Hello community, here is the log from the commit of package libkcapi for openSUSE:Factory checked in at 2020-09-06 21:35:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libkcapi (Old) and /work/SRC/openSUSE:Factory/.libkcapi.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libkcapi" Sun Sep 6 21:35:12 2020 rev:7 rq:831601 version:1.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libkcapi/libkcapi.changes 2020-03-25 23:44:58.424026521 +0100 +++ /work/SRC/openSUSE:Factory/.libkcapi.new.3399/libkcapi.changes 2020-09-06 21:35:32.837633814 +0200 @@ -1,0 +2,28 @@ +Mon Aug 31 13:30:58 UTC 2020 - Dirk Mueller <[email protected]> + +- update to 1.2.0: + * enhancement: kcapi-hasher: add madvise and 64 bit support by Brandur Simonsen + * fix: fix clang warnding in KDF implementation by Khem Raj + * fix: fix inverted logic in kcapi-main test logic reported by Ondrej Mosnáček + * fix: return error when iteration count is zero for PBKDF as reported by + Guido Vranken + * enhancement: add function kcapi_cipher_stream_update_last to indicate the + last block of a symmetric cipher stream operation + * disable XTS multithreaded tests as it triggers a race discussed in + https://github.com/smuellerDD/libkcapi/issues/92. The conclusion is + the following: xts(aes) doesn't support chaining requests like for other + ciphers such as CBC (at least as implemented in the kernel Crypto API). + That can be seen in `crypto/testmgr.h` - the ciphers that are expected to + return IVs usable for chaining have the `.iv_out` entries filled in in their + test vectors (and those that don't support it do not). One can see that only + CTR and CBC test vectors have them, not XTS. + Looking again at how XTS is defined, it seems one could implement + transparent chaining by simply decrypting the final tweak using the tweak + key and return it as the output IV... but I believe this has never been + mandated nor implemented in the Crypto API (likely because of the overhead + of the final tweak decryption, which would be pointless if you're not going + to use the output IV - and there is currently no way to signal to the driver + that you are going to need it). + * disable AIO parallel tests due to undefined behavior + +------------------------------------------------------------------- Old: ---- libkcapi-1.1.5.tar.xz libkcapi-1.1.5.tar.xz.asc New: ---- libkcapi-1.2.0.tar.xz libkcapi-1.2.0.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libkcapi.spec ++++++ --- /var/tmp/diff_new_pack.rjpQum/_old 2020-09-06 21:35:34.901634831 +0200 +++ /var/tmp/diff_new_pack.rjpQum/_new 2020-09-06 21:35:34.905634833 +0200 @@ -17,7 +17,7 @@ Name: libkcapi -Version: 1.1.5 +Version: 1.2.0 Release: 0 Summary: Linux Kernel Crypto API User Space Interface Library License: GPL-2.0-only ++++++ libkcapi-1.1.5.tar.xz -> libkcapi-1.2.0.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/CHANGES.md new/libkcapi-1.2.0/CHANGES.md --- old/libkcapi-1.1.5/CHANGES.md 2019-07-31 09:03:34.000000000 +0200 +++ new/libkcapi-1.2.0/CHANGES.md 2020-05-24 22:09:18.000000000 +0200 @@ -1,3 +1,28 @@ +Changes 1.2.0 + * enhancement: kcapi-hasher: add madvise and 64 bit support by Brandur Simonsen + * fix: fix clang warnding in KDF implementation by Khem Raj + * fix: fix inverted logic in kcapi-main test logic reported by Ondrej Mosnáček + * fix: return error when iteration count is zero for PBKDF as reported by + Guido Vranken + * enhancement: add function kcapi_cipher_stream_update_last to indicate the + last block of a symmetric cipher stream operation + * disable XTS multithreaded tests as it triggers a race discussed in + https://github.com/smuellerDD/libkcapi/issues/92. The conclusion is + the following: xts(aes) doesn't support chaining requests like for other + ciphers such as CBC (at least as implemented in the kernel Crypto API). + That can be seen in `crypto/testmgr.h` - the ciphers that are expected to + return IVs usable for chaining have the `.iv_out` entries filled in in their + test vectors (and those that don't support it do not). One can see that only + CTR and CBC test vectors have them, not XTS. + Looking again at how XTS is defined, it seems one could implement + transparent chaining by simply decrypting the final tweak using the tweak + key and return it as the output IV... but I believe this has never been + mandated nor implemented in the Crypto API (likely because of the overhead + of the final tweak decryption, which would be pointless if you're not going + to use the output IV - and there is currently no way to signal to the driver + that you are going to need it). + * disable AIO parallel tests due to undefined behavior + Changes 1.1.5 * Fix invocation of ansi_cprng in FIPS mode during testing * Fix testing on kernels >= 5.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/COPYING new/libkcapi-1.2.0/COPYING --- old/libkcapi-1.1.5/COPYING 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/COPYING 2020-05-24 22:09:54.000000000 +0200 @@ -1,4 +1,4 @@ -Copyright (C) 2016 - 2019, Stephan Mueller <[email protected]> +Copyright (C) 2016 - 2020, Stephan Mueller <[email protected]> Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/apps/app-internal.c new/libkcapi-1.2.0/apps/app-internal.c --- old/libkcapi-1.1.5/apps/app-internal.c 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/apps/app-internal.c 2020-05-24 22:09:52.