From e01e29c76d9210d0f7a97ff1547a68597c7fe962 Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Tue, 28 Nov 2023 17:39:45 +0100 Subject: [PATCH] Backport fixes for kcapi-hasher target option Related: RHEL-15300 Signed-off-by: Zoltan Fridrich --- 004-hasher-target-option.patch | 55 ++++++++++++++++++++++++---------- libkcapi.spec | 6 +++- 2 files changed, 45 insertions(+), 16 deletions(-) diff --git a/004-hasher-target-option.patch b/004-hasher-target-option.patch index 69f84c7..945fcc3 100644 --- a/004-hasher-target-option.patch +++ b/004-hasher-target-option.patch @@ -1,8 +1,7 @@ -diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c -index f5caf77..a934fd9 100644 ---- a/apps/kcapi-hasher.c -+++ b/apps/kcapi-hasher.c -@@ -153,15 +153,17 @@ static void usage(char *name, int fipscheck) +diff --color -ruNp a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c +--- a/apps/kcapi-hasher.c 2023-11-28 17:08:09.124214489 +0100 ++++ b/apps/kcapi-hasher.c 2023-11-28 17:11:12.975963482 +0100 +@@ -140,15 +140,17 @@ static void usage(char *name, int fipsch if (fipscheck) fprintf(stderr, "\t%s [-n BASENAME] [OPTION]... FILE\n", base); else { @@ -22,7 +21,7 @@ index f5caf77..a934fd9 100644 fprintf(stderr, "\t-u --unkeyed\t\tForce unkeyed hash\n"); fprintf(stderr, "\t-h --hash HASH\t\tUse given hash algorithm\n"); fprintf(stderr, "\t-t --truncate N\t\tUse hash truncated to N bits\n"); -@@ -543,7 +545,7 @@ static int hash_files(const struct hash_params *params, +@@ -530,11 +532,12 @@ static int hash_files(const struct hash_ #define CHK_STATUS (2) static int process_checkfile(const struct hash_params *params, @@ -31,7 +30,12 @@ index f5caf77..a934fd9 100644 { FILE *file = NULL; int ret = 0; -@@ -583,7 +585,7 @@ static int process_checkfile(const struct hash_params *params, + int checked_any = 0; ++ int failed_any = 0; + struct kcapi_handle *handle; + const char *hashname = params->name.kcapiname; + +@@ -570,7 +573,7 @@ static int process_checkfile(const struc } while (fgets(buf, sizeof(buf), file)) { @@ -40,7 +44,7 @@ index f5caf77..a934fd9 100644 char *hexhash = NULL; // parsed hex value of hash uint32_t hexhashlen = 0; // length of hash hex value uint32_t linelen = (uint32_t)strlen(buf); -@@ -658,17 +660,7 @@ static int process_checkfile(const struct hash_params *params, +@@ -645,17 +648,7 @@ static int process_checkfile(const struc goto out; } @@ -58,7 +62,7 @@ index f5caf77..a934fd9 100644 if (!bsd_style) { if (!isblank(filename[0]) || (!isblank(filename[1]) && filename[1] != '*')) { -@@ -678,20 +670,28 @@ static int process_checkfile(const struct hash_params *params, +@@ -665,20 +658,29 @@ static int process_checkfile(const struc } filename += 2; } @@ -83,6 +87,7 @@ index f5caf77..a934fd9 100644 if (log < CHK_QUIET) printf("%s: OK\n", filename); } else { ++ failed_any = 1; if (log < CHK_STATUS) - printf("%s: Not OK\n", - filename); @@ -94,7 +99,16 @@ index f5caf77..a934fd9 100644 } } -@@ -783,7 +783,7 @@ static int fipscheck_self(const struct hash_params *params_bin, +@@ -692,7 +694,7 @@ out: + * If we found no lines to check, return an error. + * (See https://pagure.io/hmaccalc/c/1afb99549816192eb8e6bc8101bc417c2ffa764c) + */ +- return ret != 0 ? ret : !checked_any; ++ return ret != 0 ? ret : !(checked_any && !failed_any); + + } + +@@ -770,7 +772,7 @@ static int fipscheck_self(const struct h goto out; } @@ -103,7 +117,7 @@ index f5caf77..a934fd9 100644 if (ret) goto out; } -@@ -823,7 +823,7 @@ static int fipscheck_self(const struct hash_params *params_bin, +@@ -810,7 +812,7 @@ static int fipscheck_self(const struct h goto out; } @@ -112,7 +126,7 @@ index f5caf77..a934fd9 100644 } out: -@@ -878,12 +878,13 @@ int main(int argc, char *argv[]) +@@ -866,12 +868,13 @@ int main(int argc, char *argv[]) {0, 0, 0, 0} }; @@ -127,7 +141,7 @@ index f5caf77..a934fd9 100644 {"unkeyed", 0, 0, 'u'}, {"hash", 1, 0, 'h'}, {"truncate", 1, 0, 't'}, -@@ -1129,6 +1130,9 @@ int main(int argc, char *argv[]) +@@ -1124,6 +1127,9 @@ int main(int argc, char *argv[]) version(argv[0]); ret = 0; goto out; @@ -137,7 +151,7 @@ index f5caf77..a934fd9 100644 case 'd': checkdir = optarg; break; -@@ -1198,6 +1202,11 @@ int main(int argc, char *argv[]) +@@ -1180,6 +1186,11 @@ int main(int argc, char *argv[]) ret = 1; goto out; } @@ -149,7 +163,18 @@ index f5caf77..a934fd9 100644 targetfile = argv[optind]; if (checkfile) -@@ -1215,7 +1224,7 @@ int main(int argc, char *argv[]) +@@ -1192,12 +1203,18 @@ int main(int argc, char *argv[]) + optind++; + } + ++ if (targetfile && !checkfile) { ++ fprintf(stderr, "-T cannot be used without -c\n"); ++ ret = 1; ++ goto out; ++ } ++ + if (!checkfile) + ret = hash_files(¶ms, argv + optind, (uint32_t)(argc - optind), fipshmac, checkdir, 0); else if (optind == argc) diff --git a/libkcapi.spec b/libkcapi.spec index b6e3902..3603746 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -124,7 +124,7 @@ done \ Name: libkcapi Version: %{vmajor}.%{vminor}.%{vpatch} -Release: 1%{?dist} +Release: 2%{?dist} Summary: User space interface to the Linux Kernel Crypto API License: BSD-3-Clause OR GPL-2.0-only @@ -516,6 +516,10 @@ popd %changelog +* Fri Dec 01 2023 Zoltan Fridrich - 1.4.0-2 +- Backport fixes for kcapi-hasher target option + Related: RHEL-15300 + * Wed Nov 01 2023 Zoltan Fridrich - 1.4.0-1 - Update to new upstream release 1.4.0 Resolves: RHEL-5366