import libkcapi-1.1.1-16_1.el8

This commit is contained in:
CentOS Sources 2019-05-07 05:31:19 -04:00 committed by Andrew Lukoshko
commit 247b44521e
15 changed files with 5268 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/libkcapi-1.1.1.tar.xz

1
.libkcapi.metadata Normal file
View File

@ -0,0 +1 @@
688085e96a576a7de0c8f6b58a93dc7364e6318a SOURCES/libkcapi-1.1.1.tar.xz

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,272 @@
From f24f3435be39cab2aa54a49d31968a023ab6d1d5 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Thu, 26 Jul 2018 14:09:27 +0200
Subject: [PATCH 1/3] kcapi-kdf: Clear the whole out buffer on error
The KDF functions were decrementing the output length variable in the
loop, but on error they would clear the output buffer based on this
decremented value. This patch backs up the original length and uses it
when clearing the output buffer.
The kcapi_pbkdf() function also used an incremented output buffer
pointer. This one is now also backed-up and the original value is used
when clearing the output.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kdf.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
index 78a7e0d..6eccbe1 100644
--- a/lib/kcapi-kdf.c
+++ b/lib/kcapi-kdf.c
@@ -99,6 +99,7 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle,
uint32_t h = kcapi_md_digestsize(handle);
int32_t err = 0;
uint8_t *dst_orig = dst;
+ uint32_t dlen_orig = dlen;
uint8_t Ai[h];
uint32_t i = 1;
@@ -161,7 +162,7 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle,
return 0;
err:
- kcapi_memset_secure(dst_orig, 0, dlen);
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
kcapi_memset_secure(Ai, 0, h);
return err;
}
@@ -174,6 +175,7 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle,
uint32_t h = kcapi_md_digestsize(handle);
int32_t err = 0;
uint8_t *dst_orig = dst;
+ uint32_t dlen_orig = dlen;
const uint8_t *label;
uint32_t labellen = 0;
uint32_t i = 1;
@@ -238,7 +240,7 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle,
return 0;
err:
- kcapi_memset_secure(dst_orig, 0, dlen);
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
return err;
}
@@ -250,6 +252,7 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle,
uint32_t h = kcapi_md_digestsize(handle);
int32_t err = 0;
uint8_t *dst_orig = dst;
+ uint32_t dlen_orig = dlen;
uint32_t i = 1;
if (dlen > INT_MAX)
@@ -295,7 +298,7 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle,
return 0;
err:
- kcapi_memset_secure(dst_orig, 0, dlen);
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
return err;
}
@@ -316,6 +319,7 @@ int32_t kcapi_hkdf(const char *hashname,
uint8_t *prev = NULL;
int32_t err = 0;
uint8_t *dst_orig = dst;
+ uint32_t dlen_orig = dlen;
uint8_t ctr = 0x01;
struct kcapi_handle *handle = NULL;
@@ -415,7 +419,7 @@ int32_t kcapi_hkdf(const char *hashname,
goto out;
err:
- kcapi_memset_secure(dst_orig, 0, dlen);
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
out:
kcapi_memset_secure(prk_tmp, 0, h);
kcapi_md_destroy(handle);
@@ -552,6 +556,8 @@ int32_t kcapi_pbkdf(const char *hashname,
uint8_t *key, uint32_t keylen)
{
struct kcapi_handle *handle;
+ uint8_t *key_orig = key;
+ uint32_t keylen_orig = keylen;
uint32_t h, i = 1;
#define MAX_DIGESTSIZE 64
uint8_t u[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t))));
@@ -633,7 +639,7 @@ int32_t kcapi_pbkdf(const char *hashname,
err:
kcapi_memset_secure(u, 0, h);
if (err)
- kcapi_memset_secure(key, 0, keylen);
+ kcapi_memset_secure(key_orig, 0, keylen_orig);
kcapi_md_destroy(handle);
return err;
From eacb82b193a94d46d2ea70c621176d79a5486008 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Thu, 26 Jul 2018 14:12:51 +0200
Subject: [PATCH 2/3] kcapi-kdf: Simplify handling of final blocks
This patch avoids the use of temporary buffers when handling the last
block in the KDF functions, taking advantage of the fact that
kcapi_md_final() can be used to retrieve also a truncated hash directly.
The new code no longer produces a false-positive warning with CLang
static analysis, so the workaround (which Coverity identifies as
unreachable code) can be removed.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kdf.c | 43 +++++++++----------------------------------
1 file changed, 9 insertions(+), 34 deletions(-)
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
index 6eccbe1..afa6eb3 100644
--- a/lib/kcapi-kdf.c
+++ b/lib/kcapi-kdf.c
@@ -140,13 +140,9 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle,
}
if (dlen < h) {
- uint8_t tmpbuffer[h];
-
- err = kcapi_md_final(handle, tmpbuffer, h);
+ err = kcapi_md_final(handle, dst, dlen);
if (err < 0)
goto err;
- memcpy(dst, tmpbuffer, dlen);
- kcapi_memset_secure(tmpbuffer, 0, h);
dlen = 0;
} else {
err = kcapi_md_final(handle, dst, h);
@@ -219,14 +215,10 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle,
}
if (dlen < h) {
- uint8_t tmpbuffer[h];
-
- err = kcapi_md_final(handle, tmpbuffer, h);
+ err = kcapi_md_final(handle, dst, dlen);
if (err < 0)
goto err;
- memcpy(dst, tmpbuffer, dlen);
- kcapi_memset_secure(tmpbuffer, 0, h);
- return 0;
+ dlen = 0;
} else {
err = kcapi_md_final(handle, dst, h);
if (err < 0)
@@ -276,14 +268,10 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle,
}
if (dlen < h) {
- uint8_t tmpbuffer[h];
-
- err = kcapi_md_final(handle, tmpbuffer, h);
+ err = kcapi_md_final(handle, dst, dlen);
if (err < 0)
goto err;
- memcpy(dst, tmpbuffer, dlen);
- kcapi_memset_secure(tmpbuffer, 0, h);
- return 0;
+ dlen = 0;
} else {
err = kcapi_md_final(handle, dst, h);
if (err < 0)
@@ -392,16 +380,10 @@ int32_t kcapi_hkdf(const char *hashname,
goto err;
if (dlen < h) {
- err = kcapi_md_final(handle, prk_tmp, h);
+ err = kcapi_md_final(handle, dst, dlen);
if (err < 0)
goto err;
- /* Shut up Clang */
- if (!dst) {
- err = -EFAULT;
- goto err;
- }
- memcpy(dst, prk_tmp, dlen);
dlen = 0;
} else {
err = kcapi_md_final(handle, dst, h);
@@ -561,8 +543,6 @@ int32_t kcapi_pbkdf(const char *hashname,
uint32_t h, i = 1;
#define MAX_DIGESTSIZE 64
uint8_t u[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t))));
- uint8_t T[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t)))) =
- { 0 };
int32_t err = 0;
if (keylen > INT_MAX)
@@ -617,17 +597,12 @@ int32_t kcapi_pbkdf(const char *hashname,
if (err < 0)
goto err;
- if (keylen < h)
- kcapi_xor_64_aligned(T, u, h);
- else
- kcapi_xor_64(key, u, h);
+ kcapi_xor_64(key, u, keylen < h ? keylen : h);
}
- if (keylen < h) {
- memcpy(key, T, keylen);
- kcapi_memset_secure(T, 0, keylen);
+ if (keylen < h)
keylen = 0;
- } else {
+ else {
keylen -= h;
key += h;
i++;
From c9ed6b2c07026e9bafd99e6c288cfbd175fd237f Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Thu, 26 Jul 2018 14:28:53 +0200
Subject: [PATCH 3/3] kcapi-kdf: Fix unused function warning on 32-bit
The kcapi_xor_64_aligned() is now unused when compiling in 32-bit mode,
so we need to define it only in the 64-bit case, otherwise the build
fails under CLang due to an usnused function warning.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kdf.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
index afa6eb3..a219d63 100644
--- a/lib/kcapi-kdf.c
+++ b/lib/kcapi-kdf.c
@@ -503,10 +503,10 @@ static inline void kcapi_xor_32(uint8_t *dst, const uint8_t *src, uint32_t size)
kcapi_xor_8(dst, src, size);
}
+#ifdef __LP64__
static inline void kcapi_xor_64_aligned(uint8_t *dst, const uint8_t *src,
uint32_t size)
{
-#ifdef __LP64__
uint64_t *dst_dword = (uint64_t *)dst;
uint64_t *src_dword = (uint64_t *)src;
@@ -514,10 +514,8 @@ static inline void kcapi_xor_64_aligned(uint8_t *dst, const uint8_t *src,
*dst_dword++ ^= *src_dword++;
kcapi_xor_32_aligned((uint8_t *)dst_dword, (uint8_t *)src_dword, size);
-#else
- kcapi_xor_32_aligned(dst, src, size);
-#endif
}
+#endif
static inline void kcapi_xor_64(uint8_t *dst, const uint8_t *src, uint32_t size)
{

