- updated to 4.0.1 (#2044178)

- Resolves: #2044178 #2044174
This commit is contained in:
Dan Horák 2022-05-12 11:47:37 +02:00
parent 7aa958eb58
commit 573d552172
4 changed files with 372 additions and 650 deletions

View File

@ -1,646 +0,0 @@
From 977fe8ac713f9ff3101ce9882e23d0183fb46ec8 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Wed, 15 Dec 2021 16:29:57 +0100
Subject: [libica PATCH 01/10] RSA: limit RSA key length to 4096
CEX adapters support RSA up to 4096 bits. Although RSA key generation
in libica is done via openssl, and therefore even greater key lengths
would be supported, such keys could not be processed on CEX adapters
afterwards. With the removal of sw fallbacks this is now a hard
restriction.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
include/ica_api.h | 4 ++++
src/ica_api.c | 13 ++++++++++++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/include/ica_api.h b/include/ica_api.h
index ce27261..6137c4a 100644
--- a/include/ica_api.h
+++ b/include/ica_api.h
@@ -1291,6 +1291,7 @@ int ica_ed448_ctx_del(ICA_ED448_CTX **ctx);
*
* @return 0 if successful.
* EINVAL if at least one invalid parameter is given.
+ * EPERM if modulus bit length is greater than 4096 (CEX adapter restriction).
* EFAULT if OpenSSL key generation should fail.
*/
ICA_EXPORT
@@ -1319,6 +1320,7 @@ unsigned int ica_rsa_key_generate_mod_expo(ica_adapter_handle_t adapter_handle,
*
* @return 0 if successful.
* EINVAL if at least one invalid parameter is given.
+ * EPERM if modulus bit length is greater than 4096 (CEX adapter restriction).
* EFAULT if OpenSSL key generation should fail.
*/
ICA_EXPORT
@@ -1346,6 +1348,7 @@ unsigned int ica_rsa_key_generate_crt(ica_adapter_handle_t adapter_handle,
*
* @return 0 if successful.
* EINVAL if at least one invalid parameter is given.
+ * EPERM if key bit length is greater than 4096 (CEX adapter restriction).
* ENOMEM if memory allocation fails.
* EIO if the operation fails. This should never happen.
*/
@@ -1375,6 +1378,7 @@ unsigned int ica_rsa_mod_expo(ica_adapter_handle_t adapter_handle,
*
* @return 0 if successful.
* EINVAL if at least one invalid parameter is given.
+ * EPERM if key bit length is greater than 4096 (CEX adapter restriction).
* ENOMEM if memory allocation fails.
* EIO if the operation fails. This should never happen.
*/
diff --git a/src/ica_api.c b/src/ica_api.c
index 445b0ab..a412052 100644
--- a/src/ica_api.c
+++ b/src/ica_api.c
@@ -52,6 +52,8 @@
#define MAX_VERSION_LENGTH 16
+#define MAX_RSA_KEY_BITS 4096
+
#ifndef NO_SW_FALLBACKS
int ica_fallbacks_enabled = 1;
#else
@@ -1071,9 +1073,12 @@ unsigned int ica_rsa_key_generate_mod_expo(ica_adapter_handle_t adapter_handle,
/* Keys should comply with modulus_bit_length */
if ((modulus_bit_length + 7) / 8 != public_key->key_length)
return EINVAL;
- /* Minimum length for public exponent is sizeof(unsigned long) */
+ /* Minimum key length is sizeof(unsigned long) */
if (public_key->key_length < sizeof(unsigned long))
return EINVAL;
+ /* Max key bit length is 4096 because of CEX adapter restriction */
+ if (modulus_bit_length > MAX_RSA_KEY_BITS)
+ return EPERM;
/* OpenSSL takes only exponents of type unsigned long, so we have to
* be sure that we give a value of the right size to OpenSSL.
@@ -1111,6 +1116,8 @@ unsigned int ica_rsa_key_generate_crt(ica_adapter_handle_t adapter_handle,
return EINVAL;
if (public_key->key_length < sizeof(unsigned long))
return EINVAL;
+ if (modulus_bit_length > MAX_RSA_KEY_BITS)
+ return EPERM;
num_ignored_bytes = public_key->key_length - sizeof(unsigned long);
public_exponent = public_key->exponent;
@@ -1145,6 +1152,8 @@ unsigned int ica_rsa_mod_expo(ica_adapter_handle_t adapter_handle,
if (rsa_key->key_length < sizeof(unsigned long))
return EINVAL;
+ if (rsa_key->key_length * 8 > MAX_RSA_KEY_BITS)
+ return EPERM;
/* fill driver structure */
rb.inputdata = (unsigned char *)input_data;
@@ -1264,6 +1273,8 @@ unsigned int ica_rsa_crt(ica_adapter_handle_t adapter_handle,
if (rsa_key->key_length < sizeof(unsigned long))
return EINVAL;
+ if (rsa_key->key_length * 8 > MAX_RSA_KEY_BITS)
+ return EPERM;
/* fill driver structure */
rb.inputdata = (unsigned char *)input_data;
--
2.34.1
From 553977ef505b43c7d17056369ed518a971d43d68 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 5 Jan 2022 09:07:51 +0100
Subject: [libica PATCH 02/10] ECC: fix memory leaks in make_eckey()
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/s390_ecc.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/src/s390_ecc.c b/src/s390_ecc.c
index bb13944..af121b0 100644
--- a/src/s390_ecc.c
+++ b/src/s390_ecc.c
@@ -146,12 +146,12 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen)
EC_GROUP *group = NULL;
EC_POINT *point = NULL;
BIGNUM *bn_priv = NULL;
- unsigned char *pub_key = NULL;
- unsigned int pub_key_len;
- point_conversion_form_t form;
#if !OPENSSL_VERSION_PREREQ(3, 0)
EC_KEY *ec_key;
#else
+ unsigned char *pub_key = NULL;
+ unsigned int pub_key_len;
+ point_conversion_form_t form;
OSSL_PARAM_BLD *tmpl = NULL;
int rc;
#endif
@@ -175,18 +175,13 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen)
goto err;
}
- form = EC_GROUP_get_point_conversion_form(group);
- pub_key_len = EC_POINT_point2buf(group, point, form, &pub_key, NULL);
- if (pub_key_len == 0) {
- goto err;
- }
-
#if !OPENSSL_VERSION_PREREQ(3, 0)
ec_key = EC_KEY_new_by_curve_name(nid);
if (ec_key == NULL) {
goto err;
}
+ EC_POINT_free(point);
point = EC_POINT_new(EC_KEY_get0_group(ec_key));
if (point == NULL) {
goto err;
@@ -209,6 +204,11 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen)
}
#else
+ form = EC_GROUP_get_point_conversion_form(group);
+ pub_key_len = EC_POINT_point2buf(group, point, form, &pub_key, NULL);
+ if (pub_key_len == 0) {
+ goto err;
+ }
tmpl = OSSL_PARAM_BLD_new();
if (tmpl == NULL) {
@@ -243,6 +243,8 @@ err:
#else
if (tmpl)
OSSL_PARAM_BLD_free(tmpl);
+ if (pub_key)
+ OPENSSL_free(pub_key);
#endif
if (ok)
--
2.34.1
From b41addd200c0938c6c10202da08ad5f7df940e18 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 5 Jan 2022 09:15:58 +0100
Subject: [libica PATCH 03/10] ECC: Avoid recursive loop in ec_key_check() with
OpenSSL 3.0
Use libica's OpenSSL library context in ec_key_check(), otherwise
calling EVP_PKEY_fromdata() in build_pkey_from_params() may cause
a recursive loop, when a provider is used that calls ica_ec_key_init()
(and thus ec_key_check()) within its key import function.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/s390_ecc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/s390_ecc.c b/src/s390_ecc.c
index af121b0..c0c1549 100644
--- a/src/s390_ecc.c
+++ b/src/s390_ecc.c
@@ -2458,6 +2458,8 @@ int ec_key_check(ICA_EC_KEY *ica_key)
BIGNUM *d = NULL, *x = NULL, *y = NULL;
int privlen, rc = EINVAL;
+ BEGIN_OPENSSL_LIBCTX(openssl_libctx, rc);
+
if (!ica_key)
goto done;
@@ -2489,6 +2491,7 @@ done:
if (privkey)
EVP_PKEY_free(privkey);
+ END_OPENSSL_LIBCTX(rc);
return rc;
}
--
2.34.1
From 6031ec80a5ada52609822fed4a6bd2cccafe5563 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 5 Jan 2022 09:26:26 +0100
Subject: [libica PATCH 04/10] RSA: Fix memory leaks in
rsa_key_generate_mod_expo()/crt()
Also fix a compiler warning in rsa_key_generate().
