Bring in the krb5 module in OpenSSL.
authorPeter Avalos <pavalos@dragonflybsd.org>
Tue, 10 Apr 2012 16:57:21 +0000 (09:57 -0700)
committerPeter Avalos <pavalos@dragonflybsd.org>
Tue, 10 Apr 2012 16:57:21 +0000 (09:57 -0700)
Even though we don't have Kerberos5 in base, we should still be
installing the krb5_asn.h header.

crypto/openssl/README.DELETED
crypto/openssl/crypto/krb5/krb5_asn.c [new file with mode: 0644]
crypto/openssl/crypto/krb5/krb5_asn.h [new file with mode: 0644]

index 4a7e232..d17c4b6 100644 (file)
@@ -215,7 +215,7 @@ crypto/idea/idea_spd.c
 crypto/idea/ideatest.c
 crypto/install-crypto.com
 crypto/jpake/
-crypto/krb5/
+crypto/krb5/Makefile
 crypto/lhash/Makefile
 crypto/lhash/lh_test.c
 crypto/lhash/num.pl
diff --git a/crypto/openssl/crypto/krb5/krb5_asn.c b/crypto/openssl/crypto/krb5/krb5_asn.c
new file mode 100644 (file)
index 0000000..1fb741d
--- /dev/null
@@ -0,0 +1,167 @@
+/* krb5_asn.c */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
+** using ocsp/{*.h,*asn*.c} as a starting point
+*/
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/krb5_asn.h>
+
+
+ASN1_SEQUENCE(KRB5_ENCDATA) = {
+       ASN1_EXP(KRB5_ENCDATA, etype,           ASN1_INTEGER,     0),
+       ASN1_EXP_OPT(KRB5_ENCDATA, kvno,        ASN1_INTEGER,     1),
+       ASN1_EXP(KRB5_ENCDATA, cipher,          ASN1_OCTET_STRING,2)
+} ASN1_SEQUENCE_END(KRB5_ENCDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)
+
+
+ASN1_SEQUENCE(KRB5_PRINCNAME) = {
+       ASN1_EXP(KRB5_PRINCNAME, nametype,      ASN1_INTEGER,     0),
+       ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
+} ASN1_SEQUENCE_END(KRB5_PRINCNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+
+
+/* [APPLICATION 1] = 0x61 */
+ASN1_SEQUENCE(KRB5_TKTBODY) = {
+       ASN1_EXP(KRB5_TKTBODY, tktvno,          ASN1_INTEGER,     0),
+       ASN1_EXP(KRB5_TKTBODY, realm,           ASN1_GENERALSTRING, 1),
+       ASN1_EXP(KRB5_TKTBODY, sname,           KRB5_PRINCNAME,   2),
+       ASN1_EXP(KRB5_TKTBODY, encdata,         KRB5_ENCDATA,     3)
+} ASN1_SEQUENCE_END(KRB5_TKTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)
+
+
+ASN1_ITEM_TEMPLATE(KRB5_TICKET) = 
+       ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
+                       KRB5_TICKET, KRB5_TKTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)
+
+
+/* [APPLICATION 14] = 0x6e */
+ASN1_SEQUENCE(KRB5_APREQBODY) = {
+       ASN1_EXP(KRB5_APREQBODY, pvno,          ASN1_INTEGER,     0),
+       ASN1_EXP(KRB5_APREQBODY, msgtype,       ASN1_INTEGER,     1),
+       ASN1_EXP(KRB5_APREQBODY, apoptions,     ASN1_BIT_STRING,  2),
+       ASN1_EXP(KRB5_APREQBODY, ticket,        KRB5_TICKET,      3),
+       ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA,     4),
+} ASN1_SEQUENCE_END(KRB5_APREQBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_APREQ) = 
+       ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
+                       KRB5_APREQ, KRB5_APREQBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)
+
+
+/*  Authenticator stuff        */
+
+ASN1_SEQUENCE(KRB5_CHECKSUM) = {
+       ASN1_EXP(KRB5_CHECKSUM, ctype,          ASN1_INTEGER,     0),
+       ASN1_EXP(KRB5_CHECKSUM, checksum,       ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_CHECKSUM)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+
+
+ASN1_SEQUENCE(KRB5_ENCKEY) = {
+       ASN1_EXP(KRB5_ENCKEY,   ktype,          ASN1_INTEGER,     0),
+       ASN1_EXP(KRB5_ENCKEY,   keyvalue,       ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_ENCKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)
+
+
+/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
+ASN1_SEQUENCE(KRB5_AUTHDATA) = {
+       ASN1_EXP(KRB5_AUTHDATA, adtype,         ASN1_INTEGER,     0),
+       ASN1_EXP(KRB5_AUTHDATA, addata,         ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_AUTHDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+
+
+/* [APPLICATION 2] = 0x62 */
+ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {
+       ASN1_EXP(KRB5_AUTHENTBODY,      avno,   ASN1_INTEGER,     0),
+       ASN1_EXP(KRB5_AUTHENTBODY,      crealm, ASN1_GENERALSTRING, 1),
+       ASN1_EXP(KRB5_AUTHENTBODY,      cname,  KRB5_PRINCNAME,   2),
+       ASN1_EXP_OPT(KRB5_AUTHENTBODY,  cksum,  KRB5_CHECKSUM,    3),
+       ASN1_EXP(KRB5_AUTHENTBODY,      cusec,  ASN1_INTEGER,     4),
+       ASN1_EXP(KRB5_AUTHENTBODY,      ctime,  ASN1_GENERALIZEDTIME, 5),
+       ASN1_EXP_OPT(KRB5_AUTHENTBODY,  subkey, KRB5_ENCKEY,      6),
+       ASN1_EXP_OPT(KRB5_AUTHENTBODY,  seqnum, ASN1_INTEGER,     7),
+       ASN1_EXP_SEQUENCE_OF_OPT
+                   (KRB5_AUTHENTBODY,  authorization,  KRB5_AUTHDATA, 8),
+} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = 
+       ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
+                       KRB5_AUTHENT, KRB5_AUTHENTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)
+
diff --git a/crypto/openssl/crypto/krb5/krb5_asn.h b/crypto/openssl/crypto/krb5/krb5_asn.h
new file mode 100644 (file)
index 0000000..41725d0
--- /dev/null
@@ -0,0 +1,256 @@
+/* krb5_asn.h */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
+** using ocsp/{*.h,*asn*.c} as a starting point
+*/
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_KRB5_ASN_H
+#define HEADER_KRB5_ASN_H
+
+/*
+#include <krb5.h>
+*/
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+/*     ASN.1 from Kerberos RFC 1510
+*/
+
+/*     EncryptedData ::=   SEQUENCE {
+**             etype[0]                      INTEGER, -- EncryptionType
+**             kvno[1]                       INTEGER OPTIONAL,
+**             cipher[2]                     OCTET STRING -- ciphertext
+**     }
+*/
+typedef        struct  krb5_encdata_st
+       {
+       ASN1_INTEGER                    *etype;
+       ASN1_INTEGER                    *kvno;
+       ASN1_OCTET_STRING               *cipher;
+       }       KRB5_ENCDATA;
+
+DECLARE_STACK_OF(KRB5_ENCDATA)
+
+/*     PrincipalName ::=   SEQUENCE {
+**             name-type[0]                  INTEGER,
+**             name-string[1]                SEQUENCE OF GeneralString
+**     }
+*/
+typedef        struct  krb5_princname_st
+       {
+       ASN1_INTEGER                    *nametype;
+       STACK_OF(ASN1_GENERALSTRING)    *namestring;
+       }       KRB5_PRINCNAME;
+
+DECLARE_STACK_OF(KRB5_PRINCNAME)
+
+
+/*     Ticket ::=      [APPLICATION 1] SEQUENCE {
+**             tkt-vno[0]                    INTEGER,
+**             realm[1]                      Realm,
+**             sname[2]                      PrincipalName,
+**             enc-part[3]                   EncryptedData
+**     }
+*/
+typedef        struct  krb5_tktbody_st
+       {
+       ASN1_INTEGER                    *tktvno;
+       ASN1_GENERALSTRING              *realm;
+       KRB5_PRINCNAME                  *sname;
+       KRB5_ENCDATA                    *encdata;
+       }       KRB5_TKTBODY;
+
+typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
+DECLARE_STACK_OF(KRB5_TKTBODY)
+
+
+/*     AP-REQ ::=      [APPLICATION 14] SEQUENCE {
+**             pvno[0]                       INTEGER,
+**             msg-type[1]                   INTEGER,
+**             ap-options[2]                 APOptions,
+**             ticket[3]                     Ticket,
+**             authenticator[4]              EncryptedData
+**     }
+**
+**     APOptions ::=   BIT STRING {
+**             reserved(0), use-session-key(1), mutual-required(2) }
+*/
+typedef        struct  krb5_ap_req_st
+       {
+       ASN1_INTEGER                    *pvno;
+       ASN1_INTEGER                    *msgtype;
+       ASN1_BIT_STRING                 *apoptions;
+       KRB5_TICKET                     *ticket;
+       KRB5_ENCDATA                    *authenticator;
+       }       KRB5_APREQBODY;
+
+typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
+DECLARE_STACK_OF(KRB5_APREQBODY)
+
+
+/*     Authenticator Stuff     */
+
+
+/*     Checksum ::=   SEQUENCE {
+**             cksumtype[0]                  INTEGER,
+**             checksum[1]                   OCTET STRING
+**     }
+*/
+typedef        struct  krb5_checksum_st
+       {
+       ASN1_INTEGER                    *ctype;
+       ASN1_OCTET_STRING               *checksum;
+       }       KRB5_CHECKSUM;
+
+DECLARE_STACK_OF(KRB5_CHECKSUM)
+
+
+/*     EncryptionKey ::=   SEQUENCE {
+**             keytype[0]                    INTEGER,
+**             keyvalue[1]                   OCTET STRING
+**     }
+*/
+typedef struct  krb5_encryptionkey_st
+       {
+       ASN1_INTEGER                    *ktype;
+       ASN1_OCTET_STRING               *keyvalue;
+       }       KRB5_ENCKEY;
+
+DECLARE_STACK_OF(KRB5_ENCKEY)
+
+
+/*     AuthorizationData ::=   SEQUENCE OF SEQUENCE {
+**             ad-type[0]                    INTEGER,
+**              ad-data[1]                    OCTET STRING
+**     }
+*/
+typedef struct krb5_authorization_st
+       {
+       ASN1_INTEGER                    *adtype;
+       ASN1_OCTET_STRING               *addata;
+       }       KRB5_AUTHDATA;
+
+DECLARE_STACK_OF(KRB5_AUTHDATA)
+
+                       
+/*     -- Unencrypted authenticator
+**     Authenticator ::=    [APPLICATION 2] SEQUENCE    {
+**             authenticator-vno[0]          INTEGER,
+**             crealm[1]                     Realm,
+**             cname[2]                      PrincipalName,
+**             cksum[3]                      Checksum OPTIONAL,
+**             cusec[4]                      INTEGER,
+**             ctime[5]                      KerberosTime,
+**             subkey[6]                     EncryptionKey OPTIONAL,
+**             seq-number[7]                 INTEGER OPTIONAL,
+**             authorization-data[8]         AuthorizationData OPTIONAL
+**     }
+*/
+typedef struct krb5_authenticator_st
+       {
+       ASN1_INTEGER                    *avno;
+       ASN1_GENERALSTRING              *crealm;
+       KRB5_PRINCNAME                  *cname;
+       KRB5_CHECKSUM                   *cksum;
+       ASN1_INTEGER                    *cusec;
+       ASN1_GENERALIZEDTIME            *ctime;
+       KRB5_ENCKEY                     *subkey;
+       ASN1_INTEGER                    *seqnum;
+       KRB5_AUTHDATA                   *authorization;
+       }       KRB5_AUTHENTBODY;
+
+typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
+DECLARE_STACK_OF(KRB5_AUTHENTBODY)
+
+
+/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
+**     type *name##_new(void);
+**     void name##_free(type *a);
+**     DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
+**      DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
+**       type *d2i_##name(type **a, const unsigned char **in, long len);
+**       int i2d_##name(type *a, unsigned char **out);
+**       DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
+*/
+
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)
+
+DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+