diff --git a/0072-Correct-the-error-in-the-comment.patch b/0072-Correct-the-error-in-the-comment.patch new file mode 100644 index 0000000000000000000000000000000000000000..4af968d5e68f2b0b72b8d34a464fd3ea313c71b8 --- /dev/null +++ b/0072-Correct-the-error-in-the-comment.patch @@ -0,0 +1,26 @@ +From 985be3c3b4947d1a304ff9171c74ca3fe77a86bf Mon Sep 17 00:00:00 2001 +From: zhengxiaoxiaoGitee +Date: Mon, 1 Apr 2024 17:05:10 +0800 +Subject: [PATCH] Correct the error in the comment. + +Reference:https://gitee.com/openeuler/secGear/commit/985be3c3b4947d1a304ff9171c74ca3fe77a86bf +Conflict:NA +--- + inc/host_inc/status.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/inc/host_inc/status.h b/inc/host_inc/status.h +index 7a7920b..c0ff6c7 100644 +--- a/inc/host_inc/status.h ++++ b/inc/host_inc/status.h +@@ -179,7 +179,7 @@ typedef enum _enclave_result_t + CC_CLIENT_INTR = 0xFFFF4000, /* Interrupted by CFC. Broken control flow is detected. */ + CC_ERROR_TIME_NOT_SET = 0xFFFF5000, /* *< 时间未设置 */ + CC_ERROR_TIME_NEEDS_RESET = 0xFFFF5001, /* *< 时间需要重置 */ +- CC_FAIL = 0xFFFF5002, /* *< 时间需要重置 */ ++ CC_FAIL = 0xFFFF5002, /* *< 操作失败 */ + CC_ERROR_TIMER = 0xFFFF6000, + CC_ERROR_TIMER_CREATE_FAILED, + CC_ERROR_TIMER_DESTORY_FAILED, +-- +2.33.0 diff --git a/0073-change-log-file-permission-0400.patch b/0073-change-log-file-permission-0400.patch new file mode 100644 index 0000000000000000000000000000000000000000..ebdd183d2f3dc1a9898cd8208b03f05457dcd6b3 --- /dev/null +++ b/0073-change-log-file-permission-0400.patch @@ -0,0 +1,24 @@ +From 1b2de0be8912fb1b705454011ed6190f52199f60 Mon Sep 17 00:00:00 2001 +From: zhengxiaoxiao +Date: Sat, 11 Jun 2022 12:17:18 +0800 +Subject: [PATCH] change log file permission 0400 + +--- + conf/logrotate.d/secgear | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/conf/logrotate.d/secgear b/conf/logrotate.d/secgear +index 92da41e..f88bb59 100644 +--- a/conf/logrotate.d/secgear ++++ b/conf/logrotate.d/secgear +@@ -5,4 +5,7 @@ + nocompress + copytruncate + size 2048k ++ lastaction ++ chmod 0400 /var/log/secgear/secgear.log.* ++ endscript + } +-- +2.27.0 + diff --git a/backport-memset-no-optimize.patch b/backport-memset-no-optimize.patch deleted file mode 100644 index 3bb78f2f29b801718c897262e7073f0dc44c5ca1..0000000000000000000000000000000000000000 --- a/backport-memset-no-optimize.patch +++ /dev/null @@ -1,58 +0,0 @@ -From c15207d44281663b32ad4a8ede998dd4c7bda6fd Mon Sep 17 00:00:00 2001 -From: zhengxiaoxiao -Date: Thu, 14 Mar 2024 20:20:34 +0800 -Subject: [PATCH] memset no optimize - -Reference:https://gitee.com/openeuler/secGear/commit/c0997efc6a69d465b286347285cb1508a9d9c24b -Conflict:NA ---- - src/enclave_src/gp/itrustee/itrustee_seal_data.c | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -diff --git a/src/enclave_src/gp/itrustee/itrustee_seal_data.c b/src/enclave_src/gp/itrustee/itrustee_seal_data.c -index b074d6f..e23cb1e 100644 ---- a/src/enclave_src/gp/itrustee/itrustee_seal_data.c -+++ b/src/enclave_src/gp/itrustee/itrustee_seal_data.c -@@ -15,6 +15,13 @@ - #include "tee_crypto_api.h" - #include "dataseal_internal.h" - #include "tee_trusted_storage.h" -+ -+#define CC_OPTIMIZE_OFF __attribute__((optimize("O0"))) -+CC_OPTIMIZE_OFF static void *memset_no_optimize(void *ptr, int value, size_t num) -+{ -+ memset(ptr, 0, num); -+} -+ - uint32_t get_sealed_data_size_ex(uint32_t seal_data_len, uint32_t aad_len) - { - if (UINT32_MAX - aad_len <= seal_data_len) { -@@ -139,13 +146,13 @@ TEE_Result itrustee_seal_data(uint8_t *seal_data, uint32_t seal_data_len, void * - result = data_copy(tmp_sealed_data, salt, nonce, mac_data, mac_data_len); - - error0: -- memset(nonce, 0, SEAL_DATA_NONCE_LEN); -+ memset_no_optimize(nonce, 0, SEAL_DATA_NONCE_LEN); - TEE_Free(nonce); - error1: -- memset(salt, 0, SEAL_KEY_SALT_LEN); -+ memset_no_optimize(salt, 0, SEAL_KEY_SALT_LEN); - TEE_Free(salt); - error2: -- memset(key_buf, 0, SEAL_KEY_LEN); -+ memset_no_optimize(key_buf, 0, SEAL_KEY_LEN); - TEE_Free(key_buf); - return result; - } -@@ -249,7 +256,7 @@ TEE_Result itrustee_unseal_data(void *sealed_data, uint8_t *decrypted_data, uint - } - - done: -- memset(key_buf, 0, SEAL_KEY_LEN); -+ memset_no_optimize(key_buf, 0, SEAL_KEY_LEN); - TEE_Free(key_buf); - return result; - } --- -2.33.0 - diff --git a/backport-use-memset-instead-of-explicit_bzero.patch b/backport-use-memset-instead-of-explicit_bzero.patch deleted file mode 100644 index 94ebc29abdbbeff617f91434b78dd88baee94280..0000000000000000000000000000000000000000 --- a/backport-use-memset-instead-of-explicit_bzero.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 248f56df792c14421074a6049ac668464070a574 Mon Sep 17 00:00:00 2001 -From: zhengxiaoxiao -Date: Tue, 12 Mar 2024 16:53:22 +0800 -Subject: [PATCH] use memset instead of explicit_bzero - -Reference: https://gitee.com/openeuler/secGear/commit/248f56df792c14421074a6049ac668464070a574 -Conflict: NA ---- - src/enclave_src/gp/itrustee/itrustee_seal_data.c | 8 ++++---- - src/host_src/enclave.c | 4 ++-- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/enclave_src/gp/itrustee/itrustee_seal_data.c b/src/enclave_src/gp/itrustee/itrustee_seal_data.c -index cae1734..b074d6f 100644 ---- a/src/enclave_src/gp/itrustee/itrustee_seal_data.c -+++ b/src/enclave_src/gp/itrustee/itrustee_seal_data.c -@@ -139,13 +139,13 @@ TEE_Result itrustee_seal_data(uint8_t *seal_data, uint32_t seal_data_len, void * - result = data_copy(tmp_sealed_data, salt, nonce, mac_data, mac_data_len); - - error0: -- explicit_bzero(nonce, SEAL_DATA_NONCE_LEN); -+ memset(nonce, 0, SEAL_DATA_NONCE_LEN); - TEE_Free(nonce); - error1: -- explicit_bzero(salt, SEAL_KEY_SALT_LEN); -+ memset(salt, 0, SEAL_KEY_SALT_LEN); - TEE_Free(salt); - error2: -- explicit_bzero(key_buf, SEAL_KEY_LEN); -+ memset(key_buf, 0, SEAL_KEY_LEN); - TEE_Free(key_buf); - return result; - } -@@ -251,7 +251,7 @@ TEE_Result itrustee_unseal_data(void *sealed_data, uint8_t *decrypted_data, uint - } - - done: -- explicit_bzero(key_buf, SEAL_KEY_LEN); -+ memset(key_buf, 0, SEAL_KEY_LEN); - TEE_Free(key_buf); - return result; - } -diff --git a/src/host_src/enclave.c b/src/host_src/enclave.c -index d8b7d35..f13feec 100644 ---- a/src/host_src/enclave.c -+++ b/src/host_src/enclave.c -@@ -70,7 +70,7 @@ static void error_handle(cc_enclave_t *enclave, void *handle, p_tee_registered r - - if (enclave) { - pthread_rwlock_destroy(&enclave->rwlock); -- explicit_bzero(enclave, sizeof(cc_enclave_t)); -+ memset(enclave, 0, sizeof(cc_enclave_t)); - } - } - -@@ -310,7 +310,7 @@ cc_enclave_result_t cc_enclave_destroy(cc_enclave_t *context) - } - pthread_rwlock_unlock(&context->rwlock); - pthread_rwlock_destroy(&context->rwlock); -- explicit_bzero(context, sizeof(cc_enclave_t)); -+ memset(context, 0, sizeof(cc_enclave_t)); - - return CC_SUCCESS; - } --- -2.33.0 - diff --git a/secGear.spec b/secGear.spec index bf7b51ad9ea2ed55ab56cdae6cd083736a4709ce..0eae636020dd9a8dbac5fbd65c9d5e940417e639 100644 --- a/secGear.spec +++ b/secGear.spec @@ -1,6 +1,6 @@ Name: secGear Version: 0.1.0 -Release: 39 +Release: 40 Summary: secGear is an SDK to develop confidential computing apps based on hardware enclave features @@ -80,8 +80,8 @@ Patch67: 0068-bugfix-when-input-empty-hash.patch Patch68: 0069-adapt-sign-tool-to-pass-API_LEVEL.patch Patch69: 0070-sign-tool-add-invalid-param-verify.patch Patch70: 0071-adapt-report-with-request-key.patch -Patch71: backport-use-memset-instead-of-explicit_bzero.patch -Patch72: backport-memset-no-optimize.patch +Patch71: 0072-Correct-the-error-in-the-comment.patch +Patch72: 0073-change-log-file-permission-0400.patch BuildRequires: gcc python automake autoconf libtool BUildRequires: glibc glibc-devel cmake ocaml-dune rpm gcc-c++ compat-openssl11-libs compat-openssl11-devel @@ -213,6 +213,9 @@ popd systemctl restart rsyslog %changelog +* Thu Jun 20 2024 houmingyong - 0.1.0-40 +- synchoronous features + * Wed Mar 27 2024 zhengxiaoxiao - 0.1.0-39 - use memset instead of explicit_bzero