CDRIVER-6105 do not propagate -fPIC (#2128)

* do not propagate `-fPIC`

* update kms-divergence-check.sh to 9fff64216c06099401e2b3b2d5becb77bc17803d

* update sources for kms-message

Author: kevinAlbs

.evergreen/scripts/kms-divergence-check.sh

@@ -13,7 +13,7 @@ LIBMONGOCRYPT_DIR="$MONGOC_DIR/libmongocrypt-for-kms-divergence-check"
 
 # LIBMONGOCRYPT_GITREF is expected to refer to the version of libmongocrypt
 # where kms-message was last copied.
-LIBMONGOCRYPT_GITREF="34a9572c416e0827a1fa988baf88411c4b5f2c7b"
+LIBMONGOCRYPT_GITREF="9fff64216c06099401e2b3b2d5becb77bc17803d"
 
 cleanup() {
   if [ -d "$LIBMONGOCRYPT_DIR" ]; then

src/kms-message/CMakeLists.txt

@@ -1,14 +1,13 @@
-cmake_minimum_required (VERSION 3.5)
+cmake_minimum_required (VERSION 3.15...4.0)
 project (kms_message
    VERSION 0.0.1
    LANGUAGES C
 )
 
-set (CMAKE_C_STANDARD 90)
+set (CMAKE_C_STANDARD 99)
 
 include (CheckCCompilerFlag)
-# All targets obey visibility, not just library targets.
-cmake_policy (SET CMP0063 NEW)
+
 set (CMAKE_C_VISIBILITY_PRESET hidden)
 set (KMS_MESSAGE_SOURCES
    src/kms_b64.c
@@ -101,7 +100,7 @@ add_library (
 
 string(FIND "${CMAKE_C_FLAGS}" "-fPIC" FPIC_LOCATION)
 if (NOT WIN32 AND ENABLE_PIC AND "${FPIC_LOCATION}" EQUAL "-1")
-   target_compile_options (kms_message_static PUBLIC -fPIC)
+   set_property (TARGET kms_message_static PROPERTY POSITION_INDEPENDENT_CODE TRUE)
    message ("Adding -fPIC to compilation of kms_message_static components")
 endif ()
 

src/kms-message/src/hexlify.c

@@ -14,7 +14,12 @@
  * limitations under the License.
  */
 
+#include "hexlify.h"
+
+//
+
 #include "kms_message_private.h"
+
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>

src/kms-message/src/hexlify.h

@@ -21,4 +21,4 @@ char *
 hexlify (const uint8_t *buf, size_t len);
 
 int
-unhexlify (const char *in, size_t len);
+unhexlify (const char *in, size_t len);

src/kms-message/src/kms_azure_request.c

@@ -216,4 +216,4 @@ kms_azure_request_unwrapkey_new (const char *host,
                                ciphertext,
                                ciphertext_len,
                                opt);
-}
+}

src/kms-message/src/kms_b64.c

@@ -583,6 +583,7 @@ kms_message_raw_to_b64 (const uint8_t *raw, size_t raw_len)
 
    b64_len = (raw_len / 3 + 1) * 4 + 1;
    b64 = malloc (b64_len);
+   KMS_ASSERT (b64);
    memset (b64, 0, b64_len);
    if (-1 == kms_message_b64_ntop (raw, raw_len, b64, b64_len)) {
       free (b64);
@@ -600,6 +601,7 @@ kms_message_b64_to_raw (const char *b64, size_t *out)
 
    b64len = strlen (b64);
    raw = (uint8_t *) malloc (b64len + 1);
+   KMS_ASSERT (raw);
    memset (raw, 0, b64len + 1);
    ret = kms_message_b64_pton (b64, raw, b64len);
    if (ret > 0) {
@@ -642,6 +644,7 @@ kms_message_b64url_to_raw (const char *b64url, size_t *out)
    /* Add four for padding '=' characters. */
    capacity = b64urllen + 4;
    b64 = malloc (capacity);
+   KMS_ASSERT (b64);
    memset (b64, 0, capacity);
    if (-1 ==
        kms_message_b64url_to_b64 (b64url, b64urllen, b64, capacity)) {

src/kms-message/src/kms_crypto_libcrypto.c

@@ -58,6 +58,7 @@ kms_sha256 (void *unused_ctx,
             unsigned char *hash_out)
 {
    EVP_MD_CTX *digest_ctxp = EVP_MD_CTX_new ();
+   KMS_ASSERT (digest_ctxp);
    bool rval = false;
 
