Merge pull request #155 from kronosnet/stable1-proposed

Stable1 proposed

.gitarchivever

@@ -0,0 +1 @@
+ref names:$Format:%d$

.gitattributes

@@ -1 +1,2 @@
 configure.ac export-subst
+.gitarchivever export-subst

Makefile.am

@@ -63,7 +63,7 @@ $(SPEC): $(SPEC).in .version config.status
 		alphatag="" && \
 		dirty="" && \
 		numcomm="0"; \
-	else \
+	elif [ "`git log -1 --pretty=format:x . 2>&1`" = "x" ]; then \
 		gitver="`GIT_DIR=$(abs_srcdir)/.git git describe --abbrev=4 --match='v*' HEAD 2>/dev/null`" && \
 		rpmver=`echo $$gitver | sed -e "s/^v//" -e "s/-.*//g"` && \
 		alphatag=`echo $$gitver | sed -e "s/.*-//" -e "s/^g//"` && \
@@ -72,6 +72,12 @@ $(SPEC): $(SPEC).in .version config.status
 		cd $(abs_srcdir) && \
 		git update-index --refresh > /dev/null 2>&1 || true && \
 		dirty=`git diff-index --name-only HEAD 2>/dev/null` && cd - 2>/dev/null; \
+	else \
+		gitver="`cd $(abs_srcdir); build-aux/git-version-gen .tarball-version .gitarchivever`" && \
+		rpmver=$$gitver && \
+		alphatag="" && \
+		dirty="" && \
+		numcomm="0"; \
 	fi && \
 	if [ -n "$$dirty" ]; then dirty="dirty"; else dirty=""; fi && \
 	if [ "$$numcomm" = "0" ]; then \

build-aux/git-version-gen

@@ -1,7 +1,8 @@
 #!/bin/sh
 # Print a version string.
-scriptversion=2016-01-11.22; # UTC
+scriptversion=2018-08-31.20; # UTC
 
+# Copyright (C) 2018 Red Hat, Inc.
 # Copyright (C) 2007-2016 Free Software Foundation, Inc.
 #
 # This program is free software: you can redistribute it and/or modify
@@ -49,6 +50,17 @@ scriptversion=2016-01-11.22; # UTC
 # .tarball-version is never generated in a VC'd directory, so needn't
 # be listed there.
 #
+# In order to use git archive versions another two files has to be presented:
+#
+# .gitarchive-version - present in checked-out repository and git
+#   archive tarball, but not in the distribution tarball. Used as a last
+#   option for version. File must contain special string $Format:%d$,
+#   which is substitued by git on archive operation.
+#
+# .gitattributes - present in checked-out repository and git archive
+#   tarball, but not in the distribution tarball. Must set export-subst
+#   attribute for .gitarchive-version file.
+#
 # Use the following line in your configure.ac, so that $(VERSION) will
 # automatically be up-to-date each time configure is run (and note that
 # since configure.ac no longer includes a version string, Makefile rules
@@ -80,7 +92,7 @@ under the terms of the GNU General Public License.
 For more information about these matters, see the files named COPYING."
 
 usage="\
-Usage: $me [OPTION]... \$srcdir/.tarball-version [TAG-NORMALIZATION-SED-SCRIPT]
+Usage: $me [OPTION]... \$srcdir/.tarball-version [\$srcdir/.gitarchive-version] [TAG-NORMALIZATION-SED-SCRIPT]
 Print a version string.
 
 Options:
@@ -110,6 +122,8 @@ while test $# -gt 0; do
     *)
       if test "x$tarball_version_file" = x; then
         tarball_version_file="$1"
+      elif test "x$gitarchive_version_file" = x; then
+        gitarchive_version_file="$1"
       elif test "x$tag_sed_script" = x; then
         tag_sed_script="$1"
       else
@@ -155,8 +169,8 @@ then
 # directory, and "git describe" output looks sensible, use that to
 # derive a version string.
 elif test "`git log -1 --pretty=format:x . 2>&1`" = x \
-    && v=`git describe --abbrev=4 --match="$prefix*" --tags HEAD 2>/dev/null \
-          || git describe --abbrev=4 --tags HEAD 2>/dev/null` \
+    && v=`git describe --abbrev=4 --match="$prefix*" HEAD 2>/dev/null \
+          || git describe --abbrev=4 HEAD 2>/dev/null` \
     && v=`printf '%s\n' "$v" | sed "$tag_sed_script"` \
     && case $v in
          $prefix[0-9]*) ;;
@@ -189,11 +203,34 @@ then
     v=`echo "$v" | sed 's/-/./;s/\(.*\)-g/\1-/'`;
     v_from_git=1
 elif test "x$fallback" = x || git --version >/dev/null 2>&1; then
-    v=UNKNOWN
+    if test -f $gitarchive_version_file
+    then
+        v=`sed "s/^.*tag: \($prefix[0-9)][^,)]*\).*\$/\1/" $gitarchive_version_file \
+            | sed "$tag_sed_script"` || exit 1
+        case $v in
+            *$nl*) v= ;; # reject multi-line output
+            $prefix[0-9]*) ;;
+            *) v= ;;
+        esac
+
+        test -z "$v" \
+            && echo "$0: WARNING: $gitarchive_version_file doesn't contain valid version tag" 1>&2 \
+            && v=UNKNOWN
+    else
+        v=UNKNOWN
+    fi
 else
     v=$fallback
 fi
 
+if test "x$fallback" = x -a "$v" = "UNKNOWN"
+then
+  echo "$0: ERROR: Can't find valid version. Please use valid git repository," \
+    "released tarball or version tagged archive" 1>&2
+
+  exit 1
+fi
+
 v=`echo "$v" |sed "s/^$prefix//"`
 
 # Test whether to append the "-dirty" suffix only if the version

build-aux/knet_valgrind_memcheck.supp

@@ -538,38 +538,6 @@
    fun:compress_cfg
    fun:knet_handle_compress
 }
-{
-   nss internal stuff (FreeBSD 11.1)
-   Memcheck:Addr8
-   obj:/libexec/ld-elf.so.1
-   obj:/libexec/ld-elf.so.1
-   obj:/libexec/ld-elf.so.1
-   obj:/libexec/ld-elf.so.1
-   obj:/libexec/ld-elf.so.1
-   obj:/libexec/ld-elf.so.1
-   fun:PR_LoadLibraryWithFlags
-   obj:/usr/local/lib/nss/libnssutil3.so
-   fun:PORT_LoadLibraryFromOrigin
-   obj:/usr/local/lib/nss/libnss3.so
-   fun:PR_CallOnce
-   obj:/usr/local/lib/nss/libnss3.so
-}
-{
-   nss internal stuff (FreeBSD 11.1)
-   Memcheck:Addr8
-   obj:/libexec/ld-elf.so.1
-   obj:/libexec/ld-elf.so.1
-   obj:/libexec/ld-elf.so.1
-   obj:/libexec/ld-elf.so.1
-   fun:PR_LoadLibraryWithFlags
-   obj:/usr/local/lib/nss/libnssutil3.so
-   fun:PORT_LoadLibraryFromOrigin
-   obj:/usr/local/lib/nss/libnss3.so
-   fun:PR_CallOnce
-   obj:/usr/local/lib/nss/libnss3.so
-   fun:SECMOD_LoadModule
-   obj:/usr/local/lib/nss/libnss3.so
-}
 {
    nss internal leak (3.38+) non recurring
    Memcheck:Leak
@@ -605,32 +573,18 @@
    fun:main
 }
 {
-   openssl internal stuff (FreeBSD 11.1)
+   nss internal leak (3.38+) non recurring
    Memcheck:Addr8
-   obj:/libexec/ld-elf.so.1
-   obj:/libexec/ld-elf.so.1
-   obj:/libexec/ld-elf.so.1
-   obj:/libexec/ld-elf.so.1
-   obj:/usr/local/lib/libcrypto.so.10
-   fun:DSO_load
-   fun:DSO_dsobyaddr
-   obj:/usr/local/lib/libcrypto.so.10
-   fun:pthread_once
-   fun:CRYPTO_THREAD_run_once
-   fun:OPENSSL_init_crypto
-   fun:opensslcrypto_init
-}
-{
-   Internal glibc memory leak (Fedora 28 on arm)
-   Memcheck:Leak
-   match-leak-kinds: definite
-   fun:malloc
-   fun:_dl_map_object_deps
-}
-{
-   Internal glibc memory leak (Fedora 28 on arm)
-   Memcheck:Leak
-   match-leak-kinds: definite
-   fun:malloc
-   fun:dl_open_worker
+   obj:/usr/lib64/libp11-kit.so.0.3.0
+   obj:/usr/lib64/libp11-kit.so.0.3.0
+   fun:_dl_close_worker
+   fun:_dl_close
+   fun:_dl_catch_exception
+   fun:_dl_catch_error
+   fun:_dlerror_run
+   fun:dlclose
+   fun:PR_UnloadLibrary
+   obj:/usr/lib64/libnss3.so
+   obj:/usr/lib64/libnss3.so
+   obj:/usr/lib64/libnss3.so
 }

