import libica-3.7.0-2.el8

2020-11-03 06:49:15 -05:00 · 2020-11-03 06:49:15 -05:00 · 3442c59781
commit 3442c59781
parent 0ff4cc32ae
7 changed files with 50 additions and 259 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/libica-3.6.1.tar.gz
+SOURCES/libica-3.7.0.tar.gz
--- a/.libica.metadata
+++ b/.libica.metadata
@ -1 +1 @@
-e4ed7750d1b296f1866275467fbbf9e368d579f5 SOURCES/libica-3.6.1.tar.gz
+8192d14867a4f7bf812ef48e830431a5e471270f SOURCES/libica-3.7.0.tar.gz
--- a/SOURCES/libica-3.6.1-counter.patch
+++ b/SOURCES/libica-3.6.1-counter.patch
@ -1,201 +0,0 @@
 From 58c1073a585443146332c5a3b5536eb5e6c6493d Mon Sep 17 00:00:00 2001
 From: Joerg Schmidbauer <jschmidb@de.ibm.com>
 Date: Wed, 27 Nov 2019 15:54:29 +0100
 Subject: [PATCH] Fix icastats counter format
 icastats counters displayed negative numbers for counts
 higher than 31 bits in size. Now using 64-bit unsigned values.
 Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
 ---
 src/icastats.c         | 18 +++++++++---------
 src/icastats_shared.c  | 32 ++++++++++++++++----------------
 src/include/icastats.h |  6 +++---
 test/icastats_test.c   | 10 +++++-----
 4 files changed, 33 insertions(+), 33 deletions(-)
 diff --git a/src/icastats.c b/src/icastats.c
 index 3896ad1..fa1dcff 100644
 --- a/src/icastats.c
 +++ b/src/icastats.c
@@ -10,7 +10,7 @@
  *             Benedikt Klotz <benedikt.klotz@de.ibm.com>
  *             Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com>
  *
 - * Copyright IBM Corp. 2009, 2010, 2011, 2014
 + * Copyright IBM Corp. 2009-2019
  */
 #include <stdio.h>
@@ -24,7 +24,7 @@
 #include "icastats.h"
 #define CMD_NAME "icastats"
 -#define COPYRIGHT "Copyright IBM Corp. 2009, 2010, 2011, 2014."
 +#define COPYRIGHT "Copyright IBM Corp. 2009-2019"
 void print_version(void)
 {
@@ -69,24 +69,24 @@ const char *const STATS_DESC[ICA_NUM_STATS] = {
 -#define CELL_SIZE 10
 +#define CELL_SIZE 12
 void print_stats(stats_entry_t *stats)
 {
 -	printf(" function       |           hardware       |            software\n");
 -	printf("----------------+--------------------------+-------------------------\n");
 -	printf("                |      ENC    CRYPT   DEC  |      ENC    CRYPT   DEC \n");
 -	printf("----------------+--------------------------+-------------------------\n");
 +	printf(" function       |             hardware         |              software\n");
 +	printf("----------------+------------------------------+-----------------------------\n");
 +	printf("                |        ENC    CRYPT     DEC  |        ENC     CRYPT    DEC \n");
 +	printf("----------------+------------------------------+-----------------------------\n");
 	unsigned int i;
 	for (i = 0; i < ICA_NUM_STATS; ++i){
 		if(i<=ICA_STATS_RSA_CRT){
 -			printf(" %14s |      %*d          |       %*d\n",
 +			printf(" %14s |        %*lu          |         %*lu\n",
 			       STATS_DESC[i],
 			       CELL_SIZE,
 			       stats[i].enc.hw,
 			       CELL_SIZE,
 			       stats[i].enc.sw);
 		} else{
 -			printf(" %14s |%*d     %*d |%*d    %*d\n",
 +			printf(" %14s |%*lu     %*lu |%*lu    %*lu\n",
 			       STATS_DESC[i],
 			       CELL_SIZE,
 			       stats[i].enc.hw,
 diff --git a/src/icastats_shared.c b/src/icastats_shared.c
 index ecd9c59..f3b24d9 100644
 --- a/src/icastats_shared.c
 +++ b/src/icastats_shared.c
@@ -34,18 +34,18 @@ static stats_entry_t *stats = NULL;
 volatile int stats_shm_handle = NOT_INITIALIZED;
 -static inline void atomic_add(int *x, int i)
 +static inline void atomic_add(uint64_t *x, uint64_t i)
 {
 -	int old;
 -	int new;
 -	asm volatile ("	l	%0,%2\n"
 -		      "0:	lr	%1,%0\n"
 -		      "	ar	%1,%3\n"
 -		      "	cs	%0,%1,%2\n"
 -		      "	jl	0b"
 -		      :"=&d" (old), "=&d"(new), "=Q"(*x)
 -		      :"d"(i), "Q"(*x)
 -		      :"cc", "memory");
 +    uint64_t old;
 +    uint64_t new;
 +    asm volatile ("   lg      %0,%2\n"
 +                  "0: lgr     %1,%0\n"
 +                  "   agr     %1,%3\n"
 +                  "   csg     %0,%1,%2\n"
 +                  "   jl      0b"
 +                 :"=&d" (old), "=&d"(new), "=Q"(*x)
 +                 :"d"(i), "Q"(*x)
 +                 :"cc", "memory");
 }
@@ -125,7 +125,7 @@ void stats_munmap(int unlink)
  * @direction - valid values are ENCRYPT and DECRYPT
  */
 -uint32_t stats_query(stats_fields_t field, int hardware, int direction)
 +uint64_t stats_query(stats_fields_t field, int hardware, int direction)
 {
 	if (stats == NULL)
 		return 0;
@@ -277,14 +277,14 @@ void stats_increment(stats_fields_t field, int hardware, int direction)
 	if(direction == ENCRYPT)
 		if (hardware == ALGO_HW)
 -			atomic_add((int *)&stats[field].enc.hw, 1);
 +			atomic_add(&stats[field].enc.hw, 1);
 		else
 -			atomic_add((int *)&stats[field].enc.sw, 1);
 +			atomic_add(&stats[field].enc.sw, 1);
 	else
 		if (hardware == ALGO_HW)
 -			atomic_add((int *)&stats[field].dec.hw, 1);
 +			atomic_add(&stats[field].dec.hw, 1);
 		else
 -			atomic_add((int *)&stats[field].dec.sw, 1);
 +			atomic_add(&stats[field].dec.sw, 1);
 }
 #endif
 diff --git a/src/include/icastats.h b/src/include/icastats.h
 index 53af8ba..f373263 100644
 --- a/src/include/icastats.h
 +++ b/src/include/icastats.h
@@ -18,8 +18,8 @@
 typedef struct crypt_opts{
 -	uint32_t hw;
 -	uint32_t sw;
 +	uint64_t hw;
 +	uint64_t sw;
 } crypt_opts_t;
 typedef struct statis_entry {
@@ -159,7 +159,7 @@ typedef enum stats_fields {
 int stats_mmap(int user);
 void stats_munmap(int unlink);
 -uint32_t stats_query(stats_fields_t field, int hardware, int direction);
 +uint64_t stats_query(stats_fields_t field, int hardware, int direction);
 void get_stats_data(stats_entry_t *entries);
 void stats_increment(stats_fields_t field, int hardware, int direction);
 int get_stats_sum(stats_entry_t *sum);
 diff --git a/test/icastats_test.c b/test/icastats_test.c
 index 4527d48..c7ac447 100644
 --- a/test/icastats_test.c
 +++ b/test/icastats_test.c
@@ -239,7 +239,7 @@ void check_icastats(int algo_id, char *stat)
 	char cmd[256], line[256], *p;
 	FILE *f;
 	int i, hw, rc=-1, counters=0;
 -	int hwcounter1=0, hwcounter2=0, swcounter1=0, swcounter2=0;
 +	uint64_t hwcounter1=0, hwcounter2=0, swcounter1=0, swcounter2=0;
 	hw = check_hw(algo_id);
 	if (hw < 0) return; /* unknown algo_id */
@@ -267,13 +267,13 @@ void check_icastats(int algo_id, char *stat)
 	if (!p) goto out; /* no | in the output. Wrong algo string ? */
 	p++;
 	while (isspace(*p)) p++;
 -	hwcounter1 = atoi(p); /* parse 1st hw counter value */
 +	hwcounter1 = atol(p); /* parse 1st hw counter value */
 	counters++;
 	while (*p && !isspace(*p)) p++; /* parse over counter value */
 	while (isspace(*p)) p++;
 	/* now either a | or another counter value follows */
 	if (isdigit(*p)) {
 -		hwcounter2 = atoi(p); /* parse 2nd hw counter value */
 +		hwcounter2 = atol(p); /* parse 2nd hw counter value */
 		counters++;
 		while (*p && !isspace(*p)) p++; /* parse over counter value */
 		while (isspace(*p)) p++;
@@ -285,13 +285,13 @@ void check_icastats(int algo_id, char *stat)
 	}
 	p++;
 	while (isspace(*p)) p++;
 -	swcounter1 = atoi(p); /* parse 1st sw counter value */
 +	swcounter1 = atol(p); /* parse 1st sw counter value */
 	counters++;
 	while (*p && !isspace(*p)) p++; /* parse over counter value */
 	while (isspace(*p)) p++;
 	/* maybe another counter value follows */
 	if (isdigit(*p)) {
 -		swcounter2 = atoi(p); /* parse 2nd sw counter value */
 +		swcounter2 = atol(p); /* parse 2nd sw counter value */
 		counters++;
 	}
--- a/SOURCES/libica-3.6.1-key-length.patch
+++ b/SOURCES/libica-3.6.1-key-length.patch
@ -1,40 +0,0 @@
 From db1ad6f64d96c6dba2be5af5a4ecd7ceb8f92cf2 Mon Sep 17 00:00:00 2001
 From: Joerg Schmidbauer <jschmidb@de.ibm.com>
 Date: Wed, 18 Mar 2020 16:48:43 +0100
 Subject: [PATCH] Fix DES and TDES key length.
 Although a DES key has only 56 effective bits, all 64 bits must be
 considered, because the parity bits are spread over all 8 bytes of
 the key.
 Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
 ---
 src/ica_api.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
 diff --git a/src/ica_api.c b/src/ica_api.c
 index b80c6e3..eb6b154 100644
 --- a/src/ica_api.c
 +++ b/src/ica_api.c
@@ -48,6 +48,8 @@
 #define DEFAULT2_CRYPT_DEVICE "/dev/z90crypt"
 #define DEFAULT3_CRYPT_DEVICE "/dev/zcrypt"
 +#define DES_KEY_LEN64		(64/8)
 +
 #define MAX_VERSION_LENGTH 16
 int ica_fallbacks_enabled = 1;
@@ -125,9 +127,9 @@ static unsigned int check_des_parms(unsigned int mode,
 #ifdef ICA_FIPS
 static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) {
 -	if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LENGTH)
 -	    | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LENGTH)
 -	    | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LENGTH))
 +	if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LEN64)
 +	    | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LEN64)
 +	    | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LEN64))
 		return EINVAL;
 	return 0;
--- a/SOURCES/libica-3.7.0-annotate.patch
+++ b/SOURCES/libica-3.7.0-annotate.patch
@ -1,12 +1,12 @@
-diff -up libica-3.3.3/src/Makefile.am.annotate libica-3.3.3/src/Makefile.am
+diff -up libica-3.7.0/src/Makefile.am.annotate libica-3.7.0/src/Makefile.am
--- libica-3.3.3/src/Makefile.am.annotate	2018-09-20 08:25:50.892538076 -0400
+--- libica-3.7.0/src/Makefile.am.annotate	2020-05-22 09:28:25.945954296 +0200
-+++ libica-3.3.3/src/Makefile.am	2018-09-20 08:26:14.162538076 -0400
+++ libica-3.7.0/src/Makefile.am	2020-05-22 09:28:33.784975197 +0200
@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libica.la
 libica_la_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include -I${srcdir}/../include \
 		   -fvisibility=hidden -pthread
 -libica_la_CCASFLAGS = ${AM_CFLAGS}
 +libica_la_CCASFLAGS = ${AM_CFLAGS} -Wa,--generate-missing-build-notes=yes
- libica_la_LIBADD = @LIBS@ -lrt -lcrypto
+ libica_la_LIBADD = @LIBS@ -lrt -lcrypto -ldl
 libica_la_LDFLAGS = -Wl,--version-script=${srcdir}/../libica.map \
 		    -version-number ${VERSION}
--- a/SOURCES/libica-3.7.0-fips.patch
+++ b/SOURCES/libica-3.7.0-fips.patch
@ -0,0 +1,31 @@
 From 34ae2c50cbe595ae475f5e3491c39f3b2dbe8a67 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
 Date: Wed, 15 Jul 2020 10:58:10 +0200
 Subject: [libica PATCH] fix library filename for FIPS integrity check
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Fixes: https://github.com/opencryptoki/libica/issues/45
 Signed-off-by: Dan Horák <dan@danny.cz>
 ---
 src/fips.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/fips.c b/src/fips.c
 index 07310c3..2bf11f5 100644
 --- a/src/fips.c
 +++ b/src/fips.c
@@ -306,7 +306,7 @@ static void fips_lib_integrity_check(void)
 {
 	int rc;
 	char path[PATH_MAX];
 -	const char *libname = "libica.so";
 +	const char *libname = "libica.so.3";
 	const char *symbolname = "ica_sha256";
 	rc = get_library_path(libname, symbolname, path, sizeof(path));
 -- 
 2.26.2
--- a/SPECS/libica.spec
+++ b/SPECS/libica.spec
@ -1,20 +1,17 @@
 Summary: Library for accessing ICA hardware crypto on IBM z Systems
 Name: libica
-Version: 3.6.1
+Version: 3.7.0
-Release: 2%{?dist}.1
+Release: 2%{?dist}
 License: CPL
 Group: System Environment/Libraries
 URL: https://github.com/opencryptoki/
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
 # annotate assembler source
 # https://bugzilla.redhat.com/show_bug.cgi?id=1630582
-Patch1: %{name}-3.3.3-annotate.patch
+Patch0: %{name}-3.7.0-annotate.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=1789052
+# https://bugzilla.redhat.com/show_bug.cgi?id=1857130
-# https://github.com/opencryptoki/libica/commit/58c1073a585443146332c5a3b5536eb5e6c6493d
+# https://github.com/opencryptoki/libica/pull/46
-Patch2: %{name}-3.6.1-counter.patch
+Patch1: %{name}-3.7.0-fips.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1847535
 # https://github.com/opencryptoki/libica/commit/db1ad6f64d96c6dba2be5af5a4ecd7ceb8f92cf2
 Patch3: %{name}-3.6.1-key-length.patch
 BuildRequires: gcc
 BuildRequires: openssl-devel
 BuildRequires: autoconf
@ -83,9 +80,13 @@ fi
 %changelog
-* Thu Jun 25 2020 Dan Horák <dhorak@redhat.com> - 3.6.1-2.1
+* Mon Jul 20 2020 Dan Horák <dhorak@redhat.com> - 3.7.0-2
- fix DES and TDES key length (#1847535)
+- fix FIPS integrity validation (#1857130)
- Resolves: #1847535
+- Resolves: #1857130
 * Thu May 21 2020 Dan Horák <dhorak@redhat.com> - 3.7.0-1
 - updated to 3.7.0 (#1780299)
 - Resolves: #1780299
 * Thu Jan 09 2020 Dan Horák <dhorak@redhat.com> - 3.6.1-2
 - fix overflow in icastats counters (#1789052)
`@ -1 +1 @@`
	`SOURCES/libica-3.6.1.tar.gz`	`SOURCES/libica-3.7.0.tar.gz`
`@ -1 +1 @@`
	`e4ed7750d1b296f1866275467fbbf9e368d579f5 SOURCES/libica-3.6.1.tar.gz`	`8192d14867a4f7bf812ef48e830431a5e471270f SOURCES/libica-3.7.0.tar.gz`