CVS gsasl/lib/gl

[gsasl-commit]

Update of /home/cvs/gsasl/lib/gl
In directory dopio:/tmp/cvs-serv15510/gl

Modified Files:
        gc-gnulib.c gc-libgcrypt.c gc.h md5.c md5.h 
Log Message:
Update.

--- /home/cvs/gsasl/lib/gl/gc-gnulib.c  2005/10/06 15:57:48     1.3
+++ /home/cvs/gsasl/lib/gl/gc-gnulib.c  2005/10/12 00:36:50     1.4
@@ -24,11 +24,12 @@
 # include <config.h>
 #endif
 
-#include <stdlib.h>
-
 /* Get prototype. */
 #include <gc.h>
 
+#include <stdlib.h>
+#include <string.h>
+
 /* For randomize. */
 #include <unistd.h>
 #include <sys/types.h>
@@ -36,7 +37,8 @@
 #include <fcntl.h>
 #include <errno.h>
 
-#include <string.h>
+#include "md5.h"
+#include "hmac.h"
 
 int
 gc_init (void)
@@ -133,7 +135,23 @@
   return;
 }
 
-#include "md5.h"
+/* Hashes. */
+
+int
+gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf)
+{
+  switch (hash)
+    {
+    case GC_MD5:
+      md5_buffer (in, inlen, resbuf);
+      break;
+
+    default:
+      return GC_INVALID_HASH;
+    }
+
+  return GC_OK;
+}
 
 int
 gc_md5 (const void *in, size_t inlen, void *resbuf)
@@ -142,8 +160,6 @@
   return 0;
 }
 
-#include "hmac.h"
-
 int
 gc_hmac_md5 (const void *key, size_t keylen,
             const void *in, size_t inlen, char *resbuf)
--- /home/cvs/gsasl/lib/gl/gc-libgcrypt.c       2005/10/06 15:57:48     1.2
+++ /home/cvs/gsasl/lib/gl/gc-libgcrypt.c       2005/10/12 00:36:50     1.3
@@ -94,6 +94,28 @@
                               func_realloc, func_free);
 }
 
+/* Hashes. */
+
+int
+gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf)
+{
+  int gcryalg;
+
+  switch (hash)
+    {
+    case GC_MD5:
+      gcryalg = GCRY_MD_MD5;
+      break;
+
+    default:
+      return GC_INVALID_HASH;
+    }
+
+  gcry_md_hash_buffer (gcryalg, resbuf, in, inlen);
+
+  return GC_OK;
+}
+
 /* One-call interface. */
 
 int
@@ -104,7 +126,7 @@
   gpg_error_t err;
   unsigned char *p;
 
-  assert (outlen == 16);
+  assert (outlen == GC_MD5_DIGEST_SIZE);
 
   err = gcry_md_open (&hd, GCRY_MD_MD5, 0);
   if (err != GPG_ERR_NO_ERROR)
@@ -115,7 +137,7 @@
   p = gcry_md_read (hd, GCRY_MD_MD5);
   if (p == NULL)
     {
-      gcry_md_close (mdh);
+      gcry_md_close (hd);
       return GC_INVALID_HASH;
     }
 
--- /home/cvs/gsasl/lib/gl/gc.h 2005/10/05 14:40:41     1.2
+++ /home/cvs/gsasl/lib/gl/gc.h 2005/10/12 00:36:50     1.3
@@ -24,8 +24,6 @@
 /* Get size_t. */
 # include <stddef.h>
 
-#define GC_MD5_DIGEST_SIZE 16
-
 enum Gc_rc
   {
     GC_OK = 0,
@@ -40,6 +38,16 @@
   };
 typedef enum Gc_rc Gc_rc;
 
+/* Hash types. */
+enum Gc_hash
+  {
+    GC_MD5
+  };
+typedef enum Gc_hash Gc_hash;
+
+#define GC_MD5_DIGEST_SIZE 16
+
+/* Call before respectively after any other functions. */
 extern int gc_init (void);
 extern void gc_done (void);
 
@@ -54,10 +62,161 @@
                               gc_realloc_t func_realloc,
                               gc_free_t func_free);
 
+/* Hashes. */
+
+/* Compute a hash value over buffer IN of INLEN bytes size using the
+   algorithm HASH, placing the result in the pre-allocated buffer OUT.
+   The required size of OUT depends on HASH, and is generally
+   GC_<HASH>_DIGEST_SIZE.  For example, for GC_MD5 the output buffer
+   must be 16 bytes.  The return value is 0 (GC_OK) on success, or
+   another Gc_rc error code. */
+extern int
+gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *out);
+
 /* One-call interface. */
 extern int gc_md5 (const void *in, size_t inlen, void *resbuf);
 extern int gc_hmac_md5 (const void *key, size_t keylen,
                        const void *in, size_t inlen,
                        char *resbuf);
 
