Commit Diff
Diff:
33f9b1f35789f814ea389762db082592b6db523a
fedd844fe692bae9868242e721b6e66e72db4a18
Commit:
fedd844fe692bae9868242e721b6e66e72db4a18
Tree:
1adcb59853613cd9db86cd9b3be9718222711fc0
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Sat Sep 27 17:38:28 2014 UTC
Message:
we now rely on libressl 2.0.5, one must download this if using linux and make it (takes about an hour on the raspberry pi) this is better though than having to maintain a utility for arc4random which portably is hard to get right, just let libressl take care of that. We also fix the Mac OS X port with this. At least it compiles now.
blob - dfa4163cb596a3cecb98afbc33cf059c9b8faef8
blob + 62601df43c1995f94d7c7f6b1fe7fa02c33575f0
--- Makefile.freebsd
+++ Makefile.freebsd
@@ -1,6 +1,6 @@
PROG=wildcarddnsd
-SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c res_random.c log.c axfr.c filter.c ratelimit.c whitelist.c
+SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c log.c axfr.c filter.c ratelimit.c whitelist.c
CFLAGS= -Wall -g -I/usr/local/include/db5/
LDFLAGS= -Wall -g -L/usr/local/lib/db5/
blob - 76cee253e3cb44ad130b247e671c50e4fac1ab68
blob + 5dc5612fe1d26eb4410c2134e8489ace69327347
--- Makefile.linux
+++ Makefile.linux
@@ -1,8 +1,9 @@
CC=gcc
#CFLAGS=-DDEBUG
CFLAGS=
-LDADD= -ldb -lssl -lresolv
+LDADD= -ldb -lresolv -lcrypto -lrt
YACC=bison
+AR=ar
@@ -16,18 +17,21 @@ build:
$(CC) $(CFLAGS) -c region.c
$(CC) $(CFLAGS) -c wildcard.c
$(CC) $(CFLAGS) -c recurse.c
- $(CC) $(CFLAGS) -c bsd-arc4random.c
- $(CC) $(CFLAGS) -c res_random.c
$(CC) $(CFLAGS) -c log.c
$(CC) $(CFLAGS) -c axfr.c
$(CC) $(CFLAGS) -c filter.c
$(CC) $(CFLAGS) -c ratelimit.c
$(CC) $(CFLAGS) -c whitelist.c
- $(CC) $(CFLAGS) -o wildcarddnsd additional.o main.o parse.o reply.o region.o wildcard.o recurse.o bsd-arc4random.o res_random.o log.o axfr.o filter.o ratelimit.o whitelist.o $(LDADD)
+ $(AR) -x libresslcrypto.a libcompat_la-arc4random.o
+ $(AR) -x libresslcrypto.a libcompat_la-getentropy_linux.o
+ $(AR) -x libresslcrypto.a libcompatnoopt_la-explicit_bzero.o
+ $(CC) $(CFLAGS) -o wildcarddnsd additional.o main.o parse.o reply.o region.o wildcard.o recurse.o log.o axfr.o filter.o ratelimit.o whitelist.o libcompat_la-arc4random.o libcompat_la-getentropy_linux.o libcompatnoopt_la-explicit_bzero.o $(LDADD)
install:
- test -f wildcarddnsd && install wildcarddnsd /usr/local/sbin/
+ test -f wildcarddnsd && install -m 555 wildcarddnsd /usr/local/sbin/
+ mkdir -p /usr/local/man/man8 && install -m 444 wildcarddnsd.8 /usr/local/man/man8
+ mkdir -p /usr/local/man/man5 && install -m 444 wildcarddns.conf.5 /usr/local/man/man5
clean:
blob - 5b7e9b6faac3827629d78f627697823caf8c710a
blob + d08f60c474516bc04f93f5c1c50d03d5098f66f6
--- Makefile.macosx
+++ Makefile.macosx
@@ -2,13 +2,14 @@ PROG=wildcarddnsd
CC=gcc
CFLAGS=-I/opt/local/include/db48 -L/opt/local/lib/db48 -D__APPLE_USE_RFC_3542=1
LDADD=-ldb -lssl -lcrypto -DDEFAULT_PRIVILEGE="nobody"
-YACC=yacc
+YACC=bison
build:
- $(YACC) $(CFLAGS) -d parse.y
+ $(YACC) -y -d parse.y
+ mv -f y.tab.c parse.c
+ $(CC) $(CFLAGS) -c parse.c
$(CC) $(CFLAGS) -c additional.c
$(CC) $(CFLAGS) -c main.c
