On 17/03/2014 10:11 p.m., Amos Jeffries wrote:
> This is the patch making libnettle mandatory dependency and dropping
> completely the bundled MD5 implementation.
>
Or to be exact this patch is :-P
Amos
=== modified file 'CREDITS'
--- CREDITS 2014-03-06 05:41:17 +0000
+++ CREDITS 2014-03-16 05:43:02 +0000
@@ -171,41 +171,6 @@
==============================================================================
-lib/md5.c:
-
-/*
- * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * SquidMD5Context structure, pass it to SquidMD5Init, call
- * SquidMD5Update as needed on buffers full of bytes, and then call
- * SquidMD5Final, which will fill a supplied 16-byte array with the
- * digest.
- *
- * Changed so as no longer to depend on Colin Plumb's `usual.h' header
- * definitions; now uses stuff from dpkg's config.h.
- * - Ian Jackson <i...@chiark.greenend.org.uk>.
- * Still in the public domain.
- *
- * Changed SquidMD5Update to take a void * for easier use and some
- * other minor cleanup. - Henrik Nordstrom <hen...@henriknordstrom.net>.
- * Still in the public domain.
- *
- * Prefixed all symbols with "Squid" so they don't collide with
- * other libraries. Duane Wessels <wess...@squid-cache.org>.
- * Still in the public domain.
- */
-
-==============================================================================
-
lib/radix.c:
/*
=== modified file 'configure.ac'
--- configure.ac 2014-03-16 03:08:55 +0000
+++ configure.ac 2014-03-17 01:10:20 +0000
@@ -1216,26 +1216,26 @@
# Cryptograhic libraries
AC_ARG_WITH(nettle,
- AS_HELP_STRING([--without-nettle],[Compile without the Nettle crypto
library.]),[
+ AS_HELP_STRING([--with-nettle=PATH],[Compile with Nettle cryptographic
library at a custom location.]),[
case "$with_nettle" in
- yes|no)
- : # Nothing special to do here
+ no)
+ AC_MSG_ERROR([Nettle crypto library is required])
;;
*)
if test ! -d "$withval" ; then
- AC_MSG_ERROR([--with-nettle path does not point to a directory])
+ AC_MSG_ERROR([--with-nettle=PATH does not point to a directory])
fi
NETTLELIBDIR="-L$with_nettle/lib"
CPPFLAGS="-I$with_nettle/include $CPPFLAGS"
with_nettle=yes
esac
])
-if test "x$with_nettle" != "xno" ; then
- AC_CHECK_LIB(nettle, nettle_md5_init,[
- NETTLELIB="$NETTLELIBDIR -lnettle"
- AC_CHECK_HEADERS(nettle/md5.h)
- ],[with_nettle=no])
-fi
+AC_CHECK_LIB(nettle, nettle_md5_init,[
+ NETTLELIB="$NETTLELIBDIR -lnettle"
+],[
+ AC_MSG_ERROR([Nettle cryptographic library is required])
+])
+AC_CHECK_HEADERS(nettle/md5.h)
AC_MSG_NOTICE([Using Nettle cryptographic library: ${with_nettle:=yes}])
AC_SUBST(NETTLELIB)
@@ -2218,7 +2218,6 @@
netinet/in_systm.h \
netinet/ip_fil_compat.h \
openssl/err.h \
- openssl/md5.h \
openssl/opensslv.h \
openssl/ssl.h \
openssl/x509v3.h \
@@ -2248,7 +2247,6 @@
sys/ipc.cc \
sys/param.h \
sys/prctl.h \
- sys/md5.h \
sys/mman.h \
sys/msg.h \
sys/resource.h \
=== modified file 'helpers/basic_auth/NCSA/crypt_md5.cc'
--- helpers/basic_auth/NCSA/crypt_md5.cc 2014-02-21 10:46:19 +0000
+++ helpers/basic_auth/NCSA/crypt_md5.cc 2014-03-16 08:40:22 +0000
@@ -1,6 +1,6 @@
/*
* Shamelessly stolen from linux-pam, and adopted to work with
- * OpenSSL md5 implementation and any magic string
+ * Nettle md5 implementation and any magic string
*
* Origin2: md5_crypt.c,v 1.1.1.1 2000/01/03 17:34:46 gafton Exp
*
@@ -16,9 +16,11 @@
*/
#include "squid.h"
#include "crypt_md5.h"
-#include "md5.h"
#include <cstring>
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
@@ -41,17 +43,15 @@
* $magic$salt$...
* If not the normal UNIX magic $1$ is used.
*/
-
-char *crypt_md5(const char *pw, const char *salt)
+char *crypt_md5(const char *pswd, const char *salt)
{
const char *magic = "$1$";
int magiclen = 3;
static char passwd[120], *p;
- static const char *sp, *ep;
- unsigned char final[16];
- int sl, pl, i, j;
- SquidMD5_CTX ctx, ctx1;
+ uint8_t final[MD5_DIGEST_SIZE];
+ struct md5_ctx ctx, ctx1;
unsigned long l;
+ const uint8_t *pw = reinterpret_cast<const uint8_t *>(pswd);
if (*salt == '$') {
magic = salt;
@@ -68,80 +68,84 @@
}
/* Refine the Salt first */
- sp = salt;
+ const uint8_t *sp = reinterpret_cast<const uint8_t*>(salt);
/* It stops at the first '$', max 8 chars */
+ const uint8_t *ep;
for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ++ep)
continue;
/* get the length of the true salt */
- sl = ep - sp;
+ size_t sl = ep - sp;
- SquidMD5Init(&ctx);
+ md5_init(&ctx);
/* The password first, since that is what is most unknown */
- SquidMD5Update(&ctx, (unsigned const char *) pw, strlen(pw));
+ const size_t pwLen = strlen(pswd);
+ md5_update(&ctx, pwLen, pw);
/* Then our magic string */
- SquidMD5Update(&ctx, (unsigned const char *) magic, magiclen);
+ md5_update(&ctx, magiclen, reinterpret_cast<const uint8_t*>(magic));
/* Then the raw salt */
- SquidMD5Update(&ctx, (unsigned const char *) sp, sl);
+ md5_update(&ctx, sl, sp);
/* Then just as many characters of the MD5(pw,salt,pw) */
- SquidMD5Init(&ctx1);
- SquidMD5Update(&ctx1, (unsigned const char *) pw, strlen(pw));
- SquidMD5Update(&ctx1, (unsigned const char *) sp, sl);
- SquidMD5Update(&ctx1, (unsigned const char *) pw, strlen(pw));
- SquidMD5Final(final, &ctx1);
- for (pl = strlen(pw); pl > 0; pl -= 16)
- SquidMD5Update(&ctx, (unsigned const char *) final, pl > 16 ? 16 : pl);
+ md5_init(&ctx1);
+ md5_update(&ctx1, pwLen, pw);
+ md5_update(&ctx1, sl, sp);
+ md5_update(&ctx1, pwLen, pw);
+ md5_digest(&ctx1, MD5_DIGEST_SIZE, final);
+ for (ssize_t pl = pwLen; pl > 0; pl -= MD5_DIGEST_SIZE)
+ md5_update(&ctx, min(pl, MD5_DIGEST_SIZE), final);
/* Don't leave anything around in vm they could use. */
- memset(final, 0, sizeof final);
+ memset(final, 0, sizeof(final));
/* Then something really weird... */
- for (j = 0, i = strlen(pw); i; i >>= 1)
+ for (uint8_t j = 0, i = pwLen; i; i >>= 1)
if (i & 1)
- SquidMD5Update(&ctx, (unsigned const char *) final + j, 1);
+ md5_update(&ctx, 1, final + j);
else
- SquidMD5Update(&ctx, (unsigned const char *) pw + j, 1);
+ md5_update(&ctx, 1, pw + j);
/* Now make the output string */
memset(passwd, 0, sizeof(passwd));
strncat(passwd, magic, magiclen);
- strncat(passwd, sp, sl);
- strcat(passwd, "$");
+ strncat(passwd, reinterpret_cast<const char*>(sp), sl);
+ strncat(passwd, "$", 1);
- SquidMD5Final(final, &ctx);
+ md5_digest(&ctx, MD5_DIGEST_SIZE, final);
/*
* and now, just to make sure things don't run too fast
* On a 60 Mhz Pentium this takes 34 msec, so you would
* need 30 seconds to build a 1000 entry dictionary...
