rpms/openssl-ibmca
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- updated to 1.3.1 and OpenSSL 1.1

Browse Source
This commit is contained in:
Dan Horák 2017-03-08 15:58:49 +01:00
parent 61bdb3cff6
commit 3f72715d32
9 changed files with 373 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
openssl-ibmca-1.1.tar.gz
/openssl-ibmca-1.2.0.tar.gz
/openssl-ibmca-1.3.1.tar.gz

12
openssl-ibmca-1.2.0-libica-soname.patch
View File

@ -1,12 +0,0 @@
diff -up openssl-ibmca-1.2.0/e_ibmca.c.libica-soname openssl-ibmca-1.2.0/e_ibmca.c
--- openssl-ibmca-1.2.0/e_ibmca.c.libica-soname 2011-05-02 19:50:50.000000000 +0200
+++ openssl-ibmca-1.2.0/e_ibmca.c 2011-05-04 20:57:50.000000000 +0200
@@ -114,7 +114,7 @@ typedef struct ibmca_sha256_ctx {
} IBMCA_SHA256_CTX;
#endif
-static const char *IBMCA_LIBNAME = "ica";
+static const char *IBMCA_LIBNAME = "ica-2.0";
#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
#define NID_aes_128_cfb NID_aes_128_cfb128

68
openssl-ibmca-1.2.0-ofb.patch
View File

@ -1,68 +0,0 @@
commit 83b8ed7b25c809fa36ec86d7041a6350dc516606
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
Date: Wed Mar 19 15:57:10 2014 -0500
openssl-ibmca: openssl speed -engine ibmca -evp des-ede3-ofb segfaults
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
diff --git a/e_ibmca.c b/e_ibmca.c
index b1ad975..0acbe5f 100644
--- a/e_ibmca.c
+++ b/e_ibmca.c
@@ -883,8 +883,7 @@ typedef unsigned int (*ica_sha256_t)(unsigned int, unsigned int, unsigned char *
sha256_context_t *, unsigned char *);
typedef unsigned int (*ica_des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
- unsigned int key_length, unsigned char *iv,
- unsigned int direction);
+ unsigned char *iv, unsigned int direction);
typedef unsigned int (*ica_des_cfb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
unsigned char *iv, unsigned int lcfb,
@@ -894,8 +893,7 @@ typedef unsigned int (*ica_3des_cfb_t)(const unsigned char *, unsigned char *,
unsigned int, unsigned int);
typedef unsigned int (*ica_3des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
- unsigned int key_length, unsigned char *iv,
- unsigned int direction);
+ unsigned char *iv, unsigned int direction);
typedef unsigned int (*ica_aes_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
unsigned int key_length, unsigned char *iv,
@@ -1197,7 +1195,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
8, ICA_ENCRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
ICA_ENCRYPT);
} else {
rv = p_ica_des_encrypt(mode, len, (unsigned char *)in,
@@ -1223,7 +1221,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
8, ICA_DECRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
ICA_DECRYPT);
} else {
/* Protect against decrypt in place */
@@ -1279,7 +1277,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
ctx->iv, 8, ICA_ENCRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
- 8, ctx->iv, ICA_ENCRYPT);
+ ctx->iv, ICA_ENCRYPT);
} else {
rv = p_ica_3des_encrypt(mode, len, (unsigned char *)in,
(ica_des_vector_t *) ctx->iv,
@@ -1305,7 +1303,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
ctx->iv, 8, ICA_DECRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
- 8, ctx->iv, ICA_DECRYPT);
+ ctx->iv, ICA_DECRYPT);
} else {
/* Protect against decrypt in place */
/* FIXME: Again, check if EVP_CIPHER_CTX_iv_length() should be used */

21
openssl-ibmca-1.2.0-sha256-length.patch
View File

@ -1,21 +0,0 @@
commit f204aca935dfe45b736e9fb8f822c9e79ec9747c
Author: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Date: Fri Mar 7 10:35:33 2014 +0100
SHA256: Fixed message digest length definition in sha256 template
Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
diff --git a/e_ibmca.c b/e_ibmca.c
index 94c44a4..f3fad35 100644
--- a/e_ibmca.c
+++ b/e_ibmca.c
@@ -727,7 +727,7 @@ static const EVP_MD ibmca_sha1 = {
static const EVP_MD ibmca_sha256 = {
NID_sha256,
NID_sha256WithRSAEncryption,
- SHA_HASH_LENGTH,
+ SHA256_HASH_LENGTH,
0,
ibmca_sha256_init,
ibmca_sha256_update,

31
openssl-ibmca-1.2.0-signature-flag.patch
View File

@ -1,31 +0,0 @@
commit 6cdca2c3d655ef19d022fb3d8bcbf63491b79db2
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
Date: Wed Mar 19 12:50:14 2014 -0500
Add flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE to EVP_MD so that signing method
comes from key type.
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
diff --git a/e_ibmca.c b/e_ibmca.c
index f3fad35..9353470 100644
--- a/e_ibmca.c
+++ b/e_ibmca.c
@@ -711,7 +711,7 @@ static const EVP_MD ibmca_sha1 = {
NID_sha1,
NID_sha1WithRSAEncryption,
SHA_HASH_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
ibmca_sha1_init,
ibmca_sha1_update,
ibmca_sha1_final,
@@ -728,7 +728,7 @@ static const EVP_MD ibmca_sha256 = {
NID_sha256,
NID_sha256WithRSAEncryption,
SHA256_HASH_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
ibmca_sha256_init,
ibmca_sha256_update,
ibmca_sha256_final,

21
openssl-ibmca-1.3.0-libica-soname.patch Normal file
View File

@ -0,0 +1,21 @@
diff -up openssl-ibmca-1.3.0/src/e_ibmca.c.libica-soname openssl-ibmca-1.3.0/src/e_ibmca.c
--- openssl-ibmca-1.3.0/src/e_ibmca.c.libica-soname 2015-12-01 03:33:52.000000000 +0000
+++ openssl-ibmca-1.3.0/src/e_ibmca.c 2017-02-13 20:25:03.122555936 +0000
@@ -127,7 +127,7 @@ typedef struct ibmca_sha512_ctx {
} IBMCA_SHA512_CTX;
#endif
-static const char *LIBICA_NAME = "ica";
+static const char *LIBICA_NAME = "libica.so.3";
#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
#define NID_aes_128_cfb NID_aes_128_cfb128
@@ -1281,7 +1281,7 @@ static int ibmca_init(ENGINE * e)
/* WJH XXX check name translation */
ibmca_dso = DSO_load(NULL, LIBICA_NAME, NULL,
- /* DSO_FLAG_NAME_TRANSLATION */ 0);
+ /* DSO_FLAG_NO_NAME_TRANSLATION */ 1);
if (ibmca_dso == NULL) {
IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE);
goto err;

327
openssl-ibmca-1.3.1-openssl11.patch Normal file
View File

@ -0,0 +1,327 @@
From 170352452f0a1addb78879dea34a3069314fcda0 Mon Sep 17 00:00:00 2001
From: Paulo Vital <pvital@linux.vnet.ibm.com>
Date: Tue, 7 Mar 2017 16:22:41 -0300
Subject: [PATCH] Add support to DSO on new API of OpenSSL-1.1.0
DSO is opaque in OpenSSL-1.1.0 and had to modify includes and
data structure usage to use it.
On OpenSSL-1.1.0e (or newer), warning messages during compilation
time can be printed, but they are resolved during link time.
Signed-off-by: Paulo Vital <pvital@linux.vnet.ibm.com>
---
src/e_ibmca.c | 73 +++++++++++++++++++++++++++++++----------------------------
1 file changed, 39 insertions(+), 34 deletions(-)
diff --git a/src/e_ibmca.c b/src/e_ibmca.c
index a78fb72..57452b1 100644
--- a/src/e_ibmca.c
+++ b/src/e_ibmca.c
@@ -66,7 +66,6 @@
#include <dirent.h>
#include <openssl/crypto.h>
#include "cryptlib.h"
-#include <openssl/dso.h>
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -84,6 +83,12 @@
#include <ica_api.h>
#include "e_ibmca_err.h"
+#ifdef OLDER_OPENSSL
+#include <openssl/dso.h>
+#else
+typedef struct dso_st DSO;
+#endif
+
#define IBMCA_LIB_NAME "ibmca engine"
#define AP_PATH "/sys/devices/ap"
@@ -1760,7 +1765,7 @@ static int ibmca_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
/*
* ENGINE calls this to find out how to deal with
- * a particular NID in the ENGINE.
+ * a particular NID in the ENGINE.
*/
static int ibmca_engine_ciphers(ENGINE * e, const EVP_CIPHER ** cipher,
const int **nids, int nid)
@@ -1829,7 +1834,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
mode = MODE_CBC;
} else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) &&
(EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) {
- IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER,
IBMCA_R_CIPHER_MODE_NOT_SUPPORTED);
return 0;
}
@@ -1866,7 +1871,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
}
if (rv) {
- IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER,
IBMCA_R_REQUEST_FAILED);
return 0;
} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -1914,7 +1919,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
}
if (rv) {
- IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER,
IBMCA_R_REQUEST_FAILED);
return 0;
} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -1955,7 +1960,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
mode = MODE_CBC;
} else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) &&
(EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) {
- IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER,
IBMCA_R_CIPHER_MODE_NOT_SUPPORTED);
return 0;
}
@@ -1992,7 +1997,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
}
if (rv) {
- IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER,
IBMCA_R_REQUEST_FAILED);
return 0;
} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2040,7 +2045,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
}
if (rv) {
- IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER,
IBMCA_R_REQUEST_FAILED);
return 0;
} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2082,7 +2087,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
mode = MODE_CBC;
} else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) &&
(EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) {
- IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER,
IBMCA_R_CIPHER_MODE_NOT_SUPPORTED);
return 0;
}
@@ -2123,7 +2128,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
}
if (rv) {
- IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER,
IBMCA_R_REQUEST_FAILED);
return 0;
} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2175,7 +2180,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
}
if (rv) {
- IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER,
IBMCA_R_REQUEST_FAILED);
return 0;
} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2217,7 +2222,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
mode = MODE_CBC;
} else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) &&
(EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) {
- IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER,
IBMCA_R_CIPHER_MODE_NOT_SUPPORTED);
return 0;
}
@@ -2257,7 +2262,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
}
if (rv) {
- IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER,
IBMCA_R_REQUEST_FAILED);
return 0;
} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2306,7 +2311,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
}
if (rv) {
- IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER,
IBMCA_R_REQUEST_FAILED);
return 0;
} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2347,7 +2352,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
mode = MODE_CBC;
} else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) &&
(EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) {
- IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER,
IBMCA_R_CIPHER_MODE_NOT_SUPPORTED);
return 0;
}
@@ -2387,7 +2392,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
}
if (rv) {
- IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER,
IBMCA_R_REQUEST_FAILED);
return 0;
} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2436,7 +2441,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
}
if (rv) {
- IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER,
+ IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER,
IBMCA_R_REQUEST_FAILED);
return 0;
} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2538,7 +2543,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data,
&ibmca_sha_ctx->c,
tmp_hash)) {
- IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE,
+ IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE,
IBMCA_R_REQUEST_FAILED);
return 0;
}
@@ -2577,7 +2582,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data,
&ibmca_sha_ctx->c,
tmp_hash)) {
- IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE,
+ IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE,
IBMCA_R_REQUEST_FAILED);
return 0;
}
@@ -2589,8 +2594,8 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data,
return 1;
}
- /*
- * We had to use some of the data from in_data to
+ /*
+ * We had to use some of the data from in_data to
* fill out the empty part of save data, so adjust
* in_data_len
*/
@@ -2599,7 +2604,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data,
ibmca_sha_ctx->tail_len = in_data_len & 0x3f;
if(ibmca_sha_ctx->tail_len) {
in_data_len &= ~0x3f;
- memcpy(ibmca_sha_ctx->tail,
+ memcpy(ibmca_sha_ctx->tail,
in_data + fill_size +in_data_len,
ibmca_sha_ctx->tail_len);
}
@@ -2618,7 +2623,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data,
}
/* If the data passed in was <64 bytes, in_data_len will be 0 */
- if( in_data_len &&
+ if( in_data_len &&
p_ica_sha1(message_part,
(unsigned int)in_data_len, (unsigned char *)(in_data + fill_size),
&ibmca_sha_ctx->c,
@@ -2674,7 +2679,7 @@ static int ibmca_sha256_init(EVP_MD_CTX *ctx)
#endif
memset((unsigned char *)ibmca_sha256_ctx, 0, sizeof(*ibmca_sha256_ctx));
return 1;
-} // end ibmca_sha256_init
+} // end ibmca_sha256_init
static int
ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
@@ -2691,7 +2696,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
if (in_data_len == 0)
return 1;
- if (ibmca_sha256_ctx->c.runningLength == 0
+ if (ibmca_sha256_ctx->c.runningLength == 0
&& ibmca_sha256_ctx->tail_len == 0) {
message_part = SHA_MSG_PART_FIRST;
@@ -2711,7 +2716,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
fill_size = SHA256_BLOCK_SIZE - ibmca_sha256_ctx->tail_len;
if (fill_size < in_data_len) {
- memcpy(ibmca_sha256_ctx->tail
+ memcpy(ibmca_sha256_ctx->tail
+ ibmca_sha256_ctx->tail_len, in_data,
fill_size);
@@ -2721,7 +2726,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
ibmca_sha256_ctx->tail,
&ibmca_sha256_ctx->c,
tmp_hash)) {
- IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE,
+ IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE,
IBMCA_R_REQUEST_FAILED);
return 0;
}
@@ -2749,7 +2754,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
if (ibmca_sha256_ctx->tail_len) {
fill_size = SHA256_BLOCK_SIZE - ibmca_sha256_ctx->tail_len;
if (fill_size < in_data_len) {
- memcpy(ibmca_sha256_ctx->tail
+ memcpy(ibmca_sha256_ctx->tail
+ ibmca_sha256_ctx->tail_len, in_data,
fill_size);
@@ -2759,7 +2764,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
ibmca_sha256_ctx->tail,
&ibmca_sha256_ctx->c,
tmp_hash)) {
- IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE,
+ IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE,
IBMCA_R_REQUEST_FAILED);
return 0;
}
@@ -2771,8 +2776,8 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
return 1;
}
- /*
- * We had to use some of the data from in_data to
+ /*
+ * We had to use some of the data from in_data to
* fill out the empty part of save data, so adjust
* in_data_len
*/
@@ -2781,7 +2786,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
ibmca_sha256_ctx->tail_len = in_data_len & 0x3f;
if (ibmca_sha256_ctx->tail_len) {
in_data_len &= ~0x3f;
- memcpy(ibmca_sha256_ctx->tail,
+ memcpy(ibmca_sha256_ctx->tail,
in_data + fill_size + in_data_len,
ibmca_sha256_ctx->tail_len);
}
@@ -2801,7 +2806,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
}
/* If the data passed in was <64 bytes, in_data_len will be 0 */
- if (in_data_len &&
+ if (in_data_len &&
p_ica_sha256(message_part,
(unsigned int)in_data_len, (unsigned char *)(in_data + fill_size),
&ibmca_sha256_ctx->c,
@@ -2811,7 +2816,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
}
return 1;
-} // end ibmca_sha256_update
+} // end ibmca_sha256_update
static int ibmca_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
{
--
2.12.0

42
openssl-ibmca.spec
View File

@ -1,24 +1,23 @@
Summary: A dynamic OpenSSL engine for IBMCA
Name: openssl-ibmca
Version: 1.2.0
Release: 13%{?dist}
Version: 1.3.1
Release: 1%{?dist}
License: OpenSSL
Group: System Environment/Libraries
URL: http://sourceforge.net/projects/opencryptoki
Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-%{version}.tar.gz
# https://bugzilla.redhat.com/show_bug.cgi?id=584765
Patch0: openssl-ibmca-1.2.0-libica-soname.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=749638
Patch1: openssl-ibmca-1.2.0-ofb.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1074976
Patch2: openssl-ibmca-1.2.0-sha256-length.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1075474
Patch3: openssl-ibmca-1.2.0-signature-flag.patch
Requires: libica >= 2.1.0
BuildRequires: libica-devel >= 2.1.0
Patch0: openssl-ibmca-1.3.0-libica-soname.patch
# fix build with OpenSSL 1.1
# https://sourceforge.net/p/opencryptoki/ibmca/ci/170352452f0a1addb78879dea34a3069314fcda0/
Patch1: openssl-ibmca-1.3.1-openssl11.patch
Requires: libica >= 3.0.0
BuildRequires: libica-devel >= 3.0.0
BuildRequires: automake libtool
ExclusiveArch: s390 s390x
%global enginesdir %{_libdir}/engines-1.1
%description
A dynamic OpenSSL engine for IBMCA crypto hardware on IBM zSeries machines.
@ -26,9 +25,7 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM zSeries machines.
%prep
%setup -q
%patch0 -p1 -b .libica-soname
%patch1 -p1 -b .ofb
%patch2 -p1 -b .1074976
%patch3 -p1 -b .1075474
%patch1 -p1 -b .openssl11
sh ./bootstrap.sh
@ -42,17 +39,24 @@ make %{?_smp_mflags}
make install DESTDIR=$RPM_BUILD_ROOT
rm -f $RPM_BUILD_ROOT%{_libdir}/libibmca.la
mkdir -p $RPM_BUILD_ROOT%{_libdir}/openssl/engines
mv $RPM_BUILD_ROOT%{_libdir}/*.so $RPM_BUILD_ROOT%{_libdir}/openssl/engines
mv openssl.cnf.sample openssl.cnf.sample.%{_arch}
mkdir -p $RPM_BUILD_ROOT%{enginesdir}
mv $RPM_BUILD_ROOT%{_libdir}/*.so $RPM_BUILD_ROOT%{enginesdir}
pushd src
sed -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample > openssl.cnf.sample.%{_arch}
popd
%files
%doc README openssl.cnf.sample.%{_arch}
%{_libdir}/openssl/engines/libibmca.so
%doc INSTALL README src/openssl.cnf.sample.%{_arch}
%{enginesdir}/libibmca.so
%{_mandir}/man5/ibmca.5*
%changelog
* Wed Mar 08 2017 Dan Horák <dan@danny.cz> - 1.3.1-1
- updated to 1.3.1 and OpenSSL 1.1
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
df14df18d276ab3106dffb8b7623896a openssl-ibmca-1.2.0.tar.gz
SHA512 (openssl-ibmca-1.3.1.tar.gz) = 9c2049b88676a94c292821ea84cf67d41e0fe242fc1822848315564089527b217a270b740239925785215120269f262f8d1fd8c86ef6db1df2c2f26db0db71c0