40f4191f2a
Fixes #10216 Building mcookie generates a warning about possible wrong arguments to memset: mcookie.c:207:26: warning: argument to ‘sizeof’ in ‘memset’ call is the same expression as the destination; did you mean to dereference it? [-Wsizeof-pointer-memaccess] memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ ctx is a pointer to a structure, so the code should use the size of the structure and not the size of the pointer when it tries to clear the structure, similar to how it got fixed upstream back in 2009: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/lib/md5.c?id=6596057175c6ed342dc20e85eae8a42eb29b629f Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
426 lines
12 KiB
C
426 lines
12 KiB
C
/* mcookie.c -- Generates random numbers for xauth
|
|
* Created: Fri Feb 3 10:42:48 1995 by faith@cs.unc.edu
|
|
* Revised: Fri Mar 19 07:48:01 1999 by faith@acm.org
|
|
* Public Domain 1995, 1999 Rickard E. Faith (faith@acm.org)
|
|
* This program comes with ABSOLUTELY NO WARRANTY.
|
|
*
|
|
* $Id: mcookie.c,v 1.5 1997/07/06 00:13:06 aebr Exp $
|
|
*
|
|
* This program gathers some random bits of data and used the MD5
|
|
* message-digest algorithm to generate a 128-bit hexadecimal number for
|
|
* use with xauth(1).
|
|
*
|
|
* NOTE: Unless /dev/random is available, this program does not actually
|
|
* gather 128 bits of random information, so the magic cookie generated
|
|
* will be considerably easier to guess than one might expect.
|
|
*
|
|
* 1999-02-22 Arkadiusz Mi¶kiewicz <misiek@pld.ORG.PL>
|
|
* - added Native Language Support
|
|
* 1999-03-21 aeb: Added some fragments of code from Colin Plumb.
|
|
*
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <fcntl.h>
|
|
#include <sys/time.h>
|
|
#include <time.h>
|
|
#include <unistd.h>
|
|
|
|
#define BUFFERSIZE 4096
|
|
|
|
|
|
#ifndef MD5_H
|
|
#define MD5_H
|
|
|
|
#if defined (__alpha__) || defined (__ia64__) || defined (__x86_64__)
|
|
typedef unsigned int uint32;
|
|
#else
|
|
typedef unsigned long uint32;
|
|
#endif
|
|
|
|
struct MD5Context {
|
|
uint32 buf[4];
|
|
uint32 bits[2];
|
|
unsigned char in[64];
|
|
};
|
|
|
|
void MD5Init(struct MD5Context *context);
|
|
void MD5Update(struct MD5Context *context, unsigned char const *buf,
|
|
unsigned len);
|
|
void MD5Final(unsigned char digest[16], struct MD5Context *context);
|
|
void MD5Transform(uint32 buf[4], uint32 const in[16]);
|
|
|
|
/*
|
|
* This is needed to make RSAREF happy on some MS-DOS compilers.
|
|
*/
|
|
typedef struct MD5Context MD5_CTX;
|
|
|
|
#endif /* !MD5_H */
|
|
|
|
|
|
|
|
/*
|
|
* This code implements the MD5 message-digest algorithm.
|
|
* The algorithm is due to Ron Rivest. This code was
|
|
* written by Colin Plumb in 1993, no copyright is claimed.
|
|
* This code is in the public domain; do with it what you wish.
|
|
*
|
|
* Equivalent code is available from RSA Data Security, Inc.
|
|
* This code has been tested against that, and is equivalent,
|
|
* except that you don't need to include two pages of legalese
|
|
* with every copy.
|
|
*
|
|
* To compute the message digest of a chunk of bytes, declare an
|
|
* MD5Context structure, pass it to MD5Init, call MD5Update as
|
|
* needed on buffers full of bytes, and then call MD5Final, which
|
|
* will fill a supplied 16-byte array with the digest.
|
|
*/
|
|
#include <string.h> /* for memcpy() */
|
|
#include <endian.h>
|
|
|
|
#if __BYTE_ORDER == __LITTLE_ENDIAN
|
|
#define byteReverse(buf, len) /* Nothing */
|
|
#else
|
|
void byteReverse(unsigned char *buf, unsigned longs);
|
|
|
|
/*
|
|
* Note: this code is harmless on little-endian machines.
|
|
*/
|
|
void byteReverse(unsigned char *buf, unsigned longs)
|
|
{
|
|
uint32 t;
|
|
do {
|
|
t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
|
|
((unsigned) buf[1] << 8 | buf[0]);
|
|
*(uint32 *) buf = t;
|
|
buf += 4;
|
|
} while (--longs);
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
|
|
* initialization constants.
|
|
*/
|
|
void MD5Init(struct MD5Context *ctx)
|
|
{
|
|
ctx->buf[0] = 0x67452301;
|
|
ctx->buf[1] = 0xefcdab89;
|
|
ctx->buf[2] = 0x98badcfe;
|
|
ctx->buf[3] = 0x10325476;
|
|
|
|
ctx->bits[0] = 0;
|
|
ctx->bits[1] = 0;
|
|
}
|
|
|
|
/*
|
|
* Update context to reflect the concatenation of another buffer full
|
|
* of bytes.
|
|
*/
|
|
void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
|
|
{
|
|
uint32 t;
|
|
|
|
/* Update bitcount */
|
|
|
|
t = ctx->bits[0];
|
|
if ((ctx->bits[0] = t + ((uint32) len << 3)) < t)
|
|
ctx->bits[1]++; /* Carry from low to high */
|
|
ctx->bits[1] += len >> 29;
|
|
|
|
t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
|
|
|
|
/* Handle any leading odd-sized chunks */
|
|
|
|
if (t) {
|
|
unsigned char *p = (unsigned char *) ctx->in + t;
|
|
|
|
t = 64 - t;
|
|
if (len < t) {
|
|
memcpy(p, buf, len);
|
|
return;
|
|
}
|
|
memcpy(p, buf, t);
|
|
byteReverse(ctx->in, 16);
|
|
MD5Transform(ctx->buf, (uint32 *) ctx->in);
|
|
buf += t;
|
|
len -= t;
|
|
}
|
|
/* Process data in 64-byte chunks */
|
|
|
|
while (len >= 64) {
|
|
memcpy(ctx->in, buf, 64);
|
|
byteReverse(ctx->in, 16);
|
|
MD5Transform(ctx->buf, (uint32 *) ctx->in);
|
|
buf += 64;
|
|
len -= 64;
|
|
}
|
|
|
|
/* Handle any remaining bytes of data. */
|
|
|
|
memcpy(ctx->in, buf, len);
|
|
}
|
|
|
|
/*
|
|
* Final wrapup - pad to 64-byte boundary with the bit pattern
|
|
* 1 0* (64-bit count of bits processed, MSB-first)
|
|
*/
|
|
void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
|
|
{
|
|
unsigned count;
|
|
unsigned char *p;
|
|
|
|
/* Compute number of bytes mod 64 */
|
|
count = (ctx->bits[0] >> 3) & 0x3F;
|
|
|
|
/* Set the first char of padding to 0x80. This is safe since there is
|
|
always at least one byte free */
|
|
p = ctx->in + count;
|
|
*p++ = 0x80;
|
|
|
|
/* Bytes of padding needed to make 64 bytes */
|
|
count = 64 - 1 - count;
|
|
|
|
/* Pad out to 56 mod 64 */
|
|
if (count < 8) {
|
|
/* Two lots of padding: Pad the first block to 64 bytes */
|
|
memset(p, 0, count);
|
|
byteReverse(ctx->in, 16);
|
|
MD5Transform(ctx->buf, (uint32 *) ctx->in);
|
|
|
|
/* Now fill the next block with 56 bytes */
|
|
memset(ctx->in, 0, 56);
|
|
} else {
|
|
/* Pad block to 56 bytes */
|
|
memset(p, 0, count - 8);
|
|
}
|
|
byteReverse(ctx->in, 14);
|
|
|
|
/* Append length in bits and transform */
|
|
((uint32 *) ctx->in)[14] = ctx->bits[0];
|
|
((uint32 *) ctx->in)[15] = ctx->bits[1];
|
|
|
|
MD5Transform(ctx->buf, (uint32 *) ctx->in);
|
|
byteReverse((unsigned char *) ctx->buf, 4);
|
|
memcpy(digest, ctx->buf, 16);
|
|
memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
|
|
}
|
|
|
|
/* The four core functions - F1 is optimized somewhat */
|
|
|
|
/* #define F1(x, y, z) (x & y | ~x & z) */
|
|
#define F1(x, y, z) (z ^ (x & (y ^ z)))
|
|
#define F2(x, y, z) F1(z, x, y)
|
|
#define F3(x, y, z) (x ^ y ^ z)
|
|
#define F4(x, y, z) (y ^ (x | ~z))
|
|
|
|
/* This is the central step in the MD5 algorithm. */
|
|
#define MD5STEP(f, w, x, y, z, data, s) \
|
|
( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
|
|
|
|
/*
|
|
* The core of the MD5 algorithm, this alters an existing MD5 hash to
|
|
* reflect the addition of 16 longwords of new data. MD5Update blocks
|
|
* the data and converts bytes into longwords for this routine.
|
|
*/
|
|
void MD5Transform(uint32 buf[4], uint32 const in[16])
|
|
{
|
|
register uint32 a, b, c, d;
|
|
|
|
a = buf[0];
|
|
b = buf[1];
|
|
c = buf[2];
|
|
d = buf[3];
|
|
|
|
MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
|
|
MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
|
|
MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
|
|
MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
|
|
MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
|
|
MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
|
|
MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
|
|
MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
|
|
MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
|
|
MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
|
|
MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
|
|
MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
|
|
MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
|
|
MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
|
|
MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
|
|
MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
|
|
|
|
MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
|
|
MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
|
|
MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
|
|
MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
|
|
MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
|
|
MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
|
|
MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
|
|
MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
|
|
MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
|
|
MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
|
|
MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
|
|
MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
|
|
MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
|
|
MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
|
|
MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
|
|
MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
|
|
|
|
MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
|
|
MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
|
|
MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
|
|
MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
|
|
MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
|
|
MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
|
|
MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
|
|
MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
|
|
MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
|
|
MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
|
|
MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
|
|
MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
|
|
MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
|
|
MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
|
|
MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
|
|
MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
|
|
|
|
MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
|
|
MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
|
|
MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
|
|
MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
|
|
MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
|
|
MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
|
|
MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
|
|
MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
|
|
MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
|
|
MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
|
|
MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
|
|
MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
|
|
MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
|
|
MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
|
|
MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
|
|
MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
|
|
|
|
buf[0] += a;
|
|
buf[1] += b;
|
|
buf[2] += c;
|
|
buf[3] += d;
|
|
}
|
|
|
|
|
|
|
|
|
|
struct rngs {
|
|
const char *path;
|
|
int minlength, maxlength;
|
|
} rngs[] = {
|
|
{ "/dev/random", 16, 16 }, /* 16 bytes = 128 bits suffice */
|
|
{ "/proc/interrupts", 0, 0 },
|
|
{ "/proc/slabinfo", 0, 0 },
|
|
{ "/proc/stat", 0, 0 },
|
|
{ "/dev/urandom", 32, 64 },
|
|
};
|
|
#define RNGS (sizeof(rngs)/sizeof(struct rngs))
|
|
|
|
int Verbose = 0;
|
|
|
|
/* The basic function to hash a file */
|
|
static off_t
|
|
hash_file(struct MD5Context *ctx, int fd)
|
|
{
|
|
off_t count = 0;
|
|
ssize_t r;
|
|
unsigned char buf[BUFFERSIZE];
|
|
|
|
while ((r = read(fd, buf, sizeof(buf))) > 0) {
|
|
MD5Update(ctx, buf, r);
|
|
count += r;
|
|
}
|
|
/* Separate files with a null byte */
|
|
buf[0] = 0;
|
|
MD5Update(ctx, buf, 1);
|
|
return count;
|
|
}
|
|
|
|
int main( int argc, char **argv )
|
|
{
|
|
int i;
|
|
struct MD5Context ctx;
|
|
unsigned char digest[16];
|
|
unsigned char buf[BUFFERSIZE];
|
|
int fd;
|
|
int c;
|
|
pid_t pid;
|
|
char *file = NULL;
|
|
int r;
|
|
struct timeval tv;
|
|
struct timezone tz;
|
|
|
|
while ((c = getopt( argc, argv, "vf:" )) != -1)
|
|
switch (c) {
|
|
case 'v': ++Verbose; break;
|
|
case 'f': file = optarg; break;
|
|
}
|
|
|
|
MD5Init( &ctx );
|
|
|
|
gettimeofday( &tv, &tz );
|
|
MD5Update( &ctx, (unsigned char *)&tv, sizeof( tv ) );
|
|
pid = getppid();
|
|
MD5Update( &ctx, (unsigned char *)&pid, sizeof( pid ));
|
|
pid = getpid();
|
|
MD5Update( &ctx, (unsigned char *)&pid, sizeof( pid ));
|
|
|
|
if (file) {
|
|
int count = 0;
|
|
|
|
if (file[0] == '-' && !file[1])
|
|
fd = fileno(stdin);
|
|
else
|
|
fd = open( file, O_RDONLY );
|
|
|
|
if (fd < 0) {
|
|
fprintf( stderr, "Could not open %s\n", file );
|
|
} else {
|
|
count = hash_file( &ctx, fd );
|
|
if (Verbose)
|
|
fprintf( stderr, "Got %d bytes from %s\n", count, file );
|
|
|
|
if (file[0] != '-' || file[1]) close( fd );
|
|
}
|
|
}
|
|
|
|
for (i = 0; i < RNGS; i++) {
|
|
if ((fd = open( rngs[i].path, O_RDONLY|O_NONBLOCK )) >= 0) {
|
|
int count = sizeof(buf);
|
|
|
|
if (rngs[i].maxlength && count > rngs[i].maxlength)
|
|
count = rngs[i].maxlength;
|
|
r = read( fd, buf, count );
|
|
if (r > 0)
|
|
MD5Update( &ctx, buf, r );
|
|
else
|
|
r = 0;
|
|
close( fd );
|
|
if (Verbose)
|
|
fprintf( stderr, "Got %d bytes from %s\n", r, rngs[i].path );
|
|
if (rngs[i].minlength && r >= rngs[i].minlength)
|
|
break;
|
|
} else if (Verbose)
|
|
fprintf( stderr, "Could not open %s\n", rngs[i].path );
|
|
}
|
|
|
|
MD5Final( digest, &ctx );
|
|
for (i = 0; i < 16; i++) printf( "%02x", digest[i] );
|
|
putchar ( '\n' );
|
|
|
|
/*
|
|
* The following is important for cases like disk full, so shell scripts
|
|
* can bomb out properly rather than think they succeeded.
|
|
*/
|
|
if (fflush(stdout) < 0 || fclose(stdout) < 0)
|
|
return 1;
|
|
|
|
return 0;
|
|
}
|