*/
- for (i = 0; i < 1000; ++i) {
- SquidMD5Init(&ctx1);
+ for (uint16_t i = 0; i < 1000; ++i) {
+ md5_init(&ctx1);
if (i & 1)
- SquidMD5Update(&ctx1, (unsigned const char *) pw, strlen(pw));
+ md5_update(&ctx1, pwLen, pw);
else
- SquidMD5Update(&ctx1, (unsigned const char *) final, 16);
+ md5_update(&ctx1, MD5_DIGEST_SIZE, final);
if (i % 3)
- SquidMD5Update(&ctx1, (unsigned const char *) sp, sl);
+ md5_update(&ctx1, sl, sp);
if (i % 7)
- SquidMD5Update(&ctx1, (unsigned const char *) pw, strlen(pw));
+ md5_update(&ctx1, pwLen, pw);
if (i & 1)
- SquidMD5Update(&ctx1, (unsigned const char *) final, 16);
+ md5_update(&ctx1, MD5_DIGEST_SIZE, final);
else
- SquidMD5Update(&ctx1, (unsigned const char *) pw, strlen(pw));
- SquidMD5Final(final, &ctx1);
+ md5_update(&ctx1, pwLen, pw);
+ md5_digest(&ctx1, MD5_DIGEST_SIZE, final);
}
p = passwd + strlen(passwd);
+ // XXX: this is base64 encoding of the 'final' binary string yes?
+
l = (final[0] << 16) | (final[6] << 8) | final[12];
md5to64(p, l, 4);
p += 4;
@@ -163,7 +167,7 @@
*p = '\0';
/* Don't leave anything around in vm they could use. */
- memset(final, 0, sizeof final);
+ memset(final, 0, sizeof(final));
return passwd;
}
@@ -173,25 +177,23 @@
*/
char *md5sum(const char *s)
{
- static unsigned char digest[16];
- SquidMD5_CTX ctx;
- int idx;
+ static uint8_t digest[MD5_DIGEST_SIZE];
+ struct md5_ctx ctx;
static char sum[33];
- memset(digest,0,16);
-
- SquidMD5Init(&ctx);
- SquidMD5Update(&ctx,(const unsigned char *)s,strlen(s));
- SquidMD5Final(digest,&ctx);
-
- for (idx=0; idx<16; ++idx)
+ memset(digest, 0, sizeof(digest));
+
+ md5_init(&ctx);
+ md5_update(&ctx, strlen(s), reinterpret_cast<const uint8_t*>(s));
+ md5_digest(&ctx, MD5_DIGEST_SIZE, digest);
+
+ for (uint8_t idx=0; idx<16; ++idx)
snprintf(&sum[idx*2],(33-(idx*2)),"%02x",digest[idx]);
sum[32]='\0';
/* Don't leave anything around in vm they could use. */
- memset(digest, 0, sizeof digest);
+ memset(digest, 0, sizeof(digest));
return sum;
}
-
=== modified file 'helpers/basic_auth/RADIUS/basic_radius_auth.cc'
--- helpers/basic_auth/RADIUS/basic_radius_auth.cc 2014-02-21 10:46:19
+0000
+++ helpers/basic_auth/RADIUS/basic_radius_auth.cc 2014-03-16 08:51:12
+0000
@@ -47,7 +47,6 @@
#include "squid.h"
#include "helpers/defines.h"
-#include "md5.h"
#include "radius-util.h"
#include "radius.h"
@@ -55,6 +54,9 @@
#include <cerrno>
#include <cstring>
#include <ctime>
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
#if HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
@@ -88,7 +90,7 @@
#define MAXPASS 254
#define MAXLINE 254
-static void md5_calc(uint8_t out[16], void *in, size_t len);
+static void md5_calc(uint8_t out[MD5_DIGEST_SIZE], void *in, size_t len);
static int i_send_buffer[2048];
static int i_recv_buffer[2048];
@@ -142,12 +144,12 @@
* MD5 digest
*/
static void
-md5_calc(uint8_t out[16], void *in, size_t len)
+md5_calc(uint8_t out[MD5_DIGEST_SIZE], void *in, size_t len)
{
- SquidMD5_CTX ctx;
- SquidMD5Init(&ctx);
- SquidMD5Update(&ctx, in, len);
- SquidMD5Final(out, &ctx);
+ struct md5_ctx ctx;
+ md5_init(&ctx);
+ md5_update(&ctx, len, reinterpret_cast<const uint8_t*>(in));
+ md5_digest(&ctx, MD5_DIGEST_SIZE, out);
}
/*
@@ -179,7 +181,7 @@
memcpy(auth->vector, vector, AUTH_VECTOR_LEN);
secretlen = strlen(secretkey);
memcpy(buffer + length, secretkey, secretlen);
- md5_calc(calc_digest, (unsigned char *) auth, length + secretlen);
+ md5_calc(calc_digest, reinterpret_cast<uint8_t*>(auth), length +
secretlen);
if (memcmp(reply_digest, calc_digest, AUTH_VECTOR_LEN) != 0) {
debug("WARNING: Received invalid reply digest from server\n");
=== modified file 'helpers/basic_auth/RADIUS/radius-util.cc'
--- helpers/basic_auth/RADIUS/radius-util.cc 2014-02-21 10:46:19 +0000
+++ helpers/basic_auth/RADIUS/radius-util.cc 2014-03-17 01:17:58 +0000
@@ -37,7 +37,6 @@
" 2.1 Copyright 1997 Cistron Internet Services B.V.";
#include "squid.h"
-#include "md5.h"
#include "radius-util.h"
#include <cctype>
=== modified file 'helpers/basic_auth/RADIUS/radius.h'
--- helpers/basic_auth/RADIUS/radius.h 2012-08-28 13:00:30 +0000
+++ helpers/basic_auth/RADIUS/radius.h 2014-03-16 08:51:51 +0000
@@ -1,3 +1,10 @@
+#ifndef _SQUID_RADIUS_H
+#define _SQUID_RADIUS_H
+
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
+
/*
*
* RADIUS
@@ -29,7 +36,7 @@
* @(#)radius.h 2.0 03-Aug-1996
*/
-#define AUTH_VECTOR_LEN 16
+#define AUTH_VECTOR_LEN MD5_DIGEST_SIZE // 16
#define AUTH_PASS_LEN 16
#define AUTH_STRING_LEN 128 /* maximum of 254 */
@@ -192,3 +199,4 @@
#define PW_STATUS_ACCOUNTING_ON 7
#define PW_STATUS_ACCOUNTING_OFF 8
+#endif /* _SQUID_RADIUS_H */
=== removed file 'include/md5.h'
--- include/md5.h 2014-03-16 03:08:55 +0000
+++ include/md5.h 1970-01-01 00:00:00 +0000
@@ -1,62 +0,0 @@
-#ifndef SQUID_MD5_H
-#define SQUID_MD5_H
-
-#if HAVE_NETTLE_MD5_H
-#include <nettle/md5.h>
-
-typedef struct md5_ctx SquidMD5_CTX;
-
-#define SquidMD5Init(c) md5_init((c))
-#define SquidMD5Update(c,b,l) md5_update((c), (l), (const uint8_t *)(b))
-#define SquidMD5Final(d,c) md5_digest((c), MD5_DIGEST_SIZE, (uint8_t *)(d))
-
-#define SQUID_MD5_DIGEST_LENGTH MD5_DIGEST_SIZE
-
-#else
-/*
- * This is the header file for the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * MD5Context structure, pass it to MD5Init, call MD5Update as
- * needed on buffers full of bytes, and then call MD5Final, which
- * will fill a supplied 16-byte array with the digest.
