Martin Burnicki , 2015-01-18 This is an attempt to port the SHA example program from ftp://time.nist.gov/pub/sha/ to current Linux operating systems. As few as possible changes have been made to the original source code. The modified files are still in the base directory, but the original versions are still available in the source-code.org/ directory. Modified source files: Makefile - Adopted to current gnu make syntax - Build both targets "testsha" and "sha-leapsec" by default. - Added target "clean" - Added CPPFLAGS causing the compiler to emit more warnings testsha.c and sha-leapsec.c - Proper prototype for main(). - Return an exit code. - Include more header files due to "missing prototypes" sizint.h - This file has ben replaced. The original version was for the ALPHA platform and included incompatible workarounds for other platforms. - The source code uses types LONG and ULONG which obviously meant to 32 bit signed and unsigned integers. Now the C99 fixed-size types int32_t and uint32_t are used to implement these. - This program has been tested on 64 bit Linux, but should also work on 32 bit Linux since the fixed-size types are being used. To (re)build the binaries: ~> make clean; make rm -f *.o *~ testsha sha-leapsec cc -o2 -Wall -c -o testsha.o testsha.c cc -o2 -Wall -c -o sha.o sha.c cc -o2 -Wall -c -o f0.o f0.c cc -o2 -Wall -c -o f1.o f1.c cc -o2 -Wall -c -o f2.o f2.c cc -o2 -Wall -c -o f3.o f3.c cc -o2 -Wall -c -o s5.o s5.c cc -o2 -Wall -c -o s30.o s30.c cc -o2 -Wall -c -o init_sha.o init_sha.c cc -o testsha testsha.o sha.o f0.o f1.o f2.o f3.o s5.o s30.o init_sha.o cc -o2 -Wall -c -o sha-leapsec.o sha-leapsec.c cc -o sha-leapsec sha-leapsec.o sha.o f0.o f1.o f2.o f3.o s5.o s30.o init_sha.o The compiled program "sha-leapsec" computes the SHA hash of a leap second file, and if the file also provies a hash it compares the computed hash to the hash read from the file. The original leapsecond file from NIST has been downloaded and has been saved as "leapfile-from-time.nist.gov/leap-seconds.3629404800". Run a test with the original NIST leap second file: ~> ./sha-leapsec < leapfile-from-time.nist.gov/leap-seconds.3629404800 the digest of the input is 45e70fa7 a9df2033 f4a49ab0 ec648273 7b6c22c the digest read from the file is 45e70fa7 a9df2033 f4a49ab0 ec648273 7b6c22c digests agree. The file leap-seconds.in is a copy of leap-seconds.3629404800, where the last line / digest line has been removed. In this case "sha-leapsec" prints: ~> ./sha-leapsec < leapfile-from-time.nist.gov/leap-seconds.in the digest of the input is 45e70fa7 a9df2033 f4a49ab0 ec648273 7b6c22c the digest read from the file is 0 0 0 0 0 digests differ. So in order to *generate* a digest for a new leapsecond file the program sha-leapsec should be modified to print an appropriate output, or the output has to be parsed accordingly to extract the computed hash only so it can be appended to the new leap second file. By the way, ntpd 4.2.8 checks the digest of a leap second file and emits a message to the syslog telling if the digest is valid. For example, with the NIST version of the leapsecond file this is: ntpd[29242]: leapsecond file ('/etc/ntp/leap_second'): good hash signature ntpd[29242]: leapsecond file ('/etc/ntp/leap_second'): loaded, expire=2015-12-28T00:00Z last=2015-07-01T00:00Z ofs=36