Build 3961 library in userspace, and add enctypes

Build the 3961 library in userspace, with support for the common kerberos enctypes des3-hmac-sha1, arcfour-hmac-md5, and aesXXX-cts-hmac-sha1-96. Export new symbols as well, and suppress deprecated warnings. Rename all symbols, both exported and not, with an oafs_h_ prefix so as to reduce the chance of conflicts. Rename heim_octet_string to avoid confusion about where things are coming from. Reviewed-on: http://gerrit.openafs.org/10050 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> (cherry picked from commit b185c3f00d) Change-Id: Ic479f9c37f79ed8bde3e59e5acd65518773e811b Reviewed-on: http://gerrit.openafs.org/10065 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
2025-01-18 06:50:12 +00:00 · 2013-04-05 20:12:12 -04:00 · 2013-04-05 20:12:12 -04:00 · 050061ca33
commit 050061ca33
parent a583a1a0a7
10 changed files with 372 additions and 24 deletions
--- a/9
+++ b/9
@ -180,7 +180,7 @@ rxgen: lwp
 	$(NTMAKE)
 	$(CD) ..\..

-opr: hcrypto
+opr: rfc3961
     @echo ***** $@
 	$(DOCD) $(SRC)\opr
 	$(CD) $(SRC)\opr
@ -194,6 +194,13 @@ hcrypto: roken
 	$(NTMAKE)
 	$(CD) ..\..\..

+rfc3961: hcrypto
+     @echo ***** $@
+	$(DOCD) $(SRC)\crypto\$@
+	$(CD) $(SRC)\crypto\$@
+	$(NTMAKE)
+	$(CD) ..\..\..
+
 roken: pthread
     @echo ***** $@
        $(DOCD) $(SRC)\roken
--- a/src/config/NTMakefile
+++ b/src/config/NTMakefile
@ -94,6 +94,9 @@ idirs: doclink
 !	IF (!EXIST($(OJT)\crypto\hcrypto))
 		$(MKDIR) $(OJT)\crypto\hcrypto
 !	ENDIF
+!	IF (!EXIST($(OJT)\crypto\rfc3961))
+		$(MKDIR) $(OJT)\crypto\rfc3961
+!	ENDIF
 !	IF (!EXIST($(OJT)\dir))
 		$(MKDIR) $(OJT)\dir
 !	ENDIF
--- a/src/crypto/rfc3961/Makefile.in
+++ b/src/crypto/rfc3961/Makefile.in
@ -7,14 +7,84 @@

 srcdir=@srcdir@
 include @TOP_OBJDIR@/src/config/Makefile.config
+include @TOP_OBJDIR@/src/config/Makefile.lwp
+include @TOP_OBJDIR@/src/config/Makefile.lwptool
+top_builddir=@TOP_OBJDIR@

-all:  ${TOP_INCDIR}/afs/rfc3961.h
+
+UPSTREAM= ${TOP_SRCDIR}/external/heimdal
+
+MODULE_INCLUDE=-I${srcdir} -I${TOP_INCDIR}/hcrypto -I$(UPSTREAM)/krb5 -I$(UPSTREAM)/hcrypto
+
+HEADERS=rfc3961.h krb5_locl.h $(UPSTREAM)/krb5/crypto.h
+
+all:  ${TOP_INCDIR}/afs/rfc3961.h liboafs_rfc3961.la libafsrpc_rfc3961.la \
+        ${TOP_LIBDIR}/libafsrfc3961.a

 ${TOP_INCDIR}/afs/rfc3961.h: rfc3961.h
 	${INSTALL_DATA} $? $@

-install:
+install: libafsrfc3961.a
+	${INSTALL_DATA} libafsrfc3961.a ${DESTDIR}${libdir}/libafsrfc3961.a

