Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/heimdal/dist Add checks to EVP_CipherIni...
details: https://anonhg.NetBSD.org/src/rev/60b0942daa28
branches: trunk
changeset: 376110:60b0942daa28
user: christos <christos%NetBSD.org@localhost>
date: Thu Jun 01 20:40:18 2023 +0000
description:
Add checks to EVP_CipherInit_ex() where they were missing and add a cheesy
define to get the RC4 cipher from the legacy provider, since the legacy
provider is not loaded by default now.
diffstat:
crypto/external/bsd/heimdal/dist/include/crypto-headers.h | 5 +-
crypto/external/bsd/heimdal/dist/kdc/digest.c | 6 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c | 54 +++++++--
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/get_mic.c | 8 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/unwrap.c | 13 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/verify_mic.c | 8 +-
crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/wrap.c | 13 +-
crypto/external/bsd/heimdal/dist/lib/hcrypto/example_evp_cipher.c | 5 +-
crypto/external/bsd/heimdal/dist/lib/hx509/ks_file.c | 9 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-aes-sha1.c | 11 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-arcfour.c | 8 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des-common.c | 8 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des.c | 8 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des3.c | 5 +-
crypto/external/bsd/heimdal/dist/lib/krb5/crypto-evp.c | 35 ++++--
crypto/external/bsd/heimdal/dist/lib/ntlm/ntlm.c | 5 +-
16 files changed, 144 insertions(+), 57 deletions(-)
diffs (truncated from 572 to 300 lines):
diff -r dd3efa49e14a -r 60b0942daa28 crypto/external/bsd/heimdal/dist/include/crypto-headers.h
--- a/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Thu Jun 01 20:15:16 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/include/crypto-headers.h Thu Jun 01 20:40:18 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: crypto-headers.h,v 1.3 2018/02/05 16:00:52 christos Exp $ */
+/* $NetBSD: crypto-headers.h,v 1.4 2023/06/01 20:40:18 christos Exp $ */
#ifndef __crypto_header__
#define __crypto_header__
@@ -33,6 +33,9 @@
# define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0)
# define BN_is_negative(bn) ((bn)->neg != 0)
# endif
+#if OPENSSL_VERSION_NUMBER >= 0x30000000UL
+# define EVP_rc4() EVP_CIPHER_fetch(NULL, "rc4", "provider=legacy")
+#endif
#endif
#else /* !HAVE_HCRYPTO_W_OPENSSL */
diff -r dd3efa49e14a -r 60b0942daa28 crypto/external/bsd/heimdal/dist/kdc/digest.c
--- a/crypto/external/bsd/heimdal/dist/kdc/digest.c Thu Jun 01 20:15:16 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/kdc/digest.c Thu Jun 01 20:40:18 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: digest.c,v 1.3 2018/02/05 16:00:52 christos Exp $ */
+/* $NetBSD: digest.c,v 1.4 2023/06/01 20:40:18 christos Exp $ */
/*
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
@@ -1368,7 +1368,9 @@ krb5_error_code
#else
rc4 = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(rc4, EVP_rc4(), NULL, sessionkey, NULL, 1);
+ if (!EVP_CipherInit_ex(rc4, EVP_rc4(), NULL, sessionkey, NULL, 1))
+ krb5_set_error_message(context, EINVAL,
+ "RC4 cipher not supported");
EVP_Cipher(rc4,
masterkey, ireq.u.ntlmRequest.sessionkey->data,
sizeof(masterkey));
diff -r dd3efa49e14a -r 60b0942daa28 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c
--- a/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c Thu Jun 01 20:15:16 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/arcfour.c Thu Jun 01 20:40:18 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: arcfour.c,v 1.4 2019/12/15 22:50:47 christos Exp $ */
+/* $NetBSD: arcfour.c,v 1.5 2023/06/01 20:40:18 christos Exp $ */
/*
* Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
@@ -308,7 +308,11 @@ OM_uint32
#else
rc4_key = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ if (!EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
EVP_Cipher(rc4_key, p, p, 8);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(rc4_key);
@@ -393,7 +397,11 @@ OM_uint32
rc4_key = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0);
+ if (!EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL,
+ 0)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(rc4_key, SND_SEQ, p, 8);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(rc4_key);
@@ -557,7 +565,10 @@ OM_uint32
#endif
EVP_CIPHER_CTX_init(rc4_key);
- EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ if (!EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(rc4_key, p0 + 24, p0 + 24, 8 + datalen);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(rc4_key);
@@ -586,7 +597,10 @@ OM_uint32
rc4_key = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ if (!EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(rc4_key);
@@ -696,7 +710,10 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint
rc4_key = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ if (!EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(rc4_key, SND_SEQ, p0 + 8, 8);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(rc4_key);
@@ -753,7 +770,10 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint
#else
rc4_key = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ if (!EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(rc4_key, Confounder, p0 + 24, 8);
EVP_Cipher(rc4_key, output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
@@ -1147,7 +1167,10 @@ OM_uint32
#else
rc4_key = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ if (!EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
/* Confounder */
EVP_Cipher(rc4_key, p0 + 24, p0 + 24, 8);
@@ -1197,7 +1220,10 @@ OM_uint32
#else
rc4_key = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ if (!EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(rc4_key, p0 + 8, p0 + 8, 8); /* SND_SEQ */
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(rc4_key);
@@ -1344,7 +1370,10 @@ OM_uint32
#endif
EVP_CIPHER_CTX_init(rc4_key);
- EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ if (!EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(rc4_key, snd_seq, p0 + 8, 8); /* SND_SEQ */
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(rc4_key);
@@ -1407,7 +1436,10 @@ OM_uint32
rc4_key = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+ if (!EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
/* Confounder */
EVP_Cipher(rc4_key, Confounder, p0 + 24, 8);
diff -r dd3efa49e14a -r 60b0942daa28 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/get_mic.c
--- a/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/get_mic.c Thu Jun 01 20:15:16 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/get_mic.c Thu Jun 01 20:40:18 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: get_mic.c,v 1.4 2019/12/15 22:50:47 christos Exp $ */
+/* $NetBSD: get_mic.c,v 1.5 2023/06/01 20:40:18 christos Exp $ */
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
@@ -122,7 +122,11 @@ mic_des
des_ctx = EVP_CIPHER_CTX_new();
#endif
EVP_CIPHER_CTX_init(des_ctx);
- EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
+ if (!EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data,
+ p + 8, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(des_ctx, p, p, 8);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(des_ctx);
diff -r dd3efa49e14a -r 60b0942daa28 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/unwrap.c
--- a/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/unwrap.c Thu Jun 01 20:15:16 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/unwrap.c Thu Jun 01 20:40:18 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: unwrap.c,v 1.3 2018/02/05 16:00:52 christos Exp $ */
+/* $NetBSD: unwrap.c,v 1.4 2023/06/01 20:40:18 christos Exp $ */
/*
* Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
@@ -113,7 +113,10 @@ unwrap_des
#else
des_ctx = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 0);
+ if (!EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 0)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(des_ctx, p, p, input_message_buffer->length - len);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(des_ctx);
@@ -163,7 +166,11 @@ unwrap_des
#else
des_ctx = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0);
+ if (!EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash,
+ 0)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(des_ctx, p, p, 8);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(des_ctx);
diff -r dd3efa49e14a -r 60b0942daa28 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/verify_mic.c
--- a/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/verify_mic.c Thu Jun 01 20:15:16 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/verify_mic.c Thu Jun 01 20:40:18 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: verify_mic.c,v 1.5 2019/12/15 22:50:47 christos Exp $ */
+/* $NetBSD: verify_mic.c,v 1.6 2023/06/01 20:40:18 christos Exp $ */
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
@@ -109,7 +109,11 @@ verify_mic_des
#else
des_ctx = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0);
+ if (!EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data,
+ hash, 0)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(des_ctx, p, p, 8);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(des_ctx);
diff -r dd3efa49e14a -r 60b0942daa28 crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/wrap.c
--- a/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/wrap.c Thu Jun 01 20:15:16 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/wrap.c Thu Jun 01 20:40:18 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: wrap.c,v 1.3 2018/02/05 16:00:52 christos Exp $ */
+/* $NetBSD: wrap.c,v 1.4 2023/06/01 20:40:18 christos Exp $ */
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
@@ -308,7 +308,11 @@ wrap_des
#else
des_ctx = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
+ if (!EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data,
+ p + 8, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(des_ctx, p, p, 8);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(des_ctx);
@@ -337,7 +341,10 @@ wrap_des
#else
des_ctx = EVP_CIPHER_CTX_new();
#endif
- EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1);
+ if (!EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
EVP_Cipher(des_ctx, p, p, datalen);
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
EVP_CIPHER_CTX_cleanup(des_ctx);
diff -r dd3efa49e14a -r 60b0942daa28 crypto/external/bsd/heimdal/dist/lib/hcrypto/example_evp_cipher.c
--- a/crypto/external/bsd/heimdal/dist/lib/hcrypto/example_evp_cipher.c Thu Jun 01 20:15:16 2023 +0000
+++ b/crypto/external/bsd/heimdal/dist/lib/hcrypto/example_evp_cipher.c Thu Jun 01 20:40:18 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: example_evp_cipher.c,v 1.2 2017/01/28 21:31:47 christos Exp $ */
+/* $NetBSD: example_evp_cipher.c,v 1.3 2023/06/01 20:40:18 christos Exp $ */
/*
* Copyright (c) 2008 Kungliga Tekniska Högskolan
@@ -137,7 +137,8 @@ main(int argc, char **argv)
* ivec.
*/
EVP_CIPHER_CTX_init(&ctx);
- EVP_CipherInit_ex(&ctx, c, NULL, key, ivec, encryptp);
+ if (!EVP_CipherInit_ex(&ctx, c, NULL, key, ivec, encryptp))
+ errx(1, "EVP_CipherInit_ex failed");
/* read in buffer */
Home |
Main Index |
Thread Index |
Old Index