diff options
| -rw-r--r-- | Makefile.am | 2 | ||||
| -rw-r--r-- | Makefile.in | 2 | ||||
| -rw-r--r-- | RELNOTES | 6 | ||||
| -rw-r--r-- | common/dns.c | 2 | ||||
| -rwxr-xr-x | configure | 5 | ||||
| -rw-r--r-- | configure.ac | 1 | ||||
| -rw-r--r-- | dst/.cvsignore | 2 | ||||
| -rw-r--r-- | dst/Makefile.am | 8 | ||||
| -rw-r--r-- | dst/Makefile.in | 602 | ||||
| -rw-r--r-- | dst/base64.c | 322 | ||||
| -rw-r--r-- | dst/dst_api.c | 1108 | ||||
| -rw-r--r-- | dst/dst_internal.h | 171 | ||||
| -rw-r--r-- | dst/dst_support.c | 470 | ||||
| -rw-r--r-- | dst/hmac_link.c | 503 | ||||
| -rw-r--r-- | dst/md5.h | 123 | ||||
| -rw-r--r-- | dst/md5_dgst.c | 396 | ||||
| -rw-r--r-- | dst/md5_locl.h | 211 | ||||
| -rw-r--r-- | dst/prandom.c | 976 | ||||
| -rw-r--r-- | server/ddns.c | 3 |
19 files changed, 14 insertions, 4899 deletions
diff --git a/Makefile.am b/Makefile.am index 57fd09d2..f9134dd5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -25,7 +25,7 @@ EXTRA_DIST = RELNOTES LICENSE \ bind/Makefile.in bind/bind.tar.gz bind/version.tmp \ common/tests/Atffile server/tests/Atffile -SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server +SUBDIRS = bind includes tests common omapip client dhcpctl relay server nobase_include_HEADERS = dhcpctl/dhcpctl.h diff --git a/Makefile.in b/Makefile.in index 13263553..8ce8974c 100644 --- a/Makefile.in +++ b/Makefile.in @@ -349,7 +349,7 @@ EXTRA_DIST = RELNOTES LICENSE \ bind/Makefile.in bind/bind.tar.gz bind/version.tmp \ common/tests/Atffile server/tests/Atffile -SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server +SUBDIRS = bind includes tests common omapip client dhcpctl relay server nobase_include_HEADERS = dhcpctl/dhcpctl.h all: all-recursive @@ -88,6 +88,12 @@ by Eric Young (eay@cryptsoft.com). a proper length for it. [ISC-Bugs #39209] +- Remove the dst directory. This was replaced in 4.2.0 with the dst + code from the Bind libraries but we continued to include it for + backwards compatibility. As we have now released 4.3.x it seems + reasonable to remove it. + [ISC-Buts #39019] + Changes since 4.3.2rc2 - None diff --git a/common/dns.c b/common/dns.c index 5cf69796..0f8be80d 100644 --- a/common/dns.c +++ b/common/dns.c @@ -3,7 +3,7 @@ Domain Name Service subroutines. */ /* - * Copyright (c) 2009-2014 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 2009-2015 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 2001-2003 by Internet Software Consortium * @@ -6849,7 +6849,11 @@ $as_echo "#define FLEXIBLE_ARRAY_MEMBER /**/" >>confdefs.h fi +<<<<<<< HEAD ac_config_files="$ac_config_files Makefile bind/Makefile client/Makefile client/tests/Makefile common/Makefile common/tests/Makefile dhcpctl/Makefile dst/Makefile includes/Makefile omapip/Makefile relay/Makefile server/Makefile tests/Makefile tests/unittest.sh server/tests/Makefile doc/devel/doxyfile" +======= +ac_config_files="$ac_config_files Makefile client/Makefile client/tests/Makefile common/Makefile common/tests/Makefile dhcpctl/Makefile includes/Makefile omapip/Makefile relay/Makefile server/Makefile tests/Makefile tests/unittest.sh server/tests/Makefile doc/devel/doxyfile" +>>>>>>> rt39019 cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -7598,7 +7602,6 @@ do "common/Makefile") CONFIG_FILES="$CONFIG_FILES common/Makefile" ;; "common/tests/Makefile") CONFIG_FILES="$CONFIG_FILES common/tests/Makefile" ;; "dhcpctl/Makefile") CONFIG_FILES="$CONFIG_FILES dhcpctl/Makefile" ;; - "dst/Makefile") CONFIG_FILES="$CONFIG_FILES dst/Makefile" ;; "includes/Makefile") CONFIG_FILES="$CONFIG_FILES includes/Makefile" ;; "omapip/Makefile") CONFIG_FILES="$CONFIG_FILES omapip/Makefile" ;; "relay/Makefile") CONFIG_FILES="$CONFIG_FILES relay/Makefile" ;; diff --git a/configure.ac b/configure.ac index 8a183bcb..9f81078d 100644 --- a/configure.ac +++ b/configure.ac @@ -665,7 +665,6 @@ AC_CONFIG_FILES([ common/Makefile common/tests/Makefile dhcpctl/Makefile - dst/Makefile includes/Makefile omapip/Makefile relay/Makefile diff --git a/dst/.cvsignore b/dst/.cvsignore deleted file mode 100644 index 63f8570f..00000000 --- a/dst/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -.deps -Makefile diff --git a/dst/Makefile.am b/dst/Makefile.am deleted file mode 100644 index 8937fe8a..00000000 --- a/dst/Makefile.am +++ /dev/null @@ -1,8 +0,0 @@ -AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5 - -lib_LIBRARIES = libdst.a - -libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \ - base64.c prandom.c - -EXTRA_DIST = dst_internal.h md5.h md5_locl.h diff --git a/dst/Makefile.in b/dst/Makefile.in deleted file mode 100644 index 846877de..00000000 --- a/dst/Makefile.in +++ /dev/null @@ -1,602 +0,0 @@ -# Makefile.in generated by automake 1.14 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = dst -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/includes/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(libdir)" -LIBRARIES = $(lib_LIBRARIES) -AR = ar -ARFLAGS = cru -AM_V_AR = $(am__v_AR_@AM_V@) -am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@) -am__v_AR_0 = @echo " AR " $@; -am__v_AR_1 = -libdst_a_AR = $(AR) $(ARFLAGS) -libdst_a_LIBADD = -am_libdst_a_OBJECTS = dst_support.$(OBJEXT) dst_api.$(OBJEXT) \ - hmac_link.$(OBJEXT) md5_dgst.$(OBJEXT) base64.$(OBJEXT) \ - prandom.$(OBJEXT) -libdst_a_OBJECTS = $(am_libdst_a_OBJECTS) -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/includes -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libdst_a_SOURCES) -DIST_SOURCES = $(libdst_a_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -ATF_BIN = @ATF_BIN@ -ATF_CFLAGS = @ATF_CFLAGS@ -ATF_LDFLAGS = @ATF_LDFLAGS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BINDCONFIG = @BINDCONFIG@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LDAP_CFLAGS = @LDAP_CFLAGS@ -LDFLAGS = @LDFLAGS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -OBJEXT = @OBJEXT@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -RANLIB = @RANLIB@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_prefix_program = @ac_prefix_program@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -byte_order = @byte_order@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5 -lib_LIBRARIES = libdst.a -libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \ - base64.c prandom.c - -EXTRA_DIST = dst_internal.h md5.h md5_locl.h -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .o .obj -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign dst/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --foreign dst/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): -install-libLIBRARIES: $(lib_LIBRARIES) - @$(NORMAL_INSTALL) - @list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ - echo " $(INSTALL_DATA) $$list2 '$(DESTDIR)$(libdir)'"; \ - $(INSTALL_DATA) $$list2 "$(DESTDIR)$(libdir)" || exit $$?; } - @$(POST_INSTALL) - @list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \ - for p in $$list; do \ - if test -f $$p; then \ - $(am__strip_dir) \ - echo " ( cd '$(DESTDIR)$(libdir)' && $(RANLIB) $$f )"; \ - ( cd "$(DESTDIR)$(libdir)" && $(RANLIB) $$f ) || exit $$?; \ - else :; fi; \ - done - -uninstall-libLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - dir='$(DESTDIR)$(libdir)'; $(am__uninstall_files_from_dir) - -clean-libLIBRARIES: - -test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES) - -libdst.a: $(libdst_a_OBJECTS) $(libdst_a_DEPENDENCIES) $(EXTRA_libdst_a_DEPENDENCIES) - $(AM_V_at)-rm -f libdst.a - $(AM_V_AR)$(libdst_a_AR) libdst.a $(libdst_a_OBJECTS) $(libdst_a_LIBADD) - $(AM_V_at)$(RANLIB) libdst.a - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dst_api.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dst_support.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac_link.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5_dgst.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prandom.Po@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LIBRARIES) -installdirs: - for dir in "$(DESTDIR)$(libdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libLIBRARIES mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: install-libLIBRARIES - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-libLIBRARIES - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libLIBRARIES cscopelist-am ctags ctags-am distclean \ - distclean-compile distclean-generic distclean-tags distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-libLIBRARIES install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-libLIBRARIES - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/dst/base64.c b/dst/base64.c deleted file mode 100644 index 7b598642..00000000 --- a/dst/base64.c +++ /dev/null @@ -1,322 +0,0 @@ -/* - * Copyright (c) 2004,2009,2014 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1996-2003 by Internet Software Consortium - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Internet Systems Consortium, Inc. - * 950 Charter Street - * Redwood City, CA 94063 - * <info@isc.org> - * https://www.isc.org/ - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> - -#include <netinet/in.h> -#include <arpa/inet.h> - -#include <ctype.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include <sys/socket.h> - -#include "cdefs.h" -#include "osdep.h" -#include "arpa/nameser.h" - -#define Assert(Cond) if (!(Cond)) abort() - -static const char Base64[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -static const char Pad64 = '='; - -/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) - The following encoding technique is taken from RFC 1521 by Borenstein - and Freed. It is reproduced here in a slightly edited form for - convenience. - - A 65-character subset of US-ASCII is used, enabling 6 bits to be - represented per printable character. (The extra 65th character, "=", - is used to signify a special processing function.) - - The encoding process represents 24-bit groups of input bits as output - strings of 4 encoded characters. Proceeding from left to right, a - 24-bit input group is formed by concatenating 3 8-bit input groups. - These 24 bits are then treated as 4 concatenated 6-bit groups, each - of which is translated into a single digit in the base64 alphabet. - - Each 6-bit group is used as an index into an array of 64 printable - characters. The character referenced by the index is placed in the - output string. - - Table 1: The Base64 Alphabet - - Value Encoding Value Encoding Value Encoding Value Encoding - 0 A 17 R 34 i 51 z - 1 B 18 S 35 j 52 0 - 2 C 19 T 36 k 53 1 - 3 D 20 U 37 l 54 2 - 4 E 21 V 38 m 55 3 - 5 F 22 W 39 n 56 4 - 6 G 23 X 40 o 57 5 - 7 H 24 Y 41 p 58 6 - 8 I 25 Z 42 q 59 7 - 9 J 26 a 43 r 60 8 - 10 K 27 b 44 s 61 9 - 11 L 28 c 45 t 62 + - 12 M 29 d 46 u 63 / - 13 N 30 e 47 v - 14 O 31 f 48 w (pad) = - 15 P 32 g 49 x - 16 Q 33 h 50 y - - Special processing is performed if fewer than 24 bits are available - at the end of the data being encoded. A full encoding quantum is - always completed at the end of a quantity. When fewer than 24 input - bits are available in an input group, zero bits are added (on the - right) to form an integral number of 6-bit groups. Padding at the - end of the data is performed using the '=' character. - - Since all base64 input is an integral number of octets, only the - ------------------------------------------------- - following cases can arise: - - (1) the final quantum of encoding input is an integral - multiple of 24 bits; here, the final unit of encoded - output will be an integral multiple of 4 characters - with no "=" padding, - (2) the final quantum of encoding input is exactly 8 bits; - here, the final unit of encoded output will be two - characters followed by two "=" padding characters, or - (3) the final quantum of encoding input is exactly 16 bits; - here, the final unit of encoded output will be three - characters followed by one "=" padding character. - */ - -int -b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) { - size_t datalength = 0; - u_char input[3]; - u_char output[4]; - size_t i; - - while (2 < srclength) { - input[0] = *src++; - input[1] = *src++; - input[2] = *src++; - srclength -= 3; - - output[0] = input[0] >> 2; - output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); - output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); - output[3] = input[2] & 0x3f; - Assert(output[0] < 64); - Assert(output[1] < 64); - Assert(output[2] < 64); - Assert(output[3] < 64); - - if (datalength + 4 > targsize) - return (-1); - target[datalength++] = Base64[output[0]]; - target[datalength++] = Base64[output[1]]; - target[datalength++] = Base64[output[2]]; - target[datalength++] = Base64[output[3]]; - } - - /* Now we worry about padding. */ - if (0 != srclength) { - /* Get what's left. */ - input[0] = input[1] = input[2] = '\0'; - for (i = 0; i < srclength; i++) - input[i] = *src++; - - output[0] = input[0] >> 2; - output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); - output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); - Assert(output[0] < 64); - Assert(output[1] < 64); - Assert(output[2] < 64); - - if (datalength + 4 > targsize) - return (-1); - target[datalength++] = Base64[output[0]]; - target[datalength++] = Base64[output[1]]; - if (srclength == 1) - target[datalength++] = Pad64; - else - target[datalength++] = Base64[output[2]]; - target[datalength++] = Pad64; - } - if (datalength >= targsize) - return (-1); - target[datalength] = '\0'; /* Returned value doesn't count \0. */ - return (datalength); -} - -/* skips all whitespace anywhere. - converts characters, four at a time, starting at (or after) - src from base - 64 numbers into three 8 bit bytes in the target area. - it returns the number of data bytes stored at the target, or -1 on error. - */ - -int -b64_pton(src, target, targsize) - char const *src; - u_char *target; - size_t targsize; -{ - int tarindex, state, ch; - char *pos; - - state = 0; - tarindex = 0; - - while ((ch = *src++) != '\0') { - if (isspace(ch)) /* Skip whitespace anywhere. */ - continue; - - if (ch == Pad64) - break; - - pos = strchr(Base64, ch); - if (pos == 0) /* A non-base64 character. */ - return (-1); - - switch (state) { - case 0: - if (target) { - if ((size_t)tarindex >= targsize) - return (-1); - target[tarindex] = (pos - Base64) << 2; - } - state = 1; - break; - case 1: - if (target) { - if ((size_t)tarindex + 1 >= targsize) - return (-1); - target[tarindex] |= (pos - Base64) >> 4; - target[tarindex+1] = ((pos - Base64) & 