- Fix #2141 - for libsodium detect lack of entropy in chroot, print

a message and exit.


git-svn-id: file:///svn/unbound/trunk@4398 be551aaa-1e26-0410-a405-d3ace91eadb9

config.h.in

@@ -646,6 +646,9 @@
 /* define if (v)snprintf does not return length needed, (but length used) */
 #undef SNPRINTF_RET_BROKEN
 
+/* Define to 1 if libsodium supports sodium_set_misuse_handler */
+#undef SODIUM_MISUSE_HANDLER
+
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS
 

configure

@@ -20493,6 +20493,66 @@ else
             ENABLE_DNSCRYPT_XCHACHA20=0
 
 
+fi
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sodium_set_misuse_handler" >&5
+$as_echo_n "checking for library containing sodium_set_misuse_handler... " >&6; }
+if ${ac_cv_search_sodium_set_misuse_handler+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char sodium_set_misuse_handler ();
+int
+main ()
+{
+return sodium_set_misuse_handler ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' sodium; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_sodium_set_misuse_handler=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if ${ac_cv_search_sodium_set_misuse_handler+:} false; then :
+  break
+fi
+done
+if ${ac_cv_search_sodium_set_misuse_handler+:} false; then :
+
+else
+  ac_cv_search_sodium_set_misuse_handler=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_set_misuse_handler" >&5
+$as_echo "$ac_cv_search_sodium_set_misuse_handler" >&6; }
+ac_res=$ac_cv_search_sodium_set_misuse_handler
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+
+$as_echo "#define SODIUM_MISUSE_HANDLER 1" >>confdefs.h
+
+
 fi
 
 

dnscrypt/dnscrypt.c

@@ -870,6 +870,16 @@ dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg)
 	return cert_id;
 }
 
+static void
+sodium_misuse_handler(void)
+{
+	fatal_exit(
+		"dnscrypt: libsodium could not be initialized, this typically"
+		" happens when no good source of entropy is found. If you run"
+		" unbound in a chroot, make sure /dev/random is available. See"
+		" https://www.unbound.net/documentation/unbound.conf.html");
+}
+
 
 /**
  * #########################################################
@@ -933,6 +943,9 @@ struct dnsc_env *
 dnsc_create(void)
 {
 	struct dnsc_env *env;
+#ifdef SODIUM_MISUSE_HANDLER
+	sodium_set_misuse_handler(sodium_misuse_handler);
+#endif
 	if (sodium_init() == -1) {
 		fatal_exit("dnsc_create: could not initialize libsodium.");
 	}

dnscrypt/dnscrypt.m4

@@ -28,6 +28,14 @@ AC_DEFUN([dnsc_DNSCRYPT],
         [
             AC_SUBST([ENABLE_DNSCRYPT_XCHACHA20], [0])
         ])
+    AC_SEARCH_LIBS([sodium_set_misuse_handler], [sodium],
+        [
+            AC_DEFINE(
+                [SODIUM_MISUSE_HANDLER], [1],
+                [Define to 1 if libsodium supports sodium_set_misuse_handler])
+        ],
+        [
+        ])
     $1
   else
     AC_SUBST([ENABLE_DNSCRYPT_XCHACHA20], [0])

doc/Changelog

@@ -1,6 +1,8 @@
 3 November 2017: Wouter 
 	- Fix #2362: TLS1.3/openssl-1.1.1 not working.
 	- Fix #2034 - Autoconf and -flto.
+	- Fix #2141 - for libsodium detect lack of entropy in chroot, print
+	  a message and exit.
 
 2 November 2017: Wouter 
 	- Fix #1913: ub_ctx_config is under circumstances thread-safe.