pull up 3des implementation from the marc-3des branch

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970

6 files changed, 16 insertions, 722 deletions

diff --git a/src/lib/crypto/md4/.rconf b/src/lib/crypto/md4/.rconf
deleted file mode 100644
index de30fd8c9..000000000
--- a/src/lib/crypto/md4/.rconf
+++ /dev/null
@@ -1,2 +0,0 @@
-ignore RFC1186.TXT
-ignore RFC1186B.TXT
diff --git a/src/lib/crypto/md4/ChangeLog b/src/lib/crypto/md4/ChangeLog
index 3ca8c0872..7714d4a43 100644
--- a/src/lib/crypto/md4/ChangeLog
+++ b/src/lib/crypto/md4/ChangeLog
@@ -1,3 +1,7 @@
+Sun Jul 19 12:00:00 1998  Marc Horowitz <marc@mit.edu>
+
+	* *.c: replace the crypto layer.
+
 Tue Mar  3 08:39:47 1998  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
 	* Makefile.in (t_cksum): Do not depend on libkrb5.a, use 
diff --git a/src/lib/crypto/md4/Makefile.in b/src/lib/crypto/md4/Makefile.in
index 739b34b84..be6baebb0 100644
--- a/src/lib/crypto/md4/Makefile.in
+++ b/src/lib/crypto/md4/Makefile.in
@@ -1,7 +1,6 @@
 thisconfigdir=./..
 BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U)
-# -I$(srcdir) is needed to pull in $(srcdir)/rsa-md4.h for ./t_mddriver.c.
-CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/../des -I"$(srcdir)"
+CFLAGS = $(CCOPTS) $(DEFS)
 
 ##DOS##BUILDTOP = ..\..\..
 ##DOS##PREFIXDIR=md4
@@ -11,16 +10,22 @@ CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/../des -I"$(srcdir)"
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
-RUN_SETUP=@KRB5_RUN_ENV@
+RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf
 
-STLIBOBJS=md4.o md4glue.o md4crypto.o
-OBJS=	md4.$(OBJEXT) md4glue.$(OBJEXT) md4crypto.$(OBJEXT)
-SRCS=	$(srcdir)/md4.c $(srcdir)/md4glue.c $(srcdir)/md4crypto.c
+STLIBOBJS= md4.o
+
+OBJS= md4.$(OBJEXT) 
+
+SRCS= $(srcdir)/md4.c
 
 ##DOS##LIBOBJS = $(OBJS)
 
 all-unix:: all-libobjs
 
+includes:: depend
+
+depend:: $(SRCS)
+
 t_mddriver.c: $(srcdir)/../md5/t_mddriver.c
 	$(CP) $(srcdir)/../md5/t_mddriver.c t_mddriver.c
 
@@ -35,24 +40,13 @@ t_mddriver.exe:
 	$(CC) -DMD=4 $(CFLAGS2) -o t_mddriver t_mddriver.c md4.c
 	$(RM) md4.obj
 
-t_cksum.c: $(srcdir)/../md5/t_cksum.c
-	$(CP) $(srcdir)/../md5/t_cksum.c t_cksum.c
-
-t_cksum.o: t_cksum.c
-	$(CC) -DMD=4 $(CFLAGS) -c  t_cksum.c
-
-t_cksum: t_cksum.o $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o t_cksum t_cksum.o $(KRB5_BASE_LIBS)
-
-check-unix:: t_mddriver t_cksum
+check-unix:: t_mddriver
 	$(RUN_SETUP) $(C)t_mddriver -x
-	$(RUN_SETUP) $(C)t_cksum "this is a test"
 
 check-windows:: t_mddriver$(EXEEXT)
 	$(C)t_mddriver$(EXEEXT) -x
 
 clean:: 
 	$(RM) t_mddriver$(EXEEXT) t_mddriver.$(OBJEXT) t_mddriver.c
-	$(RM) t_cksum$(EXEEXT) t_cksum.$(OBJEXT) t_cksum.c
 