0x0f) - << 4 ; - } - tarindex++; - state = 2; - break; - case 2: - if (target) { - if ((size_t)tarindex + 1 >= targsize) - return (-1); - target[tarindex] |= (pos - Base64) >> 2; - target[tarindex+1] = ((pos - Base64) & 0x03) - << 6; - } - tarindex++; - state = 3; - break; - case 3: - if (target) { - if ((size_t)tarindex >= targsize) - return (-1); - target[tarindex] |= (pos - Base64); - } - tarindex++; - state = 0; - break; - default: - abort(); - } - } - - /* - * We are done decoding Base-64 chars. Let's see if we ended - * on a byte boundary, and/or with erroneous trailing characters. - */ - - if (ch == Pad64) { /* We got a pad char. */ - ch = *src++; /* Skip it, get next. */ - switch (state) { - case 0: /* Invalid = in first position */ - case 1: /* Invalid = in second position */ - return (-1); - - case 2: /* Valid, means one byte of info */ - /* Skip any number of spaces. */ - for ((void)NULL; ch != '\0'; ch = *src++) - if (!isspace(ch)) - break; - /* Make sure there is another trailing = sign. */ - if (ch != Pad64) - return (-1); - ch = *src++; /* Skip the = */ - /* Fall through to "single trailing =" case. */ - /* FALLTHROUGH */ - - case 3: /* Valid, means two bytes of info */ - /* - * We know this char is an =. Is there anything but - * whitespace after it? - */ - for ((void)NULL; ch != '\0'; ch = *src++) - if (!isspace(ch)) - return (-1); - - /* - * Now make sure for cases 2 and 3 that the "extra" - * bits that slopped past the last full byte were - * zeros. If we don't check them, they become a - * subliminal channel. - */ - if (target && target[tarindex] != 0) - return (-1); - } - } else { - /* - * We ended by seeing the end of the string. Make sure we - * have no partial bytes lying around. - */ - if (state != 0) - return (-1); - } - - return (tarindex); -} diff --git a/dst/dst_api.c b/dst/dst_api.c deleted file mode 100644 index a77abd2d..00000000 --- a/dst/dst_api.c +++ /dev/null @@ -1,1108 +0,0 @@ -/* - * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. - * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC") - * Portions Copyright (c) 2012-2014 by Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THE SOFTWARE. - */ -/* - * This file contains the interface between the DST API and the crypto API. - * This is the only file that needs to be changed if the crypto system is - * changed. Exported functions are: - * void dst_init() Initialize the toolkit - * int dst_check_algorithm() Function to determines if alg is supported. - * int dst_compare_keys() Function to compare two keys for equality. - * int dst_sign_data() Incremental signing routine. - * int dst_verify_data() Incremental verify routine. - * int dst_generate_key() Function to generate new KEY - * DST_KEY *dst_read_key() Function to retrieve private/public KEY. - * void dst_write_key() Function to write out a key. - * DST_KEY *dst_dnskey_to_key() Function to convert DNS KEY RR to a DST - * KEY structure. - * int dst_key_to_dnskey() Function to return a public key in DNS - * format binary - * DST_KEY *dst_buffer_to_key() Convert a data in buffer to KEY - * int *dst_key_to_buffer() Writes out DST_KEY key material in buffer - * void dst_free_key() Releases all memory referenced by key structure - */ - -#include <stdio.h> -#include <errno.h> -#include <fcntl.h> -#include <stdlib.h> -#include <unistd.h> -#include <string.h> -#include <memory.h> -#include <ctype.h> -#include <time.h> -#include <sys/param.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <netinet/in.h> - -#include "cdefs.h" -#include "osdep.h" -#include "arpa/nameser.h" - -#include "dst_internal.h" - -/* static variables */ -static int done_init = 0; -dst_func *dst_t_func[DST_MAX_ALGS]; -const char *key_file_fmt_str = "Private-key-format: v%s\nAlgorithm: %d (%s)\n"; -const char *dst_path = ""; - -/* internal I/O functions */ -static DST_KEY *dst_s_read_public_key(const char *in_name, - const unsigned in_id, int in_alg); -static int dst_s_read_private_key_file(const char *name, DST_KEY *pk_key, - unsigned in_id, int in_alg); -static int dst_s_write_public_key(const DST_KEY *key); -static int dst_s_write_private_key(const DST_KEY *key); - -/* internal function to set up data structure */ -static DST_KEY *dst_s_get_key_struct(const char *name, const int alg, - const u_int32_t flags, const int protocol, - const int bits); - -/* - * dst_init - * This function initializes the Digital Signature Toolkit. - * Right now, it just checks the DSTKEYPATH environment variable. - * Parameters - * none - * Returns - * none - */ -void -dst_init() -{ - char *s; - unsigned len; - - if (done_init != 0) - return; - done_init = 1; - - s = getenv("DSTKEYPATH"); - if (s) { - struct stat statbuf; - - len = strlen(s); - if (len > PATH_MAX) { - EREPORT(("%s is longer than %d characters, ignoring\n", - s, PATH_MAX)); - } else if (stat(s, &statbuf) != 0 || !S_ISDIR(statbuf.st_mode)) { - EREPORT(("%s is not a valid directory\n", s)); - } else { - char *dp = (char *) malloc(len + 2); - int l; - if (dp == NULL) { - EREPORT(("malloc() failed for dp\n")); - return; - } - memcpy(dp, s, len + 1); - l = strlen (dp); - if (dp[l - 1] != '/') { - dp[l + 1] = 0; - dp[l] = '/'; - } - dst_path = dp; - } - } - memset(dst_t_func, 0, sizeof(dst_t_func)); - /* first one is selected */ -#if 0 - dst_bsafe_init(); - dst_rsaref_init(); -#endif - dst_hmac_md5_init(); -#if 0 - dst_eay_dss_init(); - dst_cylink_init(); -#endif -} - -/* - * dst_check_algorithm - * This function determines if the crypto system for the specified - * algorithm is present. - * Parameters - * alg 1 KEY_RSA - * 3 KEY_DSA - * 157 KEY_HMAC_MD5 - * future algorithms TBD and registered with IANA. - * Returns - * 1 - The algorithm is available. - * 0 - The algorithm is not available. - */ -int -dst_check_algorithm(const int alg) -{ - return (dst_t_func[alg] != NULL); -} - -/* - * dst_s_get_key_struct - * This function allocates key structure and fills in some of the - * fields of the structure. - * Parameters: - * name: the name of the key - * alg: the algorithm number - * flags: the dns flags of the key - * protocol: the dns protocol of the key - * bits: the size of the key - * Returns: - * NULL if error - * valid pointer otherwise - */ -static DST_KEY * -dst_s_get_key_struct(const char *name, const int alg, const u_int32_t flags, - const int protocol, const int bits) -{ - DST_KEY *new_key = NULL; - - if (dst_check_algorithm(alg)) /* make sure alg is available */ - new_key = (DST_KEY *) malloc(sizeof(*new_key)); - if (new_key == NULL) - return (NULL); - - memset(new_key, 0, sizeof(*new_key)); - new_key->dk_key_name = strdup(name); - if (new_key->dk_key_name == NULL) { - EREPORT(("Unable to duplicate name for key")); - free(new_key); - return (NULL); - } - new_key->dk_alg = alg; - new_key->dk_flags = flags; - new_key->dk_proto = protocol; - new_key->dk_KEY_struct = NULL; - new_key->dk_key_size = bits; - new_key->dk_func = dst_t_func[alg]; - return (new_key); -} - -/* - * dst_compare_keys - * Compares two keys for equality. - * Parameters - * key1, key2 Two keys to be compared. - * Returns - * 0 The keys are equal. - * non-zero The keys are not equal. - */ - -int -dst_compare_keys(const DST_KEY *key1, const DST_KEY *key2) -{ - if (key1 == key2) - return (0); - if (key1 == NULL || key2 == NULL) - return (4); - if (key1->dk_alg != key2->dk_alg) - return (1); - if (key1->dk_key_size != key2->dk_key_size) - return (2); - if (key1->dk_id != key2->dk_id) - return (3); - return (key1->dk_func->compare(key1, key2)); -} - - -/* - * dst_sign_data - * An incremental signing function. Data is signed in steps. - * First the context must be initialized (SIG_MODE_INIT). - * Then data is hashed (SIG_MODE_UPDATE). Finally the signature - * itself is created (SIG_MODE_FINAL). This function can be called - * once with INIT, UPDATE and FINAL modes all set, or it can be - - * called separately with a different mode set for each step. The - * UPDATE step can be repeated. - * Parameters - * mode A bit mask used to specify operation(s) to be performed. - * SIG_MODE_INIT 1 Initialize digest - * SIG_MODE_UPDATE 2 Add data to digest - * SIG_MODE_FINAL 4 Generate signature - * from signature - * SIG_MODE_ALL (SIG_MODE_INIT,SIG_MODE_UPDATE,SIG_MODE_FINAL - * data Data to be signed. - * len The length in bytes of data to be signed. - * in_key Contains a private key to sign with. - * KEY structures should be handled (created, converted, - * compared, stored, freed) by the DST. - * signature - * The location to which the signature will be written. - * sig_len Length of the signature field in bytes. - * Return - * 0 Successful INIT or Update operation - * >0 success FINAL (sign) operation - * <0 failure - */ - -int -dst_sign_data(const int mode, DST_KEY *in_key, void **context, - const u_char *data, const unsigned len, - u_char *signature, const unsigned sig_len) -{ - DUMP(data, mode, len, "dst_sign_data()"); - - if (mode & SIG_MODE_FINAL && - (in_key->dk_KEY_struct == NULL || signature == NULL)) - return (MISSING_KEY_OR_SIGNATURE); - - if (in_key->dk_func && in_key->dk_func->sign) - return (in_key->dk_func->sign(mode, in_key, context, data, len, - signature, sig_len)); - return (UNKNOWN_KEYALG); -} - - -/* - * dst_verify_data - * An incremental verify function. Data is verified in steps. - * First the context must be initialized (SIG_MODE_INIT). - * Then data is hashed (SIG_MODE_UPDATE). Finally the signature - * is verified (SIG_MODE_FINAL). This function can be called - * once with INIT, UPDATE and FINAL modes all set, or it can be - * called separately with a different mode set for each step. The - * UPDATE step can be repeated. - * Parameters - * mode Operations to perform this time. - * SIG_MODE_INIT 1 Initialize digest - * SIG_MODE_UPDATE 2 add data to digest - * SIG_MODE_FINAL 4 verify signature - * SIG_MODE_ALL - * (SIG_MODE_INIT,SIG_MODE_UPDATE,SIG_MODE_FINAL) - * data Data to pass through the hash function. - * len Length of the data in bytes. - * in_key Key for verification. - * signature Location of signature. - * sig_len Length of the signature in bytes. - * Returns - * 0 Verify success - * Non-Zero Verify Failure - */ - -int -dst_verify_data(const int mode, DST_KEY *in_key, void **context, - const u_char *data, const unsigned len, - const u_char *signature, const unsigned sig_len) -{ - DUMP(data, mode, len, "dst_verify_data()"); - if (mode & SIG_MODE_FINAL && - (in_key->dk_KEY_struct == NULL || signature == NULL)) - return (MISSING_KEY_OR_SIGNATURE); - - if (in_key->dk_func == NULL || in_key->dk_func->verify == NULL) - return (UNSUPPORTED_KEYALG); - return (in_key->dk_func->verify(mode, in_key, context, data, len, - signature, sig_len)); -} - - -/* - * dst_read_private_key - * Access a private key. First the list of private keys that have - * already been read in is searched, then the key accessed on disk. - * If the private key can be found, it is returned. If the key cannot - * be found, a null pointer is returned. The options specify required - * key characteristics. If the private key requested does not have - * these characteristics, it will not be read. - * Parameters - * in_keyname The private key name. - * in_id The id of the private key. - * options DST_FORCE_READ Read from disk - don't use a previously - * read key. - * DST_CAN_SIGN The key must be usable for signing. - * DST_NO_AUTHEN The key must be usable for authentication. - * DST_STANDARD Return any key - * Returns - * NULL If there is no key found in the current directory or - * this key has not been loaded before. - * !NULL Success - KEY structure returned. - */ - -DST_KEY * -dst_read_key(const char *in_keyname, const unsigned in_id, - const int in_alg, const int type) -{ - DST_KEY *dg_key = NULL, *pubkey = NULL; - - if (!dst_check_algorithm(in_alg)) { /* make sure alg is available */ - EREPORT(("dst_read_private_key(): Algorithm %d not supported\n", - in_alg)); - return (NULL); - } - if ((type & (DST_PUBLIC | DST_PRIVATE)) == 0) - return (NULL); - if (in_keyname == NULL) { - EREPORT(("dst_read_private_key(): Null key name passed in\n")); - return (NULL); - } - - /* before I read in the public key, check if it is allowed to sign */ - if ((pubkey = dst_s_read_public_key(in_keyname, in_id, in_alg)) == NULL) - return (NULL); - - if (type == DST_PUBLIC) - return pubkey; - - if (!(dg_key = dst_s_get_key_struct(in_keyname, pubkey->dk_alg, - pubkey->dk_flags, pubkey->dk_proto, - 0))) - return (dg_key); - /* Fill in private key and some fields in the general key structure */ - if (dst_s_read_private_key_file(in_keyname, dg_key, pubkey->dk_id, - pubkey->dk_alg) == 0) - dg_key = dst_free_key(dg_key); - - (void) dst_free_key(pubkey); - return (dg_key); -} - -int -dst_write_key(const DST_KEY *key, const int type) -{ - int pub = 0, priv = 0; - - if (key == NULL) - return (0); - if (!dst_check_algorithm(key->dk_alg)) { /* make sure alg is available */ - EREPORT(("dst_write_key(): Algorithm %d not supported\n", - key->dk_alg)); - return (UNSUPPORTED_KEYALG); - } - if ((type & (DST_PRIVATE|DST_PUBLIC)) == 0) - return (0); - - if (type & DST_PUBLIC) - if ((pub = dst_s_write_public_key(key)) < 0) - return (pub); - if (type & DST_PRIVATE) - if ((priv = dst_s_write_private_key(key)) < 0) - return (priv); - return (priv+pub); -} - -/* - * dst_write_private_key - * Write a private key to disk. The filename will be of the form: - * K<key->dk_name>+<key->dk_alg>+<key->dk_id>.<private key suffix>. - * If there is already a file with this name, an error is returned. - * - * - * Parameters - * key A DST managed key structure that contains - * all information needed about a key. - * Return - * >= 0 Correct behavior. Returns length of encoded key value - * written to disk. - * < 0 error. - */ - -static int -dst_s_write_private_key(const DST_KEY *key) -{ - u_char encoded_block[RAW_KEY_SIZE]; - char file[PATH_MAX]; - unsigned len; - FILE *fp; - - /* First encode the key into the portable key format */ - if (key == NULL) - return (-1); - if (key->dk_KEY_struct == NULL) - return (0); /* null key has no private key */ - - if (key->dk_func == NULL || key->dk_func->to_file_fmt == NULL) { - EREPORT(("dst_write_private_key(): Unsupported operation %d\n", - key->dk_alg)); - return (-5); - } else if ((len = key->dk_func->to_file_fmt(key, (char *)encoded_block, - sizeof(encoded_block))) <= 0) { - EREPORT(("dst_write_private_key(): Failed encoding private RSA bsafe key %d\n", len)); - return (-8); - } - /* Now I can create the file I want to use */ - dst_s_build_filename(file, key->dk_key_name, key->dk_id, key->dk_alg, - PRIVATE_KEY, PATH_MAX); - - /* Do not overwrite an existing file */ - if ((fp = dst_s_fopen(file, "w", 0600)) != NULL) { - int nn; - if ((nn = fwrite(encoded_block, 1, len, fp)) != len) { - EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n", - file, out_len, nn, errno)); - fclose(fp); - return (-5); - } - fclose(fp); - } else { - EREPORT(("dst_write_private_key(): Can not create file %s\n" - ,file)); - return (-6); - } - memset(encoded_block, 0, len); - return (len); -} - -/* -* - * dst_read_public_key - * Read a public key from disk and store in a DST key structure. - * Parameters - * in_name K<in_name><in_id>.