pull up 3des implementation from the marc-3des branch

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970

5 files changed, 15 insertions, 656 deletions

diff --git a/src/lib/crypto/md5/ChangeLog b/src/lib/crypto/md5/ChangeLog
index 1c0026add..79fb94a7d 100644
--- a/src/lib/crypto/md5/ChangeLog
+++ b/src/lib/crypto/md5/ChangeLog
@@ -1,3 +1,7 @@
+Sun Jul 19 12:00:00 1998  Marc Horowitz <marc@mit.edu>
+
+	* *.c: replace the crypto layer.
+
 Tue Mar  3 08:42:10 1998  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
 	* Makefile.in (t_cksum): Do not depend on libkrb5.a, use 
diff --git a/src/lib/crypto/md5/Makefile.in b/src/lib/crypto/md5/Makefile.in
index 3707f897b..219fa3081 100644
--- a/src/lib/crypto/md5/Makefile.in
+++ b/src/lib/crypto/md5/Makefile.in
@@ -1,6 +1,6 @@
 thisconfigdir=./..
 BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U)
-CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/../des
+CFLAGS = $(CCOPTS) $(DEFS)
 
 ##DOS##BUILDTOP = ..\..\..
 ##DOS##PREFIXDIR=md5
@@ -10,35 +10,35 @@ CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/../des
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
-RUN_SETUP = @KRB5_RUN_ENV@
+RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf
 
-STLIBOBJS=md5.o md5glue.o md5crypto.o
+STLIBOBJS= md5.o
 
-OBJS=	md5.$(OBJEXT) md5glue.$(OBJEXT) md5crypto.$(OBJEXT)
-SRCS=	$(srcdir)/md5.c $(srcdir)/md5glue.c $(srcdir)/md5crypto.c
+OBJS= md5.$(OBJEXT) 
+
+SRCS= $(srcdir)/md5.c
 
 ##DOS##LIBOBJS = $(OBJS)
 
 all-unix:: all-libobjs
 
+includes:: depend
+
+depend:: $(SRCS)
+
 t_mddriver: t_mddriver.o md5.o
 	$(CC) $(CFLAGS) $(LDFLAGS) -o t_mddriver t_mddriver.o md5.o
 
 t_mddriver.exe:
 	$(CC) $(CFLAGS2) -o t_mddriver.exe t_mddriver.c md5.c
 
-t_cksum: t_cksum.o $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o t_cksum t_cksum.o $(KRB5_BASE_LIBS)
-
-check-unix:: t_mddriver t_cksum
+check-unix:: t_mddriver
 	$(RUN_SETUP) $(C)t_mddriver -x
-	$(RUN_SETUP) $(C)t_cksum "this is a test"
 
 check-windows:: t_mddriver$(EXEEXT)
 	$(C)t_mddriver$(EXEEXT) -x
 
 clean:: 
 	$(RM) t_mddriver$(EXEEXT) t_mddriver.$(OBJEXT)
-	$(RM) t_cksum$(EXEEXT) t_cksum.$(OBJEXT)
 
