mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
From: Juergen Borleis <jbe@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH] ima-evm-utils: version bump to 1.1
Date: Fri, 22 Feb 2019 09:29:10 +0100	[thread overview]
Message-ID: <20190222082910.32274-1-jbe@pengutronix.de> (raw)

This version bump also adds support for openssl-1.1.x.

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 ...ove-file-at-it-s-autogenerated-by-autotoo.patch |   0
 ...2-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch |   0
 ...tl-find-add-missing-closedir-dir-on-error.patch |   6 +-
 ...-add-missing-error-handling-and-propagate.patch |   6 +-
 ...d-fallback-definitions-for-XATTR_NAME_IMA.patch |   2 +-
 ...maevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch |  20 ++--
 ...se-SHA_DIGEST_LENGTH-instead-of-open-codi.patch |   8 +-
 ...mctl-add-parameter-e-to-set-evm-hash-algo.patch |  50 +++++-----
 ...add-support-for-offline-image-preparation.patch | 110 ++++++++++-----------
 ...ot-account-.-and-.-for-directory-hash-gen.patch |   4 +-
 .../0011-HACK-don-t-generate-man-page.patch        |   0
 .../0012-Fix-warning-for-non-debug-use-case.patch  |  28 ++++++
 .../autogen.sh                                     |   0
 .../series                                         |   3 +-
 rules/ima-evm-utils.make                           |   6 +-
 15 files changed, 136 insertions(+), 107 deletions(-)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch (100%)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch (100%)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0003-evmctl-find-add-missing-closedir-dir-on-error.patch (79%)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0004-evmctl-find-add-missing-error-handling-and-propagate.patch (87%)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch (94%)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch (76%)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch (77%)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch (69%)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0009-evmctl-add-support-for-offline-image-preparation.patch (68%)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch (89%)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/0011-HACK-don-t-generate-man-page.patch (100%)
 create mode 100644 patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/autogen.sh (100%)
 rename patches/{ima-evm-utils-1.0 => ima-evm-utils-1.1}/series (86%)

diff --git a/patches/ima-evm-utils-1.0/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch b/patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
similarity index 100%
rename from patches/ima-evm-utils-1.0/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
rename to patches/ima-evm-utils-1.1/0001-INSTALL-remove-file-at-it-s-autogenerated-by-autotoo.patch
diff --git a/patches/ima-evm-utils-1.0/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch b/patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
similarity index 100%
rename from patches/ima-evm-utils-1.0/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
rename to patches/ima-evm-utils-1.1/0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch
diff --git a/patches/ima-evm-utils-1.0/0003-evmctl-find-add-missing-closedir-dir-on-error.patch b/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
similarity index 79%
rename from patches/ima-evm-utils-1.0/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
rename to patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
index 77e9f5fc6..4b1c84584 100644
--- a/patches/ima-evm-utils-1.0/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
+++ b/patches/ima-evm-utils-1.1/0003-evmctl-find-add-missing-closedir-dir-on-error.patch
@@ -10,10 +10,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
  1 file changed, 2 insertions(+)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index c20cbfe80ab6..19f5f3bc87b0 100644
+index 2ffee786865b..20eccfa93b2b 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -1092,6 +1092,7 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1229,6 +1229,7 @@ static int find(const char *path, int dts, find_cb_t func)
  
  	if (fchdir(dirfd(dir))) {
  		log_err("Failed to chdir %s\n", path);
@@ -21,7 +21,7 @@ index c20cbfe80ab6..19f5f3bc87b0 100644
  		return -1;
  	}
  
-@@ -1107,6 +1108,7 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1244,6 +1245,7 @@ static int find(const char *path, int dts, find_cb_t func)
  
  	if (chdir("..")) {
  		log_err("Failed to chdir: %s\n", path);
diff --git a/patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch b/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
similarity index 87%
rename from patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
rename to patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
index 8a562b3e0..68660d95e 100644
--- a/patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
+++ b/patches/ima-evm-utils-1.1/0004-evmctl-find-add-missing-error-handling-and-propagate.patch
@@ -12,10 +12,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
  1 file changed, 16 insertions(+), 4 deletions(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 19f5f3bc87b0..a5355f6c0ee1 100644
+index 20eccfa93b2b..55fc619f5990 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -1097,13 +1097,20 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1234,13 +1234,20 @@ static int find(const char *path, int dts, find_cb_t func)
  	}
  
  	while ((de = readdir(dir))) {
@@ -38,7 +38,7 @@ index 19f5f3bc87b0..a5355f6c0ee1 100644
  	}
  
  	if (chdir("..")) {
-@@ -1112,8 +1119,13 @@ static int find(const char *path, int dts, find_cb_t func)
+@@ -1249,8 +1256,13 @@ static int find(const char *path, int dts, find_cb_t func)
  		return -1;
  	}
  
diff --git a/patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch b/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
similarity index 94%
rename from patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
rename to patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
index 7d229d3e2..69aadb377 100644
--- a/patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
+++ b/patches/ima-evm-utils-1.1/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch
@@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
  1 file changed, 5 insertions(+)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index a5355f6c0ee1..f120bf96b69d 100644
+index 55fc619f5990..de53be37b69b 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
 @@ -62,6 +62,11 @@
diff --git a/patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
similarity index 76%
rename from patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
rename to patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
index a5de62dcc..a3cd597f8 100644
--- a/patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
+++ b/patches/ima-evm-utils-1.1/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch
@@ -10,10 +10,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
  2 files changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index f120bf96b69d..559e4cbf9176 100644
+index de53be37b69b..b0f3b6362528 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -446,7 +446,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -495,7 +495,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  
  static int sign_evm(const char *file, const char *key)
  {
@@ -22,7 +22,7 @@ index f120bf96b69d..559e4cbf9176 100644
  	unsigned char sig[1024];
  	int len, err;
  
-@@ -481,7 +481,7 @@ static int sign_evm(const char *file, const char *key)
+@@ -533,7 +533,7 @@ static int sign_evm(const char *file, const char *key)
  
  static int hash_ima(const char *file)
  {
@@ -31,7 +31,7 @@ index f120bf96b69d..559e4cbf9176 100644
  	int len, err, offset;
  	int algo = get_hash_algo(params.hash_algo);
  
-@@ -519,7 +519,7 @@ static int hash_ima(const char *file)
+@@ -571,7 +571,7 @@ static int hash_ima(const char *file)
  
  static int sign_ima(const char *file, const char *key)
  {
@@ -40,7 +40,7 @@ index f120bf96b69d..559e4cbf9176 100644
  	unsigned char sig[1024];
  	int len, err;
  
-@@ -699,7 +699,7 @@ static int cmd_sign_evm(struct command *cmd)
+@@ -751,7 +751,7 @@ static int cmd_sign_evm(struct command *cmd)
  
  static int verify_evm(const char *file)
  {
@@ -49,7 +49,7 @@ index f120bf96b69d..559e4cbf9176 100644
  	unsigned char sig[1024];
  	int len;
  
-@@ -982,7 +982,7 @@ out:
+@@ -1119,7 +1119,7 @@ out:
  
  static int hmac_evm(const char *file, const char *key)
  {
@@ -59,12 +59,12 @@ index f120bf96b69d..559e4cbf9176 100644
  	int len, err;
  
 diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 575f0535fe07..32638e79ffdc 100644
+index 6fa0ed4a1c74..8fc23be08bd7 100644
 --- a/src/libimaevm.c
 +++ b/src/libimaevm.c
-@@ -517,7 +517,7 @@ int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int sig
- 
- int ima_verify_signature(const char *file, unsigned char *sig, int siglen)
+@@ -590,7 +590,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
+ int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
+ 			 unsigned char *digest, int digestlen)
  {
 -	unsigned char hash[64];
 +	unsigned char hash[EVP_MAX_MD_SIZE];
diff --git a/patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch b/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
similarity index 77%
rename from patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
rename to patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
index 290d8adc7..2164c6238 100644
--- a/patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
+++ b/patches/ima-evm-utils-1.1/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch
@@ -8,10 +8,10 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 32638e79ffdc..1c5da965468c 100644
+index 8fc23be08bd7..b6c328801708 100644
 --- a/src/libimaevm.c
 +++ b/src/libimaevm.c
-@@ -370,7 +370,7 @@ int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int
+@@ -379,7 +379,7 @@ int verify_hash_v1(const char *file, const unsigned char *hash, int size,
  	SHA_CTX ctx;
  	unsigned char out[1024];
  	RSA *key;
@@ -19,8 +19,8 @@ index 32638e79ffdc..1c5da965468c 100644
 +	unsigned char sighash[SHA_DIGEST_LENGTH];
  	struct signature_hdr *hdr = (struct signature_hdr *)sig;
  
- 	log_info("hash: ");
-@@ -652,7 +652,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
+ 	log_info("hash-v1: ");
+@@ -744,7 +744,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons
  	unsigned char pub[1024];
  	RSA *key;
  	char name[20];
diff --git a/patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
similarity index 69%
rename from patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
rename to patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
index 8165ed86d..488dfa822 100644
--- a/patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
+++ b/patches/ima-evm-utils-1.1/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch
@@ -14,33 +14,33 @@ Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
  3 files changed, 25 insertions(+), 4 deletions(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index 559e4cbf9176..d7352d87ef71 100644
+index b0f3b6362528..5d664005e915 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -319,6 +319,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- 	char uuid[16];
- 	struct h_misc_64 hmac_misc;
- 	int hmac_size;
+@@ -336,6 +336,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+ #else
+ 	pctx = EVP_MD_CTX_new();
+ #endif
 +	const EVP_MD *md;
  
  	if (lstat(file, &st)) {
  		log_err("Failed to stat: %s\n", file);
-@@ -350,7 +351,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -379,7 +380,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  		return -1;
  	}
  
--	err = EVP_DigestInit(&ctx, EVP_sha1());
+-	err = EVP_DigestInit(pctx, EVP_sha1());
 +	md = EVP_get_digestbyname(params.evm_hash_algo);
 +	if (!md) {
 +		log_err("EVP_get_digestbyname() failed\n");
 +		return 1;
 +	}
 +
-+	err = EVP_DigestInit(&ctx, md);
++	err = EVP_DigestInit(pctx, md);
  	if (!err) {
  		log_err("EVP_DigestInit() failed\n");
  		return 1;
-@@ -454,7 +461,7 @@ static int sign_evm(const char *file, const char *key)
+@@ -503,7 +510,7 @@ static int sign_evm(const char *file, const char *key)
  	if (len <= 1)
  		return len;
  
@@ -49,30 +49,30 @@ index 559e4cbf9176..d7352d87ef71 100644
  	if (len <= 1)
  		return len;
  
-@@ -860,6 +867,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
- 	ssize_t list_size;
- 	struct h_misc_64 hmac_misc;
- 	int hmac_size;
+@@ -992,6 +999,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+ #else
+ 	pctx = HMAC_CTX_new();
+ #endif
 +	const EVP_MD *md;
  
  	key = file2bin(keyfile, NULL, &keylen);
  	if (!key) {
-@@ -905,7 +913,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1038,7 +1046,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
  		goto out;
  	}
  
--	err = !HMAC_Init(&ctx, evmkey, sizeof(evmkey), EVP_sha1());
+-	err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), EVP_sha1(), NULL);
 +	md = EVP_get_digestbyname(params.evm_hash_algo);
 +	if (!md) {
 +		log_err("EVP_get_digestbyname() failed\n");
 +		return 1;
 +	}
 +
-+	err = !HMAC_Init(&ctx, evmkey, sizeof(evmkey), md);
++	err = !HMAC_Init_ex(pctx, evmkey, sizeof(evmkey), md, NULL);
  	if (err) {
  		log_err("HMAC_Init() failed\n");
  		goto out;
-@@ -1464,6 +1478,7 @@ static void usage(void)
+@@ -1635,6 +1649,7 @@ static void usage(void)
  	printf(
  		"\n"
  		"  -a, --hashalgo     sha1 (default), sha224, sha256, sha384, sha512\n"
@@ -80,7 +80,7 @@ index 559e4cbf9176..d7352d87ef71 100644
  		"  -s, --imasig       make IMA signature\n"
  		"  -d, --imahash      make IMA hash\n"
  		"  -f, --sigfile      store IMA signature in .sig file instead of xattr\n"
-@@ -1508,6 +1523,7 @@ static struct option opts[] = {
+@@ -1691,6 +1706,7 @@ static struct option opts[] = {
  	{"imasig", 0, 0, 's'},
  	{"imahash", 0, 0, 'd'},
  	{"hashalgo", 1, 0, 'a'},
@@ -88,16 +88,16 @@ index 559e4cbf9176..d7352d87ef71 100644
  	{"pass", 2, 0, 'p'},
  	{"sigfile", 0, 0, 'f'},
  	{"uuid", 2, 0, 'u'},
-@@ -1565,7 +1581,7 @@ int main(int argc, char *argv[])
+@@ -1758,7 +1774,7 @@ int main(int argc, char *argv[])
  	g_argc = argc;
  
  	while (1) {
--		c = getopt_long(argc, argv, "hvnsda:p::fu::k:t:ri", opts, &lind);
-+		c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:ri", opts, &lind);
+-		c = getopt_long(argc, argv, "hvnsda:op::fu::k:t:ri", opts, &lind);
++		c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
  		if (c == -1)
  			break;
  
-@@ -1591,6 +1607,9 @@ int main(int argc, char *argv[])
+@@ -1784,6 +1800,9 @@ int main(int argc, char *argv[])
  		case 'a':
  			params.hash_algo = optarg;
  			break;
@@ -108,10 +108,10 @@ index 559e4cbf9176..d7352d87ef71 100644
  			if (optarg)
  				params.keypass = optarg;
 diff --git a/src/imaevm.h b/src/imaevm.h
-index 711596c3f3fa..ef7858b8faa0 100644
+index 1bafaad0f4ab..ed92e4d8981d 100644
 --- a/src/imaevm.h
 +++ b/src/imaevm.h
-@@ -178,6 +178,7 @@ struct libevm_params {
+@@ -179,6 +179,7 @@ struct libevm_params {
  	int verbose;
  	int x509;
  	const char *hash_algo;
@@ -120,7 +120,7 @@ index 711596c3f3fa..ef7858b8faa0 100644
  	const char *keypass;
  };
 diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 1c5da965468c..595908395514 100644
+index b6c328801708..4c093a038b72 100644
 --- a/src/libimaevm.c
 +++ b/src/libimaevm.c
 @@ -129,6 +129,7 @@ struct libevm_params params = {
diff --git a/patches/ima-evm-utils-1.0/0009-evmctl-add-support-for-offline-image-preparation.patch b/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
similarity index 68%
rename from patches/ima-evm-utils-1.0/0009-evmctl-add-support-for-offline-image-preparation.patch
rename to patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
index 3467e1ec2..696528f75 100644
--- a/patches/ima-evm-utils-1.0/0009-evmctl-add-support-for-offline-image-preparation.patch
+++ b/patches/ima-evm-utils-1.1/0009-evmctl-add-support-for-offline-image-preparation.patch
@@ -2,23 +2,23 @@ From: Sascha Hauer <s.hauer@pengutronix.de>
 Date: Mon, 1 Dec 2014 15:23:21 +0100
 Subject: [PATCH] evmctl: add support for offline image preparation
 
-With this patch it's possible to sign a directory hierarchy, so that a
-filesystem image (e.g. an ubifs) can be generated.
+With this change it's possible to sign a directory hierarchy, so that a
+filesystem image (e.g. a 'ubifs') can be generated.
 
-Creating the ima and evm signatues for an images with evmctl has to problems:
+Creating the ima and evm signatues for an image with 'evmctl' has two problems:
 1) The inode-numbers of the files are different in the to be created image and
    in the current filesystem.
 2) The inode generation can be different, too.
 
 These problems are solved in a 4-step process:
 
-1) evmctl generates signatures and writes them to the extended attributed
+1) 'evmctl' generates signatures and writes them to the extended attribute
    (the usual process so far).
-2) The image, for example an ubifs image, is generted. mkfs.ubifs generates
+2) The image, for example a 'ubifs' image, is generated. 'mkfs.ubifs' generates
    the image (including extended attributes) and stores the used inode number
-   in an extended attribute "user.image-inode-number".
-3) evmct is started again to generate the signatures, this time with the
-   additional paramter "--image". Instead of using an ioctl to get the inode
+   into an extended attribute "user.image-inode-number".
+3) 'evmct' is re-started to generate the signatures, this time with the
+   additional paramter "--image". Instead of using an 'ioctl' to get the inode
    number and generation, the inode is read from the extended attribute
    "user.image-inode-number", the generation is set to "0".
 4) The image (omitting the exteneded attribute "user.image-inode-number") is
@@ -37,18 +37,18 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
  3 files changed, 74 insertions(+), 9 deletions(-)
 