<public key suffix> is the - * filename of the key file to be read. - * Returns - * NULL If the key does not exist or no name is supplied. - * NON-NULL Initialized key structure if the key exists. - */ - -static DST_KEY * -dst_s_read_public_key(const char *in_name, const unsigned in_id, int in_alg) -{ - unsigned flags, len; - int proto, alg, dlen; - int c; - char name[PATH_MAX], enckey[RAW_KEY_SIZE]; - unsigned char *notspace; - u_char deckey[RAW_KEY_SIZE]; - FILE *fp; - DST_KEY *pubkey = NULL; - - if (in_name == NULL) { - EREPORT(("dst_read_public_key(): No key name given\n")); - return (NULL); - } - if (dst_s_build_filename(name, in_name, in_id, in_alg, PUBLIC_KEY, - PATH_MAX) == -1) { - EREPORT(("dst_read_public_key(): Cannot make filename from %s, %d, and %s\n", - in_name, in_id, PUBLIC_KEY)); - return (NULL); - } - /* - * Open the file and read it's formatted contents up to key - * File format: - * domain.name [ttl] [IN] KEY <flags> <protocol> <algorithm> <key> - * flags, proto, alg stored as decimal (or hex numbers FIXME). - * (FIXME: handle parentheses for line continuation.) - */ - if ((fp = dst_s_fopen(name, "r", 0)) == NULL) { - EREPORT(("dst_read_public_key(): Public Key not found %s\n", - name)); - return (NULL); - } - /* Skip domain name, which ends at first blank */ - while ((c = getc(fp)) != EOF) - if (isspace(c)) - break; - /* Skip blank to get to next field */ - while ((c = getc(fp)) != EOF) - if (!isspace(c)) - break; - - /* Skip optional TTL -- if initial digit, skip whole word. */ - if (isdigit(c)) { - while ((c = getc(fp)) != EOF) - if (isspace(c)) - break; - while ((c = getc(fp)) != EOF) - if (!isspace(c)) - break; - } - /* Skip optional "IN" */ - if (c == 'I' || c == 'i') { - while ((c = getc(fp)) != EOF) - if (isspace(c)) - break; - while ((c = getc(fp)) != EOF) - if (!isspace(c)) - break; - } - /* Locate and skip "KEY" */ - if (c != 'K' && c != 'k') { - EREPORT(("\"KEY\" doesn't appear in file: %s", name)); - return NULL; - } - while ((c = getc(fp)) != EOF) - if (isspace(c)) - break; - while ((c = getc(fp)) != EOF) - if (!isspace(c)) - break; - ungetc(c, fp); /* return the character to the input field */ - /* Handle hex!! FIXME. */ - - if (fscanf(fp, "%d %d %d", &flags, &proto, &alg) != 3) { - EREPORT(("dst_read_public_key(): Can not read flag/proto/alg field from %s\n" - ,name)); - return (NULL); - } - /* read in the key string */ - if ((fgets(enckey, sizeof(enckey), fp) == NULL) && - (ferror(fp) != 0)) { - EREPORT(("dst_read_public_kety(): Error reading key\n")); - return (NULL); - } - - /* If we aren't at end-of-file, something is wrong. */ - while ((c = getc(fp)) != EOF) - if (!isspace(c)) - break; - if (!feof(fp)) { - EREPORT(("Key too long in file: %s", name)); - return NULL; - } - fclose(fp); - - if ((len = strlen(enckey)) <= 0) - return (NULL); - - /* discard \n */ - enckey[--len] = '\0'; - - /* remove leading spaces */ - for (notspace = (unsigned char *)enckey; isspace(*notspace); len--) - notspace++; - - dlen = b64_pton((char *)notspace, deckey, sizeof(deckey)); - if (dlen < 0) { - EREPORT(("dst_read_public_key: bad return from b64_pton = %d", - dlen)); - return (NULL); - } - - /* store key and info in a key structure that is returned */ - /* Set the key id after we create because somehow this got missed. */ - pubkey = dst_buffer_to_key(in_name, alg, flags, proto, - deckey, (unsigned)dlen); - if (pubkey) { - pubkey->dk_id = in_id; - } - - return (pubkey); -} - - -/* - * dst_write_public_key - * Write a key to disk in DNS format. - * Parameters - * key Pointer to a DST key structure. - * Returns - * 0 Failure - * 1 Success - */ - -static int -dst_s_write_public_key(const DST_KEY *key) -{ - FILE *fp; - char filename[PATH_MAX]; - u_char out_key[RAW_KEY_SIZE]; - char enc_key[RAW_KEY_SIZE]; - int len = 0; - - memset(out_key, 0, sizeof(out_key)); - if (key == NULL) { - EREPORT(("dst_write_public_key(): No key specified \n")); - return (0); - } else if ((len = dst_key_to_dnskey(key, out_key, sizeof(out_key)))< 0) - return (0); - - /* Make the filename */ - if (dst_s_build_filename(filename, key->dk_key_name, key->dk_id, - key->dk_alg, PUBLIC_KEY, PATH_MAX) == -1) { - EREPORT(("dst_write_public_key(): Cannot make filename from %s, %d, and %s\n", - key->dk_key_name, key->dk_id, PUBLIC_KEY)); - return (0); - } - /* create public key file */ - if ((fp = dst_s_fopen(filename, "w+", 0644)) == NULL) { - EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n", - filename, errno)); - return (0); - } - /*write out key first base64 the key data */ - if (key->dk_flags & DST_EXTEND_FLAG) - b64_ntop(&out_key[6], - (unsigned)(len - 6), enc_key, sizeof(enc_key)); - else - b64_ntop(&out_key[4], - (unsigned)(len - 4), enc_key, sizeof(enc_key)); - fprintf(fp, "%s IN KEY %d %d %d %s\n", - key->dk_key_name, - key->dk_flags, key->dk_proto, key->dk_alg, enc_key); - fclose(fp); - return (1); -} - - -/* - * dst_dnskey_to_public_key - * This function converts the contents of a DNS KEY RR into a DST - * key structure. - * Parameters - * len Length of the RDATA of the KEY RR RDATA - * rdata A pointer to the the KEY RR RDATA. - * in_name Key name to be stored in key structure. - * Returns - * NULL Failure - * NON-NULL Success. Pointer to key structure. - * Caller's responsibility to free() it. - */ - -DST_KEY * -dst_dnskey_to_key(const char *in_name, - const u_char *rdata, const unsigned len) -{ - DST_KEY *key_st; - int alg ; - int start = DST_KEY_START; - - if (in_name == NULL || rdata == NULL || len <= DST_KEY_ALG) /* no data */ - return (NULL); - alg = (u_int8_t) rdata[DST_KEY_ALG]; - if (!dst_check_algorithm(alg)) { /* make sure alg is available */ - EREPORT(("dst_dnskey_to_key(): Algorithm %d not supported\n", - alg)); - return (NULL); - } - if ((key_st = dst_s_get_key_struct(in_name, alg, 0, 0, 0)) == NULL) - return (NULL); - - key_st->dk_flags = dst_s_get_int16(rdata); - key_st->dk_proto = (u_int16_t) rdata[DST_KEY_PROT]; - if (key_st->dk_flags & DST_EXTEND_FLAG) { - u_int32_t ext_flags; - ext_flags = (u_int32_t) dst_s_get_int16(&rdata[DST_EXT_FLAG]); - key_st->dk_flags = key_st->dk_flags | (ext_flags << 16); - start += 2; - } - /* - * now point to the beginning of the data representing the encoding - * of the key - */ - if (key_st->dk_func && key_st->dk_func->from_dns_key) { - if (key_st->dk_func->from_dns_key(key_st, &rdata[start], - len - start) > 0) - return (key_st); - } else - EREPORT(("dst_dnskey_to_public_key(): unsupported alg %d\n", - alg)); - - SAFE_FREE(key_st); - return (key_st); -} - - -/* - * dst_public_key_to_dnskey - * Function to encode a public key into DNS KEY wire format - * Parameters - * key Key structure to encode. - * out_storage Location to write the encoded key to. - * out_len Size of the output array. - * Returns - * <0 Failure - * >=0 Number of bytes written to out_storage - */ - -int -dst_key_to_dnskey(const DST_KEY *key, u_char *out_storage, - const unsigned out_len) -{ - u_int16_t val; - int loc = 0; - int enc_len = 0; - if (key == NULL) - return (-1); - - if (!dst_check_algorithm(key->dk_alg)) { /* make sure alg is available */ - EREPORT(("dst_key_to_dnskey(): Algorithm %d not supported\n", - key->dk_alg)); - return (UNSUPPORTED_KEYALG); - } - memset(out_storage, 0, out_len); - val = (u_int16_t)(key->dk_flags & 0xffff); - out_storage[0] = (val >> 8) & 0xff; - out_storage[1] = val & 0xff; - loc += 2; - - out_storage[loc++] = (u_char) key->dk_proto; - out_storage[loc++] = (u_char) key->dk_alg; - - if (key->dk_flags > 0xffff) { /* Extended flags */ - val = (u_int16_t)((key->dk_flags >> 16) & 0xffff); - out_storage[loc] = (val >> 8) & 0xff; - out_storage[loc+1] = val & 0xff; - loc += 2; - } - if (key->dk_KEY_struct == NULL) - return (loc); - if (key->dk_func && key->dk_func->to_dns_key) { - enc_len = key->dk_func->to_dns_key(key, - (u_char *) &out_storage[loc], - out_len - loc); - if (enc_len > 0) - return (enc_len + loc); - else - return (-1); - } else - EREPORT(("dst_key_to_dnskey(): Unsupported ALG %d\n", - key->dk_alg)); - return (-1); -} - - -/* - * dst_buffer_to_key - * Function to encode a string of raw data into a DST key - * Parameters - * alg The algorithm (HMAC only) - * key A pointer to the data - * keylen The length of the data - * Returns - * NULL an error occurred - * NON-NULL the DST key - */ -DST_KEY * -dst_buffer_to_key(const char *key_name, /* name of the key */ - const int alg, /* algorithm */ - const unsigned flags, /* dns flags */ - const int protocol, /* dns protocol */ - const u_char *key_buf, /* key in dns wire fmt */ - const unsigned key_len) /* size of key */ -{ - - DST_KEY *dkey = NULL; - - if (!dst_check_algorithm(alg)) { /* make sure alg is available */ - EREPORT(("dst_buffer_to_key(): Algorithm %d not supported\n", alg)); - return (NULL); - } - - dkey = dst_s_get_key_struct(key_name, alg, flags, protocol, -1); - - if (dkey == NULL) - return (NULL); - if (dkey->dk_func != NULL && - dkey->dk_func->from_dns_key != NULL) { - if (dkey->dk_func->from_dns_key(dkey, key_buf, key_len) < 0) { - EREPORT(("dst_buffer_to_key(): dst_buffer_to_hmac failed\n")); - (void) (dst_free_key(dkey)); - return (NULL); - } - return (dkey); - } - (void) (dst_free_key(dkey)); - return (NULL); -} - -int -dst_key_to_buffer(DST_KEY *key, u_char *out_buff, unsigned buf_len) -{ - int len; - /* this function will extract the secret of HMAC into a buffer */ - if(key == NULL) - return (0); - if(key->dk_func != NULL && key->dk_func->to_dns_key != NULL) { - len = key->dk_func->to_dns_key(key, out_buff, buf_len); - if (len < 0) - return (0); - return (len); - } - return (0); -} - - -/* - * dst_s_read_private_key_file - * Function reads in private key from a file. - * Fills out the KEY structure. - * Parameters - * name Name of the key to be read. - * pk_key Structure that the key is returned in. - * in_id Key identifier (tag) - * Return - * 1 if everything works - * 0 if there is any problem - */ - -static int -dst_s_read_private_key_file(const char *name, DST_KEY *pk_key, unsigned in_id, - int in_alg) -{ - int cnt, alg, len, major, minor, file_major, file_minor; - int id; - char filename[PATH_MAX]; - u_char in_buff[RAW_KEY_SIZE + 1]; - char *p; - FILE *fp; - - if (name == NULL || pk_key == NULL) { - EREPORT(("dst_read_private_key_file(): No key name given\n")); - return (0); - } - /* Make the filename */ - if (dst_s_build_filename(filename, name, in_id, in_alg, PRIVATE_KEY, - PATH_MAX) == -1) { - EREPORT(("dst_read_private_key(): Cannot make filename from %s, %d, and %s\n", - name, in_id, PRIVATE_KEY)); - return (0); - } - /* first check if we can find the key file */ - if ((fp = dst_s_fopen(filename, "r", 0)) == NULL) { - EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n", - filename, dst_path[0] ? dst_path : - (char *) getcwd(NULL, PATH_MAX - 1))); - return (0); - } - - /* now read the header info from the file */ - if ((cnt = fread(in_buff, 1, sizeof(in_buff) - 1, fp)) < 5) { - fclose(fp); - EREPORT(("dst_s_read_private_key_file: error reading file %s (empty file)\n", - filename)); - return (0); - } - /* decrypt key */ - fclose(fp); - in_buff[cnt] = '\0'; - - if (memcmp(in_buff, "Private-key-format: v", 20) != 0) - goto fail; - len = cnt; - p = (char *)in_buff; - - if (!dst_s_verify_str((const char **) &p, "Private-key-format: v")) { - EREPORT(("dst_s_read_private_key_file(): Not a Key file/Decrypt failed %s\n", name)); - goto fail; - } - /* read in file format */ - sscanf(p, "%d.%d", &file_major, &file_minor); - sscanf(KEY_FILE_FORMAT, "%d.%d", &major, &minor); - if (file_major < 1) { - EREPORT(("dst_s_read_private_key_file(): Unknown keyfile %d.%d version for %s\n", - file_major, file_minor, name)); - goto fail; - } else if (file_major > major || file_minor > minor) - EREPORT(( - "dst_s_read_private_key_file(): Keyfile %s version higher than mine %d.%d MAY FAIL\n", - name, file_major, file_minor)); - - while (*p++ != '\n') ; /* skip to end of line */ - - if (!dst_s_verify_str((const char **) &p, "Algorithm: ")) - goto fail; - - if (sscanf(p, "%d", &alg) != 1) - goto fail; - while (*p++ != '\n') ; /* skip to end of line */ - - if (pk_key->dk_key_name && !strcmp(pk_key->dk_key_name, name)) - SAFE_FREE2(pk_key->dk_key_name, strlen(pk_key->dk_key_name)); - pk_key->dk_key_name = (char *) strdup(name); - if (pk_key->dk_key_name == NULL) { - EREPORT(("Unable to duplicate name for key")); - goto fail; - } - - /* allocate and fill in key structure */ - if (pk_key->dk_func == NULL || pk_key->dk_func->from_file_fmt == NULL) - goto fail; - - id = pk_key->dk_func->from_file_fmt(pk_key, (char *)p, - (unsigned)(&in_buff[len] - (u_char *)p)); - if (id < 0) - goto fail; - - /* Make sure the actual key tag matches the input tag used in the filename - */ - if (id != in_id) { - EREPORT(("dst_s_read_private_key_file(): actual tag of key read %d != input tag used to build filename %d.\n", id, in_id)); - goto fail; - } - pk_key->dk_id = (u_int16_t) id; - pk_key->dk_alg = alg; - memset(in_buff, 0, (unsigned)cnt); - return (1); - - fail: - memset(in_buff, 0, (unsigned)cnt); - return (0); -} - - -/* - * dst_generate_key - * Generate and store a public/private keypair. - * Keys will be stored in formatted files. - * Parameters - * name Name of the new key. Used to create key files - * K<name>+<alg>+<id>.public and K<name>+<alg>+<id>.private. - * bits Size of the new key in bits. - * exp What exponent to use: - * 0 use exponent 3 - * non-zero use Fermant4 - * flags The default value of the DNS Key flags. - * The DNS Key RR Flag field is defined in RFC 2065, - * section 3.3. The field has 16 bits. - * protocol - * Default value of the DNS Key protocol field. - * The DNS Key protocol field is defined in RFC 2065, - * section 3.4. The field has 8 bits. - * alg What algorithm to use. Currently defined: - * KEY_RSA 1 - * KEY_DSA 3 - * KEY_HMAC 157 - * out_id The key tag is returned. - * - * Return - * NULL Failure - * non-NULL the generated key pair - * Caller frees the result, and its dk_name pointer. - */ -DST_KEY * -dst_generate_key(const char *name, const int bits, const int exp, - const unsigned flags, const int protocol, const int alg) -{ - DST_KEY *new_key = NULL; - int res; - if (name == NULL) - return (NULL); - - if (!dst_check_algorithm(alg)) { /* make sure alg is available */ - EREPORT(("dst_generate_key(): Algorithm %d not supported\n", alg)); - return (NULL); - } - - new_key = dst_s_get_key_struct(name, alg, flags, protocol, bits); - if (new_key == NULL) - return (NULL); - if (bits == 0) /* null key we are done */ - return (new_key); - if (new_key->dk_func == NULL || new_key->dk_func->generate == NULL) { - EREPORT(("dst_generate_key_pair():Unsupported algorithm %d\n", - alg)); - return (dst_free_key(new_key)); - } - if ((res = new_key->dk_func->generate(new_key, exp)) <= 0) { - EREPORT(("dst_generate_key_pair(): Key generation failure %s %d %d %d\n", - new_key->dk_key_name, new_key->dk_alg, - new_key->dk_key_size, exp)); - return (dst_free_key(new_key)); - } - return (new_key); -} - - -/* - * dst_free_key - * Release all data structures pointed to by a key structure. - * Parameters - * f_key Key structure to be freed. - */ - -DST_KEY * -dst_free_key(DST_KEY *f_key) -{ - - if (f_key == NULL) - return (f_key); - if (f_key->dk_func && f_key->dk_func->destroy) - f_key->dk_KEY_struct = - f_key->dk_func->destroy(f_key->dk_KEY_struct); - else { - EREPORT(("dst_free_key(): Unknown key alg %d\n", - f_key->dk_alg)); - } - if (f_key->dk_KEY_struct) { - /* - * We can't used SAFE_FREE* here as we do not know the size - * of the structure, so no way to zero it. - */ - free(f_key->dk_KEY_struct); - f_key->dk_KEY_struct = NULL; - } - if (f_key->dk_key_name) - SAFE_FREE(f_key->dk_key_name); - SAFE_FREE(f_key); - return (NULL); -} - -/* - * dst_sig_size - * Return the maximum size of signature from the key specified in bytes - * Parameters - * key - * Returns - * bytes - */ -int -dst_sig_size(DST_KEY *key) { - switch (key->dk_alg) { - case KEY_HMAC_MD5: - return (16); - case KEY_HMAC_SHA1: - return (20); - case KEY_RSA: - return (key->dk_key_size + 7) / 8; - case KEY_DSA: - return (40); - default: - EREPORT(("dst_sig_size(): Unknown key alg %d\n", key->dk_alg)); - return -1; - } -} - -/* - * dst_random - * function that multiplexes number of random number generators - * Parameters - * mode: select the random number generator - * wanted is how many bytes of random data are requested - * outran is a buffer of size at least wanted for the output data - * - * Returns - * number of bytes written to outran - */ -int -dst_random(const int mode, unsigned wanted, u_char *outran) -{ - if (wanted <= 0 || outran == NULL) - return (0); - - switch (mode) { - case DST_RAND_SEMI: { - u_int32_t *op = (u_int32_t *)outran; - int i; - for (i = 0; i < wanted; i+= sizeof(u_int32_t), op++) { - *op = dst_s_quick_random(i); - } - - return (wanted); - } - case DST_RAND_STD: - return (dst_s_semi_random(outran, wanted)); - case DST_RAND_KEY: - return (dst_s_random(outran, wanted)); - case DST_RAND_DSS: - default: - /* need error case here XXX OG */ - return (0); - } -} diff --git a/dst/dst_internal.h b/dst/dst_internal.h deleted file mode 100644 index 4ee97724..00000000 --- a/dst/dst_internal.h +++ /dev/null @@ -1,171 +0,0 @@ -#ifndef DST_INTERNAL_H -#define DST_INTERNAL_H - -/* - * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. - * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THE SOFTWARE. - */ -#include <limits.h> -#include <sys/param.h> - -#ifndef PATH_MAX -# ifdef POSIX_PATH_MAX -# define PATH_MAX POSIX_PATH_MAX -# else -# define PATH_MAX 255 /* this is the value of POSIX_PATH_MAX */ -# endif -#endif - -typedef struct dst_key { - char *dk_key_name; /* name of the key */ - int dk_key_size; /* this is the size of the key in bits */ - int dk_proto; /* what protocols this key can be used for */ - int dk_alg; /* algorithm number from key record */ - unsigned dk_flags; /* and the flags of the public key */ - unsigned dk_id; /* identifier of the key */ - void *dk_KEY_struct; /* pointer to key in crypto pkg fmt */ - struct dst_func *dk_func; /* point to crypto pgk specific function table */ -} DST_KEY; -#define HAS_DST_KEY - -#include <isc-dhcp/dst.h> -/* - * define what crypto systems are supported for RSA, - * BSAFE is preferred over RSAREF; only one can be set at any time - */ -#if defined(BSAFE) && defined(RSAREF) -# error "Cannot have both BSAFE and RSAREF defined" -#endif - -/* Declare dst_lib specific constants */ -#define KEY_FILE_FORMAT "1.2" - -/* suffixes for key file names */ -#define PRIVATE_KEY "private" -#define PUBLIC_KEY "key" - -/* error handling */ -#ifdef REPORT_ERRORS -#define EREPORT(str) printf str -#else -#define EREPORT(str) -#endif - -/* use our own special macro to FRRE memory */ - -#ifndef SAFE_FREE -#define SAFE_FREE(a) if(a != NULL){memset(a,0, sizeof(*a)); free(a); a=NULL;} -#define SAFE_FREE2(a,s) if (a != NULL && s > 0){memset(a,0, s);free(a); a=NULL;} -#endif - -typedef struct dst_func { - int (*sign)(const int mode, DST_KEY *key, void **context, - const u_int8_t *data, const unsigned len, - u_int8_t *signature, const unsigned sig_len); - int (*verify)(const int mode, DST_KEY *key, void **context, - const u_int8_t *data, const unsigned len, - const u_int8_t *signature, const unsigned sig_len); - int (*compare)(const DST_KEY *key1, const DST_KEY *key2); - int (*generate)(DST_KEY *key, int parms); - void *(*destroy)(void *key); - /* conversion functions */ - int (*to_dns_key)(const DST_KEY *key, u_int8_t *out, - const unsigned out_len); - int (*from_dns_key)(DST_KEY *key, const u_int8_t *str, - const unsigned str_len); - int (*to_file_fmt)(const DST_KEY *key, char *out, - const unsigned out_len); - int (*from_file_fmt)(DST_KEY *key, const char *out, - const unsigned out_len); - -} dst_func; - -extern dst_func *dst_t_func[DST_MAX_ALGS]; -extern const char *key_file_fmt_str; -extern const char *dst_path; - -#ifndef DST_HASH_SIZE -#define DST_HASH_SIZE 20 /* RIPEMD160 and SHA-1 are 20 bytes MD5 is 16 */ -#endif - -#if 0 -int dst_bsafe_init(void); -int dst_rsaref_init(void); -#endif - -int dst_hmac_md5_init(void); - -#if 0 -int dst_cylink_init(void); -int dst_eay_dss_init(void); -#endif - -/* support functions */ -/* base64 to bignum conversion routines */ -int dst_s_conv_bignum_u8_to_b64( char *out_buf, const unsigned out_len, - const char *header, - const u_int8_t *bin_data, - const unsigned bin_len); -int dst_s_conv_bignum_b64_to_u8( const char **buf, u_int8_t *loc, - const unsigned loclen) ; -/* from higher level support routines */ -int dst_s_calculate_bits( const u_int8_t *str, const int max_bits); -int dst_s_verify_str( const char **buf, const char *str); - - -/* conversion between dns names and key file names */ -size_t dst_s_filename_length( const char *name, const char *suffix); -int dst_s_build_filename( char *filename, const char *name, - unsigned id, int alg, const char *suffix, - size_t filename_length); - -FILE *dst_s_fopen (const char *filename, const char *mode, unsigned perm); - -/* from file prandom.c */ -int dst_s_random( u_int8_t *output, unsigned size); -int dst_s_semi_random( u_int8_t *output, unsigned size); -u_int32_t dst_s_quick_random( int inc); -void dst_s_quick_random_set( u_int32_t val, u_int32_t cnt); - -/* - * read and write network byte order into u_int?_t - * all of these should be retired - */ -u_int16_t dst_s_get_int16( const u_int8_t *buf); -void dst_s_put_int16( u_int8_t *buf, const u_int16_t val); - -u_int32_t dst_s_get_int32( const u_int8_t *buf); -void dst_s_put_int32( u_int8_t *buf, const u_int32_t val); - -#ifdef DUMP -# undef DUMP -# define DUMP(a,b,c,d) dst_s_dump(a,b,c,d) -#else -# define DUMP(a,b,c,d) -#endif - -#if defined (MINIRES_LIB) -#define b64_pton MRb64_pton -#define b64_ntop MRb64_ntop - -int b64_pton (char const *, unsigned char *, size_t); -int b64_ntop (unsigned char const *, size_t, char *, size_t); - -#define USE_MD5 -#endif - - -#endif /* DST_INTERNAL_H */ diff --git a/dst/dst_support.c b/dst/dst_support.c deleted file mode 100644 index 8e08a0c0..00000000 --- a/dst/dst_support.c +++ /dev/null @@ -1,470 +0,0 @@ -/* - * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. - * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC") - * Portions Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THE SOFTWARE. - */ - -#include <stdio.h> -#include <unistd.h> -#include <memory.h> -#include <string.h> -#include <errno.h> -#include <sys/stat.h> -#include <netinet/in.h> -#include <sys/socket.h> - -#include "cdefs.h" -#include "osdep.h" -#include "arpa/nameser.h" - -#include "dst_internal.h" - -/* - * dst_s_conv_bignum_u8_to_b64 - * This function converts binary data stored as a u_char[] to a - * base-64 string. Leading zeroes are discarded. If a header is - * supplied, it is prefixed to the input prior to encoding. The - * output is \n\0 terminated (the \0 is not included in output length). - * Parameters - * out_buf binary data to convert - * header character string to prefix to the output (label) - * bin_data binary data - * bin_len size of binary data - * Return - * -1 not enough space in output work area - * 0 no output - * >0 number of bytes written to output work area - */ - -int -dst_s_conv_bignum_u8_to_b64(char *out_buf, const unsigned out_len, - const char *header, const u_char *bin_data, - const unsigned bin_len) -{ - const u_char *bp = bin_data; - char *op = out_buf; - int res = 0; - unsigned lenh = 0, len64 = 0; - unsigned local_in_len = bin_len; - unsigned local_out_len = out_len; - - if (bin_data == NULL) /* no data no */ - return (0); - - if (out_buf == NULL || out_len <= 0) /* no output_work area */ - return (-1); - - /* suppress leading \0 */ - for (; (*bp == 0x0) && (local_in_len > 0); local_in_len--) - bp++; - - if (header) { /* add header to output string */ - lenh = strlen(header); - if (lenh < out_len) - memcpy(op, header, lenh); - else - return (-1); - local_out_len -= lenh; - op += lenh; - } - res = b64_ntop(bp, local_in_len, op, local_out_len - 2); - if (res < 0) - return (-1); - len64 = (unsigned) res; - op += len64++; - *(op++) = '\n'; /* put CR in the output */ - *op = '\0'; /* make sure output is 0 terminated */ - return (lenh + len64); -} - - -/* - * dst_s_verify_str() - * Validate that the input string(*str) is at the head of the input - * buffer(**buf). If so, move the buffer head pointer (*buf) to - * the first byte of data following the string(*str). - * Parameters - * buf Input buffer. - * str Input string. - * Return - * 0 *str is not the head of **buff - * 1 *str is the head of **buff, *buf is is advanced to - * the tail of **buf. - */ - -int -dst_s_verify_str(const char **buf, const char *str) -{ - unsigned b, s; - if (*buf == NULL) /* error checks */ - return (0); - if (str == NULL || *str == '\0') - return (1); - - b = strlen(*buf); /* get length of strings */ - s = strlen(str); - if (s > b || strncmp(*buf, str, s)) /* check if same */ - return (0); /* not a match */ - (*buf) += s; /* advance pointer */ - return (1); -} - - -/* - * dst_s_conv_bignum_b64_to_u8 - * Read a line of base-64 encoded string from the input buffer, - * convert it to binary, and store it in an output area. The - * input buffer is read until reaching a newline marker or the - * end of the buffer. The binary data is stored in the last X - * number of bytes of the output area where X is the size of the - * binary output. If the operation is successful, the input buffer - * pointer is advanced. This procedure does not do network to host - * byte order conversion. - * Parameters - * buf Pointer to encoded input string. Pointer is updated if - * function is successful. - * loc Output area. - * loclen Size in bytes of output area. - * Return - * >0 Return = number of bytes of binary data stored in loc. - * 0 Failure. - */ - -int -dst_s_conv_bignum_b64_to_u8(const char **buf, - u_char *loc, const unsigned loclen) -{ - unsigned blen; - char *bp; - u_char bstr[RAW_KEY_SIZE]; - int res = 0; - - if (buf == NULL || *buf == NULL) { /* error checks */ - EREPORT(("dst_s_conv_bignum_b64_to_u8: null input buffer.\n")); - return (0); - } - bp = strchr(*buf, '\n'); /* find length of input line */ - if (bp != NULL) - *bp = '\0'; - - res = b64_pton(*buf, bstr, sizeof(bstr)); - if (res <= 0) { - EREPORT(("dst_s_conv_bignum_b64_to_u8: decoded value is null.\n")); - return (0); - } - blen = (unsigned) res; - if (loclen < blen) { - EREPORT(("dst_s_conv_bignum_b64_to_u8: decoded value is longer than output buffer.