From owner-svn-src-projects@freebsd.org Fri Oct 5 16:35:28 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DFE1010B0E81 for ; Fri, 5 Oct 2018 16:35:27 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8044D88071; Fri, 5 Oct 2018 16:35:27 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6D07117C45; Fri, 5 Oct 2018 16:35:27 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w95GZR3o068699; Fri, 5 Oct 2018 16:35:27 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w95GZOaX068686; Fri, 5 Oct 2018 16:35:24 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201810051635.w95GZOaX068686@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Fri, 5 Oct 2018 16:35:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r339198 - in projects/openssl111: crypto/heimdal/kdc crypto/heimdal/lib/gssapi/krb5 crypto/heimdal/lib/gssapi/ntlm crypto/heimdal/lib/hx509 crypto/heimdal/lib/krb5 crypto/heimdal/lib/nt... X-SVN-Group: projects X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in projects/openssl111: crypto/heimdal/kdc crypto/heimdal/lib/gssapi/krb5 crypto/heimdal/lib/gssapi/ntlm crypto/heimdal/lib/hx509 crypto/heimdal/lib/krb5 crypto/heimdal/lib/ntlm crypto/heimdal/lib/rok... X-SVN-Commit-Revision: 339198 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Oct 2018 16:35:28 -0000 Author: jhb Date: Fri Oct 5 16:35:24 2018 New Revision: 339198 URL: https://svnweb.freebsd.org/changeset/base/339198 Log: Update the existing heimdal implementation for OpenSSL 1.1. Existing work is underway to import a newer version of heimdal, but this patchset gets us to a fully working tree to enable more wide spread testing of OpenSSL 1.1 for now. I've also enabled WARNS=1 for kerberos (which is the reason for the change in libroken). Having -Werror enabled was useful during the 1.1 updates and we probably should have warnings enabled by default for kerberos anyway. This passes make tinderbox, and I have also done some very light runtime testing on amd64. Reviewed by: bjk, jkim, emaste Differential Revision: https://reviews.freebsd.org/D17276 Modified: projects/openssl111/crypto/heimdal/kdc/digest.c projects/openssl111/crypto/heimdal/kdc/kx509.c projects/openssl111/crypto/heimdal/kdc/pkinit.c projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c projects/openssl111/crypto/heimdal/lib/hx509/crypto.c projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-aes.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-arcfour.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-des-common.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-des.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-evp.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-rand.c projects/openssl111/crypto/heimdal/lib/krb5/crypto.h projects/openssl111/crypto/heimdal/lib/krb5/pkinit.c projects/openssl111/crypto/heimdal/lib/ntlm/heimntlm-protos.h projects/openssl111/crypto/heimdal/lib/ntlm/ntlm.c projects/openssl111/crypto/heimdal/lib/roken/snprintf.c projects/openssl111/kerberos5/Makefile.inc projects/openssl111/kerberos5/include/crypto-headers.h Modified: projects/openssl111/crypto/heimdal/kdc/digest.c ============================================================================== --- projects/openssl111/crypto/heimdal/kdc/digest.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/kdc/digest.c Fri Oct 5 16:35:24 2018 (r339198) @@ -375,8 +375,8 @@ _kdc_do_digest(krb5_context context, case choice_DigestReqInner_init: { unsigned char server_nonce[16], identifier; - RAND_pseudo_bytes(&identifier, sizeof(identifier)); - RAND_pseudo_bytes(server_nonce, sizeof(server_nonce)); + RAND_bytes(&identifier, sizeof(identifier)); + RAND_bytes(server_nonce, sizeof(server_nonce)); server_nonce[0] = kdc_time & 0xff; server_nonce[1] = (kdc_time >> 8) & 0xff; @@ -1333,7 +1333,7 @@ _kdc_do_digest(krb5_context context, if (ireq.u.ntlmRequest.sessionkey) { unsigned char masterkey[MD4_DIGEST_LENGTH]; - EVP_CIPHER_CTX rc4; + EVP_CIPHER_CTX *rc4; size_t len; if ((flags & NTLM_NEG_KEYEX) == 0) { @@ -1354,12 +1354,18 @@ _kdc_do_digest(krb5_context context, } - EVP_CIPHER_CTX_init(&rc4); - EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1); - EVP_Cipher(&rc4, + rc4 = EVP_CIPHER_CTX_new(); + if (rc4 == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, + "NTLM failed to malloc cipher context"); + goto failed; + } + EVP_CipherInit_ex(rc4, EVP_rc4(), NULL, sessionkey, NULL, 1); + EVP_Cipher(rc4, masterkey, ireq.u.ntlmRequest.sessionkey->data, sizeof(masterkey)); - EVP_CIPHER_CTX_cleanup(&rc4); + EVP_CIPHER_CTX_free(rc4); r.u.ntlmResponse.sessionkey = malloc(sizeof(*r.u.ntlmResponse.sessionkey)); Modified: projects/openssl111/crypto/heimdal/kdc/kx509.c ============================================================================== --- projects/openssl111/crypto/heimdal/kdc/kx509.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/kdc/kx509.c Fri Oct 5 16:35:24 2018 (r339198) @@ -64,7 +64,7 @@ verify_req_hash(krb5_context context, krb5_keyblock *key) { unsigned char digest[SHA_DIGEST_LENGTH]; - HMAC_CTX ctx; + HMAC_CTX *ctx; if (req->pk_hash.length != sizeof(digest)) { krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, @@ -73,16 +73,21 @@ verify_req_hash(krb5_context context, return KRB5KDC_ERR_PREAUTH_FAILED; } - HMAC_CTX_init(&ctx); - HMAC_Init_ex(&ctx, + ctx = HMAC_CTX_new(); + if (ctx == NULL) { + krb5_set_error_message(context, ENOMEM, + "HMAC context malloc failed"); + return ENOMEM; + } + HMAC_Init_ex(ctx, key->keyvalue.data, key->keyvalue.length, EVP_sha1(), NULL); - if (sizeof(digest) != HMAC_size(&ctx)) + if (sizeof(digest) != HMAC_size(ctx)) krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509"); - HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); - HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length); - HMAC_Final(&ctx, digest, 0); - HMAC_CTX_cleanup(&ctx); + HMAC_Update(ctx, version_2_0, sizeof(version_2_0)); + HMAC_Update(ctx, req->pk_key.data, req->pk_key.length); + HMAC_Final(ctx, digest, 0); + HMAC_CTX_free(ctx); if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, @@ -98,35 +103,40 @@ calculate_reply_hash(krb5_context context, Kx509Response *rep) { krb5_error_code ret; - HMAC_CTX ctx; + HMAC_CTX *ctx; - HMAC_CTX_init(&ctx); + ctx = HMAC_CTX_new(); + if (ctx == NULL) { + krb5_set_error_message(context, ENOMEM, + "HMAC context malloc failed"); + return ENOMEM; + } - HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length, + HMAC_Init_ex(ctx, key->keyvalue.data, key->keyvalue.length, EVP_sha1(), NULL); - ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx)); + ret = krb5_data_alloc(rep->hash, HMAC_size(ctx)); if (ret) { - HMAC_CTX_cleanup(&ctx); + HMAC_CTX_free(ctx); krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } - HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); + HMAC_Update(ctx, version_2_0, sizeof(version_2_0)); if (rep->error_code) { int32_t t = *rep->error_code; do { unsigned char p = (t & 0xff); - HMAC_Update(&ctx, &p, 1); + HMAC_Update(ctx, &p, 1); t >>= 8; } while (t); } if (rep->certificate) - HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length); + HMAC_Update(ctx, rep->certificate->data, rep->certificate->length); if (rep->e_text) - HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text)); + HMAC_Update(ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text)); - HMAC_Final(&ctx, rep->hash->data, 0); - HMAC_CTX_cleanup(&ctx); + HMAC_Final(ctx, rep->hash->data, 0); + HMAC_CTX_free(ctx); return 0; } Modified: projects/openssl111/crypto/heimdal/kdc/pkinit.c ============================================================================== --- projects/openssl111/crypto/heimdal/kdc/pkinit.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/kdc/pkinit.c Fri Oct 5 16:35:24 2018 (r339198) @@ -331,6 +331,7 @@ get_dh_param(krb5_context context, { DomainParameters dhparam; DH *dh = NULL; + BIGNUM *p, *q, *g; krb5_error_code ret; memset(&dhparam, 0, sizeof(dhparam)); @@ -375,15 +376,21 @@ get_dh_param(krb5_context context, goto out; } ret = KRB5_BADMSGTYPE; - dh->p = integer_to_BN(context, "DH prime", &dhparam.p); - if (dh->p == NULL) + p = integer_to_BN(context, "DH prime", &dhparam.p); + g = integer_to_BN(context, "DH base", &dhparam.g); + q = integer_to_BN(context, "DH p-1 factor", &dhparam.q); + if (p == NULL || g == NULL || q == NULL) { + BN_free(p); + BN_free(g); + BN_free(q); goto out; - dh->g = integer_to_BN(context, "DH base", &dhparam.g); - if (dh->g == NULL) + } + if (DH_set0_pqg(dh, p, g, q) != 1) { + BN_free(p); + BN_free(g); + BN_free(q); goto out; - dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q); - if (dh->g == NULL) - goto out; + } { heim_integer glue; @@ -895,7 +902,7 @@ out: */ static krb5_error_code -BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) +BN_to_integer(krb5_context context, const BIGNUM *bn, heim_integer *integer) { integer->length = BN_num_bytes(bn); integer->data = malloc(integer->length); @@ -1112,9 +1119,11 @@ pk_mk_pa_reply_dh(krb5_context context, if (cp->keyex == USE_DH) { DH *kdc_dh = cp->u.dh.key; + const BIGNUM *pub_key; heim_integer i; - ret = BN_to_integer(context, kdc_dh->pub_key, &i); + DH_get0_key(kdc_dh, &pub_key, NULL); + ret = BN_to_integer(context, pub_key, &i); if (ret) return ret; Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c Fri Oct 5 16:35:24 2018 (r339198) @@ -173,7 +173,7 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, int32_t seq_number; size_t len, total_len; u_char k6_data[16], *p0, *p; - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); @@ -235,11 +235,17 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4); - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); - EVP_Cipher(&rc4_key, p, p, 8); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + _gsskrb5_release_buffer(minor_status, message_token); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(rc4_key, p, p, 8); + EVP_CIPHER_CTX_free(rc4_key); + memset(k6_data, 0, sizeof(k6_data)); *minor_status = 0; @@ -308,12 +314,16 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, } { - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0); - EVP_Cipher(&rc4_key, SND_SEQ, p, 8); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0); + EVP_Cipher(rc4_key, SND_SEQ, p, 8); + EVP_CIPHER_CTX_free(rc4_key); memset(k6_data, 0, sizeof(k6_data)); } @@ -461,12 +471,17 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, if(conf_req_flag) { - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); - EVP_Cipher(&rc4_key, p0 + 24, p0 + 24, 8 + datalen); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(rc4_key, p0 + 24, p0 + 24, 8 + datalen); + EVP_CIPHER_CTX_free(rc4_key); } memset(k6_data, 0, sizeof(k6_data)); @@ -480,12 +495,17 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, } { - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); - EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8); + EVP_CIPHER_CTX_free(rc4_key); memset(k6_data, 0, sizeof(k6_data)); } @@ -580,12 +600,16 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_stat } { - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); - EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(rc4_key, SND_SEQ, p0 + 8, 8); + EVP_CIPHER_CTX_free(rc4_key); memset(k6_data, 0, sizeof(k6_data)); } @@ -628,13 +652,18 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_stat output_message_buffer->length = datalen; if(conf_flag) { - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); - EVP_Cipher(&rc4_key, Confounder, p0 + 24, 8); - EVP_Cipher(&rc4_key, output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(rc4_key, Confounder, p0 + 24, 8); + EVP_Cipher(rc4_key, output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen); + EVP_CIPHER_CTX_free(rc4_key); } else { memcpy(Confounder, p0 + 24, 8); /* Confounder */ memcpy(output_message_buffer->value, Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c Fri Oct 5 16:35:24 2018 (r339198) @@ -50,7 +50,7 @@ mic_des EVP_MD_CTX *md5; u_char hash[16]; DES_key_schedule schedule; - EVP_CIPHER_CTX des_ctx; + EVP_CIPHER_CTX *des_ctx; DES_cblock deskey; DES_cblock zero; int32_t seq_number; @@ -96,6 +96,17 @@ mic_des &schedule, &zero); memcpy (p - 8, hash, 8); /* SGN_CKSUM */ + des_ctx = EVP_CIPHER_CTX_new(); + if (des_ctx == NULL) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + free (message_token->value); + message_token->value = NULL; + message_token->length = 0; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); /* sequence number */ krb5_auth_con_getlocalseqnumber (context, @@ -111,10 +122,9 @@ mic_des (ctx->more_flags & LOCAL) ? 0 : 0xFF, 4); - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); - EVP_Cipher(&des_ctx, p, p, 8); - EVP_CIPHER_CTX_cleanup(&des_ctx); + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); + EVP_Cipher(des_ctx, p, p, 8); + EVP_CIPHER_CTX_free(des_ctx); krb5_auth_con_setlocalseqnumber (context, ctx->auth_context, Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c Fri Oct 5 16:35:24 2018 (r339198) @@ -50,7 +50,7 @@ unwrap_des size_t len; EVP_MD_CTX *md5; u_char hash[16]; - EVP_CIPHER_CTX des_ctx; + EVP_CIPHER_CTX *des_ctx; DES_key_schedule schedule; DES_cblock deskey; DES_cblock zero; @@ -104,12 +104,17 @@ unwrap_des deskey[i] ^= 0xf0; - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 0); - EVP_Cipher(&des_ctx, p, p, input_message_buffer->length - len); - EVP_CIPHER_CTX_cleanup(&des_ctx); + des_ctx = EVP_CIPHER_CTX_new(); + if (des_ctx == NULL) { + memset (deskey, 0, sizeof(deskey)); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 0); + EVP_Cipher(des_ctx, p, p, input_message_buffer->length - len); + EVP_CIPHER_CTX_free(des_ctx); - memset (&schedule, 0, sizeof(schedule)); + memset (deskey, 0, sizeof(deskey)); } if (IS_DCE_STYLE(context_handle)) { @@ -135,19 +140,29 @@ unwrap_des DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); - if (ct_memcmp (p - 8, hash, 8) != 0) + if (ct_memcmp (p - 8, hash, 8) != 0) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); return GSS_S_BAD_MIC; + } /* verify sequence number */ + des_ctx = EVP_CIPHER_CTX_new(); + if (des_ctx == NULL) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); p -= 16; - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0); - EVP_Cipher(&des_ctx, p, p, 8); - EVP_CIPHER_CTX_cleanup(&des_ctx); + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0); + EVP_Cipher(des_ctx, p, p, 8); + EVP_CIPHER_CTX_free(des_ctx); memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c Fri Oct 5 16:35:24 2018 (r339198) @@ -51,7 +51,7 @@ verify_mic_des EVP_MD_CTX *md5; u_char hash[16], *seq; DES_key_schedule schedule; - EVP_CIPHER_CTX des_ctx; + EVP_CIPHER_CTX *des_ctx; DES_cblock zero; DES_cblock deskey; uint32_t seq_number; @@ -96,14 +96,21 @@ verify_mic_des /* verify sequence number */ + des_ctx = EVP_CIPHER_CTX_new(); + if (des_ctx == NULL) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); p -= 16; - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0); - EVP_Cipher(&des_ctx, p, p, 8); - EVP_CIPHER_CTX_cleanup(&des_ctx); + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0); + EVP_Cipher(des_ctx, p, p, 8); + EVP_CIPHER_CTX_free(des_ctx); memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c Fri Oct 5 16:35:24 2018 (r339198) @@ -211,7 +211,7 @@ wrap_des EVP_MD_CTX *md5; u_char hash[16]; DES_key_schedule schedule; - EVP_CIPHER_CTX des_ctx; + EVP_CIPHER_CTX *des_ctx; DES_cblock deskey; DES_cblock zero; size_t i; @@ -283,6 +283,17 @@ wrap_des &schedule, &zero); memcpy (p - 8, hash, 8); + des_ctx = EVP_CIPHER_CTX_new(); + if (des_ctx == NULL) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + free(output_message_buffer->value); + output_message_buffer->value = NULL; + output_message_buffer->length = 0; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + /* sequence number */ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); krb5_auth_con_getlocalseqnumber (context, @@ -298,10 +309,8 @@ wrap_des (ctx->more_flags & LOCAL) ? 0 : 0xFF, 4); - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); - EVP_Cipher(&des_ctx, p, p, 8); - EVP_CIPHER_CTX_cleanup(&des_ctx); + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); + EVP_Cipher(des_ctx, p, p, 8); krb5_auth_con_setlocalseqnumber (context, ctx->auth_context, @@ -317,11 +326,11 @@ wrap_des for (i = 0; i < sizeof(deskey); ++i) deskey[i] ^= 0xf0; - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1); - EVP_Cipher(&des_ctx, p, p, datalen); - EVP_CIPHER_CTX_cleanup(&des_ctx); + EVP_CIPHER_CTX_reset(des_ctx); + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1); + EVP_Cipher(des_ctx, p, p, datalen); } + EVP_CIPHER_CTX_free(des_ctx); memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); Modified: projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c Fri Oct 5 16:35:24 2018 (r339198) @@ -148,16 +148,18 @@ v2_sign_message(gss_buffer_t in, { unsigned char hmac[16]; unsigned int hmaclen; - HMAC_CTX c; + HMAC_CTX *c; - HMAC_CTX_init(&c); - HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL); + c = HMAC_CTX_new(); + if (c == NULL) + return GSS_S_FAILURE; + HMAC_Init_ex(c, signkey, 16, EVP_md5(), NULL); encode_le_uint32(seq, hmac); - HMAC_Update(&c, hmac, 4); - HMAC_Update(&c, in->value, in->length); - HMAC_Final(&c, hmac, &hmaclen); - HMAC_CTX_cleanup(&c); + HMAC_Update(c, hmac, 4); + HMAC_Update(c, in->value, in->length); + HMAC_Final(c, hmac, &hmaclen); + HMAC_CTX_free(c); encode_le_uint32(1, &out[0]); if (sealkey) Modified: projects/openssl111/crypto/heimdal/lib/hx509/crypto.