Remove the RFC 1319 MD2 Message-Digest Algorithm routines from libmd.

1. The licensing terms for the MD2 routines from RFC is not under a BSD-like license. Instead it is only granted for non-commercial Internet Privacy-Enhanced Mail. 2. MD2 is quite deprecated as it is no longer considered a cryptographically strong algorithm. Discussed with: so (cperciva), core
svn path=/head/; revision=234746
2025-01-22 16:44:32 +01:00 · 2012-04-28 02:48:51 +00:00 · 2012-04-28 02:48:51 +00:00 · 9b9c301802 · 2020-12-20 02:59:44 +00:00
commit 9b9c301802
parent 50e13823c8
6 changed files with 7 additions and 309 deletions
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc
@ -582,6 +582,7 @@ OLD_LIBS+=lib/libipx.so.4
 OLD_LIBS+=lib/libkiconv.so.3
 OLD_LIBS+=lib/libkvm.so.4
 OLD_LIBS+=lib/libmd.so.4
+OLD_LIBS+=lib/libmd.so.5
 OLD_LIBS+=lib/libncurses.so.7
 OLD_LIBS+=lib/libncursesw.so.7
 OLD_LIBS+=lib/libnvpair.so.1
--- a/lib/libmd/Makefile
+++ b/lib/libmd/Makefile
@ -1,20 +1,18 @@
 # $FreeBSD$

 LIB=	md
+SHLIB_MAJOR= 6
 SHLIBDIR?= /lib
-SRCS=	md2c.c md4c.c md5c.c md2hl.c md4hl.c md5hl.c \
+SRCS=	md4c.c md5c.c md4hl.c md5hl.c \
 	rmd160c.c rmd160hl.c \
 	sha0c.c sha0hl.c sha1c.c sha1hl.c \
 	sha256c.c sha256hl.c \
 	sha512c.c sha512hl.c
-INCS=	md2.h md4.h md5.h ripemd.h sha.h sha256.h sha512.h
+INCS=	md4.h md5.h ripemd.h sha.h sha256.h sha512.h

 WARNS?=	0

-MAN+=	md2.3 md4.3 md5.3 ripemd.3 sha.3 sha256.3 sha512.3
-MLINKS+=md2.3 MD2Init.3 md2.3 MD2Update.3 md2.3 MD2Final.3
-MLINKS+=md2.3 MD2End.3  md2.3 MD2File.3   md2.3 MD2FileChunk.3
-MLINKS+=md2.3 MD2Data.3
+MAN+=	md4.3 md5.3 ripemd.3 sha.3 sha256.3 sha512.3
 MLINKS+=md4.3 MD4Init.3 md4.3 MD4Update.3 md4.3 MD4Final.3
 MLINKS+=md4.3 MD4End.3  md4.3 MD4File.3   md4.3 MD4FileChunk.3
 MLINKS+=md4.3 MD4Data.3
@ -59,10 +57,6 @@ CFLAGS+= -DRMD160_ASM
 ACFLAGS+= -DELF -Wa,--noexecstack
 .endif

-md2hl.c: mdXhl.c
-	(echo '#define LENGTH 16'; \
-		sed -e 's/mdX/md2/g' -e 's/MDX/MD2/g' ${.ALLSRC}) > ${.TARGET}
-
 md4hl.c: mdXhl.c
 	(echo '#define LENGTH 16'; \
 		sed -e 's/mdX/md4/g' -e 's/MDX/MD4/g' ${.ALLSRC}) > ${.TARGET}
@ -105,16 +99,6 @@ md${i}.3: ${.CURDIR}/mdX.3
 	cat ${.CURDIR}/md${i}.copyright >> ${.TARGET}
 .endfor

-md2.ref:
-	echo 'MD2 test suite:' > ${.TARGET}
-	@echo 'MD2 ("") = 8350e5a3e24c153df2275c9f80692773' >> ${.TARGET}
-	@echo 'MD2 ("a") = 32ec01ec4a6dac72c0ab96fb34c0b5d1' >> ${.TARGET}
-	@echo 'MD2 ("abc") = da853b0d3f88d99b30283a69e6ded6bb' >> ${.TARGET}
-	@echo 'MD2 ("message digest") = ab4f496bfb2a530b219ff33031fe06b0' >> ${.TARGET}
-	@echo 'MD2 ("abcdefghijklmnopqrstuvwxyz") = 4e8ddff3650292ab5a4108c3aa47940b' >> ${.TARGET}
-	@echo 'MD2 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = da33def2a42df13975352846c30338cd' >> ${.TARGET}
-	@echo 'MD2 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = d5976f79d83d3a0dc9806c3c66f3efd8' >> ${.TARGET}
-
 md4.ref:
 	echo 'MD4 test suite:' > ${.TARGET}
 	@echo 'MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0' >> ${.TARGET}
@ -205,12 +189,9 @@ rmd160.ref:
 	@echo 'RIPEMD160 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
 		'9b752e45573d4b39f4dbd3323cab82bf63326bfb' >> ${.TARGET}

-test:	md2.ref md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha512.ref
+test:	md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha512.ref
 	@${ECHO} if any of these test fail, the code produces wrong results
 	@${ECHO} and should NOT be used.
-	${CC} ${CFLAGS} ${LDFLAGS} -DMD=2 -o mddriver ${.CURDIR}/mddriver.c ./libmd.a
-	./mddriver | cmp md2.ref -
-	@${ECHO} MD2 passed test
 	${CC} ${CFLAGS} ${LDFLAGS} -DMD=4 -o mddriver ${.CURDIR}/mddriver.c libmd.a
 	./mddriver | cmp md4.ref -
 	@${ECHO} MD4 passed test
--- a/lib/libmd/md2.copyright
+++ b/lib/libmd/md2.copyright
@ -1,17 +0,0 @@
-.\" $FreeBSD$
-Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
-rights reserved.
-.Pp
-License to copy and use this software is granted for
-non-commercial Internet Privacy-Enhanced Mail provided that it is
-identified as the "RSA Data Security, Inc. MD2 Message Digest
-Algorithm" in all material mentioning or referencing this software
-or this function.
-.Pp
-RSA Data Security, Inc. makes no representations concerning either
-the merchantability of this software or the suitability of this
-software for any particular purpose. It is provided "as is"
-without express or implied warranty of any kind.
-.Pp
-These notices must be retained in any copies of any part of this
-documentation and/or software.
--- a/lib/libmd/md2.h
+++ b/lib/libmd/md2.h
@ -1,46 +0,0 @@
-/* MD2.H - header file for MD2C.C
- * $FreeBSD$
- */
-
-/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
-   rights reserved.
-
-   License to copy and use this software is granted for
-   non-commercial Internet Privacy-Enhanced Mail provided that it is
-   identified as the "RSA Data Security, Inc. MD2 Message Digest
-   Algorithm" in all material mentioning or referencing this software
-   or this function.
-
-   RSA Data Security, Inc. makes no representations concerning either
-   the merchantability of this software or the suitability of this
-   software for any particular purpose. It is provided "as is"
-   without express or implied warranty of any kind.
-
-   These notices must be retained in any copies of any part of this
-   documentation and/or software.
- */
-
-#ifndef _MD2_H_
-#define _MD2_H_
-
-typedef struct MD2Context {
-  unsigned char state[16];	/* state */
-  unsigned char checksum[16];	/* checksum */
-  unsigned int count;		/* number of bytes, modulo 16 */
-  unsigned char buffer[16];	/* input buffer */
-} MD2_CTX;
-
-#include <sys/cdefs.h>
-
-__BEGIN_DECLS
-void   MD2Init(MD2_CTX *);
-void   MD2Update(MD2_CTX *, const void *, unsigned int);
-void   MD2Pad(MD2_CTX *);
-void   MD2Final(unsigned char [16], MD2_CTX *);
-char * MD2End(MD2_CTX *, char *);
-char * MD2File(const char *, char *);
-char * MD2FileChunk(const char *, char *, off_t, off_t);
-char * MD2Data(const void *, unsigned int, char *);
-__END_DECLS
-
-#endif /* _MD2_H_ */
--- a/lib/libmd/md2c.c
+++ b/lib/libmd/md2c.c
@ -1,211 +0,0 @@
-/* MD2C.C - RSA Data Security, Inc., MD2 message-digest algorithm
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
-   rights reserved.
-
-   License to copy and use this software is granted for
-   non-commercial Internet Privacy-Enhanced Mail provided that it is
-   identified as the "RSA Data Security, Inc. MD2 Message Digest
-   Algorithm" in all material mentioning or referencing this software
-   or this function.
-
-   RSA Data Security, Inc. makes no representations concerning either
-   the merchantability of this software or the suitability of this
-   software for any particular purpose. It is provided "as is"
-   without express or implied warranty of any kind.
-
-   These notices must be retained in any copies of any part of this
-   documentation and/or software.
- */
-
-#include <sys/types.h>
-#include <string.h>
-#include "md2.h"
-
-
-typedef unsigned char *POINTER;
-typedef u_int16_t UINT2;
-typedef u_int32_t UINT4;
-
-#define PROTO_LIST(list) list
-
-static void MD2Transform PROTO_LIST
-  ((unsigned char [16], unsigned char [16], const unsigned char [16]));
-
-/* Permutation of 0..255 constructed from the digits of pi. It gives a
-   "random" nonlinear byte substitution operation.
- */
-static unsigned char PI_SUBST[256] = {
-  41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
-  19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
-  76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
-  138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
-  245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
-  148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
-  39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
-  181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
-  150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
-  112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
-  96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
-  85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
-  234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
-  129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
-  8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
-  203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
-  166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
-  31, 26, 219, 153, 141, 51, 159, 17, 131, 20
-};
-
-static unsigned char *PADDING[] = {
-  (unsigned char *)"",
-  (unsigned char *)"\001",
-  (unsigned char *)"\002\002",
-  (unsigned char *)"\003\003\003",
-  (unsigned char *)"\004\004\004\004",
-  (unsigned char *)"\005\005\005\005\005",
-  (unsigned char *)"\006\006\006\006\006\006",
-  (unsigned char *)"\007\007\007\007\007\007\007",
-  (unsigned char *)"\010\010\010\010\010\010\010\010",
-  (unsigned char *)"\011\011\011\011\011\011\011\011\011",
-  (unsigned char *)"\012\012\012\012\012\012\012\012\012\012",
-  (unsigned char *)"\013\013\013\013\013\013\013\013\013\013\013",
-  (unsigned char *)"\014\014\014\014\014\014\014\014\014\014\014\014",
-  (unsigned char *)
-    "\015\015\015\015\015\015\015\015\015\015\015\015\015",
-  (unsigned char *)
-    "\016\016\016\016\016\016\016\016\016\016\016\016\016\016",
-  (unsigned char *)
-    "\017\017\017\017\017\017\017\017\017\017\017\017\017\017\017",
-  (unsigned char *)
-    "\020\020\020\020\020\020\020\020\020\020\020\020\020\020\020\020"
-};
-
-/* MD2 initialization. Begins an MD2 operation, writing a new context.
- */
-void MD2Init (context)
-MD2_CTX *context;                                        /* context */
-{
-  context->count = 0;
-  memset ((POINTER)context->state, 0, sizeof (context->state));
-  memset
-    ((POINTER)context->checksum, 0, sizeof (context->checksum));
-}
-
-/* MD2 block update operation. Continues an MD2 message-digest
-     operation, processing another message block, and updating the
-     context.
- */
-void MD2Update (context, in, inputLen)
-MD2_CTX *context;                                        /* context */
-const void *in;                                /* input block */
-unsigned int inputLen;                     /* length of input block */
-{
-  unsigned int i, idx, partLen;
-  const unsigned char *input = in;
-
-  /* Update number of bytes mod 16 */
-  idx = context->count;
-  context->count = (idx + inputLen) & 0xf;
-
-  partLen = 16 - idx;
-
-  /* Transform as many times as possible.
-    */
-  if (inputLen >= partLen) {
-    memcpy
-      ((POINTER)&context->buffer[idx], (POINTER)input, partLen);
-    MD2Transform (context->state, context->checksum, context->buffer);
-
-    for (i = partLen; i + 15 < inputLen; i += 16)
-      MD2Transform (context->state, context->checksum, &input[i]);
-
-    idx = 0;
-  }
-  else
-    i = 0;
-
-  /* Buffer remaining input */
-  memcpy
-    ((POINTER)&context->buffer[idx], (POINTER)&input[i],
-     inputLen-i);
-}
-
-/* MD2 padding.
- */
-void MD2Pad (context)
-MD2_CTX *context;                                        /* context */
-{
-  unsigned int idx, padLen;
-
-  /* Pad out to multiple of 16.
-   */
-  idx = context->count;
-  padLen = 16 - idx;
-  MD2Update (context, PADDING[padLen], padLen);
-
-  /* Extend with checksum */
-  MD2Update (context, context->checksum, 16);
-}
-
-/* MD2 finalization. Ends an MD2 message-digest operation, writing the
-     message digest and zeroizing the context.
- */
-void MD2Final (digest, context)
-unsigned char digest[16];                         /* message digest */
-MD2_CTX *context;                                        /* context */
-{
-  /* Do padding */
-  MD2Pad (context);
-
-  /* Store state in digest */
-  memcpy ((POINTER)digest, (POINTER)context->state, 16);
-
-  /* Zeroize sensitive information.
-   */
-  memset ((POINTER)context, 0, sizeof (*context));
-}
-
-/* MD2 basic transformation. Transforms state and updates checksum
-     based on block.
- */
-static void MD2Transform (state, checksum, block)
-unsigned char state[16];
-unsigned char checksum[16];
-const unsigned char block[16];
-{
-  unsigned int i, j, t;
-  unsigned char x[48];
-
-  /* Form encryption block from state, block, state ^ block.
-   */
-  memcpy ((POINTER)x, (POINTER)state, 16);
-  memcpy ((POINTER)x+16, (POINTER)block, 16);
-  for (i = 0; i < 16; i++)
-    x[i+32] = state[i] ^ block[i];
-
-  /* Encrypt block (18 rounds).
-   */
-  t = 0;
-  for (i = 0; i < 18; i++) {
-    for (j = 0; j < 48; j++)
-      t = x[j] ^= PI_SUBST[t];
-    t = (t + i) & 0xff;
-  }
-
-  /* Save new state */
-  memcpy ((POINTER)state, (POINTER)x, 16);
-
-  /* Update checksum.
-   */
-  t = checksum[15];
-  for (i = 0; i < 16; i++)
-    t = checksum[i] ^= PI_SUBST[block[i] ^ t];
-
-  /* Zeroize sensitive information.
-   */
-  memset ((POINTER)x, 0, sizeof (x));
-}
--- a/lib/libmd/mdX.3
+++ b/lib/libmd/mdX.3
@ -52,8 +52,7 @@ This net result is a
 .Dq fingerprint
 of the input-data, which does not disclose the actual input.
 .Pp
-MD2 is the slowest, MD4 is the fastest and MD5 is somewhere in the middle.
-MD2 can only be used for Privacy-Enhanced Mail.
+MD4 is the fastest and MD5 is somewhat slower.
 MD4 has now been broken; it should only be used where necessary for
 backward compatibility.
 MD5 has not yet (1999-02-11) been broken, but sufficient attacks have been
@ -144,16 +143,10 @@ If the
 .Fa buf
 argument is non-null it must point to at least 33 characters of buffer space.
 .Sh SEE ALSO
-.Xr md2 3 ,
 .Xr md4 3 ,
 .Xr md5 3 ,
 .Xr sha 3
 .Rs
-.%A B. Kaliski
-.%T The MD2 Message-Digest Algorithm
-.%O RFC 1319
-.Re
-.Rs
 .%A R. Rivest
 .%T The MD4 Message-Digest Algorithm
 .%O RFC 1186
@ -192,6 +185,3 @@ Phk ristede runen.
 No method is known to exist which finds two files having the same hash value,
 nor to find a file with a specific hash value.
 There is on the other hand no guarantee that such a method does not exist.
-.Pp
-MD2 has only been licensed for use in Privacy Enhanced Mail.
-Use MD4 or MD5 if that is not what you are doing.