\n")); - return (0); - } - if (bp) - *buf = bp; /* advancing buffer past \n */ - memset(loc, 0, loclen - blen); /* clearing unused output area */ - memcpy(loc + loclen - blen, bstr, blen); /* write last blen bytes */ - return (blen); -} - - -/* - * dst_s_calculate_bits - * Given a binary number represented in a u_char[], determine - * the number of significant bits used. - * Parameters - * str An input character string containing a binary number. - * max_bits The maximum possible significant bits. - * Return - * N The number of significant bits in str. - */ - -int -dst_s_calculate_bits(const u_char *str, const int max_bits) -{ - const u_char *p = str; - u_char i, j = 0x80; - int bits; - for (bits = max_bits; *p == 0x00 && bits > 0; p++) - bits -= 8; - for (i = *p; (i & j) != j; j >>= 1) - bits--; - return (bits); -} - - -/* - * calculates a checksum used in kmt for a id. - * takes an array of bytes and a length. - * returns a 16 bit checksum. - */ -u_int16_t -dst_s_id_calc(const u_char *key, const unsigned keysize) -{ - u_int32_t ac; - const u_char *kp = key; - unsigned size = keysize; - - if (!key) - return 0; - - for (ac = 0; size > 1; size -= 2, kp += 2) - ac += ((*kp) << 8) + *(kp + 1); - - if (size > 0) - ac += ((*kp) << 8); - ac += (ac >> 16) & 0xffff; - - return (ac & 0xffff); -} - -/* - * dst_s_dns_key_id() Function to calculated DNSSEC footprint from KEY record - * rdata (all of record) - * Input: - * dns_key_rdata: the raw data in wire format - * rdata_len: the size of the input data - * Output: - * the key footprint/id calculated from the key data - */ -u_int16_t -dst_s_dns_key_id(const u_char *dns_key_rdata, const unsigned rdata_len) -{ - unsigned key_data = 4; - - if (!dns_key_rdata || (rdata_len < key_data)) - return 0; - - /* check the extended parameters bit in the DNS Key RR flags */ - if (dst_s_get_int16(dns_key_rdata) & DST_EXTEND_FLAG) - key_data += 2; - - /* compute id */ - if (dns_key_rdata[3] == KEY_RSA) /* Algorithm RSA */ - return dst_s_get_int16((const u_char *) - &dns_key_rdata[rdata_len - 3]); - else - /* compute a checksum on the key part of the key rr */ - return dst_s_id_calc(&dns_key_rdata[key_data], - (rdata_len - key_data)); -} - -/* - * dst_s_get_int16 - * This routine extracts a 16 bit integer from a two byte character - * string. The character string is assumed to be in network byte - * order and may be unaligned. The number returned is in host order. - * Parameter - * buf A two byte character string. - * Return - * The converted integer value. - */ - -u_int16_t -dst_s_get_int16(const u_char *buf) -{ - register u_int16_t a = 0; - a = ((u_int16_t)(buf[0] << 8)) | ((u_int16_t)(buf[1])); - return (a); -} - - -/* - * dst_s_get_int32 - * This routine extracts a 32 bit integer from a four byte character - * string. The character string is assumed to be in network byte - * order and may be unaligned. The number returned is in host order. - * Parameter - * buf A four byte character string. - * Return - * The converted integer value. - */ - -u_int32_t -dst_s_get_int32(const u_char *buf) -{ - register u_int32_t a = 0; - a = ((u_int32_t)(buf[0] << 24)) | ((u_int32_t)(buf[1] << 16)) | - ((u_int32_t)(buf[2] << 8)) | ((u_int32_t)(buf[3])); - return (a); -} - - -/* - * dst_s_put_int16 - * Take a 16 bit integer and store the value in a two byte - * character string. The integer is assumed to be in network - * order and the string is returned in host order. - * - * Parameters - * buf Storage for a two byte character string. - * val 16 bit integer. - */ - -void -dst_s_put_int16(u_int8_t *buf, const u_int16_t val) -{ - buf[0] = (u_int8_t)(val >> 8); - buf[1] = (u_int8_t)(val); -} - - -/* - * dst_s_put_int32 - * Take a 32 bit integer and store the value in a four byte - * character string. The integer is assumed to be in network - * order and the string is returned in host order. - * - * Parameters - * buf Storage for a four byte character string. - * val 32 bit integer. - */ - -void -dst_s_put_int32(u_int8_t *buf, const u_int32_t val) -{ - buf[0] = (u_int8_t)(val >> 24); - buf[1] = (u_int8_t)(val >> 16); - buf[2] = (u_int8_t)(val >> 8); - buf[3] = (u_int8_t)(val); -} - - -/* - * dst_s_filename_length - * - * This function returns the number of bytes needed to hold the - * filename for a key file. '/', '\' and ':' are not allowed. - * form: K<keyname>+<alg>+<id>.<suffix> - * - * Returns 0 if the filename would contain either '\', '/' or ':' - */ -size_t -dst_s_filename_length(const char *name, const char *suffix) -{ - if (name == NULL) - return (0); - if (strrchr(name, '\\')) - return (0); - if (strrchr(name, '/')) - return (0); - if (strrchr(name, ':')) - return (0); - if (suffix == NULL) - return (0); - if (strrchr(suffix, '\\')) - return (0); - if (strrchr(suffix, '/')) - return (0); - if (strrchr(suffix, ':')) - return (0); - return (1 + strlen(name) + 6 + strlen(suffix)); -} - - -/* - * dst_s_build_filename () - * Builds a key filename from the key name, it's id, and a - * suffix. '\', '/' and ':' are not allowed. fA filename is of the - * form: K<keyname><id>.<suffix> - * form: K<keyname>+<alg>+<id>.<suffix> - * - * Returns -1 if the conversion fails: - * if the filename would be too long for space allotted - * if the filename would contain a '\', '/' or ':' - * Returns 0 on success - */ - -int -dst_s_build_filename(char *filename, const char *name, unsigned id, - int alg, const char *suffix, size_t filename_length) -{ - unsigned my_id; - if (filename == NULL) - return (-1); - memset(filename, 0, filename_length); - if (name == NULL) - return (-1); - if (suffix == NULL) - return (-1); - if (filename_length < 1 + strlen(name) + 4 + 6 + 1 + strlen(suffix)) - return (-1); - my_id = id; - sprintf(filename, "K%s+%03d+%05d.%s", name, alg, my_id, - (const char *) suffix); - if (strrchr(filename, '/')) - return (-1); - if (strrchr(filename, '\\')) - return (-1); - if (strrchr(filename, ':')) - return (-1); - return (0); -} - -/* - * dst_s_fopen () - * Open a file in the dst_path directory. If perm is specified, the - * file is checked for existence first, and not opened if it exists. - * Parameters - * filename File to open - * mode Mode to open the file (passed directly to fopen) - * perm File permission, if creating a new file. - * Returns - * NULL Failure - * NON-NULL (FILE *) of opened file. - */ -FILE * -dst_s_fopen(const char *filename, const char *mode, unsigned perm) -{ - FILE *fp; - char pathname[PATH_MAX]; - - /* Make sure the length is ok before we try to build it. */ - if ((strlen(dst_path) + strlen(filename)) > PATH_MAX - 1) { - /* set errno in case anyone bothers to look */ - errno = ENAMETOOLONG; - return (NULL); - } - - /* dst_path if not empty has a terminating "/" already */ - strcpy(pathname, dst_path); - strcpy(pathname + strlen(pathname), filename); - - fp = fopen(pathname, mode); - if ((fp != NULL) && (perm != 0)) { - if (chmod(pathname, perm) < 0) { - fclose(fp); - return (NULL); - } - } - - return (fp); -} - -#if 0 -void -dst_s_dump(const int mode, const u_char *data, const int size, - const char *msg) -{ - if (size > 0) { -#ifdef LONG_TEST - static u_char scratch[1000]; - int n ; - n = b64_ntop(data, scratch, size, sizeof(scratch)); - printf("%s: %x %d %s\n", msg, mode, n, scratch); -#else - printf("%s,%x %d\n", msg, mode, size); -#endif - } -} -#endif diff --git a/dst/hmac_link.c b/dst/hmac_link.c deleted file mode 100644 index b812c1cc..00000000 --- a/dst/hmac_link.c +++ /dev/null @@ -1,503 +0,0 @@ -#ifdef HMAC_MD5 -/* - * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. - * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC") - * Portions Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THE SOFTWARE. - */ - -/* - * This file contains an implementation of the HMAC-MD5 algorithm. - */ - -#include <stdio.h> -#include <unistd.h> -#include <stdlib.h> -#include <string.h> -#include <memory.h> -#include <sys/param.h> -#include <sys/time.h> -#include <netinet/in.h> -#include <sys/socket.h> - -#include "cdefs.h" -#include "osdep.h" -#include "arpa/nameser.h" - -#include "dst_internal.h" - -#ifdef USE_MD5 -# include "md5.h" -# ifndef _MD5_H_ -# define _MD5_H_ 1 /* make sure we do not include rsaref md5.h file */ -# endif -#endif - -#define HMAC_LEN 64 -#define HMAC_IPAD 0x36 -#define HMAC_OPAD 0x5c -#define MD5_LEN 16 - - -typedef struct hmackey { - u_char hk_ipad[64], hk_opad[64]; -} HMAC_Key; - - -/************************************************************************** - * dst_hmac_md5_sign - * Call HMAC signing functions to sign a block of data. - * There are three steps to signing, INIT (initialize structures), - * UPDATE (hash (more) data), FINAL (generate a signature). This - * routine performs one or more of these steps. - * Parameters - * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL. - * priv_key key to use for signing. - * context the context to be used in this digest - * data data to be signed. - * len length in bytes of data. - * signature location to store signature. - * sig_len size of the signature location - * returns - * N Success on SIG_MODE_FINAL = returns signature length in bytes - * 0 Success on SIG_MODE_INIT and UPDATE - * <0 Failure - */ - -static int -dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context, - const u_char *data, const unsigned len, - u_char *signature, const unsigned sig_len) -{ - HMAC_Key *key; - int sign_len = 0; - MD5_CTX *ctx = NULL; - - if (d_key == NULL || d_key->dk_KEY_struct == NULL) - return (-1); - key = (HMAC_Key *) d_key->dk_KEY_struct; - - if (mode & SIG_MODE_INIT) - ctx = (MD5_CTX *) malloc(sizeof(*ctx)); - else if (context) - ctx = (MD5_CTX *) *context; - if (ctx == NULL) - return (-1); - - if (mode & SIG_MODE_INIT) { - MD5Init(ctx); - MD5Update(ctx, key->hk_ipad, HMAC_LEN); - } - - if ((mode & SIG_MODE_UPDATE) && (data && len > 0)) - MD5Update(ctx, (const unsigned char *)data, len); - - if (mode & SIG_MODE_FINAL) { - if (signature == NULL || sig_len < MD5_LEN) - return (SIGN_FINAL_FAILURE); - MD5Final(signature, ctx); - - /* perform outer MD5 */ - MD5Init(ctx); - MD5Update(ctx, key->hk_opad, HMAC_LEN); - MD5Update(ctx, signature, MD5_LEN); - MD5Final(signature, ctx); - sign_len = MD5_LEN; - SAFE_FREE(ctx); - } - else { - if (context == NULL) - return (-1); - *context = (void *) ctx; - } - return (sign_len); -} - - -/************************************************************************** - * dst_hmac_md5_verify() - * Calls HMAC verification routines. There are three steps to - * verification, INIT (initialize structures), UPDATE (hash (more) data), - * FINAL (generate a signature). This routine performs one or more of - * these steps. - * Parameters - * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL. - * dkey key to use for verify. - * data data signed. - * len length in bytes of data. - * signature signature. - * sig_len length in bytes of signature. - * returns - * 0 Success - * <0 Failure - */ - -static int -dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context, - const u_char *data, const unsigned len, - const u_char *signature, const unsigned sig_len) -{ - HMAC_Key *key; - MD5_CTX *ctx = NULL; - - if (d_key == NULL || d_key->dk_KEY_struct == NULL) - return (-1); - key = (HMAC_Key *) d_key->dk_KEY_struct; - - if (mode & SIG_MODE_INIT) - ctx = (MD5_CTX *) malloc(sizeof(*ctx)); - else if (context) - ctx = (MD5_CTX *) *context; - if (ctx == NULL) - return (-1); - - if (mode & SIG_MODE_INIT) { - MD5Init(ctx); - MD5Update(ctx, key->hk_ipad, HMAC_LEN); - } - if ((mode & SIG_MODE_UPDATE) && (data && len > 0)) - MD5Update(ctx, (const unsigned char *)data, len); - - if (mode & SIG_MODE_FINAL) { - u_char digest[MD5_LEN]; - if (signature == NULL || key == NULL || sig_len != MD5_LEN) - return (VERIFY_FINAL_FAILURE); - MD5Final(digest, ctx); - - /* perform outer MD5 */ - MD5Init(ctx); - MD5Update(ctx, key->hk_opad, HMAC_LEN); - MD5Update(ctx, digest, MD5_LEN); - MD5Final(digest, ctx); - - SAFE_FREE(ctx); - if (memcmp(digest, signature, MD5_LEN) != 0) - return (VERIFY_FINAL_FAILURE); - } - else { - if (context == NULL) - return (-1); - *context = (void *) ctx; - } - return (0); -} - - -/************************************************************************** - * dst_buffer_to_hmac_md5 - * Converts key from raw data to an HMAC Key - * This function gets in a pointer to the data - * Parameters - * hkey the HMAC key to be filled in - * key the key in raw format - * keylen the length of the key - * Return - * 0 Success - * <0 Failure - */ -static int -dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const unsigned keylen) -{ - int i; - HMAC_Key *hkey = NULL; - MD5_CTX ctx; - unsigned local_keylen = keylen; - u_char tk[MD5_LEN]; - - /* Do we need to check if keylen == 0? The original - * code didn't, so we don't currently */ - if (dkey == NULL || key == NULL) - return (-1); - - if ((hkey = (HMAC_Key *) malloc(sizeof(HMAC_Key))) == NULL) - return (-2); - - memset(hkey->hk_ipad, 0, sizeof(hkey->hk_ipad)); - memset(hkey->hk_opad, 0, sizeof(hkey->hk_opad)); - - /* if key is longer than HMAC_LEN bytes reset it to key=MD5(key) */ - if (keylen > HMAC_LEN) { - memset(tk, 0, sizeof(tk)); - MD5Init(&ctx); - MD5Update(&ctx, (const unsigned char *)key, keylen); - MD5Final(tk, &ctx); - memset((void *) &ctx, 0, sizeof(ctx)); - key = tk; - local_keylen = MD5_LEN; - } - /* start out by storing key in pads */ - memcpy(hkey->hk_ipad, key, local_keylen); - memcpy(hkey->hk_opad, key, local_keylen); - - /* XOR key with hk_ipad and opad values */ - for (i = 0; i < HMAC_LEN; i++) { - hkey->hk_ipad[i] ^= HMAC_IPAD; - hkey->hk_opad[i] ^= HMAC_OPAD; - } - dkey->dk_key_size = local_keylen; - dkey->dk_KEY_struct = (void *) hkey; - return (1); -} - - -/************************************************************************** - * dst_hmac_md5_key_to_file_format - * Encodes an HMAC Key into the portable file format. - * Parameters - * hkey HMAC KEY structure - * buff output buffer - * buff_len size of output buffer - * Return - * 0 Failure - null input hkey - * -1 Failure - not enough space in output area - * N Success - Length of data returned in buff - */ - -static int -dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff, - const unsigned buff_len) -{ - char *bp; - int i, res; - unsigned len, b_len, key_len; - u_char key[HMAC_LEN]; - HMAC_Key *hkey; - - if (dkey == NULL || dkey->dk_KEY_struct == NULL) - return (0); - if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str)) - return (-1); /* no OR not enough space in output area */ - - hkey = (HMAC_Key *) dkey->dk_KEY_struct; - memset(buff, 0, buff_len); /* just in case */ - /* write file header */ - sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC"); - - bp = (char *) strchr(buff, '\0'); - b_len = buff_len - (bp - buff); - - memset(key, 0, HMAC_LEN); - for (i = 0; i < HMAC_LEN; i++) - key[i] = hkey->hk_ipad[i] ^ HMAC_IPAD; - for (i = HMAC_LEN - 1; i >= 0; i--) - if (key[i] != 0) - break; - key_len = i + 1; - - strcat(bp, "Key: "); - bp += strlen("Key: "); - b_len = buff_len - (bp - buff); - - res = b64_ntop(key, key_len, bp, b_len); - if (res < 0) - return (-1); - len = (unsigned) res; - bp += len; - *(bp++) = '\n'; - *bp = '\0'; - b_len = buff_len - (bp - buff); - - return (buff_len - b_len); -} - - -/************************************************************************** - * dst_hmac_md5_key_from_file_format - * Converts contents of a key file into an HMAC key. - * Parameters - * hkey structure to put key into - * buff buffer containing the encoded key - * buff_len the length of the buffer - * Return - * n >= 0 Foot print of the key converted - * n < 0 Error in conversion - */ - -static int -dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff, - const unsigned buff_len) -{ - const char *p = buff, *eol; - u_char key[HMAC_LEN+1]; /* b64_pton needs more than 64 bytes do decode - * it should probably be fixed rather than doing - * this - */ - u_char *tmp; - unsigned key_len, len; - - if (dkey == NULL) - return (-2); - if (buff == NULL) - return (-1); - - memset(key, 0, sizeof(key)); - - if (!dst_s_verify_str(&p, "Key: ")) - return (-3); - - eol = strchr(p, '\n'); - if (eol == NULL) - return (-4); - len = eol - p; - tmp = malloc(len + 2); - if (tmp == NULL) - return (-5); - - memcpy(tmp, p, len); - *(tmp + len) = 0x0; - key_len = b64_pton((char *)tmp, key, HMAC_LEN+1); /* see above */ - SAFE_FREE2(tmp, len + 2); - - if (dst_buffer_to_hmac_md5(dkey, key, key_len) < 0) { - return (-6); - } - return (0); -} - -/* - * dst_hmac_md5_to_dns_key() - * function to extract hmac key from DST_KEY structure - * input: - * in_key: HMAC-MD5 key - * output: - * out_str: buffer to write ot - * out_len: size of output buffer - * returns: - * number of bytes written to output buffer - */ -static int -dst_hmac_md5_to_dns_key(const DST_KEY *in_key, u_char *out_str, - const unsigned out_len) -{ - - HMAC_Key *hkey; - int i; - - if (in_key == NULL || in_key->dk_KEY_struct == NULL || - out_len <= in_key->dk_key_size || out_str == NULL) - return (-1); - - hkey = (HMAC_Key *) in_key->dk_KEY_struct; - for (i = 0; i < in_key->dk_key_size; i++) - out_str[i] = hkey->hk_ipad[i] ^ HMAC_IPAD; - return (i); -} - -/************************************************************************** - * dst_hmac_md5_compare_keys - * Compare two keys for equality. - * Return - * 0 The keys are equal - * NON-ZERO The keys are not equal - */ - -static int -dst_hmac_md5_compare_keys(const DST_KEY *key1, const DST_KEY *key2) -{ - HMAC_Key *hkey1 = (HMAC_Key *) key1->dk_KEY_struct; - HMAC_Key *hkey2 = (HMAC_Key *) key2->dk_KEY_struct; - return memcmp(hkey1->hk_ipad, hkey2->hk_ipad, HMAC_LEN); -} - -/************************************************************************** - * dst_hmac_md5_free_key_structure - * Frees all (none) dynamically allocated structures in hkey - */ - -static void * -dst_hmac_md5_free_key_structure(void *key) -{ - HMAC_Key *hkey = key; - SAFE_FREE(hkey); - return (NULL); -} - - -/*************************************************************************** - * dst_hmac_md5_generate_key - * Creates a HMAC key of size size with a maximum size of 63 bytes - * generating a HMAC key larger than 63 bytes makes no sense as that key - * is digested before use. - */ - -static int -dst_hmac_md5_generate_key(DST_KEY *key, const int nothing) -{ - u_char *buff; - int n; - unsigned size, len; - - if (key == NULL || key->dk_alg != KEY_HMAC_MD5) - return (0); - size = (key->dk_key_size + 7) / 8; /* convert to bytes */ - if (size <= 0) - return(0); - - len = size > 64 ? 64 : size; - buff = malloc(len+8); - if (buff == NULL) - return (-1); - - n = dst_random(DST_RAND_SEMI, len, buff); - n += dst_random(DST_RAND_KEY, len, buff); - if (n <= len) { /* failed getting anything */ - SAFE_FREE2(buff, len); - return (-1); - } - n = dst_buffer_to_hmac_md5(key, buff, len); - SAFE_FREE2(buff, len); - if (n <= 0) - return (n); - return (1); -} - -/* - * dst_hmac_md5_init() Function to answer set up function pointers for HMAC - * related functions - */ -int -dst_hmac_md5_init() -{ - if (dst_t_func[KEY_HMAC_MD5] != NULL) - return (1); - dst_t_func[KEY_HMAC_MD5] = malloc(sizeof(struct dst_func)); - if (dst_t_func[KEY_HMAC_MD5] == NULL) - return (0); - memset(dst_t_func[KEY_HMAC_MD5], 0, sizeof(struct dst_func)); - dst_t_func[KEY_HMAC_MD5]->sign = dst_hmac_md5_sign; - dst_t_func[KEY_HMAC_MD5]->verify = dst_hmac_md5_verify; - dst_t_func[KEY_HMAC_MD5]->compare = dst_hmac_md5_compare_keys; - dst_t_func[KEY_HMAC_MD5]->generate = dst_hmac_md5_generate_key; - dst_t_func[KEY_HMAC_MD5]->destroy = dst_hmac_md5_free_key_structure; - dst_t_func[KEY_HMAC_MD5]->to_dns_key = dst_hmac_md5_to_dns_key; - dst_t_func[KEY_HMAC_MD5]->from_dns_key = dst_buffer_to_hmac_md5; - dst_t_func[KEY_HMAC_MD5]->to_file_fmt = dst_hmac_md5_key_to_file_format; - dst_t_func[KEY_HMAC_MD5]->from_file_fmt = dst_hmac_md5_key_from_file_format; - return (1); -} - -#else -int -dst_hmac_md5_init(){ - return (0); -} -#endif - - - - - - - diff --git a/dst/md5.h b/dst/md5.h deleted file mode 100644 index 05ea3eb7..00000000 --- a/dst/md5.h +++ /dev/null @@ -1,123 +0,0 @@ -/* crypto/md/md5.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* - * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Internet Systems Consortium, Inc. - * 950 Charter Street - * Redwood City, CA 94063 - * <info@isc.org> - * https://www.isc.org/ - */ - -#ifndef HEADER_MD5_H -#define HEADER_MD5_H - -#ifdef __cplusplus -extern "C" { -#endif - -#define MD5_CBLOCK 64 -#define MD5_LBLOCK 16 -#define MD5_BLOCK 16 -#define MD5_LAST_BLOCK 56 -#define MD5_LENGTH_BLOCK 8 -#define MD5_DIGEST_LENGTH 16 - -typedef struct MD5state_st - { - unsigned long A,B,C,D; - unsigned long Nl,Nh; - unsigned long data[MD5_LBLOCK]; - int num; - } MD5_CTX; - -#ifndef NOPROTO -void MD5_Init(MD5_CTX *c); -void MD5_Update(MD5_CTX *c, const unsigned char *data, unsigned long len); -void MD5_Final(unsigned char *md, MD5_CTX *c); -unsigned char *MD5(unsigned char *d, unsigned long n, unsigned char *md); -#else -void MD5_Init(); -void MD5_Update(); -void MD5_Final(); -unsigned char *MD5(); -#endif - -/* to provide backward compatibleness to RSAREF calls ogud@tis.com 1997/11/14 */ -#define MD5Init(c) MD5_Init(c) -#define MD5Update(c,data, len) MD5_Update(c,data,len) -#define MD5Final(md, c) MD5_Final(md, c) -#ifdef __cplusplus -} -#endif - -#endif diff --git a/dst/md5_dgst.c b/dst/md5_dgst.c deleted file mode 100644 index 4dc0f691..00000000 --- a/dst/md5_dgst.c +++ /dev/null @@ -1,396 +0,0 @@ -/* crypto/md/md5_dgst.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* - * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Internet Systems Consortium, Inc. - * 950 Charter Street - * Redwood City, CA 94063 - * <info@isc.org> - * https://www.isc.org/ - */ - -#include <stdio.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include "md5_locl.h" -#include "cdefs.h" -#include "osdep.h" - -#ifdef USE_MD5 /* Added by ogud@tis.com 1998/1/26 */ - -const char *MD5_version="MD5 part of SSLeay 0.8.1 19-Jul-1997"; - -/* Implemented from RFC1321 The MD5 Message-Digest Algorithm - */ - -#define INIT_DATA_A (unsigned long)0x67452301L -#define INIT_DATA_B (unsigned long)0xefcdab89L -#define INIT_DATA_C (unsigned long)0x98badcfeL -#define INIT_DATA_D (unsigned long)0x10325476L - -#ifndef NOPROTO -static void md5_block(MD5_CTX *c, unsigned long *p); -#else -static void md5_block(); -#endif - -void MD5_Init(c) -MD5_CTX *c; - { - c->A=INIT_DATA_A; - c->B=INIT_DATA_B; - c->C=INIT_DATA_C; - c->D=INIT_DATA_D; - c->Nl=0; - c->Nh=0; - c->num=0; - } - -void MD5_Update(c, data, len) -MD5_CTX *c; -const register unsigned char *data; -unsigned long len; - { - register ULONG *p; - int sw,sc; - ULONG l; - - if (len == 0) return; - - l=(c->Nl+(len<<3))&0xffffffffL; - /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to - * Wei Dai <weidai@eskimo.com> for pointing it out. */ - if (l < c->Nl) /* overflow */ - c->Nh++; - c->Nh+=(len>>29); - c->Nl=l; - - if (c->num != 0) - { - p=c->data; - sw=c->num>>2; - sc=c->num&0x03; - - if ((c->num+len) >= MD5_CBLOCK) - { - l= p[sw]; - p_c2l(data,l,sc); - p[sw++]=l; - for (; sw<MD5_LBLOCK; sw++) - { - c2l(data,l); - p[sw]=l; - } - len-=(MD5_CBLOCK-c->num); - - md5_block(c,p); - c->num=0; - /* drop through and do the rest */ - } - else - { - int ew,ec; - - c->num+=(int)len; - if ((sc+len) < 4) /* ugly, add char's to a word */ - { - l= p[sw]; - p_c2l_p(data,l,sc,len); - p[sw]=l; - } - else - { - ew=(c->num>>2); - ec=(c->num&0x03); - l= p[sw]; - p_c2l(data,l,sc); - p[sw++]=l; - for (; sw < ew; sw++) - { c2l(data,l); p[sw]=l; } - if (ec) - { - c2l_p(data,l,ec); - p[sw]=l; - } - } - return; - } - } - /* we now can process the input data in blocks of MD5_CBLOCK - * chars and save the leftovers to c->data. */ - p=c->data; - while (len >= MD5_CBLOCK) - { -#if defined(L_ENDIAN) || defined(B_ENDIAN) - memcpy(p,data,MD5_CBLOCK); - data+=MD5_CBLOCK; -#ifdef B_ENDIAN - for (sw=(MD5_LBLOCK/4); sw; sw--) - { - Endian_Reverse32(p[0]); - Endian_Reverse32(p[1]); - Endian_Reverse32(p[2]); - Endian_Reverse32(p[3]); - p+=4; - } -#endif -#else - for (sw=(MD5_LBLOCK/4); sw; sw--) - { - c2l(data,l); *(p++)=l; - c2l(data,l); *(p++)=l; - c2l(data,l); *(p++)=l; - c2l(data,l); *(p++)=l; - } -#endif - p=c->data; - md5_block(c,p); - len-=MD5_CBLOCK; - } - sc=(int)len; - c->num=sc; - if (sc) - { - sw=sc>>2; /* words to copy */ -#ifdef L_ENDIAN - p[sw]=0; - memcpy(p,data,sc); -#else - sc&=0x03; - for ( ; sw; sw--) - { c2l(data,l); *(p++)=l; } - c2l_p(data,l,sc); - *p=l; -#endif - } - } - -static void md5_block(c, X) -MD5_CTX *c; -register ULONG *X; - { - register ULONG A,B,C,D; - - A=c->A; - B=c->B; - C=c->C; - D=c->D; - - /* Round 0 */ - LOCL_R0(A,B,C,D,X[ 0], 7,0xd76aa478L); - LOCL_R0(D,A,B,C,X[ 1],12,0xe8c7b756L); - LOCL_R0(C,D,A,B,X[ 2],17,0x242070dbL); - LOCL_R0(B,C,D,A,X[ 3],22,0xc1bdceeeL); - LOCL_R0(A,B,C,D,X[ 4], 7,0xf57c0fafL); - LOCL_R0(D,A,B,C,X[ 5],12,0x4787c62aL); - LOCL_R0(C,D,A,B,X[ 6],17,0xa8304613L); - LOCL_R0(B,C,D,A,X[ 7],22,0xfd469501L); - LOCL_R0(A,B,C,D,X[ 8], 7,0x698098d8L); - LOCL_R0(D,A,B,C,X[ 9],12,0x8b44f7afL); - LOCL_R0(C,D,A,B,X[10],17,0xffff5bb1L); - LOCL_R0(B,C,D,A,X[11],22,0x895cd7beL); - LOCL_R0(A,B,C,D,X[12], 7,0x6b901122L); - LOCL_R0(D,A,B,C,X[13],12,0xfd987193L); - LOCL_R0(C,D,A,B,X[14],17,0xa679438eL); - LOCL_R0(B,C,D,A,X[15],22,0x49b40821L); - /* Round 1 */ - LOCL_R1(A,B,C,D,X[ 1], 5,0xf61e2562L); - LOCL_R1(D,A,B,C,X[ 6], 9,0xc040b340L); - LOCL_R1(C,D,A,B,X[11],14,0x265e5a51L); - LOCL_R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL); - LOCL_R1(A,B,C,D,X[ 5], 5,0xd62f105dL); - LOCL_R1(D,A,B,C,X[10], 9,0x02441453L); - LOCL_R1(C,D,A,B,X[15],14,0xd8a1e681L); - LOCL_R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L); - LOCL_R1(A,B,C,D,X[ 9], 5,0x21e1cde6L); - LOCL_R1(D,A,B,C,X[14], 9,0xc33707d6L); - LOCL_R1(C,D,A,B,X[ 3],14,0xf4d50d87L); - LOCL_R1(B,C,D,A,X[ 8],20,0x455a14edL); - LOCL_R1(A,B,C,D,X[13], 5,0xa9e3e905L); - LOCL_R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L); - LOCL_R1(C,D,A,B,X[ 7],14,0x676f02d9L); - LOCL_R1(B,C,D,A,X[12],20,0x8d2a4c8aL); - /* Round 2 */ - LOCL_R2(A,B,C,D,X[ 5], 4,0xfffa3942L); - LOCL_R2(D,A,B,C,X[ 8],11,0x8771f681L); - LOCL_R2(C,D,A,B,X[11],16,0x6d9d6122L); - LOCL_R2(B,C,D,A,X[14],23,0xfde5380cL); - LOCL_R2(A,B,C,D,X[ 1], 4,0xa4beea44L); - LOCL_R2(D,A,B,C,X[ 4],11,0x4bdecfa9L); - LOCL_R2(C,D,A,B,X[ 7],16,0xf6bb4b60L); - LOCL_R2(B,C,D,A,X[10],23,0xbebfbc70L); - LOCL_R2(A,B,C,D,X[13], 4,0x289b7ec6L); - LOCL_R2(D,A,B,C,X[ 0],11,0xeaa127faL); - LOCL_R2(C,D,A,B,X[ 3],16,0xd4ef3085L); - LOCL_R2(B,C,D,A,X[ 6],23,0x04881d05L); - LOCL_R2(A,B,C,D,X[ 9], 4,0xd9d4d039L); - LOCL_R2(D,A,B,C,X[12],11,0xe6db99e5L); - LOCL_R2(C,D,A,B,X[15],16,0x1fa27cf8L); - LOCL_R2(B,C,D,A,X[ 2],23,0xc4ac5665L); - /* Round 3 */ - LOCL_R3(A,B,C,D,X[ 0], 6,0xf4292244L); - LOCL_R3(D,A,B,C,X[ 7],10,0x432aff97L); - LOCL_R3(C,D,A,B,X[14],15,0xab9423a7L); - LOCL_R3(B,C,D,A,X[ 5],21,0xfc93a039L); - LOCL_R3(A,B,C,D,X[12], 6,0x655b59c3L); - LOCL_R3(D,A,B,C,X[ 3],10,0x8f0ccc92L); - LOCL_R3(C,D,A,B,X[10],15,0xffeff47dL); - LOCL_R3(B,C,D,A,X[ 1],21,0x85845dd1L); - LOCL_R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL); - LOCL_R3(D,A,B,C,X[15],10,0xfe2ce6e0L); - LOCL_R3(C,D,A,B,X[ 6],15,0xa3014314L); - LOCL_R3(B,C,D,A,X[13],21,0x4e0811a1L); - LOCL_R3(A,B,C,D,X[ 4], 6,0xf7537e82L); - LOCL_R3(D,A,B,C,X[11],10,0xbd3af235L); - LOCL_R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL); - LOCL_R3(B,C,D,A,X[ 9],21,0xeb86d391L); - - c->A+=A&0xffffffffL; - c->B+=B&0xffffffffL; - c->C+=C&0xffffffffL; - c->D+=D&0xffffffffL; - } - -void MD5_Final(md, c) -unsigned char *md; -MD5_CTX *c; - { - register int i,j; - register ULONG l; - register ULONG *p; - static unsigned char end[4]={0x80,0x00,0x00,0x00}; - unsigned char *cp=end; - - /* c->num should definitely have room for at least one more byte. */ - p=c->data; - j=c->num; - i=j>>2; - - /* purify often complains about the following line as an - * Uninitialized Memory Read. While this can be true, the - * following p_c2l macro will reset l when that case is true. - * This is because j&0x03 contains the number of 'valid' bytes - * already in p[i]. If and only if j&0x03 == 0, the UMR will - * occur but this is also the only time p_c2l will do - * l= *(cp++) instead of l|= *(cp++) - * Many thanks to Alex Tang <altitude@cic.net> for pickup this - * 'potential bug' */ -#ifdef PURIFY - if ((j&0x03) == 0) p[i]=0; -#endif - l=p[i]; - p_c2l(cp,l,j&0x03); - p[i]=l; - i++; - /* i is the next 'undefined word' */ - if (c->num >= MD5_LAST_BLOCK) - { - for (; i<MD5_LBLOCK; i++) - p[i]=0; - md5_block(c,p); - i=0; - } - for (; i<(MD5_LBLOCK-2); i++) - p[i]=0; - p[MD5_LBLOCK-2]=c->Nl; - p[MD5_LBLOCK-1]=c->Nh; - md5_block(c,p); - cp=md; - l=c->A; l2c(l,cp); - l=c->B; l2c(l,cp); - l=c->C; l2c(l,cp); - l=c->D; l2c(l,cp); - - /* clear stuff, md5_block may be leaving some stuff on the stack - * but I'm not worried :-) */ - c->num=0; -/* memset((char *)&c,0,sizeof(c));*/ - } - -#ifdef undef -int printit(l) -unsigned long *l; - { - int i,ii; - - for (i=0; i<2; i++) - { - for (ii=0; ii<8; ii++) - { - fprintf(stderr,"%08lx ",l[i*8+ii]); - } - fprintf(stderr,"\n"); - } - } -#endif -#endif /* USE_MD5 */ diff --git a/dst/md5_locl.h b/dst/md5_locl.h deleted file mode 100644 index 07f440a2..00000000 --- a/dst/md5_locl.h +++ /dev/null @@ -1,211 +0,0 @@ -/* crypto/md/md5_locl.