From 9a936ea6b79771f3c89ee820414a01227594c2ab Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 12:17:00 +0000 Subject: [PATCH 1/73] Added a section on usage of Hardware Security Modules (HSM). The NSS parts were contributed by Robert Relyea. --- diff --git a/en-US/Defensive_Coding.xml b/en-US/Defensive_Coding.xml index 58d9121..a8b6caa 100644 --- a/en-US/Defensive_Coding.xml +++ b/en-US/Defensive_Coding.xml @@ -27,6 +27,7 @@ Implementing Security Features + diff --git a/en-US/Features-HSM.xml b/en-US/Features-HSM.xml new file mode 100644 index 0000000..f22ad7f --- /dev/null +++ b/en-US/Features-HSM.xml @@ -0,0 +1,179 @@ + + + + Hardware Security Modules and Smart Cards + + Hardware Security Modules (HSMs) are specialized hardware intended + to protect private keys on server systems. They store internally + the private keys (e.g., RSA keys), and provide access to operations + with the keys without exposing the keys. That access, is provided using + a standardized API, which across Fedora is PKCS#11. + + + Smart cards are small cards with a micro processor, often combined with a + USB reader ressembling a USB stick. They are very similar in nature with + HSMs as they can also be used to protect private keys and are almost + universally accessed via the PKCS#11 API. The main distinguishers from HSMs + is their inferior performance and often, the available hardware protection mechanisms. + + + Typically a smart card or HSM relies on a shared library to provide functionality. + This shared library follows the PKCS#11 API and thus is often referred to as + a PKCS#11 module. In Fedora the opensc + shared module (opensc-pkcs11.so) can be used for the majority + of smart cards available in the market. By convention these modules are located + at /usr/lib64/pkcs11. They can be used directly, or via + a higher level library. + + + All the major crypto libraries (NSS, GnuTLS and OpenSSL in Fedora) support + hardware security modules and smart cards, by providing wrappers over the + PKCS#11 API. However, the level of support varies, as well as the ease of + use of such modules and its integration to the overall library API. + + + + + The PKCS#11 API does provide an API to access HSMs or smart cards, but + does not provide any method of discovering which HSMs or smart cards are + available in the system. In Fedora and modules are registered via p11-kit + configuration files, stored at /etc/pkcs11/modules/. For applications using + engine_pkcs11 or GnuTLS the registered modules are + available without further configuration. Other applications will have to load + the p11-kit-proxy.so module. + + + + + Most crypto libraries support the PKCS#11 URLs scheme + to identify objects stored in an HSM, however that support is not yet universal. + Some support transparent usage of PKCS#11 objects, e.g., specifying + a PKCS#11 object instead of a file, while others require to use + specialized APIs for such objects. + + + + + Objects stored in an HSM or smart card can be protected with a PIN. As such, + libraries typically require to set a PIN handling function for accessing private keys, + or the PIN can be passed along with a PKCS#11 URL and the pin-value parameter. + + + + + Obtaining a Hardware Security Module, or including it on a continuous integration + testing is not always feasible. For testing purposes smart cards supported by the OpenSC + project can be used, as well as software modules like softhsm which + provides a tool to setup a software HSM, and a PKCS#11 library. + + + + + The PKCS#11 API requires applications that use fork to reinitialize the used PKCS#11 + modules. This is an uncommon requirement, which has led to several bugs across + applications in Fedora which used PKCS#11 directly. To make things more complicated + software PKCS#11 module like softhsm do not require this re-initialization + leading to applications working against software modules but failing with hardware + modules or smart cards. The wrapper PKCS#11 APIs provided by NSS, GNUTLS and + engine_pkcs11 (OpenSSL) handle the reinitialization after fork requirement transparently. + + + +
+ OpenSSL HSM Support + + OpenSSL does not have native support for PKCS#11. It can + provide PKCS#11 support through the OpenSC's project + pkcs11 engine (formerly known as engine_pkcs11). + As such software intended to use HSMs, must utilize that engine. + + + Engine pkcs11 supports loading stored objects via PKCS#11 URLs. + If no PKCS#11 module is specified the engine will use the system-wide registered + modules via p11-kit-proxy.so. + + + The following example demonstrates the initialization of the pkcs11 engine + and its usage to sign data. + + + Signing data with HSM and OpenSSL + + + +
+
+ GNUTLS HSM Support + + GNUTLS supports PKCS#11 natively. Most of the API functions + accepting certificate files, can also accept PKCS#11 URLs, thus + requiring minor or no modifications to applications in order + to support HSMs. In most cases applications must be modified + to install a PIN callback function. + + + The following example demonstrates the initialization of the pkcs11 engine + and its usage to sign data. + + + Signing data with HSM and GnuTLS + + + + The PIN callback function can be either set globally as in + the example above or locally by utilizing functions such as gnutls_privkey_set_pin_function. + An example PIN callback function is shown below. + + + An example PIN callback with GNUTLS + + +
+
+ NSS HSM Support + + NSS supports PKCS#11 natively. In fact all NSS crypto operations, + including builtin operations, go through PKCS #11 modules. NSS provides + its own software PKCS #11 module called softoken. NSS automatically + loads any PKCS #11 module specified in its module database, which can + be manipulated with the modutil command. NSS uses the PKCS #11 module + that contains the requested keys to do the crypto operations. As long as + the application opens an NSS database and properly sets a pin callback. If + it runs with native NSS, it should be able to use HSMs that provide PKCS #11 + modules. Modules can also be loaded programatically, though this is less common. + + + The following example demonstrates a typical NSS application for signing. + + + Signing data with HSM and NSS + + + + To use the example above with an HSM or smart card you will need to do the following. + + + +# add your HSM or token library to an NSS database (in the sample code the database is +# located in the current directory'.') +$ modutil -add "My HSM" -libfile ${path_to_pkcs11_file} -dbdir . +# Find the token name on your HSM +$ modutil -list -dbdir . +# find the cert on your token +$ certutil -L -h ${token_name} -d . +# pass the cert to your signing program +$ NSS_Sign_Example "${token_name}:${cert_name}" + + + + An example PIN callback with NSS + + +
+ diff --git a/publican.cfg b/publican.cfg index 66e64a8..3f09e82 100644 --- a/publican.cfg +++ b/publican.cfg @@ -1,6 +1,6 @@ xml_lang: en-US #brand: RedHat-EngServices -brand: fedora +brand: common chunk_section_depth: 3 #product: Defensive_Coding #mainfile: Defensive_Coding diff --git a/src/HSM-GNUTLS.c b/src/HSM-GNUTLS.c new file mode 100644 index 0000000..4c53b5e --- /dev/null +++ b/src/HSM-GNUTLS.c @@ -0,0 +1,100 @@ +#include +#include +#include +#include +#include +#include +#include + +//+ Features HSM-GNUTLS-PIN +int pin_function(void *userdata, int attempt, const char *token_url, + const char *token_label, unsigned flags, char *pin, size_t pin_max) +{ + if (flags & GNUTLS_PIN_FINAL_TRY) + printf("This is the final try before locking!\n"); + if (flags & GNUTLS_PIN_COUNT_LOW) + printf("Only few tries left before locking!\n"); + if (flags & GNUTLS_PIN_WRONG) + printf("Wrong PIN has been provided in the previous attempt\n"); + + /* userdata is the second value passed to gnutls_pkcs11_set_pin_function() + * in this example we passed the PIN as a null terminated value. + */ + snprintf(pin, pin_max, "%s", (char*)userdata); + return 0; +} +//- + +/* This program accepts on the command line: + * 1. A PKCS#11 URL specifying a private key + * 2. A PIN + * 3. A PKCS#11 shared module (optional) + * + * And signs test data with the provided key. + * + * Example: ./a.out "pkcs11:object=myobject" 1234 /usr/lib64/pkcs11/opensc-pkcs11.so + */ +int main(int argc, char **argv) +{ + gnutls_privkey_t private_key; + char *private_key_name; + char *key_pass = NULL; + const char *module_path = NULL; + gnutls_datum_t testdata = {(void*)"TESTDATA", sizeof("TESTDATA")-1}; + gnutls_datum_t signature; + int ret; + + if (argc < 2) { + fprintf(stderr, "usage: %s [private key URL] [PIN] [module]\n", argv[0]); + fprintf(stderr, "\n"); + exit(1); + } + + private_key_name = argv[1]; + key_pass = argv[2]; + if (argc >= 3) + module_path = argv[3]; + + //+ Features HSM-GNUTLS + if (module_path) { + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret < 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(module_path, NULL); + if (ret < 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + } + + if (key_pass) + gnutls_pkcs11_set_pin_function(pin_function, key_pass); + + ret = gnutls_privkey_init(&private_key); + if (ret < 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_import_url(private_key, private_key_name, 0); + if (ret < 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_sign_data(private_key, GNUTLS_DIG_SHA256, 0, + &testdata, &signature); + if (ret < 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + gnutls_privkey_deinit(private_key); + gnutls_free(signature.data); + //- + + return 0; +} diff --git a/src/HSM-NSS.c b/src/HSM-NSS.c new file mode 100644 index 0000000..7032ae4 --- /dev/null +++ b/src/HSM-NSS.c @@ -0,0 +1,158 @@ +/* Example code to illustrate PKI crypto ops (encrypt with public key, + * decrypt with private key) + * + * Code assumes that you have set up a NSS database with a certificate + * and a private key. + * Here is one way of doing it: + * # create CA cert db, if -f not provided, prompts for passwd + * $ certutil -N -d . + * + * # load your hsm (optional) To do so you need to know where your + * # pkcs #11 module lives. replace {path_to_pkcs11_library} with + * # the actual path and library name (example /usr/lib64/libcoolkeypk11.so + * $ modultil -add "HSM Module" -libfile {path_to_pkcs11_library} -dbdir . + * + * # create CA cert, self-signed, generates key-pair, prompts for key + * # type, cert type etc + * # {token_name} is the name of your PKCS #11 token. You can find + * # the token name using 'modutil --list -dbdir .'. If you are using + * # softoken you can skip the -h {token_name} + * # answers for prompts: 5,9,n,y,-1,n,5,6,7,9,n + * $ certutil -S -s -h {token_name} \ + * "CN=Test CA, O=BOGUS Inc, L=Mtn View, ST=CA, C=US" \ + * -n TestCA -t CTu,CTu,CTu -v 60 -x -d . -1 -2 -5 + * + * Run the program with "{token_name}:TestCA" as the command line argument. + * You will be prompted for the pin. + * + * There are many ways to setup a public/private key to use - this + * example shows one of them. + * + * This example does not do any padding. It simply encrypts/decrypts a block + * of length equal to modulus length of the public/private key. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static char *pin = NULL; +/* this callback is responsible for returning the password to the NSS + * key database. for example purposes, this function hardcodes the password. + * In a real app, this function should obtain the password using secure means + * such as prompting an operator, or retrieving it over a secure communication + * channel + */ +char *passwdcb(PK11SlotInfo * info, PRBool retry, void *arg); + +int main(int argc, char **argv) +{ + //+ Features HSM-NSS + SECStatus rv; + CERTCertificate *cert = NULL; + SECKEYPrivateKey *pvtkey = NULL; + SECItem signature = { siBuffer, NULL, 0 }; + SECOidTag algTag; + int r = 1; + unsigned char buf[] = "test data to sign"; + const char *cert_name; + unsigned i; + + if (argc < 3) { + fprintf(stderr, "usage: %s [cert name] [PIN]\n\n", argv[0]); + exit(1); + } + + cert_name = argv[1]; + pin = argv[2]; + + PK11_SetPasswordFunc(passwdcb); + NSS_InitializePRErrorTable(); + rv = NSS_Init("."); + if (rv != SECSuccess) { + fprintf(stderr, "NSS initialization failed (err %d)\n", PR_GetError()); + goto cleanup; + } + + cert = PK11_FindCertFromNickname(cert_name, NULL); + if (cert == NULL) { + fprintf(stderr, "Couldn't find cert %s in NSS db (err %d: %s)\n", + cert_name, PR_GetError(), PORT_ErrorToString(PR_GetError())); + goto cleanup; + } + + fprintf(stderr, "Buffer being signed = \n%s\n", buf); + + pvtkey = PK11_FindKeyByAnyCert(cert, NULL); + if (pvtkey == NULL) { + fprintf(stderr, "Couldn't find private key for cert %s (err %d: %s)\n", + cert_name, PR_GetError(), PORT_ErrorToString(PR_GetError())); + goto cleanup; + } + + /* get the algtag. Pick the default hash algorithm */ + algTag = SEC_GetSignatureAlgorithmOidTag(pvtkey->keyType, SEC_OID_UNKNOWN); + + fprintf(stderr, "Signing with alg = %s (%d)\n", + SECOID_FindOIDTagDescription(algTag), algTag); + + rv = SEC_SignData(&signature, buf, sizeof(buf)-1, pvtkey, algTag); + if (rv != SECSuccess) { + fprintf(stderr, "sign with Private Key failed (err %d: %s)\n", + PR_GetError(), PORT_ErrorToString(PR_GetError())); + goto cleanup; + } + //- + + fprintf(stderr, "Signature len = %d\n", signature.len); + fprintf(stderr, "Signature data = "); + /* dump signature.data */ + for (i = 0; i < signature.len; i++) { + if ((i & 0xf) == 0) + printf("\n"); + printf("%02x ", signature.data[i]); + } + printf("\n"); + + r = 0; + + cleanup: + if (cert) + CERT_DestroyCertificate(cert); + if (pvtkey) + SECKEY_DestroyPrivateKey(pvtkey); + if (signature.data) + SECITEM_FreeItem(&signature, PR_FALSE); + exit(r); +} + +//+ Features HSM-NSS-PIN +char *passwdcb(PK11SlotInfo * slot, PRBool retry, void *arg) +{ + if (!isatty(STDIN_FILENO) && retry) { + /* we're just reading from a file, and the value is known to be wrong, + * don't keep bounding the token with the wrong password. */ + return NULL; + } + + if (retry) { + printf("Warning: Wrong PIN has been provided in the previous attempt\n"); + if (PK11_IsHW(slot)) { + printf + (" NOTE: multiple pin failures could result in locking your device\n"); + } + } + + if (pin == NULL) + return pin; + else + return strdup(pin); +} +//- diff --git a/src/HSM-OpenSSL.c b/src/HSM-OpenSSL.c new file mode 100644 index 0000000..9950deb --- /dev/null +++ b/src/HSM-OpenSSL.c @@ -0,0 +1,129 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void display_openssl_errors(int l) +{ + const char *file; + char buf[120]; + int e, line; + + if (ERR_peek_error() == 0) + return; + fprintf(stderr, "At %s:%d:\n", __FILE__, l); + + while ((e = ERR_get_error_line(&file, &line))) { + ERR_error_string(e, buf); + fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); + } +} + +/* This program accepts on the command line: + * 1. A PKCS#11 URL specifying a private key + * 2. A PIN + * 3. A PKCS#11 shared module (optional) + * + * And signs test data with the provided key. + * + * Example: ./a.out "pkcs11:object=myobject" 1234 /usr/lib64/pkcs11/opensc-pkcs11.so + */ +int main(int argc, char **argv) +{ + char *private_key_name; + unsigned char buf[4096]; + const EVP_MD *digest_algo; + EVP_PKEY *private_key; + char *key_pass = NULL; + unsigned n; + ENGINE *e; + EVP_MD_CTX ctx; + const char *module_path = NULL; + + if (argc < 2) { + fprintf(stderr, "usage: %s [private key URL] [PIN] [module]\n", argv[0]); + fprintf(stderr, "\n"); + exit(1); + } + + private_key_name = argv[1]; + key_pass = argv[2]; + if (argc >= 3) + module_path = argv[3]; + + //+ Features HSM-OpenSSL + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + ERR_clear_error(); + ENGINE_load_builtin_engines(); + + e = ENGINE_by_id("pkcs11"); + if (!e) { + display_openssl_errors(__LINE__); + exit(1); + } + + if (module_path) { + fprintf(stderr, "loading: %s\n", module_path); + if (!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", module_path, 0)) { + display_openssl_errors(__LINE__); + exit(1); + } + } + + if (!ENGINE_init(e)) { + display_openssl_errors(__LINE__); + exit(1); + } + + if (key_pass && !ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) { + display_openssl_errors(__LINE__); + exit(1); + } + + private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL); + if (!private_key) { + fprintf(stderr, "cannot load: %s\n", private_key_name); + display_openssl_errors(__LINE__); + exit(1); + } + + display_openssl_errors(__LINE__); + + digest_algo = EVP_get_digestbyname("sha256"); + + EVP_MD_CTX_init(&ctx); + if (EVP_DigestInit(&ctx, digest_algo) <= 0) { + display_openssl_errors(__LINE__); + exit(1); + } + + EVP_SignInit(&ctx, digest_algo); + +#define TEST_DATA "test data" + if (EVP_SignUpdate(&ctx, TEST_DATA, sizeof(TEST_DATA) - 1) <= 0) { + display_openssl_errors(__LINE__); + exit(1); + } + + n = sizeof(buf); + if (EVP_SignFinal(&ctx, buf, &n, private_key) <= 0) { + display_openssl_errors(__LINE__); + exit(1); + } + + EVP_PKEY_free(private_key); + ENGINE_finish(e); + //- + + return 0; +} diff --git a/src/src.mk b/src/src.mk index 18bd592..f2047ac 100644 --- a/src/src.mk +++ b/src/src.mk @@ -32,13 +32,17 @@ JCFLAGS_TLSClientOpenJDK = -source 1.6 -target 1.6 # List fiels which will be compiled and linked, together with # additional dependencies. compile_and_link += C-String-Functions -compile_and_link += TLS-Client-OpenSSL +compile_and_link += TLS-Client-OpenSSL HSM-OpenSSL LIBS_TLS-Client-OpenSSL = -lssl -lcrypto -compile_and_link += TLS-Client-GNUTLS +LIBS_HSM-OpenSSL = -lssl -lcrypto +compile_and_link += TLS-Client-GNUTLS HSM-GNUTLS LIBS_TLS-Client-GNUTLS = -lgnutls -compile_and_link += TLS-Client-NSS +LIBS_HSM-GNUTLS = -lgnutls +compile_and_link += TLS-Client-NSS HSM-NSS CFLAGS_TLS-Client-NSS = -I/usr/include/nspr4 -I/usr/include/nss3 LIBS_TLS-Client-NSS = -lnss3 -lnspr4 -lssl3 +CFLAGS_HSM-NSS = -I/usr/include/nss3 -I/usr/include/nspr4 +LIBS_HSM-NSS = -lnss3 -lnspr4 -lssl3 -lnssutil3 compile_and_link += XML-Parser-Expat LIBS_XML-Parser-Expat = -lexpat compile_and_link += XML-Parser-Qt From 52e39dc096fdfb382599584dfa2ca90b3732638c Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 12:17:07 +0000 Subject: [PATCH 2/73] Removed pitfalls mentioned for old versions of GnuTLS Also removed text about explicit initialization no longer applicable. That text did not apply in any recent Fedora or on RHEL7. --- diff --git a/en-US/Features-TLS.xml b/en-US/Features-TLS.xml index a2c0afd..ebdd83d 100644 --- a/en-US/Features-TLS.xml +++ b/en-US/Features-TLS.xml @@ -215,58 +215,10 @@
GNUTLS Pitfalls - Older versions of GNUTLS had several peculiarities. As of - GNUTLS 3.3.10, they have been addressed, so these are only a - concern for applications which have to run with older GNUTLS - versions. + Older versions of GNUTLS had several peculiarities described + in previous versions of this guide; as of GNUTLS 3.3.10, these + issues are no longer applicable. - - - - The dynamic shared object provided by GNTULS links to - libpthread.so.0. Loading the - threading library too late causes problems, so the main - program should be linked with -lpthread - as well. As a result, it can be difficult to use GNUTLS - in a plugin which is loaded with the - dlopen function. Another side effect - is that applications which merely link against GNUTLS - (even without actually using it) may incur a substantial - overhead because other libraries automatically switch to - thread-safe algorithms. - - - - - The gnutls_global_init function must - be called before using any functionality provided by the - library. This function is not thread-safe, so external - locking is required, but it is not clear which lock should - be used. Omitting the synchronization does not just lead - to a memory leak, as it is suggested in the GNUTLS - documentation, but to undefined behavior because there is - no barrier that would enforce memory ordering. - - - - - The gnutls_global_deinit function - does not actually deallocate all resources allocated by - gnutls_global_init. It is currently - not thread-safe. Therefore, it is best to avoid calling - it altogether. - - - - - The X.509 implementation in GNUTLS is rather lenient. For - example, it is possible to create and process X.509 - version 1 certificates which carry extensions. These - certificates are (correctly) rejected by other - implementations. - - -
