Project

General

Profile

Bug #251

Fails to build against libsodium 1.0.15

Added by Dominyk Tiller over 1 year ago. Updated over 1 year ago.

Status:
In Progress
Priority:
Normal
Assignee:
-
Start date:
10/01/2017
Due date:
% Done:

0%


Description

libsodium 1.0.15 removed the aes128ctr primitive: https://github.com/jedisct1/libsodium/releases/tag/1.0.15.

Consequently, this causes the following build failure with fastd:

[ 18%] Building C object src/crypto/cipher/null/memcpy/CMakeFiles/cipher_null_memcpy.dir/null_memcpy.c.o
cd /tmp/fastd-20171001-82788-1tivhvq/fastd-18/fastd-build/src/crypto/cipher/aes128_ctr && /usr/local/Cellar/cmake/3.9.3_1/bin/cmake -P CMakeFiles/cipher_aes128_ctr.dir/cmake_clean_target.cmake
cd /tmp/fastd-20171001-82788-1tivhvq/fastd-18/fastd-build/src/crypto/cipher/null/memcpy && /usr/local/Homebrew/Library/Homebrew/shims/super/clang -D_GNU_SOURCE -D__APPLE_USE_RFC_3542 -I/tmp/fastd-20171001-82788-1tivhvq/fastd-18 -I/tmp/fastd-20171001-82788-1tivhvq/fastd-18/fastd-build/gen  -DNDEBUG -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk -mmacosx-version-min=10.12   -pthread -std=c99    -flto -Wall -o CMakeFiles/cipher_null_memcpy.dir/null_memcpy.c.o   -c /tmp/fastd-20171001-82788-1tivhvq/fastd-18/src/crypto/cipher/null/memcpy/null_memcpy.c
/tmp/fastd-20171001-82788-1tivhvq/fastd-18/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c:36:10: fatal error: 'crypto_stream_aes128ctr.h' file not found
#include <crypto_stream_aes128ctr.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
cd /tmp/fastd-20171001-82788-1tivhvq/fastd-18/fastd-build/src/crypto/cipher/aes128_ctr && /usr/local/Cellar/cmake/3.9.3_1/bin/cmake -E cmake_link_script CMakeFiles/cipher_aes128_ctr.dir/link.txt --verbose=1
make[2]: *** [src/crypto/cipher/aes128_ctr/nacl/CMakeFiles/cipher_aes128_ctr_nacl.dir/cipher_aes128_ctr_nacl.c.o] Error 1
make[1]: *** [src/crypto/cipher/aes128_ctr/nacl/CMakeFiles/cipher_aes128_ctr_nacl.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs....

History

#1 Updated by Matthias Schiffer over 1 year ago

  • Status changed from New to In Progress

As a workaround, WITH_CIPHER_AES128_CTR_NACL=OFF can be passed to CMake.

I see three possible approaches for the next fastd version:

1. Only support AES with OpenSSL (as the libsodium changelog correctly noted, their AES implementation was extremely slow anyways, as AES is really not a good algorithm for a constant-time implementation)
2. Completely drop AES support (probably not a good solution, as people are using fastd with AES on AES-NI-capable x86 systems)
3. Import the old nacl/libsodium AES implementation into fastd and use it as fallback when building with new libsodium

I'm currently leaning towards implementing solution 1.

#2 Updated by Dominyk Tiller over 1 year ago

Matthias Schiffer wrote:

As a workaround, WITH_CIPHER_AES128_CTR_NACL=OFF can be passed to CMake.

I'm currently leaning towards implementing solution 1.

Thanks for the workaround suggestion, that seems to work nicely.

For what it's worth, I'd agree that solution 1 seems to be the best middle ground on how to handle this.

Also available in: Atom PDF