Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/libkcapi.git#5db30d35f3a03860e8a9f2deda675b94ec6e2cb9
2021-04-04 23:30:48 +00:00 · 2021-04-04 23:30:48 +00:00 · 2812e3c806
parent e8ae72f86f
commit 2812e3c806
4 changed files with 111 additions and 182 deletions
--- a/000-Kern-5.8-fix-MSG_MORE-usage.patch
+++ b/000-Kern-5.8-fix-MSG_MORE-usage.patch
@ -1,163 +0,0 @@
-From b612c52c5ccf021d01e6c786db1a31a697f21d97 Mon Sep 17 00:00:00 2001
-From: Stephan Mueller <smueller@chronox.de>
-Date: Thu, 13 Aug 2020 21:58:07 +0200
-Subject: [PATCH] Kern 5.8: fix MSG_MORE usage
-
-With kernel 5.8, a precise use of MSG_MORE is mandatory to support
-a stream cipher approach (init -> update -> update -> ... -> final).
-All but the last update operations must use MSG_MORE, the last update
-operation must not use MSG_MORE.
-
-Reported-by: Ondrej Mosnacek <omosnace@redhat.com>
-Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
- lib/kcapi-aead.c      | 24 ++++++++++++++----------
- lib/kcapi-kernel-if.c |  6 ++----
- test/kcapi-main.c     | 31 +++++++++++++++++--------------
- 3 files changed, 33 insertions(+), 28 deletions(-)
-
-diff --git a/lib/kcapi-aead.c b/lib/kcapi-aead.c
-index d241618..45a0bd7 100644
--- a/lib/kcapi-aead.c
-+++ b/lib/kcapi-aead.c
-@@ -210,13 +210,15 @@ _kcapi_aead_encrypt_aio_fallback(struct kcapi_handle *handle,
- 				 uint32_t iovlen, const uint8_t *iv)
- {
- 	uint32_t i;
-	int32_t ret = kcapi_aead_stream_init_enc(handle, iv, NULL, 0);
-
-	if (ret < 0)
-		return ret;
-+	int32_t ret = 0;
- 
- 	for (i = 0; i < iovlen; i++) {
-		int rc = kcapi_aead_stream_update_last(handle, iniov, 1);
-+		int rc = kcapi_aead_stream_init_enc(handle, iv, NULL, 0);
-+
-+		if (rc < 0)
-+			return rc;
-+
-+		rc = kcapi_aead_stream_update_last(handle, iniov, 1);
- 		if (rc < 0)
- 			return rc;
- 
-@@ -271,13 +273,15 @@ _kcapi_aead_decrypt_aio_fallback(struct kcapi_handle *handle,
- 				 uint32_t iovlen, const uint8_t *iv)
- {
- 	uint32_t i;
-	int32_t ret = kcapi_aead_stream_init_dec(handle, iv, NULL, 0);
-
-	if (ret < 0)
-		return ret;
-+	int32_t ret = 0;
- 
- 	for (i = 0; i < iovlen; i++) {
-		int rc = kcapi_aead_stream_update_last(handle, iniov, 1);
-+		int rc = kcapi_aead_stream_init_dec(handle, iv, NULL, 0);
-+
-+		if (rc < 0)
-+			return rc;
-+
-+		rc = kcapi_aead_stream_update_last(handle, iniov, 1);
- 		if (rc < 0)
- 			return rc;
- 
-diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
-index bea994f..42cf1ad 100644
--- a/lib/kcapi-kernel-if.c
-+++ b/lib/kcapi-kernel-if.c
-@@ -439,8 +439,7 @@ int _kcapi_aio_send_iov(struct kcapi_handle *handle, struct iovec *iov,
- 		if (0 > ret)
- 			return ret;
- 	} else {
-		ret = _kcapi_common_send_meta(handle, NULL, 0, enc,
-					      len ? MSG_MORE : 0);
-+		ret = _kcapi_common_send_meta(handle, NULL, 0, enc, MSG_MORE);
- 		if (0 > ret)
- 			return ret;
- 		ret = _kcapi_common_vmsplice_iov(handle, iov, iovlen, 0);
-@@ -1246,8 +1245,7 @@ int32_t _kcapi_cipher_crypt(struct kcapi_handle *handle, const uint8_t *in,
- 		if (0 > ret)
- 			return ret;
- 	} else {
-		ret = _kcapi_common_send_meta(handle, NULL, 0, enc,
-					      inlen ? MSG_MORE : 0);
-+		ret = _kcapi_common_send_meta(handle, NULL, 0, enc, MSG_MORE);
- 		if (0 > ret)
- 			return ret;
- 		ret = _kcapi_common_vmsplice_chunk(handle, in, inlen, 0);
-diff --git a/test/kcapi-main.c b/test/kcapi-main.c
-index 51f6ec7..64e466c 100644
--- a/test/kcapi-main.c
-+++ b/test/kcapi-main.c
-@@ -846,7 +846,7 @@ static int cavs_sym(struct kcapi_cavs *cavs_test, uint32_t loops,
- 		goto out;
- 	}
- 
-	for(i = 0; i < loops; i++) {
-+	for (i = 0; i < loops; i++) {
- 		_get_time(&begin);
- 		if (cavs_test->enc) {
- 			ret = kcapi_cipher_encrypt(handle,
-@@ -886,7 +886,7 @@ static int cavs_sym(struct kcapi_cavs *cavs_test, uint32_t loops,
- }
- 
- static void mt_sym_writer(struct kcapi_handle *handle, struct iovec *iov,
-			  int forking)
-+			  int forking, int last)
- {
- 	int ret;
- 
-@@ -899,7 +899,10 @@ static void mt_sym_writer(struct kcapi_handle *handle, struct iovec *iov,
- 			return;
- 	}
- 
-	ret = kcapi_cipher_stream_update_last(handle, iov, 1);
-+	if (last)
-+		ret = kcapi_cipher_stream_update_last(handle, iov, 1);
-+	else
-+		ret = kcapi_cipher_stream_update(handle, iov, 1);
- 	if (0 > ret)
- 		printf("Sending of data failed\n");
- 
-@@ -1004,7 +1007,7 @@ static int cavs_sym_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
- 			iov.iov_len = cavs_test->ctlen;
- 		}
- 
-		mt_sym_writer(handle_ptr, &iov, forking);
-+		mt_sym_writer(handle_ptr, &iov, forking, i == (loops * 2 - 1));
- 
- 		outiov.iov_base = outbuf_ptr;
- 		outiov.iov_len = outbuflen;
-@@ -1636,21 +1639,21 @@ static int cavs_aead_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
- 	if (ret)
- 		goto out;
- 
-	if (cavs_test->enc)
-		ret = kcapi_aead_stream_init_enc(handle, newiv, NULL, 0);
-
-	else
-		ret = kcapi_aead_stream_init_dec(handle, newiv, NULL, 0);
-	if (0 > ret) {
-		printf("Initialization of cipher buffer failed\n");
-		goto out;
-	}
-
- 	for (i = 0; i < loops; i++) {
- 		int errsv = 0;
- 
- 		memset(outbuf, 0, outbuflen);
- 
-+		if (cavs_test->enc)
-+			ret = kcapi_aead_stream_init_enc(handle, newiv, NULL, 0);
-+		else
-+			ret = kcapi_aead_stream_init_dec(handle, newiv, NULL, 0);
-+		if (0 > ret) {
-+			printf("Initialization of cipher buffer failed\n");
-+			goto out;
-+		}
-+
-+
- 		iov.iov_base = cavs_test->assoc;
- 		iov.iov_len = cavs_test->assoclen;
- 		if (cavs_test->enc) {
--- a/001-fix-fuzz-test.patch
+++ b/001-fix-fuzz-test.patch
@ -0,0 +1,37 @@
+From e8c22fe01c6dd46399396694cd1d72a6988dc287 Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Sat, 27 Mar 2021 13:46:45 +0100
+Subject: [PATCH] kcapi: Fix hang in fuzz tests with recent kernels
+
+After kernel commit f3c802a1f300 ("crypto: algif_aead - Only wake up
+when..."), the fuzz tests hang indefinitely, because they request more
+output data than the operation can produce. Fix this by requesting at
+most the expected size of the output data.
+
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+---
+ test/kcapi-main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/test/kcapi-main.c b/test/kcapi-main.c
+index 64e466c..975e8d1 100644
+--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
+@@ -380,7 +380,7 @@ static int fuzz_cipher(struct kcapi_cavs *cavs_test, unsigned long flags,
+ 	}
+ 
+ 	for (i = 0; i < sizeof(indata); i++) {
+-		unsigned int outlen = sizeof(outdata);
+		unsigned int outlen = i;
+ 		uint8_t *out = outdata;
+ 		uint8_t *iv = indata;
+ 		uint8_t *in = indata;
+@@ -474,7 +474,7 @@ static int fuzz_aead(struct kcapi_cavs *cavs_test, unsigned long flags,
+ 	}
+ 
+ 	for (i = 0; i < sizeof(indata); i++) {
+-		unsigned int outlen = sizeof(outdata);
+		unsigned int outlen = i;
+ 		uint8_t *out = outdata;
+ 		uint8_t *iv = indata;
+ 		uint8_t *in = indata;
--- a/libkcapi.spec
+++ b/libkcapi.spec
@ -1,7 +1,7 @@
 # Shared object version of libkcapi.
 %global vmajor            1
 %global vminor            2
-%global vpatch            0
+%global vpatch            1

 # Do we build the replacements packages?
 %bcond_with replace_coreutils
@ -22,6 +22,23 @@
 %else
 %bcond_with test_package
 %endif
+# disable cppcheck analysis in ELN/RHEL to avoid the dependency bz#1931518
+%if 0%{?rhel}
+%bcond_with cppcheck
+%else
+# Temporarily disable cppcheck on Fedora until bz#1923600 is fixed in rawhide
+%bcond_with cppcheck
+#bcond_without cppcheck
+%endif
+
+# Use `--without test` to build without running the tests
+%bcond_without test
+# Use `--without fuzz_test` to skip the fuzz test during build
+%bcond_without fuzz_test
+# Use `--without doc` to build without the -doc subpackage
+%bcond_without doc
+# Use `--without clang_sa` to skip clang static analysis during build
+%bcond_without clang_sa

 # This package needs at least Linux Kernel v4.10.0.
 %global min_kernel_ver    4.10.0
@ -77,8 +94,8 @@
 %global sha512hmac bin/kcapi-hasher -n sha512hmac
 %global fipshmac   bin/kcapi-hasher -n fipshmac
 %else
-%global sha512hmac bash %{_sourcedir}/sha512hmac-openssl.sh
-%global fipshmac   bash %{_sourcedir}/fipshmac-openssl.sh
+%global sha512hmac bash %{SOURCE2}
+%global fipshmac   bash %{SOURCE3}
 %endif

 # Add generation of HMAC checksums of the final stripped
@ -106,35 +123,41 @@ done                                                             \
  "$lib_path"/fipscheck/libkcapi.so.%{vmajor}.hmac               \
 %{nil}

-
 Name:           libkcapi
 Version:        %{vmajor}.%{vminor}.%{vpatch}
-Release:        3%{?dist}
+Release:        1%{?dist}
 Summary:        User space interface to the Linux Kernel Crypto API

 License:        BSD or GPLv2
-URL:            http://www.chronox.de/%{name}.html
-Source0:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
-Source1:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
+URL:            https://www.chronox.de/%{name}.html
+Source0:        https://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
+Source1:        https://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
 Source2:        sha512hmac-openssl.sh
 Source3:        fipshmac-openssl.sh

-Patch0:         %{giturl}/commit/b612c52c5ccf.patch#/000-Kern-5.8-fix-MSG_MORE-usage.patch
+Patch001:       %{giturl}/pull/110.patch#/001-fix-fuzz-test.patch

 BuildRequires:  bash
-BuildRequires:  clang
 BuildRequires:  coreutils
-BuildRequires:  cppcheck
-BuildRequires:  docbook-utils-pdf
 BuildRequires:  gcc
-BuildRequires:  git
+BuildRequires:  git-core
 BuildRequires:  hardlink
 BuildRequires:  kernel-headers >= %{min_kernel_ver}
 BuildRequires:  libtool
+BuildRequires:  make
 BuildRequires:  openssl
 BuildRequires:  perl-interpreter
 BuildRequires:  systemd
 BuildRequires:  xmlto
+%if %{with doc}
+BuildRequires:  docbook-utils-pdf
+%endif
+%if %{with clang_sa}
+BuildRequires:  clang
+%endif
+%if %{with cppcheck}
+BuildRequires:  cppcheck
+%endif

 # For ownership of %%{_sysctldir}.
 Requires:       systemd
@ -164,6 +187,7 @@ Requires:       %{name}%{?_isa} == %{version}-%{release}
 Header files for applications that use %{name}.


+%if %{with doc}
 %package        doc
 Summary:        User documentation for the %{name} package
 BuildArch:      noarch
@ -174,6 +198,7 @@ Requires:       %{name} == %{version}-%{release}

 %description    doc
 User documentation for %{name}.
+%endif


 %if %{with replace_coreutils}
@ -319,7 +344,11 @@ EOF
  --enable-sum-prefix=   \
  --enable-sum-dir=/%{_lib} \
  --with-pkgconfigdir=%{_libdir}/pkgconfig
+%if %{with doc}
 %make_build all doc
+%else
+%make_build all man
+%endif


 %install
@ -336,8 +365,14 @@ EOF
 %if %{with_sysctl_tweak}
  README.%{distroname_ext}                          \
 %endif
-  README.md CHANGES.md TODO doc/%{name}.p{df,s}
+%if %{with doc}
+  doc/%{name}.p{df,s}                               \
+%endif
+  README.md CHANGES.md TODO
+
+%if %{with doc}
 %{__cp} -pr lib/doc/html %{buildroot}%{_pkgdocdir}
+%endif

 # Install replacement tools, if enabled.
 %if !%{with replace_coreutils}
@ -363,11 +398,13 @@ EOF
 # Remove 0-size files.
 %{_bindir}/find %{buildroot} -type f -size 0 -print -delete

+%if %{with doc}
 # Make sure all docs have non-exec permissions, except for the dirs.
 %{_bindir}/find %{buildroot}%{_pkgdocdir} -type f -print | \
  %{_bindir}/xargs %{__chmod} -c 0644
 %{_bindir}/find %{buildroot}%{_pkgdocdir} -type d -print | \
  %{_bindir}/xargs %{__chmod} -c 0755
+%endif

 # Possibly save some space by hardlinking.
 for d in %{_mandir} %{_pkgdocdir}; do
@ -377,10 +414,14 @@ done

 %check
 # Some basic sanity checks.
-for t in cppcheck scan; do
-  %make_build $t
-done
+%if %{with clang_sa}
+%make_build scan
+%endif
+%if %{with cppcheck}
+%make_build cppcheck
+%endif

+%if %{with test}
 # On some arches `/proc/sys/net/core/optmem_max` is lower than 20480,
 # which is the lowest limit needed to run the testsuite.  If that limit
 # is not met, we do not run it.
@ -389,12 +430,15 @@ done
 %if %{lua:print(rpm.vercmp(posix.uname('%r'), '5.1'));} >= 0
 # Real testsuite.
 pushd test
+%if %{with fuzz_test}
 ENABLE_FUZZ_TEST=1 \
+%endif
 NO_32BIT_TEST=1    \
  ./test-invocation.sh
 popd
 %endif
 %endif
+%endif


 %ldconfig_scriptlets
@ -423,10 +467,12 @@ popd
 %{_libdir}/pkgconfig/%{name}.pc


+%if %{with doc}
 %files          doc
 %doc %{_pkgdocdir}/html
 %doc %{_pkgdocdir}/%{name}.pdf
 %doc %{_pkgdocdir}/%{name}.ps
+%endif


 %if %{with replace_coreutils}
@ -466,6 +512,15 @@ popd


 %changelog
+* Mon Mar 15 2021 Sahana Prasad <sahana@redhat.com> - 1.2.1-1
+- Update to upstream version 1.2.1
+- Remove patch fix MSG_MORE uasge as it is added upstream
+- Remove cppcheck dependency for rhel bz#1931518
+- Add a patch to fix fuzz tests
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
 * Fri Aug 14 2020 Ondrej Mosnáček <omosnace@redhat.com> - 1.2.0-3
 - Require perl-interpreter instead of full perl
 - Backport fix for 5.9 kernels
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (libkcapi-1.2.0.tar.xz) = f097aac4fb06d0e0a7f62376506caa2d4cdb03572be89286ff335684f9a10285ffea4b3cfb37fd49e51435aa6636256aa12f0cf970fd48b1358aace8ac14b289
-SHA512 (libkcapi-1.2.0.tar.xz.asc) = 336769b04c75ee23d4cae98697a6ea14e5bd244bcefaa2396d80dab95538620c9353100685bd0568f61b8dfa3089c6ff7e4fdcdde949012ba0d7fe6aac650577
+SHA512 (libkcapi-1.2.1.tar.xz) = bfe5e4fa4368973cfcadbde3b2a278e31bc5c36a6afba9fc92fdd5903e4e8050d09000a195c764c981753896ef543635add98bbb930dbe52a56d2f6318bc1241
+SHA512 (libkcapi-1.2.1.tar.xz.asc) = f2823add4528e16c45ccb59e2124da29007b0285faed5194fe5969f4928411faa63b3b6586bd103085b666a4dfb977cfdf0d20db6588d426ab92e29e360a37e7