siemens · martin-barta-sie · Aug 15, 2022 · Aug 16, 2022 · DDvO · Aug 22, 2022
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -25,8 +25,9 @@ if (NOT YOCTO_BUILD)
 
 endif()
 
-if(NOT DEFINED SECUTILS_VERSION )
-    set(SECUTILS_VERSION 0.9)
+if(NOT DEFINED SECUTILS_VERSION)
+    # must be kept in sync with latest version in debian/changelog and with VERSION in Makefile
+    set(SECUTILS_VERSION 1.0)
 endif()
 
 set(INCLUDE_DIRS ${PROJECT_SOURCE_DIR}/include
@@ -43,13 +44,11 @@ set(SRC_EXAMPLE_DIR ${PROJECT_SOURCE_DIR}/test)
 
 find_package(OpenSSL REQUIRED)
 
-if(DEFINED ENV{NDEBUG})
-  add_definitions(-DNDEBUG=1 -O2)
-else()
-  add_definitions(-g -O0)
-  add_definitions(-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all)
-  link_libraries("-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all")
-endif()
+# Add this to get some additional runtime checks.
+# Warning: it's incompatible with tools like Valgrind and you have to add it to the app using this lib too.
+# add_definitions("-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all")
+# link_libraries("-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all")
+
 add_definitions(-Wall -Woverflow -Wextra -Wswitch -Wmissing-prototypes -Wstrict-prototypes -Wformat -Wtype-limits -Wundef -Wconversion -Wno-shadow -Wno-conversion -Wno-sign-conversion -Wno-unused-parameter -Wno-sign-compare) # TODO enable -Wconversion -Wsign-conversion -Wsign-compare -Wunused-parameter
 add_definitions(-Wformat -Wformat-security -Wno-declaration-after-statement -Wno-vla) # -Wpointer-arith -pedantic -DPEDANTIC # -Werror
 
@@ -75,6 +74,7 @@ set(SECUTIL_LIB_SRC ${SRC_DIR}/certstatus/certstatus.c
     ${SRC_DIR}/connections/conn.c
     ${SRC_DIR}/connections/http.c
     ${SRC_DIR}/connections/tls.c
+    ${SRC_DIR}/credentials/cert.c
     ${SRC_DIR}/credentials/credentials.c
     ${SRC_DIR}/credentials/key.c
     ${SRC_DIR}/credentials/store.c

diff --git a/Makefile b/Makefile
@@ -18,10 +18,8 @@ ROOTFS ?= $(DESTDIR)$(prefix)
 
 OUT_DIR ?= .
 
+# must be kept in sync with latest version in debian/changelog and with SECUTILS_VERSION in CMakeLists.txt
 VERSION=1.0
-# must be kept in sync with latest version in debian/changelog
-# PACKAGENAME=libsecutils
-# DIRNAME=$(PACKAGENAME)-$(VERSION)
 
 SHELL=bash # This is needed for supporting extended file name globbing
 
@@ -57,12 +55,16 @@ endif
 # Note: stuff for testing purposes should go here
 ################################################################################
 
-ifdef NDEBUG
+ifdef DEBUG
+    DEBUG_FLAGS ?= -g -O0
+# Add this to get some additional runtime checks.
+# Warning: it's incompatible with tools like Valgrind and you have to add it to the app using this lib too
+#	DEBUG_FLAGS += -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all
+else
     DEBUG_FLAGS ?= -O2
     override DEBUG_FLAGS += -DNDEBUG=1
-else
-    DEBUG_FLAGS ?= -g -O0 -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all # not every compiler(version) supports -Og
 endif
+
 override CFLAGS += $(DEBUG_FLAGS) -Wall -Woverflow -Wextra -Wswitch -Wmissing-prototypes -Wstrict-prototypes -Wformat -Wtype-limits -Wundef -Wconversion
 override CFLAGS += -Wno-shadow -Wno-conversion -Wno-sign-conversion -Wno-sign-compare -Wno-unused-parameter # TODO clean up code and enable -Wshadow -Wconversion -Wsign-conversion -Wsign-compare -Wunused-parameter
 override CFLAGS += -Wformat -Wformat-security -Wno-declaration-after-statement -Wno-vla # -Wpointer-arith -pedantic -DPEDANTIC # -Werror
@@ -150,11 +152,13 @@ ifeq ($(COV_ENABLED), 1)
 endif
 	$(MAKE) COMPILE_TYPE=$(COMPILE_TYPE) build_only
 
-util:
+util: $(OUT_DIR)/$(OUTLIB)
 	$(MAKE) -C util SECUTILS_USE_UTA="$(SECUTILS_USE_UTA)" \
 	   CFLAGS="$(CFLAGS) $(LOCAL_CFLAGS)" LDFLAGS="$(LDFLAGS)"
 
-build_all: build util
+build_all:
+	$(MAKE) build
+	$(MAKE) util
 
 # Binary output target
 $(OUT_DIR)/$(OUTLIB).$(VERSION): $(OBJS)
@@ -219,10 +223,10 @@ clean_uta:
           $(OUT_DIR)/$(OUTLIB)* $(OUT_DIR)/util/$(OUTBIN) $(OUT_DIR)/util/icvutil.o
 
 clean:
+	$(MAKE) -C util clean
 	rm -rf $(OUT_DIR)/$(OUTLIB)* $(OUT_DIR)/util/$(OUTBIN) $(BUILDDIR)
 
 clean_all: clean clean_deb
-	$(MAKE) -C util clean
 	rm -rf doc refman.pdf *.gcov reports
 
 doc: doc/html refman.pdf

diff --git a/debian/rules b/debian/rules
@@ -25,7 +25,8 @@ override_dh_auto_clean:
 
 # adding compile flags as, defaults are commonly debug flags
 override_dh_auto_build:
-#	CFLAGS="-O2 -DNDEBUG" CXXFLAGS="-O2 -DNDEBUG" DEBUG_FLAGS="" LDFLAGS=""  # can be used to avoid dependency on libasan and libubsan
+# clear DEBUG_FLAGS so that the default debian options get applied
+	DEBUG_FLAGS="" \
 	OPENSSL_DIR=/usr CC=$(CC) CXX=$(CXX) AR=$(AR) \
 	dh_auto_build -- -j1 build_only util
 

diff --git a/include/secutils/certstatus/certstatus.h b/include/secutils/certstatus/certstatus.h
@@ -17,6 +17,7 @@
 #define SECUTILS_CERTSTATUS_H_
 
 #include <openssl/x509_vfy.h>
+
 #include "../util/log.h"
 
 #if OPENSSL_VERSION_NUMBER < 0x10101000L

diff --git a/include/secutils/certstatus/crl_mgmt.h b/include/secutils/certstatus/crl_mgmt.h
@@ -17,7 +17,8 @@
 #define SECUTILS_HEADER_CRL_MGMT_H
 
 #include <openssl/x509.h>
-#include <secutils/basic.h>
+
+#include "../basic.h"
 
 #ifdef __cplusplus
 extern "C" {

diff --git a/include/secutils/certstatus/crls.h b/include/secutils/certstatus/crls.h
@@ -16,6 +16,8 @@
 #ifndef SECUTILS_CRLS_H_
 #define SECUTILS_CRLS_H_
 
+#include "../basic.h"
+
 #include <openssl/x509.h>
 
 /*!*****************************************************************************

diff --git a/include/secutils/credentials/cert.h b/include/secutils/credentials/cert.h
@@ -26,8 +26,7 @@
 #include <string.h>  /* for strcmp, strlen */
 
 #include "../basic.h"
-#include "../operators.h"
-# include "../util/log.h"
+#include "../util/log.h"
 
 #include <openssl/x509.h>
 

diff --git a/include/secutils/credentials/verify.h b/include/secutils/credentials/verify.h
@@ -74,15 +74,13 @@ bool verify_cb_cert(X509_STORE_CTX* store_ctx, X509* cert, int err);
 /*!*****************************************************************************
  * @brief attempt to verify certificate
  *
- * @param ctx (optional) pointer to UTA context, unused
  * @param cert certificate to be verified
  * @param untrusted (optional) intermediate certs that may be useful for building
  * the chain of certificates between the cert and the trusted certs in the trust store
  * @param trust_store pointer to structure containing trusted (root) certs and further verification parameters
  * @note trust_store may contain CRLs loaded via STORE_load_crl_dir()
- * @return < 0 on on verification error, 0 for invalid cert, 1 for vaild cert
+ * @return < 0 on on verification error, 0 for invalid cert, 1 for valid cert
  *******************************************************************************/
-int CREDENTIALS_verify_cert(OPTIONAL uta_ctx* ctx, X509* cert,
-                            OPTIONAL const STACK_OF(X509) * untrusted, X509_STORE* trust_store);
+int CREDENTIALS_verify_cert(X509* cert, OPTIONAL const STACK_OF(X509) * untrusted, X509_STORE* trust_store);
 
 #endif /* SECUTILS_VERIFY_H_ */
diff --git a/include/secutils/storage/files_dv.h b/include/secutils/storage/files_dv.h
@@ -25,6 +25,8 @@
 
 #include <openssl/x509.h>
 
+#include "../util/util.h"
+
 #include "../storage/uta_api.h"
 #define MAX_UTA_PASS_LEN (MAX_B64_CHARS_PER_BYTE * TA_OUTLEN + 1)
 #include "files.h"

diff --git a/include/secutils/storage/files_icv.h b/include/secutils/storage/files_icv.h
@@ -20,6 +20,7 @@
 #include "../storage/uta_api.h"
 
 #include <openssl/ossl_typ.h>
+#include <openssl/safestack.h>
 
 /*!
  * @brief (re-)protect integrity of file (of any type that allows appending text) with ICV derived via UTA

diff --git a/include/secutils/util/util.h b/include/secutils/util/util.h
@@ -30,11 +30,12 @@
 # include <unistd.h>
 
 # include "../basic.h"
-# include "../operators.h"
 
 # include <openssl/err.h>
 # include <openssl/x509v3.h>
 
+# include "../storage/uta_api.h"
+
 static const char *const
 UTIL_SECUTILS_NAME = "secutils";           /*!< short name of this library */
 static const int UTIL_max_path_len = 512;  /*!< max length of file path name */

diff --git a/src/certstatus/certstatus.c b/src/certstatus/certstatus.c
@@ -1,13 +1,13 @@
-/** 
+/**
 * @file certstatus.c
-* 
+*
 * @brief Certificate status checking using CRLs and/or OCSP
 *
 * @copyright Copyright (c) Siemens Mobility GmbH, 2021
 *
 * @author David von Oheimb <[email protected]>
 *
-* This work is licensed under the terms of the Apache Software License 
+* This work is licensed under the terms of the Apache Software License
 * 2.0. See the COPYING file in the top-level directory.
 *
 * SPDX-License-Identifier: Apache-2.0
@@ -28,7 +28,7 @@
 # include <certstatus/ocsp.h>
 #endif
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 static unsigned int num_CDPs(const X509* cert)
 {

diff --git a/src/certstatus/crls.c b/src/certstatus/crls.c
@@ -27,7 +27,7 @@
 #include <credentials/verify.h>
 #include <connections/conn.h>
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 /* adapted from OpenSSL:crypto/x509/t_crl.c */
 void UTIL_print_crl(OPTIONAL BIO* bio, OPTIONAL const X509_CRL* crl)

diff --git a/src/certstatus/ocsp.c b/src/certstatus/ocsp.c
@@ -29,7 +29,7 @@
 #  include <connections/tls.h>
 # endif
 
-# include <operators.h>
+#include "secutils/operators.h"
 
 OCSP_RESPONSE* CONN_load_OCSP_http(const char* url, int timeout,
                                    const OCSP_REQUEST* req,

diff --git a/src/config/config.c b/src/config/config.c
@@ -22,7 +22,7 @@
 #include <credentials/verify.h>
 #include <storage/files_icv.h>
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 /* adapted from OpenSSL:apps/include/apps.h */
 static opt_t vpm_opts[] = { OPT_V_OPTIONS, OPT_END };

diff --git a/src/config/config_update.c b/src/config/config_update.c
@@ -17,7 +17,7 @@
 #include <storage/files_icv.h>
 #include <util/log.h>
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 
 static void skip_space(char** p)

diff --git a/src/config/opt.c b/src/config/opt.c
@@ -19,7 +19,7 @@
 
 #include <inttypes.h> /* for strtoimax on Linux */
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 const char OPT_more_str[] = "-M";
 const char OPT_section_str[] = "-S";

diff --git a/src/connections/conn.c b/src/connections/conn.c
@@ -21,7 +21,7 @@
 # include <openssl/ssl.h>
 #endif
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 static const char* skip_scheme(const char* str)
 {

diff --git a/src/connections/http.c b/src/connections/http.c
@@ -16,7 +16,6 @@
 #if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
 
 # include <util/log.h>
-# include <operators.h>
 # include <connections/http.h>
 # include <connections/conn.h>
 # ifndef SECUTILS_NO_TLS
@@ -29,6 +28,8 @@
 # endif
 # include <openssl/ocsp.h>
 
+# include "secutils/operators.h"
+
 /* TODO replace this all by new API in http.h of OpenSSL 3.0 */
 
 static int REQ_CTX_i2d(OCSP_REQ_CTX* rctx, const char* content_type,

diff --git a/src/connections/tls.c b/src/connections/tls.c
@@ -29,7 +29,7 @@
 #include <certstatus/ocsp.h>
 #endif
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 bool TLS_init(void)
 {

diff --git a/src/credentials/cert.c b/src/credentials/cert.c
@@ -19,7 +19,7 @@
 #include <storage/files.h>
 #include <util/log.h>
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 
 X509 *CERT_load(const char *file, OPTIONAL const char *source,

diff --git a/src/credentials/credentials.c b/src/credentials/credentials.c
@@ -27,7 +27,7 @@
 #include <util/log.h>
 #include <util/util.h>
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 /* this type is part of the genCMPClient API */
 struct credentials

diff --git a/src/credentials/key.c b/src/credentials/key.c
@@ -20,7 +20,7 @@
 #include <credentials/key.h>
 #include <util/log.h>
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 EVP_PKEY* KEY_new(const char* spec)
 {

diff --git a/src/credentials/store.c b/src/credentials/store.c
@@ -26,7 +26,7 @@
 #include <util/log.h>
 #include <util/util.h>
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 typedef struct STORE_ex_st
 {

diff --git a/src/credentials/trusted.c b/src/credentials/trusted.c
@@ -20,7 +20,7 @@
 #include <storage/files_icv.h>
 #include <util/log.h>
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 static const char* config_file(void)
 {

diff --git a/src/credentials/verify.c b/src/credentials/verify.c
@@ -23,7 +23,7 @@
 #include <util/log.h>
 #include <storage/uta_api.h>
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 
 bool STORE_CTX_tls_active(const X509_STORE_CTX* ctx)
@@ -183,8 +183,7 @@ bool verify_cb_cert(X509_STORE_CTX* store_ctx, X509* cert, int err)
     return verify_cb != 0 and (*verify_cb)(0, store_ctx) != 0;
 }
 
-int CREDENTIALS_verify_cert(OPTIONAL uta_ctx* uta_ctx, X509* cert,
-                            OPTIONAL const STACK_OF(X509) * untrusted_certs, X509_STORE* trust_store)
+int CREDENTIALS_verify_cert(X509* cert, OPTIONAL const STACK_OF(X509) * untrusted_certs, X509_STORE* trust_store)
 {
     int result = -1;
     X509_STORE_CTX* store_ctx = 0;

diff --git a/src/crypto/crypto.c b/src/crypto/crypto.c
@@ -13,7 +13,7 @@
 * SPDX-License-Identifier: Apache-2.0
 */
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 #include <util/log.h>
 #include <crypto/crypto.h>

diff --git a/src/storage/files.c b/src/storage/files.c
@@ -33,7 +33,7 @@ _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")
 #include <util/log.h>
 # include <connections/conn.h>
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 static file_format_t adjust_format(const char* * file, file_format_t format, bool engine_ok)
 {

diff --git a/src/storage/files_dv.c b/src/storage/files_dv.c
@@ -28,7 +28,7 @@ static const char* const DV_SECTION = "dv"; /*! name of DVFILE section with DV s
 #include <storage/files_dv.h>
 #include <util/log.h>
 
-#include <operators.h>
+#include "secutils/operators.h"
 
 /* Get device-specific password (base64 encoded) */
 static bool getBase64Password(OPTIONAL uta_ctx* ctx, const unsigned char* dv, char* pw)