bind/Makefile.in bind/bind.tar.gz bind/version.tmp \
common/tests/Atffile server/tests/Atffile
-SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server
+SUBDIRS = bind includes tests common omapip client dhcpctl relay server
nobase_include_HEADERS = dhcpctl/dhcpctl.h
bind/Makefile.in bind/bind.tar.gz bind/version.tmp \
common/tests/Atffile server/tests/Atffile
-SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server
+SUBDIRS = bind includes tests common omapip client dhcpctl relay server
nobase_include_HEADERS = dhcpctl/dhcpctl.h
all: all-recursive
a proper length for it.
[ISC-Bugs #39209]
+- Remove the dst directory. This was replaced in 4.2.0 with the dst
+ code from the Bind libraries but we continued to include it for
+ backwards compatibility. As we have now released 4.3.x it seems
+ reasonable to remove it.
+ [ISC-Buts #39019]
+
Changes since 4.3.2rc2
- None
Domain Name Service subroutines. */
/*
- * Copyright (c) 2009-2014 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2009-2015 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2001-2003 by Internet Software Consortium
*
fi
+<<<<<<< HEAD
ac_config_files="$ac_config_files Makefile bind/Makefile client/Makefile client/tests/Makefile common/Makefile common/tests/Makefile dhcpctl/Makefile dst/Makefile includes/Makefile omapip/Makefile relay/Makefile server/Makefile tests/Makefile tests/unittest.sh server/tests/Makefile doc/devel/doxyfile"
+=======
+ac_config_files="$ac_config_files Makefile client/Makefile client/tests/Makefile common/Makefile common/tests/Makefile dhcpctl/Makefile includes/Makefile omapip/Makefile relay/Makefile server/Makefile tests/Makefile tests/unittest.sh server/tests/Makefile doc/devel/doxyfile"
+>>>>>>> rt39019
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
"common/Makefile") CONFIG_FILES="$CONFIG_FILES common/Makefile" ;;
"common/tests/Makefile") CONFIG_FILES="$CONFIG_FILES common/tests/Makefile" ;;
"dhcpctl/Makefile") CONFIG_FILES="$CONFIG_FILES dhcpctl/Makefile" ;;
- "dst/Makefile") CONFIG_FILES="$CONFIG_FILES dst/Makefile" ;;
"includes/Makefile") CONFIG_FILES="$CONFIG_FILES includes/Makefile" ;;
"omapip/Makefile") CONFIG_FILES="$CONFIG_FILES omapip/Makefile" ;;
"relay/Makefile") CONFIG_FILES="$CONFIG_FILES relay/Makefile" ;;
common/Makefile
common/tests/Makefile
dhcpctl/Makefile
- dst/Makefile
includes/Makefile
omapip/Makefile
relay/Makefile
+++ /dev/null
-.deps
-Makefile
+++ /dev/null
-AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
-
-lib_LIBRARIES = libdst.a
-
-libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
- base64.c prandom.c
-
-EXTRA_DIST = dst_internal.h md5.h md5_locl.h
+++ /dev/null
-# Makefile.in generated by automake 1.14 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = dst
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/includes/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(libdir)"
-LIBRARIES = $(lib_LIBRARIES)
-AR = ar
-ARFLAGS = cru
-AM_V_AR = $(am__v_AR_@AM_V@)
-am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@)
-am__v_AR_0 = @echo " AR " $@;
-am__v_AR_1 =
-libdst_a_AR = $(AR) $(ARFLAGS)
-libdst_a_LIBADD =
-am_libdst_a_OBJECTS = dst_support.$(OBJEXT) dst_api.$(OBJEXT) \
- hmac_link.$(OBJEXT) md5_dgst.$(OBJEXT) base64.$(OBJEXT) \
- prandom.$(OBJEXT)
-libdst_a_OBJECTS = $(am_libdst_a_OBJECTS)
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/includes
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(libdst_a_SOURCES)
-DIST_SOURCES = $(libdst_a_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-ATF_BIN = @ATF_BIN@
-ATF_CFLAGS = @ATF_CFLAGS@
-ATF_LDFLAGS = @ATF_LDFLAGS@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BINDCONFIG = @BINDCONFIG@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDAP_CFLAGS = @LDAP_CFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_prefix_program = @ac_prefix_program@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-byte_order = @byte_order@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
-lib_LIBRARIES = libdst.a
-libdst_a_SOURCES = dst_support.c dst_api.c hmac_link.c md5_dgst.c \
- base64.c prandom.c
-
-EXTRA_DIST = dst_internal.h md5.h md5_locl.h
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign dst/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --foreign dst/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-install-libLIBRARIES: $(lib_LIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
- echo " $(INSTALL_DATA) $$list2 '$(DESTDIR)$(libdir)'"; \
- $(INSTALL_DATA) $$list2 "$(DESTDIR)$(libdir)" || exit $$?; }
- @$(POST_INSTALL)
- @list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \
- for p in $$list; do \
- if test -f $$p; then \
- $(am__strip_dir) \
- echo " ( cd '$(DESTDIR)$(libdir)' && $(RANLIB) $$f )"; \
- ( cd "$(DESTDIR)$(libdir)" && $(RANLIB) $$f ) || exit $$?; \
- else :; fi; \
- done
-
-uninstall-libLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(lib_LIBRARIES)'; test -n "$(libdir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(libdir)'; $(am__uninstall_files_from_dir)
-
-clean-libLIBRARIES:
- -test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES)
-
-libdst.a: $(libdst_a_OBJECTS) $(libdst_a_DEPENDENCIES) $(EXTRA_libdst_a_DEPENDENCIES)
- $(AM_V_at)-rm -f libdst.a
- $(AM_V_AR)$(libdst_a_AR) libdst.a $(libdst_a_OBJECTS) $(libdst_a_LIBADD)
- $(AM_V_at)$(RANLIB) libdst.a
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dst_api.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dst_support.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac_link.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5_dgst.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prandom.Po@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LIBRARIES)
-installdirs:
- for dir in "$(DESTDIR)$(libdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLIBRARIES mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am: install-libLIBRARIES
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-libLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-libLIBRARIES cscopelist-am ctags ctags-am distclean \
- distclean-compile distclean-generic distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-libLIBRARIES install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-libLIBRARIES
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
+++ /dev/null
-/*
- * Copyright (c) 2004,2009,2014 by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1996-2003 by Internet Software Consortium
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Internet Systems Consortium, Inc.
- * 950 Charter Street
- * Redwood City, CA 94063
- * <info@isc.org>
- * https://www.isc.org/
- */
-
-/*
- * Portions Copyright (c) 1995 by International Business Machines, Inc.
- *
- * International Business Machines, Inc. (hereinafter called IBM) grants
- * permission under its copyrights to use, copy, modify, and distribute this
- * Software with or without fee, provided that the above copyright notice and
- * all paragraphs of this notice appear in all copies, and that the name of IBM
- * not be used in connection with the marketing of any product incorporating
- * the Software or modifications thereof, without specific, written prior
- * permission.
- *
- * To the extent it has a right to do so, IBM grants an immunity from suit
- * under its patents, if any, for the use, sale or manufacture of products to
- * the extent that such products are used for performing Domain Name System
- * dynamic updates in TCP/IP networks by means of the Software. No immunity is
- * granted for any product per se or for any other function of any product.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
- * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
- * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include <ctype.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <sys/socket.h>
-
-#include "cdefs.h"
-#include "osdep.h"
-#include "arpa/nameser.h"
-
-#define Assert(Cond) if (!(Cond)) abort()
-
-static const char Base64[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-static const char Pad64 = '=';
-
-/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
- The following encoding technique is taken from RFC 1521 by Borenstein
- and Freed. It is reproduced here in a slightly edited form for
- convenience.
-
- A 65-character subset of US-ASCII is used, enabling 6 bits to be
- represented per printable character. (The extra 65th character, "=",
- is used to signify a special processing function.)
-
- The encoding process represents 24-bit groups of input bits as output
- strings of 4 encoded characters. Proceeding from left to right, a
- 24-bit input group is formed by concatenating 3 8-bit input groups.
- These 24 bits are then treated as 4 concatenated 6-bit groups, each
- of which is translated into a single digit in the base64 alphabet.
-
- Each 6-bit group is used as an index into an array of 64 printable
- characters. The character referenced by the index is placed in the
- output string.
-
- Table 1: The Base64 Alphabet
-
- Value Encoding Value Encoding Value Encoding Value Encoding
- 0 A 17 R 34 i 51 z
- 1 B 18 S 35 j 52 0
- 2 C 19 T 36 k 53 1
- 3 D 20 U 37 l 54 2
- 4 E 21 V 38 m 55 3
- 5 F 22 W 39 n 56 4
- 6 G 23 X 40 o 57 5
- 7 H 24 Y 41 p 58 6
- 8 I 25 Z 42 q 59 7
- 9 J 26 a 43 r 60 8
- 10 K 27 b 44 s 61 9
- 11 L 28 c 45 t 62 +
- 12 M 29 d 46 u 63 /
- 13 N 30 e 47 v
- 14 O 31 f 48 w (pad) =
- 15 P 32 g 49 x
- 16 Q 33 h 50 y
-
- Special processing is performed if fewer than 24 bits are available
- at the end of the data being encoded. A full encoding quantum is
- always completed at the end of a quantity. When fewer than 24 input
- bits are available in an input group, zero bits are added (on the
- right) to form an integral number of 6-bit groups. Padding at the
- end of the data is performed using the '=' character.
-
- Since all base64 input is an integral number of octets, only the
- -------------------------------------------------
- following cases can arise:
-
- (1) the final quantum of encoding input is an integral
- multiple of 24 bits; here, the final unit of encoded
- output will be an integral multiple of 4 characters
- with no "=" padding,
- (2) the final quantum of encoding input is exactly 8 bits;
- here, the final unit of encoded output will be two
- characters followed by two "=" padding characters, or
- (3) the final quantum of encoding input is exactly 16 bits;
- here, the final unit of encoded output will be three
- characters followed by one "=" padding character.
- */
-
-int
-b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) {
- size_t datalength = 0;
- u_char input[3];
- u_char output[4];
- size_t i;
-
- while (2 < srclength) {
- input[0] = *src++;
- input[1] = *src++;
- input[2] = *src++;
- srclength -= 3;
-
- output[0] = input[0] >> 2;
- output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
- output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
- output[3] = input[2] & 0x3f;
- Assert(output[0] < 64);
- Assert(output[1] < 64);
- Assert(output[2] < 64);
- Assert(output[3] < 64);
-
- if (datalength + 4 > targsize)
- return (-1);
- target[datalength++] = Base64[output[0]];
- target[datalength++] = Base64[output[1]];
- target[datalength++] = Base64[output[2]];
- target[datalength++] = Base64[output[3]];
- }
-
- /* Now we worry about padding. */
- if (0 != srclength) {
- /* Get what's left. */
- input[0] = input[1] = input[2] = '\0';
- for (i = 0; i < srclength; i++)
- input[i] = *src++;
-
- output[0] = input[0] >> 2;
- output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
- output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
- Assert(output[0] < 64);
- Assert(output[1] < 64);
- Assert(output[2] < 64);
-
- if (datalength + 4 > targsize)
- return (-1);
- target[datalength++] = Base64[output[0]];
- target[datalength++] = Base64[output[1]];
- if (srclength == 1)
- target[datalength++] = Pad64;
- else
- target[datalength++] = Base64[output[2]];
- target[datalength++] = Pad64;
- }
- if (datalength >= targsize)
- return (-1);
- target[datalength] = '\0'; /* Returned value doesn't count \0. */
- return (datalength);
-}
-
-/* skips all whitespace anywhere.
- converts characters, four at a time, starting at (or after)
- src from base - 64 numbers into three 8 bit bytes in the target area.
- it returns the number of data bytes stored at the target, or -1 on error.
- */
-
-int
-b64_pton(src, target, targsize)
- char const *src;
- u_char *target;
- size_t targsize;
-{
- int tarindex, state, ch;
- char *pos;
-
- state = 0;
- tarindex = 0;
-
- while ((ch = *src++) != '\0') {
- if (isspace(ch)) /* Skip whitespace anywhere. */
- continue;
-
- if (ch == Pad64)
- break;
-
- pos = strchr(Base64, ch);
- if (pos == 0) /* A non-base64 character. */
- return (-1);
-
- switch (state) {
- case 0:
- if (target) {
- if ((size_t)tarindex >= targsize)
- return (-1);
- target[tarindex] = (pos - Base64) << 2;
- }
- state = 1;
- break;
- case 1:
- if (target) {
- if ((size_t)tarindex + 1 >= targsize)
- return (-1);
- target[tarindex] |= (pos - Base64) >> 4;
- target[tarindex+1] = ((pos - Base64) & 0x0f)
- << 4 ;
- }
- tarindex++;
- state = 2;
- break;
- case 2:
- if (target) {
- if ((size_t)tarindex + 1 >= targsize)
- return (-1);
- target[tarindex] |= (pos - Base64) >> 2;
- target[tarindex+1] = ((pos - Base64) & 0x03)
- << 6;
- }
- tarindex++;
- state = 3;
- break;
- case 3:
- if (target) {
- if ((size_t)tarindex >= targsize)
- return (-1);
- target[tarindex] |= (pos - Base64);
- }
- tarindex++;
- state = 0;
- break;
- default:
- abort();
- }
- }
-
- /*
- * We are done decoding Base-64 chars. Let's see if we ended
- * on a byte boundary, and/or with erroneous trailing characters.
- */
-
- if (ch == Pad64) { /* We got a pad char. */
- ch = *src++; /* Skip it, get next. */
- switch (state) {
- case 0: /* Invalid = in first position */
- case 1: /* Invalid = in second position */
- return (-1);
-
- case 2: /* Valid, means one byte of info */
- /* Skip any number of spaces. */
- for ((void)NULL; ch != '\0'; ch = *src++)
- if (!isspace(ch))
- break;
- /* Make sure there is another trailing = sign. */
- if (ch != Pad64)
- return (-1);
- ch = *src++; /* Skip the = */
- /* Fall through to "single trailing =" case. */
- /* FALLTHROUGH */
-
- case 3: /* Valid, means two bytes of info */
- /*
- * We know this char is an =. Is there anything but
- * whitespace after it?
- */
- for ((void)NULL; ch != '\0'; ch = *src++)
- if (!isspace(ch))
- return (-1);
-
- /*
- * Now make sure for cases 2 and 3 that the "extra"
- * bits that slopped past the last full byte were
- * zeros. If we don't check them, they become a
- * subliminal channel.
- */
- if (target && target[tarindex] != 0)
- return (-1);
- }
- } else {
- /*
- * We ended by seeing the end of the string. Make sure we
- * have no partial bytes lying around.
- */
- if (state != 0)
- return (-1);
- }
-
- return (tarindex);
-}
+++ /dev/null
-/*
- * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (c) 2012-2014 by Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
- */
-/*
- * This file contains the interface between the DST API and the crypto API.
- * This is the only file that needs to be changed if the crypto system is
- * changed. Exported functions are:
- * void dst_init() Initialize the toolkit
- * int dst_check_algorithm() Function to determines if alg is supported.
- * int dst_compare_keys() Function to compare two keys for equality.
- * int dst_sign_data() Incremental signing routine.
- * int dst_verify_data() Incremental verify routine.
- * int dst_generate_key() Function to generate new KEY
- * DST_KEY *dst_read_key() Function to retrieve private/public KEY.
- * void dst_write_key() Function to write out a key.
- * DST_KEY *dst_dnskey_to_key() Function to convert DNS KEY RR to a DST
- * KEY structure.
- * int dst_key_to_dnskey() Function to return a public key in DNS
- * format binary
- * DST_KEY *dst_buffer_to_key() Convert a data in buffer to KEY
- * int *dst_key_to_buffer() Writes out DST_KEY key material in buffer
- * void dst_free_key() Releases all memory referenced by key structure
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-#include <memory.h>
-#include <ctype.h>
-#include <time.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-
-#include "cdefs.h"
-#include "osdep.h"
-#include "arpa/nameser.h"
-
-#include "dst_internal.h"
-
-/* static variables */
-static int done_init = 0;
-dst_func *dst_t_func[DST_MAX_ALGS];
-const char *key_file_fmt_str = "Private-key-format: v%s\nAlgorithm: %d (%s)\n";
-const char *dst_path = "";
-
-/* internal I/O functions */
-static DST_KEY *dst_s_read_public_key(const char *in_name,
- const unsigned in_id, int in_alg);
-static int dst_s_read_private_key_file(const char *name, DST_KEY *pk_key,
- unsigned in_id, int in_alg);
-static int dst_s_write_public_key(const DST_KEY *key);
-static int dst_s_write_private_key(const DST_KEY *key);
-
-/* internal function to set up data structure */
-static DST_KEY *dst_s_get_key_struct(const char *name, const int alg,
- const u_int32_t flags, const int protocol,
- const int bits);
-
-/*
- * dst_init
- * This function initializes the Digital Signature Toolkit.
