rpms/libkcapi
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'up/master' into master-riscv64

Browse Source 
Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
This commit is contained in:
David Abdurachmanov 2019-01-16 09:02:30 +01:00
commit 7aeff3989e
Signed by: davidlt
GPG Key ID: 7108702C938B13C1
10 changed files with 97 additions and 894 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
9000-fix-header-conflicts-for-kernel-v4.18.patch
View File

@ -1,24 +0,0 @@
diff --git a/lib/internal.h b/lib/internal.h
index f9df585..b237822 100644
--- a/lib/internal.h
+++ b/lib/internal.h
@@ -23,7 +23,6 @@
#define _GNU_SOURCE
#include <unistd.h>
#include <sys/syscall.h>
-#include <linux/aio_abi.h>
#include <stdint.h>
#include <fcntl.h>
#include <sys/uio.h>
@@ -35,6 +34,11 @@
#include <limits.h>
#include <stdio.h>
+/* work around aio_abi.h pulling in headers that conflict with glibc typedefs */
+#define _UAPI_LINUX_SIGNAL_H
+#define _LINUX_SIGNAL_H
+
+#include <linux/aio_abi.h>
#include <linux/if_alg.h>
#include "atomic.h"

47
libkcapi-1.1.1-Fix_possible_buffer_overflow_with_strncpy.patch
View File

@ -1,47 +0,0 @@
From 3e388ac4eba63b466bf6b14b2088ea44c8a2bfe4 Mon Sep 17 00:00:00 2001
From: Krzysztof Kozlowski <krzk@kernel.org>
Date: Thu, 12 Jul 2018 18:13:16 +0200
Subject: [PATCH] Fix possible buffer overflow with strncpy and
-Wstringop-truncation warning
If valid cipher name (to which netlink socket was bound) is longer than
CRYPTO_MAX_ALG_NAME defined in lib/cryptouser.h, then the strncpy() will
try to copy length of this cipher name into smaller buffer.
In libkcapi the CRYPTO_MAX_ALG_NAME (thus the size of the buffer) is
defined as 64 but since commit f437a3f477cc ("crypto: api - Extend
algorithm name limit to 128 bytes") in Linux kernel (v4.12), the kernel
defines it as 128.
It is error-prone to use source buffer length as limit of dst buffer.
Instead choose sizeof(dst buffer).
This also fixes the warning with GCC v8.1.0:
lib/kcapi-kernel-if.c: In function '__kcapi_common_getinfo.isra.2':
lib/kcapi-kernel-if.c:632:3: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
strncpy(req.cru.cru_name, ciphername, strlen(ciphername));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kernel-if.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
index 2481f8a..807cbfe 100644
--- a/lib/kcapi-kernel-if.c
+++ b/lib/kcapi-kernel-if.c
@@ -627,9 +627,9 @@ static int __kcapi_common_getinfo(struct kcapi_handle *handle,
if (drivername)
strncpy(req.cru.cru_driver_name, ciphername,
- strlen(ciphername));
+ sizeof(req.cru.cru_driver_name) - 1);
else
- strncpy(req.cru.cru_name, ciphername, strlen(ciphername));
+ strncpy(req.cru.cru_name, ciphername, sizeof(req.cru.cru_name) - 1);
/* talk to netlink socket */
sd = socket(AF_NETLINK, SOCK_RAW, NETLINK_CRYPTO);

523
libkcapi-1.1.1-Fix_various_issues_reported_by_Coverity.patch
View File

@ -1,523 +0,0 @@
From 4b4e7525123e236befec3168f3cecaa59f571621 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:39:32 +0200
Subject: [PATCH 01/10] apps: Check return code of fstat()
Found by Coverity.
---
apps/app-internal.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/apps/app-internal.c b/apps/app-internal.c
index 25cef80..e80c304 100644
--- a/apps/app-internal.c
+++ b/apps/app-internal.c
@@ -255,7 +255,12 @@ int read_complete(int fd, uint8_t *buf, uint32_t buflen)
int check_filetype(int fd, struct stat *sb, const char *filename)
{
- fstat(fd, sb);
+ int ret = fstat(fd, sb);
+ if (ret) {
+ dolog(KCAPI_LOG_ERR,
+ "fstat() failed: %s", strerror(errno));
+ return -errno;
+ }
/* Do not return an error in case we cannot validate the data. */
if ((sb->st_mode & S_IFMT) != S_IFREG &&
From 2ffc5a5edebee6ba4984e4ef3ffe84c9116d328a Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:45:48 +0200
Subject: [PATCH 02/10] kcapi-hasher: Fix strerror() call
strerror() expects a nonnegative error number. Here we can just pass
errno instead of decoding the error from the return value of read().
Found by Coverity.
---
apps/kcapi-hasher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 2fc3ddc..5769502 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -227,7 +227,7 @@ static int load_file(const char *filename, uint8_t **memory, uint32_t *size)
while ((rdbytes = read(fd, buffer + offset, buffer_size - offset)) != 0) {
if (rdbytes < 0) {
fprintf(stderr, "Error reading file %s: %s\n", filename,
- strerror((int)rdbytes));
+ strerror(errno));
ret = -EIO;
goto out;
}
From 1e0ef69512b1f1e7de99f812356749f5d7a09d90 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:50:36 +0200
Subject: [PATCH 03/10] kcapi-hasher: Fix fd leak in load_file()
Found by Coverity.
---
apps/kcapi-hasher.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 5769502..52fca78 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -258,6 +258,8 @@ static int load_file(const char *filename, uint8_t **memory, uint32_t *size)
*memory = buffer;
*size = (uint32_t)offset;
+
+ close(fd);
return 0;
out:
From f2eec27169c89bf0e8fb9338ed5390034c76bff4 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:53:13 +0200
Subject: [PATCH 04/10] kcapi-hasher: Fix buffer overrun in process_checkfile()
The 'buf[(bsd_style - 4)]' access on line 593 can overrun the buffer if
bsd_style is exactly 3, which can theoretically happen if the BSD-style
separator is found at the very beginning of the line. Fix this by
starting to search for the separator at index 1 (it can't really be at
index 0 anyway).
Found by Coverity.
---
apps/kcapi-hasher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 52fca78..daab735 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -544,7 +544,7 @@ static int process_checkfile(const struct hash_params *params,
break;
}
- for (i = 0; i < linelen; i++) {
+ for (i = 1; i < linelen; i++) {
/*
* Check for BSD-style separator between file name and
* hash value.
From 4ec718f46d4199510d57043a5a483cf680ec69a3 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:00:16 +0200
Subject: [PATCH 05/10] kcapi-hasher: Ensure selfname is null-terminated
Since readlink() does not null-terminate the returned string, we need to
pass BUFSIZE - 1 as the buffer size.
Found by Coverity.
---
apps/kcapi-hasher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index daab735..66bb794 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -706,7 +706,7 @@ static int fipscheck_self(const struct hash_params *params_bin,
/* Integrity check of our application. */
if (mode == SELFCHECK_CHECK || mode == SELFCHECK_PRINT_SELF) {
memset(selfname, 0, sizeof(selfname));
- selfnamesize = readlink("/proc/self/exe", selfname, BUFSIZE);
+ selfnamesize = readlink("/proc/self/exe", selfname, BUFSIZE - 1);
if (selfnamesize >= BUFSIZE || selfnamesize < 0) {
fprintf(stderr, "Cannot obtain my filename\n");
ret = -EFAULT;
From d123a3a8f3e4468ed5fd74882cc841a058fe4aff Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:05:45 +0200
Subject: [PATCH 06/10] docproc: Use correct sizeof() argument for clarity
Found by Coverity.
---
lib/doc/bin/docproc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c
index 4e52c1b..2313592 100644
--- a/lib/doc/bin/docproc.c
+++ b/lib/doc/bin/docproc.c
@@ -154,7 +154,8 @@ int symfilecnt = 0;
static void add_new_symbol(struct symfile *sym, char * symname)
{
sym->symbollist =
- realloc(sym->symbollist, (sym->symbolcnt + 1) * sizeof(char *));
+ realloc(sym->symbollist,
+ (sym->symbolcnt + 1) * sizeof(struct symbols));
sym->symbollist[sym->symbolcnt++].name = strdup(symname);
}
From 33380e413e031df50ecbd31e5280aaef76eb52a4 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:09:44 +0200
Subject: [PATCH 07/10] docproc: Fail early on malloc/realloc failures
Found by Coverity.
---
lib/doc/bin/docproc.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c
index 2313592..9a0a931 100644
--- a/lib/doc/bin/docproc.c
+++ b/lib/doc/bin/docproc.c
@@ -156,6 +156,10 @@ static void add_new_symbol(struct symfile *sym, char * symname)
sym->symbollist =
realloc(sym->symbollist,
(sym->symbolcnt + 1) * sizeof(struct symbols));
+ if (!sym->symbollist) {
+ perror("realloc");
+ exit(1);
+ }
sym->symbollist[sym->symbolcnt++].name = strdup(symname);
}
@@ -391,12 +395,20 @@ static void find_all_symbols(char *filename)
default:
close(pipefd[1]);
data = malloc(4096);
+ if (!data) {
+ perror("malloc");
+ exit(1);
+ }
do {
while ((ret = read(pipefd[0],
data + data_len,
4096)) > 0) {
data_len += ret;
data = realloc(data, data_len + 4096);
+ if (!data) {
+ perror("realloc");
+ exit(1);
+ }
}
} while (ret == -EAGAIN);
if (ret != 0) {
@@ -421,6 +433,10 @@ static void find_all_symbols(char *filename)
start = all_list_len;
all_list_len += count;
all_list = realloc(all_list, sizeof(char *) * all_list_len);
+ if (!all_list) {
+ perror("realloc");
+ exit(1);
+ }
str = data;
for (i = 0; i < (int)data_len && start != all_list_len; i++) {
if (data[i] == '\0') {
From be7c5d6d2f8c67e15aa77b24925a41ae280e1554 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:15:36 +0200
Subject: [PATCH 08/10] cryptoperf: Fix check of return value of open()
Found by Coverity.
---
speed-test/cryptoperf-base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/speed-test/cryptoperf-base.c b/speed-test/cryptoperf-base.c
index 55cd7ea..b564e19 100644
--- a/speed-test/cryptoperf-base.c
+++ b/speed-test/cryptoperf-base.c
@@ -179,7 +179,7 @@ int cp_read_random(unsigned char *buf, size_t buflen)
size_t len = 0;
fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
- if(0 >= fd)
+ if(0 > fd)
return fd;
do {
ret = read(fd, (buf + len), (buflen - len));
From 4a378fc0abba6c4e9ed648abfc2c661291d60ab6 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:30:01 +0200
Subject: [PATCH 09/10] cryptoperf: Fix buffer overrun in cp_print_status()
Found by Coverity.
---
speed-test/cryptoperf-base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/speed-test/cryptoperf-base.c b/speed-test/cryptoperf-base.c
index b564e19..c56c2ce 100644
--- a/speed-test/cryptoperf-base.c
+++ b/speed-test/cryptoperf-base.c
@@ -159,7 +159,7 @@ char *cp_print_status(struct cp_test *test, int raw)
memset(byteseconds, 0, sizeof(byteseconds));
cp_bytes2string((processed_bytes / totaltime), byteseconds,
- (VALLEN + 1));
+ VALLEN);
snprintf(str, 120, "%-24s|%s|%8lu bytes|%*s/s|%lu ops/s",
test->testname,
test->enc ? "e" : "d",
From 880b874a7304d54923471a3a5c4e8da08914a94c Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 10:05:50 +0200
Subject: [PATCH 10/10] test/cryptoperf: Check the return value of sysconf()
Found by Coverity.
---
speed-test/cryptoperf-aead.c | 10 ++++++--
speed-test/cryptoperf-skcipher.c | 8 +++++-
test/kcapi-main.c | 53 +++++++++++++++++++---------------------
3 files changed, 40 insertions(+), 31 deletions(-)
diff --git a/speed-test/cryptoperf-aead.c b/speed-test/cryptoperf-aead.c
index b2c0010..5a0446a 100644
--- a/speed-test/cryptoperf-aead.c
+++ b/speed-test/cryptoperf-aead.c
@@ -36,6 +36,12 @@ static int cp_aead_init_test(struct cp_test *test, int enc, int ccm)
unsigned char ivrand[MAX_KEYLEN];
unsigned char *ivdata = NULL;
uint32_t ivlen = 0;
+ long pagesize = sysconf(_SC_PAGESIZE);
+
+ if (pagesize < 0) {
+ printf(DRIVER_NAME": unable to determine the page size\n");
+ return -errno;
+ }
dbg("Initializing AEAD test %s\n", test->testname);
if (!test->driver_name) {
@@ -97,14 +103,14 @@ static int cp_aead_init_test(struct cp_test *test, int enc, int ccm)
test->u.aead.assoclen, TAGLEN);
}
- if (posix_memalign((void *)&input, sysconf(_SC_PAGESIZE),
+ if (posix_memalign((void *)&input, pagesize,
test->u.aead.indatalen *
(params->aio ? params->aio : 1))) {
printf(DRIVER_NAME": could not allocate input buffer for "
"%s\n", test->driver_name);
goto out;
}
- if (posix_memalign((void *)&output, sysconf(_SC_PAGESIZE),
+ if (posix_memalign((void *)&output, pagesize,
test->u.aead.outdatalen *
(params->aio ? params->aio : 1))) {
printf(DRIVER_NAME": could not allocate output buffer for "
diff --git a/speed-test/cryptoperf-skcipher.c b/speed-test/cryptoperf-skcipher.c
index a2db369..fb7123b 100644
--- a/speed-test/cryptoperf-skcipher.c
+++ b/speed-test/cryptoperf-skcipher.c
@@ -34,6 +34,12 @@ static int cp_skcipher_init_test(struct cp_test *test)
unsigned char *ivdata = NULL;
unsigned int bs;
int err;
+ long pagesize = sysconf(_SC_PAGESIZE);
+
+ if (pagesize < 0) {
+ printf(DRIVER_NAME": unable to determine the page size\n");
+ return -errno;
+ }
dbg("Initializing symmetric test %s\n", test->testname);
if (!test->driver_name) {
@@ -75,7 +81,7 @@ static int cp_skcipher_init_test(struct cp_test *test)
cp_read_random(ivdata, kcapi_cipher_blocksize(test->u.skcipher.handle));
test->u.skcipher.iv = ivdata;
- err = posix_memalign((void *)&scratchpad, sysconf(_SC_PAGESIZE),
+ err = posix_memalign((void *)&scratchpad, pagesize,
kcapi_cipher_blocksize(test->u.skcipher.handle) * params->len *
(params->aio ? params->aio : 1));
if (err) {
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index c167b7f..b0ec2ca 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -86,6 +86,8 @@ struct kcapi_cavs {
uint32_t outlen;
};
+static long pagesize;
+
static char hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
static char hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7',
@@ -808,8 +810,7 @@ static int cavs_sym(struct kcapi_cavs *cavs_test, uint32_t loops,
outbuflen = cavs_test->ctlen;
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- outbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
goto out;
memset(outbuf, 0, outbuflen);
} else {
@@ -918,12 +919,10 @@ static int cavs_sym_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
outbuflen = cavs_test->ctlen;
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- outbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
goto out;
memset(outbuf, 0, outbuflen);
- if (posix_memalign((void *)&outbuf2, sysconf(_SC_PAGESIZE),
- outbuflen))
+ if (posix_memalign((void *)&outbuf2, pagesize, outbuflen))
goto out;
memset(outbuf2, 0, outbuflen);
} else {
@@ -1072,7 +1071,7 @@ static int cavs_sym_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
return -ENOMEM;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), outbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
goto out;
memset(outbuf, 0, outbuflen);
} else {
@@ -1241,7 +1240,7 @@ static int cavs_aead(struct kcapi_cavs *cavs_test, uint32_t loops,
fullbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), fullbuflen))
+ if (posix_memalign((void *)&inbuf, pagesize, fullbuflen))
goto out;
memset(inbuf, 0, fullbuflen);
} else {
@@ -1425,8 +1424,7 @@ static int cavs_aead_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
maxbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE),
- loops * maxbuflen))
+ if (posix_memalign((void *)&inbuf, pagesize, loops * maxbuflen))
goto out;
memset(inbuf, 0, loops * maxbuflen);
} else {
@@ -1596,7 +1594,7 @@ static int cavs_aead_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
maxbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), maxbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, maxbuflen))
goto out;
memset(outbuf, 0, maxbuflen);
} else {
@@ -1830,9 +1828,9 @@ static int cavs_aead_large(int stream, uint32_t loops, int splice)
test.keylen = len / 2;
len = strlen(aad);
- if (posix_memalign((void *)&test.assoc, sysconf(_SC_PAGESIZE), (16 * sysconf(_SC_PAGESIZE))))
+ if (posix_memalign((void *)&test.assoc, pagesize, (16 * pagesize)))
goto out;
- hex2bin(aad, len, test.assoc, (sysconf(_SC_PAGESIZE) * 16));
+ hex2bin(aad, len, test.assoc, (pagesize * 16));
test.assoclen = len / 2;
test.taglen = 16;
@@ -2052,8 +2050,7 @@ static int cavs_asym(struct kcapi_cavs *cavs_test, uint32_t loops,
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- maxsize))
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize))
goto out;
memset(outbuf, 0, maxsize);
} else {
@@ -2164,11 +2161,10 @@ static int cavs_asym_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- maxsize * loops))
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize * loops))
goto out;
memset(outbuf, 0, maxsize * loops);
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE),
+ if (posix_memalign((void *)&inbuf, pagesize,
cavs_test->ptlen * loops))
goto out;
memset(outbuf, 0, cavs_test->ptlen * loops);
@@ -2294,10 +2290,10 @@ static int cavs_asym_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), maxsize * NUMIOVECS))
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize * NUMIOVECS))
goto out;
memset(outbuf, 0, maxsize);
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), inbuflen))
+ if (posix_memalign((void *)&inbuf, pagesize, inbuflen))
goto out;
memset(inbuf, 0, inbuflen);
} else {
@@ -2489,8 +2485,7 @@ static int cavs_kdf_common(struct kcapi_cavs *cavs_test, uint32_t loops)
uint32_t i = 0;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- cavs_test->outlen))
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
return -ENOMEM;
memset(outbuf, 0, cavs_test->outlen);
} else {
@@ -2571,8 +2566,7 @@ static int cavs_hkdf(struct kcapi_cavs *cavs_test, uint32_t loops)
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- cavs_test->outlen))
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
return -ENOMEM;
memset(outbuf, 0, cavs_test->outlen);
} else {
@@ -2671,8 +2665,7 @@ static int cavs_pbkdf(struct kcapi_cavs *cavs_test, uint32_t loops)
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- cavs_test->outlen))
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
return -ENOMEM;
memset(outbuf, 0, cavs_test->outlen);
} else {
@@ -2928,7 +2921,7 @@ static int kpp(struct kcapi_cavs *cavs_test, uint32_t loops, int splice)
outbuflen = ret;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), ret))
+ if (posix_memalign((void *)&outbuf, pagesize, ret))
return -ENOMEM;
memset(outbuf, 0, ret);
} else {
@@ -3001,7 +2994,7 @@ static int kpp_aio(struct kcapi_cavs *cavs_test, uint32_t loops, int splice)
outbuflen = ret;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), ret))
+ if (posix_memalign((void *)&outbuf, pagesize, ret))
return -ENOMEM;
memset(outbuf, 0, ret);
} else {
@@ -3072,6 +3065,10 @@ int main(int argc, char *argv[])
int splice = KCAPI_ACCESS_SENDMSG;
struct kcapi_cavs cavs_test;
+ pagesize = sysconf(_SC_PAGESIZE);
+ if (pagesize < 0)
+ return 1;
+
memset(&cavs_test, 0, sizeof(struct kcapi_cavs));
kcapi_set_verbosity(KCAPI_LOG_WARN);

186
libkcapi-1.1.1-kcapi-hasher_Add_missing_-d_option_to_fipshmac.patch
View File

@ -1,186 +0,0 @@
From 2a0642407dd227d24e646c170d8afd47ab917899 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 16 Jul 2018 15:17:29 +0200
Subject: [PATCH] kcapi-hasher: Add missing -d option to fipshmac
---
apps/kcapi-hasher.c | 61 ++++++++++++++++++++++++++++-------------------------
1 file changed, 32 insertions(+), 29 deletions(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 6782dbc..2fc3ddc 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -71,7 +71,7 @@ struct hash_name {
};
struct hash_key {
- const char *subdir;
+ const char *checkdir;
const uint8_t *data;
uint32_t len;
};
@@ -108,12 +108,20 @@ static const char hmaccalc_hmackey[] = "FIPS-FTW-RHT2009";
static const struct hash_key KEY_FIPSCHECK = {
.data = (const uint8_t *)fipscheck_hmackey,
.len = sizeof(fipscheck_hmackey) - 1,
- .subdir = "fipscheck",
+#ifdef CHECK_DIR
+ .checkdir = CHECK_DIR"/fipscheck",
+#else
+ .checkdir = NULL,
+#endif
};
static const struct hash_key KEY_HMACCALC = {
.data = (const uint8_t *)hmaccalc_hmackey,
.len = sizeof(hmaccalc_hmackey) - 1,
- .subdir = "hmaccalc",
+#ifdef CHECK_DIR
+ .checkdir = CHECK_DIR"/hmaccalc",
+#else
+ .checkdir = NULL,
+#endif
};
static void usage(char *name, int fipscheck)
@@ -142,7 +150,8 @@ static void usage(char *name, int fipscheck)
fprintf(stderr, "\t-k --key-file FILE\tUse HMAC key from given file\n");
fprintf(stderr, "\t-K --key KEY\t\tUse KEY as the HMAC key\n");
fprintf(stderr, "\t --tag\t\tCreate a BSD-style checksum\n");
- fprintf(stderr, "\t-b, -d, -P\t\tCompatibility hmaccalc options; ignored\n");
+ fprintf(stderr, "\t-d\t\t\tCheck directory for fipshmac; otherwise ignored\n");
+ fprintf(stderr, "\t-b, -P\t\t\tCompatibility hmaccalc options; ignored\n");
fprintf(stderr, "\t --help\t\tPrint this help text\n");
fprintf(stderr, "\t-v --version\t\tShow version\n");
}
@@ -368,7 +377,7 @@ static char *paste(char *dst, const char *src, size_t size)
* return: NULL when malloc failed, a pointer that the caller must free
* otherwise.
*/
-static char *get_hmac_file(const char *filename, const char *subdir)
+static char *get_hmac_file(const char *filename, const char *checkdir)
{
size_t i, filelen, pathlen, namelen, basenamestart = 0;
size_t prefixlen = strlen(CHECK_PREFIX);
@@ -386,12 +395,7 @@ static char *get_hmac_file(const char *filename, const char *subdir)
}
namelen = filelen - basenamestart;
-#ifdef CHECK_DIR
- pathlen = strlen(CHECK_DIR"/") + strlen(subdir) + 1;
-#else
- (void)subdir; // avoid parameter unused warning
- pathlen = basenamestart;
-#endif
+ pathlen = checkdir ? strlen(checkdir) + 1 : basenamestart;
checkfile = malloc(pathlen + namelen + prefixlen + 1 /* "." */ +
suffixlen + 1 /* null character */);
@@ -399,14 +403,12 @@ static char *get_hmac_file(const char *filename, const char *subdir)
return NULL;
cursor = checkfile;
-#ifdef CHECK_DIR
- cursor = paste(cursor, CHECK_DIR"/", strlen(CHECK_DIR"/"));
- cursor = paste(cursor, subdir, strlen(subdir));
- cursor = paste(cursor, "/", 1);
-#else
- if (pathlen > 0)
+ if (checkdir) {
+ cursor = paste(cursor, checkdir, strlen(checkdir));
+ cursor = paste(cursor, "/", 1);
+ } else if (pathlen > 0)
cursor = paste(cursor, filename, pathlen);
-#endif
+
cursor = paste(cursor, CHECK_PREFIX, prefixlen);
cursor = paste(cursor, filename + basenamestart, namelen);
cursor = paste(cursor, "."CHECK_SUFFIX, 1 + suffixlen);
@@ -417,7 +419,7 @@ static char *get_hmac_file(const char *filename, const char *subdir)
static int hash_files(const struct hash_params *params,
char *filenames[], uint32_t files,
- int fipshmac, int just_print)
+ int fipshmac, const char *checkdir, int just_print)
{
struct kcapi_handle *handle;
const char *hashname = params->name.kcapiname;
@@ -446,9 +448,7 @@ static int hash_files(const struct hash_params *params,
const char *filename = filenames[i];
if (fipshmac) {
- char *outfile = get_hmac_file(filenames[i],
- params->key.subdir);
-
+ char *outfile = get_hmac_file(filenames[i], checkdir);
if (!outfile) {
fprintf(stderr,
"Cannot create HMAC file name\n");
@@ -712,11 +712,11 @@ static int fipscheck_self(const struct hash_params *params_bin,
}
if (mode == SELFCHECK_PRINT_SELF) {
- ret = hash_files(params_bin, names, 1, 0, 1);
+ ret = hash_files(params_bin, names, 1, 0, NULL, 1);
goto out;
}
- checkfile = get_hmac_file(selfname, params_bin->key.subdir);
+ checkfile = get_hmac_file(selfname, params_bin->key.checkdir);
if (!checkfile) {
ret = -ENOMEM;
goto out;
@@ -750,13 +750,13 @@ static int fipscheck_self(const struct hash_params *params_bin,
strncpy(selfname, info.dli_fname, (sizeof(selfname) - 1));
if (mode == SELFCHECK_PRINT_LIB) {
- ret = hash_files(params_lib, names, 1, 0, 1);
+ ret = hash_files(params_lib, names, 1, 0, NULL, 1);
goto out;
}
if (checkfile)
free(checkfile);
- checkfile = get_hmac_file(selfname, params_lib->key.subdir);
+ checkfile = get_hmac_file(selfname, params_lib->key.checkdir);
if (!checkfile) {
ret = -ENOMEM;
goto out;
@@ -799,6 +799,7 @@ int main(int argc, char *argv[])
char *checkfile = NULL;
const char *targetfile = NULL;
+ const char *checkdir = NULL;
uint8_t *hmackey_alloc = NULL;
uint8_t *hmackey_mmap = NULL;
int opt_index = 0;
@@ -1055,8 +1056,10 @@ int main(int argc, char *argv[])
version(argv[0]);
ret = 0;
goto out;
- case 'b':
case 'd':
+ checkdir = optarg;
+ break;
+ case 'b':
case 'P':
/* Compatibility options, just ignore */
break;
@@ -1110,7 +1113,7 @@ int main(int argc, char *argv[])
targetfile = argv[optind];
if (checkfile)
free(checkfile);
- checkfile = get_hmac_file(targetfile, params.key.subdir);
+ checkfile = get_hmac_file(targetfile, params.key.checkdir);
if (!checkfile) {
ret = 1;
goto out;
@@ -1120,7 +1123,7 @@ int main(int argc, char *argv[])
if (!checkfile)
ret = hash_files(&params, argv + optind, (argc - optind),
- fipshmac, 0);
+ fipshmac, checkdir, 0);
else if (optind == argc)
ret = process_checkfile(&params, checkfile, targetfile, loglevel);
else {

34
libkcapi-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch
View File

@ -1,34 +0,0 @@
From 912ab6d55ef5af594d22d01a39cf7e035c797335 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 11 Jul 2018 09:42:26 +0200
Subject: [PATCH] kcapi-hasher: Fix command-line parsing
I made a mistake in commit 3be3e18d4a2e ("kcapi-hasher: Allow picking
basename via cmdline"), which apparently broke command-line parsing when
the '-n' options is not used. This patch fixes the issue by resetting
the right variable and also silences error messages when checking for
the '-n' option.
Fedora BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1599831
---
apps/kcapi-hasher.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index ae88211..90707a6 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -841,10 +841,12 @@ int main(int argc, char *argv[])
}
basen = basename(basec);
+ opterr = 0;
if (getopt_long(argc, argv, opts_name_short, opts_name, &opt_index) == 'n')
basen = optarg;
else
- opt_index = 0;
+ optind = 1;
+ opterr = 1;
params_self = &PARAMS_SELF_FIPSCHECK;
if (0 == strncmp(basen, "sha256sum", 9)) {

29
libkcapi-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch
View File

@ -1,29 +0,0 @@
From 94c8277dd8fbd2193cb3804c304e965c9238951d Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 11 Jul 2018 14:41:14 +0200
Subject: [PATCH] kcapi-hasher: Fix off-by-one error
There was an off-by-one error in process_checkfile() that caused the
hasher to misparse checkfiles that contain only the hash (for
self-check).
---
apps/kcapi-hasher.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index ae88211..00f0373 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -514,8 +514,11 @@ static int process_checkfile(const struct hash_params *params,
uint32_t i;
uint32_t bsd_style = 0; // >0 if --tag formatted style
+ if (linelen == 0)
+ break;
+
/* remove trailing CR and reduce buffer length */
- for (i = linelen; i > 0; i--) {
+ for (i = linelen - 1; i > 0; i--) {
if (!isprint(buf[i])) {
buf[i] = '\0';
linelen--;

34
libkcapi-1.1.1-test_Be_sure_to_terminate_strncpy_copied_string.patch
View File

@ -1,34 +0,0 @@
From a10e5ff7f8f69e1ed5cd4151f3e71f4783c40c68 Mon Sep 17 00:00:00 2001
From: Krzysztof Kozlowski <krzk@kernel.org>
Date: Thu, 12 Jul 2018 18:13:32 +0200
Subject: [PATCH] test: Be sure to terminate strncpy() copied string
(-Wstringop-truncation)
strncpy() might not NULL-terminate the buffer. This fixes GCC v8.1.0 warning:
test/kcapi-main.c: In function 'main':
test/kcapi-main.c:3123:5: error: 'strncpy' specified bound 63 equals destination size [-Werror=stringop-truncation]
strncpy(cavs_test.cipher, optarg,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CIPHERMAXNAME);
~~~~~~~~~~~~~~
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/kcapi-main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index 8352499..c167b7f 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -3121,7 +3121,7 @@ int main(int argc, char *argv[])
break;
case 'c':
strncpy(cavs_test.cipher, optarg,
- CIPHERMAXNAME);
+ CIPHERMAXNAME - 1);
break;
case 'p':
len = strlen(optarg);

86
libkcapi.spec
View File

@ -1,7 +1,7 @@
# Shared object version of libkcapi.
%global vmajor 1
%global vminor 1
%global vpatch 1
%global vpatch 3
# Do we build the replacements packages?
%bcond_with replace_coreutils
@ -12,6 +12,11 @@
%else
%bcond_with replace_hmaccalc
%endif
%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8
%bcond_without test_package
%else
%bcond_with test_package
%endif
# This package needs at least Linux Kernel v4.10.0.
%global min_kernel_ver 4.10.0
@ -92,7 +97,7 @@ bin/kcapi-hasher -n fipshmac -d "$lib_path"/fipscheck \\\
Name: libkcapi
Version: %{vmajor}.%{vminor}.%{vpatch}
Release: 7.0.riscv64%{?dist}
Release: 1.0.riscv64%{?dist}
Summary: User space interface to the Linux Kernel Crypto API
License: BSD or GPLv2
@ -100,18 +105,6 @@ URL: http://www.chronox.de/%{name}.html
Source0: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
Patch0: %{giturl}/pull/60.patch#/%{name}-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch
Patch1: %{giturl}/pull/61.patch#/%{name}-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch
Patch2: %{giturl}/pull/64.patch#/%{name}-1.1.1-kcapi-hasher_Add_missing_-d_option_to_fipshmac.patch
Patch3: %{giturl}/commit/3e388ac4eba63b466bf6b14b2088ea44c8a2bfe4.patch#/%{name}-1.1.1-Fix_possible_buffer_overflow_with_strncpy.patch
Patch4: %{giturl}/commit/a10e5ff7f8f69e1ed5cd4151f3e71f4783c40c68.patch#/%{name}-1.1.1-test_Be_sure_to_terminate_strncpy_copied_string.patch
Patch5: %{giturl}/pull/65.patch#/%{name}-1.1.1-Fix_various_issues_reported_by_Coverity.patch
# Workaround for failing builds on rawhide (F29).
# To be removed when this issue is patched in the kernel:
# https://github.com/smuellerDD/libkcapi/issues/59
Patch9000: 9000-fix-header-conflicts-for-kernel-v4.18.patch
%ifnarch riscv64
BuildRequires: clang
%endif
@ -124,6 +117,7 @@ BuildRequires: hardlink
BuildRequires: kernel-headers >= %{min_kernel_ver}
BuildRequires: libtool
BuildRequires: openssl
BuildRequires: perl
BuildRequires: systemd
BuildRequires: xmlto
@ -231,6 +225,26 @@ tools to use message digests, symmetric ciphers and random number
generators implemented in the Linux kernel from command line.
