added CBC encryption mode (configure --enable-cbc)

ChangeLog

@@ -24,7 +24,7 @@
 
 	Detached signatures are still supported as before,
 	for the user everything with them is as known, but
-	the commandline option -a (--detach) have to be
+	the commandline option -f (--sigfile) have to be
 	applied. Internally, however, inputs will be read in
 	32k blockwise as well. Detached signatures are now
 	z85 encoded always.
@@ -39,6 +39,15 @@
 	doesn't verify. Currently pcp1 failes in this case,
 	but leaves the decrypted result on disk. Hm...
 
+	The default encryption mode with pcp (and pbp as of
+	this writing) is ECB. Each 32k block is encrypted
+	independently. While ECB is generally a bad choice,
+	the 32k blocksize compensates for it. However, just
+	to have to option, if we decide to use CBC instead,
+	I already implemented it. It must be enabled at
+	compile time with ./configure --enable-cbc. CBC mode
+	in PCP uses a blocksize of 1k.
+
 0.1.5   Fixed a segmentation fault when using pcp1 -t on a
 	public key. I added a double free() there by purpose
 	to test segfault catching I added in unittest.pl

TODO

@@ -13,3 +13,4 @@ allow signing using an alternate secret key, like in pcpdecrypt()
 
 support export/import from/to pbp
 
+malloc() new pointers in funcs only if not NULL, e.g. pcp_gennonce()

configure

@@ -764,6 +764,7 @@ enable_libtool_lock
 with_libsodium
 with_libsodium_include_dir
 with_libsodium_lib_dir
+enable_cbc
 '
       ac_precious_vars='build_alias
 host_alias
@@ -1405,6 +1406,7 @@ Optional Features:
   --disable-dependency-tracking
                           speeds up one-time build
   --disable-libtool-lock  avoid locking (might break parallel builds)
+  --enable-cbc            Enable CBC@1k encryption mode (default: EBC @32k)
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -16537,6 +16539,14 @@ $as_echo "no" >&6; }
 	fi
 fi
 
+# Check whether --enable-cbc was given.
+if test "${enable_cbc+set}" = set; then :
+  enableval=$enable_cbc;
+$as_echo "#define PCP_CBC 1" >>confdefs.h
+
+fi
+
+
 
 # Check for some target-specific stuff
 case "$host" in

configure.ac

@@ -189,6 +189,12 @@ if test "x${_havenacl}" = "xno"; then
 	fi
 fi
 
+AC_ARG_ENABLE([cbc],
+            [AS_HELP_STRING([--enable-cbc],
+                            [Enable CBC@1k encryption mode (default: EBC @32k)])],
+            [AC_DEFINE(PCP_CBC, 1, Define if you want to enable CBC mode)],
+             [])
+
 
 # Check for some target-specific stuff
 case "$host" in

include/pcp/config.h.in

@@ -176,6 +176,9 @@
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION
 
+/* Define if you want to enable CBC mode */
+#undef PCP_CBC
+
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS
 

include/pcp/defines.h

@@ -23,6 +23,8 @@
 #ifndef _DEFINES_H
 #define _DEFINES_H
 
+#include "config.h"
+
 typedef unsigned char   byte;           //  Single unsigned byte = 8 bits
 typedef unsigned short  dbyte;          //  Double byte = 16 bits
 typedef unsigned int    qbyte;          //  Quad byte = 32 bits
@@ -54,9 +56,6 @@ typedef unsigned int    qbyte;          //  Quad byte = 32 bits
 #define PCP_KEY_TYPE_SECRET     2
 #define PCP_KEY_TYPE_PUBLIC     3
 
-// how many times do we hash a passphrase
-#define HCYCLES 128000
-
 // save typing, dammit
 #define PCP_ENCRYPT_PAD crypto_secretbox_ZEROBYTES + crypto_secretbox_NONCEBYTES
 
@@ -68,11 +67,21 @@ typedef unsigned int    qbyte;          //  Quad byte = 32 bits
 #define PCP_SIG_VERSION 2
 
 // crypto file format stuff
+// enabled via config.h (configure --enable-cbc)
+#ifndef PCP_CBC
+#error cbc not enabled
   #define PCP_ASYM_CIPHER         5
   #define PCP_SYM_CIPHER          23
   #define PCP_BLOCK_SIZE          32 * 1024
-#define PCP_BLOCK_SIZE_IN       (PCP_BLOCK_SIZE) + 16 + crypto_secretbox_NONCEBYTES
+#else
+// CBC mode, use smaller blocks
+  #define PCP_ASYM_CIPHER         7
+  #define PCP_SYM_CIPHER          25
+  #define PCP_BLOCK_SIZE          1 * 1024
+#endif
+
 #define PCP_CRYPTO_ADD          (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
+#define PCP_BLOCK_SIZE_IN       (PCP_BLOCK_SIZE) + PCP_CRYPTO_ADD + crypto_secretbox_NONCEBYTES
 #define PCP_ASYM_RECIPIENT_SIZE crypto_secretbox_KEYBYTES + PCP_CRYPTO_ADD +  crypto_secretbox_NONCEBYTES
 //#define PCP_ASYM_ADD_SENDER_PUB
 

include/pcp/util.h

@@ -20,7 +20,7 @@
 */
 
 
-// various helpers
+// various helpers, too small to put into own c
 
 #ifndef _HAVE_PCP_UTIL_H
 #define _HAVE_PCP_UTIL_H
@@ -58,4 +58,11 @@ static inline size_t _findoffset(unsigned char *bin, size_t binlen, char *sigsta
   return offset;
 }
 
+static inline void _xorbuf(unsigned char *iv, unsigned char *buf, size_t xlen) {
+  size_t i;
+  for (i = 0; i < xlen; ++i)
+   buf[i] = iv[i] ^ buf[i];
+}
+
+
 #endif // _HAVE_PCP_UTIL_H

libpcp/crypto.c

@@ -390,24 +390,43 @@ size_t pcp_encrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, int have
     }
   }
 
+#ifdef PCP_CBC
+  // write the IV, pad it with rubbish, since pcp_decrypt_file_sym
+  // reads in with  PCP_BLOCK_SIZE_IN buffersize and uses the last
+  // PCP_BLOCK_SIZE as IV.
+  unsigned char *iv = urmalloc(PCP_BLOCK_SIZE);
+  unsigned char *ivpad = urmalloc(PCP_BLOCK_SIZE_IN - PCP_BLOCK_SIZE);
+  fwrite(ivpad, PCP_BLOCK_SIZE_IN - PCP_BLOCK_SIZE, 1, out);
+  fwrite(iv, PCP_BLOCK_SIZE, 1, out);
+#endif
+
   // 32k-ECB-mode. FIXME: maybe support CBC as well or only use CBC?
   while(!feof(in)) {
     cur_bufsize = fread(&in_buf, 1, PCP_BLOCK_SIZE, in);
     if(cur_bufsize <= 0)
       break;
     buf_nonce = pcp_gennonce();
+
+#ifdef PCP_CBC
+    // apply IV to current clear
+    _xorbuf(iv, in_buf, cur_bufsize);
+#endif
+
     es = pcp_sodium_mac(&buf_cipher, in_buf, cur_bufsize, buf_nonce, symkey);
     fwrite(buf_nonce, crypto_secretbox_NONCEBYTES, 1, out);
 
-    //fprintf(stderr, "D: 32k buf nonce - %d\n",  crypto_secretbox_NONCEBYTES);
     fwrite(buf_cipher, es, 1, out);
-    //fprintf(stderr, "D: 32k buf cipher - %ld\n", es);
     free(buf_nonce);
     free(buf_cipher);
     out_size += crypto_secretbox_NONCEBYTES + es;
 
     if(signkey != NULL)
       crypto_generichash_update(st, in_buf, cur_bufsize);
+
+#ifdef PCP_CBC
+    // make current cipher to next IV, ignore nonce and pad
+    memcpy(iv, &buf_cipher[PCP_CRYPTO_ADD], PCP_BLOCK_SIZE);
+#endif
   }
 
   if(ferror(out) != 0) {
@@ -464,6 +483,10 @@ size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, pcp_pubk
     signature = ucmalloc(siglen);
   }
 
+#ifdef PCP_CBC
+  unsigned char *iv = NULL; // will be filled during 1st loop
+#endif
+
   while(!feof(in)) {
     cur_bufsize = fread(&in_buf, 1, PCP_BLOCK_SIZE_IN, in);
     if(cur_bufsize <= PCP_CRYPTO_ADD)
@@ -477,11 +500,26 @@ size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, pcp_pubk
       }
     }
 
+#ifdef PCP_CBC
+    if(iv == NULL) {
+      // first block is the IV, don't write it out and skip to the next block
+      iv = ucmalloc(PCP_BLOCK_SIZE);
+      memcpy(iv, &in_buf[PCP_CRYPTO_ADD + crypto_secretbox_NONCEBYTES], PCP_BLOCK_SIZE);
+      continue;
+    }
+#endif
+
     ciphersize = cur_bufsize - crypto_secretbox_NONCEBYTES;
     memcpy(buf_nonce, in_buf, crypto_secretbox_NONCEBYTES);
     memcpy(buf_cipher, &in_buf[crypto_secretbox_NONCEBYTES], ciphersize);
 
     es = pcp_sodium_verify_mac(&buf_clear, buf_cipher, ciphersize, buf_nonce, symkey);
+
+#ifdef PCP_CBC
+    // take last IV and apply it to current clear
+    _xorbuf(iv, buf_clear, cur_bufsize - (PCP_CRYPTO_ADD + crypto_secretbox_NONCEBYTES));
+#endif 
+
     out_size += ciphersize - PCP_CRYPTO_ADD;
 
     if(es == 0) {
@@ -504,6 +542,10 @@ size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, pcp_pubk
       out_size = 0;
       break;
     }
+#ifdef PCP_CBC
+    // use last cipher as next IV
+    memcpy(iv, &in_buf[PCP_CRYPTO_ADD + crypto_secretbox_NONCEBYTES], PCP_BLOCK_SIZE);
+#endif
   }
 
   free(buf_nonce);

libtool

@@ -1,13 +1,13 @@
 #! /bin/sh
 
 # libtool - Provide generalized library-building support services.
-# Generated automatically by config.status (pcp) 0.1.5
+# Generated automatically by config.status (pcp) 0.2.0
 # Libtool was configured on host r4:
 # NOTE: Changes made to this file will be lost: look at ltmain.sh.
 #
 #   Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-#                 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
-#                 Inc.
+#                 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+#                 Foundation, Inc.
 #   Written by Gordon Matzigkeit, 1996
 #
 #   This file is part of GNU Libtool.
@@ -40,8 +40,8 @@ available_tags="CXX "
 # ### BEGIN LIBTOOL CONFIG
 
 # Which release of libtool.m4 was used?
-macro_version=2.4
-macro_revision=1.3293
+macro_version=2.4.2
+macro_revision=1.3337
 
 # Whether or not to build shared libraries.
 build_libtool_libs=yes
@@ -61,6 +61,9 @@ SHELL="/bin/sh"
 # An echo program that protects backslashes.
 ECHO="printf %s\\n"
 
+# The PATH separator for the build system.
+PATH_SEPARATOR=":"
+
 # The host system.
 host_alias=
 host=amd64-unknown-freebsd9.1
@@ -151,7 +154,7 @@ STRIP="strip"
 
 # Commands used to install an old-style archive.
 RANLIB="ranlib"
-old_postinstall_cmds="chmod 644 \$oldlib~\$RANLIB \$oldlib"
+old_postinstall_cmds="chmod 644 \$oldlib~\$RANLIB \$tool_oldlib"
 old_postuninstall_cmds=""
 
 # Whether to use a lock for old archive extraction.
@@ -296,7 +299,7 @@ reload_flag=" -r"
 reload_cmds="\$LD\$reload_flag -o \$output\$reload_objs"
 
 # Commands used to build an old-style archive.
-old_archive_cmds="\$AR \$AR_FLAGS \$oldlib\$oldobjs~\$RANLIB \$oldlib"
+old_archive_cmds="\$AR \$AR_FLAGS \$oldlib\$oldobjs~\$RANLIB \$tool_oldlib"
 
 # A language specific compiler.
 CC="gcc"
@@ -362,10 +365,6 @@ no_undefined_flag=""
 # This must work even if $libdir does not exist
 hardcode_libdir_flag_spec="\${wl}-rpath \${wl}\$libdir"
 
-# If ld is used when linking, flag to hardcode $libdir into a binary
-# during linking.  This must work even if $libdir does not exist.
-hardcode_libdir_flag_spec_ld=""
-
 # Whether we need a single "-rpath" flag with a separated argument.
 hardcode_libdir_separator=""
 
@@ -440,11 +439,11 @@ compiler_lib_search_path=""
 # ### END LIBTOOL CONFIG
 
 
-# libtool (GNU libtool) 2.4
+# libtool (GNU libtool) 2.4.2
 # Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
 
 # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
-# 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
 # This is free software; see the source for copying conditions.  There is NO
 # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
@@ -482,6 +481,7 @@ compiler_lib_search_path=""
 #       --quiet, --silent    don't print informational messages
 #       --no-quiet, --no-silent
 #                            print informational messages (default)
+#       --no-warn            don't display warning messages
 #       --tag=TAG            use configuration variables from tag TAG
 #   -v, --verbose            print more informational messages than default
 #       --no-verbose         don't print the extra informational messages
@@ -510,7 +510,7 @@ compiler_lib_search_path=""
 #         compiler:		$LTCC
 #         compiler flags:		$LTCFLAGS
 #         linker:		$LD (gnu? $with_gnu_ld)
-#         $progname:	(GNU libtool) 2.4
+#         $progname:	(GNU libtool) 2.4.2
 #         automake:	$automake_version
 #         autoconf:	$autoconf_version
 #
@@ -520,9 +520,9 @@ compiler_lib_search_path=""
 
 PROGRAM=libtool
 PACKAGE=libtool
-VERSION=2.4
+VERSION=2.4.2
 TIMESTAMP=""
-package_revision=1.3293
+package_revision=1.3337
 
 # Be Bourne compatible
 if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
@@ -577,15 +577,10 @@ progpath="$0"
 
 : ${CP="cp -f"}
 test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'}
-: ${EGREP="grep -E"}
-: ${FGREP="grep -F"}
-: ${GREP="grep"}
-: ${LN_S="ln -s"}
 : ${MAKE="make"}
 : ${MKDIR="mkdir"}
 : ${MV="mv -f"}
 : ${RM="rm -f"}
-: ${SED="sed"}
 : ${SHELL="${CONFIG_SHELL-/bin/sh}"}
 : ${Xsed="$SED -e 1s/^X//"}
 