- $(CC) $(CFLAGS) -c parse.c
$(CC) $(CFLAGS) -c reply.c
$(CC) $(CFLAGS) -c region.c
$(CC) $(CFLAGS) -c wildcard.c
@@ -17,10 +18,8 @@ build:
$(CC) $(CFLAGS) -c axfr.c
$(CC) $(CFLAGS) -c filter.c
$(CC) $(CFLAGS) -c ratelimit.c
- $(CC) $(CFLAGS) -c res_random.c
- $(CC) $(CFLAGS) -c bsd-arc4random.c
$(CC) $(CFLAGS) -c whitelist.c
- $(CC) $(CFLAGS) -o wildcarddnsd additional.o main.o parse.o reply.o region.o wildcard.o log.o recurse.o axfr.o res_random.c bsd-arc4random.o filter.o ratelimit.o whitelist.o $(LDADD)
+ $(CC) $(CFLAGS) -o wildcarddnsd additional.o main.o parse.o reply.o region.o wildcard.o log.o recurse.o axfr.o filter.o ratelimit.o whitelist.o $(LDADD)
clean:
rm -f *.o wildcarddnsd config.h Makefile
blob - a2a0a2ca8244abc1f7a687981288e7c75e4c661e
blob + 6192d32e471111b3405817abb7b6458f4b7ba79b
--- Makefile.netbsd
+++ Makefile.netbsd
@@ -1,6 +1,6 @@
PROG=wildcarddnsd
-SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c res_random.c bsd-arc4random.c log.c axfr.c filter.c ratelimit.c whitelist.c
+SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c log.c axfr.c filter.c ratelimit.c whitelist.c
CFLAGS= -Wall -g -I/usr/pkg/include/db46/
LDFLAGS= -Wall -g -L/usr/pkg/lib -R/usr/pkg/lib
blob - 5ae8ef2cfe69a53302be8dad8db404db52a1c9ba
blob + 9c8dcd91681f3061d34540160bc1ebc7d368dd31
--- Makefile.openbsd
+++ Makefile.openbsd
@@ -1,6 +1,6 @@
PROG=wildcarddnsd
-SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c res_random.c log.c axfr.c filter.c ratelimit.c whitelist.c
+SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c log.c axfr.c filter.c ratelimit.c whitelist.c
#CFLAGS= -DDEBUG -g -Wall
CFLAGS= -Wall -g -I/usr/local/include/db4
blob - 6ad67e480929ef37d2c27bb6f9ef3933c81c110b (mode 644)
blob + /dev/null
--- bsd-arc4random.c
+++ /dev/null
@@ -1,276 +0,0 @@
-/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */
-
-/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * ChaCha based random number generator for OpenBSD.
- */
-
-
-#include "include.h"
-
-#ifndef HAVE_ARC4RANDOM
-
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-#define KEYSTREAM_ONLY
-#include "chacha_private.h"
-
-#ifndef MAX
-# define MAX(a,b) (((a)>(b))?(a):(b))
-# define MIN(a,b) (((a)<(b))?(a):(b))
-#endif
-
-#ifdef __GNUC__
-#define inline __inline
-#else /* !__GNUC__ */
-#define inline
-#endif /* !__GNUC__ */
-
-/* OpenSSH isn't multithreaded */
-#define _ARC4_LOCK()
-#define _ARC4_UNLOCK()
-
-#define KEYSZ 32
-#define IVSZ 8
-#define BLOCKSZ 64
-#define RSBUFSZ (16*BLOCKSZ)
-static int rs_initialized;
-static pid_t rs_stir_pid;
-static chacha_ctx rs; /* chacha context for random keystream */
-static u_char rs_buf[RSBUFSZ]; /* keystream blocks */
-static size_t rs_have; /* valid bytes at end of rs_buf */
-static size_t rs_count; /* bytes till reseed */
-
-static inline void _rs_rekey(u_char *dat, size_t datlen);
-
-extern void slave_shutdown(void);
-
-static inline void
-_rs_init(u_char *buf, size_t n)
-{
- if (n < KEYSZ + IVSZ)
- return;
- chacha_keysetup(&rs, buf, KEYSZ * 8, 0);
- chacha_ivsetup(&rs, buf + KEYSZ);
-}
-
-static void
-_rs_stir(void)
-{
- u_char rnd[KEYSZ + IVSZ];
-
- if (RAND_bytes(rnd, sizeof(rnd)) <= 0) {
- dolog(LOG_ERR, "Couldn't obtain random bytes (error %ld)",
- ERR_get_error());
- slave_shutdown();
- exit(1);
- }
-
- if (!rs_initialized) {
- rs_initialized = 1;
- _rs_init(rnd, sizeof(rnd));
- } else
- _rs_rekey(rnd, sizeof(rnd));
- memset(rnd, 0, sizeof(rnd));
-
- /* invalidate rs_buf */
- rs_have = 0;
- memset(rs_buf, 0, RSBUFSZ);
-
- rs_count = 1600000;
-}
-
-static inline void
-_rs_stir_if_needed(size_t len)
-{
- pid_t pid = getpid();
-
- if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) {
- rs_stir_pid = pid;
- _rs_stir();
- } else
- rs_count -= len;
-}
-
-static inline void
-_rs_rekey(u_char *dat, size_t datlen)
-{
-#ifndef KEYSTREAM_ONLY
- memset(rs_buf, 0,RSBUFSZ);
-#endif
- /* fill rs_buf with the keystream */
- chacha_encrypt_bytes(&rs, rs_buf, rs_buf, RSBUFSZ);
- /* mix in optional user provided data */
- if (dat) {
- size_t i, m;
-
- m = MIN(datlen, KEYSZ + IVSZ);
- for (i = 0; i < m; i++)
- rs_buf[i] ^= dat[i];
- }
- /* immediately reinit for backtracking resistance */
- _rs_init(rs_buf, KEYSZ + IVSZ);
- memset(rs_buf, 0, KEYSZ + IVSZ);
- rs_have = RSBUFSZ - KEYSZ - IVSZ;
-}
-
-static inline void
-_rs_random_buf(void *_buf, size_t n)
-{
- u_char *buf = (u_char *)_buf;
- size_t m;
-
- _rs_stir_if_needed(n);
- while (n > 0) {
- if (rs_have > 0) {
- m = MIN(n, rs_have);
- memcpy(buf, rs_buf + RSBUFSZ - rs_have, m);
- memset(rs_buf + RSBUFSZ - rs_have, 0, m);
- buf += m;
- n -= m;
- rs_have -= m;
- }
- if (rs_have == 0)
- _rs_rekey(NULL, 0);
- }
-}
-
-static inline void
-_rs_random_u32(u_int32_t *val)
-{
- _rs_stir_if_needed(sizeof(*val));
- if (rs_have < sizeof(*val))
- _rs_rekey(NULL, 0);
- memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val));
- memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val));
- rs_have -= sizeof(*val);
- return;
-}
-
-void
-arc4random_stir(void)
-{
- _ARC4_LOCK();
- _rs_stir();
- _ARC4_UNLOCK();
-}
-
-void
-arc4random_addrandom(u_char *dat, int datlen)
-{
- int m;
-
- _ARC4_LOCK();
- if (!rs_initialized)
- _rs_stir();
- while (datlen > 0) {
- m = MIN(datlen, KEYSZ + IVSZ);
- _rs_rekey(dat, m);
- dat += m;
- datlen -= m;
- }
- _ARC4_UNLOCK();
-}
-
-u_int32_t
-arc4random(void)
-{
- u_int32_t val;
-
- _ARC4_LOCK();
- _rs_random_u32(&val);
- _ARC4_UNLOCK();
- return val;
-}
-
-/*
- * If we are providing arc4random, then we can provide a more efficient
- * arc4random_buf().
- */
-# ifndef HAVE_ARC4RANDOM_BUF
-void
-arc4random_buf(void *buf, size_t n)
-{
- _ARC4_LOCK();
- _rs_random_buf(buf, n);
- _ARC4_UNLOCK();
-}
-# endif /* !HAVE_ARC4RANDOM_BUF */
-#endif /* !HAVE_ARC4RANDOM */
-
-/* arc4random_buf() that uses platform arc4random() */
-#if !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM)
-void
-arc4random_buf(void *_buf, size_t n)
-{
- size_t i;
- u_int32_t r = 0;
- char *buf = (char *)_buf;
-
- for (i = 0; i < n; i++) {
- if (i % 4 == 0)
- r = arc4random();
- buf[i] = r & 0xff;
- r >>= 8;
- }
- i = r = 0;
-}
-#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */
-
-#ifndef HAVE_ARC4RANDOM_UNIFORM
-/*
- * Calculate a uniformly distributed random number less than upper_bound
- * avoiding "modulo bias".
