From 01f1016328d93aa4fc27de6e6b0da295c069102c Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek Date: Thu, 23 Aug 2018 15:38:18 +0200 Subject: [PATCH] Update to upstream version 1.1.3 --- libkcapi-1.1.1-Coverity_PR_follow-up.patch | 272 ----- ...ossible_buffer_overflow_with_strncpy.patch | 47 - ..._various_issues_reported_by_Coverity.patch | 801 ------------- ...er_Add_missing_-d_option_to_fipshmac.patch | 186 --- ...capi-hasher_Fix_command-line_parsing.patch | 34 - ....1-kcapi-hasher_Fix_off-by-one_error.patch | 29 - ...ix_kcapi_handle_destroy_closing_FD_0.patch | 33 - ...g_tests_outside_of_build_environment.patch | 1050 ----------------- ...e_to_terminate_strncpy_copied_string.patch | 34 - ..._AEAD_fuzz_test_for_big-endian_archs.patch | 42 - libkcapi.spec | 19 +- sources | 4 +- 12 files changed, 8 insertions(+), 2543 deletions(-) delete mode 100644 libkcapi-1.1.1-Coverity_PR_follow-up.patch delete mode 100644 libkcapi-1.1.1-Fix_possible_buffer_overflow_with_strncpy.patch delete mode 100644 libkcapi-1.1.1-Fix_various_issues_reported_by_Coverity.patch delete mode 100644 libkcapi-1.1.1-kcapi-hasher_Add_missing_-d_option_to_fipshmac.patch delete mode 100644 libkcapi-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch delete mode 100644 libkcapi-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch delete mode 100644 libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch delete mode 100644 libkcapi-1.1.1-test_Allow_running_tests_outside_of_build_environment.patch delete mode 100644 libkcapi-1.1.1-test_Be_sure_to_terminate_strncpy_copied_string.patch delete mode 100644 libkcapi-1.1.1-test_Fix_AEAD_fuzz_test_for_big-endian_archs.patch diff --git a/libkcapi-1.1.1-Coverity_PR_follow-up.patch b/libkcapi-1.1.1-Coverity_PR_follow-up.patch deleted file mode 100644 index 854481c..0000000 --- a/libkcapi-1.1.1-Coverity_PR_follow-up.patch +++ /dev/null @@ -1,272 +0,0 @@ -From f24f3435be39cab2aa54a49d31968a023ab6d1d5 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Thu, 26 Jul 2018 14:09:27 +0200 -Subject: [PATCH 1/3] kcapi-kdf: Clear the whole out buffer on error - -The KDF functions were decrementing the output length variable in the -loop, but on error they would clear the output buffer based on this -decremented value. This patch backs up the original length and uses it -when clearing the output buffer. - -The kcapi_pbkdf() function also used an incremented output buffer -pointer. This one is now also backed-up and the original value is used -when clearing the output. - -Signed-off-by: Stephan Mueller ---- - lib/kcapi-kdf.c | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - -diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c -index 78a7e0d..6eccbe1 100644 ---- a/lib/kcapi-kdf.c -+++ b/lib/kcapi-kdf.c -@@ -99,6 +99,7 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle, - uint32_t h = kcapi_md_digestsize(handle); - int32_t err = 0; - uint8_t *dst_orig = dst; -+ uint32_t dlen_orig = dlen; - uint8_t Ai[h]; - uint32_t i = 1; - -@@ -161,7 +162,7 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle, - return 0; - - err: -- kcapi_memset_secure(dst_orig, 0, dlen); -+ kcapi_memset_secure(dst_orig, 0, dlen_orig); - kcapi_memset_secure(Ai, 0, h); - return err; - } -@@ -174,6 +175,7 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle, - uint32_t h = kcapi_md_digestsize(handle); - int32_t err = 0; - uint8_t *dst_orig = dst; -+ uint32_t dlen_orig = dlen; - const uint8_t *label; - uint32_t labellen = 0; - uint32_t i = 1; -@@ -238,7 +240,7 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle, - return 0; - - err: -- kcapi_memset_secure(dst_orig, 0, dlen); -+ kcapi_memset_secure(dst_orig, 0, dlen_orig); - return err; - } - -@@ -250,6 +252,7 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle, - uint32_t h = kcapi_md_digestsize(handle); - int32_t err = 0; - uint8_t *dst_orig = dst; -+ uint32_t dlen_orig = dlen; - uint32_t i = 1; - - if (dlen > INT_MAX) -@@ -295,7 +298,7 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle, - return 0; - - err: -- kcapi_memset_secure(dst_orig, 0, dlen); -+ kcapi_memset_secure(dst_orig, 0, dlen_orig); - return err; - } - -@@ -316,6 +319,7 @@ int32_t kcapi_hkdf(const char *hashname, - uint8_t *prev = NULL; - int32_t err = 0; - uint8_t *dst_orig = dst; -+ uint32_t dlen_orig = dlen; - uint8_t ctr = 0x01; - struct kcapi_handle *handle = NULL; - -@@ -415,7 +419,7 @@ int32_t kcapi_hkdf(const char *hashname, - goto out; - - err: -- kcapi_memset_secure(dst_orig, 0, dlen); -+ kcapi_memset_secure(dst_orig, 0, dlen_orig); - out: - kcapi_memset_secure(prk_tmp, 0, h); - kcapi_md_destroy(handle); -@@ -552,6 +556,8 @@ int32_t kcapi_pbkdf(const char *hashname, - uint8_t *key, uint32_t keylen) - { - struct kcapi_handle *handle; -+ uint8_t *key_orig = key; -+ uint32_t keylen_orig = keylen; - uint32_t h, i = 1; - #define MAX_DIGESTSIZE 64 - uint8_t u[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t)))); -@@ -633,7 +639,7 @@ int32_t kcapi_pbkdf(const char *hashname, - err: - kcapi_memset_secure(u, 0, h); - if (err) -- kcapi_memset_secure(key, 0, keylen); -+ kcapi_memset_secure(key_orig, 0, keylen_orig); - kcapi_md_destroy(handle); - - return err; - -From eacb82b193a94d46d2ea70c621176d79a5486008 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Thu, 26 Jul 2018 14:12:51 +0200 -Subject: [PATCH 2/3] kcapi-kdf: Simplify handling of final blocks - -This patch avoids the use of temporary buffers when handling the last -block in the KDF functions, taking advantage of the fact that -kcapi_md_final() can be used to retrieve also a truncated hash directly. - -The new code no longer produces a false-positive warning with CLang -static analysis, so the workaround (which Coverity identifies as -unreachable code) can be removed. - -Signed-off-by: Stephan Mueller ---- - lib/kcapi-kdf.c | 43 +++++++++---------------------------------- - 1 file changed, 9 insertions(+), 34 deletions(-) - -diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c -index 6eccbe1..afa6eb3 100644 ---- a/lib/kcapi-kdf.c -+++ b/lib/kcapi-kdf.c -@@ -140,13 +140,9 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle, - } - - if (dlen < h) { -- uint8_t tmpbuffer[h]; -- -- err = kcapi_md_final(handle, tmpbuffer, h); -+ err = kcapi_md_final(handle, dst, dlen); - if (err < 0) - goto err; -- memcpy(dst, tmpbuffer, dlen); -- kcapi_memset_secure(tmpbuffer, 0, h); - dlen = 0; - } else { - err = kcapi_md_final(handle, dst, h); -@@ -219,14 +215,10 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle, - } - - if (dlen < h) { -- uint8_t tmpbuffer[h]; -- -- err = kcapi_md_final(handle, tmpbuffer, h); -+ err = kcapi_md_final(handle, dst, dlen); - if (err < 0) - goto err; -- memcpy(dst, tmpbuffer, dlen); -- kcapi_memset_secure(tmpbuffer, 0, h); -- return 0; -+ dlen = 0; - } else { - err = kcapi_md_final(handle, dst, h); - if (err < 0) -@@ -276,14 +268,10 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle, - } - - if (dlen < h) { -- uint8_t tmpbuffer[h]; -- -- err = kcapi_md_final(handle, tmpbuffer, h); -+ err = kcapi_md_final(handle, dst, dlen); - if (err < 0) - goto err; -- memcpy(dst, tmpbuffer, dlen); -- kcapi_memset_secure(tmpbuffer, 0, h); -- return 0; -+ dlen = 0; - } else { - err = kcapi_md_final(handle, dst, h); - if (err < 0) -@@ -392,16 +380,10 @@ int32_t kcapi_hkdf(const char *hashname, - goto err; - - if (dlen < h) { -- err = kcapi_md_final(handle, prk_tmp, h); -+ err = kcapi_md_final(handle, dst, dlen); - if (err < 0) - goto err; - -- /* Shut up Clang */ -- if (!dst) { -- err = -EFAULT; -- goto err; -- } -- memcpy(dst, prk_tmp, dlen); - dlen = 0; - } else { - err = kcapi_md_final(handle, dst, h); -@@ -561,8 +543,6 @@ int32_t kcapi_pbkdf(const char *hashname, - uint32_t h, i = 1; - #define MAX_DIGESTSIZE 64 - uint8_t u[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t)))); -- uint8_t T[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t)))) = -- { 0 }; - int32_t err = 0; - - if (keylen > INT_MAX) -@@ -617,17 +597,12 @@ int32_t kcapi_pbkdf(const char *hashname, - if (err < 0) - goto err; - -- if (keylen < h) -- kcapi_xor_64_aligned(T, u, h); -- else -- kcapi_xor_64(key, u, h); -+ kcapi_xor_64(key, u, keylen < h ? keylen : h); - } - -- if (keylen < h) { -- memcpy(key, T, keylen); -- kcapi_memset_secure(T, 0, keylen); -+ if (keylen < h) - keylen = 0; -- } else { -+ else { - keylen -= h; - key += h; - i++; - -From c9ed6b2c07026e9bafd99e6c288cfbd175fd237f Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Thu, 26 Jul 2018 14:28:53 +0200 -Subject: [PATCH 3/3] kcapi-kdf: Fix unused function warning on 32-bit - -The kcapi_xor_64_aligned() is now unused when compiling in 32-bit mode, -so we need to define it only in the 64-bit case, otherwise the build -fails under CLang due to an usnused function warning. - -Signed-off-by: Stephan Mueller ---- - lib/kcapi-kdf.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c -index afa6eb3..a219d63 100644 ---- a/lib/kcapi-kdf.c -+++ b/lib/kcapi-kdf.c -@@ -503,10 +503,10 @@ static inline void kcapi_xor_32(uint8_t *dst, const uint8_t *src, uint32_t size) - kcapi_xor_8(dst, src, size); - } - -+#ifdef __LP64__ - static inline void kcapi_xor_64_aligned(uint8_t *dst, const uint8_t *src, - uint32_t size) - { --#ifdef __LP64__ - uint64_t *dst_dword = (uint64_t *)dst; - uint64_t *src_dword = (uint64_t *)src; - -@@ -514,10 +514,8 @@ static inline void kcapi_xor_64_aligned(uint8_t *dst, const uint8_t *src, - *dst_dword++ ^= *src_dword++; - - kcapi_xor_32_aligned((uint8_t *)dst_dword, (uint8_t *)src_dword, size); --#else -- kcapi_xor_32_aligned(dst, src, size); --#endif - } -+#endif - - static inline void kcapi_xor_64(uint8_t *dst, const uint8_t *src, uint32_t size) - { diff --git a/libkcapi-1.1.1-Fix_possible_buffer_overflow_with_strncpy.patch b/libkcapi-1.1.1-Fix_possible_buffer_overflow_with_strncpy.patch deleted file mode 100644 index 009752f..0000000 --- a/libkcapi-1.1.1-Fix_possible_buffer_overflow_with_strncpy.