diff --git a/.gitignore b/.gitignore index 167aec7..2b78788 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ openssl-ibmca-1.1.tar.gz /openssl-ibmca-1.2.0.tar.gz +/openssl-ibmca-1.3.1.tar.gz diff --git a/openssl-ibmca-1.2.0-libica-soname.patch b/openssl-ibmca-1.2.0-libica-soname.patch deleted file mode 100644 index ca68567..0000000 --- a/openssl-ibmca-1.2.0-libica-soname.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-ibmca-1.2.0/e_ibmca.c.libica-soname openssl-ibmca-1.2.0/e_ibmca.c ---- openssl-ibmca-1.2.0/e_ibmca.c.libica-soname 2011-05-02 19:50:50.000000000 +0200 -+++ openssl-ibmca-1.2.0/e_ibmca.c 2011-05-04 20:57:50.000000000 +0200 -@@ -114,7 +114,7 @@ typedef struct ibmca_sha256_ctx { - } IBMCA_SHA256_CTX; - #endif - --static const char *IBMCA_LIBNAME = "ica"; -+static const char *IBMCA_LIBNAME = "ica-2.0"; - - #if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) - #define NID_aes_128_cfb NID_aes_128_cfb128 diff --git a/openssl-ibmca-1.2.0-ofb.patch b/openssl-ibmca-1.2.0-ofb.patch deleted file mode 100644 index 5093947..0000000 --- a/openssl-ibmca-1.2.0-ofb.patch +++ /dev/null @@ -1,68 +0,0 @@ -commit 83b8ed7b25c809fa36ec86d7041a6350dc516606 -Author: Joy Latten -Date: Wed Mar 19 15:57:10 2014 -0500 - - openssl-ibmca: openssl speed -engine ibmca -evp des-ede3-ofb segfaults - - Signed-off-by: Joy Latten - -diff --git a/e_ibmca.c b/e_ibmca.c -index b1ad975..0acbe5f 100644 ---- a/e_ibmca.c -+++ b/e_ibmca.c -@@ -883,8 +883,7 @@ typedef unsigned int (*ica_sha256_t)(unsigned int, unsigned int, unsigned char * - sha256_context_t *, unsigned char *); - typedef unsigned int (*ica_des_ofb_t)(const unsigned char *in_data, unsigned char *out_data, - unsigned long data_length, const unsigned char *key, -- unsigned int key_length, unsigned char *iv, -- unsigned int direction); -+ unsigned char *iv, unsigned int direction); - typedef unsigned int (*ica_des_cfb_t)(const unsigned char *in_data, unsigned char *out_data, - unsigned long data_length, const unsigned char *key, - unsigned char *iv, unsigned int lcfb, -@@ -894,8 +893,7 @@ typedef unsigned int (*ica_3des_cfb_t)(const unsigned char *, unsigned char *, - unsigned int, unsigned int); - typedef unsigned int (*ica_3des_ofb_t)(const unsigned char *in_data, unsigned char *out_data, - unsigned long data_length, const unsigned char *key, -- unsigned int key_length, unsigned char *iv, -- unsigned int direction); -+ unsigned char *iv, unsigned int direction); - typedef unsigned int (*ica_aes_ofb_t)(const unsigned char *in_data, unsigned char *out_data, - unsigned long data_length, const unsigned char *key, - unsigned int key_length, unsigned char *iv, -@@ -1197,7 +1195,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv, - 8, ICA_ENCRYPT); - } else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) { -- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv, -+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv, - ICA_ENCRYPT); - } else { - rv = p_ica_des_encrypt(mode, len, (unsigned char *)in, -@@ -1223,7 +1221,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv, - 8, ICA_DECRYPT); - } else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) { -- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv, -+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv, - ICA_DECRYPT); - } else { - /* Protect against decrypt in place */ -@@ -1279,7 +1277,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - ctx->iv, 8, ICA_ENCRYPT); - } else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) { - rv = p_ica_3des_ofb(in, out, len, pCtx->key, -- 8, ctx->iv, ICA_ENCRYPT); -+ ctx->iv, ICA_ENCRYPT); - } else { - rv = p_ica_3des_encrypt(mode, len, (unsigned char *)in, - (ica_des_vector_t *) ctx->iv, -@@ -1305,7 +1303,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - ctx->iv, 8, ICA_DECRYPT); - } else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) { - rv = p_ica_3des_ofb(in, out, len, pCtx->key, -- 8, ctx->iv, ICA_DECRYPT); -+ ctx->iv, ICA_DECRYPT); - } else { - /* Protect against decrypt in place */ - /* FIXME: Again, check if EVP_CIPHER_CTX_iv_length() should be used */ diff --git a/openssl-ibmca-1.2.0-sha256-length.patch b/openssl-ibmca-1.2.0-sha256-length.patch deleted file mode 100644 index 9c52e60..0000000 --- a/openssl-ibmca-1.2.0-sha256-length.patch +++ /dev/null @@ -1,21 +0,0 @@ -commit f204aca935dfe45b736e9fb8f822c9e79ec9747c -Author: Ingo Tuchscherer -Date: Fri Mar 7 10:35:33 2014 +0100 - - SHA256: Fixed message digest length definition in sha256 template - - Signed-off-by: Ingo Tuchscherer - -diff --git a/e_ibmca.c b/e_ibmca.c -index 94c44a4..f3fad35 100644 ---- a/e_ibmca.c -+++ b/e_ibmca.c -@@ -727,7 +727,7 @@ static const EVP_MD ibmca_sha1 = { - static const EVP_MD ibmca_sha256 = { - NID_sha256, - NID_sha256WithRSAEncryption, -- SHA_HASH_LENGTH, -+ SHA256_HASH_LENGTH, - 0, - ibmca_sha256_init, - ibmca_sha256_update, diff --git a/openssl-ibmca-1.2.0-signature-flag.patch b/openssl-ibmca-1.2.0-signature-flag.patch deleted file mode 100644 index 43cc1be..0000000 --- a/openssl-ibmca-1.2.0-signature-flag.patch +++ /dev/null @@ -1,31 +0,0 @@ -commit 6cdca2c3d655ef19d022fb3d8bcbf63491b79db2 -Author: Joy Latten -Date: Wed Mar 19 12:50:14 2014 -0500 - - Add flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE to EVP_MD so that signing method - comes from key type. - - Signed-off-by: Joy Latten - -diff --git a/e_ibmca.c b/e_ibmca.c -index f3fad35..9353470 100644 ---- a/e_ibmca.c -+++ b/e_ibmca.c -@@ -711,7 +711,7 @@ static const EVP_MD ibmca_sha1 = { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_HASH_LENGTH, -- 0, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, - ibmca_sha1_init, - ibmca_sha1_update, - ibmca_sha1_final, -@@ -728,7 +728,7 @@ static const EVP_MD ibmca_sha256 = { - NID_sha256, - NID_sha256WithRSAEncryption, - SHA256_HASH_LENGTH, -- 0, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, - ibmca_sha256_init, - ibmca_sha256_update, - ibmca_sha256_final, diff --git a/openssl-ibmca-1.3.0-libica-soname.patch b/openssl-ibmca-1.3.0-libica-soname.patch new file mode 100644 index 0000000..f5b6c27 --- /dev/null +++ b/openssl-ibmca-1.3.0-libica-soname.patch @@ -0,0 +1,21 @@ +diff -up openssl-ibmca-1.3.0/src/e_ibmca.c.libica-soname openssl-ibmca-1.3.0/src/e_ibmca.c +--- openssl-ibmca-1.3.0/src/e_ibmca.c.libica-soname 2015-12-01 03:33:52.000000000 +0000 ++++ openssl-ibmca-1.3.0/src/e_ibmca.c 2017-02-13 20:25:03.122555936 +0000 +@@ -127,7 +127,7 @@ typedef struct ibmca_sha512_ctx { + } IBMCA_SHA512_CTX; + #endif + +-static const char *LIBICA_NAME = "ica"; ++static const char *LIBICA_NAME = "libica.so.3"; + + #if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) + #define NID_aes_128_cfb NID_aes_128_cfb128 +@@ -1281,7 +1281,7 @@ static int ibmca_init(ENGINE * e) + /* WJH XXX check name translation */ + + ibmca_dso = DSO_load(NULL, LIBICA_NAME, NULL, +- /* DSO_FLAG_NAME_TRANSLATION */ 0); ++ /* DSO_FLAG_NO_NAME_TRANSLATION */ 1); + if (ibmca_dso == NULL) { + IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE); + goto err; diff --git a/openssl-ibmca-1.3.1-openssl11.patch b/openssl-ibmca-1.3.1-openssl11.patch new file mode 100644 index 0000000..2b78772 --- /dev/null +++ b/openssl-ibmca-1.3.1-openssl11.patch @@ -0,0 +1,327 @@ +From 170352452f0a1addb78879dea34a3069314fcda0 Mon Sep 17 00:00:00 2001 +From: Paulo Vital +Date: Tue, 7 Mar 2017 16:22:41 -0300 +Subject: [PATCH] Add support to DSO on new API of OpenSSL-1.1.0 + +DSO is opaque in OpenSSL-1.1.0 and had to modify includes and +data structure usage to use it. + +On OpenSSL-1.1.0e (or newer), warning messages during compilation +time can be printed, but they are resolved during link time. + +Signed-off-by: Paulo Vital +--- + src/e_ibmca.c | 73 +++++++++++++++++++++++++++++++---------------------------- + 1 file changed, 39 insertions(+), 34 deletions(-) + +diff --git a/src/e_ibmca.c b/src/e_ibmca.c +index a78fb72..57452b1 100644 +--- a/src/e_ibmca.c ++++ b/src/e_ibmca.c +@@ -66,7 +66,6 @@ + #include + #include + #include "cryptlib.h" +-#include + #include + #include + #include +@@ -84,6 +83,12 @@ + #include + #include "e_ibmca_err.h" + ++#ifdef OLDER_OPENSSL ++#include ++#else ++typedef struct dso_st DSO; ++#endif ++ + #define IBMCA_LIB_NAME "ibmca engine" + + #define AP_PATH "/sys/devices/ap" +@@ -1760,7 +1765,7 @@ static int ibmca_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ()) + + /* + * ENGINE calls this to find out how to deal with +- * a particular NID in the ENGINE. ++ * a particular NID in the ENGINE. + */ + static int ibmca_engine_ciphers(ENGINE * e, const EVP_CIPHER ** cipher, + const int **nids, int nid) +@@ -1829,7 +1834,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + mode = MODE_CBC; + } else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) && + (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) { +- IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, + IBMCA_R_CIPHER_MODE_NOT_SUPPORTED); + return 0; + } +@@ -1866,7 +1871,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + } + + if (rv) { +- IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, + IBMCA_R_REQUEST_FAILED); + return 0; + } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { +@@ -1914,7 +1919,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + } + + if (rv) { +- IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, + IBMCA_R_REQUEST_FAILED); + return 0; + } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { +@@ -1955,7 +1960,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + mode = MODE_CBC; + } else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) && + (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) { +- IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, + IBMCA_R_CIPHER_MODE_NOT_SUPPORTED); + return 0; + } +@@ -1992,7 +1997,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + } + + if (rv) { +- IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, + IBMCA_R_REQUEST_FAILED); + return 0; + } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { +@@ -2040,7 +2045,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + } + + if (rv) { +- IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, + IBMCA_R_REQUEST_FAILED); + return 0; + } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { +@@ -2082,7 +2087,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + mode = MODE_CBC; + } else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) && + (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) { +- IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, + IBMCA_R_CIPHER_MODE_NOT_SUPPORTED); + return 0; + } +@@ -2123,7 +2128,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + } + + if (rv) { +- IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, + IBMCA_R_REQUEST_FAILED); + return 0; + } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { +@@ -2175,7 +2180,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + } + + if (rv) { +- IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, + IBMCA_R_REQUEST_FAILED); + return 0; + } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { +@@ -2217,7 +2222,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + mode = MODE_CBC; + } else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) && + (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) { +- IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, + IBMCA_R_CIPHER_MODE_NOT_SUPPORTED); + return 0; + } +@@ -2257,7 +2262,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + } + + if (rv) { +- IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, + IBMCA_R_REQUEST_FAILED); + return 0; + } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { +@@ -2306,7 +2311,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + } + + if (rv) { +- IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, + IBMCA_R_REQUEST_FAILED); + return 0; + } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { +@@ -2347,7 +2352,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + mode = MODE_CBC; + } else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) && + (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) { +- IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, + IBMCA_R_CIPHER_MODE_NOT_SUPPORTED); + return 0; + } +@@ -2387,7 +2392,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + } + + if (rv) { +- IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, + IBMCA_R_REQUEST_FAILED); + return 0; + } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { +@@ -2436,7 +2441,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + } + + if (rv) { +- IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, ++ IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, + IBMCA_R_REQUEST_FAILED); + return 0; + } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { +@@ -2538,7 +2543,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data, + &ibmca_sha_ctx->c, + tmp_hash)) { + +- IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE, ++ IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE, + IBMCA_R_REQUEST_FAILED); + return 0; + } +@@ -2577,7 +2582,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data, + &ibmca_sha_ctx->c, + tmp_hash)) { + +- IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE, ++ IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE, + IBMCA_R_REQUEST_FAILED); + return 0; + } +@@ -2589,8 +2594,8 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data, + return 1; + } + +- /* +- * We had to use some of the data from in_data to ++ /* ++ * We had to use some of the data from in_data to + * fill out the empty part of save data, so adjust + * in_data_len + */ +@@ -2599,7 +2604,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data, + ibmca_sha_ctx->tail_len = in_data_len & 0x3f; + if(ibmca_sha_ctx->tail_len) { + in_data_len &= ~0x3f; +- memcpy(ibmca_sha_ctx->tail, ++ memcpy(ibmca_sha_ctx->tail, + in_data + fill_size +in_data_len, + ibmca_sha_ctx->tail_len); + } +@@ -2618,7 +2623,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data, + } + + /* If the data passed in was <64 bytes, in_data_len will be 0 */ +- if( in_data_len && ++ if( in_data_len && + p_ica_sha1(message_part, + (unsigned int)in_data_len, (unsigned char *)(in_data + fill_size), + &ibmca_sha_ctx->c, +@@ -2674,7 +2679,7 @@ static int ibmca_sha256_init(EVP_MD_CTX *ctx) + #endif + memset((unsigned char *)ibmca_sha256_ctx, 0, sizeof(*ibmca_sha256_ctx)); + return 1; +-} // end ibmca_sha256_init ++} // end ibmca_sha256_init + + static int + ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) +@@ -2691,7 +2696,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) + if (in_data_len == 0) + return 1; + +- if (ibmca_sha256_ctx->c.runningLength == 0 ++ if (ibmca_sha256_ctx->c.runningLength == 0 + && ibmca_sha256_ctx->tail_len == 0) { + message_part = SHA_MSG_PART_FIRST; + +@@ -2711,7 +2716,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) + + fill_size = SHA256_BLOCK_SIZE - ibmca_sha256_ctx->tail_len; + if (fill_size < in_data_len) { +- memcpy(ibmca_sha256_ctx->tail ++ memcpy(ibmca_sha256_ctx->tail + + ibmca_sha256_ctx->tail_len, in_data, + fill_size); + +@@ -2721,7 +2726,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) + ibmca_sha256_ctx->tail, + &ibmca_sha256_ctx->c, + tmp_hash)) { +- IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE, ++ IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE, + IBMCA_R_REQUEST_FAILED); + return 0; + } +@@ -2749,7 +2754,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) + if (ibmca_sha256_ctx->tail_len) { + fill_size = SHA256_BLOCK_SIZE - ibmca_sha256_ctx->tail_len; + if (fill_size < in_data_len) { +- memcpy(ibmca_sha256_ctx->tail ++ memcpy(ibmca_sha256_ctx->tail + + ibmca_sha256_ctx->tail_len, in_data, + fill_size); + +@@ -2759,7 +2764,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) + ibmca_sha256_ctx->tail, + &ibmca_sha256_ctx->c, + tmp_hash)) { +- IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE, ++ IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE, + IBMCA_R_REQUEST_FAILED); + return 0; + } +@@ -2771,8 +2776,8 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) + return 1; + } + +- /* +- * We had to use some of the data from in_data to ++ /* ++ * We had to use some of the data from in_data to + * fill out the empty part of save data, so adjust + * in_data_len + */ +@@ -2781,7 +2786,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) + ibmca_sha256_ctx->tail_len = in_data_len & 0x3f; + if (ibmca_sha256_ctx->tail_len) { + in_data_len &= ~0x3f; +- memcpy(ibmca_sha256_ctx->tail, ++ memcpy(ibmca_sha256_ctx->tail, + in_data + fill_size + in_data_len, + ibmca_sha256_ctx->tail_len); + } +@@ -2801,7 +2806,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) + } + + /* If the data passed in was <64 bytes, in_data_len will be 0 */ +- if (in_data_len && ++ if (in_data_len && + p_ica_sha256(message_part, + (unsigned int)in_data_len, (unsigned char *)(in_data + fill_size), + &ibmca_sha256_ctx->c, +@@ -2811,7 +2816,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) + } + + return 1; +-} // end ibmca_sha256_update ++} // end ibmca_sha256_update + + static int ibmca_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) + { +-- +2.12.0 + diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec index 0841003..3e343ca 100644 --- a/openssl-ibmca.spec +++ b/openssl-ibmca.spec @@ -1,24 +1,23 @@ Summary: A dynamic OpenSSL engine for IBMCA Name: openssl-ibmca -Version: 1.2.0 -Release: 13%{?dist} +Version: 1.3.1 +Release: 1%{?dist} License: OpenSSL Group: System Environment/Libraries URL: http://sourceforge.net/projects/opencryptoki Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-%{version}.tar.gz # https://bugzilla.redhat.com/show_bug.cgi?id=584765 -Patch0: openssl-ibmca-1.2.0-libica-soname.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=749638 -Patch1: openssl-ibmca-1.2.0-ofb.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1074976 -Patch2: openssl-ibmca-1.2.0-sha256-length.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1075474 -Patch3: openssl-ibmca-1.2.0-signature-flag.patch -Requires: libica >= 2.1.0 -BuildRequires: libica-devel >= 2.1.0 +Patch0: openssl-ibmca-1.3.0-libica-soname.patch +# fix build with OpenSSL 1.1 +# https://sourceforge.net/p/opencryptoki/ibmca/ci/170352452f0a1addb78879dea34a3069314fcda0/ +Patch1: openssl-ibmca-1.3.1-openssl11.patch +Requires: libica >= 3.0.0 +BuildRequires: libica-devel >= 3.0.0 BuildRequires: automake libtool ExclusiveArch: s390 s390x +%global enginesdir %{_libdir}/engines-1.1 + %description A dynamic OpenSSL engine for IBMCA crypto hardware on IBM zSeries machines. @@ -26,9 +25,7 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM zSeries machines. %prep %setup -q %patch0 -p1 -b .libica-soname -%patch1 -p1 -b .ofb -%patch2 -p1 -b .1074976 -%patch3 -p1 -b .1075474 +%patch1 -p1 -b .openssl11 sh ./bootstrap.sh @@ -42,17 +39,24 @@ make %{?_smp_mflags} make install DESTDIR=$RPM_BUILD_ROOT rm -f $RPM_BUILD_ROOT%{_libdir}/libibmca.la -mkdir -p $RPM_BUILD_ROOT%{_libdir}/openssl/engines -mv $RPM_BUILD_ROOT%{_libdir}/*.so $RPM_BUILD_ROOT%{_libdir}/openssl/engines -mv openssl.cnf.sample openssl.cnf.sample.%{_arch} +mkdir -p $RPM_BUILD_ROOT%{enginesdir} +mv $RPM_BUILD_ROOT%{_libdir}/*.so $RPM_BUILD_ROOT%{enginesdir} + +pushd src +sed -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample > openssl.cnf.sample.%{_arch} +popd %files -%doc README openssl.cnf.sample.%{_arch} -%{_libdir}/openssl/engines/libibmca.so +%doc INSTALL README src/openssl.cnf.sample.%{_arch} +%{enginesdir}/libibmca.so +%{_mandir}/man5/ibmca.5* %changelog +* Wed Mar 08 2017 Dan HorĂ¡k - 1.3.1-1 +- updated to 1.3.1 and OpenSSL 1.1 + * Sat Feb 11 2017 Fedora Release Engineering - 1.2.0-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild diff --git a/sources b/sources index 418b1d0..7679617 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -df14df18d276ab3106dffb8b7623896a openssl-ibmca-1.2.0.tar.gz +SHA512 (openssl-ibmca-1.3.1.tar.gz) = 9c2049b88676a94c292821ea84cf67d41e0fe242fc1822848315564089527b217a270b740239925785215120269f262f8d1fd8c86ef6db1df2c2f26db0db71c0