diff options
author | beck <> | 2022-11-11 11:25:18 +0000 |
---|---|---|
committer | beck <> | 2022-11-11 11:25:18 +0000 |
commit | 83e73dadd90af52585df1bcce4e5b84da25fe19e (patch) | |
tree | ed6caa2922a04c9566669564e9dda8a563bf522a /src/lib/libcrypto/hidden | |
parent | 522ea7abc19e814a672474a8f25f67f470ceb772 (diff) | |
download | openbsd-83e73dadd90af52585df1bcce4e5b84da25fe19e.tar.gz openbsd-83e73dadd90af52585df1bcce4e5b84da25fe19e.tar.bz2 openbsd-83e73dadd90af52585df1bcce4e5b84da25fe19e.zip |
Add support for symbol hiding disabled by default.
Fully explained in libcrypto/README. TL;DR make sure libcrypto
and libssl's function calls internally and to each other are via
symbol names that won't get overridden by linking other libraries.
Mostly work by guenther@, which will currently be gated behind a
build setting NAMESPACE=yes. once we convert all the symbols to
this method we will do a major bump and pick up the changes.
ok tb@ jsing@
Diffstat (limited to 'src/lib/libcrypto/hidden')
-rw-r--r-- | src/lib/libcrypto/hidden/README | 40 | ||||
-rw-r--r-- | src/lib/libcrypto/hidden/crypto_namespace.h | 44 | ||||
-rw-r--r-- | src/lib/libcrypto/hidden/openssl/hmac.h | 36 |
3 files changed, 120 insertions, 0 deletions
diff --git a/src/lib/libcrypto/hidden/README b/src/lib/libcrypto/hidden/README new file mode 100644 index 0000000000..c41830cf55 --- /dev/null +++ b/src/lib/libcrypto/hidden/README | |||
@@ -0,0 +1,40 @@ | |||
1 | The goals: | ||
2 | 1) calls from inside libcrypto to other libcrypto functions should | ||
3 | be via identifiers that are of hidden visibility and -- to avoid | ||
4 | confusion or conflicts -- are in the reserved namespace. By | ||
5 | doing this these calls are protected from being overridden by | ||
6 | applications and on many platforms can avoid creation or use of | ||
7 | GOT or PLT entries. I've chosen a prefix of "_lcry_" for this. | ||
8 | Note that these symbols aren't in the dynamic symbol table of the | ||
9 | libcrypto.so shared library...but they are visible in the static | ||
10 | library. | ||
11 | |||
12 | 2) calls from libssl to symbols in libcrypto should be via identifiers | ||
13 | which won't be accidentally overridden by the application, libc, | ||
14 | other random crypto libraries that are pulled in, etc. I've | ||
15 | chosen a prefix of "_libre_" for this. | ||
16 | |||
17 | These will not be declared directly; instead, the gcc "asm labels" | ||
18 | extension will be used rename the function. In order to actually | ||
19 | set up the desired asm labels, we use these in the internal .h | ||
20 | files: | ||
21 | |||
22 | LCRYPTO_USED(x) Symbols used both internally and externally | ||
23 | In builds of libcrypto, this makes gcc convert use of x to | ||
24 | use _libre_x instead. In other builds that use these headers, | ||
25 | it makes gcc convert use of x to use _libre_x instead. Use | ||
26 | LCRYPTO_ALIAS(x) to create the external aliases. | ||
27 | ex: LCRYPTO_USED(SSL_get_verify_mode) | ||
28 | |||
29 | LCRYPTO_UNUSED(x) Symbols that are not used internally or by libssl | ||
30 | No renaming is done. In builds of libcrypto, the symbol | ||
31 | is marked as deprecated to detect unintentional use of such | ||
32 | a synbol, so that it can be marked as used going forward. | ||
33 | ex: LCRYPTO_UNUSED(SSL_CIPHER_get_name) | ||
34 | |||
35 | Finally, to create the expected aliases, we use these in the .c files | ||
36 | where the definitions are: | ||
37 | LCRYPTO_ALIAS(x) | ||
38 | This defines both x and _libre_x as strong aliases for _lcry_x. | ||
39 | Match uses of this with uses of LCRYPTO_USED() | ||
40 | ex: LCRYPTO_ALIAS(SSL_get_verify_mode) | ||
diff --git a/src/lib/libcrypto/hidden/crypto_namespace.h b/src/lib/libcrypto/hidden/crypto_namespace.h new file mode 100644 index 0000000000..6ceef26e2d --- /dev/null +++ b/src/lib/libcrypto/hidden/crypto_namespace.h | |||
@@ -0,0 +1,44 @@ | |||
1 | /* $OpenBSD: crypto_namespace.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2016 Philip Guenther <guenther@openbsd.org> | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #ifndef _LIBCRYPTO_CRYPTO_NAMESPACE_H_ | ||
19 | #define _LIBCRYPTO_CRYPTO_NAMESPACE_H_ | ||
20 | |||
21 | /* | ||
22 | * If marked as 'used', then internal calls use the name with prefix "_lcry_" | ||
23 | * and we alias that to the normal name *and* the name with prefix "_libre_"; | ||
24 | * external calls use the latter name. | ||
25 | */ | ||
26 | |||
27 | #ifdef LIBRESSL_NAMESPACE | ||
28 | # define LCRYPTO_UNUSED(x) typeof(x) x __attribute__((deprecated)) | ||
29 | #ifdef LIBRESSL_CRYPTO_NAMESPACE | ||
30 | # define LCRYPTO_USED(x) __attribute__((visibility("hidden"))) \ | ||
31 | typeof(x) x asm("_lcry_"#x) | ||
32 | # define LCRYPTO_ALIAS1(pre,x) asm(".global "#pre#x"; "#pre#x" = _lcry_"#x) | ||
33 | # define LCRYPTO_ALIAS(x) LCRYPTO_ALIAS1(,x); LCRYPTO_ALIAS1(_libre_,x); | ||
34 | #else | ||
35 | # define LCRYPTO_USED(x) typeof(x) x asm("_libre_"#x) | ||
36 | #endif | ||
37 | #else | ||
38 | # define LCRYPTO_UNUSED(x) | ||
39 | # define LCRYPTO_USED(x) | ||
40 | # define LCRYPTO_ALIAS1(pre,x) | ||
41 | # define LCRYPTO_ALIAS(x) | ||
42 | #endif | ||
43 | |||
44 | #endif /* _LIBCRYPTO_CRYPTO_NAMESPACE_H_ */ | ||
diff --git a/src/lib/libcrypto/hidden/openssl/hmac.h b/src/lib/libcrypto/hidden/openssl/hmac.h new file mode 100644 index 0000000000..d8370945d0 --- /dev/null +++ b/src/lib/libcrypto/hidden/openssl/hmac.h | |||
@@ -0,0 +1,36 @@ | |||
1 | /* $OpenBSD: hmac.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2016 Philip Guenther <guenther@openbsd.org> | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #ifndef _LIBCRYPTO_HMAC_H_ | ||
19 | #define _LIBCRYPTO_HMAC_H_ | ||
20 | |||
21 | #include_next <openssl/hmac.h> | ||
22 | #include "crypto_namespace.h" | ||
23 | |||
24 | LCRYPTO_USED(HMAC_CTX_new); | ||
25 | LCRYPTO_USED(HMAC_CTX_free); | ||
26 | LCRYPTO_UNUSED(HMAC_CTX_reset); | ||
27 | LCRYPTO_UNUSED(HMAC_Init); | ||
28 | LCRYPTO_USED(HMAC_Init_ex); | ||
29 | LCRYPTO_USED(HMAC_Update); | ||
30 | LCRYPTO_USED(HMAC_Final); | ||
31 | LCRYPTO_USED(HMAC); | ||
32 | LCRYPTO_USED(HMAC_CTX_copy); | ||
33 | LCRYPTO_USED(HMAC_CTX_set_flags); | ||
34 | LCRYPTO_USED(HMAC_CTX_get_md); | ||
35 | |||
36 | #endif /* _LIBCRYPTO_HMAC_H_ */ | ||