Hi! On 05/26/2015 07:27 PM, Adam D. Barratt wrote: > Feel free to send a new diff for consideration, yes. (Bearing in mind > that the window for 8.1 closes over the coming weekend.) Diff is attached. If you are ok with it, I will upload tomorrow. > > #786907 should be marked as fixed in whichever version it's, well, fixed > in. :-) > Mentioned in d/changelog. > Regards, > > Adam Greetings Peter
diff -Nru libvncserver-0.9.9+dfsg/common/sha1.c libvncserver-0.9.9+dfsg/common/sha1.c
--- libvncserver-0.9.9+dfsg/common/sha1.c 2012-05-04 16:19:00.000000000 +0200
+++ libvncserver-0.9.9+dfsg/common/sha1.c 1970-01-01 01:00:00.000000000 +0100
@@ -1,411 +0,0 @@
-/*
- * Copyright (C) The Internet Society (2001). All Rights Reserved.
- *
- * This document and translations of it may be copied and furnished to
- * others, and derivative works that comment on or otherwise explain it
- * or assist in its implementation may be prepared, copied, published
- * and distributed, in whole or in part, without restriction of any
- * kind, provided that the above copyright notice and this paragraph are
- * included on all such copies and derivative works. However, this
- * document itself may not be modified in any way, such as by removing
- * the copyright notice or references to the Internet Society or other
- * Internet organizations, except as needed for the purpose of
- * developing Internet standards in which case the procedures for
- * copyrights defined in the Internet Standards process must be
- * followed, or as required to translate it into languages other than
- * English.
- *
- * The limited permissions granted above are perpetual and will not be
- * revoked by the Internet Society or its successors or assigns.
- *
- * This document and the information contained herein is provided on an
- * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
- * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/*
- * sha1.c
- *
- * Description:
- * This file implements the Secure Hashing Algorithm 1 as
- * defined in FIPS PUB 180-1 published April 17, 1995.
- *
- * The SHA-1, produces a 160-bit message digest for a given
- * data stream. It should take about 2**n steps to find a
- * message with the same digest as a given message and
- * 2**(n/2) to find any two messages with the same digest,
- * when n is the digest size in bits. Therefore, this
- * algorithm can serve as a means of providing a
- * "fingerprint" for a message.
- *
- * Portability Issues:
- * SHA-1 is defined in terms of 32-bit "words". This code
- * uses <stdint.h> (included via "sha1.h" to define 32 and 8
- * bit unsigned integer types. If your C compiler does not
- * support 32 bit unsigned integers, this code is not
- * appropriate.
- *
- * Caveats:
- * SHA-1 is designed to work with messages less than 2^64 bits
- * long. Although SHA-1 allows a message digest to be generated
- * for messages of any number of bits less than 2^64, this
- * implementation only works with messages with a length that is
- * a multiple of the size of an 8-bit character.
- *
- */
-
-#include "sha1.h"
-
-/*
- * Define the SHA1 circular left shift macro
- */
-#define SHA1CircularShift(bits,word) \
- (((word) << (bits)) | ((word) >> (32-(bits))))
-
-/* Local Function Prototyptes */
-void SHA1PadMessage(SHA1Context *);
-void SHA1ProcessMessageBlock(SHA1Context *);
-
-/*
- * SHA1Reset
- *
- * Description:
- * This function will initialize the SHA1Context in preparation
- * for computing a new SHA1 message digest.
- *
- * Parameters:
- * context: [in/out]
- * The context to reset.
- *
- * Returns:
- * sha Error Code.
- *
- */
-int SHA1Reset(SHA1Context *context)
-{
- if (!context)
- {
- return shaNull;
- }
-
- context->Length_Low = 0;
- context->Length_High = 0;
- context->Message_Block_Index = 0;
-
- context->Intermediate_Hash[0] = 0x67452301;
- context->Intermediate_Hash[1] = 0xEFCDAB89;
- context->Intermediate_Hash[2] = 0x98BADCFE;
- context->Intermediate_Hash[3] = 0x10325476;
- context->Intermediate_Hash[4] = 0xC3D2E1F0;
-
- context->Computed = 0;
- context->Corrupted = 0;
- return shaSuccess;
-}
-
-/*
- * SHA1Result
- *
- * Description:
- * This function will return the 160-bit message digest into the
- * Message_Digest array provided by the caller.
- * NOTE: The first octet of hash is stored in the 0th element,
- * the last octet of hash in the 19th element.
- *
- * Parameters:
- * context: [in/out]
- * The context to use to calculate the SHA-1 hash.
- * Message_Digest: [out]
- * Where the digest is returned.
- *
- * Returns:
- * sha Error Code.
- *
- */
-int SHA1Result( SHA1Context *context,
- uint8_t Message_Digest[SHA1HashSize])
-{
- int i;
-
- if (!context || !Message_Digest)
- {
- return shaNull;
- }
-
- if (context->Corrupted)
- {
- return context->Corrupted;
- }
-
- if (!context->Computed)
- {
- SHA1PadMessage(context);
- for(i=0; i<64; ++i)
- {
- /* message may be sensitive, clear it out */
- context->Message_Block[i] = 0;
- }
- context->Length_Low = 0; /* and clear length */
- context->Length_High = 0;
- context->Computed = 1;
- }
-
- for(i = 0; i < SHA1HashSize; ++i)
- {
- Message_Digest[i] = context->Intermediate_Hash[i>>2]
- >> 8 * ( 3 - ( i & 0x03 ) );
- }
-
- return shaSuccess;
-}
-
-/*
- * SHA1Input
- *
- * Description:
- * This function accepts an array of octets as the next portion
- * of the message.
- *
- * Parameters:
- * context: [in/out]
- * The SHA context to update
- * message_array: [in]
- * An array of characters representing the next portion of
- * the message.
- * length: [in]
- * The length of the message in message_array
- *
- * Returns:
- * sha Error Code.
- *
- */
-int SHA1Input( SHA1Context *context,
- const uint8_t *message_array,
- unsigned length)
-{
- if (!length)
- {
- return shaSuccess;
- }
-
- if (!context || !message_array)
- {
- return shaNull;
- }
-
- if (context->Computed)
- {
- context->Corrupted = shaStateError;
- return shaStateError;
- }
-
- if (context->Corrupted)
- {
- return context->Corrupted;
- }
- while(length-- && !context->Corrupted)
- {
- context->Message_Block[context->Message_Block_Index++] =
- (*message_array & 0xFF);
-
- context->Length_Low += 8;
- if (context->Length_Low == 0)
- {
- context->Length_High++;
- if (context->Length_High == 0)
- {
- /* Message is too long */
- context->Corrupted = 1;
- }
- }
-
- if (context->Message_Block_Index == 64)
- {
- SHA1ProcessMessageBlock(context);
- }
-
- message_array++;
- }
-
- return shaSuccess;
-}
-
-/*
- * SHA1ProcessMessageBlock
- *
- * Description:
- * This function will process the next 512 bits of the message
- * stored in the Message_Block array.