View File

@ -0,0 +1,47 @@
From 3e388ac4eba63b466bf6b14b2088ea44c8a2bfe4 Mon Sep 17 00:00:00 2001
From: Krzysztof Kozlowski <krzk@kernel.org>
Date: Thu, 12 Jul 2018 18:13:16 +0200
Subject: [PATCH] Fix possible buffer overflow with strncpy and
-Wstringop-truncation warning
If valid cipher name (to which netlink socket was bound) is longer than
CRYPTO_MAX_ALG_NAME defined in lib/cryptouser.h, then the strncpy() will
try to copy length of this cipher name into smaller buffer.
In libkcapi the CRYPTO_MAX_ALG_NAME (thus the size of the buffer) is
defined as 64 but since commit f437a3f477cc ("crypto: api - Extend
algorithm name limit to 128 bytes") in Linux kernel (v4.12), the kernel
defines it as 128.
It is error-prone to use source buffer length as limit of dst buffer.
Instead choose sizeof(dst buffer).
This also fixes the warning with GCC v8.1.0:
lib/kcapi-kernel-if.c: In function '__kcapi_common_getinfo.isra.2':
lib/kcapi-kernel-if.c:632:3: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
strncpy(req.cru.cru_name, ciphername, strlen(ciphername));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kernel-if.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
index 2481f8a..807cbfe 100644
--- a/lib/kcapi-kernel-if.c
+++ b/lib/kcapi-kernel-if.c
@@ -627,9 +627,9 @@ static int __kcapi_common_getinfo(struct kcapi_handle *handle,
if (drivername)
strncpy(req.cru.cru_driver_name, ciphername,
- strlen(ciphername));
+ sizeof(req.cru.cru_driver_name) - 1);
else
- strncpy(req.cru.cru_name, ciphername, strlen(ciphername));
+ strncpy(req.cru.cru_name, ciphername, sizeof(req.cru.cru_name) - 1);
/* talk to netlink socket */
sd = socket(AF_NETLINK, SOCK_RAW, NETLINK_CRYPTO);