    if (1 != EVP_DigestInit_ex (digest_ctxp, EVP_sha256 (), NULL)) {
@@ -108,6 +109,7 @@ kms_sign_rsaes_pkcs1_v1_5 (void *unused_ctx,
    size_t signature_out_len = 256;
 
    ctx = EVP_MD_CTX_new ();
+   KMS_ASSERT (ctx);
    KMS_ASSERT (private_key_len <= LONG_MAX);
    pkey = d2i_PrivateKey (EVP_PKEY_RSA,
                           NULL,

src/kms-message/src/kms_crypto_windows.c

@@ -18,6 +18,8 @@
 
 #ifdef KMS_MESSAGE_ENABLE_CRYPTO_CNG
 
+#include "kms_message_private.h"
+
 // tell windows.h not to include a bunch of headers we don't need:
 #define WIN32_LEAN_AND_MEAN
 
@@ -179,6 +181,7 @@ kms_sign_rsaes_pkcs1_v1_5 (void *unused_ctx,
    }
 
    blob_private = (LPBYTE) calloc (1, blob_private_len);
+   KMS_ASSERT (blob_private);
 
    success = CryptDecodeObjectEx (X509_ASN_ENCODING,
                                   PKCS_PRIVATE_KEY_INFO,
@@ -208,6 +211,7 @@ kms_sign_rsaes_pkcs1_v1_5 (void *unused_ctx,
    }
 
    raw_private = (LPBYTE) calloc (1, raw_private_len);
+   KMS_ASSERT (raw_private);
 
    success = CryptDecodeObjectEx (X509_ASN_ENCODING,
                                   PKCS_RSA_PRIVATE_KEY,
@@ -234,6 +238,7 @@ kms_sign_rsaes_pkcs1_v1_5 (void *unused_ctx,
    }
 
    hash_value = calloc (1, SHA_256_HASH_LEN);
+   KMS_ASSERT (hash_value);
 
    if(!kms_sha256 (NULL, input, input_len, hash_value)) {
       goto cleanup;

src/kms-message/src/kms_gcp_request.c

@@ -88,6 +88,7 @@ kms_gcp_request_oauth_new (const char *host,
    }
 
    jwt_signature = calloc (1, SIGNATURE_LEN);
+   KMS_ASSERT (jwt_signature);
    if (!req->crypto.sign_rsaes_pkcs1_v1_5 (
           req->crypto.sign_ctx,
           private_key_data,
@@ -283,4 +284,4 @@ kms_gcp_request_decrypt_new (const char *host,
                                    ciphertext,
                                    ciphertext_len,
                                    opt);
-}
+}

src/kms-message/src/kms_kmip_reader_writer.c

@@ -43,6 +43,7 @@ kmip_writer_t *
 kmip_writer_new (void)
 {
    kmip_writer_t *writer = calloc (1, sizeof (kmip_writer_t));
+   KMS_ASSERT (writer);
    writer->buffer = kms_request_str_new ();
    return writer;
 }
@@ -205,7 +206,7 @@ kmip_writer_begin_struct (kmip_writer_t *writer, kmip_tag_type_t tag)
    size_t pos = writer->buffer->len;
 
    kmip_writer_write_u32 (writer, 0);
-   KMS_ASSERT(writer->cur_pos < MAX_KMIP_WRITER_POSITIONS);
+   KMS_ASSERT(writer->cur_pos < MAX_KMIP_WRITER_POSITIONS - 1);
    writer->cur_pos++;
    writer->positions[writer->cur_pos] = pos;
 }
@@ -241,6 +242,7 @@ kmip_reader_t *
 kmip_reader_new (uint8_t *ptr, size_t len)
 {
    kmip_reader_t *reader = calloc (1, sizeof (kmip_reader_t));
+   KMS_ASSERT (reader);
    reader->ptr = ptr;
    reader->len = len;
    return reader;
@@ -279,7 +281,8 @@ kmip_reader_has_data (kmip_reader_t *reader)
 #define CHECK_REMAINING_BUFFER_AND_RET(read_size)   \
    if ((reader->pos + (read_size)) > reader->len) { \
       return false;                                 \
-   }
+   } else                                           \
+      ((void)0)
 
 bool
 kmip_reader_read_u8 (kmip_reader_t *reader, uint8_t *value)
@@ -346,7 +349,8 @@ kmip_reader_read_bytes (kmip_reader_t *reader, uint8_t **ptr, size_t length)
 #define CHECK_AND_RET(x) \
    if (!(x)) {           \
       return false;      \
-   }
+   } else                \
+      ((void)0)
 
 bool
 kmip_reader_read_tag (kmip_reader_t *reader, kmip_tag_type_t *tag)