- *
- * Parameters:
- * None.
- *
- * Returns:
- * Nothing.
- *
- * Comments:
- * Many of the variable names in this code, especially the
- * single character names, were used because those were the
- * names used in the publication.
- *
- *
- */
-void SHA1ProcessMessageBlock(SHA1Context *context)
-{
- const uint32_t K[] = { /* Constants defined in SHA-1 */
- 0x5A827999,
- 0x6ED9EBA1,
- 0x8F1BBCDC,
- 0xCA62C1D6
- };
- int t; /* Loop counter */
- uint32_t temp; /* Temporary word value */
- uint32_t W[80]; /* Word sequence */
- uint32_t A, B, C, D, E; /* Word buffers */
-
- /*
- * Initialize the first 16 words in the array W
- */
- for(t = 0; t < 16; t++)
- {
- W[t] = context->Message_Block[t * 4] << 24;
- W[t] |= context->Message_Block[t * 4 + 1] << 16;
- W[t] |= context->Message_Block[t * 4 + 2] << 8;
- W[t] |= context->Message_Block[t * 4 + 3];
- }
-
- for(t = 16; t < 80; t++)
- {
- W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
- }
-
- A = context->Intermediate_Hash[0];
- B = context->Intermediate_Hash[1];
- C = context->Intermediate_Hash[2];
- D = context->Intermediate_Hash[3];
- E = context->Intermediate_Hash[4];
-
- for(t = 0; t < 20; t++)
- {
- temp = SHA1CircularShift(5,A) +
- ((B & C) | ((~B) & D)) + E + W[t] + K[0];
- E = D;
- D = C;
- C = SHA1CircularShift(30,B);
- B = A;
- A = temp;
- }
-
- for(t = 20; t < 40; t++)
- {
- temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
- E = D;
- D = C;
- C = SHA1CircularShift(30,B);
- B = A;
- A = temp;
- }
-
- for(t = 40; t < 60; t++)
- {
- temp = SHA1CircularShift(5,A) +
- ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
- E = D;
- D = C;
- C = SHA1CircularShift(30,B);
- B = A;
- A = temp;
- }
-
- for(t = 60; t < 80; t++)
- {
- temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
- E = D;
- D = C;
- C = SHA1CircularShift(30,B);
- B = A;
- A = temp;
- }
-
- context->Intermediate_Hash[0] += A;
- context->Intermediate_Hash[1] += B;
- context->Intermediate_Hash[2] += C;
- context->Intermediate_Hash[3] += D;
- context->Intermediate_Hash[4] += E;
-
- context->Message_Block_Index = 0;
-}
-
-
-/*
- * SHA1PadMessage
- *
- * Description:
- * According to the standard, the message must be padded to an even
- * 512 bits. The first padding bit must be a '1'. The last 64
- * bits represent the length of the original message. All bits in
- * between should be 0. This function will pad the message
- * according to those rules by filling the Message_Block array
- * accordingly. It will also call the ProcessMessageBlock function
- * provided appropriately. When it returns, it can be assumed that
- * the message digest has been computed.
- *
- * Parameters:
- * context: [in/out]
- * The context to pad
- * ProcessMessageBlock: [in]
- * The appropriate SHA*ProcessMessageBlock function
- * Returns:
- * Nothing.
- *
- */
-
-void SHA1PadMessage(SHA1Context *context)
-{
- /*
- * Check to see if the current message block is too small to hold
- * the initial padding bits and length. If so, we will pad the
- * block, process it, and then continue padding into a second
- * block.
- */
- if (context->Message_Block_Index > 55)
- {
- context->Message_Block[context->Message_Block_Index++] = 0x80;
- while(context->Message_Block_Index < 64)
- {
- context->Message_Block[context->Message_Block_Index++] = 0;
- }
-
- SHA1ProcessMessageBlock(context);
-
- while(context->Message_Block_Index < 56)
- {
- context->Message_Block[context->Message_Block_Index++] = 0;
- }
- }
- else
- {
- context->Message_Block[context->Message_Block_Index++] = 0x80;
- while(context->Message_Block_Index < 56)
- {
- context->Message_Block[context->Message_Block_Index++] = 0;
- }
- }
-
- /*
- * Store the message length as the last 8 octets
- */
- context->Message_Block[56] = context->Length_High >> 24;
- context->Message_Block[57] = context->Length_High >> 16;
- context->Message_Block[58] = context->Length_High >> 8;
- context->Message_Block[59] = context->Length_High;
- context->Message_Block[60] = context->Length_Low >> 24;
- context->Message_Block[61] = context->Length_Low >> 16;
- context->Message_Block[62] = context->Length_Low >> 8;
- context->Message_Block[63] = context->Length_Low;
-
- SHA1ProcessMessageBlock(context);
-}
diff -Nru libvncserver-0.9.9+dfsg/common/sha1.h libvncserver-0.9.9+dfsg/common/sha1.h
--- libvncserver-0.9.9+dfsg/common/sha1.h 2012-05-04 16:19:00.000000000 +0200
+++ libvncserver-0.9.9+dfsg/common/sha1.h 1970-01-01 01:00:00.000000000 +0100
@@ -1,101 +0,0 @@
-/*
- * Copyright (C) The Internet Society (2001). All Rights Reserved.
- *
- * This document and translations of it may be copied and furnished to
- * others, and derivative works that comment on or otherwise explain it
- * or assist in its implementation may be prepared, copied, published
- * and distributed, in whole or in part, without restriction of any
- * kind, provided that the above copyright notice and this paragraph are
- * included on all such copies and derivative works. However, this
- * document itself may not be modified in any way, such as by removing
- * the copyright notice or references to the Internet Society or other
- * Internet organizations, except as needed for the purpose of
- * developing Internet standards in which case the procedures for
- * copyrights defined in the Internet Standards process must be
- * followed, or as required to translate it into languages other than
- * English.
- *
- * The limited permissions granted above are perpetual and will not be
- * revoked by the Internet Society or its successors or assigns.
- *
- * This document and the information contained herein is provided on an
- * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
- * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/*
- * sha1.h
- *
- * Description:
- * This is the header file for code which implements the Secure
- * Hashing Algorithm 1 as defined in FIPS PUB 180-1 published
- * April 17, 1995.
- *
- * Many of the variable names in this code, especially the
- * single character names, were used because those were the names
- * used in the publication.
- *
- * Please read the file sha1.c for more information.
- *
- */
-
-
-#ifndef _SHA1_H_
-#define _SHA1_H_
-
-#include <stdint.h>
-/*
- * If you do not have the ISO standard stdint.h header file, then you
- * must typdef the following:
- * name meaning
- * uint32_t unsigned 32 bit integer
- * uint8_t unsigned 8 bit integer (i.e., unsigned char)
- * int_least16_t integer of >= 16 bits
- *
- */
-
-#ifndef _SHA_enum_
-#define _SHA_enum_
-enum
-{
- shaSuccess = 0,
- shaNull, /* Null pointer parameter */
- shaInputTooLong, /* input data too long */
- shaStateError /* called Input after Result */
-};
-#endif
-#define SHA1HashSize 20
-
-/*
- * This structure will hold context information for the SHA-1
- * hashing operation
- */
-typedef struct SHA1Context
-{
- uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
-
- uint32_t Length_Low; /* Message length in bits */
- uint32_t Length_High; /* Message length in bits */
-
- /* Index into message block array */
- int_least16_t Message_Block_Index;
- uint8_t Message_Block[64]; /* 512-bit message blocks */
-
- int Computed; /* Is the digest computed? */
- int Corrupted; /* Is the message digest corrupted? */
-} SHA1Context;
-
-/*
- * Function Prototypes
- */
-int SHA1Reset( SHA1Context *);
-int SHA1Input( SHA1Context *,
- const uint8_t *,
- unsigned int);
-int SHA1Result( SHA1Context *,
- uint8_t Message_Digest[SHA1HashSize]);
-
-#endif
diff -Nru libvncserver-0.9.9+dfsg/debian/changelog libvncserver-0.9.9+dfsg/debian/changelog
--- libvncserver-0.9.9+dfsg/debian/changelog 2014-11-23 16:19:53.000000000 +0100
+++ libvncserver-0.9.9+dfsg/debian/changelog 2015-05-26 21:24:58.000000000 +0200
@@ -1,3 +1,11 @@
+libvncserver (0.9.9+dfsg-6.1+deb8u1) stable; urgency=medium
+
+ * added patch for libgcrypt init before use (Closes: #782570)
+ * replaced non-free sha1 implementation (Closes: #786907)
+ * new maintainer due to package adoption
+
+ -- Peter Spiess-Knafl <dev@spiessknafl.at> Tue, 26 May 2015 17:13:22 +0200
+
libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru libvncserver-0.9.9+dfsg/debian/control libvncserver-0.9.9+dfsg/debian/control
--- libvncserver-0.9.9+dfsg/debian/control 2014-08-12 16:01:45.000000000 +0200
+++ libvncserver-0.9.9+dfsg/debian/control 2015-05-26 21:24:58.000000000 +0200
@@ -1,7 +1,7 @@
Source: libvncserver
Section: libs
Priority: optional
-Maintainer: Luca Falavigna <dktrkranz@debian.org>
+Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at>
Build-Depends: debhelper (>= 9),
dh-autoreconf,
libgnutls28-dev,
diff -Nru libvncserver-0.9.9+dfsg/debian/copyright libvncserver-0.9.9+dfsg/debian/copyright
--- libvncserver-0.9.9+dfsg/debian/copyright 2014-08-11 00:26:20.000000000 +0200
+++ libvncserver-0.9.9+dfsg/debian/copyright 2015-05-26 21:24:58.000000000 +0200
@@ -33,9 +33,9 @@
Copyright: 1995-2005, The Free Software Foundation
License: LGPL-2.1+
-Files: common/sha1.*
-Copyright: 2001, The Internet Society
-License: ISC
+Files: common/sha.h common/sha-private.h common/sha1.c
+Copyright: 2011, Internet Engineering Task Force
+License: BSD-3
Files: common/turbojpeg.*
Copyright: 2009-2012, D. R. Commander
@@ -132,29 +132,6 @@
On Debian systems, the complete text of the GNU Lesser General Public
License version 2.1 can be found in "/usr/share/common-licenses/LGPL-2.1".
-License: ISC
- This document and translations of it may be copied and furnished to others,
- and derivative works that comment on or otherwise explain it or assist in
- its implementation may be prepared, copied, published and distributed, in
- whole or in part, without restriction of any kind, provided that the above
- copyright notice and this paragraph are included on all such copies and
- derivative works. However, this document itself may not be modified in any
- way, such as by removing the copyright notice or references to the Internet
- Society or other Internet organizations, except as needed for the purpose of
- developing Internet standards in which case the procedures for copyrights
- defined in the Internet Standards process must be followed, or as required
- to translate it into languages other than English.
- .
- The limited permissions granted above are perpetual and will not be revoked
- by the Internet Society or its successors or assigns.
- .
- This document and the information contained herein is provided on an "AS IS"
- basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE
- DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
- ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY
- RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
- PARTICULAR PURPOSE.
-
License: BSD-3
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
diff -Nru libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch
--- libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch 1970-01-01 01:00:00.000000000 +0100
+++ libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch 2015-05-26 21:24:58.000000000 +0200
@@ -0,0 +1,29 @@
+From: Peter Spiess-Knafl <psk@autistici.org>
+Date: Wed, 4 Feb 2015 13:20:39 +0100
+Subject: init libgcrypt before use
+
+---
+ libvncclient/rfbproto.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c
+index f653850..aa74c23 100644
+--- a/libvncclient/rfbproto.c
++++ b/libvncclient/rfbproto.c
+@@ -857,6 +857,16 @@ HandleARDAuth(rfbClient *client)
+ rfbCredential *cred = NULL;
+ rfbBool result = FALSE;
+
++ if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
++ {
++ /* Application did not initialize gcrypt, so we should */
++ if (!gcry_check_version(GCRYPT_VERSION))
++ {
++ /* Older version of libgcrypt is installed on system than compiled against */
++ rfbClientLog("libgcrypt version mismatch.\n");
++ }
++ }
++
+ while (1)
+ {
+ if (!ReadFromRFBServer(client, (char *)gen, 2))
diff -Nru libvncserver-0.9.9+dfsg/debian/patches/0005-adding-free-sha1-implementation.patch libvncserver-0.9.9+dfsg/debian/patches/0005-adding-free-sha1-implementation.patch
--- libvncserver-0.9.9+dfsg/debian/patches/0005-adding-free-sha1-implementation.patch 1970-01-01 01:00:00.000000000 +0100
+++ libvncserver-0.9.9+dfsg/debian/patches/0005-adding-free-sha1-implementation.patch 2015-05-26 21:24:58.000000000 +0200
@@ -0,0 +1,860 @@
+From: Peter Spiess-Knafl <psk@autistici.org>
+Date: Wed, 4 Feb 2015 18:09:32 +0100
+Subject: adding free sha1 implementation
+
+---
+ common/sha-private.h | 29 +++
+ common/sha.h | 358 ++++++++++++++++++++++++++++++++
+ common/sha1.c | 414 ++++++++++++++++++++++++++++++++++++++
+ libvncserver/Makefile.am | 2 +-
+ libvncserver/rfbcrypto_included.c | 2 +-
+ 5 files changed, 803 insertions(+), 2 deletions(-)
+ create mode 100644 common/sha-private.h
+ create mode 100644 common/sha.h
+ create mode 100644 common/sha1.c
+
+diff --git a/common/sha-private.h b/common/sha-private.h
+new file mode 100644
+index 0000000..9ccc8dd
+--- /dev/null
++++ b/common/sha-private.h
+@@ -0,0 +1,29 @@
++/************************ sha-private.h ************************/
++/***************** See RFC 6234 for details. *******************/
++#ifndef _SHA_PRIVATE__H
++#define _SHA_PRIVATE__H
++/*
++ * These definitions are defined in FIPS 180-3, section 4.1.
++ * Ch() and Maj() are defined identically in sections 4.1.1,
++ * 4.1.2, and 4.1.3.
++ *
++ * The definitions used in FIPS 180-3 are as follows:
++ */
++
++#ifndef USE_MODIFIED_MACROS
++#define SHA_Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
++#define SHA_Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
++#else /* USE_MODIFIED_MACROS */
++/*
++ * The following definitions are equivalent and potentially faster.
++ */
++
++#define SHA_Ch(x, y, z) (((x) & ((y) ^ (z))) ^ (z))
++#define SHA_Maj(x, y, z) (((x) & ((y) | (z))) | ((y) & (z)))
++
++#endif /* USE_MODIFIED_MACROS */
++
++#define SHA_Parity(x, y, z) ((x) ^ (y) ^ (z))
++
++#endif /* _SHA_PRIVATE__H */
++
+diff --git a/common/sha.h b/common/sha.h
+new file mode 100644
+index 0000000..276c368
+--- /dev/null
++++ b/common/sha.h
+@@ -0,0 +1,358 @@
++/**************************** sha.h ****************************/
++/***************** See RFC 6234 for details. *******************/
++/*
++ Copyright (c) 2011 IETF Trust and the persons identified as
++ authors of the code. All rights reserved.
++
++ Redistribution and use in source and binary forms, with or
++ without modification, are permitted provided that the following
++ conditions are met:
++
++ - Redistributions of source code must retain the above
++ copyright notice, this list of conditions and
++ the following disclaimer.
++
++ - Redistributions in binary form must reproduce the above
++ copyright notice, this list of conditions and the following
++ disclaimer in the documentation and/or other materials provided
++ with the distribution.
++
++ - Neither the name of Internet Society, IETF or IETF Trust, nor
++ the names of specific contributors, may be used to endorse or
++ promote products derived from this software without specific
++ prior written permission.
++
++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
++ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
++ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
++ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
++ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
++ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
++ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++*/
++#ifndef _SHA_H_
++#define _SHA_H_
++
++/*
++ * Description:
++ * This file implements the Secure Hash Algorithms
++ * as defined in the U.S. National Institute of Standards
++ * and Technology Federal Information Processing Standards
++ * Publication (FIPS PUB) 180-3 published in October 2008
++ * and formerly defined in its predecessors, FIPS PUB 180-1
++ * and FIP PUB 180-2.
++ *
++ * A combined document showing all algorithms is available at
++ * http://csrc.nist.gov/publications/fips/
++ * fips180-3/fips180-3_final.pdf
++ *
++ * The five hashes are defined in these sizes:
++ * SHA-1 20 byte / 160 bit
++ * SHA-224 28 byte / 224 bit
++ * SHA-256 32 byte / 256 bit
++ * SHA-384 48 byte / 384 bit
++ * SHA-512 64 byte / 512 bit
++ *
++ * Compilation Note:
++ * These files may be compiled with two options:
++ * USE_32BIT_ONLY - use 32-bit arithmetic only, for systems
++ * without 64-bit integers
++ *
++ * USE_MODIFIED_MACROS - use alternate form of the SHA_Ch()
++ * and SHA_Maj() macros that are equivalent
++ * and potentially faster on many systems
++ *
++ */
++
++#include <stdint.h>
++/*
++ * If you do not have the ISO standard stdint.h header file, then you
++ * must typedef the following:
++ * name meaning
++ * uint64_t unsigned 64-bit integer
++ * uint32_t unsigned 32-bit integer
++ * uint8_t unsigned 8-bit integer (i.e., unsigned char)
++ * int_least16_t integer of >= 16 bits
++ *
++ * See stdint-example.h
++ */
++
++#ifndef _SHA_enum_
++#define _SHA_enum_
++/*
++ * All SHA functions return one of these values.
++ */
++enum {
++ shaSuccess = 0,
++ shaNull, /* Null pointer parameter */
++ shaInputTooLong, /* input data too long */
++ shaStateError, /* called Input after FinalBits or Result */
++ shaBadParam /* passed a bad parameter */
++};
++#endif /* _SHA_enum_ */
++
++/*
++ * These constants hold size information for each of the SHA
++ * hashing operations
++ */
++enum {
++ SHA1_Message_Block_Size = 64, SHA224_Message_Block_Size = 64,
++ SHA256_Message_Block_Size = 64, SHA384_Message_Block_Size = 128,
++ SHA512_Message_Block_Size = 128,
++ USHA_Max_Message_Block_Size = SHA512_Message_Block_Size,
++
++ SHA1HashSize = 20, SHA224HashSize = 28, SHA256HashSize = 32,
++ SHA384HashSize = 48, SHA512HashSize = 64,
++ USHAMaxHashSize = SHA512HashSize,
++
++ SHA1HashSizeBits = 160, SHA224HashSizeBits = 224,
++ SHA256HashSizeBits = 256, SHA384HashSizeBits = 384,
++ SHA512HashSizeBits = 512, USHAMaxHashSizeBits = SHA512HashSizeBits
++};
++
++/*
++ * These constants are used in the USHA (Unified SHA) functions.
++ */
++typedef enum SHAversion {
++ SHA1, SHA224, SHA256, SHA384, SHA512
++} SHAversion;
++
++/*
++ * This structure will hold context information for the SHA-1
++ * hashing operation.
