From 89eaef025376339ef25d07cdc4748920fceaa968 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 12 Jan 2010 18:16:45 +1100 Subject: s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d) --- source4/heimdal/lib/hcrypto/aes.h | 2 +- source4/heimdal/lib/hcrypto/bn.c | 1 + source4/heimdal/lib/hcrypto/des.c | 13 ++++--- source4/heimdal/lib/hcrypto/evp-cc.c | 24 ++++++++++++ source4/heimdal/lib/hcrypto/evp-cc.h | 2 +- source4/heimdal/lib/hcrypto/evp.c | 1 + source4/heimdal/lib/hcrypto/evp.h | 18 ++++----- source4/heimdal/lib/hcrypto/hash.h | 1 + source4/heimdal/lib/hcrypto/rand-fortuna.c | 9 +++++ source4/heimdal/lib/hcrypto/rand-unix.c | 38 +++++------------- source4/heimdal/lib/hcrypto/rand.c | 8 +++- source4/heimdal/lib/hcrypto/rand.h | 1 + source4/heimdal/lib/hcrypto/randi.h | 1 + source4/heimdal/lib/hcrypto/rijndael-alg-fst.c | 3 +- source4/heimdal/lib/hcrypto/rnd_keys.c | 4 +- source4/heimdal/lib/hcrypto/ui.c | 54 ++++++++++++++++++++++++++ 16 files changed, 131 insertions(+), 49 deletions(-) (limited to 'source4/heimdal/lib/hcrypto') diff --git a/source4/heimdal/lib/hcrypto/aes.h b/source4/heimdal/lib/hcrypto/aes.h index 23f8f5d0ab..273f1dd569 100644 --- a/source4/heimdal/lib/hcrypto/aes.h +++ b/source4/heimdal/lib/hcrypto/aes.h @@ -69,7 +69,7 @@ void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *); void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *); void AES_cbc_encrypt(const unsigned char *, unsigned char *, - const unsigned long, const AES_KEY *, + unsigned long, const AES_KEY *, unsigned char *, int); #ifdef __cplusplus diff --git a/source4/heimdal/lib/hcrypto/bn.c b/source4/heimdal/lib/hcrypto/bn.c index 545d9529d3..17c1ec79b7 100644 --- a/source4/heimdal/lib/hcrypto/bn.c +++ b/source4/heimdal/lib/hcrypto/bn.c @@ -40,6 +40,7 @@ #include #include +#include #include /* XXX */ #include diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c index c9067d7bcc..43ff8a3f50 100644 --- a/source4/heimdal/lib/hcrypto/des.c +++ b/source4/heimdal/lib/hcrypto/des.c @@ -92,6 +92,8 @@ #include #include +#include + #include "des.h" #include "ui.h" @@ -180,14 +182,13 @@ static DES_cblock weak_keys[] = { int DES_is_weak_key(DES_cblock *key) { + int weak = 0; int i; - /* Not constant time size if the key is weak, the app should not use it. */ - for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) { - if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0) - return 1; - } - return 0; + for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) + weak ^= (ct_memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0); + + return !!weak; } /** diff --git a/source4/heimdal/lib/hcrypto/evp-cc.c b/source4/heimdal/lib/hcrypto/evp-cc.c index 15b3479f8e..f1da22537d 100644 --- a/source4/heimdal/lib/hcrypto/evp-cc.c +++ b/source4/heimdal/lib/hcrypto/evp-cc.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -43,7 +45,9 @@ #include #include +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H #include +#endif #include #include @@ -420,6 +424,7 @@ EVP_cc_rc2_64_cbc(void) const EVP_MD * EVP_cc_md2(void) { +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H static const struct hc_evp_md md2 = { CC_MD2_DIGEST_LENGTH, CC_MD2_BLOCK_BYTES, @@ -430,6 +435,9 @@ EVP_cc_md2(void) (hc_evp_md_cleanup)NULL }; return &md2; +#else + return NULL; +#endif } /** @@ -441,6 +449,7 @@ EVP_cc_md2(void) const EVP_MD * EVP_cc_md4(void) { +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H static const struct hc_evp_md md4 = { CC_MD4_DIGEST_LENGTH, CC_MD4_BLOCK_BYTES, @@ -451,6 +460,9 @@ EVP_cc_md4(void) (hc_evp_md_cleanup)NULL }; return &md4; +#else + return NULL; +#endif } /** @@ -462,6 +474,7 @@ EVP_cc_md4(void) const EVP_MD * EVP_cc_md5(void) { +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H static const struct hc_evp_md md5 = { CC_MD5_DIGEST_LENGTH, CC_MD5_BLOCK_BYTES, @@ -472,6 +485,9 @@ EVP_cc_md5(void) (hc_evp_md_cleanup)NULL }; return &md5; +#else + return NULL; +#endif } /** @@ -483,6 +499,7 @@ EVP_cc_md5(void) const EVP_MD * EVP_cc_sha1(void) { +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H static const struct hc_evp_md sha1 = { CC_SHA1_DIGEST_LENGTH, CC_SHA1_BLOCK_BYTES, @@ -493,6 +510,9 @@ EVP_cc_sha1(void) (hc_evp_md_cleanup)NULL }; return &sha1; +#else + return NULL; +#endif } /** @@ -504,6 +524,7 @@ EVP_cc_sha1(void) const EVP_MD * EVP_cc_sha256(void) { +#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H static const struct hc_evp_md sha256 = { CC_SHA256_DIGEST_LENGTH, CC_SHA256_BLOCK_BYTES, @@ -514,6 +535,9 @@ EVP_cc_sha256(void) (hc_evp_md_cleanup)NULL }; return &sha256; +#else + return NULL; +#endif } /** diff --git a/source4/heimdal/lib/hcrypto/evp-cc.h b/source4/heimdal/lib/hcrypto/evp-cc.h index d2df771bc0..0febd21e98 100644 --- a/source4/heimdal/lib/hcrypto/evp-cc.h +++ b/source4/heimdal/lib/hcrypto/evp-cc.h @@ -41,7 +41,7 @@ #define EVP_cc_md4 hc_EVP_cc_md4 #define EVP_cc_md5 hc_EVP_cc_md5 #define EVP_cc_sha1 hc_EVP_cc_sha1 -#define EVP_cc_sha256 hc_EVP__cc_sha256 +#define EVP_cc_sha256 hc_EVP_cc_sha256 #define EVP_cc_des_cbc hc_EVP_cc_des_cbc #define EVP_cc_des_ede3_cbc hc_EVP_cc_des_ede3_cbc #define EVP_cc_aes_128_cbc hc_EVP_cc_aes_128_cbc diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c index 006db35939..72787e185f 100644 --- a/source4/heimdal/lib/hcrypto/evp.c +++ b/source4/heimdal/lib/hcrypto/evp.c @@ -49,6 +49,7 @@ #include #include +#include #ifndef HCRYPTO_DEF_PROVIDER #define HCRYPTO_DEF_PROVIDER hcrypto diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h index 600f69b7a5..ae92ab4899 100644 --- a/source4/heimdal/lib/hcrypto/evp.h +++ b/source4/heimdal/lib/hcrypto/evp.h @@ -214,24 +214,24 @@ HC_CPP_BEGIN */ const EVP_MD *EVP_md_null(void); -const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO; -const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO; -const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO; -const EVP_MD *EVP_sha(void) HC_DEPRECATED; +HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md2(void); +HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md4(void); +HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_sha256(void); const EVP_CIPHER * EVP_aes_128_cbc(void); const EVP_CIPHER * EVP_aes_192_cbc(void); const EVP_CIPHER * EVP_aes_256_cbc(void); -const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO; +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_des_cbc(void); const EVP_CIPHER * EVP_des_ede3_cbc(void); const EVP_CIPHER * EVP_enc_null(void); -const EVP_CIPHER * EVP_rc2_40_cbc(void) HC_DEPRECATED_CRYPTO; -const EVP_CIPHER * EVP_rc2_64_cbc(void) HC_DEPRECATED_CRYPTO; -const EVP_CIPHER * EVP_rc2_cbc(void) HC_DEPRECATED_CRYPTO; +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_40_cbc(void); +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_64_cbc(void); +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_cbc(void); const EVP_CIPHER * EVP_rc4(void); -const EVP_CIPHER * EVP_rc4_40(void) HC_DEPRECATED_CRYPTO; +HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc4_40(void); const EVP_CIPHER * EVP_camellia_128_cbc(void); const EVP_CIPHER * EVP_camellia_192_cbc(void); const EVP_CIPHER * EVP_camellia_256_cbc(void); diff --git a/source4/heimdal/lib/hcrypto/hash.h b/source4/heimdal/lib/hcrypto/hash.h index b8d5d45606..78a795f2a7 100644 --- a/source4/heimdal/lib/hcrypto/hash.h +++ b/source4/heimdal/lib/hcrypto/hash.h @@ -43,6 +43,7 @@ #ifdef KRB5 #include #endif +#include #ifndef min #define min(a,b) (((a)>(b))?(b):(a)) diff --git a/source4/heimdal/lib/hcrypto/rand-fortuna.c b/source4/heimdal/lib/hcrypto/rand-fortuna.c index c39c713901..c81eb9e2d7 100644 --- a/source4/heimdal/lib/hcrypto/rand-fortuna.c +++ b/source4/heimdal/lib/hcrypto/rand-fortuna.c @@ -35,6 +35,9 @@ #include #include +#ifdef KRB5 +#include +#endif #include #include "randi.h" @@ -451,6 +454,7 @@ fortuna_reseed(void) if (!init_done) abort(); +#ifndef NO_RAND_UNIX_METHOD { unsigned char buf[INIT_BYTES]; if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) { @@ -459,6 +463,7 @@ fortuna_reseed(void) memset(buf, 0, sizeof(buf)); } } +#endif #ifdef HAVE_ARC4RANDOM { uint32_t buf[INIT_BYTES / sizeof(uint32_t)]; @@ -470,6 +475,7 @@ fortuna_reseed(void) entropy_p = 1; } #endif +#ifndef NO_RAND_EGD_METHOD /* * Only to get egd entropy if /dev/random or arc4rand failed since * it can be horribly slow to generate new bits. @@ -482,6 +488,7 @@ fortuna_reseed(void) memset(buf, 0, sizeof(buf)); } } +#endif /* * Fall back to gattering data from timer and secret files, this * is really the last resort. @@ -521,10 +528,12 @@ fortuna_reseed(void) gettimeofday(&tv, NULL); add_entropy(&main_state, (void *)&tv, sizeof(tv)); } +#ifdef HAVE_GETUID { uid_t u = getuid(); add_entropy(&main_state, (void *)&u, sizeof(u)); } +#endif return entropy_p; } diff --git a/source4/heimdal/lib/hcrypto/rand-unix.c b/source4/heimdal/lib/hcrypto/rand-unix.c index fcad39f1de..4c1f33da59 100644 --- a/source4/heimdal/lib/hcrypto/rand-unix.c +++ b/source4/heimdal/lib/hcrypto/rand-unix.c @@ -42,9 +42,6 @@ #include "randi.h" -static int random_fd = -1; -static HEIMDAL_MUTEX random_mutex = HEIMDAL_MUTEX_INITIALIZER; - /* * Unix /dev/random */ @@ -93,44 +90,29 @@ static int unix_bytes(unsigned char *outdata, int size) { ssize_t count; - int once = 0; + int fd; if (size < 0) return 0; else if (size == 0) return 1; - HEIMDAL_MUTEX_lock(&random_mutex); - if (random_fd == -1) { - retry: - random_fd = get_device_fd(O_RDONLY); - if (random_fd < 0) { - HEIMDAL_MUTEX_unlock(&random_mutex); - return 0; - } - } + fd = get_device_fd(O_RDONLY); + if (fd < 0) + return 0; while (size > 0) { - HEIMDAL_MUTEX_unlock(&random_mutex); - count = read (random_fd, outdata, size); - HEIMDAL_MUTEX_lock(&random_mutex); - if (random_fd < 0) { - if (errno == EINTR) - continue; - else if (errno == EBADF && once++ == 0) { - close(random_fd); - random_fd = -1; - goto retry; - } - return 0; - } else if (count <= 0) { - HEIMDAL_MUTEX_unlock(&random_mutex); + count = read(fd, outdata, size); + if (count < 0 && errno == EINTR) + continue; + else if (count <= 0) { + close(fd); return 0; } outdata += count; size -= count; } - HEIMDAL_MUTEX_unlock(&random_mutex); + close(fd); return 1; } diff --git a/source4/heimdal/lib/hcrypto/rand.c b/source4/heimdal/lib/hcrypto/rand.c index 3cd65989c6..9f0438a34e 100644 --- a/source4/heimdal/lib/hcrypto/rand.c +++ b/source4/heimdal/lib/hcrypto/rand.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -58,7 +60,9 @@ init_method(void) { if (selected_meth != NULL) return; -#ifdef __APPLE__ +#if defined(_WIN32) + selected_meth = &hc_rand_w32crypto_method; +#elif defined(__APPLE__) selected_meth = &hc_rand_unix_method; #else selected_meth = &hc_rand_fortuna_method; @@ -95,6 +99,8 @@ RAND_seed(const void *indata, size_t size) int RAND_bytes(void *outdata, size_t size) { + if (size == 0) + return 1; init_method(); return (*selected_meth->bytes)(outdata, size); } diff --git a/source4/heimdal/lib/hcrypto/rand.h b/source4/heimdal/lib/hcrypto/rand.h index 65800d6b99..f4e2485166 100644 --- a/source4/heimdal/lib/hcrypto/rand.h +++ b/source4/heimdal/lib/hcrypto/rand.h @@ -62,6 +62,7 @@ typedef struct RAND_METHOD RAND_METHOD; #define RAND_fortuna_method hc_RAND_fortuna_method #define RAND_egd_method hc_RAND_egd_method #define RAND_unix_method hc_RAND_unix_method +#define RAND_w32crypto_method hc_RAND_w32crypto_method /* * diff --git a/source4/heimdal/lib/hcrypto/randi.h b/source4/heimdal/lib/hcrypto/randi.h index f8f6c39b3e..c6c617af22 100644 --- a/source4/heimdal/lib/hcrypto/randi.h +++ b/source4/heimdal/lib/hcrypto/randi.h @@ -42,6 +42,7 @@ extern const RAND_METHOD hc_rand_fortuna_method; extern const RAND_METHOD hc_rand_unix_method; extern const RAND_METHOD hc_rand_egd_method; extern const RAND_METHOD hc_rand_timer_method; +extern const RAND_METHOD hc_rand_w32crypto_method; const RAND_METHOD * RAND_timer_method(void); diff --git a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c index 3dd2555812..9a7f0fd3d6 100644 --- a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c +++ b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c @@ -31,11 +31,12 @@ #include "config.h" +#include #ifdef KRB5 #include #endif -#include +#include "rijndael-alg-fst.h" /* the file should not be used from outside */ typedef uint8_t u8; diff --git a/source4/heimdal/lib/hcrypto/rnd_keys.c b/source4/heimdal/lib/hcrypto/rnd_keys.c index 9baf00212c..49c7634c38 100644 --- a/source4/heimdal/lib/hcrypto/rnd_keys.c +++ b/source4/heimdal/lib/hcrypto/rnd_keys.c @@ -39,11 +39,11 @@ #ifdef KRB5 #include #endif +#include + #include #include -#include - #undef __attribute__ #define __attribute__(X) diff --git a/source4/heimdal/lib/hcrypto/ui.c b/source4/heimdal/lib/hcrypto/ui.c index ca8c8442b5..f6f8a1ffe2 100644 --- a/source4/heimdal/lib/hcrypto/ui.c +++ b/source4/heimdal/lib/hcrypto/ui.c @@ -37,10 +37,15 @@ #include #include #include +#ifdef HAVE_TERMIOS_H #include +#endif #include #include +#ifdef HAVE_CONIO_H +#include +#endif static sig_atomic_t intr_flag; @@ -50,6 +55,53 @@ intr(int sig) intr_flag++; } +#ifdef HAVE_CONIO_H + +/* + * Windows does console slightly different then then unix case. + */ + +static int +read_string(const char *preprompt, const char *prompt, + char *buf, size_t len, int echo) +{ + int of = 0; + int c; + char *p; + void (*oldsigintr)(int); + + _cprintf("%s%s", preprompt, prompt); + + oldsigintr = signal(SIGINT, intr); + + p = buf; + while(intr_flag == 0){ + c = ((echo)? _getche(): _getch()); + if(c == '\n') + break; + if(of == 0) + *p++ = c; + of = (p == buf + len); + } + if(of) + p--; + *p = 0; + + if(echo == 0){ + printf("\n"); + } + + signal(SIGINT, oldsigintr); + + if(intr_flag) + return -2; + if(of) + return -1; + return 0; +} + +#else /* !HAVE_CONIO_H */ + #ifndef NSIG #define NSIG 47 #endif @@ -135,6 +187,8 @@ read_string(const char *preprompt, const char *prompt, return 0; } +#endif /* HAVE_CONIO_H */ + int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify) { -- cgit