diff --git a/libs/gmp/Makefile b/libs/gmp/Makefile new file mode 100644 index 000000000..200818a0e --- /dev/null +++ b/libs/gmp/Makefile @@ -0,0 +1,64 @@ +# +# Copyright (C) 2006-2012 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=gmp +PKG_VERSION:=5.1.3 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=ftp://ftp.gmplib.org/pub/$(PKG_NAME)-$(PKG_VERSION)/ +PKG_MD5SUM:=a082867cbca5e898371a97bb27b31fea + +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 +PKG_FIXUP:=autoreconf + +PKG_USE_MIPS16:=0 + +include $(INCLUDE_DIR)/package.mk + +define Package/libgmp + SECTION:=libs + CATEGORY:=Libraries + TITLE:=GNU multiprecision arithmetic library + URL:=http://gmplib.org/ +endef + +define Package/libgmp/description + GMP is a free library for arbitrary precision arithmetic, operating on + signed integers, rational numbers, and floating point numbers. +endef + +TARGET_CFLAGS += $(FPIC) +CONFIGURE_VARS += CC="$(TARGET_CROSS)gcc" +CONFIGURE_ARGS += \ + --enable-shared \ + --enable-static \ + +define Build/Compile + $(call Build/Compile/Default, \ + DESTDIR="$(PKG_INSTALL_DIR)" \ + CC="$(TARGET_CC)" \ + all \ + ) +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/gmp* $(1)/usr/include/ + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.{a,so*} $(1)/usr/lib/ +endef + +define Package/libgmp/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.so.* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,libgmp)) diff --git a/libs/gnutls/Config.in b/libs/gnutls/Config.in new file mode 100644 index 000000000..d55743f5a --- /dev/null +++ b/libs/gnutls/Config.in @@ -0,0 +1,34 @@ +# gnutls avanced configuration + +menu "Configuration" + depends on PACKAGE_libgnutls + +config GNUTLS_DTLS_SRTP + bool "enable DTLS SRTP support" + +config GNUTLS_ALPN + bool "enable ALPN support" + +config GNUTLS_OCSP + bool "enable ocsp support" + +config GNUTLS_CRYPTODEV + bool "enable /dev/crypto support" + depends on BROKEN + +config GNUTLS_HEARTBEAT + bool "enable DTLS heartbeat support" + +config GNUTLS_OPENPGP + bool "enable OPENPGP authentication support" + +config GNUTLS_SRP + bool "enable SRP authentication support" + +config GNUTLS_PSK + bool "enable PSK authentication support" + +config GNUTLS_ANON + bool "enable anonymous authentication support" + +endmenu diff --git a/libs/gnutls/Makefile b/libs/gnutls/Makefile new file mode 100644 index 000000000..d1f8919d5 --- /dev/null +++ b/libs/gnutls/Makefile @@ -0,0 +1,231 @@ +# +# Copyright (C) 2005-2010 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=gnutls +PKG_VERSION:=3.2.15 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE_URL:=ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2 +PKG_MD5SUM:=ec3b06f80e312137386c5d322183ca5a +PKG_MAINTAINER:=Nikos Mavrogiannopoulos + +PKG_INSTALL:=1 +PKG_LIBTOOL_PATHS:=. lib + +include $(INCLUDE_DIR)/package.mk + + +define Package/gnutls/Default + SUBMENU:=SSL + SECTION:=libs + CATEGORY:=Libraries + TITLE:=GNU TLS + URL:=http://www.gnutls.org/ +endef + +define Package/gnutls/Default/description + GnuTLS is a secure communications library implementing the SSL, TLS + and DTLS protocols and technologies around them. It provides a simple + C language application programming interface (API) to access the secure + communications protocols as well as APIs to parse and write X.509, PKCS12, + OpenPGP and other required structures. It is aimed to be portable and + efficient with focus on security and interoperability. +endef + + +define Package/certtool +$(call Package/gnutls/Default) + SECTION:=utils + CATEGORY:=Utilities + TITLE+= (certool utility) + DEPENDS+= +libgnutls +endef + +define Package/certtool/description +$(call Package/gnutls/Default/description) + This package contains the GnuTLS certtool utility. +endef + + +define Package/gnutls-utils +$(call Package/gnutls/Default) + SECTION:=utils + CATEGORY:=Utilities + TITLE+= (utilities) + DEPENDS+= +libgnutls +endef + +define Package/gnutls-utils/description +$(call Package/gnutls/Default/description) + This package contains the GnuTLS gnutls-cli, gnutls-serv, psktool, + and srptool utilities. +endef + +define Package/libgnutls/config + source "$(SOURCE)/Config.in" +endef + +define Package/libgnutls +$(call Package/gnutls/Default) + TITLE+= (library) + DEPENDS+= +libnettle +!LIBNETTLE_MINI:libgmp +endef + +define Package/libgnutls/description +$(call Package/gnutls/Default/description) + This package contains the GnuTLS shared library, needed by other programs. +endef + + +define Package/libgnutls-openssl +$(call Package/gnutls/Default) + TITLE+= (OpenSSL compat library) + DEPENDS+= +libgnutls +endef + +define Package/libgnutls-openssl/description +$(call Package/gnutls/Default/description) + This package contains the GnuTLS OpenSSL compatibility layer shared library. +endef + +CONFIGURE_ARGS+= \ + --enable-shared \ + --enable-static \ + --disable-libdane \ + --disable-guile \ + --disable-nls \ + --without-zlib \ + --with-included-libtasn1 \ + --enable-local-libopts \ + --disable-doc \ + --disable-tests \ + --disable-rsa-export \ + --disable-crywrap \ + --without-p11-kit + +ifeq ($(CONFIG_LIBNETTLE_MINI),y) +CONFIGURE_ARGS += --with-nettle-mini +endif + +ifneq ($(CONFIG_GNUTLS_DTLS_SRTP),y) +CONFIGURE_ARGS += --disable-dtls-srtp-support +endif + +ifneq ($(CONFIG_GNUTLS_ALPN),y) +CONFIGURE_ARGS += --disable-alpn-support +endif + +ifneq ($(CONFIG_GNUTLS_HEARTBEAT),y) +CONFIGURE_ARGS += --disable-heartbeat-support +endif + +ifneq ($(CONFIG_GNUTLS_SRP),y) +CONFIGURE_ARGS += --disable-srp-authentication +endif + +ifneq ($(CONFIG_GNUTLS_PSK),y) +CONFIGURE_ARGS += --disable-psk-authentication +endif + +ifneq ($(CONFIG_GNUTLS_OPENPGP),y) +CONFIGURE_ARGS += --disable-openpgp-authentication +endif + +ifneq ($(CONFIG_GNUTLS_ANON),y) +CONFIGURE_ARGS += --disable-anon-authentication +endif + +ifneq ($(CONFIG_GNUTLS_OCSP),y) +CONFIGURE_ARGS += --disable-ocsp +endif + +ifeq ($(CONFIG_GNUTLS_CRYPTODEV),y) +CONFIGURE_ARGS += --enable-cryptodev +endif + +# XXX: AM_CFLAGS duplicates with CFLAGS +MAKE_FLAGS:= \ + AM_CFLAGS="" \ + +TARGET_CFLAGS += $(FPIC) +TARGET_LDFLAGS += -Wl,-rpath-link=$(STAGING_DIR)/usr/lib + +define Build/Configure + $(SED) 's,-I$$$${includedir},,g' $(PKG_BUILD_DIR)/configure + $(SED) 's,-L$$$${libdir},,g' $(PKG_BUILD_DIR)/configure + $(call Build/Configure/Default) +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig + $(CP) \ + $(PKG_INSTALL_DIR)/usr/include/gnutls \ + $(1)/usr/include/ + $(CP) \ + $(PKG_INSTALL_DIR)/usr/lib/libgnutls{,-openssl}.{a,so*} \ + $(1)/usr/lib/ + $(CP) \ + $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/gnutls.pc \ + $(1)/usr/lib/pkgconfig/ +endef + +define Package/certtool/conffiles +/etc/gnutls/certtool.cfg +endef + +define Package/certtool/install + $(INSTALL_DIR) $(1)/etc/gnutls + $(INSTALL_CONF) $(PKG_BUILD_DIR)/doc/certtool.cfg $(1)/etc/gnutls/ + $(INSTALL_DIR) $(1)/usr/bin + $(CP) $(PKG_INSTALL_DIR)/usr/bin/certtool $(1)/usr/bin/ +endef + + +define Package/gnutls-utils/install + $(INSTALL_DIR) $(1)/usr/bin +ifeq ($(CONFIG_GNUTLS_OCSP),y) +ifeq ($(CONFIG_GNUTLS_ANON),y) + $(CP) \ + $(PKG_INSTALL_DIR)/usr/bin/gnutls-{cli,serv} \ + $(1)/usr/bin/ +endif + $(CP) \ + $(PKG_INSTALL_DIR)/usr/bin/ocsptool \ + $(1)/usr/bin/ +endif +ifeq ($(CONFIG_GNUTLS_SRP),y) + $(CP) \ + $(PKG_INSTALL_DIR)/usr/bin/srptool \ + $(1)/usr/bin/ +endif +ifeq ($(CONFIG_GNUTLS_PSK),y) + $(CP) \ + $(PKG_INSTALL_DIR)/usr/bin/psktool \ + $(1)/usr/bin/ +endif +endef + + +define Package/libgnutls/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgnutls.so.* $(1)/usr/lib/ +endef + + +define Package/libgnutls-openssl/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgnutls-openssl.so.* $(1)/usr/lib/ +endef + + +$(eval $(call BuildPackage,certtool)) +$(eval $(call BuildPackage,gnutls-utils)) +$(eval $(call BuildPackage,libgnutls)) +$(eval $(call BuildPackage,libgnutls-openssl)) diff --git a/libs/nettle/Config.in b/libs/nettle/Config.in new file mode 100644 index 000000000..0d4806ab3 --- /dev/null +++ b/libs/nettle/Config.in @@ -0,0 +1,9 @@ +# nettle avanced configuration + +menu "Configuration" + depends on PACKAGE_libnettle + +config LIBNETTLE_MINI + bool "use mini-gmp instead of gmp; the library will be much smaller at a 10x performance penalty. Note that this option may have side effects to programs that link to both nettle and gmp." + +endmenu diff --git a/libs/nettle/Makefile b/libs/nettle/Makefile new file mode 100644 index 000000000..4b0ce0bad --- /dev/null +++ b/libs/nettle/Makefile @@ -0,0 +1,85 @@ +# +# Copyright (C) 2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=nettle +PKG_VERSION:=2.7.1 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=@GNU/nettle +PKG_MD5SUM:=003d5147911317931dd453520eb234a5 +PKG_MAINTAINER:=Nikos Mavrogiannopoulos + +PKG_LICENSE:=LGPLv2 +PKG_LICENSE_FILES:=COPYING + +PKG_FIXUP:=autoreconf +PKG_BUILD_PARALLEL:=0 + +include $(INCLUDE_DIR)/package.mk + +define Package/libnettle + SECTION:=libs + CATEGORY:=Libraries + TITLE:=GNU crypto library + URL:=http://www.lysator.liu.se/~nisse/nettle/ + DEPENDS+= +!LIBNETTLE_MINI:libgmp +endef + +define Package/libnettle/config + source "$(SOURCE)/Config.in" +endef + +TARGET_CFLAGS += $(FPIC) + +CONFIGURE_ARGS += \ + --enable-shared \ + --disable-openssl \ + --disable-documentation \ + --enable-static + +ifeq ($(CONFIG_LIBNETTLE_MINI),y) +CONFIGURE_ARGS += --enable-mini-gmp +endif + +ifeq ($(CONFIG_CPU_SUBTYPE),neon) +CONFIGURE_ARGS += \ + --enable-arm-neon +endif + +define Build/Compile + $(call Build/Compile/Default, \ + DESTDIR="$(PKG_INSTALL_DIR)" \ + CC="$(TARGET_CC)" \ + libnettle.so libhogweed.so + +$(MAKE) -i $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ + DESTDIR="$(PKG_INSTALL_DIR)" \ + install) +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include/nettle + $(CP) $(PKG_INSTALL_DIR)/usr/include/nettle/*.h $(1)/usr/include/nettle/ + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnettle.{a,so*} $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libhogweed.{a,so*} $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) \ + $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/nettle.pc \ + $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/hogweed.pc \ + $(1)/usr/lib/pkgconfig/ +endef + +define Package/libnettle/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnettle.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libhogweed.so.* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,libnettle)) diff --git a/libs/nettle/patches/0001-Updated-mini-gmp.patch b/libs/nettle/patches/0001-Updated-mini-gmp.patch new file mode 100644 index 000000000..7fb8092f3 --- /dev/null +++ b/libs/nettle/patches/0001-Updated-mini-gmp.patch @@ -0,0 +1,1738 @@ +From 57700c26d73cf7fa6f5cfaec1145eccf388acab9 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Sun, 9 Mar 2014 11:27:42 +0100 +Subject: [PATCH 1/5] Updated mini-gmp + +--- + mini-gmp.c | 890 +++++++++++++++++++++++++++++++++++++++---------------------- + mini-gmp.h | 55 +++- + 2 files changed, 618 insertions(+), 327 deletions(-) + +diff --git a/mini-gmp.c b/mini-gmp.c +index 8b6f070..766df30 100644 +--- a/mini-gmp.c ++++ b/mini-gmp.c +@@ -2,24 +2,33 @@ + + Contributed to the GNU project by Niels Möller + +-Copyright 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1999, 2000, 2001, +-2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 +-Free Software Foundation, Inc. ++Copyright 1991-1997, 1999-2014 Free Software Foundation, Inc. + + This file is part of the GNU MP Library. + + The GNU MP Library is free software; you can redistribute it and/or modify +-it under the terms of the GNU Lesser General Public License as published by +-the Free Software Foundation; either version 3 of the License, or (at your +-option) any later version. ++it under the terms of either: ++ ++ * the GNU Lesser General Public License as published by the Free ++ Software Foundation; either version 3 of the License, or (at your ++ option) any later version. ++ ++or ++ ++ * the GNU General Public License as published by the Free Software ++ Foundation; either version 2 of the License, or (at your option) any ++ later version. ++ ++or both in parallel, as here. + + The GNU MP Library is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +-or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public +-License for more details. ++or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++for more details. + +-You should have received a copy of the GNU Lesser General Public License +-along with the GNU MP Library. If not, see http://www.gnu.org/licenses/. */ ++You should have received copies of the GNU General Public License and the ++GNU Lesser General Public License along with the GNU MP Library. If not, ++see https://www.gnu.org/licenses/. */ + + /* NOTE: All functions in this file which are not declared in + mini-gmp.h are internal, and are not intended to be compatible +@@ -222,11 +231,13 @@ along with the GNU MP Library. If not, see http://www.gnu.org/licenses/. */ + } while (0) + #define MPZ_SRCPTR_SWAP(x, y) \ + do { \ +- mpz_srcptr __mpz_srcptr_swap__tmp = (x); \ ++ mpz_srcptr __mpz_srcptr_swap__tmp = (x); \ + (x) = (y); \ + (y) = __mpz_srcptr_swap__tmp; \ + } while (0) + ++const int mp_bits_per_limb = GMP_LIMB_BITS; ++ + + /* Memory allocation and other helper functions. */ + static void +@@ -342,12 +353,10 @@ mpn_copyd (mp_ptr d, mp_srcptr s, mp_size_t n) + int + mpn_cmp (mp_srcptr ap, mp_srcptr bp, mp_size_t n) + { +- for (; n > 0; n--) ++ while (--n >= 0) + { +- if (ap[n-1] < bp[n-1]) +- return -1; +- else if (ap[n-1] > bp[n-1]) +- return 1; ++ if (ap[n] != bp[n]) ++ return ap[n] > bp[n] ? 1 : -1; + } + return 0; + } +@@ -355,10 +364,8 @@ mpn_cmp (mp_srcptr ap, mp_srcptr bp, mp_size_t n) + static int + mpn_cmp4 (mp_srcptr ap, mp_size_t an, mp_srcptr bp, mp_size_t bn) + { +- if (an > bn) +- return 1; +- else if (an < bn) +- return -1; ++ if (an != bn) ++ return an < bn ? -1 : 1; + else + return mpn_cmp (ap, bp, an); + } +@@ -373,20 +380,31 @@ mpn_normalized_size (mp_srcptr xp, mp_size_t n) + + #define mpn_zero_p(xp, n) (mpn_normalized_size ((xp), (n)) == 0) + ++void ++mpn_zero (mp_ptr rp, mp_size_t n) ++{ ++ mp_size_t i; ++ ++ for (i = 0; i < n; i++) ++ rp[i] = 0; ++} ++ + mp_limb_t + mpn_add_1 (mp_ptr rp, mp_srcptr ap, mp_size_t n, mp_limb_t b) + { + mp_size_t i; + + assert (n > 0); +- +- for (i = 0; i < n; i++) ++ i = 0; ++ do + { + mp_limb_t r = ap[i] + b; + /* Carry out */ + b = (r < b); + rp[i] = r; + } ++ while (++i < n); ++ + return b; + } + +@@ -429,7 +447,8 @@ mpn_sub_1 (mp_ptr rp, mp_srcptr ap, mp_size_t n, mp_limb_t b) + + assert (n > 0); + +- for (i = 0; i < n; i++) ++ i = 0; ++ do + { + mp_limb_t a = ap[i]; + /* Carry out */ +@@ -437,6 +456,8 @@ mpn_sub_1 (mp_ptr rp, mp_srcptr ap, mp_size_t n, mp_limb_t b) + rp[i] = a - b; + b = cy; + } ++ while (++i < n); ++ + return b; + } + +@@ -602,7 +623,7 @@ mpn_lshift (mp_ptr rp, mp_srcptr up, mp_size_t n, unsigned int cnt) + retval = low_limb >> tnc; + high_limb = (low_limb << cnt); + +- for (i = n - 1; i != 0; i--) ++ for (i = n; --i != 0;) + { + low_limb = *--up; + *--rp = high_limb | (low_limb >> tnc); +@@ -630,7 +651,7 @@ mpn_rshift (mp_ptr rp, mp_srcptr up, mp_size_t n, unsigned int cnt) + retval = (high_limb << tnc); + low_limb = high_limb >> cnt; + +- for (i = n - 1; i != 0; i--) ++ for (i = n; --i != 0;) + { + high_limb = *up++; + *rp++ = low_limb | (high_limb << tnc); +@@ -641,6 +662,46 @@ mpn_rshift (mp_ptr rp, mp_srcptr up, mp_size_t n, unsigned int cnt) + return retval; + } + ++static mp_bitcnt_t ++mpn_common_scan (mp_limb_t limb, mp_size_t i, mp_srcptr up, mp_size_t un, ++ mp_limb_t ux) ++{ ++ unsigned cnt; ++ ++ assert (ux == 0 || ux == GMP_LIMB_MAX); ++ assert (0 <= i && i <= un ); ++ ++ while (limb == 0) ++ { ++ i++; ++ if (i == un) ++ return (ux == 0 ? ~(mp_bitcnt_t) 0 : un * GMP_LIMB_BITS); ++ limb = ux ^ up[i]; ++ } ++ gmp_ctz (cnt, limb); ++ return (mp_bitcnt_t) i * GMP_LIMB_BITS + cnt; ++} ++ ++mp_bitcnt_t ++mpn_scan1 (mp_srcptr ptr, mp_bitcnt_t bit) ++{ ++ mp_size_t i; ++ i = bit / GMP_LIMB_BITS; ++ ++ return mpn_common_scan ( ptr[i] & (GMP_LIMB_MAX << (bit % GMP_LIMB_BITS)), ++ i, ptr, i, 0); ++} ++ ++mp_bitcnt_t ++mpn_scan0 (mp_srcptr ptr, mp_bitcnt_t bit) ++{ ++ mp_size_t i; ++ i = bit / GMP_LIMB_BITS; ++ ++ return mpn_common_scan (~ptr[i] & (GMP_LIMB_MAX << (bit % GMP_LIMB_BITS)), ++ i, ptr, i, GMP_LIMB_MAX); ++} ++ + + /* MPN division interface. */ + mp_limb_t +@@ -715,8 +776,7 @@ mpn_invert_3by2 (mp_limb_t u1, mp_limb_t u0) + if (r < th) + { + m--; +- if (r > u1 || (r == u1 && tl > u0)) +- m--; ++ m -= ((r > u1) | ((r == u1) & (tl > u0))); + } + } + +@@ -836,14 +896,20 @@ mpn_div_qr_1 (mp_ptr qp, mp_srcptr np, mp_size_t nn, mp_limb_t d) + assert (d > 0); + + /* Special case for powers of two. */ +- if (d > 1 && (d & (d-1)) == 0) ++ if ((d & (d-1)) == 0) + { +- unsigned shift; + mp_limb_t r = np[0] & (d-1); +- gmp_ctz (shift, d); + if (qp) +- mpn_rshift (qp, np, nn, shift); +- ++ { ++ if (d <= 1) ++ mpn_copyi (qp, np, nn); ++ else ++ { ++ unsigned shift; ++ gmp_ctz (shift, d); ++ mpn_rshift (qp, np, nn, shift); ++ } ++ } + return r; + } + else +@@ -880,7 +946,8 @@ mpn_div_qr_2_preinv (mp_ptr qp, mp_ptr rp, mp_srcptr np, mp_size_t nn, + + r0 = np[nn - 1]; + +- for (i = nn - 2; i >= 0; i--) ++ i = nn - 2; ++ do + { + mp_limb_t n0, q; + n0 = np[i]; +@@ -889,6 +956,7 @@ mpn_div_qr_2_preinv (mp_ptr qp, mp_ptr rp, mp_srcptr np, mp_size_t nn, + if (qp) + qp[i] = q; + } ++ while (--i >= 0); + + if (shift > 0) + { +@@ -930,18 +998,19 @@ mpn_div_qr_pi1 (mp_ptr qp, + + assert (dn > 2); + assert (nn >= dn); +- assert ((dp[dn-1] & GMP_LIMB_HIGHBIT) != 0); + + d1 = dp[dn - 1]; + d0 = dp[dn - 2]; + ++ assert ((d1 & GMP_LIMB_HIGHBIT) != 0); + /* Iteration variable is the index of the q limb. + * + * We divide + * by + */ + +- for (i = nn - dn; i >= 0; i--) ++ i = nn - dn; ++ do + { + mp_limb_t n0 = np[dn-1+i]; + +@@ -973,6 +1042,7 @@ mpn_div_qr_pi1 (mp_ptr qp, + if (qp) + qp[i] = q; + } ++ while (--i >= 0); + + np[dn - 1] = n1; + } +@@ -994,7 +1064,9 @@ mpn_div_qr_preinv (mp_ptr qp, mp_ptr np, mp_size_t nn, + mp_limb_t nh; + unsigned shift; + +- assert (dp[dn-1] & GMP_LIMB_HIGHBIT); ++ assert (inv->d1 == dp[dn-1]); ++ assert (inv->d0 == dp[dn-2]); ++ assert ((inv->d1 & GMP_LIMB_HIGHBIT) != 0); + + shift = inv->shift; + if (shift > 0) +@@ -1002,9 +1074,6 @@ mpn_div_qr_preinv (mp_ptr qp, mp_ptr np, mp_size_t nn, + else + nh = 0; + +- assert (inv->d1 == dp[dn-1]); +- assert (inv->d0 == dp[dn-2]); +- + mpn_div_qr_pi1 (qp, np, nn, nh, dp, dn, inv->di); + + if (shift > 0) +@@ -1238,15 +1307,14 @@ mpn_set_str_other (mp_ptr rp, const unsigned char *sp, size_t sn, + { + mp_size_t rn; + mp_limb_t w; +- unsigned first; + unsigned k; + size_t j; + +- first = 1 + (sn - 1) % info->exp; ++ k = 1 + (sn - 1) % info->exp; + + j = 0; + w = sp[j++]; +- for (k = 1; k < first; k++) ++ for (; --k > 0; ) + w = w * b + sp[j++]; + + rp[0] = w; +@@ -1300,7 +1368,7 @@ mpz_init (mpz_t r) + } + + /* The utility of this function is a bit limited, since many functions +- assings the result variable using mpz_swap. */ ++ assigns the result variable using mpz_swap. */ + void + mpz_init2 (mpz_t r, mp_bitcnt_t bits) + { +@@ -1422,7 +1490,7 @@ mpz_fits_ulong_p (const mpz_t u) + { + mp_size_t us = u->_mp_size; + +- return us == 0 || us == 1; ++ return (us == (us > 0)); + } + + long int +@@ -1459,6 +1527,48 @@ mpz_getlimbn (const mpz_t u, mp_size_t n) + return 0; + } + ++void ++mpz_realloc2 (mpz_t x, mp_bitcnt_t n) ++{ ++ mpz_realloc (x, 1 + (n - (n != 0)) / GMP_LIMB_BITS); ++} ++ ++mp_srcptr ++mpz_limbs_read (mpz_srcptr x) ++{ ++ return x->_mp_d;; ++} ++ ++mp_ptr ++mpz_limbs_modify (mpz_t x, mp_size_t n) ++{ ++ assert (n > 0); ++ return MPZ_REALLOC (x, n); ++} ++ ++mp_ptr ++mpz_limbs_write (mpz_t x, mp_size_t n) ++{ ++ return mpz_limbs_modify (x, n); ++} ++ ++void ++mpz_limbs_finish (mpz_t x, mp_size_t xs) ++{ ++ mp_size_t xn; ++ xn = mpn_normalized_size (x->_mp_d, GMP_ABS (xs)); ++ x->_mp_size = xs < 0 ? -xn : xn; ++} ++ ++mpz_srcptr ++mpz_roinit_n (mpz_t x, mp_srcptr xp, mp_size_t xs) ++{ ++ x->_mp_alloc = 0; ++ x->_mp_d = (mp_ptr) xp; ++ mpz_limbs_finish (x, xs); ++ return x; ++} ++ + + /* Conversions and comparison to double. */ + void +@@ -1473,19 +1583,15 @@ mpz_set_d (mpz_t r, double x) + + /* x != x is true when x is a NaN, and x == x * 0.5 is true when x is + zero or infinity. */ +- if (x == 0.0 || x != x || x == x * 0.5) ++ if (x != x || x == x * 0.5) + { + r->_mp_size = 0; + return; + } + +- if (x < 0.0) +- { +- x = - x; +- sign = 1; +- } +- else +- sign = 0; ++ sign = x < 0.0 ; ++ if (sign) ++ x = - x; + + if (x < 1.0) + { +@@ -1502,8 +1608,9 @@ mpz_set_d (mpz_t r, double x) + f = (mp_limb_t) x; + x -= f; + assert (x < 1.0); +- rp[rn-1] = f; +- for (i = rn-1; i-- > 0; ) ++ i = rn-1; ++ rp[i] = f; ++ while (--i >= 0) + { + x = B * x; + f = (mp_limb_t) x; +@@ -1611,12 +1718,7 @@ mpz_sgn (const mpz_t u) + { + mp_size_t usize = u->_mp_size; + +- if (usize > 0) +- return 1; +- else if (usize < 0) +- return -1; +- else +- return 0; ++ return (usize > 0) - (usize < 0); + } + + int +@@ -1635,10 +1737,9 @@ mpz_cmp_si (const mpz_t u, long v) + mp_limb_t ul = u->_mp_d[0]; + if ((mp_limb_t)GMP_NEG_CAST (unsigned long int, v) < ul) + return -1; +- else if ( (mp_limb_t)GMP_NEG_CAST (unsigned long int, v) > ul) +- return 1; ++ else ++ return (mp_limb_t)GMP_NEG_CAST (unsigned long int, v) > ul; + } +- return 0; + } + + int +@@ -1653,12 +1754,8 @@ mpz_cmp_ui (const mpz_t u, unsigned long v) + else + { + mp_limb_t ul = (usize > 0) ? u->_mp_d[0] : 0; +- if (ul > v) +- return 1; +- else if (ul < v) +- return -1; ++ return (ul > v) - (ul < v); + } +- return 0; + } + + int +@@ -1667,16 +1764,12 @@ mpz_cmp (const mpz_t a, const mpz_t b) + mp_size_t asize = a->_mp_size; + mp_size_t bsize = b->_mp_size; + +- if (asize > bsize) +- return 1; +- else if (asize < bsize) +- return -1; +- else if (asize > 0) ++ if (asize != bsize) ++ return (asize < bsize) ? -1 : 1; ++ else if (asize >= 0) + return mpn_cmp (a->_mp_d, b->_mp_d, asize); +- else if (asize < 0) +- return -mpn_cmp (a->_mp_d, b->_mp_d, -asize); + else +- return 0; ++ return mpn_cmp (b->_mp_d, a->_mp_d, -asize); + } + + int +@@ -1690,12 +1783,7 @@ mpz_cmpabs_ui (const mpz_t u, unsigned long v) + + ul = (un == 1) ? u->_mp_d[0] : 0; + +- if (ul > v) +- return 1; +- else if (ul < v) +- return -1; +- else +- return 0; ++ return (ul > v) - (ul < v); + } + + int +@@ -1753,7 +1841,7 @@ mpz_abs_add_ui (mpz_t r, const mpz_t a, unsigned long b) + + cy = mpn_add_1 (rp, a->_mp_d, an, b); + rp[an] = cy; +- an += (cy > 0); ++ an += cy; + + return an; + } +@@ -1815,20 +1903,21 @@ mpz_abs_add (mpz_t r, const mpz_t a, const mpz_t b) + { + mp_size_t an = GMP_ABS (a->_mp_size); + mp_size_t bn = GMP_ABS (b->_mp_size); +- mp_size_t rn; + mp_ptr rp; + mp_limb_t cy; + +- rn = GMP_MAX (an, bn); +- rp = MPZ_REALLOC (r, rn + 1); +- if (an >= bn) +- cy = mpn_add (rp, a->_mp_d, an, b->_mp_d, bn); +- else +- cy = mpn_add (rp, b->_mp_d, bn, a->_mp_d, an); ++ if (an < bn) ++ { ++ MPZ_SRCPTR_SWAP (a, b); ++ MP_SIZE_T_SWAP (an, bn); ++ } + +- rp[rn] = cy; ++ rp = MPZ_REALLOC (r, an + 1); ++ cy = mpn_add (rp, a->_mp_d, an, b->_mp_d, bn); ++ ++ rp[an] = cy; + +- return rn + (cy > 0); ++ return an + cy; + } + + static mp_size_t +@@ -1899,31 +1988,26 @@ mpz_mul_si (mpz_t r, const mpz_t u, long int v) + void + mpz_mul_ui (mpz_t r, const mpz_t u, unsigned long int v) + { +- mp_size_t un; +- mpz_t t; ++ mp_size_t un, us; + mp_ptr tp; + mp_limb_t cy; + +- un = GMP_ABS (u->_mp_size); ++ us = u->_mp_size; + +- if (un == 0 || v == 0) ++ if (us == 0 || v == 0) + { + r->_mp_size = 0; + return; + } + +- mpz_init2 (t, (un + 1) * GMP_LIMB_BITS); ++ un = GMP_ABS (us); + +- tp = t->_mp_d; ++ tp = MPZ_REALLOC (r, un + 1); + cy = mpn_mul_1 (tp, u->_mp_d, un, v); + tp[un] = cy; + +- t->_mp_size = un + (cy > 0); +- if (u->_mp_size < 0) +- t->_mp_size = - t->_mp_size; +- +- mpz_swap (r, t); +- mpz_clear (t); ++ un += (cy > 0); ++ r->_mp_size = (us < 0) ? - un : un; + } + + void +@@ -1934,8 +2018,8 @@ mpz_mul (mpz_t r, const mpz_t u, const mpz_t v) + mpz_t t; + mp_ptr tp; + +- un = GMP_ABS (u->_mp_size); +- vn = GMP_ABS (v->_mp_size); ++ un = u->_mp_size; ++ vn = v->_mp_size; + + if (un == 0 || vn == 0) + { +@@ -1943,7 +2027,10 @@ mpz_mul (mpz_t r, const mpz_t u, const mpz_t v) + return; + } + +- sign = (u->_mp_size ^ v->_mp_size) < 0; ++ sign = (un ^ vn) < 0; ++ ++ un = GMP_ABS (un); ++ vn = GMP_ABS (vn); + + mpz_init2 (t, (un + vn) * GMP_LIMB_BITS); + +@@ -1996,6 +2083,46 @@ mpz_mul_2exp (mpz_t r, const mpz_t u, mp_bitcnt_t bits) + r->_mp_size = (u->_mp_size < 0) ? - rn : rn; + } + ++void ++mpz_addmul_ui (mpz_t r, const mpz_t u, unsigned long int v) ++{ ++ mpz_t t; ++ mpz_init (t); ++ mpz_mul_ui (t, u, v); ++ mpz_add (r, r, t); ++ mpz_clear (t); ++} ++ ++void ++mpz_submul_ui (mpz_t r, const mpz_t u, unsigned long int v) ++{ ++ mpz_t t; ++ mpz_init (t); ++ mpz_mul_ui (t, u, v); ++ mpz_sub (r, r, t); ++ mpz_clear (t); ++} ++ ++void ++mpz_addmul (mpz_t r, const mpz_t u, const mpz_t v) ++{ ++ mpz_t t; ++ mpz_init (t); ++ mpz_mul (t, u, v); ++ mpz_add (r, r, t); ++ mpz_clear (t); ++} ++ ++void ++mpz_submul (mpz_t r, const mpz_t u, const mpz_t v) ++{ ++ mpz_t t; ++ mpz_init (t); ++ mpz_mul (t, u, v); ++ mpz_sub (r, r, t); ++ mpz_clear (t); ++} ++ + + /* MPZ division */ + enum mpz_div_round_mode { GMP_DIV_FLOOR, GMP_DIV_CEIL, GMP_DIV_TRUNC }; +@@ -2060,8 +2187,7 @@ mpz_div_qr (mpz_t q, mpz_t r, + mp_size_t qn, rn; + mpz_t tq, tr; + +- mpz_init (tr); +- mpz_set (tr, n); ++ mpz_init_set (tr, n); + np = tr->_mp_d; + + qn = nn - dn + 1; +@@ -2171,10 +2297,7 @@ mpz_tdiv_r (mpz_t r, const mpz_t n, const mpz_t d) + void + mpz_mod (mpz_t r, const mpz_t n, const mpz_t d) + { +- if (d->_mp_size >= 0) +- mpz_div_qr (NULL, r, n, d, GMP_DIV_FLOOR); +- else +- mpz_div_qr (NULL, r, n, d, GMP_DIV_CEIL); ++ mpz_div_qr (NULL, r, n, d, d->_mp_size >= 0 ? GMP_DIV_FLOOR : GMP_DIV_CEIL); + } + + static void +@@ -2184,7 +2307,7 @@ mpz_div_q_2exp (mpz_t q, const mpz_t u, mp_bitcnt_t bit_index, + mp_size_t un, qn; + mp_size_t limb_cnt; + mp_ptr qp; +- mp_limb_t adjust; ++ int adjust; + + un = u->_mp_size; + if (un == 0) +@@ -2226,7 +2349,8 @@ mpz_div_q_2exp (mpz_t q, const mpz_t u, mp_bitcnt_t bit_index, + + q->_mp_size = qn; + +- mpz_add_ui (q, q, adjust); ++ if (adjust) ++ mpz_add_ui (q, q, 1); + if (un < 0) + mpz_neg (q, q); + } +@@ -2303,7 +2427,7 @@ mpz_div_r_2exp (mpz_t r, const mpz_t u, mp_bitcnt_t bit_index, + { + /* r > 0, need to flip sign. */ + rp[i] = ~rp[i] + 1; +- for (i++; i < rn; i++) ++ while (++i < rn) + rp[i] = ~rp[i]; + + rp[rn-1] &= mask; +@@ -2366,6 +2490,24 @@ mpz_divisible_p (const mpz_t n, const mpz_t d) + return mpz_div_qr (NULL, NULL, n, d, GMP_DIV_TRUNC) == 0; + } + ++int ++mpz_congruent_p (const mpz_t a, const mpz_t b, const mpz_t m) ++{ ++ mpz_t t; ++ int res; ++ ++ /* a == b (mod 0) iff a == b */ ++ if (mpz_sgn (m) == 0) ++ return (mpz_cmp (a, b) == 0); ++ ++ mpz_init (t); ++ mpz_sub (t, a, b); ++ res = mpz_divisible_p (t, m); ++ mpz_clear (t); ++ ++ return res; ++} ++ + static unsigned long + mpz_div_qr_ui (mpz_t q, mpz_t r, + const mpz_t n, unsigned long d, enum mpz_div_round_mode mode) +@@ -2579,32 +2721,16 @@ mpz_gcd_ui (mpz_t g, const mpz_t u, unsigned long v) + } + + static mp_bitcnt_t +-mpz_make_odd (mpz_t r, const mpz_t u) ++mpz_make_odd (mpz_t r) + { +- mp_size_t un, rn, i; +- mp_ptr rp; +- unsigned shift; +- +- un = GMP_ABS (u->_mp_size); +- assert (un > 0); ++ mp_bitcnt_t shift; + +- for (i = 0; u->_mp_d[i] == 0; i++) +- ; +- +- gmp_ctz (shift, u->_mp_d[i]); +- +- rn = un - i; +- rp = MPZ_REALLOC (r, rn); +- if (shift > 0) +- { +- mpn_rshift (rp, u->_mp_d + i, rn, shift); +- rn -= (rp[rn-1] == 0); +- } +- else +- mpn_copyi (rp, u->_mp_d + i, rn); ++ assert (r->_mp_size > 0); ++ /* Count trailing zeros, equivalent to mpn_scan1, because we know that there is a 1 */ ++ shift = mpn_common_scan (r->_mp_d[0], 0, r->_mp_d, 0, 0); ++ mpz_tdiv_q_2exp (r, r, shift); + +- r->_mp_size = rn; +- return i * GMP_LIMB_BITS + shift; ++ return shift; + } + + void +@@ -2627,8 +2753,10 @@ mpz_gcd (mpz_t g, const mpz_t u, const mpz_t v) + mpz_init (tu); + mpz_init (tv); + +- uz = mpz_make_odd (tu, u); +- vz = mpz_make_odd (tv, v); ++ mpz_abs (tu, u); ++ uz = mpz_make_odd (tu); ++ mpz_abs (tv, v); ++ vz = mpz_make_odd (tv); + gz = GMP_MIN (uz, vz); + + if (tu->_mp_size < tv->_mp_size) +@@ -2644,7 +2772,7 @@ mpz_gcd (mpz_t g, const mpz_t u, const mpz_t v) + { + int c; + +- mpz_make_odd (tu, tu); ++ mpz_make_odd (tu); + c = mpz_cmp (tu, tv); + if (c == 0) + { +@@ -2706,8 +2834,10 @@ mpz_gcdext (mpz_t g, mpz_t s, mpz_t t, const mpz_t u, const mpz_t v) + mpz_init (t0); + mpz_init (t1); + +- uz = mpz_make_odd (tu, u); +- vz = mpz_make_odd (tv, v); ++ mpz_abs (tu, u); ++ uz = mpz_make_odd (tu); ++ mpz_abs (tv, v); ++ vz = mpz_make_odd (tv); + gz = GMP_MIN (uz, vz); + + uz -= gz; +@@ -2755,7 +2885,7 @@ mpz_gcdext (mpz_t g, mpz_t s, mpz_t t, const mpz_t u, const mpz_t v) + if (tu->_mp_size > 0) + { + mp_bitcnt_t shift; +- shift = mpz_make_odd (tu, tu); ++ shift = mpz_make_odd (tu); + mpz_mul_2exp (t0, t0, shift); + mpz_mul_2exp (s0, s0, shift); + power += shift; +@@ -2778,7 +2908,7 @@ mpz_gcdext (mpz_t g, mpz_t s, mpz_t t, const mpz_t u, const mpz_t v) + mpz_add (t0, t0, t1); + mpz_add (s0, s0, s1); + +- shift = mpz_make_odd (tv, tv); ++ shift = mpz_make_odd (tv); + mpz_mul_2exp (t1, t1, shift); + mpz_mul_2exp (s1, s1, shift); + } +@@ -2788,7 +2918,7 @@ mpz_gcdext (mpz_t g, mpz_t s, mpz_t t, const mpz_t u, const mpz_t v) + mpz_add (t1, t0, t1); + mpz_add (s1, s0, s1); + +- shift = mpz_make_odd (tu, tu); ++ shift = mpz_make_odd (tu); + mpz_mul_2exp (t0, t0, shift); + mpz_mul_2exp (s0, s0, shift); + } +@@ -2926,12 +3056,16 @@ mpz_pow_ui (mpz_t r, const mpz_t b, unsigned long e) + mpz_t tr; + mpz_init_set_ui (tr, 1); + +- for (bit = GMP_ULONG_HIGHBIT; bit > 0; bit >>= 1) ++ bit = GMP_ULONG_HIGHBIT; ++ do + { + mpz_mul (tr, tr, tr); + if (e & bit) + mpz_mul (tr, tr, b); ++ bit >>= 1; + } ++ while (bit > 0); ++ + mpz_swap (r, tr); + mpz_clear (tr); + } +@@ -2987,7 +3121,7 @@ mpz_powm (mpz_t r, const mpz_t b, const mpz_t e, const mpz_t m) + if (e->_mp_size < 0) + { + if (!mpz_invert (base, b, m)) +- gmp_die ("mpz_powm: Negative exponent and non-invertibe base."); ++ gmp_die ("mpz_powm: Negative exponent and non-invertible base."); + } + else + { +@@ -3019,7 +3153,8 @@ mpz_powm (mpz_t r, const mpz_t b, const mpz_t e, const mpz_t m) + mp_limb_t w = e->_mp_d[en]; + mp_limb_t bit; + +- for (bit = GMP_LIMB_HIGHBIT; bit > 0; bit >>= 1) ++ bit = GMP_LIMB_HIGHBIT; ++ do + { + mpz_mul (tr, tr, tr); + if (w & bit) +@@ -3029,7 +3164,9 @@ mpz_powm (mpz_t r, const mpz_t b, const mpz_t e, const mpz_t m) + mpn_div_qr_preinv (NULL, tr->_mp_d, tr->_mp_size, mp, mn, &minv); + tr->_mp_size = mpn_normalized_size (tr->_mp_d, mn); + } ++ bit >>= 1; + } ++ while (bit > 0); + } + + /* Final reduction */ +@@ -3064,21 +3201,26 @@ mpz_rootrem (mpz_t x, mpz_t r, const mpz_t y, unsigned long z) + mpz_t t, u; + + sgn = y->_mp_size < 0; +- if (sgn && (z & 1) == 0) ++ if ((~z & sgn) != 0) + gmp_die ("mpz_rootrem: Negative argument, with even root."); + if (z == 0) + gmp_die ("mpz_rootrem: Zeroth root."); + + if (mpz_cmpabs_ui (y, 1) <= 0) { +- mpz_set (x, y); ++ if (x) ++ mpz_set (x, y); + if (r) + r->_mp_size = 0; + return; + } + +- mpz_init (t); + mpz_init (u); +- mpz_setbit (t, mpz_sizeinbase (y, 2) / z + 1); ++ { ++ mp_bitcnt_t tb; ++ tb = mpz_sizeinbase (y, 2) / z + 1; ++ mpz_init2 (t, tb); ++ mpz_setbit (t, tb); ++ } + + if (z == 2) /* simplify sqrt loop: z-1 == 1 */ + do { +@@ -3110,7 +3252,8 @@ mpz_rootrem (mpz_t x, mpz_t r, const mpz_t y, unsigned long z) + mpz_pow_ui (t, u, z); + mpz_sub (r, y, t); + } +- mpz_swap (x, u); ++ if (x) ++ mpz_swap (x, u); + mpz_clear (u); + mpz_clear (t); + } +@@ -3142,19 +3285,56 @@ mpz_sqrt (mpz_t s, const mpz_t u) + mpz_rootrem (s, NULL, u, 2); + } + ++int ++mpz_perfect_square_p (const mpz_t u) ++{ ++ if (u->_mp_size <= 0) ++ return (u->_mp_size == 0); ++ else ++ return mpz_root (NULL, u, 2); ++} ++ ++int ++mpn_perfect_square_p (mp_srcptr p, mp_size_t n) ++{ ++ mpz_t t; ++ ++ assert (n > 0); ++ assert (p [n-1] != 0); ++ return mpz_root (NULL, mpz_roinit_n (t, p, n), 2); ++} ++ ++mp_size_t ++mpn_sqrtrem (mp_ptr sp, mp_ptr rp, mp_srcptr p, mp_size_t n) ++{ ++ mpz_t s, r, u; ++ mp_size_t res; ++ ++ assert (n > 0); ++ assert (p [n-1] != 0); ++ ++ mpz_init (r); ++ mpz_init (s); ++ mpz_rootrem (s, r, mpz_roinit_n (u, p, n), 2); ++ ++ assert (s->_mp_size == (n+1)/2); ++ mpn_copyd (sp, s->_mp_d, s->_mp_size); ++ mpz_clear (s); ++ res = r->_mp_size; ++ if (rp) ++ mpn_copyd (rp, r->_mp_d, res); ++ mpz_clear (r); ++ return res; ++} + + /* Combinatorics */ + + void + mpz_fac_ui (mpz_t x, unsigned long n) + { +- if (n < 2) { +- mpz_set_ui (x, 1); +- return; +- } +- mpz_set_ui (x, n); +- for (;--n > 1;) +- mpz_mul_ui (x, x, n); ++ mpz_set_ui (x, n + (n == 0)); ++ for (;n > 2;) ++ mpz_mul_ui (x, x, --n); + } + + void +@@ -3162,25 +3342,120 @@ mpz_bin_uiui (mpz_t r, unsigned long n, unsigned long k) + { + mpz_t t; + +- if (k > n) { +- r->_mp_size = 0; +- return; +- } +- mpz_fac_ui (r, n); ++ mpz_set_ui (r, k <= n); ++ ++ if (k > (n >> 1)) ++ k = (k <= n) ? n - k : 0; ++ + mpz_init (t); + mpz_fac_ui (t, k); +- mpz_divexact (r, r, t); +- mpz_fac_ui (t, n - k); ++ ++ for (; k > 0; k--) ++ mpz_mul_ui (r, r, n--); ++ + mpz_divexact (r, r, t); + mpz_clear (t); + } + + ++/* Primality testing */ ++static int ++gmp_millerrabin (const mpz_t n, const mpz_t nm1, mpz_t y, ++ const mpz_t q, mp_bitcnt_t k) ++{ ++ mp_bitcnt_t i; ++ ++ /* Caller must initialize y to the base. */ ++ mpz_powm (y, y, q, n); ++ ++ if (mpz_cmp_ui (y, 1) == 0 || mpz_cmp (y, nm1) == 0) ++ return 1; ++ ++ for (i = 1; i < k; i++) ++ { ++ mpz_powm_ui (y, y, 2, n); ++ if (mpz_cmp (y, nm1) == 0) ++ return 1; ++ if (mpz_cmp_ui (y, 1) == 0) ++ return 0; ++ } ++ return 0; ++} ++ ++/* This product is 0xc0cfd797, and fits in 32 bits. */ ++#define GMP_PRIME_PRODUCT \ ++ (3UL*5UL*7UL*11UL*13UL*17UL*19UL*23UL*29UL) ++ ++/* Bit (p+1)/2 is set, for each odd prime <= 61 */ ++#define GMP_PRIME_MASK 0xc96996dcUL ++ ++int ++mpz_probab_prime_p (const mpz_t n, int reps) ++{ ++ mpz_t nm1; ++ mpz_t q; ++ mpz_t y; ++ mp_bitcnt_t k; ++ int is_prime; ++ int j; ++ ++ /* Note that we use the absolute value of n only, for compatibility ++ with the real GMP. */ ++ if (mpz_even_p (n)) ++ return (mpz_cmpabs_ui (n, 2) == 0) ? 