Check-in [02f5cea2da]
Overview
Comment:CACKey 0.6.2

Updated to include sha1.c, md5.c, and asn1-x509.c in the cackey.c translation unit so that these symbols never get exported and conflict with existing programs

Updated to try harder to remove and weaken symbols from shared object

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk | 0.6.2
Files: files | file ages | folders
SHA1: 02f5cea2da645381b445c17206ed8da6a853e594
User & Date: rkeene on 2011-09-08 01:47:17
Other Links: manifest | tags
Context
2011-09-08
01:51
CACKey 0.6.3

Fixed typo in last commit check-in: 9d554f2765 user: rkeene tags: 0.6.3, trunk

01:47
CACKey 0.6.2

Updated to include sha1.c, md5.c, and asn1-x509.c in the cackey.c translation unit so that these symbols never get exported and conflict with existing programs

Updated to try harder to remove and weaken symbols from shared object check-in: 02f5cea2da user: rkeene tags: 0.6.2, trunk

2011-08-26
20:37
Removed External CA and retired CAs check-in: ed2ca0f170 user: rkeene tags: trunk
Changes

Modified Makefile.in from [97d5ce9303] to [5df2f0ed55].

1
2
3
4
5
6
7
8
9
10
11
12

13
14
15
16
17
18
19
20
21
22

23
24
25

26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47



48
49
50
51



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

71
72
73
74
75
76
77
78
79
80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

23
24
25

26
27
28




















29
30
31
32
33


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

55
56
57
58
59
60
61
62
63
64
65












+









-
+


-
+


-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+


-
-
+
+
+


















-
+










CC = @PTHREAD_CC@
CFLAGS = @CFLAGS@ @PTHREAD_CFLAGS@
DEBUGCFLAGS = @CFLAGS@ @PTHREAD_CFLAGS@ -DCACKEY_DEBUG=1
CPPFLAGS = @CPPFLAGS@ @DEFS@ -I./pkcs11/
DEBUGCPPFLAGS = @CPPFLAGS@ -DCACKEY_DEBUG=1 -I./pkcs11/ @DEFS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@ @PTHREAD_LIBS@
SHOBJFLAGS = @SHOBJFLAGS@
SHOBJLDFLAGS = @SHOBJLDFLAGS@
AR = @AR@
RANLIB = @RANLIB@
STRIP = @STRIP@
OBJCOPY = @OBJCOPY@
prefix = @prefix@
exec_prefix = @exec_prefix@
libdir = @libdir@
@SET_MAKE@

all:
	$(MAKE) libcackey.@SHOBJEXT@
	-$(MAKE) libcackey_g.@SHOBJEXT@

cackey.o: cackey.c cackey_builtin_certs.h sha1.h md5.h asn1-x509.h config.h
cackey.o: cackey.c cackey_builtin_certs.h sha1.c sha1.h md5.c md5.h asn1-x509.c asn1-x509.h config.h
	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) -o cackey.o -c cackey.c

cackey_g.o: cackey.c cackey_builtin_certs.h sha1.h md5.h asn1-x509.h config.h
cackey_g.o: cackey.c cackey_builtin_certs.h sha1.c sha1.h md5.c md5.h asn1-x509.c asn1-x509.h config.h
	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) -o cackey_g.o -c cackey.c

asn1-x509.o: asn1-x509.c asn1-x509.h config.h
	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) -o asn1-x509.o -c asn1-x509.c

asn1-x509_g.o: asn1-x509.c asn1-x509.h config.h
	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) -o asn1-x509_g.o -c asn1-x509.c

sha1.o: sha1.c sha1.h config.h
	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) -o sha1.o -c sha1.c

sha1_g.o: sha1.c sha1.h config.h
	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) -o sha1_g.o -c sha1.c

md5.o: md5.c md5.h config.h
	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) -o md5.o -c md5.c

md5_g.o: md5.c md5.h config.h
	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) -o md5_g.o -c md5.c

libcackey.@SHOBJEXT@: cackey.o asn1-x509.o sha1.o md5.o
	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey.@SHOBJEXT@ cackey.o asn1-x509.o sha1.o md5.o $(LIBS)
libcackey.@SHOBJEXT@: cackey.o
	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey.@SHOBJEXT@ cackey.o $(LIBS)
	-$(OBJCOPY) --wildcard --keep-global-symbol 'C_*' libcackey.@SHOBJEXT@
	-$(STRIP) -x "libcackey.@SHOBJEXT@"

libcackey_g.@SHOBJEXT@: cackey_g.o asn1-x509_g.o sha1_g.o md5_g.o
	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey_g.@SHOBJEXT@ cackey_g.o asn1-x509_g.o sha1.o md5_g.o $(LIBS)
libcackey_g.@SHOBJEXT@: cackey_g.o
	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey_g.@SHOBJEXT@ cackey_g.o $(LIBS)
	-$(OBJCOPY) --wildcard --keep-global-symbol 'C_*' libcackey.@SHOBJEXT@

test: test.c libcackey_g.@SHOBJEXT@
	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o test test.c -Wl,-R,. libcackey_g.@SHOBJEXT@

splint-cackey.txt: cackey.c cackey_builtin_certs.h asn1-x509.c asn1-x509.h config.h
	splint $(DEBUGCPPFLAGS) -DCACKEY_PARANOID=1 -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt

install: libcackey.@SHOBJEXT@
	-mkdir -p "$(DESTDIR)$(libdir)"
	rm -f "$(DESTDIR)$(libdir)/libcackey.@SHOBJEXT@"
	rm -f "$(DESTDIR)$(libdir)/libcackey_g.@SHOBJEXT@"
	cp "libcackey.@SHOBJEXT@" "$(DESTDIR)$(libdir)/"
	-cp "libcackey_g.@SHOBJEXT@" "$(DESTDIR)$(libdir)/"

clean:
	rm -f libcackey.@SHOBJEXT@ libcackey_g.@SHOBJEXT@
	rm -f libcackey.@SHOBJEXT@.def libcackey_g.@SHOBJEXT@.def
	rm -f libcackey.@SHOBJEXT@.a libcackey_g.@SHOBJEXT@.a
	rm -f cackey.o asn1-x509.o cackey_g.o asn1-x509_g.o sha1.o sha1_g.o md5.o md5_g.o
	rm -f cackey.o cackey_g.o
	rm -f test
	rm -f splint-cackey.txt

distclean: clean
	rm -f config.log config.status config.h Makefile

mrproper: distclean
	rm -f configure config.h.in aclocal.m4 *~

.PHONY: all clean distclean mrproper install

Modified asn1-x509.c from [b4f2f9070a] to [d088e178d2].

184
185
186
187
188
189
190
191

192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

208
209
210
211
212
213
214
184
185
186
187
188
189
190

191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206

207
208
209
210
211
212
213
214







-
+















-
+







	if (outbuf) {
		*outbuf = x509.subject.asn1rep;
	}

	return(x509.subject.asn1rep_len);
}

ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
static ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
	struct x509_object x509;
	int read_ret;

	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
	if (read_ret != 0) {
		return(-1);
	}

	if (outbuf) {
		*outbuf = x509.serial_number.asn1rep;
	}

	return(x509.serial_number.asn1rep_len);
}

ssize_t x509_to_modulus(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
static ssize_t x509_to_modulus(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
	struct asn1_object null, pubkey, modulus, exponent;
	struct x509_object x509;
	int read_ret;

	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
	if (read_ret != 0) {
		return(-1);
228
229
230
231
232
233
234
235

236
237
238
239
240
241
242
228
229
230
231
232
233
234

235
236
237
238
239
240
241
242







-
+







	if (outbuf) {
		*outbuf = modulus.contents;
	}

	return(modulus.size);
}

ssize_t x509_to_exponent(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
static ssize_t x509_to_exponent(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
	struct asn1_object null, pubkey, modulus, exponent;
	struct x509_object x509;
	int read_ret;

	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
	if (read_ret != 0) {
		return(-1);
256
257
258
259
260
261
262
263

264
265
266
267
268
269
270
256
257
258
259
260
261
262

263
264
265
266
267
268
269
270







-
+







	if (outbuf) {
		*outbuf = exponent.contents;
	}

	return(exponent.size);
}

ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len) {
static ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len) {
	struct asn1_object null, pubkey, modulus, exponent;
	struct x509_object x509;
	int read_ret;

	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
	if (read_ret != 0) {
		return(-1);
321
322
323
324
325
326
327
328

329
330
331
332
333
334
335
321
322
323
324
325
326
327

328
329
330
331
332
333
334
335







-
+







			}
			break;
	}

	return("???");
}

ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel) {
static ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel) {
	struct asn1_object whole_thing, current_set, current_seq;
	struct asn1_object label, value;
	const char *label_str;
	ssize_t snprintf_ret, retval;
	char *outbuf_s;
	int read_ret;
	int offset;

Modified asn1-x509.h from [f03e4c690c] to [69520a462e].

1
2
3
4
5
6
7
8
9
10
11
12
13

14
15

16
17

18
19

20
21

22
23

24
25

26
27
1
2
3
4
5
6
7
8
9
10
11
12

13
14

15
16

17
18

19
20

21
22

23
24

25
26
27












-
+

-
+

-
+

-
+

-
+

-
+

-
+


#ifndef USACEIT_ASN1_X509_H
#define USACEIT_ASN1_X509_H 1

#ifdef HAVE_CONFIG_H
#  include "config.h"
#  ifdef HAVE_UNISTD_H
#    include <unistd.h>
#  endif
#else
#  include <unistd.h>
#endif

ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
static ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_issuer(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
static ssize_t x509_to_issuer(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
static ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_modulus(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
static ssize_t x509_to_modulus(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_exponent(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
static ssize_t x509_to_exponent(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);

ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len);
static ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len);

ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel);
static ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel);

#endif

Modified cackey.c from [e7404c7b1a] to [09dbb17ef5].

56
57
58
59
60
61
62








63
64
65
66
67
68
69
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77







+
+
+
+
+
+
+
+








#include "pkcs11.h"
#include "pkcs11n.h"
#include "asn1-x509.h"
#include "sha1.h"
#include "md5.h"

/*
 * Include these source files in this translation unit so that we can bind to
 * functions and not include any symbols in the output shared object.
 */
#include "asn1-x509.c"
#include "sha1.c"
#include "md5.c"

#ifndef CACKEY_CRYPTOKI_VERSION_CODE
#  define CACKEY_CRYPTOKI_VERSION_CODE 0x021e00
#endif

/* GSC-IS v2.1 Definitions */
/** Classes **/
#define GSCIS_CLASS_ISO7816           0x00

Modified configure.ac from [01379c117b] to [9e35aba144].

1

2
3
4
5
6
7
8

1
2
3
4
5
6
7
8
-
+







AC_INIT(cackey, 0.6.1) 
AC_INIT(cackey, 0.6.2) 
AC_CONFIG_HEADERS(config.h)

dnl Locate standard tools
AC_PROG_CC
AC_PROG_MAKE_SET
AC_PROG_INSTALL
AC_AIX
19
20
21
22
23
24
25

26

27
28
29
30
31
32
33
19
20
21
22
23
24
25
26

27
28
29
30
31
32
33
34







+
-
+







])

dnl Determine how to create static archives on this platform
AC_CHECK_TOOL(AR, ar)
AC_CHECK_TOOL(RANLIB, ranlib)

dnl Determine how to strip executables
AC_CHECK_TOOL(OBJCOPY, objcopy)
AC_CHECK_TOOL(STRIP, strip)
AC_CHECK_TOOL(STRIP, stripf, [$OBJCOPY])

dnl Check for all required headers
AC_CHECK_HEADERS(arpa/inet.h inttypes.h stdarg.h stdint.h stdio.h stdlib.h string.h sys/socket.h sys/types.h sys/un.h time.h unistd.h pthread.h zlib.h limits.h,,[
	AC_WARN([Required header missing, compilation will likely fail.])
], [
#ifdef HAVE_ARPA_INET_H
#  include <arpa/inet.h>

Modified md5.c from [b5658591a9] to [d7e67f33c5].

94
95
96
97
98
99
100
101

102
103
104
105
106
107
108
109
110
111
112
113
114
115

116
117
118
119
120
121
122
94
95
96
97
98
99
100

101
102
103
104
105
106
107
108
109
110
111
112
113
114

115
116
117
118
119
120
121
122







-
+













-
+







 (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
 (a) = ROTATE_LEFT ((a), (s)); \
 (a) += (b); \
  }

/* MD5 initialization. Begins an MD5 operation, writing a new context.
 */
void MD5Init (MD5_CTX *context) {
static void MD5Init (MD5_CTX *context) {
	context->count[0] = context->count[1] = 0;

	/* Load magic initialization constants. */
	context->state[0] = 0x67452301;
	context->state[1] = 0xefcdab89;
	context->state[2] = 0x98badcfe;
	context->state[3] = 0x10325476;
}

/* MD5 block update operation. Continues an MD5 message-digest
  operation, processing another message block, and updating the
  context.
 */
void MD5Update (MD5_CTX *context, unsigned char *input, unsigned int inputLen) {
static void MD5Update (MD5_CTX *context, unsigned char *input, unsigned int inputLen) {
	unsigned int i, index, partLen;

	/* Compute number of bytes mod 64 */
	index = (unsigned int)((context->count[0] >> 3) & 0x3F);

	/* Update number of bits */
	if ((context->count[0] += ((uint32_t)inputLen << 3)) < ((uint32_t)inputLen << 3)) {
147
148
149
150
151
152
153
154

155
156
157
158
159
160
161
147
148
149
150
151
152
153

154
155
156
157
158
159
160
161







-
+








	return;
}

/* MD5 finalization. Ends an MD5 message-digest operation, writing the
  the message digest and zeroizing the context.
 */
void MD5Final(unsigned char digest[16], MD5_CTX *context) {
static void MD5Final(unsigned char digest[16], MD5_CTX *context) {
	unsigned char bits[8];
	unsigned int index, padLen;

	/* Save number of bits */
	Encode(bits, context->count, 8);

	/* Pad out to 56 mod 64. */

Modified md5.h from [b79bd59b09] to [0cd9bc1df4].

40
41
42
43
44
45
46
47
48
49



50
51
40
41
42
43
44
45
46



47
48
49
50
51







-
-
-
+
+
+


/* MD5 context. */
typedef struct {
	uint32_t state[4];       /* state (ABCD) */
	uint32_t count[2];       /* number of bits, modulo 2^64 (lsb first) */
	uint8_t buffer[64];      /* input buffer */
} MD5_CTX;

void MD5Init(MD5_CTX *);
void MD5Update(MD5_CTX *, unsigned char *, unsigned int);
void MD5Final(unsigned char [MD5HashSize], MD5_CTX *);
static void MD5Init(MD5_CTX *);
static void MD5Update(MD5_CTX *, unsigned char *, unsigned int);
static void MD5Final(unsigned char [MD5HashSize], MD5_CTX *);

#endif

Modified sha1.c from [5f01203690] to [a03e9d2d38].

34
35
36
37
38
39
40
41
42


43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

60
61
62
63
64
65
66
34
35
36
37
38
39
40


41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

59
60
61
62
63
64
65
66







-
-
+
+
















-
+







/*
 *  Define the SHA1 circular left shift macro
 */
#define SHA1CircularShift(bits,word) \
                (((word) << (bits)) | ((word) >> (32-(bits))))

/* Local Function Prototyptes */
void SHA1PadMessage(SHA1Context *);
void SHA1ProcessMessageBlock(SHA1Context *);
static void SHA1PadMessage(SHA1Context *);
static void SHA1ProcessMessageBlock(SHA1Context *);

/*
 *  SHA1Reset
 *
 *  Description:
 *      This function will initialize the SHA1Context in preparation
 *      for computing a new SHA1 message digest.
 *
 *  Parameters:
 *      context: [in/out]
 *          The context to reset.
 *
 *  Returns:
 *      sha Error Code.
 *
 */
int SHA1Reset(SHA1Context *context)
static int SHA1Reset(SHA1Context *context)
{
    if (!context)
    {
        return shaNull;
    }

    context->Length_Low             = 0;
94
95
96
97
98
99
100
101

102
103
104
105
106
107
108
94
95
96
97
98
99
100

101
102
103
104
105
106
107
108







-
+







 *      Message_Digest: [out]
 *          Where the digest is returned.
 *
 *  Returns:
 *      sha Error Code.
 *
 */
int SHA1Result( SHA1Context *context,
static int SHA1Result( SHA1Context *context,
                uint8_t Message_Digest[SHA1HashSize])
{
    int i;

    if (!context || !Message_Digest)
    {
        return shaNull;
151
152
153
154
155
156
157
158

159
160
161
162
163
164
165
151
152
153
154
155
156
157

158
159
160
161
162
163
164
165







-
+







 *      length: [in]
 *          The length of the message in message_array
 *
 *  Returns:
 *      sha Error Code.
 *
 */
int SHA1Input(    SHA1Context    *context,
static int SHA1Input(    SHA1Context    *context,
                  const uint8_t  *message_array,
                  unsigned       length)
{
    if (!length)
    {
        return shaSuccess;
    }
223
224
225
226
227
228
229
230

231
232
233
234
235
236
237
223
224
225
226
227
228
229

230
231
232
233
234
235
236
237







-
+







 *  Comments:
 *      Many of the variable names in this code, especially the
 *      single character names, were used because those were the
 *      names used in the publication.
 *
 *
 */
void SHA1ProcessMessageBlock(SHA1Context *context)
static void SHA1ProcessMessageBlock(SHA1Context *context)
{
    const uint32_t K[] =    {       /* Constants defined in SHA-1   */
                            0x5A827999,
                            0x6ED9EBA1,
                            0x8F1BBCDC,
                            0xCA62C1D6
                            };
333
334
335
336
337
338
339
340

341
342
343
344
345
346
347
333
334
335
336
337
338
339

340
341
342
343
344
345
346
347







-
+







 *      ProcessMessageBlock: [in]
 *          The appropriate SHA*ProcessMessageBlock function
 *  Returns:
 *      Nothing.
 *
 */

void SHA1PadMessage(SHA1Context *context)
static void SHA1PadMessage(SHA1Context *context)
{
    /*
     *  Check to see if the current message block is too small to hold
     *  the initial padding bits and length.  If so, we will pad the
     *  block, process it, and then continue padding into a second
     *  block.
     */

Modified sha1.h from [46f665cb64] to [cf44cc0e4d].

66
67
68
69
70
71
72
73
74


75
76
77

78
79
80
66
67
68
69
70
71
72


73
74
75
76

77
78
79
80







-
-
+
+


-
+



    int Computed;               /* Is the digest computed?         */
    int Corrupted;             /* Is the message digest corrupted? */
} SHA1Context;

/*
 *  Function Prototypes
 */
int SHA1Reset(  SHA1Context *);
int SHA1Input(  SHA1Context *,
static int SHA1Reset(  SHA1Context *);
static int SHA1Input(  SHA1Context *,
                const uint8_t *,
                unsigned int);
int SHA1Result( SHA1Context *,
static int SHA1Result( SHA1Context *,
                uint8_t Message_Digest[SHA1HashSize]);

#endif