lib\crypto\krb\raw\Makefile lib\crypto\krb\old\Makefile \
lib\crypto\@CRYPTO_IMPL@\sha1\Makefile lib\crypto\@CRYPTO_IMPL@\arcfour\Makefile \
lib\crypto\@CRYPTO_IMPL@\md4\Makefile lib\crypto\@CRYPTO_IMPL@\md5\Makefile \
- lib\crypto\krb\yarrow\Makefile lib\crypto\@CRYPTO_IMPL@\aes\Makefile \
+ lib\crypto\krb\prng\Makefile lib\crypto\@CRYPTO_IMPL@\aes\Makefile \
lib\crypto\crypto_tests \
lib\gssapi\Makefile lib\gssapi\generic\Makefile \
lib\gssapi\krb5\Makefile lib\gssapi\mechglue\Makefile \
lib/crypto/krb/old/* lib/crypto/krb/raw/* \
lib/crypto/@CRYPTO_IMPL@/sha1/* lib/crypto/@CRYPTO_IMPL@/arcfour/* \
lib/crypto/@CRYPTO_IMPL@/md4/* \
- lib/crypto/@CRYPTO_IMPL@/md5/* lib/crypto/krb/yarrow/* \
+ lib/crypto/@CRYPTO_IMPL@/md5/* lib/crypto/krb/prng/* \
+ lib/crypto/krb/prng/@PRNG_ALG@/* \
lib/crypto/@CRYPTO_IMPL@/* lib/crypto/krb/* lib/crypto/crypto_tests \
lib/gssapi/* lib/gssapi/generic/* lib/gssapi/krb5/* \
lib/gssapi/mechglue/* lib/gssapi/spnego/* \
AC_SUBST(CRYPTO_IMPL_CFLAGS)
AC_SUBST(CRYPTO_IMPL_LIBS)
+if test "$CRYPTO_IMPL" = nss; then
+ PRNG_ALG="nss"
+else
+PRNG_ALG="yarrow"
+AC_ARG_WITH([prng-alg],
+AC_HELP_STRING([--with-prng-alg=ALG], [use specified PRNG algorithm. Ignored for nss. @<:@yarrow@:>@]),
+[PRNG_ALG=$withval
+AC_MSG_RESULT("k5crypto will use \'$withval\'")
+], withval=yarrow)
+fi
+AC_CONFIG_COMMANDS(PRNG_ALG, , PRNG_ALG=$PRNG_ALG)
+AC_SUBST(PRNG_ALG)
+if test "$withval" = fortuna; then
+ AC_DEFINE(FORTUNA,1,[Define if Fortuna PRNG is selected])
+fi
+
+AC_ARG_ENABLE([fortuna-test],
+ [ --enable-fortuna-test build to test Fortuna PRNG],,enableval=no)
+if test "$enableval" = yes ; then
+ PRNG_FORTUNA_TEST="yes"
+ AC_DEFINE(TEST_FORTUNA,1,[Create a special build to test Fortuna PRNG])
+ AC_CONFIG_COMMANDS(PRNG_FORTUNA_TEST, , PRNG_FORTUNA_TEST=$PRNG_FORTUNA_TEST)
+ AC_SUBST(PRNG_FORTUNA_TEST)
+fi
+
# --with-kdc-kdb-update makes the KDC update the database with last request
# information and failure information.
lib/crypto/$CRYPTO_IMPL/hash_provider lib/crypto/krb/checksum
lib/crypto/krb/prf lib/crypto/krb/rand2key
lib/crypto/$CRYPTO_IMPL lib/crypto/$CRYPTO_IMPL/md4 lib/crypto/$CRYPTO_IMPL/md5
- lib/crypto/krb/old lib/crypto/krb/raw lib/crypto/$CRYPTO_IMPL/sha1
- lib/crypto/krb/arcfour lib/crypto/krb/yarrow lib/crypto/$CRYPTO_IMPL/aes
+ lib/crypto/krb/old lib/crypto/krb/raw
+ lib/crypto/$CRYPTO_IMPL/sha1
+ lib/crypto/$CRYPTO_IMPL/sha2
+ lib/crypto/krb/arcfour lib/crypto/krb/prng
+ lib/crypto/krb/prng/$PRNG_ALG
+ lib/crypto/$CRYPTO_IMPL/aes
lib/crypto/$CRYPTO_IMPL/camellia lib/crypto/crypto_tests
lib/krb5 lib/krb5/error_tables lib/krb5/asn.1 lib/krb5/ccache
@CRYPTO_IMPL@/enc_provider/OBJS.ST \
@CRYPTO_IMPL@/hash_provider/OBJS.ST \
krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \
- krb/old/OBJS.ST krb/raw/OBJS.ST krb/yarrow/OBJS.ST \
+ krb/old/OBJS.ST krb/raw/OBJS.ST krb/prng/OBJS.ST \
+ krb/prng/@PRNG_ALG@/OBJS.ST \
@CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST \
@CRYPTO_IMPL@/sha1/OBJS.ST \
+ @CRYPTO_IMPL@/sha2/OBJS.ST \
krb/arcfour/OBJS.ST \
@CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \
@CRYPTO_IMPL@/camellia/OBJS.ST krb/OBJS.ST \
@CRYPTO_IMPL@/enc_provider/OBJS.ST \
@CRYPTO_IMPL@/hash_provider/OBJS.ST \
krb/checksum/OBJS.ST krb/prf/OBJS.ST krb/rand2key/OBJS.ST \
- krb/old/OBJS.ST krb/raw/OBJS.ST krb/yarrow/OBJS.ST \
+ krb/old/OBJS.ST krb/raw/OBJS.ST krb/prng/OBJS.ST \
+ krb/prng/@PRNG_ALG@/OBJS.ST \
@CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST \
@CRYPTO_IMPL@/sha1/OBJS.ST \
+ @CRYPTO_IMPL@/sha2/OBJS.ST \
krb/arcfour/OBJS.ST \
@CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \
@CRYPTO_IMPL@/camellia/OBJS.ST krb/OBJS.ST \
mydir=lib/crypto/builtin
BUILDTOP=$(REL)..$(S)..$(S)..
-SUBDIRS=camellia des aes md4 md5 sha1 enc_provider hash_provider
+SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider
LOCALINCLUDES = -I$(srcdir)/../krb \
-I$(srcdir)/../krb/hash_provider \
-I$(srcdir)/des \
-I$(srcdir)/aes \
-I$(srcdir)/camellia \
-I$(srcdir)/sha1 \
+ -I$(srcdir)/sha2 \
-I$(srcdir)/md4 \
-I$(srcdir)/md5 \
-I$(srcdir)/enc_provider \
$(srcdir)/pbkdf2.c
STOBJLISTS= des/OBJS.ST md4/OBJS.ST \
- md5/OBJS.ST sha1/OBJS.ST \
+ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \
enc_provider/OBJS.ST \
hash_provider/OBJS.ST \
aes/OBJS.ST \
OBJS.ST
SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \
- md5/OBJS.ST sha1/OBJS.ST \
+ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \
enc_provider/OBJS.ST \
hash_provider/OBJS.ST \
aes/OBJS.ST \
cd ..\sha1
@echo Making in crypto\sha1
$(MAKE) -$(MFLAGS)
+ cd ..\sh2a
+ @echo Making in crypto\sha2
+ $(MAKE) -$(MFLAGS)
cd ..\hash_provider
@echo Making in crypto\hash_provider
$(MAKE) -$(MFLAGS)
cd ..\sha1
@echo Making clean in crypto\sha1
$(MAKE) -$(MFLAGS) clean
+ cd ..\sha2
+ @echo Making clean in crypto\sha2
+ $(MAKE) -$(MFLAGS) clean
cd ..\hash_provider
@echo Making clean in crypto\hash_provider
$(MAKE) -$(MFLAGS) clean
--- /dev/null
+mydir=lib/crypto/builtin/sha2
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+DEFS=
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=sha2
+##DOS##OBJFILE=..\$(OUTPRE)sha2.lst
+
+RUN_SETUP = @KRB5_RUN_ENV@
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+STLIBOBJS= sha256.o
+
+OBJS= $(OUTPRE)sha256.$(OBJEXT)
+
+SRCS= $(srcdir)/sha256.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+includes:: depend
+
+depend:: $(SRCS)
+
+t_sha256: t_sha256.o sha256.o $(SUPPORT_DEPLIB)
+ $(CC_LINK) -o t_sha256 t_sha256.o sha256.o $(SUPPORT_LIB)
+
+
+$(OUTPRE)t_sha256.exe: $(OUTPRE)t_sha256.obj $(OUTPRE)sha256.obj
+ link -out:$@ $**
+
+
+check-unix:: t_sha256
+ $(RUN_SETUP) $(VALGRIND) $(C)t_sha256
+
+clean::
+ $(RM) t_sha256$(EXEEXT) t_sha256$(OBJEXT)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
--- /dev/null
+#
+# Generated makefile dependencies follow.
+#
+sha256.so sha256.po $(OUTPRE)sha256.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ sha256.c sha2.h
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id$ */
+
+#ifndef HEIM_SHA_H
+#define HEIM_SHA_H 1
+
+#include <k5-int.h>
+/*
+#include <stdlib.h>
+#include <string.h>
+#include <stddef.h>
+#ifdef KRB5
+#include <krb5-types.h>
+#endif
+*/
+#ifndef min
+#define min(a,b) (((a)>(b))?(b):(a))
+#endif
+
+/* Vector Crays doesn't have a good 32-bit type, or more precisely,
+ * int32_t as defined by <bind/bitypes.h> isn't 32 bits, and we don't
+ * want to depend in being able to redefine this type. To cope with
+ * this we have to clamp the result in some places to [0,2^32); no
+ * need to do this on other machines. Did I say this was a mess?