 clean-unix:: clean-libobjs
diff --git a/src/lib/crypto/md4/md4crypto.c b/src/lib/crypto/md4/md4crypto.c
deleted file mode 100644
index eac9647f2..000000000
--- a/src/lib/crypto/md4/md4crypto.c
+++ /dev/null
@@ -1,385 +0,0 @@
-/*
- * lib/crypto/md4/md4crypto.c
- *
- * Copyright 1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * Kerberos glue for MD4 sample implementation.
- */
-
-#include "k5-int.h"
-#include "rsa-md4.h"
-#include "des_int.h"	/* we cheat a bit and call it directly... */
-
-/*
- * In Kerberos V5 Beta 5 and previous releases the RSA-MD4-DES implementation
- * did not follow RFC1510.  The folowing definitions control the compatibility
- * with these releases.
- *
- * If MD4_K5BETA_COMPAT is defined, then compatability mode is enabled.  That
- * means that both checksum functions are compiled and available for use and
- * the additional interface md4_crypto_compat_ctl() is defined.
- *
- * If MD4_K5BETA_COMPAT_DEF is defined and compatability mode is enabled, then
- * the compatible behaviour becomes the default.
- *
- */
-#define MD4_K5BETA_COMPAT
-#define MD4_K5BETA_COMPAT_DEF
-
-
-/* Windows needs to these prototypes for the assignment below */
-
-#ifdef MD4_K5BETA_COMPAT
-krb5_error_code
-krb5_md4_crypto_compat_sum_func PROTOTYPE((
-	krb5_const krb5_pointer in,
-	krb5_const size_t in_length,
-	krb5_const krb5_pointer seed,
-	krb5_const size_t seed_length,
-	krb5_checksum *outcksum));
-#endif
-
-krb5_error_code
-krb5_md4_crypto_sum_func PROTOTYPE((
-	krb5_const krb5_pointer in,
-	krb5_const size_t in_length,
-	krb5_const krb5_pointer seed,
-	krb5_const size_t seed_length,
-	krb5_checksum *outcksum));
-
-krb5_error_code
-krb5_md4_crypto_verify_func PROTOTYPE((
-	krb5_const krb5_checksum FAR *cksum,
-	krb5_const krb5_pointer in,
-	krb5_const size_t in_length,
-	krb5_const krb5_pointer seed,
-	krb5_const size_t seed_length));
-
-static mit_des_cblock zero_ivec = { 0 };
-
-static void
-krb5_md4_calculate_cksum(md4ctx, confound, confound_length, in, in_length)
-    krb5_MD4_CTX		*md4ctx;
-    krb5_pointer	confound;
-    size_t		confound_length;
-    krb5_pointer	in;
-    size_t		in_length;
-{
-    krb5_MD4Init(md4ctx);
-    if (confound && confound_length)
-	krb5_MD4Update(md4ctx, confound, confound_length);
-    krb5_MD4Update(md4ctx, in, in_length);
-    krb5_MD4Final(md4ctx);
-}
-
-#ifdef	MD4_K5BETA_COMPAT
-/*
- * Generate the RSA-MD4-DES checksum in a manner which is compatible with
- * K5 Beta implementations.  Sigh...
- */
-krb5_error_code
-krb5_md4_crypto_compat_sum_func(in, in_length, seed, seed_length, outcksum)
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer seed;
-    krb5_const size_t seed_length;
-    krb5_checksum FAR *outcksum;
-{
-    krb5_octet outtmp[OLD_RSA_MD4_DES_CKSUM_LENGTH];
-    krb5_octet *input = (krb5_octet *)in;
-    krb5_encrypt_block eblock;
-    krb5_keyblock keyblock;
-    krb5_error_code retval;
-    krb5_MD4_CTX working;
-
-    if (outcksum->length < OLD_RSA_MD4_DES_CKSUM_LENGTH)
-	return KRB5_BAD_MSIZE;
-
-    krb5_MD4Init(&working);
-    krb5_MD4Update(&working, input, in_length);
-    krb5_MD4Final(&working);
-
-    outcksum->checksum_type = CKSUMTYPE_RSA_MD4_DES;
-    outcksum->length = OLD_RSA_MD4_DES_CKSUM_LENGTH;
-
-    memcpy((char *)outtmp, (char *)&working.digest[0], 16);
-
-    memset((char *)&working, 0, sizeof(working));
-
-    keyblock.length = seed_length;
-    keyblock.contents = (krb5_octet *)seed;
-    keyblock.enctype = ENCTYPE_DES_CBC_MD4;
-
-    if ((retval = mit_des_process_key(&eblock, &keyblock)))
-	return retval;
-    /* now encrypt it */
-    retval = mit_des_cbc_encrypt((mit_des_cblock *)&outtmp[0],
-				 (mit_des_cblock *)outcksum->contents,
-				 OLD_RSA_MD4_DES_CKSUM_LENGTH,
-				 (struct mit_des_ks_struct *)eblock.priv,
-				 keyblock.contents,
-				 MIT_DES_ENCRYPT);
-    if (retval) {
-	(void) mit_des_finish_key(&eblock);
-	return retval;
-    }
-    return mit_des_finish_key(&eblock);
-}
-#endif	/* MD4_K5BETA_COMPAT */
-
-/*
- * Generate the RSA-MD4-DES checksum correctly.
- */
-krb5_error_code
-krb5_md4_crypto_sum_func(in, in_length, seed, seed_length, outcksum)
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer seed;
-    krb5_const size_t seed_length;
-    krb5_checksum FAR *outcksum;
-{
-    krb5_octet outtmp[NEW_RSA_MD4_DES_CKSUM_LENGTH];
-    mit_des_cblock	tmpkey;
-    krb5_encrypt_block eblock;
-    krb5_keyblock keyblock;
-    krb5_error_code retval;
-    size_t i;
-
-    krb5_MD4_CTX working;
-
-    /* Generate the confounder in place */
-    if ((retval = krb5_random_confounder(RSA_MD4_DES_CONFOUND_LENGTH, outtmp)))
-	return(retval);
-
-    /* Calculate the checksum */
-    krb5_md4_calculate_cksum(&working,
-			(krb5_pointer) outtmp,
-			(size_t) RSA_MD4_DES_CONFOUND_LENGTH,
-			in,
-			in_length);
-
-    outcksum->checksum_type = CKSUMTYPE_RSA_MD4_DES;
-    outcksum->length = NEW_RSA_MD4_DES_CKSUM_LENGTH;
-
-    /* Now blast in the digest */
-    memcpy((char *) &outtmp[RSA_MD4_DES_CONFOUND_LENGTH],
-	   (char *) &working.digest[0],
-	   RSA_MD4_CKSUM_LENGTH);
-
-    /* Clean up droppings */
-    memset((char *)&working, 0, sizeof(working));
-
-    /* Set up the temporary copy of the key (see RFC 1510 section 6.4.3) */
-    memset((char *) tmpkey, 0, sizeof(mit_des_cblock));
-    for (i=0; (i<seed_length) && (i<sizeof(mit_des_cblock)); i++)
-	tmpkey[i] = (((krb5_octet *) seed)[i]) ^ 0xf0;
-
-    keyblock.length = sizeof(mit_des_cblock);
-    keyblock.contents = (krb5_octet *) tmpkey;
-    keyblock.enctype = ENCTYPE_DES_CBC_MD4;
-
-    if ((retval = mit_des_process_key(&eblock, &keyblock)))
-	return retval;
-    /* now encrypt it */
-    retval = mit_des_cbc_encrypt((mit_des_cblock *)&outtmp[0],
-				 (mit_des_cblock *)outcksum->contents,
-				 NEW_RSA_MD4_DES_CKSUM_LENGTH,
-				 (struct mit_des_ks_struct *)eblock.priv,
-				 zero_ivec,
-				 MIT_DES_ENCRYPT);
-    if (retval) {
-	(void) mit_des_finish_key(&eblock);
-	return retval;
-    }
-    return mit_des_finish_key(&eblock);
-}
-
-krb5_error_code
-krb5_md4_crypto_verify_func(cksum, in, in_length, seed, seed_length)
-    krb5_const krb5_checksum FAR *cksum;
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer seed;
-    krb5_const size_t seed_length;
-{
-    krb5_octet outtmp[NEW_RSA_MD4_DES_CKSUM_LENGTH];
-    mit_des_cblock	tmpkey;
-    krb5_encrypt_block eblock;
-    krb5_keyblock keyblock;
-    krb5_error_code retval;
-    size_t i;
-
-    krb5_MD4_CTX working;
-
-    retval = 0;
-    if (cksum->checksum_type == CKSUMTYPE_RSA_MD4_DES) {
-#ifdef	MD4_K5BETA_COMPAT
-	/*
-	 * We have a backwards compatibility problem here.  Kerberos
-	 * version 5 Beta 5 and previous releases did not correctly
-	 * generate RSA-MD4-DES checksums.  The way that we can
-	 * differentiate is by the length of the provided checksum.
-	 * If it's only OLD_RSA_MD4_DES_CKSUM_LENGTH, then it's the
-	 * old style, otherwise it's the correct implementation.
-	 */
-	if (cksum->length == OLD_RSA_MD4_DES_CKSUM_LENGTH) {
-	    /*
-	     * If we're verifying the Old Style (tm) checksum, then we can just
-	     * recalculate the checksum and encrypt it and see if it's the
-	     * same.
-	     */
-
-	    /* Recalculate the checksum with no confounder */
-	    krb5_md4_calculate_cksum(&working,
-				(krb5_pointer) NULL,
-				(size_t) 0,
-				in,
-				in_length);
-
-	    /* Use the key "as-is" */
-	    keyblock.length = seed_length;
-	    keyblock.contents = (krb5_octet *) seed;
-	    keyblock.enctype = ENCTYPE_DES_CBC_MD4;
-
-	    if ((retval = mit_des_process_key(&eblock, &keyblock)))
-		return retval;
-	    /* now encrypt the checksum */
-	    retval = mit_des_cbc_encrypt((mit_des_cblock *)&working.digest[0],
-					 (mit_des_cblock *)&outtmp[0],
-					 RSA_MD4_CKSUM_LENGTH,
-					 (struct mit_des_ks_struct *)
-					 	eblock.priv,
-					 keyblock.contents,
-					 MIT_DES_ENCRYPT);
-	    if (retval) {
-		(void) mit_des_finish_key(&eblock);
-		return retval;
-	    }
-	    if ((retval = mit_des_finish_key(&eblock)))
-		return(retval);
-
-	    /* Compare the encrypted checksums */
-	    if (memcmp((char *) &outtmp[0],
-		       (char *) cksum->contents,
-		       OLD_RSA_MD4_DES_CKSUM_LENGTH))
-		retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	}
-	else
-#endif	/* MD4_K5BETA_COMPAT */
-	if (cksum->length == (NEW_RSA_MD4_DES_CKSUM_LENGTH)) {
-	    /*
-	     * If we're verifying the correct implementation, then we have
-	     * to do a little more work because we must decrypt the checksum
-	     * because it contains the confounder in it.  So, figure out
-	     * what our key variant is and then do it!
-	     */
-
-	    /* Set up the variant of the key (see RFC 1510 section 6.4.3) */
-	    memset((char *) tmpkey, 0, sizeof(mit_des_cblock));
-	    for (i=0; (i<seed_length) && (i<sizeof(mit_des_cblock)); i++)
-		tmpkey[i] = (((krb5_octet *) seed)[i]) ^ 0xf0;
-
-	    keyblock.length = sizeof(mit_des_cblock);
-	    keyblock.contents = (krb5_octet *) tmpkey;
-	    keyblock.enctype = ENCTYPE_DES_CBC_MD4;
-
-	    if ((retval = mit_des_process_key(&eblock, &keyblock)))
-		return retval;
-	    /* now decrypt it */
-	    retval = mit_des_cbc_encrypt((mit_des_cblock *)cksum->contents,
-					 (mit_des_cblock *)&outtmp[0],
-					 NEW_RSA_MD4_DES_CKSUM_LENGTH,
-					 (struct mit_des_ks_struct *)
-					 	eblock.priv,
-					 zero_ivec,
-					 MIT_DES_DECRYPT);
-	    if (retval) {
-		(void) mit_des_finish_key(&eblock);
-		return retval;
-	    }
-	    if ((retval = mit_des_finish_key(&eblock)))
-		return(retval);
-
-	    /* Now that we have the decrypted checksum, try to regenerate it */
-	    krb5_md4_calculate_cksum(&working,
-				(krb5_pointer) outtmp,
-				(size_t) RSA_MD4_DES_CONFOUND_LENGTH,
-				in,
-				in_length);
-
-	    /* Compare the checksums */
-	    if (memcmp((char *) &outtmp[RSA_MD4_DES_CONFOUND_LENGTH],
-		       (char *) &working.digest[0],
-		       RSA_MD4_CKSUM_LENGTH))
-		retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	}
-	else 
-	    retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    else
-	retval = KRB5KRB_AP_ERR_INAPP_CKSUM;
-
-    /* Clean up droppings */
-    memset((char *)&working, 0, sizeof(working));
-    return(retval);
