dhcpclient: use BRandom2 instead of BRandom_randomize. This removes the OpenSSL dependency from NCD.

CMakeLists.txt

@@ -40,7 +40,7 @@ if (BUILD_NCD AND NOT (CMAKE_SYSTEM_NAME STREQUAL "Linux"))
     message(FATAL_ERROR "NCD is only available on Linux")
 endif ()
 
-if (BUILD_CLIENT OR BUILD_SERVER OR BUILD_NCD)
+if (BUILD_CLIENT OR BUILD_SERVER)
     find_package(OpenSSL REQUIRED)
     set(LIBCRYPTO_INCLUDE_DIRS "${OpenSSL_INCLUDE_DIRS}")
     set(LIBCRYPTO_LIBRARY_DIRS "${OpenSSL_LIBRARY_DIRS}")

dhcpclient/BDHCPClient.c

@@ -173,7 +173,7 @@ fail0:
     return 0;
 }
 
-int BDHCPClient_Init (BDHCPClient *o, const char *ifname, struct BDHCPClient_opts opts, BReactor *reactor, BDHCPClient_handler handler, void *user)
+int BDHCPClient_Init (BDHCPClient *o, const char *ifname, struct BDHCPClient_opts opts, BReactor *reactor, BRandom2 *random2, BDHCPClient_handler handler, void *user)
 {
     // init arguments
     o->reactor = reactor;
@@ -283,7 +283,7 @@ int BDHCPClient_Init (BDHCPClient *o, const char *ifname, struct BDHCPClient_opt
     }
     
     // init dhcp
-    if (!BDHCPClientCore_Init(&o->dhcp, PacketCopier_GetInput(&o->send_copier), PacketCopier_GetOutput(&o->recv_copier), if_mac, core_opts, o->reactor, o,
+    if (!BDHCPClientCore_Init(&o->dhcp, PacketCopier_GetInput(&o->send_copier), PacketCopier_GetOutput(&o->recv_copier), if_mac, core_opts, o->reactor, random2, o,
                               (BDHCPClientCore_func_getsendermac)dhcp_func_getsendermac,
                               (BDHCPClientCore_handler)dhcp_handler
     )) {

dhcpclient/BDHCPClient.h

@@ -75,7 +75,7 @@ struct BDHCPClient_opts {
     int auto_clientid;
 };
 
-int BDHCPClient_Init (BDHCPClient *o, const char *ifname, struct BDHCPClient_opts opts, BReactor *reactor, BDHCPClient_handler handler, void *user);
+int BDHCPClient_Init (BDHCPClient *o, const char *ifname, struct BDHCPClient_opts opts, BReactor *reactor, BRandom2 *random2, BDHCPClient_handler handler, void *user);
 void BDHCPClient_Free (BDHCPClient *o);
 int BDHCPClient_IsUp (BDHCPClient *o);
 void BDHCPClient_GetClientIP (BDHCPClient *o, uint32_t *out_ip);

dhcpclient/BDHCPClientCore.c

@@ -34,7 +34,6 @@
 #include <misc/minmax.h>
 #include <misc/balloc.h>
 #include <misc/bsize.h>
-#include <security/BRandom.h>
 #include <base/BLog.h>
 
 #include <dhcpclient/BDHCPClientCore.h>
@@ -527,7 +526,10 @@ static void start_process (BDHCPClientCore *o, int force_new_xid)
 {
     if (force_new_xid || o->xid_reuse_counter == XID_REUSE_MAX) {
         // generate xid
-        BRandom_randomize((uint8_t *)&o->xid, sizeof(o->xid));
+        if (!BRandom2_GenBytes(o->random2, &o->xid, sizeof(o->xid))) {
+            BLog(BLOG_ERROR, "BRandom2_GenBytes failed");
+            o->xid = UINT32_C(3416960072);
+        }
         
         // reset counter
         o->xid_reuse_counter = 0;
@@ -640,7 +642,9 @@ static bsize_t maybe_len (const char *str)
     return bsize_fromsize(str ? strlen(str) : 0);
 }
 
-int BDHCPClientCore_Init (BDHCPClientCore *o, PacketPassInterface *send_if, PacketRecvInterface *recv_if, uint8_t *client_mac_addr, struct BDHCPClientCore_opts opts, BReactor *reactor, void *user,
+int BDHCPClientCore_Init (BDHCPClientCore *o, PacketPassInterface *send_if, PacketRecvInterface *recv_if,
+                          uint8_t *client_mac_addr, struct BDHCPClientCore_opts opts, BReactor *reactor,
+                          BRandom2 *random2, void *user,
                           BDHCPClientCore_func_getsendermac func_getsendermac,
                           BDHCPClientCore_handler handler)
 {
@@ -654,6 +658,7 @@ int BDHCPClientCore_Init (BDHCPClientCore *o, PacketPassInterface *send_if, Pack
     o->recv_if = recv_if;
     memcpy(o->client_mac_addr, client_mac_addr, sizeof(o->client_mac_addr));
     o->reactor = reactor;
+    o->random2 = random2;
     o->user = user;
     o->func_getsendermac = func_getsendermac;
     o->handler = handler;

dhcpclient/BDHCPClientCore.h

@@ -40,6 +40,7 @@
 #include <misc/dhcp_proto.h>
 #include <system/BReactor.h>
 #include <base/DebugObject.h>
+#include <random/BRandom2.h>
 #include <flow/PacketPassInterface.h>
 #include <flow/PacketRecvInterface.h>
 
@@ -63,6 +64,7 @@ typedef struct {
     PacketRecvInterface *recv_if;
     uint8_t client_mac_addr[6];
     BReactor *reactor;
+    BRandom2 *random2;
     void *user;
     BDHCPClientCore_func_getsendermac func_getsendermac;
     BDHCPClientCore_handler handler;
@@ -98,7 +100,9 @@ typedef struct {
     DebugObject d_obj;
 } BDHCPClientCore;
 
-int BDHCPClientCore_Init (BDHCPClientCore *o, PacketPassInterface *send_if, PacketRecvInterface *recv_if, uint8_t *client_mac_addr, struct BDHCPClientCore_opts opts, BReactor *reactor, void *user,
+int BDHCPClientCore_Init (BDHCPClientCore *o, PacketPassInterface *send_if, PacketRecvInterface *recv_if,
+                          uint8_t *client_mac_addr, struct BDHCPClientCore_opts opts, BReactor *reactor,
+                          BRandom2 *random2, void *user,
                           BDHCPClientCore_func_getsendermac func_getsendermac,
                           BDHCPClientCore_handler handler);
 void BDHCPClientCore_Free (BDHCPClientCore *o);

dhcpclient/CMakeLists.txt

@@ -1,7 +1,7 @@
 add_library(dhcpclientcore
     BDHCPClientCore.c
 )
-target_link_libraries(dhcpclientcore system flow flowextra security)
+target_link_libraries(dhcpclientcore system flow flowextra badvpn_random)
 
 if (CMAKE_SYSTEM_NAME STREQUAL "Linux")
     add_library(dhcpclient

examples/dhcpclient_test.c

@@ -39,6 +39,7 @@
 #include <dhcpclient/BDHCPClient.h>
 
 BReactor reactor;
+BRandom2 random2;
 BDHCPClient dhcp;
 
 static void signal_handler (void *user);
@@ -71,6 +72,11 @@ int main (int argc, char **argv)
         goto fail1;
     }
     
+    if (!BRandom2_Init(&random2, 0)) {
+        DEBUG("BRandom2_Init failed");
+        goto fail1a;
+    }
+    
     if (!BSignal_Init(&reactor, signal_handler, NULL)) {
         DEBUG("BSignal_Init failed");
         goto fail2;
@@ -78,7 +84,7 @@ int main (int argc, char **argv)
     
     struct BDHCPClient_opts opts = {};
     
-    if (!BDHCPClient_Init(&dhcp, ifname, opts, &reactor, dhcp_handler, NULL)) {
+    if (!BDHCPClient_Init(&dhcp, ifname, opts, &reactor, &random2, dhcp_handler, NULL)) {
         DEBUG("BDHCPClient_Init failed");
         goto fail3;
     }
@@ -89,6 +95,8 @@ int main (int argc, char **argv)
 fail3:
     BSignal_Finish();
 fail2:
+    BRandom2_Free(&random2);
+fail1a:
     BReactor_Free(&reactor);
 fail1:
     BLog_Free();

