[Git][NTPsec/ntpsec][master] Eliminate dependency on libsodium - use OpenSSL's RNG.
Eric S. Raymond
gitlab at mg.gitlab.com
Sat Jan 28 14:53:26 UTC 2017
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
dc54a52e by Eric S. Raymond at 2017-01-28T09:52:43-05:00
Eliminate dependency on libsodium - use OpenSSL's RNG.
- - - - -
11 changed files:
- INSTALL
- attic/wscript
- buildprep
- include/ntp_random.h
- libntp/ntp_random.c
- libntp/pymodule.c
- libntp/wscript
- ntpd/ntpd.c
- ntpd/wscript
- − wafhelpers/check_sodium.py
- wafhelpers/configure.py
Changes:
=====================================
INSTALL
=====================================
--- a/INSTALL
+++ b/INSTALL
@@ -53,7 +53,6 @@ Python 2.x, x >= 6, or Python 3.x, x >= 3::
export PYTHONPATH=/usr/local/lib/python2.6/site-packages
(I put it in my .bashrc)
-
bison::
Required to build.
Gentoo package: sys-devel/bison
@@ -63,41 +62,6 @@ OpenSSL::
Enables encryption and authentication.
Gentoo: dev-libs/openssl
-libsodium::
- Required to run and build.
- Used for cryptographic-quality random-number generation.
- This is a relatively recent library and is a bit tricky to install on
- older distributions. We used to carry it in-tree to avoid this problem,
- but we judge this creates an unacceptable risk should a CVE be issued
- against it
-
- Tarballs: https://download.libsodium.org/libsodium/releases/
-
- NetBSD:
- pkgin install libsodium
- The runtime loader/linker doesn't look in /usr/pkg/lib/
- The following link makes things work. (adjust both 18s as needed)
- # ls -s /usr/pkg/lib/libsodium.so.18 /usr/lib/libsodium.so.18
- FreeBSD:
- # pkg install libsodium
- CentOS:
- libsodium comes from epel ("Extra Packages for Enterprise Linux").
- https://fedoraproject.org/wiki/EPEL
- # yum install epel-release
- now use buildprep
- Debian
- Jessie: use buildprep
- Wheezy:
- i386 deb available from:
- https://sourceforge.net/projects/debiannoofficial/files/wheezy/
- amd64: use a tarball (URL above)
- $ ./configure; make; make check; sudo make install
- # ln -s /usr/local/lib/libsodium.so.18 /lib/x86_64-linux-gnu/libsodium.so.18
-
- MacOS/OS X, macports: libsodium
- Ubuntu 14.04 LTS: and older:
- https://gist.github.com/jonathanpmartins/2510f38abee1e65c6d92
-
libcap::
Required on Linux to support dropping root.
Gentoo package: sys-libs/libcap
=====================================
attic/wscript
=====================================
--- a/attic/wscript
+++ b/attic/wscript
@@ -11,6 +11,6 @@ def build(ctx):
includes = [
"%s/%s/" % (bldnode, name)
],
- use = "ntp isc M RT THR PTHREAD",
+ use = "ntp isc M SSL CRYPTO RT THR PTHREAD",
install_path = None,
)
=====================================
buildprep
=====================================
--- a/buildprep
+++ b/buildprep
@@ -90,14 +90,12 @@ case $installer in
echo "# SLES versions 12 and earlier do not have pps-tools"
$do $installer --install basis-devel gnuplot libcap-devel libcap2
$do $installer --install liberation-fonts libseccomp-devel
- $do $installer --install libsodium-devel libsodium13
$do $installer --install openssl-libs openssl-devel
$do $installer --install python-devel
;;
zypper)
$do zypper install -y gnuplot libcap-devel libcap2
$do zypper install -y liberation-fonts libseccomp-devel
- $do zypper install -y libsodium-devel libsodium13
$do zypper install -y openssl-devel
$do zypper install -y python-devel bison
$do zypper install -y gcc6 gcc6-info gcc6-locale
@@ -106,21 +104,5 @@ case $installer in
;;
esac
-echo "# libsodium is a point of pain; some older distributions don't carry it."
-echo "# Watch these installations closely; if you get a failure message,"
-echo "# see INSTALL for instructions."
-case $installer in
- apt)
- # no libsodium on Debian wheezy
- $do apt-get install libsodium-dev
- ;;
- emerge)
- $do emerge -q y dev-libs/libsodium
- ;;
- yum|dnf)
- # no libsodium on CentOS 7
- $do $installer install libsodium libsodium-devel
- ;;
-esac
echo ""
echo "# Done."
=====================================
include/ntp_random.h
=====================================
--- a/include/ntp_random.h
+++ b/include/ntp_random.h
@@ -1 +1 @@
-long ntp_random (void);
+int32_t ntp_random (void);
=====================================
libntp/ntp_random.c
=====================================
--- a/libntp/ntp_random.c
+++ b/libntp/ntp_random.c
@@ -5,14 +5,16 @@
* SPDX-License-Identifier: BSD-4-clause
*/
-#include "config.h"
#include <stdint.h>
-#include <sodium.h>
-long
-ntp_random( void )
+#include <openssl/rand.h>
+
+#include "ntp_endian.h"
+
+int32_t
+ntp_random(void)
{
- uint32_t rnd;
- randombytes_buf(&rnd, sizeof rnd);
- return (long)(rnd & 0x7fffffff);
+ unsigned char rnd[sizeof(uint32_t)];
+ RAND_bytes(rnd, sizeof(rnd));
+ return (int32_t)ntp_be32dec(rnd);
}
=====================================
libntp/pymodule.c
=====================================
--- a/libntp/pymodule.c
+++ b/libntp/pymodule.c
@@ -136,7 +136,7 @@ ntpc_step_systime(PyObject *self, PyObject *args)
return Py_BuildValue("d", step_systime(adjustment, ntp_set_tod));
}
-long ntp_random(void)
+int32_t ntp_random(void)
/* stub random function for get_systime() */
{
return 0;
=====================================
libntp/wscript
=====================================
--- a/libntp/wscript
+++ b/libntp/wscript
@@ -55,7 +55,6 @@ def build(ctx):
ctx(
target = "ntp",
features = "c cstlib bld_include src_include",
- use = "SODIUM",
source = libntp_source + libntp_source_sharable,
includes = includes,
)
=====================================
ntpd/ntpd.c
=====================================
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -52,8 +52,6 @@ static void finish_safe (int);
DNSServiceRef mdns;
#endif
-#include <sodium.h>
-
static void check_minsane(void);
static bool need_priority = false;
@@ -646,14 +644,6 @@ ntpdmain(
# endif /* HAVE_WORKING_FORK */
}
- /*
- * Initialize libsodium and its RNG
- */
- if (sodium_init() < 0) {
- msyslog(LOG_ERR, "sodium_init() failed");
- exit(1);
- }
-
/*
* Set up signals we pay attention to locally.
*/
=====================================
ntpd/wscript
=====================================
--- a/ntpd/wscript
+++ b/ntpd/wscript
@@ -132,7 +132,7 @@ def build(ctx):
target = "ntpd",
features = "c rtems_trace cprogram bld_include src_include libisc_include libisc_pthread_include",
source = ntpd_source,
- use = "libntpd_obj isc ntp M parse RT SODIUM CAP SECCOMP PTHREAD SSL CRYPTO DNS_SD DNS_SD_INCLUDES %s SOCKET NSL SCF" % use_refclock,
+ use = "libntpd_obj isc ntp M parse RT CAP SECCOMP PTHREAD SSL CRYPTO DNS_SD DNS_SD_INCLUDES %s SOCKET NSL SCF" % use_refclock,
includes = [
"%s/host/ntpd/" % ctx.bldnode.parent.abspath(),
"%s/ntpd/" % srcnode,
=====================================
wafhelpers/check_sodium.py deleted
=====================================
--- a/wafhelpers/check_sodium.py
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
-def check_sodium(ctx):
- ctx.check_cc(header_name="sodium.h",
- includes=ctx.env.PLATFORM_INCLUDES,
- mandatory=True,
- errmsg="No\nFatal Error: Your system is missing libsodium")
- ctx.check_cc(lib="sodium",
- libpath=ctx.env.PLATFORM_LIBPATH,
- comment="Sodium crypto library",
- mandatory=True)
=====================================
wafhelpers/configure.py
=====================================
--- a/wafhelpers/configure.py
+++ b/wafhelpers/configure.py
@@ -553,9 +553,6 @@ def cmd_configure(ctx, config):
from wafhelpers.check_cap import check_cap
check_cap(ctx)
- from wafhelpers.check_sodium import check_sodium
- check_sodium(ctx)
-
from wafhelpers.check_seccomp import check_seccomp
check_seccomp(ctx)
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/dc54a52e9c29fe1058a5e2a1787568e02305435d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170128/63d26d89/attachment.html>
More information about the vc
mailing list