- *
- * Changed so as no longer to depend on Colin Plumb's `usual.h'
- * header definitions; now uses stuff from dpkg's config.h
- * - Ian Jackson <i...@chiark.greenend.org.uk>.
- * Still in the public domain.
- *
- * Changed MD5Update to take a void * for easier use and some other
- * minor cleanup. - Henrik Nordstrom <hen...@henriknordstrom.net>.
- * Still in the public domain.
- *
- * Prefixed all symbols with "Squid" so they don't collide with
- * other libraries. Duane Wessels <wess...@squid-cache.org>.
- * Still in the public domain.
- *
- */
-
-typedef struct SquidMD5Context {
- uint32_t buf[4];
- uint32_t bytes[2];
- uint32_t in[16];
-} SquidMD5_CTX;
-
-SQUIDCEXTERN void SquidMD5Init(struct SquidMD5Context *context);
-SQUIDCEXTERN void SquidMD5Update(struct SquidMD5Context *context, const void
*buf, unsigned len);
-SQUIDCEXTERN void SquidMD5Final(uint8_t digest[16], struct SquidMD5Context
*context);
-SQUIDCEXTERN void SquidMD5Transform(uint32_t buf[4], uint32_t const in[16]);
-
-#define SQUID_MD5_DIGEST_LENGTH 16
-
-#endif /* HAVE_NETTLE_MD5_H */
-
-#endif /* SQUID_MD5_H */
=== modified file 'lib/Makefile.am'
--- lib/Makefile.am 2014-01-08 04:29:04 +0000
+++ lib/Makefile.am 2014-03-16 05:37:21 +0000
@@ -49,7 +49,6 @@
base64.c \
charset.c \
html_quote.c \
- md5.c \
rfc1738.c \
rfc2617.c \
uudecode.c
=== removed file 'lib/md5-test.c'
--- lib/md5-test.c 2014-02-21 10:46:19 +0000
+++ lib/md5-test.c 1970-01-01 00:00:00 +0000
@@ -1,48 +0,0 @@
-/*
- * COMPILE WITH:
- * gcc -Wall md5-test.c -I../include md5.o
- */
-
-#include "squid.h"
-#include "md5.h"
-//#include "stdio.h" // ???
-
-static void MDPrint(unsigned char digest[16]);
-static void MDString(char *string);
-
-static void
-MDString(char *string)
-{
- MD5_CTX context;
- unsigned char digest[16];
- unsigned int len = strlen(string);
- xMD5Init(&context);
- xMD5Update(&context, string, len);
- xMD5Final(digest, &context);
- printf("MD5 (\"%s\") = ", string);
- MDPrint(digest);
- printf("\n");
-}
-
-static void
-MDPrint(unsigned char digest[16])
-{
- unsigned int i;
- for (i = 0; i < 16; i++)
- printf("%02x", digest[i]);
-}
-
-int
-main(int argc, char **argv)
-{
- printf("MD5 test suite:\n");
- MDString("");
- MDString("a");
- MDString("abc");
- MDString("message digest");
- MDString("abcdefghijklmnopqrstuvwxyz");
- MDString("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
- MDString("1234567890123456789012345678901234567890"
- "1234567890123456789012345678901234567890");
- return 0;
-}
=== removed file 'lib/md5.c'
--- lib/md5.c 2014-03-16 03:08:55 +0000
+++ lib/md5.c 1970-01-01 00:00:00 +0000
@@ -1,257 +0,0 @@
-/*
- * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * SquidMD5Context structure, pass it to SquidMD5Init, call
- * SquidMD5Update as needed on buffers full of bytes, and then call
- * SquidMD5Final, which will fill a supplied 16-byte array with the
- * digest.
- *
- * Changed so as no longer to depend on Colin Plumb's `usual.h' header
- * definitions; now uses stuff from dpkg's config.h.
- * - Ian Jackson <i...@chiark.greenend.org.uk>.
- * Still in the public domain.
- *
- * Changed SquidMD5Update to take a void * for easier use and some
- * other minor cleanup. - Henrik Nordstrom <hen...@henriknordstrom.net>.
- * Still in the public domain.
- *
- * Prefixed all symbols with "Squid" so they don't collide with
- * other libraries. Duane Wessels <wess...@squid-cache.org>.
- * Still in the public domain.
- *
- */
-#include "squid.h"
-#include "md5.h"
-
-#if !HAVE_NETTLE_MD5_H
-
-#if HAVE_STRING_H
-#include <string.h> /* for memcpy() */
-#endif
-#if HAVE_SYS_TYPES_H
-#include <sys/types.h> /* for stupid systems */
-#endif
-
-#ifdef WORDS_BIGENDIAN
-void
-static byteSwap(uint32_t * buf, unsigned words)
-{
- uint8_t *p = (uint8_t *) buf;
-
- do {
- *buf++ = (uint32_t) ((unsigned) p[3] << 8 | p[2]) << 16 |
- ((unsigned) p[1] << 8 | p[0]);
- p += 4;
- } while (--words);
-}
-#else
-#define byteSwap(buf,words)
-#endif
-
-/*
- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
- * initialization constants.