- *
- * Uniformity is achieved by generating new random numbers until the one
- * returned is outside the range [0, 2**32 % upper_bound). This
- * guarantees the selected random number will be inside
- * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
- * after reduction modulo upper_bound.
- */
-u_int32_t
-arc4random_uniform(u_int32_t upper_bound)
-{
- u_int32_t r, min;
-
- if (upper_bound < 2)
- return 0;
-
- /* 2**32 % x == (2**32 - x) % x */
- min = -upper_bound % upper_bound;
-
- /*
- * This could theoretically loop forever but each retry has
- * p > 0.5 (worst case, usually far better) of selecting a
- * number inside the range we need, so it should rarely need
- * to re-roll.
- */
- for (;;) {
- r = arc4random();
- if (r >= min)
- break;
- }
-
- return r % upper_bound;
-}
-#endif /* !HAVE_ARC4RANDOM_UNIFORM */
blob - 7c3680fa6d64f1815d48f078c60243f076b3c27a (mode 644)
blob + /dev/null
--- chacha_private.h
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
-chacha-merged.c version 20080118
-D. J. Bernstein
-Public domain.
-*/
-
-/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */
-
-typedef unsigned char u8;
-typedef unsigned int u32;
-
-typedef struct
-{
- u32 input[16]; /* could be compressed */
-} chacha_ctx;
-
-#define U8C(v) (v##U)
-#define U32C(v) (v##U)
-
-#define U8V(v) ((u8)(v) & U8C(0xFF))
-#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
-
-#define ROTL32(v, n) \
- (U32V((v) << (n)) | ((v) >> (32 - (n))))
-
-#define U8TO32_LITTLE(p) \
- (((u32)((p)[0]) ) | \
- ((u32)((p)[1]) << 8) | \
- ((u32)((p)[2]) << 16) | \
- ((u32)((p)[3]) << 24))
-
-#define U32TO8_LITTLE(p, v) \
- do { \
- (p)[0] = U8V((v) ); \
- (p)[1] = U8V((v) >> 8); \
- (p)[2] = U8V((v) >> 16); \
- (p)[3] = U8V((v) >> 24); \
- } while (0)
-
-#define ROTATE(v,c) (ROTL32(v,c))
-#define XOR(v,w) ((v) ^ (w))
-#define PLUS(v,w) (U32V((v) + (w)))
-#define PLUSONE(v) (PLUS((v),1))
-
-#define QUARTERROUND(a,b,c,d) \
- a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
- c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
- a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
- c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
-
-static const char sigma[16] = "expand 32-byte k";
-static const char tau[16] = "expand 16-byte k";
-
-static void
-chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
-{
- const char *constants;
-
- x->input[4] = U8TO32_LITTLE(k + 0);
- x->input[5] = U8TO32_LITTLE(k + 4);
- x->input[6] = U8TO32_LITTLE(k + 8);
- x->input[7] = U8TO32_LITTLE(k + 12);
- if (kbits == 256) { /* recommended */
- k += 16;
- constants = sigma;
- } else { /* kbits == 128 */
- constants = tau;
- }
- x->input[8] = U8TO32_LITTLE(k + 0);
- x->input[9] = U8TO32_LITTLE(k + 4);
- x->input[10] = U8TO32_LITTLE(k + 8);
- x->input[11] = U8TO32_LITTLE(k + 12);
- x->input[0] = U8TO32_LITTLE(constants + 0);
- x->input[1] = U8TO32_LITTLE(constants + 4);
- x->input[2] = U8TO32_LITTLE(constants + 8);
- x->input[3] = U8TO32_LITTLE(constants + 12);
-}
-
-static void
-chacha_ivsetup(chacha_ctx *x,const u8 *iv)
-{
- x->input[12] = 0;
- x->input[13] = 0;
- x->input[14] = U8TO32_LITTLE(iv + 0);
- x->input[15] = U8TO32_LITTLE(iv + 4);
-}
-
-static void
-chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
-{
