From 537910b75b561aa1d4cf70e9b22dbf98925f602d Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 11 Nov 2015 10:03:37 +0000 Subject: main/libasr: move from testing needed by opensmtpd --- main/libasr/00-use-openbsd-res_randomid.patch | 953 +++++++++++++++++++++++ main/libasr/APKBUILD | 52 ++ testing/libasr/00-use-openbsd-res_randomid.patch | 953 ----------------------- testing/libasr/APKBUILD | 52 -- 4 files changed, 1005 insertions(+), 1005 deletions(-) create mode 100644 main/libasr/00-use-openbsd-res_randomid.patch create mode 100644 main/libasr/APKBUILD delete mode 100644 testing/libasr/00-use-openbsd-res_randomid.patch delete mode 100644 testing/libasr/APKBUILD diff --git a/main/libasr/00-use-openbsd-res_randomid.patch b/main/libasr/00-use-openbsd-res_randomid.patch new file mode 100644 index 0000000000..4fb97828e6 --- /dev/null +++ b/main/libasr/00-use-openbsd-res_randomid.patch @@ -0,0 +1,953 @@ +diff --git a/configure.ac b/configure.ac +index 10aff04..ec6fadf 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -41,7 +41,7 @@ AC_PATH_PROG([NROFF], [nroff]) + AC_PATH_PROG([MANDOC], [mandoc]) + AC_PROG_YACC + +-AM_INIT_AUTOMAKE ++AM_INIT_AUTOMAKE([subdir-objects no-dependencies]) + + LT_INIT + +@@ -442,6 +442,10 @@ fi + #l1572 (customized) + dnl Checks for library functions. Please keep in alphabetical order + AC_CHECK_FUNCS([ \ ++ arc4random \ ++ arc4random_buf \ ++ arc4random_stir \ ++ arc4random_uniform \ + asprintf \ + bcopy \ + explicit_bzero \ +@@ -465,6 +469,13 @@ AC_CHECK_FUNCS([ \ + vasprintf \ + vsnprintf \ + ]) ++ ++AC_CHECK_FUNC([res_randomid], ++ [AC_DEFINE([HAVE_RES_RANDOMID], [1], [Define if res_randomid exists])]) ++AM_CONDITIONAL([USE_OPENBSD_RES_RANDOM], [test "x$HAVE_RES_RANDOMID" = "x" ]) ++AM_COND_IF([USE_OPENBSD_RES_RANDOM], ++ [AC_CHECK_LIB([crypto], [RAND_bytes], [], [AC_MSG_ERROR([libcrypto not found])])]) ++ + #l1685 + + #l1715 +diff --git a/openbsd-compat/NOTES b/openbsd-compat/NOTES +index baa60ec..0eb0710 100644 +--- a/openbsd-compat/NOTES ++++ b/openbsd-compat/NOTES +@@ -1,10 +1,12 @@ + List of files and where they come from + ++arc4random.c portable openssh + clock_gettime.c handmade + defines.h portable openssh + fgetln.c part of /usr/src/usr.bin/make/util.c + includes.h portable openssh + openbsd-compat.h portable openssh ++res_random.c src/lib/libc/net/res_random.c + strlcat.c portable openssh + strlcpy.c portable openssh + strtonum.c portable openssh +diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c +new file mode 100644 +index 0000000..ca4434d +--- /dev/null ++++ b/openbsd-compat/arc4random.c +@@ -0,0 +1,296 @@ ++/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */ ++ ++/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */ ++ ++/* ++ * Copyright (c) 1996, David Mazieres ++ * Copyright (c) 2008, Damien Miller ++ * Copyright (c) 2013, Markus Friedl ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ */ ++ ++/* ++ * ChaCha based random number generator for OpenBSD. ++ */ ++ ++#include "includes.h" ++ ++#include ++#include ++#include ++#include ++#include ++ ++#ifndef HAVE_ARC4RANDOM ++ ++#include ++#include ++ ++#define KEYSTREAM_ONLY ++#include "chacha_private.h" ++ ++#ifdef __GNUC__ ++#define inline __inline ++#else /* !__GNUC__ */ ++#define inline ++#endif /* !__GNUC__ */ ++ ++/* OpenSSH isn't multithreaded */ ++#define _ARC4_LOCK() ++#define _ARC4_UNLOCK() ++ ++#define KEYSZ 32 ++#define IVSZ 8 ++#define BLOCKSZ 64 ++#define RSBUFSZ (16*BLOCKSZ) ++static int rs_initialized; ++static pid_t rs_stir_pid; ++static chacha_ctx rs; /* chacha context for random keystream */ ++static u_char rs_buf[RSBUFSZ]; /* keystream blocks */ ++static size_t rs_have; /* valid bytes at end of rs_buf */ ++static size_t rs_count; /* bytes till reseed */ ++ ++static inline void _rs_rekey(u_char *dat, size_t datlen); ++ ++static inline void ++_rs_init(u_char *buf, size_t n) ++{ ++ if (n < KEYSZ + IVSZ) ++ return; ++ chacha_keysetup(&rs, buf, KEYSZ * 8, 0); ++ chacha_ivsetup(&rs, buf + KEYSZ); ++} ++ ++static void ++_rs_stir(void) ++{ ++ u_char rnd[KEYSZ + IVSZ]; ++ ++ if (RAND_bytes(rnd, sizeof(rnd)) <= 0) { ++ fprintf(stderr, ++ "libasr: Couldn't obtain random bytes (error %ld)", ++ ERR_get_error()); ++ exit(1); ++ } ++ ++ if (!rs_initialized) { ++ rs_initialized = 1; ++ _rs_init(rnd, sizeof(rnd)); ++ } else ++ _rs_rekey(rnd, sizeof(rnd)); ++ memset(rnd, 0, sizeof(rnd)); ++ ++ /* invalidate rs_buf */ ++ rs_have = 0; ++ memset(rs_buf, 0, RSBUFSZ); ++ ++ rs_count = 1600000; ++} ++ ++static inline void ++_rs_stir_if_needed(size_t len) ++{ ++ pid_t pid = getpid(); ++ ++ if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) { ++ rs_stir_pid = pid; ++ _rs_stir(); ++ } else ++ rs_count -= len; ++} ++ ++static inline void ++_rs_rekey(u_char *dat, size_t datlen) ++{ ++#ifndef KEYSTREAM_ONLY ++ memset(rs_buf, 0,RSBUFSZ); ++#endif ++ /* fill rs_buf with the keystream */ ++ chacha_encrypt_bytes(&rs, rs_buf, rs_buf, RSBUFSZ); ++ /* mix in optional user provided data */ ++ if (dat) { ++ size_t i, m; ++ ++ m = MIN(datlen, KEYSZ + IVSZ); ++ for (i = 0; i < m; i++) ++ rs_buf[i] ^= dat[i]; ++ } ++ /* immediately reinit for backtracking resistance */ ++ _rs_init(rs_buf, KEYSZ + IVSZ); ++ memset(rs_buf, 0, KEYSZ + IVSZ); ++ rs_have = RSBUFSZ - KEYSZ - IVSZ; ++} ++ ++static inline void ++_rs_random_buf(void *_buf, size_t n) ++{ ++ u_char *buf = (u_char *)_buf; ++ size_t m; ++ ++ _rs_stir_if_needed(n); ++ while (n > 0) { ++ if (rs_have > 0) { ++ m = MIN(n, rs_have); ++ memcpy(buf, rs_buf + RSBUFSZ - rs_have, m); ++ memset(rs_buf + RSBUFSZ - rs_have, 0, m); ++ buf += m; ++ n -= m; ++ rs_have -= m; ++ } ++ if (rs_have == 0) ++ _rs_rekey(NULL, 0); ++ } ++} ++ ++static inline void ++_rs_random_u32(u_int32_t *val) ++{ ++ _rs_stir_if_needed(sizeof(*val)); ++ if (rs_have < sizeof(*val)) ++ _rs_rekey(NULL, 0); ++ memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val)); ++ memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val)); ++ rs_have -= sizeof(*val); ++ return; ++} ++ ++void ++arc4random_stir(void) ++{ ++ _ARC4_LOCK(); ++ _rs_stir(); ++ _ARC4_UNLOCK(); ++} ++ ++void ++arc4random_addrandom(u_char *dat, int datlen) ++{ ++ int m; ++ ++ _ARC4_LOCK(); ++ if (!rs_initialized) ++ _rs_stir(); ++ while (datlen > 0) { ++ m = MIN(datlen, KEYSZ + IVSZ); ++ _rs_rekey(dat, m); ++ dat += m; ++ datlen -= m; ++ } ++ _ARC4_UNLOCK(); ++} ++ ++u_int32_t ++arc4random(void) ++{ ++ u_int32_t val; ++ ++ _ARC4_LOCK(); ++ _rs_random_u32(&val); ++ _ARC4_UNLOCK(); ++ return val; ++} ++ ++/* ++ * If we are providing arc4random, then we can provide a more efficient ++ * arc4random_buf(). ++ */ ++# ifndef HAVE_ARC4RANDOM_BUF ++void ++arc4random_buf(void *buf, size_t n) ++{ ++ _ARC4_LOCK(); ++ _rs_random_buf(buf, n); ++ _ARC4_UNLOCK(); ++} ++# endif /* !HAVE_ARC4RANDOM_BUF */ ++#endif /* !HAVE_ARC4RANDOM */ ++ ++/* arc4random_buf() that uses platform arc4random() */ ++#if !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) ++void ++arc4random_buf(void *_buf, size_t n) ++{ ++ size_t i; ++ u_int32_t r = 0; ++ char *buf = (char *)_buf; ++ ++ for (i = 0; i < n; i++) { ++ if (i % 4 == 0) ++ r = arc4random(); ++ buf[i] = r & 0xff; ++ r >>= 8; ++ } ++ explicit_bzero(&r, sizeof(r)); ++} ++#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */ ++ ++#ifndef HAVE_ARC4RANDOM_UNIFORM ++/* ++ * Calculate a uniformly distributed random number less than upper_bound ++ * avoiding "modulo bias". ++ * ++ * Uniformity is achieved by generating new random numbers until the one ++ * returned is outside the range [0, 2**32 % upper_bound). This ++ * guarantees the selected random number will be inside ++ * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) ++ * after reduction modulo upper_bound. ++ */ ++u_int32_t ++arc4random_uniform(u_int32_t upper_bound) ++{ ++ u_int32_t r, min; ++ ++ if (upper_bound < 2) ++ return 0; ++ ++ /* 2**32 % x == (2**32 - x) % x */ ++ min = -upper_bound % upper_bound; ++ ++ /* ++ * This could theoretically loop forever but each retry has ++ * p > 0.5 (worst case, usually far better) of selecting a ++ * number inside the range we need, so it should rarely need ++ * to re-roll. ++ */ ++ for (;;) { ++ r = arc4random(); ++ if (r >= min) ++ break; ++ } ++ ++ return r % upper_bound; ++} ++#endif /* !HAVE_ARC4RANDOM_UNIFORM */ ++ ++#if 0 ++/*-------- Test code for i386 --------*/ ++#include ++#include ++int ++main(int argc, char **argv) ++{ ++ const int iter = 1000000; ++ int i; ++ pctrval v; ++ ++ v = rdtsc(); ++ for (i = 0; i < iter; i++) ++ arc4random(); ++ v = rdtsc() - v; ++ v /= iter; ++ ++ printf("%qd cycles\n", v); ++ exit(0); ++} ++#endif +diff --git a/openbsd-compat/chacha_private.h b/openbsd-compat/chacha_private.h +new file mode 100644 +index 0000000..7c3680f +--- /dev/null ++++ b/openbsd-compat/chacha_private.h +@@ -0,0 +1,222 @@ ++/* ++chacha-merged.c version 20080118 ++D. J. Bernstein ++Public domain. ++*/ ++ ++/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ ++ ++typedef unsigned char u8; ++typedef unsigned int u32; ++ ++typedef struct ++{ ++ u32 input[16]; /* could be compressed */ ++} chacha_ctx; ++ ++#define U8C(v) (v##U) ++#define U32C(v) (v##U) ++ ++#define U8V(v) ((u8)(v) & U8C(0xFF)) ++#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) ++ ++#define ROTL32(v, n) \ ++ (U32V((v) << (n)) | ((v) >> (32 - (n)))) ++ ++#define U8TO32_LITTLE(p) \ ++ (((u32)((p)[0]) ) | \ ++ ((u32)((p)[1]) << 8) | \ ++ ((u32)((p)[2]) << 16) | \ ++ ((u32)((p)[3]) << 24)) ++ ++#define U32TO8_LITTLE(p, v) \ ++ do { \ ++ (p)[0] = U8V((v) ); \ ++ (p)[1] = U8V((v) >> 8); \ ++ (p)[2] = U8V((v) >> 16); \ ++ (p)[3] = U8V((v) >> 24); \ ++ } while (0) ++ ++#define ROTATE(v,c) (ROTL32(v,c)) ++#define XOR(v,w) ((v) ^ (w)) ++#define PLUS(v,w) (U32V((v) + (w))) ++#define PLUSONE(v) (PLUS((v),1)) ++ ++#define QUARTERROUND(a,b,c,d) \ ++ a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ ++ c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ ++ a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ ++ c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); ++ ++static const char sigma[16] = "expand 32-byte k"; ++static const char tau[16] = "expand 16-byte k"; ++ ++static void ++chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) ++{ ++ const char *constants; ++ ++ x->input[4] = U8TO32_LITTLE(k + 0); ++ x->input[5] = U8TO32_LITTLE(k + 4); ++ x->input[6] = U8TO32_LITTLE(k + 8); ++ x->input[7] = U8TO32_LITTLE(k + 12); ++ if (kbits == 256) { /* recommended */ ++ k += 16; ++ constants = sigma; ++ } else { /* kbits == 128 */ ++ constants = tau; ++ } ++ x->input[8] = U8TO32_LITTLE(k + 0); ++ x->input[9] = U8TO32_LITTLE(k + 4); ++ x->input[10] = U8TO32_LITTLE(k + 8); ++ x->input[11] = U8TO32_LITTLE(k + 12); ++ x->input[0] = U8TO32_LITTLE(constants + 0); ++ x->input[1] = U8TO32_LITTLE(constants + 4); ++ x->input[2] = U8TO32_LITTLE(constants + 8); ++ x->input[3] = U8TO32_LITTLE(constants + 12); ++} ++ ++static void ++chacha_ivsetup(chacha_ctx *x,const u8 *iv) ++{ ++ x->input[12] = 0; ++ x->input[13] = 0; ++ x->input[14] = U8TO32_LITTLE(iv + 0); ++ x->input[15] = U8TO32_LITTLE(iv + 4); ++} ++ ++static void ++chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) ++{ ++ u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; ++ u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; ++ u8 *ctarget = NULL; ++ u8 tmp[64]; ++ u_int i; ++ ++ if (!bytes) return; ++ ++ j0 = x->input[0]; ++ j1 = x->input[1]; ++ j2 = x->input[2]; ++ j3 = x->input[3]; ++ j4 = x->input[4]; ++ j5 = x->input[5]; ++ j6 = x->input[6]; ++ j7 = x->input[7]; ++ j8 = x->input[8]; ++ j9 = x->input[9]; ++ j10 = x->input[10]; ++ j11 = x->input[11]; ++ j12 = x->input[12]; ++ j13 = x->input[13]; ++ j14 = x->input[14]; ++ j15 = x->input[15]; ++ ++ for (;;) { ++ if (bytes < 64) { ++ for (i = 0;i < bytes;++i) tmp[i] = m[i]; ++ m = tmp; ++ ctarget = c; ++ c = tmp; ++ } ++ x0 = j0; ++ x1 = j1; ++ x2 = j2; ++ x3 = j3; ++ x4 = j4; ++ x5 = j5; ++ x6 = j6; ++ x7 = j7; ++ x8 = j8; ++ x9 = j9; ++ x10 = j10; ++ x11 = j11; ++ x12 = j12; ++ x13 = j13; ++ x14 = j14; ++ x15 = j15; ++ for (i = 20;i > 0;i -= 2) { ++ QUARTERROUND( x0, x4, x8,x12) ++ QUARTERROUND( x1, x5, x9,x13) ++ QUARTERROUND( x2, x6,x10,x14) ++ QUARTERROUND( x3, x7,x11,x15) ++ QUARTERROUND( x0, x5,x10,x15) ++ QUARTERROUND( x1, x6,x11,x12) ++ QUARTERROUND( x2, x7, x8,x13) ++ QUARTERROUND( x3, x4, x9,x14) ++ } ++ x0 = PLUS(x0,j0); ++ x1 = PLUS(x1,j1); ++ x2 = PLUS(x2,j2); ++ x3 = PLUS(x3,j3); ++ x4 = PLUS(x4,j4); ++ x5 = PLUS(x5,j5); ++ x6 = PLUS(x6,j6); ++ x7 = PLUS(x7,j7); ++ x8 = PLUS(x8,j8); ++ x9 = PLUS(x9,j9); ++ x10 = PLUS(x10,j10); ++ x11 = PLUS(x11,j11); ++ x12 = PLUS(x12,j12); ++ x13 = PLUS(x13,j13); ++ x14 = PLUS(x14,j14); ++ x15 = PLUS(x15,j15); ++ ++#ifndef KEYSTREAM_ONLY ++ x0 = XOR(x0,U8TO32_LITTLE(m + 0)); ++ x1 = XOR(x1,U8TO32_LITTLE(m + 4)); ++ x2 = XOR(x2,U8TO32_LITTLE(m + 8)); ++ x3 = XOR(x3,U8TO32_LITTLE(m + 12)); ++ x4 = XOR(x4,U8TO32_LITTLE(m + 16)); ++ x5 = XOR(x5,U8TO32_LITTLE(m + 20)); ++ x6 = XOR(x6,U8TO32_LITTLE(m + 24)); ++ x7 = XOR(x7,U8TO32_LITTLE(m + 28)); ++ x8 = XOR(x8,U8TO32_LITTLE(m + 32)); ++ x9 = XOR(x9,U8TO32_LITTLE(m + 36)); ++ x10 = XOR(x10,U8TO32_LITTLE(m + 40)); ++ x11 = XOR(x11,U8TO32_LITTLE(m + 44)); ++ x12 = XOR(x12,U8TO32_LITTLE(m + 48)); ++ x13 = XOR(x13,U8TO32_LITTLE(m + 52)); ++ x14 = XOR(x14,U8TO32_LITTLE(m + 56)); ++ x15 = XOR(x15,U8TO32_LITTLE(m + 60)); ++#endif ++ ++ j12 = PLUSONE(j12); ++ if (!j12) { ++ j13 = PLUSONE(j13); ++ /* stopping at 2^70 bytes per nonce is user's responsibility */ ++ } ++ ++ U32TO8_LITTLE(c + 0,x0); ++ U32TO8_LITTLE(c + 4,x1); ++ U32TO8_LITTLE(c + 8,x2); ++ U32TO8_LITTLE(c + 12,x3); ++ U32TO8_LITTLE(c + 16,x4); ++ U32TO8_LITTLE(c + 20,x5); ++ U32TO8_LITTLE(c + 24,x6); ++ U32TO8_LITTLE(c + 28,x7); ++ U32TO8_LITTLE(c + 32,x8); ++ U32TO8_LITTLE(c + 36,x9); ++ U32TO8_LITTLE(c + 40,x10); ++ U32TO8_LITTLE(c + 44,x11); ++ U32TO8_LITTLE(c + 48,x12); ++ U32TO8_LITTLE(c + 52,x13); ++ U32TO8_LITTLE(c + 56,x14); ++ U32TO8_LITTLE(c + 60,x15); ++ ++ if (bytes <= 64) { ++ if (bytes < 64) { ++ for (i = 0;i < bytes;++i) ctarget[i] = c[i]; ++ } ++ x->input[12] = j12; ++ x->input[13] = j13; ++ return; ++ } ++ bytes -= 64; ++ c += 64; ++#ifndef KEYSTREAM_ONLY ++ m += 64; ++#endif ++ } ++} +diff --git a/openbsd-compat/defines.h b/openbsd-compat/defines.h +index da7a42c..b734c90 100644 +--- a/openbsd-compat/defines.h ++++ b/openbsd-compat/defines.h +@@ -745,6 +745,15 @@ struct winsize { + #define INET6_ADDRSTRLEN 46 + #endif + ++/* ++ * Platforms that have arc4random_uniform() and not arc4random_stir() ++ * shouldn't need the latter. ++ */ ++#if defined(HAVE_ARC4RANDOM) && defined(HAVE_ARC4RANDOM_UNIFORM) && \ ++ !defined(HAVE_ARC4RANDOM_STIR) ++# define arc4random_stir() ++#endif ++ + #ifndef HAVE_VA_COPY + # ifdef HAVE___VA_COPY + # define va_copy(dest, src) __va_copy(dest, src) +@@ -823,7 +832,7 @@ struct winsize { + #endif + + #ifndef NETDB_SUCCESS +-# define NETDB_SUCCESS -1 ++# define NETDB_SUCCESS 0 + #endif + + /* end of chl */ +diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h +index c30591c..7baccc8 100644 +--- a/openbsd-compat/openbsd-compat.h ++++ b/openbsd-compat/openbsd-compat.h +@@ -63,7 +63,28 @@ char *strsep(char **stringp, const char *delim); + + #ifndef HAVE_ASPRINTF + int asprintf(char **, const char *, ...); +-#endif ++#endif ++ ++#ifdef HAVE_ARC4RANDOM ++# ifndef HAVE_ARC4RANDOM_STIR ++# define arc4random_stir() ++# endif ++#else ++unsigned int arc4random(void); ++void arc4random_stir(void); ++#endif /* !HAVE_ARC4RANDOM */ ++ ++#ifndef HAVE_ARC4RANDOM_BUF ++void arc4random_buf(void *, size_t); ++#endif ++ ++#ifndef HAVE_ARC4RANDOM_UNIFORM ++u_int32_t arc4random_uniform(u_int32_t); ++#endif ++ ++#ifndef HAVE_RES_RANDOMID ++u_int res_randomid(void); ++#endif + + /* #include XXX needed? For size_t */ + +diff --git a/openbsd-compat/res_random.c b/openbsd-compat/res_random.c +new file mode 100644 +index 0000000..7910019 +--- /dev/null ++++ b/openbsd-compat/res_random.c +@@ -0,0 +1,283 @@ ++/* $OpenBSD: res_random.c,v 1.22 2015/06/04 19:26:39 eric Exp $ */ ++ ++/* ++ * Copyright 1997 Niels Provos ++ * Copyright 2008 Damien Miller ++ * All rights reserved. ++ * ++ * Theo de Raadt came up with the idea of using ++ * such a mathematical system to generate more random (yet non-repeating) ++ * ids to solve the resolver/named problem. But Niels designed the ++ * actual system based on the constraints. ++ * ++ * Later modified by Damien Miller to wrap the LCG output in a 15-bit ++ * permutation generator based on a Luby-Rackoff block cipher. This ++ * ensures the output is non-repeating and preserves the MSB twiddle ++ * trick, but makes it more resistant to LCG prediction. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++/* ++ * seed = random 15bit ++ * n = prime, g0 = generator to n, ++ * j = random so that gcd(j,n-1) == 1 ++ * g = g0^j mod n will be a generator again. ++ * ++ * X[0] = random seed. ++ * X[n] = a*X[n-1]+b mod m is a Linear Congruential Generator ++ * with a = 7^(even random) mod m, ++ * b = random with gcd(b,m) == 1 ++ * m = 31104 and a maximal period of m-1. ++ * ++ * The transaction id is determined by: ++ * id[n] = seed xor (g^X[n] mod n) ++ * ++ * Effectivly the id is restricted to the lower 15 bits, thus ++ * yielding two different cycles by toggling the msb on and off. ++ * This avoids reuse issues caused by reseeding. ++ * ++ * The output of this generator is then randomly permuted though a ++ * custom 15 bit Luby-Rackoff block cipher. ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++ ++#include "thread_private.h" ++ ++#include "openbsd-compat.h" ++ ++#define RU_OUT 180 /* Time after wich will be reseeded */ ++#define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */ ++#define RU_GEN 2 /* Starting generator */ ++#define RU_N 32749 /* RU_N-1 = 2*2*3*2729 */ ++#define RU_AGEN 7 /* determine ru_a as RU_AGEN^(2*rand) */ ++#define RU_M 31104 /* RU_M = 2^7*3^5 - don't change */ ++#define RU_ROUNDS 11 /* Number of rounds for permute (odd) */ ++ ++struct prf_ctx { ++ /* PRF lookup table for odd rounds (7 bits input to 8 bits output) */ ++ u_char prf7[(RU_ROUNDS / 2) * (1 << 7)]; ++ ++ /* PRF lookup table for even rounds (8 bits input to 7 bits output) */ ++ u_char prf8[((RU_ROUNDS + 1) / 2) * (1 << 8)]; ++}; ++ ++#define PFAC_N 3 ++static const u_int16_t pfacts[PFAC_N] = { ++ 2, ++ 3, ++ 2729 ++}; ++ ++static u_int16_t ru_x; ++static u_int16_t ru_seed, ru_seed2; ++static u_int16_t ru_a, ru_b; ++static u_int16_t ru_g; ++static u_int16_t ru_counter = 0; ++static u_int16_t ru_msb = 0; ++static struct prf_ctx *ru_prf = NULL; ++static time_t ru_reseed; ++static pid_t ru_pid; ++ ++static u_int16_t pmod(u_int16_t, u_int16_t, u_int16_t); ++static void res_initid(void); ++ ++/* ++ * Do a fast modular exponation, returned value will be in the range ++ * of 0 - (mod-1) ++ */ ++static u_int16_t ++pmod(u_int16_t gen, u_int16_t exp, u_int16_t mod) ++{ ++ u_int16_t s, t, u; ++ ++ s = 1; ++ t = gen; ++ u = exp; ++ ++ while (u) { ++ if (u & 1) ++ s = (s * t) % mod; ++ u >>= 1; ++ t = (t * t) % mod; ++ } ++ return (s); ++} ++ ++/* ++ * 15-bit permutation based on Luby-Rackoff block cipher ++ */ ++static u_int ++permute15(u_int in) ++{ ++ int i; ++ u_int left, right, tmp; ++ ++ if (ru_prf == NULL) ++ return in; ++ ++ left = (in >> 8) & 0x7f; ++ right = in & 0xff; ++ ++ /* ++ * Each round swaps the width of left and right. Even rounds have ++ * a 7-bit left, odd rounds have an 8-bit left. Since this uses an ++ * odd number of rounds, left is always 8 bits wide at the end. ++ */ ++ for (i = 0; i < RU_ROUNDS; i++) { ++ if ((i & 1) == 0) ++ tmp = ru_prf->prf8[(i << (8 - 1)) | right] & 0x7f; ++ else ++ tmp = ru_prf->prf7[((i - 1) << (7 - 1)) | right]; ++ tmp ^= left; ++ left = right; ++ right = tmp; ++ } ++ ++ return (right << 8) | left; ++} ++ ++/* ++ * Initializes the seed and chooses a suitable generator. Also toggles ++ * the msb flag. The msb flag is used to generate two distinct ++ * cycles of random numbers and thus avoiding reuse of ids. ++ * ++ * This function is called from res_randomid() when needed, an ++ * application does not have to worry about it. ++ */ ++static void ++res_initid(void) ++{ ++ u_int16_t j, i; ++ u_int32_t tmp; ++ int noprime = 1; ++ struct timespec ts; ++ ++ ru_x = arc4random_uniform(RU_M); ++ ++ /* 15 bits of random seed */ ++ tmp = arc4random(); ++ ru_seed = (tmp >> 16) & 0x7FFF; ++ ru_seed2 = tmp & 0x7FFF; ++ ++ /* Determine the LCG we use */ ++ tmp = arc4random(); ++ ru_b = (tmp & 0xfffe) | 1; ++ ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M); ++ while (ru_b % 3 == 0) ++ ru_b += 2; ++ ++ j = arc4random_uniform(RU_N); ++ ++ /* ++ * Do a fast gcd(j,RU_N-1), so we can find a j with ++ * gcd(j, RU_N-1) == 1, giving a new generator for ++ * RU_GEN^j mod RU_N ++ */ ++ ++ while (noprime) { ++ for (i = 0; i < PFAC_N; i++) ++ if (j % pfacts[i] == 0) ++ break; ++ ++ if (i >= PFAC_N) ++ noprime = 0; ++ else ++ j = (j + 1) % RU_N; ++ } ++ ++ ru_g = pmod(RU_GEN, j, RU_N); ++ ru_counter = 0; ++ ++ /* Initialise PRF for Luby-Rackoff permutation */ ++ if (ru_prf == NULL) ++ ru_prf = malloc(sizeof(*ru_prf)); ++ if (ru_prf != NULL) ++ arc4random_buf(ru_prf, sizeof(*ru_prf)); ++ ++ clock_gettime(CLOCK_MONOTONIC, &ts); ++ ru_reseed = ts.tv_sec + RU_OUT; ++ ru_msb = ru_msb == 0x8000 ? 0 : 0x8000; ++} ++ ++u_int ++res_randomid(void) ++{ ++ struct timespec ts; ++ pid_t pid; ++ u_int r; ++ _THREAD_PRIVATE_MUTEX(random); ++ ++ clock_gettime(CLOCK_MONOTONIC, &ts); ++ pid = getpid(); ++ ++ _THREAD_PRIVATE_MUTEX_LOCK(random); ++ ++ if (ru_counter >= RU_MAX || ts.tv_sec > ru_reseed || pid != ru_pid) { ++ res_initid(); ++ ru_pid = pid; ++ } ++ ++ /* Linear Congruential Generator */ ++ ru_x = (ru_a * ru_x + ru_b) % RU_M; ++ ru_counter++; ++ ++ r = permute15(ru_seed ^ pmod(ru_g, ru_seed2 + ru_x, RU_N)) | ru_msb; ++ ++ _THREAD_PRIVATE_MUTEX_UNLOCK(random); ++ ++ return (r); ++} ++ ++#if 0 ++int ++main(int argc, char **argv) ++{ ++ int i, n; ++ u_int16_t wert; ++ ++ res_initid(); ++ ++ printf("Generator: %u\n", ru_g); ++ printf("Seed: %u\n", ru_seed); ++ printf("Reseed at %ld\n", ru_reseed); ++ printf("Ru_X: %u\n", ru_x); ++ printf("Ru_A: %u\n", ru_a); ++ printf("Ru_B: %u\n", ru_b); ++ ++ n = argc > 1 ? atoi(argv[1]) : 60001; ++ for (i=0;i +# Maintainer: Francesco Colista +pkgname=libasr +pkgver=1.0.2 +pkgrel=2 +pkgdesc="libasr is a free, simple and portable asynchronous resolver library" +url="http://www.opensmtpd.org" +arch="all" +license="ISC" +depends="" +depends_dev="" +makedepends="mdocml bison openssl-dev automake autoconf libtool" +install="" +subpackages="$pkgname-dev $pkgname-doc" +source="https://github.com/OpenSMTPD/libasr/archive/libasr-$pkgver.zip + 00-use-openbsd-res_randomid.patch" + +_builddir=${srcdir}/${pkgname}-${pkgname}-${pkgver} +prepare() { + local i + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done + ./bootstrap +} + +build() { + cd "$_builddir" + ./configure --build=$CBUILD \ + --host=$CHOST \ + --with-pie \ + --with-Werror \ + --prefix=/usr \ + --mandir=/usr/share/man \ + --with-mantype=man || return 1 + make || return 1 +} + +package() { + cd "$_builddir" + make DESTDIR=${pkgdir} install || return 1 +} + +md5sums="1919b1b1c5a08821901fd2c0a6d488a7 libasr-1.0.2.zip +2d32d1f831dc000137d5fcaf9db3e33f 00-use-openbsd-res_randomid.patch" +sha256sums="8e1ed7420446219d105ac0c384cf69160791335dc69bf1ca0581279472241ca7 libasr-1.0.2.zip +19ad3fe95f881b60c317ec63777c1b4843dbaea39d28343eb67c5bdbabe4e5f9 00-use-openbsd-res_randomid.patch" +sha512sums="2b9185c9bd953d093be397554bc024ddab03003e0c56f19018a8bc22d48434fe3364274fef631cd5e2984321368baff4cd4a504d61b71c60ceffd9e5cc3c8124 libasr-1.0.2.zip +2dd30b5147562f209b23b4a939be787304125cf559bccd937781149cc7cb487c4cf6ec358fba32a33407c7ca3e44545ebbe04ddc2a14504835409f23bdef9689 00-use-openbsd-res_randomid.patch" diff --git a/testing/libasr/00-use-openbsd-res_randomid.patch b/testing/libasr/00-use-openbsd-res_randomid.patch deleted file mode 100644 index 4fb97828e6..0000000000 --- a/testing/libasr/00-use-openbsd-res_randomid.patch +++ /dev/null @@ -1,953 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 10aff04..ec6fadf 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -41,7 +41,7 @@ AC_PATH_PROG([NROFF], [nroff]) - AC_PATH_PROG([MANDOC], [mandoc]) - AC_PROG_YACC - --AM_INIT_AUTOMAKE -+AM_INIT_AUTOMAKE([subdir-objects no-dependencies]) - - LT_INIT - -@@ -442,6 +442,10 @@ fi - #l1572 (customized) - dnl Checks for library functions. Please keep in alphabetical order - AC_CHECK_FUNCS([ \ -+ arc4random \ -+ arc4random_buf \ -+ arc4random_stir \ -+ arc4random_uniform \ - asprintf \ - bcopy \ - explicit_bzero \ -@@ -465,6 +469,13 @@ AC_CHECK_FUNCS([ \ - vasprintf \ - vsnprintf \ - ]) -+ -+AC_CHECK_FUNC([res_randomid], -+ [AC_DEFINE([HAVE_RES_RANDOMID], [1], [Define if res_randomid exists])]) -+AM_CONDITIONAL([USE_OPENBSD_RES_RANDOM], [test "x$HAVE_RES_RANDOMID" = "x" ]) -+AM_COND_IF([USE_OPENBSD_RES_RANDOM], -+ [AC_CHECK_LIB([crypto], [RAND_bytes], [], [AC_MSG_ERROR([libcrypto not found])])]) -+ - #l1685 - - #l1715 -diff --git a/openbsd-compat/NOTES b/openbsd-compat/NOTES -index baa60ec..0eb0710 100644 ---- a/openbsd-compat/NOTES -+++ b/openbsd-compat/NOTES -@@ -1,10 +1,12 @@ - List of files and where they come from - -+arc4random.c portable openssh - clock_gettime.c handmade - defines.h portable openssh - fgetln.c part of /usr/src/usr.bin/make/util.c - includes.h portable openssh - openbsd-compat.h portable openssh -+res_random.c src/lib/libc/net/res_random.c - strlcat.c portable openssh - strlcpy.c portable openssh - strtonum.c portable openssh -diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c -new file mode 100644 -index 0000000..ca4434d ---- /dev/null -+++ b/openbsd-compat/arc4random.c -@@ -0,0 +1,296 @@ -+/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */ -+ -+/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */ -+ -+/* -+ * Copyright (c) 1996, David Mazieres -+ * Copyright (c) 2008, Damien Miller -+ * Copyright (c) 2013, Markus Friedl -+ * -+ * Permission to use, copy, modify, and distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+ -+/* -+ * ChaCha based random number generator for OpenBSD. -+ */ -+ -+#include "includes.h" -+ -+#include -+#include -+#include -+#include -+#include -+ -+#ifndef HAVE_ARC4RANDOM -+ -+#include -+#include -+ -+#define KEYSTREAM_ONLY -+#include "chacha_private.h" -+ -+#ifdef __GNUC__ -+#define inline __inline -+#else /* !__GNUC__ */ -+#define inline -+#endif /* !__GNUC__ */ -+ -+/* OpenSSH isn't multithreaded */ -+#define _ARC4_LOCK() -+#define _ARC4_UNLOCK() -+ -+#define KEYSZ 32 -+#define IVSZ 8 -+#define BLOCKSZ 64 -+#define RSBUFSZ (16*BLOCKSZ) -+static int rs_initialized; -+static pid_t rs_stir_pid; -+static chacha_ctx rs; /* chacha context for random keystream */ -+static u_char rs_buf[RSBUFSZ]; /* keystream blocks */ -+static size_t rs_have; /* valid bytes at end of rs_buf */ -+static size_t rs_count; /* bytes till reseed */ -+ -+static inline void _rs_rekey(u_char *dat, size_t datlen); -+ -+static inline void -+_rs_init(u_char *buf, size_t n) -+{ -+ if (n < KEYSZ + IVSZ) -+ return; -+ chacha_keysetup(&rs, buf, KEYSZ * 8, 0); -+ chacha_ivsetup(&rs, buf + KEYSZ); -+} -+ -+static void -+_rs_stir(void) -+{ -+ u_char rnd[KEYSZ + IVSZ]; -+ -+ if (RAND_bytes(rnd, sizeof(rnd)) <= 0) { -+ fprintf(stderr, -+ "libasr: Couldn't obtain random bytes (error %ld)", -+ ERR_get_error()); -+ exit(1); -+ } -+ -+ if (!rs_initialized) { -+ rs_initialized = 1; -+ _rs_init(rnd, sizeof(rnd)); -+ } else -+ _rs_rekey(rnd, sizeof(rnd)); -+ memset(rnd, 0, sizeof(rnd)); -+ -+ /* invalidate rs_buf */ -+ rs_have = 0; -+ memset(rs_buf, 0, RSBUFSZ); -+ -+ rs_count = 1600000; -+} -+ -+static inline void -+_rs_stir_if_needed(size_t len) -+{ -+ pid_t pid = getpid(); -+ -+ if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) { -+ rs_stir_pid = pid; -+ _rs_stir(); -+ } else -+ rs_count -= len; -+} -+ -+static inline void -+_rs_rekey(u_char *dat, size_t datlen) -+{ -+#ifndef KEYSTREAM_ONLY -+ memset(rs_buf, 0,RSBUFSZ); -+#endif -+ /* fill rs_buf with the keystream */ -+ chacha_encrypt_bytes(&rs, rs_buf, rs_buf, RSBUFSZ); -+ /* mix in optional user provided data */ -+ if (dat) { -+ size_t i, m; -+ -+ m = MIN(datlen, KEYSZ + IVSZ); -+ for (i = 0; i < m; i++) -+ rs_buf[i] ^= dat[i]; -+ } -+ /* immediately reinit for backtracking resistance */ -+ _rs_init(rs_buf, KEYSZ + IVSZ); -+ memset(rs_buf, 0, KEYSZ + IVSZ); -+ rs_have = RSBUFSZ - KEYSZ - IVSZ; -+} -+ -+static inline void -+_rs_random_buf(void *_buf, size_t n) -+{ -+ u_char *buf = (u_char *)_buf; -+ size_t m; -+ -+ _rs_stir_if_needed(n); -+ while (n > 0) { -+ if (rs_have > 0) { -+ m = MIN(n, rs_have); -+ memcpy(buf, rs_buf + RSBUFSZ - rs_have, m); -+ memset(rs_buf + RSBUFSZ - rs_have, 0, m); -+ buf += m; -+ n -= m; -+ rs_have -= m; -+ } -+ if (rs_have == 0) -+ _rs_rekey(NULL, 0); -+ } -+} -+ -+static inline void -+_rs_random_u32(u_int32_t *val) -+{ -+ _rs_stir_if_needed(sizeof(*val)); -+ if (rs_have < sizeof(*val)) -+ _rs_rekey(NULL, 0); -+ memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val)); -+ memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val)); -+ rs_have -= sizeof(*val); -+ return; -+} -+ -+void -+arc4random_stir(void) -+{ -+ _ARC4_LOCK(); -+ _rs_stir(); -+ _ARC4_UNLOCK(); -+} -+ -+void -+arc4random_addrandom(u_char *dat, int datlen) -+{ -+ int m; -+ -+ _ARC4_LOCK(); -+ if (!rs_initialized) -+ _rs_stir(); -+ while (datlen > 0) { -+ m = MIN(datlen, KEYSZ + IVSZ); -+ _rs_rekey(dat, m); -+ dat += m; -+ datlen -= m; -+ } -+ _ARC4_UNLOCK(); -+} -+ -+u_int32_t -+arc4random(void) -+{ -+ u_int32_t val; -+ -+ _ARC4_LOCK(); -+ _rs_random_u32(&val); -+ _ARC4_UNLOCK(); -+ return val; -+} -+ -+/* -+ * If we are providing arc4random, then we can provide a more efficient -+ * arc4random_buf(). -+ */ -+# ifndef HAVE_ARC4RANDOM_BUF -+void -+arc4random_buf(void *buf, size_t n) -+{ -+ _ARC4_LOCK(); -+ _rs_random_buf(buf, n); -+ _ARC4_UNLOCK(); -+} -+# endif /* !HAVE_ARC4RANDOM_BUF */ -+#endif /* !HAVE_ARC4RANDOM */ -+ -+/* arc4random_buf() that uses platform arc4random() */ -+#if !