++ */
++typedef struct SHA1Context {
++ uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
++
++ uint32_t Length_High; /* Message length in bits */
++ uint32_t Length_Low; /* Message length in bits */
++
++ int_least16_t Message_Block_Index; /* Message_Block array index */
++ /* 512-bit message blocks */
++ uint8_t Message_Block[SHA1_Message_Block_Size];
++
++ int Computed; /* Is the hash computed? */
++ int Corrupted; /* Cumulative corruption code */
++} SHA1Context;
++
++/*
++ * This structure will hold context information for the SHA-256
++ * hashing operation.
++ */
++typedef struct SHA256Context {
++ uint32_t Intermediate_Hash[SHA256HashSize/4]; /* Message Digest */
++
++ uint32_t Length_High; /* Message length in bits */
++ uint32_t Length_Low; /* Message length in bits */
++
++ int_least16_t Message_Block_Index; /* Message_Block array index */
++ /* 512-bit message blocks */
++ uint8_t Message_Block[SHA256_Message_Block_Size];
++
++ int Computed; /* Is the hash computed? */
++ int Corrupted; /* Cumulative corruption code */
++} SHA256Context;
++
++/*
++ * This structure will hold context information for the SHA-512
++ * hashing operation.
++ */
++typedef struct SHA512Context {
++#ifdef USE_32BIT_ONLY
++ uint32_t Intermediate_Hash[SHA512HashSize/4]; /* Message Digest */
++ uint32_t Length[4]; /* Message length in bits */
++#else /* !USE_32BIT_ONLY */
++ uint64_t Intermediate_Hash[SHA512HashSize/8]; /* Message Digest */
++ uint64_t Length_High, Length_Low; /* Message length in bits */
++#endif /* USE_32BIT_ONLY */
++
++ int_least16_t Message_Block_Index; /* Message_Block array index */
++ /* 1024-bit message blocks */
++ uint8_t Message_Block[SHA512_Message_Block_Size];
++
++ int Computed; /* Is the hash computed?*/
++ int Corrupted; /* Cumulative corruption code */
++} SHA512Context;
++
++/*
++ * This structure will hold context information for the SHA-224
++ * hashing operation. It uses the SHA-256 structure for computation.
++ */
++typedef struct SHA256Context SHA224Context;
++
++/*
++ * This structure will hold context information for the SHA-384
++ * hashing operation. It uses the SHA-512 structure for computation.
++ */
++typedef struct SHA512Context SHA384Context;
++
++/*
++ * This structure holds context information for all SHA
++ * hashing operations.
++ */
++typedef struct USHAContext {
++ int whichSha; /* which SHA is being used */
++ union {
++ SHA1Context sha1Context;
++ SHA224Context sha224Context; SHA256Context sha256Context;
++ SHA384Context sha384Context; SHA512Context sha512Context;
++ } ctx;
++
++} USHAContext;
++
++/*
++ * This structure will hold context information for the HMAC
++ * keyed-hashing operation.
++ */
++typedef struct HMACContext {
++ int whichSha; /* which SHA is being used */
++ int hashSize; /* hash size of SHA being used */
++ int blockSize; /* block size of SHA being used */
++ USHAContext shaContext; /* SHA context */
++ unsigned char k_opad[USHA_Max_Message_Block_Size];
++ /* outer padding - key XORd with opad */
++ int Computed; /* Is the MAC computed? */
++ int Corrupted; /* Cumulative corruption code */
++
++} HMACContext;
++
++/*
++ * This structure will hold context information for the HKDF
++ * extract-and-expand Key Derivation Functions.
++ */
++typedef struct HKDFContext {
++ int whichSha; /* which SHA is being used */
++ HMACContext hmacContext;
++ int hashSize; /* hash size of SHA being used */
++ unsigned char prk[USHAMaxHashSize];
++ /* pseudo-random key - output of hkdfInput */
++ int Computed; /* Is the key material computed? */
++ int Corrupted; /* Cumulative corruption code */
++} HKDFContext;
++
++/*
++ * Function Prototypes
++ */
++
++/* SHA-1 */
++extern int SHA1Reset(SHA1Context *);
++extern int SHA1Input(SHA1Context *, const uint8_t *bytes,
++ unsigned int bytecount);
++extern int SHA1FinalBits(SHA1Context *, uint8_t bits,
++ unsigned int bit_count);
++extern int SHA1Result(SHA1Context *,
++ uint8_t Message_Digest[SHA1HashSize]);
++
++/* SHA-224 */
++extern int SHA224Reset(SHA224Context *);
++extern int SHA224Input(SHA224Context *, const uint8_t *bytes,
++ unsigned int bytecount);
++extern int SHA224FinalBits(SHA224Context *, uint8_t bits,
++ unsigned int bit_count);
++extern int SHA224Result(SHA224Context *,
++ uint8_t Message_Digest[SHA224HashSize]);
++
++/* SHA-256 */
++extern int SHA256Reset(SHA256Context *);
++extern int SHA256Input(SHA256Context *, const uint8_t *bytes,
++ unsigned int bytecount);
++extern int SHA256FinalBits(SHA256Context *, uint8_t bits,
++ unsigned int bit_count);
++extern int SHA256Result(SHA256Context *,
++ uint8_t Message_Digest[SHA256HashSize]);
++
++/* SHA-384 */
++extern int SHA384Reset(SHA384Context *);
++extern int SHA384Input(SHA384Context *, const uint8_t *bytes,
++ unsigned int bytecount);
++extern int SHA384FinalBits(SHA384Context *, uint8_t bits,
++ unsigned int bit_count);
++extern int SHA384Result(SHA384Context *,
++ uint8_t Message_Digest[SHA384HashSize]);
++
++/* SHA-512 */
++extern int SHA512Reset(SHA512Context *);
++extern int SHA512Input(SHA512Context *, const uint8_t *bytes,
++ unsigned int bytecount);
++extern int SHA512FinalBits(SHA512Context *, uint8_t bits,
++ unsigned int bit_count);
++extern int SHA512Result(SHA512Context *,
++ uint8_t Message_Digest[SHA512HashSize]);
++
++/* Unified SHA functions, chosen by whichSha */
++extern int USHAReset(USHAContext *context, SHAversion whichSha);
++extern int USHAInput(USHAContext *context,
++ const uint8_t *bytes, unsigned int bytecount);
++extern int USHAFinalBits(USHAContext *context,
++ uint8_t bits, unsigned int bit_count);
++extern int USHAResult(USHAContext *context,
++ uint8_t Message_Digest[USHAMaxHashSize]);
++extern int USHABlockSize(enum SHAversion whichSha);
++extern int USHAHashSize(enum SHAversion whichSha);
++extern int USHAHashSizeBits(enum SHAversion whichSha);
++extern const char *USHAHashName(enum SHAversion whichSha);
++
++/*
++ * HMAC Keyed-Hashing for Message Authentication, RFC 2104,
++ * for all SHAs.
