further refactoring, working libtls-standalone

This commit is contained in:
Brent Cook 2015-05-02 01:40:33 -05:00
parent d3771a41cb
commit 769d58e494
12 changed files with 172 additions and 316 deletions

6
.gitignore vendored
View File

@ -122,7 +122,11 @@ include/openssl/*.he
/libtls-standalone/include/*.h
/libtls-standalone/src/*.c
/libtls-standalone/src/*.h
/libtls-standalone/src/compat
/libtls-standalone/src
/libtls-standalone/compat
!/libtls-standalone/compat/Makefile.am
/libtls-standalone/VERSION
/libtls-standalone/m4
openbsd/

View File

@ -65,49 +65,7 @@ if !HAVE_TIMINGSAFE_BCMP
libcompat_la_SOURCES += compat/timingsafe_bcmp.c
endif
if !HAVE_ARC4RANDOM_BUF
libcompat_la_SOURCES += compat/arc4random.c
if !HAVE_GETENTROPY
if HOST_AIX
libcompat_la_SOURCES += compat/getentropy_aix.c
endif
if HOST_FREEBSD
libcompat_la_SOURCES += compat/getentropy_freebsd.c
endif
if HOST_HPUX
libcompat_la_SOURCES += compat/getentropy_hpux.c
endif
if HOST_LINUX
libcompat_la_SOURCES += compat/getentropy_linux.c
endif
if HOST_NETBSD
libcompat_la_SOURCES += compat/getentropy_netbsd.c
endif
if HOST_DARWIN
libcompat_la_SOURCES += compat/getentropy_osx.c
endif
if HOST_SOLARIS
libcompat_la_SOURCES += compat/getentropy_solaris.c
endif
if HOST_WIN
libcompat_la_SOURCES += compat/getentropy_win.c
endif
endif
endif
noinst_HEADERS =
noinst_HEADERS += compat/arc4random.h
noinst_HEADERS += compat/arc4random_aix.h
noinst_HEADERS += compat/arc4random_freebsd.h
noinst_HEADERS += compat/arc4random_hpux.h
noinst_HEADERS += compat/arc4random_linux.h
noinst_HEADERS += compat/arc4random_netbsd.h
noinst_HEADERS += compat/arc4random_osx.h
noinst_HEADERS += compat/arc4random_solaris.h
noinst_HEADERS += compat/arc4random_win.h
noinst_HEADERS += compat/chacha_private.h
include Makefile.am.arc4random
libcrypto_la_SOURCES =
EXTRA_libcrypto_la_SOURCES =

View File

@ -1,4 +1,4 @@
SUBDIRS = include src
SUBDIRS = include compat src app
ACLOCAL_AMFLAGS = -I m4
pkgconfigdir = $(libdir)/pkgconfig

View File

@ -1 +1 @@
3:1:0
3.1.0

View File

@ -0,0 +1,6 @@
AM_CFLAGS = -I$(top_srcdir)/include
bin_PROGRAMS = test
test_SOURCES = test.c
test_LDADD = -lcrypto -lssl $(top_builddir)/src/libtls.la

View File

@ -0,0 +1,6 @@
#include <tls.h>
int main()
{
tls_init();
}

View File

@ -0,0 +1,45 @@
#
# Copyright (c) 2014-2015 Brent Cook
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src
noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
# compatibility functions that need to be built without optimizations
libcompatnoopt_la_CFLAGS = -O0
libcompatnoopt_la_SOURCES =
if !HAVE_EXPLICIT_BZERO
libcompatnoopt_la_SOURCES += explicit_bzero.c
endif
# other compatibility functions
libcompat_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
libcompat_la_SOURCES =
libcompat_la_LIBADD = $(PLATFORM_LDADD)
if !HAVE_ASPRINTF
libcompat_la_SOURCES += bsd-asprintf.c
endif
if !HAVE_STRLCPY
libcompat_la_SOURCES += strlcpy.c
endif
if !HAVE_STRSEP
libcompat_la_SOURCES += strsep.c
endif
include Makefile.am.arc4random

View File

@ -1,3 +1,17 @@
# Copyright (c) 2014-2015 Brent Cook
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([libtls], m4_esyscmd([tr -d '\n' < VERSION]))
AC_CANONICAL_HOST
@ -15,238 +29,20 @@ AM_PROG_CC_C_O
AC_PROG_LIBTOOL
LT_INIT
CFLAGS="$CFLAGS -Wall -std=gnu99"
CHECK_OS_OPTIONS
case $host_os in
*aix*)
HOST_OS=aix
if test "`echo $CC | cut -d ' ' -f 1`" != "gcc" ; then
CFLAGS="$USER_CFLAGS"
fi
;;
*cygwin*)
HOST_OS=cygwin
;;
*darwin*)
HOST_OS=darwin
HOST_ABI=macosx
;;
*freebsd*)
HOST_OS=freebsd
HOST_ABI=elf
;;
*hpux*)
HOST_OS=hpux;
if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then
CFLAGS="$CFLAGS -mlp64"
else
CFLAGS="-g -O2 +DD64 $USER_CFLAGS"
fi
CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
;;
*linux*)
HOST_OS=linux
HOST_ABI=elf
CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
;;
*netbsd*)
HOST_OS=netbsd
CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
;;
*openbsd*)
HOST_ABI=elf
AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
;;
*mingw*)
HOST_OS=win
CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600"
CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG"
CFLAGS="$CFLAGS -static-libgcc"
LDFLAGS="$LDFLAGS -static-libgcc"
AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
;;
*solaris*)
HOST_OS=solaris
HOST_ABI=elf
CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
;;
*) ;;
esac
CHECK_C_HARDENING_OPTIONS
AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix])
AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin])
AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin])
AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux])
AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux])
AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd])
AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin])
DISABLE_COMPILER_WARNINGS
AC_MSG_CHECKING([if compiling with clang])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
#ifndef __clang__
not clang
#endif
]])],
[CLANG=yes],
[CLANG=no]
)
AC_MSG_RESULT([$CLANG])
AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments])
CFLAGS="$CFLAGS $CLANG_FLAGS"
LDFLAGS="$LDFLAGS $CLANG_FLAGS"
# We want to check for compiler flag support. Prior to clang v5.1, there was no
# way to make clang's "argument unused" warning fatal. So we invoke the
# compiler through a wrapper script that greps for this message.
saved_CC="$CC"
saved_LD="$LD"
flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
CC="$flag_wrap $CC"
LD="$flag_wrap $LD"
AC_ARG_ENABLE([hardening],
[AS_HELP_STRING([--disable-hardening],
[Disable options to frustrate memory corruption exploits])],
[], [enable_hardening=yes])
AC_ARG_ENABLE([windows-ssp],
[AS_HELP_STRING([--enable-windows-ssp],
[Enable building the stack smashing protection on
Windows. This currently distributing libssp-0.dll.])])
AC_DEFUN([CHECK_CFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_CC supports "$1"])
old_cflags="$CFLAGS"
CFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
CFLAGS=$old_cflags
HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
AC_MSG_RESULT([no])
CFLAGS=$old_cflags
[$2])
])
AC_DEFUN([CHECK_LDFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_LD supports "$1"])
old_ldflags="$LDFLAGS"
LDFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
LDFLAGS=$old_ldflags
HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
AC_MSG_RESULT([no])
LDFLAGS=$old_ldflags
[$2])
])
AS_IF([test "x$enable_hardening" = "xyes"], [
# Tell GCC to NOT optimize based on signed arithmetic overflow
CHECK_CFLAG([[-fno-strict-overflow]])
# _FORTIFY_SOURCE replaces builtin functions with safer versions.
CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
# Enable read only relocations
CHECK_LDFLAG([[-Wl,-z,relro]])
CHECK_LDFLAG([[-Wl,-z,now]])
# Windows security flags
AS_IF([test "x$HOST_OS" = "xwin"], [
CHECK_LDFLAG([[-Wl,--nxcompat]])
CHECK_LDFLAG([[-Wl,--dynamicbase]])
CHECK_LDFLAG([[-Wl,--high-entropy-va]])
])
# Use stack-protector-strong if available; if not, fallback to
# stack-protector-all which is considered to be overkill
AS_IF([test "x$enable_windows_ssp" = "xyes" -o "x$HOST_OS" != "xwin"], [
CHECK_CFLAG([[-fstack-protector-strong]],
CHECK_CFLAG([[-fstack-protector-all]],
AC_MSG_WARN([compiler does not appear to support stack protection])
)
)
AS_IF([test "x$HOST_OS" = "xwin"], [
AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
])
])
])
# Restore CC, LD
CC="$saved_CC"
LD="$saved_LD"
CFLAGS="$CFLAGS $HARDEN_CFLAGS"
LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
# Removing the dependency on -Wno-pointer-sign should be a goal
save_cflags="$CFLAGS"
CFLAGS=-Wno-pointer-sign
AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-Wno-pointer-sign],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
save_cflags="$CFLAGS"
CFLAGS=
AC_MSG_CHECKING([whether AS supports .note.GNU-stack])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
__asm__(".section .note.GNU-stack,\"\",@progbits");]])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-DHAVE_GNU_STACK],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
AM_PROG_AS
AC_CHECK_FUNCS([explicit_bzero strsep])
AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
#AC_CHECK_FUNCS([arc4random_buf asprintf explicit_bzero funopen getauxval])
#AC_CHECK_FUNCS([getentropy memmem poll reallocarray])
#AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strtonum])
#AC_CHECK_FUNCS([symlink])
#AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
#
## Share test results with automake
#AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
#AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
#AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
#AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
#AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
#AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
#AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
#AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
#AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
#AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
#AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
#AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
#AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
#AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes])
CHECK_LIBC_COMPAT
CHECK_LIBC_CRYPTO_COMPAT
AC_CONFIG_FILES([
Makefile
include/Makefile
app/Makefile
compat/Makefile
src/Makefile
libtls.pc
])

View File

@ -1,27 +1,5 @@
#noinst_HEADERS = err.h
#noinst_HEADERS += netdb.h
#noinst_HEADERS += poll.h
#noinst_HEADERS += pqueue.h
#noinst_HEADERS += stdio.h
#noinst_HEADERS += stdlib.h
#noinst_HEADERS += string.h
#noinst_HEADERS += syslog.h
#noinst_HEADERS += unistd.h
#noinst_HEADERS += win32netcompat.h
#
#noinst_HEADERS += arpa/inet.h
#
#noinst_HEADERS += machine/endian.h
#
#noinst_HEADERS += netinet/in.h
#noinst_HEADERS += netinet/tcp.h
#
#noinst_HEADERS += sys/ioctl.h
#noinst_HEADERS += sys/mman.h
#noinst_HEADERS += sys/select.h
#noinst_HEADERS += sys/socket.h
#noinst_HEADERS += sys/times.h
#noinst_HEADERS += sys/types.h
#noinst_HEADERS += sys/uio.h
noinst_HEADERS = stdlib.h
noinst_HEADERS += string.h
noinst_HEADERS += unistd.h
include_HEADERS = tls.h

View File

@ -17,12 +17,57 @@
#include <strings.h>
#endif
#ifndef HAVE_EXPLICIT_BZERO
void explicit_bzero(void *, size_t);
#ifndef HAVE_STRLCPY
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_STRLCAT
size_t strlcat(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_STRNDUP
char * strndup(const char *str, size_t maxlen);
/* the only user of strnlen is strndup, so only build it if needed */
#ifndef HAVE_STRNLEN
size_t strnlen(const char *str, size_t maxlen);
#endif
#endif
#ifndef HAVE_STRSEP
char *strsep(char **stringp, const char *delim);
#endif
#ifndef HAVE_EXPLICIT_BZERO
void explicit_bzero(void *, size_t);
#endif
#ifndef HAVE_TIMINGSAFE_BCMP
int timingsafe_bcmp(const void *b1, const void *b2, size_t n);
#endif
#ifndef HAVE_TIMINGSAFE_MEMCMP
int timingsafe_memcmp(const void *b1, const void *b2, size_t len);
#endif
#ifndef HAVE_MEMMEM
void * memmem(const void *big, size_t big_len, const void *little,
size_t little_len);
#endif
#ifdef _WIN32
#include <errno.h>
static inline char *
posix_strerror(int errnum)
{
if (errnum == ECONNREFUSED) {
return "Connection refused";
}
return strerror(errnum);
}
#define strerror(errnum) posix_strerror(errnum)
#endif
#endif

View File

@ -4,6 +4,8 @@ lib_LTLIBRARIES = libtls.la
libtls_la_LDFLAGS = -no-undefined
libtls_la_LIBADD = -lcrypto -lssl $(PLATFORM_LDADD)
libtls_la_LIBADD += $(top_builddir)/compat/libcompat.la
libtls_la_LIBADD += $(top_builddir)/compat/libcompatnoopt.la
libtls_la_SOURCES = tls.c
libtls_la_SOURCES += tls_client.c
@ -12,7 +14,3 @@ libtls_la_SOURCES += tls_server.c
libtls_la_SOURCES += tls_util.c
libtls_la_SOURCES += tls_verify.c
noinst_HEADERS = tls_internal.h
if !HAVE_STRSEP
libtls_la_SOURCES += strsep.c
endif

View File

@ -43,7 +43,7 @@ source $libtls_src/shlib_version
libtls_version=$major:$minor:0
echo "libtls version $libtls_version"
echo $libtls_version > tls/VERSION
echo $libtls_version > libtls-standalone/VERSION
echo $major.$minor.0 > libtls-standalone/VERSION
do_mv() {
if ! cmp -s "$1" "$2"
@ -62,21 +62,35 @@ $CP $libcrypto_src/crypto/arch/amd64/opensslconf.h include/openssl
$CP $libssl_src/src/crypto/opensslfeatures.h include/openssl
$CP $libssl_src/src/e_os2.h include/openssl
$CP $libssl_src/src/ssl/pqueue.h include
$CP $libtls_src/tls.h include
$CP $libtls_src/tls.h libtls-standalone/include
for i in explicit_bzero.c strlcpy.c strlcat.c strndup.c strnlen.c \
timingsafe_bcmp.c timingsafe_memcmp.c; do
$CP $libc_src/string/$i crypto/compat
sed -e "s/#define HEADER_TLS_H/#define HEADER_TLS_H\n#include <stddef.h>\n#include <stdint.h>/" \
$libtls_src/tls.h > include/tls.h
$CP include/tls.h libtls-standalone/include
for i in crypto/compat libtls-standalone/compat; do
$CP $libc_src/crypt/arc4random.c \
$libc_src/crypt/chacha_private.h \
$libc_src/string/explicit_bzero.c \
$libc_src/stdlib/reallocarray.c \
$libc_src/string/strlcpy.c \
$libc_src/string/strlcat.c \
$libc_src/string/strndup.c \
$libc_src/string/strnlen.c \
$libc_src/string/timingsafe_bcmp.c \
$libc_src/string/timingsafe_memcmp.c \
$libcrypto_src/crypto/getentropy_*.c \
$libcrypto_src/crypto/arc4random_*.h \
$i
done
$CP $libc_src/stdlib/reallocarray.c crypto/compat
$CP $libc_src/crypt/arc4random.c crypto/compat
$CP $libc_src/crypt/chacha_private.h crypto/compat
$CP $libcrypto_src/crypto/getentropy_*.c crypto/compat
$CP $libcrypto_src/crypto/arc4random_*.h crypto/compat
$CP $libcrypto_src/crypto/getentropy_*.c libtls-standalone/src/compat
$CP $libcrypto_src/crypto/arc4random_*.h libtls-standalone/src/compat
$CP include/stdlib.h \
include/string.h \
include/unistd.h \
libtls-standalone/include
$CP crypto/compat/arc4random*.h \
crypto/compat/bsd-asprintf.c \
libtls-standalone/compat
(cd $libssl_src/src/crypto/objects/;
perl objects.pl objects.txt obj_mac.num obj_mac.h;
@ -179,7 +193,13 @@ for i in `awk '/SOURCES|HEADERS/ { print $3 }' tls/Makefile.am` ; do
fi
done
$CP $libc_src/string/strsep.c tls
$CP $libc_src/string/strsep.c libtls-standalone/src/compat
$CP $libc_src/string/strsep.c libtls-standalone/compat
mkdir -p libtls-standalone/m4
$CP m4/check*.m4 \
m4/disable*.m4 \
libtls-standalone/m4
sed -e "s/compat\///" crypto/Makefile.am.arc4random > \
libtls-standalone/compat/Makefile.am.arc4random
# copy openssl(1) source
echo "copying openssl(1) source"