View File

@ -0,0 +1,801 @@
From 633569b273d63244fccf1a1e65acc8c8252c2f48 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:39:32 +0200
Subject: [PATCH 01/16] apps: Check return code of fstat()
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
apps/app-internal.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/apps/app-internal.c b/apps/app-internal.c
index 25cef80..e80c304 100644
--- a/apps/app-internal.c
+++ b/apps/app-internal.c
@@ -255,7 +255,12 @@ int read_complete(int fd, uint8_t *buf, uint32_t buflen)
int check_filetype(int fd, struct stat *sb, const char *filename)
{
- fstat(fd, sb);
+ int ret = fstat(fd, sb);
+ if (ret) {
+ dolog(KCAPI_LOG_ERR,
+ "fstat() failed: %s", strerror(errno));
+ return -errno;
+ }
/* Do not return an error in case we cannot validate the data. */
if ((sb->st_mode & S_IFMT) != S_IFREG &&
From bb1685801cf3f2c94c4591808a1a8499147b0249 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:45:48 +0200
Subject: [PATCH 02/16] kcapi-hasher: Fix strerror() call
strerror() expects a nonnegative error number. Here we can just pass
errno instead of decoding the error from the return value of read().
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
apps/kcapi-hasher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 2fc3ddc..5769502 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -227,7 +227,7 @@ static int load_file(const char *filename, uint8_t **memory, uint32_t *size)
while ((rdbytes = read(fd, buffer + offset, buffer_size - offset)) != 0) {
if (rdbytes < 0) {
fprintf(stderr, "Error reading file %s: %s\n", filename,
- strerror((int)rdbytes));
+ strerror(errno));
ret = -EIO;
goto out;
}
From fadc3f42bbd44bd78f78f58c935ae7126b6eb2ce Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:50:36 +0200
Subject: [PATCH 03/16] kcapi-hasher: Fix fd leak in load_file()
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
apps/kcapi-hasher.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 5769502..52fca78 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -258,6 +258,8 @@ static int load_file(const char *filename, uint8_t **memory, uint32_t *size)
*memory = buffer;
*size = (uint32_t)offset;
+
+ close(fd);
return 0;
out:
From 5ee2bc94de5e70703ed6ad288b3c664a1cff4fcf Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:53:13 +0200
Subject: [PATCH 04/16] kcapi-hasher: Fix buffer overrun in process_checkfile()
The 'buf[(bsd_style - 4)]' access on line 593 can overrun the buffer if
bsd_style is exactly 3, which can theoretically happen if the BSD-style
separator is found at the very beginning of the line. Fix this by
starting to search for the separator at index 1 (it can't really be at
index 0 anyway).
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
apps/kcapi-hasher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 52fca78..daab735 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -544,7 +544,7 @@ static int process_checkfile(const struct hash_params *params,
break;
}
- for (i = 0; i < linelen; i++) {
+ for (i = 1; i < linelen; i++) {
/*
* Check for BSD-style separator between file name and
* hash value.
From 1520fca1f9b2231bcb5101eab32e8e859b33a66c Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:05:45 +0200
Subject: [PATCH 05/16] docproc: Use correct sizeof() argument for clarity
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/doc/bin/docproc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c
index 4e52c1b..2313592 100644
--- a/lib/doc/bin/docproc.c
+++ b/lib/doc/bin/docproc.c
@@ -154,7 +154,8 @@ int symfilecnt = 0;
static void add_new_symbol(struct symfile *sym, char * symname)
{
sym->symbollist =
- realloc(sym->symbollist, (sym->symbolcnt + 1) * sizeof(char *));
+ realloc(sym->symbollist,
+ (sym->symbolcnt + 1) * sizeof(struct symbols));
sym->symbollist[sym->symbolcnt++].name = strdup(symname);
}
From ed6c64434d42ba43efd839d4b0c693623442968f Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:09:44 +0200
Subject: [PATCH 06/16] docproc: Fail early on malloc/realloc failures
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/doc/bin/docproc.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c
index 2313592..9a0a931 100644
--- a/lib/doc/bin/docproc.c
+++ b/lib/doc/bin/docproc.c
@@ -156,6 +156,10 @@ static void add_new_symbol(struct symfile *sym, char * symname)
sym->symbollist =
realloc(sym->symbollist,
(sym->symbolcnt + 1) * sizeof(struct symbols));
+ if (!sym->symbollist) {
+ perror("realloc");
+ exit(1);
+ }
sym->symbollist[sym->symbolcnt++].name = strdup(symname);
}
@@ -391,12 +395,20 @@ static void find_all_symbols(char *filename)
default:
close(pipefd[1]);
data = malloc(4096);
+ if (!data) {
+ perror("malloc");
+ exit(1);
+ }
do {
while ((ret = read(pipefd[0],
data + data_len,
4096)) > 0) {
data_len += ret;
data = realloc(data, data_len + 4096);
+ if (!data) {
+ perror("realloc");
+ exit(1);
+ }
}
} while (ret == -EAGAIN);
if (ret != 0) {
@@ -421,6 +433,10 @@ static void find_all_symbols(char *filename)
start = all_list_len;
all_list_len += count;
all_list = realloc(all_list, sizeof(char *) * all_list_len);
+ if (!all_list) {
+ perror("realloc");
+ exit(1);
+ }
str = data;
for (i = 0; i < (int)data_len && start != all_list_len; i++) {
if (data[i] == '\0') {
From 1beccc4fa0af3ce57e0ff21d42907e774c4eb8fe Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:15:36 +0200
Subject: [PATCH 07/16] cryptoperf: Fix check of return value of open()
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
speed-test/cryptoperf-base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/speed-test/cryptoperf-base.c b/speed-test/cryptoperf-base.c
index 55cd7ea..b564e19 100644
--- a/speed-test/cryptoperf-base.c
+++ b/speed-test/cryptoperf-base.c
@@ -179,7 +179,7 @@ int cp_read_random(unsigned char *buf, size_t buflen)
size_t len = 0;
fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
- if(0 >= fd)
+ if(0 > fd)
return fd;
do {
ret = read(fd, (buf + len), (buflen - len));
From d41a21125e72e9ad611451bb9753489a1f96af5e Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:30:01 +0200
Subject: [PATCH 08/16] cryptoperf: Fix buffer overrun in cp_print_status()
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
speed-test/cryptoperf-base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/speed-test/cryptoperf-base.c b/speed-test/cryptoperf-base.c
index b564e19..c56c2ce 100644
--- a/speed-test/cryptoperf-base.c
+++ b/speed-test/cryptoperf-base.c
@@ -159,7 +159,7 @@ char *cp_print_status(struct cp_test *test, int raw)
memset(byteseconds, 0, sizeof(byteseconds));
cp_bytes2string((processed_bytes / totaltime), byteseconds,
- (VALLEN + 1));
+ VALLEN);
snprintf(str, 120, "%-24s|%s|%8lu bytes|%*s/s|%lu ops/s",
test->testname,
test->enc ? "e" : "d",
From 5d17c564f7edae17b355f8cec7fa4c9685b10422 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 10:05:50 +0200
Subject: [PATCH 09/16] test/cryptoperf: Check the return value of sysconf()
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
speed-test/cryptoperf-aead.c | 10 ++++++--
speed-test/cryptoperf-skcipher.c | 8 +++++-
test/kcapi-main.c | 53 +++++++++++++++++++---------------------
