Blame | Last modification | View Log | RSS feed
#! /bin/sh /usr/share/dpatch/dpatch-run
## 02_smartlink_rpath.dpatch
##
## DP: Patch from CVS to make the Nettle module compile with Nettle 2.0
@DPATCH@
diff -urad Pike-v7.8.316/src/post_modules/Nettle/acconfig.h pike-cvs/7.8/src/post_modules/Nettle/acconfig.h
--- Pike-v7.8.316/src/post_modules/Nettle/acconfig.h 2004-02-21 06:07:35.000000000 +0100
+++ pike-cvs/7.8/src/post_modules/Nettle/acconfig.h 2009-07-02 18:35:38.000000000 +0200
@@ -1 +1,5 @@
+/* Define this if your struct yarrow256_ctx has the field seed_file. */
+#undef HAVE_STRUCT_YARROW256_CTX_SEED_FILE
+/* Define this if the nettle_crypt_func typedef is a pointer type. */
+#undef HAVE_NETTLE_CRYPT_FUNC_IS_POINTER
diff -urad Pike-v7.8.316/src/post_modules/Nettle/cipher.cmod pike-cvs/7.8/src/post_modules/Nettle/cipher.cmod
--- Pike-v7.8.316/src/post_modules/Nettle/cipher.cmod 2008-07-31 16:52:27.000000000 +0200
+++ pike-cvs/7.8/src/post_modules/Nettle/cipher.cmod 2009-07-02 18:35:38.000000000 +0200
@@ -65,6 +65,13 @@
/* Force means to use key even if it is weak */
int force);
+#ifdef HAVE_NETTLE_CRYPT_FUNC_IS_POINTER
+typedef nettle_crypt_func crypt_func;
+#else
+/* Nettle 2.0 */
+typedef nettle_crypt_func *crypt_func;
+#endif
+
struct pike_cipher
{
const char *name;
@@ -79,8 +86,8 @@
pike_nettle_set_key_func set_encrypt_key;
pike_nettle_set_key_func set_decrypt_key;
- nettle_crypt_func encrypt;
- nettle_crypt_func decrypt;
+ crypt_func encrypt;
+ crypt_func decrypt;
};
#define _PIKE_CIPHER(name, NAME) { \
@@ -90,8 +97,8 @@
NAME##_KEY_SIZE, \
pike_##name##_set_encrypt_key, \
pike_##name##_set_decrypt_key, \
- (nettle_crypt_func) name##_encrypt, \
- (nettle_crypt_func) name##_decrypt, \
+ (crypt_func) name##_encrypt, \
+ (crypt_func) name##_decrypt, \
}
/*! @class CipherInfo
@@ -175,7 +182,7 @@
PIKECLASS CipherState
{
INHERIT CipherInfo;
- CVAR nettle_crypt_func crypt;
+ CVAR crypt_func crypt;
CVAR void *ctx;
CVAR int key_size;
diff -urad Pike-v7.8.316/src/post_modules/Nettle/configure.in pike-cvs/7.8/src/post_modules/Nettle/configure.in
--- Pike-v7.8.316/src/post_modules/Nettle/configure.in 2008-07-17 12:53:20.000000000 +0200
+++ pike-cvs/7.8/src/post_modules/Nettle/configure.in 2009-07-02 23:27:56.000000000 +0200
@@ -54,6 +54,52 @@
AC_MSG_RESULT([no])
IDEA_OBJ=""
fi
+
+ # These might have been purged from the Nettle lib to avoid GPL
+ # contamination.
+ AC_CHECK_FUNCS(nettle_blowfish_decrypt nettle_serpent_decrypt)
+
+ # This is the recomended interface in Nettle 2.0.
