From c346b97004b5dbcd0b4495b2ec3f43dbe9ec0e70 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Feb 23 2017 15:31:59 +0000
Subject: handle empty hmac file as checksum mismatch


---

diff --git a/fipscheck-1.4.1-openssl11.patch b/fipscheck-1.4.1-openssl11.patch
deleted file mode 100644
index d9d6af8..0000000
--- a/fipscheck-1.4.1-openssl11.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-# HG changeset patch
-# User Tomas Mraz <tmraz@redhat.com>
-# Date 1476371543 -7200
-#      Thu Oct 13 17:12:23 2016 +0200
-# Node ID f21c3efe2051d2c4c6520f5550d7d5e99c733237
-# Parent  0ad655fba0b5ae89e07c55c1214e21ddfd3899a0
-Add support for OpenSSL-1.1.0.
-
-diff -r 0ad655fba0b5 -r f21c3efe2051 src/filehmac.c
---- a/src/filehmac.c	Thu Mar 24 11:30:58 2016 +0100
-+++ b/src/filehmac.c	Thu Oct 13 17:12:23 2016 +0200
-@@ -113,6 +113,30 @@
- 	log_dest = DEBUG_LOG_STDERR;
- }
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#define HMAC_CTX_new compat_hmac_ctx_new
-+static HMAC_CTX *
-+compat_hmac_ctx_new()
-+{
-+	HMAC_CTX *ctx;
-+
-+	ctx = calloc(1, sizeof(*ctx));
-+	if (ctx != NULL)
-+		HMAC_CTX_init(ctx);
-+	return ctx;
-+}
-+
-+#define HMAC_CTX_free compat_hmac_ctx_free
-+static void
-+compat_hmac_ctx_free(HMAC_CTX *ctx)
-+{
-+	HMAC_CTX_cleanup(ctx);
-+	free(ctx);
-+}
-+
-+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
-+
- #ifdef CALL_PRELINK
- static FILE *
- spawn_prelink(const char *path, int *prelink)
-@@ -167,7 +191,7 @@
- 	int prelink = 0;
- #endif
- 	int rv = -1;
--	HMAC_CTX c;
-+	HMAC_CTX *c;
- 	unsigned char rbuf[READ_BUFFER_LENGTH];
- 	size_t len;
- 	unsigned int hlen;
-@@ -179,7 +203,11 @@
- 		}
- 	}
- 
--	HMAC_CTX_init(&c);
-+	c = HMAC_CTX_new();
-+	if (c == NULL) {
-+		debug_log("Failed to allocate memory for HMAC_CTX");
-+		goto end;
-+	}
- 
- #ifdef CALL_PRELINK
- 	if (access(PATH_PRELINK, X_OK) == 0) {
-@@ -198,15 +226,15 @@
- 		goto end;
- 	}
- 
--	HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
-+	HMAC_Init(c, hmackey, sizeof(hmackey)-1, EVP_sha256());
- 
- 	while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
--		HMAC_Update(&c, rbuf, len);
-+		HMAC_Update(c, rbuf, len);
- 	}
- 
- 	len = sizeof(rbuf);
- 	/* reuse rbuf for hmac */
--	HMAC_Final(&c, rbuf, &hlen);
-+	HMAC_Final(c, rbuf, &hlen);
- 
- 	*buf = malloc(hlen);
- 	if (*buf == NULL) {
-@@ -220,7 +248,7 @@
- 
- 	rv = 0;
- end:
--	HMAC_CTX_cleanup(&c);
-+	HMAC_CTX_free(c);
- 
- 	if (f)
- 		fclose(f);
diff --git a/fipscheck.conf b/fipscheck.conf
deleted file mode 100644
index 8476d12..0000000
--- a/fipscheck.conf
+++ /dev/null
@@ -1,2 +0,0 @@
--b /usr/lib{,64}/libfipscheck.so.*
--b /usr/bin/fipscheck
diff --git a/fipscheck.spec b/fipscheck.spec
index e9a3407..7cbfa7a 100644
--- a/fipscheck.spec
+++ b/fipscheck.spec
@@ -1,20 +1,15 @@
 Summary:	A library for integrity verification of FIPS validated modules
 Name:		fipscheck
-Version:	1.4.1
-Release:	13%{?dist}
+Version:	1.5.0
+Release:	1%{?dist}
 License:	BSD
 Group:		System Environment/Libraries
 # This is a Red Hat maintained package which is specific to
 # our distribution.
-URL:		http://fedorahosted.org/fipscheck/
-Source0:	http://fedorahosted.org/releases/f/i/%{name}/%{name}-%{version}.tar.bz2
-# Prelink blacklist
-Source1:	fipscheck.conf
-Patch1:		fipscheck-1.4.1-openssl11.patch
+URL:		https://pagure.io/fipscheck
+Source0:	https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
 
-BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-
-BuildRequires: 	openssl-devel >= 0.9.8j
+BuildRequires: 	openssl-devel >= 1.0.0
 
 Requires:      %{name}-lib%{?_isa} = %{version}-%{release}
 
@@ -43,7 +38,6 @@ This package contains development files for %{name}.
 
 %prep
 %setup -q
-%patch1 -p1 -b .openssl11
 
 %build
 %configure --disable-static
@@ -79,7 +73,7 @@ rm -rf $RPM_BUILD_ROOT
 %defattr(-,root,root,-)
 %{!?_licensedir:%global license %%doc}
 %license COPYING
-%doc ChangeLog README AUTHORS
+%doc ChangeLog README NEWS AUTHORS
 %{_bindir}/fipscheck
 %{_bindir}/fipshmac
 %{_libdir}/fipscheck/fipscheck.hmac
@@ -98,42 +92,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man3/*
 
 %changelog
-* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.1-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Thu Oct 13 2016 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-12
-- rebuild with OpenSSL-1.1.0
-
-* Tue Apr 12 2016 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-11
-- remove the prelink blacklist as prelink is gone (#1324950)
-
-* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.1-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.1-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Sat Feb 21 2015 Till Maas <opensource@till.name> - 1.4.1-8
-- Rebuilt for Fedora 23 Change
-  https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
-
-* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.1-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
-
-* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 1.4.1-6
-- fix license handling
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.1-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Mon Feb 10 2014 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-4
-- fix the library path in prelink blacklist
-
-* Tue Sep 24 2013 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-3
-- add versioned dependency to -lib on base package (#1010349)
-
-* Fri Sep 20 2013 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-2
-- add prelink blacklist
+* Thu Feb 23 2017 Tomáš Mráz <tmraz@redhat.com> - 1.5.0-1
+- handle empty hmac file as checksum mismatch
 
 * Tue Sep 10 2013 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-1
 - fix inverted condition in FIPSCHECK_verify_ex()