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * @@ -35,11 +35,11 @@ static unsigned int verbosity = KCAPI_LOG_NONE; static char appname[16]; -static uint8_t hex_char(unsigned int bin, int u) +static char hex_char(unsigned int bin, int u) { - uint8_t hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7', + char hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; - uint8_t hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7', + char hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; if (bin < sizeof(hex_char_map_l)) return (u) ? hex_char_map_u[bin] : hex_char_map_l[bin]; @@ -55,11 +55,11 @@ * twice binlen -- if not, only a fraction of binlen is converted) * @u [in] case of hex characters (0=>lower case, 1=>upper case) */ -void bin2hex(const uint8_t *bin, uint32_t binlen, - char *hex, uint32_t hexlen, int u) +void bin2hex(const uint8_t *bin, size_t binlen, + char *hex, size_t hexlen, int u) { uint32_t i = 0; - uint32_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen; + size_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen; for (i = 0; i < chars; i++) { hex[(i*2)] = hex_char((bin[i] >> 4), u); @@ -67,35 +67,30 @@ } } -void bin2print(const uint8_t *bin, uint32_t binlen, +void bin2print(const uint8_t *bin, size_t binlen, const char *filename, FILE *outfile, uint32_t lfcr) { char *hex; - uint32_t hexlen = binlen * 2 + 1; + size_t hexlen = binlen * 2 + 1; hex = calloc(1, hexlen); if (!hex) return; bin2hex(bin, binlen, hex, hexlen - 1 , 0); /* fipshmac does not want the file name :-( */ - if (outfile != stdout) { - if (lfcr) - fprintf(outfile, "%s\n", hex); + if (outfile != stdout) + fprintf(outfile, "%s", hex); + else + if (filename) + fprintf(outfile, "%s %s", hex, filename); else fprintf(outfile, "%s", hex); - } else { - if (filename) { - if (lfcr) - fprintf(outfile, "%s %s\n", hex, filename); - else - fprintf(outfile, "%s %s", hex, filename); - } else { - if (lfcr) - fprintf(outfile, "%s\n", hex); - else - fprintf(outfile, "%s", hex); - } - } + + if (lfcr == 1) + fputc(0x0a, outfile); + if (lfcr == 2) + fputc(0x00, outfile); + free(hex); } @@ -156,14 +151,14 @@ verbosity = level; } -static int bin_char(char hex) +static uint8_t bin_char(char hex) { if (48 <= hex && 57 >= hex) - return (hex - 48); + return (uint8_t)(hex - 48); if (65 <= hex && 70 >= hex) - return (hex - 55); + return (uint8_t)(hex - 55); if (97 <= hex && 102 >= hex) - return (hex - 87); + return (uint8_t)(hex - 87); return 0; } @@ -191,7 +186,7 @@ } for (i = 0; i < chars; i++) { - bin[i] = bin_char(hex[(i*2)]) << 4; + bin[i] = (uint8_t)(bin_char(hex[(i*2)]) << 4); bin[i] |= bin_char(hex[((i*2)+1)]); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/apps/app-internal.h new/libkcapi-1.2.0/apps/app-internal.h --- old/libkcapi-1.1.5/apps/app-internal.h 2019-01-06 13:27:51.000000000 +0100 +++ new/libkcapi-1.2.0/apps/app-internal.h 2020-05-24 22:09:53.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * @@ -49,9 +49,9 @@ void hex2bin(const char *hex, uint32_t hexlen, uint8_t *bin, uint32_t binlen); int hex2bin_alloc(const char *hex, uint32_t hexlen, uint8_t **bin, uint32_t *binlen); -void bin2hex(const uint8_t *bin, uint32_t binlen, - char *hex, uint32_t hexlen, int u); -void bin2print(const uint8_t *bin, uint32_t binlen, +void bin2hex(const uint8_t *bin, size_t binlen, + char *hex, size_t hexlen, int u); +void bin2print(const uint8_t *bin, size_t binlen, const char *filename, FILE *outfile, uint32_t lfcr); int read_complete(int fd, uint8_t *buf, uint32_t buflen); int check_filetype(int fd, struct stat *sb, const char *filename); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/apps/kcapi-dgst.1 new/libkcapi-1.2.0/apps/kcapi-dgst.1 --- old/libkcapi-1.1.5/apps/kcapi-dgst.1 2019-01-06 13:27:51.000000000 +0100 +++ new/libkcapi-1.2.0/apps/kcapi-dgst.1 2020-05-24 22:09:52.000000000 +0200 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2017 - 2019 by Stephan Mueller ([email protected]) +.\" Copyright (c) 2017 - 2020 by Stephan Mueller ([email protected]) .\" .\" Permission is granted to make and distribute verbatim copies of this .\" manual provided the copyright notice and this permission notice are diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/apps/kcapi-dgst.c new/libkcapi-1.2.0/apps/kcapi-dgst.c --- old/libkcapi-1.1.5/apps/kcapi-dgst.c 2019-01-06 13:27:51.000000000 +0100 +++ new/libkcapi-1.2.0/apps/kcapi-dgst.c 2020-05-24 22:09:52.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/apps/kcapi-enc.1 new/libkcapi-1.2.0/apps/kcapi-enc.1 --- old/libkcapi-1.1.5/apps/kcapi-enc.1 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/apps/kcapi-enc.1 2020-05-24 22:09:53.000000000 +0200 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2017 - 2019 by Stephan Mueller ([email protected]) +.\" Copyright (c) 2017 - 2020 by Stephan Mueller ([email protected]) .\" .\" Permission is granted to make and distribute verbatim copies of this .\" manual provided the copyright notice and this permission notice are diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/apps/kcapi-enc.c new/libkcapi-1.2.0/apps/kcapi-enc.c --- old/libkcapi-1.1.5/apps/kcapi-enc.c 2019-01-06 13:27:51.000000000 +0100 +++ new/libkcapi-1.2.0/apps/kcapi-enc.c 2020-05-24 22:09:52.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * @@ -67,6 +67,8 @@ struct iovec *iov, uint32_t iovlen); int32_t (*func_stream_update)(struct kcapi_handle *handle, struct iovec *iov, uint32_t iovlen); + int32_t (*func_stream_update_last)(struct kcapi_handle *handle, + struct iovec *iov, uint32_t iovlen); int32_t (*func_stream_op)(struct kcapi_handle *handle, struct iovec *iov, uint32_t iovlen); uint32_t (*func_blocksize)(struct kcapi_handle *handle); @@ -225,13 +227,10 @@ int outfd, uint32_t outsize, uint32_t offset, uint32_t unpad) { - if (opts->aad) { - /* Tell kernel that we have sent all data */ - int ret = kcapi_aead_stream_update_last(handle, NULL, 0); - - if (ret < 0) - return ret; - } + /* Tell kernel that we have sent all data */ + int ret = opts->func_stream_update_last(handle, NULL, 0); + if (ret < 0) + return ret; /* send generated data to stdout */ if (outfd == STDOUT_FD) @@ -604,7 +603,7 @@ goto out; } - if (outfd != STDOUT_FD) { + if (outfd != STDOUT_FD && insb.st_size) { uint8_t padbyte; outsize = outbufsize(handle, opts, insb.st_size); @@ -1108,6 +1107,7 @@ opts.func_stream_init_enc = kcapi_aead_stream_init_enc; opts.func_stream_init_dec = kcapi_aead_stream_init_dec; opts.func_stream_update = kcapi_aead_stream_update; + opts.func_stream_update_last = kcapi_aead_stream_update_last; opts.func_stream_op = kcapi_aead_stream_op; opts.func_blocksize = kcapi_aead_blocksize; } else { @@ -1117,6 +1117,7 @@ opts.func_stream_init_enc = kcapi_cipher_stream_init_enc; opts.func_stream_init_dec = kcapi_cipher_stream_init_dec; opts.func_stream_update = kcapi_cipher_stream_update; + opts.func_stream_update_last = kcapi_cipher_stream_update_last; opts.func_stream_op = kcapi_cipher_stream_op; opts.func_blocksize = kcapi_cipher_blocksize; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/apps/kcapi-hasher.c new/libkcapi-1.2.0/apps/kcapi-hasher.c --- old/libkcapi-1.1.5/apps/kcapi-hasher.c 2019-01-23 07:14:51.000000000 +0100 +++ new/libkcapi-1.2.0/apps/kcapi-hasher.c 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ /* - * Copyright (C) 2015 - 2019, Stephan Mueller <[email protected]> - * Copyright (C) 2019, Red Hat, Inc. All rights reserved. + * Copyright (C) 2015 - 2020, Stephan Mueller <[email protected]> + * Copyright (C) 2020, Red Hat, Inc. All rights reserved. * * License: see LICENSE file in root directory * @@ -56,6 +56,7 @@ #include <dlfcn.h> #include <libgen.h> #include <limits.h> +#include <inttypes.h> #include <kcapi.h> @@ -73,7 +74,7 @@ struct hash_key { const char *checkdir; const uint8_t *data; - uint32_t len; + off_t len; }; struct hash_params { @@ -81,6 +82,7 @@ struct hash_key key; uint32_t hashlen; int bsd_style; + uint32_t newline; }; static const struct hash_name NAMES_MD5[2] = { @@ -152,6 +154,7 @@ fprintf(stderr, "\t --tag\t\tCreate a BSD-style checksum\n"); fprintf(stderr, "\t-d\t\t\tCheck directory for fipshmac; otherwise ignored\n"); fprintf(stderr, "\t-b, -P\t\t\tCompatibility hmaccalc options; ignored\n"); + fprintf(stderr, "\t-z\t\t\tNUL line termination\n"); fprintf(stderr, "\t --help\t\tPrint this help text\n"); fprintf(stderr, "\t-v --version\t\tShow version\n"); } @@ -166,7 +169,8 @@ fprintf(stderr, "%s: %s\n", basename(name), version); } -static int mmap_file(const char *filename, uint8_t **memory, uint32_t *size) +static int mmap_file(const char *filename, uint8_t **memory, off_t *size, + size_t *mapped, off_t offset) { int fd = -1; int ret = 0; @@ -179,35 +183,42 @@ return -EIO; } - ret = check_filetype(fd, &sb, filename); - if (ret) - goto out; - - *memory = NULL; - *size = sb.st_size; - - if (sb.st_size) { - *memory = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); - if (*memory == MAP_FAILED) - { - *memory = NULL; - fprintf(stderr, "Use of mmap failed\n"); - ret = -ENOMEM; + if (*size) { + if ((*size - offset) < (off_t)*mapped ) + *mapped = (size_t)(*size - offset); + } else { + ret = check_filetype(fd, &sb, filename); + if (ret) + goto out; + *size = sb.st_size; + if (*size <= (off_t)*mapped) { + *mapped = (size_t)*size; + if (*size == 0) goto out; } } + + *memory = mmap(NULL, *mapped, PROT_READ, MAP_PRIVATE | MAP_POPULATE, fd, + offset); + if (*memory == MAP_FAILED) { + *memory = NULL; + ret = -errno; + goto out; + } + madvise(*memory, *mapped, MADV_SEQUENTIAL | MADV_WILLNEED); + out: close(fd); return ret; } -static int load_file(const char *filename, uint8_t **memory, uint32_t *size) +static int load_file(const char *filename, uint8_t **memory, off_t *size) { int fd = -1; int ret = 0; uint8_t *buffer = NULL; uint32_t buffer_size = 4096; - size_t offset = 0; + off_t offset = 0; ssize_t rdbytes; fd = open(filename, O_RDONLY | O_CLOEXEC); @@ -232,8 +243,8 @@ goto out; } - offset += (size_t)rdbytes; - if (offset == buffer_size) { + offset += (off_t)rdbytes; + if (offset == (off_t)buffer_size) { uint8_t *new_buffer; if (buffer_size == UINT32_MAX) { @@ -257,7 +268,7 @@ } *memory = buffer; - *size = (uint32_t)offset; + *size = offset; close(fd); return 0; @@ -272,35 +283,49 @@ static int hasher(struct kcapi_handle *handle, const struct hash_params *params, const char *filename, const char *comphash, uint32_t comphashlen, FILE *outfile) -{ +{ + /* Mapping file in 16M segments */ + size_t mapped = 16<<20; + off_t offset = 0, size = 0; + uint32_t hashlen = params->hashlen; int ret = 0; uint8_t *memblock = NULL; uint8_t *memblock_p; - uint32_t size, left, hashlen = params->hashlen; uint8_t md[64]; if (filename) { - ret = mmap_file(filename, &memblock, &size); - if (ret) - goto out; - /* Compute hash */ - memblock_p = memblock; - left = size; - while (left) { - uint32_t todo = (left > INT_MAX) ? INT_MAX : left; - - ret = kcapi_md_update(handle, memblock_p, todo); - if (ret < 0) + do { + ret = mmap_file(filename, &memblock, &size, &mapped, + offset); + if (ret) { + fprintf(stderr, + "Use of mmap failed mapping %zu bytes at offset %" PRId64 " of file %s (%d)\n", + mapped, (int64_t)offset, filename, ret); goto out; - left -= todo; - memblock_p += todo; - } + } + /* Compute hash */ + memblock_p = memblock; + size_t left = mapped; + do { + uint32_t todo = (left > INT_MAX) ? + INT_MAX : (uint32_t)left; + + ret = kcapi_md_update(handle, memblock_p, todo); + if (ret < 0) + goto out; + left -= todo; + memblock_p += todo; + } while (left); + munmap(memblock, mapped); + offset = offset + mapped; + } while (offset ^ size); } else { uint8_t tmpbuf[TMPBUFLEN] __aligned(KCAPI_APP_ALIGN); - size_t bufsize; + uint32_t bufsize; while ((bufsize = - fread(tmpbuf, sizeof(uint8_t), TMPBUFLEN, stdin))) { + (uint32_t)fread(tmpbuf, sizeof(uint8_t), TMPBUFLEN, + stdin))) { ret = kcapi_md_update(handle, tmpbuf, bufsize); if (ret < 0) @@ -333,14 +358,17 @@ ret = 0; } else { if (outfile == NULL) { /* only print hash (hmaccalc -S) */ - bin2print(md, hashlen, NULL, stdout, 1); + bin2print(md, hashlen, NULL, stdout, + params->newline); } else if (params->bsd_style) { - fprintf(outfile, "%s (%s) = ", params->name.bsdname, + fprintf(outfile, "%s (%s) = ", + params->name.bsdname, filename ? filename : "-"); - bin2print(md, hashlen, NULL, outfile, 1); + bin2print(md, hashlen, NULL, outfile, + params->newline); } else { bin2print(md, hashlen, filename ? filename : "-", - outfile, 1); + outfile, params->newline); } ret = 0; } @@ -351,7 +379,7 @@ out: if (memblock) - munmap(memblock, size); + munmap(memblock, mapped); return ret; } @@ -386,10 +414,16 @@ static char *get_hmac_file(const char *filename, const char *checkdir) { size_t i, filelen, pathlen, namelen, basenamestart = 0; - size_t prefixlen = strlen(CHECK_PREFIX); + const char *check_prefix = CHECK_PREFIX; + size_t prefixlen = strlen(check_prefix); size_t suffixlen = strlen(CHECK_SUFFIX); char *cursor, *checkfile = NULL; + if (prefixlen == 0 && checkdir == NULL) { + check_prefix = "."; + prefixlen = 1; + } + filelen = strlen(filename); if (filelen > 4096) { fprintf(stderr, "File too long\n"); @@ -415,7 +449,7 @@ } else if (pathlen > 0) cursor = paste(cursor, filename, pathlen); - cursor = paste(cursor, CHECK_PREFIX, prefixlen); + cursor = paste(cursor, check_prefix, prefixlen); cursor = paste(cursor, filename + basenamestart, namelen); cursor = paste(cursor, "."CHECK_SUFFIX, 1 + suffixlen); strncpy(cursor, "\0", 1); @@ -439,7 +473,8 @@ return -EFAULT; } if (params->key.data) { - ret = kcapi_md_setkey(handle, params->key.data, params->key.len); + ret = kcapi_md_setkey(handle, params->key.data, + (uint32_t)params->key.len); if (ret) { fprintf(stderr, "Setting HMAC key for %s failed (%d)\n", hashname, ret); @@ -512,7 +547,8 @@ return -EFAULT; } if (params->key.data) { - ret = kcapi_md_setkey(handle, params->key.data, params->key.len); + ret = kcapi_md_setkey(handle, params->key.data, + (uint32_t)params->key.len); if (ret) { fprintf(stderr, "Setting HMAC key for %s failed (%d)\n", hashname, ret); @@ -532,7 +568,7 @@ char *filename = NULL; // parsed file name char *hexhash = NULL; // parsed hex value of hash uint32_t hexhashlen = 0; // length of hash hex value - uint32_t linelen = strlen(buf); + uint32_t linelen = (uint32_t)strlen(buf); uint32_t i; uint32_t bsd_style = 0; // >0 if --tag formatted style @@ -669,7 +705,7 @@ #define BUFSIZE 4096 char selfname[BUFSIZE]; char *names[] = { selfname }; - int32_t selfnamesize = 0; + ssize_t selfnamesize = 0; Dl_info info; void *dl = NULL, *sym; @@ -694,7 +730,7 @@ } } - n = fread((void *)fipsflag, 1, 1, fipsfile); + n = (uint32_t)fread((void *)fipsflag, 1, 1, fipsfile); fclose(fipsfile); if (n != 1) { fprintf(stderr, "Cannot read FIPS flag\n"); @@ -797,11 +833,14 @@ .key = { NULL, NULL, 0 }, .hashlen = 0, .bsd_style = 0, + .newline = 1, }; const struct hash_params *params_self; char *basec = NULL; const char *basen = NULL; int ret = -EFAULT; + /* File memory-mapping size limit set at 64MB in 32bit and 1GB in 64bit virtual memory space */ + size_t mapped = (sizeof(void*) == 4) ? 64<<20 : 1<<30; char *checkfile = NULL; const char *targetfile = NULL; @@ -821,7 +860,7 @@ {0, 0, 0, 0} }; - static const char *opts_short = "c:uh:t:SLqk:K:vbd:P"; + static const char *opts_short = "c:uh:t:SLqk:K:vbd:Pz"; static const struct option opts[] = { {"help", 0, 0, 0}, {"tag", 0, 0, 0}, @@ -924,6 +963,7 @@ params_self = &PARAMS_SELF_HMACCALC; } else { fprintf(stderr, "Unknown invocation name: %s\n", basen); + usage(argv[0], fipscheck); ret = 1; goto out; } @@ -962,7 +1002,7 @@ case 'u': if (hmackey_alloc) { kcapi_memset_secure(hmackey_alloc, 0, - params.key.len); + (uint32_t)params.key.len); free(hmackey_alloc); hmackey_alloc = NULL; } else if (hmackey_mmap) { @@ -1016,21 +1056,25 @@ case 'k': if (hmackey_alloc) { kcapi_memset_secure(hmackey_alloc, 0, - params.key.len); + (uint32_t)params.key.len); free(hmackey_alloc); hmackey_alloc = NULL; } else if (hmackey_mmap) { munmap(hmackey_mmap, params.key.len); hmackey_mmap = NULL; } - ret = mmap_file(optarg, &hmackey_mmap, ¶ms.key.len); + params.key.len = 0; + ret = mmap_file(optarg, &hmackey_mmap, + ¶ms.key.len, + &mapped, 0); if (!ret) { params.key.data = hmackey_mmap; hmac = 1; break; } /* fallback to normal file I/O: */ - ret = load_file(optarg, &hmackey_alloc, ¶ms.key.len); + ret = load_file(optarg, &hmackey_alloc, + ¶ms.key.len); if (ret) { ret = 1; goto out; @@ -1041,7 +1085,7 @@ case 'K': if (hmackey_alloc) { kcapi_memset_secure(hmackey_alloc, 0, - params.key.len); + (uint32_t)params.key.len); free(hmackey_alloc); hmackey_alloc = NULL; } else if (hmackey_mmap) { @@ -1069,6 +1113,9 @@ case 'P': /* Compatibility options, just ignore */ break; + case 'z': + params.newline = 2; + break; default: usage(argv[0], fipscheck); ret = 1; @@ -1128,7 +1175,8 @@ } if (!checkfile) - ret = hash_files(¶ms, argv + optind, (argc - optind), + ret = hash_files(¶ms, argv + optind, + (uint32_t)(argc - optind), fipshmac, checkdir, 0); else if (optind == argc) ret = process_checkfile(¶ms, checkfile, targetfile, loglevel); @@ -1144,7 +1192,7 @@ if (checkfile) free(checkfile); if (hmackey_alloc) { - kcapi_memset_secure(hmackey_alloc, 0, params.key.len); + kcapi_memset_secure(hmackey_alloc, 0, (uint32_t)params.key.len); free(hmackey_alloc); } else if (hmackey_mmap) { munmap(hmackey_mmap, params.key.len); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/apps/kcapi-rng.1 new/libkcapi-1.2.0/apps/kcapi-rng.1 --- old/libkcapi-1.1.5/apps/kcapi-rng.1 2019-01-06 13:27:51.000000000 +0100 +++ new/libkcapi-1.2.0/apps/kcapi-rng.1 2020-05-24 22:09:52.000000000 +0200 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2017 - 2019 by Stephan Mueller ([email protected]) +.\" Copyright (c) 2017 - 2020 by Stephan Mueller ([email protected]) .\" .\" Permission is granted to make and distribute verbatim copies of this .\" manual provided the copyright notice and this permission notice are diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/apps/kcapi-rng.c new/libkcapi-1.2.0/apps/kcapi-rng.c --- old/libkcapi-1.1.5/apps/kcapi-rng.c 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/apps/kcapi-rng.c 2020-05-24 22:09:53.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/configure.ac new/libkcapi-1.2.0/configure.ac --- old/libkcapi-1.1.5/configure.ac 2019-07-31 09:59:51.000000000 +0200 +++ new/libkcapi-1.2.0/configure.ac 2020-05-05 22:18:36.000000000 +0200 @@ -10,8 +10,8 @@ dnl enhancements, bug fixes only. Versions with dnl a decimal point are pre-releases. m4_define([__KCAPI_MAJVERSION], [1]) -m4_define([__KCAPI_MINVERSION], [1]) -m4_define([__KCAPI_PATCHLEVEL], [5]) +m4_define([__KCAPI_MINVERSION], [2]) +m4_define([__KCAPI_PATCHLEVEL], [0]) m4_define([KCAPI_VERSION], [__KCAPI_MAJVERSION.__KCAPI_MINVERSION.__KCAPI_PATCHLEVEL]) AC_INIT([libkcapi], [KCAPI_VERSION]) @@ -158,6 +158,10 @@ AC_DEFINE_UNQUOTED(CHECK_DIR,"$CHECK_DIR",[Define to the directory which contains the hmac for a binary.]) ]) +AC_SYS_LARGEFILE +AC_TYPE_OFF_T +AC_FUNC_FSEEKO + PKG_INSTALLDIR if test "x$pkgconfigdir" = "x"; then pkgconfigdir="${libdir}/pkgconfig" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/kernel-patches/4.14-rc1/asym/v9-0003-crypto-AF_ALG-add-asymmetric-cipher.patch new/libkcapi-1.2.0/kernel-patches/4.14-rc1/asym/v9-0003-crypto-AF_ALG-add-asymmetric-cipher.patch --- old/libkcapi-1.1.5/kernel-patches/4.14-rc1/asym/v9-0003-crypto-AF_ALG-add-asymmetric-cipher.patch 2019-01-06 13:27:51.000000000 +0100 +++ new/libkcapi-1.2.0/kernel-patches/4.14-rc1/asym/v9-0003-crypto-AF_ALG-add-asymmetric-cipher.patch 2020-05-24 22:09:53.000000000 +0200 @@ -59,7 +59,7 @@ +/* + * algif_akcipher: User-space interface for asymmetric cipher algorithms + * -+ * Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> ++ * Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> + * + * This file provides the user-space API for asymmetric ciphers. + * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/kernel-patches/4.14-rc1/kpp/v2-0008-crypto-AF_ALG-add-KPP-support.patch new/libkcapi-1.2.0/kernel-patches/4.14-rc1/kpp/v2-0008-crypto-AF_ALG-add-KPP-support.patch --- old/libkcapi-1.1.5/kernel-patches/4.14-rc1/kpp/v2-0008-crypto-AF_ALG-add-KPP-support.patch 2019-01-06 13:27:51.000000000 +0100 +++ new/libkcapi-1.2.0/kernel-patches/4.14-rc1/kpp/v2-0008-crypto-AF_ALG-add-KPP-support.patch 2020-05-24 22:09:53.000000000 +0200 @@ -99,7 +99,7 @@ +/* + * algif_kpp: User-space interface for key protocol primitives algorithms + * -+ * Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> ++ * Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> + * + * This file provides the user-space API for key protocol primitives. + * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/kernel-patches/4.15-rc3/asym/v10-0003-crypto-AF_ALG-add-asymmetric-cipher.patch new/libkcapi-1.2.0/kernel-patches/4.15-rc3/asym/v10-0003-crypto-AF_ALG-add-asymmetric-cipher.patch --- old/libkcapi-1.1.5/kernel-patches/4.15-rc3/asym/v10-0003-crypto-AF_ALG-add-asymmetric-cipher.patch 2019-01-06 13:27:51.000000000 +0100 +++ new/libkcapi-1.2.0/kernel-patches/4.15-rc3/asym/v10-0003-crypto-AF_ALG-add-asymmetric-cipher.patch 2020-05-24 22:09:53.000000000 +0200 @@ -59,7 +59,7 @@ +/* + * algif_akcipher: User-space interface for asymmetric cipher algorithms + * -+ * Copyright (C) 2018 - 2019, Stephan Mueller <[email protected]> ++ * Copyright (C) 2018 - 2020, Stephan Mueller <[email protected]> + * + * This file provides the user-space API for asymmetric ciphers. + * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/kernel-patches/4.15-rc3/kpp/v3-0008-crypto-AF_ALG-add-KPP-support.patch new/libkcapi-1.2.0/kernel-patches/4.15-rc3/kpp/v3-0008-crypto-AF_ALG-add-KPP-support.patch --- old/libkcapi-1.1.5/kernel-patches/4.15-rc3/kpp/v3-0008-crypto-AF_ALG-add-KPP-support.patch 2019-01-06 13:27:51.000000000 +0100 +++ new/libkcapi-1.2.0/kernel-patches/4.15-rc3/kpp/v3-0008-crypto-AF_ALG-add-KPP-support.patch 2020-05-24 22:09:53.000000000 +0200 @@ -99,7 +99,7 @@ +/* + * algif_kpp: User-space interface for key protocol primitives algorithms + * -+ * Copyright (C) 2018 - 2019, Stephan Mueller <[email protected]> ++ * Copyright (C) 2018 - 2020, Stephan Mueller <[email protected]> + * + * This file provides the user-space API for key protocol primitives. + * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/atomic.h new/libkcapi-1.2.0/lib/atomic.h --- old/libkcapi-1.1.5/lib/atomic.h 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/lib/atomic.h 2020-05-24 22:09:53.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2018 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2018 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/doc/libkcapi.tmpl new/libkcapi-1.2.0/lib/doc/libkcapi.tmpl --- old/libkcapi-1.1.5/lib/doc/libkcapi.tmpl 2018-08-20 14:21:43.000000000 +0200 +++ new/libkcapi-1.2.0/lib/doc/libkcapi.tmpl 2020-05-05 22:23:02.000000000 +0200 @@ -791,6 +791,7 @@ !Fkcapi.h kcapi_cipher_stream_init_enc !Fkcapi.h kcapi_cipher_stream_init_dec !Fkcapi.h kcapi_cipher_stream_update +!Fkcapi.h kcapi_cipher_stream_update_last !Fkcapi.h kcapi_cipher_stream_op </sect1> <sect1><title>AEAD Cipher API - Generic</title> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/internal.h new/libkcapi-1.2.0/lib/internal.h --- old/libkcapi-1.1.5/lib/internal.h 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/lib/internal.h 2020-05-24 22:09:53.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2016 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/kcapi-aead.c new/libkcapi-1.2.0/lib/kcapi-aead.c --- old/libkcapi-1.1.5/lib/kcapi-aead.c 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/lib/kcapi-aead.c 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ /* Kernel crypto API AF_ALG AEAD API * - * Copyright (C) 2016 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2016 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/kcapi-asym.c new/libkcapi-1.2.0/lib/kcapi-asym.c --- old/libkcapi-1.1.5/lib/kcapi-asym.c 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/lib/kcapi-asym.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,6 +1,6 @@ /* Kernel crypto API AF_ALG Asymmetric Cipher API * - * Copyright (C) 2016 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2016 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/kcapi-kdf.c new/libkcapi-1.2.0/lib/kcapi-kdf.c --- old/libkcapi-1.1.5/lib/kcapi-kdf.c 2019-05-27 11:28:27.000000000 +0200 +++ new/libkcapi-1.2.0/lib/kcapi-kdf.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,6 +1,6 @@ /* Kernel crypto API AF_ALG SP800-108 / SP800-132 KDF API * - * Copyright (C) 2016 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2016 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * @@ -54,6 +54,24 @@ #include "kcapi.h" #include "internal.h" +#ifndef __has_builtin +# define __has_builtin(x) 0 +#endif + +#define GCC_VERSION (__GNUC__ * 10000 \ + + __GNUC_MINOR__ * 100 \ + + __GNUC_PATCHLEVEL__) +#if GCC_VERSION >= 40400 || (defined(__clang__) && __has_builtin(__builtin_bswap32)) +# define __HAVE_BUILTIN_BSWAP32__ +#endif + +/* Endian dependent byte swap operations. */ +#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +# define be_bswap32(x) ((uint32_t)(x)) +#elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +# ifdef __HAVE_BUILTIN_BSWAP32__ +# define be_bswap32(x) (uint32_t)__builtin_bswap32((uint32_t)(x)) +# else static inline uint32_t rol32(uint32_t x, int n) { return ( (x << (n&(32-1))) | (x >> ((32-n)&(32-1))) ); @@ -68,27 +86,10 @@ { return ((rol32(x, 8) & 0x00ff00ffL) | (ror32(x, 8) & 0xff00ff00L)); } - -#define GCC_VERSION (__GNUC__ * 10000 \ - + __GNUC_MINOR__ * 100 \ - + __GNUC_PATCHLEVEL__) -#if GCC_VERSION >= 40400 -# define __HAVE_BUILTIN_BSWAP32__ -#endif - -#ifdef __HAVE_BUILTIN_BSWAP32__ -# define _swap32(x) (uint32_t)__builtin_bswap32((uint32_t)(x)) +# define be_bswap32(x) _bswap32(x) +# endif #else -# define _swap32(x) _bswap32(x) -#endif - -/* Endian dependent byte swap operations. */ -#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ -# define be_bswap32(x) ((uint32_t)(x)) -#elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -# define be_bswap32(x) _swap32(x) -#else -#error "Endianess not defined" +# error "Endianess not defined" #endif DSO_PUBLIC @@ -546,6 +547,9 @@ if (keylen > INT_MAX) return -EMSGSIZE; + if (count == 0) + return -EINVAL; + err = kcapi_md_init(&handle, hashname, 0); if (err) return err; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/kcapi-kernel-if.c new/libkcapi-1.2.0/lib/kcapi-kernel-if.c --- old/libkcapi-1.1.5/lib/kcapi-kernel-if.c 2019-07-31 08:59:22.000000000 +0200 +++ new/libkcapi-1.2.0/lib/kcapi-kernel-if.c 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ /* Kernel crypto API AF_ALG interface code * - * Copyright (C) 2015 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2015 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/kcapi-kpp.c new/libkcapi-1.2.0/lib/kcapi-kpp.c --- old/libkcapi-1.1.5/lib/kcapi-kpp.c 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/lib/kcapi-kpp.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,6 +1,6 @@ /* Kernel crypto API AF_ALG Key-Agreement Protocol Primitives API * - * Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/kcapi-md.c new/libkcapi-1.2.0/lib/kcapi-md.c --- old/libkcapi-1.1.5/lib/kcapi-md.c 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/lib/kcapi-md.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,6 +1,6 @@ /* Kernel crypto API AF_ALG Message Digest API * - * Copyright (C) 2016 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2016 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/kcapi-rng.c new/libkcapi-1.2.0/lib/kcapi-rng.c --- old/libkcapi-1.1.5/lib/kcapi-rng.c 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/lib/kcapi-rng.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,6 +1,6 @@ /* Kernel crypto API AF_ALG Random Number Generator API * - * Copyright (C) 2016 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2016 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/kcapi-sym.c new/libkcapi-1.2.0/lib/kcapi-sym.c --- old/libkcapi-1.1.5/lib/kcapi-sym.c 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/lib/kcapi-sym.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,6 +1,6 @@ /* Kernel crypto API AF_ALG Symmetric Cipher API * - * Copyright (C) 2016 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2016 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * @@ -185,6 +185,16 @@ } DSO_PUBLIC +int32_t kcapi_cipher_stream_update_last(struct kcapi_handle *handle, + struct iovec *iov, uint32_t iovlen) +{ + if (handle->processed_sg <= handle->flags.alg_max_pages) + return _kcapi_common_vmsplice_iov(handle, iov, iovlen, 0); + else + return _kcapi_common_send_data(handle, iov, iovlen, 0); +} + +DSO_PUBLIC int32_t kcapi_cipher_stream_op(struct kcapi_handle *handle, struct iovec *iov, uint32_t iovlen) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/kcapi-utils.c new/libkcapi-1.2.0/lib/kcapi-utils.c --- old/libkcapi-1.1.5/lib/kcapi-utils.c 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/lib/kcapi-utils.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,6 +1,6 @@ /* libkcapi Utilities API * - * Copyright (C) 2016 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2016 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/kcapi.h new/libkcapi-1.2.0/lib/kcapi.h --- old/libkcapi-1.1.5/lib/kcapi.h 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/lib/kcapi.h 2020-05-24 22:09:53.