2 : 0; ++ ++ /* Above test excludes n == 0 */ ++ assert (n->_mp_size != 0); ++ ++ if (mpz_cmpabs_ui (n, 64) < 0) ++ return (GMP_PRIME_MASK >> (n->_mp_d[0] >> 1)) & 2; ++ ++ if (mpz_gcd_ui (NULL, n, GMP_PRIME_PRODUCT) != 1) ++ return 0; ++ ++ /* All prime factors are >= 31. */ ++ if (mpz_cmpabs_ui (n, 31*31) < 0) ++ return 2; ++ ++ /* Use Miller-Rabin, with a deterministic sequence of bases, a[j] = ++ j^2 + j + 41 using Euler's polynomial. We potentially stop early, ++ if a[j] >= n - 1. Since n >= 31*31, this can happen only if reps > ++ 30 (a[30] == 971 > 31*31 == 961). */ ++ ++ mpz_init (nm1); ++ mpz_init (q); ++ mpz_init (y); ++ ++ /* Find q and k, where q is odd and n = 1 + 2**k * q. */ ++ mpz_abs (nm1, n); ++ mpz_sub_ui (nm1, nm1, 1); ++ k = mpz_scan1 (nm1, 0); ++ mpz_tdiv_q_2exp (q, nm1, k); ++ ++ for (j = 0, is_prime = 1; is_prime && j < reps; j++) ++ { ++ mpz_set_ui (y, (unsigned long) j*j+j+41); ++ if (mpz_cmp (y, nm1) >= 0) ++ { ++ /* Don't try any further bases. */ ++ assert (j >= 30); ++ break; ++ } ++ is_prime &= gmp_millerrabin (n, nm1, y, q, k); ++ } ++ mpz_clear (nm1); ++ mpz_clear (q); ++ mpz_clear (y); ++ ++ return is_prime; ++} ++ ++ + /* Logical operations and bit manipulation. */ + + /* Numbers are treated as if represented in two's complement (and + infinitely sign extended). For a negative values we get the two's +- complement from -x = ~x + 1, where ~ is bitwise complementt. ++ complement from -x = ~x + 1, where ~ is bitwise complement. + Negation transforms + + xxxx10...0 +@@ -3374,7 +3649,8 @@ mpz_and (mpz_t r, const mpz_t u, const mpz_t v) + up = u->_mp_d; + vp = v->_mp_d; + +- for (i = 0; i < vn; i++) ++ i = 0; ++ do + { + ul = (up[i] ^ ux) + uc; + uc = ul < uc; +@@ -3386,6 +3662,7 @@ mpz_and (mpz_t r, const mpz_t u, const mpz_t v) + rc = rl < rc; + rp[i] = rl; + } ++ while (++i < vn); + assert (vc == 0); + + for (; i < rn; i++) +@@ -3445,7 +3722,8 @@ mpz_ior (mpz_t r, const mpz_t u, const mpz_t v) + up = u->_mp_d; + vp = v->_mp_d; + +- for (i = 0; i < vn; i++) ++ i = 0; ++ do + { + ul = (up[i] ^ ux) + uc; + uc = ul < uc; +@@ -3457,6 +3735,7 @@ mpz_ior (mpz_t r, const mpz_t u, const mpz_t v) + rc = rl < rc; + rp[i] = rl; + } ++ while (++i < vn); + assert (vc == 0); + + for (; i < rn; i++) +@@ -3512,7 +3791,8 @@ mpz_xor (mpz_t r, const mpz_t u, const mpz_t v) + up = u->_mp_d; + vp = v->_mp_d; + +- for (i = 0; i < vn; i++) ++ i = 0; ++ do + { + ul = (up[i] ^ ux) + uc; + uc = ul < uc; +@@ -3524,6 +3804,7 @@ mpz_xor (mpz_t r, const mpz_t u, const mpz_t v) + rc = rl < rc; + rp[i] = rl; + } ++ while (++i < vn); + assert (vc == 0); + + for (; i < un; i++) +@@ -3561,20 +3842,28 @@ gmp_popcount_limb (mp_limb_t x) + } + + mp_bitcnt_t +-mpz_popcount (const mpz_t u) ++mpn_popcount (mp_srcptr p, mp_size_t n) + { +- mp_size_t un, i; ++ mp_size_t i; + mp_bitcnt_t c; + ++ for (c = 0, i = 0; i < n; i++) ++ c += gmp_popcount_limb (p[i]); ++ ++ return c; ++} ++ ++mp_bitcnt_t ++mpz_popcount (const mpz_t u) ++{ ++ mp_size_t un; ++ + un = u->_mp_size; + + if (un < 0) + return ~(mp_bitcnt_t) 0; + +- for (c = 0, i = 0; i < un; i++) +- c += gmp_popcount_limb (u->_mp_d[i]); +- +- return c; ++ return mpn_popcount (u->_mp_d, un); + } + + mp_bitcnt_t +@@ -3591,16 +3880,13 @@ mpz_hamdist (const mpz_t u, const mpz_t v) + if ( (un ^ vn) < 0) + return ~(mp_bitcnt_t) 0; + +- if (un < 0) ++ comp = - (uc = vc = (un < 0)); ++ if (uc) + { + assert (vn < 0); + un = -un; + vn = -vn; +- uc = vc = 1; +- comp = - (mp_limb_t) 1; + } +- else +- uc = vc = comp = 0; + + up = u->_mp_d; + vp = v->_mp_d; +@@ -3636,10 +3922,8 @@ mpz_scan1 (const mpz_t u, mp_bitcnt_t starting_bit) + { + mp_ptr up; + mp_size_t us, un, i; +- mp_limb_t limb, ux, uc; +- unsigned cnt; ++ mp_limb_t limb, ux; + +- up = u->_mp_d; + us = u->_mp_size; + un = GMP_ABS (us); + i = starting_bit / GMP_LIMB_BITS; +@@ -3649,36 +3933,24 @@ mpz_scan1 (const mpz_t u, mp_bitcnt_t starting_bit) + if (i >= un) + return (us >= 0 ? ~(mp_bitcnt_t) 0 : starting_bit); + +- if (us < 0) +- { +- ux = GMP_LIMB_MAX; +- uc = mpn_zero_p (up, i); +- } +- else +- ux = uc = 0; +- +- limb = (ux ^ up[i]) + uc; +- uc = limb < uc; +- +- /* Mask to 0 all bits before starting_bit, thus ignoring them. */ +- limb &= (GMP_LIMB_MAX << (starting_bit % GMP_LIMB_BITS)); ++ up = u->_mp_d; ++ ux = 0; ++ limb = up[i]; + +- while (limb == 0) ++ if (starting_bit != 0) + { +- i++; +- if (i == un) ++ if (us < 0) + { +- assert (uc == 0); +- /* For the u > 0 case, this can happen only for the first +- masked limb. For the u < 0 case, it happens when the +- highest limbs of the absolute value are all ones. */ +- return (us >= 0 ? ~(mp_bitcnt_t) 0 : un * GMP_LIMB_BITS); ++ ux = mpn_zero_p (up, i); ++ limb = ~ limb + ux; ++ ux = - (mp_limb_t) (limb >= ux); + } +- limb = (ux ^ up[i]) + uc; +- uc = limb < uc; ++ ++ /* Mask to 0 all bits before starting_bit, thus ignoring them. */ ++ limb &= (GMP_LIMB_MAX << (starting_bit % GMP_LIMB_BITS)); + } +- gmp_ctz (cnt, limb); +- return (mp_bitcnt_t) i * GMP_LIMB_BITS + cnt; ++ ++ return mpn_common_scan (limb, i, up, un, ux); + } + + mp_bitcnt_t +@@ -3686,46 +3958,28 @@ mpz_scan0 (const mpz_t u, mp_bitcnt_t starting_bit) + { + mp_ptr up; + mp_size_t us, un, i; +- mp_limb_t limb, ux, uc; +- unsigned cnt; ++ mp_limb_t limb, ux; + +- up = u->_mp_d; + us = u->_mp_size; ++ ux = - (mp_limb_t) (us >= 0); + un = GMP_ABS (us); + i = starting_bit / GMP_LIMB_BITS; + + /* When past end, there's an immediate 0 bit for u>=0, or no 0 bits for + u<0. Notice this test picks up all cases of u==0 too. */ + if (i >= un) +- return (us >= 0 ? starting_bit : ~(mp_bitcnt_t) 0); ++ return (ux ? starting_bit : ~(mp_bitcnt_t) 0); + +- if (us < 0) +- { +- ux = GMP_LIMB_MAX; +- uc = mpn_zero_p (up, i); +- } +- else +- ux = uc = 0; ++ up = u->_mp_d; ++ limb = up[i] ^ ux; + +- limb = (ux ^ up[i]) + uc; +- uc = limb < uc; ++ if (ux == 0) ++ limb -= mpn_zero_p (up, i); /* limb = ~(~limb + zero_p) */ + +- /* Mask to 1 all bits before starting_bit, thus ignoring them. */ +- limb |= ((mp_limb_t) 1 << (starting_bit % GMP_LIMB_BITS)) - 1; ++ /* Mask all bits before starting_bit, thus ignoring them. */ ++ limb &= (GMP_LIMB_MAX << (starting_bit % GMP_LIMB_BITS)); + +- while (limb == GMP_LIMB_MAX) +- { +- i++; +- if (i == un) +- { +- assert (uc == 0); +- return (us >= 0 ? un * GMP_LIMB_BITS : ~(mp_bitcnt_t) 0); +- } +- limb = (ux ^ up[i]) + uc; +- uc = limb < uc; +- } +- gmp_ctz (cnt, ~limb); +- return (mp_bitcnt_t) i * GMP_LIMB_BITS + cnt; ++ return mpn_common_scan (limb, i, up, un, ux); + } + + +@@ -3771,11 +4025,15 @@ mpz_sizeinbase (const mpz_t u, int base) + mpn_copyi (tp, up, un); + mpn_div_qr_1_invert (&bi, base); + +- for (ndigits = 0; un > 0; ndigits++) ++ ndigits = 0; ++ do + { ++ ndigits++; + mpn_div_qr_1_preinv (tp, tp, un, &bi); + un -= (tp[un-1] == 0); + } ++ while (un > 0); ++ + gmp_free (tp); + return ndigits; + } +@@ -3852,7 +4110,6 @@ mpz_set_str (mpz_t r, const char *sp, int base) + mp_size_t rn, alloc; + mp_ptr rp; + size_t sn; +- size_t dn; + int sign; + unsigned char *dp; + +@@ -3861,13 +4118,8 @@ mpz_set_str (mpz_t r, const char *sp, int base) + while (isspace( (unsigned char) *sp)) + sp++; + +- if (*sp == '-') +- { +- sign = 1; +- sp++; +- } +- else +- sign = 0; ++ sign = (*sp == '-'); ++ sp += sign; + + if (base == 0) + { +@@ -3894,7 +4146,7 @@ mpz_set_str (mpz_t r, const char *sp, int base) + sn = strlen (sp); + dp = gmp_xalloc (sn + (sn == 0)); + +- for (dn = 0; *sp; sp++) ++ for (sn = 0; *sp; sp++) + { + unsigned digit; + +@@ -3916,7 +4168,7 @@ mpz_set_str (mpz_t r, const char *sp, int base) + return -1; + } + +- dp[dn++] = digit; ++ dp[sn++] = digit; + } + + bits = mpn_base_power_of_two_p (base); +@@ -3925,7 +4177,7 @@ mpz_set_str (mpz_t r, const char *sp, int base) + { + alloc = (sn * bits + GMP_LIMB_BITS - 1) / GMP_LIMB_BITS; + rp = MPZ_REALLOC (r, alloc); +- rn = mpn_set_str_bits (rp, dp, dn, bits); ++ rn = mpn_set_str_bits (rp, dp, sn, bits); + } + else + { +@@ -3933,7 +4185,7 @@ mpz_set_str (mpz_t r, const char *sp, int base) + mpn_get_base_info (&info, base); + alloc = (sn + info.exp - 1) / info.exp; + rp = MPZ_REALLOC (r, alloc); +- rn = mpn_set_str_other (rp, dp, dn, base, &info); ++ rn = mpn_set_str_other (rp, dp, sn, base, &info); + } + assert (rn <= alloc); + gmp_free (dp); +@@ -3967,14 +4219,9 @@ mpz_out_str (FILE *stream, int base, const mpz_t x) + static int + gmp_detect_endian (void) + { +- static const int i = 1; ++ static const int i = 2; + const unsigned char *p = (const unsigned char *) &i; +- if (*p == 1) +- /* Little endian */ +- return -1; +- else +- /* Big endian */ +- return 1; ++ return 1 - *p; + } + + /* Import and export. Does not support nails. */ +@@ -4037,29 +4284,22 @@ mpz_import (mpz_t r, size_t count, int order, size_t size, int endian, + } + } + } +- if (bytes > 0) ++ assert (i + (bytes > 0) == rn); ++ if (limb != 0) + rp[i++] = limb; +- assert (i == rn); ++ else ++ i = mpn_normalized_size (rp, i); + +- r->_mp_size = mpn_normalized_size (rp, i); ++ r->_mp_size = i; + } + + void * + mpz_export (void *r, size_t *countp, int order, size_t size, int endian, + size_t nails, const mpz_t u) + { +- unsigned char *p; +- ptrdiff_t word_step; +- size_t count, k; ++ size_t count; + mp_size_t un; + +- /* The current (partial) limb. */ +- mp_limb_t limb; +- /* The number of bytes left to to in this limb. */ +- size_t bytes; +- /* The index where the limb was read. */ +- mp_size_t i; +- + if (nails != 0) + gmp_die ("mpz_import: Nails not supported."); + +@@ -4067,62 +4307,74 @@ mpz_export (void *r, size_t *countp, int order, size_t size, int endian, + assert (endian >= -1 && endian <= 1); + assert (size > 0 || u->_mp_size == 0); + +- un = GMP_ABS (u->_mp_size); +- if (un == 0) +- { +- if (countp) +- *countp = 0; +- return r; +- } ++ un = u->_mp_size; ++ count = 0; ++ if (un != 0) ++ { ++ size_t k; ++ unsigned char *p; ++ ptrdiff_t word_step; ++ /* The current (partial) limb. */ ++ mp_limb_t limb; ++ /* The number of bytes left to to in this limb. */ ++ size_t bytes; ++ /* The index where the limb was read. */ ++ mp_size_t i; + +- /* Count bytes in top limb. */ +- for (limb = u->_mp_d[un-1], k = 0; limb > 0; k++, limb >>= CHAR_BIT) +- ; ++ un = GMP_ABS (un); + +- assert (k > 0); ++ /* Count bytes in top limb. */ ++ limb = u->_mp_d[un-1]; ++ assert (limb != 0); + +- count = (k + (un-1) * sizeof (mp_limb_t) + size - 1) / size; ++ k = 0; ++ do { ++ k++; limb >>= CHAR_BIT; ++ } while (limb != 0); + +- if (!r) +- r = gmp_xalloc (count * size); ++ count = (k + (un-1) * sizeof (mp_limb_t) + size - 1) / size; + +- if (endian == 0) +- endian = gmp_detect_endian (); ++ if (!r) ++ r = gmp_xalloc (count * size); + +- p = (unsigned char *) r; ++ if (endian == 0) ++ endian = gmp_detect_endian (); + +- word_step = (order != endian) ? 2 * size : 0; ++ p = (unsigned char *) r; + +- /* Process bytes from the least significant end, so point p at the +- least significant word. */ +- if (order == 1) +- { +- p += size * (count - 1); +- word_step = - word_step; +- } ++ word_step = (order != endian) ? 2 * size : 0; + +- /* And at least significant byte of that word. */ +- if (endian == 1) +- p += (size - 1); ++ /* Process bytes from the least significant end, so point p at the ++ least significant word. */ ++ if (order == 1) ++ { ++ p += size * (count - 1); ++ word_step = - word_step; ++ } + +- for (bytes = 0, i = 0, k = 0; k < count; k++, p += word_step) +- { +- size_t j; +- for (j = 0; j < size; j++, p -= (ptrdiff_t) endian) +- { +- if (bytes == 0) +- { +- if (i < un) +- limb = u->_mp_d[i++]; +- bytes = sizeof (mp_limb_t); +- } +- *p = limb; +- limb >>= CHAR_BIT; +- bytes--; +- } +- } +- assert (i == un); +- assert (k == count); ++ /* And at least significant byte of that word. */ ++ if (endian == 1) ++ p += (size - 1); ++ ++ for (bytes = 0, i = 0, k = 0; k < count; k++, p += word_step) ++ { ++ size_t j; ++ for (j = 0; j < size; j++, p -= (ptrdiff_t) endian) ++ { ++ if (bytes == 0) ++ { ++ if (i < un) ++ limb = u->_mp_d[i++]; ++ bytes = sizeof (mp_limb_t); ++ } ++ *p = limb; ++ limb >>= CHAR_BIT; ++ bytes--; ++ } ++ } ++ assert (i == un); ++ assert (k == count); ++ } + + if (countp) + *countp = count; +diff --git a/mini-gmp.h b/mini-gmp.h +index 8c94ca2..d8f691f 100644 +--- a/mini-gmp.h ++++ b/mini-gmp.h +@@ -1,21 +1,32 @@ + /* mini-gmp, a minimalistic implementation of a GNU GMP subset. + +-Copyright 2011, 2012, 2013 Free Software Foundation, Inc. ++Copyright 2011-2014 Free Software Foundation, Inc. + + This file is part of the GNU MP Library. + + The GNU MP Library is free software; you can redistribute it and/or modify +-it under the terms of the GNU Lesser General Public License as published by +-the Free Software Foundation; either version 3 of the License, or (at your +-option) any later version. ++it under the terms of either: ++ ++ * the GNU Lesser General Public License as published by the Free ++ Software Foundation; either version 3 of the License, or (at your ++ option) any later version. ++ ++or ++ ++ * the GNU General Public License as published by the Free Software ++ Foundation; either version 2 of the License, or (at your option) any ++ later version. ++ ++or both in parallel, as here. + + The GNU MP Library is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +-or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public +-License for more details. ++or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++for more details. + +-You should have received a copy of the GNU Lesser General Public License +-along with the GNU MP Library. If not, see http://www.gnu.org/licenses/. */ ++You should have received copies of the GNU General Public License and the ++GNU Lesser General Public License along with the GNU MP Library. If not, ++see https://www.gnu.org/licenses/. */ + + /* About mini-gmp: This is a minimal implementation of a subset of the + GMP interface. It is intended for inclusion into applications which +@@ -64,8 +75,11 @@ typedef __mpz_struct mpz_t[1]; + typedef __mpz_struct *mpz_ptr; + typedef const __mpz_struct *mpz_srcptr; + ++extern const int mp_bits_per_limb; ++ + void mpn_copyi (mp_ptr, mp_srcptr, mp_size_t); + void mpn_copyd (mp_ptr, mp_srcptr, mp_size_t); ++void mpn_zero (mp_ptr, mp_size_t); + + int mpn_cmp (mp_srcptr, mp_srcptr, mp_size_t); + +@@ -84,10 +98,17 @@ mp_limb_t mpn_submul_1 (mp_ptr, mp_srcptr, mp_size_t, mp_limb_t); + mp_limb_t mpn_mul (mp_ptr, mp_srcptr, mp_size_t, mp_srcptr, mp_size_t); + void mpn_mul_n (mp_ptr, mp_srcptr, mp_srcptr, mp_size_t); + void mpn_sqr (mp_ptr, mp_srcptr, mp_size_t); ++int mpn_perfect_square_p (mp_srcptr, mp_size_t); ++mp_size_t mpn_sqrtrem (mp_ptr, mp_ptr, mp_srcptr, mp_size_t); + + mp_limb_t mpn_lshift (mp_ptr, mp_srcptr, mp_size_t, unsigned int); + mp_limb_t mpn_rshift (mp_ptr, mp_srcptr, mp_size_t, unsigned int); + ++mp_bitcnt_t mpn_scan0 (mp_srcptr, mp_bitcnt_t); ++mp_bitcnt_t mpn_scan1 (mp_srcptr, mp_bitcnt_t); ++ ++mp_bitcnt_t mpn_popcount (mp_srcptr, mp_size_t); ++ + mp_limb_t mpn_invert_3by2 (mp_limb_t, mp_limb_t); + #define mpn_invert_limb(x) mpn_invert_3by2 ((x), 0) + +@@ -124,6 +145,10 @@ void mpz_mul_si (mpz_t, const mpz_t, long int); + void mpz_mul_ui (mpz_t, const mpz_t, unsigned long int); + void mpz_mul (mpz_t, const mpz_t, const mpz_t); + void mpz_mul_2exp (mpz_t, const mpz_t, mp_bitcnt_t); ++void mpz_addmul_ui (mpz_t, const mpz_t, unsigned long int); ++void mpz_addmul (mpz_t, const mpz_t, const mpz_t); ++void mpz_submul_ui (mpz_t, const mpz_t, unsigned long int); ++void mpz_submul (mpz_t, const mpz_t, const mpz_t); + + void mpz_cdiv_qr (mpz_t, mpz_t, const mpz_t, const mpz_t); + void mpz_fdiv_qr (mpz_t, mpz_t, const mpz_t, const mpz_t); +@@ -147,6 +172,7 @@ void mpz_mod (mpz_t, const mpz_t, const mpz_t); + void mpz_divexact (mpz_t, const mpz_t, const mpz_t); + + int mpz_divisible_p (const mpz_t, const mpz_t); ++int mpz_congruent_p (const mpz_t, const mpz_t, const mpz_t); + + unsigned long mpz_cdiv_qr_ui (mpz_t, mpz_t, const mpz_t, unsigned long); + unsigned long mpz_fdiv_qr_ui (mpz_t, mpz_t, const mpz_t, unsigned long); +@@ -176,6 +202,7 @@ int mpz_invert (mpz_t, const mpz_t, const mpz_t); + + void mpz_sqrtrem (mpz_t, mpz_t, const mpz_t); + void mpz_sqrt (mpz_t, const mpz_t); ++int mpz_perfect_square_p (const mpz_t); + + void mpz_pow_ui (mpz_t, const mpz_t, unsigned long); + void mpz_ui_pow_ui (mpz_t, unsigned long, unsigned long); +@@ -188,6 +215,9 @@ int mpz_root (mpz_t, const mpz_t, unsigned long); + void mpz_fac_ui (mpz_t, unsigned long); + void mpz_bin_uiui (mpz_t, unsigned long, unsigned long); + ++int ++mpz_probab_prime_p (const mpz_t, int); ++ + int mpz_tstbit (const mpz_t, mp_bitcnt_t); + void mpz_setbit (mpz_t, mp_bitcnt_t); + void mpz_clrbit (mpz_t, mp_bitcnt_t); +@@ -211,6 +241,15 @@ double mpz_get_d (const mpz_t); + size_t mpz_size (const mpz_t); + mp_limb_t mpz_getlimbn (const mpz_t, mp_size_t); + ++void mpz_realloc2 (mpz_t, mp_bitcnt_t); ++mp_srcptr mpz_limbs_read (mpz_srcptr); ++mp_ptr mpz_limbs_modify (mpz_t, mp_size_t); ++mp_ptr mpz_limbs_write (mpz_t, mp_size_t); ++void mpz_limbs_finish (mpz_t, mp_size_t); ++mpz_srcptr mpz_roinit_n (mpz_t, mp_srcptr, mp_size_t); ++ ++#define MPZ_ROINIT_N(xp, xs) {{0, (xs),(xp) }} ++ + void mpz_set_si (mpz_t, signed long int); + void mpz_set_ui (mpz_t, unsigned long int); + void mpz_set (mpz_t, const mpz_t); +-- +1.9.2 + diff --git a/libs/nettle/patches/0002-Added-option-to-use-mini-gmp-in-hogweed.patch b/libs/nettle/patches/0002-Added-option-to-use-mini-gmp-in-hogweed.patch new file mode 100644 index 000000000..4215bdd8d --- /dev/null +++ b/libs/nettle/patches/0002-Added-option-to-use-mini-gmp-in-hogweed.patch @@ -0,0 +1,463 @@ +From 8d5360e3e5eea3c9dbfd44f9b981f18a41605e45 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Sun, 9 Mar 2014 11:30:25 +0100 +Subject: [PATCH 2/5] Added option to use mini-gmp in hogweed. + +--- + Makefile.in | 8 +++-- + bignum.h | 6 +++- + configure.ac | 76 +++++++++++++++++++++++++++++++++++------------- + dsa.h | 2 +- + ecc-internal.h | 2 +- + ecc.h | 2 +- + eccdata.c | 12 +++++++- + examples/Makefile.in | 2 +- + examples/ecc-benchmark.c | 2 ++ + gmp-glue.c | 1 + + gmp-glue.h | 2 +- + hogweed.pc.in | 2 +- + mini-gmp.c | 2 +- + mini-gmp.h | 9 ++++++ + pkcs1.h | 2 +- + rsa.h | 2 +- + testsuite/Makefile.in | 4 +-- + testsuite/testutils.h | 5 ++-- + 18 files changed, 102 insertions(+), 39 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index 3b0e1cb..42be3a9 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -16,6 +16,10 @@ MKDIR_P = @MKDIR_P@ + + OPT_ASM_SOURCES = @OPT_ASM_SOURCES@ + ++OPT_HOGWEED_SOURCES = @OPT_HOGWEED_SOURCES@ ++ ++OPT_HOGWEED_HEADERS = @OPT_HOGWEED_HEADERS@ ++ + SUBDIRS = tools testsuite examples + + include config.make +@@ -106,7 +110,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ + nettle-meta-armors.c \ + write-be32.c write-le32.c write-le64.c + +-hogweed_SOURCES = sexp.c sexp-format.c \ ++hogweed_SOURCES = $(OPT_HOGWEED_SOURCES) sexp.c sexp-format.c \ + sexp-transport.c sexp-transport-format.c \ + bignum.c bignum-next-prime.c \ + bignum-random.c bignum-random-prime.c \ +@@ -156,7 +160,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \ + pgp.h pkcs1.h realloc.h ripemd160.h rsa.h rsa-compat.h \ + salsa20.h sexp.h \ + serpent.h sha.h sha1.h sha2.h sha3.h twofish.h \ +- umac.h yarrow.h ++ umac.h yarrow.h $(OPT_HOGWEED_HEADERS) + + INSTALL_HEADERS = $(HEADERS) nettle-stdint.h + +diff --git a/bignum.h b/bignum.h +index 746b21f..1f2ff07 100644 +--- a/bignum.h ++++ b/bignum.h +@@ -28,7 +28,11 @@ + + #include "nettle-meta.h" + +-#include ++#ifdef USE_MINI_GMP ++# include "mini-gmp.h" ++#else ++# include ++#endif + #include "nettle-types.h" + + #ifdef __cplusplus +diff --git a/configure.ac b/configure.ac +index 78a3d4e..93eb09a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -72,6 +72,16 @@ AC_ARG_ENABLE(arm-neon, + AC_HELP_STRING([--enable-arm-neon], [Enable ARM Neon assembly. (default=auto)]),, + [enable_arm_neon=auto]) + ++AC_ARG_ENABLE(mini-gmp, ++ AC_HELP_STRING([--enable-mini-gmp], [Disable gmp support and enable mini-gmp. (default=disabled)]),, ++ [enable_mini_gmp=no]) ++ ++if test "x$enable_mini_gmp" = xyes ; then ++GMP_LIBS="" ++else ++GMP_LIBS="-lgmp" ++fi ++ + LSH_RPATH_INIT([`echo $with_lib_path | sed 's/:/ /g'` \ + `echo $exec_prefix | sed "s@^NONE@$prefix/lib@g" | sed "s@^NONE@$ac_default_prefix/lib@g"` \ + /usr/local/lib /sw/local/lib /sw/lib \ +@@ -409,7 +419,7 @@ case "$host_os" in + LIBHOGWEED_SONAME='libhogweed.$(LIBHOGWEED_MAJOR).dylib' + LIBHOGWEED_FILE='libhogweed.$(LIBHOGWEED_MAJOR).$(LIBHOGWEED_MINOR).dylib' + LIBHOGWEED_LINK='$(CC) $(CFLAGS) -dynamiclib -L. $(LDFLAGS) -install_name ${libdir}/$(LIBHOGWEED_SONAME) -compatibility_version $(LIBHOGWEED_MAJOR) -current_version $(LIBHOGWEED_MAJOR).$(LIBHOGWEED_MINOR)' +- LIBHOGWEED_LIBS='-lnettle -lgmp' ++ LIBHOGWEED_LIBS='-lnettle $(GMP_LIBS)' + ;; + solaris*) + # Sun's ld uses -h to set the soname, and this option is passed +@@ -425,7 +435,7 @@ case "$host_os" in + LIBHOGWEED_SONAME='$(LIBHOGWEED_FORLINK).$(LIBHOGWEED_MAJOR)' + LIBHOGWEED_FILE='$(LIBHOGWEED_SONAME).$(LIBHOGWEED_MINOR)' + LIBHOGWEED_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -L. -G -h $(LIBHOGWEED_SONAME)' +- LIBHOGWEED_LIBS='-lnettle -lgmp' ++ LIBHOGWEED_LIBS='-lnettle $(GMP_LIBS)' + ;; + *) + LIBNETTLE_FORLINK=libnettle.so +@@ -443,7 +453,7 @@ case "$host_os" in + # -lhogweed -lgmp -lnettle are still required). Also makes dlopen + # of libhogweed.so work, without having to use RTLD_GLOBAL. + # Depends on -L. above, to locate nettle.so. +- LIBHOGWEED_LIBS='-lnettle -lgmp' ++ LIBHOGWEED_LIBS='-lnettle $(GMP_LIBS)' + ;; + esac + +@@ -644,32 +654,55 @@ if test "x$nettle_cv_fcntl_locking" = "xyes" ; then + AC_DEFINE(HAVE_FCNTL_LOCKING) + fi + +-# Checks for libraries +-AC_CHECK_LIB(gmp, __gmpz_getlimbn,, +- [AC_MSG_WARN( ++TESTSUITE_LIBS="" ++ ++OPT_HOGWEED_SOURCES="" ++OPT_HOGWEED_HEADERS="" ++if test "x$enable_mini_gmp" = xyes ; then ++ OPT_HOGWEED_SOURCES="$OPT_HOGWEED_SOURCES mini-gmp.c" ++ OPT_HOGWEED_HEADERS="$OPT_HOGWEED_HEADERS mini-gmp.h" ++ AC_DEFINE([USE_MINI_GMP], 1, [Use mini-gmp instead of gmp]) ++ IF_NOT_MINI_GMP='#' ++ GMP_NUMB_BITS="0" ++else ++ ++ # Checks for libraries ++ AC_CHECK_LIB(gmp, __gmpz_getlimbn,, ++ [AC_MSG_WARN( + [GNU MP not found, or not 3.1 or up, see http://gmplib.org/. + Support for public key algorithms will be unavailable.])] +- enable_public_key=no) ++ enable_public_key=no) + +-# Add -R flags needed to run programs linked with gmp +-LSH_RPATH_FIX ++ # Add -R flags needed to run programs linked with gmp ++ LSH_RPATH_FIX + +-# Check for gmp limb size +-nettle_cv_gmp_numb_bits=0 +-if test "$enable_public_key" = yes; then +- AC_MSG_CHECKING([for GMP limb size]) +- AC_COMPUTE_INT(nettle_cv_gmp_numb_bits, [GMP_NUMB_BITS], +- [#include ], +- [AC_MSG_FAILURE([cannot find value of GMP_NUMB_BITS])]) ++ # Check for gmp limb size ++ nettle_cv_gmp_numb_bits=0 ++ if test "$enable_public_key" = yes; then ++ AC_MSG_CHECKING([for GMP limb size]) ++ AC_COMPUTE_INT(nettle_cv_gmp_numb_bits, [GMP_NUMB_BITS], ++ [#include ], ++ [AC_MSG_FAILURE([cannot find value of GMP_NUMB_BITS])]) + +- AC_MSG_RESULT([$nettle_cv_gmp_numb_bits bits]) ++ AC_MSG_RESULT([$nettle_cv_gmp_numb_bits bits]) ++ fi ++ ++ GMP_NUMB_BITS="$nettle_cv_gmp_numb_bits" ++ ++ AH_TEMPLATE([HAVE_MPZ_POWM_SEC], [Define if mpz_powm_sec is available (appeared in GMP-5)]) ++ AC_CHECK_FUNC(__gmpz_powm_sec, [AC_DEFINE(HAVE_MPZ_POWM_SEC)]) ++ ++ IF_NOT_MINI_GMP='' ++ TESTSUITE_LIBS="-lgmp" + fi + +-GMP_NUMB_BITS="$nettle_cv_gmp_numb_bits" +-AC_SUBST([GMP_NUMB_BITS]) ++AC_SUBST([GMP_LIBS]) + +-AH_TEMPLATE([HAVE_MPZ_POWM_SEC], [Define if mpz_powm_sec is available (appeared in GMP-5)]) +-AC_CHECK_FUNC(__gmpz_powm_sec, [AC_DEFINE(HAVE_MPZ_POWM_SEC)]) ++dnl The testsuite requires gmp ++AC_SUBST([TESTSUITE_LIBS]) ++AC_SUBST([GMP_NUMB_BITS]) ++AC_SUBST([OPT_HOGWEED_SOURCES]) ++AC_SUBST([OPT_HOGWEED_HEADERS]) + + AH_TEMPLATE([WITH_HOGWEED], [Defined if public key features are enabled]) + +@@ -714,6 +747,7 @@ else + IF_DOCUMENTATION='#' + fi + ++AC_SUBST(IF_NOT_MINI_GMP) + AC_SUBST(IF_HOGWEED) + AC_SUBST(IF_STATIC) + AC_SUBST(IF_SHARED) +diff --git a/dsa.h b/dsa.h +index 7ee2624..478e4fc 100644 +--- a/dsa.h ++++ b/dsa.h +@@ -26,7 +26,7 @@ + #ifndef NETTLE_DSA_H_INCLUDED + #define NETTLE_DSA_H_INCLUDED + +-#include ++#include "bignum.h" + + #include "nettle-types.h" + +diff --git a/ecc-internal.h b/ecc-internal.h +index e8974fe..5cdd0e1 100644 +--- a/ecc-internal.h ++++ b/ecc-internal.h +@@ -25,7 +25,7 @@ + #ifndef NETTLE_ECC_INTERNAL_H_INCLUDED + #define NETTLE_ECC_INTERNAL_H_INCLUDED + +-#include ++#include "bignum.h" + + #include "nettle-types.h" + #include "ecc-curve.h" +diff --git a/ecc.h b/ecc.h +index 609d246..924f8ec 100644 +--- a/ecc.h ++++ b/ecc.h +@@ -25,7 +25,7 @@ + #ifndef NETTLE_ECC_H_INCLUDED + #define NETTLE_ECC_H_INCLUDED + +-#include ++#include "bignum.h" + + #include "nettle-types.h" + +diff --git a/eccdata.c b/eccdata.c +index 466753c..24f64e3 100644 +--- a/eccdata.c ++++ b/eccdata.c +@@ -24,11 +24,14 @@ + + /* Development of Nettle's ECC support was funded by the .SE Internet Fund. */ + ++#include "config.h" ++ + #include + #include + #include + #include + ++#include "mini-gmp.h" + #include "mini-gmp.c" + + /* Affine coordinates, for simplicity. Infinity point represented as x +@@ -895,6 +898,7 @@ int + main (int argc, char **argv) + { + struct ecc_curve ecc; ++ unsigned bits; + + if (argc < 4) + { +@@ -902,6 +906,7 @@ main (int argc, char **argv) + return EXIT_FAILURE; + } + ++ bits = atoi(argv[4]); + ecc_curve_init (&ecc, atoi(argv[1])); + + ecc_pippenger_precompute (&ecc, atoi(argv[2]), atoi(argv[3])); +@@ -912,7 +917,12 @@ main (int argc, char **argv) + ecc_curve_check (&ecc); + + if (argc > 4) +- output_curve (&ecc, atoi(argv[4])); ++ { ++ /* when using mini-gmp we cannot estimate it on configure */ ++ if (bits == 0) ++ bits = GMP_NUMB_BITS; ++ output_curve (&ecc, bits); ++ } + + return EXIT_SUCCESS; + } +diff --git a/examples/Makefile.in b/examples/Makefile.in +index 563d0dc..2bb0436 100644 +--- a/examples/Makefile.in ++++ b/examples/Makefile.in +@@ -11,7 +11,7 @@ PRE_CPPFLAGS = -I.. -I$(top_srcdir) + PRE_LDFLAGS = -L.. + + OPENSSL_LIBFLAGS = @OPENSSL_LIBFLAGS@ +-BENCH_LIBS = @BENCH_LIBS@ -lm ++BENCH_LIBS = @BENCH_LIBS@ $(TESTSUITE_LIBS) -lm + + HOGWEED_TARGETS = rsa-keygen$(EXEEXT) rsa-sign$(EXEEXT) \ + rsa-verify$(EXEEXT) rsa-encrypt$(EXEEXT) rsa-decrypt$(EXEEXT) \ +diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c +index 1faf6dc..16a1fd6 100644 +--- a/examples/ecc-benchmark.c ++++ b/examples/ecc-benchmark.c +@@ -37,6 +37,8 @@ + + #include "timing.h" + ++#undef USE_MINI_GMP ++#include + #include "../ecc.h" + #include "../ecc-internal.h" + #include "../gmp-glue.h" +diff --git a/gmp-glue.c b/gmp-glue.c +index a2633a5..d76fdea 100644 +--- a/gmp-glue.c ++++ b/gmp-glue.c +@@ -239,3 +239,4 @@ gmp_free_limbs (mp_limb_t *p, mp_size_t n) + + free_func (p, (size_t) n * sizeof(mp_limb_t)); + } ++ +diff --git a/gmp-glue.h b/gmp-glue.h +index 269667f..f51b5b5 100644 +--- a/gmp-glue.h ++++ b/gmp-glue.h +@@ -23,7 +23,7 @@ + #ifndef NETTLE_GMP_GLUE_H_INCLUDED + #define NETTLE_GMP_GLUE_H_INCLUDED + +-#include ++#include "bignum.h" + + #include "nettle-stdint.h" + +diff --git a/hogweed.pc.in b/hogweed.pc.in +index 457f5f2..9a9dea0 100644 +--- a/hogweed.pc.in ++++ b/hogweed.pc.in +@@ -13,6 +13,6 @@ URL: http://www.lysator.liu.se/~nisse/nettle + Version: @PACKAGE_VERSION@ + Requires.private: nettle + Libs: -L${libdir} -lhogweed +-Libs.private: -lgmp ++Libs.private: @GMP_LIBS@ + Cflags: -I${includedir} + +diff --git a/mini-gmp.c b/mini-gmp.c +index 766df30..cf76a2a 100644 +--- a/mini-gmp.c ++++ b/mini-gmp.c +@@ -1388,7 +1388,7 @@ mpz_clear (mpz_t r) + gmp_free (r->_mp_d); + } + +-static void * ++void * + mpz_realloc (mpz_t r, mp_size_t size) + { + size = GMP_MAX (size, 1); +diff --git a/mini-gmp.h b/mini-gmp.h +index d8f691f..dac7d1e 100644 +--- a/mini-gmp.h ++++ b/mini-gmp.h +@@ -70,6 +70,11 @@ typedef struct + mp_limb_t *_mp_d; /* Pointer to the limbs. */ + } __mpz_struct; + ++typedef __mpz_struct MP_INT; ++ ++#define GMP_NUMB_BITS (SIZEOF_LONG*8) ++#define GMP_NUMB_MASK (~0) ++ + typedef __mpz_struct mpz_t[1]; + + typedef __mpz_struct *mpz_ptr; +@@ -119,6 +124,10 @@ void mpz_init (mpz_t); + void mpz_init2 (mpz_t, mp_bitcnt_t); + void mpz_clear (mpz_t); + ++void * ++mpz_realloc (mpz_t r, mp_size_t size); ++#define _mpz_realloc mpz_realloc ++ + #define mpz_odd_p(z) (((z)->_mp_size != 0) & (int) (z)->_mp_d[0]) + #define mpz_even_p(z) (! mpz_odd_p (z)) + +diff --git a/pkcs1.h b/pkcs1.h +index fa27225..f402688 100644 +--- a/pkcs1.h ++++ b/pkcs1.h +@@ -26,7 +26,7 @@ + #ifndef NETTLE_PKCS1_H_INCLUDED + #define NETTLE_PKCS1_H_INCLUDED + +-#include ++#include "bignum.h" + #include "nettle-types.h" + + #ifdef __cplusplus +diff --git a/rsa.h b/rsa.h +index 4226f38..c293cd1 100644 +--- a/rsa.h ++++ b/rsa.h +@@ -26,7 +26,7 @@ + #ifndef NETTLE_RSA_H_INCLUDED + #define NETTLE_RSA_H_INCLUDED + +-#include ++#include "bignum.h" + #include "nettle-types.h" + + #include "md5.h" +diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in +index 91f6e2a..c8ab5f6 100644 +--- a/testsuite/Makefile.in ++++ b/testsuite/Makefile.in +@@ -47,7 +47,7 @@ TS_HOGWEED = $(TS_HOGWEED_SOURCES:.c=$(EXEEXT)) + TS_C = $(TS_NETTLE) @IF_HOGWEED@ $(TS_HOGWEED) + TS_CXX = @IF_CXX@ $(CXX_SOURCES:.cxx=$(EXEEXT)) + TARGETS = $(TS_C) $(TS_CXX) +-TS_SH = sexp-conv-test pkcs1-conv-test symbols-test ++TS_SH = sexp-conv-test pkcs1-conv-test @IF_NOT_MINI_GMP@ symbols-test + TS_ALL = $(TARGETS) $(TS_SH) + EXTRA_SOURCES = sha1-huge-test.c + EXTRA_TARGETS = $(EXTRA_SOURCES:.c=$(EXEEXT)) +@@ -75,7 +75,7 @@ all: $(TARGETS) $(EXTRA_TARGETS) + + LIB_HOGWEED = @IF_HOGWEED@ -lhogweed + TEST_OBJS = testutils.$(OBJEXT) ../nettle-internal.$(OBJEXT) \ +- $(LIB_HOGWEED) -lnettle $(LIBS) ++ $(LIB_HOGWEED) -lnettle $(LIBS) $(TESTSUITE_LIBS) + + ../nettle-internal.$(OBJEXT): + ( cd .. && $(MAKE) nettle-internal.$(OBJEXT) ) +diff --git a/testsuite/testutils.h b/testsuite/testutils.h +index 123bae2..a677a2a 100644 +--- a/testsuite/testutils.h ++++ b/testsuite/testutils.h +@@ -12,11 +12,10 @@ + #include + #include + +-#if HAVE_LIBGMP +-# include "bignum.h" +-#endif + + #if WITH_HOGWEED ++# include ++# undef USE_MINI_GMP + # include "rsa.h" + # include "dsa.h" + # include "ecc-curve.h" +-- +1.9.2 + diff --git a/libs/nettle/patches/0003-Include-local-macros-in-nettle.m4-to-allow-regenerat.patch b/libs/nettle/patches/0003-Include-local-macros-in-nettle.m4-to-allow-regenerat.patch new file mode 100644 index 000000000..440f40813 --- /dev/null +++ b/libs/nettle/patches/0003-Include-local-macros-in-nettle.m4-to-allow-regenerat.patch @@ -0,0 +1,1241 @@ +From a6d49f192166d20755a6651d4612d3abcd780822 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Sun, 9 Mar 2014 11:58:05 +0100 +Subject: [PATCH 3/5] Include local macros in nettle.m4 to allow regeneration. + +--- + configure.ac | 1 + + nettle.m4 | 1209 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 1210 insertions(+) + create mode 100644 nettle.m4 + +diff --git a/configure.ac b/configure.ac +index 93eb09a..c24f954 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -7,6 +7,7 @@ AC_PREREQ(2.61) + AC_CONFIG_SRCDIR([arcfour.c]) + # Needed to stop autoconf from looking for files in parent directories. + AC_CONFIG_AUX_DIR([.]) ++AC_CONFIG_MACRO_DIR([.]) + + AC_CONFIG_HEADER([config.h]) + +diff --git a/nettle.m4 b/nettle.m4 +new file mode 100644 +index 0000000..98b399b +--- /dev/null ++++ b/nettle.m4 +@@ -0,0 +1,1209 @@ ++dnl Try to detect the type of the third arg to getsockname() et al ++AC_DEFUN([LSH_TYPE_SOCKLEN_T], ++[AH_TEMPLATE([socklen_t], [Length type used by getsockopt]) ++AC_CACHE_CHECK([for socklen_t in sys/socket.h], ac_cv_type_socklen_t, ++[AC_EGREP_HEADER(socklen_t, sys/socket.h, ++ [ac_cv_type_socklen_t=yes], [ac_cv_type_socklen_t=no])]) ++if test $ac_cv_type_socklen_t = no; then ++ AC_MSG_CHECKING(for AIX) ++ AC_EGREP_CPP(yes, [ ++#ifdef _AIX ++ yes ++#endif ++],[ ++AC_MSG_RESULT(yes) ++AC_DEFINE(socklen_t, size_t) ++],[ ++AC_MSG_RESULT(no) ++AC_DEFINE(socklen_t, int) ++]) ++fi ++]) ++ ++dnl Choose cc flags for compiling position independent code ++dnl FIXME: Doesn't do the right thing when crosscompiling. ++AC_DEFUN([LSH_CCPIC], ++[AC_REQUIRE([AC_CANONICAL_HOST])dnl ++AC_MSG_CHECKING(CCPIC) ++AC_CACHE_VAL(lsh_cv_sys_ccpic,[ ++ if test -z "$CCPIC" ; then ++ if test "$GCC" = yes ; then ++ case "$host_os" in ++ bsdi4.*) CCPIC="-fPIC" ;; ++ bsdi*) CCPIC="" ;; ++ darwin*) CCPIC="-fPIC" ;; ++ # Could also use -fpic, depending on the number of symbol references ++ solaris*) CCPIC="-fPIC" ;; ++ cygwin*) CCPIC="" ;; ++ mingw32*) CCPIC="" ;; ++ *) CCPIC="-fpic" ;; ++ esac ++ else ++ case "$host_os" in ++ darwin*) CCPIC="-fPIC" ;; ++ irix*) CCPIC="-share" ;; ++ hpux*) CCPIC="+z"; ;; ++ *freebsd*) CCPIC="-fpic" ;; ++ sco*|sysv4.*) CCPIC="-KPIC -dy -Bdynamic" ;; ++ solaris*) CCPIC="-KPIC -Bdynamic" ;; ++ winnt*) CCPIC="-shared" ;; ++ *) CCPIC="" ;; ++ esac ++ fi ++ fi ++ OLD_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS $CCPIC" ++ AC_TRY_COMPILE([], [exit(0);], ++ lsh_cv_sys_ccpic="$CCPIC", lsh_cv_sys_ccpic='') ++ CFLAGS="$OLD_CFLAGS" ++]) ++CCPIC="$lsh_cv_sys_ccpic" ++AC_MSG_RESULT($CCPIC) ++AC_SUBST([CCPIC])]) ++ ++dnl LSH_PATH_ADD(path-id, directory) ++AC_DEFUN([LSH_PATH_ADD], ++[AC_MSG_CHECKING($2) ++ac_exists=no ++if test -d "$2/." ; then ++ ac_real_dir=`cd $2 && pwd` ++ if test -n "$ac_real_dir" ; then ++ ac_exists=yes ++ for old in $1_REAL_DIRS ; do ++ ac_found=no ++ if test x$ac_real_dir = x$old ; then ++ ac_found=yes; ++ break; ++ fi ++ done ++ if test $ac_found = yes ; then ++ AC_MSG_RESULT(already added) ++ else ++ AC_MSG_RESULT(added) ++ # LDFLAGS="$LDFLAGS -L $2" ++ $1_REAL_DIRS="$ac_real_dir [$]$1_REAL_DIRS" ++ $1_DIRS="$2 [$]$1_DIRS" ++ fi ++ fi ++fi ++if test $ac_exists = no ; then ++ AC_MSG_RESULT(not found) ++fi ++]) ++ ++dnl LSH_RPATH_ADD(dir) ++AC_DEFUN([LSH_RPATH_ADD], [LSH_PATH_ADD(RPATH_CANDIDATE, $1)]) ++ ++dnl LSH_RPATH_INIT(candidates) ++AC_DEFUN([LSH_RPATH_INIT], ++[AC_REQUIRE([AC_CANONICAL_HOST])dnl ++AC_MSG_CHECKING([for -R flag]) ++RPATHFLAG='' ++case "$host_os" in ++ osf1*) RPATHFLAG="-rpath " ;; ++ irix6.*|irix5.