use libc SHA512 implementation

Remove dependency on libcrypto, include hash headers in a nicer way.
9 years ago · 0d56dc4684
--- a/.gitignore
+++ b/.gitignore
@ -31,6 +31,7 @@ missing
 ylwrap
 Makefile
 Makefile.in
 openntpd*.tar.gz

 compat/arc4random.c
 compat/arc4random_freebsd.h
@ -50,6 +51,7 @@ compat/imsg-buffer.c
 compat/imsg.c
 compat/md5.c
 compat/reallocarray.c
 compat/sha2.c
 compat/strlcat.c
 compat/strlcpy.c
 compat/strndup.c
@ -60,7 +62,8 @@ client.c
 config.c
 control.c
 include/imsg.h
 include/md5.h
 include/md5_openbsd.h
 include/sha2_openbsd.h
 log.c
 ntp.c
 ntp.h
--- a/Makefile.am
+++ b/Makefile.am
@ -103,15 +103,21 @@ libcompat_la_SOURCES += compat/getentropy_freebsd.c
 endif
 if HOST_LINUX
 libcompat_la_SOURCES += compat/getentropy_linux.c
 ntpd_LDADD += -lcrypto
 if !HAVE_SHA512
 libcompat_la_SOURCES += compat/sha2.c
 endif
 endif
 if HOST_DARWIN
 libcompat_la_SOURCES += compat/getentropy_osx.c
 ntpd_LDADD += -lcrypto
 if !HAVE_SHA512
 libcompat_la_SOURCES += compat/sha2.c
 endif
 endif
 if HOST_SOLARIS
 libcompat_la_SOURCES += compat/getentropy_solaris.c
 ntpd_LDADD += -lcrypto
 if !HAVE_SHA512
 libcompat_la_SOURCES += compat/sha2.c
 endif
 endif
 endif
 endif
--- a/autogen.sh
+++ b/autogen.sh
@ -3,4 +3,4 @@ set -e

 ./update.sh
 mkdir -p m4
 autoreconf -i -f
 autoreconf -i
--- a/configure.ac
+++ b/configure.ac
@ -23,6 +23,7 @@ case $host_os in
 		;;
 	*openbsd*)
 		AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has __bounded__])
 		AC_DEFINE([HAVE_ATTRIBUTE__WEAK_ALIAS], [1], [OpenBSD gcc has __weak_alias])
 		AC_DEFINE([HAVE_ATTRIBUTE__DEAD], [1], [OpenBSD gcc has __dead])
 		HAVE_SENSORS=true
 		;;
@ -79,7 +80,7 @@ AC_CHECK_FUNCS([adjfreq arc4random_uniform asprintf explicit_bzero])
 AC_CHECK_FUNCS([getentropy memmem poll reallocarray])
 AC_CHECK_FUNCS([setproctitle setgroups])
 AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strtonum])
 AC_CHECK_FUNCS([MD5Init])
 AC_CHECK_FUNCS([MD5Init SHA512Init])

 # check if arc4random is in the system or in libcrypto
 AC_CHECK_FUNC([arc4random],,
@ -106,6 +107,7 @@ AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
 AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
 AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
 AM_CONDITIONAL([HAVE_MD5], [test "x$ac_cv_func_MD5Init" = xyes])
 AM_CONDITIONAL([HAVE_SHA512], [test "x$ac_cv_func_SHA512Init" = xyes])
 AM_CONDITIONAL([HAVE_IMSG], [test "x$ac_cv_func_ibuf_open" = xyes])

 # overrides for arc4random_buf implementations with known issues
@ -137,7 +139,7 @@ if test "x$ac_cv_have___va_copy" = "xyes" ; then
 	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
 fi

 AC_CHECK_HEADERS([sys/timex.h])
 AC_CHECK_HEADERS([sys/timex.h md5.h sha2.h])

 AC_CONFIG_FILES([
 	Makefile
--- a/include/md5.h
+++ b/include/md5.h
@ -0,0 +1,59 @@
 /*
 * Public domain
 * md5.h compatibility shim
 */

 #ifdef HAVE_MD5_H
 #include_next <md5.h>
 #else
 #include "md5_openbsd.h"
 #endif
 /*	$OpenBSD: md5.h,v 1.16 2004/06/22 01:57:30 jfb Exp $	*/

 /*
 * This code implements the MD5 message-digest algorithm.
 * The algorithm is due to Ron Rivest.  This code was
 * written by Colin Plumb in 1993, no copyright is claimed.
 * This code is in the public domain; do with it what you wish.
 *
 * Equivalent code is available from RSA Data Security, Inc.
 * This code has been tested against that, and is equivalent,
 * except that you don't need to include two pages of legalese
 * with every copy.
 */

