summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/hcrypto
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/hcrypto')
-rw-r--r--source4/heimdal/lib/hcrypto/aes.h2
-rw-r--r--source4/heimdal/lib/hcrypto/bn.c1
-rw-r--r--source4/heimdal/lib/hcrypto/des.c13
-rw-r--r--source4/heimdal/lib/hcrypto/evp-cc.c24
-rw-r--r--source4/heimdal/lib/hcrypto/evp-cc.h2
-rw-r--r--source4/heimdal/lib/hcrypto/evp.c1
-rw-r--r--source4/heimdal/lib/hcrypto/evp.h18
-rw-r--r--source4/heimdal/lib/hcrypto/hash.h1
-rw-r--r--source4/heimdal/lib/hcrypto/rand-fortuna.c9
-rw-r--r--source4/heimdal/lib/hcrypto/rand-unix.c38
-rw-r--r--source4/heimdal/lib/hcrypto/rand.c8
-rw-r--r--source4/heimdal/lib/hcrypto/rand.h1
-rw-r--r--source4/heimdal/lib/hcrypto/randi.h1
-rw-r--r--source4/heimdal/lib/hcrypto/rijndael-alg-fst.c3
-rw-r--r--source4/heimdal/lib/hcrypto/rnd_keys.c4
-rw-r--r--source4/heimdal/lib/hcrypto/ui.c54
16 files changed, 131 insertions, 49 deletions
diff --git a/source4/heimdal/lib/hcrypto/aes.h b/source4/heimdal/lib/hcrypto/aes.h
index 23f8f5d0ab..273f1dd569 100644
--- a/source4/heimdal/lib/hcrypto/aes.h
+++ b/source4/heimdal/lib/hcrypto/aes.h
@@ -69,7 +69,7 @@ void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_cbc_encrypt(const unsigned char *, unsigned char *,
- const unsigned long, const AES_KEY *,
+ unsigned long, const AES_KEY *,
unsigned char *, int);
#ifdef __cplusplus
diff --git a/source4/heimdal/lib/hcrypto/bn.c b/source4/heimdal/lib/hcrypto/bn.c
index 545d9529d3..17c1ec79b7 100644
--- a/source4/heimdal/lib/hcrypto/bn.c
+++ b/source4/heimdal/lib/hcrypto/bn.c
@@ -40,6 +40,7 @@
#include <limits.h>
#include <krb5-types.h>
+#include <roken.h>
#include <rfc2459_asn1.h> /* XXX */
#include <der.h>
diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c
index c9067d7bcc..43ff8a3f50 100644
--- a/source4/heimdal/lib/hcrypto/des.c
+++ b/source4/heimdal/lib/hcrypto/des.c
@@ -92,6 +92,8 @@
#include <krb5-types.h>
#include <assert.h>
+#include <roken.h>
+
#include "des.h"
#include "ui.h"
@@ -180,14 +182,13 @@ static DES_cblock weak_keys[] = {
int
DES_is_weak_key(DES_cblock *key)
{
+ int weak = 0;
int i;
- /* Not constant time size if the key is weak, the app should not use it. */
- for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) {
- if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0)
- return 1;
- }
- return 0;
+ for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++)
+ weak ^= (ct_memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0);
+
+ return !!weak;
}
/**
diff --git a/source4/heimdal/lib/hcrypto/evp-cc.c b/source4/heimdal/lib/hcrypto/evp-cc.c
index 15b3479f8e..f1da22537d 100644
--- a/source4/heimdal/lib/hcrypto/evp-cc.c
+++ b/source4/heimdal/lib/hcrypto/evp-cc.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -43,7 +45,9 @@
#include <string.h>
#include <assert.h>
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
#include <CommonCrypto/CommonDigest.h>
+#endif
#include <CommonCrypto/CommonCryptor.h>
#include <evp.h>
@@ -420,6 +424,7 @@ EVP_cc_rc2_64_cbc(void)
const EVP_MD *
EVP_cc_md2(void)
{
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md2 = {
CC_MD2_DIGEST_LENGTH,
CC_MD2_BLOCK_BYTES,
@@ -430,6 +435,9 @@ EVP_cc_md2(void)
(hc_evp_md_cleanup)NULL
};
return &md2;
+#else
+ return NULL;
+#endif
}
/**
@@ -441,6 +449,7 @@ EVP_cc_md2(void)
const EVP_MD *
EVP_cc_md4(void)
{
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md4 = {
CC_MD4_DIGEST_LENGTH,
CC_MD4_BLOCK_BYTES,
@@ -451,6 +460,9 @@ EVP_cc_md4(void)
(hc_evp_md_cleanup)NULL
};
return &md4;
+#else
+ return NULL;
+#endif
}
/**
@@ -462,6 +474,7 @@ EVP_cc_md4(void)
const EVP_MD *
EVP_cc_md5(void)
{
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md5 = {
CC_MD5_DIGEST_LENGTH,
CC_MD5_BLOCK_BYTES,
@@ -472,6 +485,9 @@ EVP_cc_md5(void)
(hc_evp_md_cleanup)NULL
};
return &md5;
+#else
+ return NULL;
+#endif
}
/**
@@ -483,6 +499,7 @@ EVP_cc_md5(void)
const EVP_MD *
EVP_cc_sha1(void)
{
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md sha1 = {
CC_SHA1_DIGEST_LENGTH,
CC_SHA1_BLOCK_BYTES,
@@ -493,6 +510,9 @@ EVP_cc_sha1(void)
(hc_evp_md_cleanup)NULL
};
return &sha1;
+#else
+ return NULL;
+#endif
}
/**
@@ -504,6 +524,7 @@ EVP_cc_sha1(void)
const EVP_MD *
EVP_cc_sha256(void)
{
+#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md sha256 = {
CC_SHA256_DIGEST_LENGTH,
CC_SHA256_BLOCK_BYTES,
@@ -514,6 +535,9 @@ EVP_cc_sha256(void)
(hc_evp_md_cleanup)NULL
};
return &sha256;
+#else
+ return NULL;
+#endif
}
/**
diff --git a/source4/heimdal/lib/hcrypto/evp-cc.h b/source4/heimdal/lib/hcrypto/evp-cc.h
index d2df771bc0..0febd21e98 100644
--- a/source4/heimdal/lib/hcrypto/evp-cc.h
+++ b/source4/heimdal/lib/hcrypto/evp-cc.h
@@ -41,7 +41,7 @@
#define EVP_cc_md4 hc_EVP_cc_md4
#define EVP_cc_md5 hc_EVP_cc_md5
#define EVP_cc_sha1 hc_EVP_cc_sha1
-#define EVP_cc_sha256 hc_EVP__cc_sha256
+#define EVP_cc_sha256 hc_EVP_cc_sha256
#define EVP_cc_des_cbc hc_EVP_cc_des_cbc
#define EVP_cc_des_ede3_cbc hc_EVP_cc_des_ede3_cbc
#define EVP_cc_aes_128_cbc hc_EVP_cc_aes_128_cbc
diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c
index 006db35939..72787e185f 100644
--- a/source4/heimdal/lib/hcrypto/evp.c
+++ b/source4/heimdal/lib/hcrypto/evp.c
@@ -49,6 +49,7 @@
#include <evp-cc.h>
#include <krb5-types.h>
+#include <roken.h>
#ifndef HCRYPTO_DEF_PROVIDER
#define HCRYPTO_DEF_PROVIDER hcrypto
diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h
index 600f69b7a5..ae92ab4899 100644
--- a/source4/heimdal/lib/hcrypto/evp.h
+++ b/source4/heimdal/lib/hcrypto/evp.h
@@ -214,24 +214,24 @@ HC_CPP_BEGIN
*/
const EVP_MD *EVP_md_null(void);
-const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO;
-const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO;
-const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO;
-const EVP_MD *EVP_sha(void) HC_DEPRECATED;
+HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md2(void);
+HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md4(void);
+HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_sha256(void);
const EVP_CIPHER * EVP_aes_128_cbc(void);
const EVP_CIPHER * EVP_aes_192_cbc(void);
const EVP_CIPHER * EVP_aes_256_cbc(void);
-const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO;
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_des_cbc(void);
const EVP_CIPHER * EVP_des_ede3_cbc(void);
const EVP_CIPHER * EVP_enc_null(void);
-const EVP_CIPHER * EVP_rc2_40_cbc(void) HC_DEPRECATED_CRYPTO;
-const EVP_CIPHER * EVP_rc2_64_cbc(void) HC_DEPRECATED_CRYPTO;
-const EVP_CIPHER * EVP_rc2_cbc(void) HC_DEPRECATED_CRYPTO;
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_40_cbc(void);
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_64_cbc(void);
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_cbc(void);
const EVP_CIPHER * EVP_rc4(void);
-const EVP_CIPHER * EVP_rc4_40(void) HC_DEPRECATED_CRYPTO;
+HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc4_40(void);
const EVP_CIPHER * EVP_camellia_128_cbc(void);
const EVP_CIPHER * EVP_camellia_192_cbc(void);
const EVP_CIPHER * EVP_camellia_256_cbc(void);
diff --git a/source4/heimdal/lib/hcrypto/hash.h b/source4/heimdal/lib/hcrypto/hash.h
index b8d5d45606..78a795f2a7 100644
--- a/source4/heimdal/lib/hcrypto/hash.h
+++ b/source4/heimdal/lib/hcrypto/hash.h
@@ -43,6 +43,7 @@
#ifdef KRB5
#include <krb5-types.h>
#endif
+#include <roken.h>
#ifndef min
#define min(a,b) (((a)>(b))?(b):(a))
diff --git a/source4/heimdal/lib/hcrypto/rand-fortuna.c b/source4/heimdal/lib/hcrypto/rand-fortuna.c
index c39c713901..c81eb9e2d7 100644
--- a/source4/heimdal/lib/hcrypto/rand-fortuna.c
+++ b/source4/heimdal/lib/hcrypto/rand-fortuna.c
@@ -35,6 +35,9 @@
#include <stdlib.h>
#include <rand.h>
+#ifdef KRB5
+#include <krb5-types.h>
+#endif
#include <roken.h>
#include "randi.h"
@@ -451,6 +454,7 @@ fortuna_reseed(void)
if (!init_done)
abort();
+#ifndef NO_RAND_UNIX_METHOD
{
unsigned char buf[INIT_BYTES];
if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) {
@@ -459,6 +463,7 @@ fortuna_reseed(void)
memset(buf, 0, sizeof(buf));
}
}
+#endif
#ifdef HAVE_ARC4RANDOM
{
uint32_t buf[INIT_BYTES / sizeof(uint32_t)];
@@ -470,6 +475,7 @@ fortuna_reseed(void)
entropy_p = 1;
}
#endif
+#ifndef NO_RAND_EGD_METHOD
/*
* Only to get egd entropy if /dev/random or arc4rand failed since
* it can be horribly slow to generate new bits.
@@ -482,6 +488,7 @@ fortuna_reseed(void)
memset(buf, 0, sizeof(buf));
}
}
+#endif
/*
* Fall back to gattering data from timer and secret files, this
* is really the last resort.
@@ -521,10 +528,12 @@ fortuna_reseed(void)
gettimeofday(&tv, NULL);
add_entropy(&main_state, (void *)&tv, sizeof(tv));
}
+#ifdef HAVE_GETUID
{
uid_t u = getuid();
add_entropy(&main_state, (void *)&u, sizeof(u));
}
+#endif
return entropy_p;
}
diff --git a/source4/heimdal/lib/hcrypto/rand-unix.c b/source4/heimdal/lib/hcrypto/rand-unix.c
index fcad39f1de..4c1f33da59 100644
--- a/source4/heimdal/lib/hcrypto/rand-unix.c
+++ b/source4/heimdal/lib/hcrypto/rand-unix.c
@@ -42,9 +42,6 @@
#include "randi.h"
-static int random_fd = -1;
-static HEIMDAL_MUTEX random_mutex = HEIMDAL_MUTEX_INITIALIZER;
-
/*
* Unix /dev/random
*/
@@ -93,44 +90,29 @@ static int
unix_bytes(unsigned char *outdata, int size)
{
ssize_t count;
- int once = 0;
+ int fd;
if (size < 0)
return 0;
else if (size == 0)
return 1;
- HEIMDAL_MUTEX_lock(&random_mutex);
- if (random_fd == -1) {
- retry:
- random_fd = get_device_fd(O_RDONLY);
- if (random_fd < 0) {
- HEIMDAL_MUTEX_unlock(&random_mutex);
- return 0;
- }
- }
+ fd = get_device_fd(O_RDONLY);
+ if (fd < 0)
+ return 0;
while (size > 0) {
- HEIMDAL_MUTEX_unlock(&random_mutex);
- count = read (random_fd, outdata, size);
- HEIMDAL_MUTEX_lock(&random_mutex);
- if (random_fd < 0) {
- if (errno == EINTR)
- continue;
- else if (errno == EBADF && once++ == 0) {
- close(random_fd);
- random_fd = -1;
- goto retry;
- }
- return 0;
- } else if (count <= 0) {
- HEIMDAL_MUTEX_unlock(&random_mutex);
+ count = read(fd, outdata, size);
+ if (count < 0 && errno == EINTR)
+ continue;
+ else if (count <= 0) {
+ close(fd);
return 0;
}
outdata += count;
size -= count;
}
- HEIMDAL_MUTEX_unlock(&random_mutex);
+ close(fd);
return 1;
}
diff --git a/source4/heimdal/lib/hcrypto/rand.c b/source4/heimdal/lib/hcrypto/rand.c
index 3cd65989c6..9f0438a34e 100644
--- a/source4/heimdal/lib/hcrypto/rand.c
+++ b/source4/heimdal/lib/hcrypto/rand.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -58,7 +60,9 @@ init_method(void)
{
if (selected_meth != NULL)
return;
-#ifdef __APPLE__
+#if defined(_WIN32)
+ selected_meth = &hc_rand_w32crypto_method;
+#elif defined(__APPLE__)
