import libkcapi-1.2.0-2.el8
This commit is contained in:
parent
a1f0e9b8fb
commit
b2d6773180
3
.gitignore
vendored
3
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
SOURCES/libkcapi-1.1.5.tar.xz
|
SOURCES/libkcapi-1.2.0.tar.xz
|
||||||
|
SOURCES/libkcapi-1.2.0.tar.xz.asc
|
||||||
|
@ -1 +1,2 @@
|
|||||||
fb247c6f8c2d83e7e341ac56dd6eedc7f6fe5380 SOURCES/libkcapi-1.1.5.tar.xz
|
c5bc2fdb8da1c567c1435096fed8937d4d3ce4f1 SOURCES/libkcapi-1.2.0.tar.xz
|
||||||
|
c5bc2fdb8da1c567c1435096fed8937d4d3ce4f1 SOURCES/libkcapi-1.2.0.tar.xz.asc
|
||||||
|
54
SOURCES/100-fix-double-free-hasher.patch
Normal file
54
SOURCES/100-fix-double-free-hasher.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
--- libkcapi-1.2.0/apps/kcapi-hasher.c.fix-double-free-hasher 2020-05-26 16:31:28.296332614 +0200
|
||||||
|
+++ libkcapi-1.2.0/apps/kcapi-hasher.c 2020-05-26 16:37:07.681011437 +0200
|
||||||
|
@@ -301,7 +301,7 @@ static int hasher(struct kcapi_handle *h
|
||||||
|
fprintf(stderr,
|
||||||
|
"Use of mmap failed mapping %zu bytes at offset %" PRId64 " of file %s (%d)\n",
|
||||||
|
mapped, (int64_t)offset, filename, ret);
|
||||||
|
- goto out;
|
||||||
|
+ return ret;
|
||||||
|
}
|
||||||
|
/* Compute hash */
|
||||||
|
memblock_p = memblock;
|
||||||
|
@@ -311,8 +311,10 @@ static int hasher(struct kcapi_handle *h
|
||||||
|
INT_MAX : (uint32_t)left;
|
||||||
|
|
||||||
|
ret = kcapi_md_update(handle, memblock_p, todo);
|
||||||
|
- if (ret < 0)
|
||||||
|
- goto out;
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ munmap(memblock, mapped);
|
||||||
|
+ return ret;
|
||||||
|
+ }
|
||||||
|
left -= todo;
|
||||||
|
memblock_p += todo;
|
||||||
|
} while (left);
|
||||||
|
@@ -329,7 +331,7 @@ static int hasher(struct kcapi_handle *h
|
||||||
|
|
||||||
|
ret = kcapi_md_update(handle, tmpbuf, bufsize);
|
||||||
|
if (ret < 0)
|
||||||
|
- goto out;
|
||||||
|
+ return ret;
|
||||||
|
}
|
||||||
|
kcapi_memset_secure(tmpbuf, 0, sizeof(tmpbuf));
|
||||||
|
}
|
||||||
|
@@ -340,7 +342,7 @@ static int hasher(struct kcapi_handle *h
|
||||||
|
if (hashlen > (uint32_t)ret) {
|
||||||
|
fprintf(stderr, "Invalid truncated hash size: %lu > %i\n",
|
||||||
|
(unsigned long)hashlen, ret);
|
||||||
|
- goto out;
|
||||||
|
+ return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!hashlen)
|
||||||
|
@@ -376,11 +378,6 @@ static int hasher(struct kcapi_handle *h
|
||||||
|
fprintf(stderr, "Generation of hash for file %s failed (%d)\n",
|
||||||
|
filename ? filename : "stdin", ret);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
-out:
|
||||||
|
- if (memblock)
|
||||||
|
- munmap(memblock, mapped);
|
||||||
|
-
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
|
|
||||||
index 2ae0edb..6818e67 100644
|
|
||||||
--- a/test/kcapi-main.c
|
|
||||||
+++ b/test/kcapi-main.c
|
|
||||||
@@ -237,7 +237,7 @@ static inline uint64_t _time_delta(struct timespec *start, struct timespec *end)
|
|
||||||
|
|
||||||
static int get_random(uint8_t *buf, uint32_t buflen, unsigned int flags)
|
|
||||||
{
|
|
||||||
- int ret;
|
|
||||||
+ int ret = 0;
|
|
||||||
|
|
||||||
if (buflen > INT_MAX)
|
|
||||||
return 1;
|
|
@ -1,30 +0,0 @@
|
|||||||
diff -up libkcapi-1.1.5/apps/kcapi-hasher.c.fipshmac-compat libkcapi-1.1.5/apps/kcapi-hasher.c
|
|
||||||
--- libkcapi-1.1.5/apps/kcapi-hasher.c.fipshmac-compat 2019-01-23 07:14:51.000000000 +0100
|
|
||||||
+++ libkcapi-1.1.5/apps/kcapi-hasher.c 2020-04-23 14:37:59.518173594 +0200
|
|
||||||
@@ -386,10 +386,16 @@ static char *paste(char *dst, const char
|
|
||||||
static char *get_hmac_file(const char *filename, const char *checkdir)
|
|
||||||
{
|
|
||||||
size_t i, filelen, pathlen, namelen, basenamestart = 0;
|
|
||||||