++ * This interface allows a fixed-length text input to be used.
++ */
++extern int hmac(SHAversion whichSha, /* which SHA algorithm to use */
++ const unsigned char *text, /* pointer to data stream */
++ int text_len, /* length of data stream */
++ const unsigned char *key, /* pointer to authentication key */
++ int key_len, /* length of authentication key */
++ uint8_t digest[USHAMaxHashSize]); /* caller digest to fill in */
++
++/*
++ * HMAC Keyed-Hashing for Message Authentication, RFC 2104,
++ * for all SHAs.
++ * This interface allows any length of text input to be used.
++ */
++extern int hmacReset(HMACContext *context, enum SHAversion whichSha,
++ const unsigned char *key, int key_len);
++extern int hmacInput(HMACContext *context, const unsigned char *text,
++ int text_len);
++extern int hmacFinalBits(HMACContext *context, uint8_t bits,
++ unsigned int bit_count);
++extern int hmacResult(HMACContext *context,
++ uint8_t digest[USHAMaxHashSize]);
++
++/*
++ * HKDF HMAC-based Extract-and-Expand Key Derivation Function,
++ * RFC 5869, for all SHAs.
++ */
++extern int hkdf(SHAversion whichSha, const unsigned char *salt,
++ int salt_len, const unsigned char *ikm, int ikm_len,
++ const unsigned char *info, int info_len,
++ uint8_t okm[ ], int okm_len);
++extern int hkdfExtract(SHAversion whichSha, const unsigned char *salt,
++ int salt_len, const unsigned char *ikm,
++ int ikm_len, uint8_t prk[USHAMaxHashSize]);
++extern int hkdfExpand(SHAversion whichSha, const uint8_t prk[ ],
++ int prk_len, const unsigned char *info,
++ int info_len, uint8_t okm[ ], int okm_len);
++
++/*
++ * HKDF HMAC-based Extract-and-Expand Key Derivation Function,
++ * RFC 5869, for all SHAs.
++ * This interface allows any length of text input to be used.
++ */
++extern int hkdfReset(HKDFContext *context, enum SHAversion whichSha,
++ const unsigned char *salt, int salt_len);
++extern int hkdfInput(HKDFContext *context, const unsigned char *ikm,
++ int ikm_len);
++extern int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits,
++ unsigned int ikm_bit_count);
++extern int hkdfResult(HKDFContext *context,
++ uint8_t prk[USHAMaxHashSize],
++ const unsigned char *info, int info_len,
++ uint8_t okm[USHAMaxHashSize], int okm_len);
++#endif /* _SHA_H_ */
++
+diff --git a/common/sha1.c b/common/sha1.c
+new file mode 100644
+index 0000000..53f1872
+--- /dev/null
++++ b/common/sha1.c
+@@ -0,0 +1,414 @@
++/**************************** sha1.c ***************************/
++/***************** See RFC 6234 for details. *******************/
++/* Copyright (c) 2011 IETF Trust and the persons identified as */
++/* authors of the code. All rights reserved. */
++/* See sha.h for terms of use and redistribution. */
++
++/*
++ * Description:
++ * This file implements the Secure Hash Algorithm SHA-1
++ * as defined in the U.S. National Institute of Standards
++ * and Technology Federal Information Processing Standards
++ * Publication (FIPS PUB) 180-3 published in October 2008
++ * and formerly defined in its predecessors, FIPS PUB 180-1
++ * and FIP PUB 180-2.
++ *
++ * A combined document showing all algorithms is available at
++ * http://csrc.nist.gov/publications/fips/
++ * fips180-3/fips180-3_final.pdf
++ *
++ * The SHA-1 algorithm produces a 160-bit message digest for a
++ * given data stream that can serve as a means of providing a
++ * "fingerprint" for a message.
++ *
++ * Portability Issues:
++ * SHA-1 is defined in terms of 32-bit "words". This code
++ * uses <stdint.h> (included via "sha.h") to define 32- and
++ * 8-bit unsigned integer types. If your C compiler does
++ * not support 32-bit unsigned integers, this code is not
++ * appropriate.
++ *
++ * Caveats:
++ * SHA-1 is designed to work with messages less than 2^64 bits
++ * long. This implementation uses SHA1Input() to hash the bits
++ * that are a multiple of the size of an 8-bit octet, and then
++ * optionally uses SHA1FinalBits() to hash the final few bits of
++ * the input.
++ */
++
++#include "sha.h"
++#include "sha-private.h"
++
++/*
++ * Define the SHA1 circular left shift macro
++ */
++#define SHA1_ROTL(bits,word) \
++ (((word) << (bits)) | ((word) >> (32-(bits))))
++
++/*
++ * Add "length" to the length.
++ * Set Corrupted when overflow has occurred.
++ */
++static uint32_t addTemp;
++#define SHA1AddLength(context, length) \
++ (addTemp = (context)->Length_Low, \
++ (context)->Corrupted = \
++ (((context)->Length_Low += (length)) < addTemp) && \
++ (++(context)->Length_High == 0) ? shaInputTooLong \
++ : (context)->Corrupted )
++
++/* Local Function Prototypes */
++static void SHA1ProcessMessageBlock(SHA1Context *context);
++static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte);
++static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte);
++
++/*
++ * SHA1Reset
++ *
++ * Description:
++ * This function will initialize the SHA1Context in preparation
++ * for computing a new SHA1 message digest.
++ *
++ * Parameters:
++ * context: [in/out]
++ * The context to reset.
++ *
++ * Returns:
++ * sha Error Code.
++ *
++ */
++int SHA1Reset(SHA1Context *context)
++{
++ if (!context) return shaNull;
++
++ context->Length_High = context->Length_Low = 0;
++ context->Message_Block_Index = 0;
++
++ /* Initial Hash Values: FIPS 180-3 section 5.3.1 */
++ context->Intermediate_Hash[0] = 0x67452301;
++ context->Intermediate_Hash[1] = 0xEFCDAB89;
++ context->Intermediate_Hash[2] = 0x98BADCFE;
++ context->Intermediate_Hash[3] = 0x10325476;
++ context->Intermediate_Hash[4] = 0xC3D2E1F0;
++
++ context->Computed = 0;
++ context->Corrupted = shaSuccess;
++
++ return shaSuccess;
++}
++
++/*
++ * SHA1Input
++ *
++ * Description:
++ * This function accepts an array of octets as the next portion
++ * of the message.
