Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

#! /bin/sh /usr/share/dpatch/dpatch-run
## 02_smartlink_rpath.dpatch
##
## DP: Patch from CVS to make the Nettle module compile with Nettle 2.0

@DPATCH@

diff -urad Pike-v7.8.316/src/post_modules/Nettle/acconfig.h pike-cvs/7.8/src/post_modules/Nettle/acconfig.h
--- Pike-v7.8.316/src/post_modules/Nettle/acconfig.h    2004-02-21 06:07:35.000000000 +0100
+++ pike-cvs/7.8/src/post_modules/Nettle/acconfig.h     2009-07-02 18:35:38.000000000 +0200
@@ -1 +1,5 @@
+/* Define this if your struct yarrow256_ctx has the field seed_file. */
+#undef HAVE_STRUCT_YARROW256_CTX_SEED_FILE
 
+/* Define this if the nettle_crypt_func typedef is a pointer type. */
+#undef HAVE_NETTLE_CRYPT_FUNC_IS_POINTER
diff -urad Pike-v7.8.316/src/post_modules/Nettle/cipher.cmod pike-cvs/7.8/src/post_modules/Nettle/cipher.cmod
--- Pike-v7.8.316/src/post_modules/Nettle/cipher.cmod   2008-07-31 16:52:27.000000000 +0200
+++ pike-cvs/7.8/src/post_modules/Nettle/cipher.cmod    2009-07-02 18:35:38.000000000 +0200
@@ -65,6 +65,13 @@
                                         /* Force means to use key even if it is weak */
                                         int force);
 
+#ifdef HAVE_NETTLE_CRYPT_FUNC_IS_POINTER
+typedef nettle_crypt_func crypt_func;
+#else
+/* Nettle 2.0 */
+typedef nettle_crypt_func *crypt_func;
+#endif
+
 struct pike_cipher
 {
   const char *name;
@@ -79,8 +86,8 @@
   pike_nettle_set_key_func set_encrypt_key;
   pike_nettle_set_key_func set_decrypt_key;
 
-  nettle_crypt_func encrypt;
-  nettle_crypt_func decrypt;
+  crypt_func encrypt;
+  crypt_func decrypt;
 };
 
 #define _PIKE_CIPHER(name, NAME) {             \
@@ -90,8 +97,8 @@
   NAME##_KEY_SIZE,                             \
   pike_##name##_set_encrypt_key,               \
   pike_##name##_set_decrypt_key,               \
-  (nettle_crypt_func) name##_encrypt,          \
-  (nettle_crypt_func) name##_decrypt,          \
+  (crypt_func) name##_encrypt,                 \
+  (crypt_func) name##_decrypt,                 \
 }
 
 /*! @class CipherInfo
@@ -175,7 +182,7 @@
 PIKECLASS CipherState
 {
   INHERIT CipherInfo;
-  CVAR nettle_crypt_func crypt;
+  CVAR crypt_func crypt;
   CVAR void *ctx;
   CVAR int key_size;
 
