rpms / gnutls

Clone
Source Code
GIT

Blame SOURCES/gnutls-3.7.6-gmp-static.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   e79d4ba7ff6b4d7c5ac04ac2de68cef0ba709c4a
  2.   SOURCES
  3.   gnutls-3.7.6-gmp-static.patch
Blob History Raw
e79d4b 
From 88808f0b8906bdc32579c144a2c44401ee97798a Mon Sep 17 00:00:00 2001
e79d4b 
From: Daiki Ueno <ueno@gnu.org>
e79d4b 
Date: Fri, 19 Aug 2022 12:32:27 +0900
e79d4b 
Subject: [PATCH] build: allow GMP to be statically linked
e79d4b
e79d4b 
Even though we set the custom allocator[1] to zeroize sensitive data,
e79d4b 
it can be easily invalidated if the application sets its own custom
e79d4b 
allocator.  An approach to prevent that is to link against a static
e79d4b 
library of GMP, so the use of GMP is privatized and the custom
e79d4b 
allocator configuration is not shared with other applications.
e79d4b
e79d4b 
This patch allows libgnutls to be linked with the static library of
e79d4b 
GMP.  Note that, to this work libgmp.a needs to be compiled with -fPIC
e79d4b 
and libhogweed in Nettle is also linked to the static library of GMP.
e79d4b
e79d4b 
1. https://gitlab.com/gnutls/gnutls/-/merge_requests/1554
e79d4b
e79d4b 
Signed-off-by: Daiki Ueno <ueno@gnu.org>
e79d4b 
---
e79d4b 
 configure.ac   | 14 +++++++++++++-
e79d4b 
 lib/fips.c     | 10 ++++++++++
e79d4b 
 lib/fipshmac.c |  5 ++++-
e79d4b 
 lib/global.c   |  2 ++
e79d4b 
 4 files changed, 29 insertions(+), 2 deletions(-)
e79d4b
e79d4b 
diff --git a/configure.ac b/configure.ac
e79d4b 
index 96894b0be3..e4cf5eab81 100644
e79d4b 
--- a/configure.ac
e79d4b 
+++ b/configure.ac
e79d4b 
@@ -742,6 +742,8 @@ AC_CHECK_FUNCS(nettle_cmac_kuznyechik_update)
e79d4b 
 LIBS=$save_LIBS
e79d4b
e79d4b 
 # Check sonames of the linked libraries needed for FIPS selftests.
e79d4b 
+save_CFLAGS=$CFLAGS
e79d4b 
+CFLAGS="$CFLAGS $GMP_CFLAGS"
e79d4b 
 save_LIBS=$LIBS
e79d4b 
 LIBS="$LIBS $GMP_LIBS"
e79d4b 
 AC_MSG_CHECKING([gmp soname])
e79d4b 
@@ -755,9 +757,14 @@ if test -z "$gmp_so"; then
e79d4b 
 	gmp_so=none
e79d4b 
 fi
e79d4b 
 AC_MSG_RESULT($gmp_so)
e79d4b 
-AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library])
e79d4b 
+if test "$gmp_so" != none; then
e79d4b 
+	AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library])
e79d4b 
+fi
e79d4b 
 LIBS=$save_LIBS
e79d4b 
+CFLAGS=$save_CFLAGS
e79d4b
e79d4b 
+save_CFLAGS=$CFLAGS
e79d4b 
+CFLAGS="$CFLAGS $NETTLE_CFLAGS"
e79d4b 
 save_LIBS=$LIBS
e79d4b 
 LIBS="$LIBS $NETTLE_LIBS"
e79d4b 
 AC_MSG_CHECKING([nettle soname])
e79d4b 
@@ -773,7 +780,11 @@ fi
e79d4b 
 AC_MSG_RESULT($nettle_so)
e79d4b 
 AC_DEFINE_UNQUOTED([NETTLE_LIBRARY_SONAME], ["$nettle_so"], [The soname of nettle library])
e79d4b 
 LIBS=$save_LIBS
e79d4b 
+CFLAGS=$save_CFLAGS
e79d4b
e79d4b 
+save_CFLAGS=$CFLAGS
e79d4b 
+# <nettle/bignum.h> includes <gmp.h>
e79d4b 
+CFLAGS="$CFLAGS $HOGWEED_CFLAGS $GMP_CFLAGS"
e79d4b 
 save_LIBS=$LIBS
e79d4b 
 LIBS="$LIBS $HOGWEED_LIBS"
e79d4b 
 AC_MSG_CHECKING([hogweed soname])
e79d4b 
@@ -789,6 +800,7 @@ fi
e79d4b 
 AC_MSG_RESULT($hogweed_so)
e79d4b 
 AC_DEFINE_UNQUOTED([HOGWEED_LIBRARY_SONAME], ["$hogweed_so"], [The soname of hogweed library])
e79d4b 
 LIBS=$save_LIBS
e79d4b 
+CFLAGS=$save_CFLAGS
e79d4b
e79d4b 
 gnutls_so=libgnutls.so.`expr "$LT_CURRENT" - "$LT_AGE"`
e79d4b 
 AC_DEFINE_UNQUOTED([GNUTLS_LIBRARY_SONAME], ["$gnutls_so"], [The soname of gnutls library])
e79d4b 
diff --git a/lib/fips.c b/lib/fips.c
e79d4b 
index 54eb4a37d4..42124ecf4e 100644
e79d4b 
--- a/lib/fips.c
e79d4b 
+++ b/lib/fips.c
e79d4b 
@@ -149,7 +149,11 @@ void _gnutls_fips_mode_reset_zombie(void)
e79d4b 
 #define GNUTLS_LIBRARY_NAME GNUTLS_LIBRARY_SONAME
e79d4b 
 #define NETTLE_LIBRARY_NAME NETTLE_LIBRARY_SONAME
e79d4b 
 #define HOGWEED_LIBRARY_NAME HOGWEED_LIBRARY_SONAME
e79d4b 
+
e79d4b 
+/* GMP can be statically linked. */
e79d4b 
+#ifdef GMP_LIBRARY_SONAME
e79d4b 
 #define GMP_LIBRARY_NAME GMP_LIBRARY_SONAME
e79d4b 
+#endif
e79d4b
e79d4b 
 #define HMAC_SIZE 32
e79d4b 
 #define HMAC_ALGO GNUTLS_MAC_SHA256
e79d4b 
@@ -168,7 +172,9 @@ typedef struct
e79d4b 
 	struct hmac_entry gnutls;
e79d4b 
 	struct hmac_entry nettle;
e79d4b 
 	struct hmac_entry hogweed;
e79d4b 
+#ifdef GMP_LIBRARY_SONAME
e79d4b 
 	struct hmac_entry gmp;
e79d4b 
+#endif
e79d4b 
 } hmac_file;
e79d4b
e79d4b 
 static int get_library_path(const char* lib, const char* symbol, char* path, size_t path_size)
e79d4b 
@@ -259,8 +265,10 @@ static int handler(void *user, const char *section, const char *name, const char
e79d4b 
 		return lib_handler(&p->nettle, section, name, value);
e79d4b 
 	} else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
e79d4b 
 		return lib_handler(&p->hogweed, section, name, value);
e79d4b 
+#ifdef GMP_LIBRARY_SONAME
e79d4b 
 	} else if (!strcmp(section, GMP_LIBRARY_NAME)) {
e79d4b 
 		return lib_handler(&p->gmp, section, name, value);
e79d4b 
+#endif
e79d4b 
 	} else {
e79d4b 
 		return 0;
e79d4b 
 	}
e79d4b 
@@ -408,9 +416,11 @@ static int check_binary_integrity(void)
e79d4b 
 	ret = check_lib_hmac(&file.hogweed, HOGWEED_LIBRARY_NAME, "nettle_mpz_sizeinbase_256_u");
e79d4b 
 	if (ret < 0)
e79d4b 
 		return ret;
e79d4b 
+#ifdef GMP_LIBRARY_SONAME
e79d4b 
 	ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init");
e79d4b 
 	if (ret < 0)
e79d4b 
 		return ret;
e79d4b 
+#endif
e79d4b
e79d4b 
 	return 0;
e79d4b 
 }
e79d4b 
diff --git a/lib/fipshmac.c b/lib/fipshmac.c
e79d4b 
index b091572bdf..363077f3e2 100644
e79d4b 
--- a/lib/fipshmac.c
e79d4b 
+++ b/lib/fipshmac.c
e79d4b 
@@ -159,10 +159,13 @@ int main(int argc, char **argv)
e79d4b 
 	ret = print_lib_dl(HOGWEED_LIBRARY_SONAME, "nettle_mpz_sizeinbase_256_u");
e79d4b 
 	if (ret < 0)
e79d4b 
 		return EXIT_FAILURE;
e79d4b 
-
e79d4b 
+
e79d4b 
+	/* GMP can be statically linked. */
e79d4b 
+#ifdef GMP_LIBRARY_SONAME
e79d4b 
 	ret = print_lib_dl(GMP_LIBRARY_SONAME, "__gmpz_init");
e79d4b 
 	if (ret < 0)
e79d4b 
 		return EXIT_FAILURE;
e79d4b 
+#endif
e79d4b
e79d4b 
 	return EXIT_SUCCESS;
e79d4b 
 }
e79d4b 
diff --git a/lib/global.c b/lib/global.c
e79d4b 
index 1b372c15bd..9f3c7b22bd 100644
e79d4b 
--- a/lib/global.c
e79d4b 
+++ b/lib/global.c
e79d4b 
@@ -548,7 +548,9 @@ static const struct gnutls_library_config_st _gnutls_library_config[] = {
e79d4b 
 	{ "libgnutls-soname", GNUTLS_LIBRARY_SONAME },
e79d4b 
 	{ "libnettle-soname", NETTLE_LIBRARY_SONAME },
e79d4b 
 	{ "libhogweed-soname", HOGWEED_LIBRARY_SONAME },
e79d4b 
+#ifdef GMP_LIBRARY_SONAME
e79d4b 
 	{ "libgmp-soname", GMP_LIBRARY_SONAME },
e79d4b 
+#endif
e79d4b 
 	{ "hardware-features", HW_FEATURES },
e79d4b 
 	{ "tls-features", TLS_FEATURES },
e79d4b 
 	{ NULL, NULL }
e79d4b 
--
e79d4b 
2.37.1
e79d4b

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation