Check-in [02f5cea2da]
Overview
Comment:CACKey 0.6.2

Updated to include sha1.c, md5.c, and asn1-x509.c in the cackey.c translation unit so that these symbols never get exported and conflict with existing programs

Updated to try harder to remove and weaken symbols from shared object

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk | 0.6.2
Files: files | file ages | folders
SHA1:02f5cea2da645381b445c17206ed8da6a853e594
User & Date: rkeene on 2011-09-08 01:47:17
Other Links: manifest | tags
Context
2011-09-08
01:51
CACKey 0.6.3

Fixed typo in last commit check-in: 9d554f2765 user: rkeene tags: trunk, 0.6.3

01:47
CACKey 0.6.2

Updated to include sha1.c, md5.c, and asn1-x509.c in the cackey.c translation unit so that these symbols never get exported and conflict with existing programs

Updated to try harder to remove and weaken symbols from shared object check-in: 02f5cea2da user: rkeene tags: trunk, 0.6.2

2011-08-26
20:37
Removed External CA and retired CAs check-in: ed2ca0f170 user: rkeene tags: trunk
Changes

Modified Makefile.in from [97d5ce9303] to [5df2f0ed55].

     6      6   LDFLAGS = @LDFLAGS@
     7      7   LIBS = @LIBS@ @PTHREAD_LIBS@
     8      8   SHOBJFLAGS = @SHOBJFLAGS@
     9      9   SHOBJLDFLAGS = @SHOBJLDFLAGS@
    10     10   AR = @AR@
    11     11   RANLIB = @RANLIB@
    12     12   STRIP = @STRIP@
           13  +OBJCOPY = @OBJCOPY@
    13     14   prefix = @prefix@
    14     15   exec_prefix = @exec_prefix@
    15     16   libdir = @libdir@
    16     17   @SET_MAKE@
    17     18   
    18     19   all:
    19     20   	$(MAKE) libcackey.@SHOBJEXT@
    20     21   	-$(MAKE) libcackey_g.@SHOBJEXT@
    21     22   
    22         -cackey.o: cackey.c cackey_builtin_certs.h sha1.h md5.h asn1-x509.h config.h
           23  +cackey.o: cackey.c cackey_builtin_certs.h sha1.c sha1.h md5.c md5.h asn1-x509.c asn1-x509.h config.h
    23     24   	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) -o cackey.o -c cackey.c
    24     25   
    25         -cackey_g.o: cackey.c cackey_builtin_certs.h sha1.h md5.h asn1-x509.h config.h
           26  +cackey_g.o: cackey.c cackey_builtin_certs.h sha1.c sha1.h md5.c md5.h asn1-x509.c asn1-x509.h config.h
    26     27   	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) -o cackey_g.o -c cackey.c
    27     28   
    28         -asn1-x509.o: asn1-x509.c asn1-x509.h config.h
    29         -	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) -o asn1-x509.o -c asn1-x509.c
    30         -
    31         -asn1-x509_g.o: asn1-x509.c asn1-x509.h config.h
    32         -	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) -o asn1-x509_g.o -c asn1-x509.c
    33         -
    34         -sha1.o: sha1.c sha1.h config.h
    35         -	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) -o sha1.o -c sha1.c
    36         -
    37         -sha1_g.o: sha1.c sha1.h config.h
    38         -	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) -o sha1_g.o -c sha1.c
    39         -
    40         -md5.o: md5.c md5.h config.h
    41         -	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) -o md5.o -c md5.c
    42         -
    43         -md5_g.o: md5.c md5.h config.h
    44         -	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) -o md5_g.o -c md5.c
    45         -
    46         -libcackey.@SHOBJEXT@: cackey.o asn1-x509.o sha1.o md5.o
    47         -	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey.@SHOBJEXT@ cackey.o asn1-x509.o sha1.o md5.o $(LIBS)
           29  +libcackey.@SHOBJEXT@: cackey.o
           30  +	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey.@SHOBJEXT@ cackey.o $(LIBS)
           31  +	-$(OBJCOPY) --wildcard --keep-global-symbol 'C_*' libcackey.@SHOBJEXT@
    48     32   	-$(STRIP) -x "libcackey.@SHOBJEXT@"
    49     33   
    50         -libcackey_g.@SHOBJEXT@: cackey_g.o asn1-x509_g.o sha1_g.o md5_g.o
    51         -	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey_g.@SHOBJEXT@ cackey_g.o asn1-x509_g.o sha1.o md5_g.o $(LIBS)
           34  +libcackey_g.@SHOBJEXT@: cackey_g.o
           35  +	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey_g.@SHOBJEXT@ cackey_g.o $(LIBS)
           36  +	-$(OBJCOPY) --wildcard --keep-global-symbol 'C_*' libcackey.@SHOBJEXT@
    52     37   
    53     38   test: test.c libcackey_g.@SHOBJEXT@
    54     39   	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o test test.c -Wl,-R,. libcackey_g.@SHOBJEXT@
    55     40   
    56     41   splint-cackey.txt: cackey.c cackey_builtin_certs.h asn1-x509.c asn1-x509.h config.h
    57     42   	splint $(DEBUGCPPFLAGS) -DCACKEY_PARANOID=1 -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt
    58     43   
................................................................................
    63     48   	cp "libcackey.@SHOBJEXT@" "$(DESTDIR)$(libdir)/"
    64     49   	-cp "libcackey_g.@SHOBJEXT@" "$(DESTDIR)$(libdir)/"
    65     50   
    66     51   clean:
    67     52   	rm -f libcackey.@SHOBJEXT@ libcackey_g.@SHOBJEXT@
    68     53   	rm -f libcackey.@SHOBJEXT@.def libcackey_g.@SHOBJEXT@.def
    69     54   	rm -f libcackey.@SHOBJEXT@.a libcackey_g.@SHOBJEXT@.a
    70         -	rm -f cackey.o asn1-x509.o cackey_g.o asn1-x509_g.o sha1.o sha1_g.o md5.o md5_g.o
           55  +	rm -f cackey.o cackey_g.o
    71     56   	rm -f test
    72     57   	rm -f splint-cackey.txt
    73     58   
    74     59   distclean: clean
    75     60   	rm -f config.log config.status config.h Makefile
    76     61   
    77     62   mrproper: distclean
    78     63   	rm -f configure config.h.in aclocal.m4 *~
    79     64   
    80     65   .PHONY: all clean distclean mrproper install

