Compare commits
5 Commits
da9fb7cf74
...
eaafaf0bd8
Author | SHA1 | Date | |
---|---|---|---|
|
eaafaf0bd8 | ||
|
845f2bc36b | ||
|
d533c5dc48 | ||
|
bccc7fc2e8 | ||
|
705fd52493 |
@ -1,2 +1,2 @@
|
||||
ee581bce3e76310f5c5488898771f7f403f72693 libkcapi-1.3.1.tar.xz
|
||||
b667ef4177e1ce64a6f1278ba73fb834d06c3cb1 libkcapi-1.3.1.tar.xz.asc
|
||||
526dca7d8eb8ddc29395f0716ba1233e27bf2ab5 libkcapi-1.4.0.tar.xz
|
||||
3f61ab30fc49740bb90fed760f30685f9d8ef22e libkcapi-1.4.0.tar.xz.asc
|
||||
|
@ -1,49 +0,0 @@
|
||||
From 2abf7fecb5162e4b59ba134c813ebee839eb45e9 Mon Sep 17 00:00:00 2001
|
||||
From: Simo Sorce <simo@redhat.com>
|
||||
Date: Wed, 14 Jul 2021 10:52:01 -0400
|
||||
Subject: [PATCH] Use GCCs __symver__ attribute
|
||||
|
||||
This is needed to allow LTO builds, as the __asm__ directives do not give
|
||||
enough context to the compiler and the build fails when the -flto flag is
|
||||
passed in.
|
||||
|
||||
Unfotunately __symver__ is avilbel only startig from GCC 10, so we need
|
||||
more macro juggling.
|
||||
|
||||
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||||
---
|
||||
lib/internal.h | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/lib/internal.h b/lib/internal.h
|
||||
index 29fdb7b..64dad24 100644
|
||||
--- a/lib/internal.h
|
||||
+++ b/lib/internal.h
|
||||
@@ -350,6 +350,16 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx,
|
||||
#if __GNUC__ >= 4
|
||||
# define DSO_PUBLIC __attribute__ ((visibility ("default")))
|
||||
|
||||
+#if __GNUC__ >= 10
|
||||
+# define IMPL_SYMVER(name, version) \
|
||||
+ __attribute__ ((visibility ("default"))) \
|
||||
+ __attribute__((__symver__("kcapi_" #name "@@LIBKCAPI_" version)))
|
||||
+
|
||||
+# define ORIG_SYMVER(name, version) \
|
||||
+ __attribute__ ((visibility ("default"))) \
|
||||
+ __attribute__((__symver__("kcapi_" #name "@LIBKCAPI_" version)))
|
||||
+
|
||||
+#else
|
||||
# define IMPL_SYMVER(name, version) \
|
||||
__asm__(".global impl_" #name ";"\
|
||||
".symver impl_" #name ",kcapi_" #name "@@LIBKCAPI_" version);\
|
||||
@@ -359,6 +369,7 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx,
|
||||
__asm__(".global orig_" #name ";"\
|
||||
".symver orig_" #name ",kcapi_" #name "@LIBKCAPI_" version);\
|
||||
__attribute__ ((visibility ("default")))
|
||||
+#endif
|
||||
|
||||
#else
|
||||
# error "Compiler version too old"
|
||||
--
|
||||
2.31.1
|
||||
|
40
001-tests-kernel-version.patch
Normal file
40
001-tests-kernel-version.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From c2af62dcc7a287f3c14f6aaec5724401c1ea470a Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Mon, 15 Aug 2022 10:19:50 +0200
|
||||
Subject: [PATCH] tests: fix overly-optimistic kernel version checks
|
||||
|
||||
The mainline kernel is now at version 6.0 so these >= 5.99 checks are
|
||||
now incorrectly enabling tests that don't work. Instead of bumping the
|
||||
imaginary version and face the same problem again in a couple years,
|
||||
replace the checks with 'false' and a TODO comment.
|
||||
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||
---
|
||||
test/test.sh | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/test/test.sh b/test/test.sh
|
||||
index 1d9be73..a75b802 100755
|
||||
--- a/test/test.sh
|
||||
+++ b/test/test.sh
|
||||
@@ -1560,7 +1560,8 @@ else
|
||||
echo_deact "AEAD tests of copied AAD deactivated"
|
||||
fi
|
||||
|
||||
-if $(check_min_kernelver 5 99); then
|
||||
+# TODO add version check when supported upstream
|
||||
+if false; then
|
||||
asymfunc 4
|
||||
asymfunc 4 -s
|
||||
asymfunc 4 -v
|
||||
@@ -1583,7 +1584,8 @@ else
|
||||
echo_deact "All asymmetric tests deactivated"
|
||||
fi
|
||||
|
||||
-if $(check_min_kernelver 5 99); then
|
||||
+# TODO add version check when supported upstream
|
||||
+if false; then
|
||||
kppfunc 13
|
||||
kppfunc 13 X -m
|
||||
kppfunc 13 -v
|
74
002-fips-disable-ansi_cprng.patch
Normal file
74
002-fips-disable-ansi_cprng.patch
Normal file
@ -0,0 +1,74 @@
|
||||
From 873842046678d109d8e382ce2e2870909876bbfe Mon Sep 17 00:00:00 2001
|
||||
From: Zoltan Fridrich <zfridric@redhat.com>
|
||||
Date: Fri, 11 Aug 2023 12:20:22 +0200
|
||||
Subject: [PATCH] Disable test of obsolete ansi_cprng in FIPS mode
|
||||
|
||||
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
||||
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||
---
|
||||
test/kcapi-main.c | 45 ++++++++++++++++++++++-----------------------
|
||||
1 file changed, 22 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
|
||||
index 67fb53f..23fc8ed 100644
|
||||
--- a/test/kcapi-main.c
|
||||
+++ b/test/kcapi-main.c
|
||||
@@ -652,8 +652,6 @@ static int is_fips_mode(void)
|
||||
static int auxiliary_tests(void)
|
||||
{
|
||||
struct kcapi_handle *handle = NULL;
|
||||
- const char *ansi_cprng_name = is_fips_mode() ? "fips(ansi_cprng)"
|
||||
- : "ansi_cprng";
|
||||
int ret = 0;
|
||||
|
||||
if (kcapi_aead_init(&handle, "ccm(aes)", 0)) {
|
||||
@@ -711,27 +709,28 @@ static int auxiliary_tests(void)
|
||||
if (aux_test_rng("drbg_nopr_ctr_aes256", NULL, 0))
|
||||
ret++;
|
||||
|
||||
- /* X9.31 RNG must require seed */
|
||||
- printf("X9.31 missing seeding: ");
|
||||
- if (!aux_test_rng(ansi_cprng_name, NULL, 0))
|
||||
- ret++;
|
||||
- /* X9.31 seed too short */
|
||||
- printf("X9.31 insufficient seeding: ");
|
||||
- if (!aux_test_rng(ansi_cprng_name,
|
||||
- (uint8_t *)
|
||||
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
||||
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 16))
|
||||
- ret++;
|
||||
- /* X9.31 seed right sized short */
|
||||
- if (aux_test_rng(ansi_cprng_name,
|
||||
- (uint8_t *)
|
||||
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
||||
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
||||
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
||||
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 32)) {
|
||||
- printf("Error for %s: kernel module ansi_cprng present?\n",
|
||||
- ansi_cprng_name);
|
||||
- ret++;
|
||||
+ if (!is_fips_mode()) {
|
||||
+ /* X9.31 RNG must require seed */
|
||||
+ printf("X9.31 missing seeding: ");
|
||||
+ if (!aux_test_rng("ansi_cprng", NULL, 0))
|
||||
+ ret++;
|
||||
+ /* X9.31 seed too short */
|
||||
+ printf("X9.31 insufficient seeding: ");
|
||||
+ if (!aux_test_rng("ansi_cprng",
|
||||
+ (uint8_t *)
|
||||
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
||||
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 16))
|
||||
+ ret++;
|
||||
+ /* X9.31 seed right sized short */
|
||||
+ if (aux_test_rng("ansi_cprng",
|
||||
+ (uint8_t *)
|
||||
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
||||
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
||||
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
||||
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 32)) {
|
||||
+ printf("Error for ansi_cprng: kernel module ansi_cprng present?\n");
|
||||
+ ret++;
|
||||
+ }
|
||||
}
|
||||
|
||||
return ret;
|
58
003-zeroize-hasher.patch
Normal file
58
003-zeroize-hasher.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From e6e9288ecce61101ab765bc966ba8f780915802f Mon Sep 17 00:00:00 2001
|
||||
From: Zoltan Fridrich <zfridric@redhat.com>
|
||||
Date: Wed, 1 Nov 2023 10:54:03 +0100
|
||||
Subject: [PATCH] kcapi-hasher: zeroise temporary values for FIPS 140-3
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Requirement introduced by AS05.10:
|
||||
"The temporary value(s) generated during the integrity test of the
|
||||
module’s software or firmware shall [05.10] be zeroised from the module
|
||||
upon completion of the integrity test;"
|
||||
|
||||
As some modules use fipscheck or sha*hmac for integrity tests, these
|
||||
temporary values need to be zeroised from the hasher.
|
||||
|
||||
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
||||
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||
---
|
||||
apps/kcapi-hasher.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
|
||||
index 098b655..f5caf77 100644
|
||||
--- a/apps/kcapi-hasher.c
|
||||
+++ b/apps/kcapi-hasher.c
|
||||
@@ -360,6 +360,7 @@ static int hasher(struct kcapi_handle *handle, const struct hash_params *params,
|
||||
if (hashlen > (uint32_t)ret) {
|
||||
fprintf(stderr, "Invalid truncated hash size: %lu > %zd\n",
|
||||
(unsigned long)hashlen, ret);
|
||||
+ kcapi_memset_secure(md, 0, sizeof(md));
|
||||
return (int)ret;
|
||||
}
|
||||
|
||||
@@ -376,6 +377,7 @@ static int hasher(struct kcapi_handle *handle, const struct hash_params *params,
|
||||
ret = 1;
|
||||
else
|
||||
ret = 0;
|
||||
+ kcapi_memset_secure(compmd, 0, sizeof(compmd));
|
||||
} else {
|
||||
if (outfile == NULL) { /* only print hash (hmaccalc -S) */
|
||||
bin2print(md, hashlen, NULL, stdout,
|
||||
@@ -396,6 +398,7 @@ static int hasher(struct kcapi_handle *handle, const struct hash_params *params,
|
||||
fprintf(stderr, "Generation of hash for file %s failed (%zd)\n",
|
||||
filename ? filename : "stdin", ret);
|
||||
}
|
||||
+ kcapi_memset_secure(md, 0, sizeof(md));
|
||||
return (int)ret;
|
||||
}
|
||||
|
||||
@@ -696,6 +699,7 @@ static int process_checkfile(const struct hash_params *params,
|
||||
if (file)
|
||||
fclose(file);
|
||||
kcapi_md_destroy(handle);
|
||||
+ kcapi_memset_secure(buf, 0, sizeof(buf));
|
||||
|
||||
/*
|
||||
* If we found no lines to check, return an error.
|
160
004-hasher-target-option.patch
Normal file
160
004-hasher-target-option.patch
Normal file
@ -0,0 +1,160 @@
|
||||
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
|
||||
index f5caf77..a934fd9 100644
|
||||
--- a/apps/kcapi-hasher.c
|
||||
+++ b/apps/kcapi-hasher.c
|
||||
@@ -153,15 +153,17 @@ static void usage(char *name, int fipscheck)
|
||||
if (fipscheck)
|
||||
fprintf(stderr, "\t%s [-n BASENAME] [OPTION]... FILE\n", base);
|
||||
else {
|
||||
- fprintf(stderr, "\t%s [-n BASENAME] [OPTION]... -c FILE\n", base);
|
||||
+ fprintf(stderr, "\t%s [-n BASENAME] [OPTION]... -c FILE [-T FILE]\n", base);
|
||||
fprintf(stderr, "\t%s [-n BASENAME] [OPTION]... FILE...\n", base);
|
||||
}
|
||||
fprintf(stderr, "\nOptions:\n");
|
||||
fprintf(stderr, "\t-n --name\t\tForce given application name (sha512hmac/...)\n");
|
||||
fprintf(stderr, "\t-S --self-sum\t\tPrint checksum of this binary and exit\n");
|
||||
fprintf(stderr, "\t-L --self-sum-lib\tPrint checksum of the libkcapi library and exit\n");
|
||||
- if (!fipscheck)
|
||||
+ if (!fipscheck) {
|
||||
fprintf(stderr, "\t-c --check FILE\t\tVerify hash sums from file\n");
|
||||
+ fprintf(stderr, "\t-T --target FILE\tOverride filenames found in hash sums file; use with -c\n");
|
||||
+ }
|
||||
fprintf(stderr, "\t-u --unkeyed\t\tForce unkeyed hash\n");
|
||||
fprintf(stderr, "\t-h --hash HASH\t\tUse given hash algorithm\n");
|
||||
fprintf(stderr, "\t-t --truncate N\t\tUse hash truncated to N bits\n");
|
||||
@@ -543,7 +545,7 @@ static int hash_files(const struct hash_params *params,
|
||||
#define CHK_STATUS (2)
|
||||
|
||||
static int process_checkfile(const struct hash_params *params,
|
||||
- const char *checkfile, const char *targetfile, int log)
|
||||
+ const char *checkfile, const char *targetfile, int log, int fipscheck)
|
||||
{
|
||||
FILE *file = NULL;
|
||||
int ret = 0;
|
||||
@@ -583,7 +585,7 @@ static int process_checkfile(const struct hash_params *params,
|
||||
}
|
||||
|
||||
while (fgets(buf, sizeof(buf), file)) {
|
||||
- char *filename = NULL; // parsed file name
|
||||
+ const char *filename = NULL; // parsed file name
|
||||
char *hexhash = NULL; // parsed hex value of hash
|
||||
uint32_t hexhashlen = 0; // length of hash hex value
|
||||
uint32_t linelen = (uint32_t)strlen(buf);
|
||||
@@ -658,17 +660,7 @@ static int process_checkfile(const struct hash_params *params,
|
||||
goto out;
|
||||
}
|
||||
|
||||
- /* fipscheck does not have the filename in the check file */
|
||||
- if (targetfile) {
|
||||
- ret = hasher(handle, params, targetfile,
|
||||
- hexhash, hexhashlen, stdout);
|
||||
- checked_any = 1;
|
||||
- goto out;
|
||||
- }
|
||||
-
|
||||
if (filename) {
|
||||
- int r;
|
||||
-
|
||||
if (!bsd_style) {
|
||||
if (!isblank(filename[0]) ||
|
||||
(!isblank(filename[1]) && filename[1] != '*')) {
|
||||
@@ -678,20 +670,28 @@ static int process_checkfile(const struct hash_params *params,
|
||||
}
|
||||
filename += 2;
|
||||
}
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * if targetfile is specified, use it instead of the filename
|
||||
+ * found inside the checkfile
|
||||
+ */
|
||||
+ if (targetfile)
|
||||
+ filename = targetfile;
|
||||
|
||||
- r = hasher(handle, params, filename, hexhash, hexhashlen, stdout);
|
||||
+ if (filename) {
|
||||
+ ret = hasher(handle, params, filename, hexhash, hexhashlen, stdout);
|
||||
+ checked_any = 1;
|
||||
+ if (fipscheck)
|
||||
+ goto out;
|
||||
|
||||
- if (r == 0) {
|
||||
+ if (ret == 0) {
|
||||
if (log < CHK_QUIET)
|
||||
printf("%s: OK\n", filename);
|
||||
} else {
|
||||
if (log < CHK_STATUS)
|
||||
- printf("%s: Not OK\n",
|
||||
- filename);
|
||||
- if (ret >= 0)
|
||||
- ret++;
|
||||
+ printf("%s: Not OK\n", filename);
|
||||
}
|
||||
- checked_any = 1;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -783,7 +783,7 @@ static int fipscheck_self(const struct hash_params *params_bin,
|
||||
goto out;
|
||||
}
|
||||
|
||||
- ret = process_checkfile(params_bin, checkfile, selfname, CHK_STATUS);
|
||||
+ ret = process_checkfile(params_bin, checkfile, selfname, CHK_STATUS, 1);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
@@ -823,7 +823,7 @@ static int fipscheck_self(const struct hash_params *params_bin,
|
||||
goto out;
|
||||
}
|
||||
|
||||
- ret = process_checkfile(params_lib, checkfile, selfname, CHK_STATUS);
|
||||
+ ret = process_checkfile(params_lib, checkfile, selfname, CHK_STATUS, 1);
|
||||
}
|
||||
|
||||
out:
|
||||
@@ -878,12 +878,13 @@ int main(int argc, char *argv[])
|
||||
{0, 0, 0, 0}
|
||||
};
|
||||
|
||||
- static const char *opts_short = "c:uh:t:SLqk:K:vbd:Pz";
|
||||
+ static const char *opts_short = "c:T:uh:t:SLqk:K:vbd:Pz";
|
||||
static const struct option opts[] = {
|
||||
{"help", 0, 0, 0},
|
||||
{"tag", 0, 0, 0},
|
||||
{"quiet", 0, 0, 0},
|
||||
{"check", 1, 0, 'c'},
|
||||
+ {"target", 1, 0, 'T'},
|
||||
{"unkeyed", 0, 0, 'u'},
|
||||
{"hash", 1, 0, 'h'},
|
||||
{"truncate", 1, 0, 't'},
|
||||
@@ -1129,6 +1130,9 @@ int main(int argc, char *argv[])
|
||||
version(argv[0]);
|
||||
ret = 0;
|
||||
goto out;
|
||||
+ case 'T':
|
||||
+ targetfile = optarg;
|
||||
+ break;
|
||||
case 'd':
|
||||
checkdir = optarg;
|
||||
break;
|
||||
@@ -1198,6 +1202,11 @@ int main(int argc, char *argv[])
|
||||
ret = 1;
|
||||
goto out;
|
||||
}
|
||||
+ if (targetfile) {
|
||||
+ fprintf(stderr, "-T is not valid for fipscheck\n");
|
||||
+ ret = 1;
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
targetfile = argv[optind];
|
||||
if (checkfile)
|
||||
@@ -1215,7 +1224,7 @@ int main(int argc, char *argv[])
|
||||
(uint32_t)(argc - optind),
|
||||
fipshmac, checkdir, 0);
|
||||
else if (optind == argc)
|
||||
- ret = process_checkfile(¶ms, checkfile, targetfile, loglevel);
|
||||
+ ret = process_checkfile(¶ms, checkfile, targetfile, loglevel, fipscheck);
|
||||
else {
|
||||
fprintf(stderr, "-c cannot be used with input files\n");
|
||||
ret = 1;
|
@ -1,7 +1,7 @@
|
||||
# Shared object version of libkcapi.
|
||||
%global vmajor 1
|
||||
%global vminor 3
|
||||
%global vpatch 1
|
||||
%global vminor 4
|
||||
%global vpatch 0
|
||||
|
||||
# Do we build the replacements packages?
|
||||
%bcond_with replace_coreutils
|
||||
@ -26,9 +26,7 @@
|
||||
%if 0%{?rhel}
|
||||
%bcond_with cppcheck
|
||||
%else
|
||||
# Temporarily disable cppcheck on Fedora until bz#1923600 is fixed in rawhide
|
||||
%bcond_with cppcheck
|
||||
#bcond_without cppcheck
|
||||
%bcond_without cppcheck
|
||||
%endif
|
||||
|
||||
# Use `--without test` to build without running the tests
|
||||
@ -86,8 +84,8 @@
|
||||
%global hmaccalc_evr 0.9.14-10%{?dist}
|
||||
%endif
|
||||
|
||||
%global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac
|
||||
%global apps_fipscheck sha1sum sha224sum sha256sum sha384sum sha512sum md5sum fipscheck fipshmac
|
||||
%global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac sm3hmac
|
||||
%global apps_fipscheck sha1sum sha224sum sha256sum sha384sum sha512sum md5sum sm3sum fipscheck fipshmac
|
||||
|
||||
# On old kernels use mock hashers implemented via openssl
|
||||
%if %{lua:print(rpm.vercmp(posix.uname('%r'), '3.19'));} >= 0
|
||||
@ -125,17 +123,20 @@ done \
|
||||
|
||||
Name: libkcapi
|
||||
Version: %{vmajor}.%{vminor}.%{vpatch}
|
||||
Release: 3%{?dist}
|
||||
Release: 1%{?dist}
|
||||
Summary: User space interface to the Linux Kernel Crypto API
|
||||
|
||||
License: BSD or GPLv2
|
||||
License: BSD-3-Clause OR GPL-2.0-only
|
||||
URL: https://www.chronox.de/%{name}.html
|
||||
Source0: https://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
|
||||
Source1: https://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
|
||||
Source2: sha512hmac-openssl.sh
|
||||
Source3: fipshmac-openssl.sh
|
||||
|
||||
Patch1: 0001-Use-GCCs-__symver__-attribute.patch
|
||||
Patch1: 001-tests-kernel-version.patch
|
||||
Patch2: 002-fips-disable-ansi_cprng.patch
|
||||
Patch3: 003-zeroize-hasher.patch
|
||||
Patch4: 004-hasher-target-option.patch
|
||||
|
||||
BuildRequires: bash
|
||||
BuildRequires: coreutils
|
||||
@ -156,7 +157,7 @@ BuildRequires: docbook-utils-pdf
|
||||
BuildRequires: clang
|
||||
%endif
|
||||
%if %{with cppcheck}
|
||||
BuildRequires: cppcheck
|
||||
BuildRequires: cppcheck >= 2.4
|
||||
%endif
|
||||
|
||||
# For ownership of %%{_sysctldir}.
|
||||
@ -378,7 +379,8 @@ EOF
|
||||
%if !%{with replace_coreutils}
|
||||
%{__rm} -f \
|
||||
%{buildroot}%{_bindir}/md5sum \
|
||||
%{buildroot}%{_bindir}/sha*sum
|
||||
%{buildroot}%{_bindir}/sha*sum \
|
||||
%{buildroot}%{_bindir}/sm*sum
|
||||
%endif
|
||||
|
||||
%if !%{with replace_fipscheck}
|
||||
@ -387,6 +389,7 @@ EOF
|
||||
|
||||
%if !%{with replace_hmaccalc}
|
||||
%{__rm} -f %{buildroot}%{_bindir}/sha*hmac
|
||||
%{__rm} -f %{buildroot}%{_bindir}/sm*hmac
|
||||
%endif
|
||||
|
||||
# We don't ship autocrap dumplings.
|
||||
@ -479,8 +482,10 @@ popd
|
||||
%files checksum
|
||||
%{_bindir}/md5sum
|
||||
%{_bindir}/sha*sum
|
||||
%{_bindir}/sm*sum
|
||||
%{_libdir}/fipscheck/md5sum.hmac
|
||||
%{_libdir}/fipscheck/sha*sum.hmac
|
||||
%{_libdir}/fipscheck/sm*sum.hmac
|
||||
%endif
|
||||
|
||||
%if %{with replace_fipscheck}
|
||||
@ -492,7 +497,9 @@ popd
|
||||
%if %{with replace_hmaccalc}
|
||||
%files hmaccalc
|
||||
%{_bindir}/sha*hmac
|
||||
%{_bindir}/sm*hmac
|
||||
%{_libdir}/hmaccalc/sha*hmac.hmac
|
||||
%{_libdir}/hmaccalc/sm*hmac.hmac
|
||||
%endif
|
||||
|
||||
|
||||
@ -512,6 +519,16 @@ popd
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Nov 01 2023 Zoltan Fridrich <zfridric@redhat.com> - 1.4.0-1
|
||||
- Update to new upstream release 1.4.0
|
||||
Resolves: RHEL-5367
|
||||
- Add a patch to fix auxiliary tests in FIPS mode
|
||||
Resolves: RHEL-2405
|
||||
- Add a patch to zeroize kcapi-hasher for FIPS 140-3
|
||||
Resolves: RHEL-15112
|
||||
- Add a patch to allow overriding target file in kcapi-hasher
|
||||
Resolves: RHEL-15298
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.1-3
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (libkcapi-1.3.1.tar.xz) = 2240e5410e1df4b54f42182bf294ac13d82fd78d60466cafef7644bf7c9144c064ba1fd78d110d66bc41fd220ad2f211081eb64a0da5c8740716a3146d72ba30
|
||||
SHA512 (libkcapi-1.3.1.tar.xz.asc) = fb5f85401921e884e7eb7b989baed2c98371a90b61056c929bf8348e7864fc001b67d7e5bf5f799d61befbefa6ab60b296c1d781fc30069936edc3eb40134954
|
||||
SHA512 (libkcapi-1.4.0.tar.xz) = fa3df1fe22eba32585de5df044f907d3ad189c33f5704fe29b0fdeda92e772ef077055b80e17bc1646a8cdedaf4f195aadf0b133f493597f0f7657b04ea93a99
|
||||
SHA512 (libkcapi-1.4.0.tar.xz.asc) = a41303cba88b214c82537bb5de2584a72a239670318753ba6873a2c3ebe3b56ffd381fdf7ae266aa21857e850bebdfbfdec487c98655ddbc2b9a0ba0d4f383ca
|
||||
|
Loading…
Reference in New Issue
Block a user