Accepting request 765261 from home:msmeissn:branches:security
- updated to 1.1.5: - Fix invocation of ansi_cprng in FIPS mode during testing - Fix testing on kernels >= 5.0 - Add virtualization test for kernel 5.1 - Fix the limit between vmsplice() and sendmsg() by Christophe Leroy - Fix remove code duplication by Ondrej MosnáÄek - Fix potential memleak in speed-test - updated to 1.1.4: - Fix: use sendmsg when processing more than 1<<16 bytes input data which improves performance on some architectures - updated to 1.1.3: - Fix: default location of FIPS 140-2 HMAC control file is .<orig file>.hmac (was accidentally moved to <orig file>.hmac with 1.1.0) - updated to 1.1.2: - Fix: Bug fixes for GCC 8.1.0 regarding string length checks by Krzysztof Kozlowski - Enhancement: ensure that tests execute on architectures other than X86 by Ondrej MosnáÄek - Fix: Bug fix to initialize FDs at the correct time in kcapi-kernel-if.c by Ondrej MosnáÄek - Test fix: Support test execution outside build environment by Ondrej MosnáÄek - updated to 1.1.1: - Fix: Bug fixes for kcapi_hasher by Ondrej MosnáÄek - updated to 1.1.0: - API Enhancement: Addition of kcapi_handle_reinit - Fix: simplify code by removing the internal *_fd functions from kcapi-kernel-if.c - Test enhancement: add IIV speed testing - Fix: add a loop around the read system call to always obtain all generated data - Fix: use host compiler for compiling docproc (reported by Christophe LEROY, fixed by Björn Esser) - Fix: make error handling of hashing applications consistent with coreutils applications (reported by Christophe LEROY) - Fix: support for zero length files (patched by Ondrej MosnáÄek) - Fix: support for zero message hashes on kernels <= 4.9 (patched by Ondrej MosnáÄek) - Fix: Add Travis CI test system provided by Ondrej MosnáÄek - Fix: Add several fixes to kcapi-hasher by Ondrej MosnáÄek - Fix: Add additional tests for kcapi-hasher by Ondrej MosnáÄek OBS-URL: https://build.opensuse.org/request/show/765261 OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=20
This commit is contained in:
parent
ffddc1394d
commit
9ab73937f1
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:2c4dbdc06623552c142a41bb8a659fc147abd804957a9228d1666e903cdc7ba8
|
|
||||||
size 227482
|
|
3
libkcapi-1.1.5.tar.xz
Normal file
3
libkcapi-1.1.5.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:8a08dcbb4d05ede4357cdc9d61c7f2a7f2cd96b7ce2eb41b28e45b2e378267ad
|
||||||
|
size 320016
|
11
libkcapi-1.1.5.tar.xz.asc
Normal file
11
libkcapi-1.1.5.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAl1BSvEACgkQQh7pNjJq
|
||||||
|
wVtOogf/UzYn7DUB4x0QQxODtaVbXrZ5FfFWDpKJxCVXWI64VK1kF6SSm+qD305h
|
||||||
|
Dj0lA7+TpIKhwKlc4kofaLjW/yeUPEoZCBjFSTeLc+A/7XP5m1Xqnz6fuH2lZwRK
|
||||||
|
o1p8ICPj9bOW9rj2K59pdHVTdXW1fj5sJOi25n9fLf5PcaPMxoawHG4l18tp7qNd
|
||||||
|
XXrqcfeSe+IF3Z4MJQee4lnsQE37wOJC8lanNDMXs7XZJ4RGUrJWfMWzVhVbh+D4
|
||||||
|
n6Ow6H0ZaJDUksSh6faKBwAlo+c9J2CRe80+EIiAcYCKzQOH6ylnhdU1qKVD/kNK
|
||||||
|
7XMwTY3intV9FP3mhM/RPSLSOw7NLA==
|
||||||
|
=UN86
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,44 +0,0 @@
|
|||||||
Index: libkcapi-0.13.0/apps/Makefile
|
|
||||||
===================================================================
|
|
||||||
--- libkcapi-0.13.0.orig/apps/Makefile
|
|
||||||
+++ libkcapi-0.13.0/apps/Makefile
|
|
||||||
@@ -65,27 +65,26 @@ install:
|
|
||||||
install -d ${DESTDIR}$(BINDIR)/
|
|
||||||
install -m 0755 $(NAME) -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
install -m 0755 sha1sum -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./fipshmac ${DESTDIR}$(BINDIR)/sha1sum
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/sha1sum
|
|
||||||
install -m 0755 sha224sum -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./fipshmac ${DESTDIR}$(BINDIR)/sha224sum
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/sha224sum
|
|
||||||
install -m 0755 sha256sum -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./fipshmac ${DESTDIR}$(BINDIR)/sha256sum
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/sha256sum
|
|
||||||
install -m 0755 sha384sum -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./fipshmac ${DESTDIR}$(BINDIR)/sha384sum
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/sha384sum
|
|
||||||
install -m 0755 sha512sum -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./fipshmac ${DESTDIR}$(BINDIR)/sha512sum
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/sha512sum
|
|
||||||
install -m 0755 fipscheck -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./fipshmac ${DESTDIR}$(BINDIR)/fipscheck
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/fipscheck
|
|
||||||
install -m 0755 fipshmac -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./fipshmac ${DESTDIR}$(BINDIR)/fipshmac
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/fipshmac
|
|
||||||
install -m 0755 sha1hmac -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./sha512hmac sha1hmac > ${DESTDIR}$(BINDIR)/.sha1hmac.hmac
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/sha1hmac
|
|
||||||
install -m 0755 sha224hmac -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./sha512hmac sha224hmac > ${DESTDIR}$(BINDIR)/.sha224hmac.hmac
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/sha224hmac
|
|
||||||
install -m 0755 sha256hmac -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./sha512hmac sha256hmac > ${DESTDIR}$(BINDIR)/.sha256hmac.hmac
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/sha256hmac
|
|
||||||
install -m 0755 sha384hmac -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./sha512hmac sha384hmac > ${DESTDIR}$(BINDIR)/.sha384hmac.hmac
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/sha384hmac
|
|
||||||
install -m 0755 sha512hmac -D -t ${DESTDIR}$(BINDIR)/
|
|
||||||
- ./sha512hmac sha512hmac > ${DESTDIR}$(BINDIR)/.sha512hmac.hmac
|
|
||||||
-
|
|
||||||
+ fipshmac ${DESTDIR}$(BINDIR)/sha512hmac
|
|
117
libkcapi.changes
117
libkcapi.changes
@ -1,3 +1,120 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 8 07:23:22 UTC 2020 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- updated to 1.1.5:
|
||||||
|
- Fix invocation of ansi_cprng in FIPS mode during testing
|
||||||
|
- Fix testing on kernels >= 5.0
|
||||||
|
- Add virtualization test for kernel 5.1
|
||||||
|
- Fix the limit between vmsplice() and sendmsg() by Christophe Leroy
|
||||||
|
- Fix remove code duplication by Ondrej MosnáÄek
|
||||||
|
- Fix potential memleak in speed-test
|
||||||
|
- updated to 1.1.4:
|
||||||
|
- Fix: use sendmsg when processing more than 1<<16 bytes input data which improves performance on some architectures
|
||||||
|
- updated to 1.1.3:
|
||||||
|
- Fix: default location of FIPS 140-2 HMAC control file is .<orig file>.hmac (was accidentally moved to <orig file>.hmac with 1.1.0)
|
||||||
|
- updated to 1.1.2:
|
||||||
|
- Fix: Bug fixes for GCC 8.1.0 regarding string length checks by Krzysztof Kozlowski
|
||||||
|
- Enhancement: ensure that tests execute on architectures other than X86 by Ondrej MosnáÄek
|
||||||
|
- Fix: Bug fix to initialize FDs at the correct time in kcapi-kernel-if.c by Ondrej MosnáÄek
|
||||||
|
- Test fix: Support test execution outside build environment by Ondrej MosnáÄek
|
||||||
|
- updated to 1.1.1:
|
||||||
|
- Fix: Bug fixes for kcapi_hasher by Ondrej MosnáÄek
|
||||||
|
- updated to 1.1.0:
|
||||||
|
- API Enhancement: Addition of kcapi_handle_reinit
|
||||||
|
- Fix: simplify code by removing the internal *_fd functions from kcapi-kernel-if.c
|
||||||
|
- Test enhancement: add IIV speed testing
|
||||||
|
- Fix: add a loop around the read system call to always obtain all generated data
|
||||||
|
- Fix: use host compiler for compiling docproc (reported by Christophe LEROY, fixed by Björn Esser)
|
||||||
|
- Fix: make error handling of hashing applications consistent with coreutils applications (reported by Christophe LEROY)
|
||||||
|
- Fix: support for zero length files (patched by Ondrej MosnáÄek)
|
||||||
|
- Fix: support for zero message hashes on kernels <= 4.9 (patched by Ondrej MosnáÄek)
|
||||||
|
- Fix: Add Travis CI test system provided by Ondrej MosnáÄek
|
||||||
|
- Fix: Add several fixes to kcapi-hasher by Ondrej MosnáÄek
|
||||||
|
- Fix: Add additional tests for kcapi-hasher by Ondrej MosnáÄek
|
||||||
|
- Fix: Apply unpadding only to last block of data by Ondrej MosnáÄek
|
||||||
|
- Fix: Fix resource leaks in error code paths suggested by Ondrej MosnáÄek
|
||||||
|
- Enhancement: achieve hmaccalc CLI equivalence by Ondrej MosnáÄek
|
||||||
|
- updated to 1.0.3:
|
||||||
|
- Fix: support STDIN and --tag of sha*sum applications
|
||||||
|
- Enhancement: Add small enhancements to support integration with distros -- reported by Björn Esser
|
||||||
|
- updated to 1.0.2:
|
||||||
|
- Fix: hasher-test.sh on 32-bit systems
|
||||||
|
- Fix: AIO return code handling on large number of requests -- reported by Jonathan Cameron
|
||||||
|
- Enhancement: disable coredumps of library
|
||||||
|
- Fix: remove unchecked -fstack-protector-strong from Makefile -- reported by Mathieu Malaterre
|
||||||
|
- Fix: document that kcapi_cipher_stream_op must be called in a loop to collect all data in a multhreaded environment.
