rpms/libica
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- updated to 3.8.0 (#1869532)

Browse Source 
- eliminate SW fallback functions (#1924119)
- updated for OpenSSL 3.0 (#1952946)
- disable FIPS support (broken)
- Resolves: #1869532 #1924119 #1952946
This commit is contained in:
Dan Horák 2021-05-31 19:14:42 +02:00
parent 16e2a32802
commit a2afcdab91
7 changed files with 153 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitignore vendored
View File

@ -1,21 +1,2 @@
libica-2.0.3.tar.gz /libica-*.tgz
/libica-2.0.4.tar.gz /libica-*.tar.gz
/libica-2.0.6.tar.gz
/libica-2.1.0.tar.gz
/libica-2.1.1.tar.gz
/libica-2.2.0.tar.gz
/libica-2.3.0.tar.gz
/libica-2.4.2.tgz
/libica-2.6.1.tgz
/libica-2.6.2.tgz
/libica-3.0.1.tgz
/libica-3.0.2.tgz
/libica-3.1.1.tgz
/libica-3.2.0.tgz
/libica-3.3.2.tar.gz
/libica-3.3.3.tar.gz
/libica-3.4.0.tar.gz
/libica-3.5.0.tar.gz
/libica-3.6.0.tar.gz
/libica-3.6.1.tar.gz
/libica-3.7.0.tar.gz

31
libica-3.7.0-fips.patch
View File

@ -1,31 +0,0 @@
From 34ae2c50cbe595ae475f5e3491c39f3b2dbe8a67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Wed, 15 Jul 2020 10:58:10 +0200
Subject: [libica PATCH] fix library filename for FIPS integrity check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes: https://github.com/opencryptoki/libica/issues/45
Signed-off-by: Dan Horák <dan@danny.cz>
---
src/fips.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/fips.c b/src/fips.c
index 07310c3..2bf11f5 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -306,7 +306,7 @@ static void fips_lib_integrity_check(void)
{
int rc;
char path[PATH_MAX];
- const char *libname = "libica.so";
+ const char *libname = "libica.so.3";
const char *symbolname = "ica_sha256";
rc = get_library_path(libname, symbolname, path, sizeof(path));
--
2.26.2

39
libica-3.7.0-annotate.patch → libica-3.8.0-annotate.patch
View File

@ -1,7 +1,7 @@
From cdc316c106722d4107961315d809232f5801338d Mon Sep 17 00:00:00 2001 From 0e4592f46c6c4a94eef66257af423d57c73af134 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz> From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Tue, 25 Sep 2018 13:44:32 +0200 Date: Tue, 25 Sep 2018 13:44:32 +0200
Subject: [PATCH] add build note to assembler sources Subject: [libica PATCH] add build note to assembler sources
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8 Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit Content-Transfer-Encoding: 8bit
@ -21,14 +21,14 @@ Signed-off-by: Dan Horák <dan@danny.cz>
--- ---
configure.ac | 4 ++++ configure.ac | 4 ++++
libica.spec | 2 +- libica.spec | 2 +-
src/Makefile.am | 2 +- src/Makefile.am | 4 ++--
3 files changed, 6 insertions(+), 2 deletions(-) 3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index e401afb..071a0e6 100644 index ae6370c..bc2fff4 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -92,12 +92,16 @@ if test "x$enable_coverage" = xno && test "x$enable_debug" = xno && test "x$enab @@ -99,12 +99,16 @@ if test "x$enable_coverage" = xno && test "x$enable_debug" = xno && test "x$enab
FLAGS="$FLAGS -O3 -D_FORTIFY_SOURCE=2" FLAGS="$FLAGS -O3 -D_FORTIFY_SOURCE=2"
fi fi
@ -46,7 +46,7 @@ index e401afb..071a0e6 100644
AC_OUTPUT AC_OUTPUT
diff --git a/libica.spec b/libica.spec diff --git a/libica.spec b/libica.spec
index f28651f..f6f3e8b 100644 index 812b73d..3461b65 100644
--- a/libica.spec --- a/libica.spec
+++ b/libica.spec +++ b/libica.spec
@@ -9,7 +9,7 @@ URL: https://github.com/opencryptoki/libica @@ -9,7 +9,7 @@ URL: https://github.com/opencryptoki/libica
@ -59,18 +59,25 @@ index f28651f..f6f3e8b 100644
%description %description
Interface library on Linux for IBM System z to utilize CPACF Interface library on Linux for IBM System z to utilize CPACF
diff --git a/src/Makefile.am b/src/Makefile.am diff --git a/src/Makefile.am b/src/Makefile.am
index 5e69dab..3a42258 100644 index 4a1ef14..d6f7f7f 100644
--- a/src/Makefile.am --- a/src/Makefile.am
+++ b/src/Makefile.am +++ b/src/Makefile.am
@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libica.la @@ -30,13 +30,13 @@ SOURCES_common = ica_api.c init.c icastats_shared.c s390_rsa.c \
include/rng.h
libica_la_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include -I${srcdir}/../include \ libica_la_CFLAGS = ${CFLAGS_common} -DLIBNAME=\"libica\"
-fvisibility=hidden -pthread
-libica_la_CCASFLAGS = ${AM_CFLAGS} -libica_la_CCASFLAGS = ${AM_CFLAGS}
+libica_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS} +libica_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
libica_la_LIBADD = @LIBS@ -lrt -lcrypto -ldl libica_la_LIBADD = ${LIBS_common}
libica_la_LDFLAGS = -Wl,--version-script=${srcdir}/../libica.map \ libica_la_LDFLAGS = ${LDFLAGS_common}
-version-number ${VERSION} libica_la_SOURCES = ${SOURCES_common}
--
2.26.2 libica_cex_la_CFLAGS = ${CFLAGS_common} -DNO_CPACF -DNO_SW_FALLBACKS -DLIBNAME=\"libica-cex\"
-libica_cex_la_CCASFLAGS = ${AM_CFLAGS}
+libica_cex_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
libica_cex_la_LIBADD = ${LIBS_common}
libica_cex_la_LDFLAGS = ${LDFLAGS_common}
libica_cex_la_SOURCES = ${SOURCES_common}
--
2.26.3

67
libica-3.8.0-configure.patch Normal file
View File

@ -0,0 +1,67 @@
From a70dfe13b7dd2914ad29175ae026284bd5461e0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Mon, 24 May 2021 12:21:55 +0000
Subject: [PATCH] fix handling of --disable-foo options
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Currently passing eg. --disable-debug actually enables the debug build
as one would expect from --enable-debug. The fix is to omit setting the
enable_foo variable as the "action-if-given" parameter of AC_ARG_ENABLE,
because it handles both the --enable and --disable forms.
Signed-off-by: Dan Horák <dan@danny.cz>
---
configure.ac | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/configure.ac b/configure.ac
index ae6370c..9dc4786 100644
--- a/configure.ac
+++ b/configure.ac
@@ -35,7 +35,7 @@ FLAGS="-Wall -Wextra -mzarch"
dnl --- enable_debug
AC_ARG_ENABLE(debug,
[ --enable-debug turn on debugging flags],
- [enable_debug="yes"],[enable_debug="no"])
+ [],[enable_debug="no"])
AM_CONDITIONAL(DEBUG, test x$enable_debug = xyes)
if test "x$enable_debug" = xyes; then
@@ -46,7 +46,7 @@ fi
dnl --- enable_coverage
AC_ARG_ENABLE(coverage,
[ --enable-coverage turn on coverage testing],
- [enable_coverage="yes"],[enable_coverage="no"])
+ [],[enable_coverage="no"])
AM_CONDITIONAL(COVERAGE, test x$enable_coverage = xyes)
if test "x$enable_coverage" = xyes; then
@@ -57,7 +57,7 @@ fi
dnl --- enable_fips
AC_ARG_ENABLE(fips,
[ --enable-fips built with FIPS mode support],
- [enable_fips="yes"],[enable_fips="no"])
+ [],[enable_fips="no"])
AM_CONDITIONAL(ICA_FIPS, test x$enable_fips = xyes)
if test "x$enable_fips" = xyes; then
@@ -74,7 +74,7 @@ fi
dnl --- enable_sanitizer
AC_ARG_ENABLE(sanitizer,
[ --enable-sanitizer turn on sanitizer (may not work on all systems)],
- [enable_sanitizer="yes"],[enable_sanitizer="no"])
+ [],[enable_sanitizer="no"])
AM_CONDITIONAL(SANITIZER, test x$enable_sanitizer = xyes)
if test "x$enable_sanitizer" = xyes; then
@@ -86,7 +86,7 @@ fi
dnl --- enable_internal tests
AC_ARG_ENABLE(internal_tests,
[ --enable-internal-tests built internal tests],
- [enable_internal_tests="yes"],[enable_internal_tests="no"])
+ [],[enable_internal_tests="no"])
AM_CONDITIONAL(ICA_INTERNAL_TESTS, test x$enable_internal_tests = xyes)
if test "x$enable_internal_tests" = xyes; then