- */
-void
-SquidMD5Init(struct SquidMD5Context *ctx)
-{
- ctx->buf[0] = 0x67452301;
- ctx->buf[1] = 0xefcdab89;
- ctx->buf[2] = 0x98badcfe;
- ctx->buf[3] = 0x10325476;
-
- ctx->bytes[0] = 0;
- ctx->bytes[1] = 0;
-}
-
-/*
- * Update context to reflect the concatenation of another buffer full
- * of bytes.
- */
-void
-SquidMD5Update(struct SquidMD5Context *ctx, const void *_buf, unsigned len)
-{
- uint8_t const *buf = _buf;
- uint32_t t;
-
- /* Update byte count */
-
- t = ctx->bytes[0];
- if ((ctx->bytes[0] = t + len) < t)
- ctx->bytes[1]++; /* Carry from low to high */
-
- t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */
- if (t > len) {
- memcpy((uint8_t *) ctx->in + 64 - t, buf, len);
- return;
- }
- /* First chunk is an odd size */
- memcpy((uint8_t *) ctx->in + 64 - t, buf, t);
- byteSwap(ctx->in, 16);
- SquidMD5Transform(ctx->buf, ctx->in);
- buf += t;
- len -= t;
-
- /* Process data in 64-byte chunks */
- while (len >= 64) {
- memcpy(ctx->in, buf, 64);
- byteSwap(ctx->in, 16);
- SquidMD5Transform(ctx->buf, ctx->in);
- buf += 64;
- len -= 64;
- }
-
- /* Handle any remaining bytes of data. */
- memcpy(ctx->in, buf, len);
-}
-
-/*
- * Final wrapup - pad to 64-byte boundary with the bit pattern
- * 1 0* (64-bit count of bits processed, MSB-first)
- */
-void
-SquidMD5Final(unsigned char digest[16], struct SquidMD5Context *ctx)
-{
- int count = ctx->bytes[0] & 0x3f; /* Number of bytes in ctx->in */
- uint8_t *p = (uint8_t *) ctx->in + count;
-
- /* Set the first char of padding to 0x80. There is always room. */
- *p++ = 0x80;
-
- /* Bytes of padding needed to make 56 bytes (-8..55) */
- count = 56 - 1 - count;
-
- if (count < 0) { /* Padding forces an extra block */
- memset(p, 0, count + 8);
- byteSwap(ctx->in, 16);
- SquidMD5Transform(ctx->buf, ctx->in);
- p = (uint8_t *) ctx->in;
- count = 56;
- }
- memset(p, 0, count);
- byteSwap(ctx->in, 14);
-
- /* Append length in bits and transform */
- ctx->in[14] = ctx->bytes[0] << 3;
- ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29;
- SquidMD5Transform(ctx->buf, ctx->in);
-
- byteSwap(ctx->buf, 4);
- memcpy(digest, ctx->buf, 16);
- memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
-}
-
-#ifndef ASM_MD5
-
-/* The four core functions - F1 is optimized somewhat */
-
-/* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-
-/* This is the central step in the MD5 algorithm. */
-#define MD5STEP(f,w,x,y,z,in,s) \
- (w += f(x,y,z) + in, w = (w<<s | w>>(32-s)) + x)
-
-/*
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
- * reflect the addition of 16 longwords of new data. SquidMD5Update blocks
- * the data and converts bytes into longwords for this routine.
- */
-void
-SquidMD5Transform(uint32_t buf[4], uint32_t const in[16])
-{
- register uint32_t a, b, c, d;
-
- a = buf[0];
- b = buf[1];
- c = buf[2];
- d = buf[3];
-
- MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
- MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
- MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
- MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
- MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
- MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
- MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
- MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
- MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
- MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
- MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
- MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
- MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
- MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
- MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
- MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
-
- MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
- MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
- MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
- MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
- MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
- MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
- MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
- MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
- MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
- MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
- MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
- MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
- MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
- MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
- MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
- MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
-
- MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
- MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
- MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
- MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
- MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
- MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
- MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
- MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
- MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
- MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
- MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
- MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
- MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
- MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
- MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
- MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
-
- MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
- MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
- MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
- MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
- MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
- MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
- MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
- MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
- MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
- MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
- MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
- MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
- MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
- MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
- MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
- MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
-
- buf[0] += a;
- buf[1] += b;
