summaryrefslogtreecommitdiff
path: root/openbsd-compat
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-10 00:18:28 +0000
committerColin Watson <cjwatson@debian.org>2014-02-10 00:18:28 +0000
commit9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch)
tree764a885ec9a963f6a8b15de6e1765f16b9ac4738 /openbsd-compat
parentee196dab7c5f97f0b80c8099343a375bead92010 (diff)
parentcdb6c90811caa5df2df856be9b0b16db020fe31d (diff)
Import openssh_6.5p1.orig.tar.gz
Diffstat (limited to 'openbsd-compat')
-rw-r--r--openbsd-compat/Makefile.in6
-rw-r--r--openbsd-compat/arc4random.c294
-rw-r--r--openbsd-compat/bcrypt_pbkdf.c170
-rw-r--r--openbsd-compat/blf.h88
-rw-r--r--openbsd-compat/blowfish.c694
-rw-r--r--openbsd-compat/bsd-arc4random.c150
-rw-r--r--openbsd-compat/bsd-cygwin_util.h8
-rw-r--r--openbsd-compat/bsd-misc.c1
-rw-r--r--openbsd-compat/bsd-poll.c7
-rw-r--r--openbsd-compat/bsd-setres_id.c3
-rw-r--r--openbsd-compat/bsd-snprintf.c46
-rw-r--r--openbsd-compat/bsd-statvfs.c55
-rw-r--r--openbsd-compat/bsd-statvfs.h11
-rw-r--r--openbsd-compat/chacha_private.h222
-rw-r--r--openbsd-compat/openbsd-compat.h16
-rw-r--r--openbsd-compat/openssl-compat.c30
-rw-r--r--openbsd-compat/openssl-compat.h18
-rw-r--r--openbsd-compat/setproctitle.c9
18 files changed, 1653 insertions, 175 deletions
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 365cf006d..276646fa6 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.51 2013/05/10 06:28:56 dtucker Exp $ 1# $Id: Makefile.in,v 1.54 2013/12/07 01:37:54 djm Exp $
2 2
3sysconfdir=@sysconfdir@ 3sysconfdir=@sysconfdir@
4piddir=@piddir@ 4piddir=@piddir@
@@ -16,9 +16,9 @@ RANLIB=@RANLIB@
16INSTALL=@INSTALL@ 16INSTALL=@INSTALL@
17LDFLAGS=-L. @LDFLAGS@ 17LDFLAGS=-L. @LDFLAGS@
18 18
19OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o 19OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o
20 20
21COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o 21COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22 22
23PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o 23PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
24 24
diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
new file mode 100644
index 000000000..eac073cc0
--- /dev/null
+++ b/openbsd-compat/arc4random.c
@@ -0,0 +1,294 @@
1/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */
2
3/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */
4
5/*
6 * Copyright (c) 1996, David Mazieres <dm@uun.org>
7 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
8 * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
9 *
10 * Permission to use, copy, modify, and distribute this software for any
11 * purpose with or without fee is hereby granted, provided that the above
12 * copyright notice and this permission notice appear in all copies.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
15 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
17 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 */
22
23/*
24 * ChaCha based random number generator for OpenBSD.
25 */
26
27#include "includes.h"
28
29#include <stdlib.h>
30#include <string.h>
31#include <unistd.h>
32#include <sys/types.h>
33
34#ifndef HAVE_ARC4RANDOM
35
36#include <openssl/rand.h>
37#include <openssl/err.h>
38
39#include "log.h"
40
41#define KEYSTREAM_ONLY
42#include "chacha_private.h"
43
44#ifdef __GNUC__
45#define inline __inline
46#else /* !__GNUC__ */
47#define inline
48#endif /* !__GNUC__ */
49
50/* OpenSSH isn't multithreaded */
51#define _ARC4_LOCK()
52#define _ARC4_UNLOCK()
53
54#define KEYSZ 32
55#define IVSZ 8
56#define BLOCKSZ 64
57#define RSBUFSZ (16*BLOCKSZ)
58static int rs_initialized;
59static pid_t rs_stir_pid;
60static chacha_ctx rs; /* chacha context for random keystream */
61static u_char rs_buf[RSBUFSZ]; /* keystream blocks */
62static size_t rs_have; /* valid bytes at end of rs_buf */
63static size_t rs_count; /* bytes till reseed */
64
65static inline void _rs_rekey(u_char *dat, size_t datlen);
66
67static inline void
68_rs_init(u_char *buf, size_t n)
69{
70 if (n < KEYSZ + IVSZ)
71 return;
72 chacha_keysetup(&rs, buf, KEYSZ * 8, 0);
73 chacha_ivsetup(&rs, buf + KEYSZ);
74}
75
76static void
77_rs_stir(void)
78{
79 u_char rnd[KEYSZ + IVSZ];
80
81 if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
82 fatal("Couldn't obtain random bytes (error %ld)",
83 ERR_get_error());
84
85 if (!rs_initialized) {
86 rs_initialized = 1;
87 _rs_init(rnd, sizeof(rnd));
88 } else
89 _rs_rekey(rnd, sizeof(rnd));
90 memset(rnd, 0, sizeof(rnd));
91
92 /* invalidate rs_buf */
93 rs_have = 0;
94 memset(rs_buf, 0, RSBUFSZ);
95
96 rs_count = 1600000;
97}
98
99static inline void
100_rs_stir_if_needed(size_t len)
101{
102 pid_t pid = getpid();
103
104 if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) {
105 rs_stir_pid = pid;
106 _rs_stir();
107 } else
108 rs_count -= len;
109}
110
111static inline void
112_rs_rekey(u_char *dat, size_t datlen)
113{
114#ifndef KEYSTREAM_ONLY
115 memset(rs_buf, 0,RSBUFSZ);
116#endif
117 /* fill rs_buf with the keystream */
118 chacha_encrypt_bytes(&rs, rs_buf, rs_buf, RSBUFSZ);
119 /* mix in optional user provided data */
120 if (dat) {
121 size_t i, m;
122
123 m = MIN(datlen, KEYSZ + IVSZ);
124 for (i = 0; i < m; i++)
125 rs_buf[i] ^= dat[i];
126 }
127 /* immediately reinit for backtracking resistance */
128 _rs_init(rs_buf, KEYSZ + IVSZ);
129 memset(rs_buf, 0, KEYSZ + IVSZ);
130 rs_have = RSBUFSZ - KEYSZ - IVSZ;
131}
132
133static inline void
134_rs_random_buf(void *_buf, size_t n)
135{
136 u_char *buf = (u_char *)_buf;
137 size_t m;
138
139 _rs_stir_if_needed(n);
140 while (n > 0) {
141 if (rs_have > 0) {
142 m = MIN(n, rs_have);
143 memcpy(buf, rs_buf + RSBUFSZ - rs_have, m);
144 memset(rs_buf + RSBUFSZ - rs_have, 0, m);
145 buf += m;
146 n -= m;
147 rs_have -= m;
148 }
149 if (rs_have == 0)
150 _rs_rekey(NULL, 0);
151 }
152}
153
154static inline void
155_rs_random_u32(u_int32_t *val)
156{
157 _rs_stir_if_needed(sizeof(*val));
158 if (rs_have < sizeof(*val))
159 _rs_rekey(NULL, 0);
160 memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val));
161 memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val));
162 rs_have -= sizeof(*val);
163 return;
164}
165
166void
167arc4random_stir(void)
168{
169 _ARC4_LOCK();
170 _rs_stir();
171 _ARC4_UNLOCK();
172}
173
174void
175arc4random_addrandom(u_char *dat, int datlen)
176{
177 int m;
178
179 _ARC4_LOCK();
180 if (!rs_initialized)
181 _rs_stir();
182 while (datlen > 0) {
183 m = MIN(datlen, KEYSZ + IVSZ);
184 _rs_rekey(dat, m);
185 dat += m;
186 datlen -= m;
187 }
188 _ARC4_UNLOCK();
189}
190
191u_int32_t
192arc4random(void)
193{
194 u_int32_t val;
195
196 _ARC4_LOCK();
197 _rs_random_u32(&val);
198 _ARC4_UNLOCK();
199 return val;
200}
201
202/*
203 * If we are providing arc4random, then we can provide a more efficient
204 * arc4random_buf().
205 */
206# ifndef HAVE_ARC4RANDOM_BUF
207void
208arc4random_buf(void *buf, size_t n)
209{
210 _ARC4_LOCK();
211 _rs_random_buf(buf, n);
212 _ARC4_UNLOCK();
213}
214# endif /* !HAVE_ARC4RANDOM_BUF */
215#endif /* !HAVE_ARC4RANDOM */
216
217/* arc4random_buf() that uses platform arc4random() */
218#if !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM)
219void
220arc4random_buf(void *_buf, size_t n)
221{
222 size_t i;
223 u_int32_t r = 0;
224 char *buf = (char *)_buf;
225
226 for (i = 0; i < n; i++) {
227 if (i % 4 == 0)
228 r = arc4random();
229 buf[i] = r & 0xff;
230 r >>= 8;
231 }
232 i = r = 0;
233}
234#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */
235
236#ifndef HAVE_ARC4RANDOM_UNIFORM
237/*
238 * Calculate a uniformly distributed random number less than upper_bound
239 * avoiding "modulo bias".
240 *
241 * Uniformity is achieved by generating new random numbers until the one
242 * returned is outside the range [0, 2**32 % upper_bound). This
243 * guarantees the selected random number will be inside
244 * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
245 * after reduction modulo upper_bound.
246 */
247u_int32_t
248arc4random_uniform(u_int32_t upper_bound)
249{
250 u_int32_t r, min;
251
252 if (upper_bound < 2)
253 return 0;
254
255 /* 2**32 % x == (2**32 - x) % x */
256 min = -upper_bound % upper_bound;
257
258 /*
259 * This could theoretically loop forever but each retry has
260 * p > 0.5 (worst case, usually far better) of selecting a
261 * number inside the range we need, so it should rarely need
262 * to re-roll.
263 */
264 for (;;) {
265 r = arc4random();
266 if (r >= min)
267 break;
268 }
269
270 return r % upper_bound;
271}
272#endif /* !HAVE_ARC4RANDOM_UNIFORM */
273
274#if 0
275/*-------- Test code for i386 --------*/
276#include <stdio.h>
277#include <machine/pctr.h>
278int
279main(int argc, char **argv)
280{
281 const int iter = 1000000;
282 int i;
283 pctrval v;
284
285 v = rdtsc();
286 for (i = 0; i < iter; i++)
287 arc4random();
288 v = rdtsc() - v;
289 v /= iter;
290
291 printf("%qd cycles\n", v);
292 exit(0);
293}
294#endif
diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c
new file mode 100644
index 000000000..91b6ba07b
--- /dev/null
+++ b/openbsd-compat/bcrypt_pbkdf.c
@@ -0,0 +1,170 @@
1/* $OpenBSD: bcrypt_pbkdf.c,v 1.4 2013/07/29 00:55:53 tedu Exp $ */
2/*
3 * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include "includes.h"
19
20#ifndef HAVE_BCRYPT_PBKDF
21
22#include <sys/types.h>
23#include <sys/param.h>
24
25#ifdef HAVE_STDLIB_H
26# include <stdlib.h>
27#endif
28#include <string.h>
29
30#ifdef HAVE_BLF_H
31# include <blf.h>
32#endif
33
34#include "crypto_api.h"
35#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
36
37/*
38 * pkcs #5 pbkdf2 implementation using the "bcrypt" hash
39 *
40 * The bcrypt hash function is derived from the bcrypt password hashing
41 * function with the following modifications:
42 * 1. The input password and salt are preprocessed with SHA512.
43 * 2. The output length is expanded to 256 bits.
44 * 3. Subsequently the magic string to be encrypted is lengthened and modifed
45 * to "OxychromaticBlowfishSwatDynamite"
46 * 4. The hash function is defined to perform 64 rounds of initial state
47 * expansion. (More rounds are performed by iterating the hash.)
48 *
49 * Note that this implementation pulls the SHA512 operations into the caller
50 * as a performance optimization.
51 *
52 * One modification from official pbkdf2. Instead of outputting key material
53 * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to
54 * generate (i.e.) 512 bits of key material for use as two 256 bit keys, an
55 * attacker can merely run once through the outer loop below, but the user
56 * always runs it twice. Shuffling output bytes requires computing the
57 * entirety of the key material to assemble any subkey. This is something a
58 * wise caller could do; we just do it for you.
59 */
60
61#define BCRYPT_BLOCKS 8
62#define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4)
63
64static void
65bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
66{
67 blf_ctx state;
68 u_int8_t ciphertext[BCRYPT_HASHSIZE] =
69 "OxychromaticBlowfishSwatDynamite";
70 uint32_t cdata[BCRYPT_BLOCKS];
71 int i;
72 uint16_t j;
73 size_t shalen = SHA512_DIGEST_LENGTH;
74
75 /* key expansion */
76 Blowfish_initstate(&state);
77 Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen);
78 for (i = 0; i < 64; i++) {
79 Blowfish_expand0state(&state, sha2salt, shalen);
80 Blowfish_expand0state(&state, sha2pass, shalen);
81 }
82
83 /* encryption */
84 j = 0;
85 for (i = 0; i < BCRYPT_BLOCKS; i++)
86 cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
87 &j);
88 for (i = 0; i < 64; i++)
89 blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t));
90
91 /* copy out */
92 for (i = 0; i < BCRYPT_BLOCKS; i++) {
93 out[4 * i + 3] = (cdata[i] >> 24) & 0xff;
94 out[4 * i + 2] = (cdata[i] >> 16) & 0xff;
95 out[4 * i + 1] = (cdata[i] >> 8) & 0xff;
96 out[4 * i + 0] = cdata[i] & 0xff;
97 }
98
99 /* zap */
100 memset(ciphertext, 0, sizeof(ciphertext));
101 memset(cdata, 0, sizeof(cdata));
102 memset(&state, 0, sizeof(state));
103}
104
105int
106bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen,
107 u_int8_t *key, size_t keylen, unsigned int rounds)
108{
109 u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
110 u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
111 u_int8_t out[BCRYPT_HASHSIZE];
112 u_int8_t tmpout[BCRYPT_HASHSIZE];
113 u_int8_t *countsalt;
114 size_t i, j, amt, stride;
115 uint32_t count;
116
117 /* nothing crazy */
118 if (rounds < 1)
119 return -1;
120 if (passlen == 0 || saltlen == 0 || keylen == 0 ||
121 keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20)
122 return -1;
123 if ((countsalt = calloc(1, saltlen + 4)) == NULL)
124 return -1;
125 stride = (keylen + sizeof(out) - 1) / sizeof(out);
126 amt = (keylen + stride - 1) / stride;
127
128 memcpy(countsalt, salt, saltlen);
129
130 /* collapse password */
131 crypto_hash_sha512(sha2pass, pass, passlen);
132
133 /* generate key, sizeof(out) at a time */
134 for (count = 1; keylen > 0; count++) {
135 countsalt[saltlen + 0] = (count >> 24) & 0xff;
136 countsalt[saltlen + 1] = (count >> 16) & 0xff;
137 countsalt[saltlen + 2] = (count >> 8) & 0xff;
138 countsalt[saltlen + 3] = count & 0xff;
139
140 /* first round, salt is salt */
141 crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
142
143 bcrypt_hash(sha2pass, sha2salt, tmpout);
144 memcpy(out, tmpout, sizeof(out));
145
146 for (i = 1; i < rounds; i++) {
147 /* subsequent rounds, salt is previous output */
148 crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout));
149 bcrypt_hash(sha2pass, sha2salt, tmpout);
150 for (j = 0; j < sizeof(out); j++)
151 out[j] ^= tmpout[j];
152 }
153
154 /*
155 * pbkdf2 deviation: ouput the key material non-linearly.
156 */
157 amt = MIN(amt, keylen);
158 for (i = 0; i < amt; i++)
159 key[i * stride + (count - 1)] = out[i];
160 keylen -= amt;
161 }
162
163 /* zap */
164 memset(out, 0, sizeof(out));
165 memset(countsalt, 0, saltlen + 4);
166 free(countsalt);
167
168 return 0;
169}
170#endif /* HAVE_BCRYPT_PBKDF */
diff --git a/openbsd-compat/blf.h b/openbsd-compat/blf.h
new file mode 100644
index 000000000..f1ac5a5c2
--- /dev/null
+++ b/openbsd-compat/blf.h
@@ -0,0 +1,88 @@
1/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */
2/*
3 * Blowfish - a fast block cipher designed by Bruce Schneier
4 *
5 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. All advertising materials mentioning features or use of this software
17 * must display the following acknowledgement:
18 * This product includes software developed by Niels Provos.
19 * 4. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34#ifndef _BLF_H_
35#define _BLF_H_
36
37#include "includes.h"
38
39#if !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H)
40
41/* Schneier specifies a maximum key length of 56 bytes.
42 * This ensures that every key bit affects every cipher
43 * bit. However, the subkeys can hold up to 72 bytes.
44 * Warning: For normal blowfish encryption only 56 bytes
45 * of the key affect all cipherbits.
46 */
47
48#define BLF_N 16 /* Number of Subkeys */
49#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */
50#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */
51
52/* Blowfish context */
53typedef struct BlowfishContext {
54 u_int32_t S[4][256]; /* S-Boxes */
55 u_int32_t P[BLF_N + 2]; /* Subkeys */
56} blf_ctx;
57
58/* Raw access to customized Blowfish
59 * blf_key is just:
60 * Blowfish_initstate( state )
61 * Blowfish_expand0state( state, key, keylen )
62 */
63
64void Blowfish_encipher(blf_ctx *, u_int32_t *, u_int32_t *);
65void Blowfish_decipher(blf_ctx *, u_int32_t *, u_int32_t *);
66void Blowfish_initstate(blf_ctx *);
67void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t);
68void Blowfish_expandstate
69(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t);
70
71/* Standard Blowfish */
72
73void blf_key(blf_ctx *, const u_int8_t *, u_int16_t);
74void blf_enc(blf_ctx *, u_int32_t *, u_int16_t);
75void blf_dec(blf_ctx *, u_int32_t *, u_int16_t);
76
77void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t);
78void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t);
79
80void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
81void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
82
83/* Converts u_int8_t to u_int32_t */
84u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , u_int16_t *);
85
86#endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */
87#endif /* _BLF_H */
88
diff --git a/openbsd-compat/blowfish.c b/openbsd-compat/blowfish.c
new file mode 100644
index 000000000..6c419549e
--- /dev/null
+++ b/openbsd-compat/blowfish.c
@@ -0,0 +1,694 @@
1/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */
2/*
3 * Blowfish block cipher for OpenBSD
4 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
5 * All rights reserved.
6 *
7 * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Niels Provos.
20 * 4. The name of the author may not be used to endorse or promote products
21 * derived from this software without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35/*
36 * This code is derived from section 14.3 and the given source
37 * in section V of Applied Cryptography, second edition.
38 * Blowfish is an unpatented fast block cipher designed by
39 * Bruce Schneier.
40 */
41
42#include "includes.h"
43
44#if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
45 !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC))
46
47#if 0
48#include <stdio.h> /* used for debugging */
49#include <string.h>
50#endif
51
52#include <sys/types.h>
53#include <blf.h>
54
55#undef inline
56#ifdef __GNUC__
57#define inline __inline
58#else /* !__GNUC__ */
59#define inline
60#endif /* !__GNUC__ */
61
62/* Function for Feistel Networks */
63
64#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \
65 + (s)[0x100 + (((x)>>16)&0xFF)]) \
66 ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
67 + (s)[0x300 + ( (x) &0xFF)])
68
69#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n])
70
71void
72Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
73{
74 u_int32_t Xl;
75 u_int32_t Xr;
76 u_int32_t *s = c->S[0];
77 u_int32_t *p = c->P;
78
79 Xl = *xl;
80 Xr = *xr;
81
82 Xl ^= p[0];
83 BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
84 BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
85 BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
86 BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
87 BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
88 BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
89 BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
90 BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
91
92 *xl = Xr ^ p[17];
93 *xr = Xl;
94}
95
96void
97Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
98{
99 u_int32_t Xl;
100 u_int32_t Xr;
101 u_int32_t *s = c->S[0];
102 u_int32_t *p = c->P;
103
104 Xl = *xl;
105 Xr = *xr;
106
107 Xl ^= p[17];
108 BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15);
109 BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13);
110 BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11);
111 BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9);
112 BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7);
113 BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5);
114 BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3);
115 BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1);
116
117 *xl = Xr ^ p[0];
118 *xr = Xl;
119}
120
121void
122Blowfish_initstate(blf_ctx *c)
123{
124 /* P-box and S-box tables initialized with digits of Pi */
125
126 static const blf_ctx initstate =
127 { {
128 {
129 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
130 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
131 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
132 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
133 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
134 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
135 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
136 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
137 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
138 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
139 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
140 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
141 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
142 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
143 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
144 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
145 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
146 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
147 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
148 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
149 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
150 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
151 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
152 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
153 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
154 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
155 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
156 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
157 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
158 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
159 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
160 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
161 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
162 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
163 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
164 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
165 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
166 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
167 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
168 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
169 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
170 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
171 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
172 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
173 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
174 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
175 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
176 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
177 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
178 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
179 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
180 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
181 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
182 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
183 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
184 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
185 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
186 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
187 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
188 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
189 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
190 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
191 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
192 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
193 {
194 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
195 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
196 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
197 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
198 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
199 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
200 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
201 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
202 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
203 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
204 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
205 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
206 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
207 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
208 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
209 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
210 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
211 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
212 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
213 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
214 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
215 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
216 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
217 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
218 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
219 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
220 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
221 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
222 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
223 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
224 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
225 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
226 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
227 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
228 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
229 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
230 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
231 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
232 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
233 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
234 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
235 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
236 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
237 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
238 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
239 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
240 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
241 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
242 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
243 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
244 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
245 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
246 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
247 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
248 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
249 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
250 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
251 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
252 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
253 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
254 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
255 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
256 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
257 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
258 {
259 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
260 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
261 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
262 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
263 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
264 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
265 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
266 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
267 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
268 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
269 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
270 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
271 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
272 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
273 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
274 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
275 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
276 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
277 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
278 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
279 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
280 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
281 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
282 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
283 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
284 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
285 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
286 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
287 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
288 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
289 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
290 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
291 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
292 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
293 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
294 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
295 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
296 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
297 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
298 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
299 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
300 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
301 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
302 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
303 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
304 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
305 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
306 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
307 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
308 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
309 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
310 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
311 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
312 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
313 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
314 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
315 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
316 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
317 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
318 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
319 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
320 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
321 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
322 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
323 {
324 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
325 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
326 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
327 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
328 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
329 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
330 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
331 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
332 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
333 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
334 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
335 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
336 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
337 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
338 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
339 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
340 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
341 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
342 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
343 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
344 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
345 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
346 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
347 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
348 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
349 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
350 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
351 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
352 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
353 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
354 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
355 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
356 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
357 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
358 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
359 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
360 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
361 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
362 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
363 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
364 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
365 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
366 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
367 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
368 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
369 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
370 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
371 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
372 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
373 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
374 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
375 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
376 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
377 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
378 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
379 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
380 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
381 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
382 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
383 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
384 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
385 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
386 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
387 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
388 },
389 {
390 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
391 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
392 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
393 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
394 0x9216d5d9, 0x8979fb1b
395 } };
396
397 *c = initstate;
398}
399
400u_int32_t
401Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
402 u_int16_t *current)
403{
404 u_int8_t i;
405 u_int16_t j;
406 u_int32_t temp;
407
408 temp = 0x00000000;
409 j = *current;
410
411 for (i = 0; i < 4; i++, j++) {
412 if (j >= databytes)
413 j = 0;
414 temp = (temp << 8) | data[j];
415 }
416
417 *current = j;
418 return temp;
419}
420
421void
422Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
423{
424 u_int16_t i;
425 u_int16_t j;
426 u_int16_t k;
427 u_int32_t temp;
428 u_int32_t datal;
429 u_int32_t datar;
430
431 j = 0;
432 for (i = 0; i < BLF_N + 2; i++) {
433 /* Extract 4 int8 to 1 int32 from keystream */
434 temp = Blowfish_stream2word(key, keybytes, &j);
435 c->P[i] = c->P[i] ^ temp;
436 }
437
438 j = 0;
439 datal = 0x00000000;
440 datar = 0x00000000;
441 for (i = 0; i < BLF_N + 2; i += 2) {
442 Blowfish_encipher(c, &datal, &datar);
443
444 c->P[i] = datal;
445 c->P[i + 1] = datar;
446 }
447
448 for (i = 0; i < 4; i++) {
449 for (k = 0; k < 256; k += 2) {
450 Blowfish_encipher(c, &datal, &datar);
451
452 c->S[i][k] = datal;
453 c->S[i][k + 1] = datar;
454 }
455 }
456}
457
458
459void
460Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
461 const u_int8_t *key, u_int16_t keybytes)
462{
463 u_int16_t i;
464 u_int16_t j;
465 u_int16_t k;
466 u_int32_t temp;
467 u_int32_t datal;
468 u_int32_t datar;
469
470 j = 0;
471 for (i = 0; i < BLF_N + 2; i++) {
472 /* Extract 4 int8 to 1 int32 from keystream */
473 temp = Blowfish_stream2word(key, keybytes, &j);
474 c->P[i] = c->P[i] ^ temp;
475 }
476
477 j = 0;
478 datal = 0x00000000;
479 datar = 0x00000000;
480 for (i = 0; i < BLF_N + 2; i += 2) {
481 datal ^= Blowfish_stream2word(data, databytes, &j);
482 datar ^= Blowfish_stream2word(data, databytes, &j);
483 Blowfish_encipher(c, &datal, &datar);
484
485 c->P[i] = datal;
486 c->P[i + 1] = datar;
487 }
488
489 for (i = 0; i < 4; i++) {
490 for (k = 0; k < 256; k += 2) {
491 datal ^= Blowfish_stream2word(data, databytes, &j);
492 datar ^= Blowfish_stream2word(data, databytes, &j);
493 Blowfish_encipher(c, &datal, &datar);
494
495 c->S[i][k] = datal;
496 c->S[i][k + 1] = datar;
497 }
498 }
499
500}
501
502void
503blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
504{
505 /* Initialize S-boxes and subkeys with Pi */
506 Blowfish_initstate(c);
507
508 /* Transform S-boxes and subkeys with key */
509 Blowfish_expand0state(c, k, len);
510}
511
512void
513blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
514{
515 u_int32_t *d;
516 u_int16_t i;
517
518 d = data;
519 for (i = 0; i < blocks; i++) {
520 Blowfish_encipher(c, d, d + 1);
521 d += 2;
522 }
523}
524
525void
526blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
527{
528 u_int32_t *d;
529 u_int16_t i;
530
531 d = data;
532 for (i = 0; i < blocks; i++) {
533 Blowfish_decipher(c, d, d + 1);
534 d += 2;
535 }
536}
537
538void
539blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
540{
541 u_int32_t l, r;
542 u_int32_t i;
543
544 for (i = 0; i < len; i += 8) {
545 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
546 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
547 Blowfish_encipher(c, &l, &r);
548 data[0] = l >> 24 & 0xff;
549 data[1] = l >> 16 & 0xff;
550 data[2] = l >> 8 & 0xff;
551 data[3] = l & 0xff;
552 data[4] = r >> 24 & 0xff;
553 data[5] = r >> 16 & 0xff;
554 data[6] = r >> 8 & 0xff;
555 data[7] = r & 0xff;
556 data += 8;
557 }
558}
559
560void
561blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
562{
563 u_int32_t l, r;
564 u_int32_t i;
565
566 for (i = 0; i < len; i += 8) {
567 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
568 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
569 Blowfish_decipher(c, &l, &r);
570 data[0] = l >> 24 & 0xff;
571 data[1] = l >> 16 & 0xff;
572 data[2] = l >> 8 & 0xff;
573 data[3] = l & 0xff;
574 data[4] = r >> 24 & 0xff;
575 data[5] = r >> 16 & 0xff;
576 data[6] = r >> 8 & 0xff;
577 data[7] = r & 0xff;
578 data += 8;
579 }
580}
581
582void
583blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
584{
585 u_int32_t l, r;
586 u_int32_t i, j;
587
588 for (i = 0; i < len; i += 8) {
589 for (j = 0; j < 8; j++)
590 data[j] ^= iv[j];
591 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
592 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
593 Blowfish_encipher(c, &l, &r);
594 data[0] = l >> 24 & 0xff;
595 data[1] = l >> 16 & 0xff;
596 data[2] = l >> 8 & 0xff;
597 data[3] = l & 0xff;
598 data[4] = r >> 24 & 0xff;
599 data[5] = r >> 16 & 0xff;
600 data[6] = r >> 8 & 0xff;
601 data[7] = r & 0xff;
602 iv = data;
603 data += 8;
604 }
605}
606
607void
608blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
609{
610 u_int32_t l, r;
611 u_int8_t *iv;
612 u_int32_t i, j;
613
614 iv = data + len - 16;
615 data = data + len - 8;
616 for (i = len - 8; i >= 8; i -= 8) {
617 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
618 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
619 Blowfish_decipher(c, &l, &r);
620 data[0] = l >> 24 & 0xff;
621 data[1] = l >> 16 & 0xff;
622 data[2] = l >> 8 & 0xff;
623 data[3] = l & 0xff;
624 data[4] = r >> 24 & 0xff;
625 data[5] = r >> 16 & 0xff;
626 data[6] = r >> 8 & 0xff;
627 data[7] = r & 0xff;
628 for (j = 0; j < 8; j++)
629 data[j] ^= iv[j];
630 iv -= 8;
631 data -= 8;
632 }
633 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
634 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
635 Blowfish_decipher(c, &l, &r);
636 data[0] = l >> 24 & 0xff;
637 data[1] = l >> 16 & 0xff;
638 data[2] = l >> 8 & 0xff;
639 data[3] = l & 0xff;
640 data[4] = r >> 24 & 0xff;
641 data[5] = r >> 16 & 0xff;
642 data[6] = r >> 8 & 0xff;
643 data[7] = r & 0xff;
644 for (j = 0; j < 8; j++)
645 data[j] ^= iva[j];
646}
647
648#if 0
649void
650report(u_int32_t data[], u_int16_t len)
651{
652 u_int16_t i;
653 for (i = 0; i < len; i += 2)
654 printf("Block %0hd: %08lx %08lx.\n",
655 i / 2, data[i], data[i + 1]);
656}
657void
658main(void)
659{
660
661 blf_ctx c;
662 char key[] = "AAAAA";
663 char key2[] = "abcdefghijklmnopqrstuvwxyz";
664
665 u_int32_t data[10];
666 u_int32_t data2[] =
667 {0x424c4f57l, 0x46495348l};
668
669 u_int16_t i;
670
671 /* First test */
672 for (i = 0; i < 10; i++)
673 data[i] = i;
674
675 blf_key(&c, (u_int8_t *) key, 5);
676 blf_enc(&c, data, 5);
677 blf_dec(&c, data, 1);
678 blf_dec(&c, data + 2, 4);
679 printf("Should read as 0 - 9.\n");
680 report(data, 10);
681
682 /* Second test */
683 blf_key(&c, (u_int8_t *) key2, strlen(key2));
684 blf_enc(&c, data2, 1);
685 printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
686 report(data2, 2);
687 blf_dec(&c, data2, 1);
688 report(data2, 2);
689}
690#endif
691
692#endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
693 !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */
694
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c
deleted file mode 100644
index d7c586253..000000000
--- a/openbsd-compat/bsd-arc4random.c
+++ /dev/null
@@ -1,150 +0,0 @@
1/*
2 * Copyright (c) 1999,2000,2004 Damien Miller <djm@mindrot.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include "includes.h"
18
19#include <sys/types.h>
20
21#include <string.h>
22#include <stdlib.h>
23#include <stdarg.h>
24
25#include "log.h"
26
27#ifndef HAVE_ARC4RANDOM
28
29#include <openssl/rand.h>
30#include <openssl/rc4.h>
31#include <openssl/err.h>
32
33/* Size of key to use */
34#define SEED_SIZE 20
35
36/* Number of bytes to reseed after */
37#define REKEY_BYTES (1 << 24)
38
39static int rc4_ready = 0;
40static RC4_KEY rc4;
41
42unsigned int
43arc4random(void)
44{
45 unsigned int r = 0;
46 static int first_time = 1;
47
48 if (rc4_ready <= 0) {
49 if (first_time)
50 seed_rng();
51 first_time = 0;
52 arc4random_stir();
53 }
54
55 RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
56
57 rc4_ready -= sizeof(r);
58
59 return(r);
60}
61
62void
63arc4random_stir(void)
64{
65 unsigned char rand_buf[SEED_SIZE];
66 int i;
67
68 memset(&rc4, 0, sizeof(rc4));
69 if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
70 fatal("Couldn't obtain random bytes (error %ld)",
71 ERR_get_error());
72 RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
73
74 /*
75 * Discard early keystream, as per recommendations in:
76 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
77 */
78 for(i = 0; i <= 256; i += sizeof(rand_buf))
79 RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
80
81 memset(rand_buf, 0, sizeof(rand_buf));
82
83 rc4_ready = REKEY_BYTES;
84}
85#endif /* !HAVE_ARC4RANDOM */
86
87#ifndef HAVE_ARC4RANDOM_BUF
88void
89arc4random_buf(void *_buf, size_t n)
90{
91 size_t i;
92 u_int32_t r = 0;
93 char *buf = (char *)_buf;
94
95 for (i = 0; i < n; i++) {
96 if (i % 4 == 0)
97 r = arc4random();
98 buf[i] = r & 0xff;
99 r >>= 8;
100 }
101 i = r = 0;
102}
103#endif /* !HAVE_ARC4RANDOM_BUF */
104
105#ifndef HAVE_ARC4RANDOM_UNIFORM
106/*
107 * Calculate a uniformly distributed random number less than upper_bound
108 * avoiding "modulo bias".
109 *
110 * Uniformity is achieved by generating new random numbers until the one
111 * returned is outside the range [0, 2**32 % upper_bound). This
112 * guarantees the selected random number will be inside
113 * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
114 * after reduction modulo upper_bound.
115 */
116u_int32_t
117arc4random_uniform(u_int32_t upper_bound)
118{
119 u_int32_t r, min;
120
121 if (upper_bound < 2)
122 return 0;
123
124#if (ULONG_MAX > 0xffffffffUL)
125 min = 0x100000000UL % upper_bound;
126#else
127 /* Calculate (2**32 % upper_bound) avoiding 64-bit math */
128 if (upper_bound > 0x80000000)
129 min = 1 + ~upper_bound; /* 2**32 - upper_bound */
130 else {
131 /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
132 min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
133 }
134#endif
135
136 /*
137 * This could theoretically loop forever but each retry has
138 * p > 0.5 (worst case, usually far better) of selecting a
139 * number inside the range we need, so it should rarely need
140 * to re-roll.
141 */
142 for (;;) {
143 r = arc4random();
144 if (r >= min)
145 break;
146 }
147
148 return r % upper_bound;
149}
150#endif /* !HAVE_ARC4RANDOM_UNIFORM */
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h
index 372e41955..1177366f1 100644
--- a/openbsd-compat/bsd-cygwin_util.h
+++ b/openbsd-compat/bsd-cygwin_util.h
@@ -1,4 +1,4 @@
1/* $Id: bsd-cygwin_util.h,v 1.16 2013/04/01 01:40:49 dtucker Exp $ */ 1/* $Id: bsd-cygwin_util.h,v 1.17 2014/01/18 10:04:00 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com> 4 * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com>
@@ -40,9 +40,15 @@
40typedef void *HANDLE; 40typedef void *HANDLE;
41#define INVALID_HANDLE_VALUE ((HANDLE) -1) 41#define INVALID_HANDLE_VALUE ((HANDLE) -1)
42 42
43/* Cygwin functions for which declarations are only available when including
44 windows headers, so we have to define them here explicitely. */
45extern HANDLE cygwin_logon_user (const struct passwd *, const char *);
46extern void cygwin_set_impersonation_token (const HANDLE);
47
43#include <sys/cygwin.h> 48#include <sys/cygwin.h>
44#include <io.h> 49#include <io.h>
45 50
51
46int binary_open(const char *, int , ...); 52int binary_open(const char *, int , ...);
47int check_ntsec(const char *); 53int check_ntsec(const char *);
48char **fetch_windows_environment(void); 54char **fetch_windows_environment(void);
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index d75854e83..65e800397 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -28,6 +28,7 @@
28#include <string.h> 28#include <string.h>
29#include <signal.h> 29#include <signal.h>
30#include <stdlib.h> 30#include <stdlib.h>
31#include <time.h>
31#include <unistd.h> 32#include <unistd.h>
32 33
33#include "xmalloc.h" 34#include "xmalloc.h"
diff --git a/openbsd-compat/bsd-poll.c b/openbsd-compat/bsd-poll.c
index f899d7a24..c7ef82776 100644
--- a/openbsd-compat/bsd-poll.c
+++ b/openbsd-compat/bsd-poll.c
@@ -1,4 +1,4 @@
1/* $Id: bsd-poll.c,v 1.4 2008/08/29 21:32:38 dtucker Exp $ */ 1/* $Id: bsd-poll.c,v 1.5 2013/11/08 10:12:58 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2004, 2005, 2007 Darren Tucker (dtucker at zip com au). 4 * Copyright (c) 2004, 2005, 2007 Darren Tucker (dtucker at zip com au).
@@ -19,12 +19,15 @@
19#include "includes.h" 19#include "includes.h"
20#if !defined(HAVE_POLL) 20#if !defined(HAVE_POLL)
21 21
22#include <sys/types.h>
23#include <sys/time.h>
22#ifdef HAVE_SYS_SELECT_H 24#ifdef HAVE_SYS_SELECT_H
23# include <sys/select.h> 25# include <sys/select.h>
24#endif 26#endif
25 27
26#include <stdlib.h>
27#include <errno.h> 28#include <errno.h>
29#include <stdlib.h>
30#include <unistd.h>
28#include "bsd-poll.h" 31#include "bsd-poll.h"
29 32
30/* 33/*
diff --git a/openbsd-compat/bsd-setres_id.c b/openbsd-compat/bsd-setres_id.c
index 020b214b8..018bde8c7 100644
--- a/openbsd-compat/bsd-setres_id.c
+++ b/openbsd-compat/bsd-setres_id.c
@@ -1,4 +1,4 @@
1/* $Id: bsd-setres_id.c,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */ 1/* $Id: bsd-setres_id.c,v 1.2 2013/12/07 21:23:09 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2012 Darren Tucker (dtucker at zip com au). 4 * Copyright (c) 2012 Darren Tucker (dtucker at zip com au).
@@ -22,6 +22,7 @@
22 22
23#include <stdarg.h> 23#include <stdarg.h>
24#include <unistd.h> 24#include <unistd.h>
25#include <string.h>
25 26
26#include "log.h" 27#include "log.h"
27 28
diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c
index 41d2be238..975991e7f 100644
--- a/openbsd-compat/bsd-snprintf.c
+++ b/openbsd-compat/bsd-snprintf.c
@@ -160,6 +160,8 @@
160#define DP_C_LONG 2 160#define DP_C_LONG 2
161#define DP_C_LDOUBLE 3 161#define DP_C_LDOUBLE 3
162#define DP_C_LLONG 4 162#define DP_C_LLONG 4
163#define DP_C_SIZE 5
164#define DP_C_INTMAX 6
163 165
164#define char_to_int(p) ((p)- '0') 166#define char_to_int(p) ((p)- '0')
165#ifndef MAX 167#ifndef MAX
@@ -182,7 +184,7 @@ static int dopr(char *buffer, size_t maxlen, const char *format,
182static int fmtstr(char *buffer, size_t *currlen, size_t maxlen, 184static int fmtstr(char *buffer, size_t *currlen, size_t maxlen,
183 char *value, int flags, int min, int max); 185 char *value, int flags, int min, int max);
184static int fmtint(char *buffer, size_t *currlen, size_t maxlen, 186static int fmtint(char *buffer, size_t *currlen, size_t maxlen,
185 LLONG value, int base, int min, int max, int flags); 187 intmax_t value, int base, int min, int max, int flags);
186static int fmtfp(char *buffer, size_t *currlen, size_t maxlen, 188static int fmtfp(char *buffer, size_t *currlen, size_t maxlen,
187 LDOUBLE fvalue, int min, int max, int flags); 189 LDOUBLE fvalue, int min, int max, int flags);
188 190
@@ -190,7 +192,7 @@ static int
190dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) 192dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
191{ 193{
192 char ch; 194 char ch;
193 LLONG value; 195 intmax_t value;
194 LDOUBLE fvalue; 196 LDOUBLE fvalue;
195 char *strvalue; 197 char *strvalue;
196 int min; 198 int min;
@@ -287,6 +289,10 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
287 cflags = DP_C_SHORT; 289 cflags = DP_C_SHORT;
288 ch = *format++; 290 ch = *format++;
289 break; 291 break;
292 case 'j':
293 cflags = DP_C_INTMAX;
294 ch = *format++;
295 break;
290 case 'l': 296 case 'l':
291 cflags = DP_C_LONG; 297 cflags = DP_C_LONG;
292 ch = *format++; 298 ch = *format++;
@@ -299,6 +305,10 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
299 cflags = DP_C_LDOUBLE; 305 cflags = DP_C_LDOUBLE;
300 ch = *format++; 306 ch = *format++;
301 break; 307 break;
308 case 'z':
309 cflags = DP_C_SIZE;
310 ch = *format++;
311 break;
302 default: 312 default:
303 break; 313 break;
304 } 314 }
@@ -314,6 +324,10 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
314 value = va_arg (args, long int); 324 value = va_arg (args, long int);
315 else if (cflags == DP_C_LLONG) 325 else if (cflags == DP_C_LLONG)
316 value = va_arg (args, LLONG); 326 value = va_arg (args, LLONG);
327 else if (cflags == DP_C_SIZE)
328 value = va_arg (args, ssize_t);
329 else if (cflags == DP_C_INTMAX)
330 value = va_arg (args, intmax_t);
317 else 331 else
318 value = va_arg (args, int); 332 value = va_arg (args, int);
319 if (fmtint(buffer, &currlen, maxlen, 333 if (fmtint(buffer, &currlen, maxlen,
@@ -328,6 +342,12 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
328 value = (long)va_arg (args, unsigned long int); 342 value = (long)va_arg (args, unsigned long int);
329 else if (cflags == DP_C_LLONG) 343 else if (cflags == DP_C_LLONG)
330 value = (long)va_arg (args, unsigned LLONG); 344 value = (long)va_arg (args, unsigned LLONG);
345 else if (cflags == DP_C_SIZE)
346 value = va_arg (args, size_t);
347#ifdef notyet
348 else if (cflags == DP_C_INTMAX)
349 value = va_arg (args, uintmax_t);
350#endif
331 else 351 else
332 value = (long)va_arg (args, unsigned int); 352 value = (long)va_arg (args, unsigned int);
333 if (fmtint(buffer, &currlen, maxlen, value, 353 if (fmtint(buffer, &currlen, maxlen, value,
@@ -342,6 +362,12 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
342 value = (long)va_arg (args, unsigned long int); 362 value = (long)va_arg (args, unsigned long int);
343 else if (cflags == DP_C_LLONG) 363 else if (cflags == DP_C_LLONG)
344 value = (LLONG)va_arg (args, unsigned LLONG); 364 value = (LLONG)va_arg (args, unsigned LLONG);
365 else if (cflags == DP_C_SIZE)
366 value = va_arg (args, size_t);
367#ifdef notyet
368 else if (cflags == DP_C_INTMAX)
369 value = va_arg (args, uintmax_t);
370#endif
345 else 371 else
346 value = (long)va_arg (args, unsigned int); 372 value = (long)va_arg (args, unsigned int);
347 if (fmtint(buffer, &currlen, maxlen, value, 373 if (fmtint(buffer, &currlen, maxlen, value,
@@ -358,6 +384,12 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
358 value = (long)va_arg (args, unsigned long int); 384 value = (long)va_arg (args, unsigned long int);
359 else if (cflags == DP_C_LLONG) 385 else if (cflags == DP_C_LLONG)
360 value = (LLONG)va_arg (args, unsigned LLONG); 386 value = (LLONG)va_arg (args, unsigned LLONG);
387 else if (cflags == DP_C_SIZE)
388 value = va_arg (args, size_t);
389#ifdef notyet
390 else if (cflags == DP_C_INTMAX)
391 value = va_arg (args, uintmax_t);
392#endif
361 else 393 else
362 value = (long)va_arg (args, unsigned int); 394 value = (long)va_arg (args, unsigned int);
363 if (fmtint(buffer, &currlen, maxlen, value, 395 if (fmtint(buffer, &currlen, maxlen, value,
@@ -416,6 +448,7 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
416 (long) strvalue, 16, min, max, flags) == -1) 448 (long) strvalue, 16, min, max, flags) == -1)
417 return -1; 449 return -1;
418 break; 450 break;
451#if we_dont_want_this_in_openssh
419 case 'n': 452 case 'n':
420 if (cflags == DP_C_SHORT) { 453 if (cflags == DP_C_SHORT) {
421 short int *num; 454 short int *num;
@@ -429,12 +462,21 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
429 LLONG *num; 462 LLONG *num;
430 num = va_arg (args, LLONG *); 463 num = va_arg (args, LLONG *);
431 *num = (LLONG)currlen; 464 *num = (LLONG)currlen;
465 } else if (cflags == DP_C_SIZE) {
466 ssize_t *num;
467 num = va_arg (args, ssize_t *);
468 *num = (ssize_t)currlen;
469 } else if (cflags == DP_C_INTMAX) {
470 intmax_t *num;
471 num = va_arg (args, intmax_t *);
472 *num = (intmax_t)currlen;
432 } else { 473 } else {
433 int *num; 474 int *num;
434 num = va_arg (args, int *); 475 num = va_arg (args, int *);
435 *num = currlen; 476 *num = currlen;
436 } 477 }
437 break; 478 break;
479#endif
438 case '%': 480 case '%':
439 DOPR_OUTCH(buffer, currlen, maxlen, ch); 481 DOPR_OUTCH(buffer, currlen, maxlen, ch);
440 break; 482 break;
diff --git a/openbsd-compat/bsd-statvfs.c b/openbsd-compat/bsd-statvfs.c
index 844d5b464..2b1da80ec 100644
--- a/openbsd-compat/bsd-statvfs.c
+++ b/openbsd-compat/bsd-statvfs.c
@@ -1,7 +1,7 @@
1/* $Id: bsd-statvfs.c,v 1.1 2008/06/08 17:32:29 dtucker Exp $ */ 1/* $Id: bsd-statvfs.c,v 1.2 2014/01/17 07:10:59 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2008 Darren Tucker <dtucker@zip.com.au> 4 * Copyright (c) 2008,2014 Darren Tucker <dtucker@zip.com.au>
5 * 5 *
6 * Permission to use, copy, modify, and distribute this software for any 6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above 7 * purpose with or without fee is hereby granted, provided that the above
@@ -18,20 +18,65 @@
18 18
19#include "includes.h" 19#include "includes.h"
20 20
21#if !defined(HAVE_STATVFS) || !defined(HAVE_FSTATVFS)
22
23#include <sys/param.h>
24#ifdef HAVE_SYS_MOUNT_H
25# include <sys/mount.h>
26#endif
27
21#include <errno.h> 28#include <errno.h>
22 29
23#ifndef HAVE_STATVFS 30static void
31copy_statfs_to_statvfs(struct statvfs *to, struct statfs *from)
32{
33 to->f_bsize = from->f_bsize;
34 to->f_frsize = from->f_bsize; /* no exact equivalent */
35 to->f_blocks = from->f_blocks;
36 to->f_bfree = from->f_bfree;
37 to->f_bavail = from->f_bavail;
38 to->f_files = from->f_files;
39 to->f_ffree = from->f_ffree;
40 to->f_favail = from->f_ffree; /* no exact equivalent */
41 to->f_fsid = 0; /* XXX fix me */
42 to->f_flag = from->f_flags;
43 to->f_namemax = MNAMELEN;
44}
45
46# ifndef HAVE_STATVFS
24int statvfs(const char *path, struct statvfs *buf) 47int statvfs(const char *path, struct statvfs *buf)
25{ 48{
49# ifdef HAVE_STATFS
50 struct statfs fs;
51
52 memset(&fs, 0, sizeof(fs));
53 if (statfs(path, &fs) == -1)
54 return -1;
55 copy_statfs_to_statvfs(buf, &fs);
56 return 0;
57# else
26 errno = ENOSYS; 58 errno = ENOSYS;
27 return -1; 59 return -1;
60# endif
28} 61}
29#endif 62# endif
30 63
31#ifndef HAVE_FSTATVFS 64# ifndef HAVE_FSTATVFS
32int fstatvfs(int fd, struct statvfs *buf) 65int fstatvfs(int fd, struct statvfs *buf)
33{ 66{
67# ifdef HAVE_FSTATFS
68 struct statfs fs;
69
70 memset(&fs, 0, sizeof(fs));
71 if (fstatfs(fd, &fs) == -1)
72 return -1;
73 copy_statfs_to_statvfs(buf, &fs);
74 return 0;
75# else
34 errno = ENOSYS; 76 errno = ENOSYS;
35 return -1; 77 return -1;
78# endif
36} 79}
80# endif
81
37#endif 82#endif
diff --git a/openbsd-compat/bsd-statvfs.h b/openbsd-compat/bsd-statvfs.h
index da215ffc6..dfd609974 100644
--- a/openbsd-compat/bsd-statvfs.h
+++ b/openbsd-compat/bsd-statvfs.h
@@ -1,7 +1,7 @@
1/* $Id: bsd-statvfs.h,v 1.1 2008/06/08 17:32:29 dtucker Exp $ */ 1/* $Id: bsd-statvfs.h,v 1.3 2014/01/17 07:48:22 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2008 Darren Tucker <dtucker@zip.com.au> 4 * Copyright (c) 2008,2014 Darren Tucker <dtucker@zip.com.au>
5 * 5 *
6 * Permission to use, copy, modify, and distribute this software for any 6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above 7 * purpose with or without fee is hereby granted, provided that the above
@@ -18,14 +18,17 @@
18 18
19#include "includes.h" 19#include "includes.h"
20 20
21#if !defined(HAVE_STATVFS) || !defined(HAVE_FSTATVFS)
22
21#include <sys/types.h> 23#include <sys/types.h>
22 24
25#ifdef HAVE_SYS_MOUNT_H
26#include <sys/mount.h>
27#endif
23#ifdef HAVE_SYS_STATFS_H 28#ifdef HAVE_SYS_STATFS_H
24#include <sys/statfs.h> 29#include <sys/statfs.h>
25#endif 30#endif
26 31
27#ifndef HAVE_STATVFS
28
29#ifndef HAVE_FSBLKCNT_T 32#ifndef HAVE_FSBLKCNT_T
30typedef unsigned long fsblkcnt_t; 33typedef unsigned long fsblkcnt_t;
31#endif 34#endif
diff --git a/openbsd-compat/chacha_private.h b/openbsd-compat/chacha_private.h
new file mode 100644
index 000000000..7c3680fa6
--- /dev/null
+++ b/openbsd-compat/chacha_private.h
@@ -0,0 +1,222 @@
1/*
2chacha-merged.c version 20080118
3D. J. Bernstein
4Public domain.
5*/
6
7/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */
8
9typedef unsigned char u8;
10typedef unsigned int u32;
11
12typedef struct
13{
14 u32 input[16]; /* could be compressed */
15} chacha_ctx;
16
17#define U8C(v) (v##U)
18#define U32C(v) (v##U)
19
20#define U8V(v) ((u8)(v) & U8C(0xFF))
21#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
22
23#define ROTL32(v, n) \
24 (U32V((v) << (n)) | ((v) >> (32 - (n))))
25
26#define U8TO32_LITTLE(p) \
27 (((u32)((p)[0]) ) | \
28 ((u32)((p)[1]) << 8) | \
29 ((u32)((p)[2]) << 16) | \
30 ((u32)((p)[3]) << 24))
31
32#define U32TO8_LITTLE(p, v) \
33 do { \
34 (p)[0] = U8V((v) ); \
35 (p)[1] = U8V((v) >> 8); \
36 (p)[2] = U8V((v) >> 16); \
37 (p)[3] = U8V((v) >> 24); \
38 } while (0)
39
40#define ROTATE(v,c) (ROTL32(v,c))
41#define XOR(v,w) ((v) ^ (w))
42#define PLUS(v,w) (U32V((v) + (w)))
43#define PLUSONE(v) (PLUS((v),1))
44
45#define QUARTERROUND(a,b,c,d) \
46 a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
47 c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
48 a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
49 c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
50
51static const char sigma[16] = "expand 32-byte k";
52static const char tau[16] = "expand 16-byte k";
53
54static void
55chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
56{
57 const char *constants;
58
59 x->input[4] = U8TO32_LITTLE(k + 0);
60 x->input[5] = U8TO32_LITTLE(k + 4);
61 x->input[6] = U8TO32_LITTLE(k + 8);
62 x->input[7] = U8TO32_LITTLE(k + 12);
63 if (kbits == 256) { /* recommended */
64 k += 16;
65 constants = sigma;
66 } else { /* kbits == 128 */
67 constants = tau;
68 }
69 x->input[8] = U8TO32_LITTLE(k + 0);
70 x->input[9] = U8TO32_LITTLE(k + 4);
71 x->input[10] = U8TO32_LITTLE(k + 8);
72 x->input[11] = U8TO32_LITTLE(k + 12);
73 x->input[0] = U8TO32_LITTLE(constants + 0);
74 x->input[1] = U8TO32_LITTLE(constants + 4);
75 x->input[2] = U8TO32_LITTLE(constants + 8);
76 x->input[3] = U8TO32_LITTLE(constants + 12);
77}
78
79static void
80chacha_ivsetup(chacha_ctx *x,const u8 *iv)
81{
82 x->input[12] = 0;
83 x->input[13] = 0;
84 x->input[14] = U8TO32_LITTLE(iv + 0);
85 x->input[15] = U8TO32_LITTLE(iv + 4);
86}
87
88static void
89chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
90{
91 u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
92 u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
93 u8 *ctarget = NULL;
94 u8 tmp[64];
95 u_int i;
96
97 if (!bytes) return;
98
99 j0 = x->input[0];
100 j1 = x->input[1];
101 j2 = x->input[2];
102 j3 = x->input[3];
103 j4 = x->input[4];
104 j5 = x->input[5];
105 j6 = x->input[6];
106 j7 = x->input[7];
107 j8 = x->input[8];
108 j9 = x->input[9];
109 j10 = x->input[10];
110 j11 = x->input[11];
111 j12 = x->input[12];
112 j13 = x->input[13];
113 j14 = x->input[14];
114 j15 = x->input[15];
115
116 for (;;) {
117 if (bytes < 64) {
118 for (i = 0;i < bytes;++i) tmp[i] = m[i];
119 m = tmp;
120 ctarget = c;
121 c = tmp;
122 }
123 x0 = j0;
124 x1 = j1;
125 x2 = j2;
126 x3 = j3;
127 x4 = j4;
128 x5 = j5;
129 x6 = j6;
130 x7 = j7;
131 x8 = j8;
132 x9 = j9;
133 x10 = j10;
134 x11 = j11;
135 x12 = j12;
136 x13 = j13;
137 x14 = j14;
138 x15 = j15;
139 for (i = 20;i > 0;i -= 2) {
140 QUARTERROUND( x0, x4, x8,x12)
141 QUARTERROUND( x1, x5, x9,x13)
142 QUARTERROUND( x2, x6,x10,x14)
143 QUARTERROUND( x3, x7,x11,x15)
144 QUARTERROUND( x0, x5,x10,x15)
145 QUARTERROUND( x1, x6,x11,x12)
146 QUARTERROUND( x2, x7, x8,x13)
147 QUARTERROUND( x3, x4, x9,x14)
148 }
149 x0 = PLUS(x0,j0);
150 x1 = PLUS(x1,j1);
151 x2 = PLUS(x2,j2);
152 x3 = PLUS(x3,j3);
153 x4 = PLUS(x4,j4);
154 x5 = PLUS(x5,j5);
155 x6 = PLUS(x6,j6);
156 x7 = PLUS(x7,j7);
157 x8 = PLUS(x8,j8);
158 x9 = PLUS(x9,j9);
159 x10 = PLUS(x10,j10);
160 x11 = PLUS(x11,j11);
161 x12 = PLUS(x12,j12);
162 x13 = PLUS(x13,j13);
163 x14 = PLUS(x14,j14);
164 x15 = PLUS(x15,j15);
165
166#ifndef KEYSTREAM_ONLY
167 x0 = XOR(x0,U8TO32_LITTLE(m + 0));
168 x1 = XOR(x1,U8TO32_LITTLE(m + 4));
169 x2 = XOR(x2,U8TO32_LITTLE(m + 8));
170 x3 = XOR(x3,U8TO32_LITTLE(m + 12));
171 x4 = XOR(x4,U8TO32_LITTLE(m + 16));
172 x5 = XOR(x5,U8TO32_LITTLE(m + 20));
173 x6 = XOR(x6,U8TO32_LITTLE(m + 24));
174 x7 = XOR(x7,U8TO32_LITTLE(m + 28));
175 x8 = XOR(x8,U8TO32_LITTLE(m + 32));
176 x9 = XOR(x9,U8TO32_LITTLE(m + 36));
177 x10 = XOR(x10,U8TO32_LITTLE(m + 40));
178 x11 = XOR(x11,U8TO32_LITTLE(m + 44));
179 x12 = XOR(x12,U8TO32_LITTLE(m + 48));
180 x13 = XOR(x13,U8TO32_LITTLE(m + 52));
181 x14 = XOR(x14,U8TO32_LITTLE(m + 56));
182 x15 = XOR(x15,U8TO32_LITTLE(m + 60));
183#endif
184
185 j12 = PLUSONE(j12);
186 if (!j12) {
187 j13 = PLUSONE(j13);
188 /* stopping at 2^70 bytes per nonce is user's responsibility */
189 }
190
191 U32TO8_LITTLE(c + 0,x0);
192 U32TO8_LITTLE(c + 4,x1);
193 U32TO8_LITTLE(c + 8,x2);
194 U32TO8_LITTLE(c + 12,x3);
195 U32TO8_LITTLE(c + 16,x4);
196 U32TO8_LITTLE(c + 20,x5);
197 U32TO8_LITTLE(c + 24,x6);
198 U32TO8_LITTLE(c + 28,x7);
199 U32TO8_LITTLE(c + 32,x8);
200 U32TO8_LITTLE(c + 36,x9);
201 U32TO8_LITTLE(c + 40,x10);
202 U32TO8_LITTLE(c + 44,x11);
203 U32TO8_LITTLE(c + 48,x12);
204 U32TO8_LITTLE(c + 52,x13);
205 U32TO8_LITTLE(c + 56,x14);
206 U32TO8_LITTLE(c + 60,x15);
207
208 if (bytes <= 64) {
209 if (bytes < 64) {
210 for (i = 0;i < bytes;++i) ctarget[i] = c[i];
211 }
212 x->input[12] = j12;
213 x->input[13] = j13;
214 return;
215 }
216 bytes -= 64;
217 c += 64;
218#ifndef KEYSTREAM_ONLY
219 m += 64;
220#endif
221 }
222}
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index 392fa38dc..f34619e4a 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
1/* $Id: openbsd-compat.h,v 1.58 2013/06/05 22:30:21 dtucker Exp $ */ 1/* $Id: openbsd-compat.h,v 1.60 2013/12/07 00:51:54 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved. 4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -44,6 +44,7 @@
44#include "vis.h" 44#include "vis.h"
45#include "getrrsetbyname.h" 45#include "getrrsetbyname.h"
46#include "sha2.h" 46#include "sha2.h"
47#include "blf.h"
47 48
48#ifndef HAVE_BASENAME 49#ifndef HAVE_BASENAME
49char *basename(const char *path); 50char *basename(const char *path);
@@ -161,9 +162,13 @@ int writev(int, struct iovec *, int);
161 162
162#ifndef HAVE_GETPEEREID 163#ifndef HAVE_GETPEEREID
163int getpeereid(int , uid_t *, gid_t *); 164int getpeereid(int , uid_t *, gid_t *);
164#endif 165#endif
165 166
166#ifndef HAVE_ARC4RANDOM 167#ifdef HAVE_ARC4RANDOM
168# ifndef HAVE_ARC4RANDOM_STIR
169# define arc4random_stir()
170# endif
171#else
167unsigned int arc4random(void); 172unsigned int arc4random(void);
168void arc4random_stir(void); 173void arc4random_stir(void);
169#endif /* !HAVE_ARC4RANDOM */ 174#endif /* !HAVE_ARC4RANDOM */
@@ -236,6 +241,11 @@ char *group_from_gid(gid_t, int);
236int timingsafe_bcmp(const void *, const void *, size_t); 241int timingsafe_bcmp(const void *, const void *, size_t);
237#endif 242#endif
238 243
244#ifndef HAVE_BCRYPT_PBKDF
245int bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t,
246 u_int8_t *, size_t, unsigned int);
247#endif
248
239void *xmmap(size_t size); 249void *xmmap(size_t size);
240char *xcrypt(const char *password, const char *salt); 250char *xcrypt(const char *password, const char *salt);
241char *shadow_pw(struct passwd *pw); 251char *shadow_pw(struct passwd *pw);
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 5189cab61..60eac4b17 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
1/* $Id: openssl-compat.c,v 1.14 2011/05/10 01:13:38 dtucker Exp $ */ 1/* $Id: openssl-compat.c,v 1.16 2014/01/17 07:00:41 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> 4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -59,6 +59,34 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
59} 59}
60#endif 60#endif
61 61
62#ifndef HAVE_EVP_DIGESTINIT_EX
63int
64EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, void *engine)
65{
66 if (engine != NULL)
67 fatal("%s: ENGINE is not supported", __func__);
68# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
69 EVP_DigestInit(ctx, md);
70 return 1;
71# else
72 return EVP_DigestInit(ctx, md);
73# endif
74}
75#endif
76
77#ifndef HAVE_EVP_DIGESTFINAL_EX
78int
79EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s)
80{
81# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
82 EVP_DigestFinal(ctx, md, s);
83 return 1;
84# else
85 return EVP_DigestFinal(ctx, md, s);
86# endif
87}
88#endif
89
62#ifdef OPENSSL_EVP_DIGESTUPDATE_VOID 90#ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
63int 91int
64ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt) 92ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index e7439b4e7..021ea98f5 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
1/* $Id: openssl-compat.h,v 1.24 2013/02/12 00:00:40 djm Exp $ */ 1/* $Id: openssl-compat.h,v 1.25 2014/01/17 06:32:31 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> 4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -148,6 +148,14 @@ int DSA_generate_parameters_ex(DSA *, int, const unsigned char *, int, int *,
148int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *); 148int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *);
149# endif 149# endif
150 150
151# ifndef HAVE_EVP_DIGESTINIT_EX
152int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, void *);
153# endif
154
155# ifndef HAVE_EVP_DISESTFINAL_EX
156int EVP_DigestFinal_ex(EVP_MD_CTX *, unsigned char *, unsigned int *);
157# endif
158
151int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, 159int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
152 unsigned char *, int); 160 unsigned char *, int);
153int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); 161int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
@@ -158,5 +166,13 @@ void ssh_OpenSSL_add_all_algorithms(void);
158# define HMAC_CTX_init(a) 166# define HMAC_CTX_init(a)
159# endif 167# endif
160 168
169# ifndef HAVE_EVP_MD_CTX_INIT
170# define EVP_MD_CTX_init(a)
171# endif
172
173# ifndef HAVE_EVP_MD_CTX_CLEANUP
174# define EVP_MD_CTX_cleanup(a)
175# endif
176
161#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ 177#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
162 178
diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c
index 2965f689e..9f7ca14c2 100644
--- a/openbsd-compat/setproctitle.c
+++ b/openbsd-compat/setproctitle.c
@@ -67,7 +67,8 @@ static size_t argv_env_len = 0;
67void 67void
68compat_init_setproctitle(int argc, char *argv[]) 68compat_init_setproctitle(int argc, char *argv[])
69{ 69{
70#if defined(SPT_TYPE) && SPT_TYPE == SPT_REUSEARGV 70#if !defined(HAVE_SETPROCTITLE) && \
71 defined(SPT_TYPE) && SPT_TYPE == SPT_REUSEARGV
71 extern char **environ; 72 extern char **environ;
72 char *lastargv = NULL; 73 char *lastargv = NULL;
73 char **envp = environ; 74 char **envp = environ;
@@ -125,6 +126,7 @@ setproctitle(const char *fmt, ...)
125 va_list ap; 126 va_list ap;
126 char buf[1024], ptitle[1024]; 127 char buf[1024], ptitle[1024];
127 size_t len; 128 size_t len;
129 int r;
128 extern char *__progname; 130 extern char *__progname;
129#if SPT_TYPE == SPT_PSTAT 131#if SPT_TYPE == SPT_PSTAT
130 union pstun pst; 132 union pstun pst;
@@ -137,13 +139,16 @@ setproctitle(const char *fmt, ...)
137 139
138 strlcpy(buf, __progname, sizeof(buf)); 140 strlcpy(buf, __progname, sizeof(buf));
139 141
142 r = -1;
140 va_start(ap, fmt); 143 va_start(ap, fmt);
141 if (fmt != NULL) { 144 if (fmt != NULL) {
142 len = strlcat(buf, ": ", sizeof(buf)); 145 len = strlcat(buf, ": ", sizeof(buf));
143 if (len < sizeof(buf)) 146 if (len < sizeof(buf))
144 vsnprintf(buf + len, sizeof(buf) - len , fmt, ap); 147 r = vsnprintf(buf + len, sizeof(buf) - len , fmt, ap);
145 } 148 }
146 va_end(ap); 149 va_end(ap);
150 if (r == -1 || (size_t)r >= sizeof(buf) - len)
151 return;
147 strnvis(ptitle, buf, sizeof(ptitle), 152 strnvis(ptitle, buf, sizeof(ptitle),
148 VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL); 153 VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL);
149 154