*) RPATHFLAG="-rpath " ;; ++ solaris*) ++ if test "$TCC" = "yes"; then ++ # tcc doesn't know about -R ++ RPATHFLAG="-Wl,-R," ++ else ++ RPATHFLAG=-R ++ fi ++ ;; ++ linux*) RPATHFLAG="-Wl,-rpath," ;; ++ *) RPATHFLAG="" ;; ++esac ++ ++if test x$RPATHFLAG = x ; then ++ AC_MSG_RESULT(none) ++else ++ AC_MSG_RESULT([using $RPATHFLAG]) ++fi ++ ++RPATH_CANDIDATE_REAL_DIRS='' ++RPATH_CANDIDATE_DIRS='' ++ ++AC_MSG_RESULT([Searching for libraries]) ++ ++for d in $1 ; do ++ LSH_RPATH_ADD($d) ++done ++]) ++ ++dnl Try to execute a main program, and if it fails, try adding some ++dnl -R flag. ++dnl LSH_RPATH_FIX ++AC_DEFUN([LSH_RPATH_FIX], ++[if test $cross_compiling = no -a "x$RPATHFLAG" != x ; then ++ ac_success=no ++ AC_TRY_RUN([int main(int argc, char **argv) { return 0; }], ++ ac_success=yes, ac_success=no, :) ++ ++ if test $ac_success = no ; then ++ AC_MSG_CHECKING([Running simple test program failed. Trying -R flags]) ++dnl echo RPATH_CANDIDATE_DIRS = $RPATH_CANDIDATE_DIRS ++ ac_remaining_dirs='' ++ ac_rpath_save_LDFLAGS="$LDFLAGS" ++ for d in $RPATH_CANDIDATE_DIRS ; do ++ if test $ac_success = yes ; then ++ ac_remaining_dirs="$ac_remaining_dirs $d" ++ else ++ LDFLAGS="$RPATHFLAG$d $LDFLAGS" ++dnl echo LDFLAGS = $LDFLAGS ++ AC_TRY_RUN([int main(int argc, char **argv) { return 0; }], ++ [ac_success=yes ++ ac_rpath_save_LDFLAGS="$LDFLAGS" ++ AC_MSG_RESULT([adding $RPATHFLAG$d]) ++ ], ++ [ac_remaining_dirs="$ac_remaining_dirs $d"], :) ++ LDFLAGS="$ac_rpath_save_LDFLAGS" ++ fi ++ done ++ RPATH_CANDIDATE_DIRS=$ac_remaining_dirs ++ fi ++ if test $ac_success = no ; then ++ AC_MSG_RESULT(failed) ++ fi ++fi ++]) ++ ++dnl Like AC_CHECK_LIB, but uses $KRB_LIBS rather than $LIBS. ++dnl LSH_CHECK_KRB_LIB(LIBRARY, FUNCTION, [, ACTION-IF-FOUND [, ++dnl ACTION-IF-NOT-FOUND [, OTHER-LIBRARIES]]]) ++ ++AC_DEFUN([LSH_CHECK_KRB_LIB], ++[AC_CHECK_LIB([$1], [$2], ++ ifelse([$3], , ++ [[ac_tr_lib=HAVE_LIB`echo $1 | sed -e 's/[^a-zA-Z0-9_]/_/g' \ ++ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` ++ AC_DEFINE_UNQUOTED($ac_tr_lib) ++ KRB_LIBS="-l$1 $KRB_LIBS" ++ ]], [$3]), ++ ifelse([$4], , , [$4 ++])dnl ++, [$5 $KRB_LIBS]) ++]) ++ ++dnl LSH_LIB_ARGP(ACTION-IF-OK, ACTION-IF-BAD) ++AC_DEFUN([LSH_LIB_ARGP], ++[ ac_argp_save_LIBS="$LIBS" ++ ac_argp_save_LDFLAGS="$LDFLAGS" ++ ac_argp_ok=no ++ # First check if we can link with argp. ++ AC_SEARCH_LIBS(argp_parse, argp, ++ [ LSH_RPATH_FIX ++ AC_CACHE_CHECK([for working argp], ++ lsh_cv_lib_argp_works, ++ [ AC_TRY_RUN( ++[#include ++#include ++ ++static const struct argp_option ++options[] = ++{ ++ { NULL, 0, NULL, 0, NULL, 0 } ++}; ++ ++struct child_state ++{ ++ int n; ++}; ++ ++static error_t ++child_parser(int key, char *arg, struct argp_state *state) ++{ ++ struct child_state *input = (struct child_state *) state->input; ++ ++ switch(key) ++ { ++ default: ++ return ARGP_ERR_UNKNOWN; ++ case ARGP_KEY_END: ++ if (!input->n) ++ input->n = 1; ++ break; ++ } ++ return 0; ++} ++ ++const struct argp child_argp = ++{ ++ options, ++ child_parser, ++ NULL, NULL, NULL, NULL, NULL ++}; ++ ++struct main_state ++{ ++ struct child_state child; ++ int m; ++}; ++ ++static error_t ++main_parser(int key, char *arg, struct argp_state *state) ++{ ++ struct main_state *input = (struct main_state *) state->input; ++ ++ switch(key) ++ { ++ default: ++ return ARGP_ERR_UNKNOWN; ++ case ARGP_KEY_INIT: ++ state->child_inputs[0] = &input->child; ++ break; ++ case ARGP_KEY_END: ++ if (!input->m) ++ input->m = input->child.n; ++ ++ break; ++ } ++ return 0; ++} ++ ++static const struct argp_child ++main_children[] = ++{ ++ { &child_argp, 0, "", 0 }, ++ { NULL, 0, NULL, 0} ++}; ++ ++static const struct argp ++main_argp = ++{ options, main_parser, ++ NULL, ++ NULL, ++ main_children, ++ NULL, NULL ++}; ++ ++int main(int argc, char **argv) ++{ ++ struct main_state input = { { 0 }, 0 }; ++ char *v[2] = { "foo", NULL }; ++ ++ argp_parse(&main_argp, 1, v, 0, NULL, &input); ++ ++ if ( (input.m == 1) && (input.child.n == 1) ) ++ return 0; ++ else ++ return 1; ++} ++], lsh_cv_lib_argp_works=yes, ++ lsh_cv_lib_argp_works=no, ++ lsh_cv_lib_argp_works=no)]) ++ ++ if test x$lsh_cv_lib_argp_works = xyes ; then ++ ac_argp_ok=yes ++ else ++ # Reset link flags ++ LIBS="$ac_argp_save_LIBS" ++ LDFLAGS="$ac_argp_save_LDFLAGS" ++ fi]) ++ ++ if test x$ac_argp_ok = xyes ; then ++ ifelse([$1],, true, [$1]) ++ else ++ ifelse([$2],, true, [$2]) ++ fi ++]) ++ ++dnl LSH_GCC_ATTRIBUTES ++dnl Check for gcc's __attribute__ construction ++ ++AC_DEFUN([LSH_GCC_ATTRIBUTES], ++[AC_CACHE_CHECK(for __attribute__, ++ lsh_cv_c_attribute, ++[ AC_TRY_COMPILE([ ++#include ++ ++static void foo(void) __attribute__ ((noreturn)); ++ ++static void __attribute__ ((noreturn)) ++foo(void) ++{ ++ exit(1); ++} ++],[], ++lsh_cv_c_attribute=yes, ++lsh_cv_c_attribute=no)]) ++ ++AH_TEMPLATE([HAVE_GCC_ATTRIBUTE], [Define if the compiler understands __attribute__]) ++if test "x$lsh_cv_c_attribute" = "xyes"; then ++ AC_DEFINE(HAVE_GCC_ATTRIBUTE) ++fi ++ ++AH_BOTTOM( ++[#if __GNUC__ && HAVE_GCC_ATTRIBUTE ++# define NORETURN __attribute__ ((__noreturn__)) ++# define PRINTF_STYLE(f, a) __attribute__ ((__format__ (__printf__, f, a))) ++# define UNUSED __attribute__ ((__unused__)) ++#else ++# define NORETURN ++# define PRINTF_STYLE(f, a) ++# define UNUSED ++#endif ++])]) ++ ++# Check for alloca, and include the standard blurb in config.h ++AC_DEFUN([LSH_FUNC_ALLOCA], ++[AC_FUNC_ALLOCA ++AC_CHECK_HEADERS([malloc.h]) ++AH_BOTTOM( ++[/* AIX requires this to be the first thing in the file. */ ++#ifndef __GNUC__ ++# if HAVE_ALLOCA_H ++# include ++# else ++# ifdef _AIX ++ #pragma alloca ++# else ++# ifndef alloca /* predefined by HP cc +Olibcalls */ ++char *alloca (); ++# endif ++# endif ++/* Needed for alloca on windows */ ++# if HAVE_MALLOC_H ++# include ++# endif ++# endif ++#else /* defined __GNUC__ */ ++# if HAVE_ALLOCA_H ++# include ++# else ++/* Needed for alloca on windows, also with gcc */ ++# if HAVE_MALLOC_H ++# include ++# endif ++# endif ++#endif ++])]) ++ ++AC_DEFUN([LSH_FUNC_STRERROR], ++[AC_CHECK_FUNCS(strerror) ++AH_BOTTOM( ++[#if HAVE_STRERROR ++#define STRERROR strerror ++#else ++#define STRERROR(x) (sys_errlist[x]) ++#endif ++])]) ++ ++AC_DEFUN([LSH_FUNC_STRSIGNAL], ++[AC_CHECK_FUNCS(strsignal) ++AC_CHECK_DECLS([sys_siglist, _sys_siglist]) ++AH_BOTTOM( ++[#if HAVE_STRSIGNAL ++# define STRSIGNAL strsignal ++#else /* !HAVE_STRSIGNAL */ ++# if HAVE_DECL_SYS_SIGLIST ++# define STRSIGNAL(x) (sys_siglist[x]) ++# else ++# if HAVE_DECL__SYS_SIGLIST ++# define STRSIGNAL(x) (_sys_siglist[x]) ++# else ++# define STRSIGNAL(x) "Unknown signal" ++# if __GNUC__ ++# warning Using dummy STRSIGNAL ++# endif ++# endif ++# endif ++#endif /* !HAVE_STRSIGNAL */ ++])]) ++ ++dnl LSH_MAKE_CONDITIONAL(symbol, test) ++AC_DEFUN([LSH_MAKE_CONDITIONAL], ++[if $2 ; then ++ IF_$1='' ++ UNLESS_$1='# ' ++else ++ IF_$1='# ' ++ UNLESS_$1='' ++fi ++AC_SUBST(IF_$1) ++AC_SUBST(UNLESS_$1)]) ++ ++dnl LSH_DEPENDENCY_TRACKING ++ ++dnl Defines compiler flags DEP_FLAGS to generate dependency ++dnl information, and DEP_PROCESS that is any shell commands needed for ++dnl massaging the dependency information further. Dependencies are ++dnl generated as a side effect of compilation. Dependency files ++dnl themselves are not treated as targets. ++ ++AC_DEFUN([LSH_DEPENDENCY_TRACKING], ++[AC_ARG_ENABLE(dependency_tracking, ++ AC_HELP_STRING([--disable-dependency-tracking], ++ [Disable dependency tracking. Dependency tracking doesn't work with BSD make]),, ++ [enable_dependency_tracking=yes]) ++ ++DEP_FLAGS='' ++DEP_PROCESS='true' ++if test x$enable_dependency_tracking = xyes ; then ++ if test x$GCC = xyes ; then ++ gcc_version=`gcc --version | head -1` ++ case "$gcc_version" in ++ 2.*|*[[!0-9.]]2.*) ++ enable_dependency_tracking=no ++ AC_MSG_WARN([Dependency tracking disabled, gcc-3.x is needed]) ++ ;; ++ *) ++ DEP_FLAGS='-MT $[]@ -MD -MP -MF $[]@.d' ++ DEP_PROCESS='true' ++ ;; ++ esac ++ else ++ enable_dependency_tracking=no ++ AC_MSG_WARN([Dependency tracking disabled]) ++ fi ++fi ++ ++if test x$enable_dependency_tracking = xyes ; then ++ DEP_INCLUDE='include ' ++else ++ DEP_INCLUDE='# ' ++fi ++ ++AC_SUBST([DEP_INCLUDE]) ++AC_SUBST([DEP_FLAGS]) ++AC_SUBST([DEP_PROCESS])]) ++ ++dnl GMP_TRY_ASSEMBLE(asm-code,[action-success][,action-fail]) ++dnl ---------------------------------------------------------- ++dnl Attempt to assemble the given code. ++dnl Do "action-success" if this succeeds, "action-fail" if not. ++dnl ++dnl conftest.o and conftest.out are available for inspection in ++dnl "action-success". If either action does a "break" out of a loop then ++dnl an explicit "rm -f conftest*" will be necessary. ++dnl ++dnl This is not unlike AC_TRY_COMPILE, but there's no default includes or ++dnl anything in "asm-code", everything wanted must be given explicitly. ++ ++AC_DEFUN([GMP_TRY_ASSEMBLE], ++[cat >conftest.s <&AC_FD_CC ++ ifelse([$2],,:,[$2]) ++else ++ cat conftest.out >&AC_FD_CC ++ echo "configure: failed program was:" >&AC_FD_CC ++ cat conftest.s >&AC_FD_CC ++ ifelse([$3],,:,[$3]) ++fi ++rm -f conftest* ++]) ++ ++dnl GMP_PROG_CC_FOR_BUILD ++dnl --------------------- ++dnl Establish CC_FOR_BUILD, a C compiler for the build system. ++dnl ++dnl If CC_FOR_BUILD is set then it's expected to work, likewise the old ++dnl style HOST_CC, otherwise some likely candidates are tried, the same as ++dnl configfsf.guess. ++ ++AC_DEFUN([GMP_PROG_CC_FOR_BUILD], ++[AC_REQUIRE([AC_PROG_CC]) ++if test -n "$CC_FOR_BUILD"; then ++ GMP_PROG_CC_FOR_BUILD_WORKS($CC_FOR_BUILD,, ++ [AC_MSG_ERROR([Specified CC_FOR_BUILD doesn't seem to work])]) ++elif test -n "$HOST_CC"; then ++ GMP_PROG_CC_FOR_BUILD_WORKS($HOST_CC, ++ [CC_FOR_BUILD=$HOST_CC], ++ [AC_MSG_ERROR([Specified HOST_CC doesn't seem to work])]) ++elif test $cross_compiling = no ; then ++ CC_FOR_BUILD="$CC" ++else ++ for i in cc gcc c89 c99; do ++ GMP_PROG_CC_FOR_BUILD_WORKS($i, ++ [CC_FOR_BUILD=$i ++ break]) ++ done ++ if test -z "$CC_FOR_BUILD"; then ++ AC_MSG_ERROR([Cannot find a build system compiler]) ++ fi ++fi ++ ++AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler]) ++AC_SUBST(CC_FOR_BUILD) ++]) ++ ++ ++dnl GMP_PROG_CC_FOR_BUILD_WORKS(cc/cflags[,[action-if-good][,action-if-bad]]) ++dnl ------------------------------------------------------------------------- ++dnl See if the given cc/cflags works on the build system. ++dnl ++dnl It seems easiest to just use the default compiler output, rather than ++dnl figuring out the .exe or whatever at this stage. ++ ++AC_DEFUN([GMP_PROG_CC_FOR_BUILD_WORKS], ++[AC_MSG_CHECKING([build system compiler $1]) ++# remove anything that might look like compiler output to our "||" expression ++rm -f conftest* a.out b.out a.exe a_out.exe ++cat >conftest.c <&AC_FD_CC 2>&1; then ++ cc_for_build_works=yes ++ fi ++fi ++rm -f conftest* a.out b.out a.exe a_out.exe ++AC_MSG_RESULT($cc_for_build_works) ++if test "$cc_for_build_works" = yes; then ++ ifelse([$2],,:,[$2]) ++else ++ ifelse([$3],,:,[$3]) ++fi ++]) ++ ++dnl GMP_PROG_EXEEXT_FOR_BUILD ++dnl ------------------------- ++dnl Determine EXEEXT_FOR_BUILD, the build system executable suffix. ++dnl ++dnl The idea is to find what "-o conftest$foo" will make it possible to run ++dnl the program with ./conftest. On Unix-like systems this is of course ++dnl nothing, for DOS it's ".exe", or for a strange RISC OS foreign file ++dnl system cross compile it can be ",ff8" apparently. Not sure if the ++dnl latter actually applies to a build-system executable, maybe it doesn't, ++dnl but it won't hurt to try. ++ ++AC_DEFUN([GMP_PROG_EXEEXT_FOR_BUILD], ++[AC_REQUIRE([GMP_PROG_CC_FOR_BUILD]) ++AC_CACHE_CHECK([for build system executable suffix], ++ gmp_cv_prog_exeext_for_build, ++[if test $cross_compiling = no ; then ++ gmp_cv_prog_exeext_for_build="$EXEEXT" ++else ++ cat >conftest.c <&AC_FD_CC; then ++ gmp_cv_prog_exeext_for_build=$i ++ break ++ fi ++ fi ++ done ++ rm -f conftest* ++ if test "${gmp_cv_prog_exeext_for_build+set}" != set; then ++ AC_MSG_ERROR([Cannot determine executable suffix]) ++ fi ++fi ++]) ++AC_SUBST(EXEEXT_FOR_BUILD,$gmp_cv_prog_exeext_for_build) ++]) ++ ++dnl NETTLE_CHECK_ARM_NEON ++dnl --------------------- ++dnl Check if ARM Neon instructions should be used. ++dnl Obeys enable_arm_neon, which should be set earlier. ++AC_DEFUN([NETTLE_CHECK_ARM_NEON], ++[if test "$enable_arm_neon" = auto ; then ++ if test "$cross_compiling" = yes ; then ++ dnl Check if compiler/assembler accepts it, ++ dnl without an explicit .fpu neon directive. ++ AC_CACHE_CHECK([if assembler accepts Neon instructions], ++ nettle_cv_asm_arm_neon, ++ [GMP_TRY_ASSEMBLE([ ++.text ++foo: ++ vmlal.u32 q1, d0, d1 ++], ++ [nettle_cv_asm_arm_neon=yes], ++ [nettle_cv_asm_arm_neon=no])]) ++ enable_arm_neon="$nettle_cv_asm_arm_neon" ++ else ++ AC_MSG_CHECKING([if /proc/cpuinfo claims neon support]) ++ if grep '^Features.*:.* neon' /proc/cpuinfo >/dev/null ; then ++ enable_arm_neon=yes ++ else ++ enable_arm_neon=no ++ fi ++ AC_MSG_RESULT($enable_arm_neon) ++ fi ++fi ++]) ++ ++dnl @synopsis AX_CREATE_STDINT_H [( HEADER-TO-GENERATE [, HEADERS-TO-CHECK])] ++dnl ++dnl the "ISO C9X: 7.18 Integer types " section requires the ++dnl existence of an include file that defines a set of ++dnl typedefs, especially uint8_t,int32_t,uintptr_t. ++dnl Many older installations will not provide this file, but some will ++dnl have the very same definitions in . In other enviroments ++dnl we can use the inet-types in which would define the ++dnl typedefs int8_t and u_int8_t respectivly. ++dnl ++dnl This macros will create a local "_stdint.h" or the headerfile given as ++dnl an argument. In many cases that file will just "#include " ++dnl or "#include ", while in other environments it will provide ++dnl the set of basic 'stdint's definitions/typedefs: ++dnl int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,intptr_t,uintptr_t ++dnl int_least32_t.. int_fast32_t.. intmax_t ++dnl which may or may not rely on the definitions of other files, ++dnl or using the AC_CHECK_SIZEOF macro to determine the actual ++dnl sizeof each type. ++dnl ++dnl if your header files require the stdint-types you will want to create an ++dnl installable file mylib-int.h that all your other installable header ++dnl may include. So if you have a library package named "mylib", just use ++dnl AX_CREATE_STDINT_H(mylib-int.h) ++dnl in configure.ac and go to install that very header file in Makefile.am ++dnl along with the other headers (mylib.h) - and the mylib-specific headers ++dnl can simply use "#include " to obtain the stdint-types. ++dnl ++dnl Remember, if the system already had a valid , the generated ++dnl file will include it directly. No need for fuzzy HAVE_STDINT_H things... ++dnl ++dnl @, (status: used on new platforms) (see http://ac-archive.sf.net/gstdint/) ++dnl @author Guido Draheim ++ ++AC_DEFUN([AX_CREATE_STDINT_H], ++[# ------ AX CREATE STDINT H ------------------------------------- ++AC_MSG_CHECKING([for stdint types]) ++ac_stdint_h=`echo ifelse($1, , _stdint.h, $1)` ++# try to shortcircuit - if the default include path of the compiler ++# can find a "stdint.h" header then we assume that all compilers can. ++AC_CACHE_VAL([ac_cv_header_stdint_t],[ ++old_CXXFLAGS="$CXXFLAGS" ; CXXFLAGS="" ++old_CPPFLAGS="$CPPFLAGS" ; CPPFLAGS="" ++old_CFLAGS="$CFLAGS" ; CFLAGS="" ++AC_TRY_COMPILE([#include ],[int_least32_t v = 0;], ++[ac_cv_stdint_result="(assuming C99 compatible system)" ++ ac_cv_header_stdint_t="stdint.h"; ], ++[ac_cv_header_stdint_t=""]) ++CXXFLAGS="$old_CXXFLAGS" ++CPPFLAGS="$old_CPPFLAGS" ++CFLAGS="$old_CFLAGS" ]) ++ ++v="... $ac_cv_header_stdint_h" ++if test "$ac_stdint_h" = "stdint.h" ; then ++ AC_MSG_RESULT([(are you sure you want them in ./stdint.h?)]) ++elif test "$ac_stdint_h" = "inttypes.h" ; then ++ AC_MSG_RESULT([(are you sure you want them in ./inttypes.h?)]) ++elif test "_$ac_cv_header_stdint_t" = "_" ; then ++ AC_MSG_RESULT([(putting them into $ac_stdint_h)$v]) ++else ++ ac_cv_header_stdint="$ac_cv_header_stdint_t" ++ AC_MSG_RESULT([$ac_cv_header_stdint (shortcircuit)]) ++fi ++ ++if test "_$ac_cv_header_stdint_t" = "_" ; then # can not shortcircuit.. ++ ++dnl .....intro message done, now do a few system checks..... ++dnl btw, all CHECK_TYPE macros do automatically "DEFINE" a type, therefore ++dnl we use the autoconf implementation detail _AC CHECK_TYPE_NEW instead ++ ++inttype_headers=`echo $2 | sed -e 's/,/ /g'` ++ ++ac_cv_stdint_result="(no helpful system typedefs seen)" ++AC_CACHE_CHECK([for stdint uintptr_t], [ac_cv_header_stdint_x],[ ++ ac_cv_header_stdint_x="" # the 1997 typedefs (inttypes.h) ++ AC_MSG_RESULT([(..)]) ++ for i in stdint.h inttypes.h sys/inttypes.h $inttype_headers ; do ++ unset ac_cv_type_uintptr_t ++ unset ac_cv_type_uint64_t ++ _AC_CHECK_TYPE_NEW(uintptr_t,[ac_cv_header_stdint_x=$i],dnl ++ continue,[#include <$i>]) ++ AC_CHECK_TYPE(uint64_t,[and64="/uint64_t"],[and64=""],[#include<$i>]) ++ ac_cv_stdint_result="(seen uintptr_t$and64 in $i)" ++ break; ++ done ++ AC_MSG_CHECKING([for stdint uintptr_t]) ++ ]) ++ ++if test "_$ac_cv_header_stdint_x" = "_" ; then ++AC_CACHE_CHECK([for stdint uint32_t], [ac_cv_header_stdint_o],[ ++ ac_cv_header_stdint_o="" # the 1995 typedefs (sys/inttypes.h) ++ AC_MSG_RESULT([(..)]) ++ for i in inttypes.h sys/inttypes.h stdint.h $inttype_headers ; do ++ unset ac_cv_type_uint32_t ++ unset ac_cv_type_uint64_t ++ AC_CHECK_TYPE(uint32_t,[ac_cv_header_stdint_o=$i],dnl ++ continue,[#include <$i>]) ++ AC_CHECK_TYPE(uint64_t,[and64="/uint64_t"],[and64=""],[#include<$i>]) ++ ac_cv_stdint_result="(seen uint32_t$and64 in $i)" ++ break; ++ done ++ AC_MSG_CHECKING([for stdint uint32_t]) ++ ]) ++fi ++ ++if test "_$ac_cv_header_stdint_x" = "_" ; then ++if test "_$ac_cv_header_stdint_o" = "_" ; then ++AC_CACHE_CHECK([for stdint u_int32_t], [ac_cv_header_stdint_u],[ ++ ac_cv_header_stdint_u="" # the BSD typedefs (sys/types.h) ++ AC_MSG_RESULT([(..)]) ++ for i in sys/types.h inttypes.h sys/inttypes.h $inttype_headers ; do ++ unset ac_cv_type_u_int32_t ++ unset ac_cv_type_u_int64_t ++ AC_CHECK_TYPE(u_int32_t,[ac_cv_header_stdint_u=$i],dnl ++ continue,[#include <$i>]) ++ AC_CHECK_TYPE(u_int64_t,[and64="/u_int64_t"],[and64=""],[#include<$i>]) ++ ac_cv_stdint_result="(seen u_int32_t$and64 in $i)" ++ break; ++ done ++ AC_MSG_CHECKING([for stdint u_int32_t]) ++ ]) ++fi fi ++ ++dnl if there was no good C99 header file, do some typedef checks... ++if test "_$ac_cv_header_stdint_x" = "_" ; then ++ AC_MSG_CHECKING([for stdint datatype model]) ++ AC_MSG_RESULT([(..)]) ++ AC_CHECK_SIZEOF(char) ++ AC_CHECK_SIZEOF(short) ++ AC_CHECK_SIZEOF(int) ++ AC_CHECK_SIZEOF(long) ++ AC_CHECK_SIZEOF(void*) ++ ac_cv_stdint_char_model="" ++ ac_cv_stdint_char_model="$ac_cv_stdint_char_model$ac_cv_sizeof_char" ++ ac_cv_stdint_char_model="$ac_cv_stdint_char_model$ac_cv_sizeof_short" ++ ac_cv_stdint_char_model="$ac_cv_stdint_char_model$ac_cv_sizeof_int" ++ ac_cv_stdint_long_model="" ++ ac_cv_stdint_long_model="$ac_cv_stdint_long_model$ac_cv_sizeof_int" ++ ac_cv_stdint_long_model="$ac_cv_stdint_long_model$ac_cv_sizeof_long" ++ ac_cv_stdint_long_model="$ac_cv_stdint_long_model$ac_cv_sizeof_voidp" ++ name="$ac_cv_stdint_long_model" ++ case "$ac_cv_stdint_char_model/$ac_cv_stdint_long_model" in ++ 122/242) name="$name, IP16 (standard 16bit machine)" ;; ++ 122/244) name="$name, LP32 (standard 32bit mac/win)" ;; ++ 122/*) name="$name (unusual int16 model)" ;; ++ 124/444) name="$name, ILP32 (standard 32bit unixish)" ;; ++ 124/488) name="$name, LP64 (standard 64bit unixish)" ;; ++ 124/448) name="$name, LLP64 (unusual 64bit unixish)" ;; ++ 124/*) name="$name (unusual int32 model)" ;; ++ 128/888) name="$name, ILP64 (unusual 64bit numeric)" ;; ++ 128/*) name="$name (unusual int64 model)" ;; ++ 222/*|444/*) name="$name (unusual dsptype)" ;; ++ *) name="$name (very unusal model)" ;; ++ esac ++ AC_MSG_RESULT([combined for stdint datatype model... $name]) ++fi ++ ++if test "_$ac_cv_header_stdint_x" != "_" ; then ++ ac_cv_header_stdint="$ac_cv_header_stdint_x" ++elif test "_$ac_cv_header_stdint_o" != "_" ; then ++ ac_cv_header_stdint="$ac_cv_header_stdint_o" ++elif test "_$ac_cv_header_stdint_u" != "_" ; then ++ ac_cv_header_stdint="$ac_cv_header_stdint_u" ++else ++ ac_cv_header_stdint="stddef.h" ++fi ++ ++AC_MSG_CHECKING([for extra inttypes in chosen header]) ++AC_MSG_RESULT([($ac_cv_header_stdint)]) ++dnl see if int_least and int_fast types are present in _this_ header. ++unset ac_cv_type_int_least32_t ++unset ac_cv_type_int_fast32_t ++AC_CHECK_TYPE(int_least32_t,,,[#include <$ac_cv_header_stdint>]) ++AC_CHECK_TYPE(int_fast32_t,,,[#include<$ac_cv_header_stdint>]) ++AC_CHECK_TYPE(intmax_t,,,[#include <$ac_cv_header_stdint>]) ++ ++fi # shortcircut to system "stdint.h" ++# ------------------ PREPARE VARIABLES ------------------------------ ++if test "$GCC" = "yes" ; then ++ac_cv_stdint_message="using gnu compiler "`$CC --version | head -1` ++else ++ac_cv_stdint_message="using $CC" ++fi ++ ++AC_MSG_RESULT([make use of $ac_cv_header_stdint in $ac_stdint_h dnl ++$ac_cv_stdint_result]) ++ ++# ----------------- DONE inttypes.h checks START header ------------- ++AC_CONFIG_COMMANDS([$ac_stdint_h],[ ++AC_MSG_NOTICE(creating $ac_stdint_h : $_ac_stdint_h) ++ac_stdint=$tmp/_stdint.h ++ ++echo "#ifndef" $_ac_stdint_h >$ac_stdint ++echo "#define" $_ac_stdint_h "1" >>$ac_stdint ++echo "#ifndef" _GENERATED_STDINT_H >>$ac_stdint ++echo "#define" _GENERATED_STDINT_H '"'$PACKAGE $VERSION'"' >>$ac_stdint ++echo "/* generated $ac_cv_stdint_message */" >>$ac_stdint ++if test "_$ac_cv_header_stdint_t" != "_" ; then ++echo "#define _STDINT_HAVE_STDINT_H" "1" >>$ac_stdint ++fi ++ ++cat >>$ac_stdint < ++#else ++#include ++ ++/* .................... configured part ............................ */ ++ ++STDINT_EOF ++ ++echo "/* whether we have a C99 compatible stdint header file */" >>$ac_stdint ++if test "_$ac_cv_header_stdint_x" != "_" ; then ++ ac_header="$ac_cv_header_stdint_x" ++ echo "#define _STDINT_HEADER_INTPTR" '"'"$ac_header"'"' >>$ac_stdint ++else ++ echo "/* #undef _STDINT_HEADER_INTPTR */" >>$ac_stdint ++fi ++ ++echo "/* whether we have a C96 compatible inttypes header file */" >>$ac_stdint ++if test "_$ac_cv_header_stdint_o" != "_" ; then ++ ac_header="$ac_cv_header_stdint_o" ++ echo "#define _STDINT_HEADER_UINT32" '"'"$ac_header"'"' >>$ac_stdint ++else ++ echo "/* #undef _STDINT_HEADER_UINT32 */" >>$ac_stdint ++fi ++ ++echo "/* whether we have a BSD compatible inet types header */" >>$ac_stdint ++if test "_$ac_cv_header_stdint_u" != "_" ; then ++ ac_header="$ac_cv_header_stdint_u" ++ echo "#define _STDINT_HEADER_U_INT32" '"'"$ac_header"'"' >>$ac_stdint ++else ++ echo "/* #undef _STDINT_HEADER_U_INT32 */" >>$ac_stdint ++fi ++ ++echo "" >>$ac_stdint ++ ++if test "_$ac_header" != "_" ; then if test "$ac_header" != "stddef.h" ; then ++ echo "#include <$ac_header>" >>$ac_stdint ++ echo "" >>$ac_stdint ++fi fi ++ ++echo "/* which 64bit typedef has been found */" >>$ac_stdint ++if test "$ac_cv_type_uint64_t" = "yes" ; then ++echo "#define _STDINT_HAVE_UINT64_T" "1" >>$ac_stdint ++else ++echo "/* #undef _STDINT_HAVE_UINT64_T */" >>$ac_stdint ++fi ++if test "$ac_cv_type_u_int64_t" = "yes" ; then ++echo "#define _STDINT_HAVE_U_INT64_T" "1" >>$ac_stdint ++else ++echo "/* #undef _STDINT_HAVE_U_INT64_T */" >>$ac_stdint ++fi ++echo "" >>$ac_stdint ++ ++echo "/* which type model has been detected */" >>$ac_stdint ++if test "_$ac_cv_stdint_char_model" != "_" ; then ++echo "#define _STDINT_CHAR_MODEL" "$ac_cv_stdint_char_model" >>$ac_stdint ++echo "#define _STDINT_LONG_MODEL" "$ac_cv_stdint_long_model" >>$ac_stdint ++else ++echo "/* #undef _STDINT_CHAR_MODEL // skipped */" >>$ac_stdint ++echo "/* #undef _STDINT_LONG_MODEL // skipped */" >>$ac_stdint ++fi ++echo "" >>$ac_stdint ++ ++echo "/* whether int_least types were detected */" >>$ac_stdint ++if test "$ac_cv_type_int_least32_t" = "yes"; then ++echo "#define _STDINT_HAVE_INT_LEAST32_T" "1" >>$ac_stdint ++else ++echo "/* #undef _STDINT_HAVE_INT_LEAST32_T */" >>$ac_stdint ++fi ++echo "/* whether int_fast types were detected */" >>$ac_stdint ++if test "$ac_cv_type_int_fast32_t" = "yes"; then ++echo "#define _STDINT_HAVE_INT_FAST32_T" "1" >>$ac_stdint ++else ++echo "/* #undef _STDINT_HAVE_INT_FAST32_T */" >>$ac_stdint ++fi ++echo "/* whether intmax_t type was detected */" >>$ac_stdint ++if test "$ac_cv_type_intmax_t" = "yes"; then ++echo "#define _STDINT_HAVE_INTMAX_T" "1" >>$ac_stdint ++else ++echo "/* #undef _STDINT_HAVE_INTMAX_T */" >>$ac_stdint ++fi ++echo "" >>$ac_stdint ++ ++ cat >>$ac_stdint <= 199901L ++#define _HAVE_UINT64_T ++typedef long long int64_t; ++typedef unsigned long long uint64_t; ++ ++#elif !defined __STRICT_ANSI__ ++#if defined _MSC_VER || defined __WATCOMC__ || defined __BORLANDC__ ++#define _HAVE_UINT64_T ++typedef __int64 int64_t; ++typedef unsigned __int64 uint64_t; ++ ++#elif defined __GNUC__ || defined __MWERKS__ || defined __ELF__ ++/* note: all ELF-systems seem to have loff-support which needs 64-bit */ ++#if !defined _NO_LONGLONG ++#define _HAVE_UINT64_T ++typedef long long int64_t; ++typedef unsigned long long uint64_t; ++#endif ++ ++#elif defined __alpha || (defined __mips && defined _ABIN32) ++#if !defined _NO_LONGLONG ++typedef long int64_t; ++typedef unsigned long uint64_t; ++#endif ++ /* compiler/cpu type to define int64_t */ ++#endif ++#endif ++#endif ++ ++#if defined _STDINT_HAVE_U_INT_TYPES ++/* int8_t int16_t int32_t defined by inet code, redeclare the u_intXX types */ ++typedef u_int8_t uint8_t; ++typedef u_int16_t uint16_t; ++typedef u_int32_t uint32_t; ++ ++/* glibc compatibility */ ++#ifndef __int8_t_defined ++#define __int8_t_defined ++#endif ++#endif ++ ++#ifdef _STDINT_NEED_INT_MODEL_T ++/* we must guess all the basic types. Apart from byte-adressable system, */ ++/* there a few 32-bit-only dsp-systems that we guard with BYTE_MODEL 8-} */ ++/* (btw, those nibble-addressable systems are way off, or so we assume) */ ++ ++dnl /* have a look at "64bit and data size neutrality" at */ ++dnl /* http://unix.org/version2/whatsnew/login_64bit.html */ ++dnl /* (the shorthand "ILP" types always have a "P" part) */ ++ ++#if defined _STDINT_BYTE_MODEL ++#if _STDINT_LONG_MODEL+0 == 242 ++/* 2:4:2 = IP16 = a normal 16-bit system */ ++typedef unsigned char uint8_t; ++typedef unsigned short uint16_t; ++typedef unsigned long uint32_t; ++#ifndef __int8_t_defined ++#define __int8_t_defined ++typedef char int8_t; ++typedef short int16_t; ++typedef long int32_t; ++#endif ++#elif _STDINT_LONG_MODEL+0 == 244 || _STDINT_LONG_MODEL == 444 ++/* 2:4:4 = LP32 = a 32-bit system derived from a 16-bit */ ++/* 4:4:4 = ILP32 = a normal 32-bit system */ ++typedef unsigned char uint8_t; ++typedef unsigned short uint16_t; ++typedef unsigned int uint32_t; ++#ifndef __int8_t_defined ++#define __int8_t_defined ++typedef char int8_t; ++typedef short int16_t; ++typedef int int32_t; ++#endif ++#elif _STDINT_LONG_MODEL+0 == 484 || _STDINT_LONG_MODEL+0 == 488 ++/* 4:8:4 = IP32 = a 32-bit system prepared for 64-bit */ ++/* 4:8:8 = LP64 = a normal 64-bit system */ ++typedef unsigned char uint8_t; ++typedef unsigned short uint16_t; ++typedef unsigned int uint32_t; ++#ifndef __int8_t_defined ++#define __int8_t_defined ++typedef char int8_t; ++typedef short int16_t; ++typedef int int32_t; ++#endif ++/* this system has a "long" of 64bit */ ++#ifndef _HAVE_UINT64_T ++#define _HAVE_UINT64_T ++typedef unsigned long uint64_t; ++typedef long int64_t; ++#endif ++#elif _STDINT_LONG_MODEL+0 == 448 ++/* LLP64 a 64-bit system derived from a 32-bit system */ ++typedef unsigned char uint8_t; ++typedef unsigned short uint16_t; ++typedef unsigned int uint32_t; ++#ifndef __int8_t_defined ++#define __int8_t_defined ++typedef char int8_t; ++typedef short int16_t; ++typedef int int32_t; ++#endif ++/* assuming the system has a "long long" */ ++#ifndef _HAVE_UINT64_T ++#define _HAVE_UINT64_T ++typedef unsigned long long uint64_t; ++typedef long long int64_t; ++#endif ++#else ++#define _STDINT_NO_INT32_T ++#endif ++#else ++#define _STDINT_NO_INT8_T ++#define _STDINT_NO_INT32_T ++#endif ++#endif ++ ++/* ++ * quote from SunOS-5.8 sys/inttypes.h: ++ * Use at your own risk. As of February 1996, the committee is squarely ++ * behind the fixed sized types; the "least" and "fast" types are still being ++ * discussed. The probability that the "fast" types may be removed before ++ * the standard is finalized is high enough that they are not currently ++ * implemented. ++ */ ++ ++#if defined _STDINT_NEED_INT_LEAST_T ++typedef int8_t int_least8_t; ++typedef int16_t int_least16_t; ++typedef int32_t int_least32_t; ++#ifdef _HAVE_UINT64_T ++typedef int64_t int_least64_t; ++#endif ++ ++typedef uint8_t uint_least8_t; ++typedef uint16_t uint_least16_t; ++typedef uint32_t uint_least32_t; ++#ifdef _HAVE_UINT64_T ++typedef uint64_t uint_least64_t; ++#endif ++ /* least types */ ++#endif ++ ++#if defined _STDINT_NEED_INT_FAST_T ++typedef int8_t int_fast8_t; ++typedef int int_fast16_t; ++typedef int32_t int_fast32_t; ++#ifdef _HAVE_UINT64_T ++typedef int64_t int_fast64_t; ++#endif ++ ++typedef uint8_t uint_fast8_t; ++typedef unsigned uint_fast16_t; ++typedef uint32_t uint_fast32_t; ++#ifdef _HAVE_UINT64_T ++typedef uint64_t uint_fast64_t; ++#endif ++ /* fast types */ ++#endif ++ ++#ifdef _STDINT_NEED_INTMAX_T ++#ifdef _HAVE_UINT64_T ++typedef int64_t intmax_t; ++typedef uint64_t uintmax_t; ++#else ++typedef long intmax_t; ++typedef unsigned long uintmax_t; ++#endif ++#endif ++ ++#ifdef _STDINT_NEED_INTPTR_T ++#ifndef __intptr_t_defined ++#define __intptr_t_defined ++/* we encourage using "long" to store pointer values, never use "int" ! */ ++#if _STDINT_LONG_MODEL+0 == 242 || _STDINT_LONG_MODEL+0 == 484 ++typedef unsinged int uintptr_t; ++typedef int intptr_t; ++#elif _STDINT_LONG_MODEL+0 == 244 || _STDINT_LONG_MODEL+0 == 444 ++typedef unsigned long uintptr_t; ++typedef long intptr_t; ++#elif _STDINT_LONG_MODEL+0 == 448 && defined _HAVE_UINT64_T ++typedef uint64_t uintptr_t; ++typedef int64_t intptr_t; ++#else /* matches typical system types ILP32 and LP64 - but not IP16 or LLP64 */ ++typedef unsigned long uintptr_t; ++typedef long intptr_t; ++#endif ++#endif ++#endif ++ ++ /* shortcircuit*/ ++#endif ++ /* once */ ++#endif ++#endif ++STDINT_EOF ++ if cmp -s $ac_stdint_h $ac_stdint 2>/dev/null; then ++ AC_MSG_NOTICE([$ac_stdint_h is unchanged]) ++ else ++ ac_dir=`AS_DIRNAME(["$ac_stdint_h"])` ++ AS_MKDIR_P(["$ac_dir"]) ++ rm -f $ac_stdint_h ++ mv $ac_stdint $ac_stdint_h ++ fi ++],[# variables for create stdint.h replacement ++PACKAGE="$PACKAGE" ++VERSION="$VERSION" ++ac_stdint_h="$ac_stdint_h" ++_ac_stdint_h=AS_TR_CPP(_$PACKAGE-$ac_stdint_h) ++ac_cv_stdint_message="$ac_cv_stdint_message" ++ac_cv_header_stdint_t="$ac_cv_header_stdint_t" ++ac_cv_header_stdint_x="$ac_cv_header_stdint_x" ++ac_cv_header_stdint_o="$ac_cv_header_stdint_o" ++ac_cv_header_stdint_u="$ac_cv_header_stdint_u" ++ac_cv_type_uint64_t="$ac_cv_type_uint64_t" ++ac_cv_type_u_int64_t="$ac_cv_type_u_int64_t" ++ac_cv_stdint_char_model="$ac_cv_stdint_char_model" ++ac_cv_stdint_long_model="$ac_cv_stdint_long_model" ++ac_cv_type_int_least32_t="$ac_cv_type_int_least32_t" ++ac_cv_type_int_fast32_t="$ac_cv_type_int_fast32_t" ++ac_cv_type_intmax_t="$ac_cv_type_intmax_t" ++]) ++]) +-- +1.9.2 + diff --git a/libs/nettle/patches/0004-Added-auto-generated-nettle-config.h.patch b/libs/nettle/patches/0004-Added-auto-generated-nettle-config.h.patch new file mode 100644 index 000000000..a4534a505 --- /dev/null +++ b/libs/nettle/patches/0004-Added-auto-generated-nettle-config.h.patch @@ -0,0 +1,100 @@ +From 7508bb15de94b38402152757f75ff3e2094fdd86 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Sun, 9 Mar 2014 13:27:03 +0100 +Subject: [PATCH 4/5] Added-auto-generated-nettle-config.h + +--- + Makefile.in | 4 ++-- + bignum.h | 1 + + configure.ac | 1 + + examples/ecc-benchmark.c | 1 + + nettle-config.h.in | 6 ++++++ + testsuite/testutils.h | 1 + + 7 files changed, 13 insertions(+), 2 deletions(-) + create mode 100644 nettle-config.h.in + +diff --git a/Makefile.in b/Makefile.in +index 42be3a9..280dd30 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -151,7 +151,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \ + des.h des-compat.h dsa.h ecc-curve.h ecc.h ecdsa.h \ + gcm.h gosthash94.h hmac.h \ + knuth-lfib.h \ +- macros.h \ ++ macros.h nettle-config.h \ + md2.h md4.h \ + md5.h md5-compat.h \ + memxor.h \ +@@ -174,7 +174,7 @@ DISTFILES = $(SOURCES) $(HEADERS) getopt.h .bootstrap run-tests \ + config.guess config.sub install-sh texinfo.tex \ + config.h.in config.m4.in config.make.in Makefile.in \ + README AUTHORS COPYING.LIB INSTALL NEWS TODO ChangeLog \ +- nettle.pc.in hogweed.pc.in \ ++ nettle.pc.in hogweed.pc.in nettle-config.h.in \ + memxor.c $(des_headers) descore.README \ + aes-internal.h camellia-internal.h serpent-internal.h \ + cast128_sboxes.h desinfo.h desCode.h \ +diff --git a/bignum.h b/bignum.h +index 1f2ff07..c31ccaa 100644 +--- a/bignum.h ++++ b/bignum.h +@@ -26,6 +26,7 @@ + #ifndef NETTLE_BIGNUM_H_INCLUDED + #define NETTLE_BIGNUM_H_INCLUDED + ++#include "nettle-config.h" + #include "nettle-meta.h" + + #ifdef USE_MINI_GMP +diff --git a/configure.ac b/configure.ac +index c24f954..cb65bcd 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -10,6 +10,7 @@ AC_CONFIG_AUX_DIR([.]) + AC_CONFIG_MACRO_DIR([.]) + + AC_CONFIG_HEADER([config.h]) ++AC_CONFIG_HEADER([nettle-config.h]) + + LIBNETTLE_MAJOR=4 + LIBNETTLE_MINOR=7 +diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c +index 16a1fd6..eaaf3a5 100644 +--- a/examples/ecc-benchmark.c ++++ b/examples/ecc-benchmark.c +@@ -38,6 +38,7 @@ + #include "timing.h" + + #undef USE_MINI_GMP ++#define NETTLE_CONFIG_H_INCLUDED + #include + #include "../ecc.h" + #include "../ecc-internal.h" +diff --git a/nettle-config.h.in b/nettle-config.h.in +new file mode 100644 +index 0000000..11330ff +--- /dev/null ++++ b/nettle-config.h.in +@@ -0,0 +1,6 @@ ++#ifndef NETTLE_CONFIG_H_INCLUDED ++#define NETTLE_CONFIG_H_INCLUDED ++ ++#undef USE_MINI_GMP ++ ++#endif +diff --git a/testsuite/testutils.h b/testsuite/testutils.h +index a677a2a..6e9b30c 100644 +--- a/testsuite/testutils.h ++++ b/testsuite/testutils.h +@@ -15,6 +15,7 @@ + + #if WITH_HOGWEED + # include ++# define NETTLE_CONFIG_H_INCLUDED + # undef USE_MINI_GMP + # include "rsa.h" + # include "dsa.h" +-- +1.9.2 + diff --git a/libs/nettle/patches/0005-allow-der-iterator-to-be-used-with-mini-gmp.patch b/libs/nettle/patches/0005-allow-der-iterator-to-be-used-with-mini-gmp.patch new file mode 100644 index 000000000..3a8725495 --- /dev/null +++ b/libs/nettle/patches/0005-allow-der-iterator-to-be-used-with-mini-gmp.patch @@ -0,0 +1,34 @@ +From d71b3138cbdc3852c96a2639995f2d7f44b1c76c Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Sat, 29 Mar 2014 09:12:41 +0100 +Subject: [PATCH 5/5] allow der-iterator to be used with mini-gmp + +--- + der-iterator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/der-iterator.c b/der-iterator.c +index 2e6efd5..5ab15b9 100644 +--- a/der-iterator.c ++++ b/der-iterator.c +@@ -30,7 +30,7 @@ + #include + #include + +-#if HAVE_LIBGMP ++#if defined(HAVE_LIBGMP) || defined(USE_MINI_GMP) + #include "bignum.h" + #endif + +@@ -246,7 +246,7 @@ asn1_der_get_uint32(struct asn1_der_iterator *i, + return 1; + } + +-#if HAVE_LIBGMP ++#if defined(HAVE_LIBGMP) || defined(USE_MINI_GMP) + int + asn1_der_get_bignum(struct asn1_der_iterator *i, + mpz_t x, unsigned max_bits) +-- +1.9.2 + diff --git a/net/ocserv/Config.in b/net/ocserv/Config.in new file mode 100644 index 000000000..75ebd5ada --- /dev/null +++ b/net/ocserv/Config.in @@ -0,0 +1,14 @@ +# ocserv avanced configuration + +menu "Configuration" + depends on PACKAGE_ocserv + +config OCSERV_PAM + bool "enable PAM" + default n + +config OCSERV_PROTOBUF + bool "use external libprotobuf" + default n + +endmenu diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile new file mode 100644 index 000000000..4a16469e7 --- /dev/null +++ b/net/ocserv/Makefile @@ -0,0 +1,77 @@ +# +# Copyright (C) 2007-2011 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=ocserv +PKG_VERSION:=0.8.0 +PKG_RELEASE:=2 + +PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE_URL :=ftp://ftp.infradead.org/pub/ocserv/ +PKG_MD5SUM:=6383535a21f8eecfb1bbb7f7ac99c41f + +PKG_LICENSE:=GPLv3 +PKG_LICENSE_FILES:=COPYING +PKG_FIXUP:=autoreconf + +include $(INCLUDE_DIR)/package.mk + +define Package/ocserv/config + source "$(SOURCE)/Config.in" +endef + +define Package/ocserv + SECTION:=net + CATEGORY:=Network + SUBMENU:=VPN + TITLE:=OpenConnect VPN server + URL:=http://www.infradead.org/ocserv/ + MAINTAINER:=Nikos Mavrogiannopoulos + DEPENDS:= +libgnutls +libncurses +libreadline +OCSERV_PAM:libpam +OCSERV_PROTOBUF:libprotobuf-c +endef + +define Package/ocserv/description + OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be + a secure, small, fast and configurable VPN server. It implements the + OpenConnect SSL VPN protocol, and has also (currently experimental) + compatibility with clients using the AnyConnect SSL VPN protocol. The + OpenConnect VPN protocol uses the standard IETF security protocols such + as TLS 1.2, and Datagram TLS to provide the secure VPN service. +endef + +EXTRA_CPPFLAGS+=-I$(STAGING_DIR)/usr/include/readline/ +EXTRA_LDFLAGS+=-lncurses + +CONFIGURE_ARGS+= \ + --enable-local-libopts \ + --with-libreadline-prefix="$(STAGING_DIR)/" \ + +ifneq ($(CONFIG_OCSERV_PAM),y) +CONFIGURE_ARGS += --without-pam +endif + +ifneq ($(CONFIG_OCSERV_PROTOBUF),y) +CONFIGURE_ARGS += --without-protobuf +endif + +define Package/ocserv/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ocserv $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ocpasswd $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/occtl $(1)/usr/bin/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/ocserv.init $(1)/etc/init.d/ocserv + $(INSTALL_DIR) $(1)/etc/ocserv + $(INSTALL_CONF) ./files/ocserv.conf.template $(1)/etc/ocserv/ocserv.conf.template + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/config $(1)/etc/config/ocserv +endef + +$(eval $(call BuildPackage,ocserv)) diff --git a/net/ocserv/files/config b/net/ocserv/files/config new file mode 100644 index 000000000..48144598c --- /dev/null +++ b/net/ocserv/files/config @@ -0,0 +1,17 @@ + +config ocserv 'config' + option port '4443' + option dpd '180' + option max_clients '8' + option max_same '2' + option enable '0' + option zone 'lan' + +config ocservusers + +config dns + option ip '8.8.8.8' + +config routes + option ip '192.168.1.0' + option netmask '255.255.255.0' diff --git a/net/ocserv/files/ocserv-script b/net/ocserv/files/ocserv-script new file mode 100755 index 000000000..e0a601b75 --- /dev/null +++ b/net/ocserv/files/ocserv-script @@ -0,0 +1,11 @@ +#!/bin/sh + +ZONE=`uci get ocserv.config.ZONE` + +if [ "$REASON" = "connect" ];then + env -i ACTION=ifup INTERFACE="$ZONE" DEVICE=$DEVICE /sbin/hotplug-call "iface" +else + env -i ACTION=ifdown INTERFACE="$ZONE" DEVICE=$DEVICE /sbin/hotplug-call "iface" +fi + +exit 0 diff --git a/net/ocserv/files/ocserv.conf.template b/net/ocserv/files/ocserv.conf.template new file mode 100644 index 000000000..8461b9027 --- /dev/null +++ b/net/ocserv/files/ocserv.conf.template @@ -0,0 +1,339 @@ +# User authentication method. Could be set multiple times and in that case +# all should succeed. +# Options: certificate, pam. +#auth = "certificate" +#auth = "pam" + +# The gid-min option is used by auto-select-group option, in order to +# select the minimum group ID. +#auth = "pam[gid-min=1000]" + +# The plain option requires specifying a password file which contains +# entries of the following format. +# "username:groupname:encoded-password" +# One entry must be listed per line, and 'ocpasswd' can be used +# to generate password entries. +auth = "|AUTH|" + +# A banner to be displayed on clients +banner = "Welcome to OpenWRT" + +# Use listen-host to limit to specific IPs or to the IPs of a provided +# hostname. +#listen-host = [IP|HOSTNAME] + +# Limit the number of clients. Unset or set to zero for unlimited. +#max-clients = 1024 +max-clients = |MAX_CLIENTS| + +# Limit the number of client connections to one every X milliseconds +# (X is the provided value). Set to zero for no limit. +#rate-limit-ms = 100 + +# Limit the number of identical clients (i.e., users connecting +# multiple times). Unset or set to zero for unlimited. +max-same-clients = |MAX_SAME| + +# TCP and UDP port number +tcp-port = |PORT| +|UDP|udp-port = |PORT| + +# Keepalive in seconds +keepalive = 32400 + +# Dead peer detection in seconds. +dpd = |DPD| + +# Dead peer detection for mobile clients. The needs to +# be much higher to prevent such clients being awaken too +# often by the DPD messages, and save battery. +# (clients that send the X-AnyConnect-Identifier-DeviceType) +#mobile-dpd = 1800 + +# MTU discovery (DPD must be enabled) +try-mtu-discovery = false + +# The key and the certificates of the server +# The key may be a file, or any URL supported by GnuTLS (e.g., +# tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user +# or pkcs11:object=my-vpn-key;object-type=private) +# +# There may be multiple certificate and key pairs and each key +# should correspond to the preceding certificate. +server-cert = /etc/ocserv/server-cert.pem +server-key = /etc/ocserv/server-key.pem + +# Diffie-Hellman parameters. Only needed if you require support +# for the DHE ciphersuites (by default this server supports ECDHE). +# Can be generated using: +# certtool --generate-dh-params --outfile /path/to/dh.pem +#dh-params = /path/to/dh.pem + +# If you have a certificate from a CA that provides an OCSP +# service you may provide a fresh OCSP status response within +# the TLS handshake. That will prevent the client from connecting +# independently on the OCSP server. +# You can update this response periodically using: +# ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response +# Make sure that you replace the following file in an atomic way. +#ocsp-response = /path/to/ocsp.der + +# In case PKCS #11 or TPM keys are used the PINs should be available +# in files. The srk-pin-file is applicable to TPM keys only, and is the +# storage root key. +#pin-file = /path/to/pin.txt +#srk-pin-file = /path/to/srkpin.txt + +# The Certificate Authority that will be used to verify +# client certificates (public keys) if certificate authentication +# is set. +#ca-cert = /etc/ocserv/ca.pem + +# The object identifier that will be used to read the user ID in the client +# certificate. The object identifier should be part of the certificate's DN +# Useful OIDs are: +# CN = 2.5.4.3, UID = 0.9.2342.19200300.100.1.1 +#cert-user-oid = 0.9.2342.19200300.100.1.1 + +# The object identifier that will be used to read the user group in the +# client certificate. The object identifier should be part of the certificate's +# DN. Useful OIDs are: +# OU (organizational unit) = 2.5.4.11 +#cert-group-oid = 2.5.4.11 + +# The revocation list of the certificates issued by the 'ca-cert' above. +#crl = /etc/ocserv/crl.pem + +# GnuTLS priority string +tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT" + +# To enforce perfect forward secrecy (PFS) on the main channel. +#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA" + +# The time (in seconds) that a client is allowed to stay connected prior +# to authentication +auth-timeout = 40 + +# The time (in seconds) that a client is allowed to stay idle (no traffic) +# before being disconnected. Unset to disable. +#idle-timeout = 1200 + +# The time (in seconds) that a mobile client is allowed to stay idle (no +# traffic) before being disconnected. Unset to disable. +#mobile-idle-timeout = 2400 + +# The time (in seconds) that a client is not allowed to reconnect after +# a failed authentication attempt. +#min-reauth-time = 2 + +# Cookie timeout (in seconds) +# which he can reconnect. That cookie will be invalided if not +# used within this timeout value. On a user disconnection, that +# cookie will also be active for this time amount prior to be +# invalid. That should allow a reasonable amount of time for roaming +# between different networks. +cookie-timeout = 300 + +# Whether roaming is allowed, i.e., if true a cookie is +# restricted to a single IP address and cannot be re-used +# from a different IP. +deny-roaming = false + +# ReKey time (in seconds) +# ocserv will ask the client to refresh keys periodically once +# this amount of seconds is elapsed. Set to zero to disable. +rekey-time = 172800 + +# ReKey method +# Valid options: ssl, new-tunnel +# ssl: Will perform an efficient rehandshake on the channel allowing +# a seamless connection during rekey. +# new-tunnel: Will instruct the client to discard and re-establish the channel. +# Use this option only if the connecting clients have issues with the ssl +# option. +rekey-method = ssl + +# Script to call when a client connects and obtains an IP +# Parameters are passed on the environment. +# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client), +# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP +# in the P-t-P connection), IP_REMOTE (the VPN IP of the client), +# ID (a unique numeric ID); REASON may be "connect" or "disconnect". +connect-script = /usr/bin/ocserv-script +disconnect-script = /usr/bin/ocserv-script + +# UTMP +use-utmp = false + +# Whether to enable support for the occtl tool (i.e., either through D-BUS, +# or via a unix socket). +use-occtl = true + +# socket file used for IPC with occtl. You only need to set that, +# if you use more than a single servers. +occtl-socket-file = /var/run/occtl.socket + +# PID file. It can be overriden in the command line. +pid-file = /var/run/ocserv.pid + +# The default server directory. Does not require any devices present. +chroot-dir = /var/lib/ocserv + +# socket file used for IPC, will be appended with .PID +# It must be accessible within the chroot environment (if any) +#socket-file = /var/run/ocserv-socket +socket-file = ocserv-socket + +# The user the worker processes will be run as. It should be +# unique (no other services run as this user). +run-as-user = ocserv +run-as-group = ocserv + +# Set the protocol-defined priority (SO_PRIORITY) for packets to +# be sent. That is a number from 0 to 6 with 0 being the lowest +# priority. Alternatively this can be used to set the IP Type- +# Of-Service, by setting it to a hexadecimal number (e.g., 0x20). +# This can be set per user/group or globally. +#net-priority = 3 + +# Set the VPN worker process into a specific cgroup. This is Linux +# specific and can be set per user/group or globally. +#cgroup = "cpuset,cpu:test" + +# +# Network settings +# + +# The name of the tun device +device = vpns + +# Whether the generated IPs will be predictable, i.e., IP stays the +# same for the same user when possible. +predictable-ips = |PREDICTABLE_IPS| + +# The default domain to be advertised +default-domain = example.com + +# The pool of addresses that leases will be given from. +ipv4-network = |IPV4ADDR| +ipv4-netmask = |NETMASK| + +# The advertized DNS server. Use multiple lines for +# multiple servers. +# dns = fc00::4be0 +#dns = 192.168.1.2 + +# The NBNS server (if any) +#nbns = 192.168.1.3 + +# The IPv6 subnet that leases will be given from. +|ENABLE_IPV6|ipv6-network = |IPV6ADDR| +|ENABLE_IPV6|ipv6-prefix = |IPV6PREFIX| + +# The domains over which the provided DNS should be used. Use +# multiple lines for multiple domains. +#split-dns = example.com + +# Prior to leasing any IP from the pool ping it to verify that +# it is not in use by another (unrelated to this server) host. +ping-leases = false + +# Unset to assign the default MTU of the device +# mtu = + +# Unset to enable bandwidth restrictions (in bytes/sec). The +# setting here is global, but can also be set per user or per group. +#rx-data-per-sec = 40000 +#tx-data-per-sec = 40000 + +# The number of packets (of MTU size) that are available in +# the output buffer. The default is low to improve latency. +# Setting it higher will improve throughput. +#output-buffer = 10 + +# Routes to be forwarded to the client. If you need the +# client to forward routes to the server, you may use the +# config-per-user/group or even connect and disconnect scripts. +# +# To set the server as the default gateway for the client just +# comment out all routes from the server. +#route = 192.168.1.0/255.255.255.0 +#route = 192.168.5.0/255.255.255.0 +#route = fef4:db8:1000:1001::/64 + +# Configuration files that will be applied per user connection or +# per group. Each file name on these directories must match the username +# or the groupname. +# The options allowed in the configuration files are dns, nbns, +# ipv?-network, ipv4-netmask, ipv6-prefix, rx/tx-per-sec, iroute, route, +# net-priority and cgroup. +# +# Note that the 'iroute' option allows to add routes on the server +# based on a user or group. The syntax depends on the input accepted +# by the commands route-add-cmd and route-del-cmd (see below). + +#config-per-user = /etc/ocserv/config-per-user/ +#config-per-group = /etc/ocserv/config-per-group/ + +# When config-per-xxx is specified and there is no group or user that +# matches, then utilize the following configuration. + +#default-user-config = /etc/ocserv/defaults/user.conf +#default-group-config = /etc/ocserv/defaults/group.conf + +# Groups that a client is allowed to select from. +# A client may belong in multiple groups, and in certain use-cases +# it is needed to switch between them. For these cases the client can +# select prior to authentication. Add multiple entries for multiple groups. +#select-group = group1 +#select-group = group2[My group 2] +#select-group = tost[The tost group] + +# The name of the group that if selected it would allow to use +# the assigned by default group. +#default-select-group = DEFAULT + +# Instead of specifying manually all the allowed groups, you may instruct +# ocserv to scan all available groups and include the full list. That +# option is only functional on plain authentication. +#auto-select-group = true + +# The system command to use to setup a route. %{R} will be replaced with the +# route/mask and %{D} with the (tun) device. +# +# The following example is from linux systems. %{R} should be something +# like 192.168.2.0/24 + +#route-add-cmd = "ip route add %{R} dev %{D}" +#route-del-cmd = "ip route delete %{R} dev %{D}" + +# This option allows to forward a proxy. The special strings '%{U}' +# and '%{G}', if present will be replaced by the username and group name. +#proxy-url = http://example.com/ +#proxy-url = http://example.com/%{U}/%{G}/hello + +# +# The following options are for (experimental) AnyConnect client +# compatibility. + +# Client profile xml. A sample file exists in doc/profile.xml. +# This file must be accessible from inside the worker's chroot. +# It is not used by the openconnect client. +#user-profile = profile.xml + +# Binary files that may be downloaded by the CISCO client. Must +# be within any chroot environment. +#binary-files = /path/to/binaries + +# Unless set to false it is required for clients to present their +# certificate even if they are authenticating via a previously granted +# cookie and complete their authentication in the same TCP connection. +# Legacy CISCO clients do not do that, and thus this option should be +# set for them. +cisco-client-compat = |CISCO_COMPAT| + +#Advanced options + +# Option to allow sending arbitrary custom headers to the client after +# authentication and prior to VPN tunnel establishment. +#custom-header = "X-My-Header: hi there" diff --git a/net/ocserv/files/ocserv.init b/net/ocserv/files/ocserv.init new file mode 100644 index 000000000..57b26d14d --- /dev/null +++ b/net/ocserv/files/ocserv.init @@ -0,0 +1,187 @@ +#!/bin/sh /etc/rc.common + +SERVICE_USE_PID=1 + +START=50 + +setup_firewall() { + local port fw + config_get port $1 port + test -z "$port" && return + + config_get fwport $1 "fwport" + test "$fwport" = "$port" && return + + #can we remove the old rule? + uci add firewall rule + uci set firewall.@rule[-1].src=wan + uci set firewall.@rule[-1].target=ACCEPT + uci set firewall.@rule[-1].proto=tcpudp + uci set firewall.@rule[-1].dest_port=$port + uci commit firewall + /etc/init.d/firewall restart + + uci set ocserv.config.fwport="$port" + uci commit ocserv +} + +clear_firewall() { + iptables-save | grep -v ocserv-rule | iptables-restore +} + +setup_config() { + config_get port $1 port "4443" + config_get max_clients $1 max_clients "8" + config_get max_same $1 max_same "2" + config_get dpd $1 dpd "120" + config_get predictable_ips $1 predictable_ips "1" + config_get udp $1 udp "1" + config_get auth $1 auth "plain" + config_get cisco_compat $1 cisco_compat "1" + config_get ipaddr $1 ipaddr "192.168.100.0" + config_get netmask $1 netmask "255.255.255.0" + config_get ip6addr $1 ip6addr "" + + test $predictable_ips = "0" && predictable_ips="false" + test $predictable_ips = "1" && predictable_ips="true" + test $cisco_compat = "0" && cisco_compat="false" + test $cisco_compat = "1" && cisco_compat="true" + test $udp = "0" && udp="#" + test $udp = "1" && udp="" + test -z $ip6addr && enable_ipv6="#" + + ipv6_addr=`echo $ip6addr|cut -d '/' -f 1` + ipv6_prefix=`echo $ip6addr|cut -d '/' -f 2` + + test $auth = "plain" && authsuffix="[/var/etc/ocpasswd]" + + mkdir -p /var/etc + sed -e "s/|PORT|/$port/g" \ + -e "s/|MAX_CLIENTS|/$max_clients/g" \ + -e "s/|MAX_SAME|/$max_same/g" \ + -e "s/|DPD|/$dpd/g" \ + -e "s/|AUTH|/$auth$authsuffix/g" \ + -e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \ + -e "s/|CISCO_COMPAT|/$cisco_compat/g" \ + -e "s/|UDP|/$udp/g" \ + -e "s/|IPV4ADDR|/$ipaddr/g" \ + -e "s/|NETMASK|/$netmask/g" \ + -e "s/|IPV6ADDR|/$ipv6_addr/g" \ + -e "s/|IPV6PREFIX|/$ipv6_prefix/g" \ + -e "s/|ENABLE_IPV6|/$enable_ipv6/g" \ + /etc/ocserv/ocserv.conf.template > /var/etc/ocserv.conf +} + +setup_users() { + local name + local password + + config_get name $1 name + config_get password $1 password + + [ -z "$name" -o -z "$password" ] && return + + echo "$password"|ocpasswd -c /var/etc/ocpasswd "$name" +} + +setup_routes() { + local routes + + config_get ip $1 ip + config_get netmask $1 netmask + + [ -z "$ip" -o -z "$netmask" ] && return + + echo "route = $ip/$netmask" >> /var/etc/ocserv.conf +} + +setup_dns() { + local routes + + config_get ip $1 ip + + [ -z "$ip" ] && return + + echo "dns = $ip" >> /var/etc/ocserv.conf +} + +start() { + local hostname iface + + user_exists ocserv 72 || user_add ocserv 72 72 /var/lib/ocserv + group_exists ocserv 72 || group_add ocserv 72 + + hostname=`uci get ddns.myddns.domain` + [ -z "$hostname" ] && hostname=`uci get system.@system[0].hostname` + + [ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && { + echo "Generating CA certificate..." + mkdir -p /etc/ocserv/pki/ + certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/ca-key.pem >/dev/null 2>&1 + echo "cn=$hostname CA" >/etc/ocserv/pki/ca.tmpl + echo "expiration_days=-1" >>/etc/ocserv/pki/ca.tmpl + echo "serial=1" >>/etc/ocserv/pki/ca.tmpl + echo "ca" >>/etc/ocserv/pki/ca.tmpl + echo "cert_signing_key" >>/etc/ocserv/pki/ca.tmpl + + certtool --template /etc/ocserv/pki/ca.tmpl \ + --generate-self-signed --load-privkey /etc/ocserv/ca-key.pem \ + --outfile /etc/ocserv/ca.pem >/dev/null 2>&1 + } + + #generate server certificate/key + [ ! -f /etc/ocserv/server-key.pem ] && [ -x /usr/bin/certtool ] && { + echo "Generating server certificate..." + mkdir -p /etc/ocserv/pki/ + certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/server-key.pem >/dev/null 2>&1 + echo "cn=$hostname" >/etc/ocserv/pki/server.tmpl + echo "serial=2" >>/etc/ocserv/pki/server.tmpl + echo "expiration_days=-1" >>/etc/ocserv/pki/server.tmpl + echo "signing_key" >>/etc/ocserv/pki/server.tmpl + echo "encryption_key" >>/etc/ocserv/pki/server.tmpl + certtool --template /etc/ocserv/pki/server.tmpl \ + --generate-certificate --load-privkey /etc/ocserv/server-key.pem \ + --load-ca-certificate /etc/ocserv/ca.pem --load-ca-privkey \ + /etc/ocserv/ca-key.pem --outfile /etc/ocserv/server-cert.pem >/dev/null 2>&1 + } + + [ -f /var/run/ocserv.pid ] || { + touch /var/run/ocserv.pid + chown ocserv:ocserv /var/run/ocserv.pid + } + [ -d /var/lib/ocserv ] || { + mkdir -m 0755 -p /var/lib/ocserv + chmod 0700 /var/lib/ocserv + chown ocserv:ocserv /var/lib/ocserv + } + + config_load "ocserv" + + rm -f /var/etc/ocserv.conf + touch /var/etc/ocserv.conf + setup_config config + config_foreach setup_routes routes + config_foreach setup_dns dns + + rm -f /var/etc/ocpasswd + touch /var/etc/ocpasswd + config_foreach setup_users ocservusers + + setup_firewall config + + service_start /usr/sbin/ocserv -c /var/etc/ocserv.conf +} + +stop() { + service_stop /usr/sbin/ocserv + clear_firewall +} + +reload() { + /usr/bin/occtl show status >/dev/null 2>&1 + if test $? != 0;then + start + else + /usr/bin/occtl reload + fi +} diff --git a/net/ocserv/patches/0001-native-endianess.patch b/net/ocserv/patches/0001-native-endianess.patch new file mode 100644 index 000000000..0afd8a3ea --- /dev/null +++ b/net/ocserv/patches/0001-native-endianess.patch @@ -0,0 +1,70 @@ +diff --git a/src/main-ctl-unix.c b/src/main-ctl-unix.c +index b4da5eb..90d604f 100644 +--- a/src/main-ctl-unix.c ++++ b/src/main-ctl-unix.c +@@ -629,7 +629,7 @@ static void ctl_handle_commands(main_server_st * s) + } + goto cleanup; + } +- length = (buffer[2] << 8) | buffer[1]; ++ memcpy(&length, &buffer[1], 2); + buffer_size = ret - 3; + + if (length != buffer_size) { +diff --git a/src/occtl-unix.c b/src/occtl-unix.c +index 183825d..0c1b3e1 100644 +--- a/src/occtl-unix.c ++++ b/src/occtl-unix.c +@@ -83,15 +83,14 @@ int send_cmd(struct unix_ctx *ctx, unsigned cmd, const void *data, + struct iovec iov[2]; + unsigned iov_len = 1; + int e, ret; +- unsigned length = 0; ++ uint16_t length = 0; + void *packed = NULL; + + if (get_size) + length = get_size(data); + + header[0] = cmd; +- header[1] = length; +- header[2] = length >> 8; ++ memcpy(&header[1], &length, 2); + + iov[0].iov_base = header; + iov[0].iov_len = 3; +@@ -145,7 +144,7 @@ int send_cmd(struct unix_ctx *ctx, unsigned cmd, const void *data, + goto fail; + } + +- length = (header[2] << 8) | header[1]; ++ memcpy(&length, &header[1], 2); + + rep->data_size = length; + rep->data = talloc_size(ctx, length); +diff --git a/src/sec-mod.c b/src/sec-mod.c +index 15ee32a..c3d4bad 100644 +--- a/src/sec-mod.c ++++ b/src/sec-mod.c +@@ -354,6 +354,7 @@ void sec_mod_server(void *main_pool, struct cfg_st *config, const char *socket_f + unsigned cmd, length; + unsigned i, buffer_size; + uint8_t *buffer, *tpool; ++ uint16_t l16; + struct pin_st pins; + int sd; + sec_mod_st *sec; +@@ -538,10 +539,11 @@ void sec_mod_server(void *main_pool, struct cfg_st *config, const char *socket_f + } + + cmd = buffer[0]; +- length = buffer[1] | buffer[2] << 8; ++ memcpy(&l16, &buffer[1], 2); ++ length = l16; + + if (length > buffer_size - 4) { +- seclog(LOG_INFO, "too big message"); ++ seclog(LOG_INFO, "too big message (%d)", length); + goto cont; + } + diff --git a/net/openconnect/Config.in b/net/openconnect/Config.in new file mode 100644 index 000000000..1daaeaa6a --- /dev/null +++ b/net/openconnect/Config.in @@ -0,0 +1,18 @@ +# openconnect avanced configuration + +menu "Configuration" + depends on PACKAGE_openconnect + +choice + prompt "SSL library" + default OPENCONNECT_GNUTLS + +config OPENCONNECT_GNUTLS + bool "GnuTLS support" + +config OPENCONNECT_OPENSSL + bool "OpenSSL" + +endchoice + +endmenu diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile new file mode 100644 index 000000000..106e9bbf6 --- /dev/null +++ b/net/openconnect/Makefile @@ -0,0 +1,58 @@ +# +# Copyright (C) 2006 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=openconnect +PKG_VERSION:=5.03 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/ +PKG_MD5SUM:=ff43ed1dbaccd2537fd7c5bfb04295a6 + +include $(INCLUDE_DIR)/package.mk + +define Package/openconnect/config + source "$(SOURCE)/Config.in" +endef + +define Package/openconnect + SECTION:=net + CATEGORY:=Network + DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls + TITLE:=VPN client for Cisco's AnyConnect SSL VPN + URL:=http://www.infradead.org/openconnect/ + SUBMENU:=VPN +endef + +define Package/openconnect/description + A VPN client compatible with Cisco's AnyConnect SSL VPN and ocserv. + + OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is + supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880, 1800, 2800, + 3800, 7200 Series and Cisco 7301 Routers. +endef + +CONFIGURE_ARGS += \ + --disable-shared \ + --with-vpnc-script=/lib/netifd/vpnc-script + +ifeq ($(CONFIG_OPENCONNECT_OPENSSL),y) +CONFIGURE_ARGS += \ + --without-gnutls +endif + +define Package/openconnect/install + $(INSTALL_DIR) $(1)/lib/netifd/proto + $(INSTALL_BIN) ./files/openconnect.sh $(1)/lib/netifd/proto/ + $(INSTALL_BIN) ./files/vpnc-script $(1)/lib/netifd/ + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/openconnect $(1)/usr/sbin/ +endef + +$(eval $(call BuildPackage,openconnect)) diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh new file mode 100755 index 000000000..261019438 --- /dev/null +++ b/net/openconnect/files/openconnect.sh @@ -0,0 +1,56 @@ +#!/bin/sh +. /lib/functions.sh +. ../netifd-proto.sh +init_proto "$@" + +proto_openconnect_init_config() { + proto_config_add_string "server" + proto_config_add_int "port" + proto_config_add_string "username" + proto_config_add_string "cookie" + proto_config_add_string "password" + no_device=1 + available=1 +} + +proto_openconnect_setup() { + local config="$1" + + json_get_vars server port username cookie password + + grep -q tun /proc/modules || insmod tun + + serv_addr= + for ip in $(resolveip -t 5 "$server"); do + proto_add_host_dependency "$config" "$server" + serv_addr=1 + done + [ -n "$serv_addr" ] || { + echo "Could not resolve server address" + sleep 5 + proto_setup_failed "$config" + exit 1 + } + + [ -n "$port" ] && port=":$port" + + cmdline="$server$port -i vpn-$config --no-cert-check --non-inter --syslog --script /lib/netifd/vpnc-script" + + [ -n "$cookie" ] && append cmdline "-C $cookie" + [ -n "$username" ] && append cmdline "-u $username" + [ -n "$password" ] && { + umask 077 + pwfile="/var/run/openconnect-$config.passwd" + echo "$password" > "$pwfile" + append cmdline "--passwd-on-stdin" + } + + proto_export INTERFACE="$config" + proto_run_command "$config" /usr/sbin/openconnect $cmdline <$pwfile +} + +proto_openconnect_teardown() { + proto_kill_command "$config" +} + +add_protocol openconnect diff --git a/net/openconnect/files/vpnc-script b/net/openconnect/files/vpnc-script new file mode 100755 index 000000000..4d12d7e20 --- /dev/null +++ b/net/openconnect/files/vpnc-script @@ -0,0 +1,156 @@ +#!/bin/sh +# List of parameters passed through environment +#* reason -- why this script was called, one of: pre-init connect disconnect +#* VPNGATEWAY -- vpn gateway address (always present) +#* TUNDEV -- tunnel device (always present) +#* INTERNAL_IP4_ADDRESS -- address (always present) +#* INTERNAL_IP4_MTU -- mtu (often unset) +#* INTERNAL_IP4_NETMASK -- netmask (often unset) +#* INTERNAL_IP4_NETMASKLEN -- netmask length (often unset) +#* INTERNAL_IP4_NETADDR -- address of network (only present if netmask is set) +#* INTERNAL_IP4_DNS -- list of dns servers +#* INTERNAL_IP4_NBNS -- list of wins servers +#* INTERNAL_IP6_ADDRESS -- IPv6 address +#* INTERNAL_IP6_NETMASK -- IPv6 netmask +#* INTERNAL_IP6_DNS -- IPv6 list of dns servers +#* CISCO_DEF_DOMAIN -- default domain name +#* CISCO_BANNER -- banner from server +#* CISCO_SPLIT_INC -- number of networks in split-network-list +#* CISCO_SPLIT_INC_%d_ADDR -- network address +#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0) +#* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24) +#* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0) +#* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0) +#* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0) +#* CISCO_IPV6_SPLIT_INC -- number of networks in IPv6 split-network-list +#* CISCO_IPV6_SPLIT_INC_%d_ADDR -- IPv6 network address +#* CISCO_IPV6_SPLIT_INC_$%d_MASKLEN -- IPv6 subnet masklen + +# FIXMEs: + +# Section A: route handling + +# 1) The 3 values CISCO_SPLIT_INC_%d_PROTOCOL/SPORT/DPORT are currently being ignored +# In order to use them, we'll probably need os specific solutions +# * Linux: iptables -t mangle -I PREROUTING -j ROUTE --oif $TUNDEV +# This would be an *alternative* to changing the routes (and thus 2) and 3) +# shouldn't be relevant at all) +# 2) There are two different functions to set routes: generic routes and the +# default route. Why isn't the defaultroute handled via the generic route case? +# 3) In the split tunnel case, all routes but the default route might get replaced +# without getting restored later. We should explicitely check and save them just +# like the defaultroute +# 4) Replies to a dhcp-server should never be sent into the tunnel + +# Section B: Split DNS handling + +# 1) Maybe dnsmasq can do something like that +# 2) Parse dns packets going out via tunnel and redirect them to original dns-server + +do_connect() { + if [ -n "$CISCO_BANNER" ]; then + echo "Connect Banner:" + echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done + echo + fi + + proto_init_update "$TUNDEV" 1 + + if [ -n "$INTERNAL_IP4_MTU" ]; then + MTU=$INTERNAL_IP4_MTU + fi + + if [ -z "$MTU" ]; then + MTU=1412 + fi + + proto_add_ipv4_address "$INTERNAL_IP4_ADDRESS" 32 "" "$INTERNAL_IP4_ADDRESS" + + if [ -n "$INTERNAL_IP4_NETMASKLEN" ]; then + proto_add_ipv4_route "$INTERNAL_IP4_NETADDR" "$INTERNAL_IP4_NETMASKLEN" + fi + + # If the netmask is provided, it contains the address _and_ netmask + if [ -n "$INTERNAL_IP6_ADDRESS" ] && [ -z "$INTERNAL_IP6_NETMASK" ]; then + INTERNAL_IP6_NETMASK="$INTERNAL_IP6_ADDRESS/128" + fi + + if [ -n "$INTERNAL_IP6_NETMASK" ]; then + addr="${INTERNAL_IP6_NETMASK%%/*}" + mask="${INTERNAL_IP6_NETMASK##*/}" + [[ "$addr" != "$mask" ]] && proto_add_ipv6_address "$addr" "$mask" + fi + + [ -n "$INTERNAL_IP4_DNS" ] && proto_add_dns_server "$INTERNAL_IP4_DNS" + [ -n "$CISCO_DEF_DOMAIN" ] && proto_add_dns_search "$CISCO_DEF_DOMAIN" + + if [ -n "$CISCO_SPLIT_INC" ]; then + i=0 + while [ $i -lt $CISCO_SPLIT_INC ] ; do + eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}" + eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}" + eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}" + if [ $NETWORK != "0.0.0.0" ]; then + proto_add_ipv4_route "$NETWORK" "$NETMASKLEN" + else + proto_add_ipv4_route "0.0.0.0" 0 + fi + i=$(($i + 1)) + done + elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then + proto_add_ipv4_route "0.0.0.0" 0 + fi + if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then + i=0 + while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do + eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}" + eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}" + if [ $NETMASKLEN -lt 128 ]; then + proto_add_ipv6_route "$NETWORK" "$NETMASKLEN" + else + proto_add_ipv6_route "::0" 0 + fi + i=$(($i + 1)) + done + elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then + proto_add_ipv6_route "::0" 0 + fi + proto_send_update "$INTERFACE" +} + +do_disconnect() { + proto_init_update "$TUNDEV" 0 + proto_send_update "$INTERFACE" +} + +#### Main + +if [ -z "$reason" ]; then + echo "this script must be called from vpnc" 1>&2 + exit 1 +fi +if [ -z "$INTERFACE" ]; then + echo "this script must be called for an active interface" + exit 1 +fi + +. /lib/netifd/netifd-proto.sh + +case "$reason" in + pre-init) + ;; + connect) + do_connect + ;; + disconnect) + do_disconnect + ;; + reconnect) + ;; + *) + echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2 + exit 1 + ;; +esac + +exit 0 diff --git a/utils/cryptodev-linux/Makefile b/utils/cryptodev-linux/Makefile new file mode 100644 index 000000000..f559c7e31 --- /dev/null +++ b/utils/cryptodev-linux/Makefile @@ -0,0 +1,74 @@ +# +# Copyright (C) 2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id$ + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=cryptodev-linux +PKG_VERSION:=1.6 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://download.gna.org/cryptodev-linux/ +PKG_MD5SUM:=eade38998313c25fd7934719cdf8a2ea + +PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk + +CRYPTODEV_AUTOLOAD:= \ + cryptodev + +define KernelPackage/cryptodev + SUBMENU:=Cryptographic API modules + DEFAULT:=m if ALL + TITLE:=Driver for cryptographic acceleration + URL:=http://cryptodev-linux.org/ + VERSION:=$(LINUX_VERSION)+$(PKG_VERSION)-$(BOARD)-$(PKG_RELEASE) + DEPENDS:=+kmod-crypto-core +kmod-crypto-authenc +kmod-crypto-hash + FILES:= \ + $(PKG_BUILD_DIR)/cryptodev.$(LINUX_KMOD_SUFFIX) + AUTOLOAD:=$(call AutoLoad,50,$(CRYPTODEV_AUTOLOAD)) +endef + +define KernelPackage/cryptodev/description + This is a driver for that allows to use the Linux kernel supported + hardware ciphers by user-space applications. +endef + +CRYPTODEV_MAKEOPTS= -C $(PKG_BUILD_DIR) \ + PATH="$(TARGET_PATH)" \ + ARCH="$(LINUX_KARCH)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + TOOLPREFIX="$(KERNEL_CROSS)" \ + TOOLPATH="$(KERNEL_CROSS)" \ + KERNEL_DIR="$(LINUX_DIR)" \ + LDOPTS=" " \ + DOMULTI=1 + +define Build/Compile/cryptodev + $(MAKE) $(CRYPTODEV_MAKEOPTS) +endef + +define Build/Compile + $(call Build/Compile/cryptodev) +endef + +define Build/InstallDev + $(INSTALL_DIR) $(STAGING_DIR)/usr/include/crypto + $(CP) $(PKG_BUILD_DIR)/crypto/cryptodev.h $(STAGING_DIR)/usr/include/crypto/ +endef + +define KernelPackage/cryptodev/install + $(INSTALL_DIR) $(1)/etc/modules.d + $(INSTALL_DATA) ./files/cryptodev.modules $(1)/etc/modules.d/80-cryptodev + $(INSTALL_DIR) $(1)/lib/modules/$(LINUX_VERSION) + $(INSTALL_DIR) $(1)/usr/sbin +endef + +$(eval $(call KernelPackage,cryptodev)) diff --git a/utils/cryptodev-linux/files/cryptodev.modules b/utils/cryptodev-linux/files/cryptodev.modules new file mode 100644 index 000000000..fb39fcd6d --- /dev/null +++ b/utils/cryptodev-linux/files/cryptodev.modules @@ -0,0 +1 @@ +cryptodev