hcrypto: config $(DIR_roken)
+${COMPILE_PART1} crypto/hcrypto ${COMPILE_PART2}
+rfc3961: config hcrypto
+ +${COMPILE_PART1} crypto/rfc3961 ${COMPILE_PART2}
+
lwp: util lwp_depinstall
+${COMPILE_PART1} lwp ${COMPILE_PART2}
#
# libafs build targets
#
-libafs: config export hcrypto lwp_depinstall \
+libafs: config export rfc3961 hcrypto lwp_depinstall \
rx_depinstall vlserver_depinstall tvlserver_depinstall \
rxkad_depinstall fsint_depinstall \
libacl_depinstall afs_depinstall dir_depinstall \
finale: project cmd comerr afsd butc tbutc tbudb @ENABLE_KERNEL_MODULE@ libuafs audit kauth log \
ptserver tptserver scout bu_utils ubik uss bozo @VFSCK@ volser tvolser tsalvaged \
dviced dvolser \
- venus update xstat afsmonitor rxdebug libafsrpc hcrypto \
+ venus update xstat afsmonitor rxdebug libafsrpc rfc3961 hcrypto \
libafsauthent shlibafsrpc shlibafsauthent libadmin man-pages \
platform kopenafs authtools $(DIR_roken)
+${COMPILE_PART1} finale ${COMPILE_PART2}
finale_nolibafs: project cmd comerr afsd butc tbutc tbudb libuafs audit kauth log \
ptserver tptserver scout bu_utils ubik tubik uss bozo @VFSCK@ volser tvolser tsalvaged \
dviced dvolser \
- venus update xstat afsmonitor rxdebug libafsrpc hcrypto \
+ venus update xstat afsmonitor rxdebug libafsrpc rfc3961 hcrypto \
libafsauthent shlibafsrpc shlibafsauthent libadmin man-pages \
platform kopenafs authtools $(DIR_roken)
+${COMPILE_PART1} finale ${COMPILE_PART2}
-${COMPILE_PART1} tests ${COMPILE_CLEAN}
-${COMPILE_PART1} crypto/hcrypto ${COMPILE_CLEAN}
-${COMPILE_PART1} roken ${COMPILE_CLEAN}
+ -${COMPILE_PART1} crypto/rfc3961 ${COMPILE_CLEAN}
-(cd src/libafs; /bin/rm -rf afs afsint config rx)
-(cd src/libuafs; /bin/rm -rf afs afsint config rx)
-/bin/rm -rf ${TOP_INCDIR} ${TOP_LIBDIR} ${TOP_JLIBDIR}
src/config/shlib-build \
src/config/shlib-install \
src/crypto/hcrypto/Makefile \
+ src/crypto/rfc3961/Makefile \
src/dir/Makefile \
src/dir/test/Makefile \
src/dviced/Makefile \
src/config/shlib-build \
src/config/shlib-install \
src/crypto/hcrypto/Makefile \
+src/crypto/rfc3961/Makefile \
src/dir/Makefile \
src/dir/test/Makefile \
src/dviced/Makefile \
if (ptr != NULL)
afs_osi_Free(ptr, 0);
}
+
+char*
+_afscrypto_strdup(const char *str) {
+ char *ptr;
+
+ ptr = malloc(strlen(str));
+ if (ptr == NULL)
+ return ptr;
+ memcpy(ptr, str, strlen(str));
+
+ return ptr;
+}
+
+/* This is a horrible, horrible bodge, but the crypto code uses realloc,
+ * so we need to handle it too.
+ *
+ * There are two different call sites for realloc. Firstly, it's used
+ * in the decrypt case to shrink the size of the allotted buffer. In
+ * this case, we can just ignore the realloc and return the original
+ * pointer.
+ *
+ * Secondly, it's used when computing derived keys. In this case, the
+ * first call will be with a NULL input, and the size of a single
+ * derived key. So, we just give back space for 20 keys, and pray.
+ */
+
+void *
+_afscrypto_realloc(void *ptr, size_t len) {
+ if (ptr == NULL)
+ return calloc(20, len);
+ return ptr;
+}
#define free _afscrypto_free
void _afscrypto_free(void *);
+
+#define strdup _afscrypto_strdup
+char * _afscrypto_strdup(const char *);
+
+#define realloc _afscrypto_realloc
+void * _afscrypto_realloc(void *, size_t);
--- /dev/null
+# Copyright 2010, Your File System Inc
+# All Rights Reserved
+#
+# This software is released under the terms of the two clause BSD
+# License. For details, see the LICENSE file at the top level of
+# this distribution.
+
+srcdir=@srcdir@
+include @TOP_OBJDIR@/src/config/Makefile.config
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+
+all: ${TOP_INCDIR}/afs/rfc3961.h
+
+${TOP_INCDIR}/afs/rfc3961.h: rfc3961.h
+ ${INSTALL_DATA} $? $@
+
+install:
+
+dest:
+
+clean:
--- /dev/null
+/* Functions for handling the Kerberos context. For now, these are no-ops */
+
+#include <krb5_locl.h>
+
+int
+krb5_init_context(krb5_context *ctx) {
+ return;
+}
--- /dev/null
+/* A couple of copying functions which are required by the Heimdal crypto code,
+ * but where pulling in the whole Heimdal source file containing them leads
+ * to unecessary complexity */
+
+#include <krb5_locl.h>
+
+int
+der_copy_octet_string (const krb5_data *from, krb5_data *to)
+{
+ to->length = from->length;
+ to->data = malloc(to->length);
+ if(to->length != 0 && to->data == NULL)
+ return ENOMEM;
+ memcpy(to->data, from->data, to->length);
+ return 0;
+}
+
+int
+copy_EncryptionKey(const krb5_keyblock *from, krb5_keyblock *to)
+{
+ memset(to, 0, sizeof(*to));
+ to->keytype = from->keytype;
+ return der_copy_octet_string(&from->keyvalue, &to->keyvalue);
+}
+
+void
+free_Checksum(Checksum *data)
+{
+ krb5_data_free(&data->checksum);
+}
--- /dev/null
+/*
+ * Copyright (c) 2010 Your Filesystem Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Algorithm list for the in-kernel hcrypto implementation. We use a really cut
+ * down list of algorithms, to reduce the code-footprint of our kernel module.
+ */
+
+#include "krb5_locl.h"
+
+struct checksum_type *_krb5_checksum_types[] = {
+ &_krb5_checksum_sha1,
+ &_krb5_checksum_hmac_sha1_aes128,
+ &_krb5_checksum_hmac_sha1_aes256,
+};
+
+int _krb5_num_checksums
+ = sizeof(_krb5_checksum_types) / sizeof(_krb5_checksum_types[0]);
+
+struct encryption_type *_krb5_etypes[] = {
+ &_krb5_enctype_aes256_cts_hmac_sha1,
+ &_krb5_enctype_aes128_cts_hmac_sha1,
+};
+
+int _krb5_num_etypes = sizeof(_krb5_etypes) / sizeof(_krb5_etypes[0]);
--- /dev/null
+/*
+ * Copyright (c) 2010 Your Filesystem Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <afsconfig.h>
+#include "afs/param.h"
+#include "afs/stds.h"
+#include "afs/sysincludes.h"
+#include "afsincludes.h"
+
+#include "rfc3961.h"
+
+krb5_error_code
+krb5_generate_random_block(void *buf, size_t len)
+{
+ return osi_readRandom(buf, len);
+}
--- /dev/null
+/* This is a shim header that's included by crypto.c, and turns it into
+ * something that we can actually build on its own.
