From c4fdc6bfdb2211e13643d5fba75edf437c122eef Mon Sep 17 00:00:00 2001 From: glenda Date: Tue, 25 Aug 2015 09:35:10 +0000 Subject: fix fuckup --- sys/src/libsec/port/const.c | 18 ------ sys/src/libsec/port/ecc.c | 125 ++---------------------------------------- sys/src/libsec/port/mkfile | 1 - sys/src/libsec/port/thumb.c | 2 +- sys/src/libsec/port/tlshand.c | 84 +++++++++++++++++++++------- sys/src/libsec/port/x509.c | 2 +- 6 files changed, 70 insertions(+), 162 deletions(-) delete mode 100644 sys/src/libsec/port/const.c (limited to 'sys/src/libsec') diff --git a/sys/src/libsec/port/const.c b/sys/src/libsec/port/const.c deleted file mode 100644 index 0cf400178..000000000 --- a/sys/src/libsec/port/const.c +++ /dev/null @@ -1,18 +0,0 @@ -#include - -/* - * returns 0 if the the len bytes in x are equal to len bytes in y, - * otherwise returns -1. - */ -int -constcmp(uchar *x, uchar *y, int len) -{ - uint z; - int i; - - for(z = 0, i = 0; i < len; i++) { - z |= x[i] ^ y[i]; - } - - return (1 & ((z - 1) >> 8)) - 1; -} diff --git a/sys/src/libsec/port/ecc.c b/sys/src/libsec/port/ecc.c index 09dd92858..261eebdd1 100644 --- a/sys/src/libsec/port/ecc.c +++ b/sys/src/libsec/port/ecc.c @@ -3,76 +3,6 @@ #include #include -ECdomain * -ecnamedcurve(int id) -{ - ECdomain *dom; - dom = malloc(sizeof(ECdomain)); - if(dom == nil) - return nil; - - switch(id) { - default: - free(dom); - return nil; - case Secp256r1: - dom->p = strtomp("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", nil, 16, nil); - dom->a = strtomp("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", nil, 16, nil); - dom->b = strtomp("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", nil, 16, nil); - dom->G = strtoec(dom, "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", nil, nil); - dom->n = strtomp("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", nil, 16, nil); - dom->h = uitomp(1, nil); - break; - } - - if(dom->p == nil || dom->a == nil || dom->b == nil || dom->G == nil || dom->n == nil || dom->h == nil) { - ecfreedomain(dom); - return nil; - } - - return dom; -} - -void -ecfreepoint(ECpoint *pt) -{ - if(pt != nil) { - mpfree(pt->x); - mpfree(pt->y); - } - - free(pt); -} - -void -ecfreepriv(ECpriv *priv) -{ - if(priv != nil) { - mpfree(priv->x); - mpfree(priv->y); - mpfree(priv->d); - } - - free(priv); -} - -void -ecfreedomain(ECdomain *dom) -{ - if(dom != nil) { - mpfree(dom->p); - mpfree(dom->a); - mpfree(dom->b); - if(dom->G != nil) { - ecfreepoint(dom->G); - } - mpfree(dom->n); - mpfree(dom->h); - } - - free(dom); -} - void ecassign(ECdomain *, ECpoint *a, ECpoint *b) { @@ -399,54 +329,6 @@ mpsqrt(mpint *n, mpint *p, mpint *r) return 1; } -// converts the bytes in buf to an ECpoint x y pair. -// the domain is used to determine the number of bytes in x and y in the buffer. -ECpoint* -betoec(ECdomain *dom, uchar *buf, int blen, ECpoint *ret) -{ - int allocd, bytelen; - - allocd = 0; - bytelen = (mpsignif(dom->p)+7) >> 3; - - // sanity check arguments - if(dom == nil || buf == nil) - return nil; - - // check if input is too short for two mpints - if(blen != 1+2*bytelen) - return nil; - - // check that point is in uncompressed format - if(buf[0] != 4) - return nil; - - if(ret == nil) { - // allocate return pointer and mpints - allocd = 1; - ret = mallocz(sizeof(*ret), 1); - if(ret == nil) - return nil; - ret->x = mpnew(0); - ret->y = mpnew(0); - } - - // uncompressed form - if(betomp(buf+1, bytelen, ret->x) == nil) - goto err; - if(betomp(buf+1+bytelen, bytelen, ret->y) == nil) - goto err; - if(!ecverify(dom, ret)) - goto err; - return ret; - -err: - if(allocd){ - ecfreepoint(ret); - } - return nil; -} - ECpoint* strtoec(ECdomain *dom, char *s, char **rptr, ECpoint *ret) { @@ -500,8 +382,11 @@ strtoec(ECdomain *dom, char *s, char **rptr, ECpoint *ret) err: if(rptr) *rptr = s; - if(allocd) - ecfreepoint(ret); + if(allocd){ + mpfree(ret->x); + mpfree(ret->y); + free(ret); + } return nil; } diff --git a/sys/src/libsec/port/mkfile b/sys/src/libsec/port/mkfile index 91973cb26..60aebe629 100644 --- a/sys/src/libsec/port/mkfile +++ b/sys/src/libsec/port/mkfile @@ -22,7 +22,6 @@ CFILES = des.c desmodes.c desECB.c desCBC.c des3ECB.c des3CBC.c\ ripemd.c\ dh.c\ pbkdf2.c\ - const.c\ ALLOFILES=${CFILES:%.c=%.$O} diff --git a/sys/src/libsec/port/thumb.c b/sys/src/libsec/port/thumb.c index 8a2e53e97..21c92fe88 100644 --- a/sys/src/libsec/port/thumb.c +++ b/sys/src/libsec/port/thumb.c @@ -38,7 +38,7 @@ okThumbprint(uchar *sum, Thumbprint *table) return 0; hd = tablehead(sum, table); for(p = hd->next; p; p = p->next){ - if(constcmp(sum, p->sha1, SHA1dlen) == 0) + if(memcmp(sum, p->sha1, SHA1dlen) == 0) return 1; if(p == hd) break; diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c index 8151c60c4..48c281068 100644 --- a/sys/src/libsec/port/tlshand.c +++ b/sys/src/libsec/port/tlshand.c @@ -854,57 +854,99 @@ ectobytes(int type, ECpoint *p) static Bytes* tlsSecECDHEc(TlsSec *sec, uchar *srandom, int vers, int curve, Bytes *Ys) { + Namedcurve *nc, *enc; Bytes *epm; - ECdomain *dom; - ECpoint K, *Y; - ECpriv *Q; - - epm = nil; - Y = nil; - Q = nil; + ECdomain dom; + ECpoint G, K, Y; + ECpriv Q; if(Ys == nil) return nil; + enc = &namedcurves[nelem(namedcurves)]; + for(nc = namedcurves; nc != enc; nc++) + if(nc->tlsid == curve) + break; + + if(nc == enc) + return nil; + memmove(sec->srandom, srandom, RandomSize); if(setVers(sec, vers) < 0) return nil; + + epm = nil; - dom = ecnamedcurve(curve); - if(dom == nil) - return nil; + memset(&dom, 0, sizeof(dom)); + dom.p = strtomp(nc->p, nil, 16, nil); + dom.a = strtomp(nc->a, nil, 16, nil); + dom.b = strtomp(nc->b, nil, 16, nil); + dom.n = strtomp(nc->n, nil, 16, nil); + dom.h = strtomp(nc->h, nil, 16, nil); + memset(&G, 0, sizeof(G)); + G.x = mpnew(0); + G.y = mpnew(0); + + memset(&Q, 0, sizeof(Q)); + Q.x = mpnew(0); + Q.y = mpnew(0); + Q.d = mpnew(0); memset(&K, 0, sizeof(K)); K.x = mpnew(0); K.y = mpnew(0); + memset(&Y, 0, sizeof(Y)); + Y.x = mpnew(0); + Y.y = mpnew(0); + + if(dom.p == nil || dom.a == nil || dom.b == nil || dom.n == nil || dom.h == nil) + goto Out; + if(Q.x == nil || Q.y == nil || Q.d == nil) + goto Out; + if(G.x == nil || G.y == nil) + goto Out; if(K.x == nil || K.y == nil) goto Out; + if(Y.x == nil || Y.y == nil) + goto Out; - Y = betoec(dom, Ys->data, Ys->len, nil); - if(Y == nil) + dom.G = strtoec(&dom, nc->G, nil, &G); + if(dom.G == nil) goto Out; - Q = ecgen(dom, nil); - if(Q == nil) + if(bytestoec(&dom, Ys, &Y) == nil) goto Out; - ecmul(dom, Y, Q->d, &K); + if(ecgen(&dom, &Q) == nil) + goto Out; + + ecmul(&dom, &Y, Q.d, &K); setMasterSecret(sec, mptobytes(K.x)); /* 0x04 = uncompressed public key */ - epm = ectobytes(0x04, Q); + epm = ectobytes(0x04, &Q); Out: - ecfreepriv(Q); - - ecfreepoint(Y); + mpfree(Y.x); + mpfree(Y.y); mpfree(K.x); mpfree(K.y); - ecfreedomain(dom); + mpfree(Q.x); + mpfree(Q.y); + mpfree(Q.d); + + mpfree(G.x); + mpfree(G.y); + + mpfree(dom.p); + mpfree(dom.a); + mpfree(dom.b); + mpfree(dom.n); + mpfree(dom.h); return epm; } @@ -1915,7 +1957,7 @@ setVersion(TlsConnection *c, int version) static int finishedMatch(TlsConnection *c, Finished *f) { - return constcmp(f->verify, c->finished.verify, f->n) == 0; + return memcmp(f->verify, c->finished.verify, f->n) == 0; } // free memory associated with TlsConnection struct diff --git a/sys/src/libsec/port/x509.c b/sys/src/libsec/port/x509.c index a6dc9e5d7..4751524c5 100644 --- a/sys/src/libsec/port/x509.c +++ b/sys/src/libsec/port/x509.c @@ -2212,7 +2212,7 @@ verify_signature(Bytes* signature, RSApub *pk, uchar *edigest, int edigestlen, E err = "bad digest length"; goto end; } - if(constcmp(digest->data, edigest, edigestlen) != 0) + if(memcmp(digest->data, edigest, edigestlen) != 0) err = "digests did not match"; end: -- cgit v1.2.3