From 3442c59781535b85bb9d730a8a4ec879577eada5 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 3 Nov 2020 06:49:15 -0500
Subject: [PATCH] import libica-3.7.0-2.el8

---
 .gitignore                                    |   2 +-
 .libica.metadata                              |   2 +-
 SOURCES/libica-3.6.1-counter.patch            | 201 ------------------
 SOURCES/libica-3.6.1-key-length.patch         |  40 ----
 ...tate.patch => libica-3.7.0-annotate.patch} |   8 +-
 SOURCES/libica-3.7.0-fips.patch               |  31 +++
 SPECS/libica.spec                             |  25 +--
 7 files changed, 50 insertions(+), 259 deletions(-)
 delete mode 100644 SOURCES/libica-3.6.1-counter.patch
 delete mode 100644 SOURCES/libica-3.6.1-key-length.patch
 rename SOURCES/{libica-3.3.3-annotate.patch => libica-3.7.0-annotate.patch} (59%)
 create mode 100644 SOURCES/libica-3.7.0-fips.patch

diff --git a/.gitignore b/.gitignore
index b8bcb65..9d729e1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/libica-3.6.1.tar.gz
+SOURCES/libica-3.7.0.tar.gz
diff --git a/.libica.metadata b/.libica.metadata
index 42a90e2..3f4c297 100644
--- a/.libica.metadata
+++ b/.libica.metadata
@@ -1 +1 @@
-e4ed7750d1b296f1866275467fbbf9e368d579f5 SOURCES/libica-3.6.1.tar.gz
+8192d14867a4f7bf812ef48e830431a5e471270f SOURCES/libica-3.7.0.tar.gz
diff --git a/SOURCES/libica-3.6.1-counter.patch b/SOURCES/libica-3.6.1-counter.patch
deleted file mode 100644
index 53d5a37..0000000
--- a/SOURCES/libica-3.6.1-counter.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-From 58c1073a585443146332c5a3b5536eb5e6c6493d Mon Sep 17 00:00:00 2001
-From: Joerg Schmidbauer <jschmidb@de.ibm.com>
-Date: Wed, 27 Nov 2019 15:54:29 +0100
-Subject: [PATCH] Fix icastats counter format
-
-icastats counters displayed negative numbers for counts
-higher than 31 bits in size. Now using 64-bit unsigned values.
-
-Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
----
- src/icastats.c         | 18 +++++++++---------
- src/icastats_shared.c  | 32 ++++++++++++++++----------------
- src/include/icastats.h |  6 +++---
- test/icastats_test.c   | 10 +++++-----
- 4 files changed, 33 insertions(+), 33 deletions(-)
-
-diff --git a/src/icastats.c b/src/icastats.c
-index 3896ad1..fa1dcff 100644
---- a/src/icastats.c
-+++ b/src/icastats.c
-@@ -10,7 +10,7 @@
-  *             Benedikt Klotz <benedikt.klotz@de.ibm.com>
-  *             Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com>
-  *
-- * Copyright IBM Corp. 2009, 2010, 2011, 2014
-+ * Copyright IBM Corp. 2009-2019
-  */
- 
- #include <stdio.h>
-@@ -24,7 +24,7 @@
- #include "icastats.h"
- 
- #define CMD_NAME "icastats"
--#define COPYRIGHT "Copyright IBM Corp. 2009, 2010, 2011, 2014."
-+#define COPYRIGHT "Copyright IBM Corp. 2009-2019"
- 
- void print_version(void)
- {
-@@ -69,24 +69,24 @@ const char *const STATS_DESC[ICA_NUM_STATS] = {
- 
- 
- 
--#define CELL_SIZE 10
-+#define CELL_SIZE 12
- void print_stats(stats_entry_t *stats)
- {
--	printf(" function       |           hardware       |            software\n");
--	printf("----------------+--------------------------+-------------------------\n");
--	printf("                |      ENC    CRYPT   DEC  |      ENC    CRYPT   DEC \n");
--	printf("----------------+--------------------------+-------------------------\n");
-+	printf(" function       |             hardware         |              software\n");
-+	printf("----------------+------------------------------+-----------------------------\n");
-+	printf("                |        ENC    CRYPT     DEC  |        ENC     CRYPT    DEC \n");
-+	printf("----------------+------------------------------+-----------------------------\n");
- 	unsigned int i;
- 	for (i = 0; i < ICA_NUM_STATS; ++i){
- 		if(i<=ICA_STATS_RSA_CRT){
--			printf(" %14s |      %*d          |       %*d\n",
-+			printf(" %14s |        %*lu          |         %*lu\n",
- 			       STATS_DESC[i],
- 			       CELL_SIZE,
- 			       stats[i].enc.hw,
- 			       CELL_SIZE,
- 			       stats[i].enc.sw);
- 		} else{
--			printf(" %14s |%*d     %*d |%*d    %*d\n",
-+			printf(" %14s |%*lu     %*lu |%*lu    %*lu\n",
- 			       STATS_DESC[i],
- 			       CELL_SIZE,
- 			       stats[i].enc.hw,
-diff --git a/src/icastats_shared.c b/src/icastats_shared.c
-index ecd9c59..f3b24d9 100644
---- a/src/icastats_shared.c
-+++ b/src/icastats_shared.c
-@@ -34,18 +34,18 @@ static stats_entry_t *stats = NULL;
- volatile int stats_shm_handle = NOT_INITIALIZED;
- 
- 
--static inline void atomic_add(int *x, int i)
-+static inline void atomic_add(uint64_t *x, uint64_t i)
- {
--	int old;
--	int new;
--	asm volatile ("	l	%0,%2\n"
--		      "0:	lr	%1,%0\n"
--		      "	ar	%1,%3\n"
--		      "	cs	%0,%1,%2\n"
--		      "	jl	0b"
--		      :"=&d" (old), "=&d"(new), "=Q"(*x)
--		      :"d"(i), "Q"(*x)
--		      :"cc", "memory");
-+    uint64_t old;
-+    uint64_t new;
-+    asm volatile ("   lg      %0,%2\n"
-+                  "0: lgr     %1,%0\n"
-+                  "   agr     %1,%3\n"
-+                  "   csg     %0,%1,%2\n"
-+                  "   jl      0b"
-+                 :"=&d" (old), "=&d"(new), "=Q"(*x)
-+                 :"d"(i), "Q"(*x)
-+                 :"cc", "memory");
- }
- 
- 
-@@ -125,7 +125,7 @@ void stats_munmap(int unlink)
-  * @direction - valid values are ENCRYPT and DECRYPT
-  */
- 
--uint32_t stats_query(stats_fields_t field, int hardware, int direction)
-+uint64_t stats_query(stats_fields_t field, int hardware, int direction)
- {
- 	if (stats == NULL)
- 		return 0;
-@@ -277,14 +277,14 @@ void stats_increment(stats_fields_t field, int hardware, int direction)
- 
- 	if(direction == ENCRYPT)
- 		if (hardware == ALGO_HW)
--			atomic_add((int *)&stats[field].enc.hw, 1);
-+			atomic_add(&stats[field].enc.hw, 1);
- 		else
--			atomic_add((int *)&stats[field].enc.sw, 1);
-+			atomic_add(&stats[field].enc.sw, 1);
- 	else
- 		if (hardware == ALGO_HW)
--			atomic_add((int *)&stats[field].dec.hw, 1);
-+			atomic_add(&stats[field].dec.hw, 1);
- 		else
--			atomic_add((int *)&stats[field].dec.sw, 1);
-+			atomic_add(&stats[field].dec.sw, 1);
- }
- #endif
- 
-diff --git a/src/include/icastats.h b/src/include/icastats.h
-index 53af8ba..f373263 100644
---- a/src/include/icastats.h
-+++ b/src/include/icastats.h
-@@ -18,8 +18,8 @@
- 
- 
- typedef struct crypt_opts{
--	uint32_t hw;
--	uint32_t sw;
-+	uint64_t hw;
-+	uint64_t sw;
- } crypt_opts_t;
- 
- typedef struct statis_entry {
-@@ -159,7 +159,7 @@ typedef enum stats_fields {
- 
- int stats_mmap(int user);
- void stats_munmap(int unlink);
--uint32_t stats_query(stats_fields_t field, int hardware, int direction);
-+uint64_t stats_query(stats_fields_t field, int hardware, int direction);
- void get_stats_data(stats_entry_t *entries);
- void stats_increment(stats_fields_t field, int hardware, int direction);
- int get_stats_sum(stats_entry_t *sum);
-diff --git a/test/icastats_test.c b/test/icastats_test.c
-index 4527d48..c7ac447 100644
---- a/test/icastats_test.c
-+++ b/test/icastats_test.c
-@@ -239,7 +239,7 @@ void check_icastats(int algo_id, char *stat)
- 	char cmd[256], line[256], *p;
- 	FILE *f;
- 	int i, hw, rc=-1, counters=0;
--	int hwcounter1=0, hwcounter2=0, swcounter1=0, swcounter2=0;
-+	uint64_t hwcounter1=0, hwcounter2=0, swcounter1=0, swcounter2=0;
- 
- 	hw = check_hw(algo_id);
- 	if (hw < 0) return; /* unknown algo_id */
-@@ -267,13 +267,13 @@ void check_icastats(int algo_id, char *stat)
- 	if (!p) goto out; /* no | in the output. Wrong algo string ? */
- 	p++;
- 	while (isspace(*p)) p++;
--	hwcounter1 = atoi(p); /* parse 1st hw counter value */
-+	hwcounter1 = atol(p); /* parse 1st hw counter value */
- 	counters++;
- 	while (*p && !isspace(*p)) p++; /* parse over counter value */
- 	while (isspace(*p)) p++;
- 	/* now either a | or another counter value follows */
- 	if (isdigit(*p)) {
--		hwcounter2 = atoi(p); /* parse 2nd hw counter value */
-+		hwcounter2 = atol(p); /* parse 2nd hw counter value */
- 		counters++;
- 		while (*p && !isspace(*p)) p++; /* parse over counter value */
- 		while (isspace(*p)) p++;
-@@ -285,13 +285,13 @@ void check_icastats(int algo_id, char *stat)
- 	}
- 	p++;
- 	while (isspace(*p)) p++;
--	swcounter1 = atoi(p); /* parse 1st sw counter value */
-+	swcounter1 = atol(p); /* parse 1st sw counter value */
- 	counters++;
- 	while (*p && !isspace(*p)) p++; /* parse over counter value */
- 	while (isspace(*p)) p++;
- 	/* maybe another counter value follows */
- 	if (isdigit(*p)) {
--		swcounter2 = atoi(p); /* parse 2nd sw counter value */
-+		swcounter2 = atol(p); /* parse 2nd sw counter value */
- 		counters++;
- 	}
- 
diff --git a/SOURCES/libica-3.6.1-key-length.patch b/SOURCES/libica-3.6.1-key-length.patch
deleted file mode 100644
index 295036d..0000000
--- a/SOURCES/libica-3.6.1-key-length.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From db1ad6f64d96c6dba2be5af5a4ecd7ceb8f92cf2 Mon Sep 17 00:00:00 2001
-From: Joerg Schmidbauer <jschmidb@de.ibm.com>
-Date: Wed, 18 Mar 2020 16:48:43 +0100
-Subject: [PATCH] Fix DES and TDES key length.
-
-Although a DES key has only 56 effective bits, all 64 bits must be
-considered, because the parity bits are spread over all 8 bytes of
-the key.
-
-Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
----
- src/ica_api.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/src/ica_api.c b/src/ica_api.c
-index b80c6e3..eb6b154 100644
---- a/src/ica_api.c
-+++ b/src/ica_api.c
-@@ -48,6 +48,8 @@
- #define DEFAULT2_CRYPT_DEVICE "/dev/z90crypt"
- #define DEFAULT3_CRYPT_DEVICE "/dev/zcrypt"
- 
-+#define DES_KEY_LEN64		(64/8)
-+
- #define MAX_VERSION_LENGTH 16
- 
- int ica_fallbacks_enabled = 1;
-@@ -125,9 +127,9 @@ static unsigned int check_des_parms(unsigned int mode,
- 
- #ifdef ICA_FIPS
- static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) {
--	if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LENGTH)
--	    | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LENGTH)
--	    | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LENGTH))
-+	if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LEN64)
-+	    | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LEN64)
-+	    | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LEN64))
- 		return EINVAL;
- 
- 	return 0;
diff --git a/SOURCES/libica-3.3.3-annotate.patch b/SOURCES/libica-3.7.0-annotate.patch
similarity index 59%
rename from SOURCES/libica-3.3.3-annotate.patch
rename to SOURCES/libica-3.7.0-annotate.patch
index b18f331..95d76fe 100644
--- a/SOURCES/libica-3.3.3-annotate.patch
+++ b/SOURCES/libica-3.7.0-annotate.patch
@@ -1,12 +1,12 @@
-diff -up libica-3.3.3/src/Makefile.am.annotate libica-3.3.3/src/Makefile.am
---- libica-3.3.3/src/Makefile.am.annotate	2018-09-20 08:25:50.892538076 -0400
-+++ libica-3.3.3/src/Makefile.am	2018-09-20 08:26:14.162538076 -0400
+diff -up libica-3.7.0/src/Makefile.am.annotate libica-3.7.0/src/Makefile.am
+--- libica-3.7.0/src/Makefile.am.annotate	2020-05-22 09:28:25.945954296 +0200
++++ libica-3.7.0/src/Makefile.am	2020-05-22 09:28:33.784975197 +0200
 @@ -8,7 +8,7 @@ lib_LTLIBRARIES = libica.la
  
  libica_la_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include -I${srcdir}/../include \
  		   -fvisibility=hidden -pthread
 -libica_la_CCASFLAGS = ${AM_CFLAGS}
 +libica_la_CCASFLAGS = ${AM_CFLAGS} -Wa,--generate-missing-build-notes=yes
- libica_la_LIBADD = @LIBS@ -lrt -lcrypto
+ libica_la_LIBADD = @LIBS@ -lrt -lcrypto -ldl
  libica_la_LDFLAGS = -Wl,--version-script=${srcdir}/../libica.map \
  		    -version-number ${VERSION}
diff --git a/SOURCES/libica-3.7.0-fips.patch b/SOURCES/libica-3.7.0-fips.patch
new file mode 100644
index 0000000..f6b0d7e
--- /dev/null
+++ b/SOURCES/libica-3.7.0-fips.patch
@@ -0,0 +1,31 @@
+From 34ae2c50cbe595ae475f5e3491c39f3b2dbe8a67 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
+Date: Wed, 15 Jul 2020 10:58:10 +0200
+Subject: [libica PATCH] fix library filename for FIPS integrity check
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes: https://github.com/opencryptoki/libica/issues/45
+
+Signed-off-by: Dan Horák <dan@danny.cz>
+---
+ src/fips.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/fips.c b/src/fips.c
+index 07310c3..2bf11f5 100644
+--- a/src/fips.c
++++ b/src/fips.c
+@@ -306,7 +306,7 @@ static void fips_lib_integrity_check(void)
+ {
+ 	int rc;
+ 	char path[PATH_MAX];
+-	const char *libname = "libica.so";
++	const char *libname = "libica.so.3";
+ 	const char *symbolname = "ica_sha256";
+ 
+ 	rc = get_library_path(libname, symbolname, path, sizeof(path));
+-- 
+2.26.2
+
diff --git a/SPECS/libica.spec b/SPECS/libica.spec
index d8e8f24..5b71c62 100644
--- a/SPECS/libica.spec
+++ b/SPECS/libica.spec
@@ -1,20 +1,17 @@
 Summary: Library for accessing ICA hardware crypto on IBM z Systems
 Name: libica
-Version: 3.6.1
-Release: 2%{?dist}.1
+Version: 3.7.0
+Release: 2%{?dist}
 License: CPL
 Group: System Environment/Libraries
 URL: https://github.com/opencryptoki/
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
 # annotate assembler source
 # https://bugzilla.redhat.com/show_bug.cgi?id=1630582
-Patch1: %{name}-3.3.3-annotate.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1789052
-# https://github.com/opencryptoki/libica/commit/58c1073a585443146332c5a3b5536eb5e6c6493d
-Patch2: %{name}-3.6.1-counter.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1847535
-# https://github.com/opencryptoki/libica/commit/db1ad6f64d96c6dba2be5af5a4ecd7ceb8f92cf2
-Patch3: %{name}-3.6.1-key-length.patch
+Patch0: %{name}-3.7.0-annotate.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1857130
+# https://github.com/opencryptoki/libica/pull/46
+Patch1: %{name}-3.7.0-fips.patch
 BuildRequires: gcc
 BuildRequires: openssl-devel
 BuildRequires: autoconf
@@ -83,9 +80,13 @@ fi
 
 
 %changelog
-* Thu Jun 25 2020 Dan Horák <dhorak@redhat.com> - 3.6.1-2.1
-- fix DES and TDES key length (#1847535)
-- Resolves: #1847535
+* Mon Jul 20 2020 Dan Horák <dhorak@redhat.com> - 3.7.0-2
+- fix FIPS integrity validation (#1857130)
+- Resolves: #1857130
+
+* Thu May 21 2020 Dan Horák <dhorak@redhat.com> - 3.7.0-1
+- updated to 3.7.0 (#1780299)
+- Resolves: #1780299
 
 * Thu Jan 09 2020 Dan Horák <dhorak@redhat.com> - 3.6.1-2
 - fix overflow in icastats counters (#1789052)