From 94a0aa1a3d45b41484ac4bf81b85f90dca7f7181 Mon Sep 17 00:00:00 2001 From: Adam Dickmeiss Date: Wed, 11 Nov 2015 14:13:31 +0100 Subject: [PATCH] Bundle sha1 rather than use libgcrypt/nettle --- configure.ac | 65 +-------------- debian/control | 1 - debian/rules | 1 - doc/book.xml | 18 +---- src/Makefile.am | 2 +- src/init_globals.c | 19 ----- src/wrbuf_sha1.c | 214 +++++++++++++++++++++++++++++++++++++++++--------- src/zoom-memcached.c | 4 - test/test_wrbuf.c | 6 -- yaz-config.in | 4 +- yaz.spec | 3 +- 11 files changed, 184 insertions(+), 153 deletions(-) diff --git a/configure.ac b/configure.ac index 7bcbdfd..4090a95 100644 --- a/configure.ac +++ b/configure.ac @@ -62,72 +62,11 @@ if test "$checkBoth" = "1"; then fi AC_CHECK_FUNC([gethostbyname], ,[AC_CHECK_LIB(nsl, main, [LIBS="$LIBS -lnsl"])]) dnl -dnl ------ nettle -nettle=default -AC_SUBST([NETTLE_LIBS]) -AC_ARG_WITH([nettle], [ --with-nettle Nettle library], [nettle=$withval]) -if test "$nettle" != "no"; then - AC_MSG_CHECKING([for nettle]) - if $pkgconfigpath --cflags nettle >/dev/null 2>&1 ; then - if $pkgconfigpath --atleast-version 2.0 nettle; then - AC_MSG_RESULT([yes]) - CFLAGS="$CFLAGS `$pkgconfigpath --cflags nettle`" - NETTLE_LIBS="`$pkgconfigpath --libs nettle`" - libgcryptversion=2enable - AC_DEFINE([HAVE_NETTLE],[1],[Define to 1 if nettle is enabled]) - else - AC_MSG_RESULT([no. Version 2.0 required]) - if test "$nettle" != "default"; then - AC_MSG_ERROR([nettle libraries missing]) - fi - fi - else - AC_MSG_RESULT([no]) - if test "$nettle" != "default"; then - AC_MSG_ERROR([nettle libraries missing]) - fi - fi -fi -dnl -dnl -dnl ------ libgcrypt -AC_SUBST([GCRYPT_LIBS]) -libgcryptpath=NONE -AC_ARG_WITH(libgcrypt, [ --with-libgcrypt=DIR use libgcrypt-config in DIR],[libgcryptpath=$withval]) -if test "$libgcryptpath" != "no" -a -z "$libgcryptversion"; then - if test "$libgcryptpath" = "NONE"; then - AC_PATH_PROG([libgcrypt],[libgcrypt-config],[NONE]) - elif test -x $libgcryptpath/libgcrypt-config; then - libgcrypt=$libgcryptpath/libgcrypt-config - else - libgcrypt=$libgcryptpath - fi - AC_MSG_CHECKING([for libgcrypt]) - if "$libgcrypt" --version >/dev/null 2>&1; then - libgcryptversion=`$libgcrypt --version` - libgcryptversion2=`echo "$libgcryptversion" | awk 'BEGIN { FS = "."; } { printf "%d", [$]1 * 1000 + [$]2;}'` - AC_MSG_RESULT([$libgcryptversion]) - if test $libgcryptversion2 -ge 1002; then - GCRYPT_LIBS="`$libgcrypt --libs`" - CFLAGS="$CFLAGS `$libgcrypt --cflags`" - AC_DEFINE([HAVE_GCRYPT_H],[1],[Define to 1 if libgcrypt is present]) - else - if test "$libgcryptpath" = "NONE"; then - AC_MSG_WARN([Only libgcrypt version 1.2 and later supported]) - else - AC_MSG_ERROR([Only libgcrypt version 1.2 and later supported]) - fi - libgcryptversion="" - fi - else - AC_MSG_RESULT([no]) - fi -fi dnl ------ redis hiredis=default AC_SUBST([HIREDIS_LIBS]) AC_ARG_WITH([redis], [ --with-redis hiredis library], [hiredis=$withval]) -if test "$hiredis" != "no" -a "$pkgconfigpath" != "NONE" -a "$libgcryptversion"; then +if test "$hiredis" != "no" -a "$pkgconfigpath" != "NONE"; then AC_CHECK_LIB([hiredis],[redisCommandArgv],[HIREDIS_LIBS=-lhiredis]) AC_MSG_CHECKING([for redis]) if $pkgconfigpath --cflags hiredis >/dev/null 2>&1 ; then @@ -158,7 +97,7 @@ dnl ------ memcached memcached=default AC_SUBST([MEMCACHED_LIBS]) AC_ARG_WITH([memcached], [ --with-memcached Memcached library], [memcached=$withval]) -if test "$memcached" != "no" -a -n "$libgcryptversion" -a "$pkgconfigpath" != "NONE"; then +if test "$memcached" != "no" -a "$pkgconfigpath" != "NONE"; then AC_MSG_CHECKING([for libmemcached]) if $pkgconfigpath --cflags libmemcached >/dev/null 2>&1 ; then if $pkgconfigpath --atleast-version 0.40 libmemcached; then diff --git a/debian/control b/debian/control index acf2b60..184f8cb 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,6 @@ Build-Depends: debhelper (>= 7), libreadline-dev|libreadline5-dev, libwrap0-dev, libmemcached-dev, - nettle-dev, libhiredis-dev, libicu-dev diff --git a/debian/rules b/debian/rules index 029f447..3d2eaf2 100755 --- a/debian/rules +++ b/debian/rules @@ -7,7 +7,6 @@ export DH_VERBOSE=1 override_dh_auto_configure: dh_auto_configure -- \ --enable-tcpd --with-xslt --with-gnutls --with-icu \ - --with-nettle \ --with-memcached --with-redis override_dh_strip: diff --git a/doc/book.xml b/doc/book.xml index bb99baa..d244cc4 100644 --- a/doc/book.xml +++ b/doc/book.xml @@ -682,26 +682,13 @@ - --with-libgcrypt[=prefix] - - - &yaz; will be linked with - Libgcrypt in the prefix if given. - If prefix is not given, the libraries exposed by the script - libgcrypt-config will be used if found. - - - - - --with-memcached &yaz; will be linked with libMemcached to allow for result-set caching for ZOOM. - The prefix can not be given. Note that YAZ will only search - for libMemcached if Libgcrypt is also enabled. + The prefix can not be given. Note that 0.40 of libmemcached is required. @@ -714,8 +701,7 @@ &yaz; will be linked with the hiredis C library to allow for result-set caching for ZOOM on a redis server. - The prefix can not be given. Note that YAZ will only search - for hiredis if Libgcrypt is also enabled. + The prefix can not be given. diff --git a/src/Makefile.am b/src/Makefile.am index d44c5c2..ada5e10 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -26,7 +26,7 @@ YAZCOMP_Z = $(YAZCOMP) -d $(srcdir)/z.tcl -i yaz -I$(top_srcdir)/include YAZCOMP_I = $(YAZCOMP) -d $(srcdir)/ill.tcl -i yaz -I$(top_srcdir)/include AM_CPPFLAGS=-I$(top_srcdir)/include $(XML2_CFLAGS) $(SSL_CFLAGS) -libyaz_la_LIBADD = $(SSL_LIBS) $(TCPD_LIBS) $(NETTLE_LIBS) $(GCRYPT_LIBS) \ +libyaz_la_LIBADD = $(SSL_LIBS) $(TCPD_LIBS) \ $(MEMCACHED_LIBS) $(HIREDIS_LIBS) libyaz_server_la_LIBADD = libyaz.la libyaz_icu_la_CPPFLAGS = $(AM_CPPFLAGS) $(ICU_CPPFLAGS) -I$(top_srcdir)/libstemmer_c/include diff --git a/src/init_globals.c b/src/init_globals.c index 4d3804d..5442c4b 100644 --- a/src/init_globals.c +++ b/src/init_globals.c @@ -23,10 +23,6 @@ #include #endif -#if HAVE_GCRYPT_H -#include -#endif - #if YAZ_HAVE_XML2 #include #endif @@ -47,10 +43,6 @@ static pthread_mutex_t yaz_init_mutex = PTHREAD_MUTEX_INITIALIZER; extern void yaz_log_init_globals(void); extern void yaz_log_deinit_globals(void); -#if HAVE_GCRYPT_H -GCRY_THREAD_OPTION_PTHREAD_IMPL; -#endif - void yaz_init_globals(void) { if (yaz_init_flag) @@ -61,20 +53,9 @@ void yaz_init_globals(void) if (!yaz_init_flag) { yaz_log_init_globals(); -#if HAVE_GCRYPT_H - /* POSIX threads locking. In case gnutls_global_init do not override */ - gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); -#endif #if HAVE_GNUTLS_H gnutls_global_init(); #endif -#if HAVE_GCRYPT_H - /* most likely, GnuTLS has already initialized libgcrypt */ - if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0) - { - gcry_control(GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); - } -#endif #if YAZ_HAVE_XML2 