build: Remove NSS dependencies

Complete removal of NSS from corosync tree. Most of the changes are
in build system and cpgverify had to be rewritten to use crc32 instead
of sha1.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>

INSTALL

@@ -43,13 +43,11 @@ balance:~/corosync# make install
 * A notice about dependencies *
 -------------------------------
 We have strived very hard to avoid dependencies as much as possible, but there
-are two required libraries: LibQB and NSS.
+are two required libraries: LibQB and KNET.
 
 Optional dependencies are support for DBUS, SNMP and libstatgrab.
 
-The nss packages required to build corosync can usually be found by
-installing the "nss-devel" and "nspr-devel" packages (names may vary, please use
-distribution's package manager). Also don't forget to install pkgconfig.
+Also don't forget to install pkgconfig.
 
 -----------------------------------------
 * Building with SNMP/DBUS support *

configure.ac

@@ -151,7 +151,6 @@ AC_TYPE_SIZE_T
 AC_TYPE_SSIZE_T
 
 # Checks for libraries.
-PKG_CHECK_MODULES([nss],[nss])
 SAVE_CPPFLAGS="$CPPFLAGS"
 SAVE_LIBS="$LIBS"
 PKG_CHECK_MODULES([LIBQB], [libqb])
@@ -171,8 +170,8 @@ PKG_CHECK_MODULES([knet],[libknet])
 AC_CHECK_LIB([nsl], [t_open])
 AC_CHECK_LIB([rt], [sched_getscheduler])
 AC_CHECK_LIB([z], [crc32],
-    AM_CONDITIONAL([BUILD_CPGHUM], true),
-    AM_CONDITIONAL([BUILD_CPGHUM], false))
+    AM_CONDITIONAL([HAVE_CRC32], true),
+    AM_CONDITIONAL([HAVE_CRC32], false))
 
 # Checks for library functions.
 AC_FUNC_ALLOCA
@@ -654,7 +653,7 @@ INCLUDE_DIRS="$INCLUDE_DIRS -I\$(top_builddir)/include/corosync -I\$(top_srcdir)
 # final build of *FLAGS
 CFLAGS="$ENV_CFLAGS $lt_prog_compiler_pic $SEC_FLAGS $OPT_CFLAGS $GDB_FLAGS \
 	$COVERAGE_CFLAGS $EXTRA_WARNINGS \
-	$WERROR_CFLAGS $NSS_CFLAGS $LIBQB_CFLAGS \
+	$WERROR_CFLAGS $LIBQB_CFLAGS \
 	$SNMP_INCLUDES"
 CPPFLAGS="$ENV_CPPFLAGS $ANSI_CPPFLAGS $INCLUDE_DIRS"
 LDFLAGS="$ENV_LDFLAGS $lt_prog_compiler_pic $SEC_LDFLAGS $COVERAGE_LDFLAGS"
@@ -678,7 +677,6 @@ AC_SUBST([SONAME])
 AM_CONDITIONAL(INSTALL_MIB, test "${do_snmp}" = "1")
 AM_CONDITIONAL(INSTALL_DBUSCONF, test "${enable_dbus}" = "yes")
 AM_CONDITIONAL(AUGTOOL, test -n "${AUGTOOL}")
-AC_SUBST([NSS_LDFLAGS])
 
 AM_CONDITIONAL(BUILD_HTML_DOCS, test -n "${GROFF}")
 

corosync.spec.in

@@ -37,11 +37,6 @@ BuildRequires: groff-full
 BuildRequires: groff
 %endif
 BuildRequires: libqb-devel
-%if 0%{?suse_version}
-BuildRequires: mozilla-nss-devel
-%else
-BuildRequires: nss-devel
-%endif
 BuildRequires: libknet1-devel
 BuildRequires: zlib-devel
 %if %{with runautogen}

exec/Makefile.am

@@ -45,9 +45,9 @@ TOTEM_SRC		= totemip.c totemnet.c totemudp.c \
 
 lib_LTLIBRARIES		= libtotem_pg.la
 libtotem_pg_la_SOURCES	= $(TOTEM_SRC)
-libtotem_pg_la_CFLAGS	= $(nss_CFLAGS) $(knet_CFLAGS)
+libtotem_pg_la_CFLAGS	= $(knet_CFLAGS)
 libtotem_pg_la_LDFLAGS	= -version-number $(subst .,:,$(SONAME))
-libtotem_pg_la_LIBADD	= -lpthread $(LIBQB_LIBS) $(nss_LIBS) $(knet_LIBS)
+libtotem_pg_la_LIBADD	= -lpthread $(LIBQB_LIBS) $(knet_LIBS)
 
 sbin_PROGRAMS		= corosync
 

exec/totemsrp.c

@@ -41,8 +41,6 @@
  * 	http://citeseer.ist.psu.edu/amir95totem.html
  *
  * The deviations from the above published protocols are:
- * - encryption of message contents with nss
- * - authentication of meessage contents with SHA1/HMAC
  * - token hold mode where token doesn't rotate on unused ring - reduces cpu
  *   usage on 1.6ghz xeon from 35% to less then .1 % as measured by top
  */

