-$Id: README 8839 2000-07-27 02:33:54Z assar $
+$Id$
Heimdal is a Kerberos 5 implementation.
the manual on how we prefer them.
For more information see the web-page at
-<http://www.pdc.kth.se/heimdal/> or the mailing lists:
+<http://www.h5l.org/> or the mailing lists:
heimdal-announce@sics.se low-volume announcement
heimdal-discuss@sics.se high-volume discussion
-dnl $Id: check-var.m4 15422 2005-06-16 18:59:29Z lha $
+dnl $Id$
dnl
dnl rk_CHECK_VAR(variable, includes)
AC_DEFUN([rk_CHECK_VAR], [
-dnl $Id: find-func-no-libs.m4 13338 2004-02-12 14:21:14Z lha $
+dnl $Id$
dnl
dnl
dnl Look for function in any of the specified libraries
-dnl $Id: find-func-no-libs2.m4 14166 2004-08-26 12:35:42Z joda $
+dnl $Id$
dnl
dnl
dnl Look for function in any of the specified libraries
-dnl $Id: find-func.m4 13338 2004-02-12 14:21:14Z lha $
+dnl $Id$
dnl
dnl AC_FIND_FUNC(func, libraries, includes, arguments)
AC_DEFUN([AC_FIND_FUNC], [
# Make prototypes from .c files
-# $Id: make-proto.pl 23023 2008-04-17 10:01:46Z lha $
+# $Id$
##use Getopt::Std;
require 'getopts.pl';
dnl stuff used by DNS resolv code in roken
dnl
-dnl $Id: resolv.m4 16009 2005-09-02 10:17:38Z lha $
+dnl $Id$
dnl
AC_DEFUN([rk_RESOLV],[
#include "kdc_locl.h"
-RCSID("$Id: 524.c 18270 2006-10-06 17:06:30Z lha $");
+RCSID("$Id$");
#include <krb5-v4compat.h>
#include <getarg.h>
#include <parse_bytes.h>
-RCSID("$Id: default_config.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
krb5_error_code
krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
#include "kdc_locl.h"
#include <hex.h>
-RCSID("$Id: digest.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
#define MS_CHAP_V2 0x20
#define CHAP_MD5 0x10
*/
/*
- * $Id: headers.h 19658 2007-01-04 00:15:34Z lha $
+ * $Id$
*/
#ifndef __HEADERS_H__
#include "kdc_locl.h"
-RCSID("$Id: kaserver.c 23110 2008-04-27 18:51:17Z lha $");
+RCSID("$Id$");
#include <krb5-v4compat.h>
#include <rx.h>
*/
/*
- * $Id: kdc.h 21287 2007-06-25 14:09:03Z lha $
+ * $Id$
*/
#ifndef __KDC_H__
*/
/*
- * $Id: kdc_locl.h 22247 2007-12-08 23:49:41Z lha $
+ * $Id$
*/
#ifndef __KDC_LOCL_H__
#include <krb5-v4compat.h>
-RCSID("$Id: kerberos4.c 21577 2007-07-16 08:14:06Z lha $");
+RCSID("$Id$");
#ifndef swap32
static uint32_t
struct sockaddr_in *addr)
{
krb5_storage *sp;
- krb5_error_code ret;
+ krb5_error_code ret = EINVAL;
hdb_entry_ex *client = NULL, *server = NULL;
Key *ckey, *skey;
int8_t pvno;
kdc_log(context, config, 0,
"Protocol version mismatch (krb4) (%d)", pvno);
make_err_reply(context, reply, KRB4ET_KDC_PKT_VER, "protocol mismatch");
+ ret = KRB4ET_KDC_PKT_VER;
goto out;
}
RCHECK(krb5_ret_int8(sp, &msg_type), out);
goto out1;
}
-#if 0
- /* this is not necessary with the new code in libkrb */
- /* find a properly salted key */
- while(ckey->salt == NULL || ckey->salt->salt.length != 0)
- ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey);
- if(ret){
- kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s",
- name, inst, realm);
- make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
- "No version-4 salted key in database");
- goto out1;
- }
-#endif
-
ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for server");
break;
}
case AUTH_MSG_ERR_REPLY:
+ ret = EINVAL;
break;
default:
kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s",
msg_type, from);
make_err_reply(context, reply, KFAILURE, "Unknown message type");
+ ret = EINVAL;
}
out:
if(name)
if(server)
_kdc_free_ent(context, server);
krb5_storage_free(sp);
- return 0;
+ return ret;
}
krb5_error_code
#include "kdc_locl.h"
-RCSID("$Id: kerberos5.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
#define MAX_TIME ((time_t)((1U << 31) - 1))
return NULL;
}
+/*
+ * This is a hack to allow predefined weak services, like afs to
+ * still use weak types
+ */
+
+krb5_boolean
+_kdc_is_weak_expection(krb5_principal principal, krb5_enctype etype)
+{
+ if (principal->name.name_string.len > 0 &&
+ strcmp(principal->name.name_string.val[0], "afs") == 0 &&
+ (etype == ETYPE_DES_CBC_CRC
+ || etype == ETYPE_DES_CBC_MD4
+ || etype == ETYPE_DES_CBC_MD5))
+ return TRUE;
+ return FALSE;
+}
+
+
/*
* Detect if `key' is the using the the precomputed `default_salt'.
*/
for(i = 0; ret != 0 && i < len ; i++) {
Key *key = NULL;
- if (krb5_enctype_valid(context, etypes[i]) != 0)
+ if (krb5_enctype_valid(context, etypes[i]) != 0 &&
+ !_kdc_is_weak_expection(princ->entry.principal, etypes[i]))
continue;
while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) {
#include "kdc_locl.h"
-RCSID("$Id: krb5tgs.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
/*
* return the realm of a krbtgt-ticket or NULL
krb5_kvno kvno,
AuthorizationData *auth_data,
hdb_entry_ex *server,
+ krb5_principal server_principal,
const char *server_name,
hdb_entry_ex *client,
krb5_principal client_principal,
EncTicketPart et;
KDCOptions f = b->kdc_options;
krb5_error_code ret;
+ int is_weak = 0;
memset(&rep, 0, sizeof(rep));
memset(&et, 0, sizeof(et));
if(ret)
goto out;
- copy_Realm(krb5_princ_realm(context, server->entry.principal),
+ copy_Realm(krb5_princ_realm(context, server_principal),
&rep.ticket.realm);
- _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal);
+ _krb5_principal2principalname(&rep.ticket.sname, server_principal);
copy_Realm(&tgt_name->realm, &rep.crealm);
/*
if (f.request_anonymous)
goto out;
}
+ if (krb5_enctype_valid(context, et.key.keytype) != 0
+ && _kdc_is_weak_expection(server->entry.principal, et.key.keytype))
+ {
+ krb5_enctype_enable(context, et.key.keytype);
+ is_weak = 1;
+ }
+
+
/* It is somewhat unclear where the etype in the following
encryption should come from. What we have is a session
key in the passed tgt, and a list of preferred etypes
&rep, &et, &ek, et.key.keytype,
kvno,
serverkey, 0, &tgt->key, e_text, reply);
+ if (is_weak)
+ krb5_enctype_disable(context, et.key.keytype);
+
out:
free_TGS_REP(&rep);
free_TransitedEncoding(&et.transited);
*/
server_lookup:
- ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER, NULL, &server);
+ ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | HDB_F_CANON,
+ NULL, &server);
if(ret){
const char *new_rlm;
goto out;
}
- ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT, NULL, &client);
+ ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | HDB_F_CANON,
+ NULL, &client);
if(ret) {
const char *krbtgt_realm;
kvno,
*auth_data,
server,
+ sp,
spn,
client,
cp,
#include <rfc2459_asn1.h>
#include <hx509.h>
-RCSID("$Id: kx509.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
/*
*
*/
#include "kdc_locl.h"
-RCSID("$Id: log.c 22254 2007-12-09 06:01:05Z lha $");
+RCSID("$Id$");
void
kdc_openlog(krb5_context context,
#include "kdc_locl.h"
-RCSID("$Id: misc.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
struct timeval _kdc_now;
#include "kdc_locl.h"
-RCSID("$Id: pkinit.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
#ifdef PKINIT
#include "kdc_locl.h"
-RCSID("$Id: process.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
/*
*
return ret;
} else if(_kdc_maybe_version4(buf, len)){
*prependlength = FALSE; /* elbitapmoc sdrawkcab XXX */
- _kdc_do_version4(context, config, buf, len, reply, from,
- (struct sockaddr_in*)addr);
- return 0;
+ ret = _kdc_do_version4(context, config, buf, len, reply, from,
+ (struct sockaddr_in*)addr);
+ return ret;
} else if (config->enable_kaserver) {
ret = _kdc_do_kaserver(context, config, buf, len, reply, from,
(struct sockaddr_in*)addr);
* SUCH DAMAGE.
*/
-/* $Id: rx.h 17447 2006-05-05 10:52:01Z lha $ */
+/* $Id$ */
#ifndef __RX_H__
#define __RX_H__
#include "kdc_locl.h"
-RCSID("$Id: windc.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
static krb5plugin_windc_ftable *windcft;
static void *windcctx;
* SUCH DAMAGE.
*/
-/* $Id: windc_plugin.h 22693 2008-03-19 08:57:49Z lha $ */
+/* $Id$ */
#ifndef HEIMDAL_KRB5_PAC_PLUGIN_H
#define HEIMDAL_KRB5_PAC_PLUGIN_H 1
*/
#include "kuser_locl.h"
-RCSID("$Id: kinit.c 23418 2008-07-26 18:36:48Z lha $");
+RCSID("$Id$");
#include "krb5-v4compat.h"
int pk_use_enckey = 0;
static int canonicalize_flag = 0;
static int ok_as_delegate_flag = 0;
+static int use_referrals_flag = 0;
static int windows_flag = 0;
static char *ntlm_domain;
{ "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag,
"honor ok-as-delegate on tickets" },
+ { "use-referrals", 0, arg_flag, &use_referrals_flag,
+ "only use referrals, no dns canalisation" },
+
{ "windows", 0, arg_flag, &windows_flag,
"get windows behavior" },
if (ntlm_domain && ntlmkey.data)
store_ntlmkey(context, ccache, ntlm_domain, &ntlmkey);
- if (ok_as_delegate_flag || windows_flag) {
+ if (ok_as_delegate_flag || windows_flag || use_referrals_flag) {
+ unsigned char d = 0;
krb5_data data;
+ if (ok_as_delegate_flag || windows_flag)
+ d |= 1;
+ if (use_referrals_flag || windows_flag)
+ d |= 2;
+
data.length = 1;
- data.data = "\x01";
+ data.data = &d;
krb5_cc_set_config(context, ccache, NULL, "realm-config", &data);
}
* SUCH DAMAGE.
*/
-/* $Id: kuser_locl.h 20458 2007-04-19 20:41:27Z lha $ */
+/* $Id$ */
#ifndef __KUSER_LOCL_H__
#define __KUSER_LOCL_H__
-- From RFC 3369 --
--- $Id: CMS.asn1 18054 2006-09-07 12:20:42Z lha $ --
+-- $Id$ --
CMS DEFINITIONS ::= BEGIN
-/* $Id: asn1-common.h 22429 2008-01-13 10:25:50Z lha $ */
+/* $Id$ */
#include <stddef.h>
#include <time.h>
#
# This might look like a com_err file, but is not
#
-id "$Id: asn1_err.et 21394 2007-07-02 10:14:43Z lha $"
+id "$Id$"
error_table asn1
prefix ASN1
#include <hex.h>
#include <err.h>
-RCSID("$Id: asn1_gen.c 16666 2006-01-30 15:06:03Z lha $");
+RCSID("$Id$");
static int
doit(const char *fn)
/* $NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp $ */
-/* $Id: asn1_queue.h 15617 2005-07-12 06:27:42Z lha $ */
+/* $Id$ */
/*
* Copyright (c) 1991, 1993
--- $Id: canthandle.asn1 22071 2007-11-14 20:04:50Z lha $ --
+-- $Id$ --
CANTHANDLE DEFINITIONS ::= BEGIN
#include <getarg.h>
#include <err.h>
-RCSID("$Id: der.c 22429 2008-01-13 10:25:50Z lha $");
+RCSID("$Id$");
static const char *class_names[] = {
* SUCH DAMAGE.
*/
-/* $Id: der.h 23183 2008-05-22 09:56:51Z lha $ */
+/* $Id$ */
#ifndef __DER_H__
#define __DER_H__
#include "der_locl.h"
-RCSID("$Id: der_copy.c 19539 2006-12-28 17:15:05Z lha $");
+RCSID("$Id$");
int
der_copy_general_string (const heim_general_string *from,
#include "der_locl.h"
#include <hex.h>
-RCSID("$Id: der_format.c 20861 2007-06-03 20:18:29Z lha $");
+RCSID("$Id$");
int
der_parse_hex_heim_integer (const char *p, heim_integer *data)
#include "der_locl.h"
-RCSID("$Id: der_free.c 23182 2008-05-22 02:59:04Z lha $");
+RCSID("$Id$");
void
der_free_general_string (heim_general_string *str)
#include "der_locl.h"
-RCSID("$Id: der_get.c 21369 2007-06-27 10:14:39Z lha $");
+RCSID("$Id$");
#include <version.h>
#include "der_locl.h"
-RCSID("$Id: der_length.c 19539 2006-12-28 17:15:05Z lha $");
+RCSID("$Id$");
size_t
_heim_len_unsigned (unsigned val)
* SUCH DAMAGE.
*/
-/* $Id: der_locl.h 18608 2006-10-19 16:24:02Z lha $ */
+/* $Id$ */
#ifndef __DER_LOCL_H__
#define __DER_LOCL_H__
#include "der_locl.h"
-RCSID("$Id: der_put.c 19539 2006-12-28 17:15:05Z lha $");
+RCSID("$Id$");
/*
* All encoding functions take a pointer `p' to first position in
--- $Id: digest.asn1 22152 2007-12-04 19:59:18Z lha $
+-- $Id$
DIGEST DEFINITIONS ::=
BEGIN
#include "der_locl.h"
#include "heim_asn1.h"
-RCSID("$Id: extra.c 16672 2006-01-31 09:44:54Z lha $");
+RCSID("$Id$");
int
encode_heim_any(unsigned char *p, size_t len,
#include "gen_locl.h"
-RCSID("$Id: gen.c 22896 2008-04-07 18:52:24Z lha $");
+RCSID("$Id$");
FILE *headerfile, *codefile, *logfile;
#include "gen_locl.h"
-RCSID("$Id: gen_copy.c 19539 2006-12-28 17:15:05Z lha $");
+RCSID("$Id$");
static int used_fail;
#include "gen_locl.h"
#include "lex.h"
-RCSID("$Id: gen_decode.c 21503 2007-07-12 11:57:19Z lha $");
+RCSID("$Id$");
static void
decode_primitive (const char *typename, const char *name, const char *forwstr)
#include "gen_locl.h"
-RCSID("$Id: gen_encode.c 22429 2008-01-13 10:25:50Z lha $");
+RCSID("$Id$");
static void
encode_primitive (const char *typename, const char *name)
#include "gen_locl.h"
-RCSID("$Id: gen_free.c 19539 2006-12-28 17:15:05Z lha $");
+RCSID("$Id$");
static void
free_primitive (const char *typename, const char *name)
#include "gen_locl.h"
-RCSID("$Id: gen_glue.c 15617 2005-07-12 06:27:42Z lha $");
+RCSID("$Id$");
static void
generate_2int (const Type *t, const char *gen_name)
#include "gen_locl.h"
-RCSID("$Id: gen_length.c 21503 2007-07-12 11:57:19Z lha $");
+RCSID("$Id$");
static void
length_primitive (const char *typename,
* SUCH DAMAGE.
*/
-/* $Id: gen_locl.h 18008 2006-09-05 12:29:18Z lha $ */
+/* $Id$ */
#ifndef __GEN_LOCL_H__
#define __GEN_LOCL_H__
#include "gen_locl.h"
-RCSID("$Id: gen_seq.c 20561 2007-04-24 16:14:30Z lha $");
+RCSID("$Id$");
void
generate_type_seq (const Symbol *s)
#include "gen_locl.h"
-RCSID("$Id: hash.c 17016 2006-04-07 22:16:00Z lha $");
+RCSID("$Id$");
static Hashentry *_search(Hashtab * htab, /* The hash table */
void *ptr); /* And key */
* hash.h. Header file for hash table functions
*/
-/* $Id: hash.h 7464 1999-12-02 17:05:13Z joda $ */
+/* $Id$ */
struct hashentry { /* Entry in bucket */
struct hashentry **prev;
--- $Id: k5.asn1 22745 2008-03-24 12:07:54Z lha $
+-- $Id$
KERBEROS5 DEFINITIONS ::=
BEGIN
KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER
KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com
KRB5-PADATA-S4U2SELF(129),
+ KRB5-PADATA-EPAC(130), -- EPAK
KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to
-- tell KDC that is supports
-- the asCheckSum in the
KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66),
KRB5-AUTHDATA-WIN2K-PAC(128),
KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only
- KRB5-AUTHDATA-SIGNTICKET(-17)
+ KRB5-AUTHDATA-SIGNTICKET-OLD(-17),
+ KRB5-AUTHDATA-SIGNTICKET(142)
}
-- checksumtypes
--- $Id: kx509.asn1 19546 2006-12-28 21:05:23Z lha $
+-- $Id$
KX509 DEFINITIONS ::=
BEGIN
* SUCH DAMAGE.
*/
-/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */
+/* $Id$ */
#ifdef HAVE_CONFIG_H
#include <config.h>
* SUCH DAMAGE.
*/
-/* $Id: lex.h 15617 2005-07-12 06:27:42Z lha $ */
+/* $Id$ */
#include <roken.h>
* SUCH DAMAGE.
*/
-/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */
+/* $Id$ */
#ifdef HAVE_CONFIG_H
#include <config.h>
#include <getarg.h>
#include "lex.h"
-RCSID("$Id: main.c 20858 2007-06-03 18:56:41Z lha $");
+RCSID("$Id$");
extern FILE *yyin;
/* Copy the first part of user declarations. */
-#line 36 "parse.y"
+#line 36 "heimdal/lib/asn1/parse.y"
#ifdef HAVE_CONFIG_H
#include <config.h>
#include "gen_locl.h"
#include "der.h"
-RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $");
+RCSID("$Id$");
static Type *new_type (Typetype t);
static struct constraint_spec *new_constraint_spec(enum ctype);
/* Enabling traces. */
#ifndef YYDEBUG
-# define YYDEBUG 1
+# define YYDEBUG 0
#endif
/* Enabling verbose error messages. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
-#line 65 "parse.y"
+#line 65 "heimdal/lib/asn1/parse.y"
{
int constant;
struct value *value;
struct constraint_spec *constraint_spec;
}
/* Line 187 of yacc.c. */
-#line 318 "parse.c"
+#line 318 "heimdal/lib/asn1/parse.y"
YYSTYPE;
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
/* Line 216 of yacc.c. */
-#line 331 "parse.c"
+#line 331 "heimdal/lib/asn1/parse.y"
#ifdef short
# undef short
switch (yyn)
{
case 2:
-#line 235 "parse.y"
+#line 235 "heimdal/lib/asn1/parse.y"
{
checkundefined();
}
break;
case 4:
-#line 242 "parse.y"
+#line 242 "heimdal/lib/asn1/parse.y"
{ error_message("implicit tagging is not supported"); }
break;
case 5:
-#line 244 "parse.y"
+#line 244 "heimdal/lib/asn1/parse.y"
{ error_message("automatic tagging is not supported"); }
break;
case 7:
-#line 249 "parse.y"
+#line 249 "heimdal/lib/asn1/parse.y"
{ error_message("no extensibility options supported"); }
break;
case 17:
-#line 270 "parse.y"
+#line 270 "heimdal/lib/asn1/parse.y"
{
struct string_list *sl;
for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) {
break;
case 22:
-#line 289 "parse.y"
+#line 289 "heimdal/lib/asn1/parse.y"
{
(yyval.sl) = emalloc(sizeof(*(yyval.sl)));
(yyval.sl)->string = (yyvsp[(1) - (3)].name);
break;
case 23:
-#line 295 "parse.y"
+#line 295 "heimdal/lib/asn1/parse.y"
{
(yyval.sl) = emalloc(sizeof(*(yyval.sl)));
(yyval.sl)->string = (yyvsp[(1) - (1)].name);
break;
case 24:
-#line 303 "parse.y"
+#line 303 "heimdal/lib/asn1/parse.y"
{
Symbol *s = addsym ((yyvsp[(1) - (3)].name));
s->stype = Stype;
break;
case 42:
-#line 334 "parse.y"
+#line 334 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean,
TE_EXPLICIT, new_type(TBoolean));
break;
case 43:
-#line 341 "parse.y"
+#line 341 "heimdal/lib/asn1/parse.y"
{
if((yyvsp[(2) - (5)].value)->type != integervalue)
error_message("Non-integer used in first part of range");
break;
case 44:
-#line 351 "parse.y"
+#line 351 "heimdal/lib/asn1/parse.y"
{
if((yyvsp[(2) - (5)].value)->type != integervalue)
error_message("Non-integer in first part of range");
break;
case 45:
-#line 359 "parse.y"
+#line 359 "heimdal/lib/asn1/parse.y"
{
if((yyvsp[(4) - (5)].value)->type != integervalue)
error_message("Non-integer in second part of range");
break;
case 46:
-#line 367 "parse.y"
+#line 367 "heimdal/lib/asn1/parse.y"
{
if((yyvsp[(2) - (3)].value)->type != integervalue)
error_message("Non-integer used in limit");
break;
case 47:
-#line 378 "parse.y"
+#line 378 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer,
TE_EXPLICIT, new_type(TInteger));
break;
case 48:
-#line 383 "parse.y"
+#line 383 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TInteger);
(yyval.type)->range = (yyvsp[(2) - (2)].range);
break;
case 49:
-#line 389 "parse.y"
+#line 389 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TInteger);
(yyval.type)->members = (yyvsp[(3) - (4)].members);
break;
case 50:
-#line 397 "parse.y"
+#line 397 "heimdal/lib/asn1/parse.y"
{
(yyval.members) = emalloc(sizeof(*(yyval.members)));
ASN1_TAILQ_INIT((yyval.members));
break;
case 51:
-#line 403 "parse.y"
+#line 403 "heimdal/lib/asn1/parse.y"
{
ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
(yyval.members) = (yyvsp[(1) - (3)].members);
break;
case 52:
-#line 408 "parse.y"
+#line 408 "heimdal/lib/asn1/parse.y"
{ (yyval.members) = (yyvsp[(1) - (3)].members); }
break;
case 53:
-#line 412 "parse.y"
+#line 412 "heimdal/lib/asn1/parse.y"
{
(yyval.member) = emalloc(sizeof(*(yyval.member)));
(yyval.member)->name = (yyvsp[(1) - (4)].name);
break;
case 54:
-#line 425 "parse.y"
+#line 425 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TInteger);
(yyval.type)->members = (yyvsp[(3) - (4)].members);
break;
case 56:
-#line 436 "parse.y"
+#line 436 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TBitString);
(yyval.type)->members = emalloc(sizeof(*(yyval.type)->members));
break;
case 57:
-#line 443 "parse.y"
+#line 443 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TBitString);
(yyval.type)->members = (yyvsp[(4) - (5)].members);
break;
case 58:
-#line 451 "parse.y"
+#line 451 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_OID,
TE_EXPLICIT, new_type(TOID));
break;
case 59:
-#line 457 "parse.y"
+#line 457 "heimdal/lib/asn1/parse.y"
{
Type *t = new_type(TOctetString);
t->range = (yyvsp[(3) - (3)].range);
break;
case 60:
-#line 466 "parse.y"
+#line 466 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_Null,
TE_EXPLICIT, new_type(TNull));
break;
case 61:
-#line 473 "parse.y"
+#line 473 "heimdal/lib/asn1/parse.y"
{ (yyval.range) = NULL; }
break;
case 62:
-#line 475 "parse.y"
+#line 475 "heimdal/lib/asn1/parse.y"
{ (yyval.range) = (yyvsp[(2) - (2)].range); }
break;
case 63:
-#line 480 "parse.y"
+#line 480 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TSequence);
(yyval.type)->members = (yyvsp[(3) - (4)].members);
break;
case 64:
-#line 486 "parse.y"
+#line 486 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TSequence);
(yyval.type)->members = NULL;
break;
case 65:
-#line 494 "parse.y"
+#line 494 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TSequenceOf);
(yyval.type)->range = (yyvsp[(2) - (4)].range);
break;
case 66:
-#line 503 "parse.y"
+#line 503 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TSet);
(yyval.type)->members = (yyvsp[(3) - (4)].members);
break;
case 67:
-#line 509 "parse.y"
+#line 509 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TSet);
(yyval.type)->members = NULL;
break;
case 68:
-#line 517 "parse.y"
+#line 517 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TSetOf);
(yyval.type)->subtype = (yyvsp[(3) - (3)].type);
break;
case 69:
-#line 525 "parse.y"
+#line 525 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TChoice);
(yyval.type)->members = (yyvsp[(3) - (4)].members);
break;
case 72:
-#line 536 "parse.y"
+#line 536 "heimdal/lib/asn1/parse.y"
{
Symbol *s = addsym((yyvsp[(1) - (1)].name));
(yyval.type) = new_type(TType);
break;
case 73:
-#line 547 "parse.y"
+#line 547 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime,
TE_EXPLICIT, new_type(TGeneralizedTime));
break;
case 74:
-#line 552 "parse.y"
+#line 552 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime,
TE_EXPLICIT, new_type(TUTCTime));
break;
case 75:
-#line 559 "parse.y"
+#line 559 "heimdal/lib/asn1/parse.y"
{
/* if (Constraint.type == contentConstrant) {
assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
break;
case 76:
-#line 575 "parse.y"
+#line 575 "heimdal/lib/asn1/parse.y"
{
(yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec);
}
break;
case 80:
-#line 588 "parse.y"
+#line 588 "heimdal/lib/asn1/parse.y"
{
(yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
(yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type);
break;
case 81:
-#line 594 "parse.y"
+#line 594 "heimdal/lib/asn1/parse.y"
{
if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue)
error_message("Non-OID used in ENCODED BY constraint");
break;
case 82:
-#line 602 "parse.y"
+#line 602 "heimdal/lib/asn1/parse.y"
{
if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue)
error_message("Non-OID used in ENCODED BY constraint");
break;
case 83:
-#line 612 "parse.y"
+#line 612 "heimdal/lib/asn1/parse.y"
{
(yyval.constraint_spec) = new_constraint_spec(CT_USER);
}
break;
case 84:
-#line 618 "parse.y"
+#line 618 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_type(TTag);
(yyval.type)->tag = (yyvsp[(1) - (3)].tag);
break;
case 85:
-#line 631 "parse.y"
+#line 631 "heimdal/lib/asn1/parse.y"
{
(yyval.tag).tagclass = (yyvsp[(2) - (4)].constant);
(yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant);
break;
case 86:
-#line 639 "parse.y"
+#line 639 "heimdal/lib/asn1/parse.y"
{
(yyval.constant) = ASN1_C_CONTEXT;
}
break;
case 87:
-#line 643 "parse.y"
+#line 643 "heimdal/lib/asn1/parse.y"
{
(yyval.constant) = ASN1_C_UNIV;
}
break;
case 88:
-#line 647 "parse.y"
+#line 647 "heimdal/lib/asn1/parse.y"
{
(yyval.constant) = ASN1_C_APPL;
}
break;
case 89:
-#line 651 "parse.y"
+#line 651 "heimdal/lib/asn1/parse.y"
{
(yyval.constant) = ASN1_C_PRIVATE;
}
break;
case 90:
-#line 657 "parse.y"
+#line 657 "heimdal/lib/asn1/parse.y"
{
(yyval.constant) = TE_EXPLICIT;
}
break;
case 91:
-#line 661 "parse.y"
+#line 661 "heimdal/lib/asn1/parse.y"
{
(yyval.constant) = TE_EXPLICIT;
}
break;
case 92:
-#line 665 "parse.y"
+#line 665 "heimdal/lib/asn1/parse.y"
{
(yyval.constant) = TE_IMPLICIT;
}
break;
case 93:
-#line 672 "parse.y"
+#line 672 "heimdal/lib/asn1/parse.y"
{
Symbol *s;
s = addsym ((yyvsp[(1) - (4)].name));
break;
case 95:
-#line 686 "parse.y"
+#line 686 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString,
TE_EXPLICIT, new_type(TGeneralString));
break;
case 96:
-#line 691 "parse.y"
+#line 691 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String,
TE_EXPLICIT, new_type(TUTF8String));
break;
case 97:
-#line 696 "parse.y"
+#line 696 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString,
TE_EXPLICIT, new_type(TPrintableString));
break;
case 98:
-#line 701 "parse.y"
+#line 701 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString,
TE_EXPLICIT, new_type(TVisibleString));
break;
case 99:
-#line 706 "parse.y"
+#line 706 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String,
TE_EXPLICIT, new_type(TIA5String));
break;
case 100:
-#line 711 "parse.y"
+#line 711 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString,
TE_EXPLICIT, new_type(TBMPString));
break;
case 101:
-#line 716 "parse.y"
+#line 716 "heimdal/lib/asn1/parse.y"
{
(yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString,
TE_EXPLICIT, new_type(TUniversalString));
break;
case 102:
-#line 724 "parse.y"
+#line 724 "heimdal/lib/asn1/parse.y"
{
(yyval.members) = emalloc(sizeof(*(yyval.members)));
ASN1_TAILQ_INIT((yyval.members));
break;
case 103:
-#line 730 "parse.y"
+#line 730 "heimdal/lib/asn1/parse.y"
{
ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
(yyval.members) = (yyvsp[(1) - (3)].members);
break;
case 104:
-#line 735 "parse.y"
+#line 735 "heimdal/lib/asn1/parse.y"
{
struct member *m = ecalloc(1, sizeof(*m));
m->name = estrdup("...");
break;
case 105:
-#line 746 "parse.y"
+#line 746 "heimdal/lib/asn1/parse.y"
{
(yyval.member) = emalloc(sizeof(*(yyval.member)));
(yyval.member)->name = (yyvsp[(1) - (2)].name);
break;
case 106:
-#line 757 "parse.y"
+#line 757 "heimdal/lib/asn1/parse.y"
{
(yyval.member) = (yyvsp[(1) - (1)].member);
(yyval.member)->optional = 0;
break;
case 107:
-#line 763 "parse.y"
+#line 763 "heimdal/lib/asn1/parse.y"
{
(yyval.member) = (yyvsp[(1) - (2)].member);
(yyval.member)->optional = 1;
break;
case 108:
-#line 769 "parse.y"
+#line 769 "heimdal/lib/asn1/parse.y"
{
(yyval.member) = (yyvsp[(1) - (3)].member);
(yyval.member)->optional = 0;
break;
case 109:
-#line 777 "parse.y"
+#line 777 "heimdal/lib/asn1/parse.y"
{
(yyval.members) = emalloc(sizeof(*(yyval.members)));
ASN1_TAILQ_INIT((yyval.members));
break;
case 110:
-#line 783 "parse.y"
+#line 783 "heimdal/lib/asn1/parse.y"
{
ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
(yyval.members) = (yyvsp[(1) - (3)].members);
break;
case 111:
-#line 790 "parse.y"
+#line 790 "heimdal/lib/asn1/parse.y"
{
(yyval.member) = emalloc(sizeof(*(yyval.member)));
(yyval.member)->name = (yyvsp[(1) - (4)].name);
break;
case 113:
-#line 803 "parse.y"
+#line 803 "heimdal/lib/asn1/parse.y"
{ (yyval.objid) = NULL; }
break;
case 114:
-#line 807 "parse.y"
+#line 807 "heimdal/lib/asn1/parse.y"
{
(yyval.objid) = (yyvsp[(2) - (3)].objid);
}
break;
case 115:
-#line 813 "parse.y"
+#line 813 "heimdal/lib/asn1/parse.y"
{
(yyval.objid) = NULL;
}
break;
case 116:
-#line 817 "parse.y"
+#line 817 "heimdal/lib/asn1/parse.y"
{
if ((yyvsp[(2) - (2)].objid)) {
(yyval.objid) = (yyvsp[(2) - (2)].objid);
break;
case 117:
-#line 828 "parse.y"
+#line 828 "heimdal/lib/asn1/parse.y"
{
(yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant));
}
break;
case 118:
-#line 832 "parse.y"
+#line 832 "heimdal/lib/asn1/parse.y"
{
Symbol *s = addsym((yyvsp[(1) - (1)].name));
if(s->stype != SValue ||
break;
case 119:
-#line 843 "parse.y"
+#line 843 "heimdal/lib/asn1/parse.y"
{
(yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant));
}
break;
case 129:
-#line 866 "parse.y"
+#line 866 "heimdal/lib/asn1/parse.y"
{
Symbol *s = addsym((yyvsp[(1) - (1)].name));
if(s->stype != SValue)
break;
case 130:
-#line 877 "parse.y"
+#line 877 "heimdal/lib/asn1/parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = stringvalue;
break;
case 131:
-#line 885 "parse.y"
+#line 885 "heimdal/lib/asn1/parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = booleanvalue;
break;
case 132:
-#line 891 "parse.y"
+#line 891 "heimdal/lib/asn1/parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = booleanvalue;
break;
case 133:
-#line 899 "parse.y"
+#line 899 "heimdal/lib/asn1/parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = integervalue;
break;
case 135:
-#line 910 "parse.y"
+#line 910 "heimdal/lib/asn1/parse.y"
{
}
break;
case 136:
-#line 915 "parse.y"
+#line 915 "heimdal/lib/asn1/parse.y"
{
(yyval.value) = emalloc(sizeof(*(yyval.value)));
(yyval.value)->type = objectidentifiervalue;
/* Line 1267 of yacc.c. */
-#line 2523 "parse.c"
+#line 2523 "heimdal/lib/asn1/parse.y"
default: break;
}
YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
}
-#line 922 "parse.y"
+#line 922 "heimdal/lib/asn1/parse.y"
void
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
-#line 65 "parse.y"
+#line 65 "heimdal/lib/asn1/parse.y"
{
int constant;
struct value *value;
struct constraint_spec *constraint_spec;
}
/* Line 1489 of yacc.c. */
-#line 242 "parse.h"
+#line 242 "heimdal/lib/asn1/parse.y"
YYSTYPE;
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
* SUCH DAMAGE.
*/
-/* $Id: parse.y 21597 2007-07-16 18:48:58Z lha $ */
+/* $Id$ */
%{
#ifdef HAVE_CONFIG_H
#include "gen_locl.h"
#include "der.h"
-RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $");
+RCSID("$Id$");
static Type *new_type (Typetype t);
static struct constraint_spec *new_constraint_spec(enum ctype);
--- $Id: pkcs12.asn1 15715 2005-07-23 11:08:47Z lha $ --
+-- $Id$ --
PKCS12 DEFINITIONS ::=
--- $Id: pkcs8.asn1 16060 2005-09-13 19:41:29Z lha $ --
+-- $Id$ --
PKCS8 DEFINITIONS ::=
--- $Id: pkcs9.asn1 17202 2006-04-24 08:59:10Z lha $ --
+-- $Id$ --
PKCS9 DEFINITIONS ::=
#include "gen_locl.h"
#include "lex.h"
-RCSID("$Id: symbol.c 15617 2005-07-12 06:27:42Z lha $");
+RCSID("$Id$");
static Hashtab *htab;
* SUCH DAMAGE.
*/
-/* $Id: symbol.h 19539 2006-12-28 17:15:05Z lha $ */
+/* $Id$ */
#ifndef _SYMBOL_H
#define _SYMBOL_H
--- $Id: test.asn1 21455 2007-07-10 12:51:19Z lha $ --
+-- $Id$ --
TEST DEFINITIONS ::=
-# $Id: test.gen 15617 2005-07-12 06:27:42Z lha $
+# $Id$
# Sample for TESTSeq in test.asn1
#
#include "der_locl.h"
-RCSID("$Id: timegm.c 21366 2007-06-27 10:06:22Z lha $");
+RCSID("$Id$");
static int
is_leap(unsigned y)
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: com_err.c 14930 2005-04-24 19:43:06Z lha $");
+RCSID("$Id$");
#endif
#include <stdio.h>
#include <stdlib.h>
* SUCH DAMAGE.
*/
-/* $Id: com_err.h 15566 2005-07-07 14:58:07Z lha $ */
+/* $Id$ */
/* MIT compatible com_err library */
* SUCH DAMAGE.
*/
-/* $Id: com_right.h 14551 2005-02-03 08:45:13Z lha $ */
+/* $Id$ */
#ifndef __COM_RIGHT_H__
#define __COM_RIGHT_H__
#include "compile_et.h"
#include <getarg.h>
-RCSID("$Id: compile_et.c 15426 2005-06-16 19:21:42Z lha $");
+RCSID("$Id$");
#include <roken.h>
#include <err.h>
* SUCH DAMAGE.
*/
-/* $Id: compile_et.h 15426 2005-06-16 19:21:42Z lha $ */
+/* $Id$ */
#ifndef __COMPILE_ET_H__
#define __COMPILE_ET_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: error.c 9724 2001-02-28 20:00:13Z joda $");
+RCSID("$Id$");
#endif
#include <stdio.h>
#include <stdlib.h>
#include "parse.h"
#include "lex.h"
-RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $");
+RCSID("$Id$");
static unsigned lineno = 1;
static int getstring(void);
* SUCH DAMAGE.
*/
-/* $Id: lex.h 8451 2000-06-22 00:42:52Z assar $ */
+/* $Id$ */
void error_message (const char *, ...)
__attribute__ ((format (printf, 1, 2)));
#include "parse.h"
#include "lex.h"
-RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $");
+RCSID("$Id$");
static unsigned lineno = 1;
static int getstring(void);
/* Copy the first part of user declarations. */
-#line 1 "parse.y"
+#line 1 "heimdal/lib/com_err/parse.y"
/*
* Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan
#include "compile_et.h"
#include "lex.h"
-RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $");
+RCSID("$Id$");
void yyerror (char *s);
static long name2number(const char *str);
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
-#line 53 "parse.y"
+#line 53 "heimdal/lib/com_err/parse.y"
{
char *string;
int number;
}
/* Line 187 of yacc.c. */
-#line 173 "parse.c"
+#line 173 "heimdal/lib/com_err/parse.y"
YYSTYPE;
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
/* Line 216 of yacc.c. */
-#line 186 "parse.c"
+#line 186 "heimdal/lib/com_err/parse.y"
#ifdef short
# undef short
switch (yyn)
{
case 6:
-#line 73 "parse.y"
+#line 73 "heimdal/lib/com_err/parse.y"
{
id_str = (yyvsp[(2) - (2)].string);
}
break;
case 7:
-#line 79 "parse.y"
+#line 79 "heimdal/lib/com_err/parse.y"
{
base_id = name2number((yyvsp[(2) - (2)].string));
strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name));
break;
case 8:
-#line 85 "parse.y"
+#line 85 "heimdal/lib/com_err/parse.y"
{
base_id = name2number((yyvsp[(2) - (3)].string));
strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name));
break;
case 11:
-#line 98 "parse.y"
+#line 98 "heimdal/lib/com_err/parse.y"
{
number = (yyvsp[(2) - (2)].number);
}
break;
case 12:
-#line 102 "parse.y"
+#line 102 "heimdal/lib/com_err/parse.y"
{
free(prefix);
asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string));
break;
case 13:
-#line 110 "parse.y"
+#line 110 "heimdal/lib/com_err/parse.y"
{
prefix = realloc(prefix, 1);
if (prefix == NULL)
break;
case 14:
-#line 117 "parse.y"
+#line 117 "heimdal/lib/com_err/parse.y"
{
struct error_code *ec = malloc(sizeof(*ec));
break;
case 15:
-#line 137 "parse.y"
+#line 137 "heimdal/lib/com_err/parse.y"
{
YYACCEPT;
}
/* Line 1267 of yacc.c. */
-#line 1470 "parse.c"
+#line 1470 "heimdal/lib/com_err/parse.y"
default: break;
}
YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
}
-#line 142 "parse.y"
+#line 142 "heimdal/lib/com_err/parse.y"
static long
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
-#line 53 "parse.y"
+#line 53 "heimdal/lib/com_err/parse.y"
{
char *string;
int number;
}
/* Line 1489 of yacc.c. */
-#line 74 "parse.h"
+#line 74 "heimdal/lib/com_err/parse.y"
YYSTYPE;
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#include "compile_et.h"
#include "lex.h"
-RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $");
+RCSID("$Id$");
void yyerror (char *s);
static long name2number(const char *str);
* SUCH DAMAGE.
*/
-/* $Id: gssapi.h 23025 2008-04-17 10:01:57Z lha $ */
+/* $Id$ */
#ifndef GSSAPI_GSSAPI_H_
#define GSSAPI_GSSAPI_H_
#define GSS_C_DCE_STYLE 4096
#define GSS_C_IDENTIFY_FLAG 8192
#define GSS_C_EXTENDED_ERROR_FLAG 16384
+#define GSS_C_DELEG_POLICY_FLAG 32768
/*
* Credential usage options
* SUCH DAMAGE.
*/
-/* $Id: gssapi_krb5.h 23420 2008-07-26 18:37:48Z lha $ */
+/* $Id$ */
#ifndef GSSAPI_KRB5_H_
#define GSSAPI_KRB5_H_
* SUCH DAMAGE.
*/
-/* $Id: gssapi_spnego.h 23025 2008-04-17 10:01:57Z lha $ */
+/* $Id$ */
#ifndef GSSAPI_SPNEGO_H_
#define GSSAPI_SPNEGO_H_
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: 8003.c 18334 2006-10-07 22:16:04Z lha $");
+RCSID("$Id$");
krb5_error_code
_gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p)
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: accept_sec_context.c 23433 2008-07-26 18:44:26Z lha $");
+RCSID("$Id$");
HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER;
krb5_keytab _gsskrb5_keytab;
if (kret) {
if (in)
krb5_rd_req_in_ctx_free(context, in);
- ret = GSS_S_FAILURE;
*minor_status = kret;
- return ret;
+ return GSS_S_FAILURE;
}
kret = krb5_rd_req_ctx(context,
server,
in, &out);
krb5_rd_req_in_ctx_free(context, in);
- if (kret) {
+ if (kret == KRB5KRB_AP_ERR_SKEW) {
/*
* No reply in non-MUTUAL mode, but we don't know that its
- * non-MUTUAL mode yet, thats inside the 8003 checksum.
+ * non-MUTUAL mode yet, thats inside the 8003 checksum, so
+ * lets only send the error token on clock skew, that
+ * limit when send error token for non-MUTUAL.
*/
return send_error_token(minor_status, context, kret,
server, &indata, output_token);
+ } else if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
}
/*
if(ctx->flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf;
+ int use_subkey = 0;
_gsskrb5i_is_cfx(ctx, &is_cfx);
- if (is_cfx != 0
- || (ap_options & AP_OPTS_USE_SUBKEY)) {
- kret = krb5_auth_con_addflags(context,
- ctx->auth_context,
- KRB5_AUTH_CONTEXT_USE_SUBKEY,
- NULL);
+ if (is_cfx || (ap_options & AP_OPTS_USE_SUBKEY)) {
+ use_subkey = 1;
+ } else {
+ krb5_keyblock *rkey;
+
+ /*
+ * If there is a initiator subkey, copy that to acceptor
+ * subkey to match Windows behavior
+ */
+ kret = krb5_auth_con_getremotesubkey(context,
+ ctx->auth_context,
+ &rkey);
+ if (kret == 0) {
+ kret = krb5_auth_con_setlocalsubkey(context,
+ ctx->auth_context,
+ rkey);
+ if (kret == 0)
+ use_subkey = 1;
+ krb5_free_keyblock(context, rkey);
+ }
+ }
+ if (use_subkey) {
ctx->more_flags |= ACCEPTOR_SUBKEY;
+ krb5_auth_con_addflags(context, ctx->auth_context,
+ KRB5_AUTH_CONTEXT_USE_SUBKEY,
+ NULL);
}
kret = krb5_mk_rep(context,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: acquire_cred.c 22596 2008-02-18 18:05:55Z lha $");
+RCSID("$Id$");
OM_uint32
__gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
* errors while searching.
*/
- if (handle->principal)
+ if (handle->principal) {
kret = krb5_cc_cache_match (context,
handle->principal,
NULL,
&ccache);
+ if (kret == 0) {
+ ret = GSS_S_COMPLETE;
+ goto found;
+ }
+ }
if (ccache == NULL) {
kret = krb5_cc_default(context, &ccache);
}
kret = 0;
}
-
+ found:
handle->ccache = ccache;
ret = GSS_S_COMPLETE;
OM_uint32 ret;
krb5_error_code kret;
- kret = 0;
ret = GSS_S_FAILURE;
kret = get_keytab(context, &handle->keytab);
if (kret)
HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
if (desired_name != GSS_C_NO_NAME) {
- krb5_principal name = (krb5_principal)desired_name;
- ret = krb5_copy_principal(context, name, &handle->principal);
+
+ ret = _gsskrb5_canon_name(minor_status, context, 0, desired_name,
+ &handle->principal);
if (ret) {
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
- *minor_status = ret;
free(handle);
- return GSS_S_FAILURE;
+ return ret;
}
}
if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: add_cred.c 20688 2007-05-17 18:44:31Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_add_cred (
OM_uint32 *minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: arcfour.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
/*
* Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: canonicalize_name.c 18334 2006-10-07 22:16:04Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_canonicalize_name (
OM_uint32 * minor_status,
gss_name_t * output_name
)
{
- return _gsskrb5_duplicate_name (minor_status, input_name, output_name);
+ krb5_context context;
+ krb5_principal name;
+ OM_uint32 ret;
+
+ *output_name = NULL;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ ret = _gsskrb5_canon_name(minor_status, context, 1, input_name, &name);
+ if (ret)
+ return ret;
+
+ *output_name = (gss_name_t)name;
+
+ return GSS_S_COMPLETE;
}
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: cfx.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
/*
* Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt
* SUCH DAMAGE.
*/
-/* $Id: cfx.h 19031 2006-11-13 18:02:57Z lha $ */
+/* $Id$ */
#ifndef GSSAPI_CFX_H_
#define GSSAPI_CFX_H_ 1
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: compare_name.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_compare_name
(OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: compat.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
static krb5_error_code
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: context_time.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
OM_uint32
_gsskrb5_lifetime_left(OM_uint32 *minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: copy_ccache.c 20688 2007-05-17 18:44:31Z lha $");
+RCSID("$Id$");
#if 0
OM_uint32
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: decapsulate.c 18334 2006-10-07 22:16:04Z lha $");
+RCSID("$Id$");
/*
* return the length of the mechanism in token or -1
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: delete_sec_context.c 23420 2008-07-26 18:37:48Z lha $");
+RCSID("$Id$");
OM_uint32
_gsskrb5_delete_sec_context(OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: display_name.c 21077 2007-06-12 22:42:56Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_display_name
(OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: display_status.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
static const char *
calling_error(OM_uint32 v)
}
void
-_gsskrb5_set_status (const char *fmt, ...)
+_gsskrb5_set_status (int ret, const char *fmt, ...)
{
krb5_context context;
va_list args;
vasprintf(&str, fmt, args);
va_end(args);
if (str) {
- krb5_set_error_message(context, 0, str);
+ krb5_set_error_message(context, ret, str);
free(str);
}
}
calling_error(GSS_CALLING_ERROR(status_value)),
routine_error(GSS_ROUTINE_ERROR(status_value)));
} else if (status_type == GSS_C_MECH_CODE) {
- buf = krb5_get_error_string(context);
- if (buf == NULL) {
- const char *tmp = krb5_get_err_text (context, status_value);
- if (tmp == NULL)
- asprintf(&buf, "unknown mech error-code %u",
- (unsigned)status_value);
- else
- buf = strdup(tmp);
+ const char *buf2 = krb5_get_error_message(context, status_value);
+ if (buf2) {
+ buf = strdup(buf2);
+ krb5_free_error_message(context, buf2);
+ } else {
+ asprintf(&buf, "unknown mech error-code %u",
+ (unsigned)status_value);
}
} else {
*minor_status = EINVAL;
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: duplicate_name.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_duplicate_name (
OM_uint32 * minor_status,
gss_name_t * dest_name
)
{
- krb5_context context;
krb5_const_principal src = (krb5_const_principal)src_name;
- krb5_principal *dest = (krb5_principal *)dest_name;
+ krb5_context context;
+ krb5_principal dest;
krb5_error_code kret;
GSSAPI_KRB5_INIT (&context);
- kret = krb5_copy_principal (context, src, dest);
+ kret = krb5_copy_principal (context, src, &dest);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
} else {
+ *dest_name = (gss_name_t)dest;
*minor_status = 0;
return GSS_S_COMPLETE;
}
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: encapsulate.c 18459 2006-10-14 10:12:16Z lha $");
+RCSID("$Id$");
void
_gssapi_encap_length (size_t data_len,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: export_name.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_export_name
(OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: export_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
OM_uint32
_gsskrb5_export_sec_context (
#include "krb5/gsskrb5_locl.h"
#include <gssapi_mech.h>
-RCSID("$Id: external.c 23420 2008-07-26 18:37:48Z lha $");
+RCSID("$Id$");
/*
* The implementation must reserve static storage for a
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: get_mic.c 23112 2008-04-27 18:51:26Z lha $");
+RCSID("$Id$");
static OM_uint32
mic_des
# extended gss krb5 error messages
#
-id "$Id: gkrb5_err.et 20049 2007-01-24 00:14:24Z lha $"
+id "$Id$"
error_table gk5
* SUCH DAMAGE.
*/
-/* $Id: gsskrb5_locl.h 23435 2008-07-26 20:49:35Z lha $ */
+/* $Id$ */
#ifndef GSSKRB5_LOCL_H
#define GSSKRB5_LOCL_H
#define SC_LOCAL_SUBKEY 0x08
#define SC_REMOTE_SUBKEY 0x10
+/* type to signal that that dns canon maybe should be done */
+#define MAGIC_HOSTBASED_NAME_TYPE 4711
+
#endif
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: import_name.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
static OM_uint32
parse_krb5_name (OM_uint32 *minor_status,
return ret;
}
+OM_uint32
+_gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
+ int use_dns, gss_name_t name, krb5_principal *out)
+{
+ krb5_principal p = (krb5_principal)name;
+ krb5_error_code ret;
+ char *hostname = NULL, *service;
+
+ *minor_status = 0;
+
+ /* If its not a hostname */
+ if (krb5_principal_get_type(context, p) != MAGIC_HOSTBASED_NAME_TYPE) {
+ ret = krb5_copy_principal(context, p, out);
+ } else if (!use_dns) {
+ ret = krb5_copy_principal(context, p, out);
+ if (ret == 0)
+ krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST);
+ } else {
+ if (p->name.name_string.len == 0)
+ return GSS_S_BAD_NAME;
+ else if (p->name.name_string.len > 1)
+ hostname = p->name.name_string.val[1];
+
+ service = p->name.name_string.val[0];
+
+ ret = krb5_sname_to_principal(context,
+ hostname,
+ service,
+ KRB5_NT_SRV_HST,
+ out);
+ }
+
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ return 0;
+}
+
+
static OM_uint32
import_hostbased_name (OM_uint32 *minor_status,
krb5_context context,
const gss_buffer_t input_name_buffer,
gss_name_t *output_name)
{
- krb5_error_code kerr;
- char *tmp;
- char *p;
- char *host;
- char local_hostname[MAXHOSTNAMELEN];
krb5_principal princ = NULL;
+ krb5_error_code kerr;
+ char *tmp, *p, *host = NULL;
tmp = malloc (input_name_buffer->length + 1);
if (tmp == NULL) {
if (p != NULL) {
*p = '\0';
host = p + 1;
- } else {
- if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
- *minor_status = errno;
- free (tmp);
- return GSS_S_FAILURE;
- }
- host = local_hostname;
}
- kerr = krb5_sname_to_principal (context,
- host,
- tmp,
- KRB5_NT_SRV_HST,
- &princ);
+ kerr = krb5_make_principal(context, &princ, NULL, tmp, host, NULL);
free (tmp);
*minor_status = kerr;
- if (kerr == 0) {
- *output_name = (gss_name_t)princ;
- return GSS_S_COMPLETE;
- }
-
if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
return GSS_S_BAD_NAME;
+ else if (kerr)
+ return GSS_S_FAILURE;
- return GSS_S_FAILURE;
+ krb5_principal_set_type(context, princ, MAGIC_HOSTBASED_NAME_TYPE);
+ *output_name = (gss_name_t)princ;
+
+ return 0;
}
static OM_uint32
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: import_sec_context.c 22997 2008-04-15 19:36:25Z lha $");
+RCSID("$Id$");
OM_uint32
_gsskrb5_import_sec_context (
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: indicate_mechs.c 20688 2007-05-17 18:44:31Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_indicate_mechs
(OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: init.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER;
static int created_key;
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: init_sec_context.c 23422 2008-07-26 18:38:29Z lha $");
+RCSID("$Id$");
/*
* copy the addresses from `input_chan_bindings' (if any) to
krb5_creds *cred,
krb5_const_principal name,
krb5_data *fwd_data,
+ uint32_t flagmask,
uint32_t *flags)
{
krb5_creds creds;
out:
if (kret)
- *flags &= ~GSS_C_DELEG_FLAG;
+ *flags &= ~flagmask;
else
- *flags |= GSS_C_DELEG_FLAG;
+ *flags |= flagmask;
if (creds.client)
krb5_free_principal(context, creds.client);
gsskrb5_cred cred,
gsskrb5_ctx ctx,
krb5_context context,
- krb5_const_principal name,
+ gss_name_t name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
krb5_data outbuf;
krb5_data fwd_data;
OM_uint32 lifetime_rec;
+ int use_dns = 1;
krb5_data_zero(&outbuf);
krb5_data_zero(&fwd_data);
goto failure;
}
- kret = krb5_copy_principal (context, name, &ctx->target);
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
+ /* canon name if needed for client + target realm */
+ kret = krb5_cc_get_config(context, ctx->ccache, NULL,
+ "realm-config", &outbuf);
+ if (kret == 0) {
+ /* XXX 2 is no server canon */
+ if (outbuf.length < 1 || ((((unsigned char *)outbuf.data)[0]) & 2))
+ use_dns = 0;
+ krb5_data_free(&outbuf);
}
+ ret = _gsskrb5_canon_name(minor_status, context, use_dns,
+ name, &ctx->target);
+ if (ret)
+ goto failure;
+
ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
if (ret)
goto failure;
krb5_enctype enctype;
krb5_data fwd_data, timedata;
int32_t offset = 0, oldoffset;
+ uint32_t flagmask;
krb5_data_zero(&outbuf);
krb5_data_zero(&fwd_data);
*minor_status = 0;
/*
- * If the credential doesn't have ok-as-delegate, check what local
- * policy say about ok-as-delegate, default is FALSE that makes
- * code ignore the KDC setting and follow what the application
- * requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the
- * KDC doesn't set ok-as-delegate.
+ * If the credential doesn't have ok-as-delegate, check if there
+ * is a realm setting and use that.
*/
if (!ctx->kcred->flags.b.ok_as_delegate) {
- krb5_boolean delegate, realm_setting;
krb5_data data;
-
- realm_setting = FALSE;
-
+
ret = krb5_cc_get_config(context, ctx->ccache, NULL,
"realm-config", &data);
if (ret == 0) {
/* XXX 1 is use ok-as-delegate */
- if (data.length > 0 && (((unsigned char *)data.data)[0]) & 1)
- realm_setting = TRUE;
+ if (data.length < 1 || ((((unsigned char *)data.data)[0]) & 1) == 0)
+ req_flags &= ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG);
krb5_data_free(&data);
}
-
- krb5_appdefault_boolean(context, "gssapi", ctx->target->realm,
- "ok-as-delegate", realm_setting,
- &delegate);
- if (delegate)
- req_flags &= ~GSS_C_DELEG_FLAG;
}
+ flagmask = 0;
+
+ /* if we used GSS_C_DELEG_POLICY_FLAG, trust KDC */
+ if ((req_flags & GSS_C_DELEG_POLICY_FLAG)
+ && ctx->kcred->flags.b.ok_as_delegate)
+ flagmask |= GSS_C_DELEG_FLAG | GSS_C_DELEG_POLICY_FLAG;
+ /* if there still is a GSS_C_DELEG_FLAG, use that */
+ if (req_flags & GSS_C_DELEG_FLAG)
+ flagmask |= GSS_C_DELEG_FLAG;
+
+
flags = 0;
ap_options = 0;
- if (req_flags & GSS_C_DELEG_FLAG)
+ if (flagmask & GSS_C_DELEG_FLAG) {
do_delegation (context,
ctx->auth_context,
ctx->ccache, ctx->kcred, ctx->target,
- &fwd_data, &flags);
+ &fwd_data, flagmask, &flags);
+ }
if (req_flags & GSS_C_MUTUAL_FLAG) {
flags |= GSS_C_MUTUAL_FLAG;
{
krb5_context context;
gsskrb5_cred cred = (gsskrb5_cred)cred_handle;
- krb5_const_principal name = (krb5_const_principal)target_name;
gsskrb5_ctx ctx;
OM_uint32 ret;
cred,
ctx,
context,
- name,
+ target_name,
mech_type,
req_flags,
time_req,
* If we get there, the caller have called
* gss_init_sec_context() one time too many.
*/
- *minor_status = 0;
+ _gsskrb5_set_status(EINVAL, "init_sec_context "
+ "called one time too many");
+ *minor_status = EINVAL;
ret = GSS_S_BAD_STATUS;
break;
default:
- *minor_status = 0;
+ _gsskrb5_set_status(EINVAL, "init_sec_context "
+ "invalid state %d for client",
+ (int)ctx->state);
+ *minor_status = EINVAL;
ret = GSS_S_BAD_STATUS;
break;
}
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: inquire_context.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_context (
OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: inquire_cred.c 20688 2007-05-17 18:44:31Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_cred
(OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: inquire_cred_by_mech.c 20634 2007-05-09 15:33:01Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_cred_by_mech (
OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: inquire_cred_by_oid.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_cred_by_oid
(OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: inquire_mechs_for_name.c 20688 2007-05-17 18:44:31Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_inquire_mechs_for_name (
OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: inquire_names_for_mech.c 20688 2007-05-17 18:44:31Z lha $");
+RCSID("$Id$");
static gss_OID *name_list[] = {
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: inquire_sec_context_by_oid.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
static int
oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix)
if (context_handle->ticket == NULL) {
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
- _gsskrb5_set_status("No ticket from which to obtain flags");
+ _gsskrb5_set_status(EINVAL, "No ticket from which to obtain flags");
*minor_status = EINVAL;
return GSS_S_BAD_MECH;
}
ret = _gsskrb5i_get_token_key(context_handle, context, &key);
break;
default:
- _gsskrb5_set_status("%d is not a valid subkey type", keytype);
+ _gsskrb5_set_status(EINVAL, "%d is not a valid subkey type", keytype);
ret = EINVAL;
break;
}
if (ret)
goto out;
if (key == NULL) {
- _gsskrb5_set_status("have no subkey of type %d", keytype);
+ _gsskrb5_set_status(EINVAL, "have no subkey of type %d", keytype);
ret = EINVAL;
goto out;
}
if (context_handle->ticket == NULL) {
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
*minor_status = EINVAL;
- _gsskrb5_set_status("No ticket to obtain authz data from");
+ _gsskrb5_set_status(EINVAL, "No ticket to obtain authz data from");
return GSS_S_NO_CONTEXT;
}
context_handle->auth_context,
&number);
ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
+ if (ret) goto out;
ret = krb5_store_uint32(sp, (uint32_t)number);
+ if (ret) goto out;
krb5_auth_getremoteseqnumber (context,
context_handle->auth_context,
&number);
ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
+ if (ret) goto out;
ret = krb5_store_uint32(sp, (uint32_t)number);
+ if (ret) goto out;
ret = krb5_store_int32(sp, (is_cfx) ? 1 : 0);
if (ret) goto out;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
if (ctx->ticket == NULL) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
- _gsskrb5_set_status("No ticket to obtain auth time from");
+ _gsskrb5_set_status(EINVAL, "No ticket to obtain auth time from");
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
if (ctx->service_keyblock == NULL) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
- _gsskrb5_set_status("No service keyblock on gssapi context");
+ _gsskrb5_set_status(EINVAL, "No service keyblock on gssapi context");
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: prf.c 21129 2007-06-18 20:28:44Z lha $");
+RCSID("$Id$");
OM_uint32
_gsskrb5_pseudo_random(OM_uint32 *minor_status,
_gsskrb5i_get_initiator_subkey(ctx, context, &key);
break;
default:
- _gsskrb5_set_status("unknown kerberos prf_key");
- *minor_status = 0;
+ _gsskrb5_set_status(EINVAL, "unknown kerberos prf_key");
+ *minor_status = EINVAL;
return GSS_S_FAILURE;
}
if (key == NULL) {
- _gsskrb5_set_status("no prf_key found");
- *minor_status = 0;
+ _gsskrb5_set_status(EINVAL, "no prf_key found");
+ *minor_status = EINVAL;
return GSS_S_FAILURE;
}
prf_out->value = malloc(desired_output_len);
if (prf_out->value == NULL) {
- _gsskrb5_set_status("Out of memory");
+ _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
input.data = malloc(prf_in->length + 4);
if (input.data == NULL) {
OM_uint32 junk;
- _gsskrb5_set_status("Out of memory");
+ _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
gss_release_buffer(&junk, prf_out);
krb5_crypto_destroy(context, crypto);
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: process_context_token.c 19031 2006-11-13 18:02:57Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_process_context_token (
OM_uint32 *minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: release_buffer.c 18334 2006-10-07 22:16:04Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_release_buffer
(OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: release_cred.c 20753 2007-05-31 22:50:06Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_release_cred
(OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: release_name.c 21128 2007-06-18 20:26:50Z lha $");
+RCSID("$Id$");
OM_uint32 _gsskrb5_release_name
(OM_uint32 * minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: sequence.c 18334 2006-10-07 22:16:04Z lha $");
+RCSID("$Id$");
#define DEFAULT_JITTER_WINDOW 20
kret = krb5_ret_int32(sp, &flags);
if (kret)
goto failed;
- ret = krb5_ret_int32(sp, &start);
+ kret = krb5_ret_int32(sp, &start);
if (kret)
goto failed;
- ret = krb5_ret_int32(sp, &length);
+ kret = krb5_ret_int32(sp, &length);
if (kret)
goto failed;
- ret = krb5_ret_int32(sp, &jitter_window);
+ kret = krb5_ret_int32(sp, &jitter_window);
if (kret)
goto failed;
- ret = krb5_ret_int32(sp, &first_seq);
+ kret = krb5_ret_int32(sp, &first_seq);
if (kret)
goto failed;
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: set_cred_option.c 23331 2008-06-27 12:01:48Z lha $");
+RCSID("$Id$");
/* 1.2.752.43.13.17 */
static gss_OID_desc gss_krb5_cred_no_ci_flags_x_oid_desc =
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: set_sec_context_option.c 23420 2008-07-26 18:37:48Z lha $");
+RCSID("$Id$");
static OM_uint32
get_bool(OM_uint32 *minor_status,
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: unwrap.c 23112 2008-04-27 18:51:26Z lha $");
+RCSID("$Id$");
static OM_uint32
unwrap_des
OM_uint32 ret;
int cstate;
int cmp;
+ int token_len;
+
+ if (IS_DCE_STYLE(context_handle)) {
+ token_len = 22 + 8 + 15; /* 45 */
+ } else {
+ token_len = input_message_buffer->length;
+ }
p = input_message_buffer->value;
ret = _gsskrb5_verify_header (&p,
- input_message_buffer->length,
+ token_len,
"\x02\x01",
GSS_KRB5_MECHANISM);
if (ret)
memset (deskey, 0, sizeof(deskey));
memset (&schedule, 0, sizeof(schedule));
}
- /* check pad */
- ret = _gssapi_verify_pad(input_message_buffer,
- input_message_buffer->length - len,
- &padlength);
- if (ret)
- return ret;
+
+ if (IS_DCE_STYLE(context_handle)) {
+ padlength = 0;
+ } else {
+ /* check pad */
+ ret = _gssapi_verify_pad(input_message_buffer,
+ input_message_buffer->length - len,
+ &padlength);
+ if (ret)
+ return ret;
+ }
MD5_Init (&md5);
MD5_Update (&md5, p - 24, 8);
krb5_crypto crypto;
Checksum csum;
int cmp;
+ int token_len;
+
+ if (IS_DCE_STYLE(context_handle)) {
+ token_len = 34 + 8 + 15; /* 57 */
+ } else {
+ token_len = input_message_buffer->length;
+ }
p = input_message_buffer->value;
ret = _gsskrb5_verify_header (&p,
- input_message_buffer->length,
+ token_len,
"\x02\x01",
GSS_KRB5_MECHANISM);
if (ret)
memcpy (p, tmp.data, tmp.length);
krb5_data_free(&tmp);
}
- /* check pad */
- ret = _gssapi_verify_pad(input_message_buffer,
- input_message_buffer->length - len,
- &padlength);
- if (ret)
- return ret;
+
+ if (IS_DCE_STYLE(context_handle)) {
+ padlength = 0;
+ } else {
+ /* check pad */
+ ret = _gssapi_verify_pad(input_message_buffer,
+ input_message_buffer->length - len,
+ &padlength);
+ if (ret)
+ return ret;
+ }
/* verify sequence number */
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: verify_mic.c 23112 2008-04-27 18:51:26Z lha $");
+RCSID("$Id$");
static OM_uint32
verify_mic_des
#include "krb5/gsskrb5_locl.h"
-RCSID("$Id: wrap.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
/*
* Return initiator subkey, or if that doesn't exists, the subkey.
int32_t seq_number;
size_t len, total_len, padlength, datalen;
- padlength = 8 - (input_message_buffer->length % 8);
- datalen = input_message_buffer->length + padlength + 8;
- len = datalen + 22;
- _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ if (IS_DCE_STYLE(ctx)) {
+ padlength = 0;
+ datalen = input_message_buffer->length;
+ len = 22 + 8;
+ _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ total_len += datalen;
+ datalen += 8;
+ } else {
+ padlength = 8 - (input_message_buffer->length % 8);
+ datalen = input_message_buffer->length + padlength + 8;
+ len = datalen + 22;
+ _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ }
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);
Checksum cksum;
krb5_data encdata;
- padlength = 8 - (input_message_buffer->length % 8);
- datalen = input_message_buffer->length + padlength + 8;
- len = datalen + 34;
- _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ if (IS_DCE_STYLE(ctx)) {
+ padlength = 0;
+ datalen = input_message_buffer->length;
+ len = 34 + 8;
+ _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ total_len += datalen;
+ datalen += 8;
+ } else {
+ padlength = 8 - (input_message_buffer->length % 8);
+ datalen = input_message_buffer->length + padlength + 8;
+ len = datalen + 34;
+ _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+ }
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);
#include "mech/mech_locl.h"
#include "heim_threads.h"
-RCSID("$Id: context.c 22600 2008-02-21 12:46:24Z lha $");
+RCSID("$Id$");
struct mg_thread_ctx {
gss_OID mech;
if (mg == NULL)
return GSS_S_BAD_STATUS;
+#if 0
+ /*
+ * We cant check the mech here since a pseudo-mech might have
+ * called an lower layer and then the mech info is all broken
+ */
if (mech != NULL && gss_oid_equal(mg->mech, mech) == 0)
return GSS_S_BAD_STATUS;
+#endif
switch (type) {
case GSS_C_GSS_CODE: {
* SUCH DAMAGE.
*
* $FreeBSD: src/lib/libgssapi/context.h,v 1.1 2005/12/29 14:40:20 dfr Exp $
- * $Id: context.h 19925 2007-01-16 10:19:27Z lha $
+ * $Id$
*/
#include <gssapi_mech.h>
* SUCH DAMAGE.
*
* $FreeBSD: src/lib/libgssapi/cred.h,v 1.1 2005/12/29 14:40:20 dfr Exp $
- * $Id: cred.h 20626 2007-05-08 13:56:49Z lha $
+ * $Id$
*/
struct _gss_mechanism_cred {
*/
#include "mech_locl.h"
-RCSID("$Id: gss_accept_sec_context.c 22071 2007-11-14 20:04:50Z lha $");
+RCSID("$Id$");
static OM_uint32
parse_header(const gss_buffer_t input_token, gss_OID mech_oid)
OM_uint32 *time_rec,
gss_cred_id_t *delegated_cred_handle)
{
- OM_uint32 major_status, mech_ret_flags;
+ OM_uint32 major_status, mech_ret_flags, junk;
gssapi_mech_interface m;
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
struct _gss_cred *cred = (struct _gss_cred *) acceptor_cred_handle;
struct _gss_mechanism_cred *mc;
gss_cred_id_t acceptor_mc, delegated_mc;
gss_name_t src_mn;
- int allocated_ctx;
*minor_status = 0;
if (src_name)
free(ctx);
return (GSS_S_BAD_MECH);
}
- allocated_ctx = 1;
+ *context_handle = (gss_ctx_id_t) ctx;
} else {
m = ctx->gc_mech;
- allocated_ctx = 0;
}
if (cred) {
SLIST_FOREACH(mc, &cred->gc_mc, gmc_link)
if (mc->gmc_mech == m)
break;
- if (!mc)
+ if (!mc) {
+ gss_delete_sec_context(&junk, context_handle, NULL);
return (GSS_S_BAD_MECH);
+ }
acceptor_mc = mc->gmc_cred;
} else {
acceptor_mc = GSS_C_NO_CREDENTIAL;
major_status != GSS_S_CONTINUE_NEEDED)
{
_gss_mg_error(m, major_status, *minor_status);
+ gss_delete_sec_context(&junk, context_handle, NULL);
return (major_status);
}
if (!name) {
m->gm_release_name(minor_status, &src_mn);
+ gss_delete_sec_context(&junk, context_handle, NULL);
return (GSS_S_FAILURE);
}
*src_name = (gss_name_t) name;
} else if (src_mn) {
- m->gm_release_name(minor_status, &src_mn);
+ m->gm_release_name(minor_status, &src_mn);
}
if (mech_ret_flags & GSS_C_DELEG_FLAG) {
dcred = malloc(sizeof(struct _gss_cred));
if (!dcred) {
*minor_status = ENOMEM;
+ gss_delete_sec_context(&junk, context_handle, NULL);
return (GSS_S_FAILURE);
}
SLIST_INIT(&dcred->gc_mc);
if (!dmc) {
free(dcred);
*minor_status = ENOMEM;
+ gss_delete_sec_context(&junk, context_handle, NULL);
return (GSS_S_FAILURE);
}
dmc->gmc_mech = m;
if (ret_flags)
*ret_flags = mech_ret_flags;
- *context_handle = (gss_ctx_id_t) ctx;
return (major_status);
}
*/
#include "mech_locl.h"
-RCSID("$Id: gss_acquire_cred.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_acquire_cred(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_add_cred.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
static struct _gss_mechanism_cred *
_gss_copy_cred(struct _gss_mechanism_cred *mc)
*/
#include "mech_locl.h"
-RCSID("$Id: gss_add_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_add_oid_set_member (OM_uint32 * minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_buffer_set.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_create_empty_buffer_set
*/
#include "mech_locl.h"
-RCSID("$Id: gss_canonicalize_name.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_canonicalize_name(OM_uint32 *minor_status,
OM_uint32 major_status;
struct _gss_name *name = (struct _gss_name *) input_name;
struct _gss_mechanism_name *mn;
- gssapi_mech_interface m = __gss_get_mechanism(mech_type);
+ gssapi_mech_interface m;
gss_name_t new_canonical_name;
*minor_status = 0;
*/
#include "mech_locl.h"
-RCSID("$Id: gss_compare_name.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_compare_name(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_context_time.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_context_time(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_create_empty_oid_set.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_create_empty_oid_set(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_decapsulate_token.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_decapsulate_token(gss_buffer_t input_token,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_delete_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_delete_sec_context(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_display_name.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_display_name(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_display_status.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
static const char *
calling_error(OM_uint32 v)
*/
#include "mech_locl.h"
-RCSID("$Id: gss_duplicate_name.c 21480 2007-07-10 16:32:32Z lha $");
+RCSID("$Id$");
OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
const gss_name_t src_name,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_duplicate_oid.c 19954 2007-01-17 11:50:23Z lha $");
+RCSID("$Id$");
OM_uint32 gss_duplicate_oid (
OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_encapsulate_token.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_encapsulate_token(gss_buffer_t input_token,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_export_name.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_export_name(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_export_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_export_sec_context(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_get_mic.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_get_mic(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_import_name.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
static OM_uint32
_gss_import_export_name(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_import_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_import_sec_context(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_indicate_mechs.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_indicate_mechs(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_init_sec_context.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
static gss_cred_id_t
_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_context.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_context(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_cred.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
#define AUSAGE 1
#define IUSAGE 2
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_cred_by_mech.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_cred_by_mech(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_cred_by_oid.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_cred_by_oid (OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_mechs_for_name.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_mechs_for_name(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_names_for_mech.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_names_for_mech(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_inquire_sec_context_by_oid.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_krb5.c 23420 2008-07-26 18:37:48Z lha $");
+RCSID("$Id$");
#include <krb5.h>
#include <roken.h>
if (ret)
return ret;
- if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
+ if (data_set == GSS_C_NO_BUFFER_SET || data_set->count < 1) {
gss_release_buffer_set(minor_status, &data_set);
*minor_status = EINVAL;
return GSS_S_FAILURE;
#include "mech_locl.h"
#include <heim_threads.h>
-RCSID("$Id: gss_mech_switch.c 23471 2008-07-27 12:17:49Z lha $");
+RCSID("$Id$");
#ifndef _PATH_GSS_MECH
#define _PATH_GSS_MECH "/etc/gss/mech"
#define RTLD_LOCAL 0
#endif
- so = dlopen(lib, RTLD_LOCAL);
+ so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL);
if (!so) {
/* fprintf(stderr, "dlopen: %s\n", dlerror()); */
continue;
*/
#include "mech_locl.h"
-RCSID("$Id: gss_names.c 21473 2007-07-10 16:29:53Z lha $");
+RCSID("$Id$");
OM_uint32
_gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_oid_equal.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
int GSSAPI_LIB_FUNCTION
gss_oid_equal(const gss_OID a, const gss_OID b)
*/
#include "mech_locl.h"
-RCSID("$Id: gss_oid_to_str.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
*/
#include "mech_locl.h"
-RCSID("$Id: gss_process_context_token.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_process_context_token(OM_uint32 *minor_status,
* SUCH DAMAGE.
*/
-/* $Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $ */
+/* $Id$ */
#include "mech_locl.h"
-RCSID("$Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_pseudo_random(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_release_buffer.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_buffer(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_release_cred.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
*/
#include "mech_locl.h"
-RCSID("$Id: gss_release_name.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_name(OM_uint32 *minor_status,
#include "mech_locl.h"
-RCSID("$Id: gss_release_oid.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_oid(OM_uint32 *minor_status, gss_OID *oid)
*/
#include "mech_locl.h"
-RCSID("$Id: gss_release_oid_set.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_release_oid_set(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_seal.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_seal(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_set_cred_option.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_set_cred_option (OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_set_sec_context_option.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_set_sec_context_option (OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_sign.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_sign(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_test_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_test_oid_set_member(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_unseal.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_unseal(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_unwrap.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_unwrap(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_utils.c 19965 2007-01-17 16:23:47Z lha $");
+RCSID("$Id$");
OM_uint32
_gss_copy_oid(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_verify.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_verify(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_verify_mic.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_verify_mic(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_wrap.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_wrap(OM_uint32 *minor_status,
*/
#include "mech_locl.h"
-RCSID("$Id: gss_wrap_size_limit.c 23025 2008-04-17 10:01:57Z lha $");
+RCSID("$Id$");
OM_uint32 GSSAPI_LIB_FUNCTION
gss_wrap_size_limit(OM_uint32 *minor_status,
--- $Id: gssapi.asn1 18565 2006-10-18 21:08:19Z lha $
+-- $Id$
GSS-API DEFINITIONS ::= BEGIN
* SUCH DAMAGE.
*/
-/* $Id: mech_locl.h 19948 2007-01-17 10:03:07Z lha $ */
+/* $Id$ */
#include <config.h>
* SUCH DAMAGE.
*
* $FreeBSD: src/lib/libgssapi/mech_switch.h,v 1.1 2005/12/29 14:40:20 dfr Exp $
- * $Id: mech_switch.h 18246 2006-10-05 18:36:07Z lha $
+ * $Id$
*/
#include <gssapi_mech.h>
* SUCH DAMAGE.
*
* $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $
- * $Id: name.h 21477 2007-07-10 16:31:44Z lha $
+ * $Id$
*/
struct _gss_mechanism_name {
* SUCH DAMAGE.
*
* $FreeBSD: src/lib/libgssapi/utils.h,v 1.1 2005/12/29 14:40:20 dfr Exp $
- * $Id: utils.h 19398 2006-12-18 13:01:40Z lha $
+ * $Id$
*/
OM_uint32 _gss_free_oid(OM_uint32 *, gss_OID);
#include "spnego/spnego_locl.h"
-RCSID("$Id: accept_sec_context.c 23158 2008-05-02 09:45:28Z lha $");
+RCSID("$Id$");
static OM_uint32
send_reject (OM_uint32 *minor_status,
free(buf.value);
} else
- *get_mic = verify_mic = 0;
+ *get_mic = 0;
return GSS_S_COMPLETE;
}
#include "spnego/spnego_locl.h"
-RCSID("$Id: compat.c 22688 2008-03-16 11:33:58Z lha $");
+RCSID("$Id$");
/*
* Apparently Microsoft got the OID wrong, and used
#include "spnego/spnego_locl.h"
-RCSID("$Id: context_stubs.c 22688 2008-03-16 11:33:58Z lha $");
+RCSID("$Id$");
static OM_uint32
spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
#include "spnego/spnego_locl.h"
-RCSID("$Id: cred_stubs.c 22688 2008-03-16 11:33:58Z lha $");
+RCSID("$Id$");
OM_uint32
_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
#include "spnego/spnego_locl.h"
#include <gssapi_mech.h>
-RCSID("$Id: external.c 22688 2008-03-16 11:33:58Z lha $");
+RCSID("$Id$");
/*
* RFC2478, SPNEGO:
#include "spnego/spnego_locl.h"
-RCSID("$Id: init_sec_context.c 22600 2008-02-21 12:46:24Z lha $");
+RCSID("$Id$");
/*
* Is target_name an sane target for `mech´.
--- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $
+-- $Id$
SPNEGO DEFINITIONS ::=
BEGIN
* SUCH DAMAGE.
*/
-/* $Id: spnego_locl.h 23161 2008-05-05 09:56:20Z lha $ */
+/* $Id$ */
#ifndef SPNEGO_LOCL_H
#define SPNEGO_LOCL_H
#ifdef HAVE_CONFIG_H
#include "config.h"
-RCSID("$Id: aes.c 15495 2005-06-18 22:47:33Z lha $");
+RCSID("$Id$");
#endif
#ifdef KRB5
* SUCH DAMAGE.
*/
-/* $Id: aes.h 22958 2008-04-11 11:33:22Z lha $ */
+/* $Id$ */
#ifndef HEIM_AES_H
#define HEIM_AES_H 1
#include <config.h>
#endif
-RCSID("$Id: bn.c 22850 2008-04-07 18:49:01Z lha $");
+RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
*/
/*
- * $Id: bn.h 22260 2007-12-09 06:23:47Z lha $
+ * $Id$
*/
#ifndef _HEIM_BN_H
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: des.c 23117 2008-04-28 10:29:36Z lha $");
+RCSID("$Id$");
#endif
#define HC_DEPRECATED
* SUCH DAMAGE.
*/
-/* $Id: des.h 23148 2008-04-29 05:53:27Z biorn $ */
+/* $Id$ */
#ifndef _DESperate_H
#define _DESperate_H 1
#include "imath/imath.h"
-RCSID("$Id: dh-imath.c 22368 2007-12-28 15:27:52Z lha $");
+RCSID("$Id$");
static void
BN2mpz(mpz_t *s, const BIGNUM *bn)
#include <config.h>
#endif
-RCSID("$Id: dh.c 22397 2008-01-01 20:20:31Z lha $");
+RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
*/
/*
- * $Id: dh.h 17483 2006-05-06 13:11:15Z lha $
+ * $Id$
*/
#ifndef _HEIM_DH_H
#include <config.h>
#endif
-RCSID("$Id: dsa.c 17496 2006-05-07 11:31:58Z lha $");
+RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
*/
/*
- * $Id: dsa.h 16564 2006-01-13 15:26:52Z lha $
+ * $Id$
*/
#ifndef _HEIM_DSA_H
#include <config.h>
#endif
-RCSID("$Id: engine.c 20828 2007-06-03 05:10:20Z lha $");
+RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
*/
/*
- * $Id: engine.h 17475 2006-05-06 12:34:36Z lha $
+ * $Id$
*/
#ifndef _HEIM_ENGINE_H
#include <config.h>
#endif
-RCSID("$Id: evp.c 23144 2008-04-29 05:47:16Z lha $");
+RCSID("$Id$");
#define HC_DEPRECATED
+#define HC_DEPRECATED_CRYPTO
#include <sys/types.h>
#include <stdio.h>
#include <krb5-types.h>
-#include <aes.h>
#include "camellia.h"
#include <des.h>
#include <sha.h>
* @page page_evp EVP - generic crypto interface
*
* See the library functions here: @ref hcrypto_evp
+ *
+ * @section evp_cipher EVP Cipher
+ *
+ * The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to
+ * understand forward, then EVP_CipherUpdate() and
+ * EVP_CipherFinal_ex() really needs an example to explain @ref
+ * example_evp_cipher.c .
+ *
+ * @example example_evp_cipher.c
+ *
+ * This is an example how to use EVP_CipherInit_ex(),
+ * EVP_CipherUpdate() and EVP_CipherFinal_ex().
*/
-
-typedef int (*evp_md_init)(EVP_MD_CTX *);
-typedef int (*evp_md_update)(EVP_MD_CTX *,const void *, size_t);
-typedef int (*evp_md_final)(void *, EVP_MD_CTX *);
-typedef int (*evp_md_cleanup)(EVP_MD_CTX *);
-
-struct hc_evp_md {
- int hash_size;
- int block_size;
- int ctx_size;
- evp_md_init init;
- evp_md_update update;
- evp_md_final final;
- evp_md_cleanup cleanup;
-};
-
struct hc_EVP_MD_CTX {
const EVP_MD *md;
ENGINE *engine;
32,
64,
sizeof(SHA256_CTX),
- (evp_md_init)SHA256_Init,
- (evp_md_update)SHA256_Update,
- (evp_md_final)SHA256_Final,
+ (hc_evp_md_init)SHA256_Init,
+ (hc_evp_md_update)SHA256_Update,
+ (hc_evp_md_final)SHA256_Final,
NULL
};
return &sha256;
20,
64,
sizeof(SHA_CTX),
- (evp_md_init)SHA1_Init,
- (evp_md_update)SHA1_Update,
- (evp_md_final)SHA1_Final,
+ (hc_evp_md_init)SHA1_Init,
+ (hc_evp_md_update)SHA1_Update,
+ (hc_evp_md_final)SHA1_Final,
NULL
};
16,
64,
sizeof(MD5_CTX),
- (evp_md_init)MD5_Init,
- (evp_md_update)MD5_Update,
- (evp_md_final)MD5_Final,
+ (hc_evp_md_init)MD5_Init,
+ (hc_evp_md_update)MD5_Update,
+ (hc_evp_md_final)MD5_Final,
NULL
};
return &md5;
16,
64,
sizeof(MD4_CTX),
- (evp_md_init)MD4_Init,
- (evp_md_update)MD4_Update,
- (evp_md_final)MD4_Final,
+ (hc_evp_md_init)MD4_Init,
+ (hc_evp_md_update)MD4_Update,
+ (hc_evp_md_final)MD4_Final,
NULL
};
return &md4;
16,
16,
sizeof(MD2_CTX),
- (evp_md_init)MD2_Init,
- (evp_md_update)MD2_Update,
- (evp_md_final)MD2_Final,
+ (hc_evp_md_init)MD2_Init,
+ (hc_evp_md_update)MD2_Update,
+ (hc_evp_md_final)MD2_Final,
NULL
};
return &md2;
0,
0,
0,
- (evp_md_init)null_Init,
- (evp_md_update)null_Update,
- (evp_md_final)null_Final,
+ (hc_evp_md_init)null_Init,
+ (hc_evp_md_update)null_Update,
+ (hc_evp_md_final)null_Final,
NULL
};
return &null;
EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine,
const void *key, const void *iv, int encp)
{
+ ctx->buf_len = 0;
+
if (encp == -1)
encp = ctx->encrypt;
else
if (ctx->cipher_data == NULL && c->ctx_size != 0)
return 0;
+ /* assume block size is a multiple of 2 */
+ ctx->block_mask = EVP_CIPHER_block_size(c) - 1;
+
} else if (ctx->cipher == NULL) {
/* reuse of cipher, but not any cipher ever set! */
return 0;
}
/**
- * Encypher/decypher data
+ * Encipher/decipher partial data
+ *
+ * @param ctx the cipher context.
+ * @param out output data from the operation.
+ * @param outlen output length
+ * @param in input data to the operation.
+ * @param inlen length of data.
+ *
+ * The output buffer length should at least be EVP_CIPHER_block_size()
+ * byte longer then the input length.
+ *
+ * See @ref evp_cipher for an example how to use this function.
+ *
+ * @return 1 on success.
+ *
+ * @ingroup hcrypto_evp
+ */
+
+int
+EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
+ void *in, size_t inlen)
+{
+ int ret, left, blocksize;
+
+ *outlen = 0;
+
+ /**
+ * If there in no spare bytes in the left from last Update and the
+ * input length is on the block boundery, the EVP_CipherUpdate()
+ * function can take a shortcut (and preformance gain) and
+ * directly encrypt the data, otherwise we hav to fix it up and
+ * store extra it the EVP_CIPHER_CTX.
+ */
+ if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) {
+ ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
+ if (ret == 1)
+ *outlen = inlen;
+ else
+ *outlen = 0;
+ return ret;
+ }
+
+
+ blocksize = EVP_CIPHER_CTX_block_size(ctx);
+ left = blocksize - ctx->buf_len;
+ assert(left > 0);
+
+ if (ctx->buf_len) {
+
+ /* if total buffer is smaller then input, store locally */
+ if (inlen < left) {
+ memcpy(ctx->buf + ctx->buf_len, in, inlen);
+ ctx->buf_len += inlen;
+ return 1;
+ }
+
+ /* fill in local buffer and encrypt */
+ memcpy(ctx->buf + ctx->buf_len, in, left);
+ ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
+ memset(ctx->buf, 0, blocksize);
+ if (ret != 1)
+ return ret;
+
+ *outlen += blocksize;
+ inlen -= left;
+ in = ((unsigned char *)in) + left;
+ out = ((unsigned char *)out) + blocksize;
+ ctx->buf_len = 0;
+ }
+
+ if (inlen) {
+ ctx->buf_len = (inlen & ctx->block_mask);
+ inlen &= ~ctx->block_mask;
+
+ ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
+ if (ret != 1)
+ return ret;
+
+ *outlen += inlen;
+
+ in = ((unsigned char *)in) + inlen;
+ memcpy(ctx->buf, in, ctx->buf_len);
+ }
+
+ return 1;
+}
+
+/**
+ * Encipher/decipher final data
+ *
+ * @param ctx the cipher context.
+ * @param out output data from the operation.
+ * @param outlen output length
+ *
+ * The input length needs to be at least EVP_CIPHER_block_size() bytes
+ * long.
+ *
+ * See @ref evp_cipher for an example how to use this function.
+ *
+ * @return 1 on success.
+ *
+ * @ingroup hcrypto_evp
+ */
+
+int
+EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen)
+{
+ *outlen = 0;
+
+ if (ctx->buf_len) {
+ int ret, left, blocksize;
+
+ blocksize = EVP_CIPHER_CTX_block_size(ctx);
+
+ left = blocksize - ctx->buf_len;
+ assert(left > 0);
+
+ /* zero fill local buffer */
+ memset(ctx->buf + ctx->buf_len, 0, left);
+ ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
+ memset(ctx->buf, 0, blocksize);
+ if (ret != 1)
+ return ret;
+
+ *outlen += blocksize;
+ }
+
+ return 1;
+}
+
+/**
+ * Encipher/decipher data
*
* @param ctx the cipher context.
* @param out out data from the operation.
return NULL;
}
+/*
+ *
+ */
+
+static int
+des_cbc_init(EVP_CIPHER_CTX *ctx,
+ const unsigned char * key,
+ const unsigned char * iv,
+ int encp)
+{
+ DES_key_schedule *k = ctx->cipher_data;
+ DES_cblock deskey;
+ memcpy(&deskey, key, sizeof(deskey));
+ DES_set_key_unchecked(&deskey, k);
+ return 1;
+}
+
+static int
+des_cbc_do_cipher(EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ unsigned int size)
+{
+ DES_key_schedule *k = ctx->cipher_data;
+ DES_cbc_encrypt(in, out, size,
+ k, (DES_cblock *)ctx->iv, ctx->encrypt);
+ return 1;
+}
+
+static int
+des_cbc_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ memset(ctx->cipher_data, 0, sizeof(struct DES_key_schedule));
+ return 1;
+}
+
+/**
+ * The DES cipher type
+ *
+ * @return the DES-CBC EVP_CIPHER pointer.
+ *
+ * @ingroup hcrypto_evp
+ */
+
+const EVP_CIPHER *
+EVP_des_cbc(void)
+{
+ static const EVP_CIPHER des_ede3_cbc = {
+ 0,
+ 8,
+ 8,
+ 8,
+ EVP_CIPH_CBC_MODE,
+ des_cbc_init,
+ des_cbc_do_cipher,
+ des_cbc_cleanup,
+ sizeof(DES_key_schedule),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ };
+ return &des_ede3_cbc;
+}
+
/*
*
*/
return &des_ede3_cbc;
}
-/*
- *
- */
-
-static int
-aes_init(EVP_CIPHER_CTX *ctx,
- const unsigned char * key,
- const unsigned char * iv,
- int encp)
-{
- AES_KEY *k = ctx->cipher_data;
- if (ctx->encrypt)
- AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k);
- else
- AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k);
- return 1;
-}
-
-static int
-aes_do_cipher(EVP_CIPHER_CTX *ctx,
- unsigned char *out,
- const unsigned char *in,
- unsigned int size)
-{
- AES_KEY *k = ctx->cipher_data;
- AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt);
- return 1;
-}
-
-static int
-aes_cleanup(EVP_CIPHER_CTX *ctx)
-{
- memset(ctx->cipher_data, 0, sizeof(AES_KEY));
- return 1;
-}
-
/**
* The AES-128 cipher type
*
const EVP_CIPHER *
EVP_aes_128_cbc(void)
{
- static const EVP_CIPHER aes_128_cbc = {
- 0,
- 16,
- 16,
- 16,
- EVP_CIPH_CBC_MODE,
- aes_init,
- aes_do_cipher,
- aes_cleanup,
- sizeof(AES_KEY),
- NULL,
- NULL,
- NULL,
- NULL
- };
- return &aes_128_cbc;
+ return EVP_hcrypto_aes_128_cbc();
}
/**
const EVP_CIPHER *
EVP_aes_192_cbc(void)
{
- static const EVP_CIPHER aes_192_cbc = {
- 0,
- 16,
- 24,
- 16,
- EVP_CIPH_CBC_MODE,
- aes_init,
- aes_do_cipher,
- aes_cleanup,
- sizeof(AES_KEY),
- NULL,
- NULL,
- NULL,
- NULL
- };
- return &aes_192_cbc;
+ return EVP_hcrypto_aes_192_cbc();
}
/**
const EVP_CIPHER *
EVP_aes_256_cbc(void)
{
- static const EVP_CIPHER aes_256_cbc = {
- 0,
- 16,
- 32,
- 16,
- EVP_CIPH_CBC_MODE,
- aes_init,
- aes_do_cipher,
- aes_cleanup,
- sizeof(AES_KEY),
- NULL,
- NULL,
- NULL,
- NULL
- };
- return &aes_256_cbc;
+ return EVP_hcrypto_aes_256_cbc();
}
static int
* SUCH DAMAGE.
*/
-/* $Id: evp.h 23141 2008-04-29 05:47:04Z lha $ */
+/* $Id$ */
#ifndef HEIM_EVP_H
#define HEIM_EVP_H 1
#define EVP_CIPHER_key_length hc_EVP_CIPHER_key_length
#define EVP_Cipher hc_EVP_Cipher
#define EVP_CipherInit_ex hc_EVP_CipherInit_ex
+#define EVP_CipherUpdate hc_EVP_CipherUpdate
+#define EVP_CipherFinal_ex hc_EVP_CipherFinal_ex
#define EVP_Digest hc_EVP_Digest
#define EVP_DigestFinal_ex hc_EVP_DigestFinal_ex
#define EVP_DigestInit_ex hc_EVP_DigestInit_ex
#define EVP_aes_128_cbc hc_EVP_aes_128_cbc
#define EVP_aes_192_cbc hc_EVP_aes_192_cbc
#define EVP_aes_256_cbc hc_EVP_aes_256_cbc
+#define EVP_hcrypto_aes_128_cbc hc_EVP_hcrypto_aes_128_cbc
+#define EVP_hcrypto_aes_192_cbc hc_EVP_hcrypto_aes_192_cbc
+#define EVP_hcrypto_aes_256_cbc hc_EVP_hcrypto_aes_256_cbc
+#define EVP_hcrypto_aes_128_cts hc_EVP_hcrypto_aes_128_cts
+#define EVP_hcrypto_aes_192_cts hc_EVP_hcrypto_aes_192_cts
+#define EVP_hcrypto_aes_256_cts hc_EVP_hcrypto_aes_256_cts
+#define EVP_des_cbc hc_EVP_des_cbc
#define EVP_des_ede3_cbc hc_EVP_des_ede3_cbc
#define EVP_enc_null hc_EVP_enc_null
#define EVP_md2 hc_EVP_md2
* cipher is used in (use EVP_CIPHER.._mode() to extract the
* mode). The rest of the flag field is a bitfield.
*/
+#define EVP_CIPH_STREAM_CIPHER 0
#define EVP_CIPH_CBC_MODE 2
#define EVP_CIPH_MODE 0x7
const EVP_CIPHER *cipher;
ENGINE *engine;
int encrypt;
- int buf_len;
+ int buf_len; /* bytes stored in buf for EVP_CipherUpdate */
unsigned char oiv[EVP_MAX_IV_LENGTH];
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char buf[EVP_MAX_BLOCK_LENGTH];
unsigned char final[EVP_MAX_BLOCK_LENGTH];
};
+typedef int (*hc_evp_md_init)(EVP_MD_CTX *);
+typedef int (*hc_evp_md_update)(EVP_MD_CTX *,const void *, size_t);
+typedef int (*hc_evp_md_final)(void *, EVP_MD_CTX *);
+typedef int (*hc_evp_md_cleanup)(EVP_MD_CTX *);
+
+struct hc_evp_md {
+ int hash_size;
+ int block_size;
+ int ctx_size;
+ hc_evp_md_init init;
+ hc_evp_md_update update;
+ hc_evp_md_final final;
+ hc_evp_md_cleanup cleanup;
+};
+
#if !defined(__GNUC__) && !defined(__attribute__)
#define __attribute__(x)
#endif
#ifndef HC_DEPRECATED
#define HC_DEPRECATED __attribute__((deprecated))
#endif
+#ifndef HC_DEPRECATED_CRYPTO
+#define HC_DEPRECATED_CRYPTO __attribute__((deprecated))
+#endif
+
#ifdef __cplusplus
extern "C" {
*/
const EVP_MD *EVP_md_null(void);
-const EVP_MD *EVP_md2(void);
-const EVP_MD *EVP_md4(void);
-const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO;
+const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO;
+const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO;
const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_sha256(void);
const EVP_CIPHER * EVP_aes_128_cbc(void);
const EVP_CIPHER * EVP_aes_192_cbc(void);
const EVP_CIPHER * EVP_aes_256_cbc(void);
+const EVP_CIPHER * EVP_hcrypto_aes_128_cbc(void);
+const EVP_CIPHER * EVP_hcrypto_aes_192_cbc(void);
+const EVP_CIPHER * EVP_hcrypto_aes_256_cbc(void);
+const EVP_CIPHER * EVP_hcrypto_aes_128_cts(void);
+const EVP_CIPHER * EVP_hcrypto_aes_192_cts(void);
+const EVP_CIPHER * EVP_hcrypto_aes_256_cts(void);
+const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO;
const EVP_CIPHER * EVP_des_ede3_cbc(void);
const EVP_CIPHER * EVP_enc_null(void);
-const EVP_CIPHER * EVP_rc2_40_cbc(void);
-const EVP_CIPHER * EVP_rc2_64_cbc(void);
-const EVP_CIPHER * EVP_rc2_cbc(void);
+const EVP_CIPHER * EVP_rc2_40_cbc(void) HC_DEPRECATED_CRYPTO;
+const EVP_CIPHER * EVP_rc2_64_cbc(void) HC_DEPRECATED_CRYPTO;
+const EVP_CIPHER * EVP_rc2_cbc(void) HC_DEPRECATED_CRYPTO;
const EVP_CIPHER * EVP_rc4(void);
-const EVP_CIPHER * EVP_rc4_40(void);
+const EVP_CIPHER * EVP_rc4_40(void) HC_DEPRECATED_CRYPTO;
const EVP_CIPHER * EVP_camellia_128_cbc(void);
const EVP_CIPHER * EVP_camellia_192_cbc(void);
const EVP_CIPHER * EVP_camellia_256_cbc(void);
int EVP_CipherInit_ex(EVP_CIPHER_CTX *,const EVP_CIPHER *, ENGINE *,
const void *, const void *, int);
+int EVP_CipherUpdate(EVP_CIPHER_CTX *, void *, int *, void *, size_t);
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, void *, int *);
int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t);
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-/* $Id: hash.h 17450 2006-05-05 11:11:43Z lha $ */
+/* $Id$ */
/* stuff in common between md4, md5, and sha1 */
* SUCH DAMAGE.
*/
-/* $Id: hmac.h 16564 2006-01-13 15:26:52Z lha $ */
+/* $Id$ */
#ifndef HEIM_HMAC_H
#define HEIM_HMAC_H 1
-IMath is Copyright 2002-2007 Michael J. Fromberger
+IMath is Copyright © 2002-2008 Michael J. Fromberger
You may use it subject to the following Licensing Terms:
Permission is hereby granted, free of charge, to any person obtaining
/*
Name: imath.c
Purpose: Arbitrary precision integer arithmetic routines.
- Author: M. J. Fromberger <http://www.dartmouth.edu/~sting/>
- Info: $Id: imath.c 22648 2008-02-25 07:37:57Z lha $
+ Author: M. J. Fromberger <http://spinning-yarns.org/michael/>
+ Info: $Id: imath.c 645 2008-08-03 04:00:30Z sting $
Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved.
const mp_result MP_UNDEF = -4; /* result undefined */
const mp_result MP_TRUNC = -5; /* output truncated */
const mp_result MP_BADARG = -6; /* invalid null argument */
+const mp_result MP_MINERR = -6;
const mp_sign MP_NEG = 1; /* value is strictly negative */
const mp_sign MP_ZPOS = 0; /* value is non-negative */
"argument out of range",
"result undefined",
"output truncated",
- "invalid null argument",
+ "invalid argument",
NULL
};
0.218104292, 0.215338279, 0.212746054, 0.210309918, /* 24 25 26 27 */
0.208014598, 0.205846832, 0.203795047, 0.201849087, /* 28 29 30 31 */
0.200000000, 0.198239863, 0.196561632, 0.194959022, /* 32 33 34 35 */
- 0.193426404, 0.191958720, 0.190551412, 0.189200360, /* 36 37 38 39 */
- 0.187901825, 0.186652411, 0.185449023, 0.184288833, /* 40 41 42 43 */
- 0.183169251, 0.182087900, 0.181042597, 0.180031327, /* 44 45 46 47 */
- 0.179052232, 0.178103594, 0.177183820, 0.176291434, /* 48 49 50 51 */
- 0.175425064, 0.174583430, 0.173765343, 0.172969690, /* 52 53 54 55 */
- 0.172195434, 0.171441601, 0.170707280, 0.169991616, /* 56 57 58 59 */
- 0.169293808, 0.168613099, 0.167948779, 0.167300179, /* 60 61 62 63 */
- 0.166666667
+ 0.193426404, /* 36 */
};
/* }}} */
#define REV(T, A, N) \
do{T *u_=(A),*v_=u_+(N)-1;while(u_<v_){T xch=*u_;*u_++=*v_;*v_--=xch;}}while(0)
-#if TRACEABLE_CLAMP
-#define CLAMP(Z) s_clamp(Z)
-#else
#define CLAMP(Z) \
do{mp_int z_=(Z);mp_size uz_=MP_USED(z_);mp_digit *dz_=MP_DIGITS(z_)+uz_-1;\
while(uz_ > 1 && (*dz_-- == 0)) --uz_;MP_USED(z_)=uz_;}while(0)
-#endif
+/* Select min/max. Do not provide expressions for which multiple
+ evaluation would be problematic, e.g. x++ */
#define MIN(A, B) ((B)<(A)?(B):(A))
#define MAX(A, B) ((B)>(A)?(B):(A))
+
+/* Exchange lvalues A and B of type T, e.g.
+ SWAP(int, x, y) where x and y are variables of type int. */
#define SWAP(T, A, B) do{T t_=(A);A=(B);B=t_;}while(0)
+/* Used to set up and access simple temp stacks within functions. */
#define TEMP(K) (temp + (K))
#define SETUP(E, C) \
do{if((res = (E)) != MP_OK) goto CLEANUP; ++(C);}while(0)
+/* Compare value to zero. */
#define CMPZ(Z) \
(((Z)->used==1&&(Z)->digits[0]==0)?0:((Z)->sign==MP_NEG)?-1:1)
+/* Multiply X by Y into Z, ignoring signs. Requires that Z have
+ enough storage preallocated to hold the result. */
#define UMUL(X, Y, Z) \
do{mp_size ua_=MP_USED(X),ub_=MP_USED(Y);mp_size o_=ua_+ub_;\
ZERO(MP_DIGITS(Z),o_);\
(void) s_kmul(MP_DIGITS(X),MP_DIGITS(Y),MP_DIGITS(Z),ua_,ub_);\
MP_USED(Z)=o_;CLAMP(Z);}while(0)
+/* Square X into Z. Requires that Z have enough storage to hold the
+ result. */
#define USQR(X, Z) \
do{mp_size ua_=MP_USED(X),o_=ua_+ua_;ZERO(MP_DIGITS(Z),o_);\
(void) s_ksqr(MP_DIGITS(X),MP_DIGITS(Z),ua_);MP_USED(Z)=o_;CLAMP(Z);}while(0)
necessary. Returns true if successful, false if out of memory. */
static int s_pad(mp_int z, mp_size min);
-/* Normalize by removing leading zeroes (except when z = 0) */
-#if TRACEABLE_CLAMP
-static void s_clamp(mp_int z);
-#endif
-
/* Fill in a "fake" mp_int on the stack with a given value */
-static void s_fake(mp_int z, int value, mp_digit vbuf[]);
+static void s_fake(mp_int z, mp_small value, mp_digit vbuf[]);
/* Compare two runs of digits of given length, returns <0, 0, >0 */
static int s_cdig(mp_digit *da, mp_digit *db, mp_size len);
/* Pack the unsigned digits of v into array t */
-static int s_vpack(int v, mp_digit t[]);
+static int s_vpack(mp_small v, mp_digit t[]);
/* Compare magnitudes of a and b, returns <0, 0, >0 */
static int s_ucmp(mp_int a, mp_int b);
/* Compare magnitudes of a and v, returns <0, 0, >0 */
-static int s_vcmp(mp_int a, int v);
+static int s_vcmp(mp_int a, mp_small v);
/* Unsigned magnitude addition; assumes dc is big enough.
Carry out is returned (no memory allocated). */
static int s_isp2(mp_int z);
/* Set z to 2^k. May allocate; returns false in case this fails. */
-static int s_2expt(mp_int z, int k);
+static int s_2expt(mp_int z, mp_small k);
/* Normalize a and b for division, returns normalization constant */
static int s_norm(mp_int a, mp_int b);
/* {{{ mp_int_init_value(z, value) */
-mp_result mp_int_init_value(mp_int z, int value)
+mp_result mp_int_init_value(mp_int z, mp_small value)
{
mpz_t vtmp;
mp_digit vbuf[MP_VALUE_DIGITS(value)];
/* {{{ mp_int_set_value(z, value) */
-mp_result mp_int_set_value(mp_int z, int value)
+mp_result mp_int_set_value(mp_int z, mp_small value)
{
mpz_t vtmp;
mp_digit vbuf[MP_VALUE_DIGITS(value)];
mp_int x, y;
int cmp = s_ucmp(a, b); /* magnitude comparision, sign ignored */
- /* Set x to max(a, b), y to min(a, b) to simplify later code */
- if(cmp >= 0) {
- x = a; y = b;
- }
+ /* Set x to max(a, b), y to min(a, b) to simplify later code.
+ A special case yields zero for equal magnitudes.
+ */
+ if(cmp == 0) {
+ mp_int_zero(c);
+ return MP_OK;
+ }
+ else if(cmp < 0) {
+ x = b; y = a;
+ }
else {
- x = b; y = a;
+ x = a; y = b;
}
if(!s_pad(c, MP_USED(x)))
/* {{{ mp_int_add_value(a, value, c) */
-mp_result mp_int_add_value(mp_int a, int value, mp_int c)
+mp_result mp_int_add_value(mp_int a, mp_small value, mp_int c)
{
mpz_t vtmp;
mp_digit vbuf[MP_VALUE_DIGITS(value)];
/* {{{ mp_int_sub_value(a, value, c) */
-mp_result mp_int_sub_value(mp_int a, int value, mp_int c)
+mp_result mp_int_sub_value(mp_int a, mp_small value, mp_int c)
{
mpz_t vtmp;
mp_digit vbuf[MP_VALUE_DIGITS(value)];
/* {{{ mp_int_mul_value(a, value, c) */
-mp_result mp_int_mul_value(mp_int a, int value, mp_int c)
+mp_result mp_int_mul_value(mp_int a, mp_small value, mp_int c)
{
mpz_t vtmp;
mp_digit vbuf[MP_VALUE_DIGITS(value)];
/* {{{ mp_int_mul_pow2(a, p2, c) */
-mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c)
+mp_result mp_int_mul_pow2(mp_int a, mp_small p2, mp_int c)
{
mp_result res;
CHECK(a != NULL && c != NULL && p2 >= 0);
or to overlap with the inputs.
*/
if((lg = s_isp2(b)) < 0) {
- if(q && b != q && (res = mp_int_copy(a, q)) == MP_OK) {
- qout = q;
+ if(q && b != q) {
+ if((res = mp_int_copy(a, q)) != MP_OK)
+ goto CLEANUP;
+ else
+ qout = q;
}
else {
qout = TEMP(last);
SETUP(mp_int_init_copy(TEMP(last), a), last);
}
- if(r && a != r && (res = mp_int_copy(b, r)) == MP_OK) {
- rout = r;
+ if(r && a != r) {
+ if((res = mp_int_copy(b, r)) != MP_OK)
+ goto CLEANUP;
+ else
+ rout = r;
}
else {
rout = TEMP(last);
/* {{{ mp_int_div_value(a, value, q, r) */
-mp_result mp_int_div_value(mp_int a, int value, mp_int q, int *r)
+mp_result mp_int_div_value(mp_int a, mp_small value, mp_int q, mp_small *r)
{
mpz_t vtmp, rtmp;
mp_digit vbuf[MP_VALUE_DIGITS(value)];
/* {{{ mp_int_div_pow2(a, p2, q, r) */
-mp_result mp_int_div_pow2(mp_int a, int p2, mp_int q, mp_int r)
+mp_result mp_int_div_pow2(mp_int a, mp_small p2, mp_int q, mp_int r)
{
mp_result res = MP_OK;
/* {{{ mp_int_expt(a, b, c) */
-mp_result mp_int_expt(mp_int a, int b, mp_int c)
+mp_result mp_int_expt(mp_int a, mp_small b, mp_int c)
{
mpz_t t;
mp_result res;
/* {{{ mp_int_expt_value(a, b, c) */
-mp_result mp_int_expt_value(int a, int b, mp_int c)
+mp_result mp_int_expt_value(mp_small a, mp_small b, mp_int c)
{
mpz_t t;
mp_result res;
/* {{{ mp_int_compare_value(z, value) */
-int mp_int_compare_value(mp_int z, int value)
+int mp_int_compare_value(mp_int z, mp_small value)
{
mp_sign vsign = (value < 0) ? MP_NEG : MP_ZPOS;
int cmp;
/* {{{ mp_int_exptmod_evalue(a, value, m, c) */
-mp_result mp_int_exptmod_evalue(mp_int a, int value, mp_int m, mp_int c)
+mp_result mp_int_exptmod_evalue(mp_int a, mp_small value, mp_int m, mp_int c)
{
mpz_t vtmp;
mp_digit vbuf[MP_VALUE_DIGITS(value)];
/* {{{ mp_int_exptmod_bvalue(v, b, m, c) */
-mp_result mp_int_exptmod_bvalue(int value, mp_int b,
+mp_result mp_int_exptmod_bvalue(mp_small value, mp_int b,
mp_int m, mp_int c)
{
mpz_t vtmp;
/* }}} */
+/* {{{ mp_int_lcm(a, b, c) */
+
+mp_result mp_int_lcm(mp_int a, mp_int b, mp_int c)
+{
+ mpz_t lcm;
+ mp_result res;
+
+ CHECK(a != NULL && b != NULL && c != NULL);
+
+ /* Since a * b = gcd(a, b) * lcm(a, b), we can compute
+ lcm(a, b) = (a / gcd(a, b)) * b.
+
+ This formulation insures everything works even if the input
+ variables share space.
+ */
+ if((res = mp_int_init(&lcm)) != MP_OK)
+ return res;
+ if((res = mp_int_gcd(a, b, &lcm)) != MP_OK)
+ goto CLEANUP;
+ if((res = mp_int_div(a, &lcm, &lcm, NULL)) != MP_OK)
+ goto CLEANUP;
+ if((res = mp_int_mul(&lcm, b, &lcm)) != MP_OK)
+ goto CLEANUP;
+
+ res = mp_int_copy(&lcm, c);
+
+ CLEANUP:
+ mp_int_clear(&lcm);
+
+ return res;
+}
+
+/* }}} */
+
/* {{{ mp_int_divisible_value(a, v) */
-int mp_int_divisible_value(mp_int a, int v)
+int mp_int_divisible_value(mp_int a, mp_small v)
{
- int rem = 0;
+ mp_small rem = 0;
if(mp_int_div_value(a, v, NULL, &rem) != MP_OK)
return 0;
/* }}} */
-/* {{{ mp_int_sqrt(a, c) */
+/* {{{ mp_int_root(a, b, c) */
-mp_result mp_int_sqrt(mp_int a, mp_int c)
+/* Implementation of Newton's root finding method, based loosely on a
+ patch contributed by Hal Finkel <half@halssoftware.com>
+ modified by M. J. Fromberger.
+ */
+mp_result mp_int_root(mp_int a, mp_small b, mp_int c)
{
mp_result res = MP_OK;
- mpz_t temp[2];
+ mpz_t temp[5];
int last = 0;
+ int flips = 0;
- CHECK(a != NULL && c != NULL);
+ CHECK(a != NULL && c != NULL && b > 0);
- /* The square root of a negative value does not exist in the integers. */
- if(MP_SIGN(a) == MP_NEG)
- return MP_UNDEF;
+ if(b == 1) {
+ return mp_int_copy(a, c);
+ }
+ if(MP_SIGN(a) == MP_NEG) {
+ if(b % 2 == 0)
+ return MP_UNDEF; /* root does not exist for negative a with even b */
+ else
+ flips = 1;
+ }
SETUP(mp_int_init_copy(TEMP(last), a), last);
+ SETUP(mp_int_init_copy(TEMP(last), a), last);
+ SETUP(mp_int_init(TEMP(last)), last);
+ SETUP(mp_int_init(TEMP(last)), last);
SETUP(mp_int_init(TEMP(last)), last);
+ (void) mp_int_abs(TEMP(0), TEMP(0));
+ (void) mp_int_abs(TEMP(1), TEMP(1));
+
for(;;) {
- if((res = mp_int_sqr(TEMP(0), TEMP(1))) != MP_OK)
+ if((res = mp_int_expt(TEMP(1), b, TEMP(2))) != MP_OK)
goto CLEANUP;
- if(mp_int_compare_unsigned(a, TEMP(1)) == 0) break;
+ if(mp_int_compare_unsigned(TEMP(2), TEMP(0)) <= 0)
+ break;
- if((res = mp_int_copy(a, TEMP(1))) != MP_OK)
+ if((res = mp_int_sub(TEMP(2), TEMP(0), TEMP(2))) != MP_OK)
goto CLEANUP;
- if((res = mp_int_div(TEMP(1), TEMP(0), TEMP(1), NULL)) != MP_OK)
+ if((res = mp_int_expt(TEMP(1), b - 1, TEMP(3))) != MP_OK)
goto CLEANUP;
- if((res = mp_int_add(TEMP(0), TEMP(1), TEMP(1))) != MP_OK)
+ if((res = mp_int_mul_value(TEMP(3), b, TEMP(3))) != MP_OK)
goto CLEANUP;
- if((res = mp_int_div_pow2(TEMP(1), 1, TEMP(1), NULL)) != MP_OK)
+ if((res = mp_int_div(TEMP(2), TEMP(3), TEMP(4), NULL)) != MP_OK)
+ goto CLEANUP;
+ if((res = mp_int_sub(TEMP(1), TEMP(4), TEMP(4))) != MP_OK)
goto CLEANUP;
- if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break;
- if((res = mp_int_sub_value(TEMP(0), 1, TEMP(0))) != MP_OK) goto CLEANUP;
- if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break;
-
- if((res = mp_int_copy(TEMP(1), TEMP(0))) != MP_OK) goto CLEANUP;
+ if(mp_int_compare_unsigned(TEMP(1), TEMP(4)) == 0) {
+ if((res = mp_int_sub_value(TEMP(4), 1, TEMP(4))) != MP_OK)
+ goto CLEANUP;
+ }
+ if((res = mp_int_copy(TEMP(4), TEMP(1))) != MP_OK)
+ goto CLEANUP;
}
- res = mp_int_copy(TEMP(0), c);
+ if((res = mp_int_copy(TEMP(1), c)) != MP_OK)
+ goto CLEANUP;
+
+ /* If the original value of a was negative, flip the output sign. */
+ if(flips)
+ (void) mp_int_neg(c, c); /* cannot fail */
CLEANUP:
while(--last >= 0)
mp_int_clear(TEMP(last));
-
- return res;
+
+ return res;
}
/* }}} */
/* {{{ mp_int_to_int(z, out) */
-mp_result mp_int_to_int(mp_int z, int *out)
+mp_result mp_int_to_int(mp_int z, mp_small *out)
{
- unsigned int uv = 0;
+ mp_usmall uv = 0;
mp_size uz;
mp_digit *dz;
mp_sign sz;
/* Make sure the value is representable as an int */
sz = MP_SIGN(z);
- if((sz == MP_ZPOS && mp_int_compare_value(z, INT_MAX) > 0) ||
- mp_int_compare_value(z, INT_MIN) < 0)
+ if((sz == MP_ZPOS && mp_int_compare_value(z, MP_SMALL_MAX) > 0) ||
+ mp_int_compare_value(z, MP_SMALL_MIN) < 0)
return MP_RANGE;
uz = MP_USED(z);
}
if(out)
- *out = (sz == MP_NEG) ? -(int)uv : (int)uv;
+ *out = (sz == MP_NEG) ? -(mp_small)uv : (mp_small)uv;
return MP_OK;
}
/* }}} */
+/* {{{ mp_int_to_uint(z, *out) */
+
+mp_result mp_int_to_uint(mp_int z, mp_usmall *out)
+{
+ mp_usmall uv = 0;
+ mp_size uz;
+ mp_digit *dz;
+ mp_sign sz;
+
+ CHECK(z != NULL);
+
+ /* Make sure the value is representable as an int */
+ sz = MP_SIGN(z);
+ if(!(sz == MP_ZPOS && mp_int_compare_value(z, UINT_MAX) <= 0))
+ return MP_RANGE;
+
+ uz = MP_USED(z);
+ dz = MP_DIGITS(z) + uz - 1;
+
+ while(uz > 0) {
+ uv <<= MP_DIGIT_BIT/2;
+ uv = (uv << (MP_DIGIT_BIT/2)) | *dz--;
+ --uz;
+ }
+
+ if(out)
+ *out = uv;
+
+ return MP_OK;
+}
+
+/* }}} */
+
/* {{{ mp_int_to_string(z, radix, str, limit) */
mp_result mp_int_to_string(mp_int z, mp_size radix,
return MP_RANGE;
/* Skip leading whitespace */
- while(isspace((unsigned char)*str))
+ while(isspace((int)*str))
++str;
/* Handle leading sign tag (+/-, positive default) */
/* }}} */
-/* {{{ s_clamp(z) */
-
-#if TRACEABLE_CLAMP
-static void s_clamp(mp_int z)
-{
- mp_size uz = MP_USED(z);
- mp_digit *zd = MP_DIGITS(z) + uz - 1;
-
- while(uz > 1 && (*zd-- == 0))
- --uz;
-
- MP_USED(z) = uz;
-}
-#endif
-
-/* }}} */
-
/* {{{ s_fake(z, value, vbuf) */
-static void s_fake(mp_int z, int value, mp_digit vbuf[])
+static void s_fake(mp_int z, mp_small value, mp_digit vbuf[])
{
mp_size uv = (mp_size) s_vpack(value, vbuf);
/* {{{ s_vpack(v, t[]) */
-static int s_vpack(int v, mp_digit t[])
+static int s_vpack(mp_small v, mp_digit t[])
{
- unsigned int uv = (unsigned int)((v < 0) ? -v : v);
+ mp_usmall uv = (mp_usmall) ((v < 0) ? -v : v);
int ndig = 0;
if(uv == 0)
/* {{{ s_vcmp(a, v) */
-static int s_vcmp(mp_int a, int v)
+static int s_vcmp(mp_int a, mp_small v)
{
mp_digit vdig[MP_VALUE_DIGITS(v)];
int ndig = 0;
/* {{{ s_2expt(z, k) */
-static int s_2expt(mp_int z, int k)
+static int s_2expt(mp_int z, mp_small k)
{
mp_size ndig, rest;
mp_digit *dz;
/* {{{ s_outlen(z, r) */
-/* Precondition: 2 <= r < 64 */
static int s_outlen(mp_int z, mp_size r)
{
mp_result bits;
double raw;
+ assert(r >= MP_MIN_RADIX && r <= MP_MAX_RADIX);
+
bits = mp_int_count_bits(z);
raw = (double)bits * s_log2[r];
if(isdigit((unsigned char) c))
out = c - '0';
else if(r > 10 && isalpha((unsigned char) c))
- out = toupper((unsigned char)c) - 'A' + 10;
+ out = toupper(c) - 'A' + 10;
else
return -1;
/*
Name: imath.h
Purpose: Arbitrary precision integer arithmetic routines.
- Author: M. J. Fromberger <http://www.dartmouth.edu/~sting/>
- Info: $Id: imath.h 20764 2007-06-01 03:55:14Z lha $
+ Author: M. J. Fromberger <http://spinning-yarns.org/michael/>
+ Info: $Id: imath.h 635 2008-01-08 18:19:40Z sting $
Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved.
typedef unsigned char mp_sign;
typedef unsigned int mp_size;
typedef int mp_result;
+typedef long mp_small; /* must be a signed type */
+typedef unsigned long mp_usmall; /* must be an unsigned type */
#ifdef USE_LONG_LONG
typedef unsigned int mp_digit;
typedef unsigned long long mp_word;
extern const mp_result MP_UNDEF;
extern const mp_result MP_TRUNC;
extern const mp_result MP_BADARG;
+extern const mp_result MP_MINERR;
#define MP_DIGIT_BIT (sizeof(mp_digit) * CHAR_BIT)
#define MP_WORD_BIT (sizeof(mp_word) * CHAR_BIT)
+#define MP_SMALL_MIN LONG_MIN
+#define MP_SMALL_MAX LONG_MAX
+#define MP_USMALL_MIN ULONG_MIN
+#define MP_USMALL_MAX ULONG_MAX
#ifdef USE_LONG_LONG
# ifndef ULONG_LONG_MAX
mp_int mp_int_alloc(void);
mp_result mp_int_init_size(mp_int z, mp_size prec);
mp_result mp_int_init_copy(mp_int z, mp_int old);
-mp_result mp_int_init_value(mp_int z, int value);
-mp_result mp_int_set_value(mp_int z, int value);
+mp_result mp_int_init_value(mp_int z, mp_small value);
+mp_result mp_int_set_value(mp_int z, mp_small value);
void mp_int_clear(mp_int z);
void mp_int_free(mp_int z);
mp_result mp_int_abs(mp_int a, mp_int c); /* c = |a| */
mp_result mp_int_neg(mp_int a, mp_int c); /* c = -a */
mp_result mp_int_add(mp_int a, mp_int b, mp_int c); /* c = a + b */
-mp_result mp_int_add_value(mp_int a, int value, mp_int c);
+mp_result mp_int_add_value(mp_int a, mp_small value, mp_int c);
mp_result mp_int_sub(mp_int a, mp_int b, mp_int c); /* c = a - b */
-mp_result mp_int_sub_value(mp_int a, int value, mp_int c);
+mp_result mp_int_sub_value(mp_int a, mp_small value, mp_int c);
mp_result mp_int_mul(mp_int a, mp_int b, mp_int c); /* c = a * b */
-mp_result mp_int_mul_value(mp_int a, int value, mp_int c);
-mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c);
+mp_result mp_int_mul_value(mp_int a, mp_small value, mp_int c);
+mp_result mp_int_mul_pow2(mp_int a, mp_small p2, mp_int c);
mp_result mp_int_sqr(mp_int a, mp_int c); /* c = a * a */
mp_result mp_int_div(mp_int a, mp_int b, /* q = a / b */
mp_int q, mp_int r); /* r = a % b */
-mp_result mp_int_div_value(mp_int a, int value, /* q = a / value */
- mp_int q, int *r); /* r = a % value */
-mp_result mp_int_div_pow2(mp_int a, int p2, /* q = a / 2^p2 */
+mp_result mp_int_div_value(mp_int a, mp_small value, /* q = a / value */
+ mp_int q, mp_small *r); /* r = a % value */
+mp_result mp_int_div_pow2(mp_int a, mp_small p2, /* q = a / 2^p2 */
mp_int q, mp_int r); /* r = q % 2^p2 */
mp_result mp_int_mod(mp_int a, mp_int m, mp_int c); /* c = a % m */
#define mp_int_mod_value(A, V, R) mp_int_div_value((A), (V), 0, (R))
-mp_result mp_int_expt(mp_int a, int b, mp_int c); /* c = a^b */
-mp_result mp_int_expt_value(int a, int b, mp_int c); /* c = a^b */
+mp_result mp_int_expt(mp_int a, mp_small b, mp_int c); /* c = a^b */
+mp_result mp_int_expt_value(mp_small a, mp_small b, mp_int c); /* c = a^b */
int mp_int_compare(mp_int a, mp_int b); /* a <=> b */
int mp_int_compare_unsigned(mp_int a, mp_int b); /* |a| <=> |b| */
-int mp_int_compare_zero(mp_int z); /* a <=> 0 */
-int mp_int_compare_value(mp_int z, int value); /* a <=> v */
+int mp_int_compare_zero(mp_int z); /* a <=> 0 */
+int mp_int_compare_value(mp_int z, mp_small value); /* a <=> v */
/* Returns true if v|a, false otherwise (including errors) */
-int mp_int_divisible_value(mp_int a, int v);
+int mp_int_divisible_value(mp_int a, mp_small v);
/* Returns k >= 0 such that z = 2^k, if one exists; otherwise < 0 */
int mp_int_is_pow2(mp_int z);
mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m,
mp_int c); /* c = a^b (mod m) */
-mp_result mp_int_exptmod_evalue(mp_int a, int value,
+mp_result mp_int_exptmod_evalue(mp_int a, mp_small value,
mp_int m, mp_int c); /* c = a^v (mod m) */
-mp_result mp_int_exptmod_bvalue(int value, mp_int b,
+mp_result mp_int_exptmod_bvalue(mp_small value, mp_int b,
mp_int m, mp_int c); /* c = v^b (mod m) */
mp_result mp_int_exptmod_known(mp_int a, mp_int b,
mp_int m, mp_int mu,
mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* c = gcd(a, b) */
mp_int x, mp_int y); /* c = ax + by */
-mp_result mp_int_sqrt(mp_int a, mp_int c); /* c = floor(sqrt(q)) */
+mp_result mp_int_lcm(mp_int a, mp_int b, mp_int c); /* c = lcm(a, b) */
-/* Convert to an int, if representable (returns MP_RANGE if not). */
-mp_result mp_int_to_int(mp_int z, int *out);
+mp_result mp_int_root(mp_int a, mp_small b, mp_int c); /* c = floor(a^{1/b}) */
+#define mp_int_sqrt(a, c) mp_int_root(a, 2, c) /* c = floor(sqrt(a)) */
+
+/* Convert to a small int, if representable; else MP_RANGE */
+mp_result mp_int_to_int(mp_int z, mp_small *out);
+mp_result mp_int_to_uint(mp_int z, mp_usmall *out);
/* Convert to nul-terminated string with the specified radix, writing at
most limit characters including the nul terminator */
/*
Name: iprime.c
Purpose: Pseudoprimality testing routines
- Author: M. J. Fromberger <http://www.dartmouth.edu/~sting/>
- Info: $Id: iprime.c 19737 2007-01-05 21:01:48Z lha $
+ Author: M. J. Fromberger <http://spinning-yarns.org/michael/>
+ Info: $Id: iprime.c 635 2008-01-08 18:19:40Z sting $
- Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved.
+ Copyright (C) 2002-2008 Michael J. Fromberger, All Rights Reserved.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
773, 787, 797, 809, 811, 821, 823, 827, 829, 839,
853, 857, 859, 863, 877, 881, 883, 887, 907, 911,
919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
- 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,
+ 991, 997
+#ifdef IMATH_LARGE_PRIME_TABLE
+ , 1009, 1013, 1019, 1021, 1031, 1033,
1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,
1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,
1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,
4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,
4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,
4957, 4967, 4969, 4973, 4987, 4993, 4999
+#endif
};
static const int s_ptab_size = sizeof(s_ptab)/sizeof(s_ptab[0]);
-
/* {{{ mp_int_is_prime(z) */
/* Test whether z is likely to be prime:
*/
mp_result mp_int_is_prime(mp_int z)
{
- int i, rem;
+ int i;
+ mp_small rem;
mp_result res;
/* First check for divisibility by small primes; this eliminates a
/*
Name: iprime.h
Purpose: Pseudoprimality testing routines
- Author: M. J. Fromberger <http://www.dartmouth.edu/~sting/>
- Info: $Id: iprime.h 18759 2006-10-21 16:32:36Z lha $
+ Author: M. J. Fromberger <http://spinning-yarns.org/michael/>
+ Info: $Id: iprime.h 635 2008-01-08 18:19:40Z sting $
- Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved.
+ Copyright (C) 2002-2008 Michael J. Fromberger, All Rights Reserved.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
#ifdef HAVE_CONFIG_H
#include "config.h"
-RCSID("$Id: md2.c 16480 2006-01-08 21:47:29Z lha $");
+RCSID("$Id$");
#endif
#include "hash.h"
* SUCH DAMAGE.
*/
-/* $Id: md2.h 16480 2006-01-08 21:47:29Z lha $ */
+/* $Id$ */
#ifndef HEIM_MD2_H
#define HEIM_MD2_H 1
#ifdef HAVE_CONFIG_H
#include "config.h"
-RCSID("$Id: md4.c 17445 2006-05-05 10:37:46Z lha $");
+RCSID("$Id$");
#endif
#include "hash.h"
* SUCH DAMAGE.
*/
-/* $Id: md4.h 17450 2006-05-05 11:11:43Z lha $ */
+/* $Id$ */
#ifndef HEIM_MD4_H
#define HEIM_MD4_H 1
#ifdef HAVE_CONFIG_H
#include "config.h"
-RCSID("$Id: md5.c 17445 2006-05-05 10:37:46Z lha $");
+RCSID("$Id$");
#endif
#include "hash.h"
* SUCH DAMAGE.
*/
-/* $Id: md5.h 17450 2006-05-05 11:11:43Z lha $ */
+/* $Id$ */
#ifndef HEIM_MD5_H
#define HEIM_MD5_H 1
#include <config.h>
#endif
-RCSID("$Id: pkcs12.c 23137 2008-04-29 05:46:48Z lha $");
+RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
*/
/*
- * $Id: pkcs12.h 16564 2006-01-13 15:26:52Z lha $
+ * $Id$
*/
#ifndef _HEIM_PKCS12_H
#include <config.h>
#endif
-RCSID("$Id: pkcs5.c 23059 2008-04-18 13:04:08Z lha $");
+RCSID("$Id$");
#ifdef KRB5
#include <krb5-types.h>
#include <config.h>
#endif
-RCSID("$Id: rand-egd.c 23461 2008-07-27 12:14:20Z lha $");
+RCSID("$Id$");
#include <sys/types.h>
#ifdef HAVE_SYS_UN_H
#include <config.h>
#endif
-RCSID("$Id: rand-fortuna.c 23463 2008-07-27 12:15:06Z lha $");
+RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <config.h>
#endif
-RCSID("$Id: rand-unix.c 23462 2008-07-27 12:14:42Z lha $");
+RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <config.h>
#endif
-RCSID("$Id: rand.c 23464 2008-07-27 12:15:21Z lha $");
+RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
*/
/*
- * $Id: rand.h 20063 2007-01-30 18:30:36Z lha $
+ * $Id$
*/
#ifndef _HEIM_RAND_H
*/
/*
- * $Id: randi.h 21101 2007-06-18 03:53:46Z lha $
+ * $Id$
*/
#ifndef _HEIM_RANDI_H
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: rc2.c 17022 2006-04-09 17:03:21Z lha $");
+RCSID("$Id$");
#endif
#include "rc2.h"
* SUCH DAMAGE.
*/
-/* $Id: rc2.h 16480 2006-01-08 21:47:29Z lha $ */
+/* $Id$ */
/* symbol renaming */
#define RC2_set_key hc_RC2_set_key
#ifdef HAVE_CONFIG_H
#include "config.h"
-RCSID("$Id: rc4.c 13640 2004-03-25 16:40:59Z lha $");
+RCSID("$Id$");
#endif
#include <rc4.h>
* SUCH DAMAGE.
*/
-/* $Id: rc4.h 16480 2006-01-08 21:47:29Z lha $ */
+/* $Id$ */
/* symbol renaming */
#define RC4_set_key hc_RC4_set_key
#ifdef HAVE_CONFIG_H
#include "config.h"
-RCSID("$Id: rijndael-alg-fst.c 17445 2006-05-05 10:37:46Z lha $");
+RCSID("$Id$");
#endif
#ifdef KRB5
#ifdef HAVE_CONFIG_H
#include "config.h"
-RCSID("$Id: rnd_keys.c 23093 2008-04-27 18:49:51Z lha $");
+RCSID("$Id$");
#endif
#define HC_DEPRECATED
#include <config.h>
#endif
-RCSID("$Id: rsa-imath.c 21154 2007-06-18 21:58:12Z lha $");
+RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <config.h>
#endif
-RCSID("$Id: rsa.c 22422 2008-01-13 09:43:59Z lha $");
+RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
*/
/*
- * $Id: rsa.h 22269 2007-12-11 10:59:22Z lha $
+ * $Id$
*/
#ifndef _HEIM_RSA_H
#ifdef HAVE_CONFIG_H
#include "config.h"
-RCSID("$Id: sha.c 17445 2006-05-05 10:37:46Z lha $");
+RCSID("$Id$");
#endif
#include "hash.h"
* SUCH DAMAGE.
*/
-/* $Id: sha.h 17450 2006-05-05 11:11:43Z lha $ */
+/* $Id$ */
#ifndef HEIM_SHA_H
#define HEIM_SHA_H 1
#ifdef HAVE_CONFIG_H
#include "config.h"
-RCSID("$Id: sha256.c 17445 2006-05-05 10:37:46Z lha $");
+RCSID("$Id$");
#endif
#include "hash.h"
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: ui.c 23466 2008-07-27 12:16:15Z lha $");
+RCSID("$Id$");
#endif
#include <stdio.h>
* SUCH DAMAGE.
*/
-/* $Id: ui.h 16480 2006-01-08 21:47:29Z lha $ */
+/* $Id$ */
#ifndef _HEIM_UI_H
#define _HEIM_UI_H 1
#include "hdb_locl.h"
-RCSID("$Id: db.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
#if HAVE_DB1
#include "hdb_locl.h"
-RCSID("$Id: dbinfo.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
struct hdb_dbinfo {
char *label;
#include "hdb_locl.h"
#include <der.h>
-RCSID("$Id: ext.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
krb5_error_code
hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
--- $Id: hdb.asn1 20236 2007-02-16 23:52:29Z lha $
+-- $Id$
HDB DEFINITIONS ::=
BEGIN
#include "hdb_locl.h"
-RCSID("$Id: hdb.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
{"ldap:", hdb_ldap_create},
{"ldapi:", hdb_ldapi_create},
#endif
-#ifdef _SAMBA_BUILD_
- {"ldb:", hdb_ldb_create},
-#endif
#ifdef HAVE_LDB /* Used for integrated samba build */
{"ldb:", hdb_ldb_create},
#endif
* SUCH DAMAGE.
*/
-/* $Id: hdb.h 22198 2007-12-07 13:09:25Z lha $ */
+/* $Id$ */
#ifndef __HDB_H__
#define __HDB_H__
#
# This might look like a com_err file, but is not
#
-id "$Id: hdb_err.et 15878 2005-08-11 13:17:22Z lha $"
+id "$Id$"
error_table hdb
* SUCH DAMAGE.
*/
-/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */
+/* $Id$ */
#ifndef __HDB_LOCL_H__
#define __HDB_LOCL_H__
#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
#define HDB_DB_FORMAT_ENTRY "hdb/db-format"
-krb5_error_code
-hdb_ldb_create (
- krb5_context /*context*/,
- HDB ** /*db*/,
- const char */*arg*/);
-
-
#endif /* __HDB_LOCL_H__ */
#include "hdb_locl.h"
-RCSID("$Id: keys.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
/*
* free all the memory used by (len, keys)
* afs or afs3 == des:afs3-salt
*/
-/* the 3 DES types must be first */
-static const krb5_enctype all_etypes[] = {
+static const krb5_enctype des_etypes[] = {
ETYPE_DES_CBC_MD5,
ETYPE_DES_CBC_MD4,
- ETYPE_DES_CBC_CRC,
+ ETYPE_DES_CBC_CRC
+};
+
+static const krb5_enctype all_etypes[] = {
ETYPE_AES256_CTS_HMAC_SHA1_96,
ETYPE_ARCFOUR_HMAC_MD5,
ETYPE_DES3_CBC_SHA1
/* XXX there should be a string_to_etypes handling
special cases like `des' and `all' */
if(strcmp(buf[i], "des") == 0) {
- enctypes = all_etypes;
- num_enctypes = 3;
+ enctypes = des_etypes;
+ num_enctypes = sizeof(des_etypes)/sizeof(des_etypes[0]);
} else if(strcmp(buf[i], "des3") == 0) {
e = ETYPE_DES3_CBC_SHA1;
enctypes = &e;
salt->salttype = KRB5_PW_SALT;
} else if(strcmp(buf[i], "afs3-salt") == 0) {
if(enctypes == NULL) {
- enctypes = all_etypes;
- num_enctypes = 3;
+ enctypes = des_etypes;
+ num_enctypes = sizeof(des_etypes)/sizeof(des_etypes[0]);
}
salt->salttype = KRB5_AFS3_SALT;
}
/* keytab backend for HDB databases */
-RCSID("$Id: keytab.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
struct hdb_data {
char *dbname;
#define O_BINARY 0
#endif
-RCSID("$Id: mkey.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
struct hdb_master_key_data {
krb5_keytab_entry keytab;
#include "hdb_locl.h"
-RCSID("$Id: ndbm.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
#if HAVE_NDBM
#include "hx_locl.h"
#include <pkinit_asn1.h>
-RCSID("$Id: ca.c 22995 2008-04-15 19:31:29Z lha $");
+RCSID("$Id$");
/**
* @page page_ca Hx509 CA functions
*/
#include "hx_locl.h"
-RCSID("$Id: cert.c 23457 2008-07-27 12:12:56Z lha $");
+RCSID("$Id$");
#include "crypto-headers.h"
#include <rtbl.h>
*/
#include "hx_locl.h"
-RCSID("$Id: cms.c 23268 2008-06-23 03:23:47Z lha $");
+RCSID("$Id$");
/**
* @page page_cms CMS/PKCS7 message functions.
*/
#include "hx_locl.h"
-RCSID("$Id: collector.c 20778 2007-06-01 22:04:13Z lha $");
+RCSID("$Id$");
struct private_key {
AlgorithmIdentifier alg;
--- $Id: crmf.asn1 17102 2006-04-18 13:05:21Z lha $
+-- $Id$
PKCS10 DEFINITIONS ::=
BEGIN
*/
#include "hx_locl.h"
-RCSID("$Id: crypto.c 22855 2008-04-07 18:49:24Z lha $");
+RCSID("$Id$");
struct hx509_crypto;
*/
#include "hx_locl.h"
-RCSID("$Id: env.c 22677 2008-03-13 17:35:49Z lha $");
+RCSID("$Id$");
/**
* @page page_env Hx509 enviroment functions
*/
#include "hx_locl.h"
-RCSID("$Id: error.c 22332 2007-12-17 01:03:22Z lha $");
+RCSID("$Id$");
/**
* @page page_error Hx509 error reporting functions
* SUCH DAMAGE.
*/
-/* $Id: hx509.h 22908 2008-04-08 08:16:32Z lha $ */
+/* $Id$ */
#ifndef HEIMDAL_HX509_H
#define HEIMDAL_HX509_H 1
#
# This might look like a com_err file, but is not
#
-id "$Id: hx509_err.et 22329 2007-12-15 05:13:14Z lha $"
+id "$Id$"
error_table hx
prefix HX509
* SUCH DAMAGE.
*/
-/* $Id: hx_locl.h 23189 2008-05-23 15:04:27Z lha $ */
+/* $Id$ */
#ifdef HAVE_CONFIG_H
#include <config.h>
#include <der.h>
+#define HC_DEPRECATED_CRYPTO
#include "crypto-headers.h"
struct hx509_keyset_ops;
*/
#include "hx_locl.h"
-RCSID("$Id: keyset.c 22851 2008-04-07 18:49:07Z lha $");
+RCSID("$Id$");
/**
* @page page_keyset Certificate store operations
*/
#include "hx_locl.h"
-RCSID("$Id: ks_dir.c 23460 2008-07-27 12:14:03Z lha $");
+RCSID("$Id$");
#include <dirent.h>
/*
*/
#include "hx_locl.h"
-RCSID("$Id: ks_file.c 23459 2008-07-27 12:13:31Z lha $");
+RCSID("$Id$");
typedef enum { USE_PEM, USE_DER } outformat;
*/
#include "hx_locl.h"
-RCSID("$Id: ks_keychain.c 22084 2007-11-16 20:12:30Z lha $");
+RCSID("$Id$");
#ifdef HAVE_FRAMEWORK_SECURITY
return ENOMEM;
}
mem->keys = ptr;
- mem->keys[i++] = _hx509_private_key_ref(key);
- mem->keys[i++] = NULL;
+ mem->keys[i] = _hx509_private_key_ref(key);
+ mem->keys[i + 1] = NULL;
return 0;
}
*/
#include "hx_locl.h"
-RCSID("$Id: ks_null.c 20901 2007-06-04 23:14:08Z lha $");
+RCSID("$Id$");
static int
*/
#include "hx_locl.h"
-RCSID("$Id: ks_p11.c 22899 2008-04-07 18:52:36Z lha $");
+RCSID("$Id$");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
#endif
{
CK_OBJECT_HANDLE object;
CK_ULONG object_count;
- int ret, i;
+ int ret, ret2, i;
ret = P11FUNC(p, FindObjectsInit, (session, search_data, num_search_data));
if (ret != CKR_OK) {
query[i].pValue = NULL;
}
- ret = P11FUNC(p, FindObjectsFinal, (session));
- if (ret != CKR_OK) {
- return -2;
+ ret2 = P11FUNC(p, FindObjectsFinal, (session));
+ if (ret2 != CKR_OK) {
+ return ret2;
}
-
- return 0;
+ return ret;
}
static BIGNUM *
*/
#include "hx_locl.h"
-RCSID("$Id: ks_p12.c 23413 2008-07-26 18:34:53Z lha $");
+RCSID("$Id$");
struct ks_pkcs12 {
hx509_certs certs;
*/
#include "hx_locl.h"
-RCSID("$Id: lock.c 22327 2007-12-15 04:49:37Z lha $");
+RCSID("$Id$");
/**
* @page page_lock Locking and unlocking certificates and encrypted data.
#include "hx_locl.h"
#include <wind.h>
-RCSID("$Id: name.c 22677 2008-03-13 17:35:49Z lha $");
+RCSID("$Id$");
/**
* @page page_name PKIX/X.509 Names
-- From rfc2560
--- $Id: ocsp.asn1 19576 2006-12-30 12:40:43Z lha $
+-- $Id$
OCSP DEFINITIONS EXPLICIT TAGS::=
BEGIN
*/
#include "hx_locl.h"
-RCSID("$Id: peer.c 22345 2007-12-26 19:03:51Z lha $");
+RCSID("$Id$");
/**
* @page page_peer Hx509 crypto selecting functions
--- $Id: pkcs10.asn1 16918 2006-04-01 09:46:57Z lha $
+-- $Id$
PKCS10 DEFINITIONS ::=
BEGIN
*/
#include "hx_locl.h"
-RCSID("$Id: print.c 22538 2008-01-27 13:05:47Z lha $");
+RCSID("$Id$");
/**
* @page page_print Hx509 printing functions
#include "hx_locl.h"
#include <pkcs10_asn1.h>
-RCSID("$Id: req.c 23413 2008-07-26 18:34:53Z lha $");
+RCSID("$Id$");
struct hx509_request_data {
hx509_name name;
*/
#include "hx_locl.h"
-RCSID("$Id: revoke.c 23413 2008-07-26 18:34:53Z lha $");
+RCSID("$Id$");
struct revoke_crl {
char *path;
&c.signatureAlgorithm,
&c.signatureValue);
free(os->data);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Failed to sign CRL");
+ goto out;
+ }
ASN1_MALLOC_ENCODE(CRLCertificateList, os->data, os->length,
&c, &size, ret);
- free_CRLCertificateList(&c);
if (ret) {
hx509_set_error_string(context, 0, ret, "failed to encode CRL");
goto out;
if (size != os->length)
_hx509_abort("internal ASN.1 encoder error");
+ free_CRLCertificateList(&c);
+
return 0;
out:
*/
#include "hx_locl.h"
-RCSID("$Id: test_name.c 22677 2008-03-13 17:35:49Z lha $");
+RCSID("$Id$");
static int
test_name(hx509_context context, const char *name)
#include <dlfcn.h>
#endif
-RCSID("$Id: acache.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
/* XXX should we fetch these for each open ? */
static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
#include "krb5_locl.h"
-RCSID("$Id: add_et_list.c 22603 2008-02-21 18:44:57Z lha $");
+RCSID("$Id$");
/**
* Add a specified list of error messages to the et list in context.
#include "krb5_locl.h"
-RCSID("$Id: addr_families.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
struct addr_operations {
int af;
#include "krb5_locl.h"
-RCSID("$Id: appdefault.c 14465 2005-01-05 05:40:59Z lukeh $");
+RCSID("$Id$");
void KRB5_LIB_FUNCTION
krb5_appdefault_boolean(krb5_context context, const char *appname,
#include "krb5_locl.h"
-RCSID("$Id: asn1_glue.c 21745 2007-07-31 16:11:25Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
_krb5_principal2principalname (PrincipalName *p,
#include "krb5_locl.h"
-RCSID("$Id: auth_context.c 23273 2008-06-23 03:25:00Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_auth_con_init(krb5_context context,
#include <krb5_locl.h>
-RCSID("$Id: build_ap_req.c 13863 2004-05-25 21:46:46Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_build_ap_req (krb5_context context,
#include <krb5_locl.h>
-RCSID("$Id: build_auth.c 23273 2008-06-23 03:25:00Z lha $");
+RCSID("$Id$");
static krb5_error_code
make_etypelist(krb5_context context,
#include "krb5_locl.h"
-RCSID("$Id: cache.c 23417 2008-07-26 18:36:33Z lha $");
+RCSID("$Id$");
/**
* Add a new ccache type with operations `ops', overwriting any
#include <krb5_locl.h>
-RCSID("$Id: changepw.c 23445 2008-07-27 12:08:03Z lha $");
+RCSID("$Id$");
#undef __attribute__
#define __attribute__(X)
for (a = ai; !done && a != NULL; a = a->ai_next) {
int replied = 0;
- sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ sock = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol);
if (sock < 0)
continue;
rk_cloexec(sock);
#include "krb5_locl.h"
-RCSID("$Id: codec.c 13863 2004-05-25 21:46:46Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_decode_EncTicketPart (krb5_context context,
*/
#include "krb5_locl.h"
-RCSID("$Id: config_file.c 23280 2008-06-23 03:26:18Z lha $");
+RCSID("$Id$");
#ifndef HAVE_NETINFO
*/
#include "krb5_locl.h"
-RCSID("$Id: config_file_netinfo.c 13863 2004-05-25 21:46:46Z lha $");
+RCSID("$Id$");
/*
* Netinfo implementation from Luke Howard <lukeh@xedoc.com.au>
#include "krb5_locl.h"
-RCSID("$Id: constants.c 23026 2008-04-17 10:02:03Z lha $");
+RCSID("$Id$");
KRB5_LIB_VARIABLE const char *krb5_config_file =
#ifdef __APPLE__
#include "krb5_locl.h"
#include <com_err.h>
-RCSID("$Id: context.c 23420 2008-07-26 18:37:48Z lha $");
+RCSID("$Id$");
#define INIT_FIELD(C, T, E, D, F) \
(C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac");
context->default_cc_name = NULL;
context->default_cc_name_set = 0;
+
+ ret = krb5_config_get_bool_default(context, NULL, FALSE,
+ "libdefaults",
+ "allow_weak_crypto", NULL);
+ if (ret) {
+ krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
+ krb5_enctype_enable(context, ETYPE_DES_CBC_MD4);
+ krb5_enctype_enable(context, ETYPE_DES_CBC_MD5);
+ krb5_enctype_enable(context, ETYPE_DES_CBC_NONE);
+ krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE);
+ krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE);
+ }
+
return 0;
}
*/
#include "krb5_locl.h"
-RCSID("$Id: convert_creds.c 23280 2008-06-23 03:26:18Z lha $");
+RCSID("$Id$");
#include "krb5-v4compat.h"
#include "krb5_locl.h"
-RCSID("$Id: copy_host_realm.c 23280 2008-06-23 03:26:18Z lha $");
+RCSID("$Id$");
/**
* Copy the list of realms from `from' to `to'.
#include "krb5_locl.h"
-RCSID("$Id: crc.c 22862 2008-04-07 18:49:55Z lha $");
+RCSID("$Id$");
static u_long table[256];
#include "krb5_locl.h"
-RCSID("$Id: creds.c 23280 2008-06-23 03:26:18Z lha $");
+RCSID("$Id$");
#undef __attribute__
#define __attribute__(X)
/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
*/
#include "krb5_locl.h"
-RCSID("$Id: crypto.c 23454 2008-07-27 12:11:44Z lha $");
+RCSID("$Id$");
#include <pkinit_asn1.h>
-#undef CRYPTO_DEBUG
-#ifdef CRYPTO_DEBUG
-static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*);
+#undef __attribute__
+#define __attribute__(X)
+
+#ifndef HEIMDAL_SMALLER
+#define WEAK_ENCTYPES 1
+#define DES3_OLD_ENCTYPE 1
#endif
+#ifdef HAVE_OPENSSL /* XXX forward decl for hcrypto glue */
+const EVP_CIPHER * _krb5_EVP_hcrypto_aes_128_cts(void);
+const EVP_CIPHER * _krb5_EVP_hcrypto_aes_256_cts(void);
+#define EVP_hcrypto_aes_128_cts _krb5_EVP_hcrypto_aes_128_cts
+#define EVP_hcrypto_aes_256_cts _krb5_EVP_hcrypto_aes_256_cts
+#endif
+
struct key_data {
krb5_keyblock *key;
krb5_data *schedule;
size_t bits;
size_t size;
size_t schedule_size;
-#if 0
- krb5_enctype best_etype;
-#endif
void (*random_key)(krb5_context, krb5_keyblock*);
- void (*schedule)(krb5_context, struct key_data *);
+ void (*schedule)(krb5_context, struct key_type *, struct key_data *);
struct salt_type *string_to_key;
void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t);
+ void (*cleanup)(krb5_context, struct key_data *);
+ const EVP_CIPHER *(*evp)(void);
};
struct checksum_type {
size_t blocksize;
size_t checksumsize;
unsigned flags;
- void (*checksum)(krb5_context context,
- struct key_data *key,
- const void *buf, size_t len,
- unsigned usage,
- Checksum *csum);
+ krb5_enctype (*checksum)(krb5_context context,
+ struct key_data *key,
+ const void *buf, size_t len,
+ unsigned usage,
+ Checksum *csum);
krb5_error_code (*verify)(krb5_context context,
struct key_data *key,
const void *buf, size_t len,
unsigned usage,
struct key_data *keyblock,
Checksum *result);
-static void free_key_data(krb5_context context, struct key_data *key);
+static void free_key_data(krb5_context,
+ struct key_data *,
+ struct encryption_type *);
static krb5_error_code usage2arcfour (krb5_context, unsigned *);
static void xor (DES_cblock *, const unsigned char *);
* *
************************************************************/
-static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
+struct evp_schedule {
+ EVP_CIPHER_CTX ectx;
+ EVP_CIPHER_CTX dctx;
+};
+static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
+
static void
krb5_DES_random_key(krb5_context context,
krb5_keyblock *key)
} while(DES_is_weak_key(k));
}
+#ifdef WEAK_ENCTYPES
static void
-krb5_DES_schedule(krb5_context context,
- struct key_data *key)
+krb5_DES_schedule_old(krb5_context context,
+ struct key_type *kt,
+ struct key_data *key)
{
DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data);
}
+#endif /* WEAK_ENCTYPES */
+
#ifdef ENABLE_AFS_STRING_TO_KEY
DES_is_weak_key(&k[2]));
}
-static void
-DES3_schedule(krb5_context context,
- struct key_data *key)
-{
- DES_cblock *k = key->key->keyvalue.data;
- DES_key_schedule *s = key->schedule->data;
- DES_set_key_unchecked(&k[0], &s[0]);
- DES_set_key_unchecked(&k[1], &s[1]);
- DES_set_key_unchecked(&k[2], &s[2]);
-}
-
/*
* A = A xor B. A & B are 8 bytes.
*/
a[7] ^= b[7];
}
+#ifdef DES3_OLD_ENCTYPE
static krb5_error_code
DES3_string_to_key(krb5_context context,
krb5_enctype enctype,
free(str);
return 0;
}
+#endif
static krb5_error_code
DES3_string_to_key_derived(krb5_context context,
static void
ARCFOUR_schedule(krb5_context context,
+ struct key_type *kt,
struct key_data *kd)
{
RC4_set_key (kd->schedule->data,
krb5_keyblock *key)
{
krb5_error_code ret;
- uint16_t *s;
+ uint16_t *s = NULL;
size_t len, i;
- MD4_CTX m;
+ EVP_MD_CTX *m;
+
+ m = EVP_MD_CTX_create();
+ if (m == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_message(context, ret, "Malloc: out of memory");
+ goto out;
+ }
+
+ EVP_DigestInit_ex(m, EVP_md4(), NULL);
ret = wind_utf8ucs2_length(password.data, &len);
if (ret) {
krb5_set_error_message (context, ret, "Password not an UCS2 string");
- return ret;
+ goto out;
}
s = malloc (len * sizeof(s[0]));
if (len != 0 && s == NULL) {
krb5_set_error_message (context, ENOMEM, "malloc: out of memory");
- return ENOMEM;
+ ret = ENOMEM;
+ goto out;
}
ret = wind_utf8ucs2(password.data, s, &len);
}
/* LE encoding */
- MD4_Init (&m);
for (i = 0; i < len; i++) {
unsigned char p;
p = (s[i] & 0xff);
- MD4_Update (&m, &p, 1);
+ EVP_DigestUpdate (m, &p, 1);
p = (s[i] >> 8) & 0xff;
- MD4_Update (&m, &p, 1);
+ EVP_DigestUpdate (m, &p, 1);
}
key->keytype = enctype;
krb5_set_error_message (context, ENOMEM, "malloc: out of memory");
goto out;
}
- MD4_Final (key->keyvalue.data, &m);
- ret = 0;
+ EVP_DigestFinal_ex (m, key->keyvalue.data, NULL);
+
out:
- memset (s, 0, len);
+ EVP_MD_CTX_destroy(m);
+ if (s)
+ memset (s, 0, len);
free (s);
return ret;
}
iter,
et->keytype->size, kd.key->keyvalue.data);
if (ret != 1) {
- free_key_data(context, &kd);
+ free_key_data(context, &kd, et);
krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP,
"Error calculating s2k");
return KRB5_PROG_KEYTYPE_NOSUPP;
ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
if (ret == 0)
ret = krb5_copy_keyblock_contents(context, kd.key, key);
- free_key_data(context, &kd);
+ free_key_data(context, &kd, et);
return ret;
}
-struct krb5_aes_schedule {
- AES_KEY ekey;
- AES_KEY dkey;
-};
-
static void
-AES_schedule(krb5_context context,
- struct key_data *kd)
+evp_schedule(krb5_context context, struct key_type *kt, struct key_data *kd)
{
- struct krb5_aes_schedule *key = kd->schedule->data;
- int bits = kd->key->keyvalue.length * 8;
+ struct evp_schedule *key = kd->schedule->data;
+ const EVP_CIPHER *c = (*kt->evp)();
+
+ EVP_CIPHER_CTX_init(&key->ectx);
+ EVP_CIPHER_CTX_init(&key->dctx);
+
+ EVP_CipherInit_ex(&key->ectx, c, NULL, kd->key->keyvalue.data, NULL, 1);
+ EVP_CipherInit_ex(&key->dctx, c, NULL, kd->key->keyvalue.data, NULL, 0);
+}
- memset(key, 0, sizeof(*key));
- AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey);
- AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey);
+static void
+evp_cleanup(krb5_context context, struct key_data *kd)
+{
+ struct evp_schedule *key = kd->schedule->data;
+ EVP_CIPHER_CTX_cleanup(&key->ectx);
+ EVP_CIPHER_CTX_cleanup(&key->dctx);
}
/*
{ 0 }
};
+#ifdef DES3_OLD_ENCTYPE
static struct salt_type des3_salt[] = {
{
KRB5_PW_SALT,
},
{ 0 }
};
+#endif
static struct salt_type des3_salt_derived[] = {
{
NULL
};
-static struct key_type keytype_des = {
+#ifdef WEAK_ENCTYPES
+static struct key_type keytype_des_old = {
KEYTYPE_DES,
- "des",
+ "des-old",
56,
- sizeof(DES_cblock),
+ 8,
sizeof(DES_key_schedule),
krb5_DES_random_key,
- krb5_DES_schedule,
+ krb5_DES_schedule_old,
des_salt,
krb5_DES_random_to_key
};
+#endif /* WEAK_ENCTYPES */
+
+static struct key_type keytype_des = {
+ KEYTYPE_DES,
+ "des",
+ 56,
+ 8,
+ sizeof(struct evp_schedule),
+ krb5_DES_random_key,
+ evp_schedule,
+ des_salt,
+ krb5_DES_random_to_key,
+ evp_cleanup,
+ EVP_des_cbc
+};
+#ifdef DES3_OLD_ENCTYPE
static struct key_type keytype_des3 = {
KEYTYPE_DES3,
"des3",
168,
- 3 * sizeof(DES_cblock),
- 3 * sizeof(DES_key_schedule),
+ 24,
+ sizeof(struct evp_schedule),
DES3_random_key,
- DES3_schedule,
+ evp_schedule,
des3_salt,
- DES3_random_to_key
+ DES3_random_to_key,
+ evp_cleanup,
+ EVP_des_ede3_cbc
};
+#endif
static struct key_type keytype_des3_derived = {
KEYTYPE_DES3,
"des3",
168,
- 3 * sizeof(DES_cblock),
- 3 * sizeof(DES_key_schedule),
+ 24,
+ sizeof(struct evp_schedule),
DES3_random_key,
- DES3_schedule,
+ evp_schedule,
des3_salt_derived,
- DES3_random_to_key
+ DES3_random_to_key,
+ evp_cleanup,
+ EVP_des_ede3_cbc
};
static struct key_type keytype_aes128 = {
"aes-128",
128,
16,
- sizeof(struct krb5_aes_schedule),
+ sizeof(struct evp_schedule),
+ NULL,
+ evp_schedule,
+ AES_salt,
NULL,
- AES_schedule,
- AES_salt
+ evp_cleanup,
+ EVP_hcrypto_aes_128_cts
};
static struct key_type keytype_aes256 = {
"aes-256",
256,
32,
- sizeof(struct krb5_aes_schedule),
+ sizeof(struct evp_schedule),
NULL,
- AES_schedule,
- AES_salt
+ evp_schedule,
+ AES_salt,
+ NULL,
+ evp_cleanup,
+ EVP_hcrypto_aes_256_cts
};
static struct key_type keytype_arcfour = {
&keytype_null,
&keytype_des,
&keytype_des3_derived,
+#ifdef DES3_OLD_ENCTYPE
&keytype_des3,
+#endif
&keytype_aes128,
&keytype_aes256,
&keytype_arcfour
pw, salt, opaque, key);
}
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_string(krb5_context context,
- krb5_keytype keytype,
- char **string)
-{
- struct key_type *kt = _find_keytype(keytype);
- if(kt == NULL) {
- krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP,
- "key type %d not supported", keytype);
- return KRB5_PROG_KEYTYPE_NOSUPP;
- }
- *string = strdup(kt->name);
- if(*string == NULL) {
- krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
- return ENOMEM;
- }
- return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_keytype(krb5_context context,
- const char *string,
- krb5_keytype *keytype)
-{
- char *end;
- int i;
-
- for(i = 0; i < num_keytypes; i++)
- if(strcasecmp(keytypes[i]->name, string) == 0){
- *keytype = keytypes[i]->type;
- return 0;
- }
-
- /* check if the enctype is a number */
- *keytype = strtol(string, &end, 0);
- if(*end == '\0' && *keytype != 0) {
- if (krb5_enctype_valid(context, *keytype) == 0)
- return 0;
- }
-
- krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP,
- "key type %s not supported", string);
- return KRB5_PROG_KEYTYPE_NOSUPP;
-}
-
krb5_error_code KRB5_LIB_FUNCTION
krb5_enctype_keysize(krb5_context context,
krb5_enctype type,
key->schedule = NULL;
return ret;
}
- (*kt->schedule)(context, key);
+ (*kt->schedule)(context, kt, key);
return 0;
}
* *
************************************************************/
-static void
+static krb5_error_code
NONE_checksum(krb5_context context,
struct key_data *key,
const void *data,
unsigned usage,
Checksum *C)
{
+ return 0;
}
-static void
+static krb5_error_code
CRC32_checksum(krb5_context context,
struct key_data *key,
const void *data,
r[1] = (crc >> 8) & 0xff;
r[2] = (crc >> 16) & 0xff;
r[3] = (crc >> 24) & 0xff;
+ return 0;
}
-static void
+static krb5_error_code
RSA_MD4_checksum(krb5_context context,
struct key_data *key,
const void *data,
unsigned usage,
Checksum *C)
{
- MD4_CTX m;
-
- MD4_Init (&m);
- MD4_Update (&m, data, len);
- MD4_Final (C->checksum.data, &m);
+ if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md4(), NULL) != 1)
+ krb5_abortx(context, "md4 checksum failed");
+ return 0;
}
-static void
-RSA_MD4_DES_checksum(krb5_context context,
- struct key_data *key,
- const void *data,
- size_t len,
- unsigned usage,
- Checksum *cksum)
+static krb5_error_code
+des_checksum(krb5_context context,
+ const EVP_MD *evp_md,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ Checksum *cksum)
{
- MD4_CTX md4;
+ struct evp_schedule *ctx = key->schedule->data;
+ EVP_MD_CTX *m;
DES_cblock ivec;
unsigned char *p = cksum->checksum.data;
krb5_generate_random_block(p, 8);
- MD4_Init (&md4);
- MD4_Update (&md4, p, 8);
- MD4_Update (&md4, data, len);
- MD4_Final (p + 8, &md4);
+
+ m = EVP_MD_CTX_create();
+ if (m == NULL) {
+ krb5_set_error_message(context, ENOMEM, "Malloc: out of memory");
+ return ENOMEM;
+ }
+
+ EVP_DigestInit_ex(m, evp_md, NULL);
+ EVP_DigestUpdate(m, p, 8);
+ EVP_DigestUpdate(m, data, len);
+ EVP_DigestFinal_ex (m, p + 8, NULL);
+ EVP_MD_CTX_destroy(m);
memset (&ivec, 0, sizeof(ivec));
- DES_cbc_encrypt(p,
- p,
- 24,
- key->schedule->data,
- &ivec,
- DES_ENCRYPT);
+ EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1);
+ EVP_Cipher(&ctx->ectx, p, p, 24);
+
+ return 0;
}
static krb5_error_code
-RSA_MD4_DES_verify(krb5_context context,
- struct key_data *key,
- const void *data,
- size_t len,
- unsigned usage,
- Checksum *C)
+des_verify(krb5_context context,
+ const EVP_MD *evp_md,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ Checksum *C)
{
- MD4_CTX md4;
+ struct evp_schedule *ctx = key->schedule->data;
+ EVP_MD_CTX *m;
unsigned char tmp[24];
unsigned char res[16];
DES_cblock ivec;
krb5_error_code ret = 0;
+ m = EVP_MD_CTX_create();
+ if (m == NULL) {
+ krb5_set_error_message(context, ENOMEM, "Malloc: out of memory");
+ return ENOMEM;
+ }
+
memset(&ivec, 0, sizeof(ivec));
- DES_cbc_encrypt(C->checksum.data,
- (void*)tmp,
- C->checksum.length,
- key->schedule->data,
- &ivec,
- DES_DECRYPT);
- MD4_Init (&md4);
- MD4_Update (&md4, tmp, 8); /* confounder */
- MD4_Update (&md4, data, len);
- MD4_Final (res, &md4);
+ EVP_CipherInit_ex(&ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1);
+ EVP_Cipher(&ctx->dctx, tmp, C->checksum.data, 24);
+
+ EVP_DigestInit_ex(m, evp_md, NULL);
+ EVP_DigestUpdate(m, tmp, 8); /* confounder */
+ EVP_DigestUpdate(m, data, len);
+ EVP_DigestFinal_ex (m, res, NULL);
+ EVP_MD_CTX_destroy(m);
if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
return ret;
}
-static void
+static krb5_error_code
+RSA_MD4_DES_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *cksum)
+{
+ return des_checksum(context, EVP_md4(), key, data, len, cksum);
+}
+
+static krb5_error_code
+RSA_MD4_DES_verify(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *C)
+{
+ return des_verify(context, EVP_md5(), key, data, len, C);
+}
+
+static krb5_error_code
RSA_MD5_checksum(krb5_context context,
struct key_data *key,
const void *data,
unsigned usage,
Checksum *C)
{
- MD5_CTX m;
-
- MD5_Init (&m);
- MD5_Update(&m, data, len);
- MD5_Final (C->checksum.data, &m);
+ if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1)
+ krb5_abortx(context, "md5 checksum failed");
+ return 0;
}
-static void
+static krb5_error_code
RSA_MD5_DES_checksum(krb5_context context,
struct key_data *key,
const void *data,
unsigned usage,
Checksum *C)
{
- MD5_CTX md5;
- DES_cblock ivec;
- unsigned char *p = C->checksum.data;
-
- krb5_generate_random_block(p, 8);
- MD5_Init (&md5);
- MD5_Update (&md5, p, 8);
- MD5_Update (&md5, data, len);
- MD5_Final (p + 8, &md5);
- memset (&ivec, 0, sizeof(ivec));
- DES_cbc_encrypt(p,
- p,
- 24,
- key->schedule->data,
- &ivec,
- DES_ENCRYPT);
+ return des_checksum(context, EVP_md5(), key, data, len, C);
}
static krb5_error_code
unsigned usage,
Checksum *C)
{
- MD5_CTX md5;
- unsigned char tmp[24];
- unsigned char res[16];
- DES_cblock ivec;
- DES_key_schedule *sched = key->schedule->data;
- krb5_error_code ret = 0;
-
- memset(&ivec, 0, sizeof(ivec));
- DES_cbc_encrypt(C->checksum.data,
- (void*)tmp,
- C->checksum.length,
- &sched[0],
- &ivec,
- DES_DECRYPT);
- MD5_Init (&md5);
- MD5_Update (&md5, tmp, 8); /* confounder */
- MD5_Update (&md5, data, len);
- MD5_Final (res, &md5);
- if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
- krb5_clear_error_string (context);
- ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- }
- memset(tmp, 0, sizeof(tmp));
- memset(res, 0, sizeof(res));
- return ret;
+ return des_verify(context, EVP_md5(), key, data, len, C);
}
-static void
+static krb5_error_code
RSA_MD5_DES3_checksum(krb5_context context,
struct key_data *key,
const void *data,
unsigned usage,
Checksum *C)
{
- MD5_CTX md5;
- DES_cblock ivec;
- unsigned char *p = C->checksum.data;
- DES_key_schedule *sched = key->schedule->data;
-
- krb5_generate_random_block(p, 8);
- MD5_Init (&md5);
- MD5_Update (&md5, p, 8);
- MD5_Update (&md5, data, len);
- MD5_Final (p + 8, &md5);
- memset (&ivec, 0, sizeof(ivec));
- DES_ede3_cbc_encrypt(p,
- p,
- 24,
- &sched[0], &sched[1], &sched[2],
- &ivec,
- DES_ENCRYPT);
+ return des_checksum(context, EVP_md5(), key, data, len, C);
}
static krb5_error_code
unsigned usage,
Checksum *C)
{
- MD5_CTX md5;
- unsigned char tmp[24];
- unsigned char res[16];
- DES_cblock ivec;
- DES_key_schedule *sched = key->schedule->data;
- krb5_error_code ret = 0;
-
- memset(&ivec, 0, sizeof(ivec));
- DES_ede3_cbc_encrypt(C->checksum.data,
- (void*)tmp,
- C->checksum.length,
- &sched[0], &sched[1], &sched[2],
- &ivec,
- DES_DECRYPT);
- MD5_Init (&md5);
- MD5_Update (&md5, tmp, 8); /* confounder */
- MD5_Update (&md5, data, len);
- MD5_Final (res, &md5);
- if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
- krb5_clear_error_string (context);
- ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- }
- memset(tmp, 0, sizeof(tmp));
- memset(res, 0, sizeof(res));
- return ret;
+ return des_verify(context, EVP_md5(), key, data, len, C);
}
-static void
+static krb5_error_code
SHA1_checksum(krb5_context context,
struct key_data *key,
const void *data,
unsigned usage,
Checksum *C)
{
- SHA_CTX m;
-
- SHA1_Init(&m);
- SHA1_Update(&m, data, len);
- SHA1_Final(C->checksum.data, &m);
+ if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_sha1(), NULL) != 1)
+ krb5_abortx(context, "sha1 checksum failed");
+ return 0;
}
/* HMAC according to RFC2104 */
return ret;
}
-static void
+static krb5_error_code
SP_HMAC_SHA1_checksum(krb5_context context,
struct key_data *key,
const void *data,
if (ret)
krb5_abortx(context, "hmac failed");
memcpy(result->checksum.data, res.checksum.data, result->checksum.length);
+ return 0;
}
/*
* checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt
*/
-static void
+static krb5_error_code
HMAC_MD5_checksum(krb5_context context,
struct key_data *key,
const void *data,
unsigned usage,
Checksum *result)
{
- MD5_CTX md5;
+ EVP_MD_CTX *m;
struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
const char signature[] = "signaturekey";
Checksum ksign_c;
unsigned char ksign_c_data[16];
krb5_error_code ret;
+ m = EVP_MD_CTX_create();
+ if (m == NULL) {
+ krb5_set_error_message(context, ENOMEM, "Malloc: out of memory");
+ return ENOMEM;
+ }
ksign_c.checksum.length = sizeof(ksign_c_data);
ksign_c.checksum.data = ksign_c_data;
ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c);
- if (ret)
- krb5_abortx(context, "hmac failed");
+ if (ret) {
+ EVP_MD_CTX_destroy(m);
+ return ret;
+ }
ksign.key = &kb;
kb.keyvalue = ksign_c.checksum;
- MD5_Init (&md5);
- t[0] = (usage >> 0) & 0xFF;
- t[1] = (usage >> 8) & 0xFF;
- t[2] = (usage >> 16) & 0xFF;
- t[3] = (usage >> 24) & 0xFF;
- MD5_Update (&md5, t, 4);
- MD5_Update (&md5, data, len);
- MD5_Final (tmp, &md5);
- ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result);
- if (ret)
- krb5_abortx(context, "hmac failed");
-}
-
-/*
- * same as previous but being used while encrypting.
- */
-
-static void
-HMAC_MD5_checksum_enc(krb5_context context,
- struct key_data *key,
- const void *data,
- size_t len,
- unsigned usage,
- Checksum *result)
-{
- struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
- Checksum ksign_c;
- struct key_data ksign;
- krb5_keyblock kb;
- unsigned char t[4];
- unsigned char ksign_c_data[16];
- krb5_error_code ret;
-
+ EVP_DigestInit_ex(m, EVP_md5(), NULL);
t[0] = (usage >> 0) & 0xFF;
t[1] = (usage >> 8) & 0xFF;
t[2] = (usage >> 16) & 0xFF;
t[3] = (usage >> 24) & 0xFF;
+ EVP_DigestUpdate(m, t, 4);
+ EVP_DigestUpdate(m, data, len);
+ EVP_DigestFinal_ex (m, tmp, NULL);
+ EVP_MD_CTX_destroy(m);
- ksign_c.checksum.length = sizeof(ksign_c_data);
- ksign_c.checksum.data = ksign_c_data;
- ret = hmac(context, c, t, sizeof(t), 0, key, &ksign_c);
- if (ret)
- krb5_abortx(context, "hmac failed");
- ksign.key = &kb;
- kb.keyvalue = ksign_c.checksum;
- ret = hmac(context, c, data, len, 0, &ksign, result);
+ ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result);
if (ret)
- krb5_abortx(context, "hmac failed");
+ return ret;
+ return 0;
}
static struct checksum_type checksum_none = {
RSA_MD4_DES_checksum,
RSA_MD4_DES_verify
};
-#if 0
-static struct checksum_type checksum_des_mac = {
- CKSUMTYPE_DES_MAC,
- "des-mac",
- 0,
- 0,
- 0,
- DES_MAC_checksum
-};
-static struct checksum_type checksum_des_mac_k = {
- CKSUMTYPE_DES_MAC_K,
- "des-mac-k",
- 0,
- 0,
- 0,
- DES_MAC_K_checksum
-};
-static struct checksum_type checksum_rsa_md4_des_k = {
- CKSUMTYPE_RSA_MD4_DES_K,
- "rsa-md4-des-k",
- 0,
- 0,
- 0,
- RSA_MD4_DES_K_checksum,
- RSA_MD4_DES_K_verify
-};
-#endif
static struct checksum_type checksum_rsa_md5 = {
CKSUMTYPE_RSA_MD5,
"rsa-md5",
RSA_MD5_DES_checksum,
RSA_MD5_DES_verify
};
+#ifdef DES3_OLD_ENCTYPE
static struct checksum_type checksum_rsa_md5_des3 = {
CKSUMTYPE_RSA_MD5_DES3,
"rsa-md5-des3",
RSA_MD5_DES3_checksum,
RSA_MD5_DES3_verify
};
+#endif
static struct checksum_type checksum_sha1 = {
CKSUMTYPE_SHA1,
"sha1",
NULL
};
-static struct checksum_type checksum_hmac_md5_enc = {
- CKSUMTYPE_HMAC_MD5_ENC,
- "hmac-md5-enc",
- 64,
- 16,
- F_KEYED | F_CPROOF | F_PSEUDO,
- HMAC_MD5_checksum_enc,
- NULL
-};
-
static struct checksum_type *checksum_types[] = {
&checksum_none,
&checksum_crc32,
&checksum_rsa_md4,
&checksum_rsa_md4_des,
-#if 0
- &checksum_des_mac,
- &checksum_des_mac_k,
- &checksum_rsa_md4_des_k,
-#endif
&checksum_rsa_md5,
&checksum_rsa_md5_des,
+#ifdef DES3_OLD_ENCTYPE
&checksum_rsa_md5_des3,
+#endif
&checksum_sha1,
&checksum_hmac_sha1_des3,
&checksum_hmac_sha1_aes128,
&checksum_hmac_sha1_aes256,
- &checksum_hmac_md5,
- &checksum_hmac_md5_enc
+ &checksum_hmac_md5
};
static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]);
ret = krb5_data_alloc(&result->checksum, ct->checksumsize);
if (ret)
return (ret);
- (*ct->checksum)(context, dkey, data, len, usage, result);
- return 0;
+ return (*ct->checksum)(context, dkey, data, len, usage, result);
}
static int
ct->name);
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
- if(keyed_checksum)
+ if(keyed_checksum) {
ret = get_checksum_key(context, crypto, usage, ct, &dkey);
- else
+ if (ret)
+ return ret;
+ } else
dkey = NULL;
if(ct->verify)
return (*ct->verify)(context, dkey, data, len, usage, cksum);
if (ret)
return ret;
- (*ct->checksum)(context, dkey, data, len, usage, &c);
+ ret = (*ct->checksum)(context, dkey, data, len, usage, &c);
+ if (ret) {
+ krb5_data_free(&c.checksum);
+ return ret;
+ }
if(c.checksum.length != cksum->checksum.length ||
memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
}
static krb5_error_code
-DES_CBC_encrypt_null_ivec(krb5_context context,
+evp_encrypt(krb5_context context,
+ struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encryptp,
+ int usage,
+ void *ivec)
+{
+ struct evp_schedule *ctx = key->schedule->data;
+ EVP_CIPHER_CTX *c;
+ c = encryptp ? &ctx->ectx : &ctx->dctx;
+ if (ivec == NULL) {
+ /* alloca ? */
+ size_t len = EVP_CIPHER_CTX_iv_length(c);
+ void *loiv = malloc(len);
+ if (loiv == NULL) {
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+ memset(loiv, 0, len);
+ EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1);
+ free(loiv);
+ } else
+ EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1);
+ EVP_Cipher(c, data, data, len);
+ return 0;
+}
+
+#ifdef WEAK_ENCTYPES
+static krb5_error_code
+evp_des_encrypt_null_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
int usage,
void *ignore_ivec)
{
+ struct evp_schedule *ctx = key->schedule->data;
+ EVP_CIPHER_CTX *c;
DES_cblock ivec;
- DES_key_schedule *s = key->schedule->data;
memset(&ivec, 0, sizeof(ivec));
- DES_cbc_encrypt(data, data, len, s, &ivec, encryptp);
+ c = encryptp ? &ctx->ectx : &ctx->dctx;
+ EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1);
+ EVP_Cipher(c, data, data, len);
return 0;
}
static krb5_error_code
-DES_CBC_encrypt_key_ivec(krb5_context context,
+evp_des_encrypt_key_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
int usage,
void *ignore_ivec)
{
+ struct evp_schedule *ctx = key->schedule->data;
+ EVP_CIPHER_CTX *c;
DES_cblock ivec;
- DES_key_schedule *s = key->schedule->data;
memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
- DES_cbc_encrypt(data, data, len, s, &ivec, encryptp);
- return 0;
-}
-
-static krb5_error_code
-DES3_CBC_encrypt(krb5_context context,
- struct key_data *key,
- void *data,
- size_t len,
- krb5_boolean encryptp,
- int usage,
- void *ivec)
-{
- DES_cblock local_ivec;
- DES_key_schedule *s = key->schedule->data;
- if(ivec == NULL) {
- ivec = &local_ivec;
- memset(local_ivec, 0, sizeof(local_ivec));
- }
- DES_ede3_cbc_encrypt(data, data, len, &s[0], &s[1], &s[2], ivec, encryptp);
+ c = encryptp ? &ctx->ectx : &ctx->dctx;
+ EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1);
+ EVP_Cipher(c, data, data, len);
return 0;
}
DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp);
return 0;
}
-
-/*
- * AES draft-raeburn-krb-rijndael-krb-02
- */
-
-void KRB5_LIB_FUNCTION
-_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const AES_KEY *key,
- unsigned char *ivec, const int encryptp)
-{
- unsigned char tmp[AES_BLOCK_SIZE];
- int i;
-
- /*
- * In the framework of kerberos, the length can never be shorter
- * then at least one blocksize.
- */
-
- if (encryptp) {
-
- while(len > AES_BLOCK_SIZE) {
- for (i = 0; i < AES_BLOCK_SIZE; i++)
- tmp[i] = in[i] ^ ivec[i];
- AES_encrypt(tmp, out, key);
- memcpy(ivec, out, AES_BLOCK_SIZE);
- len -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
-
- for (i = 0; i < len; i++)
- tmp[i] = in[i] ^ ivec[i];
- for (; i < AES_BLOCK_SIZE; i++)
- tmp[i] = 0 ^ ivec[i];
-
- AES_encrypt(tmp, out - AES_BLOCK_SIZE, key);
-
- memcpy(out, ivec, len);
- memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-
- } else {
- unsigned char tmp2[AES_BLOCK_SIZE];
- unsigned char tmp3[AES_BLOCK_SIZE];
-
- while(len > AES_BLOCK_SIZE * 2) {
- memcpy(tmp, in, AES_BLOCK_SIZE);
- AES_decrypt(in, out, key);
- for (i = 0; i < AES_BLOCK_SIZE; i++)
- out[i] ^= ivec[i];
- memcpy(ivec, tmp, AES_BLOCK_SIZE);
- len -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
-
- len -= AES_BLOCK_SIZE;
-
- memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */
- AES_decrypt(in, tmp2, key);
-
- memcpy(tmp3, in + AES_BLOCK_SIZE, len);
- memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */
-
- for (i = 0; i < len; i++)
- out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i];
-
- AES_decrypt(tmp3, out, key);
- for (i = 0; i < AES_BLOCK_SIZE; i++)
- out[i] ^= ivec[i];
- memcpy(ivec, tmp, AES_BLOCK_SIZE);
- }
-}
-
-static krb5_error_code
-AES_CTS_encrypt(krb5_context context,
- struct key_data *key,
- void *data,
- size_t len,
- krb5_boolean encryptp,
- int usage,
- void *ivec)
-{
- struct krb5_aes_schedule *aeskey = key->schedule->data;
- char local_ivec[AES_BLOCK_SIZE];
- AES_KEY *k;
-
- if (encryptp)
- k = &aeskey->ekey;
- else
- k = &aeskey->dkey;
-
- if (len < AES_BLOCK_SIZE)
- krb5_abortx(context, "invalid use of AES_CTS_encrypt");
- if (len == AES_BLOCK_SIZE) {
- if (encryptp)
- AES_encrypt(data, data, k);
- else
- AES_decrypt(data, data, k);
- } else {
- if(ivec == NULL) {
- memset(local_ivec, 0, sizeof(local_ivec));
- ivec = local_ivec;
- }
- _krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp);
- }
-
- return 0;
-}
+#endif
/*
* section 6 of draft-brezak-win2k-krb-rc4-hmac-03
return ret;
}
- (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
+ ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
+ if (ret) {
+ krb5_data_free(&result.checksum);
+ return ret;
+ }
if (result.checksum.length < crypto->et->blocksize)
krb5_abortx(context, "internal prf error");
krb5_abortx(context, "malloc failed");
{
- AES_KEY key;
-
- AES_set_encrypt_key(derived->keyvalue.data,
- crypto->et->keytype->bits, &key);
- AES_encrypt(result.checksum.data, out->data, &key);
- memset(&key, 0, sizeof(key));
+ const EVP_CIPHER *c = (*crypto->et->keytype->evp)();
+ EVP_CIPHER_CTX ctx;
+ /* XXX blksz 1 for cts, so we can't use that */
+ EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */
+ EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1);
+ EVP_Cipher(&ctx, out->data, result.checksum.data, 16);
+ EVP_CIPHER_CTX_cleanup(&ctx);
}
krb5_data_free(&result.checksum);
0,
NULL
};
-static struct encryption_type enctype_des_cbc_crc = {
- ETYPE_DES_CBC_CRC,
- "des-cbc-crc",
- 8,
- 8,
- 8,
- &keytype_des,
- &checksum_crc32,
- NULL,
- 0,
- DES_CBC_encrypt_key_ivec,
- 0,
- NULL
-};
-static struct encryption_type enctype_des_cbc_md4 = {
- ETYPE_DES_CBC_MD4,
- "des-cbc-md4",
- 8,
- 8,
- 8,
- &keytype_des,
- &checksum_rsa_md4,
- &checksum_rsa_md4_des,
- 0,
- DES_CBC_encrypt_null_ivec,
- 0,
- NULL
-};
-static struct encryption_type enctype_des_cbc_md5 = {
- ETYPE_DES_CBC_MD5,
- "des-cbc-md5",
- 8,
- 8,
- 8,
- &keytype_des,
- &checksum_rsa_md5,
- &checksum_rsa_md5_des,
- 0,
- DES_CBC_encrypt_null_ivec,
- 0,
- NULL
-};
static struct encryption_type enctype_arcfour_hmac_md5 = {
ETYPE_ARCFOUR_HMAC_MD5,
"arcfour-hmac-md5",
0,
NULL
};
+#ifdef DES3_OLD_ENCTYPE
static struct encryption_type enctype_des3_cbc_md5 = {
ETYPE_DES3_CBC_MD5,
"des3-cbc-md5",
&checksum_rsa_md5,
&checksum_rsa_md5_des3,
0,
- DES3_CBC_encrypt,
+ evp_encrypt,
0,
NULL
};
+#endif
static struct encryption_type enctype_des3_cbc_sha1 = {
ETYPE_DES3_CBC_SHA1,
"des3-cbc-sha1",
&checksum_sha1,
&checksum_hmac_sha1_des3,
F_DERIVED,
- DES3_CBC_encrypt,
+ evp_encrypt,
0,
NULL
};
+#ifdef DES3_OLD_ENCTYPE
static struct encryption_type enctype_old_des3_cbc_sha1 = {
ETYPE_OLD_DES3_CBC_SHA1,
"old-des3-cbc-sha1",
&checksum_sha1,
&checksum_hmac_sha1_des3,
0,
- DES3_CBC_encrypt,
+ evp_encrypt,
0,
NULL
};
+#endif
static struct encryption_type enctype_aes128_cts_hmac_sha1 = {
ETYPE_AES128_CTS_HMAC_SHA1_96,
"aes128-cts-hmac-sha1-96",
&checksum_sha1,
&checksum_hmac_sha1_aes128,
F_DERIVED,
- AES_CTS_encrypt,
+ evp_encrypt,
16,
AES_PRF
};
&checksum_sha1,
&checksum_hmac_sha1_aes256,
F_DERIVED,
- AES_CTS_encrypt,
+ evp_encrypt,
16,
AES_PRF
};
+static struct encryption_type enctype_des3_cbc_none = {
+ ETYPE_DES3_CBC_NONE,
+ "des3-cbc-none",
+ 8,
+ 8,
+ 0,
+ &keytype_des3_derived,
+ &checksum_none,
+ NULL,
+ F_PSEUDO,
+ evp_encrypt,
+ 0,
+ NULL
+};
+#ifdef WEAK_ENCTYPES
+static struct encryption_type enctype_des_cbc_crc = {
+ ETYPE_DES_CBC_CRC,
+ "des-cbc-crc",
+ 8,
+ 8,
+ 8,
+ &keytype_des,
+ &checksum_crc32,
+ NULL,
+ F_DISABLED,
+ evp_des_encrypt_key_ivec,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_des_cbc_md4 = {
+ ETYPE_DES_CBC_MD4,
+ "des-cbc-md4",
+ 8,
+ 8,
+ 8,
+ &keytype_des,
+ &checksum_rsa_md4,
+ &checksum_rsa_md4_des,
+ F_DISABLED,
+ evp_des_encrypt_null_ivec,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_des_cbc_md5 = {
+ ETYPE_DES_CBC_MD5,
+ "des-cbc-md5",
+ 8,
+ 8,
+ 8,
+ &keytype_des,
+ &checksum_rsa_md5,
+ &checksum_rsa_md5_des,
+ F_DISABLED,
+ evp_des_encrypt_null_ivec,
+ 0,
+ NULL
+};
static struct encryption_type enctype_des_cbc_none = {
ETYPE_DES_CBC_NONE,
"des-cbc-none",
&keytype_des,
&checksum_none,
NULL,
- F_PSEUDO,
- DES_CBC_encrypt_null_ivec,
+ F_PSEUDO|F_DISABLED,
+ evp_des_encrypt_null_ivec,
0,
NULL
};
1,
1,
0,
- &keytype_des,
+ &keytype_des_old,
&checksum_none,
NULL,
- F_PSEUDO,
+ F_PSEUDO|F_DISABLED,
DES_CFB64_encrypt_null_ivec,
0,
NULL
8,
8,
0,
- &keytype_des,
+ &keytype_des_old,
&checksum_none,
NULL,
- F_PSEUDO,
+ F_PSEUDO|F_DISABLED,
DES_PCBC_encrypt_key_ivec,
0,
NULL
};
-static struct encryption_type enctype_des3_cbc_none = {
- ETYPE_DES3_CBC_NONE,
- "des3-cbc-none",
- 8,
- 8,
- 0,
- &keytype_des3_derived,
- &checksum_none,
- NULL,
- F_PSEUDO,
- DES3_CBC_encrypt,
- 0,
- NULL
-};
+#endif /* WEAK_ENCTYPES */
static struct encryption_type *etypes[] = {
- &enctype_null,
- &enctype_des_cbc_crc,
- &enctype_des_cbc_md4,
- &enctype_des_cbc_md5,
+ &enctype_aes256_cts_hmac_sha1,
+ &enctype_aes128_cts_hmac_sha1,
+ &enctype_des3_cbc_sha1,
+ &enctype_des3_cbc_none, /* used by the gss-api mech */
&enctype_arcfour_hmac_md5,
+#ifdef DES3_OLD_ENCTYPE
&enctype_des3_cbc_md5,
- &enctype_des3_cbc_sha1,
&enctype_old_des3_cbc_sha1,
- &enctype_aes128_cts_hmac_sha1,
- &enctype_aes256_cts_hmac_sha1,
+#endif
+#ifdef WEAK_ENCTYPES
+ &enctype_des_cbc_crc,
+ &enctype_des_cbc_md4,
+ &enctype_des_cbc_md5,
&enctype_des_cbc_none,
&enctype_des_cfb64_none,
&enctype_des_pcbc_none,
- &enctype_des3_cbc_none
+#endif
+ &enctype_null
};
static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]);
return 0;
}
-/*
- * First take the configured list of etypes for `keytype' if available,
- * else, do `krb5_keytype_to_enctypes'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_enctypes_default (krb5_context context,
- krb5_keytype keytype,
- unsigned *len,
- krb5_enctype **val)
-{
- unsigned int i, n;
- krb5_enctype *ret;
-
- if (keytype != KEYTYPE_DES || context->etypes_des == NULL)
- return krb5_keytype_to_enctypes (context, keytype, len, val);
-
- for (n = 0; context->etypes_des[n]; ++n)
- ;
- ret = malloc (n * sizeof(*ret));
- if (ret == NULL && n != 0) {
- krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
- return ENOMEM;
- }
- for (i = 0; i < n; ++i)
- ret[i] = context->etypes_des[i];
- *len = n;
- *val = ret;
- return 0;
-}
-
krb5_error_code KRB5_LIB_FUNCTION
krb5_enctype_valid(krb5_context context,
krb5_enctype etype)
ret = _key_schedule(context, dkey);
if(ret)
goto fail;
-#ifdef CRYPTO_DEBUG
- krb5_crypto_debug(context, 1, block_sz, dkey->key);
-#endif
ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec);
if (ret)
goto fail;
ret = _key_schedule(context, &crypto->key);
if(ret)
goto fail;
-#ifdef CRYPTO_DEBUG
- krb5_crypto_debug(context, 1, block_sz, crypto->key.key);
-#endif
ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec);
if (ret) {
memset(p, 0, block_sz);
free(p);
return ret;
}
-#ifdef CRYPTO_DEBUG
- krb5_crypto_debug(context, 0, len, dkey->key);
-#endif
ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec);
if (ret) {
free(p);
free(p);
return ret;
}
-#ifdef CRYPTO_DEBUG
- krb5_crypto_debug(context, 0, len, crypto->key.key);
-#endif
ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec);
if (ret) {
free(p);
return 0;
}
+/**
+ * Inline encrypt a kerberos message
+ *
+ * @param context Kerberos context
+ * @param crypto Kerberos crypto context
+ * @param usage Key usage for this buffer
+ * @param data array of buffers to process
+ * @param num_data length of array
+ * @param ivec initial cbc/cts vector
+ *
+ * @return Return an error code or 0.
+ * @ingroup krb5_crypto
+ *
+ * Kerberos encrypted data look like this:
+ *
+ * 1. KRB5_CRYPTO_TYPE_HEADER
+ * 2. array KRB5_CRYPTO_TYPE_DATA and KRB5_CRYPTO_TYPE_SIGN_ONLY in
+ * any order, however the receiver have to aware of the
+ * order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and
+ * trailers.
+ * 3. KRB5_CRYPTO_TYPE_TRAILER
+ */
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt_ivec(krb5_context context,
+static krb5_crypto_iov *
+find_iv(krb5_crypto_iov *data, int num_data, int type)
+{
+ int i;
+ for (i = 0; i < num_data; i++)
+ if (data[i].flags == type)
+ return &data[i];
+ return NULL;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encrypt_iov_ivec(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ krb5_crypto_iov *data,
+ size_t num_data,
+ void *ivec)
+{
+ size_t headersz, trailersz, len;
+ size_t i, sz, block_sz, pad_sz;
+ Checksum cksum;
+ unsigned char *p, *q;
+ krb5_error_code ret;
+ struct key_data *dkey;
+ const struct encryption_type *et = crypto->et;
+ krb5_crypto_iov *tiv, *piv, *hiv;
+
+ if(!derived_crypto(context, crypto)) {
+ krb5_clear_error_string(context);
+ return KRB5_CRYPTO_INTERNAL;
+ }
+
+ headersz = et->confoundersize;
+ trailersz = CHECKSUMSIZE(et->keyed_checksum);
+
+ for (len = 0, i = 0; i < num_data; i++) {
+ if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER &&
+ data[i].flags == KRB5_CRYPTO_TYPE_DATA) {
+ len += data[i].data.length;
+ }
+ }
+
+ sz = headersz + len;
+ block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
+
+ pad_sz = block_sz - sz;
+ trailersz += pad_sz;
+
+ /* header */
+
+ hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+ if (hiv == NULL || hiv->data.length != headersz)
+ return KRB5_BAD_MSIZE;
+
+ krb5_generate_random_block(hiv->data.data, hiv->data.length);
+
+ /* padding */
+
+ piv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
+ /* its ok to have no TYPE_PADDING if there is no padding */
+ if (piv == NULL && pad_sz != 0)
+ return KRB5_BAD_MSIZE;
+ if (piv) {
+ if (piv->data.length < pad_sz)
+ return KRB5_BAD_MSIZE;
+ piv->data.length = pad_sz;
+ }
+
+
+ /* trailer */
+
+ tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+ if (tiv == NULL || tiv->data.length != trailersz)
+ return KRB5_BAD_MSIZE;
+
+
+ /*
+ * XXX replace with EVP_Sign? at least make create_checksum an iov
+ * function.
+ * XXX CTS EVP is broken, can't handle multi buffers :(
+ */
+
+ len = hiv->data.length;
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
+ data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
+ continue;
+ len += data[i].data.length;
+ }
+
+ p = q = malloc(len);
+
+ memcpy(q, hiv->data.data, hiv->data.length);
+ q += hiv->data.length;
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
+ data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
+ continue;
+ memcpy(q, data[i].data.data, data[i].data.length);
+ q += data[i].data.length;
+ }
+
+ ret = create_checksum(context,
+ et->keyed_checksum,
+ crypto,
+ INTEGRITY_USAGE(usage),
+ p,
+ len,
+ &cksum);
+ free(p);
+ if(ret == 0 && cksum.checksum.length != trailersz) {
+ free_Checksum (&cksum);
+ krb5_clear_error_string (context);
+ ret = KRB5_CRYPTO_INTERNAL;
+ }
+ if(ret)
+ return ret;
+
+ /* save cksum at end */
+ memcpy(tiv->data.data, cksum.checksum.data, cksum.checksum.length);
+ free_Checksum (&cksum);
+
+ /* now encrypt data */
+
+ ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
+ if(ret)
+ return ret;
+ ret = _key_schedule(context, dkey);
+ if(ret)
+ return ret;
+
+ /* XXX replace with EVP_Cipher */
+
+ len = hiv->data.length;
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
+ data[i].flags != KRB5_CRYPTO_TYPE_PADDING)
+ continue;
+ len += data[i].data.length;
+ }
+
+ p = q = malloc(len);
+ if(p == NULL)
+ return ENOMEM;
+
+ memcpy(q, hiv->data.data, hiv->data.length);
+ q += hiv->data.length;
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
+ data[i].flags != KRB5_CRYPTO_TYPE_PADDING)
+ continue;
+ memcpy(q, data[i].data.data, data[i].data.length);
+ q += data[i].data.length;
+ }
+
+ ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
+ if(ret) {
+ free(p);
+ return ret;
+ }
+ ret = _key_schedule(context, dkey);
+ if(ret) {
+ free(p);
+ return ret;
+ }
+
+ ret = (*et->encrypt)(context, dkey, p, len, 1, usage, ivec);
+ if (ret) {
+ free(p);
+ return ret;
+ }
+
+ /* now copy data back to buffers */
+ q = p;
+ memcpy(hiv->data.data, q, hiv->data.length);
+ q += hiv->data.length;
+
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
+ data[i].flags != KRB5_CRYPTO_TYPE_PADDING)
+ continue;
+ memcpy(data[i].data.data, q, data[i].data.length);
+ q += data[i].data.length;
+ }
+ free(p);
+
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decrypt_iov_ivec(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ krb5_crypto_iov *data,
+ size_t num_data,
+ void *ivec)
+{
+ size_t headersz, trailersz, len;
+ size_t i, sz, block_sz, pad_sz;
+ Checksum cksum;
+ unsigned char *p, *q;
+ krb5_error_code ret;
+ struct key_data *dkey;
+ struct encryption_type *et = crypto->et;
+ krb5_crypto_iov *tiv, *hiv;
+
+ if(!derived_crypto(context, crypto)) {
+ krb5_clear_error_string(context);
+ return KRB5_CRYPTO_INTERNAL;
+ }
+
+ headersz = et->confoundersize;
+ trailersz = CHECKSUMSIZE(et->keyed_checksum);
+
+ for (len = 0, i = 0; i < num_data; i++)
+ if (data[i].flags == KRB5_CRYPTO_TYPE_DATA)
+ len += data[i].data.length;
+
+ sz = headersz + len;
+ block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
+
+ pad_sz = block_sz - sz;
+ trailersz += pad_sz;
+
+ /* header */
+
+ hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+ if (hiv == NULL || hiv->data.length < headersz)
+ return KRB5_BAD_MSIZE;
+ hiv->data.length = headersz;
+
+ /* trailer */
+
+ tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+ if (tiv == NULL || tiv->data.length < trailersz)
+ return KRB5_BAD_MSIZE;
+ tiv->data.length = trailersz;
+
+ /* body */
+
+ /* XXX replace with EVP_Cipher */
+
+ for (len = 0, i = 0; i < num_data; i++) {
+ if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER &&
+ data[i].flags != KRB5_CRYPTO_TYPE_DATA)
+ continue;
+ len += data[i].data.length;
+ }
+
+ p = q = malloc(len);
+ if (p == NULL)
+ return ENOMEM;
+
+ memcpy(q, hiv->data.data, hiv->data.length);
+ q += hiv->data.length;
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags != KRB5_CRYPTO_TYPE_DATA)
+ continue;
+ memcpy(q, data[i].data.data, data[i].data.length);
+ q += data[i].data.length;
+ }
+
+ ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
+ if(ret) {
+ free(p);
+ return ret;
+ }
+ ret = _key_schedule(context, dkey);
+ if(ret) {
+ free(p);
+ return ret;
+ }
+
+ ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec);
+ if (ret) {
+ free(p);
+ return ret;
+ }
+
+ /* XXX now copy data back to buffers */
+ q = p;
+ memcpy(hiv->data.data, q, hiv->data.length);
+ q += hiv->data.length;
+ len -= hiv->data.length;
+
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags != KRB5_CRYPTO_TYPE_DATA)
+ continue;
+ if (len < data[i].data.length)
+ data[i].data.length = len;
+ memcpy(data[i].data.data, q, data[i].data.length);
+ q += data[i].data.length;
+ len -= data[i].data.length;
+ }
+ free(p);
+ if (len)
+ krb5_abortx(context, "data still in the buffer");
+
+ len = hiv->data.length;
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
+ data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
+ continue;
+ len += data[i].data.length;
+ }
+
+ p = q = malloc(len);
+
+ memcpy(q, hiv->data.data, hiv->data.length);
+ q += hiv->data.length;
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
+ data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
+ continue;
+ memcpy(q, data[i].data.data, data[i].data.length);
+ q += data[i].data.length;
+ }
+
+ cksum.checksum.data = tiv->data.data;
+ cksum.checksum.length = tiv->data.length;
+ cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum);
+
+ ret = verify_checksum(context,
+ crypto,
+ INTEGRITY_USAGE(usage),
+ p,
+ len,
+ &cksum);
+ free(p);
+ if(ret)
+ return ret;
+
+ return 0;
+}
+
+
+size_t KRB5_LIB_FUNCTION
+krb5_crypto_length(krb5_context context,
+ krb5_crypto crypto,
+ int type)
+{
+ if (!derived_crypto(context, crypto))
+ return (size_t)-1;
+ switch(type) {
+ case KRB5_CRYPTO_TYPE_EMPTY:
+ return 0;
+ case KRB5_CRYPTO_TYPE_HEADER:
+ return crypto->et->blocksize;
+ case KRB5_CRYPTO_TYPE_PADDING:
+ if (crypto->et->padsize > 1)
+ return crypto->et->padsize;
+ return 0;
+ case KRB5_CRYPTO_TYPE_TRAILER:
+ return CHECKSUMSIZE(crypto->et->keyed_checksum);
+ }
+ return (size_t)-1;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encrypt_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
const void *data,
so use 0 for the entropy estimate */
if (RAND_file_name(seedfile, sizeof(seedfile))) {
int fd;
- fd = open(seedfile, O_RDONLY);
+ fd = open(seedfile, O_RDONLY | O_BINARY | O_CLOEXEC);
if (fd >= 0) {
ssize_t ret;
rk_cloexec(fd);
ret = derive_key(context, et, &d, constant, constant_len);
if (ret == 0)
ret = krb5_copy_keyblock(context, d.key, derived_key);
- free_key_data(context, &d);
+ free_key_data(context, &d, et);
return ret;
}
}
static void
-free_key_data(krb5_context context, struct key_data *key)
+free_key_data(krb5_context context, struct key_data *key,
+ struct encryption_type *et)
{
krb5_free_keyblock(context, key->key);
if(key->schedule) {
+ if (et->keytype->cleanup)
+ (*et->keytype->cleanup)(context, key);
memset(key->schedule->data, 0, key->schedule->length);
krb5_free_data(context, key->schedule);
}
}
static void
-free_key_usage(krb5_context context, struct key_usage *ku)
+free_key_usage(krb5_context context, struct key_usage *ku,
+ struct encryption_type *et)
{
- free_key_data(context, &ku->key);
+ free_key_data(context, &ku->key, et);
}
krb5_error_code KRB5_LIB_FUNCTION
int i;
for(i = 0; i < crypto->num_key_usage; i++)
- free_key_usage(context, &crypto->key_usage[i]);
+ free_key_usage(context, &crypto->key_usage[i], crypto->et);
free(crypto->key_usage);
- free_key_data(context, &crypto->key);
+ free_key_data(context, &crypto->key, crypto->et);
free (crypto);
return 0;
}
return 0;
}
+
+/**
+ * Disable encryption type
+ *
+ * @param context Kerberos 5 context
+ * @param enctype encryption type to disable
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_crypto
+ */
+
krb5_error_code KRB5_LIB_FUNCTION
krb5_enctype_disable(krb5_context context,
krb5_enctype enctype)
return 0;
}
+/**
+ * Enable encryption type
+ *
+ * @param context Kerberos 5 context
+ * @param enctype encryption type to enable
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_crypto
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_enable(krb5_context context,
+ krb5_enctype enctype)
+{
+ struct encryption_type *et = _find_enctype(enctype);
+ if(et == NULL) {
+ if (context)
+ krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
+ "encryption type %d not supported",
+ enctype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ et->flags &= ~F_DISABLED;
+ return 0;
+}
+
+
krb5_error_code KRB5_LIB_FUNCTION
krb5_string_to_key_derived(krb5_context context,
const void *str,
&kd,
"kerberos", /* XXX well known constant */
strlen("kerberos"));
+ if (ret) {
+ free_key_data(context, &kd, et);
+ return ret;
+ }
ret = krb5_copy_keyblock_contents(context, kd.key, key);
- free_key_data(context, &kd);
+ free_key_data(context, &kd, et);
return ret;
}
return (*et->prf)(context, crypto, input, output);
}
-
+#ifndef HEIMDAL_SMALLER
+/*
+ * First take the configured list of etypes for `keytype' if available,
+ * else, do `krb5_keytype_to_enctypes'.
+ */
-#ifdef CRYPTO_DEBUG
-
-static krb5_error_code
-krb5_get_keyid(krb5_context context,
- krb5_keyblock *key,
- uint32_t *keyid)
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keytype_to_enctypes_default (krb5_context context,
+ krb5_keytype keytype,
+ unsigned *len,
+ krb5_enctype **val)
+ __attribute__((deprecated))
{
- MD5_CTX md5;
- unsigned char tmp[16];
+ unsigned int i, n;
+ krb5_enctype *ret;
- MD5_Init (&md5);
- MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length);
- MD5_Final (tmp, &md5);
- *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15];
+ if (keytype != KEYTYPE_DES || context->etypes_des == NULL)
+ return krb5_keytype_to_enctypes (context, keytype, len, val);
+
+ for (n = 0; context->etypes_des[n]; ++n)
+ ;
+ ret = malloc (n * sizeof(*ret));
+ if (ret == NULL && n != 0) {
+ krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+ return ENOMEM;
+ }
+ for (i = 0; i < n; ++i)
+ ret[i] = context->etypes_des[i];
+ *len = n;
+ *val = ret;
return 0;
}
-static void
-krb5_crypto_debug(krb5_context context,
- int encryptp,
- size_t len,
- krb5_keyblock *key)
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keytype_to_string(krb5_context context,
+ krb5_keytype keytype,
+ char **string)
+ __attribute__((deprecated))
{
- uint32_t keyid;
- char *kt;
- krb5_get_keyid(context, key, &keyid);
- krb5_enctype_to_string(context, key->keytype, &kt);
- krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)",
- encryptp ? "encrypting" : "decrypting",
- (unsigned long)len,
- keyid,
- kt);
- free(kt);
+ struct key_type *kt = _find_keytype(keytype);
+ if(kt == NULL) {
+ krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP,
+ "key type %d not supported", keytype);
+ return KRB5_PROG_KEYTYPE_NOSUPP;
+ }
+ *string = strdup(kt->name);
+ if(*string == NULL) {
+ krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+ return ENOMEM;
+ }
+ return 0;
}
-#endif /* CRYPTO_DEBUG */
-#if 0
-int
-main()
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_keytype(krb5_context context,
+ const char *string,
+ krb5_keytype *keytype)
+ __attribute__((deprecated))
{
-#if 0
- int i;
- krb5_context context;
- krb5_crypto crypto;
- struct key_data *d;
- krb5_keyblock key;
- char constant[4];
- unsigned usage = ENCRYPTION_USAGE(3);
- krb5_error_code ret;
-
- ret = krb5_init_context(&context);
- if (ret)
- errx (1, "krb5_init_context failed: %d", ret);
-
- key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
- key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8"
- "\x25\xe9\x85\xab\x3e\xb5\xfb\x0e"
- "\xc8\xdf\xab\x26\x86\x64\x15\x25";
- key.keyvalue.length = 24;
-
- krb5_crypto_init(context, &key, 0, &crypto);
-
- d = _new_derived_key(crypto, usage);
- if(d == NULL)
- krb5_errx(context, 1, "_new_derived_key failed");
- krb5_copy_keyblock(context, crypto->key.key, &d->key);
- _krb5_put_int(constant, usage, 4);
- derive_key(context, crypto->et, d, constant, sizeof(constant));
- return 0;
-#else
+ char *end;
int i;
- krb5_context context;
- krb5_crypto crypto;
- struct key_data *d;
- krb5_keyblock key;
- krb5_error_code ret;
- Checksum res;
-
- char *data = "what do ya want for nothing?";
- ret = krb5_init_context(&context);
- if (ret)
- errx (1, "krb5_init_context failed: %d", ret);
-
- key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
- key.keyvalue.data = "Jefe";
- /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */
- key.keyvalue.length = 4;
+ for(i = 0; i < num_keytypes; i++)
+ if(strcasecmp(keytypes[i]->name, string) == 0){
+ *keytype = keytypes[i]->type;
+ return 0;
+ }
- d = ecalloc(1, sizeof(*d));
- d->key = &key;
- res.checksum.length = 20;
- res.checksum.data = emalloc(res.checksum.length);
- SP_HMAC_SHA1_checksum(context, d, data, 28, &res);
+ /* check if the enctype is a number */
+ *keytype = strtol(string, &end, 0);
+ if(*end == '\0' && *keytype != 0) {
+ if (krb5_enctype_valid(context, *keytype) == 0)
+ return 0;
+ }
- return 0;
-#endif
+ krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP,
+ "key type %s not supported", string);
+ return KRB5_PROG_KEYTYPE_NOSUPP;
}
#endif
#include "krb5_locl.h"
-RCSID("$Id: data.c 23280 2008-06-23 03:26:18Z lha $");
+RCSID("$Id$");
/**
* Reset the (potentially uninitalized) krb5_data structure.
#include <krb5_locl.h>
-RCSID("$Id: eai_to_heim_errno.c 22065 2007-11-11 16:41:06Z lha $");
+RCSID("$Id$");
/**
* Convert the getaddrinfo() error code to a Kerberos et error code.
#include "krb5_locl.h"
-RCSID("$Id: error_string.c 23274 2008-06-23 03:25:08Z lha $");
+RCSID("$Id$");
#undef __attribute__
#define __attribute__(X)
* @param context Kerberos context
* @param msg error message to free
*
- * @ingroup krb5_error
+ * @ingroup krb5_deprecated
*/
void KRB5_LIB_FUNCTION __attribute__((deprecated))
krb5_free_error_message(context, str);
}
+/**
+ * Set the error message returned by krb5_get_error_string(),
+ * deprecated, use krb5_set_error_message().
+ *
+ * @param context Kerberos context
+ * @param msg error message to free
+ *
+ * @ingroup krb5_deprecated
+ */
+
krb5_error_code KRB5_LIB_FUNCTION
krb5_set_error_string(krb5_context context, const char *fmt, ...)
__attribute__((format (printf, 2, 3))) __attribute__((deprecated))
return 0;
}
+/**
+ * Set the error message returned by krb5_get_error_string(),
+ * deprecated, use krb5_set_error_message().
+ *
+ * @param context Kerberos context
+ * @param msg error message to free
+ *
+ * @ingroup krb5_deprecated
+ */
+
krb5_error_code KRB5_LIB_FUNCTION
krb5_vset_error_string(krb5_context context, const char *fmt, va_list args)
__attribute__ ((format (printf, 2, 0))) __attribute__((deprecated))
#include "krb5_locl.h"
-RCSID("$Id: expand_hostname.c 23280 2008-06-23 03:26:18Z lha $");
+RCSID("$Id$");
static krb5_error_code
copy_hostname(krb5_context context,
#include "krb5_locl.h"
-RCSID("$Id: fcache.c 23444 2008-07-27 12:07:47Z lha $");
+RCSID("$Id$");
typedef struct krb5_fcache{
char *filename;
unlink (filename);
- ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
+ ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
if(ret)
return ret;
{
int ret;
int fd;
- ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY, 0);
+ ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY | O_CLOEXEC, 0);
if(ret)
return ret;
{
krb5_storage *sp;
krb5_error_code ret;
- ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY, 0);
+ ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
if(ret)
return ret;
int fd1, fd2;
char buf[BUFSIZ];
- ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY, 0);
+ ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
if(ret)
return ret;
unlink(FILENAME(to));
ret = fcc_open(context, to, &fd2,
- O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0600);
+ O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
if(ret)
goto out1;
#include "krb5_locl.h"
-RCSID("$Id: free.c 15175 2005-05-18 10:06:16Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep)
#include "krb5_locl.h"
-RCSID("$Id: free_host_realm.c 13863 2004-05-25 21:46:46Z lha $");
+RCSID("$Id$");
/*
* Free all memory allocated by `realmlist'
#include <krb5_locl.h>
-RCSID("$Id: generate_seq_number.c 17442 2006-05-05 09:31:15Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_generate_seq_number(krb5_context context,
#include <krb5_locl.h>
-RCSID("$Id: generate_subkey.c 23280 2008-06-23 03:26:18Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_generate_subkey(krb5_context context,
#include <krb5_locl.h>
-RCSID("$Id: get_cred.c 23280 2008-06-23 03:26:18Z lha $");
+RCSID("$Id$");
/*
* Take the `body' and encode it into `padata' using the credentials
#include "krb5_locl.h"
-RCSID("$Id: get_default_principal.c 23280 2008-06-23 03:26:18Z lha $");
+RCSID("$Id$");
/*
* Try to find out what's a reasonable default principal.
#include "krb5_locl.h"
-RCSID("$Id: get_default_realm.c 23280 2008-06-23 03:26:18Z lha $");
+RCSID("$Id$");
/*
* Return a NULL-terminated list of default realms in `realms'.
#include <krb5_locl.h>
-RCSID("$Id: get_for_creds.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
static krb5_error_code
add_addrs(krb5_context context,
#include "krb5_locl.h"
#include <resolve.h>
-RCSID("$Id: get_host_realm.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
/* To automagically find the correct realm of a host (without
* [domain_realm] in krb5.conf) add a text record for your domain with
#include "krb5_locl.h"
-RCSID("$Id: get_in_tkt.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_init_etype (krb5_context context,
* based on the DNS Name.
*/
flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
- flags |=EXTRACT_TICKET_ALLOW_CNAME_MISMATCH ;
-
+ flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH;
/* compare client and save */
ret = _krb5_principalname2krb5_principal (context,
#include "krb5_locl.h"
-RCSID("$Id: get_in_tkt_with_keytab.c 15477 2005-06-17 04:56:44Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_keytab_key_proc (krb5_context context,
#include <krb5_locl.h>
-RCSID("$Id: get_port.c 13863 2004-05-25 21:46:46Z lha $");
+RCSID("$Id$");
int KRB5_LIB_FUNCTION
krb5_getportbyname (krb5_context context,
#
# This might look like a com_err file, but is not
#
-id "$Id: heim_err.et 13352 2004-02-13 16:23:40Z lha $"
+id "$Id$"
error_table heim
* SUCH DAMAGE.
*/
-/* $Id: heim_threads.h 14409 2004-12-18 16:03:38Z lha $ */
+/* $Id$ */
/*
* Provide wrapper macros for thread synchronization primitives so we
#include "krb5_locl.h"
-RCSID("$Id: init_creds.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
void KRB5_LIB_FUNCTION
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
#include "krb5_locl.h"
-RCSID("$Id: init_creds_pw.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
typedef struct krb5_get_init_creds_ctx {
KDCOptions flags;
#
# This might look like a com_err file, but is not
#
-id "$Id: k524_err.et 10141 2001-06-20 02:45:58Z joda $"
+id "$Id$"
error_table k524
#include "kcm.h"
-RCSID("$Id: kcm.c 23446 2008-07-27 12:08:37Z lha $");
+RCSID("$Id$");
typedef struct krb5_kcmcache {
char *name;
krb5_error_code ret;
int fd;
- fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (fd < 0)
return KRB5_CC_IO;
rk_cloexec(fd);
#include "krb5_locl.h"
-RCSID("$Id: keyblock.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
void KRB5_LIB_FUNCTION
krb5_keyblock_zero(krb5_keyblock *keyblock)
#include "krb5_locl.h"
-RCSID("$Id: keytab.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
/*
* Register a new keytab in `ops'
if (ret) {
/* This is needed for krb5_verify_init_creds, but keep error
* string from previous error for the human. */
+ context->error_code = KRB5_KT_NOTFOUND;
return KRB5_KT_NOTFOUND;
}
#include "krb5_locl.h"
-RCSID("$Id: keytab_any.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
struct any_data {
krb5_keytab kt;
#include "krb5_locl.h"
-RCSID("$Id: keytab_file.c 23469 2008-07-27 12:17:12Z lha $");
+RCSID("$Id$");
#define KRB5_KT_VNO_1 1
#define KRB5_KT_VNO_2 2
krb5_keytab id,
krb5_kt_cursor *c)
{
- return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, 0, c);
+ return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY | O_CLOEXEC, 0, c);
}
static krb5_error_code
krb5_data keytab;
int32_t len;
- fd = open (d->filename, O_RDWR | O_BINARY);
+ fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC);
if (fd < 0) {
- fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
+ fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
if (fd < 0) {
ret = errno;
krb5_set_error_message(context, ret, "open(%s): %s", d->filename,
int found = 0;
krb5_error_code ret;
- ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, 1, &cursor);
+ ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY | O_CLOEXEC, 1, &cursor);
if(ret != 0)
goto out; /* return other error here? */
while(fkt_next_entry_int(context, id, &e, &cursor,
#include "krb5_locl.h"
-RCSID("$Id: keytab_keyfile.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
/* afs keyfile operations --------------------------------------- */
int32_t ret;
struct akf_data *d = id->data;
- c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
+ c->fd = open (d->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0600);
if (c->fd < 0) {
ret = errno;
krb5_set_error_message(context, ret, "keytab afs keyfil open %s failed: %s",
return 0;
}
- fd = open (d->filename, O_RDWR | O_BINARY);
+ fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC);
if (fd < 0) {
fd = open (d->filename,
- O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
+ O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_CLOEXEC, 0600);
if (fd < 0) {
ret = errno;
krb5_set_error_message(context, ret, "open(%s): %s", d->filename,
#include "krb5_locl.h"
-RCSID("$Id: keytab_memory.c 23293 2008-06-23 03:28:22Z lha $");
+RCSID("$Id$");
/* memory operations -------------------------------------------- */
* SUCH DAMAGE.
*/
-/* $Id: krb5-v4compat.h 21575 2007-07-16 07:44:54Z lha $ */
+/* $Id$ */
#ifndef __KRB5_V4COMPAT_H__
#define __KRB5_V4COMPAT_H__
* SUCH DAMAGE.
*/
-/* $Id: krb5.h 23026 2008-04-17 10:02:03Z lha $ */
+/* $Id$ */
#ifndef __KRB5_H__
#define __KRB5_H__
struct getargs;
struct sockaddr;
+/**
+ * Semi private, not stable yet
+ */
+
+typedef struct krb5_crypto_iov {
+ unsigned int flags;
+ /* ignored */
+#define KRB5_CRYPTO_TYPE_EMPTY 0
+ /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
+#define KRB5_CRYPTO_TYPE_HEADER 1
+ /* IN and OUT */
+#define KRB5_CRYPTO_TYPE_DATA 2
+ /* IN */
+#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3
+ /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
+#define KRB5_CRYPTO_TYPE_PADDING 4
+ /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
+#define KRB5_CRYPTO_TYPE_TRAILER 5
+ krb5_data data;
+} krb5_crypto_iov;
+
+
#include <krb5-protos.h>
/* variables */
* SUCH DAMAGE.
*/
-/* $Id: krb5_ccapi.h 22090 2007-12-02 23:23:43Z lha $ */
+/* $Id$ */
#ifndef KRB5_CCAPI_H
#define KRB5_CCAPI_H 1
#
# This might look like a com_err file, but is not
#
-id "$Id: krb5_err.et 23354 2008-07-15 11:23:34Z lha $"
+id "$Id$"
error_table krb5
index 128
prefix
-error_code KRB5_ERR_RCSID, "$Id: krb5_err.et 23354 2008-07-15 11:23:34Z lha $"
+error_code KRB5_ERR_RCSID, "$Id$"
error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode"
error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password"
* SUCH DAMAGE.
*/
-/* $Id: krb5_locl.h 23324 2008-06-26 03:54:45Z lha $ */
+/* $Id$ */
#ifndef __KRB5_LOCL_H__
#define __KRB5_LOCL_H__
#include <wind.h>
+#define HC_DEPRECATED_CRYPTO
#include "crypto-headers.h"
#define O_BINARY 0
#endif
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
+#ifndef SOCK_CLOEXEC
+#define SOCK_CLOEXEC 0
+#endif
+
+
#define KRB5_BUFSIZ 1024
typedef enum {
#include <resolve.h>
#include "locate_plugin.h"
-RCSID("$Id: krbhst.c 23447 2008-07-27 12:09:05Z lha $");
+RCSID("$Id$");
static int
string_to_proto(const char *string)
* SUCH DAMAGE.
*/
-/* $Id: locate_plugin.h 23351 2008-07-15 11:22:39Z lha $ */
+/* $Id$ */
#ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H
#define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1
#include "krb5_locl.h"
-RCSID("$Id: log.c 23443 2008-07-27 12:07:25Z lha $");
+RCSID("$Id$");
struct facility {
int min;
if(p == NULL)
p = krb5_config_get_strings(context, NULL, "logging", "default", NULL);
if(p){
- for(q = p; *q; q++)
+ for(q = p; *q && ret == 0; q++)
ret = krb5_addlog_dest(context, *fac, *q);
krb5_config_free_strings(p);
}else
ret = krb5_addlog_dest(context, *fac, "SYSLOG");
- return 0;
+ return ret;
}
krb5_error_code KRB5_LIB_FUNCTION
#include "krb5_locl.h"
-RCSID("$Id: mcache.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
typedef struct krb5_mcache {
char *name;
#include "krb5_locl.h"
-RCSID("$Id: misc.c 21174 2007-06-19 10:10:58Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
_krb5_s4u2self_to_checksumdata(krb5_context context,
*/
#include "krb5_locl.h"
-RCSID("$Id: mit_glue.c 20042 2007-01-23 20:37:43Z lha $");
+RCSID("$Id$");
/*
* Glue for MIT API
#include "krb5_locl.h"
-RCSID("$Id: mk_error.c 15457 2005-06-16 21:16:40Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_mk_error(krb5_context context,
#include <krb5_locl.h>
-RCSID("$Id: mk_priv.c 23297 2008-06-23 03:28:53Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
#include <krb5_locl.h>
-RCSID("$Id: mk_rep.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_mk_rep(krb5_context context,
#include <krb5_locl.h>
-RCSID("$Id: mk_req.c 13863 2004-05-25 21:46:46Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_mk_req_exact(krb5_context context,
#include <krb5_locl.h>
-RCSID("$Id: mk_req_ext.c 19511 2006-12-27 12:07:22Z lha $");
+RCSID("$Id$");
krb5_error_code
_krb5_mk_req_internal(krb5_context context,
#include "krb5_locl.h"
-RCSID("$Id: n-fold.c 22923 2008-04-08 14:51:33Z lha $");
+RCSID("$Id$");
static krb5_error_code
rr13(unsigned char *buf, size_t len)
#include "krb5_locl.h"
#include <wind.h>
-RCSID("$Id: pac.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
struct PAC_INFO_BUFFER {
uint32_t type;
return ret;
ret = krb5_crypto_get_checksum_type(context, crypto, &cktype);
- ret = krb5_crypto_destroy(context, crypto);
+ krb5_crypto_destroy(context, crypto);
if (ret)
return ret;
#include "krb5_locl.h"
-RCSID("$Id: padata.c 23300 2008-06-23 03:29:22Z lha $");
+RCSID("$Id$");
PA_DATA *
krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx)
#include "krb5_locl.h"
-RCSID("$Id: pkinit.c 23450 2008-07-27 12:10:10Z lha $");
+RCSID("$Id$");
struct krb5_dh_moduli {
char *name;
ret = krb5_data_alloc(a->clientDHNonce, 40);
if (a->clientDHNonce == NULL) {
krb5_clear_error_string(context);
- return ENOMEM;
+ return ret;
}
memset(a->clientDHNonce->data, 0, a->clientDHNonce->length);
ret = krb5_copy_data(context, a->clientDHNonce,
*/
#include "krb5_locl.h"
-RCSID("$Id: plugin.c 23451 2008-07-27 12:10:30Z lha $");
+RCSID("$Id$");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
#endif
#include <fnmatch.h>
#include "resolve.h"
-RCSID("$Id: principal.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
#define princ_num_comp(P) ((P)->name.name_string.len)
#define princ_type(P) ((P)->name.name_type)
return KRB5_SNAME_UNSUPP_NAMETYPE;
}
if(hostname == NULL) {
- gethostname(localhost, sizeof(localhost));
+ ret = gethostname(localhost, sizeof(localhost) - 1);
+ if (ret != 0) {
+ ret = errno;
+ krb5_set_error_message(context, ret,
+ "Failed to get local hostname");
+ return ret;
+ }
+ localhost[sizeof(localhost) - 1] = '\0';
hostname = localhost;
}
if(sname == NULL)
#include "krb5_locl.h"
-RCSID("$Id: prompter_posix.c 13863 2004-05-25 21:46:46Z lha $");
+RCSID("$Id$");
int KRB5_LIB_FUNCTION
krb5_prompter_posix (krb5_context context,
#include <krb5_locl.h>
-RCSID("$Id: rd_cred.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
static krb5_error_code
compare_addrs(krb5_context context,
#include "krb5_locl.h"
-RCSID("$Id: rd_error.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_error(krb5_context context,
#include <krb5_locl.h>
-RCSID("$Id: rd_priv.c 21751 2007-07-31 20:42:20Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_priv(krb5_context context,
krb5_keyblock *key;
krb5_crypto crypto;
- if (outbuf)
- krb5_data_zero(outbuf);
+ krb5_data_zero(outbuf);
if ((auth_context->flags &
- (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
- outdata == NULL) {
- krb5_clear_error_string (context);
- return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
+ (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)))
+ {
+ if (outdata == NULL) {
+ krb5_clear_error_string (context);
+ return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
+ }
+ /* if these fields are not present in the priv-part, silently
+ return zero */
+ memset(outdata, 0, sizeof(*outdata));
}
memset(&priv, 0, sizeof(priv));
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
- /* if these fields are not present in the priv-part, silently
- return zero */
- memset(outdata, 0, sizeof(*outdata));
if(part.timestamp)
outdata->timestamp = *part.timestamp;
if(part.usec)
#include <krb5_locl.h>
-RCSID("$Id: rd_rep.c 23304 2008-06-23 03:29:56Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_rep(krb5_context context,
#include <krb5_locl.h>
-RCSID("$Id: rd_req.c 23415 2008-07-26 18:35:44Z lha $");
+RCSID("$Id$");
static krb5_error_code
decrypt_tkt_enc_part (krb5_context context,
#include "krb5_locl.h"
#include <vis.h>
-RCSID("$Id: replay.c 23467 2008-07-27 12:16:37Z lha $");
+RCSID("$Id$");
struct krb5_rcache_data {
char *name;
#include "krb5_locl.h"
#include "send_to_kdc_plugin.h"
-RCSID("$Id: send_to_kdc.c 23448 2008-07-27 12:09:22Z lha $");
+RCSID("$Id$");
struct send_to_kdc {
krb5_send_to_kdc_func func;
return krb5_eai_to_heim_errno(ret, errno);
for (a = ai; a != NULL; a = a->ai_next) {
- s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol | SOCK_CLOEXEC);
if (s < 0)
continue;
rk_cloexec(s);
continue;
for (a = ai; a != NULL; a = a->ai_next) {
- fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol);
if (fd < 0)
continue;
rk_cloexec(fd);
#include "krb5_locl.h"
-RCSID("$Id: set_default_realm.c 23309 2008-06-23 03:30:41Z lha $");
+RCSID("$Id$");
/*
* Convert the simple string `s' into a NULL-terminated and freshly allocated
#include "krb5_locl.h"
#include "store-int.h"
-RCSID("$Id: store.c 22071 2007-11-14 20:04:50Z lha $");
+RCSID("$Id$");
#define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V))
#define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE)
#include "krb5_locl.h"
#include "store-int.h"
-RCSID("$Id: store_emem.c 22574 2008-02-05 20:31:55Z lha $");
+RCSID("$Id$");
typedef struct emem_storage{
unsigned char *base;
#include "krb5_locl.h"
#include "store-int.h"
-RCSID("$Id: store_fd.c 17779 2006-06-30 21:23:19Z lha $");
+RCSID("$Id$");
typedef struct fd_storage {
int fd;
#include "krb5_locl.h"
#include "store-int.h"
-RCSID("$Id: store_mem.c 20307 2007-04-11 11:16:28Z lha $");
+RCSID("$Id$");
typedef struct mem_storage{
unsigned char *base;
#include "krb5_locl.h"
-RCSID("$Id: ticket.c 23310 2008-06-23 03:30:49Z lha $");
+RCSID("$Id$");
krb5_error_code KRB5_LIB_FUNCTION
krb5_free_ticket(krb5_context context,
#include "krb5_locl.h"
-RCSID("$Id: time.c 23260 2008-06-21 15:22:37Z lha $");
+RCSID("$Id$");
/**
* Set the absolute time that the caller knows the kdc has so the
#include "krb5_locl.h"
-RCSID("$Id: transited.c 23316 2008-06-23 04:32:32Z lha $");
+RCSID("$Id$");
/* this is an attempt at one of the most horrible `compression'
schemes that has ever been invented; it's so amazingly brain-dead
*/
#include "krb5_locl.h"
-RCSID("$Id: v4_glue.c 23452 2008-07-27 12:10:54Z lha $");
+RCSID("$Id$");
#include "krb5-v4compat.h"
krb5_ssize_t size;
krb5_data data;
- /* multiple of eight bytes */
+ /* multiple of eight bytes, don't round up */
size = krb5_storage_seek(sp, 0, SEEK_END);
if (size < 0)
return KRB4ET_RD_AP_UNDEC;
- size = 8 - (size & 7);
+ size = ((size+7) & ~7) - size;
ret = krb5_storage_write(sp, eightzeros, size);
if (ret != size)
#include "krb5_locl.h"
-RCSID("$Id: version.c 7464 1999-12-02 17:05:13Z joda $");
+RCSID("$Id$");
/* this is just to get a version stamp in the library file */
#include "krb5_locl.h"
#include <err.h>
-RCSID("$Id: warn.c 23206 2008-05-29 02:13:41Z lha $");
+RCSID("$Id$");
static krb5_error_code _warnerr(krb5_context context, int do_errtext,
krb5_error_code code, int level, const char *fmt, va_list ap)
* SUCH DAMAGE.
