From 4b8a1ffdfbd9b3077a58a3f459a1bc42a2f1280d Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 17 May 2022 06:33:11 -0400 Subject: [PATCH] import libica-4.0.0-1.el9 --- .gitignore | 1 + .libica.metadata | 1 + SOURCES/libica-4.0.0-annotate.patch | 83 ++++ SOURCES/libica-4.0.0-fixes.patch | 646 ++++++++++++++++++++++++++++ SPECS/libica.spec | 336 +++++++++++++++ 5 files changed, 1067 insertions(+) create mode 100644 .gitignore create mode 100644 .libica.metadata create mode 100644 SOURCES/libica-4.0.0-annotate.patch create mode 100644 SOURCES/libica-4.0.0-fixes.patch create mode 100644 SPECS/libica.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3621386 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libica-4.0.0.tar.gz diff --git a/.libica.metadata b/.libica.metadata new file mode 100644 index 0000000..b44dc46 --- /dev/null +++ b/.libica.metadata @@ -0,0 +1 @@ +9c18c8b990f8e21162364006cb60a3c9104eae19 SOURCES/libica-4.0.0.tar.gz diff --git a/SOURCES/libica-4.0.0-annotate.patch b/SOURCES/libica-4.0.0-annotate.patch new file mode 100644 index 0000000..3ad0e64 --- /dev/null +++ b/SOURCES/libica-4.0.0-annotate.patch @@ -0,0 +1,83 @@ +From daad2a867cff48a7c4322716917d63538b083284 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dan=20Hor=C3=A1k?= +Date: Tue, 25 Sep 2018 13:44:32 +0200 +Subject: [libica PATCH] add build note to assembler sources +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When distros use the annobin compiler plugin [1], they have complete overview +what compiler flags were used for compilation and they are able to perform +security checks on the produced binaries. Compiling assembler source can't +provide this kind of information by default, so we need the explicit +-Wa,--generate-missing-build-notes=yes option during build. When the option is +missing, then the annocheck tool reports "GAPS" in the resulting binary. + +binutils >= 2.31 or older with backport is needed + +[1] https://fedoraproject.org/wiki/Changes/Annobin + +Signed-off-by: Dan Horák +--- + configure.ac | 4 ++++ + libica.spec | 2 +- + src/Makefile.am | 4 ++-- + 3 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 958371c..b8d0e42 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -113,12 +113,16 @@ if test "x$enable_coverage" = xno && test "x$enable_debug" = xno && test "x$enab + FLAGS="$FLAGS -O3 -D_FORTIFY_SOURCE=2" + fi + ++# check if assembler can generate missing build notes, binutils >= 2.31 or older with backport is needed ++AX_CHECK_COMPILE_FLAG([-Wa,--generate-missing-build-notes=yes], [ICA_ASFLAGS="-Wa,--generate-missing-build-notes=yes"]) ++ + # restore cmdline flags (ignore PROG_AS/PROG_CC defaults) + CFLAGS="$cmdline_CFLAGS" + CCASFLAGS="$cmdline_CFLAGS" + + AC_SUBST([FLAGS], $FLAGS) + AC_SUBST([LIBS], $LIBS) ++AC_SUBST([ICA_ASFLAGS], $ICA_ASFLAGS) + AC_CONFIG_FILES([Makefile doc/Makefile include/Makefile src/Makefile test/Makefile]) + AC_OUTPUT + +diff --git a/libica.spec b/libica.spec +index d71890a..e51430e 100644 +--- a/libica.spec ++++ b/libica.spec +@@ -9,7 +9,7 @@ URL: https://github.com/opencryptoki/libica + Source0: %{name}-%{version}.tar.gz + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +-BuildRequires: autoconf automake libtool openssl-devel ++BuildRequires: autoconf automake libtool openssl-devel autoconf-archive + + %description + Interface library on Linux for IBM System z to utilize CPACF +diff --git a/src/Makefile.am b/src/Makefile.am +index c630048..1b5ec71 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -31,13 +31,13 @@ SOURCES_common = ica_api.c init.c icastats_shared.c s390_rsa.c \ + include/rng.h + + libica_la_CFLAGS = ${CFLAGS_common} -DLIBNAME=\"libica\" +-libica_la_CCASFLAGS = ${AM_CFLAGS} ++libica_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS} + libica_la_LIBADD = ${LIBS_common} + libica_la_LDFLAGS = ${LDFLAGS_common} + libica_la_SOURCES = ${SOURCES_common} + + libica_cex_la_CFLAGS = ${CFLAGS_common} -DNO_CPACF -DLIBNAME=\"libica-cex\" +-libica_cex_la_CCASFLAGS = ${AM_CFLAGS} ++libica_cex_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS} + libica_cex_la_LIBADD = ${LIBS_common} + libica_cex_la_LDFLAGS = ${LDFLAGS_common} + libica_cex_la_SOURCES = ${SOURCES_common} +-- +2.31.1 + diff --git a/SOURCES/libica-4.0.0-fixes.patch b/SOURCES/libica-4.0.0-fixes.patch new file mode 100644 index 0000000..67c41da --- /dev/null +++ b/SOURCES/libica-4.0.0-fixes.patch @@ -0,0 +1,646 @@ +From 977fe8ac713f9ff3101ce9882e23d0183fb46ec8 Mon Sep 17 00:00:00 2001 +From: Joerg Schmidbauer +Date: Wed, 15 Dec 2021 16:29:57 +0100 +Subject: [libica PATCH 01/10] RSA: limit RSA key length to 4096 + +CEX adapters support RSA up to 4096 bits. Although RSA key generation +in libica is done via openssl, and therefore even greater key lengths +would be supported, such keys could not be processed on CEX adapters +afterwards. With the removal of sw fallbacks this is now a hard +restriction. + +Signed-off-by: Joerg Schmidbauer +--- + include/ica_api.h | 4 ++++ + src/ica_api.c | 13 ++++++++++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/include/ica_api.h b/include/ica_api.h +index ce27261..6137c4a 100644 +--- a/include/ica_api.h ++++ b/include/ica_api.h +@@ -1291,6 +1291,7 @@ int ica_ed448_ctx_del(ICA_ED448_CTX **ctx); + * + * @return 0 if successful. + * EINVAL if at least one invalid parameter is given. ++ * EPERM if modulus bit length is greater than 4096 (CEX adapter restriction). + * EFAULT if OpenSSL key generation should fail. + */ + ICA_EXPORT +@@ -1319,6 +1320,7 @@ unsigned int ica_rsa_key_generate_mod_expo(ica_adapter_handle_t adapter_handle, + * + * @return 0 if successful. + * EINVAL if at least one invalid parameter is given. ++ * EPERM if modulus bit length is greater than 4096 (CEX adapter restriction). + * EFAULT if OpenSSL key generation should fail. + */ + ICA_EXPORT +@@ -1346,6 +1348,7 @@ unsigned int ica_rsa_key_generate_crt(ica_adapter_handle_t adapter_handle, + * + * @return 0 if successful. + * EINVAL if at least one invalid parameter is given. ++ * EPERM if key bit length is greater than 4096 (CEX adapter restriction). + * ENOMEM if memory allocation fails. + * EIO if the operation fails. This should never happen. + */ +@@ -1375,6 +1378,7 @@ unsigned int ica_rsa_mod_expo(ica_adapter_handle_t adapter_handle, + * + * @return 0 if successful. + * EINVAL if at least one invalid parameter is given. ++ * EPERM if key bit length is greater than 4096 (CEX adapter restriction). + * ENOMEM if memory allocation fails. + * EIO if the operation fails. This should never happen. + */ +diff --git a/src/ica_api.c b/src/ica_api.c +index 445b0ab..a412052 100644 +--- a/src/ica_api.c ++++ b/src/ica_api.c +@@ -52,6 +52,8 @@ + + #define MAX_VERSION_LENGTH 16 + ++#define MAX_RSA_KEY_BITS 4096 ++ + #ifndef NO_SW_FALLBACKS + int ica_fallbacks_enabled = 1; + #else +@@ -1071,9 +1073,12 @@ unsigned int ica_rsa_key_generate_mod_expo(ica_adapter_handle_t adapter_handle, + /* Keys should comply with modulus_bit_length */ + if ((modulus_bit_length + 7) / 8 != public_key->key_length) + return EINVAL; +- /* Minimum length for public exponent is sizeof(unsigned long) */ ++ /* Minimum key length is sizeof(unsigned long) */ + if (public_key->key_length < sizeof(unsigned long)) + return EINVAL; ++ /* Max key bit length is 4096 because of CEX adapter restriction */ ++ if (modulus_bit_length > MAX_RSA_KEY_BITS) ++ return EPERM; + + /* OpenSSL takes only exponents of type unsigned long, so we have to + * be sure that we give a value of the right size to OpenSSL. +@@ -1111,6 +1116,8 @@ unsigned int ica_rsa_key_generate_crt(ica_adapter_handle_t adapter_handle, + return EINVAL; + if (public_key->key_length < sizeof(unsigned long)) + return EINVAL; ++ if (modulus_bit_length > MAX_RSA_KEY_BITS) ++ return EPERM; + + num_ignored_bytes = public_key->key_length - sizeof(unsigned long); + public_exponent = public_key->exponent; +@@ -1145,6 +1152,8 @@ unsigned int ica_rsa_mod_expo(ica_adapter_handle_t adapter_handle, + + if (rsa_key->key_length < sizeof(unsigned long)) + return EINVAL; ++ if (rsa_key->key_length * 8 > MAX_RSA_KEY_BITS) ++ return EPERM; + + /* fill driver structure */ + rb.inputdata = (unsigned char *)input_data; +@@ -1264,6 +1273,8 @@ unsigned int ica_rsa_crt(ica_adapter_handle_t adapter_handle, + + if (rsa_key->key_length < sizeof(unsigned long)) + return EINVAL; ++ if (rsa_key->key_length * 8 > MAX_RSA_KEY_BITS) ++ return EPERM; + + /* fill driver structure */ + rb.inputdata = (unsigned char *)input_data; +-- +2.34.1 + + +From 553977ef505b43c7d17056369ed518a971d43d68 Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Wed, 5 Jan 2022 09:07:51 +0100 +Subject: [libica PATCH 02/10] ECC: fix memory leaks in make_eckey() + +Signed-off-by: Ingo Franzki +--- + src/s390_ecc.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/src/s390_ecc.c b/src/s390_ecc.c +index bb13944..af121b0 100644 +--- a/src/s390_ecc.c ++++ b/src/s390_ecc.c +@@ -146,12 +146,12 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen) + EC_GROUP *group = NULL; + EC_POINT *point = NULL; + BIGNUM *bn_priv = NULL; +- unsigned char *pub_key = NULL; +- unsigned int pub_key_len; +- point_conversion_form_t form; + #if !OPENSSL_VERSION_PREREQ(3, 0) + EC_KEY *ec_key; + #else ++ unsigned char *pub_key = NULL; ++ unsigned int pub_key_len; ++ point_conversion_form_t form; + OSSL_PARAM_BLD *tmpl = NULL; + int rc; + #endif +@@ -175,18 +175,13 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen) + goto err; + } + +- form = EC_GROUP_get_point_conversion_form(group); +- pub_key_len = EC_POINT_point2buf(group, point, form, &pub_key, NULL); +- if (pub_key_len == 0) { +- goto err; +- } +- + #if !OPENSSL_VERSION_PREREQ(3, 0) + ec_key = EC_KEY_new_by_curve_name(nid); + if (ec_key == NULL) { + goto err; + } + ++ EC_POINT_free(point); + point = EC_POINT_new(EC_KEY_get0_group(ec_key)); + if (point == NULL) { + goto err; +@@ -209,6 +204,11 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen) + } + + #else ++ form = EC_GROUP_get_point_conversion_form(group); ++ pub_key_len = EC_POINT_point2buf(group, point, form, &pub_key, NULL); ++ if (pub_key_len == 0) { ++ goto err; ++ } + + tmpl = OSSL_PARAM_BLD_new(); + if (tmpl == NULL) { +@@ -243,6 +243,8 @@ err: + #else + if (tmpl) + OSSL_PARAM_BLD_free(tmpl); ++ if (pub_key) ++ OPENSSL_free(pub_key); + #endif + + if (ok) +-- +2.34.1 + + +From b41addd200c0938c6c10202da08ad5f7df940e18 Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Wed, 5 Jan 2022 09:15:58 +0100 +Subject: [libica PATCH 03/10] ECC: Avoid recursive loop in ec_key_check() with + OpenSSL 3.0 + +Use libica's OpenSSL library context in ec_key_check(), otherwise +calling EVP_PKEY_fromdata() in build_pkey_from_params() may cause +a recursive loop, when a provider is used that calls ica_ec_key_init() +(and thus ec_key_check()) within its key import function. + +Signed-off-by: Ingo Franzki +--- + src/s390_ecc.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/s390_ecc.c b/src/s390_ecc.c +index af121b0..c0c1549 100644 +--- a/src/s390_ecc.c ++++ b/src/s390_ecc.c +@@ -2458,6 +2458,8 @@ int ec_key_check(ICA_EC_KEY *ica_key) + BIGNUM *d = NULL, *x = NULL, *y = NULL; + int privlen, rc = EINVAL; + ++ BEGIN_OPENSSL_LIBCTX(openssl_libctx, rc); ++ + if (!ica_key) + goto done; + +@@ -2489,6 +2491,7 @@ done: + if (privkey) + EVP_PKEY_free(privkey); + ++ END_OPENSSL_LIBCTX(rc); + return rc; + } + +-- +2.34.1 + + +From 6031ec80a5ada52609822fed4a6bd2cccafe5563 Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Wed, 5 Jan 2022 09:26:26 +0100 +Subject: [libica PATCH 04/10] RSA: Fix memory leaks in + rsa_key_generate_mod_expo()/crt() + +Also fix a compiler warning in rsa_key_generate(). + +Signed-off-by: Ingo Franzki +--- + src/s390_rsa.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/s390_rsa.c b/src/s390_rsa.c +index 360c374..cea2ba2 100644 +--- a/src/s390_rsa.c ++++ b/src/s390_rsa.c +@@ -128,7 +128,8 @@ EVP_PKEY* rsa_key_generate(unsigned int modulus_bit_length, + } while (*public_exponent <= 2 || !