do not link -lmd to get MD5* functions

There are crypto hash function symbol overlaps between libmd and libcrypto on
FreeBSD, which causes hashing of the certificates store to fail as a
side-effect when using TLS constraints. Since all we really need is MD5, just
use the embedded OpenBSD versions instead.

.gitignore

@@ -54,8 +54,8 @@ config.c
 constraint.c
 control.c
 include/imsg.h
-include/md5_openbsd.h
-include/sha2_openbsd.h
+include/md5.h
+include/sha2.h
 log.c
 log.h
 ntp.c

compat/Makefile.am

@@ -74,9 +74,7 @@ libcompat_la_SOURCES += imsg.c
 libcompat_la_SOURCES += imsg-buffer.c
 endif
 
-if !HAVE_MD5
 libcompat_la_SOURCES += md5.c
-endif
 
 libcompat_la_SOURCES += progname.c
 
@@ -117,27 +115,21 @@ libcompat_la_SOURCES += getentropy_freebsd.c
 endif
 if HOST_LINUX
 libcompat_la_SOURCES += getentropy_linux.c
-if !HAVE_SHA512
 libcompat_la_SOURCES += sha2.c
 endif
-endif
 if HOST_NETBSD
 libcompat_la_SOURCES += getentropy_netbsd.c
 endif
 if HOST_DARWIN
 libcompat_la_SOURCES += getentropy_osx.c
-if !HAVE_SHA512
 libcompat_la_SOURCES += sha2.c
 endif
-endif
 if HOST_SOLARIS
 libcompat_la_SOURCES += getentropy_solaris.c
-if !HAVE_SHA512
 libcompat_la_SOURCES += sha2.c
 endif
 endif
 endif
-endif
 
 if !HAVE_ARC4RANDOM_UNIFORM
 libcompat_la_SOURCES += arc4random_uniform.c

configure.ac

@@ -111,10 +111,8 @@ AC_SEARCH_LIBS([arc4random], [crypto])
 AC_SEARCH_LIBS([clock_getres],[rt posix4])
 AC_SEARCH_LIBS([clock_gettime],[rt posix4])
 AC_SEARCH_LIBS([ibuf_open], [util])
-AC_SEARCH_LIBS([MD5Init], [md md5])
-AC_SEARCH_LIBS([SHA512Init], [md])
 
-AC_CHECK_FUNCS([arc4random ibuf_open MD5Init SHA512Init])
+AC_CHECK_FUNCS([arc4random ibuf_open])
 AC_CHECK_FUNCS([clock_gettime clock_getres])
 
 # check for libtls
@@ -133,7 +131,6 @@ AM_CONDITIONAL([HAVE_CLOCK_GETTIME], [test "x$ac_cv_func_clock_gettime" = xyes])
 AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
 AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
 AM_CONDITIONAL([HAVE_IMSG], [test "x$ac_cv_func_ibuf_open" = xyes])
-AM_CONDITIONAL([HAVE_MD5], [test "x$ac_cv_func_MD5Init" = xyes])
 AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
 AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
 AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
@@ -141,7 +138,6 @@ AM_CONDITIONAL([HAVE_SETGROUPS], [test "x$ac_cv_func_setgroups" = xyes])
 AM_CONDITIONAL([HAVE_SETRESGID], [test "x$ac_cv_func_setresgid" = xyes])
 AM_CONDITIONAL([HAVE_SETRESUID], [test "x$ac_cv_func_setresuid" = xyes])
 AM_CONDITIONAL([HAVE_SETPROCTITLE], [test "x$ac_cv_func_setproctitle" = xyes])
-AM_CONDITIONAL([HAVE_SHA512], [test "x$ac_cv_func_SHA512Init" = xyes])
 AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
 AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
 AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])

include/Makefile.am

@@ -9,9 +9,7 @@ noinst_HEADERS += err.h
 noinst_HEADERS += imsg.h
 noinst_HEADERS += string.h
 noinst_HEADERS += md5.h
-noinst_HEADERS += md5_openbsd.h
 noinst_HEADERS += sha2.h
-noinst_HEADERS += sha2_openbsd.h
 noinst_HEADERS += stdlib.h
 noinst_HEADERS += Makefile.in
 noinst_HEADERS += poll.h

include/md5.h

@@ -1,10 +1,47 @@
+/*	$OpenBSD: md5.h,v 1.16 2004/06/22 01:57:30 jfb Exp $	*/
+
 /*
- * Public domain
- * md5.h compatibility shim
+ * This code implements the MD5 message-digest algorithm.
+ * The algorithm is due to Ron Rivest.  This code was
+ * written by Colin Plumb in 1993, no copyright is claimed.
+ * This code is in the public domain; do with it what you wish.
+ *
+ * Equivalent code is available from RSA Data Security, Inc.
+ * This code has been tested against that, and is equivalent,
+ * except that you don't need to include two pages of legalese
+ * with every copy.
  */
 
-#ifdef HAVE_MD5_H
-#include_next <md5.h>
-#else
-#include "md5_openbsd.h"
-#endif
+#ifndef _MD5_H_
+#define _MD5_H_
+
+#define	MD5_BLOCK_LENGTH		64
+#define	MD5_DIGEST_LENGTH		16
+#define	MD5_DIGEST_STRING_LENGTH	(MD5_DIGEST_LENGTH * 2 + 1)
+
+typedef struct MD5Context {
+	u_int32_t state[4];			/* state */
+	u_int64_t count;			/* number of bits, mod 2^64 */
+	u_int8_t buffer[MD5_BLOCK_LENGTH];	/* input buffer */
+} MD5_CTX;
+
+void	 MD5Init(MD5_CTX *);
+void	 MD5Update(MD5_CTX *, const u_int8_t *, size_t)
+		__attribute__((__bounded__(__string__,2,3)));
+void	 MD5Pad(MD5_CTX *);
+void	 MD5Final(u_int8_t [MD5_DIGEST_LENGTH], MD5_CTX *)
+		__attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH)));
+void	 MD5Transform(u_int32_t [4], const u_int8_t [MD5_BLOCK_LENGTH])
+		__attribute__((__bounded__(__minbytes__,1,4)))
+		__attribute__((__bounded__(__minbytes__,2,MD5_BLOCK_LENGTH)));
+char	*MD5End(MD5_CTX *, char *)
+		__attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH)));
+char	*MD5File(const char *, char *)
+		__attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH)));
+char	*MD5FileChunk(const char *, char *, off_t, off_t)
+		__attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH)));
+char	*MD5Data(const u_int8_t *, size_t, char *)
+		__attribute__((__bounded__(__string__,1,2)))
+		__attribute__((__bounded__(__minbytes__,3,MD5_DIGEST_STRING_LENGTH)));
+
+#endif /* _MD5_H_ */

include/sha2.h

@@ -1,27 +1,134 @@
+/*	$OpenBSD: sha2.h,v 1.8 2012/12/05 23:19:57 deraadt Exp $	*/
+
 /*
- * Public domain
- * sha2.h compatibility shim
+ * FILE:	sha2.h
+ * AUTHOR:	Aaron D. Gifford <me@aarongifford.com>
+ * 
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
  */
 
-#ifdef HAVE_SHA2_H
-#include_next <sha2.h>
-#else
+#ifndef _SHA2_H
+#define _SHA2_H
+
+
+/*** SHA-256/384/512 Various Length Definitions ***********************/
+#define SHA224_BLOCK_LENGTH		64
+#define SHA224_DIGEST_LENGTH		28
+#define SHA224_DIGEST_STRING_LENGTH	(SHA224_DIGEST_LENGTH * 2 + 1)
+#define SHA256_BLOCK_LENGTH		64
+#define SHA256_DIGEST_LENGTH		32
+#define SHA256_DIGEST_STRING_LENGTH	(SHA256_DIGEST_LENGTH * 2 + 1)
+#define SHA384_BLOCK_LENGTH		128
+#define SHA384_DIGEST_LENGTH		48
+#define SHA384_DIGEST_STRING_LENGTH	(SHA384_DIGEST_LENGTH * 2 + 1)
+#define SHA512_BLOCK_LENGTH		128
+#define SHA512_DIGEST_LENGTH		64
+#define SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
+
 
-#include "sha2_openbsd.h"
+/*** SHA-224/256/384/512 Context Structure *******************************/
+typedef struct _SHA2_CTX {
+	union {
+		u_int32_t	st32[8];
+		u_int64_t	st64[8];
+	} state;
+	u_int64_t	bitcount[2];
+	u_int8_t	buffer[SHA512_BLOCK_LENGTH];
+} SHA2_CTX;
 
-#define __weak_alias(alias,sym)
+void SHA224Init(SHA2_CTX *);
+void SHA224Transform(u_int32_t state[8], const u_int8_t [SHA224_BLOCK_LENGTH]);
+void SHA224Update(SHA2_CTX *, const u_int8_t *, size_t)
+	__attribute__((__bounded__(__string__,2,3)));
+void SHA224Pad(SHA2_CTX *);
+void SHA224Final(u_int8_t [SHA224_DIGEST_LENGTH], SHA2_CTX *)
+	__attribute__((__bounded__(__minbytes__,1,SHA224_DIGEST_LENGTH)));
+char *SHA224End(SHA2_CTX *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH)));
+char *SHA224File(const char *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH)));
+char *SHA224FileChunk(const char *, char *, off_t, off_t)
+	__attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH)));
+char *SHA224Data(const u_int8_t *, size_t, char *)
+	__attribute__((__bounded__(__string__,1,2)))
+	__attribute__((__bounded__(__minbytes__,3,SHA224_DIGEST_STRING_LENGTH)));
 
-#define SHA224Transform(a, b) SHA256Transform(a, b)
-#define SHA224Update(a, b, c) SHA256Update(a, b, c)
-#define SHA224Pad(a) SHA256Pad(a)
+void SHA256Init(SHA2_CTX *);
+void SHA256Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]);
+void SHA256Update(SHA2_CTX *, const u_int8_t *, size_t)
+	__attribute__((__bounded__(__string__,2,3)));
+void SHA256Pad(SHA2_CTX *);
+void SHA256Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA2_CTX *)
+	__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
+char *SHA256End(SHA2_CTX *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
+char *SHA256File(const char *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
+char *SHA256FileChunk(const char *, char *, off_t, off_t)
+	__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
+char *SHA256Data(const u_int8_t *, size_t, char *)
+	__attribute__((__bounded__(__string__,1,2)))
+	__attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH)));
 
-#define SHA384Transform(a, b) SHA512Transform(a, b)
-#define SHA384Update(a, b, c) SHA512Update(a, b, c)
-#define SHA384Pad(a) SHA512Pad(a)
+void SHA384Init(SHA2_CTX *);
+void SHA384Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]);
+void SHA384Update(SHA2_CTX *, const u_int8_t *, size_t)
+	__attribute__((__bounded__(__string__,2,3)));
+void SHA384Pad(SHA2_CTX *);
+void SHA384Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA2_CTX *)
+	__attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH)));
+char *SHA384End(SHA2_CTX *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
+char *SHA384File(const char *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
+char *SHA384FileChunk(const char *, char *, off_t, off_t)
+	__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
+char *SHA384Data(const u_int8_t *, size_t, char *)
+	__attribute__((__bounded__(__string__,1,2)))
+	__attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH)));
 
-#define SHA512_CTX SHA2_CTX
-#define SHA512_Init(ctx) SHA512Init(ctx)
-#define SHA512_Update(ctx, buf, len) SHA512Update(ctx, (void *)buf, len)
-#define SHA512_Final(digest, ctx) SHA512Final(digest, ctx)
+void SHA512Init(SHA2_CTX *);
+void SHA512Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]);
+void SHA512Update(SHA2_CTX *, const u_int8_t *, size_t)
+	__attribute__((__bounded__(__string__,2,3)));
+void SHA512Pad(SHA2_CTX *);
+void SHA512Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA2_CTX *)
+	__attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH)));
+char *SHA512End(SHA2_CTX *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
+char *SHA512File(const char *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
+char *SHA512FileChunk(const char *, char *, off_t, off_t)
+	__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
+char *SHA512Data(const u_int8_t *, size_t, char *)
+	__attribute__((__bounded__(__string__,1,2)))
+	__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
 
-#endif
+#endif /* _SHA2_H */

update.sh

@@ -28,8 +28,8 @@ ntpd_src=$dir/openbsd/src/usr.sbin/ntpd
 CP='cp -p'
 PATCH='patch -p0 -s'
 
-sed '/DECLS/d' $libc_inc/md5.h > include/md5_openbsd.h
-sed '/DECLS/d' $libc_inc/sha2.h > include/sha2_openbsd.h
+sed '/DECLS/d' $libc_inc/md5.h > include/md5.h
+sed '/DECLS/d' $libc_inc/sha2.h > include/sha2.h
 cp $libutil_src/imsg.h include/
 cp $libutil_src/imsg.c compat/
 cp $libutil_src/imsg-buffer.c compat/