index : linux	frominto-error master
	Contrib clone of linux	matthias

summaryrefslogtreecommitdiffstats

log msg author committer range

path: root/kernel/extable.c

Age	Commit message (Expand)	Author
2020-01-25	bpf: Allow to resolve bpf trampoline and dispatcher in unwind	Jiri Olsa
2019-10-17	bpf: Add support for BTF pointers to x86 JIT	Alexei Starovoitov
2019-08-21	extable: Add function to search only kernel exception table	Santosh Sivaraj
2019-05-30	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	Thomas Gleixner
2018-02-21	extable: Make init_kernel_text() global	Josh Poimboeuf
2017-11-07	kprobes, x86/alternatives: Use text_mutex to protect smp_alt_modules	Zhou Chengming
2017-09-23	extable: Enable RCU if it is not watching in kernel_text_address()	Steven Rostedt (VMware)
2017-09-23	extable: Consolidate *kernel_text_address() functions	Steven Rostedt (VMware)
2017-07-10	lib/extable.c: use bsearch() library function in search_extable()	Thomas Meyer
2017-07-06	kernel/extable.c: mark core_kernel_text notrace	Marcin Nowakowski
2017-05-23	extable: Adjust system_state checks	Thomas Gleixner
2017-02-22	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	Linus Torvalds
2017-02-21	Merge tag 'extable-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/gi...	Linus Torvalds
2017-02-17	bpf: make jited programs visible in traces	Daniel Borkmann
2017-02-09	core: migrate exception table users off module.h and onto extable.h	Paul Gortmaker
2017-01-14	kprobes, extable: Identify kprobes trampolines as kernel text area	Masami Hiramatsu
2016-12-24	Replace <asm/uaccess.h> with <linux/uaccess.h> globally	Linus Torvalds
2015-09-10	kernel/extable.c: remove duplicated include	Wei Yongjun
2014-11-19	ftrace/x86/extable: Add is_ftrace_trampoline() function	Steven Rostedt (Red Hat)
2014-02-13	asmlinkage: Make main_extable_sort_needed visible	Andi Kleen
2013-11-28	kernel/extable: fix address-checks for core_kernel and init areas	Helge Deller
2013-09-11	extable: skip sorting if the table is empty	Uwe Kleine-König
2013-04-15	extable: Flip the sorting message	Borislav Petkov
2012-04-19	extable: Skip sorting if sorted at build time.	David Daney
2011-05-20	extable, core_kernel_data(): Make sure all archs define _sdata	Steven Rostedt
2011-05-20	core_kernel_data(): Fix architectures that do not define _sdata	Ingo Molnar
2011-05-18	ftrace: Allow dynamically allocated function tracers	Steven Rostedt
2009-04-05	Merge branch 'tracing-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...	Linus Torvalds
2009-04-05	Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-module-an...	Linus Torvalds
2009-03-31	module: remove module_text_address()	Rusty Russell
2009-03-22	tracing, Text Edit Lock: Fix one sparse warning in kernel/extable.c	Dmitri Vorobiev
2009-03-20	tracing, Text Edit Lock - kprobes architecture independent support, nommu fix	Ingo Molnar
2009-03-19	symbols, stacktrace: look up init symbols after module symbols	Ingo Molnar
2009-02-09	tracing/function-graph-tracer: drop the kernel_text_address check	Frederic Weisbecker
2008-12-30	Merge branch 'core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/gi...	Linus Torvalds
2008-12-08	tracing/function-graph-tracer: introduce __notrace_funcgraph to filter specia...	Frederic Weisbecker
2008-09-10	debug: add notifier chain debugging, v2	Arjan van de Ven
2008-01-29	module: Don't report discarded init pages as kernel text.	Rusty Russell
2006-05-15	[PATCH] symbol_put_addr() locks kernel	Trent Piepho
2005-04-16	Linux-2.6.12-rc2	Linus Torvalds

generated by cgit v1.2.3 (git 2.25.1) at 2024-09-11 19:08:54 +0000

/*
 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/provider.h>
#include <openssl/params.h>
#include <openssl/fips_names.h>
#include <openssl/core_names.h>
#include <openssl/self_test.h>
#include <openssl/fipskey.h>
#include "apps.h"
#include "progs.h"

#define BUFSIZE 4096

/* Configuration file values */
#define VERSION_KEY  "version"
#define VERSION_VAL  "1"
#define INSTALL_STATUS_VAL "INSTALL_SELF_TEST_KATS_RUN"

static OSSL_CALLBACK self_test_events;
static char *self_test_corrupt_desc = NULL;
static char *self_test_corrupt_type = NULL;
static int self_test_log = 1;
static int quiet = 0;

typedef enum OPTION_choice {
    OPT_COMMON,
    OPT_IN, OPT_OUT, OPT_MODULE,
    OPT_PROV_NAME, OPT_SECTION_NAME, OPT_MAC_NAME, OPT_MACOPT, OPT_VERIFY,
    OPT_NO_LOG, OPT_CORRUPT_DESC, OPT_CORRUPT_TYPE, OPT_QUIET, OPT_CONFIG,
    OPT_NO_CONDITIONAL_ERRORS,
    OPT_NO_SECURITY_CHECKS,
    OPT_SELF_TEST_ONLOAD
} OPTION_CHOICE;

const OPTIONS fipsinstall_options[] = {
    OPT_SECTION("General"),
    {"help", OPT_HELP, '-', "Display this summary"},
    {"verify", OPT_VERIFY, '-',
        "Verify a config file instead of generating one"},
    {"module", OPT_MODULE, '<', "File name of the provider module"},
    {"provider_name", OPT_PROV_NAME, 's', "FIPS provider name"},
    {"section_name", OPT_SECTION_NAME, 's',
     "FIPS Provider config section name (optional)"},
     {"no_conditional_errors", OPT_NO_CONDITIONAL_ERRORS, '-',
      "Disable the ability of the fips module to enter an error state if"
      " any conditional self tests fail"},
    {"no_security_checks", OPT_NO_SECURITY_CHECKS, '-',
     "Disable the run-time FIPS security checks in the module"},
    {"self_test_onload", OPT_SELF_TEST_ONLOAD, '-',
     "Forces self tests to always run on module load"},
    OPT_SECTION("Input"),
    {"in", OPT_IN, '<', "Input config file, used when verifying"},

    OPT_SECTION("Output"),
    {"out", OPT_OUT, '>', "Output config file, used when generating"},
    {"mac_name", OPT_MAC_NAME, 's', "MAC name"},
    {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form. "
                                "See 'PARAMETER NAMES' in the EVP_MAC_ docs"},
    {"noout", OPT_NO_LOG, '-', "Disable logging of self test events"},
    {"corrupt_desc", OPT_CORRUPT_DESC, 's', "Corrupt a self test by description"},
    {"corrupt_type", OPT_CORRUPT_TYPE, 's', "Corrupt a self test by type"},
    {"config", OPT_CONFIG, '<', "The parent config to verify"},
    {"quiet", OPT_QUIET, '-', "No messages, just exit status"},
    {NULL}
};

static int do_mac(EVP_MAC_CTX *ctx, unsigned char *tmp, BIO *in,
                  unsigned char *out, size_t *out_len)
{
    int ret = 0;
    int i;
    size_t outsz = *out_len;

    if (!EVP_MAC_init(ctx, NULL, 0, NULL))
        goto err;
    if (EVP_MAC_CTX_get_mac_size(ctx) > outsz)
        goto end;
    while ((i = BIO_read(in, (char *)tmp, BUFSIZE)) != 0) {
        if (i < 0 || !EVP_MAC_update(ctx, tmp, i))
            goto err;
    }
end:
    if (!EVP_MAC_final(ctx, out, out_len, outsz))
        goto err;
    ret = 1;
err:
    return ret;
}

static int load_fips_prov_and_run_self_test(const char *prov_name)
{
    int ret = 0;
    OSSL_PROVIDER *prov = NULL;

    prov = OSSL_PROVIDER_load(NULL, prov_name);
    if (prov == NULL) {
        BIO_printf(bio_err, "Failed to load FIPS module\n");
        goto end;
    }
    ret = 1;
end:
    OSSL_PROVIDER_unload(prov);
    return ret;
}

static int print_mac(BIO *bio, const char *label, const unsigned char *mac,
                     size_t len)
{
    int ret;
    char *hexstr = NULL;

    hexstr = OPENSSL_buf2hexstr(mac, (long)len);
    if (hexstr == NULL)
        return 0;
    ret = BIO_printf(bio, "%s = %s\n", label, hexstr);
    OPENSSL_free(hexstr);
    return ret;
}

static int write_config_header(BIO *out, const char *prov_name,
                               const char *section)
{
    return BIO_printf(out, "openssl_conf = openssl_init\n\n")
           && BIO_printf(out, "[openssl_init]\n")
           && BIO_printf(out, "providers = provider_section\n\n")
           && BIO_printf(out, "[provider_section]\n")
           && BIO_printf(out, "%s = %s\n\n", prov_name, section);
}

/*
 * Outputs a fips related config file that contains entries for the fips
 * module checksum, installation indicator checksum and the options
 * conditional_errors and security_checks.
 *
 * Returns 1 if the config file is written otherwise it returns 0 on error.
 */
static int write_config_fips_section(BIO *out, const char *section,
                                     unsigned char *module_mac,
                                     size_t module_mac_len,
                                     int conditional_errors,
                                     int security_checks,
                                     unsigned char *install_mac,
                                     size_t install_mac_len)
{
    int ret = 0;

    if (BIO_printf(out, "[%s]\n", section) <= 0
        || BIO_printf(out, "activate = 1\n") <= 0
        || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
                      VERSION_VAL) <= 0
        || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS,
                      conditional_errors ? "1" : "0") <= 0
        || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS,
                      security_checks ? "1" : "0") <= 0
        || !print_mac(out, OSSL_PROV_FIPS_PARAM_MODULE_MAC, module_mac,
                      module_mac_len))
        goto end;

    if (install_mac != NULL && install_mac_len > 0) {
        if (!print_mac(out, OSSL_PROV_FIPS_PARAM_INSTALL_MAC, install_mac,
                       install_mac_len)
            || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
                          INSTALL_STATUS_VAL) <= 0)
        goto end;
    }
    ret = 1;
end:
    return ret;
}

static CONF *generate_config_and_load(const