From: Zhanna Tsitkov Date: Wed, 26 May 2010 17:54:37 +0000 (+0000) Subject: Implementation of yarrow prng as a plugin requires the vast majority of the routines... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=657e3c17efd819c1f26c8f6dd874e3dea52077c9;p=thirdparty%2Fkrb5.git Implementation of yarrow prng as a plugin requires the vast majority of the routines in crypto lib to have a krb5_context as an argument. (This is needed to pass ref to pl_handle.) Unfortunately, it is not the case for the current state of crypto lib. Introducing krb5_context is a very invasive change and might be unsuitable for 1.9 release. So, yarrow is moved from plugins to crypto/krb and is treated as built-in functionality again. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24104 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/Makefile.in b/src/Makefile.in index fecc2dc0df..d09f7680cf 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -7,7 +7,7 @@ mydir=. # plugins/preauth/wpse # plugins/preauth/cksum_body # plugins/authdata/greet -SUBDIRS=util include plugin_core plugins/prng \ +SUBDIRS=util include plugin_core plugin_core/impl plugins/prng \ plugins/pa plugins/pa/encrypted_challenge \ lib \ @ldap_plugin_dir@ \ @@ -202,6 +202,7 @@ WINMAKEFILES=Makefile \ lib\crypto\@CRYPTO_IMPL@\hash_provider\Makefile \ lib\crypto\krb\keyhash_provider\Makefile \ lib\crypto\krb\prf\Makefile lib\crypto\krb\rand2key\Makefile \ + lib\crypto\krb\yarrow\Makefile \ lib\crypto\krb\raw\Makefile lib\crypto\krb\old\Makefile \ lib\crypto\@CRYPTO_IMPL@\sha1\Makefile lib\crypto\@CRYPTO_IMPL@\arcfour\Makefile \ lib\crypto\@CRYPTO_IMPL@\md4\Makefile lib\crypto\@CRYPTO_IMPL@\md5\Makefile \ diff --git a/src/configure.in b/src/configure.in index b67d27e021..4e4d9d6e3d 100644 --- a/src/configure.in +++ b/src/configure.in @@ -1076,6 +1076,7 @@ V5_AC_OUTPUT_MAKEFILE(. lib/crypto/krb/dk lib/crypto/$CRYPTO_IMPL/enc_provider lib/crypto/$CRYPTO_IMPL/hash_provider lib/crypto/krb/checksum lib/crypto/krb/prf lib/crypto/krb/rand2key + lib/crypto/krb/yarrow lib/crypto/$CRYPTO_IMPL lib/crypto/$CRYPTO_IMPL/md4 lib/crypto/$CRYPTO_IMPL/md5 lib/crypto/krb/old lib/crypto/krb/raw lib/crypto/$CRYPTO_IMPL/sha1 lib/crypto/krb/arcfour lib/crypto/$CRYPTO_IMPL/aes @@ -1117,7 +1118,6 @@ dnl ccapi ccapi/lib ccapi/lib/unix ccapi/server ccapi/server/unix ccapi/test plugins/prng plugin_core/impl - plugins/prng/plugin_yarrow plugins/pa plugins/pa/encrypted_challenge plugin_core diff --git a/src/include/k5-int.h b/src/include/k5-int.h index b2381e1c85..f6ef41a10b 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -813,7 +813,7 @@ krb5_error_code krb5int_c_copy_keyblock_contents(krb5_context context, /* * Internal - for cleanup. */ -extern void krb5int_prng_cleanup(krb5_context context); +extern void krb5int_prng_cleanup(void); #ifdef KRB5_OLD_CRYPTO @@ -2554,8 +2554,8 @@ extern krb5_error_code krb5int_translate_gai_error(int); extern krb5_error_code krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); -extern int krb5int_crypto_init (krb5_context); -extern int krb5int_prng_init(krb5_context context); +extern int krb5int_crypto_init (void); +extern int krb5int_prng_init(void); /* * Referral definitions, debugging hooks, and subfunctions. diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index fc8af38215..a38eff9a57 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -1,5 +1,5 @@ mydir=lib -SUBDIRS=crypto ../plugins/prng/plugin_yarrow ../plugin_core/impl krb5 gssapi rpc kdb kadm5 apputils +SUBDIRS=crypto ../plugin_core/impl krb5 gssapi rpc kdb kadm5 apputils BUILDTOP=$(REL).. all-unix:: diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index 495152cf96..fa12e19c72 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -18,27 +18,35 @@ LIBINITFUNC=cryptoint_initialize_library LIBFINIFUNC=cryptoint_cleanup_library RELDIR=crypto -STOBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST @CRYPTO_IMPL@/enc_provider/OBJS.ST \ - @CRYPTO_IMPL@/hash_provider/OBJS.ST krb/checksum/OBJS.ST \ - krb/prf/OBJS.ST krb/rand2key/OBJS.ST \ - krb/old/OBJS.ST krb/raw/OBJS.ST \ - @CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST @CRYPTO_IMPL@/sha1/OBJS.ST \ - krb/arcfour/OBJS.ST @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \ - krb/OBJS.ST @CRYPTO_IMPL@/OBJS.ST - -SUBDIROBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST @CRYPTO_IMPL@/enc_provider/OBJS.ST \ - @CRYPTO_IMPL@/hash_provider/OBJS.ST krb/checksum/OBJS.ST \ - krb/prf/OBJS.ST krb/rand2key/OBJS.ST \ - krb/old/OBJS.ST krb/raw/OBJS.ST \ - @CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST @CRYPTO_IMPL@/sha1/OBJS.ST \ - krb/arcfour/OBJS.ST @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \ - krb/OBJS.ST @CRYPTO_IMPL@/OBJS.ST +STOBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST \ + @CRYPTO_IMPL@/enc_provider/OBJS.ST \ + @CRYPTO_IMPL@/hash_provider/OBJS.ST \ + krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \ + krb/old/OBJS.ST krb/raw/OBJS.ST krb/yarrow/OBJS.ST \ + @CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST \ + @CRYPTO_IMPL@/sha1/OBJS.ST \ + krb/arcfour/OBJS.ST \ + @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \ + krb/OBJS.ST \ + @CRYPTO_IMPL@/OBJS.ST + +SUBDIROBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST \ + @CRYPTO_IMPL@/enc_provider/OBJS.ST \ + @CRYPTO_IMPL@/hash_provider/OBJS.ST \ + krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \ + krb/old/OBJS.ST krb/raw/OBJS.ST krb/yarrow/OBJS.ST \ + @CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST \ + @CRYPTO_IMPL@/sha1/OBJS.ST \ + krb/arcfour/OBJS.ST \ + @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \ + krb/OBJS.ST \ + @CRYPTO_IMPL@/OBJS.ST # No dependencies. Record places to find this shared object if the target # link editor and loader support it. DEPLIBS= SHLIB_DIRS=-L$(TOPLIBD) -SHLIB_EXPLIBS= $(SUPPORT_LIB) @CRYPTO_LIBS@ $(LIBS) -lyaml $(PLUGIN_CORE_DEPLIB) $(PLUGIN_PRNG_DEPLIB) +SHLIB_EXPLIBS= $(SUPPORT_LIB) @CRYPTO_LIBS@ $(LIBS) SHLIB_EXPDEPLIBS= $(SUPPORT_DEPLIB) SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@ SHLIB_LIBDIRS= @SHLIB_LIBDIRS@ diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in index 7bdd0f4f66..bcbaedff79 100644 --- a/src/lib/crypto/crypto_tests/Makefile.in +++ b/src/lib/crypto/crypto_tests/Makefile.in @@ -15,7 +15,7 @@ PROG_RPATH=$(KRB5_LIBDIR) DEFS= PLUGINS_LIBS = -lkrb5 \ - $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libplugin_yarrow.a $(srcdir)/../../libencrypted_challenge.a \ + $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libencrypted_challenge.a \ $(LIBS_PROFILE) $(PLUGIN_CORE_DEPLIB) EXTRADEPSRCS=\ diff --git a/src/lib/crypto/crypto_tests/t_cksum.c b/src/lib/crypto/crypto_tests/t_cksum.c index 63284d9256..c220072e4d 100644 --- a/src/lib/crypto/crypto_tests/t_cksum.c +++ b/src/lib/crypto/crypto_tests/t_cksum.c @@ -31,9 +31,6 @@ */ #include "k5-int.h" -#include -#include - #define MD5_K5BETA_COMPAT #define MD4_K5BETA_COMPAT @@ -99,34 +96,29 @@ main(argc, argv) krb5_error_code kret=0; krb5_data plaintext; krb5_checksum checksum, knowncksum; - plugin_manager* default_manager; - const char conf_path[] = "plugin_conf.yml"; - - default_manager = plugin_default_manager_get_instance(); - set_plugin_manager_instance(default_manager); - plugin_manager_configure(conf_path); - plugin_manager_start(); + krb5_context context; + krb5_init_context(&context); /* this is a terrible seed, but that's ok for the test. */ plaintext.length = 8; plaintext.data = (char *) testkey; - krb5_c_random_seed(/* XXX */ 0, &plaintext); + krb5_c_random_seed(context, &plaintext); keyblock.enctype = ENCTYPE_DES_CBC_CRC; keyblock.length = sizeof(testkey); keyblock.contents = testkey; - krb5_k_create_key(NULL, &keyblock, &key); + krb5_k_create_key(context, &keyblock, &key); for (msgindex = 1; msgindex + 1 < argc; msgindex += 2) { plaintext.length = strlen(argv[msgindex]); plaintext.data = argv[msgindex]; /* Create a checksum. */ - kret = krb5_k_make_checksum(NULL, CKTYPE, key, 0, &plaintext, + kret = krb5_k_make_checksum(context, CKTYPE, key, 0, &plaintext, &checksum); if (kret != 0) { printf("krb5_calculate_checksum choked