- * Right now, it just checks the DSTKEYPATH environment variable.
- * Parameters
- * none
- * Returns
- * none
- */
-void
-dst_init()
-{
- char *s;
- unsigned len;
-
- if (done_init != 0)
- return;
- done_init = 1;
-
- s = getenv("DSTKEYPATH");
- if (s) {
- struct stat statbuf;
-
- len = strlen(s);
- if (len > PATH_MAX) {
- EREPORT(("%s is longer than %d characters, ignoring\n",
- s, PATH_MAX));
- } else if (stat(s, &statbuf) != 0 || !S_ISDIR(statbuf.st_mode)) {
- EREPORT(("%s is not a valid directory\n", s));
- } else {
- char *dp = (char *) malloc(len + 2);
- int l;
- if (dp == NULL) {
- EREPORT(("malloc() failed for dp\n"));
- return;
- }
- memcpy(dp, s, len + 1);
- l = strlen (dp);
- if (dp[l - 1] != '/') {
- dp[l + 1] = 0;
- dp[l] = '/';
- }
- dst_path = dp;
- }
- }
- memset(dst_t_func, 0, sizeof(dst_t_func));
- /* first one is selected */
-#if 0
- dst_bsafe_init();
- dst_rsaref_init();
-#endif
- dst_hmac_md5_init();
-#if 0
- dst_eay_dss_init();
- dst_cylink_init();
-#endif
-}
-
-/*
- * dst_check_algorithm
- * This function determines if the crypto system for the specified
- * algorithm is present.
- * Parameters
- * alg 1 KEY_RSA
- * 3 KEY_DSA
- * 157 KEY_HMAC_MD5
- * future algorithms TBD and registered with IANA.
- * Returns
- * 1 - The algorithm is available.
- * 0 - The algorithm is not available.
- */
-int
-dst_check_algorithm(const int alg)
-{
- return (dst_t_func[alg] != NULL);
-}
-
-/*
- * dst_s_get_key_struct
- * This function allocates key structure and fills in some of the
- * fields of the structure.
- * Parameters:
- * name: the name of the key
- * alg: the algorithm number
- * flags: the dns flags of the key
- * protocol: the dns protocol of the key
- * bits: the size of the key
- * Returns:
- * NULL if error
- * valid pointer otherwise
- */
-static DST_KEY *
-dst_s_get_key_struct(const char *name, const int alg, const u_int32_t flags,
- const int protocol, const int bits)
-{
- DST_KEY *new_key = NULL;
-
- if (dst_check_algorithm(alg)) /* make sure alg is available */
- new_key = (DST_KEY *) malloc(sizeof(*new_key));
- if (new_key == NULL)
- return (NULL);
-
- memset(new_key, 0, sizeof(*new_key));
- new_key->dk_key_name = strdup(name);
- if (new_key->dk_key_name == NULL) {
- EREPORT(("Unable to duplicate name for key"));
- free(new_key);
- return (NULL);
- }
- new_key->dk_alg = alg;
- new_key->dk_flags = flags;
- new_key->dk_proto = protocol;
- new_key->dk_KEY_struct = NULL;
- new_key->dk_key_size = bits;
- new_key->dk_func = dst_t_func[alg];
- return (new_key);
-}
-
-/*
- * dst_compare_keys
- * Compares two keys for equality.
- * Parameters
- * key1, key2 Two keys to be compared.
- * Returns
- * 0 The keys are equal.
- * non-zero The keys are not equal.
- */
-
-int
-dst_compare_keys(const DST_KEY *key1, const DST_KEY *key2)
-{
- if (key1 == key2)
- return (0);
- if (key1 == NULL || key2 == NULL)
- return (4);
- if (key1->dk_alg != key2->dk_alg)
- return (1);
- if (key1->dk_key_size != key2->dk_key_size)
- return (2);
- if (key1->dk_id != key2->dk_id)
- return (3);
- return (key1->dk_func->compare(key1, key2));
-}
-
-
-/*
- * dst_sign_data
- * An incremental signing function. Data is signed in steps.
- * First the context must be initialized (SIG_MODE_INIT).
- * Then data is hashed (SIG_MODE_UPDATE). Finally the signature
- * itself is created (SIG_MODE_FINAL). This function can be called
- * once with INIT, UPDATE and FINAL modes all set, or it can be
-
- * called separately with a different mode set for each step. The
- * UPDATE step can be repeated.
- * Parameters
- * mode A bit mask used to specify operation(s) to be performed.
- * SIG_MODE_INIT 1 Initialize digest
- * SIG_MODE_UPDATE 2 Add data to digest
- * SIG_MODE_FINAL 4 Generate signature
- * from signature
- * SIG_MODE_ALL (SIG_MODE_INIT,SIG_MODE_UPDATE,SIG_MODE_FINAL
- * data Data to be signed.
- * len The length in bytes of data to be signed.
- * in_key Contains a private key to sign with.
- * KEY structures should be handled (created, converted,
- * compared, stored, freed) by the DST.
- * signature
- * The location to which the signature will be written.
- * sig_len Length of the signature field in bytes.
- * Return
- * 0 Successful INIT or Update operation
- * >0 success FINAL (sign) operation
- * <0 failure
- */
-
-int
-dst_sign_data(const int mode, DST_KEY *in_key, void **context,
- const u_char *data, const unsigned len,
- u_char *signature, const unsigned sig_len)
-{
- DUMP(data, mode, len, "dst_sign_data()");
-
- if (mode & SIG_MODE_FINAL &&
- (in_key->dk_KEY_struct == NULL || signature == NULL))
- return (MISSING_KEY_OR_SIGNATURE);
-
- if (in_key->dk_func && in_key->dk_func->sign)
- return (in_key->dk_func->sign(mode, in_key, context, data, len,
- signature, sig_len));
- return (UNKNOWN_KEYALG);
-}
-
-
-/*
- * dst_verify_data
- * An incremental verify function. Data is verified in steps.
- * First the context must be initialized (SIG_MODE_INIT).
- * Then data is hashed (SIG_MODE_UPDATE). Finally the signature
- * is verified (SIG_MODE_FINAL). This function can be called
- * once with INIT, UPDATE and FINAL modes all set, or it can be
- * called separately with a different mode set for each step. The
- * UPDATE step can be repeated.
- * Parameters
- * mode Operations to perform this time.
- * SIG_MODE_INIT 1 Initialize digest
- * SIG_MODE_UPDATE 2 add data to digest
- * SIG_MODE_FINAL 4 verify signature
- * SIG_MODE_ALL
- * (SIG_MODE_INIT,SIG_MODE_UPDATE,SIG_MODE_FINAL)
- * data Data to pass through the hash function.
- * len Length of the data in bytes.
- * in_key Key for verification.
- * signature Location of signature.
- * sig_len Length of the signature in bytes.
- * Returns
- * 0 Verify success
- * Non-Zero Verify Failure
- */
-
-int
-dst_verify_data(const int mode, DST_KEY *in_key, void **context,
- const u_char *data, const unsigned len,
- const u_char *signature, const unsigned sig_len)
-{
- DUMP(data, mode, len, "dst_verify_data()");
- if (mode & SIG_MODE_FINAL &&
- (in_key->dk_KEY_struct == NULL || signature == NULL))
- return (MISSING_KEY_OR_SIGNATURE);
-
- if (in_key->dk_func == NULL || in_key->dk_func->verify == NULL)
- return (UNSUPPORTED_KEYALG);
- return (in_key->dk_func->verify(mode, in_key, context, data, len,
- signature, sig_len));
-}
-
-
-/*
- * dst_read_private_key
- * Access a private key. First the list of private keys that have
- * already been read in is searched, then the key accessed on disk.
- * If the private key can be found, it is returned. If the key cannot
- * be found, a null pointer is returned. The options specify required
- * key characteristics. If the private key requested does not have
- * these characteristics, it will not be read.
- * Parameters
- * in_keyname The private key name.
- * in_id The id of the private key.
- * options DST_FORCE_READ Read from disk - don't use a previously
- * read key.
- * DST_CAN_SIGN The key must be usable for signing.
- * DST_NO_AUTHEN The key must be usable for authentication.
- * DST_STANDARD Return any key
- * Returns
- * NULL If there is no key found in the current directory or
- * this key has not been loaded before.
- * !NULL Success - KEY structure returned.
- */
-
-DST_KEY *
-dst_read_key(const char *in_keyname, const unsigned in_id,
- const int in_alg, const int type)
-{
- DST_KEY *dg_key = NULL, *pubkey = NULL;
-
- if (!dst_check_algorithm(in_alg)) { /* make sure alg is available */
- EREPORT(("dst_read_private_key(): Algorithm %d not supported\n",
- in_alg));
- return (NULL);
- }
- if ((type & (DST_PUBLIC | DST_PRIVATE)) == 0)
- return (NULL);
- if (in_keyname == NULL) {
- EREPORT(("dst_read_private_key(): Null key name passed in\n"));
- return (NULL);
- }
-
- /* before I read in the public key, check if it is allowed to sign */
- if ((pubkey = dst_s_read_public_key(in_keyname, in_id, in_alg)) == NULL)
- return (NULL);
-
- if (type == DST_PUBLIC)
- return pubkey;
-
- if (!(dg_key = dst_s_get_key_struct(in_keyname, pubkey->dk_alg,
- pubkey->dk_flags, pubkey->dk_proto,
- 0)))
- return (dg_key);
- /* Fill in private key and some fields in the general key structure */
- if (dst_s_read_private_key_file(in_keyname, dg_key, pubkey->dk_id,
- pubkey->dk_alg) == 0)
- dg_key = dst_free_key(dg_key);
-
- (void) dst_free_key(pubkey);
- return (dg_key);
-}
-
-int
-dst_write_key(const DST_KEY *key, const int type)
-{
- int pub = 0, priv = 0;
-
- if (key == NULL)
- return (0);
- if (!dst_check_algorithm(key->dk_alg)) { /* make sure alg is available */
- EREPORT(("dst_write_key(): Algorithm %d not supported\n",
- key->dk_alg));
- return (UNSUPPORTED_KEYALG);
- }
- if ((type & (DST_PRIVATE|DST_PUBLIC)) == 0)
- return (0);
-
- if (type & DST_PUBLIC)
- if ((pub = dst_s_write_public_key(key)) < 0)
- return (pub);
- if (type & DST_PRIVATE)
- if ((priv = dst_s_write_private_key(key)) < 0)
- return (priv);
- return (priv+pub);
-}
-
-/*
- * dst_write_private_key
- * Write a private key to disk. The filename will be of the form:
- * K<key->dk_name>+<key->dk_alg>+<key->dk_id>.<private key suffix>.
- * If there is already a file with this name, an error is returned.
- *
- *
- * Parameters
- * key A DST managed key structure that contains
- * all information needed about a key.
- * Return
- * >= 0 Correct behavior. Returns length of encoded key value
- * written to disk.
- * < 0 error.
- */
-
-static int
-dst_s_write_private_key(const DST_KEY *key)
-{
- u_char encoded_block[RAW_KEY_SIZE];
- char file[PATH_MAX];
- unsigned len;
- FILE *fp;
-
- /* First encode the key into the portable key format */
- if (key == NULL)
- return (-1);
- if (key->dk_KEY_struct == NULL)
- return (0); /* null key has no private key */
-
- if (key->dk_func == NULL || key->dk_func->to_file_fmt == NULL) {
- EREPORT(("dst_write_private_key(): Unsupported operation %d\n",
- key->dk_alg));
- return (-5);
- } else if ((len = key->dk_func->to_file_fmt(key, (char *)encoded_block,
- sizeof(encoded_block))) <= 0) {
- EREPORT(("dst_write_private_key(): Failed encoding private RSA bsafe key %d\n", len));
- return (-8);
- }
- /* Now I can create the file I want to use */
- dst_s_build_filename(file, key->dk_key_name, key->dk_id, key->dk_alg,
- PRIVATE_KEY, PATH_MAX);
-
- /* Do not overwrite an existing file */
- if ((fp = dst_s_fopen(file, "w", 0600)) != NULL) {
- int nn;
- if ((nn = fwrite(encoded_block, 1, len, fp)) != len) {
- EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n",
- file, out_len, nn, errno));
- fclose(fp);
- return (-5);
- }
- fclose(fp);
- } else {
- EREPORT(("dst_write_private_key(): Can not create file %s\n"
- ,file));
- return (-6);
- }
- memset(encoded_block, 0, len);
- return (len);
-}
-
-/*
-*
- * dst_read_public_key
- * Read a public key from disk and store in a DST key structure.
- * Parameters
- * in_name K<in_name><in_id>.<public key suffix> is the
- * filename of the key file to be read.
- * Returns
- * NULL If the key does not exist or no name is supplied.
- * NON-NULL Initialized key structure if the key exists.
- */
-
-static DST_KEY *
-dst_s_read_public_key(const char *in_name, const unsigned in_id, int in_alg)
-{
- unsigned flags, len;
- int proto, alg, dlen;
- int c;
- char name[PATH_MAX], enckey[RAW_KEY_SIZE];
- unsigned char *notspace;
- u_char deckey[RAW_KEY_SIZE];
- FILE *fp;
- DST_KEY *pubkey = NULL;
-
- if (in_name == NULL) {
- EREPORT(("dst_read_public_key(): No key name given\n"));
- return (NULL);
- }
- if (dst_s_build_filename(name, in_name, in_id, in_alg, PUBLIC_KEY,
- PATH_MAX) == -1) {
- EREPORT(("dst_read_public_key(): Cannot make filename from %s, %d, and %s\n",
- in_name, in_id, PUBLIC_KEY));
- return (NULL);
- }
- /*
- * Open the file and read it's formatted contents up to key
- * File format:
- * domain.name [ttl] [IN] KEY <flags> <protocol> <algorithm> <key>
- * flags, proto, alg stored as decimal (or hex numbers FIXME).
- * (FIXME: handle parentheses for line continuation.)
- */
- if ((fp = dst_s_fopen(name, "r", 0)) == NULL) {
- EREPORT(("dst_read_public_key(): Public Key not found %s\n",
- name));
- return (NULL);
- }
- /* Skip domain name, which ends at first blank */
- while ((c = getc(fp)) != EOF)
- if (isspace(c))
- break;
- /* Skip blank to get to next field */
- while ((c = getc(fp)) != EOF)
- if (!isspace(c))
- break;
-
- /* Skip optional TTL -- if initial digit, skip whole word. */
- if (isdigit(c)) {
- while ((c = getc(fp)) != EOF)
- if (isspace(c))
- break;
- while ((c = getc(fp)) != EOF)
- if (!isspace(c))
- break;
- }
- /* Skip optional "IN" */
- if (c == 'I' || c == 'i') {
- while ((c = getc(fp)) != EOF)
- if (isspace(c))
- break;
- while ((c = getc(fp)) != EOF)
- if (!isspace(c))
- break;
- }
- /* Locate and skip "KEY" */
- if (c != 'K' && c != 'k') {
- EREPORT(("\"KEY\" doesn't appear in file: %s", name));
- return NULL;
- }
- while ((c = getc(fp)) != EOF)
- if (isspace(c))
- break;
- while ((c = getc(fp)) != EOF)
- if (!isspace(c))
- break;
- ungetc(c, fp); /* return the character to the input field */
- /* Handle hex!! FIXME. */
-
- if (fscanf(fp, "%d %d %d", &flags, &proto, &alg) != 3) {
- EREPORT(("dst_read_public_key(): Can not read flag/proto/alg field from %s\n"
- ,name));
- return (NULL);
- }
- /* read in the key string */
- if ((fgets(enckey, sizeof(enckey), fp) == NULL) &&
- (ferror(fp) != 0)) {
- EREPORT(("dst_read_public_kety(): Error reading key\n"));
- return (NULL);
- }
-
- /* If we aren't at end-of-file, something is wrong. */
- while ((c = getc(fp)) != EOF)
- if (!isspace(c))
- break;
- if (!feof(fp)) {
- EREPORT(("Key too long in file: %s", name));
- return NULL;
- }
- fclose(fp);
-
- if ((len = strlen(enckey)) <= 0)
- return (NULL);
-
- /* discard \n */
- enckey[--len] = '\0';
-
- /* remove leading spaces */
- for (notspace = (unsigned char *)enckey; isspace(*notspace); len--)
- notspace++;
-
- dlen = b64_pton((char *)notspace, deckey, sizeof(deckey));
- if (dlen < 0) {
- EREPORT(("dst_read_public_key: bad return from b64_pton = %d",
- dlen));
- return (NULL);
- }
-
- /* store key and info in a key structure that is returned */
- /* Set the key id after we create because somehow this got missed. */
- pubkey = dst_buffer_to_key(in_name, alg, flags, proto,
- deckey, (unsigned)dlen);
- if (pubkey) {
- pubkey->dk_id = in_id;
- }
-
- return (pubkey);
-}
-
-
-/*
- * dst_write_public_key
- * Write a key to disk in DNS format.
- * Parameters
- * key Pointer to a DST key structure.
- * Returns
- * 0 Failure
- * 1 Success
- */
-
-static int
-dst_s_write_public_key(const DST_KEY *key)
-{
- FILE *fp;
- char filename[PATH_MAX];
- u_char out_key[RAW_KEY_SIZE];
- char enc_key[RAW_KEY_SIZE];
- int len = 0;
-
- memset(out_key, 0, sizeof(out_key));
- if (key == NULL) {
- EREPORT(("dst_write_public_key(): No key specified \n"));
- return (0);
- } else if ((len = dst_key_to_dnskey(key, out_key, sizeof(out_key)))< 0)
- return (0);
-
- /* Make the filename */
- if (dst_s_build_filename(filename, key->dk_key_name, key->dk_id,
- key->dk_alg, PUBLIC_KEY, PATH_MAX) == -1) {
- EREPORT(("dst_write_public_key(): Cannot make filename from %s, %d, and %s\n",
- key->dk_key_name, key->dk_id, PUBLIC_KEY));
- return (0);
- }
- /* create public key file */
- if ((fp = dst_s_fopen(filename, "w+", 0644)) == NULL) {
- EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n",
- filename, errno));
- return (0);
- }
- /*write out key first base64 the key data */
- if (key->dk_flags & DST_EXTEND_FLAG)
- b64_ntop(&out_key[6],
- (unsigned)(len - 6), enc_key, sizeof(enc_key));
- else
- b64_ntop(&out_key[4],
- (unsigned)(len - 4), enc_key, sizeof(enc_key));
- fprintf(fp, "%s IN KEY %d %d %d %s\n",
- key->dk_key_name,
- key->dk_flags, key->dk_proto, key->dk_alg, enc_key);
- fclose(fp);
- return (1);
-}
-
-
-/*
- * dst_dnskey_to_public_key
- * This function converts the contents of a DNS KEY RR into a DST
- * key structure.
- * Parameters
- * len Length of the RDATA of the KEY RR RDATA
- * rdata A pointer to the the KEY RR RDATA.
- * in_name Key name to be stored in key structure.
- * Returns
- * NULL Failure
- * NON-NULL Success. Pointer to key structure.
- * Caller's responsibility to free() it.
- */
-
-DST_KEY *
-dst_dnskey_to_key(const char *in_name,
- const u_char *rdata, const unsigned len)
-{
- DST_KEY *key_st;
- int alg ;
- int start = DST_KEY_START;
-
- if (in_name == NULL || rdata == NULL || len <= DST_KEY_ALG) /* no data */
- return (NULL);
- alg = (u_int8_t) rdata[DST_KEY_ALG];
- if (!dst_check_algorithm(alg)) { /* make sure alg is available */
- EREPORT(("dst_dnskey_to_key(): Algorithm %d not supported\n",
- alg));
- return (NULL);
- }
- if ((key_st = dst_s_get_key_struct(in_name, alg, 0, 0, 0)) == NULL)
- return (NULL);
-
- key_st->dk_flags = dst_s_get_int16(rdata);
- key_st->dk_proto = (u_int16_t) rdata[DST_KEY_PROT];
- if (key_st->dk_flags & DST_EXTEND_FLAG) {
- u_int32_t ext_flags;
- ext_flags = (u_int32_t) dst_s_get_int16(&rdata[DST_EXT_FLAG]);
- key_st->dk_flags = key_st->dk_flags | (ext_flags << 16);
- start += 2;
- }
- /*
- * now point to the beginning of the data representing the encoding
- * of the key
- */
- if (key_st->dk_func && key_st->dk_func->from_dns_key) {
- if (key_st->dk_func->from_dns_key(key_st, &rdata[start],
- len - start) > 0)
- return (key_st);
- } else
- EREPORT(("dst_dnskey_to_public_key(): unsupported alg %d\n",
- alg));
-
- SAFE_FREE(key_st);
- return (key_st);
-}
-
-
-/*
- * dst_public_key_to_dnskey
- * Function to encode a public key into DNS KEY wire format
- * Parameters
- * key Key structure to encode.
- * out_storage Location to write the encoded key to.
- * out_len Size of the output array.
- * Returns
- * <0 Failure
- * >=0 Number of bytes written to out_storage
- */
-
-int
-dst_key_to_dnskey(const DST_KEY *key, u_char *out_storage,
- const unsigned out_len)
-{
- u_int16_t val;
- int loc = 0;
- int enc_len = 0;
- if (key == NULL)
- return (-1);
-
- if (!dst_check_algorithm(key->dk_alg)) { /* make sure alg is available */
- EREPORT(("dst_key_to_dnskey(): Algorithm %d not supported\n",
- key->dk_alg));
- return (UNSUPPORTED_KEYALG);
- }
- memset(out_storage, 0, out_len);
- val = (u_int16_t)(key->dk_flags & 0xffff);
- out_storage[0] = (val >> 8) & 0xff;
- out_storage[1] = val & 0xff;
- loc += 2;
-
- out_storage[loc++] = (u_char) key->dk_proto;
- out_storage[loc++] = (u_char) key->dk_alg;
-
- if (key->dk_flags > 0xffff) { /* Extended flags */
- val = (u_int16_t)((key->dk_flags >> 16) & 0xffff);
- out_storage[loc] = (val >> 8) & 0xff;
- out_storage[loc+1] = val & 0xff;
- loc += 2;
- }
- if (key->dk_KEY_struct == NULL)
- return (loc);
- if (key->dk_func && key->dk_func->to_dns_key) {
- enc_len = key->dk_func->to_dns_key(key,
- (u_char *) &out_storage[loc],
- out_len - loc);
- if (enc_len > 0)
- return (enc_len + loc);
- else
- return (-1);
- } else
- EREPORT(("dst_key_to_dnskey(): Unsupported ALG %d\n",
- key->dk_alg));
- return (-1);
-}
-
-
-/*
- * dst_buffer_to_key
- * Function to encode a string of raw data into a DST key
- * Parameters
- * alg The algorithm (HMAC only)
- * key A pointer to the data
- * keylen The length of the data
- * Returns
- * NULL an error occurred
- * NON-NULL the DST key
- */
-DST_KEY *
-dst_buffer_to_key(const char *key_name, /* name of the key */
- const int alg, /* algorithm */
- const unsigned flags, /* dns flags */
- const int protocol, /* dns protocol */
- const u_char *key_buf, /* key in dns wire fmt */
- const unsigned key_len) /* size of key */
-{
-
- DST_KEY *dkey = NULL;
-
- if (!dst_check_algorithm(alg)) { /* make sure alg is available */
- EREPORT(("dst_buffer_to_key(): Algorithm %d not supported\n", alg));
- return (NULL);
- }
-
- dkey = dst_s_get_key_struct(key_name, alg, flags, protocol, -1);
-
- if (dkey == NULL)
- return (NULL);
- if (dkey->dk_func != NULL &&
- dkey->dk_func->from_dns_key != NULL) {
- if (dkey->dk_func->from_dns_key(dkey, key_buf, key_len) < 0) {
- EREPORT(("dst_buffer_to_key(): dst_buffer_to_hmac failed\n"));
- (void) (dst_free_key(dkey));
- return (NULL);
- }
- return (dkey);
- }
- (void) (dst_free_key(dkey));
- return (NULL);
-}
-
-int
-dst_key_to_buffer(DST_KEY *key, u_char *out_buff, unsigned buf_len)
-{
- int len;
- /* this function will extract the secret of HMAC into a buffer */
- if(key == NULL)
- return (0);
- if(key->dk_func != NULL && key->dk_func->to_dns_key != NULL) {
- len = key->dk_func->to_dns_key(key, out_buff, buf_len);
- if (len < 0)
- return (0);
- return (len);
- }
- return (0);
-}
-
-
-/*
- * dst_s_read_private_key_file
- * Function reads in private key from a file.
- * Fills out the KEY structure.
- * Parameters
- * name Name of the key to be read.
- * pk_key Structure that the key is returned in.
- * in_id Key identifier (tag)
- * Return
- * 1 if everything works
- * 0 if there is any problem
- */
-
-static int
-dst_s_read_private_key_file(const char *name, DST_KEY *pk_key, unsigned in_id,
- int in_alg)
-{
- int cnt, alg, len, major, minor, file_major, file_minor;
- int id;
- char filename[PATH_MAX];
- u_char in_buff[RAW_KEY_SIZE + 1];
- char *p;
- FILE *fp;
-
- if (name == NULL || pk_key == NULL) {
- EREPORT(("dst_read_private_key_file(): No key name given\n"));
- return (0);
- }
- /* Make the filename */
- if (dst_s_build_filename(filename, name, in_id, in_alg, PRIVATE_KEY,
- PATH_MAX) == -1) {
- EREPORT(("dst_read_private_key(): Cannot make filename from %s, %d, and %s\n",
- name, in_id, PRIVATE_KEY));
- return (0);
- }
- /* first check if we can find the key file */
- if ((fp = dst_s_fopen(filename, "r", 0)) == NULL) {
- EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n",
- filename, dst_path[0] ? dst_path :
- (char *) getcwd(NULL, PATH_MAX - 1)));
- return (0);
- }
-
- /* now read the header info from the file */
- if ((cnt = fread(in_buff, 1, sizeof(in_buff) - 1, fp)) < 5) {
- fclose(fp);
- EREPORT(("dst_s_read_private_key_file: error reading file %s (empty file)\n",
- filename));
- return (0);
- }
- /* decrypt key */
- fclose(fp);
- in_buff[cnt] = '\0';
-
- if (memcmp(in_buff, "Private-key-format: v", 20) != 0)
- goto fail;
- len = cnt;
- p = (char *)in_buff;
-
- if (!dst_s_verify_str((const char **) &p, "Private-key-format: v")) {
- EREPORT(("dst_s_read_private_key_file(): Not a Key file/Decrypt failed %s\n", name));
- goto fail;
- }
- /* read in file format */
- sscanf(p, "%d.%d", &file_major, &file_minor);
- sscanf(KEY_FILE_FORMAT, "%d.%d", &major, &minor);
- if (file_major < 1) {
- EREPORT(("dst_s_read_private_key_file(): Unknown keyfile %d.%d version for %s\n",
- file_major, file_minor, name));
- goto fail;
- } else if (file_major > major || file_minor > minor)
- EREPORT((
- "dst_s_read_private_key_file(): Keyfile %s version higher than mine %d.%d MAY FAIL\n",
- name, file_major, file_minor));
-
- while (*p++ != '\n') ; /* skip to end of line */
-
- if (!dst_s_verify_str((const char **) &p, "Algorithm: "))
- goto fail;
-
- if (sscanf(p, "%d", &alg) != 1)
- goto fail;
- while (*p++ != '\n') ; /* skip to end of line */
-
- if (pk_key->dk_key_name && !strcmp(pk_key->dk_key_name, name))
- SAFE_FREE2(pk_key->dk_key_name, strlen(pk_key->dk_key_name));
- pk_key->dk_key_name = (char *) strdup(name);
- if (pk_key->dk_key_name == NULL) {
- EREPORT(("Unable to duplicate name for key"));
- goto fail;
- }
-
- /* allocate and fill in key structure */
- if (pk_key->dk_func == NULL || pk_key->dk_func->from_file_fmt == NULL)
- goto fail;
-
- id = pk_key->dk_func->from_file_fmt(pk_key, (char *)p,
- (unsigned)(&in_buff[len] - (u_char *)p));
- if (id < 0)
- goto fail;
-
- /* Make sure the actual key tag matches the input tag used in the filename
- */
- if (id != in_id) {
- EREPORT(("dst_s_read_private_key_file(): actual tag of key read %d != input tag used to build filename %d.\n", id, in_id));
- goto fail;
- }
- pk_key->dk_id = (u_int16_t) id;
- pk_key->dk_alg = alg;
- memset(in_buff, 0, (unsigned)cnt);
- return (1);
-
- fail:
- memset(in_buff, 0, (unsigned)cnt);
- return (0);
-}
-
-
-/*
- * dst_generate_key
- * Generate and store a public/private keypair.
- * Keys will be stored in formatted files.
- * Parameters
- * name Name of the new key. Used to create key files
- * K<name>+<alg>+<id>.public and K<name>+<alg>+<id>.private.
- * bits Size of the new key in bits.
- * exp What exponent to use:
- * 0 use exponent 3
- * non-zero use Fermant4
- * flags The default value of the DNS Key flags.
- * The DNS Key RR Flag field is defined in RFC 2065,
- * section 3.3. The field has 16 bits.
- * protocol
- * Default value of the DNS Key protocol field.
- * The DNS Key protocol field is defined in RFC 2065,
- * section 3.4. The field has 8 bits.
- * alg What algorithm to use. Currently defined:
- * KEY_RSA 1
- * KEY_DSA 3
- * KEY_HMAC 157
- * out_id The key tag is returned.
- *
- * Return
- * NULL Failure
- * non-NULL the generated key pair
- * Caller frees the result, and its dk_name pointer.
- */
-DST_KEY *
-dst_generate_key(const char *name, const int bits, const int exp,
- const unsigned flags, const int protocol, const int alg)
-{
- DST_KEY *new_key = NULL;
- int res;
- if (name == NULL)
- return (NULL);
-
- if (!dst_check_algorithm(alg)) { /* make sure alg is available */
- EREPORT(("dst_generate_key(): Algorithm %d not supported\n", alg));
- return (NULL);
- }
-
- new_key = dst_s_get_key_struct(name, alg, flags, protocol, bits);
- if (new_key == NULL)
- return (NULL);
- if (bits == 0) /* null key we are done */
- return (new_key);
- if (new_key->dk_func == NULL || new_key->dk_func->generate == NULL) {
- EREPORT(("dst_generate_key_pair():Unsupported algorithm %d\n",
- alg));
- return (dst_free_key(new_key));
- }
- if ((res = new_key->dk_func->generate(new_key, exp)) <= 0) {
- EREPORT(("dst_generate_key_pair(): Key generation failure %s %d %d %d\n",
- new_key->dk_key_name, new_key->dk_alg,
- new_key->dk_key_size, exp));
- return (dst_free_key(new_key));
- }
- return (new_key);
-}
-
-
-/*
- * dst_free_key
- * Release all data structures pointed to by a key structure.
- * Parameters
- * f_key Key structure to be freed.
- */
-
-DST_KEY *
-dst_free_key(DST_KEY *f_key)
-{
-
- if (f_key == NULL)
- return (f_key);
- if (f_key->dk_func && f_key->dk_func->destroy)
- f_key->dk_KEY_struct =
- f_key->dk_func->destroy(f_key->dk_KEY_struct);
- else {
- EREPORT(("dst_free_key(): Unknown key alg %d\n",
- f_key->dk_alg));
- }
- if (f_key->dk_KEY_struct) {
- /*
- * We can't used SAFE_FREE* here as we do not know the size
- * of the structure, so no way to zero it.
- */
- free(f_key->dk_KEY_struct);
- f_key->dk_KEY_struct = NULL;
- }
- if (f_key->dk_key_name)
- SAFE_FREE(f_key->dk_key_name);
- SAFE_FREE(f_key);
- return (NULL);
-}
-
-/*
- * dst_sig_size
- * Return the maximum size of signature from the key specified in bytes
- * Parameters
- * key
- * Returns
- * bytes
- */
-int
-dst_sig_size(DST_KEY *key) {
- switch (key->dk_alg) {
- case KEY_HMAC_MD5:
- return (16);
- case KEY_HMAC_SHA1:
- return (20);
- case KEY_RSA:
- return (key->dk_key_size + 7) / 8;
- case KEY_DSA:
- return (40);
- default:
- EREPORT(("dst_sig_size(): Unknown key alg %d\n", key->dk_alg));
- return -1;
- }
-}
-
-/*
- * dst_random
- * function that multiplexes number of random number generators
- * Parameters
- * mode: select the random number generator
- * wanted is how many bytes of random data are requested
- * outran is a buffer of size at least wanted for the output data
- *
- * Returns
- * number of bytes written to outran
- */
-int
-dst_random(const int mode, unsigned wanted, u_char *outran)
-{
- if (wanted <= 0 || outran == NULL)
- return (0);
-
- switch (mode) {
- case DST_RAND_SEMI: {
- u_int32_t *op = (u_int32_t *)outran;
- int i;
- for (i = 0; i < wanted; i+= sizeof(u_int32_t), op++) {
- *op = dst_s_quick_random(i);
- }
-
- return (wanted);
- }
- case DST_RAND_STD:
- return (dst_s_semi_random(outran, wanted));
- case DST_RAND_KEY:
- return (dst_s_random(outran, wanted));
- case DST_RAND_DSS:
- default:
- /* need error case here XXX OG */
- return (0);
- }
-}
+++ /dev/null
-#ifndef DST_INTERNAL_H
-#define DST_INTERNAL_H
-
-/*
- * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
- */
-#include <limits.h>
-#include <sys/param.h>
-
-#ifndef PATH_MAX
-# ifdef POSIX_PATH_MAX
-# define PATH_MAX POSIX_PATH_MAX
-# else
-# define PATH_MAX 255 /* this is the value of POSIX_PATH_MAX */
-# endif
-#endif
-
-typedef struct dst_key {
- char *dk_key_name; /* name of the key */
- int dk_key_size; /* this is the size of the key in bits */
- int dk_proto; /* what protocols this key can be used for */
- int dk_alg; /* algorithm number from key record */
- unsigned dk_flags; /* and the flags of the public key */
- unsigned dk_id; /* identifier of the key */
- void *dk_KEY_struct; /* pointer to key in crypto pkg fmt */
- struct dst_func *dk_func; /* point to crypto pgk specific function table */
-} DST_KEY;
-#define HAS_DST_KEY
-
-#include <isc-dhcp/dst.h>
-/*
- * define what crypto systems are supported for RSA,
- * BSAFE is preferred over RSAREF; only one can be set at any time
- */
-#if defined(BSAFE) && defined(RSAREF)
-# error "Cannot have both BSAFE and RSAREF defined"
-#endif
-
-/* Declare dst_lib specific constants */
-#define KEY_FILE_FORMAT "1.2"
-
-/* suffixes for key file names */
-#define PRIVATE_KEY "private"
-#define PUBLIC_KEY "key"
-
-/* error handling */
-#ifdef REPORT_ERRORS
-#define EREPORT(str) printf str
-#else
-#define EREPORT(str)
-#endif
-
-/* use our own special macro to FRRE memory */
-
-#ifndef SAFE_FREE
-#define SAFE_FREE(a) if(a != NULL){memset(a,0, sizeof(*a)); free(a); a=NULL;}
-#define SAFE_FREE2(a,s) if (a != NULL && s > 0){memset(a,0, s);free(a); a=NULL;}
-#endif
-
-typedef struct dst_func {
- int (*sign)(const int mode, DST_KEY *key, void **context,
- const u_int8_t *data, const unsigned len,
- u_int8_t *signature, const unsigned sig_len);
- int (*verify)(const int mode, DST_KEY *key, void **context,
- const u_int8_t *data, const unsigned len,
- const u_int8_t *signature, const unsigned sig_len);
- int (*compare)(const DST_KEY *key1, const DST_KEY *key2);
- int (*generate)(DST_KEY *key, int parms);
- void *(*destroy)(void *key);
- /* conversion functions */
- int (*to_dns_key)(const DST_KEY *key, u_int8_t *out,
- const unsigned out_len);
- int (*from_dns_key)(DST_KEY *key, const u_int8_t *str,
- const unsigned str_len);
- int (*to_file_fmt)(const DST_KEY *key, char *out,
- const unsigned out_len);
- int (*from_file_fmt)(DST_KEY *key, const char *out,
- const unsigned out_len);
-
-} dst_func;
-
-extern dst_func *dst_t_func[DST_MAX_ALGS];
-extern const char *key_file_fmt_str;
-extern const char *dst_path;
-
-#ifndef DST_HASH_SIZE
-#define DST_HASH_SIZE 20 /* RIPEMD160 and SHA-1 are 20 bytes MD5 is 16 */
-#endif
-
-#if 0
-int dst_bsafe_init(void);
-int dst_rsaref_init(void);
-#endif
-
-int dst_hmac_md5_init(void);
-
-#if 0
-int dst_cylink_init(void);
-int dst_eay_dss_init(void);
-#endif
-
-/* support functions */
-/* base64 to bignum conversion routines */
-int dst_s_conv_bignum_u8_to_b64( char *out_buf, const unsigned out_len,
- const char *header,
- const u_int8_t *bin_data,
- const unsigned bin_len);
-int dst_s_conv_bignum_b64_to_u8( const char **buf, u_int8_t *loc,
- const unsigned loclen) ;
-/* from higher level support routines */
-int dst_s_calculate_bits( const u_int8_t *str, const int max_bits);
-int dst_s_verify_str( const char **buf, const char *str);
-
-
-/* conversion between dns names and key file names */
-size_t dst_s_filename_length( const char *name, const char *suffix);
-int dst_s_build_filename( char *filename, const char *name,
- unsigned id, int alg, const char *suffix,
- size_t filename_length);
-
-FILE *dst_s_fopen (const char *filename, const char *mode, unsigned perm);
-
-/* from file prandom.c */
-int dst_s_random( u_int8_t *output, unsigned size);
-int dst_s_semi_random( u_int8_t *output, unsigned size);
-u_int32_t dst_s_quick_random( int inc);
-void dst_s_quick_random_set( u_int32_t val, u_int32_t cnt);
-
-/*
- * read and write network byte order into u_int?_t
- * all of these should be retired
- */
-u_int16_t dst_s_get_int16( const u_int8_t *buf);
-void dst_s_put_int16( u_int8_t *buf, const u_int16_t val);
-
-u_int32_t dst_s_get_int32( const u_int8_t *buf);
-void dst_s_put_int32( u_int8_t *buf, const u_int32_t val);
-
-#ifdef DUMP
-# undef DUMP
-# define DUMP(a,b,c,d) dst_s_dump(a,b,c,d)
-#else
-# define DUMP(a,b,c,d)
-#endif
-
-#if defined (MINIRES_LIB)
-#define b64_pton MRb64_pton
-#define b64_ntop MRb64_ntop
-
-int b64_pton (char const *, unsigned char *, size_t);
-int b64_ntop (unsigned char const *, size_t, char *, size_t);
-
-#define USE_MD5
-#endif
-
-
-#endif /* DST_INTERNAL_H */
+++ /dev/null
-/*
- * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
- */
-
-#include <stdio.h>
-#include <unistd.h>
-#include <memory.h>
-#include <string.h>
-#include <errno.h>
-#include <sys/stat.h>
-#include <netinet/in.h>
-#include <sys/socket.h>
-
-#include "cdefs.h"
-#include "osdep.h"
-#include "arpa/nameser.h"
-
-#include "dst_internal.h"
-
-/*
- * dst_s_conv_bignum_u8_to_b64
- * This function converts binary data stored as a u_char[] to a
- * base-64 string. Leading zeroes are discarded. If a header is
- * supplied, it is prefixed to the input prior to encoding. The
- * output is \n\0 terminated (the \0 is not included in output length).
- * Parameters
- * out_buf binary data to convert
- * header character string to prefix to the output (label)
- * bin_data binary data
- * bin_len size of binary data
- * Return
- * -1 not enough space in output work area
- * 0 no output
- * >0 number of bytes written to output work area
- */
-
-int
-dst_s_conv_bignum_u8_to_b64(char *out_buf, const unsigned out_len,
- const char *header, const u_char *bin_data,
- const unsigned bin_len)
-{
- const u_char *bp = bin_data;
- char *op = out_buf;
- int res = 0;
- unsigned lenh = 0, len64 = 0;
- unsigned local_in_len = bin_len;
- unsigned local_out_len = out_len;
-
- if (bin_data == NULL) /* no data no */
- return (0);
-
- if (out_buf == NULL || out_len <= 0) /* no output_work area */
- return (-1);
-
- /* suppress leading \0 */
- for (; (*bp == 0x0) && (local_in_len > 0); local_in_len--)
- bp++;
-
- if (header) { /* add header to output string */
- lenh = strlen(header);
- if (lenh < out_len)
- memcpy(op, header, lenh);
- else
- return (-1);
- local_out_len -= lenh;
- op += lenh;
- }
- res = b64_ntop(bp, local_in_len, op, local_out_len - 2);
- if (res < 0)
- return (-1);
- len64 = (unsigned) res;
- op += len64++;
- *(op++) = '\n'; /* put CR in the output */
- *op = '\0'; /* make sure output is 0 terminated */
- return (lenh + len64);
-}
-
-
-/*
- * dst_s_verify_str()
- * Validate that the input string(*str) is at the head of the input
- * buffer(**buf). If so, move the buffer head pointer (*buf) to
- * the first byte of data following the string(*str).
- * Parameters
- * buf Input buffer.
- * str Input string.
- * Return
- * 0 *str is not the head of **buff
- * 1 *str is the head of **buff, *buf is is advanced to
- * the tail of **buf.
- */
-
-int
-dst_s_verify_str(const char **buf, const char *str)
-{
- unsigned b, s;
- if (*buf == NULL) /* error checks */
- return (0);
- if (str == NULL || *str == '\0')
- return (1);
-
- b = strlen(*buf); /* get length of strings */
- s = strlen(str);
- if (s > b || strncmp(*buf, str, s)) /* check if same */
- return (0); /* not a match */
- (*buf) += s; /* advance pointer */
- return (1);
-}
-
-
-/*
- * dst_s_conv_bignum_b64_to_u8
- * Read a line of base-64 encoded string from the input buffer,
- * convert it to binary, and store it in an output area. The
- * input buffer is read until reaching a newline marker or the
- * end of the buffer. The binary data is stored in the last X
- * number of bytes of the output area where X is the size of the
- * binary output. If the operation is successful, the input buffer
- * pointer is advanced. This procedure does not do network to host
- * byte order conversion.
- * Parameters
- * buf Pointer to encoded input string. Pointer is updated if
- * function is successful.
- * loc Output area.
- * loclen Size in bytes of output area.
- * Return
- * >0 Return = number of bytes of binary data stored in loc.
- * 0 Failure.
- */
-
-int
-dst_s_conv_bignum_b64_to_u8(const char **buf,
- u_char *loc, const unsigned loclen)
-{
- unsigned blen;
- char *bp;
- u_char bstr[RAW_KEY_SIZE];
- int res = 0;
-
- if (buf == NULL || *buf == NULL) { /* error checks */
- EREPORT(("dst_s_conv_bignum_b64_to_u8: null input buffer.\n"));
- return (0);
- }
- bp = strchr(*buf, '\n'); /* find length of input line */
- if (bp != NULL)
- *bp = '\0';
-
- res = b64_pton(*buf, bstr, sizeof(bstr));
- if (res <= 0) {
- EREPORT(("dst_s_conv_bignum_b64_to_u8: decoded value is null.\n"));
- return (0);
- }
- blen = (unsigned) res;
- if (loclen < blen) {
- EREPORT(("dst_s_conv_bignum_b64_to_u8: decoded value is longer than output buffer.\n"));
- return (0);
- }
- if (bp)
- *buf = bp; /* advancing buffer past \n */
- memset(loc, 0, loclen - blen); /* clearing unused output area */
- memcpy(loc + loclen - blen, bstr, blen); /* write last blen bytes */
- return (blen);
-}
-
-
-/*
- * dst_s_calculate_bits
- * Given a binary number represented in a u_char[], determine
- * the number of significant bits used.
- * Parameters
- * str An input character string containing a binary number.
- * max_bits The maximum possible significant bits.
- * Return
- * N The number of significant bits in str.
- */
-
-int
-dst_s_calculate_bits(const u_char *str, const int max_bits)
-{
- const u_char *p = str;
- u_char i, j = 0x80;
- int bits;
- for (bits = max_bits; *p == 0x00 && bits > 0; p++)
- bits -= 8;
- for (i = *p; (i & j) != j; j >>= 1)
- bits--;
- return (bits);
-}
-
-
-/*
- * calculates a checksum used in kmt for a id.
- * takes an array of bytes and a length.
- * returns a 16 bit checksum.
- */
-u_int16_t
-dst_s_id_calc(const u_char *key, const unsigned keysize)
-{
- u_int32_t ac;
- const u_char *kp = key;
- unsigned size = keysize;
-
- if (!key)
- return 0;
-
- for (ac = 0; size > 1; size -= 2, kp += 2)
- ac += ((*kp) << 8) + *(kp + 1);
-
- if (size > 0)
- ac += ((*kp) << 8);
- ac += (ac >> 16) & 0xffff;
-
- return (ac & 0xffff);
-}
-
-/*
- * dst_s_dns_key_id() Function to calculated DNSSEC footprint from KEY record
- * rdata (all of record)
- * Input:
- * dns_key_rdata: the raw data in wire format
- * rdata_len: the size of the input data
- * Output:
- * the key footprint/id calculated from the key data
- */
-u_int16_t
-dst_s_dns_key_id(const u_char *dns_key_rdata, const unsigned rdata_len)
-{
- unsigned key_data = 4;
-
- if (!dns_key_rdata || (rdata_len < key_data))
- return 0;
-
- /* check the extended parameters bit in the DNS Key RR flags */
- if (dst_s_get_int16(dns_key_rdata) & DST_EXTEND_FLAG)
- key_data += 2;
-
- /* compute id */
- if (dns_key_rdata[3] == KEY_RSA) /* Algorithm RSA */
- return dst_s_get_int16((const u_char *)
- &dns_key_rdata[rdata_len - 3]);
- else
- /* compute a checksum on the key part of the key rr */
- return dst_s_id_calc(&dns_key_rdata[key_data],
- (rdata_len - key_data));
-}
-
-/*
- * dst_s_get_int16
- * This routine extracts a 16 bit integer from a two byte character
- * string. The character string is assumed to be in network byte
- * order and may be unaligned. The number returned is in host order.
- * Parameter
- * buf A two byte character string.
- * Return
- * The converted integer value.
- */
-
-u_int16_t
-dst_s_get_int16(const u_char *buf)
-{
- register u_int16_t a = 0;
- a = ((u_int16_t)(buf[0] << 8)) | ((u_int16_t)(buf[1]));
- return (a);
-}
-
-
-/*
- * dst_s_get_int32
- * This routine extracts a 32 bit integer from a four byte character
- * string. The character string is assumed to be in network byte
- * order and may be unaligned. The number returned is in host order.
- * Parameter
- * buf A four byte character string.
- * Return
- * The converted integer value.
- */
-
-u_int32_t
-dst_s_get_int32(const u_char *buf)
-{
- register u_int32_t a = 0;
- a = ((u_int32_t)(buf[0] << 24)) | ((u_int32_t)(buf[1] << 16)) |
- ((u_int32_t)(buf[2] << 8)) | ((u_int32_t)(buf[3]));
- return (a);
-}
-
-
-/*
- * dst_s_put_int16
- * Take a 16 bit integer and store the value in a two byte
- * character string. The integer is assumed to be in network
- * order and the string is returned in host order.
- *
- * Parameters
- * buf Storage for a two byte character string.
- * val 16 bit integer.
- */
-
-void
-dst_s_put_int16(u_int8_t *buf, const u_int16_t val)
-{
- buf[0] = (u_int8_t)(val >> 8);
- buf[1] = (u_int8_t)(val);
-}
-
-
-/*
- * dst_s_put_int32
- * Take a 32 bit integer and store the value in a four byte
- * character string. The integer is assumed to be in network
- * order and the string is returned in host order.
- *
- * Parameters
- * buf Storage for a four byte character string.
- * val 32 bit integer.
- */
-
-void
-dst_s_put_int32(u_int8_t *buf, const u_int32_t val)
-{
- buf[0] = (u_int8_t)(val >> 24);
- buf[1] = (u_int8_t)(val >> 16);
- buf[2] = (u_int8_t)(val >> 8);
- buf[3] = (u_int8_t)(val);
-}
-
-
-/*
- * dst_s_filename_length
- *
- * This function returns the number of bytes needed to hold the
- * filename for a key file. '/', '\' and ':' are not allowed.
- * form: K<keyname>+<alg>+<id>.<suffix>
- *
- * Returns 0 if the filename would contain either '\', '/' or ':'
- */
-size_t
-dst_s_filename_length(const char *name, const char *suffix)
-{
- if (name == NULL)
- return (0);
- if (strrchr(name, '\\'))
- return (0);
- if (strrchr(name, '/'))
- return (0);
- if (strrchr(name, ':'))
- return (0);
- if (suffix == NULL)
- return (0);
- if (strrchr(suffix, '\\'))
- return (0);
- if (strrchr(suffix, '/'))
- return (0);
- if (strrchr(suffix, ':'))
- return (0);
- return (1 + strlen(name) + 6 + strlen(suffix));
-}
-
-
-/*
- * dst_s_build_filename ()
- * Builds a key filename from the key name, it's id, and a
- * suffix. '\', '/' and ':' are not allowed. fA filename is of the
- * form: K<keyname><id>.<suffix>
- * form: K<keyname>+<alg>+<id>.<suffix>
- *
- * Returns -1 if the conversion fails:
- * if the filename would be too long for space allotted
- * if the filename would contain a '\', '/' or ':'
- * Returns 0 on success
- */
-
-int
-dst_s_build_filename(char *filename, const char *name, unsigned id,
- int alg, const char *suffix, size_t filename_length)
-{
- unsigned my_id;
- if (filename == NULL)
- return (-1);
- memset(filename, 0, filename_length);
- if (name == NULL)
- return (-1);
- if (suffix == NULL)
- return (-1);
- if (filename_length < 1 + strlen(name) + 4 + 6 + 1 + strlen(suffix))
- return (-1);
- my_id = id;
- sprintf(filename, "K%s+%03d+%05d.%s", name, alg, my_id,
- (const char *) suffix);
- if (strrchr(filename, '/'))
- return (-1);
- if (strrchr(filename, '\\'))
- return (-1);
- if (strrchr(filename, ':'))
- return (-1);
- return (0);
-}
-
-/*
- * dst_s_fopen ()
- * Open a file in the dst_path directory. If perm is specified, the
- * file is checked for existence first, and not opened if it exists.
- * Parameters
- * filename File to open
- * mode Mode to open the file (passed directly to fopen)
- * perm File permission, if creating a new file.
- * Returns
- * NULL Failure
- * NON-NULL (FILE *) of opened file.
- */
-FILE *
-dst_s_fopen(const char *filename, const char *mode, unsigned perm)
-{
- FILE *fp;
- char pathname[PATH_MAX];
-
- /* Make sure the length is ok before we try to build it. */
- if ((strlen(dst_path) + strlen(filename)) > PATH_MAX - 1) {
- /* set errno in case anyone bothers to look */
- errno = ENAMETOOLONG;
- return (NULL);
- }
-
- /* dst_path if not empty has a terminating "/" already */
- strcpy(pathname, dst_path);
- strcpy(pathname + strlen(pathname), filename);
-
- fp = fopen(pathname, mode);
- if ((fp != NULL) && (perm != 0)) {
- if (chmod(pathname, perm) < 0) {
- fclose(fp);
- return (NULL);
- }
- }
-
- return (fp);
-}
-
-#if 0
-void
-dst_s_dump(const int mode, const u_char *data, const int size,
- const char *msg)
-{
- if (size > 0) {
-#ifdef LONG_TEST
- static u_char scratch[1000];
- int n ;
- n = b64_ntop(data, scratch, size, sizeof(scratch));
- printf("%s: %x %d %s\n", msg, mode, n, scratch);
-#else
- printf("%s,%x %d\n", msg, mode, size);
-#endif
- }
-}
-#endif
+++ /dev/null
-#ifdef HMAC_MD5
-/*
- * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
- */
-
-/*
- * This file contains an implementation of the HMAC-MD5 algorithm.
- */
-
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <netinet/in.h>
-#include <sys/socket.h>
-
-#include "cdefs.h"
-#include "osdep.h"
-#include "arpa/nameser.h"
-
-#include "dst_internal.h"
-
-#ifdef USE_MD5
-# include "md5.h"
-# ifndef _MD5_H_
-# define _MD5_H_ 1 /* make sure we do not include rsaref md5.h file */
-# endif
-#endif
-
-#define HMAC_LEN 64
-#define HMAC_IPAD 0x36
-#define HMAC_OPAD 0x5c
-#define MD5_LEN 16
-
-
-typedef struct hmackey {
- u_char hk_ipad[64], hk_opad[64];
-} HMAC_Key;
-
-
-/**************************************************************************
- * dst_hmac_md5_sign
- * Call HMAC signing functions to sign a block of data.
- * There are three steps to signing, INIT (initialize structures),
- * UPDATE (hash (more) data), FINAL (generate a signature). This
- * routine performs one or more of these steps.
- * Parameters
- * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
- * priv_key key to use for signing.
- * context the context to be used in this digest
- * data data to be signed.
- * len length in bytes of data.
- * signature location to store signature.
- * sig_len size of the signature location
- * returns
- * N Success on SIG_MODE_FINAL = returns signature length in bytes
- * 0 Success on SIG_MODE_INIT and UPDATE
- * <0 Failure
- */
-
-static int
-dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context,
- const u_char *data, const unsigned len,
- u_char *signature, const unsigned sig_len)
-{
- HMAC_Key *key;
- int sign_len = 0;
- MD5_CTX *ctx = NULL;
-
- if (d_key == NULL || d_key->dk_KEY_struct == NULL)
- return (-1);
- key = (HMAC_Key *) d_key->dk_KEY_struct;
-
- if (mode & SIG_MODE_INIT)
- ctx = (MD5_CTX *) malloc(sizeof(*ctx));
- else if (context)
- ctx = (MD5_CTX *) *context;
- if (ctx == NULL)
- return (-1);
-
- if (mode & SIG_MODE_INIT) {
- MD5Init(ctx);
- MD5Update(ctx, key->hk_ipad, HMAC_LEN);
- }
-
- if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
- MD5Update(ctx, (const unsigned char *)data, len);
-
- if (mode & SIG_MODE_FINAL) {
- if (signature == NULL || sig_len < MD5_LEN)
- return (SIGN_FINAL_FAILURE);
- MD5Final(signature, ctx);
-
- /* perform outer MD5 */
- MD5Init(ctx);
- MD5Update(ctx, key->hk_opad, HMAC_LEN);
- MD5Update(ctx, signature, MD5_LEN);
- MD5Final(signature, ctx);
- sign_len = MD5_LEN;
- SAFE_FREE(ctx);
- }
- else {
- if (context == NULL)
- return (-1);
- *context = (void *) ctx;
- }
- return (sign_len);
-}
-
-
-/**************************************************************************
- * dst_hmac_md5_verify()
- * Calls HMAC verification routines. There are three steps to
- * verification, INIT (initialize structures), UPDATE (hash (more) data),
- * FINAL (generate a signature). This routine performs one or more of
- * these steps.
- * Parameters
- * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
- * dkey key to use for verify.
- * data data signed.
- * len length in bytes of data.
- * signature signature.
- * sig_len length in bytes of signature.
- * returns
- * 0 Success
- * <0 Failure
- */
-
-static int
-dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context,
- const u_char *data, const unsigned len,
- const u_char *signature, const unsigned sig_len)
-{
- HMAC_Key *key;
- MD5_CTX *ctx = NULL;
-
- if (d_key == NULL || d_key->dk_KEY_struct == NULL)
- return (-1);
- key = (HMAC_Key *) d_key->dk_KEY_struct;
-
- if (mode & SIG_MODE_INIT)
- ctx = (MD5_CTX *) malloc(sizeof(*ctx));
- else if (context)
- ctx = (MD5_CTX *) *context;
- if (ctx == NULL)
- return (-1);
-
- if (mode & SIG_MODE_INIT) {
- MD5Init(ctx);
- MD5Update(ctx, key->hk_ipad, HMAC_LEN);
- }
- if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
- MD5Update(ctx, (const unsigned char *)data, len);
-
- if (mode & SIG_MODE_FINAL) {
- u_char digest[MD5_LEN];
- if (signature == NULL || key == NULL || sig_len != MD5_LEN)
- return (VERIFY_FINAL_FAILURE);
- MD5Final(digest, ctx);
-
- /* perform outer MD5 */
- MD5Init(ctx);
- MD5Update(ctx, key->hk_opad, HMAC_LEN);
- MD5Update(ctx, digest, MD5_LEN);
- MD5Final(digest, ctx);
-
- SAFE_FREE(ctx);
- if (memcmp(digest, signature, MD5_LEN) != 0)
- return (VERIFY_FINAL_FAILURE);
- }
- else {
- if (context == NULL)
- return (-1);
- *context = (void *) ctx;
- }
- return (0);
-}
-
-
-/**************************************************************************
- * dst_buffer_to_hmac_md5
- * Converts key from raw data to an HMAC Key
- * This function gets in a pointer to the data
- * Parameters
- * hkey the HMAC key to be filled in
- * key the key in raw format
- * keylen the length of the key
- * Return
- * 0 Success
- * <0 Failure
- */
-static int
-dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const unsigned keylen)
-{
- int i;
- HMAC_Key *hkey = NULL;
- MD5_CTX ctx;
- unsigned local_keylen = keylen;
- u_char tk[MD5_LEN];
-
- /* Do we need to check if keylen == 0? The original
- * code didn't, so we don't currently */
- if (dkey == NULL || key == NULL)
- return (-1);
-
- if ((hkey = (HMAC_Key *) malloc(sizeof(HMAC_Key))) == NULL)
- return (-2);
-
- memset(hkey->hk_ipad, 0, sizeof(hkey->hk_ipad));
- memset(hkey->hk_opad, 0, sizeof(hkey->hk_opad));
-
- /* if key is longer than HMAC_LEN bytes reset it to key=MD5(key) */
- if (keylen > HMAC_LEN) {
- memset(tk, 0, sizeof(tk));
- MD5Init(&ctx);
- MD5Update(&ctx, (const unsigned char *)key, keylen);
- MD5Final(tk, &ctx);
- memset((void *) &ctx, 0, sizeof(ctx));
- key = tk;
- local_keylen = MD5_LEN;
- }
- /* start out by storing key in pads */
- memcpy(hkey->hk_ipad, key, local_keylen);
- memcpy(hkey->hk_opad, key, local_keylen);
-
- /* XOR key with hk_ipad and opad values */
- for (i = 0; i < HMAC_LEN; i++) {
- hkey->hk_ipad[i] ^= HMAC_IPAD;
- hkey->hk_opad[i] ^= HMAC_OPAD;
- }
- dkey->dk_key_size = local_keylen;
- dkey->dk_KEY_struct = (void *) hkey;
- return (1);
-}
-
-
-/**************************************************************************
- * dst_hmac_md5_key_to_file_format
- * Encodes an HMAC Key into the portable file format.
- * Parameters
- * hkey HMAC KEY structure
- * buff output buffer
- * buff_len size of output buffer
- * Return
- * 0 Failure - null input hkey
- * -1 Failure - not enough space in output area
- * N Success - Length of data returned in buff
- */
-
-static int
-dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
- const unsigned buff_len)
-{
- char *bp;
- int i, res;
- unsigned len, b_len, key_len;
- u_char key[HMAC_LEN];
- HMAC_Key *hkey;
-
- if (dkey == NULL || dkey->dk_KEY_struct == NULL)
- return (0);
- if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str))
- return (-1); /* no OR not enough space in output area */
-
- hkey = (HMAC_Key *) dkey->dk_KEY_struct;
- memset(buff, 0, buff_len); /* just in case */
- /* write file header */
- sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC");
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
-
- memset(key, 0, HMAC_LEN);
- for (i = 0; i < HMAC_LEN; i++)
- key[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
- for (i = HMAC_LEN - 1; i >= 0; i--)
- if (key[i] != 0)
- break;
- key_len = i + 1;
-
- strcat(bp, "Key: ");
- bp += strlen("Key: ");
- b_len = buff_len - (bp - buff);
-
- res = b64_ntop(key, key_len, bp, b_len);
- if (res < 0)
- return (-1);
- len = (unsigned) res;
- bp += len;
- *(bp++) = '\n';
- *bp = '\0';
- b_len = buff_len - (bp - buff);
-
- return (buff_len - b_len);
-}
-
-
-/**************************************************************************
- * dst_hmac_md5_key_from_file_format
- * Converts contents of a key file into an HMAC key.
- * Parameters
- * hkey structure to put key into
- * buff buffer containing the encoded key
- * buff_len the length of the buffer
- * Return
- * n >= 0 Foot print of the key converted
- * n < 0 Error in conversion
- */
-
-static int
-dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff,
- const unsigned buff_len)
-{
- const char *p = buff, *eol;
- u_char key[HMAC_LEN+1]; /* b64_pton needs more than 64 bytes do decode
- * it should probably be fixed rather than doing
- * this
- */
- u_char *tmp;
- unsigned key_len, len;
-
- if (dkey == NULL)
- return (-2);
- if (buff == NULL)
- return (-1);
-
- memset(key, 0, sizeof(key));
-
- if (!dst_s_verify_str(&p, "Key: "))
- return (-3);
-
- eol = strchr(p, '\n');
- if (eol == NULL)
- return (-4);
- len = eol - p;
- tmp = malloc(len + 2);
- if (tmp == NULL)
- return (-5);
-
- memcpy(tmp, p, len);
- *(tmp + len) = 0x0;
- key_len = b64_pton((char *)tmp, key, HMAC_LEN+1); /* see above */
- SAFE_FREE2(tmp, len + 2);
-
- if (dst_buffer_to_hmac_md5(dkey, key, key_len) < 0) {
- return (-6);
- }
- return (0);
-}
-
-/*
- * dst_hmac_md5_to_dns_key()
- * function to extract hmac key from DST_KEY structure
- * input:
- * in_key: HMAC-MD5 key
- * output:
- * out_str: buffer to write ot
- * out_len: size of output buffer
- * returns:
- * number of bytes written to output buffer
- */
-static int
-dst_hmac_md5_to_dns_key(const DST_KEY *in_key, u_char *out_str,
- const unsigned out_len)
-{
-
- HMAC_Key *hkey;
- int i;
-
- if (in_key == NULL || in_key->dk_KEY_struct == NULL ||
- out_len <= in_key->dk_key_size || out_str == NULL)
- return (-1);
-
- hkey = (HMAC_Key *) in_key->dk_KEY_struct;
- for (i = 0; i < in_key->dk_key_size; i++)
- out_str[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
- return (i);
-}
-
-/**************************************************************************
- * dst_hmac_md5_compare_keys
- * Compare two keys for equality.
- * Return
- * 0 The keys are equal
- * NON-ZERO The keys are not equal
- */
-
-static int
-dst_hmac_md5_compare_keys(const DST_KEY *key1, const DST_KEY *key2)
-{
- HMAC_Key *hkey1 = (HMAC_Key *) key1->dk_KEY_struct;
- HMAC_Key *hkey2 = (HMAC_Key *) key2->dk_KEY_struct;
- return memcmp(hkey1->hk_ipad, hkey2->hk_ipad, HMAC_LEN);
-}
-
-/**************************************************************************
- * dst_hmac_md5_free_key_structure
- * Frees all (none) dynamically allocated structures in hkey
- */
-
-static void *
-dst_hmac_md5_free_key_structure(void *key)
-{
- HMAC_Key *hkey = key;
- SAFE_FREE(hkey);
- return (NULL);
-}
-
-
-/***************************************************************************
- * dst_hmac_md5_generate_key
- * Creates a HMAC key of size size with a maximum size of 63 bytes
- * generating a HMAC key larger than 63 bytes makes no sense as that key
- * is digested before use.
- */
-
-static int
-dst_hmac_md5_generate_key(DST_KEY *key, const int nothing)
-{
- u_char *buff;
- int n;
- unsigned size, len;
-
- if (key == NULL || key->dk_alg != KEY_HMAC_MD5)
- return (0);
- size = (key->dk_key_size + 7) / 8; /* convert to bytes */
- if (size <= 0)
- return(0);
-
- len = size > 64 ? 64 : size;
- buff = malloc(len+8);
- if (buff == NULL)
- return (-1);
-
- n = dst_random(DST_RAND_SEMI, len, buff);
- n += dst_random(DST_RAND_KEY, len, buff);
- if (n <= len) { /* failed getting anything */
- SAFE_FREE2(buff, len);
- return (-1);
- }
- n = dst_buffer_to_hmac_md5(key, buff, len);
- SAFE_FREE2(buff, len);
- if (n <= 0)
- return (n);
- return (1);
-}
-
-/*
- * dst_hmac_md5_init() Function to answer set up function pointers for HMAC
- * related functions
- */
-int
-dst_hmac_md5_init()
-{
- if (dst_t_func[KEY_HMAC_MD5] != NULL)
- return (1);
- dst_t_func[KEY_HMAC_MD5] = malloc(sizeof(struct dst_func));
- if (dst_t_func[KEY_HMAC_MD5] == NULL)
- return (0);
- memset(dst_t_func[KEY_HMAC_MD5], 0, sizeof(struct dst_func));
- dst_t_func[KEY_HMAC_MD5]->sign = dst_hmac_md5_sign;
- dst_t_func[KEY_HMAC_MD5]->verify = dst_hmac_md5_verify;
- dst_t_func[KEY_HMAC_MD5]->compare = dst_hmac_md5_compare_keys;
- dst_t_func[KEY_HMAC_MD5]->generate = dst_hmac_md5_generate_key;
- dst_t_func[KEY_HMAC_MD5]->destroy = dst_hmac_md5_free_key_structure;
- dst_t_func[KEY_HMAC_MD5]->to_dns_key = dst_hmac_md5_to_dns_key;
- dst_t_func[KEY_HMAC_MD5]->from_dns_key = dst_buffer_to_hmac_md5;
- dst_t_func[KEY_HMAC_MD5]->to_file_fmt = dst_hmac_md5_key_to_file_format;
- dst_t_func[KEY_HMAC_MD5]->from_file_fmt = dst_hmac_md5_key_from_file_format;
- return (1);
-}
-
-#else
-int
-dst_hmac_md5_init(){
- return (0);
-}
-#endif
-
-
-
-
-
-
-
+++ /dev/null
-/* crypto/md/md5.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Internet Systems Consortium, Inc.
- * 950 Charter Street
- * Redwood City, CA 94063
- * <info@isc.org>
- * https://www.isc.org/
- */
-
-#ifndef HEADER_MD5_H
-#define HEADER_MD5_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MD5_CBLOCK 64
-#define MD5_LBLOCK 16
-#define MD5_BLOCK 16
-#define MD5_LAST_BLOCK 56
-#define MD5_LENGTH_BLOCK 8
-#define MD5_DIGEST_LENGTH 16
-
-typedef struct MD5state_st
- {
- unsigned long A,B,C,D;
- unsigned long Nl,Nh;
- unsigned long data[MD5_LBLOCK];
- int num;
- } MD5_CTX;
-
-#ifndef NOPROTO
-void MD5_Init(MD5_CTX *c);
-void MD5_Update(MD5_CTX *c, const unsigned char *data, unsigned long len);
-void MD5_Final(unsigned char *md, MD5_CTX *c);
-unsigned char *MD5(unsigned char *d, unsigned long n, unsigned char *md);
-#else
-void MD5_Init();
-void MD5_Update();
-void MD5_Final();
-unsigned char *MD5();
-#endif
-
-/* to provide backward compatibleness to RSAREF calls ogud@tis.com 1997/11/14 */
-#define MD5Init(c) MD5_Init(c)
-#define MD5Update(c,data, len) MD5_Update(c,data,len)
-#define MD5Final(md, c) MD5_Final(md, c)
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* crypto/md/md5_dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Internet Systems Consortium, Inc.
- * 950 Charter Street
- * Redwood City, CA 94063
- * <info@isc.org>
- * https://www.isc.org/
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include "md5_locl.h"
-#include "cdefs.h"
-#include "osdep.h"
-
-#ifdef USE_MD5 /* Added by ogud@tis.com 1998/1/26 */
-
-const char *MD5_version="MD5 part of SSLeay 0.8.1 19-Jul-1997";
-
-/* Implemented from RFC1321 The MD5 Message-Digest Algorithm
- */
-
-#define INIT_DATA_A (unsigned long)0x67452301L
-#define INIT_DATA_B (unsigned long)0xefcdab89L
-#define INIT_DATA_C (unsigned long)0x98badcfeL
-#define INIT_DATA_D (unsigned long)0x10325476L
-
-#ifndef NOPROTO
-static void md5_block(MD5_CTX *c, unsigned long *p);
-#else
-static void md5_block();
-#endif
-
-void MD5_Init(c)
-MD5_CTX *c;
- {
- c->A=INIT_DATA_A;
- c->B=INIT_DATA_B;
- c->C=INIT_DATA_C;
- c->D=INIT_DATA_D;
- c->Nl=0;
- c->Nh=0;
- c->num=0;
- }
-
-void MD5_Update(c, data, len)
-MD5_CTX *c;
-const register unsigned char *data;
-unsigned long len;
- {
- register ULONG *p;
- int sw,sc;
- ULONG l;
-
- if (len == 0) return;
-
- l=(c->Nl+(len<<3))&0xffffffffL;
- /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
- * Wei Dai <weidai@eskimo.com> for pointing it out. */
- if (l < c->Nl) /* overflow */
- c->Nh++;
- c->Nh+=(len>>29);
- c->Nl=l;
-
- if (c->num != 0)
- {
- p=c->data;
- sw=c->num>>2;
- sc=c->num&0x03;
-
- if ((c->num+len) >= MD5_CBLOCK)
- {
- l= p[sw];
- p_c2l(data,l,sc);
- p[sw++]=l;
- for (; sw<MD5_LBLOCK; sw++)
- {
- c2l(data,l);
- p[sw]=l;
- }
- len-=(MD5_CBLOCK-c->num);
-
- md5_block(c,p);
- c->num=0;
- /* drop through and do the rest */
- }
- else
- {
- int ew,ec;
-
- c->num+=(int)len;
- if ((sc+len) < 4) /* ugly, add char's to a word */
- {
- l= p[sw];
- p_c2l_p(data,l,sc,len);
- p[sw]=l;
- }
- else
- {
- ew=(c->num>>2);
- ec=(c->num&0x03);
- l= p[sw];
- p_c2l(data,l,sc);
- p[sw++]=l;
- for (; sw < ew; sw++)
- { c2l(data,l); p[sw]=l; }
- if (ec)
- {
- c2l_p(data,l,ec);
- p[sw]=l;
- }
- }
- return;
- }
- }
- /* we now can process the input data in blocks of MD5_CBLOCK
- * chars and save the leftovers to c->data. */
- p=c->data;
- while (len >= MD5_CBLOCK)
- {
-#if defined(L_ENDIAN) || defined(B_ENDIAN)
- memcpy(p,data,MD5_CBLOCK);
- data+=MD5_CBLOCK;
-#ifdef B_ENDIAN
- for (sw=(MD5_LBLOCK/4); sw; sw--)
- {
- Endian_Reverse32(p[0]);
- Endian_Reverse32(p[1]);
- Endian_Reverse32(p[2]);
- Endian_Reverse32(p[3]);
- p+=4;
- }
-#endif
-#else
- for (sw=(MD5_LBLOCK/4); sw; sw--)
- {
- c2l(data,l); *(p++)=l;
- c2l(data,l); *(p++)=l;
- c2l(data,l); *(p++)=l;
- c2l(data,l); *(p++)=l;
- }
-#endif
- p=c->data;
- md5_block(c,p);
- len-=MD5_CBLOCK;
- }
- sc=(int)len;
- c->num=sc;
- if (sc)
- {
- sw=sc>>2; /* words to copy */
-#ifdef L_ENDIAN
- p[sw]=0;
- memcpy(p,data,sc);
-#else
- sc&=0x03;
- for ( ; sw; sw--)
- { c2l(data,l); *(p++)=l; }
- c2l_p(data,l,sc);
- *p=l;
-#endif
- }
- }
-
-static void md5_block(c, X)
-MD5_CTX *c;
-register ULONG *X;
- {
- register ULONG A,B,C,D;
-
- A=c->A;
- B=c->B;
- C=c->C;
- D=c->D;
-
- /* Round 0 */
- LOCL_R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
- LOCL_R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
- LOCL_R0(C,D,A,B,X[ 2],17,0x242070dbL);
- LOCL_R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
- LOCL_R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
- LOCL_R0(D,A,B,C,X[ 5],12,0x4787c62aL);
- LOCL_R0(C,D,A,B,X[ 6],17,0xa8304613L);
- LOCL_R0(B,C,D,A,X[ 7],22,0xfd469501L);
- LOCL_R0(A,B,C,D,X[ 8], 7,0x698098d8L);
- LOCL_R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
- LOCL_R0(C,D,A,B,X[10],17,0xffff5bb1L);
- LOCL_R0(B,C,D,A,X[11],22,0x895cd7beL);
- LOCL_R0(A,B,C,D,X[12], 7,0x6b901122L);
- LOCL_R0(D,A,B,C,X[13],12,0xfd987193L);
- LOCL_R0(C,D,A,B,X[14],17,0xa679438eL);
- LOCL_R0(B,C,D,A,X[15],22,0x49b40821L);
- /* Round 1 */
- LOCL_R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
- LOCL_R1(D,A,B,C,X[ 6], 9,0xc040b340L);
- LOCL_R1(C,D,A,B,X[11],14,0x265e5a51L);
- LOCL_R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
- LOCL_R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
- LOCL_R1(D,A,B,C,X[10], 9,0x02441453L);
- LOCL_R1(C,D,A,B,X[15],14,0xd8a1e681L);
- LOCL_R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
- LOCL_R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
- LOCL_R1(D,A,B,C,X[14], 9,0xc33707d6L);
- LOCL_R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
- LOCL_R1(B,C,D,A,X[ 8],20,0x455a14edL);
- LOCL_R1(A,B,C,D,X[13], 5,0xa9e3e905L);
- LOCL_R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
- LOCL_R1(C,D,A,B,X[ 7],14,0x676f02d9L);
- LOCL_R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
- /* Round 2 */
- LOCL_R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
- LOCL_R2(D,A,B,C,X[ 8],11,0x8771f681L);
- LOCL_R2(C,D,A,B,X[11],16,0x6d9d6122L);
- LOCL_R2(B,C,D,A,X[14],23,0xfde5380cL);
- LOCL_R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
- LOCL_R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
- LOCL_R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
- LOCL_R2(B,C,D,A,X[10],23,0xbebfbc70L);
- LOCL_R2(A,B,C,D,X[13], 4,0x289b7ec6L);
- LOCL_R2(D,A,B,C,X[ 0],11,0xeaa127faL);
- LOCL_R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
- LOCL_R2(B,C,D,A,X[ 6],23,0x04881d05L);
- LOCL_R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
- LOCL_R2(D,A,B,C,X[12],11,0xe6db99e5L);
- LOCL_R2(C,D,A,B,X[15],16,0x1fa27cf8L);
- LOCL_R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
- /* Round 3 */
- LOCL_R3(A,B,C,D,X[ 0], 6,0xf4292244L);
- LOCL_R3(D,A,B,C,X[ 7],10,0x432aff97L);
- LOCL_R3(C,D,A,B,X[14],15,0xab9423a7L);
- LOCL_R3(B,C,D,A,X[ 5],21,0xfc93a039L);
- LOCL_R3(A,B,C,D,X[12], 6,0x655b59c3L);
- LOCL_R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
- LOCL_R3(C,D,A,B,X[10],15,0xffeff47dL);
- LOCL_R3(B,C,D,A,X[ 1],21,0x85845dd1L);
- LOCL_R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
- LOCL_R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
- LOCL_R3(C,D,A,B,X[ 6],15,0xa3014314L);
- LOCL_R3(B,C,D,A,X[13],21,0x4e0811a1L);
- LOCL_R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
- LOCL_R3(D,A,B,C,X[11],10,0xbd3af235L);
- LOCL_R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
- LOCL_R3(B,C,D,A,X[ 9],21,0xeb86d391L);
-
- c->A+=A&0xffffffffL;
- c->B+=B&0xffffffffL;
- c->C+=C&0xffffffffL;
- c->D+=D&0xffffffffL;
- }
-
-void MD5_Final(md, c)
-unsigned char *md;
-MD5_CTX *c;
- {
- register int i,j;
- register ULONG l;
- register ULONG *p;
- static unsigned char end[4]={0x80,0x00,0x00,0x00};
- unsigned char *cp=end;
-
- /* c->num should definitely have room for at least one more byte. */
- p=c->data;
- j=c->num;
- i=j>>2;
-
- /* purify often complains about the following line as an
- * Uninitialized Memory Read. While this can be true, the
- * following p_c2l macro will reset l when that case is true.
- * This is because j&0x03 contains the number of 'valid' bytes
- * already in p[i]. If and only if j&0x03 == 0, the UMR will
- * occur but this is also the only time p_c2l will do
- * l= *(cp++) instead of l|= *(cp++)
- * Many thanks to Alex Tang <altitude@cic.net> for pickup this
- * 'potential bug' */
-#ifdef PURIFY
- if ((j&0x03) == 0) p[i]=0;
-#endif
- l=p[i];
- p_c2l(cp,l,j&0x03);
- p[i]=l;
- i++;
- /* i is the next 'undefined word' */
- if (c->num >= MD5_LAST_BLOCK)
- {
- for (; i<MD5_LBLOCK; i++)
- p[i]=0;
- md5_block(c,p);
- i=0;
- }
- for (; i<(MD5_LBLOCK-2); i++)
- p[i]=0;
- p[MD5_LBLOCK-2]=c->Nl;
- p[MD5_LBLOCK-1]=c->Nh;
- md5_block(c,p);
- cp=md;
- l=c->A; l2c(l,cp);
- l=c->B; l2c(l,cp);
- l=c->C; l2c(l,cp);
- l=c->D; l2c(l,cp);
-
- /* clear stuff, md5_block may be leaving some stuff on the stack
- * but I'm not worried :-) */
- c->num=0;
-/* memset((char *)&c,0,sizeof(c));*/
- }
-
-#ifdef undef
-int printit(l)
-unsigned long *l;
- {
- int i,ii;
-
- for (i=0; i<2; i++)
- {
- for (ii=0; ii<8; ii++)
- {
- fprintf(stderr,"%08lx ",l[i*8+ii]);
- }
- fprintf(stderr,"\n");
- }
- }
-#endif
-#endif /* USE_MD5 */
+++ /dev/null
-/* crypto/md/md5_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Internet Systems Consortium, Inc.
- * 950 Charter Street
- * Redwood City, CA 94063
- * <info@isc.org>
- * https://www.isc.org/
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include "md5.h"
-
-#define ULONG unsigned long
-#define UCHAR unsigned char
-#define UINT unsigned int
-
-#if defined(NOCONST)
-#define const
-#endif
-
-#undef c2l
-#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
- l|=(((unsigned long)(*((c)++)))<< 8), \
- l|=(((unsigned long)(*((c)++)))<<16), \
- l|=(((unsigned long)(*((c)++)))<<24))
-
-#undef p_c2l
-#define p_c2l(c,l,n) { \
- switch (n) { \
- case 0: l =((unsigned long)(*((c)++))); \
- case 1: l|=((unsigned long)(*((c)++)))<< 8; \
- case 2: l|=((unsigned long)(*((c)++)))<<16; \
- case 3: l|=((unsigned long)(*((c)++)))<<24; \
- } \
- }
-
-/* NOTE the pointer is not incremented at the end of this */
-#undef c2l_p
-#define c2l_p(c,l,n) { \
- l=0; \
- (c)+=n; \
- switch (n) { \
- case 3: l =((unsigned long)(*(--(c))))<<16; \
- case 2: l|=((unsigned long)(*(--(c))))<< 8; \
- case 1: l|=((unsigned long)(*(--(c)))) ; \
- } \
- }
-
-#undef p_c2l_p
-#define p_c2l_p(c,l,sc,len) { \
- switch (sc) \
- { \
- case 0: l =((unsigned long)(*((c)++))); \
- if (--len == 0) break; \
- case 1: l|=((unsigned long)(*((c)++)))<< 8; \
- if (--len == 0) break; \
- case 2: l|=((unsigned long)(*((c)++)))<<16; \
- } \
- }
-
-#undef l2c
-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
- } \
- }
-
-/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
-#if defined(WIN32)
-/* 5 instructions with rotate instruction, else 9 */
-#define Endian_Reverse32(a) \
- { \
- unsigned long l=(a); \
- (a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
- }
-#else
-/* 6 instructions with rotate instruction, else 8 */
-#define Endian_Reverse32(a) \
- { \
- unsigned long l=(a); \
- l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
- (a)=ROTATE(l,16L); \
- }
-#endif
-/*
-#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
-#define G(x,y,z) (((x) & (z)) | ((y) & (~(z))))
-*/
-
-/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
- * simplified to the code below. Wei attributes these optimizations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- */
-#define F(x,y,z) ((((y) ^ (z)) & (x)) ^ (z))
-#define G(x,y,z) ((((x) ^ (y)) & (z)) ^ (y))
-#define H(x,y,z) ((x) ^ (y) ^ (z))
-#define I(x,y,z) (((x) | (~(z))) ^ (y))
-
-#undef ROTATE
-#if defined(WIN32)
-#define ROTATE(a,n) _lrotl(a,n)
-#else
-#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
-
-#define LOCL_R0(a,b,c,d,k,s,t) { \
- a+=((k)+(t)+F((b),(c),(d))); \
- a=ROTATE(a,s); \
- a+=b; };\
-
-#define LOCL_R1(a,b,c,d,k,s,t) { \
- a+=((k)+(t)+G((b),(c),(d))); \
- a=ROTATE(a,s); \
- a+=b; };
-
-#define LOCL_R2(a,b,c,d,k,s,t) { \
- a+=((k)+(t)+H((b),(c),(d))); \
- a=ROTATE(a,s); \
- a+=b; };
-
-#define LOCL_R3(a,b,c,d,k,s,t) { \
- a+=((k)+(t)+I((b),(c),(d))); \
- a=ROTATE(a,s); \
- a+=b; };
+++ /dev/null
-/*
- * Portions Copyright (c) 2012-2014 by Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (c) 2007,2009 by Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- *
- * Permission to use, copy modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <time.h>
-#include <dirent.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-
-#include <netinet/in.h>
-#include <sys/socket.h>
-#define NEED_PRAND_CONF
-
-#include "cdefs.h"
-#include "osdep.h"
-#include "dst_internal.h"
-#include "arpa/nameser.h"
-
-
-#ifndef DST_NUM_HASHES
-#define DST_NUM_HASHES 4
-#endif
-#ifndef DST_NUMBER_OF_COUNTERS
-#define DST_NUMBER_OF_COUNTERS 5 /* 32 * 5 == 160 == SHA(1) > MD5 */
-#endif
-
-/*
- * the constant below is a prime number to make fixed data structures like
- * stat and time wrap over blocks. This adds certain randomness to what is
- * in each digested block.
- * The prime number 2879 has the special property that when
- * divided by 2,4 and 6 the result is also a prime numbers
- */
-
-#ifndef DST_RANDOM_BLOCK_SIZE
-#define DST_RANDOM_BLOCK_SIZE 2879
-#endif
-
-/*
- * This constant dictates how many bits we shift to the right before using a
- */
-#ifndef DST_SHIFT
-#define DST_SHIFT 9
-#endif
-
-/*
- * An initializer that is as bad as any other with half the bits set
- */
-#ifndef DST_RANDOM_PATTERN
-#define DST_RANDOM_PATTERN 0x8765CA93
-#endif
-/*
- * things must have changed in the last 3600 seconds to be used
- */
-#define MAX_OLD 3600
-
-/*
- * Define a single set of configuration for prand stuff. A superset
- * works okay (failed commands return no data, missing directories
- * are skipped, and so on.
- */
-static const char *cmds[] = {
- "/usr/bin/netstat -an 2>&1",
- "/usr/sbin/netstat -an 2>&1",
- "/usr/etc/netstat -an 2>&1",
- "/bin/netstat -an 2>&1",
- "/usr/ucb/netstat -an 2>&1",
-
- /* AIX */
- "/bin/ps -ef 2>&1",
- "/bin/df 2>&1",
- "/usr/bin/uptime 2>&1",
- "/usr/bin/printenv 2>&1",
- "/usr/bin/netstat -s 2>&1",
- "/usr/bin/w 2>&1",
- /* Tru64 */
- "/usr/bin/dig com. soa +ti=1 +retry=0 2>&1",
- "/usr/sbin/arp -an 2>&1",
- "/usr/ucb/uptime 2>&1",
- "/bin/iostat 2>&1",
- /* BSD */
- "/bin/ps -axlw 2>&1",
- "/usr/sbin/iostat 2>&1",
- "/usr/sbin/vmstat 2>&1",
- /* FreeBSD */
- "/usr/bin/vmstat 2>&1",
- "/usr/bin/w 2>&1",
- /* HP/UX */
- "/usr/bin/ps -ef 2>&1",
- /* IRIX */
- "/usr/etc/arp -a 2>&1",
- "/usr/bsd/uptime 2>&1",
- "/usr/bin/printenv 2>&1",
- "/usr/bsd/w 2>&1",
- /* Linux */
- "/sbin/arp -an 2>&1",
- "/usr/bin/vmstat 2>&1",
- /* NetBSD */
- /* OpenBSD */
- /* QNX */
- "/bin/ps -a 2>&1",
- "/bin/sin 2>&1",
- "/bin/sin fds 2>&1",
- "/bin/sin memory 2>&1",
- /* Solaris */
- "/usr/ucb/uptime 2>&1",
- "/usr/ucb/netstat -an 2>&1",
-
- "/usr/bin/netstat -an 2>&1",
- "/usr/sbin/netstat -an 2>&1",
- "/usr/etc/netstat -an 2>&1",
- "/bin/netstat -an 2>&1",
- "/usr/ucb/netstat -an 2>&1",
- NULL
-};
-
-static const char *dirs[] = {
- "/tmp",
- "/var/tmp",
- ".",
- "/",
- "/var/spool",
- "/var/adm",
- "/dev",
- "/var/spool/mail",
- "/var/mail",
- "/home",
- "/usr/home",
- NULL
-};
-
-static const char *files[] = {
- "/var/adm/messages",
- "/var/adm/wtmp",
- "/var/adm/lastlog",
- "/var/log/messages",
- "/var/log/wtmp",
- "/var/log/lastlog",
- "/proc/stat",
- "/proc/rtc",
- "/proc/meminfo",
- "/proc/interrupts",
- "/proc/self/status",
- "/proc/ipstats",
- "/proc/dumper",
- "/proc/self/as",
- NULL
-};
-
-/*
- * these two data structure are used to process input data into digests,
- *
- * The first structure contains a pointer to a DST HMAC key
- * the variables accompanying are used for
- * step : select every step byte from input data for the hash
- * block: number of data elements going into each hash
- * digested: number of data elements digested so far
- * curr: offset into the next input data for the first byte.
- */
-typedef struct hash {
- DST_KEY *key;
- void *ctx;
- int digested, block, step, curr;
-} prand_hash;
-
-/*
- * This data structure controls number of hashes and keeps track of
- * overall progress in generating correct number of bytes of output.
- * output : array to store the output data in
- * needed : how many bytes of output are needed
- * filled : number of bytes in output so far.
- * bytes : total number of bytes processed by this structure
- * file_digest : the HMAC key used to digest files.
- */
-typedef struct work {
- unsigned needed, filled, bytes;
- u_char *output;
- prand_hash *hash[DST_NUM_HASHES];
- DST_KEY *file_digest;
-} dst_work;
-
-
-/*
- * forward function declarations
- */
-static int get_dev_random(u_char *output, unsigned size);
-static int do_time(dst_work *work);
-static int do_ls(dst_work *work);
-static int unix_cmd(dst_work *work);
-static int digest_file(dst_work *work);
-
-static void force_hash(dst_work *work, prand_hash *hash);
-static int do_hash(dst_work *work, prand_hash *hash, const u_char *input,
- unsigned size);
-static int my_digest(dst_work *tmp, const u_char *input, unsigned size);
-static prand_hash *get_hmac_key(int step, int block);
-
-static unsigned own_random(dst_work *work);
-
-
-/*
- * variables used in the quick random number generator
- */
-static u_int32_t ran_val = DST_RANDOM_PATTERN;
-static u_int32_t ran_cnt = (DST_RANDOM_PATTERN >> 10);
-
-/*
- * setting the quick_random generator to particular values or if both
- * input parameters are 0 then set it to initial values
- */
-
-void
-dst_s_quick_random_set(u_int32_t val, u_int32_t cnt)
-{
- ran_val = (val == 0) ? DST_RANDOM_PATTERN : val;
- ran_cnt = (cnt == 0) ? (DST_RANDOM_PATTERN >> 10) : cnt;
-}
-
-/*
- * this is a quick and random number generator that seems to generate quite
- * good distribution of data
- */
-u_int32_t
-dst_s_quick_random(int inc)
-{
- ran_val = ((ran_val >> 13) ^ (ran_val << 19)) ^
- ((ran_val >> 7) ^ (ran_val << 25));
- if (inc > 0) /* only increasing values accepted */
- ran_cnt += inc;
- ran_val += ran_cnt++;
- return (ran_val);
-}
-
-/*
- * get_dev_random: Function to read /dev/random reliably
- * this function returns how many bytes where read from the device.
- * port_after.h should set the control variable HAVE_DEV_RANDOM
- */
-static int
-get_dev_random(u_char *output, unsigned size)
-{
-#ifdef HAVE_DEV_RANDOM
- struct stat st;
- int n = 0, fd = -1, s;
-
- s = stat("/dev/random", &st);
- if (s == 0 && S_ISCHR(st.st_mode)) {
- if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) {
- if ((n = read(fd, output, size)) < 0)
- n = 0;
- close(fd);
- }
- return (n);
- }
-#endif
- return (0);
-}
-
-/*
- * Portable way of getting the time values if gettimeofday is missing
- * then compile with -DMISSING_GETTIMEOFDAY time() is POSIX compliant but
- * gettimeofday() is not.
- * Time of day is predictable, we are looking for the randomness that comes
- * the last few bits in the microseconds in the timer are hard to predict when
- * this is invoked at the end of other operations
- */
-struct timeval *mtime;
-static int
-do_time(dst_work *work)
-{
- int cnt = 0;
- static u_char tmp[sizeof(struct timeval) + sizeof(struct timezone)];
- struct timezone *zone;
-
- zone = (struct timezone *) tmp;
- mtime = (struct timeval *)(tmp + sizeof(struct timezone));
- gettimeofday(mtime, zone);
- cnt = sizeof(tmp);
- my_digest(work, tmp, sizeof(tmp));
-
- return (cnt);
-}
-
-/*
- * this function simulates the ls command, but it uses stat which gives more
- * information and is harder to guess
- * Each call to this function will visit the next directory on the list of
- * directories, in a circular manner.
- * return value is the number of bytes added to the temp buffer
- *
- * do_ls() does not visit subdirectories
- * if attacker has access to machine it can guess most of the values seen
- * thus it is important to only visit directories that are frequently updated
- * Attacker that has access to the network can see network traffic
- * when NFS mounted directories are accessed and know exactly the data used
- * but may not know exactly in what order data is used.
- * Returns the number of bytes that where returned in stat structures
- */
-static int
-do_ls(dst_work *work)
-{
- struct dir_info {
- uid_t uid;
- gid_t gid;
- off_t size;
- time_t atime, mtime, ctime;
- };
- static struct dir_info dir_info;
- struct stat buf;
- struct dirent *entry;
- static int i = 0;
- static unsigned long d_round = 0;
- struct timeval tv;
- int n = 0, out = 0;
- unsigned dir_len;
-
- char file_name[1024];
- u_char tmp_buff[1024];
- DIR *dir = NULL;
-
- if (dirs[i] == NULL) /* if at the end of the list start over */
- i = 0;
- if (stat(dirs[i++], &buf)) /* directory does not exist */
- return (0);
-
- gettimeofday(&tv,NULL);
- if (d_round == 0)
- d_round = tv.tv_sec - MAX_OLD;
- else if (i==1) /* if starting a new round cut what we accept */
- d_round += (tv.tv_sec - d_round)/2;
-
- if (buf.st_atime < d_round)
- return (0);
-
- EREPORT(("do_ls i %d filled %4d in_temp %4d\n",
- i-1, work->filled, work->in_temp));
- memcpy(tmp_buff, &buf, sizeof(buf));
-
-
- if ((dir = opendir(dirs[i-1])) == NULL)/* open it for read */
- return (0);
- strcpy(file_name, dirs[i-1]);
- dir_len = strlen(file_name);
- file_name[dir_len++] = '/';
- while ((entry = readdir(dir))) {
- unsigned len = strlen(entry->d_name);
- out += len;
- if (my_digest(work, (u_char *)entry->d_name, len))
- break;
-
- memcpy(&file_name[dir_len], entry->d_name, len);
- file_name[dir_len + len] = 0x0;
- /* for all entries in dir get the stats */
- if (stat(file_name, &buf) == 0) {
- n++; /* count successful stat calls */
- /* copy non static fields */
- dir_info.uid += buf.st_uid;
- dir_info.gid += buf.st_gid;
- dir_info.size += buf.st_size;
- dir_info.atime += buf.st_atime;
- dir_info.mtime += buf.st_mtime;
- dir_info.ctime += buf.st_ctime;
- out += sizeof(dir_info);
- if(my_digest(work, (u_char *)&dir_info,
- sizeof(dir_info)))
- break;
- }
- }
- closedir(dir); /* done */
- out += do_time(work); /* add a time stamp */
- return (out);
-}
-
-
-/*
- * unix_cmd()
- * this function executes the a command from the cmds[] list of unix commands
- * configured in the prand_conf.h file
- * return value is the number of bytes added to the randomness temp buffer
- *
- * it returns the number of bytes that where read in
- * if more data is needed at the end time is added to the data.
- * This function maintains a state to selects the next command to run
- * returns the number of bytes read in from the command
- */
-static int
-unix_cmd(dst_work *work)
-{
- static int cmd_index = 0;
- int cnt = 0, n;
- FILE *pipe;
- u_char buffer[4096];
-
- if (cmds[cmd_index] == NULL)
- cmd_index = 0;
- EREPORT(("unix_cmd() i %d filled %4d in_temp %4d\n",
- cmd_index, work->filled, work->in_temp));
- pipe = popen(cmds[cmd_index++], "r"); /* execute the command */
-
- while ((n = fread(buffer, sizeof(char), sizeof(buffer), pipe)) > 0) {
- cnt += n; /* process the output */
- if (my_digest(work, buffer, (unsigned)n))
- break;
- /* this adds some randomness to the output */
- cnt += do_time(work);
- }
- while ((n = fread(buffer, sizeof(char), sizeof(buffer), pipe)) > 0)
- ; /* drain the pipe */
- pclose(pipe);
- return (cnt); /* read how many bytes where read in */
-}
-
-/*
- * digest_file() This function will read a file and run hash over it
- * input is a file name
- */
-static int
-digest_file(dst_work *work)
-{
- static int f_cnt = 0;
- static unsigned long f_round = 0;
- FILE *fp;
- void *ctx;
- const char *name;
- int no, i;
- struct stat st;
- struct timeval tv;
- u_char buf[1024];
-
- name = files[f_cnt++];
- if (f_round == 0 || files[f_cnt] == NULL || work->file_digest == NULL)
- if (gettimeofday(&tv, NULL)) /* only do this if needed */
- return (0);
- if (f_round == 0) /* first time called set to one hour ago */
- f_round = (tv.tv_sec - MAX_OLD);
- if (files[f_cnt] == NULL) { /* end of list of files */
- if(f_cnt <= 1) /* list is too short */
- return (0);
- f_cnt = 0; /* start again on list */
- f_round += (tv.tv_sec - f_round)/2; /* set new cutoff */
- work->file_digest = dst_free_key(work->file_digest);
- }
- if (work->file_digest == NULL) {
- work->file_digest = dst_buffer_to_key("", KEY_HMAC_MD5, 0, 0,
- (u_char *)&tv, sizeof(tv));
- if (work->file_digest == NULL)
- return (0);
- }
- if (access(name, R_OK) || stat(name, &st))
- return (0); /* no such file or not allowed to read it */
- if (strncmp(name, "/proc/", 6) && st.st_mtime < f_round)
- return(0); /* file has not changed recently enough */
- if (dst_sign_data(SIG_MODE_INIT, work->file_digest, &ctx,
- NULL, 0, NULL, 0)) {
- work->file_digest = dst_free_key(work->file_digest);
- return (0);
- }
- if ((fp = fopen(name, "r")) == NULL)
- return (0);
- for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0;
- no += i)
- dst_sign_data(SIG_MODE_UPDATE, work->file_digest, &ctx,
- buf, (unsigned)i, NULL, 0);
-
- fclose(fp);
- if (no >= 64) {
- i = dst_sign_data(SIG_MODE_FINAL, work->file_digest, &ctx,
- NULL, 0, &work->output[work->filled],
- DST_HASH_SIZE);
- if (i > 0)
- work->filled += i;
- }
-
- my_digest(work, (const u_char *)name, strlen(name));
- return (no + strlen(name));
-}
-
-/*
- * function to perform the FINAL and INIT operation on a hash if allowed
- */
-static void
-force_hash(dst_work *work, prand_hash *hash)
-{
- int i = 0;
-
- /*
- * if more than half a block then add data to output
- * otherwise add the digest to the next hash
- */
- if ((hash->digested * 2) > hash->block) {
- i = dst_sign_data(SIG_MODE_FINAL, hash->key, &hash->ctx,
- NULL, 0, &work->output[work->filled],
- DST_HASH_SIZE);
-
- hash->digested = 0;
- dst_sign_data(SIG_MODE_INIT, hash->key, &hash->ctx,
- NULL, 0, NULL, 0);
- if (i > 0)
- work->filled += i;
- }
- return;
-}
-
-/*
- * This function takes the input data does the selection of data specified
- * by the hash control block.
- * The step variable in the work structure determines which 1/step bytes
- * are used,
- *
- */
-static int
-do_hash(dst_work *work, prand_hash *hash, const u_char *input, unsigned size)
-{
- const u_char *tmp = input;
- u_char *tp, *abuf = (u_char *)0;
- int i, n;
- unsigned needed, avail, dig, cnt = size;
- unsigned tmp_size = 0;
-
- if (cnt <= 0 || input == NULL)
- return (0);
-
- if (hash->step > 1) { /* if using subset of input data */
- tmp_size = size / hash->step + 2;
- abuf = tp = malloc(tmp_size);
- /* no good return code but at least don't step on things */
- if (tp == NULL) {
- return (0);
- }
- tmp = tp;
- for (cnt = 0, i = hash->curr; i < size; i += hash->step, cnt++)
- *(tp++) = input[i];
- /* calculate the starting point in the next input set */
- hash->curr = (hash->step - (i - size)) % hash->step;
- }
- /* digest the data in block sizes */
- for (n = 0; n < cnt; n += needed) {
- avail = (cnt - n);
- needed = hash->block - hash->digested;
- dig = (avail < needed) ? avail : needed;
- dst_sign_data(SIG_MODE_UPDATE, hash->key, &hash->ctx,
- &tmp[n], dig, NULL, 0);
- hash->digested += dig;
- if (hash->digested >= hash->block)
- force_hash(work, hash);
- if (work->needed < work->filled) {
- if (abuf)
- SAFE_FREE2(abuf, tmp_size);
- return (1);
- }
- }
- if (tmp_size > 0)
- SAFE_FREE2(abuf, tmp_size);
- return (0);
-}
-
-/*
- * Copy data from INPUT for length SIZE into the work-block TMP.
- * If we fill the work-block, digest it; then,
- * if work-block needs more data, keep filling with the rest of the input.
- */
-static int
-my_digest(dst_work *work, const u_char *input, unsigned size)
-{
-
- int i, full = 0;
- static unsigned counter;
-
- counter += size;
- /* first do each one of the hashes */
- for (i = 0; i < DST_NUM_HASHES && full == 0; i++)
- full = do_hash(work, work->hash[i], input, size) +
- do_hash(work, work->hash[i], (u_char *) &counter,
- sizeof(counter));
-/*
- * if enough data has be generated do final operation on all hashes
- * that have enough date for that
- */
- for (i = 0; full && (i < DST_NUM_HASHES); i++)
- force_hash(work, work->hash[i]);
-
- return (full);
-}
-
-/*
- * this function gets some semi random data and sets that as an HMAC key
- * If we get a valid key this function returns that key initialized
- * otherwise it returns NULL;
- */
-static prand_hash *
-get_hmac_key(int step, int block)
-{
-
- u_char *buff;
- int temp = 0, n = 0;
- unsigned size = 70;
- DST_KEY *new_key = NULL;
- prand_hash *new = NULL;
-
- /* use key that is larger than digest algorithms (64) for key size */
- buff = malloc(size);
- if (buff == NULL)
- return (NULL);
- /* do not memset the allocated memory to get random bytes there */
- /* time of day is somewhat random especially in the last bytes */
- gettimeofday((struct timeval *) &buff[n], NULL);
- n += sizeof(struct timeval);
-
-/* get some semi random stuff in here stir it with micro seconds */
- if (n < size) {
- temp = dst_s_quick_random((int) buff[n - 1]);
- memcpy(&buff[n], &temp, sizeof(temp));
- n += sizeof(temp);
- }
-/* get the pid of this process and its parent */
- if (n < size) {
- temp = (int) getpid();
- memcpy(&buff[n], &temp, sizeof(temp));
- n += sizeof(temp);
- }
- if (n < size) {
- temp = (int) getppid();
- memcpy(&buff[n], &temp, sizeof(temp));
- n += sizeof(temp);
- }
-/* get the user ID */
- if (n < size) {
- temp = (int) getuid();
- memcpy(&buff[n], &temp, sizeof(temp));
- n += sizeof(temp);
- }
-#ifndef GET_HOST_ID_MISSING
- if (n < size) {
- temp = (int) gethostid();
- memcpy(&buff[n], &temp, sizeof(temp));
- n += sizeof(temp);
- }
-#endif
-/* get some more random data */
- if (n < size) {
- temp = dst_s_quick_random((int) buff[n - 1]);
- memcpy(&buff[n], &temp, sizeof(temp));
- }
-/* covert this into a HMAC key */
- new_key = dst_buffer_to_key("", KEY_HMAC_MD5, 0, 0, buff, size);
- SAFE_FREE(buff);
-
-/* get the control structure */
- if ((new = malloc(sizeof(prand_hash))) == NULL)
- return (NULL);
- new->digested = new->curr = 0;
- new->step = step;
- new->block = block;
- new->key = new_key;
- if (dst_sign_data(SIG_MODE_INIT, new_key, &new->ctx, NULL, 0, NULL, 0)) {
- SAFE_FREE(new);
- return (NULL);
- }
-
- return (new);
-}
-
-/*
- * own_random()
- * This function goes out and from various sources tries to generate enough
- * semi random data that a hash function can generate a random data.
- * This function will iterate between the two main random source sources,
- * information from programs and directories in random order.
- * This function return the number of bytes added to the random output buffer.
- */
-static unsigned
-own_random(dst_work *work)
-{
- int dir = 0, b;
- int bytes, n, cmd = 0, dig = 0;
-/*
- * now get the initial seed to put into the quick random function from
- * the address of the work structure
- */
- bytes = (int) getpid();
-/*
- * proceed while needed
- */
- while (work->filled < work->needed) {
- EREPORT(("own_random r %08x b %6d t %6d f %6d\n",
- ran_val, bytes, work->in_temp, work->filled));
-/* pick a random number in the range of 0..7 based on that random number
- * perform some operations that yield random data
- */
- n = (dst_s_quick_random(bytes) >> DST_SHIFT) & 0x07;
- switch (n) {
- case 0:
- case 3:
- if (sizeof(cmds) > 2 *sizeof(*cmds)) {
- b = unix_cmd(work);
- cmd += b;
- }
- break;
-
- case 1:
- case 7:
- if (sizeof(dirs) > 2 *sizeof(*dirs)) {
- b = do_ls(work);
- dir += b;
- }
- break;
-
- case 4:
- case 5:
- /* retry getting data from /dev/random */
- b = get_dev_random(&work->output[work->filled],
- work->needed - work->filled);
- if (b > 0)
- work->filled += b;
- break;
-
- case 6:
- if (sizeof(files) > 2 * sizeof(*files)) {
- b = digest_file(work);
- dig += b;
- }
- break;
-
- case 2:
- default: /* to make sure we make some progress */
- work->output[work->filled++] = 0xff &
- dst_s_quick_random(bytes);
- b = 1;
- break;
- }
- if (b > 0)
- bytes += b;
- }
- return (work->filled);
-}
-
-
-/*
- * dst_s_random() This function will return the requested number of bytes
- * of randomness to the caller it will use the best available sources of
- * randomness.
- * The current order is to use /dev/random, precalculated randomness, and
- * finally use some system calls and programs to generate semi random data
- * that is then digested to generate randomness.
- * This function is thread safe as each thread uses its own context, but
- * concurrent treads will affect each other as they update shared state
- * information.
- * It is strongly recommended that this function be called requesting a size
- * that is not a multiple of the output of the hash function used.
- *
- * If /dev/random is not available this function is not suitable to generate
- * large amounts of data, rather it is suitable to seed a pseudo-random
- * generator
- * Returns the number of bytes put in the output buffer
- */
-int
-dst_s_random(u_char *output, unsigned size)
-{
- int n = 0, i;
- unsigned s;
- static u_char old_unused[DST_HASH_SIZE * DST_NUM_HASHES];
- static unsigned unused = 0;
-
- if (size <= 0 || output == NULL)
- return (0);
-
- if (size >= 2048)
- return (-1);
- /*
- * Read from /dev/random
- */
- n = get_dev_random(output, size);
- /*
- * If old data is available and needed use it
- */
- if (n < size && unused > 0) {
- unsigned need = size - n;
- if (unused <= need) {
- memcpy(output, old_unused, unused);
- n += unused;
- unused = 0;
- } else {
- memcpy(output, old_unused, need);
- n += need;
- unused -= need;
- memcpy(old_unused, &old_unused[need], unused);
- }
- }
- /*
- * If we need more use the simulated randomness here.
- */
- if (n < size) {
- dst_work *my_work = (dst_work *) malloc(sizeof(dst_work));
- if (my_work == NULL)
- return (n);
- my_work->needed = size - n;
- my_work->filled = 0;
- my_work->output = (u_char *) malloc(my_work->needed +
- DST_HASH_SIZE *
- DST_NUM_HASHES);
- my_work->file_digest = NULL;
- if (my_work->output == NULL) {
- SAFE_FREE(my_work);
- return (n);
- }
- memset(my_work->output, 0x0, my_work->needed);
-/* allocate upto 4 different HMAC hash functions out of order */
-#if DST_NUM_HASHES >= 3
- my_work->hash[2] = get_hmac_key(3, DST_RANDOM_BLOCK_SIZE / 2);
-#endif
-#if DST_NUM_HASHES >= 2
- my_work->hash[1] = get_hmac_key(7, DST_RANDOM_BLOCK_SIZE / 6);
-#endif
-#if DST_NUM_HASHES >= 4
- my_work->hash[3] = get_hmac_key(5, DST_RANDOM_BLOCK_SIZE / 4);
-#endif
- my_work->hash[0] = get_hmac_key(1, DST_RANDOM_BLOCK_SIZE);
- if (my_work->hash[0] == NULL) { /* if failure bail out */
- for (i = 1; i < DST_NUM_HASHES; i++) {
- if (my_work->hash[i] != NULL) {
- dst_free_key(my_work->hash[i]->key);
- SAFE_FREE(my_work->hash[i]);
- }
- }
- SAFE_FREE(my_work->output);
- SAFE_FREE(my_work);
- return (n);
- }
- s = own_random(my_work);
-/* if more generated than needed store it for future use */
- if (s >= my_work->needed) {
- EREPORT(("dst_s_random(): More than needed %d >= %d\n",
- s, my_work->needed));
- memcpy(&output[n], my_work->output, my_work->needed);
- n += my_work->needed;
- /* saving unused data for next time */
- unused = s - my_work->needed;
- if (unused > sizeof(old_unused)) {
- unused = sizeof(old_unused);
- }
- memcpy(old_unused, &my_work->output[my_work->needed],
- unused);
- } else {
- /* XXXX This should not happen */
- EREPORT(("Not enough %d >= %d\n", s, my_work->needed));
- memcpy(&output[n], my_work->output, s);
- n += my_work->needed;
- }
-
-/* delete the allocated work area */
- for (i = 0; i < DST_NUM_HASHES; i++) {
- if (my_work->hash[i] != NULL) {
- dst_free_key(my_work->hash[i]->key);
- SAFE_FREE(my_work->hash[i]);
- }
- }
- SAFE_FREE(my_work->output);
- SAFE_FREE(my_work);
- }
- return (n);
-}
-
-/*
- * A random number generator that is fast and strong
- * this random number generator is based on HASHing data,
- * the input to the digest function is a collection of <NUMBER_OF_COUNTERS>
- * counters that is incremented between digest operations
- * each increment operation amortizes to 2 bits changed in that value
- * for 5 counters thus the input will amortize to have 10 bits changed
- * The counters are initially set using the strong random function above
- * the HMAC key is selected by the same method as the HMAC keys for the
- * strong random function.
- * Each set of counters is used for 2^25 operations
- *
- * returns the number of bytes written to the output buffer
- * or negative number in case of error
- */
-int
-dst_s_semi_random(u_char *output, unsigned size)
-{
- static u_int32_t counter[DST_NUMBER_OF_COUNTERS];
- static u_char semi_old[DST_HASH_SIZE];
- static int semi_loc = 0, cnt = 0;
- static unsigned hb_size = 0;
- static DST_KEY *my_key = NULL;
- prand_hash *hash;
- unsigned out = 0;
- unsigned i;
- int n, res;
-
- if (output == NULL || size <= 0)
- return (-2);
-
-/* check if we need a new key */
- if (my_key == NULL || cnt > (1 << 25)) { /* get HMAC KEY */
- if (my_key)
- my_key->dk_func->destroy(my_key);
- if ((hash = get_hmac_key(1, DST_RANDOM_BLOCK_SIZE)) == NULL)
- return (0);
- my_key = hash->key;
-/* check if the key works stir the new key using some old random data */
- hb_size = dst_sign_data(SIG_MODE_ALL, my_key, NULL,
- (u_char *) counter, sizeof(counter),
- semi_old, sizeof(semi_old));
- if (hb_size <= 0) {
- EREPORT(("dst_s_semi_random() Sign of alg %d failed %d\n",
- my_key->dk_alg, hb_size));
- return (-1);
- }
-/* new set the counters to random values */
- dst_s_random((u_char *) counter, sizeof(counter));
- cnt = 0;
- }
-/* if old data around use it first */
- if (semi_loc < hb_size) {
- if (size <= hb_size - semi_loc) { /* need less */
- memcpy(output, &semi_old[semi_loc], size);
- semi_loc += size;
- return (size); /* DONE */
- } else {
- out = hb_size - semi_loc;
- memcpy(output, &semi_old[semi_loc], out);
- semi_loc += out;
- }
- }
-/* generate more random stuff */
- while (out < size) {
- /*
- * modify at least one bit by incrementing at least one counter
- * based on the last bit of the last counter updated update
- * the next one.
- * minimally this operation will modify at least 1 bit,
- * amortized 2 bits
- */
- for (n = 0; n < DST_NUMBER_OF_COUNTERS; n++)
- i = (int) counter[n]++;
-
- res = dst_sign_data(SIG_MODE_ALL, my_key, NULL,
- (u_char *) counter, hb_size,
- semi_old, sizeof(semi_old));
- if (res < 0) {
- return res;
- }
- i = (unsigned) res;
- if (i != hb_size)
- EREPORT(("HMAC SIGNATURE FAILURE %d\n", i));
- cnt++;
- if (size - out < i) /* Not all data is needed */
- semi_loc = i = size - out;
- memcpy(&output[out], semi_old, i);
- out += i;
- }
- return (out);
-}
/*
*
- * Copyright (c) 2009-2014 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2009-2015 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2000-2003 by Internet Software Consortium
*
*/
#include "dhcpd.h"
-#include "dst/md5.h"
#include <dns/result.h>
char *ddns_standard_tag = "ddns-dhcid";
projects / thirdparty / dhcp.git / commitdiff
