From 5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 20 Sep 2009 23:18:34 -0700 Subject: s4:heimdal: import lorikeet-heimdal-200909210500 (commit 290db8d23647a27c39b97c189a0b2ef6ec21ca69) --- source4/heimdal/lib/hcrypto/des.c | 1 + source4/heimdal/lib/hcrypto/evp-aes-cts.c | 273 ------------- source4/heimdal/lib/hcrypto/evp-cc.c | 621 ++++++++++++++++++++++++++++++ source4/heimdal/lib/hcrypto/evp-cc.h | 91 +++++ source4/heimdal/lib/hcrypto/evp-hcrypto.c | 568 ++++++++++++++++++++++++++- source4/heimdal/lib/hcrypto/evp-hcrypto.h | 92 +++++ source4/heimdal/lib/hcrypto/evp.c | 445 ++++----------------- source4/heimdal/lib/hcrypto/evp.h | 35 +- source4/heimdal/lib/hcrypto/imath/imath.c | 447 ++++++++++----------- source4/heimdal/lib/hcrypto/imath/imath.h | 12 +- source4/heimdal/lib/hcrypto/rc4.c | 2 +- source4/heimdal/lib/hcrypto/rc4.h | 2 +- source4/heimdal/lib/hcrypto/rsa-imath.c | 63 ++- source4/heimdal/lib/hcrypto/rsa.c | 37 +- source4/heimdal/lib/hcrypto/rsa.h | 2 + 15 files changed, 1759 insertions(+), 932 deletions(-) delete mode 100644 source4/heimdal/lib/hcrypto/evp-aes-cts.c create mode 100644 source4/heimdal/lib/hcrypto/evp-cc.c create mode 100644 source4/heimdal/lib/hcrypto/evp-cc.h create mode 100644 source4/heimdal/lib/hcrypto/evp-hcrypto.h (limited to 'source4/heimdal/lib/hcrypto') diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c index 7dc4823b59..c9067d7bcc 100644 --- a/source4/heimdal/lib/hcrypto/des.c +++ b/source4/heimdal/lib/hcrypto/des.c @@ -182,6 +182,7 @@ DES_is_weak_key(DES_cblock *key) { int i; + /* Not constant time size if the key is weak, the app should not use it. */ for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) { if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0) return 1; diff --git a/source4/heimdal/lib/hcrypto/evp-aes-cts.c b/source4/heimdal/lib/hcrypto/evp-aes-cts.c deleted file mode 100644 index 66f87982c0..0000000000 --- a/source4/heimdal/lib/hcrypto/evp-aes-cts.c +++ /dev/null @@ -1,273 +0,0 @@ -/* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include - -#define HC_DEPRECATED - -#include -#include -#include -#include -#include - - -#include - -#if defined(BUILD_KRB5_LIB) && defined(HAVE_OPENSSL) -#include -#include - -#define _hc_EVP_hcrypto_aes_128_cts _krb5_EVP_hcrypto_aes_128_cts -#define _hc_EVP_hcrypto_aes_192_cts _krb5_EVP_hcrypto_aes_192_cts -#define _hc_EVP_hcrypto_aes_256_cts _krb5_EVP_hcrypto_aes_256_cts - -const EVP_CIPHER * _krb5_EVP_hcrypto_aes_128_cts(void); -const EVP_CIPHER * _krb5_EVP_hcrypto_aes_192_cts(void); -const EVP_CIPHER * _krb5_EVP_hcrypto_aes_256_cts(void); - -#else -#include -#include - -#define _hc_EVP_hcrypto_aes_128_cts hc_EVP_hcrypto_aes_128_cts -#define _hc_EVP_hcrypto_aes_192_cts hc_EVP_hcrypto_aes_192_cts -#define _hc_EVP_hcrypto_aes_256_cts hc_EVP_hcrypto_aes_256_cts - -#endif - -/* - * - */ - -static int -aes_cts_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - AES_KEY *k = ctx->cipher_data; - if (ctx->encrypt) - AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); - else - AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); - return 1; -} - -static void -_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, const int encryptp) -{ - unsigned char tmp[AES_BLOCK_SIZE]; - int i; - - /* - * In the framework of kerberos, the length can never be shorter - * then at least one blocksize. - */ - - if (encryptp) { - - while(len > AES_BLOCK_SIZE) { - for (i = 0; i < AES_BLOCK_SIZE; i++) - tmp[i] = in[i] ^ ivec[i]; - AES_encrypt(tmp, out, key); - memcpy(ivec, out, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - for (i = 0; i < len; i++) - tmp[i] = in[i] ^ ivec[i]; - for (; i < AES_BLOCK_SIZE; i++) - tmp[i] = 0 ^ ivec[i]; - - AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); - - memcpy(out, ivec, len); - memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - - } else { - unsigned char tmp2[AES_BLOCK_SIZE]; - unsigned char tmp3[AES_BLOCK_SIZE]; - - while(len > AES_BLOCK_SIZE * 2) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(in, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - len -= AES_BLOCK_SIZE; - - memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */ - AES_decrypt(in, tmp2, key); - - memcpy(tmp3, in + AES_BLOCK_SIZE, len); - memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */ - - for (i = 0; i < len; i++) - out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i]; - - AES_decrypt(tmp3, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - } -} - -static int -aes_cts_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int len) -{ - AES_KEY *k = ctx->cipher_data; - - if (len < AES_BLOCK_SIZE) - abort(); /* krb5_abortx(context, "invalid use of AES_CTS_encrypt"); */ - if (len == AES_BLOCK_SIZE) { - if (ctx->encrypt) - AES_encrypt(in, out, k); - else - AES_decrypt(in, out, k); - } else { - _krb5_aes_cts_encrypt(in, out, len, k, ctx->iv, ctx->encrypt); - } - - return 1; -} - - -static int -aes_cts_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(AES_KEY)); - return 1; -} - -/** - * The AES-128 cts cipher type (hcrypto) - * - * @return the AES-128 EVP_CIPHER pointer. - * - * @ingroup hcrypto_evp - */ - -const EVP_CIPHER * -_hc_EVP_hcrypto_aes_128_cts(void) -{ - static const EVP_CIPHER aes_128_cts = { - 0, - 1, - 16, - 16, - EVP_CIPH_CBC_MODE, - aes_cts_init, - aes_cts_do_cipher, - aes_cts_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - - return &aes_128_cts; -} - -/** - * The AES-192 cts cipher type (hcrypto) - * - * @return the AES-192 EVP_CIPHER pointer. - * - * @ingroup hcrypto_evp - */ - -const EVP_CIPHER * -_hc_EVP_hcrypto_aes_192_cts(void) -{ - static const EVP_CIPHER aes_192_cts = { - 0, - 1, - 24, - 16, - EVP_CIPH_CBC_MODE, - aes_cts_init, - aes_cts_do_cipher, - aes_cts_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - - return &aes_192_cts; -} - -/** - * The AES-256 cts cipher type (hcrypto) - * - * @return the AES-256 EVP_CIPHER pointer. - * - * @ingroup hcrypto_evp - */ - -const EVP_CIPHER * -_hc_EVP_hcrypto_aes_256_cts(void) -{ - static const EVP_CIPHER aes_256_cts = { - 0, - 1, - 32, - 16, - EVP_CIPH_CBC_MODE, - aes_cts_init, - aes_cts_do_cipher, - aes_cts_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - - return &aes_256_cts; -} diff --git a/source4/heimdal/lib/hcrypto/evp-cc.c b/source4/heimdal/lib/hcrypto/evp-cc.c new file mode 100644 index 0000000000..1bf8ca8af9 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/evp-cc.c @@ -0,0 +1,621 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* CommonCrypto provider */ + +#ifdef __APPLE__ + +#include "config.h" + +#include +#include +#include +#include +#include + +#include +#include + +#include +#include + +/* + * + */ + +struct cc_key { + CCCryptorRef href; +}; + +static int +cc_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + struct cc_key *cc = ctx->cipher_data; + CCCryptorStatus ret; + size_t moved; + + memcpy(out, in, size); + + ret = CCCryptorUpdate(cc->href, in, size, out, size, &moved); + if (ret) + return 0; + + if (moved != size) + return 0; + + return 1; +} + +static int +cc_cleanup(EVP_CIPHER_CTX *ctx) +{ + struct cc_key *cc = ctx->cipher_data; + if (cc->href) + CCCryptorRelease(cc->href); + return 1; +} + +static int +init_cc_key(int encp, CCAlgorithm alg, const void *key, + size_t keylen, const void *iv, CCCryptorRef *ref) +{ + CCOperation op = encp ? kCCEncrypt : kCCDecrypt; + CCCryptorStatus ret; + + if (*ref) { + if (key == NULL && iv) { + CCCryptorReset(*ref, iv); + return 1; + } + CCCryptorRelease(*ref); + } + + ret = CCCryptorCreate(op, alg, 0, key, keylen, iv, ref); + if (ret) + return 0; + return 1; +} + +static int +cc_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct cc_key *cc = ctx->cipher_data; + return init_cc_key(encp, kCCAlgorithm3DES, key, kCCKeySize3DES, iv, &cc->href); +} + +/** + * The tripple DES cipher type (Apple CommonCrypto provider) + * + * @return the DES-EDE3-CBC EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_cc_des_ede3_cbc(void) +{ + static const EVP_CIPHER des_ede3_cbc = { + 0, + 8, + 24, + 8, + EVP_CIPH_CBC_MODE|EVP_CIPH_ALWAYS_CALL_INIT, + cc_des_ede3_cbc_init, + cc_do_cipher, + cc_cleanup, + sizeof(struct cc_key), + NULL, + NULL, + NULL, + NULL + }; + return &des_ede3_cbc; +} + +/* + * + */ + +static int +cc_des_cbc_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct cc_key *cc = ctx->cipher_data; + return init_cc_key(encp, kCCAlgorithmDES, key, kCCBlockSizeDES, iv, &cc->href); +} + +/** + * The DES cipher type (Apple CommonCrypto provider) + * + * @return the DES-CBC EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_cc_des_cbc(void) +{ + static const EVP_CIPHER des_ede3_cbc = { + 0, + kCCBlockSizeDES, + kCCBlockSizeDES, + kCCBlockSizeDES, + EVP_CIPH_CBC_MODE|EVP_CIPH_ALWAYS_CALL_INIT, + cc_des_cbc_init, + cc_do_cipher, + cc_cleanup, + sizeof(struct cc_key), + NULL, + NULL, + NULL, + NULL + }; + return &des_ede3_cbc; +} + +/* + * + */ + +static int +cc_aes_cbc_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct cc_key *cc = ctx->cipher_data; + return init_cc_key(encp, kCCAlgorithmAES128, key, ctx->cipher->key_len, iv, &cc->href); +} + +/** + * The AES-128 cipher type (Apple CommonCrypto provider) + * + * @return the AES-128-CBC EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_cc_aes_128_cbc(void) +{ + static const EVP_CIPHER c = { + 0, + kCCBlockSizeAES128, + kCCKeySizeAES128, + kCCBlockSizeAES128, + EVP_CIPH_CBC_MODE|EVP_CIPH_ALWAYS_CALL_INIT, + cc_aes_cbc_init, + cc_do_cipher, + cc_cleanup, + sizeof(struct cc_key), + NULL, + NULL, + NULL, + NULL + }; + return &c; +} + +/** + * The AES-192 cipher type (Apple CommonCrypto provider) + * + * @return the AES-192-CBC EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_cc_aes_192_cbc(void) +{ + static const EVP_CIPHER c = { + 0, + kCCBlockSizeAES128, + kCCKeySizeAES192, + kCCBlockSizeAES128, + EVP_CIPH_CBC_MODE|EVP_CIPH_ALWAYS_CALL_INIT, + cc_aes_cbc_init, + cc_do_cipher, + cc_cleanup, + sizeof(struct cc_key), + NULL, + NULL, + NULL, + NULL + }; + return &c; +} + +/** + * The AES-256 cipher type (Apple CommonCrypto provider) + * + * @return the AES-256-CBC EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_cc_aes_256_cbc(void) +{ + static const EVP_CIPHER c = { + 0, + kCCBlockSizeAES128, + kCCKeySizeAES256, + kCCBlockSizeAES128, + EVP_CIPH_CBC_MODE|EVP_CIPH_ALWAYS_CALL_INIT, + cc_aes_cbc_init, + cc_do_cipher, + cc_cleanup, + sizeof(struct cc_key), + NULL, + NULL, + NULL, + NULL + }; + return &c; +} + +/* + * + */ + +static int +cc_rc2_cbc_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct cc_key *cc = ctx->cipher_data; + return init_cc_key(encp, kCCAlgorithmRC2, key, ctx->cipher->key_len, iv, &cc->href); +} + +/** + * The RC2 cipher type - common crypto + * + * @return the RC2 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + + +const EVP_CIPHER * +EVP_cc_rc2_cbc(void) +{ + static const EVP_CIPHER rc2_cbc = { + 0, + kCCBlockSizeRC2, + 16, + kCCBlockSizeRC2, + EVP_CIPH_CBC_MODE|EVP_CIPH_ALWAYS_CALL_INIT, + cc_rc2_cbc_init, + cc_do_cipher, + cc_cleanup, + sizeof(struct cc_key), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_cbc; +} + +/** + * The RC2-40 cipher type - common crypto + * + * @return the RC2-40 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + + +const EVP_CIPHER * +EVP_cc_rc2_40_cbc(void) +{ + static const EVP_CIPHER rc2_40_cbc = { + 0, + kCCBlockSizeRC2, + 5, + kCCBlockSizeRC2, + EVP_CIPH_CBC_MODE|EVP_CIPH_ALWAYS_CALL_INIT, + cc_rc2_cbc_init, + cc_do_cipher, + cc_cleanup, + sizeof(struct cc_key), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_40_cbc; +} + + +/** + * The RC2-64 cipher type - common crypto + * + * @return the RC2-64 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + + +const EVP_CIPHER * +EVP_cc_rc2_64_cbc(void) +{ + static const EVP_CIPHER rc2_64_cbc = { + 0, + kCCBlockSizeRC2, + 8, + kCCBlockSizeRC2, + EVP_CIPH_CBC_MODE|EVP_CIPH_ALWAYS_CALL_INIT, + cc_rc2_cbc_init, + cc_do_cipher, + cc_cleanup, + sizeof(struct cc_key), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_64_cbc; +} + +/** + * The CommonCrypto md2 provider + * + * @ingroup hcrypto_evp + */ + +const EVP_MD * +EVP_cc_md2(void) +{ + static const struct hc_evp_md md2 = { + CC_MD2_DIGEST_LENGTH, + CC_MD2_BLOCK_BYTES, + sizeof(CC_MD2_CTX), + (hc_evp_md_init)CC_MD2_Init, + (hc_evp_md_update)CC_MD2_Update, + (hc_evp_md_final)CC_MD2_Final, + (hc_evp_md_cleanup)NULL + }; + return &md2; +} + +/** + * The CommonCrypto md4 provider + * + * @ingroup hcrypto_evp + */ + +const EVP_MD * +EVP_cc_md4(void) +{ + static const struct hc_evp_md md4 = { + CC_MD4_DIGEST_LENGTH, + CC_MD4_BLOCK_BYTES, + sizeof(CC_MD4_CTX), + (hc_evp_md_init)CC_MD4_Init, + (hc_evp_md_update)CC_MD4_Update, + (hc_evp_md_final)CC_MD4_Final, + (hc_evp_md_cleanup)NULL + }; + return &md4; +} + +/** + * The CommonCrypto md5 provider + * + * @ingroup hcrypto_evp + */ + +const EVP_MD * +EVP_cc_md5(void) +{ + static const struct hc_evp_md md5 = { + CC_MD5_DIGEST_LENGTH, + CC_MD5_BLOCK_BYTES, + sizeof(CC_MD5_CTX), + (hc_evp_md_init)CC_MD5_Init, + (hc_evp_md_update)CC_MD5_Update, + (hc_evp_md_final)CC_MD5_Final, + (hc_evp_md_cleanup)NULL + }; + return &md5; +} + +/** + * The CommonCrypto sha1 provider + * + * @ingroup hcrypto_evp + */ + +const EVP_MD * +EVP_cc_sha1(void) +{ + static const struct hc_evp_md sha1 = { + CC_SHA1_DIGEST_LENGTH, + CC_SHA1_BLOCK_BYTES, + sizeof(CC_SHA1_CTX), + (hc_evp_md_init)CC_SHA1_Init, + (hc_evp_md_update)CC_SHA1_Update, + (hc_evp_md_final)CC_SHA1_Final, + (hc_evp_md_cleanup)NULL + }; + return &sha1; +} + +/** + * The CommonCrypto sha256 provider + * + * @ingroup hcrypto_evp + */ + +const EVP_MD * +EVP_cc_sha256(void) +{ + static const struct hc_evp_md sha256 = { + CC_SHA256_DIGEST_LENGTH, + CC_SHA256_BLOCK_BYTES, + sizeof(CC_SHA256_CTX), + (hc_evp_md_init)CC_SHA256_Init, + (hc_evp_md_update)CC_SHA256_Update, + (hc_evp_md_final)CC_SHA256_Final, + (hc_evp_md_cleanup)NULL + }; + return &sha256; +} + +/** + * The Camellia-128 cipher type - CommonCrypto + * + * @return the Camellia-128 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_cc_camellia_128_cbc(void) +{ + return NULL; +} + +/** + * The Camellia-198 cipher type - CommonCrypto + * + * @return the Camellia-198 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_cc_camellia_192_cbc(void) +{ + return NULL; +} + +/** + * The Camellia-256 cipher type - CommonCrypto + * + * @return the Camellia-256 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_cc_camellia_256_cbc(void) +{ + return NULL; +} + +/* + * + */ + +static int +cc_rc4_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct cc_key *cc = ctx->cipher_data; + return init_cc_key(encp, kCCAlgorithmRC4, key, ctx->key_len, iv, &cc->href); +} + +/** + * The RC4 cipher type (Apple CommonCrypto provider) + * + * @return the RC4 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_cc_rc4(void) +{ + static const EVP_CIPHER rc4 = { + 0, + 1, + 16, + 0, + EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH, + cc_rc4_init, + cc_do_cipher, + cc_cleanup, + sizeof(struct cc_key), + NULL, + NULL, + NULL, + NULL + }; + return &rc4; +} + + +/** + * The RC4-40 cipher type (Apple CommonCrypto provider) + * + * @return the RC4 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_cc_rc4_40(void) +{ + static const EVP_CIPHER rc4_40 = { + 0, + 1, + 5, + 0, + EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH, + cc_rc4_init, + cc_do_cipher, + cc_cleanup, + sizeof(struct cc_key), + NULL, + NULL, + NULL, + NULL + }; + return &rc4_40; +} + +#endif /* __APPLE__ */ + diff --git a/source4/heimdal/lib/hcrypto/evp-cc.h b/source4/heimdal/lib/hcrypto/evp-cc.h new file mode 100644 index 0000000000..d2df771bc0 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/evp-cc.h @@ -0,0 +1,91 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIM_EVP_CC_H +#define HEIM_EVP_CC_H 1 + +/* symbol renaming */ +#define EVP_cc_md2 hc_EVP_cc_md2 +#define EVP_cc_md4 hc_EVP_cc_md4 +#define EVP_cc_md5 hc_EVP_cc_md5 +#define EVP_cc_sha1 hc_EVP_cc_sha1 +#define EVP_cc_sha256 hc_EVP__cc_sha256 +#define EVP_cc_des_cbc hc_EVP_cc_des_cbc +#define EVP_cc_des_ede3_cbc hc_EVP_cc_des_ede3_cbc +#define EVP_cc_aes_128_cbc hc_EVP_cc_aes_128_cbc +#define EVP_cc_aes_192_cbc hc_EVP_cc_aes_192_cbc +#define EVP_cc_aes_256_cbc hc_EVP_cc_aes_256_cbc +#define EVP_cc_rc4 hc_EVP_cc_rc4 +#define EVP_cc_rc4_40 hc_EVP_cc_rc4_40 +#define EVP_cc_rc2_40_cbc hc_EVP_cc_rc2_40_cbc +#define EVP_cc_rc2_64_cbc hc_EVP_cc_rc2_64_cbc +#define EVP_cc_rc2_cbc hc_EVP_cc_rc2_cbc +#define EVP_cc_camellia_128_cbc hc_EVP_cc_camellia_128_cbc +#define EVP_cc_camellia_192_cbc hc_EVP_cc_camellia_192_cbc +#define EVP_cc_camellia_256_cbc hc_EVP_cc_camellia_256_cbc + +/* + * + */ + +HC_CPP_BEGIN + +const EVP_MD * EVP_cc_md2(void); +const EVP_MD * EVP_cc_md4(void); +const EVP_MD * EVP_cc_md5(void); +const EVP_MD * EVP_cc_sha1(void); +const EVP_MD * EVP_cc_sha256(void); + +const EVP_CIPHER * EVP_cc_rc2_cbc(void); +const EVP_CIPHER * EVP_cc_rc2_40_cbc(void); +const EVP_CIPHER * EVP_cc_rc2_64_cbc(void); + +const EVP_CIPHER * EVP_cc_rc4(void); +const EVP_CIPHER * EVP_cc_rc4_40(void); + +const EVP_CIPHER * EVP_cc_des_cbc(void); +const EVP_CIPHER * EVP_cc_des_ede3_cbc(void); + +const EVP_CIPHER * EVP_cc_aes_128_cbc(void); +const EVP_CIPHER * EVP_cc_aes_192_cbc(void); +const EVP_CIPHER * EVP_cc_aes_256_cbc(void); + +const EVP_CIPHER * EVP_cc_camellia_128_cbc(void); +const EVP_CIPHER * EVP_cc_camellia_192_cbc(void); +const EVP_CIPHER * EVP_cc_camellia_256_cbc(void); + +HC_CPP_END + +#endif /* HEIM_EVP_CC_H */ diff --git a/source4/heimdal/lib/hcrypto/evp-hcrypto.c b/source4/heimdal/lib/hcrypto/evp-hcrypto.c index d176e2edfa..699fc667b0 100644 --- a/source4/heimdal/lib/hcrypto/evp-hcrypto.c +++ b/source4/heimdal/lib/hcrypto/evp-hcrypto.c @@ -42,11 +42,22 @@ #include #include +#include #include +#include +#include "camellia.h" #include +#include +#include + +#include +#include +#include +#include + /* * */ @@ -76,13 +87,6 @@ aes_do_cipher(EVP_CIPHER_CTX *ctx, return 1; } -static int -aes_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(AES_KEY)); - return 1; -} - /** * The AES-128 cipher type (hcrypto) * @@ -102,7 +106,7 @@ EVP_hcrypto_aes_128_cbc(void) EVP_CIPH_CBC_MODE, aes_init, aes_do_cipher, - aes_cleanup, + NULL, sizeof(AES_KEY), NULL, NULL, @@ -132,7 +136,7 @@ EVP_hcrypto_aes_192_cbc(void) EVP_CIPH_CBC_MODE, aes_init, aes_do_cipher, - aes_cleanup, + NULL, sizeof(AES_KEY), NULL, NULL, @@ -161,7 +165,7 @@ EVP_hcrypto_aes_256_cbc(void) EVP_CIPH_CBC_MODE, aes_init, aes_do_cipher, - aes_cleanup, + NULL, sizeof(AES_KEY), NULL, NULL, @@ -170,3 +174,547 @@ EVP_hcrypto_aes_256_cbc(void) }; return &aes_256_cbc; } + +/** + * The message digest SHA256 - hcrypto + * + * @return the message digest type. + * + * @ingroup hcrypto_evp + */ + +const EVP_MD * +EVP_hcrypto_sha256(void) +{ + static const struct hc_evp_md sha256 = { + 32, + 64, + sizeof(SHA256_CTX), + (hc_evp_md_init)SHA256_Init, + (hc_evp_md_update)SHA256_Update, + (hc_evp_md_final)SHA256_Final, + NULL + }; + return &sha256; +} + +/** + * The message digest SHA1 - hcrypto + * + * @return the message digest type. + * + * @ingroup hcrypto_evp + */ + +const EVP_MD * +EVP_hcrypto_sha1(void) +{ + static const struct hc_evp_md sha1 = { + 20, + 64, + sizeof(SHA_CTX), + (hc_evp_md_init)SHA1_Init, + (hc_evp_md_update)SHA1_Update, + (hc_evp_md_final)SHA1_Final, + NULL + }; + return &sha1; +} + +/** + * The message digest MD5 - hcrypto + * + * @return the message digest type. + * + * @ingroup hcrypto_evp + */ + +const EVP_MD * +EVP_hcrypto_md5(void) +{ + static const struct hc_evp_md md5 = { + 16, + 64, + sizeof(MD5_CTX), + (hc_evp_md_init)MD5_Init, + (hc_evp_md_update)MD5_Update, + (hc_evp_md_final)MD5_Final, + NULL + }; + return &md5; +} + +/** + * The message digest MD4 - hcrypto + * + * @return the message digest type. + * + * @ingroup hcrypto_evp + */ + +const EVP_MD * +EVP_hcrypto_md4(void) +{ + static const struct hc_evp_md md4 = { + 16, + 64, + sizeof(MD4_CTX), + (hc_evp_md_init)MD4_Init, + (hc_evp_md_update)MD4_Update, + (hc_evp_md_final)MD4_Final, + NULL + }; + return &md4; +} + +/** + * The message digest MD2 - hcrypto + * + * @return the message digest type. + * + * @ingroup hcrypto_evp + */ + +const EVP_MD * +EVP_hcrypto_md2(void) +{ + static const struct hc_evp_md md2 = { + 16, + 16, + sizeof(MD2_CTX), + (hc_evp_md_init)MD2_Init, + (hc_evp_md_update)MD2_Update, + (hc_evp_md_final)MD2_Final, + NULL + }; + return &md2; +} + +/* + * + */ + +static int +des_cbc_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + DES_key_schedule *k = ctx->cipher_data; + DES_cblock deskey; + memcpy(&deskey, key, sizeof(deskey)); + DES_set_key_unchecked(&deskey, k); + return 1; +} + +static int +des_cbc_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + DES_key_schedule *k = ctx->cipher_data; + DES_cbc_encrypt(in, out, size, + k, (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; +} + +/** + * The DES cipher type + * + * @return the DES-CBC EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_hcrypto_des_cbc(void) +{ + static const EVP_CIPHER des_cbc = { + 0, + 8, + 8, + 8, + EVP_CIPH_CBC_MODE, + des_cbc_init, + des_cbc_do_cipher, + NULL, + sizeof(DES_key_schedule), + NULL, + NULL, + NULL, + NULL + }; + return &des_cbc; +} + +/* + * + */ + +struct des_ede3_cbc { + DES_key_schedule ks[3]; +}; + +static int +des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct des_ede3_cbc *k = ctx->cipher_data; + DES_cblock deskey; + + memcpy(&deskey, key, sizeof(deskey)); + DES_set_odd_parity(&deskey); + DES_set_key_unchecked(&deskey, &k->ks[0]); + + memcpy(&deskey, key + 8, sizeof(deskey)); + DES_set_odd_parity(&deskey); + DES_set_key_unchecked(&deskey, &k->ks[1]); + + memcpy(&deskey, key + 16, sizeof(deskey)); + DES_set_odd_parity(&deskey); + DES_set_key_unchecked(&deskey, &k->ks[2]); + + return 1; +} + +static int +des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + struct des_ede3_cbc *k = ctx->cipher_data; + DES_ede3_cbc_encrypt(in, out, size, + &k->ks[0], &k->ks[1], &k->ks[2], + (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; +} + +/** + * The tripple DES cipher type - hcrypto + * + * @return the DES-EDE3-CBC EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_hcrypto_des_ede3_cbc(void) +{ + static const EVP_CIPHER des_ede3_cbc = { + 0, + 8, + 24, + 8, + EVP_CIPH_CBC_MODE, + des_ede3_cbc_init, + des_ede3_cbc_do_cipher, + NULL, + sizeof(struct des_ede3_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &des_ede3_cbc; +} + +/* + * + */ + +struct rc2_cbc { + unsigned int maximum_effective_key; + RC2_KEY key; +}; + +static int +rc2_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct rc2_cbc *k = ctx->cipher_data; + k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8; + RC2_set_key(&k->key, + EVP_CIPHER_CTX_key_length(ctx), + key, + k->maximum_effective_key); + return 1; +} + +static int +rc2_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + struct rc2_cbc *k = ctx->cipher_data; + RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt); + return 1; +} + +/** + * The RC2 cipher type - hcrypto + * + * @return the RC2 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_hcrypto_rc2_cbc(void) +{ + static const EVP_CIPHER rc2_cbc = { + 0, + RC2_BLOCK_SIZE, + RC2_KEY_LENGTH, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE|EVP_CIPH_VARIABLE_LENGTH, + rc2_init, + rc2_do_cipher, + NULL, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_cbc; +} + +/** + * The RC2-40 cipher type + * + * @return the RC2-40 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_hcrypto_rc2_40_cbc(void) +{ + static const EVP_CIPHER rc2_40_cbc = { + 0, + RC2_BLOCK_SIZE, + 5, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE, + rc2_init, + rc2_do_cipher, + NULL, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_40_cbc; +} + +/** + * The RC2-64 cipher type + * + * @return the RC2-64 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_hcrypto_rc2_64_cbc(void) +{ + static const EVP_CIPHER rc2_64_cbc = { + 0, + RC2_BLOCK_SIZE, + 8, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE, + rc2_init, + rc2_do_cipher, + NULL, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_64_cbc; +} + +static int +camellia_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + CAMELLIA_KEY *k = ctx->cipher_data; + k->bits = ctx->cipher->key_len * 8; + CAMELLIA_set_key(key, ctx->cipher->key_len * 8, k); + return 1; +} + +static int +camellia_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + CAMELLIA_KEY *k = ctx->cipher_data; + CAMELLIA_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); + return 1; +} + +/** + * The Camellia-128 cipher type - hcrypto + * + * @return the Camellia-128 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_hcrypto_camellia_128_cbc(void) +{ + static const EVP_CIPHER cipher = { + 0, + 16, + 16, + 16, + EVP_CIPH_CBC_MODE, + camellia_init, + camellia_do_cipher, + NULL, + sizeof(CAMELLIA_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &cipher; +} + +/** + * The Camellia-198 cipher type - hcrypto + * + * @return the Camellia-198 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_hcrypto_camellia_192_cbc(void) +{ + static const EVP_CIPHER cipher = { + 0, + 16, + 24, + 16, + EVP_CIPH_CBC_MODE, + camellia_init, + camellia_do_cipher, + NULL, + sizeof(CAMELLIA_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &cipher; +} + +/** + * The Camellia-256 cipher type - hcrypto + * + * @return the Camellia-256 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_hcrypto_camellia_256_cbc(void) +{ + static const EVP_CIPHER cipher = { + 0, + 16, + 32, + 16, + EVP_CIPH_CBC_MODE, + camellia_init, + camellia_do_cipher, + NULL, + sizeof(CAMELLIA_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &cipher; +} + +static int +rc4_init(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc) +{ + RC4_KEY *k = ctx->cipher_data; + RC4_set_key(k, ctx->key_len, key); + return 1; +} + +static int +rc4_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + RC4_KEY *k = ctx->cipher_data; + RC4(k, size, in, out); + return 1; +} + +const EVP_CIPHER * +EVP_hcrypto_rc4(void) +{ + static const EVP_CIPHER rc4 = { + 0, + 1, + 16, + 0, + EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH, + rc4_init, + rc4_do_cipher, + NULL, + sizeof(RC4_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &rc4; +} + + +const EVP_CIPHER * +EVP_hcrypto_rc4_40(void) +{ + static const EVP_CIPHER rc4_40 = { + 0, + 1, + 5, + 0, + EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH, + rc4_init, + rc4_do_cipher, + NULL, + sizeof(RC4_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &rc4_40; +} diff --git a/source4/heimdal/lib/hcrypto/evp-hcrypto.h b/source4/heimdal/lib/hcrypto/evp-hcrypto.h new file mode 100644 index 0000000000..c0fb89af71 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/evp-hcrypto.h @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIM_EVP_HCRYPTO_H +#define HEIM_EVP_HCRYPTO_H 1 + +/* symbol renaming */ +#define EVP_hcrypto_md2 hc_EVP_hcrypto_md2 +#define EVP_hcrypto_md4 hc_EVP_hcrypto_md4 +#define EVP_hcrypto_md5 hc_EVP_hcrypto_md5 +#define EVP_hcrypto_sha1 hc_EVP_hcrypto_sha1 +#define EVP_hcrypto_sha256 hc_EVP_hcrypto_sha256 +#define EVP_hcrypto_des_cbc hc_EVP_hcrypto_des_cbc +#define EVP_hcrypto_des_ede3_cbc hc_EVP_hcrypto_des_ede3_cbc +#define EVP_hcrypto_aes_128_cbc hc_EVP_hcrypto_aes_128_cbc +#define EVP_hcrypto_aes_192_cbc hc_EVP_hcrypto_aes_192_cbc +#define EVP_hcrypto_aes_256_cbc hc_EVP_hcrypto_aes_256_cbc +#define EVP_hcrypto_rc4 hc_EVP_hcrypto_rc4 +#define EVP_hcrypto_rc4_40 hc_EVP_hcrypto_rc4_40 +#define EVP_hcrypto_rc2_40_cbc hc_EVP_hcrypto_rc2_40_cbc +#define EVP_hcrypto_rc2_64_cbc hc_EVP_hcrypto_rc2_64_cbc +#define EVP_hcrypto_rc2_cbc hc_EVP_hcrypto_rc2_cbc +#define EVP_hcrypto_camellia_128_cbc hc_EVP_hcrypto_camellia_128_cbc +#define EVP_hcrypto_camellia_192_cbc hc_EVP_hcrypto_camellia_192_cbc +#define EVP_hcrypto_camellia_256_cbc hc_EVP_hcrypto_camellia_256_cbc + +/* + * + */ + +HC_CPP_BEGIN + +const EVP_MD * EVP_hcrypto_md2(void); +const EVP_MD * EVP_hcrypto_md4(void); +const EVP_MD * EVP_hcrypto_md5(void); +const EVP_MD * EVP_hcrypto_sha1(void); +const EVP_MD * EVP_hcrypto_sha256(void); + +const EVP_CIPHER * EVP_hcrypto_rc4(void); +const EVP_CIPHER * EVP_hcrypto_rc4_40(void); + +const EVP_CIPHER * EVP_hcrypto_rc2_cbc(void); +const EVP_CIPHER * EVP_hcrypto_rc2_40_cbc(void); +const EVP_CIPHER * EVP_hcrypto_rc2_64_cbc(void); + +const EVP_CIPHER * EVP_hcrypto_des_cbc(void); +const EVP_CIPHER * EVP_hcrypto_des_ede3_cbc(void); + +const EVP_CIPHER * EVP_hcrypto_aes_128_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_192_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_256_cbc(void); + +const EVP_CIPHER * EVP_hcrypto_camellia_128_cbc(void); +const EVP_CIPHER * EVP_hcrypto_camellia_192_cbc(void); +const EVP_CIPHER * EVP_hcrypto_camellia_256_cbc(void); + + +HC_CPP_END + +#endif /* HEIM_EVP_HCRYPTO_H */ diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c index ac6cac972a..006db35939 100644 --- a/source4/heimdal/lib/hcrypto/evp.c +++ b/source4/heimdal/lib/hcrypto/evp.c @@ -45,17 +45,19 @@ #include #include +#include +#include #include -#include "camellia.h" -#include -#include -#include -#include -#include -#include -#include +#ifndef HCRYPTO_DEF_PROVIDER +#define HCRYPTO_DEF_PROVIDER hcrypto +#endif + +#define HC_CONCAT4(x,y,z,aa) x ## y ## z ## aa + + +#define EVP_DEF_OP(_prov,_op) HC_CONCAT4(EVP_,_prov,_,_op)() /** * @page page_evp EVP - generic crypto interface @@ -138,8 +140,8 @@ EVP_MD_CTX_create(void) * @ingroup hcrypto_evp */ -void HC_DEPRECATED -EVP_MD_CTX_init(EVP_MD_CTX *ctx) +void +EVP_MD_CTX_init(EVP_MD_CTX *ctx) HC_DEPRECATED { memset(ctx, 0, sizeof(*ctx)); } @@ -169,11 +171,13 @@ EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) * @ingroup hcrypto_evp */ -int HC_DEPRECATED -EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +int +EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) HC_DEPRECATED { if (ctx->md && ctx->md->cleanup) (ctx->md->cleanup)(ctx); + else if (ctx->md) + memset(ctx->ptr, 0, ctx->md->ctx_size); ctx->md = NULL; ctx->engine = NULL; free(ctx->ptr); @@ -351,28 +355,9 @@ EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, const EVP_MD * EVP_sha256(void) { - static const struct hc_evp_md sha256 = { - 32, - 64, - sizeof(SHA256_CTX), - (hc_evp_md_init)SHA256_Init, - (hc_evp_md_update)SHA256_Update, - (hc_evp_md_final)SHA256_Final, - NULL - }; - return &sha256; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha256); } -static const struct hc_evp_md sha1 = { - 20, - 64, - sizeof(SHA_CTX), - (hc_evp_md_init)SHA1_Init, - (hc_evp_md_update)SHA1_Update, - (hc_evp_md_final)SHA1_Final, - NULL -}; - /** * The message digest SHA1 * @@ -384,7 +369,7 @@ static const struct hc_evp_md sha1 = { const EVP_MD * EVP_sha1(void) { - return &sha1; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha1); } /** @@ -396,9 +381,10 @@ EVP_sha1(void) */ const EVP_MD * -EVP_sha(void) +EVP_sha(void) HC_DEPRECATED + { - return &sha1; + return EVP_sha1(); } /** @@ -410,18 +396,9 @@ EVP_sha(void) */ const EVP_MD * -EVP_md5(void) -{ - static const struct hc_evp_md md5 = { - 16, - 64, - sizeof(MD5_CTX), - (hc_evp_md_init)MD5_Init, - (hc_evp_md_update)MD5_Update, - (hc_evp_md_final)MD5_Final, - NULL - }; - return &md5; +EVP_md5(void) HC_DEPRECATED_CRYPTO +{ + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md5); } /** @@ -433,18 +410,9 @@ EVP_md5(void) */ const EVP_MD * -EVP_md4(void) -{ - static const struct hc_evp_md md4 = { - 16, - 64, - sizeof(MD4_CTX), - (hc_evp_md_init)MD4_Init, - (hc_evp_md_update)MD4_Update, - (hc_evp_md_final)MD4_Final, - NULL - }; - return &md4; +EVP_md4(void) HC_DEPRECATED_CRYPTO +{ + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md4); } /** @@ -456,18 +424,9 @@ EVP_md4(void) */ const EVP_MD * -EVP_md2(void) -{ - static const struct hc_evp_md md2 = { - 16, - 16, - sizeof(MD2_CTX), - (hc_evp_md_init)MD2_Init, - (hc_evp_md_update)MD2_Update, - (hc_evp_md_final)MD2_Final, - NULL - }; - return &md2; +EVP_md2(void) HC_DEPRECATED_CRYPTO +{ + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md2); } /* @@ -589,19 +548,35 @@ EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) if (c->cipher && c->cipher->cleanup) c->cipher->cleanup(c); if (c->cipher_data) { + memset(c->cipher_data, 0, c->cipher->ctx_size); free(c->cipher_data); c->cipher_data = NULL; } return 1; } -#if 0 +/** + * If the cipher type supports it, change the key length + * + * @param c the cipher context to change the key length for + * @param length new key length + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length) { + if ((c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH) && length > 0) { + c->key_len = length; + return 1; + } return 0; } +#if 0 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad) { @@ -768,7 +743,7 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, ctx->cipher = c; ctx->key_len = c->key_len; - ctx->cipher_data = malloc(c->ctx_size); + ctx->cipher_data = calloc(1, c->ctx_size); if (ctx->cipher_data == NULL && c->ctx_size != 0) return 0; @@ -780,7 +755,7 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, return 0; } - switch (EVP_CIPHER_CTX_flags(ctx)) { + switch (EVP_CIPHER_CTX_mode(ctx)) { case EVP_CIPH_CBC_MODE: assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); @@ -789,6 +764,10 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; + + case EVP_CIPH_STREAM_CIPHER: + break; + default: return 0; } @@ -1005,48 +984,6 @@ EVP_enc_null(void) return &enc_null; } -/* - * - */ - -struct rc2_cbc { - unsigned int maximum_effective_key; - RC2_KEY key; -}; - -static int -rc2_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - struct rc2_cbc *k = ctx->cipher_data; - k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8; - RC2_set_key(&k->key, - EVP_CIPHER_CTX_key_length(ctx), - key, - k->maximum_effective_key); - return 1; -} - -static int -rc2_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int size) -{ - struct rc2_cbc *k = ctx->cipher_data; - RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt); - return 1; -} - -static int -rc2_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(struct rc2_cbc)); - return 1; -} - /** * The RC2 cipher type * @@ -1058,28 +995,13 @@ rc2_cleanup(EVP_CIPHER_CTX *ctx) const EVP_CIPHER * EVP_rc2_cbc(void) { - static const EVP_CIPHER rc2_cbc = { - 0, - RC2_BLOCK_SIZE, - RC2_KEY_LENGTH, - RC2_BLOCK_SIZE, - EVP_CIPH_CBC_MODE, - rc2_init, - rc2_do_cipher, - rc2_cleanup, - sizeof(struct rc2_cbc), - NULL, - NULL, - NULL, - NULL - }; - return &rc2_cbc; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_cbc); } /** - * The RC2-40 cipher type + * The RC2 cipher type * - * @return the RC2-40 EVP_CIPHER