+ AC_CHECK_FUNCS(nettle_yarrow256_slow_reseed)
+
+ AC_MSG_CHECKING([for struct yarrow256_ctx.seed_file])
+ AC_CACHE_VAL(pike_cv_nettle_struct_yarrow256_ctx_seed_file, [
+ pike_cv_nettle_struct_yarrow256_ctx_seed_file=no
+ AC_TRY_COMPILE([
+#include <nettle/yarrow.h>
+ ], [
+ struct yarrow256_ctx ctx;
+ return !sizeof(ctx.seed_file);
+ ], [
+ pike_cv_nettle_struct_yarrow256_ctx_seed_file=yes
+ ])
+ ])
+ AC_MSG_RESULT($pike_cv_nettle_struct_yarrow256_ctx_seed_file);
+ if test "x$pike_cv_nettle_struct_yarrow256_ctx_seed_file" = "xyes"; then
+ AC_DEFINE(HAVE_STRUCT_YARROW256_CTX_SEED_FILE)
+ fi
+
+ AC_MSG_CHECKING([whether nettle_crypt_func is a pointer type])
+ AC_CACHE_VAL(pike_cv_nettle_crypt_func_is_pointer, [
+ pike_cv_nettle_crypt_func_is_pointer=no
+ AC_TRY_COMPILE([
+/* Note: Old Nettles had the nettle_crypt_func typedef directly
+ * in <nettle/nettle-meta.h> while more modern have it in
+ * <nettle/nettle-types.h>. Since <nettle/nettle-meta.h>
+ * pulls in <nettle/nettle-types.h> it should be sufficient.
+ */
+#include <nettle/nettle-meta.h>
+ ], [
+ nettle_crypt_func foo = (nettle_crypt_func)(void *)0;
+ return (int)foo;
+ ], [
+ pike_cv_nettle_crypt_func_is_pointer=yes
+ ])
+ ])
+ AC_MSG_RESULT($pike_cv_nettle_crypt_func_is_pointer);
+ if test "x$pike_cv_nettle_crypt_func_is_pointer" = "xyes"; then
+ AC_DEFINE(HAVE_NETTLE_CRYPT_FUNC_IS_POINTER)
+ fi
else
if test "$ac_cv_lib_gmp_mpz_init:$ac_cv_lib_gmp___mpz_init:$ac_cv_lib_gmp___gmpz_init" = "no:no:no"; then
# No gmp found; enable it if possible.
@@ -76,10 +122,6 @@
])
PIKE_FEATURE_NODEP(Nettle)
fi
-
- # These might have been purged from the Nettle lib to avoid GPL
- # contamination.
- AC_CHECK_FUNCS(nettle_blowfish_decrypt nettle_serpent_decrypt)
fi
AC_OUTPUT(Makefile,echo FOO >stamp-h )
diff -urad Pike-v7.8.316/src/post_modules/Nettle/nettle.cmod pike-cvs/7.8/src/post_modules/Nettle/nettle.cmod
--- Pike-v7.8.316/src/post_modules/Nettle/nettle.cmod 2008-06-29 00:57:14.000000000 +0200
+++ pike-cvs/7.8/src/post_modules/Nettle/nettle.cmod 2009-07-05 21:41:58.000000000 +0200
@@ -46,6 +46,36 @@
CVAR struct yarrow256_ctx ctx;
CVAR struct yarrow_source *sources;
+#ifndef HAVE_STRUCT_YARROW256_CTX_SEED_FILE
+ /* NOTE: Nettle 2.0 does not have the automatic seed_file maintenance
+ * that Nettle 1.x had. This stuff is needed since it affected
+ * the state emitted by random_string(). When Nettle 2.0 is the
+ * default, consider implementing this via overloading of the
+ * various seeding functions instead, since it does have a bit
+ * of overhead.
+ *
+ * /grubba 2009-07-05
+ */
+ PIKEVAR string seed_file flags ID_PRIVATE|ID_STATIC;
+#endif
+
+ DECLARE_STORAGE;
+
+#ifndef HAVE_STRUCT_YARROW256_CTX_SEED_FILE
+ static void pike_generate_seed_file(void)
+ {
+ struct pike_string *seed_file =
+ begin_shared_string(YARROW256_SEED_FILE_SIZE);
+ yarrow256_random(&THIS->ctx, YARROW256_SEED_FILE_SIZE, STR0(seed_file));
+ if (THIS->seed_file) {
+ free_string(THIS->seed_file);
+ }
+ THIS->seed_file = end_shared_string(seed_file);
+ }
+#else
+#define pike_generate_seed_file()
+#endif
+
/*! @decl void create(void|int sources)
*! The number of entropy sources that will feed entropy to the
*! random number generator is given as an argument to Yarrow
@@ -90,10 +120,12 @@
optflags OPT_SIDE_EFFECT;
{
if(data->len < YARROW256_SEED_FILE_SIZE)
- Pike_error( "Seed must be at least 32 characters.\n" );
+ Pike_error("Seed must be at least %d characters.\n",
+ YARROW256_SEED_FILE_SIZE);
NO_WIDE_STRING(data);
- yarrow256_seed(&THIS->ctx, data->len, (const uint8_t *)data->str);
+ yarrow256_seed(&THIS->ctx, data->len, STR0(data));
+ pike_generate_seed_file();
RETURN this_object();
}
@@ -109,19 +141,31 @@
RETURN YARROW256_SEED_FILE_SIZE;
}
- /*! @decl string get_seed()
- *! Returns part of the internal state so that it can
- *! be saved for later seeding.
