From 86613c3486af4c01c3281b8064ffeaea1566732b Mon Sep 17 00:00:00 2001 From: Ben Cressey Date: Fri, 9 Aug 2019 16:39:28 +0000 Subject: [PATCH 1/4] avoid gcrypt dependency gcrypt is only used for its implementations of SHA-1 and MD5, in order to generate UUIDs to fingerprint the XML configuration files. These UUIDs are considered by `wicked ifreload` to determine whether file contents have changed. For now we expect a single networking configuration file and do not need to reload it, so we can bypass this mechanism and the unwanted dependency on gcrypt. Signed-off-by: Ben Cressey --- configure.ac | 8 -------- src/hashcsum.c | 48 +++++++++++++++--------------------------------- src/netinfo.c | 42 ------------------------------------------ 3 files changed, 15 insertions(+), 83 deletions(-) diff --git a/configure.ac b/configure.ac index 08df65ca..b94dcf48 100644 --- a/configure.ac +++ b/configure.ac @@ -242,14 +242,6 @@ AC_CHECK_LIB([anl], [getaddrinfo_a], [LIBANL_LIBS="-lanl"],[ ]) AC_SUBST(LIBANL_LIBS) -# Checks for libgcrypt and it's minimal version; -# libgcrypt-1.5.0 as on SLE-11-SP3 is sufficient. -REQUIRE_LIBGCRYPT="1.5.0" -AM_PATH_LIBGCRYPT([$REQUIRE_LIBGCRYPT],,[ - AC_MSG_ERROR([Unable to find sufficient libgcrypt version]) -]) -AC_SUBST(REQUIRE_LIBGCRYPT) - # Checks for pkg-config modules. PKG_CHECK_MODULES(LIBNL, [libnl-3.0 libnl-route-3.0]) PKG_CHECK_MODULES(LIBDBUS, [dbus-1]) diff --git a/src/hashcsum.c b/src/hashcsum.c index 4fc0dfce..eeb41eee 100644 --- a/src/hashcsum.c +++ b/src/hashcsum.c @@ -27,10 +27,12 @@ #include #include -#include +#include + +#define NI_HASHCTX_MD5_MD_LENGTH 16 +#define NI_HASHCTX_SHA1_MD_LENGTH 20 struct ni_hashctx { - gcry_md_hd_t handle; unsigned int md_length; }; @@ -38,20 +40,16 @@ struct ni_hashctx { * Create a new hash context */ ni_hashctx_t * -__ni_hashctx_new(int algo) +__ni_hashctx_new(int len) { ni_hashctx_t *ctx; - gcry_error_t err; - ctx = calloc(1, sizeof(*ctx)); - err = gcry_md_open(&ctx->handle, algo, 0); - if (err) { - ni_error("%s: gcry_md_open failed", __func__); - ni_hashctx_free(ctx); + if (ctx == NULL) { + ni_error("%s: calloc failed", __func__); return NULL; } - ctx->md_length = gcry_md_get_algo_dlen(algo); + ctx->md_length = len; return ctx; } @@ -60,9 +58,9 @@ ni_hashctx_new(ni_hashctx_algo_t algo) { switch (algo) { case NI_HASHCTX_MD5: - return __ni_hashctx_new(GCRY_MD_MD5); + return __ni_hashctx_new(NI_HASHCTX_MD5_MD_LENGTH); case NI_HASHCTX_SHA1: - return __ni_hashctx_new(GCRY_MD_SHA1); + return __ni_hashctx_new(NI_HASHCTX_SHA1_MD_LENGTH); default: return NULL; @@ -75,10 +73,6 @@ ni_hashctx_new(ni_hashctx_algo_t algo) void ni_hashctx_free(ni_hashctx_t *ctx) { - if (ctx && ctx->handle) { - gcry_md_close(ctx->handle); - ctx->handle = NULL; - } free(ctx); } @@ -88,13 +82,13 @@ ni_hashctx_free(ni_hashctx_t *ctx) void ni_hashctx_begin(ni_hashctx_t *ctx) { - gcry_md_reset(ctx->handle); + // no-op } void ni_hashctx_finish(ni_hashctx_t *ctx) { - gcry_md_final(ctx->handle); + // no-op } unsigned int @@ -106,19 +100,9 @@ ni_hashctx_get_digest_length(ni_hashctx_t *ctx) int ni_hashctx_get_digest(ni_hashctx_t *ctx, void *md_buffer, size_t md_size) { - void *md; - - if (ctx->handle == NULL) - return -1; - - if (!(md = gcry_md_read(ctx->handle, 0))) { - ni_error("%s: failed to obtain digest", __func__); - return -1; - } - if (md_size > ctx->md_length) md_size = ctx->md_length; - memcpy(md_buffer, md, md_size); + memset(md_buffer, 0, md_size); return md_size; } @@ -128,14 +112,12 @@ ni_hashctx_get_digest(ni_hashctx_t *ctx, void *md_buffer, size_t md_size) void ni_hashctx_put(ni_hashctx_t *ctx, const void *data, size_t len) { - if (data && len) - gcry_md_write(ctx->handle, data, len); + // no-op } void ni_hashctx_puts(ni_hashctx_t *ctx, const char *string) { - if (string) - gcry_md_write(ctx->handle, string, strlen(string)); + // no-op } diff --git a/src/netinfo.c b/src/netinfo.c index 9598155d..63bb6a9f 100644 --- a/src/netinfo.c +++ b/src/netinfo.c @@ -33,7 +33,6 @@ #include "modem-manager.h" #include "dhcp6/options.h" #include "dhcp.h" -#include extern void ni_addrconf_updater_free(ni_addrconf_updater_t **); @@ -70,44 +69,6 @@ ni_init(const char *appname) return ni_init_ex(appname, NULL, NULL); } -static int -__ni_init_gcrypt(void) -{ -/* - * gcry_check_version checks for minmum version - * we want consider sufficient and returns NULL - * on failures. - * - * configure.ac checks and defines the minimum; - * when our requirements change, adjust there. - * - * With NULL, we don't require a minimum version - * but call the function to initialize libgcrypt - * and trust the linker and library soname. - */ -#ifndef REQUIRE_LIBGCRYPT -#define REQUIRE_LIBGCRYPT NULL -#endif - if (!gcry_check_version(REQUIRE_LIBGCRYPT)) { - ni_error("libgcrypt version mismatch: built %s, required >= %s", - GCRYPT_VERSION, REQUIRE_LIBGCRYPT); - return -1; - } - - if (gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) - return 0; - - gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); - gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); - gcry_control (GCRYCTL_RESUME_SECMEM_WARN); - gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); - if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) { - ni_error("Unable to initialize libgcrypt"); - return -1; - } - return 0; -} - int ni_init_ex(const char *appname, ni_init_appdata_callback_t *cb, void *appdata) { @@ -121,9 +82,6 @@ ni_init_ex(const char *appname, ni_init_appdata_callback_t *cb, void *appdata) /* We're using randomized timeouts. Seed the RNG */ ni_srandom(); - if (__ni_init_gcrypt() < 0) - return -1; - if (ni_global.config_path == NULL) { if (appname == NULL) { /* Backward compatible - for now. -- 2.32.0