Attachment 586241 Details for Bug 705097 – patch to allow md5 for cache id objects in fips mode

[patch] patch to allow md5 for cache id objects in fips mode

squid-md5-fips.patch (text/plain), 13.46 KB, created by Paul Wouters on 2012-05-23 04:33:02 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Paul Wouters

Created: 2012-05-23 04:33:02 UTC

Size: 13.46 KB

patch

obsolete

>diff -Naur squid-2.6.STABLE21-orig/include/md5.h squid-2.6.STABLE21/include/md5.h
>--- squid-2.6.STABLE21-orig/include/md5.h	2006-05-28 20:02:41.000000000 -0400
>+++ squid-2.6.STABLE21/include/md5.h	2012-05-22 19:54:37.000000000 -0400
>@@ -21,7 +21,9 @@
> #define MD5Update MD5_Update
> #define MD5Final MD5_Final
> 
>-#else /* USE_OPENSSL */
>+#endif /* USE_OPENSSL */
>+
>+/* below used for non-networking md5 use in fips mode */
> 
> /*
>  * This is the header file for the MD5 message-digest algorithm.
>@@ -52,18 +54,17 @@
> 
> #include "squid_types.h"
> 
>-typedef struct MD5Context {
>+typedef struct SquidMD5Context {
>     uint32_t buf[4];
>     uint32_t bytes[2];
>     uint32_t in[16];
>-} MD5_CTX;
>+} SquidMD5_CTX;
> 
>-void MD5Init(struct MD5Context *context);
>-void MD5Update(struct MD5Context *context, const void *buf, unsigned len);
>-void MD5Final(uint8_t digest[16], struct MD5Context *context);
>-void MD5Transform(uint32_t buf[4], uint32_t const in[16]);
>+void SquidMD5Init(struct SquidMD5Context *context);
>+void SquidMD5Update(struct SquidMD5Context *context, const void *buf, unsigned len);
>+void SquidMD5Final(uint8_t digest[16], struct SquidMD5Context *context);
>+void SquidMD5Transform(uint32_t buf[4], uint32_t const in[16]);
> 
>-#define MD5_DIGEST_CHARS         16
>+#define SQUID_MD5_DIGEST_LENGTH         16
> 
>-#endif /* USE_OPENSSL */
> #endif /* SQUID_MD5_H */
>diff -Naur squid-2.6.STABLE21-orig/lib/Makefile.am squid-2.6.STABLE21/lib/Makefile.am
>--- squid-2.6.STABLE21-orig/lib/Makefile.am	2006-09-08 15:41:24.000000000 -0400
>+++ squid-2.6.STABLE21/lib/Makefile.am	2012-05-22 19:54:37.000000000 -0400
>@@ -13,11 +13,14 @@
> else
> STRSEPSOURCE=
> endif
>-if NEED_OWN_MD5
>+
>+#if NEED_OWN_MD5
>+#MD5SOURCE=md5.c
>+#else
>+#MD5SOURCE=
>+#endif
> MD5SOURCE=md5.c
>-else
>-MD5SOURCE=
>-endif
>+
> if ENABLE_WIN32SPECIFIC
> LIBSSPWIN32=libsspwin32.a
> else
>diff -Naur squid-2.6.STABLE21-orig/lib/Makefile.in squid-2.6.STABLE21/lib/Makefile.in
>--- squid-2.6.STABLE21-orig/lib/Makefile.in	2007-08-12 08:41:06.000000000 -0400
>+++ squid-2.6.STABLE21/lib/Makefile.in	2012-05-22 19:54:59.000000000 -0400
>@@ -69,7 +69,7 @@
> @NEED_OWN_STRSEP_TRUE@am__objects_3 = strsep.$(OBJEXT)
> @ENABLE_MINGW32SPECIFIC_TRUE@am__objects_4 = win32lib.$(OBJEXT)
> am_libmiscutil_a_OBJECTS = Array.$(OBJEXT) base64.$(OBJEXT) \
>-	getfullhostname.$(OBJEXT) hash.$(OBJEXT) heap.$(OBJEXT) \
>+	getfullhostname.$(OBJEXT) md5.$(OBJEXT) hash.$(OBJEXT) heap.$(OBJEXT) \
> 	html_quote.$(OBJEXT) iso3307.$(OBJEXT) $(am__objects_1) \
