diff --git a/configure.ac b/configure.ac index 1a57f475..8ad29b90 100644 --- a/configure.ac +++ b/configure.ac @@ -1019,14 +1019,25 @@ AC_SUBST(C99COMPATFLAGS) AH_BOTTOM([ +#include +#include +#include +#include +#include + +#ifdef HAVE_BSD_STRING_H +#include +#endif + /* the version of the windows API enabled */ -#undef WINVER -#undef _WIN32_WINNT +#ifndef WINVER #define WINVER 0x0600 // 0x0502 +#endif +#ifndef _WIN32_WINNT #define _WIN32_WINNT 0x0600 // 0x0502 +#endif #ifdef HAVE_WINSOCK2_H #include -#include #endif #ifdef HAVE_WS2TCPIP_H @@ -1047,15 +1058,6 @@ AH_BOTTOM([ #endif -#include -#include -#include -#include -#include - -#ifdef HAVE_BSD_STRING_H -#include -#endif #ifdef __cplusplus extern "C" { diff --git a/src/compat/arc4random.c b/src/compat/arc4random.c index 890699cd..2c78818f 100644 --- a/src/compat/arc4random.c +++ b/src/compat/arc4random.c @@ -26,7 +26,9 @@ #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include #include @@ -35,40 +37,6 @@ #include #ifndef GETDNS_ON_WINDOWS #include -#else -#include -#include - -int getentropy(void *buf, size_t len); - -/* -* On Windows, CryptGenRandom is supposed to be a well-seeded -* cryptographically strong random number generator. -*/ -int -getentropy(void *buf, size_t len) -{ - HCRYPTPROV provider; - - if (len > 256) { - errno = EIO; - return -1; - } - - if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT) == 0) - goto fail; - if (CryptGenRandom(provider, len, buf) == 0) { - CryptReleaseContext(provider, 0); - goto fail; - } - CryptReleaseContext(provider, 0); - return (0); - -fail: - errno = EIO; - return (-1); -} #endif #define KEYSTREAM_ONLY diff --git a/src/compat/getentropy_linux.c b/src/compat/getentropy_linux.c index 6c642a96..37d86a8f 100644 --- a/src/compat/getentropy_linux.c +++ b/src/compat/getentropy_linux.c @@ -16,10 +16,7 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - #include "config.h" -#ifndef GETDNS_ON_WINDOWS - /* #define _POSIX_C_SOURCE 199309L @@ -49,7 +46,12 @@ #include #include #include + +#if defined(HAVE_SSL) #include +#elif defined(HAVE_NETTLE) +#include +#endif #include #include @@ -70,9 +72,21 @@ HD(b); \ } while (0) +#if defined(HAVE_SSL) +#define CRYPTO_SHA512_CTX SHA512_CTX +#define CRYPTO_SHA512_INIT(x) SHA512_Init(x) +#define CRYPTO_SHA512_FINAL(r, c) SHA512_Final(r, c) #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) #define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) +#elif defined(HAVE_NETTLE) +#define CRYPTO_SHA512_CTX struct sha512_ctx +#define CRYPTO_SHA512_INIT(x) sha512_init(x) +#define CRYPTO_SHA512_FINAL(r, c) sha512_digest(c, SHA512_DIGEST_SIZE, r) +#define HR(x, l) (sha512_update(&ctx, (l), (uint8_t *)(x))) +#define HD(x) (sha512_update(&ctx, sizeof (x), (uint8_t *)&(x))) +#define HF(x) (sha512_update(&ctx, sizeof (void*), (uint8_t *)&(x))) +#endif int getentropy(void *buf, size_t len); @@ -125,7 +139,7 @@ getentropy(void *buf, size_t len) * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID. * sysctl is a failsafe API, so it guarantees a result. This * should work inside a chroot, or when file descriptors are - * exhuasted. + * exhausted. * * However this can fail if the Linux kernel removes support * for sysctl. Starting in 2007, there have been efforts to @@ -340,7 +354,7 @@ getentropy_fallback(void *buf, size_t len) struct rusage ru; sigset_t sigset; struct stat st; - SHA512_CTX ctx; + CRYPTO_SHA512_CTX ctx; static pid_t lastpid; pid_t pid; size_t i, ii, m; @@ -357,7 +371,7 @@ getentropy_fallback(void *buf, size_t len) } for (i = 0; i < len; ) { int j; - SHA512_Init(&ctx); + CRYPTO_SHA512_INIT(&ctx); for (j = 0; j < repeat; j++) { HX((e = gettimeofday(&tv, NULL)) == -1, tv); if (e != -1) { @@ -529,7 +543,7 @@ getentropy_fallback(void *buf, size_t len) # endif #endif /* HAVE_GETAUXVAL */ - SHA512_Final(results, &ctx); + CRYPTO_SHA512_FINAL(results, &ctx); memcpy((char*)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } @@ -541,4 +555,3 @@ getentropy_fallback(void *buf, size_t len) errno = EIO; return -1; } -#endif \ No newline at end of file diff --git a/src/compat/getentropy_solaris.c b/src/compat/getentropy_solaris.c index 83895738..810098a8 100644 --- a/src/compat/getentropy_solaris.c +++ b/src/compat/getentropy_solaris.c @@ -30,7 +30,9 @@ #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include #include @@ -39,10 +41,14 @@ #include #include #include +#ifdef HAVE_SYS_SHA2_H #include #define SHA512_Init SHA512Init #define SHA512_Update SHA512Update #define SHA512_Final SHA512Final +#else +#include "openssl/sha.h" +#endif #include #include diff --git a/src/compat/sha512.c b/src/compat/sha512.c index ac046abb..744b7ac7 100644 --- a/src/compat/sha512.c +++ b/src/compat/sha512.c @@ -70,7 +70,7 @@ unsigned char *SHA512(void *data, unsigned int data_len, unsigned char *digest); * Please make sure that your system defines BYTE_ORDER. If your * architecture is little-endian, make sure it also defines * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are - * equivilent. + * equivalent. * * If your system does not define the above, then you can do so by * hand like this: diff --git a/src/util-internal.c b/src/util-internal.c index dd4e816c..fe41bea6 100644 --- a/src/util-internal.c +++ b/src/util-internal.c @@ -271,7 +271,7 @@ _getdns_rr_iter2rr_dict(struct mem_funcs *mf, _getdns_rr_iter *i) } else if (rdf->rdd_pos->type == GETDNS_RDF_SPECIAL) val_type = wf_special; else - assert(0); + assert(((val_type = wf_int), 0)); if (! rdf->rdd_repeat) { switch (val_type) {