Replace MD5 impmplementation with public-domain version

Currently the RSA MD5 implementation is used. Unfortunately the license has some potential issues: * The license does not explicitly allow distributing derivative works. This was the original argument used in [Debian #459516](https://bugs.debian.org/459516). * The license contains an advertising clause similar to the BSD 4-clause license. This is incompatible with the GPL and if it were enforced, would require RSA to be mentioned by pretty much everyone who uses pupnp. The simple solution is to replace it with a public domain implementation. I've taken OpenBSDs implementation and tweaked it slightly for use by pupnp by: - Adjusting the includes. - Removing the __bounded__ attributes which are specific to OpenBSD. - Using the standard integer types from stdint.h. - Using memset instead of explicit_bzero.
pupnp · Mar 7, 2017 · 9b9a310 · 9b9a310
1 parent 645ef3c
commit 9b9a310
Show file tree

Hide file tree

Showing 4 changed files with 254 additions and 349 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -2,6 +2,28 @@
 Version 1.8.1
 *******************************************************************************
 
+2017-07-07 James Cowgill <james410(at)cowgill.org.uk>
+
+	Replace MD5 impmplementation with public-domain version
+
+	Currently the RSA MD5 implementation is used. Unfortunately the license
+	has some potential issues:
+	* The license does not explicitly allow distributing derivative works.
+	This was the original argument used in
+	[Debian #459516](https://bugs.debian.org/459516).
+	* The license contains an advertising clause similar to the BSD 4-clause
+	license. This is incompatible with the GPL and if it were enforced,
+	would require RSA to be mentioned by pretty much everyone who uses pupnp.
+
+	The simple solution is to replace it with a public domain
+	implementation. I've taken OpenBSDs implementation and tweaked it
+	slightly for use by pupnp by:
+	- Adjusting the includes.
+	- Removing the __bounded__ attributes which are specific to OpenBSD.
+	- Using the standard integer types from stdint.h.
+	- Using memset instead of explicit_bzero.
+
+
 2017-03-07 Fabrice Fontaine <fontaine.fabrice(at)gmail.com>
 
 	Enable IPv6 by default

diff --git a/configure.ac b/configure.ac
@@ -632,6 +632,7 @@ fi
 # Checks for typedefs, structures, and compiler characteristics
 #	
 AC_C_CONST
+AC_C_BIGENDIAN
 
 # The test for socklen_t was getting it wrong when it exists but is in ws2tcpip.h,
 # so we use a new test.

diff --git a/upnp/src/inc/md5.h b/upnp/src/inc/md5.h
@@ -1,39 +1,35 @@
-/* MD5.H - header file for MD5C.C */
-
-
-/*  Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
-    rights reserved.
-
-    License to copy and use this software is granted provided that it
-    is identified as the &quot;RSA Data Security, Inc. MD5 Message-Digest
-    Algorithm&quot; in all material mentioning or referencing this software
-    or this function.
-
-    License is also granted to make and use derivative works provided
-    that such works are identified as &quot;derived from the RSA Data
-    Security, Inc. MD5 Message-Digest Algorithm&quot; in all material
-    mentioning or referencing the derived work.
-
-    RSA Data Security, Inc. makes no representations concerning either
-    the merchantability of this software or the suitability of this
-    software for any particular purpose. It is provided &quot;as is&quot;
-    without express or implied warranty of any kind.
-
-    These notices must be retained in any copies of any part of this
-    documentation and/or software.
-*/
-
-
-/* MD5 context. */
-typedef struct {
-
-  UINT4 state[4];                                   /* state (ABCD) */
-  UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
-  unsigned char buffer[64];                         /* input buffer */
-
+/*	$OpenBSD: md5.h,v 1.3 2014/11/16 17:39:09 tedu Exp $	*/
+
+/*
+ * This code implements the MD5 message-digest algorithm.
+ * The algorithm is due to Ron Rivest.  This code was
+ * written by Colin Plumb in 1993, no copyright is claimed.
+ * This code is in the public domain; do with it what you wish.
+ *
+ * Equivalent code is available from RSA Data Security, Inc.
+ * This code has been tested against that, and is equivalent,
+ * except that you don't need to include two pages of legalese
+ * with every copy.
+ */
+
+#ifndef _MD5_H_
+#define _MD5_H_
+
+#include <stddef.h>
+#include "UpnpStdInt.h"
+
+#define	MD5_BLOCK_LENGTH		64
+#define	MD5_DIGEST_LENGTH		16
+
+typedef struct MD5Context {
+	uint32_t state[4];			/* state */
+	uint64_t count;				/* number of bits, mod 2^64 */
+	uint8_t buffer[MD5_BLOCK_LENGTH];	/* input buffer */
 } MD5_CTX;
 
-void MD5Init PROTO_LIST ((MD5_CTX *));
-void MD5Update PROTO_LIST ((MD5_CTX *, unsigned char *, unsigned int));
-void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
+void	 MD5Init(MD5_CTX *);
+void	 MD5Update(MD5_CTX *, const void *, size_t);
+void	 MD5Final(uint8_t [MD5_DIGEST_LENGTH], MD5_CTX *);
+void	 MD5Transform(uint32_t [4], const uint8_t [MD5_BLOCK_LENGTH]);
 
+#endif /* _MD5_H_ */