gnutls/SOURCES/gnutls-3.7.6-gmp-static.patch

176 lines
5.7 KiB
Diff
Raw Normal View History

2022-10-11 07:13:05 +00:00
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 19 Aug 2022 12:32:27 +0900
Subject: [PATCH] build: allow GMP to be statically linked
Even though we set the custom allocator[1] to zeroize sensitive data,
it can be easily invalidated if the application sets its own custom
allocator. An approach to prevent that is to link against a static
library of GMP, so the use of GMP is privatized and the custom
allocator configuration is not shared with other applications.
This patch allows libgnutls to be linked with the static library of
GMP. Note that, to this work libgmp.a needs to be compiled with -fPIC
and libhogweed in Nettle is also linked to the static library of GMP.
1. https://gitlab.com/gnutls/gnutls/-/merge_requests/1554
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
2023-03-07 13:29:25 +00:00
diff --color -ruNp a/configure.ac b/configure.ac
--- a/configure.ac 2022-12-15 11:06:16.782726043 +0100
+++ b/configure.ac 2022-12-15 11:08:35.603451427 +0100
@@ -744,6 +744,8 @@ AC_CHECK_FUNCS(nettle_cmac_kuznyechik_up
2022-10-11 07:13:05 +00:00
LIBS=$save_LIBS
# Check sonames of the linked libraries needed for FIPS selftests.
+save_CFLAGS=$CFLAGS
+CFLAGS="$CFLAGS $GMP_CFLAGS"
save_LIBS=$LIBS
LIBS="$LIBS $GMP_LIBS"
AC_MSG_CHECKING([gmp soname])
2023-03-07 13:29:25 +00:00
@@ -757,9 +759,14 @@ if test -z "$gmp_so"; then
2022-10-11 07:13:05 +00:00
gmp_so=none
fi
AC_MSG_RESULT($gmp_so)
-AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library])
+if test "$gmp_so" != none; then
+ AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library])
+fi
LIBS=$save_LIBS
+CFLAGS=$save_CFLAGS
+save_CFLAGS=$CFLAGS
+CFLAGS="$CFLAGS $NETTLE_CFLAGS"
save_LIBS=$LIBS
LIBS="$LIBS $NETTLE_LIBS"
AC_MSG_CHECKING([nettle soname])
2023-03-07 13:29:25 +00:00
@@ -775,7 +782,11 @@ fi
2022-10-11 07:13:05 +00:00
AC_MSG_RESULT($nettle_so)
AC_DEFINE_UNQUOTED([NETTLE_LIBRARY_SONAME], ["$nettle_so"], [The soname of nettle library])
LIBS=$save_LIBS
+CFLAGS=$save_CFLAGS
+save_CFLAGS=$CFLAGS
+# <nettle/bignum.h> includes <gmp.h>
+CFLAGS="$CFLAGS $HOGWEED_CFLAGS $GMP_CFLAGS"
save_LIBS=$LIBS
LIBS="$LIBS $HOGWEED_LIBS"
AC_MSG_CHECKING([hogweed soname])
2023-03-07 13:29:25 +00:00
@@ -791,6 +802,7 @@ fi
2022-10-11 07:13:05 +00:00
AC_MSG_RESULT($hogweed_so)
AC_DEFINE_UNQUOTED([HOGWEED_LIBRARY_SONAME], ["$hogweed_so"], [The soname of hogweed library])
LIBS=$save_LIBS
+CFLAGS=$save_CFLAGS
gnutls_so=libgnutls.so.`expr "$LT_CURRENT" - "$LT_AGE"`
AC_DEFINE_UNQUOTED([GNUTLS_LIBRARY_SONAME], ["$gnutls_so"], [The soname of gnutls library])
2023-03-07 13:29:25 +00:00
diff --color -ruNp a/lib/fips.c b/lib/fips.c
--- a/lib/fips.c 2022-12-15 11:06:16.868727731 +0100
+++ b/lib/fips.c 2022-12-15 11:12:42.744303409 +0100
@@ -155,7 +155,11 @@ void _gnutls_fips_mode_reset_zombie(void
2022-10-11 07:13:05 +00:00
#define GNUTLS_LIBRARY_NAME GNUTLS_LIBRARY_SONAME
#define NETTLE_LIBRARY_NAME NETTLE_LIBRARY_SONAME
#define HOGWEED_LIBRARY_NAME HOGWEED_LIBRARY_SONAME
+
2023-03-07 13:29:25 +00:00
+/* GMP can be statically linked */
2022-10-11 07:13:05 +00:00
+#ifdef GMP_LIBRARY_SONAME
#define GMP_LIBRARY_NAME GMP_LIBRARY_SONAME
+#endif
#define HMAC_SIZE 32
#define HMAC_ALGO GNUTLS_MAC_SHA256
2023-03-07 13:29:25 +00:00
@@ -173,7 +177,9 @@ struct hmac_file
2022-10-11 07:13:05 +00:00
struct hmac_entry gnutls;
struct hmac_entry nettle;
struct hmac_entry hogweed;
+#ifdef GMP_LIBRARY_SONAME
struct hmac_entry gmp;
+#endif
2023-03-07 13:29:25 +00:00
};
struct lib_paths
@@ -181,7 +187,9 @@ struct lib_paths
char gnutls[GNUTLS_PATH_MAX];
char nettle[GNUTLS_PATH_MAX];
char hogweed[GNUTLS_PATH_MAX];
+#ifdef GMP_LIBRARY_SONAME
char gmp[GNUTLS_PATH_MAX];
+#endif
};
2022-10-11 07:13:05 +00:00
2023-03-07 13:29:25 +00:00
/*
@@ -245,8 +253,10 @@ static int handler(void *user, const cha
2022-10-11 07:13:05 +00:00
return lib_handler(&p->nettle, section, name, value);
} else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
return lib_handler(&p->hogweed, section, name, value);
+#ifdef GMP_LIBRARY_SONAME
} else if (!strcmp(section, GMP_LIBRARY_NAME)) {
return lib_handler(&p->gmp, section, name, value);
+#endif
} else {
return 0;
}
2023-03-07 13:29:25 +00:00
@@ -389,8 +399,10 @@ static int callback(struct dl_phdr_info
_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
_gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
+#ifdef GMP_LIBRARY_SONAME
else if (!strcmp(soname, GMP_LIBRARY_SONAME))
_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
+#endif
return 0;
}
@@ -411,10 +423,12 @@ static int load_lib_paths(struct lib_pat
_gnutls_debug_log("Hogweed library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
+#ifdef GMP_LIBRARY_SONAME
if (paths->gmp[0] == '\0') {
_gnutls_debug_log("Gmp library path was not found\n");
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
}
+#endif
return GNUTLS_E_SUCCESS;
}
@@ -467,9 +481,11 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&hmac.hogweed, paths.hogweed);
2022-10-11 07:13:05 +00:00
if (ret < 0)
return ret;
+#ifdef GMP_LIBRARY_SONAME
2023-03-07 13:29:25 +00:00
ret = check_lib_hmac(&hmac.gmp, paths.gmp);
2022-10-11 07:13:05 +00:00
if (ret < 0)
return ret;
+#endif
return 0;
}
2023-03-07 13:29:25 +00:00
diff --color -ruNp a/lib/fipshmac.c b/lib/fipshmac.c
--- a/lib/fipshmac.c 2022-12-15 11:06:16.785726102 +0100
+++ b/lib/fipshmac.c 2022-12-15 11:13:34.533320156 +0100
@@ -107,8 +107,10 @@ static int callback(struct dl_phdr_info
return print_lib(path, soname);
if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
return print_lib(path, soname);
2022-10-11 07:13:05 +00:00
+#ifdef GMP_LIBRARY_SONAME
2023-03-07 13:29:25 +00:00
if (!strcmp(soname, GMP_LIBRARY_SONAME))
return print_lib(path, soname);
2022-10-11 07:13:05 +00:00
+#endif
2023-03-07 13:29:25 +00:00
return 0;
2022-10-11 07:13:05 +00:00
}
2023-03-07 13:29:25 +00:00
diff --color -ruNp a/lib/global.c b/lib/global.c
--- a/lib/global.c 2022-12-15 11:06:16.061711888 +0100
+++ b/lib/global.c 2022-12-15 11:08:35.604451446 +0100
@@ -540,7 +540,9 @@ static const struct gnutls_library_confi
2022-10-11 07:13:05 +00:00
{ "libgnutls-soname", GNUTLS_LIBRARY_SONAME },
{ "libnettle-soname", NETTLE_LIBRARY_SONAME },
{ "libhogweed-soname", HOGWEED_LIBRARY_SONAME },
+#ifdef GMP_LIBRARY_SONAME
{ "libgmp-soname", GMP_LIBRARY_SONAME },
+#endif
{ "hardware-features", HW_FEATURES },
{ "tls-features", TLS_FEATURES },
{ NULL, NULL }