diff --git a/build-aux/knet_valgrind_memcheck.supp b/build-aux/knet_valgrind_memcheck.supp index 208eb4d8..9654368e 100644 --- a/build-aux/knet_valgrind_memcheck.supp +++ b/build-aux/knet_valgrind_memcheck.supp @@ -1,516 +1,512 @@ { Internal NSPR/NSS leaks (libknet direct) Memcheck:Leak match-leak-kinds: definite fun:calloc obj:* obj:* obj:* obj:* obj:* fun:init_nss_db fun:nsscrypto_load_lib - fun:crypto_check_init_lib fun:crypto_init fun:knet_handle_crypto fun:test fun:main } { Internal NSPR/NSS leaks (libknet direct) Memcheck:Leak match-leak-kinds: definite fun:malloc obj:* obj:* obj:* obj:* obj:* fun:init_nss_db fun:nsscrypto_load_lib - fun:crypto_check_init_lib fun:crypto_init fun:knet_handle_crypto fun:test fun:main } { Internal NSPR/NSS leaks (internal crypto test) Memcheck:Leak match-leak-kinds: definite fun:calloc obj:* obj:* obj:* obj:* obj:* fun:init_nss_db fun:nsscrypto_load_lib - fun:crypto_check_init_lib fun:crypto_init fun:test fun:main } { Internal NSPR/NSS leaks (internal crypto test) Memcheck:Leak match-leak-kinds: definite fun:malloc obj:* obj:* obj:* obj:* obj:* fun:init_nss_db fun:nsscrypto_load_lib - fun:crypto_check_init_lib fun:crypto_init fun:test fun:main } { lzma internal stuff Memcheck:Cond fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Value8 fun:lzma_stream_header_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond fun:lzma_crc32 fun:lzma_stream_header_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Value8 fun:lzma_crc32 fun:lzma_stream_header_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Value8 fun:lzma_block_header_encode obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Value8 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond fun:is_overlap fun:memcpy@@GLIBC_2.14 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread } { lzma internal stuff Memcheck:Cond fun:memcpy@@GLIBC_2.14 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread } { lzma internal stuff Memcheck:Value8 fun:memcpy@@GLIBC_2.14 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread } { lzma internal stuff Memcheck:Value8 fun:lzma_vli_encode fun:lzma_filter_flags_encode fun:lzma_block_header_encode obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Value8 obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_filter_flags_encode fun:lzma_block_header_encode obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond fun:memset fun:lzma_block_header_encode obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Value8 fun:memset fun:lzma_block_header_encode obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond fun:lzma_block_unpadded_size fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond fun:lzma_index_append fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond fun:lzma_vli_size fun:lzma_index_append fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond fun:lzma_index_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_index_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Value8 obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_index_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond fun:lzma_vli_encode obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_index_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Value8 fun:lzma_vli_encode obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_index_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond fun:lzma_crc32 obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_index_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Value8 fun:lzma_crc32 obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_index_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Value8 fun:lzma_stream_footer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Value8 fun:lzma_crc32 fun:lzma_stream_footer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond fun:lzma_crc32 fun:lzma_stream_footer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { lzma internal stuff Memcheck:Cond obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 obj:/usr/lib64/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread } diff --git a/libknet/crypto.c b/libknet/crypto.c index 4cca15ff..d3a5becf 100644 --- a/libknet/crypto.c +++ b/libknet/crypto.c @@ -1,200 +1,189 @@ /* * Copyright (C) 2010-2015 Red Hat, Inc. All rights reserved. * * Author: Fabio M. Di Nitto * * This software licensed under GPL-2.0+, LGPL-2.0+ */ #include "config.h" #include #include #include #include #include "crypto.h" #include "crypto_nss.h" #include "internals.h" #include "logging.h" /* * internal module switch data */ #define empty_module NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL }, crypto_model_t crypto_modules_cmds[] = { { "nss", #ifdef BUILDCRYPTONSS 1, nsscrypto_load_lib, nsscrypto_unload_lib, 0, 0, nsscrypto_init, nsscrypto_fini, nsscrypto_encrypt_and_sign, nsscrypto_encrypt_and_signv, nsscrypto_authenticate_and_decrypt }, #else 0,empty_module #endif { NULL, 0, empty_module }; static int crypto_get_model(const char *model) { int idx = 0; while (crypto_modules_cmds[idx].model_name != NULL) { if (!strcmp(crypto_modules_cmds[idx].model_name, model)) return idx; idx++; } return -1; } -static int crypto_check_init_lib(knet_handle_t knet_h, int model) -{ - int savederrno = 0; - - savederrno = pthread_rwlock_wrlock(&shlib_rwlock); - if (savederrno) { - log_err(knet_h, KNET_SUB_CRYPTO, "Unable to get write lock: %s", - strerror(savederrno)); - return -1; - } - - if (crypto_modules_cmds[model].loaded == 1) { - return 0; - } - - if (crypto_modules_cmds[model].load_lib(knet_h) < 0) { - log_err(knet_h, KNET_SUB_CRYPTO, "Unable to load %s lib", crypto_modules_cmds[model].model_name); - pthread_rwlock_unlock(&shlib_rwlock); - return -1; - } - crypto_modules_cmds[model].loaded = 1; - - return 0; -} - /* * exported API */ int crypto_encrypt_and_sign ( knet_handle_t knet_h, const unsigned char *buf_in, const ssize_t buf_in_len, unsigned char *buf_out, ssize_t *buf_out_len) { return crypto_modules_cmds[knet_h->crypto_instance->model].crypt(knet_h, buf_in, buf_in_len, buf_out, buf_out_len); } int crypto_encrypt_and_signv ( knet_handle_t knet_h, const struct iovec *iov_in, int iovcnt_in, unsigned char *buf_out, ssize_t *buf_out_len) { return crypto_modules_cmds[knet_h->crypto_instance->model].cryptv(knet_h, iov_in, iovcnt_in, buf_out, buf_out_len); } int crypto_authenticate_and_decrypt ( knet_handle_t knet_h, const unsigned char *buf_in, const ssize_t buf_in_len, unsigned char *buf_out, ssize_t *buf_out_len) { return crypto_modules_cmds[knet_h->crypto_instance->model].decrypt(knet_h, buf_in, buf_in_len, buf_out, buf_out_len); } int crypto_init( knet_handle_t knet_h, struct knet_handle_crypto_cfg *knet_handle_crypto_cfg) { + int savederrno = 0; int model = 0; model = crypto_get_model(knet_handle_crypto_cfg->crypto_model); if (model < 0) { log_err(knet_h, KNET_SUB_CRYPTO, "model %s not supported", knet_handle_crypto_cfg->crypto_model); - goto out_err; + return -1; } if (crypto_modules_cmds[model].built_in == 0) { log_err(knet_h, KNET_SUB_CRYPTO, "this version of libknet was built without %s support. Please contact your vendor or fix the build.", knet_handle_crypto_cfg->crypto_model); + return -1; + } + + savederrno = pthread_rwlock_wrlock(&shlib_rwlock); + if (savederrno) { + log_err(knet_h, KNET_SUB_CRYPTO, "Unable to get write lock: %s", + strerror(savederrno)); + return -1; + } + + if (crypto_modules_cmds[model].load_lib(knet_h) < 0) { + log_err(knet_h, KNET_SUB_CRYPTO, "Unable to load %s lib", crypto_modules_cmds[model].model_name); goto out_err; } + crypto_modules_cmds[model].loaded = 1; log_debug(knet_h, KNET_SUB_CRYPTO, "Initizializing crypto module [%s/%s/%s]", knet_handle_crypto_cfg->crypto_model, knet_handle_crypto_cfg->crypto_cipher_type, knet_handle_crypto_cfg->crypto_hash_type); - if (crypto_check_init_lib(knet_h, model) < 0) { - log_err(knet_h, KNET_SUB_CRYPTO, "Unable to load crypto library"); - return -1; - } - knet_h->crypto_instance = malloc(sizeof(struct crypto_instance)); if (!knet_h->crypto_instance) { log_err(knet_h, KNET_SUB_CRYPTO, "Unable to allocate memory for crypto instance"); pthread_rwlock_unlock(&shlib_rwlock); goto out_err; } + /* + * if crypto_modules_cmds.init fails, it is expected that + * it will clean everything by itself. + * crypto_modules_cmds.fini is not invoked on error. + */ knet_h->crypto_instance->model = model; if (crypto_modules_cmds[knet_h->crypto_instance->model].init(knet_h, knet_handle_crypto_cfg)) goto out_err; log_debug(knet_h, KNET_SUB_CRYPTO, "security network overhead: %u", knet_h->sec_header_size); crypto_modules_cmds[model].libref++; pthread_rwlock_unlock(&shlib_rwlock); return 0; out_err: if (knet_h->crypto_instance) { free(knet_h->crypto_instance); knet_h->crypto_instance = NULL; } if ((crypto_modules_cmds[model].libref == 0) && (crypto_modules_cmds[model].loaded == 1)) { log_debug(knet_h, KNET_SUB_CRYPTO, "Unloading %s library", crypto_modules_cmds[model].model_name); crypto_modules_cmds[model].unload_lib(knet_h); crypto_modules_cmds[model].loaded = 0; } pthread_rwlock_unlock(&shlib_rwlock); return -1; } void crypto_fini( knet_handle_t knet_h) { int savederrno = 0; int model = 0; savederrno = pthread_rwlock_wrlock(&shlib_rwlock); if (savederrno) { log_err(knet_h, KNET_SUB_CRYPTO, "Unable to get write lock: %s", strerror(savederrno)); return; } if (knet_h->crypto_instance) { model = knet_h->crypto_instance->model; if (crypto_modules_cmds[model].fini != NULL) { crypto_modules_cmds[model].fini(knet_h); } free(knet_h->crypto_instance); knet_h->crypto_instance = NULL; crypto_modules_cmds[model].libref--; if ((crypto_modules_cmds[model].libref == 0) && (crypto_modules_cmds[model].loaded == 1)) { log_debug(knet_h, KNET_SUB_CRYPTO, "Unloading %s library", crypto_modules_cmds[model].model_name); crypto_modules_cmds[model].unload_lib(knet_h); crypto_modules_cmds[model].loaded = 0; } } pthread_rwlock_unlock(&shlib_rwlock); return; }