krb5 commit: Consolidate libk5crypto OpenSSL hash providers

Greg Hudson ghudson at mit.edu
Mon Oct 3 16:02:40 EDT 2016


https://github.com/krb5/krb5/commit/54ba48419a86f1c73b4e6e11e5f2f839c16497c7
commit 54ba48419a86f1c73b4e6e11e5f2f839c16497c7
Author: Greg Hudson <ghudson at mit.edu>
Date:   Sat Dec 5 17:20:26 2015 -0500

    Consolidate libk5crypto OpenSSL hash providers
    
    In the libk5crypto OpenSSL back end, combine all of the hash providers
    which use the OpenSSL EVP interface into a single file to reduce code
    duplication.

 src/lib/crypto/openssl/hash_provider/Makefile.in |   12 +--
 src/lib/crypto/openssl/hash_provider/deps        |   28 +------
 src/lib/crypto/openssl/hash_provider/hash_evp.c  |   92 ++++++++++++++++++++++
 src/lib/crypto/openssl/hash_provider/hash_md4.c  |   61 --------------
 src/lib/crypto/openssl/hash_provider/hash_md5.c  |   61 --------------
 src/lib/crypto/openssl/hash_provider/hash_sha1.c |   62 ---------------
 6 files changed, 97 insertions(+), 219 deletions(-)

diff --git a/src/lib/crypto/openssl/hash_provider/Makefile.in b/src/lib/crypto/openssl/hash_provider/Makefile.in
index 993c9c3..7762e20 100644
--- a/src/lib/crypto/openssl/hash_provider/Makefile.in
+++ b/src/lib/crypto/openssl/hash_provider/Makefile.in
@@ -4,19 +4,13 @@ LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/..
 
 STLIBOBJS= \
 	hash_crc32.o 	\
-	hash_md4.o 	\
-	hash_md5.o 	\
-	hash_sha1.o
+	hash_evp.o
 
 OBJS=   $(OUTPRE)hash_crc32.$(OBJEXT) 	\
-	$(OUTPRE)hash_md4.$(OBJEXT) 	\
-	$(OUTPRE)hash_md5.$(OBJEXT) 	\
-	$(OUTPRE)hash_sha1.$(OBJEXT)
+	$(OUTPRE)hash_evp.$(OBJEXT)
 
 SRCS=	$(srcdir)/hash_crc32.c	\
-	$(srcdir)/hash_md4.c 	\
-	$(srcdir)/hash_md5.c 	\
-	$(srcdir)/hash_sha1.c
+	$(srcdir)/hash_evp.c
 
 all-unix: all-libobjs
 
diff --git a/src/lib/crypto/openssl/hash_provider/deps b/src/lib/crypto/openssl/hash_provider/deps
index c181c0a..87dd020 100644
--- a/src/lib/crypto/openssl/hash_provider/deps
+++ b/src/lib/crypto/openssl/hash_provider/deps
@@ -13,7 +13,7 @@ hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \
   $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
   $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   hash_crc32.c
-hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \
+hash_evp.so hash_evp.po $(OUTPRE)hash_evp.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
   $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \
@@ -24,28 +24,4 @@ hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \
   $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
   $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
   $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
-  hash_md4.c
-hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \
-  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
-  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
-  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
-  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
-  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
-  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
-  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
-  hash_md5.c
-hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \
-  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
-  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
-  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
-  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
-  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
-  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
-  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
-  hash_sha1.c
+  hash_evp.c
diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c
new file mode 100644
index 0000000..0017ade
--- /dev/null
+++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c
@@ -0,0 +1,92 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/hash_provider/hash_evp.c - OpenSSL hash providers */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+#include <openssl/evp.h>
+
+static krb5_error_code
+hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
+         krb5_data *output)
+{
+    EVP_MD_CTX *ctx;
+    const krb5_data *d;
+    size_t i;
+    int ok;
+
+    if (output->length != (unsigned int)EVP_MD_size(type))
+        return KRB5_CRYPTO_INTERNAL;
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+
+    ok = EVP_DigestInit_ex(ctx, type, NULL);
+    for (i = 0; i < num_data; i++) {
+        if (!SIGN_IOV(&data[i]))
+            continue;
+        d = &data[i].data;
+        ok = ok && EVP_DigestUpdate(ctx, d->data, d->length);
+    }
+    ok = ok && EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);
+    EVP_MD_CTX_free(ctx);
+    return ok ? 0 : ENOMEM;
+}
+
+static krb5_error_code
+hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    return hash_evp(EVP_md4(), data, num_data, output);
+}
+
+static krb5_error_code
+hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    return hash_evp(EVP_md5(), data, num_data, output);
+}
+
+static krb5_error_code
+hash_sha1(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    return hash_evp(EVP_sha1(), data, num_data, output);
+}
+
+const struct krb5_hash_provider krb5int_hash_md4 = {
+    "MD4", 16, 64, hash_md4
+};
+
+const struct krb5_hash_provider krb5int_hash_md5 = {
+    "MD5", 16, 64, hash_md5
+};
+
+const struct krb5_hash_provider krb5int_hash_sha1 = {
+    "SHA1", 20, 64, hash_sha1
+};
diff --git a/src/lib/crypto/openssl/hash_provider/hash_md4.c b/src/lib/crypto/openssl/hash_provider/hash_md4.c
deleted file mode 100644
index 37cf72f..0000000
--- a/src/lib/crypto/openssl/hash_provider/hash_md4.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "crypto_int.h"
-#include <openssl/evp.h>
-#include <openssl/md4.h>
-
-static krb5_error_code
-k5_md4_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
-{
-    EVP_MD_CTX *ctx;
-    unsigned int i;
-
-    if (output->length != MD4_DIGEST_LENGTH)
-        return KRB5_CRYPTO_INTERNAL;
-
-    ctx = EVP_MD_CTX_new();
-    if (ctx == NULL)
-        return ENOMEM;
-
-    EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
-    for (i = 0; i < num_data; i++) {
-        const krb5_data *d = &data[i].data;
-        if (SIGN_IOV(&data[i]))
-            EVP_DigestUpdate(ctx, (uint8_t *)d->data, d->length);
-    }
-    EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);
-    EVP_MD_CTX_free(ctx);
-    return 0;
-}
-
-const struct krb5_hash_provider krb5int_hash_md4 = {
-    "MD4",
-    MD4_DIGEST_LENGTH,
-    64,
-    k5_md4_hash
-};
diff --git a/src/lib/crypto/openssl/hash_provider/hash_md5.c b/src/lib/crypto/openssl/hash_provider/hash_md5.c
deleted file mode 100644
index 29e7c4b..0000000
--- a/src/lib/crypto/openssl/hash_provider/hash_md5.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "crypto_int.h"
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-
-static krb5_error_code
-k5_md5_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
-{
-    EVP_MD_CTX *ctx;
-    unsigned int i;
-
-    if (output->length != MD5_DIGEST_LENGTH)
-        return KRB5_CRYPTO_INTERNAL;
-
-    ctx = EVP_MD_CTX_new();
-    if (ctx == NULL)
-        return ENOMEM;
-
-    EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
-    for (i = 0; i < num_data; i++) {
-        const krb5_data *d = &data[i].data;
-        if (SIGN_IOV(&data[i]))
-            EVP_DigestUpdate(ctx, (uint8_t *)d->data, d->length);
-    }
-    EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);
-    EVP_MD_CTX_free(ctx);
-    return 0;
-}
-
-const struct krb5_hash_provider krb5int_hash_md5 = {
-    "MD5",
-    MD5_DIGEST_LENGTH,
-    64,
-    k5_md5_hash
-};
diff --git a/src/lib/crypto/openssl/hash_provider/hash_sha1.c b/src/lib/crypto/openssl/hash_provider/hash_sha1.c
deleted file mode 100644
index 99d1d2f..0000000
--- a/src/lib/crypto/openssl/hash_provider/hash_sha1.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/openssl/hash_provider/hash_sha1.c */
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "crypto_int.h"
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-
-static krb5_error_code
-k5_sha1_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
-{
-    EVP_MD_CTX *ctx;
-    unsigned int i;
-
-    if (output->length != SHA_DIGEST_LENGTH)
-        return KRB5_CRYPTO_INTERNAL;
-
-    ctx = EVP_MD_CTX_new();
-    if (ctx == NULL)
-        return ENOMEM;
-
-    EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
-    for (i = 0; i < num_data; i++) {
-        const krb5_data *d = &data[i].data;
-        if (SIGN_IOV(&data[i]))
-            EVP_DigestUpdate(ctx, (uint8_t *)d->data, d->length);
-    }
-    EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);
-    EVP_MD_CTX_free(ctx);
-    return 0;
-}
-
-const struct krb5_hash_provider krb5int_hash_sha1 = {
-    "SHA1",
-    SHA_DIGEST_LENGTH,
-    64,
-    k5_sha1_hash
-};


More information about the cvs-krb5 mailing list