 clean-unix:: clean-libobjs
diff --git a/src/lib/crypto/md5/md5crypto.c b/src/lib/crypto/md5/md5crypto.c
deleted file mode 100644
index b83e50e77..000000000
--- a/src/lib/crypto/md5/md5crypto.c
+++ /dev/null
@@ -1,353 +0,0 @@
-#include "k5-int.h"
-#include "rsa-md5.h"
-#include "des_int.h"	/* we cheat a bit and call it directly... */
-
-/*
- * In Kerberos V5 Beta 5 and previous releases the RSA-MD5-DES implementation
- * did not follow RFC1510.  The folowing definitions control the compatibility
- * with these releases.
- *
- * If MD5_K5BETA_COMPAT is defined, then compatability mode is enabled.  That
- * means that both checksum functions are compiled and available for use and
- * the additional interface krb5_md5_crypto_compat_ctl() is defined.
- *
- * If MD5_K5BETA_COMPAT_DEF is defined and compatability mode is enabled, then
- * the compatible behaviour becomes the default.
- *
- */
-#define MD5_K5BETA_COMPAT
-#define MD5_K5BETA_COMPAT_DEF
-
-
-/* Windows needs to these prototypes for the assignment below */
-
-#ifdef MD5_K5BETA_COMPAT
-krb5_error_code
-krb5_md5_crypto_compat_sum_func PROTOTYPE((
-	krb5_const krb5_pointer in,
-	krb5_const size_t in_length,
-	krb5_const krb5_pointer seed,
-	krb5_const size_t seed_length,
-	krb5_checksum FAR *outcksum));
-#endif
-
-krb5_error_code
-krb5_md5_crypto_sum_func PROTOTYPE((
-	krb5_const krb5_pointer in,
-	krb5_const size_t in_length,
-	krb5_const krb5_pointer seed,
-	krb5_const size_t seed_length,
-	krb5_checksum FAR *outcksum));
-
-krb5_error_code
-krb5_md5_crypto_verify_func PROTOTYPE((
-	krb5_const krb5_checksum FAR *cksum,
-	krb5_const krb5_pointer in,
-	krb5_const size_t in_length,
-	krb5_const krb5_pointer seed,
-	krb5_const size_t seed_length));
-
-static mit_des_cblock zero_ivec = { 0 };
-
-static void
-krb5_md5_calculate_cksum(md5ctx, confound, confound_length, in, in_length)
-    krb5_MD5_CTX		*md5ctx;
-    krb5_pointer	in;
-    size_t		in_length;
-    krb5_pointer	confound;
-    size_t		confound_length;
-{
-    krb5_MD5Init(md5ctx);
-    if (confound && confound_length)
-	krb5_MD5Update(md5ctx, confound, confound_length);
-    krb5_MD5Update(md5ctx, in, in_length);
-    krb5_MD5Final(md5ctx);
-}
-
-#ifdef	MD5_K5BETA_COMPAT
-krb5_error_code
-krb5_md5_crypto_compat_sum_func(in, in_length, seed, seed_length, outcksum)
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer seed;
-    krb5_const size_t seed_length;
-    krb5_checksum FAR *outcksum;
-{
-    krb5_octet outtmp[OLD_RSA_MD5_DES_CKSUM_LENGTH];
-    krb5_octet *input = (krb5_octet *)in;
-    krb5_encrypt_block eblock;
-    krb5_keyblock keyblock;
-    krb5_error_code retval;
-
-    krb5_MD5_CTX working;
-
-    krb5_MD5Init(&working);
-    krb5_MD5Update(&working, input, in_length);
-    krb5_MD5Final(&working);
-
-    outcksum->checksum_type = CKSUMTYPE_RSA_MD5_DES;
-    outcksum->length = OLD_RSA_MD5_DES_CKSUM_LENGTH;
-
-    memcpy((char *)outtmp, (char *)&working.digest[0], 16);
-
-    memset((char *)&working, 0, sizeof(working));
-
-    keyblock.length = seed_length;
-    keyblock.contents = (krb5_octet *)seed;
-    keyblock.enctype = ENCTYPE_DES_CBC_MD5;
-
-    if ((retval = mit_des_process_key(&eblock, &keyblock)))
-	return retval;
-    /* now encrypt it */
-    retval = mit_des_cbc_encrypt((mit_des_cblock *)&outtmp[0],
-				 (mit_des_cblock *)outcksum->contents,
-				 OLD_RSA_MD5_DES_CKSUM_LENGTH,
-				 (struct mit_des_ks_struct *)eblock.priv,
-				 keyblock.contents,
-				 MIT_DES_ENCRYPT);
-    if (retval) {
-	(void) mit_des_finish_key(&eblock);
-	return retval;
-    }
-    return mit_des_finish_key(&eblock);
-}
-#endif	/* MD5_K5BETA_COMPAT */
-
-krb5_error_code
-krb5_md5_crypto_sum_func(in, in_length, seed, seed_length, outcksum)
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer seed;
-    krb5_const size_t seed_length;
-    krb5_checksum FAR *outcksum;
-{
-    krb5_octet outtmp[NEW_RSA_MD5_DES_CKSUM_LENGTH];
-    mit_des_cblock	tmpkey;
-    krb5_encrypt_block eblock;
-    krb5_keyblock keyblock;
-    krb5_error_code retval;
-    size_t i;
-    krb5_MD5_CTX working;
-
-    if (outcksum->length < NEW_RSA_MD5_DES_CKSUM_LENGTH)
-	return KRB5_BAD_MSIZE;
-
-    /* Generate the confounder in place */
-    if ((retval = krb5_random_confounder(RSA_MD5_DES_CONFOUND_LENGTH, outtmp)))
-	return(retval);
-
-    /* Calculate the checksum */
-    krb5_md5_calculate_cksum(&working,
-			(krb5_pointer) outtmp,
-			(size_t) RSA_MD5_DES_CONFOUND_LENGTH,
-			in,
-			in_length);
-
-    outcksum->checksum_type = CKSUMTYPE_RSA_MD5_DES;
-    outcksum->length = NEW_RSA_MD5_DES_CKSUM_LENGTH;
-
-    /* Now blast in the digest */
-    memcpy((char *)&outtmp[RSA_MD5_DES_CONFOUND_LENGTH],
-	   (char *)&working.digest[0],
-	   RSA_MD5_CKSUM_LENGTH);
-
-    /* Clean up the droppings */
-    memset((char *)&working, 0, sizeof(working));
-
-    /* Set up the temporary copy of the key (see RFC 1510 section 6.4.5) */
-    memset((char *) tmpkey, 0, sizeof(mit_des_cblock));
-    for (i=0; (i<seed_length) && (i<sizeof(mit_des_cblock)); i++)
-	tmpkey[i] = (((krb5_octet *) seed)[i]) ^ 0xf0;
-
-    keyblock.length = sizeof(mit_des_cblock);
-    keyblock.contents = (krb5_octet *) tmpkey;
-    keyblock.enctype = ENCTYPE_DES_CBC_MD5;
-
-    if ((retval = mit_des_process_key(&eblock, &keyblock)))
-	return retval;
-    /* now encrypt it */
-    retval = mit_des_cbc_encrypt((mit_des_cblock *)&outtmp[0],
-				 (mit_des_cblock *)outcksum->contents,
-				 NEW_RSA_MD5_DES_CKSUM_LENGTH,
-				 (struct mit_des_ks_struct *)eblock.priv,
-				 zero_ivec,
-				 MIT_DES_ENCRYPT);
-    if (retval) {
-	(void) mit_des_finish_key(&eblock);
-	return retval;
-    }
-    return mit_des_finish_key(&eblock);
-}
-
-krb5_error_code
-krb5_md5_crypto_verify_func(cksum, in, in_length, seed, seed_length)
-    krb5_const krb5_checksum FAR *cksum;
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer seed;
-    krb5_const size_t seed_length;
-{
-    krb5_octet outtmp[NEW_RSA_MD5_DES_CKSUM_LENGTH];
-    mit_des_cblock	tmpkey;
-    krb5_encrypt_block eblock;
-    krb5_keyblock keyblock;
-    krb5_error_code retval;
-    size_t i;
-
-    krb5_MD5_CTX working;
-
-    retval = 0;
-    if (cksum->checksum_type == CKSUMTYPE_RSA_MD5_DES) {
-#ifdef	MD5_K5BETA_COMPAT
-	/*
-	 * We have a backwards compatibility problem here.  Kerberos
-	 * version 5 Beta 5 and previous releases did not correctly
-	 * generate RSA-MD5-DES checksums.  The way that we can
-	 * differentiate is by the length of the provided checksum.
-	 * If it's only OLD_RSA_MD5_DES_CKSUM_LENGTH, then it's the
-	 * old style, otherwise it's the correct implementation.
-	 */
-	if (cksum->length == OLD_RSA_MD5_DES_CKSUM_LENGTH) {
-	    /*
-	     * If we're verifying the Old Style (tm) checksum, then we can just
-	     * recalculate the checksum and encrypt it and see if it's the
-	     * same.
-	     */
-
-	    /* Recalculate the checksum with no confounder */
-	    krb5_md5_calculate_cksum(&working,
-				(krb5_pointer) NULL,
-				(size_t) 0,
-				in,
-				in_length);
-
-	    /* Use the key "as-is" */
-	    keyblock.length = seed_length;
-	    keyblock.contents = (krb5_octet *) seed;
-	    keyblock.enctype = ENCTYPE_DES_CBC_MD5;
-
-	    if ((retval = mit_des_process_key(&eblock, &keyblock)))
-		return retval;
-	    /* now encrypt the checksum */
-	    retval = mit_des_cbc_encrypt((mit_des_cblock *)&working.digest[0],
-					 (mit_des_cblock *)&outtmp[0],
-					 OLD_RSA_MD5_DES_CKSUM_LENGTH,
-					 (struct mit_des_ks_struct *)
-					 	eblock.priv,
-					 keyblock.contents,
-					 MIT_DES_ENCRYPT);
-	    if (retval) {
-		(void) mit_des_finish_key(&eblock);
-		return retval;
-	    }
-	    if ((retval = mit_des_finish_key(&eblock)))
-		return(retval);
-
-	    /* Compare the encrypted checksums */
-	    if (memcmp((char *) &outtmp[0],
-		       (char *) cksum->contents,
-		       OLD_RSA_MD5_DES_CKSUM_LENGTH))
-		retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	}
-	else
-#endif	/* MD5_K5BETA_COMPAT */
-	if (cksum->length == (NEW_RSA_MD5_DES_CKSUM_LENGTH)) {
-	    /*
-	     * If we're verifying the correct implementation, then we have
-	     * to do a little more work because we must decrypt the checksum
-	     * because it contains the confounder in it.  So, figure out
-	     * what our key variant is and then do it!
-	     */
-
-	    /* Set up the variant of the key (see RFC 1510 section 6.4.5) */
-	    memset((char *) tmpkey, 0, sizeof(mit_des_cblock));
-	    for (i=0; (i<seed_length) && (i<sizeof(mit_des_cblock)); i++)
-		tmpkey[i] = (((krb5_octet *) seed)[i]) ^ 0xf0;
-
-	    keyblock.length = sizeof(mit_des_cblock);
-	    keyblock.contents = (krb5_octet *) tmpkey;
-	    keyblock.enctype = ENCTYPE_DES_CBC_MD5;
-
-	    if ((retval = mit_des_process_key(&eblock, &keyblock)))
-		return retval;
-	    /* now decrypt it */
-	    retval = mit_des_cbc_encrypt((mit_des_cblock *)cksum->contents,
-					 (mit_des_cblock *)&outtmp[0],
-					 NEW_RSA_MD5_DES_CKSUM_LENGTH,
-					 (struct mit_des_ks_struct *)
-					 	eblock.priv,
-					 zero_ivec,
-					 MIT_DES_DECRYPT);
-	    if (retval) {
-		(void) mit_des_finish_key(&eblock);
-		return retval;
-	    }
-	    if ((retval = mit_des_finish_key(&eblock)))
-		return(retval);
-
-	    /* Now that we have the decrypted checksum, try to regenerate it */
-	    krb5_md5_calculate_cksum(&working,
-				(krb5_pointer) outtmp,
-				(size_t) RSA_MD5_DES_CONFOUND_LENGTH,
-				in,
-				in_length);
-
-	    /* Compare the checksums */
-	    if (memcmp((char *) &outtmp[RSA_MD5_DES_CONFOUND_LENGTH],
-		       (char *) &working.digest[0],
-		       RSA_MD5_CKSUM_LENGTH))
