mir/isc-dhcp
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/dhcp synced 2025-08-30 22:05:23 +00:00
Code Issues Releases Wiki Activity

[master] Remove dst directory as it was replaced in 4.2.0 by Bind

Browse Source
This commit is contained in:
Shawn Routhier
2015-04-15 13:28:44 -07:00
parent 1c0b7d66b6
commit da88d34bdd
19 changed files with 14 additions and 4899 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.am
View File

@@ -25,7 +25,7 @@ EXTRA_DIST = RELNOTES LICENSE \
bind/Makefile.in bind/bind.tar.gz bind/version.tmp \
common/tests/Atffile server/tests/Atffile
SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server
SUBDIRS = bind includes tests common omapip client dhcpctl relay server
nobase_include_HEADERS = dhcpctl/dhcpctl.h

2
Makefile.in
View File

@@ -349,7 +349,7 @@ EXTRA_DIST = RELNOTES LICENSE \
bind/Makefile.in bind/bind.tar.gz bind/version.tmp \
common/tests/Atffile server/tests/Atffile
SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server
SUBDIRS = bind includes tests common omapip client dhcpctl relay server
nobase_include_HEADERS = dhcpctl/dhcpctl.h
all: all-recursive

6
RELNOTES
View File

@@ -88,6 +88,12 @@ by Eric Young (eay@cryptsoft.com).
a proper length for it.
[ISC-Bugs #39209]
- Remove the dst directory. This was replaced in 4.2.0 with the dst
code from the Bind libraries but we continued to include it for
backwards compatibility. As we have now released 4.3.x it seems
reasonable to remove it.
[ISC-Buts #39019]
Changes since 4.3.2rc2
- None

2
common/dns.c
View File

@@ -3,7 +3,7 @@
Domain Name Service subroutines. */
/*
* Copyright (c) 2009-2014 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2009-2015 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2001-2003 by Internet Software Consortium
*

5
configure vendored
View File

@@ -6849,7 +6849,11 @@ $as_echo "#define FLEXIBLE_ARRAY_MEMBER /**/" >>confdefs.h
fi
<<<<<<< HEAD
ac_config_files="$ac_config_files Makefile bind/Makefile client/Makefile client/tests/Makefile common/Makefile common/tests/Makefile dhcpctl/Makefile dst/Makefile includes/Makefile omapip/Makefile relay/Makefile server/Makefile tests/Makefile tests/unittest.sh server/tests/Makefile doc/devel/doxyfile"
=======
ac_config_files="$ac_config_files Makefile client/Makefile client/tests/Makefile common/Makefile common/tests/Makefile dhcpctl/Makefile includes/Makefile omapip/Makefile relay/Makefile server/Makefile tests/Makefile tests/unittest.sh server/tests/Makefile doc/devel/doxyfile"
>>>>>>> rt39019
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
@@ -7598,7 +7602,6 @@ do
"common/Makefile") CONFIG_FILES="$CONFIG_FILES common/Makefile" ;;
"common/tests/Makefile") CONFIG_FILES="$CONFIG_FILES common/tests/Makefile" ;;
"dhcpctl/Makefile") CONFIG_FILES="$CONFIG_FILES dhcpctl/Makefile" ;;
"dst/Makefile") CONFIG_FILES="$CONFIG_FILES dst/Makefile" ;;
"includes/Makefile") CONFIG_FILES="$CONFIG_FILES includes/Makefile" ;;
"omapip/Makefile") CONFIG_FILES="$CONFIG_FILES omapip/Makefile" ;;
"relay/Makefile") CONFIG_FILES="$CONFIG_FILES relay/Makefile" ;;

1
configure.ac
View File

@@ -665,7 +665,6 @@ AC_CONFIG_FILES([
common/Makefile
common/tests/Makefile
dhcpctl/Makefile
dst/Makefile
includes/Makefile
omapip/Makefile
relay/Makefile

2
dst/.cvsignore
View File

@@ -1,2 +0,0 @@
.deps
Makefile

8
dst/Makefile.am
View File

@@ -1,8 +0,0 @@
AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
lib_LIBRARIES = libdst.a
libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
base64.c prandom.c
EXTRA_DIST = dst_internal.h md5.h md5_locl.h

602
dst/Makefile.in
View File

@@ -1,602 +0,0 @@
# Makefile.in generated by automake 1.14 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = dst
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/includes/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__installdirs = "$(DESTDIR)$(libdir)"
LIBRARIES = $(lib_LIBRARIES)
AR = ar
ARFLAGS = cru
AM_V_AR = $(am__v_AR_@AM_V@)
am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@)
am__v_AR_0 = @echo " AR " $@;
am__v_AR_1 =
libdst_a_AR = $(AR) $(ARFLAGS)
libdst_a_LIBADD =
am_libdst_a_OBJECTS = dst_support.$(OBJEXT) dst_api.$(OBJEXT) \
hmac_link.$(OBJEXT) md5_dgst.$(OBJEXT) base64.$(OBJEXT) \
prandom.$(OBJEXT)
libdst_a_OBJECTS = $(am_libdst_a_OBJECTS)
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/includes
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
am__v_CC_1 =
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(libdst_a_SOURCES)
DIST_SOURCES = $(libdst_a_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
ATF_BIN = @ATF_BIN@
ATF_CFLAGS = @ATF_CFLAGS@
ATF_LDFLAGS = @ATF_LDFLAGS@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BINDCONFIG = @BINDCONFIG@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LDAP_CFLAGS = @LDAP_CFLAGS@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
ac_prefix_program = @ac_prefix_program@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
byte_order = @byte_order@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
lib_LIBRARIES = libdst.a
libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
base64.c prandom.c
EXTRA_DIST = dst_internal.h md5.h md5_locl.h
all: all-am
.SUFFIXES:
.SUFFIXES: .c .o .obj
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign dst/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign dst/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
install-libLIBRARIES: $(lib_LIBRARIES)
@$(NORMAL_INSTALL)
@list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \
list2=; for p in $$list; do \
if test -f $$p; then \
list2="$$list2 $$p"; \
else :; fi; \
done; \
test -z "$$list2" || { \
echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
echo " $(INSTALL_DATA) $$list2 '$(DESTDIR)$(libdir)'"; \
$(INSTALL_DATA) $$list2 "$(DESTDIR)$(libdir)" || exit $$?; }
@$(POST_INSTALL)
@list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \
for p in $$list; do \
if test -f $$p; then \
$(am__strip_dir) \
echo " ( cd '$(DESTDIR)$(libdir)' && $(RANLIB) $$f )"; \
( cd "$(DESTDIR)$(libdir)" && $(RANLIB) $$f ) || exit $$?; \
else :; fi; \
done
uninstall-libLIBRARIES:
@$(NORMAL_UNINSTALL)
@list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(libdir)'; $(am__uninstall_files_from_dir)
clean-libLIBRARIES:
-test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES)
libdst.a: $(libdst_a_OBJECTS) $(libdst_a_DEPENDENCIES) $(EXTRA_libdst_a_DEPENDENCIES)
$(AM_V_at)-rm -f libdst.a
$(AM_V_AR)$(libdst_a_AR) libdst.a $(libdst_a_OBJECTS) $(libdst_a_LIBADD)
$(AM_V_at)$(RANLIB) libdst.a
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dst_api.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dst_support.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac_link.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5_dgst.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prandom.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-am
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: ctags-am
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscopelist: cscopelist-am
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(LIBRARIES)
installdirs:
for dir in "$(DESTDIR)$(libdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
clean-am: clean-generic clean-libLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am: install-libLIBRARIES
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-libLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
clean-libLIBRARIES cscopelist-am ctags ctags-am distclean \
distclean-compile distclean-generic distclean-tags distdir dvi \
dvi-am html html-am info info-am install install-am \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-libLIBRARIES install-man \
install-pdf install-pdf-am install-ps install-ps-am \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-libLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

322
dst/base64.c
View File

@@ -1,322 +0,0 @@
/*
* Copyright (c) 2004,2009,2014 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1996-2003 by Internet Software Consortium
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Internet Systems Consortium, Inc.
* 950 Charter Street
* Redwood City, CA 94063
* <info@isc.org>
* https://www.isc.org/
*/
/*
* Portions Copyright (c) 1995 by International Business Machines, Inc.
*
* International Business Machines, Inc. (hereinafter called IBM) grants
* permission under its copyrights to use, copy, modify, and distribute this
* Software with or without fee, provided that the above copyright notice and
* all paragraphs of this notice appear in all copies, and that the name of IBM
* not be used in connection with the marketing of any product incorporating
* the Software or modifications thereof, without specific, written prior
* permission.
*
* To the extent it has a right to do so, IBM grants an immunity from suit
* under its patents, if any, for the use, sale or manufacture of products to
* the extent that such products are used for performing Domain Name System
* dynamic updates in TCP/IP networks by means of the Software. No immunity is
* granted for any product per se or for any other function of any product.
*
* THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
* DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
* IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include "cdefs.h"
#include "osdep.h"
#include "arpa/nameser.h"
#define Assert(Cond) if (!(Cond)) abort()
static const char Base64[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static const char Pad64 = '=';
/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
The following encoding technique is taken from RFC 1521 by Borenstein
and Freed. It is reproduced here in a slightly edited form for
convenience.
A 65-character subset of US-ASCII is used, enabling 6 bits to be
represented per printable character. (The extra 65th character, "=",
is used to signify a special processing function.)
The encoding process represents 24-bit groups of input bits as output
strings of 4 encoded characters. Proceeding from left to right, a
24-bit input group is formed by concatenating 3 8-bit input groups.
These 24 bits are then treated as 4 concatenated 6-bit groups, each
of which is translated into a single digit in the base64 alphabet.
Each 6-bit group is used as an index into an array of 64 printable
characters. The character referenced by the index is placed in the
output string.
Table 1: The Base64 Alphabet
Value Encoding Value Encoding Value Encoding Value Encoding
0 A 17 R 34 i 51 z
1 B 18 S 35 j 52 0
2 C 19 T 36 k 53 1
3 D 20 U 37 l 54 2
4 E 21 V 38 m 55 3
5 F 22 W 39 n 56 4
6 G 23 X 40 o 57 5
7 H 24 Y 41 p 58 6
8 I 25 Z 42 q 59 7
9 J 26 a 43 r 60 8
10 K 27 b 44 s 61 9
11 L 28 c 45 t 62 +
12 M 29 d 46 u 63 /
13 N 30 e 47 v
14 O 31 f 48 w (pad) =
15 P 32 g 49 x
16 Q 33 h 50 y
Special processing is performed if fewer than 24 bits are available
at the end of the data being encoded. A full encoding quantum is
always completed at the end of a quantity. When fewer than 24 input
bits are available in an input group, zero bits are added (on the
right) to form an integral number of 6-bit groups. Padding at the
end of the data is performed using the '=' character.
Since all base64 input is an integral number of octets, only the
-------------------------------------------------
following cases can arise:
(1) the final quantum of encoding input is an integral
multiple of 24 bits; here, the final unit of encoded
output will be an integral multiple of 4 characters
with no "=" padding,
(2) the final quantum of encoding input is exactly 8 bits;
here, the final unit of encoded output will be two
characters followed by two "=" padding characters, or
(3) the final quantum of encoding input is exactly 16 bits;
here, the final unit of encoded output will be three
characters followed by one "=" padding character.
*/
int
b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) {
size_t datalength = 0;
u_char input[3];
u_char output[4];
size_t i;
while (2 < srclength) {
input[0] = *src++;
input[1] = *src++;
input[2] = *src++;
srclength -= 3;
output[0] = input[0] >> 2;
output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
output[3] = input[2] & 0x3f;
Assert(output[0] < 64);
Assert(output[1] < 64);
Assert(output[2] < 64);
Assert(output[3] < 64);
if (datalength + 4 > targsize)
return (-1);
target[datalength++] = Base64[output[0]];
target[datalength++] = Base64[output[1]];
target[datalength++] = Base64[output[2]];
target[datalength++] = Base64[output[3]];
}
/* Now we worry about padding. */
if (0 != srclength) {
/* Get what's left. */
input[0] = input[1] = input[2] = '\0';
for (i = 0; i < srclength; i++)
input[i] = *src++;
output[0] = input[0] >> 2;
output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
Assert(output[0] < 64);
Assert(output[1] < 64);
Assert(output[2] < 64);
if (datalength + 4 > targsize)
return (-1);
target[datalength++] = Base64[output[0]];
target[datalength++] = Base64[output[1]];
if (srclength == 1)
target[datalength++] = Pad64;
else
target[datalength++] = Base64[output[2]];
target[datalength++] = Pad64;
}
if (datalength >= targsize)
return (-1);
target[datalength] = '\0'; /* Returned value doesn't count \0. */
return (datalength);
}
/* skips all whitespace anywhere.
converts characters, four at a time, starting at (or after)
src from base - 64 numbers into three 8 bit bytes in the target area.
it returns the number of data bytes stored at the target, or -1 on error.
*/
int
b64_pton(src, target, targsize)
char const *src;
u_char *target;
size_t targsize;
{
int tarindex, state, ch;
char *pos;
state = 0;
tarindex = 0;
while ((ch = *src++) != '\0') {
if (isspace(ch)) /* Skip whitespace anywhere. */
continue;
if (ch == Pad64)
break;
pos = strchr(Base64, ch);
if (pos == 0) /* A non-base64 character. */
return (-1);
switch (state) {
case 0:
if (target) {
if ((size_t)tarindex >= targsize)
return (-1);
target[tarindex] = (pos - Base64) << 2;
}
state = 1;
break;
case 1:
if (target) {
if ((size_t)tarindex + 1 >= targsize)
return (-1);
target[tarindex] |= (pos - Base64) >> 4;
target[tarindex+1] = ((pos - Base64) & 0x0f)
<< 4 ;
}
tarindex++;
state = 2;
break;
case 2:
if (target) {
if ((size_t)tarindex + 1 >= targsize)
return (-1);
target[tarindex] |= (pos - Base64) >> 2;
target[tarindex+1] = ((pos - Base64) & 0x03)
<< 6;
}
tarindex++;
state = 3;
break;
case 3:
if (target) {
if ((size_t)tarindex >= targsize)
return (-1);
target[tarindex] |= (pos - Base64);
}
tarindex++;
state = 0;
break;
default:
abort();
}
}
/*
* We are done decoding Base-64 chars. Let's see if we ended
* on a byte boundary, and/or with erroneous trailing characters.
*/
if (ch == Pad64) { /* We got a pad char. */
ch = *src++; /* Skip it, get next. */
switch (state) {
case 0: /* Invalid = in first position */
case 1: /* Invalid = in second position */
return (-1);
case 2: /* Valid, means one byte of info */
/* Skip any number of spaces. */
for ((void)NULL; ch != '\0'; ch = *src++)
if (!isspace(ch))
break;
/* Make sure there is another trailing = sign. */
if (ch != Pad64)
return (-1);
ch = *src++; /* Skip the = */
/* Fall through to "single trailing =" case. */
/* FALLTHROUGH */
case 3: /* Valid, means two bytes of info */
/*
* We know this char is an =. Is there anything but
* whitespace after it?
*/
for ((void)NULL; ch != '\0'; ch = *src++)
if (!isspace(ch))
return (-1);
/*
* Now make sure for cases 2 and 3 that the "extra"
* bits that slopped past the last full byte were
* zeros. If we don't check them, they become a
* subliminal channel.
*/
if (target && target[tarindex] != 0)
return (-1);
}
} else {
/*
* We ended by seeing the end of the string. Make sure we
* have no partial bytes lying around.
*/
if (state != 0)
return (-1);
}
return (tarindex);
}

1108
dst/dst_api.c
View File

File diff suppressed because it is too large Load Diff

171
dst/dst_internal.h
View File

@@ -1,171 +0,0 @@
#ifndef DST_INTERNAL_H
#define DST_INTERNAL_H
/*
* Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
* Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
*/
#include <limits.h>
#include <sys/param.h>
#ifndef PATH_MAX
# ifdef POSIX_PATH_MAX
# define PATH_MAX POSIX_PATH_MAX
# else
# define PATH_MAX 255 /* this is the value of POSIX_PATH_MAX */
# endif
#endif
typedef struct dst_key {
char *dk_key_name; /* name of the key */
int dk_key_size; /* this is the size of the key in bits */
int dk_proto; /* what protocols this key can be used for */
int dk_alg; /* algorithm number from key record */
unsigned dk_flags; /* and the flags of the public key */
unsigned dk_id; /* identifier of the key */
void *dk_KEY_struct; /* pointer to key in crypto pkg fmt */
struct dst_func *dk_func; /* point to crypto pgk specific function table */
} DST_KEY;
#define HAS_DST_KEY
#include <isc-dhcp/dst.h>
/*
* define what crypto systems are supported for RSA,
* BSAFE is preferred over RSAREF; only one can be set at any time
*/
#if defined(BSAFE) && defined(RSAREF)
# error "Cannot have both BSAFE and RSAREF defined"
#endif
/* Declare dst_lib specific constants */
#define KEY_FILE_FORMAT "1.2"
/* suffixes for key file names */
#define PRIVATE_KEY "private"
#define PUBLIC_KEY "key"
/* error handling */
#ifdef REPORT_ERRORS
#define EREPORT(str) printf str
#else
#define EREPORT(str)
#endif
/* use our own special macro to FRRE memory */
#ifndef SAFE_FREE
#define SAFE_FREE(a) if(a != NULL){memset(a,0, sizeof(*a)); free(a); a=NULL;}
#define SAFE_FREE2(a,s) if (a != NULL && s > 0){memset(a,0, s);free(a); a=NULL;}
#endif
typedef struct dst_func {
int (*sign)(const int mode, DST_KEY *key, void **context,
const u_int8_t *data, const unsigned len,
u_int8_t *signature, const unsigned sig_len);
int (*verify)(const int mode, DST_KEY *key, void **context,
const u_int8_t *data, const unsigned len,
const u_int8_t *signature, const unsigned sig_len);
int (*compare)(const DST_KEY *key1, const DST_KEY *key2);
int (*generate)(DST_KEY *key, int parms);
void *(*destroy)(void *key);
/* conversion functions */
int (*to_dns_key)(const DST_KEY *key, u_int8_t *out,
const unsigned out_len);
int (*from_dns_key)(DST_KEY *key, const u_int8_t *str,
const unsigned str_len);
int (*to_file_fmt)(const DST_KEY *key, char *out,
const unsigned out_len);
int (*from_file_fmt)(DST_KEY *key, const char *out,
const unsigned out_len);
} dst_func;
extern dst_func *dst_t_func[DST_MAX_ALGS];
extern const char *key_file_fmt_str;
extern const char *dst_path;
#ifndef DST_HASH_SIZE
#define DST_HASH_SIZE 20 /* RIPEMD160 and SHA-1 are 20 bytes MD5 is 16 */
#endif
#if 0
int dst_bsafe_init(void);
int dst_rsaref_init(void);
#endif
int dst_hmac_md5_init(void);
#if 0
int dst_cylink_init(void);
int dst_eay_dss_init(void);
#endif
/* support functions */
/* base64 to bignum conversion routines */
int dst_s_conv_bignum_u8_to_b64( char *out_buf, const unsigned out_len,
const char *header,
const u_int8_t *bin_data,
const unsigned bin_len);
int dst_s_conv_bignum_b64_to_u8( const char **buf, u_int8_t *loc,
const unsigned loclen) ;
/* from higher level support routines */
int dst_s_calculate_bits( const u_int8_t *str, const int max_bits);
int dst_s_verify_str( const char **buf, const char *str);
/* conversion between dns names and key file names */
size_t dst_s_filename_length( const char *name, const char *suffix);
int dst_s_build_filename( char *filename, const char *name,
unsigned id, int alg, const char *suffix,
size_t filename_length);
FILE *dst_s_fopen (const char *filename, const char *mode, unsigned perm);
/* from file prandom.c */
int dst_s_random( u_int8_t *output, unsigned size);
int dst_s_semi_random( u_int8_t *output, unsigned size);
u_int32_t dst_s_quick_random( int inc);
void dst_s_quick_random_set( u_int32_t val, u_int32_t cnt);
/*
* read and write network byte order into u_int?_t
* all of these should be retired
*/
u_int16_t dst_s_get_int16( const u_int8_t *buf);
void dst_s_put_int16( u_int8_t *buf, const u_int16_t val);
u_int32_t dst_s_get_int32( const u_int8_t *buf);
void dst_s_put_int32( u_int8_t *buf, const u_int32_t val);
#ifdef DUMP
# undef DUMP
# define DUMP(a,b,c,d) dst_s_dump(a,b,c,d)
#else
# define DUMP(a,b,c,d)
#endif
#if defined (MINIRES_LIB)
#define b64_pton MRb64_pton
#define b64_ntop MRb64_ntop
int b64_pton (char const *, unsigned char *, size_t);
int b64_ntop (unsigned char const *, size_t, char *, size_t);
#define USE_MD5
#endif
#endif /* DST_INTERNAL_H */

470
dst/dst_support.c
View File

@@ -1,470 +0,0 @@
/*
* Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
* Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
*/
#include <stdio.h>
#include <unistd.h>
#include <memory.h>
#include <string.h>
#include <errno.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include "cdefs.h"
#include "osdep.h"
#include "arpa/nameser.h"
#include "dst_internal.h"
/*
* dst_s_conv_bignum_u8_to_b64
* This function converts binary data stored as a u_char[] to a
* base-64 string. Leading zeroes are discarded. If a header is
* supplied, it is prefixed to the input prior to encoding. The
* output is \n\0 terminated (the \0 is not included in output length).
* Parameters
* out_buf binary data to convert
* header character string to prefix to the output (label)
* bin_data binary data
* bin_len size of binary data
* Return
* -1 not enough space in output work area
* 0 no output
* >0 number of bytes written to output work area
*/
int
dst_s_conv_bignum_u8_to_b64(char *out_buf, const unsigned out_len,
const char *header, const u_char *bin_data,
const unsigned bin_len)
{
const u_char *bp = bin_data;
char *op = out_buf;
int res = 0;
unsigned lenh = 0, len64 = 0;
unsigned local_in_len = bin_len;
unsigned local_out_len = out_len;
if (bin_data == NULL) /* no data no */
return (0);
if (out_buf == NULL || out_len <= 0) /* no output_work area */
return (-1);
/* suppress leading \0 */
for (; (*bp == 0x0) && (local_in_len > 0); local_in_len--)
bp++;
if (header) { /* add header to output string */
lenh = strlen(header);
if (lenh < out_len)
memcpy(op, header, lenh);
else
return (-1);
local_out_len -= lenh;
op += lenh;
}
res = b64_ntop(bp, local_in_len, op, local_out_len - 2);
if (res < 0)
return (-1);
len64 = (unsigned) res;
op += len64++;
*(op++) = '\n'; /* put CR in the output */
*op = '\0'; /* make sure output is 0 terminated */
return (lenh + len64);
}
/*
* dst_s_verify_str()
* Validate that the input string(*str) is at the head of the input
* buffer(**buf). If so, move the buffer head pointer (*buf) to
* the first byte of data following the string(*str).
* Parameters
* buf Input buffer.
* str Input string.
* Return
* 0 *str is not the head of **buff
* 1 *str is the head of **buff, *buf is is advanced to
* the tail of **buf.
*/
int
dst_s_verify_str(const char **buf, const char *str)
{
unsigned b, s;
if (*buf == NULL) /* error checks */
return (0);
if (str == NULL || *str == '\0')
return (1);
b = strlen(*buf); /* get length of strings */
s = strlen(str);
if (s > b || strncmp(*buf, str, s)) /* check if same */
return (0); /* not a match */
(*buf) += s; /* advance pointer */
return (1);
}
/*
* dst_s_conv_bignum_b64_to_u8
* Read a line of base-64 encoded string from the input buffer,
* convert it to binary, and store it in an output area. The
* input buffer is read until reaching a newline marker or the
* end of the buffer. The binary data is stored in the last X
* number of bytes of the output area where X is the size of the
* binary output. If the operation is successful, the input buffer
* pointer is advanced. This procedure does not do network to host
* byte order conversion.
* Parameters
* buf Pointer to encoded input string. Pointer is updated if
* function is successful.
* loc Output area.
* loclen Size in bytes of output area.
* Return
* >0 Return = number of bytes of binary data stored in loc.
* 0 Failure.
*/
int
dst_s_conv_bignum_b64_to_u8(const char **buf,
u_char *loc, const unsigned loclen)
{
unsigned blen;
char *bp;
u_char bstr[RAW_KEY_SIZE];
int res = 0;
if (buf == NULL || *buf == NULL) { /* error checks */
EREPORT(("dst_s_conv_bignum_b64_to_u8: null input buffer.\n"));
return (0);
}
bp = strchr(*buf, '\n'); /* find length of input line */
if (bp != NULL)
*bp = '\0';
res = b64_pton(*buf, bstr, sizeof(bstr));
if (res <= 0) {
EREPORT(("dst_s_conv_bignum_b64_to_u8: decoded value is null.\n"));
return (0);
}
blen = (unsigned) res;
if (loclen < blen) {
EREPORT(("dst_s_conv_bignum_b64_to_u8: decoded value is longer than output buffer.\n"));
return (0);
}
if (bp)
*buf = bp; /* advancing buffer past \n */
memset(loc, 0, loclen - blen); /* clearing unused output area */
memcpy(loc + loclen - blen, bstr, blen); /* write last blen bytes */
return (blen);
}
/*
* dst_s_calculate_bits
* Given a binary number represented in a u_char[], determine
* the number of significant bits used.
* Parameters
* str An input character string containing a binary number.
* max_bits The maximum possible significant bits.
* Return
* N The number of significant bits in str.
*/
int
dst_s_calculate_bits(const u_char *str, const int max_bits)
{
const u_char *p = str;
u_char i, j = 0x80;
int bits;
for (bits = max_bits; *p == 0x00 && bits > 0; p++)
bits -= 8;
for (i = *p; (i & j) != j; j >>= 1)
bits--;
return (bits);
}
/*
* calculates a checksum used in kmt for a id.
* takes an array of bytes and a length.
* returns a 16 bit checksum.
*/
u_int16_t
dst_s_id_calc(const u_char *key, const unsigned keysize)
{
u_int32_t ac;
const u_char *kp = key;
unsigned size = keysize;
if (!key)
return 0;
for (ac = 0; size > 1; size -= 2, kp += 2)
ac += ((*kp) << 8) + *(kp + 1);
if (size > 0)
ac += ((*kp) << 8);
ac += (ac >> 16) & 0xffff;
return (ac & 0xffff);
}
/*
* dst_s_dns_key_id() Function to calculated DNSSEC footprint from KEY record
* rdata (all of record)
* Input:
* dns_key_rdata: the raw data in wire format
* rdata_len: the size of the input data
* Output:
* the key footprint/id calculated from the key data
*/
u_int16_t
dst_s_dns_key_id(const u_char *dns_key_rdata, const unsigned rdata_len)
{
unsigned key_data = 4;
if (!dns_key_rdata || (rdata_len < key_data))
return 0;
/* check the extended parameters bit in the DNS Key RR flags */
if (dst_s_get_int16(dns_key_rdata) & DST_EXTEND_FLAG)
key_data += 2;
/* compute id */
if (dns_key_rdata[3] == KEY_RSA) /* Algorithm RSA */
return dst_s_get_int16((const u_char *)
&dns_key_rdata[rdata_len - 3]);
else
/* compute a checksum on the key part of the key rr */
return dst_s_id_calc(&dns_key_rdata[key_data],
(rdata_len - key_data));
}
/*
* dst_s_get_int16
* This routine extracts a 16 bit integer from a two byte character
* string. The character string is assumed to be in network byte
* order and may be unaligned. The number returned is in host order.
* Parameter
* buf A two byte character string.
* Return
* The converted integer value.
*/
u_int16_t
dst_s_get_int16(const u_char *buf)
{
register u_int16_t a = 0;
a = ((u_int16_t)(buf[0] << 8)) | ((u_int16_t)(buf[1]));
return (a);
}
/*
* dst_s_get_int32
* This routine extracts a 32 bit integer from a four byte character
* string. The character string is assumed to be in network byte
* order and may be unaligned. The number returned is in host order.
* Parameter
* buf A four byte character string.
* Return
* The converted integer value.
*/
u_int32_t
dst_s_get_int32(const u_char *buf)
{
register u_int32_t a = 0;
a = ((u_int32_t)(buf[0] << 24)) | ((u_int32_t)(buf[1] << 16)) |
((u_int32_t)(buf[2] << 8)) | ((u_int32_t)(buf[3]));
return (a);
}
/*
* dst_s_put_int16
* Take a 16 bit integer and store the value in a two byte
* character string. The integer is assumed to be in network
* order and the string is returned in host order.
*
* Parameters
* buf Storage for a two byte character string.
* val 16 bit integer.
*/
void
dst_s_put_int16(u_int8_t *buf, const u_int16_t val)
{
buf[0] = (u_int8_t)(val >> 8);
buf[1] = (u_int8_t)(val);
}
/*
* dst_s_put_int32
* Take a 32 bit integer and store the value in a four byte
* character string. The integer is assumed to be in network
* order and the string is returned in host order.
*
* Parameters
* buf Storage for a four byte character string.
* val 32 bit integer.
*/
void
dst_s_put_int32(u_int8_t *buf, const u_int32_t val)
{
buf[0] = (u_int8_t)(val >> 24);
buf[1] = (u_int8_t)(val >> 16);
buf[2] = (u_int8_t)(val >> 8);
buf[3] = (u_int8_t)(val);
}
/*
* dst_s_filename_length
*
* This function returns the number of bytes needed to hold the
* filename for a key file. '/', '\' and ':' are not allowed.
* form: K<keyname>+<alg>+<id>.<suffix>
*
* Returns 0 if the filename would contain either '\', '/' or ':'
*/
size_t
dst_s_filename_length(const char *name, const char *suffix)
{
if (name == NULL)
return (0);
if (strrchr(name, '\\'))
return (0);
if (strrchr(name, '/'))
return (0);
if (strrchr(name, ':'))
return (0);
if (suffix == NULL)
return (0);
if (strrchr(suffix, '\\'))
return (0);
if (strrchr(suffix, '/'))
return (0);
if (strrchr(suffix, ':'))
return (0);
return (1 + strlen(name) + 6 + strlen(suffix));
}
/*
* dst_s_build_filename ()
* Builds a key filename from the key name, it's id, and a
* suffix. '\', '/' and ':' are not allowed. fA filename is of the
* form: K<keyname><id>.<suffix>
* form: K<keyname>+<alg>+<id>.<suffix>
*
* Returns -1 if the conversion fails:
* if the filename would be too long for space allotted
* if the filename would contain a '\', '/' or ':'
* Returns 0 on success
*/
int
dst_s_build_filename(char *filename, const char *name, unsigned id,
int alg, const char *suffix, size_t filename_length)
{
unsigned my_id;
if (filename == NULL)
return (-1);
memset(filename, 0, filename_length);
if (name == NULL)
return (-1);
if (suffix == NULL)
return (-1);
if (filename_length < 1 + strlen(name) + 4 + 6 + 1 + strlen(suffix))
return (-1);
my_id = id;
sprintf(filename, "K%s+%03d+%05d.%s", name, alg, my_id,
(const char *) suffix);
if (strrchr(filename, '/'))
return (-1);
if (strrchr(filename, '\\'))
return (-1);
if (strrchr(filename, ':'))
return (-1);
return (0);
}
/*
* dst_s_fopen ()
* Open a file in the dst_path directory. If perm is specified, the
* file is checked for existence first, and not opened if it exists.
* Parameters
* filename File to open
* mode Mode to open the file (passed directly to fopen)
* perm File permission, if creating a new file.
* Returns
* NULL Failure
* NON-NULL (FILE *) of opened file.
*/
FILE *
dst_s_fopen(const char *filename, const char *mode, unsigned perm)
{
FILE *fp;
char pathname[PATH_MAX];
/* Make sure the length is ok before we try to build it. */
if ((strlen(dst_path) + strlen(filename)) > PATH_MAX - 1) {
/* set errno in case anyone bothers to look */
errno = ENAMETOOLONG;
return (NULL);
}
/* dst_path if not empty has a terminating "/" already */
strcpy(pathname, dst_path);
strcpy(pathname + strlen(pathname), filename);
fp = fopen(pathname, mode);
if ((fp != NULL) && (perm != 0)) {
if (chmod(pathname, perm) < 0) {
fclose(fp);
return (NULL);
}
}
return (fp);
}
#if 0
void
dst_s_dump(const int mode, const u_char *data, const int size,
const char *msg)
{
if (size > 0) {
#ifdef LONG_TEST
static u_char scratch[1000];
int n ;
n = b64_ntop(data, scratch, size, sizeof(scratch));
printf("%s: %x %d %s\n", msg, mode, n, scratch);
#else
printf("%s,%x %d\n", msg, mode, size);
#endif
}
}
#endif

503
dst/hmac_link.c
View File

@@ -1,503 +0,0 @@
#ifdef HMAC_MD5
/*
* Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
* Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
*/
/*
* This file contains an implementation of the HMAC-MD5 algorithm.
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <memory.h>
#include <sys/param.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include "cdefs.h"
#include "osdep.h"
#include "arpa/nameser.h"
#include "dst_internal.h"
#ifdef USE_MD5
# include "md5.h"
# ifndef _MD5_H_
# define _MD5_H_ 1 /* make sure we do not include rsaref md5.h file */
# endif
#endif
#define HMAC_LEN 64
#define HMAC_IPAD 0x36
#define HMAC_OPAD 0x5c
#define MD5_LEN 16
typedef struct hmackey {
u_char hk_ipad[64], hk_opad[64];
} HMAC_Key;
/**************************************************************************
* dst_hmac_md5_sign
* Call HMAC signing functions to sign a block of data.
* There are three steps to signing, INIT (initialize structures),
* UPDATE (hash (more) data), FINAL (generate a signature). This
* routine performs one or more of these steps.
* Parameters
* mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
* priv_key key to use for signing.
* context the context to be used in this digest
* data data to be signed.
* len length in bytes of data.
* signature location to store signature.
* sig_len size of the signature location
* returns
* N Success on SIG_MODE_FINAL = returns signature length in bytes
* 0 Success on SIG_MODE_INIT and UPDATE
* <0 Failure
*/
static int
dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context,
const u_char *data, const unsigned len,
u_char *signature, const unsigned sig_len)
{
HMAC_Key *key;
int sign_len = 0;
MD5_CTX *ctx = NULL;
if (d_key == NULL || d_key->dk_KEY_struct == NULL)
return (-1);
key = (HMAC_Key *) d_key->dk_KEY_struct;
if (mode & SIG_MODE_INIT)
ctx = (MD5_CTX *) malloc(sizeof(*ctx));
else if (context)
ctx = (MD5_CTX *) *context;
if (ctx == NULL)
return (-1);
if (mode & SIG_MODE_INIT) {
MD5Init(ctx);
MD5Update(ctx, key->hk_ipad, HMAC_LEN);
}
if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
MD5Update(ctx, (const unsigned char *)data, len);
if (mode & SIG_MODE_FINAL) {
if (signature == NULL || sig_len < MD5_LEN)
return (SIGN_FINAL_FAILURE);
MD5Final(signature, ctx);
/* perform outer MD5 */
MD5Init(ctx);
MD5Update(ctx, key->hk_opad, HMAC_LEN);
MD5Update(ctx, signature, MD5_LEN);
MD5Final(signature, ctx);
sign_len = MD5_LEN;
SAFE_FREE(ctx);
}
else {
if (context == NULL)
return (-1);
*context = (void *) ctx;
}
return (sign_len);
}
/**************************************************************************
* dst_hmac_md5_verify()
* Calls HMAC verification routines. There are three steps to
* verification, INIT (initialize structures), UPDATE (hash (more) data),
* FINAL (generate a signature). This routine performs one or more of
* these steps.
* Parameters
* mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
* dkey key to use for verify.
* data data signed.
* len length in bytes of data.
* signature signature.
* sig_len length in bytes of signature.
* returns
* 0 Success
* <0 Failure
*/
static int
dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context,
const u_char *data, const unsigned len,
const u_char *signature, const unsigned sig_len)
{
HMAC_Key *key;
MD5_CTX *ctx = NULL;
if (d_key == NULL || d_key->dk_KEY_struct == NULL)
return (-1);
key = (HMAC_Key *) d_key->dk_KEY_struct;
if (mode & SIG_MODE_INIT)
ctx = (MD5_CTX *) malloc(sizeof(*ctx));
else if (context)
ctx = (MD5_CTX *) *context;
if (ctx == NULL)
return (-1);
if (mode & SIG_MODE_INIT) {
MD5Init(ctx);
MD5Update(ctx, key->hk_ipad, HMAC_LEN);
}
if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
MD5Update(ctx, (const unsigned char *)data, len);
if (mode & SIG_MODE_FINAL) {
u_char digest[MD5_LEN];
if (signature == NULL || key == NULL || sig_len != MD5_LEN)
return (VERIFY_FINAL_FAILURE);
MD5Final(digest, ctx);
/* perform outer MD5 */
MD5Init(ctx);
MD5Update(ctx, key->hk_opad, HMAC_LEN);
MD5Update(ctx, digest, MD5_LEN);
MD5Final(digest, ctx);
SAFE_FREE(ctx);
if (memcmp(digest, signature, MD5_LEN) != 0)
return (VERIFY_FINAL_FAILURE);
}
else {
if (context == NULL)
return (-1);
*context = (void *) ctx;
}
return (0);
}
/**************************************************************************
* dst_buffer_to_hmac_md5
* Converts key from raw data to an HMAC Key
* This function gets in a pointer to the data
* Parameters
* hkey the HMAC key to be filled in
* key the key in raw format
* keylen the length of the key
* Return
* 0 Success
* <0 Failure
*/
static int
dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const unsigned keylen)
{
int i;
HMAC_Key *hkey = NULL;
MD5_CTX ctx;
unsigned local_keylen = keylen;
u_char tk[MD5_LEN];
/* Do we need to check if keylen == 0? The original
* code didn't, so we don't currently */
if (dkey == NULL || key == NULL)
return (-1);
if ((hkey = (HMAC_Key *) malloc(sizeof(HMAC_Key))) == NULL)
return (-2);
memset(hkey->hk_ipad, 0, sizeof(hkey->hk_ipad));
memset(hkey->hk_opad, 0, sizeof(hkey->hk_opad));
/* if key is longer than HMAC_LEN bytes reset it to key=MD5(key) */
if (keylen > HMAC_LEN) {
memset(tk, 0, sizeof(tk));
MD5Init(&ctx);
MD5Update(&ctx, (const unsigned char *)key, keylen);
MD5Final(tk, &ctx);
memset((void *) &ctx, 0, sizeof(ctx));
key = tk;
local_keylen = MD5_LEN;
}
/* start out by storing key in pads */
memcpy(hkey->hk_ipad, key, local_keylen);
memcpy(hkey->hk_opad, key, local_keylen);
/* XOR key with hk_ipad and opad values */
for (i = 0; i < HMAC_LEN; i++) {
hkey->hk_ipad[i] ^= HMAC_IPAD;
hkey->hk_opad[i] ^= HMAC_OPAD;
}
dkey->dk_key_size = local_keylen;
dkey->dk_KEY_struct = (void *) hkey;
return (1);
}
/**************************************************************************
* dst_hmac_md5_key_to_file_format
* Encodes an HMAC Key into the portable file format.
* Parameters
* hkey HMAC KEY structure
* buff output buffer
* buff_len size of output buffer
* Return
* 0 Failure - null input hkey
* -1 Failure - not enough space in output area
* N Success - Length of data returned in buff
*/
static int
dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
const unsigned buff_len)
{
char *bp;
int i, res;
unsigned len, b_len, key_len;
u_char key[HMAC_LEN];
HMAC_Key *hkey;
if (dkey == NULL || dkey->dk_KEY_struct == NULL)
return (0);
if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str))
return (-1); /* no OR not enough space in output area */
hkey = (HMAC_Key *) dkey->dk_KEY_struct;
memset(buff, 0, buff_len); /* just in case */
/* write file header */
sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC");
bp = (char *) strchr(buff, '\0');
b_len = buff_len - (bp - buff);
memset(key, 0, HMAC_LEN);
for (i = 0; i < HMAC_LEN; i++)
key[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
for (i = HMAC_LEN - 1; i >= 0; i--)
if (key[i] != 0)
break;
key_len = i + 1;
strcat(bp, "Key: ");
bp += strlen("Key: ");
b_len = buff_len - (bp - buff);
res = b64_ntop(key, key_len, bp, b_len);
if (res < 0)
return (-1);
len = (unsigned) res;
bp += len;
*(bp++) = '\n';
*bp = '\0';
b_len = buff_len - (bp - buff);
return (buff_len - b_len);
}
/**************************************************************************
* dst_hmac_md5_key_from_file_format
* Converts contents of a key file into an HMAC key.
* Parameters
* hkey structure to put key into
* buff buffer containing the encoded key
* buff_len the length of the buffer
* Return
* n >= 0 Foot print of the key converted
* n < 0 Error in conversion
*/
static int
dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff,
const unsigned buff_len)
{
const char *p = buff, *eol;
u_char key[HMAC_LEN+1]; /* b64_pton needs more than 64 bytes do decode
* it should probably be fixed rather than doing
* this
*/
u_char *tmp;
unsigned key_len, len;
if (dkey == NULL)
return (-2);
if (buff == NULL)
return (-1);
memset(key, 0, sizeof(key));
if (!dst_s_verify_str(&p, "Key: "))
return (-3);
eol = strchr(p, '\n');
if (eol == NULL)
return (-4);
len = eol - p;
tmp = malloc(len + 2);
if (tmp == NULL)
return (-5);
memcpy(tmp, p, len);
*(tmp + len) = 0x0;
key_len = b64_pton((char *)tmp, key, HMAC_LEN+1); /* see above */
SAFE_FREE2(tmp, len + 2);
if (dst_buffer_to_hmac_md5(dkey, key, key_len) < 0) {
return (-6);
}
return (0);
}
/*
* dst_hmac_md5_to_dns_key()
* function to extract hmac key from DST_KEY structure
* input:
* in_key: HMAC-MD5 key
* output:
* out_str: buffer to write ot
* out_len: size of output buffer
* returns:
* number of bytes written to output buffer
*/
static int
dst_hmac_md5_to_dns_key(const DST_KEY *in_key, u_char *out_str,
const unsigned out_len)
{
HMAC_Key *hkey;
int i;
if (in_key == NULL || in_key->dk_KEY_struct == NULL ||
out_len <= in_key->dk_key_size || out_str == NULL)
return (-1);
hkey = (HMAC_Key *) in_key->dk_KEY_struct;
for (i = 0; i < in_key->dk_key_size; i++)
out_str[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
return (i);
}
/**************************************************************************
* dst_hmac_md5_compare_keys
* Compare two keys for equality.
* Return
* 0 The keys are equal
* NON-ZERO The keys are not equal
*/
static int
dst_hmac_md5_compare_keys(const DST_KEY *key1, const DST_KEY *key2)
{
HMAC_Key *hkey1 = (HMAC_Key *) key1->dk_KEY_struct;
HMAC_Key *hkey2 = (HMAC_Key *) key2->dk_KEY_struct;
return memcmp(hkey1->hk_ipad, hkey2->hk_ipad, HMAC_LEN);
}
/**************************************************************************
* dst_hmac_md5_free_key_structure
* Frees all (none) dynamically allocated structures in hkey
*/
static void *
dst_hmac_md5_free_key_structure(void *key)
{
HMAC_Key *hkey = key;
SAFE_FREE(hkey);
return (NULL);
}
/***************************************************************************
* dst_hmac_md5_generate_key
* Creates a HMAC key of size size with a maximum size of 63 bytes
* generating a HMAC key larger than 63 bytes makes no sense as that key
* is digested before use.
*/
static int
dst_hmac_md5_generate_key(DST_KEY *key, const int nothing)
{
u_char *buff;
int n;
unsigned size, len;
if (key == NULL || key->dk_alg != KEY_HMAC_MD5)
return (0);
size = (key->dk_key_size + 7) / 8; /* convert to bytes */
if (size <= 0)
return(0);
len = size > 64 ? 64 : size;
buff = malloc(len+8);
if (buff == NULL)
return (-1);
n = dst_random(DST_RAND_SEMI, len, buff);
n += dst_random(DST_RAND_KEY, len, buff);
if (n <= len) { /* failed getting anything */
SAFE_FREE2(buff, len);
return (-1);
}
n = dst_buffer_to_hmac_md5(key, buff, len);
SAFE_FREE2(buff, len);
if (n <= 0)
return (n);
return (1);
}
/*
* dst_hmac_md5_init() Function to answer set up function pointers for HMAC
* related functions
*/
int
dst_hmac_md5_init()
{
if (dst_t_func[KEY_HMAC_MD5] != NULL)
return (1);
dst_t_func[KEY_HMAC_MD5] = malloc(sizeof(struct dst_func));
if (dst_t_func[KEY_HMAC_MD5] == NULL)
return (0);
memset(dst_t_func[KEY_HMAC_MD5], 0, sizeof(struct dst_func));
dst_t_func[KEY_HMAC_MD5]->sign = dst_hmac_md5_sign;
dst_t_func[KEY_HMAC_MD5]->verify = dst_hmac_md5_verify;
dst_t_func[KEY_HMAC_MD5]->compare = dst_hmac_md5_compare_keys;
dst_t_func[KEY_HMAC_MD5]->generate = dst_hmac_md5_generate_key;
dst_t_func[KEY_HMAC_MD5]->destroy = dst_hmac_md5_free_key_structure;
dst_t_func[KEY_HMAC_MD5]->to_dns_key = dst_hmac_md5_to_dns_key;
dst_t_func[KEY_HMAC_MD5]->from_dns_key = dst_buffer_to_hmac_md5;
dst_t_func[KEY_HMAC_MD5]->to_file_fmt = dst_hmac_md5_key_to_file_format;
dst_t_func[KEY_HMAC_MD5]->from_file_fmt = dst_hmac_md5_key_from_file_format;
return (1);
}
#else
int
dst_hmac_md5_init(){
return (0);
}
#endif

123
dst/md5.h
View File

@@ -1,123 +0,0 @@
/* crypto/md/md5.h */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/*
* Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Internet Systems Consortium, Inc.
* 950 Charter Street
* Redwood City, CA 94063
* <info@isc.org>
* https://www.isc.org/
*/
#ifndef HEADER_MD5_H
#define HEADER_MD5_H
#ifdef __cplusplus
extern "C" {
#endif
#define MD5_CBLOCK 64
#define MD5_LBLOCK 16
#define MD5_BLOCK 16
#define MD5_LAST_BLOCK 56
#define MD5_LENGTH_BLOCK 8
#define MD5_DIGEST_LENGTH 16
typedef struct MD5state_st
{
unsigned long A,B,C,D;
unsigned long Nl,Nh;
unsigned long data[MD5_LBLOCK];
int num;
} MD5_CTX;
#ifndef NOPROTO
void MD5_Init(MD5_CTX *c);
void MD5_Update(MD5_CTX *c, const unsigned char *data, unsigned long len);
void MD5_Final(unsigned char *md, MD5_CTX *c);
unsigned char *MD5(unsigned char *d, unsigned long n, unsigned char *md);
#else
void MD5_Init();
void MD5_Update();
void MD5_Final();
unsigned char *MD5();
#endif
/* to provide backward compatibleness to RSAREF calls ogud@tis.com 1997/11/14 */
#define MD5Init(c) MD5_Init(c)
#define MD5Update(c,data, len) MD5_Update(c,data,len)
#define MD5Final(md, c) MD5_Final(md, c)
#ifdef __cplusplus
}
#endif
#endif

396
dst/md5_dgst.c
View File

@@ -1,396 +0,0 @@
/* crypto/md/md5_dgst.c */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/*
* Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Internet Systems Consortium, Inc.
* 950 Charter Street
* Redwood City, CA 94063
* <info@isc.org>
* https://www.isc.org/
*/
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include "md5_locl.h"
#include "cdefs.h"
#include "osdep.h"
#ifdef USE_MD5 /* Added by ogud@tis.com 1998/1/26 */
const char *MD5_version="MD5 part of SSLeay 0.8.1 19-Jul-1997";
/* Implemented from RFC1321 The MD5 Message-Digest Algorithm
*/
#define INIT_DATA_A (unsigned long)0x67452301L
#define INIT_DATA_B (unsigned long)0xefcdab89L
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
#ifndef NOPROTO
static void md5_block(MD5_CTX *c, unsigned long *p);
#else
static void md5_block();
#endif
void MD5_Init(c)
MD5_CTX *c;
{
c->A=INIT_DATA_A;
c->B=INIT_DATA_B;
c->C=INIT_DATA_C;
c->D=INIT_DATA_D;
c->Nl=0;
c->Nh=0;
c->num=0;
}
void MD5_Update(c, data, len)
MD5_CTX *c;
const register unsigned char *data;
unsigned long len;
{
register ULONG *p;
int sw,sc;
ULONG l;
if (len == 0) return;
l=(c->Nl+(len<<3))&0xffffffffL;
/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
* Wei Dai <weidai@eskimo.com> for pointing it out. */
if (l < c->Nl) /* overflow */
c->Nh++;
c->Nh+=(len>>29);
c->Nl=l;
if (c->num != 0)
{
p=c->data;
sw=c->num>>2;
sc=c->num&0x03;
if ((c->num+len) >= MD5_CBLOCK)
{
l= p[sw];
p_c2l(data,l,sc);
p[sw++]=l;
for (; sw<MD5_LBLOCK; sw++)
{
c2l(data,l);
p[sw]=l;
}
len-=(MD5_CBLOCK-c->num);
md5_block(c,p);
c->num=0;
/* drop through and do the rest */
}
else
{
int ew,ec;
c->num+=(int)len;
if ((sc+len) < 4) /* ugly, add char's to a word */
{
l= p[sw];
p_c2l_p(data,l,sc,len);
p[sw]=l;
}
else
{
ew=(c->num>>2);
ec=(c->num&0x03);
l= p[sw];
p_c2l(data,l,sc);
p[sw++]=l;
for (; sw < ew; sw++)
{ c2l(data,l); p[sw]=l; }
if (ec)
{
c2l_p(data,l,ec);
p[sw]=l;
}
}
return;
}
}
/* we now can process the input data in blocks of MD5_CBLOCK
* chars and save the leftovers to c->data. */
p=c->data;
while (len >= MD5_CBLOCK)
{
#if defined(L_ENDIAN) || defined(B_ENDIAN)
memcpy(p,data,MD5_CBLOCK);
data+=MD5_CBLOCK;
#ifdef B_ENDIAN
for (sw=(MD5_LBLOCK/4); sw; sw--)
{
Endian_Reverse32(p[0]);
Endian_Reverse32(p[1]);
Endian_Reverse32(p[2]);
Endian_Reverse32(p[3]);
p+=4;
}
#endif
#else
for (sw=(MD5_LBLOCK/4); sw; sw--)
{
c2l(data,l); *(p++)=l;
c2l(data,l); *(p++)=l;
c2l(data,l); *(p++)=l;
c2l(data,l); *(p++)=l;
}
#endif
p=c->data;
md5_block(c,p);
len-=MD5_CBLOCK;
}
sc=(int)len;
c->num=sc;
if (sc)
{
sw=sc>>2; /* words to copy */
#ifdef L_ENDIAN
p[sw]=0;
memcpy(p,data,sc);
#else
sc&=0x03;
for ( ; sw; sw--)
{ c2l(data,l); *(p++)=l; }
c2l_p(data,l,sc);
*p=l;
#endif
}
}
static void md5_block(c, X)
MD5_CTX *c;
register ULONG *X;
{
register ULONG A,B,C,D;
A=c->A;
B=c->B;
C=c->C;
D=c->D;
/* Round 0 */
LOCL_R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
LOCL_R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
LOCL_R0(C,D,A,B,X[ 2],17,0x242070dbL);
LOCL_R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
LOCL_R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
LOCL_R0(D,A,B,C,X[ 5],12,0x4787c62aL);
LOCL_R0(C,D,A,B,X[ 6],17,0xa8304613L);
LOCL_R0(B,C,D,A,X[ 7],22,0xfd469501L);
LOCL_R0(A,B,C,D,X[ 8], 7,0x698098d8L);
LOCL_R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
LOCL_R0(C,D,A,B,X[10],17,0xffff5bb1L);
LOCL_R0(B,C,D,A,X[11],22,0x895cd7beL);
LOCL_R0(A,B,C,D,X[12], 7,0x6b901122L);
LOCL_R0(D,A,B,C,X[13],12,0xfd987193L);
LOCL_R0(C,D,A,B,X[14],17,0xa679438eL);
LOCL_R0(B,C,D,A,X[15],22,0x49b40821L);
/* Round 1 */
LOCL_R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
LOCL_R1(D,A,B,C,X[ 6], 9,0xc040b340L);
LOCL_R1(C,D,A,B,X[11],14,0x265e5a51L);
LOCL_R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
LOCL_R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
LOCL_R1(D,A,B,C,X[10], 9,0x02441453L);
LOCL_R1(C,D,A,B,X[15],14,0xd8a1e681L);
LOCL_R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
LOCL_R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
LOCL_R1(D,A,B,C,X[14], 9,0xc33707d6L);
LOCL_R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
LOCL_R1(B,C,D,A,X[ 8],20,0x455a14edL);
LOCL_R1(A,B,C,D,X[13], 5,0xa9e3e905L);
LOCL_R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
LOCL_R1(C,D,A,B,X[ 7],14,0x676f02d9L);
LOCL_R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
/* Round 2 */
LOCL_R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
LOCL_R2(D,A,B,C,X[ 8],11,0x8771f681L);
LOCL_R2(C,D,A,B,X[11],16,0x6d9d6122L);
LOCL_R2(B,C,D,A,X[14],23,0xfde5380cL);
LOCL_R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
LOCL_R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
LOCL_R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
LOCL_R2(B,C,D,A,X[10],23,0xbebfbc70L);
LOCL_R2(A,B,C,D,X[13], 4,0x289b7ec6L);
LOCL_R2(D,A,B,C,X[ 0],11,0xeaa127faL);
LOCL_R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
LOCL_R2(B,C,D,A,X[ 6],23,0x04881d05L);
LOCL_R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
LOCL_R2(D,A,B,C,X[12],11,0xe6db99e5L);
LOCL_R2(C,D,A,B,X[15],16,0x1fa27cf8L);
LOCL_R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
/* Round 3 */
LOCL_R3(A,B,C,D,X[ 0], 6,0xf4292244L);
LOCL_R3(D,A,B,C,X[ 7],10,0x432aff97L);
LOCL_R3(C,D,A,B,X[14],15,0xab9423a7L);
LOCL_R3(B,C,D,A,X[ 5],21,0xfc93a039L);
LOCL_R3(A,B,C,D,X[12], 6,0x655b59c3L);
LOCL_R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
LOCL_R3(C,D,A,B,X[10],15,0xffeff47dL);
LOCL_R3(B,C,D,A,X[ 1],21,0x85845dd1L);
LOCL_R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
LOCL_R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
LOCL_R3(C,D,A,B,X[ 6],15,0xa3014314L);
LOCL_R3(B,C,D,A,X[13],21,0x4e0811a1L);
LOCL_R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
LOCL_R3(D,A,B,C,X[11],10,0xbd3af235L);
LOCL_R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
LOCL_R3(B,C,D,A,X[ 9],21,0xeb86d391L);
c->A+=A&0xffffffffL;
c->B+=B&0xffffffffL;
c->C+=C&0xffffffffL;
c->D+=D&0xffffffffL;
}
void MD5_Final(md, c)
unsigned char *md;
MD5_CTX *c;
{
register int i,j;
register ULONG l;
register ULONG *p;
static unsigned char end[4]={0x80,0x00,0x00,0x00};
unsigned char *cp=end;
/* c->num should definitely have room for at least one more byte. */
p=c->data;
j=c->num;
i=j>>2;
/* purify often complains about the following line as an
* Uninitialized Memory Read. While this can be true, the
* following p_c2l macro will reset l when that case is true.
* This is because j&0x03 contains the number of 'valid' bytes
* already in p[i]. If and only if j&0x03 == 0, the UMR will
* occur but this is also the only time p_c2l will do
* l= *(cp++) instead of l|= *(cp++)
* Many thanks to Alex Tang <altitude@cic.net> for pickup this
* 'potential bug' */
#ifdef PURIFY
if ((j&0x03) == 0) p[i]=0;
#endif
l=p[i];
p_c2l(cp,l,j&0x03);
p[i]=l;
i++;
/* i is the next 'undefined word' */
if (c->num >= MD5_LAST_BLOCK)
{
for (; i<MD5_LBLOCK; i++)
p[i]=0;
md5_block(c,p);
i=0;
}
for (; i<(MD5_LBLOCK-2); i++)
p[i]=0;
p[MD5_LBLOCK-2]=c->Nl;
p[MD5_LBLOCK-1]=c->Nh;
md5_block(c,p);
cp=md;
l=c->A; l2c(l,cp);
l=c->B; l2c(l,cp);
l=c->C; l2c(l,cp);
l=c->D; l2c(l,cp);
/* clear stuff, md5_block may be leaving some stuff on the stack
* but I'm not worried :-) */
c->num=0;
/* memset((char *)&c,0,sizeof(c));*/
}
#ifdef undef
int printit(l)
unsigned long *l;
{
int i,ii;
for (i=0; i<2; i++)
{
for (ii=0; ii<8; ii++)
{
fprintf(stderr,"%08lx ",l[i*8+ii]);
}
fprintf(stderr,"\n");
}
}
#endif
#endif /* USE_MD5 */

211
dst/md5_locl.h
View File

@@ -1,211 +0,0 @@
/* crypto/md/md5_locl.h */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/*
* Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Internet Systems Consortium, Inc.
* 950 Charter Street
* Redwood City, CA 94063
* <info@isc.org>
* https://www.isc.org/
*/
#include <stdlib.h>
#include <string.h>
#include "md5.h"
#define ULONG unsigned long
#define UCHAR unsigned char
#define UINT unsigned int
#if defined(NOCONST)
#define const
#endif
#undef c2l
#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
l|=(((unsigned long)(*((c)++)))<< 8), \
l|=(((unsigned long)(*((c)++)))<<16), \
l|=(((unsigned long)(*((c)++)))<<24))
#undef p_c2l
#define p_c2l(c,l,n) { \
switch (n) { \
case 0: l =((unsigned long)(*((c)++))); \
case 1: l|=((unsigned long)(*((c)++)))<< 8; \
case 2: l|=((unsigned long)(*((c)++)))<<16; \
case 3: l|=((unsigned long)(*((c)++)))<<24; \
} \
}
/* NOTE the pointer is not incremented at the end of this */
#undef c2l_p
#define c2l_p(c,l,n) { \
l=0; \
(c)+=n; \
switch (n) { \
case 3: l =((unsigned long)(*(--(c))))<<16; \
case 2: l|=((unsigned long)(*(--(c))))<< 8; \
case 1: l|=((unsigned long)(*(--(c)))) ; \
} \
}
#undef p_c2l_p
#define p_c2l_p(c,l,sc,len) { \
switch (sc) \
{ \
case 0: l =((unsigned long)(*((c)++))); \
if (--len == 0) break; \
case 1: l|=((unsigned long)(*((c)++)))<< 8; \
if (--len == 0) break; \
case 2: l|=((unsigned long)(*((c)++)))<<16; \
} \
}
#undef l2c
#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
*((c)++)=(unsigned char)(((l)>>16)&0xff), \
*((c)++)=(unsigned char)(((l)>>24)&0xff))
/* NOTE - c is not incremented as per l2c */
#undef l2cn
#define l2cn(l1,l2,c,n) { \
c+=n; \
switch (n) { \
case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
} \
}
/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
#if defined(WIN32)
/* 5 instructions with rotate instruction, else 9 */
#define Endian_Reverse32(a) \
{ \
unsigned long l=(a); \
(a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
}
#else
/* 6 instructions with rotate instruction, else 8 */
#define Endian_Reverse32(a) \
{ \
unsigned long l=(a); \
l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
(a)=ROTATE(l,16L); \
}
#endif
/*
#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
#define G(x,y,z) (((x) & (z)) | ((y) & (~(z))))
*/
/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
* simplified to the code below. Wei attributes these optimizations
* to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
*/
#define F(x,y,z) ((((y) ^ (z)) & (x)) ^ (z))
#define G(x,y,z) ((((x) ^ (y)) & (z)) ^ (y))
#define H(x,y,z) ((x) ^ (y) ^ (z))
#define I(x,y,z) (((x) | (~(z))) ^ (y))
#undef ROTATE
#if defined(WIN32)
#define ROTATE(a,n) _lrotl(a,n)
#else
#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
#endif
#define LOCL_R0(a,b,c,d,k,s,t) { \
a+=((k)+(t)+F((b),(c),(d))); \
a=ROTATE(a,s); \
a+=b; };\
#define LOCL_R1(a,b,c,d,k,s,t) { \
a+=((k)+(t)+G((b),(c),(d))); \
a=ROTATE(a,s); \
a+=b; };
#define LOCL_R2(a,b,c,d,k,s,t) { \
a+=((k)+(t)+H((b),(c),(d))); \
a=ROTATE(a,s); \
a+=b; };
#define LOCL_R3(a,b,c,d,k,s,t) { \
a+=((k)+(t)+I((b),(c),(d))); \
a=ROTATE(a,s); \
a+=b; };

976
dst/prandom.c
View File

@@ -1,976 +0,0 @@
/*
* Portions Copyright (c) 2012-2014 by Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
*
* Permission to use, copy modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
*/
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <time.h>
#include <dirent.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <sys/socket.h>
#define NEED_PRAND_CONF
#include "cdefs.h"
#include "osdep.h"
#include "dst_internal.h"
#include "arpa/nameser.h"
#ifndef DST_NUM_HASHES
#define DST_NUM_HASHES 4
#endif
#ifndef DST_NUMBER_OF_COUNTERS
#define DST_NUMBER_OF_COUNTERS 5 /* 32 * 5 == 160 == SHA(1) > MD5 */
#endif
/*
* the constant below is a prime number to make fixed data structures like
* stat and time wrap over blocks. This adds certain randomness to what is
* in each digested block.
* The prime number 2879 has the special property that when
* divided by 2,4 and 6 the result is also a prime numbers
*/
#ifndef DST_RANDOM_BLOCK_SIZE
#define DST_RANDOM_BLOCK_SIZE 2879
#endif
/*
* This constant dictates how many bits we shift to the right before using a
*/
#ifndef DST_SHIFT
#define DST_SHIFT 9
#endif
/*
* An initializer that is as bad as any other with half the bits set
*/
#ifndef DST_RANDOM_PATTERN
#define DST_RANDOM_PATTERN 0x8765CA93
#endif
/*
* things must have changed in the last 3600 seconds to be used
*/
#define MAX_OLD 3600
/*
* Define a single set of configuration for prand stuff. A superset
* works okay (failed commands return no data, missing directories
* are skipped, and so on.
*/
static const char *cmds[] = {
"/usr/bin/netstat -an 2>&1",
"/usr/sbin/netstat -an 2>&1",
"/usr/etc/netstat -an 2>&1",
"/bin/netstat -an 2>&1",
"/usr/ucb/netstat -an 2>&1",
/* AIX */
"/bin/ps -ef 2>&1",
"/bin/df 2>&1",
"/usr/bin/uptime 2>&1",
"/usr/bin/printenv 2>&1",
"/usr/bin/netstat -s 2>&1",
"/usr/bin/w 2>&1",
/* Tru64 */
"/usr/bin/dig com. soa +ti=1 +retry=0 2>&1",
"/usr/sbin/arp -an 2>&1",
"/usr/ucb/uptime 2>&1",
"/bin/iostat 2>&1",
/* BSD */
"/bin/ps -axlw 2>&1",
"/usr/sbin/iostat 2>&1",
"/usr/sbin/vmstat 2>&1",
/* FreeBSD */
"/usr/bin/vmstat 2>&1",
"/usr/bin/w 2>&1",
/* HP/UX */
"/usr/bin/ps -ef 2>&1",
/* IRIX */
"/usr/etc/arp -a 2>&1",
"/usr/bsd/uptime 2>&1",
"/usr/bin/printenv 2>&1",
"/usr/bsd/w 2>&1",
/* Linux */
"/sbin/arp -an 2>&1",
"/usr/bin/vmstat 2>&1",
/* NetBSD */
/* OpenBSD */
/* QNX */
"/bin/ps -a 2>&1",
"/bin/sin 2>&1",
"/bin/sin fds 2>&1",
"/bin/sin memory 2>&1",
/* Solaris */
"/usr/ucb/uptime 2>&1",
"/usr/ucb/netstat -an 2>&1",
"/usr/bin/netstat -an 2>&1",
"/usr/sbin/netstat -an 2>&1",
"/usr/etc/netstat -an 2>&1",
"/bin/netstat -an 2>&1",
"/usr/ucb/netstat -an 2>&1",
NULL
};
static const char *dirs[] = {
"/tmp",
"/var/tmp",
".",
"/",
"/var/spool",
"/var/adm",
"/dev",
"/var/spool/mail",
"/var/mail",
"/home",
"/usr/home",
NULL
};
static const char *files[] = {
"/var/adm/messages",
"/var/adm/wtmp",
"/var/adm/lastlog",
"/var/log/messages",
"/var/log/wtmp",
"/var/log/lastlog",
"/proc/stat",
"/proc/rtc",
"/proc/meminfo",
"/proc/interrupts",
"/proc/self/status",
"/proc/ipstats",
"/proc/dumper",
"/proc/self/as",
NULL
};
/*
* these two data structure are used to process input data into digests,
*
* The first structure contains a pointer to a DST HMAC key
* the variables accompanying are used for
* step : select every step byte from input data for the hash
* block: number of data elements going into each hash
* digested: number of data elements digested so far
* curr: offset into the next input data for the first byte.
*/
typedef struct hash {
DST_KEY *key;
void *ctx;
int digested, block, step, curr;
} prand_hash;
/*
* This data structure controls number of hashes and keeps track of
* overall progress in generating correct number of bytes of output.
* output : array to store the output data in
* needed : how many bytes of output are needed
* filled : number of bytes in output so far.
* bytes : total number of bytes processed by this structure
* file_digest : the HMAC key used to digest files.
*/
typedef struct work {
unsigned needed, filled, bytes;
u_char *output;
prand_hash *hash[DST_NUM_HASHES];
DST_KEY *file_digest;
} dst_work;
/*
* forward function declarations
*/
static int get_dev_random(u_char *output, unsigned size);
static int do_time(dst_work *work);
static int do_ls(dst_work *work);
static int unix_cmd(dst_work *work);
static int digest_file(dst_work *work);
static void force_hash(dst_work *work, prand_hash *hash);
static int do_hash(dst_work *work, prand_hash *hash, const u_char *input,
unsigned size);
static int my_digest(dst_work *tmp, const u_char *input, unsigned size);
static prand_hash *get_hmac_key(int step, int block);
static unsigned own_random(dst_work *work);
/*
* variables used in the quick random number generator
*/
static u_int32_t ran_val = DST_RANDOM_PATTERN;
static u_int32_t ran_cnt = (DST_RANDOM_PATTERN >> 10);
/*
* setting the quick_random generator to particular values or if both
* input parameters are 0 then set it to initial values
*/
void
dst_s_quick_random_set(u_int32_t val, u_int32_t cnt)
{
ran_val = (val == 0) ? DST_RANDOM_PATTERN : val;
ran_cnt = (cnt == 0) ? (DST_RANDOM_PATTERN >> 10) : cnt;
}
/*
* this is a quick and random number generator that seems to generate quite
* good distribution of data
*/
u_int32_t
dst_s_quick_random(int inc)
{
ran_val = ((ran_val >> 13) ^ (ran_val << 19)) ^
((ran_val >> 7) ^ (ran_val << 25));
if (inc > 0) /* only increasing values accepted */
ran_cnt += inc;
ran_val += ran_cnt++;
return (ran_val);
}
/*
* get_dev_random: Function to read /dev/random reliably
* this function returns how many bytes where read from the device.
* port_after.h should set the control variable HAVE_DEV_RANDOM
*/
static int
get_dev_random(u_char *output, unsigned size)
{
#ifdef HAVE_DEV_RANDOM
struct stat st;
int n = 0, fd = -1, s;
s = stat("/dev/random", &st);
if (s == 0 && S_ISCHR(st.st_mode)) {
if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) {
if ((n = read(fd, output, size)) < 0)
n = 0;
close(fd);
}
return (n);
}
#endif
return (0);
}
/*
* Portable way of getting the time values if gettimeofday is missing
* then compile with -DMISSING_GETTIMEOFDAY time() is POSIX compliant but
* gettimeofday() is not.
* Time of day is predictable, we are looking for the randomness that comes
* the last few bits in the microseconds in the timer are hard to predict when
* this is invoked at the end of other operations
*/
struct timeval *mtime;
static int
do_time(dst_work *work)
{
int cnt = 0;
static u_char tmp[sizeof(struct timeval) + sizeof(struct timezone)];
struct timezone *zone;
zone = (struct timezone *) tmp;
mtime = (struct timeval *)(tmp + sizeof(struct timezone));
gettimeofday(mtime, zone);
cnt = sizeof(tmp);
my_digest(work, tmp, sizeof(tmp));
return (cnt);
}
/*
* this function simulates the ls command, but it uses stat which gives more
* information and is harder to guess
* Each call to this function will visit the next directory on the list of
* directories, in a circular manner.
* return value is the number of bytes added to the temp buffer
*
* do_ls() does not visit subdirectories
* if attacker has access to machine it can guess most of the values seen
* thus it is important to only visit directories that are frequently updated
* Attacker that has access to the network can see network traffic
* when NFS mounted directories are accessed and know exactly the data used
* but may not know exactly in what order data is used.
* Returns the number of bytes that where returned in stat structures
*/
static int
do_ls(dst_work *work)
{
struct dir_info {
uid_t uid;
gid_t gid;
off_t size;
time_t atime, mtime, ctime;
};
static struct dir_info dir_info;
struct stat buf;
struct dirent *entry;
static int i = 0;
static unsigned long d_round = 0;
struct timeval tv;
int n = 0, out = 0;
unsigned dir_len;
char file_name[1024];
u_char tmp_buff[1024];
DIR *dir = NULL;
if (dirs[i] == NULL) /* if at the end of the list start over */
i = 0;
if (stat(dirs[i++], &buf)) /* directory does not exist */
return (0);
gettimeofday(&tv,NULL);
if (d_round == 0)
d_round = tv.tv_sec - MAX_OLD;
else if (i==1) /* if starting a new round cut what we accept */
d_round += (tv.tv_sec - d_round)/2;
if (buf.st_atime < d_round)
return (0);
EREPORT(("do_ls i %d filled %4d in_temp %4d\n",
i-1, work->filled, work->in_temp));
memcpy(tmp_buff, &buf, sizeof(buf));
if ((dir = opendir(dirs[i-1])) == NULL)/* open it for read */
return (0);
strcpy(file_name, dirs[i-1]);
dir_len = strlen(file_name);
file_name[dir_len++] = '/';
while ((entry = readdir(dir))) {
unsigned len = strlen(entry->d_name);
out += len;
if (my_digest(work, (u_char *)entry->d_name, len))
break;
memcpy(&file_name[dir_len], entry->d_name, len);
file_name[dir_len + len] = 0x0;
/* for all entries in dir get the stats */
if (stat(file_name, &buf) == 0) {
n++; /* count successful stat calls */
/* copy non static fields */
dir_info.uid += buf.st_uid;
dir_info.gid += buf.st_gid;
dir_info.size += buf.st_size;
dir_info.atime += buf.st_atime;
dir_info.mtime += buf.st_mtime;
dir_info.ctime += buf.st_ctime;
out += sizeof(dir_info);
if(my_digest(work, (u_char *)&dir_info,
sizeof(dir_info)))
break;
}
}
closedir(dir); /* done */
out += do_time(work); /* add a time stamp */
return (out);
}
/*
* unix_cmd()
* this function executes the a command from the cmds[] list of unix commands
* configured in the prand_conf.h file
* return value is the number of bytes added to the randomness temp buffer
*
* it returns the number of bytes that where read in
* if more data is needed at the end time is added to the data.
* This function maintains a state to selects the next command to run
* returns the number of bytes read in from the command
*/
static int
unix_cmd(dst_work *work)
{
static int cmd_index = 0;
int cnt = 0, n;
FILE *pipe;
u_char buffer[4096];
if (cmds[cmd_index] == NULL)
cmd_index = 0;
EREPORT(("unix_cmd() i %d filled %4d in_temp %4d\n",
cmd_index, work->filled, work->in_temp));
pipe = popen(cmds[cmd_index++], "r"); /* execute the command */
while ((n = fread(buffer, sizeof(char), sizeof(buffer), pipe)) > 0) {
cnt += n; /* process the output */
if (my_digest(work, buffer, (unsigned)n))
break;
/* this adds some randomness to the output */
cnt += do_time(work);
}
while ((n = fread(buffer, sizeof(char), sizeof(buffer), pipe)) > 0)
; /* drain the pipe */
pclose(pipe);
return (cnt); /* read how many bytes where read in */
}
/*
* digest_file() This function will read a file and run hash over it
* input is a file name
*/
static int
digest_file(dst_work *work)
{
static int f_cnt = 0;
static unsigned long f_round = 0;
FILE *fp;
void *ctx;
const char *name;
int no, i;
struct stat st;
struct timeval tv;
u_char buf[1024];
name = files[f_cnt++];
if (f_round == 0 || files[f_cnt] == NULL || work->file_digest == NULL)
if (gettimeofday(&tv, NULL)) /* only do this if needed */
return (0);
if (f_round == 0) /* first time called set to one hour ago */
f_round = (tv.tv_sec - MAX_OLD);
if (files[f_cnt] == NULL) { /* end of list of files */
if(f_cnt <= 1) /* list is too short */
return (0);
f_cnt = 0; /* start again on list */
f_round += (tv.tv_sec - f_round)/2; /* set new cutoff */
work->file_digest = dst_free_key(work->file_digest);
}
if (work->file_digest == NULL) {
work->file_digest = dst_buffer_to_key("", KEY_HMAC_MD5, 0, 0,
(u_char *)&tv, sizeof(tv));
if (work->file_digest == NULL)
return (0);
}
if (access(name, R_OK) || stat(name, &st))
return (0); /* no such file or not allowed to read it */
if (strncmp(name, "/proc/", 6) && st.st_mtime < f_round)
return(0); /* file has not changed recently enough */
if (dst_sign_data(SIG_MODE_INIT, work->file_digest, &ctx,
NULL, 0, NULL, 0)) {
work->file_digest = dst_free_key(work->file_digest);
return (0);
}
if ((fp = fopen(name, "r")) == NULL)
return (0);
for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0;
no += i)
dst_sign_data(SIG_MODE_UPDATE, work->file_digest, &ctx,
buf, (unsigned)i, NULL, 0);
fclose(fp);
if (no >= 64) {
i = dst_sign_data(SIG_MODE_FINAL, work->file_digest, &ctx,
NULL, 0, &work->output[work->filled],
DST_HASH_SIZE);
if (i > 0)
work->filled += i;
}
my_digest(work, (const u_char *)name, strlen(name));
return (no + strlen(name));
}
/*
* function to perform the FINAL and INIT operation on a hash if allowed
*/
static void
force_hash(dst_work *work, prand_hash *hash)
{
int i = 0;
/*
* if more than half a block then add data to output
* otherwise add the digest to the next hash
*/
if ((hash->digested * 2) > hash->block) {
i = dst_sign_data(SIG_MODE_FINAL, hash->key, &hash->ctx,
NULL, 0, &work->output[work->filled],
DST_HASH_SIZE);
hash->digested = 0;
dst_sign_data(SIG_MODE_INIT, hash->key, &hash->ctx,
NULL, 0, NULL, 0);
if (i > 0)
work->filled += i;
}
return;
}
/*
* This function takes the input data does the selection of data specified
* by the hash control block.
* The step variable in the work structure determines which 1/step bytes
* are used,
*
*/
static int
do_hash(dst_work *work, prand_hash *hash, const u_char *input, unsigned size)
{
const u_char *tmp = input;
u_char *tp, *abuf = (u_char *)0;
int i, n;
unsigned needed, avail, dig, cnt = size;
unsigned tmp_size = 0;
if (cnt <= 0 || input == NULL)
return (0);
if (hash->step > 1) { /* if using subset of input data */
tmp_size = size / hash->step + 2;
abuf = tp = malloc(tmp_size);
/* no good return code but at least don't step on things */
if (tp == NULL) {
return (0);
}
tmp = tp;
for (cnt = 0, i = hash->curr; i < size; i += hash->step, cnt++)
*(tp++) = input[i];
/* calculate the starting point in the next input set */
hash->curr = (hash->step - (i - size)) % hash->step;
}
/* digest the data in block sizes */
for (n = 0; n < cnt; n += needed) {
avail = (cnt - n);
needed = hash->block - hash->digested;
dig = (avail < needed) ? avail : needed;
dst_sign_data(SIG_MODE_UPDATE, hash->key, &hash->ctx,
&tmp[n], dig, NULL, 0);
hash->digested += dig;
if (hash->digested >= hash->block)
force_hash(work, hash);
if (work->needed < work->filled) {
if (abuf)
SAFE_FREE2(abuf, tmp_size);
return (1);
}
}
if (tmp_size > 0)
SAFE_FREE2(abuf, tmp_size);
return (0);
}
/*
* Copy data from INPUT for length SIZE into the work-block TMP.
* If we fill the work-block, digest it; then,
* if work-block needs more data, keep filling with the rest of the input.
*/
static int
my_digest(dst_work *work, const u_char *input, unsigned size)
{
int i, full = 0;
static unsigned counter;
counter += size;
/* first do each one of the hashes */
for (i = 0; i < DST_NUM_HASHES && full == 0; i++)
full = do_hash(work, work->hash[i], input, size) +
do_hash(work, work->hash[i], (u_char *) &counter,
sizeof(counter));
/*
* if enough data has be generated do final operation on all hashes
* that have enough date for that
*/
for (i = 0; full && (i < DST_NUM_HASHES); i++)
force_hash(work, work->hash[i]);
return (full);
}
/*
* this function gets some semi random data and sets that as an HMAC key
* If we get a valid key this function returns that key initialized
* otherwise it returns NULL;
*/
static prand_hash *
get_hmac_key(int step, int block)
{
u_char *buff;
int temp = 0, n = 0;
unsigned size = 70;
DST_KEY *new_key = NULL;
prand_hash *new = NULL;
/* use key that is larger than digest algorithms (64) for key size */
buff = malloc(size);
if (buff == NULL)
return (NULL);
/* do not memset the allocated memory to get random bytes there */
/* time of day is somewhat random especially in the last bytes */
gettimeofday((struct timeval *) &buff[n], NULL);
n += sizeof(struct timeval);
/* get some semi random stuff in here stir it with micro seconds */
if (n < size) {
temp = dst_s_quick_random((int) buff[n - 1]);
memcpy(&buff[n], &temp, sizeof(temp));
n += sizeof(temp);
}
/* get the pid of this process and its parent */
if (n < size) {
temp = (int) getpid();
memcpy(&buff[n], &temp, sizeof(temp));
n += sizeof(temp);
}
if (n < size) {
temp = (int) getppid();
memcpy(&buff[n], &temp, sizeof(temp));
n += sizeof(temp);
}
/* get the user ID */
if (n < size) {
temp = (int) getuid();
memcpy(&buff[n], &temp, sizeof(temp));
n += sizeof(temp);
}
#ifndef GET_HOST_ID_MISSING
if (n < size) {
temp = (int) gethostid();
memcpy(&buff[n], &temp, sizeof(temp));
n += sizeof(temp);
}
#endif
/* get some more random data */
if (n < size) {
temp = dst_s_quick_random((int) buff[n - 1]);
memcpy(&buff[n], &temp, sizeof(temp));
}
/* covert this into a HMAC key */
new_key = dst_buffer_to_key("", KEY_HMAC_MD5, 0, 0, buff, size);
SAFE_FREE(buff);
/* get the control structure */
if ((new = malloc(sizeof(prand_hash))) == NULL)
return (NULL);
new->digested = new->curr = 0;
new->step = step;
new->block = block;
new->key = new_key;
if (dst_sign_data(SIG_MODE_INIT, new_key, &new->ctx, NULL, 0, NULL, 0)) {
SAFE_FREE(new);
return (NULL);
}
return (new);
}
/*
* own_random()
* This function goes out and from various sources tries to generate enough
* semi random data that a hash function can generate a random data.
* This function will iterate between the two main random source sources,
* information from programs and directories in random order.
* This function return the number of bytes added to the random output buffer.
*/
static unsigned
own_random(dst_work *work)
{
int dir = 0, b;
int bytes, n, cmd = 0, dig = 0;
/*
* now get the initial seed to put into the quick random function from
* the address of the work structure
*/
bytes = (int) getpid();
/*
* proceed while needed
*/
while (work->filled < work->needed) {
EREPORT(("own_random r %08x b %6d t %6d f %6d\n",
ran_val, bytes, work->in_temp, work->filled));
/* pick a random number in the range of 0..7 based on that random number
* perform some operations that yield random data
*/
n = (dst_s_quick_random(bytes) >> DST_SHIFT) & 0x07;
switch (n) {
case 0:
case 3:
if (sizeof(cmds) > 2 *sizeof(*cmds)) {
b = unix_cmd(work);
cmd += b;
}
break;
case 1:
case 7:
if (sizeof(dirs) > 2 *sizeof(*dirs)) {
b = do_ls(work);
dir += b;
}
break;
case 4:
case 5:
/* retry getting data from /dev/random */
b = get_dev_random(&work->output[work->filled],
work->needed - work->filled);
if (b > 0)
work->filled += b;
break;
case 6:
if (sizeof(files) > 2 * sizeof(*files)) {
b = digest_file(work);
dig += b;
}
break;
case 2:
default: /* to make sure we make some progress */
work->output[work->filled++] = 0xff &
dst_s_quick_random(bytes);
b = 1;
break;
}
if (b > 0)
bytes += b;
}
return (work->filled);
}
/*
* dst_s_random() This function will return the requested number of bytes
* of randomness to the caller it will use the best available sources of
* randomness.
* The current order is to use /dev/random, precalculated randomness, and
* finally use some system calls and programs to generate semi random data
* that is then digested to generate randomness.
* This function is thread safe as each thread uses its own context, but
* concurrent treads will affect each other as they update shared state
* information.
* It is strongly recommended that this function be called requesting a size
* that is not a multiple of the output of the hash function used.
*
* If /dev/random is not available this function is not suitable to generate
* large amounts of data, rather it is suitable to seed a pseudo-random
* generator
* Returns the number of bytes put in the output buffer
*/
int
dst_s_random(u_char *output, unsigned size)
{
int n = 0, i;
unsigned s;
static u_char old_unused[DST_HASH_SIZE * DST_NUM_HASHES];
static unsigned unused = 0;
if (size <= 0 || output == NULL)
return (0);
if (size >= 2048)
return (-1);
/*
* Read from /dev/random
*/
n = get_dev_random(output, size);
/*
* If old data is available and needed use it
*/
if (n < size && unused > 0) {
unsigned need = size - n;
if (unused <= need) {
memcpy(output, old_unused, unused);
n += unused;
unused = 0;
} else {
memcpy(output, old_unused, need);
n += need;
unused -= need;
memcpy(old_unused, &old_unused[need], unused);
}
}
/*
* If we need more use the simulated randomness here.
*/
if (n < size) {
dst_work *my_work = (dst_work *) malloc(sizeof(dst_work));
if (my_work == NULL)
return (n);
my_work->needed = size - n;
my_work->filled = 0;
my_work->output = (u_char *) malloc(my_work->needed +
DST_HASH_SIZE *
DST_NUM_HASHES);
my_work->file_digest = NULL;
if (my_work->output == NULL) {
SAFE_FREE(my_work);
return (n);
}
memset(my_work->output, 0x0, my_work->needed);
/* allocate upto 4 different HMAC hash functions out of order */
#if DST_NUM_HASHES >= 3
my_work->hash[2] = get_hmac_key(3, DST_RANDOM_BLOCK_SIZE / 2);
#endif
#if DST_NUM_HASHES >= 2
my_work->hash[1] = get_hmac_key(7, DST_RANDOM_BLOCK_SIZE / 6);
#endif
#if DST_NUM_HASHES >= 4
my_work->hash[3] = get_hmac_key(5, DST_RANDOM_BLOCK_SIZE / 4);
#endif
my_work->hash[0] = get_hmac_key(1, DST_RANDOM_BLOCK_SIZE);
if (my_work->hash[0] == NULL) { /* if failure bail out */
for (i = 1; i < DST_NUM_HASHES; i++) {
if (my_work->hash[i] != NULL) {
dst_free_key(my_work->hash[i]->key);
SAFE_FREE(my_work->hash[i]);
}
}
SAFE_FREE(my_work->output);
SAFE_FREE(my_work);
return (n);
}
s = own_random(my_work);
/* if more generated than needed store it for future use */
if (s >= my_work->needed) {
EREPORT(("dst_s_random(): More than needed %d >= %d\n",
s, my_work->needed));
memcpy(&output[n], my_work->output, my_work->needed);
n += my_work->needed;
/* saving unused data for next time */
unused = s - my_work->needed;
if (unused > sizeof(old_unused)) {
unused = sizeof(old_unused);
}
memcpy(old_unused, &my_work->output[my_work->needed],
unused);
} else {
/* XXXX This should not happen */
EREPORT(("Not enough %d >= %d\n", s, my_work->needed));
memcpy(&output[n], my_work->output, s);
n += my_work->needed;
}
/* delete the allocated work area */
for (i = 0; i < DST_NUM_HASHES; i++) {
if (my_work->hash[i] != NULL) {
dst_free_key(my_work->hash[i]->key);
SAFE_FREE(my_work->hash[i]);
}
}
SAFE_FREE(my_work->output);
SAFE_FREE(my_work);
}
return (n);
}
/*
* A random number generator that is fast and strong
* this random number generator is based on HASHing data,
* the input to the digest function is a collection of <NUMBER_OF_COUNTERS>
* counters that is incremented between digest operations
* each increment operation amortizes to 2 bits changed in that value
* for 5 counters thus the input will amortize to have 10 bits changed
* The counters are initially set using the strong random function above
* the HMAC key is selected by the same method as the HMAC keys for the
* strong random function.
* Each set of counters is used for 2^25 operations
*
* returns the number of bytes written to the output buffer
* or negative number in case of error
*/
int
dst_s_semi_random(u_char *output, unsigned size)
{
static u_int32_t counter[DST_NUMBER_OF_COUNTERS];
static u_char semi_old[DST_HASH_SIZE];
static int semi_loc = 0, cnt = 0;
static unsigned hb_size = 0;
static DST_KEY *my_key = NULL;
prand_hash *hash;
unsigned out = 0;
unsigned i;
int n, res;
if (output == NULL || size <= 0)
return (-2);
/* check if we need a new key */
if (my_key == NULL || cnt > (1 << 25)) { /* get HMAC KEY */
if (my_key)
my_key->dk_func->destroy(my_key);
if ((hash = get_hmac_key(1, DST_RANDOM_BLOCK_SIZE)) == NULL)
return (0);
my_key = hash->key;
/* check if the key works stir the new key using some old random data */
hb_size = dst_sign_data(SIG_MODE_ALL, my_key, NULL,
(u_char *) counter, sizeof(counter),
semi_old, sizeof(semi_old));
if (hb_size <= 0) {
EREPORT(("dst_s_semi_random() Sign of alg %d failed %d\n",
my_key->dk_alg, hb_size));
return (-1);
}
/* new set the counters to random values */
dst_s_random((u_char *) counter, sizeof(counter));
cnt = 0;
}
/* if old data around use it first */
if (semi_loc < hb_size) {
if (size <= hb_size - semi_loc) { /* need less */
memcpy(output, &semi_old[semi_loc], size);
semi_loc += size;
return (size); /* DONE */
} else {
out = hb_size - semi_loc;
memcpy(output, &semi_old[semi_loc], out);
semi_loc += out;
}
}
/* generate more random stuff */
while (out < size) {
/*
* modify at least one bit by incrementing at least one counter
* based on the last bit of the last counter updated update
* the next one.
* minimally this operation will modify at least 1 bit,
* amortized 2 bits
*/
for (n = 0; n < DST_NUMBER_OF_COUNTERS; n++)
i = (int) counter[n]++;
res = dst_sign_data(SIG_MODE_ALL, my_key, NULL,
(u_char *) counter, hb_size,
semi_old, sizeof(semi_old));
if (res < 0) {
return res;
}
i = (unsigned) res;
if (i != hb_size)
EREPORT(("HMAC SIGNATURE FAILURE %d\n", i));
cnt++;
if (size - out < i) /* Not all data is needed */
semi_loc = i = size - out;
memcpy(&output[out], semi_old, i);
out += i;
}
return (out);
}

3
server/ddns.c
View File

@@ -4,7 +4,7 @@
/*
*
* Copyright (c) 2009-2014 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2009-2015 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2000-2003 by Internet Software Consortium
*
@@ -35,7 +35,6 @@
*/
#include "dhcpd.h"
#include "dst/md5.h"
#include <dns/result.h>
char *ddns_standard_tag = "ddns-dhcid";