Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/heimdal/dist port to openssl-1.1
details: https://anonhg.NetBSD.org/src/rev/cfedfb51e401
branches: trunk
changeset: 359247:cfedfb51e401
user: christos <christos%NetBSD.org@localhost>
date: Mon Feb 05 16:00:52 2018 +0000
description:
port to openssl-1.1
diffstat:
crypto/external/bsd/heimdal/dist/include/crypto-headers.h | 10 +-
crypto/external/bsd/heimdal/dist/kdc/digest.c | 27 +-
crypto/external/bsd/heimdal/dist/kdc/kx509.c | 64 ++-
crypto/external/bsd/heimdal/dist/kdc/pkinit.c | 34 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c | 217 +++++++--
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/get_mic.c | 24 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/unwrap.c | 40 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/verify_mic.c | 22 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/wrap.c | 40 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/ntlm/crypto.c | 26 +-
crypto/external/bsd/heimdal/dist/lib/hx509/crypto.c | 172 ++++++-
crypto/external/bsd/heimdal/dist/lib/hx509/hxtool.c | 24 +-
crypto/external/bsd/heimdal/dist/lib/hx509/ks_file.c | 22 +-
crypto/external/bsd/heimdal/dist/lib/hx509/ks_p11.c | 30 +-
crypto/external/bsd/heimdal/dist/lib/kafs/rxkad_kdf.c | 27 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-aes-sha1.c | 23 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-arcfour.c | 42 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des-common.c | 24 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des.c | 6 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des3.c | 23 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-evp.c | 32 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto.h | 6 +-
crypto/external/bsd/heimdal/dist/lib/krb5/pkinit.c | 46 +-
crypto/external/bsd/heimdal/dist/lib/krb5/sp800-108-kdf.c | 32 +-
crypto/external/bsd/heimdal/dist/lib/ntlm/ntlm.c | 154 ++++--
25 files changed, 851 insertions(+), 316 deletions(-)
diffs (truncated from 2083 to 300 lines):
diff -r ff24b1abfc11 -r cfedfb51e401 crypto/external/bsd/heimdal/dist/include/crypto-headers.h
--- a/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Mon Feb 05 15:23:14 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Mon Feb 05 16:00:52 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: crypto-headers.h,v 1.2 2017/01/28 21:31:44 christos Exp $ */
+/* $NetBSD: crypto-headers.h,v 1.3 2018/02/05 16:00:52 christos Exp $ */
#ifndef __crypto_header__
#define __crypto_header__
@@ -28,9 +28,11 @@
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/ecdh.h>
-#ifndef BN_is_negative
-#define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0)
-#define BN_is_negative(bn) ((bn)->neg != 0)
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+# ifndef BN_is_negative
+# define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0)
+# define BN_is_negative(bn) ((bn)->neg != 0)
+# endif
#endif
#else /* !HAVE_HCRYPTO_W_OPENSSL */
diff -r ff24b1abfc11 -r cfedfb51e401 crypto/external/bsd/heimdal/dist/kdc/digest.c
--- a/crypto/external/bsd/heimdal/dist/kdc/digest.c Mon Feb 05 15:23:14 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/kdc/digest.c Mon Feb 05 16:00:52 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: digest.c,v 1.2 2017/01/28 21:31:44 christos Exp $ */
+/* $NetBSD: digest.c,v 1.3 2018/02/05 16:00:52 christos Exp $ */
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
@@ -377,8 +377,8 @@
case choice_DigestReqInner_init: {
unsigned char server_nonce[16], identifier;
- RAND_pseudo_bytes(&identifier, sizeof(identifier));
- RAND_pseudo_bytes(server_nonce, sizeof(server_nonce));
+ RAND_bytes(&identifier, sizeof(identifier));
+ RAND_bytes(server_nonce, sizeof(server_nonce));
server_nonce[0] = kdc_time & 0xff;
server_nonce[1] = (kdc_time >> 8) & 0xff;
@@ -1340,7 +1340,7 @@
if (ireq.u.ntlmRequest.sessionkey) {
unsigned char masterkey[MD4_DIGEST_LENGTH];
- EVP_CIPHER_CTX rc4;
+ EVP_CIPHER_CTX *rc4;
size_t len;
if ((flags & NTLM_NEG_KEYEX) == 0) {
@@ -1361,13 +1361,22 @@
}
- EVP_CIPHER_CTX_init(&rc4);
- EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1);
- EVP_Cipher(&rc4,
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+ EVP_CIPHER_CTX rc4s;
+ rc4 = &rc4s;
+ EVP_CIPHER_CTX_init(rc4);
+#else
+ rc4 = EVP_CIPHER_CTX_new();
+#endif
+ EVP_CipherInit_ex(rc4, EVP_rc4(), NULL, sessionkey, NULL, 1);
+ EVP_Cipher(rc4,
masterkey, ireq.u.ntlmRequest.sessionkey->data,
sizeof(masterkey));
- EVP_CIPHER_CTX_cleanup(&rc4);
-
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+ EVP_CIPHER_CTX_cleanup(rc4);
+#else
+ EVP_CIPHER_CTX_free(rc4);
+#endif
r.u.ntlmResponse.sessionkey =
malloc(sizeof(*r.u.ntlmResponse.sessionkey));
if (r.u.ntlmResponse.sessionkey == NULL) {
diff -r ff24b1abfc11 -r cfedfb51e401 crypto/external/bsd/heimdal/dist/kdc/kx509.c
--- a/crypto/external/bsd/heimdal/dist/kdc/kx509.c Mon Feb 05 15:23:14 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/kdc/kx509.c Mon Feb 05 16:00:52 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kx509.c,v 1.2 2017/01/28 21:31:44 christos Exp $ */
+/* $NetBSD: kx509.c,v 1.3 2018/02/05 16:00:52 christos Exp $ */
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
@@ -66,7 +66,7 @@
krb5_keyblock *key)
{
unsigned char digest[SHA_DIGEST_LENGTH];
- HMAC_CTX ctx;
+ HMAC_CTX *ctx;
if (req->pk_hash.length != sizeof(digest)) {
krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
@@ -75,16 +75,26 @@
return KRB5KDC_ERR_PREAUTH_FAILED;
}
- HMAC_CTX_init(&ctx);
- HMAC_Init_ex(&ctx,
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+ HMAC_CTX ctxs;
+ ctx = &ctxs;
+ HMAC_CTX_init(ctx);
+#else
+ ctx = HMAC_CTX_new();
+#endif
+ HMAC_Init_ex(ctx,
key->keyvalue.data, key->keyvalue.length,
EVP_sha1(), NULL);
- if (sizeof(digest) != HMAC_size(&ctx))
+ if (sizeof(digest) != HMAC_size(ctx))
krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509");
- HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
- HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length);
- HMAC_Final(&ctx, digest, 0);
- HMAC_CTX_cleanup(&ctx);
+ HMAC_Update(ctx, version_2_0, sizeof(version_2_0));
+ HMAC_Update(ctx, req->pk_key.data, req->pk_key.length);
+ HMAC_Final(ctx, digest, 0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+ HMAC_CTX_cleanup(ctx);
+#else
+ HMAC_CTX_free(ctx);
+#endif
if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {
krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
@@ -100,35 +110,49 @@
Kx509Response *rep)
{
krb5_error_code ret;
- HMAC_CTX ctx;
+ HMAC_CTX *ctx;
- HMAC_CTX_init(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+ HMAC_CTX ctxs;
+ ctx = &ctxs;
+ HMAC_CTX_init(ctx);
+#else
+ ctx = HMAC_CTX_new();
+#endif
- HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length,
+ HMAC_Init_ex(ctx, key->keyvalue.data, key->keyvalue.length,
EVP_sha1(), NULL);
- ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx));
+ ret = krb5_data_alloc(rep->hash, HMAC_size(ctx));
if (ret) {
- HMAC_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+ HMAC_CTX_cleanup(ctx);
+#else
+ HMAC_CTX_free(ctx);
+#endif
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
- HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
+ HMAC_Update(ctx, version_2_0, sizeof(version_2_0));
if (rep->error_code) {
int32_t t = *rep->error_code;
do {
unsigned char p = (t & 0xff);
- HMAC_Update(&ctx, &p, 1);
+ HMAC_Update(ctx, &p, 1);
t >>= 8;
} while (t);
}
if (rep->certificate)
- HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length);
+ HMAC_Update(ctx, rep->certificate->data, rep->certificate->length);
if (rep->e_text)
- HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text));
+ HMAC_Update(ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text));
- HMAC_Final(&ctx, rep->hash->data, 0);
- HMAC_CTX_cleanup(&ctx);
+ HMAC_Final(ctx, rep->hash->data, 0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+ HMAC_CTX_cleanup(ctx);
+#else
+ HMAC_CTX_free(ctx);
+#endif
return 0;
}
diff -r ff24b1abfc11 -r cfedfb51e401 crypto/external/bsd/heimdal/dist/kdc/pkinit.c
--- a/crypto/external/bsd/heimdal/dist/kdc/pkinit.c Mon Feb 05 15:23:14 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/kdc/pkinit.c Mon Feb 05 16:00:52 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pkinit.c,v 1.2 2017/01/28 21:31:44 christos Exp $ */
+/* $NetBSD: pkinit.c,v 1.3 2018/02/05 16:00:52 christos Exp $ */
/*
* Copyright (c) 2003 - 2016 Kungliga Tekniska Högskolan
@@ -346,19 +346,29 @@
goto out;
}
ret = KRB5_BADMSGTYPE;
- dh->p = integer_to_BN(context, "DH prime", &dhparam.p);
- if (dh->p == NULL)
+ BIGNUM *p, *q, *g;
+ p = integer_to_BN(context, "DH prime", &dhparam.p);
+ if (p == NULL)
goto out;
- dh->g = integer_to_BN(context, "DH base", &dhparam.g);
- if (dh->g == NULL)
+ g = integer_to_BN(context, "DH base", &dhparam.g);
+ if (g == NULL)
goto out;
if (dhparam.q) {
- dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q);
- if (dh->g == NULL)
+ q = integer_to_BN(context, "DH p-1 factor", dhparam.q);
+ if (q == NULL)
goto out;
- }
+ } else
+ q = NULL;
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+ dh->p = p;
+ if (q)
+ dh->q = q;
+ dh->g = g;
+#else
+ DH_set0_pqg(dh, p, q, g);
+#endif
{
heim_integer glue;
size_t size;
@@ -1022,7 +1032,13 @@
DH *kdc_dh = cp->u.dh.key;
heim_integer i;
- ret = BN_to_integer(context, kdc_dh->pub_key, &i);
+ const BIGNUM *pub_key;
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+ pub_key = kdc_dh->pub_key;
+#else
+ DH_get0_key(kdc_dh, &pub_key, NULL);
+#endif
+ ret = BN_to_integer(context, __UNCONST(pub_key), &i);
if (ret)
return ret;
diff -r ff24b1abfc11 -r cfedfb51e401 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c
--- a/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c Mon Feb 05 15:23:14 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c Mon Feb 05 16:00:52 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: arcfour.c,v 1.2 2017/01/28 21:31:46 christos Exp $ */
+/* $NetBSD: arcfour.c,v 1.3 2018/02/05 16:00:52 christos Exp $ */
/*
* Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
@@ -239,7 +239,7 @@
int32_t seq_number;
size_t len, total_len;
u_char k6_data[16], *p0, *p;
- EVP_CIPHER_CTX rc4_key;
+ EVP_CIPHER_CTX *rc4_key;
_gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
@@ -301,10 +301,20 @@
memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
- EVP_CIPHER_CTX_init(&rc4_key);
- EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
- EVP_Cipher(&rc4_key, p, p, 8);
- EVP_CIPHER_CTX_cleanup(&rc4_key);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+ EVP_CIPHER_CTX rc4_keys;
+ rc4_key = &rc4_keys;
+ EVP_CIPHER_CTX_init(rc4_key);
+#else
+ rc4_key = EVP_CIPHER_CTX_new();
+#endif
+ EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ EVP_Cipher(rc4_key, p, p, 8);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+ EVP_CIPHER_CTX_cleanup(rc4_key);
+#else
+ EVP_CIPHER_CTX_free(rc4_key);
+#endif
memset(k6_data, 0, sizeof(k6_data));
@@ -374,12 +384,22 @@
}
Home |
Main Index |
Thread Index |
Old Index