with %d\n", kret); @@ -135,7 +127,7 @@ main(argc, argv) print_checksum("correct", MD, argv[msgindex], &checksum); /* Verify it. */ - kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &checksum, + kret = krb5_k_verify_checksum(context, key, 0, &plaintext, &checksum, &valid); if (kret != 0) { printf("verify on new checksum choked with %d\n", kret); @@ -150,7 +142,7 @@ main(argc, argv) /* Corrupt the checksum and see if it still verifies. */ checksum.contents[0]++; - kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &checksum, + kret = krb5_k_verify_checksum(context, key, 0, &plaintext, &checksum, &valid); if (kret != 0) { printf("verify on new checksum choked with %d\n", kret); @@ -171,7 +163,7 @@ main(argc, argv) kret = 1; break; } - kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &knowncksum, + kret = krb5_k_verify_checksum(context, key, 0, &plaintext, &knowncksum, &valid); if (kret != 0) { printf("verify on known checksum choked with %d\n", kret); @@ -188,7 +180,8 @@ main(argc, argv) if (!kret) printf("%d tests passed successfully for MD%d checksum\n", (argc-1)/2, MD); - krb5_k_free_key(NULL, key); + krb5_k_free_key(context, key); return(kret); } + diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c index c40b1916a0..cfb074954d 100644 --- a/src/lib/crypto/crypto_tests/t_encrypt.c +++ b/src/lib/crypto/crypto_tests/t_encrypt.c @@ -34,8 +34,6 @@ #include "k5-int.h" #include "etypes.h" #include -#include -#include /* What enctypes should we test?*/ @@ -101,14 +99,7 @@ main () krb5_enc_data enc_out, enc_out2; krb5_keyblock *keyblock; krb5_key key; - plugin_manager* default_manager; - const char conf_path[] = "plugin_conf.yml"; - - default_manager = plugin_default_manager_get_instance(); - set_plugin_manager_instance(default_manager); - - plugin_manager_configure(conf_path); - plugin_manager_start(); + krb5_init_context(&context); memset(iov, 0, sizeof(iov)); diff --git a/src/lib/crypto/crypto_tests/t_kperf.c b/src/lib/crypto/crypto_tests/t_kperf.c index 8c36e902f0..0db6f4a7f3 100644 --- a/src/lib/crypto/crypto_tests/t_kperf.c +++ b/src/lib/crypto/crypto_tests/t_kperf.c @@ -57,6 +57,9 @@ main(int argc, char **argv) krb5_enc_data outblock; krb5_checksum sum; krb5_boolean val; + krb5_context ctx; + + krb5_init_context ctx; if (argc != 5) { fprintf(stderr, "Usage: t_kperf {c|k}{e|d|m|v} type size nblocks\n"); @@ -76,9 +79,9 @@ main(int argc, char **argv) block.data = "notrandom"; block.length = 9; - krb5_c_random_seed(NULL, &block); + krb5_c_random_seed(ctx, &block); - krb5_c_make_random_key(NULL, enctype, &kblock); + krb5_c_make_random_key(ctx, enctype, &kblock); krb5_k_create_key(NULL, &kblock, &key); block.length = blocksize; diff --git a/src/lib/crypto/crypto_tests/t_prng.c b/src/lib/crypto/crypto_tests/t_prng.c index 7825b23548..a85e2c38fa 100644 --- a/src/lib/crypto/crypto_tests/t_prng.c +++ b/src/lib/crypto/crypto_tests/t_prng.c @@ -49,14 +49,30 @@ int main () { unsigned int source_id, seed_length; unsigned int i; //#if 0 + krb5_context ctx; plugin_manager* default_manager; - const char conf_path[] = "plugin_conf.yml"; + static plugin_manager* plugin_mngr_instance = NULL; + +// ret = krb5int_initialize_library(); + //if (ret) return ret; + + ctx = calloc(1, sizeof(struct _krb5_context)); + if (!ctx) return ENOMEM; + + /* Plugin initialization */ + plugin_default_manager_get_instance(&plugin_mngr_instance); + set_plugin_manager_instance(&ctx->pl_handle, plugin_mngr_instance); + plugin_manager_configure(ctx->pl_handle, ""); + plugin_manager_start(ctx->pl_handle); +/* default_manager = plugin_default_manager_get_instance(); set_plugin_manager_instance(default_manager); - plugin_manager_configure(conf_path); + plugin_manager_configure(""); plugin_manager_start(); +*/ + //#endif while (1) { /* Read source*/ @@ -73,7 +89,7 @@ int main () { input.data[seed_length-lc] = (unsigned) (i&0xff); } input.length = seed_length; - assert (krb5_c_random_add_entropy (0, source_id, &input) == 0); + assert (krb5_c_random_add_entropy (ctx, source_id, &input) == 0); free (input.data); input.data = NULL; } @@ -82,7 +98,7 @@ int main () { if (i) { assert ((output.data = malloc (i)) != NULL); output.length = i; - ret = krb5_c_random_make_octets (0, &output); + ret = krb5_c_random_make_octets (ctx, &output); if (ret) printf ("failed\n"); else { diff --git a/src/lib/crypto/crypto_tests/t_short.c b/src/lib/crypto/crypto_tests/t_short.c index f1285face3..3adc68f720 100644 --- a/src/lib/crypto/crypto_tests/t_short.c +++ b/src/lib/crypto/crypto_tests/t_short.c @@ -31,8 +31,6 @@ */ #include "k5-int.h" -#include -#include krb5_enctype interesting_enctypes[] = { @@ -71,7 +69,7 @@ check_decrypt_result(krb5_error_code code, size_t len, size_t min_len) } static void -test_enctype(krb5_enctype enctype) +test_enctype(krb5_context context, krb5_enctype enctype) { krb5_error_code ret; krb5_keyblock keyblock; @@ -83,7 +81,7 @@ test_enctype(krb5_enctype enctype) printf("Testing enctype %d\n", (int) enctype); x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len)); - x(krb5_c_make_random_key(NULL, enctype, &keyblock)); + x(krb5_c_make_random_key(context, enctype, &keyblock)); input.enctype = enctype; /* Try each length up to the minimum length. */ @@ -119,19 +117,14 @@ main(int argc, char **argv) { int i; krb5_data notrandom; - plugin_manager* default_manager; - const char conf_path[] = "plugin_conf.yml"; + krb5_context context; - default_manager = plugin_default_manager_get_instance(); - set_plugin_manager_instance(default_manager); - - plugin_manager_configure(conf_path); - plugin_manager_start(); + krb5_init_context(&context); notrandom.data = "notrandom"; notrandom.length = 9; - krb5_c_random_seed(NULL, ¬random); + krb5_c_random_seed(context, ¬random); for (i = 0; interesting_enctypes[i]; i++) - test_enctype(interesting_enctypes[i]); + test_enctype(context, interesting_enctypes[i]); return 0; } diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in index 3e4f809510..9e019115fe 100644 --- a/src/lib/crypto/krb/Makefile.in +++ b/src/lib/crypto/krb/Makefile.in @@ -1,15 +1,14 @@ mydir=lib/crypto/krb BUILDTOP=$(REL)..$(S)..$(S).. SUBDIRS= arcfour checksum crc32 dk \ - prf rand2key old raw + prf rand2key old raw yarrow LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../@CRYPTO_IMPL@/enc_provider -I$(srcdir)/dk \ -I$(srcdir)/../@CRYPTO_IMPL@/hash_provider \ -I$(srcdir)/prf -I$(srcdir)/rand2key \ - -I$(srcdir)/old -I$(srcdir)/raw \ + -I$(srcdir)/old -I$(srcdir)/raw -I$(srcdir)/yarrow \ -I$(srcdir)/../@CRYPTO_IMPL@/ -I$(srcdir)/../@CRYPTO_IMPL@/des \ -I$(srcdir)/../@CRYPTO_IMPL@/aes -I$(srcdir)/arcfour \ - -I$(srcdir)/../@CRYPTO_IMPL@/sha1 -I$(srcdir)/../@CRYPTO_IMPL@ \ - -I$(BUILDTOP)/plugins/prng -I$(BUILDTOP)/plugin_core + -I$(srcdir)/../@CRYPTO_IMPL@/sha1 -I$(srcdir)/../@CRYPTO_IMPL@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) DEFS= @@ -144,11 +143,11 @@ SRCS=\ STOBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \ dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \ - old/OBJS.ST raw/OBJS.ST OBJS.ST + old/OBJS.ST raw/OBJS.ST yarrow/OBJS.ST OBJS.ST SUBDIROBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \ dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \ - old/OBJS.ST raw/OBJS.ST + old/OBJS.ST raw/OBJS.ST yarrow/OBJS.ST ##DOS##LIBOBJS = $(OBJS) @@ -184,6 +183,9 @@ all-windows:: cd ..\raw @echo Making in crypto\raw $(MAKE) -$(MFLAGS) + cd ..\yarrow + @echo Making in crypto\yarrow + $(MAKE) -$(MFLAGS) cd .. clean-windows:: @@ -211,6 +213,9 @@ clean-windows:: cd ..\raw @echo Making clean in crypto\raw $(MAKE) -$(MFLAGS) clean + cd ..\yarrow + @echo Making clean in crypto\yarrow + $(MAKE) -$(MFLAGS) clean cd .. check-windows:: @@ -238,6 +243,9 @@ check-windows:: cd ..\raw @echo Making check in crypto\raw $(MAKE) -$(MFLAGS) check + cd ..\yarrow + @echo Making check in crypto\yarrow + $(MAKE) -$(MFLAGS) check cd .. diff --git a/src/lib/crypto/krb/aead.c b/src/lib/crypto/krb/aead.c index d8cbf2af48..c1f8ccd9e6 100644 --- a/src/lib/crypto/krb/aead.c +++ b/src/lib/crypto/krb/aead.c @@ -232,7 +232,7 @@ krb5int_c_iov_put_block(const krb5_crypto_iov *data, } krb5_error_code -krb5int_c_iov_decrypt_stream(krb5_context ctx, const struct krb5_keytypes *ktp, krb5_key key, +krb5int_c_iov_decrypt_stream(const struct krb5_keytypes *ktp, krb5_key key, krb5_keyusage keyusage, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data) { @@ -292,7 +292,7 @@ krb5int_c_iov_decrypt_stream(krb5_context ctx, const struct krb5_keytypes *ktp, assert(i <= num_data + 2); - ret = ktp->decrypt(ctx, ktp, key, keyusage, ivec, iov, i); + ret = ktp->decrypt(ktp, key, keyusage, ivec, iov, i); free(iov); return ret; } diff --git a/src/lib/crypto/krb/aead.h b/src/lib/crypto/krb/aead.h index 271179dd05..df54a05d37 100644 --- a/src/lib/crypto/krb/aead.h +++ b/src/lib/crypto/krb/aead.h @@ -75,7 +75,7 @@ krb5int_c_iov_put_block(const krb5_crypto_iov *data, struct iov_block_state *iov_state); krb5_error_code -krb5int_c_iov_decrypt_stream(krb5_context, const struct krb5_keytypes *ktp, krb5_key key, +krb5int_c_iov_decrypt_stream(const struct krb5_keytypes *ktp, krb5_key key, krb5_keyusage keyusage, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data); diff --git a/src/lib/crypto/krb/cksumtypes.h b/src/lib/crypto/krb/cksumtypes.h index ecd9f6af39..8c32f662a4 100644 --- a/src/lib/crypto/krb/cksumtypes.h +++ b/src/lib/crypto/krb/cksumtypes.h @@ -39,7 +39,7 @@ struct krb5_cksumtypes; * fill in the contents. If ctp->enc is not NULL, the handler can assume that * key is a valid-length key of an enctype which uses that enc provider. */ -typedef krb5_error_code (*checksum_func)(krb5_context, const struct krb5_cksumtypes *ctp, +typedef krb5_error_code (*checksum_func)(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov *data, size_t num_data, @@ -52,7 +52,7 @@ typedef krb5_error_code (*checksum_func)(krb5_context, const struct krb5_cksumty * ctp->enc is not NULL, the handler can assume that key a valid-length key of * an enctype which uses that enc provider. */ -typedef krb5_error_code (*verify_func)(krb5_context, const struct krb5_cksumtypes *ctp, +typedef krb5_error_code (*verify_func)(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov *data, size_t num_data, diff --git a/src/lib/crypto/krb/combine_keys.c b/src/lib/crypto/krb/combine_keys.c index 3bfb5f7bde..b7435383bb 100644 --- a/src/lib/crypto/krb/combine_keys.c +++ b/src/lib/crypto/krb/combine_keys.c @@ -47,7 +47,7 @@ #include "etypes.h" #include "dk.h" -static krb5_error_code dr(krb5_context ctx, const struct krb5_enc_provider *enc, +static krb5_error_code dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey, unsigned char *outdata, const krb5_data *in_constant); @@ -125,13 +125,13 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1, input.length = key2->length; input.data = (char *) key2->contents; - ret = dr(context, enc, key1, r1, &input); + ret = dr(enc, key1, r1, &input); if (ret) goto cleanup; input.length = key1->length; input.data = (char *) key1->contents; - ret = dr(context, enc, key2, r2, &input); + ret = dr(enc, key2, r2, &input); if (ret) goto cleanup; @@ -191,7 +191,7 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1, myalloc = TRUE; } - ret = krb5int_derive_keyblock(context, enc, tkey, outkey, &input); + ret = krb5int_derive_keyblock(enc, tkey, outkey, &input); if (ret) { if (myalloc) { free(outkey->contents); @@ -212,7 +212,7 @@ cleanup: /* Our DR function, a simple wrapper around krb5int_derive_random(). */ static krb5_error_code -dr(krb5_context ctx, const struct krb5_enc_provider *enc, const krb5_keyblock *inkey, +dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey, unsigned char *out, const krb5_data *in_constant) { krb5_data outdata = make_data(out, enc->keybytes); @@ -222,7 +222,7 @@ dr(krb5_context ctx, const struct krb5_enc_provider *enc, const krb5_keyblock *i ret = krb5_k_create_key(NULL, inkey, &key); if (ret != 0) return ret; - ret = krb5int_derive_random(ctx, enc, key, &outdata, in_constant); + ret = krb5int_derive_random(enc, key, &outdata, in_constant); krb5_k_free_key(NULL, key); return ret; } diff --git a/src/lib/crypto/krb/crypto_libinit.c b/src/lib/crypto/krb/crypto_libinit.c index 8824a93ee6..a69db38e3b 100644 --- a/src/lib/crypto/krb/crypto_libinit.c +++ b/src/lib/crypto/krb/crypto_libinit.c @@ -2,34 +2,33 @@ #include #include "k5-int.h" -// MAKE_INIT_FUNCTION(cryptoint_initialize_library); -// MAKE_FINI_FUNCTION(cryptoint_cleanup_library); +MAKE_INIT_FUNCTION(cryptoint_initialize_library); +MAKE_FINI_FUNCTION(cryptoint_cleanup_library); -extern int krb5int_prng_init(krb5_context); -extern void krb5int_prng_cleanup (krb5_context); +extern int krb5int_prng_init(void); +extern void krb5int_prng_cleanup (void); /* * Initialize the crypto library. */ -int cryptoint_initialize_library (krb5_context ctx) +int cryptoint_initialize_library (void) { - return krb5int_prng_init(ctx); + return krb5int_prng_init(); } -int krb5int_crypto_init(krb5_context ctx) +int krb5int_crypto_init(void) { - // return CALL_INIT_FUNCTION(cryptoint_initialize_library); -return cryptoint_initialize_library ( ctx); + return CALL_INIT_FUNCTION(cryptoint_initialize_library); } /* * Clean up the crypto library state */ -void cryptoint_cleanup_library (krb5_context ctx) +void cryptoint_cleanup_library (void) { -// ??? temp ??? if (!INITIALIZER_RAN(cryptoint_initialize_library)) -// return; - krb5int_prng_cleanup (ctx); + if (!INITIALIZER_RAN(cryptoint_initialize_library)) + return; + krb5int_prng_cleanup (); } diff --git a/src/lib/crypto/krb/decrypt.c b/src/lib/crypto/krb/decrypt.c index fce1edcb12..c12c90d339 100644 --- a/src/lib/crypto/krb/decrypt.c +++ b/src/lib/crypto/krb/decrypt.c @@ -77,7 +77,7 @@ krb5_k_decrypt(krb5_context context, krb5_key key, memcpy(iov[3].data.data, input->ciphertext.data + header_len + plain_len, trailer_len); - ret = ktp->decrypt(context, ktp, key, usage, ivec, iov, 4); + ret = ktp->decrypt(ktp, key, usage, ivec, iov, 4); if (ret != 0) zap(output->data, plain_len); else diff --git a/src/lib/crypto/krb/decrypt_iov.c b/src/lib/crypto/krb/decrypt_iov.c index f636233f71..f52a727b33 100644 --- a/src/lib/crypto/krb/decrypt_iov.c +++ b/src/lib/crypto/krb/decrypt_iov.c @@ -42,11 +42,11 @@ krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, if (krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM) != NULL) { - return krb5int_c_iov_decrypt_stream(context, ktp, key, usage, cipher_state, + return krb5int_c_iov_decrypt_stream(ktp, key, usage, cipher_state, data, num_data); } - return ktp->decrypt(context, ktp, key, usage, cipher_state, data, num_data); + return ktp->decrypt(ktp, key, usage, cipher_state, data, num_data); } krb5_error_code KRB5_CALLCONV diff --git a/src/lib/crypto/krb/deps b/src/lib/crypto/krb/deps index 2dcdf092ee..d720d35ec0 100644 --- a/src/lib/crypto/krb/deps +++ b/src/lib/crypto/krb/deps @@ -338,7 +338,8 @@ prng.so prng.po $(OUTPRE)prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/enc_provider/enc_provider.h \ $(srcdir)/../builtin/sha1/shs.h $(srcdir)/../builtin/yhash.h \ - $(top_srcdir)/include/k5-buf.h \ + $(srcdir)/yarrow/yarrow.h $(srcdir)/yarrow/ycipher.h \ + $(srcdir)/yarrow/ytypes.