unsigned char *p;
krb5_context krbContext;
ssize_t desired_output_len = prf_out->length;
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto = NULL;
+#endif
*minor = 0;
goto cleanup;
}
- code = krb5_c_prf_length(krbContext,
- ctx->encryptionType,
- &prflen);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_prf_length(krbContext, ctx->encryptionType, &prflen);
+#else
+ code = krb5_c_prf_length(krbContext, ctx->encryptionType, &prflen);
+#endif
if (code != 0)
goto cleanup;
goto cleanup;
}
-#ifndef HAVE_HEIMDAL_VERSION
- /* Same API, but different allocation rules, unfortunately. */
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, 0, &krbCrypto);
+ if (code != 0)
+ goto cleanup;
+#else
t.length = prflen;
t.data = GSSEAP_MALLOC(t.length);
if (t.data == NULL) {
while (desired_output_len > 0) {
store_uint32_be(i, ns.data);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_prf(krbContext, krbCrypto, &ns, &t);
+#else
code = krb5_c_prf(krbContext, &ctx->rfc3961Key, &ns, &t);
+#endif
if (code != 0)
goto cleanup;
GSSEAP_FREE(ns.data);
}
#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto_destroy(krbContext, krbCrypto);
krb5_data_free(&t);
#else
if (t.data != NULL) {
*pKrbContext = krbContext;
cleanup:
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_xfree(defaultRealm);
+#else
krb5_free_default_realm(krbContext, defaultRealm);
+#endif
if (code != 0 && krbContext != NULL)
krb5_free_context(krbContext);
krb5_keyblock *pKey)
{
krb5_context krbContext;
-#ifndef HAVE_HEIMDAL_VERSION
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto = NULL;
+#else
krb5_data data;
#endif
krb5_data ns, t, derivedKeyData;
KRB_DATA_INIT(&t);
KRB_DATA_INIT(&derivedKeyData);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_enctype_keybits(krbContext, encryptionType, &randomLength);
+ if (code != 0)
+ goto cleanup;
+
+ randomLength = (randomLength + 7) / 8; /* from mit_glue.c */
+
+ code = krb5_enctype_keysize(krbContext, encryptionType, &keyLength);
+ if (code != 0)
+ goto cleanup;
+#else
code = krb5_c_keylengths(krbContext, encryptionType,
&randomLength, &keyLength);
if (code != 0)
goto cleanup;
+#endif /* HAVE_HEIMDAL_VERSION */
- /* Convert EAP MSK into a Kerberos key */
+ /* Convert BrowserID DH key into a Kerberos key */
#ifdef HAVE_HEIMDAL_VERSION
code = krb5_random_to_key(krbContext, encryptionType, inputKey,
ns.data = (char *)constant;
/* Plug derivation constant and key into PRF */
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_prf_length(krbContext, encryptionType, &prfLength);
+#else
code = krb5_c_prf_length(krbContext, encryptionType, &prfLength);
+#endif
if (code != 0)
goto cleanup;
-#ifndef HAVE_HEIMDAL_VERSION
- /* Same API, but different allocation rules, unfortunately. */
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_init(krbContext, &kd, 0, &krbCrypto);
+ if (code != 0)
+ goto cleanup;
+#else
t.length = prfLength;
t.data = GSSEAP_MALLOC(t.length);
if (t.data == NULL) {
{
store_uint32_be(i, ns.data);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_prf(krbContext, krbCrypto, &ns, &t);
+#else
code = krb5_c_prf(krbContext, &kd, &ns, &t);
+#endif
if (code != 0)
goto cleanup;
if (code != 0)
krb5_free_keyblock_contents(krbContext, &kd);
#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto_destroy(krbContext, krbCrypto);
krb5_data_free(&t);
#else
if (t.data != NULL) {
krb5_cksumtype *cksumtype)
{
krb5_context krbContext;
-#ifndef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
+#if !defined(HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE) && !defined(HAVE_HEIMDAL_VERSION)
krb5_data data;
krb5_checksum cksum;
#endif
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto = NULL;
+#endif
GSSEAP_KRB_INIT(&krbContext);
cksumtype);
if (*minor != 0)
return GSS_S_FAILURE;
+#elif defined(HAVE_HEIMDAL_VERSION)
+ *minor = krb5_crypto_init(krbContext, key, 0, &krbCrypto);
+ if (*minor != 0)
+ return GSS_S_FAILURE;
+
+ *minor = krb5_crypto_get_checksum_type(krbContext, krbCrypto, cksumtype);
+
+ krb5_crypto_destroy(krbContext, krbCrypto);
+
+ if (*minor != 0)
+ return GSS_S_FAILURE;
#else
KRB_DATA_INIT(&data);
krb5_free_checksum_contents(krbContext, &cksum);
#endif /* HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE */
- if (!krb5_c_is_keyed_cksum(*cksumtype)) {
+#ifdef HAVE_HEIMDAL_VERSION
+ if (!krb5_checksum_is_keyed(krbContext, *cksumtype))
+#else
+ if (!krb5_c_is_keyed_cksum(*cksumtype))
+#endif
+ {
*minor = (OM_uint32)KRB5KRB_AP_ERR_INAPP_CKSUM;
return GSS_S_FAILURE;
}