diff options
Diffstat (limited to 'crypt')
| -rw-r--r-- | crypt/Banner | 1 | ||||
| -rw-r--r-- | crypt/Makefile | 14 | ||||
| -rw-r--r-- | crypt/badsalttest.c | 5 | ||||
| -rw-r--r-- | crypt/cert.c | 26 | ||||
| -rw-r--r-- | crypt/crypt-entry.c | 26 | ||||
| -rw-r--r-- | crypt/crypt-private.h | 2 | ||||
| -rw-r--r-- | crypt/crypt.c | 2 | ||||
| -rw-r--r-- | crypt/crypt.h | 39 | ||||
| -rw-r--r-- | crypt/crypt_util.c | 11 | ||||
| -rw-r--r-- | crypt/md5-crypt.c | 10 | ||||
| -rw-r--r-- | crypt/md5.c | 2 | ||||
| -rw-r--r-- | crypt/md5.h | 4 | ||||
| -rw-r--r-- | crypt/md5test-giant.c | 4 | ||||
| -rw-r--r-- | crypt/sha256-block.c | 2 | ||||
| -rw-r--r-- | crypt/sha256-crypt.c | 20 | ||||
| -rw-r--r-- | crypt/sha256.c | 15 | ||||
| -rw-r--r-- | crypt/sha256.h | 2 | ||||
| -rw-r--r-- | crypt/sha512-block.c | 2 | ||||
| -rw-r--r-- | crypt/sha512-crypt.c | 20 | ||||
| -rw-r--r-- | crypt/sha512.c | 16 | ||||
| -rw-r--r-- | crypt/sha512.h | 2 | ||||
| -rw-r--r-- | crypt/ufc-crypt.h | 2 | ||||
| -rw-r--r-- | crypt/ufc.c | 2 |
23 files changed, 129 insertions, 100 deletions
diff --git a/crypt/Banner b/crypt/Banner deleted file mode 100644 index 9cb25bdf0c..0000000000 --- a/crypt/Banner +++ /dev/null @@ -1 +0,0 @@ -crypt add-on version 2.1 by Michael Glad and others diff --git a/crypt/Makefile b/crypt/Makefile index c8b8579a93..3811b6e298 100644 --- a/crypt/Makefile +++ b/crypt/Makefile @@ -1,4 +1,4 @@ -# Copyright (C) 1996-2016 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # This file is part of the GNU C Library. # The GNU C Library is free software; you can redistribute it and/or @@ -32,14 +32,12 @@ libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \ tests := cert md5c-test sha256c-test sha512c-test badsalttest -ifeq ($(crypt-in-libc),yes) -routines += $(libcrypt-routines) -endif - ifeq ($(nss-crypt),yes) -CPPFLAGS-sha256-crypt.c = -DUSE_NSS -I$(shell nss-config --includedir) -CPPFLAGS-sha512-crypt.c = -DUSE_NSS -I$(shell nss-config --includedir) -CPPFLAGS-md5-crypt.c = -DUSE_NSS -I$(shell nss-config --includedir) +nss-cpp-flags := -DUSE_NSS \ + -I$(shell nss-config --includedir) -I$(shell nspr-config --includedir) +CPPFLAGS-sha256-crypt.c += $(nss-cpp-flags) +CPPFLAGS-sha512-crypt.c += $(nss-cpp-flags) +CPPFLAGS-md5-crypt.c += $(nss-cpp-flags) LDLIBS-crypt.so = -lfreebl3 else libcrypt-routines += md5 sha256 sha512 diff --git a/crypt/badsalttest.c b/crypt/badsalttest.c index da42ae5e1c..3e57cdd3b8 100644 --- a/crypt/badsalttest.c +++ b/crypt/badsalttest.c @@ -1,5 +1,5 @@ /* Test program for bad DES salt detection in crypt. - Copyright (C) 2012-2016 Free Software Foundation, Inc. + Copyright (C) 2012-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -61,6 +61,9 @@ do_test (void) tests[n - 1][1] = &page[pagesize - 1]; } + /* Mark cd as initialized before first call to crypt_r. */ + cd.initialized = 0; + for (size_t i = 0; i < n; i++) { if (crypt (tests[i][0], tests[i][1])) diff --git a/crypt/cert.c b/crypt/cert.c index 80029e9078..e070ca398d 100644 --- a/crypt/cert.c +++ b/crypt/cert.c @@ -10,6 +10,22 @@ #include <stdlib.h> #include "crypt.h" +/* This file tests the deprecated setkey/encrypt interface. */ +#include <shlib-compat.h> +#if TEST_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) + +#define libcrypt_version_reference(symbol, version) \ + _libcrypt_version_reference (symbol, VERSION_libcrypt_##version) +#define _libcrypt_version_reference(symbol, version) \ + __libcrypt_version_reference (symbol, version) +#define __libcrypt_version_reference(symbol, version) \ + __asm__ (".symver " #symbol ", " #symbol "@" #version) + +extern void setkey (const char *); +extern void encrypt (const char *, int); +libcrypt_version_reference (setkey, GLIBC_2_0); +libcrypt_version_reference (encrypt, GLIBC_2_0); + int totfails = 0; int main (int argc, char *argv[]); @@ -104,3 +120,13 @@ put8 (char *cp) printf("%02x", t); } } + +#else /* encrypt and setkey are not available. */ + +int +main (void) +{ + return 77; /* UNSUPPORTED */ +} + +#endif diff --git a/crypt/crypt-entry.c b/crypt/crypt-entry.c index a7dfccaa36..4e95f74878 100644 --- a/crypt/crypt-entry.c +++ b/crypt/crypt-entry.c @@ -1,7 +1,7 @@ /* * UFC-crypt: ultra fast crypt(3) implementation * - * Copyright (C) 1991-2016 Free Software Foundation, Inc. + * Copyright (C) 1991-2018 Free Software Foundation, Inc. * * The GNU C Library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -35,6 +35,7 @@ #endif #include "crypt-private.h" +#include <shlib-compat.h> /* Prototypes for local functions. */ #ifndef __GNU_LIBRARY__ @@ -141,6 +142,15 @@ __crypt_r (const char *key, const char *salt, * And convert back to 6 bit ASCII */ _ufc_output_conversion_r (res[0], res[1], salt, data); + + /* + * Erase key-dependent intermediate data. Data dependent only on + * the salt is not considered sensitive. + */ + explicit_bzero (ktab, sizeof (ktab)); + explicit_bzero (data->keysched, sizeof (data->keysched)); + explicit_bzero (res, sizeof (res)); + return data->crypt_3_buf; } weak_alias (__crypt_r, crypt_r) @@ -167,17 +177,7 @@ crypt (const char *key, const char *salt) return __crypt_r (key, salt, &_ufc_foobar); } - -/* - * To make fcrypt users happy. - * They don't need to call init_des. - */ -#ifdef _LIBC +#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) weak_alias (crypt, fcrypt) -#else -char * -__fcrypt (const char *key, const char *salt) -{ - return crypt (key, salt); -} +compat_symbol (libcrypt, fcrypt, fcrypt, GLIBC_2_0); #endif diff --git a/crypt/crypt-private.h b/crypt/crypt-private.h index 1418978bbb..6a54002f03 100644 --- a/crypt/crypt-private.h +++ b/crypt/crypt-private.h @@ -1,7 +1,7 @@ /* * UFC-crypt: ultra fast crypt(3) implementation * - * Copyright (C) 1991-2016 Free Software Foundation, Inc. + * Copyright (C) 1991-2018 Free Software Foundation, Inc. * * The GNU C Library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/crypt/crypt.c b/crypt/crypt.c index e51fbfdd67..0e5c430b71 100644 --- a/crypt/crypt.c +++ b/crypt/crypt.c @@ -1,7 +1,7 @@ /* * UFC-crypt: ultra fast crypt(3) implementation * - * Copyright (C) 1991-2016 Free Software Foundation, Inc. + * Copyright (C) 1991-2018 Free Software Foundation, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/crypt/crypt.h b/crypt/crypt.h index e29e1ef8b7..ebe8607452 100644 --- a/crypt/crypt.h +++ b/crypt/crypt.h @@ -1,7 +1,7 @@ /* * UFC-crypt: ultra fast crypt(3) implementation * - * Copyright (C) 1991-2016 Free Software Foundation, Inc. + * Copyright (C) 1991-2018 Free Software Foundation, Inc. * * The GNU C Library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -28,21 +28,18 @@ __BEGIN_DECLS -/* Encrypt at most 8 characters from KEY using salt to perturb DES. */ -extern char *crypt (const char *__key, const char *__salt) +/* One-way hash PHRASE, returning a string suitable for storage in the + user database. SALT selects the one-way function to use, and + ensures that no two users' hashes are the same, even if they use + the same passphrase. The return value points to static storage + which will be overwritten by the next call to crypt. */ +extern char *crypt (const char *__phrase, const char *__salt) __THROW __nonnull ((1, 2)); -/* Setup DES tables according KEY. */ -extern void setkey (const char *__key) __THROW __nonnull ((1)); - -/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt - block in place. */ -extern void encrypt (char *__glibc_block, int __edflag) - __THROW __nonnull ((1)); - #ifdef __USE_GNU -/* Reentrant versions of the functions above. The additional argument - points to a structure where the results are placed in. */ + +/* This structure provides scratch and output buffers for 'crypt_r'. + Its contents should not be accessed directly. */ struct crypt_data { char keysched[16 * 8]; @@ -57,17 +54,15 @@ struct crypt_data int direction, initialized; }; -extern char *crypt_r (const char *__key, const char *__salt, +/* Thread-safe version of 'crypt'. + DATA must point to a 'struct crypt_data' allocated by the caller. + Before the first call to 'crypt_r' with a new 'struct crypt_data', + that object must be initialized to all zeroes. The pointer + returned, if not NULL, will point within DATA. (It will still be + overwritten by the next call to 'crypt_r' with the same DATA.) */ +extern char *crypt_r (const char *__phrase, const char *__salt, struct crypt_data * __restrict __data) __THROW __nonnull ((1, 2, 3)); - -extern void setkey_r (const char *__key, - struct crypt_data * __restrict __data) - __THROW __nonnull ((1, 2)); - -extern void encrypt_r (char *__glibc_block, int __edflag, - struct crypt_data * __restrict __data) - __THROW __nonnull ((1, 3)); #endif __END_DECLS diff --git a/crypt/crypt_util.c b/crypt/crypt_util.c index 1f42f59cb0..fbfc783751 100644 --- a/crypt/crypt_util.c +++ b/crypt/crypt_util.c @@ -1,7 +1,7 @@ /* * UFC-crypt: ultra fast crypt(3) implementation * - * Copyright (C) 1991-2016 Free Software Foundation, Inc. + * Copyright (C) 1991-2018 Free Software Foundation, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -34,6 +34,7 @@ #endif #include "crypt-private.h" +#include <shlib-compat.h> /* Prototypes for local functions. */ #ifndef __GNU_LIBRARY__ @@ -150,6 +151,7 @@ static const int sbox[8][4][16]= { } }; +#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) /* * This is the initial * permutation matrix @@ -160,6 +162,7 @@ static const int initial_perm[64] = { 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 }; +#endif /* * This is the final @@ -785,6 +788,7 @@ _ufc_output_conversion_r (ufc_long v1, ufc_long v2, const char *salt, __data->crypt_3_buf[13] = 0; } +#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) /* * UNIX encrypt function. Takes a bitvector @@ -885,12 +889,14 @@ __encrypt_r (char *__block, int __edflag, } } weak_alias (__encrypt_r, encrypt_r) +compat_symbol (libcrypt, encrypt_r, encrypt_r, GLIBC_2_0); void encrypt (char *__block, int __edflag) { __encrypt_r(__block, __edflag, &_ufc_foobar); } +compat_symbol (libcrypt, encrypt, encrypt, GLIBC_2_0); /* @@ -915,12 +921,15 @@ __setkey_r (const char *__key, struct crypt_data * __restrict __data) _ufc_mk_keytab_r((char *) ktab, __data); } weak_alias (__setkey_r, setkey_r) +compat_symbol (libcrypt, setkey_r, setkey_r, GLIBC_2_0); void setkey (const char *__key) { __setkey_r(__key, &_ufc_foobar); } +compat_symbol (libcrypt, setkey, setkey, GLIBC_2_0); +#endif /* SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) */ void __b64_from_24bit (char **cp, int *buflen, diff --git a/crypt/md5-crypt.c b/crypt/md5-crypt.c index 2243bc7aed..3cf02ff74c 100644 --- a/crypt/md5-crypt.c +++ b/crypt/md5-crypt.c @@ -1,6 +1,6 @@ /* One way encryption based on MD5 sum. Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0. - Copyright (C) 1996-2016 Free Software Foundation, Inc. + Copyright (C) 1996-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996. @@ -288,13 +288,13 @@ __md5_crypt_r (const char *key, const char *salt, char *buffer, int buflen) #ifndef USE_NSS __md5_init_ctx (&ctx); __md5_finish_ctx (&ctx, alt_result); - memset (&ctx, '\0', sizeof (ctx)); - memset (&alt_ctx, '\0', sizeof (alt_ctx)); + explicit_bzero (&ctx, sizeof (ctx)); + explicit_bzero (&alt_ctx, sizeof (alt_ctx)); #endif if (copied_key != NULL) - memset (copied_key, '\0', key_len); + explicit_bzero (copied_key, key_len); if (copied_salt != NULL) - memset (copied_salt, '\0', salt_len); + explicit_bzero (copied_salt, salt_len); free (free_key); return buffer; diff --git a/crypt/md5.c b/crypt/md5.c index 01e709cbf2..5d7ac76e4a 100644 --- a/crypt/md5.c +++ b/crypt/md5.c @@ -1,6 +1,6 @@ /* Functions to compute MD5 message digest of files or memory blocks. according to the definition of MD5 in RFC 1321 from April 1992. - Copyright (C) 1995-2016 Free Software Foundation, Inc. + Copyright (C) 1995-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or diff --git a/crypt/md5.h b/crypt/md5.h index 1b3eac8cd1..57959bef03 100644 --- a/crypt/md5.h +++ b/crypt/md5.h @@ -1,6 +1,6 @@ /* Declaration of functions and data types used for MD5 sum computing library functions. - Copyright (C) 1995-2016 Free Software Foundation, Inc. + Copyright (C) 1995-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -22,7 +22,7 @@ #include <stdio.h> -#if defined HAVE_LIMITS_H || _LIBC +#if defined HAVE_LIMITS_H || defined _LIBC # include <limits.h> #endif diff --git a/crypt/md5test-giant.c b/crypt/md5test-giant.c index 2549145cca..dc5a2db151 100644 --- a/crypt/md5test-giant.c +++ b/crypt/md5test-giant.c @@ -1,5 +1,5 @@ -/* Testcase for http://sourceware.org/bugzilla/show_bug.cgi?id=14090. - Copyright (C) 2012-2016 Free Software Foundation, Inc. +/* Testcase for https://sourceware.org/bugzilla/show_bug.cgi?id=14090. + Copyright (C) 2012-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. This program is free software; you can redistribute it and/or modify diff --git a/crypt/sha256-block.c b/crypt/sha256-block.c index 8a77096999..a44fe01d5b 100644 --- a/crypt/sha256-block.c +++ b/crypt/sha256-block.c @@ -3,7 +3,7 @@ /* Process LEN bytes of BUFFER, accumulating context into CTX. It is assumed that LEN % 64 == 0. */ void -sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) +__sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) { const uint32_t *words = buffer; size_t nwords = len / sizeof (uint32_t); diff --git a/crypt/sha256-crypt.c b/crypt/sha256-crypt.c index ca703dec6d..d1fed1d6a6 100644 --- a/crypt/sha256-crypt.c +++ b/crypt/sha256-crypt.c @@ -1,5 +1,5 @@ /* One way encryption based on SHA256 sum. - Copyright (C) 2007-2016 Free Software Foundation, Inc. + Copyright (C) 2007-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@redhat.com>, 2007. @@ -319,8 +319,8 @@ __sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen) if (rounds_custom) { - int n = snprintf (cp, MAX (0, buflen), "%s%zu$", - sha256_rounds_prefix, rounds); + int n = __snprintf (cp, MAX (0, buflen), "%s%zu$", + sha256_rounds_prefix, rounds); cp += n; buflen -= n; } @@ -371,16 +371,16 @@ __sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen) #ifndef USE_NSS __sha256_init_ctx (&ctx); __sha256_finish_ctx (&ctx, alt_result); - memset (&ctx, '\0', sizeof (ctx)); - memset (&alt_ctx, '\0', sizeof (alt_ctx)); + explicit_bzero (&ctx, sizeof (ctx)); + explicit_bzero (&alt_ctx, sizeof (alt_ctx)); #endif - memset (temp_result, '\0', sizeof (temp_result)); - memset (p_bytes, '\0', key_len); - memset (s_bytes, '\0', salt_len); + explicit_bzero (temp_result, sizeof (temp_result)); + explicit_bzero (p_bytes, key_len); + explicit_bzero (s_bytes, salt_len); if (copied_key != NULL) - memset (copied_key, '\0', key_len); + explicit_bzero (copied_key, key_len); if (copied_salt != NULL) - memset (copied_salt, '\0', salt_len); + explicit_bzero (copied_salt, salt_len); free (free_key); free (free_pbytes); diff --git a/crypt/sha256.c b/crypt/sha256.c index e858f4b760..15b04086cb 100644 --- a/crypt/sha256.c +++ b/crypt/sha256.c @@ -1,6 +1,6 @@ /* Functions to compute SHA256 message digest of files or memory blocks. according to the definition of SHA256 in FIPS 180-2. - Copyright (C) 2007-2016 Free Software Foundation, Inc. + Copyright (C) 2007-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -81,8 +81,7 @@ static const uint32_t K[64] = 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }; -void -sha256_process_block (const void *, size_t, struct sha256_ctx *); +void __sha256_process_block (const void *, size_t, struct sha256_ctx *); /* Initialize structure containing state of computation. (FIPS 180-2:5.3.2) */ @@ -131,7 +130,7 @@ __sha256_finish_ctx (struct sha256_ctx *ctx, void *resbuf) #endif /* Process last bytes. */ - sha256_process_block (ctx->buffer, bytes + pad + 8, ctx); + __sha256_process_block (ctx->buffer, bytes + pad + 8, ctx); /* Put result from CTX in first 32 bytes following RESBUF. */ for (unsigned int i = 0; i < 8; ++i) @@ -156,7 +155,7 @@ __sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx) if (ctx->buflen > 64) { - sha256_process_block (ctx->buffer, ctx->buflen & ~63, ctx); + __sha256_process_block (ctx->buffer, ctx->buflen & ~63, ctx); ctx->buflen &= 63; /* The regions in the following copy operation cannot overlap. */ @@ -182,14 +181,14 @@ __sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx) if (UNALIGNED_P (buffer)) while (len > 64) { - sha256_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); + __sha256_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); buffer = (const char *) buffer + 64; len -= 64; } else #endif { - sha256_process_block (buffer, len & ~63, ctx); + __sha256_process_block (buffer, len & ~63, ctx); buffer = (const char *) buffer + (len & ~63); len &= 63; } @@ -204,7 +203,7 @@ __sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx) left_over += len; if (left_over >= 64) { - sha256_process_block (ctx->buffer, 64, ctx); + __sha256_process_block (ctx->buffer, 64, ctx); left_over -= 64; memcpy (ctx->buffer, &ctx->buffer[64], left_over); } diff --git a/crypt/sha256.h b/crypt/sha256.h index 1d03e540e1..bf81870b6d 100644 --- a/crypt/sha256.h +++ b/crypt/sha256.h @@ -1,6 +1,6 @@ /* Declaration of functions and data types used for SHA256 sum computing library functions. - Copyright (C) 2007-2016 Free Software Foundation, Inc. + Copyright (C) 2007-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or diff --git a/crypt/sha512-block.c b/crypt/sha512-block.c index c542db1c9c..577839fe5c 100644 --- a/crypt/sha512-block.c +++ b/crypt/sha512-block.c @@ -3,7 +3,7 @@ /* Process LEN bytes of BUFFER, accumulating context into CTX. It is assumed that LEN % 128 == 0. */ void -sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx) +__sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx) { const uint64_t *words = buffer; size_t nwords = len / sizeof (uint64_t); diff --git a/crypt/sha512-crypt.c b/crypt/sha512-crypt.c index c42e5b785d..bd099cd0e0 100644 --- a/crypt/sha512-crypt.c +++ b/crypt/sha512-crypt.c @@ -1,5 +1,5 @@ /* One way encryption based on SHA512 sum. - Copyright (C) 2007-2016 Free Software Foundation, Inc. + Copyright (C) 2007-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@redhat.com>, 2007. @@ -318,8 +318,8 @@ __sha512_crypt_r (const char *key, const char *salt, char *buffer, int buflen) if (rounds_custom) { - int n = snprintf (cp, MAX (0, buflen), "%s%zu$", - sha512_rounds_prefix, rounds); + int n = __snprintf (cp, MAX (0, buflen), "%s%zu$", + sha512_rounds_prefix, rounds); cp += n; buflen -= n; } @@ -393,16 +393,16 @@ __sha512_crypt_r (const char *key, const char *salt, char *buffer, int buflen) #ifndef USE_NSS __sha512_init_ctx (&ctx); __sha512_finish_ctx (&ctx, alt_result); - memset (&ctx, '\0', sizeof (ctx)); - memset (&alt_ctx, '\0', sizeof (alt_ctx)); + explicit_bzero (&ctx, sizeof (ctx)); + explicit_bzero (&alt_ctx, sizeof (alt_ctx)); #endif - memset (temp_result, '\0', sizeof (temp_result)); - memset (p_bytes, '\0', key_len); - memset (s_bytes, '\0', salt_len); + explicit_bzero (temp_result, sizeof (temp_result)); + explicit_bzero (p_bytes, key_len); + explicit_bzero (s_bytes, salt_len); if (copied_key != NULL) - memset (copied_key, '\0', key_len); + explicit_bzero (copied_key, key_len); if (copied_salt != NULL) - memset (copied_salt, '\0', salt_len); + explicit_bzero (copied_salt, salt_len); free (free_key); free (free_pbytes); diff --git a/crypt/sha512.c b/crypt/sha512.c index 47f3f7c60e..ab2c7f1fbb 100644 --- a/crypt/sha512.c +++ b/crypt/sha512.c @@ -1,6 +1,6 @@ /* Functions to compute SHA512 message digest of files or memory blocks. according to the definition of SHA512 in FIPS 180-2. - Copyright (C) 2007-2016 Free Software Foundation, Inc. + Copyright (C) 2007-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -101,8 +101,8 @@ static const uint64_t K[80] = UINT64_C (0x5fcb6fab3ad6faec), UINT64_C (0x6c44198c4a475817) }; -void -sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx); +void __sha512_process_block (const void *buffer, size_t len, + struct sha512_ctx *ctx); /* Initialize structure containing state of computation. (FIPS 180-2:5.3.3) */ @@ -153,7 +153,7 @@ __sha512_finish_ctx (struct sha512_ctx *ctx, void *resbuf) (ctx->total[TOTAL128_low] >> 61)); /* Process last bytes. */ - sha512_process_block (ctx->buffer, bytes + pad + 16, ctx); + __sha512_process_block (ctx->buffer, bytes + pad + 16, ctx); /* Put result from CTX in first 64 bytes following RESBUF. */ for (unsigned int i = 0; i < 8; ++i) @@ -178,7 +178,7 @@ __sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx) if (ctx->buflen > 128) { - sha512_process_block (ctx->buffer, ctx->buflen & ~127, ctx); + __sha512_process_block (ctx->buffer, ctx->buflen & ~127, ctx); ctx->buflen &= 127; /* The regions in the following copy operation cannot overlap. */ @@ -204,7 +204,7 @@ __sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx) if (UNALIGNED_P (buffer)) while (len > 128) { - sha512_process_block (memcpy (ctx->buffer, buffer, 128), 128, + __sha512_process_block (memcpy (ctx->buffer, buffer, 128), 128, ctx); buffer = (const char *) buffer + 128; len -= 128; @@ -212,7 +212,7 @@ __sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx) else #endif { - sha512_process_block (buffer, len & ~127, ctx); + __sha512_process_block (buffer, len & ~127, ctx); buffer = (const char *) buffer + (len & ~127); len &= 127; } @@ -227,7 +227,7 @@ __sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx) left_over += len; if (left_over >= 128) { - sha512_process_block (ctx->buffer, 128, ctx); + __sha512_process_block (ctx->buffer, 128, ctx); left_over -= 128; memcpy (ctx->buffer, &ctx->buffer[128], left_over); } diff --git a/crypt/sha512.h b/crypt/sha512.h index 7868d9cbcb..7b27aad2d2 100644 --- a/crypt/sha512.h +++ b/crypt/sha512.h @@ -1,6 +1,6 @@ /* Declaration of functions and data types used for SHA512 sum computing library functions. - Copyright (C) 2007-2016 Free Software Foundation, Inc. + Copyright (C) 2007-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or diff --git a/crypt/ufc-crypt.h b/crypt/ufc-crypt.h index fa7454fb63..500156ee51 100644 --- a/crypt/ufc-crypt.h +++ b/crypt/ufc-crypt.h @@ -1,5 +1,5 @@ /* Types for UFC-crypt. - Copyright (C) 1998-2016 Free Software Foundation, Inc. + Copyright (C) 1998-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or diff --git a/crypt/ufc.c b/crypt/ufc.c index 7c3e6b4fbc..3b119f1128 100644 --- a/crypt/ufc.c +++ b/crypt/ufc.c @@ -1,7 +1,7 @@ /* * UFC-crypt: ultra fast crypt(3) implementation * - * Copyright (C) 1991-2016 Free Software Foundation, Inc. + * Copyright (C) 1991-2018 Free Software Foundation, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public |