- buf[2] += c;
- buf[3] += d;
-}
-
-#endif /* !ASM_MD5 */
-#endif /* HAVE_ETTLE_MD5_H */
=== modified file 'lib/rfc2617.c'
--- lib/rfc2617.c 2013-10-25 00:13:46 +0000
+++ lib/rfc2617.c 2014-03-16 05:48:45 +0000
@@ -45,9 +45,12 @@
#include "squid.h"
#include <string.h>
-#include "md5.h"
#include "rfc2617.h"
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
+
void
CvtHex(const HASH Bin, HASHHEX Hex)
{
@@ -114,27 +117,27 @@
HASHHEX SessionKey
)
{
- SquidMD5_CTX Md5Ctx;
-
+ struct md5_ctx Md5Ctx;
+ static const uint8_t *delim = (const uint8_t*)":";
if (pszUserName) {
- SquidMD5Init(&Md5Ctx);
- SquidMD5Update(&Md5Ctx, pszUserName, strlen(pszUserName));
- SquidMD5Update(&Md5Ctx, ":", 1);
- SquidMD5Update(&Md5Ctx, pszRealm, strlen(pszRealm));
- SquidMD5Update(&Md5Ctx, ":", 1);
- SquidMD5Update(&Md5Ctx, pszPassword, strlen(pszPassword));
- SquidMD5Final((unsigned char *) HA1, &Md5Ctx);
+ md5_init(&Md5Ctx);
+ md5_update(&Md5Ctx, strlen(pszUserName), (const uint8_t*)pszUserName);
+ md5_update(&Md5Ctx, 1, delim);
+ md5_update(&Md5Ctx, strlen(pszRealm), (const uint8_t*)pszRealm);
+ md5_update(&Md5Ctx, 1, delim);
+ md5_update(&Md5Ctx, strlen(pszPassword), (const uint8_t*)pszPassword);
+ md5_digest(&Md5Ctx, MD5_DIGEST_SIZE, (uint8_t*)HA1);
}
if (strcasecmp(pszAlg, "md5-sess") == 0) {
HASHHEX HA1Hex;
CvtHex(HA1, HA1Hex); /* RFC2617 errata */
- SquidMD5Init(&Md5Ctx);
- SquidMD5Update(&Md5Ctx, HA1Hex, HASHHEXLEN);
- SquidMD5Update(&Md5Ctx, ":", 1);
- SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
- SquidMD5Update(&Md5Ctx, ":", 1);
- SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
- SquidMD5Final((unsigned char *) HA1, &Md5Ctx);
+ md5_init(&Md5Ctx);
+ md5_update(&Md5Ctx, HASHHEXLEN, (const uint8_t*)HA1Hex);
+ md5_update(&Md5Ctx, 1, delim);
+ md5_update(&Md5Ctx, strlen(pszNonce), (const uint8_t*)pszNonce);
+ md5_update(&Md5Ctx, 1, delim);
+ md5_update(&Md5Ctx, strlen(pszCNonce), (const uint8_t*)pszCNonce);
+ md5_digest(&Md5Ctx, MD5_DIGEST_SIZE, (uint8_t*)HA1);
}
CvtHex(HA1, SessionKey);
}
@@ -153,40 +156,41 @@
HASHHEX Response /* request-digest or response-digest */
)
{
- SquidMD5_CTX Md5Ctx;
+ static const uint8_t *delim = (const uint8_t*)":";
+ struct md5_ctx Md5Ctx;
HASH HA2;
HASH RespHash;
HASHHEX HA2Hex;
/* calculate H(A2)
*/
- SquidMD5Init(&Md5Ctx);
- SquidMD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
- SquidMD5Update(&Md5Ctx, ":", 1);
- SquidMD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
+ md5_init(&Md5Ctx);
+ md5_update(&Md5Ctx, strlen(pszMethod), (const uint8_t*)pszMethod);
+ md5_update(&Md5Ctx, 1, delim);
+ md5_update(&Md5Ctx, strlen(pszDigestUri), (const uint8_t*)pszDigestUri);
if (pszQop && strcasecmp(pszQop, "auth-int") == 0) {
- SquidMD5Update(&Md5Ctx, ":", 1);
- SquidMD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
+ md5_update(&Md5Ctx, 1, delim);
+ md5_update(&Md5Ctx, HASHHEXLEN, (const uint8_t*)HEntity);
}
- SquidMD5Final((unsigned char *) HA2, &Md5Ctx);
+ md5_digest(&Md5Ctx, MD5_DIGEST_SIZE, (uint8_t*)HA2);
CvtHex(HA2, HA2Hex);
/* calculate response
*/
- SquidMD5Init(&Md5Ctx);
- SquidMD5Update(&Md5Ctx, HA1, HASHHEXLEN);
- SquidMD5Update(&Md5Ctx, ":", 1);
- SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
- SquidMD5Update(&Md5Ctx, ":", 1);
+ md5_init(&Md5Ctx);
+ md5_update(&Md5Ctx, HASHHEXLEN, (const uint8_t*)HA1);
+ md5_update(&Md5Ctx, 1, delim);
+ md5_update(&Md5Ctx, strlen(pszNonce), (const uint8_t*)pszNonce);
+ md5_update(&Md5Ctx, 1, delim);
if (pszQop) {
- SquidMD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
- SquidMD5Update(&Md5Ctx, ":", 1);
- SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
- SquidMD5Update(&Md5Ctx, ":", 1);
- SquidMD5Update(&Md5Ctx, pszQop, strlen(pszQop));
- SquidMD5Update(&Md5Ctx, ":", 1);
+ md5_update(&Md5Ctx, strlen(pszNonceCount), (const
uint8_t*)pszNonceCount);
+ md5_update(&Md5Ctx, 1, delim);
+ md5_update(&Md5Ctx, strlen(pszCNonce), (const uint8_t*)pszCNonce);
+ md5_update(&Md5Ctx, 1, delim);
+ md5_update(&Md5Ctx, strlen(pszQop), (const uint8_t*)pszQop);
+ md5_update(&Md5Ctx, 1, delim);
}
- SquidMD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN);
- SquidMD5Final((unsigned char *) RespHash, &Md5Ctx);
+ md5_update(&Md5Ctx, HASHHEXLEN, (const uint8_t*)HA2Hex);
+ md5_digest(&Md5Ctx, MD5_DIGEST_SIZE, (uint8_t*)RespHash);
CvtHex(RespHash, Response);
}
=== modified file 'src/CacheDigest.cc'
--- src/CacheDigest.cc 2012-09-23 09:04:21 +0000
+++ src/CacheDigest.cc 2014-03-17 04:36:34 +0000
@@ -32,7 +32,6 @@
*/
#include "squid.h"
-#include "md5.h"
#include "Mem.h"
#include "StatCounters.h"
#include "Store.h"
@@ -42,6 +41,10 @@
#include "CacheDigest.h"
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
+
/* local types */
typedef struct {
@@ -76,7 +79,7 @@
cacheDigestCreate(int capacity, int bpe)
{
CacheDigest *cd = (CacheDigest *)memAllocate(MEM_CACHE_DIGEST);
- assert(SQUID_MD5_DIGEST_LENGTH == 16); /* our hash functions rely on
16 byte keys */
+ assert(MD5_DIGEST_SIZE == 16); /* our hash functions rely on 16 byte
keys */
cacheDigestInit(cd, capacity, bpe);
return cd;
}
=== modified file 'src/StoreMetaMD5.cc'
--- src/StoreMetaMD5.cc 2012-09-01 14:38:36 +0000
+++ src/StoreMetaMD5.cc 2014-03-16 10:24:46 +0000
@@ -33,15 +33,18 @@
#include "squid.h"
#include "int.h"
-#include "md5.h"
#include "MemObject.h"
#include "Store.h"
#include "StoreMetaMD5.h"
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
+
bool
StoreMetaMD5::validLength(int len) const
{
- return len == SQUID_MD5_DIGEST_LENGTH;
+ return len == MD5_DIGEST_SIZE;
}
int StoreMetaMD5::md5_mismatches = 0;
@@ -50,10 +53,10 @@
StoreMetaMD5::checkConsistency(StoreEntry *e) const
{
assert (getType() == STORE_META_KEY_MD5);
- assert(length == SQUID_MD5_DIGEST_LENGTH);
+ assert(length == MD5_DIGEST_SIZE);
if (!EBIT_TEST(e->flags, KEY_PRIVATE) &&
- memcmp(value, e->key, SQUID_MD5_DIGEST_LENGTH)) {
+ memcmp(value, e->key, MD5_DIGEST_SIZE)) {
debugs(20, 2, "storeClientReadHeader: swapin MD5 mismatch");
// debugs(20, 2, "\t" << storeKeyText((const cache_key *)value));
debugs(20, 2, "\t" << e->getMD5Text());
=== modified file 'src/StoreSwapLogData.h'
--- src/StoreSwapLogData.h 2013-12-06 23:52:26 +0000
+++ src/StoreSwapLogData.h 2014-03-16 08:55:34 +0000
@@ -57,10 +57,13 @@
* the value for MemObject->swap_hdr_sz.
*/
-#include "md5.h"
#include "MemPool.h"
#include "typedefs.h"
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
+
/// maintains a 24-bit checksum over integer fields
class SwapChecksum24
{
@@ -196,7 +199,7 @@
/**
* The 128-bit MD5 hash for this object.
*/
- unsigned char key[SQUID_MD5_DIGEST_LENGTH];
+ unsigned char key[MD5_DIGEST_SIZE];
};
MEMPROXY_CLASS_INLINE(StoreSwapLogData);
=== modified file 'src/fs/rock/RockRebuild.cc'
--- src/fs/rock/RockRebuild.cc 2013-12-31 18:49:41 +0000
+++ src/fs/rock/RockRebuild.cc 2014-03-16 08:53:58 +0000
@@ -9,7 +9,6 @@
#include "fs/rock/RockSwapDir.h"
#include "globals.h"
#include "ipc/StoreMap.h"
-#include "md5.h"
#include "SquidTime.h"
#include "store_rebuild.h"
#include "tools.h"
@@ -18,6 +17,9 @@
#if HAVE_ERRNO_H
#include <errno.h>
#endif
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
CBDATA_NAMESPACED_CLASS_INIT(Rock, Rebuild);
@@ -272,7 +274,7 @@
bool
Rock::Rebuild::importEntry(Ipc::StoreMapAnchor &anchor, const sfileno fileno,
const DbCellHeader &header)
{
- cache_key key[SQUID_MD5_DIGEST_LENGTH];
+ cache_key key[MD5_DIGEST_SIZE];
StoreEntry loadedE;
const uint64_t knownSize = header.entrySize > 0 ?
header.entrySize :
anchor.basics.swap_file_sz.get();
=== modified file 'src/fs/ufs/RebuildState.cc'
--- src/fs/ufs/RebuildState.cc 2014-02-21 10:46:19 +0000
+++ src/fs/ufs/RebuildState.cc 2014-03-16 08:59:07 +0000
@@ -148,7 +148,7 @@
void
Fs::Ufs::RebuildState::rebuildFromDirectory()
{
- cache_key key[SQUID_MD5_DIGEST_LENGTH];
+ cache_key key[MD5_DIGEST_SIZE];
struct stat sb;
int fd = -1;
=== modified file 'src/fs/ufs/UFSSwapDir.cc'
--- src/fs/ufs/UFSSwapDir.cc 2014-02-21 10:46:19 +0000
+++ src/fs/ufs/UFSSwapDir.cc 2014-03-16 08:56:17 +0000
@@ -112,7 +112,7 @@
s.swap_file_sz = e.swap_file_sz;
s.refcount = e.refcount;
s.flags = e.flags;
- memcpy(&s.key, e.key, SQUID_MD5_DIGEST_LENGTH);
+ memcpy(&s.key, e.key, MD5_DIGEST_SIZE);
s.finalize();
memcpy(outbuf + outbuf_offset, &s, ss);
outbuf_offset += ss;
@@ -1247,7 +1247,7 @@
s->swap_file_sz = e.swap_file_sz;
s->refcount = e.refcount;
s->flags = e.flags;
- memcpy(s->key, e.key, SQUID_MD5_DIGEST_LENGTH);
+ memcpy(s->key, e.key, MD5_DIGEST_SIZE);
s->finalize();
file_write(swaplog_fd,
-1,
=== modified file 'src/fs/ufs/UFSSwapLogParser.cc'
--- src/fs/ufs/UFSSwapLogParser.cc 2012-08-14 11:53:07 +0000
+++ src/fs/ufs/UFSSwapLogParser.cc 2014-03-16 08:58:12 +0000
@@ -29,7 +29,6 @@
#include "squid.h"
#include "Debug.h"
-#include "md5.h"
#include "StoreSwapLogData.h"
#include "swap_log_op.h"
#include "UFSSwapLogParser.h"
@@ -40,7 +39,7 @@
/// Parse a swap header entry created on a system with 32-bit size_t and
sfileno
/// this is typical of 32-bit systems without large file support
-/// NP: SQUID_MD5_DIGEST_LENGTH is very risky still.
+/// NP: MD5_DIGEST_SIZE is very risky still.
class UFSSwapLogParser_v1_32bs:public Fs::Ufs::UFSSwapLogParser
{
public:
@@ -56,7 +55,7 @@
uint32_t swap_file_sz;
uint16_t refcount;
uint16_t flags;
- unsigned char key[SQUID_MD5_DIGEST_LENGTH];
+ unsigned char key[MD5_DIGEST_SIZE];
};
UFSSwapLogParser_v1_32bs(FILE *fp):Fs::Ufs::UFSSwapLogParser(fp) {
record_size = sizeof(UFSSwapLogParser_v1_32bs::StoreSwapLogDataOld);
@@ -80,7 +79,7 @@
swapData.swap_file_sz = readData.swap_file_sz;
swapData.refcount = readData.refcount;
swapData.flags = readData.flags;
- memcpy(swapData.key, readData.key, SQUID_MD5_DIGEST_LENGTH);
+ memcpy(swapData.key, readData.key, MD5_DIGEST_SIZE);
return true;
}
};
=== modified file 'src/htcp.cc'
--- src/htcp.cc 2013-10-25 00:13:46 +0000
+++ src/htcp.cc 2014-03-16 09:01:59 +0000
@@ -48,7 +48,6 @@
#include "HttpStateFlags.h"
#include "icmp/net_db.h"
#include "ip/tools.h"
-#include "md5.h"
#include "MemBuf.h"
#include "refresh.h"
#include "SquidConfig.h"
@@ -60,6 +59,10 @@
#include "tools.h"
#include "URL.h"
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
+
typedef struct _Countstr Countstr;
typedef struct _htcpHeader htcpHeader;
@@ -245,7 +248,7 @@
static Comm::ConnectionPointer htcpIncomingConn = NULL;
#define N_QUERIED_KEYS 8192
static uint32_t queried_id[N_QUERIED_KEYS];
-static cache_key queried_keys[N_QUERIED_KEYS][SQUID_MD5_DIGEST_LENGTH];
+static cache_key queried_keys[N_QUERIED_KEYS][MD5_DIGEST_SIZE];
static Ip::Address queried_addr[N_QUERIED_KEYS];
static MemAllocator *htcpDetailPool = NULL;
=== modified file 'src/icp_v2.cc'
--- src/icp_v2.cc 2014-02-08 13:36:42 +0000
+++ src/icp_v2.cc 2014-03-16 09:03:52 +0000
@@ -51,7 +51,6 @@
#include "ip/Address.h"
#include "ip/tools.h"
#include "ipcache.h"
-#include "md5.h"
#include "multicast.h"
#include "neighbors.h"
#include "refresh.h"
@@ -68,6 +67,9 @@
#if HAVE_ERRNO_H
#include <errno.h>
#endif
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
static void icpIncomingConnectionOpened(const Comm::ConnectionPointer &conn,
int errNo);
@@ -832,7 +834,7 @@
#define N_QUERIED_KEYS 8192
#define N_QUERIED_KEYS_MASK 8191
-static cache_key queried_keys[N_QUERIED_KEYS][SQUID_MD5_DIGEST_LENGTH];
+static cache_key queried_keys[N_QUERIED_KEYS][MD5_DIGEST_SIZE];
int
icpSetCacheKey(const cache_key * key)
=== modified file 'src/mem.cc'
--- src/mem.cc 2014-02-21 10:46:19 +0000
+++ src/mem.cc 2014-03-16 09:05:56 +0000
@@ -39,7 +39,6 @@
#include "dlink.h"
#include "event.h"
#include "icmp/net_db.h"
-#include "md5.h"
#include "Mem.h"
#include "MemBuf.h"
#include "memMeter.h"
@@ -52,6 +51,9 @@
#include "StoreEntryStream.h"
#include <iomanip>
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
#include <ostream>
/* forward declarations */
@@ -468,7 +470,7 @@
memDataInit(MEM_NET_DB_NAME, "net_db_name", sizeof(net_db_name), 0);
memDataInit(MEM_RELIST, "RegexList", sizeof(RegexList), 0);
memDataInit(MEM_CLIENT_INFO, "ClientInfo", sizeof(ClientInfo), 0);
- memDataInit(MEM_MD5_DIGEST, "MD5 digest", SQUID_MD5_DIGEST_LENGTH, 0);
+ memDataInit(MEM_MD5_DIGEST, "MD5 digest", MD5_DIGEST_SIZE, 0);
MemPools[MEM_MD5_DIGEST]->setChunkSize(512 * 1024);
/** Lastly init the string pools. */
=== modified file 'src/store_key_md5.cc'
--- src/store_key_md5.cc 2013-06-27 21:04:01 +0000
+++ src/store_key_md5.cc 2014-03-16 10:19:00 +0000
@@ -33,12 +33,15 @@
#include "squid.h"
#include "HttpRequest.h"
-#include "md5.h"
#include "Mem.h"
#include "store_key_md5.h"
#include "URL.h"
-static cache_key null_key[SQUID_MD5_DIGEST_LENGTH];
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
+
+static cache_key null_key[MD5_DIGEST_SIZE];
const char *
storeKeyText(const cache_key *key)
@@ -46,10 +49,9 @@
if (!key)
return "[null_store_key]";
- static char buf[SQUID_MD5_DIGEST_LENGTH * 2+1];
- int i;
+ static char buf[MD5_DIGEST_SIZE * 2+1];
- for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; ++i)
+ for (int i = 0; i < MD5_DIGEST_SIZE; ++i)
snprintf(&buf[i*2],sizeof(buf) - i*2, "%02X", *(key + i));
return buf;
@@ -58,12 +60,10 @@
const cache_key *
storeKeyScan(const char *buf)
{
- static unsigned char digest[SQUID_MD5_DIGEST_LENGTH];
- int i;
- int j = 0;
- char t[3];
+ static unsigned char digest[MD5_DIGEST_SIZE];
- for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; ++i) {
+ for (int i = 0, j=0; i < MD5_DIGEST_SIZE; ++i) {
+ char t[3];
t[0] = *(buf + (j++));
t[1] = *(buf + (j++));
t[2] = '\0';
@@ -80,7 +80,7 @@
const unsigned char *B = (const unsigned char *)b;
int i;
- for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; ++i) {
+ for (i = 0; i < MD5_DIGEST_SIZE; ++i) {
if (A[i] < B[i])
return -1;
@@ -106,28 +106,29 @@
const cache_key *
storeKeyPrivate(const char *url, const HttpRequestMethod& method, int id)
{
- static cache_key digest[SQUID_MD5_DIGEST_LENGTH];
- SquidMD5_CTX M;
+ static cache_key digest[MD5_DIGEST_SIZE];
assert(id > 0);
debugs(20, 3, "storeKeyPrivate: " << method << " " << url);
- SquidMD5Init(&M);
- SquidMD5Update(&M, (unsigned char *) &id, sizeof(id));
- SquidMD5Update(&M, (unsigned char *) &method, sizeof(method));
- SquidMD5Update(&M, (unsigned char *) url, strlen(url));
- SquidMD5Final(digest, &M);
+
+ struct md5_ctx M;
+ md5_init(&M);
+ md5_update(&M, sizeof(id), reinterpret_cast<uint8_t*>(&id));
+ md5_update(&M, sizeof(method), reinterpret_cast<const uint8_t*>(&method));
+ md5_update(&M, strlen(url), reinterpret_cast<const uint8_t*>(url));
+ md5_digest(&M, sizeof(digest), digest);
return digest;
}
const cache_key *
storeKeyPublic(const char *url, const HttpRequestMethod& method)
{
- static cache_key digest[SQUID_MD5_DIGEST_LENGTH];
- unsigned char m = (unsigned char) method.id();
- SquidMD5_CTX M;
- SquidMD5Init(&M);
- SquidMD5Update(&M, &m, sizeof(m));
- SquidMD5Update(&M, (unsigned char *) url, strlen(url));
- SquidMD5Final(digest, &M);
+ static cache_key digest[MD5_DIGEST_SIZE];
+ uint8_t m = static_cast<uint8_t>(method.id());
+ struct md5_ctx M;
+ md5_init(&M);
+ md5_update(&M, sizeof(m), &m);
+ md5_update(&M, strlen(url), reinterpret_cast<const uint8_t*>(url));
+ md5_digest(&M, sizeof(digest), digest);
return digest;
}
@@ -140,21 +141,20 @@
const cache_key *
storeKeyPublicByRequestMethod(HttpRequest * request, const HttpRequestMethod&
method)
{
- static cache_key digest[SQUID_MD5_DIGEST_LENGTH];
+ static cache_key digest[MD5_DIGEST_SIZE];
unsigned char m = (unsigned char) method.id();
const char *url = request->storeId(); /* storeId returns the right
storeID\canonical URL for the md5 calc */
- SquidMD5_CTX M;
- SquidMD5Init(&M);
- SquidMD5Update(&M, &m, sizeof(m));
- SquidMD5Update(&M, (unsigned char *) url, strlen(url));
+ struct md5_ctx M;
+ md5_init(&M);
+ md5_update(&M, sizeof(m), &m);
+ md5_update(&M, strlen(url), reinterpret_cast<const uint8_t*>(url));
if (request->vary_headers) {
- SquidMD5Update(&M, (unsigned char *) request->vary_headers,
strlen(request->vary_headers));
debugs(20, 3, "updating public key by vary headers: " <<
request->vary_headers << " for: " << url);
+ md5_update(&M, strlen(request->vary_headers), reinterpret_cast<const
uint8_t*>(request->vary_headers));
}
- SquidMD5Final(digest, &M);
-
+ md5_digest(&M, sizeof(digest), digest);
return digest;
}
@@ -162,14 +162,14 @@
storeKeyDup(const cache_key * key)
{
cache_key *dup = (cache_key *)memAllocate(MEM_MD5_DIGEST);
- memcpy(dup, key, SQUID_MD5_DIGEST_LENGTH);
+ memcpy(dup, key, MD5_DIGEST_SIZE);
return dup;
}
cache_key *
storeKeyCopy(cache_key * dst, const cache_key * src)
{
- memcpy(dst, src, SQUID_MD5_DIGEST_LENGTH);
+ memcpy(dst, src, MD5_DIGEST_SIZE);
return dst;
}
@@ -193,7 +193,7 @@
int
storeKeyNull(const cache_key * key)
{
- if (memcmp(key, null_key, SQUID_MD5_DIGEST_LENGTH) == 0)
+ if (memcmp(key, null_key, MD5_DIGEST_SIZE) == 0)
return 1;
else
return 0;
@@ -202,5 +202,5 @@
void
storeKeyInit(void)
{
- memset(null_key, '\0', SQUID_MD5_DIGEST_LENGTH);
+ memset(null_key, '\0', MD5_DIGEST_SIZE);
}
=== modified file 'src/store_rebuild.cc'
--- src/store_rebuild.cc 2013-12-30 23:58:33 +0000
+++ src/store_rebuild.cc 2014-03-16 10:20:13 +0000
@@ -33,7 +33,6 @@
#include "squid.h"
#include "event.h"
#include "globals.h"
-#include "md5.h"
#include "SquidConfig.h"
#include "SquidTime.h"
#include "StatCounters.h"
@@ -47,6 +46,10 @@
#if HAVE_ERRNO_H
#include <errno.h>
#endif
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
+
static StoreRebuildData counts;
static struct timeval rebuild_start;
@@ -258,8 +261,8 @@
switch (x.getType()) {
case STORE_META_KEY:
- assert(x.length == SQUID_MD5_DIGEST_LENGTH);
- memcpy(index, x.value, SQUID_MD5_DIGEST_LENGTH);
+ assert(x.length == MD5_DIGEST_SIZE);
+ memcpy(index, x.value, MD5_DIGEST_SIZE);
break;
case STORE_META_STD:
@@ -345,7 +348,7 @@
// TODO: consume parsed metadata?
