0 , sizeof(shsInfo->digestBuf)); -} - -/* Update SHS for a block of data */ - -void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count) -{ - EVP_DigestUpdate(&shsInfo->ossl_sha1_ctx , buffer, count); -} -/* Final wrapup - pad to SHS_DATASIZE-byte boundary with the bit pattern - 1 0* (64-bit count of bits processed, MSB-first) */ - -void shsFinal(SHS_INFO *shsInfo) -{ - EVP_DigestFinal_ex(&shsInfo->ossl_sha1_ctx ,(unsigned char *)shsInfo->digestBuf , &shsInfo->digestLen); - EVP_MD_CTX_cleanup(&shsInfo->ossl_sha1_ctx ); -} diff --git a/src/lib/crypto/openssl/sha1/shs.h b/src/lib/crypto/openssl/sha1/shs.h deleted file mode 100644 index 60cf2ad2c7..0000000000 --- a/src/lib/crypto/openssl/sha1/shs.h +++ /dev/null @@ -1,48 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -#ifndef _SHS_DEFINED - -#include "k5-int.h" -#include <openssl/evp.h> -#include <openssl/sha.h> - -#define _SHS_DEFINED - -/* Some useful types */ - -typedef krb5_octet SHS_BYTE; -typedef krb5_ui_4 SHS_LONG; - -/* Define the following to use the updated SHS implementation */ -#define NEW_SHS /**/ - -/* The SHS block size and message digest sizes, in bytes */ - -#define SHS_DATASIZE 64 -#define SHS_DIGESTSIZE 20 - -/* The structure for storing SHS info */ - -typedef struct { - EVP_MD_CTX ossl_sha1_ctx; - unsigned char digestBuf[SHS_DIGESTSIZE]; /* output */ - unsigned int digestLen; /* output */ -} SHS_INFO; - -/* Message digest functions (shs.c) */ -void shsInit(SHS_INFO *shsInfo); -void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count); -void shsFinal(SHS_INFO *shsInfo); - - -/* Keyed Message digest functions (hmac_sha.c) */ -krb5_error_code hmac_sha(krb5_octet *text, - int text_len, - krb5_octet *key, - int key_len, - krb5_octet *digest); - - -#define NIST_SHA_CKSUM_LENGTH SHS_DIGESTSIZE -#define HMAC_SHA_CKSUM_LENGTH SHS_DIGESTSIZE - -#endif /* _SHS_DEFINED */ diff --git a/src/lib/crypto/openssl/sha2/Makefile.in b/src/lib/crypto/openssl/sha2/Makefile.in index cddb434e49..6df0e0d44e 100644 --- a/src/lib/crypto/openssl/sha2/Makefile.in +++ b/src/lib/crypto/openssl/sha2/Makefile.in @@ -7,9 +7,6 @@ BUILDTOP=$(REL)..$(S)..$(S)..$(S).. LOCALINCLUDES= DEFS= -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) - STLIBOBJS= OBJS= diff --git a/src/lib/crypto/openssl/sha2/sha2.h b/src/lib/crypto/openssl/sha2/sha2.h deleted file mode 100644 index afc1d46606..0000000000 --- a/src/lib/crypto/openssl/sha2/sha2.h +++ /dev/null @@ -1,38 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * lib/crypto/openssl/sha2/sha2.h - * - * Copyright 2010 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifndef _SHA2_DEFINED - -#include <openssl/sha.h> - -#define _SHA2_DEFINED - -#define k5_sha256_init SHA256_Init -#define k5_sha256_update SHA256_Update -#define k5_sha256_final SHA256_Final - -#endif /* _SHA2_DEFINED */ |