- u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
- u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
- u8 *ctarget = NULL;
- u8 tmp[64];
- u_int i;
-
- if (!bytes) return;
-
- j0 = x->input[0];
- j1 = x->input[1];
- j2 = x->input[2];
- j3 = x->input[3];
- j4 = x->input[4];
- j5 = x->input[5];
- j6 = x->input[6];
- j7 = x->input[7];
- j8 = x->input[8];
- j9 = x->input[9];
- j10 = x->input[10];
- j11 = x->input[11];
- j12 = x->input[12];
- j13 = x->input[13];
- j14 = x->input[14];
- j15 = x->input[15];
-
- for (;;) {
- if (bytes < 64) {
- for (i = 0;i < bytes;++i) tmp[i] = m[i];
- m = tmp;
- ctarget = c;
- c = tmp;
- }
- x0 = j0;
- x1 = j1;
- x2 = j2;
- x3 = j3;
- x4 = j4;
- x5 = j5;
- x6 = j6;
- x7 = j7;
- x8 = j8;
- x9 = j9;
- x10 = j10;
- x11 = j11;
- x12 = j12;
- x13 = j13;
- x14 = j14;
- x15 = j15;
- for (i = 20;i > 0;i -= 2) {
- QUARTERROUND( x0, x4, x8,x12)
- QUARTERROUND( x1, x5, x9,x13)
- QUARTERROUND( x2, x6,x10,x14)
- QUARTERROUND( x3, x7,x11,x15)
- QUARTERROUND( x0, x5,x10,x15)
- QUARTERROUND( x1, x6,x11,x12)
- QUARTERROUND( x2, x7, x8,x13)
- QUARTERROUND( x3, x4, x9,x14)
- }
- x0 = PLUS(x0,j0);
- x1 = PLUS(x1,j1);
- x2 = PLUS(x2,j2);
- x3 = PLUS(x3,j3);
- x4 = PLUS(x4,j4);
- x5 = PLUS(x5,j5);
- x6 = PLUS(x6,j6);
- x7 = PLUS(x7,j7);
- x8 = PLUS(x8,j8);
- x9 = PLUS(x9,j9);
- x10 = PLUS(x10,j10);
- x11 = PLUS(x11,j11);
- x12 = PLUS(x12,j12);
- x13 = PLUS(x13,j13);
- x14 = PLUS(x14,j14);
- x15 = PLUS(x15,j15);
-
-#ifndef KEYSTREAM_ONLY
- x0 = XOR(x0,U8TO32_LITTLE(m + 0));
- x1 = XOR(x1,U8TO32_LITTLE(m + 4));
- x2 = XOR(x2,U8TO32_LITTLE(m + 8));
- x3 = XOR(x3,U8TO32_LITTLE(m + 12));
- x4 = XOR(x4,U8TO32_LITTLE(m + 16));
- x5 = XOR(x5,U8TO32_LITTLE(m + 20));
- x6 = XOR(x6,U8TO32_LITTLE(m + 24));
- x7 = XOR(x7,U8TO32_LITTLE(m + 28));
- x8 = XOR(x8,U8TO32_LITTLE(m + 32));
- x9 = XOR(x9,U8TO32_LITTLE(m + 36));
- x10 = XOR(x10,U8TO32_LITTLE(m + 40));
- x11 = XOR(x11,U8TO32_LITTLE(m + 44));
- x12 = XOR(x12,U8TO32_LITTLE(m + 48));
- x13 = XOR(x13,U8TO32_LITTLE(m + 52));
- x14 = XOR(x14,U8TO32_LITTLE(m + 56));
- x15 = XOR(x15,U8TO32_LITTLE(m + 60));
-#endif
-
- j12 = PLUSONE(j12);
- if (!j12) {
- j13 = PLUSONE(j13);
- /* stopping at 2^70 bytes per nonce is user's responsibility */
- }
-
- U32TO8_LITTLE(c + 0,x0);
- U32TO8_LITTLE(c + 4,x1);
- U32TO8_LITTLE(c + 8,x2);
- U32TO8_LITTLE(c + 12,x3);
- U32TO8_LITTLE(c + 16,x4);
- U32TO8_LITTLE(c + 20,x5);
- U32TO8_LITTLE(c + 24,x6);
- U32TO8_LITTLE(c + 28,x7);
- U32TO8_LITTLE(c + 32,x8);
- U32TO8_LITTLE(c + 36,x9);
- U32TO8_LITTLE(c + 40,x10);
- U32TO8_LITTLE(c + 44,x11);
- U32TO8_LITTLE(c + 48,x12);
- U32TO8_LITTLE(c + 52,x13);
- U32TO8_LITTLE(c + 56,x14);
- U32TO8_LITTLE(c + 60,x15);
-
- if (bytes <= 64) {
- if (bytes < 64) {
- for (i = 0;i < bytes;++i) ctarget[i] = c[i];
- }
- x->input[12] = j12;
- x->input[13] = j13;
- return;
- }
- bytes -= 64;
- c += 64;
-#ifndef KEYSTREAM_ONLY
- m += 64;
-#endif
- }
-}
blob - 467d49129755234e4b74cb148d1d126caa8ba562
blob + 6aee7602f22e2fed55ce38f171bf5aebaa72819c
--- configure
+++ configure
@@ -36,6 +36,28 @@ freebsd() {
linux() {
echo configuring for Linux
cp Makefile.linux Makefile
+
+ # libressl
+
+ if [ ! -d ../libressl-2.0.5 ] ; then
+ echo Please install libressl-2.0.5 in the directory before this one!
+ echo You can get it from http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
+ echo "Please extract it and ./configure && make check, this will not "
+ echo install it into your system only into that directory.
+ echo
+ echo Due to Linux distros not supporting libressl yet, we have to
+ echo make it this way, hopeing for someone making inroads one day!
+ echo cleaning up...
+ rm -f Makefile
+ exit 1
+ else
+ echo Now making a symlink for libcrypto and libssl...
+ ln -s ../libressl-2.0.5/crypto/.libs/libcrypto.a libresslcrypto.a
+ ln -s ../libressl-2.0.5/crypto/.libs/libcompat.a libresslcompat.a
+ ln -s ../libressl-2.0.5/ssl/.libs/libssl.a libressl.a
+ ln -s ../libressl-2.0.5/crypto/.libs/libcompatnoopt.a libresslcompatnoopt.a
+ echo done.
+ fi
}
darwin() {
blob - 1c2e8adb2a9cd646f94654128e4aebb8c11e5aed
blob + 3a6771a293a98439066f4269596b1fecf2f94b28
--- parse.y
+++ parse.y
@@ -37,6 +37,7 @@ extern int insert_recurse(char *, char *);
extern int insert_whitelist(char *, char *);
extern int insert_wildcard(char *, char *);
extern void slave_shutdown(void);
+void yyerror(const char *);
extern int whitelist;
extern int notify;
@@ -92,7 +93,11 @@ typedef struct {
int lineno;
} YYSTYPE;
-static const char rcsid[] = "$Id: parse.y,v 1.23 2014/05/18 18:47:54 pjp Exp $";
+#ifdef __APPLE__
+#define YYSTYPE_IS_DECLARED 1
+#endif
+
+static const char rcsid[] = "$Id: parse.y,v 1.24 2014/09/27 17:38:28 pjp Exp $";
static int version = 0;
static int state = 0;
static uint8_t region = 0;
@@ -2732,7 +2737,7 @@ temp_inet_net_pton_ipv6(const char *src, void *dst, si
if (sep == NULL)
return 128;
-#ifndef __linux__
+#if ! defined __linux__ && ! defined __APPLE__
bits = strtonum(sep, 0, 128, &errstr);
#else
bits = atoi(sep);
blob - 7aa77822ff08b15719e1b5e88fd642a2ebba3f2f
blob + bf5f514dc84817995bcd73e3627decc7844da97e
--- recurse.c
+++ recurse.c
@@ -49,7 +49,6 @@ extern void reply_nxdomain(struct sreply *);
extern void reply_ptr(struct sreply *);
extern void reply_soa(struct sreply *);
extern void reply_txt(struct sreply *sreply);
-extern unsigned int res_randomid(void);
extern void slave_shutdown(void);
extern void update_db(DB *, struct domain *);
@@ -91,7 +90,7 @@ static struct recurseentry {
} *rn2, *rnp;
-static const char rcsid[] = "$Id: recurse.c,v 1.44 2014/05/18 17:14:05 pjp Exp $";
+static const char rcsid[] = "$Id: recurse.c,v 1.45 2014/09/27 17:38:28 pjp Exp $";
/*
* INIT_RECURSE - initialize the recurse singly linked list
@@ -1623,7 +1622,7 @@ netlookup(DB *db, struct recurses *sr)
return (-1);
}
- sr->port = res_randomid() & 0xffff;
+ sr->port = arc4random() & 0xffff;
/*
* we have to avoid picking servers already
* running ..
@@ -1631,7 +1630,7 @@ netlookup(DB *db, struct recurses *sr)
if (sr->port < 1024)
sr->port += 1024;
- sr->id = res_randomid() & 0xffff;
+ sr->id = arc4random() & 0xffff;
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
@@ -2074,7 +2073,7 @@ netlookup6(DB *db, struct recurses *sr)
return (-1);
}
- sr->port = res_randomid() & 0xffff;
+ sr->port = arc4random() & 0xffff;
/*
* we have to avoid picking servers already
* running ..
@@ -2082,7 +2081,7 @@ netlookup6(DB *db, struct recurses *sr)
if (sr->port < 1024)
sr->port += 1024;
- sr->id = res_randomid() & 0xffff;
+ sr->id = arc4random() & 0xffff;
memset(&sin6, 0, sizeof(sin6));
sin6.sin6_family = AF_INET6;
blob - 436cf058899586b567d4521c4ecc8a9c660692b5 (mode 644)
blob + /dev/null
--- res_random.c
+++ /dev/null
@@ -1,276 +0,0 @@
-/*
- * Copied from OpenBSD OpenSMTPD..
- * - pbug
- *
- * Copied from: lib/libc/net/res_random.c
- *
- * -- eric@
- */
-/* $OpenBSD: res_random.c,v 1.17 2008/04/13 00:28:35 djm Exp $ */
-
-/*
- * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
- * Copyright 2008 Damien Miller <djm@openbsd.org>
- * All rights reserved.
- *
- * Theo de Raadt <deraadt@openbsd.org> came up with the idea of using
- * such a mathematical system to generate more random (yet non-repeating)
- * ids to solve the resolver/named problem. But Niels designed the
- * actual system based on the constraints.
- *
- * Later modified by Damien Miller to wrap the LCG output in a 15-bit
- * permutation generator based on a Luby-Rackoff block cipher. This
- * ensures the output is non-repeating and preserves the MSB twiddle
- * trick, but makes it more resistant to LCG prediction.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * seed = random 15bit
- * n = prime, g0 = generator to n,
- * j = random so that gcd(j,n-1) == 1
- * g = g0^j mod n will be a generator again.
- *
- * X[0] = random seed.
- * X[n] = a*X[n-1]+b mod m is a Linear Congruential Generator
- * with a = 7^(even random) mod m,
- * b = random with gcd(b,m) == 1
- * m = 31104 and a maximal period of m-1.
- *
- * The transaction id is determined by:
- * id[n] = seed xor (g^X[n] mod n)
- *
- * Effectivly the id is restricted to the lower 15 bits, thus
- * yielding two different cycles by toggling the msb on and off.
- * This avoids reuse issues caused by reseeding.
- *
- * The output of this generator is then randomly permuted though a
- * custom 15 bit Luby-Rackoff block cipher.
- */
-
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-
-/* #include "dnsutil.h" */
-
-#define RU_OUT 180 /* Time after wich will be reseeded */
-#define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */
-#define RU_GEN 2 /* Starting generator */
-#define RU_N 32749 /* RU_N-1 = 2*2*3*2729 */
-#define RU_AGEN 7 /* determine ru_a as RU_AGEN^(2*rand) */
-#define RU_M 31104 /* RU_M = 2^7*3^5 - don't change */
-#define RU_ROUNDS 11 /* Number of rounds for permute (odd) */
-
-struct prf_ctx {
- /* PRF lookup table for odd rounds (7 bits input to 8 bits output) */
- u_char prf7[(RU_ROUNDS / 2) * (1 << 7)];
-
- /* PRF lookup table for even rounds (8 bits input to 7 bits output) */
- u_char prf8[((RU_ROUNDS + 1) / 2) * (1 << 8)];
-};
-
-#define PFAC_N 3
-static const u_int16_t pfacts[PFAC_N] = {
- 2,
- 3,
- 2729
-};
-
-static u_int16_t ru_x;
-static u_int16_t ru_seed, ru_seed2;
-static u_int16_t ru_a, ru_b;
-static u_int16_t ru_g;
-static u_int16_t ru_counter = 0;
-static u_int16_t ru_msb = 0;
-static struct prf_ctx *ru_prf = NULL;
-static long ru_reseed;
-
-static u_int16_t pmod(u_int16_t, u_int16_t, u_int16_t);
-static void res_initid(void);
-extern u_int32_t arc4random_uniform(u_int32_t upper_bound);
-extern void arc4random_buf(void *_buf, size_t n);
-
-
-/*
- * Do a fast modular exponation, returned value will be in the range
- * of 0 - (mod-1)
- */
-static u_int16_t
-pmod(u_int16_t gen, u_int16_t exp, u_int16_t mod)
-{
- u_int16_t s, t, u;
-
- s = 1;
- t = gen;
- u = exp;
-
- while (u) {
- if (u & 1)
- s = (s * t) % mod;
- u >>= 1;
- t = (t * t) % mod;
- }
- return (s);
-}
-
-/*
- * 15-bit permutation based on Luby-Rackoff block cipher
- */
-static u_int
-permute15(u_int in)
-{
- int i;
- u_int left, right, tmp;
-
- if (ru_prf == NULL)
- return in;
-
- left = (in >> 8) & 0x7f;
- right = in & 0xff;
-
- /*
- * Each round swaps the width of left and right. Even rounds have
- * a 7-bit left, odd rounds have an 8-bit left. Since this uses an
- * odd number of rounds, left is always 8 bits wide at the end.
- */
- for (i = 0; i < RU_ROUNDS; i++) {
- if ((i & 1) == 0)
- tmp = ru_prf->prf8[(i << (8 - 1)) | right] & 0x7f;
- else
- tmp = ru_prf->prf7[((i - 1) << (7 - 1)) | right];
- tmp ^= left;
- left = right;
- right = tmp;
- }
-
- return (right << 8) | left;
-}
-
-/*
- * Initializes the seed and chooses a suitable generator. Also toggles
- * the msb flag. The msb flag is used to generate two distinct
- * cycles of random numbers and thus avoiding reuse of ids.
- *
- * This function is called from res_randomid() when needed, an
- * application does not have to worry about it.
- */
-static void
-res_initid(void)
-{
- u_int16_t j, i;
- u_int32_t tmp;
- int noprime = 1;
- struct timeval tv;
-
- ru_x = arc4random_uniform(RU_M);
-
- /* 15 bits of random seed */
- tmp = arc4random();
- ru_seed = (tmp >> 16) & 0x7FFF;
- ru_seed2 = tmp & 0x7FFF;
-
- /* Determine the LCG we use */
- tmp = arc4random();
- ru_b = (tmp & 0xfffe) | 1;
- ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M);
- while (ru_b % 3 == 0)
- ru_b += 2;
-
- j = arc4random_uniform(RU_N);
-
- /*
- * Do a fast gcd(j,RU_N-1), so we can find a j with
- * gcd(j, RU_N-1) == 1, giving a new generator for
- * RU_GEN^j mod RU_N
- */
-
- while (noprime) {
- for (i = 0; i < PFAC_N; i++)
- if (j % pfacts[i] == 0)
- break;
-
- if (i >= PFAC_N)
- noprime = 0;
- else
- j = (j + 1) % RU_N;
- }
-
- ru_g = pmod(RU_GEN, j, RU_N);
- ru_counter = 0;
-
- /* Initialise PRF for Luby-Rackoff permutation */
- if (ru_prf == NULL)
- ru_prf = malloc(sizeof(*ru_prf));
- if (ru_prf != NULL)
- arc4random_buf(ru_prf, sizeof(*ru_prf));
-
- gettimeofday(&tv, NULL);
- ru_reseed = tv.tv_sec + RU_OUT;
- ru_msb = ru_msb == 0x8000 ? 0 : 0x8000;
-}
-
-u_int
-res_randomid(void)
-{
- struct timeval tv;
-
- gettimeofday(&tv, NULL);
- if (ru_counter >= RU_MAX || tv.tv_sec > ru_reseed)
- res_initid();
-
- /* Linear Congruential Generator */
- ru_x = (ru_a * ru_x + ru_b) % RU_M;
- ru_counter++;
-
- return permute15(ru_seed ^ pmod(ru_g, ru_seed2 + ru_x, RU_N)) | ru_msb;
-}
-
-#if 0
-int
-main(int argc, char **argv)
-{
- int i, n;
- u_int16_t wert;
-
- res_initid();
-
- printf("Generator: %u\n", ru_g);
- printf("Seed: %u\n", ru_seed);
- printf("Reseed at %ld\n", ru_reseed);
- printf("Ru_X: %u\n", ru_x);
- printf("Ru_A: %u\n", ru_a);
- printf("Ru_B: %u\n", ru_b);
-
- n = argc > 1 ? atoi(argv[1]) : 60001;
- for (i=0;i<n;i++) {
- wert = res_randomid();
- printf("%u\n", wert);
- }
- return 0;
-}
-#endif
-
repomaster@centroid.eu