+ */
+
+#ifdef KERNEL
+
+#include "config.h"
+
+#else
+
+#include <roken.h>
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/param.h>
+#include <inttypes.h>
+#include <sys/types.h>
+#include <sys/errno.h>
+#include <pthread.h>
+
+#endif
+
+#include <hcrypto/evp.h>
+#include <hcrypto/sha.h>
+
+#include "rfc3961.h"
+
+#ifndef KERNEL
+# define HEIMDAL_MUTEX pthread_mutex_t
+# define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
+# define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL)
+# define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m)
+# define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m)
+# define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m)
+#endif
+
+#define HEIMDAL_SMALLER 1
+#define HEIM_CRYPTO_NO_TRIPLE_DES
+#define HEIM_CRYPTO_NO_ARCFOUR
+#define HEIM_CRYPTO_NO_PK
+
+#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
+
+#ifndef max
+#define max(a,b) (((a)>(b))?(a):(b))
+#endif
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
+typedef int krb5_boolean;
+typedef ssize_t krb5_ssize_t;
+
+#define KRB5_KU_AS_REP_ENC_PART 3
+#define KRB5_KU_USAGE_SEAL 22
+#define KRB5_KU_USAGE_SIGN 23
+#define KRB5_KU_USAGE_SEQ 24
+
+#define TRUE 1
+#define FALSE 0
+
+/* From the ASN.1 */
+
+typedef struct EncryptedData {
+ int etype;
+ int *kvno;
+ heim_octet_string cipher;
+} EncryptedData;
+
+typedef enum krb5_salttype {
+ KRB5_PW_SALT = 3,
+ KRB5_AFS3_SALT = 10
+} krb5_salttype;
+
+typedef enum krb5_keytype {
+ KEYTYPE_NULL = 0,
+ KEYTYPE_DES = 1,
+ KEYTYPE_DES3 = 7,
+ KEYTYPE_AES128 = 17,
+ KEYTYPE_AES256 = 18,
+ KEYTYPE_ARCFOUR = 23,
+ KEYTYPE_ARCFOUR_56 = 24
+} krb5_keytype;
+
+typedef struct krb5_salt {
+ krb5_salttype salttype;
+ krb5_data saltvalue;
+} krb5_salt;
+
+typedef struct krb5_crypto_iov {
+ unsigned int flags;
+ /* ignored */
+#define KRB5_CRYPTO_TYPE_EMPTY 0
+ /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
+#define KRB5_CRYPTO_TYPE_HEADER 1
+ /* IN and OUT */
+#define KRB5_CRYPTO_TYPE_DATA 2
+ /* IN */
+#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3
+ /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
+#define KRB5_CRYPTO_TYPE_PADDING 4
+ /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
+#define KRB5_CRYPTO_TYPE_TRAILER 5
+ /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
+#define KRB5_CRYPTO_TYPE_CHECKSUM 6
+ krb5_data data;
+} krb5_crypto_iov;
+
+#define ETYPE_NULL 0
+
+#define KRB5_LIB_FUNCTION
+#define KRB5_LIB_CALL
+
+/* Error codes */
+#define KRB5_BAD_MSIZE -1765328194
+#define KRB5_BAD_KEYSIZE -1765328195
+#define KRB5_PROG_SUMTYPE_NOSUPP -1765328231
+#define KRB5_PROG_KEYTYPE_NOSUPP -1765328233
+#define KRB5_PROG_ETYPE_NOSUPP -1765328234
+#define HEIM_ERR_SALTTYPE_NOSUPP -1980176638
+#define KRB5KRB_AP_ERR_BAD_INTEGRITY -1765328353
+
+#define KRB5_CRYPTO_INTERNAL 1
+
+/* Currently, we just disable localised error strings. We'll get the error
+ * numbers out, but no meaningful text */
+#define N_(...) ""
+#define krb5_set_error_message(...)
+#define krb5_abortx(...)
+#define krb5_clear_error_message(ctx)
+
+/* Local prototypes. These are functions that we aren't admitting to in the
+ * public API */
+krb5_error_code _krb5_n_fold(const void *str, size_t len, void *, size_t);
+krb5_error_code krb5_derive_key(krb5_context context, const krb5_keyblock *key,
+ krb5_enctype etype, const void *constant,
+ size_t constant_len,
+ krb5_keyblock **derived_key);
+krb5_error_code krb5_enctype_keysize(krb5_context context,
+ krb5_enctype type,
+ size_t *keysize);
+krb5_ssize_t _krb5_put_int(void *buffer, unsigned long value, size_t size);
+void krb5_data_zero(krb5_data *p);
+krb5_error_code krb5_data_copy(krb5_data *p, const void *data, size_t len);
+void krb5_free_data(krb5_context context, krb5_data *p);
+krb5_error_code krb5_copy_keyblock(krb5_context,
+ const krb5_keyblock *,
+ krb5_keyblock **);
+void krb5_free_keyblock(krb5_context, krb5_keyblock *);
+int krb5_data_ct_cmp(const krb5_data *, const krb5_data *);
+int der_copy_octet_string(const krb5_data *, krb5_data *);
+int copy_EncryptionKey(const krb5_keyblock *, krb5_keyblock *);
+int ct_memcmp(const void *p1, const void *p2, size_t len);
+
+#include "crypto.h"
+
+struct checksum_type * _krb5_find_checksum (krb5_cksumtype);
+struct encryption_type * _krb5_find_enctype (krb5_enctype);
+void _krb5_free_key_data (krb5_context, struct key_data *,
+ struct encryption_type *);
+void _krb5_evp_cleanup (krb5_context, struct key_data *);
+krb5_error_code _krb5_evp_encrypt (krb5_context, struct key_data *, void *,
+ size_t, krb5_boolean, int, void *);
+krb5_error_code _krb5_evp_encrypt_cts (krb5_context, struct key_data *,
+ void *,size_t, krb5_boolean,
+ int, void *);
+void _krb5_evp_schedule (krb5_context, struct key_type *,struct key_data *);
+
+krb5_error_code _krb5_SP_HMAC_SHA1_checksum (krb5_context,
+ struct key_data *,
+ const void *,
+ size_t, unsigned, Checksum *);
+
+/* These are bodges - we don't implement these encryption types, but
+ * crypto.c contains hard coded references to them, and to these funcs.
