import openssl-ibmca-2.2.2-1.el9
This commit is contained in:
		
							parent
							
								
									98e8f891b5
								
							
						
					
					
						commit
						6117a11c69
					
				
							
								
								
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -1 +1 @@ | |||||||
| SOURCES/openssl-ibmca-2.2.0.tar.gz | SOURCES/openssl-ibmca-2.2.2.tar.gz | ||||||
|  | |||||||
| @ -1 +1 @@ | |||||||
| 9046d41ba698ef6a493bd0807d7456138c9ab436 SOURCES/openssl-ibmca-2.2.0.tar.gz | 6521a8e6e7cb41cc621bc7a8942543e979423ae7 SOURCES/openssl-ibmca-2.2.2.tar.gz | ||||||
|  | |||||||
| @ -1,31 +0,0 @@ | |||||||
| From 34965d85fecd73bbd750e63a29d6db743759d240 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Juergen Christ <jchrist@linux.ibm.com> |  | ||||||
| Date: Mon, 31 May 2021 18:00:07 +0200 |  | ||||||
| Subject: [PATCH] Skip eckey test if needed. |  | ||||||
| 
 |  | ||||||
| Without crypto cards on a machine < z15, ibmca might not register with the |  | ||||||
| EC_KEY subsystem of OpenSSL.  In these cases, the eckey test should be skipped |  | ||||||
| since it is doomed to fail. |  | ||||||
| 
 |  | ||||||
| Fixes #69. |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> |  | ||||||
| ---
 |  | ||||||
|  test/eckey.c | 4 ++++ |  | ||||||
|  1 file changed, 4 insertions(+) |  | ||||||
| 
 |  | ||||||
| diff --git a/test/eckey.c b/test/eckey.c
 |  | ||||||
| index 35b3df2..6d0870b 100644
 |  | ||||||
| --- a/test/eckey.c
 |  | ||||||
| +++ b/test/eckey.c
 |  | ||||||
| @@ -44,6 +44,10 @@ int check_eckey(int nid, const char *name)
 |  | ||||||
|          fprintf(stderr, "ibmca engine not loaded\n"); |  | ||||||
|          goto out; |  | ||||||
|      } |  | ||||||
| +    if (ENGINE_get_EC(engine) == NULL) {
 |  | ||||||
| +        fprintf(stderr, "ibmca does not support EC_KEY.  Skipping...\n");
 |  | ||||||
| +        exit(77);
 |  | ||||||
| +    }
 |  | ||||||
|      eckey = EC_KEY_new_by_curve_name(nid); |  | ||||||
|      if (eckey == NULL) { |  | ||||||
|          /* curve not supported => test passed */ |  | ||||||
| @ -1,105 +0,0 @@ | |||||||
| From 1ab83f99db06ec1f4022d93c9123921c13f67e20 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Juergen Christ <jchrist@linux.ibm.com> |  | ||||||
| Date: Thu, 29 Jul 2021 17:38:59 +0200 |  | ||||||
| Subject: [PATCH] Fix DSA and DH registration. |  | ||||||
| 
 |  | ||||||
| DSA does not provide backups by default. |  | ||||||
| 
 |  | ||||||
| Also fix typo in DH initialization. |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> |  | ||||||
| ---
 |  | ||||||
|  src/ibmca_dh.c  |  2 +- |  | ||||||
|  src/ibmca_dsa.c | 26 ++++---------------------- |  | ||||||
|  2 files changed, 5 insertions(+), 23 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/src/ibmca_dh.c b/src/ibmca_dh.c
 |  | ||||||
| index 2459cf1..b2b75a9 100644
 |  | ||||||
| --- a/src/ibmca_dh.c
 |  | ||||||
| +++ b/src/ibmca_dh.c
 |  | ||||||
| @@ -72,7 +72,7 @@ DH_METHOD *ibmca_dh(void)
 |  | ||||||
|   |  | ||||||
|      if ((method = DH_meth_new("Ibmca DH method", 0)) == NULL |  | ||||||
|          || (meth1 = DH_OpenSSL()) == NULL |  | ||||||
| -	    || (ibmca_mod_exp_dh_backup = DH_meth_get_bn_mod_exp(method)) == NULL
 |  | ||||||
| +	    || (ibmca_mod_exp_dh_backup = DH_meth_get_bn_mod_exp(meth1)) == NULL
 |  | ||||||
|          || !DH_meth_set_generate_key(method, DH_meth_get_generate_key(meth1)) |  | ||||||
|          || !DH_meth_set_compute_key(method, DH_meth_get_compute_key(meth1)) |  | ||||||
|          || !DH_meth_set_bn_mod_exp(method, ibmca_mod_exp_dh) |  | ||||||
| diff --git a/src/ibmca_dsa.c b/src/ibmca_dsa.c
 |  | ||||||
| index f5bf4e4..3b5ac87 100644
 |  | ||||||
| --- a/src/ibmca_dsa.c
 |  | ||||||
| +++ b/src/ibmca_dsa.c
 |  | ||||||
| @@ -28,18 +28,10 @@
 |  | ||||||
|   * RSA. Just check out the "signs" statistics from the RSA and DSA parts |  | ||||||
|   * of "openssl speed -engine ibmca dsa1024 rsa1024". */ |  | ||||||
|  #ifdef OLDER_OPENSSL |  | ||||||
| -static int (*ibmca_dsa_mod_exp_backup)(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
 |  | ||||||
| -                                       BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
 |  | ||||||
| -                                       BIGNUM *m, BN_CTX *ctx,
 |  | ||||||
| -                                       BN_MONT_CTX *in_mont);
 |  | ||||||
|  static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, |  | ||||||
|                               BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, |  | ||||||
|                               BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) |  | ||||||
|  #else |  | ||||||
| -static int (*ibmca_dsa_mod_exp_backup)(DSA *dsa, BIGNUM *rr, const BIGNUM *a1,
 |  | ||||||
| -                                       const BIGNUM *p1, const BIGNUM *a2,
 |  | ||||||
| -                                       const BIGNUM *p2, const BIGNUM *m,
 |  | ||||||
| -                                       BN_CTX *ctx, BN_MONT_CTX *in_mont);
 |  | ||||||
|  static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, const BIGNUM *a1, |  | ||||||
|                               const BIGNUM *p1, const BIGNUM *a2, |  | ||||||
|                               const BIGNUM *p2, const BIGNUM *m, |  | ||||||
| @@ -65,31 +57,25 @@ static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, const BIGNUM *a1,
 |  | ||||||
|  end: |  | ||||||
|      BN_free(t); |  | ||||||
|   |  | ||||||
| -    if (!to_return && ibmca_dsa_mod_exp_backup)
 |  | ||||||
| -        return ibmca_dsa_mod_exp_backup(dsa, rr, a1, p1, a2, p2, m, ctx, in_mont);
 |  | ||||||
| +    if (!to_return)
 |  | ||||||
| +        return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
 |  | ||||||
|      return to_return; |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|  #ifdef OLDER_OPENSSL |  | ||||||
| -static int (*ibmca_mod_exp_dsa_backup)(DSA *dsa, BIGNUM *r, BIGNUM *a,
 |  | ||||||
| -                       const BIGNUM *p, const BIGNUM *m,
 |  | ||||||
| -                       BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 |  | ||||||
|   |  | ||||||
|  static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, |  | ||||||
|                               const BIGNUM *p, const BIGNUM *m, |  | ||||||
|                               BN_CTX *ctx, BN_MONT_CTX *m_ctx) |  | ||||||
|  #else |  | ||||||
| -static int (*ibmca_mod_exp_dsa_backup)(DSA *dsa, BIGNUM *r, const BIGNUM *a,
 |  | ||||||
| -                       const BIGNUM *p, const BIGNUM *m,
 |  | ||||||
| -                       BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 |  | ||||||
|   |  | ||||||
|  static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, const BIGNUM *a, |  | ||||||
|                               const BIGNUM *p, const BIGNUM *m, |  | ||||||
|                               BN_CTX *ctx, BN_MONT_CTX *m_ctx) |  | ||||||
|  #endif |  | ||||||
|  { |  | ||||||
| -    if (!ibmca_mod_exp(r, a, p, m, ctx) && ibmca_mod_exp_dsa_backup)
 |  | ||||||
| -        return ibmca_mod_exp_dsa_backup(dsa, r, a, p, m, ctx, m_ctx);
 |  | ||||||
| +    if (!ibmca_mod_exp(r, a, p, m, ctx))
 |  | ||||||
| +        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
 |  | ||||||
|      return 1; |  | ||||||
|  } |  | ||||||
|   |  | ||||||
| @@ -112,8 +98,6 @@ DSA_METHOD *ibmca_dsa(void)
 |  | ||||||
|  { |  | ||||||
|      const DSA_METHOD *meth1 = DSA_OpenSSL(); |  | ||||||
|   |  | ||||||
| -    ibmca_dsa_mod_exp_backup = dsa->dsa_mod_exp;
 |  | ||||||
| -    ibmca_mod_exp_dsa_backup = dsa->bn_mod_exp;
 |  | ||||||
|      dsa_m.dsa_do_sign = meth1->dsa_do_sign; |  | ||||||
|      dsa_m.dsa_sign_setup = meth1->dsa_sign_setup; |  | ||||||
|      dsa_m.dsa_do_verify = meth1->dsa_do_verify; |  | ||||||
| @@ -133,8 +117,6 @@ DSA_METHOD *ibmca_dsa(void)
 |  | ||||||
|   |  | ||||||
|      if ((method = DSA_meth_new("Ibmca DSA method", 0)) == NULL |  | ||||||
|          || (meth1 = DSA_OpenSSL()) == NULL |  | ||||||
| -        || (ibmca_dsa_mod_exp_backup = DSA_meth_get_mod_exp(meth1)) == NULL
 |  | ||||||
| -        || (ibmca_mod_exp_dsa_backup = DSA_meth_get_bn_mod_exp(meth1)) == NULL
 |  | ||||||
|          || !DSA_meth_set_sign(method, DSA_meth_get_sign(meth1)) |  | ||||||
|          || !DSA_meth_set_sign_setup(method, DSA_meth_get_sign_setup(meth1)) |  | ||||||
|          || !DSA_meth_set_verify(method, DSA_meth_get_verify(meth1)) |  | ||||||
| @ -2,20 +2,15 @@ | |||||||
| 
 | 
 | ||||||
| Summary: A dynamic OpenSSL engine for IBMCA | Summary: A dynamic OpenSSL engine for IBMCA | ||||||
| Name: openssl-ibmca | Name: openssl-ibmca | ||||||
| Version: 2.2.0 | Version: 2.2.2 | ||||||
| Release: 3%{?dist} | Release: 1%{?dist} | ||||||
| License: ASL 2.0 | License: ASL 2.0 | ||||||
| URL: https://github.com/opencryptoki | URL: https://github.com/opencryptoki | ||||||
| Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz | Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz | ||||||
| # https://github.com/opencryptoki/openssl-ibmca/commit/34965d85fecd73bbd750e63a29d6db743759d240 | Requires: libica >= 4.0.0 | ||||||
| Patch0: openssl-ibmca-2.2.0-eckey.patch |  | ||||||
| # https://bugzilla.redhat.com/show_bug.cgi?id=1989380 |  | ||||||
| # https://github.com/opencryptoki/openssl-ibmca/commit/1ab83f99db06ec1f4022d93c9123921c13f67e20 |  | ||||||
| Patch1: openssl-ibmca-2.2.0-fix-registration.patch |  | ||||||
| Requires: libica >= 3.8.0 |  | ||||||
| BuildRequires: make | BuildRequires: make | ||||||
| BuildRequires: gcc | BuildRequires: gcc | ||||||
| BuildRequires: libica-devel >= 3.8.0 | BuildRequires: libica-devel >= 4.0.0 | ||||||
| BuildRequires: automake libtool | BuildRequires: automake libtool | ||||||
| BuildRequires: openssl | BuildRequires: openssl | ||||||
| ExclusiveArch: s390 s390x | ExclusiveArch: s390 s390x | ||||||
| @ -32,7 +27,7 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM z Systems machines. | |||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| %build | %build | ||||||
| %configure --libdir=%{enginesdir} --with-libica-cex | %configure --libdir=%{enginesdir} --with-libica-cex --with-libica-version=4 | ||||||
| %make_build | %make_build | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| @ -54,12 +49,19 @@ make check | |||||||
| 
 | 
 | ||||||
| %files | %files | ||||||
| %license LICENSE | %license LICENSE | ||||||
| %doc ChangeLog README.md src/openssl.cnf.sample.%{_arch} src/gensamplecfg.pl | %doc ChangeLog README.md src/openssl.cnf.sample.%{_arch} src/ibmca-engine-opensslconfig | ||||||
| %{enginesdir}/ibmca.so | %{enginesdir}/ibmca.so | ||||||
| %{_mandir}/man5/ibmca.5* | %{_mandir}/man5/ibmca.5* | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Wed Feb 02 2022 Dan Horák <dan@danny.cz> - 2.2.2-1 | ||||||
|  | - updated to 2.2.2 (#2016989) | ||||||
|  | - Resolves: #2016989 | ||||||
|  | 
 | ||||||
|  | * Mon Oct 25 2021 Dan Horák <dan@danny.cz> - 2.2.1-1 | ||||||
|  | - updated to 2.2.1 (#2016989) | ||||||
|  | 
 | ||||||
| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.0-3 | * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.0-3 | ||||||
| - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags | - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags | ||||||
|   Related: rhbz#1991688 |   Related: rhbz#1991688 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user