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ diff --git a/src/lib/crypto/krb/dk/checksum.c b/src/lib/crypto/krb/dk/checksum.c index ac29ab51ea..3dbde1014b 100644 --- a/src/lib/crypto/krb/dk/checksum.c +++ b/src/lib/crypto/krb/dk/checksum.c @@ -33,7 +33,7 @@ #define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */ krb5_error_code -krb5int_dk_checksum(krb5_context context, const struct krb5_cksumtypes *ctp, +krb5int_dk_checksum(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov *data, size_t num_data, krb5_data *output) @@ -57,7 +57,7 @@ krb5int_dk_checksum(krb5_context context, const struct krb5_cksumtypes *ctp, datain = make_data(constantdata, K5CLENGTH); store_32_be(usage, constantdata); constantdata[4] = (char) 0x99; - ret = krb5int_derive_key(context, enc, key, &kc, &datain); + ret = krb5int_derive_key(enc, key, &kc, &datain); if (ret) return ret; diff --git a/src/lib/crypto/krb/dk/derive.c b/src/lib/crypto/krb/dk/derive.c index 2a43e14510..5fd8876479 100644 --- a/src/lib/crypto/krb/dk/derive.c +++ b/src/lib/crypto/krb/dk/derive.c @@ -80,7 +80,7 @@ cleanup: } krb5_error_code -krb5int_derive_random(krb5_context context, const struct krb5_enc_provider *enc, +krb5int_derive_random(const struct krb5_enc_provider *enc, krb5_key inkey, krb5_data *outrnd, const krb5_data *in_constant) { @@ -137,7 +137,7 @@ cleanup: * the same inkey and constant. */ krb5_error_code -krb5int_derive_keyblock(krb5_context context, const struct krb5_enc_provider *enc, +krb5int_derive_keyblock(const struct krb5_enc_provider *enc, krb5_key inkey, krb5_keyblock *outkey, const krb5_data *in_constant) { @@ -150,7 +150,7 @@ krb5int_derive_keyblock(krb5_context context, const struct krb5_enc_provider *en goto cleanup; /* Derive pseudo-random data for the key bytes. */ - ret = krb5int_derive_random(context, enc, inkey, &rawkey, in_constant); + ret = krb5int_derive_random(enc, inkey, &rawkey, in_constant); if (ret) goto cleanup; @@ -163,7 +163,7 @@ cleanup: } krb5_error_code -krb5int_derive_key(krb5_context context, const struct krb5_enc_provider *enc, +krb5int_derive_key(const struct krb5_enc_provider *enc, krb5_key inkey, krb5_key *outkey, const krb5_data *in_constant) { @@ -189,7 +189,7 @@ krb5int_derive_key(krb5_context context, const struct krb5_enc_provider *enc, keyblock.enctype = inkey->keyblock.enctype; if (keyblock.contents == NULL) return ENOMEM; - ret = krb5int_derive_keyblock(context, enc, inkey, &keyblock, in_constant); + ret = krb5int_derive_keyblock(enc, inkey, &keyblock, in_constant); if (ret) goto cleanup; diff --git a/src/lib/crypto/krb/dk/dk.h b/src/lib/crypto/krb/dk/dk.h index 883a1790d4..0fdd984928 100644 --- a/src/lib/crypto/krb/dk/dk.h +++ b/src/lib/crypto/krb/dk/dk.h @@ -38,44 +38,44 @@ krb5int_aes_crypto_length(const struct krb5_keytypes *ktp, krb5_cryptotype type); krb5_error_code -krb5int_dk_encrypt(krb5_context, const struct krb5_keytypes *ktp, krb5_key key, +krb5int_dk_encrypt(const struct krb5_keytypes *ktp, krb5_key key, krb5_keyusage usage, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data); krb5_error_code -krb5int_dk_decrypt(krb5_context, const struct krb5_keytypes *ktp, krb5_key key, +krb5int_dk_decrypt(const struct krb5_keytypes *ktp, krb5_key key, krb5_keyusage usage, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data); krb5_error_code -krb5int_dk_string_to_key(krb5_context ctx, const struct krb5_keytypes *enc, +krb5int_dk_string_to_key(const struct krb5_keytypes *enc, const krb5_data *string, const krb5_data *salt, const krb5_data *params, krb5_keyblock *key); krb5_error_code -krb5int_aes_string_to_key(krb5_context ctx, const struct krb5_keytypes *enc, +krb5int_aes_string_to_key(const struct krb5_keytypes *enc, const krb5_data *string, const krb5_data *salt, const krb5_data *params, krb5_keyblock *key); krb5_error_code -krb5int_derive_keyblock(krb5_context, const struct krb5_enc_provider *enc, +krb5int_derive_keyblock(const struct krb5_enc_provider *enc, krb5_key inkey, krb5_keyblock *outkey, const krb5_data *in_constant); krb5_error_code -krb5int_derive_key(krb5_context, const struct krb5_enc_provider *enc, +krb5int_derive_key(const struct krb5_enc_provider *enc, krb5_key inkey, krb5_key *outkey, const krb5_data *in_constant); krb5_error_code -krb5int_dk_checksum(krb5_context, const struct krb5_cksumtypes *ctp, +krb5int_dk_checksum(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov *data, size_t num_data, krb5_data *output); krb5_error_code -krb5int_derive_random(krb5_context, const struct krb5_enc_provider *enc, +krb5int_derive_random(const struct krb5_enc_provider *enc, krb5_key inkey, krb5_data *outrnd, const krb5_data *in_constant); diff --git a/src/lib/crypto/krb/dk/dk_aead.c b/src/lib/crypto/krb/dk/dk_aead.c index d89b9fef5c..f44ae84ad0 100644 --- a/src/lib/crypto/krb/dk/dk_aead.c +++ b/src/lib/crypto/krb/dk/dk_aead.c @@ -69,7 +69,7 @@ krb5int_aes_crypto_length(const struct krb5_keytypes *ktp, } krb5_error_code -krb5int_dk_encrypt(krb5_context context, const struct krb5_keytypes *ktp, krb5_key key, +krb5int_dk_encrypt(const struct krb5_keytypes *ktp, krb5_key key, krb5_keyusage usage, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data) { @@ -134,13 +134,13 @@ krb5int_dk_encrypt(krb5_context context, const struct krb5_keytypes *ktp, krb5_k d1.data[4] = 0xAA; - ret = krb5int_derive_key(context, enc, key, &ke, &d1); + ret = krb5int_derive_key(enc, key, &ke, &d1); if (ret != 0) goto cleanup; d1.data[4] = 0x55; - ret = krb5int_derive_key(context, enc, key, &ki, &d1); + ret = krb5int_derive_key(enc, key, &ki, &d1); if (ret != 0) goto cleanup; @@ -148,7 +148,7 @@ krb5int_dk_encrypt(krb5_context context, const struct krb5_keytypes *ktp, krb5_k header->data.length = enc->block_size; - ret = krb5_c_random_make_octets(/* XXX */ context, &header->data); + ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data); if (ret != 0) goto cleanup; @@ -161,7 +161,7 @@ krb5int_dk_encrypt(krb5_context context, const struct krb5_keytypes *ktp, krb5_k goto cleanup; /* Encrypt the plaintext (header | data | padding) */ - ret = enc->encrypt(/*context,*/ ke, ivec, data, num_data); + ret = enc->encrypt(ke, ivec, data, num_data); if (ret != 0) goto cleanup; @@ -179,7 +179,7 @@ cleanup: } krb5_error_code -krb5int_dk_decrypt(krb5_context context, const struct krb5_keytypes *ktp, krb5_key key, +krb5int_dk_decrypt(const struct krb5_keytypes *ktp, krb5_key key, krb5_keyusage usage, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data) { @@ -235,13 +235,13 @@ krb5int_dk_decrypt(krb5_context context, const struct krb5_keytypes *ktp, krb5_k d1.data[4] = 0xAA; - ret = krb5int_derive_key(context, enc, key, &ke, &d1); + ret = krb5int_derive_key(enc, key, &ke, &d1); if (ret != 0) goto cleanup; d1.data[4] = 0x55; - ret = krb5int_derive_key(context, enc, key, &ki, &d1); + ret = krb5int_derive_key(enc, key, &ki, &d1); if (ret != 0) goto cleanup; diff --git a/src/lib/crypto/krb/dk/stringtokey.c b/src/lib/crypto/krb/dk/stringtokey.c index cfc3ef6e4b..4c7206c2a2 100644 --- a/src/lib/crypto/krb/dk/stringtokey.c +++ b/src/lib/crypto/krb/dk/stringtokey.c @@ -31,7 +31,7 @@ static const unsigned char kerberos[] = "kerberos"; #define kerberos_len (sizeof(kerberos)-1) krb5_error_code -krb5int_dk_string_to_key(krb5_context ctx, const struct krb5_keytypes *ktp, +krb5int_dk_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string, const krb5_data *salt, const krb5_data *parms, krb5_keyblock *keyblock) { @@ -87,7 +87,7 @@ krb5int_dk_string_to_key(krb5_context ctx, const struct krb5_keytypes *ktp, indata.length = kerberos_len; indata.data = (char *) kerberos; - ret = krb5int_derive_keyblock(ctx, enc, foldkey, keyblock, &indata); + ret = krb5int_derive_keyblock(enc, foldkey, keyblock, &indata); if (ret != 0) memset(keyblock->contents, 0, keyblock->length); @@ -104,7 +104,7 @@ cleanup: #define MAX_ITERATION_COUNT 0x1000000L krb5_error_code -krb5int_aes_string_to_key(krb5_context ctx, const struct krb5_keytypes *ktp, +krb5int_aes_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string, const krb5_data *salt, const krb5_data *params, @@ -150,7 +150,7 @@ krb5int_aes_string_to_key(krb5_context ctx, const struct krb5_keytypes *ktp, if (err) goto cleanup; - err = krb5int_derive_keyblock(ctx, ktp->enc, tempkey, key, &usage); + err = krb5int_derive_keyblock(ktp->enc, tempkey, key, &usage); cleanup: if (err) diff --git a/src/lib/crypto/krb/encrypt.c b/src/lib/crypto/krb/encrypt.c index 8df8398bcc..8f5c481b58 100644 --- a/src/lib/crypto/krb/encrypt.c +++ b/src/lib/crypto/krb/encrypt.c @@ -70,7 +70,7 @@ krb5_k_encrypt(krb5_context context, krb5_key key, iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER; iov[3].data = make_data(iov[2].data.data + padding_len, trailer_len); - ret = ktp->encrypt(context, ktp, key, usage, ivec, iov, 4); + ret = ktp->encrypt(ktp, key, usage, ivec, iov, 4); if (ret != 0) zap(iov[1].data.data, iov[1].data.length); else diff --git a/src/lib/crypto/krb/encrypt_iov.c b/src/lib/crypto/krb/encrypt_iov.c index 1040db722c..26bb82b8af 100644 --- a/src/lib/crypto/krb/encrypt_iov.c +++ b/src/lib/crypto/krb/encrypt_iov.c @@ -39,7 +39,7 @@ krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, if (ktp == NULL) return KRB5_BAD_ENCTYPE; - return ktp->encrypt(context, ktp, key, usage, cipher_state, data, num_data); + return ktp->encrypt(ktp, key, usage, cipher_state, data, num_data); } krb5_error_code KRB5_CALLCONV diff --git a/src/lib/crypto/krb/etypes.h b/src/lib/crypto/krb/etypes.h index bcf9724fbe..be737cb50a 100644 --- a/src/lib/crypto/krb/etypes.h +++ b/src/lib/crypto/krb/etypes.h @@ -35,7 +35,7 @@ struct krb5_keytypes; typedef unsigned int (*crypto_length_func)(const struct krb5_keytypes *ktp, krb5_cryptotype type); -typedef krb5_error_code (*crypt_func)(krb5_context ctx, const struct krb5_keytypes *ktp, +typedef krb5_error_code (*crypt_func)(const struct krb5_keytypes *ktp, krb5_key key, krb5_keyusage keyusage, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data); diff --git a/src/lib/crypto/krb/make_checksum.c b/src/lib/crypto/krb/make_checksum.c index 1320cfdcd9..d0dc622370 100644 --- a/src/lib/crypto/krb/make_checksum.c +++ b/src/lib/crypto/krb/make_checksum.c @@ -63,7 +63,7 @@ krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype, iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = *input; - ret = ctp->checksum(context, ctp, key, usage, &iov, 1, &cksum_data); + ret = ctp->checksum(ctp, key, usage, &iov, 1, &cksum_data); if (ret != 0) goto cleanup; diff --git a/src/lib/crypto/krb/make_checksum_iov.c b/src/lib/crypto/krb/make_checksum_iov.c index 8fd4fc6a51..dcffa489c7 100644 --- a/src/lib/crypto/krb/make_checksum_iov.c +++ b/src/lib/crypto/krb/make_checksum_iov.c @@ -58,7 +58,7 @@ krb5_k_make_checksum_iov(krb5_context context, if (ret != 0) return ret; - ret = ctp->checksum(context, ctp, key, usage, data, num_data, &cksum_data); + ret = ctp->checksum(ctp, key, usage, data, num_data, &cksum_data); if (ret != 0) goto cleanup; diff --git a/src/lib/crypto/krb/old_api_glue.c b/src/lib/crypto/krb/old_api_glue.c index c705ff51ef..49f554dd28 100644 --- a/src/lib/crypto/krb/old_api_glue.c +++ b/src/lib/crypto/krb/old_api_glue.c @@ -60,13 +60,11 @@ krb5_encrypt(krb5_context context, krb5_const_pointer inptr, if (ret) return ret; - ivecd.length = blocksize; - ivecd.data = ivec; + ivecd = make_data(ivec, blocksize); } /* size is the length of the input cleartext data. */ - inputd.length = size; - inputd.data = inptr; + inputd = make_data((void *) inptr, size); /* * The size of the output buffer isn't part of the old api. Not too @@ -76,8 +74,7 @@ krb5_encrypt(krb5_context context, krb5_const_pointer inptr, if (ret) return ret; - outputd.ciphertext.length = outlen; - outputd.ciphertext.data = outptr; + outputd.ciphertext = make_data(outptr, outlen); return krb5_c_encrypt(context, eblock->key, 0, ivec ? &ivecd : 0, &inputd, &outputd); @@ -98,20 +95,17 @@ krb5_decrypt(krb5_context context, krb5_const_pointer inptr, if (ret) return ret; - ivecd.length = blocksize; - ivecd.data = ivec; + ivecd = make_data(ivec, blocksize); } /* size is the length of the input ciphertext data */ inputd.enctype = eblock->key->enctype; - inputd.ciphertext.length = size; - inputd.ciphertext.data = inptr; + inputd.ciphertext = make_data((void *) inptr, size); /* we don't really know how big this is, but the code tends to assume that the output buffer size should be the same as the input buffer size */ - outputd.length = size; - outputd.data = outptr; + outputd = make_data(outptr, size); return krb5_c_decrypt(context, eblock->key, 0, ivec ? &ivecd : 0, &inputd, &outputd); @@ -145,10 +139,7 @@ krb5_error_code KRB5_CALLCONV krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock, const krb5_keyblock *keyblock, krb5_pointer *ptr) { - krb5_data data; - - data.length = keyblock->length; - data.data = (char *) keyblock->contents; + krb5_data data = make_data(keyblock->contents, keyblock->length); return krb5_c_random_seed(context, &data); } @@ -226,17 +217,14 @@ krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype, krb5_const_pointer seed, size_t seed_length, krb5_checksum *outcksum) { - krb5_data input; + krb5_data input = make_data((void *) in, in_length); krb5_keyblock key; krb5_error_code ret; krb5_checksum cksum; - input.data = in; - input.length = in_length; - key.enctype = ENCTYPE_NULL; key.length = seed_length; - key.contents = seed; + key.contents = (unsigned char *) seed; ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum); if (ret) @@ -264,16 +252,13 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, size_t in_length, krb5_const_pointer seed, size_t seed_length) { - krb5_data input; + krb5_data input = make_data((void *) in, in_length); krb5_keyblock key; krb5_error_code ret; krb5_boolean valid; - input.data = in; - input.length = in_length; - key.length = seed_length; - key.contents = seed; + key.contents = (unsigned char *) seed; ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum, &valid); if (ret) @@ -288,10 +273,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, krb5_error_code KRB5_CALLCONV krb5_random_confounder(size_t size, krb5_pointer ptr) { - krb5_data random_data; - - random_data.length = size; - random_data.data = ptr; + krb5_data random_data = make_data(ptr, size); return krb5_c_random_make_octets(NULL, &random_data); } @@ -313,17 +295,15 @@ krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key, if (ret) return ret; - ivecd.length = blocksize; - ivecd.data = ivec; + ivecd = make_data(ivec, blocksize); } enc_data->magic = KV5M_ENC_DATA; enc_data->kvno = 0; enc_data->enctype = key->enctype; - enc_data->ciphertext.length = enclen; - enc_data->ciphertext.data = malloc(enclen); - if (enc_data->ciphertext.data == NULL) - return ENOMEM; + ret = alloc_data(&enc_data->ciphertext, enclen); + if (ret) + return ret; ret = krb5_c_encrypt(context, key, 0, ivec ? &ivecd : 0, data, enc_data); if (ret) @@ -345,14 +325,12 @@ krb5_error_code krb5_decrypt_data(krb5_context context, krb5_keyblock *key, if (ret) return ret; - ivecd.length = blocksize; - ivecd.data = ivec; + ivecd = make_data(ivec, blocksize); } - data->length = enc_data->ciphertext.length; - data->data = malloc(data->length); - if (data->data == NULL) - return ENOMEM; + ret = alloc_data(data, enc_data->ciphertext.length); + if (ret) + return ret; ret = krb5_c_decrypt(context, key, 0, ivec ? &ivecd : 0, enc_data, data); if (ret) diff --git a/src/lib/crypto/krb/prf/dk_prf.c b/src/lib/crypto/krb/prf/dk_prf.c index 062b761f0c..9851ce774d 100644 --- a/src/lib/crypto/krb/prf/dk_prf.c +++ b/src/lib/crypto/krb/prf/dk_prf.c @@ -34,7 +34,7 @@ #include krb5_error_code -krb5int_dk_prf(krb5_context ctx, const struct krb5_keytypes *ktp, krb5_key key, +krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key, const krb5_data *in, krb5_data *out) { const struct krb5_enc_provider *enc = ktp->enc; @@ -55,7 +55,7 @@ krb5int_dk_prf(krb5_context ctx, const struct krb5_keytypes *ktp, krb5_key key, goto cleanup; /* Derive a key using the PRF constant. */ - ret = krb5int_derive_key(ctx, ktp->enc, key, &kp, &prfconst); + ret = krb5int_derive_key(ktp->enc, key, &kp, &prfconst); if (ret != 0) goto cleanup; diff --git a/src/lib/crypto/krb/prf/prf_int.h b/src/lib/crypto/krb/prf/prf_int.h index 4ce666ffb5..865f62ba22 100644 --- a/src/lib/crypto/krb/prf/prf_int.h +++ b/src/lib/crypto/krb/prf/prf_int.h @@ -40,7 +40,7 @@ krb5int_des_prf(const struct krb5_keytypes *ktp, krb5_key key, const krb5_data *in, krb5_data *out); krb5_error_code -krb5int_dk_prf(krb5_context ctx, const struct krb5_keytypes *ktp, krb5_key key, +krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key, const krb5_data *in, krb5_data *out); #endif /*PRF_INTERNAL_DEFS*/ diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c index 4ea4ecb867..ef326994a4 100644 --- a/src/lib/crypto/krb/prng.c +++ b/src/lib/crypto/krb/prng.c @@ -25,24 +25,78 @@ */ #include "k5-int.h" +#include "enc_provider.h" #include #include "k5-thread.h" -#include -#include +#include "yarrow.h" +static Yarrow_CTX y_ctx; +#define yarrow_lock krb5int_yarrow_lock +k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER; +/* Helper function to estimate entropy based on sample length + * and where it comes from. + */ + +static size_t +entropy_estimate(unsigned int randsource, size_t length) +{ + switch (randsource) { + case KRB5_C_RANDSOURCE_OLDAPI: + return 4 * length; + case KRB5_C_RANDSOURCE_OSRAND: + return 8 * length; + case KRB5_C_RANDSOURCE_TRUSTEDPARTY: + return 4 * length; + case KRB5_C_RANDSOURCE_TIMING: + return 2; + case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL: + return 0; + default: + abort(); + } + return 0; +} + +int krb5int_prng_init(void) +{ + unsigned i, source_id; + int yerr; + + yerr = k5_mutex_finish_init(&yarrow_lock); + if (yerr) + return yerr; + + yerr = krb5int_yarrow_init (&y_ctx, NULL); + if (yerr != YARROW_OK && yerr != YARROW_NOT_SEEDED) + return KRB5_CRYPTO_INTERNAL; + + for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) { + if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK) + return KRB5_CRYPTO_INTERNAL; + assert (source_id == i); + } + return 0; +} krb5_error_code KRB5_CALLCONV krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, const krb5_data *data) { - plhandle handle = plugin_manager_get_service(context->pl_handle, "plugin_prng"); - - plugin_prng_seed(handle, context, randsource, data); + int yerr; + + /* Make sure the mutex got initialized. */ + yerr = krb5int_crypto_init(); + if (yerr) + return yerr; + /* Now, finally, feed in the data. */ + yerr = krb5int_yarrow_input(&y_ctx, randsource, + data->data, data->length, + entropy_estimate(randsource, data->length)); + if (yerr != YARROW_OK) + return KRB5_CRYPTO_INTERNAL; return 0; - - } krb5_error_code KRB5_CALLCONV @@ -52,43 +106,110 @@ krb5_c_random_seed(krb5_context context, krb5_data *data) } krb5_error_code KRB5_CALLCONV -krb5_c_random_os_entropy(krb5_context context, int strong, int *success) +krb5_c_random_make_octets(krb5_context context, krb5_data *data) { - plhandle handle = plugin_manager_get_service(context->pl_handle, "plugin_prng"); - - plugin_prng_os_seed(handle, context, strong, success); - + int yerr; + yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length); + if (yerr == YARROW_NOT_SEEDED) { + yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL); + if (yerr == YARROW_OK) + yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length); + } + if (yerr != YARROW_OK) + return KRB5_CRYPTO_INTERNAL; return 0; } -krb5_error_code KRB5_CALLCONV -krb5_c_random_make_octets(krb5_context context, krb5_data *data) +void +krb5int_prng_cleanup (void) { - plhandle handle = plugin_manager_get_service(context->pl_handle, "plugin_prng"); + krb5int_yarrow_final (&y_ctx); + k5_mutex_destroy(&yarrow_lock); +} - plugin_prng_rand(handle, context, data); +/* + * Routines to get entropy from the OS. For UNIX we try /dev/urandom + * and /dev/random. Currently we don't do anything for Windows. + */ +#if defined(_WIN32) + +krb5_error_code KRB5_CALLCONV +krb5_c_random_os_entropy(krb5_context context, int strong, int *success) +{ + if (success) + *success = 0; return 0; } -int krb5int_prng_init(krb5_context context) -{ - int ret = 0; - plhandle handle = plugin_manager_get_service(context->pl_handle, "plugin_prng"); +#else /*Windows*/ +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif - ret = plugin_prng_init(handle); +/* + * Helper function to read entropy from a random device. Takes the + * name of a device, opens it, makes sure it is a device and if so, + * reads entropy. Returns a boolean indicating whether entropy was + * read. + */ - return ret; +static int +read_entropy_from_device(krb5_context context, const char *device) +{ + krb5_data data; + struct stat sb; + int fd; + unsigned char buf[YARROW_SLOW_THRESH/8], *bp; + int left; + + fd = open (device, O_RDONLY); + if (fd == -1) + return 0; + set_cloexec_fd(fd); + if (fstat(fd, &sb) == -1 || S_ISREG(sb.st_mode)) { + close(fd); + return 0; + } + + for (bp = buf, left = sizeof(buf); left > 0;) { + ssize_t count; + count = read(fd, bp, (unsigned) left); + if (count <= 0) { + close(fd); + return 0; + } + left -= count; + bp += count; + } + close(fd); + data.length = sizeof (buf); + data.data = (char *) buf; + return (krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND, + &data) == 0); } -void -krb5int_prng_cleanup(krb5_context context) +krb5_error_code KRB5_CALLCONV +krb5_c_random_os_entropy(krb5_context context, int strong, int *success) { - plhandle handle = plugin_manager_get_service(context->pl_handle, "plugin_prng"); - - plugin_prng_cleanup(handle); - - return; + int unused; + int *oursuccess = success ? success : &unused; + + *oursuccess = 0; + /* If we are getting strong data then try that first. We are + guaranteed to cause a reseed of some kind if strong is true and + we have both /dev/random and /dev/urandom. We want the strong + data included in the reseed so we get it first.*/ + if (strong) { + if (read_entropy_from_device(context, "/dev/random")) + *oursuccess = 1; + } + if (read_entropy_from_device(context, "/dev/urandom")) + *oursuccess = 1; + return 0; } - +#endif /*Windows or pre-OSX Mac*/ diff --git a/src/lib/crypto/krb/verify_checksum.c b/src/lib/crypto/krb/verify_checksum.c index 6747ec5e44..cb19c23a9a 100644 --- a/src/lib/crypto/krb/verify_checksum.c +++ b/src/lib/crypto/krb/verify_checksum.c @@ -53,7 +53,7 @@ krb5_k_verify_checksum(krb5_context context, krb5_key key, /* If there's actually a verify function, call it. */ cksum_data = make_data(cksum->contents, cksum->length); if (ctp->verify != NULL) - return ctp->verify(context, ctp, key, usage, &iov, 1, &cksum_data, valid); + return ctp->verify(ctp, key, usage, &iov, 1, &cksum_data, valid); /* Otherwise, make the checksum again, and compare. */ if (cksum->length != ctp->output_size) diff --git a/src/lib/crypto/krb/verify_checksum_iov.c b/src/lib/crypto/krb/verify_checksum_iov.c index 1a1a51f2d4..0934ae5118 100644 --- a/src/lib/crypto/krb/verify_checksum_iov.c +++ b/src/lib/crypto/krb/verify_checksum_iov.c @@ -58,7 +58,7 @@ krb5_k_verify_checksum_iov(krb5_context context, /* If there's actually a verify function, call it. */ if (ctp->verify != NULL) { - return ctp->verify(context, ctp, key, usage, data, num_data, &checksum->data, + return ctp->verify(ctp, key, usage, data, num_data, &checksum->data, valid); } @@ -66,7 +66,7 @@ krb5_k_verify_checksum_iov(krb5_context context, if (ret != 0) return ret; - ret = ctp->checksum(context, ctp, key, usage, data, num_data, &computed); + ret = ctp->checksum(ctp, key, usage, data, num_data, &computed); if (ret == 0) { *valid = (memcmp(computed.data, checksum->data.data, ctp->output_size) == 0); diff --git a/src/plugins/prng/plugin_yarrow/ASSUMPTIONS b/src/lib/crypto/krb/yarrow/ASSUMPTIONS similarity index 100% rename from src/plugins/prng/plugin_yarrow/ASSUMPTIONS rename to src/lib/crypto/krb/yarrow/ASSUMPTIONS diff --git a/src/plugins/prng/plugin_yarrow/LICENSE b/src/lib/crypto/krb/yarrow/LICENSE similarity index 100% rename from src/plugins/prng/plugin_yarrow/LICENSE rename to src/lib/crypto/krb/yarrow/LICENSE diff --git a/src/lib/crypto/krb/yarrow/Makefile.in b/src/lib/crypto/krb/yarrow/Makefile.in new file mode 100644 index 0000000000..55ae16ce30 --- /dev/null +++ b/src/lib/crypto/krb/yarrow/Makefile.in @@ -0,0 +1,38 @@ +mydir=lib/crypto/krb/yarrow +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +LOCALINCLUDES = -I$(srcdir)/.. \ + -I$(srcdir)/../../@CRYPTO_IMPL@ \ + -I$(srcdir)/../../@CRYPTO_IMPL@/sha1 \ + -I$(srcdir)/../../@CRYPTO_IMPL@/enc_provider +DEFS= + +##DOS##BUILDTOP = ..\..\..\.. +##DOS##PREFIXDIR=yarrow +##DOS##OBJFILE=..\$(OUTPRE)yarrow.lst + +PROG_LIBPATH=-L$(TOPLIBD) +PROG_RPATH=$(KRB5_LIBDIR) + +STLIBOBJS=\ + yarrow.o \ + ycipher.o +OBJS=\ + $(OUTPRE)yarrow.$(OBJEXT) \ + $(OUTPRE)ycipher.$(OBJEXT) + +SRCS=\ + $(srcdir)/yarrow.c \ + $(srcdir)/ycipher.c + +##DOS##LIBOBJS = $(OBJS) + +all-unix:: all-libobjs + +includes:: depend + +depend:: $(SRCS) + +clean-unix:: clean-libobjs + +@libobj_frag@ + diff --git a/src/plugins/prng/plugin_yarrow/README b/src/lib/crypto/krb/yarrow/README similarity index 100% rename from src/plugins/prng/plugin_yarrow/README rename to src/lib/crypto/krb/yarrow/README diff --git a/src/plugins/prng/plugin_yarrow/TODO b/src/lib/crypto/krb/yarrow/TODO similarity index 100% rename from src/plugins/prng/plugin_yarrow/TODO rename to src/lib/crypto/krb/yarrow/TODO diff --git a/src/plugins/prng/plugin_yarrow/deps b/src/lib/crypto/krb/yarrow/deps similarity index 83% rename from src/plugins/prng/plugin_yarrow/deps rename to src/lib/crypto/krb/yarrow/deps index 2b4cd1f3d4..440ca1441b 100644 --- a/src/plugins/prng/plugin_yarrow/deps +++ b/src/lib/crypto/krb/yarrow/deps @@ -3,8 +3,8 @@ # yarrow.so yarrow.po $(OUTPRE)yarrow.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../lib/crypto/builtin/sha1/shs.h \ - $(srcdir)/../../../lib/crypto/builtin/yhash.h $(top_srcdir)/include/k5-buf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../crypto/builtin/sha1/shs.h \ + $(srcdir)/../../../crypto/builtin/yhash.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ @@ -15,8 +15,8 @@ yarrow.so yarrow.po $(OUTPRE)yarrow.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ ycipher.h yexcep.h ylock.h ystate.h ytypes.h ycipher.so ycipher.po $(OUTPRE)ycipher.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../lib/crypto/builtin/enc_provider/enc_provider.h \ - $(srcdir)/../../../lib/crypto/builtin/sha1/shs.h $(srcdir)/../../../lib/crypto/builtin/yhash.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../crypto/builtin/enc_provider/enc_provider.h \ + $(srcdir)/../../../crypto/builtin/sha1/shs.h $(srcdir)/../../../crypto/builtin/yhash.h \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ @@ -29,7 +29,7 @@ plugin_prng_impl.so plugin_prng_impl.po $(OUTPRE)plugin_prng_impl.$(OBJEXT): \ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/plugins/prng/plugin_yarrow/plugin_prng_impl.h \ $(top_srcdir)/plugin_core/plugin_manager.h \ $(top_srcdir)/plugin_core/plugin_factory.h \ - $(srcdir)/../../../lib/crypto/builtin/yhash.h \ - $(srcdir)/../../../lib/crypto/builtin/enc_provider/enc_provider.h \ + $(srcdir)/../../../crypto/builtin/yhash.h \ + $(srcdir)/../../../crypto/builtin/enc_provider/enc_provider.h \ plugin_prng_impl.c diff --git a/src/plugins/prng/plugin_yarrow/yarrow.c b/src/lib/crypto/krb/yarrow/yarrow.c similarity index 100% rename from src/plugins/prng/plugin_yarrow/yarrow.c rename to src/lib/crypto/krb/yarrow/yarrow.c diff --git a/src/plugins/prng/plugin_yarrow/yarrow.h b/src/lib/crypto/krb/yarrow/yarrow.h similarity index 100% rename from src/plugins/prng/plugin_yarrow/yarrow.h rename to src/lib/crypto/krb/yarrow/yarrow.h diff --git a/src/plugins/prng/plugin_yarrow/yarrow.man b/src/lib/crypto/krb/yarrow/yarrow.man similarity index 100% rename from src/plugins/prng/plugin_yarrow/yarrow.man rename to src/lib/crypto/krb/yarrow/yarrow.man diff --git a/src/plugins/prng/plugin_yarrow/yarrow.pod b/src/lib/crypto/krb/yarrow/yarrow.pod similarity index 100% rename from src/plugins/prng/plugin_yarrow/yarrow.pod rename to src/lib/crypto/krb/yarrow/yarrow.pod diff --git a/src/plugins/prng/plugin_yarrow/ycipher.c b/src/lib/crypto/krb/yarrow/ycipher.c similarity index 100% rename from src/plugins/prng/plugin_yarrow/ycipher.c rename to src/lib/crypto/krb/yarrow/ycipher.c diff --git a/src/plugins/prng/plugin_yarrow/ycipher.h b/src/lib/crypto/krb/yarrow/ycipher.h similarity index 100% rename from src/plugins/prng/plugin_yarrow/ycipher.h rename to src/lib/crypto/krb/yarrow/ycipher.h diff --git a/src/plugins/prng/plugin_yarrow/yexcep.h b/src/lib/crypto/krb/yarrow/yexcep.h similarity index 100% rename from src/plugins/prng/plugin_yarrow/yexcep.h rename to src/lib/crypto/krb/yarrow/yexcep.h diff --git a/src/plugins/prng/plugin_yarrow/ylock.h b/src/lib/crypto/krb/yarrow/ylock.h similarity index 100% rename from src/plugins/prng/plugin_yarrow/ylock.h rename to src/lib/crypto/krb/yarrow/ylock.h diff --git a/src/plugins/prng/plugin_yarrow/ystate.h b/src/lib/crypto/krb/yarrow/ystate.h similarity index 100% rename from src/plugins/prng/plugin_yarrow/ystate.h rename to src/lib/crypto/krb/yarrow/ystate.h diff --git a/src/plugins/prng/plugin_yarrow/ytypes.h b/src/lib/crypto/krb/yarrow/ytypes.h similarity index 100% rename from src/plugins/prng/plugin_yarrow/ytypes.h rename to src/lib/crypto/krb/yarrow/ytypes.h diff --git a/src/lib/krb5/Makefile.in b/src/lib/krb5/Makefile.in index 7b157216bc..bc690481c7 100644 --- a/src/lib/krb5/Makefile.in +++ b/src/lib/krb5/Makefile.in @@ -9,8 +9,7 @@ DEFS= PLUGINS_LIBS = \ ../../plugin_core/impl/libplugin_impl.a $(PLUGIN_CORE_DEPLIB) \ - ../../plugins/pa/encrypted_challenge/libencrypted_challenge.a \ - ../../plugins/prng/plugin_yarrow/libplugin_yarrow.a + ../../plugins/pa/encrypted_challenge/libencrypted_challenge.a ##DOSBUILDTOP = ..\.. diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in index 2e2c6706ec..0e2f2ad7c9 100644 --- a/src/lib/krb5/krb/Makefile.in +++ b/src/lib/krb5/krb/Makefile.in @@ -12,7 +12,8 @@ DEFS=-DLIBDIR=\"$(KRB5_LIBDIR)\" ##DOS##PREFIXDIR=krb ##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst -PLUGINS_LIBS = $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libplugin_yarrow.a $(srcdir)/../../libencrypted_challenge.a +PLUGINS_LIBS = $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libencrypted_challenge.a +# PLUGINS_LIBS = $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libplugin_yarrow.a $(srcdir)/../../libencrypted_challenge.a STLIBOBJS= \ diff --git a/src/plugin_core/impl/Makefile.in b/src/plugin_core/impl/Makefile.in index afa7361a45..84f077b15a 100644 --- a/src/plugin_core/impl/Makefile.in +++ b/src/plugin_core/impl/Makefile.in @@ -6,7 +6,7 @@ PROG_RPATH=$(KRB5_LIBDIR) DEFS= LOCALINCLUDES = -I$(srcdir)/../../include/krb5 -I$(srcdir)/. \ - -I$(srcdir)/../../plugins/prng/plugin_yarrow -I$(srcdir)/../../plugins/prng \ + -I$(srcdir)/../../plugins/prng \ -I$(srcdir)/../../plugins/pa -I$(srcdir)/../../plugins/pa/encrypted_challenge \ -I$(srcdir)/.. @@ -18,10 +18,11 @@ SRCS= plugin_default_factory.c plugin_default_manager.c STOBJLISTS=OBJS.ST -LIBS_UTILS = ../plugin_core$(SO_EXT) \ - ../../plugins/prng/plugin_yarrow/plugin_prng_impl$(SO_EXT) \ - ../../plugins/prng/plugin_yarrow/ycipher$(SO_EXT) \ - ../../plugins/prng/plugin_yarrow/yarrow$(SO_EXT) +LIBS_UTILS = ../plugin_core$(SO_EXT) + +# ../../plugins/prng/plugin_yarrow/plugin_prng_impl$(SO_EXT) \ +# ../../plugins/prng/plugin_yarrow/ycipher$(SO_EXT) \ +# ../../plugins/prng/plugin_yarrow/yarrow$(SO_EXT) SHLIB_EXPLIBS= $(LIBS_UTILS) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) diff --git a/src/plugin_core/impl/deps b/src/plugin_core/impl/deps index 2602771f1e..1dd0f9f783 100644 --- a/src/plugin_core/impl/deps +++ b/src/plugin_core/impl/deps @@ -8,7 +8,6 @@ plugin_default_manager.so plugin_default_manager.po $(OUTPRE)plugin_default_mana plugin_default_factory.so plugin_default_factory.po $(OUTPRE)plugin_default_factory.$(OBJEXT): \ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/plugin_core/plugin_factory.h \ $(top_srcdir)/plugin_core/plugin_manager.h \ - $(top_srcdir)/plugins/prng/plugin_yarrow/plugin_prng_impl.h \ $(top_srcdir)/plugins/pa/encrypted_challenge/plugin_pa_impl.h \ $(top_srcdir)/plugin_core/impl/plugin_default_manager.h \ $(top_srcdir)/plugin_core/impl/plugin_default_factory.h \ diff --git a/src/plugin_core/impl/plugin_default_factory.c b/src/plugin_core/impl/plugin_default_factory.c index 7b87983498..1814ae2895 100644 --- a/src/plugin_core/impl/plugin_default_factory.c +++ b/src/plugin_core/impl/plugin_default_factory.c @@ -8,14 +8,14 @@ #include "plugin_manager.h" #include "plugin_factory.h" -#include "plugin_prng_impl.h" +//#include "plugin_prng_impl.h" #include "plugin_pa_impl.h" #include "plugin_default_factory.h" static plugin_factory* _default_factory_instance = NULL; static plugin_descr plugin_default_factory_table[] = { - {"plugin_yarrow_prng", plugin_yarrow_prng_create}, +// {"plugin_yarrow_prng", plugin_yarrow_prng_create}, {"plugin_encrypted_challenge_pa", plugin_encrypted_challenge_pa_create}, {"plugin_ldap_audit", NULL}, {NULL,NULL} diff --git a/src/plugin_core/impl/plugin_default_factory.h b/src/plugin_core/impl/plugin_default_factory.h index dcd92a9bec..8b92b10bac 100644 --- a/src/plugin_core/impl/plugin_default_factory.h +++ b/src/plugin_core/impl/plugin_default_factory.h @@ -7,7 +7,7 @@ #define PLUGIN_DEFAULT_FACTORY_H_ #include -#include "plugin_prng_impl.h" +//#include "plugin_prng_impl.h" factory_handle plugin_default_factory_get_instance(void); diff --git a/src/plugins/pa/plugin_pa.h b/src/plugins/pa/plugin_pa.h index f7d6cca305..eea7b63280 100644 --- a/src/plugins/pa/plugin_pa.h +++ b/src/plugins/pa/plugin_pa.h @@ -107,34 +107,5 @@ krb5_error_code plugin_server_free_reqctx(plhandle handle, krb5_context kcontext krb5_error_code plugin_server_init(plhandle handle, krb5_context kcontext, void **module_context, const char **realmnames); void plugin_server_fini(plhandle handle, krb5_context kcontext, void *module_context); -#if 0 -krb5_preauthtype supported_pa_types[] = {KRB5_PADATA_ENCRYPTED_CHALLENGE, 0}; - -struct krb5plugin_preauth_server_ftable_v1 preauthentication_server_1 = { - "Encrypted challenge", - &supported_pa_types[0], - NULL, - NULL, - kdc_preauth_flags, - kdc_include_padata, - kdc_verify_preauth, - kdc_return_preauth, - NULL -}; - -struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = { - "Encrypted Challenge", /* name */ - &supported_pa_types[0], /* pa_type_list */ - NULL, /* enctype_list */ - NULL, /* plugin init function */ - NULL, /* plugin fini function */ - preauth_flags, /* get flags function */ - NULL, /* request init function */ - NULL, /* request fini function */ - process_preauth, /* process function */ - NULL, /* try_again function */ - NULL /* get init creds opt function */ -}; -#endif #endif /* PLUGIN_PA_H_ */ diff --git a/src/plugins/prng/plugin_yarrow/Makefile.in b/src/plugins/prng/plugin_yarrow/Makefile.in deleted file mode 100644 index 8166393e66..0000000000 --- a/src/plugins/prng/plugin_yarrow/Makefile.in +++ /dev/null @@ -1,30 +0,0 @@ -mydir=plugins/prng/plugin_yarrow -BUILDTOP=$(REL)../../.. -RELDIR=../plugins/prng/plugin_yarrow -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) -DEFS= - -LOCALINCLUDES = -I../../../include/krb5 -I. -I../../../plugin_core -I.. -I$(srcdir)/.. \ - -I$(srcdir)/../../../lib/crypto/@CRYPTO_IMPL@ \ - -I$(srcdir)/../../../lib/crypto/@CRYPTO_IMPL@/sha1 \ - -I$(srcdir)/../../../lib/crypto/@CRYPTO_IMPL@/enc_provider - -LIBBASE=plugin_yarrow - -STLIBOBJS= yarrow.o ycipher.o plugin_prng_impl.o -SRCS=\ - $(srcdir)/yarrow.c \ - $(srcdir)/ycipher.c \ - $(srcdir)/plugin_prng_impl.c - -STOBJLISTS=OBJS.ST - -all-unix:: all-liblinks -clean-unix:: clean-liblinks clean-libs clean-libobjs -install-unix:: install-libs - - -@libpriv_frag@ -@lib_frag@ -@libobj_frag@ diff --git a/src/plugins/prng/plugin_yarrow/plugin_prng_impl.c b/src/plugins/prng/plugin_yarrow/plugin_prng_impl.c deleted file mode 100644 index cda7e3dc0c..0000000000 --- a/src/plugins/prng/plugin_yarrow/plugin_prng_impl.c +++ /dev/null @@ -1,246 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright (C) 2001, 2002, 2004, 2007, 2008 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "enc_provider.h" -#include -#include "k5-thread.h" - -#include -#include -#include "plugin_prng.h" -#include "plugin_prng_impl.h" - -#include "yarrow.h" - -static Yarrow_CTX y_ctx; -#define yarrow_lock krb5int_yarrow_lock -k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER; - - -/* Helper function to estimate entropy based on sample length - * and where it comes from. - */ - -static size_t -entropy_estimate(unsigned int randsource, size_t length) -{ - switch (randsource) { - case KRB5_C_RANDSOURCE_OLDAPI: - return 4 * length; - case KRB5_C_RANDSOURCE_OSRAND: - return 8 * length; - case KRB5_C_RANDSOURCE_TRUSTEDPARTY: - return 4 * length; - case KRB5_C_RANDSOURCE_TIMING: - return 2; - case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL: - return 0; - default: - abort(); - } - return 0; -} - - -/* - * Routines to get entropy from the OS. For UNIX we try /dev/urandom - * and /dev/random. Currently we don't do anything for Windows. - */ -#if defined(_WIN32) - -static krb5_error_code -_plugin_prng_os_seed(krb5_context context, int strong, int *success) -{ - if (success) - *success = 0; - return 0; -} - -#else /*Windows*/ -#ifdef HAVE_UNISTD_H -#include -#endif -#ifdef HAVE_SYS_STAT_H -#include -#endif - -/* - * Helper function to read entropy from a random device. Takes the - * name of a device, opens it, makes sure it is a device and if so, - * reads entropy. Returns a boolean indicating whether entropy was - * read. - */ - -static krb5_error_code -read_entropy_from_device(krb5_context context, const char *device) -{ - krb5_data data; - struct stat sb; - int fd; - unsigned char buf[YARROW_SLOW_THRESH/8], *bp; - int left; - - fd = open (device, O_RDONLY); - if (fd == -1) - return 0; - set_cloexec_fd(fd); - if (fstat(fd, &sb) == -1 || S_ISREG(sb.st_mode)) { - close(fd); - return 0; - } - - for (bp = buf, left = sizeof(buf); left > 0;) { - ssize_t count; - count = read(fd, bp, (unsigned) left); - if (count <= 0) { - close(fd); - return 0; - } - left -= count; - bp += count; - } - close(fd); - data.length = sizeof (buf); - data.data = (char *) buf; - return (krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND, - &data) == 0); -} - -static krb5_error_code -_plugin_prng_os_seed(krb5_context context, int strong, int *success) -{ - int unused; - int *oursuccess = success ? success : &unused; - - *oursuccess = 0; - /* If we are getting strong data then try that first. We are - guaranteed to cause a reseed of some kind if strong is true and - we have both /dev/random and /dev/urandom. We want the strong - data included in the reseed so we get it first.*/ - if (strong) { - if (read_entropy_from_device(context, "/dev/random")) - *oursuccess = 1; - } - if (read_entropy_from_device(context, "/dev/urandom")) - *oursuccess = 1; - return 0; -} - -#endif /*Windows or pre-OSX Mac*/ - -static krb5_error_code -_plugin_prng_seed(krb5_context context, unsigned int randsource, - const krb5_data *data) -{ - int yerr; - - /* Make sure the mutex got initialized. */ - yerr = krb5int_crypto_init(context); - if (yerr) - return yerr; - /* Now, finally, feed in the data. */ - yerr = krb5int_yarrow_input(&y_ctx, randsource, - data->data, data->length, - entropy_estimate(randsource, data->length)); - if (yerr != YARROW_OK) - return KRB5_CRYPTO_INTERNAL; - return 0; -} - -static krb5_error_code -_plugin_prng_rand(krb5_context context, krb5_data *data) -{ - int yerr; - yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length); - if (yerr == YARROW_NOT_SEEDED) { - yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL); - if (yerr == YARROW_OK) - yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length); - } - if (yerr != YARROW_OK) - return KRB5_CRYPTO_INTERNAL; - return 0; -} - - -static void -_plugin_prng_destroy(plugin_prng* api) -{ - if (api != NULL) { - free(api); - } -} - -static krb5_error_code -_plugin_prng_init(void) -{ - unsigned i, source_id; - int yerr; - - yerr = k5_mutex_finish_init(&yarrow_lock); - if (yerr) - return yerr; - - yerr = krb5int_yarrow_init (&y_ctx, NULL); - if (yerr != YARROW_OK && yerr != YARROW_NOT_SEEDED) - return KRB5_CRYPTO_INTERNAL; - - for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) { - if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK) - return KRB5_CRYPTO_INTERNAL; - assert (source_id == i); - } - - return 0; -} - -static void -_plugin_prng_cleanup (void) -{ - krb5int_yarrow_final (&y_ctx); - k5_mutex_destroy(&yarrow_lock); -} - - -plhandle -plugin_yarrow_prng_create() -{ - plhandle handle; - plugin_prng* api = malloc(sizeof(plugin_prng)); - - memset(api, 0, sizeof(plugin_prng)); - api->version = 0; - api->prng_rand = _plugin_prng_rand; - api->prng_seed = _plugin_prng_seed; - api->prng_os_seed = _plugin_prng_os_seed; - api->prng_init = _plugin_prng_init; - api->prng_cleanup = _plugin_prng_cleanup; - handle.api = api; - - return handle; -} - diff --git a/src/plugins/prng/plugin_yarrow/plugin_prng_impl.h b/src/plugins/prng/plugin_yarrow/plugin_prng_impl.h deleted file mode 100644 index e451dd52d6..0000000000 --- a/src/plugins/prng/plugin_yarrow/plugin_prng_impl.h +++ /dev/null @@ -1,14 +0,0 @@ -/* - * plugin_prng_impl.h - * - */ - -#ifndef PLUGIN_PRNG_IMPL_H_ -#define PLUGIN_PRNG_IMPL_H_ - -#include -#include - -plhandle plugin_yarrow_prng_create(void); - -#endif /* PLUGIN_PRNG_IMPL_H_ */