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 3e388ac4eba63b466bf6b14b2088ea44c8a2bfe4 Mon Sep 17 00:00:00 2001 -From: Krzysztof Kozlowski -Date: Thu, 12 Jul 2018 18:13:16 +0200 -Subject: [PATCH] Fix possible buffer overflow with strncpy and - -Wstringop-truncation warning - -If valid cipher name (to which netlink socket was bound) is longer than -CRYPTO_MAX_ALG_NAME defined in lib/cryptouser.h, then the strncpy() will -try to copy length of this cipher name into smaller buffer. - -In libkcapi the CRYPTO_MAX_ALG_NAME (thus the size of the buffer) is -defined as 64 but since commit f437a3f477cc ("crypto: api - Extend -algorithm name limit to 128 bytes") in Linux kernel (v4.12), the kernel -defines it as 128. - -It is error-prone to use source buffer length as limit of dst buffer. -Instead choose sizeof(dst buffer). - -This also fixes the warning with GCC v8.1.0: - - lib/kcapi-kernel-if.c: In function '__kcapi_common_getinfo.isra.2': - lib/kcapi-kernel-if.c:632:3: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] - strncpy(req.cru.cru_name, ciphername, strlen(ciphername)); - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Signed-off-by: Krzysztof Kozlowski -Signed-off-by: Stephan Mueller ---- - lib/kcapi-kernel-if.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c -index 2481f8a..807cbfe 100644 ---- a/lib/kcapi-kernel-if.c -+++ b/lib/kcapi-kernel-if.c -@@ -627,9 +627,9 @@ static int __kcapi_common_getinfo(struct kcapi_handle *handle, - - if (drivername) - strncpy(req.cru.cru_driver_name, ciphername, -- strlen(ciphername)); -+ sizeof(req.cru.cru_driver_name) - 1); - else -- strncpy(req.cru.cru_name, ciphername, strlen(ciphername)); -+ strncpy(req.cru.cru_name, ciphername, sizeof(req.cru.cru_name) - 1); - - /* talk to netlink socket */ - sd = socket(AF_NETLINK, SOCK_RAW, NETLINK_CRYPTO); diff --git a/libkcapi-1.1.1-Fix_various_issues_reported_by_Coverity.patch b/libkcapi-1.1.1-Fix_various_issues_reported_by_Coverity.patch deleted file mode 100644 index 80f51cf..0000000 --- a/libkcapi-1.1.1-Fix_various_issues_reported_by_Coverity.patch +++ /dev/null @@ -1,801 +0,0 @@ -From 633569b273d63244fccf1a1e65acc8c8252c2f48 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 23 Jul 2018 08:39:32 +0200 -Subject: [PATCH 01/16] apps: Check return code of fstat() - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - apps/app-internal.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/apps/app-internal.c b/apps/app-internal.c -index 25cef80..e80c304 100644 ---- a/apps/app-internal.c -+++ b/apps/app-internal.c -@@ -255,7 +255,12 @@ int read_complete(int fd, uint8_t *buf, uint32_t buflen) - - int check_filetype(int fd, struct stat *sb, const char *filename) - { -- fstat(fd, sb); -+ int ret = fstat(fd, sb); -+ if (ret) { -+ dolog(KCAPI_LOG_ERR, -+ "fstat() failed: %s", strerror(errno)); -+ return -errno; -+ } - - /* Do not return an error in case we cannot validate the data. */ - if ((sb->st_mode & S_IFMT) != S_IFREG && - -From bb1685801cf3f2c94c4591808a1a8499147b0249 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 23 Jul 2018 08:45:48 +0200 -Subject: [PATCH 02/16] kcapi-hasher: Fix strerror() call - -strerror() expects a nonnegative error number. Here we can just pass -errno instead of decoding the error from the return value of read(). - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - apps/kcapi-hasher.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c -index 2fc3ddc..5769502 100644 ---- a/apps/kcapi-hasher.c -+++ b/apps/kcapi-hasher.c -@@ -227,7 +227,7 @@ static int load_file(const char *filename, uint8_t **memory, uint32_t *size) - while ((rdbytes = read(fd, buffer + offset, buffer_size - offset)) != 0) { - if (rdbytes < 0) { - fprintf(stderr, "Error reading file %s: %s\n", filename, -- strerror((int)rdbytes)); -+ strerror(errno)); - ret = -EIO; - goto out; - } - -From fadc3f42bbd44bd78f78f58c935ae7126b6eb2ce Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 23 Jul 2018 08:50:36 +0200 -Subject: [PATCH 03/16] kcapi-hasher: Fix fd leak in load_file() - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - apps/kcapi-hasher.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c -index 5769502..52fca78 100644 ---- a/apps/kcapi-hasher.c -+++ b/apps/kcapi-hasher.c -@@ -258,6 +258,8 @@ static int load_file(const char *filename, uint8_t **memory, uint32_t *size) - - *memory = buffer; - *size = (uint32_t)offset; -+ -+ close(fd); - return 0; - - out: - -From 5ee2bc94de5e70703ed6ad288b3c664a1cff4fcf Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 23 Jul 2018 08:53:13 +0200 -Subject: [PATCH 04/16] kcapi-hasher: Fix buffer overrun in process_checkfile() - -The 'buf[(bsd_style - 4)]' access on line 593 can overrun the buffer if -bsd_style is exactly 3, which can theoretically happen if the BSD-style -separator is found at the very beginning of the line. Fix this by -starting to search for the separator at index 1 (it can't really be at -index 0 anyway). - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - apps/kcapi-hasher.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c -index 52fca78..daab735 100644 ---- a/apps/kcapi-hasher.c -+++ b/apps/kcapi-hasher.c -@@ -544,7 +544,7 @@ static int process_checkfile(const struct hash_params *params, - break; - } - -- for (i = 0; i < linelen; i++) { -+ for (i = 1; i < linelen; i++) { - /* - * Check for BSD-style separator between file name and - * hash value. - -From 1520fca1f9b2231bcb5101eab32e8e859b33a66c Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 23 Jul 2018 09:05:45 +0200 -Subject: [PATCH 05/16] docproc: Use correct sizeof() argument for clarity - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - lib/doc/bin/docproc.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c -index 4e52c1b..2313592 100644 ---- a/lib/doc/bin/docproc.c -+++ b/lib/doc/bin/docproc.c -@@ -154,7 +154,8 @@ int symfilecnt = 0; - static void add_new_symbol(struct symfile *sym, char * symname) - { - sym->symbollist = -- realloc(sym->symbollist, (sym->symbolcnt + 1) * sizeof(char *)); -+ realloc(sym->symbollist, -+ (sym->symbolcnt + 1) * sizeof(struct symbols)); - sym->symbollist[sym->symbolcnt++].name = strdup(symname); - } - - -From ed6c64434d42ba43efd839d4b0c693623442968f Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 23 Jul 2018 09:09:44 +0200 -Subject: [PATCH 06/16] docproc: Fail early on malloc/realloc failures - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - lib/doc/bin/docproc.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c -index 2313592..9a0a931 100644 ---- a/lib/doc/bin/docproc.c -+++ b/lib/doc/bin/docproc.c -@@ -156,6 +156,10 @@ static void add_new_symbol(struct symfile *sym, char * symname) - sym->symbollist = - realloc(sym->symbollist, - (sym->symbolcnt + 1) * sizeof(struct symbols)); -+ if (!sym->symbollist) { -+ perror("realloc"); -+ exit(1); -+ } - sym->symbollist[sym->symbolcnt++].name = strdup(symname); - } - -@@ -391,12 +395,20 @@ static void find_all_symbols(char *filename) - default: - close(pipefd[1]); - data = malloc(4096); -+ if (!data) { -+ perror("malloc"); -+ exit(1); -+ } - do { - while ((ret = read(pipefd[0], - data + data_len, - 4096)) > 0) { - data_len += ret; - data = realloc(data, data_len + 4096); -+ if (!data) { -+ perror("realloc"); -+ exit(1); -+ } - } - } while (ret == -EAGAIN); - if (ret != 0) { -@@ -421,6 +433,10 @@ static void find_all_symbols(char *filename) - start = all_list_len; - all_list_len += count; - all_list = realloc(all_list, sizeof(char *) * all_list_len); -+ if (!all_list) { -+ perror("realloc"); -+ exit(1); -+ } - str = data; - for (i = 0; i < (int)data_len && start != all_list_len; i++) { - if (data[i] == '\0') { - -From 1beccc4fa0af3ce57e0ff21d42907e774c4eb8fe Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 23 Jul 2018 09:15:36 +0200 -Subject: [PATCH 07/16] cryptoperf: Fix check of return value of open() - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - speed-test/cryptoperf-base.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/speed-test/cryptoperf-base.c b/speed-test/cryptoperf-base.c -index 55cd7ea..b564e19 100644 ---- a/speed-test/cryptoperf-base.c -+++ b/speed-test/cryptoperf-base.c -@@ -179,7 +179,7 @@ int cp_read_random(unsigned char *buf, size_t buflen) - size_t len = 0; - - fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC); -- if(0 >= fd) -+ if(0 > fd) - return fd; - do { - ret = read(fd, (buf + len), (buflen - len)); - -From d41a21125e72e9ad611451bb9753489a1f96af5e Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 23 Jul 2018 09:30:01 +0200 -Subject: [PATCH 08/16] cryptoperf: Fix buffer overrun in cp_print_status() - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - speed-test/cryptoperf-base.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/speed-test/cryptoperf-base.c b/speed-test/cryptoperf-base.c -index b564e19..c56c2ce 100644 ---- a/speed-test/cryptoperf-base.c -+++ b/speed-test/cryptoperf-base.c -@@ -159,7 +159,7 @@ char *cp_print_status(struct cp_test *test, int raw) - - memset(byteseconds, 0, sizeof(byteseconds)); - cp_bytes2string((processed_bytes / totaltime), byteseconds, -- (VALLEN + 1)); -+ VALLEN); - snprintf(str, 120, "%-24s|%s|%8lu bytes|%*s/s|%lu ops/s", - test->testname, - test->enc ? "e" : "d", - -From 5d17c564f7edae17b355f8cec7fa4c9685b10422 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 23 Jul 2018 10:05:50 +0200 -Subject: [PATCH 09/16] test/cryptoperf: Check the return value of sysconf() - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - speed-test/cryptoperf-aead.c | 10 ++++++-- - speed-test/cryptoperf-skcipher.c | 8 +++++- - test/kcapi-main.c | 53 +++++++++++++++++++--------------------- - 3 files changed, 40 insertions(+), 31 deletions(-) - -diff --git a/speed-test/cryptoperf-aead.c b/speed-test/cryptoperf-aead.c -index b2c0010..5a0446a 100644 ---- a/speed-test/cryptoperf-aead.c -+++ b/speed-test/cryptoperf-aead.c -@@ -36,6 +36,12 @@ static int cp_aead_init_test(struct cp_test *test, int enc, int ccm) - unsigned char ivrand[MAX_KEYLEN]; - unsigned char *ivdata = NULL; - uint32_t ivlen = 0; -+ long pagesize = sysconf(_SC_PAGESIZE); -+ -+ if (pagesize < 0) { -+ printf(DRIVER_NAME": unable to determine the page size\n"); -+ return -errno; -+ } - - dbg("Initializing AEAD test %s\n", test->testname); - if (!test->driver_name) { -@@ -97,14 +103,14 @@ static int cp_aead_init_test(struct cp_test *test, int enc, int ccm) - test->u.aead.assoclen, TAGLEN); - } - -- if (posix_memalign((void *)&input, sysconf(_SC_PAGESIZE), -+ if (posix_memalign((void *)&input, pagesize, - test->u.aead.indatalen * - (params->aio ? params->aio : 1))) { - printf(DRIVER_NAME": could not allocate input buffer for " - "%s\n", test->driver_name); - goto out; - } -- if (posix_memalign((void *)&output, sysconf(_SC_PAGESIZE), -+ if (posix_memalign((void *)&output, pagesize, - test->u.aead.outdatalen * - (params->aio ? params->aio : 1))) { - printf(DRIVER_NAME": could not allocate output buffer for " -diff --git a/speed-test/cryptoperf-skcipher.c b/speed-test/cryptoperf-skcipher.c -index a2db369..fb7123b 100644 ---- a/speed-test/cryptoperf-skcipher.c -+++ b/speed-test/cryptoperf-skcipher.c -@@ -34,6 +34,12 @@ static int cp_skcipher_init_test(struct cp_test *test) - unsigned char *ivdata = NULL; - unsigned int bs; - int err; -+ long pagesize = sysconf(_SC_PAGESIZE); -+ -+ if (pagesize < 0) { -+ printf(DRIVER_NAME": unable to determine the page size\n"); -+ return -errno; -+ } - - dbg("Initializing symmetric test %s\n", test->testname); - if (!test->driver_name) { -@@ -75,7 +81,7 @@ static int cp_skcipher_init_test(struct cp_test *test) - cp_read_random(ivdata, kcapi_cipher_blocksize(test->u.skcipher.handle)); - test->u.skcipher.iv = ivdata; - -- err = posix_memalign((void *)&scratchpad, sysconf(_SC_PAGESIZE), -+ err = posix_memalign((void *)&scratchpad, pagesize, - kcapi_cipher_blocksize(test->u.skcipher.handle) * params->len * - (params->aio ? params->aio : 1)); - if (err) { -diff --git a/test/kcapi-main.c b/test/kcapi-main.c -index c167b7f..b0ec2ca 100644 ---- a/test/kcapi-main.c -+++ b/test/kcapi-main.c -@@ -86,6 +86,8 @@ struct kcapi_cavs { - uint32_t outlen; - }; - -+static long pagesize; -+ - static char hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7', - '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; - static char hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7', -@@ -808,8 +810,7 @@ static int cavs_sym(struct kcapi_cavs *cavs_test, uint32_t loops, - outbuflen = cavs_test->ctlen; - } - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), -- outbuflen)) -+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen)) - goto out; - memset(outbuf, 0, outbuflen); - } else { -@@ -918,12 +919,10 @@ static int cavs_sym_stream(struct kcapi_cavs *cavs_test, uint32_t loops, - outbuflen = cavs_test->ctlen; - } - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), -- outbuflen)) -+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen)) - goto out; - memset(outbuf, 0, outbuflen); -- if (posix_memalign((void *)&outbuf2, sysconf(_SC_PAGESIZE), -- outbuflen)) -+ if (posix_memalign((void *)&outbuf2, pagesize, outbuflen)) - goto out; - memset(outbuf2, 0, outbuflen); - } else { -@@ -1072,7 +1071,7 @@ static int cavs_sym_aio(struct kcapi_cavs *cavs_test, uint32_t loops, - return -ENOMEM; - - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), outbuflen)) -+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen)) - goto out; - memset(outbuf, 0, outbuflen); - } else { -@@ -1241,7 +1240,7 @@ static int cavs_aead(struct kcapi_cavs *cavs_test, uint32_t loops, - fullbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen; - - if (cavs_test->aligned) { -- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), fullbuflen)) -+ if (posix_memalign((void *)&inbuf, pagesize, fullbuflen)) - goto out; - memset(inbuf, 0, fullbuflen); - } else { -@@ -1425,8 +1424,7 @@ static int cavs_aead_aio(struct kcapi_cavs *cavs_test, uint32_t loops, - maxbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen; - - if (cavs_test->aligned) { -- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), -- loops * maxbuflen)) -+ if (posix_memalign((void *)&inbuf, pagesize, loops * maxbuflen)) - goto out; - memset(inbuf, 0, loops * maxbuflen); - } else { -@@ -1596,7 +1594,7 @@ static int cavs_aead_stream(struct kcapi_cavs *cavs_test, uint32_t loops, - - maxbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen; - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), maxbuflen)) -+ if (posix_memalign((void *)&outbuf, pagesize, maxbuflen)) - goto out; - memset(outbuf, 0, maxbuflen); - } else { -@@ -1830,9 +1828,9 @@ static int cavs_aead_large(int stream, uint32_t loops, int splice) - test.keylen = len / 2; - - len = strlen(aad); -- if (posix_memalign((void *)&test.assoc, sysconf(_SC_PAGESIZE), (16 * sysconf(_SC_PAGESIZE)))) -+ if (posix_memalign((void *)&test.assoc, pagesize, (16 * pagesize))) - goto out; -- hex2bin(aad, len, test.assoc, (sysconf(_SC_PAGESIZE) * 16)); -+ hex2bin(aad, len, test.assoc, (pagesize * 16)); - test.assoclen = len / 2; - - test.taglen = 16; -@@ -2052,8 +2050,7 @@ static int cavs_asym(struct kcapi_cavs *cavs_test, uint32_t loops, - } - - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), -- maxsize)) -+ if (posix_memalign((void *)&outbuf, pagesize, maxsize)) - goto out; - memset(outbuf, 0, maxsize); - } else { -@@ -2164,11 +2161,10 @@ static int cavs_asym_aio(struct kcapi_cavs *cavs_test, uint32_t loops, - } - - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), -- maxsize * loops)) -+ if (posix_memalign((void *)&outbuf, pagesize, maxsize * loops)) - goto out; - memset(outbuf, 0, maxsize * loops); -- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), -+ if (posix_memalign((void *)&inbuf, pagesize, - cavs_test->ptlen * loops)) - goto out; - memset(outbuf, 0, cavs_test->ptlen * loops); -@@ -2294,10 +2290,10 @@ static int cavs_asym_stream(struct kcapi_cavs *cavs_test, uint32_t loops, - } - - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), maxsize * NUMIOVECS)) -+ if (posix_memalign((void *)&outbuf, pagesize, maxsize * NUMIOVECS)) - goto out; - memset(outbuf, 0, maxsize); -- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), inbuflen)) -+ if (posix_memalign((void *)&inbuf, pagesize, inbuflen)) - goto out; - memset(inbuf, 0, inbuflen); - } else { -@@ -2489,8 +2485,7 @@ static int cavs_kdf_common(struct kcapi_cavs *cavs_test, uint32_t loops) - uint32_t i = 0; - - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), -- cavs_test->outlen)) -+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen)) - return -ENOMEM; - memset(outbuf, 0, cavs_test->outlen); - } else { -@@ -2571,8 +2566,7 @@ static int cavs_hkdf(struct kcapi_cavs *cavs_test, uint32_t loops) - } - - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), -- cavs_test->outlen)) -+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen)) - return -ENOMEM; - memset(outbuf, 0, cavs_test->outlen); - } else { -@@ -2671,8 +2665,7 @@ static int cavs_pbkdf(struct kcapi_cavs *cavs_test, uint32_t loops) - } - - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), -- cavs_test->outlen)) -+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen)) - return -ENOMEM; - memset(outbuf, 0, cavs_test->outlen); - } else { -@@ -2928,7 +2921,7 @@ static int kpp(struct kcapi_cavs *cavs_test, uint32_t loops, int splice) - - outbuflen = ret; - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), ret)) -+ if (posix_memalign((void *)&outbuf, pagesize, ret)) - return -ENOMEM; - memset(outbuf, 0, ret); - } else { -@@ -3001,7 +2994,7 @@ static int kpp_aio(struct kcapi_cavs *cavs_test, uint32_t loops, int splice) - - outbuflen = ret; - if (cavs_test->aligned) { -- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), ret)) -+ if (posix_memalign((void *)&outbuf, pagesize, ret)) - return -ENOMEM; - memset(outbuf, 0, ret); - } else { -@@ -3072,6 +3065,10 @@ int main(int argc, char *argv[]) - int splice = KCAPI_ACCESS_SENDMSG; - struct kcapi_cavs cavs_test; - -+ pagesize = sysconf(_SC_PAGESIZE); -+ if (pagesize < 0) -+ return 1; -+ - memset(&cavs_test, 0, sizeof(struct kcapi_cavs)); - kcapi_set_verbosity(KCAPI_LOG_WARN); - - -From 4c904fbf621b0fb01d79c1b01d28c296f36e6d8a Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 25 Jul 2018 11:10:01 +0200 -Subject: [PATCH 10/16] docproc: Fix memory leak - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - lib/doc/bin/docproc.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c -index 9a0a931..ad8d3a0 100644 ---- a/lib/doc/bin/docproc.c -+++ b/lib/doc/bin/docproc.c -@@ -445,6 +445,7 @@ static void find_all_symbols(char *filename) - start++; - } - } -+ free(data); - } - - /* - -From 6092ff27886b7d40ea056f6c02a9c3fd5803df0d Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 25 Jul 2018 11:10:35 +0200 -Subject: [PATCH 11/16] kcapi-aead: Remove an unreachable statement - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - lib/kcapi-aead.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/lib/kcapi-aead.c b/lib/kcapi-aead.c -index 7f8348f..d32c1e4 100644 ---- a/lib/kcapi-aead.c -+++ b/lib/kcapi-aead.c -@@ -249,8 +249,6 @@ int32_t kcapi_aead_encrypt_aio(struct kcapi_handle *handle, struct iovec *iniov, - - return _kcapi_aead_encrypt_aio_fallback(handle, iniov, outiov, iovlen, - iv); -- -- return ret; - } - - DSO_PUBLIC - -From 41a64a4363da4cce0f8de654f7dceef5c3fd6285 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 25 Jul 2018 12:23:18 +0200 -Subject: [PATCH 12/16] kcapi-kdf: Fix buffer overruns in error paths - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - lib/kcapi-kdf.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c -index bf150c1..78a7e0d 100644 ---- a/lib/kcapi-kdf.c -+++ b/lib/kcapi-kdf.c -@@ -336,6 +336,7 @@ int32_t kcapi_hkdf(const char *hashname, - if (h > HKDF_MAXHASH) { - kcapi_dolog(KCAPI_LOG_ERR, - "Null salt size too small for hash\n"); -+ h = HKDF_MAXHASH; - err = -EFAULT; - goto err; - } -@@ -570,6 +571,7 @@ int32_t kcapi_pbkdf(const char *hashname, - kcapi_dolog(KCAPI_LOG_ERR, - "Programming error in file %s at line %u\n", - __FILE__, __LINE__); -+ h = MAX_DIGESTSIZE; - err = -EFAULT; - goto err; - } - -From 33c3b71ba5577c0b2bcdf8eb880642e0ab461079 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 25 Jul 2018 12:26:55 +0200 -Subject: [PATCH 13/16] kcapi-kernel-if: Simplify iovec validity check - -Current check is awkward, just checking iov for NULL seems to make CLang -happy. - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - lib/kcapi-kernel-if.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c -index 807cbfe..595ce68 100644 ---- a/lib/kcapi-kernel-if.c -+++ b/lib/kcapi-kernel-if.c -@@ -257,11 +257,11 @@ int32_t _kcapi_common_vmsplice_iov(struct kcapi_handle *handle, - uint32_t inlen = 0; - unsigned long i; - -- for (i = 0; i < iovlen; i++) { -- if (!(iov + i)) -- return -EINVAL; -+ if (iovlen && !iov) -+ return -EINVAL; -+ -+ for (i = 0; i < iovlen; i++) - inlen += iov[i].iov_len; -- } - - /* kernel processes input data with max size of one page */ - handle->processed_sg += ((inlen + sysconf(_SC_PAGESIZE) - 1) / - -From c1f82d3b78031037f7098bd26b5da00eceecc00a Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 25 Jul 2018 12:37:15 +0200 -Subject: [PATCH 14/16] test: Allocate name even if size is zero - -We still need one byte for the terminating null character. - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - test/kcapi-main.c | 10 ++++------ - 1 file changed, 4 insertions(+), 6 deletions(-) - -diff --git a/test/kcapi-main.c b/test/kcapi-main.c -index b0ec2ca..d20e74c 100644 ---- a/test/kcapi-main.c -+++ b/test/kcapi-main.c -@@ -275,13 +275,11 @@ static int fuzz_init_test(unsigned int size) - - kcapi_set_verbosity(KCAPI_LOG_NONE); - -- if (size) { -- name = calloc(1, size + 1); -+ name = calloc(1, size + 1); - -- if (!name) { -- printf("Allocation of %u bytes failed", size); -- return 1; -- } -+ if (!name) { -+ printf("Allocation of %u bytes failed", size); -+ return 1; - } - - if (get_random(name, size, 0)) { - -From 698fcb68572b5d315b27294bd3e9ee2c058920f6 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 25 Jul 2018 12:41:37 +0200 -Subject: [PATCH 15/16] test: Fix resource leak and error handling - -The fuzz_cipher() and fuzz_aead() functions did not always return error -when it should and it did not always release the cipher handle on -return. This patch fixes both issues. - -Found by Coverity. - -Signed-off-by: Stephan Mueller ---- - test/kcapi-main.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/test/kcapi-main.c b/test/kcapi-main.c -index d20e74c..b3f6ae9 100644 ---- a/test/kcapi-main.c -+++ b/test/kcapi-main.c -@@ -352,11 +352,11 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags, - uint8_t indata[4096]; - uint8_t outdata[4096]; - unsigned int i; -- int ret = 0; -+ int ret = 1; - - if (kcapi_cipher_init(&handle, cavs_test->cipher, 0)) { - printf("Allocation of %s cipher failed\n", cavs_test->cipher); -- return -EFAULT; -+ return 1; - } - - /* Set key */ -@@ -366,7 +366,7 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags, - for (i = 0; i < sizeof(key); i++) { - if (get_random(key, i, 0)) { - printf("get_random call failed\n"); -- return 1; -+ goto out; - } - kcapi_cipher_setkey(handle, key, i); - } -@@ -388,7 +388,7 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags, - - if (get_random(indata, i, 0)) { - printf("get_random call failed\n"); -- return 1; -+ goto out; - } - - if (flags & FUZZ_LESSOUT) -@@ -429,11 +429,11 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags, - uint8_t indata[4096]; - uint8_t outdata[4096]; - unsigned int i; -- int ret = 0; -+ int ret = 1; - - if (kcapi_aead_init(&handle, cavs_test->cipher, 0)) { - printf("Allocation of %s cipher failed\n", cavs_test->cipher); -- return -EFAULT; -+ return 1; - } - - /* Set key */ -@@ -443,7 +443,7 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags, - for (i = 0; i < sizeof(key); i++) { - if (get_random(key, i, 0)) { - printf("get_random call failed\n"); -- return 1; -+ goto out; - } - kcapi_aead_setkey(handle, key, i); - } -@@ -479,7 +479,7 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags, - - if (get_random(indata, i, 0)) { - printf("get_random call failed\n"); -- return 1; -+ goto out; - } - - if (flags & FUZZ_LESSOUT) - -From ec9c36216623b94684c9e5ca8be26455b490bdef Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 25 Jul 2018 16:52:13 +0200 -Subject: [PATCH 16/16] test: Clean up after NULL string fix - -Signed-off-by: Stephan Mueller ---- - test/kcapi-main.c | 10 ++++------ - 1 file changed, 4 insertions(+), 6 deletions(-) - -diff --git a/test/kcapi-main.c b/test/kcapi-main.c -index b3f6ae9..3cba467 100644 ---- a/test/kcapi-main.c -+++ b/test/kcapi-main.c -@@ -271,14 +271,12 @@ static int fuzz_init_test(unsigned int size) - { - struct kcapi_handle *handle; - int ret = 0; -- uint8_t *name = NULL; -+ uint8_t *name = calloc(1, size + 1); - - kcapi_set_verbosity(KCAPI_LOG_NONE); - -- name = calloc(1, size + 1); -- - if (!name) { -- printf("Allocation of %u bytes failed", size); -+ printf("Allocation of %u bytes failed", size + 1); - return 1; - } - -@@ -317,10 +315,10 @@ static int fuzz_init_test(unsigned int size) - - fail: - fprintf(stdout, "allocation success of nonsense string "); -- if (name) -+ if (size) - bin2print(name, size); - else -- fprintf(stdout, "NULL\n"); -+ fprintf(stdout, "EMPTY\n"); - free(name); - return 1; - } diff --git a/libkcapi-1.1.1-kcapi-hasher_Add_missing_-d_option_to_fipshmac.patch b/libkcapi-1.1.1-kcapi-hasher_Add_missing_-d_option_to_fipshmac.patch deleted file mode 100644 index 228edf9..0000000 --- a/libkcapi-1.1.1-kcapi-hasher_Add_missing_-d_option_to_fipshmac.patch +++ /dev/null @@ -1,186 +0,0 @@ -From 2a0642407dd227d24e646c170d8afd47ab917899 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 16 Jul 2018 15:17:29 +0200 -Subject: [PATCH] kcapi-hasher: Add missing -d option to fipshmac - ---- - apps/kcapi-hasher.c | 61 ++++++++++++++++++++++++++++------------------------- - 1 file changed, 32 insertions(+), 29 deletions(-) - -diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c -index 6782dbc..2fc3ddc 100644 ---- a/apps/kcapi-hasher.c -+++ b/apps/kcapi-hasher.c -@@ -71,7 +71,7 @@ struct hash_name { - }; - - struct hash_key { -- const char *subdir; -+ const char *checkdir; - const uint8_t *data; - uint32_t len; - }; -@@ -108,12 +108,20 @@ static const char hmaccalc_hmackey[] = "FIPS-FTW-RHT2009"; - static const struct hash_key KEY_FIPSCHECK = { - .data = (const uint8_t *)fipscheck_hmackey, - .len = sizeof(fipscheck_hmackey) - 1, -- .subdir = "fipscheck", -+#ifdef CHECK_DIR -+ .checkdir = CHECK_DIR"/fipscheck", -+#else -+ .checkdir = NULL, -+#endif - }; - static const struct hash_key KEY_HMACCALC = { - .data = (const uint8_t *)hmaccalc_hmackey, - .len = sizeof(hmaccalc_hmackey) - 1, -- .subdir = "hmaccalc", -+#ifdef CHECK_DIR -+ .checkdir = CHECK_DIR"/hmaccalc", -+#else -+ .checkdir = NULL, -+#endif - }; - - static void usage(char *name, int fipscheck) -@@ -142,7 +150,8 @@ static void usage(char *name, int fipscheck) - fprintf(stderr, "\t-k --key-file FILE\tUse HMAC key from given file\n"); - fprintf(stderr, "\t-K --key KEY\t\tUse KEY as the HMAC key\n"); - fprintf(stderr, "\t --tag\t\tCreate a BSD-style checksum\n"); -- fprintf(stderr, "\t-b, -d, -P\t\tCompatibility hmaccalc options; ignored\n"); -+ fprintf(stderr, "\t-d\t\t\tCheck directory for fipshmac; otherwise ignored\n"); -+ fprintf(stderr, "\t-b, -P\t\t\tCompatibility hmaccalc options; ignored\n"); - fprintf(stderr, "\t --help\t\tPrint this help text\n"); - fprintf(stderr, "\t-v --version\t\tShow version\n"); - } -@@ -368,7 +377,7 @@ static char *paste(char *dst, const char *src, size_t size) - * return: NULL when malloc failed, a pointer that the caller must free - * otherwise. - */ --static char *get_hmac_file(const char *filename, const char *subdir) -+static char *get_hmac_file(const char *filename, const char *checkdir) - { - size_t i, filelen, pathlen, namelen, basenamestart = 0; - size_t prefixlen = strlen(CHECK_PREFIX); -@@ -386,12 +395,7 @@ static char *get_hmac_file(const char *filename, const char *subdir) - } - - namelen = filelen - basenamestart; --#ifdef CHECK_DIR -- pathlen = strlen(CHECK_DIR"/") + strlen(subdir) + 1; --#else -- (void)subdir; // avoid parameter unused warning -- pathlen = basenamestart; --#endif -+ pathlen = checkdir ? strlen(checkdir) + 1 : basenamestart; - - checkfile = malloc(pathlen + namelen + prefixlen + 1 /* "." */ + - suffixlen + 1 /* null character */); -@@ -399,14 +403,12 @@ static char *get_hmac_file(const char *filename, const char *subdir) - return NULL; - - cursor = checkfile; --#ifdef CHECK_DIR -- cursor = paste(cursor, CHECK_DIR"/", strlen(CHECK_DIR"/")); -- cursor = paste(cursor, subdir, strlen(subdir)); -- cursor = paste(cursor, "/", 1); --#else -- if (pathlen > 0) -+ if (checkdir) { -+ cursor = paste(cursor, checkdir, strlen(checkdir)); -+ cursor = paste(cursor, "/", 1); -+ } else if (pathlen > 0) - cursor = paste(cursor, filename, pathlen); --#endif -+ - cursor = paste(cursor, CHECK_PREFIX, prefixlen); - cursor = paste(cursor, filename + basenamestart, namelen); - cursor = paste(cursor, "."CHECK_SUFFIX, 1 + suffixlen); -@@ -417,7 +419,7 @@ static char *get_hmac_file(const char *filename, const char *subdir) - - static int hash_files(const struct hash_params *params, - char *filenames[], uint32_t files, -- int fipshmac, int just_print) -+ int fipshmac, const char *checkdir, int just_print) - { - struct kcapi_handle *handle; - const char *hashname = params->name.kcapiname; -@@ -446,9 +448,7 @@ static int hash_files(const struct hash_params *params, - const char *filename = filenames[i]; - - if (fipshmac) { -- char *outfile = get_hmac_file(filenames[i], -- params->key.subdir); -- -+ char *outfile = get_hmac_file(filenames[i], checkdir); - if (!outfile) { - fprintf(stderr, - "Cannot create HMAC file name\n"); -@@ -712,11 +712,11 @@ static int fipscheck_self(const struct hash_params *params_bin, - } - - if (mode == SELFCHECK_PRINT_SELF) { -- ret = hash_files(params_bin, names, 1, 0, 1); -+ ret = hash_files(params_bin, names, 1, 0, NULL, 1); - goto out; - } - -- checkfile = get_hmac_file(selfname, params_bin->key.subdir); -+ checkfile = get_hmac_file(selfname, params_bin->key.checkdir); - if (!checkfile) { - ret = -ENOMEM; - goto out; -@@ -750,13 +750,13 @@ static int fipscheck_self(const struct hash_params *params_bin, - strncpy(selfname, info.dli_fname, (sizeof(selfname) - 1)); - - if (mode == SELFCHECK_PRINT_LIB) { -- ret = hash_files(params_lib, names, 1, 0, 1); -+ ret = hash_files(params_lib, names, 1, 0, NULL, 1); - goto out; - } - - if (checkfile) - free(checkfile); -- checkfile = get_hmac_file(selfname, params_lib->key.subdir); -+ checkfile = get_hmac_file(selfname, params_lib->key.checkdir); - if (!checkfile) { - ret = -ENOMEM; - goto out; -@@ -799,6 +799,7 @@ int main(int argc, char *argv[]) - - char *checkfile = NULL; - const char *targetfile = NULL; -+ const char *checkdir = NULL; - uint8_t *hmackey_alloc = NULL; - uint8_t *hmackey_mmap = NULL; - int opt_index = 0; -@@ -1055,8 +1056,10 @@ int main(int argc, char *argv[]) - version(argv[0]); - ret = 0; - goto out; -- case 'b': - case 'd': -+ checkdir = optarg; -+ break; -+ case 'b': - case 'P': - /* Compatibility options, just ignore */ - break; -@@ -1110,7 +1113,7 @@ int main(int argc, char *argv[]) - targetfile = argv[optind]; - if (checkfile) - free(checkfile); -- checkfile = get_hmac_file(targetfile, params.key.subdir); -+ checkfile = get_hmac_file(targetfile, params.key.checkdir); - if (!checkfile) { - ret = 1; - goto out; -@@ -1120,7 +1123,7 @@ int main(int argc, char *argv[]) - - if (!checkfile) - ret = hash_files(¶ms, argv + optind, (argc - optind), -- fipshmac, 0); -+ fipshmac, checkdir, 0); - else if (optind == argc) - ret = process_checkfile(¶ms, checkfile, targetfile, loglevel); - else { diff --git a/libkcapi-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch b/libkcapi-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch deleted file mode 100644 index e22a1f5..0000000 --- a/libkcapi-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 912ab6d55ef5af594d22d01a39cf7e035c797335 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 11 Jul 2018 09:42:26 +0200 -Subject: [PATCH] kcapi-hasher: Fix command-line parsing - -I made a mistake in commit 3be3e18d4a2e ("kcapi-hasher: Allow picking -basename via cmdline"), which apparently broke command-line parsing when -the '-n' options is not used. This patch fixes the issue by resetting -the right variable and also silences error messages when checking for -the '-n' option. - -Fedora BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1599831 ---- - apps/kcapi-hasher.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c -index ae88211..90707a6 100644 ---- a/apps/kcapi-hasher.c -+++ b/apps/kcapi-hasher.c -@@ -841,10 +841,12 @@ int main(int argc, char *argv[]) - } - basen = basename(basec); - -+ opterr = 0; - if (getopt_long(argc, argv, opts_name_short, opts_name, &opt_index) == 'n') - basen = optarg; - else -- opt_index = 0; -+ optind = 1; -+ opterr = 1; - - params_self = &PARAMS_SELF_FIPSCHECK; - if (0 == strncmp(basen, "sha256sum", 9)) { diff --git a/libkcapi-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch b/libkcapi-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch deleted file mode 100644 index bccb598..0000000 --- a/libkcapi-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 94c8277dd8fbd2193cb3804c304e965c9238951d Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 11 Jul 2018 14:41:14 +0200 -Subject: [PATCH] kcapi-hasher: Fix off-by-one error - -There was an off-by-one error in process_checkfile() that caused the -hasher to misparse checkfiles that contain only the hash (for -self-check). ---- - apps/kcapi-hasher.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c -index ae88211..00f0373 100644 ---- a/apps/kcapi-hasher.c -+++ b/apps/kcapi-hasher.c -@@ -514,8 +514,11 @@ static int process_checkfile(const struct hash_params *params, - uint32_t i; - uint32_t bsd_style = 0; // >0 if --tag formatted style - -+ if (linelen == 0) -+ break; -+ - /* remove trailing CR and reduce buffer length */ -- for (i = linelen; i > 0; i--) { -+ for (i = linelen - 1; i > 0; i--) { - if (!isprint(buf[i])) { - buf[i] = '\0'; - linelen--; diff --git a/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch b/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch deleted file mode 100644 index 220ba6d..0000000 --- a/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch +++ /dev/null @@ -1,33 +0,0 @@ -From b2e9360dab74de1ffcb8527610e88b0da87c701e Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 30 Jul 2018 17:17:59 +0200 -Subject: [PATCH] lib: Fix _kcapi_handle_destroy() closing FD 0 - -The kcapi_handle structure is initialized with zeroes at allocation. -However, since it contains several file descriptor variables, it may -happen that _kcapi_handle_destroy() is executed while some of these are -set to 0, causing an unwanted call to close(0). - -This patch prevents it by initializing all FD variables to -1 right -after handle allocation. ---- - lib/kcapi-kernel-if.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c -index 595ce68..dfa94b4 100644 ---- a/lib/kcapi-kernel-if.c -+++ b/lib/kcapi-kernel-if.c -@@ -1146,6 +1146,12 @@ int _kcapi_handle_init(struct kcapi_handle **caller, const char *type, - - handle->tfm = tfm; - -+ /* Initialize all fd vars to -1 to avoid unwanted close(0) */ -+ handle->pipes[0] = -1; -+ handle->pipes[1] = -1; -+ handle->opfd = -1; -+ handle->aio.efd = -1; -+ - ret = _kcapi_handle_init_tfm(handle, type, ciphername); - if (ret) - goto err; diff --git a/libkcapi-1.1.1-test_Allow_running_tests_outside_of_build_environment.patch b/libkcapi-1.1.1-test_Allow_running_tests_outside_of_build_environment.patch deleted file mode 100644 index 6ead04a..0000000 --- a/libkcapi-1.1.1-test_Allow_running_tests_outside_of_build_environment.patch +++ /dev/null @@ -1,1050 +0,0 @@ -From 7223cbef97f346026e29de73f547b7074d8f5b94 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Mon, 6 Aug 2018 15:47:15 +0200 -Subject: [PATCH 1/6] test: Remove an unnecessary hack - ---- - test/libtest.sh | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/test/libtest.sh b/test/libtest.sh -index d969277..2a90d91 100644 ---- a/test/libtest.sh -+++ b/test/libtest.sh -@@ -20,8 +20,6 @@ - # Common code for test cases - # - --export PATH=$PATH:. -- - ##################################################################### - # Common functions - ##################################################################### - -From 0bc71e19b51a45dbcc6c3710d3d4ffed0707e68a Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Tue, 7 Aug 2018 09:51:08 +0200 -Subject: [PATCH 2/6] test: Allow running tests outside of build environment - -This patch slightly refactors the test scripts so they can be installed -along with the binaries and ran on the installed system. The old way of -running test-invocation.sh in the build environment still works. - -The test scripts are installed into %pkglibexecdir%, along with the test -binaries (so that the test scripts can easily find them). Note that the -test binaries are also still installed in %bindir% to not break the -backwards compatibility. - -Distribuitons are recommended to put the test files into a separate -subpackage that can be installed for debugging/QA purposes. ---- - Makefile.am | 13 ++++++ - test/compile-test.sh | 57 ++++--------------------- - test/hasher-test.sh | 82 ++++++++++++++++++++++-------------- - test/kcapi-convenience.sh | 12 +++--- - test/kcapi-dgst-test.sh | 38 ++++++++--------- - test/kcapi-enc-test-large.sh | 9 ++-- - test/kcapi-enc-test.sh | 44 +++++++++---------- - test/kcapi-fuzz-test.sh | 5 ++- - test/libtest.sh | 71 +++++++++++++++++-------------- - test/test-invocation.sh | 45 +++++++++----------- - test/test-is-local | 0 - test/test.sh | 5 ++- - test/virttest.sh | 7 +-- - 13 files changed, 192 insertions(+), 196 deletions(-) - create mode 100644 test/test-is-local - -diff --git a/Makefile.am b/Makefile.am -index 9bc3c3e..c922f4e 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -108,6 +108,19 @@ bin_kcapi_convenience_SOURCES = test/kcapi-convenience.c - EXTRA_bin_kcapi_convenience_DEPENDENCIES = libtool - - SCAN_FILES += $(bin_kcapi_convenience_SOURCES) -+ -+pkglibexec_PROGRAMS = bin/kcapi bin/kcapi-enc-test-large bin/kcapi-convenience -+ -+pkglibexec_SCRIPTS = test/libtest.sh \ -+ test/test.sh \ -+ test/kcapi-enc-test.sh \ -+ test/kcapi-enc-test-large.sh \ -+ test/kcapi-dgst-test.sh \ -+ test/kcapi-convenience.sh \ -+ test/hasher-test.sh \ -+ test/compile-test.sh \ -+ test/virttest.sh \ -+ test/test-invocation.sh - endif - - if ENABLE_KCAPI_SPEED -diff --git a/test/compile-test.sh b/test/compile-test.sh -index 0568a5e..1205cda 100755 ---- a/test/compile-test.sh -+++ b/test/compile-test.sh -@@ -19,57 +19,16 @@ - # - # This test tries to compile all code and tries to install it - # --LOCALDIR=$(pwd) --INSTALLTARGET=$LOCALDIR/tmp-install - --failures=0 -+DIRNAME="$(dirname "$0")" -+. "$DIRNAME/libtest.sh" - --# color -- emit ansi color codes --color() --{ -- bg=0 -- echo -ne "\033[0m" -- while [[ $# -gt 0 ]]; do -- code=0 -- case $1 in -- black) code=30 ;; -- red) code=31 ;; -- green) code=32 ;; -- yellow) code=33 ;; -- blue) code=34 ;; -- magenta) code=35 ;; -- cyan) code=36 ;; -- white) code=37 ;; -- background|bg) bg=10 ;; -- foreground|fg) bg=0 ;; -- reset|off|default) code=0 ;; -- bold|bright) code=1 ;; -- esac -- [[ $code == 0 ]] || echo -ne "\033[$(printf "%02d" $((code+bg)))m" -- shift -- done --} -- --echo_pass() --{ -- echo "------------------------------------------------------------------" -- echo $(color "green")[PASSED]$(color off) $@ -- echo "==================================================================" --} -+if [ "$KCAPI_TEST_LOCAL" -ne 1 ]; then -+ echo "Compile test can only be run in a local test!" -+ exit 1 -+fi - --echo_fail() --{ -- echo "------------------------------------------------------------------" -- echo $(color "red")[FAILED: $1]$(color off) $@ -- echo "==================================================================" --} -- --echo_deact() --{ -- echo "------------------------------------------------------------------" -- echo $(color "yellow")[DEACTIVATED: $1]$(color off) $@ -- echo "==================================================================" --} -+INSTALLTARGET="$(pwd)/tmp-install" - - check_result() - { -@@ -90,7 +49,7 @@ check_result() - trap "rm -rf $INSTALLTARGET; exit" 0 1 2 3 15 - - mkdir -p $INSTALLTARGET --cd .. -+cd "$DIRNAME/.." - make distclean > /dev/null 2>&1 - ./configure --enable-kcapi-test \ - --enable-kcapi-speed \ -diff --git a/test/hasher-test.sh b/test/hasher-test.sh -index f36897b..c9bc03b 100755 ---- a/test/hasher-test.sh -+++ b/test/hasher-test.sh -@@ -18,29 +18,39 @@ - # DAMAGE. - # - --. libtest.sh -- --HASHERBIN="${APPDIR}/kcapi-hasher" --find_platform $HASHERBIN -- --function run_hasher() { -- "$HASHERBIN" -n "$@" --} -+DIRNAME="$(dirname "$0")" -+. "$DIRNAME/libtest.sh" - - SUMHASHER="md5sum sha1sum sha256sum sha384sum sha512sum" - HMACHASHER="sha1hmac sha256hmac sha384hmac sha512hmac" - CHKFILE="${TMPDIR}/chk.$$" - ANOTHER="${TMPDIR}/test.$$" - --touch $ANOTHER --trap "rm -f $ANOTHER $CHKFILE" 0 1 2 3 15 -+if [ "$KCAPI_TEST_LOCAL" -eq 1 ]; then -+ find_platform kcapi-hasher -+ function run_hasher() { -+ run_app kcapi-hasher -n "$@" -+ } -+else -+ find_platform sha1hmac -+ function run_hasher() { -+ "$@" -+ } - --if [ ! -e $HASHERBIN ] --then -- echo "Hasher binary missing" -- exit 1 -+ for hasher in $SUMHASHER $HMACHASHER -+ do -+ binary="$(find_app_binary $hasher)" -+ if [ ! -x "$(command -v "$binary")" ] -+ then -+ echo "Hasher binary $hasher missing" -+ exit 1 -+ fi -+ done - fi - -+touch $ANOTHER -+trap "rm -f $ANOTHER $CHKFILE" 0 1 2 3 15 -+ - for hasher in $SUMHASHER $HMACHASHER - do - >$CHKFILE -@@ -62,7 +72,7 @@ do - fi - - run_hasher $hasher $0 $ANOTHER | sed -E 's/(\w+\s)\s/\1*/' >$CHKFILE -- run_hasher $hasher -q -c $CHKFILE -+ run_hasher $hasher --status -c $CHKFILE - if [ $? -eq 0 ] - then - echo_pass "Parsing checker file with asterisk with $hasher" -@@ -70,7 +80,7 @@ do - echo_fail "Parsing checker file with asterisk (binary mode) with $hasher failed" - fi - -- run_hasher $hasher $0 $ANOTHER | run_hasher $hasher -q -c - -+ run_hasher $hasher $0 $ANOTHER | run_hasher $hasher --status -c - - if [ $? -eq 0 ] - then - echo_pass "Checker file '-' interpretation with $hasher" -@@ -125,24 +135,26 @@ do - run_hasher $hasher --status -c $CHKFILE - [ $? -ne 0 ] && echo_fail "Verification of checker file $CHKFILE with hasher $hasher failed" - -- echo -n 123 >$CHKFILE -- -- a=$(openssl dgst -$hash -hmac 123 $0 | cut -f 2 -d" ") -- b=$(run_hasher $hasher -K 123 $0 | cut -f 1 -d" ") -- c=$(run_hasher $hasher -k $CHKFILE $0 | cut -f 1 -d" ") -- [ x"$a" != x"$b" ] && { -- echo_fail "HMAC calculation for $hasher failed (cmdline key)" -- continue -- } -- [ x"$a" != x"$b" ] && { -- echo_fail "HMAC calculation for $hasher failed (key in regular file)" -- continue -- } -- echo_pass "HMAC calculation for $hasher" -+ if [ "$KCAPI_TEST_LOCAL" -eq 1 ]; then -+ echo -n 123 >$CHKFILE -+ -+ a=$(openssl dgst -$hash -hmac 123 $0 | cut -f 2 -d" ") -+ b=$(run_hasher $hasher -K 123 $0 | cut -f 1 -d" ") -+ c=$(run_hasher $hasher -k $CHKFILE $0 | cut -f 1 -d" ") -+ [ x"$a" != x"$b" ] && { -+ echo_fail "HMAC calculation for $hasher failed (cmdline key)" -+ continue -+ } -+ [ x"$a" != x"$b" ] && { -+ echo_fail "HMAC calculation for $hasher failed (key in regular file)" -+ continue -+ } -+ echo_pass "HMAC calculation for $hasher" -+ fi - rm -f $CHKFILE - done - --for i in $HMACHASHER -+[ "$KCAPI_TEST_LOCAL" -eq 1 ] && for i in $HMACHASHER - do - hasher=$i - hash=${hasher%%hmac} -@@ -320,7 +332,13 @@ function run_kat() { - fi - } - --for suffix in sum hmac -+if [ "$KCAPI_TEST_LOCAL" -eq 1 ]; then -+ KAT_SUFFIXES="sum hmac" -+else -+ KAT_SUFFIXES="hmac" -+fi -+ -+for suffix in $KAT_SUFFIXES - do - run_kat sha1$suffix "RFC 2202, section 3, #1" 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b "Hi There" 0xb617318655057264e28bc0b6fb378c8ef146be00 - run_kat sha1$suffix "RFC 2202, section 3, #2" "Jefe" "what do ya want for nothing?" 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79 -diff --git a/test/kcapi-convenience.sh b/test/kcapi-convenience.sh -index 30f0399..c0090da 100755 ---- a/test/kcapi-convenience.sh -+++ b/test/kcapi-convenience.sh -@@ -18,17 +18,17 @@ - # DAMAGE. - # - --. libtest.sh -+DIRNAME="$(dirname "$0")" -+. "$DIRNAME/libtest.sh" - --APP="${APPDIR}/kcapi-convenience" --find_platform $APP -+find_platform "$KCAPI_TEST_BIN_DIR/kcapi-convenience" - --$APP -+"$KCAPI_TEST_BIN_DIR/kcapi-convenience" - if [ $? -eq 0 ] - then -- echo_pass "Convenience essage digest operation" -+ echo_pass "Convenience message digest operation" - else -- echo_fail "Convenience essage digest operation" -+ echo_fail "Convenience message digest operation" - fi - - echo "===================================================================" -diff --git a/test/kcapi-dgst-test.sh b/test/kcapi-dgst-test.sh -index b9d41b4..a6af16d 100755 ---- a/test/kcapi-dgst-test.sh -+++ b/test/kcapi-dgst-test.sh -@@ -18,10 +18,10 @@ - # DAMAGE. - # - --. libtest.sh -+DIRNAME="$(dirname "$0")" -+. "$DIRNAME/libtest.sh" - --APP="${APPDIR}/kcapi-dgst" --find_platform $APP -+find_platform kcapi-dgst - TSTPREFIX="${TMPDIR}/kcapi-dgst-testfiles." - KEYFILE_128="${TSTPREFIX}128key" - KEYFILE_256="${TSTPREFIX}256key" -@@ -91,7 +91,7 @@ test_stdin_stdout() - exit 1 - fi - -- $APP -c "sha256" --hex < $ORIGPT > $GENDGST -+ run_app kcapi-dgst -c "sha256" --hex < $ORIGPT > $GENDGST - echo >> $GENDGST - openssl dgst -sha256 $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl - diff_file $GENDGST $GENDGST.openssl "STDIN / STDOUT test (hash)" -@@ -100,13 +100,13 @@ test_stdin_stdout() - keysize=$((keysize*8)) - eval opensslkey=\$OPENSSLKEY${keysize} - -- exec 10<$keyfile; $APP --keyfd 10 -c "hmac(sha256)" --hex < $ORIGPT > $GENDGST -+ exec 10<$keyfile; run_app kcapi-dgst --keyfd 10 -c "hmac(sha256)" --hex < $ORIGPT > $GENDGST - echo >> $GENDGST - openssl dgst -sha256 -hmac $opensslkey $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl - diff_file $GENDGST $GENDGST.openssl "STDIN / STDOUT test (keyed MD $keysize bits)" - -- $APP -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" < $ORIGPT > $GENDGST -- $APP -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" < $ORIGPT > $GENDGST.2 -+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" < $ORIGPT > $GENDGST -+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" < $ORIGPT > $GENDGST.2 - - diff_file $GENDGST $GENDGST.2 "STDIN / STDOUT test (password)" - } -@@ -121,7 +121,7 @@ test_stdin_fileout() - exit 1 - fi - -- $APP -c "sha256" --hex -o $GENDGST < $ORIGPT -+ run_app kcapi-dgst -c "sha256" --hex -o $GENDGST < $ORIGPT - echo >> $GENDGST - openssl dgst -sha256 $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl - diff_file $GENDGST $GENDGST.openssl "STDIN / FILEOUT test (hash)" -@@ -130,13 +130,13 @@ test_stdin_fileout() - keysize=$((keysize*8)) - eval opensslkey=\$OPENSSLKEY${keysize} - -- exec 10<$keyfile; $APP --keyfd 10 -c "hmac(sha256)" --hex -o $GENDGST < $ORIGPT -+ exec 10<$keyfile; run_app kcapi-dgst --keyfd 10 -c "hmac(sha256)" --hex -o $GENDGST < $ORIGPT - echo >> $GENDGST - openssl dgst -sha256 -hmac $opensslkey $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl - diff_file $GENDGST $GENDGST.openssl "STDIN / FILEOUT test (keyed MD $keysize bits)" - -- $APP -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -o $GENDGST < $ORIGPT -- $APP -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -o $GENDGST.2 < $ORIGPT -+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -o $GENDGST < $ORIGPT -+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -o $GENDGST.2 < $ORIGPT - - diff_file $GENDGST $GENDGST.2 "STDIN / FILEOUT test (password)" - } -@@ -151,7 +151,7 @@ test_filein_stdout() - exit 1 - fi - -- $APP -c "sha256" --hex -i $ORIGPT > $GENDGST -+ run_app kcapi-dgst -c "sha256" --hex -i $ORIGPT > $GENDGST - echo >> $GENDGST - openssl dgst -sha256 $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl - diff_file $GENDGST $GENDGST.openssl "FILEIN / STDOUT test (hash)" -@@ -160,13 +160,13 @@ test_filein_stdout() - keysize=$((keysize*8)) - eval opensslkey=\$OPENSSLKEY${keysize} - -- exec 10<$keyfile; $APP --keyfd 10 -c "hmac(sha256)" --hex -i $ORIGPT > $GENDGST -+ exec 10<$keyfile; run_app kcapi-dgst --keyfd 10 -c "hmac(sha256)" --hex -i $ORIGPT > $GENDGST - echo >> $GENDGST - openssl dgst -sha256 -hmac $opensslkey $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl - diff_file $GENDGST $GENDGST.openssl "FILEIN / STDOUT test (keyed MD $keysize bits)" - -- $APP -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT > $GENDGST -- $APP -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT > $GENDGST.2 -+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT > $GENDGST -+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT > $GENDGST.2 - - diff_file $GENDGST $GENDGST.2 "FILEIN / STDOUT test (password)" - } -@@ -183,7 +183,7 @@ test_filein_fileout() - exit 1 - fi - -- $APP -c "sha256" --hex -i $ORIGPT -o $GENDGST -+ run_app kcapi-dgst -c "sha256" --hex -i $ORIGPT -o $GENDGST - echo >> $GENDGST - openssl dgst -sha256 $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl - diff_file $GENDGST $GENDGST.openssl "FILEIN / FILEOUT test (hash)" -@@ -192,13 +192,13 @@ test_filein_fileout() - keysize=$((keysize*8)) - eval opensslkey=\$OPENSSLKEY${keysize} - -- exec 10<$keyfile; $APP --keyfd 10 -c "hmac(sha256)" --hex -i $ORIGPT -o $GENDGST -+ exec 10<$keyfile; run_app kcapi-dgst --keyfd 10 -c "hmac(sha256)" --hex -i $ORIGPT -o $GENDGST - echo >> $GENDGST - openssl dgst -sha256 -hmac $opensslkey $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl - diff_file $GENDGST $GENDGST.openssl "FILEIN / FILEOUT test (keyed MD $keysize bits)" - -- $APP -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT -o $GENDGST -- $APP -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT -o $GENDGST.2 -+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT -o $GENDGST -+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT -o $GENDGST.2 - - diff_file $GENDGST $GENDGST.2 "FILEIN / FILEOUT test (password)" - } -diff --git a/test/kcapi-enc-test-large.sh b/test/kcapi-enc-test-large.sh -index 7d45ef3..4dd5a0a 100755 ---- a/test/kcapi-enc-test-large.sh -+++ b/test/kcapi-enc-test-large.sh -@@ -18,17 +18,18 @@ - # DAMAGE. - # - --. libtest.sh -+DIRNAME="$(dirname "$0")" -+. "$DIRNAME/libtest.sh" - - if ! $(check_min_kernelver 4 14); then - echo_deact "Large encryption operation" - exit 0 - fi - --APP="${APPDIR}/kcapi-enc-test-large" --find_platform $APP -+APP="$KCAPI_TEST_BIN_DIR/kcapi-enc-test-large" -+find_platform "$APP" - --$APP -+"$APP" - if [ $? -eq 0 ] - then - echo_pass "Large encryption operation" -diff --git a/test/kcapi-enc-test.sh b/test/kcapi-enc-test.sh -index c7c5ebb..a5db04c 100755 ---- a/test/kcapi-enc-test.sh -+++ b/test/kcapi-enc-test.sh -@@ -18,10 +18,10 @@ - # DAMAGE. - # - --. libtest.sh -+DIRNAME="$(dirname "$0")" -+. "$DIRNAME/libtest.sh" - --APP="${APPDIR}/kcapi-enc" --find_platform $APP -+find_platform kcapi-enc - TSTPREFIX="${TMPDIR}/kcapi-enc-testfiles." - KEYFILE_AES128="${TSTPREFIX}aes128key" - KEYFILE_AES256="${TSTPREFIX}aes256key" -@@ -151,8 +151,8 @@ test_stdin_stdout() - local keysize=$(stat -c %s $keyfile) - keysize=$((keysize*8)) - -- exec 10<$keyfile; $APP --keyfd 10 -e -c "ctr(aes)" --iv $IV < $ORIGPT > $GENCT -- exec 10<$keyfile; $APP --keyfd 10 -d -c "ctr(aes)" --iv $IV < $GENCT > $GENPT -+ exec 10<$keyfile; run_app kcapi-enc --keyfd 10 -e -c "ctr(aes)" --iv $IV < $ORIGPT > $GENCT -+ exec 10<$keyfile; run_app kcapi-enc --keyfd 10 -d -c "ctr(aes)" --iv $IV < $GENCT > $GENPT - - diff_file $ORIGPT $GENPT "STDIN / STDOUT enc test ($keysize bits)" - -@@ -163,8 +163,8 @@ test_stdin_stdout() - diff_file $GENCT $GENCT.openssl "STDIN / STDOUT enc test ($keysize bits) (openssl generated CT)" - diff_file $GENPT $GENPT.openssl "STDIN / STDOUT enc test ($keysize bits) (openssl generated PT)" - -- $APP -q --pbkdfiter 1000 -p "passwd" -s $IV -e -c "ctr(aes)" --iv $IV < $ORIGPT > $GENCT -- $APP -q --pbkdfiter 1000 -p "passwd" -s $IV -d -c "ctr(aes)" --iv $IV < $GENCT > $GENPT -+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -e -c "ctr(aes)" --iv $IV < $ORIGPT > $GENCT -+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -d -c "ctr(aes)" --iv $IV < $GENCT > $GENPT - - diff_file $ORIGPT $GENPT "STDIN / STDOUT enc test (password)" - } -@@ -183,8 +183,8 @@ test_stdin_fileout() - local keysize=$(stat -c %s $keyfile) - keysize=$((keysize*8)) - -- exec 10<$keyfile; $APP --keyfd 10 -e -c "ctr(aes)" --iv $IV -o $GENCT < $ORIGPT -- exec 10<$keyfile; $APP --keyfd 10 -d -c "ctr(aes)" --iv $IV -o $GENPT < $GENCT -+ exec 10<$keyfile; run_app kcapi-enc --keyfd 10 -e -c "ctr(aes)" --iv $IV -o $GENCT < $ORIGPT -+ exec 10<$keyfile; run_app kcapi-enc --keyfd 10 -d -c "ctr(aes)" --iv $IV -o $GENPT < $GENCT - - diff_file $ORIGPT $GENPT "STDIN / FILEOUT test ($keysize bits)" - -@@ -195,8 +195,8 @@ test_stdin_fileout() - diff_file $GENCT $GENCT.openssl "STDIN / FILEOUT enc test ($keysize bits) (openssl generated CT)" - diff_file $GENPT $GENPT.openssl "STDIN / FILEOUT enc test ($keysize bits) (openssl generated PT)" - -- $APP -q --pbkdfiter 1000 -p "passwd" -s $IV -e -c "ctr(aes)" --iv $IV -o $GENCT < $ORIGPT -- $APP -q --pbkdfiter 1000 -p "passwd" -s $IV -d -c "ctr(aes)" --iv $IV -o $GENPT < $GENCT -+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -e -c "ctr(aes)" --iv $IV -o $GENCT < $ORIGPT -+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -d -c "ctr(aes)" --iv $IV -o $GENPT < $GENCT - - diff_file $ORIGPT $GENPT "STDIN / FILEOUT enc test (password)" - } -@@ -215,8 +215,8 @@ test_filein_stdout() - local keysize=$(stat -c %s $keyfile) - keysize=$((keysize*8)) - -- exec 10<$keyfile; $APP --keyfd 10 -e -c "ctr(aes)" --iv $IV -i $ORIGPT > $GENCT -- exec 10<$keyfile; $APP --keyfd 10 -d -c "ctr(aes)" --iv $IV -i $GENCT > $GENPT -+ exec 10<$keyfile; run_app kcapi-enc --keyfd 10 -e -c "ctr(aes)" --iv $IV -i $ORIGPT > $GENCT -+ exec 10<$keyfile; run_app kcapi-enc --keyfd 10 -d -c "ctr(aes)" --iv $IV -i $GENCT > $GENPT - - diff_file $ORIGPT $GENPT "FILEIN / STDOUT enc test ($keysize bits)" - -@@ -227,8 +227,8 @@ test_filein_stdout() - diff_file $GENCT $GENCT.openssl "FILEIN / STDOUT enc test ($keysize bits) (openssl generated CT)" - diff_file $GENPT $GENPT.openssl "FILEIN / STDOUT enc test ($keysize bits) (openssl generated PT)" - -- $APP -q --pbkdfiter 1000 -p "passwd" -s $IV -e -c "ctr(aes)" --iv $IV -i $ORIGPT > $GENCT -- $APP -q --pbkdfiter 1000 -p "passwd" -s $IV -d -c "ctr(aes)" --iv $IV -i $GENCT > $GENPT -+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -e -c "ctr(aes)" --iv $IV -i $ORIGPT > $GENCT -+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -d -c "ctr(aes)" --iv $IV -i $GENCT > $GENPT - - diff_file $ORIGPT $GENPT "FILEIN / STDOUT enc test (password)" - } -@@ -248,8 +248,8 @@ test_filein_fileout() - keysize=$((keysize*8)) - - -- exec 10<$keyfile; $APP --keyfd 10 -e -c "cbc(aes)" --iv $IV -i $ORIGPT -o $GENCT -- exec 10<$keyfile; $APP --keyfd 10 -d -c "cbc(aes)" --iv $IV -i $GENCT -o $GENPT -+ exec 10<$keyfile; run_app kcapi-enc --keyfd 10 -e -c "cbc(aes)" --iv $IV -i $ORIGPT -o $GENCT -+ exec 10<$keyfile; run_app kcapi-enc --keyfd 10 -d -c "cbc(aes)" --iv $IV -i $GENCT -o $GENPT - - diff_file $ORIGPT $GENPT "FILEIN / FILEOUT enc test ($keysize bits)" - -@@ -269,8 +269,8 @@ test_filein_fileout() - diff_file $GENCT $GENCT.openssl "FILEIN / FILEOUT enc test ($keysize bits) (openssl generated CT)" - diff_file $GENPT $GENPT.openssl "FILEIN / FILEOUT enc test ($keysize bits) (openssl generated PT)" - -- $APP -q --pbkdfiter 1000 -p "passwd" -s "123" -e -c "cbc(aes)" --iv $IV -i $ORIGPT -o $GENCT -- $APP -q --pbkdfiter 1000 -p "passwd" -s "123" -d -c "cbc(aes)" --iv $IV -i $GENCT -o $GENPT -+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s "123" -e -c "cbc(aes)" --iv $IV -i $ORIGPT -o $GENCT -+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s "123" -d -c "cbc(aes)" --iv $IV -i $GENCT -o $GENPT - - diff_file $ORIGPT $GENPT "FILEIN / FILEOUT enc test (password)" - } -@@ -281,7 +281,7 @@ test_ccm_dec() - - aadlen=$(($aadlen/2)) - -- exec 10<${TSTPREFIX}ccm_key; $APP --keyfd 10 -d -c "ccm(aes)" -i ${TSTPREFIX}ccm_msg -o ${TSTPREFIX}ccm_out --ccm-nonce $CCM_NONCE --aad $CCM_AAD --tag $CCM_TAG -+ exec 10<${TSTPREFIX}ccm_key; run_app kcapi-enc --keyfd 10 -d -c "ccm(aes)" -i ${TSTPREFIX}ccm_msg -o ${TSTPREFIX}ccm_out --ccm-nonce $CCM_NONCE --aad $CCM_AAD --tag $CCM_TAG - local hexret=$(bin2hex_noaad ${TSTPREFIX}ccm_out $aadlen) - - if [ x"$hexret" != x"$CCM_EXP" ] -@@ -291,7 +291,7 @@ test_ccm_dec() - echo_pass_local "FILEIN / FILEOUT CCM decrypt" - fi - -- exec 10<${TSTPREFIX}ccm_key; $APP --keyfd 10 -d -c "ccm(aes)" -i ${TSTPREFIX}ccm_msg -o ${TSTPREFIX}ccm_out --ccm-nonce $CCM_NONCE --aad $CCM_AAD --tag $CCM_TAG_FAIL -q -+ exec 10<${TSTPREFIX}ccm_key; run_app kcapi-enc --keyfd 10 -d -c "ccm(aes)" -i ${TSTPREFIX}ccm_msg -o ${TSTPREFIX}ccm_out --ccm-nonce $CCM_NONCE --aad $CCM_AAD --tag $CCM_TAG_FAIL -q - - # 182 == -EBADMSG - if [ $? -eq 182 ] -@@ -308,7 +308,7 @@ test_gcm_enc() - - aadlen=$(($aadlen/2)) - -- exec 10<${TSTPREFIX}gcm_key; $APP --keyfd 10 -e -c "gcm(aes)" -i ${TSTPREFIX}gcm_msg -o ${TSTPREFIX}gcm_out --iv $GCM_IV --aad $GCM_AAD --taglen $GCM_TAGLEN -+ exec 10<${TSTPREFIX}gcm_key; run_app kcapi-enc --keyfd 10 -e -c "gcm(aes)" -i ${TSTPREFIX}gcm_msg -o ${TSTPREFIX}gcm_out --iv $GCM_IV --aad $GCM_AAD --taglen $GCM_TAGLEN - local hexret=$(bin2hex_noaad ${TSTPREFIX}gcm_out $aadlen) - - if [ x"$hexret" != x"$GCM_EXP" ] -diff --git a/test/kcapi-fuzz-test.sh b/test/kcapi-fuzz-test.sh -index 2d7b8bd..9eacec9 100755 ---- a/test/kcapi-fuzz-test.sh -+++ b/test/kcapi-fuzz-test.sh -@@ -18,9 +18,10 @@ - # DAMAGE. - # - --. libtest.sh -+DIRNAME="$(dirname "$0")" -+. "$DIRNAME/libtest.sh" - --KCAPI="${APPDIR}/kcapi" -+KCAPI="$KCAPI_TEST_BIN_DIR/kcapi" - find_platform $KCAPI - - ROUNDS=100 -diff --git a/test/libtest.sh b/test/libtest.sh -index 2a90d91..4a90a00 100644 ---- a/test/libtest.sh -+++ b/test/libtest.sh -@@ -23,12 +23,45 @@ - ##################################################################### - # Common functions - ##################################################################### --# color -- emit ansi color codes -+ -+DIRNAME="$(dirname "$0")" -+ -+# Allow overriding default value: -+if [ -e "$DIRNAME/test-is-local" ]; then -+ KCAPI_TEST_LOCAL=${KCAPI_TEST_LOCAL:-1} -+else -+ KCAPI_TEST_LOCAL=${KCAPI_TEST_LOCAL:-0} -+fi -+ -+if [ "$KCAPI_TEST_LOCAL" -eq 1 ]; then -+ run_app() -+ { -+ local appname="$1"; shift -+ -+ "$DIRNAME/../bin/$appname" "$@" -+ } -+ find_app_binary() -+ { -+ echo -n "$(dirname "$1")/.libs/$(basename "$1")" -+ } -+ KCAPI_TEST_BIN_DIR="$DIRNAME/../bin" -+else -+ run_app() -+ { -+ "$@" -+ } -+ find_app_binary() -+ { -+ echo -n "$1" -+ } -+ KCAPI_TEST_BIN_DIR="$DIRNAME" -+fi - - failures=0 - PLATFORM="unknown wordsize" - KERNVER=$(uname -r) - -+# color -- emit ansi color codes - color() - { - bg=0 -@@ -70,30 +103,15 @@ echo_deact() - echo $(color "yellow")[DEACTIVATED: $PLATFORM - $KERNVER]$(color off) $@ - } - --get_binlocation() --{ -- local app=$1 -- local binlocation="$(dirname $app)/.libs/$(basename $app)" -- echo $binlocation --} -- - find_platform() - { - local app=$1 -- -- if [ ! -x "$app" ] -- then -- echo_fail "Application binary $app not found" -- exit 1 -- fi -- -- local binlocation=$(get_binlocation $app) -- if [ -x "$binlocation" ] -+ local binlocation="$(find_app_binary $app)" -+ if ! [ -x "$binlocation" ] - then -- PLATFORM=$(file $binlocation | cut -d" " -f 3) -- else -- PLATFORM=$(file $app | cut -d" " -f 3) -+ binlocation="$app" - fi -+ PLATFORM=$(file "$binlocation" | cut -d" " -f 3) - } - - # check whether a given kernel version is present -@@ -113,21 +131,10 @@ check_min_kernelver() { - ##################################################################### - # Common variables - ##################################################################### --# Location of apps --APPDIR="../bin" --if [ ! -d $APPDIR ] --then -- APPDIR="../bin" --fi --if [ ! -d $APPDIR ] --then -- echo_fail "No appdir found" -- exit 1 --fi - - # Storage location of temp files - TMPDIR="/var/tmp" - if [ ! -d $TMPDIR ] - then -- TMPD="." -+ TMPDIR="." - fi -diff --git a/test/test-invocation.sh b/test/test-invocation.sh -index 7106c3c..73c1f67 100755 ---- a/test/test-invocation.sh -+++ b/test/test-invocation.sh -@@ -18,49 +18,49 @@ - # DAMAGE. - # - --DIR=$(dirname $0) --cd $DIR -+DIRNAME="$(dirname "$0")" -+. "$DIRNAME/libtest.sh" - - COMPILE_OPTS="--enable-kcapi-test --enable-kcapi-encapp --enable-kcapi-hasher --enable-kcapi-dgstapp --enable-kcapi-rngapp --enable-lib-kpp --enable-lib-asym" - - exec_test() - { -- ${DIR}/test.sh -+ "$DIRNAME/test.sh" - ret=$? - if [ $ret -ne 0 ] - then - exit $ret - fi - -- ${DIR}/kcapi-enc-test.sh -+ "$DIRNAME/kcapi-enc-test.sh" - ret=$? - if [ $ret -ne 0 ] - then - exit $ret - fi - -- ${DIR}/kcapi-dgst-test.sh -+ "$DIRNAME/kcapi-dgst-test.sh" - ret=$? - if [ $ret -ne 0 ] - then - exit $ret - fi - -- ${DIR}/hasher-test.sh -+ "$DIRNAME/hasher-test.sh" - ret=$? - if [ $ret -ne 0 ] - then - exit $ret - fi - -- ${DIR}/kcapi-enc-test-large.sh -+ "$DIRNAME/kcapi-enc-test-large.sh" - ret=$? - if [ $ret -ne 0 ] - then - exit $ret - fi - -- ${DIR}/kcapi-convenience.sh -+ "$DIRNAME/kcapi-convenience.sh" - ret=$? - if [ $ret -ne 0 ] - then -@@ -70,7 +70,7 @@ exec_test() - # Run optionally. - if [ ! -z "$ENABLE_FUZZ_TEST" ] - then -- ${DIR}/kcapi-fuzz-test.sh -+ "$DIRNAME/kcapi-fuzz-test.sh" - ret=$? - if [ $ret -ne 0 ] - then -@@ -81,7 +81,7 @@ exec_test() - # Only execute on bare metal - if ! dmesg | grep -i Hypervisor | grep -q -i detected - then -- ${DIR}/virttest.sh -+ "$DIRNAME/virttest.sh" - ret=$? - if [ $ret -ne 0 ] - then -@@ -91,51 +91,46 @@ exec_test() - } - - # Only execute tests without compilation on virtual environment --if mount | grep -q "9p2000" -+if [ "$KCAPI_TEST_LOCAL" -ne 1 ] || mount | grep -q "9p2000" - then - exec_test - exit 0 - fi - - # default invocation --CWD=$(pwd) --cd .. --./configure $COMPILE_OPTS --make -+(cd "$DIRNAME/.." && ./configure $COMPILE_OPTS && make) - if [ $? -ne 0 ] - then - echo "Compilation failure" - exit 1 - fi --cd $CWD - exec_test - --${DIR}/compile-test.sh -+"$DIRNAME/compile-test.sh" - ret=$? - if [ $ret -ne 0 ] - then - exit $ret - fi - --cd .. -- --make distclean > /dev/null 2>&1 -+(cd "$DIRNAME/.." && make distclean > /dev/null 2>&1) - - # if we are on 64 bit system, test 32 bit alternative mode, - # except is has been disabled explicitly. - if $(uname -m | grep -q "x86_64") && [ -z "$NO_32BIT_TEST" ] - then -- LDFLAGS=-m32 CFLAGS=-m32 ./configure $COMPILE_OPTS -- make -+ ( -+ cd "$DIRNAME/.." && \ -+ LDFLAGS=-m32 CFLAGS=-m32 ./configure $COMPILE_OPTS && \ -+ make -+ ) - if [ $? -ne 0 ] - then - echo "32 bit compilation failure" - exit 1 - fi -- cd $CWD - exec_test -- cd .. -- make distclean > /dev/null 2>&1 -+ (cd "$DIRNAME/.." && make distclean > /dev/null 2>&1) - fi - - exit 0 -diff --git a/test/test-is-local b/test/test-is-local -new file mode 100644 -index 0000000..e69de29 -diff --git a/test/test.sh b/test/test.sh -index 6523a4a..d39b146 100755 ---- a/test/test.sh -+++ b/test/test.sh -@@ -18,9 +18,10 @@ - # DAMAGE. - # - --. ./libtest.sh -+DIRNAME="$(dirname "$0")" -+. "$DIRNAME/libtest.sh" - --KCAPI="${APPDIR}/kcapi" -+KCAPI="$KCAPI_TEST_BIN_DIR/kcapi" - find_platform $KCAPI - - HASH_name_1="cmac(des3_ede)" -diff --git a/test/virttest.sh b/test/virttest.sh -index c4a5c01..64c5d22 100755 ---- a/test/virttest.sh -+++ b/test/virttest.sh -@@ -18,7 +18,8 @@ - # DAMAGE. - # - --. libtest.sh -+DIRNAME="$(dirname "$0")" -+. "$DIRNAME/libtest.sh" - - ################################################################### - # Test configuration - may be changed -@@ -48,8 +49,8 @@ TESTKERNELS="linux-4.17 linux-4.13 linux-4.12 linux-4.10 linux-4.7 linux-4.5 lin - ################################################################### - # General variables - do not change - ################################################################### --SCRIPT="$(pwd)/test-invocation.sh" --EUDYPTULA="${HOME}/bin/eudyptula-boot" -+SCRIPT="$DIRNAME/test-invocation.sh" -+EUDYPTULA="${EUDYPTULA:-"${HOME}/bin/eudyptula-boot"}" - - ################################################################### - # Code - do not change - -From c7707ad1ddcbaa6f6722862cb4de9d3a3ea133b5 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Tue, 7 Aug 2018 18:43:08 +0200 -Subject: [PATCH 3/6] test: Fix platform detection - ---- - test/libtest.sh | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/test/libtest.sh b/test/libtest.sh -index 4a90a00..67be2d1 100644 ---- a/test/libtest.sh -+++ b/test/libtest.sh -@@ -34,11 +34,15 @@ else - fi - - if [ "$KCAPI_TEST_LOCAL" -eq 1 ]; then -+ get_app_path() -+ { -+ echo -n "$DIRNAME/../bin/$1" -+ } - run_app() - { - local appname="$1"; shift - -- "$DIRNAME/../bin/$appname" "$@" -+ "$(get_app_path "$appname")" "$@" - } - find_app_binary() - { -@@ -46,6 +50,10 @@ if [ "$KCAPI_TEST_LOCAL" -eq 1 ]; then - } - KCAPI_TEST_BIN_DIR="$DIRNAME/../bin" - else -+ get_app_path() -+ { -+ command -v "$1" -+ } - run_app() - { - "$@" -@@ -105,7 +113,7 @@ echo_deact() - - find_platform() - { -- local app=$1 -+ local app="$(get_app_path "$1")" - local binlocation="$(find_app_binary $app)" - if ! [ -x "$binlocation" ] - then - -From 291d62a006945a365645889aabf55549215c1304 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Thu, 9 Aug 2018 10:24:32 +0200 -Subject: [PATCH 4/6] Makefile.am: Add missing test script - ---- - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile.am b/Makefile.am -index c922f4e..635ccfd 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -117,6 +117,7 @@ pkglibexec_SCRIPTS = test/libtest.sh \ - test/kcapi-enc-test-large.sh \ - test/kcapi-dgst-test.sh \ - test/kcapi-convenience.sh \ -+ test/kcapi-fuzz-test.sh \ - test/hasher-test.sh \ - test/compile-test.sh \ - test/virttest.sh \ - -From f782b1070093f8a08fcee3eaf36808ddfe2cca6a Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Thu, 9 Aug 2018 14:35:09 +0200 -Subject: [PATCH 5/6] test: Do not fail non-local test if hasher binary is - missing - -The test suite should be able to work even if hashers are not installed. ---- - test/hasher-test.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/test/hasher-test.sh b/test/hasher-test.sh -index c9bc03b..df4397a 100755 ---- a/test/hasher-test.sh -+++ b/test/hasher-test.sh -@@ -42,8 +42,8 @@ else - binary="$(find_app_binary $hasher)" - if [ ! -x "$(command -v "$binary")" ] - then -- echo "Hasher binary $hasher missing" -- exit 1 -+ echo_deact "Hasher binary $hasher missing, tests deactivated" -+ exit 0 - fi - done - fi - -From 9c741664c2fde9cdddcadb8d92701536ddf872f4 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Thu, 9 Aug 2018 14:50:36 +0200 -Subject: [PATCH 6/6] test: Add test for hasher FIPS self-check - -This test will be run only in non-local mode. ---- - test/hasher-test.sh | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/test/hasher-test.sh b/test/hasher-test.sh -index df4397a..0a33657 100755 ---- a/test/hasher-test.sh -+++ b/test/hasher-test.sh -@@ -285,6 +285,20 @@ do - rm -f $CHKFILE - done - -+# -+# Test FIPS self-check: -+# -+[ "$KCAPI_TEST_LOCAL" -ne 1 ] && for hasher in $SUMHASHER $HMACHASHER -+do -+ KCAPI_HASHER_FORCE_FIPS=1 run_hasher $hasher $0 >/dev/null -+ if [ $? -ne 0 ] -+ then -+ echo_fail "FIPS self-check of hasher $hasher failed" -+ else -+ echo_pass "FIPS self-check of hasher $hasher" -+ fi -+done -+ - # - # hmaccalc known-answer tests from RFC 2202 and 4231 - # diff --git a/libkcapi-1.1.1-test_Be_sure_to_terminate_strncpy_copied_string.patch b/libkcapi-1.1.1-test_Be_sure_to_terminate_strncpy_copied_string.patch deleted file mode 100644 index 7e1b8e4..0000000 --- a/libkcapi-1.1.1-test_Be_sure_to_terminate_strncpy_copied_string.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a10e5ff7f8f69e1ed5cd4151f3e71f4783c40c68 Mon Sep 17 00:00:00 2001 -From: Krzysztof Kozlowski -Date: Thu, 12 Jul 2018 18:13:32 +0200 -Subject: [PATCH] test: Be sure to terminate strncpy() copied string - (-Wstringop-truncation) - -strncpy() might not NULL-terminate the buffer. This fixes GCC v8.1.0 warning: - - test/kcapi-main.c: In function 'main': - test/kcapi-main.c:3123:5: error: 'strncpy' specified bound 63 equals destination size [-Werror=stringop-truncation] - strncpy(cavs_test.cipher, optarg, - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - CIPHERMAXNAME); - ~~~~~~~~~~~~~~ - -Signed-off-by: Krzysztof Kozlowski -Signed-off-by: Stephan Mueller ---- - test/kcapi-main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/kcapi-main.c b/test/kcapi-main.c -index 8352499..c167b7f 100644 ---- a/test/kcapi-main.c -+++ b/test/kcapi-main.c -@@ -3121,7 +3121,7 @@ int main(int argc, char *argv[]) - break; - case 'c': - strncpy(cavs_test.cipher, optarg, -- CIPHERMAXNAME); -+ CIPHERMAXNAME - 1); - break; - case 'p': - len = strlen(optarg); diff --git a/libkcapi-1.1.1-test_Fix_AEAD_fuzz_test_for_big-endian_archs.patch b/libkcapi-1.1.1-test_Fix_AEAD_fuzz_test_for_big-endian_archs.patch deleted file mode 100644 index a04fd33..0000000 --- a/libkcapi-1.1.1-test_Fix_AEAD_fuzz_test_for_big-endian_archs.patch +++ /dev/null @@ -1,42 +0,0 @@ -From def2282fd28390f4a8afd0f43be6c3b3b1586f41 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Fri, 27 Jul 2018 10:53:00 +0200 -Subject: [PATCH] test: Fix AEAD fuzz test for big-endian archs - -The stupid authenc() key format contains fields that need to be in the -machine's endianity. Right now, they are hard-coded in the LE format. -This patch makes them always be in the right format. ---- - test/kcapi-main.c | 19 +++++++++++-------- - 1 file changed, 11 insertions(+), 8 deletions(-) - -diff --git a/test/kcapi-main.c b/test/kcapi-main.c -index e24956c..d62c91a 100644 ---- a/test/kcapi-main.c -+++ b/test/kcapi-main.c -@@ -451,14 +451,17 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags, - - if (kcapi_aead_setkey(handle, key, 16)) { - if (!strncmp(cavs_test->cipher, "authenc", 7)) { -- uint8_t *k = (uint8_t *) -- "\x08\x00\x01\x00\x00\x00\x00\x10" -- "\x00\x00\x00\x00\x00\x00\x00\x00" -- "\x00\x00\x00\x00\x00\x00\x00\x00" -- "\x00\x00\x00\x00\x06\xa9\x21\x40" -- "\x36\xb8\xa1\x5b\x51\x2e\x03\xd5" -- "\x34\x12\x00\x06"; -- if (kcapi_aead_setkey(handle, k, 44)) { -+ uint8_t k[44]; -+ memcpy(k, "\x00\x00\x00\x00\x00\x00\x00\x10" -+ "\x00\x00\x00\x00\x00\x00\x00\x00" -+ "\x00\x00\x00\x00\x00\x00\x00\x00" -+ "\x00\x00\x00\x00\x06\xa9\x21\x40" -+ "\x36\xb8\xa1\x5b\x51\x2e\x03\xd5" -+ "\x34\x12\x00\x06", sizeof(k)); -+ /* These need to be in machine's endianity: */ -+ *(uint16_t *)(k + 0) = 8; -+ *(uint16_t *)(k + 2) = 1; -+ if (kcapi_aead_setkey(handle, k, sizeof(k))) { - printf("AEAD setkey failed\n"); - goto out; - } diff --git a/libkcapi.spec b/libkcapi.spec index d9988f7..8dc8831 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -1,7 +1,7 @@ # Shared object version of libkcapi. %global vmajor 1 %global vminor 1 -%global vpatch 1 +%global vpatch 3 # Do we build the replacements packages? %bcond_with replace_coreutils @@ -97,7 +97,7 @@ bin/kcapi-hasher -n fipshmac -d "$lib_path"/fipscheck \\\ Name: libkcapi Version: %{vmajor}.%{vminor}.%{vpatch} -Release: 16%{?dist} +Release: 1%{?dist} Summary: User space interface to the Linux Kernel Crypto API License: BSD or GPLv2 @@ -105,17 +105,6 @@ URL: http://www.chronox.de/%{name}.html Source0: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc -Patch0: %{giturl}/pull/60.patch#/%{name}-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch -Patch1: %{giturl}/pull/61.patch#/%{name}-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch -Patch2: %{giturl}/pull/64.patch#/%{name}-1.1.1-kcapi-hasher_Add_missing_-d_option_to_fipshmac.patch -Patch3: %{giturl}/commit/3e388ac4eba63b466bf6b14b2088ea44c8a2bfe4.patch#/%{name}-1.1.1-Fix_possible_buffer_overflow_with_strncpy.patch -Patch4: %{giturl}/commit/a10e5ff7f8f69e1ed5cd4151f3e71f4783c40c68.patch#/%{name}-1.1.1-test_Be_sure_to_terminate_strncpy_copied_string.patch -Patch5: %{giturl}/compare/decf850ab9bb...ec9c36216623.patch#/%{name}-1.1.1-Fix_various_issues_reported_by_Coverity.patch -Patch6: %{giturl}/compare/4a1a30f75e70...c9ed6b2c0702.patch#/%{name}-1.1.1-Coverity_PR_follow-up.patch -Patch7: %{giturl}/pull/68.patch#/%{name}-1.1.1-test_Fix_AEAD_fuzz_test_for_big-endian_archs.patch -Patch8: %{giturl}/pull/70.patch#/%{name}-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch -Patch9: %{giturl}/pull/71.patch#/%{name}-1.1.1-test_Allow_running_tests_outside_of_build_environment.patch - BuildRequires: clang BuildRequires: coreutils BuildRequires: cppcheck @@ -310,6 +299,7 @@ EOF --enable-kcapi-test \ --enable-shared \ --enable-static \ + --enable-sum-prefix= \ --enable-sum-dir=/%{_lib} \ --with-pkgconfigdir=%{_libdir}/pkgconfig %make_build all doc @@ -455,6 +445,9 @@ popd %changelog +* Thu Aug 23 2018 Ondrej Mosnáček - 1.1.3-1 +- Update to upstream version 1.1.3 + * Thu Aug 09 2018 Ondrej Mosnáček - 1.1.1-16 - Add missing dependencies to the tests package - Update patch from upstream diff --git a/sources b/sources index a7ceacf..3013ca8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (libkcapi-1.1.1.tar.xz) = 245740660a78e8581dfc3d5272f6a27396ef6ec987b25ee86b517979bf3d8bba2dd9c8a35ab8ddb6e370d7f5a346f0940fcc59f815adb9c44530ff2d7dfe0b4e -SHA512 (libkcapi-1.1.1.tar.xz.asc) = 4aaa34b60ef13ae4fae4e29e5f8e0d71f3ba9d63141508787e52fb96974b0b477d3433109470fc3cca46b67434cca667135a3d4682f4b161b28cf2f37091b6a1 +SHA512 (libkcapi-1.1.3.tar.xz) = 7d7967661045bf5ea6c332a35c609ddb73d483607ea6599127316c87b5393f0e4165cf5c7bface76c87545b4297ffa26926f4a228f8694b85d7cac30ecc2abf0 +SHA512 (libkcapi-1.1.3.tar.xz.asc) = f73067c94cc7f073f2399896116421a6c80412eedc7177ef308792ce7f69b6df42b03695df85b1fabe4204fb5eeed2cc3535625a82c3871b8330d85888dae96f