Merge pull request #16 from ethomson/subsystems_refactor

Subsystems refactor

Author: ethomson

.github/workflows/main.yml

@@ -11,50 +11,97 @@ jobs:
     strategy:
       matrix:
         config:
-          # Linux (amd64, Trusty, GCC, OpenSSL)
+          # Linux (amd64, Xenial, GCC, OpenSSL)
           - platform: 'ubuntu-latest'
-            container: 'libgit2/trusty-amd64:latest'
+            container: 'ghcr.io/libgit2/libgit2/xenial:latest'
             env: { CC: 'gcc', CMAKE_OPTIONS: '-DCRYPT=openssl -DUNICODE=builtin', LEAK_CHECK: 'valgrind' }
 
-          # Linux (amd64, Trusty, GCC, mbedTLS)
+          # Linux (amd64, Xenial, GCC, mbedTLS)
           - platform: 'ubuntu-latest'
-            container: 'libgit2/trusty-amd64:latest'
+            container: 'ghcr.io/libgit2/libgit2/xenial:latest'
             env: { CC: 'gcc', CMAKE_OPTIONS: '-DCRYPT=mbedtls -DUNICODE=iconv', LEAK_CHECK: 'valgrind' }
 
-          # Linux (amd64, Trusty, Clang, OpenSSL)
+          # Linux (amd64, Xenial, Clang, OpenSSL)
           - platform: 'ubuntu-latest'
-            container: 'libgit2/trusty-amd64:latest'
+            container: 'ghcr.io/libgit2/libgit2/xenial:latest'
             env: { CC: 'clang', CMAKE_OPTIONS: '-DCRYPT=openssl -DUNICODE=iconv', LEAK_CHECK: 'valgrind' }
 
-          # Linux (amd64, Trusty, Clang, mbedTLS)
+          # Linux (amd64, Xenial, Clang, OpenSSL Dynamic)
           - platform: 'ubuntu-latest'
-            container: 'libgit2/trusty-amd64:latest'
+            container: 'ghcr.io/libgit2/libgit2/xenial:latest'
+            env: { CC: 'clang', CMAKE_OPTIONS: '-DCRYPT=openssl-dynamic -DUNICODE=iconv', LEAK_CHECK: 'valgrind' }
+
+          # Linux (amd64, Xenial, Clang, mbedTLS)
+          - platform: 'ubuntu-latest'
+            container: 'ghcr.io/libgit2/libgit2/xenial:latest'
             env: { CC: 'clang', CMAKE_OPTIONS: '-DCRYPT=mbedtls -DUNICODE=builtin', LEAK_CHECK: 'valgrind' }
 
           # Linux (x86, Bionic, gcc, OpenSSL)
           - platform: 'ubuntu-latest'
-            container: 'libgit2/bionic-x86:latest'
+            container: 'ghcr.io/libgit2/libgit2/bionic-x86:latest'
             qemu: true
-            env: { CC: 'gcc', CMAKE_OPTIONS: '-DCRYPT=openssl -DUNICODE=builtin', LEAK_CHECK: 'valgrind' }
+            env: { CC: 'gcc', CMAKE_GENERATOR: 'Ninja', CMAKE_OPTIONS: '-DCRYPT=openssl -DUNICODE=builtin', LEAK_CHECK: 'valgrind' }
+
+          # Linux (x86, Bionic, gcc, OpenSSL Dynamic)
+          - platform: 'ubuntu-latest'
+            container: 'ghcr.io/libgit2/libgit2/bionic-x86:latest'
+            qemu: true
+            env: { CC: 'gcc', CMAKE_GENERATOR: 'Ninja', CMAKE_OPTIONS: '-DCRYPT=openssl-dynamic -DUNICODE=builtin', LEAK_CHECK: 'valgrind' }
 
           # Linux (x86, Bionic, clang, OpenSSL)
           - platform: 'ubuntu-latest'
-            container: 'libgit2/bionic-x86:latest'
+            container: 'ghcr.io/libgit2/libgit2/bionic-x86:latest'
             qemu: true
-            env: { CC: 'clang', CMAKE_OPTIONS: '-DCRYPT=openssl -DUNICODE=iconv', LEAK_CHECK: 'valgrind' }
+            env: { CC: 'clang', CMAKE_GENERATOR: 'Ninja', CMAKE_OPTIONS: '-DCRYPT=openssl -DUNICODE=iconv', LEAK_CHECK: 'valgrind' }
 
