diff --git a/.gitignore b/.gitignore index 2b78788..2d45ba4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ openssl-ibmca-1.1.tar.gz /openssl-ibmca-1.2.0.tar.gz /openssl-ibmca-1.3.1.tar.gz +/openssl-ibmca-1.4.0.tar.gz diff --git a/openssl-ibmca-1.3.0-libica-soname.patch b/openssl-ibmca-1.3.0-libica-soname.patch deleted file mode 100644 index f5b6c27..0000000 --- a/openssl-ibmca-1.3.0-libica-soname.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up openssl-ibmca-1.3.0/src/e_ibmca.c.libica-soname openssl-ibmca-1.3.0/src/e_ibmca.c ---- openssl-ibmca-1.3.0/src/e_ibmca.c.libica-soname 2015-12-01 03:33:52.000000000 +0000 -+++ openssl-ibmca-1.3.0/src/e_ibmca.c 2017-02-13 20:25:03.122555936 +0000 -@@ -127,7 +127,7 @@ typedef struct ibmca_sha512_ctx { - } IBMCA_SHA512_CTX; - #endif - --static const char *LIBICA_NAME = "ica"; -+static const char *LIBICA_NAME = "libica.so.3"; - - #if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) - #define NID_aes_128_cfb NID_aes_128_cfb128 -@@ -1281,7 +1281,7 @@ static int ibmca_init(ENGINE * e) - /* WJH XXX check name translation */ - - ibmca_dso = DSO_load(NULL, LIBICA_NAME, NULL, -- /* DSO_FLAG_NAME_TRANSLATION */ 0); -+ /* DSO_FLAG_NO_NAME_TRANSLATION */ 1); - if (ibmca_dso == NULL) { - IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE); - goto err; diff --git a/openssl-ibmca-1.3.1-openssl11.patch b/openssl-ibmca-1.3.1-openssl11.patch deleted file mode 100644 index 2b78772..0000000 --- a/openssl-ibmca-1.3.1-openssl11.patch +++ /dev/null @@ -1,327 +0,0 @@ -From 170352452f0a1addb78879dea34a3069314fcda0 Mon Sep 17 00:00:00 2001 -From: Paulo Vital -Date: Tue, 7 Mar 2017 16:22:41 -0300 -Subject: [PATCH] Add support to DSO on new API of OpenSSL-1.1.0 - -DSO is opaque in OpenSSL-1.1.0 and had to modify includes and -data structure usage to use it. - -On OpenSSL-1.1.0e (or newer), warning messages during compilation -time can be printed, but they are resolved during link time. - -Signed-off-by: Paulo Vital ---- - src/e_ibmca.c | 73 +++++++++++++++++++++++++++++++---------------------------- - 1 file changed, 39 insertions(+), 34 deletions(-) - -diff --git a/src/e_ibmca.c b/src/e_ibmca.c -index a78fb72..57452b1 100644 ---- a/src/e_ibmca.c -+++ b/src/e_ibmca.c -@@ -66,7 +66,6 @@ - #include - #include - #include "cryptlib.h" --#include - #include - #include - #include -@@ -84,6 +83,12 @@ - #include - #include "e_ibmca_err.h" - -+#ifdef OLDER_OPENSSL -+#include -+#else -+typedef struct dso_st DSO; -+#endif -+ - #define IBMCA_LIB_NAME "ibmca engine" - - #define AP_PATH "/sys/devices/ap" -@@ -1760,7 +1765,7 @@ static int ibmca_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ()) - - /* - * ENGINE calls this to find out how to deal with -- * a particular NID in the ENGINE. -+ * a particular NID in the ENGINE. - */ - static int ibmca_engine_ciphers(ENGINE * e, const EVP_CIPHER ** cipher, - const int **nids, int nid) -@@ -1829,7 +1834,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - mode = MODE_CBC; - } else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) && - (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) { -- IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, - IBMCA_R_CIPHER_MODE_NOT_SUPPORTED); - return 0; - } -@@ -1866,7 +1871,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - } - - if (rv) { -- IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, - IBMCA_R_REQUEST_FAILED); - return 0; - } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { -@@ -1914,7 +1919,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - } - - if (rv) { -- IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, - IBMCA_R_REQUEST_FAILED); - return 0; - } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { -@@ -1955,7 +1960,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - mode = MODE_CBC; - } else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) && - (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) { -- IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, - IBMCA_R_CIPHER_MODE_NOT_SUPPORTED); - return 0; - } -@@ -1992,7 +1997,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - } - - if (rv) { -- IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, - IBMCA_R_REQUEST_FAILED); - return 0; - } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { -@@ -2040,7 +2045,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - } - - if (rv) { -- IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, - IBMCA_R_REQUEST_FAILED); - return 0; - } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { -@@ -2082,7 +2087,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - mode = MODE_CBC; - } else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) && - (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) { -- IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, - IBMCA_R_CIPHER_MODE_NOT_SUPPORTED); - return 0; - } -@@ -2123,7 +2128,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - } - - if (rv) { -- IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, - IBMCA_R_REQUEST_FAILED); - return 0; - } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { -@@ -2175,7 +2180,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - } - - if (rv) { -- IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, - IBMCA_R_REQUEST_FAILED); - return 0; - } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { -@@ -2217,7 +2222,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - mode = MODE_CBC; - } else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) && - (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) { -- IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, - IBMCA_R_CIPHER_MODE_NOT_SUPPORTED); - return 0; - } -@@ -2257,7 +2262,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - } - - if (rv) { -- IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, - IBMCA_R_REQUEST_FAILED); - return 0; - } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { -@@ -2306,7 +2311,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - } - - if (rv) { -- IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, - IBMCA_R_REQUEST_FAILED); - return 0; - } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { -@@ -2347,7 +2352,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - mode = MODE_CBC; - } else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) && - (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) { -- IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, - IBMCA_R_CIPHER_MODE_NOT_SUPPORTED); - return 0; - } -@@ -2387,7 +2392,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - } - - if (rv) { -- IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, - IBMCA_R_REQUEST_FAILED); - return 0; - } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { -@@ -2436,7 +2441,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - } - - if (rv) { -- IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, -+ IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, - IBMCA_R_REQUEST_FAILED); - return 0; - } else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) { -@@ -2538,7 +2543,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data, - &ibmca_sha_ctx->c, - tmp_hash)) { - -- IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE, -+ IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE, - IBMCA_R_REQUEST_FAILED); - return 0; - } -@@ -2577,7 +2582,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data, - &ibmca_sha_ctx->c, - tmp_hash)) { - -- IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE, -+ IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE, - IBMCA_R_REQUEST_FAILED); - return 0; - } -@@ -2589,8 +2594,8 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data, - return 1; - } - -- /* -- * We had to use some of the data from in_data to -+ /* -+ * We had to use some of the data from in_data to - * fill out the empty part of save data, so adjust - * in_data_len - */ -@@ -2599,7 +2604,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data, - ibmca_sha_ctx->tail_len = in_data_len & 0x3f; - if(ibmca_sha_ctx->tail_len) { - in_data_len &= ~0x3f; -- memcpy(ibmca_sha_ctx->tail, -+ memcpy(ibmca_sha_ctx->tail, - in_data + fill_size +in_data_len, - ibmca_sha_ctx->tail_len); - } -@@ -2618,7 +2623,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data, - } - - /* If the data passed in was <64 bytes, in_data_len will be 0 */ -- if( in_data_len && -+ if( in_data_len && - p_ica_sha1(message_part, - (unsigned int)in_data_len, (unsigned char *)(in_data + fill_size), - &ibmca_sha_ctx->c, -@@ -2674,7 +2679,7 @@ static int ibmca_sha256_init(EVP_MD_CTX *ctx) - #endif - memset((unsigned char *)ibmca_sha256_ctx, 0, sizeof(*ibmca_sha256_ctx)); - return 1; --} // end ibmca_sha256_init -+} // end ibmca_sha256_init - - static int - ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) -@@ -2691,7 +2696,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) - if (in_data_len == 0) - return 1; - -- if (ibmca_sha256_ctx->c.runningLength == 0 -+ if (ibmca_sha256_ctx->c.runningLength == 0 - && ibmca_sha256_ctx->tail_len == 0) { - message_part = SHA_MSG_PART_FIRST; - -@@ -2711,7 +2716,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) - - fill_size = SHA256_BLOCK_SIZE - ibmca_sha256_ctx->tail_len; - if (fill_size < in_data_len) { -- memcpy(ibmca_sha256_ctx->tail -+ memcpy(ibmca_sha256_ctx->tail - + ibmca_sha256_ctx->tail_len, in_data, - fill_size); - -@@ -2721,7 +2726,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) - ibmca_sha256_ctx->tail, - &ibmca_sha256_ctx->c, - tmp_hash)) { -- IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE, -+ IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE, - IBMCA_R_REQUEST_FAILED); - return 0; - } -@@ -2749,7 +2754,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) - if (ibmca_sha256_ctx->tail_len) { - fill_size = SHA256_BLOCK_SIZE - ibmca_sha256_ctx->tail_len; - if (fill_size < in_data_len) { -- memcpy(ibmca_sha256_ctx->tail -+ memcpy(ibmca_sha256_ctx->tail - + ibmca_sha256_ctx->tail_len, in_data, - fill_size); - -@@ -2759,7 +2764,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) - ibmca_sha256_ctx->tail, - &ibmca_sha256_ctx->c, - tmp_hash)) { -- IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE, -+ IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE, - IBMCA_R_REQUEST_FAILED); - return 0; - } -@@ -2771,8 +2776,8 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) - return 1; - } - -- /* -- * We had to use some of the data from in_data to -+ /* -+ * We had to use some of the data from in_data to - * fill out the empty part of save data, so adjust - * in_data_len - */ -@@ -2781,7 +2786,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) - ibmca_sha256_ctx->tail_len = in_data_len & 0x3f; - if (ibmca_sha256_ctx->tail_len) { - in_data_len &= ~0x3f; -- memcpy(ibmca_sha256_ctx->tail, -+ memcpy(ibmca_sha256_ctx->tail, - in_data + fill_size + in_data_len, - ibmca_sha256_ctx->tail_len); - } -@@ -2801,7 +2806,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) - } - - /* If the data passed in was <64 bytes, in_data_len will be 0 */ -- if (in_data_len && -+ if (in_data_len && - p_ica_sha256(message_part, - (unsigned int)in_data_len, (unsigned char *)(in_data + fill_size), - &ibmca_sha256_ctx->c, -@@ -2811,7 +2816,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen) - } - - return 1; --} // end ibmca_sha256_update -+} // end ibmca_sha256_update - - static int ibmca_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) - { --- -2.12.0 - diff --git a/openssl-ibmca-1.4.0-libica-soname.patch b/openssl-ibmca-1.4.0-libica-soname.patch new file mode 100644 index 0000000..7ebd5ee --- /dev/null +++ b/openssl-ibmca-1.4.0-libica-soname.patch @@ -0,0 +1,12 @@ +diff -up openssl-ibmca-1.4.0/src/e_ibmca.c.libica-soname openssl-ibmca-1.4.0/src/e_ibmca.c +--- openssl-ibmca-1.4.0/src/e_ibmca.c.libica-soname 2017-09-11 13:56:54.144885532 +0200 ++++ openssl-ibmca-1.4.0/src/e_ibmca.c 2017-09-11 13:57:09.724885532 +0200 +@@ -46,7 +46,7 @@ + #include "e_ibmca_err.h" + + #define IBMCA_LIB_NAME "ibmca engine" +-#define LIBICA_SHARED_LIB "libica.so" ++#define LIBICA_SHARED_LIB "libica.so.3" + + #define AP_PATH "/sys/devices/ap" + diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec index 2b193e8..3b013cc 100644 --- a/openssl-ibmca.spec +++ b/openssl-ibmca.spec @@ -1,31 +1,27 @@ Summary: A dynamic OpenSSL engine for IBMCA Name: openssl-ibmca -Version: 1.3.1 -Release: 3%{?dist} -License: OpenSSL +Version: 1.4.0 +Release: 1%{?dist} +License: ASL 2.0 Group: System Environment/Libraries -URL: http://sourceforge.net/projects/opencryptoki -Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-%{version}.tar.gz +URL: https://github.com/opencryptoki +Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz # https://bugzilla.redhat.com/show_bug.cgi?id=584765 -Patch0: openssl-ibmca-1.3.0-libica-soname.patch -# fix build with OpenSSL 1.1 -# https://sourceforge.net/p/opencryptoki/ibmca/ci/170352452f0a1addb78879dea34a3069314fcda0/ -Patch1: openssl-ibmca-1.3.1-openssl11.patch -Requires: libica >= 3.0.0 -BuildRequires: libica-devel >= 3.0.0 +Patch0: openssl-ibmca-1.4.0-libica-soname.patch +Requires: libica >= 3.1.0 +BuildRequires: libica-devel >= 3.1.0 BuildRequires: automake libtool ExclusiveArch: s390 s390x %global enginesdir %{_libdir}/engines-1.1 %description -A dynamic OpenSSL engine for IBMCA crypto hardware on IBM zSeries machines. +A dynamic OpenSSL engine for IBMCA crypto hardware on IBM z Systems machines. %prep %setup -q %patch0 -p1 -b .libica-soname -%patch1 -p1 -b .openssl11 sh ./bootstrap.sh @@ -48,12 +44,15 @@ sed -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample > openssl.cnf.sample popd %files -%doc INSTALL README src/openssl.cnf.sample.%{_arch} +%doc ChangeLog README.md src/openssl.cnf.sample.%{_arch} %{enginesdir}/libibmca.so %{_mandir}/man5/ibmca.5* %changelog +* Mon Sep 11 2017 Dan HorĂ¡k - 1.4.0-1 +- updated to 1.4.0 + * Thu Aug 03 2017 Fedora Release Engineering - 1.3.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild diff --git a/sources b/sources index 7679617..4ac8d2d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-ibmca-1.3.1.tar.gz) = 9c2049b88676a94c292821ea84cf67d41e0fe242fc1822848315564089527b217a270b740239925785215120269f262f8d1fd8c86ef6db1df2c2f26db0db71c0 +SHA512 (openssl-ibmca-1.4.0.tar.gz) = 7e8d7c52b5b5959805823b5349756406bec406581e64732a37558a6d7b6faa3fc7391738a71a9376432a035645347e4cb7288d3a9712e884f954aeb4d74c9795