> 	radix.$(OBJEXT) rfc1035.$(OBJEXT) rfc1123.$(OBJEXT) \
> 	rfc1738.$(OBJEXT) rfc2617.$(OBJEXT) safe_inet_addr.$(OBJEXT) \
>diff -Naur squid-2.6.STABLE21-orig/lib/md5.c squid-2.6.STABLE21/lib/md5.c
>--- squid-2.6.STABLE21-orig/lib/md5.c	2006-05-31 07:01:41.000000000 -0400
>+++ squid-2.6.STABLE21/lib/md5.c	2012-05-22 19:54:37.000000000 -0400
>@@ -10,49 +10,46 @@
>  * with every copy.
>  *
>  * To compute the message digest of a chunk of bytes, declare an
>- * MD5Context structure, pass it to MD5Init, call MD5Update as
>- * needed on buffers full of bytes, and then call MD5Final, which
>- * will fill a supplied 16-byte array with the digest.
>+ * SquidMD5Context structure, pass it to SquidMD5Init, call
>+ * SquidMD5Update as needed on buffers full of bytes, and then call
>+ * SquidMD5Final, which will fill a supplied 16-byte array with the
>+ * digest.
>  *
>  * Changed so as no longer to depend on Colin Plumb's `usual.h' header
>  * definitions; now uses stuff from dpkg's config.h.
>  *  - Ian Jackson <ian@chiark.greenend.org.uk>.
>  * Still in the public domain.
>  *
>- * Changed MD5Update to take a void * for easier use and some other
>- * minor cleanup. - Henrik Nordstrom <henrik@henriknordstrom.net>.
>+ * Changed SquidMD5Update to take a void * for easier use and some
>+ * other minor cleanup. - Henrik Nordstrom <henrik@henriknordstrom.net>.
>+ * Still in the public domain.
>+ *
>+ * Prefixed all symbols with "Squid" so they don't collide with
>+ * other libraries.  Duane Wessels <wessels@squid-cache.org>.
>  * Still in the public domain.
>  *
>  */
> #include "config.h"
> 
>-/* MS VisualStudio Projects are monolithic, so we need the following
>- * #if to exclude the MD5 code from compile process when we are
>- * building the SSL support.
>- */
>-#if !USE_SSL
>+#include "md5.h"
>+
> #if HAVE_STRING_H
> #include <string.h>		/* for memcpy() */
> #endif
> #if HAVE_SYS_TYPES_H
> #include <sys/types.h>		/* for stupid systems */
> #endif
>-#if HAVE_NETINET_IN_H
>-#include <netinet/in.h>		/* for ntohl() */
>-#endif
>-
>-#include "md5.h"
> 
> #ifdef WORDS_BIGENDIAN
> void
>-byteSwap(uint32_t * buf, unsigned words)
>+static byteSwap(uint32_t * buf, unsigned words)
> {
>     uint8_t *p = (uint8_t *) buf;
> 
>     do {
>-	*buf++ = (uint32_t) ((unsigned) p[3] << 8 | p[2]) << 16 |
>-	    ((unsigned) p[1] << 8 | p[0]);
>-	p += 4;
>+        *buf++ = (uint32_t) ((unsigned) p[3] << 8 | p[2]) << 16 |
>+                 ((unsigned) p[1] << 8 | p[0]);
>+        p += 4;
>     } while (--words);
> }
> #else
>@@ -64,7 +61,7 @@
>  * initialization constants.
>  */
> void
>-MD5Init(struct MD5Context *ctx)
>+SquidMD5Init(struct SquidMD5Context *ctx)
> {
>     ctx->buf[0] = 0x67452301;
>     ctx->buf[1] = 0xefcdab89;
>@@ -80,7 +77,7 @@
>  * of bytes.
>  */
> void
>-MD5Update(struct MD5Context *ctx, const void *_buf, unsigned len)
>+SquidMD5Update(struct SquidMD5Context *ctx, const void *_buf, unsigned len)
> {