-dest:
+dest: libafsrfc3961.a
+	${INSTALL_DATA} libafsrfc3961.a ${DEST}/lib/libafsrfc3961.a

 clean:
+	$(LT_CLEAN)
+	$(RM) -f *.o *.a
+
+LT_objs=context.lo copy.lo crypto-aes.lo crypto-algs.lo crypto-arcfour.lo \
+	crypto.lo crypto-des3.lo crypto-des.lo crypto-des-common.lo \
+	crypto-evp.lo crypto-null.lo crypto-rand.lo data.lo keyblock.lo \
+	n-fold.lo store-int.lo
+
+LT_deps=
+
+LT_libs=$(LDFLAGS_hcrypto) $(LIB_hcrypto) $(LDFLAGS_roken) $(LIB_roken)
+
+${TOP_LIBDIR}/libafsrfc3961.a: libafsrfc3961.a
+	${INSTALL_DATA} $? $@
+
+CFLAGS_crypto-arcfour.lo=@CFLAGS_NOERROR@
+CFLAGS_crypto-des-common.lo=@CFLAGS_NOERROR@
+
+context.lo: context.c ${HEADERS}
+copy.lo: copy.c ${HEADERS}
+crypto-aes.lo: ${UPSTREAM}/krb5/crypto-aes.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-aes.c
+crypto-algs.lo: ${UPSTREAM}/krb5/crypto-algs.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-algs.c
+crypto-arcfour.lo: ${UPSTREAM}/krb5/crypto-arcfour.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-arcfour.c
+crypto.lo: ${UPSTREAM}/krb5/crypto.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto.c
+crypto-des3.lo: ${UPSTREAM}/krb5/crypto-des3.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-des3.c
+crypto-des.lo: ${UPSTREAM}/krb5/crypto-des.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-des.c
+crypto-des-common.lo: ${UPSTREAM}/krb5/crypto-des-common.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-des-common.c
+crypto-evp.lo: ${UPSTREAM}/krb5/crypto-evp.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-evp.c
+crypto-null.lo: ${UPSTREAM}/krb5/crypto-null.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-null.c
+crypto-rand.lo: ${UPSTREAM}/krb5/crypto-rand.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-rand.c
+data.lo: ${UPSTREAM}/krb5/data.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/data.c
+keyblock.lo: ${UPSTREAM}/krb5/keyblock.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/keyblock.c
+n-fold.lo: ${UPSTREAM}/krb5/n-fold.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/n-fold.c
+store-int.lo: ${UPSTREAM}/krb5/store-int.c ${HEADERS}
+	$(LTLWP_CCRULE) ${UPSTREAM}/krb5/store-int.c
+
+liboafs_rfc3961.la: liboafs_rfc3961.la.sym $(LT_objs) $(LT_deps)
+	$(LT_LDLIB_shlib) $(LT_objs) $(LT_deps) $(LT_libs) $(MT_LIBS)
+
+libafsrpc_rfc3961.la: $(LT_objs)
+	$(LT_LDLIB_pic) $(LT_objs) $(MT_LIBS)
+
+libafsrfc3961.a: $(LT_objs)
+	$(LT_LDLIB_lwp) $(LT_objs)
--- a/src/crypto/rfc3961/NTMakefile
+++ b/src/crypto/rfc3961/NTMakefile
@ -0,0 +1,68 @@
+RELDIR=crypto\rfc3961
+!include ..\..\config\NTMakefile.$(SYS_NAME)
+!include ..\..\config\NTMakefile.version
+
+UPSTREAM = $(SRC)\external\heimdal
+HKRB5 = $(UPSTREAM)\krb5
+AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -I$(UPSTREAM)\hcrypto -I$(UPSTREAM)\krb5
+