-		retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	}
-	else 
-	    retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    else
-	retval = KRB5KRB_AP_ERR_INAPP_CKSUM;
-
-    /* Clean up droppings */
-    memset((char *)&working, 0, sizeof(working));
-    return(retval);
-}
-
-krb5_checksum_entry rsa_md5_des_cksumtable_entry =
-#if	defined(MD5_K5BETA_COMPAT) && defined(MD5_K5BETA_COMPAT_DEF)
-{
-    0,
-    krb5_md5_crypto_compat_sum_func,
-    krb5_md5_crypto_verify_func,
-    OLD_RSA_MD5_DES_CKSUM_LENGTH,
-    1,					/* is collision proof */
-    1,					/* uses key */
-};
-#else	/* MD5_K5BETA_COMPAT && MD5_K5BETA_COMPAT_DEF */
-{
-    0,
-    krb5_md5_crypto_sum_func,
-    krb5_md5_crypto_verify_func,
-    NEW_RSA_MD5_DES_CKSUM_LENGTH,
-    1,					/* is collision proof */
-    1,					/* uses key */
-};
-#endif	/* MD5_K5BETA_COMPAT && MD5_K5BETA_COMPAT_DEF */
-
-#ifdef	MD5_K5BETA_COMPAT
-/*
- * Turn on/off compatible checksum generation.
- */
-void
-krb5_md5_crypto_compat_ctl(scompat)
-    krb5_boolean	scompat;
-{
-    if (scompat) {
-	rsa_md5_des_cksumtable_entry.sum_func = krb5_md5_crypto_compat_sum_func;
-	rsa_md5_des_cksumtable_entry.checksum_length =
-	    OLD_RSA_MD5_DES_CKSUM_LENGTH;
-    }
-    else {
-	rsa_md5_des_cksumtable_entry.sum_func = krb5_md5_crypto_sum_func;
-	rsa_md5_des_cksumtable_entry.checksum_length =
-	    NEW_RSA_MD5_DES_CKSUM_LENGTH;
-    }
-}
-#endif	/* MD5_K5BETA_COMPAT */
-
diff --git a/src/lib/crypto/md5/md5glue.c b/src/lib/crypto/md5/md5glue.c
deleted file mode 100644
index 66d5aa791..000000000
--- a/src/lib/crypto/md5/md5glue.c
+++ /dev/null
@@ -1,89 +0,0 @@
-#include "k5-int.h"
-#include "rsa-md5.h"
-
-/* Windows needs to these prototypes for the assignment below */
-
-krb5_error_code
-krb5_md5_sum_func PROTOTYPE((
-	krb5_const krb5_pointer in,
-	krb5_const size_t in_length,
-	krb5_const krb5_pointer seed,
-	krb5_const size_t seed_length,
-	krb5_checksum FAR *outcksum));
-
-krb5_error_code
-krb5_md5_verify_func PROTOTYPE((
-	krb5_const krb5_checksum FAR *cksum,
-	krb5_const krb5_pointer in,
-	krb5_const size_t in_length,
-	krb5_const krb5_pointer seed,
-	krb5_const size_t seed_length));
-
-krb5_error_code
-krb5_md5_sum_func(in, in_length, seed, seed_length, outcksum)
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer seed;
-    krb5_const size_t seed_length;
-    krb5_checksum FAR *outcksum;
-{
-    krb5_octet *input = (krb5_octet *)in;
-    krb5_MD5_CTX working;
-
-    if (outcksum->length < RSA_MD5_CKSUM_LENGTH)
-	return KRB5_BAD_MSIZE;
-    
-    krb5_MD5Init(&working);
-    krb5_MD5Update(&working, input, in_length);
-    krb5_MD5Final(&working);
-
-    outcksum->checksum_type = CKSUMTYPE_RSA_MD5;
-    outcksum->length = RSA_MD5_CKSUM_LENGTH;
-
-    memcpy((char *)outcksum->contents, (char *)&working.digest[0], 16);
-
-    memset((char *)&working, 0, sizeof(working));
-    return 0;
-}
-
-krb5_error_code
-krb5_md5_verify_func(cksum, in, in_length, seed, seed_length)
-    krb5_const krb5_checksum FAR *cksum;
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer seed;
-    krb5_const size_t seed_length;
-{
-    krb5_octet *input = (krb5_octet *)in;
-    krb5_MD5_CTX working;
-    krb5_error_code retval;
-
-    retval = 0;
-    if (cksum->checksum_type == CKSUMTYPE_RSA_MD5) {
-	if (cksum->length == RSA_MD5_CKSUM_LENGTH) {
-	    krb5_MD5Init(&working);
-	    krb5_MD5Update(&working, input, in_length);
-	    krb5_MD5Final(&working);
-
-	    if (memcmp((char *) cksum->contents,
-		       (char *) &working.digest[0],
-		       RSA_MD5_CKSUM_LENGTH))
-		retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	    memset((char *)&working, 0, sizeof(working));
-	}
-	else
-	    retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    else
-	retval = KRB5KRB_AP_ERR_INAPP_CKSUM;
-    return retval;
-}
-
-krb5_checksum_entry rsa_md5_cksumtable_entry = {
-    0,
-    krb5_md5_sum_func,
-    krb5_md5_verify_func,
-    RSA_MD5_CKSUM_LENGTH,
-    1,					/* is collision proof */
-    0,					/* doesn't use key */
-};
diff --git a/src/lib/crypto/md5/t_cksum.c b/src/lib/crypto/md5/t_cksum.c
deleted file mode 100644
index 5bc63709d..000000000
--- a/src/lib/crypto/md5/t_cksum.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * lib/crypto/md5/t_cksum.c
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * t_cksum.c - Test checksum and checksum compatability for rsa-md[4,5]-des
- */
-
-#ifndef	MD
-#define	MD	5
-#endif	/* MD */
-
-#include "k5-int.h"
-#if	MD == 4
-#include "rsa-md4.h"
-#endif	/* MD == 4 */
-#if	MD == 5
-#include "rsa-md5.h"
-#endif	/* MD == 5 */
-#include "des_int.h"
-
-#define MD5_K5BETA_COMPAT
-#define MD4_K5BETA_COMPAT
-
-#if	MD == 4
-#define	CONFOUNDER_LENGTH	RSA_MD4_DES_CONFOUND_LENGTH
-#define	NEW_CHECKSUM_LENGTH	NEW_RSA_MD4_DES_CKSUM_LENGTH
-#define	OLD_CHECKSUM_LENGTH	OLD_RSA_MD4_DES_CKSUM_LENGTH
-#define	CHECKSUM_TYPE		CKSUMTYPE_RSA_MD4_DES
-#ifdef	MD4_K5BETA_COMPAT
-#define	K5BETA_COMPAT	1
-#else	/* MD4_K5BETA_COMPAT */
-#undef	K5BETA_COMPAT
-#endif	/* MD4_K5BETA_COMPAT */
-#define	CKSUM_FUNCTION		krb5_md4_crypto_sum_func
-#define	COMPAT_FUNCTION		krb5_md4_crypto_compat_sum_func
-#define	VERIFY_FUNCTION		krb5_md4_crypto_verify_func
-#endif	/* MD == 4 */
-
-#if	MD == 5
-#define	CONFOUNDER_LENGTH	RSA_MD5_DES_CONFOUND_LENGTH
-#define	NEW_CHECKSUM_LENGTH	NEW_RSA_MD5_DES_CKSUM_LENGTH
-#define	OLD_CHECKSUM_LENGTH	OLD_RSA_MD5_DES_CKSUM_LENGTH
-#define	CHECKSUM_TYPE		CKSUMTYPE_RSA_MD5_DES
-#ifdef	MD5_K5BETA_COMPAT
-#define	K5BETA_COMPAT	1
-#else	/* MD5_K5BETA_COMPAT */
-#undef	K5BETA_COMPAT
-#endif	/* MD5_K5BETA_COMPAT */
-#define	CKSUM_FUNCTION		krb5_md5_crypto_sum_func
-#define	COMPAT_FUNCTION		krb5_md5_crypto_compat_sum_func
-#define	VERIFY_FUNCTION		krb5_md5_crypto_verify_func
-#endif	/* MD == 5 */
-
-static void
-print_checksum(text, number, message, checksum)
-     char	*text;
-     int	number;
-     char	*message;
-     krb5_checksum	*checksum;
-{
-  int i;
-
-  printf("%s MD%d checksum(\"%s\") = ", text, number, message);
-  for (i=0; i<checksum->length; i++)
-    printf("%02x", checksum->contents[i]);
-  printf("\n");
-}
-
-/*
- * Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES
- * checksums.
- */
-int
-main(argc, argv)
-     int argc;
-     char **argv;
-{
-  int 			msgindex;
-  krb5_context		kcontext;
-  krb5_encrypt_block	encblock;
-  krb5_keyblock		keyblock;
-  krb5_error_code	kret;
-  krb5_checksum		oldstyle_checksum;