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) -+void -+arc4random_buf(void *_buf, size_t n) -+{ -+ size_t i; -+ u_int32_t r = 0; -+ char *buf = (char *)_buf; -+ -+ for (i = 0; i < n; i++) { -+ if (i % 4 == 0) -+ r = arc4random(); -+ buf[i] = r & 0xff; -+ r >>= 8; -+ } -+ explicit_bzero(&r, sizeof(r)); -+} -+#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */ -+ -+#ifndef HAVE_ARC4RANDOM_UNIFORM -+/* -+ * Calculate a uniformly distributed random number less than upper_bound -+ * avoiding "modulo bias". -+ * -+ * Uniformity is achieved by generating new random numbers until the one -+ * returned is outside the range [0, 2**32 % upper_bound). This -+ * guarantees the selected random number will be inside -+ * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) -+ * after reduction modulo upper_bound. -+ */ -+u_int32_t -+arc4random_uniform(u_int32_t upper_bound) -+{ -+ u_int32_t r, min; -+ -+ if (upper_bound < 2) -+ return 0; -+ -+ /* 2**32 % x == (2**32 - x) % x */ -+ min = -upper_bound % upper_bound; -+ -+ /* -+ * This could theoretically loop forever but each retry has -+ * p > 0.5 (worst case, usually far better) of selecting a -+ * number inside the range we need, so it should rarely need -+ * to re-roll. -+ */ -+ for (;;) { -+ r = arc4random(); -+ if (r >= min) -+ break; -+ } -+ -+ return r % upper_bound; -+} -+#endif /* !HAVE_ARC4RANDOM_UNIFORM */ -+ -+#if 0 -+/*-------- Test code for i386 --------*/ -+#include -+#include -+int -+main(int argc, char **argv) -+{ -+ const int iter = 1000000; -+ int i; -+ pctrval v; -+ -+ v = rdtsc(); -+ for (i = 0; i < iter; i++) -+ arc4random(); -+ v = rdtsc() - v; -+ v /= iter; -+ -+ printf("%qd cycles\n", v); -+ exit(0); -+} -+#endif -diff --git a/openbsd-compat/chacha_private.h b/openbsd-compat/chacha_private.h -new file mode 100644 -index 0000000..7c3680f ---- /dev/null -+++ b/openbsd-compat/chacha_private.h -@@ -0,0 +1,222 @@ -+/* -+chacha-merged.c version 20080118 -+D. J. Bernstein -+Public domain. -+*/ -+ -+/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ -+ -+typedef unsigned char u8; -+typedef unsigned int u32; -+ -+typedef struct -+{ -+ u32 input[16]; /* could be compressed */ -+} chacha_ctx; -+ -+#define U8C(v) (v##U) -+#define U32C(v) (v##U) -+ -+#define U8V(v) ((u8)(v) & U8C(0xFF)) -+#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) -+ -+#define ROTL32(v, n) \ -+ (U32V((v) << (n)) | ((v) >> (32 - (n)))) -+ -+#define U8TO32_LITTLE(p) \ -+ (((u32)((p)[0]) ) | \ -+ ((u32)((p)[1]) << 8) | \ -+ ((u32)((p)[2]) << 16) | \ -+ ((u32)((p)[3]) << 24)) -+ -+#define U32TO8_LITTLE(p, v) \ -+ do { \ -+ (p)[0] = U8V((v) ); \ -+ (p)[1] = U8V((v) >> 8); \ -+ (p)[2] = U8V((v) >> 16); \ -+ (p)[3] = U8V((v) >> 24); \ -+ } while (0) -+ -+#define ROTATE(v,c) (ROTL32(v,c)) -+#define XOR(v,w) ((v) ^ (w)) -+#define PLUS(v,w) (U32V((v) + (w))) -+#define PLUSONE(v) (PLUS((v),1)) -+ -+#define QUARTERROUND(a,b,c,d) \ -+ a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ -+ c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ -+ a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ -+ c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); -+ -+static const char sigma[16] = "expand 32-byte k"; -+static const char tau[16] = "expand 16-byte k"; -+ -+static void -+chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) -+{ -+ const char *constants; -+ -+ x->input[4] = U8TO32_LITTLE(k + 0); -+ x->input[5] = U8TO32_LITTLE(k + 4); -+ x->input[6] = U8TO32_LITTLE(k + 8); -+ x->input[7] = U8TO32_LITTLE(k + 12); -+ if (kbits == 256) { /* recommended */ -+ k += 16; -+ constants = sigma; -+ } else { /* kbits == 128 */ -+ constants = tau; -+ } -+ x->input[8] = U8TO32_LITTLE(k + 0); -+ x->input[9] = U8TO32_LITTLE(k + 4); -+ x->input[10] = U8TO32_LITTLE(k + 8); -+ x->input[11] = U8TO32_LITTLE(k + 12); -+ x->input[0] = U8TO32_LITTLE(constants + 0); -+ x->input[1] = U8TO32_LITTLE(constants + 4); -+ x->input[2] = U8TO32_LITTLE(constants + 8); -+ x->input[3] = U8TO32_LITTLE(constants + 12); -+} -+ -+static void -+chacha_ivsetup(chacha_ctx *x,const u8 *iv) -+{ -+ x->input[12] = 0; -+ x->input[13] = 0; -+ x->input[14] = U8TO32_LITTLE(iv + 0); -+ x->input[15] = U8TO32_LITTLE(iv + 4); -+} -+ -+static void -+chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) -+{ -+ u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; -+ u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; -+ u8 *ctarget = NULL; -+ u8 tmp[64]; -+ u_int i; -+ -+ if (!bytes) return; -+ -+ j0 = x->input[0]; -+ j1 = x->input[1]; -+ j2 = x->input[2]; -+ j3 = x->input[3]; -+ j4 = x->input[4]; -+ j5 = x->input[5]; -+ j6 = x->input[6]; -+ j7 = x->input[7]; -+ j8 = x->input[8]; -+ j9 = x->input[9]; -+ j10 = x->input[10]; -+ j11 = x->input[11]; -+ j12 = x->input[12]; -+ j13 = x->input[13]; -+ j14 = x->input[14]; -+ j15 = x->input[15]; -+ -+ for (;;) { -+ if (bytes < 64) { -+ for (i = 0;i < bytes;++i) tmp[i] = m[i]; -+ m = tmp; -+ ctarget = c; -+ c = tmp; -+ } -+ x0 = j0; -+ x1 = j1; -+ x2 = j2; -+ x3 = j3; -+ x4 = j4; -+ x5 = j5; -+ x6 = j6; -+ x7 = j7; -+ x8 = j8; -+ x9 = j9; -+ x10 = j10; -+ x11 = j11; -+ x12 = j12; -+ x13 = j13; -+ x14 = j14; -+ x15 = j15; -+ for (i = 20;i > 0;i -= 2) { -+ QUARTERROUND( x0, x4, x8,x12) -+ QUARTERROUND( x1, x5, x9,x13) -+ QUARTERROUND( x2, x6,x10,x14) -+ QUARTERROUND( x3, x7,x11,x15) -+ QUARTERROUND( x0, x5,x10,x15) -+ QUARTERROUND( x1, x6,x11,x12) -+ QUARTERROUND( x2, x7, x8,x13) -+ QUARTERROUND( x3, x4, x9,x14) -+ } -+ x0 = PLUS(x0,j0); -+ x1 = PLUS(x1,j1); -+ x2 = PLUS(x2,j2); -+ x3 = PLUS(x3,j3); -+ x4 = PLUS(x4,j4); -+ x5 = PLUS(x5,j5); -+ x6 = PLUS(x6,j6); -+ x7 = PLUS(x7,j7); -+ x8 = PLUS(x8,j8); -+ x9 = PLUS(x9,j9); -+ x10 = PLUS(x10,j10); -+ x11 = PLUS(x11,j11); -+ x12 = PLUS(x12,j12); -+ x13 = PLUS(x13,j13); -+ x14 = PLUS(x14,j14); -+ x15 = PLUS(x15,j15); -+ -+#ifndef KEYSTREAM_ONLY -+ x0 = XOR(x0,U8TO32_LITTLE(m + 0)); -+ x1 = XOR(x1,U8TO32_LITTLE(m + 4)); -+ x2 = XOR(x2,U8TO32_LITTLE(m + 8)); -+ x3 = XOR(x3,U8TO32_LITTLE(m + 12)); -+ x4 = XOR(x4,U8TO32_LITTLE(m + 16)); -+ x5 = XOR(x5,U8TO32_LITTLE(m + 20)); -+ x6 = XOR(x6,U8TO32_LITTLE(m + 24)); -+ x7 = XOR(x7,U8TO32_LITTLE(m + 28)); -+ x8 = XOR(x8,U8TO32_LITTLE(m + 32)); -+ x9 = XOR(x9,U8TO32_LITTLE(m + 36)); -+ x10 = XOR(x10,U8TO32_LITTLE(m + 40)); -+ x11 = XOR(x11,U8TO32_LITTLE(m + 44)); -+ x12 = XOR(x12,U8TO32_LITTLE(m + 48)); -+ x13 = XOR(x13,U8TO32_LITTLE(m + 52)); -+ x14 = XOR(x14,U8TO32_LITTLE(m + 56)); -+ x15 = XOR(x15,U8TO32_LITTLE(m + 60)); -+#endif -+ -+ j12 = PLUSONE(j12); -+ if (!j12) { -+ j13 = PLUSONE(j13); -+ /* stopping at 2^70 bytes per nonce is user's responsibility */ -+ } -+ -+ U32TO8_LITTLE(c + 0,x0); -+ U32TO8_LITTLE(c + 4,x1); -+ U32TO8_LITTLE(c + 8,x2); -+ U32TO8_LITTLE(c + 12,x3); -+ U32TO8_LITTLE(c + 16,x4); -+ U32TO8_LITTLE(c + 20,x5); -+ U32TO8_LITTLE(c + 24,x6); -+ U32TO8_LITTLE(c + 28,x7); -+ U32TO8_LITTLE(c + 32,x8); -+ U32TO8_LITTLE(c + 36,x9); -+ U32TO8_LITTLE(c + 40,x10); -+ U32TO8_LITTLE(c + 44,x11); -+ U32TO8_LITTLE(c + 48,x12); -+ U32TO8_LITTLE(c + 52,x13); -+ U32TO8_LITTLE(c + 56,x14); -+ U32TO8_LITTLE(c + 60,x15); -+ -+ if (bytes <= 64) { -+ if (bytes < 64) { -+ for (i = 0;i < bytes;++i) ctarget[i] = c[i]; -+ } -+ x->input[12] = j12; -+ x->input[13] = j13; -+ return; -+ } -+ bytes -= 64; -+ c += 64; -+#ifndef KEYSTREAM_ONLY -+ m += 64; -+#endif -+ } -+} -diff --git a/openbsd-compat/defines.h b/openbsd-compat/defines.h -index da7a42c..b734c90 100644 ---- a/openbsd-compat/defines.h -+++ b/openbsd-compat/defines.h -@@ -745,6 +745,15 @@ struct winsize { - #define INET6_ADDRSTRLEN 46 - #endif - -+/* -+ * Platforms that have arc4random_uniform() and not arc4random_stir() -+ * shouldn't need the latter. -+ */ -+#if defined(HAVE_ARC4RANDOM) && defined(HAVE_ARC4RANDOM_UNIFORM) && \ -+ !defined(HAVE_ARC4RANDOM_STIR) -+# define arc4random_stir() -+#endif -+ - #ifndef HAVE_VA_COPY - # ifdef HAVE___VA_COPY - # define va_copy(dest, src) __va_copy(dest, src) -@@ -823,7 +832,7 @@ struct winsize { - #endif - - #ifndef NETDB_SUCCESS --# define NETDB_SUCCESS -1 -+# define NETDB_SUCCESS 0 - #endif - - /* end of chl */ -diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h -index c30591c..7baccc8 100644 ---- a/openbsd-compat/openbsd-compat.h -+++ b/openbsd-compat/openbsd-compat.h -@@ -63,7 +63,28 @@ char *strsep(char **stringp, const char *delim); - - #ifndef HAVE_ASPRINTF - int asprintf(char **, const char *, ...); --#endif -+#endif -+ -+#ifdef HAVE_ARC4RANDOM -+# ifndef HAVE_ARC4RANDOM_STIR -+# define arc4random_stir() -+# endif -+#else -+unsigned int arc4random(void); -+void arc4random_stir(void); -+#endif /* !HAVE_ARC4RANDOM */ -+ -+#ifndef HAVE_ARC4RANDOM_BUF -+void arc4random_buf(void *, size_t); -+#endif -+ -+#ifndef HAVE_ARC4RANDOM_UNIFORM -+u_int32_t arc4random_uniform(u_int32_t); -+#endif -+ -+#ifndef HAVE_RES_RANDOMID -+u_int res_randomid(void); -+#endif - - /* #include XXX needed? For size_t */ - -diff --git a/openbsd-compat/res_random.c b/openbsd-compat/res_random.c -new file mode 100644 -index 0000000..7910019 ---- /dev/null -+++ b/openbsd-compat/res_random.c -@@ -0,0 +1,283 @@ -+/* $OpenBSD: res_random.c,v 1.22 2015/06/04 19:26:39 eric Exp $ */ -+ -+/* -+ * Copyright 1997 Niels Provos -+ * Copyright 2008 Damien Miller -+ * All rights reserved. -+ * -+ * Theo de Raadt came up with the idea of using -+ * such a mathematical system to generate more random (yet non-repeating) -+ * ids to solve the resolver/named problem. But Niels designed the -+ * actual system based on the constraints. -+ * -+ * Later modified by Damien Miller to wrap the LCG output in a 15-bit -+ * permutation generator based on a Luby-Rackoff block cipher. This -+ * ensures the output is non-repeating and preserves the MSB twiddle -+ * trick, but makes it more resistant to LCG prediction. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+/* -+ * seed = random 15bit -+ * n = prime, g0 = generator to n, -+ * j = random so that gcd(j,n-1) == 1 -+ * g = g0^j mod n will be a generator again. -+ * -+ * X[0] = random seed. -+ * X[n] = a*X[n-1]+b mod m is a Linear Congruential Generator -+ * with a = 7^(even random) mod m, -+ * b = random with gcd(b,m) == 1 -+ * m = 31104 and a maximal period of m-1. -+ * -+ * The transaction id is determined by: -+ * id[n] = seed xor (g^X[n] mod n) -+ * -+ * Effectivly the id is restricted to the lower 15 bits, thus -+ * yielding two different cycles by toggling the msb on and off. -+ * This avoids reuse issues caused by reseeding. -+ * -+ * The output of this generator is then randomly permuted though a -+ * custom 15 bit Luby-Rackoff block cipher. -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+ -+#include "thread_private.h" -+ -+#include "openbsd-compat.h" -+ -+#define RU_OUT 180 /* Time after wich will be reseeded */ -+#define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */ -+#define RU_GEN 2 /* Starting generator */ -+#define RU_N 32749 /* RU_N-1 = 2*2*3*2729 */ -+#define RU_AGEN 7 /* determine ru_a as RU_AGEN^(2*rand) */ -+#define RU_M 31104 /* RU_M = 2^7*3^5 - don't change */ -+#define RU_ROUNDS 11 /* Number