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2015 - 2020, Stephan Mueller <[email protected]> * * License: see COPYING file in root directory * @@ -382,6 +382,37 @@ struct iovec *iov, uint32_t iovlen); /** + * kcapi_cipher_stream_update_last() - send last data for processing (stream) + * + * @handle: [in] cipher handle + * @iov: [in] scatter/gather list with data to be processed by the cipher + * operation. + * @iovlen: [in] number of scatter/gather list elements. + * + * Using this function call, more plaintext for encryption or ciphertext for + * decryption can be submitted to the kernel. + * + * This call is identical to the kcapi_cipher_stream_update() call with the + * exception that it marks the last data buffer before the cipher operation + * is triggered. This is call is important for stream ciphers like CTR or CTS + * mode when providing the last block. It is permissible to provide a zero + * buffer if all data including the last block is already provided by + * kcapi_cipher_stream_update. + * + * WARNING: If this call is not made for stream ciphers with input data + * that is not a multiple of the block size of the block cipher, the kernel + * will not return the last block that contains less data than the block + * size of the block cipher. For example, sending 257 bytes of data to be + * encrypted with ctr(aes), the kernel will return only 256 bytes without + * this call. + * + * @return number of bytes sent to the kernel upon success; + * a negative errno-style error code if an error occurred + */ +int32_t kcapi_cipher_stream_update_last(struct kcapi_handle *handle, + struct iovec *iov, uint32_t iovlen); + +/** * kcapi_cipher_stream_op() - obtain processed data (stream) * * @handle: [in] cipher handle diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/lib/version.lds new/libkcapi-1.2.0/lib/version.lds --- old/libkcapi-1.1.5/lib/version.lds 2019-07-31 10:00:13.000000000 +0200 +++ new/libkcapi-1.2.0/lib/version.lds 2020-05-05 22:18:21.000000000 +0200 @@ -148,3 +148,7 @@ LIBKCAPI_1.1.5 { } LIBKCAPI_1.1.4; + +LIBKCAPI_1.2.0 { + kcapi_cipher_stream_update_last; +} LIBKCAPI_1.1.5; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/speed-test/cryptoperf-aead.c new/libkcapi-1.2.0/speed-test/cryptoperf-aead.c --- old/libkcapi-1.1.5/speed-test/cryptoperf-aead.c 2019-01-06 13:27:49.000000000 +0100 +++ new/libkcapi-1.2.0/speed-test/cryptoperf-aead.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2015 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/speed-test/cryptoperf-base.c new/libkcapi-1.2.0/speed-test/cryptoperf-base.c --- old/libkcapi-1.1.5/speed-test/cryptoperf-base.c 2019-01-06 13:27:49.000000000 +0100 +++ new/libkcapi-1.2.0/speed-test/cryptoperf-base.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2015 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/speed-test/cryptoperf-hash.c new/libkcapi-1.2.0/speed-test/cryptoperf-hash.c --- old/libkcapi-1.1.5/speed-test/cryptoperf-hash.c 2019-01-06 13:27:49.000000000 +0100 +++ new/libkcapi-1.2.0/speed-test/cryptoperf-hash.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2015 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/speed-test/cryptoperf-main.c new/libkcapi-1.2.0/speed-test/cryptoperf-main.c --- old/libkcapi-1.1.5/speed-test/cryptoperf-main.c 2019-07-31 09:04:38.000000000 +0200 +++ new/libkcapi-1.2.0/speed-test/cryptoperf-main.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2015 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/speed-test/cryptoperf-rng.c new/libkcapi-1.2.0/speed-test/cryptoperf-rng.c --- old/libkcapi-1.1.5/speed-test/cryptoperf-rng.c 2019-01-06 13:27:49.000000000 +0100 +++ new/libkcapi-1.2.0/speed-test/cryptoperf-rng.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2015 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/speed-test/cryptoperf-skcipher.c new/libkcapi-1.2.0/speed-test/cryptoperf-skcipher.c --- old/libkcapi-1.1.5/speed-test/cryptoperf-skcipher.c 2019-01-06 13:27:49.000000000 +0100 +++ new/libkcapi-1.2.0/speed-test/cryptoperf-skcipher.c 2020-05-24 22:09:54.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2015 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/speed-test/cryptoperf.h new/libkcapi-1.2.0/speed-test/cryptoperf.h --- old/libkcapi-1.1.5/speed-test/cryptoperf.h 2019-01-06 13:27:49.000000000 +0100 +++ new/libkcapi-1.2.0/speed-test/cryptoperf.h 2020-05-24 22:09:54.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2015 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/compile-test.sh new/libkcapi-1.2.0/test/compile-test.sh --- old/libkcapi-1.1.5/test/compile-test.sh 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/test/compile-test.sh 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> +# Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> # # License: see LICENSE file in root directory # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/hasher-test.sh new/libkcapi-1.2.0/test/hasher-test.sh --- old/libkcapi-1.1.5/test/hasher-test.sh 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/test/hasher-test.sh 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> +# Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> # # License: see LICENSE file in root directory # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/kcapi-convenience.c new/libkcapi-1.2.0/test/kcapi-convenience.c --- old/libkcapi-1.1.5/test/kcapi-convenience.c 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/test/kcapi-convenience.c 2020-05-24 22:09:53.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/kcapi-convenience.sh new/libkcapi-1.2.0/test/kcapi-convenience.sh --- old/libkcapi-1.1.5/test/kcapi-convenience.sh 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/test/kcapi-convenience.sh 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> +# Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> # # License: see LICENSE file in root directory # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/kcapi-dgst-test.sh new/libkcapi-1.2.0/test/kcapi-dgst-test.sh --- old/libkcapi-1.1.5/test/kcapi-dgst-test.sh 2019-01-06 13:27:49.000000000 +0100 +++ new/libkcapi-1.2.0/test/kcapi-dgst-test.sh 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> +# Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> # # License: see LICENSE file in root directory # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/kcapi-enc-test-large.c new/libkcapi-1.2.0/test/kcapi-enc-test-large.c --- old/libkcapi-1.1.5/test/kcapi-enc-test-large.c 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/test/kcapi-enc-test-large.c 2020-05-24 22:09:53.