Commit eb9f950a authored by Thomas Haller's avatar Thomas Haller
Browse files

all: cleanup GChecksum handling

- prefer nm_auto_free_checksum over explicit free.
- use nm_utils_checksum_get_digest*().
- prefer defines for digest length.
- assume g_checksum_new() cannot fail.
parent 37468452
......@@ -879,13 +879,10 @@ nm_crypto_md5_hash (const guint8 *salt,
gsize buflen)
{
nm_auto_free_checksum GChecksum *ctx = NULL;
#define MD5_DIGEST_LEN 16
nm_auto_clear_static_secret_ptr const NMSecretPtr digest = NM_SECRET_PTR_STATIC (MD5_DIGEST_LEN);
nm_auto_clear_static_secret_ptr const NMSecretPtr digest = NM_SECRET_PTR_STATIC (NM_UTILS_CHECKSUM_LENGTH_MD5);
gsize bufidx = 0;
int i;
nm_assert (g_checksum_type_get_length (G_CHECKSUM_MD5) == MD5_DIGEST_LEN);
g_return_if_fail (password_len == 0 || password);
g_return_if_fail (buffer);
g_return_if_fail (buflen > 0);
......@@ -894,25 +891,21 @@ nm_crypto_md5_hash (const guint8 *salt,
ctx = g_checksum_new (G_CHECKSUM_MD5);
for (;;) {
gsize digest_len;
if (password_len > 0)
g_checksum_update (ctx, (const guchar *) password, password_len);
if (salt_len > 0)
g_checksum_update (ctx, (const guchar *) salt, salt_len);
digest_len = MD5_DIGEST_LEN;
g_checksum_get_digest (ctx, digest.bin, &digest_len);
nm_assert (digest_len == MD5_DIGEST_LEN);
nm_utils_checksum_get_digest_len (ctx, digest.bin, NM_UTILS_CHECKSUM_LENGTH_MD5);
for (i = 0; i < MD5_DIGEST_LEN; i++) {
for (i = 0; i < NM_UTILS_CHECKSUM_LENGTH_MD5; i++) {
if (bufidx >= buflen)
return;
buffer[bufidx++] = digest.bin[i];
}
g_checksum_reset (ctx);
g_checksum_update (ctx, digest.ptr, MD5_DIGEST_LEN);
g_checksum_update (ctx, digest.ptr, NM_UTILS_CHECKSUM_LENGTH_MD5);
}
}
......
......@@ -2918,18 +2918,18 @@ nm_utils_uuid_generate_from_string_bin (NMUuid *uuid, const char *s, gssize slen
sizeof (*uuid));
} else {
nm_auto_free_checksum GChecksum *sum = NULL;
guint8 buf[20];
gsize len;
union {
guint8 sha1[NM_UTILS_CHECKSUM_LENGTH_SHA1];
NMUuid uuid;
} digest;
sum = g_checksum_new (G_CHECKSUM_SHA1);
g_checksum_update (sum, (guchar *) &ns_uuid, sizeof (ns_uuid));
g_checksum_update (sum, (guchar *) s, slen);
len = sizeof (buf);
g_checksum_get_digest (sum, buf, &len);
nm_assert (len == sizeof (buf));
nm_utils_checksum_get_digest (sum, digest.sha1);
G_STATIC_ASSERT_EXPR (sizeof (*uuid) <= sizeof (buf));
memcpy (uuid, buf, sizeof (*uuid));
G_STATIC_ASSERT_EXPR (sizeof (digest.sha1) > sizeof (digest.uuid));
*uuid = digest.uuid;
}
uuid->uuid[6] = (uuid->uuid[6] & 0x0F) | (uuid_type << 4);
......
......@@ -55,7 +55,7 @@
#include "nm-dns-systemd-resolved.h"
#include "nm-dns-unbound.h"
#define HASH_LEN 20
#define HASH_LEN NM_UTILS_CHECKSUM_LENGTH_SHA1
#ifndef RESOLVCONF_PATH
#define RESOLVCONF_PATH "/sbin/resolvconf"
......@@ -992,12 +992,11 @@ update_resolv_conf (NMDnsManager *self,
static void
compute_hash (NMDnsManager *self, const NMGlobalDnsConfig *global, guint8 buffer[HASH_LEN])
{
GChecksum *sum;
gsize len = HASH_LEN;
nm_auto_free_checksum GChecksum *sum = NULL;
NMDnsIPConfigData *ip_data;
sum = g_checksum_new (G_CHECKSUM_SHA1);
nm_assert (len == g_checksum_type_get_length (G_CHECKSUM_SHA1));
nm_assert (HASH_LEN == g_checksum_type_get_length (G_CHECKSUM_SHA1));
if (global)
nm_global_dns_config_update_checksum (global, sum);
......@@ -1011,8 +1010,7 @@ compute_hash (NMDnsManager *self, const NMGlobalDnsConfig *global, guint8 buffer
nm_ip_config_hash (ip_data->ip_config, sum, TRUE);
}
g_checksum_get_digest (sum, buffer, &len);
g_checksum_free (sum);
nm_utils_checksum_get_digest_len (sum, buffer, HASH_LEN);
}
static gboolean
......
......@@ -2725,9 +2725,8 @@ nm_utils_stable_id_random (void)
char *
nm_utils_stable_id_generated_complete (const char *stable_id_generated)
{
guint8 buf[20];
GChecksum *sum;
gsize buf_size;
nm_auto_free_checksum GChecksum *sum = NULL;
guint8 buf[NM_UTILS_CHECKSUM_LENGTH_SHA1];
char *base64;
/* for NM_UTILS_STABLE_TYPE_GENERATED we genererate a possibly long string
......@@ -2738,15 +2737,8 @@ nm_utils_stable_id_generated_complete (const char *stable_id_generated)
g_return_val_if_fail (stable_id_generated, NULL);
sum = g_checksum_new (G_CHECKSUM_SHA1);
nm_assert (sum);
g_checksum_update (sum, (guchar *) stable_id_generated, strlen (stable_id_generated));
buf_size = sizeof (buf);
g_checksum_get_digest (sum, buf, &buf_size);
nm_assert (buf_size == sizeof (buf));
g_checksum_free (sum);
nm_utils_checksum_get_digest (sum, buf);
/* we don't care to use the sha1 sum in common hex representation.
* Use instead base64, it's 27 chars (stripping the padding) vs.
......@@ -2930,22 +2922,14 @@ _set_stable_privacy (NMUtilsStableType stable_type,
gsize key_len,
GError **error)
{
GChecksum *sum;
guint8 digest[32];
nm_auto_free_checksum GChecksum *sum = NULL;
guint8 digest[NM_UTILS_CHECKSUM_LENGTH_SHA256];
guint32 tmp[2];
gsize len = sizeof (digest);
nm_assert (key_len);
nm_assert (network_id);
/* Documentation suggests that this can fail.
* Maybe in case of a missing algorithm in crypto library? */
sum = g_checksum_new (G_CHECKSUM_SHA256);
if (!sum) {
g_set_error_literal (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
"Can't create a SHA256 hash");
return FALSE;
}
key_len = MIN (key_len, G_MAXUINT32);
......@@ -2974,24 +2958,17 @@ _set_stable_privacy (NMUtilsStableType stable_type,
tmp[1] = htonl (key_len);
g_checksum_update (sum, (const guchar *) tmp, sizeof (tmp));
g_checksum_update (sum, (const guchar *) secret_key, key_len);
g_checksum_get_digest (sum, digest, &len);
nm_assert (len == sizeof (digest));
nm_utils_checksum_get_digest (sum, digest);
while (_is_reserved_ipv6_iid (digest)) {
g_checksum_reset (sum);
tmp[0] = htonl (++dad_counter);
g_checksum_update (sum, digest, len);
g_checksum_update (sum, digest, sizeof (digest));
g_checksum_update (sum, (const guchar *) &tmp[0], sizeof (tmp[0]));
g_checksum_get_digest (sum, digest, &len);
nm_assert (len == sizeof (digest));
nm_utils_checksum_get_digest (sum, digest);
}
g_checksum_free (sum);
memcpy (addr->s6_addr + 8, &digest[0], 8);
return TRUE;
}
......@@ -3117,10 +3094,9 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
const char *current_mac_address,
const char *generate_mac_address_mask)
{
GChecksum *sum;
nm_auto_free_checksum GChecksum *sum = NULL;
guint32 tmp;
guint8 digest[32];
gsize len = sizeof (digest);
guint8 digest[NM_UTILS_CHECKSUM_LENGTH_SHA256];
struct ether_addr bin_addr;
guint8 stable_type_uint8;
......@@ -3128,8 +3104,6 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
nm_assert (secret_key);
sum = g_checksum_new (G_CHECKSUM_SHA256);
if (!sum)
return NULL;
key_len = MIN (key_len, G_MAXUINT32);
......@@ -3143,10 +3117,7 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
g_checksum_update (sum, (const guchar *) (ifname ?: ""), ifname ? (strlen (ifname) + 1) : 1);
g_checksum_update (sum, (const guchar *) stable_id, strlen (stable_id) + 1);
g_checksum_get_digest (sum, digest, &len);
g_checksum_free (sum);
g_return_val_if_fail (len == 32, NULL);
nm_utils_checksum_get_digest (sum, digest);
memcpy (&bin_addr, digest, ETH_ALEN);
_hw_addr_eth_complete (&bin_addr, current_mac_address, generate_mac_address_mask);
......
......@@ -2996,29 +2996,19 @@ nm_ip4_config_hash (const NMIP4Config *self, GChecksum *sum, gboolean dns_only)
gboolean
nm_ip4_config_equal (const NMIP4Config *a, const NMIP4Config *b)
{
GChecksum *a_checksum = g_checksum_new (G_CHECKSUM_SHA1);
GChecksum *b_checksum = g_checksum_new (G_CHECKSUM_SHA1);
guchar a_data[20], b_data[20];
gsize a_len = sizeof (a_data);
gsize b_len = sizeof (b_data);
gboolean equal;
nm_auto_free_checksum GChecksum *a_checksum = g_checksum_new (G_CHECKSUM_SHA1);
nm_auto_free_checksum GChecksum *b_checksum = g_checksum_new (G_CHECKSUM_SHA1);
guint8 a_data[NM_UTILS_CHECKSUM_LENGTH_SHA1];
guint8 b_data[NM_UTILS_CHECKSUM_LENGTH_SHA1];
if (a)
nm_ip4_config_hash (a, a_checksum, FALSE);
if (b)
nm_ip4_config_hash (b, b_checksum, FALSE);
g_checksum_get_digest (a_checksum, a_data, &a_len);
g_checksum_get_digest (b_checksum, b_data, &b_len);
nm_assert (a_len == sizeof (a_data));
nm_assert (b_len == sizeof (b_data));
equal = !memcmp (a_data, b_data, a_len);
g_checksum_free (a_checksum);
g_checksum_free (b_checksum);
return equal;
nm_utils_checksum_get_digest (a_checksum, a_data);
nm_utils_checksum_get_digest (b_checksum, b_data);
return !memcmp (a_data, b_data, sizeof (a_data));
}
/*****************************************************************************/
......
......@@ -2426,29 +2426,19 @@ nm_ip6_config_hash (const NMIP6Config *self, GChecksum *sum, gboolean dns_only)
gboolean
nm_ip6_config_equal (const NMIP6Config *a, const NMIP6Config *b)
{
GChecksum *a_checksum = g_checksum_new (G_CHECKSUM_SHA1);
GChecksum *b_checksum = g_checksum_new (G_CHECKSUM_SHA1);
guchar a_data[20], b_data[20];
gsize a_len = sizeof (a_data);
gsize b_len = sizeof (b_data);
gboolean equal;
nm_auto_free_checksum GChecksum *a_checksum = g_checksum_new (G_CHECKSUM_SHA1);
nm_auto_free_checksum GChecksum *b_checksum = g_checksum_new (G_CHECKSUM_SHA1);
guint8 a_data[NM_UTILS_CHECKSUM_LENGTH_SHA1];
guint8 b_data[NM_UTILS_CHECKSUM_LENGTH_SHA1];
if (a)
nm_ip6_config_hash (a, a_checksum, FALSE);
if (b)
nm_ip6_config_hash (b, b_checksum, FALSE);
g_checksum_get_digest (a_checksum, a_data, &a_len);
g_checksum_get_digest (b_checksum, b_data, &b_len);
nm_assert (a_len == sizeof (a_data));
nm_assert (b_len == sizeof (b_data));
equal = !memcmp (a_data, b_data, a_len);
g_checksum_free (a_checksum);
g_checksum_free (b_checksum);
return equal;
nm_utils_checksum_get_digest (a_checksum, a_data);
nm_utils_checksum_get_digest (b_checksum, b_data);
return !memcmp (a_data, b_data, sizeof (a_data));
}
/*****************************************************************************/
......
......@@ -656,31 +656,28 @@ add_string_val (NMSupplicantConfig *self,
static void
wep128_passphrase_hash (const char *input,
size_t input_len,
guint8 *out_digest,
size_t *out_digest_len)
gsize input_len,
guint8 *digest /* 13 bytes */)
{
GChecksum *sum;
nm_auto_free_checksum GChecksum *sum = NULL;
guint8 md5[NM_UTILS_CHECKSUM_LENGTH_MD5];
guint8 data[64];
int i;
g_return_if_fail (out_digest != NULL);
g_return_if_fail (out_digest_len != NULL);
g_return_if_fail (*out_digest_len >= 16);
nm_assert (input);
nm_assert (input_len);
nm_assert (digest);
/* Get at least 64 bytes by repeating the passphrase into the buffer */
for (i = 0; i < sizeof (data); i++)
data[i] = input[i % input_len];
sum = g_checksum_new (G_CHECKSUM_MD5);
g_assert (sum);
g_checksum_update (sum, data, sizeof (data));
g_checksum_get_digest (sum, out_digest, out_digest_len);
g_checksum_free (sum);
nm_utils_checksum_get_digest (sum, md5);
g_assert (*out_digest_len == 16);
/* WEP104 keys are 13 bytes in length (26 hex characters) */
*out_digest_len = 13;
memcpy (digest, md5, 13);
}
static gboolean
......@@ -690,9 +687,10 @@ add_wep_key (NMSupplicantConfig *self,
NMWepKeyType wep_type,
GError **error)
{
size_t key_len = key ? strlen (key) : 0;
gsize key_len;
if (!key || !key_len)
if ( !key
|| (key_len = strlen (key)) == 0)
return TRUE;
if (wep_type == NM_WEP_KEY_TYPE_UNKNOWN) {
......@@ -737,11 +735,10 @@ add_wep_key (NMSupplicantConfig *self,
return FALSE;
}
} else if (wep_type == NM_WEP_KEY_TYPE_PASSPHRASE) {
guint8 digest[16];
size_t digest_len = sizeof (digest);
guint8 digest[13];
wep128_passphrase_hash (key, key_len, digest, &digest_len);
if (!nm_supplicant_config_add_option (self, name, (const char *) digest, digest_len, "<hidden>", error))
wep128_passphrase_hash (key, key_len, digest);
if (!nm_supplicant_config_add_option (self, name, (const char *) digest, sizeof (digest), "<hidden>", error))
return FALSE;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment