From 375389fa1ecd7239ec2e4c89f8f73bd0e09f81ff Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 1 Nov 2011 17:38:01 +0100 Subject: [PATCH] Add support for NSS library This adds support for the NSSLOWHASH API provided by the freebl3 library. --- configure | 17 +++++++++++ hash_nss.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+) create mode 100644 hash_nss.c diff --git a/configure b/configure index 39c4e0e..63703f6 100755 --- a/configure +++ b/configure @@ -162,6 +162,7 @@ SYSDEFS="" feat_readline=1 try_readline=1 try_editline=1 +try_nss=1 feat_rtc=1 try_rtc=0 feat_linuxcaps=1 @@ -245,6 +246,9 @@ do --with-sendmail=* ) mail_program=`echo $option | sed -e 's/^.*=//;'` ;; + --without-nss ) + try_nss=0 + ;; --host-system=* ) OPERATINGSYSTEM=`echo $option | sed -e 's/^.*=//;'` ;; @@ -476,6 +480,19 @@ HASH_OBJ="hash_intmd5.o" HASH_COMPILE="" HASH_LINK="" +if [ $try_nss = "1" ]; then + test_cflags="`pkg-config --cflags nss`" + test_link="`pkg-config --libs-only-L nss` -lfreebl3" + if test_code 'NSS' 'nss.h hasht.h nsslowhash.h' \ + "$test_cflags" "$test_link" \ + 'NSSLOWHASH_Begin(NSSLOWHASH_NewContext(NSSLOW_Init(), HASH_AlgSHA512));' + then + HASH_OBJ="hash_nss.o" + HASH_COMPILE="$test_cflags" + HASH_LINK="$test_link" + fi +fi + SYSCONFDIR=/etc if [ "x$SETSYSCONFDIR" != "x" ]; then SYSCONFDIR=$SETSYSCONFDIR diff --git a/hash_nss.c b/hash_nss.c new file mode 100644 index 0000000..952cf38 --- /dev/null +++ b/hash_nss.c @@ -0,0 +1,89 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Miroslav Lichvar 2011 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Routines implementing crypto hashing using NSSLOWHASH API of the NSS library. + + */ + +#include +#include +#include + +/* #include "config.h" */ +#include "hash.h" + +static NSSLOWInitContext *ictx; + +struct hash { + HASH_HashType type; + const char *name; + NSSLOWHASHContext *context; +}; + +static struct hash hashes[] = { + { HASH_AlgMD5, "MD5", NULL }, + { HASH_AlgSHA1, "SHA1", NULL }, + { HASH_AlgSHA256, "SHA256", NULL }, + { HASH_AlgSHA384, "SHA384", NULL }, + { HASH_AlgSHA512, "SHA512", NULL }, + { 0, NULL, NULL } +}; + +int +HSH_GetHashId(const char *name) +{ + int i; + + for (i = 0; hashes[i].name; i++) { + if (!strcmp(name, hashes[i].name)) + break; + } + + if (!hashes[i].name) + return -1; /* not found */ + + if (!ictx && !(ictx = NSSLOW_Init())) + return -1; /* couldn't init NSS */ + + if (!hashes[i].context && + !(hashes[i].context = NSSLOWHASH_NewContext(ictx, hashes[i].type))) + return -1; /* couldn't init hash */ + + return i; +} + +unsigned int +HSH_Hash(int id, const unsigned char *in1, unsigned int in1_len, + const unsigned char *in2, unsigned int in2_len, + unsigned char *out, unsigned int out_len) +{ + unsigned int ret; + + NSSLOWHASH_Begin(hashes[id].context); + NSSLOWHASH_Update(hashes[id].context, in1, in1_len); + if (in2) + NSSLOWHASH_Update(hashes[id].context, in2, in2_len); + NSSLOWHASH_End(hashes[id].context, out, &ret, out_len); + + return ret; +}