From 3ba4b0893874ad835ccdad8b35c7e1ff62f9ecdd Mon Sep 17 00:00:00 2001 From: Zhanna Tsitkov Date: Thu, 29 Oct 2009 21:36:47 +0000 Subject: Corrected Copyrights and some minor reorganization in openssl impl. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23090 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/openssl/aes/Makefile.in | 13 - src/lib/crypto/openssl/aes/aes-gen.c | 328 ---------- src/lib/crypto/openssl/aes/aes.h | 97 --- src/lib/crypto/openssl/aes/aes_s2k.c | 2 +- src/lib/crypto/openssl/aes/aescpp.h | 55 -- src/lib/crypto/openssl/aes/aescrypt.c | 14 - src/lib/crypto/openssl/aes/aeskey.c | 15 - src/lib/crypto/openssl/aes/aesopt.h | 851 -------------------------- src/lib/crypto/openssl/aes/aestab.c | 6 - src/lib/crypto/openssl/aes/deps | 10 - src/lib/crypto/openssl/aes/uitypes.h | 83 --- src/lib/crypto/openssl/arcfour/arcfour_aead.c | 2 +- src/lib/crypto/openssl/des/Makefile.in | 40 +- src/lib/crypto/openssl/des/afsstring2key.c | 27 - src/lib/crypto/openssl/des/d3_aead.c | 34 - src/lib/crypto/openssl/des/d3_cbc.c | 51 -- src/lib/crypto/openssl/des/d3_kysched.c | 18 - src/lib/crypto/openssl/des/deps | 104 +--- src/lib/crypto/openssl/des/des_int.h | 191 +----- src/lib/crypto/openssl/des/des_oldapis.c | 56 ++ src/lib/crypto/openssl/des/f_aead.c | 33 - src/lib/crypto/openssl/des/f_cbc.c | 89 --- src/lib/crypto/openssl/des/f_cksum.c | 18 - src/lib/crypto/openssl/des/f_parity.c | 19 + src/lib/crypto/openssl/des/f_sched.c | 15 - src/lib/crypto/openssl/des/key_sched.c | 18 - src/lib/crypto/openssl/des/string2key.c | 23 +- src/lib/crypto/openssl/enc_provider/aes.c | 24 +- src/lib/crypto/openssl/enc_provider/deps | 4 +- src/lib/crypto/openssl/enc_provider/des.c | 70 ++- src/lib/crypto/openssl/enc_provider/des3.c | 70 ++- src/lib/crypto/openssl/enc_provider/rc4.c | 42 +- src/lib/crypto/openssl/hmac.c | 49 ++ src/lib/crypto/openssl/md4/md4.c | 22 + src/lib/crypto/openssl/md5/md5.c | 24 + src/lib/crypto/openssl/md5/rsa-md5.h | 64 ++ src/lib/crypto/openssl/pbkdf2.c | 2 +- src/lib/crypto/openssl/sha1/shs.c | 25 + 38 files changed, 431 insertions(+), 2177 deletions(-) delete mode 100644 src/lib/crypto/openssl/aes/aes-gen.c delete mode 100644 src/lib/crypto/openssl/aes/aes.h delete mode 100644 src/lib/crypto/openssl/aes/aescpp.h delete mode 100644 src/lib/crypto/openssl/aes/aescrypt.c delete mode 100644 src/lib/crypto/openssl/aes/aeskey.c delete mode 100644 src/lib/crypto/openssl/aes/aesopt.h delete mode 100644 src/lib/crypto/openssl/aes/aestab.c delete mode 100644 src/lib/crypto/openssl/aes/uitypes.h delete mode 100644 src/lib/crypto/openssl/des/afsstring2key.c delete mode 100644 src/lib/crypto/openssl/des/d3_aead.c delete mode 100644 src/lib/crypto/openssl/des/d3_cbc.c delete mode 100644 src/lib/crypto/openssl/des/d3_kysched.c create mode 100644 src/lib/crypto/openssl/des/des_oldapis.c delete mode 100644 src/lib/crypto/openssl/des/f_aead.c delete mode 100644 src/lib/crypto/openssl/des/f_cbc.c delete mode 100644 src/lib/crypto/openssl/des/f_cksum.c delete mode 100644 src/lib/crypto/openssl/des/f_sched.c delete mode 100644 src/lib/crypto/openssl/des/key_sched.c diff --git a/src/lib/crypto/openssl/aes/Makefile.in b/src/lib/crypto/openssl/aes/Makefile.in index 3e84466a4a..72af752477 100644 --- a/src/lib/crypto/openssl/aes/Makefile.in +++ b/src/lib/crypto/openssl/aes/Makefile.in @@ -13,27 +13,14 @@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) STLIBOBJS=\ - aescrypt.o \ - aestab.o \ - aeskey.o \ aes_s2k.o OBJS=\ - $(OUTPRE)aescrypt.$(OBJEXT) \ - $(OUTPRE)aestab.$(OBJEXT) \ - $(OUTPRE)aeskey.$(OBJEXT) \ $(OUTPRE)aes_s2k.$(OBJEXT) SRCS=\ - $(srcdir)/aescrypt.c \ - $(srcdir)/aestab.c \ - $(srcdir)/aeskey.c \ $(srcdir)/aes_s2k.c -GEN_OBJS=\ - $(OUTPRE)aescrypt.$(OBJEXT) \ - $(OUTPRE)aestab.$(OBJEXT) \ - $(OUTPRE)aeskey.$(OBJEXT) ##DOS##LIBOBJS = $(OBJS) diff --git a/src/lib/crypto/openssl/aes/aes-gen.c b/src/lib/crypto/openssl/aes/aes-gen.c deleted file mode 100644 index c69ba44957..0000000000 --- a/src/lib/crypto/openssl/aes/aes-gen.c +++ /dev/null @@ -1,328 +0,0 @@ -/* - * To be compiled against the AES code from: - * http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm - */ -#include -#include -#include -#include -#include "aes.h" - -#define B 16U -unsigned char key[16]; -unsigned char test_case_len[] = { B+1, 2*B-1, 2*B, 2*B+1, 3*B-1, 3*B, 4*B, }; -#define NTESTS (sizeof(test_case_len)) -struct { - unsigned char ivec[16]; - unsigned char input[4*16]; - unsigned char output[4*16]; -} test_case[NTESTS]; -aes_ctx ctx, dctx; - -static void init () -{ - int i, j, r; - - srand(42); - for (i = 0; i < 16; i++) - key[i] = 0xff & rand(); - memset(test_case, 0, sizeof(test_case)); - for (i = 0; i < NTESTS; i++) - for (j = 0; j < test_case_len[i]; j++) { - test_case[i].input[j] = 0xff & rand(); - } - - r = krb5int_aes_enc_key (key, sizeof(key), &ctx); - //r = aes_enc_key (key, sizeof(key), &ctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - r = krb5int_aes_dec_key (key, sizeof(key), &dctx); - //r = aes_dec_key (key, sizeof(key), &dctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); -} - -static void hexdump(const unsigned char *ptr, size_t len) -{ - int i; - for (i = 0; i < len; i++) - printf ("%s%02X", (i % 16 == 0) ? "\n " : " ", ptr[i]); -} - -static void fips_test () -{ - static const unsigned char fipskey[16] = { - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, - }; - static const unsigned char input[16] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, - }; - static const unsigned char expected[16] = { - 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30, - 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a, - }; - unsigned char output[16]; - unsigned char tmp[16]; - aes_ctx fipsctx; - int r; - - printf ("FIPS test:\nkey:"); - hexdump (fipskey, 16); - printf ("\ninput:"); - hexdump (input, 16); - r = aes_enc_key (fipskey, sizeof(fipskey), &fipsctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - r = aes_enc_blk (input, output, &fipsctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - printf ("\noutput:"); - hexdump (output, 16); - printf ("\n"); - if (memcmp(expected, output, 16)) - fprintf(stderr, "wrong results!!!\n"), exit (1); - r = aes_dec_key (fipskey, sizeof(fipskey), &fipsctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - r = aes_dec_blk (output, tmp, &fipsctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - if (memcmp(input, tmp, 16)) - fprintf(stderr, "decryption failed!!\n"), exit(1); - printf ("ok.\n\n"); -} - -static void -xor (unsigned char *out, const unsigned char *a, const unsigned char *b) -{ - int i; - for (i = 0; i < B; i++) - out[i] = a[i] ^ b[i]; -} - -static void -ecb_enc (unsigned char *out, unsigned char *in, unsigned int len) -{ - int i, r; - for (i = 0; i < len; i += 16) { - r = aes_enc_blk (in + i, out + i, &ctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - } - if (i != len) abort (); -} - -static void -ecb_dec (unsigned char *out, unsigned char *in, unsigned int len) -{ - int i, r; - for (i = 0; i < len; i += 16) { - r = aes_dec_blk (in + i, out + i, &dctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - } - if (i != len) abort (); -} - -#define D(X) (printf("%s %d: %s=",__FUNCTION__,__LINE__, #X),hexdump(X,B),printf("\n")) - -#undef D -#define D(X) - -static void -cbc_enc (unsigned char *out, unsigned char *in, unsigned char *iv, - unsigned int len) -{ - int i, r; - unsigned char tmp[B]; - D(iv); - memcpy (tmp, iv, B); - for (i = 0; i < len; i += B) { - D(in+i); - xor (tmp, tmp, in + i); - D(tmp); - r = aes_enc_blk (tmp, out + i, &ctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - memcpy (tmp, out + i, B); - D(out+i); - } - if (i != len) abort (); -} - -static void -cbc_dec (unsigned char *out, unsigned char *in, unsigned char *iv, - unsigned int len) -{ - int i, r; - unsigned char tmp[B]; - memcpy (tmp, iv, B); - for (i = 0; i < len; i += B) { - r = aes_dec_blk (in + i, tmp, &dctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - xor (tmp, tmp, iv); - iv = in + i; - memcpy (out + i, tmp, B); - } - if (i != len) abort (); -} - -static void -cts_enc (unsigned char *out, unsigned char *in, unsigned char *iv, - unsigned int len) -{ - int r; - unsigned int len2; - unsigned char pn1[B], pn[B], cn[B], cn1[B]; - - if (len < B + 1) abort (); - len2 = (len - B - 1) & ~(B-1); - cbc_enc (out, in, iv, len2); - out += len2; - in += len2; - len -= len2; - if (len2) - iv = out - B; - if (len <= B || len > 2 * B) - abort (); - printf ("(did CBC mode for %d)\n", len2); - - D(in); - xor (pn1, in, iv); - D(pn1); - r = aes_enc_blk (pn1, cn, &ctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - D(cn); - memset (pn, 0, sizeof(pn)); - memcpy (pn, in+B, len-B); - D(pn); - xor (pn, pn, cn); - D(pn); - r = aes_enc_blk (pn, cn1, &ctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - D(cn1); - memcpy(out, cn1, B); - memcpy(out+B, cn, len-B); -} - -static void -cts_dec (unsigned char *out, unsigned char *in, unsigned char *iv, - unsigned int len) -{ - int r; - unsigned int len2; - unsigned char pn1[B], pn[B], cn[B], cn1[B]; - - if (len < B + 1) abort (); - len2 = (len - B - 1) & ~(B-1); - cbc_dec (out, in, iv, len2); - out += len2; - in += len2; - len -= len2; - if (len2) - iv = in - B; - if (len <= B || len > 2 * B) - abort (); - - memcpy (cn1, in, B); - r = aes_dec_blk (cn1, pn, &dctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - memset (cn, 0, sizeof(cn)); - memcpy (cn, in+B, len-B); - xor (pn, pn, cn); - memcpy (cn+len-B, pn+len-B, 2*B-len); - r = aes_dec_blk (cn, pn1, &dctx); - if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); - xor (pn1, pn1, iv); - memcpy(out, pn1, B); - memcpy(out+B, pn, len-B); -} - -static void ecb_test () -{ - int testno; - unsigned char tmp[4*B]; - - printf ("ECB tests:\n"); - printf ("key:"); - hexdump (key, sizeof(key)); - for (testno = 0; testno < NTESTS; testno++) { - unsigned len = (test_case_len[testno] + 15) & ~15; - printf ("\ntest %d - %d bytes\n", testno, len); - printf ("input:"); - hexdump (test_case[testno].input, len); - printf ("\n"); - ecb_enc (test_case[testno].output, test_case[testno].input, len); - printf ("output:"); - hexdump (test_case[testno].output, len); - printf ("\n"); - ecb_dec (tmp, test_case[testno].output, len); - if (memcmp (tmp, test_case[testno].input, len)) { - printf ("ecb decrypt failed!!"); - hexdump (tmp, len); - printf ("\n"); - exit (1); - } - } - printf ("\n"); -} - -unsigned char ivec[16] = { 0 }; - -static void cbc_test () -{ - int testno; - unsigned char tmp[4*B]; - - printf ("CBC tests:\n"); - printf ("initial vector:"); - hexdump (ivec, sizeof(ivec)); - for (testno = 0; testno < NTESTS; testno++) { - unsigned len = (test_case_len[testno] + 15) & ~15; - printf ("\ntest %d - %d bytes\n", testno, len); - printf ("input:"); - hexdump (test_case[testno].input, len); - printf ("\n"); - cbc_enc (test_case[testno].output, test_case[testno].input, ivec, len); - printf ("output:"); - hexdump (test_case[testno].output, len); - printf ("\n"); - cbc_dec (tmp, test_case[testno].output, ivec, len); - if (memcmp (tmp, test_case[testno].input, len)) { - printf("cbc decrypt failed!!"); - hexdump (tmp, len); - printf ("\n"); - exit(1); - } - } - printf ("\n"); -} - -static void cts_test () -{ - int testno; - unsigned char tmp[4*B]; - - printf ("CTS tests:\n"); - printf ("initial vector:"); - hexdump (ivec, sizeof(ivec)); - for (testno = 0; testno < NTESTS; testno++) { - unsigned int len = test_case_len[testno]; - printf ("\ntest %d - %d bytes\n", testno, len); - printf ("input:"); - hexdump (test_case[testno].input, len); - printf ("\n"); - cts_enc (test_case[testno].output, test_case[testno].input, ivec, len); - printf ("output:"); - hexdump (test_case[testno].output, len); - printf ("\n"); - cts_dec (tmp, test_case[testno].output, ivec, len); - if (memcmp (tmp, test_case[testno].input, len)) - fprintf (stderr, "cts decrypt failed!!\n"), exit(1); - } - printf ("\n"); -} - -int main () -{ - init (); - fips_test (); - - ecb_test(); - cbc_test(); - cts_test(); - - return 0; -} diff --git a/src/lib/crypto/openssl/aes/aes.h b/src/lib/crypto/openssl/aes/aes.h deleted file mode 100644 index ac1c1b89eb..0000000000 --- a/src/lib/crypto/openssl/aes/aes.h +++ /dev/null @@ -1,97 +0,0 @@ -/* - ------------------------------------------------------------------------- - Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. - All rights reserved. - - LICENSE TERMS - - The free distribution and use of this software in both source and binary - form is allowed (with or without changes) provided that: - - 1. distributions of this source code include the above copyright - notice, this list of conditions and the following disclaimer; - - 2. distributions in binary form include the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other associated materials; - - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness - and fitness for purpose. - ------------------------------------------------------------------------- - Issue Date: 21/01/2002 - - This file contains the definitions required to use AES (Rijndael) in C. -*/ - -#ifndef _AES_H -#define _AES_H - -#include "uitypes.h" - -/* BLOCK_SIZE is in BYTES: 16, 24, 32 or undefined for aes.c and 16, 20, - 24, 28, 32 or undefined for aespp.c. When left undefined a slower - version that provides variable block length is compiled. -*/ - -#define BLOCK_SIZE 16 - -/* key schedule length (in 32-bit words) */ - -#if !defined(BLOCK_SIZE) -#define KS_LENGTH 128 -#else -#define KS_LENGTH 4 * BLOCK_SIZE -#endif - -#if defined(__cplusplus) -extern "C" -{ -#endif - -typedef uint16_t aes_fret; /* type for function return value */ -#define aes_bad 0 /* bad function return value */ -#define aes_good 1 /* good function return value */ -#ifndef AES_DLL /* implement normal or DLL functions */ -#define aes_rval aes_fret -#else -#define aes_rval aes_fret __declspec(dllexport) _stdcall -#endif - -typedef struct /* the AES context for encryption */ -{ uint32_t k_sch[KS_LENGTH]; /* the encryption key schedule */ - uint32_t n_rnd; /* the number of cipher rounds */ - uint32_t n_blk; /* the number of bytes in the state */ -} aes_ctx; - -/* for Kerberos 5 tree -- hide names! */ -#define aes_blk_len krb5int_aes_blk_len -#define aes_enc_key krb5int_aes_enc_key -#define aes_enc_blk krb5int_aes_enc_blk -#define aes_dec_key krb5int_aes_dec_key -#define aes_dec_blk krb5int_aes_dec_blk -#define fl_tab krb5int_fl_tab -#define ft_tab krb5int_ft_tab -#define il_tab krb5int_il_tab -#define im_tab krb5int_im_tab -#define it_tab krb5int_it_tab -#define rcon_tab krb5int_rcon_tab - -aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]); - -aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]); -aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]); - -aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]); -aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]); - -#if defined(__cplusplus) -} -#endif - -#endif diff --git a/src/lib/crypto/openssl/aes/aes_s2k.c b/src/lib/crypto/openssl/aes/aes_s2k.c index 1b088ae8b9..348acade9c 100644 --- a/src/lib/crypto/openssl/aes/aes_s2k.c +++ b/src/lib/crypto/openssl/aes/aes_s2k.c @@ -1,7 +1,7 @@ /* * lib/crypto/openssl/aes/aes_s2k.c * - * Copyright 2003 by the Massachusetts Institute of Technology. + * Copyright 2003, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may diff --git a/src/lib/crypto/openssl/aes/aescpp.h b/src/lib/crypto/openssl/aes/aescpp.h deleted file mode 100644 index e685485e10..0000000000 --- a/src/lib/crypto/openssl/aes/aescpp.h +++ /dev/null @@ -1,55 +0,0 @@ - -/* - ------------------------------------------------------------------------- - Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. - All rights reserved. - - TERMS - - Redistribution and use in source and binary forms, with or without - modification, are permitted subject to the following conditions: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. The copyright holder's name must not be used to endorse or promote - any products derived from this software without his specific prior - written permission. - - This software is provided 'as is' with no express or implied warranties - of correctness or fitness for purpose. - ------------------------------------------------------------------------- - Issue Date: 21/01/2002 - - This file contains the definitions required to use AES (Rijndael) in C++. -*/ - -#ifndef _AESCPP_H -#define _AESCPP_H - -#include "aes.h" - -class AESclass -{ aes_ctx cx[1]; -public: -#if defined(BLOCK_SIZE) - AESclass() { cx->n_blk = BLOCK_SIZE; cx->n_rnd = 0; } -#else - AESclass(unsigned int blen = 16) { cx->n_blk = blen; cx->n_rnd = 0; } -#endif - aes_rval blk_len(unsigned int blen) { return aes_blk_len(blen, cx); } - aes_rval enc_key(const unsigned char in_key[], unsigned int klen) - { return aes_enc_key(in_key, klen, cx); } - aes_rval dec_key(const unsigned char in_key[], unsigned int klen) - { return aes_dec_key(in_key, klen, cx); } - aes_rval enc_blk(const unsigned char in_blk[], unsigned char out_blk[]) - { return aes_enc_blk(in_blk, out_blk, cx); } - aes_rval dec_blk(const unsigned char in_blk[], unsigned char out_blk[]) - { return aes_dec_blk(in_blk, out_blk, cx); } -}; - -#endif diff --git a/src/lib/crypto/openssl/aes/aescrypt.c b/src/lib/crypto/openssl/aes/aescrypt.c deleted file mode 100644 index 27ee567519..0000000000 --- a/src/lib/crypto/openssl/aes/aescrypt.c +++ /dev/null @@ -1,14 +0,0 @@ -/* lib/crypto/openssl/aes/aescrypt.c - */ - -#include "aesopt.h" - -aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]) -{ - return aes_bad; -} -aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]) -{ - return aes_bad; -} - diff --git a/src/lib/crypto/openssl/aes/aeskey.c b/src/lib/crypto/openssl/aes/aeskey.c deleted file mode 100644 index 6cd7ba1f2d..0000000000 --- a/src/lib/crypto/openssl/aes/aeskey.c +++ /dev/null @@ -1,15 +0,0 @@ -/* - * lib/crypto/openssl/aes/aeskey.c - */ - -#include "aesopt.h" - -aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]) -{ - return aes_bad; -} -aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]) -{ - return aes_bad; -} - diff --git a/src/lib/crypto/openssl/aes/aesopt.h b/src/lib/crypto/openssl/aes/aesopt.h deleted file mode 100644 index eea341577c..0000000000 --- a/src/lib/crypto/openssl/aes/aesopt.h +++ /dev/null @@ -1,851 +0,0 @@ -/* - ------------------------------------------------------------------------- - Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. - All rights reserved. - - LICENSE TERMS - - The free distribution and use of this software in both source and binary - form is allowed (with or without changes) provided that: - - 1. distributions of this source code include the above copyright - notice, this list of conditions and the following disclaimer; - - 2. distributions in binary form include the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other associated materials; - - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness - and fitness for purpose. - ------------------------------------------------------------------------- - Issue Date: 07/02/2002 - - This file contains the compilation options for AES (Rijndael) and code - that is common across encryption, key scheduling and table generation. - - - OPERATION - - These source code files implement the AES algorithm Rijndael designed by - Joan Daemen and Vincent Rijmen. The version in aes.c is designed for - block and key sizes of 128, 192 and 256 bits (16, 24 and 32 bytes) while - that in aespp.c provides for block and keys sizes of 128, 160, 192, 224 - and 256 bits (16, 20, 24, 28 and 32 bytes). This file is a common header - file for these two implementations and for aesref.c, which is a reference - implementation. - - This version is designed for flexibility and speed using operations on - 32-bit words rather than operations on bytes. It provides aes_both fixed - and dynamic block and key lengths and can also run with either big or - little endian internal byte order (see aes.h). It inputs block and key - lengths in bytes with the legal values being 16, 24 and 32 for aes.c and - 16, 20, 24, 28 and 32 for aespp.c - - THE CIPHER INTERFACE - - uint8_t (an unsigned 8-bit type) - uint32_t (an unsigned 32-bit type) - aes_fret (a signed 16 bit type for function return values) - aes_good (value != 0, a good return) - aes_bad (value == 0, an error return) - struct aes_ctx (structure for the cipher encryption context) - struct aes_ctx (structure for the cipher decryption context) - aes_rval the function return type (aes_fret if not DLL) - - C subroutine calls: - - aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]); - aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]); - aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]); - - aes_rval aes_dec_len(unsigned int blen, aes_ctx cx[1]); - aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]); - aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]); - - IMPORTANT NOTE: If you are using this C interface and your compiler does - not set the memory used for objects to zero before use, you will need to - ensure that cx.s_flg is set to zero before using these subroutine