Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 586241 Details for
Bug 705097
squid fails to start and core dumps with FIPS 140-2 mode enabled
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch to allow md5 for cache id objects in fips mode
squid-md5-fips.patch (text/plain), 13.46 KB, created by
Paul Wouters
on 2012-05-23 04:33:02 UTC
(
hide
)
Description:
patch to allow md5 for cache id objects in fips mode
Filename:
MIME Type:
Creator:
Paul Wouters
Created:
2012-05-23 04:33:02 UTC
Size:
13.46 KB
patch
obsolete
>diff -Naur squid-2.6.STABLE21-orig/include/md5.h squid-2.6.STABLE21/include/md5.h >--- squid-2.6.STABLE21-orig/include/md5.h 2006-05-28 20:02:41.000000000 -0400 >+++ squid-2.6.STABLE21/include/md5.h 2012-05-22 19:54:37.000000000 -0400 >@@ -21,7 +21,9 @@ > #define MD5Update MD5_Update > #define MD5Final MD5_Final > >-#else /* USE_OPENSSL */ >+#endif /* USE_OPENSSL */ >+ >+/* below used for non-networking md5 use in fips mode */ > > /* > * This is the header file for the MD5 message-digest algorithm. >@@ -52,18 +54,17 @@ > > #include "squid_types.h" > >-typedef struct MD5Context { >+typedef struct SquidMD5Context { > uint32_t buf[4]; > uint32_t bytes[2]; > uint32_t in[16]; >-} MD5_CTX; >+} SquidMD5_CTX; > >-void MD5Init(struct MD5Context *context); >-void MD5Update(struct MD5Context *context, const void *buf, unsigned len); >-void MD5Final(uint8_t digest[16], struct MD5Context *context); >-void MD5Transform(uint32_t buf[4], uint32_t const in[16]); >+void SquidMD5Init(struct SquidMD5Context *context); >+void SquidMD5Update(struct SquidMD5Context *context, const void *buf, unsigned len); >+void SquidMD5Final(uint8_t digest[16], struct SquidMD5Context *context); >+void SquidMD5Transform(uint32_t buf[4], uint32_t const in[16]); > >-#define MD5_DIGEST_CHARS 16 >+#define SQUID_MD5_DIGEST_LENGTH 16 > >-#endif /* USE_OPENSSL */ > #endif /* SQUID_MD5_H */ >diff -Naur squid-2.6.STABLE21-orig/lib/Makefile.am squid-2.6.STABLE21/lib/Makefile.am >--- squid-2.6.STABLE21-orig/lib/Makefile.am 2006-09-08 15:41:24.000000000 -0400 >+++ squid-2.6.STABLE21/lib/Makefile.am 2012-05-22 19:54:37.000000000 -0400 >@@ -13,11 +13,14 @@ > else > STRSEPSOURCE= > endif >-if NEED_OWN_MD5 >+ >+#if NEED_OWN_MD5 >+#MD5SOURCE=md5.c >+#else >+#MD5SOURCE= >+#endif > MD5SOURCE=md5.c >-else >-MD5SOURCE= >-endif >+ > if ENABLE_WIN32SPECIFIC > LIBSSPWIN32=libsspwin32.a > else >diff -Naur squid-2.6.STABLE21-orig/lib/Makefile.in squid-2.6.STABLE21/lib/Makefile.in >--- squid-2.6.STABLE21-orig/lib/Makefile.in 2007-08-12 08:41:06.000000000 -0400 >+++ squid-2.6.STABLE21/lib/Makefile.in 2012-05-22 19:54:59.000000000 -0400 >@@ -69,7 +69,7 @@ > @NEED_OWN_STRSEP_TRUE@am__objects_3 = strsep.$(OBJEXT) > @ENABLE_MINGW32SPECIFIC_TRUE@am__objects_4 = win32lib.$(OBJEXT) > am_libmiscutil_a_OBJECTS = Array.$(OBJEXT) base64.$(OBJEXT) \ >- getfullhostname.$(OBJEXT) hash.$(OBJEXT) heap.$(OBJEXT) \ >+ getfullhostname.$(OBJEXT) md5.$(OBJEXT) hash.$(OBJEXT) heap.$(OBJEXT) \ > html_quote.$(OBJEXT) iso3307.$(OBJEXT) $(am__objects_1) \ > radix.$(OBJEXT) rfc1035.$(OBJEXT) rfc1123.$(OBJEXT) \ > rfc1738.$(OBJEXT) rfc2617.$(OBJEXT) safe_inet_addr.$(OBJEXT) \ >diff -Naur squid-2.6.STABLE21-orig/lib/md5.c squid-2.6.STABLE21/lib/md5.c >--- squid-2.6.STABLE21-orig/lib/md5.c 2006-05-31 07:01:41.000000000 -0400 >+++ squid-2.6.STABLE21/lib/md5.c 2012-05-22 19:54:37.000000000 -0400 >@@ -10,49 +10,46 @@ > * with every copy. > * > * To compute the message digest of a chunk of bytes, declare an >- * MD5Context structure, pass it to MD5Init, call MD5Update as >- * needed on buffers full of bytes, and then call MD5Final, which >- * will fill a supplied 16-byte array with the digest. >+ * SquidMD5Context structure, pass it to SquidMD5Init, call >+ * SquidMD5Update as needed on buffers full of bytes, and then call >+ * SquidMD5Final, which will fill a supplied 16-byte array with the >+ * digest. > * > * Changed so as no longer to depend on Colin Plumb's `usual.h' header > * definitions; now uses stuff from dpkg's config.h. > * - Ian Jackson <ian@chiark.greenend.org.uk>. > * Still in the public domain. > * >- * Changed MD5Update to take a void * for easier use and some other >- * minor cleanup. - Henrik Nordstrom <henrik@henriknordstrom.net>. >+ * Changed SquidMD5Update to take a void * for easier use and some >+ * other minor cleanup. - Henrik Nordstrom <henrik@henriknordstrom.net>. >+ * Still in the public domain. >+ * >+ * Prefixed all symbols with "Squid" so they don't collide with >+ * other libraries. Duane Wessels <wessels@squid-cache.org>. > * Still in the public domain. > * > */ > #include "config.h" > >-/* MS VisualStudio Projects are monolithic, so we need the following >- * #if to exclude the MD5 code from compile process when we are >- * building the SSL support. >- */ >-#if !USE_SSL >+#include "md5.h" >+ > #if HAVE_STRING_H > #include <string.h> /* for memcpy() */ > #endif > #if HAVE_SYS_TYPES_H > #include <sys/types.h> /* for stupid systems */ > #endif >-#if HAVE_NETINET_IN_H >-#include <netinet/in.h> /* for ntohl() */ >-#endif >- >-#include "md5.h" > > #ifdef WORDS_BIGENDIAN > void >-byteSwap(uint32_t * buf, unsigned words) >+static byteSwap(uint32_t * buf, unsigned words) > { > uint8_t *p = (uint8_t *) buf; > > do { >- *buf++ = (uint32_t) ((unsigned) p[3] << 8 | p[2]) << 16 | >- ((unsigned) p[1] << 8 | p[0]); >- p += 4; >+ *buf++ = (uint32_t) ((unsigned) p[3] << 8 | p[2]) << 16 | >+ ((unsigned) p[1] << 8 | p[0]); >+ p += 4; > } while (--words); > } > #else >@@ -64,7 +61,7 @@ > * initialization constants. > */ > void >-MD5Init(struct MD5Context *ctx) >+SquidMD5Init(struct SquidMD5Context *ctx) > { > ctx->buf[0] = 0x67452301; > ctx->buf[1] = 0xefcdab89; >@@ -80,7 +77,7 @@ > * of bytes. > */ > void >-MD5Update(struct MD5Context *ctx, const void *_buf, unsigned len) >+SquidMD5Update(struct SquidMD5Context *ctx, const void *_buf, unsigned len) > { > uint8_t const *buf = _buf; > uint32_t t; >@@ -89,27 +86,27 @@ > > t = ctx->bytes[0]; > if ((ctx->bytes[0] = t + len) < t) >- ctx->bytes[1]++; /* Carry from low to high */ >+ ctx->bytes[1]++; /* Carry from low to high */ > > t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */ > if (t > len) { >- memcpy((uint8_t *) ctx->in + 64 - t, buf, len); >- return; >+ memcpy((uint8_t *) ctx->in + 64 - t, buf, len); >+ return; > } > /* First chunk is an odd size */ > memcpy((uint8_t *) ctx->in + 64 - t, buf, t); > byteSwap(ctx->in, 16); >- MD5Transform(ctx->buf, ctx->in); >+ SquidMD5Transform(ctx->buf, ctx->in); > buf += t; > len -= t; > > /* Process data in 64-byte chunks */ > while (len >= 64) { >- memcpy(ctx->in, buf, 64); >- byteSwap(ctx->in, 16); >- MD5Transform(ctx->buf, ctx->in); >- buf += 64; >- len -= 64; >+ memcpy(ctx->in, buf, 64); >+ byteSwap(ctx->in, 16); >+ SquidMD5Transform(ctx->buf, ctx->in); >+ buf += 64; >+ len -= 64; > } > > /* Handle any remaining bytes of data. */ >@@ -117,11 +114,11 @@ > } > > /* >- * Final wrapup - pad to 64-byte boundary with the bit pattern >+ * Final wrapup - pad to 64-byte boundary with the bit pattern > * 1 