krb5 commit: Consolidate libk5crypto OpenSSL hash providers
Greg Hudson
ghudson at mit.edu
Mon Oct 3 16:02:40 EDT 2016
https://github.com/krb5/krb5/commit/54ba48419a86f1c73b4e6e11e5f2f839c16497c7
commit 54ba48419a86f1c73b4e6e11e5f2f839c16497c7
Author: Greg Hudson <ghudson at mit.edu>
Date: Sat Dec 5 17:20:26 2015 -0500
Consolidate libk5crypto OpenSSL hash providers
In the libk5crypto OpenSSL back end, combine all of the hash providers
which use the OpenSSL EVP interface into a single file to reduce code
duplication.
src/lib/crypto/openssl/hash_provider/Makefile.in | 12 +--
src/lib/crypto/openssl/hash_provider/deps | 28 +------
src/lib/crypto/openssl/hash_provider/hash_evp.c | 92 ++++++++++++++++++++++
src/lib/crypto/openssl/hash_provider/hash_md4.c | 61 --------------
src/lib/crypto/openssl/hash_provider/hash_md5.c | 61 --------------
src/lib/crypto/openssl/hash_provider/hash_sha1.c | 62 ---------------
6 files changed, 97 insertions(+), 219 deletions(-)
diff --git a/src/lib/crypto/openssl/hash_provider/Makefile.in b/src/lib/crypto/openssl/hash_provider/Makefile.in
index 993c9c3..7762e20 100644
--- a/src/lib/crypto/openssl/hash_provider/Makefile.in
+++ b/src/lib/crypto/openssl/hash_provider/Makefile.in
@@ -4,19 +4,13 @@ LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/..
STLIBOBJS= \
hash_crc32.o \
- hash_md4.o \
- hash_md5.o \
- hash_sha1.o
+ hash_evp.o
OBJS= $(OUTPRE)hash_crc32.$(OBJEXT) \
- $(OUTPRE)hash_md4.$(OBJEXT) \
- $(OUTPRE)hash_md5.$(OBJEXT) \
- $(OUTPRE)hash_sha1.$(OBJEXT)
+ $(OUTPRE)hash_evp.$(OBJEXT)
SRCS= $(srcdir)/hash_crc32.c \
- $(srcdir)/hash_md4.c \
- $(srcdir)/hash_md5.c \
- $(srcdir)/hash_sha1.c
+ $(srcdir)/hash_evp.c
all-unix: all-libobjs
diff --git a/src/lib/crypto/openssl/hash_provider/deps b/src/lib/crypto/openssl/hash_provider/deps
index c181c0a..87dd020 100644
--- a/src/lib/crypto/openssl/hash_provider/deps
+++ b/src/lib/crypto/openssl/hash_provider/deps
@@ -13,7 +13,7 @@ hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
hash_crc32.c
-hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \
+hash_evp.so hash_evp.po $(OUTPRE)hash_evp.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
$(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \
@@ -24,28 +24,4 @@ hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \
$(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- hash_md4.c
-hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- hash_md5.c
-hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \
- $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- hash_sha1.c
+ hash_evp.c
diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c
new file mode 100644
index 0000000..0017ade
--- /dev/null
+++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c
@@ -0,0 +1,92 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/hash_provider/hash_evp.c - OpenSSL hash providers */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+#include <openssl/evp.h>
+
+static krb5_error_code
+hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output)
+{
+ EVP_MD_CTX *ctx;
+ const krb5_data *d;
+ size_t i;
+ int ok;
+
+ if (output->length != (unsigned int)EVP_MD_size(type))
+ return KRB5_CRYPTO_INTERNAL;
+
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL)
+ return ENOMEM;
+
+ ok = EVP_DigestInit_ex(ctx, type, NULL);
+ for (i = 0; i < num_data; i++) {
+ if (!SIGN_IOV(&data[i]))
+ continue;
+ d = &data[i].data;
+ ok = ok && EVP_DigestUpdate(ctx, d->data, d->length);
+ }
+ ok = ok && EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);
+ EVP_MD_CTX_free(ctx);
+ return ok ? 0 : ENOMEM;
+}
+
+static krb5_error_code
+hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+ return hash_evp(EVP_md4(), data, num_data, output);
+}
+
+static krb5_error_code
+hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+ return hash_evp(EVP_md5(), data, num_data, output);
+}
+
+static krb5_error_code
+hash_sha1(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+ return hash_evp(EVP_sha1(), data, num_data, output);
+}
+
+const struct krb5_hash_provider krb5int_hash_md4 = {
+ "MD4", 16, 64, hash_md4
+};
+
+const struct krb5_hash_provider krb5int_hash_md5 = {
+ "MD5", 16, 64, hash_md5
+};
+
+const struct krb5_hash_provider krb5int_hash_sha1 = {
+ "SHA1", 20, 64, hash_sha1
+};
diff --git a/src/lib/crypto/openssl/hash_provider/hash_md4.c b/src/lib/crypto/openssl/hash_provider/hash_md4.c
deleted file mode 100644
index 37cf72f..0000000
--- a/src/lib/crypto/openssl/hash_provider/hash_md4.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. FundsXpress makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "crypto_int.h"
-#include <openssl/evp.h>
-#include <openssl/md4.h>
-
-static krb5_error_code
-k5_md4_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
-{
- EVP_MD_CTX *ctx;
- unsigned int i;
-
- if (output->length != MD4_DIGEST_LENGTH)
- return KRB5_CRYPTO_INTERNAL;
-
- ctx = EVP_MD_CTX_new();
- if (ctx == NULL)
- return ENOMEM;
-
- EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
- for (i = 0; i < num_data; i++) {
- const krb5_data *d = &data[i].data;
- if (SIGN_IOV(&data[i]))
- EVP_DigestUpdate(ctx, (uint8_t *)d->data, d->length);
- }
- EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);
- EVP_MD_CTX_free(ctx);
- return 0;
-}
-
-const struct krb5_hash_provider krb5int_hash_md4 = {
- "MD4",
- MD4_DIGEST_LENGTH,
- 64,
- k5_md4_hash
-};
diff --git a/src/lib/crypto/openssl/hash_provider/hash_md5.c b/src/lib/crypto/openssl/hash_provider/hash_md5.c
deleted file mode 100644
index 29e7c4b..0000000
--- a/src/lib/crypto/openssl/hash_provider/hash_md5.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. FundsXpress makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "crypto_int.h"
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-
-static krb5_error_code
-k5_md5_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
-{
- EVP_MD_CTX *ctx;
- unsigned int i;
-
- if (output->length != MD5_DIGEST_LENGTH)
- return KRB5_CRYPTO_INTERNAL;
-
- ctx = EVP_MD_CTX_new();
- if (ctx == NULL)
- return ENOMEM;
-
- EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
- for (i = 0; i < num_data; i++) {
- const krb5_data *d = &data[i].data;
- if (SIGN_IOV(&data[i]))
- EVP_DigestUpdate(ctx, (uint8_t *)d->data, d->length);
- }
- EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);
- EVP_MD_CTX_free(ctx);
- return 0;
-}
-
-const struct krb5_hash_provider krb5int_hash_md5 = {
- "MD5",
- MD5_DIGEST_LENGTH,
- 64,
- k5_md5_hash
-};
diff --git a/src/lib/crypto/openssl/hash_provider/hash_sha1.c b/src/lib/crypto/openssl/hash_provider/hash_sha1.c
deleted file mode 100644
index 99d1d2f..0000000
--- a/src/lib/crypto/openssl/hash_provider/hash_sha1.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/openssl/hash_provider/hash_sha1.c */
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. FundsXpress makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "crypto_int.h"
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-
-static krb5_error_code
-k5_sha1_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
-{
- EVP_MD_CTX *ctx;
- unsigned int i;
-
- if (output->length != SHA_DIGEST_LENGTH)
- return KRB5_CRYPTO_INTERNAL;
-
- ctx = EVP_MD_CTX_new();
- if (ctx == NULL)
- return ENOMEM;
-
- EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
- for (i = 0; i < num_data; i++) {
- const krb5_data *d = &data[i].data;
- if (SIGN_IOV(&data[i]))
- EVP_DigestUpdate(ctx, (uint8_t *)d->data, d->length);
- }
- EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);
- EVP_MD_CTX_free(ctx);
- return 0;
-}
-
-const struct krb5_hash_provider krb5int_hash_sha1 = {
- "SHA1",
- SHA_DIGEST_LENGTH,
- 64,
- k5_sha1_hash
-};
More information about the cvs-krb5
mailing list