diff --git a/.gitignore b/.gitignore index d12e362..33e6082 100644 --- a/.gitignore +++ b/.gitignore @@ -31,6 +31,7 @@ missing ylwrap Makefile Makefile.in +openntpd*.tar.gz compat/arc4random.c compat/arc4random_freebsd.h @@ -50,6 +51,7 @@ compat/imsg-buffer.c compat/imsg.c compat/md5.c compat/reallocarray.c +compat/sha2.c compat/strlcat.c compat/strlcpy.c compat/strndup.c @@ -60,7 +62,8 @@ client.c config.c control.c include/imsg.h -include/md5.h +include/md5_openbsd.h +include/sha2_openbsd.h log.c ntp.c ntp.h diff --git a/Makefile.am b/Makefile.am index 9ba8cf2..54d9a67 100644 --- a/Makefile.am +++ b/Makefile.am @@ -103,15 +103,21 @@ libcompat_la_SOURCES += compat/getentropy_freebsd.c endif if HOST_LINUX libcompat_la_SOURCES += compat/getentropy_linux.c -ntpd_LDADD += -lcrypto +if !HAVE_SHA512 +libcompat_la_SOURCES += compat/sha2.c +endif endif if HOST_DARWIN libcompat_la_SOURCES += compat/getentropy_osx.c -ntpd_LDADD += -lcrypto +if !HAVE_SHA512 +libcompat_la_SOURCES += compat/sha2.c +endif endif if HOST_SOLARIS libcompat_la_SOURCES += compat/getentropy_solaris.c -ntpd_LDADD += -lcrypto +if !HAVE_SHA512 +libcompat_la_SOURCES += compat/sha2.c +endif endif endif endif diff --git a/autogen.sh b/autogen.sh index 0b0fc04..025119c 100755 --- a/autogen.sh +++ b/autogen.sh @@ -3,4 +3,4 @@ set -e ./update.sh mkdir -p m4 -autoreconf -i -f +autoreconf -i diff --git a/configure.ac b/configure.ac index b4206ba..0f321b1 100644 --- a/configure.ac +++ b/configure.ac @@ -23,6 +23,7 @@ case $host_os in ;; *openbsd*) AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has __bounded__]) + AC_DEFINE([HAVE_ATTRIBUTE__WEAK_ALIAS], [1], [OpenBSD gcc has __weak_alias]) AC_DEFINE([HAVE_ATTRIBUTE__DEAD], [1], [OpenBSD gcc has __dead]) HAVE_SENSORS=true ;; @@ -79,7 +80,7 @@ AC_CHECK_FUNCS([adjfreq arc4random_uniform asprintf explicit_bzero]) AC_CHECK_FUNCS([getentropy memmem poll reallocarray]) AC_CHECK_FUNCS([setproctitle setgroups]) AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strtonum]) -AC_CHECK_FUNCS([MD5Init]) +AC_CHECK_FUNCS([MD5Init SHA512Init]) # check if arc4random is in the system or in libcrypto AC_CHECK_FUNC([arc4random],, @@ -106,6 +107,7 @@ AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes]) AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes]) AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes]) AM_CONDITIONAL([HAVE_MD5], [test "x$ac_cv_func_MD5Init" = xyes]) +AM_CONDITIONAL([HAVE_SHA512], [test "x$ac_cv_func_SHA512Init" = xyes]) AM_CONDITIONAL([HAVE_IMSG], [test "x$ac_cv_func_ibuf_open" = xyes]) # overrides for arc4random_buf implementations with known issues @@ -137,7 +139,7 @@ if test "x$ac_cv_have___va_copy" = "xyes" ; then AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) fi -AC_CHECK_HEADERS([sys/timex.h]) +AC_CHECK_HEADERS([sys/timex.h md5.h sha2.h]) AC_CONFIG_FILES([ Makefile diff --git a/include/md5.h b/include/md5.h new file mode 100644 index 0000000..10bbbd6 --- /dev/null +++ b/include/md5.h @@ -0,0 +1,59 @@ +/* + * Public domain + * md5.h compatibility shim + */ + +#ifdef HAVE_MD5_H +#include_next +#else +#include "md5_openbsd.h" +#endif +/* $OpenBSD: md5.h,v 1.16 2004/06/22 01:57:30 jfb Exp $ */ + +/* + * This code implements the MD5 message-digest algorithm. + * The algorithm is due to Ron Rivest. This code was + * written by Colin Plumb in 1993, no copyright is claimed. + * This code is in the public domain; do with it what you wish. + * + * Equivalent code is available from RSA Data Security, Inc. + * This code has been tested against that, and is equivalent, + * except that you don't need to include two pages of legalese + * with every copy. + */ + +#ifndef _MD5_H_ +#define _MD5_H_ + +#define MD5_BLOCK_LENGTH 64 +#define MD5_DIGEST_LENGTH 16 +#define MD5_DIGEST_STRING_LENGTH (MD5_DIGEST_LENGTH * 2 + 1) + +typedef struct MD5Context { + u_int32_t state[4]; /* state */ + u_int64_t count; /* number of bits, mod 2^64 */ + u_int8_t buffer[MD5_BLOCK_LENGTH]; /* input buffer */ +} MD5_CTX; + +__BEGIN_DECLS +void MD5Init(MD5_CTX *); +void MD5Update(MD5_CTX *, const u_int8_t *, size_t) + __attribute__((__bounded__(__string__,2,3))); +void MD5Pad(MD5_CTX *); +void MD5Final(u_int8_t [MD5_DIGEST_LENGTH], MD5_CTX *) + __attribute__((__bounded__(__minbytes__,1,MD5_DIGEST_LENGTH))); +void MD5Transform(u_int32_t [4], const u_int8_t [MD5_BLOCK_LENGTH]) + __attribute__((__bounded__(__minbytes__,1,4))) + __attribute__((__bounded__(__minbytes__,2,MD5_BLOCK_LENGTH))); +char *MD5End(MD5_CTX *, char *) + __attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH))); +char *MD5File(const char *, char *) + __attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH))); +char *MD5FileChunk(const char *, char *, off_t, off_t) + __attribute__((__bounded__(__minbytes__,2,MD5_DIGEST_STRING_LENGTH))); +char *MD5Data(const u_int8_t *, size_t, char *) + __attribute__((__bounded__(__string__,1,2))) + __attribute__((__bounded__(__minbytes__,3,MD5_DIGEST_STRING_LENGTH))); +__END_DECLS + +#endif /* _MD5_H_ */ diff --git a/include/sha2.h b/include/sha2.h new file mode 100644 index 0000000..293c14f --- /dev/null +++ b/include/sha2.h @@ -0,0 +1,17 @@ +/* + * Public domain + * sha2.h compatibility shim + */ + +#ifdef HAVE_SHA2_H +#include_next +#else + +#include "sha2_openbsd.h" + +#define SHA512_CTX SHA2_CTX +#define SHA512_Init(ctx) SHA512Init(ctx) +#define SHA512_Update(ctx, buf, len) SHA512Update(ctx, (void *)buf, len) +#define SHA512_Final(digest, ctx) SHA512Final(digest, ctx) + +#endif diff --git a/update.sh b/update.sh index 8ce9706..5ed0370 100755 --- a/update.sh +++ b/update.sh @@ -12,9 +12,9 @@ if [ ! -d openbsd ]; then git clone $OPENNTPD_GIT/openbsd fi fi -#(cd openbsd -# git checkout master -# git pull --rebase) +(cd openbsd + git checkout master + git pull --rebase) # setup source paths dir=`pwd` @@ -25,12 +25,14 @@ libutil_src=$dir/openbsd/src/lib/libutil ntpd_src=$dir/openbsd/src/usr.sbin/ntpd CP='cp -p' +PATCH='patch -p0 -s --posix' -cp $libc_inc/md5.h include/ +cp $libc_inc/md5.h include/md5_openbsd.h +cp $libc_inc/sha2.h include/sha2_openbsd.h cp $libutil_src/imsg.h include/ cp $libutil_src/imsg.c compat/ cp $libutil_src/imsg-buffer.c compat/ -(cd compat; patch -p0 < imsg.patch) +(cd compat; $PATCH < imsg.patch) for i in explicit_bzero.c strlcpy.c strlcat.c strndup.c strnlen.c; do $CP $libc_src/string/$i compat @@ -41,7 +43,10 @@ $CP $libc_src/crypt/arc4random.c compat $CP $libc_src/crypt/arc4random_uniform.c compat $CP $libc_src/crypt/chacha_private.h compat $CP $libc_src/hash/md5.c compat -$CP $libcrypto_src/crypto/getentropy_*.c compat +$CP $libc_src/hash/sha2.c compat +for i in $libcrypto_src/crypto/getentropy_*.c; do + sed -e 's/openssl\/sha.h/sha2.h/' < $i > compat/`basename $i` +done $CP $libcrypto_src/crypto/arc4random_*.h compat for i in client.c config.c control.c log.c ntp.c ntp.h ntp_dns.c ntp_msg.c \ @@ -49,10 +54,10 @@ for i in client.c config.c control.c log.c ntp.c ntp.h ntp_dns.c ntp_msg.c \ ntpctl.8 ntpd.8 ntpd.conf.5 ; do cp $ntpd_src/$i . done -patch -p0 < client.patch -patch -p0 < config.patch -patch -p0 < ntp.patch -patch -p0 < ntpd.patch -patch -p0 < parse.patch -patch -p0 < server.patch -patch -p0 < util.patch +$PATCH < client.patch +$PATCH < config.patch +$PATCH < ntp.patch +$PATCH < ntpd.patch +$PATCH < parse.patch +$PATCH < server.patch +$PATCH < util.patch