diff options
| author | Greg Hudson <ghudson@mit.edu> | 2015-12-05 17:20:26 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2016-10-03 13:28:03 -0400 |
| commit | 54ba48419a86f1c73b4e6e11e5f2f839c16497c7 (patch) | |
| tree | 8a530578eddc0da8e0e1f8a0c335986c8cbe71cf | |
| parent | 248497427d5a45225817b6c22e9224e8ad969872 (diff) | |
| download | krb5-54ba48419a86f1c73b4e6e11e5f2f839c16497c7.zip krb5-54ba48419a86f1c73b4e6e11e5f2f839c16497c7.tar.gz krb5-54ba48419a86f1c73b4e6e11e5f2f839c16497c7.tar.bz2 | |
Consolidate libk5crypto OpenSSL hash providers
In the libk5crypto OpenSSL back end, combine all of the hash providers
which use the OpenSSL EVP interface into a single file to reduce code
duplication.
| -rw-r--r-- | src/lib/crypto/openssl/hash_provider/Makefile.in | 12 | ||||
| -rw-r--r-- | src/lib/crypto/openssl/hash_provider/deps | 28 | ||||
| -rw-r--r-- | src/lib/crypto/openssl/hash_provider/hash_evp.c | 92 | ||||
| -rw-r--r-- | src/lib/crypto/openssl/hash_provider/hash_md4.c | 61 | ||||
| -rw-r--r-- | src/lib/crypto/openssl/hash_provider/hash_md5.c | 61 | ||||
| -rw-r--r-- | src/lib/crypto/openssl/hash_provider/hash_sha1.c | 62 |
6 files changed, 97 insertions, 219 deletions
diff --git a/src/lib/crypto/openssl/hash_provider/Makefile.in b/src/lib/crypto/openssl/hash_provider/Makefile.in index 993c9c3..7762e20 100644 --- a/src/lib/crypto/openssl/hash_provider/Makefile.in +++ b/src/lib/crypto/openssl/hash_provider/Makefile.in @@ -4,19 +4,13 @@ LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. STLIBOBJS= \ hash_crc32.o \ - hash_md4.o \ - hash_md5.o \ - hash_sha1.o + hash_evp.o OBJS= $(OUTPRE)hash_crc32.$(OBJEXT) \ - $(OUTPRE)hash_md4.$(OBJEXT) \ - $(OUTPRE)hash_md5.$(OBJEXT) \ - $(OUTPRE)hash_sha1.$(OBJEXT) + $(OUTPRE)hash_evp.$(OBJEXT) SRCS= $(srcdir)/hash_crc32.c \ - $(srcdir)/hash_md4.c \ - $(srcdir)/hash_md5.c \ - $(srcdir)/hash_sha1.c + $(srcdir)/hash_evp.c all-unix: all-libobjs diff --git a/src/lib/crypto/openssl/hash_provider/deps b/src/lib/crypto/openssl/hash_provider/deps index c181c0a..87dd020 100644 --- a/src/lib/crypto/openssl/hash_provider/deps +++ b/src/lib/crypto/openssl/hash_provider/deps @@ -13,7 +13,7 @@ hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ hash_crc32.c -hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \ +hash_evp.so hash_evp.po $(OUTPRE)hash_evp.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ @@ -24,28 +24,4 @@ hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - hash_md4.c -hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - hash_md5.c -hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - hash_sha1.c + hash_evp.c diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c new file mode 100644 index 0000000..0017ade --- /dev/null +++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c @@ -0,0 +1,92 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/openssl/hash_provider/hash_evp.c - OpenSSL hash providers */ +/* + * Copyright (C) 2015 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "crypto_int.h" +#include <openssl/evp.h> + +static krb5_error_code +hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) +{ + EVP_MD_CTX *ctx; + const krb5_data *d; + size_t i; + int ok; + + if (output->length != (unsigned int)EVP_MD_size(type)) + return KRB5_CRYPTO_INTERNAL; + + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) + return ENOMEM; + + ok = EVP_DigestInit_ex(ctx, type, NULL); + for (i = 0; i < num_data; i++) { + if (!SIGN_IOV(&data[i])) + continue; + d = &data[i].data; + ok = ok && EVP_DigestUpdate(ctx, d->data, d->length); + } + ok = ok && EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL); + EVP_MD_CTX_free(ctx); + return ok ? 0 : ENOMEM; +} + +static krb5_error_code +hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +{ + return hash_evp(EVP_md4(), data, num_data, output); +} + +static krb5_error_code +hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +{ + return hash_evp(EVP_md5(), data, num_data, output); +} + +static krb5_error_code +hash_sha1(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +{ + return hash_evp(EVP_sha1(), data, num_data, output); +} + +const struct krb5_hash_provider krb5int_hash_md4 = { + "MD4", 16, 64, hash_md4 +}; + +const struct krb5_hash_provider krb5int_hash_md5 = { + "MD5", 16, 64, hash_md5 +}; + +const struct krb5_hash_provider krb5int_hash_sha1 = { + "SHA1", 20, 64, hash_sha1 +}; diff --git a/src/lib/crypto/openssl/hash_provider/hash_md4.c b/src/lib/crypto/openssl/hash_provider/hash_md4.c deleted file mode 100644 index 37cf72f..0000000 --- a/src/lib/crypto/openssl/hash_provider/hash_md4.c +++ /dev/null @@ -1,61 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "crypto_int.h" -#include <openssl/evp.h> -#include <openssl/md4.h> - -static krb5_error_code -k5_md4_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) -{ - EVP_MD_CTX *ctx; - unsigned int i; - - if (output->length != MD4_DIGEST_LENGTH) - return KRB5_CRYPTO_INTERNAL; - - ctx = EVP_MD_CTX_new(); - if (ctx == NULL) - return ENOMEM; - - EVP_DigestInit_ex(ctx, EVP_md4(), NULL); - for (i = 0; i < num_data; i++) { - const krb5_data *d = &data[i].data; - if (SIGN_IOV(&data[i])) - EVP_DigestUpdate(ctx, (uint8_t *)d->data, d->length); - } - EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL); - EVP_MD_CTX_free(ctx); - return 0; -} - -const struct krb5_hash_provider krb5int_hash_md4 = { - "MD4", - MD4_DIGEST_LENGTH, - 64, - k5_md4_hash -}; diff --git a/src/lib/crypto/openssl/hash_provider/hash_md5.c b/src/lib/crypto/openssl/hash_provider/hash_md5.c deleted file mode 100644 index 29e7c4b..0000000 --- a/src/lib/crypto/openssl/hash_provider/hash_md5.c +++ /dev/null @@ -1,61 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "crypto_int.h" -#include <openssl/evp.h> -#include <openssl/md5.h> - -static krb5_error_code -k5_md5_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) -{ - EVP_MD_CTX *ctx; - unsigned int i; - - if (output->length != MD5_DIGEST_LENGTH) - return KRB5_CRYPTO_INTERNAL; - - ctx = EVP_MD_CTX_new(); - if (ctx == NULL) - return ENOMEM; - - EVP_DigestInit_ex(ctx, EVP_md5(), NULL); - for (i = 0; i < num_data; i++) { - const krb5_data *d = &data[i].data; - if (SIGN_IOV(&data[i])) - EVP_DigestUpdate(ctx, (uint8_t *)d->data, d->length); - } - EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL); - EVP_MD_CTX_free(ctx); - return 0; -} - -const struct krb5_hash_provider krb5int_hash_md5 = { - "MD5", - MD5_DIGEST_LENGTH, - 64, - k5_md5_hash -}; diff --git a/src/lib/crypto/openssl/hash_provider/hash_sha1.c b/src/lib/crypto/openssl/hash_provider/hash_sha1.c deleted file mode 100644 index 99d1d2f..0000000 --- a/src/lib/crypto/openssl/hash_provider/hash_sha1.c +++ /dev/null @@ -1,62 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/openssl/hash_provider/hash_sha1.c */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "crypto_int.h" -#include <openssl/evp.h> -#include <openssl/sha.h> - -static krb5_error_code -k5_sha1_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) -{ - EVP_MD_CTX *ctx; - unsigned int i; - - if (output->length != SHA_DIGEST_LENGTH) - return KRB5_CRYPTO_INTERNAL; - - ctx = EVP_MD_CTX_new(); - if (ctx == NULL) - return ENOMEM; - - EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); - for (i = 0; i < num_data; i++) { - const krb5_data *d = &data[i].data; - if (SIGN_IOV(&data[i])) - EVP_DigestUpdate(ctx, (uint8_t *)d->data, d->length); - } - EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL); - EVP_MD_CTX_free(ctx); - return 0; -} - -const struct krb5_hash_provider krb5int_hash_sha1 = { - "SHA1", - SHA_DIGEST_LENGTH, - 64, - k5_sha1_hash -}; |