-  krb5_checksum		newstyle_checksum;
-  krb5_data		pwdata;
-  char			*pwd;
-
-  pwd = "test password";
-  pwdata.length = strlen(pwd);
-  pwdata.data = pwd;
-  krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE);
-  if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) {
-    printf("mit_des_string_to_key choked with %d\n", kret);
-    return(kret);
-  }
-  if ((kret = mit_des_process_key(&encblock, &keyblock))) {
-    printf("mit_des_process_key choked with %d\n", kret);
-    return(kret);
-  }
-
-  oldstyle_checksum.length = OLD_CHECKSUM_LENGTH;
-  if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) {
-    printf("cannot get memory for old style checksum\n");
-    return(ENOMEM);
-  }
-  newstyle_checksum.length = NEW_CHECKSUM_LENGTH;
-  if (!(newstyle_checksum.contents = (krb5_octet *)
-	malloc(NEW_CHECKSUM_LENGTH))) {
-    printf("cannot get memory for new style checksum\n");
-    return(ENOMEM);
-  }
-  for (msgindex = 1; msgindex < argc; msgindex++) {
-    if ((kret = CKSUM_FUNCTION(argv[msgindex],
-			       strlen(argv[msgindex]),
-			       (krb5_pointer) keyblock.contents,
-			       keyblock.length,
-			       &newstyle_checksum))) {
-      printf("krb5_calculate_checksum choked with %d\n", kret);
-      break;
-    }
-    print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
-#ifdef	K5BETA_COMPAT
-    if ((kret = COMPAT_FUNCTION(argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length,
-				&oldstyle_checksum))) {
-      printf("old style calculate_checksum choked with %d\n", kret);
-      break;
-    }
-    print_checksum("old", MD, argv[msgindex], &oldstyle_checksum);
-#endif	/* K5BETA_COMPAT */
-    if ((kret = VERIFY_FUNCTION(&newstyle_checksum,
-				argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length))) {
-      printf("verify on new checksum choked with %d\n", kret);
-      break;
-    }
-    printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
-#ifdef	K5BETA_COMPAT
-    if ((kret = VERIFY_FUNCTION(&oldstyle_checksum,
-				argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length))) {
-      printf("verify on old checksum choked with %d\n", kret);
-      break;
-    }
-    printf("Compatible checksum verify succeeded for \"%s\"\n",
-	   argv[msgindex]);
-#endif	/* K5BETA_COMPAT */
-    newstyle_checksum.contents[0]++;
-    if (!(kret = VERIFY_FUNCTION(&newstyle_checksum,
-				 argv[msgindex],
-				 strlen(argv[msgindex]),
-				 (krb5_pointer) keyblock.contents,
-				 keyblock.length))) {
-      printf("verify on new checksum should have choked\n");
-      break;
-    }
-    printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
-#ifdef	K5BETA_COMPAT
-    oldstyle_checksum.contents[0]++;
-    if (!(kret = VERIFY_FUNCTION(&oldstyle_checksum,
-				 argv[msgindex],
-				 strlen(argv[msgindex]),
-				 (krb5_pointer) keyblock.contents,
-				 keyblock.length))) {
-      printf("verify on old checksum should have choked\n");
-      break;
-    }
-    printf("Compatible checksum verify of altered checksum OK for \"%s\"\n",
-	   argv[msgindex]);
-#endif	/* K5BETA_COMPAT */
-    kret = 0;
-  }
-  if (!kret)
-    printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
-  return(kret);
-}