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/hx509/crypto.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/hx509/crypto.c Fri Oct 5 16:35:24 2018 (r339198) @@ -226,7 +226,8 @@ heim_int2BN(const heim_integer *i) BIGNUM *bn; bn = BN_bin2bn(i->data, i->length, NULL); - BN_set_negative(bn, i->negative); + if (bn != NULL) + BN_set_negative(bn, i->negative); return bn; } @@ -899,12 +900,15 @@ rsa_get_internal(hx509_context context, hx509_private_key key, const char *type) { + const BIGNUM *n; + if (strcasecmp(type, "rsa-modulus") == 0) { - return BN_dup(key->private_key.rsa->n); + RSA_get0_key(key->private_key.rsa, &n, NULL, NULL); } else if (strcasecmp(type, "rsa-exponent") == 0) { - return BN_dup(key->private_key.rsa->e); + RSA_get0_key(key->private_key.rsa, NULL, &n, NULL); } else return NULL; + return BN_dup(n); } @@ -1045,6 +1049,7 @@ dsa_verify_signature(hx509_context context, DSAPublicKey pk; DSAParams param; size_t size; + BIGNUM *key, *p, *q, *g; DSA *dsa; int ret; @@ -1062,16 +1067,25 @@ dsa_verify_signature(hx509_context context, if (ret) goto out; - dsa->pub_key = heim_int2BN(&pk); + key = heim_int2BN(&pk); free_DSAPublicKey(&pk); - if (dsa->pub_key == NULL) { + if (key == NULL) { ret = ENOMEM; hx509_set_error_string(context, 0, ret, "out of memory"); goto out; } + ret = DSA_set0_key(dsa, key, NULL); + + if (ret != 1) { + BN_free(key); + ret = EINVAL; + hx509_set_error_string(context, 0, ret, "failed to set DSA key"); + goto out; + } + if (spi->algorithm.parameters == NULL) { ret = HX509_CRYPTO_SIG_INVALID_FORMAT; hx509_set_error_string(context, 0, ret, "DSA parameters missing"); @@ -1087,18 +1101,32 @@ dsa_verify_signature(hx509_context context, goto out; } - dsa->p = heim_int2BN(¶m.p); - dsa->q = heim_int2BN(¶m.q); - dsa->g = heim_int2BN(¶m.g); + p = heim_int2BN(¶m.p); + q = heim_int2BN(¶m.q); + g = heim_int2BN(¶m.g); free_DSAParams(¶m); - if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { + if (p == NULL || q == NULL || g == NULL) { + BN_free(p); + BN_free(q); + BN_free(g); ret = ENOMEM; hx509_set_error_string(context, 0, ret, "out of memory"); goto out; } + ret = DSA_set0_pqg(dsa, p, q, g); + + if (ret != 1) { + BN_free(p); + BN_free(q); + BN_free(g); + ret = EINVAL; + hx509_set_error_string(context, 0, ret, "failed to set DSA parameters"); + goto out; + } + ret = DSA_verify(-1, data->data, data->length, (unsigned char*)sig->data, sig->length, dsa); @@ -2562,7 +2590,7 @@ hx509_crypto_encrypt(hx509_crypto crypto, const heim_octet_string *ivec, heim_octet_string **ciphertext) { - EVP_CIPHER_CTX evp; + EVP_CIPHER_CTX *evp; size_t padsize, bsize; int ret; @@ -2574,12 +2602,13 @@ hx509_crypto_encrypt(hx509_crypto crypto, assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length); - EVP_CIPHER_CTX_init(&evp); + evp = EVP_CIPHER_CTX_new(); + if (evp == NULL) + return ENOMEM; - ret = EVP_CipherInit_ex(&evp, crypto->c, NULL, + ret = EVP_CipherInit_ex(evp, crypto->c, NULL, crypto->key.data, ivec->data, 1); if (ret != 1) { - EVP_CIPHER_CTX_cleanup(&evp); ret = HX509_CRYPTO_INTERNAL_ERROR; goto out; } @@ -2619,7 +2648,7 @@ hx509_crypto_encrypt(hx509_crypto crypto, *p++ = padsize; } - ret = EVP_Cipher(&evp, (*ciphertext)->data, + ret = EVP_Cipher(evp, (*ciphertext)->data, (*ciphertext)->data, length + padsize); if (ret != 1) { @@ -2638,7 +2667,7 @@ hx509_crypto_encrypt(hx509_crypto crypto, *ciphertext = NULL; } } - EVP_CIPHER_CTX_cleanup(&evp); + EVP_CIPHER_CTX_free(evp); return ret; } @@ -2650,7 +2679,7 @@ hx509_crypto_decrypt(hx509_crypto crypto, heim_octet_string *ivec, heim_octet_string *clear) { - EVP_CIPHER_CTX evp; + EVP_CIPHER_CTX *evp; void *idata = NULL; int ret; @@ -2670,27 +2699,30 @@ hx509_crypto_decrypt(hx509_crypto crypto, if (ivec) idata = ivec->data; - EVP_CIPHER_CTX_init(&evp); + evp = EVP_CIPHER_CTX_new(); + if (evp == NULL) + return ENOMEM; - ret = EVP_CipherInit_ex(&evp, crypto->c, NULL, + ret = EVP_CipherInit_ex(evp, crypto->c, NULL, crypto->key.data, idata, 0); if (ret != 1) { - EVP_CIPHER_CTX_cleanup(&evp); + EVP_CIPHER_CTX_free(evp); return HX509_CRYPTO_INTERNAL_ERROR; } clear->length = length; clear->data = malloc(length); if (clear->data == NULL) { - EVP_CIPHER_CTX_cleanup(&evp); + EVP_CIPHER_CTX_free(evp); clear->length = 0; return ENOMEM; } - if (EVP_Cipher(&evp, clear->data, data, length) != 1) { + if (EVP_Cipher(evp, clear->data, data, length) != 1) { + EVP_CIPHER_CTX_free(evp); return HX509_CRYPTO_INTERNAL_ERROR; } - EVP_CIPHER_CTX_cleanup(&evp); + EVP_CIPHER_CTX_free(evp); if ((crypto->flags & PADDING_PKCS7) && EVP_CIPHER_block_size(crypto->c) > 1) { int padsize; @@ -2949,6 +2981,8 @@ match_keys_rsa(hx509_cert c, hx509_private_key private const SubjectPublicKeyInfo *spi; RSAPublicKey pk; RSA *rsa; + const BIGNUM *d, *p, *q, *dmp1, *dmq1, *iqmp; + BIGNUM *new_d, *new_p, *new_q, *new_dmp1, *new_dmq1, *new_iqmp, *n, *e; size_t size; int ret; @@ -2956,7 +2990,10 @@ match_keys_rsa(hx509_cert c, hx509_private_key private return 0; rsa = private_key->private_key.rsa; - if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL) + RSA_get0_key(rsa, NULL, NULL, &d); + RSA_get0_factors(rsa, &p, &q); + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); + if (d == NULL || p == NULL || q == NULL) return 0; cert = _hx509_get_cert(c); @@ -2973,21 +3010,66 @@ match_keys_rsa(hx509_cert c, hx509_private_key private RSA_free(rsa); return 0; } - rsa->n = heim_int2BN(&pk.modulus); - rsa->e = heim_int2BN(&pk.publicExponent); + n = heim_int2BN(&pk.modulus); + e = heim_int2BN(&pk.publicExponent); free_RSAPublicKey(&pk); - rsa->d = BN_dup(private_key->private_key.rsa->d); - rsa->p = BN_dup(private_key->private_key.rsa->p); - rsa->q = BN_dup(private_key->private_key.rsa->q); - rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1); - rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1); - rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp); + new_d = BN_dup(d); + new_p = BN_dup(p); + new_q = BN_dup(q); + new_dmp1 = BN_dup(dmp1); + new_dmq1 = BN_dup(dmq1); + new_iqmp = BN_dup(iqmp); - if (rsa->n == NULL || rsa->e == NULL || - rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL || - rsa->dmp1 == NULL || rsa->dmq1 == NULL) { + if (n == NULL || e == NULL || + new_d == NULL || new_p == NULL|| new_q == NULL || + new_dmp1 == NULL || new_dmq1 == NULL || new_iqmp == NULL) { + BN_free(n); + BN_free(e); + BN_free(new_d); + BN_free(new_p); + BN_free(new_q); + BN_free(new_dmp1); + BN_free(new_dmq1); + BN_free(new_iqmp); + RSA_free(rsa); + return 0; + } + + ret = RSA_set0_key(rsa, new_d, n, e); + + if (ret != 1) { + BN_free(n); + BN_free(e); + BN_free(new_d); + BN_free(new_p); + BN_free(new_q); + BN_free(new_dmp1); + BN_free(new_dmq1); + BN_free(new_iqmp); + RSA_free(rsa); + return 0; + } + + ret = RSA_set0_factors(rsa, new_p, new_q); + + if (ret != 1) { + BN_free(new_p); + BN_free(new_q); + BN_free(new_dmp1); + BN_free(new_dmq1); + BN_free(new_iqmp); + RSA_free(rsa); + return 0; + } + + ret = RSA_set0_crt_params(rsa, new_dmp1, new_dmq1, new_iqmp); + + if (ret != 1) { + BN_free(new_dmp1); + BN_free(new_dmq1); + BN_free(new_iqmp); RSA_free(rsa); return 0; } Modified: projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c Fri Oct 5 16:35:24 2018 (r339198) @@ -1387,12 +1387,12 @@ info(void *opt, int argc, char **argv) { const RSA_METHOD *m = RSA_get_default_method(); if (m != NULL) - printf("rsa: %s\n", m->name); + printf("rsa: %s\n", RSA_meth_get0_name(m)); } { const DH_METHOD *m = DH_get_default_method(); if (m != NULL) - printf("dh: %s\n", m->name); + printf("dh: %s\n", DH_meth_get0_name(m)); } #ifdef HAVE_OPENSSL { Modified: projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c Fri Oct 5 16:35:24 2018 (r339198) @@ -107,11 +107,18 @@ try_decrypt(hx509_context context, clear.length = len; { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_CipherInit_ex(&ctx, c, NULL, key, ivdata, 0); - EVP_Cipher(&ctx, clear.data, cipher, len); - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX *ctx; + + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + hx509_set_error_string(context, 0, ENOMEM, + "Out of memory to decrypt for private key"); + ret = ENOMEM; + goto out; + } + EVP_CipherInit_ex(ctx, c, NULL, key, ivdata, 0); + EVP_Cipher(ctx, clear.data, cipher, len); + EVP_CIPHER_CTX_free(ctx); } ret = _hx509_collector_private_key_add(context, @@ -122,8 +129,8 @@ try_decrypt(hx509_context context, NULL); memset(clear.data, 0, clear.length); - free(clear.data); out: + free(clear.data); memset(key, 0, keylen); free(key); return ret; Modified: projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c Fri Oct 5 16:35:24 2018 (r339198) @@ -213,22 +213,48 @@ p11_rsa_finish(RSA *rsa) return 1; } -static const RSA_METHOD p11_rsa_pkcs1_method = { - "hx509 PKCS11 PKCS#1 RSA", - p11_rsa_public_encrypt, - p11_rsa_public_decrypt, - p11_rsa_private_encrypt, - p11_rsa_private_decrypt, - NULL, - NULL, - p11_rsa_init, - p11_rsa_finish, - 0, - NULL, - NULL, - NULL -}; +static const RSA_METHOD * +get_p11_rsa_pkcs1_method(void) +{ + static const RSA_METHOD *p11_rsa_pkcs1_method; + RSA_METHOD *new_method; + if (p11_rsa_pkcs1_method != NULL) + return p11_rsa_pkcs1_method; + + new_method = RSA_meth_new("hx509 PKCS11 PKCS#1 RSA", 0); + if (new_method == NULL) + return NULL; + + if (RSA_meth_set_pub_enc(new_method, p11_rsa_public_encrypt) != 1) + goto out; + + if (RSA_meth_set_pub_dec(new_method, p11_rsa_public_decrypt) != 1) + goto out; + + if (RSA_meth_set_priv_enc(new_method, p11_rsa_private_encrypt) != 1) + goto out; + + if (RSA_meth_set_priv_dec(new_method, p11_rsa_private_decrypt) != 1) + goto out; + + if (RSA_meth_set_init(new_method, p11_rsa_init) != 1) + goto out; + + if (RSA_meth_set_finish(new_method, p11_rsa_finish) != 1) + goto out; + + /* + * This might overwrite a previously-created method if multiple + * threads invoke this concurrently which will leak memory. + */ + p11_rsa_pkcs1_method = new_method; + return p11_rsa_pkcs1_method; +out: + RSA_meth_free(new_method); + return NULL; +} + /* * */ @@ -607,6 +633,8 @@ collect_private_key(hx509_context context, hx509_private_key key; heim_octet_string localKeyId; int ret; + const RSA_METHOD *meth; + BIGNUM *n, *e; RSA *rsa; struct p11_rsa *p11rsa; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***