Menu
▾
▴
[Tboot-changelog] changeset in code: tools: replace banned mem/str fns with corres...
|
From: Gang W. <gan...@in...> - 2018-11-30 07:12:26
|
changeset 48fdbc3d9fcd in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=48fdbc3d9fcd description: tools: replace banned mem/str fns with corresponding ones in safestringlib Some slightly cleanup was included also. Signed-off-by: Gang Wei <gan...@in...> diffstat: Config.mk | 2 ++ Makefile | 2 +- lcptools-v2/Makefile | 23 +++++++++-------------- lcptools-v2/crtpol.c | 13 ++++++++----- lcptools-v2/crtpolelt.c | 3 ++- lcptools-v2/crtpollist.c | 15 ++++++++------- lcptools-v2/custom_elt.c | 5 +++-- lcptools-v2/hash.c | 19 +++++++++++-------- lcptools-v2/lcputils.c | 14 +++++++------- lcptools-v2/mle_elt.c | 5 +++-- lcptools-v2/mlehash.c | 20 +++++++++++--------- lcptools-v2/pol.c | 4 +++- lcptools-v2/poldata.c | 20 +++++++++++--------- lcptools-v2/polelt.c | 6 ++++-- lcptools-v2/pollist1.c | 15 +++++++++------ lcptools-v2/pollist2.c | 28 ++++++++++++++++------------ lcptools-v2/sbios_elt.c | 7 ++++--- lcptools-v2/stm_elt.c | 5 +++-- lcptools/Makefile | 4 ++-- lcptools/defindex.c | 6 +++--- lcptools/getcap.c | 4 ++-- lcptools/lcptools.c | 6 +++--- lcptools/lcputils.c | 29 +++++++++++++++-------------- lcptools/lock.c | 7 +------ lcptools/readpol.c | 4 ++-- lcptools/relindex.c | 4 ++-- lcptools/writepol.c | 4 ++-- tb_polgen/Makefile | 2 +- tb_polgen/commands.c | 5 +++-- tb_polgen/hash.c | 11 +++++++---- tb_polgen/param.c | 36 ++++++++++++++++-------------------- tb_polgen/policy.c | 3 ++- utils/Makefile | 1 + utils/txt-stat.c | 10 ++++------ 34 files changed, 181 insertions(+), 161 deletions(-) diffs (truncated from 1365 to 300 lines): diff -r 466b8e5ec3b7 -r 48fdbc3d9fcd Config.mk --- a/Config.mk Fri Nov 30 12:04:22 2018 +0800 +++ b/Config.mk Fri Nov 30 12:04:56 2018 +0800 @@ -90,6 +90,8 @@ CFLAGS += -m32 -march=i686 endif +CFLAGS += -I$(ROOTDIR)/safestringlib/include + # common dummy rule to force execution .PHONY: FORCE FORCE : diff -r 466b8e5ec3b7 -r 48fdbc3d9fcd Makefile --- a/Makefile Fri Nov 30 12:04:22 2018 +0800 +++ b/Makefile Fri Nov 30 12:04:56 2018 +0800 @@ -14,7 +14,7 @@ include Config.mk # (txt-test is not included because it requires pathing to Linux src) -SUBDIRS := tboot lcptools lcptools-v2 tb_polgen utils docs +SUBDIRS := tboot safestringlib lcptools lcptools-v2 tb_polgen utils docs # # build rules diff -r 466b8e5ec3b7 -r 48fdbc3d9fcd lcptools-v2/Makefile --- a/lcptools-v2/Makefile Fri Nov 30 12:04:22 2018 +0800 +++ b/lcptools-v2/Makefile Fri Nov 30 12:04:56 2018 +0800 @@ -25,7 +25,7 @@ # universal rules # -build : $(TPMNV_TARGETS) $(LCP2_TARGETS) +build : $(LCP2_TARGETS) dist : install @@ -46,7 +46,7 @@ clean : - rm -f *~ *.a *.so *.o *.rpm $(DEP_FILES) $(LCP2_TARGETS) trousers_dep + rm -f *~ *.a *.so *.o *.rpm $(DEP_FILES) $(LCP2_TARGETS) mrproper : clean @@ -54,13 +54,6 @@ distclean : clean # -# trousers -# - -trousers_dep: - @printf "#include <trousers/tss.h>\n" | $(CC) -x c $(CFLAGS) $(LDFLAGS) $(LIBS) - -Wl,--defsym=main=0 -o $@ >/dev/null 2>&1 || (echo trousers-devel package is not installed && false) - -# # dependencies # @@ -73,20 +66,22 @@ LCP2_LIB := liblcp.a +LIBS += -lcrypto -llcp -lz $(ROOTDIR)/safestringlib/libsafestring.a + $(LCP2_LIB) : pol.o poldata.o pollist2.o polelt.o lcputils.o hash.o pollist1.o $(AR) rc $@ $^ lcp2_crtpolelt : crtpolelt.o $(POLELT_PLUGINS) $(LCP2_LIB) - $(CC) $(CFLAGS) $(LDFLAGS) $^ -lcrypto -llcp -o $@ + $(CC) $(CFLAGS) $(LDFLAGS) $^ $(LIBS) -o $@ lcp2_crtpollist : crtpollist.o $(POLELT_PLUGINS) $(LCP2_LIB) - $(CC) $(CFLAGS) $(LDFLAGS) $^ -lcrypto -llcp -o $@ + $(CC) $(CFLAGS) $(LDFLAGS) $^ $(LIBS) -o $@ lcp2_crtpol : crtpol.o $(POLELT_PLUGINS) $(LCP2_LIB) - $(CC) $(CFLAGS) $(LDFLAGS) $^ -lcrypto -llcp -o $@ + $(CC) $(CFLAGS) $(LDFLAGS) $^ $(LIBS) -o $@ lcp2_mlehash : mlehash.o $(LCP2_LIB) - $(CC) $(CFLAGS) $(LDFLAGS) $^ -lcrypto -lz -o $@ + $(CC) $(CFLAGS) $(LDFLAGS) $^ $(LIBS) -o $@ # @@ -97,5 +92,5 @@ BUILD_DEPS := $(ROOTDIR)/Config.mk $(CURDIR)/Makefile -%.o : %.c $(HDRS) $(BUILD_DEPS) trousers_dep +%.o : %.c $(HDRS) $(BUILD_DEPS) $(CC) $(CFLAGS) -DNO_TBOOT_LOGLVL -c $< -o $@ diff -r 466b8e5ec3b7 -r 48fdbc3d9fcd lcptools-v2/crtpol.c --- a/lcptools-v2/crtpol.c Fri Nov 30 12:04:22 2018 +0800 +++ b/lcptools-v2/crtpol.c Fri Nov 30 12:04:56 2018 +0800 @@ -47,6 +47,7 @@ #include <openssl/pem.h> #include <openssl/err.h> #include <openssl/bn.h> +#include <safe_lib.h> #define PRINT printf #include "../include/config.h" #include "../include/hash.h" @@ -145,7 +146,7 @@ ERROR("Error: failed to allocate policy\n"); return 1; } - memset(pol, 0, sizeof(*pol)); + memset_s(pol, sizeof(*pol), 0); pol->version = pol_ver; pol->hash_alg = lcp_hash_alg; pol->sinit_min_version = sinit_min_ver; @@ -180,7 +181,7 @@ free(pol); return 1; } - memset(poldata, 0, sizeof(*poldata)); + memset_s(poldata, sizeof(*poldata), 0); strlcpy(poldata->file_signature, LCP_POLICY_DATA_FILE_SIGNATURE, sizeof(poldata->file_signature)); poldata->num_lists = 0; @@ -195,7 +196,7 @@ return 1; } uint16_t version; - memcpy((void*)&version, (const void *)pollist, sizeof(uint16_t)); + memcpy_s((void*)&version, sizeof(uint16_t), (const void *)pollist, sizeof(uint16_t)); if ( version == LCP_TPM12_POLICY_LIST_VERSION ) poldata = add_tpm12_policy_list(poldata, (lcp_policy_list_t *)pollist); @@ -286,9 +287,11 @@ if ( pol && pol->policy_type == LCP_POLTYPE_LIST ) { lcp_hash_t2 hash; + int diff; calc_policy_data_hash(poldata, &hash, pol->hash_alg); - if ( memcmp(&hash, &pol->policy_hash, - get_lcp_hash_size(pol->hash_alg)) == 0 ) + if ( 0 == memcmp_s(&hash, sizeof(hash), &pol->policy_hash, + get_lcp_hash_size(pol->hash_alg), &diff) + && diff == 0 ) DISPLAY("\npolicy data hash matches policy hash\n"); else { ERROR("\nError: policy data hash does not match policy hash\n"); diff -r 466b8e5ec3b7 -r 48fdbc3d9fcd lcptools-v2/crtpolelt.c --- a/lcptools-v2/crtpolelt.c Fri Nov 30 12:04:22 2018 +0800 +++ b/lcptools-v2/crtpolelt.c Fri Nov 30 12:04:56 2018 +0800 @@ -42,6 +42,7 @@ #include <getopt.h> #include <string.h> #include <errno.h> +#include <safe_lib.h> #define PRINT printf #include "../include/config.h" #include "../include/hash.h" @@ -115,7 +116,7 @@ ERROR("Error: too many plugin options\n"); /* copy help text */ - strncat(help, plugin->help_txt, MAX_HELP_TEXT - strlen(help) - 1); + strcat_s(help, sizeof(help), plugin->help_txt); } } diff -r 466b8e5ec3b7 -r 48fdbc3d9fcd lcptools-v2/crtpollist.c --- a/lcptools-v2/crtpollist.c Fri Nov 30 12:04:22 2018 +0800 +++ b/lcptools-v2/crtpollist.c Fri Nov 30 12:04:56 2018 +0800 @@ -49,6 +49,7 @@ #include <openssl/bn.h> #include <openssl/ecdsa.h> #include <openssl/ec.h> +#include <safe_lib.h> #define PRINT printf #include "../include/config.h" #include "../include/hash.h" @@ -161,7 +162,7 @@ return NULL; } const BIGNUM *modulus = NULL; - memset(sig, 0, sizeof(lcp_rsa_signature_t) + 2*keysize); + memset_s(sig, sizeof(lcp_rsa_signature_t) + 2*keysize, 0); sig->rsa_signature.pubkey_size = keysize; /* OpenSSL Version 1.1.0 and later don't allow direct access to RSA @@ -206,7 +207,7 @@ return NULL; } - memset(sig, 0, sizeof(lcp_ecc_signature_t) + 2*keysize); + memset_s(sig, sizeof(lcp_ecc_signature_t) + 2*keysize, 0); sig->ecc_signature.pubkey_size = keysize; unsigned int BN_X_size = BN_num_bytes(x); unsigned int BN_Y_size = BN_num_bytes(y); @@ -468,7 +469,7 @@ return 1; uint16_t version ; - memcpy((void*)&version,(const void *)pollist,sizeof(uint16_t)); + memcpy_s((void*)&version, sizeof(uint16_t), (const void *)pollist, sizeof(uint16_t)); if ( version != LCP_TPM20_POLICY_LIST_VERSION ) { free(pollist); return 1; @@ -510,7 +511,7 @@ free(pollist); return 1; } - memset(sigblock, 0, sig->rsa_signature.pubkey_size); + memset_s(sigblock, sig->rsa_signature.pubkey_size, 0); } else { if ( !rsa_sign_list_data(&(pollist->tpm20_policy_list), privkey_file) ) { @@ -567,7 +568,7 @@ free(pollist); return 1; } - memset(sigblock, 0, sig->ecc_signature.pubkey_size); + memset_s(sigblock, sig->ecc_signature.pubkey_size, 0); } else { if ( !ecdsa_sign_tpm20_list_data(&(pollist->tpm20_policy_list), eckey) ) { @@ -604,7 +605,7 @@ return 1; uint16_t version ; - memcpy((void*)&version,(const void *)pollist,sizeof(uint16_t)); + memcpy_s((void*)&version, sizeof(uint16_t), (const void *)pollist, sizeof(uint16_t)); if (version != LCP_TPM20_POLICY_LIST_VERSION ) return 1; @@ -681,7 +682,7 @@ return 1; uint16_t version ; - memcpy((void*)&version,(const void *)pollist,sizeof(uint16_t)); + memcpy_s((void*)&version, sizeof(uint16_t), (const void *)pollist, sizeof(uint16_t)); if (version != LCP_TPM20_POLICY_LIST_VERSION ) { free(pollist); return 1; diff -r 466b8e5ec3b7 -r 48fdbc3d9fcd lcptools-v2/custom_elt.c --- a/lcptools-v2/custom_elt.c Fri Nov 30 12:04:22 2018 +0800 +++ b/lcptools-v2/custom_elt.c Fri Nov 30 12:04:56 2018 +0800 @@ -42,6 +42,7 @@ #include <ctype.h> #define _GNU_SOURCE #include <getopt.h> +#include <safe_lib.h> #define PRINT printf #include "../include/config.h" #include "../include/hash.h" @@ -208,12 +209,12 @@ return NULL; } - memset(elt, 0, sizeof(*elt) + data_size); + memset_s(elt, sizeof(*elt) + data_size, 0); elt->size = sizeof(*elt) + data_size; lcp_custom_element_t2 *custom = (lcp_custom_element_t2 *)&elt->data; custom->uuid = uuid; - memcpy(custom->data, data, data_len); + memcpy_s(custom->data, data_len, data, data_len); free(data); data = NULL; diff -r 466b8e5ec3b7 -r 48fdbc3d9fcd lcptools-v2/hash.c --- a/lcptools-v2/hash.c Fri Nov 30 12:04:22 2018 +0800 +++ b/lcptools-v2/hash.c Fri Nov 30 12:04:56 2018 +0800 @@ -39,6 +39,7 @@ #include <stdbool.h> #include <string.h> #include <openssl/evp.h> +#include <safe_lib.h> #define PRINT printf #include "../include/config.h" #include "../include/hash.h" @@ -52,19 +53,20 @@ bool are_hashes_equal(const tb_hash_t *hash1, const tb_hash_t *hash2, uint16_t hash_alg) { + int diff; if ( ( hash1 == NULL ) || ( hash2 == NULL ) ) return false; if ( hash_alg == TB_HALG_SHA1 ) - return (memcmp(hash1, hash2, SHA1_LENGTH) == 0); + return (memcmp_s(hash1, SHA1_LENGTH, hash2, SHA1_LENGTH, &diff) == 0 && diff == 0); else if ( hash_alg == TB_HALG_SHA256 ) - return (memcmp(hash1, hash2, SHA256_LENGTH) == 0); + return (memcmp_s(hash1, SHA256_LENGTH, hash2, SHA256_LENGTH, &diff) == 0 && diff == 0); else if ( hash_alg == TB_HALG_SM3 ) - return (memcmp(hash1, hash2, SM3_LENGTH) == 0); + return (memcmp_s(hash1, SM3_LENGTH, hash2, SM3_LENGTH, &diff) == 0 && diff == 0); else if ( hash_alg == TB_HALG_SHA384 ) - return (memcmp(hash1, hash2, SHA384_LENGTH) == 0); + return (memcmp_s(hash1, SHA384_LENGTH, hash2, SHA384_LENGTH, &diff) == 0 && diff == 0); else if ( hash_alg == TB_HALG_SHA512 ) - return (memcmp(hash1, hash2, SHA512_LENGTH) == 0); + return (memcmp_s(hash1, SHA512_LENGTH, hash2, SHA512_LENGTH, &diff) == 0 && diff == 0); else |