selected_meth = &hc_rand_unix_method;
#else
selected_meth = &hc_rand_fortuna_method;
@@ -95,6 +99,8 @@ RAND_seed(const void *indata, size_t size)
int
RAND_bytes(void *outdata, size_t size)
{
+ if (size == 0)
+ return 1;
init_method();
return (*selected_meth->bytes)(outdata, size);
}
diff --git a/source4/heimdal/lib/hcrypto/rand.h b/source4/heimdal/lib/hcrypto/rand.h
index 65800d6b99..f4e2485166 100644
--- a/source4/heimdal/lib/hcrypto/rand.h
+++ b/source4/heimdal/lib/hcrypto/rand.h
@@ -62,6 +62,7 @@ typedef struct RAND_METHOD RAND_METHOD;
#define RAND_fortuna_method hc_RAND_fortuna_method
#define RAND_egd_method hc_RAND_egd_method
#define RAND_unix_method hc_RAND_unix_method
+#define RAND_w32crypto_method hc_RAND_w32crypto_method
/*
*
diff --git a/source4/heimdal/lib/hcrypto/randi.h b/source4/heimdal/lib/hcrypto/randi.h
index f8f6c39b3e..c6c617af22 100644
--- a/source4/heimdal/lib/hcrypto/randi.h
+++ b/source4/heimdal/lib/hcrypto/randi.h
@@ -42,6 +42,7 @@ extern const RAND_METHOD hc_rand_fortuna_method;
extern const RAND_METHOD hc_rand_unix_method;
extern const RAND_METHOD hc_rand_egd_method;
extern const RAND_METHOD hc_rand_timer_method;
+extern const RAND_METHOD hc_rand_w32crypto_method;
const RAND_METHOD * RAND_timer_method(void);
diff --git a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c
index 3dd2555812..9a7f0fd3d6 100644
--- a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c
+++ b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c
@@ -31,11 +31,12 @@
#include "config.h"
+#include <stdlib.h>
#ifdef KRB5
#include <krb5-types.h>
#endif
-#include <rijndael-alg-fst.h>
+#include "rijndael-alg-fst.h"
/* the file should not be used from outside */
typedef uint8_t u8;
diff --git a/source4/heimdal/lib/hcrypto/rnd_keys.c b/source4/heimdal/lib/hcrypto/rnd_keys.c
index 9baf00212c..49c7634c38 100644
--- a/source4/heimdal/lib/hcrypto/rnd_keys.c
+++ b/source4/heimdal/lib/hcrypto/rnd_keys.c
@@ -39,11 +39,11 @@
#ifdef KRB5
#include <krb5-types.h>
#endif
+#include <stdlib.h>
+
#include <des.h>
#include <rand.h>
-#include <stdlib.h>
-
#undef __attribute__
#define __attribute__(X)
diff --git a/source4/heimdal/lib/hcrypto/ui.c b/source4/heimdal/lib/hcrypto/ui.c
index ca8c8442b5..f6f8a1ffe2 100644
--- a/source4/heimdal/lib/hcrypto/ui.c
+++ b/source4/heimdal/lib/hcrypto/ui.c
@@ -37,10 +37,15 @@
#include <stdlib.h>
#include <string.h>
#include <signal.h>
+#ifdef HAVE_TERMIOS_H
#include <termios.h>
+#endif
#include <roken.h>
#include <ui.h>
+#ifdef HAVE_CONIO_H
+#include <conio.h>
+#endif
static sig_atomic_t intr_flag;
@@ -50,6 +55,53 @@ intr(int sig)
intr_flag++;
}
+#ifdef HAVE_CONIO_H
+
+/*
+ * Windows does console slightly different then then unix case.
+ */
+
+static int
+read_string(const char *preprompt, const char *prompt,
+ char *buf, size_t len, int echo)
+{
+ int of = 0;
+ int c;
+ char *p;
+ void (*oldsigintr)(int);
+
+ _cprintf("%s%s", preprompt, prompt);
+
+ oldsigintr = signal(SIGINT, intr);
+
+ p = buf;
+ while(intr_flag == 0){
+ c = ((echo)? _getche(): _getch());
+ if(c == '\n')
+ break;
+ if(of == 0)
+ *p++ = c;
+ of = (p == buf + len);
+ }
+ if(of)
+ p--;
+ *p = 0;
+
+ if(echo == 0){
+ printf("\n");
+ }
+
+ signal(SIGINT, oldsigintr);
+
+ if(intr_flag)
+ return -2;
+ if(of)
+ return -1;
+ return 0;
+}
+
+#else /* !HAVE_CONIO_H */
+
#ifndef NSIG
#define NSIG 47
#endif
@@ -135,6 +187,8 @@ read_string(const char *preprompt, const char *prompt,
return 0;
}
+#endif /* HAVE_CONIO_H */
+
int
UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
{