- updated to 2.2.0 (#1869531)

- eliminate SW fallback functions (#1924117) - Resolves: #1869531 #1924117
2021-06-09 12:25:07 +02:00 · 2021-06-09 12:25:07 +02:00 · b9497399a9
parent f46837528a
commit b9497399a9
4 changed files with 55 additions and 19 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,10 +1 @@
-openssl-ibmca-1.1.tar.gz
-/openssl-ibmca-1.2.0.tar.gz
-/openssl-ibmca-1.3.1.tar.gz
-/openssl-ibmca-1.4.0.tar.gz
-/openssl-ibmca-1.4.1.tar.gz
-/openssl-ibmca-2.0.0.tar.gz
-/openssl-ibmca-2.0.2.tar.gz
-/openssl-ibmca-2.0.3.tar.gz
-/openssl-ibmca-2.1.0.tar.gz
-/openssl-ibmca-2.1.1.tar.gz
+/openssl-ibmca-*.tar.gz
--- a/openssl-ibmca-2.2.0-eckey.patch
+++ b/openssl-ibmca-2.2.0-eckey.patch
@ -0,0 +1,31 @@
+From 34965d85fecd73bbd750e63a29d6db743759d240 Mon Sep 17 00:00:00 2001
+From: Juergen Christ <jchrist@linux.ibm.com>
+Date: Mon, 31 May 2021 18:00:07 +0200
+Subject: [PATCH] Skip eckey test if needed.
+
+Without crypto cards on a machine < z15, ibmca might not register with the
+EC_KEY subsystem of OpenSSL.  In these cases, the eckey test should be skipped
+since it is doomed to fail.
+
+Fixes #69.
+
+Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
+---
+ test/eckey.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/test/eckey.c b/test/eckey.c
+index 35b3df2..6d0870b 100644
+--- a/test/eckey.c
+++ b/test/eckey.c
+@@ -44,6 +44,10 @@ int check_eckey(int nid, const char *name)
+         fprintf(stderr, "ibmca engine not loaded\n");
+         goto out;
+     }
+    if (ENGINE_get_EC(engine) == NULL) {
+        fprintf(stderr, "ibmca does not support EC_KEY.  Skipping...\n");
+        exit(77);
+    }
+     eckey = EC_KEY_new_by_curve_name(nid);
+     if (eckey == NULL) {
+         /* curve not supported => test passed */
--- a/openssl-ibmca.spec
+++ b/openssl-ibmca.spec
@ -2,16 +2,19 @@

 Summary: A dynamic OpenSSL engine for IBMCA
 Name: openssl-ibmca
-Version: 2.1.1
-Release: 4%{?dist}
+Version: 2.2.0
+Release: 1%{?dist}
 License: ASL 2.0
 URL: https://github.com/opencryptoki
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
-Requires: libica >= 3.6.0
+# https://github.com/opencryptoki/openssl-ibmca/commit/34965d85fecd73bbd750e63a29d6db743759d240
+Patch0: openssl-ibmca-2.2.0-eckey.patch
+Requires: libica >= 3.8.0
 BuildRequires: make
 BuildRequires: gcc
-BuildRequires: libica-devel >= 3.6.0
+BuildRequires: libica-devel >= 3.8.0
 BuildRequires: automake libtool
+BuildRequires: openssl
 ExclusiveArch: s390 s390x


@ -26,18 +29,21 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM z Systems machines.


 %build
-%configure --libdir=%{enginesdir}
-make %{?_smp_mflags}
+%configure --libdir=%{enginesdir} --with-libica-cex
+%make_build


 %install
 %make_install
-rm -f $RPM_BUILD_ROOT%{enginesdir}/*.la
+rm -f %{buildroot}%{enginesdir}/*.la

 pushd src
 sed -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample > openssl.cnf.sample.%{_arch}
 popd

+# remove generated sample configs
+rm -rf %{buildroot}%{_datadir}/%{name}
+

 %check
 make check
@ -45,12 +51,20 @@ make check

 %files
 %license LICENSE
-%doc ChangeLog README.md src/openssl.cnf.sample.%{_arch}
+%doc ChangeLog README.md src/openssl.cnf.sample.%{_arch} src/gensamplecfg.pl
 %{enginesdir}/ibmca.so
 %{_mandir}/man5/ibmca.5*


 %changelog
+* Fri Jun 04 2021 Dan Horák <dan@danny.cz> - 2.2.0-1
+- updated to 2.2.0 (#1869531)
+- eliminate SW fallback functions (#1924117)
+- Resolves: #1869531 #1924117
+
+* Wed May 12 2021 Dan Horák <dan@danny.cz> - 2.1.2-1
+- updated to 2.1.2
+
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.1-4
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-ibmca-2.1.1.tar.gz) = e766389c617d5ebe9d32c30001b0109c293f7e30309d822081ef2e64b6fdfd72c294ac1c659f93501bd912f9b8aa2c3d032420b9ac48054f309decb00feda326
+SHA512 (openssl-ibmca-2.2.0.tar.gz) = 1e88c1726a6473045e46fbd8f0edc8c95cb5c6794b9d3535871bdc0cada28392b392b5e0bc96d9cb152b20501e2c60abf8ac5d0df5f4081e64768abea7a818f5