+ /*! @decl string(0..255) get_seed()
+ *! Returns part of the internal state so that it can
+ *! be saved for later seeding.
+ *!
*! @seealso
- *! @[seed]
+ *! @[seed()], @[random_string()]
*/
PIKEFUN string get_seed()
optflags OPT_EXTERNAL_DEPEND;
+ rawtype tDeprecated(tFunc(tNone, tStr8));
{
if( !yarrow256_is_seeded(&THIS->ctx) )
Pike_error("Random generator not seeded.\n");
- RETURN make_shared_binary_string((const char *)THIS->ctx.seed_file,
- YARROW256_SEED_FILE_SIZE);
+
+#ifdef HAVE_STRUCT_YARROW256_CTX_SEED_FILE
+ RETURN make_shared_binary_string(THIS->ctx.seed_file,
+ YARROW256_SEED_FILE_SIZE);
+#else
+ if (THIS->seed_file) {
+ REF_RETURN THIS->seed_file;
+ } else {
+ struct pike_string *s = begin_shared_string(YARROW256_SEED_FILE_SIZE);
+ RETURN end_shared_string(s);
+ }
+#endif /* HAVE_STRUCT_YARROW256_CTX_SEED_FILE */
}
/*! @decl int(0..1) is_seeded()
@@ -144,7 +188,19 @@
PIKEFUN void force_reseed()
optflags OPT_SIDE_EFFECT;
{
+#ifdef HAVE_NETTLE_YARROW256_SLOW_RESEED
+ /* From change notes for Nettle 2.0:
+ *
+ * * Changes to the yarrow256 interface. The function
+ * yarrow256_force_reseed has been replaced by the two
+ * functions yarrow256_fast_reseed and yarrow256_slow_reseed,
+ * which were previously static.
+ */
+ yarrow256_slow_reseed(&THIS->ctx);
+#else
yarrow256_force_reseed(&THIS->ctx);
+#endif
+ pike_generate_seed_file();
}
/*! @decl int(0..1) update(string data, int source, int entropy)
@@ -156,6 +212,7 @@
PIKEFUN int(0..1) update(string data, int source, int entropy)
optflags OPT_SIDE_EFFECT;
{
+ int ret;
/* FIXME: Wide strings could actually be supported here */
NO_WIDE_STRING(data);
if( !THIS->sources )
@@ -166,8 +223,11 @@
Pike_error("Entropy must be positive.\n");
if( entropy>(data->len*8) )
Pike_error("Impossibly large entropy value.\n");
- RETURN yarrow256_update(&THIS->ctx, source, entropy, data->len,
- (const uint8_t *)data->str);
+ ret = yarrow256_update(&THIS->ctx, source, entropy, data->len,
+ (const uint8_t *)data->str);
+ if (ret)
+ pike_generate_seed_file();
+ RETURN ret;
}
/*! @decl int(0..) needed_sources()
diff -urad Pike-v7.8.316/src/post_modules/Nettle/testsuite.in pike-cvs/7.8/src/post_modules/Nettle/testsuite.in
--- Pike-v7.8.316/src/post_modules/Nettle/testsuite.in 2007-06-18 02:43:51.000000000 +0200
+++ pike-cvs/7.8/src/post_modules/Nettle/testsuite.in 2009-08-05 12:01:45.000000000 +0200
@@ -193,4 +193,14 @@
}
)
]])
+
+cond_resolv( Nettle.Yarrow, [[
+ test_any_equal([[
+ object y = Nettle.Yarrow()->seed("What happen? Somebody set up us the bomb.");
+ return ({ y->get_seed(), y->random_string(20), y->get_seed(), y->random_string(20) });
+ ]], [[({String.hex2string("73a35b2f896a8061be0ad434a592a43a82b81b9ed6c018f1c5a51300bbc8d53d"),
+ String.hex2string("7847458e32fb789ff6b6cd6e1c8cc3712ba532a8"),
+ String.hex2string("73a35b2f896a8061be0ad434a592a43a82b81b9ed6c018f1c5a51300bbc8d53d"),
+ String.hex2string("49a090656a6d93782e169994f41005a3616d3cd7")})]])
+]])
END_MARKER