(*public_exponent % 2)); + } + +- e = BN_bin2bn(public_exponent, sizeof(unsigned long), NULL); ++ e = BN_bin2bn((const unsigned char *)public_exponent, ++ sizeof(unsigned long), NULL); + if (e == NULL) { + goto done; + } +@@ -259,6 +260,8 @@ err: + #if !OPENSSL_VERSION_PREREQ(3, 0) + RSA_free(rsa); + #else ++ BN_free(n); ++ BN_free(d); + EVP_PKEY_free(pkey); + #endif + +@@ -410,6 +413,12 @@ err: + #if !OPENSSL_VERSION_PREREQ(3, 0) + RSA_free(rsa); + #else ++ BN_free(n); ++ BN_free(p); ++ BN_free(q); ++ BN_free(dmp1); ++ BN_free(dmq1); ++ BN_free(iqmp); + EVP_PKEY_free(pkey); + #endif + +-- +2.34.1 + + +From b49cf457659a4baf382b3828d89823497bb00f6e Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Thu, 13 Jan 2022 10:42:02 +0100 +Subject: [libica PATCH 05/10] EC: Handle unsupported EC curve in + ica_ec_key_new() + +In case of an unsupported curve nid, privlen_from_nid() returns -1. +The subsequent calloc() will fail with a size of -3 (0xfffffffffffffffd). + +Also free the already allocated key in case of an error to avoid a +memory leak. + +Signed-off-by: Ingo Franzki +--- + src/ica_api.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/ica_api.c b/src/ica_api.c +index a412052..0a885e2 100644 +--- a/src/ica_api.c ++++ b/src/ica_api.c +@@ -1336,9 +1336,15 @@ ICA_EC_KEY* ica_ec_key_new(unsigned int nid, unsigned int *privlen) + + /* allocate clear memory for the 3 key parts */ + len = privlen_from_nid(nid); ++ if (len <= 0) { ++ free(key); ++ return NULL; ++ } + key->X = calloc(1, 3*len); +- if (!key->X) ++ if (!key->X) { ++ free(key); + return NULL; ++ } + + key->nid = nid; + key->Y = key->X + len; +-- +2.34.1 + + +From 7e6e303e6aef019047eb6dfcdedbfe7da2a88526 Mon Sep 17 00:00:00 2001 +From: Joerg Schmidbauer +Date: Tue, 11 Jan 2022 16:04:15 +0100 +Subject: [libica PATCH 06/10] Compute HMAC from installed library + +The HMAC hash was computed from the libica in the build tree, but +the runtime check is run against the installed libica and those 2 +files may be different. E.g. if the runtime one has debuginfo stripped +(and placed into a separate file), the hashes are different. +This commit introduces a new make target: fipsinstall, which creates +the HMAC files in the install directory. + +Signed-off-by: Joerg Schmidbauer +--- + Makefile.am | 9 ++++----- + src/Makefile.am | 8 +++++++- + 2 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 2d8ab9e..e14abb5 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -17,11 +17,8 @@ coverage: check + cd ${top_builddir}/src && gcov .libs/*.gcda + + if ICA_FIPS +-install-data-hook: +- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica.so.$(VERSION).hmac $(DESTDIR)$(libdir) +- cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION).hmac .libica.so.$(MAJOR).hmac +- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION).hmac $(DESTDIR)$(libdir) +- cd $(DESTDIR)$(libdir) && ln -sf .libica-cex.so.$(VERSION).hmac .libica-cex.so.$(MAJOR).hmac ++fipsinstall: ++ $(AM_V_GEN)$(MAKE) -C src fipsinstall + if ICA_OPENSSL3 + test -f $(DESTDIR)$(sysconfdir)/libica || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/libica + test -f $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || $(INSTALL) -m 644 ${top_builddir}/src/openssl3-fips.cnf $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || true +@@ -38,3 +35,5 @@ if ICA_OPENSSL3 + endif + endif + ++.PHONY: fipsinstall ++ +diff --git a/src/Makefile.am b/src/Makefile.am +index c630048..4c92c96 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -47,6 +47,12 @@ mp.S : mp.pl + ./mp.pl mp.S + + if ICA_FIPS ++fipsinstall: ++ $(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica.so.$(VERSION1).hmac ++ $(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac ++ $(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica-cex.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica-cex.so.$(VERSION1).hmac ++ $(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -s .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac ++ + hmac-file-lnk: hmac-file + $(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac + $(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac +@@ -110,4 +116,4 @@ internal_tests_ec_internal_test_SOURCES = \ + include/rng.h ../test/testcase.h + endif + +-.PHONY: hmac-file hmac-file-lnk ++.PHONY: hmac-file hmac-file-lnk fipsinstall +-- +2.34.1 + + +From 28fa931bed9e6847137829952a3e7cc6091bd071 Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Mon, 24 Jan 2022 10:24:44 +0100 +Subject: [libica PATCH 07/10] Fix compile warnings + +... like potentially uninitialized variables or unused functions. + +Signed-off-by: Ingo Franzki +--- + src/fips.c | 4 ++-- + src/ica_api.c | 2 +- + src/s390_ecc.c | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/fips.c b/src/fips.c +index 934f6f7..505dd0b 100644 +--- a/src/fips.c ++++ b/src/fips.c +@@ -1304,8 +1304,8 @@ rsa_kat(void) + ica_adapter_handle_t ah; + const struct rsa_tv *tv; + size_t i, keylen, crtparamlen; +- unsigned char *out; +- libica_func_list_element* libica_func_list; ++ unsigned char *out = NULL; ++ libica_func_list_element* libica_func_list = NULL; + unsigned int count; + + if (ica_open_adapter(&ah)) +diff --git a/src/ica_api.c b/src/ica_api.c +index 0a885e2..a10e139 100644 +--- a/src/ica_api.c ++++ b/src/ica_api.c +@@ -90,6 +90,7 @@ void ica_set_stats_mode(int stats_mode) + ica_stats_enabled = stats_mode ? 1 : 0; + } + ++#ifndef NO_CPACF + #ifdef ICA_FIPS + static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) { + if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LEN64) +@@ -101,7 +102,6 @@ static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) { + } + #endif + +-#ifndef NO_CPACF + static unsigned int check_des_parms(unsigned int mode, + unsigned long data_length, + const unsigned char *in_data, +diff --git a/src/s390_ecc.c b/src/s390_ecc.c +index c0c1549..211db01 100644 +--- a/src/s390_ecc.c ++++ b/src/s390_ecc.c +@@ -147,7 +147,7 @@ static EVP_PKEY *make_eckey(int nid, const unsigned char *p, size_t plen) + EC_POINT *point = NULL; + BIGNUM *bn_priv = NULL; + #if !OPENSSL_VERSION_PREREQ(3, 0) +- EC_KEY *ec_key; ++ EC_KEY *ec_key = NULL; + #else + unsigned char *pub_key = NULL; + unsigned int pub_key_len; +@@ -262,7 +262,7 @@ static EVP_PKEY *make_public_eckey(int nid, unsigned char *pubkey, size_t publen + { + int ok = 0; + #if !OPENSSL_VERSION_PREREQ(3, 0) +- EC_KEY *ec_key; ++ EC_KEY *ec_key = NULL; + #else + OSSL_PARAM_BLD *tmpl = NULL; + int rc; +-- +2.34.1 + + +From cc44f18383ec6dc01a05abd6c25a1dec8efe84cb Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Mon, 24 Jan 2022 10:32:47 +0100 +Subject: [libica PATCH 08/10] Fix memory leaks in test programs + +When configured with --enable-sanitizer some tests fail because +the address sanitizer reports memory leaks. + +Signed-off-by: Ingo Franzki +--- + test/ec_keygen_test.c | 6 +++++- + test/ecdh_test.c | 13 ++++++++++++- + test/ecdsa_test.c | 3 +++ + test/icastats_test.c.in | 1 + + 4 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/test/ec_keygen_test.c b/test/ec_keygen_test.c +index 43c6092..0445c41 100644 +--- a/test/ec_keygen_test.c ++++ b/test/ec_keygen_test.c +@@ -115,6 +115,8 @@ int main(int argc, char **argv) + + rc = ica_ec_key_generate(adapter_handle, eckey); + if (rc) { ++ ica_ec_key_free(eckey); ++ eckey = NULL; + if (rc == EPERM) { + V_(printf("Curve %d not supported on this system, skipping ...\n", eckeygen_tests[i].nid)); + continue; +@@ -156,12 +158,14 @@ int main(int argc, char **argv) + } + } + } ++ ++ ica_ec_key_free(eckey); ++ eckey = NULL; + } + + if (test_failed) + errors++; + +- ica_ec_key_free(eckey); + unset_env_icapath(); + } + +diff --git a/test/ecdh_test.c b/test/ecdh_test.c +index 9a81036..e1191d0 100644 +--- a/test/ecdh_test.c ++++ b/test/ecdh_test.c +@@ -339,6 +339,8 @@ int main(int argc, char **argv) + + rc = ica_ec_key_init(ecdh_kats[i].xa, ecdh_kats[i].ya, ecdh_kats[i].da, eckey_A); + if (rc != 0) { ++ ica_ec_key_free(eckey_A); ++ eckey_A = NULL; + if (rc == EPERM) { + V_(printf("Curve %d not supported on this system, skipping ...\n", ecdh_kats[i].nid)); + continue; +@@ -350,11 +352,18 @@ int main(int argc, char **argv) + } + + eckey_B = ica_ec_key_new(ecdh_kats[i].nid, &privlen); +- if (!eckey_B) ++ if (!eckey_B) { ++ ica_ec_key_free(eckey_A); ++ eckey_A = NULL; + continue; ++ } + + rc = ica_ec_key_init(ecdh_kats[i].xb, ecdh_kats[i].yb, ecdh_kats[i].db, eckey_B); + if (rc != 0) { ++ ica_ec_key_free(eckey_B); ++ eckey_B = NULL; ++ ica_ec_key_free(eckey_A); ++ eckey_A = NULL; + if (rc == EPERM) { + V_(printf("Curve %d not supported on this system, skipping ...\n", ecdh_kats[i].nid)); + continue; +@@ -415,7 +424,9 @@ int main(int argc, char **argv) + errors++; + + ica_ec_key_free(eckey_A); ++ eckey_A = NULL; + ica_ec_key_free(eckey_B); ++ eckey_B = NULL; + unset_env_icapath(); + } + +diff --git a/test/ecdsa_test.c b/test/ecdsa_test.c +index 3b6bda3..2393882 100644 +--- a/test/ecdsa_test.c ++++ b/test/ecdsa_test.c +@@ -225,6 +225,8 @@ int main(int argc, char **argv) + + rc = ica_ec_key_init(ecdsa_kats[i].x, ecdsa_kats[i].y, ecdsa_kats[i].d, eckey); + if (rc != 0) { ++ ica_ec_key_free(eckey); ++ eckey = NULL; + if (rc == EPERM) { + V_(printf("Curve %d not supported on this system, skipping ...\n", ecdsa_kats[i].nid)); + continue; +@@ -274,6 +276,7 @@ int main(int argc, char **argv) + errors++; + + ica_ec_key_free(eckey); ++ eckey = NULL; + unset_env_icapath(); + } + +diff --git a/test/icastats_test.c.in b/test/icastats_test.c.in +index 98905a9..f0d1212 100644 +--- a/test/icastats_test.c.in ++++ b/test/icastats_test.c.in +@@ -186,6 +186,7 @@ int is_crypto_card_loaded() + } + if((c = fgetc(file)) == '1'){ + fclose(file); ++ closedir(sysDir); + return 1; + } + fclose(file); +-- +2.34.1 + + +From 9c6431f49a9fe0d574722954e018b4cba6ab085b Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Mon, 24 Jan 2022 14:33:57 +0100 +Subject: [libica PATCH 09/10] FIPS: Calculation of library HMAC may fail + +Initialize length variable before calling EVP_DigestSignFinal(). +If hlen is uninitialized it may cause EVP_DigestSignFinal() to fail. + +Signed-off-by: Ingo Franzki +--- + src/fips.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/fips.c b/src/fips.c +index 505dd0b..129a1a7 100644 +--- a/src/fips.c ++++ b/src/fips.c +@@ -333,6 +333,7 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen) + } + } + ++ hlen = sizeof(rbuf); + if (EVP_DigestSignFinal(mdctx, rbuf, &hlen) <= 0) + goto end; + +-- +2.34.1 + + +From 5aa9366c236a6d17570403ef81c65e4f5f91a8af Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Wed, 26 Jan 2022 09:29:27 +0100 +Subject: [libica PATCH 10/10] MAKEFILE: Do not install ec_internal_test + +Signed-off-by: Ingo Franzki +--- + src/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 4c92c96..d6f5c52 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -90,7 +90,7 @@ icastats_SOURCES = icastats.c icastats_shared.c include/icastats.h + # internal tests + + if ICA_INTERNAL_TESTS +-bin_PROGRAMS += internal_tests/ec_internal_test ++noinst_PROGRAMS = internal_tests/ec_internal_test + + internal_tests_ec_internal_test_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include \ + -I${srcdir}/../include \ +-- +2.34.1 + diff --git a/SPECS/libica.spec b/SPECS/libica.spec new file mode 100644 index 0000000..adf5c4e --- /dev/null +++ b/SPECS/libica.spec @@ -0,0 +1,336 @@ +%global with_fips 1 + +Summary: Library for accessing ICA hardware crypto on IBM z Systems +Name: libica +Version: 4.0.0 +Release: 1%{?dist} +License: CPL +URL: https://github.com/opencryptoki/ +Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz +# annotate assembler source +# https://bugzilla.redhat.com/show_bug.cgi?id=1630582 +# https://github.com/opencryptoki/libica/pull/24 +Patch0: %{name}-4.0.0-annotate.patch +# post GA fixes, includes HMAC calculation +Patch1: %{name}-4.0.0-fixes.patch +BuildRequires: gcc +BuildRequires: openssl-devel +BuildRequires: openssl +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: autoconf-archive +BuildRequires: perl(FindBin) +BuildRequires: perl(lib) +BuildRequires: make +ExclusiveArch: s390 s390x + +%description +A library of functions and utilities for accessing ICA hardware crypto on +IBM z Systems. + + +%package devel +Summary: Development tools for programs to access ICA hardware crypto on IBM z Systems +Requires: %{name} = %{version}-%{release} +Requires: openssl-devel + +%description devel +The libica-devel package contains the header files and static +libraries necessary for developing programs accessing ICA hardware crypto on +IBM z Systems. + + +%prep +%autosetup -p1 + +sh ./bootstrap.sh + + +%build +%configure --disable-static \ +%if %{with_fips} + --enable-fips +%else + --disable-fips +%endif +%make_build + + +%install +%make_install +rm %{buildroot}%{_libdir}/libica*.la +rm %{buildroot}%{_pkgdocdir}/{INSTALL,README.md} + + +%check +# mock doesn't provide the device, so check here +# https://github.com/rpm-software-management/mock/issues/33 +if [ -c /dev/hwrng -o -c /dev/prandom ]; then + make check +fi + +%if %{with_fips} +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + make fipsinstall DESTDIR=%{buildroot} + %{nil} +%endif + +%files +%doc AUTHORS LICENSE ChangeLog +%{_bindir}/icainfo +%{_bindir}/icainfo-cex +%{_bindir}/icastats +%if %{with_fips} +%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9 +# openssl 3.0 is available since Fedora 36 and RHEL 9 +%dir %{_sysconfdir}/libica +%{_sysconfdir}/libica/openssl3-fips.cnf +%endif +%{_libdir}/.libica.*.hmac +%{_libdir}/.libica-cex.*.hmac +%endif +%{_libdir}/libica.so.* +%{_libdir}/libica-cex.so.* +%{_mandir}/man1/icainfo.1* +%{_mandir}/man1/icainfo-cex.1* +%{_mandir}/man1/icastats.1* + +%files devel +%{_includedir}/* +%{_libdir}/libica.so +%{_libdir}/libica-cex.so + + +%changelog +* Tue Feb 01 2022 Dan Horák - 4.0.0-1 +- updated to 4.0.0 (#2040237) +- Resolves: #2040237 + +* Mon Aug 09 2021 Mohan Boddu - 3.8.0-3 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jun 16 2021 Florian Weimer - 3.8.0-2 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Fri May 21 2021 Dan Horák - 3.8.0-1 +- updated to 3.8.0 (#1869532) +- eliminate SW fallback functions (#1924119) +- updated for OpenSSL 3.0 (#1952946) +- disable FIPS support (broken) +- Resolves: #1869532 #1924119 #1952946 + +* Fri Apr 16 2021 Mohan Boddu - 3.7.0-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 3.7.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 3.7.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 22 2020 Dan Horák - 3.7.0-3 +- Use make macros (taken from PR#1 by ) +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Wed Jul 15 2020 Dan Horák - 3.7.0-2 +- fix FIPS integrity validation (#1857130) + +* Fri May 15 2020 Dan Horák - 3.7.0-1 +- updated to 3.7.0 + +* Wed Jan 29 2020 Fedora Release Engineering - 3.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Nov 26 2019 Dan Horák - 3.6.1-1 +- updated to 3.6.1 + +* Mon Sep 02 2019 Dan Horák - 3.6.0-1 +- updated to 3.6.0 + +* Thu Jul 25 2019 Fedora Release Engineering - 3.5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Wed Apr 24 2019 Dan Horák - 3.5.0-1 +- updated to 3.5.0 + +* Fri Feb 01 2019 Fedora Release Engineering - 3.4.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Nov 16 2018 Dan Horák - 3.4.0-1 +- updated to 3.4.0 + +* Fri Sep 21 2018 Dan Horák - 3.3.3-4 +- annotate assembler file (#1630582) + +* Fri Jul 13 2018 Fedora Release Engineering - 3.3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jun 13 2018 Dan Horák - 3.3.3-2 +- fix executable stack in assembler code + +* Tue Jun 12 2018 Dan Horák - 3.3.3-1 +- updated to 3.3.3 + +* Tue Apr 17 2018 Dan Horák - 3.3.2-1 +- updated to 3.3.2 + +* Wed Feb 07 2018 Fedora Release Engineering - 3.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Sep 25 2017 Dan Horák - 3.2.0-1 +- updated to 3.2.0 + +* Mon Sep 11 2017 Dan Horák - 3.1.1-1 +- updated to 3.1.1 + +* Thu Aug 03 2017 Fedora Release Engineering - 3.0.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.0.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Apr 18 2017 Dan Horák - 3.0.2-3 +- update BR + +* Fri Feb 10 2017 Fedora Release Engineering - 3.0.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Jan 18 2017 Dan Horák - 3.0.2-1 +- updated to 3.0.2 + +* Fri Jan 13 2017 Dan Horák - 3.0.1-2 +- check for /dev/prandom before running the test-suite + +* Fri Jan 13 2017 Dan Horák - 3.0.1-1 +- updated to 3.0.1 + +* Tue Apr 12 2016 Dan Horák - 2.6.2-1 +- updated to 2.6.2 + +* Thu Mar 17 2016 Dan Horák - 2.6.1-1 +- updated to 2.6.1 + +* Thu Feb 04 2016 Fedora Release Engineering - 2.4.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 2.4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Sep 01 2014 Dan Horák - 2.4.2-1 +- updated to 2.4.2 + +* Wed Jun 11 2014 Dan Horák - 2.3.0-5 +- fix build with recent kernels + +* Sat Jun 07 2014 Fedora Release Engineering - 2.3.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Mar 14 2014 Dan Horák - 2.3.0-3 +- add post release fix (#1066014) + +* Sat Aug 03 2013 Fedora Release Engineering - 2.3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri May 03 2013 Dan Horák - 2.3.0-1 +- updated to 2.3.0 + +* Thu Feb 14 2013 Fedora Release Engineering - 2.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Aug 17 2012 Dan Horák - 2.2.0-1 +- updated to 2.2.0 + +* Thu Jul 19 2012 Fedora Release Engineering - 2.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jan 16 2012 Dan Horák - 2.1.1-1 +- updated to 2.1.1 + +* Fri Jan 13 2012 Fedora Release Engineering - 2.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Jul 07 2011 Dan Horák - 2.1.0-1 +- updated to 2.1.0 with soname set back to 2.0 + +* Mon Apr 11 2011 Dan Horák - 2.0.6-1 +- updated to 2.0.6 + +* Tue Feb 08 2011 Fedora Release Engineering - 2.0.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Dan Horák - 2.0.4-1 +- Do not use sigill to wrap all HW instructions (#665401) +- updated to 2.0.4 + +* Tue Nov 9 2010 Dan Horák - 2.0.3-3 +- Fix the return value of old_api_sha_test() in libica_sha1_test (#624005) +- Use the right buffer length when operating in 32-bit mode (#640035) +- Resolves: #624005, #640035 + +* Fri May 21 2010 Dan Horák - 2.0.3-2 +- rebuilt with -fno-strict-aliasing (#593779) +- Resolves: #593779 + +* Thu Apr 22 2010 Dan Horák - 2.0.3-1 +- updated to 2.0.3 (#582607) +- Resolves: #582607 + +* Mon Apr 12 2010 Dan Horák - 2.0.2-3 +- add SIGILL handler for add_entropy (#581520) +- Resolves: #581520 + +* Tue Feb 16 2010 Dan Horák - 2.0.2-2 +- dropped the utils sub-package +- Related: #543948 + +* Tue Dec 08 2009 Dennis Gregorovic - 2.0.2-1.1 +- Rebuilt for RHEL 6 + +* Mon Aug 17 2009 Dan Horák - 2.0.2-1 +- update to 2.0.2 + +* Fri Jul 24 2009 Fedora Release Engineering - 2.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Apr 1 2009 Dan Horák - 2.0.1-1 +- update to 2.0.1 + +* Mon Mar 23 2009 Dan Horák - 2.0-1 +- update to 2.0 +- spec file cleanup before submitting to Fedora + +* Sun Sep 14 2008 Phil Knirsch - 1.3.7-8.el5 +- Added the icainfo tool to libica (#439484) + +* Tue Apr 01 2008 Phil Knirsch - 1.3.7-7.el5 +- Fixed build of libica with latest AES & SHA feature (#439390) + +* Tue Jan 15 2008 Phil Knirsch - 1.3.7-6.el5 +- Added Software Support for CP Assist Instructions AES & SHA (#318971) + +* Thu Nov 23 2006 Phil Knirsch - 1.3.7-5.el5 +- Fixed requires bug where devel packages would get wrong arch lib (#215908) + +* Fri Oct 13 2006 Phil Knirsch - 1.3.7-4 +- Fixed bug where libica fails to initialize when no crypto hardware is + available (#210504) +- Only build libica for s390(x), really only needed there. + +* Fri Sep 08 2006 Phil Knirsch - 1.3.7-3 +- Build for other archs as well due to openCryptoki requirement (#184631) + +* Fri Jul 14 2006 Tim Powers - 1.3.7-2 +- rebuild + +* Tue Jun 13 2006 Phil Knirsch - 1.3.7-1 +- Update to libica-1.3.7 final +- Fixed build on latest devel tree + +* Tue Apr 04 2006 Phil Knirsch - 1.3.6-rc3-1 +- Initial package.