From b9497399a9580c48a3f454a916172f89fd8b2d8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= Date: Wed, 9 Jun 2021 12:25:07 +0200 Subject: [PATCH] - updated to 2.2.0 (#1869531) - eliminate SW fallback functions (#1924117) - Resolves: #1869531 #1924117 --- .gitignore | 11 +---------- openssl-ibmca-2.2.0-eckey.patch | 31 +++++++++++++++++++++++++++++++ openssl-ibmca.spec | 30 ++++++++++++++++++++++-------- sources | 2 +- 4 files changed, 55 insertions(+), 19 deletions(-) create mode 100644 openssl-ibmca-2.2.0-eckey.patch diff --git a/.gitignore b/.gitignore index 559653f..209fc48 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1 @@ -openssl-ibmca-1.1.tar.gz -/openssl-ibmca-1.2.0.tar.gz -/openssl-ibmca-1.3.1.tar.gz -/openssl-ibmca-1.4.0.tar.gz -/openssl-ibmca-1.4.1.tar.gz -/openssl-ibmca-2.0.0.tar.gz -/openssl-ibmca-2.0.2.tar.gz -/openssl-ibmca-2.0.3.tar.gz -/openssl-ibmca-2.1.0.tar.gz -/openssl-ibmca-2.1.1.tar.gz +/openssl-ibmca-*.tar.gz diff --git a/openssl-ibmca-2.2.0-eckey.patch b/openssl-ibmca-2.2.0-eckey.patch new file mode 100644 index 0000000..6e8d490 --- /dev/null +++ b/openssl-ibmca-2.2.0-eckey.patch @@ -0,0 +1,31 @@ +From 34965d85fecd73bbd750e63a29d6db743759d240 Mon Sep 17 00:00:00 2001 +From: Juergen Christ +Date: Mon, 31 May 2021 18:00:07 +0200 +Subject: [PATCH] Skip eckey test if needed. + +Without crypto cards on a machine < z15, ibmca might not register with the +EC_KEY subsystem of OpenSSL. In these cases, the eckey test should be skipped +since it is doomed to fail. + +Fixes #69. + +Signed-off-by: Juergen Christ +--- + test/eckey.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/test/eckey.c b/test/eckey.c +index 35b3df2..6d0870b 100644 +--- a/test/eckey.c ++++ b/test/eckey.c +@@ -44,6 +44,10 @@ int check_eckey(int nid, const char *name) + fprintf(stderr, "ibmca engine not loaded\n"); + goto out; + } ++ if (ENGINE_get_EC(engine) == NULL) { ++ fprintf(stderr, "ibmca does not support EC_KEY. Skipping...\n"); ++ exit(77); ++ } + eckey = EC_KEY_new_by_curve_name(nid); + if (eckey == NULL) { + /* curve not supported => test passed */ diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec index f495c48..714cf7a 100644 --- a/openssl-ibmca.spec +++ b/openssl-ibmca.spec @@ -2,16 +2,19 @@ Summary: A dynamic OpenSSL engine for IBMCA Name: openssl-ibmca -Version: 2.1.1 -Release: 4%{?dist} +Version: 2.2.0 +Release: 1%{?dist} License: ASL 2.0 URL: https://github.com/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz -Requires: libica >= 3.6.0 +# https://github.com/opencryptoki/openssl-ibmca/commit/34965d85fecd73bbd750e63a29d6db743759d240 +Patch0: openssl-ibmca-2.2.0-eckey.patch +Requires: libica >= 3.8.0 BuildRequires: make BuildRequires: gcc -BuildRequires: libica-devel >= 3.6.0 +BuildRequires: libica-devel >= 3.8.0 BuildRequires: automake libtool +BuildRequires: openssl ExclusiveArch: s390 s390x @@ -26,18 +29,21 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM z Systems machines. %build -%configure --libdir=%{enginesdir} -make %{?_smp_mflags} +%configure --libdir=%{enginesdir} --with-libica-cex +%make_build %install %make_install -rm -f $RPM_BUILD_ROOT%{enginesdir}/*.la +rm -f %{buildroot}%{enginesdir}/*.la pushd src sed -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample > openssl.cnf.sample.%{_arch} popd +# remove generated sample configs +rm -rf %{buildroot}%{_datadir}/%{name} + %check make check @@ -45,12 +51,20 @@ make check %files %license LICENSE -%doc ChangeLog README.md src/openssl.cnf.sample.%{_arch} +%doc ChangeLog README.md src/openssl.cnf.sample.%{_arch} src/gensamplecfg.pl %{enginesdir}/ibmca.so %{_mandir}/man5/ibmca.5* %changelog +* Fri Jun 04 2021 Dan Horák - 2.2.0-1 +- updated to 2.2.0 (#1869531) +- eliminate SW fallback functions (#1924117) +- Resolves: #1869531 #1924117 + +* Wed May 12 2021 Dan Horák - 2.1.2-1 +- updated to 2.1.2 + * Fri Apr 16 2021 Mohan Boddu - 2.1.1-4 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 diff --git a/sources b/sources index 6a76f1d..780b75b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-ibmca-2.1.1.tar.gz) = e766389c617d5ebe9d32c30001b0109c293f7e30309d822081ef2e64b6fdfd72c294ac1c659f93501bd912f9b8aa2c3d032420b9ac48054f309decb00feda326 +SHA512 (openssl-ibmca-2.2.0.tar.gz) = 1e88c1726a6473045e46fbd8f0edc8c95cb5c6794b9d3535871bdc0cada28392b392b5e0bc96d9cb152b20501e2c60abf8ac5d0df5f4081e64768abea7a818f5