From 214ed83afcce7f08406b17144040891eb40113cf Mon Sep 17 00:00:00 2001 From: Sami Kerola Date: Sun, 1 Dec 2019 16:11:03 +0000 Subject: [PATCH] common: copy md5 implementation to iputils project This allows avoiding linking to crypto libraries, or expect kernel api to provide md5 functionality. Notice that earlier use of kernel api could result to binary zero md5 values being used, that is not how RFC4620 tells subject names should be used. See bug report for details. Reported-by: Noah Meyerhans Addresses: https://github.com/iputils/iputils/issues/239 Reference: https://tools.ietf.org/html/rfc4620 Reviewed-by: Petr Vorel Signed-off-by: Sami Kerola --- iputils_md5dig.h | 142 ------------------------ md5.c | 257 +++++++++++++++++++++++++++++++++++++++++++ md5.h | 26 +++++ meson.build | 33 +----- meson_options.txt | 4 - ninfod/meson.build | 2 +- ninfod/ninfod_name.c | 17 +-- ping/meson.build | 1 - ping/node_info.c | 50 +++------ travis/alpine.sh | 2 - travis/debian.sh | 1 - travis/fedora.sh | 2 - travis/opensuse.sh | 2 - 13 files changed, 310 insertions(+), 229 deletions(-) delete mode 100644 iputils_md5dig.h create mode 100644 md5.c create mode 100644 md5.h diff --git a/iputils_md5dig.h b/iputils_md5dig.h deleted file mode 100644 index bfa7f02d..00000000 --- a/iputils_md5dig.h +++ /dev/null @@ -1,142 +0,0 @@ -#ifndef IPUTILS_MD5DIG_H -#define IPUTILS_MD5DIG_H - -#if defined(USE_GCRYPT) -# include -# include -# define IPUTILS_MD5DIG_LEN 16 -#elif defined(USE_NETTLE) -# include -#elif defined(USE_OPENSSL) -# include -#elif defined(USE_KERNEL_CRYPTO_API) -# define IPUTILS_MD5DIG_LEN 16 -# include -# include -# include -# include -# include -# include "iputils_common.h" -#endif - -#if defined(USE_GCRYPT) -typedef struct { - gcry_md_hd_t dig; -} iputils_md5dig_ctx; - -static void iputils_md5dig_init(iputils_md5dig_ctx *ctx) -{ - if (gcry_md_open(&ctx->dig, GCRY_MD_MD5, 0) != GPG_ERR_NO_ERROR) - abort(); - return; -} - -static void iputils_md5dig_update(iputils_md5dig_ctx *ctx, - const void *buf, int len) -{ - gcry_md_write(ctx->dig, buf, len); - return; -} - -static void iputils_md5dig_final(unsigned char *digest, - iputils_md5dig_ctx *ctx) -{ - const void *p; - size_t dlen; - - p = gcry_md_read(ctx->dig, GCRY_MD_MD5); - dlen = gcry_md_get_algo_dlen(GCRY_MD_MD5); - - if (dlen != IPUTILS_MD5DIG_LEN) - abort(); - - memcpy(digest, p, dlen); - - gcry_md_close(ctx->dig); -} - -# define MD5_DIGEST_LENGTH IPUTILS_MD5DIG_LEN -# define MD5_CTX iputils_md5dig_ctx -# define MD5_Init iputils_md5dig_init -# define MD5_Update iputils_md5dig_update -# define MD5_Final iputils_md5dig_final - -#elif defined(USE_NETTLE) -typedef struct md5_ctx iputils_md5dig_ctx; - -static void iputils_md5dig_init(iputils_md5dig_ctx *ctx) -{ - md5_init(ctx); - return; -} - -static void iputils_md5dig_update(iputils_md5dig_ctx *ctx, - const void *buf, int len) -{ - md5_update(ctx, len, buf); - return; -} - -static void iputils_md5dig_final(unsigned char *digest, - iputils_md5dig_ctx *ctx) -{ - md5_digest(ctx, MD5_DIGEST_SIZE, digest); -} - -# define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE -# define MD5_CTX iputils_md5dig_ctx -# define MD5_Init iputils_md5dig_init -# define MD5_Update iputils_md5dig_update -# define MD5_Final iputils_md5dig_final -#elif defined(USE_KERNEL_CRYPTO_API) -typedef struct { - int bind_sock; - int comm_sock; -} iputils_md5dig_ctx; - -static void iputils_md5dig_init(iputils_md5dig_ctx *const ctx) -{ - const struct sockaddr_alg sa = { - .salg_family = AF_ALG, - .salg_type = "hash", - .salg_name = "md5" - }; - - ctx->comm_sock = -1; - if ((ctx->bind_sock = socket(AF_ALG, SOCK_SEQPACKET, 0)) < 0) - return; - if (bind(ctx->bind_sock, (struct sockaddr *)&sa, sizeof(sa)) < 0) - return; - ctx->comm_sock = accept(ctx->bind_sock, NULL, 0); - return; -} - -static void iputils_md5dig_update(iputils_md5dig_ctx *ctx, - void const *const buf, const int len) -{ - if (ctx->comm_sock < 0) - return; - if (write(ctx->comm_sock, buf, len) != len) - error(0, errno, "write to AF_ALG socket failed"); - return; -} - -static void iputils_md5dig_final(unsigned char *digest, - iputils_md5dig_ctx const *const ctx) -{ - if (ctx->comm_sock < 0) - return; - if (read(ctx->comm_sock, digest, IPUTILS_MD5DIG_LEN) != IPUTILS_MD5DIG_LEN) - error(0, errno, "read from AF_ALG socket failed"); - close(ctx->comm_sock); - close(ctx->bind_sock); -} - -# define MD5_DIGEST_LENGTH IPUTILS_MD5DIG_LEN -# define MD5_CTX iputils_md5dig_ctx -# define MD5_Init iputils_md5dig_init -# define MD5_Update iputils_md5dig_update -# define MD5_Final iputils_md5dig_final -#endif - -#endif diff --git a/md5.c b/md5.c new file mode 100644 index 00000000..9b92ae52 --- /dev/null +++ b/md5.c @@ -0,0 +1,257 @@ +/* + * This code implements the MD5 message-digest algorithm. The algorithm is due + * to Ron Rivest. This code was written by Colin Plumb in 1993, no copyright + * is claimed. This code is in the public domain; do with it what you wish. + * + * Equivalent code is available from RSA Data Security, Inc. This code has + * been tested against that, and is equivalent, except that you don't need to + * include two pages of legalese with every copy. + * + * To compute the message digest of a chunk of bytes, declare an MD5Context + * structure, pass it to MD5Init, call MD5Update as needed on buffers full of + * bytes, and then call MD5Final, which will fill a supplied 16-byte array with + * the digest. + */ + +#include + +#include "md5.h" + +#if !defined(WORDS_BIGENDIAN) +# define byteReverse(buf, len) /* Nothing */ +#else +static void byteReverse(unsigned char *buf, unsigned longs); + +# ifndef ASM_MD5 +/* + * Note: this code is harmless on little-endian machines. + */ +static void byteReverse(unsigned char *buf, unsigned longs) +{ + uint32_t t; + + do { + t = (uint32_t)((unsigned)buf[3] << 8 | buf[2]) << 16 | + ((unsigned)buf[1] << 8 | buf[0]); + *(uint32_t *)buf = t; + buf += 4; + } while (--longs); +} +# endif /* !ASM_MD5 */ +#endif /* !WORDS_BIGENDIAN */ + +/* + * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious + * initialization constants. + */ +void iputils_MD5Init(struct IPUTILS_MD5Context *ctx) +{ + ctx->buf[0] = 0x67452301; + ctx->buf[1] = 0xefcdab89; + ctx->buf[2] = 0x98badcfe; + ctx->buf[3] = 0x10325476; + + ctx->bits[0] = 0; + ctx->bits[1] = 0; +} + +/* + * Update context to reflect the concatenation of another buffer full of bytes. + */ +void iputils_MD5Update(struct IPUTILS_MD5Context *ctx, const char *buf, + unsigned len) +{ + uint32_t t; + + /* Update bitcount */ + t = ctx->bits[0]; + if ((ctx->bits[0] = t + ((uint32_t)len << 3)) < t) + ctx->bits[1]++; /* Carry from low to high */ + ctx->bits[1] += len >> 29; + + t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ + + /* Handle any leading odd-sized chunks */ + if (t) { + unsigned char *p = (unsigned char *)ctx->in + t; + + t = 64 - t; + if (len < t) { + memcpy(p, buf, len); + return; + } + memcpy(p, buf, t); + byteReverse(ctx->in, 16); + iputils_MD5Transform(ctx->buf, (uint32_t *)ctx->in); + buf += t; + len -= t; + } + + /* Process data in 64-byte chunks */ + while (len >= 64) { + memcpy(ctx->in, buf, 64); + byteReverse(ctx->in, 16); + iputils_MD5Transform(ctx->buf, (uint32_t *)ctx->in); + buf += 64; + len -= 64; + } + + /* Handle any remaining bytes of data. */ + memcpy(ctx->in, buf, len); +} + +/* + * Final wrapup - pad to 64-byte boundary with the bit pattern 1 0* (64-bit + * count of bits processed, MSB-first) + */ +void iputils_MD5Final(unsigned char digest[IPUTILS_MD5LENGTH], + struct IPUTILS_MD5Context *ctx) +{ + unsigned count; + unsigned char *p; + + /* Compute number of bytes mod 64 */ + count = (ctx->bits[0] >> 3) & 0x3F; + + /* + * Set the first char of padding to 0x80. This is safe since there is + * always at least one byte free + */ + p = ctx->in + count; + *p++ = 0x80; + + /* Bytes of padding needed to make 64 bytes */ + count = 64 - 1 - count; + + /* Pad out to 56 mod 64 */ + if (count < 8) { + /* Two lots of padding: Pad the first block to 64 bytes */ + memset(p, 0, count); + byteReverse(ctx->in, 16); + iputils_MD5Transform(ctx->buf, (uint32_t *)ctx->in); + + /* Now fill the next block with 56 bytes */ + memset(ctx->in, 0, 56); + } else { + /* Pad block to 56 bytes */ + memset(p, 0, count - 8); + } + byteReverse(ctx->in, 14); + + /* + * Append length in bits and transform. Use memcpy to avoid aliasing + * problems. On most systems, this will be optimized away to the same + * code. + */ + memcpy(&ctx->in[14 * sizeof(uint32_t)], &ctx->bits[0], 4); + memcpy(&ctx->in[15 * sizeof(uint32_t)], &ctx->bits[1], 4); + + iputils_MD5Transform(ctx->buf, (uint32_t *)ctx->in); + byteReverse((unsigned char *)ctx->buf, 4); + memcpy(digest, ctx->buf, IPUTILS_MD5LENGTH); + memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ +} + +#ifndef ASM_MD5 + +/* The four core functions - F1 is optimized somewhat */ + +/* #define F1(x, y, z) (x & y | ~x & z) */ +# define F1(x, y, z) (z ^ (x & (y ^ z))) +# define F2(x, y, z) F1(z, x, y) +# define F3(x, y, z) (x ^ y ^ z) +# define F4(x, y, z) (y ^ (x | ~z)) + +/* This is the central step in the MD5 algorithm. */ +# define MD5STEP(f, w, x, y, z, data, s) \ + ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) + +/* + * The core of the MD5 algorithm, this alters an existing MD5 hash to reflect + * the addition of 16 longwords of new data. MD5Update blocks the data and + * converts bytes into longwords for this routine. + */ +void iputils_MD5Transform(uint32_t buf[4], uint32_t const in[16]) +{ + register uint32_t a, b, c, d; + + a = buf[0]; + b = buf[1]; + c = buf[2]; + d = buf[3]; + + MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); + MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); + MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); + MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); + MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); + MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); + MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); + MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); + MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); + MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); + MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); + MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); + MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); + MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); + MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); + MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); + + MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); + MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); + MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); + MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); + MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); + MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); + MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); + MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); + MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); + MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); + MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); + MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); + MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); + MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); + MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); + MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); + + MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); + MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); + MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); + MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); + MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); + MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); + MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); + MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); + MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); + MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); + MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); + MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); + MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); + MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); + MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); + MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); + + MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); + MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); + MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); + MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); + MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); + MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); + MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); + MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); + MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); + MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); + MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); + MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); + MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); + MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); + MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); + MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); + + buf[0] += a; + buf[1] += b; + buf[2] += c; + buf[3] += d; +} + +#endif /* ifndef ASM_MD5 */ diff --git a/md5.h b/md5.h new file mode 100644 index 00000000..f317c698 --- /dev/null +++ b/md5.h @@ -0,0 +1,26 @@ +#ifndef IPUTILS_MD5_H +# define IPUTILS_MD5_H + +# include + +# define IPUTILS_MD5LENGTH 16 + +struct IPUTILS_MD5Context { + uint32_t buf[4]; + uint32_t bits[2]; + unsigned char in[64]; +}; + +/* + * This is needed to make RSAREF happy on some MS-DOS compilers. + */ +typedef struct IPUTILS_MD5Context IPUTILS_MD5_CTX; + +void iputils_MD5Init(struct IPUTILS_MD5Context *context); +void iputils_MD5Update(struct IPUTILS_MD5Context *context, + const char *buf, unsigned len); +void iputils_MD5Final(unsigned char digest[IPUTILS_MD5LENGTH], + struct IPUTILS_MD5Context *context); +void iputils_MD5Transform(uint32_t buf[4], uint32_t const in[16]); + +#endif diff --git a/meson.build b/meson.build index b3bbffa0..53c65b23 100644 --- a/meson.build +++ b/meson.build @@ -140,25 +140,8 @@ else idn_dep = dependency('disabler-appears-to-disable-executable-build', required : false) endif -crypto = get_option('USE_CRYPTO') -crypto_dep = [] -if crypto == 'nettle' - crypto_dep += dependency('nettle') - conf.set('USE_NETTLE', 1, description : 'If set use nettle crypto library.') -elif crypto == 'gcrypt' - crypto_dep += cc.find_library('gcrypt') - crypto_dep += dependency('gpg-error', required : true) - conf.set('USE_GCRYPT', 1, description : 'If set use gcrypt crypto library.') -elif crypto == 'openssl' - crypto_dep += dependency('openssl') - conf.set('USE_OPENSSL', 1, description : 'if set use openssl crypto library.') -elif crypto == 'kernel' - crypto_dep += dependency('disabler-appears-to-disable-executable-build', required : false) - conf.set('USE_KERNEL_CRYPTO_API', 1, description : 'if set use Linux kernel Crypto API.') -elif crypto == 'none' - crypto_dep += dependency('disabler-appears-to-disable-executable-build', required : false) - conf.set('PING6_NONCE_MEMORY', 1, - description : 'If set RFC6744 random does not use any CRYPTO lib.') +if host_machine.endian() == 'big' + conf.set('WORDS_BIGENDIAN', '1') endif if build_rdisc == true @@ -168,15 +151,10 @@ if build_rdisc == true endif if build_ninfod == true - if crypto == 'none' - error('BUILD_NINFOD=true and USE_CRYPTO=none cannot be combined') - endif if cc.has_header('stdio.h') and cc.has_header('stdlib.h') and cc.has_header('stddef.h') conf.set('STDC_HEADERS', 1, description : 'Defined if we have standard c headers.') endif foreach h : [ - 'gcrypt.h', - 'gnutls/openssl.h', 'inttypes.h', 'limits.h', 'linux/rtnetlink.h', @@ -185,7 +163,6 @@ if build_ninfod == true 'netinet/icmp6.h', 'netinet/in.h', 'netinet/ip6.h', - 'openssl/md5.h', 'pwd.h', 'stdint.h', 'stdlib.h', @@ -251,7 +228,10 @@ else endif ############################################################ -common_sources = files('iputils_common.h', 'iputils_common.c') +common_sources = files( + 'iputils_common.h', 'iputils_common.c', + 'md5.h', 'md5.c' +) libcommon = static_library( 'common', [common_sources, git_version_h], @@ -380,7 +360,6 @@ output += ' (capability or suid: ' + setcap_traceroute6.to_string() + ')\n' output += '\nCONFIGURATION\n' output += 'Capatiblity (with libcap): ' + cap.to_string() + '\n' -output += 'Crypto: ' + crypto + '\n' output += 'IDN (with libidn2): ' + idn.to_string() + '\n' output += 'I18N (with gettext): ' + gettext.to_string() + '\n' output += 'systemd: ' + systemd.found().to_string() + '\n' diff --git a/meson_options.txt b/meson_options.txt index 4129fe5c..aade675b 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -4,10 +4,6 @@ option('USE_CAP', type : 'boolean', value : true, option('USE_IDN', type : 'boolean', value : true, description : 'IDN support (with libidn2)') -option('USE_CRYPTO', type : 'combo', - choices : [ 'none', 'gcrypt', 'nettle', 'openssl', 'kernel' ], value : 'openssl', - description: 'Crypto library support') - option('BUILD_ARPING', type : 'boolean', value : true, description : 'Build arping') diff --git a/ninfod/meson.build b/ninfod/meson.build index 02fda8b4..80b0a444 100644 --- a/ninfod/meson.build +++ b/ninfod/meson.build @@ -10,7 +10,7 @@ ninfod_sources = files(''' ninfod_name.c '''.split()) executable('ninfod', [ninfod_sources, git_version_h], - dependencies : [cap_dep, crypto_dep, rt_dep, threads], + dependencies : [cap_dep, rt_dep, threads], link_with : [libcommon], include_directories : inc, install: true, diff --git a/ninfod/ninfod_name.c b/ninfod/ninfod_name.c index 06db85c0..396bcdf4 100644 --- a/ninfod/ninfod_name.c +++ b/ninfod/ninfod_name.c @@ -95,14 +95,6 @@ #include -#if defined(HAVE_GCRYPT_H) || defined(USE_KERNEL_CRYPTO_API) || defined(USE_NETTLE) -# include "iputils_md5dig.h" -#elif defined(HAVE_GNUTLS_OPENSSL_H) -# include -#elif defined(HAVE_OPENSSL_MD5_H) -# include -#endif - #if HAVE_SYS_UTSNAME_H # include #endif @@ -117,6 +109,7 @@ #include "iputils_ni.h" #include "ninfod.h" +#include "md5.h" /* Hmm,,, */ #ifndef IPV6_JOIN_GROUP @@ -242,15 +235,15 @@ static int compare_dnsname(const char *s, size_t slen, static int nodeinfo_group(const char *dnsname, struct in6_addr *nigrp) { - MD5_CTX ctxt; + IPUTILS_MD5_CTX ctxt; unsigned char digest[16]; if (!dnsname || !nigrp) return -1; - MD5_Init(&ctxt); - MD5_Update(&ctxt, dnsname, *dnsname); - MD5_Final(digest, &ctxt); + iputils_MD5Init(&ctxt); + iputils_MD5Update(&ctxt, dnsname, *dnsname); + iputils_MD5Final(digest, &ctxt); #ifdef s6_addr32 nigrp->s6_addr32[0] = htonl(0xff020000); diff --git a/ping/meson.build b/ping/meson.build index 328ef930..f4cab4cc 100644 --- a/ping/meson.build +++ b/ping/meson.build @@ -10,7 +10,6 @@ executable('ping', [ include_directories : inc, dependencies : [ cap_dep, - crypto_dep, idn_dep, intl_dep, m_dep, diff --git a/ping/node_info.c b/ping/node_info.c index b0dbfc7f..9d9d1e91 100644 --- a/ping/node_info.c +++ b/ping/node_info.c @@ -33,13 +33,9 @@ #include #include "iputils_common.h" +#include "md5.h" #include "ping.h" -#if defined(USE_GCRYPT) || defined(USE_OPENSSL) || defined(USE_NETTLE) || defined(USE_KERNEL_CRYPTO_API) -#include "iputils_md5dig.h" -#define USE_CRYPTO -#endif - struct niquery_option { char *name; int namelen; @@ -105,21 +101,19 @@ void niquery_init_nonce(struct ping_ni *ni) } #if !PING6_NONCE_MEMORY -static int niquery_nonce(struct ping_ni *ni __attribute__((__unused__)), - uint8_t *nonce __attribute__((__unused__)), - int fill __attribute__((__unused__))) +static int niquery_nonce(struct ping_ni *ni, uint8_t *nonce, int fill) { -# ifdef USE_CRYPTO - static uint8_t digest[MD5_DIGEST_LENGTH]; + static uint8_t digest[IPUTILS_MD5LENGTH]; static int seq = -1; if (fill || seq != *(uint16_t *)nonce || seq == -1) { - MD5_CTX ctxt; + IPUTILS_MD5_CTX ctxt; - MD5_Init(&ctxt); - MD5_Update(&ctxt, &ni->nonce_secret, sizeof(ni->nonce_secret)); - MD5_Update(&ctxt, nonce, sizeof(uint16_t)); - MD5_Final(digest, &ctxt); + iputils_MD5Init(&ctxt); + iputils_MD5Update(&ctxt, (const char *)&ni->nonce_secret, + sizeof(ni->nonce_secret)); + iputils_MD5Update(&ctxt, (const char *)nonce, sizeof(uint16_t)); + iputils_MD5Final(digest, &ctxt); seq = *(uint16_t *)nonce; } @@ -132,10 +126,6 @@ static int niquery_nonce(struct ping_ni *ni __attribute__((__unused__)), return -1; return ntohsp((uint16_t *)nonce); } -# else - error(3, ENOSYS, _("niquery_nonce() crypto disabled")); - return -1; -# endif } #endif @@ -291,7 +281,6 @@ static int niquery_option_subject_addr_handler(struct ping_ni *ni, int index, co # endif #endif -#ifdef USE_CRYPTO static int niquery_option_subject_name_handler(struct ping_ni *ni, int index, const char *name) { static char nigroup_buf[INET6_ADDRSTRLEN + 1 + IFNAMSIZ]; @@ -300,12 +289,12 @@ static int niquery_option_subject_name_handler(struct ping_ni *ni, int index, co size_t i; char *p; char *canonname = NULL, *idn = NULL; - unsigned char *buf = NULL; + char *buf = NULL; size_t namelen; size_t buflen; int dots, fqdn = niquery_options[index].data; - MD5_CTX ctxt; - uint8_t digest[MD5_DIGEST_LENGTH]; + IPUTILS_MD5_CTX ctxt; + uint8_t digest[IPUTILS_MD5LENGTH]; #ifdef USE_IDN int rc; #endif @@ -370,9 +359,9 @@ static int niquery_option_subject_name_handler(struct ping_ni *ni, int index, co goto errexit; } - MD5_Init(&ctxt); - MD5_Update(&ctxt, buf, buf[0]); - MD5_Final(digest, &ctxt); + iputils_MD5Init(&ctxt); + iputils_MD5Update(&ctxt, buf, buf[0]); + iputils_MD5Final(digest, &ctxt); sprintf(nigroup_buf, "ff02::2:%02x%02x:%02x%02x%s%s", digest[0], digest[1], digest[2], digest[3], @@ -400,15 +389,6 @@ static int niquery_option_subject_name_handler(struct ping_ni *ni, int index, co free(idn); exit(1); } -#else -static int niquery_option_subject_name_handler(struct ping_ni *ni __attribute__((__unused__)), - int index __attribute__((__unused__)), - const char *name __attribute__((__unused__))) -{ - error(3, ENOSYS, _("niquery_option_subject_name_handler() crypto disabled")); - abort(); -} -#endif int niquery_option_help_handler(struct ping_ni *ni __attribute__((__unused__)), int index, diff --git a/travis/alpine.sh b/travis/alpine.sh index 20aac35e..ce2e6301 100755 --- a/travis/alpine.sh +++ b/travis/alpine.sh @@ -16,6 +16,4 @@ apk add \ make \ meson \ musl-dev \ - nettle-dev \ - openssl-dev \ pkgconfig diff --git a/travis/debian.sh b/travis/debian.sh index 3a9bbae9..cb7fa323 100755 --- a/travis/debian.sh +++ b/travis/debian.sh @@ -29,7 +29,6 @@ apt install -y --no-install-recommends \ libssl-dev \ make \ meson \ - nettle-dev \ pkg-config \ xsltproc diff --git a/travis/fedora.sh b/travis/fedora.sh index 096917eb..72858548 100755 --- a/travis/fedora.sh +++ b/travis/fedora.sh @@ -9,8 +9,6 @@ yum -y install \ libcap-devel \ libxslt \ make \ - nettle-devel \ - openssl-devel \ pkg-config \ which diff --git a/travis/opensuse.sh b/travis/opensuse.sh index f0d5c29f..fbc8652c 100755 --- a/travis/opensuse.sh +++ b/travis/opensuse.sh @@ -11,11 +11,9 @@ zypper --non-interactive install --no-recommends \ libcap-devel \ libcap-progs \ libidn2-devel \ - libnettle-devel \ libxslt-tools \ make \ meson \ ninja \ - openssl-devel \ pkg-config \ which