=== modified file 'configure.ac' --- configure.ac 2014-03-05 12:08:54 +0000 +++ configure.ac 2014-03-11 03:19:43 +0000 @@ -1214,6 +1214,28 @@ AM_CONDITIONAL(ENABLE_HTCP, [test "x$enable_htcp" = "xyes"]) AC_MSG_NOTICE([HTCP support enabled: $enable_htcp]) +# Cryptograhic libraries +AC_ARG_WITH(nettle, + AS_HELP_STRING([--without-nettle],[Compile without the Nettle crypto library.]),[ +case "$with_nettle" in + yes|no) + : # Nothing special to do here + ;; + *) + if test ! -d "$withval" ; then + AC_MSG_ERROR([--with-nettle path does not point to a directory]) + fi + NETTLELIBDIR="$with_nettle/lib" + CPPFLAGS="-I$with_nettle/include $CPPFLAGS" + with_nettle=yes + esac +]) +if test "x$with_nettle" != "xno" ; then + AC_CHECK_HEADERS(nettle/md5.h) + AC_CHECK_LIB(nettle, nettle_md5_init,[NETTLELIB="-lnettle"],[with_nettle=no]) +fi +AC_MSG_NOTICE([Using Nettle cryptographic library: ${with_nettle:=yes}]) +AC_SUBST(NETTLELIB) # SSL is not enabled by default. # Default is to use OpenSSL when available @@ -1263,11 +1285,9 @@ ]) SQUID_DEFINE_BOOL(USE_SSL,$enable_ssl, [Define this to include code for SSL gatewaying support]) -AC_MSG_NOTICE([Using OpenSSL MD5 implementation: ${with_openssl:=no}]) -SQUID_DEFINE_BOOL(USE_OPENSSL,${with_openssl}, - [Define this to make use of the OpenSSL libraries for MD5 calculation rather than Squid-supplied MD5 implementation or if building with SSL encryption]) +AC_MSG_NOTICE([Using OpenSSL library: ${with_openssl:=no}]) if test "x$enable_ssl" = "xyes"; then - if test "x$SSLLIB" = "x"; then + if test "x$SSLLIB" = "x" -a "x$with_nettle" = "xno"; then SSLLIB="-lcrypto" # for MD5 routines fi # This is a workaround for RedHat 9 brain damage.. === modified file 'helpers/basic_auth/NCSA/Makefile.am' --- helpers/basic_auth/NCSA/Makefile.am 2013-05-01 10:13:22 +0000 +++ helpers/basic_auth/NCSA/Makefile.am 2014-03-11 05:06:05 +0000 @@ -8,6 +8,7 @@ $(top_builddir)/lib/libmisccontainers.la \ $(top_builddir)/lib/libmiscencoding.la \ $(COMPAT_LIB) \ + $(NETTLELIB) \ $(CRYPTLIB) \ $(SSLLIB) \ $(XTRA_LIBS) === modified file 'helpers/digest_auth/LDAP/Makefile.am' --- helpers/digest_auth/LDAP/Makefile.am 2013-05-04 06:34:24 +0000 +++ helpers/digest_auth/LDAP/Makefile.am 2014-03-11 05:27:44 +0000 @@ -14,6 +14,7 @@ $(COMPAT_LIB) \ $(LDAPLIB) \ $(LBERLIB) \ + $(NETTLELIB) \ $(CRYPTLIB) \ $(SSLLIB) \ $(XTRA_LIBS) === modified file 'helpers/digest_auth/file/Makefile.am' --- helpers/digest_auth/file/Makefile.am 2013-05-04 06:34:24 +0000 +++ helpers/digest_auth/file/Makefile.am 2014-03-11 05:37:29 +0000 @@ -14,6 +14,7 @@ $(top_builddir)/lib/libmisccontainers.la \ $(top_builddir)/lib/libmiscencoding.la \ $(COMPAT_LIB) \ + $(NETTLELIB) \ $(CRYPTLIB) \ $(SSLLIB) \ $(XTRA_LIBS) === modified file 'include/md5.h' --- include/md5.h 2010-11-21 04:40:05 +0000 +++ include/md5.h 2014-03-11 05:01:13 +0000 @@ -1,6 +1,18 @@ #ifndef SQUID_MD5_H #define SQUID_MD5_H +#if HAVE_NETTLE_MD5_H +#include + +typedef struct md5_ctx SquidMD5_CTX; + +#define SquidMD5Init(c) md5_init((c)) +#define SquidMD5Update(c,b,l) md5_update((c), (l), (const uint8_t *)(b)) +#define SquidMD5Final(d,c) md5_digest((c), MD5_DIGEST_SIZE, (uint8_t *)(d)) + +#define SQUID_MD5_DIGEST_LENGTH MD5_DIGEST_SIZE + +#else /* * This is the header file for the MD5 message-digest algorithm. * The algorithm is due to Ron Rivest. This code was @@ -45,4 +57,6 @@ #define SQUID_MD5_DIGEST_LENGTH 16 +#endif /* HAVE_NETTLE_MD5_H */ + #endif /* SQUID_MD5_H */ === modified file 'lib/md5.c' --- lib/md5.c 2012-01-20 18:55:04 +0000 +++ lib/md5.c 2014-03-11 03:15:27 +0000 @@ -32,6 +32,8 @@ #include "squid.h" #include "md5.h" +#if !HAVE_NETTLE_MD5_H + #if HAVE_STRING_H #include /* for memcpy() */ #endif @@ -252,3 +254,4 @@ } #endif /* !ASM_MD5 */ +#endif /* HAVE_ETTLE_MD5_H */ === modified file 'src/Makefile.am' --- src/Makefile.am 2014-02-11 13:14:09 +0000 +++ src/Makefile.am 2014-03-11 08:42:37 +0000 @@ -639,6 +639,7 @@ $(DISK_LINKOBJS) \ $(REPL_OBJS) \ $(DISK_OS_LIBS) \ + $(NETTLELIB) \ $(CRYPTLIB) \ $(REGEXLIB) \ $(ADAPTATION_LIBS) \ @@ -760,6 +761,7 @@ mgr/libmgr.la \ $(XTRA_OBJS) \ $(REPL_OBJS) \ + $(NETTLELIB) \ $(CRYPTLIB) \ $(REGEXLIB) \ $(SSLLIB) \ @@ -1348,6 +1350,7 @@ $(top_builddir)/lib/libmiscencoding.la \ $(top_builddir)/lib/libmiscutil.la \ $(DISK_OS_LIBS) \ + $(NETTLELIB) \ $(REGEXLIB) \ $(SQUID_CPPUNIT_LIBS) \ $(SSLLIB) \ @@ -1610,6 +1613,7 @@ $(top_builddir)/lib/libmisccontainers.la \ $(top_builddir)/lib/libmiscencoding.la \ $(top_builddir)/lib/libmiscutil.la \ + $(NETTLELIB) \ $(REGEXLIB) \ $(SQUID_CPPUNIT_LIBS) \ $(SQUID_CPPUNIT_LA) \ @@ -1791,6 +1795,7 @@ $(top_builddir)/lib/libmisccontainers.la \ $(top_builddir)/lib/libmiscencoding.la \ $(top_builddir)/lib/libmiscutil.la \ + $(NETTLELIB) \ $(REGEXLIB) \ $(SQUID_CPPUNIT_LIBS) \ $(SSLLIB) \ @@ -2038,6 +2043,7 @@ ipc/libipc.la \ mgr/libmgr.la \ $(SNMP_LIBS) \ + $(NETTLELIB) \ $(REGEXLIB) \ $(SQUID_CPPUNIT_LIBS) \ $(SQUID_CPPUNIT_LA) \ @@ -2285,6 +2291,7 @@ ipc/libipc.la \ mgr/libmgr.la \ $(SNMP_LIBS) \ + $(NETTLELIB) \ $(REGEXLIB) \ $(SQUID_CPPUNIT_LIBS) \ $(SQUID_CPPUNIT_LA) \ @@ -2525,6 +2532,7 @@ $(top_builddir)/lib/libmisccontainers.la \ $(top_builddir)/lib/libmiscencoding.la \ $(top_builddir)/lib/libmiscutil.la \ + $(NETTLELIB) \ $(REGEXLIB) \ $(SQUID_CPPUNIT_LIBS) \ $(SQUID_CPPUNIT_LA) \ @@ -2813,6 +2821,7 @@ $(top_builddir)/lib/libmiscencoding.la \ $(top_builddir)/lib/libmiscutil.la \ $(DISK_OS_LIBS) \ + $(NETTLELIB) \ $(REGEXLIB) \ $(SQUID_CPPUNIT_LIBS) \ $(SQUID_CPPUNIT_LA) \ @@ -2987,6 +2996,7 @@ $(top_builddir)/lib/libmisccontainers.la \ $(top_builddir)/lib/libmiscencoding.la \ $(top_builddir)/lib/libmiscutil.la \ + $(NETTLELIB) \ $(REGEXLIB) \ $(SQUID_CPPUNIT_LIBS) \ $(SSLLIB) \ @@ -3225,6 +3235,7 @@ $(top_builddir)/lib/libmisccontainers.la \ $(top_builddir)/lib/libmiscencoding.la \ $(top_builddir)/lib/libmiscutil.la \ + $(NETTLELIB) \ $(REGEXLIB) \ $(SQUID_CPPUNIT_LIBS) \ $(SSLLIB) \ @@ -3403,6 +3414,7 @@ $(top_builddir)/lib/libmisccontainers.la \ $(top_builddir)/lib/libmiscencoding.la \ $(top_builddir)/lib/libmiscutil.la \ + $(NETTLELIB) \ $(REGEXLIB) \ $(SQUID_CPPUNIT_LIBS) \ $(SSLLIB) \ @@ -3648,6 +3660,7 @@ $(top_builddir)/lib/libmisccontainers.la \ $(top_builddir)/lib/libmiscencoding.la \ $(top_builddir)/lib/libmiscutil.la \ + $(NETTLELIB) \ $(COMPAT_LIB) \ $(SQUID_CPPUNIT_LIBS) \ $(SQUID_CPPUNIT_LA) \ === modified file 'src/wccp2.cc' --- src/wccp2.cc 2014-02-13 07:02:35 +0000 +++ src/wccp2.cc 2014-03-11 07:44:50 +0000 @@ -67,7 +67,7 @@ #define WCCP2_MASK_ASSIGNMENT 0x01 #define WCCP2_NONE_SECURITY_LEN 0 -#define WCCP2_MD5_SECURITY_LEN 16 +#define WCCP2_MD5_SECURITY_LEN SQUID_MD5_DIGEST_LENGTH // 16 /* Useful defines */ #define WCCP2_NUMPORTS 8 @@ -573,7 +573,7 @@ static char wccp2_update_md5_security(char *password, char *ptr, char *packet, int len) { - uint8_t md5_digest[16]; + uint8_t md5Digest[SQUID_MD5_DIGEST_LENGTH]; char pwd[WCCP2_PASSWORD_LEN]; SquidMD5_CTX M; @@ -601,7 +601,7 @@ * including the WCCP message header. The WCCP security implementation * area should be zero'ed before calculating the MD5 hash. */ - /* XXX eventually we should be able to kill md5_digest and blit it directly in */ + /* XXX eventually we should be able to kill md5Digest and blit it directly in */ memset(ws->security_implementation, 0, sizeof(ws->security_implementation)); SquidMD5Init(&M); @@ -610,9 +610,9 @@ SquidMD5Update(&M, packet, len); - SquidMD5Final(md5_digest, &M); + SquidMD5Final(md5Digest, &M); - memcpy(ws->security_implementation, md5_digest, sizeof(md5_digest)); + memcpy(ws->security_implementation, md5Digest, sizeof(md5Digest)); /* Finished! */ return 1; @@ -627,7 +627,7 @@ { struct wccp2_security_md5_t *ws = (struct wccp2_security_md5_t *) security; - uint8_t md5_digest[16], md5_challenge[16]; + uint8_t md5Digest[SQUID_MD5_DIGEST_LENGTH], md5_challenge[SQUID_MD5_DIGEST_LENGTH]; char pwd[WCCP2_PASSWORD_LEN]; SquidMD5_CTX M; @@ -655,7 +655,7 @@ pwd[sizeof(pwd) - 1] = '\0'; /* Take a copy of the challenge: we need to NUL it before comparing */ - memcpy(md5_challenge, ws->security_implementation, 16); + memcpy(md5_challenge, ws->security_implementation, sizeof(md5_challenge)); memset(ws->security_implementation, 0, sizeof(ws->security_implementation)); @@ -665,9 +665,9 @@ SquidMD5Update(&M, packet, len); - SquidMD5Final(md5_digest, &M); + SquidMD5Final(md5Digest, &M); - return (memcmp(md5_digest, md5_challenge, 16) == 0); + return (memcmp(md5Digest, md5_challenge, SQUID_MD5_DIGEST_LENGTH) == 0); } void