Browse Source

do not link -lmd to get MD5* functions

There are crypto hash function symbol overlaps between libmd and libcrypto on
FreeBSD, which causes hashing of the certificates store to fail as a
side-effect when using TLS constraints. Since all we really need is MD5, just
use the embedded OpenBSD versions instead.
OPENBSD_5_8
Brent Cook 9 years ago
parent
commit
e0ed8ed664
7 changed files with 174 additions and 44 deletions
  1. +2
    -2
      .gitignore
  2. +0
    -8
      compat/Makefile.am
  3. +1
    -5
      configure.ac
  4. +0
    -2
      include/Makefile.am
  5. +44
    -7
      include/md5.h
  6. +125
    -18
      include/sha2.h
  7. +2
    -2
      update.sh

+ 2
- 2
.gitignore View File

@ -54,8 +54,8 @@ config.c
constraint.c constraint.c
control.c control.c
include/imsg.h include/imsg.h
include/md5_openbsd.h
include/sha2_openbsd.h
include/md5.h
include/sha2.h
log.c log.c
log.h log.h
ntp.c ntp.c


+ 0
- 8
compat/Makefile.am View File

@ -74,9 +74,7 @@ libcompat_la_SOURCES += imsg.c
libcompat_la_SOURCES += imsg-buffer.c libcompat_la_SOURCES += imsg-buffer.c
endif endif
if !HAVE_MD5
libcompat_la_SOURCES += md5.c libcompat_la_SOURCES += md5.c
endif
libcompat_la_SOURCES += progname.c libcompat_la_SOURCES += progname.c
@ -117,27 +115,21 @@ libcompat_la_SOURCES += getentropy_freebsd.c
endif endif
if HOST_LINUX if HOST_LINUX
libcompat_la_SOURCES += getentropy_linux.c libcompat_la_SOURCES += getentropy_linux.c
if !HAVE_SHA512
libcompat_la_SOURCES += sha2.c libcompat_la_SOURCES += sha2.c
endif endif
endif
if HOST_NETBSD if HOST_NETBSD
libcompat_la_SOURCES += getentropy_netbsd.c libcompat_la_SOURCES += getentropy_netbsd.c
endif endif
if HOST_DARWIN if HOST_DARWIN
libcompat_la_SOURCES += getentropy_osx.c libcompat_la_SOURCES += getentropy_osx.c
if !HAVE_SHA512
libcompat_la_SOURCES += sha2.c libcompat_la_SOURCES += sha2.c
endif endif
endif
if HOST_SOLARIS if HOST_SOLARIS
libcompat_la_SOURCES += getentropy_solaris.c libcompat_la_SOURCES += getentropy_solaris.c
if !HAVE_SHA512
libcompat_la_SOURCES += sha2.c libcompat_la_SOURCES += sha2.c
endif endif
endif endif
endif endif
endif
if !HAVE_ARC4RANDOM_UNIFORM if !HAVE_ARC4RANDOM_UNIFORM
libcompat_la_SOURCES += arc4random_uniform.c libcompat_la_SOURCES += arc4random_uniform.c


+ 1
- 5
configure.ac View File

@ -111,10 +111,8 @@ AC_SEARCH_LIBS([arc4random], [crypto])
AC_SEARCH_LIBS([clock_getres],[rt posix4]) AC_SEARCH_LIBS([clock_getres],[rt posix4])
AC_SEARCH_LIBS([clock_gettime],[rt posix4]) AC_SEARCH_LIBS([clock_gettime],[rt posix4])
AC_SEARCH_LIBS([ibuf_open], [util]) AC_SEARCH_LIBS([ibuf_open], [util])
AC_SEARCH_LIBS([MD5Init], [md md5])
AC_SEARCH_LIBS([SHA512Init], [md])
AC_CHECK_FUNCS([arc4random ibuf_open MD5Init SHA512Init])
AC_CHECK_FUNCS([arc4random ibuf_open])
AC_CHECK_FUNCS([clock_gettime clock_getres]) AC_CHECK_FUNCS([clock_gettime clock_getres])
# check for libtls # check for libtls
@ -133,7 +131,6 @@ AM_CONDITIONAL([HAVE_CLOCK_GETTIME], [test "x$ac_cv_func_clock_gettime" = xyes])
AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes]) AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes]) AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
AM_CONDITIONAL([HAVE_IMSG], [test "x$ac_cv_func_ibuf_open" = xyes]) AM_CONDITIONAL([HAVE_IMSG], [test "x$ac_cv_func_ibuf_open" = xyes])
AM_CONDITIONAL([HAVE_MD5], [test "x$ac_cv_func_MD5Init" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes]) AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes]) AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes]) AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
@ -141,7 +138,6 @@ AM_CONDITIONAL([HAVE_SETGROUPS], [test "x$ac_cv_func_setgroups" = xyes])
AM_CONDITIONAL([HAVE_SETRESGID], [test "x$ac_cv_func_setresgid" = xyes]) AM_CONDITIONAL([HAVE_SETRESGID], [test "x$ac_cv_func_setresgid" = xyes])
AM_CONDITIONAL([HAVE_SETRESUID], [test "x$ac_cv_func_setresuid" = xyes]) AM_CONDITIONAL([HAVE_SETRESUID], [test "x$ac_cv_func_setresuid" = xyes])
AM_CONDITIONAL([HAVE_SETPROCTITLE], [test "x$ac_cv_func_setproctitle" = xyes]) AM_CONDITIONAL([HAVE_SETPROCTITLE], [test "x$ac_cv_func_setproctitle" = xyes])
AM_CONDITIONAL([HAVE_SHA512], [test "x$ac_cv_func_SHA512Init" = xyes])
AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes]) AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes]) AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes]) AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])


+ 0
- 2
include/Makefile.am View File

@ -9,9 +9,7 @@ noinst_HEADERS += err.h
noinst_HEADERS += imsg.h noinst_HEADERS += imsg.h
noinst_HEADERS += string.h noinst_HEADERS += string.h
noinst_HEADERS += md5.h noinst_HEADERS += md5.h
noinst_HEADERS += md5_openbsd.h
noinst_HEADERS += sha2.h noinst_HEADERS += sha2.h
noinst_HEADERS += sha2_openbsd.h
noinst_HEADERS += stdlib.h noinst_HEADERS += stdlib.h
noinst_HEADERS += Makefile.in noinst_HEADERS += Makefile.in
noinst_HEADERS += poll.h noinst_HEADERS += poll.h


+ 44
- 7
include/md5.h View File

@ -1,10 +1,47 @@
/* $OpenBSD: md5.h,v 1.16 2004/06/22 01:57:30 jfb Exp $ */
/* /*
* Public domain
* md5.h compatibility shim
* This code implements the MD5 message-digest algorithm.
* The algorithm is due to Ron Rivest. This code was
* written by Colin Plumb in 1993, no copyright is claimed.
* This code is in the public domain; do with it what you wish.
*
* Equivalent code is available from RSA Data Security, Inc.
* This code has been tested against that, and is equivalent,
* except that you don't need to include two pages of legalese
* with every copy.
*/ */
#ifdef HAVE_MD5_H
#include_next <md5.h>
#else
#include "md5_openbsd.h"
#endif
#ifndef _MD5_H_
#define _MD5_H_
#define MD5_BLOCK_LENGTH 64
#define MD5_DIGEST_LENGTH 16
#define MD5_DIGEST_STRING_LENGTH (MD5_DIGEST_LENGTH * 2 + 1)
typedef struct MD5Context {
u_int32_t state[4]; /* state */
u_int64_t count; /* number of bits, mod 2^64 */
u_int8_t buffer[MD5_BLOCK_LENGTH]; /* input buffer */
} MD5_CTX;
void MD5Init(MD5_CTX *);
void MD5Update(MD5_CTX *, const u_int8_t *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void MD5Pad(MD5_CTX *);
void MD5Final(u_int8_t [MD5_DIGEST_LENGTH], MD5_CTX *)
__attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH)));
void MD5Transform(u_int32_t [4], const u_int8_t [MD5_BLOCK_LENGTH])
__attribute__((__bounded__(__minbytes__,1,4)))
__attribute__((__bounded__(__minbytes__,2,MD5_BLOCK_LENGTH)));
char *MD5End(MD5_CTX *, char *)
__attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH)));
char *MD5File(const char *, char *)
__attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH)));
char *MD5FileChunk(const char *, char *, off_t, off_t)
__attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH)));
char *MD5Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,MD5_DIGEST_STRING_LENGTH)));
#endif /* _MD5_H_ */

+ 125
- 18
include/sha2.h View File

@ -1,27 +1,134 @@
/* $OpenBSD: sha2.h,v 1.8 2012/12/05 23:19:57 deraadt Exp $ */
/* /*
* Public domain
* sha2.h compatibility shim
* FILE: sha2.h
* AUTHOR: Aaron D. Gifford <me@aarongifford.com>
*
* Copyright (c) 2000-2001, Aaron D. Gifford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the copyright holder nor the names of contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
*/ */
#ifdef HAVE_SHA2_H
#include_next <sha2.h>
#else
#ifndef _SHA2_H
#define _SHA2_H
/*** SHA-256/384/512 Various Length Definitions ***********************/
#define SHA224_BLOCK_LENGTH 64
#define SHA224_DIGEST_LENGTH 28
#define SHA224_DIGEST_STRING_LENGTH (SHA224_DIGEST_LENGTH * 2 + 1)
#define SHA256_BLOCK_LENGTH 64
#define SHA256_DIGEST_LENGTH 32
#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1)
#define SHA384_BLOCK_LENGTH 128
#define SHA384_DIGEST_LENGTH 48
#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1)
#define SHA512_BLOCK_LENGTH 128
#define SHA512_DIGEST_LENGTH 64
#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1)
#include "sha2_openbsd.h"
/*** SHA-224/256/384/512 Context Structure *******************************/
typedef struct _SHA2_CTX {
union {
u_int32_t st32[8];
u_int64_t st64[8];
} state;
u_int64_t bitcount[2];
u_int8_t buffer[SHA512_BLOCK_LENGTH];
} SHA2_CTX;
#define __weak_alias(alias,sym)
void SHA224Init(SHA2_CTX *);
void SHA224Transform(u_int32_t state[8], const u_int8_t [SHA224_BLOCK_LENGTH]);
void SHA224Update(SHA2_CTX *, const u_int8_t *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void SHA224Pad(SHA2_CTX *);
void SHA224Final(u_int8_t [SHA224_DIGEST_LENGTH], SHA2_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA224_DIGEST_LENGTH)));
char *SHA224End(SHA2_CTX *, char *)
__attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH)));
char *SHA224File(const char *, char *)
__attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH)));
char *SHA224FileChunk(const char *, char *, off_t, off_t)
__attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH)));
char *SHA224Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA224_DIGEST_STRING_LENGTH)));
#define SHA224Transform(a, b) SHA256Transform(a, b)
#define SHA224Update(a, b, c) SHA256Update(a, b, c)
#define SHA224Pad(a) SHA256Pad(a)
void SHA256Init(SHA2_CTX *);
void SHA256Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]);
void SHA256Update(SHA2_CTX *, const u_int8_t *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void SHA256Pad(SHA2_CTX *);
void SHA256Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA2_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
char *SHA256End(SHA2_CTX *, char *)
__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
char *SHA256File(const char *, char *)
__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
char *SHA256FileChunk(const char *, char *, off_t, off_t)
__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
char *SHA256Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH)));
#define SHA384Transform(a, b) SHA512Transform(a, b)
#define SHA384Update(a, b, c) SHA512Update(a, b, c)
#define SHA384Pad(a) SHA512Pad(a)
void SHA384Init(SHA2_CTX *);
void SHA384Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]);
void SHA384Update(SHA2_CTX *, const u_int8_t *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void SHA384Pad(SHA2_CTX *);
void SHA384Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA2_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH)));
char *SHA384End(SHA2_CTX *, char *)
__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
char *SHA384File(const char *, char *)
__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
char *SHA384FileChunk(const char *, char *, off_t, off_t)
__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
char *SHA384Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH)));
#define SHA512_CTX SHA2_CTX
#define SHA512_Init(ctx) SHA512Init(ctx)
#define SHA512_Update(ctx, buf, len) SHA512Update(ctx, (void *)buf, len)
#define SHA512_Final(digest, ctx) SHA512Final(digest, ctx)
void SHA512Init(SHA2_CTX *);
void SHA512Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]);
void SHA512Update(SHA2_CTX *, const u_int8_t *, size_t)
__attribute__((__bounded__(__string__,2,3)));
void SHA512Pad(SHA2_CTX *);
void SHA512Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA2_CTX *)
__attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH)));
char *SHA512End(SHA2_CTX *, char *)
__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
char *SHA512File(const char *, char *)
__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
char *SHA512FileChunk(const char *, char *, off_t, off_t)
__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
char *SHA512Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
#endif
#endif /* _SHA2_H */

+ 2
- 2
update.sh View File

@ -28,8 +28,8 @@ ntpd_src=$dir/openbsd/src/usr.sbin/ntpd
CP='cp -p' CP='cp -p'
PATCH='patch -p0 -s' PATCH='patch -p0 -s'
sed '/DECLS/d' $libc_inc/md5.h > include/md5_openbsd.h
sed '/DECLS/d' $libc_inc/sha2.h > include/sha2_openbsd.h
sed '/DECLS/d' $libc_inc/md5.h > include/md5.h
sed '/DECLS/d' $libc_inc/sha2.h > include/sha2.h
cp $libutil_src/imsg.h include/ cp $libutil_src/imsg.h include/
cp $libutil_src/imsg.c compat/ cp $libutil_src/imsg.c compat/
cp $libutil_src/imsg-buffer.c compat/ cp $libutil_src/imsg-buffer.c compat/


Loading…
Cancel
Save