rpms
/
libkcapi
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:imports/c8-beta/libkcapi-1.1.1-16_1.el8
Branches Tags
rpms:c8
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c9s
rpms:c8s
rpms:imports/c8/libkcapi-1.4.0-2.el8
rpms:imports/c9/libkcapi-1.4.0-2.el9
rpms:imports/c9/libkcapi-1.3.1-3.el9
rpms:imports/c9-beta/libkcapi-1.3.1-3.el9
rpms:imports/c8-beta/libkcapi-1.2.0-2.el8
rpms:imports/c8-beta/libkcapi-1.1.1-16_1.el8
rpms:imports/c8s/libkcapi-1.2.0-2.el8
rpms:imports/c8s/libkcapi-1.1.5-3.el8
rpms:imports/c8/libkcapi-1.2.0-2.el8
rpms:imports/c8/libkcapi-1.1.1-16_1.el8
...
compare: rpms:c8
Branches Tags
rpms:c8
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c9s
rpms:c8s
rpms:imports/c8/libkcapi-1.4.0-2.el8
rpms:imports/c9/libkcapi-1.4.0-2.el9
rpms:imports/c9/libkcapi-1.3.1-3.el9
rpms:imports/c9-beta/libkcapi-1.3.1-3.el9
rpms:imports/c8-beta/libkcapi-1.2.0-2.el8
rpms:imports/c8-beta/libkcapi-1.1.1-16_1.el8
rpms:imports/c8s/libkcapi-1.2.0-2.el8
rpms:imports/c8s/libkcapi-1.1.5-3.el8
rpms:imports/c8/libkcapi-1.2.0-2.el8
rpms:imports/c8/libkcapi-1.1.1-16_1.el8

No commits in common. "imports/c8-beta/libkcapi-1.1.1-16_1.el8" and "c8" have entirely different histories.
imports/c8 ... c8

23 changed files with 842 additions and 4650 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libkcapi-1.1.1.tar.xz
SOURCES/libkcapi-1.4.0.tar.xz

2
.libkcapi.metadata
View File

@ -1 +1 @@
688085e96a576a7de0c8f6b58a93dc7364e6318a SOURCES/libkcapi-1.1.1.tar.xz
526dca7d8eb8ddc29395f0716ba1233e27bf2ab5 SOURCES/libkcapi-1.4.0.tar.xz

40
SOURCES/001-tests-kernel-version.patch Normal file
View File

@ -0,0 +1,40 @@
From c2af62dcc7a287f3c14f6aaec5724401c1ea470a Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 15 Aug 2022 10:19:50 +0200
Subject: [PATCH] tests: fix overly-optimistic kernel version checks
The mainline kernel is now at version 6.0 so these >= 5.99 checks are
now incorrectly enabling tests that don't work. Instead of bumping the
imaginary version and face the same problem again in a couple years,
replace the checks with 'false' and a TODO comment.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/test.sh | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/test/test.sh b/test/test.sh
index 1d9be73..a75b802 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -1560,7 +1560,8 @@ else
echo_deact "AEAD tests of copied AAD deactivated"
fi
-if $(check_min_kernelver 5 99); then
+# TODO add version check when supported upstream
+if false; then
asymfunc 4
asymfunc 4 -s
asymfunc 4 -v
@@ -1583,7 +1584,8 @@ else
echo_deact "All asymmetric tests deactivated"
fi
-if $(check_min_kernelver 5 99); then
+# TODO add version check when supported upstream
+if false; then
kppfunc 13
kppfunc 13 X -m
kppfunc 13 -v

74
SOURCES/002-fips-disable-ansi_cprng.patch Normal file
View File

@ -0,0 +1,74 @@
From 873842046678d109d8e382ce2e2870909876bbfe Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Fri, 11 Aug 2023 12:20:22 +0200
Subject: [PATCH] Disable test of obsolete ansi_cprng in FIPS mode
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/kcapi-main.c | 45 ++++++++++++++++++++++-----------------------
1 file changed, 22 insertions(+), 23 deletions(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index 67fb53f..23fc8ed 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -652,8 +652,6 @@ static int is_fips_mode(void)
static int auxiliary_tests(void)
{
struct kcapi_handle *handle = NULL;
- const char *ansi_cprng_name = is_fips_mode() ? "fips(ansi_cprng)"
- : "ansi_cprng";
int ret = 0;
if (kcapi_aead_init(&handle, "ccm(aes)", 0)) {
@@ -711,27 +709,28 @@ static int auxiliary_tests(void)
if (aux_test_rng("drbg_nopr_ctr_aes256", NULL, 0))
ret++;
- /* X9.31 RNG must require seed */
- printf("X9.31 missing seeding: ");
- if (!aux_test_rng(ansi_cprng_name, NULL, 0))
- ret++;
- /* X9.31 seed too short */
- printf("X9.31 insufficient seeding: ");
- if (!aux_test_rng(ansi_cprng_name,
- (uint8_t *)
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 16))
- ret++;
- /* X9.31 seed right sized short */
- if (aux_test_rng(ansi_cprng_name,
- (uint8_t *)
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 32)) {
- printf("Error for %s: kernel module ansi_cprng present?\n",
- ansi_cprng_name);
- ret++;
+ if (!is_fips_mode()) {
+ /* X9.31 RNG must require seed */
+ printf("X9.31 missing seeding: ");
+ if (!aux_test_rng("ansi_cprng", NULL, 0))
+ ret++;
+ /* X9.31 seed too short */
+ printf("X9.31 insufficient seeding: ");
+ if (!aux_test_rng("ansi_cprng",
+ (uint8_t *)
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 16))
+ ret++;
+ /* X9.31 seed right sized short */
+ if (aux_test_rng("ansi_cprng",
+ (uint8_t *)
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 32)) {
+ printf("Error for ansi_cprng: kernel module ansi_cprng present?\n");
+ ret++;
+ }
}
return ret;

58
SOURCES/003-zeroize-hasher.patch Normal file
View File

@ -0,0 +1,58 @@
From e6e9288ecce61101ab765bc966ba8f780915802f Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Wed, 1 Nov 2023 10:54:03 +0100
Subject: [PATCH] kcapi-hasher: zeroise temporary values for FIPS 140-3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Requirement introduced by AS05.10:
"The temporary value(s) generated during the integrity test of the
modules software or firmware shall [05.10] be zeroised from the module
upon completion of the integrity test;"
As some modules use fipscheck or sha*hmac for integrity tests, these
temporary values need to be zeroised from the hasher.
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
apps/kcapi-hasher.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 098b655..f5caf77 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -360,6 +360,7 @@ static int hasher(struct kcapi_handle *handle, const struct hash_params *params,
if (hashlen > (uint32_t)ret) {
fprintf(stderr, "Invalid truncated hash size: %lu > %zd\n",
(unsigned long)hashlen, ret);
+ kcapi_memset_secure(md, 0, sizeof(md));
return (int)ret;
}
@@ -376,6 +377,7 @@ static int hasher(struct kcapi_handle *handle, const struct hash_params *params,
ret = 1;
else
ret = 0;
+ kcapi_memset_secure(compmd, 0, sizeof(compmd));
} else {
if (outfile == NULL) { /* only print hash (hmaccalc -S) */
bin2print(md, hashlen, NULL, stdout,
@@ -396,6 +398,7 @@ static int hasher(struct kcapi_handle *handle, const struct hash_params *params,
fprintf(stderr, "Generation of hash for file %s failed (%zd)\n",
filename ? filename : "stdin", ret);
}
+ kcapi_memset_secure(md, 0, sizeof(md));
return (int)ret;
}
@@ -696,6 +699,7 @@ static int process_checkfile(const struct hash_params *params,
if (file)
fclose(file);
kcapi_md_destroy(handle);
+ kcapi_memset_secure(buf, 0, sizeof(buf));
/*
* If we found no lines to check, return an error.

185
SOURCES/004-hasher-target-option.patch Normal file
View File

@ -0,0 +1,185 @@
diff --color -ruNp a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
--- a/apps/kcapi-hasher.c 2023-11-28 17:08:09.124214489 +0100
+++ b/apps/kcapi-hasher.c 2023-11-28 17:11:12.975963482 +0100
@@ -140,15 +140,17 @@ static void usage(char *name, int fipsch
if (fipscheck)
fprintf(stderr, "\t%s [-n BASENAME] [OPTION]... FILE\n", base);
else {
- fprintf(stderr, "\t%s [-n BASENAME] [OPTION]... -c FILE\n", base);
+ fprintf(stderr, "\t%s [-n BASENAME] [OPTION]... -c FILE [-T FILE]\n", base);
fprintf(stderr, "\t%s [-n BASENAME] [OPTION]... FILE...\n", base);
}
fprintf(stderr, "\nOptions:\n");
fprintf(stderr, "\t-n --name\t\tForce given application name (sha512hmac/...)\n");
fprintf(stderr, "\t-S --self-sum\t\tPrint checksum of this binary and exit\n");
fprintf(stderr, "\t-L --self-sum-lib\tPrint checksum of the libkcapi library and exit\n");
- if (!fipscheck)
+ if (!fipscheck) {
fprintf(stderr, "\t-c --check FILE\t\tVerify hash sums from file\n");
+ fprintf(stderr, "\t-T --target FILE\tOverride filenames found in hash sums file; use with -c\n");
+ }
fprintf(stderr, "\t-u --unkeyed\t\tForce unkeyed hash\n");
fprintf(stderr, "\t-h --hash HASH\t\tUse given hash algorithm\n");
fprintf(stderr, "\t-t --truncate N\t\tUse hash truncated to N bits\n");
@@ -530,11 +532,12 @@ static int hash_files(const struct hash_
#define CHK_STATUS (2)
static int process_checkfile(const struct hash_params *params,
- const char *checkfile, const char *targetfile, int log)
+ const char *checkfile, const char *targetfile, int log, int fipscheck)
{
FILE *file = NULL;
int ret = 0;
int checked_any = 0;
+ int failed_any = 0;
struct kcapi_handle *handle;
const char *hashname = params->name.kcapiname;
@@ -570,7 +573,7 @@ static int process_checkfile(const struc
}
while (fgets(buf, sizeof(buf), file)) {
- char *filename = NULL; // parsed file name
+ const char *filename = NULL; // parsed file name
char *hexhash = NULL; // parsed hex value of hash
uint32_t hexhashlen = 0; // length of hash hex value
uint32_t linelen = (uint32_t)strlen(buf);
@@ -645,17 +648,7 @@ static int process_checkfile(const struc
goto out;
}
- /* fipscheck does not have the filename in the check file */
- if (targetfile) {
- ret = hasher(handle, params, targetfile,
- hexhash, hexhashlen, stdout);
- checked_any = 1;
- goto out;
- }
-
if (filename) {
- int r;
-
if (!bsd_style) {
if (!isblank(filename[0]) ||
(!isblank(filename[1]) && filename[1] != '*')) {
@@ -665,20 +658,29 @@ static int process_checkfile(const struc
}
filename += 2;
}
+ }
+
+ /*
+ * if targetfile is specified, use it instead of the filename
+ * found inside the checkfile
+ */
+ if (targetfile)
+ filename = targetfile;
- r = hasher(handle, params, filename, hexhash, hexhashlen, stdout);
+ if (filename) {
+ ret = hasher(handle, params, filename, hexhash, hexhashlen, stdout);
+ checked_any = 1;
+ if (fipscheck)
+ goto out;
- if (r == 0) {
+ if (ret == 0) {
if (log < CHK_QUIET)
printf("%s: OK\n", filename);
} else {
+ failed_any = 1;
if (log < CHK_STATUS)
- printf("%s: Not OK\n",
- filename);
- if (ret >= 0)
- ret++;
+ printf("%s: Not OK\n", filename);
}
- checked_any = 1;
}
}
@@ -692,7 +694,7 @@ out:
* If we found no lines to check, return an error.
* (See https://pagure.io/hmaccalc/c/1afb99549816192eb8e6bc8101bc417c2ffa764c)
*/
- return ret != 0 ? ret : !checked_any;
+ return ret != 0 ? ret : !(checked_any && !failed_any);
}
@@ -770,7 +772,7 @@ static int fipscheck_self(const struct h
goto out;
}
- ret = process_checkfile(params_bin, checkfile, selfname, CHK_STATUS);
+ ret = process_checkfile(params_bin, checkfile, selfname, CHK_STATUS, 1);
if (ret)
goto out;
}
@@ -810,7 +812,7 @@ static int fipscheck_self(const struct h
goto out;
}
- ret = process_checkfile(params_lib, checkfile, selfname, CHK_STATUS);
+ ret = process_checkfile(params_lib, checkfile, selfname, CHK_STATUS, 1);
}
out:
@@ -866,12 +868,13 @@ int main(int argc, char *argv[])
{0, 0, 0, 0}
};
- static const char *opts_short = "c:uh:t:SLqk:K:vbd:Pz";
+ static const char *opts_short = "c:T:uh:t:SLqk:K:vbd:Pz";
static const struct option opts[] = {
{"help", 0, 0, 0},
{"tag", 0, 0, 0},
{"quiet", 0, 0, 0},
{"check", 1, 0, 'c'},
+ {"target", 1, 0, 'T'},
{"unkeyed", 0, 0, 'u'},
{"hash", 1, 0, 'h'},
{"truncate", 1, 0, 't'},
@@ -1124,6 +1127,9 @@ int main(int argc, char *argv[])
version(argv[0]);
ret = 0;
goto out;
+ case 'T':
+ targetfile = optarg;
+ break;
case 'd':
checkdir = optarg;
break;
@@ -1180,6 +1186,11 @@ int main(int argc, char *argv[])
ret = 1;
goto out;
}
+ if (targetfile) {
+ fprintf(stderr, "-T is not valid for fipscheck\n");
+ ret = 1;
+ goto out;
+ }
targetfile = argv[optind];
if (checkfile)
@@ -1192,12 +1203,18 @@ int main(int argc, char *argv[])
optind++;
}
+ if (targetfile && !checkfile) {
+ fprintf(stderr, "-T cannot be used without -c\n");
+ ret = 1;
+ goto out;
+ }
+
if (!checkfile)
ret = hash_files(&params, argv + optind,
(uint32_t)(argc - optind),
fipshmac, checkdir, 0);
else if (optind == argc)
- ret = process_checkfile(&params, checkfile, targetfile, loglevel);
+ ret = process_checkfile(&params, checkfile, targetfile, loglevel, fipscheck);
else {
fprintf(stderr, "-c cannot be used with input files\n");
ret = 1;

320
SOURCES/005-fips-mode-tests.patch Normal file
View File

@ -0,0 +1,320 @@
From 8dc30412618019f5480f993c637e4cf0f5a11a39 Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Tue, 28 Nov 2023 09:34:29 +0100
Subject: [PATCH] Fix kcapi tests in FIPS mode
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---
test/hasher-test.sh | 23 +++++++++++---
test/kcapi-convenience.c | 2 +-
test/kcapi-dgst-test.sh | 16 +++++-----
test/kcapi-enc-test.sh | 16 +++++-----
test/test.sh | 67 ++++++++++++++++++++++++++++++----------
5 files changed, 86 insertions(+), 38 deletions(-)
diff --git a/test/hasher-test.sh b/test/hasher-test.sh
index c90fcc9..e97127e 100755
--- a/test/hasher-test.sh
+++ b/test/hasher-test.sh
@@ -26,6 +26,11 @@ HMACHASHER="sha1hmac sha256hmac sha384hmac sha512hmac"
CHKFILE="${TMPDIR}/chk.$$"
ANOTHER="${TMPDIR}/test.$$"
+is_fips_enabled()
+{
+ test $(cat /proc/sys/crypto/fips_enabled) = "1"
+}
+
if [ "$KCAPI_TEST_LOCAL" -eq 1 ]; then
find_platform kcapi-hasher
function run_hasher() {
@@ -365,7 +370,11 @@ fi
for suffix in $KAT_SUFFIXES
do
run_kat sha1$suffix "RFC 2202, section 3, #1" 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b "Hi There" 0xb617318655057264e28bc0b6fb378c8ef146be00
- run_kat sha1$suffix "RFC 2202, section 3, #2" "Jefe" "what do ya want for nothing?" 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79
+ if is_fips_enabled; then
+ echo_deact "'RFC 2202, section 3, #2' test case deactivated in FIPS"
+ else
+ run_kat sha1$suffix "RFC 2202, section 3, #2" "Jefe" "what do ya want for nothing?" 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79
+ fi
run_kat sha1$suffix "RFC 2202, section 3, #3" 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd 0x125d7342b9ac11cd91a39af48aa17b4f63f175d3
run_kat sha1$suffix "RFC 2202, section 3, #4" 0x0102030405060708090a0b0c0d0e0f10111213141516171819 0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd 0x4c9007f4026250c6bc8414f9bf50c86c2d7235da
run_kat sha1$suffix "RFC 2202, section 3, #5" 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c "Test With Truncation" 0x4c1a03424b55e07fe7f27be1d58bb9324a9a5a04
@@ -374,9 +383,15 @@ do
run_kat sha256$suffix "RFC 4231, section 4.2, #1" 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b "Hi There" 0xb0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7
run_kat sha384$suffix "RFC 4231, section 4.2, #2" 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b "Hi There" 0xafd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6
run_kat sha512$suffix "RFC 4231, section 4.2, #3" 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b "Hi There" 0x87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854
- run_kat sha256$suffix "RFC 4231, section 4.3, #1" "Jefe" "what do ya want for nothing?" 0x5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843
- run_kat sha384$suffix "RFC 4231, section 4.3, #2" "Jefe" "what do ya want for nothing?" 0xaf45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649
- run_kat sha512$suffix "RFC 4231, section 4.3, #3" "Jefe" "what do ya want for nothing?" 0x164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737
+ if is_fips_enabled; then
+ echo_deact "'RFC 4231, section 4.3, #1' test case deactivated in FIPS"
+ echo_deact "'RFC 4231, section 4.3, #2' test case deactivated in FIPS"
+ echo_deact "'RFC 4231, section 4.3, #3' test case deactivated in FIPS"
+ else
+ run_kat sha256$suffix "RFC 4231, section 4.3, #1" "Jefe" "what do ya want for nothing?" 0x5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843
+ run_kat sha384$suffix "RFC 4231, section 4.3, #2" "Jefe" "what do ya want for nothing?" 0xaf45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649
+ run_kat sha512$suffix "RFC 4231, section 4.3, #3" "Jefe" "what do ya want for nothing?" 0x164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737
+ fi
run_kat sha256$suffix "RFC 4231, section 4.4, #1" 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd 0x773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe
run_kat sha384$suffix "RFC 4231, section 4.4, #2" 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd 0x88062608d3e6ad8a0aa2ace014c8a86f0aa635d947ac9febe83ef4e55966144b2a5ab39dc13814b94e3ab6e101a34f27
run_kat sha512$suffix "RFC 4231, section 4.4, #3" 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd 0xfa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb
diff --git a/test/kcapi-convenience.c b/test/kcapi-convenience.c
index c5ff4b4..1cdaebe 100644
--- a/test/kcapi-convenience.c
+++ b/test/kcapi-convenience.c
@@ -63,7 +63,7 @@ static int hashtest(void)
static int hmactest(void)
{
- char *in = "teststring";
+ char *in = "longteststring";
uint8_t out[64];
ssize_t ret;
diff --git a/test/kcapi-dgst-test.sh b/test/kcapi-dgst-test.sh
index 0ad5ed3..67576b3 100755
--- a/test/kcapi-dgst-test.sh
+++ b/test/kcapi-dgst-test.sh
@@ -105,8 +105,8 @@ test_stdin_stdout()
openssl dgst -sha256 -hmac $opensslkey $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl
diff_file $GENDGST $GENDGST.openssl "STDIN / STDOUT test (keyed MD $keysize bits)"
- run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" < $ORIGPT > $GENDGST
- run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" < $ORIGPT > $GENDGST.2
+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwordpassword" -s $SALT -c "hmac(sha256)" < $ORIGPT > $GENDGST
+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwordpassword" -s $SALT -c "hmac(sha256)" < $ORIGPT > $GENDGST.2
diff_file $GENDGST $GENDGST.2 "STDIN / STDOUT test (password)"
}
@@ -135,8 +135,8 @@ test_stdin_fileout()
openssl dgst -sha256 -hmac $opensslkey $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl
diff_file $GENDGST $GENDGST.openssl "STDIN / FILEOUT test (keyed MD $keysize bits)"
- run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -o $GENDGST < $ORIGPT
- run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -o $GENDGST.2 < $ORIGPT
+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwordpassword" -s $SALT -c "hmac(sha256)" -o $GENDGST < $ORIGPT
+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwordpassword" -s $SALT -c "hmac(sha256)" -o $GENDGST.2 < $ORIGPT
diff_file $GENDGST $GENDGST.2 "STDIN / FILEOUT test (password)"
}
@@ -165,8 +165,8 @@ test_filein_stdout()
openssl dgst -sha256 -hmac $opensslkey $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl
diff_file $GENDGST $GENDGST.openssl "FILEIN / STDOUT test (keyed MD $keysize bits)"
- run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT > $GENDGST
- run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT > $GENDGST.2
+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwordpassword" -s $SALT -c "hmac(sha256)" -i $ORIGPT > $GENDGST
+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwordpassword" -s $SALT -c "hmac(sha256)" -i $ORIGPT > $GENDGST.2
diff_file $GENDGST $GENDGST.2 "FILEIN / STDOUT test (password)"
}
@@ -197,8 +197,8 @@ test_filein_fileout()
openssl dgst -sha256 -hmac $opensslkey $ORIGPT | awk 'BEGIN {FS="= "} {print $2}' > $GENDGST.openssl
diff_file $GENDGST $GENDGST.openssl "FILEIN / FILEOUT test (keyed MD $keysize bits)"
- run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT -o $GENDGST
- run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwd" -s $SALT -c "hmac(sha256)" -i $ORIGPT -o $GENDGST.2
+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwordpassword" -s $SALT -c "hmac(sha256)" -i $ORIGPT -o $GENDGST
+ run_app kcapi-dgst -q --pbkdfiter 1000 -p "passwordpassword" -s $SALT -c "hmac(sha256)" -i $ORIGPT -o $GENDGST.2
diff_file $GENDGST $GENDGST.2 "FILEIN / FILEOUT test (password)"
}
diff --git a/test/kcapi-enc-test.sh b/test/kcapi-enc-test.sh
index 3ace39c..63d2b23 100755
--- a/test/kcapi-enc-test.sh
+++ b/test/kcapi-enc-test.sh
@@ -163,8 +163,8 @@ test_stdin_stdout()
diff_file $GENCT $GENCT.openssl "STDIN / STDOUT enc test ($keysize bits) (openssl generated CT)"
diff_file $GENPT $GENPT.openssl "STDIN / STDOUT enc test ($keysize bits) (openssl generated PT)"
- run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -e -c "ctr(aes)" --iv $IV < $ORIGPT > $GENCT
- run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -d -c "ctr(aes)" --iv $IV < $GENCT > $GENPT
+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwordpassword" -s $IV -e -c "ctr(aes)" --iv $IV < $ORIGPT > $GENCT
+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwordpassword" -s $IV -d -c "ctr(aes)" --iv $IV < $GENCT > $GENPT
diff_file $ORIGPT $GENPT "STDIN / STDOUT enc test (password)"
}
@@ -195,8 +195,8 @@ test_stdin_fileout()
diff_file $GENCT $GENCT.openssl "STDIN / FILEOUT enc test ($keysize bits) (openssl generated CT)"
diff_file $GENPT $GENPT.openssl "STDIN / FILEOUT enc test ($keysize bits) (openssl generated PT)"
- run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -e -c "ctr(aes)" --iv $IV -o $GENCT < $ORIGPT
- run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -d -c "ctr(aes)" --iv $IV -o $GENPT < $GENCT
+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwordpassword" -s $IV -e -c "ctr(aes)" --iv $IV -o $GENCT < $ORIGPT
+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwordpassword" -s $IV -d -c "ctr(aes)" --iv $IV -o $GENPT < $GENCT
diff_file $ORIGPT $GENPT "STDIN / FILEOUT enc test (password)"
}
@@ -227,8 +227,8 @@ test_filein_stdout()
diff_file $GENCT $GENCT.openssl "FILEIN / STDOUT enc test ($keysize bits) (openssl generated CT)"
diff_file $GENPT $GENPT.openssl "FILEIN / STDOUT enc test ($keysize bits) (openssl generated PT)"
- run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -e -c "ctr(aes)" --iv $IV -i $ORIGPT > $GENCT
- run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s $IV -d -c "ctr(aes)" --iv $IV -i $GENCT > $GENPT
+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwordpassword" -s $IV -e -c "ctr(aes)" --iv $IV -i $ORIGPT > $GENCT
+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwordpassword" -s $IV -d -c "ctr(aes)" --iv $IV -i $GENCT > $GENPT
diff_file $ORIGPT $GENPT "FILEIN / STDOUT enc test (password)"
}
@@ -271,8 +271,8 @@ test_filein_fileout()
diff_file $GENCT $GENCT.openssl "FILEIN / FILEOUT enc test ($keysize bits) (openssl generated CT)"
diff_file $GENPT $GENPT.openssl "FILEIN / FILEOUT enc test ($keysize bits) (openssl generated PT)"
- run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s "123" -e -c "cbc(aes)" --iv $IV -i $ORIGPT -o $GENCT
- run_app kcapi-enc -q --pbkdfiter 1000 -p "passwd" -s "123" -d -c "cbc(aes)" --iv $IV -i $GENCT -o $GENPT
+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwordpassword" -s "123" -e -c "cbc(aes)" --iv $IV -i $ORIGPT -o $GENCT
+ run_app kcapi-enc -q --pbkdfiter 1000 -p "passwordpassword" -s "123" -d -c "cbc(aes)" --iv $IV -i $GENCT -o $GENPT
diff_file $ORIGPT $GENPT "FILEIN / FILEOUT enc test (password)"
}
diff --git a/test/test.sh b/test/test.sh
index b889335..e07589e 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -450,27 +450,27 @@ PBKDF_exp_7="133a4ce837b4d2521ee2bf03e11c71ca794e0797"
PBKDF_name_8="hmac(sha256)"
PBKDF_salt_8="73616c74"
-PBKDF_pw_8="70617373776f7264"
+PBKDF_pw_8="70617373776f726470617373776f7264"
PBKDF_count_8=4096
-PBKDF_exp_8="c5e478d59288c841aa530db6845c4c8d962893a0"
+PBKDF_exp_8="9cefdbeb6abaaf0e0b6fa3fb5bc9f2b8301d6aca"
PBKDF_name_9="hmac(sha224)"
PBKDF_salt_9="73616c74"
-PBKDF_pw_9="70617373776f7264"
+PBKDF_pw_9="70617373776f726470617373776f7264"
PBKDF_count_9=4096
-PBKDF_exp_9="218c453bf90635bd0a21a75d172703ff6108ef60"
+PBKDF_exp_9="624f7dd223ae0bd8d46a69b27f84e703e7dadd70"
PBKDF_name_10="hmac(sha384)"
PBKDF_salt_10="73616c74"
-PBKDF_pw_10="70617373776f7264"
+PBKDF_pw_10="70617373776f726470617373776f7264"
PBKDF_count_10=4096
-PBKDF_exp_10="559726be38db125bc85ed7895f6e3cf574c7a01c"
+PBKDF_exp_10="2c34a3242a138933c63fce6d827e4acf57ef528d"
PBKDF_name_11="hmac(sha512)"
PBKDF_salt_11="73616c74"
-PBKDF_pw_11="70617373776f7264"
+PBKDF_pw_11="70617373776f726470617373776f7264"
PBKDF_count_11=4096
-PBKDF_exp_11="d197b1b33db0143e018b12f3d1d1479e6cdebdcc"
+PBKDF_exp_11="299ae1f55743f2cb81be4a417b878ab32374660b"
PBKDF_name_12="cmac(aes)"
PBKDF_salt_12="73616c74"
@@ -480,9 +480,9 @@ PBKDF_exp_12="c4c112c6e1e3b8757640603dec78825ff87605a7"
PBKDF_name_13="hmac(sha512)"
PBKDF_salt_13="73616c74"
-PBKDF_pw_13="70617373776f7264"
+PBKDF_pw_13="70617373776f726470617373776f7264"
PBKDF_count_13=4096
-PBKDF_exp_13="d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5d6883f0be4c24d363b638f4c2f8d917533cd4158937d0b490697a64adadb07f180c323080a7368033eeadf9e612b2e"
+PBKDF_exp_13="299ae1f55743f2cb81be4a417b878ab32374660b17f5b328662e56296582e8a285c307947b41e00fed812c978212394574f57756c481b3d64cc91659f75a468383bcad1e25f2b85c15f8ac7004484889081eb91001b0feab9b12dd51e001491c795bdf45ff880ffe493e7acdd91f1a"
###########################################################################
###########################################################################
@@ -491,9 +491,9 @@ PBKDF_exp_13="d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b514
#RFC 5869 Appendix A vectors
HKDF_name_1="hmac(sha256)"
HKDF_ikm_1="0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
-HKDF_salt_1="000102030405060708090a0b0c"
+HKDF_salt_1="000102030405060708090a0b0c0d"
HKDF_info_1="f0f1f2f3f4f5f6f7f8f9"
-HKDF_exp_1="3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
+HKDF_exp_1="cb95d056d6ba6f084df0a03a3317bcca7f83773204b76f527f4f06736168a52bbcd88869a3a4e7972dcd"
HKDF_name_2="hmac(sha256)"
HKDF_ikm_2="000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f"
@@ -555,6 +555,11 @@ KPP_exp_2="78fbd4d1ed7ea6fc8f1e1a6f8a5c750845401589ad3c135088b4ec78f54c57b436d1a
###########################################################################
###########################################################################
+is_fips_enabled()
+{
+ test $(cat /proc/sys/crypto/fips_enabled) = "1"
+}
+
# Test required for test with multiple IOVECs on i686
check_memory() {
if [ $(cat /proc/sys/net/core/optmem_max) -lt $1 ]
@@ -576,7 +581,14 @@ check_memory_soft() {
hashfunc()
{
stream=$1
- HASHEXEC="1 2 3 4 5 6 7 8 9"
+
+ if is_fips_enabled; then
+ echo_deact "Hash tests using 3DES are disabled in FIPS"
+ HASHEXEC="2 3 4 5 6 7 8 9"
+ else
+ HASHEXEC="1 2 3 4 5 6 7 8 9"
+ fi
+
for i in $HASHEXEC
do
eval HASH_name=\$HASH_name_$i
@@ -630,7 +642,12 @@ symfunc()
aligned=$3
aiofallback=$4
- SYMEXEC="1 2 3 4 5 6 7 8 9 10 11 12"
+ if is_fips_enabled; then
+ echo_deact "Symmetric tests using 3DES are disabled in FIPS"
+ SYMEXEC="1 2 3 8 9 10 11 12"
+ else
+ SYMEXEC="1 2 3 4 5 6 7 8 9 10 11 12"
+ fi
if [ x"$stream" = x"X" ]
then
@@ -666,7 +683,11 @@ symfunc()
# Disable XTS tests for multi-threading due to the issue
# discussed in https://github.com/smuellerDD/libkcapi/issues/92
- SYMEXEC="1 2 3 4 5 6 7"
+ if is_fips_enabled; then
+ SYMEXEC="1 2 3"
+ else
+ SYMEXEC="1 2 3 4 5 6 7"
+ fi
else
sout="one shot"
fi
@@ -1148,7 +1169,13 @@ pbkdftest()
{
aligned=$1
- PBKDFEXEC="1 2 3 4 5 6 7 8 9 10 11 12 13"
+ if is_fips_enabled; then
+ echo_deact "PBKDF tests using SHA1 are disabled in FIPS"
+ PBKDFEXEC="8 9 10 11 12 13"
+ else
+ PBKDFEXEC="1 2 3 4 5 6 7 8 9 10 11 12 13"
+ fi
+
for i in $PBKDFEXEC
do
eval PBKDF_name=\$PBKDF_name_$i
@@ -1185,7 +1212,13 @@ hkdftest()
{
aligned=$1
- HKDFEXEC="1 2 3 4 5 6 7"
+ if is_fips_enabled; then
+ echo_deact "HKDF tests using SHA1 and zero length salts are disabled in FIPS"
+ HKDFEXEC="1 2"
+ else
+ HKDFEXEC="1 2 3 4 5 6 7"
+ fi
+
for i in $HKDFEXEC
do
eval HKDF_name=\$HKDF_name_$i

