From 58062ba654b645d7201f1e0d9b91b9f711ac64ad Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Thu, 30 Aug 2018 23:54:38 -0700 Subject: libkcapi: Upgrade to 1.1.3 Drop upstream patches Signed-off-by: Khem Raj Cc: Krzysztof Kozlowski --- ...e-buffer-overflow-with-strncpy-and-Wstrin.patch | 50 ---------------- ...e-Wstringop-truncation-warning-on-false-p.patch | 67 ---------------------- ...e-to-terminate-strncpy-copied-string-Wstr.patch | 37 ------------ meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb | 9 +-- 4 files changed, 3 insertions(+), 160 deletions(-) delete mode 100644 meta-oe/recipes-crypto/libkcapi/files/0001-Fix-possible-buffer-overflow-with-strncpy-and-Wstrin.patch delete mode 100644 meta-oe/recipes-crypto/libkcapi/files/0002-apps-Disable-Wstringop-truncation-warning-on-false-p.patch delete mode 100644 meta-oe/recipes-crypto/libkcapi/files/0003-test-Be-sure-to-terminate-strncpy-copied-string-Wstr.patch (limited to 'meta-oe/recipes-crypto') diff --git a/meta-oe/recipes-crypto/libkcapi/files/0001-Fix-possible-buffer-overflow-with-strncpy-and-Wstrin.patch b/meta-oe/recipes-crypto/libkcapi/files/0001-Fix-possible-buffer-overflow-with-strncpy-and-Wstrin.patch deleted file mode 100644 index f35f631c60..0000000000 --- a/meta-oe/recipes-crypto/libkcapi/files/0001-Fix-possible-buffer-overflow-with-strncpy-and-Wstrin.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 303c766d67cef5c357e9b3d3a97f7b480d29e1cb Mon Sep 17 00:00:00 2001 -From: Krzysztof Kozlowski -Date: Thu, 12 Jul 2018 18:13:16 +0200 -Subject: [PATCH 1/3] Fix possible buffer overflow with strncpy and - -Wstringop-truncation warning - -If valid cipher name (to which netlink socket was bound) is longer than -CRYPTO_MAX_ALG_NAME defined in lib/cryptouser.h, then the strncpy() will -try to copy length of this cipher name into smaller buffer. - -In libkcapi the CRYPTO_MAX_ALG_NAME (thus the size of the buffer) is -defined as 64 but since commit f437a3f477cc ("crypto: api - Extend -algorithm name limit to 128 bytes") in Linux kernel (v4.12), the kernel -defines it as 128. - -It is error-prone to use source buffer length as limit of dst buffer. -Instead choose sizeof(dst buffer). - -This also fixes the warning with GCC v8.1.0: - - lib/kcapi-kernel-if.c: In function '__kcapi_common_getinfo.isra.2': - lib/kcapi-kernel-if.c:632:3: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation] - strncpy(req.cru.cru_name, ciphername, strlen(ciphername)); - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Signed-off-by: Krzysztof Kozlowski -Upstream-Status: Submitted ---- - lib/kcapi-kernel-if.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c -index 2481f8abde63..807cbfe219cd 100644 ---- a/lib/kcapi-kernel-if.c -+++ b/lib/kcapi-kernel-if.c -@@ -627,9 +627,9 @@ static int __kcapi_common_getinfo(struct kcapi_handle *handle, - - if (drivername) - strncpy(req.cru.cru_driver_name, ciphername, -- strlen(ciphername)); -+ sizeof(req.cru.cru_driver_name) - 1); - else -- strncpy(req.cru.cru_name, ciphername, strlen(ciphername)); -+ strncpy(req.cru.cru_name, ciphername, sizeof(req.cru.cru_name) - 1); - - /* talk to netlink socket */ - sd = socket(AF_NETLINK, SOCK_RAW, NETLINK_CRYPTO); --- -2.7.4 - diff --git a/meta-oe/recipes-crypto/libkcapi/files/0002-apps-Disable-Wstringop-truncation-warning-on-false-p.patch b/meta-oe/recipes-crypto/libkcapi/files/0002-apps-Disable-Wstringop-truncation-warning-on-false-p.patch deleted file mode 100644 index ba76599fd8..0000000000 --- a/meta-oe/recipes-crypto/libkcapi/files/0002-apps-Disable-Wstringop-truncation-warning-on-false-p.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 88f1a8fe4697b0921f39fcd9c7efc4a0486cf91b Mon Sep 17 00:00:00 2001 -From: Krzysztof Kozlowski -Date: Thu, 12 Jul 2018 18:13:24 +0200 -Subject: [PATCH 2/3] apps: Disable -Wstringop-truncation warning on false - positives - -The GCC v8.1.0 warns: - - In function 'paste', - inlined from 'get_hmac_file' at apps/kcapi-hasher.c:395:11: - apps/kcapi-hasher.c:346:2: error: 'strncpy' destination unchanged after copying no bytes [-Werror=stringop-truncation] - strncpy(dst, src, size); - ^~~~~~~~~~~~~~~~~~~~~~~ - -These are false positives because at the end of paste() calls, the buffer is -NULL terminated. - -Signed-off-by: Krzysztof Kozlowski -Upstream-Status: Submitted ---- - apps/kcapi-hasher.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c -index ae88211ff4dd..4052260bf871 100644 ---- a/apps/kcapi-hasher.c -+++ b/apps/kcapi-hasher.c -@@ -61,6 +61,10 @@ - - #include "app-internal.h" - -+#define GCC_VERSION (__GNUC__ * 10000 \ -+ + __GNUC_MINOR__ * 100 \ -+ + __GNUC_PATCHLEVEL__) -+ - struct hash_name { - const char *kcapiname; - const char *bsdname; -@@ -341,6 +345,17 @@ out: - return ret; - } - -+/* -+ * GCC v8.1.0 introduced -Wstringop-truncation but it is not smart enough to -+ * find that cursor string will be NULL-terminated after all paste() calls and -+ * warns with: -+ * error: 'strncpy' destination unchanged after copying no bytes [-Werror=stringop-truncation] -+ * error: 'strncpy' output truncated before terminating nul copying 5 bytes from a string of the same length [-Werror=stringop-truncation] -+ */ -+#pragma GCC diagnostic push -+#if GCC_VERSION >= 80100 -+#pragma GCC diagnostic ignored "-Wstringop-truncation" -+#endif - static char *paste(char *dst, const char *src, size_t size) - { - strncpy(dst, src, size); -@@ -398,6 +413,7 @@ static char *get_hmac_file(const char *filename, const char *subdir) - strncpy(cursor, "\0", 1); - return checkfile; - } -+#pragma GCC diagnostic pop /* -Wstringop-truncation */ - - static int hash_files(const struct hash_params *params, - char *filenames[], uint32_t files, --- -2.7.4 - diff --git a/meta-oe/recipes-crypto/libkcapi/files/0003-test-Be-sure-to-terminate-strncpy-copied-string-Wstr.patch b/meta-oe/recipes-crypto/libkcapi/files/0003-test-Be-sure-to-terminate-strncpy-copied-string-Wstr.patch deleted file mode 100644 index 885f3ca124..0000000000 --- a/meta-oe/recipes-crypto/libkcapi/files/0003-test-Be-sure-to-terminate-strncpy-copied-string-Wstr.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 505d949dcb6b756f6db6588d3425d9cd6108c77f Mon Sep 17 00:00:00 2001 -From: Krzysztof Kozlowski -Date: Thu, 12 Jul 2018 18:13:32 +0200 -Subject: [PATCH 3/3] test: Be sure to terminate strncpy() copied string - (-Wstringop-truncation) - -strncpy() might not NULL-terminate the buffer. This fixes GCC v8.1.0 warning: - - test/kcapi-main.c: In function 'main': - test/kcapi-main.c:3123:5: error: 'strncpy' specified bound 63 equals destination size [-Werror=stringop-truncation] - strncpy(cavs_test.cipher, optarg, - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - CIPHERMAXNAME); - ~~~~~~~~~~~~~~ - -Signed-off-by: Krzysztof Kozlowski -Upstream-Status: Submitted ---- - test/kcapi-main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/kcapi-main.c b/test/kcapi-main.c -index 835249987aa5..c167b7f61809 100644 ---- a/test/kcapi-main.c -+++ b/test/kcapi-main.c -@@ -3121,7 +3121,7 @@ int main(int argc, char *argv[]) - break; - case 'c': - strncpy(cavs_test.cipher, optarg, -- CIPHERMAXNAME); -+ CIPHERMAXNAME - 1); - break; - case 'p': - len = strlen(optarg); --- -2.7.4 - diff --git a/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb b/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb index e401b70a7d..addd169a8d 100644 --- a/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb +++ b/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb @@ -6,14 +6,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d0421cf231423bda10cea691b613e866" DEPENDS = "libtool" S = "${WORKDIR}/git" -# Use v1.1.1 with changes on top for building in OE -SRCREV = "342b50fc9225a991c224126c13c188ad9f1ef9f9" -PV = "1.1.1+git${SRCPV}" +# Use v1.1.3 with changes on top for building in OE +SRCREV = "1c736c43eb71fbb5640d00efaf34a1edf1972c49" +PV = "1.1.3+git${SRCPV}" SRC_URI = " \ git://github.com/smuellerDD/libkcapi.git \ - file://0001-Fix-possible-buffer-overflow-with-strncpy-and-Wstrin.patch \ - file://0002-apps-Disable-Wstringop-truncation-warning-on-false-p.patch \ - file://0003-test-Be-sure-to-terminate-strncpy-copied-string-Wstr.patch \ " inherit autotools -- cgit 1.2.3-korg