ncd/CMakeLists.txt

@@ -154,7 +154,11 @@ add_executable(badvpn-ncd
     modules/net_ipv6_addr_in_network.c
     ${NCD_ADDITIONAL_SOURCES}
 )
-target_link_libraries(badvpn-ncd system flow flowextra dhcpclient arpprobe ncdvalue ncdval ncdvalcompat ncdvaluegenerator ncdvalueparser ncdconfigparser ncdsugar udevmonitor ncdinterfacemonitor ncdrequest)
+target_link_libraries(badvpn-ncd
+    system flow flowextra dhcpclient arpprobe ncdvalue ncdval ncdvalcompat ncdvaluegenerator
+    ncdvalueparser ncdconfigparser ncdsugar udevmonitor ncdinterfacemonitor ncdrequest
+    badvpn_random
+)
 
 if (BADVPN_USE_LINUX_INPUT)
     string(REPLACE " " ";" FLAGS_LIST "${CMAKE_C_FLAGS}")

ncd/NCDModule.h

@@ -36,6 +36,7 @@
 #include <base/BLog.h>
 #include <system/BProcess.h>
 #include <udevmonitor/NCDUdevManager.h>
+#include <random/BRandom2.h>
 #include <ncd/NCDObject.h>
 
 #define NCDMODULE_EVENT_UP 1
@@ -225,6 +226,7 @@ struct NCDModuleInitParams {
     BReactor *reactor;
     BProcessManager *manager;
     NCDUdevManager *umanager;
+    BRandom2 *random2;
 };
 
 /**
@@ -264,6 +266,10 @@ struct NCDModuleInst_iparams {
      * Udev manager.
      */
     NCDUdevManager *umanager;
+    /**
+     * Random number generator.
+     */
+    BRandom2 *random2;
     /**
      * Callback to create a new template process.
      */

ncd/modules/net_ipv4_dhcp.c

@@ -162,7 +162,7 @@ static void func_new (void *vo, NCDModuleInst *i)
     }
     
     // init DHCP
-    if (!BDHCPClient_Init(&o->dhcp, ifname, opts, o->i->iparams->reactor, (BDHCPClient_handler)dhcp_handler, o)) {
+    if (!BDHCPClient_Init(&o->dhcp, ifname, opts, o->i->iparams->reactor, o->i->iparams->random2, (BDHCPClient_handler)dhcp_handler, o)) {
         ModuleLog(o->i, BLOG_ERROR, "BDHCPClient_Init failed");
         goto fail0;
     }

ncd/ncd.c

@@ -47,6 +47,7 @@
 #include <system/BSignal.h>
 #include <system/BProcess.h>
 #include <udevmonitor/NCDUdevManager.h>
+#include <random/BRandom2.h>
 #include <ncd/NCDConfigParser.h>
 #include <ncd/NCDModule.h>
 #include <ncd/NCDModuleIndex.h>
@@ -127,6 +128,9 @@ static BProcessManager manager;
 // udev manager
 static NCDUdevManager umanager;
 
+// random number generator
+static BRandom2 random2;
+
 // method index
 static NCDMethodIndex method_index;
 
@@ -270,6 +274,12 @@ int main (int argc, char **argv)
     // init udev manager
     NCDUdevManager_Init(&umanager, options.no_udev, &reactor, &manager);
     
+    // init random number generator
+    if (!BRandom2_Init(&random2, BRANDOM2_INIT_LAZY)) {
+        BLog(BLOG_ERROR, "BRandom2_Init failed");
+        goto fail1aa;
+    }
+    
     // init method index
     if (!NCDMethodIndex_Init(&method_index)) {
         BLog(BLOG_ERROR, "NCDMethodIndex_Init failed");
@@ -337,6 +347,7 @@ int main (int argc, char **argv)
     params.reactor = &reactor;
     params.manager = &manager;
     params.umanager = &umanager;
+    params.random2 = &random2;
     
     // init modules
     size_t num_inited_modules = 0;
@@ -355,6 +366,7 @@ int main (int argc, char **argv)
     module_iparams.reactor = &reactor;
     module_iparams.manager = &manager;
     module_iparams.umanager = &umanager;
+    module_iparams.random2 = &random2;
     module_iparams.func_initprocess = (NCDModuleInst_func_initprocess)statement_instance_func_initprocess;
     module_iparams.func_interp_exit = (NCDModuleInst_func_interp_exit)statement_instance_func_interp_exit;
     module_iparams.func_interp_getargs = (NCDModuleInst_func_interp_getargs)statement_instance_func_interp_getargs;
@@ -420,6 +432,9 @@ fail1c:
     // free method index
     NCDMethodIndex_Free(&method_index);
 fail1b:
+    // free random number generator
+    BRandom2_Free(&random2);
+fail1aa:
     // free udev manager
     NCDUdevManager_Free(&umanager);