Skip to content
Browse files

Merge branch 'pedantic-makefile'

  • Loading branch information...
2 parents 1e496bd + 89093a6 commit 8600ebedcb408c9979a5743a2081419b88cd6943 @ewust committed May 31, 2012
View
2 tag/Makefile
@@ -1,4 +1,4 @@
-CFLAGS=-g -O3 -Wall -I$(INCLUDE) -L$(LIB)
+CFLAGS=-g -O3 -Wall -fPIC -I$(INCLUDE) -L$(LIB)
TARGETS=tag.o ptwist168.o genkeys
View
7 tag/tag.c
@@ -6,6 +6,7 @@
#include <stdio.h>
#include <string.h>
+#include "tag.h"
byte maingen[PTWIST_BYTES];
byte twistgen[PTWIST_BYTES];
byte mainpub[PTWIST_BYTES];
@@ -15,7 +16,7 @@ void gen_tag(byte tag[PTWIST_TAG_BYTES], byte key[16],
const byte *context, size_t context_len)
{
byte seckey[PTWIST_BYTES];
- byte sharedsec[PTWIST_BYTES+context_len];
+ byte sharedsec[PTWIST_BYTES+MAX_CONTEXT_LEN];
byte usetwist;
byte taghashout[32];
#if PTWIST_PUZZLE_STRENGTH > 0
@@ -25,6 +26,7 @@ void gen_tag(byte tag[PTWIST_TAG_BYTES], byte key[16],
bn_t Rbn, Hbn;
int i, len, sign;
#endif
+ assert(context_len <= MAX_CONTEXT_LEN);
memset(tag, 0xAA, PTWIST_TAG_BYTES);
@@ -133,7 +135,7 @@ int check_tag(byte key[16], const byte privkey[PTWIST_BYTES],
size_t context_len)
{
int ret = -1;
- byte sharedsec[PTWIST_BYTES+context_len];
+ byte sharedsec[PTWIST_BYTES+MAX_CONTEXT_LEN];
byte taghashout[32];
#if PTWIST_PUZZLE_STRENGTH > 0
byte hashout[32];
@@ -142,6 +144,7 @@ int check_tag(byte key[16], const byte privkey[PTWIST_BYTES],
unsigned int firstbits;
int firstpass = 0;
#endif
+ assert(context_len <= MAX_CONTEXT_LEN);
/* Compute the shared secret privkey*TAG */
ptwist_pointmul(sharedsec, tag, privkey);
View
1 tag/tag.h
@@ -6,6 +6,7 @@ extern "C" {
#endif
#include "ptwist.h"
+#include <stdint.h>
#define MAX_CONTEXT_LEN 9
// ip(4) + timestamp(4) + session_id(1)
View
1 telex-client/CREDITS
@@ -2,3 +2,4 @@ J. Alex Halderman https://jhalderm.com
Scott Wolchok http://scott.wolchok.org
Eric Wustrow https://ericw.us/trow
Eitan Adler http://eitanadler.com/
+Jacob Appelbaum http://www.appelbaum.net/
View
20 telex-client/Makefile
@@ -6,8 +6,24 @@ LIB=-L./req/local/lib
#INCLUDE=-I/usr/local/ssl/include -I/usr/local/include
#LIB=-L/usr/local/ssl/lib -L/usr/local/lib
-CFLAGS+=-O3 -Wall $(INCLUDE)
-LDFLAGS+=$(LIB) -lssl -lcrypto -levent_core -levent_extra -levent_openssl -largtable2
+# Hardening and warnings for building with gcc
+GCCWARNINGS = -Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef \
+-Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes \
+-Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment \
+-Wformat=2 -Wwrite-strings -Wmissing-declarations -Wredundant-decls \
+-Wnested-externs -Wbad-function-cast -Wswitch-enum -Winit-self \
+-Wmissing-field-initializers \
+-Wold-style-definition -Waddress -Wmissing-noreturn -Wnormalized=id \
+-Woverride-init -Wstrict-overflow=1 -Wextra -Warray-bounds \
+-Wstack-protector -Wformat -Wformat-security -Wpointer-sign
+GCCHARDENING=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fwrapv -fPIC --param ssp-buffer-size=1
+LDHARDENING=-z relro -z now
+
+EXTRACFLAGS=-g -O2 $(EXTRA_CFLAGS) $(GCCHARDENING) $(GCCWARNINGS) -Werror
+EXTRALDFLAGS= $(LDHARDENING)
+
+CFLAGS+=-Wall $(INCLUDE) $(EXTRACFLAGS)
+LDFLAGS+=$(LIB) $(EXTRALDFLAGS) -lssl -lcrypto -levent_core -levent_extra -levent_openssl -largtable2
OBJS=listener.o logger.o proxy.o ssl.o util.o client.o tag/tag.o tag/ptwist168.o
TARGETS=telex-client
View
2 telex-client/client.c
@@ -18,7 +18,7 @@
#include "logger.h"
#include "ssl.h"
-int telex_client(int listen_port, int remote_port, int debug_level, const char *remote_host,
+static int telex_client(int listen_port, int remote_port, int debug_level, const char *remote_host,
const char *keyfile, const char *cafile)
{
if (debug_level >= 0) {
View
6 telex-client/listener.c
@@ -37,7 +37,6 @@ int InitAndListenLoop(int port, evconnlistener_cb accept_cb, struct telex_conf *
LogFatal("listener", "Could not initialize libevent");
return 1;
}
- void event_enable_debug_mode(void);
conf->dns_base = evdns_base_new(base, 1);
if (!conf->dns_base) {
@@ -107,6 +106,9 @@ struct evconnlistener *listener_init_local(struct event_base *base, int port,
// Shutdown on sigint
static void sigint_cb(evutil_socket_t sig, short events, void *user_data)
{
+ (void) sig;
+ (void) events; // Avoid warning about unused parameter
+
struct event_base *base = user_data;
LogInfo("listener", "Got interrupt signal");
event_base_loopexit(base, NULL);
@@ -115,6 +117,8 @@ static void sigint_cb(evutil_socket_t sig, short events, void *user_data)
// Shutdown on listener error
static void listener_default_error_cb(struct evconnlistener *listener, void *ctx)
{
+ (void) ctx; // Avoid warning about unused parameter
+
struct event_base *base = evconnlistener_get_base(listener);
int err = EVUTIL_SOCKET_ERROR();
LogFatal("listener", "Got an error %d (%s) on the listener; shutting down",
View
6 telex-client/logger.c
@@ -13,14 +13,14 @@
static enum LogLevel log_output_level = LOG_INFO;
static FILE *log_output_stream = NULL;
-static char *log_level_name[] =
+static const char *log_level_name[] =
{ "FATAL", "ERROR", "WARN ", "INFO ", "DEBUG", "TRACE" };
int LogLogVA(enum LogLevel level, const char *loggerName, const char *logMessage, va_list args)
{
if (log_output_stream && level <= log_output_level) {
- char *levelName;
- if (level < 0 || level >= sizeof(log_level_name)) {
+ const char *levelName;
+ if (level >= sizeof(log_level_name)) {
levelName = "UNKNOWN";
} else {
levelName = log_level_name[level];
View
16 telex-client/proxy.c
@@ -51,7 +51,7 @@ int __ref_SSL = 0;
LogTrace("proxy", "%s -- : %d", #_resource, __ref_##_resource);
// Allocate and initialize tunnel connection State object
-struct telex_state *StateInit(struct telex_conf *conf)
+static struct telex_state *StateInit(struct telex_conf *conf)
{
struct telex_state *state;
_inc(STATE); state = calloc(1, sizeof(struct telex_state));
@@ -70,7 +70,7 @@ struct telex_state *StateInit(struct telex_conf *conf)
// and free State object itself.
// Please add cleanup code here if you extend
// the structure!
-void StateCleanup(struct telex_state **_state)
+static void StateCleanup(struct telex_state **_state)
{
if (!_state || !*_state)
return;
@@ -112,9 +112,11 @@ void StateCleanup(struct telex_state **_state)
// Finish what proxy_accept_cb started - but now we know the
// notblocked_host's ip (server_ip).