+ */
+
+#ifdef _CRAY
+#define CRAYFIX(X) ((X) & 0xffffffff)
+#else
+#define CRAYFIX(X) (X)
+#endif
+
+static inline uint32_t
+cshift (uint32_t x, unsigned int n)
+{
+ x = CRAYFIX(x);
+ return CRAYFIX((x << n) | (x >> (32 - n)));
+}
+
+/*
+ * SHA-2 256
+ */
+
+#define SHA256_DIGEST_LENGTH 32
+
+struct sha256state {
+ unsigned int sz[2];
+ uint32_t counter[8];
+ unsigned char save[64];
+};
+
+typedef struct sha256state SHA256_CTX;
+
+void sha2Init (SHA256_CTX *);
+void sha2Update (SHA256_CTX *, const void *, size_t);
+void sha2Final (void *, SHA256_CTX *);
+
+#endif /* HEIM_SHA_H */
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/sha256.c */
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include "sha2.h"
+
+#ifdef FORTUNA
+
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#define ROTR(x,n) (((x)>>(n)) | ((x) << (32 - (n))))
+
+#define Sigma0(x) (ROTR(x,2) ^ ROTR(x,13) ^ ROTR(x,22))
+#define Sigma1(x) (ROTR(x,6) ^ ROTR(x,11) ^ ROTR(x,25))
+#define sigma0(x) (ROTR(x,7) ^ ROTR(x,18) ^ ((x)>>3))
+#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10))
+
+#define A m->counter[0]
+#define B m->counter[1]
+#define C m->counter[2]
+#define D m->counter[3]
+#define E m->counter[4]
+#define F m->counter[5]
+#define G m->counter[6]
+#define H m->counter[7]
+
+static const uint32_t constant_256[64] = {
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+ 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+ 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+ 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+ 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+ 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+ 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+ 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+};
+
+void
+sha2Init (SHA256_CTX *m)
+{
+ m->sz[0] = 0;
+ m->sz[1] = 0;
+ A = 0x6a09e667;
+ B = 0xbb67ae85;
+ C = 0x3c6ef372;
+ D = 0xa54ff53a;
+ E = 0x510e527f;
+ F = 0x9b05688c;
+ G = 0x1f83d9ab;
+ H = 0x5be0cd19;
+}
+
+static void
+calc (SHA256_CTX *m, uint32_t *in)
+{
+ uint32_t AA, BB, CC, DD, EE, FF, GG, HH;
+ uint32_t data[64];
+ int i;
+
+ AA = A;
+ BB = B;
+ CC = C;
+ DD = D;
+ EE = E;
+ FF = F;
+ GG = G;
+ HH = H;
+
+ for (i = 0; i < 16; ++i)
+ data[i] = in[i];
+ for (i = 16; i < 64; ++i)
+ data[i] = sigma1(data[i-2]) + data[i-7] +
+ sigma0(data[i-15]) + data[i - 16];
+
+ for (i = 0; i < 64; i++) {
+ uint32_t T1, T2;
+
+ T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i];
+ T2 = Sigma0(AA) + Maj(AA,BB,CC);
+
+ HH = GG;
+ GG = FF;
+ FF = EE;
+ EE = DD + T1;
+ DD = CC;
+ CC = BB;
+ BB = AA;
+ AA = T1 + T2;
+ }
+
+ A += AA;
+ B += BB;
+ C += CC;
+ D += DD;
+ E += EE;
+ F += FF;
+ G += GG;
+ H += HH;
+}
+
+/*
+ * From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu>
+ */
+
+#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
+static inline uint32_t
+swap_uint32_t (uint32_t t)
+{
+#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n)))
+ uint32_t temp1, temp2;
+
+ temp1 = cshift(t, 16);
+ temp2 = temp1 >> 8;
+ temp1 &= 0x00ff00ff;
+ temp2 &= 0x00ff00ff;
+ temp1 <<= 8;
+ return temp1 | temp2;
+}
+#endif
+
+struct x32{
+ unsigned int a:32;
+ unsigned int b:32;
+};
+
+void
+sha2Update (SHA256_CTX *m, const void *v, size_t len)
+{
+ const unsigned char *p = v;
+ size_t old_sz = m->sz[0];
+ size_t offset;
+
+ m->sz[0] += len * 8;
+ if (m->sz[0] < old_sz)
+ ++m->sz[1];
+ offset = (old_sz / 8) % 64;
+ while(len > 0){
+ size_t l = min(len, 64 - offset);
+ memcpy(m->save + offset, p, l);
+ offset += l;
+ p += l;
+ len -= l;
+ if(offset == 64){
+#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
+ int i;
+ uint32_t current[16];
+ struct x32 *u = (struct x32*)m->save;
+ for(i = 0; i < 8; i++){
+ current[2*i+0] = swap_uint32_t(u[i].a);
+ current[2*i+1] = swap_uint32_t(u[i].b);
+ }
+ calc(m, current);
+#else
+ calc(m, (uint32_t*)m->save);
+#endif
+ offset = 0;
+ }
+ }
+}
+
+void
+sha2Final (void *res, SHA256_CTX *m)
+{
+ unsigned char zeros[72];
+ unsigned offset = (m->sz[0] / 8) % 64;
+ unsigned int dstart = (120 - offset - 1) % 64 + 1;
+
+ *zeros = 0x80;