 diff --git a/src/evmctl.c b/src/evmctl.c
-index d7352d87ef71..ec1fed395656 100644
+index 5d664005e915..9003f7640c0f 100644
 --- a/src/evmctl.c
 +++ b/src/evmctl.c
-@@ -320,6 +320,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- 	struct h_misc_64 hmac_misc;
- 	int hmac_size;
+@@ -337,6 +337,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+ 	pctx = EVP_MD_CTX_new();
+ #endif
  	const EVP_MD *md;
 +	ino_t ino;
  
  	if (lstat(file, &st)) {
  		log_err("Failed to stat: %s\n", file);
-@@ -342,9 +343,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+@@ -371,9 +372,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  			}
  			close(fd);
  		}
@@ -75,42 +75,42 @@ index d7352d87ef71..ec1fed395656 100644
  	list_size = llistxattr(file, list, sizeof(list));
  	if (list_size < 0) {
  		log_err("llistxattr() failed\n");
-@@ -396,7 +413,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- 		struct h_misc *hmac = (struct h_misc *)&hmac_misc;
+@@ -439,7 +456,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  
  		hmac_size = sizeof(*hmac);
--		hmac->ino = st.st_ino;
-+		hmac->ino = ino;
- 		hmac->generation = generation;
+ 		if (!evm_portable) {
+-			hmac->ino = st.st_ino;
++			hmac->ino = ino;
+ 			hmac->generation = generation;
+ 		}
  		hmac->uid = st.st_uid;
- 		hmac->gid = st.st_gid;
-@@ -405,7 +422,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- 		struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc;
+@@ -450,7 +467,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  
  		hmac_size = sizeof(*hmac);
--		hmac->ino = st.st_ino;
-+		hmac->ino = ino;
- 		hmac->generation = generation;
+ 		if (!evm_portable) {
+-			hmac->ino = st.st_ino;
++			hmac->ino = ino;
+ 			hmac->generation = generation;
+ 		}
  		hmac->uid = st.st_uid;
- 		hmac->gid = st.st_gid;
-@@ -414,7 +431,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
- 		struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc;
+@@ -461,7 +478,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
  
  		hmac_size = sizeof(*hmac);
--		hmac->ino = st.st_ino;
-+		hmac->ino = ino;
- 		hmac->generation = generation;
+ 		if (!evm_portable) {
+-			hmac->ino = st.st_ino;
++			hmac->ino = ino;
+ 			hmac->generation = generation;
+ 		}
  		hmac->uid = st.st_uid;
- 		hmac->gid = st.st_gid;
-@@ -868,6 +885,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
- 	struct h_misc_64 hmac_misc;
- 	int hmac_size;
+@@ -1000,6 +1017,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+ 	pctx = HMAC_CTX_new();
+ #endif
  	const EVP_MD *md;
 +	ino_t ino;
  
  	key = file2bin(keyfile, NULL, &keylen);
  	if (!key) {
-@@ -905,10 +923,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1038,10 +1056,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
  		close(fd);
  	}
  
@@ -137,7 +137,7 @@ index d7352d87ef71..ec1fed395656 100644
  		log_err("llistxattr() failed: %s\n", file);
  		goto out;
  	}
-@@ -951,7 +985,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1084,7 +1118,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
  		struct h_misc *hmac = (struct h_misc *)&hmac_misc;
  
  		hmac_size = sizeof(*hmac);
@@ -146,7 +146,7 @@ index d7352d87ef71..ec1fed395656 100644
  		hmac->generation = generation;
  		hmac->uid = st.st_uid;
  		hmac->gid = st.st_gid;
-@@ -960,7 +994,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1093,7 +1127,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
  		struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc;
  
  		hmac_size = sizeof(*hmac);
@@ -155,7 +155,7 @@ index d7352d87ef71..ec1fed395656 100644
  		hmac->generation = generation;
  		hmac->uid = st.st_uid;
  		hmac->gid = st.st_gid;
-@@ -969,7 +1003,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+@@ -1102,7 +1136,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
  		struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc;
  
  		hmac_size = sizeof(*hmac);
@@ -164,48 +164,48 @@ index d7352d87ef71..ec1fed395656 100644
  		hmac->generation = generation;
  		hmac->uid = st.st_uid;
  		hmac->gid = st.st_gid;
-@@ -1494,6 +1528,9 @@ static void usage(void)
+@@ -1666,6 +1700,9 @@ static void usage(void)
  		"      --smack        use extra SMACK xattrs for EVM\n"
  		"      --m32          force EVM hmac/signature for 32 bit target system\n"
  		"      --m64          force EVM hmac/signature for 64 bit target system\n"
 +		"  -m, --image        image generation mode:\n"
 +		"                     Read inode number from xattr 'user.image-inode-number',\n"
 +		"                     and force inode generation to 0.\n"
- 		"  -v                 increase verbosity level\n"
- 		"  -h, --help         display this help and exit\n"
- 		"\n");
-@@ -1533,6 +1570,7 @@ static struct option opts[] = {
+ 		"      --ino          use custom inode for EVM\n"
+ 		"      --uid          use custom UID for EVM\n"
+ 		"      --gid          use custom GID for EVM\n"
+@@ -1716,6 +1753,7 @@ static struct option opts[] = {
  	{"recursive", 0, 0, 'r'},
  	{"m32", 0, 0, '3'},
  	{"m64", 0, 0, '6'},
 +	{"image", 0, 0, 'm'},
- 	{"smack", 0, 0, 256},
- 	{"version", 0, 0, 257},
- 	{}
-@@ -1581,7 +1619,7 @@ int main(int argc, char *argv[])
+ 	{"portable", 0, 0, 'o'},
+ 	{"smack", 0, 0, 128},
+ 	{"version", 0, 0, 129},
+@@ -1774,7 +1812,7 @@ int main(int argc, char *argv[])
  	g_argc = argc;
  
  	while (1) {
--		c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:ri", opts, &lind);
-+		c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:rim", opts, &lind);
+-		c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:ri", opts, &lind);
++		c = getopt_long(argc, argv, "hvnsda:e:op::fu::k:t:rim", opts, &lind);
  		if (c == -1)
  			break;
  
-@@ -1648,6 +1686,9 @@ int main(int argc, char *argv[])
+@@ -1847,6 +1885,9 @@ int main(int argc, char *argv[])
  		case '6':
  			msize = 64;
  			break;
 +		case 'm':
 +			params.image_mode = true;
 +			break;
- 		case 256:
+ 		case 128:
  			evm_config_xattrnames = evm_extra_smack_xattrs;
  			break;
 diff --git a/src/imaevm.h b/src/imaevm.h
-index ef7858b8faa0..79f70974015a 100644
+index ed92e4d8981d..7e32d09c6538 100644
 --- a/src/imaevm.h
 +++ b/src/imaevm.h
-@@ -181,6 +181,7 @@ struct libevm_params {
+@@ -182,6 +182,7 @@ struct libevm_params {
  	const char *evm_hash_algo;
  	const char *keyfile;
  	const char *keypass;
@@ -214,7 +214,7 @@ index ef7858b8faa0..79f70974015a 100644
  
  struct RSA_ASN1_template {
 diff --git a/src/libimaevm.c b/src/libimaevm.c
-index 595908395514..ea8e4f41488c 100644
+index 4c093a038b72..866f74b39b41 100644
 --- a/src/libimaevm.c
 +++ b/src/libimaevm.c
 @@ -40,6 +40,7 @@
@@ -233,7 +233,7 @@ index 595908395514..ea8e4f41488c 100644
  
  #include <openssl/pem.h>
  #include <openssl/evp.h>
-@@ -223,7 +225,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
+@@ -224,7 +226,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
  	}
  
  	while ((de = readdir(dir))) {
diff --git a/patches/ima-evm-utils-1.0/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch b/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
similarity index 89%
rename from patches/ima-evm-utils-1.0/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
rename to patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
index e90c5dcf2..12b77a132 100644
--- a/patches/ima-evm-utils-1.0/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
+++ b/patches/ima-evm-utils-1.1/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
@@ -15,10 +15,10 @@ Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
  1 file changed, 3 insertions(+)
 
 diff --git a/src/libimaevm.c b/src/libimaevm.c
-index ea8e4f41488c..29d50c99c733 100644
+index 866f74b39b41..834b738426bf 100644
 --- a/src/libimaevm.c
 +++ b/src/libimaevm.c
-@@ -225,6 +225,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
+@@ -226,6 +226,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx)
  	}
  
  	while ((de = readdir(dir))) {
diff --git a/patches/ima-evm-utils-1.0/0011-HACK-don-t-generate-man-page.patch b/patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
similarity index 100%
rename from patches/ima-evm-utils-1.0/0011-HACK-don-t-generate-man-page.patch
rename to patches/ima-evm-utils-1.1/0011-HACK-don-t-generate-man-page.patch
diff --git a/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch b/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
new file mode 100644
index 000000000..80073f19a
--- /dev/null
+++ b/patches/ima-evm-utils-1.1/0012-Fix-warning-for-non-debug-use-case.patch
@@ -0,0 +1,28 @@
+From: Juergen Borleis <jbe@pengutronix.de>
+Date: Wed, 18 Nov 2015 15:15:15 +0100
+Subject: [PATCH] Fix warning for non-debug use case
+
+This change fixes:
+
+ evmctl.c:1194:12: warning: 'cmd_hmac_evm' defined but not used [-Wunused-function]
+
+Note: this change is GCC specific
+
+Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
+---
+ src/evmctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/evmctl.c b/src/evmctl.c
+index 9003f7640c0f..4422c0e84d4a 100644
+--- a/src/evmctl.c
++++ b/src/evmctl.c
+@@ -1191,7 +1191,7 @@ static int hmac_evm(const char *file, const char *key)
+ 	return 0;
+ }
+ 
+-static int cmd_hmac_evm(struct command *cmd)
++static __attribute__((unused)) int cmd_hmac_evm(struct command *cmd)
+ {
+ 	const char *key, *file = g_argv[optind++];
+ 	int err;
diff --git a/patches/ima-evm-utils-1.0/autogen.sh b/patches/ima-evm-utils-1.1/autogen.sh
similarity index 100%
rename from patches/ima-evm-utils-1.0/autogen.sh
rename to patches/ima-evm-utils-1.1/autogen.sh
diff --git a/patches/ima-evm-utils-1.0/series b/patches/ima-evm-utils-1.1/series
similarity index 86%
rename from patches/ima-evm-utils-1.0/series
rename to patches/ima-evm-utils-1.1/series
index fcd6547a8..784fc0147 100644
--- a/patches/ima-evm-utils-1.0/series
+++ b/patches/ima-evm-utils-1.1/series
@@ -11,4 +11,5 @@
 0009-evmctl-add-support-for-offline-image-preparation.patch
 0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch
 0011-HACK-don-t-generate-man-page.patch
-# fd0c40bbcc8fc866030c326fe29b69aa  - git-ptx-patches magic
+0012-Fix-warning-for-non-debug-use-case.patch
+# 25e6f60853e6b27e45f386bbca0730ab  - git-ptx-patches magic
diff --git a/rules/ima-evm-utils.make b/rules/ima-evm-utils.make
index ed829a8c5..80964fc43 100644
--- a/rules/ima-evm-utils.make
+++ b/rules/ima-evm-utils.make
@@ -17,11 +17,11 @@ PACKAGES-$(PTXCONF_IMA_EVM_UTILS) += ima-evm-utils
 #
 # Paths and names
 #
-IMA_EVM_UTILS_VERSION	:= 1.0
-IMA_EVM_UTILS_MD5	:= d0e4a4fb92b8fc7c22dfd092c50568ae
+IMA_EVM_UTILS_VERSION	:= 1.1
+IMA_EVM_UTILS_MD5	:= 77455aeee54fdc7a70c733bcb65d33cc
 IMA_EVM_UTILS		:= ima-evm-utils-$(IMA_EVM_UTILS_VERSION)
 IMA_EVM_UTILS_SUFFIX	:= tar.gz
-IMA_EVM_UTILS_URL	:= $(call ptx/mirror, SF, linux-ima/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
+IMA_EVM_UTILS_URL	:= $(call ptx/mirror, SF, linux-ima/ima-evm-utils/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX))
 IMA_EVM_UTILS_SOURCE	:= $(SRCDIR)/$(IMA_EVM_UTILS).$(IMA_EVM_UTILS_SUFFIX)
 IMA_EVM_UTILS_DIR	:= $(BUILDDIR)/$(IMA_EVM_UTILS)
 IMA_EVM_UTILS_LICENSE	:= LGPL-2.0-or-later
-- 
2.11.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

                 reply	other threads:[~2019-02-22  8:29 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190222082910.32274-1-jbe@pengutronix.de \
    --to=jbe@pengutronix.de \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox