Accepting request 831601 from security

- update to 1.2.0:
 * enhancement: kcapi-hasher: add madvise and 64 bit support by Brandur Simonsen
 * fix: fix clang warnding in KDF implementation by Khem Raj
 * fix: fix inverted logic in kcapi-main test logic reported by Ondrej Mosnáček
 * fix: return error when iteration count is zero for PBKDF as reported by
   Guido Vranken
 * enhancement: add function kcapi_cipher_stream_update_last to indicate the
   last block of a symmetric cipher stream operation
 * disable XTS multithreaded tests as it triggers a race discussed in
   https://github.com/smuellerDD/libkcapi/issues/92. The conclusion is
   the following: xts(aes) doesn't support chaining requests like for other
   ciphers such as CBC (at least as implemented in the kernel Crypto API).
   That can be seen in `crypto/testmgr.h` - the ciphers that are expected to
   return IVs usable for chaining have the `.iv_out` entries filled in in their
   test vectors (and those that don't support it do not). One can see that only
   CTR and CBC test vectors have them, not XTS.
   Looking again at how XTS is defined, it seems one could implement
   transparent chaining by simply decrypting the final tweak using the tweak
   key and return it as the output IV... but I believe this has never been
   mandated nor implemented in the Crypto API (likely because of the overhead
   of the final tweak decryption, which would be pointless if you're not going
   to use the output IV - and there is currently no way to signal to the driver
   that you are going to need it).
 * disable AIO parallel tests due to undefined behavior (forwarded request 830821 from dirkmueller)

OBS-URL: https://build.opensuse.org/request/show/831601
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libkcapi?expand=0&rev=7
This commit is contained in:
Dominique Leuenberger 2020-09-06 19:35:12 +00:00 committed by Git OBS Bridge
commit 9ab23e5aad
6 changed files with 43 additions and 15 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8a08dcbb4d05ede4357cdc9d61c7f2a7f2cd96b7ce2eb41b28e45b2e378267ad
size 320016

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAl1BSvEACgkQQh7pNjJq
wVtOogf/UzYn7DUB4x0QQxODtaVbXrZ5FfFWDpKJxCVXWI64VK1kF6SSm+qD305h
Dj0lA7+TpIKhwKlc4kofaLjW/yeUPEoZCBjFSTeLc+A/7XP5m1Xqnz6fuH2lZwRK
o1p8ICPj9bOW9rj2K59pdHVTdXW1fj5sJOi25n9fLf5PcaPMxoawHG4l18tp7qNd
XXrqcfeSe+IF3Z4MJQee4lnsQE37wOJC8lanNDMXs7XZJ4RGUrJWfMWzVhVbh+D4
n6Ow6H0ZaJDUksSh6faKBwAlo+c9J2CRe80+EIiAcYCKzQOH6ylnhdU1qKVD/kNK
7XMwTY3intV9FP3mhM/RPSLSOw7NLA==
=UN86
-----END PGP SIGNATURE-----

3
libkcapi-1.2.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:782430512195f146e0e16e6bb689d9a7e61387afcfedc4340c433284b8b66049
size 318948

11
libkcapi-1.2.0.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAl7K1MMACgkQQh7pNjJq
wVueDgf/SEJfcgYYYcnND38nawuTXequkiq5TrhAb7AY/kx6LDQzXLRHlqLvjppV
QMUQyiiLypo+NF/qrsLhyGi2IwRePaieLfXTZWcE4eO/sqss9CbYsUtk7bcByFvG
YEDjTYooZU4NYx3WtpwegKF+ImBLmadDDbfkcGWcmNG5EEnh1Rtw0agg/5BxCxKy
F5aEdXWs/mU6CxgDi2EFT+8FAD2Lv80Kpn0qWAVWb03IbtzvAZ36CzP4lEywDqV2
lZq3hZeOvBecjmGDFthMNB0CfknCHdPYvEhXuR6cSiYrmY3heUeS6Py1cPosab3A
xDePoFm3iYY4nALhCWOfp2/vPhZtgw==
=ZgIv
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Mon Aug 31 13:30:58 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 1.2.0:
* enhancement: kcapi-hasher: add madvise and 64 bit support by Brandur Simonsen
* fix: fix clang warnding in KDF implementation by Khem Raj
* fix: fix inverted logic in kcapi-main test logic reported by Ondrej Mosnáček
* fix: return error when iteration count is zero for PBKDF as reported by
Guido Vranken
* enhancement: add function kcapi_cipher_stream_update_last to indicate the
last block of a symmetric cipher stream operation
* disable XTS multithreaded tests as it triggers a race discussed in
https://github.com/smuellerDD/libkcapi/issues/92. The conclusion is
the following: xts(aes) doesn't support chaining requests like for other
ciphers such as CBC (at least as implemented in the kernel Crypto API).
That can be seen in `crypto/testmgr.h` - the ciphers that are expected to
return IVs usable for chaining have the `.iv_out` entries filled in in their
test vectors (and those that don't support it do not). One can see that only
CTR and CBC test vectors have them, not XTS.
Looking again at how XTS is defined, it seems one could implement
transparent chaining by simply decrypting the final tweak using the tweak
key and return it as the output IV... but I believe this has never been
mandated nor implemented in the Crypto API (likely because of the overhead
of the final tweak decryption, which would be pointless if you're not going
to use the output IV - and there is currently no way to signal to the driver
that you are going to need it).
* disable AIO parallel tests due to undefined behavior
-------------------------------------------------------------------
Wed Jan 8 07:23:22 UTC 2020 - Marcus Meissner <meissner@suse.com>

View File

@ -17,7 +17,7 @@
Name: libkcapi
Version: 1.1.5
Version: 1.2.0
Release: 0
Summary: Linux Kernel Crypto API User Space Interface Library
License: GPL-2.0-only