+/*
+  TODO:
+
+  From: Simon Josefsson <address@hidden>
+  Subject: Re: generic crypto
+  Newsgroups: gmane.comp.lib.gnulib.bugs
+  Cc: address@hidden
+  Date: Fri, 07 Oct 2005 12:50:57 +0200
+  Mail-Copies-To: nobody
+
+  Paul Eggert <address@hidden> writes:
+
+  > Simon Josefsson <address@hidden> writes:
+  >
+  >> * Perhaps the /dev/*random reading should be separated into a separate
+  >>   module?  It might be useful outside of the gc layer too.
+  >
+  > Absolutely.  I've been meaning to do that for months (for a "shuffle"
+  > program I want to add to coreutils), but hadn't gotten around to it.
+  > It would have to be generalized a bit.  I'd like to have the file
+  > descriptor cached, for example.
+
+  I'll write a separate module for that part.
+
+  I think we should even add a good PRNG that is re-seeded from
+  /dev/*random frequently.  GnuTLS can need a lot of random data on a
+  big server, more than /dev/random can supply.  And /dev/urandom might
+  not be strong enough.  Further, the security of /dev/*random can also
+  be questionable.
+
+  >>   I'm also not sure about the names of those functions, they suggest
+  >>   a more higher-level API than what is really offered (i.e., the
+  >>   names "nonce" and "pseudo_random" and "random" imply certain
+  >>   cryptographic properties).
+  >
+  > Could you expand a bit more on that?  What is the relationship between
+  > nonce/pseudorandom/random and the /dev/ values you are using?
+
+  There is none, that is the problem.
+
+  Applications generally need different kind of "random" numbers.
+  Sometimes they just need some random data and doesn't care whether it
+  is possible for an attacker to compute the string (aka a "nonce").
+  Sometimes they need data that is very difficult to compute (i.e.,
+  computing it require inverting SHA1 or similar).  Sometimes they need
+  data that is not possible to compute, i.e., it wants real entropy
+  collected over time on the system.  Collecting the last kind of random
+  data is very expensive, so it must not be used too often.  The second
+  kind of random data ("pseudo random") is typically generated by
+  seeding a good PRNG with a couple of hundred bytes of real entropy
+  from the "real random" data pool.  The "nonce" is usually computed
+  using the PRNG as well, because PRNGs are usually fast.
+
+  Pseudo-random data is typically used for session keys.  Strong random
+  data is often used to generate long-term keys (e.g., private RSA
+  keys).
+
+  Of course, there are many subtleties.  There are several different
+  kind of nonce:s.  Sometimes a nonce is just an ever-increasing
+  integer, starting from 0.  Sometimes it is assumed to be unlikely to
+  be the same as previous nonces, but without a requirement that the
+  nonce is possible to guess.  MD5(system clock) would thus suffice, if
+  it isn't called too often.  You can guess what the next value will be,
+  but it will always be different.
+
+  The problem is that /dev/*random doesn't offer any kind of semantic
+  guarantees.  But applications need an API that make that promise.
+
+  I think we should do this in several steps:
+
+  1) Write a module that can read from /dev/*random.
+
+  2) Add a module for a known-good PRNG suitable for random number
+  generation, that can be continuously re-seeded.
+
+  3) Add a high-level module that provide various different randomness
+  functions.  One for nonces, perhaps even different kind of nonces,
+  one for pseudo random data, and one for strong random data.  It is
+  not clear whether we can hope to achieve the last one in a portable
+  way.
+
+  Further, it would be useful to allow users to provide their own
+  entropy source as a file, used to seed the PRNG or initialize the
+  strong randomness pool.  This is used on embedded platforms that
+  doesn't have enough interrupts to hope to generate good random data.
+
+  > For example, why not use OpenBSD's /dev/arandom?
+
+  I don't trust ARC4.  For example, recent cryptographic efforts
+  indicate that you must throw away the first 512 bytes generated from
+  the PRNG for it to be secure.  I don't know whether OpenBSD do this.
+  Further, I recall some eprint paper on RC4 security that didn't
+  inspire confidence.
+
+  While I trust the random devices in OpenBSD more than
+  Solaris/AIX/HPUX/etc, I think that since we need something better on
+  Solaris/AIX/HPUX we'd might as well use it on OpenBSD or even Linux
+  too.
+
+  > Here is one thought.  The user could specify a desired quality level
+  > range, and the implementation then would supply random data that is at
+  > least as good as the lower bound of the range.  I.e., ihe
+  > implementation refuses to produce any random data if it can't generate
+  > data that is at least as good as the lower end of the range.  The
+  > upper bound of the range is advice from the user not to be any more
+  > expensive than that, but the implementation can ignore the advice if
+  > it doesn't have anything cheaper.
+
+  I'm not sure this is a good idea.  Users can't really be expected to
+  understand this.  Further, applications need many different kind of
+  random data.  Selecting the randomness level for each by the user will
+  be too complicated.
+
+  I think it is better if the application decide, from its cryptographic
+  requirement, what entropy quality it require, and call the proper API.
+  Meeting the implied semantic properties should be the job for gnulib.
+
+  >> Perhaps gc_dev_random and gc_dev_urandom?
+  >
+  > To some extent.  I'd rather insulate the user from the details of
+  > where the random numbers come from.  On the other hand we need to
+  > provide a way for applications to specify a file that contains
+  > random bits, so that people can override the defaults.
+
+  Agreed.
+
+  This may require some thinking before it is finalized.  Is it ok to
+  install the GC module as-is meanwhile?  Then I can continue to add the
+  stuff that GnuTLS need, and then come back to re-working the
+  randomness module.  That way, we have two different projects that use
+  the code.  GnuTLS includes the same randomness code that was in GNU
+  SASL and that is in the current gc module.  I feel much more
+  comfortable working in small steps at a time, rather then working on
+  this for a long time in gnulib and only later integrate the stuff in
+  GnuTLS.
+
+  Thanks,
+  Simon
+ */
+
 #endif /* GC_H */
--- /home/cvs/gsasl/lib/gl/md5.c        2005/10/05 14:30:08     1.1
+++ /home/cvs/gsasl/lib/gl/md5.c        2005/10/12 00:36:50     1.2
@@ -1,8 +1,8 @@
-/* md5.c - Functions to compute MD5 message digest of files or memory blocks
+/* Functions to compute MD5 message digest of files or memory blocks.
    according to the definition of MD5 in RFC 1321 from April 1992.
-   Copyright (C) 1995, 1996, 2001, 2003, 2004, 2005 Free Software Foundation, 
Inc.
-   NOTE: The canonical source of this file is maintained with the GNU C
-   Library.  Bugs can be reported to address@hidden
+   Copyright (C) 1995,1996,1997,1999,2000,2001,2005
+       Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
 
    This program is free software; you can redistribute it and/or modify it
    under the terms of the GNU Lesser General Public License as published by the
@@ -27,7 +27,9 @@
 #include "md5.h"
 
 #include <stddef.h>
+#include <stdlib.h>
 #include <string.h>
+#include <sys/types.h>
 
 #if USE_UNLOCKED_IO
 # include "unlocked-io.h"
@@ -88,10 +90,10 @@
 void *
 md5_read_ctx (const struct md5_ctx *ctx, void *resbuf)
 {
-  ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A);
-  ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B);
-  ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C);
-  ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D);
+  ((uint32_t *) resbuf)[0] = SWAP (ctx->A);
+  ((uint32_t *) resbuf)[1] = SWAP (ctx->B);
+  ((uint32_t *) resbuf)[2] = SWAP (ctx->C);
+  ((uint32_t *) resbuf)[3] = SWAP (ctx->D);
 
   return resbuf;
 }
@@ -105,7 +107,7 @@
 md5_finish_ctx (struct md5_ctx *ctx, void *resbuf)
 {
   /* Take yet unprocessed bytes into account.  */
-  md5_uint32 bytes = ctx->buflen;
+  uint32_t bytes = ctx->buflen;
   size_t pad;
 
   /* Now count remaining bytes.  */
@@ -117,8 +119,8 @@
   memcpy (&ctx->buffer[bytes], fillbuf, pad);
 
   /* Put the 64-bit file length in *bits* at the end of the buffer.  */
-  *(md5_uint32 *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3);
-  *(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) |
+  *(uint32_t *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3);
+  *(uint32_t *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) |
                                                        (ctx->total[0] >> 29));
 
   /* Process last bytes.  */
@@ -244,8 +246,14 @@
   if (len >= 64)
     {
 #if !_STRING_ARCH_unaligned
-# define alignof(type) offsetof (struct { char c; type x; }, x)
-# define UNALIGNED_P(p) (((size_t) p) % alignof (md5_uint32) != 0)
+/* To check alignment gcc has an appropriate operator.  Other
+   compilers don't.  */
+# if __GNUC__ >= 2
+#  define UNALIGNED_P(p) (((uintptr_t) p) % __alignof__ (uint32_t) != 0)
+# else
+#  define alignof(type) offsetof (struct { char c; type x; }, x)
+#  define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0)
+# endif
       if (UNALIGNED_P (buffer))
        while (len > 64)
          {
@@ -295,14 +303,14 @@
 void
 md5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx)
 {
-  md5_uint32 correct_words[16];
-  const md5_uint32 *words = buffer;
-  size_t nwords = len / sizeof (md5_uint32);
-  const md5_uint32 *endp = words + nwords;
-  md5_uint32 A = ctx->A;
-  md5_uint32 B = ctx->B;
-  md5_uint32 C = ctx->C;
-  md5_uint32 D = ctx->D;
+  uint32_t correct_words[16];
+  const uint32_t *words = buffer;
+  size_t nwords = len / sizeof (uint32_t);
+  const uint32_t *endp = words + nwords;
+  uint32_t A = ctx->A;
+  uint32_t B = ctx->B;
+  uint32_t C = ctx->C;
+  uint32_t D = ctx->D;
 
   /* First increment the byte count.  RFC 1321 specifies the possible
      length of the file up to 2^64 bits.  Here we only compute the
@@ -315,11 +323,11 @@
      the loop.  */
   while (words < endp)
     {
-      md5_uint32 *cwp = correct_words;
-      md5_uint32 A_save = A;
-      md5_uint32 B_save = B;
-      md5_uint32 C_save = C;
-      md5_uint32 D_save = D;
+      uint32_t *cwp = correct_words;
+      uint32_t A_save = A;
+      uint32_t B_save = B;
+      uint32_t C_save = C;
+      uint32_t D_save = D;
 
       /* First round: using the given function, the context and a constant
         the next context is computed.  Because the algorithms processing
@@ -375,7 +383,7 @@
         argument specifying the function to use.  */
 #undef OP
 #define OP(f, a, b, c, d, k, s, T)                                     \
-      do                                                               \
+      do                                                               \
        {                                                               \
          a += f (b, c, d) + correct_words[k] + T;                      \
          CYCLIC (a, s);                                                \
--- /home/cvs/gsasl/lib/gl/md5.h        2005/10/05 14:30:08     1.1
+++ /home/cvs/gsasl/lib/gl/md5.h        2005/10/12 00:36:50     1.2
@@ -1,9 +1,8 @@
 /* Declaration of functions and data types used for MD5 sum computing
    library functions.
-   Copyright (C) 1995-1997,1999-2005 Free Software Foundation, Inc.
-
-   NOTE: The canonical source of this file is maintained with the GNU C
-   Library.  Bugs can be reported to address@hidden
+   Copyright (C) 1995-1997,1999,2000,2001,2004,2005
+      Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
 
    This program is free software; you can redistribute it and/or modify it
    under the terms of the GNU Lesser General Public License as published by the
@@ -23,18 +22,15 @@
 #define _MD5_H 1
 
 #include <stdio.h>
+#include <stdint.h>
 
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#if HAVE_STDINT_H || _LIBC
-# include <stdint.h>
-#endif
+#define MD5_DIGEST_SIZE 16
+#define MD5_BLOCK_SIZE 64
 
 #ifndef __GNUC_PREREQ
 # if defined __GNUC__ && defined __GNUC_MINOR__
-#  define __GNUC_PREREQ(maj, min) \
-       ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
+#  define __GNUC_PREREQ(maj, min)                                      \
+  ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
 # else
 #  define __GNUC_PREREQ(maj, min) 0
 # endif
@@ -64,22 +60,17 @@
 # define __md5_stream md5_stream
 #endif
 
-#define MD5_DIGEST_SIZE 16
-#define MD5_BLOCK_SIZE 64
-
-typedef uint32_t md5_uint32;
-
 /* Structure to save state of computation between the single steps.  */
 struct md5_ctx
 {
-  md5_uint32 A;
-  md5_uint32 B;
-  md5_uint32 C;
-  md5_uint32 D;
-
-  md5_uint32 total[2];
-  md5_uint32 buflen;
-  char buffer[128] __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
+  uint32_t A;
+  uint32_t B;
+  uint32_t C;
+  uint32_t D;
+
+  uint32_t total[2];
+  uint32_t buflen;
+  char buffer[128] __attribute__ ((__aligned__ (__alignof__ (uint32_t))));
 };
 
 /*
@@ -110,8 +101,8 @@
    endian byte order, so that a byte-wise output yields to the wanted
    ASCII representation of the message digest.
 
-   IMPORTANT: On some systems it is required that RESBUF be correctly
-   aligned for a 32 bits value.  */
+   IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit
+   boundary. */
 extern void *__md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) __THROW;
 
 
@@ -119,8 +110,8 @@
    always in little endian byte order, so that a byte-wise output yields
    to the wanted ASCII representation of the message digest.
 
-   IMPORTANT: On some systems it is required that RESBUF is correctly
-   aligned for a 32 bits value.  */
+   IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit
+   boundary. */
 extern void *__md5_read_ctx (const struct md5_ctx *ctx, void *resbuf) __THROW;