Consolidate the IOV and non-IOV encryption/decryption code paths, and

drop the _iov suffix from most encryption- and decryption-related
functions.  The enc_provider encrypt and decrypt functions take IOVs,
as do the enctype entries in etypes.c, and there are no separate
encrypt_iov or decrypt_iov functions.

aead_provider is gone.  Enctype functions now take pointers to the
enctype entry instead of pointers to the enc/hash/aead providers; this
allows dk_encrypt and dk_decrypt to be polymorphic in the length
function they use now that AES and DES3 can't differentiate by aead
provider.

aes_string_to_key needed to be moved into the krb/ fold for this since
it's an enctype function; it was duplicated between builtin/ and
openssl/ before.  This leaves openssl/aes empty; the build system
currently demands that all modules have the same directory structure,
so the directory and Makefile will stick around for now.

Three separate copies of the derive_random logic are also now
consolidated into one.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 8 insertions, 122 deletions

diff --git a/src/lib/crypto/openssl/aes/Makefile.in b/src/lib/crypto/openssl/aes/Makefile.in
index b1848d6f7..6352c3dc2 100644
--- a/src/lib/crypto/openssl/aes/Makefile.in
+++ b/src/lib/crypto/openssl/aes/Makefile.in
@@ -1,3 +1,7 @@
+# Nothing here!  But we can't remove this directory as the build
+# system currently assumes that all modules have the same directory
+# structure.
+
 mydir=lib/crypto/openssl/aes
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb/dk  -I$(srcdir)/../../../../include
@@ -10,14 +14,11 @@ DEFS=
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
-STLIBOBJS=\
-	aes_s2k.o
+STLIBOBJS=
 
-OBJS=\
-	$(OUTPRE)aes_s2k.$(OBJEXT)
+OBJS=
 
-SRCS=\
-	$(srcdir)/aes_s2k.c
+SRCS=
 
 
 ##DOS##LIBOBJS = $(OBJS)
diff --git a/src/lib/crypto/openssl/aes/aes_s2k.c b/src/lib/crypto/openssl/aes/aes_s2k.c
deleted file mode 100644
index b2fa1f1d9..000000000
--- a/src/lib/crypto/openssl/aes/aes_s2k.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * lib/crypto/openssl/aes/aes_s2k.c
- *
- * Copyright 2003, 2009 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb5int_aes_string_to_key
- */
-
-#include "k5-int.h"
-#include "dk.h"
-#include "aes_s2k.h"
-
-#define DEFAULT_ITERATION_COUNT         4096 /* was 0xb000L in earlier drafts */
-#define MAX_ITERATION_COUNT             0x1000000L
-
-krb5_error_code
-krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
-                          const krb5_data *string,
-                          const krb5_data *salt,
-                          const krb5_data *params,
-                          krb5_keyblock *key)
-{
-    unsigned long iter_count;
-    krb5_data out;
-    static const krb5_data usage = { KV5M_DATA, 8, "kerberos" };
-    krb5_key tempkey = NULL;
-    krb5_error_code err;
-
-    if (params) {
-        unsigned char *p = (unsigned char *) params->data;
-        if (params->length != 4)
-            return KRB5_ERR_BAD_S2K_PARAMS;
-        /* The first two need casts in case 'int' is 16 bits.  */
-        iter_count = load_32_be(p);
-        if (iter_count == 0) {
-            iter_count = (1UL << 16) << 16;
-            if (((iter_count >> 16) >> 16) != 1)
-                return KRB5_ERR_BAD_S2K_PARAMS;
-        }
-    } else
-        iter_count = DEFAULT_ITERATION_COUNT;
-
-    /* This is not a protocol specification constraint; this is an
-       implementation limit, which should eventually be controlled by
-       a config file.  */
-    if (iter_count >= MAX_ITERATION_COUNT)
-        return KRB5_ERR_BAD_S2K_PARAMS;
-
-    /* Use the output keyblock contents for temporary space. */
-    out.data = (char *) key->contents;
-    out.length = key->length;
-    if (out.length != 16 && out.length != 32)
-        return KRB5_CRYPTO_INTERNAL;
-
-    err = krb5int_pbkdf2_hmac_sha1 (&out, iter_count, string, salt);
-    if (err)
-        goto cleanup;
-
-    err = krb5_k_create_key (NULL, key, &tempkey);
-    if (err)
-        goto cleanup;
-
-    err = krb5int_derive_keyblock (enc, tempkey, key, &usage);
-
-cleanup:
-    if (err)
-        memset (out.data, 0, out.length);
-    krb5_k_free_key (NULL, tempkey);
-    return err;
-}
diff --git a/src/lib/crypto/openssl/aes/aes_s2k.h b/src/lib/crypto/openssl/aes/aes_s2k.h
deleted file mode 100644
index f9bb1fec1..000000000
--- a/src/lib/crypto/openssl/aes/aes_s2k.h
+++ /dev/null
@@ -1,10 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * lib/crypto/openssl/aes/aes_s2k.h
- */
-
-
-extern krb5_error_code
-krb5int_aes_string_to_key (const struct krb5_enc_provider *,
-                           const krb5_data *, const krb5_data *,
-                           const krb5_data *, krb5_keyblock *key);
diff --git a/src/lib/crypto/openssl/aes/deps b/src/lib/crypto/openssl/aes/deps
index 93ce8c90f..2feac3c9d 100644
--- a/src/lib/crypto/openssl/aes/deps
+++ b/src/lib/crypto/openssl/aes/deps
@@ -1,14 +1 @@
-# 
-# Generated makefile dependencies follow.
-#
-aes_s2k.so aes_s2k.po $(OUTPRE)aes_s2k.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/dk/dk.h \
-  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
-  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
-  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
-  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
-  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
-  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
-  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
-  aes_s2k.c aes_s2k.h
+# No dependencies here.