|
||||||
|
- Test Fix: Update symmetric multithreaded stream test to invoke kcapi_cipher_stream_op in a loop to collect all data.
|
||||||
|
- Fix: Initialize the cipher handle on stack with zeros as the library expects a zero-initialized cipher handle. This fixes a possible segfault where free() is called on a non-initialized memory location.
|
||||||
|
- Fix: port algif_kpp and algif_akcipher to 4.15-rc3
|
||||||
|
- updated to 1.0.1:
|
||||||
|
- Fix: constify AEAD cipher input data
|
||||||
|
- Fix: use GCC byte swapping acceleration if present
|
||||||
|
- Fix: KDF counter handling on little endian systems when generating more than 255 blocks
|
||||||
|
- Use LD_PRELOAD for execution of test cases to force using of the freshly compiled binaries
|
||||||
|
- Fix: return code handling of _kcapi_common_vmsplice_chunk_fd as reported by Christophe Leroy
|
||||||
|
- Fix: return code handling in _kcapi_md_update
|
||||||
|
- Fix: kcapi-hasher now supports files larger than 2GB
|
||||||
|
- Fix: kcapi-dgst now supports files larger than 2GB
|
||||||
|
- Fix: use stack protector
|
||||||
|
- Fix: rename header guards to remove leading underscore as pointed out by Markus Elfring
|
||||||
|
- Test Fix: Allow compiing the test code without asymmetric and KPP support
|
||||||
|
- updated to 1.0.0:
|
||||||
|
- Fix: Small compile fixes for new checks of GCC 7
|
||||||
|
- API Change: Rename all LOG_* enums to KCAPI_LOG_* to prevent namespace poisoning
|
||||||
|
- Fix: soname and file name of library now compiles with conventions (thanks to Marcus Meissner)
|
||||||
|
- Fix: kcapi-rng.c: unify FD/syscall read code and fix __NR_getrandom resolution
|
||||||
|
- Enhancement: add kcapi-enc application to access symmetric encryption on command line
|
||||||
|
- Fix: consolidate duplicate code in kcapi-hasher
|
||||||
|
- Enhancement: add kcapi-dgst application to access hashes on command line
|
||||||
|
- Enhancement: add kcapi-rng man page
|
||||||
|
- Enhancement: add kcapi-rng --hex command line option
|
||||||
|
- Fix: enable full symmetric AIO support
|
||||||
|
- Fix: consolidate all test code into test/ and invoke all tests with test-invocation.sh
|
||||||
|
- Fix: fix memleaks in error code paths as reported by clang
|
||||||
|
- Fix: reduce memory footprint by rearranging data structures
|
||||||
|
- Fix: kcapi-hasher is now fully FIPS 140-2 compliant as it now includes the integrity test for libkcapi.so
|
||||||
|
- Enhancement: Add speed tests for MV-CESA accelerated ciphers and hash algorithms (thanks to Bastian Stender)
|
||||||
|
- Test Enhancement: add kcapi-enc-test-large.c test testing edge conditions of AF_ALG
|
||||||
|
- Test Enhancement: add virttest.sh - use of test system based on eudyptula-boot to test on linux-4.3.6, linux-4.4.86, linux-4.5, linux-4.7, linux-4.10, linux-4.12
|
||||||
|
- Test Enhancement: add kcapi-fuzz-test.sh to support fuzzing the AF_ALG interfaces
|
||||||
|
- Enhancement: add RPM SPEC file (tested with Fedora 26)
|
||||||
|
- API Change: replace --disable-lib-asym with --enable-lib-asym as the algif_akcipher.c kernel interface is not likely to be added to the kernel anytime soon
|
||||||
|
- API Enhancement: add KPP API which is not compiled by default, use --enable-lib-kpp (the algif_kpp.c kernel interface is not likely to be added to the Linux kernel any time soon)
|
||||||
|
- Test Enhancement: Add KPP tests
|
||||||
|
- Enhancement: Re-enable AIO support for symmetric and AEAD ciphers down to Linux kernels 4.1 and 4.7, respectively. This is due to integrating a fix against a kernel crash when using AIO.
|
||||||
|
- Fix: simply KDF code base
|
||||||
|
- API Enhancement: add message digest convenience functions kcapi_md_*sha*
|
||||||
|
- API Enhancement: add cipher convenience functions kcapi_cipher_*_aes_*
|
||||||
|
- API Enhancement: add rng convenience function kcapi_rng_get_bytes
|
||||||
|
- API Change: remove kcapi_aead_getdata, use kcapi_aead_getdata_input and kcapi_aead_getdata_output instead
|
||||||
|
- API Change: remove kcapi_aead_outbuflen, use kcapi_aead_outbuflen_enc and kcapi_aead_outbuflen_dec instead
|
||||||
|
- updated to 0.14.0:
|
||||||
|
- AIO: fix tracking of completed IOCBs
|
||||||
|
- speed-test: fix AEAD handling
|
||||||
|
- speed-test: fix time calculation
|
||||||
|
- compiler now warns a user of deprecated API calls
|
||||||
|
- AIO: handle kernel errors for algif_skcipher gracefully
|
||||||
|
- AIO: using multiple IOCB if algif_aead interface supports it
|
||||||
|
- ASYM: add PKCS1 tests
|
||||||
|
- AIO: add ASYM AIO support
|
||||||
|
- AIO: fix AEAD AIO fallback
|
||||||
|
- AIO: add AIO fallback testing
|
||||||
|
- replace enforcement of symmetric cipher limits with a log message only (the underlying kernel implementations should catch any errors)
|
||||||
|
- add fuzzing tests
|
||||||
|
- use autotools build system as provided by Georges Savoundararadj with additional considerations from Marcin Nowakowski (thanks a lot)
|
||||||
|
- ALG_MAX_PAGES restriction is gone with current AF_ALG interface
|
||||||
|
- add HKDF (RFC5869)
|
||||||
|
- add apps/kcapi-rng
|
||||||
|
- add support for multiple accepts where the caller maintains the opfd
|
||||||
|
- fix memleak in error case in PBKDF
|
||||||
|
- add multithreaded symmetric cipher tests
|
||||||
|
- enable full AIO support for kernels 4.13 and higher (fallback AIO implementation using synchronous support for earlier kernels) -- this is due to the broken AIO support for earlier kernels
|
||||||
|
- Add tests for the AAD copy operation to be supported for kernel 4.13
|
||||||
|
- dropped libkcapi-use-external-fipshmac.patch (done differently in upstream)
|
||||||
|
- dropped reproduciblesort.patch (done differently upstream)
|
||||||
|
- dropped reproducibledate.patch: merged upstream
|
||||||
|
- libkcapi.keyring imported
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Dec 5 10:10:41 UTC 2019 - Martin Liška <mliska@suse.cz>
|
Thu Dec 5 10:10:41 UTC 2019 - Martin Liška <mliska@suse.cz>
|
||||||
|
|
||||||
|
58
libkcapi.keyring
Normal file
58
libkcapi.keyring
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQENBFqo+vgBCACp9hezmvJ4eeZv4PkyoMxGpXHN4Ox2+aofXxMv/yQ6oyZ69xu0
|
||||||
|
U0yFcEcSWbe4qhxB+nlOvSBRJ8ohEU3hlGLrAKJwltHVzeO6nCby/T57b6SITCbc
|
||||||
|
nZGIgKwX4CrJYmfQ4svvMGNDOORPk6SFkK7hhe1cWJb+Gc5czw3wy7By5c1Otlnb
|
||||||
|
mGB4k5+p7Mbi+rui/vLTKv7FKY5t2CpQoOxptxFc/yq9sMdBnsjvhcCHcl1kpnQP
|
||||||
|
TMppztWMj4Nkkd+Trvpym0WZ1px6+3kxhMn6LNYytHTCmf/qyf1+1/PIpyEXvx66
|
||||||
|
hxeN+fN/7R+0iYCisv3JTtfNkCV3QjGdKqT3ABEBAAG0HVN0ZXBoYW4gTXVlbGxl
|
||||||
|
ciA8c21AZXBlcm0uZGU+iQFOBBMBCAA4FiEEO8xD1NLIfReEtp7kQh7pNjJqwVsF
|
||||||
|
Alqo/M8CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQQh7pNjJqwVsV8gf+
|
||||||
|
OcAaiSqhn0mYkfC7Fe48n9InAkHiSQ/T7eN+wWYLYMWGG0N2z5gBnNfdc4oFVL+n
|
||||||
|
gye4C3bm98Iu7WnSl0CTOe1pKGFJg3Y7YzSa5/FzS9nKsg6iXpNWL5nSYyz8T9Q0
|
||||||
|
KGKNlAiyQEGkt8y05m8hNsvqkgDb923/RFfUYX4mTUXJ1vk/6SFCA/72JQN7PpwM
|
||||||
|
gGir7FNybuuDUuDLDgQ+BZHhJlW91XE2nwxUo9IrJ2FeT8GgFKzX8A//peRZTSSe
|
||||||
|
atJBr0HRKfTrKYw3lf897sddUjyQU1nDYv9EMLBvkzuE+gwUakt2rOcpR+4Fn5jk
|
||||||
|
QbN4vpfGPnybMAMMxW6GIrQfU3RlcGhhbiBNdWVsbGVyIDxzbUBjaHJvbm94LmRl
|
||||||
|
PokBTgQTAQgAOBYhBDvMQ9TSyH0XhLae5EIe6TYyasFbBQJaqPzEAhsDBQsJCAcC
|
||||||
|
BhUKCQgLAgQWAgMBAh4BAheAAAoJEEIe6TYyasFbsqUH/2euuyRj8b1xuapmrNUu
|
||||||
|
U4atn9FN6XE1cGzXYPHNEUGBiMkInPwZ/PFurrni7S22cMN+IuqmQzLo40izSjXh
|
||||||
|
RJAa165GoJSrtf7S6iwry/k1S9nY2Vc/dxW6qnFq7mJLAs0JWHOfhRe1caMb7P95
|
||||||
|
B+O5B35023zYr9ApdQ4+Lyk+xx1+i++EOxbTJVqLZEF1EGmOWh3ERcGyT05+1LQ8
|
||||||
|
4yDSCUxZVZFrbA2Mtg8cdyvu68urvKiOCHzDH/xRRhFxUz0+dCOGBFSgSfKI9cgS
|
||||||
|
009BdH3Zyg795QV6wfhNas4PaNPN5ArMAvgPH1BxtkgyMjUSyLQQDrmuqHnLzExE
|
||||||
|
QfG0JVN0ZXBoYW4gTXVlbGxlciA8c211ZWxsZXJAY2hyb25veC5kZT6JAU4EEwEI
|
||||||
|
ADgWIQQ7zEPU0sh9F4S2nuRCHuk2MmrBWwUCWqj6+AIbAwULCQgHAgYVCgkICwIE
|
||||||
|
FgIDAQIeAQIXgAAKCRBCHuk2MmrBWxVrB/wKYSuURgwKs2pJ2kmLIp34StoreNqe
|
||||||
|
6cdIF7f7e8o7NaT528hFAVuDSTUyjXO+idbC0P+zu9y2SZfQhc4xbD+Zf0QngX7/
|
||||||
|
sqIWVeiXJa6uR/qrtJF7OBEvlGkxcAwkC0d/Ts68ps4QbZ7s5qWBJJY4LmnytqvX
|
||||||
|
Gb63/fOTwImYiY3tKCOSCM2YQRFt6BO71t8tu/4NLk0KSW9OHa9nfcDqI18aVylG
|
||||||
|
Mu5zNjYqjJpT/be1UpyZo6I/7p0yAQfGJ5YBiN4S264mdFN7jOvxZE3NKXhL4QMt
|
||||||
|
34hOSWPOpW8ZGEo1hKjEdHFvYowPpcoOFicP+zvxdpMtUTEkppREN2a+uQENBFqo
|
||||||
|
+vgBCACiLHsDAX7C0l0sB8DhVvTDpC2CyaeuNW9GZ1Qqkenh3Y5KnYnh5Gg5b0ju
|
||||||
|
bSkauJ75YEOsOeClWuebL3i76kARC8Gfo727wSLvfIAcWhO1ws6j1Utc8s1HNO0+
|
||||||
|
vcGC9EEkn7LzO5piEUPkentjrSF7clPsXziW4IJq/z3DYZQkVPk7PSw6r0jXWR/p
|
||||||
|
6sj4aXxslIiDgFJZyopki7Sl2805JYcvKKC6OWTyPHJMlnu9dNxJviAentAUwzHx
|
||||||
|
NqmvYjlkqBr/sFnjC9kydElecVm4YQh3TC6yt5h49AslAVlFYfwQwcio1LNWyScl
|
||||||
|
WHbDZhcVZJZZi4++gpFmmg1AjyfLABEBAAGJATYEGAEIACAWIQQ7zEPU0sh9F4S2
|
||||||
|
nuRCHuk2MmrBWwUCWqj6+AIbIAAKCRBCHuk2MmrBWxPCCACQGQu5eOcH9qsqSOO6
|
||||||
|
4n+xUX7PG96S8s2JolN3Ft2YWKUzjVHLu5jxznmDwx+GJ3P7thrzW+V5XdDcXgSA
|
||||||
|
XW793TaJ/XMM0jEG+jgvuhE65JfWCK+8sumrO24M1KnVQigxrMpG5FT7ndpBRGbs
|
||||||
|
059QSqoMVN4x2dvaP81/+u0sQQ2EGrhPFB2aOA3s7bbWy8xGVIPLcCqByPLbxbHz
|
||||||
|
aU/dkiutSaYqmzdgrTdcuESSbK4qEv3g1i2Bw5kdqeY9mM96SUL8cGUokqFtVP7b
|
||||||
|
2mSfm51iNqlO3nsfwpRnl/IlRPThWLhM7/qr49GdWYfQsK4hbw0fo09QFCXN53MP
|
||||||
|
LhLwuQENBFqo+vgBCAClaPqyK/PUbf7wxTfu3ZBAgaszL98Uf1UHTekRNdYO7FP1
|
||||||
|
dWWT4SebIgL8wwtWZEqI1pydyvk6DoNF6CfRFq1lCo9QA4Rms7Qx3cdXu1G47ZtQ
|
||||||
|
vOqxvO4SPvi7lg3PgnuiHDUSTwo5a8+ojxbLzs5xExbx4RDGtykBoaOoLYeenn92
|
||||||
|
AQ//gN6wCDjEjwP2u39xkWXlokZGrwn3ytFE20rUTNCSLxdmoCr1faHzKmvql95w
|
||||||
|
mA7ahg5s2vM9/95W4G71lJhy2crkZIAH0fx3iOUbDmlZ3T3UvoLuyMToUyaQv5lo
|
||||||
|
0lV2KJOBGhjnAfmykHsxQu0RygiNwvO3TGjpaeB5ABEBAAGJATYEGAEIACAWIQQ7
|
||||||
|
zEPU0sh9F4S2nuRCHuk2MmrBWwUCWqj6+AIbDAAKCRBCHuk2MmrBW5Y4B/oCLcRZ
|
||||||
|
yN0ETep2JK5CplZHHRN27DhL4KfnahZv872vq3c83hXDDIkCm/0/uDElso+cavce
|
||||||
|
g5pIsoP2bvEeSJjGMJ5PVdCYOx6r/Fv/tkr46muOvaLdgnphv/CIA+IRykwyzXe3
|
||||||
|
bsucHC4a1fnSoTMnV1XhsIh8zWTINVVO8+qdNEv3ix2nP5yArexUGzmJV0HIkKm5
|
||||||
|
9wCLz4FpWR+QZru0i8kJNuFrdnDIP0wxDjiVBifPhiegBv+/z2DOj8D9EI48Kagd
|
||||||
|
QP7MY7q/u1n3+pGTwa+F1hoGo5IOU5MnwVv7UHiW1MSNQ2/kBFBHm+xdudNab2U0
|
||||||
|
OpfqrWerOw3WcGd2
|
||||||
|
=b9/d
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
117
libkcapi.spec
117
libkcapi.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package libkcapi
|
# spec file for package libkcapi
|
||||||
#
|
#
|
||||||
# Copyright (c) 2019 SUSE LLC
|
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -17,20 +17,18 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: libkcapi
|
Name: libkcapi
|
||||||
Version: 0.13.0
|
Version: 1.1.5
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Linux Kernel Crypto API User Space Interface Library
|
Summary: Linux Kernel Crypto API User Space Interface Library
|
||||||
License: GPL-2.0-only
|
License: GPL-2.0-only
|
||||||
Group: Productivity/Security
|
Group: Productivity/Security
|
||||||
URL: http://www.chronox.de/libkcapi.html
|
URL: http://www.chronox.de/libkcapi.html
|
||||||
#Source: https://github.com/smuellerDD/libkcapi/archive/v0.13.0.zip
|
Source: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz
|
||||||
Source: libkcapi-0.13.0.tar.bz2
|
Source1: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz.asc
|
||||||
Patch0: libkcapi-use-external-fipshmac.patch
|
Source2: libkcapi.keyring
|
||||||
# PATCH-FIX-UPSTREAM rewritten upstream in https://github.com/smuellerDD/libkcapi/commit/0e7b2b0300782
|
BuildRequires: autoconf
|
||||||
Patch1: reproduciblesort.patch
|
BuildRequires: automake
|
||||||
# PATCH-FIX-UPSTREAM https://github.com/smuellerDD/libkcapi/pull/12
|
BuildRequires: libtool
|
||||||
Patch2: reproducibledate.patch
|
|
||||||
BuildRequires: fipscheck
|
|
||||||
BuildRequires: openssl
|
BuildRequires: openssl
|
||||||
BuildRequires: xmlto
|
BuildRequires: xmlto
|
||||||
|
|
||||||
@ -39,17 +37,17 @@ libkcapi exports APIs so that developers need not consider the low-level
|
|||||||
Netlink interface handling that is used for accesing the Linux kernel crypto
|
Netlink interface handling that is used for accesing the Linux kernel crypto
|
||||||
API.
|
API.
|
||||||
|
|
||||||
%package -n libkcapi0
|
%package -n libkcapi1
|
||||||
Summary: Linux Kernel Crypto API User Space Interface Library
|
Summary: Linux Kernel Crypto API User Space Interface Library
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
|
|
||||||
%description -n libkcapi0
|
%description -n libkcapi1
|
||||||
libkcapi allows user-space to access the Linux kernel crypto API.
|
libkcapi allows user-space to access the Linux kernel crypto API.
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Linux Kernel Crypto API User Space Interface Library
|
Summary: Linux Kernel Crypto API User Space Interface Library
|
||||||
Group: Development/Languages/C and C++
|
Group: Development/Languages/C and C++
|
||||||
Requires: libkcapi0 = %{version}
|
Requires: libkcapi1 = %{version}
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
libkcapi exports APIs so that developers need not consider the low-level
|
libkcapi exports APIs so that developers need not consider the low-level
|
||||||
@ -76,58 +74,89 @@ libkcapi user space tools to access certain hash algorithms.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1
|
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
cd lib
|
autoreconf -i
|
||||||
export CFLAGS="%optflags"
|
%configure \
|
||||||
%make_build
|
--disable-static \
|
||||||
make man
|
--enable-kcapi-test \
|
||||||
cd ../apps
|
--enable-kcapi-speed \
|
||||||
|
--enable-kcapi-hasher \
|
||||||
|
--enable-kcapi-rngapp \
|
||||||
|
--enable-kcapi-encapp \
|
||||||
|
--enable-kcapi-dgstapp
|
||||||
|
|
||||||
make %{?_smp_mflags}
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
%install
|
%install
|
||||||
cd lib
|
make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" %{?_smp_mflags}
|
||||||
make install maninstall DESTDIR=%{buildroot} LIBDIR="%{_libdir}" %{?_smp_mflags}
|
rm %{buildroot}/%_libdir/libkcapi.la
|
||||||
cd ../apps
|
|
||||||
make install DESTDIR=%{buildroot} %{?_smp_mflags} BINDIR=/usr/%_lib/libkcapi/
|
|
||||||
|
|
||||||
# Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries
|
# Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries
|
||||||
%define __spec_install_post \
|
%define __spec_install_post \
|
||||||
%{?__debug_package:%{__debug_install_post}} \
|
%{?__debug_package:%{__debug_install_post}} \
|
||||||
%{__arch_install_post} \
|
%{__arch_install_post} \
|
||||||
%{__os_install_post} \
|
%{__os_install_post} \
|
||||||
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipscheck.hmac \
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.fipscheck.hmac \
|
||||||
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipshmac.hmac \
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.fipshmac.hmac \
|
||||||
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1sum.hmac \
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha1sum.hmac \
|
||||||
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256sum.hmac \
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha256sum.hmac \
|
||||||
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384sum.hmac \
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha384sum.hmac \
|
||||||
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512sum.hmac \
|
openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%_bindir/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha512sum.hmac \
|
||||||
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1hmac.hmac \
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha1hmac.hmac \
|
||||||
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256hmac.hmac \
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha256hmac.hmac \
|
||||||
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384hmac.hmac \
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha384hmac.hmac \
|
||||||
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512hmac.hmac \
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_bindir/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_bindir/.sha512hmac.hmac \
|
||||||
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.hmac \
|
||||||
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.1|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.1.hmac \
|
||||||
|
openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.%version|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.%version.hmac \
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
%post -n libkcapi0 -p /sbin/ldconfig
|
%post -n libkcapi1 -p /sbin/ldconfig
|
||||||
|
|
||||||
%postun -n libkcapi0 -p /sbin/ldconfig
|
%postun -n libkcapi1 -p /sbin/ldconfig
|
||||||
|
|
||||||
%files -n libkcapi0
|
%files -n libkcapi1
|
||||||
%license COPYING
|
%license COPYING
|
||||||
%doc CHANGES
|
%doc CHANGES.md
|
||||||
%{_libdir}/libkcapi.so.0.13.*
|
%{_libdir}/libkcapi.so.1.*
|
||||||
%{_libdir}/libkcapi.so.0
|
%{_libdir}/libkcapi.so.1
|
||||||
|
%{_libdir}/.libkcapi.so.1*
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%{_includedir}/kcapi.h
|
%{_includedir}/kcapi.h
|
||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
%{_libdir}/libkcapi.so
|
||||||
|
%{_libdir}/.libkcapi.so.hmac
|
||||||
|
%{_libdir}/pkgconfig/libkcapi.pc
|
||||||
|
|
||||||
%files tools
|
%files tools
|
||||||
%dir %{_libdir}/libkcapi
|
%dir %{_libexecdir}/libkcapi
|
||||||
%{_libdir}/libkcapi/*
|
%{_bindir}/*hmac*
|
||||||
%{_libdir}/libkcapi/.*hmac
|
%{_bindir}/*sum*
|
||||||
|
%{_bindir}/*fips*
|
||||||
|
%{_bindir}/kcapi
|
||||||
|
%{_bindir}/kcapi-convenience
|
||||||
|
%{_bindir}/kcapi-dgst
|
||||||
|
%{_bindir}/kcapi-enc
|
||||||
|
%{_bindir}/kcapi-enc-test-large
|
||||||
|
%{_bindir}/kcapi-rng
|
||||||
|
%{_bindir}/kcapi-speed
|
||||||
|
%{_bindir}/.*hmac
|
||||||
|
%{_libexecdir}/libkcapi/kcapi
|
||||||
|
%{_libexecdir}/libkcapi/kcapi-convenience
|
||||||
|
%{_libexecdir}/libkcapi/compile-test.sh
|
||||||
|
%{_libexecdir}/libkcapi/hasher-test.sh
|
||||||
|
%{_libexecdir}/libkcapi/kcapi-convenience.sh
|
||||||
|
%{_libexecdir}/libkcapi/kcapi-dgst-test.sh
|
||||||
|
%{_libexecdir}/libkcapi/kcapi-enc-test-large
|
||||||
|
%{_libexecdir}/libkcapi/kcapi-enc-test-large.sh
|
||||||
|
%{_libexecdir}/libkcapi/kcapi-enc-test.sh
|
||||||
|
%{_libexecdir}/libkcapi/kcapi-fuzz-test.sh
|
||||||
|
%{_libexecdir}/libkcapi/libtest.sh
|
||||||
|
%{_libexecdir}/libkcapi/test-invocation.sh
|
||||||
|
%{_libexecdir}/libkcapi/test.sh
|
||||||
|
%{_libexecdir}/libkcapi/virttest.sh
|
||||||
|
%{_mandir}/man1/kcapi*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
@ -1,31 +0,0 @@
|
|||||||
commit fb7b152478b28d998c781f1ad924675b85c314db
|
|
||||||
Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
|
|
||||||
Date: Sat Jul 8 15:32:36 2017 +0200
|
|
||||||
|
|
||||||
Allow to override build date
|
|
||||||
|
|
||||||
in order to allow for reproducible builds.
|
|
||||||
See https://reproducible-builds.org/ for why this is good
|
|
||||||
and https://reproducible-builds.org/specs/source-date-epoch/
|
|
||||||
for the definition of this variable.
|
|
||||||
|
|
||||||
Also use gmtime instead of localtime to be independent of timezone.
|
|
||||||
|
|
||||||
diff --git a/lib/doc/bin/kernel-doc b/lib/doc/bin/kernel-doc
|
|
||||||
index 0c8bf6a..2851162 100755
|
|
||||||
--- a/lib/doc/bin/kernel-doc
|
|
||||||
+++ b/lib/doc/bin/kernel-doc
|
|
||||||
@@ -253,10 +253,11 @@ my %highlights = %highlights_man;
|
|
||||||
my $blankline = $blankline_man;
|
|
||||||
my $modulename = "Kernel API";
|
|
||||||
my $function_only = 0;
|
|
||||||
+my $build_date = $ENV{SOURCE_DATE_EPOCH} || time;
|
|
||||||
my $man_date = ('January', 'February', 'March', 'April', 'May', 'June',
|
|
||||||
'July', 'August', 'September', 'October',
|
|
||||||
- 'November', 'December')[(localtime)[4]] .
|
|
||||||
- " " . ((localtime)[5]+1900);
|
|
||||||
+ 'November', 'December')[(gmtime($build_date))[4]] .
|
|
||||||
+ " " . ((gmtime($build_date))[5]+1900);
|
|
||||||
my $show_not_found = 0;
|
|
||||||
|
|
||||||
# Essentially these are globals.
|
|
@ -1,26 +0,0 @@
|
|||||||
Index: libkcapi-0.13.0/lib/Makefile
|
|
||||||
===================================================================
|
|
||||||
--- libkcapi-0.13.0.orig/lib/Makefile
|
|
||||||
+++ libkcapi-0.13.0/lib/Makefile
|
|
||||||
@@ -100,7 +100,7 @@ LIBNAME := lib$(NAME).so.$(LIBVERSION)
|
|
||||||
# Define files to be compiled
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
-C_SRCS := $(wildcard *.c)
|
|
||||||
+C_SRCS := $(sort $(wildcard *.c))
|
|
||||||
C_OBJS := ${C_SRCS:.c=.o}
|
|
||||||
OBJS := $(C_OBJS)
|
|
||||||
|
|
||||||
Index: libkcapi-0.13.0/apps/Makefile
|
|
||||||
===================================================================
|
|
||||||
--- libkcapi-0.13.0.orig/apps/Makefile
|
|
||||||
+++ libkcapi-0.13.0/apps/Makefile
|
|
||||||
@@ -9,7 +9,7 @@ CFLAGS +=-D_FORTIFY_SOURCE=2 -fwrapv --p
|
|
||||||
LDFLAGS +=-Wl,-z,relro,-z,now
|
|
||||||
|
|
||||||
NAME := kcapi-hasher
|
|
||||||
-C_SRCS := $(wildcard *.c) $(wildcard ../lib/*.c)
|
|
||||||
+C_SRCS := $(sort $(wildcard *.c) $(wildcard ../lib/*.c))
|
|
||||||
C_OBJS := ${C_SRCS:.c=.o}
|
|
||||||
C_ASM := ${C_SRCS:.c=.s}
|
|
||||||
OBJS := $(C_OBJS)
|
|
Loading…
Reference in New Issue
Block a user