test/Makefile.am

@@ -34,7 +34,7 @@ MAINTAINERCLEANFILES	= Makefile.in
 
 EXTRA_DIST		= ploadstart.sh
 
-noinst_PROGRAMS		= cpgverify testcpg testcpg2 cpgbench \
+noinst_PROGRAMS		= testcpg testcpg2 cpgbench \
 			  testquorum testvotequorum1 testvotequorum2	\
 			  stress_cpgfdget stress_cpgcontext cpgbound testsam \
 			  testcpgzc cpgbenchzc testzcgc stress_cpgzc
@@ -51,16 +51,15 @@ stress_cpgcontext_LDADD	= $(LIBQB_LIBS) $(top_builddir)/lib/libcpg.la
 testquorum_LDADD	= $(LIBQB_LIBS) $(top_builddir)/lib/libquorum.la
 testvotequorum1_LDADD	= $(LIBQB_LIBS) $(top_builddir)/lib/libvotequorum.la
 testvotequorum2_LDADD	= $(LIBQB_LIBS) $(top_builddir)/lib/libvotequorum.la
-cpgverify_CPPFLAGS	= $(nss_CFLAGS)
-cpgverify_LDADD		= $(LIBQB_LIBS) $(nss_LIBS) $(top_builddir)/lib/libcpg.la
 cpgbound_LDADD		= $(LIBQB_LIBS) $(top_builddir)/lib/libcpg.la
 cpgbench_LDADD		= $(LIBQB_LIBS) $(top_builddir)/lib/libcpg.la
 cpgbenchzc_LDADD	= $(LIBQB_LIBS) $(top_builddir)/lib/libcpg.la
 testsam_LDADD		= $(LIBQB_LIBS) $(top_builddir)/lib/libsam.la
 
-if BUILD_CPGHUM
-noinst_PROGRAMS	        += cpghum
+if HAVE_CRC32
+noinst_PROGRAMS	        += cpghum cpgverify
 cpghum_LDADD            = $(LIBQB_LIBS) $(top_builddir)/lib/libcpg.la -lz
+cpgverify_LDADD		= $(LIBQB_LIBS) $(top_builddir)/lib/libcpg.la -lz
 endif
 
 ploadstart: ploadstart.sh

test/cpgverify.c

@@ -43,20 +43,19 @@
 #include <arpa/inet.h>
 #include <errno.h>
 #include <string.h>
+#include <inttypes.h>
 #include <corosync/corotypes.h>
 #include <corosync/cpg.h>
 
-#include <nss.h>
-#include <pk11pub.h>
+#include <zlib.h>
 
 struct my_msg {
 	unsigned int msg_size;
-	unsigned char sha1[20];
+	unsigned char crc32[4];
 	unsigned char buffer[0];
 };
 
 static int deliveries = 0;
-PK11Context* sha1_context;
 
 static void cpg_deliver_fn (
         cpg_handle_t handle,
@@ -67,20 +66,19 @@ static void cpg_deliver_fn (
         size_t msg_len)
 {
 	const struct my_msg *msg2 = m;
-	unsigned char sha1_compare[20];
-	unsigned int i;
-	unsigned int sha1_len;
+	uLong chsum;
+	uint32_t nchsum;
 
 	printf ("msg '%s'\n", msg2->buffer);
-	PK11_DigestBegin(sha1_context);
-	PK11_DigestOp(sha1_context, msg2->buffer, msg2->msg_size);
-	PK11_DigestFinal(sha1_context, sha1_compare, &sha1_len, sizeof(sha1_compare));
-printf ("SIZE %d HASH: ", msg2->msg_size);
-for (i = 0; i < 20; i++) {
-printf ("%x", sha1_compare[i]);
-}
-printf ("\n");
-	if (memcmp (sha1_compare, msg2->sha1, 20) != 0) {
+
+	chsum = crc32(0L, Z_NULL, 0);
+	chsum = crc32(chsum, msg2->buffer, msg2->msg_size) & 0xFFFFFFFF;
+
+	printf ("SIZE %d HASH: 0x%08"PRIx32"\n", msg2->msg_size, (uint32_t)chsum);
+
+	nchsum = htonl((uint32_t)chsum);
+
+	if (memcmp(&nchsum, msg2->crc32, sizeof(nchsum)) != 0) {
 		printf ("incorrect hash\n");
 		exit (1);
 	}
@@ -120,7 +118,8 @@ int main (int argc, char *argv[])
 	int iter = 1000;
 	int opt;
 	int run_forever = 1;
-	unsigned int sha1_len;
+	uLong chsum;
+	uint32_t nchsum;
 
 	while ((opt = getopt(argc, argv, options)) != -1) {
 		switch (opt) {
@@ -137,16 +136,6 @@ int main (int argc, char *argv[])
 		exit (0);
 	}
 
-	if (NSS_NoDB_Init(NULL) != SECSuccess) {
-		printf ("Couldn't initialize nss\n");
-		exit (0);
-	}
-
-	if ((sha1_context = PK11_CreateDigestContext(SEC_OID_SHA1)) == NULL) {
-		printf ("Couldn't initialize nss\n");
-		exit (0);
-	}
-
         result = cpg_join (handle, &group_name);
         if (result != CS_OK) {
                 printf ("cpg_join failed with result %d\n", result);
@@ -170,9 +159,10 @@ int main (int argc, char *argv[])
 		sprintf ((char *)buffer,
 			"cpg_mcast_joined: This is message %12d", i);
 
-		PK11_DigestBegin(sha1_context);
-		PK11_DigestOp(sha1_context, buffer, msg.msg_size);
-		PK11_DigestFinal(sha1_context, msg.sha1, &sha1_len, sizeof(msg.sha1));
+		chsum = crc32(0L, Z_NULL, 0);
+		chsum = crc32(chsum, buffer, msg.msg_size) & 0xFFFFFFFF;
+		nchsum = htonl((uint32_t)chsum);
+		memcpy(msg.crc32, &nchsum, sizeof(nchsum)) ;
 try_again_one:
 		result = cpg_mcast_joined (handle, CPG_TYPE_AGREED,
 			iov, 2);
@@ -187,8 +177,6 @@ try_again_one:
 		i++;
 	} while (run_forever || i < iter);
 
-	PK11_DestroyContext(sha1_context, PR_TRUE);
-
 	cpg_finalize (handle);
 
 	return (0);