From 9069f35ca7b58df122aa5965c0ad7aa478ece832 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 24 May 2024 19:16:53 +0000 Subject: [PATCH] Stub out DES_enc_{read,write}(3) The most terrible code in OpenSSL has its roots in libdes, which came before SSLeay. Hello, LHASH. Hello speed app. Hello DES (obviously). There are some diary-style changelog comments dating all the way back to 1990. /* This has some uglies in it but it works - even over sockets. */ Well, kind of: * - This code cannot handle non-blocking sockets. Also: /* >output is a multiple of 8 byes, if len < rnum * >we must be careful. The user must be aware that this * >routine will write more bytes than he asked for. * >The length of the buffer must be correct. * FIXED - Should be ok now 18-9-90 - eay */ Or /* This is really a bad error - very bad * It will stuff-up both ends. */ Or #ifdef _LIBC extern unsigned long time(); extern int write(); #endif I can't even... Delete, delete, delete. ok jsing --- lib/libcrypto/Makefile | 3 +- lib/libcrypto/des/enc_read.c | 164 +++------------------------------- lib/libcrypto/des/enc_writ.c | 168 ----------------------------------- 3 files changed, 14 insertions(+), 321 deletions(-) delete mode 100644 lib/libcrypto/des/enc_writ.c diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index 39997b08860..564dc011692 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.194 2024/04/25 16:14:00 tb Exp $ +# $OpenBSD: Makefile,v 1.195 2024/05/24 19:16:53 tb Exp $ LIB= crypto LIBREBUILD=y @@ -264,7 +264,6 @@ SRCS+= ecb3_enc.c SRCS+= ecb_enc.c SRCS+= ede_cbcm_enc.c SRCS+= enc_read.c -SRCS+= enc_writ.c SRCS+= fcrypt.c SRCS+= fcrypt_b.c SRCS+= ofb64ede.c diff --git a/lib/libcrypto/des/enc_read.c b/lib/libcrypto/des/enc_read.c index d52489e72d0..35704315e16 100644 --- a/lib/libcrypto/des/enc_read.c +++ b/lib/libcrypto/des/enc_read.c @@ -1,4 +1,4 @@ -/* $OpenBSD: enc_read.c,v 1.18 2024/03/29 01:47:29 joshua Exp $ */ +/* $OpenBSD: enc_read.c,v 1.19 2024/05/24 19:16:53 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,168 +56,30 @@ * [including the GNU Public Licence.] */ -#include #include #include #include "des_local.h" -/* This has some uglies in it but it works - even over sockets. */ -/*extern int errno;*/ -int DES_rw_mode = DES_PCBC_MODE; - /* - * WARNINGS: - * - * - The data format used by DES_enc_write() and DES_enc_read() - * has a cryptographic weakness: When asked to write more - * than MAXWRITE bytes, DES_enc_write will split the data - * into several chunks that are all encrypted - * using the same IV. So don't use these functions unless you - * are sure you know what you do (in which case you might - * not want to use them anyway). - * - * - This code cannot handle non-blocking sockets. - * - * - This function uses an internal state and thus cannot be - * used on multiple files. + * XXX - remove this file in the next major bump */ +int DES_rw_mode = DES_PCBC_MODE; + int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, DES_cblock *iv) { - /* data to be unencrypted */ - int net_num = 0; - static unsigned char *net = NULL; - /* extra unencrypted data - * for when a block of 100 comes in but is des_read one byte at - * a time. */ - static unsigned char *unnet = NULL; - static int unnet_start = 0; - static int unnet_left = 0; - static unsigned char *tmpbuf = NULL; - int i; - long num = 0, rnum; - unsigned char *p; - - if (tmpbuf == NULL) { - tmpbuf = malloc(BSIZE); - if (tmpbuf == NULL) - return (-1); - } - if (net == NULL) { - net = malloc(BSIZE); - if (net == NULL) - return (-1); - } - if (unnet == NULL) { - unnet = malloc(BSIZE); - if (unnet == NULL) - return (-1); - } - /* left over data from last decrypt */ - if (unnet_left != 0) { - if (unnet_left < len) { - /* we still still need more data but will return - * with the number of bytes we have - should always - * check the return value */ - memcpy(buf, &(unnet[unnet_start]), - unnet_left); - /* eay 26/08/92 I had the next 2 lines - * reversed :-( */ - i = unnet_left; - unnet_start = unnet_left = 0; - } else { - memcpy(buf, &(unnet[unnet_start]), len); - unnet_start += len; - unnet_left -= len; - i = len; - } - return (i); - } - - /* We need to get more data. */ - if (len > MAXWRITE) - len = MAXWRITE; - - /* first - get the length */ - while (net_num < HDRSIZE) { - i = read(fd, (void *)&(net[net_num]), HDRSIZE - net_num); -#ifdef EINTR - if ((i == -1) && (errno == EINTR)) - continue; -#endif - if (i <= 0) - return (0); - net_num += i; - } - - /* we now have at net_num bytes in net */ - p = net; - /* num=0; */ - n2l(p, num); - /* num should be rounded up to the next group of eight - * we make sure that we have read a multiple of 8 bytes from the net. - */ - if ((num > MAXWRITE) || (num < 0)) /* error */ - return (-1); - rnum = (num < 8) ? 8 : ((num + 7)/8*8); - - net_num = 0; - while (net_num < rnum) { - i = read(fd, (void *)&(net[net_num]), rnum - net_num); -#ifdef EINTR - if ((i == -1) && (errno == EINTR)) - continue; -#endif - if (i <= 0) - return (0); - net_num += i; - } - - /* Check if there will be data left over. */ - if (len < num) { - if (DES_rw_mode & DES_PCBC_MODE) - DES_pcbc_encrypt(net, unnet, num, sched, iv, - DES_DECRYPT); - else - DES_cbc_encrypt(net, unnet, num, sched, iv, - DES_DECRYPT); - memcpy(buf, unnet, len); - unnet_start = len; - unnet_left = num - len; - - /* The following line is done because we return num - * as the number of bytes read. */ - num = len; - } else { - /* >output is a multiple of 8 byes, if len < rnum - * >we must be careful. The user must be aware that this - * >routine will write more bytes than he asked for. - * >The length of the buffer must be correct. - * FIXED - Should be ok now 18-9-90 - eay */ - if (len < rnum) { - if (DES_rw_mode & DES_PCBC_MODE) - DES_pcbc_encrypt(net, tmpbuf, num, sched, iv, - DES_DECRYPT); - else - DES_cbc_encrypt(net, tmpbuf, num, sched, iv, - DES_DECRYPT); - - /* eay 26/08/92 fix a bug that returned more - * bytes than you asked for (returned len bytes :-( */ - memcpy(buf, tmpbuf, num); - } else { - if (DES_rw_mode & DES_PCBC_MODE) - DES_pcbc_encrypt(net, buf, num, sched, iv, - DES_DECRYPT); - else - DES_cbc_encrypt(net, buf, num, sched, iv, - DES_DECRYPT); - } - } - return num; + return -1; } LCRYPTO_ALIAS(DES_enc_read); + +int +DES_enc_write(int fd, const void *_buf, int len, + DES_key_schedule *sched, DES_cblock *iv) +{ + return -1; +} +LCRYPTO_ALIAS(DES_enc_write); diff --git a/lib/libcrypto/des/enc_writ.c b/lib/libcrypto/des/enc_writ.c deleted file mode 100644 index 39c61393609..00000000000 --- a/lib/libcrypto/des/enc_writ.c +++ /dev/null @@ -1,168 +0,0 @@ -/* $OpenBSD: enc_writ.c,v 1.18 2024/03/29 01:47:29 joshua Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -#include - -#include "des_local.h" - -/* - * WARNINGS: - * - * - The data format used by DES_enc_write() and DES_enc_read() - * has a cryptographic weakness: When asked to write more - * than MAXWRITE bytes, DES_enc_write will split the data - * into several chunks that are all encrypted - * using the same IV. So don't use these functions unless you - * are sure you know what you do (in which case you might - * not want to use them anyway). - * - * - This code cannot handle non-blocking sockets. - */ - -int -DES_enc_write(int fd, const void *_buf, int len, - DES_key_schedule *sched, DES_cblock *iv) -{ -#ifdef _LIBC - extern unsigned long time(); - extern int write(); -#endif - const unsigned char *buf = _buf; - long rnum; - int i, j, k, outnum; - static unsigned char *outbuf = NULL; - unsigned char shortbuf[8]; - unsigned char *p; - const unsigned char *cp; - static int start = 1; - - if (outbuf == NULL) { - outbuf = malloc(BSIZE + HDRSIZE); - if (outbuf == NULL) - return (-1); - } - /* If we are sending less than 8 bytes, the same char will look - * the same if we don't pad it out with random bytes */ - if (start) { - start = 0; - } - - /* lets recurse if we want to send the data in small chunks */ - if (len > MAXWRITE) { - j = 0; - for (i = 0; i < len; i += k) { - k = DES_enc_write(fd, &(buf[i]), - ((len - i) > MAXWRITE) ? MAXWRITE : (len - i), - sched, iv); - if (k < 0) - return (k); - else - j += k; - } - return (j); - } - - /* write length first */ - p = outbuf; - l2n(len, p); - - /* pad short strings */ - if (len < 8) { - cp = shortbuf; - memcpy(shortbuf, buf, len); - arc4random_buf(shortbuf + len, 8 - len); - rnum = 8; - } else { - cp = buf; - rnum = ((len + 7)/8*8); /* round up to nearest eight */ - } - - if (DES_rw_mode & DES_PCBC_MODE) - DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, - sched, iv, DES_ENCRYPT); - else - DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, - sched, iv, DES_ENCRYPT); - - /* output */ - outnum = rnum + HDRSIZE; - - for (j = 0; j < outnum; j += i) { - /* eay 26/08/92 I was not doing writing from where we - * got up to. */ - i = write(fd, (void *)&(outbuf[j]), outnum - j); - if (i == -1) { -#ifdef EINTR - if (errno == EINTR) - i = 0; - else -#endif - /* This is really a bad error - very bad - * It will stuff-up both ends. */ - return (-1); - } - } - - return (len); -} -LCRYPTO_ALIAS(DES_enc_write); -- 2.20.1