updated to 2.1.0 with soname set back to 2.0

2011-07-07 12:06:36 +02:00 · 2011-07-07 12:06:36 +02:00 · 928359738f
commit 928359738f
parent 2fe44b49dc
5 changed files with 50 additions and 284 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 libica-2.0.3.tar.gz
 /libica-2.0.4.tar.gz
 /libica-2.0.6.tar.gz
 /libica-2.1.0.tar.gz
--- a/libica-2.0.3-remove-sigill.patch
+++ b/libica-2.0.3-remove-sigill.patch
@ -1,275 +0,0 @@
 [Bug 67452]: Do not use sigill to wrap all HW instructions.
 From: Felix Beck <felix.beck@de.ibm.com>
 As described in Bugzilla 67452 there is a performance problem using
 libica. This results from extensive usage of the signall handler to
 catch illegal signals from hw functions. This wrapping mechanism is
 removed. Instead we trust in the switches which are set during
 library initialization. This is enough to protect us from using
 illegal instructions.
 The performance impact of the former signal handler usage was
 dramatic.
 Signed-off-by: Felix Beck <felix.beck@de.ibm.com>
 diff -up libica-2/src/s390_aes.c.remove-sigill libica-2/src/s390_aes.c
 --- libica-2/src/s390_aes.c.remove-sigill	2009-02-04 16:19:22.000000000 +0100
 +++ libica-2/src/s390_aes.c	2011-01-04 11:53:08.000000000 +0100
@@ -24,23 +24,13 @@ static int s390_aes_ecb_hw(unsigned int 
 			   unsigned char *input_data, unsigned char *keys,
 			   unsigned char *output_data)
 {
 -	struct sigaction oldact;
 -	sigset_t oldset;
 -
 	int rc = 0;
 -	if ((rc = begin_sigill_section(&oldact, &oldset)) == 0) {
 -
 -		rc = s390_km(function_code, keys, output_data, input_data,
 -			     input_length);
 -
 -		end_sigill_section(&oldact, &oldset);
 -
 -		if (rc >= 0)
 -			return 0;
 -		else
 -			return EIO;
 -	}
 -	return rc;
 +	rc = s390_km(function_code, keys, output_data, input_data,
 +		     input_length);
 +	if (rc >= 0)
 +		return 0;
 +	else
 +		return EIO;
 }
 static int s390_aes_ecb_sw(unsigned int function_code, unsigned int input_length,
@@ -73,8 +63,6 @@ static int s390_aes_cbc_hw(unsigned int 
 			   unsigned char *input_data, ica_aes_vector_t *iv,
 			   unsigned char *keys, unsigned char *output_data)
 {
 -	struct sigaction oldact;
 -	sigset_t oldset;
 	struct {
 		ica_aes_vector_t iv;
 		ica_aes_key_len_256_t keys;
@@ -87,12 +75,8 @@ static int s390_aes_cbc_hw(unsigned int 
 	memcpy(&key_buffer.keys, keys, key_size);
 	int rc = 0;
 -	if ((rc = begin_sigill_section(&oldact, &oldset)) != 0)
 -		return rc;
 -
 	rc = s390_kmc(function_code, &key_buffer,
 		      output_data, input_data, input_length);
 -	end_sigill_section(&oldact, &oldset);
 	if (rc >= 0) {
 		memcpy(iv, &key_buffer.iv, sizeof(ica_aes_vector_t));
 diff -up libica-2/src/s390_des.c.remove-sigill libica-2/src/s390_des.c
 --- libica-2/src/s390_des.c.remove-sigill	2009-02-05 16:53:00.000000000 +0100
 +++ libica-2/src/s390_des.c	2011-01-04 11:53:08.000000000 +0100
@@ -25,20 +25,13 @@ int s390_des_ecb_hw(unsigned int functio
 		    unsigned char *output_data)
 {
 	int rc = 0;
 -	struct sigaction oldact;
 -	sigset_t oldset;
 -	if ((rc = begin_sigill_section(&oldact, &oldset)) == 0) {
 -		rc = s390_km(function_code, keys, output_data, input_data,
 -			     input_length);
 -
 -		end_sigill_section(&oldact, &oldset);
 -		
 -		if (rc >= 0)
 -			return 0;
 -		else
 -			return EIO;
 -	}
 -	return rc;
 +	rc = s390_km(function_code, keys, output_data, input_data,
 +		     input_length);
 +
 +	if (rc >= 0)
 +		return 0;
 +	else
 +		return EIO;
 }
@@ -109,8 +102,6 @@ static int s390_des_cbc_hw(unsigned int 
 			   unsigned char *input_data, ica_des_vector_t *iv,
