Use explicit_bzero from LibreSSL

12 files changed, 55 insertions, 22 deletions

diff --git a/Darwin.mk b/Darwin.mk
new file mode 100644
index 0000000..1ea7a44
--- /dev/null
+++ b/Darwin.mk
@@ -0,0 +1,2 @@
+CFLAGS += -DNO_EXPLICIT_BZERO
+LDLIBS := ${LDLIBS:-lcrypt=}
diff --git a/Makefile b/Makefile
index 9e581fa..465a2e9 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ LIBRESSL_PREFIX = /usr/local
 CFLAGS += -std=c11 -Wall -Wextra -Wpedantic
 CFLAGS += -I${LIBRESSL_PREFIX}/include
 LDFLAGS += -L${LIBRESSL_PREFIX}/lib
-LDLIBS = -lcrypt -ltls
+LDLIBS = -lcrypt -lcrypto -ltls
 
 BINS = calico pounce
 MANS = ${BINS:=.1}
@@ -31,7 +31,7 @@ calico: dispatch.o
 pounce: ${OBJS}
 	${CC} ${LDFLAGS} ${OBJS} ${LDLIBS} -o $@
 
-${OBJS}: bounce.h
+${OBJS}: bounce.h compat.h
 
 tags: *.c *.h
 	ctags -w *.c *.h
diff --git a/README.7 b/README.7
index ff6e463..fbfb6b3 100644
--- a/README.7
+++ b/README.7
@@ -1,4 +1,4 @@
-.Dd November 2, 2019
+.Dd November 6, 2019
 .Dt README 7
 .Os "Causal Agency"
 .
@@ -68,6 +68,8 @@ buffer between server and clients
 configuration parsing
 .It Pa dispatch.c
 SNI socket dispatcher
+.It Pa compat.h
+compatibility with lesser operating systems
 .It Pa rc.d/
 .Fx
 .Xr rc 8
diff --git a/bounce.c b/bounce.c
index 9b18050..4e5c663 100644
--- a/bounce.c
+++ b/bounce.c
@@ -14,8 +14,6 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "bounce.h"
-
 #include <assert.h>
 #include <err.h>
 #include <errno.h>
@@ -41,6 +39,8 @@
 #include <sys/capsicum.h>
 #endif
 
+#include "bounce.h"
+
 static void hashPass(void) {
 	char *pass = getpass("Password: ");
 	byte rand[12];
diff --git a/bounce.h b/bounce.h
index 42b8ed5..de8fe9c 100644
--- a/bounce.h
+++ b/bounce.h
@@ -14,11 +14,6 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#ifdef __APPLE__
-#define __STDC_WANT_LIB_EXT1__ 1
-#define explicit_bzero(b, len) memset_s((b), (len), 0, (len))
-#endif
-
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -26,6 +21,8 @@
 #include <time.h>
 #include <tls.h>
 
+#include "compat.h"
+
 #ifndef DEFAULT_CERT_PATH
 #define DEFAULT_CERT_PATH "/usr/local/etc/letsencrypt/live/%s/fullchain.pem"
 #endif
diff --git a/client.c b/client.c
index 79f55ae..5ac9b4a 100644
--- a/client.c
+++ b/client.c
@@ -14,8 +14,6 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "bounce.h"
-
 #include <assert.h>
 #include <err.h>
 #include <stdarg.h>
@@ -28,6 +26,8 @@
 #include <tls.h>
 #include <unistd.h>
 
+#include "bounce.h"
+
 enum Need {
 	NeedNick = 1 << 0,
 	NeedUser = 1 << 1,
diff --git a/compat.h b/compat.h
new file mode 100644
index 0000000..cfeff2b
--- /dev/null
+++ b/compat.h
@@ -0,0 +1,32 @@
+/* Copyright (C) 2019  C. McEnroe <june@causal.agency>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#ifdef NO_EXPLICIT_BZERO
+void explicit_bzero(void *b, size_t len);
+#endif
+
+#ifdef NO_ARC4RANDOM
+uint32_t arc4random(void);
+void arc4random_buf(void *buf, size_t nbytes);
+uint32_t arc4random_uniform(uint32_t upper_bound);
+#endif
+
+#ifndef SIGINFO
+#define SIGINFO SIGUSR2
+#endif
diff --git a/config.c b/config.c
index 1d608d6..e6a5a7d 100644
--- a/config.c
+++ b/config.c
@@ -14,14 +14,14 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "bounce.h"
-
 #include <err.h>
 #include <getopt.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
+#include "bounce.h"
+
 #define WS "\t "
 
 static const char *path;
diff --git a/listen.c b/listen.c
index f849212..a412b0c 100644
--- a/listen.c
+++ b/listen.c
@@ -14,8 +14,6 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "bounce.h"
-
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -37,6 +35,8 @@
 #include <sys/capsicum.h>
 #endif
 
+#include "bounce.h"
+
 static struct tls *server;
 
 static byte *readFile(size_t *len, FILE *file) {
diff --git a/ring.c b/ring.c
index aca33a0..5fb9daa 100644
--- a/ring.c
+++ b/ring.c
@@ -14,8 +14,6 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "bounce.h"
-
 #include <assert.h>
 #include <err.h>
 #include <stdio.h>
@@ -23,6 +21,8 @@
 #include <sysexits.h>
 #include <time.h>
 
+#include "bounce.h"
+
 static struct {
 	size_t len;
 	char **lines;
diff --git a/server.c b/server.c
index cb11d84..4510138 100644
--- a/server.c
+++ b/server.c
@@ -14,8 +14,6 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "bounce.h"
-
 #include <assert.h>
 #include <err.h>
 #include <netdb.h>
@@ -29,6 +27,8 @@
 #include <tls.h>
 #include <unistd.h>
 
+#include "bounce.h"
+
 static struct tls *client;
 
 void serverConfig(bool insecure, const char *cert, const char *priv) {
diff --git a/state.c b/state.c
index ba6f8d6..71d0e2c 100644
--- a/state.c
+++ b/state.c
@@ -14,8 +14,6 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "bounce.h"
-
 #include <assert.h>
 #include <err.h>
 #include <stdbool.h>
@@ -25,6 +23,8 @@
 #include <strings.h>
 #include <sysexits.h>
 
+#include "bounce.h"
+
 typedef void Handler(struct Message *msg);
 
 static void require(const struct Message *msg, bool origin, size_t len) {