%if %{with test_package}
%package tests
Summary: Testing scripts for the %{name} package
Requires: %{name}%{?_isa} == %{version}-%{release}
Requires: %{name}-tools%{?_isa} == %{version}-%{release}
%if %{with replace_hmaccalc}
Requires: %{name}-hmaccalc%{?_isa} == %{version}-%{release}
%endif
%if %{with replace_coreutils}
Requires: %{name}-checksum%{?_isa} == %{version}-%{release}
%endif
Requires: coreutils
Requires: openssl
Requires: perl
%description tests
Auxiliary scripts for testing %{name}.
%endif
%prep
%autosetup -p 1 -S git
@ -287,6 +301,7 @@ EOF
--enable-kcapi-test \
--enable-shared \
--enable-static \
--enable-sum-prefix= \
--enable-sum-dir=/%{_lib} \
--with-pkgconfigdir=%{_libdir}/pkgconfig
%make_build all doc
@ -424,10 +439,51 @@ popd
%{_bindir}/kcapi*
%{_mandir}/man1/kcapi*.1.*
%if %{with test_package}
%files tests
%{_libexecdir}/%{name}/*
%endif
%changelog
* Wed Jul 25 2018 David Abdurachmanov <david.abdurachmanov@gmail.com> - 1.1.1-7.0.riscv64
* Wed Jan 16 2019 David Abdurachmanov <david.abdurachmanov@gmail.com> - 1.1.3-1.0.riscv64
- Disable Clang for RISC-V (riscv64)
* Thu Aug 23 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.3-1
- Update to upstream version 1.1.3
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-16
- Add missing dependencies to the tests package
- Update patch from upstream
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-15
- Build and tests require perl
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-14
- Add missing script to the 'tests' package
* Wed Aug 08 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-13
- Add missing requires to the 'tests' subpackage
* Tue Aug 07 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-12
- Produce a subpackage with test scripts
- Build the 'tests' subpackage conditionally
* Wed Aug 01 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-11
- Add patch to fix unwanted closing of FD 0
* Tue Jul 31 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-10
- Remove the kernel headers workaround
* Fri Jul 27 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.1.1-9
- Rebuild for new binutils
* Fri Jul 27 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-8
- Add more Coverity fixes from upstream
- Add patch to fix AEAD fuzz test for BE arches
- Fixup specfile
* Mon Jul 23 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-7
- Add various fixes from upstream
- Drop the Requires on kernel package

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (libkcapi-1.1.1.tar.xz) = 245740660a78e8581dfc3d5272f6a27396ef6ec987b25ee86b517979bf3d8bba2dd9c8a35ab8ddb6e370d7f5a346f0940fcc59f815adb9c44530ff2d7dfe0b4e
SHA512 (libkcapi-1.1.1.tar.xz.asc) = 4aaa34b60ef13ae4fae4e29e5f8e0d71f3ba9d63141508787e52fb96974b0b477d3433109470fc3cca46b67434cca667135a3d4682f4b161b28cf2f37091b6a1
SHA512 (libkcapi-1.1.3.tar.xz) = 7d7967661045bf5ea6c332a35c609ddb73d483607ea6599127316c87b5393f0e4165cf5c7bface76c87545b4297ffa26926f4a228f8694b85d7cac30ecc2abf0
SHA512 (libkcapi-1.1.3.tar.xz.asc) = f73067c94cc7f073f2399896116421a6c80412eedc7177ef308792ce7f69b6df42b03695df85b1fabe4204fb5eeed2cc3535625a82c3871b8330d85888dae96f

24
tests/tests.yml Normal file
View File

@ -0,0 +1,24 @@
- hosts: localhost
tags:
- classic
- container
- atomic
roles:
- role: standard-test-basic
required_packages:
- libkcapi-tests
tests:
- upstream-basic-test:
run: /usr/libexec/libkcapi/test.sh
- upstream-enc-test:
run: /usr/libexec/libkcapi/kcapi-enc-test.sh
- upstream-enc-test-large:
run: /usr/libexec/libkcapi/kcapi-enc-test-large.sh
- upstream-dgst-test:
run: /usr/libexec/libkcapi/kcapi-dgst-test.sh
- upstream-hasher-test:
run: /usr/libexec/libkcapi/hasher-test.sh
- upstream-convenience-test:
run: /usr/libexec/libkcapi/kcapi-convenience.sh
- upstream-fuzz-test:
run: /usr/libexec/libkcapi/kcapi-fuzz-test.sh