*/
-/* $Id: heimntlm.h 22376 2007-12-28 18:38:23Z lha $ */
+/* $Id$ */
#ifndef HEIM_NTLM_H
#define HEIM_NTLM_H
/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+ * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
#include <config.h>
-RCSID("$Id: ntlm.c 23169 2008-05-22 02:52:07Z lha $");
+RCSID("$Id$");
#include <stdio.h>
#include <stdlib.h>
#include <krb5.h>
#include <roken.h>
+#define HC_DEPRECATED_CRYPTO
+
#include "krb5-types.h"
#include "crypto-headers.h"
HMAC_Init_ex(&c, key, len, EVP_md5(), NULL);
{
struct ntlm_buf buf;
- /* uppercase username and turn it inte ucs2-le */
+ /* uppercase username and turn it into ucs2-le */
ascii2ucs2le(username, 1, &buf);
HMAC_Update(&c, buf.data, buf.length);
free(buf.data);
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: base64.c 15506 2005-06-23 10:47:57Z lha $");
+RCSID("$Id$");
#endif
#include <stdlib.h>
#include <string.h>
if (p == NULL)
return -1;
q = (const unsigned char *) data;
- i = 0;
+
for (i = 0; i < size;) {
c = q[i++];
c *= 256;
* SUCH DAMAGE.
*/
-/* $Id: base64.h 15535 2005-06-30 07:13:33Z lha $ */
+/* $Id$ */
#ifndef _BASE64_H_
#define _BASE64_H_
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
-#include <roken.h>
+#include "roken.h"
-RCSID("$Id: bswap.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#ifndef HAVE_BSWAP32
#include <unistd.h>
#include <fcntl.h>
-#include <roken.h>
+#include "roken.h"
void ROKEN_LIB_FUNCTION
rk_cloexec(int fd)
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: closefrom.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#ifdef HAVE_SYS_TYPES_H
#include <unistd.h>
#endif
-#include <roken.h>
+#include "roken.h"
int ROKEN_LIB_FUNCTION
closefrom(int fd)
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: copyhostent.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
/*
* return a malloced copy of `h'
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: dumpdata.c 23412 2008-07-26 18:34:23Z lha $");
+RCSID("$Id$");
#endif
#include <unistd.h>
-#include <roken.h>
+#include "roken.h"
/*
* Write datablob to a filename, don't care about errors.
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: ecalloc.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <stdlib.h>
#include <err.h>
-#include <roken.h>
+#include "roken.h"
/*
* Like calloc but never fails.
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: emalloc.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <stdlib.h>
#include <err.h>
-#include <roken.h>
+#include "roken.h"
/*
* Like malloc but never fails.
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: erealloc.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <stdlib.h>
#include <err.h>
-#include <roken.h>
+#include "roken.h"
/*
* Like realloc but never fails.
* SUCH DAMAGE.
*/
-/* $Id: err.hin 14773 2005-04-12 11:29:18Z lha $ */
+/* $Id$ */
#ifndef __ERR_H__
#define __ERR_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: estrdup.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <stdlib.h>
#include <err.h>
-#include <roken.h>
+#include "roken.h"
/*
* Like strdup but never fails.
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: freeaddrinfo.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
/*
* free the list of `struct addrinfo' starting at `ai'
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: freehostent.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
/*
* free a malloced hostent
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: gai_strerror.c 15837 2005-08-05 09:31:35Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
static struct gai_error {
int code;
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: get_window_size.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <stdlib.h>
#include <termios.h>
#endif
-#include <roken.h>
+#include "roken.h"
int ROKEN_LIB_FUNCTION
get_window_size(int fd, struct winsize *wp)
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: getaddrinfo.c 15417 2005-06-16 17:49:29Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
/*
* uses hints->ai_socktype and hints->ai_protocol
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: getarg.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <roken.h>
+#include "roken.h"
#include "getarg.h"
#define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag)
max_len = max(max_len, len);
}
if (extra_string) {
- col = check_column(stderr, col, strlen(extra_string) + 1, columns);
+ check_column(stderr, col, strlen(extra_string) + 1, columns);
fprintf (stderr, " %s\n", extra_string);
} else
fprintf (stderr, "\n");
* SUCH DAMAGE.
*/
-/* $Id: getarg.h 14776 2005-04-13 05:52:27Z lha $ */
+/* $Id$ */
#ifndef __GETARG_H__
#define __GETARG_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: getipnodebyaddr.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
/*
* lookup `src, len' (address family `af') in DNS and return a pointer
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: getipnodebyname.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
#ifndef HAVE_H_ERRNO
static int h_errno = NO_RECOVERY;
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: getnameinfo.c 15412 2005-06-16 16:53:09Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
static int
doit (int af,
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: getprogname.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
#ifndef HAVE___PROGNAME
const char *__progname;
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: h_errno.c 10442 2001-08-08 03:47:23Z assar $");
+RCSID("$Id$");
#endif
#ifndef HAVE_H_ERRNO
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: hex.c 16504 2006-01-09 17:09:29Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
#include <ctype.h>
#include "hex.h"
* SUCH DAMAGE.
*/
-/* $Id: hex.h 14773 2005-04-12 11:29:18Z lha $ */
+/* $Id$ */
#ifndef _rk_HEX_H_
#define _rk_HEX_H_ 1
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: hostent_find_fqdn.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
/*
* Try to find a fqdn (with `.') in he if possible, else return h_name
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: inet_aton.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
/* Minimal implementation of inet_aton.
* Cannot distinguish between failure and a local broadcast address. */
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: inet_ntop.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
/*
*
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: inet_pton.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
int ROKEN_LIB_FUNCTION
inet_pton(int af, const char *src, void *dst)
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: issuid.c 15131 2005-05-13 07:42:03Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
int ROKEN_LIB_FUNCTION
issuid(void)
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: net_read.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <sys/types.h>
#include <unistd.h>
#include <errno.h>
-#include <roken.h>
+#include "roken.h"
/*
* Like read but never return partial data.
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: net_write.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <sys/types.h>
#include <unistd.h>
#include <errno.h>
-#include <roken.h>
+#include "roken.h"
/*
* Like write but never return partial data.
* SUCH DAMAGE.
*/
-/* $Id: parse_bytes.h 14787 2005-04-13 13:19:07Z lha $ */
+/* $Id$ */
#ifndef __PARSE_BYTES_H__
#define __PARSE_BYTES_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: parse_time.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
#include <parse_units.h>
* SUCH DAMAGE.
*/
-/* $Id: parse_time.h 14773 2005-04-12 11:29:18Z lha $ */
+/* $Id$ */
#ifndef __PARSE_TIME_H__
#define __PARSE_TIME_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: parse_units.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <stdio.h>
#include <ctype.h>
#include <string.h>
-#include <roken.h>
+#include "roken.h"
#include "parse_units.h"
/*
print_units_table (const struct units *units, FILE *f)
{
const struct units *u, *u2;
- unsigned max_sz = 0;
+ int max_sz = 0;
for (u = units; u->name; ++u) {
max_sz = max(max_sz, strlen(u->name));
* SUCH DAMAGE.
*/
-/* $Id: parse_units.h 14773 2005-04-12 11:29:18Z lha $ */
+/* $Id$ */
#ifndef __PARSE_UNITS_H__
#define __PARSE_UNITS_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
-#include <roken.h>
+#include "roken.h"
#ifdef HAVE_ARPA_NAMESER_H
#include <arpa/nameser.h>
#endif
#include <assert.h>
-RCSID("$Id: resolve.c 22873 2008-04-07 18:50:39Z lha $");
+RCSID("$Id$");
#ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */
#undef HAVE_RES_NSEARCH
* SUCH DAMAGE.
*/
-/* $Id: resolve.h 14773 2005-04-12 11:29:18Z lha $ */
+/* $Id$ */
#ifndef __RESOLVE_H__
#define __RESOLVE_H__
* SUCH DAMAGE.
*/
-/* $Id: roken-common.h 23468 2008-07-27 12:16:56Z lha $ */
+/* $Id$ */
#ifndef __ROKEN_COMMON_H__
#define __ROKEN_COMMON_H__
* SUCH DAMAGE.
*/
-/* $Id: roken.h.in 18612 2006-10-19 16:35:16Z lha $ */
+/* $Id$ */
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: roken_gethostby.c 21157 2007-06-18 22:03:13Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
#undef roken_gethostbyname
#undef roken_gethostbyaddr
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID ("$Id: rtbl.c 17758 2006-06-30 13:41:40Z lha $");
+RCSID ("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
#include "rtbl.h"
struct column_entry {
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* $Id: rtbl.h 17760 2006-06-30 13:42:39Z lha $ */
+/* $Id$ */
#ifndef __rtbl_h__
#define __rtbl_h__
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: setprogname.c 15955 2005-08-23 10:19:20Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
#ifndef HAVE___PROGNAME
extern const char *__progname;
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: signal.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
#include <signal.h>
-#include <roken.h>
+#include "roken.h"
/*
* We would like to always use this signal but there is a link error
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: simple_exec.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <stdarg.h>
#endif
#include <errno.h>
-#include <roken.h>
+#include "roken.h"
#define EX_NOEXEC 126
#define EX_NOTFOUND 127
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: socket.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
#include <err.h>
/*
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: strcollect.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
-#include <roken.h>
+#include "roken.h"
enum { initial = 10, increment = 5 };
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: strlwr.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <string.h>
#include <ctype.h>
-#include <roken.h>
+#include "roken.h"
#ifndef HAVE_STRLWR
char * ROKEN_LIB_FUNCTION
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: strpool.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <stdarg.h>
#include <stdlib.h>
-#include <roken.h>
+#include "roken.h"
struct rk_strpool {
char *str;
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: strsep.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
#include <string.h>
-#include <roken.h>
+#include "roken.h"
#ifndef HAVE_STRSEP
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: strsep_copy.c 14773 2005-04-12 11:29:18Z lha $");
+RCSID("$Id$");
#endif
#include <string.h>
-#include <roken.h>
+#include "roken.h"
#ifndef HAVE_STRSEP_COPY
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: strupr.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
#include <string.h>
#include <ctype.h>
-#include <roken.h>
+#include "roken.h"
#ifndef HAVE_STRUPR
char * ROKEN_LIB_FUNCTION
-/* $NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $ */
+/* $NetBSD: vis.c,v 1.37 2008/07/25 22:29:23 dsl Exp $ */
/*-
* Copyright (c) 1989, 1993
*/
/*-
- * Copyright (c) 1999 The NetBSD Foundation, Inc.
+ * Copyright (c) 1999, 2005 The NetBSD Foundation, Inc.
+ * All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
-
#if 1
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: vis.c 21005 2007-06-08 01:54:35Z lha $");
+RCSID("$Id$");
#endif
-#include <roken.h>
+#include "roken.h"
#ifndef _DIAGASSERT
#define _DIAGASSERT(X)
#endif
-#else
+#else /* heimdal */
#include <sys/cdefs.h>
-#if !defined(lint)
-__RCSID("$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $");
-#endif /* not lint */
-#endif
+#if defined(LIBC_SCCS) && !defined(lint)
+__RCSID("$NetBSD: vis.c,v 1.37 2008/07/25 22:29:23 dsl Exp $");
+#endif /* LIBC_SCCS and not lint */
-#if 0
#include "namespace.h"
-#endif
+#endif /* heimdal */
+
#include <sys/types.h>
#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <vis.h>
+#include <stdlib.h>
#if 0
#ifdef __weak_alias
#endif
#endif
+#if !HAVE_VIS || !HAVE_SVIS
+#include <ctype.h>
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+
+static char *do_svis(char *, int, int, int, const char *);
+
#undef BELL
#if defined(__STDC__)
#define BELL '\a'
#define BELL '\007'
#endif
-char ROKEN_LIB_FUNCTION
- *rk_vis (char *, int, int, int);
-char ROKEN_LIB_FUNCTION
- *rk_svis (char *, int, int, int, const char *);
+char * ROKEN_LIB_FUNCTION
+ rk_vis (char *, int, int, int);
+char * ROKEN_LIB_FUNCTION
+ rk_svis (char *, int, int, int, const char *);
int ROKEN_LIB_FUNCTION
rk_strvis (char *, const char *, int);
int ROKEN_LIB_FUNCTION
#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
#define iswhite(c) (c == ' ' || c == '\t' || c == '\n')
#define issafe(c) (c == '\b' || c == BELL || c == '\r')
+#define xtoa(c) "0123456789abcdef"[c]
-#define MAXEXTRAS 5
-
+#define MAXEXTRAS 5
-#define MAKEEXTRALIST(flag, extra) \
+#define MAKEEXTRALIST(flag, extra, orig_str) \
do { \
- char *pextra = extra; \
- if (flag & VIS_SP) *pextra++ = ' '; \
- if (flag & VIS_TAB) *pextra++ = '\t'; \
- if (flag & VIS_NL) *pextra++ = '\n'; \
- if ((flag & VIS_NOSLASH) == 0) *pextra++ = '\\'; \
- *pextra = '\0'; \
+ const char *orig = orig_str; \
+ const char *o = orig; \
+ char *e; \
+ while (*o++) \
+ continue; \
+ extra = malloc((size_t)((o - orig) + MAXEXTRAS)); \
+ if (!extra) break; \
+ for (o = orig, e = extra; (*e++ = *o++) != '\0';) \
+ continue; \
+ e--; \
+ if (flag & VIS_SP) *e++ = ' '; \
+ if (flag & VIS_TAB) *e++ = '\t'; \
+ if (flag & VIS_NL) *e++ = '\n'; \
+ if ((flag & VIS_NOSLASH) == 0) *e++ = '\\'; \
+ *e = '\0'; \
} while (/*CONSTCOND*/0)
/*
- * This is SVIS, the central macro of vis.
+ * This is do_hvis, for HTTP style (RFC 1808)
+ */
+static char *
+do_hvis(char *dst, int c, int flag, int nextc, const char *extra)
+{
+ if (!isascii(c) || !isalnum(c) || strchr("$-_.+!*'(),", c) != NULL) {
+ *dst++ = '%';
+ *dst++ = xtoa(((unsigned int)c >> 4) & 0xf);
+ *dst++ = xtoa((unsigned int)c & 0xf);
+ } else {
+ dst = do_svis(dst, c, flag, nextc, extra);
+ }
+ return dst;
+}
+
+/*
+ * This is do_vis, the central code of vis.
* dst: Pointer to the destination buffer
* c: Character to encode
* flag: Flag word
* extra: Pointer to the list of extra characters to be
* backslash-protected.
*/
-#define SVIS(dst, c, flag, nextc, extra) \
-do { \
- int isextra, isc; \
- isextra = strchr(extra, c) != NULL; \
- if (!isextra && \
- isascii((unsigned char)c) && \
- (isgraph((unsigned char)c) || iswhite(c) || \
- ((flag & VIS_SAFE) && issafe(c)))) { \
- *dst++ = c; \
- break; \
- } \
- isc = 0; \
- if (flag & VIS_CSTYLE) { \
- switch (c) { \
- case '\n': \
- isc = 1; *dst++ = '\\'; *dst++ = 'n'; \
- break; \
- case '\r': \
- isc = 1; *dst++ = '\\'; *dst++ = 'r'; \
- break; \
- case '\b': \
- isc = 1; *dst++ = '\\'; *dst++ = 'b'; \
- break; \
- case BELL: \
- isc = 1; *dst++ = '\\'; *dst++ = 'a'; \
- break; \
- case '\v': \
- isc = 1; *dst++ = '\\'; *dst++ = 'v'; \
- break; \
- case '\t': \
- isc = 1; *dst++ = '\\'; *dst++ = 't'; \
- break; \
- case '\f': \
- isc = 1; *dst++ = '\\'; *dst++ = 'f'; \
- break; \
- case ' ': \
- isc = 1; *dst++ = '\\'; *dst++ = 's'; \
- break; \
- case '\0': \
- isc = 1; *dst++ = '\\'; *dst++ = '0'; \
- if (isoctal(nextc)) { \
- *dst++ = '0'; \
- *dst++ = '0'; \
- } \
- } \
- } \
- if (isc) break; \
- if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) { \
- *dst++ = '\\'; \
- *dst++ = (u_char)(((unsigned)(u_char)c >> 6) & 03) + '0'; \
- *dst++ = (u_char)(((unsigned)(u_char)c >> 3) & 07) + '0'; \
- *dst++ = (c & 07) + '0'; \
- } else { \
- if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\'; \
- if (c & 0200) { \
- c &= 0177; *dst++ = 'M'; \
- } \
- if (iscntrl((unsigned char)c)) { \
- *dst++ = '^'; \
- if (c == 0177) \
- *dst++ = '?'; \
- else \
- *dst++ = c + '@'; \
- } else { \
- *dst++ = '-'; *dst++ = c; \
- } \
- } \
-} while (/*CONSTCOND*/0)
+static char *
+do_svis(char *dst, int c, int flag, int nextc, const char *extra)
+{
+ int isextra;
+ isextra = strchr(extra, c) != NULL;
+ if (!isextra && isascii(c) && (isgraph(c) || iswhite(c) ||
+ ((flag & VIS_SAFE) && issafe(c)))) {
+ *dst++ = c;
+ return dst;
+ }
+ if (flag & VIS_CSTYLE) {
+ switch (c) {
+ case '\n':
+ *dst++ = '\\'; *dst++ = 'n';
+ return dst;
+ case '\r':
+ *dst++ = '\\'; *dst++ = 'r';
+ return dst;
+ case '\b':
+ *dst++ = '\\'; *dst++ = 'b';
+ return dst;
+ case BELL:
+ *dst++ = '\\'; *dst++ = 'a';
+ return dst;
+ case '\v':
+ *dst++ = '\\'; *dst++ = 'v';
+ return dst;
+ case '\t':
+ *dst++ = '\\'; *dst++ = 't';
+ return dst;
+ case '\f':
+ *dst++ = '\\'; *dst++ = 'f';
+ return dst;
+ case ' ':
+ *dst++ = '\\'; *dst++ = 's';
+ return dst;
+ case '\0':
+ *dst++ = '\\'; *dst++ = '0';
+ if (isoctal(nextc)) {
+ *dst++ = '0';
+ *dst++ = '0';
+ }
+ return dst;
+ default:
+ if (isgraph(c)) {
+ *dst++ = '\\'; *dst++ = c;
+ return dst;
+ }
+ }
+ }
+ if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) {
+ *dst++ = '\\';
+ *dst++ = (u_char)(((u_int32_t)(u_char)c >> 6) & 03) + '0';
+ *dst++ = (u_char)(((u_int32_t)(u_char)c >> 3) & 07) + '0';
+ *dst++ = (c & 07) + '0';
+ } else {
+ if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\';
+ if (c & 0200) {
+ c &= 0177; *dst++ = 'M';
+ }
+ if (iscntrl(c)) {
+ *dst++ = '^';
+ if (c == 0177)
+ *dst++ = '?';
+ else
+ *dst++ = c + '@';
+ } else {
+ *dst++ = '-'; *dst++ = c;
+ }
+ }
+ return dst;
+}
/*
* svis - visually encode characters, also encoding the characters
- * pointed to by `extra'
+ * pointed to by `extra'
*/
-
char * ROKEN_LIB_FUNCTION
rk_svis(char *dst, int c, int flag, int nextc, const char *extra)
{
+ char *nextra = NULL;
+
_DIAGASSERT(dst != NULL);
_DIAGASSERT(extra != NULL);
-
- SVIS(dst, c, flag, nextc, extra);
+ MAKEEXTRALIST(flag, nextra, extra);
+ if (!nextra) {
+ *dst = '\0'; /* can't create nextra, return "" */
+ return dst;
+ }
+ if (flag & VIS_HTTPSTYLE)
+ dst = do_hvis(dst, c, flag, nextc, nextra);
+ else
+ dst = do_svis(dst, c, flag, nextc, nextra);
+ free(nextra);
*dst = '\0';
- return(dst);
+ return dst;
}
* be encoded, too. These functions are useful e. g. to
* encode strings in such a way so that they are not interpreted
* by a shell.
- *
+ *
* Dst must be 4 times the size of src to account for possible
* expansion. The length of dst, not including the trailing NULL,
- * is returned.
+ * is returned.
*
* Strsvisx encodes exactly len bytes from src into dst.
* This is useful for encoding a block of data.
*/
-
int ROKEN_LIB_FUNCTION
-rk_strsvis(char *dst, const char *src, int flag, const char *extra)
+rk_strsvis(char *dst, const char *csrc, int flag, const char *extra)
{
- char c;
+ int c;
char *start;
+ char *nextra = NULL;
+ const unsigned char *src = (const unsigned char *)csrc;
_DIAGASSERT(dst != NULL);
_DIAGASSERT(src != NULL);
_DIAGASSERT(extra != NULL);
-
- for (start = dst; (c = *src++) != '\0'; /* empty */)
- SVIS(dst, c, flag, *src, extra);
+ MAKEEXTRALIST(flag, nextra, extra);
+ if (!nextra) {
+ *dst = '\0'; /* can't create nextra, return "" */
+ return 0;
+ }
+ if (flag & VIS_HTTPSTYLE) {
+ for (start = dst; (c = *src++) != '\0'; /* empty */)
+ dst = do_hvis(dst, c, flag, *src, nextra);
+ } else {
+ for (start = dst; (c = *src++) != '\0'; /* empty */)
+ dst = do_svis(dst, c, flag, *src, nextra);
+ }
+ free(nextra);
*dst = '\0';
return (dst - start);
}
int ROKEN_LIB_FUNCTION
-rk_strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra)
+rk_strsvisx(char *dst, const char *csrc, size_t len, int flag, const char *extra)
{
- char c;
+ unsigned char c;
char *start;
+ char *nextra = NULL;
+ const unsigned char *src = (const unsigned char *)csrc;
_DIAGASSERT(dst != NULL);
_DIAGASSERT(src != NULL);
_DIAGASSERT(extra != NULL);
+ MAKEEXTRALIST(flag, nextra, extra);
+ if (! nextra) {
+ *dst = '\0'; /* can't create nextra, return "" */
+ return 0;
+ }
- for (start = dst; len > 0; len--) {
- c = *src++;
- SVIS(dst, c, flag, len ? *src : '\0', extra);
+ if (flag & VIS_HTTPSTYLE) {
+ for (start = dst; len > 0; len--) {
+ c = *src++;
+ dst = do_hvis(dst, c, flag, len ? *src : '\0', nextra);
+ }
+ } else {
+ for (start = dst; len > 0; len--) {
+ c = *src++;
+ dst = do_svis(dst, c, flag, len ? *src : '\0', nextra);
+ }
}
+ free(nextra);
*dst = '\0';
return (dst - start);
}
+#endif
-
+#if !HAVE_VIS
/*
* vis - visually encode characters
*/
char * ROKEN_LIB_FUNCTION
rk_vis(char *dst, int c, int flag, int nextc)
{
- char extra[MAXEXTRAS];
+ char *extra = NULL;
+ unsigned char uc = (unsigned char)c;
_DIAGASSERT(dst != NULL);
- MAKEEXTRALIST(flag, extra);
- SVIS(dst, c, flag, nextc, extra);
+ MAKEEXTRALIST(flag, extra, "");
+ if (! extra) {
+ *dst = '\0'; /* can't create extra, return "" */
+ return dst;
+ }
+ if (flag & VIS_HTTPSTYLE)
+ dst = do_hvis(dst, uc, flag, nextc, extra);
+ else
+ dst = do_svis(dst, uc, flag, nextc, extra);
+ free(extra);
*dst = '\0';
- return (dst);
+ return dst;
}
/*
* strvis, strvisx - visually encode characters from src into dst
- *
+ *
* Dst must be 4 times the size of src to account for possible
* expansion. The length of dst, not including the trailing NULL,
- * is returned.
+ * is returned.
*
* Strvisx encodes exactly len bytes from src into dst.
* This is useful for encoding a block of data.
*/
-
int ROKEN_LIB_FUNCTION
rk_strvis(char *dst, const char *src, int flag)
{
- char extra[MAXEXTRAS];
+ char *extra = NULL;
+ int rv;
- MAKEEXTRALIST(flag, extra);
- return (rk_strsvis(dst, src, flag, extra));
+ MAKEEXTRALIST(flag, extra, "");
+ if (!extra) {
+ *dst = '\0'; /* can't create extra, return "" */
+ return 0;
+ }
+ rv = strsvis(dst, src, flag, extra);
+ free(extra);
+ return rv;
}
int ROKEN_LIB_FUNCTION
rk_strvisx(char *dst, const char *src, size_t len, int flag)
{
- char extra[MAXEXTRAS];
+ char *extra = NULL;
+ int rv;
- MAKEEXTRALIST(flag, extra);
- return (rk_strsvisx(dst, src, len, flag, extra));
+ MAKEEXTRALIST(flag, extra, "");
+ if (!extra) {
+ *dst = '\0'; /* can't create extra, return "" */
+ return 0;
+ }
+ rv = strsvisx(dst, src, len, flag, extra);
+ free(extra);
+ return rv;
}
+#endif
-/* $NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $ */
-/* $Id: vis.hin 19341 2006-12-15 11:53:09Z lha $ */
+/* $NetBSD: vis.h,v 1.16 2005/09/13 01:44:32 christos Exp $ */
/*-
* Copyright (c) 1990, 1993
#endif
#endif
+#include <sys/types.h>
+
/*
* to select alternate encoding format
*/
* other
*/
#define VIS_NOSLASH 0x40 /* inhibit printing '\' */
+#define VIS_HTTPSTYLE 0x80 /* http-style escape % HEX HEX */
/*
* unvis return codes
*/
#define UNVIS_END 1 /* no more characters */
-char ROKEN_LIB_FUNCTION
- *rk_vis (char *, int, int, int);
-char ROKEN_LIB_FUNCTION
- *rk_svis (char *, int, int, int, const char *);
+#include <sys/cdefs.h>
+
+__BEGIN_DECLS
+char * ROKEN_LIB_FUNCTION
+ rk_vis(char *, int, int, int);
+char * ROKEN_LIB_FUNCTION
+ rk_svis(char *, int, int, int, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_strvis(char *, const char *, int);
int ROKEN_LIB_FUNCTION
- rk_strvis (char *, const char *, int);
+ rk_strsvis(char *, const char *, int, const char *);
int ROKEN_LIB_FUNCTION
- rk_strsvis (char *, const char *, int, const char *);
+ rk_strvisx(char *, const char *, size_t, int);
int ROKEN_LIB_FUNCTION
- rk_strvisx (char *, const char *, size_t, int);
+ rk_strsvisx(char *, const char *, size_t, int, const char *);
int ROKEN_LIB_FUNCTION
- rk_strsvisx (char *, const char *, size_t, int, const char *);
+ rk_strunvis(char *, const char *);
int ROKEN_LIB_FUNCTION
- rk_strunvis (char *, const char *);
+ rk_strunvisx(char *, const char *, int);
int ROKEN_LIB_FUNCTION
- rk_unvis (char *, int, int *, int);
+ rk_unvis(char *, int, int *, int);
+__END_DECLS
#undef vis
#define vis(a,b,c,d) rk_vis(a,b,c,d)
#include <unistd.h>
-#include <roken.h>
+#include "roken.h"
void ROKEN_LIB_FUNCTION
rk_xfree (void *buf)
#ifdef HAVE_CONFIG_H
#include <config.h>
-RCSID("$Id: print_version.c 22428 2008-01-13 09:58:05Z lha $");
+RCSID("$Id$");
#endif
#include "roken.h"
#!/usr/local/bin/python
# -*- coding: iso-8859-1 -*-
-# $Id: UnicodeData.py 22551 2008-02-01 16:22:22Z lha $
+# $Id$
# Copyright (c) 2004 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
#!/usr/local/bin/python
# -*- coding: iso-8859-1 -*-
-# $Id: gen-bidi.py 23332 2008-06-27 14:42:17Z lha $
+# $Id$
# Copyright (c) 2004 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
#!/usr/local/bin/python
# -*- coding: iso-8859-1 -*-
-# $Id: gen-combining.py 23332 2008-06-27 14:42:17Z lha $
+# $Id$
# Copyright (c) 2004 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
#!/usr/local/bin/python
# -*- coding: iso-8859-1 -*-
-# $Id: gen-errorlist.py 23242 2008-06-01 22:27:54Z lha $
+# $Id$
# Copyright (c) 2004 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
#!/usr/local/bin/python
# -*- coding: iso-8859-1 -*-
-# $Id: gen-map.py 23242 2008-06-01 22:27:54Z lha $
+# $Id$
# Copyright (c) 2004 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
#!/usr/local/bin/python
# -*- coding: iso-8859-1 -*-
-# $Id: gen-normalize.py 23332 2008-06-27 14:42:17Z lha $
+# $Id$
# Copyright (c) 2004 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
#!/usr/local/bin/python
# -*- coding: iso-8859-1 -*-
-# $Id: generate.py 23242 2008-06-01 22:27:54Z lha $
+# $Id$
# Copyright (c) 2004 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
#include "map_table.h"
-RCSID("$Id: map.c 22556 2008-02-01 16:38:46Z lha $");
+RCSID("$Id$");
static int
translation_cmp(const void *key, const void *data)
#include "normalize_table.h"
-RCSID("$Id: normalize.c 22581 2008-02-11 20:42:25Z lha $");
+RCSID("$Id$");
static int
translation_cmp(const void *key, const void *data)
#!/usr/local/bin/python
# -*- coding: iso-8859-1 -*-
-# $Id: rfc3454.py 22551 2008-02-01 16:22:22Z lha $
+# $Id$
# Copyright (c) 2004 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
#!/usr/local/bin/python
# -*- coding: iso-8859-1 -*-
-# $Id: rfc4518.py 22551 2008-02-01 16:22:22Z lha $
+# $Id$
# Copyright (c) 2004, 2008 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
#include <string.h>
#include <errno.h>
-RCSID("$Id: stringprep.c 23063 2008-04-21 11:18:04Z lha $");
+RCSID("$Id$");
/**
* Process a input UCS4 string according a string-prep profile.
#!/usr/local/bin/python
# -*- coding: iso-8859-1 -*-
-# $Id: stringprep.py 22551 2008-02-01 16:22:22Z lha $
+# $Id$
# Copyright (c) 2008 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
#endif
#include "windlocl.h"
-RCSID("$Id: utf8.c 23246 2008-06-01 22:29:04Z lha $");
+RCSID("$Id$");
static int
utf8toutf32(const unsigned char **pp, uint32_t *out)
#!/usr/local/bin/python
# -*- coding: iso-8859-1 -*-
-# $Id: util.py 22551 2008-02-01 16:22:22Z lha $
+# $Id$
# Copyright (c) 2004 Kungliga Tekniska Högskolan
# (Royal Institute of Technology, Stockholm, Sweden).
* SUCH DAMAGE.
*/
-/* $Id: wind.h 23233 2008-06-01 22:25:25Z lha $ */
+/* $Id$ */
#ifndef _WIND_H_
#define _WIND_H_
#
# This might look like a com_err file, but is not
#
-id "$Id: wind_err.et 23233 2008-06-01 22:25:25Z lha $"
+id "$Id$"
error_table wind
* SUCH DAMAGE.
*/
-/* $Id: windlocl.h 23187 2008-05-23 15:04:07Z lha $ */
+/* $Id$ */
#ifndef _WINDLOCL_H_
#define _WINDLOCL_H_
git.samba.org / kai / samba.git / commitdiff