Compare commits
2 Commits
39eeb44d54
...
270004b6c0
| Author | SHA1 | Date |
|---|---|---|
Dan Horák
|
270004b6c0 | |
|
Dan Horák
|
d3bac2d3f3 |
|
|
@ -0,0 +1 @@
|
|||
e7f7a7f714c793496294a5f865ad23d4c48866f9 libica-4.3.0.tar.gz
|
||||
|
|
@ -1,231 +0,0 @@
|
|||
From f09f1d0b48f3bf541f1300716fa5bdbbbe80a4a1 Mon Sep 17 00:00:00 2001
|
||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Date: Tue, 18 Jul 2023 09:21:54 +0200
|
||||
Subject: [libica PATCH] icastats: Fix summary option to display correct
|
||||
summary information
|
||||
|
||||
The '--summary' option of icastats did not display correct statistics since
|
||||
the introduction of per key keysize counters with libica version 4.0.0.
|
||||
|
||||
To display the correct summary counters, the all-key-size-counter values of an
|
||||
algorithm that supports multiple key sizes must be calculated like it is done
|
||||
in get_stats_data(). Adjust get_stats_data() function and friends so that it
|
||||
now also can be called from get_stats_sum() and can optionally operate on a
|
||||
specified statistics segment (i.e. the one where the summary statistics have
|
||||
been calculated in), not just the global one.
|
||||
|
||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
---
|
||||
src/icastats.c | 4 +-
|
||||
src/icastats_shared.c | 102 +++++++++++++++++++++++------------------
|
||||
src/include/icastats.h | 5 +-
|
||||
3 files changed, 62 insertions(+), 49 deletions(-)
|
||||
|
||||
diff --git a/src/icastats.c b/src/icastats.c
|
||||
index e98617f..07b0d50 100644
|
||||
--- a/src/icastats.c
|
||||
+++ b/src/icastats.c
|
||||
@@ -302,7 +302,7 @@ int main(int argc, char *argv[])
|
||||
perror("malloc: ");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
- get_stats_data(entries);
|
||||
+ get_stats_data(NULL, entries);
|
||||
if (json) {
|
||||
print_stats_json(entries, usr);
|
||||
} else {
|
||||
@@ -358,7 +358,7 @@ int main(int argc, char *argv[])
|
||||
perror("malloc: ");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
- get_stats_data(stats);
|
||||
+ get_stats_data(NULL, stats);
|
||||
if (json) {
|
||||
pswd = getpwuid(user == -1 ? geteuid() : (uid_t)user);
|
||||
if (pswd == NULL) {
|
||||
diff --git a/src/icastats_shared.c b/src/icastats_shared.c
|
||||
index 8290239..f8e8563 100644
|
||||
--- a/src/icastats_shared.c
|
||||
+++ b/src/icastats_shared.c
|
||||
@@ -124,39 +124,46 @@ void stats_munmap(int user, int unlink)
|
||||
* @direction - valid values are ENCRYPT and DECRYPT
|
||||
*/
|
||||
|
||||
-uint64_t stats_query(stats_fields_t field, int hardware, int direction)
|
||||
+uint64_t stats_query(stats_entry_t *source, stats_fields_t field,
|
||||
+ int hardware, int direction)
|
||||
{
|
||||
- if (stats == NULL)
|
||||
+ if (source == NULL)
|
||||
+ source = stats;
|
||||
+
|
||||
+ if (source == NULL)
|
||||
return 0;
|
||||
|
||||
if (direction == ENCRYPT)
|
||||
if (hardware == ALGO_HW)
|
||||
- return stats[field].enc.hw;
|
||||
+ return source[field].enc.hw;
|
||||
else
|
||||
- return stats[field].enc.sw;
|
||||
+ return source[field].enc.sw;
|
||||
else
|
||||
if (hardware == ALGO_HW)
|
||||
- return stats[field].dec.hw;
|
||||
+ return source[field].dec.hw;
|
||||
else
|
||||
- return stats[field].dec.sw;
|
||||
+ return source[field].dec.sw;
|
||||
}
|
||||
|
||||
-static uint64_t calc_summary(stats_fields_t start, unsigned int num,
|
||||
+static uint64_t calc_summary(stats_entry_t *source,
|
||||
+ stats_fields_t start, unsigned int num,
|
||||
int hardware, int direction)
|
||||
{
|
||||
unsigned int i;
|
||||
uint64_t sum = 0;
|
||||
|
||||
for (i = 0; i < num; i++)
|
||||
- sum += stats_query(start + i, hardware, direction);
|
||||
+ sum += stats_query(source, start + i, hardware, direction);
|
||||
|
||||
return sum;
|
||||
}
|
||||
|
||||
/* Returns the statistic data in a stats_entry_t array
|
||||
+ * @source - source of the statistics data. If NULL, then the global stats
|
||||
+ * are used, which must have been mapped via stats_mmap() before.
|
||||
* @entries - Needs to be a array of size ICA_NUM_STATS.
|
||||
*/
|
||||
-void get_stats_data(stats_entry_t *entries)
|
||||
+void get_stats_data(stats_entry_t *source, stats_entry_t *entries)
|
||||
{
|
||||
unsigned int i;
|
||||
for (i = 0; i < ICA_NUM_STATS; i++) {
|
||||
@@ -168,58 +175,62 @@ void get_stats_data(stats_entry_t *entries)
|
||||
case ICA_STATS_AES_CTR:
|
||||
case ICA_STATS_AES_CMAC:
|
||||
case ICA_STATS_AES_GCM:
|
||||
- entries[i].enc.hw = calc_summary(i + 1, 3,
|
||||
- ALGO_HW, ENCRYPT);
|
||||
- entries[i].enc.sw = calc_summary(i + 1, 3,
|
||||
- ALGO_SW, ENCRYPT);
|
||||
- entries[i].dec.hw = calc_summary(i + 1, 3,
|
||||
- ALGO_HW, DECRYPT);
|
||||
- entries[i].dec.sw = calc_summary(i + 1, 3,
|
||||
- ALGO_SW, DECRYPT);
|
||||
+ entries[i].enc.hw = calc_summary(source, i + 1, 3,
|
||||
+ ALGO_HW, ENCRYPT);
|
||||
+ entries[i].enc.sw = calc_summary(source, i + 1, 3,
|
||||
+ ALGO_SW, ENCRYPT);
|
||||
+ entries[i].dec.hw = calc_summary(source, i + 1, 3,
|
||||
+ ALGO_HW, DECRYPT);
|
||||
+ entries[i].dec.sw = calc_summary(source, i + 1, 3,
|
||||
+ ALGO_SW, DECRYPT);
|
||||
break;
|
||||
|
||||
case ICA_STATS_AES_XTS:
|
||||
- entries[i].enc.hw = calc_summary(i + 1, 2,
|
||||
- ALGO_HW, ENCRYPT);
|
||||
- entries[i].enc.sw = calc_summary(i + 1, 2,
|
||||
- ALGO_SW, ENCRYPT);
|
||||
- entries[i].dec.hw = calc_summary(i + 1, 2,
|
||||
- ALGO_HW, DECRYPT);
|
||||
- entries[i].dec.sw = calc_summary(i + 1, 2,
|
||||
- ALGO_SW, DECRYPT);
|
||||
+ entries[i].enc.hw = calc_summary(source, i + 1, 2,
|
||||
+ ALGO_HW, ENCRYPT);
|
||||
+ entries[i].enc.sw = calc_summary(source, i + 1, 2,
|
||||
+ ALGO_SW, ENCRYPT);
|
||||
+ entries[i].dec.hw = calc_summary(source, i + 1, 2,
|
||||
+ ALGO_HW, DECRYPT);
|
||||
+ entries[i].dec.sw = calc_summary(source, i + 1, 2,
|
||||
+ ALGO_SW, DECRYPT);
|
||||
break;
|
||||
|
||||
case ICA_STATS_RSA_ME:
|
||||
case ICA_STATS_RSA_CRT:
|
||||
- entries[i].enc.hw = calc_summary(i + 1, 4,
|
||||
- ALGO_HW, ENCRYPT);
|
||||
- entries[i].enc.sw = calc_summary(i + 1, 4,
|
||||
- ALGO_SW, ENCRYPT);
|
||||
- entries[i].dec.hw = calc_summary(i + 1, 4,
|
||||
- ALGO_HW, DECRYPT);
|
||||
- entries[i].dec.sw = calc_summary(i + 1, 4,
|
||||
- ALGO_SW, DECRYPT);
|
||||
+ entries[i].enc.hw = calc_summary(source, i + 1, 4,
|
||||
+ ALGO_HW, ENCRYPT);
|
||||
+ entries[i].enc.sw = calc_summary(source, i + 1, 4,
|
||||
+ ALGO_SW, ENCRYPT);
|
||||
+ entries[i].dec.hw = calc_summary(source, i + 1, 4,
|
||||
+ ALGO_HW, DECRYPT);
|
||||
+ entries[i].dec.sw = calc_summary(source, i + 1, 4,
|
||||
+ ALGO_SW, DECRYPT);
|
||||
break;
|
||||
|
||||
case ICA_STATS_ECDH:
|
||||
case ICA_STATS_ECDSA_SIGN:
|
||||
case ICA_STATS_ECDSA_VERIFY:
|
||||
case ICA_STATS_ECKGEN:
|
||||
- entries[i].enc.hw = calc_summary(i + 1, 8,
|
||||
- ALGO_HW, ENCRYPT);
|
||||
- entries[i].enc.sw = calc_summary(i + 1, 8,
|
||||
- ALGO_SW, ENCRYPT);
|
||||
- entries[i].dec.hw = calc_summary(i + 1, 8,
|
||||
- ALGO_HW, DECRYPT);
|
||||
- entries[i].dec.sw = calc_summary(i + 1, 8,
|
||||
- ALGO_SW, DECRYPT);
|
||||
+ entries[i].enc.hw = calc_summary(source, i + 1, 8,
|
||||
+ ALGO_HW, ENCRYPT);
|
||||
+ entries[i].enc.sw = calc_summary(source, i + 1, 8,
|
||||
+ ALGO_SW, ENCRYPT);
|
||||
+ entries[i].dec.hw = calc_summary(source, i + 1, 8,
|
||||
+ ALGO_HW, DECRYPT);
|
||||
+ entries[i].dec.sw = calc_summary(source, i + 1, 8,
|
||||
+ ALGO_SW, DECRYPT);
|
||||
break;
|
||||
|
||||
default:
|
||||
- entries[i].enc.hw = stats_query(i, ALGO_HW, ENCRYPT);
|
||||
- entries[i].enc.sw = stats_query(i, ALGO_SW, ENCRYPT);
|
||||
- entries[i].dec.hw = stats_query(i, ALGO_HW, DECRYPT);
|
||||
- entries[i].dec.sw = stats_query(i, ALGO_SW, DECRYPT);
|
||||
+ entries[i].enc.hw = stats_query(source, i,
|
||||
+ ALGO_HW, ENCRYPT);
|
||||
+ entries[i].enc.sw = stats_query(source, i,
|
||||
+ ALGO_SW, ENCRYPT);
|
||||
+ entries[i].dec.hw = stats_query(source, i,
|
||||
+ ALGO_HW, DECRYPT);
|
||||
+ entries[i].dec.sw = stats_query(source, i,
|
||||
+ ALGO_SW, DECRYPT);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -280,6 +291,7 @@ int get_stats_sum(stats_entry_t *sum)
|
||||
}
|
||||
}
|
||||
closedir(shmDir);
|
||||
+ get_stats_data(sum, sum);
|
||||
return 1;
|
||||
}
|
||||
|
||||
diff --git a/src/include/icastats.h b/src/include/icastats.h
|
||||
index f1d70ba..136ac0f 100644
|
||||
--- a/src/include/icastats.h
|
||||
+++ b/src/include/icastats.h
|
||||
@@ -286,8 +286,9 @@ typedef enum stats_fields {
|
||||
|
||||
int stats_mmap(int user);
|
||||
void stats_munmap(int user, int unlink);
|
||||
-uint64_t stats_query(stats_fields_t field, int hardware, int direction);
|
||||
-void get_stats_data(stats_entry_t *entries);
|
||||
+uint64_t stats_query(stats_entry_t *source, stats_fields_t field,
|
||||
+ int hardware, int direction);
|
||||
+void get_stats_data(stats_entry_t *source, stats_entry_t *entries);
|
||||
void stats_increment(stats_fields_t field, int hardware, int direction);
|
||||
int get_stats_sum(stats_entry_t *sum);
|
||||
char *get_next_usr();
|
||||
--
|
||||
2.40.1
|
||||
|
||||
|
|
@ -0,0 +1,130 @@
|
|||
From 49d619ea05743a3df6b9bf8160aaa0b4306118db Mon Sep 17 00:00:00 2001
|
||||
From: Holger Dengler <dengler@linux.ibm.com>
|
||||
Date: Tue, 16 Apr 2024 14:18:23 +0200
|
||||
Subject: [PATCH 1/2] test: disable CEX usage in OpenSSL for all tests
|
||||
|
||||
OpenSSL supports CEX exploitation since version v3.2.x. Libica and its
|
||||
testcases use OpenSSL as helper and fallback, so disable the CEX
|
||||
acceleration for all tests.
|
||||
|
||||
If the environment variable is already set, use it as is without
|
||||
modifying it. In this case, it is up to the user to choose the right
|
||||
settings.
|
||||
|
||||
Fixes: Issue #126
|
||||
Link: https://github.com/opencryptoki/libica/issues/126
|
||||
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
|
||||
---
|
||||
test/Makefile.am | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/test/Makefile.am b/test/Makefile.am
|
||||
index 76d4f15..e56b256 100644
|
||||
--- a/test/Makefile.am
|
||||
+++ b/test/Makefile.am
|
||||
@@ -61,10 +61,14 @@ TESTS += \
|
||||
${top_builddir}/src/internal_tests/ec_internal_test
|
||||
endif
|
||||
|
||||
+# disable OpenSSL CEX usage for all tests
|
||||
+OPENSSL_s390xcap ?= nocex
|
||||
+
|
||||
TEST_EXTENSIONS = .sh .pl
|
||||
TESTS_ENVIRONMENT = export LD_LIBRARY_PATH=${builddir}/../src/.libs/:$$LD_LIBRARY_PATH \
|
||||
PATH=${builddir}/../src/:$$PATH \
|
||||
- LIBICA_TESTDATA=${srcdir}/testdata/;
|
||||
+ LIBICA_TESTDATA=${srcdir}/testdata/ \
|
||||
+ OPENSSL_s390xcap=${OPENSSL_s390xcap};
|
||||
AM_CFLAGS = @FLAGS@ -DNO_SW_FALLBACKS -I${srcdir}/../include/ -I${srcdir}/../src/include/
|
||||
LDADD = @LIBS@ ${top_builddir}/src/.libs/libica.so -lcrypto -lpthread
|
||||
|
||||
--
|
||||
2.45.1
|
||||
|
||||
|
||||
From d3a7542e7eb45c22066ecb1be62480dde41fd544 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Wed, 24 Apr 2024 10:44:26 +0200
|
||||
Subject: [PATCH 2/2] Bugfix: correct rc handling with s390_pcc function
|
||||
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/include/s390_aes.h | 2 +-
|
||||
src/include/s390_cmac.h | 2 +-
|
||||
src/include/s390_crypto.h | 23 +++++++++++++----------
|
||||
3 files changed, 15 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/src/include/s390_aes.h b/src/include/s390_aes.h
|
||||
index 6252dde..a6ff27b 100644
|
||||
--- a/src/include/s390_aes.h
|
||||
+++ b/src/include/s390_aes.h
|
||||
@@ -674,7 +674,7 @@ static inline int s390_aes_xts_parm(unsigned long function_code,
|
||||
|
||||
memset(&parm_block.keys, 0, key_size);
|
||||
|
||||
- if (rc >= 0) {
|
||||
+ if (rc == 0) {
|
||||
memcpy(xts_parm, parm_block.xts_parameter,
|
||||
sizeof(ica_aes_vector_t));
|
||||
return 0;
|
||||
diff --git a/src/include/s390_cmac.h b/src/include/s390_cmac.h
|
||||
index 76b9cca..f19c069 100644
|
||||
--- a/src/include/s390_cmac.h
|
||||
+++ b/src/include/s390_cmac.h
|
||||
@@ -161,7 +161,7 @@ static inline int s390_cmac_hw(unsigned long fc,
|
||||
/* calculate final block (last/full) */
|
||||
rc = s390_pcc(fc, pb_lookup.base);
|
||||
memset(pb_lookup.keys, 0, key_size);
|
||||
- if (rc < 0)
|
||||
+ if (rc != 0)
|
||||
return EIO;
|
||||
|
||||
_stats_increment(fc, ALGO_HW, ENCRYPT);
|
||||
diff --git a/src/include/s390_crypto.h b/src/include/s390_crypto.h
|
||||
index f34241f..f11eacb 100644
|
||||
--- a/src/include/s390_crypto.h
|
||||
+++ b/src/include/s390_crypto.h
|
||||
@@ -244,27 +244,30 @@ void s390_crypto_switches_init(void);
|
||||
|
||||
/**
|
||||
* s390_pcc:
|
||||
- * @func: the function code passed to KM; see s390_pcc_functions
|
||||
+ * @func: the function code passed to PCC; see s390_pcc_functions
|
||||
* @param: address of parameter block; see POP for details on each func
|
||||
*
|
||||
* Executes the PCC operation of the CPU.
|
||||
*
|
||||
- * Returns -1 for failure, 0 for the query func, number of processed
|
||||
- * bytes for encryption/decryption funcs
|
||||
+ * Returns condition code of the PCC instruction
|
||||
*/
|
||||
static inline int s390_pcc(unsigned long func, void *param)
|
||||
{
|
||||
register unsigned long r0 asm("0") = (unsigned long)func;
|
||||
register unsigned long r1 asm("1") = (unsigned long)param;
|
||||
+ char cc;
|
||||
|
||||
- asm volatile (
|
||||
- "0: .long %[opc] << 16\n"
|
||||
- " brc 1,0b\n"
|
||||
- :
|
||||
- : [fc] "d" (r0), [param] "a" (r1), [opc] "i" (0xb92c)
|
||||
- : "cc", "memory");
|
||||
+ asm volatile(
|
||||
+ "0: .insn rre,%[opc] << 16,0,0\n" /* PCC opcode */
|
||||
+ " brc 1,0b\n" /* handle partial completion */
|
||||
+ " ipm %[cc]\n"
|
||||
+ " srl %[cc],28\n"
|
||||
+ : [cc] "=d" (cc)
|
||||
+ : [func] "d" (r0), [param] "a" (r1), [opc] "i" (0xb92c)
|
||||
+ : "cc", "memory"
|
||||
+ );
|
||||
|
||||
- return 0;
|
||||
+ return cc;
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.45.1
|
||||
|
||||
18
libica.spec
18
libica.spec
|
|
@ -2,8 +2,8 @@
|
|||
|
||||
Summary: Library for accessing ICA hardware crypto on IBM z Systems
|
||||
Name: libica
|
||||
Version: 4.2.2
|
||||
Release: 2%{?dist}
|
||||
Version: 4.3.0
|
||||
Release: 1%{?dist}
|
||||
License: CPL
|
||||
URL: https://github.com/opencryptoki/
|
||||
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
|
|
@ -11,9 +11,8 @@ Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{v
|
|||
# https://bugzilla.redhat.com/show_bug.cgi?id=1630582
|
||||
# https://github.com/opencryptoki/libica/pull/24
|
||||
Patch0: %{name}-4.0.0-annotate.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2223698
|
||||
# https://github.com/opencryptoki/libica/commit/f09f1d0b48f3bf541f1300716fa5bdbbbe80a4a1
|
||||
Patch1: %{name}-4.2.2-icastats-summary.patch
|
||||
# post GA fixes
|
||||
Patch1: %{name}-%{version}-fixes.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: openssl
|
||||
|
|
@ -110,6 +109,15 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon May 27 2024 Dan Horák <dhorak@redhat.com> - 4.3.0-1
|
||||
- updated to 4.3.0 (RHEL-23703)
|
||||
- Resolves: RHEL-23703
|
||||
|
||||
* Fri Oct 27 2023 Dan Horák <dhorak@redhat.com> - 4.2.3-1
|
||||
- updated to 4.2.3 (RHEL-11415)
|
||||
- fix selfcheck in FIPS mode (RHEL-9918)
|
||||
- Resolves: RHEL-11415 RHEL-9918
|
||||
|
||||
* Wed Jul 19 2023 Dan Horák <dhorak@redhat.com> - 4.2.2-2
|
||||
- icastats: Fix summary option (#2223698)
|
||||
- Resolves: #2223698
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
SHA512 (libica-4.2.2.tar.gz) = 29dfe7b68017135867ebae162c2e0584711036b35611efe255c372497cfe69234ff8a7e9aa669ac467853423b7d700e690dd7cd340ab7c8d6119ea13729ff079
|
||||
SHA512 (libica-4.3.0.tar.gz) = 0952e0c7005756faf90cccf824cf5d3c22a45076008edb0622030ca148dbacb8752e6ece5b22b06b877ca7038ecca3e1c26ab66bc19328ed36784320ec27071d
|
||||
|
|
|
|||
Loading…
Reference in New Issue