xmlInitParser(); #endif diff --git a/src/wrbuf_sha1.c b/src/wrbuf_sha1.c index d801a28..3aee3ca 100644 --- a/src/wrbuf_sha1.c +++ b/src/wrbuf_sha1.c @@ -17,57 +17,197 @@ #include #include -#if HAVE_GCRYPT_H -#include + +/* +SHA-1 in C +By Steve Reid +100% Public Domain +*/ + +/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */ +/* #define SHA1HANDSOFF * Copies data before messing with it. */ + +#define SHA1HANDSOFF + +#include +#include + +typedef struct { + uint32_t state[5]; + uint32_t count[2]; + unsigned char buffer[64]; +} SHA1_CTX; + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#if BYTE_ORDER == LITTLE_ENDIAN +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +#elif BYTE_ORDER == BIG_ENDIAN +#define blk0(i) block->l[i] +#else +#error "Endianness not defined!" +#endif +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +static void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) +{ + uint32_t a, b, c, d, e; + typedef union { + unsigned char c[64]; + uint32_t l[16]; + } CHAR64LONG16; +#ifdef SHA1HANDSOFF + CHAR64LONG16 block[1]; /* use array to appear as a pointer */ + memcpy(block, buffer, 64); +#else + /* The following had better never be used because it causes the + * pointer-to-const buffer to be cast into a pointer to non-const. + * And the result is written through. I threw a "const" in, hoping + * this will cause a diagnostic. + */ + CHAR64LONG16* block = (const CHAR64LONG16*)buffer; #endif -#if HAVE_NETTLE -#include + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +#ifdef SHA1HANDSOFF + memset(block, '\0', sizeof(block)); #endif +} + + +/* SHA1Init - Initialize new context */ + +static void SHA1Init(SHA1_CTX* context) +{ + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; +} + + +/* Run your data through this. */ + +static void SHA1Update(SHA1_CTX* context, const unsigned char* data, uint32_t len) +{ + uint32_t i; + uint32_t j; + + j = context->count[0]; + if ((context->count[0] += len << 3) < j) + context->count[1]++; + context->count[1] += (len>>29); + j = (j >> 3) & 63; + if ((j + len) > 63) { + memcpy(&context->buffer[j], data, (i = 64-j)); + SHA1Transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) { + SHA1Transform(context->state, &data[i]); + } + j = 0; + } + else i = 0; + memcpy(&context->buffer[j], &data[i], len - i); +} + + +/* Add padding and return the message digest. */ + +static void SHA1Final(unsigned char digest[20], SHA1_CTX* context) +{ + unsigned i; + unsigned char finalcount[8]; + unsigned char c; + + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + c = 0200; + SHA1Update(context, &c, 1); + while ((context->count[0] & 504) != 448) { + c = 0000; + SHA1Update(context, &c, 1); + } + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++) { + digest[i] = (unsigned char) + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } + /* Wipe variables */ + memset(context, '\0', sizeof(*context)); + memset(&finalcount, '\0', sizeof(finalcount)); +} + int wrbuf_sha1_write(WRBUF b, const char *cp, size_t sz, int hexit) { -#if HAVE_NETTLE - struct sha1_ctx ctx; - uint8_t digest[SHA1_DIGEST_SIZE]; + unsigned char digest[20]; + SHA1_CTX ctx; - sha1_init(&ctx); - sha1_update(&ctx, sz, (uint8_t *) cp); - sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest); + SHA1Init(&ctx); + SHA1Update(&ctx, (unsigned char *) cp, sz); + SHA1Final(digest, &ctx); if (hexit) { int i; - for (i = 0; i < SHA1_DIGEST_SIZE; i++) + for (i = 0; i < 