OpenJDK Pitfalls @@ -522,19 +474,6 @@ exploratory and needs to be replaced before production use. - The GNUTLS library needs explicit initialization: - - - - - - Failing to do so can result in obscure failures in Base64 - decoding. See for - additional aspects of initialization. - - Before setting up TLS connections, a credentials objects has to be allocated and initialized with the set of trusted root CAs ( +// This is only necessary if compatibility with GnuTLS prior to +// 3.3.0 is required. gnutls_global_init(); diff --git a/src/TLS-Client-GNUTLS.c b/src/TLS-Client-GNUTLS.c index 4ee2c82..77da93b 100644 --- a/src/TLS-Client-GNUTLS.c +++ b/src/TLS-Client-GNUTLS.c @@ -84,6 +84,8 @@ main(int argc, char **argv) } //+ Features TLS-GNUTLS-Init + // This is only necessary if compatibility with GnuTLS prior to + // 3.3.0 is required. gnutls_global_init(); //- From d4ec7135d228f5c1345d8af34d5a8bfe69203603 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 12:17:07 +0000 Subject: [PATCH 3/73] mention TLS in Transport Layer Security section title --- diff --git a/en-US/Features-TLS.xml b/en-US/Features-TLS.xml index ebdd83d..4758e83 100644 --- a/en-US/Features-TLS.xml +++ b/en-US/Features-TLS.xml @@ -2,7 +2,7 @@ - Transport Layer Security + Transport Layer Security (TLS) Transport Layer Security (TLS, formerly Secure Sockets Layer/SSL) is the recommended way to to protect integrity and From f37be6a1e46aaebef9467cf32a0eac10a35bdb43 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 12:17:07 +0000 Subject: [PATCH 4/73] TLS: gnutls: use gnutls_certificate_set_x509_system_trust Avoid hard-coding any paths and use the function which is portable across operating systems. --- diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Credentials.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Credentials.xml index 6a5cd09..f69f552 100644 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Credentials.xml +++ b/en-US/snippets/Features-TLS-Client-GNUTLS-Credentials.xml @@ -11,19 +11,15 @@ if (ret != GNUTLS_E_SUCCESS) { gnutls_strerror(ret)); exit(1); } -// gnutls_certificate_set_x509_system_trust needs GNUTLS version 3.0 -// or newer, so we hard-code the path to the certificate store -// instead. -static const char ca_bundle[] = "/etc/ssl/certs/ca-bundle.crt"; -ret = gnutls_certificate_set_x509_trust_file - (cred, ca_bundle, GNUTLS_X509_FMT_PEM); + +ret = gnutls_certificate_set_x509_system_trust(cred); if (ret == 0) { - fprintf(stderr, "error: no certificates found in: %s\n", ca_bundle); + fprintf(stderr, "error: no certificates found in system trust store\n"); exit(1); } if (ret < 0) { - fprintf(stderr, "error: gnutls_certificate_set_x509_trust_files(%s): %s\n", - ca_bundle, gnutls_strerror(ret)); + fprintf(stderr, "error: gnutls_certificate_set_x509_system_trust: %s\n", + gnutls_strerror(ret)); exit(1); } diff --git a/src/TLS-Client-GNUTLS.c b/src/TLS-Client-GNUTLS.c index 77da93b..b0f5ce6 100644 --- a/src/TLS-Client-GNUTLS.c +++ b/src/TLS-Client-GNUTLS.c @@ -98,19 +98,15 @@ main(int argc, char **argv) gnutls_strerror(ret)); exit(1); } - // gnutls_certificate_set_x509_system_trust needs GNUTLS version 3.0 - // or newer, so we hard-code the path to the certificate store - // instead. - static const char ca_bundle[] = "/etc/ssl/certs/ca-bundle.crt"; - ret = gnutls_certificate_set_x509_trust_file - (cred, ca_bundle, GNUTLS_X509_FMT_PEM); + + ret = gnutls_certificate_set_x509_system_trust(cred); if (ret == 0) { - fprintf(stderr, "error: no certificates found in: %s\n", ca_bundle); + fprintf(stderr, "error: no certificates found in system trust store\n"); exit(1); } if (ret < 0) { - fprintf(stderr, "error: gnutls_certificate_set_x509_trust_files(%s): %s\n", - ca_bundle, gnutls_strerror(ret)); + fprintf(stderr, "error: gnutls_certificate_set_x509_system_trust: %s\n", + gnutls_strerror(ret)); exit(1); } //- From 3e6ed216b4a524e684959bca71554409f272f98b Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 12:17:07 +0000 Subject: [PATCH 5/73] Mention only gnutls_certificate_verify_peers3() Also use gnutls_transport_set_int() which requires no casts. Also remove any description of code no longer applicable in Fedora 2X or RHEL7. --- diff --git a/en-US/Features-TLS.xml b/en-US/Features-TLS.xml index 4758e83..1789853 100644 --- a/en-US/Features-TLS.xml +++ b/en-US/Features-TLS.xml @@ -515,7 +515,7 @@ After the handshake has been completed, the server certificate - needs to be verified (). In the example, the user-defined certificate_validity_override function is @@ -529,29 +529,6 @@ xmlns:xi="http://www.w3.org/2001/XInclude" /> - In the next step (, the - certificate must be matched against the host name (note the - unusual return value from - gnutls_x509_crt_check_hostname). Again, - an override function - certificate_host_name_override is called. - Note that the override must be keyed to the certificate - and the host name. The function call can - be omitted if the override is not needed. - - - Matching the server host name and certificate in a - GNUTLS client - - - - In newer GNUTLS versions, certificate checking and host name - validation can be combined using the - gnutls_certificate_verify_peers3 function. - - An established TLS session can be used for sending and receiving data, as in . diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml index fbf1420..390405e 100644 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml +++ b/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml @@ -31,7 +31,7 @@ if (ret != GNUTLS_E_SUCCESS) { // Associate the socket with the session object and set the server // name. -gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t)(uintptr_t)sockfd); +gnutls_transport_set_int(session, sockfd); ret = gnutls_server_name_set(session, GNUTLS_NAME_DNS, host, strlen(host)); if (ret != GNUTLS_E_SUCCESS) { diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Verify.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Verify.xml index a3c9365..eb89535 100644 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Verify.xml +++ b/en-US/snippets/Features-TLS-Client-GNUTLS-Verify.xml @@ -15,9 +15,9 @@ if (certs == NULL || certslen == 0) { // Validate the certificate chain. unsigned status = (unsigned)-1; -ret = gnutls_certificate_verify_peers2(session, &status); +ret = gnutls_certificate_verify_peers3(session, host, &status); if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_certificate_verify_peers2: %s\n", + fprintf(stderr, "error: gnutls_certificate_verify_peers3: %s\n", gnutls_strerror(ret)); exit(1); } diff --git a/src/TLS-Client-GNUTLS.c b/src/TLS-Client-GNUTLS.c index b0f5ce6..7c0fa7b 100644 --- a/src/TLS-Client-GNUTLS.c +++ b/src/TLS-Client-GNUTLS.c @@ -160,7 +160,7 @@ main(int argc, char **argv) // Associate the socket with the session object and set the server // name. - gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t)(uintptr_t)sockfd); + gnutls_transport_set_int(session, sockfd); ret = gnutls_server_name_set(session, GNUTLS_NAME_DNS, host, strlen(host)); if (ret != GNUTLS_E_SUCCESS) { @@ -191,9 +191,9 @@ main(int argc, char **argv) // Validate the certificate chain. unsigned status = (unsigned)-1; - ret = gnutls_certificate_verify_peers2(session, &status); + ret = gnutls_certificate_verify_peers3(session, host, &status); if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_certificate_verify_peers2: %s\n", + fprintf(stderr, "error: gnutls_certificate_verify_peers3: %s\n", gnutls_strerror(ret)); exit(1); } @@ -217,33 +217,6 @@ main(int argc, char **argv) } //- - //+ Features TLS-Client-GNUTLS-Match - // Match the peer certificate against the host name. - // We can only obtain a set of DER-encoded certificates from the - // session object, so we have to re-parse the peer certificate into - // a certificate object. - gnutls_x509_crt_t cert; - ret = gnutls_x509_crt_init(&cert); - if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_x509_crt_init: %s\n", - gnutls_strerror(ret)); - exit(1); - } - // The peer certificate is the first certificate in the list. - ret = gnutls_x509_crt_import(cert, certs, GNUTLS_X509_FMT_DER); - if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_x509_crt_import: %s\n", - gnutls_strerror(ret)); - exit(1); - } - ret = gnutls_x509_crt_check_hostname(cert, host); - if (ret == 0 && !certificate_host_name_override(certs[0], host)) { - fprintf(stderr, "error: host name does not match certificate\n"); - exit(1); - } - gnutls_x509_crt_deinit(cert); - //- - //+ Features TLS-GNUTLS-Use char buf[4096]; snprintf(buf, sizeof(buf), "GET / HTTP/1.0\r\nHost: %s\r\n\r\n", host); From d5b32966c7ca8c395bba968dacb60e1fb0cf98d8 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 12:17:07 +0000 Subject: [PATCH 6/73] TLS: document the update-ca-trust --- diff --git a/en-US/Features-TLS.xml b/en-US/Features-TLS.xml index 1789853..2f4a653 100644 --- a/en-US/Features-TLS.xml +++ b/en-US/Features-TLS.xml @@ -281,16 +281,17 @@ The client must configure the TLS library to use a set of trusted root certificates. These certificates are provided - by the system in /etc/ssl/certs or files derived - from it. + by the system in various formats and files. These are documented in update-ca-trust + man page in Fedora. Portable applications should not hard-code + any paths; they should rely on APIs which set the default + for the system trust store. The client selects sufficiently strong cryptographic primitives and disables insecure ones (such as no-op - encryption). Compression and SSL version 2 support must be + encryption). Compression support and SSL version 3 or lower must be disabled (including the SSLv2-compatible handshake). @@ -546,7 +547,7 @@ linkend="ex-Defensive_Coding-TLS-GNUTLS-Disconnect"/>). - Using a GNUTLS session + Closing a GNUTLS session in an orderly fashion From 71593bf178ba815ccc08415d2b9c448223a218f3 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 12:17:07 +0000 Subject: [PATCH 7/73] TLS-Client-NSS: enable AES-GCM --- diff --git a/en-US/snippets/Features-TLS-NSS-Init.xml b/en-US/snippets/Features-TLS-NSS-Init.xml index 6352282..939ff39 100644 --- a/en-US/snippets/Features-TLS-NSS-Init.xml +++ b/en-US/snippets/Features-TLS-NSS-Init.xml @@ -16,6 +16,14 @@ if (ctx == NULL) { // Ciphers to enable. static const PRUint16 good_ciphers[] = { + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, diff --git a/src/TLS-Client-NSS.c b/src/TLS-Client-NSS.c index 3faac5c..49525a0 100644 --- a/src/TLS-Client-NSS.c +++ b/src/TLS-Client-NSS.c @@ -107,6 +107,14 @@ main(int argc, char **argv) // Ciphers to enable. static const PRUint16 good_ciphers[] = { + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, From 94281f474ec7dfbbf4249893e6518d96d0005381 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 12:17:07 +0000 Subject: [PATCH 8/73] TLS: mention upstream documentation for libraries --- diff --git a/en-US/Features-TLS.xml b/en-US/Features-TLS.xml index 2f4a653..19e3db5 100644 --- a/en-US/Features-TLS.xml +++ b/en-US/Features-TLS.xml @@ -7,8 +7,20 @@ Transport Layer Security (TLS, formerly Secure Sockets Layer/SSL) is the recommended way to to protect integrity and confidentiality while data is transferred over an untrusted - network connection, and to identify the endpoint. + network connection, and to identify the endpoint. At this + chapter we describe the available libraries in Fedora as well + as known pitfalls, and safe ways to write applications with them. + + When using any library, in addition to this guide, it is recommended to consult the + library' documentation. + + + NSS documentation + GNUTLS documentation + OpenSSL documentation + OpenJDK documentation +
Common Pitfalls From d0d21dd5dd3937919dcf47c23e1094cc3be0e6c3 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 12:17:07 +0000 Subject: [PATCH 9/73] crypto primitives: added text on getrandom --- diff --git a/en-US/Tasks-Cryptography.xml b/en-US/Tasks-Cryptography.xml index 8e33007..fc13310 100644 --- a/en-US/Tasks-Cryptography.xml +++ b/en-US/Tasks-Cryptography.xml @@ -86,6 +86,9 @@ os.urandom in Python + The getrandom system call + + Reading from the /dev/urandom character device @@ -109,6 +112,21 @@ using these functions. + + Difficult to use API + + The getrandom system call has three-state + return values, hence requires careful error checking. + + + It was introduced in Linux kernel 3.17, but as of glibc 2.22 no API wrappers are + provided. As such one can only use it via the syscall interface + as syscall(SYS_getrandom, (void*)dest, (size_t)size, (unsigned int)0). + For portable code targetting older kernel versions one has to check + for the function being available on run-time, and switch to another + facility if the running kernel doesn't support this call. + + Other sources of randomness should be considered predictable. From 2031676907f301ef85b7b8dd1517543f24935383 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 12:17:07 +0000 Subject: [PATCH 10/73] Added contributing authors --- diff --git a/en-US/Author_Group.xml b/en-US/Author_Group.xml index e00d621..62336d8 100644 --- a/en-US/Author_Group.xml +++ b/en-US/Author_Group.xml @@ -13,5 +13,23 @@ fweimer@redhat.com + + Nikos + Mavrogiannopoulos + + Red Hat + Crypto Team + + nmav@redhat.com + + + Robert + Relyea + + Red Hat + Crypto Team + + rrelyea@redhat.com + From 48d061b77e9346617ced698827dddaab13b2d78b Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 14:00:54 +0000 Subject: [PATCH 11/73] .gitlab-ci.yml: added auto-generation of code --- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..5979965 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,17 @@ +pages: + image: fedora:25 + script: + - dnf install -y publican-fedora publican gnutls-devel openssl-devel nss-devel gcc-go gcc make java-devel gcc-c++ expat-devel qt-devel + - make + - make build-manual + - mkdir -p public + - cp -ar tmp/en-US/html/* public + tags: + - shared + only: + - master + artifacts: + when: on_success + paths: + - public + From 2f541f9e5a98429a7938d208c2e2c29d881aea04 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 14:00:57 +0000 Subject: [PATCH 12/73] README.md: added --- diff --git a/README b/README deleted file mode 100644 index 58d0ae8..0000000 --- a/README +++ /dev/null @@ -1,26 +0,0 @@ -TODO and bug tracking ---------------------- - -The secure-coding guide has its own component in Bugzilla: - -https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20Documentation&component=defensive-coding-guide - -Please file bugs and suggestions there. - -Building HTML documentation ---------------------------- - -Just type "make". If you do not want to build the example code, run -"make build-manual". - -When you type "make", the code examples in src/ are compiled (mainly -to check for obvious syntax errors, but also for manual testing). If -you lack the necessary libraries, you can type "make build-manual" -instead, which will skip this step. The code examples are still -included in the manual. - -Dependencies ------------- - -Building the manual needs the "publican" and the "publican-fedora" -packages. diff --git a/README.md b/README.md new file mode 100644 index 0000000..c456db1 --- /dev/null +++ b/README.md @@ -0,0 +1,27 @@ +# Security coding guide + +This is a fork of the Fedora secure coding guide. + +The guide is present in HTML form (auto-generated from this +repository) at: + + * http://redhat-sectech.gitlab.io/defensive-coding-guide + + +# Building HTML documentation + +Just type "make". If you do not want to build the example code, run +"make build-manual". + +When you type "make", the code examples in src/ are compiled (mainly +to check for obvious syntax errors, but also for manual testing). If +you lack the necessary libraries, you can type "make build-manual" +instead, which will skip this step. The code examples are still +included in the manual. + + +# Dependencies + +Building the manual pages needs the "publican" and the "publican-fedora" +packages. + From 6055178c39392a2921f31d95c2f10443256b83f7 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 14:14:06 +0000 Subject: [PATCH 13/73] gnutls: recommend the use of gnutls_set_default_priority() --- diff --git a/en-US/Features-TLS.xml b/en-US/Features-TLS.xml index 19e3db5..0421306 100644 --- a/en-US/Features-TLS.xml +++ b/en-US/Features-TLS.xml @@ -516,9 +516,8 @@ linkend="ex-Defensive_Coding-TLS-Nagle"/>). After that, the socket can be associated with a new GNUTLS session object. The previously allocated credentials object provides the set - of root CAs. The NORMAL set of cipher - suites and protocols provides a reasonable default. Then the - TLS handshake must be initiated. This is shown in . diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml index 390405e..780b2f2 100644 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml +++ b/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml @@ -13,11 +13,10 @@ if (ret != GNUTLS_E_SUCCESS) { } // Configure the cipher preferences. -const char *errptr = NULL; -ret = gnutls_priority_set_direct(session, "NORMAL", &errptr); +ret = gnutls_set_default_priority(session); if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_priority_set_direct: %s\n" - "error: at: \"%s\"\n", gnutls_strerror(ret), errptr); + fprintf(stderr, "error: gnutls_priority_set_direct: %s\n", + gnutls_strerror(ret)); exit(1); } From 2cb99e15ab461e7a6960df96c6893005d7270e3f Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 14:14:52 +0000 Subject: [PATCH 14/73] Merge branch 'tmp-use-gnutls_set_default_priority' into 'master' gnutls: recommend the use of gnutls_set_default_priority() See merge request !1 --- diff --git a/en-US/Features-TLS.xml b/en-US/Features-TLS.xml index 19e3db5..0421306 100644 --- a/en-US/Features-TLS.xml +++ b/en-US/Features-TLS.xml @@ -516,9 +516,8 @@ linkend="ex-Defensive_Coding-TLS-Nagle"/>). After that, the socket can be associated with a new GNUTLS session object. The previously allocated credentials object provides the set - of root CAs. The NORMAL set of cipher - suites and protocols provides a reasonable default. Then the - TLS handshake must be initiated. This is shown in . diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml index 390405e..780b2f2 100644 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml +++ b/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml @@ -13,11 +13,10 @@ if (ret != GNUTLS_E_SUCCESS) { } // Configure the cipher preferences. -const char *errptr = NULL; -ret = gnutls_priority_set_direct(session, "NORMAL", &errptr); +ret = gnutls_set_default_priority(session); if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_priority_set_direct: %s\n" - "error: at: \"%s\"\n", gnutls_strerror(ret), errptr); + fprintf(stderr, "error: gnutls_priority_set_direct: %s\n", + gnutls_strerror(ret)); exit(1); } From 8997cc01ea9ded8d0f91ae618752c7dde5112f83 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 14:16:58 +0000 Subject: [PATCH 15/73] .gitlab-ci.yml: added CI job for testing when not in master --- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5979965..17930fe 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,3 +15,13 @@ pages: paths: - public +test: + image: fedora:25 + script: + - dnf install -y publican-fedora publican gnutls-devel openssl-devel nss-devel gcc-go gcc make java-devel gcc-c++ expat-devel qt-devel + - make + tags: + - shared + except: + - master + From 2e07d06f25815d4d7a9f4734d648d3a5c77ddf13 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 28 2017 14:30:49 +0000 Subject: [PATCH 16/73] Merge branch 'tmp-jobs' into 'master' .gitlab-ci.yml: added CI job for testing when not in master See merge request !2 --- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5979965..17930fe 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,3 +15,13 @@ pages: paths: - public +test: + image: fedora:25 + script: + - dnf install -y publican-fedora publican gnutls-devel openssl-devel nss-devel gcc-go gcc make java-devel gcc-c++ expat-devel qt-devel + - make + tags: + - shared + except: + - master + From e4db61c9e613259adf9bf834d81722e7529379c4 Mon Sep 17 00:00:00 2001 From: Ryan Sawhill Aroha Date: Mar 30 2017 22:59:37 +0000 Subject: [PATCH 17/73] change "Completely isolation" to "Complete isolation" --- diff --git a/en-US/Shell.xml b/en-US/Shell.xml index d6a9465..38212f6 100644 --- a/en-US/Shell.xml +++ b/en-US/Shell.xml @@ -333,7 +333,7 @@ array_variable=(1 2 3 4) - Completely isolation from its original execution environment + Complete isolation from its original execution environment (which is required when the script is executed after a trust transition, e.g., triggered by the SUID mechanism) is impossible to achieve from within the shell script itself. Instead, the From bb09745b00b797b1af1da3e7c0128cd35732ccbe Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 31 2017 05:58:58 +0000 Subject: [PATCH 18/73] Merge branch '5.3-tinyfix' into 'master' change "Completely isolation" to "Complete isolation" See merge request !3 --- diff --git a/en-US/Shell.xml b/en-US/Shell.xml index d6a9465..38212f6 100644 --- a/en-US/Shell.xml +++ b/en-US/Shell.xml @@ -333,7 +333,7 @@ array_variable=(1 2 3 4) - Completely isolation from its original execution environment + Complete isolation from its original execution environment (which is required when the script is executed after a trust transition, e.g., triggered by the SUID mechanism) is impossible to achieve from within the shell script itself. Instead, the From 0b6f28ab9a5a40a1a01809f7988c8ea7a0c50258 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 31 2017 13:41:31 +0000 Subject: [PATCH 19/73] crypto: added getentropy syscall --- diff --git a/en-US/Tasks-Cryptography.xml b/en-US/Tasks-Cryptography.xml index fc13310..e3b9a1b 100644 --- a/en-US/Tasks-Cryptography.xml +++ b/en-US/Tasks-Cryptography.xml @@ -89,6 +89,9 @@ The getrandom system call + The getentropy call since glibc 2.25 + + Reading from the /dev/urandom character device From 15fcf5de6b6ff1e098e4c4bf874d83d747604fdf Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 31 2017 13:41:31 +0000 Subject: [PATCH 20/73] getrandom: documented addition to glibc --- diff --git a/en-US/Tasks-Cryptography.xml b/en-US/Tasks-Cryptography.xml index e3b9a1b..5e699c7 100644 --- a/en-US/Tasks-Cryptography.xml +++ b/en-US/Tasks-Cryptography.xml @@ -86,7 +86,7 @@ os.urandom in Python - The getrandom system call + The getrandom system call since glibc 2.25 The getentropy call since glibc 2.25 @@ -122,10 +122,10 @@ return values, hence requires careful error checking. - It was introduced in Linux kernel 3.17, but as of glibc 2.22 no API wrappers are - provided. As such one can only use it via the syscall interface + It was introduced in Linux kernel 3.17, but before glibc 2.25 no API wrappers were + provided. As such one could only use it via the syscall interface as syscall(SYS_getrandom, (void*)dest, (size_t)size, (unsigned int)0). - For portable code targetting older kernel versions one has to check + For portable code targetting multiple kernel versions one has to check for the function being available on run-time, and switch to another facility if the running kernel doesn't support this call. From 011e24c9ccc0acf11c9e4c08113ac10381bda5cc Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 31 2017 20:49:59 +0000 Subject: [PATCH 21/73] Makefile: removed legacy upload option --- diff --git a/Makefile b/Makefile index f57f808..c7e3bf7 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ all: build include src/src.mk -.PHONY: all build build-manual build-snippets build-manual-html build-manual-epub force clean upload +.PHONY: all build build-manual build-snippets build-manual-html build-manual-epub force clean build: build-src build-manual @@ -27,8 +27,3 @@ clean: clean-src -rm -rf tmp -rm -rf en-US/*/snippets -upload: clean build - rsync -avP --delete tmp/en-US/html/. file.rdu.redhat.com:public_html/defensive-coding/. - rsync -avP tmp/en-US/Defensive_Coding*.epub file.rdu.redhat.com:public_html/defensive-coding.epub - rsync -avP tmp/en-US/pdf/Defensive_Coding*.pdf file.rdu.redhat.com:public_html/defensive-coding.pdf - diff --git a/publican.cfg b/publican.cfg index 3f09e82..1a359cc 100644 --- a/publican.cfg +++ b/publican.cfg @@ -1,5 +1,5 @@ xml_lang: en-US -#brand: RedHat-EngServices +brand: fedora brand: common chunk_section_depth: 3 #product: Defensive_Coding @@ -8,3 +8,4 @@ chunk_section_depth: 3 web_version_label: UNUSED version: 1 #git_branch: eng-docs-rhel-6 +doc_url: https://gitlab.com/redhat-sectech/defensive-coding-guide From eb7382d30265b13bebbfb2324e7eaa42b11e34e2 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 31 2017 20:49:59 +0000 Subject: [PATCH 22/73] updated copyright date --- diff --git a/en-US/Defensive_Coding.ent b/en-US/Defensive_Coding.ent index e7b7e9f..79244df 100644 --- a/en-US/Defensive_Coding.ent +++ b/en-US/Defensive_Coding.ent @@ -1,2 +1,2 @@ - + From f613ccf5a38bfbafd5909fb0f64eefd81c628de7 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 31 2017 21:03:14 +0000 Subject: [PATCH 23/73] corrected brand --- diff --git a/publican.cfg b/publican.cfg index 1a359cc..10f699a 100644 --- a/publican.cfg +++ b/publican.cfg @@ -1,6 +1,5 @@ xml_lang: en-US brand: fedora -brand: common chunk_section_depth: 3 #product: Defensive_Coding #mainfile: Defensive_Coding From 51381deeca756b23d03e700f16b7671f8c2b8a47 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 31 2017 21:03:45 +0000 Subject: [PATCH 24/73] mark it as unofficial --- diff --git a/en-US/Book_Info.xml b/en-US/Book_Info.xml index e7161b0..a02a0da 100644 --- a/en-US/Book_Info.xml +++ b/en-US/Book_Info.xml @@ -6,7 +6,7 @@ A Guide to Improving Software Security 1 1 - Fedora Security Team + Unofficial fork From dfb1267d857fc4269af313def1c7bbf705178d0f Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 31 2017 21:04:33 +0000 Subject: [PATCH 25/73] removed auto-generated files --- diff --git a/en-US/snippets/C-Arithmetic-add.xml b/en-US/snippets/C-Arithmetic-add.xml deleted file mode 100644 index 3c67512..0000000 --- a/en-US/snippets/C-Arithmetic-add.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - -void report_overflow(void); - -int -add(int a, int b) -{ - int result = a + b; - if (a < 0 || b < 0) { - return -1; - } - // The compiler can optimize away the following if statement. - if (result < 0) { - report_overflow(); - } - return result; -} - diff --git a/en-US/snippets/C-Arithmetic-add_unsigned.xml b/en-US/snippets/C-Arithmetic-add_unsigned.xml deleted file mode 100644 index 4ea1747..0000000 --- a/en-US/snippets/C-Arithmetic-add_unsigned.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - -void report_overflow(void); - -unsigned -add_unsigned(unsigned a, unsigned b) -{ - unsigned sum = a + b; - if (sum < a) { // or sum < b - report_overflow(); - } - return sum; -} - diff --git a/en-US/snippets/C-Arithmetic-mult.xml b/en-US/snippets/C-Arithmetic-mult.xml deleted file mode 100644 index ecb27a0..0000000 --- a/en-US/snippets/C-Arithmetic-mult.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - -unsigned -mul(unsigned a, unsigned b) -{ - if (b && a > ((unsigned)-1) / b) { - report_overflow(); - } - return a * b; -} - diff --git a/en-US/snippets/C-Globals-String_Array.xml b/en-US/snippets/C-Globals-String_Array.xml deleted file mode 100644 index 2f05b7d..0000000 --- a/en-US/snippets/C-Globals-String_Array.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - -static const char *const string_list[] = { - "first", - "second", - "third", - NULL -}; - diff --git a/en-US/snippets/C-Pointers-remaining.xml b/en-US/snippets/C-Pointers-remaining.xml deleted file mode 100644 index f527d03..0000000 --- a/en-US/snippets/C-Pointers-remaining.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - -ssize_t -extract_strings(const char *in, size_t inlen, char **out, size_t outlen) -{ - const char *inp = in; - const char *inend = in + inlen; - char **outp = out; - char **outend = out + outlen; - - while (inp != inend) { - size_t len; - char *s; - if (outp == outend) { - errno = ENOSPC; - goto err; - } - len = (unsigned char)*inp; - ++inp; - if (len > (size_t)(inend - inp)) { - errno = EINVAL; - goto err; - } - s = malloc(len + 1); - if (s == NULL) { - goto err; - } - memcpy(s, inp, len); - inp += len; - s[len] = '\0'; - *outp = s; - ++outp; - } - return outp - out; -err: - { - int errno_old = errno; - while (out != outp) { - free(*out); - ++out; - } - errno = errno_old; - } - return -1; -} - diff --git a/en-US/snippets/C-String-Functions-format.xml b/en-US/snippets/C-String-Functions-format.xml deleted file mode 100644 index 519f127..0000000 --- a/en-US/snippets/C-String-Functions-format.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - -void log_format(const char *format, ...) __attribute__((format(printf, 1, 2))); - -void -log_format(const char *format, ...) -{ - char buf[1000]; - va_list ap; - va_start(ap, format); - vsnprintf(buf, sizeof(buf), format, ap); - va_end(ap); - log_string(buf); -} - diff --git a/en-US/snippets/C-String-Functions-snprintf-incremental.xml b/en-US/snippets/C-String-Functions-snprintf-incremental.xml deleted file mode 100644 index 5978684..0000000 --- a/en-US/snippets/C-String-Functions-snprintf-incremental.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - -char buf[512]; -char *current = buf; -const char *const end = buf + sizeof(buf); -for (struct item *it = data; it->key; ++it) { - snprintf(current, end - current, "%s%s=%d", - current == buf ? "" : ", ", it->key, it->value); - current += strlen(current); -} - diff --git a/en-US/snippets/C-String-Functions-snprintf.xml b/en-US/snippets/C-String-Functions-snprintf.xml deleted file mode 100644 index dc790d8..0000000 --- a/en-US/snippets/C-String-Functions-snprintf.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -char fraction[30]; -snprintf(fraction, sizeof(fraction), "%d/%d", numerator, denominator); - diff --git a/en-US/snippets/C-String-Functions-strncat-as-strncpy.xml b/en-US/snippets/C-String-Functions-strncat-as-strncpy.xml deleted file mode 100644 index 1f5c8c6..0000000 --- a/en-US/snippets/C-String-Functions-strncat-as-strncpy.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -buf[0] = '\0'; -strncat(buf, data, sizeof(buf) - 1); - diff --git a/en-US/snippets/C-String-Functions-strncat-emulation.xml b/en-US/snippets/C-String-Functions-strncat-emulation.xml deleted file mode 100644 index 12f5437..0000000 --- a/en-US/snippets/C-String-Functions-strncat-emulation.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - -char buf[10]; -snprintf(buf, sizeof(buf), "%s", prefix); -snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%s", data); - diff --git a/en-US/snippets/C-String-Functions-strncat-merged.xml b/en-US/snippets/C-String-Functions-strncat-merged.xml deleted file mode 100644 index 3deaa94..0000000 --- a/en-US/snippets/C-String-Functions-strncat-merged.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - -snprintf(buf, sizeof(buf), "%s%s", prefix, data); - diff --git a/en-US/snippets/C-String-Functions-strncpy.xml b/en-US/snippets/C-String-Functions-strncpy.xml deleted file mode 100644 index bdbdd08..0000000 --- a/en-US/snippets/C-String-Functions-strncpy.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - -char buf[10]; -strncpy(buf, data, sizeof(buf)); -buf[sizeof(buf) - 1] = '\0'; - diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml deleted file mode 100644 index 780b2f2..0000000 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - -// Create the session object. -gnutls_session_t session; -ret = gnutls_init(&session, GNUTLS_CLIENT); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_init: %s\n", - gnutls_strerror(ret)); - exit(1); -} - -// Configure the cipher preferences. -ret = gnutls_set_default_priority(session); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_priority_set_direct: %s\n", - gnutls_strerror(ret)); - exit(1); -} - -// Install the trusted certificates. -ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_credentials_set: %s\n", - gnutls_strerror(ret)); - exit(1); -} - -// Associate the socket with the session object and set the server -// name. -gnutls_transport_set_int(session, sockfd); -ret = gnutls_server_name_set(session, GNUTLS_NAME_DNS, - host, strlen(host)); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_server_name_set: %s\n", - gnutls_strerror(ret)); - exit(1); -} - -// Establish the session. -ret = gnutls_handshake(session); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_handshake: %s\n", - gnutls_strerror(ret)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Credentials.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Credentials.xml deleted file mode 100644 index f69f552..0000000 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Credentials.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - -// Load the trusted CA certificates. -gnutls_certificate_credentials_t cred = NULL; -int ret = gnutls_certificate_allocate_credentials (&cred); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_certificate_allocate_credentials: %s\n", - gnutls_strerror(ret)); - exit(1); -} - -ret = gnutls_certificate_set_x509_system_trust(cred); -if (ret == 0) { - fprintf(stderr, "error: no certificates found in system trust store\n"); - exit(1); -} -if (ret < 0) { - fprintf(stderr, "error: gnutls_certificate_set_x509_system_trust: %s\n", - gnutls_strerror(ret)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Match.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Match.xml deleted file mode 100644 index c4a51ce..0000000 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Match.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - - -// Match the peer certificate against the host name. -// We can only obtain a set of DER-encoded certificates from the -// session object, so we have to re-parse the peer certificate into -// a certificate object. -gnutls_x509_crt_t cert; -ret = gnutls_x509_crt_init(&cert); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_x509_crt_init: %s\n", - gnutls_strerror(ret)); - exit(1); -} -// The peer certificate is the first certificate in the list. -ret = gnutls_x509_crt_import(cert, certs, GNUTLS_X509_FMT_DER); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_x509_crt_import: %s\n", - gnutls_strerror(ret)); - exit(1); -} -ret = gnutls_x509_crt_check_hostname(cert, host); -if (ret == 0 && !certificate_host_name_override(certs[0], host)) { - fprintf(stderr, "error: host name does not match certificate\n"); - exit(1); -} -gnutls_x509_crt_deinit(cert); - diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Verify.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Verify.xml deleted file mode 100644 index eb89535..0000000 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Verify.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - -// Obtain the server certificate chain. The server certificate -// itself is stored in the first element of the array. -unsigned certslen = 0; -const gnutls_datum_t *const certs = - gnutls_certificate_get_peers(session, &certslen); -if (certs == NULL || certslen == 0) { - fprintf(stderr, "error: could not obtain peer certificate\n"); - exit(1); -} - -// Validate the certificate chain. -unsigned status = (unsigned)-1; -ret = gnutls_certificate_verify_peers3(session, host, &status); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_certificate_verify_peers3: %s\n", - gnutls_strerror(ret)); - exit(1); -} -if (status != 0 && !certificate_validity_override(certs[0])) { - gnutls_datum_t msg; -#if GNUTLS_VERSION_AT_LEAST_3_1_4 - int type = gnutls_certificate_type_get (session); - ret = gnutls_certificate_verification_status_print(status, type, &out, 0); -#else - ret = -1; -#endif - if (ret == 0) { - fprintf(stderr, "error: %s\n", msg.data); - gnutls_free(msg.data); - exit(1); - } else { - fprintf(stderr, "error: certificate validation failed with code 0x%x\n", - status); - exit(1); - } -} - diff --git a/en-US/snippets/Features-TLS-Client-NSS-Close.xml b/en-US/snippets/Features-TLS-Client-NSS-Close.xml deleted file mode 100644 index 456e209..0000000 --- a/en-US/snippets/Features-TLS-Client-NSS-Close.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - -// Send close_notify alert. -if (PR_Shutdown(nspr, PR_SHUTDOWN_BOTH) != PR_SUCCESS) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: PR_Read error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} -// Closes the underlying POSIX file descriptor, too. -PR_Close(nspr); - diff --git a/en-US/snippets/Features-TLS-Client-NSS-Connect.xml b/en-US/snippets/Features-TLS-Client-NSS-Connect.xml deleted file mode 100644 index 1a6821e..0000000 --- a/en-US/snippets/Features-TLS-Client-NSS-Connect.xml +++ /dev/null @@ -1,80 +0,0 @@ - - - - -// Wrap the POSIX file descriptor. This is an internal NSPR -// function, but it is very unlikely to change. -PRFileDesc* nspr = PR_ImportTCPSocket(sockfd); -sockfd = -1; // Has been taken over by NSPR. - -// Add the SSL layer. -{ - PRFileDesc *model = PR_NewTCPSocket(); - PRFileDesc *newfd = SSL_ImportFD(NULL, model); - if (newfd == NULL) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: NSPR error code %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - model = newfd; - newfd = NULL; - if (SSL_OptionSet(model, SSL_ENABLE_SSL2, PR_FALSE) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: set SSL_ENABLE_SSL2 error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - if (SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, PR_FALSE) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: set SSL_V2_COMPATIBLE_HELLO error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - if (SSL_OptionSet(model, SSL_ENABLE_DEFLATE, PR_FALSE) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: set SSL_ENABLE_DEFLATE error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - - // Allow overriding invalid certificate. - if (SSL_BadCertHook(model, bad_certificate, (char *)host) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: SSL_BadCertHook error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - - newfd = SSL_ImportFD(model, nspr); - if (newfd == NULL) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: SSL_ImportFD error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - nspr = newfd; - PR_Close(model); -} - -// Perform the handshake. -if (SSL_ResetHandshake(nspr, PR_FALSE) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: SSL_ResetHandshake error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} -if (SSL_SetURL(nspr, host) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: SSL_SetURL error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} -if (SSL_ForceHandshake(nspr) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: SSL_ForceHandshake error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Connect.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Connect.xml deleted file mode 100644 index 40cc623..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Connect.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - -// Create the socket and connect it at the TCP layer. -SSLSocket socket = (SSLSocket) ctx.getSocketFactory() - .createSocket(host, port); - -// Disable the Nagle algorithm. -socket.setTcpNoDelay(true); - -// Adjust ciphers and protocols. -socket.setSSLParameters(params); - -// Perform the handshake. -socket.startHandshake(); - -// Validate the host name. The match() method throws -// CertificateException on failure. -X509Certificate peer = (X509Certificate) - socket.getSession().getPeerCertificates()[0]; -// This is the only way to perform host name checking on OpenJDK 6. -HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match( - host, peer); - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Context.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Context.xml deleted file mode 100644 index b7fde16..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Context.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - -// Create the context. Specify the SunJSSE provider to avoid -// picking up third-party providers. Try the TLS 1.2 provider -// first, then fall back to TLS 1.0. -SSLContext ctx; -try { - ctx = SSLContext.getInstance("TLSv1.2", "SunJSSE"); -} catch (NoSuchAlgorithmException e) { - try { - ctx = SSLContext.getInstance("TLSv1", "SunJSSE"); - } catch (NoSuchAlgorithmException e1) { - // The TLS 1.0 provider should always be available. - throw new AssertionError(e1); - } catch (NoSuchProviderException e1) { - throw new AssertionError(e1); - } -} catch (NoSuchProviderException e) { - // The SunJSSE provider should always be available. - throw new AssertionError(e); -} -ctx.init(null, null, null); - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Context_For_Cert.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Context_For_Cert.xml deleted file mode 100644 index 6004157..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Context_For_Cert.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - -SSLContext ctx; -try { - ctx = SSLContext.getInstance("TLSv1.2", "SunJSSE"); -} catch (NoSuchAlgorithmException e) { - try { - ctx = SSLContext.getInstance("TLSv1", "SunJSSE"); - } catch (NoSuchAlgorithmException e1) { - throw new AssertionError(e1); - } catch (NoSuchProviderException e1) { - throw new AssertionError(e1); - } -} catch (NoSuchProviderException e) { - throw new AssertionError(e); -} -MyTrustManager tm = new MyTrustManager(certHash); -ctx.init(null, new TrustManager[] {tm}, null); - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Hostname.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Hostname.xml deleted file mode 100644 index 586cb7b..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Hostname.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - -params.setEndpointIdentificationAlgorithm("HTTPS"); - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Import.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Import.xml deleted file mode 100644 index 57c9343..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Import.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLParameters; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; - -import sun.security.util.HostnameChecker; - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-MyTrustManager.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-MyTrustManager.xml deleted file mode 100644 index 43fd12b..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-MyTrustManager.xml +++ /dev/null @@ -1,38 +0,0 @@ - - - - -public class MyTrustManager implements X509TrustManager { - private final byte[] certHash; - - public MyTrustManager(byte[] certHash) throws Exception { - this.certHash = certHash; - } - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - throw new UnsupportedOperationException(); - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, - String authType) throws CertificateException { - byte[] digest = getCertificateDigest(chain[0]); - String digestHex = formatHex(digest); - - if (Arrays.equals(digest, certHash)) { - System.err.println("info: accepting certificate: " + digestHex); - } else { - throw new CertificateException("certificate rejected: " + - digestHex); - } - } - - @Override - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[0]; - } -} - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Use.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Use.xml deleted file mode 100644 index 11d708a..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Use.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - -socket.getOutputStream().write("GET / HTTP/1.0\r\n\r\n" - .getBytes(Charset.forName("UTF-8"))); -byte[] buffer = new byte[4096]; -int count = socket.getInputStream().read(buffer); -System.out.write(buffer, 0, count); - diff --git a/en-US/snippets/Features-TLS-Client-OpenSSL-CTX.xml b/en-US/snippets/Features-TLS-Client-OpenSSL-CTX.xml deleted file mode 100644 index 05e2854..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenSSL-CTX.xml +++ /dev/null @@ -1,71 +0,0 @@ - - - - -// Configure a client connection context. Send a hendshake for the -// highest supported TLS version, and disable compression. -const SSL_METHOD *const req_method = SSLv23_client_method(); -SSL_CTX *const ctx = SSL_CTX_new(req_method); -if (ctx == NULL) { - ERR_print_errors(bio_err); - exit(1); -} -SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION); - -// Adjust the ciphers list based on a whitelist. First enable all -// ciphers of at least medium strength, to get the list which is -// compiled into OpenSSL. -if (SSL_CTX_set_cipher_list(ctx, "HIGH:MEDIUM") != 1) { - ERR_print_errors(bio_err); - exit(1); -} -{ - // Create a dummy SSL session to obtain the cipher list. - SSL *ssl = SSL_new(ctx); - if (ssl == NULL) { - ERR_print_errors(bio_err); - exit(1); - } - STACK_OF(SSL_CIPHER) *active_ciphers = SSL_get_ciphers(ssl); - if (active_ciphers == NULL) { - ERR_print_errors(bio_err); - exit(1); - } - // Whitelist of candidate ciphers. - static const char *const candidates[] = { - "AES128-GCM-SHA256", "AES128-SHA256", "AES256-SHA256", // strong ciphers - "AES128-SHA", "AES256-SHA", // strong ciphers, also in older versions - "RC4-SHA", "RC4-MD5", // backwards compatibility, supposed to be weak - "DES-CBC3-SHA", "DES-CBC3-MD5", // more backwards compatibility - NULL - }; - // Actually selected ciphers. - char ciphers[300]; - ciphers[0] = '\0'; - for (const char *const *c = candidates; *c; ++c) { - for (int i = 0; i < sk_SSL_CIPHER_num(active_ciphers); ++i) { - if (strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(active_ciphers, i)), - *c) == 0) { - if (*ciphers) { - strcat(ciphers, ":"); - } - strcat(ciphers, *c); - break; - } - } - } - SSL_free(ssl); - // Apply final cipher list. - if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) { - ERR_print_errors(bio_err); - exit(1); - } -} - -// Load the set of trusted root certificates. -if (!SSL_CTX_set_default_verify_paths(ctx)) { - ERR_print_errors(bio_err); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Client-OpenSSL-Connect.xml b/en-US/snippets/Features-TLS-Client-OpenSSL-Connect.xml deleted file mode 100644 index 5cd433d..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenSSL-Connect.xml +++ /dev/null @@ -1,55 +0,0 @@ - - - - -// Create the connection object. -SSL *ssl = SSL_new(ctx); -if (ssl == NULL) { - ERR_print_errors(bio_err); - exit(1); -} -SSL_set_fd(ssl, sockfd); - -// Enable the ServerNameIndication extension -if (!SSL_set_tlsext_host_name(ssl, host)) { - ERR_print_errors(bio_err); - exit(1); -} - -// Perform the TLS handshake with the server. -ret = SSL_connect(ssl); -if (ret != 1) { - // Error status can be 0 or negative. - ssl_print_error_and_exit(ssl, "SSL_connect", ret); -} - -// Obtain the server certificate. -X509 *peercert = SSL_get_peer_certificate(ssl); -if (peercert == NULL) { - fprintf(stderr, "peer certificate missing"); - exit(1); -} - -// Check the certificate verification result. Allow an explicit -// certificate validation override in case verification fails. -int verifystatus = SSL_get_verify_result(ssl); -if (verifystatus != X509_V_OK && !certificate_validity_override(peercert)) { - fprintf(stderr, "SSL_connect: verify result: %s\n", - X509_verify_cert_error_string(verifystatus)); - exit(1); -} - -// Check if the server certificate matches the host name used to -// establish the connection. -// FIXME: Currently needs OpenSSL 1.1. -if (X509_check_host(peercert, (const unsigned char *)host, strlen(host), - 0) != 1 - && !certificate_host_name_override(peercert, host)) { - fprintf(stderr, "SSL certificate does not match host name\n"); - exit(1); -} - -X509_free(peercert); - - diff --git a/en-US/snippets/Features-TLS-Client-OpenSSL-Connection-Use.xml b/en-US/snippets/Features-TLS-Client-OpenSSL-Connection-Use.xml deleted file mode 100644 index ab54edf..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenSSL-Connection-Use.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - -const char *const req = "GET / HTTP/1.0\r\n\r\n"; -if (SSL_write(ssl, req, strlen(req)) < 0) { - ssl_print_error_and_exit(ssl, "SSL_write", ret); -} -char buf[4096]; -ret = SSL_read(ssl, buf, sizeof(buf)); -if (ret < 0) { - ssl_print_error_and_exit(ssl, "SSL_read", ret); -} - diff --git a/en-US/snippets/Features-TLS-Client-OpenSSL-Init.xml b/en-US/snippets/Features-TLS-Client-OpenSSL-Init.xml deleted file mode 100644 index 8211ce8..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenSSL-Init.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - -// The following call prints an error message and calls exit() if -// the OpenSSL configuration file is unreadable. -OPENSSL_config(NULL); -// Provide human-readable error messages. -SSL_load_error_strings(); -// Register ciphers. -SSL_library_init(); - diff --git a/en-US/snippets/Features-TLS-Client-Python-Connect.xml b/en-US/snippets/Features-TLS-Client-Python-Connect.xml deleted file mode 100644 index 0e98e87..0000000 --- a/en-US/snippets/Features-TLS-Client-Python-Connect.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - -sock = ssl.wrap_socket(sock, - ciphers="HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5", - ssl_version=ssl.PROTOCOL_TLSv1, - cert_reqs=ssl.CERT_REQUIRED, - ca_certs='/etc/ssl/certs/ca-bundle.crt') -# getpeercert() triggers the handshake as a side effect. -if not check_host_name(sock.getpeercert(), host): - raise IOError("peer certificate does not match host name") - diff --git a/en-US/snippets/Features-TLS-Client-Python-check_host_name.xml b/en-US/snippets/Features-TLS-Client-Python-check_host_name.xml deleted file mode 100644 index 3c325f8..0000000 --- a/en-US/snippets/Features-TLS-Client-Python-check_host_name.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - - -def check_host_name(peercert, name): - """Simple certificate/host name checker. Returns True if the - certificate matches, False otherwise. Does not support - wildcards.""" - # Check that the peer has supplied a certificate. - # None/{} is not acceptable. - if not peercert: - return False - if peercert.has_key("subjectAltName"): - for typ, val in peercert["subjectAltName"]: - if typ == "DNS" and val == name: - return True - else: - # Only check the subject DN if there is no subject alternative - # name. - cn = None - for attr, val in peercert["subject"]: - # Use most-specific (last) commonName attribute. - if attr == "commonName": - cn = val - if cn is not None: - return cn == name - return False - diff --git a/en-US/snippets/Features-TLS-GNUTLS-Credentials-Close.xml b/en-US/snippets/Features-TLS-GNUTLS-Credentials-Close.xml deleted file mode 100644 index 8c28b0f..0000000 --- a/en-US/snippets/Features-TLS-GNUTLS-Credentials-Close.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - -gnutls_certificate_free_credentials(cred); - diff --git a/en-US/snippets/Features-TLS-GNUTLS-Disconnect.xml b/en-US/snippets/Features-TLS-GNUTLS-Disconnect.xml deleted file mode 100644 index b01464d..0000000 --- a/en-US/snippets/Features-TLS-GNUTLS-Disconnect.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - -// Initiate an orderly connection shutdown. -ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); -if (ret < 0) { - fprintf(stderr, "error: gnutls_bye: %s\n", gnutls_strerror(ret)); - exit(1); -} -// Free the session object. -gnutls_deinit(session); - diff --git a/en-US/snippets/Features-TLS-GNUTLS-Init.xml b/en-US/snippets/Features-TLS-GNUTLS-Init.xml deleted file mode 100644 index ab2777d..0000000 --- a/en-US/snippets/Features-TLS-GNUTLS-Init.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - -// This is only necessary if compatibility with GnuTLS prior to -// 3.3.0 is required. -gnutls_global_init(); - diff --git a/en-US/snippets/Features-TLS-GNUTLS-Use.xml b/en-US/snippets/Features-TLS-GNUTLS-Use.xml deleted file mode 100644 index a6a3f9c..0000000 --- a/en-US/snippets/Features-TLS-GNUTLS-Use.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - -char buf[4096]; -snprintf(buf, sizeof(buf), "GET / HTTP/1.0\r\nHost: %s\r\n\r\n", host); -ret = gnutls_record_send(session, buf, strlen(buf)); -if (ret < 0) { - fprintf(stderr, "error: gnutls_record_send: %s\n", gnutls_strerror(ret)); - exit(1); -} -ret = gnutls_record_recv(session, buf, sizeof(buf)); -if (ret < 0) { - fprintf(stderr, "error: gnutls_record_recv: %s\n", gnutls_strerror(ret)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-NSS-Close.xml b/en-US/snippets/Features-TLS-NSS-Close.xml deleted file mode 100644 index e34cea8..0000000 --- a/en-US/snippets/Features-TLS-NSS-Close.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -SECMOD_DestroyModule(module); -NSS_ShutdownContext(ctx); - diff --git a/en-US/snippets/Features-TLS-NSS-Includes.xml b/en-US/snippets/Features-TLS-NSS-Includes.xml deleted file mode 100644 index ee183d0..0000000 --- a/en-US/snippets/Features-TLS-NSS-Includes.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - -// NSPR include files -#include <prerror.h> -#include <prinit.h> - -// NSS include files -#include <nss.h> -#include <pk11pub.h> -#include <secmod.h> -#include <ssl.h> -#include <sslproto.h> - -// Private API, no other way to turn a POSIX file descriptor into an -// NSPR handle. -NSPR_API(PRFileDesc*) PR_ImportTCPSocket(int); - diff --git a/en-US/snippets/Features-TLS-NSS-Init.xml b/en-US/snippets/Features-TLS-NSS-Init.xml deleted file mode 100644 index 939ff39..0000000 --- a/en-US/snippets/Features-TLS-NSS-Init.xml +++ /dev/null @@ -1,71 +0,0 @@ - - - - -PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); -NSSInitContext *const ctx = - NSS_InitContext("sql:/etc/pki/nssdb", "", "", "", NULL, - NSS_INIT_READONLY | NSS_INIT_PK11RELOAD); -if (ctx == NULL) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: NSPR error code %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} - -// Ciphers to enable. -static const PRUint16 good_ciphers[] = { - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_RSA_WITH_AES_128_GCM_SHA256, - TLS_RSA_WITH_AES_256_GCM_SHA384, - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA, - SSL_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_NULL_WITH_NULL_NULL // sentinel -}; - -// Check if the current policy allows any strong ciphers. If it -// doesn't, set the cipher suite policy. This is not thread-safe -// and has global impact. Consequently, we only do it if absolutely -// necessary. -int found_good_cipher = 0; -for (const PRUint16 *p = good_ciphers; *p != SSL_NULL_WITH_NULL_NULL; - ++p) { - PRInt32 policy; - if (SSL_CipherPolicyGet(*p, &policy) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: policy for cipher %u: error %d: %s\n", - (unsigned)*p, err, PR_ErrorToName(err)); - exit(1); - } - if (policy == SSL_ALLOWED) { - fprintf(stderr, "info: found cipher %x\n", (unsigned)*p); - found_good_cipher = 1; - break; - } -} -if (!found_good_cipher) { - if (NSS_SetDomesticPolicy() != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: NSS_SetDomesticPolicy: error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } -} - -// Initialize the trusted certificate store. -char module_name[] = "library=libnssckbi.so name=\"Root Certs\""; -SECMODModule *module = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE); -if (module == NULL || !module->loaded) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: NSPR error code %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-NSS-Use.xml b/en-US/snippets/Features-TLS-NSS-Use.xml deleted file mode 100644 index f1a0c6d..0000000 --- a/en-US/snippets/Features-TLS-NSS-Use.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - -char buf[4096]; -snprintf(buf, sizeof(buf), "GET / HTTP/1.0\r\nHost: %s\r\n\r\n", host); -PRInt32 ret = PR_Write(nspr, buf, strlen(buf)); -if (ret < 0) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: PR_Write error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} -ret = PR_Read(nspr, buf, sizeof(buf)); -if (ret < 0) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: PR_Read error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Nagle.xml b/en-US/snippets/Features-TLS-Nagle.xml deleted file mode 100644 index 824fab5..0000000 --- a/en-US/snippets/Features-TLS-Nagle.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - -const int val = 1; -int ret = setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)); -if (ret < 0) { - perror("setsockopt(TCP_NODELAY)"); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-OpenJDK-Parameters.xml b/en-US/snippets/Features-TLS-OpenJDK-Parameters.xml deleted file mode 100644 index af48ca6..0000000 --- a/en-US/snippets/Features-TLS-OpenJDK-Parameters.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - -// Prepare TLS parameters. These have to applied to every TLS -// socket before the handshake is triggered. -SSLParameters params = ctx.getDefaultSSLParameters(); -// Do not send an SSL-2.0-compatible Client Hello. -ArrayList<String> protocols = new ArrayList<String>( - Arrays.asList(params.getProtocols())); -protocols.remove("SSLv2Hello"); -params.setProtocols(protocols.toArray(new String[protocols.size()])); -// Adjust the supported ciphers. -ArrayList<String> ciphers = new ArrayList<String>( - Arrays.asList(params.getCipherSuites())); -ciphers.retainAll(Arrays.asList( - "TLS_RSA_WITH_AES_128_CBC_SHA256", - "TLS_RSA_WITH_AES_256_CBC_SHA256", - "TLS_RSA_WITH_AES_256_CBC_SHA", - "TLS_RSA_WITH_AES_128_CBC_SHA", - "SSL_RSA_WITH_3DES_EDE_CBC_SHA", - "SSL_RSA_WITH_RC4_128_SHA1", - "SSL_RSA_WITH_RC4_128_MD5", - "TLS_EMPTY_RENEGOTIATION_INFO_SCSV")); -params.setCipherSuites(ciphers.toArray(new String[ciphers.size()])); - diff --git a/en-US/snippets/Features-TLS-OpenSSL-Connection-Close.xml b/en-US/snippets/Features-TLS-OpenSSL-Connection-Close.xml deleted file mode 100644 index 0e446ef..0000000 --- a/en-US/snippets/Features-TLS-OpenSSL-Connection-Close.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - - -// Send the close_notify alert. -ret = SSL_shutdown(ssl); -switch (ret) { -case 1: - // A close_notify alert has already been received. - break; -case 0: - // Wait for the close_notify alert from the peer. - ret = SSL_shutdown(ssl); - switch (ret) { - case 0: - fprintf(stderr, "info: second SSL_shutdown returned zero\n"); - break; - case 1: - break; - default: - ssl_print_error_and_exit(ssl, "SSL_shutdown 2", ret); - } - break; -default: - ssl_print_error_and_exit(ssl, "SSL_shutdown 1", ret); -} -SSL_free(ssl); -close(sockfd); - diff --git a/en-US/snippets/Features-TLS-OpenSSL-Context-Close.xml b/en-US/snippets/Features-TLS-OpenSSL-Context-Close.xml deleted file mode 100644 index 89a324e..0000000 --- a/en-US/snippets/Features-TLS-OpenSSL-Context-Close.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - -SSL_CTX_free(ctx); - diff --git a/en-US/snippets/Features-TLS-OpenSSL-Errors.xml b/en-US/snippets/Features-TLS-OpenSSL-Errors.xml deleted file mode 100644 index ab16ce7..0000000 --- a/en-US/snippets/Features-TLS-OpenSSL-Errors.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - -static void __attribute__((noreturn)) -ssl_print_error_and_exit(SSL *ssl, const char *op, int ret) -{ - int subcode = SSL_get_error(ssl, ret); - switch (subcode) { - case SSL_ERROR_NONE: - fprintf(stderr, "error: %s: no error to report\n", op); - break; - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_X509_LOOKUP: - case SSL_ERROR_WANT_CONNECT: - case SSL_ERROR_WANT_ACCEPT: - fprintf(stderr, "error: %s: invalid blocking state %d\n", op, subcode); - break; - case SSL_ERROR_SSL: - fprintf(stderr, "error: %s: TLS layer problem\n", op); - case SSL_ERROR_SYSCALL: - fprintf(stderr, "error: %s: system call failed: %s\n", op, strerror(errno)); - break; - case SSL_ERROR_ZERO_RETURN: - fprintf(stderr, "error: %s: zero return\n", op); - } - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Python-Close.xml b/en-US/snippets/Features-TLS-Python-Close.xml deleted file mode 100644 index fd20ff2..0000000 --- a/en-US/snippets/Features-TLS-Python-Close.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - -sock.close() - diff --git a/en-US/snippets/Features-TLS-Python-Use.xml b/en-US/snippets/Features-TLS-Python-Use.xml deleted file mode 100644 index 08690ca..0000000 --- a/en-US/snippets/Features-TLS-Python-Use.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -sock.write("GET / HTTP/1.1\r\nHost: " + host + "\r\n\r\n") -print sock.read() - diff --git a/en-US/snippets/Go-Error_Handling-IO.xml b/en-US/snippets/Go-Error_Handling-IO.xml deleted file mode 100644 index 818d1da..0000000 --- a/en-US/snippets/Go-Error_Handling-IO.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - -func IOError(r io.Reader, buf []byte, processor Processor, - handler ErrorHandler) (message string, err error) { - n, err := r.Read(buf) - // First check for available data. - if n > 0 { - message, err = processor.Process(buf[0:n]) - // Regular error handling. - if err != nil { - handler.Handle(err) - return "", err - } - } - // Then handle any error. - if err != nil { - handler.Handle(err) - return "", err - } - return -} - diff --git a/en-US/snippets/Go-Error_Handling-Regular.xml b/en-US/snippets/Go-Error_Handling-Regular.xml deleted file mode 100644 index c7f4bc7..0000000 --- a/en-US/snippets/Go-Error_Handling-Regular.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - -type Processor interface { - Process(buf []byte) (message string, err error) -} - -type ErrorHandler interface { - Handle(err error) -} - -func RegularError(buf []byte, processor Processor, - handler ErrorHandler) (message string, err error) { - message, err = processor.Process(buf) - if err != nil { - handler.Handle(err) - return "", err - } - return -} - diff --git a/en-US/snippets/Java-Finally.xml b/en-US/snippets/Java-Finally.xml deleted file mode 100644 index b32ec36..0000000 --- a/en-US/snippets/Java-Finally.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - -InputStream in = new BufferedInputStream(new FileInputStream(path)); -try { - readFile(in); -} finally { - in.close(); -} - diff --git a/en-US/snippets/Java-JNI-Pointers.xml b/en-US/snippets/Java-JNI-Pointers.xml deleted file mode 100644 index 95d386e..0000000 --- a/en-US/snippets/Java-JNI-Pointers.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - -JNIEXPORT jint JNICALL Java_sum - (JNIEnv *jEnv, jclass clazz, jbyteArray buffer, jint offset, jint length) -{ - assert(sizeof(jint) == sizeof(unsigned)); - if (offset < 0 || length < 0) { - (*jEnv)->ThrowNew(jEnv, arrayIndexOutOfBoundsExceptionClass, - "negative offset/length"); - return 0; - } - unsigned uoffset = offset; - unsigned ulength = length; - // This cannot overflow because of the check above. - unsigned totallength = uoffset + ulength; - unsigned actuallength = (*jEnv)->GetArrayLength(jEnv, buffer); - if (totallength > actuallength) { - (*jEnv)->ThrowNew(jEnv, arrayIndexOutOfBoundsExceptionClass, - "offset + length too large"); - return 0; - } - unsigned char *ptr = (*jEnv)->GetPrimitiveArrayCritical(jEnv, buffer, 0); - if (ptr == NULL) { - return 0; - } - unsigned long long sum = 0; - for (unsigned char *p = ptr + uoffset, *end = p + ulength; p != end; ++p) { - sum += *p; - } - (*jEnv)->ReleasePrimitiveArrayCritical(jEnv, buffer, ptr, 0); - return sum; -} - diff --git a/en-US/snippets/Java-Language-ReadArray.xml b/en-US/snippets/Java-Language-ReadArray.xml deleted file mode 100644 index 1470795..0000000 --- a/en-US/snippets/Java-Language-ReadArray.xml +++ /dev/null @@ -1,39 +0,0 @@ - - - - -static byte[] readBytes(InputStream in, int length) throws IOException { - final int startSize = 65536; - byte[] b = new byte[Math.min(length, startSize)]; - int filled = 0; - while (true) { - int remaining = b.length - filled; - readFully(in, b, filled, remaining); - if (b.length == length) { - break; - } - filled = b.length; - if (length - b.length <= b.length) { - // Allocate final length. Condition avoids overflow. - b = Arrays.copyOf(b, length); - } else { - b = Arrays.copyOf(b, b.length * 2); - } - } - return b; -} - -static void readFully(InputStream in,byte[] b, int off, int len) - throws IOException { - int startlen = len; - while (len > 0) { - int count = in.read(b, off, len); - if (count < 0) { - throw new EOFException(); - } - off += count; - len -= count; - } -} - diff --git a/en-US/snippets/Java-SecurityManager-Callback.xml b/en-US/snippets/Java-SecurityManager-Callback.xml deleted file mode 100644 index 634d62f..0000000 --- a/en-US/snippets/Java-SecurityManager-Callback.xml +++ /dev/null @@ -1,40 +0,0 @@ - - - - -interface Callback<T> { - T call(boolean flag); -} - -class CallbackInvoker<T> { - private final AccessControlContext context; - Callback<T> callback; - - CallbackInvoker(Callback<T> callback) { - context = AccessController.getContext(); - this.callback = callback; - } - - public T invoke() { - // Obtain increased privileges. - return AccessController.doPrivileged(new PrivilegedAction<T>() { - @Override - public T run() { - // This operation would fail without - // additional privileges. - final boolean flag = Boolean.getBoolean("some.property"); - - // Restore the original privileges. - return AccessController.doPrivileged( - new PrivilegedAction<T>() { - @Override - public T run() { - return callback.call(flag); - } - }, context); - } - }); - } -} - diff --git a/en-US/snippets/Java-SecurityManager-CurrentDirectory.xml b/en-US/snippets/Java-SecurityManager-CurrentDirectory.xml deleted file mode 100644 index 1a4d022..0000000 --- a/en-US/snippets/Java-SecurityManager-CurrentDirectory.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -permissions.add(new FilePermission( - System.getProperty("user.dir") + "/-", "read")); - diff --git a/en-US/snippets/Java-SecurityManager-Privileged.xml b/en-US/snippets/Java-SecurityManager-Privileged.xml deleted file mode 100644 index b700a0e..0000000 --- a/en-US/snippets/Java-SecurityManager-Privileged.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - -// This is expected to fail. -try { - System.out.println(System.getProperty("user.home")); -} catch (SecurityException e) { - e.printStackTrace(System.err); -} -AccessController.doPrivileged(new PrivilegedAction<Void>() { - public Void run() { - // This should work. - System.out.println(System.getProperty("user.home")); - return null; - } - }); - diff --git a/en-US/snippets/Java-SecurityManager-Unprivileged.xml b/en-US/snippets/Java-SecurityManager-Unprivileged.xml deleted file mode 100644 index 29bb4f5..0000000 --- a/en-US/snippets/Java-SecurityManager-Unprivileged.xml +++ /dev/null @@ -1,28 +0,0 @@ - - - - -Permissions permissions = new Permissions(); - ProtectionDomain protectionDomain = - new ProtectionDomain(null, permissions); - AccessControlContext context = new AccessControlContext( - new ProtectionDomain[] { protectionDomain }); - -// This is expected to succeed. -try (FileInputStream in = new FileInputStream(path)) { - System.out.format("FileInputStream: %s%n", in); -} - -AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - // This code runs with reduced privileges and is - // expected to fail. - try (FileInputStream in = new FileInputStream(path)) { - System.out.format("FileInputStream: %s%n", in); - } - return null; - } - }, context); - diff --git a/en-US/snippets/Java-TryWithResource.xml b/en-US/snippets/Java-TryWithResource.xml deleted file mode 100644 index a9f13f6..0000000 --- a/en-US/snippets/Java-TryWithResource.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - -try (InputStream in = new BufferedInputStream(new FileInputStream(path))) { - readFile(in); -} - diff --git a/en-US/snippets/Shell-Input_Validation.xml b/en-US/snippets/Shell-Input_Validation.xml deleted file mode 100644 index 61cb7d1..0000000 --- a/en-US/snippets/Shell-Input_Validation.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - -if [[ $value =~ ^-?[0-9]+$ ]] ; then - echo value is an integer -else - echo "value is not an integer" 1>&2 - exit 1 -fi - diff --git a/en-US/snippets/Tasks-Serialization-XML-Expat-Create.xml b/en-US/snippets/Tasks-Serialization-XML-Expat-Create.xml deleted file mode 100644 index dd8724d..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-Expat-Create.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - -XML_Parser parser = XML_ParserCreate("UTF-8"); -if (parser == NULL) { - fprintf(stderr, "XML_ParserCreate failed\n"); - close(fd); - exit(1); -} -// EntityDeclHandler needs a reference to the parser to stop -// parsing. -XML_SetUserData(parser, parser); -// Disable entity processing, to inhibit entity expansion. -XML_SetEntityDeclHandler(parser, EntityDeclHandler); - diff --git a/en-US/snippets/Tasks-Serialization-XML-Expat-EntityDeclHandler.xml b/en-US/snippets/Tasks-Serialization-XML-Expat-EntityDeclHandler.xml deleted file mode 100644 index 2a982f4..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-Expat-EntityDeclHandler.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - -// Stop the parser when an entity declaration is encountered. -static void -EntityDeclHandler(void *userData, - const XML_Char *entityName, int is_parameter_entity, - const XML_Char *value, int value_length, - const XML_Char *base, const XML_Char *systemId, - const XML_Char *publicId, const XML_Char *notationName) -{ - XML_StopParser((XML_Parser)userData, XML_FALSE); -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Errors.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Errors.xml deleted file mode 100644 index 928d79b..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Errors.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - -class Errors implements ErrorHandler { - @Override - public void warning(SAXParseException exception) { - exception.printStackTrace(); - } - - @Override - public void fatalError(SAXParseException exception) { - exception.printStackTrace(); - } - - @Override - public void error(SAXParseException exception) { - exception.printStackTrace(); - } -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Imports.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Imports.xml deleted file mode 100644 index 61f0965..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Imports.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - -import javax.xml.XMLConstants; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.parsers.SAXParser; -import javax.xml.parsers.SAXParserFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.sax.SAXSource; -import javax.xml.validation.Schema; -import javax.xml.validation.SchemaFactory; -import javax.xml.validation.Validator; - -import org.w3c.dom.Document; -import org.w3c.dom.ls.LSInput; -import org.w3c.dom.ls.LSResourceResolver; -import org.xml.sax.EntityResolver; -import org.xml.sax.ErrorHandler; -import org.xml.sax.InputSource; -import org.xml.sax.SAXException; -import org.xml.sax.SAXParseException; -import org.xml.sax.XMLReader; - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoEntityResolver.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoEntityResolver.xml deleted file mode 100644 index e1d1049..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoEntityResolver.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - -class NoEntityResolver implements EntityResolver { - @Override - public InputSource resolveEntity(String publicId, String systemId) - throws SAXException, IOException { - // Throwing an exception stops validation. - throw new IOException(String.format( - "attempt to resolve \"%s\" \"%s\"", publicId, systemId)); - } -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoResourceResolver.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoResourceResolver.xml deleted file mode 100644 index 6eae01a..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoResourceResolver.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - -class NoResourceResolver implements LSResourceResolver { - @Override - public LSInput resolveResource(String type, String namespaceURI, - String publicId, String systemId, String baseURI) { - // Throwing an exception stops validation. - throw new RuntimeException(String.format( - "resolution attempt: type=%s namespace=%s " + - "publicId=%s systemId=%s baseURI=%s", - type, namespaceURI, publicId, systemId, baseURI)); - } -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-DOM.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-DOM.xml deleted file mode 100644 index f04a2af..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-DOM.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - -DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); -// Impose restrictions on the complexity of the DTD. -factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - -// Turn on validation. -// This step can be omitted if validation is not desired. -factory.setValidating(true); - -// Parse the document. -DocumentBuilder builder = factory.newDocumentBuilder(); -builder.setEntityResolver(new NoEntityResolver()); -builder.setErrorHandler(new Errors()); -Document document = builder.parse(inputStream); - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM.xml deleted file mode 100644 index b4ecf6c..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - -SchemaFactory factory = SchemaFactory.newInstance( - XMLConstants.W3C_XML_SCHEMA_NS_URI); - -// This enables restrictions on schema complexity. -factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - -// The following line prevents resource resolution -// by the schema itself. -factory.setResourceResolver(new NoResourceResolver()); - -Schema schema = factory.newSchema(schemaFile); - -Validator validator = schema.newValidator(); - -// This prevents external resource resolution. -validator.setResourceResolver(new NoResourceResolver()); -validator.validate(new DOMSource(document)); - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX.xml deleted file mode 100644 index 2f6c6c9..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - -SchemaFactory factory = SchemaFactory.newInstance( - XMLConstants.W3C_XML_SCHEMA_NS_URI); - -// This enables restrictions on the schema and document -// complexity. -factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - -// This prevents resource resolution by the schema itself. -// If the schema is trusted and references additional files, -// this line must be omitted, otherwise loading these files -// will fail. -factory.setResourceResolver(new NoResourceResolver()); - -Schema schema = factory.newSchema(schemaFile); -Validator validator = schema.newValidator(); - -// This prevents external resource resolution. -validator.setResourceResolver(new NoResourceResolver()); - -validator.validate(new SAXSource(new InputSource(inputStream))); - diff --git a/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityHandler.xml b/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityHandler.xml deleted file mode 100644 index 3a5ef31..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityHandler.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - -class NoEntityHandler : public QXmlDeclHandler { -public: - bool attributeDecl(const QString&, const QString&, const QString&, - const QString&, const QString&); - bool internalEntityDecl(const QString&, const QString&); - bool externalEntityDecl(const QString&, const QString&, - const QString&); - QString errorString() const; -}; - - bool -NoEntityHandler::attributeDecl - (const QString&, const QString&, const QString&, const QString&, - const QString&) -{ - return false; -} - -bool -NoEntityHandler::internalEntityDecl(const QString&, const QString&) -{ - return false; -} - -bool -NoEntityHandler::externalEntityDecl(const QString&, const QString&, const - QString&) -{ - return false; -} - -QString -NoEntityHandler::errorString() const -{ - return "XML declaration not permitted"; -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityReader.xml b/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityReader.xml deleted file mode 100644 index 0a70fa4..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityReader.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - -class NoEntityReader : public QXmlSimpleReader { - NoEntityHandler handler; -public: - NoEntityReader(); - void setDeclHandler(QXmlDeclHandler *); -}; - - NoEntityReader::NoEntityReader() -{ - QXmlSimpleReader::setDeclHandler(&handler); - setFeature("http://xml.org/sax/features/namespaces", true); - setFeature("http://xml.org/sax/features/namespace-prefixes", false); - } - -void -NoEntityReader::setDeclHandler(QXmlDeclHandler *) -{ - // Ignore the handler which was passed in. -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-Qt-QDomDocument.xml b/en-US/snippets/Tasks-Serialization-XML-Qt-QDomDocument.xml deleted file mode 100644 index ff0e056..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-Qt-QDomDocument.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - -NoEntityReader reader; -QBuffer buffer(&data); -buffer.open(QIODevice::ReadOnly); -QXmlInputSource source(&buffer); -QDomDocument doc; -QString errorMsg; -int errorLine; -int errorColumn; -bool okay = doc.setContent - (&source, &reader, &errorMsg, &errorLine, &errorColumn); - From b54be35c65b14237c057c85a93c2a3afac26c889 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mar 31 2017 21:07:59 +0000 Subject: [PATCH 26/73] Merge branch 'tmp-remove-snippets' into 'master' removed auto-generated files See merge request !4 --- diff --git a/en-US/snippets/C-Arithmetic-add.xml b/en-US/snippets/C-Arithmetic-add.xml deleted file mode 100644 index 3c67512..0000000 --- a/en-US/snippets/C-Arithmetic-add.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - -void report_overflow(void); - -int -add(int a, int b) -{ - int result = a + b; - if (a < 0 || b < 0) { - return -1; - } - // The compiler can optimize away the following if statement. - if (result < 0) { - report_overflow(); - } - return result; -} - diff --git a/en-US/snippets/C-Arithmetic-add_unsigned.xml b/en-US/snippets/C-Arithmetic-add_unsigned.xml deleted file mode 100644 index 4ea1747..0000000 --- a/en-US/snippets/C-Arithmetic-add_unsigned.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - -void report_overflow(void); - -unsigned -add_unsigned(unsigned a, unsigned b) -{ - unsigned sum = a + b; - if (sum < a) { // or sum < b - report_overflow(); - } - return sum; -} - diff --git a/en-US/snippets/C-Arithmetic-mult.xml b/en-US/snippets/C-Arithmetic-mult.xml deleted file mode 100644 index ecb27a0..0000000 --- a/en-US/snippets/C-Arithmetic-mult.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - -unsigned -mul(unsigned a, unsigned b) -{ - if (b && a > ((unsigned)-1) / b) { - report_overflow(); - } - return a * b; -} - diff --git a/en-US/snippets/C-Globals-String_Array.xml b/en-US/snippets/C-Globals-String_Array.xml deleted file mode 100644 index 2f05b7d..0000000 --- a/en-US/snippets/C-Globals-String_Array.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - -static const char *const string_list[] = { - "first", - "second", - "third", - NULL -}; - diff --git a/en-US/snippets/C-Pointers-remaining.xml b/en-US/snippets/C-Pointers-remaining.xml deleted file mode 100644 index f527d03..0000000 --- a/en-US/snippets/C-Pointers-remaining.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - -ssize_t -extract_strings(const char *in, size_t inlen, char **out, size_t outlen) -{ - const char *inp = in; - const char *inend = in + inlen; - char **outp = out; - char **outend = out + outlen; - - while (inp != inend) { - size_t len; - char *s; - if (outp == outend) { - errno = ENOSPC; - goto err; - } - len = (unsigned char)*inp; - ++inp; - if (len > (size_t)(inend - inp)) { - errno = EINVAL; - goto err; - } - s = malloc(len + 1); - if (s == NULL) { - goto err; - } - memcpy(s, inp, len); - inp += len; - s[len] = '\0'; - *outp = s; - ++outp; - } - return outp - out; -err: - { - int errno_old = errno; - while (out != outp) { - free(*out); - ++out; - } - errno = errno_old; - } - return -1; -} - diff --git a/en-US/snippets/C-String-Functions-format.xml b/en-US/snippets/C-String-Functions-format.xml deleted file mode 100644 index 519f127..0000000 --- a/en-US/snippets/C-String-Functions-format.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - -void log_format(const char *format, ...) __attribute__((format(printf, 1, 2))); - -void -log_format(const char *format, ...) -{ - char buf[1000]; - va_list ap; - va_start(ap, format); - vsnprintf(buf, sizeof(buf), format, ap); - va_end(ap); - log_string(buf); -} - diff --git a/en-US/snippets/C-String-Functions-snprintf-incremental.xml b/en-US/snippets/C-String-Functions-snprintf-incremental.xml deleted file mode 100644 index 5978684..0000000 --- a/en-US/snippets/C-String-Functions-snprintf-incremental.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - -char buf[512]; -char *current = buf; -const char *const end = buf + sizeof(buf); -for (struct item *it = data; it->key; ++it) { - snprintf(current, end - current, "%s%s=%d", - current == buf ? "" : ", ", it->key, it->value); - current += strlen(current); -} - diff --git a/en-US/snippets/C-String-Functions-snprintf.xml b/en-US/snippets/C-String-Functions-snprintf.xml deleted file mode 100644 index dc790d8..0000000 --- a/en-US/snippets/C-String-Functions-snprintf.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -char fraction[30]; -snprintf(fraction, sizeof(fraction), "%d/%d", numerator, denominator); - diff --git a/en-US/snippets/C-String-Functions-strncat-as-strncpy.xml b/en-US/snippets/C-String-Functions-strncat-as-strncpy.xml deleted file mode 100644 index 1f5c8c6..0000000 --- a/en-US/snippets/C-String-Functions-strncat-as-strncpy.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -buf[0] = '\0'; -strncat(buf, data, sizeof(buf) - 1); - diff --git a/en-US/snippets/C-String-Functions-strncat-emulation.xml b/en-US/snippets/C-String-Functions-strncat-emulation.xml deleted file mode 100644 index 12f5437..0000000 --- a/en-US/snippets/C-String-Functions-strncat-emulation.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - -char buf[10]; -snprintf(buf, sizeof(buf), "%s", prefix); -snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%s", data); - diff --git a/en-US/snippets/C-String-Functions-strncat-merged.xml b/en-US/snippets/C-String-Functions-strncat-merged.xml deleted file mode 100644 index 3deaa94..0000000 --- a/en-US/snippets/C-String-Functions-strncat-merged.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - -snprintf(buf, sizeof(buf), "%s%s", prefix, data); - diff --git a/en-US/snippets/C-String-Functions-strncpy.xml b/en-US/snippets/C-String-Functions-strncpy.xml deleted file mode 100644 index bdbdd08..0000000 --- a/en-US/snippets/C-String-Functions-strncpy.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - -char buf[10]; -strncpy(buf, data, sizeof(buf)); -buf[sizeof(buf) - 1] = '\0'; - diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml deleted file mode 100644 index 780b2f2..0000000 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Connect.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - -// Create the session object. -gnutls_session_t session; -ret = gnutls_init(&session, GNUTLS_CLIENT); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_init: %s\n", - gnutls_strerror(ret)); - exit(1); -} - -// Configure the cipher preferences. -ret = gnutls_set_default_priority(session); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_priority_set_direct: %s\n", - gnutls_strerror(ret)); - exit(1); -} - -// Install the trusted certificates. -ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_credentials_set: %s\n", - gnutls_strerror(ret)); - exit(1); -} - -// Associate the socket with the session object and set the server -// name. -gnutls_transport_set_int(session, sockfd); -ret = gnutls_server_name_set(session, GNUTLS_NAME_DNS, - host, strlen(host)); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_server_name_set: %s\n", - gnutls_strerror(ret)); - exit(1); -} - -// Establish the session. -ret = gnutls_handshake(session); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_handshake: %s\n", - gnutls_strerror(ret)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Credentials.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Credentials.xml deleted file mode 100644 index f69f552..0000000 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Credentials.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - -// Load the trusted CA certificates. -gnutls_certificate_credentials_t cred = NULL; -int ret = gnutls_certificate_allocate_credentials (&cred); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_certificate_allocate_credentials: %s\n", - gnutls_strerror(ret)); - exit(1); -} - -ret = gnutls_certificate_set_x509_system_trust(cred); -if (ret == 0) { - fprintf(stderr, "error: no certificates found in system trust store\n"); - exit(1); -} -if (ret < 0) { - fprintf(stderr, "error: gnutls_certificate_set_x509_system_trust: %s\n", - gnutls_strerror(ret)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Match.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Match.xml deleted file mode 100644 index c4a51ce..0000000 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Match.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - - -// Match the peer certificate against the host name. -// We can only obtain a set of DER-encoded certificates from the -// session object, so we have to re-parse the peer certificate into -// a certificate object. -gnutls_x509_crt_t cert; -ret = gnutls_x509_crt_init(&cert); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_x509_crt_init: %s\n", - gnutls_strerror(ret)); - exit(1); -} -// The peer certificate is the first certificate in the list. -ret = gnutls_x509_crt_import(cert, certs, GNUTLS_X509_FMT_DER); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_x509_crt_import: %s\n", - gnutls_strerror(ret)); - exit(1); -} -ret = gnutls_x509_crt_check_hostname(cert, host); -if (ret == 0 && !certificate_host_name_override(certs[0], host)) { - fprintf(stderr, "error: host name does not match certificate\n"); - exit(1); -} -gnutls_x509_crt_deinit(cert); - diff --git a/en-US/snippets/Features-TLS-Client-GNUTLS-Verify.xml b/en-US/snippets/Features-TLS-Client-GNUTLS-Verify.xml deleted file mode 100644 index eb89535..0000000 --- a/en-US/snippets/Features-TLS-Client-GNUTLS-Verify.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - -// Obtain the server certificate chain. The server certificate -// itself is stored in the first element of the array. -unsigned certslen = 0; -const gnutls_datum_t *const certs = - gnutls_certificate_get_peers(session, &certslen); -if (certs == NULL || certslen == 0) { - fprintf(stderr, "error: could not obtain peer certificate\n"); - exit(1); -} - -// Validate the certificate chain. -unsigned status = (unsigned)-1; -ret = gnutls_certificate_verify_peers3(session, host, &status); -if (ret != GNUTLS_E_SUCCESS) { - fprintf(stderr, "error: gnutls_certificate_verify_peers3: %s\n", - gnutls_strerror(ret)); - exit(1); -} -if (status != 0 && !certificate_validity_override(certs[0])) { - gnutls_datum_t msg; -#if GNUTLS_VERSION_AT_LEAST_3_1_4 - int type = gnutls_certificate_type_get (session); - ret = gnutls_certificate_verification_status_print(status, type, &out, 0); -#else - ret = -1; -#endif - if (ret == 0) { - fprintf(stderr, "error: %s\n", msg.data); - gnutls_free(msg.data); - exit(1); - } else { - fprintf(stderr, "error: certificate validation failed with code 0x%x\n", - status); - exit(1); - } -} - diff --git a/en-US/snippets/Features-TLS-Client-NSS-Close.xml b/en-US/snippets/Features-TLS-Client-NSS-Close.xml deleted file mode 100644 index 456e209..0000000 --- a/en-US/snippets/Features-TLS-Client-NSS-Close.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - -// Send close_notify alert. -if (PR_Shutdown(nspr, PR_SHUTDOWN_BOTH) != PR_SUCCESS) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: PR_Read error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} -// Closes the underlying POSIX file descriptor, too. -PR_Close(nspr); - diff --git a/en-US/snippets/Features-TLS-Client-NSS-Connect.xml b/en-US/snippets/Features-TLS-Client-NSS-Connect.xml deleted file mode 100644 index 1a6821e..0000000 --- a/en-US/snippets/Features-TLS-Client-NSS-Connect.xml +++ /dev/null @@ -1,80 +0,0 @@ - - - - -// Wrap the POSIX file descriptor. This is an internal NSPR -// function, but it is very unlikely to change. -PRFileDesc* nspr = PR_ImportTCPSocket(sockfd); -sockfd = -1; // Has been taken over by NSPR. - -// Add the SSL layer. -{ - PRFileDesc *model = PR_NewTCPSocket(); - PRFileDesc *newfd = SSL_ImportFD(NULL, model); - if (newfd == NULL) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: NSPR error code %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - model = newfd; - newfd = NULL; - if (SSL_OptionSet(model, SSL_ENABLE_SSL2, PR_FALSE) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: set SSL_ENABLE_SSL2 error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - if (SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, PR_FALSE) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: set SSL_V2_COMPATIBLE_HELLO error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - if (SSL_OptionSet(model, SSL_ENABLE_DEFLATE, PR_FALSE) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: set SSL_ENABLE_DEFLATE error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - - // Allow overriding invalid certificate. - if (SSL_BadCertHook(model, bad_certificate, (char *)host) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: SSL_BadCertHook error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - - newfd = SSL_ImportFD(model, nspr); - if (newfd == NULL) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: SSL_ImportFD error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } - nspr = newfd; - PR_Close(model); -} - -// Perform the handshake. -if (SSL_ResetHandshake(nspr, PR_FALSE) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: SSL_ResetHandshake error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} -if (SSL_SetURL(nspr, host) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: SSL_SetURL error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} -if (SSL_ForceHandshake(nspr) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: SSL_ForceHandshake error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Connect.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Connect.xml deleted file mode 100644 index 40cc623..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Connect.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - -// Create the socket and connect it at the TCP layer. -SSLSocket socket = (SSLSocket) ctx.getSocketFactory() - .createSocket(host, port); - -// Disable the Nagle algorithm. -socket.setTcpNoDelay(true); - -// Adjust ciphers and protocols. -socket.setSSLParameters(params); - -// Perform the handshake. -socket.startHandshake(); - -// Validate the host name. The match() method throws -// CertificateException on failure. -X509Certificate peer = (X509Certificate) - socket.getSession().getPeerCertificates()[0]; -// This is the only way to perform host name checking on OpenJDK 6. -HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match( - host, peer); - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Context.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Context.xml deleted file mode 100644 index b7fde16..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Context.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - -// Create the context. Specify the SunJSSE provider to avoid -// picking up third-party providers. Try the TLS 1.2 provider -// first, then fall back to TLS 1.0. -SSLContext ctx; -try { - ctx = SSLContext.getInstance("TLSv1.2", "SunJSSE"); -} catch (NoSuchAlgorithmException e) { - try { - ctx = SSLContext.getInstance("TLSv1", "SunJSSE"); - } catch (NoSuchAlgorithmException e1) { - // The TLS 1.0 provider should always be available. - throw new AssertionError(e1); - } catch (NoSuchProviderException e1) { - throw new AssertionError(e1); - } -} catch (NoSuchProviderException e) { - // The SunJSSE provider should always be available. - throw new AssertionError(e); -} -ctx.init(null, null, null); - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Context_For_Cert.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Context_For_Cert.xml deleted file mode 100644 index 6004157..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Context_For_Cert.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - -SSLContext ctx; -try { - ctx = SSLContext.getInstance("TLSv1.2", "SunJSSE"); -} catch (NoSuchAlgorithmException e) { - try { - ctx = SSLContext.getInstance("TLSv1", "SunJSSE"); - } catch (NoSuchAlgorithmException e1) { - throw new AssertionError(e1); - } catch (NoSuchProviderException e1) { - throw new AssertionError(e1); - } -} catch (NoSuchProviderException e) { - throw new AssertionError(e); -} -MyTrustManager tm = new MyTrustManager(certHash); -ctx.init(null, new TrustManager[] {tm}, null); - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Hostname.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Hostname.xml deleted file mode 100644 index 586cb7b..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Hostname.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - -params.setEndpointIdentificationAlgorithm("HTTPS"); - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Import.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Import.xml deleted file mode 100644 index 57c9343..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Import.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLParameters; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; - -import sun.security.util.HostnameChecker; - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-MyTrustManager.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-MyTrustManager.xml deleted file mode 100644 index 43fd12b..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-MyTrustManager.xml +++ /dev/null @@ -1,38 +0,0 @@ - - - - -public class MyTrustManager implements X509TrustManager { - private final byte[] certHash; - - public MyTrustManager(byte[] certHash) throws Exception { - this.certHash = certHash; - } - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - throw new UnsupportedOperationException(); - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, - String authType) throws CertificateException { - byte[] digest = getCertificateDigest(chain[0]); - String digestHex = formatHex(digest); - - if (Arrays.equals(digest, certHash)) { - System.err.println("info: accepting certificate: " + digestHex); - } else { - throw new CertificateException("certificate rejected: " + - digestHex); - } - } - - @Override - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[0]; - } -} - diff --git a/en-US/snippets/Features-TLS-Client-OpenJDK-Use.xml b/en-US/snippets/Features-TLS-Client-OpenJDK-Use.xml deleted file mode 100644 index 11d708a..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenJDK-Use.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - -socket.getOutputStream().write("GET / HTTP/1.0\r\n\r\n" - .getBytes(Charset.forName("UTF-8"))); -byte[] buffer = new byte[4096]; -int count = socket.getInputStream().read(buffer); -System.out.write(buffer, 0, count); - diff --git a/en-US/snippets/Features-TLS-Client-OpenSSL-CTX.xml b/en-US/snippets/Features-TLS-Client-OpenSSL-CTX.xml deleted file mode 100644 index 05e2854..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenSSL-CTX.xml +++ /dev/null @@ -1,71 +0,0 @@ - - - - -// Configure a client connection context. Send a hendshake for the -// highest supported TLS version, and disable compression. -const SSL_METHOD *const req_method = SSLv23_client_method(); -SSL_CTX *const ctx = SSL_CTX_new(req_method); -if (ctx == NULL) { - ERR_print_errors(bio_err); - exit(1); -} -SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION); - -// Adjust the ciphers list based on a whitelist. First enable all -// ciphers of at least medium strength, to get the list which is -// compiled into OpenSSL. -if (SSL_CTX_set_cipher_list(ctx, "HIGH:MEDIUM") != 1) { - ERR_print_errors(bio_err); - exit(1); -} -{ - // Create a dummy SSL session to obtain the cipher list. - SSL *ssl = SSL_new(ctx); - if (ssl == NULL) { - ERR_print_errors(bio_err); - exit(1); - } - STACK_OF(SSL_CIPHER) *active_ciphers = SSL_get_ciphers(ssl); - if (active_ciphers == NULL) { - ERR_print_errors(bio_err); - exit(1); - } - // Whitelist of candidate ciphers. - static const char *const candidates[] = { - "AES128-GCM-SHA256", "AES128-SHA256", "AES256-SHA256", // strong ciphers - "AES128-SHA", "AES256-SHA", // strong ciphers, also in older versions - "RC4-SHA", "RC4-MD5", // backwards compatibility, supposed to be weak - "DES-CBC3-SHA", "DES-CBC3-MD5", // more backwards compatibility - NULL - }; - // Actually selected ciphers. - char ciphers[300]; - ciphers[0] = '\0'; - for (const char *const *c = candidates; *c; ++c) { - for (int i = 0; i < sk_SSL_CIPHER_num(active_ciphers); ++i) { - if (strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(active_ciphers, i)), - *c) == 0) { - if (*ciphers) { - strcat(ciphers, ":"); - } - strcat(ciphers, *c); - break; - } - } - } - SSL_free(ssl); - // Apply final cipher list. - if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) { - ERR_print_errors(bio_err); - exit(1); - } -} - -// Load the set of trusted root certificates. -if (!SSL_CTX_set_default_verify_paths(ctx)) { - ERR_print_errors(bio_err); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Client-OpenSSL-Connect.xml b/en-US/snippets/Features-TLS-Client-OpenSSL-Connect.xml deleted file mode 100644 index 5cd433d..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenSSL-Connect.xml +++ /dev/null @@ -1,55 +0,0 @@ - - - - -// Create the connection object. -SSL *ssl = SSL_new(ctx); -if (ssl == NULL) { - ERR_print_errors(bio_err); - exit(1); -} -SSL_set_fd(ssl, sockfd); - -// Enable the ServerNameIndication extension -if (!SSL_set_tlsext_host_name(ssl, host)) { - ERR_print_errors(bio_err); - exit(1); -} - -// Perform the TLS handshake with the server. -ret = SSL_connect(ssl); -if (ret != 1) { - // Error status can be 0 or negative. - ssl_print_error_and_exit(ssl, "SSL_connect", ret); -} - -// Obtain the server certificate. -X509 *peercert = SSL_get_peer_certificate(ssl); -if (peercert == NULL) { - fprintf(stderr, "peer certificate missing"); - exit(1); -} - -// Check the certificate verification result. Allow an explicit -// certificate validation override in case verification fails. -int verifystatus = SSL_get_verify_result(ssl); -if (verifystatus != X509_V_OK && !certificate_validity_override(peercert)) { - fprintf(stderr, "SSL_connect: verify result: %s\n", - X509_verify_cert_error_string(verifystatus)); - exit(1); -} - -// Check if the server certificate matches the host name used to -// establish the connection. -// FIXME: Currently needs OpenSSL 1.1. -if (X509_check_host(peercert, (const unsigned char *)host, strlen(host), - 0) != 1 - && !certificate_host_name_override(peercert, host)) { - fprintf(stderr, "SSL certificate does not match host name\n"); - exit(1); -} - -X509_free(peercert); - - diff --git a/en-US/snippets/Features-TLS-Client-OpenSSL-Connection-Use.xml b/en-US/snippets/Features-TLS-Client-OpenSSL-Connection-Use.xml deleted file mode 100644 index ab54edf..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenSSL-Connection-Use.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - -const char *const req = "GET / HTTP/1.0\r\n\r\n"; -if (SSL_write(ssl, req, strlen(req)) < 0) { - ssl_print_error_and_exit(ssl, "SSL_write", ret); -} -char buf[4096]; -ret = SSL_read(ssl, buf, sizeof(buf)); -if (ret < 0) { - ssl_print_error_and_exit(ssl, "SSL_read", ret); -} - diff --git a/en-US/snippets/Features-TLS-Client-OpenSSL-Init.xml b/en-US/snippets/Features-TLS-Client-OpenSSL-Init.xml deleted file mode 100644 index 8211ce8..0000000 --- a/en-US/snippets/Features-TLS-Client-OpenSSL-Init.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - -// The following call prints an error message and calls exit() if -// the OpenSSL configuration file is unreadable. -OPENSSL_config(NULL); -// Provide human-readable error messages. -SSL_load_error_strings(); -// Register ciphers. -SSL_library_init(); - diff --git a/en-US/snippets/Features-TLS-Client-Python-Connect.xml b/en-US/snippets/Features-TLS-Client-Python-Connect.xml deleted file mode 100644 index 0e98e87..0000000 --- a/en-US/snippets/Features-TLS-Client-Python-Connect.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - -sock = ssl.wrap_socket(sock, - ciphers="HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5", - ssl_version=ssl.PROTOCOL_TLSv1, - cert_reqs=ssl.CERT_REQUIRED, - ca_certs='/etc/ssl/certs/ca-bundle.crt') -# getpeercert() triggers the handshake as a side effect. -if not check_host_name(sock.getpeercert(), host): - raise IOError("peer certificate does not match host name") - diff --git a/en-US/snippets/Features-TLS-Client-Python-check_host_name.xml b/en-US/snippets/Features-TLS-Client-Python-check_host_name.xml deleted file mode 100644 index 3c325f8..0000000 --- a/en-US/snippets/Features-TLS-Client-Python-check_host_name.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - - -def check_host_name(peercert, name): - """Simple certificate/host name checker. Returns True if the - certificate matches, False otherwise. Does not support - wildcards.""" - # Check that the peer has supplied a certificate. - # None/{} is not acceptable. - if not peercert: - return False - if peercert.has_key("subjectAltName"): - for typ, val in peercert["subjectAltName"]: - if typ == "DNS" and val == name: - return True - else: - # Only check the subject DN if there is no subject alternative - # name. - cn = None - for attr, val in peercert["subject"]: - # Use most-specific (last) commonName attribute. - if attr == "commonName": - cn = val - if cn is not None: - return cn == name - return False - diff --git a/en-US/snippets/Features-TLS-GNUTLS-Credentials-Close.xml b/en-US/snippets/Features-TLS-GNUTLS-Credentials-Close.xml deleted file mode 100644 index 8c28b0f..0000000 --- a/en-US/snippets/Features-TLS-GNUTLS-Credentials-Close.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - -gnutls_certificate_free_credentials(cred); - diff --git a/en-US/snippets/Features-TLS-GNUTLS-Disconnect.xml b/en-US/snippets/Features-TLS-GNUTLS-Disconnect.xml deleted file mode 100644 index b01464d..0000000 --- a/en-US/snippets/Features-TLS-GNUTLS-Disconnect.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - -// Initiate an orderly connection shutdown. -ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); -if (ret < 0) { - fprintf(stderr, "error: gnutls_bye: %s\n", gnutls_strerror(ret)); - exit(1); -} -// Free the session object. -gnutls_deinit(session); - diff --git a/en-US/snippets/Features-TLS-GNUTLS-Init.xml b/en-US/snippets/Features-TLS-GNUTLS-Init.xml deleted file mode 100644 index ab2777d..0000000 --- a/en-US/snippets/Features-TLS-GNUTLS-Init.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - -// This is only necessary if compatibility with GnuTLS prior to -// 3.3.0 is required. -gnutls_global_init(); - diff --git a/en-US/snippets/Features-TLS-GNUTLS-Use.xml b/en-US/snippets/Features-TLS-GNUTLS-Use.xml deleted file mode 100644 index a6a3f9c..0000000 --- a/en-US/snippets/Features-TLS-GNUTLS-Use.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - -char buf[4096]; -snprintf(buf, sizeof(buf), "GET / HTTP/1.0\r\nHost: %s\r\n\r\n", host); -ret = gnutls_record_send(session, buf, strlen(buf)); -if (ret < 0) { - fprintf(stderr, "error: gnutls_record_send: %s\n", gnutls_strerror(ret)); - exit(1); -} -ret = gnutls_record_recv(session, buf, sizeof(buf)); -if (ret < 0) { - fprintf(stderr, "error: gnutls_record_recv: %s\n", gnutls_strerror(ret)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-NSS-Close.xml b/en-US/snippets/Features-TLS-NSS-Close.xml deleted file mode 100644 index e34cea8..0000000 --- a/en-US/snippets/Features-TLS-NSS-Close.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -SECMOD_DestroyModule(module); -NSS_ShutdownContext(ctx); - diff --git a/en-US/snippets/Features-TLS-NSS-Includes.xml b/en-US/snippets/Features-TLS-NSS-Includes.xml deleted file mode 100644 index ee183d0..0000000 --- a/en-US/snippets/Features-TLS-NSS-Includes.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - -// NSPR include files -#include <prerror.h> -#include <prinit.h> - -// NSS include files -#include <nss.h> -#include <pk11pub.h> -#include <secmod.h> -#include <ssl.h> -#include <sslproto.h> - -// Private API, no other way to turn a POSIX file descriptor into an -// NSPR handle. -NSPR_API(PRFileDesc*) PR_ImportTCPSocket(int); - diff --git a/en-US/snippets/Features-TLS-NSS-Init.xml b/en-US/snippets/Features-TLS-NSS-Init.xml deleted file mode 100644 index 939ff39..0000000 --- a/en-US/snippets/Features-TLS-NSS-Init.xml +++ /dev/null @@ -1,71 +0,0 @@ - - - - -PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); -NSSInitContext *const ctx = - NSS_InitContext("sql:/etc/pki/nssdb", "", "", "", NULL, - NSS_INIT_READONLY | NSS_INIT_PK11RELOAD); -if (ctx == NULL) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: NSPR error code %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} - -// Ciphers to enable. -static const PRUint16 good_ciphers[] = { - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_RSA_WITH_AES_128_GCM_SHA256, - TLS_RSA_WITH_AES_256_GCM_SHA384, - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA, - SSL_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_NULL_WITH_NULL_NULL // sentinel -}; - -// Check if the current policy allows any strong ciphers. If it -// doesn't, set the cipher suite policy. This is not thread-safe -// and has global impact. Consequently, we only do it if absolutely -// necessary. -int found_good_cipher = 0; -for (const PRUint16 *p = good_ciphers; *p != SSL_NULL_WITH_NULL_NULL; - ++p) { - PRInt32 policy; - if (SSL_CipherPolicyGet(*p, &policy) != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: policy for cipher %u: error %d: %s\n", - (unsigned)*p, err, PR_ErrorToName(err)); - exit(1); - } - if (policy == SSL_ALLOWED) { - fprintf(stderr, "info: found cipher %x\n", (unsigned)*p); - found_good_cipher = 1; - break; - } -} -if (!found_good_cipher) { - if (NSS_SetDomesticPolicy() != SECSuccess) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: NSS_SetDomesticPolicy: error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); - } -} - -// Initialize the trusted certificate store. -char module_name[] = "library=libnssckbi.so name=\"Root Certs\""; -SECMODModule *module = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE); -if (module == NULL || !module->loaded) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: NSPR error code %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-NSS-Use.xml b/en-US/snippets/Features-TLS-NSS-Use.xml deleted file mode 100644 index f1a0c6d..0000000 --- a/en-US/snippets/Features-TLS-NSS-Use.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - -char buf[4096]; -snprintf(buf, sizeof(buf), "GET / HTTP/1.0\r\nHost: %s\r\n\r\n", host); -PRInt32 ret = PR_Write(nspr, buf, strlen(buf)); -if (ret < 0) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: PR_Write error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} -ret = PR_Read(nspr, buf, sizeof(buf)); -if (ret < 0) { - const PRErrorCode err = PR_GetError(); - fprintf(stderr, "error: PR_Read error %d: %s\n", - err, PR_ErrorToName(err)); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Nagle.xml b/en-US/snippets/Features-TLS-Nagle.xml deleted file mode 100644 index 824fab5..0000000 --- a/en-US/snippets/Features-TLS-Nagle.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - -const int val = 1; -int ret = setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)); -if (ret < 0) { - perror("setsockopt(TCP_NODELAY)"); - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-OpenJDK-Parameters.xml b/en-US/snippets/Features-TLS-OpenJDK-Parameters.xml deleted file mode 100644 index af48ca6..0000000 --- a/en-US/snippets/Features-TLS-OpenJDK-Parameters.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - -// Prepare TLS parameters. These have to applied to every TLS -// socket before the handshake is triggered. -SSLParameters params = ctx.getDefaultSSLParameters(); -// Do not send an SSL-2.0-compatible Client Hello. -ArrayList<String> protocols = new ArrayList<String>( - Arrays.asList(params.getProtocols())); -protocols.remove("SSLv2Hello"); -params.setProtocols(protocols.toArray(new String[protocols.size()])); -// Adjust the supported ciphers. -ArrayList<String> ciphers = new ArrayList<String>( - Arrays.asList(params.getCipherSuites())); -ciphers.retainAll(Arrays.asList( - "TLS_RSA_WITH_AES_128_CBC_SHA256", - "TLS_RSA_WITH_AES_256_CBC_SHA256", - "TLS_RSA_WITH_AES_256_CBC_SHA", - "TLS_RSA_WITH_AES_128_CBC_SHA", - "SSL_RSA_WITH_3DES_EDE_CBC_SHA", - "SSL_RSA_WITH_RC4_128_SHA1", - "SSL_RSA_WITH_RC4_128_MD5", - "TLS_EMPTY_RENEGOTIATION_INFO_SCSV")); -params.setCipherSuites(ciphers.toArray(new String[ciphers.size()])); - diff --git a/en-US/snippets/Features-TLS-OpenSSL-Connection-Close.xml b/en-US/snippets/Features-TLS-OpenSSL-Connection-Close.xml deleted file mode 100644 index 0e446ef..0000000 --- a/en-US/snippets/Features-TLS-OpenSSL-Connection-Close.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - - -// Send the close_notify alert. -ret = SSL_shutdown(ssl); -switch (ret) { -case 1: - // A close_notify alert has already been received. - break; -case 0: - // Wait for the close_notify alert from the peer. - ret = SSL_shutdown(ssl); - switch (ret) { - case 0: - fprintf(stderr, "info: second SSL_shutdown returned zero\n"); - break; - case 1: - break; - default: - ssl_print_error_and_exit(ssl, "SSL_shutdown 2", ret); - } - break; -default: - ssl_print_error_and_exit(ssl, "SSL_shutdown 1", ret); -} -SSL_free(ssl); -close(sockfd); - diff --git a/en-US/snippets/Features-TLS-OpenSSL-Context-Close.xml b/en-US/snippets/Features-TLS-OpenSSL-Context-Close.xml deleted file mode 100644 index 89a324e..0000000 --- a/en-US/snippets/Features-TLS-OpenSSL-Context-Close.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - -SSL_CTX_free(ctx); - diff --git a/en-US/snippets/Features-TLS-OpenSSL-Errors.xml b/en-US/snippets/Features-TLS-OpenSSL-Errors.xml deleted file mode 100644 index ab16ce7..0000000 --- a/en-US/snippets/Features-TLS-OpenSSL-Errors.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - -static void __attribute__((noreturn)) -ssl_print_error_and_exit(SSL *ssl, const char *op, int ret) -{ - int subcode = SSL_get_error(ssl, ret); - switch (subcode) { - case SSL_ERROR_NONE: - fprintf(stderr, "error: %s: no error to report\n", op); - break; - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_X509_LOOKUP: - case SSL_ERROR_WANT_CONNECT: - case SSL_ERROR_WANT_ACCEPT: - fprintf(stderr, "error: %s: invalid blocking state %d\n", op, subcode); - break; - case SSL_ERROR_SSL: - fprintf(stderr, "error: %s: TLS layer problem\n", op); - case SSL_ERROR_SYSCALL: - fprintf(stderr, "error: %s: system call failed: %s\n", op, strerror(errno)); - break; - case SSL_ERROR_ZERO_RETURN: - fprintf(stderr, "error: %s: zero return\n", op); - } - exit(1); -} - diff --git a/en-US/snippets/Features-TLS-Python-Close.xml b/en-US/snippets/Features-TLS-Python-Close.xml deleted file mode 100644 index fd20ff2..0000000 --- a/en-US/snippets/Features-TLS-Python-Close.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - -sock.close() - diff --git a/en-US/snippets/Features-TLS-Python-Use.xml b/en-US/snippets/Features-TLS-Python-Use.xml deleted file mode 100644 index 08690ca..0000000 --- a/en-US/snippets/Features-TLS-Python-Use.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -sock.write("GET / HTTP/1.1\r\nHost: " + host + "\r\n\r\n") -print sock.read() - diff --git a/en-US/snippets/Go-Error_Handling-IO.xml b/en-US/snippets/Go-Error_Handling-IO.xml deleted file mode 100644 index 818d1da..0000000 --- a/en-US/snippets/Go-Error_Handling-IO.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - -func IOError(r io.Reader, buf []byte, processor Processor, - handler ErrorHandler) (message string, err error) { - n, err := r.Read(buf) - // First check for available data. - if n > 0 { - message, err = processor.Process(buf[0:n]) - // Regular error handling. - if err != nil { - handler.Handle(err) - return "", err - } - } - // Then handle any error. - if err != nil { - handler.Handle(err) - return "", err - } - return -} - diff --git a/en-US/snippets/Go-Error_Handling-Regular.xml b/en-US/snippets/Go-Error_Handling-Regular.xml deleted file mode 100644 index c7f4bc7..0000000 --- a/en-US/snippets/Go-Error_Handling-Regular.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - -type Processor interface { - Process(buf []byte) (message string, err error) -} - -type ErrorHandler interface { - Handle(err error) -} - -func RegularError(buf []byte, processor Processor, - handler ErrorHandler) (message string, err error) { - message, err = processor.Process(buf) - if err != nil { - handler.Handle(err) - return "", err - } - return -} - diff --git a/en-US/snippets/Java-Finally.xml b/en-US/snippets/Java-Finally.xml deleted file mode 100644 index b32ec36..0000000 --- a/en-US/snippets/Java-Finally.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - -InputStream in = new BufferedInputStream(new FileInputStream(path)); -try { - readFile(in); -} finally { - in.close(); -} - diff --git a/en-US/snippets/Java-JNI-Pointers.xml b/en-US/snippets/Java-JNI-Pointers.xml deleted file mode 100644 index 95d386e..0000000 --- a/en-US/snippets/Java-JNI-Pointers.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - -JNIEXPORT jint JNICALL Java_sum - (JNIEnv *jEnv, jclass clazz, jbyteArray buffer, jint offset, jint length) -{ - assert(sizeof(jint) == sizeof(unsigned)); - if (offset < 0 || length < 0) { - (*jEnv)->ThrowNew(jEnv, arrayIndexOutOfBoundsExceptionClass, - "negative offset/length"); - return 0; - } - unsigned uoffset = offset; - unsigned ulength = length; - // This cannot overflow because of the check above. - unsigned totallength = uoffset + ulength; - unsigned actuallength = (*jEnv)->GetArrayLength(jEnv, buffer); - if (totallength > actuallength) { - (*jEnv)->ThrowNew(jEnv, arrayIndexOutOfBoundsExceptionClass, - "offset + length too large"); - return 0; - } - unsigned char *ptr = (*jEnv)->GetPrimitiveArrayCritical(jEnv, buffer, 0); - if (ptr == NULL) { - return 0; - } - unsigned long long sum = 0; - for (unsigned char *p = ptr + uoffset, *end = p + ulength; p != end; ++p) { - sum += *p; - } - (*jEnv)->ReleasePrimitiveArrayCritical(jEnv, buffer, ptr, 0); - return sum; -} - diff --git a/en-US/snippets/Java-Language-ReadArray.xml b/en-US/snippets/Java-Language-ReadArray.xml deleted file mode 100644 index 1470795..0000000 --- a/en-US/snippets/Java-Language-ReadArray.xml +++ /dev/null @@ -1,39 +0,0 @@ - - - - -static byte[] readBytes(InputStream in, int length) throws IOException { - final int startSize = 65536; - byte[] b = new byte[Math.min(length, startSize)]; - int filled = 0; - while (true) { - int remaining = b.length - filled; - readFully(in, b, filled, remaining); - if (b.length == length) { - break; - } - filled = b.length; - if (length - b.length <= b.length) { - // Allocate final length. Condition avoids overflow. - b = Arrays.copyOf(b, length); - } else { - b = Arrays.copyOf(b, b.length * 2); - } - } - return b; -} - -static void readFully(InputStream in,byte[] b, int off, int len) - throws IOException { - int startlen = len; - while (len > 0) { - int count = in.read(b, off, len); - if (count < 0) { - throw new EOFException(); - } - off += count; - len -= count; - } -} - diff --git a/en-US/snippets/Java-SecurityManager-Callback.xml b/en-US/snippets/Java-SecurityManager-Callback.xml deleted file mode 100644 index 634d62f..0000000 --- a/en-US/snippets/Java-SecurityManager-Callback.xml +++ /dev/null @@ -1,40 +0,0 @@ - - - - -interface Callback<T> { - T call(boolean flag); -} - -class CallbackInvoker<T> { - private final AccessControlContext context; - Callback<T> callback; - - CallbackInvoker(Callback<T> callback) { - context = AccessController.getContext(); - this.callback = callback; - } - - public T invoke() { - // Obtain increased privileges. - return AccessController.doPrivileged(new PrivilegedAction<T>() { - @Override - public T run() { - // This operation would fail without - // additional privileges. - final boolean flag = Boolean.getBoolean("some.property"); - - // Restore the original privileges. - return AccessController.doPrivileged( - new PrivilegedAction<T>() { - @Override - public T run() { - return callback.call(flag); - } - }, context); - } - }); - } -} - diff --git a/en-US/snippets/Java-SecurityManager-CurrentDirectory.xml b/en-US/snippets/Java-SecurityManager-CurrentDirectory.xml deleted file mode 100644 index 1a4d022..0000000 --- a/en-US/snippets/Java-SecurityManager-CurrentDirectory.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -permissions.add(new FilePermission( - System.getProperty("user.dir") + "/-", "read")); - diff --git a/en-US/snippets/Java-SecurityManager-Privileged.xml b/en-US/snippets/Java-SecurityManager-Privileged.xml deleted file mode 100644 index b700a0e..0000000 --- a/en-US/snippets/Java-SecurityManager-Privileged.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - -// This is expected to fail. -try { - System.out.println(System.getProperty("user.home")); -} catch (SecurityException e) { - e.printStackTrace(System.err); -} -AccessController.doPrivileged(new PrivilegedAction<Void>() { - public Void run() { - // This should work. - System.out.println(System.getProperty("user.home")); - return null; - } - }); - diff --git a/en-US/snippets/Java-SecurityManager-Unprivileged.xml b/en-US/snippets/Java-SecurityManager-Unprivileged.xml deleted file mode 100644 index 29bb4f5..0000000 --- a/en-US/snippets/Java-SecurityManager-Unprivileged.xml +++ /dev/null @@ -1,28 +0,0 @@ - - - - -Permissions permissions = new Permissions(); - ProtectionDomain protectionDomain = - new ProtectionDomain(null, permissions); - AccessControlContext context = new AccessControlContext( - new ProtectionDomain[] { protectionDomain }); - -// This is expected to succeed. -try (FileInputStream in = new FileInputStream(path)) { - System.out.format("FileInputStream: %s%n", in); -} - -AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - // This code runs with reduced privileges and is - // expected to fail. - try (FileInputStream in = new FileInputStream(path)) { - System.out.format("FileInputStream: %s%n", in); - } - return null; - } - }, context); - diff --git a/en-US/snippets/Java-TryWithResource.xml b/en-US/snippets/Java-TryWithResource.xml deleted file mode 100644 index a9f13f6..0000000 --- a/en-US/snippets/Java-TryWithResource.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - -try (InputStream in = new BufferedInputStream(new FileInputStream(path))) { - readFile(in); -} - diff --git a/en-US/snippets/Shell-Input_Validation.xml b/en-US/snippets/Shell-Input_Validation.xml deleted file mode 100644 index 61cb7d1..0000000 --- a/en-US/snippets/Shell-Input_Validation.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - -if [[ $value =~ ^-?[0-9]+$ ]] ; then - echo value is an integer -else - echo "value is not an integer" 1>&2 - exit 1 -fi - diff --git a/en-US/snippets/Tasks-Serialization-XML-Expat-Create.xml b/en-US/snippets/Tasks-Serialization-XML-Expat-Create.xml deleted file mode 100644 index dd8724d..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-Expat-Create.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - -XML_Parser parser = XML_ParserCreate("UTF-8"); -if (parser == NULL) { - fprintf(stderr, "XML_ParserCreate failed\n"); - close(fd); - exit(1); -} -// EntityDeclHandler needs a reference to the parser to stop -// parsing. -XML_SetUserData(parser, parser); -// Disable entity processing, to inhibit entity expansion. -XML_SetEntityDeclHandler(parser, EntityDeclHandler); - diff --git a/en-US/snippets/Tasks-Serialization-XML-Expat-EntityDeclHandler.xml b/en-US/snippets/Tasks-Serialization-XML-Expat-EntityDeclHandler.xml deleted file mode 100644 index 2a982f4..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-Expat-EntityDeclHandler.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - -// Stop the parser when an entity declaration is encountered. -static void -EntityDeclHandler(void *userData, - const XML_Char *entityName, int is_parameter_entity, - const XML_Char *value, int value_length, - const XML_Char *base, const XML_Char *systemId, - const XML_Char *publicId, const XML_Char *notationName) -{ - XML_StopParser((XML_Parser)userData, XML_FALSE); -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Errors.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Errors.xml deleted file mode 100644 index 928d79b..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Errors.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - -class Errors implements ErrorHandler { - @Override - public void warning(SAXParseException exception) { - exception.printStackTrace(); - } - - @Override - public void fatalError(SAXParseException exception) { - exception.printStackTrace(); - } - - @Override - public void error(SAXParseException exception) { - exception.printStackTrace(); - } -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Imports.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Imports.xml deleted file mode 100644 index 61f0965..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-Imports.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - -import javax.xml.XMLConstants; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.parsers.SAXParser; -import javax.xml.parsers.SAXParserFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.sax.SAXSource; -import javax.xml.validation.Schema; -import javax.xml.validation.SchemaFactory; -import javax.xml.validation.Validator; - -import org.w3c.dom.Document; -import org.w3c.dom.ls.LSInput; -import org.w3c.dom.ls.LSResourceResolver; -import org.xml.sax.EntityResolver; -import org.xml.sax.ErrorHandler; -import org.xml.sax.InputSource; -import org.xml.sax.SAXException; -import org.xml.sax.SAXParseException; -import org.xml.sax.XMLReader; - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoEntityResolver.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoEntityResolver.xml deleted file mode 100644 index e1d1049..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoEntityResolver.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - -class NoEntityResolver implements EntityResolver { - @Override - public InputSource resolveEntity(String publicId, String systemId) - throws SAXException, IOException { - // Throwing an exception stops validation. - throw new IOException(String.format( - "attempt to resolve \"%s\" \"%s\"", publicId, systemId)); - } -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoResourceResolver.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoResourceResolver.xml deleted file mode 100644 index 6eae01a..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK-NoResourceResolver.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - -class NoResourceResolver implements LSResourceResolver { - @Override - public LSInput resolveResource(String type, String namespaceURI, - String publicId, String systemId, String baseURI) { - // Throwing an exception stops validation. - throw new RuntimeException(String.format( - "resolution attempt: type=%s namespace=%s " + - "publicId=%s systemId=%s baseURI=%s", - type, namespaceURI, publicId, systemId, baseURI)); - } -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-DOM.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-DOM.xml deleted file mode 100644 index f04a2af..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-DOM.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - -DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); -// Impose restrictions on the complexity of the DTD. -factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - -// Turn on validation. -// This step can be omitted if validation is not desired. -factory.setValidating(true); - -// Parse the document. -DocumentBuilder builder = factory.newDocumentBuilder(); -builder.setEntityResolver(new NoEntityResolver()); -builder.setErrorHandler(new Errors()); -Document document = builder.parse(inputStream); - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM.xml deleted file mode 100644 index b4ecf6c..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - -SchemaFactory factory = SchemaFactory.newInstance( - XMLConstants.W3C_XML_SCHEMA_NS_URI); - -// This enables restrictions on schema complexity. -factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - -// The following line prevents resource resolution -// by the schema itself. -factory.setResourceResolver(new NoResourceResolver()); - -Schema schema = factory.newSchema(schemaFile); - -Validator validator = schema.newValidator(); - -// This prevents external resource resolution. -validator.setResourceResolver(new NoResourceResolver()); -validator.validate(new DOMSource(document)); - diff --git a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX.xml b/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX.xml deleted file mode 100644 index 2f6c6c9..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - -SchemaFactory factory = SchemaFactory.newInstance( - XMLConstants.W3C_XML_SCHEMA_NS_URI); - -// This enables restrictions on the schema and document -// complexity. -factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - -// This prevents resource resolution by the schema itself. -// If the schema is trusted and references additional files, -// this line must be omitted, otherwise loading these files -// will fail. -factory.setResourceResolver(new NoResourceResolver()); - -Schema schema = factory.newSchema(schemaFile); -Validator validator = schema.newValidator(); - -// This prevents external resource resolution. -validator.setResourceResolver(new NoResourceResolver()); - -validator.validate(new SAXSource(new InputSource(inputStream))); - diff --git a/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityHandler.xml b/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityHandler.xml deleted file mode 100644 index 3a5ef31..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityHandler.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - -class NoEntityHandler : public QXmlDeclHandler { -public: - bool attributeDecl(const QString&, const QString&, const QString&, - const QString&, const QString&); - bool internalEntityDecl(const QString&, const QString&); - bool externalEntityDecl(const QString&, const QString&, - const QString&); - QString errorString() const; -}; - - bool -NoEntityHandler::attributeDecl - (const QString&, const QString&, const QString&, const QString&, - const QString&) -{ - return false; -} - -bool -NoEntityHandler::internalEntityDecl(const QString&, const QString&) -{ - return false; -} - -bool -NoEntityHandler::externalEntityDecl(const QString&, const QString&, const - QString&) -{ - return false; -} - -QString -NoEntityHandler::errorString() const -{ - return "XML declaration not permitted"; -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityReader.xml b/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityReader.xml deleted file mode 100644 index 0a70fa4..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-Qt-NoEntityReader.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - -class NoEntityReader : public QXmlSimpleReader { - NoEntityHandler handler; -public: - NoEntityReader(); - void setDeclHandler(QXmlDeclHandler *); -}; - - NoEntityReader::NoEntityReader() -{ - QXmlSimpleReader::setDeclHandler(&handler); - setFeature("http://xml.org/sax/features/namespaces", true); - setFeature("http://xml.org/sax/features/namespace-prefixes", false); - } - -void -NoEntityReader::setDeclHandler(QXmlDeclHandler *) -{ - // Ignore the handler which was passed in. -} - diff --git a/en-US/snippets/Tasks-Serialization-XML-Qt-QDomDocument.xml b/en-US/snippets/Tasks-Serialization-XML-Qt-QDomDocument.xml deleted file mode 100644 index ff0e056..0000000 --- a/en-US/snippets/Tasks-Serialization-XML-Qt-QDomDocument.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - -NoEntityReader reader; -QBuffer buffer(&data); -buffer.open(QIODevice::ReadOnly); -QXmlInputSource source(&buffer); -QDomDocument doc; -QString errorMsg; -int errorLine; -int errorColumn; -bool okay = doc.setContent - (&source, &reader, &errorMsg, &errorLine, &errorColumn); - From feee81cd3d878338010fa893b9682f38e0d66e66 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Apr 06 2017 08:59:38 +0000 Subject: [PATCH 27/73] serialization: mention protocol buffers --- diff --git a/en-US/Tasks-Serialization.xml b/en-US/Tasks-Serialization.xml index 81ba061..3ed4a18 100644 --- a/en-US/Tasks-Serialization.xml +++ b/en-US/Tasks-Serialization.xml @@ -227,6 +227,12 @@ serve as an encoding form for any if the serialization frameworks listed above. + + For serialization in C and C++ projects, the Protocol Buffers serialization + (protobuf) provides type safe automated serialization + by relying on code generation. It is positioned as similar, but simpler and + more efficient to XML serialization. +
From ee5ed3cb258c4971b251fab4eb4b747b894bcecb Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Apr 06 2017 09:07:38 +0000 Subject: [PATCH 28/73] added known issues text --- diff --git a/KNOWN-ISSUES.md b/KNOWN-ISSUES.md new file mode 100644 index 0000000..1f6387d --- /dev/null +++ b/KNOWN-ISSUES.md @@ -0,0 +1,7 @@ +# Known issues + + * No mention of rust + * Enhance sections on serialization with examples of protocol buffers + * No mention of process isolation mechanisms/sandboxing (seccomp) + * No mention of programming with SELinux for safety + From 033cc8d450a73ddc54965048823234eb0d3ca115 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Aug 23 2017 13:11:41 +0000 Subject: [PATCH 29/73] link to packaging guidelines on generating certificates In addition make sure that getrandom() is mentioned. Resolves #15 --- diff --git a/en-US/Tasks-Packaging.xml b/en-US/Tasks-Packaging.xml index 3e3feab..1da1083 100644 --- a/en-US/Tasks-Packaging.xml +++ b/en-US/Tasks-Packaging.xml @@ -21,7 +21,8 @@ when preparing system images for use in the cluster is reasonable. For other use cases, it is necessary to generate the key pair before the service is started for the first time, - see . + see , + and Packaging:Initial Service Setup. @@ -149,8 +150,7 @@ fi Creating the key pair at package installation time (see ) would put the key into the image, which may or may not make - sense. - + sense. The caveats about the way the key is generated in random: nonblocking pool is initialized. In - theory, it is also possible to read from + random: nonblocking pool is initialized, or + ensure that the application used for generating the keys + is utilizing the getrandom() system call. + + + In theory, it is also possible to use an application which reads from /dev/random while generating the key material (instead of /dev/urandom), but this can block not just during the boot process, but also much later at run time, and generally results in a poor user experience. + + The requirements for generating such keys is documented at + Packaging:Initial Service Setup. +
From d770bb0b86d9a1ffa6cd04e97da6baa472557cab Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Oct 12 2017 19:29:53 +0000 Subject: [PATCH 30/73] Merge branch 'tmp-update-self-signed-section' into 'master' link to packaging guidelines on generating certificates Closes #15 See merge request redhat-sectech/defensive-coding-guide!5 --- diff --git a/en-US/Tasks-Packaging.xml b/en-US/Tasks-Packaging.xml index 3e3feab..1da1083 100644 --- a/en-US/Tasks-Packaging.xml +++ b/en-US/Tasks-Packaging.xml @@ -21,7 +21,8 @@ when preparing system images for use in the cluster is reasonable. For other use cases, it is necessary to generate the key pair before the service is started for the first time, - see . + see , + and Packaging:Initial Service Setup. @@ -149,8 +150,7 @@ fi Creating the key pair at package installation time (see ) would put the key into the image, which may or may not make - sense. - + sense. The caveats about the way the key is generated in random: nonblocking pool is initialized. In - theory, it is also possible to read from + random: nonblocking pool is initialized, or + ensure that the application used for generating the keys + is utilizing the getrandom() system call. + + + In theory, it is also possible to use an application which reads from /dev/random while generating the key material (instead of /dev/urandom), but this can block not just during the boot process, but also much later at run time, and generally results in a poor user experience. + + The requirements for generating such keys is documented at + Packaging:Initial Service Setup. +
From c755d1610c77a1d45a8e12b3cbc30426a7b9aaae Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 19 2017 14:58:27 +0000 Subject: [PATCH 31/73] Update Java-Language.xml - a typo in a title fixed --- diff --git a/en-US/Java-Language.xml b/en-US/Java-Language.xml index 991720e..45fa356 100644 --- a/en-US/Java-Language.xml +++ b/en-US/Java-Language.xml @@ -12,7 +12,7 @@
- Inceasing robustness when reading arrays + Increasing robustness when reading arrays External data formats often include arrays, and the data is stored as an integer indicating the number of array elements, From 9081a72a294929d4ad0c02723428da1aef0bac0f Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 20 2017 11:02:31 +0000 Subject: [PATCH 32/73] Update Tasks-File_System.xml - Title Case fixed --- diff --git a/en-US/Tasks-File_System.xml b/en-US/Tasks-File_System.xml index ee3eb17..a68fca2 100644 --- a/en-US/Tasks-File_System.xml +++ b/en-US/Tasks-File_System.xml @@ -2,7 +2,7 @@ - File system manipulation + File System Manipulation In this chapter, we discuss general file system manipulation, with a focus on access files and directories to which an other, @@ -13,7 +13,7 @@ linkend="chap-Defensive_Coding-Tasks-Temporary_Files"/>.
- Working with files and directories owned by other users + Working with Files and Directories Owned by Other Users Sometimes, it is necessary to operate on files and directories owned by other (potentially untrusted) users. For example, a @@ -145,7 +145,7 @@
- Accessing the file system as a different user + Accessing the File System as a Different User This section deals with access to the file system as a specific user. This is different from accessing files and directories owned by a @@ -178,7 +178,7 @@
- File system limits + File System Limits For historical reasons, there are preprocessor constants such as PATH_MAX, NAME_MAX. @@ -320,7 +320,7 @@
- Checking free space + Checking Free Space The statvfs and fstatvfs functions allow programs to From fde22c3d7cb6a5ae82e567990d1b3b0b600c48b2 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 20 2017 11:05:27 +0000 Subject: [PATCH 33/73] Update Tasks-Descriptors.xml - Title case fixed --- diff --git a/en-US/Tasks-Descriptors.xml b/en-US/Tasks-Descriptors.xml index 7b92ab9..1d30b97 100644 --- a/en-US/Tasks-Descriptors.xml +++ b/en-US/Tasks-Descriptors.xml @@ -17,7 +17,7 @@ which can sometimes grow very large.
- Closing descriptors + Closing Descriptors If a descriptor is no longer used by a program and is not closed explicitly, its number cannot be reused (which is problematic in @@ -28,7 +28,7 @@ possible, but not earlier.
- Error handling during descriptor close + Error Handling during Descriptor Close The close system call is always successful in the sense that the passed file descriptor is @@ -45,7 +45,7 @@
- Closing descriptors and race conditions + Closing Descriptors and Race Conditions Unlike process IDs, which are recycle only gradually, the kernel always allocates the lowest unused file descriptor when @@ -85,7 +85,7 @@
- Lingering state after close + Lingering State after Close By default, closing a stream socket returns immediately, and the kernel will try to send the data in the background. This @@ -120,7 +120,7 @@
- Preventing file descriptor leaks to child processes + Preventing File Descriptor Leaks to Child Processes Child processes created with fork share the initial set of file descriptors with their parent @@ -193,7 +193,7 @@
- Dealing with the <function>select</function> limit + Dealing with the <function>select</function> Limit By default, a user is allowed to open only 1024 files in a single process, but the system administrator can easily change From 3d48e21215d65784467eb64c6609c87d875a4883 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 20 2017 11:22:04 +0000 Subject: [PATCH 34/73] Update Tasks-Temporary_Files.xml - Title Case fixed --- diff --git a/en-US/Tasks-Temporary_Files.xml b/en-US/Tasks-Temporary_Files.xml index 45cefdf..842cdcb 100644 --- a/en-US/Tasks-Temporary_Files.xml +++ b/en-US/Tasks-Temporary_Files.xml @@ -2,7 +2,7 @@ - Temporary files + Temporary Files In this chapter, we describe how to create temporary files and directories, how to remove them, and how to work with programs @@ -58,7 +58,7 @@
- Obtaining the location of temporary directory + Obtaining the Location of Temporary Directory Some functions below need the location of a directory which stores temporary files. For C/C++ programs, use the following @@ -96,7 +96,7 @@
- Named temporary files + Named Temporary Files The mkostemp function creates a named temporary file. You should specify the @@ -143,7 +143,7 @@
- Temporary files without names + Temporary Files without Names The tmpfile function creates a temporary file and immediately deletes it, while keeping the file open. @@ -170,7 +170,7 @@
- Temporary directories + Temporary Directories The mkdtemp function can be used to create a temporary directory. (For determining the directory part of @@ -199,7 +199,7 @@
- Compensating for unsafe file creation + Compensating for Unsafe File Creation There are two ways to make a function or program which excepts a file name safe for use with temporary files. See From fa8dcdcbb912b045db648a6c703ec11dbea77e91 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 20 2017 11:51:48 +0000 Subject: [PATCH 35/73] Update Tasks-Processes.xml - Title Case and an adj. fixed --- diff --git a/en-US/Tasks-Processes.xml b/en-US/Tasks-Processes.xml index 8175c21..9176155 100644 --- a/en-US/Tasks-Processes.xml +++ b/en-US/Tasks-Processes.xml @@ -5,7 +5,7 @@ Processes
- Safe process creation + Creating Safe Processes This section describes how to create new child processes in a safe manner. In addition to the concerns addressed below, there @@ -37,7 +37,7 @@
- Bypassing the shell + Bypassing the Shell Child processes should be created without involving the system shell. @@ -85,7 +85,7 @@
- Specifying the process environment + Specifying the Process Environment Child processes should be created with a minimal set of environment variables. This is absolutely essential if there @@ -169,7 +169,7 @@
- Robust argument list processing + Robust Argument List Processing When invoking a program, it is sometimes necessary to include data from untrusted sources. Such data should be checked @@ -202,7 +202,7 @@
- Passing secrets to subprocesses + Passing Secrets to Subprocesses The command line (the name of the program and its argument) of a running process is traditionally available to all local @@ -237,7 +237,7 @@
- Handling child process termination + Handling Child Process Termination When child processes terminate, the parent process is signalled. A stub of the terminated processes (a @@ -323,7 +323,7 @@
- Accessing environment variables + Accessing Environment Variables The following steps are required so that a program does not accidentally pick up untrusted data from environment @@ -443,7 +443,7 @@
- Semantics of command line arguments + Semantics of Command-line Arguments @@ -469,7 +469,7 @@
- <function>fork</function> as a primitive for parallelism + <function>fork</function> as a Primitive for Parallelism A call to fork which is not immediately followed by a call to execve (perhaps after From 2008d1a82927f60efb12c6728eb5d298bbd9fb07 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 20 2017 12:04:24 +0000 Subject: [PATCH 36/73] Update Tasks-Serialization.xml - Title Case and an adj. fixed --- diff --git a/en-US/Tasks-Serialization.xml b/en-US/Tasks-Serialization.xml index 3ed4a18..60ad18b 100644 --- a/en-US/Tasks-Serialization.xml +++ b/en-US/Tasks-Serialization.xml @@ -12,7 +12,7 @@
- Recommendations for manually written decoders + Recommendations for Manually-written Decoders For C and C++, the advice in applies. In @@ -33,7 +33,7 @@
- Protocol design + Protocol Design Binary formats with explicit length fields are more difficult to parse robustly than those where the length of dynamically-sized @@ -176,7 +176,7 @@
Library - support for deserialization + Support for Deserialization For some languages, generic libraries are available which allow to serialize and deserialize user-defined objects. The @@ -236,11 +236,11 @@
- XML serialization + XML Serialization
- External references + External References XML documents can contain external references. They can occur in various places. @@ -306,7 +306,7 @@
- Entity expansion + Entity Expansion When external DTD processing is disabled, an internal DTD subset can still contain entity definitions. Entity @@ -329,7 +329,7 @@
- XInclude processing + XInclude Processing XInclude processing can reference file and network resources and include them into the document, much like external entity @@ -397,7 +397,7 @@
- Using Qt for XML parsing + Using Qt for XML Parsing The XML component of Qt, QtXml, does not resolve external IDs by default, so it is not requred to prevent such resolution. @@ -453,7 +453,7 @@
- Using OpenJDK for XML parsing and validation + Using OpenJDK for XML Parsing and Validation OpenJDK contains facilities for DOM-based, SAX-based, and StAX-based document parsing. Documents can be validated @@ -525,7 +525,7 @@
- XML Schema validation in OpenJDK + XML Schema Validation in OpenJDK shows how to validate a document against an XML Schema, @@ -562,7 +562,7 @@
- Other XML parsers in OpenJDK + Other XML Parsers in OpenJDK OpenJDK contains additional XML parsing and processing facilities. Some of them are insecure. From 2c48effda9fa0977a8d2a6d62657b8907c921987 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 20 2017 12:09:03 +0000 Subject: [PATCH 37/73] Update Tasks-Packaging.xml - Title Case --- diff --git a/en-US/Tasks-Packaging.xml b/en-US/Tasks-Packaging.xml index 1da1083..09d748a 100644 --- a/en-US/Tasks-Packaging.xml +++ b/en-US/Tasks-Packaging.xml @@ -2,7 +2,7 @@ - RPM packaging + RPM Packaging This chapter deals with security-related concerns around RPM packaging. It has to be read in conjunction with From 6f40b81eb07247aa4d6336bf25b18a831649bc8b Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 14:42:25 +0000 Subject: [PATCH 38/73] Update C-Language.xml - Title Case --- diff --git a/en-US/C-Language.xml b/en-US/C-Language.xml index 8f6f74d..12b0845 100644 --- a/en-US/C-Language.xml +++ b/en-US/C-Language.xml @@ -2,14 +2,14 @@
- The core language + The Core Language C provides no memory safety. Most recommendations in this section deal with this aspect of the language.
- Undefined behavior + Undefined Behavior Some C constructs are defined to be undefined by the C standard. This does not only mean that the standard does not describe @@ -32,7 +32,7 @@
- Recommendations for pointers and array handling + Recommendations for Pointers and Array Handling Always keep track of the size of the array you are working with. Often, code is more obviously correct when you keep a pointer @@ -75,7 +75,7 @@
- Recommendations for integer arithmetic + Recommendations for Integer Arithmetic Overflow in signed integer arithmetic is undefined. This means that it is not possible to check for overflow after it happened, @@ -174,7 +174,7 @@
- Global variables + Global Variables Global variables should be avoided because they usually lead to thread safety hazards. In any case, they should be declared From ab317f970c8a06b18d41da4a2d3d73355ed52792 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 14:46:34 +0000 Subject: [PATCH 39/73] Update C-Libc.xml - typos, title case --- diff --git a/en-US/C-Libc.xml b/en-US/C-Libc.xml index 75be572..2a48c44 100644 --- a/en-US/C-Libc.xml +++ b/en-US/C-Libc.xml @@ -2,10 +2,10 @@
- The C standard library + The C Standard Library Parts of the C standard library (and the UNIX and GNU extensions) - are difficult to use, so you shoud avoid them. + are difficult to use, so you should avoid them. Please check the applicable documentation before using the @@ -14,7 +14,7 @@ deallocate explicitly using free.
- Absolutely banned interfaces + Absolutely Banned Interfaces The functions listed below must not be used because they are almost always unsafe. Use the indicated replacements instead. @@ -92,7 +92,7 @@
- Functions to avoid + Functions to Avoid The following string manipulation functions can be used securely in principle, but their use should be avoided because they are @@ -167,7 +167,7 @@
- String Functions With Explicit Length Arguments + String Functions with Explicit Length Arguments The C run-time library provides string manipulation functions which not just look for NUL characters for string termination, @@ -204,7 +204,7 @@ that adding the result of snprintf to the buffer pointer to skip over the characters just written is incorrect and risky. However, as long as the length argument - is not zero, the buffer will remain NUL-terminated. works because end -current > 0 is a loop invariant. After the loop, the result string is in the @@ -231,7 +231,7 @@
- <literal>vsnprintf</literal> and format strings + <literal>vsnprintf</literal> and Format Strings If you use vsnprintf (or vasprintf or even @@ -252,7 +252,7 @@ <function>strncpy</function> The strncpy function does not ensure that - the target buffer is NUL-terminated. A common idiom for + the target buffer is null-terminated. A common idiom for ensuring NUL termination is: From c907ca6836299bdf7963f8b59200a3696e6cdb69 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 14:49:13 +0000 Subject: [PATCH 40/73] Update C-Allocators.xml - typos, title case --- diff --git a/en-US/C-Allocators.xml b/en-US/C-Allocators.xml index 87d2682..49f4849 100644 --- a/en-US/C-Allocators.xml +++ b/en-US/C-Allocators.xml @@ -2,10 +2,10 @@
- Memory allocators + Memory Allocators
- <function>malloc</function> and related functions + <function>malloc</function> and Related Functions The C library interfaces for memory allocation are provided by malloc, free and @@ -49,7 +49,7 @@
- Handling memory allocation errors + Handling Memory Allocation Errors Recovering from out-of-memory errors is often difficult or even impossible. In these cases, malloc and @@ -71,8 +71,8 @@
- <function>alloca</function> and other forms of stack-based - allocation + <function>alloca</function> and Other Forms of Stack-based + Allocation Allocation on the stack is risky because stack overflow checking is implicit. There is a guard page at the end of the memory @@ -96,7 +96,7 @@ if the allocated size is less than the page size (typically, 4096 bytes), but this case is relatively rare.) Additionally, relying on alloca makes it more difficult - to reorgnize the code because it is not allowed to use the + to reorganize the code because it is not allowed to use the pointer after the function calling alloca has returned, even if this function has been inlined into its caller. @@ -125,7 +125,7 @@
- Array allocation + Array Allocation When allocating arrays, it is important to check for overflows. The calloc function performs such checks. @@ -141,7 +141,7 @@
- Custom memory allocators + Custom Memory Allocators Custom memory allocates come in two forms: replacements for malloc, and completely different interfaces @@ -173,7 +173,7 @@ It can be difficult to beat well-tuned general-purpose - allocators. In micro-benchmarks, pool allocators can show + allocators. In micro benchmarks, pool allocators can show huge wins, and size-specific pools can reduce internal fragmentation. But often, utilization of individual pools is poor, and external fragmentation increases the overall @@ -184,7 +184,7 @@
- Conservative garbage collection + Conservative Garbage Collection Garbage collection can be an alternative to explicit memory management using malloc and @@ -197,7 +197,7 @@ However, using a conservative garbage collector may reduce - opertunities for code reduce because once one library in a + opportunities for code reduce because once one library in a program uses garbage collection, the whole process memory needs to be subject to it, so that no pointers are missed. The Boehm-Dehmers-Weiser collector also reserves certain signals for From 07064c183ffd5b21a3de27a3f7acaa5283d52b34 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:04:42 +0000 Subject: [PATCH 41/73] Update C-Other.xml - title case --- diff --git a/en-US/C-Other.xml b/en-US/C-Other.xml index 2394eba..e6781af 100644 --- a/en-US/C-Other.xml +++ b/en-US/C-Other.xml @@ -2,9 +2,9 @@
- Other C-related topics + Other C-related Topics
- Wrapper functions + Wrapper Functions Some libraries provide wrappers for standard library functions. Common cases include allocation functions such as From 3dde0c102dd3ba745e36b2e2723110b5bfb20ec8 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:22:20 +0000 Subject: [PATCH 42/73] Update Java-Language.xml - title case --- diff --git a/en-US/Java-Language.xml b/en-US/Java-Language.xml index 45fa356..c6eda5b 100644 --- a/en-US/Java-Language.xml +++ b/en-US/Java-Language.xml @@ -2,7 +2,7 @@
- The core language + The Core Language Implementations of the Java programming language provide strong memory safety, even in the presence of data races in concurrent @@ -12,7 +12,7 @@
- Increasing robustness when reading arrays + Increasing Robustness when Reading Arrays External data formats often include arrays, and the data is stored as an integer indicating the number of array elements, @@ -40,7 +40,7 @@
- Resource management + Resource Management Unlike C++, Java does not offer destructors which can deallocate resources in a predictable fashion. All resource management has @@ -160,7 +160,7 @@
- Recovering from exceptions and errors + Recovering from Exceptions and Errors Java exceptions come in three kinds, all ultimately deriving from java.lang.Throwable: @@ -220,7 +220,7 @@
- The difficulty of catching errors + The Difficulty of Catching Errors Errors (that is, exceptions which do not (indirectly) derive from java.lang.Exception), have the From 96d02b8f9b47f12d3ba1dc78cbabaf02944d7ab1 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:23:56 +0000 Subject: [PATCH 43/73] Update Java-LowLevel.xml - title case --- diff --git a/en-US/Java-LowLevel.xml b/en-US/Java-LowLevel.xml index 025375f..18d507f 100644 --- a/en-US/Java-LowLevel.xml +++ b/en-US/Java-LowLevel.xml @@ -2,10 +2,10 @@
- Low-level features of the virtual machine + Low-level Features of the Virtual Machine
- <literal>Reflection and private parts</literal> + <literal>Reflection and Private Parts</literal> The setAccessible(boolean) method of the java.lang.reflect.AccessibleObject class From fc1c73f782263b01037e2247653d4928bc7b3bab Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:25:31 +0000 Subject: [PATCH 44/73] Update Java-SecurityManager.xml - title case --- diff --git a/en-US/Java-SecurityManager.xml b/en-US/Java-SecurityManager.xml index a321573..35fade8 100644 --- a/en-US/Java-SecurityManager.xml +++ b/en-US/Java-SecurityManager.xml @@ -2,7 +2,7 @@
- Interacting with the security manager + Interacting with the Security Manager The Java platform is largely implemented in the Java language itself. Therefore, within the same JVM, code runs which is part @@ -43,7 +43,7 @@
- Security manager compatibility + Security Manager Compatibility A lot of code can run without any additional permissions at all, with little changes. The following guidelines should help to @@ -81,7 +81,7 @@
- Activating the security manager + Activating the Security Manager The usual command to launch a Java application, java, does not activate the security manager. @@ -118,7 +118,7 @@ grant {
- Reducing trust in code + Reducing Trust in Code shows how to run a piece code of with reduced privileges. @@ -176,7 +176,7 @@ grant {
- Re-gaining privileges + Re-gaining Privileges Ordinarily, when trusted code is called from untrusted code, it loses its privileges (because of the untrusted stack frames From db9a3e424e1bea40bede397a0121154deb557487 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:26:55 +0000 Subject: [PATCH 45/73] Update Python.xml - title case --- diff --git a/en-US/Python.xml b/en-US/Python.xml index 5cfec8f..bb5c73b 100644 --- a/en-US/Python.xml +++ b/en-US/Python.xml @@ -35,7 +35,7 @@
- Dangerous standard library features + Dangerous Standard Library Features Some areas of the standard library, notably the ctypes module, do not provide memory safety @@ -45,7 +45,7 @@
- Run-time compilation and code generation + Run-time Compilation and Code Generation The following Python functions and statements related to code execution should be avoided: From 6882e1f2afa1089be83865f7c046c98f848628d9 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:29:56 +0000 Subject: [PATCH 46/73] Update Shell.xml - title case --- diff --git a/en-US/Shell.xml b/en-US/Shell.xml index 38212f6..b0fef4d 100644 --- a/en-US/Shell.xml +++ b/en-US/Shell.xml @@ -11,7 +11,7 @@ comparable syntax.
- Consider alternatives + Consider Alternatives Once a shell script is so complex that advice in this chapter applies, it is time to step back and consider the question: Is @@ -26,7 +26,7 @@
-Shell language features +Shell Language Features The following sections cover subtleties concerning the shell programming languages. They have been written with the @@ -40,7 +40,7 @@ programming language.
- Parameter expansion + Parameter Expansion The mechanism by which named shell variables and parameters are expanded is called parameter expansion. The @@ -73,7 +73,7 @@ external-program "$arg1" "$arg2"
- Double expansion + Double Expansion Double expansion occurs when, during the expansion of a shell variable, not just the variable is expanded, @@ -103,7 +103,7 @@ external-program "$arg1" "$arg2" double expansion occurs.
- Arithmetic evaluation + Arithmetic Evaluation Arithmetic evaluation is a process by which the shell computes the integer value of an expression specified @@ -270,7 +270,7 @@ array_variable=(1 2 3 4)
- Other obscurities + Other Obscurities Obscure shell language features should not be used. Examples are: @@ -303,7 +303,7 @@ array_variable=(1 2 3 4)
-Invoking external commands +Invoking External Commands When passing shell variables as single command line arguments, they should always be surrounded by double quotes. See @@ -361,7 +361,7 @@ array_variable=(1 2 3 4)
- Temporary files + Temporary Files Temporary files should be created with the mktemp command, and temporary directories with @@ -375,7 +375,7 @@ array_variable=(1 2 3 4) variables. - Creating and cleaning up temporary files + Creating and Cleaning up Temporary Files tmpfile="$(mktemp)" @@ -390,7 +390,7 @@ trap cleanup 0
- Performing input validation + Performing Input Validation In some cases, input validation cannot be avoided. For example, if arithmetic evaluation is absolutely required, it is imperative @@ -422,7 +422,7 @@ trap cleanup 0
- Guarding shell scripts against changes + Guarding Shell Scripts Against Changes bash only reads a shell script up to the point it is needed for executed the next command. This means From 6eb9344ea09613b9f5efe5511bbc4bc6bfbdddff Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:30:41 +0000 Subject: [PATCH 47/73] Update Go.xml - title case --- diff --git a/en-US/Go.xml b/en-US/Go.xml index 06098e7..565e727 100644 --- a/en-US/Go.xml +++ b/en-US/Go.xml @@ -7,7 +7,7 @@ This chapter contains language-specific recommendations for Go.
- Memory safety + Memory Safety Go provides memory safety, but only if the program is not executed in parallel (that is, GOMAXPROCS is not larger than @@ -31,7 +31,7 @@
- Error handling + Error Handling Only a few common operations (such as pointer dereference, integer division, array subscripting) trigger exceptions in Go, called @@ -88,7 +88,7 @@
- Marshaling and unmarshaling + Marshaling and Unmarshaling Several packages in the encoding hierarchy provide support for serialization and deserialization. The usual From d0c00172ee8554e1437a80e6f4c6c9ab5939be88 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:33:09 +0000 Subject: [PATCH 48/73] Update Tasks-Library_Design.xml - typos, title case --- diff --git a/en-US/Tasks-Library_Design.xml b/en-US/Tasks-Library_Design.xml index 7c959ab..e10a6e4 100644 --- a/en-US/Tasks-Library_Design.xml +++ b/en-US/Tasks-Library_Design.xml @@ -4,16 +4,16 @@ Library Design - Throught this section, the term client code + Through this section, the term client code refers to applications and other libraries using the library.
- State management + State Management
- Global state + Global State Global state should be avoided. @@ -77,7 +77,7 @@
- Object orientation + Object Orientation Classes should be either designed as base classes, or it should be impossible to use them as base classes (like @@ -147,7 +147,7 @@
- Process attributes + Process Attributes Several attributes are global and affect all code in the process, not just the library that manipulates them. @@ -179,7 +179,7 @@ Library code should avoid manipulating these global process attributes. It should not rely on environment variables, umask, the current working directory and signal masks because these - attributes can be inherted from an untrusted source. + attributes can be inherited from an untrusted source. In addition, there are obvious process-wide aspects such as the From 0ddff13b5626077e81335982068a064ba7fb108e Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:36:22 +0000 Subject: [PATCH 49/73] Update Tasks-Descriptors.xml - typos fixed --- diff --git a/en-US/Tasks-Descriptors.xml b/en-US/Tasks-Descriptors.xml index 1d30b97..ca4c884 100644 --- a/en-US/Tasks-Descriptors.xml +++ b/en-US/Tasks-Descriptors.xml @@ -24,7 +24,7 @@ itself, see ), and the kernel resources are not freed. Therefore, it is important - to close all descriptors at the earlierst point in time + to close all descriptors at the earliest point in time possible, but not earlier.
@@ -54,7 +54,7 @@ descriptors, descriptors are reused very quickly. Unless descriptor closing and other operations on the same file descriptor are synchronized (typically, using a mutex), there - will be race coniditons and I/O operations will be applied to + will be race conditons and I/O operations will be applied to the wrong file descriptor. @@ -176,7 +176,7 @@ Traditionally, this was implemented as a loop over file descriptors ranging from 3 to 255 and later 1023. - But this is only an approximatio because it is possible to + But this is only an approximation because it is possible to create file descriptors outside this range easily (see ). Another approach reads /proc/self/fd From d6b1626253340219452ea9f949f55280eef26fa4 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:40:18 +0000 Subject: [PATCH 50/73] Update Tasks-Serialization.xml - grammar fixes --- diff --git a/en-US/Tasks-Serialization.xml b/en-US/Tasks-Serialization.xml index 60ad18b..7165a07 100644 --- a/en-US/Tasks-Serialization.xml +++ b/en-US/Tasks-Serialization.xml @@ -334,7 +334,7 @@ XInclude processing can reference file and network resources and include them into the document, much like external entity references. When parsing untrusted XML documents, XInclude - processing should be truned off. + processing should be turned off. XInclude processing is also fairly complex and may pull in @@ -345,7 +345,7 @@
- Algorithmic complexity of XML validation + Algorithmic Complexity of XML Validation DTD-based XML validation uses regular expressions for content models. The XML specification requires that content models @@ -389,7 +389,7 @@ xmlns:xi="http://www.w3.org/2001/XInclude" /> - It is also possible to reject internal DTD subsets altogeher, + It is also possible to reject internal DTD subsets altogether, using a suitable XML_StartDoctypeDeclHandler handler installed with XML_SetDoctypeDeclHandler. @@ -400,7 +400,7 @@ Using Qt for XML Parsing The XML component of Qt, QtXml, does not resolve external IDs - by default, so it is not requred to prevent such resolution. + by default, so it is not required to prevent such resolution. Internal entities are processed, though. To change that, a custom QXmlDeclHandler and QXmlSimpleReader subclasses are needed. It From a5b26341f5c526fd65699de4859c417666469adb Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:43:04 +0000 Subject: [PATCH 51/73] Update Tasks-Packaging.xml - title case --- diff --git a/en-US/Tasks-Packaging.xml b/en-US/Tasks-Packaging.xml index 09d748a..2d61af9 100644 --- a/en-US/Tasks-Packaging.xml +++ b/en-US/Tasks-Packaging.xml @@ -9,8 +9,8 @@ distribution-specific packaging guidelines.
- Generating X.509 self-signed certificates during - installation + Generating X.509 Self-signed Certificates during + Installation Some applications need X.509 certificates for authentication purposes. For example, a single private/public key pair could @@ -140,8 +140,8 @@ fi
- Generating X.509 self-signed certificates before service - start + Generating X.509 Self-signed Certificates before Service + Start An alternative way to automatically provide an X.509 key pair is to create it just before the service is started for the first From bf28080dd8d84c9a0f936645e8af9cda60523465 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:46:39 +0000 Subject: [PATCH 52/73] Update Tasks-Cryptography.xml - grammar fixes --- diff --git a/en-US/Tasks-Cryptography.xml b/en-US/Tasks-Cryptography.xml index 5e699c7..8843f07 100644 --- a/en-US/Tasks-Cryptography.xml +++ b/en-US/Tasks-Cryptography.xml @@ -45,7 +45,7 @@ linkend="chap-Defensive_Coding-TLS"/>). - In particlar, when using AES in CBC mode, it is necessary to + In particular, when using AES in CBC mode, it is necessary to add integrity checking by other means, preferably using HMAC-SHA-256 and after encryption (that is, on the encrypted cipher text). For AES in GCM mode, @@ -127,7 +127,7 @@ as syscall(SYS_getrandom, (void*)dest, (size_t)size, (unsigned int)0). For portable code targetting multiple kernel versions one has to check for the function being available on run-time, and switch to another - facility if the running kernel doesn't support this call. + facility if the running kernel does not support this call. From 2a3681b1b98f3726e7270ac12a1136c794a33aa9 Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Oct 23 2017 15:50:35 +0000 Subject: [PATCH 53/73] Update Features-Authentication.xml - grammar fixes --- diff --git a/en-US/Features-Authentication.xml b/en-US/Features-Authentication.xml index c32792a..e63eaf1 100644 --- a/en-US/Features-Authentication.xml +++ b/en-US/Features-Authentication.xml @@ -5,7 +5,7 @@ Authentication and Authorization
- Authenticating servers + Authenticating Servers When connecting to a server, a client has to make sure that it is actually talking to the server it expects. There are two @@ -23,9 +23,9 @@ - The server uses a TLS certificate which is expectedby the + The server uses a TLS certificate which is expected by the client (perhaps it is stored in a configuration file read by - the client). In this case, no host name checking is + the client). In this case, no host name checking is required. @@ -65,13 +65,13 @@
- Host-based authentication + Host-based Authentication Host-based authentication uses access control lists (ACLs) to - accept or deny requests from clients. Thsis authentication + accept or deny requests from clients. This authentication method comes in two flavors: IP-based (or, more generally, address-based) and name-based (with the name coming from DNS or - /etc/hosts). IP-based ACLs often use + /etc/hosts). IP-based ACLs often use prefix notation to extend access to entire subnets. Name-based ACLs sometimes use wildcards for adding groups of hosts (from entire DNS subtrees). (In the SSH context, host-based @@ -117,7 +117,7 @@
- UNIX domain socket authentication + UNIX Domain Socket Authentication UNIX domain sockets (with address family AF_UNIX or AF_LOCAL) are @@ -128,7 +128,7 @@ Nowadays, most systems support the SO_PEERCRED (Linux) or LOCAL_PEERCRED (FreeBSD) socket options, or - the getpeereid (other BSDs, MacOS X). + the getpeereid (other BSDs, OS X). These interfaces provide direct access to the (effective) user ID on the other end of a domain socket connect, without cooperation from the other end. @@ -157,14 +157,14 @@