diff options
Diffstat (limited to 'libtomcrypt/src')
30 files changed, 249 insertions, 113 deletions
diff --git a/libtomcrypt/src/ciphers/aes/aes_tab.c b/libtomcrypt/src/ciphers/aes/aes_tab.c index 463d05c..b15596e 100644 --- a/libtomcrypt/src/ciphers/aes/aes_tab.c +++ b/libtomcrypt/src/ciphers/aes/aes_tab.c @@ -94,7 +94,7 @@ static const ulong32 TE0[256] = { 0x7bb0b0cbUL, 0xa85454fcUL, 0x6dbbbbd6UL, 0x2c16163aUL, }; -#ifndef PELI_TAB +#if !defined(PELI_TAB) && defined(LTC_SMALL_CODE) static const ulong32 Te4[256] = { 0x63636363UL, 0x7c7c7c7cUL, 0x77777777UL, 0x7b7b7b7bUL, 0xf2f2f2f2UL, 0x6b6b6b6bUL, 0x6f6f6f6fUL, 0xc5c5c5c5UL, @@ -1017,11 +1017,13 @@ static const ulong32 Tks3[] = { #endif /* SMALL CODE */ +#ifndef PELI_TAB static const ulong32 rcon[] = { 0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL, 0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL, 0x1B000000UL, 0x36000000UL, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ }; +#endif #endif /* __LTC_AES_TAB_C__ */ diff --git a/libtomcrypt/src/ciphers/des.c b/libtomcrypt/src/ciphers/des.c index fe429cc..fc8faae 100644 --- a/libtomcrypt/src/ciphers/des.c +++ b/libtomcrypt/src/ciphers/des.c @@ -38,7 +38,7 @@ const struct ltc_cipher_descriptor des3_desc = { "3des", 14, - 24, 24, 8, 16, + 16, 24, 8, 16, &des3_setup, &des3_ecb_encrypt, &des3_ecb_decrypt, @@ -2080,8 +2080,11 @@ int des_keysize(int *keysize) int des3_keysize(int *keysize) { LTC_ARGCHK(keysize != NULL); - if(*keysize < 24) { - return CRYPT_INVALID_KEYSIZE; + if (*keysize < 16) + return CRYPT_INVALID_KEYSIZE; + if (*keysize < 24) { + *keysize = 16; + return CRYPT_OK; } *keysize = 24; return CRYPT_OK; diff --git a/libtomcrypt/src/encauth/ccm/ccm_memory.c b/libtomcrypt/src/encauth/ccm/ccm_memory.c index 3326ce5..631219e 100644 --- a/libtomcrypt/src/encauth/ccm/ccm_memory.c +++ b/libtomcrypt/src/encauth/ccm/ccm_memory.c @@ -52,7 +52,7 @@ int ccm_memory(int cipher, int err; unsigned long len, L, x, y, z, CTRlen; #ifdef LTC_FAST - LTC_FAST_TYPE fastMask = ~0; /* initialize fastMask at all zeroes */ + LTC_FAST_TYPE fastMask = ~(LTC_FAST_TYPE)0; /* initialize fastMask at all zeroes */ #endif unsigned char mask = 0xff; /* initialize mask at all zeroes */ diff --git a/libtomcrypt/src/headers/tomcrypt.h b/libtomcrypt/src/headers/tomcrypt.h index 1a56611..f4442d2 100644 --- a/libtomcrypt/src/headers/tomcrypt.h +++ b/libtomcrypt/src/headers/tomcrypt.h @@ -27,14 +27,15 @@ extern "C" { /* version */ #define CRYPT 0x0118 -#define SCRYPT "1.18.1" +#define SCRYPT "1.18.2" /* max size of either a cipher/hash block or symmetric key [largest of the two] */ #define MAXBLOCKSIZE 128 +#ifndef TAB_SIZE /* descriptor table size */ -/* Dropbear change - this should be smaller, saves some size */ -#define TAB_SIZE 5 +#define TAB_SIZE 32 +#endif /* error codes [will be expanded in future releases] */ enum { diff --git a/libtomcrypt/src/headers/tomcrypt_custom.h b/libtomcrypt/src/headers/tomcrypt_custom.h index 4547cd8..8fb9df8 100644 --- a/libtomcrypt/src/headers/tomcrypt_custom.h +++ b/libtomcrypt/src/headers/tomcrypt_custom.h @@ -480,6 +480,13 @@ #endif #endif +#if defined(LTC_DER) + #ifndef LTC_DER_MAX_RECURSION + /* Maximum recursion limit when processing nested ASN.1 types. */ + #define LTC_DER_MAX_RECURSION 30 + #endif +#endif + #if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_MKAT) /* Include the MPI functionality? (required by the PK algorithms) */ #define LTC_MPI diff --git a/libtomcrypt/src/headers/tomcrypt_dropbear.h b/libtomcrypt/src/headers/tomcrypt_dropbear.h index 323902b..36956da 100644 --- a/libtomcrypt/src/headers/tomcrypt_dropbear.h +++ b/libtomcrypt/src/headers/tomcrypt_dropbear.h @@ -10,6 +10,9 @@ #define LTC_SMALL_CODE #endif +/* Fewer entries needed */ +#define TAB_SIZE 5 + #if DROPBEAR_BLOWFISH #define LTC_BLOWFISH #endif diff --git a/libtomcrypt/src/headers/tomcrypt_pk.h b/libtomcrypt/src/headers/tomcrypt_pk.h index 4ea6f88..fb9b07c 100644 --- a/libtomcrypt/src/headers/tomcrypt_pk.h +++ b/libtomcrypt/src/headers/tomcrypt_pk.h @@ -667,16 +667,16 @@ int der_printable_value_decode(int v); /* UTF-8 */ #if (defined(SIZE_MAX) || __STDC_VERSION__ >= 199901L || defined(WCHAR_MAX) || defined(__WCHAR_MAX__) || defined(_WCHAR_T) || defined(_WCHAR_T_DEFINED) || defined (__WCHAR_TYPE__)) && !defined(LTC_NO_WCHAR) -#include <wchar.h> -#if defined(__WCHAR_MAX__) -#define LTC_WCHAR_MAX __WCHAR_MAX__ -#elif defined(WCHAR_MAX) -#define LTC_WCHAR_MAX WCHAR_MAX -#endif + #if defined(__WCHAR_MAX__) + #define LTC_WCHAR_MAX __WCHAR_MAX__ + #else + #include <wchar.h> + #define LTC_WCHAR_MAX WCHAR_MAX + #endif /* please note that it might happen that LTC_WCHAR_MAX is undefined */ #else -typedef ulong32 wchar_t; -#define LTC_WCHAR_MAX 0xFFFFFFFF + typedef ulong32 wchar_t; + #define LTC_WCHAR_MAX 0xFFFFFFFF #endif int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, diff --git a/libtomcrypt/src/mac/blake2/blake2bmac_file.c b/libtomcrypt/src/mac/blake2/blake2bmac_file.c index 64c9e4d..c1e9c6b 100644 --- a/libtomcrypt/src/mac/blake2/blake2bmac_file.c +++ b/libtomcrypt/src/mac/blake2/blake2bmac_file.c @@ -23,6 +23,11 @@ int blake2bmac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen) { #ifdef LTC_NO_FILE + LTC_UNUSED_PARAM(fname); + LTC_UNUSED_PARAM(key); + LTC_UNUSED_PARAM(keylen); + LTC_UNUSED_PARAM(mac); + LTC_UNUSED_PARAM(maclen); return CRYPT_NOP; #else blake2bmac_state st; diff --git a/libtomcrypt/src/mac/blake2/blake2smac_file.c b/libtomcrypt/src/mac/blake2/blake2smac_file.c index c5248a2..1ac6679 100644 --- a/libtomcrypt/src/mac/blake2/blake2smac_file.c +++ b/libtomcrypt/src/mac/blake2/blake2smac_file.c @@ -23,6 +23,11 @@ int blake2smac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen) { #ifdef LTC_NO_FILE + LTC_UNUSED_PARAM(fname); + LTC_UNUSED_PARAM(key); + LTC_UNUSED_PARAM(keylen); + LTC_UNUSED_PARAM(mac); + LTC_UNUSED_PARAM(maclen); return CRYPT_NOP; #else blake2smac_state st; diff --git a/libtomcrypt/src/mac/f9/f9_file.c b/libtomcrypt/src/mac/f9/f9_file.c index a6e6532..04d509b 100644 --- a/libtomcrypt/src/mac/f9/f9_file.c +++ b/libtomcrypt/src/mac/f9/f9_file.c @@ -31,6 +31,12 @@ int f9_file(int cipher, unsigned char *out, unsigned long *outlen) { #ifdef LTC_NO_FILE + LTC_UNUSED_PARAM(cipher); + LTC_UNUSED_PARAM(key); + LTC_UNUSED_PARAM(keylen); + LTC_UNUSED_PARAM(fname); + LTC_UNUSED_PARAM(out); + LTC_UNUSED_PARAM(outlen); return CRYPT_NOP; #else size_t x; diff --git a/libtomcrypt/src/mac/hmac/hmac_file.c b/libtomcrypt/src/mac/hmac/hmac_file.c index c106941..0e1a163 100644 --- a/libtomcrypt/src/mac/hmac/hmac_file.c +++ b/libtomcrypt/src/mac/hmac/hmac_file.c @@ -30,7 +30,12 @@ int hmac_file(int hash, const char *fname, unsigned char *out, unsigned long *outlen) { #ifdef LTC_NO_FILE - (void)hash; (void)fname; (void)key; (void)keylen; (void)out; (void)outlen; + LTC_UNUSED_PARAM(hash); + LTC_UNUSED_PARAM(fname); + LTC_UNUSED_PARAM(key); + LTC_UNUSED_PARAM(keylen); + LTC_UNUSED_PARAM(out); + LTC_UNUSED_PARAM(outlen); return