[client] --key-gen bug fix to print keys to stdout

client/config_init.c

@@ -1360,6 +1360,9 @@ validate_options(fko_cli_options_t *options)
     if(options->use_hmac && options->hmac_type == FKO_HMAC_UNKNOWN)
         options->hmac_type = FKO_DEFAULT_HMAC_MODE;
 
+    if(options->key_gen && options->hmac_type == FKO_HMAC_UNKNOWN)
+        options->hmac_type = FKO_DEFAULT_HMAC_MODE;
+
     return;
 }
 
@@ -1491,7 +1494,7 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                 strlcpy(options->get_key_file, optarg, sizeof(options->get_key_file));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_KEY_FILE);
                 break;
-            case GET_HMAC_KEY: 
+            case GET_HMAC_KEY:
                 strlcpy(options->get_hmac_key_file, optarg,
                     sizeof(options->get_hmac_key_file));
                 options->use_hmac = 1;

client/fwknop.c

@@ -205,10 +205,19 @@ main(int argc, char **argv)
     */
     if(options.key_gen)
     {
-        fko_key_gen(options.key_base64, options.key_len,
+        memset(options.key_base64, 0x00, MAX_B64_KEY_LEN+1);
+        memset(options.hmac_key_base64, 0x00, MAX_B64_KEY_LEN+1);
+
+        res = fko_key_gen(options.key_base64, options.key_len,
                 options.hmac_key_base64, options.hmac_key_len,
                 options.hmac_type);
 
+        if(res != FKO_SUCCESS)
+        {
+            errmsg("fko_key_gen", res);
+            return(EXIT_FAILURE);
+        }
+
         if(options.key_gen_file[0] != '\0')
         {
             if ((key_gen_file_ptr = fopen(options.key_gen_file, "w")) == NULL)

lib/fko_funcs.c

@@ -381,6 +381,7 @@ fko_key_gen(char * const key_base64, const int key_len,
     unsigned char hmac_key[SHA512_BLOCK_LEN];
     int klen      = key_len;
     int hmac_klen = hmac_key_len;
+    int b64_len   = 0;
 
     if(key_len == FKO_DEFAULT_KEY_LEN)
         klen = RIJNDAEL_MAX_KEYSIZE;
@@ -409,8 +410,13 @@ fko_key_gen(char * const key_base64, const int key_len,
     get_random_data(key, klen);
     get_random_data(hmac_key, hmac_klen);
 
-    b64_encode(key, key_base64, klen);
-    b64_encode(hmac_key, hmac_key_base64, hmac_klen);
+    b64_len = b64_encode(key, key_base64, klen);
+    if(b64_len < klen)
+        return(FKO_ERROR_INVALID_DATA);
+
+    b64_len = b64_encode(hmac_key, hmac_key_base64, hmac_klen);
+    if(b64_len < hmac_klen)
+        return(FKO_ERROR_INVALID_DATA);
 
     return(FKO_SUCCESS);
 }

test/test-fwknop.pl

@@ -346,6 +346,7 @@ exit 1 unless GetOptions(
     ### can set the following to "output.last/valgrind-coverage" if
     ### a full test suite run has already been executed with --enable-valgrind
     'valgrind-prev-cov-dir=s' => \$previous_valgrind_coverage_dir,
+    'openssl-path=s'    => \$openssl_path,
     'output-dir=s'      => \$output_dir,
     'diff'              => \$diff_mode,
     'diff-dir1=s'       => \$diff_dir1,
@@ -4307,8 +4308,11 @@ sub key_gen_uniqueness() {
     my %rijndael_keys = ();
     my %hmac_keys     = ();
 
+    my $rv = 1;
+
     ### collect key information
     my $found_dup = 0;
+
     for (my $i=0; $i < $uniq_keys; $i++) {
         open CMD, "$test_hr->{'cmdline'} | " or die $!;
         while (<CMD>) {
@@ -4324,7 +4328,12 @@ sub key_gen_uniqueness() {
         last if $found_dup;
     }
 
-    return ! $found_dup;
+    $rv = 0 if $found_dup;
+
+    $rv = 0 unless keys %rijndael_keys == $uniq_keys;
+    $rv = 0 unless keys %hmac_keys == $uniq_keys;
+
+    return $rv;
 }
 
 ### check for PIE
@@ -5062,11 +5071,11 @@ sub init() {
     }
 
     if ($enable_openssl_compatibility_tests) {
-        $openssl_path = &find_command('openssl');
+        $openssl_path = &find_command('openssl') unless $openssl_path;
         if ($openssl_path) {
             require MIME::Base64;
             MIME::Base64->import(qw(encode_base64 decode_base64));
-            $base64_path = &find_command('base64');
+            $base64_path = &find_command('base64') unless $base64_path;
 
             ### check for hmac openssl support
             &openssl_hmac_style_check();
@@ -5079,7 +5088,7 @@ sub init() {
     }
 
     if ($enable_valgrind) {
-        $valgrind_path = &find_command('valgrind');
+        $valgrind_path = &find_command('valgrind') unless $valgrind_path;
         unless ($valgrind_path) {
             print "[-] --enable-valgrind mode requested ",
                 "but valgrind not found, disabling.\n";
@@ -5123,7 +5132,7 @@ sub init() {
         die "[*] The python test script: $python_script doesn't exist ",
             "or is not executable."
             unless -e $python_script and -x $python_script;
-        $python_path = &find_command('python');
+        $python_path = &find_command('python') unless $python_path;
         unless ($python_path) {
             push @tests_to_exclude, qr/python fko extension/
         }
@@ -5142,16 +5151,16 @@ sub init() {
         push @tests_to_exclude, qr/perl FKO module.*FUZZING/;
     }
 
-    $sudo_path    = &find_command('sudo');
-    $killall_path = &find_command('killall');
-    $pgrep_path   = &find_command('pgrep');
+    $sudo_path    = &find_command('sudo') unless $sudo_path;
+    $killall_path = &find_command('killall') unless $killall_path;
+    $pgrep_path   = &find_command('pgrep') unless $pgrep_path;
 
     unless ((&find_command('cc') or &find_command('gcc')) and &find_command('make')) {
         ### disable compilation checks
         push @tests_to_exclude, qr/recompilation/;
     }
 
-    $gcov_path = &find_command('gcov');
+    $gcov_path = &find_command('gcov') unless $gcov_path;
 
     if ($gcov_path) {
         if ($enable_profile_coverage_check) {

test/tests/rijndael.pl

@@ -325,7 +325,8 @@
         'function' => \&generic_exec,
         'cmdline'  => "LD_LIBRARY_PATH=$lib_dir " .
             "$valgrind_str $fwknopCmd --key-gen",
-        'positive_output_matches' => [qr/BASE64/, qw/HMAC/, qw/KEY/],
+        'positive_output_matches' => [qr/^KEY_BASE64\:?\s\S{10}/,
+            qw/HMAC_KEY_BASE64\:?\s\S{10}/],
         'fatal'    => $NO
     },
     {