=== modified file 'CREDITS' --- CREDITS 2014-03-06 05:41:17 +0000 +++ CREDITS 2014-03-16 05:43:02 +0000 @@ -171,41 +171,6 @@ ============================================================================== -lib/md5.c: - -/* - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * SquidMD5Context structure, pass it to SquidMD5Init, call - * SquidMD5Update as needed on buffers full of bytes, and then call - * SquidMD5Final, which will fill a supplied 16-byte array with the - * digest. - * - * Changed so as no longer to depend on Colin Plumb's `usual.h' header - * definitions; now uses stuff from dpkg's config.h. - * - Ian Jackson . - * Still in the public domain. - * - * Changed SquidMD5Update to take a void * for easier use and some - * other minor cleanup. - Henrik Nordstrom . - * Still in the public domain. - * - * Prefixed all symbols with "Squid" so they don't collide with - * other libraries. Duane Wessels . - * Still in the public domain. - */ - -============================================================================== - lib/radix.c: /* === modified file 'configure.ac' --- configure.ac 2014-03-16 03:08:55 +0000 +++ configure.ac 2014-03-17 01:10:20 +0000 @@ -1216,26 +1216,26 @@ # Cryptograhic libraries AC_ARG_WITH(nettle, - AS_HELP_STRING([--without-nettle],[Compile without the Nettle crypto library.]),[ + AS_HELP_STRING([--with-nettle=PATH],[Compile with Nettle cryptographic library at a custom location.]),[ case "$with_nettle" in - yes|no) - : # Nothing special to do here + no) + AC_MSG_ERROR([Nettle crypto library is required]) ;; *) if test ! -d "$withval" ; then - AC_MSG_ERROR([--with-nettle path does not point to a directory]) + AC_MSG_ERROR([--with-nettle=PATH does not point to a directory]) fi NETTLELIBDIR="-L$with_nettle/lib" CPPFLAGS="-I$with_nettle/include $CPPFLAGS" with_nettle=yes esac ]) -if test "x$with_nettle" != "xno" ; then - AC_CHECK_LIB(nettle, nettle_md5_init,[ - NETTLELIB="$NETTLELIBDIR -lnettle" - AC_CHECK_HEADERS(nettle/md5.h) - ],[with_nettle=no]) -fi +AC_CHECK_LIB(nettle, nettle_md5_init,[ + NETTLELIB="$NETTLELIBDIR -lnettle" +],[ + AC_MSG_ERROR([Nettle cryptographic library is required]) +]) +AC_CHECK_HEADERS(nettle/md5.h) AC_MSG_NOTICE([Using Nettle cryptographic library: ${with_nettle:=yes}]) AC_SUBST(NETTLELIB) @@ -2218,7 +2218,6 @@ netinet/in_systm.h \ netinet/ip_fil_compat.h \ openssl/err.h \ - openssl/md5.h \ openssl/opensslv.h \ openssl/ssl.h \ openssl/x509v3.h \ @@ -2248,7 +2247,6 @@ sys/ipc.cc \ sys/param.h \ sys/prctl.h \ - sys/md5.h \ sys/mman.h \ sys/msg.h \ sys/resource.h \ === modified file 'helpers/basic_auth/NCSA/crypt_md5.cc' --- helpers/basic_auth/NCSA/crypt_md5.cc 2014-02-21 10:46:19 +0000 +++ helpers/basic_auth/NCSA/crypt_md5.cc 2014-03-16 08:40:22 +0000 @@ -1,6 +1,6 @@ /* * Shamelessly stolen from linux-pam, and adopted to work with - * OpenSSL md5 implementation and any magic string + * Nettle md5 implementation and any magic string * * Origin2: md5_crypt.c,v 1.1.1.1 2000/01/03 17:34:46 gafton Exp * @@ -16,9 +16,11 @@ */ #include "squid.h" #include "crypt_md5.h" -#include "md5.h" #include +#if HAVE_NETTLE_MD5_H +#include +#endif static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; @@ -41,17 +43,15 @@ * $magic$salt$... * If not the normal UNIX magic $1$ is used. */ - -char *crypt_md5(const char *pw, const char *salt) +char *crypt_md5(const char *pswd, const char *salt) { const char *magic = "$1$"; int magiclen = 3; static char passwd[120], *p; - static const char *sp, *ep; - unsigned char final[16]; - int sl, pl, i, j; - SquidMD5_CTX ctx, ctx1; + uint8_t final[MD5_DIGEST_SIZE]; + struct md5_ctx ctx, ctx1; unsigned long l; + const uint8_t *pw = reinterpret_cast(pswd); if (*salt == '$') { magic = salt; @@ -68,80 +68,84 @@ } /* Refine the Salt first */ - sp = salt; + const uint8_t *sp = reinterpret_cast(salt); /* It stops at the first '$', max 8 chars */ + const uint8_t *ep; for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ++ep) continue; /* get the length of the true salt */ - sl = ep - sp; + size_t sl = ep - sp; - SquidMD5Init(&ctx); + md5_init(&ctx); /* The password first, since that is what is most unknown */ - SquidMD5Update(&ctx, (unsigned const char *) pw, strlen(pw)); + const size_t pwLen = strlen(pswd); + md5_update(&ctx, pwLen, pw); /* Then our magic string */ - SquidMD5Update(&ctx, (unsigned const char *) magic, magiclen); + md5_update(&ctx, magiclen, reinterpret_cast(magic)); /* Then the raw salt */ - SquidMD5Update(&ctx, (unsigned const char *) sp, sl); + md5_update(&ctx, sl, sp); /* Then just as many characters of the MD5(pw,salt,pw) */ - SquidMD5Init(&ctx1); - SquidMD5Update(&ctx1, (unsigned const char *) pw, strlen(pw)); - SquidMD5Update(&ctx1, (unsigned const char *) sp, sl); - SquidMD5Update(&ctx1, (unsigned const char *) pw, strlen(pw)); - SquidMD5Final(final, &ctx1); - for (pl = strlen(pw); pl > 0; pl -= 16) - SquidMD5Update(&ctx, (unsigned const char *) final, pl > 16 ? 