From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6277C158086 for ; Thu, 23 Dec 2021 15:08:16 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F3E952BC024; Thu, 23 Dec 2021 15:08:14 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 90B3E2BC01F for ; Thu, 23 Dec 2021 15:08:14 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5690E342C74 for ; Thu, 23 Dec 2021 15:08:10 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 85AAF239 for ; Thu, 23 Dec 2021 15:08:08 +0000 (UTC) From: "Aisha Tammy" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Aisha Tammy" Message-ID: <1640270943.9dff5c48772c2e43872211b98d7d11258fd37736.epsilon-0@gentoo> Subject: [gentoo-commits] repo/proj/guru:dev commit in: app-crypt/intel-ipsec-mb/, app-crypt/intel-ipsec-mb/files/ X-VCS-Repository: repo/proj/guru X-VCS-Files: app-crypt/intel-ipsec-mb/Manifest app-crypt/intel-ipsec-mb/files/intel-ipsec-mb-1.1_remove-werror-and-O3.patch app-crypt/intel-ipsec-mb/intel-ipsec-mb-1.1.ebuild app-crypt/intel-ipsec-mb/intel-ipsec-mb-9999.ebuild app-crypt/intel-ipsec-mb/metadata.xml X-VCS-Directories: app-crypt/intel-ipsec-mb/files/ app-crypt/intel-ipsec-mb/ X-VCS-Committer: epsilon-0 X-VCS-Committer-Name: Aisha Tammy X-VCS-Revision: 9dff5c48772c2e43872211b98d7d11258fd37736 X-VCS-Branch: dev Date: Thu, 23 Dec 2021 15:08:08 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: accdd1ae-3930-4ab5-b9bb-7995995f3cff X-Archives-Hash: f3c58468030120cdc5eb7651c23b9697 commit: 9dff5c48772c2e43872211b98d7d11258fd37736 Author: Aisha Tammy aisha cc> AuthorDate: Thu Dec 23 14:49:03 2021 +0000 Commit: Aisha Tammy aisha cc> CommitDate: Thu Dec 23 14:49:03 2021 +0000 URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=9dff5c48 app-crypt/intel-ipsec-mb: fast multi-buffer crypto for ipsec Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Aisha Tammy aisha.cc> app-crypt/intel-ipsec-mb/Manifest | 1 + .../intel-ipsec-mb-1.1_remove-werror-and-O3.patch | 122 +++++++++++++++++++++ app-crypt/intel-ipsec-mb/intel-ipsec-mb-1.1.ebuild | 54 +++++++++ .../intel-ipsec-mb/intel-ipsec-mb-9999.ebuild | 54 +++++++++ app-crypt/intel-ipsec-mb/metadata.xml | 13 +++ 5 files changed, 244 insertions(+) diff --git a/app-crypt/intel-ipsec-mb/Manifest b/app-crypt/intel-ipsec-mb/Manifest new file mode 100644 index 000000000..3120cdfa8 --- /dev/null +++ b/app-crypt/intel-ipsec-mb/Manifest @@ -0,0 +1 @@ +DIST intel-ipsec-mb-1.1.tar.gz 1227915 BLAKE2B 56d104c2bcebd4a8125d64362c14603b7005c8ef0978d4039da3128f06fbba7f469ac8df23e3315b9f3fe33c392804fd718a533edd34e4a545f767a1c2e2fd60 SHA512 aca5863d36b333c4c896549074242fb4c2c0a4d6598b27baa794944436527bdd6e1a5dbca9d39e0c3a89e61d7d175adcf5bf6c6cbdffd0a43bca1fea0be42ebe diff --git a/app-crypt/intel-ipsec-mb/files/intel-ipsec-mb-1.1_remove-werror-and-O3.patch b/app-crypt/intel-ipsec-mb/files/intel-ipsec-mb-1.1_remove-werror-and-O3.patch new file mode 100644 index 000000000..64868c264 --- /dev/null +++ b/app-crypt/intel-ipsec-mb/files/intel-ipsec-mb-1.1_remove-werror-and-O3.patch @@ -0,0 +1,122 @@ +diff --git a/lib/Makefile b/lib/Makefile +index 065d2c1..2bc3a03 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -112,10 +112,10 @@ YASM_INCLUDES := $(foreach i,$(ASM_INCLUDE_DIRS),-I $i) + NASM_INCLUDES := $(foreach i,$(ASM_INCLUDE_DIRS),-I$i/) + ifneq ($(MINGW),0) + YASM_FLAGS := -f x64 -f win64 -X gnu -g dwarf2 -DWIN_ABI $(YASM_INCLUDES) +-NASM_FLAGS := -Werror -fwin64 -Xvc -gcv8 -DWIN_ABI $(NASM_INCLUDES) ++NASM_FLAGS := -fwin64 -Xvc -gcv8 -DWIN_ABI $(NASM_INCLUDES) + else + YASM_FLAGS := -f x64 -f elf64 -X gnu -g dwarf2 -DLINUX -D__linux__ $(YASM_INCLUDES) +-NASM_FLAGS := -Werror -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ $(NASM_INCLUDES) ++NASM_FLAGS := -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ $(NASM_INCLUDES) + endif + + DEBUG_OPT ?= -O0 +@@ -153,7 +153,6 @@ endif + + # prevent SIMD optimizations for non-aesni modules + CFLAGS_NO_SIMD = $(CFLAGS) -O1 +-CFLAGS += $(OPT) + + # Set generic architectural optimizations + OPT_X86 := -msse4.2 +@@ -696,7 +695,7 @@ install: $(LIB_DIR)/$(LIBNAME) + install -m 0444 $(MAN2) $(MAN_DIR) + install -d $(LIB_INSTALL_DIR) + ifeq ($(SHARED),y) +- install -s -m $(LIBPERM) $(LIB_DIR)/$(LIBNAME) $(LIB_INSTALL_DIR) ++ install -m $(LIBPERM) $(LIB_DIR)/$(LIBNAME) $(LIB_INSTALL_DIR) + else + # must not strip symbol table for static libs + install -m $(LIBPERM) $(LIB_DIR)/$(LIBNAME) $(LIB_INSTALL_DIR) +diff --git a/lib/win_x64.mak b/lib/win_x64.mak +index a71d715..c5f07dc 100644 +--- a/lib/win_x64.mak ++++ b/lib/win_x64.mak +@@ -110,7 +110,7 @@ LINK_TOOL = link + LINKFLAGS = $(DLFLAGS) /nologo /machine:X64 + + AS = nasm +-AFLAGS = $(DAFLAGS) -Werror -fwin64 -Xvc -DWIN_ABI -Iinclude/ \ ++AFLAGS = $(DAFLAGS) -fwin64 -Xvc -DWIN_ABI -Iinclude/ \ + -I./ -Iavx/ -Iavx2/ -Iavx512/ -Isse/ + + # dependency +diff --git a/perf/Makefile b/perf/Makefile +index 2f578fe..bdae07a 100644 +--- a/perf/Makefile ++++ b/perf/Makefile +@@ -40,9 +40,9 @@ CFLAGS = -D_GNU_SOURCE -DNO_COMPAT_IMB_API_053 $(INCLUDES) \ + + ifeq ($(MINGW),0) + CFLAGS += -DLINUX +-NASM_FLAGS := -Werror -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ ++NASM_FLAGS := -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ + else +-NASM_FLAGS := -Werror -fwin64 -Xvc -gcv8 -DWIN_ABI ++NASM_FLAGS := -fwin64 -Xvc -gcv8 -DWIN_ABI + endif + + # if "-z ibt" is supported then assume "-z shstk, -z cet-report=error" are also supported +@@ -57,7 +57,7 @@ CFLAGS += -fcf-protection=full + endif + + ifeq ($(MINGW),0) +-LDFLAGS = -fPIE -z noexecstack -z relro -z now -pthread ++LDFLAGS += -fPIE -z noexecstack -z relro -z now -pthread + endif + ifeq ($(CC_HAS_CET),1) + LDFLAGS += -fcf-protection=full -Wl,-z,ibt -Wl,-z,shstk -Wl,-z,cet-report=error +diff --git a/perf/win_x64.mak b/perf/win_x64.mak +index a388ff5..71e5f24 100644 +--- a/perf/win_x64.mak ++++ b/perf/win_x64.mak +@@ -68,7 +68,7 @@ LNK = link + LFLAGS = /out:$(APP).exe $(DLFLAGS) + + AS = nasm +-AFLAGS = -Werror -fwin64 -Xvc -DWIN_ABI ++AFLAGS = -fwin64 -Xvc -DWIN_ABI + + OBJECTS = ipsec_perf.obj msr.obj misc.obj + +diff --git a/test/Makefile b/test/Makefile +index 93bae06..22fef57 100644 +--- a/test/Makefile ++++ b/test/Makefile +@@ -60,15 +60,15 @@ endif + YASM_FLAGS := -f x64 -f elf64 -X gnu -g dwarf2 -DLINUX -D__linux__ + ifeq ($(MINGW),0) + CFLAGS += -DLINUX +-NASM_FLAGS := -Werror -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ ++NASM_FLAGS := -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ + else +-NASM_FLAGS := -Werror -fwin64 -Xvc -gcv8 -DWIN_ABI ++NASM_FLAGS := -fwin64 -Xvc -gcv8 -DWIN_ABI + endif + + ifeq ($(MINGW),0) +-LDFLAGS = -fPIE -z noexecstack -z relro -z now ++LDFLAGS += -fPIE -z noexecstack -z relro -z now + else +-LDFLAGS = -fPIE ++LDFLAGS += -fPIE + endif + + ifeq ($(CC_HAS_CET),1) +diff --git a/test/win_x64.mak b/test/win_x64.mak +index e28e6a7..2e564a7 100644 +--- a/test/win_x64.mak ++++ b/test/win_x64.mak +@@ -67,7 +67,7 @@ TEST_LFLAGS = /out:$(TEST_APP).exe $(DLFLAGS) + XVALID_LFLAGS = /out:$(XVALID_APP).exe $(DLFLAGS) + + AS = nasm +-AFLAGS = -Werror -fwin64 -Xvc -DWIN_ABI ++AFLAGS = -fwin64 -Xvc -DWIN_ABI + + # dependency + !ifndef DEPTOOL diff --git a/app-crypt/intel-ipsec-mb/intel-ipsec-mb-1.1.ebuild b/app-crypt/intel-ipsec-mb/intel-ipsec-mb-1.1.ebuild new file mode 100644 index 000000000..7e0f4de90 --- /dev/null +++ b/app-crypt/intel-ipsec-mb/intel-ipsec-mb-1.1.ebuild @@ -0,0 +1,54 @@ +# Copyright 2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit toolchain-funcs + +DESCRIPTION="Multi-Buffer Crypto for IPSec from Intel" +HOMEPAGE="https://github.com/intel/intel-ipsec-mb" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/intel/intel-ipsec-mb.git" +else + SRC_URI="https://github.com/intel/intel-ipsec-mb/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64" +fi + +LICENSE="BSD" +SLOT="0" +IUSE="+safe-data +safe-lookup +safe-param test" +RESTRICT="!test? ( test )" + +BDEPEND=" + >=dev-lang/nasm-2.13.03 +" + +PATCHES=( "${FILESDIR}/intel-ipsec-mb-1.1_remove-werror-and-O3.patch" ) + +src_configure(){ + tc-export CC LD AR +} + +src_compile() { + local myconf=( + SAFE_DATA=$(usex safe-data y n) + SAFE_LOOKUP=$(usex safe-lookup y n) + SAFE_PARAM=$(usex safe-param y n) + ) + emake "${myconf[@]}" EXTRA_CFLAGS="${CFLAGS}" +} + +src_install() { + emake PREFIX="${ED}/usr" \ + LIB_INSTALL_DIR="${ED}/usr/$(get_libdir)" \ + MAN_DIR="${ED}/usr/share/man/man7" \ + install +} + +src_test() { + cd "${S}/test" + LD_LIBRARY_PATH=../lib ./ipsec_MB_testapp -v + LD_LIBRARY_PATH=../lib ./ipsec_xvalid_test -v +} diff --git a/app-crypt/intel-ipsec-mb/intel-ipsec-mb-9999.ebuild b/app-crypt/intel-ipsec-mb/intel-ipsec-mb-9999.ebuild new file mode 100644 index 000000000..7e0f4de90 --- /dev/null +++ b/app-crypt/intel-ipsec-mb/intel-ipsec-mb-9999.ebuild @@ -0,0 +1,54 @@ +# Copyright 2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit toolchain-funcs + +DESCRIPTION="Multi-Buffer Crypto for IPSec from Intel" +HOMEPAGE="https://github.com/intel/intel-ipsec-mb" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/intel/intel-ipsec-mb.git" +else + SRC_URI="https://github.com/intel/intel-ipsec-mb/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64" +fi + +LICENSE="BSD" +SLOT="0" +IUSE="+safe-data +safe-lookup +safe-param test" +RESTRICT="!test? ( test )" + +BDEPEND=" + >=dev-lang/nasm-2.13.03 +" + +PATCHES=( "${FILESDIR}/intel-ipsec-mb-1.1_remove-werror-and-O3.patch" ) + +src_configure(){ + tc-export CC LD AR +} + +src_compile() { + local myconf=( + SAFE_DATA=$(usex safe-data y n) + SAFE_LOOKUP=$(usex safe-lookup y n) + SAFE_PARAM=$(usex safe-param y n) + ) + emake "${myconf[@]}" EXTRA_CFLAGS="${CFLAGS}" +} + +src_install() { + emake PREFIX="${ED}/usr" \ + LIB_INSTALL_DIR="${ED}/usr/$(get_libdir)" \ + MAN_DIR="${ED}/usr/share/man/man7" \ + install +} + +src_test() { + cd "${S}/test" + LD_LIBRARY_PATH=../lib ./ipsec_MB_testapp -v + LD_LIBRARY_PATH=../lib ./ipsec_xvalid_test -v +} diff --git a/app-crypt/intel-ipsec-mb/metadata.xml b/app-crypt/intel-ipsec-mb/metadata.xml new file mode 100644 index 000000000..515d9d259 --- /dev/null +++ b/app-crypt/intel-ipsec-mb/metadata.xml @@ -0,0 +1,13 @@ + + + + + gentoo@aisha.cc + Aisha Tammy + + + sensitive information is cleared on completion of a function call + lookups which depend on sensitive information are implemented with constant time functions + input parameters are checked, looking generally for NULL pointers or an incorrect input length + +