Modified asn1-x509.c from [b4f2f9070a] to [d088e178d2].

   184    184   	if (outbuf) {
   185    185   		*outbuf = x509.subject.asn1rep;
   186    186   	}
   187    187   
   188    188   	return(x509.subject.asn1rep_len);
   189    189   }
   190    190   
   191         -ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
          191  +static ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
   192    192   	struct x509_object x509;
   193    193   	int read_ret;
   194    194   
   195    195   	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
   196    196   	if (read_ret != 0) {
   197    197   		return(-1);
   198    198   	}
................................................................................
   200    200   	if (outbuf) {
   201    201   		*outbuf = x509.serial_number.asn1rep;
   202    202   	}
   203    203   
   204    204   	return(x509.serial_number.asn1rep_len);
   205    205   }
   206    206   
   207         -ssize_t x509_to_modulus(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
          207  +static ssize_t x509_to_modulus(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
   208    208   	struct asn1_object null, pubkey, modulus, exponent;
   209    209   	struct x509_object x509;
   210    210   	int read_ret;
   211    211   
   212    212   	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
   213    213   	if (read_ret != 0) {
   214    214   		return(-1);
................................................................................
   228    228   	if (outbuf) {
   229    229   		*outbuf = modulus.contents;
   230    230   	}
   231    231   
   232    232   	return(modulus.size);
   233    233   }
   234    234   
   235         -ssize_t x509_to_exponent(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
          235  +static ssize_t x509_to_exponent(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
   236    236   	struct asn1_object null, pubkey, modulus, exponent;
   237    237   	struct x509_object x509;
   238    238   	int read_ret;
   239    239   
   240    240   	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
   241    241   	if (read_ret != 0) {
   242    242   		return(-1);
................................................................................
   256    256   	if (outbuf) {
   257    257   		*outbuf = exponent.contents;
   258    258   	}
   259    259   
   260    260   	return(exponent.size);
   261    261   }
   262    262   
   263         -ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len) {
          263  +static ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len) {
   264    264   	struct asn1_object null, pubkey, modulus, exponent;
   265    265   	struct x509_object x509;
   266    266   	int read_ret;
   267    267   
   268    268   	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
   269    269   	if (read_ret != 0) {
   270    270   		return(-1);
................................................................................
   321    321   			}
   322    322   			break;
   323    323   	}
   324    324   
   325    325   	return("???");
   326    326   }
   327    327   
   328         -ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel) {
          328  +static ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel) {
   329    329   	struct asn1_object whole_thing, current_set, current_seq;
   330    330   	struct asn1_object label, value;
   331    331   	const char *label_str;
   332    332   	ssize_t snprintf_ret, retval;
   333    333   	char *outbuf_s;
   334    334   	int read_ret;
   335    335   	int offset;

Modified asn1-x509.h from [f03e4c690c] to [69520a462e].

     6      6   #  ifdef HAVE_UNISTD_H
     7      7   #    include <unistd.h>
     8      8   #  endif
     9      9   #else
    10     10   #  include <unistd.h>
    11     11   #endif
    12     12   
    13         -ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
           13  +static ssize_t x509_to_subject(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
           14  +
           15  +static ssize_t x509_to_issuer(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
           16  +
           17  +static ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
           18  +
           19  +static ssize_t x509_to_modulus(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
    14     20   
    15         -ssize_t x509_to_issuer(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
           21  +static ssize_t x509_to_exponent(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
    16     22   
    17         -ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
    18         -
    19         -ssize_t x509_to_modulus(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
           23  +static ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len);
    20     24   
    21         -ssize_t x509_to_exponent(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf);
    22         -
    23         -ssize_t x509_to_keysize(void *x509_der_buf, size_t x509_der_buf_len);
    24         -
    25         -ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel);
           25  +static ssize_t x509_dn_to_string(void *asn1_der_buf, size_t asn1_der_buf_len, char *outbuf, size_t outbuf_len, char *matchlabel);
    26     26   
    27     27   #endif

Modified cackey.c from [e7404c7b1a] to [09dbb17ef5].

    56     56   
    57     57   #include "pkcs11.h"
    58     58   #include "pkcs11n.h"
    59     59   #include "asn1-x509.h"
    60     60   #include "sha1.h"
    61     61   #include "md5.h"
    62     62   
           63  +/*
           64  + * Include these source files in this translation unit so that we can bind to
           65  + * functions and not include any symbols in the output shared object.
           66  + */
           67  +#include "asn1-x509.c"
           68  +#include "sha1.c"
           69  +#include "md5.c"
           70  +
    63     71   #ifndef CACKEY_CRYPTOKI_VERSION_CODE
    64     72   #  define CACKEY_CRYPTOKI_VERSION_CODE 0x021e00
    65     73   #endif
    66     74   
    67     75   /* GSC-IS v2.1 Definitions */
    68     76   /** Classes **/
    69     77   #define GSCIS_CLASS_ISO7816           0x00

Modified configure.ac from [01379c117b] to [9e35aba144].

     1         -AC_INIT(cackey, 0.6.1) 
            1  +AC_INIT(cackey, 0.6.2) 
     2      2   AC_CONFIG_HEADERS(config.h)
     3      3   
     4      4   dnl Locate standard tools
     5      5   AC_PROG_CC
     6      6   AC_PROG_MAKE_SET
     7      7   AC_PROG_INSTALL
     8      8   AC_AIX
................................................................................
    19     19   ])
    20     20   
    21     21   dnl Determine how to create static archives on this platform
    22     22   AC_CHECK_TOOL(AR, ar)
    23     23   AC_CHECK_TOOL(RANLIB, ranlib)
    24     24   
    25     25   dnl Determine how to strip executables
    26         -AC_CHECK_TOOL(STRIP, strip)
           26  +AC_CHECK_TOOL(OBJCOPY, objcopy)
           27  +AC_CHECK_TOOL(STRIP, stripf, [$OBJCOPY])
    27     28   
    28     29   dnl Check for all required headers
    29     30   AC_CHECK_HEADERS(arpa/inet.h inttypes.h stdarg.h stdint.h stdio.h stdlib.h string.h sys/socket.h sys/types.h sys/un.h time.h unistd.h pthread.h zlib.h limits.h,,[
    30     31   	AC_WARN([Required header missing, compilation will likely fail.])
    31     32   ], [
    32     33   #ifdef HAVE_ARPA_INET_H
    33     34   #  include <arpa/inet.h>

Modified md5.c from [b5658591a9] to [d7e67f33c5].

    94     94    (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
    95     95    (a) = ROTATE_LEFT ((a), (s)); \
    96     96    (a) += (b); \
    97     97     }
    98     98   
    99     99   /* MD5 initialization. Begins an MD5 operation, writing a new context.
   100    100    */
   101         -void MD5Init (MD5_CTX *context) {
          101  +static void MD5Init (MD5_CTX *context) {
   102    102   	context->count[0] = context->count[1] = 0;
   103    103   
   104    104   	/* Load magic initialization constants. */
   105    105   	context->state[0] = 0x67452301;
   106    106   	context->state[1] = 0xefcdab89;
   107    107   	context->state[2] = 0x98badcfe;
   108    108   	context->state[3] = 0x10325476;
   109    109   }
   110    110   
   111    111   /* MD5 block update operation. Continues an MD5 message-digest
   112    112     operation, processing another message block, and updating the
   113    113     context.
   114    114    */
   115         -void MD5Update (MD5_CTX *context, unsigned char *input, unsigned int inputLen) {
          115  +static void MD5Update (MD5_CTX *context, unsigned char *input, unsigned int inputLen) {
   116    116   	unsigned int i, index, partLen;
   117    117   
   118    118   	/* Compute number of bytes mod 64 */
   119    119   	index = (unsigned int)((context->count[0] >> 3) & 0x3F);
   120    120   
   121    121   	/* Update number of bits */
   122    122   	if ((context->count[0] += ((uint32_t)inputLen << 3)) < ((uint32_t)inputLen << 3)) {
................................................................................
   147    147   
   148    148   	return;
   149    149   }
   150    150   
   151    151   /* MD5 finalization. Ends an MD5 message-digest operation, writing the
   152    152     the message digest and zeroizing the context.
   153    153    */
   154         -void MD5Final(unsigned char digest[16], MD5_CTX *context) {
          154  +static void MD5Final(unsigned char digest[16], MD5_CTX *context) {
   155    155   	unsigned char bits[8];
   156    156   	unsigned int index, padLen;
   157    157   
   158    158   	/* Save number of bits */
   159    159   	Encode(bits, context->count, 8);
   160    160   
   161    161   	/* Pad out to 56 mod 64. */

Modified md5.h from [b79bd59b09] to [0cd9bc1df4].

    40     40   /* MD5 context. */
    41     41   typedef struct {
    42     42   	uint32_t state[4];       /* state (ABCD) */
    43     43   	uint32_t count[2];       /* number of bits, modulo 2^64 (lsb first) */
    44     44   	uint8_t buffer[64];      /* input buffer */
    45     45   } MD5_CTX;
    46     46   
    47         -void MD5Init(MD5_CTX *);
    48         -void MD5Update(MD5_CTX *, unsigned char *, unsigned int);
    49         -void MD5Final(unsigned char [MD5HashSize], MD5_CTX *);
           47  +static void MD5Init(MD5_CTX *);
           48  +static void MD5Update(MD5_CTX *, unsigned char *, unsigned int);
           49  +static void MD5Final(unsigned char [MD5HashSize], MD5_CTX *);
    50     50   
    51     51   #endif

Modified sha1.c from [5f01203690] to [a03e9d2d38].

