+++ /dev/null
-# Sanitize.in for Kerberos V5
-
-# Each directory to survive it's way into a release will need a file
-# like this one called "./.Sanitize". All keyword lines must exist,
-# and must exist in the order specified by this file. Each directory
-# in the tree will be processed, top down, in the following order.
-
-# Hash started lines like this one are comments and will be deleted
-# before anything else is done. Blank lines will also be squashed
-# out.
-
-# The lines between the "Do-first:" line and the "Things-to-keep:"
-# line are executed as a /bin/sh shell script before anything else is
-# done in this
-
-Do-first:
-
-# All files listed between the "Things-to-keep:" line and the
-# "Files-to-sed:" line will be kept. All other files will be removed.
-# Directories listed in this section will have their own Sanitize
-# called. Directories not listed will be removed in their entirety
-# with rm -rf.
-
-Things-to-keep:
-
-.cvsignore
-ChangeLog
-Makefile.in
-configure
-configure.in
-c_localaddr.c
-c_ustime.c
-rnd_confoun.c
-
-Things-to-lose:
-
-Do-last:
-
-# End of file.
+++ /dev/null
-Wed Feb 18 16:08:30 1998 Tom Yu <tlyu@mit.edu>
-
- * Makefile.in: Remove trailing slash from thisconfigdir. Fix up
- BUILDTOP for new conventions.
-
-Fri Feb 13 15:20:54 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in (thisconfigdir), configure.in: Point the
- configuration directory at our parent, and remove our
- local configure.in
-
-Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile
-
-Fri Nov 28 21:23:42 1997 Tom Yu <tlyu@mit.edu>
-
- * configure.in: Add AC_PROG_LN_S to deal with symlinking in
- memmove.c. This is a kludge, as we really should have a more sane
- way to deal with missing posix functions.
-
-Thu Sep 25 21:53:11 1997 Tom Yu <tlyu@mit.edu>
-
- * c_localaddr.c: Replace KRB5_USE_INET with something more sane.
-
-Tue Aug 12 09:09:14 1997 Ezra Peisach <epeisach@mit.edu>
-
- * Makefile.in (SRCS): Add $(srcdir) as needed.
-
-Fri Jul 4 00:13:02 1997 Theodore Y. Ts'o <tytso@mit.edu>
-
- * c_localaddr.c (local_addr_fallback_kludge): Added Winsock
- kludge for finding your local IP address. May not work
- for all stacks, so we use it as a fallback.
-
-Sat Feb 22 18:54:53 1997 Richard Basch <basch@lehman.com>
-
- * Makefile.in: Use some of the new library list build rules in
- win-post.in
-
-Mon Feb 17 17:24:41 1997 Richard Basch <basch@lehman.com>
-
- * c_ustime.c: Fixed microsecond adjustment code (win32)
-
-Thu Nov 21 00:58:04 EST 1996 Richard Basch <basch@lehman.com>
-
- * Makefile.in: Win32 build
-
- * c_ustime.c: The Win32 time calculation is different from DOS'
- so the DOS version shouldn't be trying to use the same
- part of the ifdef.
-
- * rnd_confoun.c: Fix function declaration (win32)
-
-Sun Dec 29 21:54:42 1996 Tom Yu <tlyu@mit.edu>
-
- * Makefile.in:
- * configure.in: Update to use new library building procedure.
-
-Wed Jun 12 00:12:52 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * c_ustime.c: Fix WIN32 to be _WIN32
-
- * c_localaddr.c: Add #ifdef _WIN32 in places where we had #ifdef _MSDOS
-
-
-Sat Feb 24 00:34:15 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * c_ustime.c (krb5_crypto_us_timeofday): Add Windows 95/NT time
- function. (Does this time function work under Windows?
- We'll find out....)
-
-Thu Feb 15 10:57:27 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * c_localaddr.c: Set magic number in krb5_address.
-
-Fri Oct 6 22:00:48 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * Makefile.in: Remove ##DOS!include of config/windows.in.
- config/windows.in is now included by wconfig.
-
-Mon Sep 25 16:49:15 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the
- Makefile.
-
-Fri Sep 22 12:00:00 1995 James Mattly <mattly@fusion.com>
-
- * c_localaddr.c: change close on a socket to closesocket, sockets on
- macintosh arn't files
-
-Wed Sep 13 10:33:53 1995 Keith Vetter (keithv@fusion.com)
-
- * Makefile.in: PC builds all C files because of function name changes.
- * c_localtime.c, c_ustime.c: removed INTERFACE keyword.
-
-Wed Sep 13 17:32:36 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * c_localaddr.c (krb5_crypto_os_localaddr): Clear the buffer
- before calling the SIOCGIFCONF ioctl. This makes purify
- happy.
-
-Thu Sep 7 12:00:00 1995 James Mattly <mattly@fusion.com>
-
- * Renamed ustime.c to c_ustime.c
- * Renamed localaddr.c to c_localaddr.c because Mac can't have
- two files with the same name.
- * Makefile.in, .Sanitize updated for the above change.
-
-Thu Aug 24 18:40:48 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * .Sanitize: Update file list
-
-Sat Jul 29 03:17:21 1995 Tom Yu <tlyu@lothlorien.MIT.EDU>
-
- * localaddr.c (krb5_crypto_os_localaddr): Don't bash the return
- from SIOCGIFCONF with the output of a SIOCGIFFLAGS. Duh.
-
-Wed Jul 19 17:17:54 1995 Tom Yu <tlyu@lothlorien.MIT.EDU>
-
- * localaddr.c: also add definition of max if it's not there.
-
- * localaddr.c: fix definition of ifreq_size so it actually works
-
-Mon Jul 17 16:04:00 1995 Sam Hartman <hartmans@tertius.mit.edu>
-
- * localaddr.c (krb5_crypto_os_localaddr): Deal with variable sized
- ifreq structures if sockaddr contains sa_len field.
-
- * configure.in: Check to see if struct sockaddr has sa_len.
-
-Thu Jul 6 17:13:11 1995 Tom Yu <tlyu@lothlorien.MIT.EDU>
-
- * localaddr.c: migrated from lib/krb5/os
-
- * ustime.c: migrated from lib/krb5/os; removed context variable
- from arglist.
-
- * Makefile.in: don't copy or remove localaddr.c and ustime.c;
- they're local now.
-
-Fri Jun 9 19:18:41 1995 <tytso@rsx-11.mit.edu>
-
- * configure.in: Remove standardized set of autoconf macros, which
- are now handled by CONFIG_RULES.
-
-Thu May 25 22:16:35 1995 Theodore Y. Ts'o (tytso@dcl)
-
- * configure.in, Makefile.in: Add support for shared libraries.
-
-Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com)
-
- * *.[ch]: removed unneeded INTERFACE from non-api functions.
-
-Sat Mar 25 15:38:23 1995 Mark Eichin <eichin@cygnus.com>
-
- * Makefile.in (memmove.c): memmove.c is in krb5/posix, not krb5/os.
-
-Wed Mar 22 11:44:07 1995 <tytso@rsx-11.mit.edu>
-
- * Makefile.in: Use $(SRCTOP) instead of $(srcdir), since Mac's
- don't like dealing with $(U)$(U).
-
-Fri Mar 17 16:21:46 1995 Theodore Y. Ts'o (tytso@dcl)
-
- * Makefile.in: Fix rules for localdr.c, ustime.c, and memmove.c so
- that they reference $(srcdir) where appropriate.
-
-Thu Mar 16 21:24:43 1995 John Gilmore (gnu at toad.com)
-
- * Makefile.in (LDFLAGS): Eliminate, comes in from pre.in.
- (all-mac): Add.
- (localaddr.c, ustime.c, memmove.c): Fix paths to work on Mac.
-
-Tue Mar 14 17:23:02 1995 Keith Vetter (keithv@fusion.com)
-
- * Makefile.in: no longer need to bring in ustime and localaddr for
- windows since everything's going into one DLL in the end.
-
-Thu Mar 2 17:56:48 1995 Keith Vetter (keithv@fusion.com)
-
- * Makefile.in: changed LIBNAME for the PC, and brought in ustime
- and localaddr from the krb/os directory.
- * rnd_conf.c: added cast to the seed assignment.
-
-Mon Feb 20 16:25:36 1995 Keith Vetter (keithv@fusion.com)
-
- * Makfile.in: made to work for the PC
- * rnd_confoun.c: added windows INTERFACE keyword
-
-Wed Jan 25 20:24:35 1995 John Gilmore (gnu at toad.com)
-
- * rnd_confoun.c: Replace <.../...> includes with "..."s.
-
-Mon Oct 24 14:58:14 1994 (tytso@rsx-11)
-
- * configure.in:
- * rnd_confoun.c (krb5_random_confounder): Use the srand48/lrand48
- functions if available.
-
-Fri Oct 14 00:21:05 1994 Theodore Y. Ts'o (tytso@dcl)
-
- * Makefile.in: Remove symlinked files on make clean.
-
+++ /dev/null
-thisconfigdir=./..
-BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U)
-CFLAGS = $(CCOPTS) $(DEFS)
-
-##DOS##BUILDTOP = ..\..\..
-##DOS##PREFIXDIR=os
-##DOS##OBJFILE=..\os.lst
-##WIN16##LIBNAME=..\crypto.lib
-
-STLIBOBJS = rnd_confoun.o c_localaddr.o c_ustime.o @LIBOBJS@
-
-COBJS= rnd_confoun.$(OBJEXT) c_localaddr.$(OBJEXT) c_ustime.$(OBJEXT)
-OBJS= $(COBJS) $(LIBOBJS)
-
-SRCS= $(srcdir)/rnd_confoun.c $(srcdir)/c_localaddr.c $(srcdir)/c_ustime.c
-
-##DOS##LIBOBJS = $(COBJS)
-
-all-unix:: all-libobjs
-
-memmove.c: $(SRCTOP)$(S)lib$(S)krb5$(S)posix$(S)memmove.c
- -$(LN) $(SRCTOP)$(S)lib$(S)krb5$(S)posix$(S)memmove.c $@
-
-memmove.o: memmove.c
-
-clean-unix:: clean-libobjs
-clean::
- $(RM) memmove.c
+++ /dev/null
-/*
- * lib/crypto/os/c_localaddr.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * Return the protocol addresses supported by this host.
- *
- * XNS support is untested, but "Should just work".
- */
-
-
-#define NEED_SOCKETS
-#include "k5-int.h"
-
-#if !defined(HAVE_MACSOCK_H) && !defined(_MSDOS) && !defined(_WIN32)
-
-/* needed for solaris, harmless elsewhere... */
-#define BSD_COMP
-#include <sys/ioctl.h>
-#include <sys/time.h>
-#include <errno.h>
-
-/*
- * The SIOCGIF* ioctls require a socket.
- * It doesn't matter *what* kind of socket they use, but it has to be
- * a socket.
- *
- * Of course, you can't just ask the kernel for a socket of arbitrary
- * type; you have to ask for one with a valid type.
- *
- */
-#ifdef HAVE_NETINET_IN_H
-
-#include <netinet/in.h>
-
-#ifndef USE_AF
-#define USE_AF AF_INET
-#define USE_TYPE SOCK_DGRAM
-#define USE_PROTO 0
-#endif
-
-#endif
-
-#ifdef KRB5_USE_NS
-
-#include <netns/ns.h>
-
-#ifndef USE_AF
-#define USE_AF AF_NS
-#define USE_TYPE SOCK_DGRAM
-#define USE_PROTO 0 /* guess */
-#endif
-
-#endif
-/*
- * Add more address families here.
- */
-
-/*
- * BSD 4.4 defines the size of an ifreq to be
- * max(sizeof(ifreq), sizeof(ifreq.ifr_name)+ifreq.ifr_addr.sa_len
- * However, under earlier systems, sa_len isn't present, so the size is
- * just sizeof(struct ifreq)
- */
-#ifdef HAVE_SA_LEN
-#ifndef max
-#define max(a,b) ((a) > (b) ? (a) : (b))
-#endif
-#define ifreq_size(i) max(sizeof(struct ifreq),\
- sizeof((i).ifr_name)+(i).ifr_addr.sa_len)
-#else
-#define ifreq_size(i) sizeof(struct ifreq)
-#endif /* HAVE_SA_LEN*/
-
-
-
-extern int errno;
-
-/*
- * Return all the protocol addresses of this host.
- *
- * We could kludge up something to return all addresses, assuming that
- * they're valid kerberos protocol addresses, but we wouldn't know the
- * real size of the sockaddr or know which part of it was actually the
- * host part.
- *
- * This uses the SIOCGIFCONF, SIOCGIFFLAGS, and SIOCGIFADDR ioctl's.
- */
-
-krb5_error_code
-krb5_crypto_os_localaddr(addr)
- krb5_address ***addr;
-{
- struct ifreq *ifr, ifreq;
- struct ifconf ifc;
- int s, code, n, i;
- char buf[1024];
- krb5_address *addr_temp [ 1024/sizeof(struct ifreq) ];
- int n_found;
- int mem_err = 0;
-
- memset(buf, 0, sizeof(buf));
- ifc.ifc_len = sizeof(buf);
- ifc.ifc_buf = buf;
-
- s = socket (USE_AF, USE_TYPE, USE_PROTO);
- if (s < 0)
- return errno;
-
- code = ioctl (s, SIOCGIFCONF, (char *)&ifc);
- if (code < 0) {
- int retval = errno;
- closesocket (s);
- return retval;
- }
- n = ifc.ifc_len;
-
-n_found = 0;
- for (i = 0; i < n; i+= ifreq_size(*ifr) ) {
- krb5_address *address;
- ifr = (struct ifreq *)((caddr_t) ifc.ifc_buf+i);
-
- strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name));
- if (ioctl (s, SIOCGIFFLAGS, (char *)&ifreq) < 0)
- continue;
-
-#ifdef IFF_LOOPBACK
- if (ifreq.ifr_flags & IFF_LOOPBACK)
- continue;
-#endif
-
- if (!(ifreq.ifr_flags & IFF_UP))
- /* interface is down; skip */
- continue;
-
- /* ifr->ifr_addr has what we want! */
- switch (ifr->ifr_addr.sa_family) {
-#ifdef HAVE_NETINET_IN_H
- case AF_INET:
- {
- struct sockaddr_in *in =
- (struct sockaddr_in *)&ifr->ifr_addr;
-
- address = (krb5_address *)
- malloc (sizeof(krb5_address));
- if (address) {
- address->magic = KV5M_ADDRESS;
- address->addrtype = ADDRTYPE_INET;
- address->length = sizeof(struct in_addr);
- address->contents = (unsigned char *)malloc(address->length);
- if (!address->contents) {
- krb5_xfree(address);
- address = 0;
- mem_err++;
- } else {
- memcpy ((char *)address->contents,
- (char *)&in->sin_addr,
- address->length);
- break;
- }
- } else mem_err++;
- }
-#endif
-#ifdef KRB5_USE_NS
- case AF_XNS:
- {
- struct sockaddr_ns *ns =
- (struct sockaddr_ns *)&ifr->ifr_addr;
- address = (krb5_address *)
- malloc (sizeof (krb5_address) + sizeof (struct ns_addr));
- if (address) {
- address->magic = KV5M_ADDRESS;
- address->addrtype = ADDRTYPE_XNS;
-
- /* XXX should we perhaps use ns_host instead? */
-
- address->length = sizeof(struct ns_addr);
- address->contents = (unsigned char *)malloc(address->length);
- if (!address->contents) {
- krb5_xfree(address);
- address = 0;
- mem_err++;
- } else {
- memcpy ((char *)address->contents,
- (char *)&ns->sns_addr,
- address->length);
- break;
- }
- } else mem_err++;
- break;
- }
-#endif
- /*
- * Add more address families here..
- */
- default:
- continue;
- }
- if (address)
- addr_temp[n_found++] = address;
- address = 0;
- }
- closesocket(s);
-
- *addr = (krb5_address **)malloc (sizeof (krb5_address *) * (n_found+1));
- if (*addr == 0)
- mem_err++;
-
- if (mem_err) {
- for (i=0; i<n_found; i++) {
- krb5_xfree(addr_temp[i]);
- addr_temp[i] = 0;
- }
- return ENOMEM;
- }
-
- for (i=0; i<n_found; i++) {
- (*addr)[i] = addr_temp[i];
- }
- (*addr)[n_found] = 0;
- return 0;
-}
-
-#else /* Windows/Mac version */
-
-/*
- * Hold on to your lunch! Backup kludge method of obtaining your
- * local IP address, courtesy of Windows Socket Network Programming,
- * by Robert Quinn
- */
-#if defined(_MSDOS) || defined(_WIN32)
-static struct hostent *local_addr_fallback_kludge()
-{
- static struct hostent host;
- static SOCKADDR_IN addr;
- static char * ip_ptrs[2];
- SOCKET sock;
- int size = sizeof(SOCKADDR);
- int err;
-
- sock = socket(AF_INET, SOCK_DGRAM, 0);
- if (sock == INVALID_SOCKET)
- return NULL;
-
- /* connect to arbitrary port and address (NOT loopback) */
- addr.sin_family = AF_INET;
- addr.sin_port = htons(IPPORT_ECHO);
- addr.sin_addr.s_addr = inet_addr("204.137.220.51");
-
- err = connect(sock, (LPSOCKADDR) &addr, sizeof(SOCKADDR));
- if (err == SOCKET_ERROR)
- return NULL;
-
- err = getsockname(sock, (LPSOCKADDR) &addr, (int FAR *) size);
- if (err == SOCKET_ERROR)
- return NULL;
-
- closesocket(sock);
-
- host.h_name = 0;
- host.h_aliases = 0;
- host.h_addrtype = AF_INET;
- host.h_length = 4;
- host.h_addr_list = ip_ptrs;
- ip_ptrs[0] = (char *) &addr.sin_addr.s_addr;
- ip_ptrs[1] = NULL;
-
- return &host;
-}
-#endif
-
-/* No ioctls in winsock so we just assume there is only one networking
- * card per machine, so gethostent is good enough.
- */
-krb5_error_code
-krb5_crypto_os_localaddr (krb5_address ***addr) {
- char host[64]; /* Name of local machine */
- struct hostent *hostrec;
- int err;
-
- *addr = calloc (2, sizeof (krb5_address *));
- if (*addr == NULL)
- return ENOMEM;
-
-#ifdef HAVE_MACSOCK_H
- hostrec = getmyipaddr();
-#else /* HAVE_MACSOCK_H */
- err = 0;
-
- if (gethostname (host, sizeof(host))) {
- err = WSAGetLastError();
- }
-
- if (!err) {
- hostrec = gethostbyname (host);
- if (hostrec == NULL) {
- err = WSAGetLastError();
- }
- }
-
- if (err) {
- hostrec = local_addr_fallback_kludge();
- if (!hostrec)
- return err;
- }
-#endif /* HAVE_MACSOCK_H */
-
- (*addr)[0] = calloc (1, sizeof(krb5_address));
- if ((*addr)[0] == NULL) {
- free (*addr);
- return ENOMEM;
- }
- (*addr)[0]->magic = KV5M_ADDRESS;
- (*addr)[0]->addrtype = hostrec->h_addrtype;
- (*addr)[0]->length = hostrec->h_length;
- (*addr)[0]->contents = (unsigned char *)malloc((*addr)[0]->length);
- if (!(*addr)[0]->contents) {
- free((*addr)[0]);
- free(*addr);
- return ENOMEM;
- } else {
- memcpy ((*addr)[0]->contents,
- hostrec->h_addr,
- (*addr)[0]->length);
- }
- /* FIXME, deal with the case where gethostent returns multiple addrs */
-
- return(0);
-}
-#endif
+++ /dev/null
-/*
- * lib/crypto/os/c_ustime.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb5_mstimeofday for BSD 4.3
- */
-
-#define NEED_SOCKETS
-#include "k5-int.h"
-
-#ifdef macintosh
-
-/* We're a Macintosh -- do Mac time things. */
-
-/*
- * This code is derived from kerberos/src/lib/des/mac_time.c from
- * the Cygnus Support release of Kerberos V4:
- *
- * mac_time.c
- * (Originally time_stuff.c)
- * Copyright 1989 by the Massachusetts Institute of Technology.
- * Macintosh ooperating system interface for Kerberos.
- */
-
-#include "AddressXlation.h" /* for ip_addr, for #if 0'd net-time stuff */
-
-#include <script.h> /* Defines MachineLocation, used by getTimeZoneOffset */
-#include <ToolUtils.h> /* Defines BitTst(), called by getTimeZoneOffset() */
-#include <OSUtils.h> /* Defines GetDateTime */
-
-/* Mac Cincludes */
-#include <string.h>
-#include <stddef.h>
-
-static krb5_int32 last_sec = 0, last_usec = 0;
-
-/*
- * The Unix epoch is 1/1/70, the Mac epoch is 1/1/04.
- *
- * 70 - 4 = 66 year differential
- *
- * Thus the offset is:
- *
- * (66 yrs) * (365 days/yr) * (24 hours/day) * (60 mins/hour) * (60 secs/min)
- * plus
- * (17 leap days) * (24 hours/day) * (60 mins/hour) * (60 secs/min)
- *
- * Don't forget the offset from GMT.
- */
-
-/* returns the offset in hours between the mac local time and the GMT */
-/* unsigned krb5_int32 */
-krb5_int32
-getTimeZoneOffset()
-{
- MachineLocation macLocation;
- long gmtDelta;
-
- macLocation.u.gmtDelta=0L;
- ReadLocation(&macLocation);
- gmtDelta=macLocation.u.gmtDelta & 0x00FFFFFF;
- if (BitTst((void *)&gmtDelta,23L))
- gmtDelta |= 0xFF000000;
- gmtDelta /= 3600L;
- return(gmtDelta);
-}
-
-/* Returns the GMT in seconds (and fake microseconds) using the Unix epoch */
-
-krb5_error_code
-krb5_crypto_us_timeofday(seconds, microseconds)
- krb5_int32 *seconds, *microseconds;
-{
- krb5_int32 sec, usec;
- time_t the_time;
-
- GetDateTime (&the_time);
-
- sec = the_time -
- ((66 * 365 * 24 * 60 * 60) + (17 * 24 * 60 * 60) +
- (getTimeZoneOffset() * 60 * 60));
-
- usec = 0; /* Mac is too slow to count faster than once a second */
-
- if ((sec == last_sec) && (usec == last_usec)) {
- if (++last_usec >= 1000000) {
- last_usec = 0;
- last_sec++;
- }
- sec = last_sec;
- usec = last_usec;
- }
- else {
- last_sec = sec;
- last_usec = usec;
- }
-
- *seconds = sec;
- *microseconds = usec;
-
- return 0;
-}
-
-
-#elif defined(_WIN32)
-
- /* Microsoft Windows NT and 95 (32bit) */
- /* This one works for WOW (Windows on Windows, ntvdm on Win-NT) */
-
-#include <time.h>
-#include <sys/timeb.h>
-#include <string.h>
-
-krb5_error_code
-krb5_crypto_us_timeofday(seconds, microseconds)
-register krb5_int32 *seconds, *microseconds;
-{
- struct _timeb timeptr;
- krb5_int32 sec, usec;
- static krb5_int32 last_sec = 0;
- static krb5_int32 last_usec = 0;
-
- _ftime(&timeptr); /* Get the current time */
- sec = timeptr.time;
- usec = timeptr.millitm * 1000;
-
- if ((sec == last_sec) && (usec <= last_usec)) { /* Same as last time??? */
- usec = ++last_usec;
- if (usec >= 1000000) {
- ++sec;
- usec = 0;
- }
- }
- last_sec = sec; /* Remember for next time */
- last_usec = usec;
-
- *seconds = sec; /* Return the values */
- *microseconds = usec;
-
- return 0;
-}
-
-#elif defined (_MSDOS)
-
-
-/*
- * Originally written by John Gilmore, Cygnus Support, May '94.
- * Public Domain.
- */
-
-#include <time.h>
-#include <sys/timeb.h>
-#include <dos.h>
-#include <string.h>
-
-/*
- * Time handling. Translate Unix time calls into Kerberos internal
- * procedure calls.
- *
- * Due to the fact that DOS time can be unreliable we have reverted
- * to using the AT hardware clock and converting it to Unix time.
- */
-
-static time_t win_gettime ();
-static long win_time_get_epoch(); /* Adjust for MSC 7.00 bug */
-
-krb5_error_code
-krb5_crypto_us_timeofday(seconds, microseconds)
-register krb5_int32 *seconds, *microseconds;
-{
- krb5_int32 sec, usec;
- static krb5_int32 last_sec = 0;
- static krb5_int32 last_usec = 0;
-
- sec = win_gettime (); /* Get the current time */
- usec = 0; /* Can't do microseconds */
-
- if (sec == last_sec) { /* Same as last time??? */
- usec = ++last_usec; /* Yep, so do microseconds */
- if (usec >= 1000000) {
- ++sec;
- usec = 0;
- }
- }
- last_sec = sec; /* Remember for next time */
- last_usec = usec;
-
- *seconds = sec; /* Return the values */
- *microseconds = usec;
-
- return 0;
-}
-
-
-static time_t
-win_gettime () {
- struct tm tm;
- union _REGS inregs; /* For calling BIOS */
- union _REGS outregs;
- struct _timeb now;
- time_t time;
- long convert; /* MSC 7.00 bug work around */
-
- _ftime(&now); /* Daylight savings time */
-
- /* Get time from AT hardware clock INT 0x1A, AH=2 */
- memset(&inregs, 0, sizeof(inregs));
- inregs.h.ah = 2;
- _int86(0x1a, &inregs, &outregs);
-
- /* 0x13 = decimal 13, hence the decoding below */
- tm.tm_sec = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F);
- tm.tm_min = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F);
- tm.tm_hour = 10 * ((outregs.h.ch & 0xF0) >> 4) + (outregs.h.ch & 0x0F);
-
- /* Get date from AT hardware clock INT 0x1A, AH=4 */
- memset(&inregs, 0, sizeof(inregs));
- inregs.h.ah = 4;
- _int86(0x1a, &inregs, &outregs);
-
- tm.tm_mday = 10 * ((outregs.h.dl & 0xF0) >> 4) + (outregs.h.dl & 0x0F);
- tm.tm_mon = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F) - 1;
- tm.tm_year = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F);
- tm.tm_year += 100 * ((10 * (outregs.h.ch & 0xF0) >> 4)
- + (outregs.h.ch & 0x0F) - 19);
-
- tm.tm_wday = 0;
- tm.tm_yday = 0;
- tm.tm_isdst = now.dstflag;
-
- time = mktime(&tm);
-
- convert = win_time_get_epoch();
- return time + convert;
-
-}
-
-
-/*
- * This routine figures out the current time epoch and returns the
- * conversion factor. It exists because
- * Microloss screwed the pooch on the time() and _ftime() calls in
- * its release 7.0 libraries. They changed the epoch to Dec 31, 1899!
- * Idiots... We try to cope.
- */
-
-static struct tm jan_1_70 = {0, 0, 0, 1, 0, 70};
-static long epoch = 0;
-static int epoch_set = 0;
-
-long
-win_time_get_epoch()
-{
-
- if (!epoch_set) {
- epoch = 0 - mktime (&jan_1_70); /* Seconds til 1970 localtime */
- epoch += _timezone; /* Seconds til 1970 GMT */
- epoch_set = 1;
- }
- return epoch;
-}
-
-
-#else
-
-
-/* We're a Unix machine -- do Unix time things. */
-
-extern int errno;
-
-static struct timeval last_tv = {0, 0};
-
-krb5_error_code
-krb5_crypto_us_timeofday(seconds, microseconds)
- register krb5_int32 *seconds, *microseconds;
-{
- struct timeval tv;
-
- if (gettimeofday(&tv, (struct timezone *)0) == -1) {
- /* failed, return errno */
- return (krb5_error_code) errno;
- }
- if ((tv.tv_sec == last_tv.tv_sec) && (tv.tv_usec == last_tv.tv_usec)) {
- if (++last_tv.tv_usec >= 1000000) {
- last_tv.tv_usec = 0;
- last_tv.tv_sec++;
- }
- tv = last_tv;
- } else
- last_tv = tv;
-
- *seconds = tv.tv_sec;
- *microseconds = tv.tv_usec;
- return 0;
-}
-
-#endif
+++ /dev/null
-/*
- * lib/crypto/os/rnd_confoun.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb5_random_confounder()
- */
-
-#include "k5-int.h"
-
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <time.h>
-#endif
-#else
-#include <time.h>
-#endif
-
-#ifdef HAVE_SRAND48
-#define SRAND srand48
-#define RAND lrand48
-#define RAND_TYPE long
-#endif
-
-#if !defined(RAND_TYPE) && defined(HAVE_SRAND)
-#define SRAND srand
-#define RAND rand
-#define RAND_TYPE int
-#endif
-
-#if !defined(RAND_TYPE) && defined(HAVE_SRANDOM)
-#define SRAND srandom
-#define RAND random
-#define RAND_TYPE long
-#endif
-
-#if !defined(RAND_TYPE)
-You need a random number generator!
-#endif
-
-/*
- * Generate a random confounder
- */
-KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
-krb5_random_confounder(size, fillin)
-size_t size;
-krb5_pointer fillin;
-{
- static int seeded = 0;
- register krb5_octet *real_fill;
- RAND_TYPE rval;
-
- if (!seeded) {
- /* time() defined in 4.12.2.4, but returns a time_t, which is an
- "arithmetic type" (4.12.1) */
- rval = (RAND_TYPE) time(0);
- SRAND(rval);
-#ifdef HAVE_GETPID
- rval = RAND();
- rval ^= getpid();
- SRAND(rval);
-#endif
- seeded = 1;
- }
-
- real_fill = (krb5_octet *)fillin;
- while (size > 0) {
- rval = RAND();
- *real_fill = rval & 0xff;
- real_fill++;
- size--;
- if (size) {
- *real_fill = (rval >> 8) & 0xff;
- real_fill++;
- size--;
- }
- }
- return 0;
-}
+++ /dev/null
-# Sanitize.in for Kerberos V5
-
-# Each directory to survive it's way into a release will need a file
-# like this one called "./.Sanitize". All keyword lines must exist,
-# and must exist in the order specified by this file. Each directory
-# in the tree will be processed, top down, in the following order.
-
-# Hash started lines like this one are comments and will be deleted
-# before anything else is done. Blank lines will also be squashed
-# out.
-
-# The lines between the "Do-first:" line and the "Things-to-keep:"
-# line are executed as a /bin/sh shell script before anything else is
-# done in this
-
-Do-first:
-
-# All files listed between the "Things-to-keep:" line and the
-# "Files-to-sed:" line will be kept. All other files will be removed.
-# Directories listed in this section will have their own Sanitize
-# called. Directories not listed will be removed in their entirety
-# with rm -rf.
-
-Things-to-keep:
-
-.cvsignore
-ChangeLog
-Makefile.in
-configure
-configure.in
-sha_crypto.c
-sha_glue.c
-shs.c
-shs.h
-hmac_sha.c
-t_shs.c
-
-Things-to-lose:
-
-Do-last:
-
-# End of file.
+++ /dev/null
-Wed Feb 18 16:09:05 1998 Tom Yu <tlyu@mit.edu>
-
- * Makefile.in: Remove trailing slash from thisconfigdir. Fix up
- BUILDTOP for new conventions.
-
-Fri Feb 13 15:20:54 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in (thisconfigdir), configure.in: Point the
- configuration directory at our parent, and remove our
- local configure.in
-
-Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile
-
-Tue Oct 28 16:37:18 1997 Tom Yu <tlyu@voltage-multiplier.mit.edu>
-
- * shs.c, sha_glue.c, hmac_sha.c: Fix to deal with LONG wider than
- 32 bits.
-
- * t_shs.c: Print out the actual and expected values on error.
-
-Sat Feb 22 18:52:09 1997 Richard Basch <basch@lehman.com>
-
- * Makefile.in: Use some of the new library list build rules in
- win-post.in
-
-Thu Jan 30 21:31:39 1997 Richard Basch <basch@lehman.com>
-
- * sha_crypto.c sha_glue.c:
- Declare the functions to take const args where possible
- Remove extra includes
-
- * sha_crypto.c: Function prototypes did not match function names.
-
-Thu Nov 21 00:58:04 EST 1996 Richard Basch <basch@lehman.com>
-
- * Makefile.in: Win32 build fixed
-
-Sun Dec 29 21:56:35 1996 Tom Yu <tlyu@mit.edu>
-
- * Makefile.in:
- * configure.in: Update to use new library build procedure.
-
-Wed Aug 28 17:40:53 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * shs.c: Only include sys/types.h if present.
-
- * configure.in: Check for sys/types.h
-
-Thu Jun 13 10:54:27 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * hmac_sha.c: Include string.h for memcpy prototype
-
-Sat Jun 8 07:44:35 1996 Ezra Peisach (epeisach@mit.edu)
-
- * shs.c (longReverse): Test for big vs little endian failed for
- little endian machines.
-
-Thu Jun 6 15:43:26 1996 Theodore Y. Ts'o <tytso@mit.edu>
-
- * shs.c (longReverse): Don't use htonl(); it doesn't exist under
- Windows. Instead do the test by casting a pointer to an
- integer to a char *.
-
-Mon May 20 17:15:32 1996 Theodore Y. Ts'o <tytso@mit.edu>
-
- * t_shs.c (main): Don't do timing tests; it takes too long!
-
-Tue May 14 17:09:36 1996 Richard Basch <basch@lehman.com>
-
- * .Sanitize: reflect current files
- * Makefile.in: added hmac-sha
- * hmac_sha.c: implement HMAC-SHA
- * sha_crypto.c: use hmac-sha
- * sha_glue.c: sanity check the passed in checksum length
- * shs.h: replaced sha-des3 with hmac-sha
-
-Fri May 10 11:19:53 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * shs.c (longReverse): Remove extraneous \.
- (expand): Start #define in first column.
-
-Fri May 10 01:19:18 1996 Richard Basch <basch@lehman.com>
-
- * Makefile.in configure.in t_shs.c sha_glue.c sha_crypto.c shs.c shs.h:
- Initial check-in of the functions to support the NIST FIPS 180
- SHA algorithm. Provide interfaces for cksum-sha, cksum-sha-des3.
- (enctype-des3-sha is also being defined)
+++ /dev/null
-thisconfigdir=./..
-BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U)
-CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/../des
-
-##DOS##BUILDTOP = ..\..\..
-##DOS##PREFIXDIR=sha
-##DOS##OBJFILE=..\sha.lst
-##WIN16##LIBNAME=..\crypto.lib
-
-STLIBOBJS=shs.o hmac_sha.o sha_crypto.o sha_glue.o
-
-OBJS= shs.$(OBJEXT) \
- hmac_sha.$(OBJEXT) \
- sha_crypto.$(OBJEXT) \
- sha_glue.$(OBJEXT)
-
-SRCS= $(srcdir)/shs.c \
- $(srcdir)/hmac_sha.c \
- $(srcdir)/sha_crypto.c \
- $(srcdir)/sha_glue.c
-
-
-##DOS##LIBOBJS = $(OBJS)
-
-
-all-unix:: all-libobjs
-
-t_shs: t_shs.o shs.o
- $(CC) $(CFLAGS) $(LDFLAGS) -o t_shs t_shs.o shs.o
-
-t_shs.exe:
- $(CC) $(CFLAGS2) -o t_shs.exe t_shs.c shs.c
-
-check-unix:: t_shs
- $(C)t_shs -x
-
-check-windows:: t_shs$(EXEEXT)
- $(C)t_shs$(EXEEXT) -x
-
-clean::
- $(RM) t_shs$(EXEEXT) t_shs.$(OBJEXT)
-
-clean-unix:: clean-libobjs
+++ /dev/null
-#include <string.h>
-#include "shs.h"
-
-#define PAD_SZ 64
-
-
-krb5_error_code
-hmac_sha(text, text_len, key, key_len, digest)
- krb5_octet * text; /* pointer to data stream */
- int text_len; /* length of data stream */
- krb5_octet * key; /* pointer to authentication key */
- int key_len; /* length of authentication key */
- krb5_octet * digest; /* caller digest to be filled in */
-{
- SHS_INFO context;
- krb5_octet k_ipad[PAD_SZ]; /* inner padding - key XORd with ipad */
- krb5_octet k_opad[PAD_SZ]; /* outer padding - key XORd with opad */
- int i;
- krb5_octet *cp;
- LONG *lp;
-
- /* sanity check parameters */
- if (!text || !key || !digest)
- /* most heinous, probably should log something */
- return EINVAL;
-
- /* if key is longer than 64 bytes reset it to key=SHA(key) */
- if (key_len > sizeof(k_ipad)) {
- shsInit(&context);
- shsUpdate(&context, key, key_len);
- shsFinal(&context);
-
- cp = digest;
- lp = context.digest;
- while (cp < digest + SHS_DIGESTSIZE) {
- *cp++ = (*lp >> 24) & 0xff;
- *cp++ = (*lp >> 16) & 0xff;
- *cp++ = (*lp >> 8) & 0xff;
- *cp++ = *lp++ & 0xff;
- }
- key = digest;
- key_len = SHS_DIGESTSIZE;
- }
-
- /*
- * the HMAC_SHA transform looks like:
- *
- * SHA(K XOR opad, SHA(K XOR ipad, text))
- *
- * where K is an n byte key
- * ipad is the byte 0x36 repeated 64 times
- * opad is the byte 0x5c repeated 64 times
- * and text is the data being protected
- */
-
- /* start out by storing key in pads */
- memset(k_ipad, 0x36, sizeof(k_ipad));
- memset(k_opad, 0x5c, sizeof(k_opad));
-
- /* XOR key with ipad and opad values */
- for (i = 0; i < key_len; i++) {
- k_ipad[i] ^= key[i];
- k_opad[i] ^= key[i];
- }
-
- /*
- * perform inner SHA
- */
- shsInit(&context);
- shsUpdate(&context, k_ipad, sizeof(k_ipad));
- shsUpdate(&context, text, text_len);
- shsFinal(&context);
-
- cp = digest;
- lp = context.digest;
- while (cp < digest + SHS_DIGESTSIZE) {
- *cp++ = (*lp >> 24) & 0xff;
- *cp++ = (*lp >> 16) & 0xff;
- *cp++ = (*lp >> 8) & 0xff;
- *cp++ = *lp++ & 0xff;
- }
-
- /*
- * perform outer SHA
- */
- shsInit(&context);
- shsUpdate(&context, k_opad, sizeof(k_opad));
- shsUpdate(&context, digest, SHS_DIGESTSIZE);
- shsFinal(&context);
-
- cp = digest;
- lp = context.digest;
- while (cp < digest + SHS_DIGESTSIZE) {
- *cp++ = (*lp >> 24) & 0xff;
- *cp++ = (*lp >> 16) & 0xff;
- *cp++ = (*lp >> 8) & 0xff;
- *cp++ = *lp++ & 0xff;
- }
-
- return 0;
-}
+++ /dev/null
-#include "shs.h"
-
-/* Windows needs to these prototypes for the assignment below */
-
-static krb5_error_code
-krb5_sha_crypto_sum_func
- PROTOTYPE((krb5_const krb5_pointer in,
- krb5_const size_t in_length,
- krb5_const krb5_pointer seed,
- krb5_const size_t seed_length,
- krb5_checksum FAR *outcksum));
-
-static krb5_error_code
-krb5_sha_crypto_verify_func
- PROTOTYPE((krb5_const krb5_checksum FAR *cksum,
- krb5_const krb5_pointer in,
- krb5_const size_t in_length,
- krb5_const krb5_pointer seed,
- krb5_const size_t seed_length));
-
-static krb5_error_code
-krb5_sha_crypto_sum_func(in, in_length, seed, seed_length, outcksum)
- krb5_const krb5_pointer in;
- krb5_const size_t in_length;
- krb5_const krb5_pointer seed;
- krb5_const size_t seed_length;
- krb5_checksum FAR *outcksum;
-{
- krb5_error_code retval;
-
- if (outcksum->length < HMAC_SHA_CKSUM_LENGTH)
- return KRB5_BAD_MSIZE;
-
- outcksum->checksum_type = CKSUMTYPE_HMAC_SHA;
- outcksum->length = HMAC_SHA_CKSUM_LENGTH;
-
- retval = hmac_sha(in, in_length, seed, seed_length, outcksum->contents);
- return retval;
-}
-
-static krb5_error_code
-krb5_sha_crypto_verify_func(cksum, in, in_length, seed, seed_length)
- krb5_const krb5_checksum FAR *cksum;
- krb5_const krb5_pointer in;
- krb5_const size_t in_length;
- krb5_const krb5_pointer seed;
- krb5_const size_t seed_length;
-{
- krb5_octet digest[HMAC_SHA_CKSUM_LENGTH];
- krb5_error_code retval;
-
- if (cksum->checksum_type != CKSUMTYPE_HMAC_SHA)
- return KRB5KRB_AP_ERR_INAPP_CKSUM;
- if (cksum->length != HMAC_SHA_CKSUM_LENGTH)
- return KRB5KRB_AP_ERR_BAD_INTEGRITY;
-
- retval = hmac_sha(in, in_length, seed, seed_length, digest);
- if (retval) goto cleanup;
-
- if (memcmp((char *)digest, (char *)cksum->contents, cksum->length))
- retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-
-cleanup:
- memset((char *)digest, 0, sizeof(digest));
- return retval;
-}
-
-krb5_checksum_entry hmac_sha_cksumtable_entry =
-{
- 0,
- krb5_sha_crypto_sum_func,
- krb5_sha_crypto_verify_func,
- HMAC_SHA_CKSUM_LENGTH,
- 1, /* is collision proof */
- 1, /* uses key */
-};
+++ /dev/null
-#include "shs.h"
-
-krb5_error_code
-krb5_sha_sum_func
- PROTOTYPE((krb5_const krb5_pointer in,
- krb5_const size_t in_length,
- krb5_const krb5_pointer seed,
- krb5_const size_t seed_length,
- krb5_checksum FAR *outcksum));
-
-krb5_error_code
-krb5_sha_verify_func
- PROTOTYPE((krb5_const krb5_checksum FAR *cksum,
- krb5_const krb5_pointer in,
- krb5_const size_t in_length,
- krb5_const krb5_pointer seed,
- krb5_const size_t seed_length));
-
-krb5_error_code
-krb5_sha_sum_func(in, in_length, seed, seed_length, outcksum)
- krb5_const krb5_pointer in;
- krb5_const size_t in_length;
- krb5_const krb5_pointer seed;
- krb5_const size_t seed_length;
- krb5_checksum FAR *outcksum;
-{
- krb5_octet *input = (krb5_octet *)in;
- krb5_octet *cp;
- LONG *lp;
- SHS_INFO working;
-
- if (outcksum->length < SHS_DIGESTSIZE)
- return KRB5_BAD_MSIZE;
-
- shsInit(&working);
- shsUpdate(&working, input, in_length);
- shsFinal(&working);
-
- outcksum->checksum_type = CKSUMTYPE_NIST_SHA;
- outcksum->length = SHS_DIGESTSIZE;
-
- cp = outcksum->contents;
- lp = working.digest;
- while (lp < working.digest + 16) {
- *cp++ = (*lp >> 24) & 0xff;
- *cp++ = (*lp >> 16) & 0xff;
- *cp++ = (*lp >> 8) & 0xff;
- *cp++ = (*lp++) & 0xff;
- }
- memset((char *)&working, 0, sizeof(working));
- return 0;
-}
-
-krb5_error_code
-krb5_sha_verify_func(cksum, in, in_length, seed, seed_length)
- krb5_const krb5_checksum FAR *cksum;
- krb5_const krb5_pointer in;
- krb5_const size_t in_length;
- krb5_const krb5_pointer seed;
- krb5_const size_t seed_length;
-{
- krb5_octet *input = (krb5_octet *)in;
- SHS_INFO working;
- krb5_error_code retval;
- int i;
- krb5_octet *cp;
-
- if (cksum->checksum_type != CKSUMTYPE_NIST_SHA)
- return KRB5KRB_AP_ERR_INAPP_CKSUM;
- if (cksum->length != SHS_DIGESTSIZE)
- return KRB5KRB_AP_ERR_BAD_INTEGRITY;
-
- shsInit(&working);
- shsUpdate(&working, input, in_length);
- shsFinal(&working);
-
- retval = 0;
- for (i = 0, cp = cksum->contents; i < 5; i++, cp += 4) {
- if (working.digest[i] !=
- (LONG) cp[0] << 24 | (LONG) cp[1] << 16 |
- (LONG) cp[2] << 8 | (LONG) cp[3]) {
- retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- break;
- }
- }
- memset((char *) &working, 0, sizeof(working));
- return retval;
-}
-
-krb5_checksum_entry nist_sha_cksumtable_entry = {
- 0,
- krb5_sha_sum_func,
- krb5_sha_verify_func,
- SHS_DIGESTSIZE,
- 1, /* is collision proof */
- 0, /* doesn't use key */
-};
+++ /dev/null
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <string.h>
-#include "shs.h"
-
-/* The SHS f()-functions. The f1 and f3 functions can be optimized to
- save one boolean operation each - thanks to Rich Schroeppel,
- rcs@cs.arizona.edu for discovering this */
-
-#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */
-#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */
-#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */
-#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */
-
-/* The SHS Mysterious Constants */
-
-#define K1 0x5A827999L /* Rounds 0-19 */
-#define K2 0x6ED9EBA1L /* Rounds 20-39 */
-#define K3 0x8F1BBCDCL /* Rounds 40-59 */
-#define K4 0xCA62C1D6L /* Rounds 60-79 */
-
-/* SHS initial values */
-
-#define h0init 0x67452301L
-#define h1init 0xEFCDAB89L
-#define h2init 0x98BADCFEL
-#define h3init 0x10325476L
-#define h4init 0xC3D2E1F0L
-
-/* Note that it may be necessary to add parentheses to these macros if they
- are to be called with expressions as arguments */
-
-/* 32-bit rotate left - kludged with shifts */
-
-#define ROTL(n,X) (((X) << (n)) & 0xffffffff | ((X) >> (32 - n)))
-
-/* The initial expanding function. The hash function is defined over an
- 80-word expanded input array W, where the first 16 are copies of the input
- data, and the remaining 64 are defined by
-
- W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
-
- This implementation generates these values on the fly in a circular
- buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
- optimization.
-
- The updated SHS changes the expanding function by adding a rotate of 1
- bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
- for this information */
-
-#ifdef NEW_SHS
-#define expand(W,i) ( W[ i & 15 ] = ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
- W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )))
-#else
-#define expand(W,i) ( W[ i & 15 ] ^= W[ (i - 14) & 15 ] ^ \
- W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )
-#endif /* NEW_SHS */
-
-/* The prototype SHS sub-round. The fundamental sub-round is:
-
- a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
- b' = a;
- c' = ROTL( 30, b );
- d' = c;
- e' = d;
-
- but this is implemented by unrolling the loop 5 times and renaming the
- variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
- This code is then replicated 20 times for each of the 4 functions, using
- the next 20 values from the W[] array each time */
-
-#define subRound(a, b, c, d, e, f, k, data) \
- ( e += ROTL( 5, a ) + f( b, c, d ) + k + data, \
- e &= 0xffffffff, b = ROTL( 30, b ) )
-
-/* Initialize the SHS values */
-
-void shsInit(shsInfo)
- SHS_INFO *shsInfo;
-{
- /* Set the h-vars to their initial values */
- shsInfo->digest[ 0 ] = h0init;
- shsInfo->digest[ 1 ] = h1init;
- shsInfo->digest[ 2 ] = h2init;
- shsInfo->digest[ 3 ] = h3init;
- shsInfo->digest[ 4 ] = h4init;
-
- /* Initialise bit count */
- shsInfo->countLo = shsInfo->countHi = 0;
-}
-
-/* Perform the SHS transformation. Note that this code, like MD5, seems to
- break some optimizing compilers due to the complexity of the expressions
- and the size of the basic block. It may be necessary to split it into
- sections, e.g. based on the four subrounds
-
- Note that this corrupts the shsInfo->data area */
-
-static void SHSTransform KRB5_PROTOTYPE((LONG *digest, LONG *data));
-
-static
-void SHSTransform(digest, data)
- LONG *digest;
- LONG *data;
-{
- LONG A, B, C, D, E; /* Local vars */
- LONG eData[ 16 ]; /* Expanded data */
-
- /* Set up first buffer and local data buffer */
- A = digest[ 0 ];
- B = digest[ 1 ];
- C = digest[ 2 ];
- D = digest[ 3 ];
- E = digest[ 4 ];
- memcpy(eData, data, sizeof (eData));
-
- /* Heavy mangling, in 4 sub-rounds of 20 interations each. */
- subRound( A, B, C, D, E, f1, K1, eData[ 0 ] );
- subRound( E, A, B, C, D, f1, K1, eData[ 1 ] );
- subRound( D, E, A, B, C, f1, K1, eData[ 2 ] );
- subRound( C, D, E, A, B, f1, K1, eData[ 3 ] );
- subRound( B, C, D, E, A, f1, K1, eData[ 4 ] );
- subRound( A, B, C, D, E, f1, K1, eData[ 5 ] );
- subRound( E, A, B, C, D, f1, K1, eData[ 6 ] );
- subRound( D, E, A, B, C, f1, K1, eData[ 7 ] );
- subRound( C, D, E, A, B, f1, K1, eData[ 8 ] );
- subRound( B, C, D, E, A, f1, K1, eData[ 9 ] );
- subRound( A, B, C, D, E, f1, K1, eData[ 10 ] );
- subRound( E, A, B, C, D, f1, K1, eData[ 11 ] );
- subRound( D, E, A, B, C, f1, K1, eData[ 12 ] );
- subRound( C, D, E, A, B, f1, K1, eData[ 13 ] );
- subRound( B, C, D, E, A, f1, K1, eData[ 14 ] );
- subRound( A, B, C, D, E, f1, K1, eData[ 15 ] );
- subRound( E, A, B, C, D, f1, K1, expand( eData, 16 ) );
- subRound( D, E, A, B, C, f1, K1, expand( eData, 17 ) );
- subRound( C, D, E, A, B, f1, K1, expand( eData, 18 ) );
- subRound( B, C, D, E, A, f1, K1, expand( eData, 19 ) );
-
- subRound( A, B, C, D, E, f2, K2, expand( eData, 20 ) );
- subRound( E, A, B, C, D, f2, K2, expand( eData, 21 ) );
- subRound( D, E, A, B, C, f2, K2, expand( eData, 22 ) );
- subRound( C, D, E, A, B, f2, K2, expand( eData, 23 ) );
- subRound( B, C, D, E, A, f2, K2, expand( eData, 24 ) );
- subRound( A, B, C, D, E, f2, K2, expand( eData, 25 ) );
- subRound( E, A, B, C, D, f2, K2, expand( eData, 26 ) );
- subRound( D, E, A, B, C, f2, K2, expand( eData, 27 ) );
- subRound( C, D, E, A, B, f2, K2, expand( eData, 28 ) );
- subRound( B, C, D, E, A, f2, K2, expand( eData, 29 ) );
- subRound( A, B, C, D, E, f2, K2, expand( eData, 30 ) );
- subRound( E, A, B, C, D, f2, K2, expand( eData, 31 ) );
- subRound( D, E, A, B, C, f2, K2, expand( eData, 32 ) );
- subRound( C, D, E, A, B, f2, K2, expand( eData, 33 ) );
- subRound( B, C, D, E, A, f2, K2, expand( eData, 34 ) );
- subRound( A, B, C, D, E, f2, K2, expand( eData, 35 ) );
- subRound( E, A, B, C, D, f2, K2, expand( eData, 36 ) );
- subRound( D, E, A, B, C, f2, K2, expand( eData, 37 ) );
- subRound( C, D, E, A, B, f2, K2, expand( eData, 38 ) );
- subRound( B, C, D, E, A, f2, K2, expand( eData, 39 ) );
-
- subRound( A, B, C, D, E, f3, K3, expand( eData, 40 ) );
- subRound( E, A, B, C, D, f3, K3, expand( eData, 41 ) );
- subRound( D, E, A, B, C, f3, K3, expand( eData, 42 ) );
- subRound( C, D, E, A, B, f3, K3, expand( eData, 43 ) );
- subRound( B, C, D, E, A, f3, K3, expand( eData, 44 ) );
- subRound( A, B, C, D, E, f3, K3, expand( eData, 45 ) );
- subRound( E, A, B, C, D, f3, K3, expand( eData, 46 ) );
- subRound( D, E, A, B, C, f3, K3, expand( eData, 47 ) );
- subRound( C, D, E, A, B, f3, K3, expand( eData, 48 ) );
- subRound( B, C, D, E, A, f3, K3, expand( eData, 49 ) );
- subRound( A, B, C, D, E, f3, K3, expand( eData, 50 ) );
- subRound( E, A, B, C, D, f3, K3, expand( eData, 51 ) );
- subRound( D, E, A, B, C, f3, K3, expand( eData, 52 ) );
- subRound( C, D, E, A, B, f3, K3, expand( eData, 53 ) );
- subRound( B, C, D, E, A, f3, K3, expand( eData, 54 ) );
- subRound( A, B, C, D, E, f3, K3, expand( eData, 55 ) );
- subRound( E, A, B, C, D, f3, K3, expand( eData, 56 ) );
- subRound( D, E, A, B, C, f3, K3, expand( eData, 57 ) );
- subRound( C, D, E, A, B, f3, K3, expand( eData, 58 ) );
- subRound( B, C, D, E, A, f3, K3, expand( eData, 59 ) );
-
- subRound( A, B, C, D, E, f4, K4, expand( eData, 60 ) );
- subRound( E, A, B, C, D, f4, K4, expand( eData, 61 ) );
- subRound( D, E, A, B, C, f4, K4, expand( eData, 62 ) );
- subRound( C, D, E, A, B, f4, K4, expand( eData, 63 ) );
- subRound( B, C, D, E, A, f4, K4, expand( eData, 64 ) );
- subRound( A, B, C, D, E, f4, K4, expand( eData, 65 ) );
- subRound( E, A, B, C, D, f4, K4, expand( eData, 66 ) );
- subRound( D, E, A, B, C, f4, K4, expand( eData, 67 ) );
- subRound( C, D, E, A, B, f4, K4, expand( eData, 68 ) );
- subRound( B, C, D, E, A, f4, K4, expand( eData, 69 ) );
- subRound( A, B, C, D, E, f4, K4, expand( eData, 70 ) );
- subRound( E, A, B, C, D, f4, K4, expand( eData, 71 ) );
- subRound( D, E, A, B, C, f4, K4, expand( eData, 72 ) );
- subRound( C, D, E, A, B, f4, K4, expand( eData, 73 ) );
- subRound( B, C, D, E, A, f4, K4, expand( eData, 74 ) );
- subRound( A, B, C, D, E, f4, K4, expand( eData, 75 ) );
- subRound( E, A, B, C, D, f4, K4, expand( eData, 76 ) );
- subRound( D, E, A, B, C, f4, K4, expand( eData, 77 ) );
- subRound( C, D, E, A, B, f4, K4, expand( eData, 78 ) );
- subRound( B, C, D, E, A, f4, K4, expand( eData, 79 ) );
-
- /* Build message digest */
- digest[ 0 ] += A;
- digest[ 0 ] &= 0xffffffff;
- digest[ 1 ] += B;
- digest[ 1 ] &= 0xffffffff;
- digest[ 2 ] += C;
- digest[ 2 ] &= 0xffffffff;
- digest[ 3 ] += D;
- digest[ 3 ] &= 0xffffffff;
- digest[ 4 ] += E;
- digest[ 4 ] &= 0xffffffff;
-}
-
-/* When run on a little-endian CPU we need to perform byte reversal on an
- array of longwords. It is possible to make the code endianness-
- independant by fiddling around with data at the byte level, but this
- makes for very slow code, so we rely on the user to sort out endianness
- at compile time */
-
-void longReverse( LONG *buffer, int byteCount )
-{
- LONG value;
- static int init = 0;
- char *cp;
-
- switch (init) {
- case 0:
- init=1;
- cp = (char *) &init;
- if (*cp == 1) {
- init=2;
- break;
- }
- init=1;
- /* fall through - MSB */
- case 1:
- return;
- }
-
- byteCount /= sizeof( LONG );
- while( byteCount-- ) {
- value = *buffer;
- value = ( ( value & 0xFF00FF00L ) >> 8 ) |
- ( ( value & 0x00FF00FFL ) << 8 );
- *buffer++ = ( value << 16 ) | ( value >> 16 );
- }
-}
-
-/* Update SHS for a block of data */
-
-void shsUpdate(shsInfo, buffer, count)
- SHS_INFO *shsInfo;
- BYTE *buffer;
- int count;
-{
- LONG tmp;
- int dataCount, canfill;
- LONG *lp;
-
- /* Update bitcount */
- tmp = shsInfo->countLo;
- shsInfo->countLo = tmp + (((LONG) count) << 3 );
- if ((shsInfo->countLo &= 0xffffffff) < tmp)
- shsInfo->countHi++; /* Carry from low to high */
- shsInfo->countHi += count >> 29;
-
- /* Get count of bytes already in data */
- dataCount = (int) (tmp >> 3) & 0x3F;
-
- /* Handle any leading odd-sized chunks */
- if (dataCount) {
- lp = shsInfo->data + dataCount / 4;
- canfill = (count >= dataCount);
- dataCount = SHS_DATASIZE - dataCount;
-
- if (dataCount % 4) {
- /* Fill out a full 32 bit word first if needed -- this
- is not very efficient (computed shift amount),
- but it shouldn't happen often. */
- while (dataCount % 4 && count > 0) {
- *lp |= (LONG) *buffer++ << ((3 - dataCount++ % 4) * 8);
- count--;
- }
- lp++;
- }
- while (lp < shsInfo->data + 16) {
- *lp = (LONG) *buffer++ << 24;
- *lp |= (LONG) *buffer++ << 16;
- *lp |= (LONG) *buffer++ << 8;
- *lp++ |= (LONG) *buffer++;
- if ((count -= 4) < 4 && lp < shsInfo->data + 16) {
- *lp = 0;
- switch (count % 4) {
- case 3:
- *lp |= (LONG) buffer[2] << 8;
- case 2:
- *lp |= (LONG) buffer[1] << 16;
- case 1:
- *lp |= (LONG) buffer[0] << 24;
- }
- break;
- count = 0;
- }
- }
- if (canfill) {
- SHSTransform(shsInfo->digest, shsInfo->data);
- }
- }
-
- /* Process data in SHS_DATASIZE chunks */
- while (count >= SHS_DATASIZE) {
- lp = shsInfo->data;
- while (lp < shsInfo->data + 16) {
- *lp = ((LONG) *buffer++) << 24;
- *lp |= ((LONG) *buffer++) << 16;
- *lp |= ((LONG) *buffer++) << 8;
- *lp++ |= (LONG) *buffer++;
- }
- SHSTransform(shsInfo->digest, shsInfo->data);
- count -= SHS_DATASIZE;
- }
-
- if (count > 0) {
- lp = shsInfo->data;
- while (count > 4) {
- *lp = ((LONG) *buffer++) << 24;
- *lp |= ((LONG) *buffer++) << 16;
- *lp |= ((LONG) *buffer++) << 8;
- *lp++ |= (LONG) *buffer++;
- count -= 4;
- }
- *lp = 0;
- switch (count % 4) {
- case 0:
- *lp |= ((LONG) buffer[3]);
- case 3:
- *lp |= ((LONG) buffer[2]) << 8;
- case 2:
- *lp |= ((LONG) buffer[1]) << 16;
- case 1:
- *lp |= ((LONG) buffer[0]) << 24;
- }
- }
-}
-
-/* Final wrapup - pad to SHS_DATASIZE-byte boundary with the bit pattern
- 1 0* (64-bit count of bits processed, MSB-first) */
-
-void shsFinal(shsInfo)
- SHS_INFO *shsInfo;
-{
- int count;
- LONG *lp;
- BYTE *dataPtr;
-
- /* Compute number of bytes mod 64 */
- count = (int) shsInfo->countLo;
- count = (count >> 3) & 0x3F;
-
- /* Set the first char of padding to 0x80. This is safe since there is
- always at least one byte free */
- lp = shsInfo->data + count / 4;
- switch (count % 4) {
- case 3:
- *lp++ |= (LONG) 0x80;
- break;
- case 2:
- *lp++ |= (LONG) 0x80 << 8;
- break;
- case 1:
- *lp++ |= (LONG) 0x80 << 16;
- break;
- case 0:
- *lp++ = (LONG) 0x80 << 24;
- }
-
- if (lp > shsInfo->data + 14) {
- /* Pad out to 64 bytes if not enough room for length words */
- *lp = 0;
- SHSTransform(shsInfo->digest, shsInfo->data);
- lp = shsInfo->data;
- }
- /* Pad out to 56 bytes */
- while (lp < shsInfo->data + 14)
- *lp++ = 0;
- /* Append length in bits and transform */
- *lp++ = shsInfo->countHi;
- *lp++ = shsInfo->countLo;
- SHSTransform(shsInfo->digest, shsInfo->data);
-}
+++ /dev/null
-#ifndef _SHS_DEFINED
-
-#include <k5-int.h>
-
-#define _SHS_DEFINED
-
-/* Some useful types */
-
-typedef krb5_octet BYTE;
-
-/* Old DOS/Windows compilers are case-insensitive */
-#if !defined(_MSDOS) && !defined(_WIN32)
-typedef krb5_ui_4 LONG;
-#endif
-
-
-/* Define the following to use the updated SHS implementation */
-#define NEW_SHS /**/
-
-/* The SHS block size and message digest sizes, in bytes */
-
-#define SHS_DATASIZE 64
-#define SHS_DIGESTSIZE 20
-
-/* The structure for storing SHS info */
-
-typedef struct {
- LONG digest[ 5 ]; /* Message digest */
- LONG countLo, countHi; /* 64-bit bit count */
- LONG data[ 16 ]; /* SHS data buffer */
- } SHS_INFO;
-
-/* Message digest functions (shs.c) */
-void shsInit
- KRB5_PROTOTYPE((SHS_INFO *shsInfo));
-void shsUpdate
- KRB5_PROTOTYPE((SHS_INFO *shsInfo, BYTE *buffer, int count));
-void shsFinal
- KRB5_PROTOTYPE((SHS_INFO *shsInfo));
-
-
-/* Keyed Message digest functions (hmac_sha.c) */
-krb5_error_code hmac_sha
- KRB5_PROTOTYPE((krb5_octet *text,
- int text_len,
- krb5_octet *key,
- int key_len,
- krb5_octet *digest));
-
-
-#define NIST_SHA_CKSUM_LENGTH SHS_DIGESTSIZE
-#define HMAC_SHA_CKSUM_LENGTH SHS_DIGESTSIZE
-
-
-extern krb5_checksum_entry
- nist_sha_cksumtable_entry,
- hmac_sha_cksumtable_entry;
-
-#endif /* _SHS_DEFINED */
+++ /dev/null
-/****************************************************************************
-* *
-* SHS Test Code *
-* *
-****************************************************************************/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include "shs.h"
-
-/* Test the SHS implementation */
-
-#ifdef NEW_SHS
-
-static LONG shsTestResults[][ 5 ] = {
- { 0xA9993E36L, 0x4706816AL, 0xBA3E2571L, 0x7850C26CL, 0x9CD0D89DL, },
- { 0x84983E44L, 0x1C3BD26EL, 0xBAAE4AA1L, 0xF95129E5L, 0xE54670F1L, },
- { 0x34AA973CL, 0xD4C4DAA4L, 0xF61EEB2BL, 0xDBAD2731L, 0x6534016FL, }
- };
-
-#else
-
-static LONG shsTestResults[][ 5 ] = {
- { 0x0164B8A9L, 0x14CD2A5EL, 0x74C4F7FFL, 0x082C4D97L, 0xF1EDF880L },
- { 0xD2516EE1L, 0xACFA5BAFL, 0x33DFC1C4L, 0x71E43844L, 0x9EF134C8L },
- { 0x3232AFFAL, 0x48628A26L, 0x653B5AAAL, 0x44541FD9L, 0x0D690603L }
- };
-#endif /* NEW_SHS */
-
-static int compareSHSresults(shsInfo, shsTestLevel)
-SHS_INFO *shsInfo;
-int shsTestLevel;
-{
- int i, fail = 0;
-
- /* Compare the returned digest and required values */
- for( i = 0; i < 5; i++ )
- if( shsInfo->digest[ i ] != shsTestResults[ shsTestLevel ][ i ] )
- fail = 1;
- if (fail) {
- printf("\nExpected: ");
- for (i = 0; i < 5; i++) {
- printf("%8.8lx ", shsTestResults[shsTestLevel][i]);
- }
- printf("\nGot: ");
- for (i = 0; i < 5; i++) {
- printf("%8.8lx ", shsInfo->digest[i]);
- }
- printf("\n");
- return( -1 );
- }
- return( 0 );
-}
-
-main()
-{
- SHS_INFO shsInfo;
- unsigned int i;
- time_t secondCount;
- BYTE data[ 200 ];
-
- /* Make sure we've got the endianness set right. If the machine is
- big-endian (up to 64 bits) the following value will be signed,
- otherwise it will be unsigned. Unfortunately we can't test for odd
- things like middle-endianness without knowing the size of the data
- types */
-
- /* Test SHS against values given in SHS standards document */
- printf( "Running SHS test 1 ... " );
- shsInit( &shsInfo );
- shsUpdate( &shsInfo, ( BYTE * ) "abc", 3 );
- shsFinal( &shsInfo );
- if( compareSHSresults( &shsInfo, 0 ) == -1 )
- {
- putchar( '\n' );
- puts( "SHS test 1 failed" );
- exit( -1 );
- }
-#ifdef NEW_SHS
- puts( "passed, result= A9993E364706816ABA3E25717850C26C9CD0D89D" );
-#else
- puts( "passed, result= 0164B8A914CD2A5E74C4F7FF082C4D97F1EDF880" );
-#endif /* NEW_SHS */
-
- printf( "Running SHS test 2 ... " );
- shsInit( &shsInfo );
- shsUpdate( &shsInfo, ( BYTE * ) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56 );
- shsFinal( &shsInfo );
- if( compareSHSresults( &shsInfo, 1 ) == -1 )
- {
- putchar( '\n' );
- puts( "SHS test 2 failed" );
- exit( -1 );
- }
-#ifdef NEW_SHS
- puts( "passed, result= 84983E441C3BD26EBAAE4AA1F95129E5E54670F1" );
-#else
- puts( "passed, result= D2516EE1ACFA5BAF33DFC1C471E438449EF134C8" );
-#endif /* NEW_SHS */
-
- printf( "Running SHS test 3 ... " );
- shsInit( &shsInfo );
- for( i = 0; i < 15625; i++ )
- shsUpdate( &shsInfo, ( BYTE * ) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 64 );
- shsFinal( &shsInfo );
- if( compareSHSresults( &shsInfo, 2 ) == -1 )
- {
- putchar( '\n' );
- puts( "SHS test 3 failed" );
- exit( -1 );
- }
-#ifdef NEW_SHS
- puts( "passed, result= 34AA973CD4C4DAA4F61EEB2BDBAD27316534016F" );
-#else
- puts( "passed, result= 3232AFFA48628A26653B5AAA44541FD90D690603" );
-#endif /* NEW_SHS */
-
-#if 0
- printf( "\nTesting speed for 100MB data... " );
- shsInit( &shsInfo );
- secondCount = time( NULL );
- for( i = 0; i < 500000U; i++ )
- shsUpdate( &shsInfo, data, 200 );
- secondCount = time( NULL ) - secondCount;
- printf( "done. Time = %ld seconds, %ld kbytes/second.\n", \
- secondCount, 100500L / secondCount );
-#endif
-
- puts( "\nAll SHS tests passed" );
- exit( 0 );
-}