From 83e73dadd90af52585df1bcce4e5b84da25fe19e Mon Sep 17 00:00:00 2001
From: beck <>
Date: Fri, 11 Nov 2022 11:25:18 +0000
Subject: Add support for symbol hiding disabled by default.

Fully explained in libcrypto/README. TL;DR make sure libcrypto
and libssl's function calls internally and to each other are via
symbol names that won't get overridden by linking other libraries.

Mostly work by guenther@, which will currently be gated behind a
build setting NAMESPACE=yes. once we convert all the symbols to
this method we will do a major bump and pick up the changes.

ok tb@ jsing@
---
 src/lib/libcrypto/hidden/README             | 40 ++++++++++++++++++++++++++
 src/lib/libcrypto/hidden/crypto_namespace.h | 44 +++++++++++++++++++++++++++++
 src/lib/libcrypto/hidden/openssl/hmac.h     | 36 +++++++++++++++++++++++
 3 files changed, 120 insertions(+)
 create mode 100644 src/lib/libcrypto/hidden/README
 create mode 100644 src/lib/libcrypto/hidden/crypto_namespace.h
 create mode 100644 src/lib/libcrypto/hidden/openssl/hmac.h

(limited to 'src/lib/libcrypto/hidden')

diff --git a/src/lib/libcrypto/hidden/README b/src/lib/libcrypto/hidden/README
new file mode 100644
index 0000000000..c41830cf55
--- /dev/null
+++ b/src/lib/libcrypto/hidden/README
@@ -0,0 +1,40 @@
+The goals:
+1) calls from inside libcrypto to other libcrypto functions should
+   be via identifiers that are of hidden visibility and -- to avoid
+   confusion or conflicts -- are in the reserved namespace.  By
+   doing this these calls are protected from being overridden by
+   applications and on many platforms can avoid creation or use of
+   GOT or PLT  entries.  I've chosen a prefix of "_lcry_" for this.
+   Note that these symbols aren't in the dynamic symbol table of the
+   libcrypto.so shared library...but they are visible in the static
+   library.
+
+2) calls from libssl to symbols in libcrypto should be via identifiers
+   which won't be accidentally overridden by the application, libc,
+   other random crypto libraries that are pulled in, etc.  I've
+   chosen a prefix of "_libre_" for this.
+
+These will not be declared directly; instead, the gcc "asm labels"
+extension will be used rename the function.  In order to actually
+set up the desired asm labels, we use these in the internal .h
+files:
+
+   LCRYPTO_USED(x)	Symbols used both internally and externally
+	In builds of libcrypto, this makes gcc convert use of x to
+	use _libre_x instead.  In other builds that use these headers,
+	it makes gcc convert use of x to use _libre_x instead.  Use
+	LCRYPTO_ALIAS(x) to create the external aliases.
+	ex: LCRYPTO_USED(SSL_get_verify_mode)
+
+   LCRYPTO_UNUSED(x)	Symbols that are not used internally or by libssl
+	No renaming is done.  In builds of libcrypto, the symbol
+	is marked as deprecated to detect unintentional use of such
+	a synbol, so that it can be marked as used going forward.
+	ex: LCRYPTO_UNUSED(SSL_CIPHER_get_name)
+
+Finally, to create the expected aliases, we use these in the .c files
+where the definitions are:
+   LCRYPTO_ALIAS(x)
+	This defines both x and _libre_x as strong aliases for _lcry_x.
+	Match uses of this with uses of LCRYPTO_USED()
+	ex: LCRYPTO_ALIAS(SSL_get_verify_mode)
diff --git a/src/lib/libcrypto/hidden/crypto_namespace.h b/src/lib/libcrypto/hidden/crypto_namespace.h
new file mode 100644
index 0000000000..6ceef26e2d
--- /dev/null
+++ b/src/lib/libcrypto/hidden/crypto_namespace.h
@@ -0,0 +1,44 @@
+/*	$OpenBSD: crypto_namespace.h,v 1.1 2022/11/11 11:25:18 beck Exp $	*/
+/*
+ * Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _LIBCRYPTO_CRYPTO_NAMESPACE_H_
+#define _LIBCRYPTO_CRYPTO_NAMESPACE_H_
+
+/*
+ * If marked as 'used', then internal calls use the name with prefix "_lcry_"
+ * and we alias that to the normal name *and* the name with prefix "_libre_";
+ * external calls use the latter name.
+ */
+
+#ifdef LIBRESSL_NAMESPACE
+# define LCRYPTO_UNUSED(x)		typeof(x) x __attribute__((deprecated))
+#ifdef LIBRESSL_CRYPTO_NAMESPACE
+#  define LCRYPTO_USED(x)		__attribute__((visibility("hidden")))	\
+				typeof(x) x asm("_lcry_"#x)
+#  define LCRYPTO_ALIAS1(pre,x)	asm(".global "#pre#x"; "#pre#x" = _lcry_"#x)
+#  define LCRYPTO_ALIAS(x)	LCRYPTO_ALIAS1(,x); LCRYPTO_ALIAS1(_libre_,x);
+#else
+#  define LCRYPTO_USED(x)          typeof(x) x asm("_libre_"#x)
+#endif
+#else
+# define LCRYPTO_UNUSED(x)
+# define LCRYPTO_USED(x)
+# define LCRYPTO_ALIAS1(pre,x)
+# define LCRYPTO_ALIAS(x)
+#endif
+
+#endif	/* _LIBCRYPTO_CRYPTO_NAMESPACE_H_ */
diff --git a/src/lib/libcrypto/hidden/openssl/hmac.h b/src/lib/libcrypto/hidden/openssl/hmac.h
new file mode 100644
index 0000000000..d8370945d0
--- /dev/null
+++ b/src/lib/libcrypto/hidden/openssl/hmac.h
@@ -0,0 +1,36 @@
+/*	$OpenBSD: hmac.h,v 1.1 2022/11/11 11:25:18 beck Exp $	*/
+/*
+ * Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _LIBCRYPTO_HMAC_H_
+#define _LIBCRYPTO_HMAC_H_
+
+#include_next <openssl/hmac.h>
+#include "crypto_namespace.h"
+
+LCRYPTO_USED(HMAC_CTX_new);
+LCRYPTO_USED(HMAC_CTX_free);
+LCRYPTO_UNUSED(HMAC_CTX_reset);
+LCRYPTO_UNUSED(HMAC_Init);
+LCRYPTO_USED(HMAC_Init_ex);
+LCRYPTO_USED(HMAC_Update);
+LCRYPTO_USED(HMAC_Final);
+LCRYPTO_USED(HMAC);
+LCRYPTO_USED(HMAC_CTX_copy);
+LCRYPTO_USED(HMAC_CTX_set_flags);
+LCRYPTO_USED(HMAC_CTX_get_md);
+
+#endif /* _LIBCRYPTO_HMAC_H_ */
-- 
cgit v1.2.3-55-g6feb