diff --git a/include/sudo_digest.h b/include/sudo_digest.h index d01b1f7ca..0e7f8efb2 100644 --- a/include/sudo_digest.h +++ b/include/sudo_digest.h @@ -33,13 +33,14 @@ sudo_dso_public struct sudo_digest *sudo_digest_alloc_v1(unsigned int digest_typ sudo_dso_public void sudo_digest_free_v1(struct sudo_digest *dig); sudo_dso_public void sudo_digest_reset_v1(struct sudo_digest *dig); sudo_dso_public int sudo_digest_getlen_v1(unsigned int digest_type); +sudo_dso_public size_t sudo_digest_getlen_v2(unsigned int digest_type); sudo_dso_public void sudo_digest_update_v1(struct sudo_digest *dig, const void *data, size_t len); sudo_dso_public void sudo_digest_final_v1(struct sudo_digest *dig, unsigned char *md); #define sudo_digest_alloc(_a) sudo_digest_alloc_v1((_a)) #define sudo_digest_free(_a) sudo_digest_free_v1((_a)) #define sudo_digest_reset(_a) sudo_digest_reset_v1((_a)) -#define sudo_digest_getlen(_a) sudo_digest_getlen_v1((_a)) +#define sudo_digest_getlen(_a) sudo_digest_getlen_v2((_a)) #define sudo_digest_update(_a, _b, _c) sudo_digest_update_v1((_a), (_b), (_c)) #define sudo_digest_final(_a, _b) sudo_digest_final_v1((_a), (_b)) diff --git a/lib/util/digest.c b/lib/util/digest.c index ddfeed12a..cebaf8416 100644 --- a/lib/util/digest.c +++ b/lib/util/digest.c @@ -43,7 +43,7 @@ #endif static struct digest_function { - const unsigned int digest_len; + const size_t digest_len; void (*init)(SHA2_CTX *); #ifdef SHA2_VOID_PTR void (*update)(SHA2_CTX *, const void *, size_t); @@ -130,18 +130,25 @@ sudo_digest_reset_v1(struct sudo_digest *dig) debug_return; } -int -sudo_digest_getlen_v1(unsigned int digest_type) +size_t +sudo_digest_getlen_v2(unsigned int digest_type) { debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL); unsigned int i; for (i = 0; digest_functions[i].digest_len != 0; i++) { if (digest_type == i) - debug_return_int(digest_functions[i].digest_len); + debug_return_size_t(digest_functions[i].digest_len); } - debug_return_int(-1); + debug_return_size_t(0); +} + +int +sudo_digest_getlen_v1(unsigned int digest_type) +{ + size_t len = sudo_digest_getlen_v2(digest_type); + return len ? (int)len : -1; } void diff --git a/lib/util/digest_gcrypt.c b/lib/util/digest_gcrypt.c index 45d71e53e..e04cc534b 100644 --- a/lib/util/digest_gcrypt.c +++ b/lib/util/digest_gcrypt.c @@ -125,17 +125,24 @@ sudo_digest_reset_v1(struct sudo_digest *dig) debug_return; } -int -sudo_digest_getlen_v1(unsigned int digest_type) +size_t +sudo_digest_getlen_v2(unsigned int digest_type) { debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL); int gcry_digest_type; gcry_digest_type = sudo_digest_type_to_gcry(digest_type); if (gcry_digest_type == -1) - debug_return_int(-1); + debug_return_size_t(0); - debug_return_int(gcry_md_get_algo_dlen(gcry_digest_type)); + debug_return_size_t(gcry_md_get_algo_dlen(gcry_digest_type)); +} + +int +sudo_digest_getlen_v1(unsigned int digest_type) +{ + size_t len = sudo_digest_getlen_v2(digest_type); + return len ? (int)len : -1; } void diff --git a/lib/util/digest_openssl.c b/lib/util/digest_openssl.c index e38cfbbe6..95f84b94c 100644 --- a/lib/util/digest_openssl.c +++ b/lib/util/digest_openssl.c @@ -118,17 +118,24 @@ sudo_digest_reset_v1(struct sudo_digest *dig) debug_return; } -int -sudo_digest_getlen_v1(unsigned int digest_type) +size_t +sudo_digest_getlen_v2(unsigned int digest_type) { const EVP_MD *md; debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL); md = sudo_digest_type_to_md(digest_type); if (md == NULL) - debug_return_int(-1); + debug_return_size_t(0); - debug_return_int(EVP_MD_size(md)); + debug_return_size_t((size_t)EVP_MD_size(md)); +} + +int +sudo_digest_getlen_v1(unsigned int digest_type) +{ + size_t len = sudo_digest_getlen_v2(digest_type); + return len ? (int)len : -1; } void diff --git a/lib/util/getentropy.c b/lib/util/getentropy.c index c67ea6287..d714becc4 100644 --- a/lib/util/getentropy.c +++ b/lib/util/getentropy.c @@ -436,7 +436,7 @@ getentropy_fallback(void *buf, size_t len) if ((ctx = sudo_digest_alloc(SUDO_DIGEST_SHA512)) == NULL) return -1; digest_len = sudo_digest_getlen(SUDO_DIGEST_SHA512); - if (digest_len == (size_t)-1 || (results = malloc(digest_len)) == NULL) + if (digest_len == 0 || (results = malloc(digest_len)) == NULL) goto done; pid = getpid(); diff --git a/lib/util/regress/digest/digest_test.c b/lib/util/regress/digest/digest_test.c index a20035f91..90a3b678d 100644 --- a/lib/util/regress/digest/digest_test.c +++ b/lib/util/regress/digest/digest_test.c @@ -1109,10 +1109,10 @@ run_tests(unsigned int digest_type, struct test_vector *test_vectors) struct sudo_digest *ctx; unsigned char md[64]; /* SHA512_DIGEST_LENGTH */ char mdhex[128 + 1]; /* SHA512_DIGEST_LENGTH * 2 + 1 */ - int i, j, digest_len; + size_t i, j, digest_len; digest_len = sudo_digest_getlen(digest_type); - if (digest_len == -1) + if (digest_len == 0) sudo_fatalx("unable to get digest length for type %d", digest_type); if (digest_len > ssizeof(md)) sudo_fatalx("digest length too big for type %d", digest_type); diff --git a/lib/util/util.exp.in b/lib/util/util.exp.in index 69df69fc6..440bc8f8c 100644 --- a/lib/util/util.exp.in +++ b/lib/util/util.exp.in @@ -50,6 +50,7 @@ sudo_digest_alloc_v1 sudo_digest_final_v1 sudo_digest_free_v1 sudo_digest_getlen_v1 +sudo_digest_getlen_v2 sudo_digest_reset_v1 sudo_digest_update_v1 sudo_dso_findsym_v1 diff --git a/plugins/sudoers/filedigest.c b/plugins/sudoers/filedigest.c index e65817f60..27f87211b 100644 --- a/plugins/sudoers/filedigest.c +++ b/plugins/sudoers/filedigest.c @@ -45,8 +45,8 @@ sudo_filedigest(int fd, const char *file, unsigned int digest_type, int fd2; debug_decl(sudo_filedigest, SUDOERS_DEBUG_UTIL); - *digest_len = (size_t)sudo_digest_getlen(digest_type); - if (*digest_len == (size_t)-1) { + *digest_len = sudo_digest_getlen(digest_type); + if (*digest_len == 0) { sudo_warnx(U_("unsupported digest type %u for %s"), digest_type, file); debug_return_ptr(NULL); } diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index 351a38e38..1801fcd5b 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -3906,9 +3906,9 @@ YY_RULE_SETUP #line 319 "toke.l" { /* Only return DIGEST if the length is correct. */ - int digest_len = + size_t digest_len = sudo_digest_getlen(digest_type); - if (sudoersleng == digest_len * 2) { + if ((size_t)sudoersleng == digest_len * 2) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL; @@ -3924,7 +3924,7 @@ YY_RULE_SETUP #line 334 "toke.l" { /* Only return DIGEST if the length is correct. */ - int len, digest_len = + size_t len, digest_len = sudo_digest_getlen(digest_type); if (sudoerstext[sudoersleng - 1] == '=') { /* use padding */ @@ -3933,7 +3933,7 @@ YY_RULE_SETUP /* no padding */ len = (4 * digest_len + 2) / 3; } - if (sudoersleng == len) { + if ((size_t)sudoersleng == len) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL; diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index f0c0d1eab..21af33082 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -318,9 +318,9 @@ DEFVAR [a-z_]+ [[:xdigit:]]+ { /* Only return DIGEST if the length is correct. */ - int digest_len = + size_t digest_len = sudo_digest_getlen(digest_type); - if (sudoersleng == digest_len * 2) { + if ((size_t)sudoersleng == digest_len * 2) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL; @@ -333,7 +333,7 @@ DEFVAR [a-z_]+ [A-Za-z0-9\+/=]+ { /* Only return DIGEST if the length is correct. */ - int len, digest_len = + size_t len, digest_len = sudo_digest_getlen(digest_type); if (sudoerstext[sudoersleng - 1] == '=') { /* use padding */ @@ -342,7 +342,7 @@ DEFVAR [a-z_]+ /* no padding */ len = (4 * digest_len + 2) / 3; } - if (sudoersleng == len) { + if ((size_t)sudoersleng == len) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL;