diff options
author | xentec <xentec@aix0.eu> | 2017-02-11 15:00:43 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-02-13 18:28:14 +0100 |
commit | d3a7437a76d864f6aa585e6ae82789cd5455c04d (patch) | |
tree | 9bbee0eb0f8cd69fc196b66ddbb376331d440753 /main | |
parent | 0850971f05a1ea0ff352c1f83fa68d1b4055ea68 (diff) | |
download | aports-d3a7437a76d864f6aa585e6ae82789cd5455c04d.tar.bz2 aports-d3a7437a76d864f6aa585e6ae82789cd5455c04d.tar.xz |
main/libasr: replace res_randomid() impl. with call to arc4random() from libcrypto
Fixes recursive call loop which causes a stack overflow in opensmtpd.
ref #6578
Diffstat (limited to 'main')
-rw-r--r-- | main/libasr/00-use-openbsd-res_randomid.patch | 953 | ||||
-rw-r--r-- | main/libasr/0001-Fix-NETDB_SUCCESS-value.patch | 25 | ||||
-rw-r--r-- | main/libasr/0002-Replace-missing-res_randomid-with-the-more-secure-ar.patch | 66 | ||||
-rw-r--r-- | main/libasr/0003-no-need-for-openssl-in-libasr.patch | 25 | ||||
-rw-r--r-- | main/libasr/APKBUILD | 46 |
5 files changed, 139 insertions, 976 deletions
diff --git a/main/libasr/00-use-openbsd-res_randomid.patch b/main/libasr/00-use-openbsd-res_randomid.patch deleted file mode 100644 index 4fb97828e6..0000000000 --- a/main/libasr/00-use-openbsd-res_randomid.patch +++ /dev/null @@ -1,953 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 10aff04..ec6fadf 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -41,7 +41,7 @@ AC_PATH_PROG([NROFF], [nroff]) - AC_PATH_PROG([MANDOC], [mandoc]) - AC_PROG_YACC - --AM_INIT_AUTOMAKE -+AM_INIT_AUTOMAKE([subdir-objects no-dependencies]) - - LT_INIT - -@@ -442,6 +442,10 @@ fi - #l1572 (customized) - dnl Checks for library functions. Please keep in alphabetical order - AC_CHECK_FUNCS([ \ -+ arc4random \ -+ arc4random_buf \ -+ arc4random_stir \ -+ arc4random_uniform \ - asprintf \ - bcopy \ - explicit_bzero \ -@@ -465,6 +469,13 @@ AC_CHECK_FUNCS([ \ - vasprintf \ - vsnprintf \ - ]) -+ -+AC_CHECK_FUNC([res_randomid], -+ [AC_DEFINE([HAVE_RES_RANDOMID], [1], [Define if res_randomid exists])]) -+AM_CONDITIONAL([USE_OPENBSD_RES_RANDOM], [test "x$HAVE_RES_RANDOMID" = "x" ]) -+AM_COND_IF([USE_OPENBSD_RES_RANDOM], -+ [AC_CHECK_LIB([crypto], [RAND_bytes], [], [AC_MSG_ERROR([libcrypto not found])])]) -+ - #l1685 - - #l1715 -diff --git a/openbsd-compat/NOTES b/openbsd-compat/NOTES -index baa60ec..0eb0710 100644 ---- a/openbsd-compat/NOTES -+++ b/openbsd-compat/NOTES -@@ -1,10 +1,12 @@ - List of files and where they come from - -+arc4random.c portable openssh - clock_gettime.c handmade - defines.h portable openssh - fgetln.c part of /usr/src/usr.bin/make/util.c - includes.h portable openssh - openbsd-compat.h portable openssh -+res_random.c src/lib/libc/net/res_random.c - strlcat.c portable openssh - strlcpy.c portable openssh - strtonum.c portable openssh -diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c -new file mode 100644 -index 0000000..ca4434d ---- /dev/null -+++ b/openbsd-compat/arc4random.c -@@ -0,0 +1,296 @@ -+/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */ -+ -+/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */ -+ -+/* -+ * Copyright (c) 1996, David Mazieres <dm@uun.org> -+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org> -+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> -+ * -+ * Permission to use, copy, modify, and distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+ -+/* -+ * ChaCha based random number generator for OpenBSD. -+ */ -+ -+#include "includes.h" -+ -+#include <stdio.h> -+#include <stdlib.h> -+#include <string.h> -+#include <unistd.h> -+#include <sys/types.h> -+ -+#ifndef HAVE_ARC4RANDOM -+ -+#include <openssl/rand.h> -+#include <openssl/err.h> -+ -+#define KEYSTREAM_ONLY -+#include "chacha_private.h" -+ -+#ifdef __GNUC__ -+#define inline __inline -+#else /* !__GNUC__ */ -+#define inline -+#endif /* !__GNUC__ */ -+ -+/* OpenSSH isn't multithreaded */ -+#define _ARC4_LOCK() -+#define _ARC4_UNLOCK() -+ -+#define KEYSZ 32 -+#define IVSZ 8 -+#define BLOCKSZ 64 -+#define RSBUFSZ (16*BLOCKSZ) -+static int rs_initialized; -+static pid_t rs_stir_pid; -+static chacha_ctx rs; /* chacha context for random keystream */ -+static u_char rs_buf[RSBUFSZ]; /* keystream blocks */ -+static size_t rs_have; /* valid bytes at end of rs_buf */ -+static size_t rs_count; /* bytes till reseed */ -+ -+static inline void _rs_rekey(u_char *dat, size_t datlen); -+ -+static inline void -+_rs_init(u_char *buf, size_t n) -+{ -+ if (n < KEYSZ + IVSZ) -+ return; -+ chacha_keysetup(&rs, buf, KEYSZ * 8, 0); -+ chacha_ivsetup(&rs, buf + KEYSZ); -+} -+ -+static void -+_rs_stir(void) -+{ -+ u_char rnd[KEYSZ + IVSZ]; -+ -+ if (RAND_bytes(rnd, sizeof(rnd)) <= 0) { -+ fprintf(stderr, -+ "libasr: Couldn't obtain random bytes (error %ld)", -+ ERR_get_error()); -+ exit(1); -+ } -+ -+ if (!rs_initialized) { -+ rs_initialized = 1; -+ _rs_init(rnd, sizeof(rnd)); -+ } else -+ _rs_rekey(rnd, sizeof(rnd)); -+ memset(rnd, 0, sizeof(rnd)); -+ -+ /* invalidate rs_buf */ -+ rs_have = 0; -+ memset(rs_buf, 0, RSBUFSZ); -+ -+ rs_count = 1600000; -+} -+ -+static inline void -+_rs_stir_if_needed(size_t len) -+{ -+ pid_t pid = getpid(); -+ -+ if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) { -+ rs_stir_pid = pid; -+ _rs_stir(); -+ } else -+ rs_count -= len; -+} -+ -+static inline void -+_rs_rekey(u_char *dat, size_t datlen) -+{ -+#ifndef KEYSTREAM_ONLY -+ memset(rs_buf, 0,RSBUFSZ); -+#endif -+ /* fill rs_buf with the keystream */ -+ chacha_encrypt_bytes(&rs, rs_buf, rs_buf, RSBUFSZ); -+ /* mix in optional user provided data */ -+ if (dat) { -+ size_t i, m; -+ -+ m = MIN(datlen, KEYSZ + IVSZ); -+ for (i = 0; i < m; i++) -+ rs_buf[i] ^= dat[i]; -+ } -+ /* immediately reinit for backtracking resistance */ -+ _rs_init(rs_buf, KEYSZ + IVSZ); -+ memset(rs_buf, 0, KEYSZ + IVSZ); -+ rs_have = RSBUFSZ - KEYSZ - IVSZ; -+} -+ -+static inline void -+_rs_random_buf(void *_buf, size_t n) -+{ -+ u_char *buf = (u_char *)_buf; -+ size_t m; -+ -+ _rs_stir_if_needed(n); -+ while (n > 0) { -+ if (rs_have > 0) { -+ m = MIN(n, rs_have); -+ memcpy(buf, rs_buf + RSBUFSZ - rs_have, m); -+ memset(rs_buf + RSBUFSZ - rs_have, 0, m); -+ buf += m; -+ n -= m; -+ rs_have -= m; -+ } -+ if (rs_have == 0) -+ _rs_rekey(NULL, 0); -+ } -+} -+ -+static inline void -+_rs_random_u32(u_int32_t *val) -+{ -+ _rs_stir_if_needed(sizeof(*val)); -+ if (rs_have < sizeof(*val)) -+ _rs_rekey(NULL, 0); -+ memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val)); -+ memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val)); -+ rs_have -= sizeof(*val); -+ return; -+} -+ -+void -+arc4random_stir(void) -+{ -+ _ARC4_LOCK(); -+ _rs_stir(); -+ _ARC4_UNLOCK(); -+} -+ -+void -+arc4random_addrandom(u_char *dat, int datlen) -+{ -+ int m; -+ -+ _ARC4_LOCK(); -+ if (!rs_initialized) -+ _rs_stir(); -+ while (datlen > 0) { -+ m = MIN(datlen, KEYSZ + IVSZ); -+ _rs_rekey(dat, m); -+ dat += m; -+ datlen -= m; -+ } -+ _ARC4_UNLOCK(); -+} -+ -+u_int32_t -+arc4random(void) -+{ -+ u_int32_t val; -+ -+ _ARC4_LOCK(); -+ _rs_random_u32(&val); -+ _ARC4_UNLOCK(); -+ return val; -+} -+ -+/* -+ * If we are providing arc4random, then we can provide a more efficient -+ * arc4random_buf(). -+ */ -+# ifndef HAVE_ARC4RANDOM_BUF -+void -+arc4random_buf(void *buf, size_t n) -+{ -+ _ARC4_LOCK(); -+ _rs_random_buf(buf, n); -+ _ARC4_UNLOCK(); -+} -+# endif /* !HAVE_ARC4RANDOM_BUF */ -+#endif /* !HAVE_ARC4RANDOM */ -+ -+/* arc4random_buf() that uses platform arc4random() */ -+#if !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) -+void -+arc4random_buf(void *_buf, size_t n) -+{ -+ size_t i; -+ u_int32_t r = 0; -+ char *buf = (char *)_buf; -+ -+ for (i = 0; i < n; i++) { -+ if (i % 4 == 0) -+ r = arc4random(); -+ buf[i] = r & 0xff; -+ r >>= 8; -+ } -+ explicit_bzero(&r, sizeof(r)); -+} -+#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */ -+ -+#ifndef HAVE_ARC4RANDOM_UNIFORM -+/* -+ * Calculate a uniformly distributed random number less than upper_bound -+ * avoiding "modulo bias". -+ * -+ * Uniformity is achieved by generating new random numbers until the one -+ * returned is outside the range [0, 2**32 % upper_bound). This -+ * guarantees the selected random number will be inside -+ * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) -+ * after reduction modulo upper_bound. -+ */ -+u_int32_t -+arc4random_uniform(u_int32_t upper_bound) -+{ -+ u_int32_t r, min; -+ -+ if (upper_bound < 2) -+ return 0; -+ -+ /* 2**32 % x == (2**32 - x) % x */ -+ min = -upper_bound % upper_bound; -+ -+ /* -+ * This could theoretically loop forever but each retry has -+ * p > 0.5 (worst case, usually far better) of selecting a -+ * number inside the range we need, so it should rarely need -+ * to re-roll. -+ */ -+ for (;;) { -+ r = arc4random(); -+ if (r >= min) -+ break; -+ } -+ -+ return r % upper_bound; -+} -+#endif /* !HAVE_ARC4RANDOM_UNIFORM */ -+ -+#if 0 -+/*-------- Test code for i386 --------*/ -+#include <stdio.h> -+#include <machine/pctr.h> -+int -+main(int argc, char **argv) -+{ -+ const int iter = 1000000; -+ int i; -+ pctrval v; -+ -+ v = rdtsc(); -+ for (i = 0; i < iter; i++) -+ arc4random(); -+ v = rdtsc() - v; -+ v /= iter; -+ -+ printf("%qd cycles\n", v); -+ exit(0); -+} -+#endif -diff --git a/openbsd-compat/chacha_private.h b/openbsd-compat/chacha_private.h -new file mode 100644 -index 0000000..7c3680f ---- /dev/null -+++ b/openbsd-compat/chacha_private.h -@@ -0,0 +1,222 @@ -+/* -+chacha-merged.c version 20080118 -+D. J. Bernstein -+Public domain. -+*/ -+ -+/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ -+ -+typedef unsigned char u8; -+typedef unsigned int u32; -+ -+typedef struct -+{ -+ u32 input[16]; /* could be compressed */ -+} chacha_ctx; -+ -+#define U8C(v) (v##U) -+#define U32C(v) (v##U) -+ -+#define U8V(v) ((u8)(v) & U8C(0xFF)) -+#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) -+ -+#define ROTL32(v, n) \ -+ (U32V((v) << (n)) | ((v) >> (32 - (n)))) -+ -+#define U8TO32_LITTLE(p) \ -+ (((u32)((p)[0]) ) | \ -+ ((u32)((p)[1]) << 8) | \ -+ ((u32)((p)[2]) << 16) | \ -+ ((u32)((p)[3]) << 24)) -+ -+#define U32TO8_LITTLE(p, v) \ -+ do { \ -+ (p)[0] = U8V((v) ); \ -+ (p)[1] = U8V((v) >> 8); \ -+ (p)[2] = U8V((v) >> 16); \ -+ (p)[3] = U8V((v) >> 24); \ -+ } while (0) -+ -+#define ROTATE(v,c) (ROTL32(v,c)) -+#define XOR(v,w) ((v) ^ (w)) -+#define PLUS(v,w) (U32V((v) + (w))) -+#define PLUSONE(v) (PLUS((v),1)) -+ -+#define QUARTERROUND(a,b,c,d) \ -+ a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ -+ c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ -+ a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ -+ c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); -+ -+static const char sigma[16] = "expand 32-byte k"; -+static const char tau[16] = "expand 16-byte k"; -+ -+static void -+chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) -+{ -+ const char *constants; -+ -+ x->input[4] = U8TO32_LITTLE(k + 0); -+ x->input[5] = U8TO32_LITTLE(k + 4); -+ x->input[6] = U8TO32_LITTLE(k + 8); -+ x->input[7] = U8TO32_LITTLE(k + 12); -+ if (kbits == 256) { /* recommended */ -+ k += 16; -+ constants = sigma; -+ } else { /* kbits == 128 */ -+ constants = tau; -+ } -+ x->input[8] = U8TO32_LITTLE(k + 0); -+ x->input[9] = U8TO32_LITTLE(k + 4); -+ x->input[10] = U8TO32_LITTLE(k + 8); -+ x->input[11] = U8TO32_LITTLE(k + 12); -+ x->input[0] = U8TO32_LITTLE(constants + 0); -+ x->input[1] = U8TO32_LITTLE(constants + 4); -+ x->input[2] = U8TO32_LITTLE(constants + 8); -+ x->input[3] = U8TO32_LITTLE(constants + 12); -+} -+ -+static void -+chacha_ivsetup(chacha_ctx *x,const u8 *iv) -+{ -+ x->input[12] = 0; -+ x->input[13] = 0; -+ x->input[14] = U8TO32_LITTLE(iv + 0); -+ x->input[15] = U8TO32_LITTLE(iv + 4); -+} -+ -+static void -+chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) -+{ -+ u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; -+ u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; -+ u8 *ctarget = NULL; -+ u8 tmp[64]; -+ u_int i; -+ -+ if (!bytes) return; -+ -+ j0 = x->input[0]; -+ j1 = x->input[1]; -+ j2 = x->input[2]; -+ j3 = x->input[3]; -+ j4 = x->input[4]; -+ j5 = x->input[5]; -+ j6 = x->input[6]; -+ j7 = x->input[7]; -+ j8 = x->input[8]; -+ j9 = x->input[9]; -+ j10 = x->input[10]; -+ j11 = x->input[11]; -+ j12 = x->input[12]; -+ j13 = x->input[13]; -+ j14 = x->input[14]; -+ j15 = x->input[15]; -+ -+ for (;;) { -+ if (bytes < 64) { -+ for (i = 0;i < bytes;++i) tmp[i] = m[i]; -+ m = tmp; -+ ctarget = c; -+ c = tmp; -+ } -+ x0 = j0; -+ x1 = j1; -+ x2 = j2; -+ x3 = j3; -+ x4 = j4; -+ x5 = j5; -+ x6 = j6; -+ x7 = j7; -+ x8 = j8; -+ x9 = j9; -+ x10 = j10; -+ x11 = j11; -+ x12 = j12; -+ x13 = j13; -+ x14 = j14; -+ x15 = j15; -+ for (i = 20;i > 0;i -= 2) { -+ QUARTERROUND( x0, x4, x8,x12) -+ QUARTERROUND( x1, x5, x9,x13) -+ QUARTERROUND( x2, x6,x10,x14) -+ QUARTERROUND( x3, x7,x11,x15) -+ QUARTERROUND( x0, x5,x10,x15) -+ QUARTERROUND( x1, x6,x11,x12) -+ QUARTERROUND( x2, x7, x8,x13) -+ QUARTERROUND( x3, x4, x9,x14) -+ } -+ x0 = PLUS(x0,j0); -+ x1 = PLUS(x1,j1); -+ x2 = PLUS(x2,j2); -+ x3 = PLUS(x3,j3); -+ x4 = PLUS(x4,j4); -+ x5 = PLUS(x5,j5); -+ x6 = PLUS(x6,j6); -+ x7 = PLUS(x7,j7); -+ x8 = PLUS(x8,j8); -+ x9 = PLUS(x9,j9); -+ x10 = PLUS(x10,j10); -+ x11 = PLUS(x11,j11); -+ x12 = PLUS(x12,j12); -+ x13 = PLUS(x13,j13); -+ x14 = PLUS(x14,j14); -+ x15 = PLUS(x15,j15); -+ -+#ifndef KEYSTREAM_ONLY -+ x0 = XOR(x0,U8TO32_LITTLE(m + 0)); -+ x1 = XOR(x1,U8TO32_LITTLE(m + 4)); -+ x2 = XOR(x2,U8TO32_LITTLE(m + 8)); -+ x3 = XOR(x3,U8TO32_LITTLE(m + 12)); -+ x4 = XOR(x4,U8TO32_LITTLE(m + 16)); -+ x5 = XOR(x5,U8TO32_LITTLE(m + 20)); -+ x6 = XOR(x6,U8TO32_LITTLE(m + 24)); -+ x7 = XOR(x7,U8TO32_LITTLE(m + 28)); -+ x8 = XOR(x8,U8TO32_LITTLE(m + 32)); -+ x9 = XOR(x9,U8TO32_LITTLE(m + 36)); -+ x10 = XOR(x10,U8TO32_LITTLE(m + 40)); -+ x11 = XOR(x11,U8TO32_LITTLE(m + 44)); -+ x12 = XOR(x12,U8TO32_LITTLE(m + 48)); -+ x13 = XOR(x13,U8TO32_LITTLE(m + 52)); -+ x14 = XOR(x14,U8TO32_LITTLE(m + 56)); -+ x15 = XOR(x15,U8TO32_LITTLE(m + 60)); -+#endif -+ -+ j12 = PLUSONE(j12); -+ if (!j12) { -+ j13 = PLUSONE(j13); -+ /* stopping at 2^70 bytes per nonce is user's responsibility */ -+ } -+ -+ U32TO8_LITTLE(c + 0,x0); -+ U32TO8_LITTLE(c + 4,x1); -+ U32TO8_LITTLE(c + 8,x2); -+ U32TO8_LITTLE(c + 12,x3); -+ U32TO8_LITTLE(c + 16,x4); -+ U32TO8_LITTLE(c + 20,x5); -+ U32TO8_LITTLE(c + 24,x6); -+ U32TO8_LITTLE(c + 28,x7); -+ U32TO8_LITTLE(c + 32,x8); -+ U32TO8_LITTLE(c + 36,x9); -+ U32TO8_LITTLE(c + 40,x10); -+ U32TO8_LITTLE(c + 44,x11); -+ U32TO8_LITTLE(c + 48,x12); -+ U32TO8_LITTLE(c + 52,x13); -+ U32TO8_LITTLE(c + 56,x14); -+ U32TO8_LITTLE(c + 60,x15); -+ -+ if (bytes <= 64) { -+ if (bytes < 64) { -+ for (i = 0;i < bytes;++i) ctarget[i] = c[i]; -+ } -+ x->input[12] = j12; -+ x->input[13] = j13; -+ return; -+ } -+ bytes -= 64; -+ c += 64; -+#ifndef KEYSTREAM_ONLY -+ m += 64; -+#endif -+ } -+} -diff --git a/openbsd-compat/defines.h b/openbsd-compat/defines.h -index da7a42c..b734c90 100644 ---- a/openbsd-compat/defines.h -+++ b/openbsd-compat/defines.h -@@ -745,6 +745,15 @@ struct winsize { - #define INET6_ADDRSTRLEN 46 - #endif - -+/* -+ * Platforms that have arc4random_uniform() and not arc4random_stir() -+ * shouldn't need the latter. -+ */ -+#if defined(HAVE_ARC4RANDOM) && defined(HAVE_ARC4RANDOM_UNIFORM) && \ -+ !defined(HAVE_ARC4RANDOM_STIR) -+# define arc4random_stir() -+#endif -+ - #ifndef HAVE_VA_COPY - # ifdef HAVE___VA_COPY - # define va_copy(dest, src) __va_copy(dest, src) -@@ -823,7 +832,7 @@ struct winsize { - #endif - - #ifndef NETDB_SUCCESS --# define NETDB_SUCCESS -1 -+# define NETDB_SUCCESS 0 - #endif - - /* end of chl */ -diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h -index c30591c..7baccc8 100644 ---- a/openbsd-compat/openbsd-compat.h -+++ b/openbsd-compat/openbsd-compat.h -@@ -63,7 +63,28 @@ char *strsep(char **stringp, const char *delim); - - #ifndef HAVE_ASPRINTF - int asprintf(char **, const char *, ...); --#endif -+#endif -+ -+#ifdef HAVE_ARC4RANDOM -+# ifndef HAVE_ARC4RANDOM_STIR -+# define arc4random_stir() -+# endif -+#else -+unsigned int arc4random(void); -+void arc4random_stir(void); -+#endif /* !HAVE_ARC4RANDOM */ -+ -+#ifndef HAVE_ARC4RANDOM_BUF -+void arc4random_buf(void *, size_t); -+#endif -+ -+#ifndef HAVE_ARC4RANDOM_UNIFORM -+u_int32_t arc4random_uniform(u_int32_t); -+#endif -+ -+#ifndef HAVE_RES_RANDOMID -+u_int res_randomid(void); -+#endif - - /* #include <sys/types.h> XXX needed? For size_t */ - -diff --git a/openbsd-compat/res_random.c b/openbsd-compat/res_random.c -new file mode 100644 -index 0000000..7910019 ---- /dev/null -+++ b/openbsd-compat/res_random.c -@@ -0,0 +1,283 @@ -+/* $OpenBSD: res_random.c,v 1.22 2015/06/04 19:26:39 eric Exp $ */ -+ -+/* -+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> -+ * Copyright 2008 Damien Miller <djm@openbsd.org> -+ * All rights reserved. -+ * -+ * Theo de Raadt <deraadt@openbsd.org> came up with the idea of using -+ * such a mathematical system to generate more random (yet non-repeating) -+ * ids to solve the resolver/named problem. But Niels designed the -+ * actual system based on the constraints. -+ * -+ * Later modified by Damien Miller to wrap the LCG output in a 15-bit -+ * permutation generator based on a Luby-Rackoff block cipher. This -+ * ensures the output is non-repeating and preserves the MSB twiddle -+ * trick, but makes it more resistant to LCG prediction. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+/* -+ * seed = random 15bit -+ * n = prime, g0 = generator to n, -+ * j = random so that gcd(j,n-1) == 1 -+ * g = g0^j mod n will be a generator again. -+ * -+ * X[0] = random seed. -+ * X[n] = a*X[n-1]+b mod m is a Linear Congruential Generator -+ * with a = 7^(even random) mod m, -+ * b = random with gcd(b,m) == 1 -+ * m = 31104 and a maximal period of m-1. -+ * -+ * The transaction id is determined by: -+ * id[n] = seed xor (g^X[n] mod n) -+ * -+ * Effectivly the id is restricted to the lower 15 bits, thus -+ * yielding two different cycles by toggling the msb on and off. -+ * This avoids reuse issues caused by reseeding. -+ * -+ * The output of this generator is then randomly permuted though a -+ * custom 15 bit Luby-Rackoff block cipher. -+ */ -+ -+#include <sys/types.h> -+#include <netinet/in.h> -+#include <sys/time.h> -+#include <resolv.h> -+ -+#include <unistd.h> -+#include <stdlib.h> -+#include <string.h> -+#include <time.h> -+ -+#include "thread_private.h" -+ -+#include "openbsd-compat.h" -+ -+#define RU_OUT 180 /* Time after wich will be reseeded */ -+#define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */ -+#define RU_GEN 2 /* Starting generator */ -+#define RU_N 32749 /* RU_N-1 = 2*2*3*2729 */ -+#define RU_AGEN 7 /* determine ru_a as RU_AGEN^(2*rand) */ -+#define RU_M 31104 /* RU_M = 2^7*3^5 - don't change */ -+#define RU_ROUNDS 11 /* Number of rounds for permute (odd) */ -+ -+struct prf_ctx { -+ /* PRF lookup table for odd rounds (7 bits input to 8 bits output) */ -+ u_char prf7[(RU_ROUNDS / 2) * (1 << 7)]; -+ -+ /* PRF lookup table for even rounds (8 bits input to 7 bits output) */ -+ u_char prf8[((RU_ROUNDS + 1) / 2) * (1 << 8)]; -+}; -+ -+#define PFAC_N 3 -+static const u_int16_t pfacts[PFAC_N] = { -+ 2, -+ 3, -+ 2729 -+}; -+ -+static u_int16_t ru_x; -+static u_int16_t ru_seed, ru_seed2; -+static u_int16_t ru_a, ru_b; -+static u_int16_t ru_g; -+static u_int16_t ru_counter = 0; -+static u_int16_t ru_msb = 0; -+static struct prf_ctx *ru_prf = NULL; -+static time_t ru_reseed; -+static pid_t ru_pid; -+ -+static u_int16_t pmod(u_int16_t, u_int16_t, u_int16_t); -+static void res_initid(void); -+ -+/* -+ * Do a fast modular exponation, returned value will be in the range -+ * of 0 - (mod-1) -+ */ -+static u_int16_t -+pmod(u_int16_t gen, u_int16_t exp, u_int16_t mod) -+{ -+ u_int16_t s, t, u; -+ -+ s = 1; -+ t = gen; -+ u = exp; -+ -+ while (u) { -+ if (u & 1) -+ s = (s * t) % mod; -+ u >>= 1; -+ t = (t * t) % mod; -+ } -+ return (s); -+} -+ -+/* -+ * 15-bit permutation based on Luby-Rackoff block cipher -+ */ -+static u_int -+permute15(u_int in) -+{ -+ int i; -+ u_int left, right, tmp; -+ -+ if (ru_prf == NULL) -+ return in; -+ -+ left = (in >> 8) & 0x7f; -+ right = in & 0xff; -+ -+ /* -+ * Each round swaps the width of left and right. Even rounds have -+ * a 7-bit left, odd rounds have an 8-bit left. Since this uses an -+ * odd number of rounds, left is always 8 bits wide at the end. -+ */ -+ for (i = 0; i < RU_ROUNDS; i++) { -+ if ((i & 1) == 0) -+ tmp = ru_prf->prf8[(i << (8 - 1)) | right] & 0x7f; -+ else -+ tmp = ru_prf->prf7[((i - 1) << (7 - 1)) | right]; -+ tmp ^= left; -+ left = right; -+ right = tmp; -+ } -+ -+ return (right << 8) | left; -+} -+ -+/* -+ * Initializes the seed and chooses a suitable generator. Also toggles -+ * the msb flag. The msb flag is used to generate two distinct -+ * cycles of random numbers and thus avoiding reuse of ids. -+ * -+ * This function is called from res_randomid() when needed, an -+ * application does not have to worry about it. -+ */ -+static void -+res_initid(void) -+{ -+ u_int16_t j, i; -+ u_int32_t tmp; -+ int noprime = 1; -+ struct timespec ts; -+ -+ ru_x = arc4random_uniform(RU_M); -+ -+ /* 15 bits of random seed */ -+ tmp = arc4random(); -+ ru_seed = (tmp >> 16) & 0x7FFF; -+ ru_seed2 = tmp & 0x7FFF; -+ -+ /* Determine the LCG we use */ -+ tmp = arc4random(); -+ ru_b = (tmp & 0xfffe) | 1; -+ ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M); -+ while (ru_b % 3 == 0) -+ ru_b += 2; -+ -+ j = arc4random_uniform(RU_N); -+ -+ /* -+ * Do a fast gcd(j,RU_N-1), so we can find a j with -+ * gcd(j, RU_N-1) == 1, giving a new generator for -+ * RU_GEN^j mod RU_N -+ */ -+ -+ while (noprime) { -+ for (i = 0; i < PFAC_N; i++) -+ if (j % pfacts[i] == 0) -+ break; -+ -+ if (i >= PFAC_N) -+ noprime = 0; -+ else -+ j = (j + 1) % RU_N; -+ } -+ -+ ru_g = pmod(RU_GEN, j, RU_N); -+ ru_counter = 0; -+ -+ /* Initialise PRF for Luby-Rackoff permutation */ -+ if (ru_prf == NULL) -+ ru_prf = malloc(sizeof(*ru_prf)); -+ if (ru_prf != NULL) -+ arc4random_buf(ru_prf, sizeof(*ru_prf)); -+ -+ clock_gettime(CLOCK_MONOTONIC, &ts); -+ ru_reseed = ts.tv_sec + RU_OUT; -+ ru_msb = ru_msb == 0x8000 ? 0 : 0x8000; -+} -+ -+u_int -+res_randomid(void) -+{ -+ struct timespec ts; -+ pid_t pid; -+ u_int r; -+ _THREAD_PRIVATE_MUTEX(random); -+ -+ clock_gettime(CLOCK_MONOTONIC, &ts); -+ pid = getpid(); -+ -+ _THREAD_PRIVATE_MUTEX_LOCK(random); -+ -+ if (ru_counter >= RU_MAX || ts.tv_sec > ru_reseed || pid != ru_pid) { -+ res_initid(); -+ ru_pid = pid; -+ } -+ -+ /* Linear Congruential Generator */ -+ ru_x = (ru_a * ru_x + ru_b) % RU_M; -+ ru_counter++; -+ -+ r = permute15(ru_seed ^ pmod(ru_g, ru_seed2 + ru_x, RU_N)) | ru_msb; -+ -+ _THREAD_PRIVATE_MUTEX_UNLOCK(random); -+ -+ return (r); -+} -+ -+#if 0 -+int -+main(int argc, char **argv) -+{ -+ int i, n; -+ u_int16_t wert; -+ -+ res_initid(); -+ -+ printf("Generator: %u\n", ru_g); -+ printf("Seed: %u\n", ru_seed); -+ printf("Reseed at %ld\n", ru_reseed); -+ printf("Ru_X: %u\n", ru_x); -+ printf("Ru_A: %u\n", ru_a); -+ printf("Ru_B: %u\n", ru_b); -+ -+ n = argc > 1 ? atoi(argv[1]) : 60001; -+ for (i=0;i<n;i++) { -+ wert = res_randomid(); -+ printf("%u\n", wert); -+ } -+ return 0; -+} -+#endif -+ -diff --git a/src/Makefile.am b/src/Makefile.am -index 2e2e40d..75353d4 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -12,6 +12,11 @@ libasr_la_SOURCES += $(top_srcdir)/openbsd-compat/strlcpy.c - libasr_la_SOURCES += $(top_srcdir)/openbsd-compat/strsep.c - libasr_la_SOURCES += $(top_srcdir)/openbsd-compat/strtonum.c - -+if USE_OPENBSD_RES_RANDOM -+libasr_la_SOURCES += $(top_srcdir)/openbsd-compat/arc4random.c -+libasr_la_SOURCES += $(top_srcdir)/openbsd-compat/res_random.c -+endif -+ - include_HEADERS = asr.h - - libasr_la_CPPFLAGS = -I$(top_srcdir)/src -I$(top_srcdir)/openbsd-compat diff --git a/main/libasr/0001-Fix-NETDB_SUCCESS-value.patch b/main/libasr/0001-Fix-NETDB_SUCCESS-value.patch new file mode 100644 index 0000000000..34ae1807b0 --- /dev/null +++ b/main/libasr/0001-Fix-NETDB_SUCCESS-value.patch @@ -0,0 +1,25 @@ +From 37b6c29ad32692aa0fea5a65492ddbea0b4a8b5d Mon Sep 17 00:00:00 2001 +From: Jonathan Curran <jonathan@curran.in> +Date: Wed, 9 Sep 2015 17:11:55 +0000 +Subject: [PATCH 1/3] Fix NETDB_SUCCESS value + +--- + openbsd-compat/defines.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/openbsd-compat/defines.h b/openbsd-compat/defines.h +index da7a42c..9f50ece 100644 +--- a/openbsd-compat/defines.h ++++ b/openbsd-compat/defines.h +@@ -823,7 +823,7 @@ struct winsize { + #endif + + #ifndef NETDB_SUCCESS +-# define NETDB_SUCCESS -1 ++# define NETDB_SUCCESS 0 + #endif + + /* end of chl */ +-- +2.11.1 + diff --git a/main/libasr/0002-Replace-missing-res_randomid-with-the-more-secure-ar.patch b/main/libasr/0002-Replace-missing-res_randomid-with-the-more-secure-ar.patch new file mode 100644 index 0000000000..023b508b01 --- /dev/null +++ b/main/libasr/0002-Replace-missing-res_randomid-with-the-more-secure-ar.patch @@ -0,0 +1,66 @@ +From fb2c3b37d1022d84506ca0815c7c888c4f08e90c Mon Sep 17 00:00:00 2001 +From: xentec <xentec@aix0.eu> +Date: Sat, 11 Feb 2017 14:39:24 +0000 +Subject: [PATCH 2/3] Replace missing res_randomid() with the more secure + arc4random() + +--- + configure.ac | 2 ++ + openbsd-compat/openbsd-compat.h | 2 ++ + src/res_mkquery.c | 2 +- + src/res_send_async.c | 2 +- + 4 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 10aff04..fa0e896 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -264,6 +264,8 @@ AC_ARG_WITH([Werror], + ) + #l325 + ++LIBS="-lcrypto $LIBS" ++ + AC_CHECK_HEADERS([ \ + crypt.h \ + dirent.h \ +diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h +index c30591c..9be2e0b 100644 +--- a/openbsd-compat/openbsd-compat.h ++++ b/openbsd-compat/openbsd-compat.h +@@ -123,4 +123,6 @@ int res_hnok(const char *); + int clock_gettime(int, struct timespec *); + #endif + ++unsigned int arc4random(void); ++ + #endif /* _OPENBSD_COMPAT_H */ +diff --git a/src/res_mkquery.c b/src/res_mkquery.c +index 27ed21e..cce4029 100644 +--- a/src/res_mkquery.c ++++ b/src/res_mkquery.c +@@ -57,7 +57,7 @@ res_mkquery(int op, const char *dname, int class, int type, + ac = asr_use_resolver(NULL); + + memset(&h, 0, sizeof h); +- h.id = res_randomid(); ++ h.id = arc4random(); + if (ac->ac_options & RES_RECURSE) + h.flags |= RD_MASK; + h.qdcount = 1; +diff --git a/src/res_send_async.c b/src/res_send_async.c +index a60aa0d..a0f4704 100644 +--- a/src/res_send_async.c ++++ b/src/res_send_async.c +@@ -380,7 +380,7 @@ setup_query(struct asr_query *as, const char *name, const char *dom, + as->as.dns.obuflen = 0; + + memset(&h, 0, sizeof h); +- h.id = res_randomid(); ++ h.id = arc4random(); + if (as->as_ctx->ac_options & RES_RECURSE) + h.flags |= RD_MASK; + h.qdcount = 1; +-- +2.11.1 + diff --git a/main/libasr/0003-no-need-for-openssl-in-libasr.patch b/main/libasr/0003-no-need-for-openssl-in-libasr.patch new file mode 100644 index 0000000000..1e91c66003 --- /dev/null +++ b/main/libasr/0003-no-need-for-openssl-in-libasr.patch @@ -0,0 +1,25 @@ +From a392a940bd0c83393fd76eabe08b1743b396b095 Mon Sep 17 00:00:00 2001 +From: Gilles Chehade <gilles@poolp.org> +Date: Sat, 13 Feb 2016 14:03:02 +0100 +Subject: [PATCH 3/3] no need for openssl in libasr... + +--- + openbsd-compat/includes.h | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/openbsd-compat/includes.h b/openbsd-compat/includes.h +index bc3d46b..5b680d3 100644 +--- a/openbsd-compat/includes.h ++++ b/openbsd-compat/includes.h +@@ -70,8 +70,6 @@ + #endif + /* end of chl*/ + +-#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */ +- + #include "defines.h" + + #include "openbsd-compat.h" +-- +2.11.1 + diff --git a/main/libasr/APKBUILD b/main/libasr/APKBUILD index d5b81757a7..b3801c2cd3 100644 --- a/main/libasr/APKBUILD +++ b/main/libasr/APKBUILD @@ -12,41 +12,41 @@ depends_dev="" makedepends="mdocml bison libressl-dev automake autoconf libtool" install="" subpackages="$pkgname-dev $pkgname-doc" -source="https://github.com/OpenSMTPD/libasr/archive/libasr-$pkgver.zip - 00-use-openbsd-res_randomid.patch" +source="https://github.com/OpenSMTPD/libasr/archive/libasr-$pkgver.tar.gz + 0001-Fix-NETDB_SUCCESS-value.patch + 0002-Replace-missing-res_randomid-with-the-more-secure-ar.patch + 0003-no-need-for-openssl-in-libasr.patch + " -_builddir=${srcdir}/${pkgname}-${pkgname}-${pkgver} +builddir=${srcdir}/${pkgname}-${pkgname}-${pkgver} prepare() { - local i - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done - ./bootstrap + default_prepare || return 1 + + cd "$builddir" + ./bootstrap || return 1 } build() { - cd "$_builddir" - ./configure --build=$CBUILD \ + cd "$builddir" + + ./configure --build=$CBUILD \ --host=$CHOST \ --with-pie \ --with-Werror \ --prefix=/usr \ --mandir=/usr/share/man \ - --with-mantype=man || return 1 - make || return 1 + --with-mantype=man \ + || return 1 + + make || return 1 } package() { - cd "$_builddir" - make DESTDIR=${pkgdir} install || return 1 + cd "$builddir" + make DESTDIR=${pkgdir} install || return 1 } -md5sums="1919b1b1c5a08821901fd2c0a6d488a7 libasr-1.0.2.zip -2d32d1f831dc000137d5fcaf9db3e33f 00-use-openbsd-res_randomid.patch" -sha256sums="8e1ed7420446219d105ac0c384cf69160791335dc69bf1ca0581279472241ca7 libasr-1.0.2.zip -19ad3fe95f881b60c317ec63777c1b4843dbaea39d28343eb67c5bdbabe4e5f9 00-use-openbsd-res_randomid.patch" -sha512sums="2b9185c9bd953d093be397554bc024ddab03003e0c56f19018a8bc22d48434fe3364274fef631cd5e2984321368baff4cd4a504d61b71c60ceffd9e5cc3c8124 libasr-1.0.2.zip -2dd30b5147562f209b23b4a939be787304125cf559bccd937781149cc7cb487c4cf6ec358fba32a33407c7ca3e44545ebbe04ddc2a14504835409f23bdef9689 00-use-openbsd-res_randomid.patch" +sha512sums="d70d5fb5728678074f4fd3d0f925b13a8a5ac9fec7a38277f2ed0e6b3f3fe2591845d035f43ece1ee16f1fdfd7d7443140ca36f171f94f310ed821b88b82b924 libasr-1.0.2.tar.gz +aebd80ae1fd33604f547833d4244161cc8551404c61e666967062e484a30d88f597e71c9f9956a3604bf02e625d8aabd9b4669d3efad1a2a15efb2f8acd8ac03 0001-Fix-NETDB_SUCCESS-value.patch +2bef347875b1ad4ec47a6d642e0f555f40906e19bce7684fd89c1c3c867f67fff8cf42ddd836480ee73a8b4491ef9385f84c12f39197d677d239f8ac23d740a0 0002-Replace-missing-res_randomid-with-the-more-secure-ar.patch +32ffc6e64d9eeb7aa37a2f4b4633ac462508f2ee7a9152b6c6b87aeebdcc89e809e839d4cc66ed49486b98d34706ff8cd86d8466663bd8712dacd99cfec64e03 0003-no-need-for-openssl-in-libasr.patch" |