From aad564d1c26d2bc7b8a3e591ef209a7af96190f6 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Wed, 22 Aug 2001 20:30:33 +0000 Subject: [PATCH] re-write the handling of crypto libraries. try to use the one of openssl's libcrypto or krb4's libdes that has all the required functionality (md4, md5, sha1, des, rc4). if there is no such library, the included lib/des is built. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10519 ec53bebd-3082-4978-b11e-865c3cabbd6b --- admin/ktutil_locl.h | 2 +- appl/ftp/ftp/ftp_locl.h | 4 +- appl/kx/common.c | 2 +- appl/otp/otp_locl.h | 4 +- appl/telnet/libtelnet/enc_des.c | 4 +- appl/telnet/libtelnet/encrypt.h | 2 +- appl/telnet/libtelnet/kerberos.c | 2 +- cf/crypto.m4 | 114 +++++++++++++++++++++++++++++++ configure.in | 44 +----------- kadmin/kadmin_locl.h | 2 +- kdc/headers.h | 4 +- kdc/kdc_locl.h | 2 +- kpasswd/kpasswd_locl.h | 4 +- lib/hdb/hdb_locl.h | 2 +- lib/krb5/Makefile.am | 2 +- lib/krb5/crypto.c | 2 +- lib/krb5/krb5_locl.h | 22 ++---- lib/otp/Makefile.am | 2 +- lib/otp/otp_md.c | 12 +--- 19 files changed, 143 insertions(+), 89 deletions(-) create mode 100644 cf/crypto.m4 diff --git a/admin/ktutil_locl.h b/admin/ktutil_locl.h index 61e0dc5a1..43021dbc1 100644 --- a/admin/ktutil_locl.h +++ b/admin/ktutil_locl.h @@ -54,7 +54,7 @@ #include #include -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include #else #include diff --git a/appl/ftp/ftp/ftp_locl.h b/appl/ftp/ftp/ftp_locl.h index 33f27457f..4c37d9c8b 100644 --- a/appl/ftp/ftp/ftp_locl.h +++ b/appl/ftp/ftp/ftp_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -131,7 +131,7 @@ struct hostent *gethostbyname(const char *); #include "security.h" /* des_read_pw_string */ -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include #else #include diff --git a/appl/kx/common.c b/appl/kx/common.c index eb8f84acf..d180a01bf 100644 --- a/appl/kx/common.c +++ b/appl/kx/common.c @@ -421,7 +421,7 @@ create_and_write_cookie (char *xauthfile, auth.name_length = strlen(auth.name); auth.data_length = cookie_sz; auth.data = (char*)cookie; -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL krb5_generate_random_block (cookie, cookie_sz); #else des_rand_data (cookie, cookie_sz); diff --git a/appl/otp/otp_locl.h b/appl/otp/otp_locl.h index 71176bb22..b6823a2f8 100644 --- a/appl/otp/otp_locl.h +++ b/appl/otp/otp_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -52,7 +52,7 @@ #endif #include #include -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include #else #include diff --git a/appl/telnet/libtelnet/enc_des.c b/appl/telnet/libtelnet/enc_des.c index 7bf21ea85..42de2e5ba 100644 --- a/appl/telnet/libtelnet/enc_des.c +++ b/appl/telnet/libtelnet/enc_des.c @@ -50,7 +50,7 @@ RCSID("$Id$"); #include "encrypt.h" #include "misc-proto.h" -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include #else #include @@ -408,7 +408,7 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp) fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); if (fbp->once == 0) { -#if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL_DES_H) +#if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL) des_init_random_number_generator(&fbp->krbdes_key); #endif fbp->once = 1; diff --git a/appl/telnet/libtelnet/encrypt.h b/appl/telnet/libtelnet/encrypt.h index 503448b9e..1b37cb582 100644 --- a/appl/telnet/libtelnet/encrypt.h +++ b/appl/telnet/libtelnet/encrypt.h @@ -90,7 +90,7 @@ typedef struct { #define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */ -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include #define des_new_random_key des_random_key #else diff --git a/appl/telnet/libtelnet/kerberos.c b/appl/telnet/libtelnet/kerberos.c index 6232d967f..f64c80cbb 100644 --- a/appl/telnet/libtelnet/kerberos.c +++ b/appl/telnet/libtelnet/kerberos.c @@ -220,7 +220,7 @@ kerberos4_send(char *name, Authenticator *ap) des_key_sched(&cred.session, sched); memcpy (&cred_session, &cred.session, sizeof(cred_session)); -#ifndef HAVE_OPENSSL_DES_H +#ifndef HAVE_OPENSSL des_init_random_number_generator(&cred.session); #endif des_new_random_key(&session_key); diff --git a/cf/crypto.m4 b/cf/crypto.m4 new file mode 100644 index 000000000..025a8325e --- /dev/null +++ b/cf/crypto.m4 @@ -0,0 +1,114 @@ +dnl $Id$ +dnl +dnl test for crypto libraries: +dnl - libcrypto (from openssl) +dnl - libdes (from krb4) +dnl - own-built libdes + +AC_DEFUN([KRB_CRYPTO],[ +crypto_lib=unknown +AC_ARG_WITH(openssl, +[ --with-openssl=dir if you want to use openssl's libcrypto in dir]) + +DIR_des= + +AC_MSG_CHECKING([for crypto library]) + +if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then + + save_CPPFLAGS="$CPPFLAGS" + save_LIBS="$LIBS" + INCLUDE_des= + LIB_des= + if test "$with_openssl" != ""; then + INCLUDE_des="-I${with_openssl}/include" + CPPFLAGS="${INCLUDE_des} ${CPPFLAGS}" + LIB_des="-L${with_openssl}/lib" + fi + LIB_des_a="$LIB_des" + LIB_des_so="$LIB_des" + LIB_des_appl="$LIB_des" + LIBS="${LIBS} ${LIB_des}" + AC_TRY_LINK([ + #include + #include + #include + #include + #include + ], + [ + MD4_CTX md4; + MD5_CTX md5; + SHA1_CTX sha1; + + MD4_Init(&md4); + MD5_Init(&md5); + SHA1_Init(&sha1); + + des_cbc_encrypt(NULL, NULL, 0, NULL, NULL, 0); + RC4(NULL, 0, NULL, NULL); + ], [ + crypto_lib=libcrypto + AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto]) + AC_MSG_RESULT([libcrypto])]) + CPPFLAGS="$save_CPPFLAGS" + LIBS="$save_LIBS" +fi + +if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then + + save_CPPFLAGS="$CPPFLAGS" + save_LIBS="$LIBS" + INCLUDE_des="${INCLUDE_krb4}" + LIB_des= + if test "$krb4_libdir"; then + LIB_des="-L${krb4_libdir}" + fi + CPPFLAGS="${CPPFLAGS} ${INCLUDE_des}" + LIBS="${LIBS} ${LIB_des}" + LIB_des_a="$LIB_des" + LIB_des_so="$LIB_des" + LIB_des_appl="$LIB_des" + LIBS="${LIBS} ${LIB_des}" + AC_TRY_LINK([ + #undef KRB5 /* makes md4.h et al unhappy */ + #define KRB4 + #include + #include + #include + #include + #include + ], + [ + MD4_CTX md4; + MD5_CTX md5; + SHA1_CTX sha1; + + MD4_Init(&md4); + MD5_Init(&md5); + SHA1_Init(&sha1); + + des_cbc_encrypt(NULL, NULL, 0, NULL, NULL, 0); + RC4(NULL, 0, NULL, NULL); + ], [crypto_lib=krb4; AC_MSG_RESULT([krb4's libdes])]) + +fi + +if test "$crypto_lib" = "unknown"; then + + DIR_des='des' + LIB_des='$(top_builddir)/lib/des/libdes.la' + LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a' + LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so' + LIB_des_appl="-ldes" + + AC_MSG_RESULT([included libdes]) + +fi + +AC_SUBST(DIR_des) +AC_SUBST(LIB_des) +AC_SUBST(LIB_des_a) +AC_SUBST(LIB_des_so) +AC_SUBST(LIB_des_appl) +]) diff --git a/configure.in b/configure.in index 31318e898..028ca83eb 100644 --- a/configure.in +++ b/configure.in @@ -523,49 +523,7 @@ AC_GROK_TYPES([int8_t int16_t int32_t int64_t \ u_int8_t u_int16_t u_int32_t u_int64_t \ uint8_t uint16_t uint32_t uint64_t]) -dnl -dnl crypto functions tests -dnl - -AC_CHECK_HEADERS([ \ - openssl/md4.h \ - openssl/md5.h \ - openssl/sha.h \ - openssl/des.h \ - openssl/rc4.h \ -]) - -AC_FIND_FUNC_NO_LIBS2(MD4_Init, crypto des, [], [], [], [$test_LIB_krb4]) -AC_FIND_FUNC_NO_LIBS2(MD5_Init, crypto des, [], [], [], [$test_LIB_krb4]) -AC_FIND_FUNC_NO_LIBS2(SHA1_Init, crypto des, [], [], [], [$test_LIB_krb4]) -AC_FIND_FUNC_NO_LIBS2(des_cbc_encrypt, crypto des, [], [], [], [$test_LIB_krb4]) -AC_FIND_FUNC_NO_LIBS2(RC4, crypto des, [], [], [], [$test_LIB_krb4]) -if test "$ac_cv_func_des_cbc_encrypt" = "yes" -a \ -"$ac_cv_func_MD4_Init" = "yes" -a \ -"$ac_cv_func_MD5_Init" = "yes" -a \ -"$ac_cv_func_SHA1_Init" = "yes" -a \ -"$ac_cv_func_RC4" = "yes"; then - DIR_des='' - LIB_des='' - if test "$krb4_libdir" != "" -a "$ac_cv_funclib_des_cbc_encrypt" = "-ldes"; then - LIB_des="-R $krb4_libdir -L$krb4_libdir" - fi - LIB_des="$LIB_des $ac_cv_funclib_MD4_Init" - LIB_des_a="$LIB_des" - LIB_des_so="$LIB_des" - LIB_des_appl="$LIB_des" -else - DIR_des='des' - LIB_des='$(top_builddir)/lib/des/libdes.la' - LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a' - LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so' - LIB_des_appl="-ldes" -fi -AC_SUBST(DIR_des) -AC_SUBST(LIB_des) -AC_SUBST(LIB_des_a) -AC_SUBST(LIB_des_so) -AC_SUBST(LIB_des_appl) +KRB_CRYPTO KRB_READLINE diff --git a/kadmin/kadmin_locl.h b/kadmin/kadmin_locl.h index 7f12f65d5..ccb90a447 100644 --- a/kadmin/kadmin_locl.h +++ b/kadmin/kadmin_locl.h @@ -86,7 +86,7 @@ #endif #include #include -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include #else #include diff --git a/kdc/headers.h b/kdc/headers.h index 956235271..521856269 100644 --- a/kdc/headers.h +++ b/kdc/headers.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -85,7 +85,7 @@ #include #include #include -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include #else #include diff --git a/kdc/kdc_locl.h b/kdc/kdc_locl.h index 63dae79ef..d9173f6fb 100644 --- a/kdc/kdc_locl.h +++ b/kdc/kdc_locl.h @@ -113,7 +113,7 @@ krb5_error_code do_kaserver (unsigned char*, size_t, krb5_data*, const char*, struct sockaddr_in*); #endif -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #define des_new_random_key des_random_key #endif diff --git a/kpasswd/kpasswd_locl.h b/kpasswd/kpasswd_locl.h index 501863308..b2269d4c8 100644 --- a/kpasswd/kpasswd_locl.h +++ b/kpasswd/kpasswd_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -98,7 +98,7 @@ #include #include #include -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include #else #include diff --git a/lib/hdb/hdb_locl.h b/lib/hdb/hdb_locl.h index 61e43ceff..fdec3683b 100644 --- a/lib/hdb/hdb_locl.h +++ b/lib/hdb/hdb_locl.h @@ -56,7 +56,7 @@ #endif #include -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include #else #include diff --git a/lib/krb5/Makefile.am b/lib/krb5/Makefile.am index 1365fb396..9224c2c26 100644 --- a/lib/krb5/Makefile.am +++ b/lib/krb5/Makefile.am @@ -2,7 +2,7 @@ include $(top_srcdir)/Makefile.am.common -INCLUDES += $(INCLUDE_krb4) +INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) bin_PROGRAMS = verify_krb5_conf diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index e1c88a439..8016745bf 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -2655,7 +2655,7 @@ krb5_decrypt_EncryptedData(krb5_context context, * * ************************************************************/ -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include /* From openssl/crypto/rand/rand_lcl.h */ diff --git a/lib/krb5/krb5_locl.h b/lib/krb5/krb5_locl.h index 3d09e249c..0d6c0591e 100644 --- a/lib/krb5/krb5_locl.h +++ b/lib/krb5/krb5_locl.h @@ -109,29 +109,17 @@ struct sockaddr_dl; #include #include -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include -#else -#include -#endif -#ifdef HAVE_OPENSSL_MD4_H #include -#else -#include -#endif -#ifdef HAVE_OPENSSL_MD5_H #include -#else -#include -#endif -#ifdef HAVE_OPENSSL_SHA_H #include -#else -#include -#endif -#ifdef HAVE_OPENSSL_RC4_H #include #else +#include +#include +#include +#include #include #endif diff --git a/lib/otp/Makefile.am b/lib/otp/Makefile.am index 11a780719..91c947d66 100644 --- a/lib/otp/Makefile.am +++ b/lib/otp/Makefile.am @@ -2,7 +2,7 @@ include $(top_srcdir)/Makefile.am.common -INCLUDES += $(INCLUDE_krb4) +INCLUDES += $(INCLUDE_des) noinst_PROGRAMS = otptest diff --git a/lib/otp/otp_md.c b/lib/otp/otp_md.c index 50764b52b..60900bb6b 100644 --- a/lib/otp/otp_md.c +++ b/lib/otp/otp_md.c @@ -38,19 +38,13 @@ RCSID("$Id$"); #include "otp_locl.h" #include "otp_md.h" -#ifdef HAVE_OPENSSL_MD4_H +#ifdef HAVE_OPENSSL #include -#else -#include -#endif -#ifdef HAVE_OPENSSL_MD5_H #include -#else -#include -#endif -#ifdef HAVE_OPENSSL_SHA_H #include #else +#include +#include #include #endif