Permalink
Switch branches/tags
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
611 lines (540 sloc) 16 KB
diff --git b/bcrypt_pbkdf.c a/bcrypt_pbkdf.c
index cde347c..405ea48 100644
--- b/bcrypt_pbkdf.c
+++ a/bcrypt_pbkdf.c
@@ -15,6 +15,8 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#include "config.h"
+
#include <sys/types.h>
#include <stdint.h>
@@ -22,7 +24,16 @@
#include <blf.h>
#include <sha2.h>
#include <string.h>
-#include <util.h>
+#if HAVE_BSD_STRING_H
+#include <bsd/string.h>
+#endif
+#if HAVE_LIBUTIL_H
+#include <libutil.h>
+#elif HAVE_BSD_LIBUTIL_H
+#include <bsd/libutil.h>
+#else
+#error portability error
+#endif
#define MINIMUM(a,b) (((a) < (b)) ? (a) : (b))
diff --git b/blowfish.c a/blowfish.c
index a658e60..4550b2e 100644
--- b/blowfish.c
+++ a/blowfish.c
@@ -87,7 +87,6 @@ Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
*xl = Xr ^ p[17];
*xr = Xl;
}
-DEF_WEAK(Blowfish_encipher);
void
Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
@@ -113,7 +112,6 @@ Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
*xl = Xr ^ p[0];
*xr = Xl;
}
-DEF_WEAK(Blowfish_decipher);
void
Blowfish_initstate(blf_ctx *c)
@@ -393,7 +391,6 @@ Blowfish_initstate(blf_ctx *c)
*c = initstate;
}
-DEF_WEAK(Blowfish_initstate);
u_int32_t
Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
@@ -415,7 +412,6 @@ Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
*current = j;
return temp;
}
-DEF_WEAK(Blowfish_stream2word);
void
Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
@@ -453,7 +449,6 @@ Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
}
}
}
-DEF_WEAK(Blowfish_expand0state);
void
@@ -498,7 +493,6 @@ Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
}
}
-DEF_WEAK(Blowfish_expandstate);
void
blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
@@ -509,7 +503,6 @@ blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
/* Transform S-boxes and subkeys with key */
Blowfish_expand0state(c, k, len);
}
-DEF_WEAK(blf_key);
void
blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
@@ -523,7 +516,6 @@ blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
d += 2;
}
}
-DEF_WEAK(blf_enc);
void
blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
@@ -537,7 +529,6 @@ blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
d += 2;
}
}
-DEF_WEAK(blf_dec);
void
blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
@@ -560,7 +551,6 @@ blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
data += 8;
}
}
-DEF_WEAK(blf_ecb_encrypt);
void
blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
@@ -583,7 +573,6 @@ blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
data += 8;
}
}
-DEF_WEAK(blf_ecb_decrypt);
void
blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
@@ -609,7 +598,6 @@ blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
data += 8;
}
}
-DEF_WEAK(blf_cbc_encrypt);
void
blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
@@ -651,7 +639,6 @@ blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
for (j = 0; j < 8; j++)
data[j] ^= iva[j];
}
-DEF_WEAK(blf_cbc_decrypt);
#if 0
void
diff --git b/crypto_api.h a/crypto_api.h
index 540a7c2..d7b0a2e 100644
--- b/crypto_api.h
+++ a/crypto_api.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto_api.h,v 1.2 2018/01/16 21:42:40 naddy Exp $ */
+/* $OpenBSD: crypto_api.h,v 1.1 2014/07/22 00:41:19 deraadt Exp $ */
/*
* Assembled from generated headers and source files by Markus Friedl.
@@ -16,6 +16,9 @@ typedef uint32_t crypto_uint32;
#define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len))
+#define crypto_hashblocks_sha512_STATEBYTES 64U
+#define crypto_hashblocks_sha512_BLOCKBYTES 128U
+
int crypto_hashblocks_sha512(unsigned char *, const unsigned char *,
unsigned long long);
diff --git b/explicit_bzero.c a/explicit_bzero.c
index 003ea7c..5dd0103 100644
--- b/explicit_bzero.c
+++ a/explicit_bzero.c
@@ -17,4 +17,3 @@ explicit_bzero(void *buf, size_t len)
memset(buf, 0, len);
__explicit_bzero_hook(buf, len);
}
-DEF_WEAK(explicit_bzero);
diff --git b/helper.c a/helper.c
index 8fa692a..e2ece2e 100644
--- b/helper.c
+++ a/helper.c
@@ -54,7 +54,6 @@ HASHEnd(HASH_CTX *ctx, char *buf)
explicit_bzero(digest, sizeof(digest));
return (buf);
}
-DEF_WEAK(HASHEnd);
char *
HASHFileChunk(const char *filename, char *buf, off_t off, off_t len)
@@ -96,14 +95,12 @@ HASHFileChunk(const char *filename, char *buf, off_t off, off_t len)
errno = save_errno;
return (nr < 0 ? NULL : HASHEnd(&ctx, buf));
}
-DEF_WEAK(HASHFileChunk);
char *
HASHFile(const char *filename, char *buf)
{
return (HASHFileChunk(filename, buf, 0, 0));
}
-DEF_WEAK(HASHFile);
char *
HASHData(const u_char *data, size_t len, char *buf)
@@ -114,4 +111,3 @@ HASHData(const u_char *data, size_t len, char *buf)
HASHUpdate(&ctx, data, len);
return (HASHEnd(&ctx, buf));
}
-DEF_WEAK(HASHData);
diff --git b/sha2.c a/sha2.c
index 80fa50a..ee4809a 100644
--- b/sha2.c
+++ a/sha2.c
@@ -309,14 +309,8 @@ SHA224Init(SHA2_CTX *context)
memset(context->buffer, 0, sizeof(context->buffer));
context->bitcount[0] = 0;
}
-DEF_WEAK(SHA224Init);
-MAKE_CLONE(SHA224Transform, SHA256Transform);
-MAKE_CLONE(SHA224Update, SHA256Update);
-MAKE_CLONE(SHA224Pad, SHA256Pad);
-DEF_WEAK(SHA224Transform);
-DEF_WEAK(SHA224Update);
-DEF_WEAK(SHA224Pad);
+void SHA224Pad(SHA2_CTX *context) __attribute__ ((weak, alias ("SHA256Pad")));
void
SHA224Final(u_int8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *context)
@@ -334,7 +328,6 @@ SHA224Final(u_int8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *context)
#endif
explicit_bzero(context, sizeof(*context));
}
-DEF_WEAK(SHA224Final);
#endif /* !defined(SHA2_SMALL) */
/*** SHA-256: *********************************************************/
@@ -346,7 +339,6 @@ SHA256Init(SHA2_CTX *context)
memset(context->buffer, 0, sizeof(context->buffer));
context->bitcount[0] = 0;
}
-DEF_WEAK(SHA256Init);
#ifdef SHA2_UNROLL_TRANSFORM
@@ -505,7 +497,6 @@ SHA256Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH])
}
#endif /* SHA2_UNROLL_TRANSFORM */
-DEF_WEAK(SHA256Transform);
void
SHA256Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
@@ -552,7 +543,6 @@ SHA256Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
/* Clean up: */
usedspace = freespace = 0;
}
-DEF_WEAK(SHA256Update);
void
SHA256Pad(SHA2_CTX *context)
@@ -596,7 +586,6 @@ SHA256Pad(SHA2_CTX *context)
/* Clean up: */
usedspace = 0;
}
-DEF_WEAK(SHA256Pad);
void
SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *context)
@@ -614,7 +603,6 @@ SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *context)
#endif
explicit_bzero(context, sizeof(*context));
}
-DEF_WEAK(SHA256Final);
/*** SHA-512: *********************************************************/
@@ -626,7 +614,6 @@ SHA512Init(SHA2_CTX *context)
memset(context->buffer, 0, sizeof(context->buffer));
context->bitcount[0] = context->bitcount[1] = 0;
}
-DEF_WEAK(SHA512Init);
#ifdef SHA2_UNROLL_TRANSFORM
@@ -786,7 +773,6 @@ SHA512Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
}
#endif /* SHA2_UNROLL_TRANSFORM */
-DEF_WEAK(SHA512Transform);
void
SHA512Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
@@ -833,7 +819,6 @@ SHA512Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
/* Clean up: */
usedspace = freespace = 0;
}
-DEF_WEAK(SHA512Update);
void
SHA512Pad(SHA2_CTX *context)
@@ -877,7 +862,6 @@ SHA512Pad(SHA2_CTX *context)
/* Clean up: */
usedspace = 0;
}
-DEF_WEAK(SHA512Pad);
void
SHA512Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *context)
@@ -895,7 +879,6 @@ SHA512Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *context)
#endif
explicit_bzero(context, sizeof(*context));
}
-DEF_WEAK(SHA512Final);
#if !defined(SHA2_SMALL)
@@ -908,14 +891,8 @@ SHA384Init(SHA2_CTX *context)
memset(context->buffer, 0, sizeof(context->buffer));
context->bitcount[0] = context->bitcount[1] = 0;
}
-DEF_WEAK(SHA384Init);
-MAKE_CLONE(SHA384Transform, SHA512Transform);
-MAKE_CLONE(SHA384Update, SHA512Update);
-MAKE_CLONE(SHA384Pad, SHA512Pad);
-DEF_WEAK(SHA384Transform);
-DEF_WEAK(SHA384Update);
-DEF_WEAK(SHA384Pad);
+void SHA384Pad(SHA2_CTX *context) __attribute__ ((weak, alias ("SHA512Pad")));
void
SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
@@ -934,7 +911,6 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
/* Zero out state data */
explicit_bzero(context, sizeof(*context));
}
-DEF_WEAK(SHA384Final);
/*** SHA-512/256: *********************************************************/
void
@@ -945,14 +921,9 @@ SHA512_256Init(SHA2_CTX *context)
memset(context->buffer, 0, sizeof(context->buffer));
context->bitcount[0] = context->bitcount[1] = 0;
}
-DEF_WEAK(SHA512_256Init);
-MAKE_CLONE(SHA512_256Transform, SHA512Transform);
-MAKE_CLONE(SHA512_256Update, SHA512Update);
-MAKE_CLONE(SHA512_256Pad, SHA512Pad);
-DEF_WEAK(SHA512_256Transform);
-DEF_WEAK(SHA512_256Update);
-DEF_WEAK(SHA512_256Pad);
+void SHA512_256Update(SHA2_CTX *context, const u_int8_t *data, size_t len) __attribute__ ((weak, alias ("SHA512Update")));
+void SHA512_256Pad(SHA2_CTX *context) __attribute__ ((weak, alias ("SHA512Pad")));
void
SHA512_256Final(u_int8_t digest[SHA512_256_DIGEST_LENGTH], SHA2_CTX *context)
@@ -971,5 +942,4 @@ SHA512_256Final(u_int8_t digest[SHA512_256_DIGEST_LENGTH], SHA2_CTX *context)
/* Zero out state data */
explicit_bzero(context, sizeof(*context));
}
-DEF_WEAK(SHA512_256Final);
#endif /* !defined(SHA2_SMALL) */
diff --git b/sha256hl.c a/sha256hl.c
index 69a19b9..5f6c9a8 100644
--- b/sha256hl.c
+++ a/sha256hl.c
@@ -54,7 +54,6 @@ SHA256End(SHA2_CTX *ctx, char *buf)
explicit_bzero(digest, sizeof(digest));
return (buf);
}
-DEF_WEAK(SHA256End);
char *
SHA256FileChunk(const char *filename, char *buf, off_t off, off_t len)
@@ -96,14 +95,12 @@ SHA256FileChunk(const char *filename, char *buf, off_t off, off_t len)
errno = save_errno;
return (nr < 0 ? NULL : SHA256End(&ctx, buf));
}
-DEF_WEAK(SHA256FileChunk);
char *
SHA256File(const char *filename, char *buf)
{
return (SHA256FileChunk(filename, buf, 0, 0));
}
-DEF_WEAK(SHA256File);
char *
SHA256Data(const u_char *data, size_t len, char *buf)
@@ -114,4 +111,3 @@ SHA256Data(const u_char *data, size_t len, char *buf)
SHA256Update(&ctx, data, len);
return (SHA256End(&ctx, buf));
}
-DEF_WEAK(SHA256Data);
diff --git b/sha512_256hl.c a/sha512_256hl.c
index bc48389..237ca57 100644
--- b/sha512_256hl.c
+++ a/sha512_256hl.c
@@ -54,7 +54,6 @@ SHA512_256End(SHA2_CTX *ctx, char *buf)
explicit_bzero(digest, sizeof(digest));
return (buf);
}
-DEF_WEAK(SHA512_256End);
char *
SHA512_256FileChunk(const char *filename, char *buf, off_t off, off_t len)
@@ -96,14 +95,12 @@ SHA512_256FileChunk(const char *filename, char *buf, off_t off, off_t len)
errno = save_errno;
return (nr < 0 ? NULL : SHA512_256End(&ctx, buf));
}
-DEF_WEAK(SHA512_256FileChunk);
char *
SHA512_256File(const char *filename, char *buf)
{
return (SHA512_256FileChunk(filename, buf, 0, 0));
}
-DEF_WEAK(SHA512_256File);
char *
SHA512_256Data(const u_char *data, size_t len, char *buf)
@@ -114,4 +111,3 @@ SHA512_256Data(const u_char *data, size_t len, char *buf)
SHA512_256Update(&ctx, data, len);
return (SHA512_256End(&ctx, buf));
}
-DEF_WEAK(SHA512_256Data);
diff --git b/sha512hl.c a/sha512hl.c
index 50da08d..4c2cdc1 100644
--- b/sha512hl.c
+++ a/sha512hl.c
@@ -54,7 +54,6 @@ SHA512End(SHA2_CTX *ctx, char *buf)
explicit_bzero(digest, sizeof(digest));
return (buf);
}
-DEF_WEAK(SHA512End);
char *
SHA512FileChunk(const char *filename, char *buf, off_t off, off_t len)
@@ -96,14 +95,12 @@ SHA512FileChunk(const char *filename, char *buf, off_t off, off_t len)
errno = save_errno;
return (nr < 0 ? NULL : SHA512End(&ctx, buf));
}
-DEF_WEAK(SHA512FileChunk);
char *
SHA512File(const char *filename, char *buf)
{
return (SHA512FileChunk(filename, buf, 0, 0));
}
-DEF_WEAK(SHA512File);
char *
SHA512Data(const u_char *data, size_t len, char *buf)
@@ -114,4 +111,3 @@ SHA512Data(const u_char *data, size_t len, char *buf)
SHA512Update(&ctx, data, len);
return (SHA512End(&ctx, buf));
}
-DEF_WEAK(SHA512Data);
diff --git b/signify.c a/signify.c
index b586896..c26a83a 100644
--- b/signify.c
+++ a/signify.c
@@ -14,6 +14,9 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+
+#include "config.h"
+
#include <sys/stat.h>
#include <netinet/in.h>
@@ -23,14 +26,29 @@
#include <stdint.h>
#include <fcntl.h>
#include <string.h>
+#if HAVE_BSD_STRING_H
+#include <bsd/string.h>
+#endif
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <ohash.h>
#include <err.h>
#include <unistd.h>
+#if HAVE_READPASSPHRASE_H