2060
SOURCES/9001-split-up-huge-string.patch
View File

File diff suppressed because one or more lines are too long

9
SOURCES/fipshmac-openssl.sh Normal file
View File

@ -0,0 +1,9 @@
#!/bin/bash
# Mocks fipshmac using the openssl tool.
# Only for use during RPM build.
[ "$1" = '-d' ] || exit 1
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP -hex "$3" | cut -f 2 -d ' ' \
>"$2/$(basename "$3").hmac"

272
SOURCES/libkcapi-1.1.1-Coverity_PR_follow-up.patch
View File

@ -1,272 +0,0 @@
From f24f3435be39cab2aa54a49d31968a023ab6d1d5 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Thu, 26 Jul 2018 14:09:27 +0200
Subject: [PATCH 1/3] kcapi-kdf: Clear the whole out buffer on error
The KDF functions were decrementing the output length variable in the
loop, but on error they would clear the output buffer based on this
decremented value. This patch backs up the original length and uses it
when clearing the output buffer.
The kcapi_pbkdf() function also used an incremented output buffer
pointer. This one is now also backed-up and the original value is used
when clearing the output.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kdf.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
index 78a7e0d..6eccbe1 100644
--- a/lib/kcapi-kdf.c
+++ b/lib/kcapi-kdf.c
@@ -99,6 +99,7 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle,
uint32_t h = kcapi_md_digestsize(handle);
int32_t err = 0;
uint8_t *dst_orig = dst;
+ uint32_t dlen_orig = dlen;
uint8_t Ai[h];
uint32_t i = 1;
@@ -161,7 +162,7 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle,
return 0;
err:
- kcapi_memset_secure(dst_orig, 0, dlen);
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
kcapi_memset_secure(Ai, 0, h);
return err;
}
@@ -174,6 +175,7 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle,
uint32_t h = kcapi_md_digestsize(handle);
int32_t err = 0;
uint8_t *dst_orig = dst;
+ uint32_t dlen_orig = dlen;
const uint8_t *label;
uint32_t labellen = 0;
uint32_t i = 1;
@@ -238,7 +240,7 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle,
return 0;
err:
- kcapi_memset_secure(dst_orig, 0, dlen);
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
return err;
}
@@ -250,6 +252,7 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle,
uint32_t h = kcapi_md_digestsize(handle);
int32_t err = 0;
uint8_t *dst_orig = dst;
+ uint32_t dlen_orig = dlen;
uint32_t i = 1;
if (dlen > INT_MAX)
@@ -295,7 +298,7 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle,
return 0;
err:
- kcapi_memset_secure(dst_orig, 0, dlen);
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
return err;
}
@@ -316,6 +319,7 @@ int32_t kcapi_hkdf(const char *hashname,
uint8_t *prev = NULL;
int32_t err = 0;
uint8_t *dst_orig = dst;
+ uint32_t dlen_orig = dlen;
uint8_t ctr = 0x01;
struct kcapi_handle *handle = NULL;
@@ -415,7 +419,7 @@ int32_t kcapi_hkdf(const char *hashname,
goto out;
err:
- kcapi_memset_secure(dst_orig, 0, dlen);
+ kcapi_memset_secure(dst_orig, 0, dlen_orig);
out:
kcapi_memset_secure(prk_tmp, 0, h);
kcapi_md_destroy(handle);
@@ -552,6 +556,8 @@ int32_t kcapi_pbkdf(const char *hashname,
uint8_t *key, uint32_t keylen)
{
struct kcapi_handle *handle;
+ uint8_t *key_orig = key;
+ uint32_t keylen_orig = keylen;
uint32_t h, i = 1;
#define MAX_DIGESTSIZE 64
uint8_t u[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t))));
@@ -633,7 +639,7 @@ int32_t kcapi_pbkdf(const char *hashname,
err:
kcapi_memset_secure(u, 0, h);
if (err)
- kcapi_memset_secure(key, 0, keylen);
+ kcapi_memset_secure(key_orig, 0, keylen_orig);
kcapi_md_destroy(handle);
return err;
From eacb82b193a94d46d2ea70c621176d79a5486008 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Thu, 26 Jul 2018 14:12:51 +0200
Subject: [PATCH 2/3] kcapi-kdf: Simplify handling of final blocks
This patch avoids the use of temporary buffers when handling the last
block in the KDF functions, taking advantage of the fact that
kcapi_md_final() can be used to retrieve also a truncated hash directly.
The new code no longer produces a false-positive warning with CLang
static analysis, so the workaround (which Coverity identifies as
unreachable code) can be removed.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kdf.c | 43 +++++++++----------------------------------
1 file changed, 9 insertions(+), 34 deletions(-)
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
index 6eccbe1..afa6eb3 100644
--- a/lib/kcapi-kdf.c
+++ b/lib/kcapi-kdf.c
@@ -140,13 +140,9 @@ int32_t kcapi_kdf_dpi(struct kcapi_handle *handle,
}
if (dlen < h) {
- uint8_t tmpbuffer[h];
-
- err = kcapi_md_final(handle, tmpbuffer, h);
+ err = kcapi_md_final(handle, dst, dlen);
if (err < 0)
goto err;
- memcpy(dst, tmpbuffer, dlen);
- kcapi_memset_secure(tmpbuffer, 0, h);
dlen = 0;
} else {
err = kcapi_md_final(handle, dst, h);
@@ -219,14 +215,10 @@ int32_t kcapi_kdf_fb(struct kcapi_handle *handle,
}
if (dlen < h) {
- uint8_t tmpbuffer[h];
-
- err = kcapi_md_final(handle, tmpbuffer, h);
+ err = kcapi_md_final(handle, dst, dlen);
if (err < 0)
goto err;
- memcpy(dst, tmpbuffer, dlen);
- kcapi_memset_secure(tmpbuffer, 0, h);
- return 0;
+ dlen = 0;
} else {
err = kcapi_md_final(handle, dst, h);
if (err < 0)
@@ -276,14 +268,10 @@ int32_t kcapi_kdf_ctr(struct kcapi_handle *handle,
}
if (dlen < h) {
- uint8_t tmpbuffer[h];
-
- err = kcapi_md_final(handle, tmpbuffer, h);
+ err = kcapi_md_final(handle, dst, dlen);
if (err < 0)
goto err;
- memcpy(dst, tmpbuffer, dlen);
- kcapi_memset_secure(tmpbuffer, 0, h);
- return 0;
+ dlen = 0;
} else {
err = kcapi_md_final(handle, dst, h);
if (err < 0)
@@ -392,16 +380,10 @@ int32_t kcapi_hkdf(const char *hashname,
goto err;
if (dlen < h) {
- err = kcapi_md_final(handle, prk_tmp, h);
+ err = kcapi_md_final(handle, dst, dlen);
if (err < 0)
goto err;
- /* Shut up Clang */
- if (!dst) {
- err = -EFAULT;
- goto err;
- }
- memcpy(dst, prk_tmp, dlen);
dlen = 0;
} else {
err = kcapi_md_final(handle, dst, h);
@@ -561,8 +543,6 @@ int32_t kcapi_pbkdf(const char *hashname,
uint32_t h, i = 1;
#define MAX_DIGESTSIZE 64
uint8_t u[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t))));
- uint8_t T[MAX_DIGESTSIZE] __attribute__ ((aligned (sizeof(uint64_t)))) =
- { 0 };
int32_t err = 0;
if (keylen > INT_MAX)
@@ -617,17 +597,12 @@ int32_t kcapi_pbkdf(const char *hashname,
if (err < 0)
goto err;
- if (keylen < h)
- kcapi_xor_64_aligned(T, u, h);
- else
- kcapi_xor_64(key, u, h);
+ kcapi_xor_64(key, u, keylen < h ? keylen : h);
}
- if (keylen < h) {
- memcpy(key, T, keylen);
- kcapi_memset_secure(T, 0, keylen);
+ if (keylen < h)
keylen = 0;
- } else {
+ else {
keylen -= h;
key += h;
i++;
From c9ed6b2c07026e9bafd99e6c288cfbd175fd237f Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Thu, 26 Jul 2018 14:28:53 +0200
Subject: [PATCH 3/3] kcapi-kdf: Fix unused function warning on 32-bit
The kcapi_xor_64_aligned() is now unused when compiling in 32-bit mode,
so we need to define it only in the 64-bit case, otherwise the build
fails under CLang due to an usnused function warning.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kdf.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
index afa6eb3..a219d63 100644
--- a/lib/kcapi-kdf.c
+++ b/lib/kcapi-kdf.c
@@ -503,10 +503,10 @@ static inline void kcapi_xor_32(uint8_t *dst, const uint8_t *src, uint32_t size)
kcapi_xor_8(dst, src, size);
}
+#ifdef __LP64__
static inline void kcapi_xor_64_aligned(uint8_t *dst, const uint8_t *src,
uint32_t size)
{
-#ifdef __LP64__
uint64_t *dst_dword = (uint64_t *)dst;
uint64_t *src_dword = (uint64_t *)src;
@@ -514,10 +514,8 @@ static inline void kcapi_xor_64_aligned(uint8_t *dst, const uint8_t *src,
*dst_dword++ ^= *src_dword++;
kcapi_xor_32_aligned((uint8_t *)dst_dword, (uint8_t *)src_dword, size);
-#else
- kcapi_xor_32_aligned(dst, src, size);
-#endif
}
+#endif
static inline void kcapi_xor_64(uint8_t *dst, const uint8_t *src, uint32_t size)
{

47
SOURCES/libkcapi-1.1.1-Fix_possible_buffer_overflow_with_strncpy.patch
View File

@ -1,47 +0,0 @@
From 3e388ac4eba63b466bf6b14b2088ea44c8a2bfe4 Mon Sep 17 00:00:00 2001
From: Krzysztof Kozlowski <krzk@kernel.org>
Date: Thu, 12 Jul 2018 18:13:16 +0200
Subject: [PATCH] Fix possible buffer overflow with strncpy and
-Wstringop-truncation warning
If valid cipher name (to which netlink socket was bound) is longer than
CRYPTO_MAX_ALG_NAME defined in lib/cryptouser.h, then the strncpy() will
try to copy length of this cipher name into smaller buffer.
In libkcapi the CRYPTO_MAX_ALG_NAME (thus the size of the buffer) is
defined as 64 but since commit f437a3f477cc ("crypto: api - Extend
algorithm name limit to 128 bytes") in Linux kernel (v4.12), the kernel
defines it as 128.
It is error-prone to use source buffer length as limit of dst buffer.
Instead choose sizeof(dst buffer).
This also fixes the warning with GCC v8.1.0:
lib/kcapi-kernel-if.c: In function '__kcapi_common_getinfo.isra.2':
lib/kcapi-kernel-if.c:632:3: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
strncpy(req.cru.cru_name, ciphername, strlen(ciphername));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kernel-if.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
index 2481f8a..807cbfe 100644
--- a/lib/kcapi-kernel-if.c
+++ b/lib/kcapi-kernel-if.c
@@ -627,9 +627,9 @@ static int __kcapi_common_getinfo(struct kcapi_handle *handle,
if (drivername)
strncpy(req.cru.cru_driver_name, ciphername,
- strlen(ciphername));
+ sizeof(req.cru.cru_driver_name) - 1);
else
- strncpy(req.cru.cru_name, ciphername, strlen(ciphername));
+ strncpy(req.cru.cru_name, ciphername, sizeof(req.cru.cru_name) - 1);
/* talk to netlink socket */
sd = socket(AF_NETLINK, SOCK_RAW, NETLINK_CRYPTO);

