import libkcapi-1.1.1-16_1.el8
This commit is contained in:
commit
155fd10dc9
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
SOURCES/libkcapi-1.1.1.tar.xz
|
1
.libkcapi.metadata
Normal file
1
.libkcapi.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
688085e96a576a7de0c8f6b58a93dc7364e6318a SOURCES/libkcapi-1.1.1.tar.xz
|
2060
SOURCES/9001-split-up-huge-string.patch
Normal file
2060
SOURCES/9001-split-up-huge-string.patch
Normal file
File diff suppressed because one or more lines are too long
272
SOURCES/libkcapi-1.1.1-Coverity_PR_follow-up.patch
Normal file
272
SOURCES/libkcapi-1.1.1-Coverity_PR_follow-up.patch
Normal file
@ -0,0 +1,272 @@
|
|||||||
|
From f24f3435be39cab2aa54a49d31968a023ab6d1d5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Thu, 26 Jul 2018 14:09:27 +0200
|
||||||
|
Subject: [PATCH 1/3] kcapi-kdf: Clear the whole out buffer on error
|
||||||
|
|
||||||
|
The KDF functions were decrementing the output length variable in the
|
||||||
|
loop, but on error they would clear the output buffer based on this
|
||||||
|
decremented value. This patch backs up the original length and uses it
|
||||||
|
when clearing the output buffer.
|
||||||
|
|
||||||
|
The kcapi_pbkdf() function also used an incremented output buffer
|
||||||
|
pointer. This one is now also backed-up and the original value is used
|
||||||
|
when clearing the output.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
lib/kcapi-kdf.c | 16 +++++++++++-----
|
||||||
|
1 file changed, 11 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
|
||||||
|
index 78a7e0d..6eccbe1 100644
|
||||||
|
--- a/lib/kcapi-kdf.c
|
||||||
|
+++ b/lib/kcapi-kdf.c
|
||||||
|
@@ -99,6 +99,7 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle,
|
||||||
|
uint32_t h = kcapi_md_digestsize(handle);
|
||||||
|
int32_t err = 0;
|
||||||
|
uint8_t *dst_orig = dst;
|
||||||
|
+ uint32_t dlen_orig = dlen;
|
||||||
|
uint8_t Ai[h];
|
||||||
|
uint32_t i = 1;
|
||||||
|
|
||||||
|
@@ -161,7 +162,7 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle,
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
err:
|
||||||
|
- kcapi_memset_secure(dst_orig, 0, dlen);
|
||||||
|
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
|
||||||
|
kcapi_memset_secure(Ai, 0, h);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
@@ -174,6 +175,7 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle,
|
||||||
|
uint32_t h = kcapi_md_digestsize(handle);
|
||||||
|
int32_t err = 0;
|
||||||
|
uint8_t *dst_orig = dst;
|
||||||
|
+ uint32_t dlen_orig = dlen;
|
||||||
|
const uint8_t *label;
|
||||||
|
uint32_t labellen = 0;
|
||||||
|
uint32_t i = 1;
|
||||||
|
@@ -238,7 +240,7 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle,
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
err:
|
||||||
|
- kcapi_memset_secure(dst_orig, 0, dlen);
|
||||||
|
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -250,6 +252,7 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle,
|
||||||
|
uint32_t h = kcapi_md_digestsize(handle);
|
||||||
|
int32_t err = 0;
|
||||||
|
uint8_t *dst_orig = dst;
|
||||||
|
+ uint32_t dlen_orig = dlen;
|
||||||
|
uint32_t i = 1;
|
||||||
|
|
||||||
|
if (dlen > INT_MAX)
|
||||||
|
@@ -295,7 +298,7 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle,
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
err:
|
||||||
|
- kcapi_memset_secure(dst_orig, 0, dlen);
|
||||||
|
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -316,6 +319,7 @@ int32_t kcapi_hkdf(const char *hashname,
|
||||||
|
uint8_t *prev = NULL;
|
||||||
|
int32_t err = 0;
|
||||||
|
uint8_t *dst_orig = dst;
|
||||||
|
+ uint32_t dlen_orig = dlen;
|
||||||
|
uint8_t ctr = 0x01;
|
||||||
|
struct kcapi_handle *handle = NULL;
|
||||||
|
|
||||||
|
@@ -415,7 +419,7 @@ int32_t kcapi_hkdf(const char *hashname,
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
err:
|
||||||
|
- kcapi_memset_secure(dst_orig, 0, dlen);
|
||||||
|
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
|
||||||
|
out:
|
||||||
|
kcapi_memset_secure(prk_tmp, 0, h);
|
||||||
|
kcapi_md_destroy(handle);
|
||||||
|
@@ -552,6 +556,8 @@ int32_t kcapi_pbkdf(const char *hashname,
|
||||||
|
uint8_t *key, uint32_t keylen)
|
||||||
|
{
|
||||||
|
struct kcapi_handle *handle;
|
||||||
|
+ uint8_t *key_orig = key;
|
||||||
|
+ uint32_t keylen_orig = keylen;
|
||||||
|
uint32_t h, i = 1;
|
||||||
|
#define MAX_DIGESTSIZE 64
|
||||||
|
uint8_t u[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t))));
|
||||||
|
@@ -633,7 +639,7 @@ int32_t kcapi_pbkdf(const char *hashname,
|
||||||
|
err:
|
||||||
|
kcapi_memset_secure(u, 0, h);
|
||||||
|
if (err)
|
||||||
|
- kcapi_memset_secure(key, 0, keylen);
|
||||||
|
+ kcapi_memset_secure(key_orig, 0, keylen_orig);
|
||||||
|
kcapi_md_destroy(handle);
|
||||||
|
|
||||||
|
return err;
|
||||||
|
|
||||||
|
From eacb82b193a94d46d2ea70c621176d79a5486008 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Thu, 26 Jul 2018 14:12:51 +0200
|
||||||
|
Subject: [PATCH 2/3] kcapi-kdf: Simplify handling of final blocks
|
||||||
|
|
||||||
|
This patch avoids the use of temporary buffers when handling the last
|
||||||
|
block in the KDF functions, taking advantage of the fact that
|
||||||
|
kcapi_md_final() can be used to retrieve also a truncated hash directly.
|
||||||
|
|
||||||
|
The new code no longer produces a false-positive warning with CLang
|
||||||
|
static analysis, so the workaround (which Coverity identifies as
|
||||||
|
unreachable code) can be removed.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
lib/kcapi-kdf.c | 43 +++++++++----------------------------------
|
||||||
|
1 file changed, 9 insertions(+), 34 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
|
||||||
|
index 6eccbe1..afa6eb3 100644
|
||||||
|
--- a/lib/kcapi-kdf.c
|
||||||
|
+++ b/lib/kcapi-kdf.c
|
||||||
|
@@ -140,13 +140,9 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (dlen < h) {
|
||||||
|
- uint8_t tmpbuffer[h];
|
||||||
|
-
|
||||||
|
- err = kcapi_md_final(handle, tmpbuffer, h);
|
||||||
|
+ err = kcapi_md_final(handle, dst, dlen);
|
||||||
|
if (err < 0)
|
||||||
|
goto err;
|
||||||
|
- memcpy(dst, tmpbuffer, dlen);
|
||||||
|
- kcapi_memset_secure(tmpbuffer, 0, h);
|
||||||
|
dlen = 0;
|
||||||
|
} else {
|
||||||
|
err = kcapi_md_final(handle, dst, h);
|
||||||
|
@@ -219,14 +215,10 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (dlen < h) {
|
||||||
|
- uint8_t tmpbuffer[h];
|
||||||
|
-
|
||||||
|
- err = kcapi_md_final(handle, tmpbuffer, h);
|
||||||
|
+ err = kcapi_md_final(handle, dst, dlen);
|
||||||
|
if (err < 0)
|
||||||
|
goto err;
|
||||||
|
- memcpy(dst, tmpbuffer, dlen);
|
||||||
|
- kcapi_memset_secure(tmpbuffer, 0, h);
|
||||||
|
- return 0;
|
||||||
|
+ dlen = 0;
|
||||||
|
} else {
|
||||||
|
err = kcapi_md_final(handle, dst, h);
|
||||||
|
if (err < 0)
|
||||||
|
@@ -276,14 +268,10 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (dlen < h) {
|
||||||
|
- uint8_t tmpbuffer[h];
|
||||||
|
-
|
||||||
|
- err = kcapi_md_final(handle, tmpbuffer, h);
|
||||||
|
+ err = kcapi_md_final(handle, dst, dlen);
|
||||||
|
if (err < 0)
|
||||||
|
goto err;
|
||||||
|
- memcpy(dst, tmpbuffer, dlen);
|
||||||
|
- kcapi_memset_secure(tmpbuffer, 0, h);
|
||||||
|
- return 0;
|
||||||
|
+ dlen = 0;
|
||||||
|
} else {
|
||||||
|
err = kcapi_md_final(handle, dst, h);
|
||||||
|
if (err < 0)
|
||||||
|
@@ -392,16 +380,10 @@ int32_t kcapi_hkdf(const char *hashname,
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
if (dlen < h) {
|
||||||
|
- err = kcapi_md_final(handle, prk_tmp, h);
|
||||||
|
+ err = kcapi_md_final(handle, dst, dlen);
|
||||||
|
if (err < 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- /* Shut up Clang */
|
||||||
|
- if (!dst) {
|
||||||
|
- err = -EFAULT;
|
||||||
|
- goto err;
|
||||||
|
- }
|
||||||
|
- memcpy(dst, prk_tmp, dlen);
|
||||||
|
dlen = 0;
|
||||||
|
} else {
|
||||||
|
err = kcapi_md_final(handle, dst, h);
|
||||||
|
@@ -561,8 +543,6 @@ int32_t kcapi_pbkdf(const char *hashname,
|
||||||
|
uint32_t h, i = 1;
|
||||||
|
#define MAX_DIGESTSIZE 64
|
||||||
|
uint8_t u[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t))));
|
||||||
|
- uint8_t T[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t)))) =
|
||||||
|
- { 0 };
|
||||||
|
int32_t err = 0;
|
||||||
|
|
||||||
|
if (keylen > INT_MAX)
|
||||||
|
@@ -617,17 +597,12 @@ int32_t kcapi_pbkdf(const char *hashname,
|
||||||
|
if (err < 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- if (keylen < h)
|
||||||
|
- kcapi_xor_64_aligned(T, u, h);
|
||||||
|
- else
|
||||||
|
- kcapi_xor_64(key, u, h);
|
||||||
|
+ kcapi_xor_64(key, u, keylen < h ? keylen : h);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (keylen < h) {
|
||||||
|
- memcpy(key, T, keylen);
|
||||||
|
- kcapi_memset_secure(T, 0, keylen);
|
||||||
|
+ if (keylen < h)
|
||||||
|
keylen = 0;
|
||||||
|
- } else {
|
||||||
|
+ else {
|
||||||
|
keylen -= h;
|
||||||
|
key += h;
|
||||||
|
i++;
|
||||||
|
|
||||||
|
From c9ed6b2c07026e9bafd99e6c288cfbd175fd237f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Thu, 26 Jul 2018 14:28:53 +0200
|
||||||
|
Subject: [PATCH 3/3] kcapi-kdf: Fix unused function warning on 32-bit
|
||||||
|
|
||||||
|
The kcapi_xor_64_aligned() is now unused when compiling in 32-bit mode,
|
||||||
|
so we need to define it only in the 64-bit case, otherwise the build
|
||||||
|
fails under CLang due to an usnused function warning.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
lib/kcapi-kdf.c | 6 ++----
|
||||||
|
1 file changed, 2 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
|
||||||
|
index afa6eb3..a219d63 100644
|
||||||
|
--- a/lib/kcapi-kdf.c
|
||||||
|
+++ b/lib/kcapi-kdf.c
|
||||||
|
@@ -503,10 +503,10 @@ static inline void kcapi_xor_32(uint8_t *dst, const uint8_t *src, uint32_t size)
|
||||||
|
kcapi_xor_8(dst, src, size);
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef __LP64__
|
||||||
|
static inline void kcapi_xor_64_aligned(uint8_t *dst, const uint8_t *src,
|
||||||
|
uint32_t size)
|
||||||
|
{
|
||||||
|
-#ifdef __LP64__
|
||||||
|
uint64_t *dst_dword = (uint64_t *)dst;
|
||||||
|
uint64_t *src_dword = (uint64_t *)src;
|
||||||
|
|
||||||
|
@@ -514,10 +514,8 @@ static inline void kcapi_xor_64_aligned(uint8_t *dst, const uint8_t *src,
|
||||||
|
*dst_dword++ ^= *src_dword++;
|
||||||
|
|
||||||
|
kcapi_xor_32_aligned((uint8_t *)dst_dword, (uint8_t *)src_dword, size);
|
||||||
|
-#else
|
||||||
|
- kcapi_xor_32_aligned(dst, src, size);
|
||||||
|
-#endif
|
||||||
|
}
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
static inline void kcapi_xor_64(uint8_t *dst, const uint8_t *src, uint32_t size)
|
||||||
|
{
|
@ -0,0 +1,47 @@
|
|||||||
|
From 3e388ac4eba63b466bf6b14b2088ea44c8a2bfe4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Krzysztof Kozlowski <krzk@kernel.org>
|
||||||
|
Date: Thu, 12 Jul 2018 18:13:16 +0200
|
||||||
|
Subject: [PATCH] Fix possible buffer overflow with strncpy and
|
||||||
|
-Wstringop-truncation warning
|
||||||
|
|
||||||
|
If valid cipher name (to which netlink socket was bound) is longer than
|
||||||
|
CRYPTO_MAX_ALG_NAME defined in lib/cryptouser.h, then the strncpy() will
|
||||||
|
try to copy length of this cipher name into smaller buffer.
