rpms/libkcapi
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to upstream version 1.2.1

Browse Source 
Remove cppcheck dependency for rhel bz#1931518 and Fedora (temporarily) #bz1923600

Signed-off-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Sahana Prasad 2021-02-22 11:14:57 +01:00
parent dbcdc9af40
commit f0029bf72c
3 changed files with 26 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

163
000-Kern-5.8-fix-MSG_MORE-usage.patch
View File

@ -1,163 +0,0 @@
From b612c52c5ccf021d01e6c786db1a31a697f21d97 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Thu, 13 Aug 2020 21:58:07 +0200
Subject: [PATCH] Kern 5.8: fix MSG_MORE usage
With kernel 5.8, a precise use of MSG_MORE is mandatory to support
a stream cipher approach (init -> update -> update -> ... -> final).
All but the last update operations must use MSG_MORE, the last update
operation must not use MSG_MORE.
Reported-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/kcapi-aead.c | 24 ++++++++++++++----------
lib/kcapi-kernel-if.c | 6 ++----
test/kcapi-main.c | 31 +++++++++++++++++--------------
3 files changed, 33 insertions(+), 28 deletions(-)
diff --git a/lib/kcapi-aead.c b/lib/kcapi-aead.c
index d241618..45a0bd7 100644
--- a/lib/kcapi-aead.c
+++ b/lib/kcapi-aead.c
@@ -210,13 +210,15 @@ _kcapi_aead_encrypt_aio_fallback(struct kcapi_handle *handle,
uint32_t iovlen, const uint8_t *iv)
{
uint32_t i;
- int32_t ret = kcapi_aead_stream_init_enc(handle, iv, NULL, 0);
-
- if (ret < 0)
- return ret;
+ int32_t ret = 0;
for (i = 0; i < iovlen; i++) {
- int rc = kcapi_aead_stream_update_last(handle, iniov, 1);
+ int rc = kcapi_aead_stream_init_enc(handle, iv, NULL, 0);
+
+ if (rc < 0)
+ return rc;
+
+ rc = kcapi_aead_stream_update_last(handle, iniov, 1);
if (rc < 0)
return rc;
@@ -271,13 +273,15 @@ _kcapi_aead_decrypt_aio_fallback(struct kcapi_handle *handle,
uint32_t iovlen, const uint8_t *iv)
{
uint32_t i;
- int32_t ret = kcapi_aead_stream_init_dec(handle, iv, NULL, 0);
-
- if (ret < 0)
- return ret;
+ int32_t ret = 0;
for (i = 0; i < iovlen; i++) {
- int rc = kcapi_aead_stream_update_last(handle, iniov, 1);
+ int rc = kcapi_aead_stream_init_dec(handle, iv, NULL, 0);
+
+ if (rc < 0)
+ return rc;
+
+ rc = kcapi_aead_stream_update_last(handle, iniov, 1);
if (rc < 0)
return rc;
diff --git a/lib/kcapi-kernel-if.c b/lib/kcapi-kernel-if.c
index bea994f..42cf1ad 100644
--- a/lib/kcapi-kernel-if.c
+++ b/lib/kcapi-kernel-if.c
@@ -439,8 +439,7 @@ int _kcapi_aio_send_iov(struct kcapi_handle *handle, struct iovec *iov,
if (0 > ret)
return ret;
} else {
- ret = _kcapi_common_send_meta(handle, NULL, 0, enc,
- len ? MSG_MORE : 0);
+ ret = _kcapi_common_send_meta(handle, NULL, 0, enc, MSG_MORE);
if (0 > ret)
return ret;
ret = _kcapi_common_vmsplice_iov(handle, iov, iovlen, 0);
@@ -1246,8 +1245,7 @@ int32_t _kcapi_cipher_crypt(struct kcapi_handle *handle, const uint8_t *in,
if (0 > ret)
return ret;
} else {
- ret = _kcapi_common_send_meta(handle, NULL, 0, enc,
- inlen ? MSG_MORE : 0);
+ ret = _kcapi_common_send_meta(handle, NULL, 0, enc, MSG_MORE);
if (0 > ret)
return ret;
ret = _kcapi_common_vmsplice_chunk(handle, in, inlen, 0);
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index 51f6ec7..64e466c 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -846,7 +846,7 @@ static int cavs_sym(struct kcapi_cavs *cavs_test, uint32_t loops,
goto out;
}
- for(i = 0; i < loops; i++) {
+ for (i = 0; i < loops; i++) {
_get_time(&begin);
if (cavs_test->enc) {
ret = kcapi_cipher_encrypt(handle,
@@ -886,7 +886,7 @@ static int cavs_sym(struct kcapi_cavs *cavs_test, uint32_t loops,
}
static void mt_sym_writer(struct kcapi_handle *handle, struct iovec *iov,
- int forking)
+ int forking, int last)
{
int ret;
@@ -899,7 +899,10 @@ static void mt_sym_writer(struct kcapi_handle *handle, struct iovec *iov,
return;
}
- ret = kcapi_cipher_stream_update_last(handle, iov, 1);
+ if (last)
+ ret = kcapi_cipher_stream_update_last(handle, iov, 1);
+ else
+ ret = kcapi_cipher_stream_update(handle, iov, 1);
if (0 > ret)
printf("Sending of data failed\n");
@@ -1004,7 +1007,7 @@ static int cavs_sym_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
iov.iov_len = cavs_test->ctlen;
}
- mt_sym_writer(handle_ptr, &iov, forking);
+ mt_sym_writer(handle_ptr, &iov, forking, i == (loops * 2 - 1));
outiov.iov_base = outbuf_ptr;
outiov.iov_len = outbuflen;
@@ -1636,21 +1639,21 @@ static int cavs_aead_stream(struct kcapi_cavs *cavs_test, uint32_t loops,
if (ret)
goto out;
- if (cavs_test->enc)
- ret = kcapi_aead_stream_init_enc(handle, newiv, NULL, 0);
-
- else
- ret = kcapi_aead_stream_init_dec(handle, newiv, NULL, 0);
- if (0 > ret) {
- printf("Initialization of cipher buffer failed\n");
- goto out;
- }
-
for (i = 0; i < loops; i++) {
int errsv = 0;
memset(outbuf, 0, outbuflen);
+ if (cavs_test->enc)
+ ret = kcapi_aead_stream_init_enc(handle, newiv, NULL, 0);
+ else
+ ret = kcapi_aead_stream_init_dec(handle, newiv, NULL, 0);
+ if (0 > ret) {
+ printf("Initialization of cipher buffer failed\n");
+ goto out;
+ }
+
+
iov.iov_base = cavs_test->assoc;
iov.iov_len = cavs_test->assoclen;
if (cavs_test->enc) {

32
libkcapi.spec
View File

@ -1,7 +1,7 @@
# Shared object version of libkcapi. # Shared object version of libkcapi.
%global vmajor 1 %global vmajor 1
%global vminor 2 %global vminor 2
%global vpatch 0 %global vpatch 1
# Do we build the replacements packages? # Do we build the replacements packages?
%bcond_with replace_coreutils %bcond_with replace_coreutils
@ -106,10 +106,16 @@ done \
"$lib_path"/fipscheck/libkcapi.so.%{vmajor}.hmac \ "$lib_path"/fipscheck/libkcapi.so.%{vmajor}.hmac \
%{nil} %{nil}
# disable cppcheck analysis in ELN/RHEL to avoid the dependency bz#1931518
%if 0%{?rhel}
%bcond_with cppcheck
%else
%bcond_without cppcheck
%endif
Name: libkcapi Name: libkcapi
Version: %{vmajor}.%{vminor}.%{vpatch} Version: %{vmajor}.%{vminor}.%{vpatch}
Release: 4%{?dist} Release: 1%{?dist}
Summary: User space interface to the Linux Kernel Crypto API Summary: User space interface to the Linux Kernel Crypto API
License: BSD or GPLv2 License: BSD or GPLv2
@ -119,12 +125,9 @@ Source1: https://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
Source2: sha512hmac-openssl.sh Source2: sha512hmac-openssl.sh
Source3: fipshmac-openssl.sh Source3: fipshmac-openssl.sh
Patch0: %{giturl}/commit/b612c52c5ccf.patch#/000-Kern-5.8-fix-MSG_MORE-usage.patch
BuildRequires: bash BuildRequires: bash
BuildRequires: clang BuildRequires: clang
BuildRequires: coreutils BuildRequires: coreutils
BuildRequires: cppcheck
BuildRequires: docbook-utils-pdf BuildRequires: docbook-utils-pdf
BuildRequires: gcc BuildRequires: gcc
BuildRequires: git-core BuildRequires: git-core
@ -136,6 +139,11 @@ BuildRequires: perl-interpreter
BuildRequires: systemd BuildRequires: systemd
BuildRequires: xmlto BuildRequires: xmlto
BuildRequires: make BuildRequires: make
#Temoporarily disabling cppcheck on Fedora untill #bz1923600
#is fixed in rawhide
#%if %{with cppcheck}
#BuildRequires: cppcheck
#%endif
# For ownership of %%{_sysctldir}. # For ownership of %%{_sysctldir}.
Requires: systemd Requires: systemd
@ -378,9 +386,12 @@ done
%check %check
# Some basic sanity checks. # Some basic sanity checks.
for t in cppcheck scan; do %make_build scan
%make_build $t #Temoporarily disabling cppcheck on Fedora untill #bz1923600
done #is fixed in rawhide
#%if %{with cppcheck}
#%make_build cppcheck
#%endif
# On some arches `/proc/sys/net/core/optmem_max` is lower than 20480, # On some arches `/proc/sys/net/core/optmem_max` is lower than 20480,
# which is the lowest limit needed to run the testsuite. If that limit # which is the lowest limit needed to run the testsuite. If that limit
@ -467,6 +478,11 @@ popd
%changelog %changelog
* Mon Mar 15 2021 Sahana Prasad <sahana@redhat.com> - 1.2.1-1
- Update to upstream version 1.2.1
- Remove patch fix MSG_MORE uasge as it is added upstream
- Remove cppcheck dependency for rhel bz#1931518
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-4 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (libkcapi-1.2.0.tar.xz) = f097aac4fb06d0e0a7f62376506caa2d4cdb03572be89286ff335684f9a10285ffea4b3cfb37fd49e51435aa6636256aa12f0cf970fd48b1358aace8ac14b289 SHA512 (libkcapi-1.2.1.tar.xz) = bfe5e4fa4368973cfcadbde3b2a278e31bc5c36a6afba9fc92fdd5903e4e8050d09000a195c764c981753896ef543635add98bbb930dbe52a56d2f6318bc1241
SHA512 (libkcapi-1.2.0.tar.xz.asc) = 336769b04c75ee23d4cae98697a6ea14e5bd244bcefaa2396d80dab95538620c9353100685bd0568f61b8dfa3089c6ff7e4fdcdde949012ba0d7fe6aac650577 SHA512 (libkcapi-1.2.1.tar.xz.asc) = f2823add4528e16c45ccb59e2124da29007b0285faed5194fe5969f4928411faa63b3b6586bd103085b666a4dfb977cfdf0d20db6588d426ab92e29e360a37e7