801
SOURCES/libkcapi-1.1.1-Fix_various_issues_reported_by_Coverity.patch
View File

@ -1,801 +0,0 @@
From 633569b273d63244fccf1a1e65acc8c8252c2f48 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:39:32 +0200
Subject: [PATCH 01/16] apps: Check return code of fstat()
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
apps/app-internal.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/apps/app-internal.c b/apps/app-internal.c
index 25cef80..e80c304 100644
--- a/apps/app-internal.c
+++ b/apps/app-internal.c
@@ -255,7 +255,12 @@ int read_complete(int fd, uint8_t *buf, uint32_t buflen)
int check_filetype(int fd, struct stat *sb, const char *filename)
{
- fstat(fd, sb);
+ int ret = fstat(fd, sb);
+ if (ret) {
+ dolog(KCAPI_LOG_ERR,
+ "fstat() failed: %s", strerror(errno));
+ return -errno;
+ }
/* Do not return an error in case we cannot validate the data. */
if ((sb->st_mode & S_IFMT) != S_IFREG &&
From bb1685801cf3f2c94c4591808a1a8499147b0249 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:45:48 +0200
Subject: [PATCH 02/16] kcapi-hasher: Fix strerror() call
strerror() expects a nonnegative error number. Here we can just pass
errno instead of decoding the error from the return value of read().
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
apps/kcapi-hasher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 2fc3ddc..5769502 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -227,7 +227,7 @@ static int load_file(const char *filename, uint8_t **memory, uint32_t *size)
while ((rdbytes = read(fd, buffer + offset, buffer_size - offset)) != 0) {
if (rdbytes < 0) {
fprintf(stderr, "Error reading file %s: %s\n", filename,
- strerror((int)rdbytes));
+ strerror(errno));
ret = -EIO;
goto out;
}
From fadc3f42bbd44bd78f78f58c935ae7126b6eb2ce Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:50:36 +0200
Subject: [PATCH 03/16] kcapi-hasher: Fix fd leak in load_file()
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
apps/kcapi-hasher.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 5769502..52fca78 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -258,6 +258,8 @@ static int load_file(const char *filename, uint8_t **memory, uint32_t *size)
*memory = buffer;
*size = (uint32_t)offset;
+
+ close(fd);
return 0;
out:
From 5ee2bc94de5e70703ed6ad288b3c664a1cff4fcf Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 08:53:13 +0200
Subject: [PATCH 04/16] kcapi-hasher: Fix buffer overrun in process_checkfile()
The 'buf[(bsd_style - 4)]' access on line 593 can overrun the buffer if
bsd_style is exactly 3, which can theoretically happen if the BSD-style
separator is found at the very beginning of the line. Fix this by
starting to search for the separator at index 1 (it can't really be at
index 0 anyway).
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
apps/kcapi-hasher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 52fca78..daab735 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -544,7 +544,7 @@ static int process_checkfile(const struct hash_params *params,
break;
}
- for (i = 0; i < linelen; i++) {
+ for (i = 1; i < linelen; i++) {
/*
* Check for BSD-style separator between file name and
* hash value.
From 1520fca1f9b2231bcb5101eab32e8e859b33a66c Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:05:45 +0200
Subject: [PATCH 05/16] docproc: Use correct sizeof() argument for clarity
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/doc/bin/docproc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c
index 4e52c1b..2313592 100644
--- a/lib/doc/bin/docproc.c
+++ b/lib/doc/bin/docproc.c
@@ -154,7 +154,8 @@ int symfilecnt = 0;
static void add_new_symbol(struct symfile *sym, char * symname)
{
sym->symbollist =
- realloc(sym->symbollist, (sym->symbolcnt + 1) * sizeof(char *));
+ realloc(sym->symbollist,
+ (sym->symbolcnt + 1) * sizeof(struct symbols));
sym->symbollist[sym->symbolcnt++].name = strdup(symname);
}
From ed6c64434d42ba43efd839d4b0c693623442968f Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:09:44 +0200
Subject: [PATCH 06/16] docproc: Fail early on malloc/realloc failures
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/doc/bin/docproc.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c
index 2313592..9a0a931 100644
--- a/lib/doc/bin/docproc.c
+++ b/lib/doc/bin/docproc.c
@@ -156,6 +156,10 @@ static void add_new_symbol(struct symfile *sym, char * symname)
sym->symbollist =
realloc(sym->symbollist,
(sym->symbolcnt + 1) * sizeof(struct symbols));
+ if (!sym->symbollist) {
+ perror("realloc");
+ exit(1);
+ }
sym->symbollist[sym->symbolcnt++].name = strdup(symname);
}
@@ -391,12 +395,20 @@ static void find_all_symbols(char *filename)
default:
close(pipefd[1]);
data = malloc(4096);
+ if (!data) {
+ perror("malloc");
+ exit(1);
+ }
do {
while ((ret = read(pipefd[0],
data + data_len,
4096)) > 0) {
data_len += ret;
data = realloc(data, data_len + 4096);
+ if (!data) {
+ perror("realloc");
+ exit(1);
+ }
}
} while (ret == -EAGAIN);
if (ret != 0) {
@@ -421,6 +433,10 @@ static void find_all_symbols(char *filename)
start = all_list_len;
all_list_len += count;
all_list = realloc(all_list, sizeof(char *) * all_list_len);
+ if (!all_list) {
+ perror("realloc");
+ exit(1);
+ }
str = data;
for (i = 0; i < (int)data_len && start != all_list_len; i++) {
if (data[i] == '\0') {
From 1beccc4fa0af3ce57e0ff21d42907e774c4eb8fe Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:15:36 +0200
Subject: [PATCH 07/16] cryptoperf: Fix check of return value of open()
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
speed-test/cryptoperf-base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/speed-test/cryptoperf-base.c b/speed-test/cryptoperf-base.c
index 55cd7ea..b564e19 100644
--- a/speed-test/cryptoperf-base.c
+++ b/speed-test/cryptoperf-base.c
@@ -179,7 +179,7 @@ int cp_read_random(unsigned char *buf, size_t buflen)
size_t len = 0;
fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
- if(0 >= fd)
+ if(0 > fd)
return fd;
do {
ret = read(fd, (buf + len), (buflen - len));
From d41a21125e72e9ad611451bb9753489a1f96af5e Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 09:30:01 +0200
Subject: [PATCH 08/16] cryptoperf: Fix buffer overrun in cp_print_status()
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
speed-test/cryptoperf-base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/speed-test/cryptoperf-base.c b/speed-test/cryptoperf-base.c
index b564e19..c56c2ce 100644
--- a/speed-test/cryptoperf-base.c
+++ b/speed-test/cryptoperf-base.c
@@ -159,7 +159,7 @@ char *cp_print_status(struct cp_test *test, int raw)
memset(byteseconds, 0, sizeof(byteseconds));
cp_bytes2string((processed_bytes / totaltime), byteseconds,
- (VALLEN + 1));
+ VALLEN);
snprintf(str, 120, "%-24s|%s|%8lu bytes|%*s/s|%lu ops/s",
test->testname,
test->enc ? "e" : "d",
From 5d17c564f7edae17b355f8cec7fa4c9685b10422 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 23 Jul 2018 10:05:50 +0200
Subject: [PATCH 09/16] test/cryptoperf: Check the return value of sysconf()
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
speed-test/cryptoperf-aead.c | 10 ++++++--
speed-test/cryptoperf-skcipher.c | 8 +++++-
test/kcapi-main.c | 53 +++++++++++++++++++---------------------
3 files changed, 40 insertions(+), 31 deletions(-)
diff --git a/speed-test/cryptoperf-aead.c b/speed-test/cryptoperf-aead.c
index b2c0010..5a0446a 100644
--- a/speed-test/cryptoperf-aead.c
+++ b/speed-test/cryptoperf-aead.c
@@ -36,6 +36,12 @@ static int cp_aead_init_test(struct cp_test *test, int enc, int ccm)
unsigned char ivrand[MAX_KEYLEN];
unsigned char *ivdata = NULL;
uint32_t ivlen = 0;
+ long pagesize = sysconf(_SC_PAGESIZE);
+
+ if (pagesize < 0) {
+ printf(DRIVER_NAME": unable to determine the page size\n");
+ return -errno;
+ }
dbg("Initializing AEAD test %s\n", test->testname);
if (!test->driver_name) {
@@ -97,14 +103,14 @@ static int cp_aead_init_test(struct cp_test *test, int enc, int ccm)
test->u.aead.assoclen, TAGLEN);
}
- if (posix_memalign((void *)&input, sysconf(_SC_PAGESIZE),
+ if (posix_memalign((void *)&input, pagesize,
test->u.aead.indatalen *
(params->aio ? params->aio : 1))) {
printf(DRIVER_NAME": could not allocate input buffer for "
"%s\n", test->driver_name);
goto out;
}
- if (posix_memalign((void *)&output, sysconf(_SC_PAGESIZE),
+ if (posix_memalign((void *)&output, pagesize,
test->u.aead.outdatalen *
(params->aio ? params->aio : 1))) {
printf(DRIVER_NAME": could not allocate output buffer for "
diff --git a/speed-test/cryptoperf-skcipher.c b/speed-test/cryptoperf-skcipher.c
index a2db369..fb7123b 100644
--- a/speed-test/cryptoperf-skcipher.c
+++ b/speed-test/cryptoperf-skcipher.c
@@ -34,6 +34,12 @@ static int cp_skcipher_init_test(struct cp_test *test)
unsigned char *ivdata = NULL;
unsigned int bs;
int err;
+ long pagesize = sysconf(_SC_PAGESIZE);
+
+ if (pagesize < 0) {
+ printf(DRIVER_NAME": unable to determine the page size\n");
+ return -errno;
+ }
dbg("Initializing symmetric test %s\n", test->testname);
if (!test->driver_name) {
@@ -75,7 +81,7 @@ static int cp_skcipher_init_test(struct cp_test *test)
cp_read_random(ivdata, kcapi_cipher_blocksize(test->u.skcipher.handle));
test->u.skcipher.iv = ivdata;
- err = posix_memalign((void *)&scratchpad, sysconf(_SC_PAGESIZE),
+ err = posix_memalign((void *)&scratchpad, pagesize,
kcapi_cipher_blocksize(test->u.skcipher.handle) * params->len *
(params->aio ? params->aio : 1));
if (err) {
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index c167b7f..b0ec2ca 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -86,6 +86,8 @@ struct kcapi_cavs {
uint32_t outlen;
};
+static long pagesize;
+
static char hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
static char hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7',
@@ -808,8 +810,7 @@ static int cavs_sym(struct kcapi_cavs *cavs_test, uint32_t loops,
outbuflen = cavs_test->ctlen;
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- outbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
goto out;
memset(outbuf, 0, outbuflen);
} else {
@@ -918,12 +919,10 @@ static int cavs_sym_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
outbuflen = cavs_test->ctlen;
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- outbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
goto out;
memset(outbuf, 0, outbuflen);
- if (posix_memalign((void *)&outbuf2, sysconf(_SC_PAGESIZE),
- outbuflen))
+ if (posix_memalign((void *)&outbuf2, pagesize, outbuflen))
goto out;
memset(outbuf2, 0, outbuflen);
} else {
@@ -1072,7 +1071,7 @@ static int cavs_sym_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
return -ENOMEM;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), outbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, outbuflen))
goto out;
memset(outbuf, 0, outbuflen);
} else {
@@ -1241,7 +1240,7 @@ static int cavs_aead(struct kcapi_cavs *cavs_test, uint32_t loops,
fullbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), fullbuflen))
+ if (posix_memalign((void *)&inbuf, pagesize, fullbuflen))
goto out;
memset(inbuf, 0, fullbuflen);
} else {
@@ -1425,8 +1424,7 @@ static int cavs_aead_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
maxbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE),
- loops * maxbuflen))
+ if (posix_memalign((void *)&inbuf, pagesize, loops * maxbuflen))
goto out;
memset(inbuf, 0, loops * maxbuflen);
} else {
@@ -1596,7 +1594,7 @@ static int cavs_aead_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
maxbuflen = (inbuflen > outbuflen) ? inbuflen : outbuflen;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), maxbuflen))
+ if (posix_memalign((void *)&outbuf, pagesize, maxbuflen))
goto out;
memset(outbuf, 0, maxbuflen);
} else {
@@ -1830,9 +1828,9 @@ static int cavs_aead_large(int stream, uint32_t loops, int splice)
test.keylen = len / 2;
len = strlen(aad);
- if (posix_memalign((void *)&test.assoc, sysconf(_SC_PAGESIZE), (16 * sysconf(_SC_PAGESIZE))))
+ if (posix_memalign((void *)&test.assoc, pagesize, (16 * pagesize)))
goto out;
- hex2bin(aad, len, test.assoc, (sysconf(_SC_PAGESIZE) * 16));
+ hex2bin(aad, len, test.assoc, (pagesize * 16));
test.assoclen = len / 2;
test.taglen = 16;
@@ -2052,8 +2050,7 @@ static int cavs_asym(struct kcapi_cavs *cavs_test, uint32_t loops,
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- maxsize))
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize))
goto out;
memset(outbuf, 0, maxsize);
} else {
@@ -2164,11 +2161,10 @@ static int cavs_asym_aio(struct kcapi_cavs *cavs_test, uint32_t loops,
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- maxsize * loops))
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize * loops))
goto out;
memset(outbuf, 0, maxsize * loops);
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE),
+ if (posix_memalign((void *)&inbuf, pagesize,
cavs_test->ptlen * loops))
goto out;
memset(outbuf, 0, cavs_test->ptlen * loops);
@@ -2294,10 +2290,10 @@ static int cavs_asym_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), maxsize * NUMIOVECS))
+ if (posix_memalign((void *)&outbuf, pagesize, maxsize * NUMIOVECS))
goto out;
memset(outbuf, 0, maxsize);
- if (posix_memalign((void *)&inbuf, sysconf(_SC_PAGESIZE), inbuflen))
+ if (posix_memalign((void *)&inbuf, pagesize, inbuflen))
goto out;
memset(inbuf, 0, inbuflen);
} else {
@@ -2489,8 +2485,7 @@ static int cavs_kdf_common(struct kcapi_cavs *cavs_test, uint32_t loops)
uint32_t i = 0;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- cavs_test->outlen))
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
return -ENOMEM;
memset(outbuf, 0, cavs_test->outlen);
} else {
@@ -2571,8 +2566,7 @@ static int cavs_hkdf(struct kcapi_cavs *cavs_test, uint32_t loops)
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- cavs_test->outlen))
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
return -ENOMEM;
memset(outbuf, 0, cavs_test->outlen);
} else {
@@ -2671,8 +2665,7 @@ static int cavs_pbkdf(struct kcapi_cavs *cavs_test, uint32_t loops)
}
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE),
- cavs_test->outlen))
+ if (posix_memalign((void *)&outbuf, pagesize, cavs_test->outlen))
return -ENOMEM;
memset(outbuf, 0, cavs_test->outlen);
} else {
@@ -2928,7 +2921,7 @@ static int kpp(struct kcapi_cavs *cavs_test, uint32_t loops, int splice)
outbuflen = ret;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), ret))
+ if (posix_memalign((void *)&outbuf, pagesize, ret))
return -ENOMEM;
memset(outbuf, 0, ret);
} else {
@@ -3001,7 +2994,7 @@ static int kpp_aio(struct kcapi_cavs *cavs_test, uint32_t loops, int splice)
outbuflen = ret;
if (cavs_test->aligned) {
- if (posix_memalign((void *)&outbuf, sysconf(_SC_PAGESIZE), ret))
+ if (posix_memalign((void *)&outbuf, pagesize, ret))
return -ENOMEM;
memset(outbuf, 0, ret);
} else {
@@ -3072,6 +3065,10 @@ int main(int argc, char *argv[])
int splice = KCAPI_ACCESS_SENDMSG;
struct kcapi_cavs cavs_test;
+ pagesize = sysconf(_SC_PAGESIZE);
+ if (pagesize < 0)
+ return 1;
+
memset(&cavs_test, 0, sizeof(struct kcapi_cavs));
kcapi_set_verbosity(KCAPI_LOG_WARN);
From 4c904fbf621b0fb01d79c1b01d28c296f36e6d8a Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 11:10:01 +0200
Subject: [PATCH 10/16] docproc: Fix memory leak
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/doc/bin/docproc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/doc/bin/docproc.c b/lib/doc/bin/docproc.c
index 9a0a931..ad8d3a0 100644
--- a/lib/doc/bin/docproc.c
+++ b/lib/doc/bin/docproc.c
@@ -445,6 +445,7 @@ static void find_all_symbols(char *filename)
start++;
}
}
+ free(data);
}
/*
From 6092ff27886b7d40ea056f6c02a9c3fd5803df0d Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 11:10:35 +0200
Subject: [PATCH 11/16] kcapi-aead: Remove an unreachable statement
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-aead.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/lib/kcapi-aead.c b/lib/kcapi-aead.c
index 7f8348f..d32c1e4 100644
--- a/lib/kcapi-aead.c
+++ b/lib/kcapi-aead.c
@@ -249,8 +249,6 @@ int32_t kcapi_aead_encrypt_aio(struct kcapi_handle *handle, struct iovec *iniov,
return _kcapi_aead_encrypt_aio_fallback(handle, iniov, outiov, iovlen,
iv);
-
- return ret;
}
DSO_PUBLIC
From 41a64a4363da4cce0f8de654f7dceef5c3fd6285 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 12:23:18 +0200
Subject: [PATCH 12/16] kcapi-kdf: Fix buffer overruns in error paths
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kdf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c
index bf150c1..78a7e0d 100644
--- a/lib/kcapi-kdf.c
+++ b/lib/kcapi-kdf.c
@@ -336,6 +336,7 @@ int32_t kcapi_hkdf(const char *hashname,
if (h > HKDF_MAXHASH) {
kcapi_dolog(KCAPI_LOG_ERR,
"Null salt size too small for hash\n");
+ h = HKDF_MAXHASH;
err = -EFAULT;
goto err;
}
@@ -570,6 +571,7 @@ int32_t kcapi_pbkdf(const char *hashname,
kcapi_dolog(KCAPI_LOG_ERR,
"Programming error in file %s at line %u\n",
__FILE__, __LINE__);
+ h = MAX_DIGESTSIZE;
err = -EFAULT;
goto err;
}
From 33c3b71ba5577c0b2bcdf8eb880642e0ab461079 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 12:26:55 +0200
Subject: [PATCH 13/16] kcapi-kernel-if: Simplify iovec validity check
Current check is awkward, just checking iov for NULL seems to make CLang
happy.
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-kernel-if.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
index 807cbfe..595ce68 100644
--- a/lib/kcapi-kernel-if.c
+++ b/lib/kcapi-kernel-if.c
@@ -257,11 +257,11 @@ int32_t _kcapi_common_vmsplice_iov(struct kcapi_handle *handle,
uint32_t inlen = 0;
unsigned long i;
- for (i = 0; i < iovlen; i++) {
- if (!(iov + i))
- return -EINVAL;
+ if (iovlen && !iov)
+ return -EINVAL;
+
+ for (i = 0; i < iovlen; i++)
inlen += iov[i].iov_len;
- }
/* kernel processes input data with max size of one page */
handle->processed_sg += ((inlen + sysconf(_SC_PAGESIZE) - 1) /
From c1f82d3b78031037f7098bd26b5da00eceecc00a Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 12:37:15 +0200
Subject: [PATCH 14/16] test: Allocate name even if size is zero
We still need one byte for the terminating null character.
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/kcapi-main.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index b0ec2ca..d20e74c 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -275,13 +275,11 @@ static int fuzz_init_test(unsigned int size)
kcapi_set_verbosity(KCAPI_LOG_NONE);
- if (size) {
- name = calloc(1, size + 1);
+ name = calloc(1, size + 1);
- if (!name) {
- printf("Allocation of %u bytes failed", size);
- return 1;
- }
+ if (!name) {
+ printf("Allocation of %u bytes failed", size);
+ return 1;
}
if (get_random(name, size, 0)) {
From 698fcb68572b5d315b27294bd3e9ee2c058920f6 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 12:41:37 +0200
Subject: [PATCH 15/16] test: Fix resource leak and error handling
The fuzz_cipher() and fuzz_aead() functions did not always return error
when it should and it did not always release the cipher handle on
return. This patch fixes both issues.
Found by Coverity.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/kcapi-main.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index d20e74c..b3f6ae9 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -352,11 +352,11 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags,
uint8_t indata[4096];
uint8_t outdata[4096];
unsigned int i;
- int ret = 0;
+ int ret = 1;
if (kcapi_cipher_init(&handle, cavs_test->cipher, 0)) {
printf("Allocation of %s cipher failed\n", cavs_test->cipher);
- return -EFAULT;
+ return 1;
}
/* Set key */
@@ -366,7 +366,7 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags,
for (i = 0; i < sizeof(key); i++) {
if (get_random(key, i, 0)) {
printf("get_random call failed\n");
- return 1;
+ goto out;
}
kcapi_cipher_setkey(handle, key, i);
}
@@ -388,7 +388,7 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags,
if (get_random(indata, i, 0)) {
printf("get_random call failed\n");
- return 1;
+ goto out;
}
if (flags & FUZZ_LESSOUT)
@@ -429,11 +429,11 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
uint8_t indata[4096];
uint8_t outdata[4096];
unsigned int i;
- int ret = 0;
+ int ret = 1;
if (kcapi_aead_init(&handle, cavs_test->cipher, 0)) {
printf("Allocation of %s cipher failed\n", cavs_test->cipher);
- return -EFAULT;
+ return 1;
}
/* Set key */
@@ -443,7 +443,7 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
for (i = 0; i < sizeof(key); i++) {
if (get_random(key, i, 0)) {
printf("get_random call failed\n");
- return 1;
+ goto out;
}
kcapi_aead_setkey(handle, key, i);
}
@@ -479,7 +479,7 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
if (get_random(indata, i, 0)) {
printf("get_random call failed\n");
- return 1;
+ goto out;
}
if (flags & FUZZ_LESSOUT)
From ec9c36216623b94684c9e5ca8be26455b490bdef Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 25 Jul 2018 16:52:13 +0200
Subject: [PATCH 16/16] test: Clean up after NULL string fix
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/kcapi-main.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index b3f6ae9..3cba467 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -271,14 +271,12 @@ static int fuzz_init_test(unsigned int size)
{
struct kcapi_handle *handle;
int ret = 0;
- uint8_t *name = NULL;
+ uint8_t *name = calloc(1, size + 1);
kcapi_set_verbosity(KCAPI_LOG_NONE);
- name = calloc(1, size + 1);
-
if (!name) {
- printf("Allocation of %u bytes failed", size);
+ printf("Allocation of %u bytes failed", size + 1);
return 1;
}
@@ -317,10 +315,10 @@ static int fuzz_init_test(unsigned int size)
fail:
fprintf(stdout, "allocation success of nonsense string ");
- if (name)
+ if (size)
bin2print(name, size);
else
- fprintf(stdout, "NULL\n");
+ fprintf(stdout, "EMPTY\n");
free(name);
return 1;
}

186
SOURCES/libkcapi-1.1.1-kcapi-hasher_Add_missing_-d_option_to_fipshmac.patch
View File

@ -1,186 +0,0 @@
From 2a0642407dd227d24e646c170d8afd47ab917899 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 16 Jul 2018 15:17:29 +0200
Subject: [PATCH] kcapi-hasher: Add missing -d option to fipshmac
---
apps/kcapi-hasher.c | 61 ++++++++++++++++++++++++++++-------------------------
1 file changed, 32 insertions(+), 29 deletions(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 6782dbc..2fc3ddc 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -71,7 +71,7 @@ struct hash_name {
};
struct hash_key {
- const char *subdir;
+ const char *checkdir;
const uint8_t *data;
uint32_t len;
};
@@ -108,12 +108,20 @@ static const char hmaccalc_hmackey[] = "FIPS-FTW-RHT2009";
static const struct hash_key KEY_FIPSCHECK = {
.data = (const uint8_t *)fipscheck_hmackey,
.len = sizeof(fipscheck_hmackey) - 1,
- .subdir = "fipscheck",
+#ifdef CHECK_DIR
+ .checkdir = CHECK_DIR"/fipscheck",
+#else
+ .checkdir = NULL,
+#endif
};
static const struct hash_key KEY_HMACCALC = {
.data = (const uint8_t *)hmaccalc_hmackey,
.len = sizeof(hmaccalc_hmackey) - 1,
- .subdir = "hmaccalc",
+#ifdef CHECK_DIR
+ .checkdir = CHECK_DIR"/hmaccalc",
+#else
+ .checkdir = NULL,
+#endif
};
static void usage(char *name, int fipscheck)
@@ -142,7 +150,8 @@ static void usage(char *name, int fipscheck)
fprintf(stderr, "\t-k --key-file FILE\tUse HMAC key from given file\n");
fprintf(stderr, "\t-K --key KEY\t\tUse KEY as the HMAC key\n");
fprintf(stderr, "\t --tag\t\tCreate a BSD-style checksum\n");
- fprintf(stderr, "\t-b, -d, -P\t\tCompatibility hmaccalc options; ignored\n");
+ fprintf(stderr, "\t-d\t\t\tCheck directory for fipshmac; otherwise ignored\n");
+ fprintf(stderr, "\t-b, -P\t\t\tCompatibility hmaccalc options; ignored\n");
fprintf(stderr, "\t --help\t\tPrint this help text\n");
fprintf(stderr, "\t-v --version\t\tShow version\n");
}
@@ -368,7 +377,7 @@ static char *paste(char *dst, const char *src, size_t size)
* return: NULL when malloc failed, a pointer that the caller must free
* otherwise.
*/
-static char *get_hmac_file(const char *filename, const char *subdir)
+static char *get_hmac_file(const char *filename, const char *checkdir)
{
size_t i, filelen, pathlen, namelen, basenamestart = 0;
size_t prefixlen = strlen(CHECK_PREFIX);
@@ -386,12 +395,7 @@ static char *get_hmac_file(const char *filename, const char *subdir)
}
namelen = filelen - basenamestart;
-#ifdef CHECK_DIR
- pathlen = strlen(CHECK_DIR"/") + strlen(subdir) + 1;
-#else
- (void)subdir; // avoid parameter unused warning
- pathlen = basenamestart;
-#endif
+ pathlen = checkdir ? strlen(checkdir) + 1 : basenamestart;
checkfile = malloc(pathlen + namelen + prefixlen + 1 /* "." */ +
suffixlen + 1 /* null character */);
@@ -399,14 +403,12 @@ static char *get_hmac_file(const char *filename, const char *subdir)
return NULL;
cursor = checkfile;
-#ifdef CHECK_DIR
- cursor = paste(cursor, CHECK_DIR"/", strlen(CHECK_DIR"/"));
- cursor = paste(cursor, subdir, strlen(subdir));
- cursor = paste(cursor, "/", 1);
-#else
- if (pathlen > 0)
+ if (checkdir) {
+ cursor = paste(cursor, checkdir, strlen(checkdir));
+ cursor = paste(cursor, "/", 1);
+ } else if (pathlen > 0)
cursor = paste(cursor, filename, pathlen);
-#endif
+
cursor = paste(cursor, CHECK_PREFIX, prefixlen);
cursor = paste(cursor, filename + basenamestart, namelen);
cursor = paste(cursor, "."CHECK_SUFFIX, 1 + suffixlen);
@@ -417,7 +419,7 @@ static char *get_hmac_file(const char *filename, const char *subdir)
static int hash_files(const struct hash_params *params,
char *filenames[], uint32_t files,
- int fipshmac, int just_print)
+ int fipshmac, const char *checkdir, int just_print)
{
struct kcapi_handle *handle;
const char *hashname = params->name.kcapiname;
@@ -446,9 +448,7 @@ static int hash_files(const struct hash_params *params,
const char *filename = filenames[i];
if (fipshmac) {
- char *outfile = get_hmac_file(filenames[i],
- params->key.subdir);
-
+ char *outfile = get_hmac_file(filenames[i], checkdir);
if (!outfile) {
fprintf(stderr,
"Cannot create HMAC file name\n");
@@ -712,11 +712,11 @@ static int fipscheck_self(const struct hash_params *params_bin,
}
if (mode == SELFCHECK_PRINT_SELF) {
- ret = hash_files(params_bin, names, 1, 0, 1);
+ ret = hash_files(params_bin, names, 1, 0, NULL, 1);
goto out;
}
- checkfile = get_hmac_file(selfname, params_bin->key.subdir);
+ checkfile = get_hmac_file(selfname, params_bin->key.checkdir);
if (!checkfile) {
ret = -ENOMEM;
goto out;
@@ -750,13 +750,13 @@ static int fipscheck_self(const struct hash_params *params_bin,
strncpy(selfname, info.dli_fname, (sizeof(selfname) - 1));
if (mode == SELFCHECK_PRINT_LIB) {
- ret = hash_files(params_lib, names, 1, 0, 1);
+ ret = hash_files(params_lib, names, 1, 0, NULL, 1);
goto out;
}
if (checkfile)
free(checkfile);
- checkfile = get_hmac_file(selfname, params_lib->key.subdir);
+ checkfile = get_hmac_file(selfname, params_lib->key.checkdir);
if (!checkfile) {
ret = -ENOMEM;
goto out;
@@ -799,6 +799,7 @@ int main(int argc, char *argv[])
char *checkfile = NULL;
const char *targetfile = NULL;
+ const char *checkdir = NULL;
uint8_t *hmackey_alloc = NULL;
uint8_t *hmackey_mmap = NULL;
int opt_index = 0;
@@ -1055,8 +1056,10 @@ int main(int argc, char *argv[])
version(argv[0]);
ret = 0;
goto out;
- case 'b':
case 'd':
+ checkdir = optarg;
+ break;
+ case 'b':
case 'P':
/* Compatibility options, just ignore */
break;
@@ -1110,7 +1113,7 @@ int main(int argc, char *argv[])
targetfile = argv[optind];
if (checkfile)
free(checkfile);
- checkfile = get_hmac_file(targetfile, params.key.subdir);
+ checkfile = get_hmac_file(targetfile, params.key.checkdir);
if (!checkfile) {
ret = 1;
goto out;
@@ -1120,7 +1123,7 @@ int main(int argc, char *argv[])
if (!checkfile)
ret = hash_files(&params, argv + optind, (argc - optind),
- fipshmac, 0);
+ fipshmac, checkdir, 0);
else if (optind == argc)
ret = process_checkfile(&params, checkfile, targetfile, loglevel);
else {