0* (64-bit count of bits processed, MSB-first) > */ > void >-MD5Final(unsigned char digest[16], struct MD5Context *ctx) >+SquidMD5Final(unsigned char digest[16], struct SquidMD5Context *ctx) > { > int count = ctx->bytes[0] & 0x3f; /* Number of bytes in ctx->in */ > uint8_t *p = (uint8_t *) ctx->in + count; >@@ -133,11 +130,11 @@ > count = 56 - 1 - count; > > if (count < 0) { /* Padding forces an extra block */ >- memset(p, 0, count + 8); >- byteSwap(ctx->in, 16); >- MD5Transform(ctx->buf, ctx->in); >- p = (uint8_t *) ctx->in; >- count = 56; >+ memset(p, 0, count + 8); >+ byteSwap(ctx->in, 16); >+ SquidMD5Transform(ctx->buf, ctx->in); >+ p = (uint8_t *) ctx->in; >+ count = 56; > } > memset(p, 0, count); > byteSwap(ctx->in, 14); >@@ -145,11 +142,11 @@ > /* Append length in bits and transform */ > ctx->in[14] = ctx->bytes[0] << 3; > ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29; >- MD5Transform(ctx->buf, ctx->in); >+ SquidMD5Transform(ctx->buf, ctx->in); > > byteSwap(ctx->buf, 4); > memcpy(digest, ctx->buf, 16); >- memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ >+ memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ > } > > #ifndef ASM_MD5 >@@ -168,11 +165,11 @@ > > /* > * The core of the MD5 algorithm, this alters an existing MD5 hash to >- * reflect the addition of 16 longwords of new data. MD5Update blocks >+ * reflect the addition of 16 longwords of new data. SquidMD5Update blocks > * the data and converts bytes into longwords for this routine. > */ > void >-MD5Transform(uint32_t buf[4], uint32_t const in[16]) >+SquidMD5Transform(uint32_t buf[4], uint32_t const in[16]) > { > register uint32_t a, b, c, d; > >@@ -255,5 +252,4 @@ > buf[3] += d; > } > >-#endif >-#endif >+#endif /* !ASM_MD5 */ >diff -Naur squid-2.6.STABLE21-orig/src/store_key_md5.c squid-2.6.STABLE21/src/store_key_md5.c >--- squid-2.6.STABLE21-orig/src/store_key_md5.c 2006-06-07 15:43:51.000000000 -0400 >+++ squid-2.6.STABLE21/src/store_key_md5.c 2012-05-22 19:54:37.000000000 -0400 >@@ -31,11 +31,12 @@ > * along with this program; if not, write to the Free Software > * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. > * >+ * hardcode using builtin md5 to avoid fips blocking md5 usage > */ > > #include "squid.h" > >-static cache_key null_key[MD5_DIGEST_CHARS]; >+static cache_key null_key[SQUID_MD5_DIGEST_LENGTH]; > > const char * > storeKeyText(const unsigned char *key) >@@ -43,7 +44,7 @@ > static MemBuf mb = MemBufNULL; > int i; > memBufReset(&mb); >- for (i = 0; i < MD5_DIGEST_CHARS; i++) >+ for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; i++) > memBufPrintf(&mb, "%02X", *(key + i)); > return mb.buf; > } >@@ -51,11 +52,11 @@ > const cache_key * > storeKeyScan(const char *buf) > { >- static unsigned char digest[MD5_DIGEST_CHARS]; >+ static unsigned char digest[SQUID_MD5_DIGEST_LENGTH]; > int i; > int j = 0; > char t[3]; >- for (i = 0; i < MD5_DIGEST_CHARS; i++) { >+ for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; i++) { > t[0] = *(buf + (j++)); > t[1] = *(buf + (j++)); > t[2] = '\0'; >@@ -70,7 +71,7 @@ > const unsigned char *A = a; > const unsigned char *B = b; > int i; >- for (i = 0; i < MD5_DIGEST_CHARS; i++) { >+ for (i = 0; i < SQUID_MD5_DIGEST_LENGTH; i++) { > if (A[i] < B[i]) > return -1; > if (A[i] > B[i]) >@@ -94,29 +95,29 @@ > const cache_key * > storeKeyPrivate(const char *url, method_t method, int id) > { >- static cache_key digest[MD5_DIGEST_CHARS]; >- MD5_CTX M; >+ static cache_key digest[SQUID_MD5_DIGEST_LENGTH]; >+ SquidMD5_CTX M; > assert(id > 0); > debug(20, 3) ("storeKeyPrivate: %s %s\n", > RequestMethodStr[method], url); >- MD5Init(&M); >- MD5Update(&M, (unsigned char *) &id, sizeof(id)); >- MD5Update(&M, (unsigned char *) &method, sizeof(method)); >- MD5Update(&M, (unsigned char *) url, strlen(url)); >- MD5Final(digest, &M); >+ SquidMD5Init(&M); >+ SquidMD5Update(&M, (unsigned char *) &id, sizeof(id)); >+ SquidMD5Update(&M, (unsigned char *) &method, sizeof(method)); >+ SquidMD5Update(&M, (unsigned char *) url, strlen(url)); >+ SquidMD5Final(digest, &M); > return digest; > } > > const cache_key * > storeKeyPublic(const char *url, const method_t method) > { >- static cache_key digest[MD5_DIGEST_CHARS]; >+ static cache_key digest[SQUID_MD5_DIGEST_LENGTH]; > unsigned char m = (unsigned char) method; >- MD5_CTX M; >- MD5Init(&M); >- MD5Update(&M, &m, sizeof(m)); >- MD5Update(&M, (unsigned char *) url, strlen(url)); >- MD5Final(digest, &M); >+ SquidMD5_CTX M; >+ SquidMD5Init(&M); >+ SquidMD5Update(&M, &m, sizeof(m)); >+ SquidMD5Update(&M, (unsigned char *) url, strlen(url)); >+ SquidMD5Final(digest, &M); > return digest; > } > >@@ -129,26 +130,26 @@ > const cache_key * > storeKeyPublicByRequestMethod(request_t * request, const method_t method) > { >- static cache_key digest[MD5_DIGEST_CHARS]; >+ static cache_key digest[SQUID_MD5_DIGEST_LENGTH]; > unsigned char m = (unsigned char) method; > const char *url = urlCanonical(request); >- MD5_CTX M; >- MD5Init(&M); >- MD5Update(&M, &m, sizeof(m)); >- MD5Update(&M, (unsigned char *) url, strlen(url)); >+ SquidMD5_CTX M; >+ SquidMD5Init(&M); >+ SquidMD5Update(&M, &m, sizeof(m)); >+ SquidMD5Update(&M, (unsigned char *) url, strlen(url)); > if (request->vary_headers) { >- MD5Update(&M, (unsigned char *) "\0V", 2); >- MD5Update(&M, (unsigned char *) request->vary_headers, strlen(request->vary_headers)); >+ SquidMD5Update(&M, (unsigned char *) "\0V", 2); >+ SquidMD5Update(&M, (unsigned char *) request->vary_headers, strlen(request->vary_headers)); > if (strBuf(request->vary_encoding)) { >- MD5Update(&M, (unsigned char *) "\0E", 2); >- MD5Update(&M, (unsigned char *) strBuf(request->vary_encoding), strLen(request->vary_encoding)); >+ SquidMD5Update(&M, (unsigned char *) "\0E", 2); >+ SquidMD5Update(&M, (unsigned char *) strBuf(request->vary_encoding), strLen(request->vary_encoding)); > } > } > if (request->urlgroup) { >- MD5Update(&M, (unsigned char *) "\0G", 2); >- MD5Update(&M, (unsigned char *) request->urlgroup, strlen(request->urlgroup)); >+ SquidMD5Update(&M, (unsigned char *) "\0G", 2); >+ SquidMD5Update(&M, (unsigned char *) request->urlgroup, strlen(request->urlgroup)); > } >- MD5Final(digest, &M); >+ SquidMD5Final(digest, &M); > return digest; > } > >@@ -156,14 +157,14 @@ > storeKeyDup(const cache_key * key) > { > cache_key *dup = memAllocate(MEM_MD5_DIGEST); >- xmemcpy(dup, key, MD5_DIGEST_CHARS); >+ xmemcpy(dup, key, SQUID_MD5_DIGEST_LENGTH); > return dup; > } > > cache_key * > storeKeyCopy(cache_key * dst, const cache_key * src) > { >- xmemcpy(dst, src, MD5_DIGEST_CHARS); >+ xmemcpy(dst, src, SQUID_MD5_DIGEST_LENGTH); > return dst; > } > >@@ -185,7 +186,7 @@ > int > storeKeyNull(const cache_key * key) > { >- if (memcmp(key, null_key, MD5_DIGEST_CHARS) == 0) >+ if (memcmp(key, null_key, SQUID_MD5_DIGEST_LENGTH) == 0) > return 1; > else > return 0; >@@ -194,5 +195,5 @@ > void > storeKeyInit(void) > { >- memset(null_key, '\0', MD5_DIGEST_CHARS); >+ memset(null_key, '\0', SQUID_MD5_DIGEST_LENGTH); > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 705097
: 586241