Hi! On 05/26/2015 07:27 PM, Adam D. Barratt wrote: > Feel free to send a new diff for consideration, yes. (Bearing in mind > that the window for 8.1 closes over the coming weekend.)
Diff is attached. If you are ok with it, I will upload tomorrow. > > #786907 should be marked as fixed in whichever version it's, well, fixed > in. :-) > Mentioned in d/changelog. > Regards, > > Adam Greetings Peter
diff -Nru libvncserver-0.9.9+dfsg/common/sha1.c libvncserver-0.9.9+dfsg/common/sha1.c --- libvncserver-0.9.9+dfsg/common/sha1.c 2012-05-04 16:19:00.000000000 +0200 +++ libvncserver-0.9.9+dfsg/common/sha1.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,411 +0,0 @@ -/* - * Copyright (C) The Internet Society (2001). All Rights Reserved. - * - * This document and translations of it may be copied and furnished to - * others, and derivative works that comment on or otherwise explain it - * or assist in its implementation may be prepared, copied, published - * and distributed, in whole or in part, without restriction of any - * kind, provided that the above copyright notice and this paragraph are - * included on all such copies and derivative works. However, this - * document itself may not be modified in any way, such as by removing - * the copyright notice or references to the Internet Society or other - * Internet organizations, except as needed for the purpose of - * developing Internet standards in which case the procedures for - * copyrights defined in the Internet Standards process must be - * followed, or as required to translate it into languages other than - * English. - * - * The limited permissions granted above are perpetual and will not be - * revoked by the Internet Society or its successors or assigns. - * - * This document and the information contained herein is provided on an - * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - */ - -/* - * sha1.c - * - * Description: - * This file implements the Secure Hashing Algorithm 1 as - * defined in FIPS PUB 180-1 published April 17, 1995. - * - * The SHA-1, produces a 160-bit message digest for a given - * data stream. It should take about 2**n steps to find a - * message with the same digest as a given message and - * 2**(n/2) to find any two messages with the same digest, - * when n is the digest size in bits. Therefore, this - * algorithm can serve as a means of providing a - * "fingerprint" for a message. - * - * Portability Issues: - * SHA-1 is defined in terms of 32-bit "words". This code - * uses <stdint.h> (included via "sha1.h" to define 32 and 8 - * bit unsigned integer types. If your C compiler does not - * support 32 bit unsigned integers, this code is not - * appropriate. - * - * Caveats: - * SHA-1 is designed to work with messages less than 2^64 bits - * long. Although SHA-1 allows a message digest to be generated - * for messages of any number of bits less than 2^64, this - * implementation only works with messages with a length that is - * a multiple of the size of an 8-bit character. - * - */ - -#include "sha1.h" - -/* - * Define the SHA1 circular left shift macro - */ -#define SHA1CircularShift(bits,word) \ - (((word) << (bits)) | ((word) >> (32-(bits)))) - -/* Local Function Prototyptes */ -void SHA1PadMessage(SHA1Context *); -void SHA1ProcessMessageBlock(SHA1Context *); - -/* - * SHA1Reset - * - * Description: - * This function will initialize the SHA1Context in preparation - * for computing a new SHA1 message digest. - * - * Parameters: - * context: [in/out] - * The context to reset. - * - * Returns: - * sha Error Code. - * - */ -int SHA1Reset(SHA1Context *context) -{ - if (!context) - { - return shaNull; - } - - context->Length_Low = 0; - context->Length_High = 0; - context->Message_Block_Index = 0; - - context->Intermediate_Hash[0] = 0x67452301; - context->Intermediate_Hash[1] = 0xEFCDAB89; - context->Intermediate_Hash[2] = 0x98BADCFE; - context->Intermediate_Hash[3] = 0x10325476; - context->Intermediate_Hash[4] = 0xC3D2E1F0; - - context->Computed = 0; - context->Corrupted = 0; - return shaSuccess; -} - -/* - * SHA1Result - * - * Description: - * This function will return the 160-bit message digest into the - * Message_Digest array provided by the caller. - * NOTE: The first octet of hash is stored in the 0th element, - * the last octet of hash in the 19th element. - * - * Parameters: - * context: [in/out] - * The context to use to calculate the SHA-1 hash. - * Message_Digest: [out] - * Where the digest is returned. - * - * Returns: - * sha Error Code. - * - */ -int SHA1Result( SHA1Context *context, - uint8_t Message_Digest[SHA1HashSize]) -{ - int i; - - if (!context || !Message_Digest) - { - return shaNull; - } - - if (context->Corrupted) - { - return context->Corrupted; - } - - if (!context->Computed) - { - SHA1PadMessage(context); - for(i=0; i<64; ++i) - { - /* message may be sensitive, clear it out */ - context->Message_Block[i] = 0; - } - context->Length_Low = 0; /* and clear length */ - context->Length_High = 0; - context->Computed = 1; - } - - for(i = 0; i < SHA1HashSize; ++i) - { - Message_Digest[i] = context->Intermediate_Hash[i>>2] - >> 8 * ( 3 - ( i & 0x03 ) ); - } - - return shaSuccess; -} - -/* - * SHA1Input - * - * Description: - * This function accepts an array of octets as the next portion - * of the message. - * - * Parameters: - * context: [in/out] - * The SHA context to update - * message_array: [in] - * An array of characters representing the next portion of - * the message. - * length: [in] - * The length of the message in message_array - * - * Returns: - * sha Error Code. - * - */ -int SHA1Input( SHA1Context *context, - const uint8_t *message_array, - unsigned length) -{ - if (!length) - { - return shaSuccess; - } - - if (!context || !message_array) - { - return shaNull; - } - - if (context->Computed) - { - context->Corrupted = shaStateError; - return shaStateError; - } - - if (context->Corrupted) - { - return context->Corrupted; - } - while(length-- && !context->Corrupted) - { - context->Message_Block[context->Message_Block_Index++] = - (*message_array & 0xFF); - - context->Length_Low += 8; - if (context->Length_Low == 0) - { - context->Length_High++; - if (context->Length_High == 0) - { - /* Message is too long */ - context->Corrupted = 1; - } - } - - if (context->Message_Block_Index == 64) - { - SHA1ProcessMessageBlock(context); - } - - message_array++; - } - - return shaSuccess; -} - -/* - * SHA1ProcessMessageBlock - * - * Description: - * This function will process the next 512 bits of the message - * stored in the Message_Block array. - * - * Parameters: - * None. - * - * Returns: - * Nothing. - * - * Comments: - * Many of the variable names in this code, especially the - * single character names, were used because those were the - * names used in the publication. - * - * - */ -void SHA1ProcessMessageBlock(SHA1Context *context) -{ - const uint32_t K[] = { /* Constants defined in SHA-1 */ - 0x5A827999, - 0x6ED9EBA1, - 0x8F1BBCDC, - 0xCA62C1D6 - }; - int t; /* Loop counter */ - uint32_t temp; /* Temporary word value */ - uint32_t W[80]; /* Word sequence */ - uint32_t A, B, C, D, E; /* Word buffers */ - - /* - * Initialize the first 16 words in the array W - */ - for(t = 0; t < 16; t++) - { - W[t] = context->Message_Block[t * 4] << 24; - W[t] |= context->Message_Block[t * 4 + 1] << 16; - W[t] |= context->Message_Block[t * 4 + 2] << 8; - W[t] |= context->Message_Block[t * 4 + 3]; - } - - for(t = 16; t < 80; t++) - { - W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]); - } - - A = context->Intermediate_Hash[0]; - B = context->Intermediate_Hash[1]; - C = context->Intermediate_Hash[2]; - D = context->Intermediate_Hash[3]; - E = context->Intermediate_Hash[4]; - - for(t = 0; t < 20; t++) - { - temp = SHA1CircularShift(5,A) + - ((B & C) | ((~B) & D)) + E + W[t] + K[0]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - for(t = 20; t < 40; t++) - { - temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - for(t = 40; t < 60; t++) - { - temp = SHA1CircularShift(5,A) + - ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - for(t = 60; t < 80; t++) - { - temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - context->Intermediate_Hash[0] += A; - context->Intermediate_Hash[1] += B; - context->Intermediate_Hash[2] += C; - context->Intermediate_Hash[3] += D; - context->Intermediate_Hash[4] += E; - - context->Message_Block_Index = 0; -} - - -/* - * SHA1PadMessage - * - * Description: - * According to the standard, the message must be padded to an even - * 512 bits. The first padding bit must be a '1'. The last 64 - * bits represent the length of the original message. All bits in - * between should be 0. This function will pad the message - * according to those rules by filling the Message_Block array - * accordingly. It will also call the ProcessMessageBlock function - * provided appropriately. When it returns, it can be assumed that - * the message digest has been computed. - * - * Parameters: - * context: [in/out] - * The context to pad - * ProcessMessageBlock: [in] - * The appropriate SHA*ProcessMessageBlock function - * Returns: - * Nothing. - * - */ - -void SHA1PadMessage(SHA1Context *context) -{ - /* - * Check to see if the current message block is too small to hold - * the initial padding bits and length. If so, we will pad the - * block, process it, and then continue padding into a second - * block. - */ - if (context->Message_Block_Index > 55) - { - context->Message_Block[context->Message_Block_Index++] = 0x80; - while(context->Message_Block_Index < 64) - { - context->Message_Block[context->Message_Block_Index++] = 0; - } - - SHA1ProcessMessageBlock(context); - - while(context->Message_Block_Index < 56) - { - context->Message_Block[context->Message_Block_Index++] = 0; - } - } - else - { - context->Message_Block[context->Message_Block_Index++] = 0x80; - while(context->Message_Block_Index < 56) - { - context->Message_Block[context->Message_Block_Index++] = 0; - } - } - - /* - * Store the message length as the last 8 octets - */ - context->Message_Block[56] = context->Length_High >> 24; - context->Message_Block[57] = context->Length_High >> 16; - context->Message_Block[58] = context->Length_High >> 8; - context->Message_Block[59] = context->Length_High; - context->Message_Block[60] = context->Length_Low >> 24; - context->Message_Block[61] = context->Length_Low >> 16; - context->Message_Block[62] = context->Length_Low >> 8; - context->Message_Block[63] = context->Length_Low; - - SHA1ProcessMessageBlock(context); -} diff -Nru libvncserver-0.9.9+dfsg/common/sha1.h libvncserver-0.9.9+dfsg/common/sha1.h --- libvncserver-0.9.9+dfsg/common/sha1.h 2012-05-04 16:19:00.000000000 +0200 +++ libvncserver-0.9.9+dfsg/common/sha1.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,101 +0,0 @@ -/* - * Copyright (C) The Internet Society (2001). All Rights Reserved. - * - * This document and translations of it may be copied and furnished to - * others, and derivative works that comment on or otherwise explain it - * or assist in its implementation may be prepared, copied, published - * and distributed, in whole or in part, without restriction of any - * kind, provided that the above copyright notice and this paragraph are - * included on all such copies and derivative works. However, this - * document itself may not be modified in any way, such as by removing - * the copyright notice or references to the Internet Society or other - * Internet organizations, except as needed for the purpose of - * developing Internet standards in which case the procedures for - * copyrights defined in the Internet Standards process must be - * followed, or as required to translate it into languages other than - * English. - * - * The limited permissions granted above are perpetual and will not be - * revoked by the Internet Society or its successors or assigns. - * - * This document and the information contained herein is provided on an - * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - */ - -/* - * sha1.h - * - * Description: - * This is the header file for code which implements the Secure - * Hashing Algorithm 1 as defined in FIPS PUB 180-1 published - * April 17, 1995. - * - * Many of the variable names in this code, especially the - * single character names, were used because those were the names - * used in the publication. - * - * Please read the file sha1.c for more information. - * - */ - - -#ifndef _SHA1_H_ -#define _SHA1_H_ - -#include <stdint.h> -/* - * If you do not have the ISO standard stdint.h header file, then you - * must typdef the following: - * name meaning - * uint32_t unsigned 32 bit integer - * uint8_t unsigned 8 bit integer (i.e., unsigned char) - * int_least16_t integer of >= 16 bits - * - */ - -#ifndef _SHA_enum_ -#define _SHA_enum_ -enum -{ - shaSuccess = 0, - shaNull, /* Null pointer parameter */ - shaInputTooLong, /* input data too long */ - shaStateError /* called Input after Result */ -}; -#endif -#define SHA1HashSize 20 - -/* - * This structure will hold context information for the SHA-1 - * hashing operation - */ -typedef struct SHA1Context -{ - uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */ - - uint32_t Length_Low; /* Message length in bits */ - uint32_t Length_High; /* Message length in bits */ - - /* Index into message block array */ - int_least16_t Message_Block_Index; - uint8_t Message_Block[64]; /* 512-bit message blocks */ - - int Computed; /* Is the digest computed? */ - int Corrupted; /* Is the message digest corrupted? */ -} SHA1Context; - -/* - * Function Prototypes - */ -int SHA1Reset( SHA1Context *); -int SHA1Input( SHA1Context *, - const uint8_t *, - unsigned int); -int SHA1Result( SHA1Context *, - uint8_t Message_Digest[SHA1HashSize]); - -#endif diff -Nru libvncserver-0.9.9+dfsg/debian/changelog libvncserver-0.9.9+dfsg/debian/changelog --- libvncserver-0.9.9+dfsg/debian/changelog 2014-11-23 16:19:53.000000000 +0100 +++ libvncserver-0.9.9+dfsg/debian/changelog 2015-05-26 21:24:58.000000000 +0200 @@ -1,3 +1,11 @@ +libvncserver (0.9.9+dfsg-6.1+deb8u1) stable; urgency=medium + + * added patch for libgcrypt init before use (Closes: #782570) + * replaced non-free sha1 implementation (Closes: #786907) + * new maintainer due to package adoption + + -- Peter Spiess-Knafl <d...@spiessknafl.at> Tue, 26 May 2015 17:13:22 +0200 + libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru libvncserver-0.9.9+dfsg/debian/control libvncserver-0.9.9+dfsg/debian/control --- libvncserver-0.9.9+dfsg/debian/control 2014-08-12 16:01:45.000000000 +0200 +++ libvncserver-0.9.9+dfsg/debian/control 2015-05-26 21:24:58.000000000 +0200 @@ -1,7 +1,7 @@ Source: libvncserver Section: libs Priority: optional -Maintainer: Luca Falavigna <dktrkr...@debian.org> +Maintainer: Peter Spiess-Knafl <d...@spiessknafl.at> Build-Depends: debhelper (>= 9), dh-autoreconf, libgnutls28-dev, diff -Nru libvncserver-0.9.9+dfsg/debian/copyright libvncserver-0.9.9+dfsg/debian/copyright --- libvncserver-0.9.9+dfsg/debian/copyright 2014-08-11 00:26:20.000000000 +0200 +++ libvncserver-0.9.9+dfsg/debian/copyright 2015-05-26 21:24:58.000000000 +0200 @@ -33,9 +33,9 @@ Copyright: 1995-2005, The Free Software Foundation License: LGPL-2.1+ -Files: common/sha1.* -Copyright: 2001, The Internet Society -License: ISC +Files: common/sha.h common/sha-private.h common/sha1.c +Copyright: 2011, Internet Engineering Task Force +License: BSD-3 Files: common/turbojpeg.* Copyright: 2009-2012, D. R. Commander @@ -132,29 +132,6 @@ On Debian systems, the complete text of the GNU Lesser General Public License version 2.1 can be found in "/usr/share/common-licenses/LGPL-2.1". -License: ISC - This document and translations of it may be copied and furnished to others, - and derivative works that comment on or otherwise explain it or assist in - its implementation may be prepared, copied, published and distributed, in - whole or in part, without restriction of any kind, provided that the above - copyright notice and this paragraph are included on all such copies and - derivative works. However, this document itself may not be modified in any - way, such as by removing the copyright notice or references to the Internet - Society or other Internet organizations, except as needed for the purpose of - developing Internet standards in which case the procedures for copyrights - defined in the Internet Standards process must be followed, or as required - to translate it into languages other than English. - . - The limited permissions granted above are perpetual and will not be revoked - by the Internet Society or its successors or assigns. - . - This document and the information contained herein is provided on an "AS IS" - basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE - DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO - ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY - RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A - PARTICULAR PURPOSE. - License: BSD-3 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions diff -Nru libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch --- libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch 2015-05-26 21:24:58.000000000 +0200 @@ -0,0 +1,29 @@ +From: Peter Spiess-Knafl <p...@autistici.org> +Date: Wed, 4 Feb 2015 13:20:39 +0100 +Subject: init libgcrypt before use + +--- + libvncclient/rfbproto.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c +index f653850..aa74c23 100644 +--- a/libvncclient/rfbproto.c ++++ b/libvncclient/rfbproto.c +@@ -857,6 +857,16 @@ HandleARDAuth(rfbClient *client) + rfbCredential *cred = NULL; + rfbBool result = FALSE; + ++ if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) ++ { ++ /* Application did not initialize gcrypt, so we should */ ++ if (!gcry_check_version(GCRYPT_VERSION)) ++ { ++ /* Older version of libgcrypt is installed on system than compiled against */ ++ rfbClientLog("libgcrypt version mismatch.\n"); ++ } ++ } ++ + while (1) + { + if (!ReadFromRFBServer(client, (char *)gen, 2)) diff -Nru libvncserver-0.9.9+dfsg/debian/patches/0005-adding-free-sha1-implementation.patch libvncserver-0.9.9+dfsg/debian/patches/0005-adding-free-sha1-implementation.patch --- libvncserver-0.9.9+dfsg/debian/patches/0005-adding-free-sha1-implementation.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvncserver-0.9.9+dfsg/debian/patches/0005-adding-free-sha1-implementation.patch 2015-05-26 21:24:58.000000000 +0200 @@ -0,0 +1,860 @@ +From: Peter Spiess-Knafl <p...@autistici.org> +Date: Wed, 4 Feb 2015 18:09:32 +0100 +Subject: adding free sha1 implementation + +--- + common/sha-private.h | 29 +++ + common/sha.h | 358 ++++++++++++++++++++++++++++++++ + common/sha1.c | 414 ++++++++++++++++++++++++++++++++++++++ + libvncserver/Makefile.am | 2 +- + libvncserver/rfbcrypto_included.c | 2 +- + 5 files changed, 803 insertions(+), 2 deletions(-) + create mode 100644 common/sha-private.h + create mode 100644 common/sha.h + create mode 100644 common/sha1.c + +diff --git a/common/sha-private.h b/common/sha-private.h +new file mode 100644 +index 0000000..9ccc8dd +--- /dev/null ++++ b/common/sha-private.h +@@ -0,0 +1,29 @@ ++/************************ sha-private.h ************************/ ++/***************** See RFC 6234 for details. *******************/ ++#ifndef _SHA_PRIVATE__H ++#define _SHA_PRIVATE__H ++/* ++ * These definitions are defined in FIPS 180-3, section 4.1. ++ * Ch() and Maj() are defined identically in sections 4.1.1, ++ * 4.1.2, and 4.1.3. ++ * ++ * The definitions used in FIPS 180-3 are as follows: ++ */ ++ ++#ifndef USE_MODIFIED_MACROS ++#define SHA_Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) ++#define SHA_Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) ++#else /* USE_MODIFIED_MACROS */ ++/* ++ * The following definitions are equivalent and potentially faster. ++ */ ++ ++#define SHA_Ch(x, y, z) (((x) & ((y) ^ (z))) ^ (z)) ++#define SHA_Maj(x, y, z) (((x) & ((y) | (z))) | ((y) & (z))) ++ ++#endif /* USE_MODIFIED_MACROS */ ++ ++#define SHA_Parity(x, y, z) ((x) ^ (y) ^ (z)) ++ ++#endif /* _SHA_PRIVATE__H */ ++ +diff --git a/common/sha.h b/common/sha.h +new file mode 100644 +index 0000000..276c368 +--- /dev/null ++++ b/common/sha.h +@@ -0,0 +1,358 @@ ++/**************************** sha.h ****************************/ ++/***************** See RFC 6234 for details. *******************/ ++/* ++ Copyright (c) 2011 IETF Trust and the persons identified as ++ authors of the code. All rights reserved. ++ ++ Redistribution and use in source and binary forms, with or ++ without modification, are permitted provided that the following ++ conditions are met: ++ ++ - Redistributions of source code must retain the above ++ copyright notice, this list of conditions and ++ the following disclaimer. ++ ++ - Redistributions in binary form must reproduce the above ++ copyright notice, this list of conditions and the following ++ disclaimer in the documentation and/or other materials provided ++ with the distribution. ++ ++ - Neither the name of Internet Society, IETF or IETF Trust, nor ++ the names of specific contributors, may be used to endorse or ++ promote products derived from this software without specific ++ prior written permission. ++ ++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND ++ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, ++ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ++ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR ++ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ++ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR ++ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, ++ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++*/ ++#ifndef _SHA_H_ ++#define _SHA_H_ ++ ++/* ++ * Description: ++ * This file implements the Secure Hash Algorithms ++ * as defined in the U.S. National Institute of Standards ++ * and Technology Federal Information Processing Standards ++ * Publication (FIPS PUB) 180-3 published in October 2008 ++ * and formerly defined in its predecessors, FIPS PUB 180-1 ++ * and FIP PUB 180-2. ++ * ++ * A combined document showing all algorithms is available at ++ * http://csrc.nist.gov/publications/fips/ ++ * fips180-3/fips180-3_final.pdf ++ * ++ * The five hashes are defined in these sizes: ++ * SHA-1 20 byte / 160 bit ++ * SHA-224 28 byte / 224 bit ++ * SHA-256 32 byte / 256 bit ++ * SHA-384 48 byte / 384 bit ++ * SHA-512 64 byte / 512 bit ++ * ++ * Compilation Note: ++ * These files may be compiled with two options: ++ * USE_32BIT_ONLY - use 32-bit arithmetic only, for systems ++ * without 64-bit integers ++ * ++ * USE_MODIFIED_MACROS - use alternate form of the SHA_Ch() ++ * and SHA_Maj() macros that are equivalent ++ * and potentially faster on many systems ++ * ++ */ ++ ++#include <stdint.h> ++/* ++ * If you do not have the ISO standard stdint.h header file, then you ++ * must typedef the following: ++ * name meaning ++ * uint64_t unsigned 64-bit integer ++ * uint32_t unsigned 32-bit integer ++ * uint8_t unsigned 8-bit integer (i.e., unsigned char) ++ * int_least16_t integer of >= 16 bits ++ * ++ * See stdint-example.h ++ */ ++ ++#ifndef _SHA_enum_ ++#define _SHA_enum_ ++/* ++ * All SHA functions return one of these values. ++ */ ++enum { ++ shaSuccess = 0, ++ shaNull, /* Null pointer parameter */ ++ shaInputTooLong, /* input data too long */ ++ shaStateError, /* called Input after FinalBits or Result */ ++ shaBadParam /* passed a bad parameter */ ++}; ++#endif /* _SHA_enum_ */ ++ ++/* ++ * These constants hold size information for each of the SHA ++ * hashing operations ++ */ ++enum { ++ SHA1_Message_Block_Size = 64, SHA224_Message_Block_Size = 64, ++ SHA256_Message_Block_Size = 64, SHA384_Message_Block_Size = 128, ++ SHA512_Message_Block_Size = 128, ++ USHA_Max_Message_Block_Size = SHA512_Message_Block_Size, ++ ++ SHA1HashSize = 20, SHA224HashSize = 28, SHA256HashSize = 32, ++ SHA384HashSize = 48, SHA512HashSize = 64, ++ USHAMaxHashSize = SHA512HashSize, ++ ++ SHA1HashSizeBits = 160, SHA224HashSizeBits = 224, ++ SHA256HashSizeBits = 256, SHA384HashSizeBits = 384, ++ SHA512HashSizeBits = 512, USHAMaxHashSizeBits = SHA512HashSizeBits ++}; ++ ++/* ++ * These constants are used in the USHA (Unified SHA) functions. ++ */ ++typedef enum SHAversion { ++ SHA1, SHA224, SHA256, SHA384, SHA512 ++} SHAversion; ++ ++/* ++ * This structure will hold context information for the SHA-1 ++ * hashing operation. ++ */ ++typedef struct SHA1Context { ++ uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */ ++ ++ uint32_t Length_High; /* Message length in bits */ ++ uint32_t Length_Low; /* Message length in bits */ ++ ++ int_least16_t Message_Block_Index; /* Message_Block array index */ ++ /* 512-bit message blocks */ ++ uint8_t Message_Block[SHA1_Message_Block_Size]; ++ ++ int Computed; /* Is the hash computed? */ ++ int Corrupted; /* Cumulative corruption code */ ++} SHA1Context; ++ ++/* ++ * This structure will hold context information for the SHA-256 ++ * hashing operation. ++ */ ++typedef struct SHA256Context { ++ uint32_t Intermediate_Hash[SHA256HashSize/4]; /* Message Digest */ ++ ++ uint32_t Length_High; /* Message length in bits */ ++ uint32_t Length_Low; /* Message length in bits */ ++ ++ int_least16_t Message_Block_Index; /* Message_Block array index */ ++ /* 512-bit message blocks */ ++ uint8_t Message_Block[SHA256_Message_Block_Size]; ++ ++ int Computed; /* Is the hash computed? */ ++ int Corrupted; /* Cumulative corruption code */ ++} SHA256Context; ++ ++/* ++ * This structure will hold context information for the SHA-512 ++ * hashing operation. ++ */ ++typedef struct SHA512Context { ++#ifdef USE_32BIT_ONLY ++ uint32_t Intermediate_Hash[SHA512HashSize/4]; /* Message Digest */ ++ uint32_t Length[4]; /* Message length in bits */ ++#else /* !USE_32BIT_ONLY */ ++ uint64_t Intermediate_Hash[SHA512HashSize/8]; /* Message Digest */ ++ uint64_t Length_High, Length_Low; /* Message length in bits */ ++#endif /* USE_32BIT_ONLY */ ++ ++ int_least16_t Message_Block_Index; /* Message_Block array index */ ++ /* 1024-bit message blocks */ ++ uint8_t Message_Block[SHA512_Message_Block_Size]; ++ ++ int Computed; /* Is the hash computed?*/ ++ int Corrupted; /* Cumulative corruption code */ ++} SHA512Context; ++ ++/* ++ * This structure will hold context information for the SHA-224 ++ * hashing operation. It uses the SHA-256 structure for computation. ++ */ ++typedef struct SHA256Context SHA224Context; ++ ++/* ++ * This structure will hold context information for the SHA-384 ++ * hashing operation. It uses the SHA-512 structure for computation. ++ */ ++typedef struct SHA512Context SHA384Context; ++ ++/* ++ * This structure holds context information for all SHA ++ * hashing operations. ++ */ ++typedef struct USHAContext { ++ int whichSha; /* which SHA is being used */ ++ union { ++ SHA1Context sha1Context; ++ SHA224Context sha224Context; SHA256Context sha256Context; ++ SHA384Context sha384Context; SHA512Context sha512Context; ++ } ctx; ++ ++} USHAContext; ++ ++/* ++ * This structure will hold context information for the HMAC ++ * keyed-hashing operation. ++ */ ++typedef struct HMACContext { ++ int whichSha; /* which SHA is being used */ ++ int hashSize; /* hash size of SHA being used */ ++ int blockSize; /* block size of SHA being used */ ++ USHAContext shaContext; /* SHA context */ ++ unsigned char k_opad[USHA_Max_Message_Block_Size]; ++ /* outer padding - key XORd with opad */ ++ int Computed; /* Is the MAC computed? */ ++ int Corrupted; /* Cumulative corruption code */ ++ ++} HMACContext; ++ ++/* ++ * This structure will hold context information for the HKDF ++ * extract-and-expand Key Derivation Functions. ++ */ ++typedef struct HKDFContext { ++ int whichSha; /* which SHA is being used */ ++ HMACContext hmacContext; ++ int hashSize; /* hash size of SHA being used */ ++ unsigned char prk[USHAMaxHashSize]; ++ /* pseudo-random key - output of hkdfInput */ ++ int Computed; /* Is the key material computed? */ ++ int Corrupted; /* Cumulative corruption code */ ++} HKDFContext; ++ ++/* ++ * Function Prototypes ++ */ ++ ++/* SHA-1 */ ++extern int SHA1Reset(SHA1Context *); ++extern int SHA1Input(SHA1Context *, const uint8_t *bytes, ++ unsigned int bytecount); ++extern int SHA1FinalBits(SHA1Context *, uint8_t bits, ++ unsigned int bit_count); ++extern int SHA1Result(SHA1Context *, ++ uint8_t Message_Digest[SHA1HashSize]); ++ ++/* SHA-224 */ ++extern int SHA224Reset(SHA224Context *); ++extern int SHA224Input(SHA224Context *, const uint8_t *bytes, ++ unsigned int bytecount); ++extern int SHA224FinalBits(SHA224Context *, uint8_t bits, ++ unsigned int bit_count); ++extern int SHA224Result(SHA224Context *, ++ uint8_t Message_Digest[SHA224HashSize]); ++ ++/* SHA-256 */ ++extern int SHA256Reset(SHA256Context *); ++extern int SHA256Input(SHA256Context *, const uint8_t *bytes, ++ unsigned int bytecount); ++extern int SHA256FinalBits(SHA256Context *, uint8_t bits, ++ unsigned int bit_count); ++extern int SHA256Result(SHA256Context *, ++ uint8_t Message_Digest[SHA256HashSize]); ++ ++/* SHA-384 */ ++extern int SHA384Reset(SHA384Context *); ++extern int SHA384Input(SHA384Context *, const uint8_t *bytes, ++ unsigned int bytecount); ++extern int SHA384FinalBits(SHA384Context *, uint8_t bits, ++ unsigned int bit_count); ++extern int SHA384Result(SHA384Context *, ++ uint8_t Message_Digest[SHA384HashSize]); ++ ++/* SHA-512 */ ++extern int SHA512Reset(SHA512Context *); ++extern int SHA512Input(SHA512Context *, const uint8_t *bytes, ++ unsigned int bytecount); ++extern int SHA512FinalBits(SHA512Context *, uint8_t bits, ++ unsigned int bit_count); ++extern int SHA512Result(SHA512Context *, ++ uint8_t Message_Digest[SHA512HashSize]); ++ ++/* Unified SHA functions, chosen by whichSha */ ++extern int USHAReset(USHAContext *context, SHAversion whichSha); ++extern int USHAInput(USHAContext *context, ++ const uint8_t *bytes, unsigned int bytecount); ++extern int USHAFinalBits(USHAContext *context, ++ uint8_t bits, unsigned int bit_count); ++extern int USHAResult(USHAContext *context, ++ uint8_t Message_Digest[USHAMaxHashSize]); ++extern int USHABlockSize(enum SHAversion whichSha); ++extern int USHAHashSize(enum SHAversion whichSha); ++extern int USHAHashSizeBits(enum SHAversion whichSha); ++extern const char *USHAHashName(enum SHAversion whichSha); ++ ++/* ++ * HMAC Keyed-Hashing for Message Authentication, RFC 2104, ++ * for all SHAs. ++ * This interface allows a fixed-length text input to be used. ++ */ ++extern int hmac(SHAversion whichSha, /* which SHA algorithm to use */ ++ const unsigned char *text, /* pointer to data stream */ ++ int text_len, /* length of data stream */ ++ const unsigned char *key, /* pointer to authentication key */ ++ int key_len, /* length of authentication key */ ++ uint8_t digest[USHAMaxHashSize]); /* caller digest to fill in */ ++ ++/* ++ * HMAC Keyed-Hashing for Message Authentication, RFC 2104, ++ * for all SHAs. ++ * This interface allows any length of text input to be used. ++ */ ++extern int hmacReset(HMACContext *context, enum SHAversion whichSha, ++ const unsigned char *key, int key_len); ++extern int hmacInput(HMACContext *context, const unsigned char *text, ++ int text_len); ++extern int hmacFinalBits(HMACContext *context, uint8_t bits, ++ unsigned int bit_count); ++extern int hmacResult(HMACContext *context, ++ uint8_t digest[USHAMaxHashSize]); ++ ++/* ++ * HKDF HMAC-based Extract-and-Expand Key Derivation Function, ++ * RFC 5869, for all SHAs. ++ */ ++extern int hkdf(SHAversion whichSha, const unsigned char *salt, ++ int salt_len, const unsigned char *ikm, int ikm_len, ++ const unsigned char *info, int info_len, ++ uint8_t okm[ ], int okm_len); ++extern int hkdfExtract(SHAversion whichSha, const unsigned char *salt, ++ int salt_len, const unsigned char *ikm, ++ int ikm_len, uint8_t prk[USHAMaxHashSize]); ++extern int hkdfExpand(SHAversion whichSha, const uint8_t prk[ ], ++ int prk_len, const unsigned char *info, ++ int info_len, uint8_t okm[ ], int okm_len); ++ ++/* ++ * HKDF HMAC-based Extract-and-Expand Key Derivation Function, ++ * RFC 5869, for all SHAs. ++ * This interface allows any length of text input to be used. ++ */ ++extern int hkdfReset(HKDFContext *context, enum SHAversion whichSha, ++ const unsigned char *salt, int salt_len); ++extern int hkdfInput(HKDFContext *context, const unsigned char *ikm, ++ int ikm_len); ++extern int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits, ++ unsigned int ikm_bit_count); ++extern int hkdfResult(HKDFContext *context, ++ uint8_t prk[USHAMaxHashSize], ++ const unsigned char *info, int info_len, ++ uint8_t okm[USHAMaxHashSize], int okm_len); ++#endif /* _SHA_H_ */ ++ +diff --git a/common/sha1.c b/common/sha1.c +new file mode 100644 +index 0000000..53f1872 +--- /dev/null ++++ b/common/sha1.c +@@ -0,0 +1,414 @@ ++/**************************** sha1.c ***************************/ ++/***************** See RFC 6234 for details. *******************/ ++/* Copyright (c) 2011 IETF Trust and the persons identified as */ ++/* authors of the code. All rights reserved. */ ++/* See sha.h for terms of use and redistribution. */ ++ ++/* ++ * Description: ++ * This file implements the Secure Hash Algorithm SHA-1 ++ * as defined in the U.S. National Institute of Standards ++ * and Technology Federal Information Processing Standards ++ * Publication (FIPS PUB) 180-3 published in October 2008 ++ * and formerly defined in its predecessors, FIPS PUB 180-1 ++ * and FIP PUB 180-2. ++ * ++ * A combined document showing all algorithms is available at ++ * http://csrc.nist.gov/publications/fips/ ++ * fips180-3/fips180-3_final.pdf ++ * ++ * The SHA-1 algorithm produces a 160-bit message digest for a ++ * given data stream that can serve as a means of providing a ++ * "fingerprint" for a message. ++ * ++ * Portability Issues: ++ * SHA-1 is defined in terms of 32-bit "words". This code ++ * uses <stdint.h> (included via "sha.h") to define 32- and ++ * 8-bit unsigned integer types. If your C compiler does ++ * not support 32-bit unsigned integers, this code is not ++ * appropriate. ++ * ++ * Caveats: ++ * SHA-1 is designed to work with messages less than 2^64 bits ++ * long. This implementation uses SHA1Input() to hash the bits ++ * that are a multiple of the size of an 8-bit octet, and then ++ * optionally uses SHA1FinalBits() to hash the final few bits of ++ * the input. ++ */ ++ ++#include "sha.h" ++#include "sha-private.h" ++ ++/* ++ * Define the SHA1 circular left shift macro ++ */ ++#define SHA1_ROTL(bits,word) \ ++ (((word) << (bits)) | ((word) >> (32-(bits)))) ++ ++/* ++ * Add "length" to the length. ++ * Set Corrupted when overflow has occurred. ++ */ ++static uint32_t addTemp; ++#define SHA1AddLength(context, length) \ ++ (addTemp = (context)->Length_Low, \ ++ (context)->Corrupted = \ ++ (((context)->Length_Low += (length)) < addTemp) && \ ++ (++(context)->Length_High == 0) ? shaInputTooLong \ ++ : (context)->Corrupted ) ++ ++/* Local Function Prototypes */ ++static void SHA1ProcessMessageBlock(SHA1Context *context); ++static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte); ++static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte); ++ ++/* ++ * SHA1Reset ++ * ++ * Description: ++ * This function will initialize the SHA1Context in preparation ++ * for computing a new SHA1 message digest. ++ * ++ * Parameters: ++ * context: [in/out] ++ * The context to reset. ++ * ++ * Returns: ++ * sha Error Code. ++ * ++ */ ++int SHA1Reset(SHA1Context *context) ++{ ++ if (!context) return shaNull; ++ ++ context->Length_High = context->Length_Low = 0; ++ context->Message_Block_Index = 0; ++ ++ /* Initial Hash Values: FIPS 180-3 section 5.3.1 */ ++ context->Intermediate_Hash[0] = 0x67452301; ++ context->Intermediate_Hash[1] = 0xEFCDAB89; ++ context->Intermediate_Hash[2] = 0x98BADCFE; ++ context->Intermediate_Hash[3] = 0x10325476; ++ context->Intermediate_Hash[4] = 0xC3D2E1F0; ++ ++ context->Computed = 0; ++ context->Corrupted = shaSuccess; ++ ++ return shaSuccess; ++} ++ ++/* ++ * SHA1Input ++ * ++ * Description: ++ * This function accepts an array of octets as the next portion ++ * of the message. ++ * ++ * Parameters: ++ * context: [in/out] ++ * The SHA context to update. ++ * message_array[ ]: [in] ++ * An array of octets representing the next portion of ++ * the message. ++ * length: [in] ++ * The length of the message in message_array. ++ * ++ * Returns: ++ * sha Error Code. ++ * ++ */ ++int SHA1Input(SHA1Context *context, ++ const uint8_t *message_array, unsigned length) ++{ ++ if (!context) return shaNull; ++ if (!length) return shaSuccess; ++ if (!message_array) return shaNull; ++ if (context->Computed) return context->Corrupted = shaStateError; ++ if (context->Corrupted) return context->Corrupted; ++ ++ while (length--) { ++ context->Message_Block[context->Message_Block_Index++] = ++ *message_array; ++ ++ if ((SHA1AddLength(context, 8) == shaSuccess) && ++ (context->Message_Block_Index == SHA1_Message_Block_Size)) ++ SHA1ProcessMessageBlock(context); ++ ++ message_array++; ++ } ++ ++ return context->Corrupted; ++} ++ ++/* ++ * SHA1FinalBits ++ * ++ * Description: ++ * This function will add in any final bits of the message. ++ * ++ * Parameters: ++ * context: [in/out] ++ * The SHA context to update. ++ * message_bits: [in] ++ * The final bits of the message, in the upper portion of the ++ * byte. (Use 0b###00000 instead of 0b00000### to input the ++ * three bits ###.) ++ * length: [in] ++ * The number of bits in message_bits, between 1 and 7. ++ * ++ * Returns: ++ * sha Error Code. ++ */ ++int SHA1FinalBits(SHA1Context *context, uint8_t message_bits, ++ unsigned int length) ++{ ++ static uint8_t masks[8] = { ++ /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80, ++ /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0, ++ /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8, ++ /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE ++ }; ++ ++ static uint8_t markbit[8] = { ++ /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40, ++ /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10, ++ /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04, ++ /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01 ++ }; ++ ++ if (!context) return shaNull; ++ if (!length) return shaSuccess; ++ if (context->Corrupted) return context->Corrupted; ++ if (context->Computed) return context->Corrupted = shaStateError; ++ if (length >= 8) return context->Corrupted = shaBadParam; ++ ++ SHA1AddLength(context, length); ++ SHA1Finalize(context, ++ (uint8_t) ((message_bits & masks[length]) | markbit[length])); ++ ++ return context->Corrupted; ++} ++ ++/* ++ * SHA1Result ++ * ++ * Description: ++ * This function will return the 160-bit message digest ++ * into the Message_Digest array provided by the caller. ++ * NOTE: ++ * The first octet of hash is stored in the element with index 0, ++ * the last octet of hash in the element with index 19. ++ * ++ * Parameters: ++ * context: [in/out] ++ * The context to use to calculate the SHA-1 hash. ++ * Message_Digest[ ]: [out] ++ * Where the digest is returned. ++ * ++ * Returns: ++ * sha Error Code. ++ * ++ */ ++int SHA1Result(SHA1Context *context, ++ uint8_t Message_Digest[SHA1HashSize]) ++{ ++ int i; ++ ++ if (!context) return shaNull; ++ if (!Message_Digest) return shaNull; ++ if (context->Corrupted) return context->Corrupted; ++ ++ if (!context->Computed) ++ SHA1Finalize(context, 0x80); ++ ++ for (i = 0; i < SHA1HashSize; ++i) ++ Message_Digest[i] = (uint8_t) (context->Intermediate_Hash[i>>2] ++ >> (8 * ( 3 - ( i & 0x03 ) ))); ++ ++ return shaSuccess; ++} ++ ++/* ++ * SHA1ProcessMessageBlock ++ * ++ * Description: ++ * This helper function will process the next 512 bits of the ++ * message stored in the Message_Block array. ++ * ++ * Parameters: ++ * context: [in/out] ++ * The SHA context to update. ++ * ++ * Returns: ++ * Nothing. ++ * ++ * Comments: ++ * Many of the variable names in this code, especially the ++ * single character names, were used because those were the ++ * names used in the Secure Hash Standard. ++ */ ++static void SHA1ProcessMessageBlock(SHA1Context *context) ++{ ++ /* Constants defined in FIPS 180-3, section 4.2.1 */ ++ const uint32_t K[4] = { ++ 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6 ++ }; ++ ++ int t; /* Loop counter */ ++ uint32_t temp; /* Temporary word value */ ++ uint32_t W[80]; /* Word sequence */ ++ uint32_t A, B, C, D, E; /* Word buffers */ ++ ++ /* ++ * Initialize the first 16 words in the array W ++ */ ++ for (t = 0; t < 16; t++) { ++ W[t] = ((uint32_t)context->Message_Block[t * 4]) << 24; ++ W[t] |= ((uint32_t)context->Message_Block[t * 4 + 1]) << 16; ++ W[t] |= ((uint32_t)context->Message_Block[t * 4 + 2]) << 8; ++ W[t] |= ((uint32_t)context->Message_Block[t * 4 + 3]); ++ } ++ ++ for (t = 16; t < 80; t++) ++ W[t] = SHA1_ROTL(1, W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]); ++ ++ A = context->Intermediate_Hash[0]; ++ B = context->Intermediate_Hash[1]; ++ C = context->Intermediate_Hash[2]; ++ D = context->Intermediate_Hash[3]; ++ E = context->Intermediate_Hash[4]; ++ ++ for (t = 0; t < 20; t++) { ++ temp = SHA1_ROTL(5,A) + SHA_Ch(B, C, D) + E + W[t] + K[0]; ++ E = D; ++ D = C; ++ C = SHA1_ROTL(30,B); ++ B = A; ++ A = temp; ++ } ++ ++ for (t = 20; t < 40; t++) { ++ temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[1]; ++ E = D; ++ D = C; ++ C = SHA1_ROTL(30,B); ++ B = A; ++ A = temp; ++ } ++ ++ for (t = 40; t < 60; t++) { ++ temp = SHA1_ROTL(5,A) + SHA_Maj(B, C, D) + E + W[t] + K[2]; ++ E = D; ++ D = C; ++ C = SHA1_ROTL(30,B); ++ B = A; ++ A = temp; ++ } ++ ++ for (t = 60; t < 80; t++) { ++ temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[3]; ++ E = D; ++ D = C; ++ C = SHA1_ROTL(30,B); ++ B = A; ++ A = temp; ++ } ++ ++ context->Intermediate_Hash[0] += A; ++ context->Intermediate_Hash[1] += B; ++ context->Intermediate_Hash[2] += C; ++ context->Intermediate_Hash[3] += D; ++ context->Intermediate_Hash[4] += E; ++ context->Message_Block_Index = 0; ++} ++ ++/* ++ * SHA1Finalize ++ * ++ * Description: ++ * This helper function finishes off the digest calculations. ++ * ++ * Parameters: ++ * context: [in/out] ++ * The SHA context to update. ++ * Pad_Byte: [in] ++ * The last byte to add to the message block before the 0-padding ++ * and length. This will contain the last bits of the message ++ * followed by another single bit. If the message was an ++ * exact multiple of 8-bits long, Pad_Byte will be 0x80. ++ * ++ * Returns: ++ * sha Error Code. ++ * ++ */ ++static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte) ++{ ++ int i; ++ SHA1PadMessage(context, Pad_Byte); ++ /* message may be sensitive, clear it out */ ++ for (i = 0; i < SHA1_Message_Block_Size; ++i) ++ context->Message_Block[i] = 0; ++ context->Length_High = 0; /* and clear length */ ++ context->Length_Low = 0; ++ context->Computed = 1; ++} ++ ++/* ++ * SHA1PadMessage ++ * ++ * Description: ++ * According to the standard, the message must be padded to the next ++ * even multiple of 512 bits. The first padding bit must be a '1'. ++ * The last 64 bits represent the length of the original message. ++ * All bits in between should be 0. This helper function will pad ++ * the message according to those rules by filling the Message_Block ++ * array accordingly. When it returns, it can be assumed that the ++ * message digest has been computed. ++ * ++ * Parameters: ++ * context: [in/out] ++ * The context to pad. ++ * Pad_Byte: [in] ++ * The last byte to add to the message block before the 0-padding ++ * and length. This will contain the last bits of the message ++ * followed by another single bit. If the message was an ++ * exact multiple of 8-bits long, Pad_Byte will be 0x80. ++ * ++ * Returns: ++ * Nothing. ++ */ ++static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte) ++{ ++ /* ++ * Check to see if the current message block is too small to hold ++ * the initial padding bits and length. If so, we will pad the ++ * block, process it, and then continue padding into a second ++ * block. ++ */ ++ if (context->Message_Block_Index >= (SHA1_Message_Block_Size - 8)) { ++ context->Message_Block[context->Message_Block_Index++] = Pad_Byte; ++ while (context->Message_Block_Index < SHA1_Message_Block_Size) ++ context->Message_Block[context->Message_Block_Index++] = 0; ++ ++ SHA1ProcessMessageBlock(context); ++ } else ++ context->Message_Block[context->Message_Block_Index++] = Pad_Byte; ++ ++ while (context->Message_Block_Index < (SHA1_Message_Block_Size - 8)) ++ context->Message_Block[context->Message_Block_Index++] = 0; ++ ++ /* ++ * Store the message length as the last 8 octets ++ */ ++ context->Message_Block[56] = (uint8_t) (context->Length_High >> 24); ++ context->Message_Block[57] = (uint8_t) (context->Length_High >> 16); ++ context->Message_Block[58] = (uint8_t) (context->Length_High >> 8); ++ context->Message_Block[59] = (uint8_t) (context->Length_High); ++ context->Message_Block[60] = (uint8_t) (context->Length_Low >> 24); ++ context->Message_Block[61] = (uint8_t) (context->Length_Low >> 16); ++ context->Message_Block[62] = (uint8_t) (context->Length_Low >> 8); ++ context->Message_Block[63] = (uint8_t) (context->Length_Low); ++ ++ SHA1ProcessMessageBlock(context); ++} ++ +diff --git a/libvncserver/Makefile.am b/libvncserver/Makefile.am +index cb38c64..38426af 100644 +--- a/libvncserver/Makefile.am ++++ b/libvncserver/Makefile.am +@@ -37,7 +37,7 @@ include_HEADERS=../rfb/rfb.h ../rfb/rfbconfig.h ../rfb/rfbint.h \ + + noinst_HEADERS=../common/d3des.h ../rfb/default8x16.h zrleoutstream.h \ + zrlepalettehelper.h zrletypes.h private.h scale.h rfbssl.h rfbcrypto.h \ +- ../common/minilzo.h ../common/lzoconf.h ../common/lzodefs.h ../common/md5.h ../common/sha1.h \ ++ ../common/minilzo.h ../common/lzoconf.h ../common/lzodefs.h ../common/md5.h ../common/sha.h ../common/sha-private.h \ + $(TIGHTVNCFILETRANSFERHDRS) + + EXTRA_DIST=tableinit24.c tableinittctemplate.c tabletranstemplate.c \ +diff --git a/libvncserver/rfbcrypto_included.c b/libvncserver/rfbcrypto_included.c +index 58c2e93..7feff61 100644 +--- a/libvncserver/rfbcrypto_included.c ++++ b/libvncserver/rfbcrypto_included.c +@@ -23,7 +23,7 @@ + + #include <string.h> + #include "md5.h" +-#include "sha1.h" ++#include "sha.h" + #include "rfbcrypto.h" + + void digestmd5(const struct iovec *iov, int iovcnt, void *dest) diff -Nru libvncserver-0.9.9+dfsg/debian/patches/series libvncserver-0.9.9+dfsg/debian/patches/series --- libvncserver-0.9.9+dfsg/debian/patches/series 2014-11-23 16:03:36.000000000 +0100 +++ libvncserver-0.9.9+dfsg/debian/patches/series 2015-05-26 21:24:58.000000000 +0200 @@ -10,3 +10,5 @@ CVE-2015-6053.patch CVE-2014-6054.patch CVE-2014-6055.patch +0004-init-libgcrypt-before-use.patch +0005-adding-free-sha1-implementation.patch diff -Nru libvncserver-0.9.9+dfsg/debian/rules libvncserver-0.9.9+dfsg/debian/rules --- libvncserver-0.9.9+dfsg/debian/rules 2014-08-11 00:21:58.000000000 +0200 +++ libvncserver-0.9.9+dfsg/debian/rules 2015-05-26 21:24:58.000000000 +0200 @@ -22,6 +22,6 @@ get-orig-source: tar fxz ../libvncserver_${VERSION}.orig.tar.gz -C .. - cd ../LibVNCServer-${VERSION} && rm -fr webclients + cd ../LibVNCServer-${VERSION} && rm -fr webclients && rm -fr common/sha1.* tar czf ../libvncserver_${VERSION}+dfsg.orig.tar.gz ../LibVNCServer-${VERSION} rm -fr ../LibVNCServer-${VERSION}
signature.asc
Description: OpenPGP digital signature