diff --git a/openssl-ibmca-2.3.1-engine-warning.patch b/openssl-ibmca-2.3.1-engine-warning.patch new file mode 100644 index 0000000..c4d4aec --- /dev/null +++ b/openssl-ibmca-2.3.1-engine-warning.patch @@ -0,0 +1,27 @@ +From b72865d57bf129c058bdb4e7301b9cb7ce16938e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dan=20Hor=C3=A1k?= +Date: Fri, 13 Jan 2023 18:09:49 +0100 +Subject: [ibmca PATCH] warn the user when configuring the engine + +The engine feature is deprecated in OpenSSL 3.0 and will be removed. +Thus warn the user and recommend using the provider instead. +--- + src/engine/ibmca-engine-opensslconfig.in | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/engine/ibmca-engine-opensslconfig.in b/src/engine/ibmca-engine-opensslconfig.in +index e4b168b..ec7fbfc 100644 +--- a/src/engine/ibmca-engine-opensslconfig.in ++++ b/src/engine/ibmca-engine-opensslconfig.in +@@ -140,4 +140,8 @@ this file. + |; + } + ++print "WARNING: The OpenSSL engine feature is DEPRECATED since OpenSSL 3.0.\n"; ++print "WARNING: It will be removed in the future.\n"; ++print "WARNING: Please use the OpenSSL provider instead.\n"; ++ + generate(); +-- +2.39.0 + diff --git a/openssl-ibmca-2.3.1-fixes.patch b/openssl-ibmca-2.3.1-fixes.patch new file mode 100644 index 0000000..5e63b2e --- /dev/null +++ b/openssl-ibmca-2.3.1-fixes.patch @@ -0,0 +1,827 @@ +From ec926d577754babce01db22274a582988c5c4e44 Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Wed, 12 Oct 2022 09:40:27 +0200 +Subject: [PATCH 1/4] provider: Support EC parameter generation with named + curve + +In general the IBMCA provider does not support EC parameter generation, +because libica only supports certain named curves. However, one can +also use EC parameter generation with a named curve, and then use such +parameter key object as template for generating other keys. One example +for this is the openssl speed utility. + +Like for EC key generation, EC parameter generation only supports +parameters 'group', 'point-format', 'encoding', and 'use-cofactor-flag', +where the only accepted value for parameter 'encoding' is 'named_curve', +and the only accepted value for parameter 'use-cofactor-flag' is '0'. + +Signed-off-by: Ingo Franzki +--- + src/provider/ec_keymgmt.c | 10 ++++++++-- + src/provider/p_ibmca.h | 1 + + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/provider/ec_keymgmt.c b/src/provider/ec_keymgmt.c +index d39b1e2..97516f1 100644 +--- a/src/provider/ec_keymgmt.c ++++ b/src/provider/ec_keymgmt.c +@@ -928,9 +928,10 @@ static void *ibmca_keymgmt_ec_gen_init(void *vprovctx, int selection, + for (p = params; p != NULL && p->key != NULL; p++) + ibmca_debug_ctx(provctx, "param: %s", p->key); + +- if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) { ++ if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR | ++ OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)) == 0) { + put_error_ctx(provctx, IBMCA_ERR_INVALID_PARAM, +- "selection is not KEYPAIR"); ++ "selection is not KEYPAIR and/or parameters"); + return NULL; + } + +@@ -943,6 +944,7 @@ static void *ibmca_keymgmt_ec_gen_init(void *vprovctx, int selection, + } + + /* set defaults */ ++ ctx->ec.gen.selection = selection; + ctx->ec.gen.curve_nid = NID_undef; + ctx->ec.gen.format = POINT_CONVERSION_UNCOMPRESSED; + +@@ -1223,6 +1225,9 @@ static void *ibmca_keymgmt_ec_gen(void *vgenctx, OSSL_CALLBACK *osslcb, + + ibmca_debug_op_ctx(genctx, "prime_size: %lu", key->ec.prime_size); + ++ if ((genctx->ec.gen.selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) ++ goto out; ++ + key->ec.key = ica_ec_key_new(key->ec.curve_nid, &privlen); + if (key->ec.key == NULL || key->ec.prime_size != privlen) { + ibmca_debug_op_ctx(genctx, "ica_ec_key_new failed"); +@@ -1267,6 +1272,7 @@ static void *ibmca_keymgmt_ec_gen(void *vgenctx, OSSL_CALLBACK *osslcb, + return NULL; + } + ++out: + ibmca_debug_op_ctx(genctx, "key: %p", key); + + return key; +diff --git a/src/provider/p_ibmca.h b/src/provider/p_ibmca.h +index fa0e1ee..2b4ff8e 100644 +--- a/src/provider/p_ibmca.h ++++ b/src/provider/p_ibmca.h +@@ -216,6 +216,7 @@ struct ibmca_op_ctx { + } rsa; /* For type EVP_PKEY_RSA and EVP_PKEY_RSA_PSS */ + union { + struct { ++ int selection; + int curve_nid; + point_conversion_form_t format; + } gen; /* For operation EVP_PKEY_OP_KEYGEN */ +-- +2.39.0 + + +From a462093d2478b287cb9a7a25131788eba16b7640 Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Fri, 14 Oct 2022 11:31:16 +0200 +Subject: [PATCH 2/4] engine: EC: Cache ICA key in EC_KEY object + +Creating a new ICA EC key via ica_ec_key_init() is time consuming, because +libica performs EC key checks on the key components. + +Currently every sign, verify or derive operation creates a new ICA key, and +thus suffers from the long taking EC key checks with every operation. + +Change this to create an ICA key on the first usage of an EC key, and attach +the ICA key to the EC_KEY object as ex-data. That way, subsequent operations +using the same key will reuse the attached ICA key and do not have to create +a new ICA key again. + +Signed-off-by: Ingo Franzki +--- + src/engine/e_ibmca.c | 5 + + src/engine/ibmca.h | 1 + + src/engine/ibmca_ec.c | 411 ++++++++++++++++++++++++++++++------------ + 3 files changed, 306 insertions(+), 111 deletions(-) + +diff --git a/src/engine/e_ibmca.c b/src/engine/e_ibmca.c +index d045828..fe21897 100644 +--- a/src/engine/e_ibmca.c ++++ b/src/engine/e_ibmca.c +@@ -833,6 +833,11 @@ static int ibmca_init(ENGINE *e) + goto err; + } + ++#ifndef NO_EC ++ if (!ibmca_ec_init()) ++ goto err; ++#endif ++ + if (!set_supported_meths(e)) + goto err; + +diff --git a/src/engine/ibmca.h b/src/engine/ibmca.h +index 37bdfd8..7281a5b 100644 +--- a/src/engine/ibmca.h ++++ b/src/engine/ibmca.h +@@ -298,6 +298,7 @@ void ibmca_dh_destroy(void); + #define IBMCA_EC_MAX_Z_LEN IBMCA_EC_MAX_D_LEN + + #ifndef OPENSSL_NO_EC ++int ibmca_ec_init(void); + void ibmca_ec_destroy(void); + + int ibmca_ecdh_compute_key(unsigned char **pout, size_t *poutlen, +diff --git a/src/engine/ibmca_ec.c b/src/engine/ibmca_ec.c +index 8bc6cbf..5206ae3 100644 +--- a/src/engine/ibmca_ec.c ++++ b/src/engine/ibmca_ec.c +@@ -16,6 +16,7 @@ + */ + + #include ++#include + #include "ibmca.h" + #include "e_ibmca_err.h" + +@@ -31,6 +32,251 @@ ica_ec_key_get_public_key_t p_ica_ec_key_get_public_key; + ica_ec_key_get_private_key_t p_ica_ec_key_get_private_key; + ica_ec_key_free_t p_ica_ec_key_free; + ++int ec_ex_data_index = -1; ++pthread_mutex_t ec_ex_data_mutex = PTHREAD_MUTEX_INITIALIZER; ++ ++struct ibmca_ec_ex_data { ++ ICA_EC_KEY *ica_key; ++ int nid; ++ unsigned int privlen; ++}; ++ ++void ibmca_ec_ex_data_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, ++ int idx, long argl, void *argp) ++{ ++ struct ibmca_ec_ex_data *data = ptr; ++ ++ if (data == NULL) ++ return; ++ ++ p_ica_ec_key_free(data->ica_key); ++ OPENSSL_free(data); ++} ++ ++int ibmca_ec_ex_data_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, ++#ifdef OPENSSL_VERSION_PREREQ ++ void **pptr, int idx, long argl, void *argp) ++#else ++ void *from_d, int idx, long argl, void *argp) ++#endif ++{ ++#ifndef OPENSSL_VERSION_PREREQ ++ void **pptr = (void **)from_d; ++#endif ++ struct ibmca_ec_ex_data *from_data; ++ struct ibmca_ec_ex_data *to_data; ++ unsigned char Q[2 * IBMCA_EC_MAX_D_LEN]; ++ unsigned char D[IBMCA_EC_MAX_D_LEN]; ++ unsigned int len; ++ int rc; ++ ++ if (pptr == NULL) ++ return 0; ++ ++ from_data = (struct ibmca_ec_ex_data *)*pptr; ++ if (from_data == NULL) ++ return 0; ++ ++ to_data = OPENSSL_zalloc(sizeof(*to_data)); ++ if (to_data == NULL) { ++ return 0; ++ } ++ ++ to_data->nid = from_data->nid; ++ to_data->ica_key = p_ica_ec_key_new(to_data->nid, &to_data->privlen); ++ if (to_data->ica_key == NULL) { ++ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_ICA_EC_KEY_INIT); ++ goto error; ++ } ++ ++ if (p_ica_ec_key_get_private_key(from_data->ica_key, D, &len) == 0) { ++ rc = p_ica_ec_key_init(NULL, NULL, D, to_data->ica_key); ++ if (rc != 0) { ++ IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc); ++ goto error; ++ } ++ } ++ ++ if (p_ica_ec_key_get_public_key(from_data->ica_key, Q, &len) == 0) { ++ rc = p_ica_ec_key_init(Q, Q + to_data->privlen, NULL, to_data->ica_key); ++ if (rc != 0) { ++ IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc); ++ goto error; ++ } ++ } ++ ++ *pptr = to_data; ++ ++ return 1; ++ ++error: ++ if (to_data->ica_key != NULL) ++ p_ica_ec_key_free(to_data->ica_key); ++ OPENSSL_free(to_data); ++ ++ return 0; ++} ++ ++static ICA_EC_KEY *ibmca_ec_make_ica_key(EC_KEY *ec_key, int *nid, ++ unsigned int *privlen) ++{ ++ ICA_EC_KEY *icakey; ++ const EC_GROUP *group; ++ const EC_POINT *q; ++ const BIGNUM *bn_d; ++ BIGNUM *bn_x = NULL, *bn_y = NULL; ++ unsigned char D[IBMCA_EC_MAX_D_LEN]; ++ unsigned char X[IBMCA_EC_MAX_D_LEN]; ++ unsigned char Y[IBMCA_EC_MAX_D_LEN]; ++ int rc, n; ++ ++ /* Get group */ ++ if ((group = EC_KEY_get0_group(ec_key)) == NULL) { ++ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_INVALID_PARM); ++ return NULL; ++ } ++ ++ /* Get curve nid */ ++ *nid = EC_GROUP_get_curve_name(group); ++ if (*nid <= 0) { ++ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_UNSUPPORTED_CURVE); ++ return NULL; ++ } ++ ++ /* Create ICA_EC_KEY object */ ++ icakey = p_ica_ec_key_new(*nid, privlen); ++ if (icakey == NULL) { ++ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_ICA_EC_KEY_INIT); ++ return NULL; ++ } ++ ++ /* Get private (D) value from EC_KEY (if available) */ ++ bn_d = EC_KEY_get0_private_key(ec_key); ++ if (bn_d != NULL) { ++ /* Format (D) as char array, with leading zeros if necessary */ ++ n = *privlen - BN_num_bytes(bn_d); ++ memset(D, 0, n); ++ BN_bn2bin(bn_d, &(D[n])); ++ ++ /* Initialize private ICA_EC_KEY */ ++ rc = p_ica_ec_key_init(NULL, NULL, D, icakey); ++ if (rc != 0) { ++ IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc); ++ goto error; ++ } ++ } ++ ++ /* Get public (X and Y) values from EC_KEY (if available) */ ++ q = EC_KEY_get0_public_key(ec_key); ++ if (q != NULL) { ++ /* Provide public key (X,Y) */ ++ bn_x = BN_new(); ++ bn_y = BN_new(); ++ if (!EC_POINT_get_affine_coordinates_GFp(group, q, bn_x, bn_y, NULL)) { ++ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_INTERNAL_ERROR); ++ goto error; ++ } ++ ++ /* Format (X) as char array with leading nulls if necessary */ ++ n = *privlen - BN_num_bytes(bn_x); ++ memset(X, 0, n); ++ BN_bn2bin(bn_x, &X[n]); ++ ++ /* Format (Y) as char array with leading nulls if necessary */ ++ n = *privlen - BN_num_bytes(bn_y); ++ memset(Y, 0, n); ++ BN_bn2bin(bn_y, &Y[n]); ++ ++ /* Initialize public ICA_EC_KEY */ ++ rc = p_ica_ec_key_init(X, Y, NULL, icakey); ++ if (rc != 0) { ++ IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc); ++ goto error; ++ } ++ } ++ ++out: ++ BN_clear_free(bn_x); ++ BN_clear_free(bn_y); ++ ++ return icakey; ++ ++error: ++ p_ica_ec_key_free(icakey); ++ icakey = NULL; ++ goto out; ++} ++ ++static ICA_EC_KEY *ibmca_ec_make_and_cache_ica_key(EC_KEY *ec_key, ++ unsigned int *privlen) ++{ ++ struct ibmca_ec_ex_data *data, *data2; ++ ++ data = OPENSSL_zalloc(sizeof(*data)); ++ if (data == NULL) ++ return NULL; ++ ++ data->ica_key = ibmca_ec_make_ica_key(ec_key, &data->nid, &data->privlen); ++ if (data->ica_key == NULL) { ++ OPENSSL_free(data); ++ return NULL; ++ } ++ ++ /* ++ * Note that another thread could have allocated and set the ex_data for ++ * that key after the caller of this function has checked if there is ++ * already ex_data available for the key. So once we have the lock, we ++ * check again, and if there now is ex_data available, we return the ++ * ICA key from the ex_data, and free the one just created. ++ */ ++ if (pthread_mutex_lock(&ec_ex_data_mutex) != 0) { ++ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_INTERNAL_ERROR); ++ return NULL; ++ } ++ ++ data2 = EC_KEY_get_ex_data(ec_key, ec_ex_data_index); ++ if (data2 != NULL) { ++ pthread_mutex_unlock(&ec_ex_data_mutex); ++ ++ p_ica_ec_key_free(data->ica_key); ++ OPENSSL_free(data); ++ ++ *privlen = data2->privlen; ++ ++ return data2->ica_key; ++ } ++ ++ if (EC_KEY_set_ex_data(ec_key, ec_ex_data_index, data) != 1) { ++ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_INTERNAL_ERROR); ++ pthread_mutex_unlock(&ec_ex_data_mutex); ++ OPENSSL_free(data); ++ return NULL; ++ } ++ ++ pthread_mutex_unlock(&ec_ex_data_mutex); ++ ++ *privlen = data->privlen; ++ ++ return data->ica_key; ++} ++ ++int ibmca_ec_init(void) ++{ ++#ifdef OLDER_OPENSSL ++ return 0; ++#else ++ ec_ex_data_index = EC_KEY_get_ex_new_index(0, NULL, NULL, ++ ibmca_ec_ex_data_dup, ++ ibmca_ec_ex_data_free); ++ if (ec_ex_data_index < 0) { ++ IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_EC_INTERNAL_ERROR); ++ return 0; ++ } ++ ++ return 1; ++#endif ++} ++ + void ibmca_ec_destroy(void) + { + #ifdef OLDER_OPENSSL +@@ -39,6 +285,10 @@ void ibmca_ec_destroy(void) + if (ibmca_ecdh) + ECDSA_METHOD_free(ibmca_ecdsa); + #else ++ if (ec_ex_data_index >= 0) { ++ CRYPTO_free_ex_index(CRYPTO_EX_INDEX_EC_KEY, ec_ex_data_index); ++ ec_ex_data_index = -1; ++ } + if (ibmca_ec) + EC_KEY_METHOD_free(ibmca_ec); + #endif +@@ -55,17 +305,17 @@ int ibmca_ecdh_compute_key(unsigned char **pout, size_t *poutlen, + { + ICA_EC_KEY *ica_pubkey = NULL, *ica_privkey = NULL; + const EC_GROUP *group; +- BIGNUM *bn_d, *bn_x, *bn_y; ++ BIGNUM *bn_x = NULL, *bn_y = NULL; + unsigned int n, privlen; + unsigned char X[IBMCA_EC_MAX_D_LEN]; + unsigned char Y[IBMCA_EC_MAX_D_LEN]; +- unsigned char D[IBMCA_EC_MAX_D_LEN]; + unsigned char *z_buf = NULL; + int rc, ret = 0, nid; + #ifndef OLDER_OPENSSL + int (*compute_key_sw)(unsigned char **pout, size_t *poutlen, + const EC_POINT *pub_key, const EC_KEY *ecdh) = NULL; + #endif ++ struct ibmca_ec_ex_data *data = EC_KEY_get_ex_data(ecdh, ec_ex_data_index); + + /* Get group from EC_KEY */ + if ((group = EC_KEY_get0_group(ecdh)) == NULL) { +@@ -76,10 +326,40 @@ int ibmca_ecdh_compute_key(unsigned char **pout, size_t *poutlen, + /* Determine curve nid */ + nid = EC_GROUP_get_curve_name(group); + if (nid <= 0) { +- IBMCAerr(IBMCA_F_IBMCA_ECDH_COMPUTE_KEY, IBMCA_R_EC_INTERNAL_ERROR); ++ IBMCAerr(IBMCA_F_IBMCA_ECDH_COMPUTE_KEY, IBMCA_R_EC_UNSUPPORTED_CURVE); ++ return 0; ++ } ++ ++ if (data != NULL) { ++ ica_privkey = data->ica_key; ++ privlen = data->privlen; ++ goto do_derive; ++ } ++ ++ /* Create ICA_EC_KEY object for private key */ ++ ica_privkey = ibmca_ec_make_and_cache_ica_key((EC_KEY*)ecdh, &privlen); ++ if (ica_privkey == NULL) { ++ /* This curve is not supported by libica. */ ++ #ifdef OLDER_OPENSSL + return 0; ++ #else ++ /* ++ * EC_KEY_METHOD_get_compute_key misses the const-qualifier of the ++ * parameter in some openssl versions. ++ */ ++ EC_KEY_METHOD_get_compute_key((EC_KEY_METHOD *)ossl_ec, ++ &compute_key_sw); ++ if (compute_key_sw == NULL) { ++ IBMCAerr(IBMCA_F_IBMCA_ECDH_COMPUTE_KEY, ++ IBMCA_R_EC_INTERNAL_ERROR); ++ return 0; ++ } ++ ++ return compute_key_sw(pout, poutlen, pub_key, ecdh); ++ #endif + } + ++do_derive: + /* Create ICA_EC_KEY object for public key */ + ica_pubkey = p_ica_ec_key_new(nid, &privlen); + if (ica_pubkey == NULL) { +@@ -128,32 +408,6 @@ int ibmca_ecdh_compute_key(unsigned char **pout, size_t *poutlen, + goto end; + } + +- /* Create ICA_EC_KEY object for private key */ +- ica_privkey = p_ica_ec_key_new(nid, &privlen); +- if (!ica_privkey) { +- IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_INTERNAL_ERROR); +- goto end; +- } +- +- /* Get private (D) value from EC_KEY */ +- bn_d = (BIGNUM*)EC_KEY_get0_private_key((EC_KEY*)ecdh); +- if (bn_d == NULL) { +- IBMCAerr(IBMCA_F_IBMCA_ECDH_COMPUTE_KEY, IBMCA_R_EC_INTERNAL_ERROR); +- goto end; +- } +- +- /* Format (D) as char array, with leading zeros if necessary */ +- n = privlen - BN_num_bytes(bn_d); +- memset(D, 0, n); +- BN_bn2bin(bn_d, &(D[n])); +- +- /* Initialize private ICA_EC_KEY with (D) */ +- rc = p_ica_ec_key_init(NULL, NULL, D, ica_privkey); +- if (rc != 0) { +- IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc); +- goto end; +- } +- + /* Allocate memory for shared secret z, will be freed by caller */ + if ((z_buf = OPENSSL_malloc(privlen)) == NULL) { + IBMCAerr(IBMCA_F_IBMCA_ECDH_COMPUTE_KEY, IBMCA_R_EC_INTERNAL_ERROR); +@@ -193,7 +447,6 @@ int ibmca_ecdh_compute_key(unsigned char **pout, size_t *poutlen, + + end: + p_ica_ec_key_free(ica_pubkey); +- p_ica_ec_key_free(ica_privkey); + BN_clear_free(bn_x); + BN_clear_free(bn_y); + return ret; +@@ -210,12 +463,10 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + { + ECDSA_SIG *sig = NULL; + ICA_EC_KEY *icakey = NULL; +- const EC_GROUP *group; + unsigned int privlen; +- BIGNUM *r, *s, *bn_d, *kinv; +- unsigned char D[IBMCA_EC_MAX_D_LEN]; ++ BIGNUM *r, *s, *kinv; + unsigned char sigret[IBMCA_EC_MAX_SIG_LEN]; +- int n, nid, rc; ++ int rc; + #ifndef OLDER_OPENSSL + int (*sign_sw)(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, +@@ -227,6 +478,7 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey) = NULL; + BN_CTX *ctx; ++ struct ibmca_ec_ex_data *data = EC_KEY_get_ex_data(eckey, ec_ex_data_index); + + /* Check parms: precomputed (k,r) are not supported by ibmca */ + if (in_kinv != NULL || in_r != NULL) { +@@ -234,12 +486,6 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + return NULL; + } + +- /* Get group */ +- if ((group = EC_KEY_get0_group(eckey)) == NULL) { +- IBMCAerr(IBMCA_F_IBMCA_ECDSA_SIGN_SIG, IBMCA_R_EC_INVALID_PARM); +- return NULL; +- } +- + /* Check if key usable */ + #ifndef OLDER_OPENSSL + if (!EC_KEY_can_sign(eckey)) { +@@ -249,15 +495,14 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + } + #endif + +- /* Get curve nid */ +- nid = EC_GROUP_get_curve_name(group); +- if (nid <= 0) { +- IBMCAerr(IBMCA_F_IBMCA_ECDSA_SIGN_SIG, IBMCA_R_EC_UNSUPPORTED_CURVE); +- return NULL; ++ if (data != NULL) { ++ icakey = data->ica_key; ++ privlen = data->privlen; ++ goto do_sign; + } + + /* Create ICA_EC_KEY object */ +- icakey = p_ica_ec_key_new(nid, &privlen); ++ icakey = ibmca_ec_make_and_cache_ica_key(eckey, &privlen); + if (icakey == NULL) { + /* This curve is not supported by libica. */ + #ifdef OLDER_OPENSSL +@@ -287,25 +532,7 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + return sig; + } + +- /* Get private (D) value from EC_KEY */ +- bn_d = (BIGNUM*)EC_KEY_get0_private_key(eckey); +- if (bn_d == NULL) { +- IBMCAerr(IBMCA_F_IBMCA_ECDSA_SIGN_SIG, IBMCA_R_EC_INTERNAL_ERROR); +- goto end; +- } +- +- /* Format (D) as char array, with leading zeros if necessary */ +- n = privlen - BN_num_bytes(bn_d); +- memset(D, 0, n); +- BN_bn2bin(bn_d, &(D[n])); +- +- /* Initialize private ICA_EC_KEY */ +- rc = p_ica_ec_key_init(NULL, NULL, D, icakey); +- if (rc != 0) { +- IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc); +- goto end; +- } +- ++do_sign: + /* Call libica signing routine */ + rc = p_ica_ecdsa_sign(ibmca_handle, icakey, dgst, dgst_len, sigret, + sizeof(sigret)); +@@ -343,7 +570,6 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + s = BN_bin2bn(sigret + privlen, privlen, NULL); + sig = ECDSA_SIG_new(); + +-end: + #ifndef OLDER_OPENSSL + if (sig) + ECDSA_SIG_set0(sig, r, s); +@@ -357,7 +583,6 @@ end: + #endif + + end2: +- p_ica_ec_key_free(icakey); + return sig; + } + +@@ -372,16 +597,12 @@ end2: + int ibmca_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey) + { +- const EC_GROUP *group; +- const EC_POINT *q; +- unsigned char x_array[IBMCA_EC_MAX_D_LEN]; +- unsigned char y_array[IBMCA_EC_MAX_D_LEN]; + unsigned char sig_array[IBMCA_EC_MAX_Q_LEN]; + BIGNUM *bn_x = NULL, *bn_y = NULL; + const BIGNUM *bn_r, *bn_s; + unsigned int privlen; + ICA_EC_KEY *icakey = NULL; +- int rc, n, nid; ++ int rc, n; + int ret = -1; + #ifndef OLDER_OPENSSL + int (*verify_sw)(int type, const unsigned char *dgst, int dgst_len, +@@ -389,6 +610,7 @@ int ibmca_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + #endif + int (*verify_sig_sw)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey) = NULL; ++ struct ibmca_ec_ex_data *data = EC_KEY_get_ex_data(eckey, ec_ex_data_index); + + /* Check parms */ + if (eckey == NULL || sig == NULL) { +@@ -404,21 +626,14 @@ int ibmca_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + } + #endif + +- /* Get group */ +- if ((group = EC_KEY_get0_group(eckey)) == NULL) { +- IBMCAerr(IBMCA_F_IBMCA_ECDSA_VERIFY_SIG, IBMCA_R_EC_INTERNAL_ERROR); +- return ret; +- } +- +- /* Get curve nid */ +- nid = EC_GROUP_get_curve_name(group); +- if (nid <= 0) { +- IBMCAerr(IBMCA_F_IBMCA_ECDSA_VERIFY_SIG, IBMCA_R_EC_UNSUPPORTED_CURVE); +- return ret; ++ if (data != NULL) { ++ icakey = data->ica_key; ++ privlen = data->privlen; ++ goto do_verify; + } + + /* Create ICA_EC_KEY object */ +- icakey = p_ica_ec_key_new(nid, &privlen); ++ icakey = ibmca_ec_make_and_cache_ica_key(eckey, &privlen); + if (icakey == NULL) { + /* This curve is not supported by libica. */ + #ifdef OLDER_OPENSSL +@@ -440,32 +655,7 @@ int ibmca_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + return verify_sig_sw(dgst, dgst_len, sig, eckey); + } + +- /* Provide public key (X,Y) */ +- bn_x = BN_new(); +- bn_y = BN_new(); +- q = EC_KEY_get0_public_key(eckey); +- if (!EC_POINT_get_affine_coordinates_GFp(group, q, bn_x, bn_y, NULL)) { +- IBMCAerr(IBMCA_F_IBMCA_ECDSA_VERIFY_SIG, IBMCA_R_EC_INTERNAL_ERROR); +- goto end; +- } +- +- /* Format (X) as char array with leading nulls if necessary */ +- n = privlen - BN_num_bytes(bn_x); +- memset(x_array, 0, n); +- BN_bn2bin(bn_x, &(x_array[n])); +- +- /* Format (Y) as char array with leading nulls if necessary */ +- n = privlen - BN_num_bytes(bn_y); +- memset(y_array, 0, n); +- BN_bn2bin(bn_y, &(y_array[n])); +- +- /* Initialize ICA_EC_KEY */ +- rc = p_ica_ec_key_init(x_array, y_array, NULL, icakey); +- if (rc != 0) { +- IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc); +- goto end; +- } +- ++do_verify: + /* Get (r,s) from ECDSA_SIG */ + #ifdef OLDER_OPENSSL + bn_r = sig->r; +@@ -517,7 +707,6 @@ int ibmca_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + } + + end: +- p_ica_ec_key_free(icakey); + BN_clear_free(bn_x); + BN_clear_free(bn_y); + +-- +2.39.0 + + +From 072e32bb199ff772148f1cbe0b2faadf9ab33c12 Mon Sep 17 00:00:00 2001 +From: Juergen Christ +Date: Thu, 27 Oct 2022 16:13:01 +0200 +Subject: [PATCH 3/4] provider: Fix configuration script + +Small typo in the configuration script created an invalid configuration. + +Signed-off-by: Juergen Christ +--- + src/provider/ibmca-provider-opensslconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/provider/ibmca-provider-opensslconfig b/src/provider/ibmca-provider-opensslconfig +index 21ed6f6..d45428e 100755 +--- a/src/provider/ibmca-provider-opensslconfig ++++ b/src/provider/ibmca-provider-opensslconfig +@@ -83,7 +83,7 @@ sub generate() + } + if ($providersect && $line =~ /\[\s*$providersect\s*\]/) { + print $oh "ibmca_provider = ibmca_provider_section\n"; +- print $oh # Make sure that you have configured and activated at least one other provider!\n"; ++ print $oh "# Make sure that you have configured and activated at least one other provider!\n"; + print "WARNING: The IBMCA provider was added to section [$providersect].\n"; + print "Make sure that you have configured and activated at least one other provider, e.g. the default provider!\n"; + } +-- +2.39.0 + + +From e90203dbc9bf0d9a4488af470adf11852860991a Mon Sep 17 00:00:00 2001 +From: Juergen Christ +Date: Wed, 2 Nov 2022 14:29:35 +0100 +Subject: [PATCH 4/4] provider: Fix order of providers in configuration + +Since libica requires a provider that supports HMAC to be loaded and +available, fix the order of providers loaded by our sample configuration +generator. The "default" provider has to come first such that libica can do +the file integrity test with a HMAC provided by this provider when being +loaded via the ibmca provider. + +Signed-off-by: Juergen Christ +--- + src/provider/ibmca-provider-opensslconfig | 23 +++++++++++++++-------- + 1 file changed, 15 insertions(+), 8 deletions(-) + +diff --git a/src/provider/ibmca-provider-opensslconfig b/src/provider/ibmca-provider-opensslconfig +index d45428e..d87fa8e 100755 +--- a/src/provider/ibmca-provider-opensslconfig ++++ b/src/provider/ibmca-provider-opensslconfig +@@ -30,7 +30,7 @@ use warnings; + sub generate() + { + my ($osslconfpath); +- my ($ih, $line, $oh, $defaultcnfsect, $indefaultsect, $providersect); ++ my ($ih, $line, $oh, $defaultcnfsect, $indefaultsect, $providersect, $inprovidersect); + my ($inalgsect, $algsection); + + $osslconfpath = `openssl version -d` || die "Please install openssl binary"; +@@ -43,6 +43,7 @@ sub generate() + $defaultcnfsect = undef; + $indefaultsect = 0; + $providersect = undef; ++ $inprovidersect = 0; + while ($line = <$ih>) { + if ($line =~ /openssl_conf\s*=\s*(.*)/) { + $defaultcnfsect = $1; +@@ -67,13 +68,22 @@ sub generate() + } elsif ($inalgsect) { + if ($line =~ /\[\s*\w+\s*\]/) { + print $oh "default_properties = ?provider=ibmca\n"; ++ $inalgsect = 0; + } elsif ($line =~ /^\s*default_properties\s*=\s*(\w+)\s*/) { + print $oh "default_properties = ?provider=ibmca\n"; + print $oh "# The following was commented out by ibmca-provider-opensslconfig script\n"; + print "WARNING: The default_properties in $algsection was modified by this script.\n"; + $line = "# $line"; + } +- } ++ } elsif ($inprovidersect) { ++ if ($line =~ /\[\s*\w+\s*\]/) { ++ $inprovidersect = 0; ++ print $oh "ibmca_provider = ibmca_provider_section\n"; ++ print $oh "# Make sure that you have configured and activated at least one other provider!\n"; ++ print "WARNING: The IBMCA provider was added to section [$providersect].\n"; ++ print "Make sure that you have configured and activated at least one other provider, e.g. the default provider!\n"; ++ } ++ } + print $oh "$line"; + if ($defaultcnfsect && $line =~ /\[\s*$defaultcnfsect\s*\]/) { + $indefaultsect = 1; +@@ -81,11 +91,8 @@ sub generate() + if ($algsection && $line =~ /\[\s*$algsection\s*\]/) { + $inalgsect = 1; + } +- if ($providersect && $line =~ /\[\s*$providersect\s*\]/) { +- print $oh "ibmca_provider = ibmca_provider_section\n"; +- print $oh "# Make sure that you have configured and activated at least one other provider!\n"; +- print "WARNING: The IBMCA provider was added to section [$providersect].\n"; +- print "Make sure that you have configured and activated at least one other provider, e.g. the default provider!\n"; ++ if ($providersect && $line =~ /\[\s*$providersect\s*\]/) { ++ $inprovidersect = 1; + } + } + +@@ -100,8 +107,8 @@ providers = provider_section + if (!$providersect) { + print $oh qq| + [provider_section] +-ibmca_provider = ibmca_provider_section + default = default_sect ++ibmca_provider = ibmca_provider_section + + [default_sect] + activate = 1 +-- +2.39.0 + diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec index f25230a..e6263a6 100644 --- a/openssl-ibmca.spec +++ b/openssl-ibmca.spec @@ -9,10 +9,14 @@ Summary: A dynamic OpenSSL engine for IBMCA Name: openssl-ibmca Version: 2.3.1 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 URL: https://github.com/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz +# post GA fixes +Patch0: %{name}-%{version}-fixes.patch +# warn the user about engine being deprecated +Patch1: %{name}-2.3.1-engine-warning.patch Requires: libica >= 4.0.0 BuildRequires: make BuildRequires: gcc @@ -74,10 +78,13 @@ make check %changelog +* Fri Jan 13 2023 Dan Horák - 2.3.1-2 +- fix provider configuration script (#2140028) +- Resolves: #2140028 + * Thu Jan 12 2023 Dan Horák - 2.3.1-1 - updated to 2.3.1 (#2110378) -- fix configuration script (#2140028) -- Resolves: #2110378 #2140028 +- Resolves: #2110378 * Thu May 19 2022 Dan Horák - 2.3.0-1 - updated to 2.3.0 (#2044177)