    34     34   /*
    35     35    *  Define the SHA1 circular left shift macro
    36     36    */
    37     37   #define SHA1CircularShift(bits,word) \
    38     38                   (((word) << (bits)) | ((word) >> (32-(bits))))
    39     39   
    40     40   /* Local Function Prototyptes */
    41         -void SHA1PadMessage(SHA1Context *);
    42         -void SHA1ProcessMessageBlock(SHA1Context *);
           41  +static void SHA1PadMessage(SHA1Context *);
           42  +static void SHA1ProcessMessageBlock(SHA1Context *);
    43     43   
    44     44   /*
    45     45    *  SHA1Reset
    46     46    *
    47     47    *  Description:
    48     48    *      This function will initialize the SHA1Context in preparation
    49     49    *      for computing a new SHA1 message digest.
................................................................................
    52     52    *      context: [in/out]
    53     53    *          The context to reset.
    54     54    *
    55     55    *  Returns:
    56     56    *      sha Error Code.
    57     57    *
    58     58    */
    59         -int SHA1Reset(SHA1Context *context)
           59  +static int SHA1Reset(SHA1Context *context)
    60     60   {
    61     61       if (!context)
    62     62       {
    63     63           return shaNull;
    64     64       }
    65     65   
    66     66       context->Length_Low             = 0;
................................................................................
    94     94    *      Message_Digest: [out]
    95     95    *          Where the digest is returned.
    96     96    *
    97     97    *  Returns:
    98     98    *      sha Error Code.
    99     99    *
   100    100    */
   101         -int SHA1Result( SHA1Context *context,
          101  +static int SHA1Result( SHA1Context *context,
   102    102                   uint8_t Message_Digest[SHA1HashSize])
   103    103   {
   104    104       int i;
   105    105   
   106    106       if (!context || !Message_Digest)
   107    107       {
   108    108           return shaNull;
................................................................................
   151    151    *      length: [in]
   152    152    *          The length of the message in message_array
   153    153    *
   154    154    *  Returns:
   155    155    *      sha Error Code.
   156    156    *
   157    157    */
   158         -int SHA1Input(    SHA1Context    *context,
          158  +static int SHA1Input(    SHA1Context    *context,
   159    159                     const uint8_t  *message_array,
   160    160                     unsigned       length)
   161    161   {
   162    162       if (!length)
   163    163       {
   164    164           return shaSuccess;
   165    165       }
................................................................................
   223    223    *  Comments:
   224    224    *      Many of the variable names in this code, especially the
   225    225    *      single character names, were used because those were the
   226    226    *      names used in the publication.
   227    227    *
   228    228    *
   229    229    */
   230         -void SHA1ProcessMessageBlock(SHA1Context *context)
          230  +static void SHA1ProcessMessageBlock(SHA1Context *context)
   231    231   {
   232    232       const uint32_t K[] =    {       /* Constants defined in SHA-1   */
   233    233                               0x5A827999,
   234    234                               0x6ED9EBA1,
   235    235                               0x8F1BBCDC,
   236    236                               0xCA62C1D6
   237    237                               };
................................................................................
   333    333    *      ProcessMessageBlock: [in]
   334    334    *          The appropriate SHA*ProcessMessageBlock function
   335    335    *  Returns:
   336    336    *      Nothing.
   337    337    *
   338    338    */
   339    339   
   340         -void SHA1PadMessage(SHA1Context *context)
          340  +static void SHA1PadMessage(SHA1Context *context)
   341    341   {
   342    342       /*
   343    343        *  Check to see if the current message block is too small to hold
   344    344        *  the initial padding bits and length.  If so, we will pad the
   345    345        *  block, process it, and then continue padding into a second
   346    346        *  block.
   347    347        */

Modified sha1.h from [46f665cb64] to [cf44cc0e4d].

    66     66       int Computed;               /* Is the digest computed?         */
    67     67       int Corrupted;             /* Is the message digest corrupted? */
    68     68   } SHA1Context;
    69     69   
    70     70   /*
    71     71    *  Function Prototypes
    72     72    */
    73         -int SHA1Reset(  SHA1Context *);
    74         -int SHA1Input(  SHA1Context *,
           73  +static int SHA1Reset(  SHA1Context *);
           74  +static int SHA1Input(  SHA1Context *,
    75     75                   const uint8_t *,
    76     76                   unsigned int);
    77         -int SHA1Result( SHA1Context *,
           77  +static int SHA1Result( SHA1Context *,
    78     78                   uint8_t Message_Digest[SHA1HashSize]);
    79     79   
    80     80   #endif