import CS libica-4.4.0-1.el9
This commit is contained in:
parent
90ab6f730d
commit
13d167df22
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/libica-4.3.0.tar.gz
|
||||
SOURCES/libica-4.4.0.tar.gz
|
||||
|
||||
@ -1 +1 @@
|
||||
e7f7a7f714c793496294a5f865ad23d4c48866f9 SOURCES/libica-4.3.0.tar.gz
|
||||
5b239ff3b7a4394a047fe4235a3ab881f7a5627e SOURCES/libica-4.4.0.tar.gz
|
||||
|
||||
@ -1,130 +0,0 @@
|
||||
From 49d619ea05743a3df6b9bf8160aaa0b4306118db Mon Sep 17 00:00:00 2001
|
||||
From: Holger Dengler <dengler@linux.ibm.com>
|
||||
Date: Tue, 16 Apr 2024 14:18:23 +0200
|
||||
Subject: [PATCH 1/2] test: disable CEX usage in OpenSSL for all tests
|
||||
|
||||
OpenSSL supports CEX exploitation since version v3.2.x. Libica and its
|
||||
testcases use OpenSSL as helper and fallback, so disable the CEX
|
||||
acceleration for all tests.
|
||||
|
||||
If the environment variable is already set, use it as is without
|
||||
modifying it. In this case, it is up to the user to choose the right
|
||||
settings.
|
||||
|
||||
Fixes: Issue #126
|
||||
Link: https://github.com/opencryptoki/libica/issues/126
|
||||
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
|
||||
---
|
||||
test/Makefile.am | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/test/Makefile.am b/test/Makefile.am
|
||||
index 76d4f15..e56b256 100644
|
||||
--- a/test/Makefile.am
|
||||
+++ b/test/Makefile.am
|
||||
@@ -61,10 +61,14 @@ TESTS += \
|
||||
${top_builddir}/src/internal_tests/ec_internal_test
|
||||
endif
|
||||
|
||||
+# disable OpenSSL CEX usage for all tests
|
||||
+OPENSSL_s390xcap ?= nocex
|
||||
+
|
||||
TEST_EXTENSIONS = .sh .pl
|
||||
TESTS_ENVIRONMENT = export LD_LIBRARY_PATH=${builddir}/../src/.libs/:$$LD_LIBRARY_PATH \
|
||||
PATH=${builddir}/../src/:$$PATH \
|
||||
- LIBICA_TESTDATA=${srcdir}/testdata/;
|
||||
+ LIBICA_TESTDATA=${srcdir}/testdata/ \
|
||||
+ OPENSSL_s390xcap=${OPENSSL_s390xcap};
|
||||
AM_CFLAGS = @FLAGS@ -DNO_SW_FALLBACKS -I${srcdir}/../include/ -I${srcdir}/../src/include/
|
||||
LDADD = @LIBS@ ${top_builddir}/src/.libs/libica.so -lcrypto -lpthread
|
||||
|
||||
--
|
||||
2.45.1
|
||||
|
||||
|
||||
From d3a7542e7eb45c22066ecb1be62480dde41fd544 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Wed, 24 Apr 2024 10:44:26 +0200
|
||||
Subject: [PATCH 2/2] Bugfix: correct rc handling with s390_pcc function
|
||||
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/include/s390_aes.h | 2 +-
|
||||
src/include/s390_cmac.h | 2 +-
|
||||
src/include/s390_crypto.h | 23 +++++++++++++----------
|
||||
3 files changed, 15 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/src/include/s390_aes.h b/src/include/s390_aes.h
|
||||
index 6252dde..a6ff27b 100644
|
||||
--- a/src/include/s390_aes.h
|
||||
+++ b/src/include/s390_aes.h
|
||||
@@ -674,7 +674,7 @@ static inline int s390_aes_xts_parm(unsigned long function_code,
|
||||
|
||||
memset(&parm_block.keys, 0, key_size);
|
||||
|
||||
- if (rc >= 0) {
|
||||
+ if (rc == 0) {
|
||||
memcpy(xts_parm, parm_block.xts_parameter,
|
||||
sizeof(ica_aes_vector_t));
|
||||
return 0;
|
||||
diff --git a/src/include/s390_cmac.h b/src/include/s390_cmac.h
|
||||
index 76b9cca..f19c069 100644
|
||||
--- a/src/include/s390_cmac.h
|
||||
+++ b/src/include/s390_cmac.h
|
||||
@@ -161,7 +161,7 @@ static inline int s390_cmac_hw(unsigned long fc,
|
||||
/* calculate final block (last/full) */
|
||||
rc = s390_pcc(fc, pb_lookup.base);
|
||||
memset(pb_lookup.keys, 0, key_size);
|
||||
- if (rc < 0)
|
||||
+ if (rc != 0)
|
||||
return EIO;
|
||||
|
||||
_stats_increment(fc, ALGO_HW, ENCRYPT);
|
||||
diff --git a/src/include/s390_crypto.h b/src/include/s390_crypto.h
|
||||
index f34241f..f11eacb 100644
|
||||
--- a/src/include/s390_crypto.h
|
||||
+++ b/src/include/s390_crypto.h
|
||||
@@ -244,27 +244,30 @@ void s390_crypto_switches_init(void);
|
||||
|
||||
/**
|
||||
* s390_pcc:
|
||||
- * @func: the function code passed to KM; see s390_pcc_functions
|
||||
+ * @func: the function code passed to PCC; see s390_pcc_functions
|
||||
* @param: address of parameter block; see POP for details on each func
|
||||
*
|
||||
* Executes the PCC operation of the CPU.
