From: walter h. <wh...@bf...> - 2007-01-13 13:42:15
|
yep, i noticed that also. the UNIT4 should be uint32_t from <stdint.h>. i thing is is ok when we keep it that way it is (minus a frw warnings) and be aware of the 64bit problem. there are several md5 implementations that are gpl compatible. i would like to publish the new autoconf code soon as possible and hammer out problems with the source afterwards. We got some new (silent) members on the mailing list after the freashmeat anouncement and i hope for more after a slashdot article. i have some more (but minor) fixes in the pipe mainly documentation related. i will take an look into the surrounding documentation (aka readme) after we have finished the man pages. re, wh Bernhard R. Link wrote: > * walter harms <wh...@bf...> [070112 17:41]: >> --- src/LPRng-3.8.28/src/include/md5.h 2004-01-27 20:10:38.000000000 +0100 >> +++ lprng/src/include/md5.h 2007-01-11 20:13:08.000000000 +0100 >> @@ -48,6 +48,6 @@ >> unsigned char digest[16]; /* actual digest after MD5Final call */ >> } MD5_CONTEXT; >> >> -void MD5Init (); >> -void MD5Update (); >> -void MD5Final (); >> +void MD5Init (MD5_CONTEXT *mdContext); >> +void MD5Update (MD5_CONTEXT *mdContext,unsigned char *inBuf,unsigned int inLen ); >> +void MD5Final (MD5_CONTEXT *mdContext); >> --- src/LPRng-3.8.28/src/common/user_auth.c 2004-09-24 22:19:59.000000000 +0200 >> +++ lprng/src/common/user_auth.c 2007-01-11 20:57:36.000000000 +0100 > > Yeah, I missed those files in user_auth, as I did not want to touch > md5.* yet. > > These files have two problems: > > 1) As they are currently, they fail on 64-bit architectures, because of > (in src/include/md5.h): > | /* typedef a 32 bit type */ > | typedef unsigned long int UINT4; > I just tested on a amd64, and the calculated md5sum differs from what it > generates on 32bit. > > 2) I'm frightened by its license: > /* > ********************************************************************** > ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** > ** ** > ** License to copy and use this software is granted provided that ** > ** it is identified as the "RSA Data Security, Inc. MD5 Message ** > ** Digest Algorithm" in all material mentioning or referencing this ** > ** software or this function. ** > ** ** > ** License is also granted to make and use derivative works ** > ** provided that such works are identified as "derived from the RSA ** > ** Data Security, Inc. MD5 Message Digest Algorithm" in all ** > ** material mentioning or referencing the derived work. ** > ** ** > ** RSA Data Security, Inc. makes no representations concerning ** > ** either the merchantability of this software or the suitability ** > ** of this software for any particular purpose. It is provided "as ** > ** is" without express or implied warranty of any kind. ** > ** ** > ** These notices must be retained in any copies of any part of this ** > ** documentation and/or software. ** > ********************************************************************** > */ > > The second paragraph looks quite ugly. I'm not actually sure what it > means but the "all material mentioning or referencing the derived work" > sounds comparable evil to "All advertising materials mentioning features > or use of this software" from the obnoxious GPL-incompatible 4-clause BSD. > > There is a public domain implementation of the md5sum algorithm around, > but that AFAIR not only needs a 32-bit type but also knowledge of its > endianess. That's no problem if one can #include <endian.h>, but making > that portable is more ugly. > > Hochachtungsvoll, > Bernhard R. Link |