2 files changed, 423 insertions, 0 deletions

diff --git a/src/lib/libcrypto/krb5/krb5_asn.c b/src/lib/libcrypto/krb5/krb5_asn.c
new file mode 100644
index 0000000000..1fb741d2a0
--- /dev/null
+++ b/src/lib/libcrypto/krb5/krb5_asn.c
@@ -0,0 +1,167 @@
+/* krb5_asn.c */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
+** using ocsp/{*.h,*asn*.c} as a starting point
+*/
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/krb5_asn.h>
+
+
+ASN1_SEQUENCE(KRB5_ENCDATA) = {
+        ASN1_EXP(KRB5_ENCDATA, etype,           ASN1_INTEGER,     0),
+        ASN1_EXP_OPT(KRB5_ENCDATA, kvno,        ASN1_INTEGER,     1),
+        ASN1_EXP(KRB5_ENCDATA, cipher,          ASN1_OCTET_STRING,2)
+} ASN1_SEQUENCE_END(KRB5_ENCDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)
+
+
+ASN1_SEQUENCE(KRB5_PRINCNAME) = {
+        ASN1_EXP(KRB5_PRINCNAME, nametype,      ASN1_INTEGER,     0),
+        ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
+} ASN1_SEQUENCE_END(KRB5_PRINCNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+
+
+/* [APPLICATION 1] = 0x61 */
+ASN1_SEQUENCE(KRB5_TKTBODY) = {
+        ASN1_EXP(KRB5_TKTBODY, tktvno,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_TKTBODY, realm,           ASN1_GENERALSTRING, 1),
+        ASN1_EXP(KRB5_TKTBODY, sname,           KRB5_PRINCNAME,   2),
+        ASN1_EXP(KRB5_TKTBODY, encdata,         KRB5_ENCDATA,     3)
+} ASN1_SEQUENCE_END(KRB5_TKTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)
+
+
+ASN1_ITEM_TEMPLATE(KRB5_TICKET) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
+                        KRB5_TICKET, KRB5_TKTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)
+
+
+/* [APPLICATION 14] = 0x6e */
+ASN1_SEQUENCE(KRB5_APREQBODY) = {
+        ASN1_EXP(KRB5_APREQBODY, pvno,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_APREQBODY, msgtype,       ASN1_INTEGER,     1),
+        ASN1_EXP(KRB5_APREQBODY, apoptions,     ASN1_BIT_STRING,  2),
+        ASN1_EXP(KRB5_APREQBODY, ticket,        KRB5_TICKET,      3),
+        ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA,     4),
+} ASN1_SEQUENCE_END(KRB5_APREQBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_APREQ) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
+                        KRB5_APREQ, KRB5_APREQBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)
+
+
+/*  Authenticator stuff         */
+
+ASN1_SEQUENCE(KRB5_CHECKSUM) = {
+        ASN1_EXP(KRB5_CHECKSUM, ctype,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_CHECKSUM, checksum,       ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_CHECKSUM)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+
+
+ASN1_SEQUENCE(KRB5_ENCKEY) = {
+        ASN1_EXP(KRB5_ENCKEY,   ktype,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_ENCKEY,   keyvalue,       ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_ENCKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)
+
+
+/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
+ASN1_SEQUENCE(KRB5_AUTHDATA) = {
+        ASN1_EXP(KRB5_AUTHDATA, adtype,         ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_AUTHDATA, addata,         ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_AUTHDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+
+
+/* [APPLICATION 2] = 0x62 */
+ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {
+        ASN1_EXP(KRB5_AUTHENTBODY,      avno,   ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_AUTHENTBODY,      crealm, ASN1_GENERALSTRING, 1),
+        ASN1_EXP(KRB5_AUTHENTBODY,      cname,  KRB5_PRINCNAME,   2),
+        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  cksum,  KRB5_CHECKSUM,    3),
+        ASN1_EXP(KRB5_AUTHENTBODY,      cusec,  ASN1_INTEGER,     4),
+        ASN1_EXP(KRB5_AUTHENTBODY,      ctime,  ASN1_GENERALIZEDTIME, 5),
+        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  subkey, KRB5_ENCKEY,      6),
+        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  seqnum, ASN1_INTEGER,     7),
+        ASN1_EXP_SEQUENCE_OF_OPT
+                    (KRB5_AUTHENTBODY,  authorization,  KRB5_AUTHDATA, 8),
+} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
+                        KRB5_AUTHENT, KRB5_AUTHENTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)
+
diff --git a/src/lib/libcrypto/krb5/krb5_asn.h b/src/lib/libcrypto/krb5/krb5_asn.h
new file mode 100644
index 0000000000..41725d0dc4
--- /dev/null
+++ b/src/lib/libcrypto/krb5/krb5_asn.h
@@ -0,0 +1,256 @@
+/* krb5_asn.h */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
+** using ocsp/{*.h,*asn*.c} as a starting point
+*/
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_KRB5_ASN_H
+#define HEADER_KRB5_ASN_H
+
+/*
+#include <krb5.h>
+*/
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+/*      ASN.1 from Kerberos RFC 1510
+*/
+
+/*      EncryptedData ::=   SEQUENCE {
+**              etype[0]                      INTEGER, -- EncryptionType
+**              kvno[1]                       INTEGER OPTIONAL,
+**              cipher[2]                     OCTET STRING -- ciphertext
+**      }
+*/
+typedef struct  krb5_encdata_st
+        {
+        ASN1_INTEGER                    *etype;
+        ASN1_INTEGER                    *kvno;
+        ASN1_OCTET_STRING               *cipher;
+        }       KRB5_ENCDATA;
+
+DECLARE_STACK_OF(KRB5_ENCDATA)
+
+/*      PrincipalName ::=   SEQUENCE {
+**              name-type[0]                  INTEGER,
+**              name-string[1]                SEQUENCE OF GeneralString
+**      }
+*/
+typedef struct  krb5_princname_st
+        {
+        ASN1_INTEGER                    *nametype;
+        STACK_OF(ASN1_GENERALSTRING)    *namestring;
+        }       KRB5_PRINCNAME;
+
+DECLARE_STACK_OF(KRB5_PRINCNAME)
+
+
+/*      Ticket ::=      [APPLICATION 1] SEQUENCE {
+**              tkt-vno[0]                    INTEGER,
+**              realm[1]                      Realm,
+**              sname[2]                      PrincipalName,
+**              enc-part[3]                   EncryptedData
+**      }
+*/
+typedef struct  krb5_tktbody_st
+        {
+        ASN1_INTEGER                    *tktvno;
+        ASN1_GENERALSTRING              *realm;
+        KRB5_PRINCNAME                  *sname;
+        KRB5_ENCDATA                    *encdata;
+        }       KRB5_TKTBODY;
+
+typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
+DECLARE_STACK_OF(KRB5_TKTBODY)
+
+
+/*      AP-REQ ::=      [APPLICATION 14] SEQUENCE {
+**              pvno[0]                       INTEGER,
+**              msg-type[1]                   INTEGER,
+**              ap-options[2]                 APOptions,
+**              ticket[3]                     Ticket,
+**              authenticator[4]              EncryptedData
+**      }
+**
+**      APOptions ::=   BIT STRING {
+**              reserved(0), use-session-key(1), mutual-required(2) }
+*/
+typedef struct  krb5_ap_req_st
+        {
+        ASN1_INTEGER                    *pvno;
+        ASN1_INTEGER                    *msgtype;
+        ASN1_BIT_STRING                 *apoptions;
+        KRB5_TICKET                     *ticket;
+        KRB5_ENCDATA                    *authenticator;
+        }       KRB5_APREQBODY;
+
+typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
+DECLARE_STACK_OF(KRB5_APREQBODY)
+
+
+/*      Authenticator Stuff     */
+
+
+/*      Checksum ::=   SEQUENCE {
+**              cksumtype[0]                  INTEGER,
+**              checksum[1]                   OCTET STRING
+**      }
+*/
+typedef struct  krb5_checksum_st
+        {
+        ASN1_INTEGER                    *ctype;
+        ASN1_OCTET_STRING               *checksum;
+        }       KRB5_CHECKSUM;
+
+DECLARE_STACK_OF(KRB5_CHECKSUM)
+
+
+/*      EncryptionKey ::=   SEQUENCE {
+**              keytype[0]                    INTEGER,
+**              keyvalue[1]                   OCTET STRING
+**      }
+*/
+typedef struct  krb5_encryptionkey_st
+        {
+        ASN1_INTEGER                    *ktype;
+        ASN1_OCTET_STRING               *keyvalue;
+        }       KRB5_ENCKEY;
+
+DECLARE_STACK_OF(KRB5_ENCKEY)
+
+
+/*      AuthorizationData ::=   SEQUENCE OF SEQUENCE {
+**              ad-type[0]                    INTEGER,
+**              ad-data[1]                    OCTET STRING
+**      }
+*/
+typedef struct  krb5_authorization_st
+        {
+        ASN1_INTEGER                    *adtype;
+        ASN1_OCTET_STRING               *addata;
+        }       KRB5_AUTHDATA;
+
+DECLARE_STACK_OF(KRB5_AUTHDATA)
+
+                        
+/*      -- Unencrypted authenticator
+**      Authenticator ::=    [APPLICATION 2] SEQUENCE    {
+**              authenticator-vno[0]          INTEGER,
+**              crealm[1]                     Realm,
+**              cname[2]                      PrincipalName,
+**              cksum[3]                      Checksum OPTIONAL,
+**              cusec[4]                      INTEGER,
+**              ctime[5]                      KerberosTime,
+**              subkey[6]                     EncryptionKey OPTIONAL,
+**              seq-number[7]                 INTEGER OPTIONAL,
+**              authorization-data[8]         AuthorizationData OPTIONAL
+**      }
+*/
+typedef struct  krb5_authenticator_st
+        {
+        ASN1_INTEGER                    *avno;
+        ASN1_GENERALSTRING              *crealm;
+        KRB5_PRINCNAME                  *cname;
+        KRB5_CHECKSUM                   *cksum;
+        ASN1_INTEGER                    *cusec;
+        ASN1_GENERALIZEDTIME            *ctime;
+        KRB5_ENCKEY                     *subkey;
+        ASN1_INTEGER                    *seqnum;
+        KRB5_AUTHDATA                   *authorization;
+        }       KRB5_AUTHENTBODY;
+
+typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
+DECLARE_STACK_OF(KRB5_AUTHENTBODY)
+
+
+/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
+**      type *name##_new(void);
+**      void name##_free(type *a);
+**      DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
+**       DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
+**        type *d2i_##name(type **a, const unsigned char **in, long len);
+**        int i2d_##name(type *a, unsigned char **out);
+**        DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
+*/
+
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)
+
+DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+