s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)

author: Andrew Bartlett <abartlet@samba.org> 2010-01-12 18:16:45 +1100
committer: Andrew Bartlett <abartlet@samba.org> 2010-03-27 11:51:27 +1100
commit: 89eaef025376339ef25d07cdc4748920fceaa968 (patch)
tree: f514f4632c9d54a372a7f1f0ca845a0c3a488fbf /source4/heimdal/lib/hcrypto
parent: fac8ca52ade6e490eea3cf3d0fc98287da321c13 (diff)
download: samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.gz
samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.bz2
samba-89eaef025376339ef25d07cdc4748920fceaa968.zip
16 files changed, 131 insertions, 49 deletions
diff --git a/source4/heimdal/lib/hcrypto/aes.h b/source4/heimdal/lib/hcrypto/aes.h
index 23f8f5d0ab..273f1dd569 100644
--- a/source4/heimdal/lib/hcrypto/aes.h
+++ b/source4/heimdal/lib/hcrypto/aes.h
@@ -69,7 +69,7 @@ void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *);
 void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *);
 
 void AES_cbc_encrypt(const unsigned char *, unsigned char *,
-		     const unsigned long, const AES_KEY *,
+		     unsigned long, const AES_KEY *,
 		     unsigned char *, int);
 
 #ifdef  __cplusplus
diff --git a/source4/heimdal/lib/hcrypto/bn.c b/source4/heimdal/lib/hcrypto/bn.c
index 545d9529d3..17c1ec79b7 100644
--- a/source4/heimdal/lib/hcrypto/bn.c
+++ b/source4/heimdal/lib/hcrypto/bn.c
@@ -40,6 +40,7 @@
 #include <limits.h>
 
 #include <krb5-types.h>
+#include <roken.h>
 #include <rfc2459_asn1.h> /* XXX */
 #include <der.h>
 
diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c
index c9067d7bcc..43ff8a3f50 100644
--- a/source4/heimdal/lib/hcrypto/des.c
+++ b/source4/heimdal/lib/hcrypto/des.c
@@ -92,6 +92,8 @@
 #include <krb5-types.h>
 #include <assert.h>
 
+#include <roken.h>
+
 #include "des.h"
 #include "ui.h"
 
@@ -180,14 +182,13 @@ static DES_cblock weak_keys[] = {
 int
 DES_is_weak_key(DES_cblock *key)
 {
+    int weak = 0;
     int i;
 
-    /* Not constant time size if the key is weak, the app should not use it. */
-    for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) {
-	if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0)
-	    return 1;
-    }
-    return 0;
+    for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++)
+	weak ^= (ct_memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0);
+
+    return !!weak;
 }
 
 /**
diff --git a/source4/heimdal/lib/hcrypto/evp-cc.c b/source4/heimdal/lib/hcrypto/evp-cc.c
index 15b3479f8e..f1da22537d 100644
--- a/source4/heimdal/lib/hcrypto/evp-cc.c
+++ b/source4/heimdal/lib/hcrypto/evp-cc.c
@@ -3,6 +3,8 @@
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -43,7 +45,9 @@
 #include <string.h>
 #include <assert.h>
 
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
 #include <CommonCrypto/CommonDigest.h>
+#endif
 #include <CommonCrypto/CommonCryptor.h>
 
 #include <evp.h>
@@ -420,6 +424,7 @@ EVP_cc_rc2_64_cbc(void)
 const EVP_MD *
 EVP_cc_md2(void)
 {
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
     static const struct hc_evp_md md2 = {
 	CC_MD2_DIGEST_LENGTH,
 	CC_MD2_BLOCK_BYTES,
@@ -430,6 +435,9 @@ EVP_cc_md2(void)
 	(hc_evp_md_cleanup)NULL
     };
     return &md2;
+#else
+    return NULL;
+#endif
 }
 
 /**
@@ -441,6 +449,7 @@ EVP_cc_md2(void)
 const EVP_MD *
 EVP_cc_md4(void)
 {
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
     static const struct hc_evp_md md4 = {
 	CC_MD4_DIGEST_LENGTH,
 	CC_MD4_BLOCK_BYTES,
@@ -451,6 +460,9 @@ EVP_cc_md4(void)
 	(hc_evp_md_cleanup)NULL
     };
     return &md4;
+#else
+    return NULL;
+#endif
 }
 
 /**
@@ -462,6 +474,7 @@ EVP_cc_md4(void)
 const EVP_MD *
 EVP_cc_md5(void)
 {
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
     static const struct hc_evp_md md5 = {
 	CC_MD5_DIGEST_LENGTH,
 	CC_MD5_BLOCK_BYTES,
@@ -472,6 +485,9 @@ EVP_cc_md5(void)
 	(hc_evp_md_cleanup)NULL
     };
     return &md5;
+#else
+    return NULL;
+#endif
 }
 
 /**
@@ -483,6 +499,7 @@ EVP_cc_md5(void)
 const EVP_MD *
 EVP_cc_sha1(void)
 {
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
     static const struct hc_evp_md sha1 = {
 	CC_SHA1_DIGEST_LENGTH,
 	CC_SHA1_BLOCK_BYTES,
@@ -493,6 +510,9 @@ EVP_cc_sha1(void)
 	(hc_evp_md_cleanup)NULL
     };
     return &sha1;
+#else
+    return NULL;
+#endif
 }
 
 /**
@@ -504,6 +524,7 @@ EVP_cc_sha1(void)
 const EVP_MD *
 EVP_cc_sha256(void)
 {
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
     static const struct hc_evp_md sha256 = {
 	CC_SHA256_DIGEST_LENGTH,
 	CC_SHA256_BLOCK_BYTES,
@@ -514,6 +535,9 @@ EVP_cc_sha256(void)
 	(hc_evp_md_cleanup)NULL
     };
     return &sha256;
+#else
+    return NULL;
+#endif
 }
 
 /**
diff --git a/source4/heimdal/lib/hcrypto/evp-cc.h b/source4/heimdal/lib/hcrypto/evp-cc.h
index d2df771bc0..0febd21e98 100644
--- a/source4/heimdal/lib/hcrypto/evp-cc.h
+++ b/source4/heimdal/lib/hcrypto/evp-cc.h
@@ -41,7 +41,7 @@
 #define EVP_cc_md4 hc_EVP_cc_md4
 #define EVP_cc_md5 hc_EVP_cc_md5
 #define EVP_cc_sha1 hc_EVP_cc_sha1
-#define EVP_cc_sha256 hc_EVP__cc_sha256
+#define EVP_cc_sha256 hc_EVP_cc_sha256
 #define EVP_cc_des_cbc hc_EVP_cc_des_cbc
 #define EVP_cc_des_ede3_cbc hc_EVP_cc_des_ede3_cbc
 #define EVP_cc_aes_128_cbc hc_EVP_cc_aes_128_cbc
diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c
index 006db35939..72787e185f 100644
--- a/source4/heimdal/lib/hcrypto/evp.c
+++ b/source4/heimdal/lib/hcrypto/evp.c
@@ -49,6 +49,7 @@
 #include <evp-cc.h>
 
 #include <krb5-types.h>
+#include <roken.h>
 
 #ifndef HCRYPTO_DEF_PROVIDER
 #define HCRYPTO_DEF_PROVIDER hcrypto
diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h
index 600f69b7a5..ae92ab4899 100644
--- a/source4/heimdal/lib/hcrypto/evp.h
+++ b/source4/heimdal/lib/hcrypto/evp.h
@@ -214,24 +214,24 @@ HC_CPP_BEGIN
  */
 
 const EVP_MD *EVP_md_null(void);
-const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO;
-const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO;
-const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO;
-const EVP_MD *EVP_sha(void) HC_DEPRECATED;
+HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md2(void);
+HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md4(void);
+HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_sha(void);
 const EVP_MD *EVP_sha1(void);
 const EVP_MD *EVP_sha256(void);
 
 const EVP_CIPHER * EVP_aes_128_cbc(void);
 const EVP_CIPHER * EVP_aes_192_cbc(void);
 const EVP_CIPHER * EVP_aes_256_cbc(void);
-const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO;
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_des_cbc(void);
 const EVP_CIPHER * EVP_des_ede3_cbc(void);
 const EVP_CIPHER * EVP_enc_null(void);
-const EVP_CIPHER * EVP_rc2_40_cbc(void) HC_DEPRECATED_CRYPTO;
-const EVP_CIPHER * EVP_rc2_64_cbc(void) HC_DEPRECATED_CRYPTO;
-const EVP_CIPHER * EVP_rc2_cbc(void) HC_DEPRECATED_CRYPTO;
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_40_cbc(void);
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_64_cbc(void);
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_cbc(void);
 const EVP_CIPHER * EVP_rc4(void);
-const EVP_CIPHER * EVP_rc4_40(void) HC_DEPRECATED_CRYPTO;
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc4_40(void);
 const EVP_CIPHER * EVP_camellia_128_cbc(void);
 const EVP_CIPHER * EVP_camellia_192_cbc(void);
 const EVP_CIPHER * EVP_camellia_256_cbc(void);
diff --git a/source4/heimdal/lib/hcrypto/hash.h b/source4/heimdal/lib/hcrypto/hash.h
index b8d5d45606..78a795f2a7 100644
--- a/source4/heimdal/lib/hcrypto/hash.h
+++ b/source4/heimdal/lib/hcrypto/hash.h
@@ -43,6 +43,7 @@
 #ifdef KRB5
 #include <krb5-types.h>
 #endif
+#include <roken.h>
 
 #ifndef min
 #define min(a,b) (((a)>(b))?(b):(a))
diff --git a/source4/heimdal/lib/hcrypto/rand-fortuna.c b/source4/heimdal/lib/hcrypto/rand-fortuna.c
index c39c713901..c81eb9e2d7 100644
--- a/source4/heimdal/lib/hcrypto/rand-fortuna.c
+++ b/source4/heimdal/lib/hcrypto/rand-fortuna.c
@@ -35,6 +35,9 @@
 #include <stdlib.h>
 #include <rand.h>
 
+#ifdef KRB5
+#include <krb5-types.h>
+#endif
 #include <roken.h>
 
 #include "randi.h"
@@ -451,6 +454,7 @@ fortuna_reseed(void)
     if (!init_done)
 	abort();
 
+#ifndef NO_RAND_UNIX_METHOD
     {
 	unsigned char buf[INIT_BYTES];
 	if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) {
@@ -459,6 +463,7 @@ fortuna_reseed(void)
 	    memset(buf, 0, sizeof(buf));
 	}
     }
+#endif
 #ifdef HAVE_ARC4RANDOM
     {
 	uint32_t buf[INIT_BYTES / sizeof(uint32_t)];
@@ -470,6 +475,7 @@ fortuna_reseed(void)
 	entropy_p = 1;
     }
 #endif
+#ifndef NO_RAND_EGD_METHOD
     /*
      * Only to get egd entropy if /dev/random or arc4rand failed since
      * it can be horribly slow to generate new bits.
@@ -482,6 +488,7 @@ fortuna_reseed(void)
 	    memset(buf, 0, sizeof(buf));
 	}
     }
+#endif
     /*
      * Fall back to gattering data from timer and secret files, this
      * is really the last resort.
@@ -521,10 +528,12 @@ fortuna_reseed(void)
 	gettimeofday(&tv, NULL);
 	add_entropy(&main_state, (void *)&tv, sizeof(tv));
     }
+#ifdef HAVE_GETUID
     {
 	uid_t u = getuid();
 	add_entropy(&main_state, (void *)&u, sizeof(u));
     }
+#endif
     return entropy_p;
 }
 
diff --git a/source4/heimdal/lib/hcrypto/rand-unix.c b/source4/heimdal/lib/hcrypto/rand-unix.c
index fcad39f1de..4c1f33da59 100644
--- a/source4/heimdal/lib/hcrypto/rand-unix.c
+++ b/source4/heimdal/lib/hcrypto/rand-unix.c
@@ -42,9 +42,6 @@
 
 #include "randi.h"
 
-static int random_fd = -1;
-static HEIMDAL_MUTEX random_mutex = HEIMDAL_MUTEX_INITIALIZER;
-
 /*
  * Unix /dev/random
  */
@@ -93,44 +90,29 @@ static int
 unix_bytes(unsigned char *outdata, int size)
 {
     ssize_t count;
-    int once = 0;
+    int fd;
 
     if (size < 0)
 	return 0;
     else if (size == 0)
 	return 1;
 
-    HEIMDAL_MUTEX_lock(&random_mutex);
-    if (random_fd == -1) {
-    retry:
-	random_fd = get_device_fd(O_RDONLY);
-	if (random_fd < 0) {
-	    HEIMDAL_MUTEX_unlock(&random_mutex);
-	    return 0;
-	}
-    }
+    fd = get_device_fd(O_RDONLY);
+    if (fd < 0)
+	return 0;
 
     while (size > 0) {
-	HEIMDAL_MUTEX_unlock(&random_mutex);
-	count = read (random_fd, outdata, size);
-	HEIMDAL_MUTEX_lock(&random_mutex);
-	if (random_fd < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else if (errno == EBADF && once++ == 0) {
-		close(random_fd);
-		random_fd = -1;
-		goto retry;
-	    }
-	    return 0;
-	} else if (count <= 0) {
-	    HEIMDAL_MUTEX_unlock(&random_mutex);
+	count = read(fd, outdata, size);
+	if (count < 0 && errno == EINTR)
+	    continue;
+	else if (count <= 0) {
+	    close(fd);
 	    return 0;
 	}
 	outdata += count;
 	size -= count;
     }
-    HEIMDAL_MUTEX_unlock(&random_mutex);
+    close(fd);
 
     return 1;
 }
diff --git a/source4/heimdal/lib/hcrypto/rand.c b/source4/heimdal/lib/hcrypto/rand.c
index 3cd65989c6..9f0438a34e 100644
--- a/source4/heimdal/lib/hcrypto/rand.c
+++ b/source4/heimdal/lib/hcrypto/rand.c
@@ -3,6 +3,8 @@
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -58,7 +60,9 @@ init_method(void)
 {
     if (selected_meth != NULL)
 	return;
-#ifdef __APPLE__
+#if defined(_WIN32)
+    selected_meth = &hc_rand_w32crypto_method;
+#elif defined(__APPLE__)
     selected_meth = &hc_rand_unix_method;
 #else
     selected_meth = &hc_rand_fortuna_method;
@@ -95,6 +99,8 @@ RAND_seed(const void *indata, size_t size)
 int
 RAND_bytes(void *outdata, size_t size)
 {
+    if (size == 0)
+	return 1;
     init_method();
     return (*selected_meth->bytes)(outdata, size);
 }
diff --git a/source4/heimdal/lib/hcrypto/rand.h b/source4/heimdal/lib/hcrypto/rand.h
index 65800d6b99..f4e2485166 100644
--- a/source4/heimdal/lib/hcrypto/rand.h
+++ b/source4/heimdal/lib/hcrypto/rand.h
@@ -62,6 +62,7 @@ typedef struct RAND_METHOD RAND_METHOD;
 #define RAND_fortuna_method hc_RAND_fortuna_method
 #define RAND_egd_method hc_RAND_egd_method
 #define RAND_unix_method hc_RAND_unix_method
+#define RAND_w32crypto_method hc_RAND_w32crypto_method
 
 /*
  *
diff --git a/source4/heimdal/lib/hcrypto/randi.h b/source4/heimdal/lib/hcrypto/randi.h
index f8f6c39b3e..c6c617af22 100644
--- a/source4/heimdal/lib/hcrypto/randi.h
+++ b/source4/heimdal/lib/hcrypto/randi.h
@@ -42,6 +42,7 @@ extern const RAND_METHOD hc_rand_fortuna_method;
 extern const RAND_METHOD hc_rand_unix_method;
 extern const RAND_METHOD hc_rand_egd_method;
 extern const RAND_METHOD hc_rand_timer_method;
+extern const RAND_METHOD hc_rand_w32crypto_method;
 
 const RAND_METHOD * RAND_timer_method(void);
 
diff --git a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c
index 3dd2555812..9a7f0fd3d6 100644
--- a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c
+++ b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c
@@ -31,11 +31,12 @@
 #include "config.h"
 
 
+#include <stdlib.h>
 #ifdef KRB5
 #include <krb5-types.h>
 #endif
 
-#include <rijndael-alg-fst.h>
+#include "rijndael-alg-fst.h"
 
 /* the file should not be used from outside */
 typedef uint8_t			u8;
diff --git a/source4/heimdal/lib/hcrypto/rnd_keys.c b/source4/heimdal/lib/hcrypto/rnd_keys.c
index 9baf00212c..49c7634c38 100644
--- a/source4/heimdal/lib/hcrypto/rnd_keys.c
+++ b/source4/heimdal/lib/hcrypto/rnd_keys.c
@@ -39,11 +39,11 @@
 #ifdef KRB5
 #include <krb5-types.h>
 #endif
+#include <stdlib.h>
+
 #include <des.h>
 #include <rand.h>
 
-#include <stdlib.h>
-
 #undef __attribute__
 #define __attribute__(X)
 
diff --git a/source4/heimdal/lib/hcrypto/ui.c b/source4/heimdal/lib/hcrypto/ui.c
index ca8c8442b5..f6f8a1ffe2 100644
--- a/source4/heimdal/lib/hcrypto/ui.c
+++ b/source4/heimdal/lib/hcrypto/ui.c
@@ -37,10 +37,15 @@
 #include <stdlib.h>
 #include <string.h>
 #include <signal.h>
+#ifdef HAVE_TERMIOS_H
 #include <termios.h>
+#endif
 #include <roken.h>
 
 #include <ui.h>
+#ifdef HAVE_CONIO_H
+#include <conio.h>
+#endif
 
 static sig_atomic_t intr_flag;
 
@@ -50,6 +55,53 @@ intr(int sig)
     intr_flag++;
 }
 
+#ifdef HAVE_CONIO_H
+
+/*
+ * Windows does console slightly different then then unix case.
+ */
+
+static int
+read_string(const char *preprompt, const char *prompt, 
+	    char *buf, size_t len, int echo)
+{
+    int of = 0;
+    int c;
+    char *p;
+    void (*oldsigintr)(int);
+
+    _cprintf("%s%s", preprompt, prompt);
+
+    oldsigintr = signal(SIGINT, intr);
+
+    p = buf;
+    while(intr_flag == 0){
+	c = ((echo)? _getche(): _getch());
+	if(c == '\n')
+	    break;
+	if(of == 0)
+	    *p++ = c;
+	of = (p == buf + len);
+    }
+    if(of)
+	p--;
+    *p = 0;
+    
+    if(echo == 0){
+	printf("\n");
+    }
+
+    signal(SIGINT, oldsigintr);
+    
+    if(intr_flag)
+	return -2;
+    if(of)
+	return -1;
+    return 0;
+}
+
+#else /* !HAVE_CONIO_H */
+
 #ifndef NSIG
 #define NSIG 47
 #endif
@@ -135,6 +187,8 @@ read_string(const char *preprompt, const char *prompt,
     return 0;
 }
 
+#endif /* HAVE_CONIO_H */
+
 int
 UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
 {
author	Andrew Bartlett <abartlet@samba.org>	2010-01-12 18:16:45 +1100
committer	Andrew Bartlett <abartlet@samba.org>	2010-03-27 11:51:27 +1100
commit	89eaef025376339ef25d07cdc4748920fceaa968 (patch)
tree	f514f4632c9d54a372a7f1f0ca845a0c3a488fbf /source4/heimdal/lib/hcrypto
parent	fac8ca52ade6e490eea3cf3d0fc98287da321c13 (diff)
download	samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.gz samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.bz2 samba-89eaef025376339ef25d07cdc4748920fceaa968.zip