# HG changeset patch # User Will Fiveash # Date 1490376543 18000 # Node ID 50d75ee82dadadbb16ce378803bd0d23c7631104 # Parent e94c44902e5121a6a8b176e7b249c4fae4733006 25114734 Userland krb should use libucrypto diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Makefile --- a/components/krb5/Makefile Wed Apr 26 04:31:59 2017 -0700 +++ b/components/krb5/Makefile Fri Mar 24 12:29:03 2017 -0500 @@ -96,7 +96,8 @@ CONFIGURE_OPTIONS.32 += --libexecdir=$(USRLIBDIR) CONFIGURE_OPTIONS.64 += --libexecdir=$(USRLIBDIR)/$(MACH64) CONFIGURE_OPTIONS += --includedir=$(USRINCDIR)/kerberosv5 -CONFIGURE_OPTIONS += --with-crypto-impl=openssl +CONFIGURE_OPTIONS += --with-pkinit-crypto-impl=openssl +CONFIGURE_OPTIONS += --with-crypto-impl=ucrypto CONFIGURE_OPTIONS += --with-ldap CONFIGURE_OPTIONS += --with-prng-alg=os CONFIGURE_OPTIONS += --with-tcl=$(USRDIR) @@ -142,8 +143,10 @@ $(MKDIR) -p $(AUDIT_DIR); $(CP) Solaris/audit/* $(AUDIT_DIR); \ $(CP) Solaris/audit/kadmind_audit.* $(SOURCE_DIR)/src/kadmin/server; -# We move xdr_alloc.c and supporting dyn code from libgssrpc directly -# into libkadm5srv_mit. kadmind is the only consumer anyway. +# We move xdr_alloc.c and supporting dyn code from libgssrpc directly into +# libkadm5srv_mit. kadmind is the only consumer anyway. Also setting up the +# ucrypto provider directory and creating symlinks needed by the ucrypto crypto +# provider. SRCLIB=$(SOURCE_DIR)/src/lib COMPONENT_PREP_ACTION += \ $(CP) $(SRCLIB)/rpc/xdr_alloc.c $(SRCLIB)/kadm5/srv/; \ @@ -151,6 +154,13 @@ $(CP) $(SRCLIB)/rpc/dyn.h $(SRCLIB)/kadm5/srv/; \ $(CP) $(SRCLIB)/rpc/dynP.h $(SRCLIB)/kadm5/srv/; \ $(CP) $(SRCLIB)/rpc/dyntest.c $(SRCLIB)/kadm5/srv/; \ + (cd Solaris && $(TAR) -cf - ucrypto) | (cd $(SRCLIB)/crypto && tar -xf -); \ + $(LN) -s ../../builtin/des/des_keys.c $(SRCLIB)/crypto/ucrypto/des/; \ + $(LN) -s ../../builtin/des/f_parity.c $(SRCLIB)/crypto/ucrypto/des/; \ + $(LN) -s ../../builtin/des/weak_key.c $(SRCLIB)/crypto/ucrypto/des/; \ + $(LN) -s ../../builtin/des/des_int.h $(SRCLIB)/crypto/ucrypto/des/; \ + $(LN) -s ../../builtin/hash_provider/hash_crc32.c $(SRCLIB)/crypto/ucrypto/hash_provider/; \ + $(LN) -s ../builtin/pbkdf2.c $(SRCLIB)/crypto/ucrypto/; \ # Common flags used to create the filter libs below FILTLIBFLAGS = -G $(LD_B_DIRECT) $(LD_Z_DEFS) $(LD_Z_TEXT) @@ -213,6 +223,7 @@ REQUIRED_PACKAGES += shell/ksh93 REQUIRED_PACKAGES += system/core-os REQUIRED_PACKAGES += system/library/math +REQUIRED_PACKAGES += system/library/security/crypto REQUIRED_PACKAGES += system/library/security/gss REQUIRED_PACKAGES += system/library/security/sasl/digestmd5 REQUIRED_PACKAGES += system/network/ldap/openldap diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/Makefile.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/Makefile.in Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,46 @@ +mydir=lib$(S)crypto$(S)ucrypto +BUILDTOP=$(REL)..$(S)..$(S).. +SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider +LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir) + +STLIBOBJS=\ + hmac.o \ + init.o \ + pbkdf2.o \ + stubs.o + +OBJS=\ + $(OUTPRE)hmac.$(OBJEXT) \ + $(OUTPRE)init.$(OBJEXT) \ + $(OUTPRE)pbkdf2.$(OBJEXT) \ + $(OUTPRE)stubs.$(OBJEXT) + +SRCS=\ + $(srcdir)/hmac.c \ + $(srcdir)/init.c \ + $(srcdir)/pbkdf2.c \ + $(srcdir)/stubs.c + +STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ + md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ + enc_provider/OBJS.ST \ + hash_provider/OBJS.ST \ + aes/OBJS.ST \ + OBJS.ST + +SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ + md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ + enc_provider/OBJS.ST \ + hash_provider/OBJS.ST \ + aes/OBJS.ST + +all-unix:: all-libobjs +includes:: depend + +depend:: $(SRCS) + +clean-unix:: clean-libobjs + +@lib_frag@ +@libobj_frag@ + diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/aes/Makefile.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/aes/Makefile.in Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,6 @@ +# Placeholder since all crypto modules must have the same structure. +mydir=lib$(S)crypto$(S)ucrypto$(S)aes +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +all-unix:: all-libobjs +clean-unix:: clean-libobjs +@libobj_frag@ diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/aes/deps --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/aes/deps Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,1 @@ +# No dependencies here. diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/camellia/Makefile.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/camellia/Makefile.in Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,6 @@ +# Placeholder since all crypto modules must have the same structure. +mydir=lib$(S)crypto$(S)ucrypto$(S)camellia +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +all-unix:: all-libobjs +clean-unix:: clean-libobjs +@libobj_frag@ diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/camellia/deps --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/camellia/deps Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,1 @@ +# No dependencies here. diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/crypto_mod.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/crypto_mod.h Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,36 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/openssl/crypto_mod.h - OpenSSL crypto module declarations */ +/* + * Copyright (C) 2011 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * This header is included from lib/crypto/krb/crypto_int.h to provide + * module-specific declarations. It is not included directly from source + * files. + */ + +#ifndef CRYPTO_MOD_H +#define CRYPTO_MOD_H + +#endif /* CRYPTO_MOD_H */ diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/deps --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/deps Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,46 @@ +# +# Generated makefile dependencies follow. +# +hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + crypto_mod.h hmac.c +init.so init.po $(OUTPRE)init.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + crypto_mod.h init.c +pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + crypto_mod.h pbkdf2.c +stubs.so stubs.po $(OUTPRE)stubs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h stubs.c diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/des/Makefile.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/des/Makefile.in Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,23 @@ +mydir=lib$(S)crypto$(S)ucrypto$(S)des +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +CRYPTO_IMPL_CFLAGS=@CRYPTO_IMPL_CFLAGS@ +LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. $(CRYPTO_IMPL_CFLAGS) + +STLIBOBJS= des_keys.o weak_key.o f_parity.o + +OBJS= $(OUTPRE)des_keys.$(OBJEXT) \ + $(OUTPRE)weak_key.$(OBJEXT) \ + $(OUTPRE)f_parity.$(OBJEXT) + +SRCS= $(srcdir)/des_keys.c $(srcdir)/weak_key.c $(srcdir)/f_parity.c + +all-unix:: all-libobjs + +includes:: depend + +depend:: $(SRCS) + +clean-unix:: clean-libobjs + +@libobj_frag@ + diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/des/deps --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/des/deps Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,15 @@ +# +# Generated makefile dependencies follow. +# +des_keys.so des_keys.po $(OUTPRE)des_keys.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + des_keys.c diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/enc_provider/Makefile.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/enc_provider/Makefile.in Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,38 @@ +mydir=lib$(S)crypto$(S)ucrypto$(S)enc_provider +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +builtinsrcdir = $(top_srcdir)/lib/crypto/builtin +LOCALINCLUDES = -I$(builtinsrcdir)/des \ + -I$(builtinsrcdir)/camellia \ + -I$(srcdir)/../../krb \ + -I$(srcdir)/.. + +STLIBOBJS= \ + des.o \ + des3.o \ + rc4.o \ + aes.o \ + camellia.o + +OBJS= \ + $(OUTPRE)des.$(OBJEXT) \ + $(OUTPRE)des3.$(OBJEXT) \ + $(OUTPRE)aes.$(OBJEXT) \ + $(OUTPRE)camellia.$(OBJEXT) \ + $(OUTPRE)rc4.$(OBJEXT) + +SRCS= \ + $(srcdir)/des.c \ + $(srcdir)/des3.c \ + $(srcdir)/aes.c \ + $(srcdir)/camellia.c \ + $(srcdir)/rc4.c + +all-unix:: all-libobjs + +includes:: depend + +depend:: $(SRCS) + +clean-unix:: clean-libobjs + +@libobj_frag@ diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/enc_provider/aes.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/enc_provider/aes.c Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,253 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/ucrypto/enc_provider/aes.c */ +/* + * Copyright (C) 2003, 2007, 2008, 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + */ + +#include "crypto_int.h" +#include + +#define BLOCK_SIZE 16 + +#define ENCRYPT_OP 1 +#define DECRYPT_OP 2 + +/* + * The cbc_docrypt function is here to handle the case where there is only 1 + * block of plain/cipher text to process. + */ +static krb5_error_code +cbc_docrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data, int op_type) +{ + int ret = 0; + unsigned char iblock[BLOCK_SIZE], oblock[BLOCK_SIZE]; + size_t olen = sizeof (oblock); + unsigned char tmp_iv[BLOCK_SIZE]; + struct iov_cursor cursor; + + if (ivec && ivec->data){ + if (ivec->length != sizeof (tmp_iv)) + return KRB5_CRYPTO_INTERNAL; + memcpy(tmp_iv, ivec->data, ivec->length); + } else { + memset(tmp_iv, 0, sizeof (tmp_iv)); + } + + /* Init iovec cursor to gather data for encypting (FALSE) */ + k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE); + k5_iov_cursor_get(&cursor, iblock); + + if (op_type == ENCRYPT_OP) { + if (ucrypto_encrypt(CRYPTO_AES_CBC, + key->keyblock.contents, + key->keyblock.length, + tmp_iv, sizeof (tmp_iv), + iblock, sizeof (iblock), + oblock, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } + } else { + if (ucrypto_decrypt(CRYPTO_AES_CBC, + key->keyblock.contents, + key->keyblock.length, + tmp_iv, sizeof (tmp_iv), + iblock, sizeof (iblock), + oblock, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } + } + + if (!ret) { + assert(olen == BLOCK_SIZE); + k5_iov_cursor_put(&cursor, oblock); + + if (ivec && ivec->data) { + if (op_type == ENCRYPT_OP) + memcpy(ivec->data, oblock, BLOCK_SIZE); + else + memcpy(ivec->data, iblock, BLOCK_SIZE); + } + } + + zap(iblock, sizeof (iblock)); + zap(oblock, sizeof (oblock)); + + return ret; +} + +static krb5_error_code +cts_docrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data, size_t dlen, size_t dblks, int op_type) +{ + int ret = 0; + size_t olen = dlen; + unsigned char *obuf, *dbuf; + unsigned char iv_cts[BLOCK_SIZE]; + struct iov_cursor cursor; + + if (ivec && ivec->data){ + if (ivec->length != sizeof (iv_cts)) + return KRB5_CRYPTO_INTERNAL; + memcpy(iv_cts, ivec->data, ivec->length); + } else { + memset(iv_cts, 0, sizeof (iv_cts)); + } + + obuf = malloc(olen); + if (!obuf) + return ENOMEM; + + dbuf = malloc(dlen); + if (!dbuf){ + free(obuf); + return ENOMEM; + } + + /* Init iov cursor to gather data for encypting/decrypting (FALSE) */ + k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE); + /* Get all the data to be encrypted/decrypted into dbuf */ + k5_iov_cursor_get(&cursor, dbuf); + + if (op_type == ENCRYPT_OP) { + if (ucrypto_encrypt(CRYPTO_AES_CTS, + key->keyblock.contents, + key->keyblock.length, + iv_cts, sizeof (iv_cts), + dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } + } else { + if (ucrypto_decrypt(CRYPTO_AES_CTS, + key->keyblock.contents, + key->keyblock.length, + iv_cts, sizeof (iv_cts), + dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } + } + + if (!ret) { + assert(olen == dlen); + k5_iov_cursor_put(&cursor, obuf); + /* + * Updating the ivec arg, if present because of an old/obscure concept + * of cipher state that is being used by only BSD rlogin. See RFCs + * 1391 and 1392 in regards to the vague description of cipher state. + * For encrypt/decrypt use the second to the last block of ciphertext + * if > 1 block. + */ + if (ivec && ivec->data) { + unsigned char *bufptr = (op_type == ENCRYPT_OP) ? obuf : dbuf; + /* + * For encrypt obuf is ciphertext, for decrypt its dbuf which was + * input. + */ + memcpy(ivec->data, bufptr + ((dblks - 2) * BLOCK_SIZE), + BLOCK_SIZE); + } + } + + zapfree(obuf, olen); + zapfree(dbuf, dlen); + + return ret; +} + +krb5_error_code +krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data) +{ + size_t input_length, nblocks; + + input_length = iov_total_length(data, num_data, FALSE); + nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; + if (nblocks == 1) { + if (input_length != BLOCK_SIZE) + return KRB5_BAD_MSIZE; + /* + * Setting the ivec arg to NULL as a result of MIT bug ticket 8551 + * Crypto providers not updating cipher state when 1 block plaintext is + * encrypted. For now we leave the bug in since it has existed in MIT + * code a long time and the tests need the buggy behavior to pass at + * this point. + */ + return cbc_docrypt(key, NULL, data, num_data, ENCRYPT_OP); + } else { /* nblocks > 1 */ + return cts_docrypt(key, ivec, data, num_data, input_length, nblocks, + ENCRYPT_OP); + } +} + +krb5_error_code +krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data) +{ + size_t input_length, nblocks; + + input_length = iov_total_length(data, num_data, FALSE); + nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; + if (nblocks == 1) { + if (input_length != BLOCK_SIZE) + return KRB5_BAD_MSIZE; + /* See comment about ivec arg above... */ + return cbc_docrypt(key, NULL, data, num_data, DECRYPT_OP); + } else { /* nblocks > 1 */ + return cts_docrypt(key, ivec, data, num_data, input_length, nblocks, + DECRYPT_OP); + } +} + +static krb5_error_code +krb5int_aes_init_state (const krb5_keyblock *key, krb5_keyusage usage, + krb5_data *state) +{ + state->data = calloc(1, BLOCK_SIZE); + if (state->data == NULL) + return ENOMEM; + state->length = BLOCK_SIZE; + return 0; +} + +const struct krb5_enc_provider krb5int_enc_aes128 = { + BLOCK_SIZE, + 16, 16, + krb5int_aes_encrypt, + krb5int_aes_decrypt, + NULL, + krb5int_aes_init_state, + krb5int_default_free_state +}; + +const struct krb5_enc_provider krb5int_enc_aes256 = { + BLOCK_SIZE, + 32, 32, + krb5int_aes_encrypt, + krb5int_aes_decrypt, + NULL, + krb5int_aes_init_state, + krb5int_default_free_state +}; diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/enc_provider/camellia.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/enc_provider/camellia.c Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,322 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/ucrypto/enc_provider/aes.c */ +/* + * Copyright (C) 2003, 2007, 2008, 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + */ + +#include "crypto_int.h" +#include + +#define BLOCK_SIZE 16 + +#define ENCRYPT_OP 1 +#define DECRYPT_OP 2 + +/* + * xorblock is used in the camellia cbc mac fuction, copied from the openssl + * camellia.c. + */ +static void +xorblock(unsigned char *out, const unsigned char *in) +{ + int z; + for (z = 0; z < BLOCK_SIZE / 4; z++) { + unsigned char *outptr = &out[z * 4]; + unsigned char *inptr = (unsigned char *)&in[z * 4]; + /* + * Use unaligned accesses. On x86, this will probably still be faster + * than multiple byte accesses for unaligned data, and for aligned data + * should be far better. (One test indicated about 2.4% faster + * encryption for 1024-byte messages.) + * + * If some other CPU has really slow unaligned-word or byte accesses, + * perhaps this function (or the load/store helpers?) should test for + * alignment first. + * + * If byte accesses are faster than unaligned words, we may need to + * conditionalize on CPU type, as that may be hard to determine + * automatically. + */ + store_32_n(load_32_n(outptr) ^ load_32_n(inptr), outptr); + } +} + +/* + * The cbc_docrypt function is here to handle the case where there is only 1 + * block of plain/cipher text to process. + */ +static krb5_error_code +cbc_docrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data, int op_type) +{ + int ret = 0; + unsigned char iblock[BLOCK_SIZE], oblock[BLOCK_SIZE]; + size_t olen = sizeof (oblock); + unsigned char tmp_iv[BLOCK_SIZE]; + struct iov_cursor cursor; + + if (ivec && ivec->data){ + if (ivec->length != sizeof (tmp_iv)) + return KRB5_CRYPTO_INTERNAL; + memcpy(tmp_iv, ivec->data, ivec->length); + } else { + memset(tmp_iv, 0, sizeof (tmp_iv)); + } + + /* Init iovec cursor to gather data for encypting (FALSE) */ + k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE); + k5_iov_cursor_get(&cursor, iblock); + + if (op_type == ENCRYPT_OP) { + if (ucrypto_encrypt(CRYPTO_CAMELLIA_CBC, + key->keyblock.contents, + key->keyblock.length, + tmp_iv, sizeof (tmp_iv), + iblock, sizeof (iblock), + oblock, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } + } else { + if (ucrypto_decrypt(CRYPTO_CAMELLIA_CBC, + key->keyblock.contents, + key->keyblock.length, + tmp_iv, sizeof (tmp_iv), + iblock, sizeof (iblock), + oblock, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } + } + + if (!ret) { + assert(olen == BLOCK_SIZE); + k5_iov_cursor_put(&cursor, oblock); + + if (ivec && ivec->data) { + if (op_type == ENCRYPT_OP) + memcpy(ivec->data, oblock, BLOCK_SIZE); + else + memcpy(ivec->data, iblock, BLOCK_SIZE); + } + } + + zap(iblock, sizeof (iblock)); + zap(oblock, sizeof (oblock)); + + return ret; +} + +static krb5_error_code +cts_docrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data, size_t dlen, size_t dblks, int op_type) +{ + int ret = 0; + size_t olen = dlen; + unsigned char *obuf, *dbuf; + unsigned char iv_cts[BLOCK_SIZE]; + struct iov_cursor cursor; + + if (ivec && ivec->data){ + if (ivec->length != sizeof (iv_cts)) + return KRB5_CRYPTO_INTERNAL; + memcpy(iv_cts, ivec->data, ivec->length); + } else { + memset(iv_cts, 0, sizeof (iv_cts)); + } + + obuf = malloc(olen); + if (!obuf) + return ENOMEM; + + dbuf = malloc(dlen); + if (!dbuf){ + free(obuf); + return ENOMEM; + } + + /* Init iov cursor to gather data for encypting/decrypting (FALSE) */ + k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE); + /* Get all the data to be encrypted/decrypted into dbuf */ + k5_iov_cursor_get(&cursor, dbuf); + + if (op_type == ENCRYPT_OP) { + if (ucrypto_encrypt(CRYPTO_CAMELLIA_CTS, + key->keyblock.contents, + key->keyblock.length, + iv_cts, sizeof (iv_cts), + dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } + } else { + if (ucrypto_decrypt(CRYPTO_CAMELLIA_CTS, + key->keyblock.contents, + key->keyblock.length, + iv_cts, sizeof (iv_cts), + dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } + } + + if (!ret) { + assert(olen == dlen); + k5_iov_cursor_put(&cursor, obuf); + /* + * Updating the ivec arg, if present because of an old/obscure concept + * of cipher state that is being used by only BSD rlogin. See RFCs + * 1391 and 1392 in regards to the vague description of cipher state. + * For encrypt/decrypt use the second to the last block of ciphertext + * if > 1 block. + */ + if (ivec && ivec->data) { + unsigned char *bufptr = (op_type == ENCRYPT_OP) ? obuf : dbuf; + /* + * For encrypt obuf is ciphertext, for decrypt its dbuf which was + * input. + */ + memcpy(ivec->data, bufptr + ((dblks - 2) * BLOCK_SIZE), + BLOCK_SIZE); + } + } + + zapfree(obuf, olen); + zapfree(dbuf, dlen); + + return ret; +} + +krb5_error_code +krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data) +{ + size_t input_length, nblocks; + + input_length = iov_total_length(data, num_data, FALSE); + nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; + if (nblocks == 1) { + if (input_length != BLOCK_SIZE) + return KRB5_BAD_MSIZE; + /* + * Note, there is bug here (see MIT bug ticket 8551 Crypto providers not + * updating cipher state when 1 block plaintext is encrypted) hence the + * NULL ivec arg. For now we leave the bug in since it has existed in + * MIT code a long time and the tests need the buggy behavior to pass at + * this point. + */ + return cbc_docrypt(key, NULL, data, num_data, ENCRYPT_OP); + } else { /* nblocks > 1 */ + return cts_docrypt(key, ivec, data, num_data, input_length, nblocks, + ENCRYPT_OP); + } +} + +krb5_error_code +krb5int_camellia_decrypt(krb5_key key, const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data) +{ + size_t input_length, nblocks; + + input_length = iov_total_length(data, num_data, FALSE); + nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; + if (nblocks == 1) { + if (input_length != BLOCK_SIZE) + return KRB5_BAD_MSIZE; + return cbc_docrypt(key, NULL, data, num_data, DECRYPT_OP); + } else { /* nblocks > 1 */ + return cts_docrypt(key, ivec, data, num_data, input_length, nblocks, + DECRYPT_OP); + } +} + +/* + * This function is based on the openssl enc_provider/camellia.c version. + */ +krb5_error_code +krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, + size_t num_data, const krb5_data *ivec, + krb5_data *output) +{ + unsigned char blockY[BLOCK_SIZE], blockB[BLOCK_SIZE]; + size_t olen = BLOCK_SIZE; + struct iov_cursor cursor; + + if (output->length < BLOCK_SIZE) + return KRB5_BAD_MSIZE; + + if (ivec != NULL && ivec->data != NULL) + memcpy(blockY, ivec->data, BLOCK_SIZE); + else + memset(blockY, 0, BLOCK_SIZE); + + k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE); + while (k5_iov_cursor_get(&cursor, blockB)) { + xorblock(blockB, blockY); + olen = sizeof(blockY); + if (ucrypto_encrypt(CRYPTO_CAMELLIA_ECB, + key->keyblock.contents, + key->keyblock.length, + NULL, 0, + blockB, sizeof(blockB), + blockY, &olen) != CRYPTO_SUCCESS) { + return KRB5_CRYPTO_INTERNAL; + } + } + + assert(olen == BLOCK_SIZE); + output->length = BLOCK_SIZE; + memcpy(output->data, blockY, BLOCK_SIZE); + + return 0; +} + +static krb5_error_code +krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage, + krb5_data *state) +{ + state->data = calloc(1, BLOCK_SIZE); + if (state->data == NULL) + return ENOMEM; + state->length = BLOCK_SIZE; + return 0; +} + +const struct krb5_enc_provider krb5int_enc_camellia128 = { + BLOCK_SIZE, + 16, 16, + krb5int_camellia_encrypt, + krb5int_camellia_decrypt, + krb5int_camellia_cbc_mac, + krb5int_camellia_init_state, + krb5int_default_free_state +}; + +const struct krb5_enc_provider krb5int_enc_camellia256 = { + BLOCK_SIZE, + 32, 32, + krb5int_camellia_encrypt, + krb5int_camellia_decrypt, + krb5int_camellia_cbc_mac, + krb5int_camellia_init_state, + krb5int_default_free_state +}; diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/enc_provider/deps --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/enc_provider/deps Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,59 @@ +# +# Generated makefile dependencies follow. +# +des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h des.c +des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h des3.c +aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h aes.c +camellia.so camellia.po $(OUTPRE)camellia.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + camellia.c +rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h rc4.c diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/enc_provider/des.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/enc_provider/des.c Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,251 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/openssl/enc_provider/des.c */ +/* + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + */ + +#include "crypto_int.h" +#include + +#define DES_BLOCK_SIZE 8 +#define DES_KEY_SIZE 8 +#define DES_KEY_BYTES 7 + +static krb5_error_code +validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data, + size_t num_data, size_t *inlen) +{ + size_t input_length = iov_total_length(data, num_data, FALSE); + + if (key->keyblock.length != DES_KEY_SIZE) + return KRB5_BAD_KEYSIZE; + if ((input_length % DES_BLOCK_SIZE) != 0) + return KRB5_BAD_MSIZE; + if (ivec && (ivec->length != DES_BLOCK_SIZE)) + return KRB5_BAD_MSIZE; + + if (inlen != NULL) + *inlen = input_length; + + return 0; +} + +static krb5_error_code +k5_des_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) +{ + int ret; + size_t olen, dlen; + uchar_t *obuf, *dbuf; + uchar_t tmp_iv[DES_BLOCK_SIZE]; + struct iov_cursor cursor; + + ret = validate(key, ivec, data, num_data, &dlen); + if (ret != 0 || dlen == 0) + return ret; + + if (ivec && ivec->data) + memcpy(tmp_iv, ivec->data, ivec->length); + else + memset(tmp_iv, 0, sizeof(tmp_iv)); + + olen = dlen; + obuf = malloc(olen); + if (!obuf) + return ENOMEM; + + dbuf = malloc(dlen); + if (!dbuf){ + free(obuf); + return ENOMEM; + } + + /* Init iov cursor to gather data for encypting (FALSE) */ + k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE); + /* Get all that data into dbuf */ + k5_iov_cursor_get(&cursor, dbuf); + + if (ucrypto_encrypt(CRYPTO_DES_CBC, + key->keyblock.contents, + key->keyblock.length, + tmp_iv, sizeof(tmp_iv), + dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } else { + k5_iov_cursor_put(&cursor, obuf); + } + + /* + * Updating the ivec arg, if present because of an old/obscure concept of + * cipher state that is being used by only BSD rlogin. See RFCs 1391 and + * 1392 in regards to the vague description of cipher state. + */ + if (!ret && ivec && ivec->data) { + /* Copy last block of cipher text output */ + memcpy(ivec->data, obuf + (dlen - DES_BLOCK_SIZE), DES_BLOCK_SIZE); + } + + zapfree(obuf, olen); + zapfree(dbuf, dlen); + + return ret; +} + +static krb5_error_code +k5_des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) +{ + int ret; + size_t olen, dlen; + uchar_t *obuf, *dbuf; + uchar_t tmp_iv[DES_BLOCK_SIZE]; + struct iov_cursor cursor; + + ret = validate(key, ivec, data, num_data, &dlen); + if (ret != 0 || dlen == 0) + return ret; + + if (ivec && ivec->data) + memcpy(tmp_iv, ivec->data, ivec->length); + else + memset(tmp_iv, 0, sizeof(tmp_iv)); + + olen = dlen; + obuf = malloc(olen); + if (!obuf) + return ENOMEM; + + dbuf = malloc(dlen); + if (!dbuf){ + free(obuf); + return ENOMEM; + } + + /* Init iov cursor to gather cipher text for decrypting (FALSE) */ + k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE); + /* Gather all that cipher text into dbuf */ + k5_iov_cursor_get(&cursor, dbuf); + + if (ucrypto_decrypt(CRYPTO_DES_CBC, + key->keyblock.contents, + key->keyblock.length, + tmp_iv, sizeof(tmp_iv), + dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } else { + k5_iov_cursor_put(&cursor, obuf); + } + + /* + * Updating the ivec arg, if present because of an old/obscure concept of + * cipher state that is being used by only BSD rlogin. See RFCs 1391 and + * 1392 in regards to the vague description of cipher state. + */ + if (!ret && ivec && ivec->data) { + /* Copy last block of cipher text input */ + memcpy(ivec->data, dbuf + (dlen - DES_BLOCK_SIZE), DES_BLOCK_SIZE); + } + + zapfree(obuf, olen); + zapfree(dbuf, dlen); + + return ret; +} + +static krb5_error_code +k5_des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data, + const krb5_data *ivec, krb5_data *output) +{ + int ret; + struct iov_cursor cursor; + uchar_t blockY[DES_BLOCK_SIZE], blockB[DES_BLOCK_SIZE]; + size_t olen; + + ret = validate(key, ivec, data, num_data, NULL); + if (ret != 0) + return ret; + + if (output->length != DES_BLOCK_SIZE) + return KRB5_BAD_MSIZE; + + if (ivec != NULL) + memcpy(blockY, ivec->data, DES_BLOCK_SIZE); + else + memset(blockY, 0, DES_BLOCK_SIZE); + + k5_iov_cursor_init(&cursor, data, num_data, DES_BLOCK_SIZE, FALSE); + while (k5_iov_cursor_get(&cursor, blockB)) { + store_64_n(load_64_n(blockB) ^ load_64_n(blockY), blockB); + olen = sizeof(blockY); + if (ucrypto_encrypt(CRYPTO_DES_ECB, + key->keyblock.contents, + key->keyblock.length, + NULL, 0, + blockB, sizeof(blockB), + blockY, &olen) != CRYPTO_SUCCESS) { + return KRB5_CRYPTO_INTERNAL; + } + } + + memcpy(output->data, blockY, DES_BLOCK_SIZE); + return 0; +} + +const struct krb5_enc_provider krb5int_enc_des = { + DES_BLOCK_SIZE, + DES_KEY_BYTES, DES_KEY_SIZE, + k5_des_encrypt, + k5_des_decrypt, + k5_des_cbc_mac, + krb5int_des_init_state, + krb5int_default_free_state +}; diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/enc_provider/des3.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/enc_provider/des3.c Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,216 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/openssl/enc_provider/des.c */ +/* + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + */ + +#include "crypto_int.h" +#include + +#define DES3_BLOCK_SIZE 8 +#define DES3_KEY_SIZE 24 +#define DES3_KEY_BYTES 21 + +static krb5_error_code +validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data, + size_t num_data, size_t *inlen) +{ + size_t input_length = iov_total_length(data, num_data, FALSE); + + if (key->keyblock.length != DES3_KEY_SIZE) + return KRB5_BAD_KEYSIZE; + if ((input_length % DES3_BLOCK_SIZE) != 0) + return KRB5_BAD_MSIZE; + if (ivec && (ivec->length != DES3_BLOCK_SIZE)) + return KRB5_BAD_MSIZE; + + if (inlen != NULL) + *inlen = input_length; + + return 0; +} + +static krb5_error_code +k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) +{ + int ret; + size_t olen, dlen; + uchar_t *obuf, *dbuf; + uchar_t tmp_iv[DES3_BLOCK_SIZE]; + struct iov_cursor cursor; + + ret = validate(key, ivec, data, num_data, &dlen); + if (ret != 0 || dlen == 0) + return ret; + + if (ivec && ivec->data) + memcpy(tmp_iv, ivec->data, ivec->length); + else + memset(tmp_iv, 0, sizeof(tmp_iv)); + + olen = dlen; + obuf = malloc(olen); + if (!obuf) + return ENOMEM; + + dbuf = malloc(dlen); + if (!dbuf){ + free(obuf); + return ENOMEM; + } + + /* Init iov cursor to gather data for encypting (FALSE) */ + k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE); + /* Get all that data into dbuf */ + k5_iov_cursor_get(&cursor, dbuf); + + if (ucrypto_encrypt(CRYPTO_DES3_CBC, + key->keyblock.contents, + key->keyblock.length, + tmp_iv, sizeof(tmp_iv), + dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } else { + k5_iov_cursor_put(&cursor, obuf); + } + + /* + * Updating the ivec arg, if present because of an old/obscure concept of + * cipher state that is being used by only BSD rlogin. See RFCs 1391 and + * 1392 in regards to the vague description of cipher state. + */ + if (!ret && ivec && ivec->data) { + /* Copy last block of cipher text output */ + memcpy(ivec->data, obuf + (dlen - DES3_BLOCK_SIZE), DES3_BLOCK_SIZE); + } + + zap(obuf, olen); + zap(dbuf, dlen); + free(obuf); + free(dbuf); + + return ret; +} + +static krb5_error_code +k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) +{ + int ret; + size_t olen, dlen; + uchar_t *obuf, *dbuf; + uchar_t tmp_iv[DES3_BLOCK_SIZE]; + struct iov_cursor cursor; + + ret = validate(key, ivec, data, num_data, &dlen); + if (ret != 0 || dlen == 0) + return ret; + + if (ivec && ivec->data) + memcpy(tmp_iv, ivec->data, ivec->length); + else + memset(tmp_iv, 0, sizeof(tmp_iv)); + + olen = dlen; + obuf = malloc(olen); + if (!obuf) + return ENOMEM; + + dbuf = malloc(dlen); + if (!dbuf){ + free(obuf); + return ENOMEM; + } + + /* Init iov cursor to gather cipher text for decrypting (FALSE) */ + k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE); + /* Gather all that cipher text into dbuf */ + k5_iov_cursor_get(&cursor, dbuf); + + if (ucrypto_decrypt(CRYPTO_DES3_CBC, + key->keyblock.contents, + key->keyblock.length, + tmp_iv, sizeof(tmp_iv), + dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } else { + k5_iov_cursor_put(&cursor, obuf); + } + + /* + * Updating the ivec arg, if present because of an old/obscure concept of + * cipher state that is being used by only BSD rlogin. See RFCs 1391 and + * 1392 in regards to the vague description of cipher state. + */ + if (!ret && ivec && ivec->data) { + /* Copy last block of cipher text input */ + memcpy(ivec->data, dbuf + (dlen - DES3_BLOCK_SIZE), DES3_BLOCK_SIZE); + } + + zap(obuf, olen); + zap(dbuf, dlen); + free(obuf); + free(dbuf); + + return ret; +} + +const struct krb5_enc_provider krb5int_enc_des3 = { + DES3_BLOCK_SIZE, + DES3_KEY_BYTES, DES3_KEY_SIZE, + k5_des3_encrypt, + k5_des3_decrypt, + NULL, + krb5int_des_init_state, + krb5int_default_free_state +}; diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/enc_provider/rc4.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/enc_provider/rc4.c Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,237 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/openssl/enc_provider/des.c */ +/* + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + */ + +#include "crypto_int.h" +#include + +/* + * The loopback field is NULL if uctx is uninitialized (no encrypt or decrypt + * operation has taken place), or is a pointer to the structure address if uctx + * is initialized. If an application copies the state (not a valid operation, + * but one which happens to works with some other enc providers), we can detect + * it via the loopback field and return a sane error code. + */ +struct arcfour_state { + struct arcfour_state *loopback; + int op_type; /* encrypt, decrypt */ + crypto_ctx_t uctx; /* ucrypto context */ +}; +#define ENCRYPT_OP 1 +#define DECRYPT_OP 2 + +#define RC4_KEY_SIZE 16 +#define RC4_BLOCK_SIZE 1 + +static krb5_error_code +k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, + size_t num_data, int op_type) +{ + int ret = 0; + crypto_ctx_t local_uctx, *uctx; /* ucrypto context */ + size_t len, i; + struct arcfour_state *arcstate; + krb5_boolean do_init = TRUE; + + arcstate = (state != NULL) ? (struct arcfour_state *)state->data : NULL; + if (arcstate != NULL) { + /* + * If loopback points to arcstate we know that uctx has been init'ed + * but if it doesn't and it isn't NULL then arcstate has been corrupted + * which means we can't trust that uctx is valid. + */ + if (arcstate->loopback == arcstate) + do_init = FALSE; + else if (arcstate->loopback != NULL) + return KRB5_CRYPTO_INTERNAL; + + uctx = &arcstate->uctx; + } else { + /* Use the local ucrypto context, will need to be cleaned up in this + * function. */ + uctx = &local_uctx; + } + + if (do_init) { + if (op_type == ENCRYPT_OP) { + if (ucrypto_encrypt_init(uctx, CRYPTO_RC4, + key->keyblock.contents, + key->keyblock.length, + NULL, 0) != CRYPTO_SUCCESS) { + return KRB5_CRYPTO_INTERNAL; + } + } else { + if (ucrypto_decrypt_init(uctx, CRYPTO_RC4, + key->keyblock.contents, + key->keyblock.length, + NULL, 0) != CRYPTO_SUCCESS) { + return KRB5_CRYPTO_INTERNAL; + } + } + + /* Saved ucrypto context is init'ed, mark as initialized. */ + if (arcstate) { + arcstate->loopback = arcstate; + arcstate->op_type = op_type; + } + } + + for (i = 0; i < num_data; i++) { + krb5_crypto_iov *iov = &data[i]; + + if (ENCRYPT_IOV(iov)) { + len = (size_t)iov->data.length; + + if (op_type == ENCRYPT_OP) { + if (ucrypto_encrypt_update(uctx, + (const uchar_t *)iov->data.data, + len, + (uchar_t *)iov->data.data, + &len) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + break; + } + } else { + if (ucrypto_decrypt_update(uctx, + (const uchar_t *)iov->data.data, + len, + (uchar_t *)iov->data.data, + &len) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + break; + } + } + } + } + + if (!arcstate) { + /* Local ucrypto context is not saved, clean it up now. */ + len = 0; + if (op_type == ENCRYPT_OP) + (void)ucrypto_encrypt_final(uctx, NULL, &len); + else + (void)ucrypto_decrypt_final(uctx, NULL, &len); + } + + return ret; +} + +static krb5_error_code +k5_arcfour_encrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, + size_t num_data) +{ + return k5_arcfour_docrypt(key, state, data, num_data, ENCRYPT_OP); +} + +static krb5_error_code +k5_arcfour_decrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, + size_t num_data) +{ + return k5_arcfour_docrypt(key, state, data, num_data, DECRYPT_OP); +} + +static krb5_error_code +krb5int_arcfour_init_state(const krb5_keyblock *key, krb5_keyusage usage, + krb5_data *state) +{ + struct arcfour_state *arcstate; + + arcstate = calloc(1, sizeof (*arcstate)); + if (arcstate == NULL) + return ENOMEM; + + state->data = (char *)arcstate; + state->length = sizeof (*arcstate); + + return 0; +} + +static void +krb5int_arcfour_free_state(krb5_data *state) +{ + struct arcfour_state *arcstate = (struct arcfour_state *)state->data; + + /* If arcstate->loopback == arcstate then the ucrypto context was init'ed + * and uctx clean up is required. */ + if (arcstate && arcstate->loopback == arcstate) { + size_t len = 0; + + if (arcstate->op_type == ENCRYPT_OP) + (void) ucrypto_encrypt_final(&arcstate->uctx, NULL, &len); + else + (void) ucrypto_decrypt_final(&arcstate->uctx, NULL, &len); + } + + free(arcstate); + state->data = NULL; + state->length = 0; + + return; +} + +const struct krb5_enc_provider krb5int_enc_arcfour = { + /* This seems to work... although I am not sure what the + implications are in other places in the kerberos library */ + RC4_BLOCK_SIZE, + /* Keysize is arbitrary in arcfour, but the constraints of the + system, and to attempt to work with the MSFT system forces us + to 16byte/128bit. Since there is no parity in the key, the + byte and length are the same. */ + RC4_KEY_SIZE, RC4_KEY_SIZE, + k5_arcfour_encrypt, + k5_arcfour_decrypt, + NULL, + krb5int_arcfour_init_state, + krb5int_arcfour_free_state +}; diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/hash_provider/Makefile.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/hash_provider/Makefile.in Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,27 @@ +mydir=lib$(S)crypto$(S)ucrypto$(S)hash_provider +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. + +STLIBOBJS= \ + hash_crc32.o \ + hash_md4.o \ + hash_ucrypto.o + +OBJS= $(OUTPRE)hash_crc32.$(OBJEXT) \ + $(OUTPRE)hash_md4.$(OBJEXT) \ + $(OUTPRE)hash_ucrypto.$(OBJEXT) + +SRCS= $(srcdir)/hash_crc32.c \ + $(srcdir)/hash_md4.c \ + $(srcdir)/hash_ucrypto.c + +all-unix:: all-libobjs + +includes:: depend + +depend:: $(SRCS) + +clean-unix:: clean-libobjs + +@libobj_frag@ + diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/hash_provider/deps --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/hash_provider/deps Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,51 @@ +# +# Generated makefile dependencies follow. +# +hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + hash_crc32.c +hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + hash_md4.c +hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + hash_md5.c +hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + hash_sha1.c diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/hash_provider/hash_md4.