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/kcapi-enc-test-large.sh new/libkcapi-1.2.0/test/kcapi-enc-test-large.sh --- old/libkcapi-1.1.5/test/kcapi-enc-test-large.sh 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/test/kcapi-enc-test-large.sh 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> +# Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> # # License: see LICENSE file in root directory # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/kcapi-enc-test.sh new/libkcapi-1.2.0/test/kcapi-enc-test.sh --- old/libkcapi-1.1.5/test/kcapi-enc-test.sh 2019-01-06 13:27:49.000000000 +0100 +++ new/libkcapi-1.2.0/test/kcapi-enc-test.sh 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> +# Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> # # License: see LICENSE file in root directory # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/kcapi-fuzz-test.sh new/libkcapi-1.2.0/test/kcapi-fuzz-test.sh --- old/libkcapi-1.1.5/test/kcapi-fuzz-test.sh 2019-01-06 13:27:50.000000000 +0100 +++ new/libkcapi-1.2.0/test/kcapi-fuzz-test.sh 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> +# Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> # # License: see LICENSE file in root directory # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/kcapi-main.c new/libkcapi-1.2.0/test/kcapi-main.c --- old/libkcapi-1.1.5/test/kcapi-main.c 2019-05-27 12:03:46.000000000 +0200 +++ new/libkcapi-1.2.0/test/kcapi-main.c 2020-05-24 22:09:53.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 - 2019, Stephan Mueller <[email protected]> + * Copyright (C) 2014 - 2020, Stephan Mueller <[email protected]> * * License: see LICENSE file in root directory * @@ -237,7 +237,7 @@ static int get_random(uint8_t *buf, uint32_t buflen, unsigned int flags) { - int ret; + int ret = 0; if (buflen > INT_MAX) return 1; @@ -759,7 +759,7 @@ fprintf(stderr, "\t\t0 for encryption\n"); fprintf(stderr, "\t\t1 for decryption\n"); fprintf(stderr, "\t\t2 for signing\n"); - fprintf(stderr, "\t\t2 for verification\n"); + fprintf(stderr, "\t\t3 for verification\n"); fprintf(stderr, "\t-c --cipher\tKernel Crypto API cipher name to be used for operation\n"); fprintf(stderr, "\t-p --pt\t\tPlaintext used during encryption / message digest\n"); fprintf(stderr, "\t-q --ct\t\tCiphertext used during decryption\n"); @@ -894,13 +894,12 @@ pid_t pid; pid = fork(); - if (!pid) + if (pid) + /* parent - return and continue */ return; - - sleep(1); } - ret = kcapi_cipher_stream_update(handle, iov, 1); + ret = kcapi_cipher_stream_update_last(handle, iov, 1); if (0 > ret) printf("Sending of data failed\n"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/libtest.sh new/libkcapi-1.2.0/test/libtest.sh --- old/libkcapi-1.1.5/test/libtest.sh 2019-05-27 08:00:29.000000000 +0200 +++ new/libkcapi-1.2.0/test/libtest.sh 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> +# Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> # # License: see LICENSE file in root directory # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/test-invocation.sh new/libkcapi-1.2.0/test/test-invocation.sh --- old/libkcapi-1.1.5/test/test-invocation.sh 2019-01-06 13:27:49.000000000 +0100 +++ new/libkcapi-1.2.0/test/test-invocation.sh 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2016 - 2019, Stephan Mueller <[email protected]> +# Copyright (C) 2016 - 2020, Stephan Mueller <[email protected]> # # License: see LICENSE file in root directory # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/test.sh new/libkcapi-1.2.0/test/test.sh --- old/libkcapi-1.1.5/test/test.sh 2019-07-31 09:03:39.000000000 +0200 +++ new/libkcapi-1.2.0/test/test.sh 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2014 - 2019, Stephan Mueller <[email protected]> +# Copyright (C) 2014 - 2020, Stephan Mueller <[email protected]> # # License: see LICENSE file in root directory # @@ -630,6 +630,8 @@ aligned=$3 aiofallback=$4 + SYMEXEC="1 2 3 4 5 6 7 8 9 10 11 12" + if [ x"$stream" = x"X" ] then stream="" @@ -661,6 +663,10 @@ then sout="multithreaded" stream="-s -j" + + # Disable XTS tests for multi-threading due to the issue + # discussed in https://github.com/smuellerDD/libkcapi/issues/92 + SYMEXEC="1 2 3 4 5 6 7" else sout="one shot" fi @@ -677,7 +683,6 @@ return 0 fi - SYMEXEC="1 2 3 4 5 6 7 8 9 10 11 12" for i in $SYMEXEC do eval SYM_name=\$SYM_name_$i @@ -1464,9 +1469,13 @@ multipletest_sym 1 # sync, no splice, one shot sendmsg multipletest_sym 1 -s # sync, no splice, stream sendmsg multipletest_sym 1 -v # sync, splice -multipletest_sym 9 X -g # async, AIO fallback, no splice, one shot sendmsg -multipletest_sym 9 -s -g # async, AIO fallback, no splice, stream sendmsg -multipletest_sym 9 -v -g # async, AIO fallback, splice + +# Parallel AIO requests are undefined - it may be the case that such parallel +# requests are serialized by the driver or that they are processed independently +# of each other. +#multipletest_sym 9 X -g # async, AIO fallback, no splice, one shot sendmsg +#multipletest_sym 9 -s -g # async, AIO fallback, no splice, stream sendmsg +#multipletest_sym 9 -v -g # async, AIO fallback, splice if $(check_min_kernelver 4 14); then symfunc 9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libkcapi-1.1.5/test/virttest.sh new/libkcapi-1.2.0/test/virttest.sh --- old/libkcapi-1.1.5/test/virttest.sh 2019-05-27 07:42:20.000000000 +0200 +++ new/libkcapi-1.2.0/test/virttest.sh 2020-05-24 22:09:53.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (C) 2017 - 2019, Stephan Mueller <[email protected]> +# Copyright (C) 2017 - 2020, Stephan Mueller <[email protected]> # # License: see LICENSE file in root directory #