+INCFILEDIR = $(DESTDIR)\include\afs
+
+INCFILES = \
+	$(INCFILEDIR)\rfc3961.h
+
+LIBFILE = $(DESTDIR)\lib\afsrfc3961.dll
+
+# Object files by category.
+LOCAL_OBJS = \
+	$(OUT)\context.obj \
+	$(OUT)\copy.obj
+
+HKRB5_OBJS = \
+        $(OUT)\crypto-aes.obj \
+        $(OUT)\crypto-algs.obj \
+        $(OUT)\crypto-arcfour.obj \
+        $(OUT)\crypto.obj \
+        $(OUT)\crypto-des3.obj \
+        $(OUT)\crypto-des.obj \
+        $(OUT)\crypto-des-common.obj \
+        $(OUT)\crypto-evp.obj \
+        $(OUT)\crypto-null.obj \
+	$(OUT)\crypto-rand.obj \
+        $(OUT)\data.obj \
+        $(OUT)\keyblock.obj \
+        $(OUT)\n-fold.obj \
+        $(OUT)\store-int.obj
+
+$(HKRB5_OBJS):$(HKRB5)\$$(@B).c
+	$(C2OBJ) $** -I$(HKRB5)
+
+$(INCFILES):$$(@B).h
+	$(COPY) $** $(INCFILEDIR)
+
+RESFILE = $(OUT)\afsrfc3961.res
+
+$(RESFILE): afsrfc3961.rc AFS_component_version_number.h
+
+!if !defined(NMAKE)
+NTMAKE = nmake /nologo /f ntmakefile
+!endif
+
+DLLLIBS = \
+	$(DESTDIR)\lib\afsroken.lib $(DESTDIR)\lib\afshcrypto.lib
+
+$(LIBFILE): $(LOCAL_OBJS) $(HKRB5_OBJS) $(RESFILE) $(DLLLIBS)
+	$(DLLCONLINK) /DEF:afsrfc3961.def shell32.lib
+        $(_VC_MANIFEST_EMBED_DLL)
+	$(DLLPREP)
+        $(CODESIGN_USERLAND)
+        $(SYMSTORE_IMPORT)
+	$(MAKECYGLIB) --input-def afsrfc3961.def
+
+install_headers: $(INCFILES)
+
+install: install_headers $(LIBFILE)
+
+clean::
+        $(DEL) $(INCFILES)
+	$(DEL) $(LIBFILE) $(DESTDIR)\lib\afsrfc3961.lib $(DESTDIR)\lib\afsrfc3961.exp
--- a/src/crypto/rfc3961/afsrfc3961.def
+++ b/src/crypto/rfc3961/afsrfc3961.def
@ -0,0 +1,16 @@
+EXPORTS
+	oafs_h_krb5_init_context                    @1
+	oafs_h_krb5_free_context                    @2
+	oafs_h_krb5_enctype_valid                   @3
+	oafs_h_krb5_crypto_init                     @4
+	oafs_h_krb5_crypto_destroy                  @5
+	oafs_h_krb5_encrypt                         @6
+	oafs_h_krb5_decrypt                         @7
+	oafs_h_krb5_enctype_keybits                 @8
+	oafs_h_krb5_data_free                       @9
+	oafs_h_krb5_data_alloc                      @10
+	oafs_h_krb5_keyblock_init                   @11
+	oafs_h_krb5_copy_keyblock                   @12
+	oafs_h_krb5_copy_keyblock_contents          @13
+	oafs_h_krb5_free_keyblock                   @14
+	oafs_h_krb5_free_keyblock_contents          @15
--- a/src/crypto/rfc3961/afsrfc3961.rc
+++ b/src/crypto/rfc3961/afsrfc3961.rc
@ -0,0 +1,9 @@
+/* Define VERSIONINFO resource */
+
+#define  AFS_VERINFO_FILE_DESCRIPTION "AFS RFC 3961 Crypto DLL"
+#define AFS_VERINFO_DLL
+#define  AFS_VERINFO_NAME "afsrfc3961"
+#define  AFS_VERINFO_FILENAME "afsrfc3961.dll"
+
+#include "AFS_component_version_number.h"
+#include "..\..\config\NTVersioninfo.rc"
--- a/src/crypto/rfc3961/kernel/random.c
+++ b/src/crypto/rfc3961/kernel/random.c
@ -30,8 +30,8 @@