|
||||||
|
|
||||||
|
In libkcapi the CRYPTO_MAX_ALG_NAME (thus the size of the buffer) is
|
||||||
|
defined as 64 but since commit f437a3f477cc ("crypto: api - Extend
|
||||||
|
algorithm name limit to 128 bytes") in Linux kernel (v4.12), the kernel
|
||||||
|
defines it as 128.
|
||||||
|
|
||||||
|
It is error-prone to use source buffer length as limit of dst buffer.
|
||||||
|
Instead choose sizeof(dst buffer).
|
||||||
|
|
||||||
|
This also fixes the warning with GCC v8.1.0:
|
||||||
|
|
||||||
|
lib/kcapi-kernel-if.c: In function '__kcapi_common_getinfo.isra.2':
|
||||||
|
lib/kcapi-kernel-if.c:632:3: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
|
||||||
|
strncpy(req.cru.cru_name, ciphername, strlen(ciphername));
|
||||||
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
lib/kcapi-kernel-if.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
|
||||||
|
index 2481f8a..807cbfe 100644
|
||||||
|
--- a/lib/kcapi-kernel-if.c
|
||||||
|
+++ b/lib/kcapi-kernel-if.c
|
||||||
|
@@ -627,9 +627,9 @@ static int __kcapi_common_getinfo(struct kcapi_handle *handle,
|
||||||
|
|
||||||
|
if (drivername)
|
||||||
|
strncpy(req.cru.cru_driver_name, ciphername,
|
||||||
|
- strlen(ciphername));
|
||||||
|
+ sizeof(req.cru.cru_driver_name) - 1);
|
||||||
|
else
|
||||||
|
- strncpy(req.cru.cru_name, ciphername, strlen(ciphername));
|
||||||
|
+ strncpy(req.cru.cru_name, ciphername, sizeof(req.cru.cru_name) - 1);
|
||||||
|
|
||||||
|
/* talk to netlink socket */
|
||||||
|
sd = socket(AF_NETLINK, SOCK_RAW, NETLINK_CRYPTO);
|
@ -0,0 +1,801 @@
|
|||||||
|
From 633569b273d63244fccf1a1e65acc8c8252c2f48 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Mon, 23 Jul 2018 08:39:32 +0200
|
||||||
|
Subject: [PATCH 01/16] apps: Check return code of fstat()
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
apps/app-internal.c | 7 ++++++-
|
||||||
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/apps/app-internal.c b/apps/app-internal.c
|
||||||
|
index 25cef80..e80c304 100644
|
||||||
|
--- a/apps/app-internal.c
|
||||||
|
+++ b/apps/app-internal.c
|
||||||
|
@@ -255,7 +255,12 @@ int read_complete(int fd, uint8_t *buf, uint32_t buflen)
|
||||||
|
|
||||||
|
int check_filetype(int fd, struct stat *sb, const char *filename)
|
||||||
|
{
|
||||||
|
- fstat(fd, sb);
|
||||||
|
+ int ret = fstat(fd, sb);
|
||||||
|
+ if (ret) {
|
||||||
|
+ dolog(KCAPI_LOG_ERR,
|
||||||
|
+ "fstat() failed: %s", strerror(errno));
|
||||||
|
+ return -errno;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* Do not return an error in case we cannot validate the data. */
|
||||||
|
if ((sb->st_mode & S_IFMT) != S_IFREG &&
|
||||||
|
|
||||||
|
From bb1685801cf3f2c94c4591808a1a8499147b0249 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Mon, 23 Jul 2018 08:45:48 +0200
|
||||||
|
Subject: [PATCH 02/16] kcapi-hasher: Fix strerror() call
|
||||||
|
|
||||||
|
strerror() expects a nonnegative error number. Here we can just pass
|
||||||
|
errno instead of decoding the error from the return value of read().
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
apps/kcapi-hasher.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
|
||||||
|
index 2fc3ddc..5769502 100644
|
||||||
|
--- a/apps/kcapi-hasher.c
|
||||||
|
+++ b/apps/kcapi-hasher.c
|
||||||
|
@@ -227,7 +227,7 @@ static int load_file(const char *filename, uint8_t **memory, uint32_t *size)
|
||||||
|
while ((rdbytes = read(fd, buffer + offset, buffer_size - offset)) != 0) {
|
||||||
|
if (rdbytes < 0) {
|
||||||
|
fprintf(stderr, "Error reading file %s: %s\n", filename,
|
||||||
|
- strerror((int)rdbytes));
|
||||||
|
+ strerror(errno));
|
||||||
|
ret = -EIO;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
From fadc3f42bbd44bd78f78f58c935ae7126b6eb2ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Mon, 23 Jul 2018 08:50:36 +0200
|
||||||
|
Subject: [PATCH 03/16] kcapi-hasher: Fix fd leak in load_file()
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
apps/kcapi-hasher.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
|
||||||
|
index 5769502..52fca78 100644
|
||||||
|
--- a/apps/kcapi-hasher.c
|
||||||
|
+++ b/apps/kcapi-hasher.c
|
||||||
|
@@ -258,6 +258,8 @@ static int load_file(const char *filename, uint8_t **memory, uint32_t *size)
|
||||||
|
|
||||||
|
*memory = buffer;
|
||||||
|
*size = (uint32_t)offset;
|
||||||
|
+
|
||||||
|
+ close(fd);
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
out:
|
||||||
|
|
||||||
|
From 5ee2bc94de5e70703ed6ad288b3c664a1cff4fcf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Mon, 23 Jul 2018 08:53:13 +0200
|
||||||
|
Subject: [PATCH 04/16] kcapi-hasher: Fix buffer overrun in process_checkfile()
|
||||||
|
|
||||||
|
The 'buf[(bsd_style - 4)]' access on line 593 can overrun the buffer if
|
||||||
|
bsd_style is exactly 3, which can theoretically happen if the BSD-style
|
||||||
|
separator is found at the very beginning of the line. Fix this by
|
||||||
|
starting to search for the separator at index 1 (it can't really be at
|
||||||
|
index 0 anyway).
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
apps/kcapi-hasher.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
|
||||||
|
index 52fca78..daab735 100644
|
||||||
|
--- a/apps/kcapi-hasher.c
|
||||||
|
+++ b/apps/kcapi-hasher.c
|
||||||
|
@@ -544,7 +544,7 @@ static int process_checkfile(const struct hash_params *params,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
- for (i = 0; i < linelen; i++) {
|
||||||
|
+ for (i = 1; i < linelen; i++) {
|
||||||
|
/*
|
||||||
|
* Check for BSD-style separator between file name and
|
||||||
|
* hash value.
|
||||||
|
|
||||||
|
From 1520fca1f9b2231bcb5101eab32e8e859b33a66c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Mon, 23 Jul 2018 09:05:45 +0200
|
||||||
|
Subject: [PATCH 05/16] docproc: Use correct sizeof() argument for clarity
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
lib/doc/bin/docproc.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c
|
||||||
|
index 4e52c1b..2313592 100644
|
||||||
|
--- a/lib/doc/bin/docproc.c
|
||||||
|
+++ b/lib/doc/bin/docproc.c
|
||||||
|
@@ -154,7 +154,8 @@ int symfilecnt = 0;
|
||||||
|
static void add_new_symbol(struct symfile *sym, char * symname)
|
||||||
|
{
|
||||||
|
sym->symbollist =
|
||||||
|
- realloc(sym->symbollist, (sym->symbolcnt + 1) * sizeof(char *));
|
||||||
|
+ realloc(sym->symbollist,
|
||||||
|
+ (sym->symbolcnt + 1) * sizeof(struct symbols));
|
||||||
|
sym->symbollist[sym->symbolcnt++].name = strdup(symname);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
From ed6c64434d42ba43efd839d4b0c693623442968f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Mon, 23 Jul 2018 09:09:44 +0200
|
||||||
|
Subject: [PATCH 06/16] docproc: Fail early on malloc/realloc failures
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
lib/doc/bin/docproc.c | 16 ++++++++++++++++
|
||||||
|
1 file changed, 16 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c
|
||||||
|
index 2313592..9a0a931 100644
|
||||||
|
--- a/lib/doc/bin/docproc.c
|
||||||
|
+++ b/lib/doc/bin/docproc.c
|
||||||
|
@@ -156,6 +156,10 @@ static void add_new_symbol(struct symfile *sym, char * symname)
|
||||||
|
sym->symbollist =
|
||||||
|
realloc(sym->symbollist,
|
||||||
|
(sym->symbolcnt + 1) * sizeof(struct symbols));
|
||||||
|
+ if (!sym->symbollist) {
|
||||||
|
+ perror("realloc");
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
sym->symbollist[sym->symbolcnt++].name = strdup(symname);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -391,12 +395,20 @@ static void find_all_symbols(char *filename)
|
||||||
|
default:
|
||||||
|
close(pipefd[1]);
|
||||||
|
data = malloc(4096);
|
||||||
|
+ if (!data) {
|
||||||
|
+ perror("malloc");
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
do {
|
||||||
|
while ((ret = read(pipefd[0],
|
||||||
|
data + data_len,
|
||||||
|
4096)) > 0) {
|
||||||
|
data_len += ret;
|
||||||
|
data = realloc(data, data_len + 4096);
|
||||||
|
+ if (!data) {
|
||||||
|
+ perror("realloc");
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
} while (ret == -EAGAIN);
|
||||||
|
if (ret != 0) {
|
||||||
|
@@ -421,6 +433,10 @@ static void find_all_symbols(char *filename)
|
||||||
|
start = all_list_len;
|
||||||
|
all_list_len += count;
|
||||||
|
all_list = realloc(all_list, sizeof(char *) * all_list_len);
|
||||||
|
+ if (!all_list) {
|
||||||
|
+ perror("realloc");
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
str = data;
|
||||||
|
for (i = 0; i < (int)data_len && start != all_list_len; i++) {
|
||||||
|
if (data[i] == '\0') {
|
||||||
|
|
||||||
|
From 1beccc4fa0af3ce57e0ff21d42907e774c4eb8fe Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Mon, 23 Jul 2018 09:15:36 +0200
|
||||||
|
Subject: [PATCH 07/16] cryptoperf: Fix check of return value of open()
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
speed-test/cryptoperf-base.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/speed-test/cryptoperf-base.c b/speed-test/cryptoperf-base.c
|
||||||
|
index 55cd7ea..b564e19 100644
|
||||||
|
--- a/speed-test/cryptoperf-base.c
|
||||||
|
+++ b/speed-test/cryptoperf-base.c
|
||||||
|
@@ -179,7 +179,7 @@ int cp_read_random(unsigned char *buf, size_t buflen)
|
||||||
|
size_t len = 0;
|
||||||
|
|
||||||
|
fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
|
||||||
|
- if(0 >= fd)
|
||||||
|
+ if(0 > fd)
|
||||||
|
return fd;
|
||||||
|
do {
|
||||||
|
ret = read(fd, (buf + len), (buflen - len));
|
||||||
|
|
||||||
|
From d41a21125e72e9ad611451bb9753489a1f96af5e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Mon, 23 Jul 2018 09:30:01 +0200
|
||||||
|
Subject: [PATCH 08/16] cryptoperf: Fix buffer overrun in cp_print_status()
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
speed-test/cryptoperf-base.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/speed-test/cryptoperf-base.c b/speed-test/cryptoperf-base.c
|
||||||
|
index b564e19..c56c2ce 100644
|
||||||
|
--- a/speed-test/cryptoperf-base.c
|
||||||
|
+++ b/speed-test/cryptoperf-base.c
|
||||||
|
@@ -159,7 +159,7 @@ char *cp_print_status(struct cp_test *test, int raw)
|
||||||
|
|
||||||
|
memset(byteseconds, 0, sizeof(byteseconds));
|
||||||
|
cp_bytes2string((processed_bytes / totaltime), byteseconds,
|
||||||
|
- (VALLEN + 1));
|
||||||
|
+ VALLEN);
|
||||||
|
snprintf(str, 120, "%-24s|%s|%8lu bytes|%*s/s|%lu ops/s",
|
||||||
|
test->testname,
|
||||||
|
test->enc ? "e" : "d",
|
||||||
|
|
||||||
|
From 5d17c564f7edae17b355f8cec7fa4c9685b10422 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Mon, 23 Jul 2018 10:05:50 +0200
|
||||||
|
Subject: [PATCH 09/16] test/cryptoperf: Check the return value of sysconf()
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
speed-test/cryptoperf-aead.c | 10 ++++++--
|
||||||
|
speed-test/cryptoperf-skcipher.c | 8 +++++-
|
||||||
|
test/kcapi-main.c | 53 +++++++++++++++++++---------------------
|
||||||
|
3 files changed, 40 insertions(+), 31 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/speed-test/cryptoperf-aead.c b/speed-test/cryptoperf-aead.c
|
||||||
|
index b2c0010..5a0446a 100644
|
||||||
|
--- a/speed-test/cryptoperf-aead.c
|
||||||
|
+++ b/speed-test/cryptoperf-aead.c
|
||||||
|
@@ -36,6 +36,12 @@ static int cp_aead_init_test(struct cp_test *test, int enc, int ccm)
|
||||||
|
unsigned char ivrand[MAX_KEYLEN];
|
||||||
|
unsigned char *ivdata = NULL;
|
||||||
|
uint32_t ivlen = 0;
|
||||||
|
+ long pagesize = sysconf(_SC_PAGESIZE);
|
||||||
|
+
|
||||||
|
+ if (pagesize < 0) {
|
||||||
|
+ printf(DRIVER_NAME": unable to determine the page size\n");
|
||||||
|
+ return -errno;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dbg("Initializing AEAD test %s\n", test->testname);
|
||||||
|
if (!test->driver_name) {
|
||||||
|
@@ -97,14 +103,14 @@ static int cp_aead_init_test(struct cp_test *test, int enc, int ccm)
|
||||||
|
test->u.aead.assoclen, TAGLEN);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (posix_memalign((void *)&input, sysconf(_SC_PAGESIZE),
|
||||||
|
+ if (posix_memalign((void *)&input, pagesize,
|
||||||
|
test->u.aead.indatalen *
|
||||||
|
(params->aio ? params->aio : 1))) {
|
||||||
|
printf(DRIVER_NAME": could not allocate input buffer for "
|
||||||
|
"%s\n", test->driver_name);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
- if (posix_memalign((void *)&output, sysconf(_SC_PAGESIZE),
|
||||||
|
+ if (posix_memalign((void *)&output, pagesize,
|
||||||
|
test->u.aead.outdatalen *
|
||||||
|
(params->aio ? params->aio : 1))) {
|
||||||
|
printf(DRIVER_NAME": could not allocate output buffer for "
|
||||||
|
diff --git a/speed-test/cryptoperf-skcipher.c b/speed-test/cryptoperf-skcipher.c
|
||||||
|
index a2db369..fb7123b 100644
|
||||||
|
--- a/speed-test/cryptoperf-skcipher.c
|
||||||
|
+++ b/speed-test/cryptoperf-skcipher.c
|
||||||
|
@@ -34,6 +34,12 @@ static int cp_skcipher_init_test(struct cp_test *test)
|
||||||
|
unsigned char *ivdata = NULL;
|
||||||
|
unsigned int bs;
|
||||||
|
int err;
|
||||||
|
+ long pagesize = sysconf(_SC_PAGESIZE);
|
||||||
|
+
|
||||||
|
+ if (pagesize < 0) {
|
||||||
|
+ printf(DRIVER_NAME": unable to determine the page size\n");
|
||||||
|
+ return -errno;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dbg("Initializing symmetric test %s\n", test->testname);
|
||||||
|
if (!test->driver_name) {
|
||||||
|
@@ -75,7 +81,7 @@ static int cp_skcipher_init_test(struct cp_test *test)
|
||||||
|
cp_read_random(ivdata, kcapi_cipher_blocksize(test->u.skcipher.handle));
|
||||||
|
test->u.skcipher.iv = ivdata;
|
||||||
|
|
||||||
|
- err = posix_memalign((void *)&scratchpad, sysconf(_SC_PAGESIZE),
|
||||||
|
+ err = posix_memalign((void *)&scratchpad, pagesize,
|
||||||
|
kcapi_cipher_blocksize(test->u.skcipher.handle) * params->len *
|
||||||
|
(params->aio ? params->aio : 1));
|
||||||
|
if (err) {
|
||||||
|
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
|
||||||
|
index c167b7f..b0ec2ca 100644
|
||||||
|
--- a/test/kcapi-main.c
|
||||||
|
+++ b/test/kcapi-main.c
|
||||||
|
@@ -86,6 +86,8 @@ struct kcapi_cavs {
|
||||||
|
uint32_t outlen;
|
||||||
|
};
|
||||||
|
|
||||||
|
+static long pagesize;
|
||||||
|
+
|
||||||
|
static char hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7',
|
||||||
|
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
|
||||||
|
static char hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7',
|
||||||
|
@@ -808,8 +810,7 @@ static int cavs_sym(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
outbuflen = cavs_test->ctlen;
|
||||||
|
}
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
|
||||||
|
- outbuflen))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
|
||||||
|
goto out;
|
||||||
|
memset(outbuf, 0, outbuflen);
|
||||||
|
} else {
|
||||||
|
@@ -918,12 +919,10 @@ static int cavs_sym_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
outbuflen = cavs_test->ctlen;
|
||||||
|
}
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
|
||||||
|
- outbuflen))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
|
||||||
|
goto out;
|
||||||
|
memset(outbuf, 0, outbuflen);
|
||||||
|
- if (posix_memalign((void *)&outbuf2, sysconf(_SC_PAGESIZE),
|
||||||
|
- outbuflen))
|
||||||
|
+ if (posix_memalign((void *)&outbuf2, pagesize, outbuflen))
|
||||||
|
goto out;
|
||||||
|
memset(outbuf2, 0, outbuflen);
|
||||||
|
} else {
|
||||||
|
@@ -1072,7 +1071,7 @@ static int cavs_sym_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), outbuflen))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
|
||||||
|
goto out;
|
||||||
|
memset(outbuf, 0, outbuflen);
|
||||||
|
} else {
|
||||||
|
@@ -1241,7 +1240,7 @@ static int cavs_aead(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
fullbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
|
||||||
|
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), fullbuflen))
|
||||||
|
+ if (posix_memalign((void *)&inbuf, pagesize, fullbuflen))
|
||||||
|
goto out;
|
||||||
|
memset(inbuf, 0, fullbuflen);
|
||||||
|
} else {
|
||||||
|
@@ -1425,8 +1424,7 @@ static int cavs_aead_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
maxbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
|
||||||
|
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE),
|
||||||
|
- loops * maxbuflen))
|
||||||
|
+ if (posix_memalign((void *)&inbuf, pagesize, loops * maxbuflen))
|
||||||
|
goto out;
|
||||||
|
memset(inbuf, 0, loops * maxbuflen);
|
||||||
|
} else {
|
||||||
|
@@ -1596,7 +1594,7 @@ static int cavs_aead_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
|
||||||
|
maxbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), maxbuflen))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, maxbuflen))
|
||||||
|
goto out;
|
||||||
|
memset(outbuf, 0, maxbuflen);
|
||||||
|
} else {
|
||||||
|
@@ -1830,9 +1828,9 @@ static int cavs_aead_large(int stream, uint32_t loops, int splice)
|
||||||
|
test.keylen = len / 2;
|
||||||
|
|
||||||
|
len = strlen(aad);
|
||||||
|
- if (posix_memalign((void *)&test.assoc, sysconf(_SC_PAGESIZE), (16 * sysconf(_SC_PAGESIZE))))
|
||||||
|
+ if (posix_memalign((void *)&test.assoc, pagesize, (16 * pagesize)))
|
||||||
|
goto out;
|
||||||
|
- hex2bin(aad, len, test.assoc, (sysconf(_SC_PAGESIZE) * 16));
|
||||||
|
+ hex2bin(aad, len, test.assoc, (pagesize * 16));
|
||||||
|
test.assoclen = len / 2;
|
||||||
|
|
||||||
|
test.taglen = 16;
|
||||||
|
@@ -2052,8 +2050,7 @@ static int cavs_asym(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
|
||||||
|
- maxsize))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize))
|
||||||
|
goto out;
|
||||||
|
memset(outbuf, 0, maxsize);
|
||||||
|
} else {
|
||||||
|
@@ -2164,11 +2161,10 @@ static int cavs_asym_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
|
||||||
|
- maxsize * loops))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize * loops))
|
||||||
|
goto out;
|
||||||
|
memset(outbuf, 0, maxsize * loops);
|
||||||
|
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE),
|
||||||
|
+ if (posix_memalign((void *)&inbuf, pagesize,
|
||||||
|
cavs_test->ptlen * loops))
|
||||||
|
goto out;
|
||||||
|
memset(outbuf, 0, cavs_test->ptlen * loops);
|
||||||
|
@@ -2294,10 +2290,10 @@ static int cavs_asym_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), maxsize * NUMIOVECS))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize * NUMIOVECS))
|
||||||
|
goto out;
|
||||||
|
memset(outbuf, 0, maxsize);
|
||||||
|
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), inbuflen))
|
||||||
|
+ if (posix_memalign((void *)&inbuf, pagesize, inbuflen))
|
||||||
|
goto out;
|
||||||
|
memset(inbuf, 0, inbuflen);
|
||||||
|
} else {
|
||||||
|
@@ -2489,8 +2485,7 @@ static int cavs_kdf_common(struct kcapi_cavs *cavs_test, uint32_t loops)
|
||||||
|
uint32_t i = 0;
|
||||||
|
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
|
||||||
|
- cavs_test->outlen))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
|
||||||
|
return -ENOMEM;
|
||||||
|
memset(outbuf, 0, cavs_test->outlen);
|
||||||
|
} else {
|
||||||
|
@@ -2571,8 +2566,7 @@ static int cavs_hkdf(struct kcapi_cavs *cavs_test, uint32_t loops)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
|
||||||
|
- cavs_test->outlen))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
|
||||||
|
return -ENOMEM;
|
||||||
|
memset(outbuf, 0, cavs_test->outlen);
|
||||||
|
} else {
|
||||||
|
@@ -2671,8 +2665,7 @@ static int cavs_pbkdf(struct kcapi_cavs *cavs_test, uint32_t loops)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
|
||||||
|
- cavs_test->outlen))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
|
||||||
|
return -ENOMEM;
|
||||||
|
memset(outbuf, 0, cavs_test->outlen);
|
||||||
|
} else {
|
||||||
|
@@ -2928,7 +2921,7 @@ static int kpp(struct kcapi_cavs *cavs_test, uint32_t loops, int splice)
|
||||||
|
|
||||||
|
outbuflen = ret;
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), ret))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, ret))
|
||||||
|
return -ENOMEM;
|
||||||
|
memset(outbuf, 0, ret);
|
||||||
|
} else {
|
||||||
|
@@ -3001,7 +2994,7 @@ static int kpp_aio(struct kcapi_cavs *cavs_test, uint32_t loops, int splice)
|
||||||
|
|
||||||
|
outbuflen = ret;
|
||||||
|
if (cavs_test->aligned) {
|
||||||
|
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), ret))
|
||||||
|
+ if (posix_memalign((void *)&outbuf, pagesize, ret))
|
||||||
|
return -ENOMEM;
|
||||||
|
memset(outbuf, 0, ret);
|
||||||
|
} else {
|
||||||
|
@@ -3072,6 +3065,10 @@ int main(int argc, char *argv[])
|
||||||
|
int splice = KCAPI_ACCESS_SENDMSG;
|
||||||
|
struct kcapi_cavs cavs_test;
|
||||||
|
|
||||||
|
+ pagesize = sysconf(_SC_PAGESIZE);
|
||||||
|
+ if (pagesize < 0)
|
||||||
|
+ return 1;
|
||||||
|
+
|
||||||
|
memset(&cavs_test, 0, sizeof(struct kcapi_cavs));
|
||||||
|
kcapi_set_verbosity(KCAPI_LOG_WARN);
|
||||||
|
|
||||||
|
|
||||||
|
From 4c904fbf621b0fb01d79c1b01d28c296f36e6d8a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Wed, 25 Jul 2018 11:10:01 +0200
|
||||||
|
Subject: [PATCH 10/16] docproc: Fix memory leak
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
lib/doc/bin/docproc.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c
|
||||||
|
index 9a0a931..ad8d3a0 100644
|
||||||
|
--- a/lib/doc/bin/docproc.c
|
||||||
|
+++ b/lib/doc/bin/docproc.c
|
||||||
|
@@ -445,6 +445,7 @@ static void find_all_symbols(char *filename)
|
||||||
|
start++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ free(data);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
|
||||||
|
From 6092ff27886b7d40ea056f6c02a9c3fd5803df0d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Wed, 25 Jul 2018 11:10:35 +0200
|
||||||
|
Subject: [PATCH 11/16] kcapi-aead: Remove an unreachable statement
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
lib/kcapi-aead.c | 2 --
|
||||||
|
1 file changed, 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/kcapi-aead.c b/lib/kcapi-aead.c
|
||||||
|
index 7f8348f..d32c1e4 100644
|
||||||
|
--- a/lib/kcapi-aead.c
|
||||||
|
+++ b/lib/kcapi-aead.c
|
||||||
|
@@ -249,8 +249,6 @@ int32_t kcapi_aead_encrypt_aio(struct kcapi_handle *handle, struct iovec *iniov,
|
||||||
|
|
||||||
|
return _kcapi_aead_encrypt_aio_fallback(handle, iniov, outiov, iovlen,
|
||||||
|
iv);
|
||||||
|
-
|
||||||
|
- return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
DSO_PUBLIC
|
||||||
|
|
||||||
|
From 41a64a4363da4cce0f8de654f7dceef5c3fd6285 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Wed, 25 Jul 2018 12:23:18 +0200
|
||||||
|
Subject: [PATCH 12/16] kcapi-kdf: Fix buffer overruns in error paths
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
lib/kcapi-kdf.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
|
||||||
|
index bf150c1..78a7e0d 100644
|
||||||
|
--- a/lib/kcapi-kdf.c
|
||||||
|
+++ b/lib/kcapi-kdf.c
|
||||||
|
@@ -336,6 +336,7 @@ int32_t kcapi_hkdf(const char *hashname,
|
||||||
|
if (h > HKDF_MAXHASH) {
|
||||||
|
kcapi_dolog(KCAPI_LOG_ERR,
|
||||||
|
"Null salt size too small for hash\n");
|
||||||
|
+ h = HKDF_MAXHASH;
|
||||||
|
err = -EFAULT;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
@@ -570,6 +571,7 @@ int32_t kcapi_pbkdf(const char *hashname,
|
||||||
|
kcapi_dolog(KCAPI_LOG_ERR,
|
||||||
|
"Programming error in file %s at line %u\n",
|
||||||
|
__FILE__, __LINE__);
|
||||||
|
+ h = MAX_DIGESTSIZE;
|
||||||
|
err = -EFAULT;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
|
From 33c3b71ba5577c0b2bcdf8eb880642e0ab461079 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Wed, 25 Jul 2018 12:26:55 +0200
|
||||||
|
Subject: [PATCH 13/16] kcapi-kernel-if: Simplify iovec validity check
|
||||||
|
|
||||||
|
Current check is awkward, just checking iov for NULL seems to make CLang
|
||||||
|
happy.
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
lib/kcapi-kernel-if.c | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
|
||||||
|
index 807cbfe..595ce68 100644
|
||||||
|
--- a/lib/kcapi-kernel-if.c
|
||||||
|
+++ b/lib/kcapi-kernel-if.c
|
||||||
|
@@ -257,11 +257,11 @@ int32_t _kcapi_common_vmsplice_iov(struct kcapi_handle *handle,
|
||||||
|
uint32_t inlen = 0;
|
||||||
|
unsigned long i;
|
||||||
|
|
||||||
|
- for (i = 0; i < iovlen; i++) {
|
||||||
|
- if (!(iov + i))
|
||||||
|
- return -EINVAL;
|
||||||
|
+ if (iovlen && !iov)
|
||||||
|
+ return -EINVAL;
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < iovlen; i++)
|
||||||
|
inlen += iov[i].iov_len;
|
||||||
|
- }
|
||||||
|
|
||||||
|
/* kernel processes input data with max size of one page */
|
||||||
|
handle->processed_sg += ((inlen + sysconf(_SC_PAGESIZE) - 1) /
|
||||||
|
|
||||||
|
From c1f82d3b78031037f7098bd26b5da00eceecc00a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Wed, 25 Jul 2018 12:37:15 +0200
|
||||||
|
Subject: [PATCH 14/16] test: Allocate name even if size is zero
|
||||||
|
|
||||||
|
We still need one byte for the terminating null character.
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
test/kcapi-main.c | 10 ++++------
|
||||||
|
1 file changed, 4 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
|
||||||
|
index b0ec2ca..d20e74c 100644
|
||||||
|
--- a/test/kcapi-main.c
|
||||||
|
+++ b/test/kcapi-main.c
|
||||||
|
@@ -275,13 +275,11 @@ static int fuzz_init_test(unsigned int size)
|
||||||
|
|
||||||
|
kcapi_set_verbosity(KCAPI_LOG_NONE);
|
||||||
|
|
||||||
|
- if (size) {
|
||||||
|
- name = calloc(1, size + 1);
|
||||||
|
+ name = calloc(1, size + 1);
|
||||||
|
|
||||||
|
- if (!name) {
|
||||||
|
- printf("Allocation of %u bytes failed", size);
|
||||||
|
- return 1;
|
||||||
|
- }
|
||||||
|
+ if (!name) {
|
||||||
|
+ printf("Allocation of %u bytes failed", size);
|
||||||
|
+ return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (get_random(name, size, 0)) {
|
||||||
|
|
||||||
|
From 698fcb68572b5d315b27294bd3e9ee2c058920f6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Wed, 25 Jul 2018 12:41:37 +0200
|
||||||
|
Subject: [PATCH 15/16] test: Fix resource leak and error handling
|
||||||
|
|
||||||
|
The fuzz_cipher() and fuzz_aead() functions did not always return error
|
||||||
|
when it should and it did not always release the cipher handle on
|
||||||
|
return. This patch fixes both issues.
|
||||||
|
|
||||||
|
Found by Coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
test/kcapi-main.c | 16 ++++++++--------
|
||||||
|
1 file changed, 8 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
|
||||||
|
index d20e74c..b3f6ae9 100644
|
||||||
|
--- a/test/kcapi-main.c
|
||||||
|
+++ b/test/kcapi-main.c
|
||||||
|
@@ -352,11 +352,11 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags,
|
||||||
|
uint8_t indata[4096];
|
||||||
|
uint8_t outdata[4096];
|
||||||
|
unsigned int i;
|
||||||
|
- int ret = 0;
|
||||||
|
+ int ret = 1;
|
||||||
|
|
||||||
|
if (kcapi_cipher_init(&handle, cavs_test->cipher, 0)) {
|
||||||
|
printf("Allocation of %s cipher failed\n", cavs_test->cipher);
|
||||||
|
- return -EFAULT;
|
||||||
|
+ return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Set key */
|
||||||
|
@@ -366,7 +366,7 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags,
|
||||||
|
for (i = 0; i < sizeof(key); i++) {
|
||||||
|
if (get_random(key, i, 0)) {
|
||||||
|
printf("get_random call failed\n");
|
||||||
|
- return 1;
|
||||||
|
+ goto out;
|
||||||
|
}
|
||||||
|
kcapi_cipher_setkey(handle, key, i);
|
||||||
|
}
|
||||||
|
@@ -388,7 +388,7 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags,
|
||||||
|
|
||||||
|
if (get_random(indata, i, 0)) {
|
||||||
|
printf("get_random call failed\n");
|
||||||
|
- return 1;
|
||||||
|
+ goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (flags & FUZZ_LESSOUT)
|
||||||
|
@@ -429,11 +429,11 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
|
||||||
|
uint8_t indata[4096];
|
||||||
|
uint8_t outdata[4096];
|
||||||
|
unsigned int i;
|
||||||
|
- int ret = 0;
|
||||||
|
+ int ret = 1;
|
||||||
|
|
||||||
|
if (kcapi_aead_init(&handle, cavs_test->cipher, 0)) {
|
||||||
|
printf("Allocation of %s cipher failed\n", cavs_test->cipher);
|
||||||
|
- return -EFAULT;
|
||||||
|
+ return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Set key */
|
||||||
|
@@ -443,7 +443,7 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
|
||||||
|
for (i = 0; i < sizeof(key); i++) {
|
||||||
|
if (get_random(key, i, 0)) {
|
||||||
|
printf("get_random call failed\n");
|
||||||
|
- return 1;
|
||||||
|
+ goto out;
|
||||||
|
}
|
||||||
|
kcapi_aead_setkey(handle, key, i);
|
||||||
|
}
|
||||||
|
@@ -479,7 +479,7 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
|
||||||
|
|
||||||
|
if (get_random(indata, i, 0)) {
|
||||||
|
printf("get_random call failed\n");
|
||||||
|
- return 1;
|
||||||
|
+ goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (flags & FUZZ_LESSOUT)
|
||||||
|
|
||||||
|
From ec9c36216623b94684c9e5ca8be26455b490bdef Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Wed, 25 Jul 2018 16:52:13 +0200
|
||||||
|
Subject: [PATCH 16/16] test: Clean up after NULL string fix
|
||||||
|
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
test/kcapi-main.c | 10 ++++------
|
||||||
|
1 file changed, 4 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
|
||||||
|
index b3f6ae9..3cba467 100644
|
||||||
|
--- a/test/kcapi-main.c
|
||||||
|
+++ b/test/kcapi-main.c
|
||||||
|
@@ -271,14 +271,12 @@ static int fuzz_init_test(unsigned int size)
|
||||||
|
{
|
||||||
|
struct kcapi_handle *handle;
|
||||||
|
int ret = 0;
|
||||||
|
- uint8_t *name = NULL;
|
||||||
|
+ uint8_t *name = calloc(1, size + 1);
|
||||||
|
|
||||||
|
kcapi_set_verbosity(KCAPI_LOG_NONE);
|
||||||
|
|
||||||
|
- name = calloc(1, size + 1);
|
||||||
|
-
|
||||||
|
if (!name) {
|
||||||
|
- printf("Allocation of %u bytes failed", size);
|
||||||
|
+ printf("Allocation of %u bytes failed", size + 1);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -317,10 +315,10 @@ static int fuzz_init_test(unsigned int size)
|
||||||
|
|
||||||
|
fail:
|
||||||
|
fprintf(stdout, "allocation success of nonsense string ");
|
||||||
|
- if (name)
|
||||||
|
+ if (size)
|
||||||
|
bin2print(name, size);
|
||||||
|
else
|
||||||
|
- fprintf(stdout, "NULL\n");
|
||||||
|
+ fprintf(stdout, "EMPTY\n");
|
||||||
|
free(name);
|
||||||
|
return 1;
|
||||||
|
}
|
@ -0,0 +1,186 @@
|
|||||||
|
From 2a0642407dd227d24e646c170d8afd47ab917899 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Mon, 16 Jul 2018 15:17:29 +0200
|
||||||
|
Subject: [PATCH] kcapi-hasher: Add missing -d option to fipshmac
|
||||||
|
|
||||||
|
---
|
||||||
|
apps/kcapi-hasher.c | 61 ++++++++++++++++++++++++++++-------------------------
|
||||||
|
1 file changed, 32 insertions(+), 29 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
|
||||||
|
index 6782dbc..2fc3ddc 100644
|
||||||
|
--- a/apps/kcapi-hasher.c
|
||||||
|
+++ b/apps/kcapi-hasher.c
|
||||||
|
@@ -71,7 +71,7 @@ struct hash_name {
|
||||||
|
};
|
||||||
|
|
||||||
|
struct hash_key {
|
||||||
|
- const char *subdir;
|
||||||
|
+ const char *checkdir;
|
||||||
|
const uint8_t *data;
|
||||||
|
uint32_t len;
|
||||||
|
};
|
||||||
|
@@ -108,12 +108,20 @@ static const char hmaccalc_hmackey[] = "FIPS-FTW-RHT2009";
|
||||||
|
static const struct hash_key KEY_FIPSCHECK = {
|
||||||
|
.data = (const uint8_t *)fipscheck_hmackey,
|
||||||
|
.len = sizeof(fipscheck_hmackey) - 1,
|
||||||
|
- .subdir = "fipscheck",
|
||||||
|
+#ifdef CHECK_DIR
|
||||||
|
+ .checkdir = CHECK_DIR"/fipscheck",
|
||||||
|
+#else
|
||||||
|
+ .checkdir = NULL,
|
||||||
|
+#endif
|
||||||
|
};
|
||||||
|
static const struct hash_key KEY_HMACCALC = {
|
||||||
|
.data = (const uint8_t *)hmaccalc_hmackey,
|
||||||
|
.len = sizeof(hmaccalc_hmackey) - 1,
|
||||||
|
- .subdir = "hmaccalc",
|
||||||
|
+#ifdef CHECK_DIR
|
||||||
|
+ .checkdir = CHECK_DIR"/hmaccalc",
|
||||||
|
+#else
|
||||||
|
+ .checkdir = NULL,
|
||||||
|
+#endif
|
||||||
|
};
|
||||||
|
|
||||||
|
static void usage(char *name, int fipscheck)
|
||||||
|
@@ -142,7 +150,8 @@ static void usage(char *name, int fipscheck)
|
||||||
|
fprintf(stderr, "\t-k --key-file FILE\tUse HMAC key from given file\n");
|
||||||
|
fprintf(stderr, "\t-K --key KEY\t\tUse KEY as the HMAC key\n");
|
||||||
|
fprintf(stderr, "\t --tag\t\tCreate a BSD-style checksum\n");
|
||||||
|
- fprintf(stderr, "\t-b, -d, -P\t\tCompatibility hmaccalc options; ignored\n");
|
||||||
|
+ fprintf(stderr, "\t-d\t\t\tCheck directory for fipshmac; otherwise ignored\n");
|
||||||
|
+ fprintf(stderr, "\t-b, -P\t\t\tCompatibility hmaccalc options; ignored\n");
|
||||||
|
fprintf(stderr, "\t --help\t\tPrint this help text\n");
|
||||||
|
fprintf(stderr, "\t-v --version\t\tShow version\n");
|
||||||
|
}
|
||||||
|
@@ -368,7 +377,7 @@ static char *paste(char *dst, const char *src, size_t size)
|
||||||
|
* return: NULL when malloc failed, a pointer that the caller must free
|
||||||
|
* otherwise.