++ *
++ * Parameters:
++ * context: [in/out]
++ * The SHA context to update.
++ * message_array[ ]: [in]
++ * An array of octets representing the next portion of
++ * the message.
++ * length: [in]
++ * The length of the message in message_array.
++ *
++ * Returns:
++ * sha Error Code.
++ *
++ */
++int SHA1Input(SHA1Context *context,
++ const uint8_t *message_array, unsigned length)
++{
++ if (!context) return shaNull;
++ if (!length) return shaSuccess;
++ if (!message_array) return shaNull;
++ if (context->Computed) return context->Corrupted = shaStateError;
++ if (context->Corrupted) return context->Corrupted;
++
++ while (length--) {
++ context->Message_Block[context->Message_Block_Index++] =
++ *message_array;
++
++ if ((SHA1AddLength(context, 8) == shaSuccess) &&
++ (context->Message_Block_Index == SHA1_Message_Block_Size))
++ SHA1ProcessMessageBlock(context);
++
++ message_array++;
++ }
++
++ return context->Corrupted;
++}
++
++/*
++ * SHA1FinalBits
++ *
++ * Description:
++ * This function will add in any final bits of the message.
++ *
++ * Parameters:
++ * context: [in/out]
++ * The SHA context to update.
++ * message_bits: [in]
++ * The final bits of the message, in the upper portion of the
++ * byte. (Use 0b###00000 instead of 0b00000### to input the
++ * three bits ###.)
++ * length: [in]
++ * The number of bits in message_bits, between 1 and 7.
++ *
++ * Returns:
++ * sha Error Code.
++ */
++int SHA1FinalBits(SHA1Context *context, uint8_t message_bits,
++ unsigned int length)
++{
++ static uint8_t masks[8] = {
++ /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
++ /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
++ /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
++ /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
++ };
++
++ static uint8_t markbit[8] = {
++ /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
++ /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
++ /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
++ /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
++ };
++
++ if (!context) return shaNull;
++ if (!length) return shaSuccess;
++ if (context->Corrupted) return context->Corrupted;
++ if (context->Computed) return context->Corrupted = shaStateError;
++ if (length >= 8) return context->Corrupted = shaBadParam;
++
++ SHA1AddLength(context, length);
++ SHA1Finalize(context,
++ (uint8_t) ((message_bits & masks[length]) | markbit[length]));
++
++ return context->Corrupted;
++}
++
++/*
++ * SHA1Result
++ *
++ * Description:
++ * This function will return the 160-bit message digest
++ * into the Message_Digest array provided by the caller.
++ * NOTE:
++ * The first octet of hash is stored in the element with index 0,
++ * the last octet of hash in the element with index 19.
++ *
++ * Parameters:
++ * context: [in/out]
++ * The context to use to calculate the SHA-1 hash.
++ * Message_Digest[ ]: [out]
++ * Where the digest is returned.
++ *
++ * Returns:
++ * sha Error Code.
++ *
++ */
++int SHA1Result(SHA1Context *context,
++ uint8_t Message_Digest[SHA1HashSize])
++{
++ int i;
++
++ if (!context) return shaNull;
++ if (!Message_Digest) return shaNull;
++ if (context->Corrupted) return context->Corrupted;
++
++ if (!context->Computed)
++ SHA1Finalize(context, 0x80);
++
++ for (i = 0; i < SHA1HashSize; ++i)
++ Message_Digest[i] = (uint8_t) (context->Intermediate_Hash[i>>2]
++ >> (8 * ( 3 - ( i & 0x03 ) )));
++
++ return shaSuccess;
++}
++
++/*
++ * SHA1ProcessMessageBlock
++ *
++ * Description:
++ * This helper function will process the next 512 bits of the
++ * message stored in the Message_Block array.
++ *
++ * Parameters:
++ * context: [in/out]
++ * The SHA context to update.
++ *
++ * Returns:
++ * Nothing.
++ *
++ * Comments:
++ * Many of the variable names in this code, especially the
++ * single character names, were used because those were the
++ * names used in the Secure Hash Standard.
++ */
++static void SHA1ProcessMessageBlock(SHA1Context *context)
++{
++ /* Constants defined in FIPS 180-3, section 4.2.1 */
++ const uint32_t K[4] = {
++ 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6
++ };
++
++ int t; /* Loop counter */
++ uint32_t temp; /* Temporary word value */
++ uint32_t W[80]; /* Word sequence */
++ uint32_t A, B, C, D, E; /* Word buffers */
++
++ /*
++ * Initialize the first 16 words in the array W
++ */
++ for (t = 0; t < 16; t++) {
++ W[t] = ((uint32_t)context->Message_Block[t * 4]) << 24;
++ W[t] |= ((uint32_t)context->Message_Block[t * 4 + 1]) << 16;
++ W[t] |= ((uint32_t)context->Message_Block[t * 4 + 2]) << 8;
++ W[t] |= ((uint32_t)context->Message_Block[t * 4 + 3]);
++ }
++
++ for (t = 16; t < 80; t++)
++ W[t] = SHA1_ROTL(1, W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
++
++ A = context->Intermediate_Hash[0];
++ B = context->Intermediate_Hash[1];
++ C = context->Intermediate_Hash[2];
++ D = context->Intermediate_Hash[3];
++ E = context->Intermediate_Hash[4];
++
++ for (t = 0; t < 20; t++) {
++ temp = SHA1_ROTL(5,A) + SHA_Ch(B, C, D) + E + W[t] + K[0];
++ E = D;
++ D = C;
++ C = SHA1_ROTL(30,B);
++ B = A;
++ A = temp;
++ }
++
++ for (t = 20; t < 40; t++) {
++ temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[1];
++ E = D;
++ D = C;
++ C = SHA1_ROTL(30,B);
++ B = A;
++ A = temp;
++ }
++
++ for (t = 40; t < 60; t++) {
++ temp = SHA1_ROTL(5,A) + SHA_Maj(B, C, D) + E + W[t] + K[2];
++ E = D;
++ D = C;
++ C = SHA1_ROTL(30,B);
++ B = A;
++ A = temp;
++ }
++
++ for (t = 60; t < 80; t++) {
++ temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[3];
++ E = D;
++ D = C;
++ C = SHA1_ROTL(30,B);
++ B = A;
++ A = temp;
++ }
++
++ context->Intermediate_Hash[0] += A;
++ context->Intermediate_Hash[1] += B;
++ context->Intermediate_Hash[2] += C;
++ context->Intermediate_Hash[3] += D;
++ context->Intermediate_Hash[4] += E;
++ context->Message_Block_Index = 0;
++}
++
++/*
++ * SHA1Finalize
++ *
++ * Description:
++ * This helper function finishes off the digest calculations.
++ *
++ * Parameters:
++ * context: [in/out]
++ * The SHA context to update.
++ * Pad_Byte: [in]
++ * The last byte to add to the message block before the 0-padding
++ * and length. This will contain the last bits of the message
++ * followed by another single bit. If the message was an
++ * exact multiple of 8-bits long, Pad_Byte will be 0x80.
++ *
++ * Returns:
++ * sha Error Code.
++ *
++ */
++static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte)
++{
++ int i;
++ SHA1PadMessage(context, Pad_Byte);
++ /* message may be sensitive, clear it out */
++ for (i = 0; i < SHA1_Message_Block_Size; ++i)
++ context->Message_Block[i] = 0;
++ context->Length_High = 0; /* and clear length */
++ context->Length_Low = 0;
++ context->Computed = 1;
++}
++
++/*
++ * SHA1PadMessage
++ *
++ * Description:
++ * According to the standard, the message must be padded to the next
++ * even multiple of 512 bits. The first padding bit must be a '1'.
++ * The last 64 bits represent the length of the original message.
++ * All bits in between should be 0. This helper function will pad
++ * the message according to those rules by filling the Message_Block
++ * array accordingly. When it returns, it can be assumed that the
++ * message digest has been computed.
++ *
++ * Parameters:
++ * context: [in/out]
++ * The context to pad.
++ * Pad_Byte: [in]
++ * The last byte to add to the message block before the 0-padding
++ * and length. This will contain the last bits of the message
++ * followed by another single bit. If the message was an
++ * exact multiple of 8-bits long, Pad_Byte will be 0x80.
++ *
++ * Returns:
++ * Nothing.
++ */
++static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte)
++{
++ /*
++ * Check to see if the current message block is too small to hold
++ * the initial padding bits and length. If so, we will pad the
++ * block, process it, and then continue padding into a second
++ * block.
++ */
++ if (context->Message_Block_Index >= (SHA1_Message_Block_Size - 8)) {
++ context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
++ while (context->Message_Block_Index < SHA1_Message_Block_Size)
++ context->Message_Block[context->Message_Block_Index++] = 0;
++
++ SHA1ProcessMessageBlock(context);
++ } else
++ context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
++
++ while (context->Message_Block_Index < (SHA1_Message_Block_Size - 8))
++ context->Message_Block[context->Message_Block_Index++] = 0;
++
++ /*
++ * Store the message length as the last 8 octets
++ */
++ context->Message_Block[56] = (uint8_t) (context->Length_High >> 24);
++ context->Message_Block[57] = (uint8_t) (context->Length_High >> 16);
++ context->Message_Block[58] = (uint8_t) (context->Length_High >> 8);
++ context->Message_Block[59] = (uint8_t) (context->Length_High);
++ context->Message_Block[60] = (uint8_t) (context->Length_Low >> 24);
++ context->Message_Block[61] = (uint8_t) (context->Length_Low >> 16);
++ context->Message_Block[62] = (uint8_t) (context->Length_Low >> 8);
++ context->Message_Block[63] = (uint8_t) (context->Length_Low);
++
++ SHA1ProcessMessageBlock(context);
++}
++
+diff --git a/libvncserver/Makefile.am b/libvncserver/Makefile.am
+index cb38c64..38426af 100644
+--- a/libvncserver/Makefile.am
++++ b/libvncserver/Makefile.am
+@@ -37,7 +37,7 @@ include_HEADERS=../rfb/rfb.h ../rfb/rfbconfig.h ../rfb/rfbint.h \
+
+ noinst_HEADERS=../common/d3des.h ../rfb/default8x16.h zrleoutstream.h \
+ zrlepalettehelper.h zrletypes.h private.h scale.h rfbssl.h rfbcrypto.h \
+- ../common/minilzo.h ../common/lzoconf.h ../common/lzodefs.h ../common/md5.h ../common/sha1.h \
++ ../common/minilzo.h ../common/lzoconf.h ../common/lzodefs.h ../common/md5.h ../common/sha.h ../common/sha-private.h \
+ $(TIGHTVNCFILETRANSFERHDRS)
+
+ EXTRA_DIST=tableinit24.c tableinittctemplate.c tabletranstemplate.c \
+diff --git a/libvncserver/rfbcrypto_included.c b/libvncserver/rfbcrypto_included.c
+index 58c2e93..7feff61 100644
+--- a/libvncserver/rfbcrypto_included.c
++++ b/libvncserver/rfbcrypto_included.c
+@@ -23,7 +23,7 @@
+
+ #include <string.h>
+ #include "md5.h"
+-#include "sha1.h"
++#include "sha.h"
+ #include "rfbcrypto.h"
+
+ void digestmd5(const struct iovec *iov, int iovcnt, void *dest)
diff -Nru libvncserver-0.9.9+dfsg/debian/patches/series libvncserver-0.9.9+dfsg/debian/patches/series
--- libvncserver-0.9.9+dfsg/debian/patches/series 2014-11-23 16:03:36.000000000 +0100
+++ libvncserver-0.9.9+dfsg/debian/patches/series 2015-05-26 21:24:58.000000000 +0200
@@ -10,3 +10,5 @@
CVE-2015-6053.patch
CVE-2014-6054.patch
CVE-2014-6055.patch
+0004-init-libgcrypt-before-use.patch
+0005-adding-free-sha1-implementation.patch
diff -Nru libvncserver-0.9.9+dfsg/debian/rules libvncserver-0.9.9+dfsg/debian/rules
--- libvncserver-0.9.9+dfsg/debian/rules 2014-08-11 00:21:58.000000000 +0200
+++ libvncserver-0.9.9+dfsg/debian/rules 2015-05-26 21:24:58.000000000 +0200
@@ -22,6 +22,6 @@
get-orig-source:
tar fxz ../libvncserver_${VERSION}.orig.tar.gz -C ..
- cd ../LibVNCServer-${VERSION} && rm -fr webclients
+ cd ../LibVNCServer-${VERSION} && rm -fr webclients && rm -fr common/sha1.*
tar czf ../libvncserver_${VERSION}+dfsg.orig.tar.gz ../LibVNCServer-${VERSION}
rm -fr ../LibVNCServer-${VERSION}
Attachment:
signature.asc
Description: OpenPGP digital signature