Fix hex_to_bytes and add it to common utils.

lib/libdevmapper.c

@@ -256,21 +256,6 @@ static void hex_key(char *hexkey, size_t key_size, const char *key)
 		sprintf(&hexkey[i * 2], "%02x", (unsigned char)key[i]);
 }
 
-static size_t hex_to_bytes(const char *hex, char *result)
-{
-	char buf[3] = "xx\0", *endp;
-	size_t i, len;
-
-	len = strlen(hex) / 2;
-	for (i = 0; i < len; i++) {
-		memcpy(buf, &hex[i * 2], 2);
-		result[i] = strtoul(buf, &endp, 16);
-		if (endp != &buf[2])
-			return -EINVAL;
-	}
-	return i;
-}
-
 /* http://code.google.com/p/cryptsetup/wiki/DMCrypt */
 static char *get_dm_crypt_params(struct crypt_dm_active_device *dmd)
 {
@@ -820,7 +805,7 @@ static int _dm_query_verity(uint32_t get_flags,
 	struct crypt_params_verity *vp = NULL;
 	uint32_t val32;
 	uint64_t val64;
-	size_t len;
+	ssize_t len;
 	char *str, *str2;
 
 	if (get_flags & DM_ACTIVE_VERITY_PARAMS)
@@ -895,29 +880,31 @@ static int _dm_query_verity(uint32_t get_flags,
 	str = strsep(&params, " ");
 	if (!params)
 		return -EINVAL;
-	len = strlen(str) / 2;
+	len = crypt_hex_to_bytes(str, &str2, 0);
+	if (len < 0)
+		return len;
 	dmd->u.verity.root_hash_size = len;
-	if (get_flags & DM_ACTIVE_VERITY_ROOT_HASH) {
-		if (!(str2 = malloc(len)))
-			return -ENOMEM;
-		if (hex_to_bytes(str, str2) != len)
-			return -EINVAL;
+	if (get_flags & DM_ACTIVE_VERITY_ROOT_HASH)
 		dmd->u.verity.root_hash = str2;
-	}
+	else
+		free(str2);
 
 	/* salt */
 	str = strsep(&params, " ");
 	if (params)
 		return -EINVAL;
 	if (vp) {
-		len = strlen(str) / 2;
+		if (!strcmp(str, "-")) {
+			vp->salt_size = 0;
+			vp->salt = NULL;
+		} else {
+			len = crypt_hex_to_bytes(str, &str2, 0);
+			if (len < 0)
+				return len;
 			vp->salt_size = len;
-		if (!(str2 = malloc(len)))
-			return -ENOMEM;
-		if (hex_to_bytes(str, str2) != len)
-			return -EINVAL;
 			vp->salt = str2;
 		}
+	}
 
 	return 0;
 }

lib/utils_crypt.c

@@ -397,3 +397,29 @@ out_err:
 		crypt_safe_free(pass);
 	return r;
 }
+
+ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc)
+{
+	char buf[3] = "xx\0", *endp, *bytes;
+	size_t i, len;
+
+	len = strlen(hex);
+	if (len % 2)
+		return -EINVAL;
+	len /= 2;
+
+	bytes = safe_alloc ? crypt_safe_alloc(len) : malloc(len);
+	if (!bytes)
+		return -ENOMEM;
+
+	for (i = 0; i < len; i++) {
+		memcpy(buf, &hex[i * 2], 2);
+		bytes[i] = strtoul(buf, &endp, 16);
+		if (endp != &buf[2]) {
+			safe_alloc ? crypt_safe_free(bytes) : free(bytes);
+			return -EINVAL;
+		}
+	}
+	*result = bytes;
+	return i;
+}

lib/utils_crypt.h

@@ -43,4 +43,6 @@ void *crypt_safe_alloc(size_t size);
 void crypt_safe_free(void *data);
 void *crypt_safe_realloc(void *data, size_t size);
 
+ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc);
+
 #endif /* _UTILS_CRYPT_H */

po/POTFILES.in

@@ -16,3 +16,4 @@ lib/verity/verity.c
 lib/verity/verity_hash.c
 src/cryptsetup.c
 src/veritysetup.c
+src/cryptsetup_reencrypt.c

src/Makefile.am

@@ -41,6 +41,7 @@ endif
 if VERITYSETUP
 
 veritysetup_SOURCES = \
+	$(top_builddir)/lib/utils_crypt.c	\
 	$(top_builddir)/lib/utils_loop.c	\
 	veritysetup.c				\
 	cryptsetup.h

src/cryptsetup.h

@@ -31,6 +31,8 @@
 
 #include "libcryptsetup.h"
 
+#define CONST_CAST(x) (x)(uintptr_t)
+
 #define DEFAULT_CIPHER(type)	(DEFAULT_##type##_CIPHER "-" DEFAULT_##type##_MODE)
 
 #define log_dbg(x...) clogger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)

src/veritysetup.c

@@ -50,31 +50,6 @@ static int opt_version_mode = 0;
 static const char **action_argv;
 static int action_argc;
 
-static size_t hex_to_bytes(const char *hex, char **result)
-{
-	char buf[3] = "xx\0", *endp, *bytes;
-	size_t i, len;
-
-	len = strlen(hex);
-	if (len % 2)
-		return -EINVAL;
-	len /= 2;
-
-	if (!(bytes = malloc(len)))
-		return -ENOMEM;
-
-	for (i = 0; i < len; i++) {
-		memcpy(buf, &hex[i * 2], 2);
-		bytes[i] = strtoul(buf, &endp, 16);
-		if (endp != &buf[2]) {
-			free(bytes);
-			return -EINVAL;
-		}
-	}
-	*result = bytes;
-	return i;
-}
-
 __attribute__((format(printf, 5, 6)))
 static void clogger(struct crypt_device *cd, int level, const char *file,
 		   int line, const char *format, ...)
@@ -138,7 +113,7 @@ static int _prepare_format(struct crypt_params_verity *params,
 		params->salt_size = 0;
 		params->salt = NULL;
 	} else if (salt_string) {
-		len = hex_to_bytes(salt_string, &salt);
+		len = crypt_hex_to_bytes(salt_string, &salt, 0);
 		if (len < 0) {
 			log_err(_("Invalid salt string specified.\n"));
 			return -EINVAL;
@@ -182,7 +157,7 @@ static int action_format(int arg)
 		crypt_dump(cd);
 out:
 	crypt_free(cd);
-	free((char*)params.salt);
+	free(CONST_CAST(char*)params.salt);
 	return r;
 }
 
@@ -196,7 +171,7 @@ static int _activate(const char *dm_device,
 	struct crypt_params_verity params = {};
 	uint32_t activate_flags = CRYPT_ACTIVATE_READONLY;
 	char *root_hash_bytes = NULL;
-	size_t hash_size;
+	ssize_t hash_size;
 	int r;
 
 	if ((r = crypt_init(&cd, hash_device)))
@@ -219,7 +194,7 @@ static int _activate(const char *dm_device,
 		goto out;
 
 	hash_size = crypt_get_volume_key_size(cd);
-	if (hex_to_bytes(root_hash, &root_hash_bytes) != hash_size) {
+	if (crypt_hex_to_bytes(root_hash, &root_hash_bytes, 0) != hash_size) {
 		log_err(_("Invalid root hash string specified.\n"));
 		r = -EINVAL;
 		goto out;
@@ -231,7 +206,7 @@ static int _activate(const char *dm_device,
 out:
 	crypt_free(cd);
 	free(root_hash_bytes);
-	free((char*)params.salt);
+	free(CONST_CAST(char*)params.salt);
 	return r;
 }
 

tests/Makefile.am

@@ -1,5 +1,8 @@
-TESTS = api-test compat-test loopaes-test align-test discards-test mode-test password-hash-test \
-	verity-compat-test
+TESTS = api-test compat-test loopaes-test align-test discards-test mode-test password-hash-test
+
+if VERITYSETUP
+TESTS += verity-compat-test
+endif
 
 if REENCRYPT
 TESTS += reencryption-compat-test