|
||||||
|
*/
|
||||||
|
-static char *get_hmac_file(const char *filename, const char *subdir)
|
||||||
|
+static char *get_hmac_file(const char *filename, const char *checkdir)
|
||||||
|
{
|
||||||
|
size_t i, filelen, pathlen, namelen, basenamestart = 0;
|
||||||
|
size_t prefixlen = strlen(CHECK_PREFIX);
|
||||||
|
@@ -386,12 +395,7 @@ static char *get_hmac_file(const char *filename, const char *subdir)
|
||||||
|
}
|
||||||
|
|
||||||
|
namelen = filelen - basenamestart;
|
||||||
|
-#ifdef CHECK_DIR
|
||||||
|
- pathlen = strlen(CHECK_DIR"/") + strlen(subdir) + 1;
|
||||||
|
-#else
|
||||||
|
- (void)subdir; // avoid parameter unused warning
|
||||||
|
- pathlen = basenamestart;
|
||||||
|
-#endif
|
||||||
|
+ pathlen = checkdir ? strlen(checkdir) + 1 : basenamestart;
|
||||||
|
|
||||||
|
checkfile = malloc(pathlen + namelen + prefixlen + 1 /* "." */ +
|
||||||
|
suffixlen + 1 /* null character */);
|
||||||
|
@@ -399,14 +403,12 @@ static char *get_hmac_file(const char *filename, const char *subdir)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
cursor = checkfile;
|
||||||
|
-#ifdef CHECK_DIR
|
||||||
|
- cursor = paste(cursor, CHECK_DIR"/", strlen(CHECK_DIR"/"));
|
||||||
|
- cursor = paste(cursor, subdir, strlen(subdir));
|
||||||
|
- cursor = paste(cursor, "/", 1);
|
||||||
|
-#else
|
||||||
|
- if (pathlen > 0)
|
||||||
|
+ if (checkdir) {
|
||||||
|
+ cursor = paste(cursor, checkdir, strlen(checkdir));
|
||||||
|
+ cursor = paste(cursor, "/", 1);
|
||||||
|
+ } else if (pathlen > 0)
|
||||||
|
cursor = paste(cursor, filename, pathlen);
|
||||||
|
-#endif
|
||||||
|
+
|
||||||
|
cursor = paste(cursor, CHECK_PREFIX, prefixlen);
|
||||||
|
cursor = paste(cursor, filename + basenamestart, namelen);
|
||||||
|
cursor = paste(cursor, "."CHECK_SUFFIX, 1 + suffixlen);
|
||||||
|
@@ -417,7 +419,7 @@ static char *get_hmac_file(const char *filename, const char *subdir)
|
||||||
|
|
||||||
|
static int hash_files(const struct hash_params *params,
|
||||||
|
char *filenames[], uint32_t files,
|
||||||
|
- int fipshmac, int just_print)
|
||||||
|
+ int fipshmac, const char *checkdir, int just_print)
|
||||||
|
{
|
||||||
|
struct kcapi_handle *handle;
|
||||||
|
const char *hashname = params->name.kcapiname;
|
||||||
|
@@ -446,9 +448,7 @@ static int hash_files(const struct hash_params *params,
|
||||||
|
const char *filename = filenames[i];
|
||||||
|
|
||||||
|
if (fipshmac) {
|
||||||
|
- char *outfile = get_hmac_file(filenames[i],
|
||||||
|
- params->key.subdir);
|
||||||
|
-
|
||||||
|
+ char *outfile = get_hmac_file(filenames[i], checkdir);
|
||||||
|
if (!outfile) {
|
||||||
|
fprintf(stderr,
|
||||||
|
"Cannot create HMAC file name\n");
|
||||||
|
@@ -712,11 +712,11 @@ static int fipscheck_self(const struct hash_params *params_bin,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mode == SELFCHECK_PRINT_SELF) {
|
||||||
|
- ret = hash_files(params_bin, names, 1, 0, 1);
|
||||||
|
+ ret = hash_files(params_bin, names, 1, 0, NULL, 1);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- checkfile = get_hmac_file(selfname, params_bin->key.subdir);
|
||||||
|
+ checkfile = get_hmac_file(selfname, params_bin->key.checkdir);
|
||||||
|
if (!checkfile) {
|
||||||
|
ret = -ENOMEM;
|
||||||
|
goto out;
|
||||||
|
@@ -750,13 +750,13 @@ static int fipscheck_self(const struct hash_params *params_bin,
|
||||||
|
strncpy(selfname, info.dli_fname, (sizeof(selfname) - 1));
|
||||||
|
|
||||||
|
if (mode == SELFCHECK_PRINT_LIB) {
|
||||||
|
- ret = hash_files(params_lib, names, 1, 0, 1);
|
||||||
|
+ ret = hash_files(params_lib, names, 1, 0, NULL, 1);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (checkfile)
|
||||||
|
free(checkfile);
|
||||||
|
- checkfile = get_hmac_file(selfname, params_lib->key.subdir);
|
||||||
|
+ checkfile = get_hmac_file(selfname, params_lib->key.checkdir);
|
||||||
|
if (!checkfile) {
|
||||||
|
ret = -ENOMEM;
|
||||||
|
goto out;
|
||||||
|
@@ -799,6 +799,7 @@ int main(int argc, char *argv[])
|
||||||
|
|
||||||
|
char *checkfile = NULL;
|
||||||
|
const char *targetfile = NULL;
|
||||||
|
+ const char *checkdir = NULL;
|
||||||
|
uint8_t *hmackey_alloc = NULL;
|
||||||
|
uint8_t *hmackey_mmap = NULL;
|
||||||
|
int opt_index = 0;
|
||||||
|
@@ -1055,8 +1056,10 @@ int main(int argc, char *argv[])
|
||||||
|
version(argv[0]);
|
||||||
|
ret = 0;
|
||||||
|
goto out;
|
||||||
|
- case 'b':
|
||||||
|
case 'd':
|
||||||
|
+ checkdir = optarg;
|
||||||
|
+ break;
|
||||||
|
+ case 'b':
|
||||||
|
case 'P':
|
||||||
|
/* Compatibility options, just ignore */
|
||||||
|
break;
|
||||||
|
@@ -1110,7 +1113,7 @@ int main(int argc, char *argv[])
|
||||||
|
targetfile = argv[optind];
|
||||||
|
if (checkfile)
|
||||||
|
free(checkfile);
|
||||||
|
- checkfile = get_hmac_file(targetfile, params.key.subdir);
|
||||||
|
+ checkfile = get_hmac_file(targetfile, params.key.checkdir);
|
||||||
|
if (!checkfile) {
|
||||||
|
ret = 1;
|
||||||
|
goto out;
|
||||||
|
@@ -1120,7 +1123,7 @@ int main(int argc, char *argv[])
|
||||||
|
|
||||||
|
if (!checkfile)
|
||||||
|
ret = hash_files(¶ms, argv + optind, (argc - optind),
|
||||||
|
- fipshmac, 0);
|
||||||
|
+ fipshmac, checkdir, 0);
|
||||||
|
else if (optind == argc)
|
||||||
|
ret = process_checkfile(¶ms, checkfile, targetfile, loglevel);
|
||||||
|
else {
|
@ -0,0 +1,34 @@
|
|||||||
|
From 912ab6d55ef5af594d22d01a39cf7e035c797335 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Wed, 11 Jul 2018 09:42:26 +0200
|
||||||
|
Subject: [PATCH] kcapi-hasher: Fix command-line parsing
|
||||||
|
|
||||||
|
I made a mistake in commit 3be3e18d4a2e ("kcapi-hasher: Allow picking
|
||||||
|
basename via cmdline"), which apparently broke command-line parsing when
|
||||||
|
the '-n' options is not used. This patch fixes the issue by resetting
|
||||||
|
the right variable and also silences error messages when checking for
|
||||||
|
the '-n' option.
|
||||||
|
|
||||||
|
Fedora BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1599831
|
||||||
|
---
|
||||||
|
apps/kcapi-hasher.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
|
||||||
|
index ae88211..90707a6 100644
|
||||||
|
--- a/apps/kcapi-hasher.c
|
||||||
|
+++ b/apps/kcapi-hasher.c
|
||||||
|
@@ -841,10 +841,12 @@ int main(int argc, char *argv[])
|
||||||
|
}
|
||||||
|
basen = basename(basec);
|
||||||
|
|
||||||
|
+ opterr = 0;
|
||||||
|
if (getopt_long(argc, argv, opts_name_short, opts_name, &opt_index) == 'n')
|
||||||
|
basen = optarg;
|
||||||
|
else
|
||||||
|
- opt_index = 0;
|
||||||
|
+ optind = 1;
|
||||||
|
+ opterr = 1;
|
||||||
|
|
||||||
|
params_self = &PARAMS_SELF_FIPSCHECK;
|
||||||
|
if (0 == strncmp(basen, "sha256sum", 9)) {
|
@ -0,0 +1,29 @@
|
|||||||
|
From 94c8277dd8fbd2193cb3804c304e965c9238951d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Wed, 11 Jul 2018 14:41:14 +0200
|
||||||
|
Subject: [PATCH] kcapi-hasher: Fix off-by-one error
|
||||||
|
|
||||||
|
There was an off-by-one error in process_checkfile() that caused the
|
||||||
|
hasher to misparse checkfiles that contain only the hash (for
|
||||||
|
self-check).
|
||||||
|
---
|
||||||
|
apps/kcapi-hasher.c | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
|
||||||
|
index ae88211..00f0373 100644
|
||||||
|
--- a/apps/kcapi-hasher.c
|
||||||
|
+++ b/apps/kcapi-hasher.c
|
||||||
|
@@ -514,8 +514,11 @@ static int process_checkfile(const struct hash_params *params,
|
||||||
|
uint32_t i;
|
||||||
|
uint32_t bsd_style = 0; // >0 if --tag formatted style
|
||||||
|
|
||||||
|
+ if (linelen == 0)
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
/* remove trailing CR and reduce buffer length */
|
||||||
|
- for (i = linelen; i > 0; i--) {
|
||||||
|
+ for (i = linelen - 1; i > 0; i--) {
|
||||||
|
if (!isprint(buf[i])) {
|
||||||
|
buf[i] = '\0';
|
||||||
|
linelen--;
|
@ -0,0 +1,33 @@
|
|||||||
|
From b2e9360dab74de1ffcb8527610e88b0da87c701e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Mon, 30 Jul 2018 17:17:59 +0200
|
||||||
|
Subject: [PATCH] lib: Fix _kcapi_handle_destroy() closing FD 0
|
||||||
|
|
||||||
|
The kcapi_handle structure is initialized with zeroes at allocation.
|
||||||
|
However, since it contains several file descriptor variables, it may
|
||||||
|
happen that _kcapi_handle_destroy() is executed while some of these are
|
||||||
|
set to 0, causing an unwanted call to close(0).
|
||||||
|
|
||||||
|
This patch prevents it by initializing all FD variables to -1 right
|
||||||
|
after handle allocation.
|
||||||
|
---
|
||||||
|
lib/kcapi-kernel-if.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
|
||||||
|
index 595ce68..dfa94b4 100644
|
||||||
|
--- a/lib/kcapi-kernel-if.c
|
||||||
|
+++ b/lib/kcapi-kernel-if.c
|
||||||
|
@@ -1146,6 +1146,12 @@ int _kcapi_handle_init(struct kcapi_handle **caller, const char *type,
|
||||||
|
|
||||||
|
handle->tfm = tfm;
|
||||||
|
|
||||||
|
+ /* Initialize all fd vars to -1 to avoid unwanted close(0) */
|
||||||
|
+ handle->pipes[0] = -1;
|
||||||
|
+ handle->pipes[1] = -1;
|
||||||
|
+ handle->opfd = -1;
|
||||||
|
+ handle->aio.efd = -1;
|
||||||
|
+
|
||||||
|
ret = _kcapi_handle_init_tfm(handle, type, ciphername);
|
||||||
|
if (ret)
|
||||||
|
goto err;
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,34 @@
|
|||||||
|
From a10e5ff7f8f69e1ed5cd4151f3e71f4783c40c68 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Krzysztof Kozlowski <krzk@kernel.org>
|
||||||
|
Date: Thu, 12 Jul 2018 18:13:32 +0200
|
||||||
|
Subject: [PATCH] test: Be sure to terminate strncpy() copied string
|
||||||
|
(-Wstringop-truncation)
|
||||||
|
|
||||||
|
strncpy() might not NULL-terminate the buffer. This fixes GCC v8.1.0 warning:
|
||||||
|
|
||||||
|
test/kcapi-main.c: In function 'main':
|
||||||
|
test/kcapi-main.c:3123:5: error: 'strncpy' specified bound 63 equals destination size [-Werror=stringop-truncation]
|
||||||
|
strncpy(cavs_test.cipher, optarg,
|
||||||
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
CIPHERMAXNAME);
|
||||||
|
~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
|
||||||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||||
|
---
|
||||||
|
test/kcapi-main.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
|
||||||
|
index 8352499..c167b7f 100644
|
||||||
|
--- a/test/kcapi-main.c
|
||||||
|
+++ b/test/kcapi-main.c
|
||||||
|
@@ -3121,7 +3121,7 @@ int main(int argc, char *argv[])
|
||||||
|
break;
|
||||||
|
case 'c':
|
||||||
|
strncpy(cavs_test.cipher, optarg,
|
||||||
|
- CIPHERMAXNAME);
|
||||||
|
+ CIPHERMAXNAME - 1);
|
||||||
|
break;
|
||||||
|
case 'p':
|
||||||
|
len = strlen(optarg);
|
@ -0,0 +1,42 @@
|
|||||||
|
From def2282fd28390f4a8afd0f43be6c3b3b1586f41 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
|
Date: Fri, 27 Jul 2018 10:53:00 +0200
|
||||||
|
Subject: [PATCH] test: Fix AEAD fuzz test for big-endian archs
|
||||||
|
|
||||||
|
The stupid authenc() key format contains fields that need to be in the
|
||||||
|
machine's endianity. Right now, they are hard-coded in the LE format.
|
||||||
|
This patch makes them always be in the right format.
|
||||||
|
---
|
||||||
|
test/kcapi-main.c | 19 +++++++++++--------
|
||||||
|
1 file changed, 11 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
|
||||||
|
index e24956c..d62c91a 100644
|
||||||
|
--- a/test/kcapi-main.c
|
||||||
|
+++ b/test/kcapi-main.c
|
||||||
|
@@ -451,14 +451,17 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
|
||||||
|
|
||||||
|
if (kcapi_aead_setkey(handle, key, 16)) {
|
||||||
|
if (!strncmp(cavs_test->cipher, "authenc", 7)) {
|
||||||
|
- uint8_t *k = (uint8_t *)
|
||||||
|
- "\x08\x00\x01\x00\x00\x00\x00\x10"
|
||||||
|
- "\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||||
|
- "\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||||
|
- "\x00\x00\x00\x00\x06\xa9\x21\x40"
|
||||||
|
- "\x36\xb8\xa1\x5b\x51\x2e\x03\xd5"
|
||||||
|
- "\x34\x12\x00\x06";
|
||||||
|
- if (kcapi_aead_setkey(handle, k, 44)) {
|
||||||
|
+ uint8_t k[44];
|
||||||
|
+ memcpy(k, "\x00\x00\x00\x00\x00\x00\x00\x10"
|
||||||
|
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||||
|
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||||
|
+ "\x00\x00\x00\x00\x06\xa9\x21\x40"
|
||||||
|
+ "\x36\xb8\xa1\x5b\x51\x2e\x03\xd5"
|
||||||
|
+ "\x34\x12\x00\x06", sizeof(k));
|
||||||
|
+ /* These need to be in machine's endianity: */
|
||||||
|
+ *(uint16_t *)(k + 0) = 8;
|
||||||
|
+ *(uint16_t *)(k + 2) = 1;
|
||||||
|
+ if (kcapi_aead_setkey(handle, k, sizeof(k))) {
|
||||||
|
printf("AEAD setkey failed\n");
|
||||||
|
goto out;
|
||||||
|
}
|
11
SOURCES/libkcapi-1.1.1.tar.xz.asc
Normal file
11
SOURCES/libkcapi-1.1.1.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAlsmv5gACgkQQh7pNjJq
|
||||||
|
wVv+2AgAg5Clqx2IB4/pN21IZxwU9+aIxiHxm+EZIbR+odc7eSymmQlQre0HLI4n
|
||||||
|
XDkfw9Zhes/Ih6dIRkAWVWm8fCQL7xrlgpkBW2Y3bxXxC99gQB4DSVn/Mdjasq2I
|
||||||
|
5pfiTe9CPNbevUwHgIe0GkGLfZJLlHL29Hjzl5TLfodVHayjDpY9v1jIRkWm2vLo
|
||||||
|
rgRmxMCt3L2csOM2ZYyeLBoHzXv3f1W6t68BzPeQQ8Pgmf+kSjW6iUXCTixBIKGz
|
||||||
|
enus3L0vJLigVtY2WZ583JZHkhvw9/KO7Z0d3fH8JuEnhMX1Vc+vnFxTWGsf8KSe
|
||||||
|
TDuu0nF3SpKTtNPaDVPgbhSZs4JZTg==
|
||||||
|
=dhAX
|
||||||
|
-----END PGP SIGNATURE-----
|
667
SPECS/libkcapi.spec
Normal file
667
SPECS/libkcapi.spec
Normal file
@ -0,0 +1,667 @@
|
|||||||
|
# Shared object version of libkcapi.
|
||||||
|
%global vmajor 1
|
||||||
|
%global vminor 1
|
||||||
|
%global vpatch 1
|
||||||
|
|
||||||
|
# Do we build the replacements packages?
|
||||||
|
%bcond_with replace_coreutils
|
||||||
|
%bcond_with replace_fipscheck
|
||||||
|
# Replace hmaccalc by default in Fedora 28+:
|
||||||
|
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8
|
||||||
|
%bcond_without replace_hmaccalc
|
||||||
|
%else
|
||||||
|
%bcond_with replace_hmaccalc
|
||||||
|
%endif
|
||||||
|
%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8
|
||||||
|
%bcond_without test_package
|
||||||
|
%else
|
||||||
|
%bcond_with test_package
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?fedora}
|
||||||
|
%global use_clang 1
|
||||||
|
%else
|
||||||
|
%global use_clang 0
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# This package needs at least Linux Kernel v4.10.0.
|
||||||
|
%global min_kernel_ver 4.10.0
|
||||||
|
|
||||||
|
# Do we need to tweak sysctl.d? In newer versions of the Linux
|
||||||
|
# Kernel the default ancillary buffer size is set high enough.
|
||||||
|
# TODO: Adapt this when the patch for net/core/sock.c is merged.
|
||||||
|
%if %{lua:print(rpm.vercmp('99.0.0', posix.uname('%r')));} >= 0
|
||||||
|
%global with_sysctl_tweak 1
|
||||||
|
%else
|
||||||
|
%global with_sysctl_tweak 0
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with_sysctl_tweak}
|
||||||
|
# Priority for the sysctl.d preset.
|
||||||
|
%global sysctl_prio 50
|
||||||
|
|
||||||
|
# Value used for the sysctl.d preset.
|
||||||
|
%global sysctl_optmem_max 81920
|
||||||
|
|
||||||
|
# Extension for the README.distro file.
|
||||||
|
%global distroname_ext %{?fedora:fedora}%{?rhel:redhat}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Lowest limit to run the testsuite. If we cannot obtain this
|
||||||
|
# value, we asume the testsuite cannot be run.
|
||||||
|
%global test_optmem_max %(%{__cat} /proc/sys/net/core/optmem_max || echo 0)
|
||||||
|
|
||||||
|
# For picking patches from upstream commits or pull requests.
|
||||||
|
%global giturl https://github.com/smuellerDD/%{name}
|
||||||
|
|
||||||
|
# Do we replace some coreutils?
|
||||||
|
%if %{with replace_coreutils}
|
||||||
|
# TODO: Adapt this when replacing some coreutils initially.
|
||||||
|
%global coreutils_evr 8.29-1%{?dist}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Do we replace fipscheck?
|
||||||
|
%if %{with replace_fipscheck}
|
||||||
|
# TODO: Adapt this when replacing fipscheck initially.
|
||||||
|
%global fipscheck_evr 1.5.0-3%{?dist}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Do we replace hmaccalc?
|
||||||
|
%if %{with replace_hmaccalc}
|
||||||
|
%global hmaccalc_evr 0.9.14-10%{?dist}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac
|
||||||
|
%global apps_fipscheck sha1sum sha224sum sha256sum sha384sum sha512sum md5sum fipscheck fipshmac
|
||||||
|
|
||||||
|
# Add generation of HMAC checksums of the final stripped
|
||||||
|
# binaries. %%define with lazy globbing is used here
|
||||||
|
# intentionally, because using %%global does not work.
|
||||||
|
%define __spec_install_post \
|
||||||
|
%{?__debug_package:%{__debug_install_post}} \
|
||||||
|
%{__arch_install_post} \
|
||||||
|
%{__os_install_post} \
|
||||||
|
bin_path=%{buildroot}%{_bindir} \
|
||||||
|
lib_path=%{buildroot}/%{_lib} \
|
||||||
|
for app in %{apps_hmaccalc}; do \
|
||||||
|
test -e "$bin_path"/$app || continue \
|
||||||
|
{ bin/kcapi-hasher -n sha512hmac "$bin_path"/$app || exit 1; } \\\
|
||||||
|
| cut -f 1 -d ' ' >"$lib_path"/hmaccalc/$app.hmac \
|
||||||
|
done \
|
||||||
|
for app in %{apps_fipscheck}; do \
|
||||||
|
test -e "$bin_path"/$app || continue \
|
||||||
|
bin/kcapi-hasher -n fipshmac -d "$lib_path"/fipscheck \\\
|
||||||
|
"$bin_path"/$app || exit 1 \
|
||||||
|
done \
|
||||||
|
%{_sbindir}/hardlink -cfv %{buildroot}%{_bindir} \
|
||||||
|
bin/kcapi-hasher -n fipshmac -d "$lib_path"/fipscheck \\\
|
||||||
|
"$lib_path"/libkcapi.so.%{version} || exit 1 \
|
||||||
|
%{__ln_s} libkcapi.so.%{version}.hmac \\\
|
||||||
|
"$lib_path"/fipscheck/libkcapi.so.%{vmajor}.hmac \
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
|
||||||
|
Name: libkcapi
|
||||||
|
Version: %{vmajor}.%{vminor}.%{vpatch}
|
||||||
|
Release: 16_1%{?dist}
|
||||||
|
Summary: User space interface to the Linux Kernel Crypto API
|
||||||
|
|
||||||
|
License: BSD or GPLv2
|
||||||
|
URL: http://www.chronox.de/%{name}.html
|
||||||
|
Source0: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
|
||||||
|
Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
|
||||||
|
|
||||||
|
Patch0: %{giturl}/pull/60.patch#/%{name}-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch
|
||||||
|
Patch1: %{giturl}/pull/61.patch#/%{name}-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch
|
||||||
|
Patch2: %{giturl}/pull/64.patch#/%{name}-1.1.1-kcapi-hasher_Add_missing_-d_option_to_fipshmac.patch
|
||||||
|
Patch3: %{giturl}/commit/3e388ac4eba63b466bf6b14b2088ea44c8a2bfe4.patch#/%{name}-1.1.1-Fix_possible_buffer_overflow_with_strncpy.patch
|
||||||
|
Patch4: %{giturl}/commit/a10e5ff7f8f69e1ed5cd4151f3e71f4783c40c68.patch#/%{name}-1.1.1-test_Be_sure_to_terminate_strncpy_copied_string.patch
|
||||||
|
Patch5: %{giturl}/compare/decf850ab9bb...ec9c36216623.patch#/%{name}-1.1.1-Fix_various_issues_reported_by_Coverity.patch
|
||||||
|
Patch6: %{giturl}/compare/4a1a30f75e70...c9ed6b2c0702.patch#/%{name}-1.1.1-Coverity_PR_follow-up.patch
|
||||||
|
Patch7: %{giturl}/pull/68.patch#/%{name}-1.1.1-test_Fix_AEAD_fuzz_test_for_big-endian_archs.patch
|
||||||
|
Patch8: %{giturl}/pull/70.patch#/%{name}-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch
|
||||||
|
Patch9: %{giturl}/pull/71.patch#/%{name}-1.1.1-test_Allow_running_tests_outside_of_build_environment.patch
|
||||||
|
|
||||||
|
Patch9001: 9001-split-up-huge-string.patch
|
||||||
|
|
||||||
|
%if %{use_clang}
|
||||||
|
BuildRequires: clang
|
||||||
|
%endif
|
||||||
|
BuildRequires: coreutils
|
||||||
|
BuildRequires: cppcheck
|
||||||
|
BuildRequires: docbook-utils-pdf
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: git
|
||||||
|
BuildRequires: hardlink
|
||||||
|
BuildRequires: kernel-headers >= %{min_kernel_ver}
|
||||||
|
BuildRequires: libtool
|
||||||
|
BuildRequires: openssl
|
||||||
|
BuildRequires: perl
|
||||||
|
BuildRequires: systemd
|
||||||
|
BuildRequires: xmlto
|
||||||
|
|
||||||
|
# For ownership of %%{_sysctldir}.
|
||||||
|
Requires: systemd
|
||||||
|
|
||||||
|
Obsoletes: %{name}-replacements <= %{version}-%{release}
|
||||||
|
|
||||||
|
%description
|
||||||
|
libkcapi allows user-space to access the Linux kernel crypto API.
|
||||||
|
|
||||||
|
This library uses the netlink interface and exports easy to use APIs
|
||||||
|
so that a developer does not need to consider the low-level netlink
|
||||||
|
interface handling.
|
||||||
|
|
||||||
|
The library does not implement any cipher algorithms. All consumer
|
||||||
|
requests are sent to the kernel for processing. Results from the
|
||||||
|
kernel crypto API are returned to the consumer via the library API.
|
||||||
|
|
||||||
|
The kernel interface and therefore this library can be used by
|
||||||
|
unprivileged processes.
|
||||||
|
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Development files for the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
Header files for applications that use %{name}.
|
||||||
|
|
||||||
|
|
||||||
|
%package doc
|
||||||
|
Summary: User documentation for the %{name} package
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
%description doc
|
||||||
|
User documentation for %{name}.
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with replace_coreutils}
|
||||||
|
%package checksum
|
||||||
|
Summary: Drop-in replacement for *sum utils provided by the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
Requires: coreutils%{?_isa} >= %{coreutils_evr}
|
||||||
|
|
||||||
|
Conflicts: coreutils < %{coreutils_evr}
|
||||||
|
Conflicts: coreutils-single
|
||||||
|
|
||||||
|
%description checksum
|
||||||
|
Provides drop-in replacements for sha*sum tools (from package
|
||||||
|
coreutils) using %{name}.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with replace_fipscheck}
|
||||||
|
%package fipscheck
|
||||||
|
Summary: Drop-in replacements for fipscheck/fipshmac provided by the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
Obsoletes: fipscheck <= %{fipscheck_evr}
|
||||||
|
|
||||||
|
Provides: fipscheck == %{fipscheck_evr}.1
|
||||||
|
Provides: fipscheck%{?_isa} == %{fipscheck_evr}.1
|
||||||
|
|
||||||
|
%description fipscheck
|
||||||
|
Provides drop-in replacements for fipscheck and fipshmac tools (from
|
||||||
|
package fipscheck) using %{name}.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with replace_hmaccalc}
|
||||||
|
%package hmaccalc
|
||||||
|
Summary: Drop-in replacements for hmaccalc provided by the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
Obsoletes: hmaccalc <= %{hmaccalc_evr}
|
||||||
|
|
||||||
|
Provides: hmaccalc == %{hmaccalc_evr}.1
|
||||||
|
Provides: hmaccalc%{?_isa} == %{hmaccalc_evr}.1
|
||||||
|
|
||||||
|
%description hmaccalc
|
||||||
|
Provides drop-in replacements for sha*hmac tools (from package
|
||||||
|
hmaccalc) using %{name}.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%package static
|
||||||
|
Summary: Static library for -static linking with %{name}
|
||||||
|
Requires: %{name}-devel%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
%description static
|
||||||
|
This package contains the %{name} static libraries for -static
|
||||||
|
linking. You don't need this, unless you link statically, which
|
||||||
|
is highly discouraged.
|
||||||
|
|
||||||
|
|
||||||
|
%package tools
|
||||||
|
Summary: Utility applications for the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
|
||||||
|
%description tools
|
||||||
|
Utility applications that are provided with %{name}. This includes
|
||||||
|
tools to use message digests, symmetric ciphers and random number
|
||||||
|
generators implemented in the Linux kernel from command line.
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with test_package}
|
||||||
|
%package tests
|
||||||
|
Summary: Testing scripts for the %{name} package
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
Requires: %{name}-tools%{?_isa} == %{version}-%{release}
|
||||||
|
%if %{with replace_hmaccalc}
|
||||||
|
Requires: %{name}-hmaccalc%{?_isa} == %{version}-%{release}
|
||||||
|
%endif
|
||||||
|
%if %{with replace_coreutils}
|
||||||
|
Requires: %{name}-checksum%{?_isa} == %{version}-%{release}
|
||||||
|
%endif
|
||||||
|
Requires: coreutils
|
||||||
|
Requires: openssl
|
||||||
|
Requires: perl
|
||||||
|
|
||||||
|
%description tests
|
||||||
|
Auxiliary scripts for testing %{name}.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p 1 -S git
|
||||||
|
|
||||||
|
%if %{with_sysctl_tweak}
|
||||||
|
%{__cat} << EOF > README.%{distroname_ext}
|
||||||
|
This package increases the default limit of the ancillary buffer size
|
||||||
|
per kernel socket defined in \`net.core.optmem_max\` to %{sysctl_optmem_max} bytes.
|
||||||
|
|
||||||
|
For this preset to become active it requires a reboot after the
|
||||||
|
installation of this package. You can also manually increase this
|
||||||
|
limit by invocing \`sysctl net.core.optmem_max=%{sysctl_optmem_max}\` as the
|
||||||
|
super-user, e.g. using \`su\` or \`sudo\` on the terminal.
|
||||||
|
|
||||||
|
This is done to provide consumers of the new Linux Kernel Crypto API
|
||||||
|
User Space Interface a well sufficient and reasonable maximum limit
|
||||||
|
by default, especially when using AIO with a larger amount of IOVECs.
|
||||||
|
|
||||||
|
For further information about the AF_ALG kernel socket and AIO, see
|
||||||
|
the discussion at the kernel-crypto mailing-list:
|
||||||
|
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg30417.html
|
||||||
|
|
||||||
|
See the instructions given in '%{_sysctldir}/50-default.conf',
|
||||||
|
if you need or want to override the preset made by this package.
|
||||||
|
EOF
|
||||||
|
|
||||||
|
%{__cat} << EOF > %{sysctl_prio}-%{name}-optmem_max.conf
|
||||||
|
# See the 'README.%{distroname_ext}' file shipped in %%doc
|
||||||
|
# with the %{name} package.
|
||||||
|
#
|
||||||
|
# See '%{_sysctldir}/50-default.conf',
|
||||||
|
# if you need or want to override this preset.
|
||||||
|
|
||||||
|
# Increase the ancillary buffer size per socket.
|
||||||
|
net.core.optmem_max = %{sysctl_optmem_max}
|
||||||
|
EOF
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%{_bindir}/autoreconf -fiv
|
||||||
|
|
||||||
|
|
||||||
|
%build
|
||||||
|
%configure \
|
||||||
|
--libdir=/%{_lib} \
|
||||||
|
--disable-silent-rules \
|
||||||
|
--enable-kcapi-encapp \
|
||||||
|
--enable-kcapi-dgstapp \
|
||||||
|
--enable-kcapi-hasher \
|
||||||
|
--enable-kcapi-rngapp \
|
||||||
|
--enable-kcapi-speed \
|
||||||
|
--enable-kcapi-test \
|
||||||
|
--enable-shared \
|
||||||
|
--enable-static \
|
||||||
|
--enable-sum-dir=/%{_lib} \
|
||||||
|
--with-pkgconfigdir=%{_libdir}/pkgconfig
|
||||||
|
%make_build all doc
|
||||||
|
|
||||||
|
|
||||||
|
%install
|
||||||
|
%make_install
|
||||||
|
|
||||||
|
# Install sysctl.d preset.
|
||||||
|
%{__mkdir_p} %{buildroot}%{_sysctldir}
|
||||||
|
%{__install} -Dpm 0644 -t %{buildroot}%{_sysctldir} \
|
||||||
|
%{sysctl_prio}-%{name}-optmem_max.conf
|
||||||
|
|
||||||
|
# Install into proper location for inclusion by %%doc.
|
||||||
|
%{__mkdir_p} %{buildroot}%{_pkgdocdir}
|
||||||
|
%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
|
||||||
|
%if %{with_sysctl_tweak}
|
||||||
|
README.%{distroname_ext} \
|
||||||
|
%endif
|
||||||
|
README.md CHANGES TODO doc/%{name}.p{df,s}
|
||||||
|
%{__cp} -pr lib/doc/html %{buildroot}%{_pkgdocdir}
|
||||||
|
|
||||||
|
# Install replacement tools, if enabled.
|
||||||
|
%if !%{with replace_coreutils}
|
||||||
|
%{__rm} -f \
|
||||||
|
%{buildroot}%{_bindir}/md5sum \
|
||||||
|
%{buildroot}%{_bindir}/sha*sum
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if !%{with replace_fipscheck}
|
||||||
|
%{__rm} -f %{buildroot}%{_bindir}/fips*
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if !%{with replace_hmaccalc}
|
||||||
|
%{__rm} -f %{buildroot}%{_bindir}/sha*hmac
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# We don't ship autocrap dumplings.
|
||||||
|
%{_bindir}/find %{buildroot} -type f -name '*.la' -print -delete
|
||||||
|
|
||||||
|
# HMAC checksums are generated during __spec_install_post.
|
||||||
|
%{_bindir}/find %{buildroot} -type f -name '*.hmac' -print -delete
|
||||||
|
|
||||||
|
# Remove 0-size files.
|
||||||
|
%{_bindir}/find %{buildroot} -type f -size 0 -print -delete
|
||||||
|
|
||||||
|
# Make sure all docs have non-exec permissions, except for the dirs.
|
||||||
|
%{_bindir}/find %{buildroot}%{_pkgdocdir} -type f -print | \
|
||||||
|
%{_bindir}/xargs %{__chmod} -c 0644
|
||||||
|
%{_bindir}/find %{buildroot}%{_pkgdocdir} -type d -print | \
|
||||||
|
%{_bindir}/xargs %{__chmod} -c 0755
|
||||||
|
|
||||||
|
# Possibly save some space by hardlinking.
|
||||||
|
for d in %{_mandir} %{_pkgdocdir}; do
|
||||||
|
%{_sbindir}/hardlink -cfv %{buildroot}$d
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
%check
|
||||||
|
# Some basic sanity checks.
|
||||||
|
%make_build cppcheck
|
||||||
|
%if %{use_clang}
|
||||||
|
%make_build scan
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# On some arches `/proc/sys/net/core/optmem_max` is lower than 20480,
|
||||||
|
# which is the lowest limit needed to run the testsuite. If that limit
|
||||||
|
# is not met, we do not run it.
|
||||||
|
%if %{test_optmem_max} >= 20480
|
||||||
|
# Real testsuite.
|
||||||
|
pushd test
|
||||||
|
# Ignore test result since the CI will do better testing anyway
|
||||||
|
NO_32BIT_TEST=1 \
|
||||||
|
./test-invocation.sh || true
|
||||||
|
popd
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%ldconfig_scriptlets
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%doc %dir %{_pkgdocdir}
|
||||||
|
%doc %{_pkgdocdir}/README.md
|
||||||
|
%license COPYING*
|
||||||
|
/%{_lib}/%{name}.so.%{vmajor}
|
||||||
|
/%{_lib}/%{name}.so.%{version}
|
||||||
|
/%{_lib}/fipscheck/%{name}.so.%{vmajor}.hmac
|
||||||
|
/%{_lib}/fipscheck/%{name}.so.%{version}.hmac
|
||||||
|
%if %{with_sysctl_tweak}
|
||||||
|
%doc %{_pkgdocdir}/README.%{distroname_ext}
|
||||||
|
%{_sysctldir}/%{sysctl_prio}-%{name}-optmem_max.conf
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%doc %{_pkgdocdir}/CHANGES
|
||||||
|
%doc %{_pkgdocdir}/TODO
|
||||||
|
%{_includedir}/kcapi.h
|
||||||
|
%{_mandir}/man3/kcapi_*.3.*
|
||||||
|
/%{_lib}/%{name}.so
|
||||||
|
%{_libdir}/pkgconfig/%{name}.pc
|
||||||
|
|
||||||
|
|
||||||
|
%files doc
|
||||||
|
%doc %{_pkgdocdir}
|
||||||
|
%license %{_datadir}/licenses/%{name}*
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with replace_coreutils}
|
||||||
|
%files checksum
|
||||||
|
%{_bindir}/md5sum
|
||||||
|
%{_bindir}/sha*sum
|
||||||
|
/%{_lib}/fipscheck/md5sum.hmac
|
||||||
|
/%{_lib}/fipscheck/sha*sum.hmac
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with replace_fipscheck}
|
||||||
|
%files fipscheck
|
||||||
|
%{_bindir}/fips*
|
||||||
|
/%{_lib}/fipscheck/fips*.hmac
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{with replace_hmaccalc}
|
||||||
|
%files hmaccalc
|
||||||
|
%{_bindir}/sha*hmac
|
||||||
|
/%{_lib}/hmaccalc/sha*hmac.hmac
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%files static
|
||||||
|
/%{_lib}/%{name}.a
|
||||||
|
|
||||||
|
|
||||||
|
%files tools
|
||||||
|
%{_bindir}/kcapi*
|
||||||
|
%{_mandir}/man1/kcapi*.1.*
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with test_package}
|
||||||
|
%files tests
|
||||||
|
%{_libexecdir}/%{name}/*
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-16_1
|
||||||
|
- [RHEL] Apply 'Add missing dependencies to the tests package'
|
||||||
|
- [RHEL] Apply 'Update patch from upstream'
|
||||||
|
|
||||||
|
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-16
|
||||||
|
- Add missing dependencies to the tests package
|
||||||
|
- Update patch from upstream
|
||||||
|
|
||||||
|
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-15_1
|
||||||
|
- [RHEL] Apply 'Build and tests require perl'
|
||||||
|
|
||||||
|
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-15
|
||||||
|
- Build and tests require perl
|
||||||
|
|
||||||
|
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-14_2
|
||||||
|
- [RHEL] Re-enable AEAD tests and ignore test result
|
||||||
|
- [RHEL] Drop the ppc64 ignore-failures workaround
|
||||||
|
|
||||||
|
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-14_1
|
||||||
|
- [RHEL] Apply 'Add missing script to the 'tests' package'
|
||||||
|
|
||||||
|
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-14
|
||||||
|
- Add missing script to the 'tests' package
|
||||||
|
|
||||||
|
* Wed Aug 08 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-13_1
|
||||||
|
- [RHEL] Sync with the Fedora branch
|
||||||
|
|
||||||
|
* Wed Aug 08 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-13
|
||||||
|
- Add missing requires to the 'tests' subpackage
|
||||||
|
|
||||||
|
* Wed Aug 08 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-12_1
|
||||||
|
- [RHEL] Sync with the Fedora branch
|
||||||
|
|
||||||
|
* Tue Aug 07 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-12
|
||||||
|
- Produce a subpackage with test scripts
|
||||||
|
- Build the 'tests' subpackage conditionally
|
||||||
|
|
||||||
|
* Wed Aug 01 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-11_1
|
||||||
|
- [RHEL] Sync with the Fedora branch
|
||||||
|
|
||||||
|
* Wed Aug 01 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-11
|
||||||
|
- Add patch to fix unwanted closing of FD 0
|
||||||
|
|
||||||
|
* Tue Jul 31 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-10
|
||||||
|
- Remove the kernel headers workaround
|
||||||
|
|
||||||
|
* Mon Jul 30 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-9_1
|
||||||
|
- [RHEL] Sync with the Fedora branch
|
||||||
|
- [RHEL] Rebase the disable-AEAD-tests patch
|
||||||
|
|
||||||
|
* Fri Jul 27 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.1.1-9
|
||||||
|
- Rebuild for new binutils
|
||||||
|
|
||||||
|
* Fri Jul 27 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-8
|
||||||
|
- Add more Coverity fixes from upstream
|
||||||
|
- Add patch to fix AEAD fuzz test for BE arches
|
||||||
|
- Fixup specfile
|
||||||
|
|
||||||
|
* Mon Jul 23 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-7_1
|
||||||
|
- [RHEL] Sync with the Fedora branch
|
||||||
|
- [RHEL] Fixup specfile
|
||||||
|
- [RHEL] Rebase the disable-AEAD-tests patch
|
||||||
|
|
||||||
|
* Mon Jul 23 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-7
|
||||||
|
- Add various fixes from upstream
|
||||||
|
- Drop the Requires on kernel package
|
||||||
|
|
||||||
|
* Wed Jul 18 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-3_2
|
||||||
|
- [RHEL] Temporarily disable AEAD tests
|
||||||
|
|
||||||
|
* Mon Jul 16 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-6
|
||||||
|
- Put .hmac files into a separate directory
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.1-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 12 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-4
|
||||||
|
- Add patch to work around FTBFS on rawhide
|
||||||
|
|
||||||
|
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-3_1
|
||||||
|
- [RHEL] Sync with the Fedora branch
|
||||||
|
|
||||||
|
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-3
|
||||||
|
- Fix off-by-one error in checkfile parsing
|
||||||
|
|
||||||
|
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-2_2
|
||||||
|
- [RHEL] Disable fuzz test
|
||||||
|
|
||||||
|
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-2_1
|
||||||
|
- [RHEL] Sync with the Fedora branch
|
||||||
|
|
||||||
|
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-2
|
||||||
|
- Fix command-line parsing in libkcapi-hmaccalc
|
||||||
|
|
||||||
|
* Tue Jul 10 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-1_2
|
||||||
|
- [RHEL] Work around build failure with new kernel headers
|
||||||
|
|
||||||
|
* Mon Jun 18 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-1_1
|
||||||
|
- [RHEL] Skip CLang static analysis
|
||||||
|
- [RHEL] Remove the dependency on kernel package
|
||||||
|
|
||||||
|
* Mon Jun 18 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-1
|
||||||
|
- Update to upstream version 1.1.1
|
||||||
|
|
||||||
|
* Wed May 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-5
|
||||||
|
- Skip CLang static analysis in RHEL
|
||||||
|
- Revert "Skip CLang static analysis in RHEL"
|
||||||
|
- Use own sha512hmac and fipscheck
|
||||||
|
|
||||||
|
* Wed May 02 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-4
|
||||||
|
- Fix description lines being too long
|
||||||
|
|
||||||
|
* Fri Apr 27 2018 Björn Esser <besser82@fedoraproject.org> - 1.1.0-3
|
||||||
|
- Fix conditional for hmaccalc replacement
|
||||||
|
|
||||||
|
* Mon Apr 16 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-2
|
||||||
|
- Enable hmaccalc replacements in Fedora 28+
|
||||||
|
|
||||||
|
* Thu Apr 12 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-1
|
||||||
|
- Update to upstream version 1.1.0
|
||||||
|
|
||||||
|
* Sat Mar 31 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-10
|
||||||
|
- Replace single patches with a monolitic one from upstream
|
||||||
|
- Obsolete replacements subpackage
|
||||||
|
- Ignore failing tests on %%{power64} temporarily
|
||||||
|
|
||||||
|
* Thu Mar 08 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.0.3-9
|
||||||
|
- Split up the replacements subpackage
|
||||||
|
|
||||||
|
* Mon Feb 26 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-8
|
||||||
|
- Increase optmem_max preset to 81920
|
||||||
|
|
||||||
|
* Mon Feb 26 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-7
|
||||||
|
- Obsoletes work by package name, not by provides (rhbz#1537225)
|
||||||
|
|
||||||
|
* Sun Feb 25 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-6
|
||||||
|
- Add patch to fix a copy-paste typo
|
||||||
|
|
||||||
|
* Sat Feb 17 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-5
|
||||||
|
- Add patch to fix build with -Werror
|
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org>
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Feb 04 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-3
|
||||||
|
- Switch to %%ldconfig_scriptlets
|
||||||
|
|
||||||
|
* Wed Jan 17 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-2
|
||||||
|
- Decrease optmem_max preset to 40960
|
||||||
|
- Let the build fail, if the minimum kernel version cannot be met
|
||||||
|
- Conditionalize the sysctl.d tweak on version of the kernel
|
||||||
|
- Conditionalize the name of README.distro on the distro
|
||||||
|
|
||||||
|
* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-1
|
||||||
|
- Initial import (rhbz#1533929)
|
||||||
|
|
||||||
|
* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.13
|
||||||
|
- Increase optmem_max preset to 81920
|
||||||
|
|
||||||
|
* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.12
|
||||||
|
- Add sysctl.d preset and README.fedora
|
||||||
|
|
||||||
|
* Mon Jan 15 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.11
|
||||||
|
- Make the contents of the -replacements package configurable
|
||||||
|
|
||||||
|
* Mon Jan 15 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.10
|
||||||
|
- Fix Obsoletes of the -replacements package
|
||||||
|
|
||||||
|
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.9
|
||||||
|
- Disable the -replacements package until we have a plan for it
|
||||||
|
|
||||||
|
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.8
|
||||||
|
- Move the kcapi-hasher binary to -replacements package, since it is
|
||||||
|
not of much use without the linked invocation names and saves the
|
||||||
|
extra Requires on the -tools package
|
||||||
|
|
||||||
|
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.7
|
||||||
|
- Fix internal Requires of sub-packages
|
||||||
|
- Hardlink files in %%{_bindir}
|
||||||
|
|
||||||
|
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.6
|
||||||
|
- Add patches from upstream
|
||||||
|
|
||||||
|
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.5
|
||||||
|
- Add patches from upstream
|
||||||
|
|
||||||
|
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.4
|
||||||
|
- Asume the testsuite cannot be run, if the value of optmem_max cannot
|
||||||
|
be obtained
|
||||||
|
|
||||||
|
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.3
|
||||||
|
- Move libraries to /%%{_lib} instead of %%{_libdir}, which is useful
|
||||||
|
during boot when the library might be needed before a potentially
|
||||||
|
seperate /usr partition is mounted
|
||||||
|
|
||||||
|
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.2
|
||||||
|
- Asume optmem_max is at least 20480, if the real value cannot be obtained
|
||||||
|
|
||||||
|
* Fri Jan 12 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
|
* Wed Jan 10 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.2-0.1
|
||||||
|
- Initial rpm release (rhbz#1533929)
|
Loading…
Reference in New Issue
Block a user