diff --git a/README.md b/README.md new file mode 100644 index 0000000000000000000000000000000000000000..bf842fd6ceee91aad9e2ff8dd6c64dda6e45b3e0 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +Obsoleted by libkcapi since openEuler 25.09. + +https://gitee.com/src-openeuler/fipscheck/issues/IAJ63G diff --git a/fipscheck-1.5.0.tar.bz2 b/fipscheck-1.5.0.tar.bz2 deleted file mode 100644 index 5fd7631c83905969570681d3fe745bb778cf1f4d..0000000000000000000000000000000000000000 Binary files a/fipscheck-1.5.0.tar.bz2 and /dev/null differ diff --git a/fipscheck-openssl3.patch b/fipscheck-openssl3.patch deleted file mode 100644 index 9086633b85c995d2511c021fc42d2297fd6057da..0000000000000000000000000000000000000000 --- a/fipscheck-openssl3.patch +++ /dev/null @@ -1,247 +0,0 @@ ---- a/src/filehmac.c 2017-02-23 22:31:42.000000000 +0800 -+++ b/src/filehmac.c 2025-02-01 01:19:39.329175000 +0800 -@@ -41,9 +41,13 @@ - #include - - #if defined(WITH_OPENSSL) --#include -+#include -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+#include - #include -+#else - #include -+#endif - #elif defined(WITH_NSS) - #include - #include -@@ -196,10 +200,110 @@ - } - #endif - -+#if defined(WITH_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L -+int -+compute_file_hmac(const char *path, void **buf, size_t *hmaclen, int force_fips) -+{ -+ static OSSL_PROVIDER *fips = NULL; -+ FILE *f = NULL; -+ -+#ifdef CALL_PRELINK -+ int prelink = 0; -+#endif -+ int rv = -1; -+ OSSL_PARAM params[2]; -+ unsigned char rbuf[READ_BUFFER_LENGTH]; -+ size_t len; -+ size_t hlen; -+ -+ if (force_fips && fips == NULL) { -+ fips = OSSL_PROVIDER_load(NULL, "fips"); -+ if (fips == NULL) { -+ debug_log("Failed to load FIPS provider\n"); -+ return -1; -+ } -+ } -+ -+#ifdef CALL_PRELINK -+ if (access(PATH_PRELINK, X_OK) == 0) { -+ f = spawn_prelink(path, &prelink); -+ } -+ -+ if (!prelink && f == NULL) { -+ f = fopen(path, "r"); -+ } -+#else -+ f = fopen(path, "r"); -+#endif -+ -+ if (f == NULL) { -+ debug_log("Failed to open '%s'", path); -+ goto end; -+ } -+ -+ EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", force_fips ? "provider=fips" : NULL); -+ if (mac == NULL) { -+ debug_log("Failed to allocate memory for HMAC"); -+ goto end; -+ } -+ -+ EVP_MAC_CTX *c = EVP_MAC_CTX_new(mac); -+ if (c == NULL) { -+ debug_log("Failed to allocate memory for HMAC_CTX"); -+ goto end; -+ } -+ -+ EVP_MAC_free(mac); -+ -+ params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA256", 0); -+ params[1] = OSSL_PARAM_construct_end(); -+ -+ EVP_MAC_init(c, hmackey, sizeof(hmackey) - 1, params); -+ -+ while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) -+ EVP_MAC_update(c, rbuf, len); -+ -+ EVP_MAC_final(c, rbuf, &hlen, sizeof(rbuf)); -+ EVP_MAC_CTX_free(c); -+ -+ *buf = malloc(hlen); -+ if (*buf == NULL) { -+ debug_log("Failed to allocate memory"); -+ goto end; -+ } -+ -+ *hmaclen = hlen; -+ -+ memcpy(*buf, rbuf, hlen); -+ -+ rv = 0; -+ -+end: -+ if (f) -+ fclose(f); -+ -+#ifdef CALL_PRELINK -+ if (prelink) { -+ int ret; -+ int status; -+ -+ while ((ret = waitpid(prelink, &status, 0)) == -1 && /* wait for prelink to complete */ -+ errno == EINTR); -+ if (ret <= 0 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) { -+ debug_log("prelink failed"); -+ rv = -1; -+ } -+ } -+#endif -+ -+ return rv; -+} -+#else - int - compute_file_hmac(const char *path, void **buf, size_t *hmaclen, int force_fips) - { - FILE *f = NULL; -+ - #ifdef CALL_PRELINK - int prelink = 0; - #endif -@@ -216,7 +320,7 @@ - - #if defined(WITH_NSS) - /* -- * While, technically, NSS_NoDB_Init() is idenpotent, perform -+ * While, technically, NSS_NoDB_Init() is idempotent, perform - * an explicit test. - */ - if (!NSS_IsInitialized()) { -@@ -278,7 +382,7 @@ - debug_log("Failed to allocate memory for HMAC_CTX"); - goto end; - } -- HMAC_Init(c, hmackey, sizeof(hmackey)-1, EVP_sha256()); -+ HMAC_Init_ex(c, hmackey, sizeof(hmackey) - 1, EVP_sha256(), NULL); - #elif defined(WITH_NSS) - errno = 0; - hash = HASH_GetHashObject(HASH_AlgSHA256); -@@ -297,9 +401,8 @@ - HMAC_Begin(c); - #endif - -- while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) { -+ while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) - HMAC_Update(c, rbuf, len); -- } - - len = sizeof(rbuf); - /* reuse rbuf for hmac */ -@@ -321,13 +424,13 @@ - - rv = 0; - end: -+ if (c != NULL) { - #if defined(WITH_OPENSSL) - HMAC_CTX_free(c); - #elif defined(WITH_NSS) -- if (c != NULL) { - HMAC_Destroy(c, PR_TRUE); -- } - #endif -+ } - - if (f) - fclose(f); -@@ -348,6 +451,7 @@ - - return rv; - } -+#endif - - static const char conv[] = "0123456789abcdef"; - ---- a/configure.ac 2017-02-23 22:40:43.000000000 +0800 -+++ b/configure.ac 2025-02-01 01:19:39.327091200 +0800 -@@ -25,17 +26,29 @@ - # of the authors and should not be interpreted as representing official policies, - # either expressed or implied, of Red Hat, Inc. - --AC_INIT([fipscheck],[1.5.0],[tmraz@redhat.com]) --AC_CONFIG_HEADER([config.h]) --AC_PREREQ(2.60) -+AC_INIT([fipscheck],[1.7.0],[support@lairdconnect.com]) -+AC_CONFIG_HEADERS([config.h]) -+AC_PREREQ([2.69]) - - AC_CONFIG_MACRO_DIR([m4]) - AM_INIT_AUTOMAKE([dist-bzip2 no-dist-gzip]) - -+AC_ARG_ENABLE([docs], -+ AS_HELP_STRING([--enable-docs], [Enable man genereation @<:@default=yes@:>@]), -+ [case "${enableval}" in -+ yes) enable_docs=true ;; -+ no) enable_docs=false ;; -+ *) AC_MSG_ERROR([bad value ${enableval} for --enable-docs]) ;; -+ esac],[enable_docs=true]) -+AM_CONDITIONAL([ENABLE_DOCS], [test x$enable_docs = xtrue]) -+ - dnl Check for _GNU_SOURCE - AC_USE_SYSTEM_EXTENSIONS - --AM_PROG_LIBTOOL -+LT_INIT([disable-static]) -+ -+_LT_TAGVAR(hardcode_libdir_flag_spec, )="" -+_LT_TAGVAR(hardcode_minus_L, )=yes - - PKG_PROG_PKG_CONFIG() - -@@ -66,7 +79,6 @@ - - dnl Checks for typedefs, structures, and compiler characteristics. - AC_C_CONST --AC_TYPE_SIGNAL - AC_TYPE_UID_T - AC_TYPE_MODE_T - AC_TYPE_OFF_T -@@ -78,8 +90,7 @@ - AC_CHECK_LIB([dl], [dlopen], LIBDL="-ldl", LIBDL="") - AC_SUBST(LIBDL) - -- --dnl This isn't a strictly correct use of --with, OTOH it is better -+dnl This is not a strictly correct use of --with, OTOH it is better - dnl than having separate and conflicting --with-nss and --with-openssl - dnl options. Rather than be "smart" and guess the crypto library - dnl based on what is installed, this logic simply barfs on an error. -@@ -93,9 +104,9 @@ - dnl Check for the existence of the slected crypto library with FIPS mode - AS_CASE($with_crypto, - [openssl|ssl], [ -+ PKG_CHECK_MODULES([CRYPTO],[libcrypto],[],[AC_MSG_ERROR([OpenSSL library with FIPS mode support is required])]) -+ CRYPTO_LIBS=-lcrypto - AC_DEFINE([WITH_OPENSSL], [1], [use HMAC from the OpenSSL crypto library]) -- AC_CHECK_LIB([crypto], [FIPS_mode], [CRYPTO_LIBS=-lcrypto], -- [AC_MSG_ERROR([OpenSSL library with FIPS mode support is required])]) - ], - [nss], [ - PKG_CHECK_MODULES([CRYPTO],[nss],[],[AC_MSG_ERROR([NSS library with FIPS mode support is required])]) diff --git a/fipscheck.spec b/fipscheck.spec deleted file mode 100644 index 0567d4654a55831aebb27c8085af3f0385d45482..0000000000000000000000000000000000000000 --- a/fipscheck.spec +++ /dev/null @@ -1,101 +0,0 @@ -Name: fipscheck -Version: 1.5.0 -Release: 12 -Summary: Helper library for FIPS integrity checking -License: BSD-2-Clause -URL: https://pagure.io/fipscheck -Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2 -# Patch from https://github.com/Ezurio/fipscheck -# opensuse have switched to this fork -Patch0: fipscheck-openssl3.patch - -BuildRequires: gcc openssl-devel >= 1.0.0 -BuildRequires: autoconf automake libtool -Obsoletes: %{name}-lib < %{version}-%{release} -Provides: %{name}-lib = %{version}-%{release} -Provides: %{name}-lib%{_isa} = %{version}-%{release} - -%description -This package contains library (libfipscheck) and helper binaries which -implement the integrity check of libraries and binaries as required by -FIPS-140-2 validated modules. - -%package devel -Summary: Development headers and libraries for %{name} -Requires:%{name} = %{version}-%{release} - -%description devel -Development headers and libraries for %{name} - -%package_help - -%prep -%autosetup -n %{name}-%{version} -p1 - -%build -autoreconf -fi -%configure --enable-static -%make_build - -%define __spec_install_post \ - %{?__debug_package:%{__debug_install_post}} \ - %{__arch_install_post} \ - %{__os_install_post} \ - %{buildroot}%{_bindir}/fipshmac -d %{buildroot}%{_libdir}/fipscheck %{buildroot}%{_bindir}/fipscheck %{buildroot}%{_libdir}/libfipscheck.so.1.2.1 \ - ln -s libfipscheck.so.1.2.1.hmac %{buildroot}%{_libdir}/fipscheck/libfipscheck.so.1.hmac \ -%{nil} - -%install -%make_install -%delete_la -mkdir -p %{buildroot}%{_libdir}/fipscheck - -%check -%make_build check - -%files -%license COPYING AUTHORS -%doc ChangeLog -%{_bindir}/* -%{_libdir}/fipscheck/fipscheck.hmac -%{_libdir}/*.so.* -%dir %{_libdir}/fipscheck -%{_libdir}/fipscheck/libfipscheck.so.*.hmac - -%files devel -%{_includedir}/*.h -%{_libdir}/*.so -%{_libdir}/*.a - -%files help -%doc README NEWS -%{_mandir}/man8/* -%{_mandir}/man3/* - -%changelog -* Sat Feb 01 2025 Funda Wang - 1.5.0-12 -- build with openssl3 - -* Mon Oct 21 2024 Funda Wang - 1.5.0-11 -- cleanup spec - -* Thu Feb 2 2023 zhengxiaoxiao - 1.5.0-10 -- change the BuildRequires from openssl-devel to compat-openssl11-devel - -* Mon Oct 24 2022 zhengxiaoxiao - 1.5.0-9 -- update release - -* Fri Dec 11 2020 openEuler Buildteam - 1.5.0-8 -- Type:enhancement -- ID:NA -- SUG:NA -- DESC: correct "name" to "Name" in spec file - -* Wed Oct 9 2019 openEuler Buildteam - 1.5.0-7 -- Type:enhancement -- ID:NA -- SUG:NA -- DESC: change the directory of AUTHORS - -* Thu Aug 22 2019 openEuler Buildteam - 1.5.0-6 -- Package init diff --git a/fipscheck.yaml b/fipscheck.yaml deleted file mode 100644 index 3e4f07907228cc383d24c3a2b8de09ed74688e06..0000000000000000000000000000000000000000 --- a/fipscheck.yaml +++ /dev/null @@ -1,4 +0,0 @@ -version_control: git -src_repo: https://pagure.io/fipscheck.git -tag_prefix: ^v -separator: .