re-write the handling of crypto libraries. try to use the one of

openssl's libcrypto or krb4's libdes that has all the required
functionality (md4, md5, sha1, des, rc4).  if there is no such
library, the included lib/des is built.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10519 ec53bebd-3082-4978-b11e-865c3cabbd6b

admin/ktutil_locl.h

@@ -54,7 +54,7 @@
 #include <parse_time.h>
 #include <roken.h>
 
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #include <openssl/des.h>
 #else
 #include <des.h>

appl/ftp/ftp/ftp_locl.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska H<>gskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -131,7 +131,7 @@ struct hostent  *gethostbyname(const char *);
 #include "security.h"
 
 /* des_read_pw_string */
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #include <openssl/des.h>
 #else
 #include <des.h>

appl/kx/common.c

@@ -421,7 +421,7 @@ create_and_write_cookie (char *xauthfile,
      auth.name_length = strlen(auth.name);
      auth.data_length = cookie_sz;
      auth.data = (char*)cookie;
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
      krb5_generate_random_block (cookie, cookie_sz);
 #else
      des_rand_data (cookie, cookie_sz);

appl/otp/otp_locl.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska H<>gskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -52,7 +52,7 @@
 #endif
 #include <roken.h>
 #include <err.h>
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #include <openssl/des.h>
 #else
 #include <des.h>

appl/telnet/libtelnet/enc_des.c

@@ -50,7 +50,7 @@ RCSID("$Id$");
 #include "encrypt.h"
 #include "misc-proto.h"
 
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #include <openssl/des.h>
 #else
 #include <des.h>
@@ -408,7 +408,7 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp)
 	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
 
 	if (fbp->once == 0) {
-#if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL_DES_H)
+#if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL)
 		des_init_random_number_generator(&fbp->krbdes_key);
 #endif
 		fbp->once = 1;

appl/telnet/libtelnet/encrypt.h

@@ -90,7 +90,7 @@ typedef struct {
 
 #define	SK_DES		1	/* Matched Kerberos v5 KEYTYPE_DES */
 
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #include <openssl/des.h>
 #define des_new_random_key des_random_key
 #else

appl/telnet/libtelnet/kerberos.c

@@ -220,7 +220,7 @@ kerberos4_send(char *name, Authenticator *ap)
 
 	des_key_sched(&cred.session, sched);
 	memcpy (&cred_session, &cred.session, sizeof(cred_session));
-#ifndef HAVE_OPENSSL_DES_H
+#ifndef HAVE_OPENSSL
 	des_init_random_number_generator(&cred.session);
 #endif
 	des_new_random_key(&session_key);

cf/crypto.m4

@@ -0,0 +1,114 @@
+dnl $Id$
+dnl
+dnl test for crypto libraries:
+dnl - libcrypto (from openssl)
+dnl - libdes (from krb4)
+dnl - own-built libdes
+
+AC_DEFUN([KRB_CRYPTO],[
+crypto_lib=unknown
+AC_ARG_WITH(openssl,
+[  --with-openssl=dir	if you want to use openssl's libcrypto in dir])
+
+DIR_des=
+
+AC_MSG_CHECKING([for crypto library])
+
+if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
+
+  save_CPPFLAGS="$CPPFLAGS"
+  save_LIBS="$LIBS"
+  INCLUDE_des=
+  LIB_des=
+  if test "$with_openssl" != ""; then
+    INCLUDE_des="-I${with_openssl}/include"
+    CPPFLAGS="${INCLUDE_des} ${CPPFLAGS}"
+    LIB_des="-L${with_openssl}/lib"
+  fi
+  LIB_des_a="$LIB_des"
+  LIB_des_so="$LIB_des"
+  LIB_des_appl="$LIB_des"
+  LIBS="${LIBS} ${LIB_des}"
+  AC_TRY_LINK([
+  #include <openssl/md4.h>
+  #include <openssl/md5.h>
+  #include <openssl/sha.h>
+  #include <openssl/des.h>
+  #include <openssl/rc4.h>
+  ],
+  [
+    MD4_CTX md4;
+    MD5_CTX md5;
+    SHA1_CTX sha1;
+
+    MD4_Init(&md4);
+    MD5_Init(&md5);
+    SHA1_Init(&sha1);
+
+    des_cbc_encrypt(NULL, NULL, 0, NULL, NULL, 0);
+    RC4(NULL, 0, NULL, NULL);
+  ], [
+  crypto_lib=libcrypto
+  AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto])
+  AC_MSG_RESULT([libcrypto])])
+  CPPFLAGS="$save_CPPFLAGS"
+  LIBS="$save_LIBS"
+fi
+
+if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
+
+  save_CPPFLAGS="$CPPFLAGS"
+  save_LIBS="$LIBS"
+  INCLUDE_des="${INCLUDE_krb4}"
+  LIB_des=
+  if test "$krb4_libdir"; then
+    LIB_des="-L${krb4_libdir}"
+  fi
+  CPPFLAGS="${CPPFLAGS} ${INCLUDE_des}"
+  LIBS="${LIBS} ${LIB_des}"
+  LIB_des_a="$LIB_des"
+  LIB_des_so="$LIB_des"
+  LIB_des_appl="$LIB_des"
+  LIBS="${LIBS} ${LIB_des}"
+  AC_TRY_LINK([
+  #undef KRB5 /* makes md4.h et al unhappy */
+  #define KRB4
+  #include <md4.h>
+  #include <md5.h>
+  #include <sha.h>
+  #include <des.h>
+  #include <rc4.h>
+  ],
+  [
+    MD4_CTX md4;
+    MD5_CTX md5;
+    SHA1_CTX sha1;
+
+    MD4_Init(&md4);
+    MD5_Init(&md5);
+    SHA1_Init(&sha1);
+
+    des_cbc_encrypt(NULL, NULL, 0, NULL, NULL, 0);
+    RC4(NULL, 0, NULL, NULL);
+  ], [crypto_lib=krb4; AC_MSG_RESULT([krb4's libdes])])
+
+fi
+
+if test "$crypto_lib" = "unknown"; then
+
+  DIR_des='des'
+  LIB_des='$(top_builddir)/lib/des/libdes.la'
+  LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a'
+  LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so'
+  LIB_des_appl="-ldes"
+
+  AC_MSG_RESULT([included libdes])
+
+fi
+
+AC_SUBST(DIR_des)
+AC_SUBST(LIB_des)
+AC_SUBST(LIB_des_a)
+AC_SUBST(LIB_des_so)
+AC_SUBST(LIB_des_appl)
+])

configure.in

@@ -523,49 +523,7 @@ AC_GROK_TYPES([int8_t int16_t int32_t int64_t \
 	u_int8_t u_int16_t u_int32_t u_int64_t \
 	uint8_t uint16_t uint32_t uint64_t])
 
-dnl
+KRB_CRYPTO
-dnl crypto functions tests
-dnl
-
-AC_CHECK_HEADERS([				\
-	openssl/md4.h				\
-	openssl/md5.h				\
-	openssl/sha.h				\
-	openssl/des.h				\
-	openssl/rc4.h				\
-])
-
-AC_FIND_FUNC_NO_LIBS2(MD4_Init, crypto des, [], [], [], [$test_LIB_krb4])
-AC_FIND_FUNC_NO_LIBS2(MD5_Init, crypto des, [], [], [], [$test_LIB_krb4])
-AC_FIND_FUNC_NO_LIBS2(SHA1_Init, crypto des, [], [], [], [$test_LIB_krb4])
-AC_FIND_FUNC_NO_LIBS2(des_cbc_encrypt, crypto des, [], [], [], [$test_LIB_krb4])
-AC_FIND_FUNC_NO_LIBS2(RC4, crypto des, [], [], [], [$test_LIB_krb4])
-if test "$ac_cv_func_des_cbc_encrypt" = "yes" -a \
-"$ac_cv_func_MD4_Init"  = "yes" -a \
-"$ac_cv_func_MD5_Init"  = "yes" -a \
-"$ac_cv_func_SHA1_Init" = "yes" -a \
-"$ac_cv_func_RC4" = "yes"; then
-  DIR_des=''
-  LIB_des=''
-  if test "$krb4_libdir" != "" -a "$ac_cv_funclib_des_cbc_encrypt" = "-ldes"; then
-    LIB_des="-R $krb4_libdir -L$krb4_libdir"
-  fi
-  LIB_des="$LIB_des $ac_cv_funclib_MD4_Init"
-  LIB_des_a="$LIB_des"
-  LIB_des_so="$LIB_des"
-  LIB_des_appl="$LIB_des"
-else
-  DIR_des='des'
-  LIB_des='$(top_builddir)/lib/des/libdes.la'
-  LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a'
-  LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so'
-  LIB_des_appl="-ldes"
-fi
-AC_SUBST(DIR_des)
-AC_SUBST(LIB_des)
-AC_SUBST(LIB_des_a)
-AC_SUBST(LIB_des_so)
-AC_SUBST(LIB_des_appl)
 