-}
-
-krb5_checksum_entry rsa_md4_des_cksumtable_entry = 
-#if	defined(MD4_K5BETA_COMPAT) && defined(MD4_K5BETA_COMPAT_DEF)
-{
-    0,
-    krb5_md4_crypto_compat_sum_func,
-    krb5_md4_crypto_verify_func,
-    OLD_RSA_MD4_DES_CKSUM_LENGTH,
-    1,					/* is collision proof */
-    1,					/* uses key */
-};
-#else	/* MD4_K5BETA_COMPAT && MD4_K5BETA_COMPAT_DEF */
-{
-    0,
-    krb5_md4_crypto_sum_func,
-    krb5_md4_crypto_verify_func,
-    NEW_RSA_MD4_DES_CKSUM_LENGTH,
-    1,					/* is collision proof */
-    1,					/* uses key */
-};
-#endif	/* MD4_K5BETA_COMPAT && MD4_K5BETA_COMPAT_DEF */
-
-#ifdef	MD4_K5BETA_COMPAT
-/*
- * Turn on/off compatible checksum generation.
- */
-void
-krb5_md4_crypto_compat_ctl(scompat)
-    krb5_boolean	scompat;
-{
-    if (scompat) {
-	rsa_md4_des_cksumtable_entry.sum_func = krb5_md4_crypto_compat_sum_func;
-	rsa_md4_des_cksumtable_entry.checksum_length =
-	    OLD_RSA_MD4_DES_CKSUM_LENGTH;
-    }
-    else {
-	rsa_md4_des_cksumtable_entry.sum_func = krb5_md4_crypto_sum_func;
-	rsa_md4_des_cksumtable_entry.checksum_length =
-	    NEW_RSA_MD4_DES_CKSUM_LENGTH;
-    }
-}
-#endif	/* MD4_K5BETA_COMPAT */
diff --git a/src/lib/crypto/md4/md4driver.c b/src/lib/crypto/md4/md4driver.c
deleted file mode 100644
index 425ef2954..000000000
--- a/src/lib/crypto/md4/md4driver.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- *	lib/crypto/md4/md4driver.c
- */
-
-/*
- **********************************************************************
- ** md4driver.c -- sample routines to test                           **
- ** RSA Data Security, Inc. MD4 message digest algorithm.            **
- ** Created: 2/16/90 RLR                                             **
- ** Updated: 1/91 SRD                                                **
- **********************************************************************
- */
-
-/*
- **********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
- **                                                                  **
- ** RSA Data Security, Inc. makes no representations concerning      **
- ** either the merchantability of this software or the suitability   **
- ** of this software for any particular purpose.  It is provided "as **
- ** is" without express or implied warranty of any kind.             **
- **                                                                  **
- ** These notices must be retained in any copies of any part of this **
- ** documentation and/or software.                                   **
- **********************************************************************
- */
-
-#include "k5-int.h"
-#include "rsa-md4.h"
-
-/* Prints message digest buffer in mdContext as 32 hexadecimal digits.
-   Order is from low-order byte to high-order byte of digest.
-   Each byte is printed with high-order hexadecimal digit first.
- */
-static void MDPrint (mdContext)
-krb5_MD4_CTX *mdContext;
-{
-  int i;
-
-  for (i = 0; i < 16; i++)
-    printf ("%02x", mdContext->digest[i]);
-}
-
-/* size of test block */
-#define TEST_BLOCK_SIZE 1000
-
-/* number of blocks to process */
-#define TEST_BLOCKS 2000
-
-/* number of test bytes = TEST_BLOCK_SIZE * TEST_BLOCKS */
-static long TEST_BYTES = (long)TEST_BLOCK_SIZE * (long)TEST_BLOCKS;
-
-/* A time trial routine, to measure the speed of MD4.
-   Measures wall time required to digest TEST_BLOCKS * TEST_BLOCK_SIZE
-   characters.
- */
-static void MDTimeTrial ()
-{
-  krb5_MD4_CTX mdContext;
-  time_t endTime, startTime;
-  unsigned char data[TEST_BLOCK_SIZE];
-  unsigned int i;
-
-  /* initialize test data */
-  for (i = 0; i < TEST_BLOCK_SIZE; i++)
-    data[i] = (unsigned char)(i & 0xFF);
-
-  /* start timer */
-  printf ("MD4 time trial. Processing %ld characters...\n", TEST_BYTES);
-  time (&startTime);
-
-  /* digest data in TEST_BLOCK_SIZE byte blocks */
-  krb5_MD4Init (&mdContext);
-  for (i = TEST_BLOCKS; i > 0; i--)
-    krb5_MD4Update (&mdContext, data, TEST_BLOCK_SIZE);
-  krb5_MD4Final (&mdContext);
-  /* stop timer, get time difference */
-  time (&endTime);
-  MDPrint (&mdContext);
-  printf (" is digest of test input.\n");
-  printf
-    ("Seconds to process test input: %ld\n", (long)(endTime-startTime));
-  printf
-    ("Characters processed per second: %ld\n",
-     TEST_BYTES/(endTime-startTime));
-}
-
-/* Computes the message digest for string inString.
-   Prints out message digest, a space, the string (in quotes) and a
-   carriage return.
- */
-static void MDString (inString)
-char *inString;
-{
-  krb5_MD4_CTX mdContext;
-  unsigned int len = strlen (inString);
-
-  krb5_MD4Init (&mdContext);
-  krb5_MD4Update (&mdContext, inString, len);
-  krb5_MD4Final (&mdContext);
-  MDPrint (&mdContext);
-  printf (" \"%s\"\n\n", inString);
-}
-
-/* Computes the message digest for a specified file.
-   Prints out message digest, a space, the file name, and a carriage
-   return.
- */
-static void MDFile (filename)
-char *filename;
-{
-#ifdef __STDC__
-  FILE *inFile = fopen (filename, "rb");
-#else
-  FILE *inFile = fopen (filename, "r");
-#endif
-  krb5_MD4_CTX mdContext;
-  int bytes;
-  unsigned char data[1024];
-
-  if (inFile == NULL) {
-    printf ("%s can't be opened.\n", filename);
-    return;
-  }
-
-  krb5_MD4Init (&mdContext);
-  while ((bytes = fread (data, 1, 1024, inFile)) != 0)
-    krb5_MD4Update (&mdContext, data, bytes);
-  krb5_MD4Final (&mdContext);
-  MDPrint (&mdContext);
-  printf (" %s\n", filename);
-  fclose (inFile);
-}
-
-
-/* Writes the message digest of the data from stdin onto stdout,
-   followed by a carriage return.
- */
-static void MDFilter ()
-{
-  krb5_MD4_CTX mdContext;
-  int bytes;
-  unsigned char data[16];
-
-  krb5_MD4Init (&mdContext);
-  while ((bytes = fread (data, 1, 16, stdin)) != 0)
-    krb5_MD4Update (&mdContext, data, bytes);
-  krb5_MD4Final (&mdContext);
-  MDPrint (&mdContext);
-  printf ("\n");
-}
-
-/* Runs a standard suite of test data.
- */
-static void MDTestSuite ()
-{
-  printf ("MD4 test suite results:\n\n");
-  MDString ("");
-  MDString ("a");
-  MDString ("abc");
-  MDString ("message digest");
-  MDString ("abcdefghijklmnopqrstuvwxyz");
-  MDString
-    ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
-  MDString
-    ("1234567890123456789012345678901234567890\
-1234567890123456789012345678901234567890");
-  /* Contents of file foo are "abc" */
-  MDFile ("foo");
-}
-
-void main (argc, argv)
-int argc;
-char *argv[];
-{
-  int i;
-
-  /* For each command line argument in turn:
-  ** filename          -- prints message digest and name of file
-  ** -sstring          -- prints message digest and contents of string
-  ** -t                -- prints time trial statistics for 1M characters
-  ** -x                -- execute a standard suite of test data
-  ** (no args)         -- writes messages digest of stdin onto stdout
-  */
-  if (argc == 1)
-    MDFilter ();
-  else
-    for (i = 1; i < argc; i++)
-      if (argv[i][0] == '-' && argv[i][1] == 's')
-        MDString (argv[i] + 2);
-      else if (strcmp (argv[i], "-t") == 0)
-        MDTimeTrial ();
-      else if (strcmp (argv[i], "-x") == 0)
-        MDTestSuite ();
-      else MDFile (argv[i]);
-}
-
-/*
- **********************************************************************
- ** End of md4driver.c                                               **
- ******************************* (cut) ********************************
- */
diff --git a/src/lib/crypto/md4/md4glue.c b/src/lib/crypto/md4/md4glue.c
deleted file mode 100644
index f7e566e9b..000000000
--- a/src/lib/crypto/md4/md4glue.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * lib/crypto/md4/md4glue.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- * Kerberos glue for MD4 sample implementation.
- */
-
-#include "k5-int.h"
-#include "rsa-md4.h"
-
-/* Windows needs to these prototypes for the assignment below */
-
-krb5_error_code
-krb5_md4_sum_func PROTOTYPE((
-	krb5_const krb5_pointer in,
-	krb5_const size_t in_length,
-	krb5_const krb5_pointer seed,
-	krb5_const size_t seed_length,
-	krb5_checksum FAR *outcksum));
-
-krb5_error_code
-krb5_md4_verify_func PROTOTYPE((
-	krb5_const krb5_checksum FAR *cksum,
-	krb5_const krb5_pointer in,
-	krb5_const size_t in_length,
-	krb5_const krb5_pointer seed,
-	krb5_const size_t seed_length));
-
-krb5_error_code
-krb5_md4_sum_func(in, in_length, seed, seed_length, outcksum)
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer seed;
-    krb5_const size_t seed_length;
-    krb5_checksum FAR *outcksum;
-{
-    krb5_octet *input = (krb5_octet *)in;
-    krb5_MD4_CTX working;
-
-    if (outcksum->length < RSA_MD4_CKSUM_LENGTH)
-	return KRB5_BAD_MSIZE;
-    
-    krb5_MD4Init(&working);
-    krb5_MD4Update(&working, input, in_length);
-    krb5_MD4Final(&working);
-
-    outcksum->checksum_type = CKSUMTYPE_RSA_MD4;
-    outcksum->length = RSA_MD4_CKSUM_LENGTH;
-
-    memcpy((char *)outcksum->contents, (char *)&working.digest[0],
-	   RSA_MD4_CKSUM_LENGTH);
-
-    memset((char *)&working, 0, sizeof(working));
-    return 0;
-}
-
-krb5_error_code
-krb5_md4_verify_func(cksum, in, in_length, seed, seed_length)
-    krb5_const krb5_checksum FAR *cksum;
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer seed;
-    krb5_const size_t seed_length;
-{
-    krb5_octet *input = (krb5_octet *)in;
-    krb5_MD4_CTX working;
-    krb5_error_code retval;
-
-    retval = 0;
-    if (cksum->checksum_type == CKSUMTYPE_RSA_MD4) {
-	if (cksum->length == RSA_MD4_CKSUM_LENGTH) {
-	    krb5_MD4Init(&working);
-	    krb5_MD4Update(&working, input, in_length);
-	    krb5_MD4Final(&working);
-
-	    if (memcmp((char *) cksum->contents,
-		       (char *) &working.digest[0],
-		       RSA_MD4_CKSUM_LENGTH))
-		retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	    memset((char *)&working, 0, sizeof(working));
-	}
-	else
-	    retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    else
-	retval = KRB5KRB_AP_ERR_INAPP_CKSUM;
-    return retval;
-}
-
-krb5_checksum_entry rsa_md4_cksumtable_entry = {
-    0,
-    krb5_md4_sum_func,
-    krb5_md4_verify_func,
-    RSA_MD4_CKSUM_LENGTH,
-    1,					/* is collision proof */
-    0,					/* doesn't use key */
-};