Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/heimdal/dist port to openssl-1.1



details:   https://anonhg.NetBSD.org/src/rev/cfedfb51e401
branches:  trunk
changeset: 359247:cfedfb51e401
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Feb 05 16:00:52 2018 +0000

description:
port to openssl-1.1

diffstat:

 crypto/external/bsd/heimdal/dist/include/crypto-headers.h     |   10 +-
 crypto/external/bsd/heimdal/dist/kdc/digest.c                 |   27 +-
 crypto/external/bsd/heimdal/dist/kdc/kx509.c                  |   64 ++-
 crypto/external/bsd/heimdal/dist/kdc/pkinit.c                 |   34 +-
 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c    |  217 +++++++--
 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/get_mic.c    |   24 +-
 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/unwrap.c     |   40 +-
 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/verify_mic.c |   22 +-
 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/wrap.c       |   40 +-
 crypto/external/bsd/heimdal/dist/lib/gssapi/ntlm/crypto.c     |   26 +-
 crypto/external/bsd/heimdal/dist/lib/hx509/crypto.c           |  172 ++++++-
 crypto/external/bsd/heimdal/dist/lib/hx509/hxtool.c           |   24 +-
 crypto/external/bsd/heimdal/dist/lib/hx509/ks_file.c          |   22 +-
 crypto/external/bsd/heimdal/dist/lib/hx509/ks_p11.c           |   30 +-
 crypto/external/bsd/heimdal/dist/lib/kafs/rxkad_kdf.c         |   27 +-
 crypto/external/bsd/heimdal/dist/lib/krb5/crypto-aes-sha1.c   |   23 +-
 crypto/external/bsd/heimdal/dist/lib/krb5/crypto-arcfour.c    |   42 +-
 crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des-common.c |   24 +-
 crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des.c        |    6 +-
 crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des3.c       |   23 +-
 crypto/external/bsd/heimdal/dist/lib/krb5/crypto-evp.c        |   32 +-
 crypto/external/bsd/heimdal/dist/lib/krb5/crypto.h            |    6 +-
 crypto/external/bsd/heimdal/dist/lib/krb5/pkinit.c            |   46 +-
 crypto/external/bsd/heimdal/dist/lib/krb5/sp800-108-kdf.c     |   32 +-
 crypto/external/bsd/heimdal/dist/lib/ntlm/ntlm.c              |  154 ++++--
 25 files changed, 851 insertions(+), 316 deletions(-)

diffs (truncated from 2083 to 300 lines):

diff -r ff24b1abfc11 -r cfedfb51e401 crypto/external/bsd/heimdal/dist/include/crypto-headers.h
--- a/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Mon Feb 05 15:23:14 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Mon Feb 05 16:00:52 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: crypto-headers.h,v 1.2 2017/01/28 21:31:44 christos Exp $      */
+/*     $NetBSD: crypto-headers.h,v 1.3 2018/02/05 16:00:52 christos Exp $      */
 
 #ifndef __crypto_header__
 #define __crypto_header__
@@ -28,9 +28,11 @@
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
 #include <openssl/ecdh.h>
-#ifndef BN_is_negative
-#define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0)
-#define BN_is_negative(bn) ((bn)->neg != 0)
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+# ifndef BN_is_negative
+#  define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0)
+#  define BN_is_negative(bn) ((bn)->neg != 0)
+# endif
 #endif
 
 #else /* !HAVE_HCRYPTO_W_OPENSSL */
diff -r ff24b1abfc11 -r cfedfb51e401 crypto/external/bsd/heimdal/dist/kdc/digest.c
--- a/crypto/external/bsd/heimdal/dist/kdc/digest.c     Mon Feb 05 15:23:14 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/kdc/digest.c     Mon Feb 05 16:00:52 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: digest.c,v 1.2 2017/01/28 21:31:44 christos Exp $      */
+/*     $NetBSD: digest.c,v 1.3 2018/02/05 16:00:52 christos Exp $      */
 
 /*
  * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
@@ -377,8 +377,8 @@
     case choice_DigestReqInner_init: {
        unsigned char server_nonce[16], identifier;
 
-       RAND_pseudo_bytes(&identifier, sizeof(identifier));
-       RAND_pseudo_bytes(server_nonce, sizeof(server_nonce));
+       RAND_bytes(&identifier, sizeof(identifier));
+       RAND_bytes(server_nonce, sizeof(server_nonce));
 
        server_nonce[0] = kdc_time & 0xff;
        server_nonce[1] = (kdc_time >> 8) & 0xff;
@@ -1340,7 +1340,7 @@
 
        if (ireq.u.ntlmRequest.sessionkey) {
            unsigned char masterkey[MD4_DIGEST_LENGTH];
-           EVP_CIPHER_CTX rc4;
+           EVP_CIPHER_CTX *rc4;
            size_t len;
 
            if ((flags & NTLM_NEG_KEYEX) == 0) {
@@ -1361,13 +1361,22 @@
            }
 
 
-           EVP_CIPHER_CTX_init(&rc4);
-           EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1);
-           EVP_Cipher(&rc4,
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+           EVP_CIPHER_CTX rc4s;
+           rc4 = &rc4s;
+           EVP_CIPHER_CTX_init(rc4);
+#else
+           rc4 = EVP_CIPHER_CTX_new();
+#endif
+           EVP_CipherInit_ex(rc4, EVP_rc4(), NULL, sessionkey, NULL, 1);
+           EVP_Cipher(rc4,
                       masterkey, ireq.u.ntlmRequest.sessionkey->data,
                       sizeof(masterkey));
-           EVP_CIPHER_CTX_cleanup(&rc4);
-
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+           EVP_CIPHER_CTX_cleanup(rc4);
+#else
+           EVP_CIPHER_CTX_free(rc4);
+#endif
            r.u.ntlmResponse.sessionkey =
                malloc(sizeof(*r.u.ntlmResponse.sessionkey));
            if (r.u.ntlmResponse.sessionkey == NULL) {
diff -r ff24b1abfc11 -r cfedfb51e401 crypto/external/bsd/heimdal/dist/kdc/kx509.c
--- a/crypto/external/bsd/heimdal/dist/kdc/kx509.c      Mon Feb 05 15:23:14 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/kdc/kx509.c      Mon Feb 05 16:00:52 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kx509.c,v 1.2 2017/01/28 21:31:44 christos Exp $       */
+/*     $NetBSD: kx509.c,v 1.3 2018/02/05 16:00:52 christos Exp $       */
 
 /*
  * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
@@ -66,7 +66,7 @@
                krb5_keyblock *key)
 {
     unsigned char digest[SHA_DIGEST_LENGTH];
-    HMAC_CTX ctx;
+    HMAC_CTX *ctx;
 
     if (req->pk_hash.length != sizeof(digest)) {
        krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
@@ -75,16 +75,26 @@
        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
-    HMAC_CTX_init(&ctx);
-    HMAC_Init_ex(&ctx,
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+    HMAC_CTX ctxs;
+    ctx = &ctxs;
+    HMAC_CTX_init(ctx);
+#else
+    ctx = HMAC_CTX_new();
+#endif
+    HMAC_Init_ex(ctx,
                 key->keyvalue.data, key->keyvalue.length,
                 EVP_sha1(), NULL);
-    if (sizeof(digest) != HMAC_size(&ctx))
+    if (sizeof(digest) != HMAC_size(ctx))
        krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509");
-    HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
-    HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length);
-    HMAC_Final(&ctx, digest, 0);
-    HMAC_CTX_cleanup(&ctx);
+    HMAC_Update(ctx, version_2_0, sizeof(version_2_0));
+    HMAC_Update(ctx, req->pk_key.data, req->pk_key.length);
+    HMAC_Final(ctx, digest, 0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+    HMAC_CTX_cleanup(ctx);
+#else
+    HMAC_CTX_free(ctx);
+#endif
 
     if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {
        krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
@@ -100,35 +110,49 @@
                     Kx509Response *rep)
 {
     krb5_error_code ret;
-    HMAC_CTX ctx;
+    HMAC_CTX *ctx;
 
-    HMAC_CTX_init(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+    HMAC_CTX ctxs;
+    ctx = &ctxs;
+    HMAC_CTX_init(ctx);
+#else
+    ctx = HMAC_CTX_new();
+#endif
 
-    HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length,
+    HMAC_Init_ex(ctx, key->keyvalue.data, key->keyvalue.length,
                 EVP_sha1(), NULL);
-    ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx));
+    ret = krb5_data_alloc(rep->hash, HMAC_size(ctx));
     if (ret) {
-       HMAC_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+       HMAC_CTX_cleanup(ctx);
+#else
+       HMAC_CTX_free(ctx);
+#endif
        krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
        return ENOMEM;
     }
 
-    HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
+    HMAC_Update(ctx, version_2_0, sizeof(version_2_0));
     if (rep->error_code) {
        int32_t t = *rep->error_code;
        do {
            unsigned char p = (t & 0xff);
-           HMAC_Update(&ctx, &p, 1);
+           HMAC_Update(ctx, &p, 1);
            t >>= 8;
        } while (t);
     }
     if (rep->certificate)
-       HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length);
+       HMAC_Update(ctx, rep->certificate->data, rep->certificate->length);
     if (rep->e_text)
-       HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text));
+       HMAC_Update(ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text));
 
-    HMAC_Final(&ctx, rep->hash->data, 0);
-    HMAC_CTX_cleanup(&ctx);
+    HMAC_Final(ctx, rep->hash->data, 0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+    HMAC_CTX_cleanup(ctx);
+#else
+    HMAC_CTX_free(ctx);
+#endif
 
     return 0;
 }
diff -r ff24b1abfc11 -r cfedfb51e401 crypto/external/bsd/heimdal/dist/kdc/pkinit.c
--- a/crypto/external/bsd/heimdal/dist/kdc/pkinit.c     Mon Feb 05 15:23:14 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/kdc/pkinit.c     Mon Feb 05 16:00:52 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pkinit.c,v 1.2 2017/01/28 21:31:44 christos Exp $      */
+/*     $NetBSD: pkinit.c,v 1.3 2018/02/05 16:00:52 christos Exp $      */
 
 /*
  * Copyright (c) 2003 - 2016 Kungliga Tekniska Högskolan
@@ -346,19 +346,29 @@
        goto out;
     }
     ret = KRB5_BADMSGTYPE;
-    dh->p = integer_to_BN(context, "DH prime", &dhparam.p);
-    if (dh->p == NULL)
+    BIGNUM *p, *q, *g;
+    p = integer_to_BN(context, "DH prime", &dhparam.p);
+    if (p == NULL)
        goto out;
-    dh->g = integer_to_BN(context, "DH base", &dhparam.g);
-    if (dh->g == NULL)
+    g = integer_to_BN(context, "DH base", &dhparam.g);
+    if (g == NULL)
        goto out;
 
     if (dhparam.q) {
-       dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q);
-       if (dh->g == NULL)
+       q = integer_to_BN(context, "DH p-1 factor", dhparam.q);
+       if (q == NULL)
            goto out;
-    }
+    } else
+       q = NULL;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+    dh->p = p;
+    if (q)
+           dh->q = q;
+    dh->g = g;
+#else
+    DH_set0_pqg(dh, p, q, g);
+#endif
     {
        heim_integer glue;
        size_t size;
@@ -1022,7 +1032,13 @@
        DH *kdc_dh = cp->u.dh.key;
        heim_integer i;
 
-       ret = BN_to_integer(context, kdc_dh->pub_key, &i);
+       const BIGNUM *pub_key;
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+       pub_key = kdc_dh->pub_key;
+#else
+       DH_get0_key(kdc_dh, &pub_key, NULL);
+#endif
+       ret = BN_to_integer(context, __UNCONST(pub_key), &i);
        if (ret)
            return ret;
 
diff -r ff24b1abfc11 -r cfedfb51e401 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c
--- a/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c        Mon Feb 05 15:23:14 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c        Mon Feb 05 16:00:52 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: arcfour.c,v 1.2 2017/01/28 21:31:46 christos Exp $     */
+/*     $NetBSD: arcfour.c,v 1.3 2018/02/05 16:00:52 christos Exp $     */
 
 /*
  * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
@@ -239,7 +239,7 @@
     int32_t seq_number;
     size_t len, total_len;
     u_char k6_data[16], *p0, *p;
-    EVP_CIPHER_CTX rc4_key;
+    EVP_CIPHER_CTX *rc4_key;
 
     _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
 
@@ -301,10 +301,20 @@
 
     memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
 
-    EVP_CIPHER_CTX_init(&rc4_key);
-    EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
-    EVP_Cipher(&rc4_key, p, p, 8);
-    EVP_CIPHER_CTX_cleanup(&rc4_key);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+    EVP_CIPHER_CTX rc4_keys;
+    rc4_key = &rc4_keys;
+    EVP_CIPHER_CTX_init(rc4_key);
+#else
+    rc4_key = EVP_CIPHER_CTX_new();
+#endif
+    EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+    EVP_Cipher(rc4_key, p, p, 8);
+#if OPENSSL_VERSION_NUMBER < 0x10100000UL
+    EVP_CIPHER_CTX_cleanup(rc4_key);
+#else
+    EVP_CIPHER_CTX_free(rc4_key);
+#endif
 
     memset(k6_data, 0, sizeof(k6_data));
 
@@ -374,12 +384,22 @@
     }



Home | Main Index | Thread Index | Old Index