|
||||
*
|
||||
- * Returns -1 for failure, 0 for the query func, number of processed
|
||||
- * bytes for encryption/decryption funcs
|
||||
+ * Returns condition code of the PCC instruction
|
||||
*/
|
||||
static inline int s390_pcc(unsigned long func, void *param)
|
||||
{
|
||||
register unsigned long r0 asm("0") = (unsigned long)func;
|
||||
register unsigned long r1 asm("1") = (unsigned long)param;
|
||||
+ char cc;
|
||||
|
||||
- asm volatile (
|
||||
- "0: .long %[opc] << 16\n"
|
||||
- " brc 1,0b\n"
|
||||
- :
|
||||
- : [fc] "d" (r0), [param] "a" (r1), [opc] "i" (0xb92c)
|
||||
- : "cc", "memory");
|
||||
+ asm volatile(
|
||||
+ "0: .insn rre,%[opc] << 16,0,0\n" /* PCC opcode */
|
||||
+ " brc 1,0b\n" /* handle partial completion */
|
||||
+ " ipm %[cc]\n"
|
||||
+ " srl %[cc],28\n"
|
||||
+ : [cc] "=d" (cc)
|
||||
+ : [func] "d" (r0), [param] "a" (r1), [opc] "i" (0xb92c)
|
||||
+ : "cc", "memory"
|
||||
+ );
|
||||
|
||||
- return 0;
|
||||
+ return cc;
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.45.1
|
||||
|
||||
33
SOURCES/libica-4.4.0-fixes.patch
Normal file
33
SOURCES/libica-4.4.0-fixes.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From ff35d0226e72251ae495913aeb758bd141a3db19 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Wed, 18 Dec 2024 17:09:33 +0100
|
||||
Subject: [PATCH] Fix bug in condition logic
|
||||
|
||||
This bug causes an incorrect indication of the availability of algos
|
||||
in fips mode.
|
||||
|
||||
Fixes: https://github.com/opencryptoki/libica/commit/a9288f578b402851d41da579a78e3cbd9d1bab98
|
||||
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/s390_crypto.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/s390_crypto.c b/src/s390_crypto.c
|
||||
index 58e082a..e05c7e7 100644
|
||||
--- a/src/s390_crypto.c
|
||||
+++ b/src/s390_crypto.c
|
||||
@@ -709,8 +709,8 @@ int s390_get_functionlist(libica_func_list_element *pmech_list,
|
||||
* approved.
|
||||
* - We are in an error state.
|
||||
* */
|
||||
- if (((fips & ICA_FIPS_MODE) && !fips_approved(pmech_list[x].mech_mode_id &&
|
||||
- !fips_override(pmech_list[x].mech_mode_id)))
|
||||
+ if (((fips & ICA_FIPS_MODE) && !fips_approved(pmech_list[x].mech_mode_id) &&
|
||||
+ !fips_override(pmech_list[x].mech_mode_id))
|
||||
|| fips >> 1) {
|
||||
pmech_list[x].flags = 0;
|
||||
pmech_list[x].property = 0;
|
||||
--
|
||||
2.47.1
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Summary: Library for accessing ICA hardware crypto on IBM z Systems
|
||||
Name: libica
|
||||
Version: 4.3.0
|
||||
Version: 4.4.0
|
||||
Release: 1%{?dist}
|
||||
License: CPL
|
||||
URL: https://github.com/opencryptoki/
|
||||
@ -12,7 +12,7 @@ Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{v
|
||||
# https://github.com/opencryptoki/libica/pull/24
|
||||
Patch0: %{name}-4.0.0-annotate.patch
|
||||
# post GA fixes
|
||||
Patch1: %{name}-%{version}-fixes.patch
|
||||
Patch1: %{name}-4.4.0-fixes.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: openssl
|
||||
@ -109,6 +109,14 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Jan 06 2025 Dan Horák <dhorak@redhat.com> - 4.4.0-1
|
||||
- updated to 4.4.0 (RHEL-50087)
|
||||
- Resolves: RHEL-50087
|
||||
|
||||
* Thu Nov 07 2024 Dan Horák <dhorak@redhat.com> - 4.3.1-1
|
||||
- updated to 4.3.1 (RHEL-50087)
|
||||
- Resolves: RHEL-50087
|
||||
|
||||
* Mon May 27 2024 Dan Horák <dhorak@redhat.com> - 4.3.0-1
|
||||
- updated to 4.3.0 (RHEL-23703)
|
||||
- Resolves: RHEL-23703
|
||||
|
||||
Loading…
Reference in New Issue
Block a user