From 363fc70f1ca7014404351bae558f2f3016065e64 Mon Sep 17 00:00:00 2001
From: Johannes Bauer <joe@johannes-bauer.com>
Date: Sat, 19 Oct 2019 14:47:54 +0200
Subject: [PATCH] Use pkg-config and have git-based version number

Use pkg-config to find OpenSSL headers and library. Use "git describe"
to determine current version.
---
 Makefile     | 12 +++++++-----
 binkeyfile.c | 30 +++++++++++++++---------------
 cmdline.c    | 22 +++++++++++-----------
 global.h     |  2 --
 4 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/Makefile b/Makefile
index e0bc81e..34f6d11 100644
--- a/Makefile
+++ b/Makefile
@@ -1,13 +1,15 @@
 .PHONY: all clean test testclient derive install
 all: luksrku luksrku-config
 
+BUILD_REVISION := $(shell git describe --abbrev=10 --dirty --always)
 INSTALL_PREFIX := /usr/local/
-CFLAGS := -std=c11 -Wall -Wextra -O2 -pthread -D_POSIX_SOURCE -D_XOPEN_SOURCE=500 -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter
+CFLAGS := -Wall -Wextra -Wshadow -Wswitch -Wpointer-arith -Wcast-qual -Wstrict-prototypes -Wmissing-prototypes -Werror=implicit-function-declaration -Werror=format -Wno-unused-parameter
+#CFLAGS := -Wall -Wextra -O2  -Wmissing-prototypes -Wstrict-prototypes
+CFLAGS += -std=c11 -pthread -D_POSIX_SOURCE -D_XOPEN_SOURCE=500 -DBUILD_REVISION='"$(BUILD_REVISION)"'
 #CFLAGS += -g -DDEBUG
-LDFLAGS := -lcrypto -lssl
-LDFLAGS += -L/usr/local/lib
-#LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a
-#LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a -ldl
+CFLAGS += `pkg-config --cflags openssl`
+
+LDFLAGS := `pkg-config --libs openssl`
 
 OBJS := luksrku.o server.o log.o openssl.o client.o keyfile.o msg.o binkeyfile.o util.o cmdline.o luks.o exec.o blacklist.o
 OBJS_CFG := luksrku-config.o keyfile.o binkeyfile.o parse-keyfile.o openssl.o log.o util.o
diff --git a/binkeyfile.c b/binkeyfile.c
index c9d4aa6..757c2d2 100644
--- a/binkeyfile.c
+++ b/binkeyfile.c
@@ -54,8 +54,8 @@ static void dump_key(const struct key_t *key) {
 /* Derives a previous key with known salt. Passphrase and salt must be set. */
 static bool derive_previous_key(struct key_t *key) {
 	const unsigned int maxalloc_mib = 8 + ((128 * SCRYPT_N * SCRYPT_r * SCRYPT_p + (1024 * 1024 - 1)) / 1024 / 1024);
-	log_msg(LLVL_DEBUG, "Deriving scrypt key with N = %u, r = %u, p = %u, i.e., ~%u MiB of memory", SCRYPT_N, SCRYPT_r, SCRYPT_p, maxalloc_mib);	
-	
+	log_msg(LLVL_DEBUG, "Deriving scrypt key with N = %u, r = %u, p = %u, i.e., ~%u MiB of memory", SCRYPT_N, SCRYPT_r, SCRYPT_p, maxalloc_mib);
+
 	const char *passphrase = (key->passphrase == NULL) ? "" : key->passphrase;
 	int pwlen = strlen(passphrase);
 	int result = EVP_PBE_scrypt(passphrase, pwlen, (unsigned char*)key->salt, BINKEYFILE_SALT_SIZE, SCRYPT_N, SCRYPT_r, SCRYPT_p, maxalloc_mib * 1024 * 1024, key->key, BINKEYFILE_KEY_SIZE);
@@ -71,7 +71,7 @@ static bool derive_previous_key(struct key_t *key) {
 
 static bool encrypt_aes256_gcm(const void *plaintext, unsigned int plaintext_len, unsigned char *key, unsigned char *iv, unsigned char *ciphertext, unsigned char *tag) {
 	bool success = true;
-	log_msg(LLVL_DEBUG, "Encrypting %u bytes of plaintext using AES256-GCM", plaintext_len);	
+	log_msg(LLVL_DEBUG, "Encrypting %u bytes of plaintext using AES256-GCM", plaintext_len);
 
 	EVP_CIPHER_CTX *ctx = NULL;
 	do {
@@ -82,8 +82,8 @@ static bool encrypt_aes256_gcm(const void *plaintext, unsigned int plaintext_len
 			success = false;
 			break;
 		}
-		if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {		
-			log_openssl(LLVL_FATAL, "Error in EVP_EncryptInit_ex");		
+		if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
+			log_openssl(LLVL_FATAL, "Error in EVP_EncryptInit_ex");
 			success = false;
 			break;
 		}
@@ -147,9 +147,9 @@ static bool encrypt_aes256_gcm(const void *plaintext, unsigned int plaintext_len
 static bool decrypt_aes256_gcm(unsigned char *ciphertext, unsigned int ciphertext_len, unsigned char *tag, unsigned char *key, unsigned char *iv, void *plaintext) {
 	bool success = true;
 	log_msg(LLVL_DEBUG, "Decrypting %u bytes of ciphertext using AES256-GCM", ciphertext_len);
-		
+
 	EVP_CIPHER_CTX *ctx = NULL;
-	do {	
+	do {
 		/* Create and initialise the context */
 		ctx = EVP_CIPHER_CTX_new();
 		if (!ctx) {
@@ -203,7 +203,7 @@ static bool decrypt_aes256_gcm(unsigned char *ciphertext, unsigned int ciphertex
 		/* Finalise the decryption. A positive return value indicates success,
 		 * anything else is a failure - the plaintext is not trustworthy. */
 		int padding_len = 0;
-		if (EVP_DecryptFinal_ex(ctx, plaintext + plaintext_len, &padding_len) <= 0) {
+		if (EVP_DecryptFinal_ex(ctx, (uint8_t*)plaintext + plaintext_len, &padding_len) <= 0) {
 			log_openssl(LLVL_FATAL, "Decryption of tail failed.");
 			success = false;
 			break;
@@ -240,8 +240,8 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
 	unsigned int plaintext_size = 0;
 	do {
 		memset(keydb, 0, sizeof(struct keydb_t));
-	
-		/* Stat the file first to find out the size */	
+
+		/* Stat the file first to find out the size */
 		struct stat statbuf;
 		if (stat(filename, &statbuf) == -1) {
 			log_libc(LLVL_ERROR, "stat of %s failed", filename);
@@ -283,7 +283,7 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
 			break;
 		}
 		fclose(f);
-	
+
 		/* Copy the file's salt into the key structure so we can derive the
 		 * proper decryption key */
 		struct key_t key;
@@ -328,7 +328,7 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
 
 		/* Finally copy the decrypted linear file over to the keydb_t structure
 		 **/
-		for (unsigned int i = 0; i < plaintext_size / sizeof(struct keyentry_t); i++) {		
+		for (unsigned int i = 0; i < plaintext_size / sizeof(struct keyentry_t); i++) {
 			if (!add_keyslot(keydb)) {
 				log_msg(LLVL_FATAL, "Failed to add keyslot.");
 				success = false;
@@ -337,14 +337,14 @@ bool read_binary_keyfile(const char *filename, struct keydb_t *keydb) {
 			memcpy(last_keyentry(keydb), &plaintext[i], sizeof(struct keyentry_t));
 		}
 	} while (false);
-		
+
 	if (plaintext) {
 		memset(plaintext, 0, plaintext_size);
 		free(plaintext);
 	}
 	if (binkeyfile) {
 		memset(binkeyfile, 0, binkeyfile_size);
-		free(binkeyfile);	
+		free(binkeyfile);
 	}
 	return success;
 }
@@ -381,7 +381,7 @@ bool write_binary_keyfile(const char *filename, const struct keydb_t *keydb, con
 	for (int i = 0; i < keydb->entrycnt; i++) {
 		memcpy(&plaintext[i], &keydb->entries[i], sizeof(struct keyentry_t));
 	}
-	
+
 	/* Encrypt */
 	if (!encrypt_aes256_gcm(plaintext, payload_size, key.key, binkeyfile->iv, binkeyfile->ciphertext, binkeyfile->auth_tag)) {
 		log_libc(LLVL_FATAL, "encryption failed");
diff --git a/cmdline.c b/cmdline.c
index 371e557..2fe93e0 100644
--- a/cmdline.c
+++ b/cmdline.c
@@ -67,13 +67,13 @@ void print_syntax(const char *pgmname) {
 	fprintf(stderr, "                       manual key entry. This defaults to 5 tries.\n");
 	fprintf(stderr, "  -v, --verbose        Increase logging verbosity.\n");
 	fprintf(stderr, "\n");
-	fprintf(stderr, "luksrku version: " LUKSRKU_VERSION "\n");
+	fprintf(stderr, "luksrku version: " BUILD_REVISION "\n");
 }
 
 static void set_default_arguments(struct options_t *options) {
 	memset(options, 0, sizeof(struct options_t));
-	
-	/* Default port :-) echo -n LUKS | md5sum | cut -c -5 */ 
+
+	/* Default port :-) echo -n LUKS | md5sum | cut -c -5 */
 	options->port = 23170;
 
 	/* Default, overwritten later by fill_default_arguments() */
@@ -84,7 +84,7 @@ static void set_default_arguments(struct options_t *options) {
 }
 
 static void fill_default_arguments(struct options_t *options) {
-	/* Set default unlock count */ 
+	/* Set default unlock count */
 	if (options->unlock_cnt == -1) {
 		if (options->mode == CLIENT_MODE) {
 			options->unlock_cnt = 1;
@@ -99,7 +99,7 @@ static bool check_arguments(const struct options_t *options) {
 		fprintf(stderr, "Must specify client or server mode.\n");
 		return false;
 	}
-	
+
 	if (options->keydbfile == NULL) {
 		fprintf(stderr, "Must specify a key database file.\n");
 		return false;
@@ -140,32 +140,32 @@ bool parse_cmdline_arguments(struct options_t *options, int argc, char **argv) {
 			case 'v':
 				options->verbose = true;
 				break;
-			
+
 			case LONGOPT_MODE_SERVER:
 			case 's':
 				options->mode = SERVER_MODE;
 				break;
-			
+
 			case LONGOPT_MODE_CLIENT:
 			case 'c':
 				options->mode = CLIENT_MODE;
 				break;
-			
+
 			case LONGOPT_PORT:
 			case 'p':
 				options->port = atoi(optarg);
 				break;
-			
+
 			case LONGOPT_KEYDB:
 			case 'k':
 				options->keydbfile = optarg;
 				break;
-			
+
 			case LONGOPT_UNLOCK_CNT:
 			case 'u':
 				options->unlock_cnt = atoi(optarg);
 				break;
-	
+
 			case LONGOPT_MAX_BCAST_ERRS:
 				options->max_broadcast_errs = atoi(optarg);
 				break;
diff --git a/global.h b/global.h
index 8f0f31e..c0c0d77 100644
--- a/global.h
+++ b/global.h
@@ -30,8 +30,6 @@
 #define CLIENT_PSK_IDENTITY									"luksrku v1"
 #define CLIENT_ANNOUNCE_MAGIC								{ 0x46, 0xf2, 0xf6, 0xc6, 0x63, 0x12, 0x2e, 0x00, 0xa0, 0x8a, 0xae, 0x42, 0x0c, 0x51, 0xf5, 0x65 }
 
-#define LUKSRKU_VERSION										"0.01"
-
 /* Size in bytes of the PSK that is used for TLS */
 #define PSK_SIZE_BYTES										32