diff options
Diffstat (limited to 'third_party/heimdal/lib/hcrypto')
-rw-r--r-- | third_party/heimdal/lib/hcrypto/Makefile.am | 27 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/bn.c | 8 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/des.c | 1 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/dh-ltm.c | 57 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/dh.c | 2 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/engine.c | 35 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/evp.c | 9 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/hmac.c | 28 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/hmac.h | 2 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/libtommath/bn_mp_set_double.c | 2 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/libtommath/bn_s_mp_rand_platform.c | 2 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/libtommath/demo/test.c | 2 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/libtommath/etc/tune.c | 2 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/rsa-ltm.c | 7 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/rsa.c | 7 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/test_hmac.c | 6 | ||||
-rw-r--r-- | third_party/heimdal/lib/hcrypto/validate.c | 3 |
17 files changed, 144 insertions, 56 deletions
diff --git a/third_party/heimdal/lib/hcrypto/Makefile.am b/third_party/heimdal/lib/hcrypto/Makefile.am index 1c610829feb..bb36f745190 100644 --- a/third_party/heimdal/lib/hcrypto/Makefile.am +++ b/third_party/heimdal/lib/hcrypto/Makefile.am @@ -16,6 +16,7 @@ AM_CPPFLAGS += -I$(top_srcdir)/lib/hx509 \ WFLAGS += $(WFLAGS_LITE) -Wno-error=unused-function # XXX: Make these not necessary: WFLAGS += -Wno-error=unused-result -Wno-error=deprecated-declarations +WFLAGS += $(WFLAGS_UNUSED_BUT_SET_VAR) lib_LTLIBRARIES = libhcrypto.la check_LTLIBRARIES = libhctest.la @@ -60,8 +61,7 @@ hcryptoinclude_HEADERS = \ rsa.h \ sha.h \ ui.h \ - undef.h \ - x25519_ref10.h + undef.h install-build-headers:: $(hcryptoinclude_HEADERS) $(x25519include_HEADERS) @foo='$(hcryptoinclude_HEADERS)'; \ @@ -103,6 +103,22 @@ SCRIPT_TESTS = \ noinst_PROGRAMS = test_rand +noinst_HEADERS = \ + x25519/ed25519_ref10_fe_51.h \ + x25519/ed25519_ref10_fe_25_5.h \ + x25519/ed25519_ref10.h \ + x25519/fe_25_5/base.h \ + x25519/fe_25_5/base2.h \ + x25519/fe_25_5/constants.h \ + x25519/fe_25_5/fe.h \ + x25519/fe_51/base.h \ + x25519/fe_51/base2.h \ + x25519/fe_51/constants.h \ + x25519/fe_51/fe.h \ + x25519/align.h \ + x25519_ref10.h + + check_PROGRAMS = $(PROGRAM_TESTS) test_rsa test_dh example_evp_cipher check_SCRIPTS = $(SCRIPT_TESTS) @@ -335,7 +351,12 @@ ltmsources = \ libtommath/bn_s_mp_sqr_fast.c \ libtommath/bn_s_mp_sub.c \ libtommath/bn_s_mp_toom_mul.c \ - libtommath/bn_s_mp_toom_sqr.c + libtommath/bn_s_mp_toom_sqr.c \ + libtommath/tommath_private.h \ + libtommath/tommath_cutoffs.h \ + libtommath/tommath_superclass.h \ + libtommath/tommath_class.h \ + libtommath/tommath.h x25519sources = \ x25519/ed25519_ref10.c \ diff --git a/third_party/heimdal/lib/hcrypto/bn.c b/third_party/heimdal/lib/hcrypto/bn.c index 15bf78738ad..62297b145f1 100644 --- a/third_party/heimdal/lib/hcrypto/bn.c +++ b/third_party/heimdal/lib/hcrypto/bn.c @@ -142,7 +142,8 @@ BN_bin2bn(const void *s, int len, BIGNUM *bn) return NULL; } hi->length = len; - memcpy(hi->data, s, len); + if (len) + memcpy(hi->data, s, len); return (BIGNUM *)hi; } @@ -250,7 +251,7 @@ BN_set_bit(BIGNUM *bn, int bit) unsigned char *p; if ((bit / 8) > hi->length || hi->length == 0) { - size_t len = (bit + 7) / 8; + size_t len = bit == 0 ? 1 : (bit + 7) / 8; void *d = realloc(hi->data, len); if (d == NULL) return 0; @@ -286,6 +287,9 @@ BN_set_word(BIGNUM *bn, unsigned long num) unsigned long num2; int i, len; + if (bn == NULL) + return 0; + for (num2 = num, i = 0; num2 > 0; i++) num2 = num2 >> 8; diff --git a/third_party/heimdal/lib/hcrypto/des.c b/third_party/heimdal/lib/hcrypto/des.c index 9f5c648ec94..ac174180fb9 100644 --- a/third_party/heimdal/lib/hcrypto/des.c +++ b/third_party/heimdal/lib/hcrypto/des.c @@ -728,6 +728,7 @@ DES_cfb64_encrypt(const void *in, void *out, int i = *num; unsigned char c; + memset(tmp, 0, DES_CBLOCK_LEN); while (length > 0) { if (i == 0) { DES_encrypt(uiv, ks, 1); diff --git a/third_party/heimdal/lib/hcrypto/dh-ltm.c b/third_party/heimdal/lib/hcrypto/dh-ltm.c index 774f0e1176a..720662199f9 100644 --- a/third_party/heimdal/lib/hcrypto/dh-ltm.c +++ b/third_party/heimdal/lib/hcrypto/dh-ltm.c @@ -40,7 +40,7 @@ #include "tommath.h" -static void +static int BN2mpz(mp_int *s, const BIGNUM *bn) { size_t len; @@ -49,8 +49,12 @@ BN2mpz(mp_int *s, const BIGNUM *bn) len = BN_num_bytes(bn); p = malloc(len); BN_bn2bin(bn, p); - mp_read_unsigned_bin(s, p, len); + if (mp_from_ubin(s, p, len) != MP_OKAY) { + free(p); + return -1; + } free(p); + return 0; } @@ -61,11 +65,14 @@ mpz2BN(mp_int *s) BIGNUM *bn; void *p; - size = mp_unsigned_bin_size(s); + size = mp_ubin_size(s); p = malloc(size); - if (p == NULL && size != 0) + if (p == NULL) + return NULL; + if (mp_to_ubin(s, p, SIZE_MAX, NULL) != MP_OKAY) { + free(p); return NULL; - mp_to_unsigned_bin(s, p); + }; bn = BN_bin2bn(p, size, NULL); free(p); @@ -110,11 +117,17 @@ ltm_dh_generate_key(DH *dh) dh->pub_key = NULL; } - mp_init_multi(&pub, &priv_key, &g, &p, NULL); + if (mp_init_multi(&pub, &priv_key, &g, &p, NULL) != MP_OKAY) + continue; - BN2mpz(&priv_key, dh->priv_key); - BN2mpz(&g, dh->g); - BN2mpz(&p, dh->p); + if (BN2mpz(&priv_key, dh->priv_key) != 0) + continue; + + if (BN2mpz(&g, dh->g) != 0) + continue; + + if (BN2mpz(&p, dh->p) != 0) + continue; res = mp_exptmod(&g, &priv_key, &p, &pub); @@ -157,9 +170,18 @@ ltm_dh_compute_key(unsigned char *shared, const BIGNUM * pub, DH *dh) if (dh->pub_key == NULL || dh->g == NULL || dh->priv_key == NULL) return -1; - mp_init_multi(&s, &priv_key, &p, &peer_pub, NULL); - BN2mpz(&p, dh->p); - BN2mpz(&peer_pub, pub); + if (mp_init_multi(&s, &priv_key, &p, &peer_pub, NULL) != MP_OKAY) + return -1; + + if (BN2mpz(&p, dh->p) != 0) { + ret = -1; + goto out; + } + + if (BN2mpz(&peer_pub, pub) != 0) { + ret = 1; + goto out; + } /* check if peers pubkey is reasonable */ if (mp_isneg(&peer_pub) @@ -170,17 +192,20 @@ ltm_dh_compute_key(unsigned char *shared, const BIGNUM * pub, DH *dh) goto out; } - BN2mpz(&priv_key, dh->priv_key); + if (BN2mpz(&priv_key, dh->priv_key) != 0) { + ret = -1; + goto out; + } ret = mp_exptmod(&peer_pub, &priv_key, &p, &s); - if (ret != 0) { ret = -1; goto out; } - ret = mp_unsigned_bin_size(&s); - mp_to_unsigned_bin(&s, shared); + ret = mp_ubin_size(&s); + if (mp_to_ubin(&s, shared, SIZE_MAX, NULL) != MP_OKAY) + ret = -1; out: mp_clear_multi(&s, &priv_key, &p, &peer_pub, NULL); diff --git a/third_party/heimdal/lib/hcrypto/dh.c b/third_party/heimdal/lib/hcrypto/dh.c index 0447c4f4838..5d2d214f752 100644 --- a/third_party/heimdal/lib/hcrypto/dh.c +++ b/third_party/heimdal/lib/hcrypto/dh.c @@ -98,7 +98,7 @@ DH_new_method(ENGINE *engine) if (dh->engine) { dh->meth = ENGINE_get_DH(dh->engine); if (dh->meth == NULL) { - ENGINE_finish(engine); + ENGINE_finish(dh->engine); free(dh); return 0; } diff --git a/third_party/heimdal/lib/hcrypto/engine.c b/third_party/heimdal/lib/hcrypto/engine.c index 9cea2482176..3dae960fd0c 100644 --- a/third_party/heimdal/lib/hcrypto/engine.c +++ b/third_party/heimdal/lib/hcrypto/engine.c @@ -44,15 +44,22 @@ struct hc_engine { const RSA_METHOD *rsa; const DH_METHOD *dh; const RAND_METHOD *rand; + void *dso_handle; }; -ENGINE * +ENGINE * ENGINE_new(void) { ENGINE *engine; engine = calloc(1, sizeof(*engine)); + if (engine == NULL) + return NULL; engine->references = 1; + engine->destroy = 0; + engine->dh = 0; + engine->rand = 0; + engine->dso_handle = 0; return engine; } @@ -77,6 +84,8 @@ ENGINE_finish(ENGINE *engine) free(engine->id); if(engine->destroy) (*engine->destroy)(engine); + if (engine->dso_handle) + dlclose(engine->dso_handle); memset(engine, 0, sizeof(*engine)); engine->references = -1; @@ -299,15 +308,17 @@ ENGINE_by_dso(const char *path, const char *id) { #ifdef HAVE_DLOPEN ENGINE *engine; - void *handle; int ret; engine = calloc(1, sizeof(*engine)); if (engine == NULL) return NULL; - - handle = dlopen(path, RTLD_NOW | RTLD_LOCAL | RTLD_GROUP); - if (handle == NULL) { + engine->references = 0; /* ref will be added below */ + engine->destroy = 0; + engine->dh = 0; + engine->rand = 0; + engine->dso_handle = dlopen(path, RTLD_NOW | RTLD_LOCAL | RTLD_GROUP); + if (engine->dso_handle == NULL) { /* printf("error: %s\n", dlerror()); */ free(engine); return NULL; @@ -317,16 +328,16 @@ ENGINE_by_dso(const char *path, const char *id) unsigned long version; openssl_v_check v_check; - v_check = (openssl_v_check)dlsym(handle, "v_check"); + v_check = (openssl_v_check)dlsym(engine->dso_handle, "v_check"); if (v_check == NULL) { - dlclose(handle); + dlclose(engine->dso_handle); free(engine); return NULL; } version = (*v_check)(OPENSSL_DYNAMIC_VERSION); if (version == 0) { - dlclose(handle); + dlclose(engine->dso_handle); free(engine); return NULL; } @@ -335,16 +346,17 @@ ENGINE_by_dso(const char *path, const char *id) { openssl_bind_engine bind_engine; - bind_engine = (openssl_bind_engine)dlsym(handle, "bind_engine"); + bind_engine = + (openssl_bind_engine)dlsym(engine->dso_handle, "bind_engine"); if (bind_engine == NULL) { - dlclose(handle); + dlclose(engine->dso_handle); free(engine); return NULL; } ret = (*bind_engine)(engine, id, NULL); /* XXX fix third arg */ if (ret != 1) { - dlclose(handle); + dlclose(engine->dso_handle); free(engine); return NULL; } @@ -354,7 +366,6 @@ ENGINE_by_dso(const char *path, const char *id) ret = add_engine(engine); if (ret != 1) { - dlclose(handle); ENGINE_finish(engine); return NULL; } diff --git a/third_party/heimdal/lib/hcrypto/evp.c b/third_party/heimdal/lib/hcrypto/evp.c index 23838709c8e..9cced4c536c 100644 --- a/third_party/heimdal/lib/hcrypto/evp.c +++ b/third_party/heimdal/lib/hcrypto/evp.c @@ -485,17 +485,20 @@ EVP_md2(void) HC_DEPRECATED_CRYPTO * */ -static void +static int null_Init (void *m) { + return 1; } -static void +static int null_Update (void *m, const void * data, size_t size) { + return 1; } -static void +static int null_Final(void *res, void *m) { + return 1; } /** diff --git a/third_party/heimdal/lib/hcrypto/hmac.c b/third_party/heimdal/lib/hcrypto/hmac.c index 6cdf4e97a4e..6b387ae90dc 100644 --- a/third_party/heimdal/lib/hcrypto/hmac.c +++ b/third_party/heimdal/lib/hcrypto/hmac.c @@ -85,7 +85,7 @@ HMAC_size(const HMAC_CTX *ctx) return EVP_MD_size(ctx->md); } -void +int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t keylen, @@ -103,17 +103,26 @@ HMAC_Init_ex(HMAC_CTX *ctx, ctx->md = md; ctx->key_length = EVP_MD_size(ctx->md); + ctx->opad = NULL; + ctx->ipad = NULL; + ctx->ctx = NULL; ctx->buf = malloc(ctx->key_length); - ctx->opad = malloc(blockSize); - ctx->ipad = malloc(blockSize); - ctx->ctx = EVP_MD_CTX_create(); + if (ctx->buf) + ctx->opad = malloc(blockSize); + if (ctx->opad) + ctx->ipad = malloc(blockSize); + if (ctx->ipad) + ctx->ctx = EVP_MD_CTX_create(); + if (!ctx->buf || !ctx->opad || !ctx->ipad || !ctx->ctx) + return 0; } #if 0 ctx->engine = engine; #endif if (keylen > blockSize) { - EVP_Digest(key, keylen, ctx->buf, NULL, ctx->md, engine); + if (EVP_Digest(key, keylen, ctx->buf, NULL, ctx->md, engine) == 0) + return 0; key = ctx->buf; keylen = EVP_MD_size(ctx->md); } @@ -126,8 +135,10 @@ HMAC_Init_ex(HMAC_CTX *ctx, for (i = 0, p = ctx->opad; i < keylen; i++) p[i] ^= ((const unsigned char *)key)[i]; - EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine); + if (EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine) == 0) + return 0; EVP_DigestUpdate(ctx->ctx, ctx->ipad, EVP_MD_block_size(ctx->md)); + return 1; } void @@ -156,7 +167,10 @@ HMAC(const EVP_MD *md, HMAC_CTX ctx; HMAC_CTX_init(&ctx); - HMAC_Init_ex(&ctx, key, key_size, md, NULL); + if (HMAC_Init_ex(&ctx, key, key_size, md, NULL) == 0) { + HMAC_CTX_cleanup(&ctx); + return NULL; + } HMAC_Update(&ctx, data, data_size); HMAC_Final(&ctx, hash, hash_len); HMAC_CTX_cleanup(&ctx); diff --git a/third_party/heimdal/lib/hcrypto/hmac.h b/third_party/heimdal/lib/hcrypto/hmac.h index 2c7d9b8803a..cc99c879fb9 100644 --- a/third_party/heimdal/lib/hcrypto/hmac.h +++ b/third_party/heimdal/lib/hcrypto/hmac.h @@ -75,7 +75,7 @@ void HMAC_CTX_free(HMAC_CTX *ctx); size_t HMAC_size(const HMAC_CTX *ctx); -void HMAC_Init_ex(HMAC_CTX *, const void *, size_t, +int HMAC_Init_ex(HMAC_CTX *, const void *, size_t, const EVP_MD *, ENGINE *); void HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len); void HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len); diff --git a/third_party/heimdal/lib/hcrypto/libtommath/bn_mp_set_double.c b/third_party/heimdal/lib/hcrypto/libtommath/bn_mp_set_double.c index a42fc70d908..6f91b64f503 100644 --- a/third_party/heimdal/lib/hcrypto/libtommath/bn_mp_set_double.c +++ b/third_party/heimdal/lib/hcrypto/libtommath/bn_mp_set_double.c @@ -3,7 +3,7 @@ /* LibTomMath, multiple-precision integer library -- Tom St Denis */ /* SPDX-License-Identifier: Unlicense */ -#if defined(__STDC_IEC_559__) || defined(__GCC_IEC_559) +#if defined(__STDC_IEC_559__) || defined(__GCC_IEC_559) || defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64) || defined(__i386__) || defined(_M_X86) || defined(__aarch64__) || defined(__arm__) mp_err mp_set_double(mp_int *a, double b) { uint64_t frac; diff --git a/third_party/heimdal/lib/hcrypto/libtommath/bn_s_mp_rand_platform.c b/third_party/heimdal/lib/hcrypto/libtommath/bn_s_mp_rand_platform.c index 55c69390eef..79879c35039 100644 --- a/third_party/heimdal/lib/hcrypto/libtommath/bn_s_mp_rand_platform.c +++ b/third_party/heimdal/lib/hcrypto/libtommath/bn_s_mp_rand_platform.c @@ -96,7 +96,7 @@ static mp_err s_read_urandom(void *p, size_t n) if (fd == -1) return MP_ERR; while (n > 0u) { - ssize_t ret = read(fd, p, n); + ssize_t ret = read(fd, q, n); if (ret < 0) { if (errno == EINTR) { continue; diff --git a/third_party/heimdal/lib/hcrypto/libtommath/demo/test.c b/third_party/heimdal/lib/hcrypto/libtommath/demo/test.c index 7b29a4ce948..9049fa81f91 100644 --- a/third_party/heimdal/lib/hcrypto/libtommath/demo/test.c +++ b/third_party/heimdal/lib/hcrypto/libtommath/demo/test.c @@ -625,7 +625,7 @@ LBL_ERR: } -#if defined(__STDC_IEC_559__) || defined(__GCC_IEC_559) +#if defined(__STDC_IEC_559__) || defined(__GCC_IEC_559) || defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64) || defined(__i386__) || defined(_M_X86) || defined(__aarch64__) || defined(__arm__) static int test_mp_set_double(void) { int i; diff --git a/third_party/heimdal/lib/hcrypto/libtommath/etc/tune.c b/third_party/heimdal/lib/hcrypto/libtommath/etc/tune.c index bc2cdfe6e03..e7b99fce289 100644 --- a/third_party/heimdal/lib/hcrypto/libtommath/etc/tune.c +++ b/third_party/heimdal/lib/hcrypto/libtommath/etc/tune.c @@ -424,7 +424,7 @@ int main(int argc, char **argv) break; case 'h': s_exit_code = EXIT_SUCCESS; - /* FALLTHROUGH */ + /* FALLTHROUGH */ default: s_usage(argv[0]); } diff --git a/third_party/heimdal/lib/hcrypto/rsa-ltm.c b/third_party/heimdal/lib/hcrypto/rsa-ltm.c index 2852bd4d6b8..1d5b73e60e5 100644 --- a/third_party/heimdal/lib/hcrypto/rsa-ltm.c +++ b/third_party/heimdal/lib/hcrypto/rsa-ltm.c @@ -456,8 +456,11 @@ mpz2BN(mp_int *s) void *p; size = mp_ubin_size(s); + if (size == 0) + return NULL; + p = malloc(size); - if (p == NULL && size != 0) + if (p == NULL) return NULL; ret = mp_to_ubin(s, p, SIZE_MAX, NULL); @@ -534,8 +537,6 @@ ltm_rsa_generate_key(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) bitsp = (bits + 1) / 2; - ret = -1; - FIRST(mp_init_multi(&el, &p, &q, &n, &d, &dmp1, &dmq1, &iqmp, &t1, &t2, &t3, NULL)); diff --git a/third_party/heimdal/lib/hcrypto/rsa.c b/third_party/heimdal/lib/hcrypto/rsa.c index c99b2b6cbe9..6172b25413f 100644 --- a/third_party/heimdal/lib/hcrypto/rsa.c +++ b/third_party/heimdal/lib/hcrypto/rsa.c @@ -114,7 +114,7 @@ RSA_new_method(ENGINE *engine) if (rsa->engine) { rsa->meth = ENGINE_get_RSA(rsa->engine); if (rsa->meth == NULL) { - ENGINE_finish(engine); + ENGINE_finish(rsa->engine); free(rsa); return 0; } @@ -272,7 +272,10 @@ RSA_check_key(const RSA *key) * and then decrypt/verify. */ - if ((rsa->d == NULL || rsa->n == NULL) && + if (rsa->n == NULL) + return 0; + + if (rsa->d == NULL && (rsa->p == NULL || rsa->q || rsa->dmp1 == NULL || rsa->dmq1 == NULL || rsa->iqmp == NULL)) return 0; diff --git a/third_party/heimdal/lib/hcrypto/test_hmac.c b/third_party/heimdal/lib/hcrypto/test_hmac.c index 063a461cc16..36a5626a708 100644 --- a/third_party/heimdal/lib/hcrypto/test_hmac.c +++ b/third_party/heimdal/lib/hcrypto/test_hmac.c @@ -51,7 +51,11 @@ main(int argc, char **argv) "\x6f\xd1\x52\x4d\x54\x58\x73\x0f\xf3\x24"; HMAC_CTX_init(&c); - HMAC_Init_ex(&c, hmackey, hmackey_size, EVP_sha1(), NULL); + if (HMAC_Init_ex(&c, hmackey, hmackey_size, EVP_sha1(), NULL) == 0) { + HMAC_CTX_cleanup(&c); + printf("out of memory\n"); + return 1; + } HMAC_Update(&c, buf, sizeof(buf)); HMAC_Final(&c, hmac, &hmaclen); HMAC_CTX_cleanup(&c); diff --git a/third_party/heimdal/lib/hcrypto/validate.c b/third_party/heimdal/lib/hcrypto/validate.c index 562e5aa4dd0..4b655f262c8 100644 --- a/third_party/heimdal/lib/hcrypto/validate.c +++ b/third_party/heimdal/lib/hcrypto/validate.c @@ -276,7 +276,8 @@ check_hmac(void) "\x6f\xd1\x52\x4d\x54\x58\x73\x0f\xf3\x24"; HMAC_CTX_init(&c); - HMAC_Init_ex(&c, hmackey, hmackey_size, EVP_sha1(), NULL); + if (HMAC_Init_ex(&c, hmackey, hmackey_size, EVP_sha1(), NULL) == 0) + errx(1, "HMAC_Init_ex() out of memory"); HMAC_Update(&c, buf, sizeof(buf)); HMAC_Final(&c, hmac, &hmaclen); HMAC_CTX_cleanup(&c); |