 #ifndef _MD5_H_
 #define _MD5_H_

 #define	MD5_BLOCK_LENGTH		64
 #define	MD5_DIGEST_LENGTH		16
 #define	MD5_DIGEST_STRING_LENGTH	(MD5_DIGEST_LENGTH * 2 + 1)

 typedef struct MD5Context {
 	u_int32_t state[4];			/* state */
 	u_int64_t count;			/* number of bits, mod 2^64 */
 	u_int8_t buffer[MD5_BLOCK_LENGTH];	/* input buffer */
 } MD5_CTX;

 __BEGIN_DECLS
 void	 MD5Init(MD5_CTX *);
 void	 MD5Update(MD5_CTX *, const u_int8_t *, size_t)
 		__attribute__((__bounded__(__string__,2,3)));
 void	 MD5Pad(MD5_CTX *);
 void	 MD5Final(u_int8_t [MD5_DIGEST_LENGTH], MD5_CTX *)
 		__attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH)));
 void	 MD5Transform(u_int32_t [4], const u_int8_t [MD5_BLOCK_LENGTH])
 		__attribute__((__bounded__(__minbytes__,1,4)))
 		__attribute__((__bounded__(__minbytes__,2,MD5_BLOCK_LENGTH)));
 char	*MD5End(MD5_CTX *, char *)
 		__attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH)));
 char	*MD5File(const char *, char *)
 		__attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH)));
 char	*MD5FileChunk(const char *, char *, off_t, off_t)
 		__attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH)));
 char	*MD5Data(const u_int8_t *, size_t, char *)
 		__attribute__((__bounded__(__string__,1,2)))
 		__attribute__((__bounded__(__minbytes__,3,MD5_DIGEST_STRING_LENGTH)));
 __END_DECLS

 #endif /* _MD5_H_ */
--- a/include/sha2.h
+++ b/include/sha2.h
@ -0,0 +1,17 @@
 /*
 * Public domain
 * sha2.h compatibility shim
 */

 #ifdef HAVE_SHA2_H
 #include_next <sha2.h>
 #else

 #include "sha2_openbsd.h"

 #define SHA512_CTX SHA2_CTX
 #define SHA512_Init(ctx) SHA512Init(ctx)
 #define SHA512_Update(ctx, buf, len) SHA512Update(ctx, (void *)buf, len)
 #define SHA512_Final(digest, ctx) SHA512Final(digest, ctx)

 #endif
--- a/update.sh
+++ b/update.sh
@ -12,9 +12,9 @@ if [ ! -d openbsd ]; then
 		git clone $OPENNTPD_GIT/openbsd
 	fi
 fi
 #(cd openbsd
 # git checkout master
 # git pull --rebase)
 (cd openbsd
 git checkout master
 git pull --rebase)

 # setup source paths
 dir=`pwd`
@ -25,12 +25,14 @@ libutil_src=$dir/openbsd/src/lib/libutil
 ntpd_src=$dir/openbsd/src/usr.sbin/ntpd

 CP='cp -p'
 PATCH='patch -p0 -s --posix'

 cp $libc_inc/md5.h include/
 cp $libc_inc/md5.h include/md5_openbsd.h
 cp $libc_inc/sha2.h include/sha2_openbsd.h
 cp $libutil_src/imsg.h include/
 cp $libutil_src/imsg.c compat/
 cp $libutil_src/imsg-buffer.c compat/
 (cd compat; patch -p0 < imsg.patch)
 (cd compat; $PATCH < imsg.patch)

 for i in explicit_bzero.c strlcpy.c strlcat.c strndup.c strnlen.c; do
 	$CP $libc_src/string/$i compat
@ -41,7 +43,10 @@ $CP $libc_src/crypt/arc4random.c compat
 $CP $libc_src/crypt/arc4random_uniform.c compat
 $CP $libc_src/crypt/chacha_private.h compat
 $CP $libc_src/hash/md5.c compat
 $CP $libcrypto_src/crypto/getentropy_*.c compat
 $CP $libc_src/hash/sha2.c compat
 for i in $libcrypto_src/crypto/getentropy_*.c; do
 	sed -e 's/openssl\/sha.h/sha2.h/' < $i > compat/`basename $i`
 done
 $CP $libcrypto_src/crypto/arc4random_*.h compat

 for i in client.c config.c control.c log.c ntp.c ntp.h ntp_dns.c ntp_msg.c \
@ -49,10 +54,10 @@ for i in client.c config.c control.c log.c ntp.c ntp.h ntp_dns.c ntp_msg.c \
 	ntpctl.8 ntpd.8 ntpd.conf.5 ; do
 	cp $ntpd_src/$i .
 done
 patch -p0 < client.patch
 patch -p0 < config.patch
 patch -p0 < ntp.patch
 patch -p0 < ntpd.patch
 patch -p0 < parse.patch
 patch -p0 < server.patch
 patch -p0 < util.patch
 $PATCH < client.patch
 $PATCH < config.patch
 $PATCH < ntp.patch
 $PATCH < ntpd.patch
 $PATCH < parse.patch
 $PATCH < server.patch
 $PATCH < util.patch