debugs(47,7, "successful swap meta unpacking; swap_file_sz=" <<
tmpe.swap_file_sz);
- memset(key, '\0', SQUID_MD5_DIGEST_LENGTH);
+ memset(key, '\0', MD5_DIGEST_SIZE);
InitStoreEntry visitor(&tmpe, key);
for_each(*tlv_list, visitor);
=== modified file 'src/store_swapmeta.cc'
--- src/store_swapmeta.cc 2013-02-08 09:25:04 +0000
+++ src/store_swapmeta.cc 2014-03-16 10:21:48 +0000
@@ -32,12 +32,14 @@
*/
#include "squid.h"
-#include "md5.h"
#include "MemObject.h"
#include "Store.h"
#include "StoreMeta.h"
#include "StoreMetaUnpacker.h"
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
#if HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
@@ -76,7 +78,7 @@
debugs(20, 3, "storeSwapMetaBuild URL: " << url);
- tlv *t = StoreMeta::Factory (STORE_META_KEY,SQUID_MD5_DIGEST_LENGTH,
e->key);
+ tlv *t = StoreMeta::Factory (STORE_META_KEY, MD5_DIGEST_SIZE, e->key);
if (!t) {
storeSwapTLVFree(TLV);
=== modified file 'src/wccp2.cc'
--- src/wccp2.cc 2014-03-16 03:08:55 +0000
+++ src/wccp2.cc 2014-03-16 10:51:45 +0000
@@ -41,7 +41,6 @@
#include "ConfigParser.h"
#include "event.h"
#include "ip/Address.h"
-#include "md5.h"
#include "Parsing.h"
#include "Store.h"
#include "SwapDir.h"
@@ -49,6 +48,9 @@
#if HAVE_NETDB_H
#include <netdb.h>
#endif
+#if HAVE_NETTLE_MD5_H
+#include <nettle/md5.h>
+#endif
#define WCCP_PORT 2048
#define WCCP_RESPONSE_SIZE 12448
@@ -67,7 +69,7 @@
#define WCCP2_MASK_ASSIGNMENT 0x01
#define WCCP2_NONE_SECURITY_LEN 0
-#define WCCP2_MD5_SECURITY_LEN SQUID_MD5_DIGEST_LENGTH // 16
+#define WCCP2_MD5_SECURITY_LEN MD5_DIGEST_SIZE // 16
/* Useful defines */
#define WCCP2_NUMPORTS 8
@@ -573,9 +575,8 @@
static char
wccp2_update_md5_security(char *password, char *ptr, char *packet, int len)
{
- uint8_t md5Digest[SQUID_MD5_DIGEST_LENGTH];
- char pwd[WCCP2_PASSWORD_LEN];
- SquidMD5_CTX M;
+ uint8_t md5Digest[MD5_DIGEST_SIZE];
+ uint8_t pwd[WCCP2_PASSWORD_LEN];
struct wccp2_security_md5_t *ws;
@@ -583,7 +584,7 @@
/* The password field, for the MD5 hash, needs to be 8 bytes and NUL
padded. */
memset(pwd, 0, sizeof(pwd));
- strncpy(pwd, password, sizeof(pwd));
+ strncpy(reinterpret_cast<char*>(pwd), password, sizeof(pwd));
pwd[sizeof(pwd) - 1] = '\0';
ws = (struct wccp2_security_md5_t *) ptr;
@@ -604,13 +605,11 @@
/* XXX eventually we should be able to kill md5Digest and blit it directly
in */
memset(ws->security_implementation, 0,
sizeof(ws->security_implementation));
- SquidMD5Init(&M);
-
- SquidMD5Update(&M, pwd, sizeof(pwd));
-
- SquidMD5Update(&M, packet, len);
-
- SquidMD5Final(md5Digest, &M);
+ struct md5_ctx M;
+ md5_init(&M);
+ md5_update(&M, sizeof(pwd), pwd);
+ md5_update(&M, len, reinterpret_cast<const uint8_t*>(packet));
+ md5_digest(&M, sizeof(md5Digest), md5Digest);
memcpy(ws->security_implementation, md5Digest, sizeof(md5Digest));
@@ -627,9 +626,8 @@
{
struct wccp2_security_md5_t *ws = (struct wccp2_security_md5_t *) security;
- uint8_t md5Digest[SQUID_MD5_DIGEST_LENGTH],
md5_challenge[SQUID_MD5_DIGEST_LENGTH];
- char pwd[WCCP2_PASSWORD_LEN];
- SquidMD5_CTX M;
+ uint8_t md5Digest[MD5_DIGEST_SIZE], md5_challenge[MD5_DIGEST_SIZE];
+ uint8_t pwd[WCCP2_PASSWORD_LEN];
/* Make sure the security type matches what we expect */
@@ -651,7 +649,7 @@
/* The password field, for the MD5 hash, needs to be 8 bytes and NUL
padded. */
memset(pwd, 0, sizeof(pwd));
- strncpy(pwd, srv->wccp_password, sizeof(pwd));
+ strncpy(reinterpret_cast<char*>(pwd), srv->wccp_password, sizeof(pwd));
pwd[sizeof(pwd) - 1] = '\0';
/* Take a copy of the challenge: we need to NUL it before comparing */
@@ -659,15 +657,13 @@
memset(ws->security_implementation, 0,
sizeof(ws->security_implementation));
- SquidMD5Init(&M);
-
- SquidMD5Update(&M, pwd, sizeof(pwd));
-
- SquidMD5Update(&M, packet, len);
-
- SquidMD5Final(md5Digest, &M);
-
- return (memcmp(md5Digest, md5_challenge, SQUID_MD5_DIGEST_LENGTH) == 0);
+ struct md5_ctx M;
+ md5_init(&M);
+ md5_update(&M, sizeof(pwd), pwd);
+ md5_update(&M, len, reinterpret_cast<const uint8_t*>(packet));
+ md5_digest(&M, MD5_DIGEST_SIZE, md5Digest);
+
+ return (memcmp(md5Digest, md5_challenge, MD5_DIGEST_SIZE) == 0);
}
void