- size_t prefixlen = strlen(CHECK_PREFIX);
|
|
||||||
+ const char *check_prefix = CHECK_PREFIX;
|
|
||||||
+ size_t prefixlen = strlen(check_prefix);
|
|
||||||
size_t suffixlen = strlen(CHECK_SUFFIX);
|
|
||||||
char *cursor, *checkfile = NULL;
|
|
||||||
|
|
||||||
+ if (prefixlen == 0 && checkdir == NULL) {
|
|
||||||
+ check_prefix = ".";
|
|
||||||
+ prefixlen = 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
filelen = strlen(filename);
|
|
||||||
if (filelen > 4096) {
|
|
||||||
fprintf(stderr, "File too long\n");
|
|
||||||
@@ -415,7 +421,7 @@ static char *get_hmac_file(const char *f
|
|
||||||
} else if (pathlen > 0)
|
|
||||||
cursor = paste(cursor, filename, pathlen);
|
|
||||||
|
|
||||||
- cursor = paste(cursor, CHECK_PREFIX, prefixlen);
|
|
||||||
+ cursor = paste(cursor, check_prefix, prefixlen);
|
|
||||||
cursor = paste(cursor, filename + basenamestart, namelen);
|
|
||||||
cursor = paste(cursor, "."CHECK_SUFFIX, 1 + suffixlen);
|
|
||||||
strncpy(cursor, "\0", 1);
|
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAl1BSvEACgkQQh7pNjJq
|
|
||||||
wVtOogf/UzYn7DUB4x0QQxODtaVbXrZ5FfFWDpKJxCVXWI64VK1kF6SSm+qD305h
|
|
||||||
Dj0lA7+TpIKhwKlc4kofaLjW/yeUPEoZCBjFSTeLc+A/7XP5m1Xqnz6fuH2lZwRK
|
|
||||||
o1p8ICPj9bOW9rj2K59pdHVTdXW1fj5sJOi25n9fLf5PcaPMxoawHG4l18tp7qNd
|
|
||||||
XXrqcfeSe+IF3Z4MJQee4lnsQE37wOJC8lanNDMXs7XZJ4RGUrJWfMWzVhVbh+D4
|
|
||||||
n6Ow6H0ZaJDUksSh6faKBwAlo+c9J2CRe80+EIiAcYCKzQOH6ylnhdU1qKVD/kNK
|
|
||||||
7XMwTY3intV9FP3mhM/RPSLSOw7NLA==
|
|
||||||
=UN86
|
|
||||||
-----END PGP SIGNATURE-----
|
|
@ -1,7 +1,7 @@
|
|||||||
# Shared object version of libkcapi.
|
# Shared object version of libkcapi.
|
||||||
%global vmajor 1
|
%global vmajor 1
|
||||||
%global vminor 1
|
%global vminor 2
|
||||||
%global vpatch 5
|
%global vpatch 0
|
||||||
|
|
||||||
# Do we build the replacements packages?
|
# Do we build the replacements packages?
|
||||||
%bcond_with replace_coreutils
|
%bcond_with replace_coreutils
|
||||||
@ -109,7 +109,7 @@ done \
|
|||||||
|
|
||||||
Name: libkcapi
|
Name: libkcapi
|
||||||
Version: %{vmajor}.%{vminor}.%{vpatch}
|
Version: %{vmajor}.%{vminor}.%{vpatch}
|
||||||
Release: 3%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: User space interface to the Linux Kernel Crypto API
|
Summary: User space interface to the Linux Kernel Crypto API
|
||||||
|
|
||||||
License: BSD or GPLv2
|
License: BSD or GPLv2
|
||||||
@ -119,8 +119,7 @@ Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
|
|||||||
Source2: sha512hmac-openssl.sh
|
Source2: sha512hmac-openssl.sh
|
||||||
Source3: fipshmac-openssl.sh
|
Source3: fipshmac-openssl.sh
|
||||||
|
|
||||||
Patch100: 100-workaround-cppcheck-bug.patch
|
Patch100: 100-fix-double-free-hasher.patch
|
||||||
Patch110: 110-fipshmac-compat.patch
|
|
||||||
|
|
||||||
BuildRequires: bash
|
BuildRequires: bash
|
||||||
BuildRequires: clang
|
BuildRequires: clang
|
||||||
@ -461,6 +460,12 @@ popd
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 26 2020 Sahana Prasad <sahana@redhat.com> - 1.2.0-2
|
||||||
|
- Fix double free issue in hasher()
|
||||||
|
|
||||||
|
* Mon May 25 2020 Sahana Prasad <sahana@redhat.com> - 1.2.0-1
|
||||||
|
- [RHEL] Update to upstream version 1.2.0
|
||||||
|
|
||||||
* Thu Apr 30 2020 Sahana Prasad <sahana@redhat.com> - 1.1.5-3
|
* Thu Apr 30 2020 Sahana Prasad <sahana@redhat.com> - 1.1.5-3
|
||||||
- Enables building on old kernels [sync fix in Fedora from omosnance].
|
- Enables building on old kernels [sync fix in Fedora from omosnance].
|
||||||
- This is required for covscans as they run on RHEL7 machines.
|
- This is required for covscans as they run on RHEL7 machines.
|
||||||
|
Loading…
Reference in New Issue
Block a user