 #include "rfc3961.h"

-krb5_error_code
+void
 krb5_generate_random_block(void *buf, size_t len)
 {
-    return osi_readRandom(buf, len);
+    osi_readRandom(buf, len);
 }
--- a/src/crypto/rfc3961/krb5_locl.h
+++ b/src/crypto/rfc3961/krb5_locl.h
@ -7,32 +7,52 @@
 #include "config.h"

 #else
-
+#include <afsconfig.h>
+#include <afs/stds.h>
 #include <roken.h>

 #include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
+#ifndef AFS_NT40_ENV
 #include <sys/param.h>
 #include <inttypes.h>
-#include <sys/types.h>
 #include <sys/errno.h>
-#include <pthread.h>
+#endif
+#include <sys/types.h>

 #endif

 #include <hcrypto/evp.h>
+#include <hcrypto/des.h>
+#include <hcrypto/rc4.h>
 #include <hcrypto/sha.h>
+#include <hcrypto/md5.h>

 #include "rfc3961.h"

 #ifndef KERNEL
+#ifdef AFS_PTHREAD_ENV
+#include <pthread.h>
 # define HEIMDAL_MUTEX pthread_mutex_t
 # define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
 # define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL)
 # define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m)
 # define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m)
 # define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m)
+#else
+/* The one location in this library which uses mutexes is the PRNG
+ * code. As this code takes no locks, never yields, and does no
+ * I/O through the LWP IO Manager, it cannot be pre-empted, so
+ * it is safe to simply remove the locks in this case
+ */
+#define HEIMDAL_MUTEX int
+#define HEIMDAL_MUTEX_INITIALIZER 0
+#define HEIMDAL_MUTEX_init(m) do { (void)(m); } while(0)
+#define HEIMDAL_MUTEX_lock(m) do { (void)(m); } while(0)
+#define HEIMDAL_MUTEX_unlock(m) do { (void)(m); } while(0)
+#define HEIMDAL_MUTEX_destroy(m) do { (void)(m); } while(0)
+#endif
 #endif

 #define HEIMDAL_SMALLER 1
@ -73,7 +93,7 @@ typedef ssize_t krb5_ssize_t;
 typedef struct EncryptedData {
  int etype;
  int *kvno;
-  heim_octet_string cipher;
+  afs_heim_octet_string cipher;
 } EncryptedData;

 typedef enum krb5_salttype {
@ -95,6 +115,7 @@ typedef enum krb5_keytype {
 #define KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 KEYTYPE_DES3
 #define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 KEYTYPE_AES128
 #define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 KEYTYPE_AES256
+#define KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 KEYTYPE_ARCFOUR

 typedef struct krb5_salt {
    krb5_salttype salttype;
@ -140,6 +161,70 @@ typedef struct krb5_crypto_iov {
 * numbers out, but no meaningful text */
 #define N_(X, Y) X

