git: a8b8b7065c8e - stable/15 - libc/resolv: get rid of MD5
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 31 Oct 2025 13:04:20 UTC
The branch stable/15 has been updated by fuz:
URL: https://cgit.FreeBSD.org/src/commit/?id=a8b8b7065c8ecb858bb1b9576663869d06bd37a4
commit a8b8b7065c8ecb858bb1b9576663869d06bd37a4
Author: Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2025-09-29 13:53:14 +0000
Commit: Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2025-10-31 13:03:13 +0000
libc/resolv: get rid of MD5
MD5 is used by libc/resolv to generate a random sequence id from a
current time stamp. Replace this convoluted mechanism with a call
to arc4random(). This permits us to entirely drop MD5 from libc,
simplifying the MD5 rework proposed in D45670.
Approved by: markj
Reviewed by: kevans, markj
See also: D45670
Event: EuroBSDcon 2025
Differential Revision: https://reviews.freebsd.org/D52784
(cherry picked from commit d518f64cef6db1d301377e78742b94ca96a881e3)
---
include/resolv.h | 4 +--
lib/libc/Makefile | 1 -
lib/libc/include/port_before.h | 1 -
lib/libc/md/Makefile.inc | 3 ---
lib/libc/resolv/Symbol.map | 1 -
lib/libc/resolv/res_init.c | 61 +++++-------------------------------------
6 files changed, 7 insertions(+), 64 deletions(-)
diff --git a/include/resolv.h b/include/resolv.h
index f32f52bab431..6ef79601b5f8 100644
--- a/include/resolv.h
+++ b/include/resolv.h
@@ -188,7 +188,7 @@ struct __res_state {
struct __res_state_ext *ext; /*%< extension for IPv6 */
} _ext;
} _u;
- u_char *_rnd; /*%< PRIVATE: random state */
+ u_char *_rnd; /*%< PRIVATE: random state (unused) */
};
typedef struct __res_state *res_state;
@@ -380,7 +380,6 @@ extern const struct res_sym __p_rcode_syms[];
#define res_nisourserver __res_nisourserver
#define res_ownok __res_ownok
#define res_queriesmatch __res_queriesmatch
-#define res_rndinit __res_rndinit
#define res_randomid __res_randomid
#define res_nrandomid __res_nrandomid
#define sym_ntop __sym_ntop
@@ -445,7 +444,6 @@ int dn_count_labels(const char *);
int dn_comp(const char *, u_char *, int, u_char **, u_char **);
int dn_expand(const u_char *, const u_char *, const u_char *,
char *, int);
-void res_rndinit(res_state);
u_int res_randomid(void);
u_int res_nrandomid(res_state);
int res_nameinquery(const char *, int, int, const u_char *,
diff --git a/lib/libc/Makefile b/lib/libc/Makefile
index d0c254e33396..8705568f6d34 100644
--- a/lib/libc/Makefile
+++ b/lib/libc/Makefile
@@ -109,7 +109,6 @@ NOASM=
.include "${LIBC_SRCTOP}/inet/Makefile.inc"
.include "${LIBC_SRCTOP}/isc/Makefile.inc"
.include "${LIBC_SRCTOP}/locale/Makefile.inc"
-.include "${LIBC_SRCTOP}/md/Makefile.inc"
.include "${LIBC_SRCTOP}/nameser/Makefile.inc"
.include "${LIBC_SRCTOP}/net/Makefile.inc"
.include "${LIBC_SRCTOP}/nls/Makefile.inc"
diff --git a/lib/libc/include/port_before.h b/lib/libc/include/port_before.h