20; i++) wrbuf_printf(b, "%02x", digest[i]); } else - wrbuf_write(b, (const char *) digest, SHA1_DIGEST_SIZE); + wrbuf_write(b, (const char *) digest, 20); return 0; -#elif HAVE_GCRYPT_H - gcry_error_t e; - gcry_md_hd_t hd; - const unsigned char *digest_buf; - int digest_len = gcry_md_get_algo_dlen(GCRY_MD_SHA1); - - e = gcry_md_open(&hd, GCRY_MD_SHA1, 0); - if (e) - return -1; - gcry_md_write(hd, cp, sz); - - digest_buf = gcry_md_read(hd, GCRY_MD_SHA1); - if (hexit) - { - int i; - for (i = 0; i < digest_len; i++) - wrbuf_printf(b, "%02x", digest_buf[i]); - } - else - wrbuf_write(b, (const char *) digest_buf, digest_len); - gcry_md_close(hd); - return 0; -#else - return -1; -#endif } int wrbuf_sha1_puts(WRBUF b, const char *cp, int hexit) diff --git a/src/zoom-memcached.c b/src/zoom-memcached.c index 4ee605b..31fd9ec 100644 --- a/src/zoom-memcached.c +++ b/src/zoom-memcached.c @@ -185,7 +185,6 @@ int ZOOM_memcached_configure(ZOOM_connection c) return 0; } -#if HAVE_GCRYPT_H || HAVE_NETTLE static void wrbuf_vary_puts(WRBUF w, const char *v) { if (v) @@ -200,11 +199,9 @@ static void wrbuf_vary_puts(WRBUF w, const char *v) } } } -#endif void ZOOM_memcached_resultset(ZOOM_resultset r, ZOOM_query q) { -#if HAVE_GCRYPT_H || HAVE_NETTLE ZOOM_connection c = r->connection; r->mc_key = wrbuf_alloc(); @@ -228,7 +225,6 @@ void ZOOM_memcached_resultset(ZOOM_resultset r, ZOOM_query q) } wrbuf_puts(r->mc_key, ";"); wrbuf_vary_puts(r->mc_key, r->req_facets); -#endif } void ZOOM_memcached_search(ZOOM_connection c, ZOOM_resultset resultset) diff --git a/test/test_wrbuf.c b/test/test_wrbuf.c index 278122b..1e57a38 100644 --- a/test/test_wrbuf.c +++ b/test/test_wrbuf.c @@ -17,14 +17,10 @@ static int sha1_test(WRBUF wr, const char *msg, const char *expect) { wrbuf_rewind(wr); -#if HAVE_GCRYPT_H || HAVE_NETTLE wrbuf_sha1_write(wr, msg, strlen(msg), 1); if (!strcmp(wrbuf_cstr(wr), expect)) return 1; return 0; -#else - return 1; -#endif } #if YAZ_POSIX_THREADS @@ -36,9 +32,7 @@ static void *my_handler(void *arg) { char buf[100]; sprintf(buf, "Hello world %d", i); -#if HAVE_GCRYPT_H || HAVE_NETTLE wrbuf_sha1_write(wr, buf, strlen(buf), 1); -#endif wrbuf_rewind(wr); } wrbuf_destroy(wr); diff --git a/yaz-config.in b/yaz-config.in index a5d7384..d3c843e 100644 --- a/yaz-config.in +++ b/yaz-config.in @@ -19,8 +19,6 @@ build_root="@abs_top_builddir@" ICU_LIBS="@ICU_LIBS@" ICU_CPPFLAGS="@ICU_CPPFLAGS@" SSL_LIBS="@SSL_LIBS@" -GCRYPT_LIBS="@GCRYPT_LIBS@" -NETTLE_LIBS="@NETTLE_LIBS@" MEMCACHED_LIBS="@MEMCACHED_LIBS@" HIREDIS_LIBS="@HIREDIS_LIBS@" LIBS="@LIBS@" @@ -134,7 +132,7 @@ if test "$echo_source" = "yes"; then else YAZLIB="-L${build_root}/src/.libs $YAZLIB" fi - LIBS="${SSL_LIBS} ${GCRYPT_LIBS} ${NETTLE_LIBS} ${MEMCACHED_LIBS} ${HIREDIS_LIBS} $LIBS" + LIBS="${SSL_LIBS} ${MEMCACHED_LIBS} ${HIREDIS_LIBS} $LIBS" YAZLIB="$YAZLIB $LIBS" YAZLALIB="${build_root}/src/libyaz.la" diff --git a/yaz.spec b/yaz.spec index 61e863c..e654ca5 100644 --- a/yaz.spec +++ b/yaz.spec @@ -48,7 +48,6 @@ BuildRequires: libxslt-devel BuildRequires: readline-devel BuildRequires: libicu-devel BuildRequires: wget -BuildRequires: libgcrypt-devel %if %is_redhat5 %else BuildRequires: hiredis-devel @@ -63,7 +62,7 @@ for the ANSI/NISO Z39.50 protocol for Information Retrieval. %package -n libyaz5 Summary: Z39.50 Library Group: Libraries -Requires: libxslt, gnutls, libicu, libgcrypt +Requires: libxslt, gnutls, libicu %if %is_redhat5 %else Requires: hiredis -- 1.7.10.4