+/* rename internal symbols, to reduce conflicts with external kerberos
+   libraries */
+#define krb5_abortx _oafs_h_krb5_abortx
+#define krb5_set_error_message _oafs_h_krb5_set_error_message
+#define copy_EncryptionKey _oafs_h_copy_EncryptionKey
+#define der_copy_octet_string _oafs_h_der_copy_octet_string
+#define _krb5_HMAC_MD5_checksum _oafs_h__krb5_HMAC_MD5_checksum
+#define _krb5_usage2arcfour _oafs_h__krb5_usage2arcfour
+#define _krb5_SP_HMAC_SHA1_checksum _oafs_h__krb5_SP_HMAC_SHA1_checksum
+#define _krb5_derive_key _oafs_h__krb5_derive_key
+#define _krb5_find_checksum _oafs_h__krb5_find_checksum
+#define _krb5_find_enctype _oafs_h__krb5_find_enctype
+#define _krb5_free_key_data _oafs_h__krb5_free_key_data
+#define _krb5_internal_hmac _oafs_h__krb5_internal_hmac
+#define krb5_allow_weak_crypto _oafs_h_krb5_allow_weak_crypto
+#define krb5_checksum_disable _oafs_h_krb5_checksum_disable
+#define krb5_checksum_is_collision_proof _oafs_h_krb5_checksum_is_collision_proof
+#define krb5_checksum_is_keyed _oafs_h_krb5_checksum_is_keyed
+#define krb5_cksumtype_to_enctype _oafs_h_krb5_cksumtype_to_enctype
+#define krb5_cksumtype_valid _oafs_h_krb5_cksumtype_valid
+#define krb5_create_checksum_iov _oafs_h_krb5_create_checksum_iov
+#define krb5_crypto_getblocksize _oafs_h_krb5_crypto_getblocksize
+#define krb5_crypto_getconfoundersize _oafs_h_krb5_crypto_getconfoundersize
+#define krb5_crypto_getenctype _oafs_h_krb5_crypto_getenctype
+#define krb5_crypto_getpadsize _oafs_h_krb5_crypto_getpadsize
+#define krb5_crypto_length _oafs_h_krb5_crypto_length
+#define krb5_crypto_length_iov _oafs_h_krb5_crypto_length_iov
+#define krb5_crypto_prf_length _oafs_h_krb5_crypto_prf_length
+#define krb5_decrypt_EncryptedData _oafs_h_krb5_decrypt_EncryptedData
+#define krb5_decrypt_iov_ivec _oafs_h_krb5_decrypt_iov_ivec
+#define krb5_decrypt_ivec _oafs_h_krb5_decrypt_ivec
+#define krb5_derive_key _oafs_h_krb5_derive_key
+#define krb5_encrypt_EncryptedData _oafs_h_krb5_encrypt_EncryptedData
+#define krb5_encrypt_iov_ivec _oafs_h_krb5_encrypt_iov_ivec
+#define krb5_encrypt_ivec _oafs_h_krb5_encrypt_ivec
+#define krb5_enctype_disable _oafs_h_krb5_enctype_disable
+#define krb5_enctype_enable _oafs_h_krb5_enctype_enable
+#define krb5_enctype_keysize _oafs_h_krb5_enctype_keysize
+#define krb5_enctype_to_keytype _oafs_h_krb5_enctype_to_keytype
+#define krb5_enctype_to_string _oafs_h_krb5_enctype_to_string
+#define krb5_generate_random_keyblock _oafs_h_krb5_generate_random_keyblock
+#define krb5_get_wrapped_length _oafs_h_krb5_get_wrapped_length
+#define krb5_hmac _oafs_h_krb5_hmac
+#define krb5_is_enctype_weak _oafs_h_krb5_is_enctype_weak
+#define krb5_string_to_enctype _oafs_h_krb5_string_to_enctype
+#define krb5_verify_checksum_iov _oafs_h_krb5_verify_checksum_iov
+#define _krb5_DES3_random_to_key _oafs_h__krb5_DES3_random_to_key
+#define _krb5_xor _oafs_h__krb5_xor
+#define _krb5_evp_cleanup _oafs_h__krb5_evp_cleanup
+#define _krb5_evp_encrypt _oafs_h__krb5_evp_encrypt
+#define _krb5_evp_encrypt_cts _oafs_h__krb5_evp_encrypt_cts
+#define _krb5_evp_schedule _oafs_h__krb5_evp_schedule
+#define krb5_copy_data _oafs_h_krb5_copy_data
+#define krb5_data_cmp _oafs_h_krb5_data_cmp
+#define krb5_data_copy _oafs_h_krb5_data_copy
+#define krb5_data_ct_cmp _oafs_h_krb5_data_ct_cmp
+#define krb5_data_realloc _oafs_h_krb5_data_realloc
+#define krb5_data_zero _oafs_h_krb5_data_zero
+#define krb5_free_data _oafs_h_krb5_free_data
+#define _krb5_n_fold _oafs_h__krb5_n_fold
+#define _krb5_get_int _oafs_h__krb5_get_int
+#define _krb5_put_int _oafs_h__krb5_put_int
+
+
 /* These have to be real functions, because IRIX doesn't seem to support
 * variadic macros */
 void krb5_set_error_message(krb5_context, krb5_error_code, const char *, ...);
@ -169,10 +254,13 @@ void krb5_free_keyblock(krb5_context, krb5_keyblock *);
 int krb5_data_ct_cmp(const krb5_data *, const krb5_data *);
 int der_copy_octet_string(const krb5_data *, krb5_data *);
 int copy_EncryptionKey(const krb5_keyblock *, krb5_keyblock *);
-int ct_memcmp(const void *p1, const void *p2, size_t len);
 krb5_error_code krb5_enctype_to_string(krb5_context context,
 				       krb5_enctype etype,
 				       char **string);
+#ifdef KERNEL
+/* Roken provides this in userspace, but we're on our own in the kernel. */
+int ct_memcmp(const void *p1, const void *p2, size_t len);
+#endif


 #include "crypto.h"
@ -196,22 +284,38 @@ krb5_error_code _krb5_SP_HMAC_SHA1_checksum (krb5_context,
 					     const void *,
 					     size_t, unsigned, Checksum *);

-/* These are bodges - we don't implement these encryption types, but
- * crypto.c contains hard coded references to them, and to these funcs.
- *
- * They will never actually be called ...
+void _krb5_xor(DES_cblock *key, const unsigned char *b);
+
+#ifdef KERNEL
+/*
+ * Ew, gross!
+ * crypto.c contains hard-coded references to these, so even though we don't
+ * implement these enctypes in the kernel, we need to have stubs present in
+ * order to link a kernel module.  In userspace, we do implement these enctypes,
+ * and the real functions are provided by the heimdal source files.
 */
 static_inline krb5_error_code
 _krb5_usage2arcfour(krb5_context context, unsigned *usage) {
-   return -1;
+    return -1;
 }

 static_inline void
+_krb5_DES3_random_to_key(krb5_context context, krb5_keyblock *key,
+			 const void *rand, size_t size) {
+    return;
+}
+#else	/* KERNEL */
+void
 _krb5_DES3_random_to_key (krb5_context context,
 			  krb5_keyblock *key,
 			  const void *rand,
-			  size_t size) {
-   return;
-}
+			  size_t size);
+
+krb5_error_code _krb5_usage2arcfour(krb5_context context, unsigned *usage);
+#endif	/* KERNEL */

 #define _krb5_AES_salt NULL
+#define _krb5_arcfour_salt NULL
+#define _krb5_des3_salt NULL
+#define _krb5_des3_salt_derived NULL
+#define _krb5_des_salt NULL
--- a/src/crypto/rfc3961/liboafs_rfc3961.la.sym
+++ b/src/crypto/rfc3961/liboafs_rfc3961.la.sym
@ -0,0 +1,22 @@
+oafs_h_free_Checksum
+oafs_h_krb5_init_context
+oafs_h_krb5_free_context
+oafs_h_krb5_enctype_valid
+oafs_h_krb5_checksumsize
+oafs_h_krb5_create_checksum
+oafs_h_krb5_crypto_init
+oafs_h_krb5_crypto_destroy
+oafs_h_krb5_crypto_overhead
+oafs_h_krb5_crypto_prf
+oafs_h_krb5_encrypt
+oafs_h_krb5_decrypt
+oafs_h_krb5_enctype_keybits
+oafs_h_krb5_data_free
+oafs_h_krb5_data_alloc
+oafs_h_krb5_keyblock_get_enctype
+oafs_h_krb5_keyblock_init
+oafs_h_krb5_copy_keyblock
+oafs_h_krb5_copy_keyblock_contents
+oafs_h_krb5_free_keyblock
+oafs_h_krb5_free_keyblock_contents
+oafs_h_krb5_verify_checksum
--- a/src/crypto/rfc3961/rfc3961.h
+++ b/src/crypto/rfc3961/rfc3961.h
@ -11,13 +11,13 @@ typedef struct _krb5_context * krb5_context;
 typedef struct {
    size_t length;
    void *data;
-} heim_octet_string;
+} afs_heim_octet_string;

-typedef heim_octet_string krb5_data;
+typedef afs_heim_octet_string krb5_data;

 typedef struct {
  int keytype;
-  heim_octet_string keyvalue;
+  afs_heim_octet_string keyvalue;
 } krb5_keyblock;

 typedef struct krb5_crypto_data *krb5_crypto;
@ -45,7 +45,7 @@ typedef enum CKSUMTYPE {

 typedef struct Checksum {
  CKSUMTYPE cksumtype;
-  heim_octet_string checksum;
+  afs_heim_octet_string checksum;
 } Checksum;

 typedef int krb5_cksumtype;
@ -83,6 +83,24 @@ enum {

 typedef ENCTYPE krb5_enctype;

+#define krb5_init_context oafs_h_krb5_init_context
+#define krb5_free_context oafs_h_krb5_free_context
+#define krb5_enctype_valid oafs_h_krb5_enctype_valid
+#define krb5_crypto_init oafs_h_krb5_crypto_init
+#define krb5_crypto_destroy oafs_h_krb5_crypto_destroy
+#define krb5_encrypt oafs_h_krb5_encrypt
+#define krb5_decrypt oafs_h_krb5_decrypt
+#define krb5_enctype_keybits oafs_h_krb5_enctype_keybits
+#define krb5_data_free oafs_h_krb5_data_free
+#define krb5_data_alloc oafs_h_krb5_data_alloc
+#define krb5_keyblock_init oafs_h_krb5_keyblock_init
+#define krb5_copy_keyblock oafs_h_krb5_copy_keyblock
+#define krb5_copy_keyblock_contents oafs_h_krb5_copy_keyblock_contents
+#define krb5_free_keyblock oafs_h_krb5_free_keyblock
+#define krb5_free_keyblock_contents oafs_h_krb5_free_keyblock_contents
+#define krb5_keyblock_zero oafs_h_krb5_keyblock_zero
+#define krb5_keyblock_get_enctype oafs_h_krb5_keyblock_get_enctype
+
 krb5_error_code krb5_init_context(krb5_context *context);

 void krb5_free_context(krb5_context context);
@ -122,6 +140,12 @@ krb5_error_code krb5_data_alloc(krb5_data *p, int len);
 void krb5_free_keyblock_contents(krb5_context context,
 				 krb5_keyblock *keyblock);

+#define krb5_crypto_prf oafs_h_krb5_crypto_prf
+#define krb5_crypto_fx_cf2 oafs_h_krb5_crypto_fx_cf2
+#define krb5_generate_random_block oafs_h_krb5_generate_random_block
+#define krb5_random_to_key oafs_h_krb5_random_ro_key
+#define krb5_crypto_overhead oafs_h_krb5_crypto_overhead
+
 krb5_error_code krb5_crypto_prf(krb5_context context,
 				const krb5_crypto crypto,
 				const krb5_data *input,
@ -135,7 +159,7 @@ krb5_error_code krb5_crypto_fx_cf2(krb5_context context,
 				   krb5_enctype enctype,
 				   krb5_keyblock *res);

-krb5_error_code krb5_generate_random_block(void *buf, size_t len);
+void krb5_generate_random_block(void *buf, size_t len);

 krb5_error_code krb5_random_to_key(krb5_context context,
 				   krb5_enctype type,
@ -146,6 +170,12 @@ krb5_error_code krb5_random_to_key(krb5_context context,
 size_t krb5_crypto_overhead (krb5_context context,
 			     krb5_crypto crypto);

+#define krb5_crypto_get_checksum_type oafs_h_krb5_crypto_get_checksum_type
+#define krb5_checksumsize oafs_h_krb5_checksumsize
+#define krb5_create_checksum oafs_h_krb5_create_checksum
+#define krb5_verify_checksum oafs_h_krb5_verify_checksum
+#define free_Checksum oafs_h_free_Checksum
+
 krb5_error_code krb5_crypto_get_checksum_type (krb5_context context,
 					       krb5_crypto crypto,
 					       krb5_cksumtype *type);
@ -168,4 +198,23 @@ krb5_error_code krb5_verify_checksum (krb5_context context,
 				      size_t len,
 				      Checksum *cksum);

+
 void free_Checksum(Checksum *data);
+
+void krb5_keyblock_zero(krb5_keyblock *keyblock);
+void krb5_free_keyblock_contents(krb5_context context,
+			    krb5_keyblock *keyblock);
+void krb5_free_keyblock(krb5_context context,
+		   krb5_keyblock *keyblock);
+krb5_error_code krb5_copy_keyblock_contents (krb5_context context,
+			     const krb5_keyblock *inblock,
+			     krb5_keyblock *to);
+krb5_error_code krb5_copy_keyblock (krb5_context context,
+		    const krb5_keyblock *inblock,
+		    krb5_keyblock **to);
+krb5_enctype krb5_keyblock_get_enctype(const krb5_keyblock *block);
+krb5_error_code krb5_keyblock_init(krb5_context context,
+		   krb5_enctype type,
+		   const void *data,
+		   size_t size,
+		   krb5_keyblock *key);