-void proxy_notblocked_getaddrinfo_cb(int result, struct evutil_addrinfo *ai,
+static void proxy_notblocked_getaddrinfo_cb(int result, struct evutil_addrinfo *ai,
struct telex_state *state)
{
+ (void) result; // suppress warning on unused param
+
assert(state != NULL);
if (ai == NULL) {
LogError(state->name, "Lookup of notblocked failed (do you have Internet?)");
@@ -164,6 +166,10 @@ void proxy_accept_cb(struct evconnlistener *listener, evutil_socket_t fd,
struct sockaddr *address, int socklen,
struct telex_conf *conf)
{
+
+ (void) address;
+ (void) socklen; // suppress warning on unused param
+
LogTrace("proxy", "ACCEPT");
// Init connection state
@@ -201,10 +207,10 @@ void proxy_accept_cb(struct evconnlistener *listener, evutil_socket_t fd,
// TODO: check return, _inc(???)
LogTrace(state->name, "Resolving %s", conf->notblocked_host);
evutil_getaddrinfo_async(conf->dns_base, conf->notblocked_host,
- portbuf, &hint, proxy_notblocked_getaddrinfo_cb, state);
+ portbuf, &hint,
+ (void (*)(int, struct evutil_addrinfo *, void *)) proxy_notblocked_getaddrinfo_cb, state);
}
-
#define ISLOCAL(bev, state) ((bev) == (state)->local)
#define ISREMOTE(bev, state) ((bev) == (state)->remote)
#define PARTY(bev, state) (ISLOCAL((bev),(state)) ? "local" : \
View
8 telex-client/proxy.h
@@ -11,6 +11,14 @@
#error "This version of Libevent is not supported; Get 2.0.1-alpha or later."
#endif
+// Should be in a libevent header; is not
+int
+evutil_getaddrinfo_async(struct evdns_base *dns_base,
+ const char *nodename, const char *servname,
+ const struct evutil_addrinfo *hints_in,
+ void (*cb)(int, struct evutil_addrinfo *, void *), void *arg);
+
+
// We've accepted a connection for proxying...
// Establish a connection to server specified in conf
// and set up events to relay traffic in both directions.
View
8 telex-client/ssl.c
@@ -101,10 +101,10 @@ void ssl_done(struct telex_conf *conf)
// and produces a 1023-bit bignum to be used as the client's dh_priv_key
// Uses Krawczyk's crypto-correct PRG: http://eprint.iacr.org/2010/264
// page 11, PRK = state_secret, CTXinfo = uniq
-BIGNUM *telex_ssl_get_dh_key(Secret state_secret, BIGNUM *res)
+static BIGNUM *telex_ssl_get_dh_key(Secret state_secret, BIGNUM *res)
{
- int i;
- char *uniq = "Telex PRG";
+ unsigned int i;
+ const char *uniq = "Telex PRG";
unsigned char buf[128];
unsigned char out[SHA256_DIGEST_LENGTH];
unsigned char in[128]; // > SHA256_DIGEST_LENTH + strlen(uniq) + sizeof(int)
@@ -158,7 +158,7 @@ int ssl_new_telex(struct telex_state *state, unsigned long server_ip)
}
unsigned long t = htonl(time(NULL));
- char *session_id = "\x00";
+ const char *session_id = "\x00";
unsigned char tag_context[MAX_CONTEXT_LEN];
memcpy(&tag_context[0], &server_ip, 4);
View
2 telex-client/util.c
@@ -22,7 +22,7 @@ void address_to_string(struct sockaddr_in *sin, char *output, int outlen)
}
// Returns milliseconds in unix epoch
-unsigned long long time_ms()
+unsigned long long time_ms(void)
{
struct timeval now;
gettimeofday(&now, NULL);
View
2 telex-client/util.h
@@ -16,6 +16,6 @@
#endif
void address_to_string(struct sockaddr_in *sin, char *output, int outlen);
-unsigned long long time_ms();
+unsigned long long time_ms(void);
#endif//_UTIL_H_

0 comments on commit 8600ebe

Please sign in to comment.
Something went wrong with that request. Please try again.