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/hash_provider/hash_md4.c Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,59 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + */ + +#include "crypto_int.h" +#include + +static krb5_error_code +k5_md4_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +{ + MD4_CTX md4ctx; + size_t i; + + if (output->length != MD4_DIGEST_LENGTH) + return KRB5_CRYPTO_INTERNAL; + + MD4Init(&md4ctx); + for (i = 0; i < num_data; i++) { + const krb5_data *d = &data[i].data; + + if (SIGN_IOV(&data[i])) + MD4Update(&md4ctx, d->data, (size_t)d->length); + } + MD4Final(output->data, &md4ctx); + return 0; +} + +const struct krb5_hash_provider krb5int_hash_md4 = { + "MD4", + MD4_DIGEST_LENGTH, + MD4_HMAC_BLOCK_SIZE, + k5_md4_hash +}; diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/hash_provider/hash_ucrypto.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/hash_provider/hash_ucrypto.c Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,110 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * Copyright (C) 2015 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + */ + +#include "crypto_int.h" +#include + +#define MD5_DIGEST_LENGTH 16 +#define MD5_DATASIZE 64 +#define SHA_DIGEST_LENGTH 20 +#define SHA_DATASIZE 64 + +static krb5_error_code +hash_ucrypto(int ucrypto_type, size_t digest_size, const krb5_crypto_iov *data, + size_t num_data, krb5_data *output) +{ + crypto_ctx_t uctx; /* ucrypto context */ + size_t i; + int ret = 0; + + if (output->length != digest_size) + return KRB5_CRYPTO_INTERNAL; + + if (ucrypto_digest_init(&uctx, ucrypto_type, NULL, 0) != CRYPTO_SUCCESS) + return KRB5_CRYPTO_INTERNAL; + + for (i = 0; i < num_data; i++) { + const krb5_data *d = &data[i].data; + if (SIGN_IOV(&data[i])) { + if (ucrypto_digest_update(&uctx, (uchar_t *)d->data, + (size_t)d->length) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + break; + } + } + } + + if (ret) { + /* error, just clean up ucrypto context */ + (void)ucrypto_digest_final(&uctx, NULL, 0); + } else { + size_t outlen = (size_t)output->length; + + if (ucrypto_digest_final(&uctx, (uchar_t *)output->data, &outlen) + != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + } else { + output->length = (uint_t)outlen; + } + } + + return ret; +} + +static krb5_error_code +hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +{ + return hash_ucrypto(CRYPTO_MD5, MD5_DIGEST_LENGTH, data, num_data, output); +} + +static krb5_error_code +hash_sha1(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +{ + return hash_ucrypto(CRYPTO_SHA1, SHA_DIGEST_LENGTH, data, num_data, + output); +} + +const struct krb5_hash_provider krb5int_hash_md5 = { + "MD5", + MD5_DIGEST_LENGTH, + MD5_DATASIZE, + hash_md5 +}; + +const struct krb5_hash_provider krb5int_hash_sha1 = { + "SHA1", + SHA_DIGEST_LENGTH, + SHA_DATASIZE, + hash_sha1 +}; diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/hmac.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/hmac.c Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,220 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/ucrypto/hmac.c */ +/* + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + */ + +#include "crypto_int.h" +#include + +/* + * This a copy from the EVP_MAX_MD_SIZE define in /usr/include/openssl/evp.h + */ +#define MAX_MAC_SIZE 64 + +/* ucrypto doesn't support this so creating this define for convenience */ +#define CRYPTO_MD4_HMAC -4 + +/* Return ucrypto hmac mech type (mostly, see above) */ +static int +map_digest(const struct krb5_hash_provider *hash) +{ + if (!strncmp(hash->hash_name, "SHA1",4)) + return CRYPTO_SHA1_HMAC; + else if (!strncmp(hash->hash_name, "MD5", 3)) + return CRYPTO_MD5_HMAC; + else if (!strncmp(hash->hash_name, "MD4", 3)) + return CRYPTO_MD4_HMAC; + else + return -1; +} + +/* + * Took this from the MIT builtin hmac.c since libucrypto does not support HMAC + * MD4. This does a HMAC processing using the basic MD4 hash. + */ +static krb5_error_code +krb5int_hmac_keyblock_builtin(const struct krb5_hash_provider *hash, + const krb5_keyblock *keyblock, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) +{ + unsigned char *xorkey = NULL, *ihash = NULL; + unsigned int i; + krb5_crypto_iov *ihash_iov = NULL, ohash_iov[2]; + krb5_data hashout; + krb5_error_code ret; + + /* Allocate space for the xor key, hash input vector, and inner hash */ + xorkey = k5alloc(hash->blocksize, &ret); + if (xorkey == NULL) + goto cleanup; + ihash = k5alloc(hash->hashsize, &ret); + if (ihash == NULL) + goto cleanup; + ihash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret); + if (ihash_iov == NULL) + goto cleanup; + + /* Create the inner padded key. */ + memset(xorkey, 0x36, hash->blocksize); + for (i = 0; i < keyblock->length; i++) + xorkey[i] ^= keyblock->contents[i]; + + /* Compute the inner hash over the inner key and input data. */ + ihash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA; + ihash_iov[0].data = make_data(xorkey, hash->blocksize); + memcpy(ihash_iov + 1, data, num_data * sizeof(krb5_crypto_iov)); + hashout = make_data(ihash, hash->hashsize); + ret = hash->hash(ihash_iov, num_data + 1, &hashout); + if (ret != 0) + goto cleanup; + + /* Create the outer padded key. */ + memset(xorkey, 0x5c, hash->blocksize); + for (i = 0; i < keyblock->length; i++) + xorkey[i] ^= keyblock->contents[i]; + + /* Compute the outer hash over the outer key and inner hash value. */ + ohash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA; + ohash_iov[0].data = make_data(xorkey, hash->blocksize); + ohash_iov[1].flags = KRB5_CRYPTO_TYPE_DATA; + ohash_iov[1].data = make_data(ihash, hash->hashsize); + output->length = hash->hashsize; + ret = hash->hash(ohash_iov, 2, output); + if (ret != 0) + memset(output->data, 0, output->length); + +cleanup: + zapfree(xorkey, hash->blocksize); + zapfree(ihash, hash->hashsize); + free(ihash_iov); + return ret; +} + +static krb5_error_code +krb5int_hmac_keyblock_ucrypto(int ucrypto_hmac_type, + const krb5_keyblock *keyblock, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) +{ + uchar_t mac[MAX_MAC_SIZE]; + size_t mac_len = sizeof (mac); + uchar_t *dbuf; + size_t dlen; + struct iov_cursor cursor; + int ret = 0; + + /* find total amount/length of signing data (TRUE) */ + dlen = iov_total_length(data, num_data, TRUE); + dbuf = malloc(dlen); + if (!dbuf){ + return ENOMEM; + } + + /* Init iovec cursor to gather signing data (TRUE) */ + k5_iov_cursor_init(&cursor, data, num_data, dlen, TRUE); + /* gather all data that the MAC will cover into dbuf */ + k5_iov_cursor_get(&cursor, dbuf); + + if (ucrypto_mac(ucrypto_hmac_type, + keyblock->contents, keyblock->length, + NULL, 0, + dbuf, dlen, + mac, &mac_len) != CRYPTO_SUCCESS) { + ret = KRB5_CRYPTO_INTERNAL; + memset(output->data, 0, output->length); + } else { + if (mac_len <= output->length) { + output->length = (uint_t)mac_len; + memcpy(output->data, mac, output->length); + } + } + + free(dbuf); + return ret; +} + +krb5_error_code +krb5int_hmac_keyblock(const struct krb5_hash_provider *hash, + const krb5_keyblock *keyblock, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) +{ + int ucrypto_hmac_type; + + if (keyblock->length > hash->blocksize) + return KRB5_CRYPTO_INTERNAL; + if (output->length < hash->hashsize) + return KRB5_BAD_MSIZE; + + ucrypto_hmac_type = map_digest(hash); + switch (ucrypto_hmac_type) { + case CRYPTO_SHA1_HMAC: + case CRYPTO_MD5_HMAC: + return krb5int_hmac_keyblock_ucrypto(ucrypto_hmac_type, keyblock, + data, num_data, output); + case CRYPTO_MD4_HMAC: + return krb5int_hmac_keyblock_builtin(hash, keyblock, data, num_data, + output); + default: + return (KRB5_CRYPTO_INTERNAL); /* unsupported alg */ + } +} + +krb5_error_code +krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) +{ + return krb5int_hmac_keyblock(hash, &key->keyblock, data, num_data, output); +} diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/init.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/init.c Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,38 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/openssl/init.c - Module init and cleanup functions */ +/* + * Copyright (C) 2010 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include "crypto_int.h" + +int +krb5int_crypto_impl_init(void) +{ + return 0; +} + +void +krb5int_crypto_impl_cleanup(void) +{ +} diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/md4/Makefile.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/md4/Makefile.in Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,6 @@ +# Placeholder since all crypto modules must have the same structure. +mydir=lib$(S)crypto$(S)ucrypto$(S)md4 +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +all-unix:: all-libobjs +clean-unix:: clean-libobjs +@libobj_frag@ diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/md4/deps --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/md4/deps Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,1 @@ +# No dependencies here. diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/md5/Makefile.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/md5/Makefile.in Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,6 @@ +# Placeholder since all crypto modules must have the same structure. +mydir=lib$(S)crypto$(S)ucrypto$(S)md5 +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +all-unix:: all-libobjs +clean-unix:: clean-libobjs +@libobj_frag@ diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/md5/deps --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/md5/deps Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,1 @@ +# No dependencies here. diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/sha1/Makefile.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/sha1/Makefile.in Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,6 @@ +# Placeholder since all crypto modules must have the same structure. +mydir=lib$(S)crypto$(S)ucrypto$(S)sha1 +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +all-unix:: all-libobjs +clean-unix:: clean-libobjs +@libobj_frag@ diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/sha1/deps --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/sha1/deps Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,1 @@ +# No dependencies here. diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/sha2/Makefile.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/sha2/Makefile.in Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,6 @@ +# Placeholder since all crypto modules must have the same structure. +mydir=lib$(S)crypto$(S)ucrypto$(S)sha2 +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +all-unix:: all-libobjs +clean-unix:: clean-libobjs +@libobj_frag@ diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/sha2/deps --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/sha2/deps Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,1 @@ +# No dependencies here. diff -r e94c44902e51 -r 50d75ee82dad components/krb5/Solaris/ucrypto/stubs.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/Solaris/ucrypto/stubs.c Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,64 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/openssl/stubs.c - OpenSSL stub functions */ +/* + * Copyright (C) 2011 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * This file defines symbols which must be exported by libk5crypto because they + * are in the export list (for the sake of test programs), but which are not + * used when Solaris ucrypto is the back end. + */ + +#include "k5-int.h" + +void krb5int_aes_enc_blk(void); +void krb5int_aes_enc_key(void); +void k5_sha256_final(void); +void k5_sha256_init(void); +void k5_sha256_update(void); + +void krb5int_aes_enc_blk(void) +{ + abort(); +} + +void krb5int_aes_enc_key(void) +{ + abort(); +} + +void k5_sha256_final(void) +{ + abort(); +} + +void k5_sha256_init(void) +{ + abort(); +} + +void k5_sha256_update(void) +{ + abort(); +} diff -r e94c44902e51 -r 50d75ee82dad components/krb5/patches/079-ucrypto.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/krb5/patches/079-ucrypto.patch Fri Mar 24 12:29:03 2017 -0500 @@ -0,0 +1,22 @@ +# +# This patch allows krb to be built to use the Solaris libucrypto crypto +# library to support the enctypes and other users of the krb crypto provider +# functions. +# +# This is Solaris specific behavior that MIT will not take upstream. +# +# Patch source: in-house +# + +--- a/src/configure.in ++++ b/src/configure.in +@@ -250,6 +250,9 @@ nss) + ])], [], [AC_MSG_ERROR([NSS version 3.13 or later required.])]) + CFLAGS=$save_CFLAGS + ;; ++ucrypto) ++ CRYPTO_IMPL_LIBS="-lucrypto" ++ ;; + *) + AC_MSG_ERROR([Unknown crypto implementation $withval]) + ;;