16 : pl); + md5_init(&ctx1); + md5_update(&ctx1, pwLen, pw); + md5_update(&ctx1, sl, sp); + md5_update(&ctx1, pwLen, pw); + md5_digest(&ctx1, MD5_DIGEST_SIZE, final); + for (ssize_t pl = pwLen; pl > 0; pl -= MD5_DIGEST_SIZE) + md5_update(&ctx, min(pl, MD5_DIGEST_SIZE), final); /* Don't leave anything around in vm they could use. */ - memset(final, 0, sizeof final); + memset(final, 0, sizeof(final)); /* Then something really weird... */ - for (j = 0, i = strlen(pw); i; i >>= 1) + for (uint8_t j = 0, i = pwLen; i; i >>= 1) if (i & 1) - SquidMD5Update(&ctx, (unsigned const char *) final + j, 1); + md5_update(&ctx, 1, final + j); else - SquidMD5Update(&ctx, (unsigned const char *) pw + j, 1); + md5_update(&ctx, 1, pw + j); /* Now make the output string */ memset(passwd, 0, sizeof(passwd)); strncat(passwd, magic, magiclen); - strncat(passwd, sp, sl); - strcat(passwd, "$"); + strncat(passwd, reinterpret_cast(sp), sl); + strncat(passwd, "$", 1); - SquidMD5Final(final, &ctx); + md5_digest(&ctx, MD5_DIGEST_SIZE, final); /* * and now, just to make sure things don't run too fast * On a 60 Mhz Pentium this takes 34 msec, so you would * need 30 seconds to build a 1000 entry dictionary... */ - for (i = 0; i < 1000; ++i) { - SquidMD5Init(&ctx1); + for (uint16_t i = 0; i < 1000; ++i) { + md5_init(&ctx1); if (i & 1) - SquidMD5Update(&ctx1, (unsigned const char *) pw, strlen(pw)); + md5_update(&ctx1, pwLen, pw); else - SquidMD5Update(&ctx1, (unsigned const char *) final, 16); + md5_update(&ctx1, MD5_DIGEST_SIZE, final); if (i % 3) - SquidMD5Update(&ctx1, (unsigned const char *) sp, sl); + md5_update(&ctx1, sl, sp); if (i % 7) - SquidMD5Update(&ctx1, (unsigned const char *) pw, strlen(pw)); + md5_update(&ctx1, pwLen, pw); if (i & 1) - SquidMD5Update(&ctx1, (unsigned const char *) final, 16); + md5_update(&ctx1, MD5_DIGEST_SIZE, final); else - SquidMD5Update(&ctx1, (unsigned const char *) pw, strlen(pw)); - SquidMD5Final(final, &ctx1); + md5_update(&ctx1, pwLen, pw); + md5_digest(&ctx1, MD5_DIGEST_SIZE, final); } p = passwd + strlen(passwd); + // XXX: this is base64 encoding of the 'final' binary string yes? + l = (final[0] << 16) | (final[6] << 8) | final[12]; md5to64(p, l, 4); p += 4; @@ -163,7 +167,7 @@ *p = '\0'; /* Don't leave anything around in vm they could use. */ - memset(final, 0, sizeof final); + memset(final, 0, sizeof(final)); return passwd; } @@ -173,25 +177,23 @@ */ char *md5sum(const char *s) { - static unsigned char digest[16]; - SquidMD5_CTX ctx; - int idx; + static uint8_t digest[MD5_DIGEST_SIZE]; + struct md5_ctx ctx; static char sum[33]; - memset(digest,0,16); - - SquidMD5Init(&ctx); - SquidMD5Update(&ctx,(const unsigned char *)s,strlen(s)); - SquidMD5Final(digest,&ctx); - - for (idx=0; idx<16; ++idx) + memset(digest, 0, sizeof(digest)); + + md5_init(&ctx); + md5_update(&ctx, strlen(s), reinterpret_cast(s)); + md5_digest(&ctx, MD5_DIGEST_SIZE, digest); + + for (uint8_t idx=0; idx<16; ++idx) snprintf(&sum[idx*2],(33-(idx*2)),"%02x",digest[idx]); sum[32]='\0'; /* Don't leave anything around in vm they could use. */ - memset(digest, 0, sizeof digest); + memset(digest, 0, sizeof(digest)); return sum; } - === modified file 'helpers/basic_auth/RADIUS/basic_radius_auth.cc' --- helpers/basic_auth/RADIUS/basic_radius_auth.cc 2014-02-21 10:46:19 +0000 +++ helpers/basic_auth/RADIUS/basic_radius_auth.cc 2014-03-16 08:51:12 +0000 @@ -47,7 +47,6 @@ #include "squid.h" #include "helpers/defines.h" -#include "md5.h" #include "radius-util.h" #include "radius.h" @@ -55,6 +54,9 @@ #include #include #include +#if HAVE_NETTLE_MD5_H +#include +#endif #if HAVE_SYS_SOCKET_H #include #endif @@ -88,7 +90,7 @@ #define MAXPASS 254 #define MAXLINE 254 -static void md5_calc(uint8_t out[16], void *in, size_t len); +static void md5_calc(uint8_t out[MD5_DIGEST_SIZE], void *in, size_t len); static int i_send_buffer[2048]; static int i_recv_buffer[2048]; @@ -142,12 +144,12 @@ * MD5 digest */ static void -md5_calc(uint8_t out[16], void *in, size_t len) +md5_calc(uint8_t out[MD5_DIGEST_SIZE], void *in, size_t len) { - SquidMD5_CTX ctx; - SquidMD5Init(&ctx); - SquidMD5Update(&ctx, in, len); - SquidMD5Final(out, &ctx); + struct md5_ctx ctx; + md5_init(&ctx); + md5_update(&ctx, len, reinterpret_cast(in)); + md5_digest(&ctx, MD5_DIGEST_SIZE, out); } /* @@ -179,7 +181,7 @@ memcpy(auth->vector, vector, AUTH_VECTOR_LEN); secretlen = strlen(secretkey); memcpy(buffer + length, secretkey, secretlen); - md5_calc(calc_digest, (unsigned char *) auth, length + secretlen); + md5_calc(calc_digest, reinterpret_cast(auth), length + secretlen); if (memcmp(reply_digest, calc_digest, AUTH_VECTOR_LEN) != 0) { debug("WARNING: Received invalid reply digest from server\n"); === modified file 'helpers/basic_auth/RADIUS/radius-util.cc' --- helpers/basic_auth/RADIUS/radius-util.cc 2014-02-21 10:46:19 +0000 +++ helpers/basic_auth/RADIUS/radius-util.cc 2014-03-17 01:17:58 +0000 @@ -37,7 +37,6 @@ " 2.1 Copyright 1997 Cistron Internet Services B.V."; #include "squid.h" -#include "md5.h" #include "radius-util.h" #include === modified file 'helpers/basic_auth/RADIUS/radius.h' --- helpers/basic_auth/RADIUS/radius.h 2012-08-28 13:00:30 +0000 +++ helpers/basic_auth/RADIUS/radius.h 2014-03-16 08:51:51 +0000 @@ -1,3 +1,10 @@ +#ifndef _SQUID_RADIUS_H +#define _SQUID_RADIUS_H + +#if HAVE_NETTLE_MD5_H +#include +#endif + /* * * RADIUS @@ -29,7 +36,7 @@ * @(#)radius.h 2.0 03-Aug-1996 */ -#define AUTH_VECTOR_LEN 16 +#define AUTH_VECTOR_LEN MD5_DIGEST_SIZE // 16 #define AUTH_PASS_LEN 16 #define AUTH_STRING_LEN 128 /* maximum of 254 */ @@ -192,3 +199,4 @@ #define PW_STATUS_ACCOUNTING_ON 7 #define PW_STATUS_ACCOUNTING_OFF 8 +#endif /* _SQUID_RADIUS_H */ === removed file 'include/md5.h' --- include/md5.h 2014-03-16 03:08:55 +0000 +++ include/md5.h 1970-01-01 00:00:00 +0000 @@ -1,62 +0,0 @@ -#ifndef SQUID_MD5_H -#define SQUID_MD5_H - -#if HAVE_NETTLE_MD5_H -#include - -typedef struct md5_ctx SquidMD5_CTX; - -#define SquidMD5Init(c) md5_init((c)) -#define SquidMD5Update(c,b,l) md5_update((c), (l), (const uint8_t *)(b)) -#define SquidMD5Final(d,c) md5_digest((c), MD5_DIGEST_SIZE, (uint8_t *)(d)) - -#define SQUID_MD5_DIGEST_LENGTH MD5_DIGEST_SIZE - -#else -/* - * This is the header file for the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * MD5Context structure, pass it to MD5Init, call MD5Update as - * needed on buffers full of bytes, and then call MD5Final, which - * will fill a supplied 16-byte array with the digest. - * - * Changed so as no longer to depend on Colin Plumb's `usual.h' - * header definitions; now uses stuff from dpkg's config.h - * - Ian Jackson . - * Still in the public domain. - * - * Changed MD5Update to take a void * for easier use and some other - * minor cleanup. - Henrik Nordstrom . - * Still in the public domain. - * - * Prefixed all symbols with "Squid" so they don't collide with - * other libraries. Duane Wessels . - * Still in the public domain. - * - */ - -typedef struct SquidMD5Context { - uint32_t buf[4]; - uint32_t bytes[2]; - uint32_t in[16]; -} SquidMD5_CTX; - -SQUIDCEXTERN void SquidMD5Init(struct SquidMD5Context *context); -SQUIDCEXTERN void SquidMD5Update(struct SquidMD5Context *context, const void *buf, unsigned len); -SQUIDCEXTERN void SquidMD5Final(uint8_t digest[16], struct SquidMD5Context *context); -SQUIDCEXTERN void SquidMD5Transform(uint32_t buf[4], uint32_t const in[16]); - -#define SQUID_MD5_DIGEST_LENGTH 16 - -#endif /* HAVE_NETTLE_MD5_H */ - -#endif /* SQUID_MD5_H */ === modified file 'lib/Makefile.am' --- lib/Makefile.am 2014-01-08 04:29:04 +0000 +++ lib/Makefile.am 2014-03-16 05:37:21 +0000 @@ -49,7 +49,6 @@ base64.c \ charset.c \ html_quote.c \ - md5.c \ rfc1738.c \ rfc2617.c \ uudecode.c === removed file 'lib/md5-test.c' --- lib/md5-test.c 2014-02-21 10:46:19 +0000 +++ lib/md5-test.c 1970-01-01 00:00:00 +0000 @@ -1,48 +0,0 @@ -/* - * COMPILE WITH: - * gcc -Wall md5-test.c -I../include md5.o - */ - -#include "squid.h" -#include "md5.h" -//#include "stdio.h" // ??? - -static void MDPrint(unsigned char digest[16]); -static void MDString(char *string); - -static void -MDString(char *string) -{ - MD5_CTX context; - unsigned char digest[16]; - unsigned int len = strlen(string); - xMD5Init(&context); - xMD5Update(&context, string, len); - xMD5Final(digest, &context); - printf("MD5 (\"%s\") = ", string); - MDPrint(digest); - printf("\n"); -} - -static void -MDPrint(unsigned char digest[16]) -{ - unsigned int i; - for (i = 0; i < 16; i++) - printf("%02x", digest[i]); -} - -int -main(int argc, char **argv) -{ - printf("MD5 test suite:\n"); - MDString(""); - MDString("a"); - MDString("abc"); - MDString("message digest"); - MDString("abcdefghijklmnopqrstuvwxyz"); - MDString("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"); - MDString("1234567890123456789012345678901234567890" - "1234567890123456789012345678901234567890"); - return 0; -} === removed file 'lib/md5.c' --- lib/md5.c 2014-03-16 03:08:55 +0000 +++ lib/md5.c 1970-01-01 00:00:00 +0000 @@ -1,257 +0,0 @@ -/* - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * SquidMD5Context structure, pass it to SquidMD5Init, call - * SquidMD5Update as needed on buffers full of bytes, and then call - * SquidMD5Final, which will fill a supplied 16-byte array with the - * digest. - * - * Changed so as no longer to depend on Colin Plumb's `usual.h' header - * definitions; now uses stuff from dpkg's config.h. - * - Ian Jackson . - * Still in the public domain. - * - * Changed SquidMD5Update to take a void * for easier use and some - * other minor cleanup. - Henrik Nordstrom . - * Still in the public domain. - * - * Prefixed all symbols with "Squid" so they don't collide with - * other libraries. Duane Wessels . - * Still in the public domain. - * - */ -#include "squid.h" -#include "md5.h" - -#if !HAVE_NETTLE_MD5_H - -#if HAVE_STRING_H -#include /* for memcpy() */ -#endif -#if HAVE_SYS_TYPES_H -#include /* for stupid systems */ -#endif - -#ifdef WORDS_BIGENDIAN -void -static byteSwap(uint32_t * buf, unsigned words) -{ - uint8_t *p = (uint8_t *) buf; - - do { - *buf++ = (uint32_t) ((unsigned) p[3] << 8 | p[2]) << 16 | - ((unsigned) p[1] << 8 | p[0]); - p += 4; - } while (--words); -} -#else -#define byteSwap(buf,words) -#endif - -/* - * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious - * initialization constants. - */ -void -SquidMD5Init(struct SquidMD5Context *ctx) -{ - ctx->buf[0] = 0x67452301; - ctx->buf[1] = 0xefcdab89; - ctx->buf[2] = 0x98badcfe; - ctx->buf[3] = 0x10325476; - - ctx->bytes[0] = 0; - ctx->bytes[1] = 0; -} - -/* - * Update context to reflect the concatenation of another buffer full - * of bytes. - */ -void -SquidMD5Update(struct SquidMD5Context *ctx, const void *_buf, unsigned len) -{ - uint8_t const *buf = _buf; - uint32_t t; - - /* Update byte count */ - - t = ctx->bytes[0]; - if ((ctx->bytes[0] = t + len) < t) - ctx->bytes[1]++; /* Carry from low to high */ - - t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */ - if (t > len) { - memcpy((uint8_t *) ctx->in + 64 - t, buf, len); - return; - } - /* First chunk is an odd size */ - memcpy((uint8_t *) ctx->in + 64 - t, buf, t); - byteSwap(ctx->in, 16); - SquidMD5Transform(ctx->buf, ctx->in); - buf += t; - len -= t; - - /* Process data in 64-byte chunks */ - while (len >= 64) { - memcpy(ctx->in, buf, 64); - byteSwap(ctx->in, 16); - SquidMD5Transform(ctx->buf, ctx->in); - buf += 64; - len -= 64; - } - - /* Handle any remaining bytes of data. */ - memcpy(ctx->in, buf, len); -} - -/* - * Final wrapup - pad to 64-byte boundary with the bit pattern - * 1 0* (64-bit count of bits processed, MSB-first) - */ -void -SquidMD5Final(unsigned char digest[16], struct SquidMD5Context *ctx) -{ - int count = ctx->bytes[0] & 0x3f; /* Number of bytes in ctx->in */ - uint8_t *p = (uint8_t *) ctx->in + count; - - /* Set the first char of padding to 0x80. There is always room. */ - *p++ = 0x80; - - /* Bytes of padding needed to make 56 bytes (-8..55) */ - count = 56 - 1 - count; - - if (count < 0) { /* Padding forces an extra block */ - memset(p, 0, count + 8); - byteSwap(ctx->in, 16); - SquidMD5Transform(ctx->buf, ctx->in); - p = (uint8_t *) ctx->in; - count = 56; - } - memset(p, 0, count); - byteSwap(ctx->in, 14); - - /* Append length in bits and transform */ - ctx->in[14] = ctx->bytes[0] << 3; - ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29; - SquidMD5Transform(ctx->buf, ctx->in); - - byteSwap(ctx->buf, 4); - memcpy(digest, ctx->buf, 16); - memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ -} - -#ifndef ASM_MD5 - -/* The four core functions - F1 is optimized somewhat */ - -/* #define F1(x, y, z) (x & y | ~x & z) */ -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) - -/* This is the central step in the MD5 algorithm. */ -#define MD5STEP(f,w,x,y,z,in,s) \ - (w += f(x,y,z) + in, w = (w<>(32-s)) + x) - -/* - * The core of the MD5 algorithm, this alters an existing MD5 hash to - * reflect the addition of 16 longwords of new data. SquidMD5Update blocks - * the data and converts bytes into longwords for this routine. - */ -void -SquidMD5Transform(uint32_t buf[4], uint32_t const in[16]) -{ - register uint32_t a, b, c, d; - - a = buf[0]; - b = buf[1]; - c = buf[2]; - d = buf[3]; - - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; -} - -#endif /* !ASM_MD5 */ -#endif /* HAVE_ETTLE_MD5_H */ === modified file 'lib/rfc2617.c' --- lib/rfc2617.c 2013-10-25 00:13:46 +0000 +++ lib/rfc2617.c 2014-03-16 05:48:45 +0000 @@ -45,9 +45,12 @@ #include "squid.h" #include -#include "md5.h" #include "rfc2617.h" +#if HAVE_NETTLE_MD5_H +#include +#endif + void CvtHex(const HASH Bin, HASHHEX Hex) { @@ -114,27 +117,27 @@ HASHHEX SessionKey ) { - SquidMD5_CTX Md5Ctx; - + struct md5_ctx Md5Ctx; + static const uint8_t *delim = (const uint8_t*)":"; if (pszUserName) { - SquidMD5Init(&Md5Ctx); - SquidMD5Update(&Md5Ctx, pszUserName, strlen(pszUserName)); - SquidMD5Update(&Md5Ctx, ":", 1); - SquidMD5Update(&Md5Ctx, pszRealm, strlen(pszRealm)); - SquidMD5Update(&Md5Ctx, ":", 1); - SquidMD5Update(&Md5Ctx, pszPassword, strlen(pszPassword)); - SquidMD5Final((unsigned char *) HA1, &Md5Ctx); + md5_init(&Md5Ctx); + md5_update(&Md5Ctx, strlen(pszUserName), (const uint8_t*)pszUserName); + md5_update(&Md5Ctx, 1, delim); + md5_update(&Md5Ctx, strlen(pszRealm), (const uint8_t*)pszRealm); + md5_update(&Md5Ctx, 1, delim); + md5_update(&Md5Ctx, strlen(pszPassword), (const uint8_t*)pszPassword); + md5_digest(&Md5Ctx, MD5_DIGEST_SIZE, (uint8_t*)HA1); } if (strcasecmp(pszAlg, "md5-sess") == 0) { HASHHEX HA1Hex; CvtHex(HA1, HA1Hex); /* RFC2617 errata */ - SquidMD5Init(&Md5Ctx); - SquidMD5Update(&Md5Ctx, HA1Hex, HASHHEXLEN); - SquidMD5Update(&Md5Ctx, ":", 1); - SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce)); - SquidMD5Update(&Md5Ctx, ":", 1); - SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce)); - SquidMD5Final((unsigned char *) HA1, &Md5Ctx); + md5_init(&Md5Ctx); + md5_update(&Md5Ctx, HASHHEXLEN, (const uint8_t*)HA1Hex); + md5_update(&Md5Ctx, 1, delim); + md5_update(&Md5Ctx, strlen(pszNonce), (const uint8_t*)pszNonce); + md5_update(&Md5Ctx, 1, delim); + md5_update(&Md5Ctx, strlen(pszCNonce), (const uint8_t*)pszCNonce); + md5_digest(&Md5Ctx, MD5_DIGEST_SIZE, (uint8_t*)HA1); } CvtHex(HA1, SessionKey); } @@ -153,40 +156,41 @@ HASHHEX Response /* request-digest or response-digest */ ) { - SquidMD5_CTX Md5Ctx; + static const uint8_t *delim = (const uint8_t*)":"; + struct md5_ctx Md5Ctx; HASH HA2; HASH RespHash; HASHHEX HA2Hex; /* calculate H(A2) */ - SquidMD5Init(&Md5Ctx); - SquidMD5Update(&Md5Ctx, pszMethod, strlen(pszMethod)); - SquidMD5Update(&Md5Ctx, ":", 1); - SquidMD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri)); + md5_init(&Md5Ctx); + md5_update(&Md5Ctx, strlen(pszMethod), (const uint8_t*)pszMethod); + md5_update(&Md5Ctx, 1, delim); + md5_update(&Md5Ctx, strlen(pszDigestUri), (const uint8_t*)pszDigestUri); if (pszQop && strcasecmp(pszQop, "auth-int") == 0) { - SquidMD5Update(&Md5Ctx, ":", 1); - SquidMD5Update(&Md5Ctx, HEntity, HASHHEXLEN); + md5_update(&Md5Ctx, 1, delim); + md5_update(&Md5Ctx, HASHHEXLEN, (const uint8_t*)HEntity); } - SquidMD5Final((unsigned char *) HA2, &Md5Ctx); + md5_digest(&Md5Ctx, MD5_DIGEST_SIZE, (uint8_t*)HA2); CvtHex(HA2, HA2Hex); /* calculate response */ - SquidMD5Init(&Md5Ctx); - SquidMD5Update(&Md5Ctx, HA1, HASHHEXLEN); - SquidMD5Update(&Md5Ctx, ":", 1); - SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce)); - SquidMD5Update(&Md5Ctx, ":", 1); + md5_init(&Md5Ctx); + md5_update(&Md5Ctx, HASHHEXLEN, (const uint8_t*)HA1); + md5_update(&Md5Ctx, 1, delim); + md5_update(&Md5Ctx, strlen(pszNonce), (const uint8_t*)pszNonce); + md5_update(&Md5Ctx, 1, delim); if (pszQop) { - SquidMD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount)); - SquidMD5Update(&Md5Ctx, ":", 1); - SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce)); - SquidMD5Update(&Md5Ctx, ":", 1); - SquidMD5Update(&Md5Ctx, pszQop, strlen(pszQop)); - SquidMD5Update(&Md5Ctx, ":", 1); + md5_update(&Md5Ctx, strlen(pszNonceCount), (const uint8_t*)pszNonceCount); + md5_update(&Md5Ctx, 1, delim); + md5_update(&Md5Ctx, strlen(pszCNonce), (const uint8_t*)pszCNonce); + md5_update(&Md5Ctx, 1, delim); + md5_update(&Md5Ctx, strlen(pszQop), (const uint8_t*)pszQop); + md5_update(&Md5Ctx, 1, delim); } - SquidMD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN); - SquidMD5Final((unsigned char *) RespHash, &Md5Ctx); + md5_update(&Md5Ctx, HASHHEXLEN, (const uint8_t*)HA2Hex); + md5_digest(&Md5Ctx, MD5_DIGEST_SIZE, (uint8_t*)RespHash); CvtHex(RespHash, Response); } === modified file 'src/CacheDigest.cc' --- src/CacheDigest.cc 2012-09-23 09:04:21 +0000 +++ src/CacheDigest.cc 2014-03-17 04:36:34 +0000 @@ -32,7 +32,6 @@ */ #include "squid.h" -#include "md5.h" #include "Mem.h" #include "StatCounters.h" #include "Store.h" @@ -42,6 +41,10 @@ #include "CacheDigest.h" +#if HAVE_NETTLE_MD5_H +#include +#endif + /* local types */ typedef struct { @@ -76,7 +79,7 @@ cacheDigestCreate(int capacity, int bpe) { CacheDigest *cd = (CacheDigest *)memAllocate(MEM_CACHE_DIGEST); - assert(SQUID_MD5_DIGEST_LENGTH == 16); /* our hash functions rely on 16 byte keys */ + assert(MD5_DIGEST_SIZE == 16); /* our hash functions rely on 16 byte keys */ cacheDigestInit(cd, capacity, bpe); return cd; } === modified file 'src/StoreMetaMD5.cc' --- src/StoreMetaMD5.cc 2012-09-01 14:38:36 +0000 +++ src/StoreMetaMD5.cc 2014-03-16 10:24:46 +0000 @@ -33,15 +33,18 @@ #include "squid.h" #include "int.h" -#include "md5.h" #include "MemObject.h" #include "Store.h" #include "StoreMetaMD5.h" +#if HAVE_NETTLE_MD5_H +#include +#endif + bool StoreMetaMD5::validLength(int len) const { - return len == SQUID_MD5_DIGEST_LENGTH; + return len == MD5_DIGEST_SIZE; } int StoreMetaMD5::md5_mismatches = 0; @@ -50,10 +53,10 @@ StoreMetaMD5::checkConsistency(StoreEntry *e) const { assert (getType() == STORE_META_KEY_MD5); - assert(length == SQUID_MD5_DIGEST_LENGTH); + assert(length == MD5_DIGEST_SIZE); if (!EBIT_TEST(e->flags, KEY_PRIVATE) && - memcmp(value, e->key, SQUID_MD5_DIGEST_LENGTH)) { + memcmp(value, e->key, MD5_DIGEST_SIZE)) { debugs(20, 2, "storeClientReadHeader: swapin MD5 mismatch"); // debugs(20, 2, "\t" << storeKeyText((const cache_key *)value)); debugs(20, 2, "\t" << e->getMD5Text()); === modified file 'src/StoreSwapLogData.h' --- src/StoreSwapLogData.h 2013-12-06 23:52:26 +0000 +++ src/StoreSwapLogData.h 2014-03-16 08:55:34 +0000 @@ -57,10 +57,13 @@ * the value for MemObject->swap_hdr_sz. */ -#include "md5.h" #include "MemPool.h" #include "typedefs.h" +#if HAVE_NETTLE_MD5_H +#include +#endif + /// maintains a 24-bit checksum over integer fields class SwapChecksum24 { @@ -196,7 +199,7 @@ /** * The 128-bit MD5 hash for this object. */ - unsigned char key[SQUID_MD5_DIGEST_LENGTH]; + unsigned char key[MD5_DIGEST_SIZE]; }; MEMPROXY_CLASS_INLINE(StoreSwapLogData); === modified file 'src/fs/rock/RockRebuild.cc' --- src/fs/rock/RockRebuild.cc 2013-12-31 18:49:41 +0000 +++ src/fs/rock/RockRebuild.cc 2014-03-16 08:53:58 +0000 @@ -9,7 +9,6 @@ #include "fs/rock/RockSwapDir.h" #include "globals.h" #include "ipc/StoreMap.h" -#include "md5.h" #include "SquidTime.h" #include "store_rebuild.h" #include "tools.h" @@ -18,6 +17,9 @@ #if HAVE_ERRNO_H #include #endif +#if HAVE_NETTLE_MD5_H +#include +#endif CBDATA_NAMESPACED_CLASS_INIT(Rock, Rebuild); @@ -272,7 +274,7 @@ bool Rock::Rebuild::importEntry(Ipc::StoreMapAnchor &anchor, const sfileno fileno, const DbCellHeader &header) { - cache_key key[SQUID_MD5_DIGEST_LENGTH]; + cache_key key[MD5_DIGEST_SIZE]; StoreEntry loadedE; const uint64_t knownSize = header.entrySize > 0 ? header.entrySize : anchor.basics.swap_file_sz.get(); === modified file 'src/fs/ufs/RebuildState.cc' --- src/fs/ufs/RebuildState.cc 2014-02-21 10:46:19 +0000 +++ src/fs/ufs/RebuildState.cc 2014-03-16 08:59:07 +0000 @@ -148,7 +148,7 @@ void Fs::Ufs::RebuildState::rebuildFromDirectory() { - cache_key key[SQUID_MD5_DIGEST_LENGTH]; + cache_key key[MD5_DIGEST_SIZE]; struct stat sb; int fd = -1; === modified file 'src/fs/ufs/UFSSwapDir.cc' --- src/fs/ufs/UFSSwapDir.cc 2014-02-21 10:46:19 +0000 +++ src/fs/ufs/UFSSwapDir.cc 2014-03-16 08:56:17 +0000 @@ -112,7 +112,7 @@ s.swap_file_sz = e.swap_file_sz; s.refcount = e.refcount; s.flags = e.flags; - memcpy(&s.key, e.key, SQUID_MD5_DIGEST_LENGTH); + memcpy(&s.key, e.key, MD5_DIGEST_SIZE); s.finalize(); memcpy(outbuf + outbuf_offset, &s, ss); outbuf_offset += ss; @@ -1247,7 +1247,7 @@ s->swap_file_sz = e.swap_file_sz; s->refcount = e.refcount; s->flags = e.flags; - memcpy(s->key, e.key, SQUID_MD5_DIGEST_LENGTH); + memcpy(s->key, e.key, MD5_DIGEST_SIZE); s->finalize(); file_write(swaplog_fd, -1, === modified file 'src/fs/ufs/UFSSwapLogParser.cc' --- src/fs/ufs/UFSSwapLogParser.cc 2012-08-14 11:53:07 +0000 +++ src/fs/ufs/UFSSwapLogParser.cc 2014-03-16 08:58:12 +0000 @@ -29,7 +29,6 @@ #include "squid.h" #include "Debug.h" -#include "md5.h" #include "StoreSwapLogData.h" #include "swap_log_op.h" #include "UFSSwapLogParser.h" @@ -40,7 +39,7 @@ /// Parse a swap header entry created on a system with 32-bit size_t and sfileno /// this is typical of 32-bit systems without large file support -/// NP: SQUID_MD5_DIGEST_LENGTH is very risky still. +/// NP: MD5_DIGEST_SIZE is very risky still. class UFSSwapLogParser_v1_32bs:public Fs::Ufs::UFSSwapLogParser { public: @@ -56,7 +55,7 @@ uint32_t swap_file_sz; uint16_t refcount; uint16_t flags; - unsigned char key[SQUID_MD5_DIGEST_LENGTH]; + unsigned char key[MD5_DIGEST_SIZE]; }; UFSSwapLogParser_v1_32bs(FILE *fp):Fs::Ufs::UFSSwapLogParser(fp) { record_size = sizeof(UFSSwapLogParser_v1_32bs::StoreSwapLogDataOld); @@ -80,7 +79,7 @@ swapData.swap_file_sz = readData.swap_file_sz; swapData.refcount = readData.refcount; swapData.flags = readData.flags; - memcpy(swapData.key, readData.key, SQUID_MD5_DIGEST_LENGTH); + memcpy(swapData.key, readData.key, MD5_DIGEST_SIZE); return true; } }; === modified file 'src/htcp.cc' --- src/htcp.cc 2013-10-25 00:13:46 +0000 +++ src/htcp.cc 2014-03-16 09:01:59 +0000 @@ -48,7 +48,6 @@ #include "HttpStateFlags.h" #include "icmp/net_db.h" #include "ip/tools.h" -#include "md5.h" #include "MemBuf.h" #include "refresh.h" #include "SquidConfig.h" @@ -60,6 +59,10 @@ #include "tools.h" #include "URL.h" +#if HAVE_NETTLE_MD5_H +#include +#endif + typedef struct _Countstr Countstr; typedef struct _htcpHeader htcpHeader; @@ -245,7 +248,7 @@ static Comm::ConnectionPointer htcpIncomingConn = NULL; #define N_QUERIED_KEYS 8192 static uint32_t queried_id[N_QUERIED_KEYS]; -static cache_key queried_keys[N_QUERIED_KEYS][SQUID_MD5_DIGEST_LENGTH]; +static cache_key queried_keys[N_QUERIED_KEYS][MD5_DIGEST_SIZE]; static Ip::Address queried_addr[N_QUERIED_KEYS]; static MemAllocator *htcpDetailPool = NULL; === modified file 'src/icp_v2.cc' --- src/icp_v2.cc 2014-02-08 13:36:42 +0000 +++ src/icp_v2.cc 2014-03-16 09:03:52 +0000 @@ -51,7 +51,6 @@ #include "ip/Address.h" #include "ip/tools.h" #include "ipcache.h" -#include "md5.h" #include "multicast.h" #include "neighbors.h" #include "refresh.h" @@ -68,6 +67,9 @@ #if HAVE_ERRNO_H #include #endif +#if HAVE_NETTLE_MD5_H +#include +#endif static void icpIncomingConnectionOpened(const Comm::ConnectionPointer &conn, int errNo); @@ -832,7 +834,7 @@ #define N_QUERIED_KEYS 8192 #define N_QUERIED_KEYS_MASK 8191 -static cache_key queried_keys[N_QUERIED_KEYS][SQUID_MD5_DIGEST_LENGTH]; +static cache_key queried_keys[N_QUERIED_KEYS][MD5_DIGEST_SIZE]; int icpSetCacheKey(const cache_key * key) === modified file 'src/mem.cc' --- src/mem.cc 2014-02-21 10:46:19 +0000 +++ src/mem.cc 2014-03-16 09:05:56 +0000 @@ -39,7 +39,6 @@ #include "dlink.h" #include "event.h" #include "icmp/net_db.h" -#include "md5.h" #include "Mem.h" #include "MemBuf.h" #include "memMeter.h" @@ -52,6 +51,9 @@ #include "StoreEntryStream.h" #include +#if HAVE_NETTLE_MD5_H +#include +#endif #include /* forward declarations */ @@ -468,7 +470,7 @@ memDataInit(MEM_NET_DB_NAME, "net_db_name", sizeof(net_db_name), 0); memDataInit(MEM_RELIST, "RegexList", sizeof(RegexList), 0); memDataInit(MEM_CLIENT_INFO, "ClientInfo", sizeof(ClientInfo), 0); - memDataInit(MEM_MD5_DIGEST, "MD5 digest", SQUID_MD5_DIGEST_LENGTH, 0); + memDataInit(MEM_MD5_DIGEST, "MD5 digest", MD5_DIGEST_SIZE, 0); MemPools[MEM_MD5_DIGEST]->setChunkSize(512 * 1024); /** Lastly init the string pools. */ === modified file 'src/store_key_md5.cc' --- src/store_key_md5.cc 2013-06-27 21:04:01 +0000 +++ src/store_key_md5.cc 2014-03-16 10:19:00 +0000 @@ -33,12 +33,15 @@ #include "squid.h" #include "HttpRequest.h" -#include "md5.h" #include "Mem.h" #include "store_key_md5.h" #include "URL.h" -static cache_key null_key[SQUID_MD5_DIGEST_LENGTH]; +#if HAVE_NETTLE_MD5_H +#include +#endif + +static cache_key null_key[MD5_DIGEST_SIZE]; const char * storeKeyText(const cache_key *key) @@ -46,10 +49,9 @@ if (!key) return "[null_store_key]"; - static char buf[SQUID_MD5_DIGEST_LENGTH * 2+1]; - int i; + static char buf[MD5_DIGEST_SIZE * 2+1]; - for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; ++i) + for (int i = 0; i < MD5_DIGEST_SIZE; ++i) snprintf(&buf[i*2],sizeof(buf) - i*2, "%02X", *(key + i)); return buf; @@ -58,12 +60,10 @@ const cache_key * storeKeyScan(const char *buf) { - static unsigned char digest[SQUID_MD5_DIGEST_LENGTH]; - int i; - int j = 0; - char t[3]; + static unsigned char digest[MD5_DIGEST_SIZE]; - for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; ++i) { + for (int i = 0, j=0; i < MD5_DIGEST_SIZE; ++i) { + char t[3]; t[0] = *(buf + (j++)); t[1] = *(buf + (j++)); t[2] = '\0'; @@ -80,7 +80,7 @@ const unsigned char *B = (const unsigned char *)b; int i; - for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; ++i) { + for (i = 0; i < MD5_DIGEST_SIZE; ++i) { if (A[i] < B[i]) return -1; @@ -106,28 +106,29 @@ const cache_key * storeKeyPrivate(const char *url, const HttpRequestMethod& method, int id) { - static cache_key digest[SQUID_MD5_DIGEST_LENGTH]; - SquidMD5_CTX M; + static cache_key digest[MD5_DIGEST_SIZE]; assert(id > 0); debugs(20, 3, "storeKeyPrivate: " << method << " " << url); - SquidMD5Init(&M); - SquidMD5Update(&M, (unsigned char *) &id, sizeof(id)); - SquidMD5Update(&M, (unsigned char *) &method, sizeof(method)); - SquidMD5Update(&M, (unsigned char *) url, strlen(url)); - SquidMD5Final(digest, &M); + + struct md5_ctx M; + md5_init(&M); + md5_update(&M, sizeof(id), reinterpret_cast(&id)); + md5_update(&M, sizeof(method), reinterpret_cast(&method)); + md5_update(&M, strlen(url), reinterpret_cast(url)); + md5_digest(&M, sizeof(digest), digest); return digest; } const cache_key * storeKeyPublic(const char *url, const HttpRequestMethod& method) { - static cache_key digest[SQUID_MD5_DIGEST_LENGTH]; - unsigned char m = (unsigned char) method.id(); - SquidMD5_CTX M; - SquidMD5Init(&M); - SquidMD5Update(&M, &m, sizeof(m)); - SquidMD5Update(&M, (unsigned char *) url, strlen(url)); - SquidMD5Final(digest, &M); + static cache_key digest[MD5_DIGEST_SIZE]; + uint8_t m = static_cast(method.id()); + struct md5_ctx M; + md5_init(&M); + md5_update(&M, sizeof(m), &m); + md5_update(&M, strlen(url), reinterpret_cast(url)); + md5_digest(&M, sizeof(digest), digest); return digest; } @@ -140,21 +141,20 @@ const cache_key * storeKeyPublicByRequestMethod(HttpRequest * request, const HttpRequestMethod& method) { - static cache_key digest[SQUID_MD5_DIGEST_LENGTH]; + static cache_key digest[MD5_DIGEST_SIZE]; unsigned char m = (unsigned char) method.id(); const char *url = request->storeId(); /* storeId returns the right storeID\canonical URL for the md5 calc */ - SquidMD5_CTX M; - SquidMD5Init(&M); - SquidMD5Update(&M, &m, sizeof(m)); - SquidMD5Update(&M, (unsigned char *) url, strlen(url)); + struct md5_ctx M; + md5_init(&M); + md5_update(&M, sizeof(m), &m); + md5_update(&M, strlen(url), reinterpret_cast(url)); if (request->vary_headers) { - SquidMD5Update(&M, (unsigned char *) request->vary_headers, strlen(request->vary_headers)); debugs(20, 3, "updating public key by vary headers: " << request->vary_headers << " for: " << url); + md5_update(&M, strlen(request->vary_headers), reinterpret_cast(request->vary_headers)); } - SquidMD5Final(digest, &M); - + md5_digest(&M, sizeof(digest), digest); return digest; } @@ -162,14 +162,14 @@ storeKeyDup(const cache_key * key) { cache_key *dup = (cache_key *)memAllocate(MEM_MD5_DIGEST); - memcpy(dup, key, SQUID_MD5_DIGEST_LENGTH); + memcpy(dup, key, MD5_DIGEST_SIZE); return dup; } cache_key * storeKeyCopy(cache_key * dst, const cache_key * src) { - memcpy(dst, src, SQUID_MD5_DIGEST_LENGTH); + memcpy(dst, src, MD5_DIGEST_SIZE); return dst; } @@ -193,7 +193,7 @@ int storeKeyNull(const cache_key * key) { - if (memcmp(key, null_key, SQUID_MD5_DIGEST_LENGTH) == 0) + if (memcmp(key, null_key, MD5_DIGEST_SIZE) == 0) return 1; else return 0; @@ -202,5 +202,5 @@ void storeKeyInit(void) { - memset(null_key, '\0', SQUID_MD5_DIGEST_LENGTH); + memset(null_key, '\0', MD5_DIGEST_SIZE); } === modified file 'src/store_rebuild.cc' --- src/store_rebuild.cc 2013-12-30 23:58:33 +0000 +++ src/store_rebuild.cc 2014-03-16 10:20:13 +0000 @@ -33,7 +33,6 @@ #include "squid.h" #include "event.h" #include "globals.h" -#include "md5.h" #include "SquidConfig.h" #include "SquidTime.h" #include "StatCounters.h" @@ -47,6 +46,10 @@ #if HAVE_ERRNO_H #include #endif +#if HAVE_NETTLE_MD5_H +#include +#endif + static StoreRebuildData counts; static struct timeval rebuild_start; @@ -258,8 +261,8 @@ switch (x.getType()) { case STORE_META_KEY: - assert(x.length == SQUID_MD5_DIGEST_LENGTH); - memcpy(index, x.value, SQUID_MD5_DIGEST_LENGTH); + assert(x.length == MD5_DIGEST_SIZE); + memcpy(index, x.value, MD5_DIGEST_SIZE); break; case STORE_META_STD: @@ -345,7 +348,7 @@ // TODO: consume parsed metadata? debugs(47,7, "successful swap meta unpacking; swap_file_sz=" << tmpe.swap_file_sz); - memset(key, '\0', SQUID_MD5_DIGEST_LENGTH); + memset(key, '\0', MD5_DIGEST_SIZE); InitStoreEntry visitor(&tmpe, key); for_each(*tlv_list, visitor); === modified file 'src/store_swapmeta.cc' --- src/store_swapmeta.cc 2013-02-08 09:25:04 +0000 +++ src/store_swapmeta.cc 2014-03-16 10:21:48 +0000 @@ -32,12 +32,14 @@ */ #include "squid.h" -#include "md5.h" #include "MemObject.h" #include "Store.h" #include "StoreMeta.h" #include "StoreMetaUnpacker.h" +#if HAVE_NETTLE_MD5_H +#include +#endif #if HAVE_SYS_WAIT_H #include #endif @@ -76,7 +78,7 @@ debugs(20, 3, "storeSwapMetaBuild URL: " << url); - tlv *t = StoreMeta::Factory (STORE_META_KEY,SQUID_MD5_DIGEST_LENGTH, e->key); + tlv *t = StoreMeta::Factory (STORE_META_KEY, MD5_DIGEST_SIZE, e->key); if (!t) { storeSwapTLVFree(TLV); === modified file 'src/wccp2.cc' --- src/wccp2.cc 2014-03-16 03:08:55 +0000 +++ src/wccp2.cc 2014-03-16 10:51:45 +0000 @@ -41,7 +41,6 @@ #include "ConfigParser.h" #include "event.h" #include "ip/Address.h" -#include "md5.h" #include "Parsing.h" #include "Store.h" #include "SwapDir.h" @@ -49,6 +48,9 @@ #if HAVE_NETDB_H #include #endif +#if HAVE_NETTLE_MD5_H +#include +#endif #define WCCP_PORT 2048 #define WCCP_RESPONSE_SIZE 12448 @@ -67,7 +69,7 @@ #define WCCP2_MASK_ASSIGNMENT 0x01 #define WCCP2_NONE_SECURITY_LEN 0 -#define WCCP2_MD5_SECURITY_LEN SQUID_MD5_DIGEST_LENGTH // 16 +#define WCCP2_MD5_SECURITY_LEN MD5_DIGEST_SIZE // 16 /* Useful defines */ #define WCCP2_NUMPORTS 8 @@ -573,9 +575,8 @@ static char wccp2_update_md5_security(char *password, char *ptr, char *packet, int len) { - uint8_t md5Digest[SQUID_MD5_DIGEST_LENGTH]; - char pwd[WCCP2_PASSWORD_LEN]; - SquidMD5_CTX M; + uint8_t md5Digest[MD5_DIGEST_SIZE]; + uint8_t pwd[WCCP2_PASSWORD_LEN]; struct wccp2_security_md5_t *ws; @@ -583,7 +584,7 @@ /* The password field, for the MD5 hash, needs to be 8 bytes and NUL padded. */ memset(pwd, 0, sizeof(pwd)); - strncpy(pwd, password, sizeof(pwd)); + strncpy(reinterpret_cast(pwd), password, sizeof(pwd)); pwd[sizeof(pwd) - 1] = '\0'; ws = (struct wccp2_security_md5_t *) ptr; @@ -604,13 +605,11 @@ /* XXX eventually we should be able to kill md5Digest and blit it directly in */ memset(ws->security_implementation, 0, sizeof(ws->security_implementation)); - SquidMD5Init(&M); - - SquidMD5Update(&M, pwd, sizeof(pwd)); - - SquidMD5Update(&M, packet, len); - - SquidMD5Final(md5Digest, &M); + struct md5_ctx M; + md5_init(&M); + md5_update(&M, sizeof(pwd), pwd); + md5_update(&M, len, reinterpret_cast(packet)); + md5_digest(&M, sizeof(md5Digest), md5Digest); memcpy(ws->security_implementation, md5Digest, sizeof(md5Digest)); @@ -627,9 +626,8 @@ { struct wccp2_security_md5_t *ws = (struct wccp2_security_md5_t *) security; - uint8_t md5Digest[SQUID_MD5_DIGEST_LENGTH], md5_challenge[SQUID_MD5_DIGEST_LENGTH]; - char pwd[WCCP2_PASSWORD_LEN]; - SquidMD5_CTX M; + uint8_t md5Digest[MD5_DIGEST_SIZE], md5_challenge[MD5_DIGEST_SIZE]; + uint8_t pwd[WCCP2_PASSWORD_LEN]; /* Make sure the security type matches what we expect */ @@ -651,7 +649,7 @@ /* The password field, for the MD5 hash, needs to be 8 bytes and NUL padded. */ memset(pwd, 0, sizeof(pwd)); - strncpy(pwd, srv->wccp_password, sizeof(pwd)); + strncpy(reinterpret_cast(pwd), srv->wccp_password, sizeof(pwd)); pwd[sizeof(pwd) - 1] = '\0'; /* Take a copy of the challenge: we need to NUL it before comparing */ @@ -659,15 +657,13 @@ memset(ws->security_implementation, 0, sizeof(ws->security_implementation)); - SquidMD5Init(&M); - - SquidMD5Update(&M, pwd, sizeof(pwd)); - - SquidMD5Update(&M, packet, len); - - SquidMD5Final(md5Digest, &M); - - return (memcmp(md5Digest, md5_challenge, SQUID_MD5_DIGEST_LENGTH) == 0); + struct md5_ctx M; + md5_init(&M); + md5_update(&M, sizeof(pwd), pwd); + md5_update(&M, len, reinterpret_cast(packet)); + md5_digest(&M, MD5_DIGEST_SIZE, md5Digest); + + return (memcmp(md5Digest, md5_challenge, MD5_DIGEST_SIZE) == 0); } void