CRYPT_NOP; #else hmac_state hmac; diff --git a/libtomcrypt/src/mac/omac/omac_file.c b/libtomcrypt/src/mac/omac/omac_file.c index a9104e8..3f6a85d 100644 --- a/libtomcrypt/src/mac/omac/omac_file.c +++ b/libtomcrypt/src/mac/omac/omac_file.c @@ -31,6 +31,12 @@ int omac_file(int cipher, unsigned char *out, unsigned long *outlen) { #ifdef LTC_NO_FILE + LTC_UNUSED_PARAM(cipher); + LTC_UNUSED_PARAM(key); + LTC_UNUSED_PARAM(keylen); + LTC_UNUSED_PARAM(filename); + LTC_UNUSED_PARAM(out); + LTC_UNUSED_PARAM(outlen); return CRYPT_NOP; #else size_t x; diff --git a/libtomcrypt/src/mac/pmac/pmac_file.c b/libtomcrypt/src/mac/pmac/pmac_file.c index abe04f1..fe202a2 100644 --- a/libtomcrypt/src/mac/pmac/pmac_file.c +++ b/libtomcrypt/src/mac/pmac/pmac_file.c @@ -31,6 +31,12 @@ int pmac_file(int cipher, unsigned char *out, unsigned long *outlen) { #ifdef LTC_NO_FILE + LTC_UNUSED_PARAM(cipher); + LTC_UNUSED_PARAM(key); + LTC_UNUSED_PARAM(keylen); + LTC_UNUSED_PARAM(filename); + LTC_UNUSED_PARAM(out); + LTC_UNUSED_PARAM(outlen); return CRYPT_NOP; #else size_t x; diff --git a/libtomcrypt/src/mac/poly1305/poly1305_file.c b/libtomcrypt/src/mac/poly1305/poly1305_file.c index 7726305..e57437b 100644 --- a/libtomcrypt/src/mac/poly1305/poly1305_file.c +++ b/libtomcrypt/src/mac/poly1305/poly1305_file.c @@ -28,6 +28,11 @@ int poly1305_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen) { #ifdef LTC_NO_FILE + LTC_UNUSED_PARAM(fname); + LTC_UNUSED_PARAM(key); + LTC_UNUSED_PARAM(keylen); + LTC_UNUSED_PARAM(mac); + LTC_UNUSED_PARAM(maclen); return CRYPT_NOP; #else poly1305_state st; diff --git a/libtomcrypt/src/mac/xcbc/xcbc_file.c b/libtomcrypt/src/mac/xcbc/xcbc_file.c index f121cd0..27eb0de 100644 --- a/libtomcrypt/src/mac/xcbc/xcbc_file.c +++ b/libtomcrypt/src/mac/xcbc/xcbc_file.c @@ -31,6 +31,12 @@ int xcbc_file(int cipher, unsigned char *out, unsigned long *outlen) { #ifdef LTC_NO_FILE + LTC_UNUSED_PARAM(cipher); + LTC_UNUSED_PARAM(key); + LTC_UNUSED_PARAM(keylen); + LTC_UNUSED_PARAM(filename); + LTC_UNUSED_PARAM(out); + LTC_UNUSED_PARAM(outlen); return CRYPT_NOP; #else size_t x; diff --git a/libtomcrypt/src/math/multi.c b/libtomcrypt/src/math/multi.c index da5bb60..cfe1451 100644 --- a/libtomcrypt/src/math/multi.c +++ b/libtomcrypt/src/math/multi.c @@ -67,7 +67,6 @@ void ltc_cleanup_multi(void **a, ...) cur = va_arg(args, void**); } va_end(args); - return; } #endif diff --git a/libtomcrypt/src/math/rand_bn.c b/libtomcrypt/src/math/rand_bn.c index a42ba64..aa6539c 100644 --- a/libtomcrypt/src/math/rand_bn.c +++ b/libtomcrypt/src/math/rand_bn.c @@ -8,7 +8,7 @@ */ #include "tomcrypt.h" -#ifdef LTC_MDSA +#if defined(LTC_MDSA) || defined(LTC_MECC) /** Generate a random number N with given bitlength (note: MSB can be 0) */ diff --git a/libtomcrypt/src/misc/crypt/crypt.c b/libtomcrypt/src/misc/crypt/crypt.c index 83b6c21..9b9c867 100644 --- a/libtomcrypt/src/misc/crypt/crypt.c +++ b/libtomcrypt/src/misc/crypt/crypt.c @@ -399,6 +399,7 @@ const char *crypt_build_settings = #endif #if defined(LTC_DER) " DER " + " " NAME_VALUE(LTC_DER_MAX_RECURSION) " " #endif #if defined(LTC_PKCS_1) " PKCS#1 " diff --git a/libtomcrypt/src/misc/crypt/crypt_constants.c b/libtomcrypt/src/misc/crypt/crypt_constants.c index a7418d5..9b3c938 100644 --- a/libtomcrypt/src/misc/crypt/crypt_constants.c +++ b/libtomcrypt/src/misc/crypt/crypt_constants.c @@ -111,6 +111,7 @@ static const crypt_constant _crypt_constants[] = { #ifdef LTC_DER /* DER handling */ + {"LTC_DER", 1}, _C_STRINGIFY(LTC_ASN1_EOL), _C_STRINGIFY(LTC_ASN1_BOOLEAN), _C_STRINGIFY(LTC_ASN1_INTEGER), @@ -132,6 +133,9 @@ static const crypt_constant _crypt_constants[] = { _C_STRINGIFY(LTC_ASN1_CONSTRUCTED), _C_STRINGIFY(LTC_ASN1_CONTEXT_SPECIFIC), _C_STRINGIFY(LTC_ASN1_GENERALIZEDTIME), + _C_STRINGIFY(LTC_DER_MAX_RECURSION), +#else + {"LTC_DER", 0}, #endif #ifdef LTC_CTR_MODE @@ -248,20 +252,16 @@ int crypt_get_constant(const char* namein, int *valueout) { int crypt_list_all_constants(char *names_list, unsigned int *names_list_size) { int i; unsigned int total_len = 0; - char number[32], *ptr; + char *ptr; int number_len; int count = sizeof(_crypt_constants) / sizeof(_crypt_constants[0]); /* calculate amount of memory required for the list */ for (i=0; i<count; i++) { - total_len += (unsigned int)strlen(_crypt_constants[i].name) + 1; - /* the above +1 is for the commas */ - number_len = snprintf(number, sizeof(number), "%d", _crypt_constants[i].value); - if ((number_len < 0) || - ((unsigned int)number_len >= sizeof(number))) + number_len = snprintf(NULL, 0, "%s,%d\n", _crypt_constants[i].name, _crypt_constants[i].value); + if (number_len < 0) return -1; - total_len += number_len + 1; - /* this last +1 is for newlines (and ending NULL) */ + total_len += number_len; } if (names_list == NULL) { @@ -273,16 +273,11 @@ int crypt_list_all_constants(char *names_list, unsigned int *names_list_size) { /* build the names list */ ptr = names_list; for (i=0; i<count; i++) { - strcpy(ptr, _crypt_constants[i].name); - ptr += strlen(_crypt_constants[i].name); - strcpy(ptr, ","); - ptr += 1; - - number_len = snprintf(number, sizeof(number), "%d", _crypt_constants[i].value); - strcpy(ptr, number); + number_len = snprintf(ptr, total_len, "%s,%d\n", _crypt_constants[i].name, _crypt_constants[i].value); + if (number_len < 0) return -1; + if ((unsigned int)number_len > total_len) return -1; + total_len -= number_len; ptr += number_len; - strcpy(ptr, "\n"); - ptr += 1; } /* to remove the trailing new-line */ ptr -= 1; diff --git a/libtomcrypt/src/misc/crypt/crypt_sizes.c b/libtomcrypt/src/misc/crypt/crypt_sizes.c index 79b3bd4..dd857ea 100644 --- a/libtomcrypt/src/misc/crypt/crypt_sizes.c +++ b/libtomcrypt/src/misc/crypt/crypt_sizes.c @@ -307,19 +307,16 @@ int crypt_get_size(const char* namein, unsigned int *sizeout) { int crypt_list_all_sizes(char *names_list, unsigned int *names_list_size) { int i; unsigned int total_len = 0; - char number[32], *ptr; + char *ptr; int number_len; int count = sizeof(_crypt_sizes) / sizeof(_crypt_sizes[0]); /* calculate amount of memory required for the list */ for (i=0; i<count; i++) { - total_len += (unsigned int)strlen(_crypt_sizes[i].name) + 1; - /* the above +1 is for the commas */ - number_len = snprintf(number, sizeof(number), "%u", _crypt_sizes[i].size); - if ((number_len < 0) || - ((unsigned int)number_len >= sizeof(number))) + number_len = snprintf(NULL, 0, "%s,%u\n", _crypt_sizes[i].name, _crypt_sizes[i].size); + if (number_len < 0) return -1; - total_len += (unsigned int)strlen(number) + 1; + total_len += number_len; /* this last +1 is for newlines (and ending NULL) */ } @@ -332,16 +329,11 @@ int crypt_list_all_sizes(char *names_list, unsigned int *names_list_size) { /* build the names list */ ptr = names_list; for (i=0; i<count; i++) { - strcpy(ptr, _crypt_sizes[i].name); - ptr += strlen(_crypt_sizes[i].name); - strcpy(ptr, ","); - ptr += 1; - - number_len = snprintf(number, sizeof(number), "%u", _crypt_sizes[i].size); - strcpy(ptr, number); + number_len = snprintf(ptr, total_len, "%s,%u\n", _crypt_sizes[i].name, _crypt_sizes[i].size); + if (number_len < 0) return -1; + if ((unsigned int)number_len > total_len) return -1; + total_len -= number_len; ptr += number_len; - strcpy(ptr, "\n"); - ptr += 1; } /* to remove the trailing new-line */ ptr -= 1; diff --git a/libtomcrypt/src/modes/ctr/ctr_encrypt.c b/libtomcrypt/src/modes/ctr/ctr_encrypt.c index 7319cf5..eb7328c 100644 --- a/libtomcrypt/src/modes/ctr/ctr_encrypt.c +++ b/libtomcrypt/src/modes/ctr/ctr_encrypt.c @@ -17,47 +17,17 @@ #ifdef LTC_CTR_MODE /** - CTR encrypt + CTR encrypt software implementation @param pt Plaintext @param ct [out] Ciphertext @param len Length of plaintext (octets) @param ctr CTR state @return CRYPT_OK if successful */ -int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr) +static int _ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr) { int x, err; - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(ctr != NULL); - - if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) { - return err; - } - - /* is blocklen/padlen valid? */ - if (ctr->blocklen < 1 || ctr->blocklen > (int)sizeof(ctr->ctr) || - ctr->padlen < 0 || ctr->padlen > (int)sizeof(ctr->pad)) { - return CRYPT_INVALID_ARG; - } - -#ifdef LTC_FAST - if (ctr->blocklen % sizeof(LTC_FAST_TYPE)) { - return CRYPT_INVALID_ARG; - } -#endif - - /* handle acceleration only if pad is empty, accelerator is present and length is >= a block size */ - if ((ctr->padlen == ctr->blocklen) && cipher_descriptor[ctr->cipher].accel_ctr_encrypt != NULL && (len >= (unsigned long)ctr->blocklen)) { - if ((err = cipher_descriptor[ctr->cipher].accel_ctr_encrypt(pt, ct, len/ctr->blocklen, ctr->ctr, ctr->mode, &ctr->key)) != CRYPT_OK) { - return err; - } - pt += (len / ctr->blocklen) * ctr->blocklen; - ct += (len / ctr->blocklen) * ctr->blocklen; - len %= ctr->blocklen; - } - while (len) { /* is the pad empty? */ if (ctr->padlen == ctr->blocklen) { @@ -87,7 +57,7 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s ctr->padlen = 0; } #ifdef LTC_FAST - if (ctr->padlen == 0 && len >= (unsigned long)ctr->blocklen) { + if ((ctr->padlen == 0) && (len >= (unsigned long)ctr->blocklen)) { for (x = 0; x < ctr->blocklen; x += sizeof(LTC_FAST_TYPE)) { *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)) ^ *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ctr->pad + x)); @@ -105,6 +75,63 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s return CRYPT_OK; } +/** + CTR encrypt + @param pt Plaintext + @param ct [out] Ciphertext + @param len Length of plaintext (octets) + @param ctr CTR state + @return CRYPT_OK if successful +*/ +int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr) +{ + int err, fr; + + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); + LTC_ARGCHK(ctr != NULL); + + if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) { + return err; + } + + /* is blocklen/padlen valid? */ + if ((ctr->blocklen < 1) || (ctr->blocklen > (int)sizeof(ctr->ctr)) || + (ctr->padlen < 0) || (ctr->padlen > (int)sizeof(ctr->pad))) { + return CRYPT_INVALID_ARG; + } + +#ifdef LTC_FAST + if (ctr->blocklen % sizeof(LTC_FAST_TYPE)) { + return CRYPT_INVALID_ARG; + } +#endif + + /* handle acceleration only if pad is empty, accelerator is present and length is >= a block size */ + if ((cipher_descriptor[ctr->cipher].accel_ctr_encrypt != NULL) && (len >= (unsigned long)ctr->blocklen)) { + if (ctr->padlen < ctr->blocklen) { + fr = ctr->blocklen - ctr->padlen; + if ((err = _ctr_encrypt(pt, ct, fr, ctr)) != CRYPT_OK) { + return err; + } + pt += fr; + ct += fr; + len -= fr; + } + + if (len >= (unsigned long)ctr->blocklen) { + if ((err = cipher_descriptor[ctr->cipher].accel_ctr_encrypt(pt, ct, len/ctr->blocklen, ctr->ctr, ctr->mode, &ctr->key)) != CRYPT_OK) { + return err; + } + pt += (len / ctr->blocklen) * ctr->blocklen; + ct += (len / ctr->blocklen) * ctr->blocklen; + len %= ctr->blocklen; + } + } + + return _ctr_encrypt(pt, ct, len, ctr); +} + #endif /* ref: $Format:%D$ */ diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c index 142ef95..cb93e8f 100644 --- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c @@ -79,8 +79,8 @@ static int _new_element(ltc_asn1_list **l) */ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out) { - ltc_asn1_list *l; - unsigned long err, type, len, totlen, data_offset; + ltc_asn1_list *l, *t; + unsigned long err, type, len, totlen, data_offset, len_len; void *realloc_tmp; LTC_ARGCHK(in != NULL); @@ -407,6 +407,17 @@ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc l->child->parent = l; } + t = l; + len_len = 0; + while((t != NULL) && (t->child != NULL)) { + len_len++; + t = t->child; + } + if (len_len > LTC_DER_MAX_RECURSION) { + err = CRYPT_ERROR; + goto error; + } + break; case 0x80: /* Context-specific */ diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c index 6826181..d2d0811 100644 --- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c +++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c @@ -80,7 +80,7 @@ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long in } if ((alg_id[0].size != oid.OIDlen) || - XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0]))) { + XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0])) != 0) { /* OID mismatch */ err = CRYPT_PK_INVALID_TYPE; goto LBL_ERR; diff --git a/libtomcrypt/src/pk/dsa/dsa_export.c b/libtomcrypt/src/pk/dsa/dsa_export.c index 1f6bb5a..f3a9f59 100644 --- a/libtomcrypt/src/pk/dsa/dsa_export.c +++ b/libtomcrypt/src/pk/dsa/dsa_export.c @@ -69,7 +69,7 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key } } else { if (std) { - unsigned long tmplen = (mp_count_bits(key->y) / 8) + 8; + unsigned long tmplen = (unsigned long)(mp_count_bits(key->y) / 8) + 8; unsigned char* tmp = XMALLOC(tmplen); ltc_asn1_list int_list[3]; diff --git a/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c b/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c index 91c7ef7..8c5f558 100644 --- a/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c +++ b/libtomcrypt/src/pk/dsa/dsa_generate_pqg.c @@ -72,8 +72,8 @@ static int _dsa_make_params(prng_state *prng, int wprng, int group_size, int mod */ seedbytes = group_size; - L = modulus_size * 8; - N = group_size * 8; + L = (unsigned long)modulus_size * 8; + N = (unsigned long)group_size * 8; /* XXX-TODO no Lucas test */ #ifdef LTC_MPI_HAS_LUCAS_TEST diff --git a/libtomcrypt/src/pk/ecc/ecc_sign_hash.c b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c index 5f6f57f..ec6677c 100644 --- a/libtomcrypt/src/pk/ecc/ecc_sign_hash.c +++ b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c @@ -21,7 +21,7 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, prng_state *prng, int wprng, ecc_key *key, int sigformat) { ecc_key pubkey; - void *r, *s, *e, *p; + void *r, *s, *e, *p, *b; int err, max_iterations = LTC_PK_MAX_RETRIES; unsigned long pbits, pbytes, i, shift_right; unsigned char ch, buf[MAXBLOCKSIZE]; @@ -46,7 +46,7 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, } /* init the bignums */ - if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != CRYPT_OK) { + if ((err = mp_init_multi(&r, &s, &p, &e, &b, NULL)) != CRYPT_OK) { return err; } if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errnokey; } @@ -82,12 +82,15 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, if (mp_iszero(r) == LTC_MP_YES) { ecc_free(&pubkey); } else { + if ((err = rand_bn_upto(b, p, prng, wprng)) != CRYPT_OK) { goto error; } /* b = blinding value */ /* find s = (e + xr)/k */ - if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/k */ + if ((err = mp_mulmod(pubkey.k, b, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = kb */ + if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/kb */ if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK) { goto error; } /* s = xr */ - if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e + xr */ - if ((err = mp_mod(s, p, s)) != CRYPT_OK) { goto error; } /* s = e + xr */ - if ((err = mp_mulmod(s, pubkey.k, p, s)) != CRYPT_OK) { goto error; } /* s = (e + xr)/k */ + if ((err = mp_mulmod(pubkey.k, s, p, s)) != CRYPT_OK) { goto error; } /* s = xr/kb */ + if ((err = mp_mulmod(pubkey.k, e, p, e)) != CRYPT_OK) { goto error; } /* e = e/kb */ + if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e/kb + xr/kb */ + if ((err = mp_mulmod(s, b, p, s)) != CRYPT_OK) { goto error; } /* s = b(e/kb + xr/kb) = (e + xr)/k */ ecc_free(&pubkey); if (mp_iszero(s) == LTC_MP_NO) { break; @@ -121,7 +124,7 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, error: ecc_free(&pubkey); errnokey: - mp_clear_multi(r, s, p, e, NULL); + mp_clear_multi(r, s, p, e, b, NULL); return err; } diff --git a/libtomcrypt/src/pk/rsa/rsa_export.c b/libtomcrypt/src/pk/rsa/rsa_export.c index a9885de..efd61d6 100644 --- a/libtomcrypt/src/pk/rsa/rsa_export.c +++ b/libtomcrypt/src/pk/rsa/rsa_export.c @@ -58,7 +58,7 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key unsigned char* tmp = NULL; if (type & PK_STD) { - tmplen = (mp_count_bits(key->N)/8)*2+8; + tmplen = (unsigned long)(mp_count_bits(key->N) / 8) * 2 + 8; tmp = XMALLOC(tmplen); ptmplen = &tmplen; if (tmp == NULL) { diff --git a/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c b/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c index 8e15e06..0546eb0 100644 --- a/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c +++ b/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c @@ -114,7 +114,7 @@ int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, /* check alg oid */ if ((alg_seq[0].size != rsaoid.OIDlen) || - XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0]))) { + XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0])) != 0) { err = CRYPT_PK_INVALID_TYPE; goto LBL_ERR; } diff --git a/libtomcrypt/src/prngs/fortuna.c b/libtomcrypt/src/prngs/fortuna.c index 7b1ecb6..1f07233 100644 --- a/libtomcrypt/src/prngs/fortuna.c +++ b/libtomcrypt/src/prngs/fortuna.c @@ -66,9 +66,9 @@ static int _fortuna_reseed(prng_state *prng) { unsigned char tmp[MAXBLOCKSIZE]; hash_state md; + ulong64 reset_cnt; int err, x; - ++prng->fortuna.reset_cnt; /* new K == LTC_SHA256(K || s) where s == LTC_SHA256(P0) || LTC_SHA256(P1) ... */ sha256_init(&md); @@ -77,8 +77,10 @@ static int _fortuna_reseed(prng_state *prng) return err; } + reset_cnt = prng->fortuna.reset_cnt + 1; + for (x = 0; x < LTC_FORTUNA_POOLS; x++) { - if (x == 0 || ((prng->fortuna.reset_cnt >> (x-1)) & 1) == 0) { + if (x == 0 || ((reset_cnt >> (x-1)) & 1) == 0) { /* terminate this hash */ if ((err = sha256_done(&prng->fortuna.pool[x], tmp)) != CRYPT_OK) { sha256_done(&md, tmp); @@ -108,9 +110,10 @@ static int _fortuna_reseed(prng_state *prng) } _fortuna_update_iv(prng); - /* reset pool len */ + /* reset/update internals */ prng->fortuna.pool0_len = 0; prng->fortuna.wd = 0; + prng->fortuna.reset_cnt = reset_cnt; #ifdef LTC_CLEAN_STACK @@ -122,6 +125,46 @@ static int _fortuna_reseed(prng_state *prng) } /** + "Update Seed File"-compliant update of K + + @param in The PRNG state + @param inlen Size of the state + @param prng The PRNG to import + @return CRYPT_OK if successful +*/ +static int _fortuna_update_seed(const unsigned char *in, unsigned long inlen, prng_state *prng) +{ + int err; + unsigned char tmp[MAXBLOCKSIZE]; + hash_state md; + + LTC_MUTEX_LOCK(&prng->lock); + /* new K = LTC_SHA256(K || in) */ + sha256_init(&md); + if ((err = sha256_process(&md, prng->fortuna.K, 32)) != CRYPT_OK) { + sha256_done(&md, tmp); + goto LBL_UNLOCK; + } + if ((err = sha256_process(&md, in, inlen)) != CRYPT_OK) { + sha256_done(&md, tmp); + goto LBL_UNLOCK; + } + /* finish key */ + if ((err = sha256_done(&md, prng->fortuna.K)) != CRYPT_OK) { + goto LBL_UNLOCK; + } + _fortuna_update_iv(prng); + +LBL_UNLOCK: + LTC_MUTEX_UNLOCK(&prng->lock); +#ifdef LTC_CLEAN_STACK + zeromem(&md, sizeof(md)); +#endif + + return err; +} + +/** Start the PRNG @param prng [out] The PRNG state to initialize @return CRYPT_OK if successful @@ -245,12 +288,17 @@ unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state } /* do we have to reseed? */ - if (++prng->fortuna.wd == LTC_FORTUNA_WD || prng->fortuna.pool0_len >= 64) { + if ((++prng->fortuna.wd == LTC_FORTUNA_WD) && (prng->fortuna.pool0_len >= 64)) { if (_fortuna_reseed(prng) != CRYPT_OK) { goto LBL_UNLOCK; } } + /* ensure that one reseed happened before allowing to read */ + if (prng->fortuna.reset_cnt == 0) { + goto LBL_UNLOCK; + } + /* now generate the blocks required */ tlen = outlen; @@ -404,10 +452,10 @@ LBL_UNLOCK: */ int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prng) { - int err, x; + int err; - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(prng != NULL); + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(prng != NULL); if (inlen < (unsigned long)fortuna_desc.export_size) { return CRYPT_INVALID_ARG; @@ -416,12 +464,12 @@ int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prn if ((err = fortuna_start(prng)) != CRYPT_OK) { return err; } - for (x = 0; x < LTC_FORTUNA_POOLS; x++) { - if ((err = fortuna_add_entropy(in+x*32, 32, prng)) != CRYPT_OK) { - return err; - } + + if ((err = _fortuna_update_seed(in, inlen, prng)) != CRYPT_OK) { + return err; } - return CRYPT_OK; + + return err; } /** diff --git a/libtomcrypt/src/prngs/sober128.c b/libtomcrypt/src/prngs/sober128.c index 8d95491..275920c 100644 --- a/libtomcrypt/src/prngs/sober128.c +++ b/libtomcrypt/src/prngs/sober128.c @@ -189,7 +189,7 @@ int sober128_import(const unsigned char *in, unsigned long inlen, prng_state *pr if (inlen < (unsigned long)sober128_desc.export_size) return CRYPT_INVALID_ARG; if ((err = sober128_start(prng)) != CRYPT_OK) return err; - if ((err = sober128_add_entropy(in, sober128_desc.export_size, prng)) != CRYPT_OK) return err; + if ((err = sober128_add_entropy(in, inlen, prng)) != CRYPT_OK) return err; return CRYPT_OK; } |