pointer. + * @return the RC2 EVP_CIPHER pointer. * * @ingroup hcrypto_evp */ @@ -1087,28 +1009,13 @@ EVP_rc2_cbc(void) const EVP_CIPHER * EVP_rc2_40_cbc(void) { - static const EVP_CIPHER rc2_40_cbc = { - 0, - RC2_BLOCK_SIZE, - 5, - RC2_BLOCK_SIZE, - EVP_CIPH_CBC_MODE, - rc2_init, - rc2_do_cipher, - rc2_cleanup, - sizeof(struct rc2_cbc), - NULL, - NULL, - NULL, - NULL - }; - return &rc2_40_cbc; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_40_cbc); } /** - * The RC2-64 cipher type + * The RC2 cipher type * - * @return the RC2-64 EVP_CIPHER pointer. + * @return the RC2 EVP_CIPHER pointer. * * @ingroup hcrypto_evp */ @@ -1116,22 +1023,7 @@ EVP_rc2_40_cbc(void) const EVP_CIPHER * EVP_rc2_64_cbc(void) { - static const EVP_CIPHER rc2_64_cbc = { - 0, - RC2_BLOCK_SIZE, - 8, - RC2_BLOCK_SIZE, - EVP_CIPH_CBC_MODE, - rc2_init, - rc2_do_cipher, - rc2_cleanup, - sizeof(struct rc2_cbc), - NULL, - NULL, - NULL, - NULL - }; - return &rc2_64_cbc; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_64_cbc); } /** @@ -1145,9 +1037,7 @@ EVP_rc2_64_cbc(void) const EVP_CIPHER * EVP_rc4(void) { - printf("evp rc4\n"); - abort(); - return NULL; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4); } /** @@ -1161,45 +1051,7 @@ EVP_rc4(void) const EVP_CIPHER * EVP_rc4_40(void) { - printf("evp rc4_40\n"); - abort(); - return NULL; -} - -/* - * - */ - -static int -des_cbc_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - DES_key_schedule *k = ctx->cipher_data; - DES_cblock deskey; - memcpy(&deskey, key, sizeof(deskey)); - DES_set_key_unchecked(&deskey, k); - return 1; -} - -static int -des_cbc_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int size) -{ - DES_key_schedule *k = ctx->cipher_data; - DES_cbc_encrypt(in, out, size, - k, (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; -} - -static int -des_cbc_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(struct DES_key_schedule)); - return 1; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4_40); } /** @@ -1213,74 +1065,7 @@ des_cbc_cleanup(EVP_CIPHER_CTX *ctx) const EVP_CIPHER * EVP_des_cbc(void) { - static const EVP_CIPHER des_ede3_cbc = { - 0, - 8, - 8, - 8, - EVP_CIPH_CBC_MODE, - des_cbc_init, - des_cbc_do_cipher, - des_cbc_cleanup, - sizeof(DES_key_schedule), - NULL, - NULL, - NULL, - NULL - }; - return &des_ede3_cbc; -} - -/* - * - */ - -struct des_ede3_cbc { - DES_key_schedule ks[3]; -}; - -static int -des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - struct des_ede3_cbc *k = ctx->cipher_data; - DES_cblock deskey; - - memcpy(&deskey, key, sizeof(deskey)); - DES_set_odd_parity(&deskey); - DES_set_key_unchecked(&deskey, &k->ks[0]); - - memcpy(&deskey, key + 8, sizeof(deskey)); - DES_set_odd_parity(&deskey); - DES_set_key_unchecked(&deskey, &k->ks[1]); - - memcpy(&deskey, key + 16, sizeof(deskey)); - DES_set_odd_parity(&deskey); - DES_set_key_unchecked(&deskey, &k->ks[2]); - - return 1; -} - -static int -des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int size) -{ - struct des_ede3_cbc *k = ctx->cipher_data; - DES_ede3_cbc_encrypt(in, out, size, - &k->ks[0], &k->ks[1], &k->ks[2], - (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; -} - -static int -des_ede3_cbc_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(struct des_ede3_cbc)); - return 1; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_cbc); } /** @@ -1294,22 +1079,7 @@ des_ede3_cbc_cleanup(EVP_CIPHER_CTX *ctx) const EVP_CIPHER * EVP_des_ede3_cbc(void) { - static const EVP_CIPHER des_ede3_cbc = { - 0, - 8, - 24, - 8, - EVP_CIPH_CBC_MODE, - des_ede3_cbc_init, - des_ede3_cbc_do_cipher, - des_ede3_cbc_cleanup, - sizeof(struct des_ede3_cbc), - NULL, - NULL, - NULL, - NULL - }; - return &des_ede3_cbc; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_ede3_cbc); } /** @@ -1323,7 +1093,7 @@ EVP_des_ede3_cbc(void) const EVP_CIPHER * EVP_aes_128_cbc(void) { - return EVP_hcrypto_aes_128_cbc(); + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cbc); } /** @@ -1337,7 +1107,7 @@ EVP_aes_128_cbc(void) const EVP_CIPHER * EVP_aes_192_cbc(void) { - return EVP_hcrypto_aes_192_cbc(); + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cbc); } /** @@ -1351,37 +1121,7 @@ EVP_aes_192_cbc(void) const EVP_CIPHER * EVP_aes_256_cbc(void) { - return EVP_hcrypto_aes_256_cbc(); -} - -static int -camellia_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - CAMELLIA_KEY *k = ctx->cipher_data; - k->bits = ctx->cipher->key_len * 8; - CAMELLIA_set_key(key, ctx->cipher->key_len * 8, k); - return 1; -} - -static int -camellia_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int size) -{ - CAMELLIA_KEY *k = ctx->cipher_data; - CAMELLIA_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); - return 1; -} - -static int -camellia_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(CAMELLIA_KEY)); - return 1; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cbc); } /** @@ -1395,22 +1135,7 @@ camellia_cleanup(EVP_CIPHER_CTX *ctx) const EVP_CIPHER * EVP_camellia_128_cbc(void) { - static const EVP_CIPHER cipher = { - 0, - 16, - 16, - 16, - EVP_CIPH_CBC_MODE, - camellia_init, - camellia_do_cipher, - camellia_cleanup, - sizeof(CAMELLIA_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &cipher; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_128_cbc); } /** @@ -1424,22 +1149,7 @@ EVP_camellia_128_cbc(void) const EVP_CIPHER * EVP_camellia_192_cbc(void) { - static const EVP_CIPHER cipher = { - 0, - 16, - 24, - 16, - EVP_CIPH_CBC_MODE, - camellia_init, - camellia_do_cipher, - camellia_cleanup, - sizeof(CAMELLIA_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &cipher; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_192_cbc); } /** @@ -1453,22 +1163,7 @@ EVP_camellia_192_cbc(void) const EVP_CIPHER * EVP_camellia_256_cbc(void) { - static const EVP_CIPHER cipher = { - 0, - 16, - 32, - 16, - EVP_CIPH_CBC_MODE, - camellia_init, - camellia_do_cipher, - camellia_cleanup, - sizeof(CAMELLIA_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &cipher; + return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_256_cbc); } /* diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h index 0086a06960..600f69b7a5 100644 --- a/source4/heimdal/lib/hcrypto/evp.h +++ b/source4/heimdal/lib/hcrypto/evp.h @@ -74,12 +74,7 @@ #define EVP_aes_128_cbc hc_EVP_aes_128_cbc #define EVP_aes_192_cbc hc_EVP_aes_192_cbc #define EVP_aes_256_cbc hc_EVP_aes_256_cbc -#define EVP_hcrypto_aes_128_cbc hc_EVP_hcrypto_aes_128_cbc -#define EVP_hcrypto_aes_192_cbc hc_EVP_hcrypto_aes_192_cbc -#define EVP_hcrypto_aes_256_cbc hc_EVP_hcrypto_aes_256_cbc -#define EVP_hcrypto_aes_128_cts hc_EVP_hcrypto_aes_128_cts -#define EVP_hcrypto_aes_192_cts hc_EVP_hcrypto_aes_192_cts -#define EVP_hcrypto_aes_256_cts hc_EVP_hcrypto_aes_256_cts + #define EVP_des_cbc hc_EVP_des_cbc #define EVP_des_ede3_cbc hc_EVP_des_ede3_cbc #define EVP_enc_null hc_EVP_enc_null @@ -136,6 +131,7 @@ struct hc_CIPHER { #define EVP_CIPH_CBC_MODE 2 #define EVP_CIPH_MODE 0x7 +#define EVP_CIPH_VARIABLE_LENGTH 0x008 /* variable key length */ #define EVP_CIPH_ALWAYS_CALL_INIT 0x020 #define EVP_CIPH_RAND_KEY 0x200 @@ -203,11 +199,16 @@ struct hc_evp_md { #define HC_DEPRECATED_CRYPTO HC_DEPRECATED #endif - -#ifdef __cplusplus -extern "C" { +#ifdef __cplusplus +#define HC_CPP_BEGIN extern "C" { +#define HC_CPP_END } +#else +#define HC_CPP_BEGIN +#define HC_CPP_END #endif +HC_CPP_BEGIN + /* * Avaible crypto algs */ @@ -216,19 +217,13 @@ const EVP_MD *EVP_md_null(void); const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO; const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO; const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO; -const EVP_MD *EVP_sha(void); +const EVP_MD *EVP_sha(void) HC_DEPRECATED; const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_sha256(void); const EVP_CIPHER * EVP_aes_128_cbc(void); const EVP_CIPHER * EVP_aes_192_cbc(void); const EVP_CIPHER * EVP_aes_256_cbc(void); -const EVP_CIPHER * EVP_hcrypto_aes_128_cbc(void); -const EVP_CIPHER * EVP_hcrypto_aes_192_cbc(void); -const EVP_CIPHER * EVP_hcrypto_aes_256_cbc(void); -const EVP_CIPHER * EVP_hcrypto_aes_128_cts(void); -const EVP_CIPHER * EVP_hcrypto_aes_192_cts(void); -const EVP_CIPHER * EVP_hcrypto_aes_256_cts(void); const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO; const EVP_CIPHER * EVP_des_ede3_cbc(void); const EVP_CIPHER * EVP_enc_null(void); @@ -241,10 +236,6 @@ const EVP_CIPHER * EVP_camellia_128_cbc(void); const EVP_CIPHER * EVP_camellia_192_cbc(void); const EVP_CIPHER * EVP_camellia_256_cbc(void); -/* - * - */ - size_t EVP_MD_size(const EVP_MD *); size_t EVP_MD_block_size(const EVP_MD *); @@ -318,8 +309,6 @@ void OpenSSL_add_all_algorithms(void); void OpenSSL_add_all_algorithms_conf(void); void OpenSSL_add_all_algorithms_noconf(void); -#ifdef __cplusplus -} -#endif +HC_CPP_END #endif /* HEIM_EVP_H */ diff --git a/source4/heimdal/lib/hcrypto/imath/imath.c b/source4/heimdal/lib/hcrypto/imath/imath.c index f8e4154cdc..4e47a76ce2 100644 --- a/source4/heimdal/lib/hcrypto/imath/imath.c +++ b/source4/heimdal/lib/hcrypto/imath/imath.c @@ -2,7 +2,7 @@ Name: imath.c Purpose: Arbitrary precision integer arithmetic routines. Author: M. J. Fromberger - Info: $Id: imath.c 645 2008-08-03 04:00:30Z sting $ + Info: $Id: imath.c 826 2009-02-11 16:21:04Z sting $ Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved. @@ -40,7 +40,9 @@ #include #if DEBUG -#define static +#define STATIC /* public */ +#else +#define STATIC static #endif /* {{{ Constants */ @@ -58,8 +60,8 @@ const mp_result MP_MINERR = -6; const mp_sign MP_NEG = 1; /* value is strictly negative */ const mp_sign MP_ZPOS = 0; /* value is non-negative */ -static const char *s_unknown_err = "unknown result code"; -static const char *s_error_msg[] = { +STATIC const char *s_unknown_err = "unknown result code"; +STATIC const char *s_error_msg[] = { "error code 0", "boolean true", "out of memory", @@ -72,7 +74,7 @@ static const char *s_error_msg[] = { /* }}} */ -/* Argument checking macros +/* Argument checking macros Use CHECK() where a return value is required; NRCHECK() elsewhere */ #define CHECK(TEST) assert(TEST) #define NRCHECK(TEST) assert(TEST) @@ -88,7 +90,7 @@ static const char *s_error_msg[] = { The use of this table eliminates a dependency upon linkage against the standard math libraries. */ -static const double s_log2[] = { +STATIC const double s_log2[] = { 0.000000000, 0.000000000, 1.000000000, 0.630929754, /* 0 1 2 3 */ 0.500000000, 0.430676558, 0.386852807, 0.356207187, /* 4 5 6 7 */ 0.333333333, 0.315464877, 0.301029996, 0.289064826, /* 8 9 10 11 */ @@ -172,144 +174,144 @@ do{mp_size ua_=MP_USED(X),o_=ua_+ua_;ZERO(MP_DIGITS(Z),o_);\ #if IMATH_TEST mp_size default_precision = MP_DEFAULT_PREC; #else -static const mp_size default_precision = MP_DEFAULT_PREC; +STATIC const mp_size default_precision = MP_DEFAULT_PREC; #endif /* Minimum number of digits to invoke recursive multiply */ #if IMATH_TEST mp_size multiply_threshold = MP_MULT_THRESH; #else -static const mp_size multiply_threshold = MP_MULT_THRESH; +STATIC const mp_size multiply_threshold = MP_MULT_THRESH; #endif /* }}} */ /* Allocate a buffer of (at least) num digits, or return NULL if that couldn't be done. */ -static mp_digit *s_alloc(mp_size num); +STATIC mp_digit *s_alloc(mp_size num); /* Release a buffer of digits allocated by s_alloc(). */ -static void s_free(void *ptr); +STATIC void s_free(void *ptr); /* Insure that z has at least min digits allocated, resizing if necessary. Returns true if successful, false if out of memory. */ -static int s_pad(mp_int z, mp_size min); +STATIC int s_pad(mp_int z, mp_size min); /* Fill in a "fake" mp_int on the stack with a given value */ -static void s_fake(mp_int z, mp_small value, mp_digit vbuf[]); +STATIC void s_fake(mp_int z, mp_small value, mp_digit vbuf[]); /* Compare two runs of digits of given length, returns <0, 0, >0 */ -static int s_cdig(mp_digit *da, mp_digit *db, mp_size len); +STATIC int s_cdig(mp_digit *da, mp_digit *db, mp_size len); /* Pack the unsigned digits of v into array t */ -static int s_vpack(mp_small v, mp_digit t[]); +STATIC int s_vpack(mp_small v, mp_digit t[]); /* Compare magnitudes of a and b, returns <0, 0, >0 */ -static int s_ucmp(mp_int a, mp_int b); +STATIC int s_ucmp(mp_int a, mp_int b); /* Compare magnitudes of a and v, returns <0, 0, >0 */ -static int s_vcmp(mp_int a, mp_small v); +STATIC int s_vcmp(mp_int a, mp_small v); /* Unsigned magnitude addition; assumes dc is big enough. Carry out is returned (no memory allocated). */ -static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, +STATIC mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, mp_size size_b); /* Unsigned magnitude subtraction. Assumes dc is big enough. */ -static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, +STATIC void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, mp_size size_b); /* Unsigned recursive multiplication. Assumes dc is big enough. */ -static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, +STATIC int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, mp_size size_b); /* Unsigned magnitude multiplication. Assumes dc is big enough. */ -static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, +STATIC void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, mp_size size_b); /* Unsigned recursive squaring. Assumes dc is big enough. */ -static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a); +STATIC int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a); /* Unsigned magnitude squaring. Assumes dc is big enough. */ -static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a); +STATIC void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a); /* Single digit addition. Assumes a is big enough. */ -static void s_dadd(mp_int a, mp_digit b); +STATIC void s_dadd(mp_int a, mp_digit b); /* Single digit multiplication. Assumes a is big enough. */ -static void s_dmul(mp_int a, mp_digit b); +STATIC void s_dmul(mp_int a, mp_digit b); /* Single digit multiplication on buffers; assumes dc is big enough. */ -static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, +STATIC void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, mp_size size_a); -/* Single digit division. Replaces a with the quotient, +/* Single digit division. Replaces a with the quotient, returns the remainder. */ -static mp_digit s_ddiv(mp_int a, mp_digit b); +STATIC mp_digit s_ddiv(mp_int a, mp_digit b); /* Quick division by a power of 2, replaces z (no allocation) */ -static void s_qdiv(mp_int z, mp_size p2); +STATIC void s_qdiv(mp_int z, mp_size p2); /* Quick remainder by a power of 2, replaces z (no allocation) */ -static void s_qmod(mp_int z, mp_size p2); +STATIC void s_qmod(mp_int z, mp_size p2); -/* Quick multiplication by a power of 2, replaces z. +/* Quick multiplication by a power of 2, replaces z. Allocates if necessary; returns false in case this fails. */ -static int s_qmul(mp_int z, mp_size p2); +STATIC int s_qmul(mp_int z, mp_size p2); /* Quick subtraction from a power of 2, replaces z. Allocates if necessary; returns false in case this fails. */ -static int s_qsub(mp_int z, mp_size p2); +STATIC int s_qsub(mp_int z, mp_size p2); /* Return maximum k such that 2^k divides z. */ -static int s_dp2k(mp_int z); +STATIC int s_dp2k(mp_int z); /* Return k >= 0 such that z = 2^k, or -1 if there is no such k. */ -static int s_isp2(mp_int z); +STATIC int s_isp2(mp_int z); /* Set z to 2^k. May allocate; returns false in case this fails. */ -static int s_2expt(mp_int z, mp_small k); +STATIC int s_2expt(mp_int z, mp_small k); /* Normalize a and b for division, returns normalization constant */ -static int s_norm(mp_int a, mp_int b); +STATIC int s_norm(mp_int a, mp_int b); /* Compute constant mu for Barrett reduction, given modulus m, result replaces z, m is untouched. */ -static mp_result s_brmu(mp_int z, mp_int m); +STATIC mp_result s_brmu(mp_int z, mp_int m); /* Reduce a modulo m, using Barrett's algorithm. */ -static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2); +STATIC int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2); /* Modular exponentiation, using Barrett reduction */ -static mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c); +STATIC mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c); /* Unsigned magnitude division. Assumes |a| > |b|. Allocates temporaries; overwrites a with quotient, b with remainder. */ -static mp_result s_udiv(mp_int a, mp_int b); +STATIC mp_result s_udiv(mp_int a, mp_int b); /* Compute the number of digits in radix r required to represent the given value. Does not account for sign flags, terminators, etc. */ -static int s_outlen(mp_int z, mp_size r); +STATIC int s_outlen(mp_int z, mp_size r); /* Guess how many digits of precision will be needed to represent a radix r value of the specified number of digits. Returns a value guaranteed to be no smaller than the actual number required. */ -static mp_size s_inlen(int len, mp_size r); +STATIC mp_size s_inlen(int len, mp_size r); -/* Convert a character to a digit value in radix r, or +/* Convert a character to a digit value in radix r, or -1 if out of range */ -static int s_ch2val(char c, int r); +STATIC int s_ch2val(char c, int r); /* Convert a digit value to a character */ -static char s_val2ch(int v, int caps); +STATIC char s_val2ch(int v, int caps); /* Take 2's complement of a buffer in place */ -static void s_2comp(unsigned char *buf, int len); +STATIC void s_2comp(unsigned char *buf, int len); /* Convert a value to binary, ignoring sign. On input, *limpos is the bound on how many bytes should be written to buf; on output, *limpos is set to the number of bytes actually written. */ -static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad); +STATIC mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad); #if DEBUG /* Dump a representation of the mp_int to standard output */ @@ -340,8 +342,8 @@ mp_result mp_int_init(mp_int z) mp_int mp_int_alloc(void) { mp_int out = malloc(sizeof(mpz_t)); - - if(out != NULL) + + if(out != NULL) mp_int_init(out); return out; @@ -357,11 +359,11 @@ mp_result mp_int_init_size(mp_int z, mp_size prec) if(prec == 0) prec = default_precision; - else if(prec == 1) + else if(prec == 1) return mp_int_init(z); - else + else prec = (mp_size) ROUND_PREC(prec); - + if((MP_DIGITS(z) = s_alloc(prec)) == NULL) return MP_MEMORY; @@ -369,7 +371,7 @@ mp_result mp_int_init_size(mp_int z, mp_size prec) MP_USED(z) = 1; MP_ALLOC(z) = prec; MP_SIGN(z) = MP_ZPOS; - + return MP_OK; } @@ -550,17 +552,18 @@ mp_result mp_int_neg(mp_int a, mp_int c) /* {{{ mp_int_add(a, b, c) */ mp_result mp_int_add(mp_int a, mp_int b, mp_int c) -{ - mp_size ua, ub, uc, max; +{ + mp_size ua, ub, max; CHECK(a != NULL && b != NULL && c != NULL); - ua = MP_USED(a); ub = MP_USED(b); uc = MP_USED(c); + ua = MP_USED(a); ub = MP_USED(b); max = MAX(ua, ub); if(MP_SIGN(a) == MP_SIGN(b)) { /* Same sign -- add magnitudes, preserve sign of addends */ mp_digit carry; + mp_size uc; if(!s_pad(c, max)) return MP_MEMORY; @@ -579,7 +582,7 @@ mp_result mp_int_add(mp_int a, mp_int b, mp_int c) MP_USED(c) = uc; MP_SIGN(c) = MP_SIGN(a); - } + } else { /* Different signs -- subtract magnitudes, preserve sign of greater */ mp_int x, y; @@ -606,7 +609,7 @@ mp_result mp_int_add(mp_int a, mp_int b, mp_int c) s_usub(MP_DIGITS(x), MP_DIGITS(y), MP_DIGITS(c), MP_USED(x), MP_USED(y)); MP_USED(c) = MP_USED(x); CLAMP(c); - + /* Give result the sign of the larger */ MP_SIGN(c) = MP_SIGN(x); } @@ -634,16 +637,17 @@ mp_result mp_int_add_value(mp_int a, mp_small value, mp_int c) mp_result mp_int_sub(mp_int a, mp_int b, mp_int c) { - mp_size ua, ub, uc, max; + mp_size ua, ub, max; CHECK(a != NULL && b != NULL && c != NULL); - ua = MP_USED(a); ub = MP_USED(b); uc = MP_USED(c); + ua = MP_USED(a); ub = MP_USED(b); max = MAX(ua, ub); if(MP_SIGN(a) != MP_SIGN(b)) { /* Different signs -- add magnitudes and keep sign of a */ mp_digit carry; + mp_size uc; if(!s_pad(c, max)) return MP_MEMORY; @@ -662,7 +666,7 @@ mp_result mp_int_sub(mp_int a, mp_int b, mp_int c) MP_USED(c) = uc; MP_SIGN(c) = MP_SIGN(a); - } + } else { /* Same signs -- subtract magnitudes */ mp_int x, y; @@ -674,7 +678,7 @@ mp_result mp_int_sub(mp_int a, mp_int b, mp_int c) if(cmp >= 0) { x = a; y = b; osign = MP_ZPOS; - } + } else { x = b; y = a; osign = MP_NEG; } @@ -711,7 +715,7 @@ mp_result mp_int_sub_value(mp_int a, mp_small value, mp_int c) /* {{{ mp_int_mul(a, b, c) */ mp_result mp_int_mul(mp_int a, mp_int b, mp_int c) -{ +{ mp_digit *out; mp_size osize, ua, ub, p = 0; mp_sign osign; @@ -723,7 +727,7 @@ mp_result mp_int_mul(mp_int a, mp_int b, mp_int c) mp_int_zero(c); return MP_OK; } - + /* Output is positive if inputs have same sign, otherwise negative */ osign = (MP_SIGN(a) == MP_SIGN(b)) ? MP_ZPOS : MP_NEG; @@ -739,11 +743,11 @@ mp_result mp_int_mul(mp_int a, mp_int b, mp_int c) if((out = s_alloc(p)) == NULL) return MP_MEMORY; - } + } else { if(!s_pad(c, osize)) return MP_MEMORY; - + out = MP_DIGITS(c); } ZERO(out, osize); @@ -764,7 +768,7 @@ mp_result mp_int_mul(mp_int a, mp_int b, mp_int c) MP_USED(c) = osize; /* might not be true, but we'll fix it ... */ CLAMP(c); /* ... right here */ MP_SIGN(c) = osign; - + return MP_OK; } @@ -805,7 +809,7 @@ mp_result mp_int_mul_pow2(mp_int a, mp_small p2, mp_int c) /* {{{ mp_int_sqr(a, c) */ mp_result mp_int_sqr(mp_int a, mp_int c) -{ +{ mp_digit *out; mp_size osize, p = 0; @@ -819,9 +823,9 @@ mp_result mp_int_sqr(mp_int a, mp_int c) if((out = s_alloc(p)) == NULL) return MP_MEMORY; - } + } else { - if(!s_pad(c, osize)) + if(!s_pad(c, osize)) return MP_MEMORY; out = MP_DIGITS(c); @@ -843,7 +847,7 @@ mp_result mp_int_sqr(mp_int a, mp_int c) MP_USED(c) = osize; /* might not be true, but we'll fix it ... */ CLAMP(c); /* ... right here */ MP_SIGN(c) = MP_ZPOS; - + return MP_OK; } @@ -860,7 +864,7 @@ mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r) mp_sign sa = MP_SIGN(a), sb = MP_SIGN(b); CHECK(a != NULL && b != NULL && q != r); - + if(CMPZ(b) == 0) return MP_UNDEF; else if((cmp = s_ucmp(a, b)) < 0) { @@ -874,7 +878,7 @@ mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r) mp_int_zero(q); return MP_OK; - } + } else if(cmp == 0) { /* If |a| = |b|, no division is required: q = 1 or -1, r = 0 @@ -891,19 +895,19 @@ mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r) } return MP_OK; - } + } /* When |a| > |b|, real division is required. We need someplace to store quotient and remainder, but q and r are allowed to be NULL or to overlap with the inputs. */ if((lg = s_isp2(b)) < 0) { - if(q && b != q) { + if(q && b != q) { if((res = mp_int_copy(a, q)) != MP_OK) goto CLEANUP; else qout = q; - } + } else { qout = TEMP(last); SETUP(mp_int_init_copy(TEMP(last), a), last); @@ -914,14 +918,14 @@ mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r) goto CLEANUP; else rout = r; - } + } else { rout = TEMP(last); SETUP(mp_int_init_copy(TEMP(last), b), last); } if((res = s_udiv(qout, rout)) != MP_OK) goto CLEANUP; - } + } else { if(q && (res = mp_int_copy(a, q)) != MP_OK) goto CLEANUP; if(r && (res = mp_int_copy(a, r)) != MP_OK) goto CLEANUP; @@ -931,7 +935,7 @@ mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r) } /* Recompute signs for output */ - if(rout) { + if(rout) { MP_SIGN(rout) = sa; if(CMPZ(rout) == 0) MP_SIGN(rout) = MP_ZPOS; @@ -965,7 +969,7 @@ mp_result mp_int_mod(mp_int a, mp_int m, mp_int c) if(m == c) { mp_int_init(&tmp); out = &tmp; - } + } else { out = c; } @@ -1021,7 +1025,7 @@ mp_result mp_int_div_pow2(mp_int a, mp_small p2, mp_int q, mp_int r) if(q != NULL && (res = mp_int_copy(a, q)) == MP_OK) s_qdiv(q, (mp_size) p2); - + if(res == MP_OK && r != NULL && (res = mp_int_copy(a, r)) == MP_OK) s_qmod(r, (mp_size) p2); @@ -1037,7 +1041,7 @@ mp_result mp_int_expt(mp_int a, mp_small b, mp_int c) mpz_t t; mp_result res; unsigned int v = abs(b); - + CHECK(b >= 0 && c != NULL); if((res = mp_int_init_copy(&t, a)) != MP_OK) @@ -1056,7 +1060,7 @@ mp_result mp_int_expt(mp_int a, mp_small b, mp_int c) if((res = mp_int_sqr(&t, &t)) != MP_OK) goto CLEANUP; } - + CLEANUP: mp_int_clear(&t); return res; @@ -1071,7 +1075,7 @@ mp_result mp_int_expt_value(mp_small a, mp_small b, mp_int c) mpz_t t; mp_result res; unsigned int v = abs(b); - + CHECK(b >= 0 && c != NULL); if((res = mp_int_init_value(&t, a)) != MP_OK) @@ -1090,7 +1094,7 @@ mp_result mp_int_expt_value(mp_small a, mp_small b, mp_int c) if((res = mp_int_sqr(&t, &t)) != MP_OK) goto CLEANUP; } - + CLEANUP: mp_int_clear(&t); return res; @@ -1101,7 +1105,7 @@ mp_result mp_int_expt_value(mp_small a, mp_small b, mp_int c) /* {{{ mp_int_compare(a, b) */ int mp_int_compare(mp_int a, mp_int b) -{ +{ mp_sign sa; CHECK(a != NULL && b != NULL); @@ -1112,12 +1116,12 @@ int mp_int_compare(mp_int a, mp_int b) /* If they're both zero or positive, the normal comparison applies; if both negative, the sense is reversed. */ - if(sa == MP_ZPOS) + if(sa == MP_ZPOS) return cmp; else return -cmp; - } + } else { if(sa == MP_ZPOS) return 1; @@ -1131,7 +1135,7 @@ int mp_int_compare(mp_int a, mp_int b) /* {{{ mp_int_compare_unsigned(a, b) */ int mp_int_compare_unsigned(mp_int a, mp_int b) -{ +{ NRCHECK(a != NULL && b != NULL); return s_ucmp(a, b); @@ -1142,14 +1146,14 @@ int mp_int_compare_unsigned(mp_int a, mp_int b) /* {{{ mp_int_compare_zero(z) */ int mp_int_compare_zero(mp_int z) -{ +{ NRCHECK(z != NULL); if(MP_USED(z) == 1 && z->digits[0] == 0) return 0; else if(MP_SIGN(z) == MP_ZPOS) return 1; - else + else return -1; } @@ -1171,7 +1175,7 @@ int mp_int_compare_value(mp_int z, mp_small value) return cmp; else return -cmp; - } + } else { if(value < 0) return 1; @@ -1185,7 +1189,7 @@ int mp_int_compare_value(mp_int z, mp_small value) /* {{{ mp_int_exptmod(a, b, m, c) */ mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c) -{ +{ mp_result res; mp_size um; mpz_t temp[3]; @@ -1207,11 +1211,11 @@ mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c) if(c == b || c == m) { SETUP(mp_int_init_size(TEMP(2), 2 * um), last); s = TEMP(2); - } + } else { s = c; } - + if((res = mp_int_mod(a, m, TEMP(0))) != MP_OK) goto CLEANUP; if((res = s_brmu(TEMP(1), m)) != MP_OK) goto CLEANUP; @@ -1283,11 +1287,11 @@ mp_result mp_int_exptmod_known(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c if(c == b || c == m) { SETUP(mp_int_init_size(TEMP(1), 2 * um), last); s = TEMP(1); - } + } else { s = c; } - + if((res = mp_int_mod(a, m, TEMP(0))) != MP_OK) goto CLEANUP; if((res = s_embar(TEMP(0), b, m, mu, s)) != MP_OK) @@ -1334,7 +1338,7 @@ mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c) for(last = 0; last < 2; ++last) mp_int_init(TEMP(last)); - if((res = mp_int_egcd(a, m, TEMP(0), TEMP(1), NULL)) != MP_OK) + if((res = mp_int_egcd(a, m, TEMP(0), TEMP(1), NULL)) != MP_OK) goto CLEANUP; if(mp_int_compare_value(TEMP(0), 1) != 0) { @@ -1369,7 +1373,7 @@ mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c) /* Binary GCD algorithm due to Josef Stein, 1961 */ mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c) -{ +{ int ca, cb, k = 0; mpz_t u, v, t; mp_result res; @@ -1380,9 +1384,9 @@ mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c) cb = CMPZ(b); if(ca == 0 && cb == 0) return MP_UNDEF; - else if(ca == 0) + else if(ca == 0) return mp_int_abs(b, c); - else if(cb == 0) + else if(cb == 0) return mp_int_abs(a, c); mp_int_init(&t); @@ -1395,16 +1399,16 @@ mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c) { /* Divide out common factors of 2 from u and v */ int div2_u = s_dp2k(&u), div2_v = s_dp2k(&v); - + k = MIN(div2_u, div2_v); s_qdiv(&u, (mp_size) k); s_qdiv(&v, (mp_size) k); } - + if(mp_int_is_odd(&u)) { if((res = mp_int_neg(&v, &t)) != MP_OK) goto CLEANUP; - } + } else { if((res = mp_int_copy(&u, &t)) != MP_OK) goto CLEANUP; @@ -1416,7 +1420,7 @@ mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c) if(CMPZ(&t) > 0) { if((res = mp_int_copy(&t, &u)) != MP_OK) goto CLEANUP; - } + } else { if((res = mp_int_neg(&t, &v)) != MP_OK) goto CLEANUP; @@ -1427,13 +1431,13 @@ mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c) if(CMPZ(&t) == 0) break; - } + } if((res = mp_int_abs(&u, c)) != MP_OK) goto CLEANUP; if(!s_qmul(c, (mp_size) k)) res = MP_MEMORY; - + CLEANUP: mp_int_clear(&v); V: mp_int_clear(&u); @@ -1450,14 +1454,14 @@ mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c) of the elementary matrix operations as we go, so we can get values x and y satisfying c = ax + by. */ -mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, +mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, mp_int x, mp_int y) -{ +{ int k, last = 0, ca, cb; mpz_t temp[8]; mp_result res; - - CHECK(a != NULL && b != NULL && c != NULL && + + CHECK(a != NULL && b != NULL && c != NULL && (x != NULL || y != NULL)); ca = CMPZ(a); @@ -1467,7 +1471,7 @@ mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, else if(ca == 0) { if((res = mp_int_abs(b, c)) != MP_OK) return res; mp_int_zero(x); (void) mp_int_set_value(y, 1); return MP_OK; - } + } else if(cb == 0) { if((res = mp_int_abs(a, c)) != MP_OK) return res; (void) mp_int_set_value(x, 1); mp_int_zero(y); return MP_OK; @@ -1475,7 +1479,7 @@ mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* Initialize temporaries: A:0, B:1, C:2, D:3, u:4, v:5, ou:6, ov:7 */ - for(last = 0; last < 4; ++last) + for(last = 0; last < 4; ++last) mp_int_init(TEMP(last)); TEMP(0)->digits[0] = 1; TEMP(3)->digits[0] = 1; @@ -1489,7 +1493,7 @@ mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, { /* Divide out common factors of 2 from u and v */ int div2_u = s_dp2k(TEMP(4)), div2_v = s_dp2k(TEMP(5)); - + k = MIN(div2_u, div2_v); s_qdiv(TEMP(4), k); s_qdiv(TEMP(5), k); @@ -1501,25 +1505,25 @@ mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, for(;;) { while(mp_int_is_even(TEMP(4))) { s_qdiv(TEMP(4), 1); - + if(mp_int_is_odd(TEMP(0)) || mp_int_is_odd(TEMP(1))) { - if((res = mp_int_add(TEMP(0), TEMP(7), TEMP(0))) != MP_OK) + if((res = mp_int_add(TEMP(0), TEMP(7), TEMP(0))) != MP_OK) goto CLEANUP; - if((res = mp_int_sub(TEMP(1), TEMP(6), TEMP(1))) != MP_OK) + if((res = mp_int_sub(TEMP(1), TEMP(6), TEMP(1))) != MP_OK) goto CLEANUP; } s_qdiv(TEMP(0), 1); s_qdiv(TEMP(1), 1); } - + while(mp_int_is_even(TEMP(5))) { s_qdiv(TEMP(5), 1); if(mp_int_is_odd(TEMP(2)) || mp_int_is_odd(TEMP(3))) { - if((res = mp_int_add(TEMP(2), TEMP(7), TEMP(2))) != MP_OK) + if((res = mp_int_add(TEMP(2), TEMP(7), TEMP(2))) != MP_OK) goto CLEANUP; - if((res = mp_int_sub(TEMP(3), TEMP(6), TEMP(3))) != MP_OK) + if((res = mp_int_sub(TEMP(3), TEMP(6), TEMP(3))) != MP_OK) goto CLEANUP; } @@ -1531,7 +1535,7 @@ mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, if((res = mp_int_sub(TEMP(4), TEMP(5), TEMP(4))) != MP_OK) goto CLEANUP; if((res = mp_int_sub(TEMP(0), TEMP(2), TEMP(0))) != MP_OK) goto CLEANUP; if((res = mp_int_sub(TEMP(1), TEMP(3), TEMP(1))) != MP_OK) goto CLEANUP; - } + } else { if((res = mp_int_sub(TEMP(5), TEMP(4), TEMP(5))) != MP_OK) goto CLEANUP; if((res = mp_int_sub(TEMP(2), TEMP(0), TEMP(2))) != MP_OK) goto CLEANUP; @@ -1546,7 +1550,7 @@ mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, res = MP_MEMORY; goto CLEANUP; } - + res = mp_int_copy(TEMP(5), c); } @@ -1572,8 +1576,8 @@ mp_result mp_int_lcm(mp_int a, mp_int b, mp_int c) CHECK(a != NULL && b != NULL && c != NULL); - /* Since a * b = gcd(a, b) * lcm(a, b), we can compute - lcm(a, b) = (a / gcd(a, b)) * b. + /* Since a * b = gcd(a, b) * lcm(a, b), we can compute + lcm(a, b) = (a / gcd(a, b)) * b. This formulation insures everything works even if the input variables share space. @@ -1681,7 +1685,7 @@ mp_result mp_int_root(mp_int a, mp_small b, mp_int c) if((res = mp_int_copy(TEMP(4), TEMP(1))) != MP_OK) goto CLEANUP; } - + if((res = mp_int_copy(TEMP(1), c)) != MP_OK) goto CLEANUP; @@ -1693,7 +1697,7 @@ mp_result mp_int_root(mp_int a, mp_small b, mp_int c) while(--last >= 0) mp_int_clear(TEMP(last)); - return res; + return res; } /* }}} */ @@ -1714,10 +1718,10 @@ mp_result mp_int_to_int(mp_int z, mp_small *out) if((sz == MP_ZPOS && mp_int_compare_value(z, MP_SMALL_MAX) > 0) || mp_int_compare_value(z, MP_SMALL_MIN) < 0) return MP_RANGE; - + uz = MP_USED(z); dz = MP_DIGITS(z) + uz - 1; - + while(uz > 0) { uv <<= MP_DIGIT_BIT/2; uv = (uv << (MP_DIGIT_BIT/2)) | *dz--; @@ -1740,26 +1744,26 @@ mp_result mp_int_to_uint(mp_int z, mp_usmall *out) mp_size uz; mp_digit *dz; mp_sign sz; - + CHECK(z != NULL); /* Make sure the value is representable as an int */ sz = MP_SIGN(z); if(!(sz == MP_ZPOS && mp_int_compare_value(z, UINT_MAX) <= 0)) return MP_RANGE; - + uz = MP_USED(z); dz = MP_DIGITS(z) + uz - 1; - + while(uz > 0) { uv <<= MP_DIGIT_BIT/2; uv = (uv << (MP_DIGIT_BIT/2)) | *dz--; --uz; } - + if(out) *out = uv; - + return MP_OK; } @@ -1767,7 +1771,7 @@ mp_result mp_int_to_uint(mp_int z, mp_usmall *out) /* {{{ mp_int_to_string(z, radix, str, limit) */ -mp_result mp_int_to_string(mp_int z, mp_size radix, +mp_result mp_int_to_string(mp_int z, mp_size radix, char *str, int limit) { mp_result res; @@ -1780,7 +1784,7 @@ mp_result mp_int_to_string(mp_int z, mp_size radix, if(CMPZ(z) == 0) { *str++ = s_val2ch(0, 1); - } + } else { mpz_t tmp; char *h, *t; @@ -1828,7 +1832,7 @@ mp_result mp_int_to_string(mp_int z, mp_size radix, /* {{{ mp_int_string_len(z, radix) */ mp_result mp_int_string_len(mp_int z, mp_size radix) -{ +{ int len; CHECK(z != NULL); @@ -1861,7 +1865,7 @@ mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str) /* {{{ mp_int_read_cstring(z, radix, *str, **end) */ mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, char **end) -{ +{ int ch; CHECK(z != NULL && str != NULL); @@ -1887,7 +1891,7 @@ mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, char **e } /* Skip leading zeroes */ - while((ch = s_ch2val(*str, radix)) == 0) + while((ch = s_ch2val(*str, radix)) == 0) ++str; /* Make sure there is enough space for the value */ @@ -1901,20 +1905,20 @@ mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, char **e s_dadd(z, (mp_digit)ch); ++str; } - + CLAMP(z); /* Override sign for zero, even if negative specified. */ if(CMPZ(z) == 0) MP_SIGN(z) = MP_ZPOS; - + if(end != NULL) *end = (char *)str; /* Return a truncation error if the string has unprocessed characters remaining, so the caller can tell if the whole string was done */ - if(*str != '\0') + if(*str != '\0') return MP_TRUNC; else return MP_OK; @@ -1959,7 +1963,7 @@ mp_result mp_int_to_binary(mp_int z, unsigned char *buf, int limit) int limpos = limit; CHECK(z != NULL && buf != NULL); - + res = s_tobin(z, buf, &limpos, PAD_FOR_2C); if(MP_SIGN(z) == MP_NEG) @@ -1993,7 +1997,7 @@ mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len) MP_SIGN(z) = MP_NEG; s_2comp(buf, len); } - + dz = MP_DIGITS(z); for(tmp = buf, i = len; i > 0; --i, ++tmp) { s_qmul(z, (mp_size) CHAR_BIT); @@ -2014,7 +2018,7 @@ mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len) mp_result mp_int_binary_len(mp_int z) { mp_result res = mp_int_count_bits(z); - int bytes = mp_int_unsigned_len(z); + int bytes; if(res <= 0) return res; @@ -2115,7 +2119,7 @@ const char *mp_error_string(mp_result res) /* {{{ s_alloc(num) */ -static mp_digit *s_alloc(mp_size num) +STATIC mp_digit *s_alloc(mp_size num) { mp_digit *out = malloc(num * sizeof(mp_digit)); @@ -2137,7 +2141,7 @@ static mp_digit *s_alloc(mp_size num) /* {{{ s_realloc(old, osize, nsize) */ -static mp_digit *s_realloc(mp_digit *old, mp_size osize, mp_size nsize) +STATIC mp_digit *s_realloc(mp_digit *old, mp_size osize, mp_size nsize) { #if DEBUG > 1 mp_digit *new = s_alloc(nsize); @@ -2159,7 +2163,7 @@ static mp_digit *s_realloc(mp_digit *old, mp_size osize, mp_size nsize) /* {{{ s_free(ptr) */ -static void s_free(void *ptr) +STATIC void s_free(void *ptr) { free(ptr); } @@ -2168,7 +2172,7 @@ static void s_free(void *ptr) /* {{{ s_pad(z, min) */ -static int s_pad(mp_int z, mp_size min) +STATIC int s_pad(mp_int z, mp_size min) { if(MP_ALLOC(z) < min) { mp_size nsize = ROUND_PREC(min); @@ -2182,7 +2186,7 @@ static int s_pad(mp_int z, mp_size min) } else if((tmp = s_realloc(MP_DIGITS(z), MP_ALLOC(z), nsize)) == NULL) return 0; - + MP_DIGITS(z) = tmp; MP_ALLOC(z) = nsize; } @@ -2194,7 +2198,7 @@ static int s_pad(mp_int z, mp_size min) /* {{{ s_fake(z, value, vbuf) */ -static void s_fake(mp_int z, mp_small value, mp_digit vbuf[]) +STATIC void s_fake(mp_int z, mp_small value, mp_digit vbuf[]) { mp_size uv = (mp_size) s_vpack(value, vbuf); @@ -2208,7 +2212,7 @@ static void s_fake(mp_int z, mp_small value, mp_digit vbuf[]) /* {{{ s_cdig(da, db, len) */ -static int s_cdig(mp_digit *da, mp_digit *db, mp_size len) +STATIC int s_cdig(mp_digit *da, mp_digit *db, mp_size len) { mp_digit *dat = da + len - 1, *dbt = db + len - 1; @@ -2226,11 +2230,11 @@ static int s_cdig(mp_digit *da, mp_digit *db, mp_size len) /* {{{ s_vpack(v, t[]) */ -static int s_vpack(mp_small v, mp_digit t[]) +STATIC int s_vpack(mp_small v, mp_digit t[]) { mp_usmall uv = (mp_usmall) ((v < 0) ? -v : v); int ndig = 0; - + if(uv == 0) t[ndig++] = 0; else { @@ -2248,15 +2252,15 @@ static int s_vpack(mp_small v, mp_digit t[]) /* {{{ s_ucmp(a, b) */ -static int s_ucmp(mp_int a, mp_int b) +STATIC int s_ucmp(mp_int a, mp_int b) { mp_size ua = MP_USED(a), ub = MP_USED(b); - + if(ua > ub) return 1; - else if(ub > ua) + else if(ub > ua) return -1; - else + else return s_cdig(MP_DIGITS(a), MP_DIGITS(b), ua); } @@ -2264,7 +2268,7 @@ static int s_ucmp(mp_int a, mp_int b) /* {{{ s_vcmp(a, v) */ -static int s_vcmp(mp_int a, mp_small v) +STATIC int s_vcmp(mp_int a, mp_small v) { mp_digit vdig[MP_VALUE_DIGITS(v)]; int ndig = 0; @@ -2284,7 +2288,7 @@ static int s_vcmp(mp_int a, mp_small v) /* {{{ s_uadd(da, db, dc, size_a, size_b) */ -static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, +STATIC mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, mp_size size_b) { mp_size pos; @@ -2319,7 +2323,7 @@ static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, /* {{{ s_usub(da, db, dc, size_a, size_b) */ -static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, +STATIC void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, mp_size size_b) { mp_size pos; @@ -2340,7 +2344,7 @@ static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, /* Finish the subtraction for remaining upper digits of da */ for(/* */; pos < size_a; ++pos, ++da, ++dc) { w = ((mp_word)MP_DIGIT_MAX + 1 + /* MP_RADIX */ - (mp_word)*da) - w; + (mp_word)*da) - w; *dc = LOWER_HALF(w); w = (UPPER_HALF(w) == 0); @@ -2354,7 +2358,7 @@ static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, /* {{{ s_kmul(da, db, dc, size_a, size_b) */ -static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, +STATIC int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, mp_size size_b) { mp_size bot_size; @@ -2374,13 +2378,13 @@ static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, Karatsuba algorithm to compute the product; otherwise use the normal multiplication algorithm */ - if(multiply_threshold && - size_a >= multiply_threshold && + if(multiply_threshold && + size_a >= multiply_threshold && size_b > bot_size) { mp_digit *t1, *t2, *t3, carry; - mp_digit *a_top = da + bot_size; + mp_digit *a_top = da + bot_size; mp_digit *b_top = db + bot_size; mp_size at_size = size_a - bot_size; @@ -2389,7 +2393,7 @@ static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, /* Do a single allocation for all three temporary buffers needed; each buffer must be big enough to hold the product of two - bottom halves, and one buffer needs space for the completed + bottom halves, and one buffer needs space for the completed product; twice the space is plenty. */ if((t1 = s_alloc(4 * buf_size)) == NULL) return 0; @@ -2423,15 +2427,15 @@ static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, /* Assemble the output value */ COPY(t1, dc, buf_size); carry = s_uadd(t3, dc + bot_size, dc + bot_size, - buf_size + 1, buf_size); + buf_size + 1, buf_size); assert(carry == 0); - + carry = s_uadd(t2, dc + 2*bot_size, dc + 2*bot_size, - buf_size, buf_size); + buf_size, buf_size); assert(carry == 0); - + s_free(t1); /* note t2 and t3 are just internal pointers to t1 */ - } + } else { s_umul(da, db, dc, size_a, size_b); } @@ -2443,7 +2447,7 @@ static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, /* {{{ s_umul(da, db, dc, size_a, size_b) */ -static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, +STATIC void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, mp_size size_a, mp_size size_b) { mp_size a, b; @@ -2472,7 +2476,7 @@ static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, /* {{{ s_ksqr(da, dc, size_a) */ -static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a) +STATIC int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a) { if(multiply_threshold && size_a > multiply_threshold) { mp_size bot_size = (size_a + 1) / 2; @@ -2517,7 +2521,7 @@ static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a) s_free(t1); /* note that t2 and t2 are internal pointers only */ - } + } else { s_usqr(da, dc, size_a); } @@ -2529,7 +2533,7 @@ static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a) /* {{{ s_usqr(da, dc, size_a) */ -static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a) +STATIC void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a) { mp_size i, j; mp_word w; @@ -2571,7 +2575,7 @@ static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a) } w = w + *dct; - *dct = (mp_digit)w; + *dct = (mp_digit)w; while((w = UPPER_HALF(w)) != 0) { ++dct; w = w + *dct; *dct = LOWER_HALF(w); @@ -2585,7 +2589,7 @@ static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a) /* {{{ s_dadd(a, b) */ -static void s_dadd(mp_int a, mp_digit b) +STATIC void s_dadd(mp_int a, mp_digit b) { mp_word w = 0; mp_digit *da = MP_DIGITS(a); @@ -2612,7 +2616,7 @@ static void s_dadd(mp_int a, mp_digit b) /* {{{ s_dmul(a, b) */ -static void s_dmul(mp_int a, mp_digit b) +STATIC void s_dmul(mp_int a, mp_digit b) { mp_word w = 0; mp_digit *da = MP_DIGITS(a); @@ -2635,7 +2639,7 @@ static void s_dmul(mp_int a, mp_digit b) /* {{{ s_dbmul(da, b, dc, size_a) */ -static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, mp_size size_a) +STATIC void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, mp_size size_a) { mp_word w = 0; @@ -2655,23 +2659,23 @@ static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, mp_size size_a) /* {{{ s_ddiv(da, d, dc, size_a) */ -static mp_digit s_ddiv(mp_int a, mp_digit b) +STATIC mp_digit s_ddiv(mp_int a, mp_digit b) { mp_word w = 0, qdigit; mp_size ua = MP_USED(a); mp_digit *da = MP_DIGITS(a) + ua - 1; - + for(/* */; ua > 0; --ua, --da) { w = (w << MP_DIGIT_BIT) | *da; if(w >= b) { qdigit = w / b; w = w % b; - } + } else { qdigit = 0; } - + *da = (mp_digit)qdigit; } @@ -2683,7 +2687,7 @@ static mp_digit s_ddiv(mp_int a, mp_digit b) /* {{{ s_qdiv(z, p2) */ -static void s_qdiv(mp_int z, mp_size p2) +STATIC void s_qdiv(mp_int z, mp_size p2) { mp_size ndig = p2 / MP_DIGIT_BIT, nbits = p2 % MP_DIGIT_BIT; mp_size uz = MP_USED(z); @@ -2699,7 +2703,7 @@ static void s_qdiv(mp_int z, mp_size p2) to = MP_DIGITS(z); from = to + ndig; - for(mark = ndig; mark < uz; ++mark) + for(mark = ndig; mark < uz; ++mark) *to++ = *from++; MP_USED(z) = uz - ndig; @@ -2730,7 +2734,7 @@ static void s_qdiv(mp_int z, mp_size p2) /* {{{ s_qmod(z, p2) */ -static void s_qmod(mp_int z, mp_size p2) +STATIC void s_qmod(mp_int z, mp_size p2) { mp_size start = p2 / MP_DIGIT_BIT + 1, rest = p2 % MP_DIGIT_BIT; mp_size uz = MP_USED(z); @@ -2747,7 +2751,7 @@ static void s_qmod(mp_int z, mp_size p2) /* {{{ s_qmul(z, p2) */ -static int s_qmul(mp_int z, mp_size p2) +STATIC int s_qmul(mp_int z, mp_size p2) { mp_size uz, need, rest, extra, i; mp_digit *from, *to, d; @@ -2755,7 +2759,7 @@ static int s_qmul(mp_int z, mp_size p2) if(p2 == 0) return 1; - uz = MP_USED(z); + uz = MP_USED(z); need = p2 / MP_DIGIT_BIT; rest = p2 % MP_DIGIT_BIT; /* Figure out if we need an extra digit at the top end; this occurs @@ -2790,7 +2794,7 @@ static int s_qmul(mp_int z, mp_size p2) d = 0; for(i = need, from = MP_DIGITS(z) + need; i < uz; ++i, ++from) { mp_digit save = *from; - + *from = (*from << rest) | (d >> (MP_DIGIT_BIT - rest)); d = save; } @@ -2815,7 +2819,7 @@ static int s_qmul(mp_int z, mp_size p2) /* Compute z = 2^p2 - |z|; requires that 2^p2 >= |z| The sign of the result is always zero/positive. */ -static int s_qsub(mp_int z, mp_size p2) +STATIC int s_qsub(mp_int z, mp_size p2) { mp_digit hi = (1 << (p2 % MP_DIGIT_BIT)), *zp; mp_size tdig = (p2 / MP_DIGIT_BIT), pos; @@ -2835,7 +2839,7 @@ static int s_qsub(mp_int z, mp_size p2) *zp = LOWER_HALF(w); assert(UPPER_HALF(w) != 0); /* no borrow out should be possible */ - + MP_SIGN(z) = MP_ZPOS; CLAMP(z); @@ -2846,7 +2850,7 @@ static int s_qsub(mp_int z, mp_size p2) /* {{{ s_dp2k(z) */ -static int s_dp2k(mp_int z) +STATIC int s_dp2k(mp_int z) { int k = 0; mp_digit *dp = MP_DIGITS(z), d; @@ -2858,7 +2862,7 @@ static int s_dp2k(mp_int z) k += MP_DIGIT_BIT; ++dp; } - + d = *dp; while((d & 1) == 0) { d >>= 1; @@ -2872,7 +2876,7 @@ static int s_dp2k(mp_int z) /* {{{ s_isp2(z) */ -static int s_isp2(mp_int z) +STATIC int s_isp2(mp_int z) { mp_size uz = MP_USED(z), k = 0; mp_digit *dz = MP_DIGITS(z), d; @@ -2898,7 +2902,7 @@ static int s_isp2(mp_int z) /* {{{ s_2expt(z, k) */ -static int s_2expt(mp_int z, mp_small k) +STATIC int s_2expt(mp_int z, mp_small k) { mp_size ndig, rest; mp_digit *dz; @@ -2921,7 +2925,7 @@ static int s_2expt(mp_int z, mp_small k) /* {{{ s_norm(a, b) */ -static int s_norm(mp_int a, mp_int b) +STATIC int s_norm(mp_int a, mp_int b) { mp_digit d = b->digits[MP_USED(b) - 1]; int k = 0; @@ -2944,7 +2948,7 @@ static int s_norm(mp_int a, mp_int b) /* {{{ s_brmu(z, m) */ -static mp_result s_brmu(mp_int z, mp_int m) +STATIC mp_result s_brmu(mp_int z, mp_int m) { mp_size um = MP_USED(m) * 2; @@ -2959,7 +2963,7 @@ static mp_result s_brmu(mp_int z, mp_int m) /* {{{ s_reduce(x, m, mu, q1, q2) */ -static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2) +STATIC int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2) { mp_size um = MP_USED(m), umb_p1, umb_m1; @@ -3008,10 +3012,10 @@ static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2) /* Perform modular exponentiation using Barrett's method, where mu is the reduction constant for m. Assumes a < m, b > 0. */ -static mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) +STATIC mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) { mp_digit *db, *dbt, umu, d; - mpz_t temp[3]; + mpz_t temp[3]; mp_result res; int last = 0; @@ -3063,7 +3067,7 @@ static mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) } mp_int_copy(TEMP(0), c); } - + d >>= 1; if(!d) break; @@ -3077,7 +3081,7 @@ static mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) CLEANUP: while(--last >= 0) mp_int_clear(TEMP(last)); - + return res; } @@ -3088,7 +3092,7 @@ static mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) /* Precondition: a >= b and b > 0 Postcondition: a' = a / b, b' = a % b */ -static mp_result s_udiv(mp_int a, mp_int b) +STATIC mp_result s_udiv(mp_int a, mp_int b) { mpz_t q, r, t; mp_size ua, ub, qpos = 0; @@ -3121,16 +3125,16 @@ static mp_result s_udiv(mp_int a, mp_int b) if(s_ucmp(b, &r) > 0) { r.digits -= 1; r.used += 1; - - if(++skip > 1 && qpos > 0) + + if(++skip > 1 && qpos > 0) q.digits[qpos++] = 0; - + CLAMP(&r); } else { mp_word pfx = r.digits[r.used - 1]; mp_word qdigit; - + if(r.used > 1 && pfx <= btop) { pfx <<= MP_DIGIT_BIT / 2; pfx <<= MP_DIGIT_BIT / 2; @@ -3139,22 +3143,19 @@ static mp_result s_udiv(mp_int a, mp_int b) qdigit = pfx / btop; if(qdigit > MP_DIGIT_MAX) { - if(qdigit & MP_DIGIT_MAX) - qdigit = MP_DIGIT_MAX; - else - qdigit = 1; + qdigit = MP_DIGIT_MAX; } - + s_dbmul(MP_DIGITS(b), (mp_digit) qdigit, t.digits, ub); t.used = ub + 1; CLAMP(&t); while(s_ucmp(&t, &r) > 0) { --qdigit; (void) mp_int_sub(&t, b, &t); /* cannot fail */ } - + s_usub(r.digits, t.digits, r.digits, r.used, t.used); CLAMP(&r); - + q.digits[qpos++] = (mp_digit) qdigit; ZERO(t.digits, t.used); skip = 0; @@ -3170,10 +3171,10 @@ static mp_result s_udiv(mp_int a, mp_int b) CLAMP(a); if(k != 0) s_qdiv(a, k); - + mp_int_copy(a, b); /* ok: 0 <= r < b */ mp_int_copy(&q, a); /* ok: q <= a */ - + mp_int_clear(&t); CLEANUP: mp_int_clear(&q); @@ -3184,7 +3185,7 @@ static mp_result s_udiv(mp_int a, mp_int b) /* {{{ s_outlen(z, r) */ -static int s_outlen(mp_int z, mp_size r) +STATIC int s_outlen(mp_int z, mp_size r) { mp_result bits; double raw; @@ -3201,7 +3202,7 @@ static int s_outlen(mp_int z, mp_size r) /* {{{ s_inlen(len, r) */ -static mp_size s_inlen(int len, mp_size r) +STATIC mp_size s_inlen(int len, mp_size r) { double raw = (double)len / s_log2[r]; mp_size bits = (mp_size)(raw + 0.5); @@ -3213,7 +3214,7 @@ static mp_size s_inlen(int len, mp_size r) /* {{{ s_ch2val(c, r) */ -static int s_ch2val(char c, int r) +STATIC int s_ch2val(char c, int r) { int out; @@ -3231,7 +3232,7 @@ static int s_ch2val(char c, int r) /* {{{ s_val2ch(v, caps) */ -static char s_val2ch(int v, int caps) +STATIC char s_val2ch(int v, int caps) { assert(v >= 0); @@ -3251,7 +3252,7 @@ static char s_val2ch(int v, int caps) /* {{{ s_2comp(buf, len) */ -static void s_2comp(unsigned char *buf, int len) +STATIC void s_2comp(unsigned char *buf, int len) { int i; unsigned short s = 1; @@ -3273,7 +3274,7 @@ static void s_2comp(unsigned char *buf, int len) /* {{{ s_tobin(z, buf, *limpos) */ -static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad) +STATIC mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad) { mp_size uz; mp_digit *dz; @@ -3340,7 +3341,7 @@ void s_print_buf(char *tag, mp_digit *buf, mp_size num) fprintf(stderr, "%s: ", tag); - for(i = num - 1; i >= 0; --i) + for(i = num - 1; i >= 0; --i) fprintf(stderr, "%0*X", (int)(MP_DIGIT_BIT / 4), buf[i]); fputc('\n', stderr); diff --git a/source4/heimdal/lib/hcrypto/imath/imath.h b/source4/heimdal/lib/hcrypto/imath/imath.h index 62b51c8fd8..cb877959e9 100644 --- a/source4/heimdal/lib/hcrypto/imath/imath.h +++ b/source4/heimdal/lib/hcrypto/imath/imath.h @@ -99,7 +99,7 @@ extern const mp_result MP_MINERR; /* Values with fewer than this many significant digits use the standard multiplication algorithm; otherwise, a recursive algorithm - is used. Choose a value to suit your platform. + is used. Choose a value to suit your platform. */ #define MP_MULT_THRESH 22 @@ -157,14 +157,14 @@ int mp_int_is_pow2(mp_int z); mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c); /* c = a^b (mod m) */ -mp_result mp_int_exptmod_evalue(mp_int a, mp_small value, +mp_result mp_int_exptmod_evalue(mp_int a, mp_small value, mp_int m, mp_int c); /* c = a^v (mod m) */ mp_result mp_int_exptmod_bvalue(mp_small value, mp_int b, mp_int m, mp_int c); /* c = v^b (mod m) */ mp_result mp_int_exptmod_known(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c); /* c = a^b (mod m) */ -mp_result mp_int_redux_const(mp_int m, mp_int c); +mp_result mp_int_redux_const(mp_int m, mp_int c); mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c); /* c = 1/a (mod m) */ @@ -184,16 +184,16 @@ mp_result mp_int_to_uint(mp_int z, mp_usmall *out); /* Convert to nul-terminated string with the specified radix, writing at most limit characters including the nul terminator */ -mp_result mp_int_to_string(mp_int z, mp_size radix, +mp_result mp_int_to_string(mp_int z, mp_size radix, char *str, int limit); -/* Return the number of characters required to represent +/* Return the number of characters required to represent z in the given radix. May over-estimate. */ mp_result mp_int_string_len(mp_int z, mp_size radix); /* Read zero-terminated string into z */ mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str); -mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, +mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, char **end); /* Return the number of significant bits in z */ diff --git a/source4/heimdal/lib/hcrypto/rc4.c b/source4/heimdal/lib/hcrypto/rc4.c index 81cf093e4d..988c42424e 100644 --- a/source4/heimdal/lib/hcrypto/rc4.c +++ b/source4/heimdal/lib/hcrypto/rc4.c @@ -45,7 +45,7 @@ } void -RC4_set_key(RC4_KEY *key, const int len, unsigned char *data) +RC4_set_key(RC4_KEY *key, const int len, const unsigned char *data) { int i, j; diff --git a/source4/heimdal/lib/hcrypto/rc4.h b/source4/heimdal/lib/hcrypto/rc4.h index 4633655786..f93482f4d1 100644 --- a/source4/heimdal/lib/hcrypto/rc4.h +++ b/source4/heimdal/lib/hcrypto/rc4.h @@ -42,5 +42,5 @@ typedef struct rc4_key { unsigned int state[256]; } RC4_KEY; -void RC4_set_key(RC4_KEY *, const int, unsigned char *); +void RC4_set_key(RC4_KEY *, const int, const unsigned char *); void RC4(RC4_KEY *, const int, const unsigned char *, unsigned char *); diff --git a/source4/heimdal/lib/hcrypto/rsa-imath.c b/source4/heimdal/lib/hcrypto/rsa-imath.c index 2641dc1bc4..a2b9d2a678 100644 --- a/source4/heimdal/lib/hcrypto/rsa-imath.c +++ b/source4/heimdal/lib/hcrypto/rsa-imath.c @@ -205,6 +205,10 @@ imath_rsa_public_encrypt(int flen, const unsigned char* from, mp_int_clear(&dec); mp_int_clear(&e); mp_int_clear(&n); + + if (res != MP_OK) + return -4; + { size_t ssize; ssize = mp_int_unsigned_len(&enc); @@ -295,9 +299,10 @@ imath_rsa_private_encrypt(int flen, const unsigned char* from, { unsigned char *p, *p0; mp_result res; - size_t size; + int size; mpz_t in, out, n, e, b, bi; int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; + int do_unblind = 0; if (padding != RSA_PKCS1_PADDING) return -1; @@ -327,13 +332,14 @@ imath_rsa_private_encrypt(int flen, const unsigned char* from, if(mp_int_compare_zero(&in) < 0 || mp_int_compare(&in, &n) >= 0) { - size = 0; + size = -3; goto out; } if (blinding) { setup_blind(&n, &b, &bi); blind(&in, &b, &e, &n); + do_unblind = 1; } if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { @@ -352,6 +358,11 @@ imath_rsa_private_encrypt(int flen, const unsigned char* from, mp_int_clear(&dmp1); mp_int_clear(&dmq1); mp_int_clear(&iqmp); + + if (res != MP_OK) { + size = -4; + goto out; + } } else { mpz_t d; @@ -359,18 +370,15 @@ imath_rsa_private_encrypt(int flen, const unsigned char* from, res = mp_int_exptmod(&in, &d, &n, &out); mp_int_clear(&d); if (res != MP_OK) { - size = 0; + size = -5; goto out; } } - if (blinding) { + if (do_unblind) unblind(&out, &bi, &n); - mp_int_clear(&b); - mp_int_clear(&bi); - } - { + if (size > 0) { size_t ssize; ssize = mp_int_unsigned_len(&out); assert(size >= ssize); @@ -378,7 +386,12 @@ imath_rsa_private_encrypt(int flen, const unsigned char* from, size = ssize; } -out: + out: + if (do_unblind) { + mp_int_clear(&b); + mp_int_clear(&bi); + } + mp_int_clear(&e); mp_int_clear(&n); mp_int_clear(&in); @@ -396,6 +409,7 @@ imath_rsa_private_decrypt(int flen, const unsigned char* from, size_t size; mpz_t in, out, n, e, b, bi; int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; + int do_unblind = 0; if (padding != RSA_PKCS1_PADDING) return -1; @@ -418,13 +432,14 @@ imath_rsa_private_decrypt(int flen, const unsigned char* from, if(mp_int_compare_zero(&in) < 0 || mp_int_compare(&in, &n) >= 0) { - size = 0; + size = -2; goto out; } if (blinding) { setup_blind(&n, &b, &bi); blind(&in, &b, &e, &n); + do_unblind = 1; } if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { @@ -443,6 +458,12 @@ imath_rsa_private_decrypt(int flen, const unsigned char* from, mp_int_clear(&dmp1); mp_int_clear(&dmq1); mp_int_clear(&iqmp); + + if (res != MP_OK) { + size = -3; + goto out; + } + } else { mpz_t d; @@ -454,16 +475,13 @@ imath_rsa_private_decrypt(int flen, const unsigned char* from, res = mp_int_exptmod(&in, &d, &n, &out); mp_int_clear(&d); if (res != MP_OK) { - size = 0; + size = -4; goto out; } } - if (blinding) { + if (do_unblind) unblind(&out, &bi, &n); - mp_int_clear(&b); - mp_int_clear(&bi); - } ptr = to; { @@ -475,19 +493,26 @@ imath_rsa_private_decrypt(int flen, const unsigned char* from, } /* head zero was skipped by mp_int_to_unsigned */ - if (*ptr != 2) - return -3; + if (*ptr != 2) { + size = -5; + goto out; + } size--; ptr++; while (size && *ptr != 0) { size--; ptr++; } if (size == 0) - return -4; + return -6; size--; ptr++; memmove(to, ptr, size); -out: + out: + if (do_unblind) { + mp_int_clear(&b); + mp_int_clear(&bi); + } + mp_int_clear(&e); mp_int_clear(&n); mp_int_clear(&in); diff --git a/source4/heimdal/lib/hcrypto/rsa.c b/source4/heimdal/lib/hcrypto/rsa.c index 9b9ecea674..6a883454a3 100644 --- a/source4/heimdal/lib/hcrypto/rsa.c +++ b/source4/heimdal/lib/hcrypto/rsa.c @@ -278,7 +278,7 @@ RSA_check_key(const RSA *key) return 0; } - if (ret == sizeof(inbuf) && memcmp(buffer, inbuf, sizeof(inbuf)) == 0) { + if (ret == sizeof(inbuf) && ct_memcmp(buffer, inbuf, sizeof(inbuf)) == 0) { free(buffer); return 1; } @@ -559,3 +559,38 @@ i2d_RSAPublicKey(RSA *rsa, unsigned char **pp) return size; } + +RSA * +d2i_RSAPublicKey(RSA *rsa, const unsigned char **pp, size_t len) +{ + RSAPublicKey data; + RSA *k = rsa; + size_t size; + int ret; + + ret = decode_RSAPublicKey(*pp, len, &data, &size); + if (ret) + return NULL; + + *pp += size; + + if (k == NULL) { + k = RSA_new(); + if (k == NULL) { + free_RSAPublicKey(&data); + return NULL; + } + } + + k->n = heim_int2BN(&data.modulus); + k->e = heim_int2BN(&data.publicExponent); + + free_RSAPublicKey(&data); + + if (k->n == NULL || k->e == NULL) { + RSA_free(k); + return NULL; + } + + return k; +} diff --git a/source4/heimdal/lib/hcrypto/rsa.h b/source4/heimdal/lib/hcrypto/rsa.h index 257e7f01c4..9354aaaa48 100644 --- a/source4/heimdal/lib/hcrypto/rsa.h +++ b/source4/heimdal/lib/hcrypto/rsa.h @@ -64,6 +64,7 @@ #define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey #define i2d_RSAPrivateKey hc_i2d_RSAPrivateKey #define i2d_RSAPublicKey hc_i2d_RSAPublicKey +#define d2i_RSAPublicKey hc_d2i_RSAPublicKey /* * @@ -173,5 +174,6 @@ RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t); int i2d_RSAPrivateKey(RSA *, unsigned char **); int i2d_RSAPublicKey(RSA *, unsigned char **); +RSA * d2i_RSAPublicKey(RSA *, const unsigned char **, size_t); #endif /* _HEIM_RSA_H */ -- cgit