From deraadt@ upstream:
Remove all getenv() calls, especially those wrapped by issetugid().
getenv()'s wrapped by issetugid() are safe, but issetugid() is ...
difficult to impliment on many operating systems. By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems. Noone noticed & complained that
certain environment variables were not working.......
Move define adjustments to CPPFLAGS.
Adjust user CFLAGS directly, do not override during configuration.
USER_CFLAGS is not necessary to build libcompat_noopt correctly.
There are so many test exceptions that need handling that it is easier
to simply edit it directly rather than doing autogeneration anymore.
This also puts biotest and pidwraptest behind a new --enable-extratests
option, so they are easy to run but are not enabled by default.
The API/ABI for the LibreSSL 2.1.x series is now fixed, so we can safely
enable libtls it by default. This is useful for new OpenNTPD and
OpenSMTPD releases as well.
ok deraadt@ beck@ sthen@
This enables DEP and ALSR capabilities. Stack protection is enabled
optionally, there are some extra linking steps required that make it
difficult to enable by default.
The current NetBSD release, 6.1.5, fails to reseed arc4random fork. Work
around it by providing arc4random/getentropy shims. Revisit when NetBSD
7 is available.
tested on: HP-UX 11.31 ia64,
gcc 4.7.1(HP AllianceOne version)
gcc 4.2.3(http://hpux.connect.org.uk)
HP C/aC++
HP-UX defaults to use LP32 and it treats long as 32 bit (= 4 bytes).
This build forces LP64 for treating long as 64 bit.
Rather than doing separate linker/compiler checks, just build a
non-empty program with each so that the compiler will actually try to
use the hardening features. Reduce redundancy in the macro calls by just
setting the flag that was just tested.
Also, disable hardening for mingw, since its trying to use a
libssp-0.dll file that I can't find right now. The detected hardening
flags break mingw builds currently.
Where available, enable stack smashing protection, fortify source,
no-strict-overflow, and read only relocations.
Many Linux distributions automatically enable most of these options.
They are no brainers. The difference introduced here is in asking for a
few more aggressive options. An option to disable the more aggressive
options is provided (--disable-hardening). When set, configure will fall
back to the default CFLAGS on the system - in many cases that will still
be hardened. There is no point in going further than that.
Options enabled are:
-fstack-protector-strong is a relatively new GCC-4.9 feature that is
supposed to give a better balance between performance and protection.
-all is considered too aggressive, but was used in Chromium and other
security critical systems until -strong became available. Follow their
lead and use -strong when possible. clang 6.0 supports -all but not
-strong.
_FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with
more robust equivalents when the compiler can determine the length of
the buffers involved.
-fno-strict-overflow instructs GCC to not make optimizations based on
the assumption that signed arithmetic will wrap around on overflow (e.g.
(short)0x7FFF + 1 == 0). This prevents the optimizer from doing some
unexpected things. Further improvements should trap signed overflows and
reduce the use of signed to refer to naturally unsigned quantities.
I did not set -fPIE (position independent executables). The critical
function of Open/LibreSSL is as a library, not an executable.
Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check".
Signed-off-by: Jim Barlow <jim@purplerock.ca>
When generating ELF objects from assembly, gcc and clang mark the
GNU_STACK program headers as RWX by default. This is a security issue,
so we make sure it is marked only RW.
This modifies Anthony G. Basile's original patch for Linux to set
.note.GNU-stack whenever the assembler supports it. It is surprising
that any modern toolchain would enable an executable stack without an
explicit request. The number of programs that need an executable stack
is surely much smaller than the number of programs that include assembly.
This adds initial support for assembly crypto acceleration on x86_64 for
ELF (Linux, *BSD, Solaris) and Mach-O (OS-X) systems.
The build method is a little different than OpenSSL and OpenBSD. All
the .s files are generated ahead of time when the tarball is generated,
so there are no complicated makefile rules at configure/build time. This
also means the builds are faster and perl is not required on the build
system.
Thanks to Wouter Clarie for providing the initial cleanup and patch
that this is based on.
This makes building and testing easier because the library Makefile.am
files are use directly rather than as templates. Thanks to Wouter Clarie
for the idea.
Use './configure --enable-libtls' to build the library and install the
associated manpages. Note that the API and ABI of this library may
change still, though feedback is welcome.
ok deraadt@ jsing@ tedu@
This provides sufficient functionality to run openssl(1) from a Windows
console. This is based on the original select-based version from from
songdongsheng@live.cn. Changes:
* use nfds_t directly for iterating the fds.
* add WSAGetLastError -> errno mappings
* handle POLLHUP and the OOB data cases for revents
* handle sparse arrays of fds correctly
* KNF style updates
* teach poll how to handle file handles as well as sockets
This handles the socket/non-socket issue by alternating a loop between
WaitForMultipleObjects for non-sockets and and select for sockets. One
would think this would be terrible for performance, but as of this
writing, poll consumes about 6% of the time doing a bulk transfer
between a Linux box and 'openssl.exe s_server'.
I tried to implement this all in terms of WaitForMultipleObjects with a
select 'poll' at the end to get extra specific socket status. However,
the cost of setting up an event handle for each socket, setting the
WSAEventSelect attributes, and cleaning them up reliably was pretty
high. Since the event handle associated with a socket is also global,
creating a new one cancels the previous one or can be disabled
externally.
In addition, the 'FD_WRITE' status of a socket event handle does not
behave in an expected fashion, being triggered by an edge on a write
event rather than being level triggered.
Another fun horror story is how stdin in windows might be a console, it
might be a pipe, it might be something else. If these all worked in the
same way, it would be great. But, since a console-stdin can also signal
on a mouse or window event, it means we can easily get stuck in a
blocking read (you can't make stdin non-blocking) if the non-character
events are not filtered out. So, poll does that too.
See here for various additional horror stories:
http://www.postgresql.org/message-id/4351.1336927207@sss.pgh.pa.us
The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.
Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.
ok beck@ deraadt@