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* - * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Internet Systems Consortium, Inc. - * 950 Charter Street - * Redwood City, CA 94063 - * <info@isc.org> - * https://www.isc.org/ - */ - -#include <stdlib.h> -#include <string.h> -#include "md5.h" - -#define ULONG unsigned long -#define UCHAR unsigned char -#define UINT unsigned int - -#if defined(NOCONST) -#define const -#endif - -#undef c2l -#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24)) - -#undef p_c2l -#define p_c2l(c,l,n) { \ - switch (n) { \ - case 0: l =((unsigned long)(*((c)++))); \ - case 1: l|=((unsigned long)(*((c)++)))<< 8; \ - case 2: l|=((unsigned long)(*((c)++)))<<16; \ - case 3: l|=((unsigned long)(*((c)++)))<<24; \ - } \ - } - -/* NOTE the pointer is not incremented at the end of this */ -#undef c2l_p -#define c2l_p(c,l,n) { \ - l=0; \ - (c)+=n; \ - switch (n) { \ - case 3: l =((unsigned long)(*(--(c))))<<16; \ - case 2: l|=((unsigned long)(*(--(c))))<< 8; \ - case 1: l|=((unsigned long)(*(--(c)))) ; \ - } \ - } - -#undef p_c2l_p -#define p_c2l_p(c,l,sc,len) { \ - switch (sc) \ - { \ - case 0: l =((unsigned long)(*((c)++))); \ - if (--len == 0) break; \ - case 1: l|=((unsigned long)(*((c)++)))<< 8; \ - if (--len == 0) break; \ - case 2: l|=((unsigned long)(*((c)++)))<<16; \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */ -#if defined(WIN32) -/* 5 instructions with rotate instruction, else 9 */ -#define Endian_Reverse32(a) \ - { \ - unsigned long l=(a); \ - (a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \ - } -#else -/* 6 instructions with rotate instruction, else 8 */ -#define Endian_Reverse32(a) \ - { \ - unsigned long l=(a); \ - l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \ - (a)=ROTATE(l,16L); \ - } -#endif -/* -#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) -#define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) -*/ - -/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be - * simplified to the code below. Wei attributes these optimizations - * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. - */ -#define F(x,y,z) ((((y) ^ (z)) & (x)) ^ (z)) -#define G(x,y,z) ((((x) ^ (y)) & (z)) ^ (y)) -#define H(x,y,z) ((x) ^ (y) ^ (z)) -#define I(x,y,z) (((x) | (~(z))) ^ (y)) - -#undef ROTATE -#if defined(WIN32) -#define ROTATE(a,n) _lrotl(a,n) -#else -#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) -#endif - -#define LOCL_R0(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+F((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; };\ - -#define LOCL_R1(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+G((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; - -#define LOCL_R2(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+H((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; - -#define LOCL_R3(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+I((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; diff --git a/dst/prandom.c b/dst/prandom.c deleted file mode 100644 index 7a24d332..00000000 --- a/dst/prandom.c +++ /dev/null @@ -1,976 +0,0 @@ -/* - * Portions Copyright (c) 2012-2014 by Internet Systems Consortium, Inc. ("ISC") - * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC") - * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. - * - * Permission to use, copy modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THE SOFTWARE. - */ - -#include <stdio.h> -#include <sys/types.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <fcntl.h> -#include <time.h> -#include <dirent.h> -#include <sys/param.h> -#include <sys/stat.h> -#include <sys/time.h> - -#include <netinet/in.h> -#include <sys/socket.h> -#define NEED_PRAND_CONF - -#include "cdefs.h" -#include "osdep.h" -#include "dst_internal.h" -#include "arpa/nameser.h" - - -#ifndef DST_NUM_HASHES -#define DST_NUM_HASHES 4 -#endif -#ifndef DST_NUMBER_OF_COUNTERS -#define DST_NUMBER_OF_COUNTERS 5 /* 32 * 5 == 160 == SHA(1) > MD5 */ -#endif - -/* - * the constant below is a prime number to make fixed data structures like - * stat and time wrap over blocks. This adds certain randomness to what is - * in each digested block. - * The prime number 2879 has the special property that when - * divided by 2,4 and 6 the result is also a prime numbers - */ - -#ifndef DST_RANDOM_BLOCK_SIZE -#define DST_RANDOM_BLOCK_SIZE 2879 -#endif - -/* - * This constant dictates how many bits we shift to the right before using a - */ -#ifndef DST_SHIFT -#define DST_SHIFT 9 -#endif - -/* - * An initializer that is as bad as any other with half the bits set - */ -#ifndef DST_RANDOM_PATTERN -#define DST_RANDOM_PATTERN 0x8765CA93 -#endif -/* - * things must have changed in the last 3600 seconds to be used - */ -#define MAX_OLD 3600 - -/* - * Define a single set of configuration for prand stuff. A superset - * works okay (failed commands return no data, missing directories - * are skipped, and so on. - */ -static const char *cmds[] = { - "/usr/bin/netstat -an 2>&1", - "/usr/sbin/netstat -an 2>&1", - "/usr/etc/netstat -an 2>&1", - "/bin/netstat -an 2>&1", - "/usr/ucb/netstat -an 2>&1", - - /* AIX */ - "/bin/ps -ef 2>&1", - "/bin/df 2>&1", - "/usr/bin/uptime 2>&1", - "/usr/bin/printenv 2>&1", - "/usr/bin/netstat -s 2>&1", - "/usr/bin/w 2>&1", - /* Tru64 */ - "/usr/bin/dig com. soa +ti=1 +retry=0 2>&1", - "/usr/sbin/arp -an 2>&1", - "/usr/ucb/uptime 2>&1", - "/bin/iostat 2>&1", - /* BSD */ - "/bin/ps -axlw 2>&1", - "/usr/sbin/iostat 2>&1", - "/usr/sbin/vmstat 2>&1", - /* FreeBSD */ - "/usr/bin/vmstat 2>&1", - "/usr/bin/w 2>&1", - /* HP/UX */ - "/usr/bin/ps -ef 2>&1", - /* IRIX */ - "/usr/etc/arp -a 2>&1", - "/usr/bsd/uptime 2>&1", - "/usr/bin/printenv 2>&1", - "/usr/bsd/w 2>&1", - /* Linux */ - "/sbin/arp -an 2>&1", - "/usr/bin/vmstat 2>&1", - /* NetBSD */ - /* OpenBSD */ - /* QNX */ - "/bin/ps -a 2>&1", - "/bin/sin 2>&1", - "/bin/sin fds 2>&1", - "/bin/sin memory 2>&1", - /* Solaris */ - "/usr/ucb/uptime 2>&1", - "/usr/ucb/netstat -an 2>&1", - - "/usr/bin/netstat -an 2>&1", - "/usr/sbin/netstat -an 2>&1", - "/usr/etc/netstat -an 2>&1", - "/bin/netstat -an 2>&1", - "/usr/ucb/netstat -an 2>&1", - NULL -}; - -static const char *dirs[] = { - "/tmp", - "/var/tmp", - ".", - "/", - "/var/spool", - "/var/adm", - "/dev", - "/var/spool/mail", - "/var/mail", - "/home", - "/usr/home", - NULL -}; - -static const char *files[] = { - "/var/adm/messages", - "/var/adm/wtmp", - "/var/adm/lastlog", - "/var/log/messages", - "/var/log/wtmp", - "/var/log/lastlog", - "/proc/stat", - "/proc/rtc", - "/proc/meminfo", - "/proc/interrupts", - "/proc/self/status", - "/proc/ipstats", - "/proc/dumper", - "/proc/self/as", - NULL -}; - -/* - * these two data structure are used to process input data into digests, - * - * The first structure contains a pointer to a DST HMAC key - * the variables accompanying are used for - * step : select every step byte from input data for the hash - * block: number of data elements going into each hash - * digested: number of data elements digested so far - * curr: offset into the next input data for the first byte. - */ -typedef struct hash { - DST_KEY *key; - void *ctx; - int digested, block, step, curr; -} prand_hash; - -/* - * This data structure controls number of hashes and keeps track of - * overall progress in generating correct number of bytes of output. - * output : array to store the output data in - * needed : how many bytes of output are needed - * filled : number of bytes in output so far. - * bytes : total number of bytes processed by this structure - * file_digest : the HMAC key used to digest files. - */ -typedef struct work { - unsigned needed, filled, bytes; - u_char *output; - prand_hash *hash[DST_NUM_HASHES]; - DST_KEY *file_digest; -} dst_work; - - -/* - * forward function declarations - */ -static int get_dev_random(u_char *output, unsigned size); -static int do_time(dst_work *work); -static int do_ls(dst_work *work); -static int unix_cmd(dst_work *work); -static int digest_file(dst_work *work); - -static void force_hash(dst_work *work, prand_hash *hash); -static int do_hash(dst_work *work, prand_hash *hash, const u_char *input, - unsigned size); -static int my_digest(dst_work *tmp, const u_char *input, unsigned size); -static prand_hash *get_hmac_key(int step, int block); - -static unsigned own_random(dst_work *work); - - -/* - * variables used in the quick random number generator - */ -static u_int32_t ran_val = DST_RANDOM_PATTERN; -static u_int32_t ran_cnt = (DST_RANDOM_PATTERN >> 10); - -/* - * setting the quick_random generator to particular values or if both - * input parameters are 0 then set it to initial values - */ - -void -dst_s_quick_random_set(u_int32_t val, u_int32_t cnt) -{ - ran_val = (val == 0) ? DST_RANDOM_PATTERN : val; - ran_cnt = (cnt == 0) ? (DST_RANDOM_PATTERN >> 10) : cnt; -} - -/* - * this is a quick and random number generator that seems to generate quite - * good distribution of data - */ -u_int32_t -dst_s_quick_random(int inc) -{ - ran_val = ((ran_val >> 13) ^ (ran_val << 19)) ^ - ((ran_val >> 7) ^ (ran_val << 25)); - if (inc > 0) /* only increasing values accepted */ - ran_cnt += inc; - ran_val += ran_cnt++; - return (ran_val); -} - -/* - * get_dev_random: Function to read /dev/random reliably - * this function returns how many bytes where read from the device. - * port_after.h should set the control variable HAVE_DEV_RANDOM - */ -static int -get_dev_random(u_char *output, unsigned size) -{ -#ifdef HAVE_DEV_RANDOM - struct stat st; - int n = 0, fd = -1, s; - - s = stat("/dev/random", &st); - if (s == 0 && S_ISCHR(st.st_mode)) { - if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) { - if ((n = read(fd, output, size)) < 0) - n = 0; - close(fd); - } - return (n); - } -#endif - return (0); -} - -/* - * Portable way of getting the time values if gettimeofday is missing - * then compile with -DMISSING_GETTIMEOFDAY time() is POSIX compliant but - * gettimeofday() is not. - * Time of day is predictable, we are looking for the randomness that comes - * the last few bits in the microseconds in the timer are hard to predict when - * this is invoked at the end of other operations - */ -struct timeval *mtime; -static int -do_time(dst_work *work) -{ - int cnt = 0; - static u_char tmp[sizeof(struct timeval) + sizeof(struct timezone)]; - struct timezone *zone; - - zone = (struct timezone *) tmp; - mtime = (struct timeval *)(tmp + sizeof(struct timezone)); - gettimeofday(mtime, zone); - cnt = sizeof(tmp); - my_digest(work, tmp, sizeof(tmp)); - - return (cnt); -} - -/* - * this function simulates the ls command, but it uses stat which gives more - * information and is harder to guess - * Each call to this function will visit the next directory on the list of - * directories, in a circular manner. - * return value is the number of bytes added to the temp buffer - * - * do_ls() does not visit subdirectories - * if attacker has access to machine it can guess most of the values seen - * thus it is important to only visit directories that are frequently updated - * Attacker that has access to the network can see network traffic - * when NFS mounted directories are accessed and know exactly the data used - * but may not know exactly in what order data is used. - * Returns the number of bytes that where returned in stat structures - */ -static int -do_ls(dst_work *work) -{ - struct dir_info { - uid_t uid; - gid_t gid; - off_t size; - time_t atime, mtime, ctime; - }; - static struct dir_info dir_info; - struct stat buf; - struct dirent *entry; - static int i = 0; - static unsigned long d_round = 0; - struct timeval tv; - int n = 0, out = 0; - unsigned dir_len; - - char file_name[1024]; - u_char tmp_buff[1024]; - DIR *dir = NULL; - - if (dirs[i] == NULL) /* if at the end of the list start over */ - i = 0; - if (stat(dirs[i++], &buf)) /* directory does not exist */ - return (0); - - gettimeofday(&tv,NULL); - if (d_round == 0) - d_round = tv.tv_sec - MAX_OLD; - else if (i==1) /* if starting a new round cut what we accept */ - d_round += (tv.tv_sec - d_round)/2; - - if (buf.st_atime < d_round) - return (0); - - EREPORT(("do_ls i %d filled %4d in_temp %4d\n", - i-1, work->filled, work->in_temp)); - memcpy(tmp_buff, &buf, sizeof(buf)); - - - if ((dir = opendir(dirs[i-1])) == NULL)/* open it for read */ - return (0); - strcpy(file_name, dirs[i-1]); - dir_len = strlen(file_name); - file_name[dir_len++] = '/'; - while ((entry = readdir(dir))) { - unsigned len = strlen(entry->d_name); - out += len; - if (my_digest(work, (u_char *)entry->d_name, len)) - break; - - memcpy(&file_name[dir_len], entry->d_name, len); - file_name[dir_len + len] = 0x0; - /* for all entries in dir get the stats */ - if (stat(file_name, &buf) == 0) { - n++; /* count successful stat calls */ - /* copy non static fields */ - dir_info.uid += buf.st_uid; - dir_info.gid += buf.st_gid; - dir_info.size += buf.st_size; - dir_info.atime += buf.st_atime; - dir_info.mtime += buf.st_mtime; - dir_info.ctime += buf.st_ctime; - out += sizeof(dir_info); - if(my_digest(work, (u_char *)&dir_info, - sizeof(dir_info))) - break; - } - } - closedir(dir); /* done */ - out += do_time(work); /* add a time stamp */ - return (out); -} - - -/* - * unix_cmd() - * this function executes the a command from the cmds[] list of unix commands - * configured in the prand_conf.h file - * return value is the number of bytes added to the randomness temp buffer - * - * it returns the number of bytes that where read in - * if more data is needed at the end time is added to the data. - * This function maintains a state to selects the next command to run - * returns the number of bytes read in from the command - */ -static int -unix_cmd(dst_work *work) -{ - static int cmd_index = 0; - int cnt = 0, n; - FILE *pipe; - u_char buffer[4096]; - - if (cmds[cmd_index] == NULL) - cmd_index = 0; - EREPORT(("unix_cmd() i %d filled %4d in_temp %4d\n", - cmd_index, work->filled, work->in_temp)); - pipe = popen(cmds[cmd_index++], "r"); /* execute the command */ - - while ((n = fread(buffer, sizeof(char), sizeof(buffer), pipe)) > 0) { - cnt += n; /* process the output */ - if (my_digest(work, buffer, (unsigned)n)) - break; - /* this adds some randomness to the output */ - cnt += do_time(work); - } - while ((n = fread(buffer, sizeof(char), sizeof(buffer), pipe)) > 0) - ; /* drain the pipe */ - pclose(pipe); - return (cnt); /* read how many bytes where read in */ -} - -/* - * digest_file() This function will read a file and run hash over it - * input is a file name - */ -static int -digest_file(dst_work *work) -{ - static int f_cnt = 0; - static unsigned long f_round = 0; - FILE *fp; - void *ctx; - const char *name; - int no, i; - struct stat st; - struct timeval tv; - u_char buf[1024]; - - name = files[f_cnt++]; - if (f_round == 0 || files[f_cnt] == NULL || work->file_digest == NULL) - if (gettimeofday(&tv, NULL)) /* only do this if needed */ - return (0); - if (f_round == 0) /* first time called set to one hour ago */ - f_round = (tv.tv_sec - MAX_OLD); - if (files[f_cnt] == NULL) { /* end of list of files */ - if(f_cnt <= 1) /* list is too short */ - return (0); - f_cnt = 0; /* start again on list */ - f_round += (tv.tv_sec - f_round)/2; /* set new cutoff */ - work->file_digest = dst_free_key(work->file_digest); - } - if (work->file_digest == NULL) { - work->file_digest = dst_buffer_to_key("", KEY_HMAC_MD5, 0, 0, - (u_char *)&tv, sizeof(tv)); - if (work->file_digest == NULL) - return (0); - } - if (access(name, R_OK) || stat(name, &st)) - return (0); /* no such file or not allowed to read it */ - if (strncmp(name, "/proc/", 6) && st.st_mtime < f_round) - return(0); /* file has not changed recently enough */ - if (dst_sign_data(SIG_MODE_INIT, work->file_digest, &ctx, - NULL, 0, NULL, 0)) { - work->file_digest = dst_free_key(work->file_digest); - return (0); - } - if ((fp = fopen(name, "r")) == NULL) - return (0); - for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0; - no += i) - dst_sign_data(SIG_MODE_UPDATE, work->file_digest, &ctx, - buf, (unsigned)i, NULL, 0); - - fclose(fp); - if (no >= 64) { - i = dst_sign_data(SIG_MODE_FINAL, work->file_digest, &ctx, - NULL, 0, &work->output[work->filled], - DST_HASH_SIZE); - if (i > 0) - work->filled += i; - } - - my_digest(work, (const u_char *)name, strlen(name)); - return (no + strlen(name)); -} - -/* - * function to perform the FINAL and INIT operation on a hash if allowed - */ -static void -force_hash(dst_work *work, prand_hash *hash) -{ - int i = 0; - - /* - * if more than half a block then add data to output - * otherwise add the digest to the next hash - */ - if ((hash->digested * 2) > hash->block) { - i = dst_sign_data(SIG_MODE_FINAL, hash->key, &hash->ctx, - NULL, 0, &work->output[work->filled], - DST_HASH_SIZE); - - hash->digested = 0; - dst_sign_data(SIG_MODE_INIT, hash->key, &hash->ctx, - NULL, 0, NULL, 0); - if (i > 0) - work->filled += i; - } - return; -} - -/* - * This function takes the input data does the selection of data specified - * by the hash control block. - * The step variable in the work structure determines which 1/step bytes - * are used, - * - */ -static int -do_hash(dst_work *work, prand_hash *hash, const u_char *input, unsigned size) -{ - const u_char *tmp = input; - u_char *tp, *abuf = (u_char *)0; - int i, n; - unsigned needed, avail, dig, cnt = size; - unsigned tmp_size = 0; - - if (cnt <= 0 || input == NULL) - return (0); - - if (hash->step > 1) { /* if using subset of input data */ - tmp_size = size / hash->step + 2; - abuf = tp = malloc(tmp_size); - /* no good return code but at least don't step on things */ - if (tp == NULL) { - return (0); - } - tmp = tp; - for (cnt = 0, i = hash->curr; i < size; i += hash->step, cnt++) - *(tp++) = input[i]; - /* calculate the starting point in the next input set */ - hash->curr = (hash->step - (i - size)) % hash->step; - } - /* digest the data in block sizes */ - for (n = 0; n < cnt; n += needed) { - avail = (cnt - n); - needed = hash->block - hash->digested; - dig = (avail < needed) ? avail : needed; - dst_sign_data(SIG_MODE_UPDATE, hash->key, &hash->ctx, - &tmp[n], dig, NULL, 0); - hash->digested += dig; - if (hash->digested >= hash->block) - force_hash(work, hash); - if (work->needed < work->filled) { - if (abuf) - SAFE_FREE2(abuf, tmp_size); - return (1); - } - } - if (tmp_size > 0) - SAFE_FREE2(abuf, tmp_size); - return (0); -} - -/* - * Copy data from INPUT for length SIZE into the work-block TMP. - * If we fill the work-block, digest it; then, - * if work-block needs more data, keep filling with the rest of the input. - */ -static int -my_digest(dst_work *work, const u_char *input, unsigned size) -{ - - int i, full = 0; - static unsigned counter; - - counter += size; - /* first do each one of the hashes */ - for (i = 0; i < DST_NUM_HASHES && full == 0; i++) - full = do_hash(work, work->hash[i], input, size) + - do_hash(work, work->hash[i], (u_char *) &counter, - sizeof(counter)); -/* - * if enough data has be generated do final operation on all hashes - * that have enough date for that - */ - for (i = 0; full && (i < DST_NUM_HASHES); i++) - force_hash(work, work->hash[i]); - - return (full); -} - -/* - * this function gets some semi random data and sets that as an HMAC key - * If we get a valid key this function returns that key initialized - * otherwise it returns NULL; - */ -static prand_hash * -get_hmac_key(int step, int block) -{ - - u_char *buff; - int temp = 0, n = 0; - unsigned size = 70; - DST_KEY *new_key = NULL; - prand_hash *new = NULL; - - /* use key that is larger than digest algorithms (64) for key size */ - buff = malloc(size); - if (buff == NULL) - return (NULL); - /* do not memset the allocated memory to get random bytes there */ - /* time of day is somewhat random especially in the last bytes */ - gettimeofday((struct timeval *) &buff[n], NULL); - n += sizeof(struct timeval); - -/* get some semi random stuff in here stir it with micro seconds */ - if (n < size) { - temp = dst_s_quick_random((int) buff[n - 1]); - memcpy(&buff[n], &temp, sizeof(temp)); - n += sizeof(temp); - } -/* get the pid of this process and its parent */ - if (n < size) { - temp = (int) getpid(); - memcpy(&buff[n], &temp, sizeof(temp)); - n += sizeof(temp); - } - if (n < size) { - temp = (int) getppid(); - memcpy(&buff[n], &temp, sizeof(temp)); - n += sizeof(temp); - } -/* get the user ID */ - if (n < size) { - temp = (int) getuid(); - memcpy(&buff[n], &temp, sizeof(temp)); - n += sizeof(temp); - } -#ifndef GET_HOST_ID_MISSING - if (n < size) { - temp = (int) gethostid(); - memcpy(&buff[n], &temp, sizeof(temp)); - n += sizeof(temp); - } -#endif -/* get some more random data */ - if (n < size) { - temp = dst_s_quick_random((int) buff[n - 1]); - memcpy(&buff[n], &temp, sizeof(temp)); - } -/* covert this into a HMAC key */ - new_key = dst_buffer_to_key("", KEY_HMAC_MD5, 0, 0, buff, size); - SAFE_FREE(buff); - -/* get the control structure */ - if ((new = malloc(sizeof(prand_hash))) == NULL) - return (NULL); - new->digested = new->curr = 0; - new->step = step; - new->block = block; - new->key = new_key; - if (dst_sign_data(SIG_MODE_INIT, new_key, &new->ctx, NULL, 0, NULL, 0)) { - SAFE_FREE(new); - return (NULL); - } - - return (new); -} - -/* - * own_random() - * This function goes out and from various sources tries to generate enough - * semi random data that a hash function can generate a random data. - * This function will iterate between the two main random source sources, - * information from programs and directories in random order. - * This function return the number of bytes added to the random output buffer. - */ -static unsigned -own_random(dst_work *work) -{ - int dir = 0, b; - int bytes, n, cmd = 0, dig = 0; -/* - * now get the initial seed to put into the quick random function from - * the address of the work structure - */ - bytes = (int) getpid(); -/* - * proceed while needed - */ - while (work->filled < work->needed) { - EREPORT(("own_random r %08x b %6d t %6d f %6d\n", - ran_val, bytes, work->in_temp, work->filled)); -/* pick a random number in the range of 0..7 based on that random number - * perform some operations that yield random data - */ - n = (dst_s_quick_random(bytes) >> DST_SHIFT) & 0x07; - switch (n) { - case 0: - case 3: - if (sizeof(cmds) > 2 *sizeof(*cmds)) { - b = unix_cmd(work); - cmd += b; - } - break; - - case 1: - case 7: - if (sizeof(dirs) > 2 *sizeof(*dirs)) { - b = do_ls(work); - dir += b; - } - break; - - case 4: - case 5: - /* retry getting data from /dev/random */ - b = get_dev_random(&work->output[work->filled], - work->needed - work->filled); - if (b > 0) - work->filled += b; - break; - - case 6: - if (sizeof(files) > 2 * sizeof(*files)) { - b = digest_file(work); - dig += b; - } - break; - - case 2: - default: /* to make sure we make some progress */ - work->output[work->filled++] = 0xff & - dst_s_quick_random(bytes); - b = 1; - break; - } - if (b > 0) - bytes += b; - } - return (work->filled); -} - - -/* - * dst_s_random() This function will return the requested number of bytes - * of randomness to the caller it will use the best available sources of - * randomness. - * The current order is to use /dev/random, precalculated randomness, and - * finally use some system calls and programs to generate semi random data - * that is then digested to generate randomness. - * This function is thread safe as each thread uses its own context, but - * concurrent treads will affect each other as they update shared state - * information. - * It is strongly recommended that this function be called requesting a size - * that is not a multiple of the output of the hash function used. - * - * If /dev/random is not available this function is not suitable to generate - * large amounts of data, rather it is suitable to seed a pseudo-random - * generator - * Returns the number of bytes put in the output buffer - */ -int -dst_s_random(u_char *output, unsigned size) -{ - int n = 0, i; - unsigned s; - static u_char old_unused[DST_HASH_SIZE * DST_NUM_HASHES]; - static unsigned unused = 0; - - if (size <= 0 || output == NULL) - return (0); - - if (size >= 2048) - return (-1); - /* - * Read from /dev/random - */ - n = get_dev_random(output, size); - /* - * If old data is available and needed use it - */ - if (n < size && unused > 0) { - unsigned need = size - n; - if (unused <= need) { - memcpy(output, old_unused, unused); - n += unused; - unused = 0; - } else { - memcpy(output, old_unused, need); - n += need; - unused -= need; - memcpy(old_unused, &old_unused[need], unused); - } - } - /* - * If we need more use the simulated randomness here. - */ - if (n < size) { - dst_work *my_work = (dst_work *) malloc(sizeof(dst_work)); - if (my_work == NULL) - return (n); - my_work->needed = size - n; - my_work->filled = 0; - my_work->output = (u_char *) malloc(my_work->needed + - DST_HASH_SIZE * - DST_NUM_HASHES); - my_work->file_digest = NULL; - if (my_work->output == NULL) { - SAFE_FREE(my_work); - return (n); - } - memset(my_work->output, 0x0, my_work->needed); -/* allocate upto 4 different HMAC hash functions out of order */ -#if DST_NUM_HASHES >= 3 - my_work->hash[2] = get_hmac_key(3, DST_RANDOM_BLOCK_SIZE / 2); -#endif -#if DST_NUM_HASHES >= 2 - my_work->hash[1] = get_hmac_key(7, DST_RANDOM_BLOCK_SIZE / 6); -#endif -#if DST_NUM_HASHES >= 4 - my_work->hash[3] = get_hmac_key(5, DST_RANDOM_BLOCK_SIZE / 4); -#endif - my_work->hash[0] = get_hmac_key(1, DST_RANDOM_BLOCK_SIZE); - if (my_work->hash[0] == NULL) { /* if failure bail out */ - for (i = 1; i < DST_NUM_HASHES; i++) { - if (my_work->hash[i] != NULL) { - dst_free_key(my_work->hash[i]->key); - SAFE_FREE(my_work->hash[i]); - } - } - SAFE_FREE(my_work->output); - SAFE_FREE(my_work); - return (n); - } - s = own_random(my_work); -/* if more generated than needed store it for future use */ - if (s >= my_work->needed) { - EREPORT(("dst_s_random(): More than needed %d >= %d\n", - s, my_work->needed)); - memcpy(&output[n], my_work->output, my_work->needed); - n += my_work->needed; - /* saving unused data for next time */ - unused = s - my_work->needed; - if (unused > sizeof(old_unused)) { - unused = sizeof(old_unused); - } - memcpy(old_unused, &my_work->output[my_work->needed], - unused); - } else { - /* XXXX This should not happen */ - EREPORT(("Not enough %d >= %d\n", s, my_work->needed)); - memcpy(&output[n], my_work->output, s); - n += my_work->needed; - } - -/* delete the allocated work area */ - for (i = 0; i < DST_NUM_HASHES; i++) { - if (my_work->hash[i] != NULL) { - dst_free_key(my_work->hash[i]->key); - SAFE_FREE(my_work->hash[i]); - } - } - SAFE_FREE(my_work->output); - SAFE_FREE(my_work); - } - return (n); -} - -/* - * A random number generator that is fast and strong - * this random number generator is based on HASHing data, - * the input to the digest function is a collection of <NUMBER_OF_COUNTERS> - * counters that is incremented between digest operations - * each increment operation amortizes to 2 bits changed in that value - * for 5 counters thus the input will amortize to have 10 bits changed - * The counters are initially set using the strong random function above - * the HMAC key is selected by the same method as the HMAC keys for the - * strong random function. - * Each set of counters is used for 2^25 operations - * - * returns the number of bytes written to the output buffer - * or negative number in case of error - */ -int -dst_s_semi_random(u_char *output, unsigned size) -{ - static u_int32_t counter[DST_NUMBER_OF_COUNTERS]; - static u_char semi_old[DST_HASH_SIZE]; - static int semi_loc = 0, cnt = 0; - static unsigned hb_size = 0; - static DST_KEY *my_key = NULL; - prand_hash *hash; - unsigned out = 0; - unsigned i; - int n, res; - - if (output == NULL || size <= 0) - return (-2); - -/* check if we need a new key */ - if (my_key == NULL || cnt > (1 << 25)) { /* get HMAC KEY */ - if (my_key) - my_key->dk_func->destroy(my_key); - if ((hash = get_hmac_key(1, DST_RANDOM_BLOCK_SIZE)) == NULL) - return (0); - my_key = hash->key; -/* check if the key works stir the new key using some old random data */ - hb_size = dst_sign_data(SIG_MODE_ALL, my_key, NULL, - (u_char *) counter, sizeof(counter), - semi_old, sizeof(semi_old)); - if (hb_size <= 0) { - EREPORT(("dst_s_semi_random() Sign of alg %d failed %d\n", - my_key->dk_alg, hb_size)); - return (-1); - } -/* new set the counters to random values */ - dst_s_random((u_char *) counter, sizeof(counter)); - cnt = 0; - } -/* if old data around use it first */ - if (semi_loc < hb_size) { - if (size <= hb_size - semi_loc) { /* need less */ - memcpy(output, &semi_old[semi_loc], size); - semi_loc += size; - return (size); /* DONE */ - } else { - out = hb_size - semi_loc; - memcpy(output, &semi_old[semi_loc], out); - semi_loc += out; - } - } -/* generate more random stuff */ - while (out < size) { - /* - * modify at least one bit by incrementing at least one counter - * based on the last bit of the last counter updated update - * the next one. - * minimally this operation will modify at least 1 bit, - * amortized 2 bits - */ - for (n = 0; n < DST_NUMBER_OF_COUNTERS; n++) - i = (int) counter[n]++; - - res = dst_sign_data(SIG_MODE_ALL, my_key, NULL, - (u_char *) counter, hb_size, - semi_old, sizeof(semi_old)); - if (res < 0) { - return res; - } - i = (unsigned) res; - if (i != hb_size) - EREPORT(("HMAC SIGNATURE FAILURE %d\n", i)); - cnt++; - if (size - out < i) /* Not all data is needed */ - semi_loc = i = size - out; - memcpy(&output[out], semi_old, i); - out += i; - } - return (out); -} diff --git a/server/ddns.c b/server/ddns.c index b5827870..d500a169 100644 --- a/server/ddns.c +++ b/server/ddns.c @@ -4,7 +4,7 @@ /* * - * Copyright (c) 2009-2014 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 2009-2015 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 2000-2003 by Internet Software Consortium * @@ -35,7 +35,6 @@ */ #include "dhcpd.h" -#include "dst/md5.h" #include <dns/result.h> char *ddns_standard_tag = "ddns-dhcid"; |