switch to KRB5_ENCTYPE

lib/gssapi/krb5/arcfour.c

@@ -86,7 +86,7 @@ arcfour_mic_key(krb5_context context, krb5_keyblock *key,
     cksum_k5.checksum.data = k5_data;
     cksum_k5.checksum.length = sizeof(k5_data);
 
-    if (key->keytype == ENCTYPE_ARCFOUR_HMAC_MD5_56) {
+    if (key->keytype == KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56) {
 	char L40[14] = "fortybits";
 
 	memcpy(L40 + 10, T, sizeof(T));
@@ -100,7 +100,7 @@ arcfour_mic_key(krb5_context context, krb5_keyblock *key,
     if (ret)
 	return ret;
 
-    key5.keytype = ENCTYPE_ARCFOUR_HMAC_MD5;
+    key5.keytype = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5;
     key5.keyvalue = cksum_k5.checksum;
 
     cksum_k6.checksum.data = key6_data;

lib/gssapi/krb5/get_mic.c

@@ -285,7 +285,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic
   const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
   krb5_keyblock *key;
   OM_uint32 ret;
-  krb5_keytype keytype;
 
   GSSAPI_KRB5_INIT (&context);
 
@@ -300,10 +299,11 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
 
-  switch (keytype) {
-  case KEYTYPE_DES :
+  switch (key->keytype) {
+  case KRB5_ENCTYPE_DES_CBC_CRC :
+  case KRB5_ENCTYPE_DES_CBC_MD4 :
+  case KRB5_ENCTYPE_DES_CBC_MD5 :
 #ifdef HEIM_WEAK_CRYPTO
       ret = mic_des (minor_status, ctx, context, qop_req,
 		     message_buffer, message_token, key);
@@ -311,12 +311,13 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic
       ret = GSS_S_FAILURE;
 #endif
       break;
-  case KEYTYPE_DES3 :
+  case KRB5_ENCTYPE_DES3_CBC_MD5 :
+  case KRB5_ENCTYPE_DES3_CBC_SHA1 :
       ret = mic_des3 (minor_status, ctx, context, qop_req,
 		      message_buffer, message_token, key);
       break;
-  case KEYTYPE_ARCFOUR:
-  case KEYTYPE_ARCFOUR_56:
+  case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5:
+  case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56:
       ret = _gssapi_get_mic_arcfour (minor_status, ctx, context, qop_req,
 				     message_buffer, message_token, key);
       break;

lib/gssapi/krb5/test_cfx.c

@@ -148,7 +148,7 @@ main(int argc, char **argv)
 	errx(1, "krb5_context_init: %d", ret);
 
     ret = krb5_generate_random_keyblock(context,
-					ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+					KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
 					&keyblock);
     if (ret)
 	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");

lib/gssapi/krb5/unwrap.c

@@ -392,7 +392,6 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap
   krb5_keyblock *key;
   krb5_context context;
   OM_uint32 ret;
-  krb5_keytype keytype;
   gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
 
   output_message_buffer->value = NULL;
@@ -414,12 +413,13 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
 
   *minor_status = 0;
 
-  switch (keytype) {
-  case KEYTYPE_DES :
+  switch (key->keytype) {
+  case KRB5_ENCTYPE_DES_CBC_CRC :
+  case KRB5_ENCTYPE_DES_CBC_MD4 :
+  case KRB5_ENCTYPE_DES_CBC_MD5 :
 #ifdef HEIM_WEAK_CRYPTO
       ret = unwrap_des (minor_status, ctx,
 			input_message_buffer, output_message_buffer,
@@ -428,13 +428,14 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap
       ret = GSS_S_FAILURE;
 #endif
       break;
-  case KEYTYPE_DES3 :
+  case KRB5_ENCTYPE_DES3_CBC_MD5 :
+  case KRB5_ENCTYPE_DES3_CBC_SHA1 :
       ret = unwrap_des3 (minor_status, ctx, context,
 			 input_message_buffer, output_message_buffer,
 			 conf_state, qop_state, key);
       break;
-  case KEYTYPE_ARCFOUR:
-  case KEYTYPE_ARCFOUR_56:
+  case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5:
+  case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56:
       ret = _gssapi_unwrap_arcfour (minor_status, ctx, context,
 				    input_message_buffer, output_message_buffer,
 				    conf_state, qop_state, key);

lib/gssapi/krb5/verify_mic.c

@@ -281,7 +281,6 @@ _gsskrb5_verify_mic_internal
 {
     krb5_keyblock *key;
     OM_uint32 ret;
-    krb5_keytype keytype;
 
