diff --git a/iputils_md5dig.h b/iputils_md5dig.h deleted file mode 100644 index bfa7f02d..00000000 --- a/iputils_md5dig.h +++ /dev/null @@ -1,142 +0,0 @@ -#ifndef IPUTILS_MD5DIG_H -#define IPUTILS_MD5DIG_H - -#if defined(USE_GCRYPT) -# include -# include -# define IPUTILS_MD5DIG_LEN 16 -#elif defined(USE_NETTLE) -# include -#elif defined(USE_OPENSSL) -# include -#elif defined(USE_KERNEL_CRYPTO_API) -# define IPUTILS_MD5DIG_LEN 16 -# include -# include -# include -# include -# include -# include "iputils_common.h" -#endif - -#if defined(USE_GCRYPT) -typedef struct { - gcry_md_hd_t dig; -} iputils_md5dig_ctx; - -static void iputils_md5dig_init(iputils_md5dig_ctx *ctx) -{ - if (gcry_md_open(&ctx->dig, GCRY_MD_MD5, 0) != GPG_ERR_NO_ERROR) - abort(); - return; -} - -static void iputils_md5dig_update(iputils_md5dig_ctx *ctx, - const void *buf, int len) -{ - gcry_md_write(ctx->dig, buf, len); - return; -} - -static void iputils_md5dig_final(unsigned char *digest, - iputils_md5dig_ctx *ctx) -{ - const void *p; - size_t dlen; - - p = gcry_md_read(ctx->dig, GCRY_MD_MD5); - dlen = gcry_md_get_algo_dlen(GCRY_MD_MD5); - - if (dlen != IPUTILS_MD5DIG_LEN) - abort(); - - memcpy(digest, p, dlen); - - gcry_md_close(ctx->dig); -} - -# define MD5_DIGEST_LENGTH IPUTILS_MD5DIG_LEN -# define MD5_CTX iputils_md5dig_ctx -# define MD5_Init iputils_md5dig_init -# define MD5_Update iputils_md5dig_update -# define MD5_Final iputils_md5dig_final - -#elif defined(USE_NETTLE) -typedef struct md5_ctx iputils_md5dig_ctx; - -static void iputils_md5dig_init(iputils_md5dig_ctx *ctx) -{ - md5_init(ctx); - return; -} - -static void iputils_md5dig_update(iputils_md5dig_ctx *ctx, - const void *buf, int len) -{ - md5_update(ctx, len, buf); - return; -} - -static void iputils_md5dig_final(unsigned char *digest, - iputils_md5dig_ctx *ctx) -{ - md5_digest(ctx, MD5_DIGEST_SIZE, digest); -} - -# define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE -# define MD5_CTX iputils_md5dig_ctx -# define MD5_Init iputils_md5dig_init -# define MD5_Update iputils_md5dig_update -# define MD5_Final iputils_md5dig_final -#elif defined(USE_KERNEL_CRYPTO_API) -typedef struct { - int bind_sock; - int comm_sock; -} iputils_md5dig_ctx; - -static void iputils_md5dig_init(iputils_md5dig_ctx *const ctx) -{ - const struct sockaddr_alg sa = { - .salg_family = AF_ALG, - .salg_type = "hash", - .salg_name = "md5" - }; - - ctx->comm_sock = -1; - if ((ctx->bind_sock = socket(AF_ALG, SOCK_SEQPACKET, 0)) < 0) - return; - if (bind(ctx->bind_sock, (struct sockaddr *)&sa, sizeof(sa)) < 0) - return; - ctx->comm_sock = accept(ctx->bind_sock, NULL, 0); - return; -} - -static void iputils_md5dig_update(iputils_md5dig_ctx *ctx, - void const *const buf, const int len) -{ - if (ctx->comm_sock < 0) - return; - if (write(ctx->comm_sock, buf, len) != len) - error(0, errno, "write to AF_ALG socket failed"); - return; -} - -static void iputils_md5dig_final(unsigned char *digest, - iputils_md5dig_ctx const *const ctx) -{ - if (ctx->comm_sock < 0) - return; - if (read(ctx->comm_sock, digest, IPUTILS_MD5DIG_LEN) != IPUTILS_MD5DIG_LEN) - error(0, errno, "read from AF_ALG socket failed"); - close(ctx->comm_sock); - close(ctx->bind_sock); -} - -# define MD5_DIGEST_LENGTH IPUTILS_MD5DIG_LEN -# define MD5_CTX iputils_md5dig_ctx -# define MD5_Init iputils_md5dig_init -# define MD5_Update iputils_md5dig_update -# define MD5_Final iputils_md5dig_final -#endif - -#endif diff --git a/md5.c b/md5.c new file mode 100644 index 00000000..9b92ae52 --- /dev/null +++ b/md5.c @@ -0,0 +1,257 @@ +/* + * This code implements the MD5 message-digest algorithm. The algorithm is due + * to Ron Rivest. This code was written by Colin Plumb in 1993, no copyright + * is claimed. This code is in the public domain; do with it what you wish. + * + * Equivalent code is available from RSA Data Security, Inc. This code has + * been tested against that, and is equivalent, except that you don't need to + * include two pages of legalese with every copy. + * + * To compute the message digest of a chunk of bytes, declare an MD5Context + * structure, pass it to MD5Init, call MD5Update as needed on buffers full of + * bytes, and then call MD5Final, which will fill a supplied 16-byte array with + * the digest. + */ + +#include + +#include "md5.h" + +#if !defined(WORDS_BIGENDIAN) +# define byteReverse(buf, len) /* Nothing */ +#else +static void byteReverse(unsigned char *buf, unsigned longs); + +# ifndef ASM_MD5 +/* + * Note: this code is harmless on little-endian machines. + */ +static void byteReverse(unsigned char *buf, unsigned longs) +{ + uint32_t t; + + do { + t = (uint32_t)((unsigned)buf[3] << 8 | buf[2]) << 16 | + ((unsigned)buf[1] << 8 | buf[0]); + *(uint32_t *)buf = t; + buf += 4; + } while (--longs); +} +# endif /* !ASM_MD5 */ +#endif /* !WORDS_BIGENDIAN */ + +/* + * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious + * initialization constants. + */ +void iputils_MD5Init(struct IPUTILS_MD5Context *ctx) +{ + ctx->buf[0] = 0x67452301; + ctx->buf[1] = 0xefcdab89; + ctx->buf[2] = 0x98badcfe; + ctx->buf[3] = 0x10325476; + + ctx->bits[0] = 0; + ctx->bits[1] = 0; +} + +/* + * Update context to reflect the concatenation of another buffer full of bytes. + */ +void iputils_MD5Update(struct IPUTILS_MD5Context *ctx, const char *buf, + unsigned len) +{ + uint32_t t; + + /* Update bitcount */ + t = ctx->bits[0]; + if ((ctx->bits[0] = t + ((uint32_t)len << 3)) < t) + ctx->bits[1]++; /* Carry from low to high */ + ctx->bits[1] += len >> 29; + + t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ + + /* Handle any leading odd-sized chunks */ + if (t) { + unsigned char *p = (unsigned char *)ctx->in + t; + + t = 64 - t; + if (len < t) { + memcpy(p, buf, len); + return; + } + memcpy(p, buf, t); + byteReverse(ctx->in, 16); + iputils_MD5Transform(ctx->buf, (uint32_t *)ctx->in); + buf += t; + len -= t; + } + + /* Process data in 64-byte chunks */ + while (len >= 64) { + memcpy(ctx->in, buf, 64); + byteReverse(ctx->in, 16); + iputils_MD5Transform(ctx->buf, (uint32_t *)ctx->in); + buf += 64; + len -= 64; + } + + /* Handle any remaining bytes of data. */ + memcpy(ctx->in, buf, len); +} + +/* + * Final wrapup - pad to 64-byte boundary with the bit pattern 1 0* (64-bit + * count of bits processed, MSB-first) + */ +void iputils_MD5Final(unsigned char digest[IPUTILS_MD5LENGTH], + struct IPUTILS_MD5Context *ctx) +{ + unsigned count; + unsigned char *p; + + /* Compute number of bytes mod 64 */ + count = (ctx->bits[0] >> 3) & 0x3F; + + /* + * Set the first char of padding to 0x80. This is safe since there is + * always at least one byte free + */ + p = ctx->in + count; + *p++ = 0x80; + + /* Bytes of padding needed to make 64 bytes */ + count = 64 - 1 - count; + + /* Pad out to 56 mod 64 */ + if (count < 8) { + /* Two lots of padding: Pad the first block to 64 bytes */ + memset(p, 0, count); + byteReverse(ctx->in, 16); + iputils_MD5Transform(ctx->buf, (uint32_t *)ctx->in); + + /* Now fill the next block with 56 bytes */ + memset(ctx->in, 0, 56); + } else { + /* Pad block to 56 bytes */ + memset(p, 0, count - 8); + } + byteReverse(ctx->in, 14); + + /* + * Append length in bits and transform. Use memcpy to avoid aliasing + * problems. On most systems, this will be optimized away to the same + * code. + */ + memcpy(&ctx->in[14 * sizeof(uint32_t)], &ctx->bits[0], 4); + memcpy(&ctx->in[15 * sizeof(uint32_t)], &ctx->bits[1], 4); + + iputils_MD5Transform(ctx->buf, (uint32_t *)ctx->in); + byteReverse((unsigned char *)ctx->buf, 4); + memcpy(digest, ctx->buf, IPUTILS_MD5LENGTH); + memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ +} + +#ifndef ASM_MD5 + +/* The four core functions - F1 is optimized somewhat */ + +/* #define F1(x, y, z) (x & y | ~x & z) */ +# define F1(x, y, z) (z ^ (x & (y ^ z))) +# define F2(x, y, z) F1(z, x, y) +# define F3(x, y, z) (x ^ y ^ z) +# define F4(x, y, z) (y ^ (x | ~z)) + +/* This is the central step in the MD5 algorithm. */ +# define MD5STEP(f, w, x, y, z, data, s) \ + ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) + +/* + * The core of the MD5 algorithm, this alters an existing MD5 hash to reflect + * the addition of 16 longwords of new data. MD5Update blocks the data and + * converts bytes into longwords for this routine. + */ +void iputils_MD5Transform(uint32_t buf[4], uint32_t const in[16]) +{ + register uint32_t a, b, c, d; + + a = buf[0]; + b = buf[1]; + c = buf[2]; + d = buf[3]; + + MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); + MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); + MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); + MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); + MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); + MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); + MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); + MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); + MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); + MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); + MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); + MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); + MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); + MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); + MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); + MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); + + MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); + MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); + MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); + MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); + MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); + MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); + MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); + MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); + MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); + MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); + MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); + MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); + MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); + MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); + MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); + MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); + + MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); + MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); + MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); + MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); + MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); + MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); + MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); + MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); + MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); + MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); + MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); + MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); + MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); + MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); + MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); + MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); + + MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); + MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); + MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); + MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); + MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); + MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); + MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); + MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); + MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); + MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); + MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); + MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); + MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); + MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); + MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); + MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); + + buf[0] += a; + buf[1] += b; + buf[2] += c; + buf[3] += d; +} + +#endif /* ifndef ASM_MD5 */ diff --git a/md5.h b/md5.h new file mode 100644 index 00000000..f317c698 --- /dev/null +++ b/md5.h @@ -0,0 +1,26 @@ +#ifndef IPUTILS_MD5_H +# define IPUTILS_MD5_H + +# include + +# define IPUTILS_MD5LENGTH 16 + +struct IPUTILS_MD5Context { + uint32_t buf[4]; + uint32_t bits[2]; + unsigned char in[64]; +}; + +/* + * This is needed to make RSAREF happy on some MS-DOS compilers. + */ +typedef struct IPUTILS_MD5Context IPUTILS_MD5_CTX; + +void iputils_MD5Init(struct IPUTILS_MD5Context *context); +void iputils_MD5Update(struct IPUTILS_MD5Context *context, + const char *buf, unsigned len); +void iputils_MD5Final(unsigned char digest[IPUTILS_MD5LENGTH], + struct IPUTILS_MD5Context *context); +void iputils_MD5Transform(uint32_t buf[4], uint32_t const in[16]); + +#endif diff --git a/meson.build b/meson.build index b3bbffa0..53c65b23 100644 --- a/meson.build +++ b/meson.build @@ -140,25 +140,8 @@ else idn_dep = dependency('disabler-appears-to-disable-executable-build', required : false) endif -crypto = get_option('USE_CRYPTO') -crypto_dep = [] -if crypto == 'nettle' - crypto_dep += dependency('nettle') - conf.set('USE_NETTLE', 1, description : 'If set use nettle crypto library.') -elif crypto == 'gcrypt' - crypto_dep += cc.find_library('gcrypt') - crypto_dep += dependency('gpg-error', required : true) - conf.set('USE_GCRYPT', 1, description : 'If set use gcrypt crypto library.') -elif crypto == 'openssl' - crypto_dep += dependency('openssl') - conf.set('USE_OPENSSL', 1, description : 'if set use openssl crypto library.') -elif crypto == 'kernel' - crypto_dep += dependency('disabler-appears-to-disable-executable-build', required : false) - conf.set('USE_KERNEL_CRYPTO_API', 1, description : 'if set use Linux kernel Crypto API.') -elif crypto == 'none' - crypto_dep += dependency('disabler-appears-to-disable-executable-build', required : false) - conf.set('PING6_NONCE_MEMORY', 1, - description : 'If set RFC6744 random does not use any CRYPTO lib.') +if host_machine.endian() == 'big' + conf.set('WORDS_BIGENDIAN', '1') endif if build_rdisc == true @@ -168,15 +151,10 @@ if build_rdisc == true endif if build_ninfod == true - if crypto == 'none' - error('BUILD_NINFOD=true and USE_CRYPTO=none cannot be combined') - endif if cc.has_header('stdio.h') and cc.has_header('stdlib.h') and cc.has_header('stddef.h') conf.set('STDC_HEADERS', 1, description : 'Defined if we have standard c headers.') endif foreach h : [ - 'gcrypt.h', - 'gnutls/openssl.h', 'inttypes.h', 'limits.h', 'linux/rtnetlink.h', @@ -185,7 +163,6 @@ if build_ninfod == true 'netinet/icmp6.h', 'netinet/in.h', 'netinet/ip6.h', - 'openssl/md5.h', 'pwd.h', 'stdint.h', 'stdlib.h', @@ -251,7 +228,10 @@ else endif ############################################################ -common_sources = files('iputils_common.h', 'iputils_common.c') +common_sources = files( + 'iputils_common.h', 'iputils_common.c', + 'md5.h', 'md5.c' +) libcommon = static_library( 'common', [common_sources, git_version_h], @@ -380,7 +360,6 @@ output += ' (capability or suid: ' + setcap_traceroute6.to_string() + ')\n' output += '\nCONFIGURATION\n' output += 'Capatiblity (with libcap): ' + cap.to_string() + '\n' -output += 'Crypto: ' + crypto + '\n' output += 'IDN (with libidn2): ' + idn.to_string() + '\n' output += 'I18N (with gettext): ' + gettext.to_string() + '\n' output += 'systemd: ' + systemd.found().to_string() + '\n' diff --git a/meson_options.txt b/meson_options.txt index 4129fe5c..aade675b 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -4,10 +4,6 @@ option('USE_CAP', type : 'boolean', value : true, option('USE_IDN', type : 'boolean', value : true, description : 'IDN support (with libidn2)') -option('USE_CRYPTO', type : 'combo', - choices : [ 'none', 'gcrypt', 'nettle', 'openssl', 'kernel' ], value : 'openssl', - description: 'Crypto library support') - option('BUILD_ARPING', type : 'boolean', value : true, description : 'Build arping') diff --git a/ninfod/meson.build b/ninfod/meson.build index 02fda8b4..80b0a444 100644 --- a/ninfod/meson.build +++ b/ninfod/meson.build @@ -10,7 +10,7 @@ ninfod_sources = files(''' ninfod_name.c '''.split()) executable('ninfod', [ninfod_sources, git_version_h], - dependencies : [cap_dep, crypto_dep, rt_dep, threads], + dependencies : [cap_dep, rt_dep, threads], link_with : [libcommon], include_directories : inc, install: true, diff --git a/ninfod/ninfod_name.c b/ninfod/ninfod_name.c index 06db85c0..396bcdf4 100644 --- a/ninfod/ninfod_name.c +++ b/ninfod/ninfod_name.c @@ -95,14 +95,6 @@ #include -#if defined(HAVE_GCRYPT_H) || defined(USE_KERNEL_CRYPTO_API) || defined(USE_NETTLE) -# include "iputils_md5dig.h" -#elif defined(HAVE_GNUTLS_OPENSSL_H) -# include -#elif defined(HAVE_OPENSSL_MD5_H) -# include -#endif - #if HAVE_SYS_UTSNAME_H # include #endif @@ -117,6 +109,7 @@ #include "iputils_ni.h" #include "ninfod.h" +#include "md5.h" /* Hmm,,, */ #ifndef IPV6_JOIN_GROUP @@ -242,15 +235,15 @@ static int compare_dnsname(const char *s, size_t slen, static int nodeinfo_group(const char *dnsname, struct in6_addr *nigrp) { - MD5_CTX ctxt; + IPUTILS_MD5_CTX ctxt; unsigned char digest[16]; if (!dnsname || !nigrp) return -1; - MD5_Init(&ctxt); - MD5_Update(&ctxt, dnsname, *dnsname); - MD5_Final(digest, &ctxt); + iputils_MD5Init(&ctxt); + iputils_MD5Update(&ctxt, dnsname, *dnsname); + iputils_MD5Final(digest, &ctxt); #ifdef s6_addr32 nigrp->s6_addr32[0] = htonl(0xff020000); diff --git a/ping/meson.build b/ping/meson.build index 328ef930..f4cab4cc 100644 --- a/ping/meson.build +++ b/ping/meson.build @@ -10,7 +10,6 @@ executable('ping', [ include_directories : inc, dependencies : [ cap_dep, - crypto_dep, idn_dep, intl_dep, m_dep, diff --git a/ping/node_info.c b/ping/node_info.c index b0dbfc7f..9d9d1e91 100644 --- a/ping/node_info.c +++ b/ping/node_info.c @@ -33,13 +33,9 @@ #include #include "iputils_common.h" +#include "md5.h" #include "ping.h" -#if defined(USE_GCRYPT) || defined(USE_OPENSSL) || defined(USE_NETTLE) || defined(USE_KERNEL_CRYPTO_API) -#include "iputils_md5dig.h" -#define USE_CRYPTO -#endif - struct niquery_option { char *name; int namelen; @@ -105,21 +101,19 @@ void niquery_init_nonce(struct ping_ni *ni) } #if !PING6_NONCE_MEMORY -static int niquery_nonce(struct ping_ni *ni __attribute__((__unused__)), - uint8_t *nonce __attribute__((__unused__)), - int fill __attribute__((__unused__))) +static int niquery_nonce(struct ping_ni *ni, uint8_t *nonce, int fill) { -# ifdef USE_CRYPTO - static uint8_t digest[MD5_DIGEST_LENGTH]; + static uint8_t digest[IPUTILS_MD5LENGTH]; static int seq = -1; if (fill || seq != *(uint16_t *)nonce || seq == -1) { - MD5_CTX ctxt; + IPUTILS_MD5_CTX ctxt; - MD5_Init(&ctxt); - MD5_Update(&ctxt, &ni->nonce_secret, sizeof(ni->nonce_secret)); - MD5_Update(&ctxt, nonce, sizeof(uint16_t)); - MD5_Final(digest, &ctxt); + iputils_MD5Init(&ctxt); + iputils_MD5Update(&ctxt, (const char *)&ni->nonce_secret, + sizeof(ni->nonce_secret)); + iputils_MD5Update(&ctxt, (const char *)nonce, sizeof(uint16_t)); + iputils_MD5Final(digest, &ctxt); seq = *(uint16_t *)nonce; } @@ -132,10 +126,6 @@ static int niquery_nonce(struct ping_ni *ni __attribute__((__unused__)), return -1; return ntohsp((uint16_t *)nonce); } -# else - error(3, ENOSYS, _("niquery_nonce() crypto disabled")); - return -1; -# endif } #endif @@ -291,7 +281,6 @@ static int niquery_option_subject_addr_handler(struct ping_ni *ni, int index, co # endif #endif -#ifdef USE_CRYPTO static int niquery_option_subject_name_handler(struct ping_ni *ni, int index, const char *name) { static char nigroup_buf[INET6_ADDRSTRLEN + 1 + IFNAMSIZ]; @@ -300,12 +289,12 @@ static int niquery_option_subject_name_handler(struct ping_ni *ni, int index, co size_t i; char *p; char *canonname = NULL, *idn = NULL; - unsigned char *buf = NULL; + char *buf = NULL; size_t namelen; size_t buflen; int dots, fqdn = niquery_options[index].data; - MD5_CTX ctxt; - uint8_t digest[MD5_DIGEST_LENGTH]; + IPUTILS_MD5_CTX ctxt; + uint8_t digest[IPUTILS_MD5LENGTH]; #ifdef USE_IDN int rc; #endif @@ -370,9 +359,9 @@ static int niquery_option_subject_name_handler(struct ping_ni *ni, int index, co goto errexit; } - MD5_Init(&ctxt); - MD5_Update(&ctxt, buf, buf[0]); - MD5_Final(digest, &ctxt); + iputils_MD5Init(&ctxt); + iputils_MD5Update(&ctxt, buf, buf[0]); + iputils_MD5Final(digest, &ctxt); sprintf(nigroup_buf, "ff02::2:%02x%02x:%02x%02x%s%s", digest[0], digest[1], digest[2], digest[3], @@ -400,15 +389,6 @@ static int niquery_option_subject_name_handler(struct ping_ni *ni, int index, co free(idn); exit(1); } -#else -static int niquery_option_subject_name_handler(struct ping_ni *ni __attribute__((__unused__)), - int index __attribute__((__unused__)), - const char *name __attribute__((__unused__))) -{ - error(3, ENOSYS, _("niquery_option_subject_name_handler() crypto disabled")); - abort(); -} -#endif int niquery_option_help_handler(struct ping_ni *ni __attribute__((__unused__)), int index, diff --git a/travis/alpine.sh b/travis/alpine.sh index 20aac35e..ce2e6301 100755 --- a/travis/alpine.sh +++ b/travis/alpine.sh @@ -16,6 +16,4 @@ apk add \ make \ meson \ musl-dev \ - nettle-dev \ - openssl-dev \ pkgconfig diff --git a/travis/debian.sh b/travis/debian.sh index 3a9bbae9..cb7fa323 100755 --- a/travis/debian.sh +++ b/travis/debian.sh @@ -29,7 +29,6 @@ apt install -y --no-install-recommends \ libssl-dev \ make \ meson \ - nettle-dev \ pkg-config \ xsltproc diff --git a/travis/fedora.sh b/travis/fedora.sh index 096917eb..72858548 100755 --- a/travis/fedora.sh +++ b/travis/fedora.sh @@ -9,8 +9,6 @@ yum -y install \ libcap-devel \ libxslt \ make \ - nettle-devel \ - openssl-devel \ pkg-config \ which diff --git a/travis/opensuse.sh b/travis/opensuse.sh index f0d5c29f..fbc8652c 100755 --- a/travis/opensuse.sh +++ b/travis/opensuse.sh @@ -11,11 +11,9 @@ zypper --non-interactive install --no-recommends \ libcap-devel \ libcap-progs \ libidn2-devel \ - libnettle-devel \ libxslt-tools \ make \ meson \ ninja \ - openssl-devel \ pkg-config \ which