34
SOURCES/libkcapi-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch
View File

@ -1,34 +0,0 @@
From 912ab6d55ef5af594d22d01a39cf7e035c797335 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 11 Jul 2018 09:42:26 +0200
Subject: [PATCH] kcapi-hasher: Fix command-line parsing
I made a mistake in commit 3be3e18d4a2e ("kcapi-hasher: Allow picking
basename via cmdline"), which apparently broke command-line parsing when
the '-n' options is not used. This patch fixes the issue by resetting
the right variable and also silences error messages when checking for
the '-n' option.
Fedora BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1599831
---
apps/kcapi-hasher.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index ae88211..90707a6 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -841,10 +841,12 @@ int main(int argc, char *argv[])
}
basen = basename(basec);
+ opterr = 0;
if (getopt_long(argc, argv, opts_name_short, opts_name, &opt_index) == 'n')
basen = optarg;
else
- opt_index = 0;
+ optind = 1;
+ opterr = 1;
params_self = &PARAMS_SELF_FIPSCHECK;
if (0 == strncmp(basen, "sha256sum", 9)) {

29
SOURCES/libkcapi-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch
View File

@ -1,29 +0,0 @@
From 94c8277dd8fbd2193cb3804c304e965c9238951d Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 11 Jul 2018 14:41:14 +0200
Subject: [PATCH] kcapi-hasher: Fix off-by-one error
There was an off-by-one error in process_checkfile() that caused the
hasher to misparse checkfiles that contain only the hash (for
self-check).
---
apps/kcapi-hasher.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index ae88211..00f0373 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -514,8 +514,11 @@ static int process_checkfile(const struct hash_params *params,
uint32_t i;
uint32_t bsd_style = 0; // >0 if --tag formatted style
+ if (linelen == 0)
+ break;
+
/* remove trailing CR and reduce buffer length */
- for (i = linelen; i > 0; i--) {
+ for (i = linelen - 1; i > 0; i--) {
if (!isprint(buf[i])) {
buf[i] = '\0';
linelen--;

33
SOURCES/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch
View File

@ -1,33 +0,0 @@
From b2e9360dab74de1ffcb8527610e88b0da87c701e Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 30 Jul 2018 17:17:59 +0200
Subject: [PATCH] lib: Fix _kcapi_handle_destroy() closing FD 0
The kcapi_handle structure is initialized with zeroes at allocation.
However, since it contains several file descriptor variables, it may
happen that _kcapi_handle_destroy() is executed while some of these are
set to 0, causing an unwanted call to close(0).
This patch prevents it by initializing all FD variables to -1 right
after handle allocation.
---
lib/kcapi-kernel-if.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
index 595ce68..dfa94b4 100644
--- a/lib/kcapi-kernel-if.c
+++ b/lib/kcapi-kernel-if.c
@@ -1146,6 +1146,12 @@ int _kcapi_handle_init(struct kcapi_handle **caller, const char *type,
handle->tfm = tfm;
+ /* Initialize all fd vars to -1 to avoid unwanted close(0) */
+ handle->pipes[0] = -1;
+ handle->pipes[1] = -1;
+ handle->opfd = -1;
+ handle->aio.efd = -1;
+
ret = _kcapi_handle_init_tfm(handle, type, ciphername);
if (ret)
goto err;

1050
SOURCES/libkcapi-1.1.1-test_Allow_running_tests_outside_of_build_environment.patch
View File

File diff suppressed because it is too large Load Diff

34
SOURCES/libkcapi-1.1.1-test_Be_sure_to_terminate_strncpy_copied_string.patch
View File

@ -1,34 +0,0 @@
From a10e5ff7f8f69e1ed5cd4151f3e71f4783c40c68 Mon Sep 17 00:00:00 2001
From: Krzysztof Kozlowski <krzk@kernel.org>
Date: Thu, 12 Jul 2018 18:13:32 +0200
Subject: [PATCH] test: Be sure to terminate strncpy() copied string
(-Wstringop-truncation)
strncpy() might not NULL-terminate the buffer. This fixes GCC v8.1.0 warning:
test/kcapi-main.c: In function 'main':
test/kcapi-main.c:3123:5: error: 'strncpy' specified bound 63 equals destination size [-Werror=stringop-truncation]
strncpy(cavs_test.cipher, optarg,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CIPHERMAXNAME);
~~~~~~~~~~~~~~
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/kcapi-main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index 8352499..c167b7f 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -3121,7 +3121,7 @@ int main(int argc, char *argv[])
break;
case 'c':
strncpy(cavs_test.cipher, optarg,
- CIPHERMAXNAME);
+ CIPHERMAXNAME - 1);
break;
case 'p':
len = strlen(optarg);

42
SOURCES/libkcapi-1.1.1-test_Fix_AEAD_fuzz_test_for_big-endian_archs.patch
View File

@ -1,42 +0,0 @@
From def2282fd28390f4a8afd0f43be6c3b3b1586f41 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Fri, 27 Jul 2018 10:53:00 +0200
Subject: [PATCH] test: Fix AEAD fuzz test for big-endian archs
The stupid authenc() key format contains fields that need to be in the
machine's endianity. Right now, they are hard-coded in the LE format.
This patch makes them always be in the right format.
---
test/kcapi-main.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index e24956c..d62c91a 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -451,14 +451,17 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
if (kcapi_aead_setkey(handle, key, 16)) {
if (!strncmp(cavs_test->cipher, "authenc", 7)) {
- uint8_t *k = (uint8_t *)
- "\x08\x00\x01\x00\x00\x00\x00\x10"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x06\xa9\x21\x40"
- "\x36\xb8\xa1\x5b\x51\x2e\x03\xd5"
- "\x34\x12\x00\x06";
- if (kcapi_aead_setkey(handle, k, 44)) {
+ uint8_t k[44];
+ memcpy(k, "\x00\x00\x00\x00\x00\x00\x00\x10"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x06\xa9\x21\x40"
+ "\x36\xb8\xa1\x5b\x51\x2e\x03\xd5"
+ "\x34\x12\x00\x06", sizeof(k));
+ /* These need to be in machine's endianity: */
+ *(uint16_t *)(k + 0) = 8;
+ *(uint16_t *)(k + 2) = 1;
+ if (kcapi_aead_setkey(handle, k, sizeof(k))) {
printf("AEAD setkey failed\n");
goto out;
}

11
SOURCES/libkcapi-1.1.1.tar.xz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAlsmv5gACgkQQh7pNjJq
wVv+2AgAg5Clqx2IB4/pN21IZxwU9+aIxiHxm+EZIbR+odc7eSymmQlQre0HLI4n
XDkfw9Zhes/Ih6dIRkAWVWm8fCQL7xrlgpkBW2Y3bxXxC99gQB4DSVn/Mdjasq2I
5pfiTe9CPNbevUwHgIe0GkGLfZJLlHL29Hjzl5TLfodVHayjDpY9v1jIRkWm2vLo
rgRmxMCt3L2csOM2ZYyeLBoHzXv3f1W6t68BzPeQQ8Pgmf+kSjW6iUXCTixBIKGz
enus3L0vJLigVtY2WZ583JZHkhvw9/KO7Z0d3fH8JuEnhMX1Vc+vnFxTWGsf8KSe
TDuu0nF3SpKTtNPaDVPgbhSZs4JZTg==
=dhAX
-----END PGP SIGNATURE-----

11
SOURCES/libkcapi-1.4.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAmISvaAACgkQQh7pNjJq
wVv6jggAh7UpchOXZ1THbDZ0PE+YGWSr3Y3qKHMls9ixNn/RDSYxPvyZqc6pIAKQ
zVA6bGtB9kqcSexmrk2EyiUYgi1lo+5HwsfAfHBQaq7vD1S8Q/FYx/XVRv2GQfkj
/E1ivlcdcInlpn+vu+7Hei+H/IXtETh8QPwGwRI1Je84pIt7K4K4VPwWpur0su6E
oF1AFT6ldlMczsoDTCi3eP3rZWKvMmX5718W9F6eKuTkKoIiipCUxdMBy4f6YpDB
1ZmQPHjSgG4URlclQnFiGXYAbMBRHYfguJRl/HjZWSQMigRzqGSdvJR8wrfMeQzr
Bk0z0nGayzHgcC7gPz8CsAMJj5C9eQ==
=OA3o
-----END PGP SIGNATURE-----

6
SOURCES/sha512hmac-openssl.sh Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# Mocks sha512hmac using the openssl tool.
# Only for use during RPM build.
openssl sha512 -hmac FIPS-FTW-RHT2009 -hex "$1" | cut -f 2 -d ' '

186
SPECS/libkcapi.spec
View File

@ -1,11 +1,16 @@
# Shared object version of libkcapi.
%global vmajor 1
%global vminor 1
%global vpatch 1
%global vminor 4
%global vpatch 0
# Do we build the replacements packages?
%bcond_with replace_coreutils
# Replace fipscheck by default in Fedora 33+:
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
%bcond_without replace_fipscheck
%else
%bcond_with replace_fipscheck
%endif
# Replace hmaccalc by default in Fedora 28+:
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8
%bcond_without replace_hmaccalc
@ -17,13 +22,22 @@
%else
%bcond_with test_package
%endif
%if 0%{?fedora}
%global use_clang 1
# disable cppcheck analysis in ELN/RHEL to avoid the dependency bz#1931518
%if 0%{?rhel}
%bcond_with cppcheck
%else
%global use_clang 0
%bcond_without cppcheck
%endif
# Use `--without test` to build without running the tests
%bcond_without test
# Use `--without fuzz_test` to skip the fuzz test during build
%bcond_without fuzz_test
# Use `--without doc` to build without the -doc subpackage
%bcond_without doc
# Use `--without clang_sa` to skip clang static analysis during build
%bcond_without clang_sa
# This package needs at least Linux Kernel v4.10.0.
%global min_kernel_ver 4.10.0
@ -62,8 +76,7 @@
# Do we replace fipscheck?
%if %{with replace_fipscheck}
# TODO: Adapt this when replacing fipscheck initially.
%global fipscheck_evr 1.5.0-3%{?dist}
%global fipscheck_evr 1.5.0-9
%endif
# Do we replace hmaccalc?
@ -71,8 +84,17 @@
%global hmaccalc_evr 0.9.14-10%{?dist}
%endif
%global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac
%global apps_fipscheck sha1sum sha224sum sha256sum sha384sum sha512sum md5sum fipscheck fipshmac
%global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac sm3hmac
%global apps_fipscheck sha1sum sha224sum sha256sum sha384sum sha512sum md5sum sm3sum fipscheck fipshmac
# On old kernels use mock hashers implemented via openssl
%if %{lua:print(rpm.vercmp(posix.uname('%r'), '3.19'));} >= 0
%global sha512hmac bin/kcapi-hasher -n sha512hmac
%global fipshmac bin/kcapi-hasher -n fipshmac
%else
%global sha512hmac bash %{SOURCE2}
%global fipshmac bash %{SOURCE3}
%endif
# Add generation of HMAC checksums of the final stripped
# binaries. %%define with lazy globbing is used here
@ -85,16 +107,15 @@ bin_path=%{buildroot}%{_bindir} \
lib_path=%{buildroot}/%{_lib} \
for app in %{apps_hmaccalc}; do \
test -e "$bin_path"/$app || continue \
{ bin/kcapi-hasher -n sha512hmac "$bin_path"/$app || exit 1; } \\\
{ %sha512hmac "$bin_path"/$app || exit 1; } \\\
| cut -f 1 -d ' ' >"$lib_path"/hmaccalc/$app.hmac \
done \
for app in %{apps_fipscheck}; do \
test -e "$bin_path"/$app || continue \
bin/kcapi-hasher -n fipshmac -d "$lib_path"/fipscheck \\\
"$bin_path"/$app || exit 1 \
%fipshmac -d "$lib_path"/fipscheck "$bin_path"/$app || exit 1 \
done \
%{_sbindir}/hardlink -cfv %{buildroot}%{_bindir} \
bin/kcapi-hasher -n fipshmac -d "$lib_path"/fipscheck \\\
%fipshmac -d "$lib_path"/fipscheck \\\
"$lib_path"/libkcapi.so.%{version} || exit 1 \
%{__ln_s} libkcapi.so.%{version}.hmac \\\
"$lib_path"/fipscheck/libkcapi.so.%{vmajor}.hmac \
@ -103,42 +124,43 @@ bin/kcapi-hasher -n fipshmac -d "$lib_path"/fipscheck \\\
Name: libkcapi
Version: %{vmajor}.%{vminor}.%{vpatch}
Release: 16_1%{?dist}
Release: 2%{?dist}
Summary: User space interface to the Linux Kernel Crypto API
License: BSD or GPLv2
URL: http://www.chronox.de/%{name}.html
Source0: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
License: BSD-3-Clause OR GPL-2.0-only
URL: https://www.chronox.de/%{name}.html
Source0: https://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
Source1: https://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
Source2: sha512hmac-openssl.sh
Source3: fipshmac-openssl.sh
Patch0: %{giturl}/pull/60.patch#/%{name}-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch
Patch1: %{giturl}/pull/61.patch#/%{name}-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch
Patch2: %{giturl}/pull/64.patch#/%{name}-1.1.1-kcapi-hasher_Add_missing_-d_option_to_fipshmac.patch
Patch3: %{giturl}/commit/3e388ac4eba63b466bf6b14b2088ea44c8a2bfe4.patch#/%{name}-1.1.1-Fix_possible_buffer_overflow_with_strncpy.patch
Patch4: %{giturl}/commit/a10e5ff7f8f69e1ed5cd4151f3e71f4783c40c68.patch#/%{name}-1.1.1-test_Be_sure_to_terminate_strncpy_copied_string.patch
Patch5: %{giturl}/compare/decf850ab9bb...ec9c36216623.patch#/%{name}-1.1.1-Fix_various_issues_reported_by_Coverity.patch
Patch6: %{giturl}/compare/4a1a30f75e70...c9ed6b2c0702.patch#/%{name}-1.1.1-Coverity_PR_follow-up.patch
Patch7: %{giturl}/pull/68.patch#/%{name}-1.1.1-test_Fix_AEAD_fuzz_test_for_big-endian_archs.patch
Patch8: %{giturl}/pull/70.patch#/%{name}-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch
Patch9: %{giturl}/pull/71.patch#/%{name}-1.1.1-test_Allow_running_tests_outside_of_build_environment.patch
Patch1: 001-tests-kernel-version.patch
Patch2: 002-fips-disable-ansi_cprng.patch
Patch3: 003-zeroize-hasher.patch
Patch4: 004-hasher-target-option.patch
Patch5: 005-fips-mode-tests.patch
Patch9001: 9001-split-up-huge-string.patch
%if %{use_clang}
BuildRequires: clang
%endif
BuildRequires: bash
BuildRequires: coreutils
BuildRequires: cppcheck
BuildRequires: docbook-utils-pdf
BuildRequires: gcc
BuildRequires: git
BuildRequires: git-core
BuildRequires: hardlink
BuildRequires: kernel-headers >= %{min_kernel_ver}
BuildRequires: libtool
BuildRequires: make
BuildRequires: openssl
BuildRequires: perl
BuildRequires: perl-interpreter
BuildRequires: systemd
BuildRequires: xmlto
%if %{with doc}
BuildRequires: docbook-utils-pdf
%endif
%if %{with clang_sa}
BuildRequires: clang
%endif
%if %{with cppcheck}
BuildRequires: cppcheck >= 2.4
%endif
# For ownership of %%{_sysctldir}.
Requires: systemd
@ -168,12 +190,14 @@ Requires: %{name}%{?_isa} == %{version}-%{release}
Header files for applications that use %{name}.
%if %{with doc}
%package doc
Summary: User documentation for the %{name} package
BuildArch: noarch
Requires: %{name}%{?_isa} == %{version}-%{release}
%description doc
User documentation for %{name}.
%endif
%if %{with replace_coreutils}
@ -257,7 +281,7 @@ Requires: %{name}-checksum%{?_isa} == %{version}-%{release}
%endif
Requires: coreutils
Requires: openssl
Requires: perl
Requires: perl-interpreter
%description tests
Auxiliary scripts for testing %{name}.
@ -316,9 +340,14 @@ EOF
--enable-kcapi-test \
--enable-shared \
--enable-static \
--enable-sum-prefix= \
--enable-sum-dir=/%{_lib} \
--with-pkgconfigdir=%{_libdir}/pkgconfig
%if %{with doc}
%make_build all doc
%else
%make_build all man
%endif
%install
@ -335,14 +364,21 @@ EOF
%if %{with_sysctl_tweak}
README.%{distroname_ext} \
%endif
README.md CHANGES TODO doc/%{name}.p{df,s}
%if %{with doc}
doc/%{name}.p{df,s} \
%endif
README.md CHANGES.md TODO
%if %{with doc}
%{__cp} -pr lib/doc/html %{buildroot}%{_pkgdocdir}
%endif
# Install replacement tools, if enabled.
%if !%{with replace_coreutils}
%{__rm} -f \
%{buildroot}%{_bindir}/md5sum \
%{buildroot}%{_bindir}/sha*sum
%{buildroot}%{_bindir}/sha*sum \
%{buildroot}%{_bindir}/sm*sum
%endif
%if !%{with replace_fipscheck}
@ -351,6 +387,7 @@ EOF
%if !%{with replace_hmaccalc}
%{__rm} -f %{buildroot}%{_bindir}/sha*hmac
%{__rm} -f %{buildroot}%{_bindir}/sm*hmac
%endif
# We don't ship autocrap dumplings.
@ -362,11 +399,13 @@ EOF
# Remove 0-size files.
%{_bindir}/find %{buildroot} -type f -size 0 -print -delete
%if %{with doc}
# Make sure all docs have non-exec permissions, except for the dirs.
%{_bindir}/find %{buildroot}%{_pkgdocdir} -type f -print | \
%{_bindir}/xargs %{__chmod} -c 0644
%{_bindir}/find %{buildroot}%{_pkgdocdir} -type d -print | \
%{_bindir}/xargs %{__chmod} -c 0755
%endif
# Possibly save some space by hardlinking.
for d in %{_mandir} %{_pkgdocdir}; do
@ -376,22 +415,31 @@ done
%check
# Some basic sanity checks.
%make_build cppcheck
%if %{use_clang}
%if %{with clang_sa}
%make_build scan
%endif
%if %{with cppcheck}
%make_build cppcheck
%endif
%if %{with test}
# On some arches `/proc/sys/net/core/optmem_max` is lower than 20480,
# which is the lowest limit needed to run the testsuite. If that limit
# is not met, we do not run it.
%if %{test_optmem_max} >= 20480
# Skip the testsuite on old kernels.
%if %{lua:print(rpm.vercmp(posix.uname('%r'), '5.1'));} >= 0
# Real testsuite.
pushd test
# Ignore test result since the CI will do better testing anyway
%if %{with fuzz_test}
ENABLE_FUZZ_TEST=1 \
%endif
NO_32BIT_TEST=1 \
./test-invocation.sh || true
./test-invocation.sh
popd
%endif
%endif
%endif
%ldconfig_scriptlets
@ -412,7 +460,7 @@ popd
%files devel
%doc %{_pkgdocdir}/CHANGES
%doc %{_pkgdocdir}/CHANGES.md
%doc %{_pkgdocdir}/TODO
%{_includedir}/kcapi.h
%{_mandir}/man3/kcapi_*.3.*
@ -420,17 +468,22 @@ popd
%{_libdir}/pkgconfig/%{name}.pc
%if %{with doc}
%files doc
%doc %{_pkgdocdir}
%license %{_datadir}/licenses/%{name}*
%doc %{_pkgdocdir}/html
%doc %{_pkgdocdir}/%{name}.pdf
%doc %{_pkgdocdir}/%{name}.ps
%endif
%if %{with replace_coreutils}
%files checksum
%{_bindir}/md5sum
%{_bindir}/sha*sum
%{_bindir}/sm*sum
/%{_lib}/fipscheck/md5sum.hmac
/%{_lib}/fipscheck/sha*sum.hmac
/%{_lib}/fipscheck/sm*sum.hmac
%endif
%if %{with replace_fipscheck}
@ -442,7 +495,9 @@ popd
%if %{with replace_hmaccalc}
%files hmaccalc
%{_bindir}/sha*hmac
%{_bindir}/sm*hmac
/%{_lib}/hmaccalc/sha*hmac.hmac
/%{_lib}/hmaccalc/sm*hmac.hmac
%endif
@ -462,6 +517,39 @@ popd
%changelog
* Fri Dec 01 2023 Zoltan Fridrich <zfridric@redhat.com> - 1.4.0-2
- Backport fixes for kcapi-hasher target option
Related: RHEL-15300
- Fix kcapi tests in FIPS mode
Resolves: RHEL-2406
* Wed Nov 01 2023 Zoltan Fridrich <zfridric@redhat.com> - 1.4.0-1
- Update to new upstream release 1.4.0
Resolves: RHEL-5366
- Add a patch to fix auxiliary tests in FIPS mode
Resolves: RHEL-2406
- Add a patch to zeroize kcapi-hasher for FIPS 140-3
Resolves: RHEL-15290
- Add a patch to allow overriding target file in kcapi-hasher
Resolves: RHEL-15300
* Tue May 26 2020 Sahana Prasad <sahana@redhat.com> - 1.2.0-2
- Fix double free issue in hasher()
* Mon May 25 2020 Sahana Prasad <sahana@redhat.com> - 1.2.0-1
- [RHEL] Update to upstream version 1.2.0
* Thu Apr 30 2020 Sahana Prasad <sahana@redhat.com> - 1.1.5-3
- Enables building on old kernels [sync fix in Fedora from omosnance].
- This is required for covscans as they run on RHEL7 machines.
* Wed Apr 29 2020 Sahana Prasad <sahana@redhat.com> - 1.1.5-2
- Drop the license from the doc subpackage to avoid conflicts
* Mon Apr 27 2020 Sahana Prasad <sahana@redhat.com> - 1.1.5-1
- [RHEL] Update to upstream version 1.1.5
- [RHEL] Sync with Fedora branch
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-16_1
- [RHEL] Apply 'Add missing dependencies to the tests package'
- [RHEL] Apply 'Update patch from upstream'