diff -urad Pike-v7.8.316/src/post_modules/Nettle/configure.in pike-cvs/7.8/src/post_modules/Nettle/configure.in
--- Pike-v7.8.316/src/post_modules/Nettle/configure.in  2008-07-17 12:53:20.000000000 +0200
+++ pike-cvs/7.8/src/post_modules/Nettle/configure.in   2009-07-02 23:27:56.000000000 +0200
@@ -54,6 +54,52 @@
       AC_MSG_RESULT([no])
       IDEA_OBJ=""
     fi
+
+    # These might have been purged from the Nettle lib to avoid GPL
+    # contamination.
+    AC_CHECK_FUNCS(nettle_blowfish_decrypt nettle_serpent_decrypt)
+
+    # This is the recomended interface in Nettle 2.0.
+    AC_CHECK_FUNCS(nettle_yarrow256_slow_reseed)
+
+    AC_MSG_CHECKING([for struct yarrow256_ctx.seed_file])
+    AC_CACHE_VAL(pike_cv_nettle_struct_yarrow256_ctx_seed_file, [
+      pike_cv_nettle_struct_yarrow256_ctx_seed_file=no
+      AC_TRY_COMPILE([
+#include <nettle/yarrow.h>
+      ], [
+  struct yarrow256_ctx ctx;
+  return !sizeof(ctx.seed_file);
+      ], [
+        pike_cv_nettle_struct_yarrow256_ctx_seed_file=yes
+      ])
+    ])
+    AC_MSG_RESULT($pike_cv_nettle_struct_yarrow256_ctx_seed_file);
+    if test "x$pike_cv_nettle_struct_yarrow256_ctx_seed_file" = "xyes"; then
+      AC_DEFINE(HAVE_STRUCT_YARROW256_CTX_SEED_FILE)
+    fi
+
+    AC_MSG_CHECKING([whether nettle_crypt_func is a pointer type])
+    AC_CACHE_VAL(pike_cv_nettle_crypt_func_is_pointer, [
+      pike_cv_nettle_crypt_func_is_pointer=no
+      AC_TRY_COMPILE([
+/* Note: Old Nettles had the nettle_crypt_func typedef directly
+ *       in <nettle/nettle-meta.h> while more modern have it in
+ *       <nettle/nettle-types.h>. Since <nettle/nettle-meta.h>
+ *       pulls in <nettle/nettle-types.h> it should be sufficient.
+ */
+#include <nettle/nettle-meta.h>
+      ], [
+  nettle_crypt_func foo = (nettle_crypt_func)(void *)0;
+  return (int)foo;
+      ], [
+        pike_cv_nettle_crypt_func_is_pointer=yes
+      ])
+    ])
+    AC_MSG_RESULT($pike_cv_nettle_crypt_func_is_pointer);
+    if test "x$pike_cv_nettle_crypt_func_is_pointer" = "xyes"; then
+      AC_DEFINE(HAVE_NETTLE_CRYPT_FUNC_IS_POINTER)
+    fi
   else
     if test "$ac_cv_lib_gmp_mpz_init:$ac_cv_lib_gmp___mpz_init:$ac_cv_lib_gmp___gmpz_init" = "no:no:no"; then
       # No gmp found; enable it if possible.
@@ -76,10 +122,6 @@
     ])
     PIKE_FEATURE_NODEP(Nettle)
   fi
-
-  # These might have been purged from the Nettle lib to avoid GPL
-  # contamination.
-  AC_CHECK_FUNCS(nettle_blowfish_decrypt nettle_serpent_decrypt)
 fi
 
 AC_OUTPUT(Makefile,echo FOO >stamp-h )
diff -urad Pike-v7.8.316/src/post_modules/Nettle/nettle.cmod pike-cvs/7.8/src/post_modules/Nettle/nettle.cmod
--- Pike-v7.8.316/src/post_modules/Nettle/nettle.cmod   2008-06-29 00:57:14.000000000 +0200
+++ pike-cvs/7.8/src/post_modules/Nettle/nettle.cmod    2009-07-05 21:41:58.000000000 +0200
@@ -46,6 +46,36 @@
   CVAR struct yarrow256_ctx ctx;
   CVAR struct yarrow_source *sources;
 
+#ifndef HAVE_STRUCT_YARROW256_CTX_SEED_FILE
+  /* NOTE: Nettle 2.0 does not have the automatic seed_file maintenance
+   *       that Nettle 1.x had. This stuff is needed since it affected
+   *       the state emitted by random_string(). When Nettle 2.0 is the
+   *       default, consider implementing this via overloading of the
+   *       various seeding functions instead, since it does have a bit
+   *       of overhead.
+   *
+   *   /grubba 2009-07-05
+   */
+  PIKEVAR string seed_file flags ID_PRIVATE|ID_STATIC;
+#endif
+
+  DECLARE_STORAGE;
+
+#ifndef HAVE_STRUCT_YARROW256_CTX_SEED_FILE
+  static void pike_generate_seed_file(void)
+  {
+    struct pike_string *seed_file =
+      begin_shared_string(YARROW256_SEED_FILE_SIZE);
+    yarrow256_random(&THIS->ctx, YARROW256_SEED_FILE_SIZE, STR0(seed_file));
+    if (THIS->seed_file) {
+      free_string(THIS->seed_file);
+    }
+    THIS->seed_file = end_shared_string(seed_file);
+  }
+#else
+#define pike_generate_seed_file()
+#endif
+
   /*! @decl void create(void|int sources)
    *! The number of entropy sources that will feed entropy to the
    *! random number generator is given as an argument to Yarrow
@@ -90,10 +120,12 @@
     optflags OPT_SIDE_EFFECT;
   {
     if(data->len < YARROW256_SEED_FILE_SIZE)
-      Pike_error( "Seed must be at least 32 characters.\n" );
+      Pike_error("Seed must be at least %d characters.\n",
+                YARROW256_SEED_FILE_SIZE);
 
     NO_WIDE_STRING(data);
-    yarrow256_seed(&THIS->ctx, data->len, (const uint8_t *)data->str);
+    yarrow256_seed(&THIS->ctx, data->len, STR0(data));
+    pike_generate_seed_file();
     RETURN this_object();
   }
 
@@ -109,19 +141,31 @@
     RETURN YARROW256_SEED_FILE_SIZE;
   }
 
-  /*! @decl string get_seed()
-   *! Returns part of the internal state so that it can
-   *! be saved for later seeding.
+  /*! @decl string(0..255) get_seed()
+   *!   Returns part of the internal state so that it can
+   *!   be saved for later seeding.
+   *!
    *! @seealso
-   *!   @[seed]
+   *!   @[seed()], @[random_string()]
    */
   PIKEFUN string get_seed()
     optflags OPT_EXTERNAL_DEPEND;
+    rawtype tDeprecated(tFunc(tNone, tStr8));
   {
     if( !yarrow256_is_seeded(&THIS->ctx) )
       Pike_error("Random generator not seeded.\n");
-    RETURN make_shared_binary_string((const char *)THIS->ctx.seed_file,
-                                    YARROW256_SEED_FILE_SIZE);
+
+#ifdef HAVE_STRUCT_YARROW256_CTX_SEED_FILE
+    RETURN make_shared_binary_string(THIS->ctx.seed_file,
+                                     YARROW256_SEED_FILE_SIZE);
+#else
+    if (THIS->seed_file) {
+      REF_RETURN THIS->seed_file;
+    } else {
+      struct pike_string *s = begin_shared_string(YARROW256_SEED_FILE_SIZE);
+      RETURN end_shared_string(s);
+    }
+#endif /* HAVE_STRUCT_YARROW256_CTX_SEED_FILE */
   }
 
   /*! @decl int(0..1) is_seeded()
@@ -144,7 +188,19 @@
   PIKEFUN void force_reseed()
     optflags OPT_SIDE_EFFECT;
   {
+#ifdef HAVE_NETTLE_YARROW256_SLOW_RESEED
+    /* From change notes for Nettle 2.0:
+     *
+     * * Changes to the yarrow256 interface. The function
+     *   yarrow256_force_reseed has been replaced by the two
+     *   functions yarrow256_fast_reseed and yarrow256_slow_reseed,
+     *   which were previously static.
+     */
+    yarrow256_slow_reseed(&THIS->ctx);
+#else
     yarrow256_force_reseed(&THIS->ctx);
+#endif
+    pike_generate_seed_file();
   }
 
   /*! @decl int(0..1) update(string data, int source, int entropy)
@@ -156,6 +212,7 @@
   PIKEFUN int(0..1) update(string data, int source, int entropy)
     optflags OPT_SIDE_EFFECT;
   {
+    int ret;
     /* FIXME: Wide strings could actually be supported here */
     NO_WIDE_STRING(data);
     if( !THIS->sources )
@@ -166,8 +223,11 @@
       Pike_error("Entropy must be positive.\n");
     if( entropy>(data->len*8) )
       Pike_error("Impossibly large entropy value.\n");
-    RETURN yarrow256_update(&THIS->ctx, source, entropy, data->len,
-                            (const uint8_t *)data->str);
+    ret = yarrow256_update(&THIS->ctx, source, entropy, data->len,
+                          (const uint8_t *)data->str);
+    if (ret)
+      pike_generate_seed_file();
+    RETURN ret;
   }
 
   /*! @decl int(0..) needed_sources()
diff -urad Pike-v7.8.316/src/post_modules/Nettle/testsuite.in pike-cvs/7.8/src/post_modules/Nettle/testsuite.in
--- Pike-v7.8.316/src/post_modules/Nettle/testsuite.in  2007-06-18 02:43:51.000000000 +0200
+++ pike-cvs/7.8/src/post_modules/Nettle/testsuite.in   2009-08-05 12:01:45.000000000 +0200
@@ -193,4 +193,14 @@
   }
 )
 ]])
+
+cond_resolv( Nettle.Yarrow, [[
+  test_any_equal([[
+    object y = Nettle.Yarrow()->seed("What happen? Somebody set up us the bomb.");
+    return ({ y->get_seed(), y->random_string(20), y->get_seed(), y->random_string(20) });
+  ]], [[({String.hex2string("73a35b2f896a8061be0ad434a592a43a82b81b9ed6c018f1c5a51300bbc8d53d"),
+         String.hex2string("7847458e32fb789ff6b6cd6e1c8cc3712ba532a8"),
+         String.hex2string("73a35b2f896a8061be0ad434a592a43a82b81b9ed6c018f1c5a51300bbc8d53d"),
+         String.hex2string("49a090656a6d93782e169994f41005a3616d3cd7")})]])
+]])
 END_MARKER