index cfc43c53f157..aa2cd394104a 100644
--- a/lib/libc/include/port_before.h
+++ b/lib/libc/include/port_before.h
@@ -5,7 +5,6 @@
#define _LIBC 1
#define DO_PTHREADS 1
#define USE_POLL 1
-#define HAVE_MD5 1
#define ISC_SOCKLEN_T socklen_t
#define ISC_FORMAT_PRINTF(fmt, args) \
diff --git a/lib/libc/md/Makefile.inc b/lib/libc/md/Makefile.inc
deleted file mode 100644
index 82c5f0670485..000000000000
--- a/lib/libc/md/Makefile.inc
+++ /dev/null
@@ -1,3 +0,0 @@
-.PATH: ${SRCTOP}/sys/kern
-
-SRCS+= md5c.c
diff --git a/lib/libc/resolv/Symbol.map b/lib/libc/resolv/Symbol.map
index 6b9c43298fb5..26daecbe2eff 100644
--- a/lib/libc/resolv/Symbol.map
+++ b/lib/libc/resolv/Symbol.map
@@ -103,6 +103,5 @@ FBSD_1.0 {
};
FBSD_1.4 {
- __res_rndinit;
__res_nrandomid;
};
diff --git a/lib/libc/resolv/res_init.c b/lib/libc/resolv/res_init.c
index 71ab2dcb7038..5a2fce013c8c 100644
--- a/lib/libc/resolv/res_init.c
+++ b/lib/libc/resolv/res_init.c
@@ -86,19 +86,6 @@
#include <unistd.h>
#include <netdb.h>
-#ifndef HAVE_MD5
-# include "../dst/md5.h"
-#else
-# ifdef SOLARIS2
-# include <sys/md5.h>
-# elif _LIBC
-# include <md5.h>
-# endif
-#endif
-#ifndef _MD5_H_
-# define _MD5_H_ 1 /*%< make sure we do not include rsaref md5.h file */
-#endif
-
#include "un-namespace.h"
#include "port_after.h"
@@ -184,8 +171,6 @@ __res_vinit(res_state statp, int preinit) {
statp->options = RES_DEFAULT;
}
- statp->_rnd = malloc(16);
- res_rndinit(statp);
statp->id = res_nrandomid(statp);
memset(u, 0, sizeof(u));
@@ -733,48 +718,18 @@ net_mask(struct in_addr in) /*!< XXX - should really use system's version of th
}
#endif
-static u_char srnd[16];
-
void
-res_rndinit(res_state statp)
+freebsd15_res_rndinit(res_state statp)
{
- struct timeval now;
- u_int32_t u32;
- u_int16_t u16;
- u_char *rnd = statp->_rnd == NULL ? srnd : statp->_rnd;
-
- gettimeofday(&now, NULL);
- u32 = now.tv_sec;
- memcpy(rnd, &u32, 4);
- u32 = now.tv_usec;
- memcpy(rnd + 4, &u32, 4);
- u32 += now.tv_sec;
- memcpy(rnd + 8, &u32, 4);
- u16 = getpid();
- memcpy(rnd + 12, &u16, 2);
+ (void)statp;
}
+__sym_compat(__res_rndinit, freebsd15_res_rndinit, FBSD_1.4);
u_int
res_nrandomid(res_state statp) {
- struct timeval now;
- u_int16_t u16;
- MD5_CTX ctx;
- u_char *rnd = statp->_rnd == NULL ? srnd : statp->_rnd;
-
- gettimeofday(&now, NULL);
- u16 = (u_int16_t) (now.tv_sec ^ now.tv_usec);
- memcpy(rnd + 14, &u16, 2);
-#ifndef HAVE_MD5
- MD5_Init(&ctx);
- MD5_Update(&ctx, rnd, 16);
- MD5_Final(rnd, &ctx);
-#else
- MD5Init(&ctx);
- MD5Update(&ctx, rnd, 16);
- MD5Final(rnd, &ctx);
-#endif
- memcpy(&u16, rnd + 14, 2);
- return ((u_int) u16);
+ (void) statp;
+
+ return ((u_int)(arc4random() & 0xffff));
}
/*%
@@ -808,10 +763,6 @@ res_ndestroy(res_state statp) {
free(statp->_u._ext.ext);
statp->_u._ext.ext = NULL;
}
- if (statp->_rnd != NULL) {
- free(statp->_rnd);
- statp->_rnd = NULL;
- }
statp->options &= ~RES_INIT;
}