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/s390_rsa.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/s390_rsa.c b/src/s390_rsa.c
index 360c374..cea2ba2 100644
--- a/src/s390_rsa.c
+++ b/src/s390_rsa.c
@@ -128,7 +128,8 @@ EVP_PKEY* rsa_key_generate(unsigned int modulus_bit_length,
} while (*public_exponent <= 2 || !(*public_exponent % 2));
}
- e = BN_bin2bn(public_exponent, sizeof(unsigned long), NULL);
+ e = BN_bin2bn((const unsigned char *)public_exponent,
+ sizeof(unsigned long), NULL);
if (e == NULL) {
goto done;
}
@@ -259,6 +260,8 @@ err:
#if !OPENSSL_VERSION_PREREQ(3, 0)
RSA_free(rsa);
#else
+ BN_free(n);
+ BN_free(d);
EVP_PKEY_free(pkey);
#endif
@@ -410,6 +413,12 @@ err:
#if !OPENSSL_VERSION_PREREQ(3, 0)
RSA_free(rsa);
#else
+ BN_free(n);
+ BN_free(p);
+ BN_free(q);
+ BN_free(dmp1);
+ BN_free(dmq1);
+ BN_free(iqmp);
EVP_PKEY_free(pkey);
#endif
--
2.34.1
From b49cf457659a4baf382b3828d89823497bb00f6e Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Thu, 13 Jan 2022 10:42:02 +0100
Subject: [libica PATCH 05/10] EC: Handle unsupported EC curve in
ica_ec_key_new()
In case of an unsupported curve nid, privlen_from_nid() returns -1.
The subsequent calloc() will fail with a size of -3 (0xfffffffffffffffd).
Also free the already allocated key in case of an error to avoid a
memory leak.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/ica_api.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/ica_api.c b/src/ica_api.c
index a412052..0a885e2 100644
--- a/src/ica_api.c
+++ b/src/ica_api.c
@@ -1336,9 +1336,15 @@ ICA_EC_KEY* ica_ec_key_new(unsigned int nid, unsigned int *privlen)
/* allocate clear memory for the 3 key parts */
len = privlen_from_nid(nid);
+ if (len <= 0) {
+ free(key);
+ return NULL;
+ }
key->X = calloc(1, 3*len);
- if (!key->X)
+ if (!key->X) {
+ free(key);
return NULL;
+ }
key->nid = nid;
key->Y = key->X + len;
--
2.34.1
From 7e6e303e6aef019047eb6dfcdedbfe7da2a88526 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Tue, 11 Jan 2022 16:04:15 +0100
Subject: [libica PATCH 06/10] Compute HMAC from installed library
The HMAC hash was computed from the libica in the build tree, but
the runtime check is run against the installed libica and those 2
files may be different. E.g. if the runtime one has debuginfo stripped
(and placed into a separate file), the hashes are different.
This commit introduces a new make target: fipsinstall, which creates
the HMAC files in the install directory.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
Makefile.am | 9 ++++-----
src/Makefile.am | 8 +++++++-
2 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 2d8ab9e..e14abb5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -17,11 +17,8 @@ coverage: check
cd ${top_builddir}/src && gcov .libs/*.gcda
if ICA_FIPS
-install-data-hook:
- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica.so.$(VERSION).hmac $(DESTDIR)$(libdir)
- cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION).hmac .libica.so.$(MAJOR).hmac
- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION).hmac $(DESTDIR)$(libdir)
- cd $(DESTDIR)$(libdir) && ln -sf .libica-cex.so.$(VERSION).hmac .libica-cex.so.$(MAJOR).hmac
+fipsinstall:
+ $(AM_V_GEN)$(MAKE) -C src fipsinstall
if ICA_OPENSSL3
test -f $(DESTDIR)$(sysconfdir)/libica || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/libica
test -f $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || $(INSTALL) -m 644 ${top_builddir}/src/openssl3-fips.cnf $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || true
@@ -38,3 +35,5 @@ if ICA_OPENSSL3
endif
endif
+.PHONY: fipsinstall
+
diff --git a/src/Makefile.am b/src/Makefile.am
index c630048..4c92c96 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -47,6 +47,12 @@ mp.S : mp.pl
./mp.pl mp.S
if ICA_FIPS
+fipsinstall:
+ $(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica.so.$(VERSION1).hmac
+ $(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
+ $(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica-cex.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica-cex.so.$(VERSION1).hmac
+ $(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
+
hmac-file-lnk: hmac-file
$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
@@ -110,4 +116,4 @@ internal_tests_ec_internal_test_SOURCES = \
include/rng.h ../test/testcase.h
endif
-.PHONY: hmac-file hmac-file-lnk
+.PHONY: hmac-file hmac-file-lnk fipsinstall
--
2.34.1
From 28fa931bed9e6847137829952a3e7cc6091bd071 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Mon, 24 Jan 2022 10:24:44 +0100
Subject: [libica PATCH 07/10] Fix compile warnings
... like potentially uninitialized variables or unused functions.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/fips.c | 4 ++--
src/ica_api.c | 2 +-
src/s390_ecc.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/fips.c b/src/fips.c
index 934f6f7..505dd0b 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -1304,8 +1304,8 @@ rsa_kat(void)
ica_adapter_handle_t ah;
const struct rsa_tv *tv;
size_t i, keylen, crtparamlen;
- unsigned char *out;
- libica_func_list_element* libica_func_list;
+ unsigned char *out = NULL;
+ libica_func_list_element* libica_func_list = NULL;
unsigned int count;
if (ica_open_adapter(&ah))
diff --git a/src/ica_api.c b/src/ica_api.c
index 0a885e2..a10e139 100644
--- a/src/ica_api.c
+++ b/src/ica_api.c
@@ -90,6 +90,7 @@ void ica_set_stats_mode(int stats_mode)
ica_stats_enabled = stats_mode ? 1 : 0;
}
+#ifndef NO_CPACF
#ifdef ICA_FIPS
static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) {
if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LEN64)
@@ -101,7 +102,6 @@ static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) {
}
#endif
-#ifndef NO_CPACF
static unsigned int check_des_parms(unsigned int mode,
unsigned long data_length,
const unsigned char *in_data,
diff --git a/src/s390_ecc.c b/src/s390_ecc.c
index c0c1549..211db01 100644
--- a/src/s390_ecc.c
+++ b/src/s390_ecc.c
@@ -147,7 +147,7 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen)
EC_POINT *point = NULL;
BIGNUM *bn_priv = NULL;
#if !OPENSSL_VERSION_PREREQ(3, 0)
- EC_KEY *ec_key;
+ EC_KEY *ec_key = NULL;
#else
unsigned char *pub_key = NULL;
unsigned int pub_key_len;
@@ -262,7 +262,7 @@ static EVP_PKEY *make_public_eckey(int nid, unsigned char *pubkey, size_t publen
{
int ok = 0;
#if !OPENSSL_VERSION_PREREQ(3, 0)
- EC_KEY *ec_key;
+ EC_KEY *ec_key = NULL;
#else
OSSL_PARAM_BLD *tmpl = NULL;
int rc;
--
2.34.1
From cc44f18383ec6dc01a05abd6c25a1dec8efe84cb Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Mon, 24 Jan 2022 10:32:47 +0100
Subject: [libica PATCH 08/10] Fix memory leaks in test programs
When configured with --enable-sanitizer some tests fail because
the address sanitizer reports memory leaks.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
test/ec_keygen_test.c | 6 +++++-
test/ecdh_test.c | 13 ++++++++++++-
test/ecdsa_test.c | 3 +++
test/icastats_test.c.in | 1 +
4 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/test/ec_keygen_test.c b/test/ec_keygen_test.c
index 43c6092..0445c41 100644
--- a/test/ec_keygen_test.c
+++ b/test/ec_keygen_test.c
@@ -115,6 +115,8 @@ int main(int argc, char **argv)
rc = ica_ec_key_generate(adapter_handle, eckey);
if (rc) {
+ ica_ec_key_free(eckey);
+ eckey = NULL;
if (rc == EPERM) {
V_(printf("Curve %d not supported on this system, skipping ...\n", eckeygen_tests[i].nid));
continue;
@@ -156,12 +158,14 @@ int main(int argc, char **argv)
}
}
}
+
+ ica_ec_key_free(eckey);
+ eckey = NULL;
}
if (test_failed)
errors++;
- ica_ec_key_free(eckey);
unset_env_icapath();
}
diff --git a/test/ecdh_test.c b/test/ecdh_test.c
index 9a81036..e1191d0 100644
--- a/test/ecdh_test.c
+++ b/test/ecdh_test.c
@@ -339,6 +339,8 @@ int main(int argc, char **argv)
rc = ica_ec_key_init(ecdh_kats[i].xa, ecdh_kats[i].ya, ecdh_kats[i].da, eckey_A);
if (rc != 0) {
+ ica_ec_key_free(eckey_A);
+ eckey_A = NULL;
if (rc == EPERM) {
V_(printf("Curve %d not supported on this system, skipping ...\n", ecdh_kats[i].nid));
continue;
@@ -350,11 +352,18 @@ int main(int argc, char **argv)
}
eckey_B = ica_ec_key_new(ecdh_kats[i].nid, &privlen);
- if (!eckey_B)
+ if (!eckey_B) {
+ ica_ec_key_free(eckey_A);
+ eckey_A = NULL;
continue;
+ }
rc = ica_ec_key_init(ecdh_kats[i].xb, ecdh_kats[i].yb, ecdh_kats[i].db, eckey_B);
if (rc != 0) {
+ ica_ec_key_free(eckey_B);
+ eckey_B = NULL;
+ ica_ec_key_free(eckey_A);
+ eckey_A = NULL;
if (rc == EPERM) {
V_(printf("Curve %d not supported on this system, skipping ...\n", ecdh_kats[i].nid));
continue;
@@ -415,7 +424,9 @@ int main(int argc, char **argv)
errors++;
ica_ec_key_free(eckey_A);
+ eckey_A = NULL;
ica_ec_key_free(eckey_B);
+ eckey_B = NULL;
unset_env_icapath();
}
diff --git a/test/ecdsa_test.c b/test/ecdsa_test.c
index 3b6bda3..2393882 100644
--- a/test/ecdsa_test.c
+++ b/test/ecdsa_test.c
@@ -225,6 +225,8 @@ int main(int argc, char **argv)
rc = ica_ec_key_init(ecdsa_kats[i].x, ecdsa_kats[i].y, ecdsa_kats[i].d, eckey);
if (rc != 0) {
+ ica_ec_key_free(eckey);
+ eckey = NULL;
if (rc == EPERM) {
V_(printf("Curve %d not supported on this system, skipping ...\n", ecdsa_kats[i].nid));
continue;
@@ -274,6 +276,7 @@ int main(int argc, char **argv)
errors++;
ica_ec_key_free(eckey);
+ eckey = NULL;
unset_env_icapath();
}
diff --git a/test/icastats_test.c.in b/test/icastats_test.c.in
index 98905a9..f0d1212 100644
--- a/test/icastats_test.c.in
+++ b/test/icastats_test.c.in
@@ -186,6 +186,7 @@ int is_crypto_card_loaded()
}
if((c = fgetc(file)) == '1'){
fclose(file);
+ closedir(sysDir);
return 1;
}
fclose(file);
--
2.34.1
From 9c6431f49a9fe0d574722954e018b4cba6ab085b Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Mon, 24 Jan 2022 14:33:57 +0100
Subject: [libica PATCH 09/10] FIPS: Calculation of library HMAC may fail
Initialize length variable before calling EVP_DigestSignFinal().
If hlen is uninitialized it may cause EVP_DigestSignFinal() to fail.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/fips.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/fips.c b/src/fips.c
index 505dd0b..129a1a7 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -333,6 +333,7 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
}
}
+ hlen = sizeof(rbuf);
if (EVP_DigestSignFinal(mdctx, rbuf, &hlen) <= 0)
goto end;
--
2.34.1
From 5aa9366c236a6d17570403ef81c65e4f5f91a8af Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 26 Jan 2022 09:29:27 +0100
Subject: [libica PATCH 10/10] MAKEFILE: Do not install ec_internal_test
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 4c92c96..d6f5c52 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -90,7 +90,7 @@ icastats_SOURCES = icastats.c icastats_shared.c include/icastats.h
# internal tests
if ICA_INTERNAL_TESTS
-bin_PROGRAMS += internal_tests/ec_internal_test
+noinst_PROGRAMS = internal_tests/ec_internal_test
internal_tests_ec_internal_test_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include \
-I${srcdir}/../include \
--
2.34.1

364
libica-4.0.1-fixes.patch Normal file
View File

@ -0,0 +1,364 @@
From c9867893f8d37381b522d8c3f371bec487805f9e Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Thu, 31 Mar 2022 16:55:03 +0200
Subject: [libica PATCH 1/5] OpenSSL 3.0: Cleanup OpenSSL library context
during OpenSSL cleanup
Usually libica's own library context is freed in the library destructor
when the library is unloaded (i.e. during exit handlers).
OpenSSL also performs its own cleanup in exit handlers, and it may happen
that OpenSSL cleanup is performed before the library destructors are
called. This may cause crashes when libica's library context has already
been freed by OpenSSL cleanup, but the library destructor tries to free
it a second time. This causes a double free, and very likely a crash.
Register an OpenSSL cleanup handler to clean up the library context before
OpenSSL performs its own cleanup.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/init.c | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/src/init.c b/src/init.c
index 9d69bd3..03a2a80 100644
--- a/src/init.c
+++ b/src/init.c
@@ -65,6 +65,18 @@ void end_sigill_section(struct sigaction *oldact, sigset_t *oldset)
sigprocmask(SIG_SETMASK, oldset, NULL);
}
+#if OPENSSL_VERSION_PREREQ(3, 0)
+static void openssl_cleanup()
+{
+ if (openssl_provider != NULL)
+ OSSL_PROVIDER_unload(openssl_provider);
+ openssl_provider = NULL;
+ if (openssl_libctx != NULL)
+ OSSL_LIB_CTX_free(openssl_libctx);
+ openssl_libctx = NULL;
+}
+#endif
+
void __attribute__ ((constructor)) icainit(void)
{
int value;
@@ -106,6 +118,17 @@ void __attribute__ ((constructor)) icainit(void)
* Create a separate library context for libica's use of OpenSSL services
* and explicitly load the 'default' or 'fips' provider for this context.
*/
+
+ /*
+ * Perform libica's context cleanup when OpenSSL cleanup is run.
+ * Otherwise it might happen that the library destructor is called
+ * after OpenSSL cleanup has already been performed, and this will
+ * cause crashes when trying to free our own OpenSSL library context,
+ * since the contexts have already been freed by OpenSSL cleanup at that
+ * time.
+ * */
+ OPENSSL_atexit(openssl_cleanup);
+
openssl_libctx = OSSL_LIB_CTX_new();
if (openssl_libctx == NULL) {
syslog(LOG_ERR, "Libica: failed to create openssl lib context\n");
@@ -148,10 +171,7 @@ void __attribute__ ((destructor)) icaexit(void)
stats_munmap(SHM_CLOSE);
#if OPENSSL_VERSION_PREREQ(3, 0)
- if (openssl_provider != NULL)
- OSSL_PROVIDER_unload(openssl_provider);
- if (openssl_libctx != NULL)
- OSSL_LIB_CTX_free(openssl_libctx);
+ openssl_cleanup();
#endif
}
--
2.34.3
From 140c700f1823e9f9f2cd26d5264cc4fb0f50dfa1 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue, 5 Apr 2022 14:49:07 +0200
Subject: [libica PATCH 2/5] Revert "OpenSSL 3.0: Cleanup OpenSSL library
context during OpenSSL cleanup"
This reverts commit c9867893f8d37381b522d8c3f371bec487805f9e.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/init.c | 28 ++++------------------------
1 file changed, 4 insertions(+), 24 deletions(-)
diff --git a/src/init.c b/src/init.c
index 03a2a80..9d69bd3 100644
--- a/src/init.c
+++ b/src/init.c
@@ -65,18 +65,6 @@ void end_sigill_section(struct sigaction *oldact, sigset_t *oldset)
sigprocmask(SIG_SETMASK, oldset, NULL);
}
-#if OPENSSL_VERSION_PREREQ(3, 0)
-static void openssl_cleanup()
-{
- if (openssl_provider != NULL)
- OSSL_PROVIDER_unload(openssl_provider);
- openssl_provider = NULL;
- if (openssl_libctx != NULL)
- OSSL_LIB_CTX_free(openssl_libctx);
- openssl_libctx = NULL;
-}
-#endif
-
void __attribute__ ((constructor)) icainit(void)
{
int value;
@@ -118,17 +106,6 @@ void __attribute__ ((constructor)) icainit(void)
* Create a separate library context for libica's use of OpenSSL services
* and explicitly load the 'default' or 'fips' provider for this context.
*/
-
- /*
- * Perform libica's context cleanup when OpenSSL cleanup is run.
- * Otherwise it might happen that the library destructor is called
- * after OpenSSL cleanup has already been performed, and this will
- * cause crashes when trying to free our own OpenSSL library context,
- * since the contexts have already been freed by OpenSSL cleanup at that
- * time.
- * */
- OPENSSL_atexit(openssl_cleanup);
-
openssl_libctx = OSSL_LIB_CTX_new();
if (openssl_libctx == NULL) {
syslog(LOG_ERR, "Libica: failed to create openssl lib context\n");
@@ -171,7 +148,10 @@ void __attribute__ ((destructor)) icaexit(void)
stats_munmap(SHM_CLOSE);
#if OPENSSL_VERSION_PREREQ(3, 0)
- openssl_cleanup();
+ if (openssl_provider != NULL)
+ OSSL_PROVIDER_unload(openssl_provider);
+ if (openssl_libctx != NULL)
+ OSSL_LIB_CTX_free(openssl_libctx);
#endif
}
--
2.34.3
From 7d0046c992ce927ad15943eb57fc788b147f7725 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue, 5 Apr 2022 14:54:22 +0200
Subject: [libica PATCH 3/5] OpenSSL 3.0: Do not cleanup OpenSSL library
context during library destructor
OpenSSL cleanup may have already run once the library destructor is called, this
may result in crashes. On the other hand, we can not register an OpenSSL cleanup
handler for this, because one may unload the library before OpenSSl cleanup runs,
this would also cause crashes.
So we can only not cleanup the library context at all, and leak it if one unloads
the library. OpenSSl will anyway clean up the contexts at program termination.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/init.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/src/init.c b/src/init.c
index 9d69bd3..b61e9d5 100644
--- a/src/init.c
+++ b/src/init.c
@@ -146,12 +146,4 @@ void __attribute__ ((destructor)) icaexit(void)
rng_fini();
stats_munmap(SHM_CLOSE);
-
-#if OPENSSL_VERSION_PREREQ(3, 0)
- if (openssl_provider != NULL)
- OSSL_PROVIDER_unload(openssl_provider);
- if (openssl_libctx != NULL)
- OSSL_LIB_CTX_free(openssl_libctx);
-#endif
-
}
--
2.34.3
From 82213e4c418222a7e1fc5a29c7fcf56df4b2faac Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 6 Apr 2022 10:37:08 +0200
Subject: [libica PATCH 4/5] Add ica_cleanup function as external function
Allow an application to perform cleanup of libica's internal resources.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
include/ica_api.h | 8 ++++++++
libica.map | 6 ++++++
src/icainfo.c | 5 +++++
src/init.c | 13 +++++++++++++
4 files changed, 32 insertions(+)
diff --git a/include/ica_api.h b/include/ica_api.h
index 6137c4a..e6ee45b 100644
--- a/include/ica_api.h
+++ b/include/ica_api.h
@@ -3665,4 +3665,12 @@ ICA_EXPORT
void ica_fips_powerup_tests(void);
#endif /* ICA_FIPS */
+/*
+ * Cleanup ICA resources. Should be called before the application terminates,
+ * or the libica library is unloaded.
+ *
+ */
+ICA_EXPORT
+void ica_cleanup(void);
+
#endif /* __ICA_API_H__ */
diff --git a/libica.map b/libica.map
index 0d031e1..6de5533 100644
--- a/libica.map
+++ b/libica.map
@@ -166,3 +166,9 @@ LIBICA_3.6.0 {
ica_ed448_ctx_del;
local: *;
} LIBICA_3.5.0;
+
+LIBICA_4.0.2 {
+ global:
+ ica_cleanup;
+ local: *;
+} LIBICA_3.6.0;
diff --git a/src/icainfo.c b/src/icainfo.c
index 61ec2d6..dbf8312 100644
--- a/src/icainfo.c
+++ b/src/icainfo.c
@@ -385,6 +385,7 @@ int main(int argc, char **argv)
default:
fprintf(stderr, "Try '%s --help' for more"
" information.\n", basename(argv[0]));
+ ica_cleanup();
exit(1);
}
}
@@ -392,6 +393,7 @@ int main(int argc, char **argv)
fprintf(stderr, "%s: invalid option.\n"
"Try '%s --help' for more information.\n",
argv[0], basename(argv[0]));
+ ica_cleanup();
exit(1);
}
@@ -400,12 +402,14 @@ int main(int argc, char **argv)
if (ica_get_functionlist(NULL, &mech_len) != 0){
perror("get_functionlist: ");
+ ica_cleanup();
return EXIT_FAILURE;
}
pmech_list = malloc(sizeof(libica_func_list_element)*mech_len);
if (ica_get_functionlist(pmech_list, &mech_len) != 0){
perror("get_functionlist: ");
free(pmech_list);
+ ica_cleanup();
return EXIT_FAILURE;
}
@@ -470,5 +474,6 @@ int main(int argc, char **argv)
printf("CPACF support (including fallbacks) is disabled in libica-cex.\n");
#endif
+ ica_cleanup();
return EXIT_SUCCESS;
}
diff --git a/src/init.c b/src/init.c
index b61e9d5..796e694 100644
--- a/src/init.c
+++ b/src/init.c
@@ -65,6 +65,19 @@ void end_sigill_section(struct sigaction *oldact, sigset_t *oldset)
sigprocmask(SIG_SETMASK, oldset, NULL);
}
+
+void ica_cleanup(void)
+{
+#if OPENSSL_VERSION_PREREQ(3, 0)
+ if (openssl_provider != NULL)
+ OSSL_PROVIDER_unload(openssl_provider);
+ openssl_provider = NULL;
+ if (openssl_libctx != NULL)
+ OSSL_LIB_CTX_free(openssl_libctx);
