rpms/openssl-ibmca
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- updated to 2.1.2

Browse Source
This commit is contained in:
Dan Horák 2021-05-12 07:37:34 +00:00
parent 3a9c79b57b
commit 66b167dd9a
2 changed files with 201 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

194
openssl-ibmca-tests.patch Normal file
View File

@ -0,0 +1,194 @@
From 281cb45a8514e616a777a7a5b93c1dd28ae428e9 Mon Sep 17 00:00:00 2001
From: Juergen Christ <jchrist@linux.ibm.com>
Date: Mon, 3 May 2021 11:47:59 +0200
Subject: [PATCH] Fix test problems on non-z15 without CEX cards
The tests assumed to run on a z15 with a CEX card that supports secp384r1.
Check these assumptions and skip tests if they are not valid.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
---
test/loadtest-ec.c | 49 ++++++++++++++++++++++++++++++++++++++++++----
test/loadtest.c | 13 ++++++++++--
test/threadtest.c | 16 ++++++++++++++-
3 files changed, 71 insertions(+), 7 deletions(-)
diff --git a/test/loadtest-ec.c b/test/loadtest-ec.c
index a5821b7..cd35729 100644
--- a/test/loadtest-ec.c
+++ b/test/loadtest-ec.c
@@ -11,7 +11,11 @@
int setup()
{
const SSL_METHOD *req_method;
- SSL_CTX *ctx;
+ SSL_CTX *ctx;
+ EC_KEY *eckey = NULL;
+ ENGINE *ibmca;
+ ENGINE *actual;
+ int ret = 0;
/* Start code copy from libcurl 7.61.1 Curl_ossl_init function */
OPENSSL_load_builtin_modules();
@@ -52,6 +56,24 @@ int setup()
OpenSSL_add_all_algorithms();
#endif
/* End code copy from libcurl 7.61.1 Curl_ossl_init function */
+
+ ibmca = ENGINE_by_id("ibmca");
+ if (ibmca == NULL) {
+ fprintf(stderr, "Failed to retrieve ibmca engine\n");
+ goto out;
+ }
+
+ eckey = EC_KEY_new_by_curve_name(NID_secp384r1);
+ if (eckey == NULL) {
+ /* error */
+ fprintf(stderr, "Failed to create EC_KEY for secp384r1\n");
+ goto out;
+ }
+ actual = EC_KEY_get0_engine(eckey);
+ if (ibmca != actual) {
+ fprintf(stderr, "EC_KEY not associated with ibmca\n");
+ goto out;
+ }
/* Start extraction from libcurl 7.61.1 ossl_connect_step1 */
req_method = TLS_client_method();
@@ -59,7 +81,11 @@ int setup()
second time. */
ctx = SSL_CTX_new(req_method);
SSL_CTX_free(ctx);
- return 1;
+ ret = 1;
+ out:
+ if (eckey)
+ EC_KEY_free(eckey);
+ return ret;
}
int check_globals()
@@ -68,8 +94,16 @@ int check_globals()
ECDSA_SIG *sig = NULL;
EC_KEY *eckey = NULL;
unsigned char digest[20];
+ ENGINE *ibmca;
+ ENGINE *actual;
memset(digest, 0, sizeof(digest));
+
+ ibmca = ENGINE_by_id("ibmca");
+ if (ibmca == NULL) {
+ fprintf(stderr, "Failed to retrieve ibmca engine\n");
+ goto out;
+ }
eckey = EC_KEY_new_by_curve_name(NID_secp384r1);
if (eckey == NULL) {
@@ -82,6 +116,13 @@ int check_globals()
fprintf(stderr, "Failed to generate EC_KEY\n");
goto out;
}
+
+ actual = EC_KEY_get0_engine(eckey);
+ if (ibmca != actual) {
+ fprintf(stderr, "EC_KEY not associated with ibmca\n");
+ goto out;
+ }
+
sig = ECDSA_do_sign(digest, sizeof(digest), eckey);
if (sig == NULL) {
/* error */
@@ -123,8 +164,8 @@ int main(int argc, char **argv)
}
if (!setup()) {
- fprintf(stderr, "Setup failed!\n");
- return 99;
+ fprintf(stderr, "Setup failed! Skipping...\n");
+ return 77;
}
if (!check_globals()) {
fprintf(stderr, "Check for global variables failed!\n");
diff --git a/test/loadtest.c b/test/loadtest.c
index fea6f62..19f0cf9 100644
--- a/test/loadtest.c
+++ b/test/loadtest.c
@@ -12,6 +12,8 @@ int setup()
{
const SSL_METHOD *req_method;
SSL_CTX *ctx;
+ ENGINE *engine;
+ EVP_PKEY_CTX *pctx = NULL;
/* Start code copy from libcurl 7.61.1 Curl_ossl_init function */
OPENSSL_load_builtin_modules();
@@ -52,6 +54,13 @@ int setup()
OpenSSL_add_all_algorithms();
#endif
/* End code copy from libcurl 7.61.1 Curl_ossl_init function */
+
+ engine = ENGINE_by_id("ibmca");
+ pctx = EVP_PKEY_CTX_new_id(NID_X25519, engine);
+ if (pctx == NULL) {
+ return 0;
+ }
+ EVP_PKEY_CTX_free(pctx);
/* Start extraction from libcurl 7.61.1 ossl_connect_step1 */
req_method = TLS_client_method();
@@ -112,8 +121,8 @@ int main(int argc, char **argv)
}
if (!setup()) {
- fprintf(stderr, "Setup failed!\n");
- return 99;
+ fprintf(stderr, "Setup failed! Skipping...\n");
+ return 77;
}
if (!check_globals()) {
fprintf(stderr, "Check for global variables failed!\n");
diff --git a/test/threadtest.c b/test/threadtest.c
index 159c363..662ebf5 100644
--- a/test/threadtest.c
+++ b/test/threadtest.c
@@ -17,6 +17,9 @@
static int setup()
{
+ ENGINE *engine;
+ EVP_PKEY_CTX *pctx = NULL;
+
OPENSSL_load_builtin_modules();
ENGINE_load_builtin_engines();
@@ -37,6 +40,14 @@ static int setup()
#else
OpenSSL_add_all_algorithms();
#endif
+
+ engine = ENGINE_by_id("ibmca");
+ pctx = EVP_PKEY_CTX_new_id(NID_X25519, engine);
+ if (pctx == NULL) {
+ return 0;
+ }
+ EVP_PKEY_CTX_free(pctx);
+
return 1;
}
@@ -132,7 +143,10 @@ int main(int argc, char **argv)
return 1;
}
- setup();
+ if (setup() != 1) {
+ fprintf(stderr, "Failed to set up test. Skipping...\n");
+ return 77;
+ }
me = pthread_self();
// Start threads
--
2.31.1

9
openssl-ibmca.spec
View File

@ -2,11 +2,13 @@
Summary: A dynamic OpenSSL engine for IBMCA
Name: openssl-ibmca
Version: 2.1.1
Release: 3%{?dist}
Version: 2.1.2
Release: 1%{?dist}
License: ASL 2.0
URL: https://github.com/opencryptoki
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
# https://github.com/opencryptoki/openssl-ibmca/commit/281cb45a8514e616a777a7a5b93c1dd28ae428e9
Patch0: %{name}-tests.patch
Requires: libica >= 3.6.0
BuildRequires: make
BuildRequires: gcc
@ -51,6 +53,9 @@ make check
%changelog
* Wed May 12 2021 Dan Horák <dan@danny.cz> - 2.1.2-1
- updated to 2.1.2
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild