Initial import (rhbz#1533929)

.gitignore

@@ -0,0 +1 @@
+/libkcapi-1.0.3.tar.xz

libkcapi-1.0.3-Makefile_absolute_path_docproc.patch

@@ -0,0 +1,23 @@
+From ee348492dfdd2df1d7e1c431d106dfe11edfcd86 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Fri, 12 Jan 2018 22:47:44 +0100
+Subject: [PATCH] Makefile: Use absolute path to built docproc
+
+Signed-off-by: Stephan Mueller <smueller@chronox.de>
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index f1caf3e..0a867d5 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -196,7 +196,7 @@ TEMPFILE := $(shell mktemp)
+ 
+ %.xml: %.tmpl lib/doc/bin/docproc$(EXEEXT)
+ 	$(SED) "s/@@LIBVERSION@@/$(VERSION)/" < $< > $(TEMPFILE)
+-	LIBVERSION=$(VERSION) SRCTREE=lib/ ./lib/doc/bin/docproc$(EXEEXT) doc $(TEMPFILE) > $@
++	LIBVERSION=$(VERSION) SRCTREE=lib/ $(abs_top_builddir)/lib/doc/bin/docproc$(EXEEXT) doc $(TEMPFILE) > $@
+ 	rm $(TEMPFILE)
+ 
+ if HAVE_DB2PDF

libkcapi-1.0.3-Makefile_pdftex_custom_homedir.patch

@@ -0,0 +1,32 @@
+From 176c6e3d47ff63a6f51b92a05ce19857099ba74a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Fri, 12 Jan 2018 22:48:27 +0100
+Subject: [PATCH] Makefile: Use seperate homedirs for pdf and ps generation
+
+Signed-off-by: Stephan Mueller <smueller@chronox.de>
+---
+ Makefile.am | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 0a867d5..cc4d123 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -205,7 +205,7 @@ DOC_TARGETS += pdf
+ pdf: pdf-stamp
+ pdf-stamp: lib/doc/libkcapi.xml
+ 	$(MKDIR_P) doc/pdf
+-	db2pdf -o doc/pdf $<
++	HOME=$(abs_top_builddir)/doc/pdf db2pdf -o doc/pdf $<
+ 	mv doc/pdf/*.pdf doc
+ 	rm -r doc/pdf
+ 	touch $@
+@@ -217,7 +217,7 @@ DOC_TARGETS += ps
+ ps: ps-stamp
+ ps-stamp: lib/doc/libkcapi.xml
+ 	$(MKDIR_P) doc/ps
+-	db2ps -o doc/ps $<
++	HOME=$(abs_top_builddir)/doc/ps db2ps -o doc/ps $<
+ 	mv doc/ps/*.ps doc
+ 	rm -r doc/ps
+ 	touch $@

libkcapi-1.0.3-autotools_full_path.patch

@@ -0,0 +1,197 @@
+From b9bced05dae319c6a00c2adce8953d468404a95c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Sat, 13 Jan 2018 14:22:42 +0100
+Subject: [PATCH] autotools: Use full path for external programs
+
+Signed-off-by: Stephan Mueller <smueller@chronox.de>
+---
+ Makefile.am  | 68 +++++++++++++++++++++++++++++++++---------------------------
+ configure.ac | 35 ++++++++++++++++++-------------
+ 2 files changed, 58 insertions(+), 45 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 66464e1..cbb1302 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -144,8 +144,11 @@ kcapi_hasher_links = sha1sum sha224sum sha256sum sha384sum sha512sum \
+ 
+ install-exec-hook:
+ 	(cd $(DESTDIR)$(bindir) && \
+-	($(foreach link, $(kcapi_hasher_links), ln -f kcapi-hasher $(link);)) && \
+-	($(foreach link, $(kcapi_hasher_links), openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $(link) > .$(link).hmac;)))
++	($(foreach link, $(kcapi_hasher_links), $(LN) -f kcapi-hasher $(link);)))
++if HAVE_OPENSSL
++	(cd $(DESTDIR)$(bindir) && \
++	($(foreach link, $(kcapi_hasher_links), $(OPENSSL) sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $(link) > .$(link).hmac;)))
++endif
+ endif
+ 
+ if ENABLE_KCAPI_RNGAPP
+@@ -195,7 +198,7 @@ MOSTLYCLEANFILES = $(analyze_plists)
+ 
+ $(analyze_plists): %.plist: %.c
+ 	@echo "  CCSA  " $@
+-	@clang --analyze $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) -Ilib/	$< -o $@
++	@$(CLANG) --analyze $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) -Ilib/	$< -o $@
+ 
+ scan: $(analyze_plists)
+ 
+@@ -204,16 +207,19 @@ endif
+ 
+ if HAVE_CPPCHECK
+ cppcheck:
+-	cppcheck --enable=performance,warning,portability $(sort $(SCAN_FILES))
++	$(CPPCHECK) --enable=performance,warning,portability $(sort $(SCAN_FILES))
+ endif
+ 
+ if HAVE_MKTEMP
+-TEMPFILE := $(shell mktemp)
++DOCPROC_TEMP := $(shell $(MKTEMP))
++else
++DOCPROC_TEMP := $(abs_top_builddir)/docproc.temp
++endif
+ 
+ %.xml: %.tmpl lib/doc/bin/docproc$(EXEEXT)
+-	$(SED) "s/@@LIBVERSION@@/$(VERSION)/" < $< > $(TEMPFILE)
+-	LIBVERSION=$(VERSION) SRCTREE=lib/ $(abs_top_builddir)/lib/doc/bin/docproc$(EXEEXT) doc $(TEMPFILE) > $@
+-	rm $(TEMPFILE)
++	$(SED) "s/@@LIBVERSION@@/$(VERSION)/" < $< > $(DOCPROC_TEMP)
++	LIBVERSION=$(VERSION) SRCTREE=lib/ $(abs_top_builddir)/lib/doc/bin/docproc$(EXEEXT) doc $(DOCPROC_TEMP) > $@
++	-rm $(DOCPROC_TEMP)
+ 
+ if HAVE_DB2PDF
+ DOC_TARGETS += pdf
+@@ -221,10 +227,10 @@ DOC_TARGETS += pdf
+ pdf: pdf-stamp
+ pdf-stamp: lib/doc/libkcapi.xml
+ 	$(MKDIR_P) doc/pdf
+-	HOME=$(abs_top_builddir)/doc/pdf db2pdf -o doc/pdf $<
+-	mv doc/pdf/*.pdf doc
+-	rm -r doc/pdf
+-	touch $@
++	HOME=$(abs_top_builddir)/doc/pdf $(DB2PDF) -o doc/pdf $<
++	$(MV) doc/pdf/*.pdf doc
++	-rm -r doc/pdf
++	$(TOUCH) $@
+ endif
+ 
+ if HAVE_DB2PS
+@@ -233,10 +239,10 @@ DOC_TARGETS += ps
+ ps: ps-stamp
+ ps-stamp: lib/doc/libkcapi.xml
+ 	$(MKDIR_P) doc/ps
+-	HOME=$(abs_top_builddir)/doc/ps db2ps -o doc/ps $<
+-	mv doc/ps/*.ps doc
+-	rm -r doc/ps
+-	touch $@
++	HOME=$(abs_top_builddir)/doc/ps $(DB2PS) -o doc/ps $<
++	$(MV) doc/ps/*.ps doc
++	-rm -r doc/ps
++	$(TOUCH) $@
+ endif
+ 
+ if HAVE_XMLTO
+@@ -245,36 +251,36 @@ DOC_TARGETS += html
+ html: html-stamp
+ html-stamp: lib/doc/libkcapi.xml
+ 	$(MKDIR_P) lib/doc/html
+-	xmlto html -m lib/doc/stylesheet.xsl --skip-validation -o lib/doc/html/ $< 2>/dev/null
+-	touch $@
++	$(XMLTO) html -m lib/doc/stylesheet.xsl --skip-validation -o lib/doc/html/ $< 2>/dev/null
++	$(TOUCH) $@
+ 
+ DOC_TARGETS += man
+ 
+ man: man-stamp
+ man-stamp: lib/doc/libkcapi.xml
+ 	$(MKDIR_P) lib/doc/man
+-	xmlto man -m lib/doc/stylesheet.xsl --skip-validation -o lib/doc/man/ $< 2>/dev/null
+-	touch $@
++	$(XMLTO) man -m lib/doc/stylesheet.xsl --skip-validation -o lib/doc/man/ $< 2>/dev/null
++	$(TOUCH) $@
+ 
+ devel_manpages = lib/doc/man/*.3
+ man_MANS += $(devel_manpages)
+ 
+ $(devel_manpages): man
+ endif
+-endif
+ 
+ doc: $(sort $(DOC_TARGETS))
+ 
+ clean-local:
+-	rm -f *-stamp
+-	rm -f lib/doc/*.xml
+-	rm -f lib/doc/*.pdf
+-	rm -f lib/doc/*.ps
+-	rm -rf lib/doc/man/
+-	rm -rf lib/doc/html/
+-	rm -rf doc/
+-	rm -rf bin/
++	-rm -f $(DOCPROC_TEMP)
++	-rm -f *-stamp
++	-rm -f lib/doc/*.xml
++	-rm -f lib/doc/*.pdf
++	-rm -f lib/doc/*.ps
++	-rm -rf lib/doc/man/
++	-rm -rf lib/doc/html/
++	-rm -rf doc/
++	-rm -rf bin/
+ 
+ distclean-local:
+-	rm -f lib/doc/Makefile*
+-	rm -rf autom4te.cache/
++	-rm -f lib/doc/Makefile*
++	-rm -rf autom4te.cache/
+diff --git a/configure.ac b/configure.ac
+index f3a2c97..6555c26 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -27,26 +27,33 @@ AC_CONFIG_MACRO_DIR([m4])
+ AX_PROG_CC_FOR_BUILD
+ AX_CHECK_PIE
+ 
+-AC_CHECK_PROG([CLANG], [clang], [yes])
+-AC_CHECK_PROG([CPPCHECK], [cppcheck], [yes])
+-AC_CHECK_PROG([XMLTO], [xmlto], [yes])
+-AC_CHECK_PROG([DB2PDF], [db2pdf], [yes])
+-AC_CHECK_PROG([DB2PS], [db2ps], [yes])
+-AC_CHECK_PROG([MKTEMP], [mktemp], [yes])
++AC_PATH_PROG([OPENSSL], [openssl])
++AC_PATH_PROG([CLANG], [clang])
++AC_PATH_PROG([CPPCHECK], [cppcheck])
++AC_PATH_PROG([XMLTO], [xmlto])
++AC_PATH_PROG([DB2PDF], [db2pdf])
++AC_PATH_PROG([DB2PS], [db2ps])
++AC_PATH_PROG([MKTEMP], [mktemp])
+ 
+ AC_SEARCH_LIBS(clock_gettime,rt)
+ AC_PROG_MKDIR_P
+ AC_PROG_SED
+ AC_PROG_INSTALL
+ AC_PROG_LN_S
+-
+-AM_CONDITIONAL([HAVE_CLANG], [test "x$CLANG" = "xyes" ])
+-AM_CONDITIONAL([HAVE_CPPCHECK], [test "x$CPPCHECK" = "xyes"])
+-AM_CONDITIONAL([HAVE_XMLTO], [test "x$XMLTO" = "xyes"])
+-AM_CONDITIONAL([HAVE_DB2PDF], [test "x$DB2PDF" = "xyes"])
+-AM_CONDITIONAL([HAVE_DB2PS], [test "x$DB2PS" = "xyes"])
+-AM_CONDITIONAL([HAVE_MKTEMP], [test "x$MKTEMP" = "xyes"])
+-
++AC_PATH_PROG([CP], [cp])
++AC_PATH_PROG([LN], [ln])
++AC_PATH_PROG([MV], [mv])
++AC_PATH_PROG([TOUCH], [touch])
++
++AM_CONDITIONAL([HAVE_OPENSSL], [test "x$OPENSSL" != "x"])
++AM_CONDITIONAL([HAVE_CLANG], [test "x$CLANG" != "x"])
++AM_CONDITIONAL([HAVE_CPPCHECK], [test "x$CPPCHECK" != "x"])
++AM_CONDITIONAL([HAVE_XMLTO], [test "x$XMLTO" != "x"])
++AM_CONDITIONAL([HAVE_DB2PDF], [test "x$DB2PDF" != "x"])
++AM_CONDITIONAL([HAVE_DB2PS], [test "x$DB2PS" != "x"])
++AM_CONDITIONAL([HAVE_MKTEMP], [test "x$MKTEMP" != "x"])
++
++AM_COND_IF([HAVE_OPENSSL], [], [AC_MSG_WARN([openssl not installed])])
+ AM_COND_IF([HAVE_CLANG], [], [AC_MSG_WARN([clang not installed])])
+ AM_COND_IF([HAVE_CPPCHECK], [], [AC_MSG_WARN([cppcheck not installed])])
+ AM_COND_IF([HAVE_XMLTO], [], [AC_MSG_WARN([xmlto not installed])])

libkcapi-1.0.3-hasher_test_hmaccalc_path.patch

@@ -0,0 +1,29 @@
+From ba147c9cce460c29076968c9e9e1a3828c0e9143 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Sat, 13 Jan 2018 14:30:44 +0100
+Subject: [PATCH] hasher-test: Search for hmaccalc in full $PATH
+
+Signed-off-by: Stephan Mueller <smueller@chronox.de>
+---
+ test/hasher-test.sh | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/test/hasher-test.sh b/test/hasher-test.sh
+index f82182c..65b6da0 100755
+--- a/test/hasher-test.sh
++++ b/test/hasher-test.sh
+@@ -99,10 +99,11 @@ do
+ 	hash=$(basename $i)
+ 	hash=${hash%%hmac}
+ 	hasher=$i
+-	i=$(basename $i)
++	t=$(basename $i)
++	i=$(command -v $t)
+ 
+-	[ ! -x "/bin/$i" ] && {
+-		echo_deact "hmaccalc reference application /bin/$i missing"
++	[ -z "$i" ] && {
++		echo_deact "hmaccalc reference application $t missing"
+ 		continue
+ 	}
+ 

libkcapi-1.0.3-libtool_pic_pie.patch

@@ -0,0 +1,199 @@
+From 63855e3e2414afbe232e5ea2e4bdfb03b786344a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Sat, 13 Jan 2018 13:19:47 +0100
+Subject: [PATCH] autotools: Let libtool handle PIC/PIE flags
+
+Signed-off-by: Stephan Mueller <smueller@chronox.de>
+---
+ Makefile.am        | 34 +++++++++++++++++++++++++---------
+ configure.ac       |  5 +++--
+ m4/ax_check_pie.m4 | 19 +++++++++++++++++++
+ 3 files changed, 47 insertions(+), 11 deletions(-)
+ create mode 100644 m4/ax_check_pie.m4
+
+diff --git a/Makefile.am b/Makefile.am
+index cc4d123..66464e1 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -5,8 +5,15 @@ lib_LTLIBRARIES = libkcapi.la
+ COMMON_CPPFLAGS = -Wextra -Wall -pedantic -fwrapv --param ssp-buffer-size=4 -O2 -Werror -std=gnu99
+ COMMON_LDFLAGS =  -Wl,-z,relro,-z,now
+ 
++libtool: $(LIBTOOL_DEPS)
++	$(SHELL) ./config.status libtool
++
+ noinst_PROGRAMS = lib/doc/bin/docproc
+ 
++EXTRA_lib_doc_bin_docproc_DEPENDENCIES = libtool
++
++EXTRA_libkcapi_la_DEPENDENCIES = libtool
++
+ libkcapi_la_SOURCES = lib/cryptouser.h \
+ 		      lib/internal.h \
+ 		      lib/kcapi.h \
+@@ -29,6 +36,7 @@ if DISABLE_LIB_MD
+ libkcapi_la_SOURCES +=
+ else
+ libkcapi_la_SOURCES += lib/kcapi-md.c
++
+ if DISABLE_LIB_KDF
+ libkcapi_la_SOURCES +=
+ else
+@@ -60,7 +68,7 @@ else
+ libkcapi_la_SOURCES +=
+ endif
+ 
+-libkcapi_la_CPPFLAGS = $(COMMON_CPPFLAGS) -fPIC -fvisibility=hidden
++libkcapi_la_CPPFLAGS = $(COMMON_CPPFLAGS) -fvisibility=hidden
+ libkcapi_la_LDFLAGS = $(COMMON_LDFLAGS) -Wl,--version-script,$(top_srcdir)/lib/version.lds -version-number `echo $(VERSION) | sed 's/\./:/g'`
+ 
+ SCAN_FILES = $(libkcapi_la_SOURCES)
+@@ -72,28 +80,31 @@ bin_PROGRAMS =
+ if ENABLE_KCAPI_TEST
+ bin_PROGRAMS += bin/kcapi
+ 
+-bin_kcapi_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -pie -fPIE -g -Ilib/
++bin_kcapi_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -g -Ilib/
+ bin_kcapi_LDFLAGS = $(COMMON_LDFLAGS)
+ bin_kcapi_LDADD = libkcapi.la
+ bin_kcapi_SOURCES = test/kcapi-main.c
++EXTRA_bin_kcapi_DEPENDENCIES = libtool
+ 
+ SCAN_FILES += $(bin_kcapi_SOURCES)
+ 
+ bin_PROGRAMS += bin/kcapi-enc-test-large
+ 
+-bin_kcapi_enc_test_large_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -pie -fPIE -g -Ilib/
++bin_kcapi_enc_test_large_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -g -Ilib/
+ bin_kcapi_enc_test_large_LDFLAGS = $(COMMON_LDFLAGS)
+ bin_kcapi_enc_test_large_LDADD = libkcapi.la
+ bin_kcapi_enc_test_large_SOURCES = test/kcapi-enc-test-large.c
++EXTRA_bin_kcapi_enc_test_large_DEPENDENCIES = libtool
+ 
+ SCAN_FILES += $(bin_kcapi_enc_test_large_SOURCES)
+ 
+ bin_PROGRAMS += bin/kcapi-convenience
+ 
+-bin_kcapi_convenience_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -pie -fPIE -g -Ilib/
++bin_kcapi_convenience_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-overlength-strings -g -Ilib/
+ bin_kcapi_convenience_LDFLAGS = $(COMMON_LDFLAGS)
+ bin_kcapi_convenience_LDADD = libkcapi.la
+ bin_kcapi_convenience_SOURCES = test/kcapi-convenience.c
++EXTRA_bin_kcapi_convenience_DEPENDENCIES = libtool
+ 
+ SCAN_FILES += $(bin_kcapi_convenience_SOURCES)
+ endif
+@@ -101,7 +112,7 @@ endif
+ if ENABLE_KCAPI_SPEED
+ bin_PROGRAMS += bin/kcapi-speed
+ 
+-bin_kcapi_speed_CPPFLAGS = $(COMMON_CPPFLAGS) -pie -fPIE -Wno-variadic-macros -Ilib/
++bin_kcapi_speed_CPPFLAGS = $(COMMON_CPPFLAGS) -Wno-variadic-macros -Ilib/
+ bin_kcapi_speed_LDFLAGS = $(COMMON_LDFLAGS)
+ bin_kcapi_speed_LDADD = libkcapi.la
+ bin_kcapi_speed_SOURCES = speed-test/cryptoperf.h \
+@@ -111,6 +122,7 @@ bin_kcapi_speed_SOURCES = speed-test/cryptoperf.h \
+ 		      speed-test/cryptoperf-main.c \
+ 		      speed-test/cryptoperf-rng.c \
+ 		      speed-test/cryptoperf-skcipher.c
++EXTRA_bin_kcapi_speed_DEPENDENCIES = libtool
+ 
+ SCAN_FILES += $(bin_kcapi_speed_SOURCES)
+ endif
+@@ -118,10 +130,11 @@ endif
+ if ENABLE_KCAPI_HASHER
+ bin_PROGRAMS += bin/kcapi-hasher
+ 
+-bin_kcapi_hasher_CPPFLAGS = $(COMMON_CPPFLAGS) -fPIC -Ilib/
++bin_kcapi_hasher_CPPFLAGS = $(COMMON_CPPFLAGS) -Ilib/
+ bin_kcapi_hasher_LDFLAGS = $(COMMON_LDFLAGS) -ldl
+ bin_kcapi_hasher_LDADD = libkcapi.la
+ bin_kcapi_hasher_SOURCES = apps/kcapi-hasher.c apps/app-internal.c
++EXTRA_bin_kcapi_hasher_DEPENDENCIES = libtool
+ 
+ SCAN_FILES += $(bin_kcapi_hasher_SOURCES)
+ 
+@@ -138,10 +151,11 @@ endif
+ if ENABLE_KCAPI_RNGAPP
+ bin_PROGRAMS += bin/kcapi-rng
+ 
+-bin_kcapi_rng_CPPFLAGS = $(COMMON_CPPFLAGS) -pie -fPIE -Ilib/
++bin_kcapi_rng_CPPFLAGS = $(COMMON_CPPFLAGS) -Ilib/
+ bin_kcapi_rng_LDFLAGS = $(COMMON_LDFLAGS)
+ bin_kcapi_rng_LDADD = libkcapi.la
+ bin_kcapi_rng_SOURCES = apps/kcapi-rng.c apps/app-internal.c
++EXTRA_bin_kcapi_rng_DEPENDENCIES = libtool
+ 
+ SCAN_FILES += $(bin_kcapi_rng_SOURCES)
+ man_MANS += apps/kcapi-rng.1
+@@ -150,10 +164,11 @@ endif
+ if ENABLE_KCAPI_ENCAPP
+ bin_PROGRAMS += bin/kcapi-enc
+ 
+-bin_kcapi_enc_CPPFLAGS = $(COMMON_CPPFLAGS) -pie -fPIE -Ilib/
++bin_kcapi_enc_CPPFLAGS = $(COMMON_CPPFLAGS) -Ilib/
+ bin_kcapi_enc_LDFLAGS = $(COMMON_LDFLAGS)
+ bin_kcapi_enc_LDADD = libkcapi.la
+ bin_kcapi_enc_SOURCES = apps/kcapi-enc.c apps/app-internal.c
++EXTRA_bin_kcapi_enc_DEPENDENCIES = libtool
+ 
+ SCAN_FILES += $(bin_kcapi_enc_SOURCES)
+ man_MANS += apps/kcapi-enc.1
+@@ -162,10 +177,11 @@ endif
+ if ENABLE_KCAPI_DGSTAPP
+ bin_PROGRAMS += bin/kcapi-dgst
+ 
+-bin_kcapi_dgst_CPPFLAGS = $(COMMON_CPPFLAGS) -pie -fPIE -Ilib/
++bin_kcapi_dgst_CPPFLAGS = $(COMMON_CPPFLAGS) -Ilib/
+ bin_kcapi_dgst_LDFLAGS = $(COMMON_LDFLAGS)
+ bin_kcapi_dgst_LDADD = libkcapi.la
+ bin_kcapi_dgst_SOURCES = apps/kcapi-dgst.c apps/app-internal.c
++EXTRA_bin_kcapi_dgst_DEPENDENCIES = libtool
+ 
+ SCAN_FILES += $(bin_kcapi_dgst_SOURCES)
+ man_MANS += apps/kcapi-dgst.1
+diff --git a/configure.ac b/configure.ac
+index 245d059..f3a2c97 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -19,12 +19,13 @@ AC_DEFINE([KCAPI_MAJVERSION], [__KCAPI_MAJVERSION])
+ AC_DEFINE([KCAPI_MINVERSION], [__KCAPI_MINVERSION])
+ AC_DEFINE([KCAPI_PATCHLEVEL], [__KCAPI_PATCHLEVEL])
+ AM_INIT_AUTOMAKE([foreign])
+-LT_INIT
++LT_INIT([pic-only])
++AC_SUBST([LIBTOOL_DEPS])
+ AC_PROG_CC
+ AC_CONFIG_FILES([Makefile])
+-AM_PROG_LIBTOOL
+ AC_CONFIG_MACRO_DIR([m4])
+ AX_PROG_CC_FOR_BUILD
++AX_CHECK_PIE
+ 
+ AC_CHECK_PROG([CLANG], [clang], [yes])
+ AC_CHECK_PROG([CPPCHECK], [cppcheck], [yes])
+diff --git a/m4/ax_check_pie.m4 b/m4/ax_check_pie.m4
+new file mode 100644
+index 0000000..a149af8
+--- /dev/null
++++ b/m4/ax_check_pie.m4
+@@ -0,0 +1,19 @@
++AC_DEFUN([AX_CHECK_PIE], [
++  AC_ARG_ENABLE([pie], AS_HELP_STRING([--disable-pie], [Disable Position-Independent Executable]), [], [enable_pie=yes])
++  AS_IF([test "x$enable_pie" = "xyes"], [
++    AC_MSG_CHECKING([if $CC supports PIE])
++    BAKLDFLAGS="$LDFLAGS"
++    BAKCFLAGS="$CFLAGS"
++    LDFLAGS="$LDFLAGS -pie"
++    CFLAGS="$CFLAGS -fpie -fPIE -DPIE"
++    AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
++      if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
++        LDFLAGS="$BAKLDFLAGS"
++        AC_MSG_RESULT(no)
++      else
++	AC_MSG_RESULT(yes)
++      fi
++      rm -f conftest conftest.c conftest.o
++    ], [LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)])
++  ])
++])

libkcapi-1.0.3-test_invocation_fix_bash_coding_error.patch

@@ -0,0 +1,23 @@
+From bc7c26efe5ab5c7644fac421b2fb6b1b687c4d0e Mon Sep 17 00:00:00 2001
+From: Stephan Mueller <smueller@chronox.de>
+Date: Sat, 13 Jan 2018 23:33:24 +0100
+Subject: [PATCH] fix bash coding error
+
+Signed-off-by: Stephan Mueller <smueller@chronox.de>
+---
+ test/test-invocation.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/test-invocation.sh b/test/test-invocation.sh
+index 1da861b..d381330 100755
+--- a/test/test-invocation.sh
++++ b/test/test-invocation.sh
+@@ -125,7 +125,7 @@ make distclean > /dev/null 2>&1
+ 
+ # if we are on 64 bit system, test 32 bit alternative mode,
+ # except is has been disabled explicitly.
+-if [ $(uname -m | grep -q "x86_64") && -z "$NO_32BIT_TEST" ]
++if $(uname -m | grep -q "x86_64") && [ -z "$NO_32BIT_TEST" ]
+ then
+ 	LDFLAGS=-m32 CFLAGS=-m32 ./configure $COMPILE_OPTS
+ 	make

libkcapi-1.0.3.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEXw1EZZTSv2l3qYKK8CxjnYQ7XxEFAlpZK6wACgkQ8CxjnYQ7
+XxEwZQ/8D2P8+ulnSP76ECOkcRsJZ3MGcTJWwvXzjk7wiGJtowOeyhiTvf1snULR
+NmAAAPufRMKNWPktfPJEQy1HujdNTICb6LFcF3iJxPLuRLUJEY5yRo6Y/SC0b3pD
+CC6KDehuxjas5X+E6lvZnf2E0FU/oc5YGmGFI8Kt6yeN2Lk3E1BeUyBGnYOZLlPF
+tPs49VNa5jMNnslmuVcngkNDTt7XdwfmALZX3rajZNaqOEvSn6SZqBQSqYrpQLww
+d7+hWgX4HiJ5dBel0cRPsFMMJwlrWOVk0ZxT8nGBpzFq0WvEJLE/Hc0F6TvS921v
+8gPoVkyiEFCiK9TrN95DsYGwCYLptz6kLHYwOCXYkrkusAPDi0ynuJMF3WcUGJr4
+XjiDdN1qTZvJKa86lVkd41lBHciwF/L2mGrlGtkVGempPmqFTeTaLPxz0AY8MroA
+qficChHou9jU7qQSmAczVWXK53e4k9Ejq5Ks0CgsQAJdpB4O/orj6+hWwqpNmaSp
+Lx9lKrTEOYiMpS/UgbcXfrm9O8rewywuJq88GdMa0xHSm1oS50kAhWizYQm9pYc2
+RviS0CgfGeGUFbQspoZA6AXiwHylSrJndgKml9qz5O+5ahrCk6uSYGcWBTWk/7Pl
+IcyM0Avb+qWUCdOLwknocdiSUP8KPA3utiiufpH4EgLBquVMnHg=
+=xov2
+-----END PGP SIGNATURE-----

libkcapi.spec

@@ -0,0 +1,435 @@
+# Shared object version of libkcapi.
+%global vmajor            1
+%global vminor            0
+%global vpatch            3
+
+# Do we build the replacements package?
+%bcond_with replacements
+
+# Priority for the sysctl.d preset.
+%global sysctl_prio       50
+
+# Value used for the sysctl.d preset.
+%global sysctl_optmem_max 81920
+
+# Lowest limit to run the testsuite.  If we cannot obtain this
+# value, we asume the testsuite cannot be run.
+%global test_optmem_max   %(%{__cat} /proc/sys/net/core/optmem_max || echo 0)
+
+# For picking patches from upstream commits or pull requests.
+%global giturl            https://github.com/smuellerDD/%{name}
+
+# Do we replace some coreutils?
+%if %{with replacements}
+%bcond_with replace_coreutils
+%if %{with replace_coreutils}
+# TODO: Adapt this when replacing some coreutils initially.
+%global coreutils_evr     8.29-1
+%endif
+%endif
+
+# Do we replace fipscheck?
+%if %{with replacements}
+%bcond_with replace_fipscheck
+%if %{with replace_fipscheck}
+# TODO: Adapt this when replacing fipscheck initially.
+%global fipscheck_evr     1.5.0-3
+%endif
+%endif
+
+# Do we replace hmaccalc?
+%if %{with replacements}
+%bcond_with replace_hmaccalc
+%if %{with replace_hmaccalc}
+# TODO: Adapt this when replacing hmaccalc initially.
+%global hmaccalc_evr      0.9.14-8
+%endif
+%endif
+
+# Add generation of HMAC checksums of the final stripped
+# binaries.  %%define with lazy globbing is used here
+# intentionally, because using %%global does not work.
+%define __spec_install_post                                     \
+%{?__debug_package:%{__debug_install_post}}                     \
+%{__arch_install_post}                                          \
+%{__os_install_post}                                            \
+%{_bindir}/fipshmac %{buildroot}%{_bindir}/*                    \
+%{_sbindir}/hardlink -cfv %{buildroot}%{_bindir}                \
+%{_bindir}/fipshmac %{buildroot}/%{_lib}/libkcapi.so.%{version} \
+%{__ln_s} .libkcapi.so.%{version}.hmac                          \\\
+  %{buildroot}/%{_lib}/.libkcapi.so.%{vmajor}.hmac              \
+%{nil}
+
+
+Name:           libkcapi
+Version:        %{vmajor}.%{vminor}.%{vpatch}
+Release:        1%{?dist}
+Summary:        User space interface to the Linux Kernel Crypto API
+
+License:        BSD or GPLv2
+URL:            http://www.chronox.de/%{name}.html
+Source0:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
+Source1:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
+
+Patch0:         %{giturl}/commit/ee348492dfdd2df1d7e1c431d106dfe11edfcd86.patch#/%{name}-1.0.3-Makefile_absolute_path_docproc.patch
+Patch1:         %{giturl}/commit/176c6e3d47ff63a6f51b92a05ce19857099ba74a.patch#/%{name}-1.0.3-Makefile_pdftex_custom_homedir.patch
+Patch2:         %{giturl}/commit/63855e3e2414afbe232e5ea2e4bdfb03b786344a.patch#/%{name}-1.0.3-libtool_pic_pie.patch
+Patch3:         %{giturl}/commit/b9bced05dae319c6a00c2adce8953d468404a95c.patch#/%{name}-1.0.3-autotools_full_path.patch
+Patch4:         %{giturl}/commit/ba147c9cce460c29076968c9e9e1a3828c0e9143.patch#/%{name}-1.0.3-hasher_test_hmaccalc_path.patch
+Patch5:         %{giturl}/commit/bc7c26efe5ab5c7644fac421b2fb6b1b687c4d0e.patch#/%{name}-1.0.3-test_invocation_fix_bash_coding_error.patch
+
+BuildRequires:  clang
+BuildRequires:  coreutils
+BuildRequires:  cppcheck
+BuildRequires:  docbook-utils-pdf
+BuildRequires:  fipscheck
+BuildRequires:  gcc
+BuildRequires:  hardlink
+BuildRequires:  hmaccalc
+BuildRequires:  libtool
+BuildRequires:  openssl
+BuildRequires:  systemd
+BuildRequires:  xmlto
+
+# For ownership of %%{_sysctldir}.
+Requires:       systemd
+
+%if !%{with replacements}
+Obsoletes:      %{name}-replacements%{?_isa} <= %{version}-%{release}
+%endif
+
+%description
+libkcapi allows user-space to access the Linux kernel crypto API.
+
+This library uses the netlink interface and exports easy to use APIs
+so that a developer does not need to consider the low-level netlink
+interface handling.
+
+The library does not implement any cipher algorithms.  All consumer
+requests are sent to the kernel for processing.  Results from the
+kernel crypto API are returned to the consumer via the library API.
+
+The kernel interface and therefore this library can be used by
+unprivileged processes.
+
+
+%package        devel
+Summary:        Development files for the %{name} package
+Requires:       %{name}%{?_isa} == %{version}-%{release}
+
+%description    devel
+Header files for applications that use %{name}.
+
+
+%package        doc
+Summary:        User documentation for the %{name} package
+BuildArch:      noarch
+
+%description    doc
+User documentation for %{name}.
+
+
+%if %{with replacements}
+%package        replacements
+Summary:        Drop-in replacements provided by the %{name} package
+Requires:       %{name}%{?_isa}   == %{version}-%{release}
+
+%if %{with replace_coreutils}
+Requires:       coreutils%{?_isa} >= %{coreutils_evr}
+
+Conflicts:      coreutils          < %{coreutils_evr}
+Conflicts:      coreutils-single
+%endif
+%if %{with replace_fipscheck}
+Obsoletes:      fipscheck         <= %{fipscheck_evr}
+
+Provides:       fipscheck         == %{fipscheck_evr}.1
+Provides:       fipscheck%{?_isa} == %{fipscheck_evr}.1
+%endif
+%if %{with replace_hmaccalc}
+Obsoletes:      hmaccalc          <= %{hmaccalc_evr}
+
+Provides:       hmaccalc          == %{hmaccalc_evr}.1
+Provides:       hmaccalc%{?_isa}  == %{hmaccalc_evr}.1
+%endif
+
+%description    replacements
+Provides drop-in replacements for
+%if %{with replace_fipscheck}
+  * fipscheck and fipshmac (fipscheck)
+%endif
+%if %{with replace_hmaccalc}
+  * sha*hmac (hmaccalc)
+%endif
+%if %{with replace_coreutils}
+  * sha*sum (coreutils)
+%endif
+tools using %{name}.
+%endif
+
+
+%package        static
+Summary:        Static library for -static linking with %{name}
+Requires:       %{name}-devel%{?_isa} == %{version}-%{release}
+
+%description    static
+This package contains the %{name} static libraries for -static
+linking.  You don't need this, unless you link statically, which
+is highly discouraged.
+
+
+%package        tools
+Summary:        Utility applications for the %{name} package
+Requires:       %{name}%{?_isa} == %{version}-%{release}
+
+%description    tools
+Utility applications that are provided with %{name}.  This includes
+tools to use message digests, symmetric ciphers and random number
+generators implemented in the Linux kernel from command line.
+
+
+%prep
+%autosetup -p 1
+
+%{__cat} << EOF > README.fedora
+This package increases the default limit of the ancillary buffer size
+per kernel socket defined in \`net.core.optmem_max\` to %{sysctl_optmem_max} bytes.
+
+For this preset to become active it requires a reboot after the
+installation of this package.  You can also manually increase this
+limit by invocing \`sysctl net.core.optmem_max=%{sysctl_optmem_max}\` as the
+super-user, e.g. using \`su\` or \`sudo\` on the terminal.
+
+This is done to provide consumers of the new Linux Kernel Crypto API
+User Space Interface a well sufficient and reasonable maximum limit
+by default, especially when using AIO with a larger amount of IOVECs.
+
+For further information about the AF_ALG kernel socket and AIO, see
+the discussion at the kernel-crypto mailing-list:
+https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg30417.html
+
+See the instructions given in '%{_sysctldir}/50-default.conf',
+if you need or want to override the preset made by this package.
+EOF
+
+%{__cat} << EOF > %{sysctl_prio}-%{name}-optmem_max.conf
+# See the 'README.fedora' file shipped in %%doc
+# with the %{name} package.
+#
+# See '%{_sysctldir}/50-default.conf',
+# if you need or want to override this preset.
+
+# Increase the ancillary buffer size per socket.
+net.core.optmem_max = %{sysctl_optmem_max}
+EOF
+
+%{_bindir}/autoreconf -fiv
+
+
+%build
+%configure               \
+  --libdir=/%{_lib}      \
+  --disable-silent-rules \
+  --enable-kcapi-encapp  \
+  --enable-kcapi-dgstapp \
+  --enable-kcapi-hasher  \
+  --enable-kcapi-rngapp  \
+  --enable-kcapi-speed   \
+  --enable-kcapi-test    \
+  --enable-shared        \
+  --enable-static        \
+  --with-pkgconfigdir=%{_libdir}/pkgconfig
+%make_build all doc
+
+
+%install
+%make_install
+
+# Install sysctl.d preset.
+%{__install} -Dpm 0644 -t %{buildroot}%{_sysctldir} \
+  %{sysctl_prio}-%{name}-optmem_max.conf
+
+# Install into proper location for inclusion by %%doc.
+%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
+  README.fedora README.md CHANGES TODO              \
+  doc/%{name}.p{df,s}
+%{__cp} -pr lib/doc/html %{buildroot}%{_pkgdocdir}
+
+%if !%{with replacements}
+%{__rm} -f                            \
+  %{buildroot}%{_bindir}/fips*        \
+  %{buildroot}%{_bindir}/kcapi-hasher \
+  %{buildroot}%{_bindir}/md5sum       \
+  %{buildroot}%{_bindir}/sha*hmac     \
+  %{buildroot}%{_bindir}/sha*sum
+%endif
+
+# We don't ship autocrap dumplings.
+%{_bindir}/find %{buildroot} -type f -name '*.la' -print -delete
+
+# HMAC checksums are generated during __spec_install_post.
+%{_bindir}/find %{buildroot} -type f -name '*.hmac' -print -delete
+
+# Remove 0-size files.
+%{_bindir}/find %{buildroot} -type f -size 0 -print -delete
+
+# Make sure all docs have non-exec permissions, except for the dirs.
+%{_bindir}/find %{buildroot}%{_pkgdocdir} -type f -print | \
+  %{_bindir}/xargs %{__chmod} -c 0644
+%{_bindir}/find %{buildroot}%{_pkgdocdir} -type d -print | \
+  %{_bindir}/xargs %{__chmod} -c 0755
+
+# Possibly save some space by hardlinking.
+for d in %{_mandir} %{_pkgdocdir}; do
+  %{_sbindir}/hardlink -cfv %{buildroot}$d
+done
+
+
+%check
+# Some basic sanity checks.
+for t in cppcheck scan; do
+  %make_build $t
+done
+
+# On some arches `/proc/sys/net/core/optmem_max` is lower than 20480,
+# which is the lowest limit needed to run the testsuite.  If that limit
+# is not met, we do not run it.
+%if %{test_optmem_max} >= 20480
+# Real testsuite.
+pushd test
+ENABLE_FUZZ_TEST=1 \
+NO_32BIT_TEST=1    \
+  ./test-invocation.sh
+popd
+%endif
+
+
+%post -p /sbin/ldconfig
+
+
+%postun -p /sbin/ldconfig
+
+
+%files
+%doc %dir %{_pkgdocdir}
+%doc %{_pkgdocdir}/README.fedora
+%doc %{_pkgdocdir}/README.md
+%license COPYING*
+/%{_lib}/%{name}.so.%{vmajor}
+/%{_lib}/%{name}.so.%{version}
+/%{_lib}/.%{name}.so.%{vmajor}.hmac
+/%{_lib}/.%{name}.so.%{version}.hmac
+%{_sysctldir}/%{sysctl_prio}-%{name}-optmem_max.conf
+
+
+%files          devel
+%doc %{_pkgdocdir}/CHANGES
+%doc %{_pkgdocdir}/TODO
+%{_includedir}/kcapi.h
+%{_mandir}/man3/kcapi_*.3.*
+/%{_lib}/%{name}.so
+%{_libdir}/pkgconfig/%{name}.pc
+
+
+%files          doc
+%doc %{_pkgdocdir}
+%license %{_datadir}/licenses/%{name}*
+
+
+%if %{with replacements}
+%files          replacements
+%{_bindir}/kcapi-hasher
+%{_bindir}/.kcapi-hasher.hmac
+%if %{with replace_coreutils}
+%{_bindir}/md5sum
+%{_bindir}/.md5sum.hmac
+%{_bindir}/sha*sum
+%{_bindir}/.sha*sum.hmac
+%else
+%exclude %{_bindir}/md5sum
+%exclude %{_bindir}/.md5sum.hmac
+%exclude %{_bindir}/sha*sum
+%exclude %{_bindir}/.sha*sum.hmac
+%endif
+%if %{with replace_fipscheck}
+%{_bindir}/fips*
+%{_bindir}/.fips*.hmac
+%else
+%exclude %{_bindir}/fips*
+%exclude %{_bindir}/.fips*.hmac
+%endif
+%if %{with replace_hmaccalc}
+%{_bindir}/sha*hmac
+%{_bindir}/.sha*hmac.hmac
+%else
+%exclude %{_bindir}/sha*hmac
+%exclude %{_bindir}/.sha*hmac.hmac
+%endif
+%endif
+
+
+%files          static
+/%{_lib}/%{name}.a
+
+
+%files          tools
+%if %{with replacements}
+%exclude %{_bindir}/kcapi-hasher
+%exclude %{_bindir}/.kcapi-hasher.hmac
+%endif
+%{_bindir}/kcapi*
+%{_bindir}/.kcapi*.hmac
+%{_mandir}/man1/kcapi*.1.*
+
+
+%changelog
+* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-1
+- Initial import (rhbz#1533929)
+
+* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.13
+- Increase optmem_max preset to 81920
+
+* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.12
+- Add sysctl.d preset and README.fedora
+
+* Mon Jan 15 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.11
+- Make the contents of the -replacements package configurable
+
+* Mon Jan 15 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.10
+- Fix Obsoletes of the -replacements package
+
+* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.9
+- Disable the -replacements package until we have a plan for it
+
+* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.8
+- Move the kcapi-hasher binary to -replacements package, since it is
+  not of much use without the linked invocation names and saves the
+  extra Requires on the -tools package
+
+* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.7
+- Fix internal Requires of sub-packages
+- Hardlink files in %%{_bindir}
+
+* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.6
+- Add patches from upstream
+
+* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.5
+- Add patches from upstream
+
+* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.4
+- Asume the testsuite cannot be run, if the value of optmem_max cannot
+  be obtained
+
+* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.3
+- Move libraries to /%%{_lib} instead of %%{_libdir}, which is useful
+  during boot when the library might be needed before a potentially
+  seperate /usr partition is mounted
+
+* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.2
+- Asume optmem_max is at least 20480, if the real value cannot be obtained
+
+* Fri Jan 12 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.1
+- New upstream release
+
+* Wed Jan 10 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.2-0.1
+- Initial rpm release (rhbz#1533929)

sources

@@ -0,0 +1 @@
+SHA512 (libkcapi-1.0.3.tar.xz) = 2fe6b4c4129be7c1a9fcfadeaeb7eb9c709bf129574c46014542547787e3b96aadf14a9a17ecadb58968e3e14731f44a9bd20ea47aa3bbc0a3a6327a24a92a65