rpms/openssl-ibmca
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9s
rpms:c10s
rpms:c9-beta
rpms:c9
rpms:c8-beta
rpms:c8s
rpms:imports/c10s/openssl-ibmca-2.5.0-1.el10
rpms:imports/c10s/openssl-ibmca-2.4.1-6.el10
rpms:imports/c10s/openssl-ibmca-2.4.1-5.el10
rpms:imports/c8/openssl-ibmca-2.4.1-1.el8
rpms:imports/c9/openssl-ibmca-2.4.1-1.el9
rpms:imports/c8-beta/openssl-ibmca-2.4.1-1.el8
rpms:imports/c9-beta/openssl-ibmca-2.4.1-1.el9
rpms:imports/c8-beta/openssl-ibmca-2.4.0-2.el8
rpms:imports/c9-beta/openssl-ibmca-2.4.0-4.el9
rpms:imports/c8/openssl-ibmca-2.3.1-1.el8
rpms:imports/c9/openssl-ibmca-2.3.1-2.el9
rpms:imports/c9-beta/openssl-ibmca-2.3.1-2.el9
rpms:imports/c8-beta/openssl-ibmca-2.3.1-1.el8
rpms:imports/c9/openssl-ibmca-2.3.0-1.el9_1.1
rpms:imports/c9/openssl-ibmca-2.3.0-1.el9
rpms:imports/c8/openssl-ibmca-2.3.0-1.el8
rpms:imports/c9-beta/openssl-ibmca-2.3.0-1.el9
rpms:imports/c8-beta/openssl-ibmca-2.3.0-1.el8
rpms:imports/c9/openssl-ibmca-2.2.2-1.el9_0.1
rpms:imports/c9/openssl-ibmca-2.2.2-1.el9
rpms:imports/c8/openssl-ibmca-2.2.1-1.el8
rpms:imports/c8-beta/openssl-ibmca-2.2.1-1.el8
rpms:imports/c9-beta/openssl-ibmca-2.2.2-1.el9
rpms:imports/c9-beta/openssl-ibmca-2.2.0-3.el9
rpms:imports/c8s/openssl-ibmca-2.1.1-1.el8
rpms:imports/c8s/openssl-ibmca-2.1.0-1.el8
rpms:imports/c8-beta/openssl-ibmca-2.2.0-2.el8
rpms:imports/c8-beta/openssl-ibmca-2.1.1-1.el8
rpms:imports/c8-beta/openssl-ibmca-2.1.0-1.el8
rpms:imports/c8-beta/openssl-ibmca-2.0.3-1.el8
rpms:imports/c8/openssl-ibmca-2.2.0-2.el8
rpms:imports/c8/openssl-ibmca-2.1.1-1.el8_4.1
rpms:imports/c8/openssl-ibmca-2.1.1-1.el8
rpms:imports/c8/openssl-ibmca-2.1.0-1.el8
rpms:imports/c8/openssl-ibmca-2.0.3-1.el8
...
pull from: rpms:c9s
Branches Tags
rpms:c9s
rpms:c10s
rpms:c9-beta
rpms:c8
rpms:c9
rpms:c8-beta
rpms:c8s
rpms:imports/c10s/openssl-ibmca-2.5.0-1.el10
rpms:imports/c10s/openssl-ibmca-2.4.1-6.el10
rpms:imports/c10s/openssl-ibmca-2.4.1-5.el10
rpms:imports/c8/openssl-ibmca-2.4.1-1.el8
rpms:imports/c9/openssl-ibmca-2.4.1-1.el9
rpms:imports/c8-beta/openssl-ibmca-2.4.1-1.el8
rpms:imports/c9-beta/openssl-ibmca-2.4.1-1.el9
rpms:imports/c8-beta/openssl-ibmca-2.4.0-2.el8
rpms:imports/c9-beta/openssl-ibmca-2.4.0-4.el9
rpms:imports/c8/openssl-ibmca-2.3.1-1.el8
rpms:imports/c9/openssl-ibmca-2.3.1-2.el9
rpms:imports/c9-beta/openssl-ibmca-2.3.1-2.el9
rpms:imports/c8-beta/openssl-ibmca-2.3.1-1.el8
rpms:imports/c9/openssl-ibmca-2.3.0-1.el9_1.1
rpms:imports/c9/openssl-ibmca-2.3.0-1.el9
rpms:imports/c8/openssl-ibmca-2.3.0-1.el8
rpms:imports/c9-beta/openssl-ibmca-2.3.0-1.el9
rpms:imports/c8-beta/openssl-ibmca-2.3.0-1.el8
rpms:imports/c9/openssl-ibmca-2.2.2-1.el9_0.1
rpms:imports/c9/openssl-ibmca-2.2.2-1.el9
rpms:imports/c8/openssl-ibmca-2.2.1-1.el8
rpms:imports/c8-beta/openssl-ibmca-2.2.1-1.el8
rpms:imports/c9-beta/openssl-ibmca-2.2.2-1.el9
rpms:imports/c9-beta/openssl-ibmca-2.2.0-3.el9
rpms:imports/c8s/openssl-ibmca-2.1.1-1.el8
rpms:imports/c8s/openssl-ibmca-2.1.0-1.el8
rpms:imports/c8-beta/openssl-ibmca-2.2.0-2.el8
rpms:imports/c8-beta/openssl-ibmca-2.1.1-1.el8
rpms:imports/c8-beta/openssl-ibmca-2.1.0-1.el8
rpms:imports/c8-beta/openssl-ibmca-2.0.3-1.el8
rpms:imports/c8/openssl-ibmca-2.2.0-2.el8
rpms:imports/c8/openssl-ibmca-2.1.1-1.el8_4.1
rpms:imports/c8/openssl-ibmca-2.1.1-1.el8
rpms:imports/c8/openssl-ibmca-2.1.0-1.el8
rpms:imports/c8/openssl-ibmca-2.0.3-1.el8

No commits in common. "c8" and "c9s" have entirely different histories.
c8 ... c9s

6 changed files with 159 additions and 49 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/openssl-ibmca-2.4.1.tar.gz
/openssl-ibmca-*.tar.gz

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.beaker-tier1.functional}

27
openssl-ibmca-2.3.1-engine-warning.patch Normal file
View File

@ -0,0 +1,27 @@
From b72865d57bf129c058bdb4e7301b9cb7ce16938e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Fri, 13 Jan 2023 18:09:49 +0100
Subject: [ibmca PATCH] warn the user when configuring the engine
The engine feature is deprecated in OpenSSL 3.0 and will be removed.
Thus warn the user and recommend using the provider instead.
---
src/engine/ibmca-engine-opensslconfig.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/engine/ibmca-engine-opensslconfig.in b/src/engine/ibmca-engine-opensslconfig.in
index e4b168b..ec7fbfc 100644
--- a/src/engine/ibmca-engine-opensslconfig.in
+++ b/src/engine/ibmca-engine-opensslconfig.in
@@ -140,4 +140,8 @@ this file.
|;
}
+print "WARNING: The OpenSSL engine feature is DEPRECATED since OpenSSL 3.0.\n";
+print "WARNING: It will be removed in the future.\n";
+print "WARNING: Please use the OpenSSL provider instead.\n";
+
generate();
--
2.39.0

0
openssl-ibmca-2.5.0-fixes.patch Normal file
View File

172
SPECS/openssl-ibmca.spec → openssl-ibmca.spec
View File

@ -1,23 +1,35 @@
%global enginesdir %(pkg-config --variable=enginesdir libcrypto)
%global modulesdir %(pkg-config --variable=modulesdir libcrypto)
Summary: A dynamic OpenSSL engine for IBMCA
%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9
%global with_openssl3 1
%endif
Summary: OpenSSL engine and provider for IBMCA
Name: openssl-ibmca
Version: 2.4.1
Version: 2.5.0
Release: 1%{?dist}
License: ASL 2.0
Group: System Environment/Libraries
URL: https://github.com/opencryptoki
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
Requires: libica >= 3.8.0
# warn the user about engine being deprecated
Patch1: %{name}-2.3.1-engine-warning.patch
# post GA fixes
#Patch2: %%{name}-%%{version}-fixes.patch
Requires: libica >= 4.0.0
BuildRequires: make
BuildRequires: gcc
BuildRequires: libica-devel >= 3.8.0
BuildRequires: libica-devel >= 4.0.0
BuildRequires: automake libtool
BuildRequires: openssl
BuildRequires: openssl >= 3.0.5
BuildRequires: perl(FindBin)
ExclusiveArch: s390 s390x
%description
A dynamic OpenSSL engine for IBMCA crypto hardware on IBM z Systems machines.
A dynamic OpenSSL engine and provider for IBMCA crypto hardware on IBM Z
machines to accelerate cryptographic operations.
%prep
@ -27,16 +39,22 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM z Systems machines.
%build
%configure --libdir=%{enginesdir} --with-libica-version=3
make %{?_smp_mflags}
%configure --libdir=%{enginesdir} --with-libica-cex --with-libica-version=4
%make_build
%install
%make_install
rm -f $RPM_BUILD_ROOT%{enginesdir}/*.la
rm -f %{buildroot}%{enginesdir}/*.la
%if 0%{?with_openssl3}
# provider is built when openssl3 is available, fix its location
mkdir -p %{buildroot}%{modulesdir}
mv %{buildroot}%{enginesdir}/ibmca-provider.so %{buildroot}%{modulesdir}/ibmca-provider.so
%endif
pushd src/engine
sed -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample > openssl.cnf.sample.%{_arch}
sed -i -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample
popd
# remove generated sample configs
@ -49,60 +67,118 @@ make check
%files
%license LICENSE
%doc ChangeLog README.md src/engine/openssl.cnf.sample.%{_arch}
%doc ChangeLog README.md src/engine/openssl.cnf.sample
%doc src/engine/ibmca-engine-opensslconfig
%doc src/provider/ibmca-provider-opensslconfig
%{enginesdir}/ibmca.so
%{_mandir}/man5/ibmca.5*
%if 0%{?with_openssl3}
%{modulesdir}/ibmca-provider.so
%{_mandir}/man5/ibmca-provider.5*
%endif
%changelog
* Fri Oct 27 2023 Dan Horák <dhorak[at]redhat.com> - 2.4.1-1
- updated to 2.4.1 (RHEL-11410)
- Resolves: RHEL-11410
* Thu Jun 05 2025 Dan Horák <dhorak@redhat.com> - 2.5.0-1
- rebased to 2.5.0 (RHEL-73354)
- Resolves: RHEL-73354
* Wed Jul 12 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-2
- engine: Only register those algos specified with default_algorithms (#2221891)
- Resolves: #2221891
* Thu May 23 2024 Dan Horák <dhorak@redhat.com> - 2.4.1-2
- apply post-2.4.1 fixes (RHEL-23702)
- Resolves: RHEL-23702
* Mon May 29 2023 Dan Horák <dhorak[at]redhat.com> - 2.4.0-1
- updated to 2.4.0 (#2159722)
- Resolves: #2159722
* Fri Oct 27 2023 Dan Horák <dhorak@redhat.com> - 2.4.1-1
- updated to 2.4.1 (RHEL-11414)
- Resolves: RHEL-11414
* Fri Jan 06 2023 Dan Horák <dhorak[at]redhat.com> - 2.3.1-1
- updated to 2.3.1 (#2110379)
- Resolves: #2110379
* Thu Jul 27 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-4
- provider: RSA: Fix get_params to retrieve max-size, bits, and security-bits (#2222878 #2224568)
- provider: Default debug directory to /tmp but make it configurable (#2160084)
- Resolves: #2222878 #2160084 #2224568
* Tue Mar 29 2022 Dan Horák <dhorak[at]redhat.com> - 2.3.0-1
- updated to 2.3.0 (#2043842)
- Resolves: #2043842
* Mon Jul 17 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-3
- provider: Support importing of RSA keys with just ME components (#2222878)
- Resolves: #2222878
* Wed Oct 06 2021 Dan Horák <dhorak[at]redhat.com> - 2.2.1-1
- updated to 2.2.1 (#1984971)
- Resolves: #1984971
* Tue Jul 11 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-2
- engine: Only register those algos specified with default_algorithms (#2221894)
- Resolves: #2221894
* Thu Apr 06 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-1
- updated to 2.4.0 (#2160084)
- Resolves: #2160084
* Fri Jan 13 2023 Dan Horák <dhorak@redhat.com> - 2.3.1-2
- fix provider configuration script (#2140028)
- Resolves: #2140028
* Thu Jan 12 2023 Dan Horák <dhorak@redhat.com> - 2.3.1-1
- updated to 2.3.1 (#2110378)
- Resolves: #2110378
* Thu May 19 2022 Dan Horák <dhorak@redhat.com> - 2.3.0-1
- updated to 2.3.0 (#2044177)
- add provider for openssl 3.x (#2044185)
- Resolves: #2044177 #2044185
* Wed Feb 02 2022 Dan Horák <dan@danny.cz> - 2.2.2-1
- updated to 2.2.2 (#2016989)
- Resolves: #2016989
* Mon Oct 25 2021 Dan Horák <dan@danny.cz> - 2.2.1-1
- updated to 2.2.1 (#2016989)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Aug 09 2021 Dan Horák <dhorak[at]redhat.com> - 2.2.0-2
- fix DSA and DH registration (#1989064)
- Resolves: #1989064
- fix DSA and DH registration (#1989380)
- Resolves: #1989380
* Tue Jul 13 2021 Dan Horák <dhorak[at]redhat.com> - 2.2.0-1
- updated to 2.2.0 (#1919222)
- do not use libica software fallbacks (#1922204)
- Resolves: #1919222 #1922204
* Fri Jun 04 2021 Dan Horák <dan@danny.cz> - 2.2.0-1
- updated to 2.2.0 (#1869531)
- eliminate SW fallback functions (#1924117)
- Resolves: #1869531 #1924117
* Thu May 21 2020 Dan Horák <dhorak[at]redhat.com> - 2.1.1-1
- updated to 2.1.1 (#1780306)
- Resolves: #1780306
* Wed May 12 2021 Dan Horák <dan@danny.cz> - 2.1.2-1
- updated to 2.1.2
* Tue Nov 05 2019 Dan Horák <dhorak[at]redhat.com> - 2.1.0-1
- updated to 2.1.0 (#1726242)
- Resolves: #1726242, #1723854
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.1-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Apr 29 2019 Dan Horák <dhorak[at]redhat.com> - 2.0.3-1
- updated to 2.0.3 (#1666622)
- Resolves: #1666622 #1659427 #1683099
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Dec 11 2018 Dan Horák <dhorak[at]redhat.com> - 2.0.0-2
- Fix doing rsa-me, altough rsa-crt would be possible
- Resolves: #1655654
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 12 2020 Dan Horák <dan@danny.cz> - 2.1.1-1
- updated to 2.1.1
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Sep 09 2019 Dan Horák <dan@danny.cz> - 2.1.0-1
- updated to 2.1.0
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Apr 24 2019 Dan Horák <dan@danny.cz> - 2.0.3-1
- updated to 2.0.3
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Dec 13 2018 Dan Horák <dan@danny.cz> - 2.0.2-1
- updated to 2.0.2
* Thu Aug 23 2018 Dan Horák <dan@danny.cz> - 2.0.0-3
- run upstream test-suite during build
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jun 18 2018 Dan Horák <dan@danny.cz> - 2.0.0-1
- updated to 2.0.0

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (openssl-ibmca-2.5.0.tar.gz) = 9fd4fbf7a486f486c8ee01f8b713f36a1e3b6caa52f5cfc84ea5aee5fcc9b407d4ca6bae622e898ab3c96f95e772a4a1ec21bdb4732798708996790b6ee6c80d