diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch | 33 | ||||
| -rw-r--r-- | libkcapi-1.4.0.tar.xz.asc | 11 | ||||
| -rw-r--r-- | libkcapi.spec | 284 | ||||
| -rw-r--r-- | sources | 1 |
5 files changed, 330 insertions, 0 deletions
@@ -0,0 +1 @@ +/libkcapi-1.4.0.tar.xz diff --git a/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch b/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch new file mode 100644 index 0000000..220ba6d --- /dev/null +++ b/libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch @@ -0,0 +1,33 @@ +From b2e9360dab74de1ffcb8527610e88b0da87c701e Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek <omosnace@redhat.com> +Date: Mon, 30 Jul 2018 17:17:59 +0200 +Subject: [PATCH] lib: Fix _kcapi_handle_destroy() closing FD 0 + +The kcapi_handle structure is initialized with zeroes at allocation. +However, since it contains several file descriptor variables, it may +happen that _kcapi_handle_destroy() is executed while some of these are +set to 0, causing an unwanted call to close(0). + +This patch prevents it by initializing all FD variables to -1 right +after handle allocation. +--- + lib/kcapi-kernel-if.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c +index 595ce68..dfa94b4 100644 +--- a/lib/kcapi-kernel-if.c ++++ b/lib/kcapi-kernel-if.c +@@ -1146,6 +1146,12 @@ int _kcapi_handle_init(struct kcapi_handle **caller, const char *type, + + handle->tfm = tfm; + ++ /* Initialize all fd vars to -1 to avoid unwanted close(0) */ ++ handle->pipes[0] = -1; ++ handle->pipes[1] = -1; ++ handle->opfd = -1; ++ handle->aio.efd = -1; ++ + ret = _kcapi_handle_init_tfm(handle, type, ciphername); + if (ret) + goto err; diff --git a/libkcapi-1.4.0.tar.xz.asc b/libkcapi-1.4.0.tar.xz.asc new file mode 100644 index 0000000..037df0e --- /dev/null +++ b/libkcapi-1.4.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAmISvaAACgkQQh7pNjJq +wVv6jggAh7UpchOXZ1THbDZ0PE+YGWSr3Y3qKHMls9ixNn/RDSYxPvyZqc6pIAKQ +zVA6bGtB9kqcSexmrk2EyiUYgi1lo+5HwsfAfHBQaq7vD1S8Q/FYx/XVRv2GQfkj +/E1ivlcdcInlpn+vu+7Hei+H/IXtETh8QPwGwRI1Je84pIt7K4K4VPwWpur0su6E +oF1AFT6ldlMczsoDTCi3eP3rZWKvMmX5718W9F6eKuTkKoIiipCUxdMBy4f6YpDB +1ZmQPHjSgG4URlclQnFiGXYAbMBRHYfguJRl/HjZWSQMigRzqGSdvJR8wrfMeQzr +Bk0z0nGayzHgcC7gPz8CsAMJj5C9eQ== +=OA3o +-----END PGP SIGNATURE----- diff --git a/libkcapi.spec b/libkcapi.spec new file mode 100644 index 0000000..02229f7 --- /dev/null +++ b/libkcapi.spec @@ -0,0 +1,284 @@ +%global sysctl_prio 50 +%global sysctl_optmem_max 81920 +%global distroname_ext %{_vendor} + +%if %{?openEuler:1}0 +%define enable_docbook_pdf 1 +%else +%define enable_docbook_pdf 0 +%endif + +Name: libkcapi +Version: 1.4.0 +Release: 1 +Summary: libkcapi - Linux Kernel Crypto API User Space Interface Library + +License: BSD or GPLv2 +URL: http://www.chronox.de/%{name}.html +Source0: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz +Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc + +Patch0: libkcapi-1.1.1-lib_Fix_kcapi_handle_destroy_closing_FD_0.patch + +BuildRequires: clang coreutils cppcheck gcc hardlink +BuildRequires: libtool openssl perl systemd xmlto kernel-headers >= 4.10.0 +%if 0%{?enable_docbook_pdf} +BuildRequires: docbook-utils-pdf +%endif + +Requires: systemd + +Provides: %{name}-tools +Provides: hmaccalc == 0.9.14-10.1 +Provides: hmaccalc%{?_isa} == 0.9.14-10.1 +Provides: %{name}-hmaccalc + +Obsoletes: %{name}-replacements <= %{version}-%{release} +Obsoletes: %{name}-tools +Obsoletes: hmaccalc <= 0.9.14-10 +Obsoletes: %{name}-hmaccalc + +%description +The Linux kernel exports a Netlink interface of type AF_ALG to allow user space to utilize the kernel crypto API. +libkcapi uses this Netlink interface and exports easy to use APIs so that a developer does not need to consider the low-level Netlink interface handling. +The library does not implement any cipher algorithms. All consumer requests are sent to the kernel for processing. +Results from the kernel crypto API are returned to the consumer via the library API. + +%package devel +Summary: Development files for the %{name} package +Requires: %{name} == %{version}-%{release} + +Obsoletes: %{name}-static +Provides: %{name}-static + +%description devel +Header files for applications that use %{name}. + +%package tests +Summary: Testing scripts for the %{name} package +Requires: %{name}%{?_isa} == %{version}-%{release} +Requires: %{name}-tools +Requires: %{name}-hmaccalc +Requires: coreutils +Requires: openssl +Requires: perl + +%description tests +Auxiliary scripts for testing %{name}. + +%package_help + +%prep +%autosetup -p 1 + +cat << EOF > README.%{distroname_ext} +This package increases the default limit of the ancillary buffer size +per kernel socket defined in \`net.core.optmem_max\` to %{sysctl_optmem_max} bytes. + +For this preset to become active it requires a reboot after the +installation of this package. You can also manually increase this +limit by invocing \`sysctl net.core.optmem_max=%{sysctl_optmem_max}\` as the +super-user, e.g. using \`su\` or \`sudo\` on the terminal. + +This is done to provide consumers of the new Linux Kernel Crypto API +User Space Interface a well sufficient and reasonable maximum limit +by default, especially when using AIO with a larger amount of IOVECs. + +For further information about the AF_ALG kernel socket and AIO, see +the discussion at the kernel-crypto mailing-list: +https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg30417.html + +See the instructions given in '%{_sysctldir}/50-default.conf', +if you need or want to override the preset made by this package. +EOF + +cat << EOF > %{sysctl_prio}-%{name}-optmem_max.conf +# See the 'README.%{distroname_ext}' file shipped in %%doc +# with the %{name} package. +# +# See '%{_sysctldir}/50-default.conf', +# if you need or want to override this preset. + +# Increase the ancillary buffer size per socket. +net.core.optmem_max = %{sysctl_optmem_max} +EOF + +%{_bindir}/autoreconf -fiv + + +%build +%configure \ + --libdir=/%{_lib} \ + --disable-silent-rules \ + --enable-kcapi-encapp \ + --enable-kcapi-dgstapp \ + --enable-kcapi-hasher \ + --enable-kcapi-rngapp \ + --enable-kcapi-speed \ + --enable-kcapi-test \ + --enable-shared \ + --enable-static \ + --enable-sum-prefix= \ + --enable-sum-dir=/%{_lib} \ + --with-pkgconfigdir=%{_libdir}/pkgconfig +%make_build all doc + + +%install +%make_install + +# Install sysctl.d preset. +mkdir -p %{buildroot}%{_sysctldir} +install -Dpm 0644 -t %{buildroot}%{_sysctldir} %{sysctl_prio}-%{name}-optmem_max.conf + +# Install into proper location for inclusion by %%doc. +mkdir -p %{buildroot}%{_pkgdocdir} +install -Dpm 0644 -t %{buildroot}%{_pkgdocdir} README.%{distroname_ext} README.md CHANGES.md TODO +%if 0%{?enable_docbook_pdf} +install -Dpm 0644 -t %{buildroot}%{_pkgdocdir} doc/%{name}.p{df,s} +%endif +cp -pr lib/doc/html %{buildroot}%{_pkgdocdir} + +# Install replacement tools, if enabled. +rm -f %{buildroot}%{_bindir}/md5sum \ + %{buildroot}%{_bindir}/sha*sum \ + %{buildroot}%{_bindir}/fips* \ + %{buildroot}%{_bindir}/sm*sum + +find %{buildroot} -type f -name '*.la' -print -delete +find %{buildroot} -type f -name '*.hmac' -print -delete +find %{buildroot} -type f -size 0 -print -delete +find %{buildroot}%{_pkgdocdir} -type f -print | xargs %{__chmod} -c 0644 +find %{buildroot}%{_pkgdocdir} -type d -print | xargs %{__chmod} -c 0755 + +for d in %{_mandir} %{_pkgdocdir}; do + hardlink -cfv %{buildroot}$d +done + +%ldconfig_scriptlets + +bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha1hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha1hmac.hmac +bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha224hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha224hmac.hmac +bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha256hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha256hmac.hmac +bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha384hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha384hmac.hmac +bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sha512hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sha512hmac.hmac +bin/kcapi-hasher -n sha512hmac %{buildroot}%{_bindir}/sm3hmac | cut -f 1 -d ' ' > %{buildroot}/%{_lib}/hmaccalc/sm3hmac.hmac + +hardlink -cfv %{buildroot}%{_bindir} +bin/kcapi-hasher -n fipshmac -d %{buildroot}/%{_lib}/fipscheck %{buildroot}/%{_lib}/libkcapi.so.%{version} || exit 1 +ln -s libkcapi.so.%{version}.hmac %{buildroot}/%{_lib}/fipscheck/libkcapi.so.1.hmac + +%check +for t in cppcheck scan;do + %make_build $t +done + +pushd test +ENABLE_FUZZ_TEST=1 \ +NO_32BIT_TEST=1 \ +./test-invocation.sh ||: +popd + +%files +%doc %dir %{_pkgdocdir} +%doc %{_pkgdocdir}/README.md +%license COPYING* +/%{_lib}/%{name}.so.* +/%{_lib}/fipscheck/%{name}.so.* +%doc %{_pkgdocdir}/README.%{distroname_ext} +%{_sysctldir}/%{sysctl_prio}-%{name}-optmem_max.conf +%{_bindir}/kcapi* +%{_bindir}/sha*hmac +%{_bindir}/sm*hmac +/%{_lib}/hmaccalc/sha*hmac.hmac +/%{_lib}/hmaccalc/sm*hmac.hmac + +%files devel +%doc %{_pkgdocdir}/CHANGES.md +%doc %{_pkgdocdir}/TODO +%{_includedir}/kcapi.h +/%{_lib}/%{name}.so +%{_libdir}/pkgconfig/%{name}.pc +/%{_lib}/%{name}.a + +%files tests +%{_libexecdir}/%{name}/* + +%files help +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/README.md +%exclude %{_pkgdocdir}/README.%{distroname_ext} +%exclude %{_pkgdocdir}/CHANGES.md +%exclude %{_pkgdocdir}/TODO +%{_mandir}/man1/kcapi*.1.* +%{_mandir}/man3/kcapi_*.3.* + +%changelog +* Wed Nov 16 2022 yixiangzhike <yixiangzhike007@163.com> - 1.4.0-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Update to 1.4.0 + +* Wed Jul 13 2022 yixiangzhike <yixiangzhike007@163.com> - 1.3.1-5 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:add macro to control docbook-utils-pdf dependency + +* Fri Apr 29 2022 yixiangzhike <yixiangzhike007@163.com> - 1.3.1-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:delete duplicate files from libkcapi-help + +* Fri Apr 15 2022 yixiangzhike <yixiangzhike007@163.com> - 1.3.1-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix printf usage errors highlighted by covscan + +* Wed Jan 26 2022 yixiangzhike <yixiangzhike007@163.com> - 1.3.1-2 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:enable test suite in check + +* Thu Dec 30 2021 yixiangzhike <yixiangzhike007@163.com> - 1.3.1-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Update to 1.3.1 + +* Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 1.2.0-5 +- DESC: delete -S git from %autosetup, and delete BuildRequires git + +* Fri Nov 20 2020 panxiaohe <panxiaohe@huawei.com> - 1.2.0-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Solve the failure when installing libkcapi-devel + +* Thu Oct 22 2020 zhangxingliang <zhangxingliang3@huawei.com> - 1.2.0-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Solve the failure when installing libkcapi-tests + +* Fri Oct 16 2020 zhangxingliang <zhangxingliang3@huawei.com> - 1.2.0-2 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Detach the sub package libkcapi-tests from libkcapi + +* Fri Jul 17 2020 yang_zhuang_zhuang<yangzhuangzhuang1@huawei.com> - 1.2.0-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:update to 1.2.0 + +* Thu Nov 14 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.5-2 +- Correct provides of hmaccalc + +* Tue Sep 3 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.1.5-1 +- Package init @@ -0,0 +1 @@ +ca877231a346dfeefb50fe4311d2df5d libkcapi-1.4.0.tar.xz |