commit: d19e6b823b76a87264202bbdd9c5b7e9773554e9 parent 9c81417ff34ccee69f204cb328b39a2f4831e163 Author: Michael Forney <mforney@mforney.org> Date: Mon, 5 Nov 2018 12:25:49 -0800 Use musl 1.1.20 getentropyDiffstat:
17 files changed, 10 insertions(+), 133 deletions(-)diff --git a/config.def.lua b/config.def.lua@@ -37,9 +37,6 @@ return { branch='master', }, - -- TLS implementation (possible_values: libressl bearssl) - tls='libressl', - -- GPU driver (possible_values: amdgpu intel nouveau) -- video_drivers={intel=true} }diff --git a/pkg/curl/README.md b/pkg/curl/README.md@@ -11,7 +11,7 @@ Generated with --without-ca-bundle \ CPPFLAGS='-I/src/oasis/out/pkg/libressl/include -I/src/oasis/out/pkg/zlib/include' \ LDFLAGS='-L/src/oasis/out/pkg/openbsd -L/src/oasis/out/pkg/libressl -L/src/oasis/out/pkg/zlib' \ - LIBS='-lbsd -lcrypto-sha' + LIBS='-lbsd' There are a number of non-standard definitions, but they don't seem to be architecture-specific except fordiff --git a/pkg/expat/README.md b/pkg/expat/README.md@@ -5,5 +5,5 @@ Generated with ./configure \ CPPFLAGS=-I/src/oasis/pkg/openbsd/include \ - LDFLAGS='-L/src/oasis/pkg/libressl -L/src/oasis/pkg/openbsd' \ - LIBS='-lbsd -lcrypto-sha' + LDFLAGS='-L/src/oasis/pkg/openbsd' \ + LIBS='-lbsd'diff --git a/pkg/fontconfig/README.md b/pkg/fontconfig/README.md@@ -15,4 +15,4 @@ Generated with UUID_CFLAGS=-I/src/oasis/out/pkg/util-linux/include \ UUID_LIBS=/src/oasis/out/pkg/util-linux/libuuid.a \ EXPAT_CFLAGS=-I/src/oasis/out/pkg/expat/include \ - EXPAT_LIBS='/src/oasis/out/pkg/expat/libexpat.a /src/oasis/out/pkg/openbsd/libbsd.a /src/oasis/out/pkg/libressl/libcrypto-sha.a' + EXPAT_LIBS='/src/oasis/out/pkg/expat/libexpat.a /src/oasis/out/pkg/openbsd/libbsd.a'diff --git a/pkg/libressl/gen.lua b/pkg/libressl/gen.lua@@ -94,7 +94,6 @@ pkg.hdrs = { } -- src/crypto/Makefile.am -lib('libcrypto-sha.a', [[crypto/sha/(sha1dgst.c sha1_one.c sha256.c sha512.c)]]) lib('libcrypto.a', [[crypto/( cryptlib.c malloc-wrapper.c mem_dbg.c cversion.c ex_data.c cpt_err.c o_time.c o_str.c o_init.c @@ -241,6 +240,7 @@ lib('libcrypto.a', [[crypto/( rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c rsa_pmeth.c rsa_crpt.c rsa_meth.c ) + sha/(sha1dgst.c sha1_one.c sha256.c sha512.c) stack/stack.c ts/( ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c @@ -273,7 +273,7 @@ lib('libcrypto.a', [[crypto/( des/(des_enc.c fcrypt_b.c) rc4/(rc4_enc.c rc4_skey.c) whrlpool/wp_block.c -) libcrypto-sha.a $builddir/pkg/openbsd/libbsd.a.d]]) +) $builddir/pkg/openbsd/libbsd.a.d]]) file('lib/libcrypto.a', '644', '$outdir/libcrypto.a') -- src/ssl/Makefile.amdiff --git a/pkg/openbsd/gen.lua b/pkg/openbsd/gen.lua@@ -5,17 +5,6 @@ cflags{ '-idirafter $srcdir/sys', '-idirafter $srcdir/lib/libutil', } -local libs - -if not config.tls or config.tls == 'libressl' then - cflags{'-D USE_OPENSSL', '-I $builddir/pkg/libressl/include'} - libs = {'$builddir/pkg/libressl/libcrypto-sha.a'} -elseif config.tls == 'bearssl' then - cflags{'-D USE_BEARSSL', '-I pkg/bearssl/src/inc'} - libs = {'$builddir/pkg/bearssl/libbearssl.a'} -else - error('unknown config.tls: '..config.tls) -end -- Link arc4random.c to '$outdir' so that it doesn't include the local -- arc4random.h @@ -27,7 +16,7 @@ cc('$outdir/lib/libc/crypt/arc4random.c', { '$outdir/lib/libc/crypt/chacha_private.h', }) -lib('libbsd.a', {paths[[ +lib('libbsd.a', [[ lib/libc/( crypt/(arc4random.c.o arc4random_uniform.c) gen/(fts.c getprogname.c pwcache.c readpassphrase.c setprogname.c unvis.c vis.c warnc.c vwarnc.c) @@ -35,9 +24,8 @@ lib('libbsd.a', {paths[[ stdlib/(freezero.c reallocarray.c recallocarray.c strtonum.c) string/(explicit_bzero.c strmode.c timingsafe_bcmp.c timingsafe_memcmp.c) ) - lib/libcrypto/arc4random/getentropy_linux.c lib/libutil/ohash.c -]], libs}, {'pkg/libressl/headers'}) +]]) file('lib/libbsd.a', '644', '$outdir/libbsd.a') -- diffdiff --git a/pkg/openbsd/include/unistd.h b/pkg/openbsd/include/unistd.h@@ -1,4 +1,3 @@ #include_next <unistd.h> #define pledge(request, paths) 0 /* linux doesn't have pledge */ #define unveil(path, permissions) 0 /* linux doesn't have unveil */ -int getentropy(void *, size_t);diff --git a/pkg/openbsd/patch/0018-getentropy-Support-BearSSL-SHA512-implementation.patch b/pkg/openbsd/patch/0018-getentropy-Support-BearSSL-SHA512-implementation.patch@@ -1,107 +0,0 @@ -From 37f2f6274588cad438c6fd6c7b37bd5e5ce3ae20 Mon Sep 17 00:00:00 2001 -From: Michael Forney <mforney@mforney.org> -Date: Sat, 27 May 2017 18:49:33 -0700 -Subject: [PATCH] getentropy: Support BearSSL SHA512 implementation - ---- - lib/libcrypto/arc4random/getentropy_linux.c | 33 ++++++++++++++++++++++++++++- - 1 file changed, 32 insertions(+), 1 deletion(-) - -diff --git a/lib/libcrypto/arc4random/getentropy_linux.c b/lib/libcrypto/arc4random/getentropy_linux.c -index a845239eb3e..6a7fe863abb 100644 ---- a/lib/libcrypto/arc4random/getentropy_linux.c -+++ b/lib/libcrypto/arc4random/getentropy_linux.c -@@ -47,7 +47,13 @@ - #include <errno.h> - #include <unistd.h> - #include <time.h> -+#if defined(USE_OPENSSL) - #include <openssl/sha.h> -+#elif defined(USE_BEARSSL) -+#include <bearssl.h> -+#else -+#error "missing SHA512 implementation" -+#endif - - #include <linux/types.h> - #include <linux/random.h> -@@ -67,9 +73,15 @@ - HD(b); \ - } while (0) - -+#if defined(USE_OPENSSL) - #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) - #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) - #define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) -+#elif defined(USE_BEARSSL) -+#define HR(x, l) (br_sha512_update(&ctx, (char *)(x), (l))) -+#define HD(x) (br_sha512_update(&ctx, (char *)&(x), sizeof (x))) -+#define HF(x) (br_sha512_update(&ctx, (char *)&(x), sizeof (void*))) -+#endif - - int getentropy(void *buf, size_t len); - -@@ -330,16 +342,28 @@ static const int cl[] = { - static int - getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) - { -+#if defined(USE_OPENSSL) - SHA512_CTX *ctx = data; - - SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); -+#elif defined(USE_BEARSSL) -+ br_sha512_context *ctx = data; -+ -+ br_sha512_update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); -+#endif - return (0); - } - - static int - getentropy_fallback(void *buf, size_t len) - { -+#if defined(USE_OPENSSL) - uint8_t results[SHA512_DIGEST_LENGTH]; -+ SHA512_CTX ctx; -+#elif defined(USE_BEARSSL) -+ uint8_t results[br_sha512_SIZE]; -+ br_sha512_context ctx; -+#endif - int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; - static int cnt; - struct timespec ts; -@@ -347,7 +371,6 @@ getentropy_fallback(void *buf, size_t len) - struct rusage ru; - sigset_t sigset; - struct stat st; -- SHA512_CTX ctx; - static pid_t lastpid; - pid_t pid; - size_t i, ii, m; -@@ -364,7 +387,11 @@ getentropy_fallback(void *buf, size_t len) - } - for (i = 0; i < len; ) { - int j; -+#if defined(USE_OPENSSL) - SHA512_Init(&ctx); -+#elif defined(USE_BEARSSL) -+ br_sha512_init(&ctx); -+#endif - for (j = 0; j < repeat; j++) { - HX((e = gettimeofday(&tv, NULL)) == -1, tv); - if (e != -1) { -@@ -535,7 +562,11 @@ getentropy_fallback(void *buf, size_t len) - #endif - #endif - -+#if defined(USE_OPENSSL) - SHA512_Final(results, &ctx); -+#elif defined(USE_BEARSSL) -+ br_sha512_out(&ctx, results); -+#endif - memcpy((char *)buf + i, results, min(sizeof(results), len - i)); - i += min(sizeof(results), len - i); - } --- -2.14.2 -diff --git a/pkg/openbsd/patch/0019-nc-Port-to-linux.patch b/pkg/openbsd/patch/0018-nc-Port-to-linux.patchdiff --git a/pkg/openbsd/patch/0020-yacc-Remove-__unused.patch b/pkg/openbsd/patch/0019-yacc-Remove-__unused.patchdiff --git a/pkg/openbsd/patch/0021-Add-standalone-freezero.patch b/pkg/openbsd/patch/0020-Add-standalone-freezero.patchdiff --git a/pkg/openbsd/patch/0022-m4-Use-hand-written-lexer-to-avoid-cycle-in-bootstra.patch b/pkg/openbsd/patch/0021-m4-Use-hand-written-lexer-to-avoid-cycle-in-bootstra.patchdiff --git a/pkg/openbsd/patch/0023-m4-Use-_Noreturn-instead-of-__dead.patch b/pkg/openbsd/patch/0022-m4-Use-_Noreturn-instead-of-__dead.patchdiff --git a/pkg/openbsd/patch/0024-m4-Add-missing-includes.patch b/pkg/openbsd/patch/0023-m4-Add-missing-includes.patchdiff --git a/pkg/openbsd/patch/0025-libutil-Add-missing-includes.patch b/pkg/openbsd/patch/0024-libutil-Add-missing-includes.patchdiff --git a/pkg/openntpd/README.md b/pkg/openntpd/README.md@@ -7,4 +7,4 @@ Generated with --with-privsep-user=ntpd \ CPPFLAGS='-I/src/oasis/out/pkg/libressl/include' \ LDFLAGS='-L/src/oasis/out/pkg/libressl -L/src/oasis/out/pkg/openbsd' \ - LIBS='-ltls -lssl -lcrypto -lbsd -lcrypto-sha' + LIBS='-ltls -lssl -lcrypto -lbsd'diff --git a/pkg/openssh/README.md b/pkg/openssh/README.md@@ -8,7 +8,7 @@ Generated with --without-pie \ CPPFLAGS='-I/src/oasis/out/pkg/zlib/include' \ LDFLAGS='-L/src/oasis/out/pkg/libressl -L/src/oasis/out/pkg/openbsd -L/src/oasis/out/pkg/zlib' \ - LIBS='-lcrypto -lbsd -lcrypto-sha' + LIBS='-lcrypto -lbsd' Several changes were made: * `SECCOMP_AUDIT_ARCH` and `SANDBOX_SECCOMP_FILTER` were removed