This commit fixes a couple of overflow conditions for Rijndael and HMAC keys
that are larger than anticipated maximums. In the case of Rijndael, PKCS#5 1.5
is supported up to key sizes of 32 bytes or smaller (and maintains compatibility
with OpenSSL, and future versions will support PKCS#5 2.0 (PBKDF2) while allowing
for larger key sizes. HMAC keys may be up to 128 bytes even for digest
algorithms such as SHA256 that have block sizes that are smaller than this.
Significant merge from Franck Joncourt to add the ability to save command line
args to ~/.fwknoprc stanzas. This merge is in support of #4.
Conflicts:
lib/fko_util.c
lib/fko_util.h
This is a fairly significant commit that lays the groundwork for getting
selectable HMAC modes working for both the client and server. One libfko API
change was required so that the hmac_type is passed into fko_new_with_data().
This allows the server to set the hmac_type via access.conf stanzas. The
effort in this commit will be extended to allow HMAC MD5, SHA1, and SHA512
also function properly.
This commit fixes a byte order warning for both sha1.c and md5.c like so:
sha1.c:127:6: warning: #warning Undetermined or unsupported Byte Order... We will try LITTLE_ENDIAN [-Wcpp]
Also removed a couple of header includes that appear not be needed.
This commit completes the conversion to the strtol() wrapper function in order
to remove all atoi() calls. In addition, variable max values are enforced
using more broadly defined RCHK_* values.
Bug fix for the following error caught by the test suite (in the [Rijndael SPA]
[client+server] random SPA port (tcp/22 ssh) test):
==24257== 17 bytes in 1 blocks are definitely lost in loss record 1 of 1
==24257== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24257== by 0x4E38B9B: fko_set_rand_value (fko_rand_value.c:114)
==24257== by 0x4E37FE0: fko_new (fko_funcs.c:75)
==24257== by 0x10AE52: main (fwknop.c:113)
This commit replaces most atoi() calls (which don't report errors) with a strtol()
wrapper function for stronger string -> integer conversion validation.
Applied fix from Franck Joncourt for the 'warning: dereferencing type-punned
pointer will break strict-aliasing rules [-Wstrict-aliasing]' error in the
MD5 digest code.
[libfko] Added the ability to maintain backwards compatibility with the
now deprecated "zero padding" strategy in AES mode that was a hold over
from the old perl fwknop implementation. This enables the backwards
compatiblity tests to continue to pass in the test suite.