@@ -824,7 +819,7 @@ case $progpath in
      ;;
   *)
      save_IFS="$IFS"
-     IFS=:
+     IFS=${PATH_SEPARATOR-:}
      for progdir in $PATH; do
        IFS="$save_IFS"
        test -x "$progdir/$progname" && break
@@ -1208,8 +1203,8 @@ func_help ()
 	s*\$LTCFLAGS*'"$LTCFLAGS"'*
 	s*\$LD*'"$LD"'*
 	s/\$with_gnu_ld/'"$with_gnu_ld"'/
-	s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
-	s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
+	s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/
+	s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/
 	p
 	d
      }
@@ -1486,6 +1481,7 @@ opt_finish=false
 opt_help=false
 opt_help_all=false
 opt_silent=:
+opt_warning=:
 opt_verbose=:
 opt_silent=false
 opt_verbose=false
@@ -1552,6 +1548,10 @@ esac
 			;;
       --no-silent|--no-quiet)
 			opt_silent=false
+preserve_args="$preserve_args $opt"
+			;;
+      --no-warning|--no-warn)
+			opt_warning=false
 preserve_args="$preserve_args $opt"
 			;;
       --no-verbose)
@@ -2523,7 +2523,7 @@ func_mode_compile ()
     *.[cCFSifmso] | \
     *.ada | *.adb | *.ads | *.asm | \
     *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
-    *.[fF][09]? | *.for | *.java | *.obj | *.sx | *.cu | *.cup)
+    *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup)
       func_xform "$libobj"
       libobj=$func_xform_result
       ;;
@@ -3665,11 +3665,13 @@ func_mode_install ()
 
       # Set up the ranlib parameters.
       oldlib="$destdir/$name"
+      func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
+      tool_oldlib=$func_to_tool_file_result
 
       func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
 
       if test -n "$stripme" && test -n "$old_striplib"; then
-	func_show_eval "$old_striplib $oldlib" 'exit $?'
+	func_show_eval "$old_striplib $tool_oldlib" 'exit $?'
       fi
 
       # Do each command in the postinstall commands.
@@ -3934,7 +3936,7 @@ static const void *lt_preloaded_setup() {
 	  # linked before any other PIC object.  But we must not use
 	  # pic_flag when linking with -static.  The problem exists in
 	  # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
-	  *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+	  *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
 	    pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
 	  *-*-hpux*)
 	    pic_flag_for_symtable=" $pic_flag"  ;;
@@ -4449,6 +4451,8 @@ func_exec_program_core ()
 # launches target application with the remaining arguments.
 func_exec_program ()
 {
+  case \" \$* \" in
+  *\\ --lt-*)
     for lt_wr_arg
     do
       case \$lt_wr_arg in
@@ -4456,7 +4460,8 @@ func_exec_program ()
       *) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
       esac
       shift
-  done
+    done ;;
+  esac
   func_exec_program_core \${1+\"\$@\"}
 }
 
@@ -5524,9 +5529,15 @@ void lt_dump_script (FILE* f)
 {
 EOF
 	    func_emit_wrapper yes |
-              $SED -e 's/\([\\"]\)/\\\1/g' \
-	           -e 's/^/  fputs ("/' -e 's/$/\\n", f);/'
-
+	      $SED -n -e '
+s/^\(.\{79\}\)\(..*\)/\1\
+\2/
+h
+s/\([\\"]\)/\\\1/g
+s/$/\\n/
+s/\([^\n]*\).*/  fputs ("\1", f);/p
+g
+D'
             cat <<"EOF"
 }
 EOF
@@ -6111,7 +6122,8 @@ func_mode_link ()
 	continue
 	;;
 
-      -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+      -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+      |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
 	compiler_flags="$compiler_flags $arg"
 	compile_command="$compile_command $arg"
 	finalize_command="$finalize_command $arg"
@@ -6615,7 +6627,8 @@ func_mode_link ()
 	lib=
 	found=no
 	case $deplib in
-	-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+	-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+        |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
 	  if test "$linkmode,$pass" = "prog,link"; then
 	    compile_deplibs="$deplib $compile_deplibs"
 	    finalize_deplibs="$deplib $finalize_deplibs"
@@ -7316,7 +7329,7 @@ func_mode_link ()
 	         test "$hardcode_direct_absolute" = no; then
 		add="$dir/$linklib"
 	      elif test "$hardcode_minus_L" = yes; then
-		add_dir="-L$dir"
+		add_dir="-L$absdir"
 		# Try looking first in the location we're being installed to.
 		if test -n "$inst_prefix_dir"; then
 		  case $libdir in
@@ -7801,6 +7814,7 @@ func_mode_link ()
 	  # which has an extra 1 added just for fun
 	  #
 	  case $version_type in
+	  # correct linux to gnu/linux during the next big refactor
 	  darwin|linux|osf|windows|none)
 	    func_arith $number_major + $number_minor
 	    current=$func_arith_result
@@ -7917,7 +7931,7 @@ func_mode_link ()
 	  versuffix="$major.$revision"
 	  ;;
 
-	linux)
+	linux) # correct to gnu/linux during the next big refactor
 	  func_arith $current - $age
 	  major=.$func_arith_result
 	  versuffix="$major.$age.$revision"
@@ -8505,6 +8519,11 @@ EOF
 
       # Test again, we may have decided not to build it any more
       if test "$build_libtool_libs" = yes; then
+	# Remove ${wl} instances when linking with ld.
+	# FIXME: should test the right _cmds variable.
+	case $archive_cmds in
+	  *\$LD\ *) wl= ;;
+        esac
 	if test "$hardcode_into_libs" = yes; then
 	  # Hardcode the library paths
 	  hardcode_libdirs=
@@ -8535,7 +8554,7 @@ EOF
 	    elif test -n "$runpath_var"; then
 	      case "$perm_rpath " in
 	      *" $libdir "*) ;;
-	      *) func_apped perm_rpath " $libdir" ;;
+	      *) perm_rpath="$perm_rpath $libdir" ;;
 	      esac
 	    fi
 	  done
@@ -8543,11 +8562,7 @@ EOF
 	  if test -n "$hardcode_libdir_separator" &&
 	     test -n "$hardcode_libdirs"; then
 	    libdir="$hardcode_libdirs"
-	    if test -n "$hardcode_libdir_flag_spec_ld"; then
-	      eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
-	    else
-	      eval dep_rpath=\"$hardcode_libdir_flag_spec\"
-	    fi
+	    eval "dep_rpath=\"$hardcode_libdir_flag_spec\""
 	  fi
 	  if test -n "$runpath_var" && test -n "$perm_rpath"; then
 	    # We should set the runpath_var.
@@ -9637,6 +9652,8 @@ EOF
 	    esac
 	  done
 	fi
+	func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
+	tool_oldlib=$func_to_tool_file_result
 	eval cmds=\"$old_archive_cmds\"
 
 	func_len " $cmds"
@@ -9746,7 +9763,8 @@ EOF
 	      *.la)
 		func_basename "$deplib"
 		name="$func_basename_result"
-		eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+		func_resolve_sysroot "$deplib"
+		eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result`
 		test -z "$libdir" && \
 		  func_fatal_error "\`$deplib' is not a valid libtool archive"
 		newdependency_libs="$newdependency_libs ${lt_sysroot:+=}$libdir/$name"
@@ -10130,7 +10148,7 @@ reload_flag=" -r"
 reload_cmds="\$LD\$reload_flag -o \$output\$reload_objs"
 
 # Commands used to build an old-style archive.
-old_archive_cmds="\$AR \$AR_FLAGS \$oldlib\$oldobjs~\$RANLIB \$oldlib"
+old_archive_cmds="\$AR \$AR_FLAGS \$oldlib\$oldobjs~\$RANLIB \$tool_oldlib"
 
 # A language specific compiler.
 CC="g++"
@@ -10196,10 +10214,6 @@ no_undefined_flag=""
 # This must work even if $libdir does not exist
 hardcode_libdir_flag_spec="\${wl}-rpath \${wl}\$libdir"
 
-# If ld is used when linking, flag to hardcode $libdir into a binary
-# during linking.  This must work even if $libdir does not exist.
-hardcode_libdir_flag_spec_ld=""
-
 # Whether we need a single "-rpath" flag with a separated argument.
 hardcode_libdir_separator=""