lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1464843561-31856-1-git-send-email-vapier@gentoo.org>
Date:	Thu,  2 Jun 2016 00:59:21 -0400
From:	Mike Frysinger <vapier@...too.org>
To:	YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
Cc:	netdev@...r.kernel.org
Subject: [PATCH iputils v2] ping6: allow disabling of openssl/libgcrypt support

Signed-off-by: Mike Frysinger <vapier@...too.org>
---
 Makefile         |  5 ++++-
 iputils_md5dig.h |  4 +++-
 ping6.c          | 19 ++++++++++++++++++-
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index b6cf512..8b9e2aa 100644
--- a/Makefile
+++ b/Makefile
@@ -36,7 +36,7 @@ ARPING_DEFAULT_DEVICE=
 
 # Libgcrypt (for MD5) for ping6 [yes|no|static]
 USE_GCRYPT=yes
-# Crypto library for ping6 [shared|static]
+# Crypto library for ping6 [shared|static|no]
 USE_CRYPTO=shared
 # Resolv library for ping6 [yes|static]
 USE_RESOLV=yes
@@ -66,7 +66,10 @@ ifneq ($(USE_GCRYPT),no)
 	LIB_CRYPTO = $(call FUNC_LIB,$(USE_GCRYPT),$(LDFLAG_GCRYPT))
 	DEF_CRYPTO = -DUSE_GCRYPT
 else
+ifneq ($(USE_CRYPTO),no)
 	LIB_CRYPTO = $(call FUNC_LIB,$(USE_CRYPTO),$(LDFLAG_CRYPTO))
+	DEF_CRYPTO = -DUSE_OPENSSL
+endif
 endif
 
 # USE_RESOLV: LIB_RESOLV
diff --git a/iputils_md5dig.h b/iputils_md5dig.h
index 4cec866..d6c4d46 100644
--- a/iputils_md5dig.h
+++ b/iputils_md5dig.h
@@ -5,8 +5,10 @@
 # include <stdlib.h>
 # include <gcrypt.h>
 # define IPUTILS_MD5DIG_LEN	16
-#else
+# define USE_CRYPTO
+#elif defined(USE_OPENSSL)
 # include <openssl/md5.h>
+# define USE_CRYPTO
 #endif
 
 #ifdef USE_GCRYPT
diff --git a/ping6.c b/ping6.c
index 6d1a6db..db7ec4a 100644
--- a/ping6.c
+++ b/ping6.c
@@ -238,6 +238,8 @@ unsigned int if_name2index(const char *ifname)
 	return i;
 }
 
+#ifdef USE_CRYPTO
+
 struct niquery_option {
 	char *name;
 	int namelen;
@@ -668,6 +670,7 @@ int niquery_option_handler(const char *opt_arg)
 		ret = niquery_option_help_handler(0, NULL);
 	return ret;
 }
+#endif
 
 static int hextoui(const char *str)
 {
@@ -790,6 +793,7 @@ int main(int argc, char *argv[])
 			printf("ping6 utility, iputils-%s\n", SNAPSHOT);
 			exit(0);
 		case 'N':
+#ifdef USE_CRYPTO
 			if (using_ping_socket) {
 				fprintf(stderr, "ping: -N requires raw socket permissions\n");
 				exit(2);
@@ -798,6 +802,10 @@ int main(int argc, char *argv[])
 				usage();
 				break;
 			}
+#else
+			fprintf(stderr, "ping: function not available; crypto disabled\n");
+			exit(2);
+#endif
 			break;
 		COMMON_OPTIONS
 			common_options(ch);
@@ -891,6 +899,7 @@ int main(int argc, char *argv[])
 	}
 #endif
 
+#ifdef USE_CRYPTO
 	if (niquery_is_enabled()) {
 		niquery_init_nonce();
 
@@ -900,6 +909,7 @@ int main(int argc, char *argv[])
 			ni_subject_type = NI_SUBJ_IPV6;
 		}
 	}
+#endif
 
 	if (argc > 1) {
 #ifndef ENABLE_PING6_RTHDR
@@ -1126,9 +1136,11 @@ int main(int argc, char *argv[])
 			ICMP6_FILTER_SETPASS(ICMP6_PARAM_PROB, &filter);
 		}
 
+#ifdef USE_CRYPTO
 		if (niquery_is_enabled())
 			ICMP6_FILTER_SETPASS(ICMPV6_NI_REPLY, &filter);
 		else
+#endif
 			ICMP6_FILTER_SETPASS(ICMP6_ECHO_REPLY, &filter);
 
 		err = setsockopt(icmp_sock, IPPROTO_ICMPV6, ICMP6_FILTER, &filter,
@@ -1369,7 +1381,7 @@ int build_echo(__u8 *_icmph)
 	return cc;
 }
 
-
+#ifdef USE_CRYPTO
 int build_niquery(__u8 *_nih)
 {
 	struct ni_hdr *nih;
@@ -1391,6 +1403,7 @@ int build_niquery(__u8 *_nih)
 
 	return cc;
 }
+#endif
 
 int send_probe(void)
 {
@@ -1398,9 +1411,11 @@ int send_probe(void)
 
 	rcvd_clear(ntransmitted + 1);
 
+#ifdef USE_CRYPTO
 	if (niquery_is_enabled())
 		len = build_niquery(outpack);
 	else
+#endif
 		len = build_echo(outpack);
 
 	if (cmsglen == 0) {
@@ -1619,6 +1634,7 @@ parse_reply(struct msghdr *msg, int cc, void *addr, struct timeval *tv)
 				      hops, 0, tv, pr_addr(&from->sin6_addr),
 				      pr_echo_reply))
 			return 0;
+#ifdef USE_CRYPTO
 	} else if (icmph->icmp6_type == ICMPV6_NI_REPLY) {
 		struct ni_hdr *nih = (struct ni_hdr *)icmph;
 		int seq = niquery_check_nonce(nih->ni_nonce);
@@ -1629,6 +1645,7 @@ parse_reply(struct msghdr *msg, int cc, void *addr, struct timeval *tv)
 				      hops, 0, tv, pr_addr(&from->sin6_addr),
 				      pr_niquery_reply))
 			return 0;
+#endif
 	} else {
 		int nexthdr;
 		struct ip6_hdr *iph1 = (struct ip6_hdr*)(icmph+1);
-- 
2.8.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