From 431853c84644c02e6bff1b325af5e94d3b1eacc6 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 14 Mar 2011 23:06:40 +0100 Subject: Merge new lorikeet heimdal, revision 85ed7247f515770c73b1f1ced1739f6ce19d75d2 Autobuild-User: Jelmer Vernooij Autobuild-Date: Mon Mar 14 23:53:46 CET 2011 on sn-devel-104 --- source4/heimdal/lib/krb5/context.c | 4 +- source4/heimdal/lib/krb5/crypto-aes.c | 18 +-- source4/heimdal/lib/krb5/crypto-algs.c | 4 +- source4/heimdal/lib/krb5/crypto-arcfour.c | 28 ++--- source4/heimdal/lib/krb5/crypto-des-common.c | 12 +- source4/heimdal/lib/krb5/crypto-des.c | 54 ++++----- source4/heimdal/lib/krb5/crypto-des3.c | 24 ++-- source4/heimdal/lib/krb5/crypto-evp.c | 18 +-- source4/heimdal/lib/krb5/crypto-null.c | 10 +- source4/heimdal/lib/krb5/crypto-pk.c | 4 +- source4/heimdal/lib/krb5/crypto.c | 162 ++++++++++++++------------- source4/heimdal/lib/krb5/crypto.h | 99 ++++++++-------- source4/heimdal/lib/krb5/get_cred.c | 6 +- source4/heimdal/lib/krb5/keytab.c | 5 +- source4/heimdal/lib/krb5/krb5.h | 2 + source4/heimdal/lib/krb5/pac.c | 4 +- source4/heimdal/lib/krb5/plugin.c | 14 +-- source4/heimdal/lib/krb5/salt-aes.c | 4 +- source4/heimdal/lib/krb5/salt.c | 10 +- 19 files changed, 244 insertions(+), 238 deletions(-) (limited to 'source4/heimdal/lib/krb5') diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index d4e48d26c7..b6c6870938 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -317,7 +317,7 @@ kt_ops_copy(krb5_context context, const krb5_context src_context) return 0; } -static const char *sysplugin_dirs[] = { +static const char *sysplugin_dirs[] = { LIBDIR "/plugin/krb5", #ifdef __APPLE__ "/Library/KerberosPlugins/KerberosFrameworkPlugins", @@ -332,7 +332,7 @@ init_context_once(void *ctx) krb5_context context = ctx; _krb5_load_plugins(context, "krb5", sysplugin_dirs); - + bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR); } diff --git a/source4/heimdal/lib/krb5/crypto-aes.c b/source4/heimdal/lib/krb5/crypto-aes.c index 25c675c900..e8facd85dd 100644 --- a/source4/heimdal/lib/krb5/crypto-aes.c +++ b/source4/heimdal/lib/krb5/crypto-aes.c @@ -37,12 +37,12 @@ * AES */ -static struct key_type keytype_aes128 = { +static struct _krb5_key_type keytype_aes128 = { KEYTYPE_AES128, "aes-128", 128, 16, - sizeof(struct evp_schedule), + sizeof(struct _krb5_evp_schedule), NULL, _krb5_evp_schedule, _krb5_AES_salt, @@ -51,12 +51,12 @@ static struct key_type keytype_aes128 = { EVP_aes_128_cbc }; -static struct key_type keytype_aes256 = { +static struct _krb5_key_type keytype_aes256 = { KEYTYPE_AES256, "aes-256", 256, 32, - sizeof(struct evp_schedule), + sizeof(struct _krb5_evp_schedule), NULL, _krb5_evp_schedule, _krb5_AES_salt, @@ -65,7 +65,7 @@ static struct key_type keytype_aes256 = { EVP_aes_256_cbc }; -struct checksum_type _krb5_checksum_hmac_sha1_aes128 = { +struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = { CKSUMTYPE_HMAC_SHA1_96_AES_128, "hmac-sha1-96-aes128", 64, @@ -75,7 +75,7 @@ struct checksum_type _krb5_checksum_hmac_sha1_aes128 = { NULL }; -struct checksum_type _krb5_checksum_hmac_sha1_aes256 = { +struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = { CKSUMTYPE_HMAC_SHA1_96_AES_256, "hmac-sha1-96-aes256", 64, @@ -91,7 +91,7 @@ AES_PRF(krb5_context context, const krb5_data *in, krb5_data *out) { - struct checksum_type *ct = crypto->et->checksum; + struct _krb5_checksum_type *ct = crypto->et->checksum; krb5_error_code ret; Checksum result; krb5_keyblock *derived; @@ -139,7 +139,7 @@ AES_PRF(krb5_context context, return ret; } -struct encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = { +struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = { ETYPE_AES128_CTS_HMAC_SHA1_96, "aes128-cts-hmac-sha1-96", 16, @@ -154,7 +154,7 @@ struct encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = { AES_PRF }; -struct encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = { +struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = { ETYPE_AES256_CTS_HMAC_SHA1_96, "aes256-cts-hmac-sha1-96", 16, diff --git a/source4/heimdal/lib/krb5/crypto-algs.c b/source4/heimdal/lib/krb5/crypto-algs.c index 5e468f360a..ed31377bd0 100644 --- a/source4/heimdal/lib/krb5/crypto-algs.c +++ b/source4/heimdal/lib/krb5/crypto-algs.c @@ -37,7 +37,7 @@ #define DES3_OLD_ENCTYPE 1 #endif -struct checksum_type *_krb5_checksum_types[] = { +struct _krb5_checksum_type *_krb5_checksum_types[] = { &_krb5_checksum_none, #ifdef HEIM_WEAK_CRYPTO &_krb5_checksum_crc32, @@ -63,7 +63,7 @@ int _krb5_num_checksums * these should currently be in reverse preference order. * (only relevant for !F_PSEUDO) */ -struct encryption_type *_krb5_etypes[] = { +struct _krb5_encryption_type *_krb5_etypes[] = { &_krb5_enctype_aes256_cts_hmac_sha1, &_krb5_enctype_aes128_cts_hmac_sha1, &_krb5_enctype_des3_cbc_sha1, diff --git a/source4/heimdal/lib/krb5/crypto-arcfour.c b/source4/heimdal/lib/krb5/crypto-arcfour.c index d098561474..82769aea62 100644 --- a/source4/heimdal/lib/krb5/crypto-arcfour.c +++ b/source4/heimdal/lib/krb5/crypto-arcfour.c @@ -37,12 +37,12 @@ #include "krb5_locl.h" -static struct key_type keytype_arcfour = { +static struct _krb5_key_type keytype_arcfour = { KEYTYPE_ARCFOUR, "arcfour", 128, 16, - sizeof(struct evp_schedule), + sizeof(struct _krb5_evp_schedule), NULL, _krb5_evp_schedule, _krb5_arcfour_salt, @@ -57,17 +57,17 @@ static struct key_type keytype_arcfour = { krb5_error_code _krb5_HMAC_MD5_checksum(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, Checksum *result) { EVP_MD_CTX *m; - struct checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5); + struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5); const char signature[] = "signaturekey"; Checksum ksign_c; - struct key_data ksign; + struct _krb5_key_data ksign; krb5_keyblock kb; unsigned char t[4]; unsigned char tmp[16]; @@ -105,7 +105,7 @@ _krb5_HMAC_MD5_checksum(krb5_context context, return 0; } -struct checksum_type _krb5_checksum_hmac_md5 = { +struct _krb5_checksum_type _krb5_checksum_hmac_md5 = { CKSUMTYPE_HMAC_MD5, "hmac-md5", 64, @@ -123,16 +123,16 @@ struct checksum_type _krb5_checksum_hmac_md5 = { static krb5_error_code ARCFOUR_subencrypt(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, void *data, size_t len, unsigned usage, void *ivec) { EVP_CIPHER_CTX ctx; - struct checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5); + struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5); Checksum k1_c, k2_c, k3_c, cksum; - struct key_data ke; + struct _krb5_key_data ke; krb5_keyblock kb; unsigned char t[4]; unsigned char *cdata = data; @@ -190,16 +190,16 @@ ARCFOUR_subencrypt(krb5_context context, static krb5_error_code ARCFOUR_subdecrypt(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, void *data, size_t len, unsigned usage, void *ivec) { EVP_CIPHER_CTX ctx; - struct checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5); + struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5); Checksum k1_c, k2_c, k3_c, cksum; - struct key_data ke; + struct _krb5_key_data ke; krb5_keyblock kb; unsigned char t[4]; unsigned char *cdata = data; @@ -290,7 +290,7 @@ _krb5_usage2arcfour(krb5_context context, unsigned *usage) static krb5_error_code ARCFOUR_encrypt(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, void *data, size_t len, krb5_boolean encryptp, @@ -309,7 +309,7 @@ ARCFOUR_encrypt(krb5_context context, return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec); } -struct encryption_type _krb5_enctype_arcfour_hmac_md5 = { +struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5 = { ETYPE_ARCFOUR_HMAC_MD5, "arcfour-hmac-md5", 1, diff --git a/source4/heimdal/lib/krb5/crypto-des-common.c b/source4/heimdal/lib/krb5/crypto-des-common.c index 82d344f28f..f8313952dc 100644 --- a/source4/heimdal/lib/krb5/crypto-des-common.c +++ b/source4/heimdal/lib/krb5/crypto-des-common.c @@ -57,12 +57,12 @@ _krb5_xor (DES_cblock *key, const unsigned char *b) krb5_error_code _krb5_des_checksum(krb5_context context, const EVP_MD *evp_md, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, Checksum *cksum) { - struct evp_schedule *ctx = key->schedule->data; + struct _krb5_evp_schedule *ctx = key->schedule->data; EVP_MD_CTX *m; DES_cblock ivec; unsigned char *p = cksum->checksum.data; @@ -90,12 +90,12 @@ _krb5_des_checksum(krb5_context context, krb5_error_code _krb5_des_verify(krb5_context context, const EVP_MD *evp_md, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, Checksum *C) { - struct evp_schedule *ctx = key->schedule->data; + struct _krb5_evp_schedule *ctx = key->schedule->data; EVP_MD_CTX *m; unsigned char tmp[24]; unsigned char res[16]; @@ -130,7 +130,7 @@ _krb5_des_verify(krb5_context context, static krb5_error_code RSA_MD5_checksum(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, @@ -141,7 +141,7 @@ RSA_MD5_checksum(krb5_context context, return 0; } -struct checksum_type _krb5_checksum_rsa_md5 = { +struct _krb5_checksum_type _krb5_checksum_rsa_md5 = { CKSUMTYPE_RSA_MD5, "rsa-md5", 64, diff --git a/source4/heimdal/lib/krb5/crypto-des.c b/source4/heimdal/lib/krb5/crypto-des.c index f6c09ba40c..1c062b5e61 100644 --- a/source4/heimdal/lib/krb5/crypto-des.c +++ b/source4/heimdal/lib/krb5/crypto-des.c @@ -49,8 +49,8 @@ krb5_DES_random_key(krb5_context context, static void krb5_DES_schedule_old(krb5_context context, - struct key_type *kt, - struct key_data *key) + struct _krb5_key_type *kt, + struct _krb5_key_data *key) { DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data); } @@ -68,7 +68,7 @@ krb5_DES_random_to_key(krb5_context context, _krb5_xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); } -static struct key_type keytype_des_old = { +static struct _krb5_key_type keytype_des_old = { KEYTYPE_DES, "des-old", 56, @@ -80,12 +80,12 @@ static struct key_type keytype_des_old = { krb5_DES_random_to_key }; -static struct key_type keytype_des = { +static struct _krb5_key_type keytype_des = { KEYTYPE_DES, "des", 56, 8, - sizeof(struct evp_schedule), + sizeof(struct _krb5_evp_schedule), krb5_DES_random_key, _krb5_evp_schedule, _krb5_des_salt, @@ -96,7 +96,7 @@ static struct key_type keytype_des = { static krb5_error_code CRC32_checksum(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, @@ -115,7 +115,7 @@ CRC32_checksum(krb5_context context, static krb5_error_code RSA_MD4_checksum(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, @@ -128,7 +128,7 @@ RSA_MD4_checksum(krb5_context context, static krb5_error_code RSA_MD4_DES_checksum(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, @@ -139,7 +139,7 @@ RSA_MD4_DES_checksum(krb5_context context, static krb5_error_code RSA_MD4_DES_verify(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, @@ -150,7 +150,7 @@ RSA_MD4_DES_verify(krb5_context context, static krb5_error_code RSA_MD5_DES_checksum(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, @@ -161,7 +161,7 @@ RSA_MD5_DES_checksum(krb5_context context, static krb5_error_code RSA_MD5_DES_verify(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, @@ -170,7 +170,7 @@ RSA_MD5_DES_verify(krb5_context context, return _krb5_des_verify(context, EVP_md5(), key, data, len, C); } -struct checksum_type _krb5_checksum_crc32 = { +struct _krb5_checksum_type _krb5_checksum_crc32 = { CKSUMTYPE_CRC32, "crc32", 1, @@ -180,7 +180,7 @@ struct checksum_type _krb5_checksum_crc32 = { NULL }; -struct checksum_type _krb5_checksum_rsa_md4 = { +struct _krb5_checksum_type _krb5_checksum_rsa_md4 = { CKSUMTYPE_RSA_MD4, "rsa-md4", 64, @@ -190,7 +190,7 @@ struct checksum_type _krb5_checksum_rsa_md4 = { NULL }; -struct checksum_type _krb5_checksum_rsa_md4_des = { +struct _krb5_checksum_type _krb5_checksum_rsa_md4_des = { CKSUMTYPE_RSA_MD4_DES, "rsa-md4-des", 64, @@ -200,7 +200,7 @@ struct checksum_type _krb5_checksum_rsa_md4_des = { RSA_MD4_DES_verify }; -struct checksum_type _krb5_checksum_rsa_md5_des = { +struct _krb5_checksum_type _krb5_checksum_rsa_md5_des = { CKSUMTYPE_RSA_MD5_DES, "rsa-md5-des", 64, @@ -212,14 +212,14 @@ struct checksum_type _krb5_checksum_rsa_md5_des = { static krb5_error_code evp_des_encrypt_null_ivec(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, void *data, size_t len, krb5_boolean encryptp, int usage, void *ignore_ivec) { - struct evp_schedule *ctx = key->schedule->data; + struct _krb5_evp_schedule *ctx = key->schedule->data; EVP_CIPHER_CTX *c; DES_cblock ivec; memset(&ivec, 0, sizeof(ivec)); @@ -231,14 +231,14 @@ evp_des_encrypt_null_ivec(krb5_context context, static krb5_error_code evp_des_encrypt_key_ivec(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, void *data, size_t len, krb5_boolean encryptp, int usage, void *ignore_ivec) { - struct evp_schedule *ctx = key->schedule->data; + struct _krb5_evp_schedule *ctx = key->schedule->data; EVP_CIPHER_CTX *c; DES_cblock ivec; memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); @@ -250,7 +250,7 @@ evp_des_encrypt_key_ivec(krb5_context context, static krb5_error_code DES_CFB64_encrypt_null_ivec(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, void *data, size_t len, krb5_boolean encryptp, @@ -268,7 +268,7 @@ DES_CFB64_encrypt_null_ivec(krb5_context context, static krb5_error_code DES_PCBC_encrypt_key_ivec(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, void *data, size_t len, krb5_boolean encryptp, @@ -283,7 +283,7 @@ DES_PCBC_encrypt_key_ivec(krb5_context context, return 0; } -struct encryption_type _krb5_enctype_des_cbc_crc = { +struct _krb5_encryption_type _krb5_enctype_des_cbc_crc = { ETYPE_DES_CBC_CRC, "des-cbc-crc", 8, @@ -298,7 +298,7 @@ struct encryption_type _krb5_enctype_des_cbc_crc = { NULL }; -struct encryption_type _krb5_enctype_des_cbc_md4 = { +struct _krb5_encryption_type _krb5_enctype_des_cbc_md4 = { ETYPE_DES_CBC_MD4, "des-cbc-md4", 8, @@ -313,7 +313,7 @@ struct encryption_type _krb5_enctype_des_cbc_md4 = { NULL }; -struct encryption_type _krb5_enctype_des_cbc_md5 = { +struct _krb5_encryption_type _krb5_enctype_des_cbc_md5 = { ETYPE_DES_CBC_MD5, "des-cbc-md5", 8, @@ -328,7 +328,7 @@ struct encryption_type _krb5_enctype_des_cbc_md5 = { NULL }; -struct encryption_type _krb5_enctype_des_cbc_none = { +struct _krb5_encryption_type _krb5_enctype_des_cbc_none = { ETYPE_DES_CBC_NONE, "des-cbc-none", 8, @@ -343,7 +343,7 @@ struct encryption_type _krb5_enctype_des_cbc_none = { NULL }; -struct encryption_type _krb5_enctype_des_cfb64_none = { +struct _krb5_encryption_type _krb5_enctype_des_cfb64_none = { ETYPE_DES_CFB64_NONE, "des-cfb64-none", 1, @@ -358,7 +358,7 @@ struct encryption_type _krb5_enctype_des_cfb64_none = { NULL }; -struct encryption_type _krb5_enctype_des_pcbc_none = { +struct _krb5_encryption_type _krb5_enctype_des_pcbc_none = { ETYPE_DES_PCBC_NONE, "des-pcbc-none", 8, diff --git a/source4/heimdal/lib/krb5/crypto-des3.c b/source4/heimdal/lib/krb5/crypto-des3.c index 1ff692b520..b61948895a 100644 --- a/source4/heimdal/lib/krb5/crypto-des3.c +++ b/source4/heimdal/lib/krb5/crypto-des3.c @@ -54,12 +54,12 @@ DES3_random_key(krb5_context context, #ifdef DES3_OLD_ENCTYPE -static struct key_type keytype_des3 = { +static struct _krb5_key_type keytype_des3 = { KEYTYPE_DES3, "des3", 168, 24, - sizeof(struct evp_schedule), + sizeof(struct _krb5_evp_schedule), DES3_random_key, _krb5_evp_schedule, _krb5_des3_salt, @@ -69,12 +69,12 @@ static struct key_type keytype_des3 = { }; #endif -static struct key_type keytype_des3_derived = { +static struct _krb5_key_type keytype_des3_derived = { KEYTYPE_DES3, "des3", 168, 24, - sizeof(struct evp_schedule), + sizeof(struct _krb5_evp_schedule), DES3_random_key, _krb5_evp_schedule, _krb5_des3_salt_derived, @@ -86,7 +86,7 @@ static struct key_type keytype_des3_derived = { #ifdef DES3_OLD_ENCTYPE static krb5_error_code RSA_MD5_DES3_checksum(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, @@ -97,7 +97,7 @@ RSA_MD5_DES3_checksum(krb5_context context, static krb5_error_code RSA_MD5_DES3_verify(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, @@ -106,7 +106,7 @@ RSA_MD5_DES3_verify(krb5_context context, return _krb5_des_verify(context, EVP_md5(), key, data, len, C); } -struct checksum_type _krb5_checksum_rsa_md5_des3 = { +struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = { CKSUMTYPE_RSA_MD5_DES3, "rsa-md5-des3", 64, @@ -117,7 +117,7 @@ struct checksum_type _krb5_checksum_rsa_md5_des3 = { }; #endif -struct checksum_type _krb5_checksum_hmac_sha1_des3 = { +struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3 = { CKSUMTYPE_HMAC_SHA1_DES3, "hmac-sha1-des3", 64, @@ -128,7 +128,7 @@ struct checksum_type _krb5_checksum_hmac_sha1_des3 = { }; #ifdef DES3_OLD_ENCTYPE -struct encryption_type _krb5_enctype_des3_cbc_md5 = { +struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5 = { ETYPE_DES3_CBC_MD5, "des3-cbc-md5", 8, @@ -144,7 +144,7 @@ struct encryption_type _krb5_enctype_des3_cbc_md5 = { }; #endif -struct encryption_type _krb5_enctype_des3_cbc_sha1 = { +struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1 = { ETYPE_DES3_CBC_SHA1, "des3-cbc-sha1", 8, @@ -160,7 +160,7 @@ struct encryption_type _krb5_enctype_des3_cbc_sha1 = { }; #ifdef DES3_OLD_ENCTYPE -struct encryption_type _krb5_enctype_old_des3_cbc_sha1 = { +struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1 = { ETYPE_OLD_DES3_CBC_SHA1, "old-des3-cbc-sha1", 8, @@ -176,7 +176,7 @@ struct encryption_type _krb5_enctype_old_des3_cbc_sha1 = { }; #endif -struct encryption_type _krb5_enctype_des3_cbc_none = { +struct _krb5_encryption_type _krb5_enctype_des3_cbc_none = { ETYPE_DES3_CBC_NONE, "des3-cbc-none", 8, diff --git a/source4/heimdal/lib/krb5/crypto-evp.c b/source4/heimdal/lib/krb5/crypto-evp.c index 69d1e2679d..3f9cd57bbc 100644 --- a/source4/heimdal/lib/krb5/crypto-evp.c +++ b/source4/heimdal/lib/krb5/crypto-evp.c @@ -35,10 +35,10 @@ void _krb5_evp_schedule(krb5_context context, - struct key_type *kt, - struct key_data *kd) + struct _krb5_key_type *kt, + struct _krb5_key_data *kd) { - struct evp_schedule *key = kd->schedule->data; + struct _krb5_evp_schedule *key = kd->schedule->data; const EVP_CIPHER *c = (*kt->evp)(); EVP_CIPHER_CTX_init(&key->ectx); @@ -49,23 +49,23 @@ _krb5_evp_schedule(krb5_context context, } void -_krb5_evp_cleanup(krb5_context context, struct key_data *kd) +_krb5_evp_cleanup(krb5_context context, struct _krb5_key_data *kd) { - struct evp_schedule *key = kd->schedule->data; + struct _krb5_evp_schedule *key = kd->schedule->data; EVP_CIPHER_CTX_cleanup(&key->ectx); EVP_CIPHER_CTX_cleanup(&key->dctx); } krb5_error_code _krb5_evp_encrypt(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, void *data, size_t len, krb5_boolean encryptp, int usage, void *ivec) { - struct evp_schedule *ctx = key->schedule->data; + struct _krb5_evp_schedule *ctx = key->schedule->data; EVP_CIPHER_CTX *c; c = encryptp ? &ctx->ectx : &ctx->dctx; if (ivec == NULL) { @@ -89,7 +89,7 @@ static const unsigned char zero_ivec[EVP_MAX_BLOCK_LENGTH] = { 0 }; krb5_error_code _krb5_evp_encrypt_cts(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, void *data, size_t len, krb5_boolean encryptp, @@ -97,7 +97,7 @@ _krb5_evp_encrypt_cts(krb5_context context, void *ivec) { size_t i, blocksize; - struct evp_schedule *ctx = key->schedule->data; + struct _krb5_evp_schedule *ctx = key->schedule->data; char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH]; EVP_CIPHER_CTX *c; unsigned char *p; diff --git a/source4/heimdal/lib/krb5/crypto-null.c b/source4/heimdal/lib/krb5/crypto-null.c index 3a5c6b6cb3..69d0e7c34e 100644 --- a/source4/heimdal/lib/krb5/crypto-null.c +++ b/source4/heimdal/lib/krb5/crypto-null.c @@ -37,7 +37,7 @@ #define DES3_OLD_ENCTYPE 1 #endif -static struct key_type keytype_null = { +static struct _krb5_key_type keytype_null = { KEYTYPE_NULL, "null", 0, @@ -50,7 +50,7 @@ static struct key_type keytype_null = { static krb5_error_code NONE_checksum(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, @@ -59,7 +59,7 @@ NONE_checksum(krb5_context context, return 0; } -struct checksum_type _krb5_checksum_none = { +struct _krb5_checksum_type _krb5_checksum_none = { CKSUMTYPE_NONE, "none", 1, @@ -71,7 +71,7 @@ struct checksum_type _krb5_checksum_none = { static krb5_error_code NULL_encrypt(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, void *data, size_t len, krb5_boolean encryptp, @@ -81,7 +81,7 @@ NULL_encrypt(krb5_context context, return 0; } -struct encryption_type _krb5_enctype_null = { +struct _krb5_encryption_type _krb5_enctype_null = { ETYPE_NULL, "null", 1, diff --git a/source4/heimdal/lib/krb5/crypto-pk.c b/source4/heimdal/lib/krb5/crypto-pk.c index 21e729c9e1..eb783c8998 100644 --- a/source4/heimdal/lib/krb5/crypto-pk.c +++ b/source4/heimdal/lib/krb5/crypto-pk.c @@ -44,7 +44,7 @@ _krb5_pk_octetstring2key(krb5_context context, const heim_octet_string *k_n, krb5_keyblock *key) { - struct encryption_type *et = _krb5_find_enctype(type); + struct _krb5_encryption_type *et = _krb5_find_enctype(type); krb5_error_code ret; size_t keylen, offset; void *keydata; @@ -205,7 +205,7 @@ _krb5_pk_kdf(krb5_context context, const Ticket *ticket, krb5_keyblock *key) { - struct encryption_type *et; + struct _krb5_encryption_type *et; krb5_error_code ret; krb5_data other; size_t keylen, offset; diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index aa417e15eb..5d274e9af7 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -35,17 +35,23 @@ #include "krb5_locl.h" +struct _krb5_key_usage { + unsigned usage; + struct _krb5_key_data key; +}; + + #ifndef HEIMDAL_SMALLER #define DES3_OLD_ENCTYPE 1 #endif static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, - unsigned, struct key_data**); -static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage); + unsigned, struct _krb5_key_data**); +static struct _krb5_key_data *_new_derived_key(krb5_crypto crypto, unsigned usage); static void free_key_schedule(krb5_context, - struct key_data *, - struct encryption_type *); + struct _krb5_key_data *, + struct _krb5_encryption_type *); /************************************************************ * * @@ -56,7 +62,7 @@ krb5_enctype_keysize(krb5_context context, krb5_enctype type, size_t *keysize) { - struct encryption_type *et = _krb5_find_enctype(type); + struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, N_("encryption type %d not supported", ""), @@ -72,7 +78,7 @@ krb5_enctype_keybits(krb5_context context, krb5_enctype type, size_t *keybits) { - struct encryption_type *et = _krb5_find_enctype(type); + struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, "encryption type %d not supported", @@ -89,7 +95,7 @@ krb5_generate_random_keyblock(krb5_context context, krb5_keyblock *key) { krb5_error_code ret; - struct encryption_type *et = _krb5_find_enctype(type); + struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, N_("encryption type %d not supported", ""), @@ -110,11 +116,11 @@ krb5_generate_random_keyblock(krb5_context context, static krb5_error_code _key_schedule(krb5_context context, - struct key_data *key) + struct _krb5_key_data *key) { krb5_error_code ret; - struct encryption_type *et = _krb5_find_enctype(key->key->keytype); - struct key_type *kt; + struct _krb5_encryption_type *et = _krb5_find_enctype(key->key->keytype); + struct _krb5_key_type *kt; if (et == NULL) { krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, @@ -150,7 +156,7 @@ _key_schedule(krb5_context context, static krb5_error_code SHA1_checksum(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, @@ -164,11 +170,11 @@ SHA1_checksum(krb5_context context, /* HMAC according to RFC2104 */ krb5_error_code _krb5_internal_hmac(krb5_context context, - struct checksum_type *cm, + struct _krb5_checksum_type *cm, const void *data, size_t len, unsigned usage, - struct key_data *keyblock, + struct _krb5_key_data *keyblock, Checksum *result) { unsigned char *ipad, *opad; @@ -228,8 +234,8 @@ krb5_hmac(krb5_context context, krb5_keyblock *key, Checksum *result) { - struct checksum_type *c = _krb5_find_checksum(cktype); - struct key_data kd; + struct _krb5_checksum_type *c = _krb5_find_checksum(cktype); + struct _krb5_key_data kd; krb5_error_code ret; if (c == NULL) { @@ -252,13 +258,13 @@ krb5_hmac(krb5_context context, krb5_error_code _krb5_SP_HMAC_SHA1_checksum(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, Checksum *result) { - struct checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1); + struct _krb5_checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1); Checksum res; char sha1_data[20]; krb5_error_code ret; @@ -273,7 +279,7 @@ _krb5_SP_HMAC_SHA1_checksum(krb5_context context, return 0; } -struct checksum_type _krb5_checksum_sha1 = { +struct _krb5_checksum_type _krb5_checksum_sha1 = { CKSUMTYPE_SHA1, "sha1", 64, @@ -283,7 +289,7 @@ struct checksum_type _krb5_checksum_sha1 = { NULL }; -struct checksum_type * +struct _krb5_checksum_type * _krb5_find_checksum(krb5_cksumtype type) { int i; @@ -297,8 +303,8 @@ static krb5_error_code get_checksum_key(krb5_context context, krb5_crypto crypto, unsigned usage, /* not krb5_key_usage */ - struct checksum_type *ct, - struct key_data **key) + struct _krb5_checksum_type *ct, + struct _krb5_key_data **key) { krb5_error_code ret = 0; @@ -327,7 +333,7 @@ get_checksum_key(krb5_context context, static krb5_error_code create_checksum (krb5_context context, - struct checksum_type *ct, + struct _krb5_checksum_type *ct, krb5_crypto crypto, unsigned usage, void *data, @@ -335,7 +341,7 @@ create_checksum (krb5_context context, Checksum *result) { krb5_error_code ret; - struct key_data *dkey; + struct _krb5_key_data *dkey; int keyed_checksum; if (ct->flags & F_DISABLED) { @@ -364,7 +370,7 @@ create_checksum (krb5_context context, } static int -arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto) +arcfour_checksum_p(struct _krb5_checksum_type *ct, krb5_crypto crypto) { return (ct->type == CKSUMTYPE_HMAC_MD5) && (crypto->key.key->keytype == KEYTYPE_ARCFOUR); @@ -379,7 +385,7 @@ krb5_create_checksum(krb5_context context, size_t len, Checksum *result) { - struct checksum_type *ct = NULL; + struct _krb5_checksum_type *ct = NULL; unsigned keyusage; /* type 0 -> pick from crypto */ @@ -417,10 +423,10 @@ verify_checksum(krb5_context context, Checksum *cksum) { krb5_error_code ret; - struct key_data *dkey; + struct _krb5_key_data *dkey; int keyed_checksum; Checksum c; - struct checksum_type *ct; + struct _krb5_checksum_type *ct; ct = _krb5_find_checksum(cksum->cksumtype); if (ct == NULL || (ct->flags & F_DISABLED)) { @@ -441,7 +447,7 @@ verify_checksum(krb5_context context, } keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum) { - struct checksum_type *kct; + struct _krb5_checksum_type *kct; if (crypto == NULL) { krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP, N_("Checksum type %s is keyed but no " @@ -511,7 +517,7 @@ krb5_verify_checksum(krb5_context context, size_t len, Checksum *cksum) { - struct checksum_type *ct; + struct _krb5_checksum_type *ct; unsigned keyusage; ct = _krb5_find_checksum(cksum->cksumtype); @@ -537,7 +543,7 @@ krb5_crypto_get_checksum_type(krb5_context context, krb5_crypto crypto, krb5_cksumtype *type) { - struct checksum_type *ct = NULL; + struct _krb5_checksum_type *ct = NULL; if (crypto != NULL) { ct = crypto->et->keyed_checksum; @@ -562,7 +568,7 @@ krb5_checksumsize(krb5_context context, krb5_cksumtype type, size_t *size) { - struct checksum_type *ct = _krb5_find_checksum(type); + struct _krb5_checksum_type *ct = _krb5_find_checksum(type); if(ct == NULL) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, N_("checksum type %d not supported", ""), @@ -577,7 +583,7 @@ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_keyed(krb5_context context, krb5_cksumtype type) { - struct checksum_type *ct = _krb5_find_checksum(type); + struct _krb5_checksum_type *ct = _krb5_find_checksum(type); if(ct == NULL) { if (context) krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, @@ -592,7 +598,7 @@ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_collision_proof(krb5_context context, krb5_cksumtype type) { - struct checksum_type *ct = _krb5_find_checksum(type); + struct _krb5_checksum_type *ct = _krb5_find_checksum(type); if(ct == NULL) { if (context) krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, @@ -607,7 +613,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_checksum_disable(krb5_context context, krb5_cksumtype type) { - struct checksum_type *ct = _krb5_find_checksum(type); + struct _krb5_checksum_type *ct = _krb5_find_checksum(type); if(ct == NULL) { if (context) krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, @@ -623,7 +629,7 @@ krb5_checksum_disable(krb5_context context, * * ************************************************************/ -struct encryption_type * +struct _krb5_encryption_type * _krb5_find_enctype(krb5_enctype type) { int i; @@ -639,7 +645,7 @@ krb5_enctype_to_string(krb5_context context, krb5_enctype etype, char **string) { - struct encryption_type *e; + struct _krb5_encryption_type *e; e = _krb5_find_enctype(etype); if(e == NULL) { krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, @@ -678,7 +684,7 @@ krb5_enctype_to_keytype(krb5_context context, krb5_enctype etype, krb5_keytype *keytype) { - struct encryption_type *e = _krb5_find_enctype(etype); + struct _krb5_encryption_type *e = _krb5_find_enctype(etype); if(e == NULL) { krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, N_("encryption type %d not supported", ""), @@ -693,7 +699,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid(krb5_context context, krb5_enctype etype) { - struct encryption_type *e = _krb5_find_enctype(etype); + struct _krb5_encryption_type *e = _krb5_find_enctype(etype); if(e == NULL) { krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, N_("encryption type %d not supported", ""), @@ -751,7 +757,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_valid(krb5_context context, krb5_cksumtype ctype) { - struct checksum_type *c = _krb5_find_checksum(ctype); + struct _krb5_checksum_type *c = _krb5_find_checksum(ctype); if (c == NULL) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, N_("checksum type %d not supported", ""), @@ -798,8 +804,8 @@ encrypt_internal_derived(krb5_context context, Checksum cksum; unsigned char *p, *q; krb5_error_code ret; - struct key_data *dkey; - const struct encryption_type *et = crypto->et; + struct _krb5_key_data *dkey; + const struct _krb5_encryption_type *et = crypto->et; checksum_sz = CHECKSUMSIZE(et->keyed_checksum); @@ -864,7 +870,7 @@ encrypt_internal(krb5_context context, Checksum cksum; unsigned char *p, *q; krb5_error_code ret; - const struct encryption_type *et = crypto->et; + const struct _krb5_encryption_type *et = crypto->et; checksum_sz = CHECKSUMSIZE(et->checksum); @@ -926,7 +932,7 @@ encrypt_internal_special(krb5_context context, krb5_data *result, void *ivec) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t cksum_sz = CHECKSUMSIZE(et->checksum); size_t sz = len + cksum_sz + et->confoundersize; char *tmp, *p; @@ -967,8 +973,8 @@ decrypt_internal_derived(krb5_context context, Checksum cksum; unsigned char *p; krb5_error_code ret; - struct key_data *dkey; - struct encryption_type *et = crypto->et; + struct _krb5_key_data *dkey; + struct _krb5_encryption_type *et = crypto->et; unsigned long l; checksum_sz = CHECKSUMSIZE(et->keyed_checksum); @@ -1047,7 +1053,7 @@ decrypt_internal(krb5_context context, unsigned char *p; Checksum cksum; size_t checksum_sz, l; - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; if ((len % et->padsize) != 0) { krb5_clear_error_message(context); @@ -1112,7 +1118,7 @@ decrypt_internal_special(krb5_context context, krb5_data *result, void *ivec) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t cksum_sz = CHECKSUMSIZE(et->checksum); size_t sz = len - cksum_sz - et->confoundersize; unsigned char *p; @@ -1201,8 +1207,8 @@ krb5_encrypt_iov_ivec(krb5_context context, Checksum cksum; unsigned char *p, *q; krb5_error_code ret; - struct key_data *dkey; - const struct encryption_type *et = crypto->et; + struct _krb5_key_data *dkey; + const struct _krb5_encryption_type *et = crypto->et; krb5_crypto_iov *tiv, *piv, *hiv; if (num_data < 0) { @@ -1393,8 +1399,8 @@ krb5_decrypt_iov_ivec(krb5_context context, Checksum cksum; unsigned char *p, *q; krb5_error_code ret; - struct key_data *dkey; - struct encryption_type *et = crypto->et; + struct _krb5_key_data *dkey; + struct _krb5_encryption_type *et = crypto->et; krb5_crypto_iov *tiv, *hiv; if (num_data < 0) { @@ -1619,7 +1625,7 @@ krb5_verify_checksum_iov(krb5_context context, unsigned int num_data, krb5_cksumtype *type) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; Checksum cksum; krb5_crypto_iov *civ; krb5_error_code ret; @@ -1833,15 +1839,15 @@ krb5_decrypt_EncryptedData(krb5_context context, krb5_error_code _krb5_derive_key(krb5_context context, - struct encryption_type *et, - struct key_data *key, + struct _krb5_encryption_type *et, + struct _krb5_key_data *key, const void *constant, size_t len) { unsigned char *k = NULL; unsigned int nblocks = 0, i; krb5_error_code ret = 0; - struct key_type *kt = et->keytype; + struct _krb5_key_type *kt = et->keytype; ret = _key_schedule(context, key); if(ret) @@ -1923,10 +1929,10 @@ _krb5_derive_key(krb5_context context, return ret; } -static struct key_data * +static struct _krb5_key_data * _new_derived_key(krb5_crypto crypto, unsigned usage) { - struct key_usage *d = crypto->key_usage; + struct _krb5_key_usage *d = crypto->key_usage; d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d)); if(d == NULL) return NULL; @@ -1946,8 +1952,8 @@ krb5_derive_key(krb5_context context, krb5_keyblock **derived_key) { krb5_error_code ret; - struct encryption_type *et; - struct key_data d; + struct _krb5_encryption_type *et; + struct _krb5_key_data d; *derived_key = NULL; @@ -1975,10 +1981,10 @@ static krb5_error_code _get_derived_key(krb5_context context, krb5_crypto crypto, unsigned usage, - struct key_data **key) + struct _krb5_key_data **key) { int i; - struct key_data *d; + struct _krb5_key_data *d; unsigned char constant[5]; for(i = 0; i < crypto->num_key_usage; i++) @@ -2060,8 +2066,8 @@ krb5_crypto_init(krb5_context context, static void free_key_schedule(krb5_context context, - struct key_data *key, - struct encryption_type *et) + struct _krb5_key_data *key, + struct _krb5_encryption_type *et) { if (et->keytype->cleanup) (*et->keytype->cleanup)(context, key); @@ -2070,8 +2076,8 @@ free_key_schedule(krb5_context context, } void -_krb5_free_key_data(krb5_context context, struct key_data *key, - struct encryption_type *et) +_krb5_free_key_data(krb5_context context, struct _krb5_key_data *key, + struct _krb5_encryption_type *et) { krb5_free_keyblock(context, key->key); if(key->schedule) { @@ -2081,8 +2087,8 @@ _krb5_free_key_data(krb5_context context, struct key_data *key, } static void -free_key_usage(krb5_context context, struct key_usage *ku, - struct encryption_type *et) +free_key_usage(krb5_context context, struct _krb5_key_usage *ku, + struct _krb5_encryption_type *et) { _krb5_free_key_data(context, &ku->key, et); } @@ -2212,7 +2218,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable(krb5_context context, krb5_enctype enctype) { - struct encryption_type *et = _krb5_find_enctype(enctype); + struct _krb5_encryption_type *et = _krb5_find_enctype(enctype); if(et == NULL) { if (context) krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, @@ -2239,7 +2245,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_enable(krb5_context context, krb5_enctype enctype) { - struct encryption_type *et = _krb5_find_enctype(enctype); + struct _krb5_encryption_type *et = _krb5_find_enctype(enctype); if(et == NULL) { if (context) krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, @@ -2283,7 +2289,7 @@ wrapped_length (krb5_context context, krb5_crypto crypto, size_t data_len) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t padsize = et->padsize; size_t checksumsize = CHECKSUMSIZE(et->checksum); size_t res; @@ -2298,7 +2304,7 @@ wrapped_length_dervied (krb5_context context, krb5_crypto crypto, size_t data_len) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t padsize = et->padsize; size_t res; @@ -2334,7 +2340,7 @@ static size_t crypto_overhead (krb5_context context, krb5_crypto crypto) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t res; res = CHECKSUMSIZE(et->checksum); @@ -2348,7 +2354,7 @@ static size_t crypto_overhead_dervied (krb5_context context, krb5_crypto crypto) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t res; if (et->keyed_checksum) @@ -2395,7 +2401,7 @@ krb5_random_to_key(krb5_context context, krb5_keyblock *key) { krb5_error_code ret; - struct encryption_type *et = _krb5_find_enctype(type); + struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, N_("encryption type %d not supported", ""), @@ -2429,7 +2435,7 @@ krb5_crypto_prf_length(krb5_context context, krb5_enctype type, size_t *length) { - struct encryption_type *et = _krb5_find_enctype(type); + struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL || et->prf_length == 0) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, @@ -2448,7 +2454,7 @@ krb5_crypto_prf(krb5_context context, const krb5_data *input, krb5_data *output) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; krb5_data_zero(output); @@ -2640,8 +2646,8 @@ krb5_enctypes_compatible_keys(krb5_context context, krb5_enctype etype1, krb5_enctype etype2) { - struct encryption_type *e1 = _krb5_find_enctype(etype1); - struct encryption_type *e2 = _krb5_find_enctype(etype2); + struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1); + struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2); return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype; } diff --git a/source4/heimdal/lib/krb5/crypto.h b/source4/heimdal/lib/krb5/crypto.h index c57221b1e6..bf945875b9 100644 --- a/source4/heimdal/lib/krb5/crypto.h +++ b/source4/heimdal/lib/krb5/crypto.h @@ -35,21 +35,18 @@ #define DES3_OLD_ENCTYPE 1 #endif -struct key_data { +struct _krb5_key_data { krb5_keyblock *key; krb5_data *schedule; }; -struct key_usage { - unsigned usage; - struct key_data key; -}; +struct _krb5_key_usage; struct krb5_crypto_data { - struct encryption_type *et; - struct key_data key; + struct _krb5_encryption_type *et; + struct _krb5_key_data key; int num_key_usage; - struct key_usage *key_usage; + struct _krb5_key_usage *key_usage; }; #define CRYPTO_ETYPE(C) ((C)->et->type) @@ -71,50 +68,50 @@ struct salt_type { krb5_salt, krb5_data, krb5_keyblock*); }; -struct key_type { +struct _krb5_key_type { krb5_keytype type; /* XXX */ const char *name; size_t bits; size_t size; size_t schedule_size; void (*random_key)(krb5_context, krb5_keyblock*); - void (*schedule)(krb5_context, struct key_type *, struct key_data *); + void (*schedule)(krb5_context, struct _krb5_key_type *, struct _krb5_key_data *); struct salt_type *string_to_key; void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); - void (*cleanup)(krb5_context, struct key_data *); + void (*cleanup)(krb5_context, struct _krb5_key_data *); const EVP_CIPHER *(*evp)(void); }; -struct checksum_type { +struct _krb5_checksum_type { krb5_cksumtype type; const char *name; size_t blocksize; size_t checksumsize; unsigned flags; krb5_error_code (*checksum)(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *buf, size_t len, unsigned usage, Checksum *csum); krb5_error_code (*verify)(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *buf, size_t len, unsigned usage, Checksum *csum); }; -struct encryption_type { +struct _krb5_encryption_type { krb5_enctype type; const char *name; size_t blocksize; size_t padsize; size_t confoundersize; - struct key_type *keytype; - struct checksum_type *checksum; - struct checksum_type *keyed_checksum; + struct _krb5_key_type *keytype; + struct _krb5_checksum_type *checksum; + struct _krb5_checksum_type *keyed_checksum; unsigned flags; krb5_error_code (*encrypt)(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, void *data, size_t len, krb5_boolean encryptp, int usage, @@ -130,20 +127,20 @@ struct encryption_type { /* Checksums */ -extern struct checksum_type _krb5_checksum_none; -extern struct checksum_type _krb5_checksum_crc32; -extern struct checksum_type _krb5_checksum_rsa_md4; -extern struct checksum_type _krb5_checksum_rsa_md4_des; -extern struct checksum_type _krb5_checksum_rsa_md5_des; -extern struct checksum_type _krb5_checksum_rsa_md5_des3; -extern struct checksum_type _krb5_checksum_rsa_md5; -extern struct checksum_type _krb5_checksum_hmac_sha1_des3; -extern struct checksum_type _krb5_checksum_hmac_sha1_aes128; -extern struct checksum_type _krb5_checksum_hmac_sha1_aes256; -extern struct checksum_type _krb5_checksum_hmac_md5; -extern struct checksum_type _krb5_checksum_sha1; - -extern struct checksum_type *_krb5_checksum_types[]; +extern struct _krb5_checksum_type _krb5_checksum_none; +extern struct _krb5_checksum_type _krb5_checksum_crc32; +extern struct _krb5_checksum_type _krb5_checksum_rsa_md4; +extern struct _krb5_checksum_type _krb5_checksum_rsa_md4_des; +extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des; +extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3; +extern struct _krb5_checksum_type _krb5_checksum_rsa_md5; +extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3; +extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128; +extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256; +extern struct _krb5_checksum_type _krb5_checksum_hmac_md5; +extern struct _krb5_checksum_type _krb5_checksum_sha1; + +extern struct _krb5_checksum_type *_krb5_checksum_types[]; extern int _krb5_num_checksums; /* Salts */ @@ -156,27 +153,27 @@ extern struct salt_type _krb5_des3_salt_derived[]; /* Encryption types */ -extern struct encryption_type _krb5_enctype_aes256_cts_hmac_sha1; -extern struct encryption_type _krb5_enctype_aes128_cts_hmac_sha1; -extern struct encryption_type _krb5_enctype_des3_cbc_sha1; -extern struct encryption_type _krb5_enctype_des3_cbc_md5; -extern struct encryption_type _krb5_enctype_des3_cbc_none; -extern struct encryption_type _krb5_enctype_arcfour_hmac_md5; -extern struct encryption_type _krb5_enctype_des_cbc_md5; -extern struct encryption_type _krb5_enctype_old_des3_cbc_sha1; -extern struct encryption_type _krb5_enctype_des_cbc_crc; -extern struct encryption_type _krb5_enctype_des_cbc_md4; -extern struct encryption_type _krb5_enctype_des_cbc_md5; -extern struct encryption_type _krb5_enctype_des_cbc_none; -extern struct encryption_type _krb5_enctype_des_cfb64_none; -extern struct encryption_type _krb5_enctype_des_pcbc_none; -extern struct encryption_type _krb5_enctype_null; - -extern struct encryption_type *_krb5_etypes[]; +extern struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1; +extern struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1; +extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1; +extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5; +extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_none; +extern struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5; +extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5; +extern struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1; +extern struct _krb5_encryption_type _krb5_enctype_des_cbc_crc; +extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md4; +extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5; +extern struct _krb5_encryption_type _krb5_enctype_des_cbc_none; +extern struct _krb5_encryption_type _krb5_enctype_des_cfb64_none; +extern struct _krb5_encryption_type _krb5_enctype_des_pcbc_none; +extern struct _krb5_encryption_type _krb5_enctype_null; + +extern struct _krb5_encryption_type *_krb5_etypes[]; extern int _krb5_num_etypes; /* Interface to the EVP crypto layer provided by hcrypto */ -struct evp_schedule { +struct _krb5_evp_schedule { EVP_CIPHER_CTX ectx; EVP_CIPHER_CTX dctx; }; diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index e06d4a12be..7f2b57247d 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -734,7 +734,7 @@ get_cred_kdc_capath_worker(krb5_context context, krb5_creds *in_creds, krb5_const_realm try_realm, krb5_principal impersonate_principal, - Ticket *second_ticket, + Ticket *second_ticket, krb5_creds **out_creds, krb5_creds ***ret_tgts) { @@ -860,7 +860,7 @@ get_cred_kdc_capath_worker(krb5_context context, } krb5_free_creds(context, tgt); return ret; -} +} /* get_cred(server) @@ -883,7 +883,7 @@ get_cred_kdc_capath(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_principal impersonate_principal, - Ticket *second_ticket, + Ticket *second_ticket, krb5_creds **out_creds, krb5_creds ***ret_tgts) { diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c index e060774533..96c0bce273 100644 --- a/source4/heimdal/lib/krb5/keytab.c +++ b/source4/heimdal/lib/krb5/keytab.c @@ -78,8 +78,9 @@ * and/or temporary data not to be stored on disk. The type's name * is MEMORY. Each MEMORY keytab is referenced counted by and * opened by the residual name, so two handles can point to the - * same memory area. When the last user closes the entry, it - * disappears. + * same memory area. When the last user closes using krb5_kt_close() + * the keytab, the keys in they keytab is memset() to zero and freed + * and can no longer be looked up by name. * * * @subsection krb5_keytab_example Keytab example diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index dd579f973b..8d671e3d36 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -241,6 +241,8 @@ typedef enum krb5_key_usage { /* Encryption of the SAM-NONCE-OR-SAD field */ KRB5_KU_PA_PKINIT_KX = 44, /* Encryption type of the kdc session contribution in pk-init */ + KRB5_KU_AS_REQ = 56, + /* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */ KRB5_KU_DIGEST_ENCRYPT = -18, /* Encryption key usage used in the digest encryption field */ KRB5_KU_DIGEST_OPAQUE = -19, diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c index db2428f95b..046a89cc6a 100644 --- a/source4/heimdal/lib/krb5/pac.c +++ b/source4/heimdal/lib/krb5/pac.c @@ -87,7 +87,7 @@ HMAC_MD5_any_checksum(krb5_context context, unsigned usage, Checksum *result) { - struct key_data local_key; + struct _krb5_key_data local_key; krb5_error_code ret; memset(&local_key, 0, sizeof(local_key)); @@ -106,7 +106,7 @@ HMAC_MD5_any_checksum(krb5_context context, ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result); if (ret) krb5_data_free(&result->checksum); - + krb5_free_keyblock(context, local_key.key); return ret; } diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index 8aff72ec85..ea47e13a7b 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -379,7 +379,7 @@ _krb5_plugin_free(struct krb5_plugin *list) /* * module - dict of { * ModuleName = [ - * plugin = object{ + * plugin = object{ * array = { ptr, ctx } * } * ] @@ -556,7 +556,7 @@ search_modules(void *ctx, heim_object_t key, heim_object_t value) return; pl = heim_alloc(sizeof(*pl), "struct-plug", plug_free); - + cpm = pl->dataptr = dlsym(p->dsohandle, s->name); if (cpm) { int ret; @@ -569,10 +569,10 @@ search_modules(void *ctx, heim_object_t key, heim_object_t value) } else { cpm = pl->dataptr; } - + if (cpm && cpm->version >= s->min_version) heim_array_append_value(s->result, pl); - + heim_release(pl); } @@ -619,11 +619,11 @@ _krb5_plugin_run_f(krb5_context context, s.userctx = userctx; heim_dict_iterate_f(dict, search_modules, &s); - + heim_release(dict); - + HEIMDAL_MUTEX_unlock(&plugin_mutex); - + s.ret = KRB5_PLUGIN_NO_HANDLE; heim_array_iterate_f(s.result, eval_results, &s); diff --git a/source4/heimdal/lib/krb5/salt-aes.c b/source4/heimdal/lib/krb5/salt-aes.c index 1c40b54f6b..32dafd68cb 100644 --- a/source4/heimdal/lib/krb5/salt-aes.c +++ b/source4/heimdal/lib/krb5/salt-aes.c @@ -45,8 +45,8 @@ AES_string_to_key(krb5_context context, { krb5_error_code ret; uint32_t iter; - struct encryption_type *et; - struct key_data kd; + struct _krb5_encryption_type *et; + struct _krb5_key_data kd; if (opaque.length == 0) iter = _krb5_AES_string_to_default_iterator; diff --git a/source4/heimdal/lib/krb5/salt.c b/source4/heimdal/lib/krb5/salt.c index 69375f6a81..6f18308743 100644 --- a/source4/heimdal/lib/krb5/salt.c +++ b/source4/heimdal/lib/krb5/salt.c @@ -39,7 +39,7 @@ krb5_salttype_to_string (krb5_context context, krb5_salttype stype, char **string) { - struct encryption_type *e; + struct _krb5_encryption_type *e; struct salt_type *st; e = _krb5_find_enctype (etype); @@ -71,7 +71,7 @@ krb5_string_to_salttype (krb5_context context, const char *string, krb5_salttype *salttype) { - struct encryption_type *e; + struct _krb5_encryption_type *e; struct salt_type *st; e = _krb5_find_enctype (etype); @@ -187,7 +187,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context, krb5_data opaque, krb5_keyblock *key) { - struct encryption_type *et =_krb5_find_enctype(enctype); + struct _krb5_encryption_type *et =_krb5_find_enctype(enctype); struct salt_type *st; if(et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, @@ -247,9 +247,9 @@ krb5_string_to_key_derived(krb5_context context, krb5_enctype etype, krb5_keyblock *key) { - struct encryption_type *et = _krb5_find_enctype(etype); + struct _krb5_encryption_type *et = _krb5_find_enctype(etype); krb5_error_code ret; - struct key_data kd; + struct _krb5_key_data kd; size_t keylen; u_char *tmp; -- cgit