 KRB_READLINE
 

kadmin/kadmin_locl.h

@@ -86,7 +86,7 @@
 #endif
 #include <err.h>
 #include <roken.h>
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #include <openssl/des.h>
 #else
 #include <des.h>

kdc/headers.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -85,7 +85,7 @@
 #include <getarg.h>
 #include <base64.h>
 #include <parse_units.h>
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #include <openssl/des.h>
 #else
 #include <des.h>

kdc/kdc_locl.h

@@ -113,7 +113,7 @@ krb5_error_code do_kaserver (unsigned char*, size_t, krb5_data*, const char*,
 			     struct sockaddr_in*);
 #endif
 
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #define des_new_random_key des_random_key
 #endif
 

kpasswd/kpasswd_locl.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -98,7 +98,7 @@
 #include <err.h>
 #include <roken.h>
 #include <getarg.h>
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #include <openssl/des.h>
 #else
 #include <des.h>

lib/hdb/hdb_locl.h

@@ -56,7 +56,7 @@
 #endif
 #include <roken.h>
 
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #include <openssl/des.h>
 #else
 #include <des.h>

lib/krb5/Makefile.am

@@ -2,7 +2,7 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += $(INCLUDE_krb4)
+INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des)
 
 bin_PROGRAMS = verify_krb5_conf
 

lib/krb5/crypto.c

@@ -2655,7 +2655,7 @@ krb5_decrypt_EncryptedData(krb5_context context,
  *                                                          *
  ************************************************************/
 
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #include <openssl/rand.h>
 
 /* From openssl/crypto/rand/rand_lcl.h */

lib/krb5/krb5_locl.h

@@ -109,29 +109,17 @@ struct sockaddr_dl;
 #include <parse_time.h>
 #include <base64.h>
 
-#ifdef HAVE_OPENSSL_DES_H
+#ifdef HAVE_OPENSSL
 #include <openssl/des.h>
-#else
-#include <des.h>
-#endif
-#ifdef HAVE_OPENSSL_MD4_H
 #include <openssl/md4.h>
-#else
-#include <md4.h>
-#endif
-#ifdef HAVE_OPENSSL_MD5_H
 #include <openssl/md5.h>
-#else
-#include <md5.h>
-#endif
-#ifdef HAVE_OPENSSL_SHA_H
 #include <openssl/sha.h>
-#else
-#include <sha.h>
-#endif
-#ifdef HAVE_OPENSSL_RC4_H
 #include <openssl/rc4.h>
 #else
+#include <des.h>
+#include <md4.h>
+#include <md5.h>
+#include <sha.h>
 #include <rc4.h>
 #endif
 

lib/otp/Makefile.am

@@ -2,7 +2,7 @@
 
 include $(top_srcdir)/Makefile.am.common
 
-INCLUDES += $(INCLUDE_krb4)
+INCLUDES += $(INCLUDE_des)
 
 noinst_PROGRAMS = otptest
 

lib/otp/otp_md.c

@@ -38,19 +38,13 @@ RCSID("$Id$");
 #include "otp_locl.h"
 
 #include "otp_md.h"
-#ifdef HAVE_OPENSSL_MD4_H
+#ifdef HAVE_OPENSSL
 #include <openssl/md4.h>
-#else
-#include <md4.h>
-#endif
-#ifdef HAVE_OPENSSL_MD5_H
 #include <openssl/md5.h>
-#else
-#include <md5.h>
-#endif
-#ifdef HAVE_OPENSSL_SHA_H
 #include <openssl/sha.h>
 #else
+#include <md4.h>
+#include <md5.h>
 #include <sha.h>
 #endif