#include <readpassphrase.h>
-#include <util.h>
+#elif HAVE_BSD_READPASSPHRASE_H
+#include <bsd/readpassphrase.h>
+#else
+#error portability problem
+#endif
+#if HAVE_LIBUTIL_H
+#include <libutil.h>
+#elif HAVE_BSD_LIBUTIL_H
+#include <bsd/libutil.h>
+#else
+#error portability problem
+#endif
#include <sha2.h>
#include "crypto_api.h"
@@ -71,7 +89,7 @@ struct sig {
uint8_t sig[SIGBYTES];
};
-static void __dead
+static void
usage(const char *error)
{
if (error)
@@ -87,7 +105,7 @@ usage(const char *error)
exit(1);
}
-int
+extern int
xopen(const char *fname, int oflags, mode_t mode)
{
struct stat sb;
@@ -111,7 +129,7 @@ xopen(const char *fname, int oflags, mode_t mode)
return fd;
}
-void *
+extern void *
xmalloc(size_t len)
{
void *p;
@@ -206,7 +224,7 @@ readmsg(const char *filename, unsigned long long *msglenp)
return msg;
}
-void
+extern void
writeall(int fd, const void *buf, size_t buflen, const char *filename)
{
ssize_t x;
@@ -244,7 +262,8 @@ writekeyfile(const char *filename, const char *comment, const void *buf,
fd = xopen(filename, O_CREAT|oflags|O_NOFOLLOW|O_WRONLY, mode);
header = createheader(comment, buf, buflen);
writeall(fd, header, strlen(header), filename);
- freezero(header, strlen(header));
+ explicit_bzero(header, strlen(header));
+ free(header);
close(fd);
}
@@ -763,9 +782,6 @@ main(int argc, char **argv)
VERIFY
} verb = NONE;
- if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
- err(1, "pledge");
-
rounds = 42;
while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) {
@@ -838,8 +854,6 @@ main(int argc, char **argv)
#ifndef VERIFYONLY
if (verb == CHECK) {
- if (pledge("stdio rpath", NULL) == -1)
- err(1, "pledge");
if (!sigfile)
usage("must specify sigfile");
check(pubkeyfile, sigfile, quiet, argc, argv);
@@ -864,14 +878,12 @@ main(int argc, char **argv)
switch (verb) {
#ifndef VERIFYONLY
case GENERATE:
- /* no pledge */
if (!pubkeyfile || !seckeyfile)
usage("must specify pubkey and seckey");
check_keyname_compliance(pubkeyfile, seckeyfile);
generate(pubkeyfile, seckeyfile, rounds, comment);
break;
case SIGN:
- /* no pledge */
if (gzip) {
if (!msgfile || !seckeyfile || !sigfile)
usage("must specify message sigfile seckey");
@@ -884,15 +896,6 @@ main(int argc, char **argv)
break;
#endif
case VERIFY:
- if ((embedded || gzip) &&
- (msgfile && strcmp(msgfile, "-") != 0)) {
- /* will need to create output file */
- if (pledge("stdio rpath wpath cpath", NULL) == -1)
- err(1, "pledge");
- } else {
- if (pledge("stdio rpath", NULL) == -1)
- err(1, "pledge");
- }
if (gzip) {
zverify(pubkeyfile, msgfile, sigfile, keytype);
} else {
@@ -903,8 +906,6 @@ main(int argc, char **argv)
}
break;
default:
- if (pledge("stdio", NULL) == -1)
- err(1, "pledge");
usage(NULL);
break;
}
diff --git b/timingsafe_bcmp.c a/timingsafe_bcmp.c
index 0409ec3..552e844 100644
--- b/timingsafe_bcmp.c
+++ a/timingsafe_bcmp.c
@@ -27,4 +27,3 @@ timingsafe_bcmp(const void *b1, const void *b2, size_t n)
ret |= *p1++ ^ *p2++;
return (ret != 0);
}
-DEF_WEAK(timingsafe_bcmp);