+ *
+ * They will never actually be called ...
+ */
+static_inline krb5_error_code
+_krb5_usage2arcfour(krb5_context context, unsigned *usage) {
+ return -1;
+}
+
+static_inline void
+_krb5_DES3_random_to_key (krb5_context context,
+ krb5_keyblock *key,
+ const void *rand,
+ size_t size) {
+ return;
+}
+
+#define _krb5_AES_salt NULL
--- /dev/null
+
+/* This header defines the public interface to a library which implements
+ * RFC3961 crypto on top of an existing EVP layer. It is created using
+ * selected bits of Heimdal's libkrb5.
+ */
+
+typedef int krb5_error_code;
+typedef int krb5_key_usage;
+typedef struct _krb5_context * krb5_context;
+
+typedef struct {
+ size_t length;
+ void *data;
+} heim_octet_string;
+
+typedef heim_octet_string krb5_data;
+
+typedef struct {
+ int keytype;
+ heim_octet_string keyvalue;
+} krb5_keyblock;
+
+typedef struct krb5_crypto_data *krb5_crypto;
+
+typedef enum CKSUMTYPE {
+ CKSUMTYPE_NONE = 0,
+ CKSUMTYPE_CRC32 = 1,
+ CKSUMTYPE_RSA_MD4 = 2,
+ CKSUMTYPE_RSA_MD4_DES = 3,
+ CKSUMTYPE_DES_MAC = 4,
+ CKSUMTYPE_DES_MAC_K = 5,
+ CKSUMTYPE_RSA_MD4_DES_K = 6,
+ CKSUMTYPE_RSA_MD5 = 7,
+ CKSUMTYPE_RSA_MD5_DES = 8,
+ CKSUMTYPE_RSA_MD5_DES3 = 9,
+ CKSUMTYPE_SHA1_OTHER = 10,
+ CKSUMTYPE_HMAC_SHA1_DES3 = 12,
+ CKSUMTYPE_SHA1 = 14,
+ CKSUMTYPE_HMAC_SHA1_96_AES_128 = 15,
+ CKSUMTYPE_HMAC_SHA1_96_AES_256 = 16,
+ CKSUMTYPE_GSSAPI = 32771,
+ CKSUMTYPE_HMAC_MD5 = -138,
+ CKSUMTYPE_HMAC_MD5_ENC = -1138
+} CKSUMTYPE;
+
+typedef struct Checksum {
+ CKSUMTYPE cksumtype;
+ heim_octet_string checksum;
+} Checksum;
+
+typedef int krb5_cksumtype;
+
+typedef enum ENCTYPE {
+ ETYPE_NULL = 0,
+ ETYPE_DES_CBC_CRC = 1,
+ ETYPE_DES_CBC_MD4 = 2,
+ ETYPE_DES_CBC_MD5 = 3,
+ ETYPE_DES3_CBC_MD5 = 5,
+ ETYPE_OLD_DES3_CBC_SHA1 = 7,
+ ETYPE_SIGN_DSA_GENERATE = 8,
+ ETYPE_ENCRYPT_RSA_PRIV = 9,
+ ETYPE_ENCRYPT_RSA_PUB = 10,
+ ETYPE_DES3_CBC_SHA1 = 16,
+ ETYPE_AES128_CTS_HMAC_SHA1_96 = 17,
+ ETYPE_AES256_CTS_HMAC_SHA1_96 = 18,
+ ETYPE_ARCFOUR_HMAC_MD5 = 23,
+ ETYPE_ARCFOUR_HMAC_MD5_56 = 24,
+ ETYPE_ENCTYPE_PK_CROSS = 48,
+ ETYPE_ARCFOUR_MD4 = -128,
+ ETYPE_ARCFOUR_HMAC_OLD = -133,
+ ETYPE_ARCFOUR_HMAC_OLD_EXP = -135,
+ ETYPE_DES_CBC_NONE = -4096,
+ ETYPE_DES3_CBC_NONE = -4097,
+ ETYPE_DES_CFB64_NONE = -4098,
+ ETYPE_DES_PCBC_NONE = -4099,
+ ETYPE_DIGEST_MD5_NONE = -4100,
+ ETYPE_CRAM_MD5_NONE = -4101
+} ENCTYPE;
+
+enum {
+ ENCTYPE_NULL = ETYPE_NULL
+};
+
+typedef ENCTYPE krb5_enctype;
+
+krb5_error_code krb5_init_context(krb5_context *context);
+
+krb5_error_code krb5_enctype_valid(krb5_context, krb5_enctype);
+
+krb5_error_code krb5_crypto_init(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_enctype etype,
+ krb5_crypto *crypto);
+
+krb5_error_code krb5_crypto_destroy(krb5_context context,
+ krb5_crypto crypto);
+
+krb5_error_code krb5_encrypt(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ const void *data,
+ size_t len,
+ krb5_data *result);
+
+krb5_error_code krb5_decrypt(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result);
+
+krb5_error_code krb5_enctype_keybits(krb5_context context,
+ krb5_enctype type,
+ size_t *keybits);
+
+void krb5_data_free(krb5_data *p);
+
+krb5_error_code krb5_data_alloc(krb5_data *p, int len);
+
+void krb5_free_keyblock_contents(krb5_context context,
+ krb5_keyblock *keyblock);
+
+krb5_error_code krb5_crypto_prf(krb5_context context,
+ const krb5_crypto crypto,
+ const krb5_data *input,
+ krb5_data *output);
+
+krb5_error_code krb5_generate_random_block(void *buf, size_t len);
+
+krb5_error_code krb5_random_to_key(krb5_context context,
+ krb5_enctype type,
+ const void *data,
+ size_t size,
+ krb5_keyblock *key);
+
+size_t krb5_crypto_overhead (krb5_context context,
+ krb5_crypto crypto);
+
+krb5_error_code krb5_crypto_get_checksum_type (krb5_context context,
+ krb5_crypto crypto,
+ krb5_cksumtype *type);
+krb5_error_code krb5_checksumsize (krb5_context context,
+ krb5_cksumtype type,
+ size_t *size);
+
+krb5_error_code krb5_create_checksum (krb5_context context,
+ krb5_crypto crypto,
+ krb5_key_usage usage,
+ int type,
+ void *data,
+ size_t len,
+ Checksum *result);
+
+krb5_error_code krb5_verify_checksum (krb5_context context,
+ krb5_crypto crypto,
+ krb5_key_usage usage,
+ void *data,
+ size_t len,
+ Checksum *cksum);
+
+void free_Checksum(Checksum *data);
aes.o \
rijndael-alg-fst.o \
sha.o \
+ n-fold.o \
+ crypto.o \
+ crypto-algs.o \
+ crypto-aes.o \
+ crypto-context.o \
+ crypto-copy.o \
+ crypto-ct.o \
+ crypto-evp.o \
+ crypto-data.o \
+ crypto-keyblock.o \
+ crypto-store-int.o \
+ crypto-random.o \
afs_uuid.o $(AFS_OS_OBJS)
# These next two allow nfs and nonfs builds to occur in the same directory.
sha.o: $(TOP_SRCDIR)/external/heimdal/hcrypto/sha.c
$(CRULE_OPT)
+RFC3961_INCLUDES = -I$(TOP_SRCDIR)/crypto/rfc3961 \
+ -I$(TOP_SRCDIR)/external/heimdal/krb5
+
+n-fold.o: $(TOP_SRCDIR)/external/heimdal/krb5/n-fold.c
+ $(CRULE_OPT)
+CFLAGS-n-fold.o = $(RFC3961_INCLUDES)
+
+crypto.o: $(TOP_SRCDIR)/external/heimdal/krb5/crypto.c
+ $(CRULE_OPT)
+CFLAGS-crypto.o = $(RFC3961_INCLUDES)
+
+crypto-aes.o: $(TOP_SRCDIR)/external/heimdal/krb5/crypto-aes.c
+ $(CRULE_OPT)
+CFLAGS-crypto-aes.o = $(RFC3961_INCLUDES)
+
+crypto-evp.o: $(TOP_SRCDIR)/external/heimdal/krb5/crypto-evp.c
+ $(CRULE_OPT)
+CFLAGS-crypto-evp.o = $(RFC3961_INCLUDES)
+
+crypto-data.o: $(TOP_SRCDIR)/external/heimdal/krb5/data.c
+ $(CRULE_OPT)
+CFLAGS-crypto-data.o = $(RFC3961_INCLUDES)
+
+crypto-keyblock.o: $(TOP_SRCDIR)/external/heimdal/krb5/keyblock.c
+ $(CRULE_OPT)
+CFLAGS-crypto-keyblock.o = $(RFC3961_INCLUDES)
+
+crypto-store-int.o: $(TOP_SRCDIR)/external/heimdal/krb5/store-int.c
+ $(CRULE_OPT)
+CFLAGS-crypto-store-int.o = $(RFC3961_INCLUDES)
+
+crypto-random.o: $(TOP_SRCDIR)/crypto/rfc3961/kernel/random.c
+ $(CRULE_OPT)
+CFLAGS-crypto-random.o = -I$(TOP_SRCDIR)/crypto/kernel
+
+crypto-algs.o: $(TOP_SRCDIR)/crypto/rfc3961/kernel/algs.c
+ $(CRULE_OPT)
+CFLAGS-crypto-algs.o = $(RFC3961_INCLUDES)
+
+crypto-copy.o: $(TOP_SRCDIR)/crypto/rfc3961/copy.c
+ $(CRULE_OPT)
+CFLAGS-crypto-copy.o = $(RFC3961_INCLUDES)
+
+crypto-context.o: $(TOP_SRCDIR)/crypto/rfc3961/context.c
+ $(CRULE_OPT)
+CFLAGS-crypto-context.o = $(RFC3961_INCLUDES)
+
+crypto-ct.o: $(TOP_SRCDIR)/external/heimdal/roken/ct.c
+ $(CRULE_OPT)
+CFLAGS-crypto-ct.o = $(RFC3961_INCLUDES)
+
# Files which are specific to particular architectures/targets
# but have common build rules. Place here instead of duplicating
# in the per-platform Makefiles.
CFLAGS_md5.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto
CFLAGS_random.o = -I$(TOP_SRCDIR)/external/heimdal/hcrypto
+RFC3961_INCLUDES = -I$(TOP_SRCDIR)/crypto/rfc3961 \
+ -I$(TOP_SRCDIR)/external/heimdal/krb5
+
+CFLAGS_crypto.o = $(RFC3961_INCLUDES)
+CFLAGS_crypto-aes.o = $(RFC3961_INCLUDES)
+CFLAGS_crypto-context.o = $(RFC3961_INCLUDES)
+CFLAGS_crypto-copy.o = $(RFC3961_INCLUDES)
+CFLAGS_crypto-ct.o = $(RFC3961_INCLUDES)
+CFLAGS_crypto-evp.o = $(RFC3961_INCLUDES)
+CFLAGS_crypto-data.o = $(RFC3961_INCLUDES)
+CFLAGS_crypto-keyblock.o = $(RFC3961_INCLUDES)
+CFLAGS_crypto-store-int.o = $(RFC3961_INCLUDES)
+CFLAGS_crypto-random.o = $(RFC3961_INCLUDES)
+CFLAGS_crypto-algs.o = $(RFC3961_INCLUDES)
+CFLAGS_n-fold.o = $(RFC3961_INCLUDES)
+
# System specific build commands and flags
<linux26 linux_26>
# All the platform-specific and kernel-related things are provided by