Add support for symbol hiding disabled by default.

Fully explained in libcrypto/README. TL;DR make sure libcrypto and libssl's function calls internally and to each other are via symbol names that won't get overridden by linking other libraries. Mostly work by guenther@, which will currently be gated behind a build setting NAMESPACE=yes. once we convert all the symbols to this method we will do a major bump and pick up the changes. ok tb@ jsing@
author: beck <> 2022-11-11 11:25:18 +0000
committer: beck <> 2022-11-11 11:25:18 +0000
commit: 83e73dadd90af52585df1bcce4e5b84da25fe19e (patch)
tree: ed6caa2922a04c9566669564e9dda8a563bf522a /src/lib/libcrypto/hidden
parent: 522ea7abc19e814a672474a8f25f67f470ceb772 (diff)
download: openbsd-83e73dadd90af52585df1bcce4e5b84da25fe19e.tar.gz
openbsd-83e73dadd90af52585df1bcce4e5b84da25fe19e.tar.bz2
openbsd-83e73dadd90af52585df1bcce4e5b84da25fe19e.zip
3 files changed, 120 insertions, 0 deletions
diff --git a/src/lib/libcrypto/hidden/README b/src/lib/libcrypto/hidden/README
new file mode 100644
index 0000000000..c41830cf55
--- /dev/null
+++ b/src/lib/libcrypto/hidden/README
@@ -0,0 +1,40 @@
+The goals:
+1) calls from inside libcrypto to other libcrypto functions should
+   be via identifiers that are of hidden visibility and -- to avoid
+   confusion or conflicts -- are in the reserved namespace.  By
+   doing this these calls are protected from being overridden by
+   applications and on many platforms can avoid creation or use of
+   GOT or PLT  entries.  I've chosen a prefix of "_lcry_" for this.
+   Note that these symbols aren't in the dynamic symbol table of the
+   libcrypto.so shared library...but they are visible in the static
+   library.
+2) calls from libssl to symbols in libcrypto should be via identifiers
+   which won't be accidentally overridden by the application, libc,
+   other random crypto libraries that are pulled in, etc.  I've
+   chosen a prefix of "_libre_" for this.
+These will not be declared directly; instead, the gcc "asm labels"
+extension will be used rename the function.  In order to actually
+set up the desired asm labels, we use these in the internal .h
+files:
+   LCRYPTO_USED(x)      Symbols used both internally and externally
+        In builds of libcrypto, this makes gcc convert use of x to
+        use _libre_x instead.  In other builds that use these headers,
+        it makes gcc convert use of x to use _libre_x instead.  Use
+        LCRYPTO_ALIAS(x) to create the external aliases.
+        ex: LCRYPTO_USED(SSL_get_verify_mode)
+   LCRYPTO_UNUSED(x)    Symbols that are not used internally or by libssl
+        No renaming is done.  In builds of libcrypto, the symbol
+        is marked as deprecated to detect unintentional use of such
+        a synbol, so that it can be marked as used going forward.
+        ex: LCRYPTO_UNUSED(SSL_CIPHER_get_name)
+Finally, to create the expected aliases, we use these in the .c files
+where the definitions are:
+   LCRYPTO_ALIAS(x)
+        This defines both x and _libre_x as strong aliases for _lcry_x.
+        Match uses of this with uses of LCRYPTO_USED()
+        ex: LCRYPTO_ALIAS(SSL_get_verify_mode)
diff --git a/src/lib/libcrypto/hidden/crypto_namespace.h b/src/lib/libcrypto/hidden/crypto_namespace.h
new file mode 100644
index 0000000000..6ceef26e2d
--- /dev/null
+++ b/src/lib/libcrypto/hidden/crypto_namespace.h
@@ -0,0 +1,44 @@
+/*      $OpenBSD: crypto_namespace.h,v 1.1 2022/11/11 11:25:18 beck Exp $       */
+/*
+ * Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _LIBCRYPTO_CRYPTO_NAMESPACE_H_
+#define _LIBCRYPTO_CRYPTO_NAMESPACE_H_
+/*
+ * If marked as 'used', then internal calls use the name with prefix "_lcry_"
+ * and we alias that to the normal name *and* the name with prefix "_libre_";
+ * external calls use the latter name.
+ */
+#ifdef LIBRESSL_NAMESPACE
+# define LCRYPTO_UNUSED(x)              typeof(x) x __attribute__((deprecated))
+#ifdef LIBRESSL_CRYPTO_NAMESPACE
+#  define LCRYPTO_USED(x)               __attribute__((visibility("hidden")))   \
+                                typeof(x) x asm("_lcry_"#x)
+#  define LCRYPTO_ALIAS1(pre,x) asm(".global "#pre#x"; "#pre#x" = _lcry_"#x)
+#  define LCRYPTO_ALIAS(x)      LCRYPTO_ALIAS1(,x); LCRYPTO_ALIAS1(_libre_,x);
+#else
+#  define LCRYPTO_USED(x)          typeof(x) x asm("_libre_"#x)
+#endif
+#else
+# define LCRYPTO_UNUSED(x)
+# define LCRYPTO_USED(x)
+# define LCRYPTO_ALIAS1(pre,x)
+# define LCRYPTO_ALIAS(x)
+#endif
+#endif  /* _LIBCRYPTO_CRYPTO_NAMESPACE_H_ */
diff --git a/src/lib/libcrypto/hidden/openssl/hmac.h b/src/lib/libcrypto/hidden/openssl/hmac.h
new file mode 100644
index 0000000000..d8370945d0
--- /dev/null
+++ b/src/lib/libcrypto/hidden/openssl/hmac.h
@@ -0,0 +1,36 @@
+/*      $OpenBSD: hmac.h,v 1.1 2022/11/11 11:25:18 beck Exp $   */
+/*
+ * Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _LIBCRYPTO_HMAC_H_
+#define _LIBCRYPTO_HMAC_H_
+#include_next <openssl/hmac.h>
+#include "crypto_namespace.h"
+LCRYPTO_USED(HMAC_CTX_new);
+LCRYPTO_USED(HMAC_CTX_free);
+LCRYPTO_UNUSED(HMAC_CTX_reset);
+LCRYPTO_UNUSED(HMAC_Init);
+LCRYPTO_USED(HMAC_Init_ex);
+LCRYPTO_USED(HMAC_Update);
+LCRYPTO_USED(HMAC_Final);
+LCRYPTO_USED(HMAC);
+LCRYPTO_USED(HMAC_CTX_copy);
+LCRYPTO_USED(HMAC_CTX_set_flags);
+LCRYPTO_USED(HMAC_CTX_get_md);
+#endif /* _LIBCRYPTO_HMAC_H_ */
author	beck <>	2022-11-11 11:25:18 +0000
committer	beck <>	2022-11-11 11:25:18 +0000
commit	83e73dadd90af52585df1bcce4e5b84da25fe19e (patch)
tree	ed6caa2922a04c9566669564e9dda8a563bf522a /src/lib/libcrypto/hidden
parent	522ea7abc19e814a672474a8f25f67f470ceb772 (diff)
download	openbsd-83e73dadd90af52585df1bcce4e5b84da25fe19e.tar.gz openbsd-83e73dadd90af52585df1bcce4e5b84da25fe19e.tar.bz2 openbsd-83e73dadd90af52585df1bcce4e5b84da25fe19e.zip

diff --git a/src/lib/libcrypto/hidden/README b/src/lib/libcrypto/hidden/README new file mode 100644 index 0000000000..c41830cf55 --- /dev/null +++ b/src/lib/libcrypto/hidden/README
@@ -0,0 +1,40 @@
	1	The goals:
	2	1) calls from inside libcrypto to other libcrypto functions should
	3	be via identifiers that are of hidden visibility and -- to avoid
	4	confusion or conflicts -- are in the reserved namespace. By
	5	doing this these calls are protected from being overridden by
	6	applications and on many platforms can avoid creation or use of
	7	GOT or PLT entries. I've chosen a prefix of "_lcry_" for this.
	8	Note that these symbols aren't in the dynamic symbol table of the
	9	libcrypto.so shared library...but they are visible in the static
	10	library.
	11
	12	2) calls from libssl to symbols in libcrypto should be via identifiers
	13	which won't be accidentally overridden by the application, libc,
	14	other random crypto libraries that are pulled in, etc. I've
	15	chosen a prefix of "_libre_" for this.
	16
	17	These will not be declared directly; instead, the gcc "asm labels"
	18	extension will be used rename the function. In order to actually
	19	set up the desired asm labels, we use these in the internal .h
	20	files:
	21
	22	LCRYPTO_USED(x) Symbols used both internally and externally
	23	In builds of libcrypto, this makes gcc convert use of x to
	24	use _libre_x instead. In other builds that use these headers,
	25	it makes gcc convert use of x to use _libre_x instead. Use
	26	LCRYPTO_ALIAS(x) to create the external aliases.
	27	ex: LCRYPTO_USED(SSL_get_verify_mode)
	28
	29	LCRYPTO_UNUSED(x) Symbols that are not used internally or by libssl
	30	No renaming is done. In builds of libcrypto, the symbol
	31	is marked as deprecated to detect unintentional use of such
	32	a synbol, so that it can be marked as used going forward.
	33	ex: LCRYPTO_UNUSED(SSL_CIPHER_get_name)
	34
	35	Finally, to create the expected aliases, we use these in the .c files
	36	where the definitions are:
	37	LCRYPTO_ALIAS(x)
	38	This defines both x and _libre_x as strong aliases for _lcry_x.
	39	Match uses of this with uses of LCRYPTO_USED()
	40	ex: LCRYPTO_ALIAS(SSL_get_verify_mode)


diff --git a/src/lib/libcrypto/hidden/crypto_namespace.h b/src/lib/libcrypto/hidden/crypto_namespace.h new file mode 100644 index 0000000000..6ceef26e2d --- /dev/null +++ b/src/lib/libcrypto/hidden/crypto_namespace.h
@@ -0,0 +1,44 @@
	1	/* $OpenBSD: crypto_namespace.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */
	2	/*
	3	* Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#ifndef _LIBCRYPTO_CRYPTO_NAMESPACE_H_
	19	#define _LIBCRYPTO_CRYPTO_NAMESPACE_H_
	20
	21	/*
	22	* If marked as 'used', then internal calls use the name with prefix "_lcry_"
	23	* and we alias that to the normal name and the name with prefix "_libre_";
	24	* external calls use the latter name.
	25	*/
	26
	27	#ifdef LIBRESSL_NAMESPACE
	28	# define LCRYPTO_UNUSED(x) typeof(x) x __attribute__((deprecated))
	29	#ifdef LIBRESSL_CRYPTO_NAMESPACE
	30	# define LCRYPTO_USED(x) __attribute__((visibility("hidden"))) \
	31	typeof(x) x asm("_lcry_"#x)
	32	# define LCRYPTO_ALIAS1(pre,x) asm(".global "#pre#x"; "#pre#x" = _lcry_"#x)
	33	# define LCRYPTO_ALIAS(x) LCRYPTO_ALIAS1(,x); LCRYPTO_ALIAS1(_libre_,x);
	34	#else
	35	# define LCRYPTO_USED(x) typeof(x) x asm("_libre_"#x)
	36	#endif
	37	#else
	38	# define LCRYPTO_UNUSED(x)
	39	# define LCRYPTO_USED(x)
	40	# define LCRYPTO_ALIAS1(pre,x)
	41	# define LCRYPTO_ALIAS(x)
	42	#endif
	43
	44	#endif /* _LIBCRYPTO_CRYPTO_NAMESPACE_H_ */


diff --git a/src/lib/libcrypto/hidden/openssl/hmac.h b/src/lib/libcrypto/hidden/openssl/hmac.h new file mode 100644 index 0000000000..d8370945d0 --- /dev/null +++ b/src/lib/libcrypto/hidden/openssl/hmac.h
@@ -0,0 +1,36 @@
	1	/* $OpenBSD: hmac.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */
	2	/*
	3	* Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#ifndef _LIBCRYPTO_HMAC_H_
	19	#define _LIBCRYPTO_HMAC_H_
	20
	21	#include_next <openssl/hmac.h>
	22	#include "crypto_namespace.h"
	23
	24	LCRYPTO_USED(HMAC_CTX_new);
	25	LCRYPTO_USED(HMAC_CTX_free);
	26	LCRYPTO_UNUSED(HMAC_CTX_reset);
	27	LCRYPTO_UNUSED(HMAC_Init);
	28	LCRYPTO_USED(HMAC_Init_ex);
	29	LCRYPTO_USED(HMAC_Update);
	30	LCRYPTO_USED(HMAC_Final);
	31	LCRYPTO_USED(HMAC);
	32	LCRYPTO_USED(HMAC_CTX_copy);
	33	LCRYPTO_USED(HMAC_CTX_set_flags);
	34	LCRYPTO_USED(HMAC_CTX_get_md);
	35
	36	#endif /* _LIBCRYPTO_HMAC_H_ */