 			   unsigned char *keys, unsigned char *output_data)
 {
 -	struct sigaction oldact;
 -	sigset_t oldset;
 	struct {
 		ica_des_vector_t iv;
 		ica_des_key_triple_t keys;
@@ -122,17 +113,13 @@ static int s390_des_cbc_hw(unsigned int 
 	memcpy(&key_buffer.iv, iv, sizeof(ica_des_vector_t));
 	memcpy(&key_buffer.keys, keys, key_size);
 -	if ((rc = begin_sigill_section(&oldact, &oldset)) == 0) {
 -		rc = s390_kmc(function_code, &key_buffer, output_data, input_data,
 -			      input_length);
 -		end_sigill_section(&oldact, &oldset);
 -		if (rc >= 0) {
 -			memcpy(iv, &key_buffer.iv, sizeof(ica_des_vector_t));
 -			return 0;
 -		} else
 -			rc = EIO;
 -	}
 -	return rc;
 +	rc = s390_kmc(function_code, &key_buffer, output_data, input_data,
 +		      input_length);
 +	if (rc >= 0) {
 +		memcpy(iv, &key_buffer.iv, sizeof(ica_des_vector_t));
 +		return 0;
 +	} else
 +		rc = EIO;
 }
 diff -up libica-2/src/s390_prng.c.remove-sigill libica-2/src/s390_prng.c
 --- libica-2/src/s390_prng.c.remove-sigill	2011-01-04 11:53:08.000000000 +0100
 +++ libica-2/src/s390_prng.c	2011-01-04 11:53:08.000000000 +0100
@@ -67,27 +67,22 @@ int s390_prng_init(void)
 {
 	sem_init(&semaphore, 0, 1);
 -	struct sigaction oldact;
 -	sigset_t oldset;
 	int rc = -1;
 -	if (begin_sigill_section(&oldact, &oldset) == 0) {
 -		int handle;
 -		unsigned char seed[16];
 -		handle = open("/dev/hwrng", O_RDONLY);
 -		if (!handle)
 -			handle = open("/dev/urandom", O_RDONLY);
 -		if (handle) {
 -			rc = read(handle, seed, sizeof(seed));
 -		        if (rc != -1)
 -				rc = s390_prng_seed(seed, sizeof(seed) /
 -						    sizeof(long long));
 -			close(handle);
 -		} else
 -			rc = ENODEV;
 +	int handle;
 +	unsigned char seed[16];
 +	handle = open("/dev/hwrng", O_RDONLY);
 +	if (!handle)
 +		handle = open("/dev/urandom", O_RDONLY);
 +	if (handle) {
 +		rc = read(handle, seed, sizeof(seed));
 +	        if (rc != -1)
 +			rc = s390_prng_seed(seed, sizeof(seed) /
 +					    sizeof(long long));
 +		close(handle);
 +	} else
 +		rc = ENODEV;
 	// If the original seeding failed, we should try to stir in some
 	// entropy anyway (since we already put out a message).
 -	}
 -	end_sigill_section(&oldact, &oldset);
 	s390_byte_count = 0;
 	if (rc < 0)
@@ -107,11 +102,9 @@ static int s390_add_entropy(void)
 	unsigned char entropy[4 * STCK_BUFFER];
 	unsigned int K;
 	int rc = 0;
 -	struct sigaction oldact;
 -	sigset_t oldset;
 -	if (begin_sigill_section(&oldact, &oldset) != 0)
 -		return errno;
 +	if (!prng_switch)
 +		return ENOTSUP;
 	for (K = 0; K < 16; K++) {
 		if ((s390_stck(entropy + 0 * STCK_BUFFER)) ||
@@ -145,7 +138,6 @@ out:
 		rc = 0;
 	else
 		rc = EIO;
 -	end_sigill_section(&oldact, &oldset);
 	return rc;
 }
@@ -190,12 +182,6 @@ static int s390_prng_hw(unsigned char *r
 	unsigned char last_dw[STCK_BUFFER];
 	int rc = 0;
 -	struct sigaction oldact;
 -	sigset_t oldset;
 -
 -	if ((rc = begin_sigill_section(&oldact, &oldset)) != 0)
 -		return rc;
 -
 	sem_wait(&semaphore);
 	/* Add some additional entropy when the byte count is reached.*/
@@ -239,7 +225,6 @@ static int s390_prng_hw(unsigned char *r
 			return EIO;
 	}
 -	end_sigill_section(&oldact, &oldset);
 	sem_post(&semaphore);
 	return rc;
@@ -252,10 +237,8 @@ static int s390_prng_hw(unsigned char *r
  */
 static int s390_prng_seed(void *srv, unsigned int count)
 {
 -	struct sigaction oldact;
 -	sigset_t oldset;
 -	if (begin_sigill_section(&oldact, &oldset) != 0)
 -		return errno;
 +	if (!prng_switch)
 +		return ENOTSUP;
 	unsigned int i;
 	int rc;
@@ -269,6 +252,5 @@ static int s390_prng_seed(void *srv, uns
 	// Stir one last time.