3 files changed, 40 insertions(+), 31 deletions(-)
diff --git a/speed-test/cryptoperf-aead.c b/speed-test/cryptoperf-aead.c
index b2c0010..5a0446a 100644
--- a/speed-test/cryptoperf-aead.c
+++ b/speed-test/cryptoperf-aead.c
@@ -36,6 +36,12 @@ static int cp_aead_init_test(struct cp_test *test, int enc, int ccm)
unsigned char ivrand[MAX_KEYLEN];
unsigned char *ivdata = NULL;
uint32_t ivlen = 0;
+ long pagesize = sysconf(_SC_PAGESIZE);
+
+ if (pagesize < 0) {
+ printf(DRIVER_NAME": unable to determine the page size\n");
+ return -errno;
+ }
dbg("Initializing AEAD test %s\n", test->testname);
if (!test->driver_name) {
@@ -97,14 +103,14 @@ static int cp_aead_init_test(struct cp_test *test, int enc, int ccm)
test->u.aead.assoclen, TAGLEN);
}
- if (posix_memalign((void *)&input, sysconf(_SC_PAGESIZE),
+ if (posix_memalign((void *)&input, pagesize,
test->u.aead.indatalen *
(params->aio ? params->aio : 1))) {
printf(DRIVER_NAME": could not allocate input buffer for "
"%s\n", test->driver_name);
goto out;
}
- if (posix_memalign((void *)&output, sysconf(_SC_PAGESIZE),
+ if (posix_memalign((void *)&output, pagesize,
test->u.aead.outdatalen *
(params->aio ? params->aio : 1))) {
printf(DRIVER_NAME": could not allocate output buffer for "
diff --git a/speed-test/cryptoperf-skcipher.c b/speed-test/cryptoperf-skcipher.c
index a2db369..fb7123b 100644
--- a/speed-test/cryptoperf-skcipher.c
+++ b/speed-test/cryptoperf-skcipher.c
@@ -34,6 +34,12 @@ static int cp_skcipher_init_test(struct cp_test *test)
unsigned char *ivdata = NULL;
unsigned int bs;
int err;
+ long pagesize = sysconf(_SC_PAGESIZE);
+
+ if (pagesize < 0) {
+ printf(DRIVER_NAME": unable to determine the page size\n");
+ return -errno;
+ }
dbg("Initializing symmetric test %s\n", test->testname);
if (!test->driver_name) {
@@ -75,7 +81,7 @@ static int cp_skcipher_init_test(struct cp_test *test)
cp_read_random(ivdata, kcapi_cipher_blocksize(test->u.skcipher.handle));
test->u.skcipher.iv = ivdata;
- err = posix_memalign((void *)&scratchpad, sysconf(_SC_PAGESIZE),
+ err = posix_memalign((void *)&scratchpad, pagesize,
kcapi_cipher_blocksize(test->u.skcipher.handle) * params->len *
(params->aio ? params->aio : 1));
if (err) {
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index c167b7f..b0ec2ca 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -86,6 +86,8 @@ struct kcapi_cavs {
uint32_t outlen;
};
+static long pagesize;
+
static char hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
static char hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7',
@@ -808,8 +810,7 @@ static int cavs_sym(struct kcapi_cavs *cavs_test, uint32_t loops,
outbuflen = cavs_test->ctlen;
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- outbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
goto out;
memset(outbuf, 0, outbuflen);
} else {
@@ -918,12 +919,10 @@ static int cavs_sym_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
outbuflen = cavs_test->ctlen;
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- outbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
goto out;
memset(outbuf, 0, outbuflen);
- if (posix_memalign((void *)&outbuf2, sysconf(_SC_PAGESIZE),
- outbuflen))
+ if (posix_memalign((void *)&outbuf2, pagesize, outbuflen))
goto out;
memset(outbuf2, 0, outbuflen);
} else {
@@ -1072,7 +1071,7 @@ static int cavs_sym_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
return -ENOMEM;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), outbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
goto out;
memset(outbuf, 0, outbuflen);
} else {
@@ -1241,7 +1240,7 @@ static int cavs_aead(struct kcapi_cavs *cavs_test, uint32_t loops,
fullbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), fullbuflen))
+ if (posix_memalign((void *)&inbuf, pagesize, fullbuflen))
goto out;
memset(inbuf, 0, fullbuflen);
} else {
@@ -1425,8 +1424,7 @@ static int cavs_aead_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
maxbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE),
- loops * maxbuflen))
+ if (posix_memalign((void *)&inbuf, pagesize, loops * maxbuflen))
goto out;
memset(inbuf, 0, loops * maxbuflen);
} else {
@@ -1596,7 +1594,7 @@ static int cavs_aead_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
maxbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), maxbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, maxbuflen))
goto out;
memset(outbuf, 0, maxbuflen);
} else {
@@ -1830,9 +1828,9 @@ static int cavs_aead_large(int stream, uint32_t loops, int splice)
test.keylen = len / 2;
len = strlen(aad);
- if (posix_memalign((void *)&test.assoc, sysconf(_SC_PAGESIZE), (16 * sysconf(_SC_PAGESIZE))))
+ if (posix_memalign((void *)&test.assoc, pagesize, (16 * pagesize)))
goto out;
- hex2bin(aad, len, test.assoc, (sysconf(_SC_PAGESIZE) * 16));
+ hex2bin(aad, len, test.assoc, (pagesize * 16));
test.assoclen = len / 2;
test.taglen = 16;
@@ -2052,8 +2050,7 @@ static int cavs_asym(struct kcapi_cavs *cavs_test, uint32_t loops,
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- maxsize))
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize))
goto out;
memset(outbuf, 0, maxsize);
} else {
@@ -2164,11 +2161,10 @@ static int cavs_asym_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- maxsize * loops))
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize * loops))
goto out;
memset(outbuf, 0, maxsize * loops);
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE),
+ if (posix_memalign((void *)&inbuf, pagesize,
cavs_test->ptlen * loops))
goto out;
memset(outbuf, 0, cavs_test->ptlen * loops);
@@ -2294,10 +2290,10 @@ static int cavs_asym_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), maxsize * NUMIOVECS))
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize * NUMIOVECS))
goto out;
memset(outbuf, 0, maxsize);
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), inbuflen))
+ if (posix_memalign((void *)&inbuf, pagesize, inbuflen))
goto out;
memset(inbuf, 0, inbuflen);
} else {
@@ -2489,8 +2485,7 @@ static int cavs_kdf_common(struct kcapi_cavs *cavs_test, uint32_t loops)
uint32_t i = 0;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- cavs_test->outlen))
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
return -ENOMEM;
memset(outbuf, 0, cavs_test->outlen);
} else {
@@ -2571,8 +2566,7 @@ static int cavs_hkdf(struct kcapi_cavs *cavs_test, uint32_t loops)
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- cavs_test->outlen))
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
return -ENOMEM;
memset(outbuf, 0, cavs_test->outlen);
} else {
@@ -2671,8 +2665,7 @@ static int cavs_pbkdf(struct kcapi_cavs *cavs_test, uint32_t loops)
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- cavs_test->outlen))
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
return -ENOMEM;
memset(outbuf, 0, cavs_test->outlen);
} else {
@@ -2928,7 +2921,7 @@ static int kpp(struct kcapi_cavs *cavs_test, uint32_t loops, int splice)
outbuflen = ret;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), ret))
+ if (posix_memalign((void *)&outbuf, pagesize, ret))
return -ENOMEM;
memset(outbuf, 0, ret);
} else {
@@ -3001,7 +2994,7 @@ static int kpp_aio(struct kcapi_cavs *cavs_test, uint32_t loops, int splice)
outbuflen = ret;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), ret))
+ if (posix_memalign((void *)&outbuf, pagesize, ret))
return -ENOMEM;
memset(outbuf, 0, ret);
} else {
@@ -3072,6 +3065,10 @@ int main(int argc, char *argv[])
int splice = KCAPI_ACCESS_SENDMSG;
struct kcapi_cavs cavs_test;
+ pagesize = sysconf(_SC_PAGESIZE);
+ if (pagesize < 0)
+ return 1;
+
memset(&cavs_test, 0, sizeof(struct kcapi_cavs));
kcapi_set_verbosity(KCAPI_LOG_WARN);
From 4c904fbf621b0fb01d79c1b01d28c296f36e6d8a Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 11:10:01 +0200
Subject: [PATCH 10/16] docproc: Fix memory leak
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/doc/bin/docproc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c
index 9a0a931..ad8d3a0 100644
--- a/lib/doc/bin/docproc.c
+++ b/lib/doc/bin/docproc.c
@@ -445,6 +445,7 @@ static void find_all_symbols(char *filename)
start++;
}
}
+ free(data);
}
/*
From 6092ff27886b7d40ea056f6c02a9c3fd5803df0d Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 11:10:35 +0200
Subject: [PATCH 11/16] kcapi-aead: Remove an unreachable statement
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-aead.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/lib/kcapi-aead.c b/lib/kcapi-aead.c
index 7f8348f..d32c1e4 100644
--- a/lib/kcapi-aead.c
+++ b/lib/kcapi-aead.c
@@ -249,8 +249,6 @@ int32_t kcapi_aead_encrypt_aio(struct kcapi_handle *handle, struct iovec *iniov,
return _kcapi_aead_encrypt_aio_fallback(handle, iniov, outiov, iovlen,
iv);
-
- return ret;
}
DSO_PUBLIC
From 41a64a4363da4cce0f8de654f7dceef5c3fd6285 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 12:23:18 +0200
Subject: [PATCH 12/16] kcapi-kdf: Fix buffer overruns in error paths
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kdf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
index bf150c1..78a7e0d 100644
--- a/lib/kcapi-kdf.c
+++ b/lib/kcapi-kdf.c
@@ -336,6 +336,7 @@ int32_t kcapi_hkdf(const char *hashname,
if (h > HKDF_MAXHASH) {
kcapi_dolog(KCAPI_LOG_ERR,
"Null salt size too small for hash\n");
+ h = HKDF_MAXHASH;
err = -EFAULT;
goto err;
}
@@ -570,6 +571,7 @@ int32_t kcapi_pbkdf(const char *hashname,
kcapi_dolog(KCAPI_LOG_ERR,
"Programming error in file %s at line %u\n",
__FILE__, __LINE__);
+ h = MAX_DIGESTSIZE;
err = -EFAULT;
goto err;
}
From 33c3b71ba5577c0b2bcdf8eb880642e0ab461079 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 12:26:55 +0200
Subject: [PATCH 13/16] kcapi-kernel-if: Simplify iovec validity check
Current check is awkward, just checking iov for NULL seems to make CLang
happy.
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kernel-if.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
index 807cbfe..595ce68 100644
--- a/lib/kcapi-kernel-if.c
+++ b/lib/kcapi-kernel-if.c
@@ -257,11 +257,11 @@ int32_t _kcapi_common_vmsplice_iov(struct kcapi_handle *handle,
uint32_t inlen = 0;
unsigned long i;
- for (i = 0; i < iovlen; i++) {
- if (!(iov + i))
- return -EINVAL;
+ if (iovlen && !iov)
+ return -EINVAL;
+
+ for (i = 0; i < iovlen; i++)
inlen += iov[i].iov_len;
- }
/* kernel processes input data with max size of one page */
handle->processed_sg += ((inlen + sysconf(_SC_PAGESIZE) - 1) /
From c1f82d3b78031037f7098bd26b5da00eceecc00a Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 12:37:15 +0200
Subject: [PATCH 14/16] test: Allocate name even if size is zero
We still need one byte for the terminating null character.
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/kcapi-main.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index b0ec2ca..d20e74c 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -275,13 +275,11 @@ static int fuzz_init_test(unsigned int size)
kcapi_set_verbosity(KCAPI_LOG_NONE);
- if (size) {
- name = calloc(1, size + 1);
+ name = calloc(1, size + 1);
- if (!name) {
- printf("Allocation of %u bytes failed", size);
- return 1;
- }
+ if (!name) {
+ printf("Allocation of %u bytes failed", size);
+ return 1;
}
if (get_random(name, size, 0)) {
From 698fcb68572b5d315b27294bd3e9ee2c058920f6 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 12:41:37 +0200
Subject: [PATCH 15/16] test: Fix resource leak and error handling
The fuzz_cipher() and fuzz_aead() functions did not always return error
when it should and it did not always release the cipher handle on
return. This patch fixes both issues.
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/kcapi-main.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index d20e74c..b3f6ae9 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -352,11 +352,11 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags,
uint8_t indata[4096];
uint8_t outdata[4096];
unsigned int i;
- int ret = 0;
+ int ret = 1;
if (kcapi_cipher_init(&handle, cavs_test->cipher, 0)) {
printf("Allocation of %s cipher failed\n", cavs_test->cipher);
- return -EFAULT;
+ return 1;
}
/* Set key */
@@ -366,7 +366,7 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags,
for (i = 0; i < sizeof(key); i++) {
if (get_random(key, i, 0)) {
printf("get_random call failed\n");
- return 1;
+ goto out;
}
kcapi_cipher_setkey(handle, key, i);
}
@@ -388,7 +388,7 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags,
if (get_random(indata, i, 0)) {
printf("get_random call failed\n");
- return 1;
+ goto out;
}
if (flags & FUZZ_LESSOUT)
@@ -429,11 +429,11 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
uint8_t indata[4096];
uint8_t outdata[4096];
unsigned int i;
- int ret = 0;
+ int ret = 1;
if (kcapi_aead_init(&handle, cavs_test->cipher, 0)) {
printf("Allocation of %s cipher failed\n", cavs_test->cipher);
- return -EFAULT;
+ return 1;
}
/* Set key */
@@ -443,7 +443,7 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
for (i = 0; i < sizeof(key); i++) {
if (get_random(key, i, 0)) {
printf("get_random call failed\n");
- return 1;
+ goto out;
}
kcapi_aead_setkey(handle, key, i);
}
@@ -479,7 +479,7 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
if (get_random(indata, i, 0)) {
printf("get_random call failed\n");
- return 1;
+ goto out;
}
if (flags & FUZZ_LESSOUT)
From ec9c36216623b94684c9e5ca8be26455b490bdef Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 16:52:13 +0200
Subject: [PATCH 16/16] test: Clean up after NULL string fix
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/kcapi-main.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index b3f6ae9..3cba467 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -271,14 +271,12 @@ static int fuzz_init_test(unsigned int size)
{
struct kcapi_handle *handle;
int ret = 0;
- uint8_t *name = NULL;
+ uint8_t *name = calloc(1, size + 1);
kcapi_set_verbosity(KCAPI_LOG_NONE);
- name = calloc(1, size + 1);
-
if (!name) {
- printf("Allocation of %u bytes failed", size);
+ printf("Allocation of %u bytes failed", size + 1);
return 1;
}
@@ -317,10 +315,10 @@ static int fuzz_init_test(unsigned int size)
fail:
fprintf(stdout, "allocation success of nonsense string ");
- if (name)
+ if (size)
bin2print(name, size);
else
- fprintf(stdout, "NULL\n");
+ fprintf(stdout, "EMPTY\n");
free(name);
return 1;
}

View File

@ -0,0 +1,186 @@
From 2a0642407dd227d24e646c170d8afd47ab917899 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 16 Jul 2018 15:17:29 +0200
Subject: [PATCH] kcapi-hasher: Add missing -d option to fipshmac
---
apps/kcapi-hasher.c | 61 ++++++++++++++++++++++++++++-------------------------
1 file changed, 32 insertions(+), 29 deletions(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 6782dbc..2fc3ddc 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -71,7 +71,7 @@ struct hash_name {
};
struct hash_key {
- const char *subdir;
+ const char *checkdir;
const uint8_t *data;
uint32_t len;
};
@@ -108,12 +108,20 @@ static const char hmaccalc_hmackey[] = "FIPS-FTW-RHT2009";
static const struct hash_key KEY_FIPSCHECK = {
.data = (const uint8_t *)fipscheck_hmackey,
.len = sizeof(fipscheck_hmackey) - 1,
- .subdir = "fipscheck",
+#ifdef CHECK_DIR
+ .checkdir = CHECK_DIR"/fipscheck",
+#else
+ .checkdir = NULL,
+#endif
};
static const struct hash_key KEY_HMACCALC = {
.data = (const uint8_t *)hmaccalc_hmackey,
.len = sizeof(hmaccalc_hmackey) - 1,
- .subdir = "hmaccalc",
+#ifdef CHECK_DIR
+ .checkdir = CHECK_DIR"/hmaccalc",
+#else
+ .checkdir = NULL,
+#endif
};
static void usage(char *name, int fipscheck)
@@ -142,7 +150,8 @@ static void usage(char *name, int fipscheck)
fprintf(stderr, "\t-k --key-file FILE\tUse HMAC key from given file\n");
fprintf(stderr, "\t-K --key KEY\t\tUse KEY as the HMAC key\n");
fprintf(stderr, "\t --tag\t\tCreate a BSD-style checksum\n");
- fprintf(stderr, "\t-b, -d, -P\t\tCompatibility hmaccalc options; ignored\n");
+ fprintf(stderr, "\t-d\t\t\tCheck directory for fipshmac; otherwise ignored\n");
+ fprintf(stderr, "\t-b, -P\t\t\tCompatibility hmaccalc options; ignored\n");
fprintf(stderr, "\t --help\t\tPrint this help text\n");
fprintf(stderr, "\t-v --version\t\tShow version\n");
}
@@ -368,7 +377,7 @@ static char *paste(char *dst, const char *src, size_t size)
* return: NULL when malloc failed, a pointer that the caller must free
* otherwise.
*/
-static char *get_hmac_file(const char *filename, const char *subdir)
+static char *get_hmac_file(const char *filename, const char *checkdir)
{
size_t i, filelen, pathlen, namelen, basenamestart = 0;
size_t prefixlen = strlen(CHECK_PREFIX);
@@ -386,12 +395,7 @@ static char *get_hmac_file(const char *filename, const char *subdir)
}
namelen = filelen - basenamestart;
-#ifdef CHECK_DIR
- pathlen = strlen(CHECK_DIR"/") + strlen(subdir) + 1;
-#else
- (void)subdir; // avoid parameter unused warning
- pathlen = basenamestart;
-#endif
+ pathlen = checkdir ? strlen(checkdir) + 1 : basenamestart;
checkfile = malloc(pathlen + namelen + prefixlen + 1 /* "." */ +
suffixlen + 1 /* null character */);
@@ -399,14 +403,12 @@ static char *get_hmac_file(const char *filename, const char *subdir)
return NULL;
cursor = checkfile;
-#ifdef CHECK_DIR
- cursor = paste(cursor, CHECK_DIR"/", strlen(CHECK_DIR"/"));
- cursor = paste(cursor, subdir, strlen(subdir));
- cursor = paste(cursor, "/", 1);
-#else
- if (pathlen > 0)
+ if (checkdir) {
+ cursor = paste(cursor, checkdir, strlen(checkdir));
+ cursor = paste(cursor, "/", 1);
+ } else if (pathlen > 0)
cursor = paste(cursor, filename, pathlen);
-#endif
+
cursor = paste(cursor, CHECK_PREFIX, prefixlen);
cursor = paste(cursor, filename + basenamestart, namelen);
cursor = paste(cursor, "."CHECK_SUFFIX, 1 + suffixlen);
@@ -417,7 +419,7 @@ static char *get_hmac_file(const char *filename, const char *subdir)
static int hash_files(const struct hash_params *params,
char *filenames[], uint32_t files,
- int fipshmac, int just_print)
+ int fipshmac, const char *checkdir, int just_print)
{
struct kcapi_handle *handle;
const char *hashname = params->name.kcapiname;
@@ -446,9 +448,7 @@ static int hash_files(const struct hash_params *params,
const char *filename = filenames[i];
if (fipshmac) {
- char *outfile = get_hmac_file(filenames[i],
- params->key.subdir);
-
+ char *outfile = get_hmac_file(filenames[i], checkdir);
if (!outfile) {
fprintf(stderr,
"Cannot create HMAC file name\n");
@@ -712,11 +712,11 @@ static int fipscheck_self(const struct hash_params *params_bin,
}
if (mode == SELFCHECK_PRINT_SELF) {
- ret = hash_files(params_bin, names, 1, 0, 1);
+ ret = hash_files(params_bin, names, 1, 0, NULL, 1);
goto out;
}
- checkfile = get_hmac_file(selfname, params_bin->key.subdir);
+ checkfile = get_hmac_file(selfname, params_bin->key.checkdir);
if (!checkfile) {
ret = -ENOMEM;
goto out;
@@ -750,13 +750,13 @@ static int fipscheck_self(const struct hash_params *params_bin,
strncpy(selfname, info.dli_fname, (sizeof(selfname) - 1));
if (mode == SELFCHECK_PRINT_LIB) {
- ret = hash_files(params_lib, names, 1, 0, 1);
+ ret = hash_files(params_lib, names, 1, 0, NULL, 1);
goto out;
}
if (checkfile)
free(checkfile);
- checkfile = get_hmac_file(selfname, params_lib->key.subdir);
+ checkfile = get_hmac_file(selfname, params_lib->key.checkdir);
if (!checkfile) {
ret = -ENOMEM;
goto out;
@@ -799,6 +799,7 @@ int main(int argc, char *argv[])
char *checkfile = NULL;
const char *targetfile = NULL;
+ const char *checkdir = NULL;
uint8_t *hmackey_alloc = NULL;
uint8_t *hmackey_mmap = NULL;
int opt_index = 0;
@@ -1055,8 +1056,10 @@ int main(int argc, char *argv[])
version(argv[0]);
ret = 0;
goto out;
- case 'b':
case 'd':
+ checkdir = optarg;
+ break;
+ case 'b':
case 'P':
/* Compatibility options, just ignore */
break;
@@ -1110,7 +1113,7 @@ int main(int argc, char *argv[])
targetfile = argv[optind];
if (checkfile)
free(checkfile);
- checkfile = get_hmac_file(targetfile, params.key.subdir);
+ checkfile = get_hmac_file(targetfile, params.key.checkdir);
if (!checkfile) {
ret = 1;
goto out;
@@ -1120,7 +1123,7 @@ int main(int argc, char *argv[])
if (!checkfile)
ret = hash_files(&params, argv + optind, (argc - optind),
- fipshmac, 0);
+ fipshmac, checkdir, 0);
else if (optind == argc)
ret = process_checkfile(&params, checkfile, targetfile, loglevel);
else {

View File

@ -0,0 +1,34 @@
From 912ab6d55ef5af594d22d01a39cf7e035c797335 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 11 Jul 2018 09:42:26 +0200
Subject: [PATCH] kcapi-hasher: Fix command-line parsing
I made a mistake in commit 3be3e18d4a2e ("kcapi-hasher: Allow picking
basename via cmdline"), which apparently broke command-line parsing when
the '-n' options is not used. This patch fixes the issue by resetting
the right variable and also silences error messages when checking for
the '-n' option.
Fedora BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1599831
---
apps/kcapi-hasher.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index ae88211..90707a6 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -841,10 +841,12 @@ int main(int argc, char *argv[])
}
basen = basename(basec);
+ opterr = 0;
if (getopt_long(argc, argv, opts_name_short, opts_name, &opt_index) == 'n')
basen = optarg;
else
- opt_index = 0;
+ optind = 1;
+ opterr = 1;
params_self = &PARAMS_SELF_FIPSCHECK;
if (0 == strncmp(basen, "sha256sum", 9)) {

View File

@ -0,0 +1,29 @@
From 94c8277dd8fbd2193cb3804c304e965c9238951d Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 11 Jul 2018 14:41:14 +0200
Subject: [PATCH] kcapi-hasher: Fix off-by-one error
There was an off-by-one error in process_checkfile() that caused the
hasher to misparse checkfiles that contain only the hash (for
self-check).
---
apps/kcapi-hasher.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index ae88211..00f0373 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -514,8 +514,11 @@ static int process_checkfile(const struct hash_params *params,
uint32_t i;
uint32_t bsd_style = 0; // >0 if --tag formatted style
+ if (linelen == 0)
+ break;
+
/* remove trailing CR and reduce buffer length */
- for (i = linelen; i > 0; i--) {
+ for (i = linelen - 1; i > 0; i--) {
if (!isprint(buf[i])) {
buf[i] = '\0';
linelen--;

View File

@ -0,0 +1,33 @@
From b2e9360dab74de1ffcb8527610e88b0da87c701e Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 30 Jul 2018 17:17:59 +0200
Subject: [PATCH] lib: Fix _kcapi_handle_destroy() closing FD 0
The kcapi_handle structure is initialized with zeroes at allocation.
However, since it contains several file descriptor variables, it may
happen that _kcapi_handle_destroy() is executed while some of these are
set to 0, causing an unwanted call to close(0).
This patch prevents it by initializing all FD variables to -1 right
after handle allocation.
---
lib/kcapi-kernel-if.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
index 595ce68..dfa94b4 100644
--- a/lib/kcapi-kernel-if.c
+++ b/lib/kcapi-kernel-if.c
@@ -1146,6 +1146,12 @@ int _kcapi_handle_init(struct kcapi_handle **caller, const char *type,
handle->tfm = tfm;
+ /* Initialize all fd vars to -1 to avoid unwanted close(0) */
+ handle->pipes[0] = -1;
+ handle->pipes[1] = -1;
+ handle->opfd = -1;
+ handle->aio.efd = -1;
+
ret = _kcapi_handle_init_tfm(handle, type, ciphername);
if (ret)
goto err;

View File

@ -0,0 +1,34 @@
From a10e5ff7f8f69e1ed5cd4151f3e71f4783c40c68 Mon Sep 17 00:00:00 2001
From: Krzysztof Kozlowski <krzk@kernel.org>
Date: Thu, 12 Jul 2018 18:13:32 +0200
Subject: [PATCH] test: Be sure to terminate strncpy() copied string
(-Wstringop-truncation)
strncpy() might not NULL-terminate the buffer. This fixes GCC v8.1.0 warning:
test/kcapi-main.c: In function 'main':
test/kcapi-main.c:3123:5: error: 'strncpy' specified bound 63 equals destination size [-Werror=stringop-truncation]
strncpy(cavs_test.cipher, optarg,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CIPHERMAXNAME);
~~~~~~~~~~~~~~
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/kcapi-main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index 8352499..c167b7f 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -3121,7 +3121,7 @@ int main(int argc, char *argv[])
break;
case 'c':
strncpy(cavs_test.cipher, optarg,
- CIPHERMAXNAME);
+ CIPHERMAXNAME - 1);
break;
case 'p':
len = strlen(optarg);

View File

@ -0,0 +1,42 @@
From def2282fd28390f4a8afd0f43be6c3b3b1586f41 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Fri, 27 Jul 2018 10:53:00 +0200
Subject: [PATCH] test: Fix AEAD fuzz test for big-endian archs
The stupid authenc() key format contains fields that need to be in the
machine's endianity. Right now, they are hard-coded in the LE format.
This patch makes them always be in the right format.
---
test/kcapi-main.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index e24956c..d62c91a 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -451,14 +451,17 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
if (kcapi_aead_setkey(handle, key, 16)) {
if (!strncmp(cavs_test->cipher, "authenc", 7)) {
- uint8_t *k = (uint8_t *)
- "\x08\x00\x01\x00\x00\x00\x00\x10"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x06\xa9\x21\x40"
- "\x36\xb8\xa1\x5b\x51\x2e\x03\xd5"
- "\x34\x12\x00\x06";
- if (kcapi_aead_setkey(handle, k, 44)) {
+ uint8_t k[44];
+ memcpy(k, "\x00\x00\x00\x00\x00\x00\x00\x10"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x06\xa9\x21\x40"
+ "\x36\xb8\xa1\x5b\x51\x2e\x03\xd5"
+ "\x34\x12\x00\x06", sizeof(k));
+ /* These need to be in machine's endianity: */
+ *(uint16_t *)(k + 0) = 8;
+ *(uint16_t *)(k + 2) = 1;
+ if (kcapi_aead_setkey(handle, k, sizeof(k))) {
printf("AEAD setkey failed\n");
goto out;
}

View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAlsmv5gACgkQQh7pNjJq
wVv+2AgAg5Clqx2IB4/pN21IZxwU9+aIxiHxm+EZIbR+odc7eSymmQlQre0HLI4n
XDkfw9Zhes/Ih6dIRkAWVWm8fCQL7xrlgpkBW2Y3bxXxC99gQB4DSVn/Mdjasq2I
5pfiTe9CPNbevUwHgIe0GkGLfZJLlHL29Hjzl5TLfodVHayjDpY9v1jIRkWm2vLo
rgRmxMCt3L2csOM2ZYyeLBoHzXv3f1W6t68BzPeQQ8Pgmf+kSjW6iUXCTixBIKGz
enus3L0vJLigVtY2WZ583JZHkhvw9/KO7Z0d3fH8JuEnhMX1Vc+vnFxTWGsf8KSe
TDuu0nF3SpKTtNPaDVPgbhSZs4JZTg==
=dhAX
-----END PGP SIGNATURE-----

667
SPECS/libkcapi.spec Normal file
View File

@ -0,0 +1,667 @@
# Shared object version of libkcapi.
%global vmajor 1
%global vminor 1
%global vpatch 1
# Do we build the replacements packages?
%bcond_with replace_coreutils
%bcond_with replace_fipscheck
# Replace hmaccalc by default in Fedora 28+:
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8
%bcond_without replace_hmaccalc
%else
%bcond_with replace_hmaccalc
%endif
%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8
%bcond_without test_package
%else
%bcond_with test_package
%endif
%if 0%{?fedora}
%global use_clang 1
%else
%global use_clang 0
%endif
# This package needs at least Linux Kernel v4.10.0.
%global min_kernel_ver 4.10.0
# Do we need to tweak sysctl.d? In newer versions of the Linux
# Kernel the default ancillary buffer size is set high enough.
# TODO: Adapt this when the patch for net/core/sock.c is merged.
%if %{lua:print(rpm.vercmp('99.0.0', posix.uname('%r')));} >= 0
%global with_sysctl_tweak 1
%else
%global with_sysctl_tweak 0
%endif
%if %{with_sysctl_tweak}
# Priority for the sysctl.d preset.
%global sysctl_prio 50
# Value used for the sysctl.d preset.
%global sysctl_optmem_max 81920
# Extension for the README.distro file.
%global distroname_ext %{?fedora:fedora}%{?rhel:redhat}
%endif
# Lowest limit to run the testsuite. If we cannot obtain this
# value, we asume the testsuite cannot be run.
%global test_optmem_max %(%{__cat} /proc/sys/net/core/optmem_max || echo 0)
# For picking patches from upstream commits or pull requests.
%global giturl https://github.com/smuellerDD/%{name}
# Do we replace some coreutils?
%if %{with replace_coreutils}
# TODO: Adapt this when replacing some coreutils initially.
%global coreutils_evr 8.29-1%{?dist}
%endif
# Do we replace fipscheck?
%if %{with replace_fipscheck}
# TODO: Adapt this when replacing fipscheck initially.
%global fipscheck_evr 1.5.0-3%{?dist}
%endif
# Do we replace hmaccalc?
%if %{with replace_hmaccalc}
%global hmaccalc_evr 0.9.14-10%{?dist}
%endif
%global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac
%global apps_fipscheck sha1sum sha224sum sha256sum sha384sum sha512sum md5sum fipscheck fipshmac
# Add generation of HMAC checksums of the final stripped
# binaries. %%define with lazy globbing is used here
# intentionally, because using %%global does not work.
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
bin_path=%{buildroot}%{_bindir} \
lib_path=%{buildroot}/%{_lib} \
for app in %{apps_hmaccalc}; do \
test -e "$bin_path"/$app || continue \
{ bin/kcapi-hasher -n sha512hmac "$bin_path"/$app || exit 1; } \\\
| cut -f 1 -d ' ' >"$lib_path"/hmaccalc/$app.hmac \
done \
for app in %{apps_fipscheck}; do \
test -e "$bin_path"/$app || continue \
bin/kcapi-hasher -n fipshmac -d "$lib_path"/fipscheck \\\
"$bin_path"/$app || exit 1 \
done \
%{_sbindir}/hardlink -cfv %{buildroot}%{_bindir} \
bin/kcapi-hasher -n fipshmac -d "$lib_path"/fipscheck \\\
"$lib_path"/libkcapi.so.%{version} || exit 1 \
%{__ln_s} libkcapi.so.%{version}.hmac \\\
"$lib_path"/fipscheck/libkcapi.so.%{vmajor}.hmac \
%{nil}
Name: libkcapi
Version: %{vmajor}.%{vminor}.%{vpatch}
Release: 16_1%{?dist}
Summary: User space interface to the Linux Kernel Crypto API
License: BSD or GPLv2
URL: http://www.chronox.de/%{name}.html
Source0: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
Patch0: %{giturl}/pull/60.patch#/%{name}-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch
Patch1: %{giturl}/pull/61.patch#/%{name}-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch
Patch2: %{giturl}/pull/64.patch#/%{name}-1.1.1-kcapi-hasher_Add_missing_-d_option_to_fipshmac.patch
Patch3: %{giturl}/commit/3e388ac4eba63b466bf6b14b2088ea44c8a2bfe4.patch#/%{name}-1.1.1-Fix_possible_buffer_overflow_with_strncpy.patch
Patch4: %{giturl}/commit/a10e5ff7f8f69e1ed5cd4151f3e71f4783c40c68.patch#/%{name}-1.1.1-test_Be_sure_to_terminate_strncpy_copied_string.patch
Patch5: %{giturl}/compare/decf850ab9bb...ec9c36216623.patch#/%{name}-1.1.1-Fix_various_issues_reported_by_Coverity.patch
Patch6: %{giturl}/compare/4a1a30f75e70...c9ed6b2c0702.patch#/%{name}-1.1.1-Coverity_PR_follow-up.patch
Patch7: %{giturl}/pull/68.patch#/%{name}-1.1.1-test_Fix_AEAD_fuzz_test_for_big-endian_archs.patch
Patch8: %{giturl}/pull/70.patch#/%{name}-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch
Patch9: %{giturl}/pull/71.patch#/%{name}-1.1.1-test_Allow_running_tests_outside_of_build_environment.patch
Patch9001: 9001-split-up-huge-string.patch
%if %{use_clang}
BuildRequires: clang
%endif
BuildRequires: coreutils
BuildRequires: cppcheck
BuildRequires: docbook-utils-pdf
BuildRequires: gcc
BuildRequires: git
BuildRequires: hardlink
BuildRequires: kernel-headers >= %{min_kernel_ver}
BuildRequires: libtool
BuildRequires: openssl
BuildRequires: perl
BuildRequires: systemd
BuildRequires: xmlto
# For ownership of %%{_sysctldir}.
Requires: systemd
Obsoletes: %{name}-replacements <= %{version}-%{release}
%description
libkcapi allows user-space to access the Linux kernel crypto API.
This library uses the netlink interface and exports easy to use APIs
so that a developer does not need to consider the low-level netlink
interface handling.
The library does not implement any cipher algorithms. All consumer
requests are sent to the kernel for processing. Results from the
kernel crypto API are returned to the consumer via the library API.
The kernel interface and therefore this library can be used by
unprivileged processes.
%package devel
Summary: Development files for the %{name} package
Requires: %{name}%{?_isa} == %{version}-%{release}
%description devel
Header files for applications that use %{name}.
%package doc
Summary: User documentation for the %{name} package
BuildArch: noarch
%description doc
User documentation for %{name}.
%if %{with replace_coreutils}
%package checksum
Summary: Drop-in replacement for *sum utils provided by the %{name} package
Requires: %{name}%{?_isa} == %{version}-%{release}
Requires: coreutils%{?_isa} >= %{coreutils_evr}
Conflicts: coreutils < %{coreutils_evr}
Conflicts: coreutils-single
%description checksum
Provides drop-in replacements for sha*sum tools (from package
coreutils) using %{name}.
%endif
%if %{with replace_fipscheck}
%package fipscheck
Summary: Drop-in replacements for fipscheck/fipshmac provided by the %{name} package
Requires: %{name}%{?_isa} == %{version}-%{release}
Obsoletes: fipscheck <= %{fipscheck_evr}
Provides: fipscheck == %{fipscheck_evr}.1
Provides: fipscheck%{?_isa} == %{fipscheck_evr}.1
%description fipscheck
Provides drop-in replacements for fipscheck and fipshmac tools (from
package fipscheck) using %{name}.
%endif
%if %{with replace_hmaccalc}
%package hmaccalc
Summary: Drop-in replacements for hmaccalc provided by the %{name} package
Requires: %{name}%{?_isa} == %{version}-%{release}
Obsoletes: hmaccalc <= %{hmaccalc_evr}
Provides: hmaccalc == %{hmaccalc_evr}.1
Provides: hmaccalc%{?_isa} == %{hmaccalc_evr}.1
%description hmaccalc
Provides drop-in replacements for sha*hmac tools (from package
hmaccalc) using %{name}.
%endif
%package static
Summary: Static library for -static linking with %{name}
Requires: %{name}-devel%{?_isa} == %{version}-%{release}
%description static
This package contains the %{name} static libraries for -static
linking. You don't need this, unless you link statically, which
is highly discouraged.
%package tools
Summary: Utility applications for the %{name} package
Requires: %{name}%{?_isa} == %{version}-%{release}
%description tools
Utility applications that are provided with %{name}. This includes
tools to use message digests, symmetric ciphers and random number
generators implemented in the Linux kernel from command line.
%if %{with test_package}
%package tests
Summary: Testing scripts for the %{name} package
Requires: %{name}%{?_isa} == %{version}-%{release}
Requires: %{name}-tools%{?_isa} == %{version}-%{release}
%if %{with replace_hmaccalc}
Requires: %{name}-hmaccalc%{?_isa} == %{version}-%{release}
%endif
%if %{with replace_coreutils}
Requires: %{name}-checksum%{?_isa} == %{version}-%{release}
%endif
Requires: coreutils
Requires: openssl
Requires: perl
%description tests
Auxiliary scripts for testing %{name}.
%endif
%prep
%autosetup -p 1 -S git
%if %{with_sysctl_tweak}
%{__cat} << EOF > README.%{distroname_ext}
This package increases the default limit of the ancillary buffer size
per kernel socket defined in \`net.core.optmem_max\` to %{sysctl_optmem_max} bytes.
For this preset to become active it requires a reboot after the
installation of this package. You can also manually increase this
limit by invocing \`sysctl net.core.optmem_max=%{sysctl_optmem_max}\` as the
super-user, e.g. using \`su\` or \`sudo\` on the terminal.
This is done to provide consumers of the new Linux Kernel Crypto API
User Space Interface a well sufficient and reasonable maximum limit
by default, especially when using AIO with a larger amount of IOVECs.