>     uint8_t const *buf = _buf;
>     uint32_t t;
>@@ -89,27 +86,27 @@
> 
>     t = ctx->bytes[0];
>     if ((ctx->bytes[0] = t + len) < t)
>-	ctx->bytes[1]++;	/* Carry from low to high */
>+        ctx->bytes[1]++;	/* Carry from low to high */
> 
>     t = 64 - (t & 0x3f);	/* Space available in ctx->in (at least 1) */
>     if (t > len) {
>-	memcpy((uint8_t *) ctx->in + 64 - t, buf, len);
>-	return;
>+        memcpy((uint8_t *) ctx->in + 64 - t, buf, len);
>+        return;
>     }
>     /* First chunk is an odd size */
>     memcpy((uint8_t *) ctx->in + 64 - t, buf, t);
>     byteSwap(ctx->in, 16);
>-    MD5Transform(ctx->buf, ctx->in);
>+    SquidMD5Transform(ctx->buf, ctx->in);
>     buf += t;
>     len -= t;
> 
>     /* Process data in 64-byte chunks */
>     while (len >= 64) {
>-	memcpy(ctx->in, buf, 64);
>-	byteSwap(ctx->in, 16);
>-	MD5Transform(ctx->buf, ctx->in);
>-	buf += 64;
>-	len -= 64;
>+        memcpy(ctx->in, buf, 64);
>+        byteSwap(ctx->in, 16);
>+        SquidMD5Transform(ctx->buf, ctx->in);
>+        buf += 64;
>+        len -= 64;
>     }
> 
>     /* Handle any remaining bytes of data. */
>@@ -117,11 +114,11 @@
> }
> 
> /*
>- * Final wrapup - pad to 64-byte boundary with the bit pattern 
>+ * Final wrapup - pad to 64-byte boundary with the bit pattern
>  * 1 0* (64-bit count of bits processed, MSB-first)
>  */
> void
>-MD5Final(unsigned char digest[16], struct MD5Context *ctx)
>+SquidMD5Final(unsigned char digest[16], struct SquidMD5Context *ctx)
> {
>     int count = ctx->bytes[0] & 0x3f;	/* Number of bytes in ctx->in */
>     uint8_t *p = (uint8_t *) ctx->in + count;
>@@ -133,11 +130,11 @@
>     count = 56 - 1 - count;
> 
>     if (count < 0) {		/* Padding forces an extra block */
>-	memset(p, 0, count + 8);
>-	byteSwap(ctx->in, 16);
>-	MD5Transform(ctx->buf, ctx->in);
>-	p = (uint8_t *) ctx->in;
>-	count = 56;
>+        memset(p, 0, count + 8);
>+        byteSwap(ctx->in, 16);
>+        SquidMD5Transform(ctx->buf, ctx->in);
>+        p = (uint8_t *) ctx->in;
>+        count = 56;
>     }
>     memset(p, 0, count);
>     byteSwap(ctx->in, 14);
>@@ -145,11 +142,11 @@
>     /* Append length in bits and transform */
>     ctx->in[14] = ctx->bytes[0] << 3;
>     ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29;
>-    MD5Transform(ctx->buf, ctx->in);
>+    SquidMD5Transform(ctx->buf, ctx->in);
> 
>     byteSwap(ctx->buf, 4);
>     memcpy(digest, ctx->buf, 16);
>-    memset(ctx, 0, sizeof(ctx));	/* In case it's sensitive */
>+    memset(ctx, 0, sizeof(*ctx));	/* In case it's sensitive */
> }
> 
> #ifndef ASM_MD5
>@@ -168,11 +165,11 @@
> 
> /*
>  * The core of the MD5 algorithm, this alters an existing MD5 hash to
>- * reflect the addition of 16 longwords of new data.  MD5Update blocks
>+ * reflect the addition of 16 longwords of new data.  SquidMD5Update blocks
>  * the data and converts bytes into longwords for this routine.
>  */
> void
>-MD5Transform(uint32_t buf[4], uint32_t const in[16])
>+SquidMD5Transform(uint32_t buf[4], uint32_t const in[16])
> {
>     register uint32_t a, b, c, d;
> 
>@@ -255,5 +252,4 @@
>     buf[3] += d;
> }
> 
>-#endif
>-#endif
>+#endif /* !ASM_MD5 */
>diff -Naur squid-2.6.STABLE21-orig/src/store_key_md5.c squid-2.6.STABLE21/src/store_key_md5.c
>--- squid-2.6.STABLE21-orig/src/store_key_md5.c	2006-06-07 15:43:51.000000000 -0400
>+++ squid-2.6.STABLE21/src/store_key_md5.c	2012-05-22 19:54:37.000000000 -0400
>@@ -31,11 +31,12 @@
>  *  along with this program; if not, write to the Free Software
>  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
>  *
>+ * hardcode using builtin md5 to avoid fips blocking md5 usage
>  */
> 
> #include "squid.h"
> 
>-static cache_key null_key[MD5_DIGEST_CHARS];
>+static cache_key null_key[SQUID_MD5_DIGEST_LENGTH];
> 
> const char *
> storeKeyText(const unsigned char *key)
>@@ -43,7 +44,7 @@
>     static MemBuf mb = MemBufNULL;
>     int i;
>     memBufReset(&mb);
>-    for (i = 0; i < MD5_DIGEST_CHARS; i++)
>+    for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; i++)
> 	memBufPrintf(&mb, "%02X", *(key + i));
>     return mb.buf;
> }
>@@ -51,11 +52,11 @@
> const cache_key *
> storeKeyScan(const char *buf)
> {
>-    static unsigned char digest[MD5_DIGEST_CHARS];
>+    static unsigned char digest[SQUID_MD5_DIGEST_LENGTH];
>     int i;
>     int j = 0;
>     char t[3];
>-    for (i = 0; i < MD5_DIGEST_CHARS; i++) {
>+    for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; i++) {
> 	t[0] = *(buf + (j++));
> 	t[1] = *(buf + (j++));
> 	t[2] = '\0';
>@@ -70,7 +71,7 @@
>     const unsigned char *A = a;
>     const unsigned char *B = b;
>     int i;
>-    for (i = 0; i < MD5_DIGEST_CHARS; i++) {
>+    for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; i++) {
> 	if (A[i] < B[i])
> 	    return -1;
> 	if (A[i] > B[i])
>@@ -94,29 +95,29 @@
> const cache_key *
> storeKeyPrivate(const char *url, method_t method, int id)
> {
>-    static cache_key digest[MD5_DIGEST_CHARS];
>-    MD5_CTX M;
>+    static cache_key digest[SQUID_MD5_DIGEST_LENGTH];
>+    SquidMD5_CTX M;
>     assert(id > 0);
>     debug(20, 3) ("storeKeyPrivate: %s %s\n",
> 	RequestMethodStr[method], url);
>-    MD5Init(&M);
>-    MD5Update(&M, (unsigned char *) &id, sizeof(id));
>-    MD5Update(&M, (unsigned char *) &method, sizeof(method));
>-    MD5Update(&M, (unsigned char *) url, strlen(url));
>-    MD5Final(digest, &M);
>+    SquidMD5Init(&M);
>+    SquidMD5Update(&M, (unsigned char *) &id, sizeof(id));
>+    SquidMD5Update(&M, (unsigned char *) &method, sizeof(method));
>+    SquidMD5Update(&M, (unsigned char *) url, strlen(url));
>+    SquidMD5Final(digest, &M);
>     return digest;
> }
> 
> const cache_key *
> storeKeyPublic(const char *url, const method_t method)
> {
>-    static cache_key digest[MD5_DIGEST_CHARS];
>+    static cache_key digest[SQUID_MD5_DIGEST_LENGTH];
>     unsigned char m = (unsigned char) method;
>-    MD5_CTX M;
>-    MD5Init(&M);
>-    MD5Update(&M, &m, sizeof(m));
>-    MD5Update(&M, (unsigned char *) url, strlen(url));
>-    MD5Final(digest, &M);
>+    SquidMD5_CTX M;
>+    SquidMD5Init(&M);
>+    SquidMD5Update(&M, &m, sizeof(m));
>+    SquidMD5Update(&M, (unsigned char *) url, strlen(url));
>+    SquidMD5Final(digest, &M);
>     return digest;
> }
> 
>@@ -129,26 +130,26 @@
> const cache_key *
> storeKeyPublicByRequestMethod(request_t * request, const method_t method)
> {
>-    static cache_key digest[MD5_DIGEST_CHARS];
>+    static cache_key digest[SQUID_MD5_DIGEST_LENGTH];
>     unsigned char m = (unsigned char) method;
>     const char *url = urlCanonical(request);
>-    MD5_CTX M;
>-    MD5Init(&M);
>-    MD5Update(&M, &m, sizeof(m));
>-    MD5Update(&M, (unsigned char *) url, strlen(url));
>+    SquidMD5_CTX M;
>+    SquidMD5Init(&M);
>+    SquidMD5Update(&M, &m, sizeof(m));
>+    SquidMD5Update(&M, (unsigned char *) url, strlen(url));
>     if (request->vary_headers) {
>-	MD5Update(&M, (unsigned char *) "\0V", 2);
>-	MD5Update(&M, (unsigned char *) request->vary_headers, strlen(request->vary_headers));
>+	SquidMD5Update(&M, (unsigned char *) "\0V", 2);
>+	SquidMD5Update(&M, (unsigned char *) request->vary_headers, strlen(request->vary_headers));
> 	if (strBuf(request->vary_encoding)) {
>-	    MD5Update(&M, (unsigned char *) "\0E", 2);
>-	    MD5Update(&M, (unsigned char *) strBuf(request->vary_encoding), strLen(request->vary_encoding));
>+	    SquidMD5Update(&M, (unsigned char *) "\0E", 2);
>+	    SquidMD5Update(&M, (unsigned char *) strBuf(request->vary_encoding), strLen(request->vary_encoding));
> 	}
>     }
>     if (request->urlgroup) {
>-	MD5Update(&M, (unsigned char *) "\0G", 2);
>-	MD5Update(&M, (unsigned char *) request->urlgroup, strlen(request->urlgroup));
>+	SquidMD5Update(&M, (unsigned char *) "\0G", 2);
>+	SquidMD5Update(&M, (unsigned char *) request->urlgroup, strlen(request->urlgroup));
>     }
>-    MD5Final(digest, &M);
>+    SquidMD5Final(digest, &M);
>     return digest;
> }
> 
>@@ -156,14 +157,14 @@
> storeKeyDup(const cache_key * key)
> {
>     cache_key *dup = memAllocate(MEM_MD5_DIGEST);
>-    xmemcpy(dup, key, MD5_DIGEST_CHARS);
>+    xmemcpy(dup, key, SQUID_MD5_DIGEST_LENGTH);
>     return dup;
> }
> 
> cache_key *
> storeKeyCopy(cache_key * dst, const cache_key * src)
> {
>-    xmemcpy(dst, src, MD5_DIGEST_CHARS);
>+    xmemcpy(dst, src, SQUID_MD5_DIGEST_LENGTH);
>     return dst;
> }
> 
>@@ -185,7 +186,7 @@
> int
> storeKeyNull(const cache_key * key)
> {
>-    if (memcmp(key, null_key, MD5_DIGEST_CHARS) == 0)
>+    if (memcmp(key, null_key, SQUID_MD5_DIGEST_LENGTH) == 0)
> 	return 1;
>     else
> 	return 0;
>@@ -194,5 +195,5 @@
> void
> storeKeyInit(void)
> {
>-    memset(null_key, '\0', MD5_DIGEST_CHARS);
>+    memset(null_key, '\0', SQUID_MD5_DIGEST_LENGTH);
> }

Actions: View | Diff

Attachments on bug 705097: 586241