24
libica-3.8.0-no-eddsa-test.patch Normal file
View File

@ -0,0 +1,24 @@
From 83909cdc63550b3151e76d727fe161a9ef71ab6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Mon, 31 May 2021 19:01:01 +0200
Subject: [libica PATCH] disable eddsa test - broken with OpenSSL 3.0
---
test/Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/test/Makefile.am b/test/Makefile.am
index f889a97..428982d 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -54,7 +54,6 @@ ecdsa1_test.sh \
ec_keygen2_test.sh \
ecdh2_test.sh \
ecdsa2_test.sh \
-eddsa_test \
x_test \
mp_test
--
2.26.3

46
libica.spec
View File

@ -1,19 +1,27 @@
# generally broken in 3.8.0 and also not ready for OpenSSL 3.0
# https://github.com/opencryptoki/libica/issues/58
# https://github.com/opencryptoki/libica/issues/62
%global with_fips 0
Summary: Library for accessing ICA hardware crypto on IBM z Systems Summary: Library for accessing ICA hardware crypto on IBM z Systems
Name: libica Name: libica
Version: 3.7.0 Version: 3.8.0
Release: 6%{?dist} Release: 1%{?dist}
License: CPL License: CPL
URL: https://github.com/opencryptoki/ URL: https://github.com/opencryptoki/
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
# annotate assembler source # annotate assembler source
# https://bugzilla.redhat.com/show_bug.cgi?id=1630582 # https://bugzilla.redhat.com/show_bug.cgi?id=1630582
# https://github.com/opencryptoki/libica/pull/24 # https://github.com/opencryptoki/libica/pull/24
Patch0: %{name}-3.7.0-annotate.patch Patch0: %{name}-3.8.0-annotate.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1857130 # https://github.com/opencryptoki/libica/commit/a70dfe13b7dd2914ad29175ae026284bd5461e0e
# https://github.com/opencryptoki/libica/pull/46 Patch1: %{name}-3.8.0-configure.patch
Patch1: %{name}-3.7.0-fips.patch # https://github.com/opencryptoki/libica/issues/61
# temporarily disable (OpenSSL 3.0)
Patch2: %{name}-3.8.0-no-eddsa-test.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: openssl
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: libtool BuildRequires: libtool
@ -46,13 +54,19 @@ sh ./bootstrap.sh
%build %build
%configure --disable-static --enable-fips %configure --disable-static \
%if %{with_fips}
--enable-fips
%else
--disable-fips
%endif
%make_build %make_build
%install %install
%make_install %make_install
rm $RPM_BUILD_ROOT%{_libdir}/libica.la rm %{buildroot}%{_libdir}/libica*.la
rm %{buildroot}%{_pkgdocdir}/{INSTALL,README.md}
%check %check
@ -65,19 +79,33 @@ fi
%files %files
%doc AUTHORS LICENSE ChangeLog %doc AUTHORS LICENSE ChangeLog
%exclude %{_pkgdocdir}/{INSTALL,README.md}
%{_bindir}/icainfo %{_bindir}/icainfo
%{_bindir}/icainfo-cex
%{_bindir}/icastats %{_bindir}/icastats
%if %{with_fips}
%{_libdir}/.libica.*.hmac
%{_libdir}/.libica-cex.*.hmac
%endif
%{_libdir}/libica.so.* %{_libdir}/libica.so.*
%{_libdir}/libica-cex.so.*
%{_mandir}/man1/icainfo.1* %{_mandir}/man1/icainfo.1*
%{_mandir}/man1/icainfo-cex.1*
%{_mandir}/man1/icastats.1* %{_mandir}/man1/icastats.1*
%files devel %files devel
%{_includedir}/* %{_includedir}/*
%{_libdir}/libica.so %{_libdir}/libica.so
%{_libdir}/libica-cex.so
%changelog %changelog
* Fri May 21 2021 Dan Horák <dan[at]danny.cz> - 3.8.0-1
- updated to 3.8.0 (#1869532)
- eliminate SW fallback functions (#1924119)
- updated for OpenSSL 3.0 (#1952946)
- disable FIPS support (broken)
- Resolves: #1869532 #1924119 #1952946
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.0-6 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.0-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

2
sources
View File

@ -1 +1 @@
SHA512 (libica-3.7.0.tar.gz) = dfb3be2b6e745c19af916acee5ad7fdefdae35d8d0758289f11a5c427455fcb56b193a1c0c7c7a168076bc108120b8d68a811df322d321a2c6911899e93add9e SHA512 (libica-3.8.0.tar.gz) = 18441420c5a8a6b79151146c982f6fac4b346f8dfd60c17aee488fc982509281754ae8e81636a653cc094f4e34c007dab2e764f16b6fef022a584ce9110c6994