of rounds for permute (odd) */ -+ -+struct prf_ctx { -+ /* PRF lookup table for odd rounds (7 bits input to 8 bits output) */ -+ u_char prf7[(RU_ROUNDS / 2) * (1 << 7)]; -+ -+ /* PRF lookup table for even rounds (8 bits input to 7 bits output) */ -+ u_char prf8[((RU_ROUNDS + 1) / 2) * (1 << 8)]; -+}; -+ -+#define PFAC_N 3 -+static const u_int16_t pfacts[PFAC_N] = { -+ 2, -+ 3, -+ 2729 -+}; -+ -+static u_int16_t ru_x; -+static u_int16_t ru_seed, ru_seed2; -+static u_int16_t ru_a, ru_b; -+static u_int16_t ru_g; -+static u_int16_t ru_counter = 0; -+static u_int16_t ru_msb = 0; -+static struct prf_ctx *ru_prf = NULL; -+static time_t ru_reseed; -+static pid_t ru_pid; -+ -+static u_int16_t pmod(u_int16_t, u_int16_t, u_int16_t); -+static void res_initid(void); -+ -+/* -+ * Do a fast modular exponation, returned value will be in the range -+ * of 0 - (mod-1) -+ */ -+static u_int16_t -+pmod(u_int16_t gen, u_int16_t exp, u_int16_t mod) -+{ -+ u_int16_t s, t, u; -+ -+ s = 1; -+ t = gen; -+ u = exp; -+ -+ while (u) { -+ if (u & 1) -+ s = (s * t) % mod; -+ u >>= 1; -+ t = (t * t) % mod; -+ } -+ return (s); -+} -+ -+/* -+ * 15-bit permutation based on Luby-Rackoff block cipher -+ */ -+static u_int -+permute15(u_int in) -+{ -+ int i; -+ u_int left, right, tmp; -+ -+ if (ru_prf == NULL) -+ return in; -+ -+ left = (in >> 8) & 0x7f; -+ right = in & 0xff; -+ -+ /* -+ * Each round swaps the width of left and right. Even rounds have -+ * a 7-bit left, odd rounds have an 8-bit left. Since this uses an -+ * odd number of rounds, left is always 8 bits wide at the end. -+ */ -+ for (i = 0; i < RU_ROUNDS; i++) { -+ if ((i & 1) == 0) -+ tmp = ru_prf->prf8[(i << (8 - 1)) | right] & 0x7f; -+ else -+ tmp = ru_prf->prf7[((i - 1) << (7 - 1)) | right]; -+ tmp ^= left; -+ left = right; -+ right = tmp; -+ } -+ -+ return (right << 8) | left; -+} -+ -+/* -+ * Initializes the seed and chooses a suitable generator. Also toggles -+ * the msb flag. The msb flag is used to generate two distinct -+ * cycles of random numbers and thus avoiding reuse of ids. -+ * -+ * This function is called from res_randomid() when needed, an -+ * application does not have to worry about it. -+ */ -+static void -+res_initid(void) -+{ -+ u_int16_t j, i; -+ u_int32_t tmp; -+ int noprime = 1; -+ struct timespec ts; -+ -+ ru_x = arc4random_uniform(RU_M); -+ -+ /* 15 bits of random seed */ -+ tmp = arc4random(); -+ ru_seed = (tmp >> 16) & 0x7FFF; -+ ru_seed2 = tmp & 0x7FFF; -+ -+ /* Determine the LCG we use */ -+ tmp = arc4random(); -+ ru_b = (tmp & 0xfffe) | 1; -+ ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M); -+ while (ru_b % 3 == 0) -+ ru_b += 2; -+ -+ j = arc4random_uniform(RU_N); -+ -+ /* -+ * Do a fast gcd(j,RU_N-1), so we can find a j with -+ * gcd(j, RU_N-1) == 1, giving a new generator for -+ * RU_GEN^j mod RU_N -+ */ -+ -+ while (noprime) { -+ for (i = 0; i < PFAC_N; i++) -+ if (j % pfacts[i] == 0) -+ break; -+ -+ if (i >= PFAC_N) -+ noprime = 0; -+ else -+ j = (j + 1) % RU_N; -+ } -+ -+ ru_g = pmod(RU_GEN, j, RU_N); -+ ru_counter = 0; -+ -+ /* Initialise PRF for Luby-Rackoff permutation */ -+ if (ru_prf == NULL) -+ ru_prf = malloc(sizeof(*ru_prf)); -+ if (ru_prf != NULL) -+ arc4random_buf(ru_prf, sizeof(*ru_prf)); -+ -+ clock_gettime(CLOCK_MONOTONIC, &ts); -+ ru_reseed = ts.tv_sec + RU_OUT; -+ ru_msb = ru_msb == 0x8000 ? 0 : 0x8000; -+} -+ -+u_int -+res_randomid(void) -+{ -+ struct timespec ts; -+ pid_t pid; -+ u_int r; -+ _THREAD_PRIVATE_MUTEX(random); -+ -+ clock_gettime(CLOCK_MONOTONIC, &ts); -+ pid = getpid(); -+ -+ _THREAD_PRIVATE_MUTEX_LOCK(random); -+ -+ if (ru_counter >= RU_MAX || ts.tv_sec > ru_reseed || pid != ru_pid) { -+ res_initid(); -+ ru_pid = pid; -+ } -+ -+ /* Linear Congruential Generator */ -+ ru_x = (ru_a * ru_x + ru_b) % RU_M; -+ ru_counter++; -+ -+ r = permute15(ru_seed ^ pmod(ru_g, ru_seed2 + ru_x, RU_N)) | ru_msb; -+ -+ _THREAD_PRIVATE_MUTEX_UNLOCK(random); -+ -+ return (r); -+} -+ -+#if 0 -+int -+main(int argc, char **argv) -+{ -+ int i, n; -+ u_int16_t wert; -+ -+ res_initid(); -+ -+ printf("Generator: %u\n", ru_g); -+ printf("Seed: %u\n", ru_seed); -+ printf("Reseed at %ld\n", ru_reseed); -+ printf("Ru_X: %u\n", ru_x); -+ printf("Ru_A: %u\n", ru_a); -+ printf("Ru_B: %u\n", ru_b); -+ -+ n = argc > 1 ? atoi(argv[1]) : 60001; -+ for (i=0;i -# Maintainer: Francesco Colista -pkgname=libasr -pkgver=1.0.2 -pkgrel=2 -pkgdesc="libasr is a free, simple and portable asynchronous resolver library" -url="http://www.opensmtpd.org" -arch="all" -license="ISC" -depends="" -depends_dev="" -makedepends="mdocml bison openssl-dev automake autoconf libtool" -install="" -subpackages="$pkgname-dev $pkgname-doc" -source="https://github.com/OpenSMTPD/libasr/archive/libasr-$pkgver.zip - 00-use-openbsd-res_randomid.patch" - -_builddir=${srcdir}/${pkgname}-${pkgname}-${pkgver} -prepare() { - local i - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done - ./bootstrap -} - -build() { - cd "$_builddir" - ./configure --build=$CBUILD \ - --host=$CHOST \ - --with-pie \ - --with-Werror \ - --prefix=/usr \ - --mandir=/usr/share/man \ - --with-mantype=man || return 1 - make || return 1 -} - -package() { - cd "$_builddir" - make DESTDIR=${pkgdir} install || return 1 -} - -md5sums="1919b1b1c5a08821901fd2c0a6d488a7 libasr-1.0.2.zip -2d32d1f831dc000137d5fcaf9db3e33f 00-use-openbsd-res_randomid.patch" -sha256sums="8e1ed7420446219d105ac0c384cf69160791335dc69bf1ca0581279472241ca7 libasr-1.0.2.zip -19ad3fe95f881b60c317ec63777c1b4843dbaea39d28343eb67c5bdbabe4e5f9 00-use-openbsd-res_randomid.patch" -sha512sums="2b9185c9bd953d093be397554bc024ddab03003e0c56f19018a8bc22d48434fe3364274fef631cd5e2984321368baff4cd4a504d61b71c60ceffd9e5cc3c8124 libasr-1.0.2.zip -2dd30b5147562f209b23b4a939be787304125cf559bccd937781149cc7cb487c4cf6ec358fba32a33407c7ca3e44545ebbe04ddc2a14504835409f23bdef9689 00-use-openbsd-res_randomid.patch" -- cgit v1.2.3