+ openssl_libctx = NULL;
+#endif
+}
+
void __attribute__ ((constructor)) icainit(void)
{
int value;
--
2.34.3
From e241c9503b1dc912ad9257a3787c56c320643a1e Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue, 19 Apr 2022 09:53:51 +0200
Subject: [libica PATCH 5/5] Fix memory leak at library unload by
uninstantiating global prng instance
When built in non-FIPS mode, s390_prng_init() initializes a global PRNG
instance in the library constructor, which must also be freed in the
library destructor. Otherwise it leaks 64 bytes (direct leak) plus 240 bytes
(indirect leak) when unloading the library.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/include/s390_prng.h | 1 +
src/init.c | 2 ++
src/s390_prng.c | 6 ++++++
3 files changed, 9 insertions(+)
diff --git a/src/include/s390_prng.h b/src/include/s390_prng.h
index 5219337..77ba430 100644
--- a/src/include/s390_prng.h
+++ b/src/include/s390_prng.h
@@ -16,5 +16,6 @@
int s390_prng_init(void);
int s390_prng(unsigned char *output_data, unsigned int output_length);
+void s390_prng_fini(void);
#endif
diff --git a/src/init.c b/src/init.c
index 796e694..74fafdd 100644
--- a/src/init.c
+++ b/src/init.c
@@ -158,5 +158,7 @@ void __attribute__ ((destructor)) icaexit(void)
{
rng_fini();
+ s390_prng_fini();
+
stats_munmap(SHM_CLOSE);
}
diff --git a/src/s390_prng.c b/src/s390_prng.c
index 1b057c6..b66be17 100644
--- a/src/s390_prng.c
+++ b/src/s390_prng.c
@@ -360,3 +360,9 @@ static int s390_prng_seed(void *srv, unsigned int count)
return rc;
}
#endif /* ICA_FIPS */
+
+void s390_prng_fini(void)
+{
+ if (ica_drbg_global != NULL)
+ ica_drbg_uninstantiate(&ica_drbg_global);
+}
--
2.34.3

View File

@ -2,7 +2,7 @@
Summary: Library for accessing ICA hardware crypto on IBM z Systems Summary: Library for accessing ICA hardware crypto on IBM z Systems
Name: libica Name: libica
Version: 4.0.0 Version: 4.0.1
Release: 1%{?dist} Release: 1%{?dist}
License: CPL License: CPL
URL: https://github.com/opencryptoki/ URL: https://github.com/opencryptoki/
@ -11,8 +11,8 @@ Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{v
# https://bugzilla.redhat.com/show_bug.cgi?id=1630582 # https://bugzilla.redhat.com/show_bug.cgi?id=1630582
# https://github.com/opencryptoki/libica/pull/24 # https://github.com/opencryptoki/libica/pull/24
Patch0: %{name}-4.0.0-annotate.patch Patch0: %{name}-4.0.0-annotate.patch
# post GA fixes, includes HMAC calculation # post GA fixes
Patch1: %{name}-4.0.0-fixes.patch Patch1: %{name}-%{version}-fixes.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: openssl BuildRequires: openssl
@ -106,6 +106,10 @@ fi
%changelog %changelog
* Thu May 12 2022 Dan Horák <dhorak@redhat.com> - 4.0.1-1
- updated to 4.0.1 (#2044178)
- Resolves: #2044178 #2044174
* Tue Feb 01 2022 Dan Horák <dan[at]danny.cz> - 4.0.0-1 * Tue Feb 01 2022 Dan Horák <dan[at]danny.cz> - 4.0.0-1
- updated to 4.0.0 (#2040237) - updated to 4.0.0 (#2040237)
- Resolves: #2040237 - Resolves: #2040237

View File

@ -1 +1 @@
SHA512 (libica-4.0.0.tar.gz) = ce950ce591d023b93bf8acbec4ef9eefbf2e3f4fc22a289ebb8d93d180655bb79e433c245d00d4a94828deaefd586bfd96907c55a88fcec86aef3eddfb0687b9 SHA512 (libica-4.0.1.tar.gz) = c30acbf47f673bd83d90c61f447e6bf4599639499b469a952c7463f080025282abd4b63cd26046ad11f726dafe764ba31eb6554dc8456a40157160b9f0c57407