calls. - - C++ aes class subroutines: - - class AESclass for encryption - class AESclass for decryption - - aes_rval len(unsigned int blen = 16); - aes_rval key(const unsigned char in_key[], unsigned int klen); - aes_rval blk(const unsigned char in_blk[], unsigned char out_blk[]); - - aes_rval len(unsigned int blen = 16); - aes_rval key(const unsigned char in_key[], unsigned int klen); - aes_rval blk(const unsigned char in_blk[], unsigned char out_blk[]); - - The block length inputs to set_block and set_key are in numbers of - BYTES, not bits. The calls to subroutines must be made in the above - order but multiple calls can be made without repeating earlier calls - if their parameters have not changed. If the cipher block length is - variable but set_blk has not been called before cipher operations a - value of 16 is assumed (that is, the AES block size). In contrast to - earlier versions the block and key length parameters are now checked - for correctness and the encryption and decryption routines check to - ensure that an appropriate key has been set before they are called. - - COMPILATION - - The files used to provide AES (Rijndael) are - - a. aes.h for the definitions needed for use in C. - b. aescpp.h for the definitions needed for use in C++. - c. aesopt.h for setting compilation options (also includes common - code). - d. aescrypt.c for encryption and decrytpion, or - e. aescrypt.asm for encryption and decryption using assembler code. - f. aeskey.c for key scheduling. - g. aestab.c for table loading or generation. - h. uitypes.h for defining fixed length unsigned integers. - - The assembler code uses the NASM assembler. The above files provice - block and key lengths of 16, 24 and 32 bytes (128, 192 and 256 bits). - If aescrypp.c and aeskeypp.c are used instead of aescrypt.c and - aeskey.c respectively, the block and key lengths can then be 16, 20, - 24, 28 or 32 bytes. However this code has not been optimised to the - same extent and is hence slower (esepcially for the AES block size - of 16 bytes). - - To compile AES (Rijndael) for use in C code use aes.h and exclude - the AES_DLL define in aes.h - - To compile AES (Rijndael) for use in in C++ code use aescpp.h and - exclude the AES_DLL define in aes.h - - To compile AES (Rijndael) in C as a Dynamic Link Library DLL) use - aes.h, include the AES_DLL define and compile the DLL. If using - the test files to test the DLL, exclude aes.c from the test build - project and compile it with the same defines as used for the DLL - (ensure that the DLL path is correct) - - CONFIGURATION OPTIONS (here and in aes.h) - - a. define BLOCK_SIZE in aes.h to set the cipher block size (16, 24 - or 32 for the standard code, or 16, 20, 24, 28 or 32 for the - extended code) or leave this undefined for dynamically variable - block size (this will result in much slower code). - b. set AES_DLL in aes.h if AES (Rijndael) is to be compiled as a DLL - c. You may need to set PLATFORM_BYTE_ORDER to define the byte order. - d. If you want the code to run in a specific internal byte order, then - INTERNAL_BYTE_ORDER must be set accordingly. - e. set other configuration options decribed below. -*/ - -#ifndef _AESOPT_H -#define _AESOPT_H - -/* START OF CONFIGURATION OPTIONS - - USE OF DEFINES - - Later in this section there are a number of defines that control - the operation of the code. In each section, the purpose of each - define is explained so that the relevant form can be included or - excluded by setting either 1's or 0's respectively on the branches - of the related #if clauses. -*/ - -#include "autoconf.h" - -/* 1. PLATFORM SPECIFIC INCLUDES */ - -#if /* defined(__GNUC__) || */ defined(__GNU_LIBRARY__) -# include -# include -#elif defined(__CRYPTLIB__) -# if defined( INC_ALL ) -# include "crypt.h" -# elif defined( INC_CHILD ) -# include "../crypt.h" -# else -# include "crypt.h" -# endif -# if defined(DATA_LITTLEENDIAN) -# define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN -# else -# define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN -# endif -#elif defined(_MSC_VER) -# include -#elif defined(__m68k__) && defined(__palmos__) -# include /* defines BIG_ENDIAN */ -#elif defined(_MIPSEB) -# define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN -#elif defined(_MIPSEL) -# define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN -#elif defined(_WIN32) -# define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN -#elif !defined(_WIN32) -# include -# if defined(HAVE_ENDIAN_H) -# include -# elif defined(HAVE_MACHINE_ENDIAN_H) -# include -# else -# include -# endif -#endif - -/* 2. BYTE ORDER IN 32-BIT WORDS - - To obtain the highest speed on processors with 32-bit words, this code - needs to determine the order in which bytes are packed into such words. - The following block of code is an attempt to capture the most obvious - ways in which various environemnts specify heir endian definitions. It - may well fail, in which case the definitions will need to be set by - editing at the points marked **** EDIT HERE IF NECESSARY **** below. -*/ -#define AES_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */ -#define AES_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */ - -#if !defined(PLATFORM_BYTE_ORDER) -#if defined(LITTLE_ENDIAN) || defined(BIG_ENDIAN) -# if defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN) -# if defined(BYTE_ORDER) -# if (BYTE_ORDER == LITTLE_ENDIAN) -# define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN -# elif (BYTE_ORDER == BIG_ENDIAN) -# define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN -# endif -# endif -# elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) -# define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN -# elif !defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN) -# define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN -# endif -#elif defined(_LITTLE_ENDIAN) || defined(_BIG_ENDIAN) -# if defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN) -# if defined(_BYTE_ORDER) -# if (_BYTE_ORDER == _LITTLE_ENDIAN) -# define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN -# elif (_BYTE_ORDER == _BIG_ENDIAN) -# define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN -# endif -# endif -# elif defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN) -# define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN -# elif !defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN) -# define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN -# endif -#elif 0 /* **** EDIT HERE IF NECESSARY **** */ -#define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN -#elif 0 /* **** EDIT HERE IF NECESSARY **** */ -#define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN -#elif 1 -#define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN -#define UNKNOWN_BYTE_ORDER /* we're guessing */ -#endif -#endif - -/* 3. ASSEMBLER SUPPORT - - If the assembler code is used for encryption and decryption this file only - provides key scheduling so the following defines are used -*/ -#ifdef AES_ASM -#define ENCRYPTION_KEY_SCHEDULE -#define DECRYPTION_KEY_SCHEDULE -#endif - -/* 4. FUNCTIONS REQUIRED - - This implementation provides five main subroutines which provide for - setting block length, setting encryption and decryption keys and for - encryption and decryption. When the assembler code is not being used - the following definition blocks allow the selection of the routines - that are to be included in the compilation. -*/ -#if 1 -#ifndef AES_ASM -#define SET_BLOCK_LENGTH -#endif -#endif - -#if 1 -#ifndef AES_ASM -#define ENCRYPTION_KEY_SCHEDULE -#endif -#endif - -#if 1 -#ifndef AES_ASM -#define DECRYPTION_KEY_SCHEDULE -#endif -#endif - -#if 1 -#ifndef AES_ASM -#define ENCRYPTION -#endif -#endif - -#if 1 -#ifndef AES_ASM -#define DECRYPTION -#endif -#endif - -/* 5. BYTE ORDER WITHIN 32 BIT WORDS - - The fundamental data processing units in Rijndael are 8-bit bytes. The - input, output and key input are all enumerated arrays of bytes in which - bytes are numbered starting at zero and increasing to one less than the - number of bytes in the array in question. This enumeration is only used - for naming bytes and does not imply any adjacency or order relationship - from one byte to another. When these inputs and outputs are considered - as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to - byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte. - In this implementation bits are numbered from 0 to 7 starting at the - numerically least significant end of each byte (bit n represents 2^n). - - However, Rijndael can be implemented more efficiently using 32-bit - words by packing bytes into words so that bytes 4*n to 4*n+3 are placed - into word[n]. While in principle these bytes can be assembled into words - in any positions, this implementation only supports the two formats in - which bytes in adjacent positions within words also have adjacent byte - numbers. This order is called big-endian if the lowest numbered bytes - in words have the highest numeric significance and little-endian if the - opposite applies. - - This code can work in either order irrespective of the order used by the - machine on which it runs. Normally the internal byte order will be set - to the order of the processor on which the code is to be run but this - define can be used to reverse this in special situations -*/ -#if 1 -#define INTERNAL_BYTE_ORDER PLATFORM_BYTE_ORDER -#elif defined(AES_LITTLE_ENDIAN) -#define INTERNAL_BYTE_ORDER AES_LITTLE_ENDIAN -#elif defined(AES_BIG_ENDIAN) -#define INTERNAL_BYTE_ORDER AES_BIG_ENDIAN -#endif - -/* 6. FAST INPUT/OUTPUT OPERATIONS. - - On some machines it is possible to improve speed by transferring the - bytes in the input and output arrays to and from the internal 32-bit - variables by addressing these arrays as if they are arrays of 32-bit - words. On some machines this will always be possible but there may - be a large performance penalty if the byte arrays are not aligned on - the normal word boundaries. On other machines this technique will - lead to memory access errors when such 32-bit word accesses are not - properly aligned. The option SAFE_IO avoids such problems but will - often be slower on those machines that support misaligned access - (especially so if care is taken to align the input and output byte - arrays on 32-bit word boundaries). If SAFE_IO is not defined it is - assumed that access to byte arrays as if they are arrays of 32-bit - words will not cause problems when such accesses are misaligned. -*/ -#if 1 -#define SAFE_IO -#endif - -/* - * If PLATFORM_BYTE_ORDER does not match the actual machine byte - * order, the fast word-access code will cause incorrect results. - * Therefore, SAFE_IO is required when the byte order is unknown. - */ -#if !defined(SAFE_IO) && defined(UNKNOWN_BYTE_ORDER) -# error "SAFE_IO must be defined if machine byte order is unknown." -#endif - -/* 7. LOOP UNROLLING - - The code for encryption and decrytpion cycles through a number of rounds - that can be implemented either in a loop or by expanding the code into a - long sequence of instructions, the latter producing a larger program but - one that will often be much faster. The latter is called loop unrolling. - There are also potential speed advantages in expanding two iterations in - a loop with half the number of iterations, which is called partial loop - unrolling. The following options allow partial or full loop unrolling - to be set independently for encryption and decryption -*/ -#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO) -#define ENC_UNROLL FULL -#elif 0 -#define ENC_UNROLL PARTIAL -#else -#define ENC_UNROLL NONE -#endif - -#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO) -#define DEC_UNROLL FULL -#elif 0 -#define DEC_UNROLL PARTIAL -#else -#define DEC_UNROLL NONE -#endif - -/* 8. FIXED OR DYNAMIC TABLES - - When this section is included the tables used by the code are compiled - statically into the binary file. Otherwise they are computed once when - the code is first used. -*/ -#if 1 -#define FIXED_TABLES -#endif - -/* 9. FAST FINITE FIELD OPERATIONS - - If this section is included, tables are used to provide faster finite - field arithmetic (this has no effect if FIXED_TABLES is defined). -*/ -#if 1 -#define FF_TABLES -#endif - -/* 10. INTERNAL STATE VARIABLE FORMAT - - The internal state of Rijndael is stored in a number of local 32-bit - word varaibles which can be defined either as an array or as individual - names variables. Include this section if you want to store these local - varaibles in arrays. Otherwise individual local variables will be used. -*/ -#if 1 -#define ARRAYS -#endif - -/* In this implementation the columns of the state array are each held in - 32-bit words. The state array can be held in various ways: in an array - of words, in a number of individual word variables or in a number of - processor registers. The following define maps a variable name x and - a column number c to the way the state array variable is to be held. - The first define below maps the state into an array x[c] whereas the - second form maps the state into a number of individual variables x0, - x1, etc. Another form could map individual state colums to machine - register names. -*/ - -#if defined(ARRAYS) -#define s(x,c) x[c] -#else -#define s(x,c) x##c -#endif - -/* 11. VARIABLE BLOCK SIZE SPEED - - This section is only relevant if you wish to use the variable block - length feature of the code. Include this section if you place more - emphasis on speed rather than code size. -*/ -#if 1 -#define FAST_VARIABLE -#endif - -/* 12. INTERNAL TABLE CONFIGURATION - - This cipher proceeds by repeating in a number of cycles known as 'rounds' - which are implemented by a round function which can optionally be speeded - up using tables. The basic tables are each 256 32-bit words, with either - one or four tables being required for each round function depending on - how much speed is required. The encryption and decryption round functions - are different and the last encryption and decrytpion round functions are - different again making four different round functions in all. - - This means that: - 1. Normal encryption and decryption rounds can each use either 0, 1 - or 4 tables and table spaces of 0, 1024 or 4096 bytes each. - 2. The last encryption and decryption rounds can also use either 0, 1 - or 4 tables and table spaces of 0, 1024 or 4096 bytes each. - - Include or exclude the appropriate definitions below to set the number - of tables used by this implementation. -*/ - -#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO) /* set tables for the normal encryption round */ -#define ENC_ROUND FOUR_TABLES -#elif 0 -#define ENC_ROUND ONE_TABLE -#else -#define ENC_ROUND NO_TABLES -#endif - -#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO) /* set tables for the last encryption round */ -#define LAST_ENC_ROUND FOUR_TABLES -#elif 0 -#define LAST_ENC_ROUND ONE_TABLE -#else -#define LAST_ENC_ROUND NO_TABLES -#endif - -#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO) /* set tables for the normal decryption round */ -#define DEC_ROUND FOUR_TABLES -#elif 0 -#define DEC_ROUND ONE_TABLE -#else -#define DEC_ROUND NO_TABLES -#endif - -#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO) /* set tables for the last decryption round */ -#define LAST_DEC_ROUND FOUR_TABLES -#elif 0 -#define LAST_DEC_ROUND ONE_TABLE -#else -#define LAST_DEC_ROUND NO_TABLES -#endif - -/* The decryption key schedule can be speeded up with tables in the same - way that the round functions can. Include or exclude the following - defines to set this requirement. -*/ -#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO) -#define KEY_SCHED FOUR_TABLES -#elif 0 -#define KEY_SCHED ONE_TABLE -#else -#define KEY_SCHED NO_TABLES -#endif - -/* END OF CONFIGURATION OPTIONS */ - -#define NO_TABLES 0 /* DO NOT CHANGE */ -#define ONE_TABLE 1 /* DO NOT CHANGE */ -#define FOUR_TABLES 4 /* DO NOT CHANGE */ -#define NONE 0 /* DO NOT CHANGE */ -#define PARTIAL 1 /* DO NOT CHANGE */ -#define FULL 2 /* DO NOT CHANGE */ - -#if defined(BLOCK_SIZE) && ((BLOCK_SIZE & 3) || BLOCK_SIZE < 16 || BLOCK_SIZE > 32) -#error An illegal block size has been specified. -#endif - -#if !defined(BLOCK_SIZE) -#define RC_LENGTH 29 -#else -#define RC_LENGTH 5 * BLOCK_SIZE / 4 - (BLOCK_SIZE == 16 ? 10 : 11) -#endif - -/* Disable at least some poor combinations of options */ - -#if ENC_ROUND == NO_TABLES && LAST_ENC_ROUND != NO_TABLES -#undef LAST_ENC_ROUND -#define LAST_ENC_ROUND NO_TABLES -#elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES -#undef LAST_ENC_ROUND -#define LAST_ENC_ROUND ONE_TABLE -#endif - -#if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE -#undef ENC_UNROLL -#define ENC_UNROLL NONE -#endif - -#if DEC_ROUND == NO_TABLES && LAST_DEC_ROUND != NO_TABLES -#undef LAST_DEC_ROUND -#define LAST_DEC_ROUND NO_TABLES -#elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES -#undef LAST_DEC_ROUND -#define LAST_DEC_ROUND ONE_TABLE -#endif - -#if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE -#undef DEC_UNROLL -#define DEC_UNROLL NONE -#endif - -#include "aes.h" - - /* - upr(x,n): rotates bytes within words by n positions, moving bytes to - higher index positions with wrap around into low positions - ups(x,n): moves bytes by n positions to higher index positions in - words but without wrap around - bval(x,n): extracts a byte from a word - */ - -#if (INTERNAL_BYTE_ORDER == AES_LITTLE_ENDIAN) -#if defined(_MSC_VER) -#define upr(x,n) _lrotl((x), 8 * (n)) -#else -#define upr(x,n) (((x) << (8 * (n))) | ((x) >> (32 - 8 * (n)))) -#endif -#define ups(x,n) ((x) << (8 * (n))) -#define bval(x,n) ((uint8_t)((x) >> (8 * (n)))) -#define bytes2word(b0, b1, b2, b3) \ - (((uint32_t)(b3) << 24) | ((uint32_t)(b2) << 16) | ((uint32_t)(b1) << 8) | (b0)) -#endif - -#if (INTERNAL_BYTE_ORDER == AES_BIG_ENDIAN) -#define upr(x,n) (((x) >> (8 * (n))) | ((x) << (32 - 8 * (n)))) -#define ups(x,n) ((x) >> (8 * (n)))) -#define bval(x,n) ((uint8_t)((x) >> (24 - 8 * (n)))) -#define bytes2word(b0, b1, b2, b3) \ - (((uint32_t)(b0) << 24) | ((uint32_t)(b1) << 16) | ((uint32_t)(b2) << 8) | (b3)) -#endif - -#if defined(SAFE_IO) - -#define word_in(x) bytes2word((x)[0], (x)[1], (x)[2], (x)[3]) -#define word_out(x,v) { (x)[0] = bval(v,0); (x)[1] = bval(v,1); \ - (x)[2] = bval(v,2); (x)[3] = bval(v,3); } - -#elif (INTERNAL_BYTE_ORDER == PLATFORM_BYTE_ORDER) - -#define word_in(x) *(uint32_t*)(x) -#define word_out(x,v) *(uint32_t*)(x) = (v) - -#else - -#if !defined(bswap_32) -#if !defined(_MSC_VER) -#define _lrotl(x,n) (((x) << n) | ((x) >> (32 - n))) -#endif -#define bswap_32(x) ((_lrotl((x),8) & 0x00ff00ff) | (_lrotl((x),24) & 0xff00ff00)) -#endif - -#define word_in(x) bswap_32(*(uint32_t*)(x)) -#define word_out(x,v) *(uint32_t*)(x) = bswap_32(v) - -#endif - -/* the finite field modular polynomial and elements */ - -#define WPOLY 0x011b -#define BPOLY 0x1b - -/* multiply four bytes in GF(2^8) by 'x' {02} in parallel */ - -#define m1 0x80808080 -#define m2 0x7f7f7f7f -#define FFmulX(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * BPOLY)) - -/* The following defines provide alternative definitions of FFmulX that might - give improved performance if a fast 32-bit multiply is not available. Note - that a temporary variable u needs to be defined where FFmulX is used. - -#define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) -#define m4 (0x01010101 * BPOLY) -#define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) -*/ - -/* Work out which tables are needed for the different options */ - -#ifdef AES_ASM -#ifdef ENC_ROUND -#undef ENC_ROUND -#endif -#define ENC_ROUND FOUR_TABLES -#ifdef LAST_ENC_ROUND -#undef LAST_ENC_ROUND -#endif -#define LAST_ENC_ROUND FOUR_TABLES -#ifdef DEC_ROUND -#undef DEC_ROUND -#endif -#define DEC_ROUND FOUR_TABLES -#ifdef LAST_DEC_ROUND -#undef LAST_DEC_ROUND -#endif -#define LAST_DEC_ROUND FOUR_TABLES -#ifdef KEY_SCHED -#undef KEY_SCHED -#define KEY_SCHED FOUR_TABLES -#endif -#endif - -#if defined(ENCRYPTION) || defined(AES_ASM) -#if ENC_ROUND == ONE_TABLE -#define FT1_SET -#elif ENC_ROUND == FOUR_TABLES -#define FT4_SET -#else -#define SBX_SET -#endif -#if LAST_ENC_ROUND == ONE_TABLE -#define FL1_SET -#elif LAST_ENC_ROUND == FOUR_TABLES -#define FL4_SET -#elif !defined(SBX_SET) -#define SBX_SET -#endif -#endif - -#if defined(DECRYPTION) || defined(AES_ASM) -#if DEC_ROUND == ONE_TABLE -#define IT1_SET -#elif DEC_ROUND == FOUR_TABLES -#define IT4_SET -#else -#define ISB_SET -#endif -#if LAST_DEC_ROUND == ONE_TABLE -#define IL1_SET -#elif LAST_DEC_ROUND == FOUR_TABLES -#define IL4_SET -#elif !defined(ISB_SET) -#define ISB_SET -#endif -#endif - -#if defined(ENCRYPTION_KEY_SCHEDULE) || defined(DECRYPTION_KEY_SCHEDULE) -#if KEY_SCHED == ONE_TABLE -#define LS1_SET -#define IM1_SET -#elif KEY_SCHED == FOUR_TABLES -#define LS4_SET -#define IM4_SET -#elif !defined(SBX_SET) -#define SBX_SET -#endif -#endif - -#ifdef FIXED_TABLES -#define prefx extern const -#else -#define prefx extern -extern uint8_t tab_init; -void gen_tabs(void); -#endif - -prefx uint32_t rcon_tab[0]; - -#ifdef SBX_SET -prefx uint8_t s_box[256]; -#endif - -#ifdef ISB_SET -prefx uint8_t inv_s_box[256]; -#endif - -#ifdef FT1_SET -prefx uint32_t ft_tab[256]; -#endif - -#ifdef FT4_SET -prefx uint32_t ft_tab[4][256]; -#endif - -#ifdef FL1_SET -prefx uint32_t fl_tab[256]; -#endif - -#ifdef FL4_SET -prefx uint32_t fl_tab[4][256]; -#endif - -#ifdef IT1_SET -prefx uint32_t it_tab[256]; -#endif - -#ifdef IT4_SET -prefx uint32_t it_tab[4][256]; -#endif - -#ifdef IL1_SET -prefx uint32_t il_tab[256]; -#endif - -#ifdef IL4_SET -prefx uint32_t il_tab[4][256]; -#endif - -#ifdef LS1_SET -#ifdef FL1_SET -#undef LS1_SET -#else -prefx uint32_t ls_tab[256]; -#endif -#endif - -#ifdef LS4_SET -#ifdef FL4_SET -#undef LS4_SET -#else -prefx uint32_t ls_tab[4][256]; -#endif -#endif - -#ifdef IM1_SET -prefx uint32_t im_tab[256]; -#endif - -#ifdef IM4_SET -prefx uint32_t im_tab[4][256]; -#endif - -/* Set the number of columns in nc. Note that it is important */ -/* that nc is a constant which is known at compile time if the */ -/* highest speed version of the code is needed */ - -#if defined(BLOCK_SIZE) -#define nc (BLOCK_SIZE >> 2) -#else -#define nc (cx->n_blk >> 2) -#endif - -/* generic definitions of Rijndael macros that use of tables */ - -#define no_table(x,box,vf,rf,c) bytes2word( \ - box[bval(vf(x,0,c),rf(0,c))], \ - box[bval(vf(x,1,c),rf(1,c))], \ - box[bval(vf(x,2,c),rf(2,c))], \ - box[bval(vf(x,3,c),rf(3,c))]) - -#define one_table(x,op,tab,vf,rf,c) \ - ( tab[bval(vf(x,0,c),rf(0,c))] \ - ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \ - ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \ - ^ op(tab[bval(vf(x,3,c),rf(3,c))],3)) - -#define four_tables(x,tab,vf,rf,c) \ - ( tab[0][bval(vf(x,0,c),rf(0,c))] \ - ^ tab[1][bval(vf(x,1,c),rf(1,c))] \ - ^ tab[2][bval(vf(x,2,c),rf(2,c))] \ - ^ tab[3][bval(vf(x,3,c),rf(3,c))]) - -#define vf1(x,r,c) (x) -#define rf1(r,c) (r) -#define rf2(r,c) ((r-c)&3) - -/* perform forward and inverse column mix operation on four bytes in long word x in */ -/* parallel. NOTE: x must be a simple variable, NOT an expression in these macros. */ - -#define dec_fmvars -#if defined(FM4_SET) /* not currently used */ -#define fwd_mcol(x) four_tables(x,fm_tab,vf1,rf1,0) -#elif defined(FM1_SET) /* not currently used */ -#define fwd_mcol(x) one_table(x,upr,fm_tab,vf1,rf1,0) -#else -#undef dec_fmvars -#define dec_fmvars uint32_t f1, f2; -#define fwd_mcol(x) (f1 = (x), f2 = FFmulX(f1), f2 ^ upr(f1 ^ f2, 3) ^ upr(f1, 2) ^ upr(f1, 1)) -#endif - -#define dec_imvars -#if defined(IM4_SET) -#define inv_mcol(x) four_tables(x,im_tab,vf1,rf1,0) -#elif defined(IM1_SET) -#define inv_mcol(x) one_table(x,upr,im_tab,vf1,rf1,0) -#else -#undef dec_imvars -#define dec_imvars uint32_t f2, f4, f8, f9; -#define inv_mcol(x) \ - (f9 = (x), f2 = FFmulX(f9), f4 = FFmulX(f2), f8 = FFmulX(f4), f9 ^= f8, \ - f2 ^= f4 ^ f8 ^ upr(f2 ^ f9,3) ^ upr(f4 ^ f9,2) ^ upr(f9,1)) -#endif - -#if defined(FL4_SET) -#define ls_box(x,c) four_tables(x,fl_tab,vf1,rf2,c) -#elif defined(LS4_SET) -#define ls_box(x,c) four_tables(x,ls_tab,vf1,rf2,c) -#elif defined(FL1_SET) -#define ls_box(x,c) one_table(x,upr,fl_tab,vf1,rf2,c) -#elif defined(LS1_SET) -#define ls_box(x,c) one_table(x,upr,ls_tab,vf1,rf2,c) -#else -#define ls_box(x,c) no_table(x,s_box,vf1,rf2,c) -#endif - -#endif diff --git a/src/lib/crypto/openssl/aes/aestab.c b/src/lib/crypto/openssl/aes/aestab.c deleted file mode 100644 index 6fde740ddb..0000000000 --- a/src/lib/crypto/openssl/aes/aestab.c +++ /dev/null @@ -1,6 +0,0 @@ -/* lib/crypto/openssl/aes/aestab.c - */ - -#include "aesopt.h" -const uint32_t rcon_tab[0]={}; - diff --git a/src/lib/crypto/openssl/aes/deps b/src/lib/crypto/openssl/aes/deps index eac0a5c1ca..3503d1c23c 100644 --- a/src/lib/crypto/openssl/aes/deps +++ b/src/lib/crypto/openssl/aes/deps @@ -1,16 +1,6 @@ # # Generated makefile dependencies follow. # -aescrypt.so aescrypt.po $(OUTPRE)aescrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/aes.h \ - $(srcdir)/aescrypt.c $(srcdir)/aesopt.h \ - $(srcdir)/uitypes.h -aestab.so aestab.po $(OUTPRE)aestab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/aes.h $(srcdir)/aesopt.h \ - $(srcdir)/aestab.c $(srcdir)/uitypes.h -aeskey.so aeskey.po $(OUTPRE)aeskey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/aes.h $(srcdir)/aeskey.c \ - $(srcdir)/aesopt.h $(srcdir)/uitypes.h aes_s2k.so aes_s2k.po $(OUTPRE)aes_s2k.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ diff --git a/src/lib/crypto/openssl/aes/uitypes.h b/src/lib/crypto/openssl/aes/uitypes.h deleted file mode 100644 index 3a72921834..0000000000 --- a/src/lib/crypto/openssl/aes/uitypes.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - ------------------------------------------------------------------------- - Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. - All rights reserved. - - LICENSE TERMS - - The free distribution and use of this software in both source and binary - form is allowed (with or without changes) provided that: - - 1. distributions of this source code include the above copyright - notice, this list of conditions and the following disclaimer; - - 2. distributions in binary form include the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other associated materials; - - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness - and fitness for purpose. - ------------------------------------------------------------------------- - Issue Date: 01/02/2002 - - This file contains code to obtain or set the definitions for fixed length - unsigned integer types. -*/ - -#ifndef _UITYPES_H -#define _UITYPES_H - -#include "autoconf.h" - -#if defined(__GNU_LIBRARY__) -#define HAS_INTTYPES_H -#elif !defined(_MSC_VER) -#include -#if ULONG_MAX > 0xFFFFFFFFUL - #define MODEL_64 -#else - #define MODEL_32 -#endif -#endif - -#if defined HAS_INTTYPES_H || defined HAVE_INTTYPES_H -#include -#define s_u32 u -#define s_u64 ull -#elif defined MODEL_32 -typedef unsigned char uint8_t; -typedef unsigned short int uint16_t; -typedef unsigned int uint32_t; -typedef unsigned long long int uint64_t; -#define s_u32 u -#define s_u64 ull -#elif defined MODEL_64 -typedef unsigned char uint8_t; -typedef unsigned short int uint16_t; -typedef unsigned int uint32_t; -typedef unsigned long int uint64_t; -#define s_u32 u -#define s_u64 ul -#elif defined(_MSC_VER) -typedef unsigned __int8 uint8_t; -typedef unsigned __int16 uint16_t; -typedef unsigned __int32 uint32_t; -typedef unsigned __int64 uint64_t; -#define s_u32 ui32 -#define s_u64 ui64 -#else -#error You need to define fixed length types in uitypes.h -#endif - -#define sfx_lo(x,y) x##y -#define sfx_hi(x,y) sfx_lo(x,y) -#define x_32(p) sfx_hi(0x##p,s_u32) -#define x_64(p) sfx_hi(0x##p,s_u64) - -#endif diff --git a/src/lib/crypto/openssl/arcfour/arcfour_aead.c b/src/lib/crypto/openssl/arcfour/arcfour_aead.c index c01fc001b9..da8261f02a 100644 --- a/src/lib/crypto/openssl/arcfour/arcfour_aead.c +++ b/src/lib/crypto/openssl/arcfour/arcfour_aead.c @@ -1,7 +1,7 @@ /* * lib/crypto/arcfour/arcfour_aead.c * - * Copyright 2008 by the Massachusetts Institute of Technology. + * Copyright 2008, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may diff --git a/src/lib/crypto/openssl/des/Makefile.in b/src/lib/crypto/openssl/des/Makefile.in index 46dba22698..4e8859836b 100644 --- a/src/lib/crypto/openssl/des/Makefile.in +++ b/src/lib/crypto/openssl/des/Makefile.in @@ -14,54 +14,24 @@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) -STLIBOBJS=\ - afsstring2key.o \ - d3_cbc.o \ - d3_aead.o \ - d3_kysched.o \ - f_aead.o \ - f_cbc.o \ - f_cksum.o \ +STLIBOBJS= des_oldapis.o \ f_parity.o \ - f_sched.o \ - key_sched.o \ string2key.o \ weak_key.o -OBJS= $(OUTPRE)afsstring2key.$(OBJEXT) \ - $(OUTPRE)d3_cbc.$(OBJEXT) \ - $(OUTPRE)d3_aead.$(OBJEXT) \ - $(OUTPRE)d3_kysched.$(OBJEXT) \ - $(OUTPRE)f_aead.$(OBJEXT) \ - $(OUTPRE)f_cbc.$(OBJEXT) \ - $(OUTPRE)f_cksum.$(OBJEXT) \ - $(OUTPRE)f_parity.$(OBJEXT) \ - $(OUTPRE)f_sched.$(OBJEXT) \ - $(OUTPRE)key_sched.$(OBJEXT) \ +OBJS= $(OUTPRE)f_parity.$(OBJEXT) \ + $(OUTPRE)des_oldapis.$(OBJEXT) \ $(OUTPRE)string2key.$(OBJEXT) \ $(OUTPRE)weak_key.$(OBJEXT) -SRCS= $(srcdir)/afsstring2key.c \ - $(srcdir)/d3_cbc.c \ - $(srcdir)/d3_aead.c \ - $(srcdir)/d3_kysched.c \ - $(srcdir)/f_aead.c \ - $(srcdir)/f_cbc.c \ - $(srcdir)/f_cksum.c \ - $(srcdir)/f_parity.c \ - $(srcdir)/f_sched.c \ - $(srcdir)/key_sched.c \ +SRCS= $(srcdir)/f_parity.c \ + $(srcdir)/des_oldapis.c \ $(srcdir)/weak_key.c \ $(srcdir)/string2key.c ##DOS##LIBOBJS = $(OBJS) -TOBJS = $(OUTPRE)key_sched.$(OBJEXT) $(OUTPRE)f_sched.$(OBJEXT) \ - $(OUTPRE)f_cbc.$(OBJEXT) \ - $(OUTPRE)f_cksum.$(OBJEXT) - - all-unix:: all-libobjs check-unix:: diff --git a/src/lib/crypto/openssl/des/afsstring2key.c b/src/lib/crypto/openssl/des/afsstring2key.c deleted file mode 100644 index 031db5845f..0000000000 --- a/src/lib/crypto/openssl/des/afsstring2key.c +++ /dev/null @@ -1,27 +0,0 @@ -/* lib/crypto/openss/des/afsstring2key.c - * - * Copyright 2009 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - */ - -#include "k5-int.h" -#include "des_int.h" -#include - -krb5_error_code -mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data, - const krb5_data *salt) -{ - return KRB5_CRYPTO_INTERNAL; -} -char * -mit_afs_crypt(const char *pw, const char *salt, - char *iobuf) -{ - /* Unsupported operation */ - return NULL; -} - - diff --git a/src/lib/crypto/openssl/des/d3_aead.c b/src/lib/crypto/openssl/des/d3_aead.c deleted file mode 100644 index cd99886116..0000000000 --- a/src/lib/crypto/openssl/des/d3_aead.c +++ /dev/null @@ -1,34 +0,0 @@ -/* lib/crypto/openssl/des/d3_aead.c - * - * Copyright 2009 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - */ -#include "des_int.h" -#include "aead.h" - -void -krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data, - unsigned long num_data, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - mit_des_cblock ivec) -{ - /* Unsupported operation */ - abort(); -} - -void -krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data, - unsigned long num_data, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - mit_des_cblock ivec) -{ - /* Unsupported operation */ - abort(); -} - diff --git a/src/lib/crypto/openssl/des/d3_cbc.c b/src/lib/crypto/openssl/des/d3_cbc.c deleted file mode 100644 index 98caab5039..0000000000 --- a/src/lib/crypto/openssl/des/d3_cbc.c +++ /dev/null @@ -1,51 +0,0 @@ -/* lib/crypto/openssl/des/d3_cbc.c - * - * Copyright 2009 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - */ -#include "des_int.h" - -/* - * Triple-DES CBC encryption mode. - */ - -#undef mit_des3_cbc_encrypt -int -mit_des3_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, - unsigned long length, const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - const mit_des_cblock ivec, int enc) -{ - /* Unsupported operation */ - return KRB5_CRYPTO_INTERNAL; -} - -void -krb5int_des3_cbc_encrypt(const mit_des_cblock *input, - mit_des_cblock *output, - unsigned long length, - const mit_des_key_schedule key, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - const mit_des_cblock ivec) -{ - /* Unsupported operation */ - abort(); -} - -void -krb5int_des3_cbc_decrypt(const mit_des_cblock *in, - mit_des_cblock *out, - unsigned long length, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - const mit_des_cblock ivec) -{ - /* Unsupported operation */ - abort(); -} - diff --git a/src/lib/crypto/openssl/des/d3_kysched.c b/src/lib/crypto/openssl/des/d3_kysched.c deleted file mode 100644 index fb42e792f9..0000000000 --- a/src/lib/crypto/openssl/des/d3_kysched.c +++ /dev/null @@ -1,18 +0,0 @@ -/* lib/crypto/openssl/des/d3_kysched.c - * - * Copyright 2009 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - */ - -#include "des_int.h" - -int -mit_des3_key_sched(mit_des3_cblock k, mit_des3_key_schedule schedule) -{ - /* Unsupported operation */ - return KRB5_CRYPTO_INTERNAL; -} - - diff --git a/src/lib/crypto/openssl/des/deps b/src/lib/crypto/openssl/des/deps index 45bda5ce80..bf83f0134d 100644 --- a/src/lib/crypto/openssl/des/deps +++ b/src/lib/crypto/openssl/des/deps @@ -1,85 +1,6 @@ # # Generated makefile dependencies follow. # -afsstring2key.so afsstring2key.po $(OUTPRE)afsstring2key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/afsstring2key.c $(srcdir)/des_int.h -d3_cbc.so d3_cbc.po $(OUTPRE)d3_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/d3_cbc.c \ - $(srcdir)/des_int.h -d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/d3_aead.c \ - $(srcdir)/des_int.h \ - $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h -d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/d3_kysched.c $(srcdir)/des_int.h -f_aead.so f_aead.po $(OUTPRE)f_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/des_int.h \ - $(srcdir)/f_aead.c \ - $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h -f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/des_int.h \ - $(srcdir)/f_cbc.c -f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/des_int.h \ - $(srcdir)/f_cksum.c f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -91,7 +12,7 @@ f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(srcdir)/des_int.h $(srcdir)/f_parity.c -f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +des_oldapis.so des_oldapis.po $(OUTPRE)des_oldapis.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ @@ -101,18 +22,7 @@ f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(srcdir)/des_int.h \ - $(srcdir)/f_sched.c -key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/des_int.h $(srcdir)/key_sched.c + $(srcdir)/des_oldapis.c weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -135,13 +45,3 @@ string2key.so string2key.po $(OUTPRE)string2key.$(OBJEXT): \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(srcdir)/des_int.h $(srcdir)/string2key.c -destest.so destest.po $(OUTPRE)destest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h des_int.h destest.c diff --git a/src/lib/crypto/openssl/des/des_int.h b/src/lib/crypto/openssl/des/des_int.h index fd2024a454..67d776053a 100644 --- a/src/lib/crypto/openssl/des/des_int.h +++ b/src/lib/crypto/openssl/des/des_int.h @@ -1,7 +1,7 @@ /* * lib/crypto/des/des_int.h * - * Copyright 1987, 1988, 1990, 2002 by the Massachusetts Institute of + * Copyright 1987, 1988, 1990, 2002, 2009 by the Massachusetts Institute of * Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -153,65 +153,13 @@ error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) * End "mit-des.h" */ -/* afsstring2key.c */ -extern krb5_error_code mit_afs_string_to_key - (krb5_keyblock *keyblock, - const krb5_data *data, - const krb5_data *salt); -extern char *mit_afs_crypt - (const char *pw, const char *salt, char *iobuf); - -/* f_cksum.c */ -extern unsigned long mit_des_cbc_cksum - (const krb5_octet *, krb5_octet *, unsigned long , - const mit_des_key_schedule, const krb5_octet *); - -/* f_ecb.c */ -extern int mit_des_ecb_encrypt - (const mit_des_cblock *, mit_des_cblock *, mit_des_key_schedule , int ); - -/* f_cbc.c */ -extern int mit_des_cbc_encrypt (const mit_des_cblock *in, - mit_des_cblock *out, - unsigned long length, - const mit_des_key_schedule schedule, - const mit_des_cblock ivec, int enc); - #define mit_des_zeroblock krb5int_c_mit_des_zeroblock extern const mit_des_cblock mit_des_zeroblock; -/* fin_rndkey.c */ -extern krb5_error_code mit_des_finish_random_key - ( const krb5_encrypt_block *, - krb5_pointer *); - -/* finish_key.c */ -extern krb5_error_code mit_des_finish_key - ( krb5_encrypt_block *); - -/* init_rkey.c */ -extern krb5_error_code mit_des_init_random_key - ( const krb5_encrypt_block *, - const krb5_keyblock *, - krb5_pointer *); - /* key_parity.c */ extern void mit_des_fixup_key_parity (mit_des_cblock ); extern int mit_des_check_key_parity (mit_des_cblock ); -/* key_sched.c */ -extern int mit_des_key_sched - (mit_des_cblock , mit_des_key_schedule ); - -/* process_ky.c */ -extern krb5_error_code mit_des_process_key - ( krb5_encrypt_block *, const krb5_keyblock *); - -/* random_key.c */ -extern krb5_error_code mit_des_random_key - ( const krb5_encrypt_block *, krb5_pointer , - krb5_keyblock **); - /* string2key.c */ extern krb5_error_code mit_des_string_to_key ( const krb5_encrypt_block *, @@ -222,18 +170,6 @@ extern krb5_error_code mit_des_string_to_key_int /* weak_key.c */ extern int mit_des_is_weak_key (mit_des_cblock ); -/* cmb_keys.c */ -krb5_error_code mit_des_combine_subkeys - (const krb5_keyblock *, const krb5_keyblock *, - krb5_keyblock **); - -/* f_pcbc.c */ -int mit_des_pcbc_encrypt (); - -/* f_sched.c */ -int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule); - - /* misc.c */ extern void swap_bits (char *); extern unsigned long long_swap_bits (unsigned long ); @@ -249,129 +185,4 @@ extern unsigned long swap_long_bytes_bit_number (unsigned long ); /* XXX depends on FILE being a #define! */ extern void test_set (FILE *, const char *, int, const char *, int); #endif - -/* d3_ecb.c */ -extern int mit_des3_ecb_encrypt - (const mit_des_cblock *in, - mit_des_cblock *out, - mit_des_key_schedule sched1, - mit_des_key_schedule sched2, - mit_des_key_schedule sched3, - int enc); - -/* d3_cbc.c */ -extern int mit_des3_cbc_encrypt - (const mit_des_cblock *in, - mit_des_cblock *out, - unsigned long length, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - const mit_des_cblock ivec, - int enc); - -void -krb5int_des3_cbc_encrypt(const mit_des_cblock *in, - mit_des_cblock *out, - unsigned long length, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - const mit_des_cblock ivec); -void -krb5int_des3_cbc_decrypt(const mit_des_cblock *in, - mit_des_cblock *out, - unsigned long length, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - const mit_des_cblock ivec); - -void -krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data, - unsigned long num_data, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - mit_des_cblock ivec); - -void -krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data, - unsigned long num_data, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - mit_des_cblock ivec); - -#define mit_des3_cbc_encrypt(in,out,length,ks1,ks2,ks3,ivec,enc) \ - ((enc ? krb5int_des3_cbc_encrypt : krb5int_des3_cbc_decrypt) \ - (in, out, length, ks1, ks2, ks3, ivec), 0) - -void -krb5int_des_cbc_encrypt(const mit_des_cblock *in, - mit_des_cblock *out, - unsigned long length, - const mit_des_key_schedule schedule, - const mit_des_cblock ivec); -void -krb5int_des_cbc_decrypt(const mit_des_cblock *in, - mit_des_cblock *out, - unsigned long length, - const mit_des_key_schedule schedule, - const mit_des_cblock ivec); - -#define mit_des_cbc_encrypt(in,out,length,schedule,ivec,enc) \ - ((enc ? krb5int_des_cbc_encrypt : krb5int_des_cbc_decrypt) \ - (in, out, length, schedule, ivec), 0) - -void -krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data, - unsigned long num_data, - const mit_des_key_schedule schedule, - mit_des_cblock ivec); - -void -krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data, - unsigned long num_data, - const mit_des_key_schedule schedule, - mit_des_cblock ivec); - -/* d3_procky.c */ -extern krb5_error_code mit_des3_process_key - (krb5_encrypt_block * eblock, - const krb5_keyblock * keyblock); - -/* d3_kysched.c */ -extern int mit_des3_key_sched - (mit_des3_cblock key, - mit_des3_key_schedule schedule); - -/* d3_str2ky.c */ -extern krb5_error_code mit_des3_string_to_key - (const krb5_encrypt_block * eblock, - krb5_keyblock * keyblock, - const krb5_data * data, - const krb5_data * salt); - -/* u_nfold.c */ -extern krb5_error_code mit_des_n_fold - (const krb5_octet * input, - const size_t in_len, - krb5_octet * output, - const size_t out_len); - -/* u_rn_key.c */ -extern int mit_des_is_weak_keyblock - (krb5_keyblock *keyblock); - -extern void mit_des_fixup_keyblock_parity - (krb5_keyblock *keyblock); - -extern krb5_error_code mit_des_set_random_generator_seed - (const krb5_data * seed, - krb5_pointer random_state); - -extern krb5_error_code mit_des_set_random_sequence_number - (const krb5_data * sequence, - krb5_pointer random_state); #endif /*DES_INTERNAL_DEFS*/ diff --git a/src/lib/crypto/openssl/des/des_oldapis.c b/src/lib/crypto/openssl/des/des_oldapis.c new file mode 100644 index 0000000000..b08a6d004f --- /dev/null +++ b/src/lib/crypto/openssl/des/des_oldapis.c @@ -0,0 +1,56 @@ +/* + * lib/crypto/openssl/des/des_oldapis.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +#include "k5-int.h" +#include "des_int.h" +#include + +const mit_des_cblock mit_des_zeroblock /* = all zero */; + +unsigned long +mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out, + unsigned long length, const mit_des_key_schedule schedule, + const krb5_octet *ivec) +{ + /* Unsupported operation */ + return KRB5_CRYPTO_INTERNAL; +} + +krb5_error_code +mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data, + const krb5_data *salt) +{ + return KRB5_CRYPTO_INTERNAL; +} + +int +mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule) +{ + /* Unsupported operation */ + return KRB5_CRYPTO_INTERNAL; +} + diff --git a/src/lib/crypto/openssl/des/f_aead.c b/src/lib/crypto/openssl/des/f_aead.c deleted file mode 100644 index 2046475901..0000000000 --- a/src/lib/crypto/openssl/des/f_aead.c +++ /dev/null @@ -1,33 +0,0 @@ -/* lib/crypto/openssl/des/f_aead.c - * - * Copyright 2009 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - */ - -#include "des_int.h" -#include "aead.h" - - -void -krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data, - unsigned long num_data, - const mit_des_key_schedule schedule, - mit_des_cblock ivec) -{ - /* Unsupported operation */ - abort(); -} - -void -krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data, - unsigned long num_data, - const mit_des_key_schedule schedule, - mit_des_cblock iv) -{ - /* Unsupported operation */ - abort(); -} - - diff --git a/src/lib/crypto/openssl/des/f_cbc.c b/src/lib/crypto/openssl/des/f_cbc.c deleted file mode 100644 index 55b648fc13..0000000000 --- a/src/lib/crypto/openssl/des/f_cbc.c +++ /dev/null @@ -1,89 +0,0 @@ -/* - * lib/crypto/openssldes/f_cbc.c - * - * Copyright (C) 1990 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * DES implementation donated by Dennis Ferguson - */ - -/* - * des_cbc_encrypt.c - an implementation of the DES cipher function in cbc mode - */ -#include "des_int.h" - -/* - * des_cbc_encrypt - {en,de}crypt a stream in CBC mode - */ - -/* - * This routine performs DES cipher-block-chaining operation, either - * encrypting from cleartext to ciphertext, if encrypt != 0 or - * decrypting from ciphertext to cleartext, if encrypt == 0. - * - * The key schedule is passed as an arg, as well as the cleartext or - * ciphertext. The cleartext and ciphertext should be in host order. - * - * NOTE-- the output is ALWAYS an multiple of 8 bytes long. If not - * enough space was provided, your program will get trashed. - * - * For encryption, the cleartext string is null padded, at the end, to - * an integral multiple of eight bytes. - * - * For decryption, the ciphertext will be used in integral multiples - * of 8 bytes, but only the first "length" bytes returned into the - * cleartext. - */ - -const mit_des_cblock mit_des_zeroblock /* = all zero */; - -#undef mit_des_cbc_encrypt -int -mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, - unsigned long length, const mit_des_key_schedule schedule, - const mit_des_cblock ivec, int enc) -{ - /* Unsupported operation */ - return KRB5_CRYPTO_INTERNAL; -} -void -krb5int_des_cbc_encrypt(const mit_des_cblock *in, - mit_des_cblock *out, - unsigned long length, - const mit_des_key_schedule schedule, - const mit_des_cblock ivec) -{ - /* Unsupported operation */ - abort(); -} - -void -krb5int_des_cbc_decrypt(const mit_des_cblock *in, - mit_des_cblock *out, - unsigned long length, - const mit_des_key_schedule schedule, - const mit_des_cblock ivec) -{ - /* Unsupported operation */ - abort(); -} - diff --git a/src/lib/crypto/openssl/des/f_cksum.c b/src/lib/crypto/openssl/des/f_cksum.c deleted file mode 100644 index c49c8fdb3f..0000000000 --- a/src/lib/crypto/openssl/des/f_cksum.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * lib/crypto/openssl/des/f_cksum.c - * - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - */ - -#include "des_int.h" - -unsigned long -mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out, - unsigned long length, const mit_des_key_schedule schedule, - const krb5_octet *ivec) -{ - /* Unsupported operation */ - return KRB5_CRYPTO_INTERNAL; -} - diff --git a/src/lib/crypto/openssl/des/f_parity.c b/src/lib/crypto/openssl/des/f_parity.c index 1a83db6ef5..ceb6a37c57 100644 --- a/src/lib/crypto/openssl/des/f_parity.c +++ b/src/lib/crypto/openssl/des/f_parity.c @@ -3,6 +3,25 @@ * * Copyright (C) 2009 by the Massachusetts Institute of Technology. * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. */ #include "des_int.h" diff --git a/src/lib/crypto/openssl/des/f_sched.c b/src/lib/crypto/openssl/des/f_sched.c deleted file mode 100644 index e833132bfe..0000000000 --- a/src/lib/crypto/openssl/des/f_sched.c +++ /dev/null @@ -1,15 +0,0 @@ -/* - * lib/crypto/openssl/des/f_sched.c - * - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - */ - -#include "des_int.h" - -int -mit_des_make_key_sched(mit_des_cblock key, mit_des_key_schedule schedule) -{ - return KRB5_CRYPTO_INTERNAL; // CRYPTO_UNSOPPERTED_OP -} - diff --git a/src/lib/crypto/openssl/des/key_sched.c b/src/lib/crypto/openssl/des/key_sched.c deleted file mode 100644 index 1007ec9615..0000000000 --- a/src/lib/crypto/openssl/des/key_sched.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * lib/crypto/openssl/des/key_sched.c - * - * Copyright 2009 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - */ - -#include "des_int.h" - -int -mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule) -{ - /* Unsupported operation */ - return KRB5_CRYPTO_INTERNAL; -} - diff --git a/src/lib/crypto/openssl/des/string2key.c b/src/lib/crypto/openssl/des/string2key.c index 775a15364e..008449a0fa 100644 --- a/src/lib/crypto/openssl/des/string2key.c +++ b/src/lib/crypto/openssl/des/string2key.c @@ -1,10 +1,27 @@ /* * lib/crypto/openssl/des/string2key.c * - * Copyright 2009 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. */ #include "des_int.h" diff --git a/src/lib/crypto/openssl/enc_provider/aes.c b/src/lib/crypto/openssl/enc_provider/aes.c index 76f81d41e1..21d71f8a3d 100644 --- a/src/lib/crypto/openssl/enc_provider/aes.c +++ b/src/lib/crypto/openssl/enc_provider/aes.c @@ -27,7 +27,6 @@ #include "k5-int.h" #include "enc_provider.h" #include "rand2key.h" -#include "aes.h" #include "aead.h" #include "hash_provider/hash_provider.h" #include @@ -54,6 +53,7 @@ static krb5_error_code cts_decr_iov(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data, size_t dlen); +#define BLOCK_SIZE 16 #define NUM_BITS 8 #define IV_CTS_BUF_SIZE 16 /* 16 - hardcoded in CRYPTO_cts128_en/decrypt */ @@ -73,26 +73,19 @@ cbc_enc(krb5_key key, const krb5_data *ivec, const krb5_data *input, krb5_data *output) { int ret = 0, tmp_len = 0; - unsigned char *key_buf = NULL; unsigned char *tmp_buf = NULL; EVP_CIPHER_CTX ciph_ctx; - key_buf = OPENSSL_malloc(key->keyblock.length); - if (!key_buf) - return ENOMEM; - tmp_len = input->length; tmp_buf = OPENSSL_malloc(input->length); if (!tmp_buf){ - OPENSSL_free(key_buf); return ENOMEM; } - memcpy(key_buf, key->keyblock.contents, key->keyblock.length); EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_EncryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length), - NULL, key_buf, (ivec) ? (unsigned char*)ivec->data : NULL); + NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL); if (ret == 1){ EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); @@ -112,9 +105,7 @@ cbc_enc(krb5_key key, const krb5_data *ivec, ret = KRB5_CRYPTO_INTERNAL; } - memset(key_buf, 0, key->keyblock.length); memset(tmp_buf, 0, input->length); - OPENSSL_free(key_buf); OPENSSL_free(tmp_buf); return ret; @@ -125,26 +116,19 @@ cbc_decr(krb5_key key, const krb5_data *ivec, const krb5_data *input, krb5_data *output) { int ret = 0, tmp_len = 0; - unsigned char *key_buf = NULL; unsigned char *tmp_buf = NULL; EVP_CIPHER_CTX ciph_ctx; - key_buf = OPENSSL_malloc(key->keyblock.length); - if (!key_buf) - return ENOMEM; - tmp_len = input->length; tmp_buf = OPENSSL_malloc(input->length); if (!tmp_buf){ - OPENSSL_free(key_buf); return ENOMEM; } - memcpy(key_buf, key->keyblock.contents, key->keyblock.length); EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_DecryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length), - NULL, key_buf, (ivec) ? (unsigned char*)ivec->data : NULL); + NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL); if (ret == 1) { EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len, @@ -164,9 +148,7 @@ cbc_decr(krb5_key key, const krb5_data *ivec, ret = KRB5_CRYPTO_INTERNAL; } - memset(key_buf, 0, key->keyblock.length); memset(tmp_buf, 0, input->length); - OPENSSL_free(key_buf); OPENSSL_free(tmp_buf); return ret; diff --git a/src/lib/crypto/openssl/enc_provider/deps b/src/lib/crypto/openssl/enc_provider/deps index 08954482b4..5ac919d11f 100644 --- a/src/lib/crypto/openssl/enc_provider/deps +++ b/src/lib/crypto/openssl/enc_provider/deps @@ -35,8 +35,8 @@ aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../aes/aes.h \ - $(srcdir)/../aes/uitypes.h $(srcdir)/aes.c \ + $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/aes.c \ $(srcdir)/enc_provider.h \ $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \ $(srcdir)/../../krb/rand2key/rand2key.h diff --git a/src/lib/crypto/openssl/enc_provider/des.c b/src/lib/crypto/openssl/enc_provider/des.c index a4208eefcb..208a0d16df 100644 --- a/src/lib/crypto/openssl/enc_provider/des.c +++ b/src/lib/crypto/openssl/enc_provider/des.c @@ -1,4 +1,52 @@ /* lib/crypto/openssl/enc_provider/des.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #include "k5-int.h" @@ -55,7 +103,6 @@ k5_des_encrypt(krb5_key key, const krb5_data *ivec, { int ret = 0, tmp_len = 0; unsigned int tmp_buf_len = 0; - unsigned char *keybuf = NULL; unsigned char *tmp_buf = NULL; EVP_CIPHER_CTX ciph_ctx; @@ -63,9 +110,6 @@ k5_des_encrypt(krb5_key key, const krb5_data *ivec, if (ret) return ret; - keybuf=key->keyblock.contents; - keybuf[key->keyblock.length] = '\0'; - tmp_buf_len = output->length*2; tmp_buf=OPENSSL_malloc(tmp_buf_len); if (!tmp_buf) @@ -74,7 +118,7 @@ k5_des_encrypt(krb5_key key, const krb5_data *ivec, EVP_CIPHER_CTX_init(&ciph_ctx); - ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, keybuf, + ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL); if (ret) { EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); @@ -108,7 +152,6 @@ k5_des_decrypt(krb5_key key, const krb5_data *ivec, { /* key->keyblock.enctype was checked by the caller */ int ret = 0, tmp_len = 0; - unsigned char *keybuf = NULL; unsigned char *tmp_buf; EVP_CIPHER_CTX ciph_ctx; @@ -116,8 +159,6 @@ k5_des_decrypt(krb5_key key, const krb5_data *ivec, if (ret) return ret; - keybuf=key->keyblock.contents; - keybuf[key->keyblock.length] = '\0'; tmp_buf=OPENSSL_malloc(output->length); if (!tmp_buf) @@ -126,7 +167,7 @@ k5_des_decrypt(krb5_key key, const krb5_data *ivec, EVP_CIPHER_CTX_init(&ciph_ctx); - ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, keybuf, + ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL); if (ret) { EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); @@ -160,7 +201,6 @@ k5_des_encrypt_iov(krb5_key key, int ret = 0, tmp_len = MIT_DES_BLOCK_LENGTH; int oblock_len = MIT_DES_BLOCK_LENGTH * num_data; unsigned char *iblock = NULL, *oblock = NULL; - unsigned char *keybuf = NULL ; struct iov_block_state input_pos, output_pos; EVP_CIPHER_CTX ciph_ctx; @@ -176,8 +216,6 @@ k5_des_encrypt_iov(krb5_key key, IOV_BLOCK_STATE_INIT(&input_pos); IOV_BLOCK_STATE_INIT(&output_pos); - keybuf=key->keyblock.contents; - keybuf[key->keyblock.length] = '\0'; ret = validate_iov(key, ivec, data, num_data); if (ret) @@ -188,7 +226,7 @@ k5_des_encrypt_iov(krb5_key key, EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, - keybuf, (ivec && ivec->data) ? (unsigned char*)ivec->data : NULL); + key->keyblock.contents, (ivec && ivec->data) ? (unsigned char*)ivec->data : NULL); if (!ret){ EVP_CIPHER_CTX_cleanup(&ciph_ctx); OPENSSL_free(iblock); @@ -238,7 +276,6 @@ k5_des_decrypt_iov(krb5_key key, int tmp_len = MIT_DES_BLOCK_LENGTH; int oblock_len = MIT_DES_BLOCK_LENGTH*num_data; unsigned char *iblock = NULL, *oblock = NULL; - unsigned char *keybuf = NULL; struct iov_block_state input_pos, output_pos; EVP_CIPHER_CTX ciph_ctx; @@ -254,9 +291,6 @@ k5_des_decrypt_iov(krb5_key key, IOV_BLOCK_STATE_INIT(&input_pos); IOV_BLOCK_STATE_INIT(&output_pos); - keybuf=key->keyblock.contents; - keybuf[key->keyblock.length] = '\0'; - ret = validate_iov(key, ivec, data, num_data); if (ret) return ret; @@ -266,7 +300,7 @@ k5_des_decrypt_iov(krb5_key key, EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, - keybuf, (ivec) ? (unsigned char*)ivec->data : NULL); + key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL); if (!ret){ EVP_CIPHER_CTX_cleanup(&ciph_ctx); OPENSSL_free(iblock); diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c index d2ea66df90..4d08bc4b1d 100644 --- a/src/lib/crypto/openssl/enc_provider/des3.c +++ b/src/lib/crypto/openssl/enc_provider/des3.c @@ -1,4 +1,51 @@ /* lib/crypto/openssl/enc_provider/des3.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #include "k5-int.h" @@ -56,7 +103,6 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec, { int ret = 0, tmp_len = 0; unsigned int tmp_buf_len = 0; - unsigned char *keybuf = NULL; unsigned char *tmp_buf = NULL; EVP_CIPHER_CTX ciph_ctx; @@ -64,9 +110,6 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec, if (ret) return ret; - keybuf=key->keyblock.contents; - keybuf[key->keyblock.length] = '\0'; - tmp_buf_len = output->length * 2; tmp_buf = OPENSSL_malloc(tmp_buf_len); if (!tmp_buf) @@ -74,7 +117,7 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec, EVP_CIPHER_CTX_init(&ciph_ctx); - ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, keybuf, + ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL); if (ret) { EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); @@ -109,7 +152,6 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec, { int ret = 0, tmp_len = 0; unsigned int tmp_buf_len = 0; - unsigned char *keybuf = NULL; unsigned char *tmp_buf = NULL; EVP_CIPHER_CTX ciph_ctx; @@ -117,8 +159,6 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec, if (ret) return ret; - keybuf=key->keyblock.contents; - keybuf[key->keyblock.length] = '\0'; tmp_buf_len = output->length; tmp_buf=OPENSSL_malloc(tmp_buf_len); @@ -127,7 +167,7 @@ k5_des3_decrypt(krb5_key key, const krb5_data *ivec, EVP_CIPHER_CTX_init(&ciph_ctx); - ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, keybuf, + ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data: NULL); if (ret) { EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); @@ -165,7 +205,6 @@ k5_des3_encrypt_iov(krb5_key key, int tmp_len = MIT_DES_BLOCK_LENGTH; int oblock_len = MIT_DES_BLOCK_LENGTH*num_data; unsigned char *iblock = NULL, *oblock = NULL; - unsigned char *keybuf = NULL; struct iov_block_state input_pos, output_pos; EVP_CIPHER_CTX ciph_ctx; @@ -185,15 +224,12 @@ k5_des3_encrypt_iov(krb5_key key, IOV_BLOCK_STATE_INIT(&input_pos); IOV_BLOCK_STATE_INIT(&output_pos); - keybuf=key->keyblock.contents; - keybuf[key->keyblock.length] = '\0'; - memset(oblock, 0, oblock_len); EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, - keybuf, (ivec) ? (unsigned char*)ivec->data : NULL); + key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL); if (!ret){ EVP_CIPHER_CTX_cleanup(&ciph_ctx); OPENSSL_free(iblock); @@ -248,7 +284,6 @@ k5_des3_decrypt_iov(krb5_key key, int tmp_len = MIT_DES_BLOCK_LENGTH; int oblock_len = MIT_DES_BLOCK_LENGTH * num_data; unsigned char *iblock = NULL, *oblock = NULL; - unsigned char *keybuf = NULL ; struct iov_block_state input_pos, output_pos; EVP_CIPHER_CTX ciph_ctx; @@ -268,15 +303,12 @@ k5_des3_decrypt_iov(krb5_key key, IOV_BLOCK_STATE_INIT(&input_pos); IOV_BLOCK_STATE_INIT(&output_pos); - keybuf=key->keyblock.contents; - keybuf[key->keyblock.length] = '\0'; - memset(oblock, 0, oblock_len); EVP_CIPHER_CTX_init(&ciph_ctx); ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, - keybuf, (ivec) ? (unsigned char*)ivec->data : NULL); + key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL); if (!ret){ EVP_CIPHER_CTX_cleanup(&ciph_ctx); OPENSSL_free(iblock); diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c index fd1c7238d6..42a3aea1c0 100644 --- a/src/lib/crypto/openssl/enc_provider/rc4.c +++ b/src/lib/crypto/openssl/enc_provider/rc4.c @@ -1,8 +1,39 @@ /* lib/crypto/openssl/enc_provider/rc4.c + * + * #include STD_DISCLAIMER + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* arcfour.c + * + * Copyright (c) 2000 by Computer Science Laboratory, + * Rensselaer Polytechnic Institute * * #include STD_DISCLAIMER */ + #include "k5-int.h" #include #include @@ -33,7 +64,6 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, const krb5_data *input, krb5_data *output) { int ret = 0, tmp_len = 0; - unsigned char *keybuf = NULL; unsigned char *tmp_buf = NULL; EVP_CIPHER_CTX ciph_ctx; @@ -43,12 +73,9 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, if (input->length != output->length) return(KRB5_BAD_MSIZE); - keybuf=key->keyblock.contents; - keybuf[key->keyblock.length] = '\0'; - EVP_CIPHER_CTX_init(&ciph_ctx); - ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_rc4(), NULL, keybuf, NULL); + ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_rc4(), NULL, key->keyblock.contents, NULL); if (ret) { tmp_buf=(unsigned char *)output->data; ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len, @@ -79,17 +106,14 @@ k5_arcfour_docrypt_iov(krb5_key key, { size_t i; int ret = 0, tmp_len = 0; - unsigned char *keybuf = NULL ; unsigned char *tmp_buf = NULL; krb5_crypto_iov *iov = NULL; EVP_CIPHER_CTX ciph_ctx; - keybuf=key->keyblock.contents; - keybuf[key->keyblock.length] = '\0'; EVP_CIPHER_CTX_init(&ciph_ctx); - ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_rc4(), NULL, keybuf, NULL); + ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_rc4(), NULL, key->keyblock.contents, NULL); if (!ret){ EVP_CIPHER_CTX_cleanup(&ciph_ctx); return KRB5_CRYPTO_INTERNAL; diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c index f0734b6cee..0f374d80f0 100644 --- a/src/lib/crypto/openssl/hmac.c +++ b/src/lib/crypto/openssl/hmac.c @@ -1,6 +1,55 @@ /* lib/crypto/openssl/hmac.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + + #include "k5-int.h" #include "aead.h" #include diff --git a/src/lib/crypto/openssl/md4/md4.c b/src/lib/crypto/openssl/md4/md4.c index 88f5e3616d..f38900fb5b 100644 --- a/src/lib/crypto/openssl/md4/md4.c +++ b/src/lib/crypto/openssl/md4/md4.c @@ -1,5 +1,27 @@ /* * lib/crypto/openssl/md4/md4.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. */ #include "k5-int.h" diff --git a/src/lib/crypto/openssl/md5/md5.c b/src/lib/crypto/openssl/md5/md5.c index 2a725dc58c..472acc34db 100644 --- a/src/lib/crypto/openssl/md5/md5.c +++ b/src/lib/crypto/openssl/md5/md5.c @@ -1,3 +1,27 @@ +/* lib/crypto/openssl/md5/md5.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ #include "k5-int.h" #include "rsa-md5.h" diff --git a/src/lib/crypto/openssl/md5/rsa-md5.h b/src/lib/crypto/openssl/md5/rsa-md5.h index 3142f6b764..c9a5f9074c 100644 --- a/src/lib/crypto/openssl/md5/rsa-md5.h +++ b/src/lib/crypto/openssl/md5/rsa-md5.h @@ -1,3 +1,67 @@ +/* lib/crypto/openssl/md5/rsa-md5.h + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + *********************************************************************** + ** md5.h -- header file for implementation of MD5 ** + ** RSA Data Security, Inc. MD5 Message-Digest Algorithm ** + ** Created: 2/17/90 RLR ** + ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version ** + ** Revised (for MD5): RLR 4/27/91 ** + ** -- G modified to have y&~z instead of y&z ** + ** -- FF, GG, HH modified to add in last register done ** + ** -- Access pattern: round 2 works mod 5, round 3 works mod 3 ** + ** -- distinct additive constant for each step ** + ** -- round 4 added, working mod 7 ** + *********************************************************************** + */ + +/* + *********************************************************************** + ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** + ** ** + ** License to copy and use this software is granted provided that ** + ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** + ** Digest Algorithm" in all material mentioning or referencing this ** + ** software or this function. ** + ** ** + ** License is also granted to make and use derivative works ** + ** provided that such works are identified as "derived from the RSA ** + ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** + ** material mentioning or referencing the derived work. ** + ** ** + ** RSA Data Security, Inc. makes no representations concerning ** + ** either the merchantability of this software or the suitability ** + ** of this software for any particular purpose. It is provided "as ** + ** is" without express or implied warranty of any kind. ** + ** ** + ** These notices must be retained in any copies of any part of this ** + ** documentation and/or software. ** + *********************************************************************** + */ + #ifndef KRB5_RSA_MD5__ #define KRB5_RSA_MD5__ diff --git a/src/lib/crypto/openssl/pbkdf2.c b/src/lib/crypto/openssl/pbkdf2.c index bef8be2e9c..b80f5015a1 100644 --- a/src/lib/crypto/openssl/pbkdf2.c +++ b/src/lib/crypto/openssl/pbkdf2.c @@ -1,7 +1,7 @@ /* * lib/crypto/openssl/pbkdf2.c * - * Copyright 2002, 2008 by the Massachusetts Institute of Technology. + * Copyright 2002, 2008, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may diff --git a/src/lib/crypto/openssl/sha1/shs.c b/src/lib/crypto/openssl/sha1/shs.c index fadb228b41..5dcf4b9a06 100644 --- a/src/lib/crypto/openssl/sha1/shs.c +++ b/src/lib/crypto/openssl/sha1/shs.c @@ -1,3 +1,28 @@ +/* lib/crypto/openssl/sha1/shs.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + #include "shs.h" #ifdef HAVE_SYS_TYPES_H #include -- cgit