configure.ac

@@ -13,7 +13,7 @@
 
 AC_PREREQ([2.63])
 AC_INIT([kronosnet],
-	m4_esyscmd([build-aux/git-version-gen .tarball-version]),
+	m4_esyscmd([build-aux/git-version-gen .tarball-version .gitarchivever]),
 	[devel@lists.kronosnet.org])
 # Don't let AC_PROC_CC (invoked by AC_USE_SYSTEM_EXTENSIONS) replace
 # undefined CFLAGS with -g -O2, overriding our special OPT_CFLAGS.

libknet/crypto_nss.c

@@ -176,16 +176,25 @@ static PK11SymKey *nssimport_symmetric_key(knet_handle_t knet_h, enum sym_key_ty
 	SECItem tmp_sec_item;
 	SECItem wrapped_key;
 	int wrapped_key_len;
+	int wrap_key_block_size;
 	unsigned char wrapped_key_data[KNET_MAX_KEY_LEN];
+	unsigned char pad_key_data[KNET_MAX_KEY_LEN];
 
 	memset(&key_item, 0, sizeof(key_item));
 	slot = NULL;
 	wrap_key = NULL;
 	res_key = NULL;
 	wrap_key_crypt_context = NULL;
 
+	if (instance->private_key_len > sizeof(pad_key_data)) {
+		log_err(knet_h, KNET_SUB_NSSCRYPTO, "Import symmetric key failed. Private key is too long");
+		goto exit_res_key;
+	}
+	memset(pad_key_data, 0, sizeof(pad_key_data));
+	memcpy(pad_key_data, instance->private_key, instance->private_key_len);
+
 	key_item.type = siBuffer;
-	key_item.data = instance->private_key;
+	key_item.data = pad_key_data;
 
 	switch (key_type) {
 		case SYM_KEY_TYPE_CRYPT:
@@ -237,6 +246,21 @@ static PK11SymKey *nssimport_symmetric_key(knet_handle_t knet_h, enum sym_key_ty
 	 * Encrypt authkey with wrapping key
 	 */
 
+	/*
+	 * Key must be padded to a block size
+	 */
+	wrap_key_block_size = PK11_GetBlockSize(wrap_mechanism, 0);
+	if (wrap_key_block_size < 0) {
+		log_err(knet_h, KNET_SUB_NSSCRYPTO, "Unable to get wrap key block size (%d): %s",
+			PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
+		goto exit_res_key;
+	}
+	if (sizeof(pad_key_data) % wrap_key_block_size != 0) {
+		log_err(knet_h, KNET_SUB_NSSCRYPTO, "Padded key buffer size (%zu) is not dividable by "
+			"wrap key block size (%u).", sizeof(pad_key_data), (unsigned int)wrap_key_block_size);
+		goto exit_res_key;
+	}
+
 	/*
 	 * Initialization of IV is not needed because PK11_GetBestWrapMechanism should return ECB mode
 	 */
@@ -252,7 +276,7 @@ static PK11SymKey *nssimport_symmetric_key(knet_handle_t knet_h, enum sym_key_ty
 	wrapped_key_len = (int)sizeof(wrapped_key_data);
 
 	if (PK11_CipherOp(wrap_key_crypt_context, wrapped_key_data, &wrapped_key_len,
-			  sizeof(wrapped_key_data), key_item.data, key_item.len) != SECSuccess) {
+			  sizeof(wrapped_key_data), key_item.data, sizeof(pad_key_data)) != SECSuccess) {
 		log_err(knet_h, KNET_SUB_NSSCRYPTO, "Unable to encrypt authkey (%d): %s",
 			PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
 		goto exit_res_key;

libknet/internals.h

@@ -337,6 +337,11 @@ typedef struct knet_transport_ops {
 
 socklen_t sockaddr_len(const struct sockaddr_storage *ss);
 
+struct pretty_names {
+	const char *name;
+	uint8_t val;
+};
+
 /**
  * This is a kernel style list implementation.
  *

libknet/links.c

@@ -401,7 +401,7 @@ int knet_link_clear_config(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t
 	memset(link, 0, sizeof(struct knet_link));
 	link->link_id = link_id;
 
-	if (knet_h->has_loop_link && link_id == knet_h->loop_link) {
+	if (knet_h->has_loop_link && host_id == knet_h->host_id && link_id == knet_h->loop_link) {
 		knet_h->has_loop_link = 0;
 		if (host->active_link_entries == 0) {
 			host->status.reachable = 0;

libknet/logging.c

@@ -20,11 +20,6 @@
 #include "logging.h"
 #include "threads_common.h"
 
-struct pretty_names {
-	const char *name;
-	uint8_t val;
-};
-
 static struct pretty_names subsystem_names[] =
 {
 	{ "common", KNET_SUB_COMMON },

libknet/tests/api_knet_handle_crypto.c

@@ -170,6 +170,27 @@ static void test(const char *model)
 
 	flush_logs(logfds[0], stdout);
 
+	printf("Test knet_handle_crypto with %s/aes128/sha1 and key where (key_len %% wrap_key_block_size != 0)\n", model);
+
+	memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
+	strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
+	strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
+	strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
+	/*
+	 * Prime number so chance that (private_key_len % wrap_key_block_size == 0) is minimalized
+	 */
+	knet_handle_crypto_cfg.private_key_len = 2003;
+
+	if (knet_handle_crypto(knet_h, &knet_handle_crypto_cfg) < 0) {
+		printf("knet_handle_crypto doesn't accept private_ley with len 2003: %s\n", strerror(errno));
+		knet_handle_free(knet_h);
+		flush_logs(logfds[0], stdout);
+		close_logpipes(logfds);
+		exit(FAIL);
+	}
+
+	flush_logs(logfds[0], stdout);
+
 	printf("Shutdown crypto\n");
 
 	memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));

libknet/tests/test-common.c

@@ -224,6 +224,10 @@ void flush_logs(int logfd, FILE *std)
 			int len = read(logfd, &msg + bytes_read,
 				       sizeof(msg) - bytes_read);
 			if (len <= 0) {
+				/*
+				 * clear errno to avoid incorrect propagation
+				 */
+				errno = 0;
 				return;
 			}
 			bytes_read += len;
@@ -472,20 +476,30 @@ int wait_for_packet(knet_handle_t knet_h, int seconds, int datafd)
 {
 	fd_set rfds;
 	struct timeval tv;
-	int err = 0;
+	int err = 0, i = 0;
 
 	if (is_memcheck() || is_helgrind()) {
 		printf("Test suite is running under valgrind, adjusting wait_for_packet timeout\n");
 		seconds = seconds * 16;
 	}
 
+try_again:
 	FD_ZERO(&rfds);
 	FD_SET(datafd, &rfds);
 
 	tv.tv_sec = seconds;
 	tv.tv_usec = 0;
 
 	err = select(datafd+1, &rfds, NULL, NULL, &tv);
+	/*
+	 * on slow arches the first call to select can return 0.
+	 * pick an arbitrary 10 times loop (multiplied by waiting seconds)
+	 * before failing.
+	 */
+	if ((!err) && (i < 10)) {
+		i++;
+		goto try_again;
+	}
 	if ((err > 0) && (FD_ISSET(datafd, &rfds))) {
 		return 0;
 	}