 	rc = s390_add_entropy();
 -	end_sigill_section(&oldact, &oldset);
 	return rc;
 }
 diff -up libica-2/src/s390_sha.c.remove-sigill libica-2/src/s390_sha.c
 --- libica-2/src/s390_sha.c.remove-sigill	2009-02-04 16:19:22.000000000 +0100
 +++ libica-2/src/s390_sha.c	2011-01-04 11:53:08.000000000 +0100
@@ -79,9 +79,6 @@ static int s390_sha_hw(unsigned char *iv
 	 * this can be at most 128 byte for the hash plus 16 byte for the
 	 * stream length. */
         unsigned char shabuff[128 + 16];
 -	struct sigaction oldact;
 -        sigset_t oldset;
 -
 	unsigned char *default_iv = sha_constants[sha_function].default_iv;
 	unsigned int hash_length = sha_constants[sha_function].hash_length;
 	unsigned int vector_length = sha_constants[sha_function].vector_length;
@@ -111,10 +108,6 @@ static int s390_sha_hw(unsigned char *iv
 	     message_part == SHA_MSG_PART_MIDDLE) && (remnant != 0))
                 return EINVAL;
 -        rc = begin_sigill_section(&oldact, &oldset);
 -        if (rc)
 -                return rc;
 -
 	unsigned int hw_function_code;
 	hw_function_code = sha_constants[sha_function].hw_function_code;
         if (complete_blocks_length) {
@@ -154,8 +147,6 @@ static int s390_sha_hw(unsigned char *iv
 			rc = 0;
         }
 -        end_sigill_section(&oldact, &oldset);
 -
         if (rc == 0) {
                 memcpy((void *)output_data, shabuff, hash_length);
                 if (message_part != SHA_MSG_PART_FINAL &&
--- a/libica-2.1-version.patch
+++ b/libica-2.1-version.patch
@ -0,0 +1,40 @@
 From 40d49d04da662c8ef27959fd50af51aa606e8046 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
 Date: Mon, 4 Jul 2011 17:19:28 +0200
 Subject: [PATCH] use a new variable for tracking the API version
 ---
 configure.in    |    3 +++
 src/Makefile.am |    2 +-
 2 files changed, 4 insertions(+), 1 deletions(-)
 diff --git a/configure.in b/configure.in
 index fc67245..663075f 100644
 --- a/configure.in
 +++ b/configure.in
@@ -3,6 +3,9 @@
 AC_INIT(libica, 2.1.0, hd@linux.vnet.ibm.com)
 +LIBICA_API=2.0
 +AC_SUBST(LIBICA_API)
 +
 cmdline_CFLAGS="$CFLAGS"
 # Compute $target
 diff --git a/src/Makefile.am b/src/Makefile.am
 index f1873b3..5903f27 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
@@ -2,7 +2,7 @@ INCLUDES = -I ./include -I ../include
 lib_LTLIBRARIES = libica.la
 -libica_la_LDFLAGS = -release $(PACKAGE_VERSION) -lrt -lcrypto
 +libica_la_LDFLAGS = -release $(LIBICA_API) -lrt -lcrypto
 libica_la_SOURCES = icalinux.c ica_api.c init.c icastats_shared.c \
 		    s390_rsa.c s390_crypto.c s390_des.c \
 -- 
 1.7.4.4
--- a/libica.spec
+++ b/libica.spec
@ -1,13 +1,13 @@
 Summary: Library for accessing ICA hardware crypto on IBM zSeries
 Name: libica
-Version: 2.0.6
+Version: 2.1.0
 Release: 1%{?dist}
 License: CPL
 Group: System Environment/Libraries
 URL: http://sourceforge.net/projects/opencryptoki/
 Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-%{version}.tar.gz
-# https://bugzilla.redhat.com/show_bug.cgi?id=624005
+# soname backwards compatibility
-Patch1: %{name}-2.0.3-tests.patch
+Patch0: %{name}-2.1-version.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: openssl-devel
 BuildRequires: autoconf automake libtool
@ -33,16 +33,13 @@ IBM zSeries.
 %prep
-%setup -q -n %{name}-2.0
+%setup -q -n %{name}-2.1
-%patch1 -p1 -b .tests
+%patch0 -p1 -b .version
 # fix EOLs
 sed -i -e 's/\r//g' LICENSE
 # update the version used in library name
 sed -i -e 's/2\.0\.6/2\.0/' configure.in
 sh ./bootstrap.sh
@ -82,6 +79,9 @@ rm -rf $RPM_BUILD_ROOT
 %changelog
 * Thu Jul 07 2011 Dan Horák <dan[at]danny.cz> - 2.1.0-1
 - updated to 2.1.0 with soname set back to 2.0
 * Mon Apr 11 2011 Dan Horák <dan[at]danny.cz> - 2.0.6-1
 - updated to 2.0.6
--- a/2
+++ b/2
@ -1 +1 @@
-a65988fd7e58b3e98989d188ea5fa9ae  libica-2.0.6.tar.gz
+53a350f038877a58f8f6a3c02a6c2715  libica-2.1.0.tar.gz
`@ -1 +1 @@`
	`a65988fd7e58b3e98989d188ea5fa9ae libica-2.0.6.tar.gz`	`53a350f038877a58f8f6a3c02a6c2715 libica-2.1.0.tar.gz`