summaryrefslogtreecommitdiffstats
path: root/source4/heimdal
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal')
-rwxr-xr-xsource4/heimdal/fix-export79
-rw-r--r--source4/heimdal/kdc/kdc-private.h6
-rw-r--r--source4/heimdal/kdc/kdc_locl.h95
-rw-r--r--source4/heimdal/kdc/kerberos5.c3
-rw-r--r--source4/heimdal/kdc/misc.c4
-rwxr-xr-xsource4/heimdal/kdc/pkinit.c18
-rw-r--r--source4/heimdal/lib/asn1/asn1_gen.c10
-rw-r--r--source4/heimdal/lib/asn1/der.h8
-rwxr-xr-xsource4/heimdal/lib/asn1/der_cmp.c4
-rw-r--r--source4/heimdal/lib/asn1/der_copy.c3
-rw-r--r--source4/heimdal/lib/asn1/der_format.c105
-rw-r--r--source4/heimdal/lib/asn1/der_get.c29
-rw-r--r--source4/heimdal/lib/asn1/der_length.c4
-rw-r--r--source4/heimdal/lib/asn1/extra.c26
-rw-r--r--source4/heimdal/lib/asn1/parse.y79
-rw-r--r--source4/heimdal/lib/com_err/lex.c19
-rwxr-xr-xsource4/heimdal/lib/des/aes.h13
-rw-r--r--source4/heimdal/lib/des/bn.h121
-rw-r--r--source4/heimdal/lib/des/des.c3
-rw-r--r--source4/heimdal/lib/des/des.h38
-rw-r--r--source4/heimdal/lib/des/dh.h139
-rw-r--r--source4/heimdal/lib/des/dsa.h140
-rw-r--r--source4/heimdal/lib/des/engine.h96
-rw-r--r--source4/heimdal/lib/des/evp.c728
-rw-r--r--source4/heimdal/lib/des/evp.h231
l---------source4/heimdal/lib/des/hcrypto1
-rw-r--r--source4/heimdal/lib/des/hmac.c119
-rw-r--r--source4/heimdal/lib/des/hmac.h82
-rw-r--r--source4/heimdal/lib/des/md2.c138
-rw-r--r--source4/heimdal/lib/des/md2.h63
-rw-r--r--source4/heimdal/lib/des/md4.h13
-rw-r--r--source4/heimdal/lib/des/md5.h13
-rw-r--r--source4/heimdal/lib/des/pkcs12.h57
-rw-r--r--source4/heimdal/lib/des/pkcs5.c112
-rw-r--r--source4/heimdal/lib/des/rand.h54
-rwxr-xr-xsource4/heimdal/lib/des/rc2.h12
-rw-r--r--source4/heimdal/lib/des/rc4.h6
-rwxr-xr-xsource4/heimdal/lib/des/rijndael-alg-fst.h6
-rw-r--r--source4/heimdal/lib/des/rnd_keys.c7
-rw-r--r--source4/heimdal/lib/des/rsa.h164
-rw-r--r--source4/heimdal/lib/des/sha.h13
-rw-r--r--source4/heimdal/lib/des/ui.c4
-rw-r--r--source4/heimdal/lib/des/ui.h45
-rw-r--r--source4/heimdal/lib/gssapi/delete_sec_context.c8
-rw-r--r--source4/heimdal/lib/gssapi/import_name.c5
-rw-r--r--source4/heimdal/lib/gssapi/wrap.c2
-rw-r--r--source4/heimdal/lib/hdb/hdb-protos.h365
-rw-r--r--source4/heimdal/lib/hdb/hdb.c2
-rw-r--r--source4/heimdal/lib/hdb/hdb_locl.h7
-rw-r--r--source4/heimdal/lib/hdb/keytab.c2
-rw-r--r--source4/heimdal/lib/krb5/crypto.c146
-rw-r--r--source4/heimdal/lib/krb5/error_string.c25
-rw-r--r--source4/heimdal/lib/krb5/get_cred.c5
-rw-r--r--source4/heimdal/lib/krb5/get_for_creds.c25
-rw-r--r--source4/heimdal/lib/krb5/init_creds.c5
-rw-r--r--source4/heimdal/lib/krb5/krb5-private.h16
-rw-r--r--source4/heimdal/lib/krb5/krb5-protos.h14
-rw-r--r--source4/heimdal/lib/krb5/krb5_err.et37
-rw-r--r--source4/heimdal/lib/krb5/krb5_locl.h28
-rw-r--r--source4/heimdal/lib/krb5/mk_priv.c8
-rwxr-xr-xsource4/heimdal/lib/krb5/pkinit.c109
-rw-r--r--source4/heimdal/lib/roken/hex.c103
-rw-r--r--source4/heimdal/lib/roken/hex.h55
-rw-r--r--source4/heimdal/lib/roken/resolve.c4
64 files changed, 3018 insertions, 863 deletions
diff --git a/source4/heimdal/fix-export b/source4/heimdal/fix-export
deleted file mode 100755
index b49c0de1d3..0000000000
--- a/source4/heimdal/fix-export
+++ /dev/null
@@ -1,79 +0,0 @@
-#! /bin/sh
-# $Id: fix-export,v 1.39 2005/08/11 08:57:52 lha Exp $
-
-distdir="$1"
-echo "fixing distribution in $distdir..."
-
-test -d "$distdir" || { echo not a dir in \$distdir ; exit 1 ; }
-cd $distdir
-
-if test "$DATEDVERSION"; then
- ed -s configure.in << END
-/AC_INIT/s/AC_INIT(\([^,]*\), [^,]*, \(.*\))/AC_INIT(\1, $DATEDVERSION, \2)/
-w
-q
-END
-
- error=WARN
- exitcmd=:
-else
- error=ERROR
- exitcmd=exit
-fi
-
-ver=`sed -n 's/AC_INIT([^,]*,\([^,]*\),.*/\1/p' configure.in`
-M="* This is version $ver. *"
-echo "$M" | sed -e 's/./*/g'
-echo "$M"
-echo "$M" | sed -e 's/./*/g'
-
-autoreconf --force --install
-(cd doc && makeinfo heimdal.texi)
-
-find . -name Makefile.am | while read f; do
- for i in `sed -n -e '/^man_MANS/{
- :loop
- p
- /[^\\]$/b quit
- n
- b loop
- }
- :quit' $f | sed 's/man_MANS//;s/=//;s/[ \\][ \\]*/ /g'`; do
- x=`dirname $f`/$i
- y=`dirname $f`/`echo $i | sed 's/[0-9]$/cat&/'`
- echo `grog -Tascii $x` \> $y
- `grog -Tascii $x` > $y
- perl -p -e 'exit 1 if (/NetBSD|FreeBSD|OpenBSD|Linux|OSF|Solaris/); exit 0;' $y
- if [ $? != 0 ] ; then
- echo "$error: catfile $y contains operating system"
- head -1 $y
- $exitcmd
- fi
- done
-done
-
-make_proto () {
- (top=`pwd`
- cd $1
- b=`basename $1`
- if test X"$5" != X ; then
- e="-E $5";
- else
- e=
- fi
- perl $top/cf/make-proto.pl $e -o $2 -p $3 `(perl -p -e 's/^(include|if|else|endif)\b/##$1/' Makefile.am;
- echo 'print-sources:; @if test "$(proto_opts)"; then echo $(proto_opts); else echo -q -P comment; fi; echo '$4 | sort -u ) | make -f - print-sources `)
-}
-
-make_proto lib/krb5 krb5-protos.h krb5-private.h '$(libkrb5_la_SOURCES)' KRB5_LIB_FUNCTION
-make_proto lib/kadm5 kadm5-protos.h kadm5-private.h '$(libkadm5srv_la_SOURCES) $(libkadm5clnt_la_SOURCES)'
-make_proto lib/hdb hdb-protos.h hdb-private.h '$(libhdb_la_SOURCES)'
-make_proto appl/login login_protos.h /dev/null '$(login_SOURCES)'
-make_proto kcm kcm_protos.h /dev/null '$(kcm_SOURCES)'
-make_proto kdc kdc-protos.h /dev/null '$(libkdc_la_SOURCES)'
-
-rm -fr autom4te*.cache
-
-echo "tar cf - ${distdir} \| gzip -9 > ${distdir}.tar.gz"
-echo "gpg -ba -u 0x45D901D8 ${distdir}.tar.gz"
-
diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h
index cfb76fd7b0..729778a69e 100644
--- a/source4/heimdal/kdc/kdc-private.h
+++ b/source4/heimdal/kdc/kdc-private.h
@@ -29,7 +29,7 @@ _kdc_db_fetch (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
krb5_principal /*principal*/,
- enum hdb_ent_type,
+ enum hdb_ent_type /*ent_type*/,
hdb_entry_ex **/*h*/);
krb5_error_code
@@ -104,7 +104,7 @@ _kdc_pk_check_client (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
krb5_principal /*client_princ*/,
- const hdb_entry */*client*/,
+ const hdb_entry_ex */*client*/,
pk_client_params */*client_params*/,
char **/*subject_name*/);
@@ -125,7 +125,7 @@ _kdc_pk_mk_pa_reply (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
pk_client_params */*client_params*/,
- const hdb_entry */*client*/,
+ const hdb_entry_ex */*client*/,
const KDC_REQ */*req*/,
const krb5_data */*req_buffer*/,
krb5_keyblock **/*reply_key*/,
diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h
index 58cf1f4173..ca8672c062 100644
--- a/source4/heimdal/kdc/kdc_locl.h
+++ b/source4/heimdal/kdc/kdc_locl.h
@@ -61,101 +61,10 @@ extern int detach_from_console;
extern struct timeval _kdc_now;
#define kdc_time (_kdc_now.tv_sec)
-krb5_error_code
-_kdc_as_rep(krb5_context context,
- krb5_kdc_configuration *config,
- KDC_REQ*, const krb5_data*, krb5_data*,
- const char*, struct sockaddr*);
-
-krb5_kdc_configuration *
-configure(krb5_context context, int argc, char **argv);
-
-krb5_error_code
-_kdc_db_fetch(krb5_context context,
- krb5_kdc_configuration *config,
- krb5_principal principal, enum hdb_ent_type ent_type,
- hdb_entry_ex **h);
-
-void
-_kdc_free_ent(krb5_context context, hdb_entry_ex *ent);
-
void
loop(krb5_context context, krb5_kdc_configuration *config);
-krb5_error_code
-_kdc_tgs_rep (krb5_context context,
- krb5_kdc_configuration *config,
- KDC_REQ*, krb5_data*, const char*, struct sockaddr *);
-
-krb5_error_code
-_kdc_check_flags(krb5_context context,
- krb5_kdc_configuration *config,
- hdb_entry *client, const char *client_name,
- hdb_entry *server, const char *server_name,
- krb5_boolean is_as_req);
-
-krb5_error_code
-_kdc_get_des_key(krb5_context context, hdb_entry_ex*,
- krb5_boolean, krb5_boolean, Key**);
-
-krb5_error_code
-_kdc_encode_v4_ticket(krb5_context context,
- krb5_kdc_configuration *config,
- void *buf, size_t len, const EncTicketPart *et,
- const PrincipalName *service, size_t *size);
-krb5_error_code
-_kdc_do_524(krb5_context context,
- krb5_kdc_configuration *config,
- const Ticket *t, krb5_data *reply,
- const char *from, struct sockaddr *addr);
-
-
-#ifdef PKINIT
-typedef struct pk_client_params pk_client_params;
-krb5_error_code _kdc_pk_initialize(krb5_context,
- krb5_kdc_configuration *,
- const char *,
- const char *);
-krb5_error_code _kdc_pk_rd_padata(krb5_context, krb5_kdc_configuration *,
- KDC_REQ *, PA_DATA *, pk_client_params **);
-krb5_error_code _kdc_pk_mk_pa_reply(krb5_context,
- krb5_kdc_configuration *,
- pk_client_params *,
- const hdb_entry *,
- const KDC_REQ *,
- const krb5_data *,
- krb5_keyblock **,
- METHOD_DATA *);
-krb5_error_code _kdc_pk_check_client(krb5_context,
- krb5_kdc_configuration *,
- krb5_principal,
- const hdb_entry *,
- pk_client_params *, char **);
-void _kdc_pk_free_client_param(krb5_context, pk_client_params *);
-#endif
-
-/*
- * Kerberos 4
- */
-
-krb5_error_code
-_kdc_db_fetch4 (krb5_context context,
- krb5_kdc_configuration *config,
- const char*, const char*, const char*, enum hdb_ent_type, hdb_entry_ex**);
-
-krb5_error_code
-_kdc_do_version4 (krb5_context context,
- krb5_kdc_configuration *config,
- unsigned char*, size_t, krb5_data*, const char*,
- struct sockaddr_in*);
-int
-_kdc_maybe_version4(unsigned char*, int);
-
-krb5_error_code
-_kdc_do_kaserver (krb5_context context,
- krb5_kdc_configuration *config,
- unsigned char*, size_t, krb5_data*,
- const char*, struct sockaddr_in*);
-
+krb5_kdc_configuration *
+configure(krb5_context context, int argc, char **argv);
#endif /* __KDC_LOCL_H__ */
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index a0136ba425..392bc0acbe 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -804,8 +804,7 @@ _kdc_as_rep(krb5_context context,
KDC_REQ_BODY *b = &req->req_body;
AS_REP rep;
KDCOptions f = b->kdc_options;
- hdb_entry_ex *client = NULL;
- hdb_entry_ex *server = NULL;
+ hdb_entry_ex *client = NULL, *server = NULL;
krb5_enctype cetype, setype;
EncTicketPart et;
EncKDCRepPart ek;
diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c
index 3027d32cfc..4d38e1f12d 100644
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: misc.c,v 1.26 2005/12/12 12:37:31 lha Exp $");
+RCSID("$Id: misc.c,v 1.27 2006/01/01 23:17:16 lha Exp $");
struct timeval _kdc_now;
@@ -47,7 +47,7 @@ _kdc_db_fetch(krb5_context context,
krb5_error_code ret = HDB_ERR_NOENTRY;
int i;
- ent = malloc (sizeof (*ent));
+ ent = calloc (1, sizeof (*ent));
if (ent == NULL)
return ENOMEM;
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index 83c379825c..67934c0745 100755
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: pkinit.c,v 1.49 2005/10/21 17:14:19 lha Exp $");
+RCSID("$Id: pkinit.c,v 1.50 2006/02/13 11:48:21 lha Exp $");
#ifdef PKINIT
@@ -175,13 +175,17 @@ pk_check_pkauthenticator(krb5_context context,
return ret;
}
- if (a->paChecksum.length != checksum.checksum.length ||
- memcmp(a->paChecksum.data, checksum.checksum.data,
- checksum.checksum.length) != 0)
- {
+ if (a->paChecksum == NULL) {
+ krb5_clear_error_string(context);
+ ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
+ goto out;
+ }
+
+ if (heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) {
krb5_clear_error_string(context);
ret = KRB5KRB_ERR_GENERIC;
}
+out:
free_Checksum(&checksum);
return ret;
@@ -1122,7 +1126,7 @@ krb5_error_code
_kdc_pk_mk_pa_reply(krb5_context context,
krb5_kdc_configuration *config,
pk_client_params *client_params,
- const hdb_entry *client,
+ const hdb_entry_ex *client,
const KDC_REQ *req,
const krb5_data *req_buffer,
krb5_keyblock **reply_key,
@@ -1379,7 +1383,7 @@ krb5_error_code
_kdc_pk_check_client(krb5_context context,
krb5_kdc_configuration *config,
krb5_principal client_princ,
- const hdb_entry *client,
+ const hdb_entry_ex *client,
pk_client_params *client_params,
char **subject_name)
{
diff --git a/source4/heimdal/lib/asn1/asn1_gen.c b/source4/heimdal/lib/asn1/asn1_gen.c
index 95d670cbb1..5dc0ba2e2d 100644
--- a/source4/heimdal/lib/asn1/asn1_gen.c
+++ b/source4/heimdal/lib/asn1/asn1_gen.c
@@ -40,7 +40,7 @@
#include <hex.h>
#include <err.h>
-RCSID("$Id: asn1_gen.c,v 1.3 2005/08/11 10:44:43 lha Exp $");
+RCSID("$Id: asn1_gen.c,v 1.4 2006/01/30 15:06:03 lha Exp $");
static int
doit(const char *fn)
@@ -87,13 +87,13 @@ doit(const char *fn)
ptr++;
class = strtok_r(ptr, " \t\n", &foo);
- if (class == NULL) errx(1, "class missing one line %lu", line);
+ if (class == NULL) errx(1, "class missing on line %lu", line);
type = strtok_r(NULL, " \t\n", &foo);
- if (type == NULL) errx(1, "type missing one line %lu", line);
+ if (type == NULL) errx(1, "type missing on line %lu", line);
tag = strtok_r(NULL, " \t\n", &foo);
