From 83e73dadd90af52585df1bcce4e5b84da25fe19e Mon Sep 17 00:00:00 2001 From: beck <> Date: Fri, 11 Nov 2022 11:25:18 +0000 Subject: Add support for symbol hiding disabled by default. Fully explained in libcrypto/README. TL;DR make sure libcrypto and libssl's function calls internally and to each other are via symbol names that won't get overridden by linking other libraries. Mostly work by guenther@, which will currently be gated behind a build setting NAMESPACE=yes. once we convert all the symbols to this method we will do a major bump and pick up the changes. ok tb@ jsing@ --- src/lib/libssl/Makefile | 7 ++++++- src/lib/libssl/bio_ssl.c | 5 ++++- src/lib/libssl/hidden/openssl/ssl.h | 31 +++++++++++++++++++++++++++++ src/lib/libssl/hidden/ssl_namespace.h | 37 +++++++++++++++++++++++++++++++++++ 4 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 src/lib/libssl/hidden/openssl/ssl.h create mode 100644 src/lib/libssl/hidden/ssl_namespace.h (limited to 'src/lib/libssl') diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 1788cd75a3..a6ee26a667 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.77 2022/08/17 07:39:19 jsing Exp $ +# $OpenBSD: Makefile,v 1.78 2022/11/11 11:25:18 beck Exp $ .include .ifndef NOMAN @@ -16,6 +16,9 @@ CFLAGS+= -Wall -Wundef CFLAGS+= -Werror .endif CFLAGS+= -DLIBRESSL_INTERNAL +.ifdef NAMESPACE +CFLAGS+= -DLIBRESSL_NAMESPACE +.endif .ifdef TLS1_3 CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER @@ -24,7 +27,9 @@ CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER CFLAGS+= -DTLS13_DEBUG .endif CFLAGS+= -I${.CURDIR} +CFLAGS+= -I${.CURDIR}/../libcrypto/hidden CFLAGS+= -I${.CURDIR}/../libcrypto/bio +CFLAGS+= -I${.CURDIR}/hidden LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c index 04dd22f16d..d6974cdb24 100644 --- a/src/lib/libssl/bio_ssl.c +++ b/src/lib/libssl/bio_ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_ssl.c,v 1.35 2022/10/05 21:16:14 tb Exp $ */ +/* $OpenBSD: bio_ssl.c,v 1.36 2022/11/11 11:25:18 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -103,6 +103,7 @@ BIO_f_ssl(void) { return (&methods_sslp); } +LSSL_ALIAS(BIO_f_ssl) static int ssl_new(BIO *bi) @@ -532,6 +533,7 @@ BIO_new_ssl_connect(SSL_CTX *ctx) BIO_free(ssl); return (NULL); } +LSSL_ALIAS(BIO_new_ssl_connect) BIO * BIO_new_ssl(SSL_CTX *ctx, int client) @@ -556,6 +558,7 @@ BIO_new_ssl(SSL_CTX *ctx, int client) BIO_free(ret); return (NULL); } +LSSL_ALIAS(BIO_new_ssl) int BIO_ssl_copy_session_id(BIO *t, BIO *f) diff --git a/src/lib/libssl/hidden/openssl/ssl.h b/src/lib/libssl/hidden/openssl/ssl.h new file mode 100644 index 0000000000..540c6e7652 --- /dev/null +++ b/src/lib/libssl/hidden/openssl/ssl.h @@ -0,0 +1,31 @@ +/* $OpenBSD: ssl.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */ +/* + * Copyright (c) 2022 Philip Guenther + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _LIBSSL_SSL_H_ +#define _LIBSSL_SSL_H_ + +#include_next +#include "ssl_namespace.h" + +LSSL_USED(BIO_f_ssl); +LSSL_USED(BIO_new_ssl); +LSSL_USED(BIO_new_ssl_connect); +LSSL_UNUSED(BIO_new_buffer_ssl_connect); +LSSL_UNUSED(BIO_ssl_copy_session_id); +LSSL_UNUSED(BIO_ssl_shutdown); + +#endif /* _LIBSSL_SSL_H_ */ diff --git a/src/lib/libssl/hidden/ssl_namespace.h b/src/lib/libssl/hidden/ssl_namespace.h new file mode 100644 index 0000000000..803f3e66be --- /dev/null +++ b/src/lib/libssl/hidden/ssl_namespace.h @@ -0,0 +1,37 @@ +/* $OpenBSD: ssl_namespace.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */ +/* + * Copyright (c) 2016 Philip Guenther + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _LIBSSL_SSL_NAMESPACE_H_ +#define _LIBSSL_SSL_NAMESPACE_H_ + +/* + * If marked as 'used', then internal calls use the name with prefix "_lssl_" + * and we alias that to the normal name. + */ + +#ifdef LIBRESSL_NAMESPACE +#define LSSL_UNUSED(x) typeof(x) x __attribute__((deprecated)) +#define LSSL_USED(x) __attribute__((visibility("hidden"))) \ + typeof(x) x asm("_lssl_"#x) +#define LSSL_ALIAS(x) asm(".global "#x"; "#x" = _lssl_"#x); +#else +#define LSSL_UNUSED(x) +#define LSSL_USED(x) +#define LSSL_ALIAS(x) +#endif + +#endif /* _LIBSSL_SSL_NAMESPACE_H_ */ -- cgit v1.2.3-55-g6feb