+ memset (zeros + 1, 0, sizeof(zeros) - 1);
+ zeros[dstart+7] = (m->sz[0] >> 0) & 0xff;
+ zeros[dstart+6] = (m->sz[0] >> 8) & 0xff;
+ zeros[dstart+5] = (m->sz[0] >> 16) & 0xff;
+ zeros[dstart+4] = (m->sz[0] >> 24) & 0xff;
+ zeros[dstart+3] = (m->sz[1] >> 0) & 0xff;
+ zeros[dstart+2] = (m->sz[1] >> 8) & 0xff;
+ zeros[dstart+1] = (m->sz[1] >> 16) & 0xff;
+ zeros[dstart+0] = (m->sz[1] >> 24) & 0xff;
+ sha2Update (m, zeros, dstart + 8);
+ {
+ int i;
+ unsigned char *r = (unsigned char*)res;
+
+ for (i = 0; i < 8; ++i) {
+ r[4*i+3] = m->counter[i] & 0xFF;
+ r[4*i+2] = (m->counter[i] >> 8) & 0xFF;
+ r[4*i+1] = (m->counter[i] >> 16) & 0xFF;
+ r[4*i] = (m->counter[i] >> 24) & 0xFF;
+ }
+ }
+}
+#endif /* FORTUNA */
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/t_sha256.c */
+/*
+ * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include "sha2.h"
+
+#ifndef FORTUNA
+int
+main (void)
+{
+ return 0;
+}
+
+#else
+
+#define ONE_MILLION_A "one million a's"
+
+struct test {
+ char *str;
+ unsigned char hash[64];
+};
+
+struct test tests[] = {
+ { "abc",
+ { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
+ 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
+ 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
+ 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad }},
+ { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
+ 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
+ 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
+ 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 }},
+ { ONE_MILLION_A,
+ {0xcd,0xc7,0x6e,0x5c, 0x99,0x14,0xfb,0x92,
+ 0x81,0xa1,0xc7,0xe2, 0x84,0xd7,0x3e,0x67,
+ 0xf1,0x80,0x9a,0x48, 0xa4,0x97,0x20,0x0e,
+ 0x04,0x6d,0x39,0xcc, 0xc7,0x11,0x2c,0xd0 }},
+ { NULL }
+};
+
+int
+main (void)
+{
+ struct test *t;
+ void *ctx = malloc(sizeof(SHA256_CTX));
+ unsigned char *res = malloc(SHA256_DIGEST_LENGTH);
+ char buf[1000];
+
+ for (t = tests; t->str; ++t) {
+
+ sha2Init(ctx);
+ if(strcmp(t->str, ONE_MILLION_A) == 0) {
+ int i;
+ memset(buf, 'a', sizeof(buf));
+ for(i = 0; i < 1000; i++) {
+ sha2Update(ctx, buf, sizeof(buf));
+ }
+ } else {
+ sha2Update(ctx, (unsigned char *)t->str, strlen(t->str));
+ }
+
+ sha2Final(res, ctx);
+ if (memcmp (res, t->hash, SHA256_DIGEST_LENGTH) != 0) {
+ int i;
+
+ printf ("%s(\"%s\") failed\n", "SHA- 256", t->str);
+ printf("should be: ");
+ for(i = 0; i < SHA256_DIGEST_LENGTH; ++i) {
+ if(i > 0 && (i % 16) == 0)
+ printf("\n ");
+ printf("%02x ", t->hash[i]);
+ }
+ printf("\nresult was: ");
+ for(i = 0; i < SHA256_DIGEST_LENGTH; ++i) {
+ if(i > 0 && (i % 16) == 0)
+ printf("\n ");
+ printf("%02x ", res[i]);
+ }
+ printf("\n");
+ return 1;
+ }
+
+ if (memcmp (res, t->hash, SHA256_DIGEST_LENGTH) != 0) {
+ printf("EVP %s failed here old function where successful!\n", "SHA-256");
+ return 1;
+ }
+ }
+ free(ctx);
+ free(res);
+ printf ("success\n");
+ return 0;
+}
+#endif /* FORTUNA */
LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir)/../@CRYPTO_IMPL@/enc_provider \
-I$(srcdir)/../@CRYPTO_IMPL@/hash_provider -I$(srcdir)/../krb/keyhash_provider \
-I$(srcdir)/../krb/dk -I$(srcdir)/../@CRYPTO_IMPL@/ \
- -I$(srcdir)/../krb/yarrow \
+ -I$(srcdir)/../krb/prng \
+ -I$(srcdir)/../krb/prng/@PRNG_ALG@ \
-I$(srcdir)/../krb/crc32 -I$(srcdir)/../krb/old -I$(srcdir)/../krb/raw \
-I$(srcdir)/../@CRYPTO_IMPL@/aes -I$(srcdir)/../@CRYPTO_IMPL@/des \
-I$(srcdir)/../@CRYPTO_IMPL@/arcfour -I$(srcdir)/../@CRYPTO_IMPL@/sha1 \
t_crc t_cts t_short t_str2key t_camellia_ccm
$(RUN_SETUP) $(VALGRIND) ./t_nfold
$(RUN_SETUP) $(VALGRIND) ./t_encrypt
+ifeq ("@PRNG_ALG@","fortuna")
+ $(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output
+else
if [ @CRYPTO_IMPL@ != nss ]; then \
- $(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \
- diff t_prng.output $(srcdir)/t_prng.expected; fi
+ $(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && diff t_prng.output $(srcdir)/t_prng.expected; \
+ fi
+endif
$(RUN_SETUP) $(VALGRIND) ./t_cmac
$(RUN_SETUP) $(VALGRIND) ./t_hmac
$(RUN_SETUP) $(VALGRIND) ./t_prf <$(srcdir)/t_prf.in >t_prf.output
mydir=lib/crypto/krb
BUILDTOP=$(REL)..$(S)..$(S)..
SUBDIRS= arcfour checksum crc32 dk \
- prf rand2key old raw yarrow
+ prf rand2key old raw prng
LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../@CRYPTO_IMPL@/enc_provider -I$(srcdir)/dk \
-I$(srcdir)/../@CRYPTO_IMPL@/hash_provider \
-I$(srcdir)/prf -I$(srcdir)/rand2key \
- -I$(srcdir)/old -I$(srcdir)/raw -I$(srcdir)/yarrow \
+ -I$(srcdir)/old -I$(srcdir)/raw \
+ -I$(srcdir)/prng \
+ -I$(srcdir)/prng/@PRNG_ALG@ \
-I$(srcdir)/../@CRYPTO_IMPL@/ -I$(srcdir)/../@CRYPTO_IMPL@/des \
-I$(srcdir)/../@CRYPTO_IMPL@/aes -I$(srcdir)/arcfour \
-I$(srcdir)/../@CRYPTO_IMPL@/camellia \
nfold.o \
old_api_glue.o \
prf.o \
- prng.o \
random_to_key.o \
state.o \
string_to_cksumtype.o \
$(OUTPRE)nfold.$(OBJEXT) \
$(OUTPRE)old_api_glue.$(OBJEXT) \
$(OUTPRE)prf.$(OBJEXT) \
- $(OUTPRE)prng.$(OBJEXT) \
$(OUTPRE)random_to_key.$(OBJEXT) \
$(OUTPRE)state.$(OBJEXT) \
$(OUTPRE)string_to_cksumtype.$(OBJEXT) \
$(srcdir)/old_api_glue.c \
$(srcdir)/prf.c \
$(srcdir)/cf2.c \
- $(srcdir)/prng.c \
$(srcdir)/random_to_key.c \
$(srcdir)/state.c \
$(srcdir)/string_to_cksumtype.c \
STOBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \
dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \
- old/OBJS.ST raw/OBJS.ST yarrow/OBJS.ST OBJS.ST
+ old/OBJS.ST raw/OBJS.ST prng/@PRNG_ALG@/OBJS.ST prng/OBJS.ST OBJS.ST
SUBDIROBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \
dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \
- old/OBJS.ST raw/OBJS.ST yarrow/OBJS.ST
+ old/OBJS.ST raw/OBJS.ST prng/@PRNG_ALG@/OBJS.ST prng/OBJS.ST
##DOS##LIBOBJS = $(OBJS)
cd ..\raw
@echo Making in crypto\raw
$(MAKE) -$(MFLAGS)
- cd ..\yarrow
- @echo Making in crypto\yarrow
+ cd ..\prng
+ @echo Making in crypto\prng
$(MAKE) -$(MFLAGS)
cd ..
cd ..\raw
@echo Making clean in crypto\raw
$(MAKE) -$(MFLAGS) clean
- cd ..\yarrow
- @echo Making clean in crypto\yarrow
+ cd ..\prng
+ @echo Making clean in crypto\prng
$(MAKE) -$(MFLAGS) clean
cd ..
cd ..\raw
@echo Making check in crypto\raw
$(MAKE) -$(MFLAGS) check
- cd ..\yarrow
- @echo Making check in crypto\yarrow
+ cd ..\prng
+ @echo Making check in crypto\prng
$(MAKE) -$(MFLAGS) check
cd ..
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
- * Copyright (C) 2001, 2002, 2004, 2007, 2008 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2001, 2002, 2004, 2007, 2008, 2010 by the Massachusetts Institute of Technology.
* All rights reserved.
*
*
* or implied warranty.
*/
-#include "k5-int.h"
-#include "enc_provider.h"
-#include <assert.h>
-#include "k5-thread.h"
+#include "prng.h"
-#define yarrow_lock krb5int_yarrow_lock
-k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER;
-
-#ifdef CRYPTO_IMPL_NSS
-
-/*
- * Using Yarrow with NSS is a bit problematic because the MD5 contexts it holds
- * open for the entropy pools would be invalidated by a fork(), causing us to
- * lose the entropy contained therein.
- *
- * Therefore, use the NSS PRNG if NSS is the crypto implementation. Doing this
- * via ifdefs here is temporary until we come up with better build logic for
- * it.
- */
-
-#include "../nss/nss_gen.h"
-#include <pk11pub.h>
+#ifdef FORTUNA
+#include "fortuna.h"
+const struct krb5_prng_provider *prng = &krb5int_prng_fortuna;
+#elif defined(CRYPTO_IMPL_NSS)
+#include "prng_nss.h"
+const struct krb5_prng_provider *prng = &krb5int_prng_nss;
+#else
+#include "yarrow.h"
+const struct krb5_prng_provider *prng = &krb5int_prng_yarrow;
+#endif
/*
- * NSS gathers its own OS entropy, so it doesn't really matter how much we read
- * in krb5_c_random_os_entropy. Use the same value as Yarrow (without using a
- * Yarrow constant), so that we don't read too much from /dev/random.
+ * krb5int_prng_init - Returns 0 on success
*/
-#define OS_ENTROPY_LEN 20
-
int krb5int_prng_init(void)
{
- return 0;
+ int err = 0;
+ err = prng->init();
+ return err;
}
+/*
+ * krb5_c_random_add_entropy - Returns 0 on success
+ */
krb5_error_code KRB5_CALLCONV
krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
const krb5_data *data)
{
- krb5_error_code ret;
-
- ret = k5_nss_init();
- if (ret)
- return ret;
- if (PK11_RandomUpdate(data->data, data->length) != SECSuccess)
- return k5_nss_map_last_error();
- return 0;
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_make_octets(krb5_context context, krb5_data *data)
-{
- krb5_error_code ret;
-
- ret = k5_nss_init();
- if (ret)
- return ret;
- if (PK11_GenerateRandom((unsigned char *)data->data,
- data->length) != SECSuccess)
- return k5_nss_map_last_error();
- return 0;
-}
-
-void
-krb5int_prng_cleanup (void)
-{
+ krb5_error_code err = 0;
+ err = prng->add_entropy(context, randsource, data);
+ return err;
}
-#else /* CRYPTO_IMPL_NSS */
-
-#include "yarrow.h"
-static Yarrow_CTX y_ctx;
-
-/* Gather enough OS entropy per call to trigger a Yarrow reseed. */
-#define OS_ENTROPY_LEN (YARROW_SLOW_THRESH/8)
-
-/* Helper function to estimate entropy based on sample length
- * and where it comes from.
+/*
+ * krb5_c_random_seed - Returns 0 on success
*/
-
-static size_t
-entropy_estimate(unsigned int randsource, size_t length)
-{
- switch (randsource) {
- case KRB5_C_RANDSOURCE_OLDAPI:
- return 4 * length;
- case KRB5_C_RANDSOURCE_OSRAND:
- return 8 * length;
- case KRB5_C_RANDSOURCE_TRUSTEDPARTY:
- return 4 * length;
- case KRB5_C_RANDSOURCE_TIMING:
- return 2;
- case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL:
- return 0;
- default:
- abort();
- }
- return 0;
-}
-
-int krb5int_prng_init(void)
-{
- unsigned i, source_id;
- int yerr;
-
- yerr = k5_mutex_finish_init(&yarrow_lock);
- if (yerr)
- return yerr;
-
- yerr = krb5int_yarrow_init (&y_ctx, NULL);
- if (yerr != YARROW_OK && yerr != YARROW_NOT_SEEDED)
- return KRB5_CRYPTO_INTERNAL;
-
- for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) {
- if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK)
- return KRB5_CRYPTO_INTERNAL;
- assert (source_id == i);
- }
-
- return 0;
-}
-
krb5_error_code KRB5_CALLCONV
-krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
- const krb5_data *data)
+krb5_c_random_seed(krb5_context context, krb5_data *data)
{
- int yerr;
-
- /* Make sure the mutex got initialized. */
- yerr = krb5int_crypto_init();
- if (yerr)
- return yerr;
- /* Now, finally, feed in the data. */
- yerr = krb5int_yarrow_input(&y_ctx, randsource,
- data->data, data->length,
- entropy_estimate(randsource, data->length));
- if (yerr != YARROW_OK)
- return KRB5_CRYPTO_INTERNAL;
- return 0;
+ return krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OLDAPI, data);
}
+/*
+ * krb5_c_random_make_octets - Returns 0 on success
+ */
krb5_error_code KRB5_CALLCONV
krb5_c_random_make_octets(krb5_context context, krb5_data *data)
{
- int yerr;
- yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
- if (yerr == YARROW_NOT_SEEDED) {
- yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL);
- if (yerr == YARROW_OK)
- yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
- }
- if (yerr != YARROW_OK)
- return KRB5_CRYPTO_INTERNAL;
- return 0;
+ krb5_error_code err = 0;
+ err = prng->make_octets(context, data);
+ return err;
}
void
krb5int_prng_cleanup (void)
{
- krb5int_yarrow_final (&y_ctx);
- k5_mutex_destroy(&yarrow_lock);
+ prng->cleanup();
+ return;
}
-#endif /* not CRYPTO_IMPL_NSS */
-
-krb5_error_code KRB5_CALLCONV
-krb5_c_random_seed(krb5_context context, krb5_data *data)
-{
- return krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OLDAPI, data);
-}
/*
* Routines to get entropy from the OS. For UNIX we try /dev/urandom
* read.
*/
+/*
+ * read_entropy_from_device - Returns 0 on success
+ */
static int
read_entropy_from_device(krb5_context context, const char *device)
{
krb5_data data;
struct stat sb;
int fd;
- unsigned char buf[OS_ENTROPY_LEN], *bp;
+ unsigned char buf[ENTROPY_BUFSIZE], *bp;
int left;
-
fd = open (device, O_RDONLY);
if (fd == -1)
return 0;
&data) == 0);
}
+/*
+ * krb5_c_random_os_entropy - Returns 0 on success
+ */
krb5_error_code KRB5_CALLCONV
krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
{
}
#endif /*Windows or pre-OSX Mac*/
+
-mydir=lib/crypto/krb/yarrow
-BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/.. \
- -I$(srcdir)/../../@CRYPTO_IMPL@ \
- -I$(srcdir)/../../@CRYPTO_IMPL@/sha1 \
- -I$(srcdir)/../../@CRYPTO_IMPL@/enc_provider
+mydir=lib/crypto/krb/prng/yarrow
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. \
+ -I$(srcdir)/../../../@CRYPTO_IMPL@ \
+ -I$(srcdir)/../../../@CRYPTO_IMPL@/sha1 \
+ -I$(srcdir)/../../../@CRYPTO_IMPL@/enc_provider
DEFS=
##DOS##BUILDTOP = ..\..\..\..
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
-STLIBOBJS=\
+STLIBOBJS= \
+ prng_yarrow.o \
yarrow.o \
ycipher.o
-OBJS=\
+OBJS= \
+ $(OUTPRE)prng_yarrow.$(OBJEXT) \
$(OUTPRE)yarrow.$(OBJEXT) \
$(OUTPRE)ycipher.$(OBJEXT)
SRCS=\
+ $(srcdir)/prng_yarrow.c \
$(srcdir)/yarrow.c \
$(srcdir)/ycipher.c
clean-unix:: clean-libobjs
+@lib_frag@
@libobj_frag@
#
yarrow.so yarrow.po $(OUTPRE)yarrow.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../builtin/sha1/shs.h \
- $(srcdir)/../../builtin/yhash.h $(top_srcdir)/include/k5-buf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../builtin/sha1/shs.h \
+ $(srcdir)/../../../builtin/yhash.h $(top_srcdir)/include/k5-buf.h \
$(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
$(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
$(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h yarrow.c yarrow.h \
- ycipher.h yexcep.h ylock.h ystate.h ytypes.h
+ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ yarrow.c yarrow.h ycipher.h yexcep.h ylock.h ystate.h \
+ ytypes.h
ycipher.so ycipher.po $(OUTPRE)ycipher.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../builtin/enc_provider/enc_provider.h \
- $(srcdir)/../../builtin/sha1/shs.h $(srcdir)/../../builtin/yhash.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../builtin/enc_provider/enc_provider.h \
+ $(srcdir)/../../../builtin/sha1/shs.h $(srcdir)/../../../builtin/yhash.h \
$(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h yarrow.h ycipher.c \
+ ycipher.h ytypes.h
+prng_yarrow.so prng_yarrow.po $(OUTPRE)prng_yarrow.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../builtin/sha1/shs.h \
+ $(srcdir)/../../../builtin/yhash.h $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- yarrow.h ycipher.c ycipher.h ytypes.h
+ prng_yarrow.c yarrow.h ycipher.h yexcep.h ylock.h ystate.h
#include <yhash.h>
#include "ycipher.h"
+extern const struct krb5_prng_provider krb5int_prng_yarrow;
+
/* These error codes are returned by the functions below. */
#define YARROW_OK 1 /* All is well */
krb5_crypto_iov iov;
const struct krb5_enc_provider *enc = &yarrow_enc_provider;
- /*
- This can happen if ENOMEM in initializing the key
- which happens on init or during reseeding
- */
- if (!ctx->key)
- return YARROW_FAIL;
memcpy(out, in, CIPHER_BLOCK_SIZE);
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = make_data(out, CIPHER_BLOCK_SIZE);
mydir=lib/crypto/nss
BUILDTOP=$(REL)..$(S)..$(S)..
-SUBDIRS=des aes camellia md4 md5 sha1 enc_provider hash_provider
+SUBDIRS=des aes camellia md4 md5 sha1 sha2 enc_provider hash_provider
LOCALINCLUDES = -I$(srcdir)/../krb \
-I$(srcdir)/../krb/hash_provider \
-I$(srcdir)/des \
-I$(srcdir)/aes \
-I$(srcdir)/sha1 \
+ -I$(srcdir)/sha2 \
-I$(srcdir)/md4 \
-I$(srcdir)/md5 \
-I$(srcdir)/enc_provider \
$(srcdir)/pbkdf2.c
STOBJLISTS= des/OBJS.ST md4/OBJS.ST \
- md5/OBJS.ST sha1/OBJS.ST \
+ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \
enc_provider/OBJS.ST \
hash_provider/OBJS.ST \
aes/OBJS.ST \
OBJS.ST
SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \
- md5/OBJS.ST sha1/OBJS.ST \
+ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \
enc_provider/OBJS.ST \
hash_provider/OBJS.ST \
aes/OBJS.ST \
cd ..\sha1
@echo Making in crypto\sha1
$(MAKE) -$(MFLAGS)
+ cd ..\sha2
+ @echo Making in crypto\sh2a
+ $(MAKE) -$(MFLAGS)
cd ..\hash_provider
@echo Making in crypto\hash_provider
$(MAKE) -$(MFLAGS)
cd ..\md5
@echo Making clean in crypto\md5
$(MAKE) -$(MFLAGS) clean
+ cd ..\sha2
+ @echo Making clean in crypto\sha2
+ $(MAKE) -$(MFLAGS) clean
cd ..\sha1
@echo Making clean in crypto\sha1
$(MAKE) -$(MFLAGS) clean
cd ..\sha1
@echo Making check in crypto\sha1
$(MAKE) -$(MFLAGS) check
+ cd ..\sha2
+ @echo Making check in crypto\sha2
+ $(MAKE) -$(MFLAGS) check
cd ..\hash_provider
@echo Making check in crypto\hash_provider
$(MAKE) -$(MFLAGS) check
mydir=lib/crypto/openssl
BUILDTOP=$(REL)..$(S)..$(S)..
-SUBDIRS=camellia des aes md4 md5 sha1 enc_provider hash_provider
+SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider
LOCALINCLUDES = -I$(srcdir)/../krb \
-I$(srcdir)/../krb/hash_provider \
-I$(srcdir)/des \
-I$(srcdir)/aes \
-I$(srcdir)/sha1 \
+ -I$(srcdir)/sha2 \
-I$(srcdir)/md4 \
-I$(srcdir)/md5 \
-I$(srcdir)/enc_provider \
$(srcdir)/pbkdf2.c
STOBJLISTS= des/OBJS.ST md4/OBJS.ST \
- md5/OBJS.ST sha1/OBJS.ST \
+ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \
enc_provider/OBJS.ST \
hash_provider/OBJS.ST \
aes/OBJS.ST \
OBJS.ST
SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \
- md5/OBJS.ST sha1/OBJS.ST \
+ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \
enc_provider/OBJS.ST \
hash_provider/OBJS.ST \
aes/OBJS.ST
cd ..\sha1
@echo Making in crypto\sha1
$(MAKE) -$(MFLAGS)
+ cd ..\sha2
+ @echo Making in crypto\sha2
+ $(MAKE) -$(MFLAGS)
cd ..\hash_provider
@echo Making in crypto\hash_provider
$(MAKE) -$(MFLAGS)
cd ..\sha1
@echo Making clean in crypto\sha1
$(MAKE) -$(MFLAGS) clean
+ cd ..\sha2
+ @echo Making clean in crypto\sha2
+ $(MAKE) -$(MFLAGS) clean
cd ..\hash_provider
@echo Making clean in crypto\hash_provider
$(MAKE) -$(MFLAGS) clean
--- /dev/null
+mydir=lib/crypto/openssl/sha2
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+DEFS=
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=sha2
+##DOS##OBJFILE=..\$(OUTPRE)sha256.lst
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+STLIBOBJS= sha256.o
+
+OBJS= $(OUTPRE)sha256.$(OBJEXT)
+
+SRCS= $(srcdir)/sha256.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+includes:: depend
+
+depend:: $(SRCS)
+
+clean::
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
--- /dev/null
+#
+# Generated makefile dependencies follow.
+#
+sha256.so sha256.po $(OUTPRE)sha256.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h sha256.c sha2.h
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/openssl/sha2/sha2.h
+ *
+ * Copyright 2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef _SHA2_DEFINED
+
+#include "k5-int.h"
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#define _SHA2_DEFINED
+
+#define SHA2_DIGESTSIZE 32
+
+#define sha2Init SHA256_Init
+#define sha2Update SHA256_Update
+#define sha2Final SHA256_Final
+
+#endif /* _SHA2_DEFINED */
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/sha2/sha256.c
+ *
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "sha2.h"
+
../../lib/crypto/@CRYPTO_IMPL@/arcfour/OBJS.ST \
../../lib/crypto/@CRYPTO_IMPL@/aes/OBJS.ST \
../../lib/crypto/@CRYPTO_IMPL@/camellia/OBJS.ST \
- ../../lib/crypto/krb/yarrow/OBJS.ST \
+ ../../lib/crypto/krb/prng/OBJS.ST \
+ ../../lib/crypto/krb/prng/@PRNG_ALG@/OBJS.ST \
../../lib/crypto/krb/OBJS.ST \
../../lib/crypto/@CRYPTO_IMPL@/OBJS.ST \
../../lib/crypto/OBJS.ST \
projects / krb5.git / commitdiff