commit 33d1522db4155fbc9e2e737c6c4ceb508cf4b5e763588336952ffd260896d6a8 Author: Adrian Schröter Date: Fri May 3 15:12:27 2024 +0200 Sync from SUSE:SLFO:Main libkcapi revision 512af85531760fe64568fa2e8b87af7d diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/libkcapi-1.4.0.tar.xz b/libkcapi-1.4.0.tar.xz new file mode 100644 index 0000000..bd7ed7e --- /dev/null +++ b/libkcapi-1.4.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:644b47593b3f27f08add7a8808ccdbe569a2f331d70fb8b52551e57379b917fa +size 333040 diff --git a/libkcapi-1.4.0.tar.xz.asc b/libkcapi-1.4.0.tar.xz.asc new file mode 100644 index 0000000..3014d5a --- /dev/null +++ b/libkcapi-1.4.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAmISvaAACgkQQh7pNjJq +wVv6jggAh7UpchOXZ1THbDZ0PE+YGWSr3Y3qKHMls9ixNn/RDSYxPvyZqc6pIAKQ +zVA6bGtB9kqcSexmrk2EyiUYgi1lo+5HwsfAfHBQaq7vD1S8Q/FYx/XVRv2GQfkj +/E1ivlcdcInlpn+vu+7Hei+H/IXtETh8QPwGwRI1Je84pIt7K4K4VPwWpur0su6E +oF1AFT6ldlMczsoDTCi3eP3rZWKvMmX5718W9F6eKuTkKoIiipCUxdMBy4f6YpDB +1ZmQPHjSgG4URlclQnFiGXYAbMBRHYfguJRl/HjZWSQMigRzqGSdvJR8wrfMeQzr +Bk0z0nGayzHgcC7gPz8CsAMJj5C9eQ== +=OA3o +-----END PGP SIGNATURE----- diff --git a/libkcapi.changes b/libkcapi.changes new file mode 100644 index 0000000..9369894 --- /dev/null +++ b/libkcapi.changes @@ -0,0 +1,229 @@ +------------------------------------------------------------------- +Mon Mar 6 15:17:46 UTC 2023 - Marcus Meissner + +- libkcapi was actually signed by the wrong key (bsc#1207892) + +------------------------------------------------------------------- +Tue Apr 26 12:45:21 UTC 2022 - Marcus Meissner + +- Update to version 1.4.0 + * fix: ensure that LTO is supported (by Simo Sorce) + * fix: add LTO regression testing (by Ondrej Mosnacek) + * enhancement: add sm3sum, sm3hmac tools, add APIs kcapi_md_sm3, kcapi_md_hmac_sm3 + * enhancement: add SM4 convenience functions + * fix: support AEAD encryption of arbitrary size with kcapi-enc +- removed libkcapi-fix-lto.patch (upstream) + +------------------------------------------------------------------- +Tue Apr 26 12:44:40 UTC 2022 - Marcus Meissner + +- use https url + +------------------------------------------------------------------- +Tue Jul 27 08:03:48 UTC 2021 - Andreas Schneider + +- Update to version 1.3.1 + * fix: fix -Wconversion warnings (by Ondrej Mosnacek) + * fix: fix bad data types in _kcapi_common_send_meta (by Ondrej Mosnacek) + * fix: Version symbols to maintain ABI compatibility (by Simo Sorce) + * fix: disable io_getevents on systems that do not support it (by Khem Raj) + * fix: remove prctl PR_SET_DUMPABLE to allow library to be debugged - as the + library does not store any sensitive data in data structures it owns, such + security precautions may not be necessary considering the benefit of + allowing regular debugging + * fix: ensure that sendmsg is always used as fallback when vmsplice cannot be + used + * enhancement: add kcapi_set_maxsplicesize and kcapi_get_maxsplicesize + * enhancement: the variable types are changed from int32_t to ssize_t and + from uint32_t to size_t to match common POSIX and Linux APIs +- Added libkcapi-fix-lto.patch + +------------------------------------------------------------------- +Mon Aug 31 13:30:58 UTC 2020 - Dirk Mueller + +- update to 1.2.0: + * enhancement: kcapi-hasher: add madvise and 64 bit support by Brandur Simonsen + * fix: fix clang warnding in KDF implementation by Khem Raj + * fix: fix inverted logic in kcapi-main test logic reported by Ondrej Mosnáček + * fix: return error when iteration count is zero for PBKDF as reported by + Guido Vranken + * enhancement: add function kcapi_cipher_stream_update_last to indicate the + last block of a symmetric cipher stream operation + * disable XTS multithreaded tests as it triggers a race discussed in + https://github.com/smuellerDD/libkcapi/issues/92. The conclusion is + the following: xts(aes) doesn't support chaining requests like for other + ciphers such as CBC (at least as implemented in the kernel Crypto API). + That can be seen in `crypto/testmgr.h` - the ciphers that are expected to + return IVs usable for chaining have the `.iv_out` entries filled in in their + test vectors (and those that don't support it do not). One can see that only + CTR and CBC test vectors have them, not XTS. + Looking again at how XTS is defined, it seems one could implement + transparent chaining by simply decrypting the final tweak using the tweak + key and return it as the output IV... but I believe this has never been + mandated nor implemented in the Crypto API (likely because of the overhead + of the final tweak decryption, which would be pointless if you're not going + to use the output IV - and there is currently no way to signal to the driver + that you are going to need it). + * disable AIO parallel tests due to undefined behavior + +------------------------------------------------------------------- +Wed Jan 8 07:23:22 UTC 2020 - Marcus Meissner + +- updated to 1.1.5: + - Fix invocation of ansi_cprng in FIPS mode during testing + - Fix testing on kernels >= 5.0 + - Add virtualization test for kernel 5.1 + - Fix the limit between vmsplice() and sendmsg() by Christophe Leroy + - Fix remove code duplication by Ondrej Mosnáček + - Fix potential memleak in speed-test +- updated to 1.1.4: + - Fix: use sendmsg when processing more than 1<<16 bytes input data which improves performance on some architectures +- updated to 1.1.3: + - Fix: default location of FIPS 140-2 HMAC control file is ..hmac (was accidentally moved to .hmac with 1.1.0) +- updated to 1.1.2: + - Fix: Bug fixes for GCC 8.1.0 regarding string length checks by Krzysztof Kozlowski + - Enhancement: ensure that tests execute on architectures other than X86 by Ondrej Mosnáček + - Fix: Bug fix to initialize FDs at the correct time in kcapi-kernel-if.c by Ondrej Mosnáček + - Test fix: Support test execution outside build environment by Ondrej Mosnáček +- updated to 1.1.1: + - Fix: Bug fixes for kcapi_hasher by Ondrej Mosnáček +- updated to 1.1.0: + - API Enhancement: Addition of kcapi_handle_reinit + - Fix: simplify code by removing the internal *_fd functions from kcapi-kernel-if.c + - Test enhancement: add IIV speed testing + - Fix: add a loop around the read system call to always obtain all generated data + - Fix: use host compiler for compiling docproc (reported by Christophe LEROY, fixed by Björn Esser) + - Fix: make error handling of hashing applications consistent with coreutils applications (reported by Christophe LEROY) + - Fix: support for zero length files (patched by Ondrej Mosnáček) + - Fix: support for zero message hashes on kernels <= 4.9 (patched by Ondrej Mosnáček) + - Fix: Add Travis CI test system provided by Ondrej Mosnáček + - Fix: Add several fixes to kcapi-hasher by Ondrej Mosnáček + - Fix: Add additional tests for kcapi-hasher by Ondrej Mosnáček + - Fix: Apply unpadding only to last block of data by Ondrej Mosnáček + - Fix: Fix resource leaks in error code paths suggested by Ondrej Mosnáček + - Enhancement: achieve hmaccalc CLI equivalence by Ondrej Mosnáček +- updated to 1.0.3: + - Fix: support STDIN and --tag of sha*sum applications + - Enhancement: Add small enhancements to support integration with distros -- reported by Björn Esser +- updated to 1.0.2: + - Fix: hasher-test.sh on 32-bit systems + - Fix: AIO return code handling on large number of requests -- reported by Jonathan Cameron + - Enhancement: disable coredumps of library + - Fix: remove unchecked -fstack-protector-strong from Makefile -- reported by Mathieu Malaterre + - Fix: document that kcapi_cipher_stream_op must be called in a loop to collect all data in a multhreaded environment. + - Test Fix: Update symmetric multithreaded stream test to invoke kcapi_cipher_stream_op in a loop to collect all data. + - Fix: Initialize the cipher handle on stack with zeros as the library expects a zero-initialized cipher handle. This fixes a possible segfault where free() is called on a non-initialized memory location. + - Fix: port algif_kpp and algif_akcipher to 4.15-rc3 +- updated to 1.0.1: + - Fix: constify AEAD cipher input data + - Fix: use GCC byte swapping acceleration if present + - Fix: KDF counter handling on little endian systems when generating more than 255 blocks + - Use LD_PRELOAD for execution of test cases to force using of the freshly compiled binaries + - Fix: return code handling of _kcapi_common_vmsplice_chunk_fd as reported by Christophe Leroy + - Fix: return code handling in _kcapi_md_update + - Fix: kcapi-hasher now supports files larger than 2GB + - Fix: kcapi-dgst now supports files larger than 2GB + - Fix: use stack protector + - Fix: rename header guards to remove leading underscore as pointed out by Markus Elfring + - Test Fix: Allow compiing the test code without asymmetric and KPP support +- updated to 1.0.0: + - Fix: Small compile fixes for new checks of GCC 7 + - API Change: Rename all LOG_* enums to KCAPI_LOG_* to prevent namespace poisoning + - Fix: soname and file name of library now compiles with conventions (thanks to Marcus Meissner) + - Fix: kcapi-rng.c: unify FD/syscall read code and fix __NR_getrandom resolution + - Enhancement: add kcapi-enc application to access symmetric encryption on command line + - Fix: consolidate duplicate code in kcapi-hasher + - Enhancement: add kcapi-dgst application to access hashes on command line + - Enhancement: add kcapi-rng man page + - Enhancement: add kcapi-rng --hex command line option + - Fix: enable full symmetric AIO support + - Fix: consolidate all test code into test/ and invoke all tests with test-invocation.sh + - Fix: fix memleaks in error code paths as reported by clang + - Fix: reduce memory footprint by rearranging data structures + - Fix: kcapi-hasher is now fully FIPS 140-2 compliant as it now includes the integrity test for libkcapi.so + - Enhancement: Add speed tests for MV-CESA accelerated ciphers and hash algorithms (thanks to Bastian Stender) + - Test Enhancement: add kcapi-enc-test-large.c test testing edge conditions of AF_ALG + - Test Enhancement: add virttest.sh - use of test system based on eudyptula-boot to test on linux-4.3.6, linux-4.4.86, linux-4.5, linux-4.7, linux-4.10, linux-4.12 + - Test Enhancement: add kcapi-fuzz-test.sh to support fuzzing the AF_ALG interfaces + - Enhancement: add RPM SPEC file (tested with Fedora 26) + - API Change: replace --disable-lib-asym with --enable-lib-asym as the algif_akcipher.c kernel interface is not likely to be added to the kernel anytime soon + - API Enhancement: add KPP API which is not compiled by default, use --enable-lib-kpp (the algif_kpp.c kernel interface is not likely to be added to the Linux kernel any time soon) + - Test Enhancement: Add KPP tests + - Enhancement: Re-enable AIO support for symmetric and AEAD ciphers down to Linux kernels 4.1 and 4.7, respectively. This is due to integrating a fix against a kernel crash when using AIO. + - Fix: simply KDF code base + - API Enhancement: add message digest convenience functions kcapi_md_*sha* + - API Enhancement: add cipher convenience functions kcapi_cipher_*_aes_* + - API Enhancement: add rng convenience function kcapi_rng_get_bytes + - API Change: remove kcapi_aead_getdata, use kcapi_aead_getdata_input and kcapi_aead_getdata_output instead + - API Change: remove kcapi_aead_outbuflen, use kcapi_aead_outbuflen_enc and kcapi_aead_outbuflen_dec instead +- updated to 0.14.0: + - AIO: fix tracking of completed IOCBs + - speed-test: fix AEAD handling + - speed-test: fix time calculation + - compiler now warns a user of deprecated API calls + - AIO: handle kernel errors for algif_skcipher gracefully + - AIO: using multiple IOCB if algif_aead interface supports it + - ASYM: add PKCS1 tests + - AIO: add ASYM AIO support + - AIO: fix AEAD AIO fallback + - AIO: add AIO fallback testing + - replace enforcement of symmetric cipher limits with a log message only (the underlying kernel implementations should catch any errors) + - add fuzzing tests + - use autotools build system as provided by Georges Savoundararadj with additional considerations from Marcin Nowakowski (thanks a lot) + - ALG_MAX_PAGES restriction is gone with current AF_ALG interface + - add HKDF (RFC5869) + - add apps/kcapi-rng + - add support for multiple accepts where the caller maintains the opfd + - fix memleak in error case in PBKDF + - add multithreaded symmetric cipher tests + - enable full AIO support for kernels 4.13 and higher (fallback AIO implementation using synchronous support for earlier kernels) -- this is due to the broken AIO support for earlier kernels + - Add tests for the AAD copy operation to be supported for kernel 4.13 +- dropped libkcapi-use-external-fipshmac.patch (done differently in upstream) +- dropped reproduciblesort.patch (done differently upstream) +- dropped reproducibledate.patch: merged upstream +- libkcapi.keyring imported + +------------------------------------------------------------------- +Thu Dec 5 10:10:41 UTC 2019 - Martin Liška + +- Use %make_build and respect %optflags. + +------------------------------------------------------------------- +Fri Sep 27 16:40:49 UTC 2019 - Stefan Brüns + +- Remove docbook-utils BuildRequires, xmlto is sufficient +- Spec file cleanup, use license macro, drop defattr, drop BuildRoot + +------------------------------------------------------------------- +Wed Jul 12 14:51:26 UTC 2017 - meissner@suse.com + +- Change the signing to use openssl sha256/sha512 directly, to + avoid fipscheck / hmaccalc. + +------------------------------------------------------------------- +Sat Jul 8 14:04:41 UTC 2017 - bwiedemann@suse.com + +- Add reproduciblesort.patch to always link .o files in the same order and +- Add reproducibledate.patch to not add current time to man-pages to fix build-compare + +------------------------------------------------------------------- +Thu Jun 29 08:13:54 UTC 2017 - meissner@suse.com + +- libkcapi-use-external-fipshmac.patch: use external fipshmac, + our chroots / vm builds do not necessarily have the right kernel. + +------------------------------------------------------------------- +Wed Jun 28 08:03:30 UTC 2017 - jengelh@inai.de + +- Compact descriptions a bit +- Remove libkcapi provide/requires +- Use %_libdir throughout and avoid /lib + +------------------------------------------------------------------- +Thu Dec 22 14:03:43 UTC 2016 - abergmann@suse.com + +- Initial release 0.13.0. + + A library and tools to access the kernel crypto api. + + FATE#323554 bsc#1045948 diff --git a/libkcapi.keyring b/libkcapi.keyring new file mode 100644 index 0000000..83bdec9 --- /dev/null +++ b/libkcapi.keyring @@ -0,0 +1,58 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFqo+vgBCACp9hezmvJ4eeZv4PkyoMxGpXHN4Ox2+aofXxMv/yQ6oyZ69xu0 +U0yFcEcSWbe4qhxB+nlOvSBRJ8ohEU3hlGLrAKJwltHVzeO6nCby/T57b6SITCbc +nZGIgKwX4CrJYmfQ4svvMGNDOORPk6SFkK7hhe1cWJb+Gc5czw3wy7By5c1Otlnb +mGB4k5+p7Mbi+rui/vLTKv7FKY5t2CpQoOxptxFc/yq9sMdBnsjvhcCHcl1kpnQP +TMppztWMj4Nkkd+Trvpym0WZ1px6+3kxhMn6LNYytHTCmf/qyf1+1/PIpyEXvx66 +hxeN+fN/7R+0iYCisv3JTtfNkCV3QjGdKqT3ABEBAAG0HVN0ZXBoYW4gTXVlbGxl +ciA8c21AZXBlcm0uZGU+iQFOBBMBCAA4FiEEO8xD1NLIfReEtp7kQh7pNjJqwVsF +Alqo/M8CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQQh7pNjJqwVsV8gf+ +OcAaiSqhn0mYkfC7Fe48n9InAkHiSQ/T7eN+wWYLYMWGG0N2z5gBnNfdc4oFVL+n +gye4C3bm98Iu7WnSl0CTOe1pKGFJg3Y7YzSa5/FzS9nKsg6iXpNWL5nSYyz8T9Q0 +KGKNlAiyQEGkt8y05m8hNsvqkgDb923/RFfUYX4mTUXJ1vk/6SFCA/72JQN7PpwM +gGir7FNybuuDUuDLDgQ+BZHhJlW91XE2nwxUo9IrJ2FeT8GgFKzX8A//peRZTSSe +atJBr0HRKfTrKYw3lf897sddUjyQU1nDYv9EMLBvkzuE+gwUakt2rOcpR+4Fn5jk +QbN4vpfGPnybMAMMxW6GIrQfU3RlcGhhbiBNdWVsbGVyIDxzbUBjaHJvbm94LmRl +PokBTgQTAQgAOBYhBDvMQ9TSyH0XhLae5EIe6TYyasFbBQJaqPzEAhsDBQsJCAcC +BhUKCQgLAgQWAgMBAh4BAheAAAoJEEIe6TYyasFbsqUH/2euuyRj8b1xuapmrNUu +U4atn9FN6XE1cGzXYPHNEUGBiMkInPwZ/PFurrni7S22cMN+IuqmQzLo40izSjXh +RJAa165GoJSrtf7S6iwry/k1S9nY2Vc/dxW6qnFq7mJLAs0JWHOfhRe1caMb7P95 +B+O5B35023zYr9ApdQ4+Lyk+xx1+i++EOxbTJVqLZEF1EGmOWh3ERcGyT05+1LQ8 +4yDSCUxZVZFrbA2Mtg8cdyvu68urvKiOCHzDH/xRRhFxUz0+dCOGBFSgSfKI9cgS +009BdH3Zyg795QV6wfhNas4PaNPN5ArMAvgPH1BxtkgyMjUSyLQQDrmuqHnLzExE +QfG0JVN0ZXBoYW4gTXVlbGxlciA8c211ZWxsZXJAY2hyb25veC5kZT6JAU4EEwEI +ADgWIQQ7zEPU0sh9F4S2nuRCHuk2MmrBWwUCWqj6+AIbAwULCQgHAgYVCgkICwIE +FgIDAQIeAQIXgAAKCRBCHuk2MmrBWxVrB/wKYSuURgwKs2pJ2kmLIp34StoreNqe +6cdIF7f7e8o7NaT528hFAVuDSTUyjXO+idbC0P+zu9y2SZfQhc4xbD+Zf0QngX7/ +sqIWVeiXJa6uR/qrtJF7OBEvlGkxcAwkC0d/Ts68ps4QbZ7s5qWBJJY4LmnytqvX +Gb63/fOTwImYiY3tKCOSCM2YQRFt6BO71t8tu/4NLk0KSW9OHa9nfcDqI18aVylG +Mu5zNjYqjJpT/be1UpyZo6I/7p0yAQfGJ5YBiN4S264mdFN7jOvxZE3NKXhL4QMt +34hOSWPOpW8ZGEo1hKjEdHFvYowPpcoOFicP+zvxdpMtUTEkppREN2a+uQENBFqo ++vgBCACiLHsDAX7C0l0sB8DhVvTDpC2CyaeuNW9GZ1Qqkenh3Y5KnYnh5Gg5b0ju +bSkauJ75YEOsOeClWuebL3i76kARC8Gfo727wSLvfIAcWhO1ws6j1Utc8s1HNO0+ +vcGC9EEkn7LzO5piEUPkentjrSF7clPsXziW4IJq/z3DYZQkVPk7PSw6r0jXWR/p +6sj4aXxslIiDgFJZyopki7Sl2805JYcvKKC6OWTyPHJMlnu9dNxJviAentAUwzHx +NqmvYjlkqBr/sFnjC9kydElecVm4YQh3TC6yt5h49AslAVlFYfwQwcio1LNWyScl +WHbDZhcVZJZZi4++gpFmmg1AjyfLABEBAAGJATYEGAEIACAWIQQ7zEPU0sh9F4S2 +nuRCHuk2MmrBWwUCWqj6+AIbIAAKCRBCHuk2MmrBWxPCCACQGQu5eOcH9qsqSOO6 +4n+xUX7PG96S8s2JolN3Ft2YWKUzjVHLu5jxznmDwx+GJ3P7thrzW+V5XdDcXgSA +XW793TaJ/XMM0jEG+jgvuhE65JfWCK+8sumrO24M1KnVQigxrMpG5FT7ndpBRGbs +059QSqoMVN4x2dvaP81/+u0sQQ2EGrhPFB2aOA3s7bbWy8xGVIPLcCqByPLbxbHz +aU/dkiutSaYqmzdgrTdcuESSbK4qEv3g1i2Bw5kdqeY9mM96SUL8cGUokqFtVP7b +2mSfm51iNqlO3nsfwpRnl/IlRPThWLhM7/qr49GdWYfQsK4hbw0fo09QFCXN53MP +LhLwuQENBFqo+vgBCAClaPqyK/PUbf7wxTfu3ZBAgaszL98Uf1UHTekRNdYO7FP1 +dWWT4SebIgL8wwtWZEqI1pydyvk6DoNF6CfRFq1lCo9QA4Rms7Qx3cdXu1G47ZtQ +vOqxvO4SPvi7lg3PgnuiHDUSTwo5a8+ojxbLzs5xExbx4RDGtykBoaOoLYeenn92 +AQ//gN6wCDjEjwP2u39xkWXlokZGrwn3ytFE20rUTNCSLxdmoCr1faHzKmvql95w +mA7ahg5s2vM9/95W4G71lJhy2crkZIAH0fx3iOUbDmlZ3T3UvoLuyMToUyaQv5lo +0lV2KJOBGhjnAfmykHsxQu0RygiNwvO3TGjpaeB5ABEBAAGJATYEGAEIACAWIQQ7 +zEPU0sh9F4S2nuRCHuk2MmrBWwUCWqj6+AIbDAAKCRBCHuk2MmrBW5Y4B/oCLcRZ +yN0ETep2JK5CplZHHRN27DhL4KfnahZv872vq3c83hXDDIkCm/0/uDElso+cavce +g5pIsoP2bvEeSJjGMJ5PVdCYOx6r/Fv/tkr46muOvaLdgnphv/CIA+IRykwyzXe3 +bsucHC4a1fnSoTMnV1XhsIh8zWTINVVO8+qdNEv3ix2nP5yArexUGzmJV0HIkKm5 +9wCLz4FpWR+QZru0i8kJNuFrdnDIP0wxDjiVBifPhiegBv+/z2DOj8D9EI48Kagd +QP7MY7q/u1n3+pGTwa+F1hoGo5IOU5MnwVv7UHiW1MSNQ2/kBFBHm+xdudNab2U0 +OpfqrWerOw3WcGd2 +=b9/d +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libkcapi.spec b/libkcapi.spec new file mode 100644 index 0000000..e21d4ea --- /dev/null +++ b/libkcapi.spec @@ -0,0 +1,163 @@ +# +# spec file for package libkcapi +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: libkcapi +Version: 1.4.0 +Release: 0 +Summary: Linux Kernel Crypto API User Space Interface Library +License: GPL-2.0-only +Group: Productivity/Security +URL: https://www.chronox.de/libkcapi.html +Source: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz +Source1: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz.asc +Source2: libkcapi.keyring +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: openssl +BuildRequires: xmlto + +%description +libkcapi exports APIs so that developers need not consider the low-level +Netlink interface handling that is used for accesing the Linux kernel crypto +API. + +%package -n libkcapi1 +Summary: Linux Kernel Crypto API User Space Interface Library +Group: System/Libraries + +%description -n libkcapi1 +libkcapi allows user-space to access the Linux kernel crypto API. + +%package devel +Summary: Linux Kernel Crypto API User Space Interface Library +Group: Development/Languages/C and C++ +Requires: libkcapi1 = %{version} + +%description devel +libkcapi exports APIs so that developers need not consider the low-level +Netlink interface handling that is used for accesing the Linux kernel crypto +API. + +The library does not implement any cipher algorithms. All consumer requests are +sent to the kernel for processing. Results from the kernel crypto API are +returned to the consumer via the library API. + +The kernel interface and therefore this library can be used by unprivileged +processes. + +This library does not perform any memcpy for processing the cryptographic data! +The library uses scatter / gather lists to eliminate the need for moving data +around in memory. + +%package tools +Summary: Linux Kernel Crypto API User Space Tools +Group: Development/Tools/Other + +%description tools +libkcapi user space tools to access certain hash algorithms. + +%prep +%autosetup -p1 + +%build +autoreconf -i +%configure \ + --disable-static \ + --enable-kcapi-test \ + --enable-kcapi-speed \ + --enable-kcapi-hasher \ + --enable-kcapi-rngapp \ + --enable-kcapi-encapp \ + --enable-kcapi-dgstapp + +make %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/%{_libexecdir}/libkcapi/ %{?_smp_mflags} +rm %{buildroot}/%_libdir/libkcapi.la + +mkdir -p %{buildroot}/%{_libexecdir}/libkcapi/ +mv %{buildroot}/usr/bin/* %{buildroot}/%{_libexecdir}/libkcapi/ +mv %{buildroot}/usr/bin/.??* %{buildroot}/%{_libexecdir}/libkcapi/ + +# Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.fipscheck.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.fipshmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha1sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha256sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha384sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha512sum.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha1hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha256hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha384hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha512hmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libdir/libkcapi.so|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libdir/libkcapi.so.1|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.1.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_libdir/libkcapi.so.%version|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.%version.hmac \ + %{nil} + +%post -n libkcapi1 -p /sbin/ldconfig + +%postun -n libkcapi1 -p /sbin/ldconfig + +%files -n libkcapi1 +%license COPYING +%doc CHANGES.md +%{_libdir}/libkcapi.so.1.* +%{_libdir}/libkcapi.so.1 +%{_libdir}/.libkcapi.so.1* + +%files devel +%{_includedir}/kcapi.h +%{_mandir}/man3/* +%{_libdir}/libkcapi.so +%{_libdir}/.libkcapi.so.hmac +%{_libdir}/pkgconfig/libkcapi.pc + +%files tools +%dir %{_libexecdir}/libkcapi +%{_libexecdir}/libkcapi/*sum* +%{_libexecdir}/libkcapi/*hmac* +%{_libexecdir}/libkcapi/.*.hmac +%{_libexecdir}/libkcapi/kcapi +%{_libexecdir}/libkcapi/kcapi-convenience +%{_libexecdir}/libkcapi/compile-test.sh +%{_libexecdir}/libkcapi/hasher-test.sh +%{_libexecdir}/libkcapi/kcapi-convenience.sh +%{_libexecdir}/libkcapi/kcapi-dgst-test.sh +%{_libexecdir}/libkcapi/kcapi-enc-test-large +%{_libexecdir}/libkcapi/kcapi-enc-test-large.sh +%{_libexecdir}/libkcapi/kcapi-enc-test.sh +%{_libexecdir}/libkcapi/kcapi-fuzz-test.sh +%{_libexecdir}/libkcapi/fipscheck +%{_libexecdir}/libkcapi/kcapi-dgst +%{_libexecdir}/libkcapi/kcapi-enc +%{_libexecdir}/libkcapi/kcapi-rng +%{_libexecdir}/libkcapi/kcapi-speed +%{_libexecdir}/libkcapi/libtest.sh +%{_libexecdir}/libkcapi/test-invocation.sh +%{_libexecdir}/libkcapi/test.sh +%{_libexecdir}/libkcapi/virttest.sh +%{_mandir}/man1/kcapi* + +%changelog