We will be using Network Security Services for our encryption and
authentication. This patch adds the required library includes and ldflags.
It also fixes broken compile UDP code when nss is enabled.
Signed-off-by: Steven Dake <sdake(a)redhat.com>
---
configure.ac | 7 ++-----
src/Makefile.am | 5 ++---
src/d1htudp.c | 25 +++++++++++--------------
3 files changed, 15 insertions(+), 22 deletions(-)
diff --git a/configure.ac b/configure.ac
index f5fe4e2..16a35c3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -214,11 +214,8 @@ else
fi
# Look for libnss
-if test "x${enable_nss}" = xyes; then
- PKG_CHECK_MODULES([nss],[nss])
- AC_DEFINE_UNQUOTED([HAVE_LIBNSS], 1, [have libnss])
- PACKAGE_FEATURES="$PACKAGE_FEATURES nss"
-fi
+PKG_CHECK_MODULES([nss],[nss])
+AC_DEFINE_UNQUOTED([HAVE_LIBNSS], 1, [have libnss])
if test "x${enable_testagents}" = xyes; then
AC_DEFINE_UNQUOTED([HAVE_TESTAGENTS], 1, [have testagents])
diff --git a/src/Makefile.am b/src/Makefile.am
index d356004..603a1cd 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -19,14 +19,13 @@ MAINTAINERCLEANFILES = Makefile.in
AM_CFLAGS = -fPIC
-INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include $(nss_CFLAGS)
$(rdmacm_CFLAGS) $(ibverbs_CFLAGS)
-
+INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include $(nss_CFLAGS)
sbin_PROGRAMS = vinzvault
vinzvault_SOURCES = d1htpoll.c d1htip.c d1htnet.c d1htudp.c \
d1htedra.c logsys.c main.c
-vinzvault_LDADD =
+vinzvault_LDADD = $(nss_LIBS)
vinzvault_DEPENDENCIES =
noinst_HEADERS = tlist.h d1htnet.h d1htudp.h d1htip.h d1htedra.h d1ht.h
diff --git a/src/d1htudp.c b/src/d1htudp.c
index ee30dd0..0f64992 100644
--- a/src/d1htudp.c
+++ b/src/d1htudp.c
@@ -238,17 +238,15 @@ static void init_nss_crypto (struct d1htudp_instance *instance)
goto out;
}
- aes_slot = PK11_GetBestSlot(instance->d1ht_config->crypto_crypt_type, NULL);
- if (aes_slot == NULL)
- {
+ aes_slot = PK11_GetBestSlot(instance->d1ht_config->crypto_type, NULL);
+ if (aes_slot == NULL) {
log_printf(LOGSYS_LEVEL_NOTICE, "Unable to find security slot (err %d)\n",
PR_GetError());
goto out;
}
sha1_slot = PK11_GetBestSlot(CKM_SHA_1_HMAC, NULL);
- if (sha1_slot == NULL)
- {
+ if (sha1_slot == NULL) {
log_printf(LOGSYS_LEVEL_NOTICE, "Unable to find security slot (err %d)\n",
PR_GetError());
goto out;
@@ -261,13 +259,12 @@ static void init_nss_crypto (struct d1htudp_instance *instance)
key_item.len = 32; /* Use 128 bits */
instance->nss_sym_key = PK11_ImportSymKey(aes_slot,
- instance->d1ht_config->crypto_crypt_type,
+ instance->d1ht_config->crypto_type,
PK11_OriginUnwrap, CKA_ENCRYPT|CKA_DECRYPT,
&key_item, NULL);
- if (instance->nss_sym_key == NULL)
- {
+ if (instance->nss_sym_key == NULL) {
log_printf(LOGSYS_LEVEL_NOTICE,
- intf(instance->d1htudp_log_level_security, "Failure to import key into NSS
(err %d)\n",
+ "Failure to import key into NSS (err %d)\n",
PR_GetError());
goto out;
}
@@ -341,7 +338,7 @@ static int encrypt_and_sign_nss (
iv_item.len = sizeof (nss_iv_data);
nss_sec_param = PK11_ParamFromIV (
- instance->d1ht_config->crypto_crypt_type,
+ instance->d1ht_config->crypto_type,
&iv_item);
if (nss_sec_param == NULL) {
log_printf(LOGSYS_LEVEL_NOTICE,
@@ -354,7 +351,7 @@ static int encrypt_and_sign_nss (
* Create cipher context for encryption
*/
enc_context = PK11_CreateContextBySymKey (
- instance->d1ht_config->crypto_crypt_type,
+ instance->d1ht_config->crypto_type,
CKA_ENCRYPT,
instance->nss_sym_key,
nss_sec_param);
@@ -364,7 +361,7 @@ static int encrypt_and_sign_nss (
err[PR_GetErrorTextLength()] = 0;
log_printf(LOGSYS_LEVEL_NOTICE,
"PK11_CreateContext failed (encrypt) crypt_type=%d (err %d): %s\n",
- instance->d1ht_config->crypto_crypt_type,
+ instance->d1ht_config->crypto_type,
PR_GetError(), err);
return -1;
}
@@ -390,7 +387,7 @@ static int encrypt_and_sign_nss (
PR_GetErrorText(err);
err[PR_GetErrorTextLength()] = 0;
log_printf(LOGSYS_LEVEL_NOTICE,
- ,"encrypt: PK11_CreateContext failed (digest) err %d: %s\n",
+ "encrypt: PK11_CreateContext failed (digest) err %d: %s\n",
PR_GetError(), err);
return -1;
}
@@ -504,7 +501,7 @@ static int authenticate_and_decrypt_nss (
ivdata.len = sizeof(header->salt);
enc_context = PK11_CreateContextBySymKey(
- instance->d1ht_config->crypto_crypt_type,
+ instance->d1ht_config->crypto_type,
CKA_DECRYPT,
instance->nss_sym_key, &ivdata);
if (!enc_context) {
--
1.6.2.5