     if (ctx->more_flags & IS_CFX)
         return _gssapi_verify_mic_cfx (minor_status, ctx,
@@ -296,9 +295,11 @@ _gsskrb5_verify_mic_internal
 	return GSS_S_FAILURE;
     }
     *minor_status = 0;
-    krb5_enctype_to_keytype (context, key->keytype, &keytype);
-    switch (keytype) {
-    case KEYTYPE_DES :
+
+    switch (key->keytype) {
+    case KRB5_ENCTYPE_DES_CBC_CRC :
+    case KRB5_ENCTYPE_DES_CBC_MD4 :
+    case KRB5_ENCTYPE_DES_CBC_MD5 :
 #ifdef HEIM_WEAK_CRYPTO
 	ret = verify_mic_des (minor_status, ctx, context,
 			      message_buffer, token_buffer, qop_state, key,
@@ -307,13 +308,14 @@ _gsskrb5_verify_mic_internal
       ret = GSS_S_FAILURE;
 #endif
 	break;
-    case KEYTYPE_DES3 :
+    case KRB5_ENCTYPE_DES3_CBC_MD5 :
+    case KRB5_ENCTYPE_DES3_CBC_SHA1 :
 	ret = verify_mic_des3 (minor_status, ctx, context,
 			       message_buffer, token_buffer, qop_state, key,
 			       type);
 	break;
-    case KEYTYPE_ARCFOUR :
-    case KEYTYPE_ARCFOUR_56 :
+    case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5:
+    case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56:
 	ret = _gssapi_verify_mic_arcfour (minor_status, ctx,
 					  context,
 					  message_buffer, token_buffer,

lib/gssapi/krb5/wrap.c

@@ -147,7 +147,6 @@ _gsskrb5_wrap_size_limit (
   krb5_context context;
   krb5_keyblock *key;
   OM_uint32 ret;
-  krb5_keytype keytype;
   const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
 
   GSSAPI_KRB5_INIT (&context);
@@ -164,23 +163,25 @@ _gsskrb5_wrap_size_limit (
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
 
-  switch (keytype) {
-  case KEYTYPE_DES :
+  switch (key->keytype) {
+  case KRB5_ENCTYPE_DES_CBC_CRC :
+  case KRB5_ENCTYPE_DES_CBC_MD4 :
+  case KRB5_ENCTYPE_DES_CBC_MD5 :
 #ifdef HEIM_WEAK_CRYPTO
       ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
 #else
       ret = GSS_S_FAILURE;
 #endif
       break;
-  case ENCTYPE_ARCFOUR_HMAC_MD5:
-  case ENCTYPE_ARCFOUR_HMAC_MD5_56:
+  case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5:
+  case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56:
       ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context,
 				      conf_req_flag, qop_req,
 				      req_output_size, max_input_size, key);
       break;
-  case KEYTYPE_DES3 :
+  case KRB5_ENCTYPE_DES3_CBC_MD5 :
+  case KRB5_ENCTYPE_DES3_CBC_SHA1 :
       ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
       break;
   default :
@@ -558,10 +559,11 @@ _gsskrb5_wrap
       *minor_status = ret;
       return GSS_S_FAILURE;
   }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
 
-  switch (keytype) {
-  case KEYTYPE_DES :
+  switch (key->keytype) {
+  case KRB5_ENCTYPE_DES_CBC_CRC :
+  case KRB5_ENCTYPE_DES_CBC_MD4 :
+  case KRB5_ENCTYPE_DES_CBC_MD5 :
 #ifdef HEIM_WEAK_CRYPTO
       ret = wrap_des (minor_status, ctx, context, conf_req_flag,
 		      qop_req, input_message_buffer, conf_state,
@@ -570,13 +572,14 @@ _gsskrb5_wrap
       ret = GSS_S_FAILURE;
 #endif
       break;
-  case KEYTYPE_DES3 :
+  case KRB5_ENCTYPE_DES3_CBC_MD5 :
+  case KRB5_ENCTYPE_DES3_CBC_SHA1 :
       ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
 		       qop_req, input_message_buffer, conf_state,
 		       output_message_buffer, key);
       break;
-  case KEYTYPE_ARCFOUR:
-  case KEYTYPE_ARCFOUR_56:
+  case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5:
+  case KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56:
       ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag,
 				  qop_req, input_message_buffer, conf_state,
 				  output_message_buffer, key);

lib/krb5/aes-test.c

@@ -640,7 +640,7 @@ krb_enc_test(krb5_context context)
 static int
 iov_test(krb5_context context)
 {
-    krb5_enctype enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+    krb5_enctype enctype = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96;
     krb5_error_code ret;
     krb5_crypto crypto;
     krb5_keyblock key;

lib/krb5/auth_context.c

@@ -58,7 +58,7 @@ krb5_auth_con_init(krb5_context context,
     p->remote_address = NULL;
     p->local_port     = 0;
     p->remote_port    = 0;
-    p->keytype        = ENCTYPE_NULL;
+    p->keytype        = KRB5_ENCTYPE_NULL;
     p->cksumtype      = CKSUMTYPE_NONE;
     *auth_context     = p;
     return 0;

lib/krb5/crypto-aes.c

@@ -38,7 +38,7 @@
  */
 
 static struct _krb5_key_type keytype_aes128 = {
-    ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+    KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
     "aes-128",
     128,
     16,
@@ -52,7 +52,7 @@ static struct _krb5_key_type keytype_aes128 = {
 };
 
 static struct _krb5_key_type keytype_aes256 = {
-    ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
     "aes-256",
     256,
     32,

lib/krb5/crypto-arcfour.c

@@ -38,7 +38,7 @@
 #include "krb5_locl.h"
 
 static struct _krb5_key_type keytype_arcfour = {
-    ENCTYPE_ARCFOUR_HMAC_MD5,
+    KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
     "arcfour",
     128,
     16,

lib/krb5/crypto-null.c

@@ -38,7 +38,7 @@
 #endif
 
 static struct _krb5_key_type keytype_null = {
-    ENCTYPE_NULL,
+    KRB5_ENCTYPE_NULL,
     "null",
     0,
     0,

lib/krb5/crypto.c

@@ -1898,11 +1898,11 @@ _krb5_derive_key(krb5_context context,
 
     /* XXX keytype dependent post-processing */
     switch(kt->type) {
-    case ETYPE_OLD_DES3_CBC_SHA1:
+    case KRB5_ENCTYPE_OLD_DES3_CBC_SHA1:
 	_krb5_DES3_random_to_key(context, key->key, k, nblocks * et->blocksize);
 	break;
-    case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
-    case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
+    case KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96:
+    case KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96:
 	memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length);
 	break;
     default:

lib/krb5/deprecated.c

@@ -94,13 +94,13 @@ static struct {
     const char *name;
     krb5_keytype type;
 } keys[] = {
-    { "null", ENCTYPE_NULL },
-    { "des", ETYPE_DES_CBC_CRC },
-    { "des3", ETYPE_OLD_DES3_CBC_SHA1 },
-    { "aes-128", ETYPE_AES128_CTS_HMAC_SHA1_96 },
-    { "aes-256", ETYPE_AES256_CTS_HMAC_SHA1_96 },
-    { "arcfour", ETYPE_ARCFOUR_HMAC_MD5 },
-    { "arcfour-56", ETYPE_ARCFOUR_HMAC_MD5_56 }
+    { "null", KRB5_ENCTYPE_NULL },
+    { "des", KRB5_ENCTYPE_DES_CBC_CRC },
+    { "des3", KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 },
+    { "aes-128", KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 },
+    { "aes-256", KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 },
+    { "arcfour", KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 },
+    { "arcfour-56", KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56 }
 };
 
 static int num_keys = sizeof(keys) / sizeof(keys[0]);

lib/krb5/get_for_creds.c

@@ -407,7 +407,7 @@ krb5_get_forwarded_creds (krb5_context	    context,
      */
 
     if (auth_context->flags & KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED) {
-	cred.enc_part.etype = ENCTYPE_NULL;
+	cred.enc_part.etype = KRB5_ENCTYPE_NULL;
 	cred.enc_part.kvno = NULL;
 	cred.enc_part.cipher.data = buf;
 	cred.enc_part.cipher.length = buf_size;

lib/krb5/init_creds_pw.c

@@ -859,7 +859,7 @@ pa_pw_or_afs3_salt(krb5_context context,
 		   heim_octet_string *data)
 {
     krb5_error_code ret;
-    if (paid->etype == ENCTYPE_NULL)
+    if (paid->etype == KRB5_ENCTYPE_NULL)
 	return NULL;
     ret = set_paid(paid, context,
 		   paid->etype,
@@ -1204,7 +1204,7 @@ process_pa_data_to_md(krb5_context context,
 
 	paid = calloc(1, sizeof(*paid));
 
-	paid->etype = ENCTYPE_NULL;
+	paid->etype = KRB5_ENCTYPE_NULL;
 	ppaid = process_pa_info(context, creds->client, a, paid, in_md);
 
  	if (ppaid)

lib/krb5/keyblock.c

@@ -65,7 +65,7 @@ krb5_free_keyblock_contents(krb5_context context,
 	if (keyblock->keyvalue.data != NULL)
 	    memset(keyblock->keyvalue.data, 0, keyblock->keyvalue.length);
 	krb5_data_free (&keyblock->keyvalue);
-	keyblock->keytype = ENCTYPE_NULL;
+	keyblock->keytype = KRB5_ENCTYPE_NULL;
     }
 }
 

lib/krb5/krb5_auth_context.3

@@ -224,7 +224,7 @@ will force
 and
 .Fn krb5_fwd_tgt_creds
 to create unencrypted )
-.Dv ENCTYPE_NULL )
+.Dv KRB5_ENCTYPE_NULL )
 credentials.
 This is for use with old MIT server and JAVA based servers as
 they can't handle encrypted