summaryrefslogtreecommitdiffstats
path: root/src/lib/crypto/openssl
Commit message (Collapse)AuthorAgeFilesLines
* Fix non-builtin crypto module buildsGreg Hudson2013-05-296-4/+24
| | | | | | | Commit 4b0985f8573840838bcfa8ec1df3dcd39a3dbf15 went a bit too far in pruning the placeholder makefiles for the openssl and nss crypto modules. We need enough boilerplate to create OBJS.SH in each directory.
* Simplify crypto IOV helpersGreg Hudson2013-05-244-189/+77
| | | | | | | | Expand the concept of an IOV block state into a cursor which remembers the IOV set being iterated over, the block size, and both input and output positions. Eliminate the no-copy inline block getter for now, but provide helpers to grab contiguous chains of blocks from a cursor. Also provide an inline helper to sum the total length of an iov chain.
* Reduce boilerplate in makefilesGreg Hudson2013-05-1610-135/+0
| | | | | | | | | Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH, SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make sure to use DEFINES for local defines (not DEFS). Remove some other unnecessary makefile content.
* fix crypto openssl hmac warningGilles Espinasse2013-05-091-1/+1
| | | | ticket: 7634
* Separate clpreauth and kdcpreauth interfacesGreg Hudson2012-12-194-57/+33
| | | | | | | Since there is no overlap between the clpreauth and kdcpreauth interface declarations, there's no particular reason to combine them into one header. For backward compatibility and convenience, leave behind a preauth_plugin.h which includes both.
* De-conditionalize Camellia codeGreg Hudson2012-10-091-22/+0
| | | | | | | | | | The Camellia enctypes and cksumtypes have received IANA assignments. Add #defines using those assignments to krb5.h, remove the CAMELLIA conditional, and enable testing code as appropriate. The Camellia draft has not received an RFC number yet, so there is no Doxygen markup for the enctype and cksumtype #defines. That can be added once the RFC number is known.
* Untabify some files mistakenly created with tabsGreg Hudson2011-09-041-8/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25140 dc483132-0cff-0310-8789-dd5450dbe970
* Move the des and AFS string-to-key implementations into lib/crypto/krb,Greg Hudson2011-03-115-101/+53
| | | | | | | | since they aren't standard crypto primitives. Revise the module SPI accordingly. Add tests for AFS string-to-key to t_str2key.c to replace the ones in the (now defunct) t_afss2k.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24699 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-0912-36/+18
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Add test vectors from RFC 3961 for DES and DES3 to t_str2key.c. FixGreg Hudson2011-03-051-1/+12
| | | | | | OpenSSL module handling of salts in its DES string-to-key. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24686 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a conceptual (but not practical) type mismatch in the OpenSSLGreg Hudson2011-03-051-1/+1
| | | | | | module's mit_des_fixup_key_parity resulting from r24677. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24683 dc483132-0cff-0310-8789-dd5450dbe970
* Make enc provider free_state function return voidGreg Hudson2011-03-051-13/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24682 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate almost all lib/crypto/krb headers into a singleGreg Hudson2011-03-0243-1140/+197
| | | | | | | | | | | | | crypto_int.h. In that header, define and document responsibilities for crypto modules, some of which are satisfied through a module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove many of the headers and sources providing functionality which isn't needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and SHA-1 hashing, as well as DES weak key testing). Change most Makefile.ins to only include headers from lib/crypto/krb and lib/crypto/$(CRYPTO_IMPL), instead of from many different directories. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677 dc483132-0cff-0310-8789-dd5450dbe970
* Reference random-to-key handlers through the enctype instead of theGreg Hudson2011-02-2713-98/+103
| | | | | | | | | | | | enc_provider, for consistency with string-to-key and the place of implementation (other enc_provider functions are implemented in the back end, but random-to-key handlers are in krb). Use a single handler for non-DES/DES3 enctypes since it's always just directly copying the bits. Collapse the three implementations (des, des3, and direct) into random_to_key.c, as they're very short, and eliminate the lib/crypto/krb/rand2key directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24669 dc483132-0cff-0310-8789-dd5450dbe970
* Remove nonexistent aes_ctr from object and source file lists inGreg Hudson2011-02-271-3/+0
| | | | | | lib/crypto/openssl/enc_provider/Makefile.in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24668 dc483132-0cff-0310-8789-dd5450dbe970
* Namespace-protect SHA-256 symbols. Build SHA-256 code independently ofGreg Hudson2011-02-252-9/+9
| | | | | | whether Fortuna was selected. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24666 dc483132-0cff-0310-8789-dd5450dbe970
* Remove Yarrow PRNG implementationGreg Hudson2011-02-251-29/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24660 dc483132-0cff-0310-8789-dd5450dbe970
* Unbreak the OpenSSL and NSS crypto builds in the wake of r24652Greg Hudson2011-02-246-23/+101
| | | | | | (Fortuna as default PRNG), and remove some unnecessary related files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24656 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-2810-186/+10
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Implement Camellia-CTS-CMAC instead of Camellia-CCMGreg Hudson2010-11-204-220/+417
| | | | | | | | | | | Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not compiled in by default since we don't have enctype assignments yet. ticket: 6822 target_verion: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970
* Include <openssl/des.h> in the OpenSSL back end's weak_key.c for theGreg Hudson2010-11-091-0/+1
| | | | | | DES_is_weak_key prototype. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24512 dc483132-0cff-0310-8789-dd5450dbe970
* Improves prng code modularity. Introduces fortuna-like prng that can be used ↵Zhanna Tsitkov2010-10-055-3/+124
| | | | | | | | | in lieu of yarrow. Yarrow stays the default prng while fortuna may be engaged during configuration by using "--with-prng-alg=fortuna" flag. Also, nss crypto backend continues to use its own prng. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24420 dc483132-0cff-0310-8789-dd5450dbe970
* Add mit_afs_string_to_key declarationZhanna Tsitkov2010-10-051-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24419 dc483132-0cff-0310-8789-dd5450dbe970
* Merge branches/nss to trunkGreg Hudson2010-10-022-2/+45
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24416 dc483132-0cff-0310-8789-dd5450dbe970
* Add dummy camellia subdir to openssl back end makefileGreg Hudson2010-09-081-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24299 dc483132-0cff-0310-8789-dd5450dbe970
* Merge the camellia-ccm branch to trunk. Since there are no IANAGreg Hudson2010-09-075-1/+268
| | | | | | | | | assignments for Camellia-CCM enctypes or cksumtypes yet, they are disabled in a default build. They can be made available by defining (via CPPFLAGS) local-use enctype numbers for the enctypes and cksumtypes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24295 dc483132-0cff-0310-8789-dd5450dbe970
* Fix cipher state chaining in OpenSSL back endGreg Hudson2010-02-183-61/+90
| | | | | | | | | | | | | | | | | | | | Make cipher state chaining work in the OpenSSL back end for des, des3, and arcfour enc providers. Subtleties: * DES and DES3 have checks to avoid clobbering ivec with uninitialized data if there is no data to encrypt. * Arcfour saves the OpenSSL cipher context across calls. To protect against a caller improperly copying the state (which happens to work with other enc providers), a loopback pointer is used, as in GSSAPI. * EVP_EncryptFinal_ex is unnecessary with stream ciphers and would interfere with cipher state chaining if it did anything, so just remove it. ticket: 6665 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23734 dc483132-0cff-0310-8789-dd5450dbe970
* Restructure the crypto checksum implementation to minimizeGreg Hudson2009-12-104-1/+6
| | | | | | | | | | | | | | | | | | | | | dependencies on the internals of modules. * Keyhash providers are gone. * The cksumtypes table contains checksum and verify functions, similar to the etypes encrypt and decrypt functions. New checksum functions parallel the old keyhash providers, and there are also functions for unkeyed and derived-key HMAC checksums. * The flags field is now used to indicate whether a checksum is unkeyed, but not whether it is a derived-key HMAC checksum. * The descbc checksum is handled through a new enc_provider function which calculates a CBC MAC. The OpenSSL module does not implement the CBC MAC function (it didn't implement descbc before). builtin/des could probably get rid of f_cksum.c (the old DES CBC routine) with some alterations to string2key.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23462 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2009-12-061-26/+32
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23451 dc483132-0cff-0310-8789-dd5450dbe970
* Make the libk5crypto hash_provider interface take crypto_iov listsGreg Hudson2009-12-066-77/+52
| | | | | | | instead of lists of krb5_data. Make the base HMAC APIs take crypto_iov lists and drop the _iov variants. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23450 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate the IOV and non-IOV encryption/decryption code paths, andGreg Hudson2009-12-0412-916/+205
| | | | | | | | | | | | | | | | | | | | | | | | drop the _iov suffix from most encryption- and decryption-related functions. The enc_provider encrypt and decrypt functions take IOVs, as do the enctype entries in etypes.c, and there are no separate encrypt_iov or decrypt_iov functions. aead_provider is gone. Enctype functions now take pointers to the enctype entry instead of pointers to the enc/hash/aead providers; this allows dk_encrypt and dk_decrypt to be polymorphic in the length function they use now that AES and DES3 can't differentiate by aead provider. aes_string_to_key needed to be moved into the krb/ fold for this since it's an enctype function; it was duplicated between builtin/ and openssl/ before. This leaves openssl/aes empty; the build system currently demands that all modules have the same directory structure, so the directory and Makefile will stick around for now. Three separate copies of the derive_random logic are also now consolidated into one. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
* Make the crc32 hash provider correctly chain multiple input buffers,Greg Hudson2009-11-301-5/+3
| | | | | | | | so that it returns the same result if you pass it one big buffer or many small buffers containing the same data. To do this, change the contract of mit_crc32 so that the cksum parameter is in-out. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23386 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent lib/cryptoGreg Hudson2009-11-2826-243/+268
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23374 dc483132-0cff-0310-8789-dd5450dbe970
* Move the arcfour directory from the crypto module dirs into krb. ThisGreg Hudson2009-11-2717-1006/+105
| | | | | | | | | | | | | directory contains the token encryption code (similar to dk, old, and raw) which is Kerberos-specific. The actual stream cipher lives in enc_provider/rc4.c, which is still in the module dirs. arcfour/arcfour-int.h contained the definitions of some structures used only in enc_provider/rc4.c. Move those definitions into that source file so that everything in arcfour is at the right level of abstraction to live in krb. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23367 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-2218-178/+160
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-3127-73/+55
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Corrected Copyrights and some minor reorganization in openssl impl. Zhanna Tsitkov2009-10-2938-2177/+431
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23090 dc483132-0cff-0310-8789-dd5450dbe970
* Files that were not picked up by svn rev #22995 commit:Zhanna Tsitkov2009-10-2914-0/+844
| | | | | | Changed the crypto make system to add build flexibility. The update cancels the requirement for the dir structures to be identical in all crypto implementation and supports impl. dependent tests. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23089 dc483132-0cff-0310-8789-dd5450dbe970
* Replace krb5_ with krb5Int_ prefix for non-API functionsZhanna Tsitkov2009-10-2812-39/+40
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23079 dc483132-0cff-0310-8789-dd5450dbe970
* Changed the crypto make system to add build flexibility. The update cancels ↵Zhanna Tsitkov2009-10-238-86/+76
| | | | | | the requirement for the dir structures to be identical in all crypto implementation and supports impl. dependent tests. Also, minor libk5crypto.exports list reduction ( from f_tables) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22995 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leaks in enc-perf workGreg Hudson2009-10-201-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22949 dc483132-0cff-0310-8789-dd5450dbe970
* Implement new APIs to allow improved crypto performanceGreg Hudson2009-10-199-133/+177
| | | | | | | | | | | Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the krb5_k_* APIs to use them, and caching of derived keys when krb5_k_* functions are used. Updates the krb5 auth context and GSS id-rec to use krb5_keys. ticket: 6576 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
* Properly handle ivec for chaining opsZhanna Tsitkov2009-10-161-175/+34
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22906 dc483132-0cff-0310-8789-dd5450dbe970
* Fixed aes to handle the input buffers of the various sizesZhanna Tsitkov2009-10-151-140/+313
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22900 dc483132-0cff-0310-8789-dd5450dbe970
* Implement GSS naming extensions and authdata verificationGreg Hudson2009-10-092-2/+2
| | | | | | | | | Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj: Populate openssl/aes dirZhanna Tsitkov2009-10-0610-0/+1546
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22859 dc483132-0cff-0310-8789-dd5450dbe970
* Impl. krb5int_aes_enc/decrypt_iov. Passes t_encrypt testZhanna Tsitkov2009-10-041-149/+144
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22843 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj: Populae openssl/arcfour dirZhanna Tsitkov2009-10-015-0/+788
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22825 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj: Populate openssl/des dir.Zhanna Tsitkov2009-10-0115-0/+848
| | | | | | To avoid breaking the export list some functions (mostly mit_xxx) are left in place with the disabled functionality. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22821 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modulrity proj: Basic AES crypto for openssl implZhanna Tsitkov2009-10-011-0/+505
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22820 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 04:42:30 +0000