From d0eb997ee9f9889f184d0d52397b49a7f0dee009 Mon Sep 17 00:00:00 2001 From: "Alex Xu (Hello71)" Date: Wed, 15 Aug 2018 19:39:45 -0400 Subject: Stuff. --- .gitignore | 4 +- LICENSE | 8 +- Makefile.in | 28 ++++--- README | 15 ++-- configure.ac | 10 +-- doc/file-format-and-process.md | 8 ++ doc/os-random-seed-comparison.md | 34 ++++++++ src/id.c | 92 +++++++++++++++++++++ src/id.h | 20 +++++ src/random-seed.c | 171 ++++++++++++++------------------------- src/sha2.c | 2 +- src/util.c | 43 +--------- src/util.h | 2 - 13 files changed, 260 insertions(+), 177 deletions(-) create mode 100644 doc/os-random-seed-comparison.md create mode 100644 src/id.c create mode 100644 src/id.h diff --git a/.gitignore b/.gitignore index a52fd16..0ca79f0 100644 --- a/.gitignore +++ b/.gitignore @@ -8,8 +8,8 @@ config.status configure /Makefile -/random-seed.service -/random-seed-save.service +/systemd/random-seed.service +/systemd/random-seed-save.service /random-seed /random-seed.test *.o diff --git a/LICENSE b/LICENSE index e0d83e9..032e059 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,13 @@ This software is a combination of components distributed under the 3-clause BSD, MIT, and FSF unlimited licenses. Note that libudev, libblkid, and libmount are LGPL licensed, so when random-seed is built against those, the terms of the -LGPL apply for those libraries. +LGPL apply for those libraries. random-seed copies certain filesystem +identifier constants from the Linux kernel in src/fsid.c. It is believed +that the use of these constants does not constitute copyright infringement +under copyright law in the United States per Sega v. Accolade, and likely fall +under similar compatibility rules in other jurisdictions. It is also believed +that these constants are covered under the "Linux syscall note" exempting them +from the ordinary GPL license. All files that neither have copyright notices at the top nor are listed below are distributed under the 3-clause BSD license: diff --git a/Makefile.in b/Makefile.in index 536a372..2c462ee 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,10 +1,10 @@ # SPDX-License-Identifier: BSD-3-Clause # @configure_input@ -VPATH = @srcdir@:@srcdir@/src +MAKEFLAGS += -R -r + srcdir = @srcdir@ abs_builddir = @abs_builddir@ - prefix = @prefix@ exec_prefix = @exec_prefix@ datarootdir = @datarootdir@ @@ -16,11 +16,13 @@ systemdsystemunitdir = @systemdsystemunitdir@ default_seed_path_dir = @default_seed_path_dir@ CC = @CC@ -CFLAGS = @CFLAGS@ -UNDEBUG -I$(abs_builddir) +CFLAGS = @EXTRA_CFLAGS@ @CFLAGS@ +override CFLAGS += -UNDEBUG -I$(abs_builddir) CPPFLAGS = @CPPFLAGS@ LDFLAGS = @LDFLAGS@ -SRC := random-seed.c sha2.c util.c +VPATH := $(srcdir) +SRC := src/id.c src/random-seed.c src/sha2.c src/util.c OBJ := $(SRC:.c=.o) TEST_FILE := random-seed.test @@ -30,15 +32,21 @@ $(srcdir)/configure: $(srcdir)/aclocal.m4 $(srcdir)/autogen.sh $(srcdir)/configu cd $(srcdir); ./autogen.sh Makefile: $(srcdir)/configure Makefile.in - $(srcdir)/configure + unset CFLAGS; $(srcdir)/configure random-seed: $(OBJ) + $(CC) $(LDFLAGS) $^ $(LDLIBS) -o $@ + +%.o: %.c + $(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $< + +src/random-seed.o: src/random-seed.c src/id.h src/musl-libgen-c.h src/sha2.h src/util.h -random-seed.o: random-seed.c musl-libgen-c.h util.h sha2.h +src/util.o: src/util.c src/util.h -util.o: util.c util.h sha2.h +src/sha2.o: src/sha2.c src/sha2.h -sha2.o: sha2.c sha2.h +src/id.o: src/id.c src/id.h src/sha2.h systemd/random-seed.service systemd/random-seed-save.service: Makefile .in: @@ -62,11 +70,11 @@ $(TEST_FILE): random-seed $(TEST_WRAPPER) ./random-seed load $(TEST_FILE) || [ $$? = 15 ] clean: - $(RM) random-seed systemd/random-seed.service systemd/random-seed-save.service $(OBJ) $(DEP) $(TEST_FILE) + rm -f random-seed systemd/random-seed.service systemd/random-seed-save.service $(OBJ) $(DEP) $(TEST_FILE) rmdir systemd 2>/dev/null || true distclean: clean - $(RM) -r autom4te.cache config.cache config.h config.log config.status Makefile + rm -f -r autom4te.cache config.cache config.h config.log config.status Makefile .PHONY: all install test clean random-seed.test .INTERMEDIATE: $(TEST_FILE) diff --git a/README b/README index 1fb5062..37637ba 100644 --- a/README +++ b/README @@ -12,9 +12,12 @@ project instead. random-seed requires the following to compile: -- a gcc-compatible compiler (clang is fine) -- GNU make (BSD make is not fine) -- Bourne-like sh (autoconf compatible, i.e. probably all of them) +- a sufficiently gcc compatible compiler. clang is fine, icc probably works. +- GNU make. BSD make is not supported. +- sh. dash works. + +When compiling from git, autoconf, aclocal, and autoconf-archive are required. +aclocal is provided by the automake package on most operating systems. [1] random-seed also supports linking with libudev or libmount and libblkid. It is highly recommended to enable libudev if your target platform includes udevd @@ -32,14 +35,12 @@ probably also do not use systemd or dbus, so you will probably not have a machine ID. In this case, random-seed will never credit the entropy, so you may as well use a "dd if=random-seed of=/dev/urandom" script. -When compiling from git, autoconf, aclocal, and autoconf-archive are required. -aclocal is provided by the automake package on most operating systems. [1] - random-seed is Linux-specific, as it is my understanding that other operating systems are either not commonly imaged (e.g. BSDs) or have official tools for system image preparation (e.g. sysprep for Windows). However, it should be reasonably easy to port by simply adjusting the paths and changing getrandom to -/dev/random. +/dev/random. Other operating systems would be better served by providing an +official sysprep program though. random-seed supports a daemonize mode. This is recommended on systems without a centralized timer synchronization mechanism similar to Android or systemd. diff --git a/configure.ac b/configure.ac index e157917..5db95ac 100644 --- a/configure.ac +++ b/configure.ac @@ -14,8 +14,6 @@ AS_IF([test "$ac_cv_prog_cc_c99" = no], CPPFLAGS="${CPPFLAGS+$CPPFLAGS }-D_GNU_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200809L" -PKG_CHECK_VAR(systemdsystemunitdir, systemd, systemdsystemunitdir) - AC_ARG_ENABLE(debug, AC_HELP_STRING(--enable-debug, [enable debug output [no]]), [enable_debug=$enableval], @@ -49,8 +47,10 @@ AC_DEFINE_UNQUOTED(DEFAULT_SEED_PATH, "$default_seed_path", [default seed path]) default_seed_path_dir=${default_seed_path%/*} AC_SUBST(default_seed_path_dir) -AX_CHECK_COMPILE_FLAG(-Wall, [CFLAGS="-Wall${CFLAGS+ $CFLAGS}"]) -AX_CHECK_COMPILE_FLAG(-Wextra, [CFLAGS="-Wextra${CFLAGS+ $CFLAGS}"]) -AX_CHECK_COMPILE_FLAG(-pedantic, [CFLAGS="-pedantic${CFLAGS+ $CFLAGS}"]) +EXTRA_CFLAGS= +AX_CHECK_COMPILE_FLAG(-Wall, [EXTRA_CFLAGS="-Wall${EXTRA_CFLAGS+ $EXTRA_CFLAGS}"]) +AX_CHECK_COMPILE_FLAG(-Wextra, [EXTRA_CFLAGS="-Wextra${EXTRA_CFLAGS+ $EXTRA_CFLAGS}"]) +AX_CHECK_COMPILE_FLAG(-pedantic, [EXTRA_CFLAGS="-pedantic${EXTRA_CFLAGS+ $EXTRA_CFLAGS}"]) +AC_SUBST(EXTRA_CFLAGS) AC_OUTPUT(Makefile) diff --git a/doc/file-format-and-process.md b/doc/file-format-and-process.md index 6ffc067..0d50cc7 100644 --- a/doc/file-format-and-process.md +++ b/doc/file-format-and-process.md @@ -26,5 +26,13 @@ argument. Check that calling statfs(2) on the random seed file returns a `f_fsid` that when hashed, matches the argument. +## fs-uuid +Check that the UUID of the random seed file system, when hashed as a string, +matches the argument. + +## drive-id +Check that the ID as determined by udev of the random seed file system, when +hashed as a string, matches the argument. + ## done End of mandatory commands. diff --git a/doc/os-random-seed-comparison.md b/doc/os-random-seed-comparison.md new file mode 100644 index 0000000..71ff0c3 --- /dev/null +++ b/doc/os-random-seed-comparison.md @@ -0,0 +1,34 @@ +This is an attempt to document the random seed behavior of different operating +systems. This is based mostly on Goog^WInternet searches. If you believe this +information is incorrect, please submit patches. + +## Linux + +The random seed behavior of Linux is well documented, but we will rehash it +(heh) here for completeness. Linux has three interfaces for random access: +/dev/random, /dev/urandom, and getrandom. /dev/random attempts to keep track of +the entropy count and blocks when it reaches zero. /dev/urandom never blocks. +getrandom blocks during early startup until the entropy count becomes "full". + +## OpenBSD + +OpenBSD has one central RNG for all its randomness. The bootloader seeds the +RNG using random data from installation plus random data obtained from the +OpenBSD servers. Therefore, none of the random interfaces ever block. + +## FreeBSD + +On FreeBSD, /dev/random and /dev/urandom both block until the random seed is +installed. This is defined as the time when a FD opened read-write on +/dev/random is closed. Thereafter, they do not block. + +## Windows + +The exact behavior of the Windows RNG is not publicly documented. It is, +however, known to be seeded in part by a registry value. + +## Mac OS + +Dunno. https://github.com/jedisct1/libsodium/issues/594 says the PRNG is +terrible, then says it's "totally fine". I don't have Mac, and the Mac man +pages are shamefully not accessible online, so I cannot check for myself. diff --git a/src/id.c b/src/id.c new file mode 100644 index 0000000..6095ef6 --- /dev/null +++ b/src/id.c @@ -0,0 +1,92 @@ +// SPDX-License-Identifier: BSD-3-Clause + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "id.h" +#include "util.h" + +#ifdef HAVE_UDEV + +#endif + +#ifdef HAVE_UTIL_LINUX + +#endif + +static char *really_get_machine_id() { +#ifdef MACHINE_ID_PATH + FILE *machine_id_file = fopen(MACHINE_ID_PATH, "r"); +#else + const char *etc_machine_id = "/etc/machine-id"; + const char *var_lib_dbus_machine_id = "/var/lib/dbus/machine-id"; + FILE *machine_id_file = fopen(etc_machine_id, "r"); + if (!machine_id_file) { + if (errno != ENOENT) + fprintf(stderr, "error opening %s: %s, trying %s\n", + etc_machine_id, strerror(errno), var_lib_dbus_machine_id); + machine_id_file = fopen(var_lib_dbus_machine_id, "r"); + } +#endif + + if (!machine_id_file) { + perror("couldn't open any machine-id file, last error"); + return NULL; + } + + char *machine_id = NULL; + size_t machine_id_len = 0; + if (getdelim(&machine_id, &machine_id_len, '\0', machine_id_file) == -1) { + fputs("error reading machine id file\n", stderr); + free(machine_id); + return NULL; + } + + return machine_id; +} + +size_t get_machine_id(char **machine_id) { + static char *c_machine_id; + if (!c_machine_id) + c_machine_id = really_get_machine_id(); + *machine_id = c_machine_id; + return strlen(*machine_id); +} + +size_t get_fs_id(fsid_t *fs_id, int seed_fd) { + struct statfs statfs_buf; + if (fstatfs(seed_fd, &statfs_buf) == -1) { + perror("error: statfs seed file: %s"); + return false; + } + + switch (statfs_buf.f_type) { + case 0x9123683e: // BTRFS_SUPER_MAGIC + case 0xef53: // EXT2_SUPER_MAGIC == EXT3_SUPER_MAGIC == EXT4_SUPER_MAGIC + case 0x3153464a: // JFS_SUPER_MAGIC + case 0x5346544e: // NTFS_SB_MAGIC + case 0x52654973: // REISERFS_SUPER_MAGIC + case 0x24051905: // UBIFS_SUPER_MAGIC + memcpy(fs_id, &statfs_buf.f_fsid, sizeof(fsid_t)); + return sizeof(fsid_t); + default: + fprintf(stderr, "error: filesystem type 0x%08x does not have consistent f_fsid\n", (unsigned int)statfs_buf.f_type); + return 0; + } +} + +void hash(const unsigned char salt[static SALT_LEN], unsigned char out[static HASH_LEN], const void *in, size_t size) { + assert(size < INT_MAX - SALT_LEN - 100); + sha256_ctx ctx; + sha256_init(&ctx); + sha256_update(&ctx, salt, SALT_LEN); + sha256_update(&ctx, in, (unsigned int)size); + sha256_final(&ctx, out); +} diff --git a/src/id.h b/src/id.h new file mode 100644 index 0000000..7c45a64 --- /dev/null +++ b/src/id.h @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: BSD-3-Clause + +#ifndef FSID_H +#define FSID_H + +#include + +#include "util.h" + +#if defined(HAVE_UDEV) || defined(HAVE_UTIL_LINUX) +size_t get_fs_uuid(char **fs_uuid, int seed_fd); +#endif +#ifdef HAVE_UDEV +size_t get_drive_id(char **drive_id, int seed_fd); +#endif +size_t get_machine_id(char **machine_id); +size_t get_fs_id(fsid_t *fs_id, int seed_fd); +void hash(const unsigned char salt[static SALT_LEN], unsigned char *out, const void *in, size_t size); + +#endif diff --git a/src/random-seed.c b/src/random-seed.c index b8e8ad7..0ce1f8b 100644 --- a/src/random-seed.c +++ b/src/random-seed.c @@ -18,6 +18,8 @@ #include #include "config.h" + +#include "id.h" #include "musl-libgen-c.h" #include "util.h" @@ -46,104 +48,55 @@ static inline void usage() { puts("see random-seed(8) for more information."); } -static char *get_machine_id() { -#ifdef MACHINE_ID_PATH - FILE *machine_id_file = fopen(MACHINE_ID_PATH, "r"); +static bool run_seed_file_cmd(const char *cmd, const unsigned char *salt, FILE *seed_file) { +#define HASH_ID_CMD(my_cmd, type, fn, hash_access, ...) \ + do { \ + if (!streq(cmd, my_cmd)) \ + break; \ + char *arg = strtok(NULL, " \t"); \ + if (!arg) { \ + fputs("error parsing seed file: expected argument " \ + "to '" my_cmd "'\n", stderr); \ + return false; \ + } \ + type fn ## _buf; \ + unsigned char fn ## _hash[HASH_LEN]; \ + size_t sz = fn(&fn ## _buf, ##__VA_ARGS__); \ + if (sz == 0) { \ + fputs("error getting " my_cmd " hash\n", stderr); \ + return false; \ + } \ + hash(salt, fn ## _hash, hash_access fn ## _buf, sz); \ + unsigned char theirdigest[HASH_LEN]; \ + if (hex2mem(theirdigest, HASH_LEN, arg) == 0) { \ + fputs("error decoding hex hash\n", stderr); \ + exit(1); \ + } \ + if (memcmp(fn ## _hash, theirdigest, HASH_LEN)) { \ + fputs(my_cmd " hash does not match\n", stderr); \ + return false; \ + } \ + return true; \ + } while (0) + + HASH_ID_CMD("machine-id", char *, get_machine_id, ); + HASH_ID_CMD("fs-id", fsid_t, get_fs_id, &, fileno(seed_file)); +#if defined(HAVE_UDEV) || defined(HAVE_UTIL_LINUX) + HASH_ID_CMD("fs-uuid", char *, get_fs_uuid, fileno(seed_file)); #else - const char *etc_machine_id = "/etc/machine-id"; - const char *var_lib_dbus_machine_id = "/var/lib/dbus/machine-id"; - FILE *machine_id_file = fopen(etc_machine_id, "r"); - if (!machine_id_file) { - if (errno != ENOENT) - fprintf(stderr, "error opening %s: %s, trying %s\n", - etc_machine_id, strerror(errno), var_lib_dbus_machine_id); - machine_id_file = fopen(var_lib_dbus_machine_id, "r"); + if (streq(cmd, "fs-uuid")) { + fputs("error: fs-uuid not supported by this random-seed\n", stderr); + return false; } #endif - - if (!machine_id_file) { - perror("couldn't open any machine-id file, last error"); - return NULL; - } - - char *machine_id = NULL; - size_t machine_id_len = 0; - if (getdelim(&machine_id, &machine_id_len, '\0', machine_id_file) == -1) { - fputs("error reading machine id file\n", stderr); - free(machine_id); - return NULL; - } - - return machine_id; -} - -static bool get_machine_id_hash(const unsigned char salt[static SALT_LEN], unsigned char machine_id_digest[static HASH_LEN]) { - static char *c_machine_id; - if (!c_machine_id) - c_machine_id = get_machine_id(); - if (!c_machine_id) - return false; - - unsigned char c_machine_id_digest[HASH_LEN]; - hash(salt, c_machine_id_digest, c_machine_id, strlen(c_machine_id)); - memcpy(machine_id_digest, c_machine_id_digest, HASH_LEN); - return true; -} - -static inline bool get_fs_id_hash(const unsigned char salt[static SALT_LEN], unsigned char fsid_digest[static HASH_LEN], int seed_fd) { - struct statfs statfs_buf; - if (fstatfs(seed_fd, &statfs_buf) == -1) { - fprintf(stderr, "error statfs seed file: %s, " - "disabling entropy credit\n", strerror(errno)); +#ifdef HAVE_UDEV + HASH_ID_CMD("drive-id", char *, get_drive_id, fileno(seed_file)); +#else + if (streq(cmd, "drive-id")) { + fputs("error: drive-id not supported by this random-seed\n", stderr); return false; } - hash(salt, fsid_digest, &statfs_buf.f_fsid, sizeof(statfs_buf.f_fsid)); - return true; -} - -static bool run_seed_file_cmd(const char *cmd, const unsigned char *salt, FILE *seed_file) { - char *arg; - if (streq(cmd, "machine-id")) { - arg = strtok(NULL, " \t"); - if (!arg) { - fputs("error parsing seed file: expected argument " - "to 'machine-id'\n", stderr); - return false; - } - unsigned char machine_id_hash[HASH_LEN]; - if (!get_machine_id_hash(salt, machine_id_hash)) { - fputs("error getting machine id hash, disabling entropy credit\n", - stderr); - return false; - } - - if (!hash_match(machine_id_hash, arg)) { - fputs("machine-id does not match, disabling entropy credit\n", - stderr); - return false; - } - return true; - } - - if (streq(cmd, "fs-id")) { - arg = strtok(NULL, " \t"); - if (!arg) { - fputs("error parsing seed file: expected argument to 'fs-id'\n", stderr); - return false; - } - unsigned char fs_id_hash[HASH_LEN]; - if (!get_fs_id_hash(salt, fs_id_hash, fileno(seed_file))) { - fputs("error getting fs id hash, disabling entropy credit\n", stderr); - return false; - } - - if (!hash_match(fs_id_hash, arg)) { - fputs("fs id does not match, disabling entropy credit\n", stderr); - return false; - } - return true; - } - +#endif fprintf(stderr, "error parsing seed file: unsupported command: %s\n", cmd); return false; } @@ -302,14 +255,21 @@ static bool save(const char *seed_path, unsigned char *random_buf) { return false; } - unsigned char machine_id_digest[HASH_LEN]; - if (!get_machine_id_hash(random_ptr, machine_id_digest)) { - fputs("cannot obtain machine id, aborting save\n", stderr); - return false; - } - char machine_id_hash[HASH_STR_LEN]; - mem2hex(machine_id_hash, machine_id_digest, HASH_STR_LEN); - machine_id_hash[HASH_STR_LEN-1] = '\0'; +#define GET_HASH_STR(type, hash_access, name, ...) \ + char name ## _hash[HASH_STR_LEN]; \ + do { \ + type name ## _buf; \ + size_t name ## _len = get_ ## name(&name ## _buf, ##__VA_ARGS__); \ + if (!name ## _len) { \ + fputs("error obtaining " #name " \n", stderr); \ + return false; \ + } \ + unsigned char name ## _digest[HASH_LEN]; \ + hash(random_ptr, name ## _digest, hash_access name ## _buf, name ## _len); \ + mem2hex(name ## _hash, name ## _digest, HASH_LEN); \ + } while (0) + + GET_HASH_STR(char *, , machine_id); int seed_dir_fd = -1; int seed_fd = -1; @@ -341,14 +301,7 @@ static bool save(const char *seed_path, unsigned char *random_buf) { goto out; } - unsigned char fs_id_digest[HASH_LEN]; - if (!get_fs_id_hash(random_ptr, fs_id_digest, seed_dir_fd)) { - fputs("cannot obtain machine id, aborting save\n", stderr); - goto out; - } - char fs_id_hash[HASH_LEN*2+1]; - mem2hex(fs_id_hash, fs_id_digest, HASH_LEN); - fs_id_hash[sizeof(fs_id_hash)-1] = '\0'; + GET_HASH_STR(fsid_t, &, fs_id, seed_dir_fd); seed_fd = openat(seed_dir_fd, seed_name_new, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (seed_fd == -1) { diff --git a/src/sha2.c b/src/sha2.c index d949537..3814562 100644 --- a/src/sha2.c +++ b/src/sha2.c @@ -83,7 +83,7 @@ uint32_t sha256_k[64] = /* SHA-256 functions */ -void sha256_transf(sha256_ctx *ctx, const unsigned char *message, +static void sha256_transf(sha256_ctx *ctx, const unsigned char *message, unsigned int block_nb) { uint32_t w[64]; diff --git a/src/util.c b/src/util.c index 908e3a2..b552afc 100644 --- a/src/util.c +++ b/src/util.c @@ -50,50 +50,13 @@ static const char *HEX_CHARS = "0123456789abcdef"; * \param size the number of bytes to encode */ void mem2hex(char *dest, const void *src, size_t size) { - for (size_t i = 0; i < size; i++) { + size_t i; + for (i = 0; i < size; i++) { unsigned char c = *((const unsigned char *)src + i); dest[2*i] = HEX_CHARS[c >> 4]; dest[2*i+1] = HEX_CHARS[c & 0xf]; } - dest[size*2] = '\0'; -} - -void hash(const unsigned char salt[static SALT_LEN], unsigned char *out, const void *in, size_t size) { - assert(size < INT_MAX - SALT_LEN - 100); -#ifdef DEBUG - fprintf(stderr, "hashing %zu bytes starting with 0x%x ending with 0x%x\n", size, (int)((unsigned char*)in)[0], (int)((unsigned char*)in)[size-1]); -#endif - sha256_ctx ctx; - sha256_init(&ctx); - sha256_update(&ctx, salt, SALT_LEN); - sha256_update(&ctx, in, (unsigned int)size); - sha256_final(&ctx, out); -} - -static void print_hash(const unsigned char digest[static HASH_LEN]) { -#ifdef DEBUG - char hash[HASH_LEN*2+1]; - mem2hex(hash, digest, HASH_LEN); - fprintf(stderr, "hash: %s\n", hash); -#else - (void)digest; -#endif -} - -bool hash_match(const unsigned char digest[static HASH_LEN], const char *arg) { - unsigned char theirdigest[HASH_LEN]; - if (hex2mem(theirdigest, sizeof(theirdigest), arg) == 0) { - fputs("error decoding hex hash\n", stderr); - exit(1); - } -#ifdef DEBUG - fprintf(stderr, "comparing hash, theirs: %s = 0x%02x..0x%02x, ours: 0x%02x..0x%02x\n", arg, (int)theirdigest[0], (int)theirdigest[HASH_LEN-1], (int)digest[0], (int)theirdigest[HASH_LEN-1]); - fputs(" our ", stderr); - print_hash(digest); - fputs("their ", stderr); - print_hash(theirdigest); -#endif - return !memcmp(digest, theirdigest, HASH_LEN); + dest[2*i] = '\0'; } ssize_t random_get(void *buf, size_t buflen, unsigned int flags) { diff --git a/src/util.h b/src/util.h index 8759cd0..11cf369 100644 --- a/src/util.h +++ b/src/util.h @@ -30,7 +30,5 @@ static inline bool streq(const char *s1, const char *s2) { ssize_t random_get(void *buf, size_t buflen, unsigned int flags); size_t hex2mem(unsigned char *dest, size_t size, const char *src); void mem2hex(char *dest, const void *src, size_t size); -void hash(const unsigned char salt[static SALT_LEN], unsigned char *out, const void *in, size_t size); -bool hash_match(const unsigned char digest[static HASH_LEN], const char *arg); #endif -- cgit v1.2.3-70-g09d2