           # Linux (arm32, Bionic, gcc, OpenSSL)
           - platform: 'ubuntu-latest'
-            container: 'libgit2/bionic-arm32:latest'
+            container: 'ghcr.io/libgit2/libgit2/bionic-arm32:latest'
             qemu: true
-            env: { CC: 'gcc', CMAKE_OPTIONS: '-DCRYPT=openssl -DUNICODE=builtin' }
+            env: { CC: 'gcc', CMAKE_GENERATOR: 'Ninja', CMAKE_OPTIONS: '-DCRYPT=openssl -DUNICODE=builtin' }
+
+          # Linux (arm32, Bionic, gcc, OpenSSL Dynamic)
+          - platform: 'ubuntu-latest'
+            container: 'ghcr.io/libgit2/libgit2/bionic-arm32:latest'
+            qemu: true
+            env: { CC: 'gcc', CMAKE_GENERATOR: 'Ninja', CMAKE_OPTIONS: '-DCRYPT=openssl-dynamic -DUNICODE=builtin' }
 
           # Linux (arm64, Bionic, gcc, OpenSSL)
           - platform: 'ubuntu-latest'
-            container: 'libgit2/bionic-arm64:latest'
+            container: 'ghcr.io/libgit2/libgit2/bionic-arm64:latest'
+            qemu: true
+            env: { CC: 'gcc', CMAKE_GENERATOR: 'Ninja', CMAKE_OPTIONS: '-DCRYPT=openssl -DUNICODE=builtin' }
+
+          # Linux (arm64, Bionic, gcc, OpenSSL Dynamic)
+          - platform: 'ubuntu-latest'
+            container: 'ghcr.io/libgit2/libgit2/bionic-arm64:latest'
+            qemu: true
+            env: { CC: 'gcc', CMAKE_GENERATOR: 'Ninja', CMAKE_OPTIONS: '-DCRYPT=openssl-dynamic -DUNICODE=builtin' }
+
+          # Linux (amd64, CentOS 7, gcc, OpenSSL)
+          - platform: 'ubuntu-latest'
+            container: 'ghcr.io/libgit2/libgit2/centos7:latest'
             qemu: true
             env: { CC: 'gcc', CMAKE_OPTIONS: '-DCRYPT=openssl -DUNICODE=builtin' }
 
+          # Linux (arm64, CentOS 7, gcc, OpenSSL Dynamic)
+          - platform: 'ubuntu-latest'
+            container: 'ghcr.io/libgit2/libgit2/centos7:latest'
+            qemu: true
+            env: { CC: 'gcc', CMAKE_OPTIONS: '-DCRYPT=openssl-dynamic -DUNICODE=builtin' }
+
+          # Linux (amd64, CentOS 8, gcc, OpenSSL)
+          - platform: 'ubuntu-latest'
+            container: 'ghcr.io/libgit2/libgit2/centos8:latest'
+            qemu: true
+            env: { CC: 'gcc', CMAKE_OPTIONS: '-DCRYPT=openssl -DUNICODE=builtin' }
+
+          # Linux (arm64, CentOS 8, gcc, OpenSSL Dynamic)
+          - platform: 'ubuntu-latest'
+            container: 'ghcr.io/libgit2/libgit2/centos8:latest'
+            qemu: true
+            env: { CC: 'gcc', CMAKE_OPTIONS: '-DCRYPT=openssl-dynamic -DUNICODE=builtin' }
+
           # macOS
           - platform: 'macos-latest'
             container: ''

CMakeLists.txt

@@ -19,7 +19,7 @@ OPTION(ENABLE_ASAN   "Enable AddressSanitizer" OFF)
 OPTION(ENABLE_WERROR "Treat warnings as errors" ON)
 
 SET(UNICODE "default" CACHE STRING "Unicode implementation to use; may be 'iconv' or 'builtin'.")
-SET(CRYPT   "default" CACHE STRING "Cryptographic implementation to use; may be 'commoncrypto', 'mbedtls' or 'openssl'.")
+SET(CRYPT   "default" CACHE STRING "Cryptographic implementation to use; may be 'commoncrypto', 'mbedtls', 'openssl', or 'openssl-dynamic'.")
 
 SET(PATH_SRC     "${NTLM_SOURCE_DIR}/src")
 SET(PATH_INCLUDE "${NTLM_SOURCE_DIR}/include")
@@ -119,11 +119,19 @@ ELSEIF(CRYPT STREQUAL "openssl")
 	LIST(APPEND NTLM_PC_LIBS ${OPENSSL_LIBRARIES})
 
 	ADD_FEATURE_INFO(CRYPT ON "using OpenSSL")
+ELSEIF(CRYPT STREQUAL "openssl-dynamic")
+	ADD_DEFINITIONS(-DCRYPT_OPENSSL)
+	ADD_DEFINITIONS(-DCRYPT_OPENSSL_DYNAMIC)
+	FILE(GLOB NTLM_SRC_CRYPT "${PATH_SRC}/crypt_openssl.c")
+
+	LIST(APPEND NTLM_LIBS dl)
+
+	ADD_FEATURE_INFO(CRYPT ON "using OpenSSL (dynamic)")
 ELSE()
 	MESSAGE(FATAL_ERROR "invalid cryptographic support requested: ${CRYPT}")
 ENDIF()
 
-SET(CMAKE_C_FLAGS "-std=c99 -D_DEFAULT_SOURCE")
+SET(CMAKE_C_FLAGS "-std=gnu99 -D_DEFAULT_SOURCE")
 
 ENABLE_WARNINGS(all)
 ENABLE_WARNINGS(extra)
@@ -186,6 +194,9 @@ IF(BUILD_LIBRARY)
 ENDIF()
 
 IF(BUILD_TESTS)
+	SET(Python_ADDITIONAL_VERSIONS 3 2.7)
+	FIND_PACKAGE(PythonInterp)
+
 	FILE(GLOB NTLM_TEST "${PATH_TESTS}/*.c")
 
 	ADD_CUSTOM_COMMAND(

ci/build.sh

@@ -5,6 +5,7 @@ set -e
 SOURCE_DIR=${SOURCE_DIR:-$( cd "$( dirname "${BASH_SOURCE[0]}" )" && dirname $( pwd ) )}
 BUILD_DIR=$(pwd)
 CC=${CC:-cc}
+CMAKE_GENERATOR=${CMAKE_GENERATOR:-Unix Makefiles}
 
 indent() { sed "s/^/    /"; }
 
@@ -35,8 +36,8 @@ echo "##########################################################################
 echo "## Configuring build environment"
 echo "##############################################################################"
 
-echo cmake ${SOURCE_DIR} -DENABLE_WERROR=ON ${CMAKE_OPTIONS}
-cmake ${SOURCE_DIR} -DENABLE_WERROR=ON ${CMAKE_OPTIONS}
+echo cmake ${SOURCE_DIR} -DENABLE_WERROR=ON -G ${CMAKE_GENERATOR} ${CMAKE_OPTIONS}
+cmake ${SOURCE_DIR} -DENABLE_WERROR=ON -G "${CMAKE_GENERATOR}" ${CMAKE_OPTIONS}
 
 echo ""
 echo "##############################################################################"

src/crypt.h

@@ -25,40 +25,42 @@
 
 typedef unsigned char ntlm_des_block[CRYPT_DES_BLOCKSIZE];
 
+typedef struct ntlm_crypt_ctx ntlm_crypt_ctx;
+
+extern bool ntlm_crypt_init(ntlm_client *ntlm);
+
 extern bool ntlm_random_bytes(
-	ntlm_client *ntlm,
 	unsigned char *out,
+	ntlm_client *ntlm,
 	size_t len);
 
 extern bool ntlm_des_encrypt(
 	ntlm_des_block *out,
+	ntlm_client *ntlm,
 	ntlm_des_block *plaintext,
 	ntlm_des_block *key);
 
 extern bool ntlm_md4_digest(
 	unsigned char out[CRYPT_MD4_DIGESTSIZE],
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len);
 
-extern ntlm_hmac_ctx *ntlm_hmac_ctx_init(void);
-
-extern bool ntlm_hmac_ctx_reset(ntlm_hmac_ctx *ctx);
-
 extern bool ntlm_hmac_md5_init(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *key,
 	size_t key_len);
 
 extern bool ntlm_hmac_md5_update(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *data,
 	size_t data_len);
 
 extern bool ntlm_hmac_md5_final(
 	unsigned char *out,
 	size_t *out_len,
-	ntlm_hmac_ctx *ctx);
+	ntlm_client *ntlm);
 
-extern void ntlm_hmac_ctx_free(ntlm_hmac_ctx *ctx);
+extern void ntlm_crypt_shutdown(ntlm_client *ntlm);
 
 #endif /* PRIVATE_CRYPT_COMMON_H__ */

src/crypt_commoncrypto.c

@@ -18,9 +18,15 @@
 #include "ntlm.h"
 #include "crypt.h"
 
+bool ntlm_crypt_init(ntlm_client *ntlm)
+{
+	memset(&ntlm->crypt_ctx, 0, sizeof(ntlm_crypt_ctx));
+	return true;
+}
+
 bool ntlm_random_bytes(
-	ntlm_client *ntlm,
 	unsigned char *out,
+	ntlm_client *ntlm,
 	size_t len)
 {
 	int fd, ret;
@@ -49,11 +55,14 @@ bool ntlm_random_bytes(
 
 bool ntlm_des_encrypt(
 	ntlm_des_block *out,
+	ntlm_client *ntlm,
 	ntlm_des_block *plaintext,
 	ntlm_des_block *key)
 {
 	size_t written;
 
+	NTLM_UNUSED(ntlm);
+
 	CCCryptorStatus result = CCCrypt(kCCEncrypt,
 		kCCAlgorithmDES, kCCOptionECBMode,
 		key, sizeof(ntlm_des_block), NULL,
@@ -65,56 +74,47 @@ bool ntlm_des_encrypt(
 
 bool ntlm_md4_digest(
 	unsigned char out[CRYPT_MD4_DIGESTSIZE],
+	ntlm_client *ntlm,
 	const unsigned char *in,
 	size_t in_len)
 {
+	NTLM_UNUSED(ntlm);
 	return !!CC_MD4(in, in_len, out);
 }
 
-ntlm_hmac_ctx *ntlm_hmac_ctx_init(void)
-{
-	return calloc(1, sizeof(ntlm_hmac_ctx));
-}
-
-bool ntlm_hmac_ctx_reset(ntlm_hmac_ctx *ctx)
-{
-	memset(ctx, 0, sizeof(ntlm_hmac_ctx));
-	return true;
-}
-
 bool ntlm_hmac_md5_init(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *key,
 	size_t key_len)
 {
-	CCHmacInit(&ctx->native, kCCHmacAlgMD5, key, key_len);
+	CCHmacInit(&ntlm->crypt_ctx.hmac, kCCHmacAlgMD5, key, key_len);
 	return true;
 }
 
 bool ntlm_hmac_md5_update(
-	ntlm_hmac_ctx *ctx,
+	ntlm_client *ntlm,
 	const unsigned char *data,
 	size_t data_len)
 {
-	CCHmacUpdate(&ctx->native, data, data_len);
+	CCHmacUpdate(&ntlm->crypt_ctx.hmac, data, data_len);
 	return true;
 }
 
 bool ntlm_hmac_md5_final(
 	unsigned char *out,
 	size_t *out_len,
-	ntlm_hmac_ctx *ctx)
+	ntlm_client *ntlm)
 {
 	if (*out_len < CRYPT_MD5_DIGESTSIZE)
 		return false;
 
-	CCHmacFinal(&ctx->native, out);
+	CCHmacFinal(&ntlm->crypt_ctx.hmac, out);
 
 	*out_len = CRYPT_MD5_DIGESTSIZE;
 	return true;
 }
 
-void ntlm_hmac_ctx_free(ntlm_hmac_ctx *ctx)
+void ntlm_crypt_shutdown(ntlm_client *ntlm)
 {
-	free(ctx);
+	NTLM_UNUSED(ntlm);
 }

src/crypt_commoncrypto.h

@@ -11,8 +11,8 @@
 
 #include <CommonCrypto/CommonCrypto.h>
 
-typedef struct {
-	CCHmacContext native;
-} ntlm_hmac_ctx;
+struct ntlm_crypt_ctx {
+	CCHmacContext hmac;
+};
 
 #endif /* PRIVATE_CRYPT_COMMONCRYPTO_H__ */