- if (tag == NULL) errx(1, "tag missing one line %lu", line);
+ if (tag == NULL) errx(1, "tag missing on line %lu", line);
length = strtok_r(NULL, " \t\n", &foo);
- if (length == NULL) errx(1, "length missing one line %lu", line);
+ if (length == NULL) errx(1, "length missing on line %lu", line);
data = strtok_r(NULL, " \t\n", &foo);
c = der_get_class_num(class);
diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h
index 1f89f875f5..b9c2b47079 100644
--- a/source4/heimdal/lib/asn1/der.h
+++ b/source4/heimdal/lib/asn1/der.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: der.h,v 1.30 2005/10/07 03:48:00 lha Exp $ */
+/* $Id: der.h,v 1.32 2006/01/30 15:25:25 lha Exp $ */
#ifndef __DER_H__
#define __DER_H__
@@ -65,8 +65,10 @@ enum {
UT_IA5String = 22,
UT_UTCTime = 23,
UT_GeneralizedTime = 24,
+ UT_UniversalString = 25,
UT_VisibleString = 26,
UT_GeneralString = 27,
+ UT_BMPString = 30,
/* unsupported types */
UT_ObjectDescriptor = 7,
UT_External = 8,
@@ -76,9 +78,7 @@ enum {
UT_NumericString = 18,
UT_TeletexString = 20,
UT_VideotexString = 21,
- UT_GraphicString = 25,
- UT_UniversalString = 25,
- UT_BMPString = 30,
+ UT_GraphicString = 25
};
#define ASN1_INDEFINITE 0xdce0deed
diff --git a/source4/heimdal/lib/asn1/der_cmp.c b/source4/heimdal/lib/asn1/der_cmp.c
index 306fcbdf57..2471312ba8 100755
--- a/source4/heimdal/lib/asn1/der_cmp.c
+++ b/source4/heimdal/lib/asn1/der_cmp.c
@@ -74,10 +74,10 @@ heim_bit_string_cmp(const heim_bit_string *p, const heim_bit_string *q)
int
heim_integer_cmp(const heim_integer *p, const heim_integer *q)
{
+ if (p->negative != q->negative)
+ return q->negative - p->negative;
if (p->length != q->length)
return p->length - q->length;
- if (p->negative != q->negative)
- return p->negative - q->negative;
return memcmp(p->data, q->data, p->length);
}
diff --git a/source4/heimdal/lib/asn1/der_copy.c b/source4/heimdal/lib/asn1/der_copy.c
index a3c9026cbf..e0443eed39 100644
--- a/source4/heimdal/lib/asn1/der_copy.c
+++ b/source4/heimdal/lib/asn1/der_copy.c
@@ -33,7 +33,7 @@
#include "der_locl.h"
-RCSID("$Id: der_copy.c,v 1.13 2005/07/12 06:27:20 lha Exp $");
+RCSID("$Id: der_copy.c,v 1.14 2006/01/04 23:41:29 lha Exp $");
int
copy_general_string (const heim_general_string *from, heim_general_string *to)
@@ -106,6 +106,7 @@ copy_heim_integer (const heim_integer *from, heim_integer *to)
if(to->length != 0 && to->data == NULL)
return ENOMEM;
memcpy(to->data, from->data, to->length);
+ to->negative = from->negative;
return 0;
}
diff --git a/source4/heimdal/lib/asn1/der_format.c b/source4/heimdal/lib/asn1/der_format.c
new file mode 100644
index 0000000000..44e39b46c5
--- /dev/null
+++ b/source4/heimdal/lib/asn1/der_format.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+#include <hex.h>
+
+RCSID("$Id: der_format.c,v 1.2 2006/01/16 23:01:11 lha Exp $");
+
+int
+der_parse_hex_heim_integer (const char *p, heim_integer *data)
+{
+ ssize_t len;
+
+ data->length = 0;
+ data->negative = 0;
+ data->data = NULL;
+
+ if (*p == '-') {
+ p++;
+ data->negative = 1;
+ }
+
+ len = strlen(p);
+ if (len < 0) {
+ data->data = NULL;
+ data->length = 0;
+ return EINVAL;
+ }
+
+ data->length = (len / 2) + 1;
+ data->data = malloc(data->length);
+ if (data->data == NULL) {
+ data->length = 0;
+ return ENOMEM;
+ }
+
+ len = hex_decode(p, data->data, data->length);
+ if (len < 0) {
+ free(data->data);
+ data->data = NULL;
+ data->length = 0;
+ return EINVAL;
+ }
+
+ {
+ unsigned char *p = data->data;
+ while(*p == 0 && len > 0) {
+ p++;
+ len--;
+ }
+ data->length = len;
+ memmove(data->data, p, len);
+ }
+ return 0;
+}
+
+int
+der_print_hex_heim_integer (const heim_integer *data, char **p)
+{
+ ssize_t len;
+ char *q;
+
+ len = hex_encode(data->data, data->length, p);
+ if (len < 0)
+ return ENOMEM;
+
+ if (data->negative) {
+ len = asprintf(&q, "-%s", *p);
+ free(*p);
+ if (len < 0)
+ return ENOMEM;
+ *p = q;
+ }
+ return 0;
+}
diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c
index 403f5ab1ba..a75ab15c09 100644
--- a/source4/heimdal/lib/asn1/der_get.c
+++ b/source4/heimdal/lib/asn1/der_get.c
@@ -33,7 +33,7 @@
#include "der_locl.h"
-RCSID("$Id: der_get.c,v 1.44 2005/07/19 18:04:00 lha Exp $");
+RCSID("$Id: der_get.c,v 1.45 2006/01/20 10:03:50 lha Exp $");
#include <version.h>
@@ -241,19 +241,40 @@ der_get_heim_integer (const unsigned char *p, size_t len,
return 0;
}
if (p[0] & 0x80) {
+ unsigned char *q;
+ int carry = 1;
data->negative = 1;
- return ASN1_OVERRUN;
+ data->length = len;
+
+ if (p[0] == 0xff) {
+ p++;
+ data->length--;
+ }
+ data->data = malloc(data->length);
+ if (data->data == NULL) {
+ data->length = 0;
+ return ENOMEM;
+ }
+ q = &((unsigned char*)data->data)[data->length - 1];
+ p += data->length - 1;
+ while (q >= (unsigned char*)data->data) {
+ *q = *p ^ 0xff;
+ if (carry)
+ carry = !++*q;
+ p--;
+ q--;
+ }
} else {
data->negative = 0;
data->length = len;
- if (p[0] == 0 && data->length != 1) {
+ if (p[0] == 0) {
p++;
data->length--;
}
data->data = malloc(data->length);
- if (data->data == NULL) {
+ if (data->data == NULL && data->length != 0) {
data->length = 0;
return ENOMEM;
}
diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c
index e818267bf4..2c017ad84e 100644
--- a/source4/heimdal/lib/asn1/der_length.c
+++ b/source4/heimdal/lib/asn1/der_length.c
@@ -33,7 +33,7 @@
#include "der_locl.h"
-RCSID("$Id: der_length.c,v 1.17 2005/07/12 06:27:22 lha Exp $");
+RCSID("$Id: der_length.c,v 1.18 2006/01/20 10:04:46 lha Exp $");
size_t
_heim_len_unsigned (unsigned val)
@@ -178,7 +178,7 @@ length_heim_integer (const heim_integer *k)
if (k->length == 0)
return 1;
if (k->negative)
- return k->length + ((((unsigned char *)k->data)[0] & 0x80) ? 0 : 1);
+ return k->length + (((~(((unsigned char *)k->data)[0])) & 0x80) ? 0 : 1);
else
return k->length + ((((unsigned char *)k->data)[0] & 0x80) ? 1 : 0);
}
diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c
index ba081e3a63..4f70f191df 100644
--- a/source4/heimdal/lib/asn1/extra.c
+++ b/source4/heimdal/lib/asn1/extra.c
@@ -34,7 +34,7 @@
#include "der_locl.h"
#include "heim_asn1.h"
-RCSID("$Id: extra.c,v 1.5 2005/07/19 18:05:16 lha Exp $");
+RCSID("$Id: extra.c,v 1.6 2006/01/31 09:44:54 lha Exp $");
int
encode_heim_any(unsigned char *p, size_t len,
@@ -59,10 +59,7 @@ decode_heim_any(const unsigned char *p, size_t len,
unsigned int thistag;
int e;
- if (data == NULL && len == 0) { /* XXX tag less OPTIONAL */
- *size = 0;
- return 0;
- }
+ memset(data, 0, sizeof(*data));
e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l);
if (e) return e;
@@ -73,16 +70,15 @@ decode_heim_any(const unsigned char *p, size_t len,
if (length + len_len + l > len)
return ASN1_OVERFLOW;
- if (data) { /* XXX hack to workaround tag less OPTIONAL data */
- memset(data, 0, sizeof(*data));
-
- data->data = malloc(length + len_len + l);
- if (data->data == NULL)
- return ENOMEM;
- data->length = length + len_len + l;
- memcpy(data->data, p, length + len_len + l);
- }
- if (size) *size = length + len_len + l;
+ data->data = malloc(length + len_len + l);
+ if (data->data == NULL)
+ return ENOMEM;
+ data->length = length + len_len + l;
+ memcpy(data->data, p, length + len_len + l);
+
+ if (size)
+ *size = length + len_len + l;
+
return 0;
}
diff --git a/source4/heimdal/lib/asn1/parse.y b/source4/heimdal/lib/asn1/parse.y
index 51dc51ed88..2238478284 100644
--- a/source4/heimdal/lib/asn1/parse.y
+++ b/source4/heimdal/lib/asn1/parse.y
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $ */
+/* $Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $ */
%{
#ifdef HAVE_CONFIG_H
@@ -45,9 +45,10 @@
#include "gen_locl.h"
#include "der.h"
-RCSID("$Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $");
+RCSID("$Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $");
static Type *new_type (Typetype t);
+static struct constraint_spec *new_constraint_spec(enum ctype);
static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype);
void yyerror (const char *);
static struct objid *new_objid(const char *label, int value);
@@ -73,6 +74,7 @@ struct string_list {
struct string_list *sl;
struct tagtype tag;
struct memhead *members;
+ struct constraint_spec *constraint_spec;
}
%token kw_ABSENT
@@ -183,6 +185,7 @@ struct string_list {
%type <type> BitStringType
%type <type> BooleanType
%type <type> ChoiceType
+%type <type> ConstrainedType
%type <type> EnumeratedType
%type <type> IntegerType
%type <type> NullType
@@ -215,6 +218,12 @@ struct string_list {
%type <sl> referencenames
+%type <constraint_spec> Constraint
+%type <constraint_spec> ConstraintSpec
+%type <constraint_spec> GeneralConstraint
+%type <constraint_spec> ContentsConstraint
+%type <constraint_spec> UserDefinedConstraint
+
%start ModuleDefinition
%%
@@ -300,6 +309,7 @@ TypeAssignment : IDENTIFIER EEQUAL Type
Type : BuiltinType
| ReferencedType
+ | ConstrainedType
;
BuiltinType : BitStringType
@@ -507,6 +517,63 @@ UsefulType : kw_GeneralizedTime
}
;
+ConstrainedType : Type Constraint
+ {
+ /* if (Constraint.type == contentConstrant) {
+ assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
+ if (Constraint.u.constraint.type) {
+ assert((Constraint.u.constraint.type.length % 8) == 0);
+ }
+ }
+ if (Constraint.u.constraint.encoding) {
+ type == der-oid|ber-oid
+ }
+ */
+ }
+ ;
+
+
+Constraint : '(' ConstraintSpec ')'
+ {
+ $$ = $2;
+ }
+
+ConstraintSpec : GeneralConstraint
+
+GeneralConstraint: ContentsConstraint
+ | UserDefinedConstraint
+ ;
+
+ContentsConstraint: kw_CONTAINING Type
+ {
+ $$ = new_constraint_spec(CT_CONTENTS);
+ $$->u.content.type = $2;
+ $$->u.content.encoding = NULL;
+ }
+ | kw_ENCODED kw_BY Value
+ {
+ if ($3->type != objectidentifiervalue)
+ error_message("Non-OID used in ENCODED BY constraint");
+ $$ = new_constraint_spec(CT_CONTENTS);
+ $$->u.content.type = NULL;
+ $$->u.content.encoding = $3;
+ }
+ | kw_CONTAINING Type kw_ENCODED kw_BY Value
+ {
+ if ($5->type != objectidentifiervalue)
+ error_message("Non-OID used in ENCODED BY constraint");
+ $$ = new_constraint_spec(CT_CONTENTS);
+ $$->u.content.type = $2;
+ $$->u.content.encoding = $5;
+ }
+ ;
+
+UserDefinedConstraint: kw_CONSTRAINED kw_BY '{' '}'
+ {
+ $$ = new_constraint_spec(CT_USER);
+ }
+ ;
+
TaggedType : Tag tagenv Type
{
$$ = new_type(TTag);
@@ -861,6 +928,14 @@ new_type (Typetype tt)
return t;
}
+static struct constraint_spec *
+new_constraint_spec(enum ctype ct)
+{
+ struct constraint_spec *c = ecalloc(1, sizeof(*c));
+ c->ctype = ct;
+ return c;
+}
+
static void fix_labels2(Type *t, const char *prefix);
static void fix_labels1(struct memhead *members, const char *prefix)
{
diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c
index 925615f244..ffaf15279a 100644
--- a/source4/heimdal/lib/com_err/lex.c
+++ b/source4/heimdal/lib/com_err/lex.c
@@ -1,4 +1,4 @@
-/* A lexical scanner generated by flex */
+/* A lexical scanner generated by flex*/
/* Scanner skeleton version:
* $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $
@@ -134,6 +134,15 @@ extern FILE *yyin, *yyout;
#define unput(c) yyunput( c, yytext_ptr )
+/* Some routines like yy_flex_realloc() are emitted as static but are
+ not called by all lexers. This generates warnings in some compilers,
+ notably GCC. Arrange to suppress these. */
+#ifdef __GNUC__
+#define YY_MAY_BE_UNUSED __attribute__((unused))
+#else
+#define YY_MAY_BE_UNUSED
+#endif
+
/* The following is because we cannot portably get our hands on size_t
* (without autoconf's help, which isn't available because we want
* flex-generated scanners to compile on their own).
@@ -240,7 +249,7 @@ YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str ));
YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len ));
static void *yy_flex_alloc YY_PROTO(( yy_size_t ));
-static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t ));
+static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED;
static void yy_flex_free YY_PROTO(( void * ));
#define yy_new_buffer yy_create_buffer
@@ -442,7 +451,7 @@ static int getstring(void);
#undef ECHO
-#line 446 "lex.yy.c"
+#line 455 "lex.yy.c"
/* Macros after this point can all be overridden by user definitions in
* section 1.
@@ -595,7 +604,7 @@ YY_DECL
#line 59 "lex.l"
-#line 599 "lex.yy.c"
+#line 608 "lex.yy.c"
if ( yy_init )
{
@@ -758,7 +767,7 @@ YY_RULE_SETUP
#line 75 "lex.l"
ECHO;
YY_BREAK
-#line 762 "lex.yy.c"
+#line 771 "lex.yy.c"
case YY_STATE_EOF(INITIAL):
yyterminate();
diff --git a/source4/heimdal/lib/des/aes.h b/source4/heimdal/lib/des/aes.h
index ef72b0add7..8a62c6461d 100755
--- a/source4/heimdal/lib/des/aes.h
+++ b/source4/heimdal/lib/des/aes.h
@@ -31,11 +31,22 @@
* SUCH DAMAGE.
*/
-/* $Id: aes.h,v 1.4 2005/04/10 19:09:47 lha Exp $ */
+/* $Id: aes.h,v 1.5 2006/01/08 21:47:27 lha Exp $ */
#ifndef HEIM_AES_H
#define HEIM_AES_H 1
+/* symbol renaming */
+#define AES_set_encrypt_key hc_AES_set_encrypt_key
+#define AES_set_decrypt_key hc_AES_decrypt_key
+#define AES_encrypt hc_AES_encrypt
+#define AES_decrypt hc_AES_decrypt
+#define AES_cbc_encrypt hc_AES_cbc_encrypt
+
+/*
+ *
+ */
+
#define AES_BLOCK_SIZE 16
#define AES_MAXNR 14
diff --git a/source4/heimdal/lib/des/bn.h b/source4/heimdal/lib/des/bn.h
new file mode 100644
index 0000000000..b0c90d36fc
--- /dev/null
+++ b/source4/heimdal/lib/des/bn.h
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: bn.h,v 1.3 2006/01/13 08:27:50 lha Exp $
+ */
+
+#ifndef _HEIM_BN_H
+#define _HEIM_BN_H 1
+
+/* symbol renaming */
+#define BN_GENCB_call hc_BN_GENCB_call
+#define BN_GENCB_set hc_BN_GENCB_set
+#define BN_bin2bn hc_BN_bin2bn
+#define BN_bn2bin hc_BN_bn2bin
+#define BN_bn2hex hc_BN_bn2hex
+#define BN_clear hc_BN_clear
+#define BN_clear_bit hc_BN_clear_bit
+#define BN_clear_free hc_BN_clear_free
+#define BN_cmp hc_BN_cmp
+#define BN_dup hc_BN_dup
+#define BN_free hc_BN_free
+#define BN_is_negative hc_BN_is_negative
+#define BN_get_word hc_BN_get_word
+#define BN_hex2bn hc_BN_hex2bn
+#define BN_is_bit_set hc_BN_is_bit_set
+#define BN_new hc_BN_new
+#define BN_num_bits hc_BN_num_bits
+#define BN_num_bytes hc_BN_num_bytes
+#define BN_rand hc_BN_rand
+#define BN_set_bit hc_BN_set_bit
+#define BN_set_negative hc_BN_set_negative
+#define BN_set_word hc_BN_set_word
+#define BN_uadd hc_BN_uadd
+
+/*
+ *
+ */
+
+typedef void BIGNUM;
+typedef struct BN_GENCB BN_GENCB;
+typedef void BN_CTX;
+typedef void BN_MONT_CTX;
+typedef void BN_BLINDING;
+
+struct BN_GENCB {
+ unsigned int ver;
+ void *arg;
+ union {
+ int (*cb_2)(int, int, BN_GENCB *);
+ } cb;
+};
+
+/*
+ *
+ */
+
+BIGNUM *BN_new(void);
+void BN_free(BIGNUM *);
+void BN_clear_free(BIGNUM *);
+void BN_clear(BIGNUM *);
+BIGNUM *BN_dup(const BIGNUM *);
+
+int BN_num_bits(const BIGNUM *);
+int BN_num_bytes(const BIGNUM *);
+
+int BN_cmp(const BIGNUM *, const BIGNUM *);
+
+void BN_set_negative(BIGNUM *, int);
+int BN_is_negative(BIGNUM *);
+
+int BN_is_bit_set(const BIGNUM *, int);
+int BN_set_bit(BIGNUM *, int);
+int BN_clear_bit(BIGNUM *, int);
+
+int BN_set_word(BIGNUM *, unsigned long);
+unsigned long BN_get_word(const BIGNUM *);
+
+BIGNUM *BN_bin2bn(const void *,int len,BIGNUM *);
+int BN_bn2bin(const BIGNUM *, void *);
+int BN_hex2bn(BIGNUM **, const char *);
+char * BN_bn2hex(const BIGNUM *);
+
+int BN_uadd(BIGNUM *, const BIGNUM *, const BIGNUM *);
+
+int BN_rand(BIGNUM *, int, int, int);
+
+void BN_GENCB_set(BN_GENCB *, int (*)(int, int, BN_GENCB *), void *);
+int BN_GENCB_call(BN_GENCB *, int, int);
+
+#endif
diff --git a/source4/heimdal/lib/des/des.c b/source4/heimdal/lib/des/des.c
index b615bbd30e..b6bb55a9ba 100644
--- a/source4/heimdal/lib/des/des.c
+++ b/source4/heimdal/lib/des/des.c
@@ -45,7 +45,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: des.c,v 1.15 2005/07/20 10:49:22 lha Exp $");
+RCSID("$Id: des.c,v 1.16 2006/01/08 21:47:28 lha Exp $");
#endif
#include <stdio.h>
@@ -54,6 +54,7 @@ RCSID("$Id: des.c,v 1.15 2005/07/20 10:49:22 lha Exp $");
#include <krb5-types.h>
#include "des.h"
+#include "ui.h"
static void desx(uint32_t [2], DES_key_schedule *, int);
static void IP(uint32_t [2]);
diff --git a/source4/heimdal/lib/des/des.h b/source4/heimdal/lib/des/des.h
index 887c2e14d4..890fab462d 100644
--- a/source4/heimdal/lib/des/des.h
+++ b/source4/heimdal/lib/des/des.h
@@ -31,11 +31,41 @@
* SUCH DAMAGE.
*/
-/* $Id: des.h,v 1.24 2005/07/20 10:49:23 lha Exp $ */
+/* $Id: des.h,v 1.25 2006/01/08 21:47:28 lha Exp $ */
#ifndef _DESperate_H
#define _DESperate_H 1
+/* symbol renaming */
+#define DES_set_odd_parity hc_DES_set_odd_parity
+#define DES_is_weak_key hc_DES_is_weak_key
+#define DES_key_sched hc_DES_key_sched
+#define DES_set_key hc_DES_set_key
+#define DES_set_key_checked hc_DES_set_key_checked
+#define DES_set_key_sched hc_DES_set_key_sched
+#define DES_new_random_key hc_DES_new_random_key
+#define DES_string_to_key hc_DES_string_to_key
+#define DES_read_password hc_DES_read_password
+#define DES_rand_data hc_DES_rand_data
+#define DES_set_random_generator_seed hc_DES_set_random_generator_seed
+#define DES_generate_random_block hc_DES_generate_random_block
+#define DES_set_sequence_number hc_DES_set_sequence_number
+#define DES_init_random_number_generator hc_DES_init_random_number_generator
+#define DES_random_key hc_DES_random_key
+#define DES_encrypt hc_DES_encrypt
+#define DES_ecb_encrypt hc_DES_ecb_encrypt
+#define DES_ecb3_encrypt hc_DES_ecb3_encrypt
+#define DES_pcbc_encrypt hc_DES_pcbc_encrypt
+#define DES_cbc_encrypt hc_DES_cbc_encrypt
+#define DES_cbc_cksum hc_DES_cbc_cksum
+#define DES_ede3_cbc_encrypt hc_DES_ede3_cbc_encrypt
+#define DES_cfb64_encrypt hc_DES_cfb64_encrypt
+#define _DES_ipfp_test _hc_DES_ipfp_test
+
+/*
+ *
+ */
+
#define DES_CBLOCK_LEN 8
#define DES_KEY_SZ 8
@@ -48,6 +78,10 @@ typedef struct DES_key_schedule
uint32_t ks[32];
} DES_key_schedule;
+/*
+ *
+ */
+
int DES_set_odd_parity(DES_cblock *);
int DES_is_weak_key(DES_cblock *);
int DES_set_key(DES_cblock *, DES_key_schedule *);
@@ -57,8 +91,6 @@ int DES_new_random_key(DES_cblock *);
void DES_string_to_key(const char *, DES_cblock *);
int DES_read_password(DES_cblock *, char *, int);
-int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */
-
void DES_rand_data(void *, int);
void DES_set_random_generator_seed(DES_cblock *);
void DES_generate_random_block(DES_cblock *);
diff --git a/source4/heimdal/lib/des/dh.h b/source4/heimdal/lib/des/dh.h
new file mode 100644
index 0000000000..cbea876521
--- /dev/null
+++ b/source4/heimdal/lib/des/dh.h
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: dh.h,v 1.4 2006/01/18 13:48:30 lha Exp $
+ */
+
+#ifndef _HEIM_DH_H
+#define _HEIM_DH_H 1
+
+/* symbol renaming */
+#define DH_null_method hc_DH_null_method
+#define DH_new hc_DH_new
+#define DH_new_method hc_DH_new_method
+#define DH_free hc_DH_free
+#define DH_up_ref hc_DH_up_ref
+#define DH_size hc_DH_size
+#define DH_set_default_method hc_DH_set_default_method
+#define DH_get_default_method hc_DH_get_default_method
+#define DH_set_method hc_DH_set_method
+#define DH_get_method hc_DH_get_method
+#define DH_set_ex_data hc_DH_set_ex_data
+#define DH_get_ex_data hc_DH_get_ex_data
+#define DH_generate_parameters_ex hc_DH_generate_parameters_ex
+#define DH_check hc_DH_check
+#define DH_generate_key hc_DH_generate_key
+#define DH_compute_key hc_DH_compute_key
+
+/*
+ *
+ */
+
+typedef struct DH DH;
+typedef struct DH_METHOD DH_METHOD;
+
+#include <hcrypto/bn.h>
+#include <hcrypto/engine.h>
+
+struct DH_METHOD {
+ const char *name;
+ int (*generate_key)(DH *);
+ int (*compute_key)(unsigned char *,const BIGNUM *,DH *);
+ int (*bn_mod_exp)(const DH *, BIGNUM *, const BIGNUM *,
+ const BIGNUM *, const BIGNUM *, BN_CTX *,
+ BN_MONT_CTX *);
+ int (*init)(DH *);
+ int (*finish)(DH *);
+ int flags;
+ void *app_data;
+ int (*generate_params)(DH *, int, int, BN_GENCB *);
+};
+
+struct DH {
+ int pad;
+ int version;
+ BIGNUM *p;
+ BIGNUM *g;
+ long length;
+ BIGNUM *pub_key;
+ BIGNUM *priv_key;
+ int flags;
+ void *method_mont_p;
+ BIGNUM *q;
+ BIGNUM *j;
+ void *seed;
+ int seedlen;
+ BIGNUM *counter;
+ int references;
+ struct CRYPTO_EX_DATA {
+ void *sk;
+ int dummy;
+ } ex_data;
+ const DH_METHOD *meth;
+ ENGINE *engine;
+};
+
+/* DH_check_pubkey return codes in `codes' argument. */
+#define DH_CHECK_PUBKEY_TOO_SMALL 1
+#define DH_CHECK_PUBKEY_TOO_LARGE 2
+
+/*
+ *
+ */
+
+const DH_METHOD *DH_null_method(void);
+
+DH * DH_new(void);
+DH * DH_new_method(ENGINE *);
+void DH_free(DH *);
+int DH_up_ref(DH *);
+
+int DH_size(const DH *);
+
+
+void DH_set_default_method(const DH_METHOD *);
+const DH_METHOD *
+ DH_get_default_method(void);
+int DH_set_method(DH *, const DH_METHOD *);
+
+int DH_set_ex_data(DH *, int, void *);
+void * DH_get_ex_data(DH *, int);
+
+int DH_generate_parameters_ex(DH *, int, int, BN_GENCB *);
+int DH_check_pubkey(const DH *, const BIGNUM *, int *);
+int DH_generate_key(DH *);
+int DH_compute_key(unsigned char *,const BIGNUM *,DH *);
+
+#endif /* _HEIM_DH_H */
+
diff --git a/source4/heimdal/lib/des/dsa.h b/source4/heimdal/lib/des/dsa.h
new file mode 100644
index 0000000000..18859effc8
--- /dev/null
+++ b/source4/heimdal/lib/des/dsa.h
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: dsa.h,v 1.2 2006/01/13 15:26:52 lha Exp $
+ */
+
+#ifndef _HEIM_DSA_H
+#define _HEIM_DSA_H 1
+
+#include <hcrypto/bn.h>
+
+/* symbol renaming */
+#define DSA_null_method hc_DSA_null_method
+#define DSA_new hc_DSA_new
+#define DSA_free hc_DSA_free
+#define DSA_up_ref hc_DSA_up_ref
+#define DSA_set_default_method hc_DSA_set_default_method
+#define DSA_get_default_method hc_DSA_get_default_method
+#define DSA_set_method hc_DSA_set_method
+#define DSA_get_method hc_DSA_get_method
+#define DSA_set_app_data hc_DSA_set_app_data
+#define DSA_get_app_data hc_DSA_get_app_data
+#define DSA_size hc_DSA_size
+#define DSA_verify hc_DSA_verify
+
+/*
+ *
+ */
+
+
+typedef struct DSA DSA;
+typedef struct DSA_METHOD DSA_METHOD;
+typedef struct DSA_SIG DSA_SIG;
+
+struct DSA_SIG {
+ BIGNUM *r;
+ BIGNUM *s;
+};
+
+struct DSA_METHOD {
+ const char *name;
+ DSA_SIG * (*dsa_do_sign)(const unsigned char *, int, DSA *);
+ int (*dsa_sign_setup)(DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
+ int (*dsa_do_verify)(const unsigned char *, int, DSA_SIG *, DSA *);
+ int (*dsa_mod_exp)(DSA *, BIGNUM *, BIGNUM *, BIGNUM *,
+ BIGNUM *, BIGNUM *, BIGNUM *, BN_CTX *,
+ BN_MONT_CTX *);
+ int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *,
+ BN_MONT_CTX *);
+ int (*init)(DSA *);
+ int (*finish)(DSA *);
+ int flags;
+ void *app_data;
+};
+
+struct DSA {
+ int pad;
+ long version;
+ int write_params;
+ BIGNUM *p;
+ BIGNUM *q;
+ BIGNUM *g;
+
+ BIGNUM *pub_key;
+ BIGNUM *priv_key;
+
+ BIGNUM *kinv;
+ BIGNUM *r;
+ int flags;
+ void *method_mont_p;
+ int references;
+ struct dsa_CRYPTO_EX_DATA {
+ void *sk;
+ int dummy;
+ } ex_data;
+ const DSA_METHOD *meth;
+ void *engine;
+};
+
+/*
+ *
+ */
+
+const DSA_METHOD *DSA_null_method(void);
+
+/*
+ *
+ */
+
+DSA * DSA_new(void);
+void DSA_free(DSA *);
+int DSA_up_ref(DSA *);
+
+void DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD * DSA_get_default_method(void);
+
+const DSA_METHOD * DSA_get_method(const DSA *);
+int DSA_set_method(DSA *, const DSA_METHOD *);
+
+void DSA_set_app_data(DSA *, void *arg);
+void * DSA_get_app_data(DSA *);
+
+int DSA_size(const DSA *);
+
+int DSA_verify(int, const unsigned char *, int,
+ const unsigned char *, int, DSA *);
+
+#endif /* _HEIM_DSA_H */
diff --git a/source4/heimdal/lib/des/engine.h b/source4/heimdal/lib/des/engine.h
new file mode 100644
index 0000000000..70c0a7688c
--- /dev/null
+++ b/source4/heimdal/lib/des/engine.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: engine.h,v 1.4 2006/01/13 15:26:52 lha Exp $
+ */
+
+#ifndef _HEIM_ENGINE_H
+#define _HEIM_ENGINE_H 1
+
+/* symbol renaming */
+#define ENGINE_add_conf_module hc_ENGINE_add_conf_module
+#define ENGINE_by_dso hc_ENGINE_by_dso
+#define ENGINE_by_id hc_ENGINE_by_id
+#define ENGINE_finish hc_ENGINE_finish
+#define ENGINE_get_DH hc_ENGINE_get_DH
+#define ENGINE_get_RSA hc_ENGINE_get_RSA
+#define ENGINE_get_id hc_ENGINE_get_id
+#define ENGINE_get_name hc_ENGINE_get_name
+#define ENGINE_load_builtin_engines hc_ENGINE_load_builtin_engines
+#define ENGINE_set_DH hc_ENGINE_set_DH
+#define ENGINE_set_RSA hc_ENGINE_set_RSA
+#define ENGINE_set_id hc_ENGINE_set_id
+#define ENGINE_set_name hc_ENGINE_set_name
+#define ENGINE_set_destroy_function hc_ENGINE_set_destroy_function
+#define ENGINE_up_ref hc_ENGINE_up_ref
+
+/*
+ *
+ */
+
+typedef struct hc_engine ENGINE;
+
+#include <hcrypto/rsa.h>
+#include <hcrypto/dsa.h>
+#include <hcrypto/dh.h>
+
+#define OPENSSL_DYNAMIC_VERSION (unsigned long)0x00020000
+
+typedef int (*openssl_bind_engine)(ENGINE *, const char *, const void *);
+typedef unsigned long (*openssl_v_check)(unsigned long);
+
+void ENGINE_add_conf_module(void);
+void ENGINE_load_builtin_engines(void);
+ENGINE *ENGINE_by_id(const char *);
+ENGINE *ENGINE_by_dso(const char *, const char *);
+int ENGINE_finish(ENGINE *);
+int ENGINE_up_ref(ENGINE *);
+int ENGINE_set_id(ENGINE *, const char *);
+int ENGINE_set_name(ENGINE *, const char *);
+int ENGINE_set_RSA(ENGINE *, const RSA_METHOD *);
+int ENGINE_set_DH(ENGINE *, const DH_METHOD *);
+int ENGINE_set_destroy_function(ENGINE *, void (*)(ENGINE *));
+
+const char * ENGINE_get_id(const ENGINE *);
+const char * ENGINE_get_name(const ENGINE *);
+const RSA_METHOD * ENGINE_get_RSA(const ENGINE *);
+const DH_METHOD * ENGINE_get_DH(const ENGINE *);
+
+int ENGINE_set_default_RSA(ENGINE *);
+ENGINE * ENGINE_get_default_RSA(void);
+int ENGINE_set_default_DH(ENGINE *);
+ENGINE * ENGINE_get_default_DH(void);
+
+
+#endif /* _HEIM_ENGINE_H */
diff --git a/source4/heimdal/lib/des/evp.c b/source4/heimdal/lib/des/evp.c
new file mode 100644
index 0000000000..3f89a49bcc
--- /dev/null
+++ b/source4/heimdal/lib/des/evp.c
@@ -0,0 +1,728 @@
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <evp.h>
+
+#include <krb5-types.h>
+
+#include <aes.h>
+#include <des.h>
+#include <sha.h>
+#include <rc2.h>
+#include <rc4.h>
+#include <md2.h>
+#include <md4.h>
+#include <md5.h>
+
+struct hc_evp_md {
+ int hash_size;
+ int block_size;
+ int ctx_size;
+ int (*init)(EVP_MD_CTX *);
+ int (*update)(EVP_MD_CTX *,const void *, size_t );
+ int (*final)(void *, EVP_MD_CTX *);
+ int (*cleanup)(EVP_MD_CTX *);
+};
+
+/*
+ *
+ */
+
+size_t
+EVP_MD_size(const EVP_MD *md)
+{
+ return md->hash_size;
+}
+
+size_t
+EVP_MD_block_size(const EVP_MD *md)
+{
+ return md->block_size;
+}
+
+EVP_MD_CTX *
+EVP_MD_CTX_create(void)
+{
+ return calloc(1, sizeof(EVP_MD_CTX));
+}
+
+void
+EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+{
+ memset(ctx, 0, sizeof(*ctx));
+}
+
+void
+EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+{
+ EVP_MD_CTX_cleanup(ctx);
+ free(ctx);
+}
+
+int
+EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+{
+ if (ctx->md && ctx->md->cleanup)
+ (ctx->md->cleanup)(ctx);
+ ctx->md = NULL;
+ ctx->engine = NULL;
+ free(ctx->ptr);
+ return 1;
+}
+
+
+const EVP_MD *
+EVP_MD_CTX_md(EVP_MD_CTX *ctx)
+{
+ return ctx->md;
+}
+
+size_t
+EVP_MD_CTX_size(EVP_MD_CTX *ctx)
+{
+ return EVP_MD_size(ctx->md);
+}
+
+size_t
+EVP_MD_CTX_block_size(EVP_MD_CTX *ctx)
+{
+ return EVP_MD_block_size(ctx->md);
+}
+
+int
+EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine)
+{
+ if (ctx->md != md || ctx->engine != engine) {
+ EVP_MD_CTX_cleanup(ctx);
+ ctx->md = md;
+ ctx->engine = engine;
+
+ ctx->ptr = calloc(1, md->ctx_size);
+ if (ctx->ptr == NULL)
+ return 0;
+ }
+ (ctx->md->init)(ctx->ptr);
+ return 1;
+}
+
+int
+EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size)
+{
+ (ctx->md->update)(ctx->ptr, data, size);
+ return 1;
+}
+
+int
+EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size)
+{
+ (ctx->md->final)(hash, ctx->ptr);
+ if (size)
+ *size = ctx->md->hash_size;
+ return 1;
+}
+
+int
+EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize,
+ const EVP_MD *md, ENGINE *engine)
+{
+ EVP_MD_CTX *ctx;
+ int ret;
+
+ ctx = EVP_MD_CTX_create();
+ if (ctx == NULL)
+ return 0;
+ ret = EVP_DigestInit_ex(ctx, md, engine);
+ if (ret != 1)
+ return ret;
+ ret = EVP_DigestUpdate(ctx, data, dsize);
+ if (ret != 1)
+ return ret;
+ ret = EVP_DigestFinal_ex(ctx, hash, hsize);
+ if (ret != 1)
+ return ret;
+ EVP_MD_CTX_destroy(ctx);
+ return 1;
+}
+
+/*
+ *
+ */
+
+static const struct hc_evp_md sha1 = {
+ 20,
+ 64,
+ sizeof(SHA_CTX),
+ (void *)SHA1_Init,
+ (void *)SHA1_Update,
+ (void *)SHA1_Final,
+ NULL
+};
+
+const EVP_MD *
+EVP_sha1(void)
+{
+ return &sha1;
+}
+
+const EVP_MD *
+EVP_sha(void)
+{
+ return &sha1;
+}
+
+const EVP_MD *
+EVP_md5(void)
+{
+ static const struct hc_evp_md md5 = {
+ 16,
+ 64,
+ sizeof(MD5_CTX),
+ (void *)MD5_Init,
+ (void *)MD5_Update,
+ (void *)MD5_Final,
+ NULL
+ };
+ return &md5;
+}
+
+const EVP_MD *
+EVP_md4(void)
+{
+ static const struct hc_evp_md md4 = {
+ 16,
+ 64,
+ sizeof(MD4_CTX),
+ (void *)MD4_Init,
+ (void *)MD4_Update,
+ (void *)MD4_Final,
+ NULL
+ };
+ return &md4;
+}
+
+const EVP_MD *
+EVP_md2(void)
+{
+ static const struct hc_evp_md md2 = {
+ 16,
+ 16,
+ sizeof(MD2_CTX),
+ (void *)MD2_Init,
+ (void *)MD2_Update,
+ (void *)MD2_Final,
+ NULL
+ };
+ return &md2;
+}
+
+/*
+ *
+ */
+
+static void
+null_Init (void *m)
+{
+}
+static void
+null_Update (void *m, const void * data, size_t size)
+{
+}
+static void
+null_Final(void *res, struct md5 *m)
+{
+}
+
+const EVP_MD *
+EVP_md_null(void)
+{
+ static const struct hc_evp_md null = {
+ 0,
+ 0,
+ 0,
+ (void *)null_Init,
+ (void *)null_Update,
+ (void *)null_Final,
+ NULL
+ };
+ return &null;
+}
+
+#if 0
+void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+int EVP_SignFinal(EVP_MD_CTX *, void *, size_t *, EVP_PKEY *);
+int EVP_VerifyFinal(EVP_MD_CTX *, const void *, size_t, EVP_PKEY *);
+#endif
+
+/*
+ *
+ */
+
+size_t
+EVP_CIPHER_block_size(const EVP_CIPHER *c)
+{
+ return c->block_size;
+}
+
+size_t
+EVP_CIPHER_key_length(const EVP_CIPHER *c)
+{
+ return c->key_len;
+}
+
+size_t
+EVP_CIPHER_iv_length(const EVP_CIPHER *c)
+{
+ return c->iv_len;
+}
+
+void
+EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c)
+{
+ memset(c, 0, sizeof(*c));
+}
+
+int
+EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+{
+ if (c->cipher && c->cipher->cleanup)
+ c->cipher->cleanup(c);
+ if (c->cipher_data) {
+ free(c->cipher_data);
+ c->cipher_data = NULL;
+ }
+ return 1;
+}
+
+#if 0
+int
+EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length)
+{
+ return 0;
+}
+
+int
+EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad)
+{
+ return 0;
+}
+#endif
+
+const EVP_CIPHER *
+EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx)
+{
+ return ctx->cipher;
+}
+
+size_t
+EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
+{
+ return EVP_CIPHER_block_size(ctx->cipher);
+}
+
+size_t
+EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
+{
+ return EVP_CIPHER_key_length(ctx->cipher);
+}
+
+size_t
+EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
+{
+ return EVP_CIPHER_iv_length(ctx->cipher);
+}
+
+unsigned long
+EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
+{
+ return ctx->cipher->flags;
+}
+
+int
+EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx)
+{
+ return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE;
+}
+
+void *
+EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx)
+{
+ return ctx->app_data;
+}
+
+void
+EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
+{
+ ctx->app_data = data;
+}
+
+int
+EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine,
+ const void *key, const void *iv, int encp)
+{
+ if (encp == -1)
+ encp = ctx->encrypt;
+ else
+ ctx->encrypt = (encp ? 1 : 0);
+
+ if (c && (c != ctx->cipher)) {
+ EVP_CIPHER_CTX_cleanup(ctx);
+ ctx->cipher = c;
+ ctx->key_len = c->key_len;
+
+ ctx->cipher_data = malloc(c->ctx_size);
+ if (ctx->cipher_data == NULL && c->ctx_size != 0)
+ return 0;
+
+ } else if (ctx->cipher == NULL) {
+ /* reuse of cipher, but not any cipher ever set! */
+ return 0;
+ }
+
+ switch (EVP_CIPHER_CTX_flags(ctx)) {
+ case EVP_CIPH_CBC_MODE:
+
+ assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv));
+
+ if (iv)
+ memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+ memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+ break;
+ default:
+ return 0;
+ }
+
+ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT))
+ ctx->cipher->init(ctx, key, iv, encp);
+
+ return 1;
+}
+
+int
+EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size)
+{
+ return ctx->cipher->do_cipher(ctx, out, in, size);
+}
+
+/*
+ *
+ */
+
+static int
+enc_null_init(EVP_CIPHER_CTX *ctx,
+ const unsigned char * key,
+ const unsigned char * iv,
+ int encp)
+{
+ return 1;
+}
+
+static int
+enc_null_do_cipher(EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ unsigned int size)
+{
+ memmove(out, in, size);
+ return 1;
+}
+
+static int
+enc_null_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ return 1;
+}
+
+const EVP_CIPHER *
+EVP_enc_null(void)
+{
+ static const EVP_CIPHER enc_null = {
+ 0,
+ 0,
+ 0,
+ 0,
+ EVP_CIPH_CBC_MODE,
+ enc_null_init,
+ enc_null_do_cipher,
+ enc_null_cleanup,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ };
+ return &enc_null;
+}
+
+/*
+ *
+ */
+
+struct rc2_cbc {
+ unsigned int maximum_effective_key;
+ RC2_KEY key;
+};
+
+static int
+rc2_init(EVP_CIPHER_CTX *ctx,
+ const unsigned char * key,
+ const unsigned char * iv,
+ int encp)
+{
+ struct rc2_cbc *k = ctx->cipher_data;
+ k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8;
+ RC2_set_key(&k->key,
+ EVP_CIPHER_CTX_key_length(ctx),
+ key,
+ k->maximum_effective_key);
+ return 1;
+}
+
+static int
+rc2_do_cipher(EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ unsigned int size)
+{
+ struct rc2_cbc *k = ctx->cipher_data;
+ RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt);
+ return 1;
+}
+
+static int
+rc2_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ memset(ctx->cipher_data, 0, sizeof(struct rc2_cbc));
+ return 1;
+}
+
+
+const EVP_CIPHER *
+EVP_rc2_cbc(void)
+{
+ static const EVP_CIPHER rc2_cbc = {
+ 0,
+ RC2_BLOCK_SIZE,
+ RC2_KEY_LENGTH,
+ RC2_BLOCK_SIZE,
+ EVP_CIPH_CBC_MODE,
+ rc2_init,
+ rc2_do_cipher,
+ rc2_cleanup,
+ sizeof(struct rc2_cbc),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ };
+ return &rc2_cbc;
+}
+
+const EVP_CIPHER *
+EVP_rc2_40_cbc(void)
+{
+ static const EVP_CIPHER rc2_40_cbc = {
+ 0,
+ RC2_BLOCK_SIZE,
+ 5,
+ RC2_BLOCK_SIZE,
+ EVP_CIPH_CBC_MODE,
+ rc2_init,
+ rc2_do_cipher,
+ rc2_cleanup,
+ sizeof(struct rc2_cbc),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ };
+ return &rc2_40_cbc;
+}
+
+/*
+ *
+ */
+
+const EVP_CIPHER *
+EVP_rc4(void)
+{
+ printf("evp rc4\n");
+ abort();
+ return NULL;
+}
+
+const EVP_CIPHER *
+EVP_rc4_40(void)
+{
+ printf("evp rc4_40\n");
+ abort();
+ return NULL;
+}
+
+/*
+ *
+ */
+
+struct des_ede3_cbc {
+ DES_key_schedule ks[3];
+};
+
+static int
+des_ede3_cbc_init(EVP_CIPHER_CTX *ctx,
+ const unsigned char * key,
+ const unsigned char * iv,
+ int encp)
+{
+ struct des_ede3_cbc *k = ctx->cipher_data;
+
+ DES_key_sched((DES_cblock *)(key), &k->ks[0]);
+ DES_key_sched((DES_cblock *)(key + 8), &k->ks[1]);
+ DES_key_sched((DES_cblock *)(key + 16), &k->ks[2]);
+
+ return 1;
+}
+
+static int
+des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ unsigned int size)
+{
+ struct des_ede3_cbc *k = ctx->cipher_data;
+ DES_ede3_cbc_encrypt(in, out, size,
+ &k->ks[0], &k->ks[1], &k->ks[2],
+ (DES_cblock *)ctx->iv, ctx->encrypt);
+ return 1;
+}
+
+static int
+des_ede3_cbc_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ memset(ctx->cipher_data, 0, sizeof(struct des_ede3_cbc));
+ return 1;
+}
+
+const EVP_CIPHER *
+EVP_des_ede3_cbc(void)
+{
+ static const EVP_CIPHER des_ede3_cbc = {
+ 0,
+ 8,
+ 24,
+ 8,
+ EVP_CIPH_CBC_MODE,
+ des_ede3_cbc_init,
+ des_ede3_cbc_do_cipher,
+ des_ede3_cbc_cleanup,
+ sizeof(struct des_ede3_cbc),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ };
+ return &des_ede3_cbc;
+}
+
+/*
+ *
+ */
+
+static int
+aes_init(EVP_CIPHER_CTX *ctx,
+ const unsigned char * key,
+ const unsigned char * iv,
+ int encp)
+{
+ AES_KEY *k = ctx->cipher_data;
+ if (ctx->encrypt)
+ AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k);
+ else
+ AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k);
+ return 1;
+}
+
+static int
+aes_do_cipher(EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ unsigned int size)
+{
+ AES_KEY *k = ctx->cipher_data;
+ AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt);
+ return 1;
+}
+
+static int
+aes_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ memset(ctx->cipher_data, 0, sizeof(AES_KEY));
+ return 1;
+}
+
+const EVP_CIPHER *
+EVP_aes_128_cbc(void)
+{
+ static const EVP_CIPHER aes_128_cbc = {
+ 0,
+ 16,
+ 16,
+ 16,
+ EVP_CIPH_CBC_MODE,
+ aes_init,
+ aes_do_cipher,
+ aes_cleanup,
+ sizeof(AES_KEY),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ };
+ return &aes_128_cbc;
+}
+
+const EVP_CIPHER *
+EVP_aes_192_cbc(void)
+{
+ static const EVP_CIPHER aes_192_cbc = {
+ 0,
+ 16,
+ 24,
+ 16,
+ EVP_CIPH_CBC_MODE,
+ aes_init,
+ aes_do_cipher,
+ aes_cleanup,
+ sizeof(AES_KEY),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ };
+ return &aes_192_cbc;
+}
+
+
+const EVP_CIPHER *
+EVP_aes_256_cbc(void)
+{
+ static const EVP_CIPHER aes_256_cbc = {
+ 0,
+ 16,
+ 32,
+ 16,
+ EVP_CIPH_CBC_MODE,
+ aes_init,
+ aes_do_cipher,
+ aes_cleanup,
+ sizeof(AES_KEY),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ };
+ return &aes_256_cbc;
+}
diff --git a/source4/heimdal/lib/des/evp.h b/source4/heimdal/lib/des/evp.h
new file mode 100644
index 0000000000..a04f17aabf
--- /dev/null
+++ b/source4/heimdal/lib/des/evp.h
@@ -0,0 +1,231 @@
+/*
+ * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: evp.h,v 1.3 2006/02/28 14:17:25 lha Exp $ */
+
+#ifndef HEIM_EVP_H
+#define HEIM_EVP_H 1
+
+#include <hcrypto/engine.h>
+
+/* symbol renaming */
+#define EVP_CIPHER_CTX_block_size hc_EVP_CIPHER_CTX_block_size
+#define EVP_CIPHER_CTX_cipher hc_EVP_CIPHER_CTX_cipher
+#define EVP_CIPHER_CTX_cleanup hc_EVP_CIPHER_CTX_cleanup
+#define EVP_CIPHER_CTX_flags hc_EVP_CIPHER_CTX_flags
+#define EVP_CIPHER_CTX_get_app_data hc_EVP_CIPHER_CTX_get_app_data
+#define EVP_CIPHER_CTX_init hc_EVP_CIPHER_CTX_init
+#define EVP_CIPHER_CTX_iv_length hc_EVP_CIPHER_CTX_iv_length
+#define EVP_CIPHER_CTX_key_length hc_EVP_CIPHER_CTX_key_length
+#define EVP_CIPHER_CTX_mode hc_EVP_CIPHER_CTX_mode
+#define EVP_CIPHER_CTX_set_app_data hc_EVP_CIPHER_CTX_set_app_data
+#define EVP_CIPHER_CTX_set_key_length hc_EVP_CIPHER_CTX_set_key_length
+#define EVP_CIPHER_CTX_set_padding hc_EVP_CIPHER_CTX_set_padding
+#define EVP_CIPHER_block_size hc_EVP_CIPHER_block_size
+#define EVP_CIPHER_iv_length hc_EVP_CIPHER_iv_length
+#define EVP_CIPHER_key_length hc_EVP_CIPHER_key_length
+#define EVP_Cipher hc_EVP_Cipher
+#define EVP_CipherInit_ex hc_EVP_CipherInit_ex
+#define EVP_Digest hc_EVP_Digest
+#define EVP_DigestFinal_ex hc_EVP_DigestFinal_ex
+#define EVP_DigestInit_ex hc_EVP_DigestInit_ex
+#define EVP_DigestUpdate hc_EVP_DigestUpdate
+#define EVP_MD_CTX_block_size hc_EVP_MD_CTX_block_size
+#define EVP_MD_CTX_cleanup hc_EVP_MD_CTX_cleanup
+#define EVP_MD_CTX_create hc_EVP_MD_CTX_create
+#define EVP_MD_CTX_init hc_EVP_MD_CTX_init
+#define EVP_MD_CTX_destroy hc_EVP_MD_CTX_destroy
+#define EVP_MD_CTX_md hc_EVP_MD_CTX_md
+#define EVP_MD_CTX_size hc_EVP_MD_CTX_size
+#define EVP_MD_block_size hc_EVP_MD_block_size
+#define EVP_MD_size hc_EVP_MD_size
+#define EVP_aes_128_cbc hc_EVP_aes_128_cbc
+#define EVP_aes_192_cbc hc_EVP_aes_192_cbc
+#define EVP_aes_256_cbc hc_EVP_aes_256_cbc
+#define EVP_des_ede3_cbc hc_EVP_des_ede3_cbc
+#define EVP_enc_null hc_EVP_enc_null
+#define EVP_md2 hc_EVP_md2
+#define EVP_md4 hc_EVP_md4
+#define EVP_md5 hc_EVP_md5
+#define EVP_md_null hc_EVP_md_null
+#define EVP_rc2_40_cbc hc_EVP_rc2_40_cbc
+#define EVP_rc2_cbc hc_EVP_rc2_cbc
+#define EVP_rc4 hc_EVP_rc4
+#define EVP_rc4_40 hc_EVP_rc4_40
+#define EVP_sha hc_EVP_sha
+#define EVP_sha1 hc_EVP_sha1
+#define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1
+
+/*
+ *
+ */
+
+typedef struct hc_EVP_MD_CTX EVP_MD_CTX;
+typedef struct hc_evp_pkey EVP_PKEY;
+typedef struct hc_evp_md EVP_MD;
+typedef struct hc_CIPHER EVP_CIPHER;
+typedef struct hc_CIPHER_CTX EVP_CIPHER_CTX;
+
+#define EVP_MAX_IV_LENGTH 16
+#define EVP_MAX_BLOCK_LENGTH 32
+
+#define EVP_MAX_MD_SIZE 64
+
+struct hc_CIPHER {
+ int nid;
+ int block_size;
+ int key_len;
+ int iv_len;
+ unsigned long flags;
+ /* The lowest 3 bits is used as integer field for the mode the
+ * cipher is used in (use EVP_CIPHER.._mode() to extract the
+ * mode). The rest of the flag field is a bitfield.
+ */
+#define EVP_CIPH_CBC_MODE 2
+#define EVP_CIPH_MODE 0x7
+
+#define EVP_CIPH_ALWAYS_CALL_INIT 0x20
+
+ int (*init)(EVP_CIPHER_CTX*,const unsigned char*,const unsigned char*,int);
+ int (*do_cipher)(EVP_CIPHER_CTX *, unsigned char *,
+ const unsigned char *, unsigned int);
+ int (*cleanup)(EVP_CIPHER_CTX *);
+ int ctx_size;
+ void *set_asn1_parameters;
+ void *get_asn1_parameters;
+ void *ctrl;
+ void *app_data;
+};
+
+struct hc_CIPHER_CTX {
+ const EVP_CIPHER *cipher;
+ ENGINE *engine;
+ int encrypt;
+ int buf_len;
+ unsigned char oiv[EVP_MAX_IV_LENGTH];
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char buf[EVP_MAX_BLOCK_LENGTH];
+ int num;
+ void *app_data;
+ int key_len;
+ unsigned long flags;
+ void *cipher_data;
+ int final_used;
+ int block_mask;
+ unsigned char final[EVP_MAX_BLOCK_LENGTH];
+};
+
+struct hc_EVP_MD_CTX {
+ const EVP_MD *md;
+ ENGINE *engine;
+ void *ptr;
+};
+
+/*
+ * Avaible crypto algs
+ */
+
+const EVP_MD *EVP_md_null(void);
+const EVP_MD *EVP_md2(void);
+const EVP_MD *EVP_md4(void);
+const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_sha(void);
+const EVP_MD *EVP_sha1(void);
+
+const EVP_CIPHER * EVP_aes_128_cbc(void);
+const EVP_CIPHER * EVP_aes_192_cbc(void);
+const EVP_CIPHER * EVP_aes_256_cbc(void);
+const EVP_CIPHER * EVP_des_ede3_cbc(void);
+const EVP_CIPHER * EVP_enc_null(void);
+const EVP_CIPHER * EVP_rc2_40_cbc(void);
+const EVP_CIPHER * EVP_rc2_cbc(void);
+const EVP_CIPHER * EVP_rc4(void);
+const EVP_CIPHER * EVP_rc4_40(void);
+
+/*
+ *
+ */
+
+size_t EVP_MD_size(const EVP_MD *);
+size_t EVP_MD_block_size(const EVP_MD *);
+
+const EVP_MD *
+ EVP_MD_CTX_md(EVP_MD_CTX *);
+size_t EVP_MD_CTX_size(EVP_MD_CTX *);
+size_t EVP_MD_CTX_block_size(EVP_MD_CTX *);
+
+EVP_MD_CTX *
+ EVP_MD_CTX_create(void);
+void EVP_MD_CTX_init(EVP_MD_CTX *);
+void EVP_MD_CTX_destroy(EVP_MD_CTX *);
+int EVP_MD_CTX_cleanup(EVP_MD_CTX *);
+
+int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *);
+int EVP_DigestUpdate(EVP_MD_CTX *,const void *, size_t);
+int EVP_DigestFinal_ex(EVP_MD_CTX *, void *, unsigned int *);
+int EVP_Digest(const void *, size_t, void *, unsigned int *,
+ const EVP_MD *, ENGINE *);
+/*
+ *
+ */
+
+size_t EVP_CIPHER_block_size(const EVP_CIPHER *);
+size_t EVP_CIPHER_key_length(const EVP_CIPHER *);
+size_t EVP_CIPHER_iv_length(const EVP_CIPHER *);
+
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *);
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int);
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *, int);
+unsigned long
+ EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *);
+int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *);
+
+const EVP_CIPHER *
+ EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *);
+size_t EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *);
+size_t EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *);
+size_t EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *);
+void * EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *);
+void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *, void *);
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *,const EVP_CIPHER *, ENGINE *,
+ const void *, const void *, int);
+
+int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t);
+
+int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t,
+ unsigned long, size_t, void *);
+
+
+#endif /* HEIM_EVP_H */
diff --git a/source4/heimdal/lib/des/hcrypto b/source4/heimdal/lib/des/hcrypto
new file mode 120000
index 0000000000..023d458e1d
--- /dev/null
+++ b/source4/heimdal/lib/des/hcrypto
@@ -0,0 +1 @@
+./../des \ No newline at end of file
diff --git a/source4/heimdal/lib/des/hmac.c b/source4/heimdal/lib/des/hmac.c
new file mode 100644
index 0000000000..1d323b3725
--- /dev/null
+++ b/source4/heimdal/lib/des/hmac.c
@@ -0,0 +1,119 @@
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <hmac.h>
+
+void
+HMAC_CTX_init(HMAC_CTX *ctx)
+{
+ memset(ctx, 0, sizeof(*ctx));
+}
+
+void
+HMAC_CTX_cleanup(HMAC_CTX *ctx)
+{
+ if (ctx->buf) {
+ memset(ctx->buf, 0, ctx->key_length);
+ free(ctx->buf);
+ ctx->buf = NULL;
+ }
+ if (ctx->opad) {
+ memset(ctx->ipad, 0, ctx->key_length);
+ free(ctx->opad);
+ ctx->opad = NULL;
+ }
+ if (ctx->ipad) {
+ memset(ctx->ipad, 0, ctx->key_length);
+ free(ctx->ipad);
+ ctx->ipad = NULL;
+ }
+ EVP_MD_CTX_cleanup(ctx->ctx);
+}
+
+size_t
+HMAC_size(const HMAC_CTX *ctx)
+{
+ return EVP_MD_size(ctx->md);
+}
+
+void
+HMAC_Init_ex(HMAC_CTX *ctx,
+ const void *key,
+ size_t keylen,
+ const EVP_MD *md,
+ ENGINE *engine)
+{
+ unsigned char *p;
+ size_t i;
+
+ if (ctx->md != md) {
+ ctx->md = md;
+ if (ctx->buf)
+ free (ctx->buf);
+ ctx->key_length = EVP_MD_size(ctx->md);
+ ctx->buf = malloc(ctx->key_length);
+ }
+#if 0
+ ctx->engine = engine;
+#endif
+
+ if (keylen > EVP_MD_block_size(ctx->md)) {
+ EVP_Digest(key, keylen, ctx->buf, NULL, ctx->md, engine);
+ key = ctx->buf;
+ keylen = EVP_MD_size(ctx->md);
+ }
+
+ if (ctx->opad)
+ free(ctx->opad);
+ if (ctx->ipad)
+ free(ctx->ipad);
+
+ ctx->opad = malloc(EVP_MD_block_size(ctx->md));
+ ctx->ipad = malloc(EVP_MD_block_size(ctx->md));
+ memset(ctx->ipad, 0x36, EVP_MD_block_size(ctx->md));
+ memset(ctx->opad, 0x5c, EVP_MD_block_size(ctx->md));
+
+ for (i = 0, p = ctx->ipad; i < keylen; i++)
+ p[i] ^= ((const unsigned char *)key)[i];
+ for (i = 0, p = ctx->opad; i < keylen; i++)
+ p[i] ^= ((const unsigned char *)key)[i];
+
+ ctx->ctx = EVP_MD_CTX_create();
+
+ EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine);
+ EVP_DigestUpdate(ctx->ctx, ctx->ipad, EVP_MD_block_size(ctx->md));
+}
+
+void
+HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len)
+{
+ EVP_DigestUpdate(ctx->ctx, data, len);
+}
+
+void
+HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len)
+{
+ EVP_DigestFinal_ex(ctx->ctx, ctx->buf, NULL);
+
+ EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine);
+ EVP_DigestUpdate(ctx->ctx, ctx->opad, EVP_MD_block_size(ctx->md));
+ EVP_DigestUpdate(ctx->ctx, ctx->buf, ctx->key_length);
+ EVP_DigestFinal_ex(ctx->ctx, md, len);
+}
+
+void *
+HMAC(const EVP_MD *md,
+ const void *key, size_t key_size,
+ const void *data, size_t data_size,
+ void *hash, unsigned int *hash_len)
+{
+ HMAC_CTX ctx;
+
+ HMAC_CTX_init(&ctx);
+ HMAC_Init_ex(&ctx, key, key_size, md, NULL);
+ HMAC_Update(&ctx, data, data_size);
+ HMAC_Final(&ctx, hash, hash_len);
+ HMAC_CTX_cleanup(&ctx);
+ return hash;
+}
diff --git a/source4/heimdal/lib/des/hmac.h b/source4/heimdal/lib/des/hmac.h
new file mode 100644
index 0000000000..a72ab574e7
--- /dev/null
+++ b/source4/heimdal/lib/des/hmac.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: hmac.h,v 1.3 2006/01/13 15:26:52 lha Exp $ */
+
+#ifndef HEIM_HMAC_H
+#define HEIM_HMAC_H 1
+
+#include <hcrypto/evp.h>
+
+/* symbol renaming */
+#define HMAC_CTX_init hc_HMAC_CTX_init
+#define HMAC_CTX_cleanup hc_HMAC_CTX_cleanup
+#define HMAC_size hc_HMAC_size
+#define HMAC_Init_ex hc_HMAC_Init_ex
+#define HMAC_Update hc_HMAC_Update
+#define HMAC_Final hc_HMAC_Final
+#define HMAC hc_HMAC
+
+/*
+ *
+ */
+
+#define HMAC_MAX_MD_CBLOCK 64
+
+typedef struct hc_HMAC_CTX HMAC_CTX;
+
+struct hc_HMAC_CTX {
+ const EVP_MD *md;
+ ENGINE *engine;
+ EVP_MD_CTX *ctx;
+ size_t key_length;
+ void *opad;
+ void *ipad;
+ void *buf;
+};
+
+
+void HMAC_CTX_init(HMAC_CTX *);
+void HMAC_CTX_cleanup(HMAC_CTX *ctx);
+
+size_t HMAC_size(const HMAC_CTX *ctx);
+
+void HMAC_Init_ex(HMAC_CTX *, const void *, size_t,
+ const EVP_MD *, ENGINE *);
+void HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len);
+void HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len);
+
+void * HMAC(const EVP_MD *evp_md, const void *key, size_t key_len,
+ const void *data, size_t n, void *md, unsigned int *md_len);
+
+#endif /* HEIM_HMAC_H */
diff --git a/source4/heimdal/lib/des/md2.c b/source4/heimdal/lib/des/md2.c
new file mode 100644
index 0000000000..91d7afd125
--- /dev/null
+++ b/source4/heimdal/lib/des/md2.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+
+RCSID("$Id: md2.c,v 1.1 2006/01/08 21:47:28 lha Exp $");
+#endif
+
+#include "hash.h"
+#include "md2.h"
+
+static const unsigned char subst[256] = {
+ 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
+ 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
+ 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
+ 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
+ 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
+ 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
+ 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
+ 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
+ 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
+ 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
+ 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
+ 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
+ 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
+ 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
+ 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
+ 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
+ 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
+ 31, 26, 219, 153, 141, 51, 159, 17, 131, 20
+};
+
+void
+MD2_Init (struct md2 *m)
+{
+ memset(m, 0, sizeof(*m));
+}
+
+static void
+calc(struct md2 *m, const void *v)
+{
+ unsigned char x[48], L;
+ const unsigned char *p = v;
+ int i, j, t;
+
+ L = m->checksum[15];
+ for (i = 0; i < 16; i++)
+ L = m->checksum[i] ^= subst[p[i] ^ L];
+
+ for (i = 0; i < 16; i++) {
+ x[i] = m->state[i];
+ x[i + 16] = p[i];
+ x[i + 32] = x[i] ^ p[i];
+ }
+
+ t = 0;
+ for (i = 0; i < 18; i++) {
+ for (j = 0; j < 48; j++)
+ t = x[j] ^= subst[t];
+ t = (t + i) & 0xff;
+ }
+
+ memcpy(m->state, x, 16);
+ memset(x, 0, sizeof(x));
+}
+
+void
+MD2_Update (struct md2 *m, const void *v, size_t len)
+{
+ size_t idx = m->len & 0xf;
+ const unsigned char *p = v;
+
+ m->len += len;
+ if (len + idx >= 16) {
+ if (idx) {
+ memcpy(m->data + idx, p, 16 - idx);
+ calc(m, m->data);
+ p += 16;
+ len -= 16 - idx;
+ }
+ while (len >= 16) {
+ calc(m, p);
+ p += 16;
+ len -= 16;
+ }
+ idx = 0;
+ }
+
+ memcpy(m->data + idx, p, len);
+}
+
+void
+MD2_Final (void *res, struct md2 *m)
+{
+ unsigned char pad[16];
+ size_t padlen;
+
+ padlen = 16 - (m->len % 16);
+ memset(pad, padlen, padlen);
+
+ MD2_Update(m, pad, padlen);
+ memcpy(pad, m->checksum, 16);
+ MD2_Update(m, pad, 16);
+
+ memcpy(res, m->state, MD2_DIGEST_LENGTH);
+ memset(m, 0, sizeof(m));
+}
diff --git a/source4/heimdal/lib/des/md2.h b/source4/heimdal/lib/des/md2.h
new file mode 100644
index 0000000000..f305d943aa
--- /dev/null
+++ b/source4/heimdal/lib/des/md2.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: md2.h,v 1.1 2006/01/08 21:47:28 lha Exp $ */
+
+#ifndef HEIM_MD2_H
+#define HEIM_MD2_H 1
+
+/* symbol renaming */
+#define MD2_Init hc_MD2_Init
+#define MD2_Update hc_MD2_Update
+#define MD2_Final hc_MD2_Final
+
+/*
+ *
+ */
+
+#define MD2_DIGEST_LENGTH 16
+
+struct md2 {
+ size_t len;
+ unsigned char data[16]; /* stored unalligned data between Update's */
+ unsigned char checksum[16];
+ unsigned char state[16]; /* lower 16 bytes of X */
+};
+
+typedef struct md2 MD2_CTX;
+
+void MD2_Init (struct md2 *m);
+void MD2_Update (struct md2 *m, const void *p, size_t len);
+void MD2_Final (void *res, struct md2 *m);
+
+#endif /* HEIM_MD2_H */
diff --git a/source4/heimdal/lib/des/md4.h b/source4/heimdal/lib/des/md4.h
index 92147c8489..79055e0fb0 100644
--- a/source4/heimdal/lib/des/md4.h
+++ b/source4/heimdal/lib/des/md4.h
@@ -31,11 +31,22 @@
* SUCH DAMAGE.
*/
-/* $Id: md4.h,v 1.9 2005/04/10 19:12:38 lha Exp $ */
+/* $Id: md4.h,v 1.10 2006/01/08 21:47:28 lha Exp $ */
#ifndef HEIM_MD4_H
#define HEIM_MD4_H 1
+/* symbol renaming */
+#define MD4_Init hc_MD4_Init
+#define MD4_Update hc_MD4_Update
+#define MD4_Final hc_MD4_Final
+
+/*
+ *
+ */
+
+#define MD4_DIGEST_LENGTH 16
+
struct md4 {
unsigned int sz[2];
u_int32_t counter[4];
diff --git a/source4/heimdal/lib/des/md5.h b/source4/heimdal/lib/des/md5.h
index c0463e02d7..534bc9917e 100644
--- a/source4/heimdal/lib/des/md5.h
+++ b/source4/heimdal/lib/des/md5.h
@@ -31,11 +31,22 @@
* SUCH DAMAGE.
*/
-/* $Id: md5.h,v 1.9 2005/04/10 19:14:34 lha Exp $ */
+/* $Id: md5.h,v 1.10 2006/01/08 21:47:28 lha Exp $ */
#ifndef HEIM_MD5_H
#define HEIM_MD5_H 1
+/* symbol renaming */
+#define MD5_Init hc_MD5_Init
+#define MD5_Update hc_MD5_Update
+#define MD5_Final hc_MD5_Final
+
+/*
+ *
+ */
+
+#define MD5_DIGEST_LENGTH 16
+
struct md5 {
unsigned int sz[2];
u_int32_t counter[4];
diff --git a/source4/heimdal/lib/des/pkcs12.h b/source4/heimdal/lib/des/pkcs12.h
new file mode 100644
index 0000000000..b55f1fced5
--- /dev/null
+++ b/source4/heimdal/lib/des/pkcs12.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: pkcs12.h,v 1.2 2006/01/13 15:26:52 lha Exp $
+ */
+
+#ifndef _HEIM_PKCS12_H
+#define _HEIM_PKCS12_H 1
+
+/* symbol renaming */
+#define PKCS12_key_gen hc_PKCS12_key_gen
+
+/*
+ *
+ */
+
+#include <hcrypto/evp.h>
+
+#define PKCS12_KEY_ID 1
+#define PKCS12_IV_ID 2
+
+int PKCS12_key_gen(const void *, size_t, const void *,
+ size_t, int, int, size_t, void *, const EVP_MD *);
+
+
+#endif /* _HEIM_PKCS12_H */
diff --git a/source4/heimdal/lib/des/pkcs5.c b/source4/heimdal/lib/des/pkcs5.c
new file mode 100644
index 0000000000..4bfc313741
--- /dev/null
+++ b/source4/heimdal/lib/des/pkcs5.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: pkcs5.c,v 1.1 2006/02/28 14:16:57 lha Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <evp.h>
+#include <hmac.h>
+
+#include <roken.h>
+
+int
+PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len,
+ const void * salt, size_t salt_len,
+ unsigned long iter,
+ size_t keylen, void *key)
+{
+ size_t datalen, leftofkey, checksumsize;
+ char *data, *tmpcksum;
+ u_int32_t keypart;
+ const EVP_MD *md;
+ unsigned long i;
+ int j;
+ char *p;
+ unsigned int hmacsize;
+
+ md = EVP_sha1();
+ checksumsize = EVP_MD_size(md);
+ datalen = salt_len + 4;
+
+ tmpcksum = malloc(checksumsize + datalen);
+ if (tmpcksum == NULL)
+ return 0;
+
+ data = &tmpcksum[checksumsize];
+
+ memcpy(data, salt, salt_len);
+
+ keypart = 1;
+ leftofkey = keylen;
+ p = key;
+
+ while (leftofkey) {
+ int len;
+
+ if (leftofkey > checksumsize)
+ len = checksumsize;
+ else
+ len = leftofkey;
+
+ data[datalen - 4] = (keypart >> 24) & 0xff;
+ data[datalen - 3] = (keypart >> 16) & 0xff;
+ data[datalen - 2] = (keypart >> 8) & 0xff;
+ data[datalen - 1] = (keypart) & 0xff;
+
+ HMAC(md, password, password_len, data, datalen,
+ tmpcksum, &hmacsize);
+
+ memcpy(p, tmpcksum, len);
+ for (i = 1; i < iter; i++) {
+ HMAC(md, password, password_len, tmpcksum, checksumsize,
+ tmpcksum, &hmacsize);
+
+ for (j = 0; j < len; j++)
+ p[j] ^= tmpcksum[j];
+ }
+
+ p += len;
+ leftofkey -= len;
+ keypart++;
+ }
+
+ free(tmpcksum);
+
+ return 1;
+}
diff --git a/source4/heimdal/lib/des/rand.h b/source4/heimdal/lib/des/rand.h
new file mode 100644
index 0000000000..514fe0ced4
--- /dev/null
+++ b/source4/heimdal/lib/des/rand.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: rand.h,v 1.2 2006/01/13 15:26:52 lha Exp $
+ */
+
+#ifndef _HEIM_RAND_H
+#define _HEIM_RAND_H 1
+
+#include <hcrypto/bn.h>
+
+/* symbol renaming */
+#define RAND_bytes hc_RAND_bytes
+#define RAND_pseudo_bytes hc_RAND_pseudo_bytes
+
+/*
+ *
+ */
+
+int RAND_bytes(void *, size_t num);
+int RAND_pseudo_bytes(void *, size_t);
+
+#endif /* _HEIM_RAND_H */
diff --git a/source4/heimdal/lib/des/rc2.h b/source4/heimdal/lib/des/rc2.h
index 3ff44dca01..b2cd50b880 100755
--- a/source4/heimdal/lib/des/rc2.h
+++ b/source4/heimdal/lib/des/rc2.h
@@ -31,7 +31,17 @@
* SUCH DAMAGE.
*/
-/* $Id: rc2.h,v 1.1 2004/04/23 19:23:00 lha Exp $ */
+/* $Id: rc2.h,v 1.2 2006/01/08 21:47:29 lha Exp $ */
+
+/* symbol renaming */
+#define RC2_set_key hc_RC2_set_key
+#define RC2_encryptc hc_RC2_encryptc
+#define RC2_decryptc hc_RC2_decryptc
+#define RC2_cbc_encrypt hc_RC2_cbc_encrypt
+
+/*
+ *
+ */
#define RC2_ENCRYPT 1
#define RC2_DECRYPT 0
diff --git a/source4/heimdal/lib/des/rc4.h b/source4/heimdal/lib/des/rc4.h
index a39e79f236..3c359dc72a 100644
--- a/source4/heimdal/lib/des/rc4.h
+++ b/source4/heimdal/lib/des/rc4.h
@@ -31,7 +31,11 @@
* SUCH DAMAGE.
*/
-/* $Id: rc4.h,v 1.3 2004/03/25 16:39:58 lha Exp $ */
+/* $Id: rc4.h,v 1.4 2006/01/08 21:47:29 lha Exp $ */
+
+/* symbol renaming */
+#define RC4_set_key hc_RC4_set_key
+#define RC4 hc_RC4
typedef struct rc4_key {
unsigned int x, y;
diff --git a/source4/heimdal/lib/des/rijndael-alg-fst.h b/source4/heimdal/lib/des/rijndael-alg-fst.h
index 028111094d..6b6e2a5cd3 100755
--- a/source4/heimdal/lib/des/rijndael-alg-fst.h
+++ b/source4/heimdal/lib/des/rijndael-alg-fst.h
@@ -28,6 +28,12 @@
#ifndef __RIJNDAEL_ALG_FST_H
#define __RIJNDAEL_ALG_FST_H
+/* symbol renaming */
+#define rijndaelKeySetupEnc _hc_rijndaelKeySetupEnc
+#define rijndaelKeySetupDec _hc_rijndaelKeySetupDec
+#define rijndaelEncrypt _hc_rijndaelEncrypt
+#define rijndaelDecrypt _hc_rijndaelDecrypt
+
#define RIJNDAEL_MAXKC (256/32)
#define RIJNDAEL_MAXKB (256/8)
#define RIJNDAEL_MAXNR 14
diff --git a/source4/heimdal/lib/des/rnd_keys.c b/source4/heimdal/lib/des/rnd_keys.c
index 63dddeb8ce..e27b00defa 100644
--- a/source4/heimdal/lib/des/rnd_keys.c
+++ b/source4/heimdal/lib/des/rnd_keys.c
@@ -34,7 +34,7 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
-RCSID("$Id: rnd_keys.c,v 1.69 2005/07/20 10:49:24 lha Exp $");
+RCSID("$Id: rnd_keys.c,v 1.70 2006/01/08 21:47:29 lha Exp $");
#endif
#ifdef KRB5
@@ -324,6 +324,8 @@ DES_generate_random_block(DES_cblock *block)
DES_rand_data((unsigned char *)block, sizeof(*block));
}
+#define DES_rand_data_key hc_DES_rand_data_key
+
void
DES_rand_data_key(DES_cblock *key);
@@ -353,6 +355,9 @@ DES_rand_data_key(DES_cblock *key)
* It's neccessary to be root to run it. Returns -1 if there were any
* problems with permissions.
*/
+
+#define DES_mem_rand8 hc_DES_mem_rand8
+
int
DES_mem_rand8(unsigned char *data);
diff --git a/source4/heimdal/lib/des/rsa.h b/source4/heimdal/lib/des/rsa.h
new file mode 100644
index 0000000000..da9d2ea4b1
--- /dev/null
+++ b/source4/heimdal/lib/des/rsa.h
@@ -0,0 +1,164 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: rsa.h,v 1.2 2006/01/13 15:26:52 lha Exp $
+ */
+
+#ifndef _HEIM_RSA_H
+#define _HEIM_RSA_H 1
+
+/* symbol renaming */
+#define RSA_null_method hc_RSA_null_method
+#define RSA_new hc_RSA_new
+#define RSA_new_method hc_RSA_new_method
+#define RSA_free hc_RSA_free
+#define RSA_up_ref hc_RSA_up_ref
+#define RSA_set_default_method hc_RSA_set_default_method
+#define RSA_get_default_method hc_RSA_get_default_method
+#define RSA_set_method hc_RSA_set_method
+#define RSA_get_method hc_RSA_get_method
+#define RSA_set_app_data hc_RSA_set_app_data
+#define RSA_get_app_data hc_RSA_get_app_data
+#define RSA_check_key hc_RSA_check_key
+#define RSA_size hc_RSA_size
+#define RSA_public_encrypt hc_RSA_public_encrypt
+#define RSA_public_decrypt hc_RSA_public_decrypt
+#define RSA_private_encrypt hc_RSA_private_encrypt
+#define RSA_private_decrypt hc_RSA_private_decrypt
+#define RSA_sign hc_RSA_sign
+#define RSA_verify hc_RSA_verify
+#define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey
+
+/*
+ *
+ */
+
+typedef struct RSA RSA;
+typedef struct RSA_METHOD RSA_METHOD;
+
+#include <hcrypto/bn.h>
+#include <hcrypto/engine.h>
+
+struct RSA_METHOD {
+ const char *name;
+ int (*rsa_pub_enc)(int,const unsigned char *, unsigned char *, RSA *,int);
+ int (*rsa_pub_dec)(int,const unsigned char *, unsigned char *, RSA *,int);
+ int (*rsa_priv_enc)(int,const unsigned char *, unsigned char *, RSA *,int);
+ int (*rsa_priv_dec)(int,const unsigned char *, unsigned char *, RSA *,int);
+ void *rsa_mod_exp;
+ void *bn_mod_exp;
+ int (*init)(RSA *rsa);
+ int (*finish)(RSA *rsa);
+ int flags;
+ char *app_data;
+ int (*rsa_sign)(int, const unsigned char *, unsigned int,
+ unsigned char *, unsigned int *, const RSA *);
+ int (*rsa_verify)(int, const unsigned char *, unsigned int,
+ unsigned char *, unsigned int, const RSA *);
+ int (*rsa_keygen)(RSA *, int, BIGNUM *, BN_GENCB *);
+};
+
+struct RSA {
+ int pad;
+ long version;
+ const RSA_METHOD *meth;
+ void *engine;
+ BIGNUM *n;
+ BIGNUM *e;
+ BIGNUM *d;
+ BIGNUM *p;
+ BIGNUM *q;
+ BIGNUM *dmp1;
+ BIGNUM *dmq1;
+ BIGNUM *iqmp;
+ struct rsa_CRYPTO_EX_DATA {
+ void *sk;
+ int dummy;
+ } ex_data;
+ int references;
+ int flags;
+ void *_method_mod_n;
+ void *_method_mod_p;
+ void *_method_mod_q;
+
+ char *bignum_data;
+ void *blinding;
+ void *mt_blinding;
+};
+
+#define RSA_FLAG_SIGN_VER 0x40
+
+#define RSA_PKCS1_PADDING 1
+#define RSA_PKCS1_PADDING_SIZE 11
+
+/*
+ *
+ */
+
+const RSA_METHOD *RSA_null_method(void);
+
+/*
+ *
+ */
+
+RSA * RSA_new(void);
+RSA * RSA_new_method(ENGINE *);
+void RSA_free(RSA *);
+int RSA_up_ref(RSA *);
+
+void RSA_set_default_method(const RSA_METHOD *);
+const RSA_METHOD * RSA_get_default_method(void);
+
+const RSA_METHOD * RSA_get_method(const RSA *);
+int RSA_set_method(RSA *, const RSA_METHOD *);
+
+int RSA_set_app_data(RSA *, void *arg);
+void * RSA_get_app_data(RSA *);
+
+int RSA_check_key(const RSA *);
+int RSA_size(const RSA *);
+
+int RSA_public_encrypt(int,const unsigned char*,unsigned char*,RSA *,int);
+int RSA_private_encrypt(int,const unsigned char*,unsigned char*,RSA *,int);
+int RSA_public_decrypt(int,const unsigned char*,unsigned char*,RSA *,int);
+int RSA_private_decrypt(int,const unsigned char*,unsigned char*,RSA *,int);
+
+int RSA_sign(int, const unsigned char *, unsigned int,
+ unsigned char *, unsigned int *, RSA *);
+int RSA_verify(int, const unsigned char *, unsigned int,
+ unsigned char *, unsigned int, RSA *);
+
+RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t);
+
+#endif /* _HEIM_RSA_H */
diff --git a/source4/heimdal/lib/des/sha.h b/source4/heimdal/lib/des/sha.h
index 77d84fbe6f..4657fad51f 100644
--- a/source4/heimdal/lib/des/sha.h
+++ b/source4/heimdal/lib/des/sha.h
@@ -31,11 +31,22 @@
* SUCH DAMAGE.
*/
-/* $Id: sha.h,v 1.8 2005/04/10 19:18:13 lha Exp $ */
+/* $Id: sha.h,v 1.9 2006/01/08 21:47:29 lha Exp $ */
#ifndef HEIM_SHA_H
#define HEIM_SHA_H 1
+/* symbol renaming */
+#define SHA1_Init hc_SHA1_Init
+#define SHA1_Update hc_SHA1_Update
+#define SHA1_Final hc_SHA1_Final
+
+/*
+ *
+ */
+
+#define SHA_DIGEST_LENGTH 20
+
struct sha {
unsigned int sz[2];
u_int32_t counter[5];
diff --git a/source4/heimdal/lib/des/ui.c b/source4/heimdal/lib/des/ui.c
index 92538735c4..276367e186 100644
--- a/source4/heimdal/lib/des/ui.c
+++ b/source4/heimdal/lib/des/ui.c
@@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: ui.c,v 1.4 2005/04/30 14:10:18 lha Exp $");
+RCSID("$Id: ui.c,v 1.5 2006/01/08 21:47:29 lha Exp $");
#endif
#include <stdio.h>
@@ -43,7 +43,7 @@ RCSID("$Id: ui.c,v 1.4 2005/04/30 14:10:18 lha Exp $");
#include <termios.h>
#include <roken.h>
-#include <des.h>
+#include <ui.h>
static sig_atomic_t intr_flag;
diff --git a/source4/heimdal/lib/des/ui.h b/source4/heimdal/lib/des/ui.h
new file mode 100644
index 0000000000..d6e68e12cc
--- /dev/null
+++ b/source4/heimdal/lib/des/ui.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: ui.h,v 1.1 2006/01/08 21:47:29 lha Exp $ */
+
+#ifndef _HEIM_UI_H
+#define _HEIM_UI_H 1
+
+/* symbol renaming */
+#define UI_UTIL_read_pw_string hc_UI_UTIL_read_pw_string
+
+int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */
+
+#endif /* _HEIM_UI_H */
+
diff --git a/source4/heimdal/lib/gssapi/delete_sec_context.c b/source4/heimdal/lib/gssapi/delete_sec_context.c
index 301197aa4c..f1842def7c 100644
--- a/source4/heimdal/lib/gssapi/delete_sec_context.c
+++ b/source4/heimdal/lib/gssapi/delete_sec_context.c
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: delete_sec_context.c,v 1.15 2005/04/27 17:48:17 lha Exp $");
+RCSID("$Id: delete_sec_context.c,v 1.16 2006/01/16 13:12:29 lha Exp $");
OM_uint32 gss_delete_sec_context
(OM_uint32 * minor_status,
@@ -43,11 +43,16 @@ OM_uint32 gss_delete_sec_context
{
GSSAPI_KRB5_INIT ();
+ *minor_status = 0;
+
if (output_token) {
output_token->length = 0;
output_token->value = NULL;
}
+ if (*context_handle == GSS_C_NO_CONTEXT)
+ return GSS_S_COMPLETE;
+
HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex);
krb5_auth_con_free (gssapi_krb5_context,
@@ -74,6 +79,5 @@ OM_uint32 gss_delete_sec_context
memset(*context_handle, 0, sizeof(**context_handle));
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
- *minor_status = 0;
return GSS_S_COMPLETE;
}
diff --git a/source4/heimdal/lib/gssapi/import_name.c b/source4/heimdal/lib/gssapi/import_name.c
index 423e757146..d393aa1a51 100644
--- a/source4/heimdal/lib/gssapi/import_name.c
+++ b/source4/heimdal/lib/gssapi/import_name.c
@@ -33,7 +33,7 @@
#include "gssapi_locl.h"
-RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $");
+RCSID("$Id: import_name.c,v 1.14 2006/02/15 11:59:10 lha Exp $");
static OM_uint32
parse_krb5_name (OM_uint32 *minor_status,
@@ -207,7 +207,8 @@ OM_uint32 gss_import_name
*minor_status = 0;
*output_name = GSS_C_NO_NAME;
- if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
+ if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) ||
+ gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X))
return import_hostbased_name (minor_status,
input_name_buffer,
output_name);
diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c
index d07a4d2599..e5be6cf149 100644
--- a/source4/heimdal/lib/gssapi/wrap.c
+++ b/source4/heimdal/lib/gssapi/wrap.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h
index 67e19f7e4a..3cc7d2131a 100644
--- a/source4/heimdal/lib/hdb/hdb-protos.h
+++ b/source4/heimdal/lib/hdb/hdb-protos.h
@@ -8,317 +8,6 @@
extern "C" {
#endif
-unsigned
-HDBFlags2int (HDBFlags /*f*/);
-
-int
-copy_Event (
- const Event */*from*/,
- Event */*to*/);
-
-int
-copy_GENERATION (
- const GENERATION */*from*/,
- GENERATION */*to*/);
-
-int
-copy_HDBFlags (
- const HDBFlags */*from*/,
- HDBFlags */*to*/);
-
-int
-copy_HDB_Ext_Aliases (
- const HDB_Ext_Aliases */*from*/,
- HDB_Ext_Aliases */*to*/);
-
-int
-copy_HDB_Ext_Constrained_delegation_acl (
- const HDB_Ext_Constrained_delegation_acl */*from*/,
- HDB_Ext_Constrained_delegation_acl */*to*/);
-
-int
-copy_HDB_Ext_Lan_Manager_OWF (
- const HDB_Ext_Lan_Manager_OWF */*from*/,
- HDB_Ext_Lan_Manager_OWF */*to*/);
-
-int
-copy_HDB_Ext_PKINIT_acl (
- const HDB_Ext_PKINIT_acl */*from*/,
- HDB_Ext_PKINIT_acl */*to*/);
-
-int
-copy_HDB_Ext_PKINIT_certificate (
- const HDB_Ext_PKINIT_certificate */*from*/,
- HDB_Ext_PKINIT_certificate */*to*/);
-
-int
-copy_HDB_Ext_Password (
- const HDB_Ext_Password */*from*/,
- HDB_Ext_Password */*to*/);
-
-int
-copy_HDB_extension (
- const HDB_extension */*from*/,
- HDB_extension */*to*/);
-
-int
-copy_HDB_extensions (
- const HDB_extensions */*from*/,
- HDB_extensions */*to*/);
-
-int
-copy_Key (
- const Key */*from*/,
- Key */*to*/);
-
-int
-copy_Salt (
- const Salt */*from*/,
- Salt */*to*/);
-
-int
-copy_hdb_entry (
- const hdb_entry */*from*/,
- hdb_entry */*to*/);
-
-int
-decode_Event (
- const unsigned char */*p*/,
- size_t /*len*/,
- Event */*data*/,
- size_t */*size*/);
-
-int
-decode_GENERATION (
- const unsigned char */*p*/,
- size_t /*len*/,
- GENERATION */*data*/,
- size_t */*size*/);
-
-int
-decode_HDBFlags (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDBFlags */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_Aliases (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_Aliases */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_Constrained_delegation_acl (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_Constrained_delegation_acl */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_Lan_Manager_OWF (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_Lan_Manager_OWF */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_PKINIT_acl (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_PKINIT_acl */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_PKINIT_certificate (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_PKINIT_certificate */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_Ext_Password (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_Ext_Password */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_extension (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_extension */*data*/,
- size_t */*size*/);
-
-int
-decode_HDB_extensions (
- const unsigned char */*p*/,
- size_t /*len*/,
- HDB_extensions */*data*/,
- size_t */*size*/);
-
-int
-decode_Key (
- const unsigned char */*p*/,
- size_t /*len*/,
- Key */*data*/,
- size_t */*size*/);
-
-int
-decode_Salt (
- const unsigned char */*p*/,
- size_t /*len*/,
- Salt */*data*/,
- size_t */*size*/);
-
-int
-decode_hdb_entry (
- const unsigned char */*p*/,
- size_t /*len*/,
- hdb_entry */*data*/,
- size_t */*size*/);
-
-int
-encode_Event (
- unsigned char */*p*/,
- size_t /*len*/,
- const Event */*data*/,
- size_t */*size*/);
-
-int
-encode_GENERATION (
- unsigned char */*p*/,
- size_t /*len*/,
- const GENERATION */*data*/,
- size_t */*size*/);
-
-int
-encode_HDBFlags (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDBFlags */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_Aliases (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_Aliases */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_Constrained_delegation_acl (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_Constrained_delegation_acl */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_Lan_Manager_OWF (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_Lan_Manager_OWF */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_PKINIT_acl (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_PKINIT_acl */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_PKINIT_certificate (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_PKINIT_certificate */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_Ext_Password (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_Ext_Password */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_extension (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_extension */*data*/,
- size_t */*size*/);
-
-int
-encode_HDB_extensions (
- unsigned char */*p*/,
- size_t /*len*/,
- const HDB_extensions */*data*/,
- size_t */*size*/);
-
-int
-encode_Key (
- unsigned char */*p*/,
- size_t /*len*/,
- const Key */*data*/,
- size_t */*size*/);
-
-int
-encode_Salt (
- unsigned char */*p*/,
- size_t /*len*/,
- const Salt */*data*/,
- size_t */*size*/);
-
-int
-encode_hdb_entry (
- unsigned char */*p*/,
- size_t /*len*/,
- const hdb_entry */*data*/,
- size_t */*size*/);
-
-void
-free_Event (Event */*data*/);
-
-void
-free_GENERATION (GENERATION */*data*/);
-
-void
-free_HDBFlags (HDBFlags */*data*/);
-
-void
-free_HDB_Ext_Aliases (HDB_Ext_Aliases */*data*/);
-
-void
-free_HDB_Ext_Constrained_delegation_acl (HDB_Ext_Constrained_delegation_acl */*data*/);
-
-void
-free_HDB_Ext_Lan_Manager_OWF (HDB_Ext_Lan_Manager_OWF */*data*/);
-
-void
-free_HDB_Ext_PKINIT_acl (HDB_Ext_PKINIT_acl */*data*/);
-
-void
-free_HDB_Ext_PKINIT_certificate (HDB_Ext_PKINIT_certificate */*data*/);
-
-void
-free_HDB_Ext_Password (HDB_Ext_Password */*data*/);
-
-void
-free_HDB_extension (HDB_extension */*data*/);
-
-void
-free_HDB_extensions (HDB_extensions */*data*/);
-
-void
-free_Key (Key */*data*/);
-
-void
-free_Salt (Salt */*data*/);
-
-void
-free_hdb_entry (hdb_entry */*data*/);
-
krb5_error_code
hdb_add_master_key (
krb5_context /*context*/,
@@ -491,12 +180,6 @@ hdb_ldapi_create (
const char */*arg*/);
krb5_error_code
-hdb_ldb_create (
- krb5_context /*context*/,
- HDB ** /*db*/,
- const char */*arg*/);
-
-krb5_error_code
hdb_list_builtin (
krb5_context /*context*/,
char **/*list*/);
@@ -627,54 +310,6 @@ hdb_write_master_key (
const char */*filename*/,
hdb_master_key /*mkey*/);
-void
-initialize_hdb_error_table_r (struct et_list **/*list*/);
-
-HDBFlags
-int2HDBFlags (unsigned /*n*/);
-
-size_t
-length_Event (const Event */*data*/);
-
-size_t
-length_GENERATION (const GENERATION */*data*/);
-
-size_t
-length_HDBFlags (const HDBFlags */*data*/);
-
-size_t
-length_HDB_Ext_Aliases (const HDB_Ext_Aliases */*data*/);
-
-size_t
-length_HDB_Ext_Constrained_delegation_acl (const HDB_Ext_Constrained_delegation_acl */*data*/);
-
-size_t
-length_HDB_Ext_Lan_Manager_OWF (const HDB_Ext_Lan_Manager_OWF */*data*/);
-
-size_t
-length_HDB_Ext_PKINIT_acl (const HDB_Ext_PKINIT_acl */*data*/);
-
-size_t
-length_HDB_Ext_PKINIT_certificate (const HDB_Ext_PKINIT_certificate */*data*/);
-
-size_t
-length_HDB_Ext_Password (const HDB_Ext_Password */*data*/);
-
-size_t
-length_HDB_extension (const HDB_extension */*data*/);
-
-size_t
-length_HDB_extensions (const HDB_extensions */*data*/);
-
-size_t
-length_Key (const Key */*data*/);
-
-size_t
-length_Salt (const Salt */*data*/);
-
-size_t
-length_hdb_entry (const hdb_entry */*data*/);
-
#ifdef __cplusplus
}
#endif
diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c
index 406a50ecbd..b89937f82f 100644
--- a/source4/heimdal/lib/hdb/hdb.c
+++ b/source4/heimdal/lib/hdb/hdb.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
diff --git a/source4/heimdal/lib/hdb/hdb_locl.h b/source4/heimdal/lib/hdb/hdb_locl.h
index 0d07164bd1..0bf4e8191c 100644
--- a/source4/heimdal/lib/hdb/hdb_locl.h
+++ b/source4/heimdal/lib/hdb/hdb_locl.h
@@ -64,4 +64,11 @@
#include <hdb.h>
#include <hdb-private.h>
+krb5_error_code
+hdb_ldb_create (
+ krb5_context /*context*/,
+ HDB ** /*db*/,
+ const char */*arg*/);
+
+
#endif /* __HDB_LOCL_H__ */
diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c
index 21ee2f4274..6fb37842dc 100644
--- a/source4/heimdal/lib/hdb/keytab.c
+++ b/source4/heimdal/lib/hdb/keytab.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index de40b059b8..3cfc780eb4 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.130 2005/12/02 14:47:44 lha Exp $");
+RCSID("$Id: crypto.c,v 1.132 2006/02/28 14:52:57 lha Exp $");
#undef CRYPTO_DEBUG
#ifdef CRYPTO_DEBUG
@@ -591,114 +591,6 @@ ARCFOUR_string_to_key(krb5_context context,
* AES
*/
-/* iter is really 1 based, so iter == 0 will be 1 iteration */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype,
- krb5_data password, krb5_salt salt, u_int32_t iter,
- krb5_keytype type, krb5_keyblock *key)
-{
- struct checksum_type *c = _find_checksum(cktype);
- struct key_type *kt;
- size_t datalen, leftofkey;
- krb5_error_code ret;
- u_int32_t keypart;
- struct key_data ksign;
- krb5_keyblock kb;
- Checksum result;
- char *data, *tmpcksum;
- int i, j;
- char *p;
-
- if (c == NULL) {
- krb5_set_error_string(context, "checksum %d not supported", cktype);
- return KRB5_PROG_KEYTYPE_NOSUPP;
- }
-
- kt = _find_keytype(type);
- if (kt == NULL) {
- krb5_set_error_string(context, "key type %d not supported", type);
- return KRB5_PROG_KEYTYPE_NOSUPP;
- }
-
- key->keytype = type;
- ret = krb5_data_alloc (&key->keyvalue, kt->bits / 8);
- if (ret) {
- krb5_set_error_string(context, "malloc: out of memory");
- return ret;
- }
-
- ret = krb5_data_alloc (&result.checksum, c->checksumsize);
- if (ret) {
- krb5_set_error_string(context, "malloc: out of memory");
- krb5_data_free (&key->keyvalue);
- return ret;
- }
-
- tmpcksum = malloc(c->checksumsize);
- if (tmpcksum == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- krb5_data_free (&key->keyvalue);
- krb5_data_free (&result.checksum);
- return ENOMEM;
- }
-
- datalen = salt.saltvalue.length + 4;
- data = malloc(datalen);
- if (data == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- free(tmpcksum);
- krb5_data_free (&key->keyvalue);
- krb5_data_free (&result.checksum);
- return ENOMEM;
- }
-
- kb.keyvalue = password;
- ksign.key = &kb;
-
- memcpy(data, salt.saltvalue.data, salt.saltvalue.length);
-
- keypart = 1;
- leftofkey = key->keyvalue.length;
- p = key->keyvalue.data;
-
- while (leftofkey) {
- int len;
-
- if (leftofkey > c->checksumsize)
- len = c->checksumsize;
- else
- len = leftofkey;
-
- _krb5_put_int(data + datalen - 4, keypart, 4);
-
- ret = hmac(context, c, data, datalen, 0, &ksign, &result);
- if (ret)
- krb5_abortx(context, "hmac failed");
- memcpy(p, result.checksum.data, len);
- memcpy(tmpcksum, result.checksum.data, result.checksum.length);
- for (i = 0; i < iter; i++) {
- ret = hmac(context, c, tmpcksum, result.checksum.length,
- 0, &ksign, &result);
- if (ret)
- krb5_abortx(context, "hmac failed");
- memcpy(tmpcksum, result.checksum.data, result.checksum.length);
- for (j = 0; j < len; j++)
- p[j] ^= tmpcksum[j];
- }
-
- p += len;
- leftofkey -= len;
- keypart++;
- }
-
- free(data);
- free(tmpcksum);
- krb5_data_free (&result.checksum);
-
- return 0;
-}
-
int _krb5_AES_string_to_default_iterator = 4096;
static krb5_error_code
@@ -715,33 +607,44 @@ AES_string_to_key(krb5_context context,
struct key_data kd;
if (opaque.length == 0)
- iter = _krb5_AES_string_to_default_iterator - 1;
+ iter = _krb5_AES_string_to_default_iterator;
else if (opaque.length == 4) {
unsigned long v;
_krb5_get_int(opaque.data, &v, 4);
- iter = ((u_int32_t)v) - 1;
+ iter = ((u_int32_t)v);
} else
return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */
-
et = _find_enctype(enctype);
if (et == NULL)
return KRB5_PROG_KEYTYPE_NOSUPP;
- ret = _krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt,
- iter, enctype, key);
- if (ret)
+ key->keytype = enctype;
+ ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to allocate pkcs5 key");
return ret;
-
+ }
ret = krb5_copy_keyblock(context, key, &kd.key);
+ if (ret) {
+ krb5_free_keyblock(context, key);
+ return ret;
+ }
+
+ ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
+ salt.saltvalue.data, salt.saltvalue.length,
+ iter,
+ et->keytype->size, kd.key->keyvalue.data);
kd.schedule = NULL;
+ if (ret != 1) {
+ krb5_set_error_string(context, "Error calculating s2k");
+ return KRB5_PROG_KEYTYPE_NOSUPP;
+ }
ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
- krb5_free_keyblock_contents(context, key);
- if (ret == 0) {
+ if (ret == 0)
ret = krb5_copy_keyblock_contents(context, kd.key, key);
- free_key_data(context, &kd);
- }
+ free_key_data(context, &kd);
return ret;
}
@@ -3789,7 +3692,8 @@ krb5_generate_random_block(void *buf, size_t len)
rng_initialized = 1;
}
HEIMDAL_MUTEX_unlock(&crypto_mutex);
- RAND_bytes(buf, len);
+ if (RAND_bytes(buf, len) != 1)
+ krb5_abortx(NULL, "Failed to generate random block");
}
#else
diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c
index 649bdd20fd..b672fe74f9 100644
--- a/source4/heimdal/lib/krb5/error_string.c
+++ b/source4/heimdal/lib/krb5/error_string.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 2001, 2003, 2005 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: error_string.c,v 1.3 2004/05/25 21:23:55 lha Exp $");
+RCSID("$Id: error_string.c,v 1.7 2006/02/16 07:49:23 lha Exp $");
#undef __attribute__
#define __attribute__(X)
@@ -107,3 +107,24 @@ krb5_have_error_string(krb5_context context)
HEIMDAL_MUTEX_unlock(context->mutex);
return str != NULL;
}
+
+char * KRB5_LIB_FUNCTION
+krb5_get_error_message(krb5_context context, krb5_error_code code)
+{
+ const char *cstr;
+ char *str;
+
+ str = krb5_get_error_string(context);
+ if (str)
+ return str;
+
+ cstr = krb5_get_err_text(context, code);
+ if (cstr)
+ return strdup(cstr);
+
+ if (asprintf(&str, "<unknown error: %d>", code) == -1)
+ return NULL;
+
+ return str;
+}
+
diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index 7043b8ae51..1fa3f9143e 100644
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: get_cred.c,v 1.108 2005/07/13 07:38:02 lha Exp $");
+RCSID("$Id: get_cred.c,v 1.109 2006/02/03 11:41:02 lha Exp $");
/*
* Take the `body' and encode it into `padata' using the credentials
@@ -772,7 +772,8 @@ get_cred_from_kdc_flags(krb5_context context,
krb5_boolean noaddr;
krb5_appdefault_boolean(context, NULL, tgt->server->realm,
- "no-addresses", FALSE, &noaddr);
+ "no-addresses", KRB5_ADDRESSLESS_DEFAULT,
+ &noaddr);
if (noaddr)
ret = get_cred_kdc (context, ccache, flags, NULL,
in_creds, tgt, *out_creds);
diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c
index be5c1db47d..aa7c62befc 100644
--- a/source4/heimdal/lib/krb5/get_for_creds.c
+++ b/source4/heimdal/lib/krb5/get_for_creds.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: get_for_creds.c,v 1.46 2005/11/28 20:43:02 lha Exp $");
+RCSID("$Id: get_for_creds.c,v 1.47 2006/02/03 11:37:29 lha Exp $");
static krb5_error_code
add_addrs(krb5_context context,
@@ -284,21 +284,14 @@ krb5_get_forwarded_creds (krb5_context context,
enc_krb_cred_part.usec = NULL;
}
- if (auth_context->local_address && auth_context->local_port) {
- krb5_boolean noaddr;
- krb5_const_realm srealm;
-
- srealm = krb5_principal_get_realm(context, out_creds->server);
- krb5_appdefault_boolean(context, NULL, srealm, "no-addresses",
- paddrs == NULL, &noaddr);
- if (!noaddr) {
- ret = krb5_make_addrport (context,
- &enc_krb_cred_part.s_address,
- auth_context->local_address,
- auth_context->local_port);
- if (ret)
- goto out4;
- }
+ if (auth_context->local_address && auth_context->local_port && paddrs) {
+
+ ret = krb5_make_addrport (context,
+ &enc_krb_cred_part.s_address,
+ auth_context->local_address,
+ auth_context->local_port);
+ if (ret)
+ goto out4;
}
if (auth_context->remote_address) {
diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c
index 51b8ebc392..316c2f02eb 100644
--- a/source4/heimdal/lib/krb5/init_creds.c
+++ b/source4/heimdal/lib/krb5/init_creds.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: init_creds.c,v 1.21 2005/10/12 12:45:27 lha Exp $");
+RCSID("$Id: init_creds.c,v 1.22 2006/02/03 11:42:31 lha Exp $");
void KRB5_LIB_FUNCTION
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
@@ -191,7 +191,8 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context,
if(t != 0)
krb5_get_init_creds_opt_set_renew_life(opt, t);
- krb5_appdefault_boolean(context, appname, realm, "no-addresses", FALSE, &b);
+ krb5_appdefault_boolean(context, appname, realm, "no-addresses",
+ KRB5_ADDRESSLESS_DEFAULT, &b);
if (b)
krb5_get_init_creds_opt_set_address_list (opt, &no_addrs);
diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h
index c308287a36..8d9b3c62ac 100644
--- a/source4/heimdal/lib/krb5/krb5-private.h
+++ b/source4/heimdal/lib/krb5/krb5-private.h
@@ -12,19 +12,6 @@
#endif
#endif
-struct krb5_dh_moduli;
-struct _krb5_krb_auth_data;
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_PKCS5_PBKDF2 (
- krb5_context /*context*/,
- krb5_cksumtype /*cktype*/,
- krb5_data /*password*/,
- krb5_salt /*salt*/,
- u_int32_t /*iter*/,
- krb5_keytype /*type*/,
- krb5_keyblock */*key*/);
-
void KRB5_LIB_FUNCTION
_krb5_aes_cts_encrypt (
const unsigned char */*in*/,
@@ -92,6 +79,9 @@ _krb5_find_type_in_ad (
void
_krb5_free_krbhst_info (krb5_krbhst_info */*hi*/);
+void
+_krb5_free_moduli (struct krb5_dh_moduli **/*moduli*/);
+
krb5_error_code
_krb5_get_default_principal_local (
krb5_context /*context*/,
diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h
index c08d8058a4..d7e74621ef 100644
--- a/source4/heimdal/lib/krb5/krb5-protos.h
+++ b/source4/heimdal/lib/krb5/krb5-protos.h
@@ -20,15 +20,6 @@ extern "C" {
#endif
#endif
-void
-initialize_heim_error_table_r (struct et_list **/*list*/);
-
-void
-initialize_k524_error_table_r (struct et_list **/*list*/);
-
-void
-initialize_krb5_error_table_r (struct et_list **/*list*/);
-
krb5_error_code KRB5_LIB_FUNCTION
krb524_convert_creds_kdc (
krb5_context /*context*/,
@@ -1689,6 +1680,11 @@ krb5_get_err_text (
krb5_error_code /*code*/);
char * KRB5_LIB_FUNCTION
+krb5_get_error_message (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/);
+
+char * KRB5_LIB_FUNCTION
krb5_get_error_string (krb5_context /*context*/);
krb5_error_code KRB5_LIB_FUNCTION
diff --git a/source4/heimdal/lib/krb5/krb5_err.et b/source4/heimdal/lib/krb5/krb5_err.et
index 1257b074fb..e7bada1808 100644
--- a/source4/heimdal/lib/krb5/krb5_err.et
+++ b/source4/heimdal/lib/krb5/krb5_err.et
@@ -3,7 +3,7 @@
#
# This might look like a com_err file, but is not
#
-id "$Id: krb5_err.et,v 1.12 2004/10/14 15:30:29 lha Exp $"
+id "$Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $"
error_table krb5
@@ -74,35 +74,36 @@ prefix KRB5_KDC_ERR
error_code CLIENT_NOT_TRUSTED, "Client not trusted"
error_code KDC_NOT_TRUSTED, "KDC not trusted"
error_code INVALID_SIG, "Invalid signature"
-error_code KEY_SIZE, "Key size too small/key too weak"
-error_code CERTIFICATE_MISMATCH, "Certificate mismatch"
+error_code DH_KEY_PARAMETERS_NOT_ACCEPTED, "DH parameters not accepted"
+index 69
prefix KRB5_AP_ERR
error_code USER_TO_USER_REQUIRED, "User to user required"
index 70
-prefix KRB5_KDC_ERROR
+prefix KRB5_KDC_ERR
error_code CANT_VERIFY_CERTIFICATE, "Cannot verify certificate"
-error_code INVALID_CERTIFICATE, "Invalid certificate"
-error_code REVOKED_CERTIFICATE, "Revoked certificate"
+error_code INVALID_CERTIFICATE, "Certificate invalid"
+error_code REVOKED_CERTIFICATE, "Certificate revoked"
error_code REVOCATION_STATUS_UNKNOWN, "Revocation status unknown"
-error_code REVOCATION_STATUS_UNAVAILABLE, "Revocation status unknown"
-error_code CLIENT_NAME_MISMATCH, "Client name mismatch"
-index 75
-error_code KDC_NAME_MISMATCH, "KDC name mismatch"
-
-# 76-79 are reserved
-
-index 80
-prefix KRB5_IAKERB
-error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC"
-error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC"
+error_code CLIENT_NAME_MISMATCH, "Revocation status unknown"
+error_code INCONSISTENT_KEY_PURPOSE, "Inconsistent key purpose"
+error_code DIGEST_IN_CERT_NOT_ACCEPTED, "Digest in certificate not accepted"
+error_code PA_CHECKSUM_MUST_BE_INCLUDED, "paChecksum must be included"
+error_code DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, "Digest in signedData not accepted"
+error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not supported"
+
+## these are never used
+#index 80
+#prefix KRB5_IAKERB
+#error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC"
+#error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC"
# 82-127 are reserved
index 128
prefix
-error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.12 2004/10/14 15:30:29 lha Exp $"
+error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $"
error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode"
error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password"
diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h
index 60d72c8f80..92dd3271f5 100644
--- a/source4/heimdal/lib/krb5/krb5_locl.h
+++ b/source4/heimdal/lib/krb5/krb5_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: krb5_locl.h,v 1.84 2005/12/13 15:40:50 lha Exp $ */
+/* $Id: krb5_locl.h,v 1.87 2006/02/09 11:36:27 lha Exp $ */
#ifndef __KRB5_LOCL_H__
#define __KRB5_LOCL_H__
@@ -170,14 +170,6 @@ struct _krb5_krb_auth_data;
#define KRB5_BUFSIZ 1024
-#ifndef KRB5_DEFAULT_CCNAME
-#ifdef __APPLE__
-#define KRB5_DEFAULT_CCNAME "API:"
-#else
-#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}"
-#endif
-#endif
-
typedef enum {
KRB5_PA_PAC_DONT_CARE = 0,
KRB5_PA_PAC_REQ_TRUE,
@@ -196,4 +188,20 @@ struct _krb5_get_init_creds_opt_private {
int canonicalize;
};
+/*
+ * Configurable options
+ */
+
+#ifndef KRB5_DEFAULT_CCNAME
+#ifdef __APPLE__
+#define KRB5_DEFAULT_CCNAME "API:"
+#else
+#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}"
+#endif
+#endif
+
+#ifndef KRB5_ADDRESSLESS_DEFAULT
+#define KRB5_ADDRESSLESS_DEFAULT FALSE
+#endif
+
#endif /* __KRB5_LOCL_H__ */
diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c
index 56112eea8c..b5a1aadfea 100644
--- a/source4/heimdal/lib/krb5/mk_priv.c
+++ b/source4/heimdal/lib/krb5/mk_priv.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: mk_priv.c,v 1.34 2004/05/25 21:33:32 lha Exp $");
+RCSID("$Id: mk_priv.c,v 1.35 2006/02/01 12:39:26 lha Exp $");
krb5_error_code KRB5_LIB_FUNCTION
@@ -129,9 +129,11 @@ krb5_mk_priv(krb5_context context,
ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret);
-
- if(ret)
+ if (ret)
goto fail;
+ if (buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
krb5_data_free (&s.enc_part.cipher);
ret = krb5_data_copy(outbuf, buf + buf_size - len, len);
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 0c5dfc44e9..1247bb22ca 100755
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -33,7 +33,15 @@
#include "krb5_locl.h"
-RCSID("$Id: pkinit.c,v 1.75 2005/10/21 17:18:38 lha Exp $");
+RCSID("$Id: pkinit.c,v 1.77 2006/02/14 10:08:29 lha Exp $");
+
+struct krb5_dh_moduli {
+ char *name;
+ unsigned long bits;
+ heim_integer p;
+ heim_integer g;
+ heim_integer q;
+};
#ifdef PKINIT
@@ -104,14 +112,6 @@ struct krb5_pk_cert {
X509 *cert;
};
-struct krb5_dh_moduli {
- char *name;
- unsigned long bits;
- heim_integer p;
- heim_integer g;
- heim_integer q;
-};
-
struct krb5_pk_init_ctx_data {
struct krb5_pk_identity *id;
DH *dh;
@@ -505,7 +505,13 @@ build_auth_pack(krb5_context context,
if (ret)
return ret;
- ret = krb5_data_copy(&a->pkAuthenticator.paChecksum,
+ ALLOC(a->pkAuthenticator.paChecksum, 1);
+ if (a->pkAuthenticator.paChecksum == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ ret = krb5_data_copy(a->pkAuthenticator.paChecksum,
checksum.checksum.data, checksum.checksum.length);
free_Checksum(&checksum);
if (ret)
@@ -984,11 +990,9 @@ pk_verify_chain_standard(krb5_context context,
* Since X509_verify_cert() doesn't do CRL checking at all, we have to
* perform own verification against CRLs
*/
-#if 0
- ret = pk_verify_crl(context, store_ctx, id->crls);
- if (ret)
- goto end;
-#endif
+ /*
+ * XXX add crl checking
+ */
if (client_cert && cert)
*client_cert = X509_dup(cert);
@@ -2429,6 +2433,31 @@ _krb5_pk_load_openssl_id(krb5_context context,
return ret;
}
+static krb5_error_code
+select_dh_group(krb5_context context, DH *dh, unsigned long bits,
+ struct krb5_dh_moduli **moduli)
+{
+ const struct krb5_dh_moduli *m;
+
+ m = moduli[1]; /* XXX */
+ if (m == NULL)
+ m = moduli[0]; /* XXX */
+
+ dh->p = integer_to_BN(context, "p", &m->p);
+ if (dh->p == NULL)
+ return ENOMEM;
+ dh->g = integer_to_BN(context, "g", &m->g);
+ if (dh->g == NULL)
+ return ENOMEM;
+ dh->q = integer_to_BN(context, "q", &m->q);
+ if (dh->q == NULL)
+ return ENOMEM;
+
+ return 0;
+}
+
+#endif /* PKINIT */
+
static int
parse_integer(krb5_context context, char **p, const char *file, int lineno,
const char *name, heim_integer *integer)
@@ -2526,7 +2555,7 @@ out:
return ret;
}
-static void
+void
_krb5_free_moduli(struct krb5_dh_moduli **moduli)
{
int i;
@@ -2541,8 +2570,9 @@ _krb5_free_moduli(struct krb5_dh_moduli **moduli)
}
static const char *default_moduli =
- /* bits */
+ /* name */
"RFC2412-MODP-group2 "
+ /* bits */
"1024 "
/* p */
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
@@ -2566,7 +2596,7 @@ krb5_error_code
_krb5_parse_moduli(krb5_context context, const char *file,
struct krb5_dh_moduli ***moduli)
{
- /* comment bits P G Q */
+ /* name bits P G Q */
krb5_error_code ret;
struct krb5_dh_moduli **m = NULL, **m2;
char buf[4096];
@@ -2589,10 +2619,8 @@ _krb5_parse_moduli(krb5_context context, const char *file,
}
n = 1;
- if (file == NULL) {
- *moduli = m;
- return 0;
- }
+ if (file == NULL)
+ file = MODULI_FILE;
f = fopen(file, "r");
if (f == NULL) {
@@ -2646,7 +2674,7 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits,
for (i = 0; moduli[i] != NULL; i++) {
if (heim_integer_cmp(&moduli[i]->g, g) == 0 &&
heim_integer_cmp(&moduli[i]->p, p) == 0 &&
- heim_integer_cmp(&moduli[i]->q, q) == 0)
+ (q == NULL || heim_integer_cmp(&moduli[i]->q, q) == 0))
{
if (bits && bits > moduli[i]->bits) {
krb5_set_error_string(context, "PKINIT: DH group parameter %s "
@@ -2663,32 +2691,6 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits,
return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
}
-static krb5_error_code
-select_dh_group(krb5_context context, DH *dh, unsigned long bits,
- struct krb5_dh_moduli **moduli)
-{
- const struct krb5_dh_moduli *m;
-
- m = moduli[1]; /* XXX */
- if (m == NULL)
- m = moduli[0]; /* XXX */
-
- dh->p = integer_to_BN(context, "p", &m->p);
- if (dh->p == NULL)
- return ENOMEM;
- dh->g = integer_to_BN(context, "g", &m->g);
- if (dh->g == NULL)
- return ENOMEM;
- dh->q = integer_to_BN(context, "q", &m->q);
- if (dh->q == NULL)
- return ENOMEM;
-
- return 0;
-}
-
-
-#endif /* PKINIT */
-
void KRB5_LIB_FUNCTION
_krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
{
@@ -2772,11 +2774,10 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
if ((flags & 2) == 0) {
const char *moduli_file;
- moduli_file = krb5_config_get_string_default(context, NULL,
- MODULI_FILE,
- "libdefaults",
- "moduli",
- NULL);
+ moduli_file = krb5_config_get_string(context, NULL,
+ "libdefaults",
+ "moduli",
+ NULL);
ret = _krb5_parse_moduli(context, moduli_file,
&opt->opt_private->pk_init_ctx->m);
diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c
new file mode 100644
index 0000000000..ba0f4a4fda
--- /dev/null
+++ b/source4/heimdal/lib/roken/hex.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2004-2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: hex.c,v 1.8 2006/01/09 17:09:29 lha Exp $");
+#endif
+#include "roken.h"
+#include <ctype.h>
+#include "hex.h"
+
+const static char hexchar[] = "0123456789ABCDEF";
+
+static int
+pos(char c)
+{
+ const char *p;
+ c = toupper((unsigned char)c);
+ for (p = hexchar; *p; p++)
+ if (*p == c)
+ return p - hexchar;
+ return -1;
+}
+
+ssize_t ROKEN_LIB_FUNCTION
+hex_encode(const void *data, size_t size, char **str)
+{
+ const unsigned char *q = data;
+ size_t i;
+ char *p;
+
+ /* check for overflow */
+ if (size * 2 < size)
+ return -1;
+
+ p = malloc(size * 2 + 1);
+ if (p == NULL)
+ return -1;
+
+ for (i = 0; i < size; i++) {
+ p[i * 2] = hexchar[(*q >> 4) & 0xf];
+ p[i * 2 + 1] = hexchar[*q & 0xf];
+ q++;
+ }
+ p[i * 2] = '\0';
+ *str = p;
+
+ return i * 2;
+}
+
+ssize_t ROKEN_LIB_FUNCTION
+hex_decode(const char *str, void *data, size_t len)
+{
+ size_t l;
+ unsigned char *p = data;
+ size_t i;
+
+ l = strlen(str);
+
+ /* check for overflow, same as (l+1)/2 but overflow safe */
+ if ((l/2) + (l&1) > len)
+ return -1;
+
+ i = 0;
+ if (l & 1) {
+ p[0] = pos(str[0]);
+ str++;
+ p++;
+ }
+ for (i = 0; i < l / 2; i++)
+ p[i] = pos(str[i * 2]) << 4 | pos(str[(i * 2) + 1]);
+ return i + (l & 1);
+}
diff --git a/source4/heimdal/lib/roken/hex.h b/source4/heimdal/lib/roken/hex.h
new file mode 100644
index 0000000000..cd47b21f9f
--- /dev/null
+++ b/source4/heimdal/lib/roken/hex.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: hex.h,v 1.3 2005/04/12 11:28:50 lha Exp $ */
+
+#ifndef _rk_HEX_H_
+#define _rk_HEX_H_ 1
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+#define hex_encode rk_hex_encode
+#define hex_decode rk_hex_decode
+
+ssize_t ROKEN_LIB_FUNCTION
+ hex_encode(const void *, size_t, char **);
+ssize_t ROKEN_LIB_FUNCTION
+ hex_decode(const char *, void *, size_t);
+
+#endif /* _rk_HEX_H_ */
diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c
index 8764f422ec..92438a9963 100644
--- a/source4/heimdal/lib/roken/resolve.c
+++ b/source4/heimdal/lib/roken/resolve.c
@@ -45,7 +45,7 @@
#include <assert.h>
-RCSID("$Id: resolve.c,v 1.52 2005/08/22 19:16:21 lha Exp $");
+RCSID("$Id: resolve.c,v 1.53 2006/02/06 19:30:16 lha Exp $");
#ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */
#undef HAVE_RES_NSEARCH
@@ -275,7 +275,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
}
/* the signer name is placed after the sig_data, to make it
- easy to free this struture; the size calculation below
+ easy to free this structure; the size calculation below
includes the zero-termination if the structure itself.
don't you just love C?
*/