import openssl-ibmca-2.3.1-1.el8

import openssl-ibmca-2.3.0-1.el8
import openssl-ibmca-2.2.1-1.el8
2023-05-17 02:26:53 +00:00 · 2022-11-08 06:59:24 +00:00 · 2022-05-10 11:06:42 +00:00 · 2022-02-04 16:26:50 +00:00
4 changed files with 37 additions and 128 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/openssl-ibmca-2.1.1.tar.gz
+SOURCES/openssl-ibmca-2.3.1.tar.gz
--- a/.openssl-ibmca.metadata
+++ b/.openssl-ibmca.metadata
@ -1 +1 @@
-6f245f09c9ae7c1c1e287030aa5bd1db340dbdb0 SOURCES/openssl-ibmca-2.1.1.tar.gz
+5e5ac182d30787788c94b5dcdf9a3a21d209bbaf SOURCES/openssl-ibmca-2.3.1.tar.gz
--- a/SOURCES/openssl-ibmca-multi.patch
+++ b/SOURCES/openssl-ibmca-multi.patch
@ -1,114 +0,0 @@
-From 40928425d848827fa8427d677e37178ab3b57e50 Mon Sep 17 00:00:00 2001
-From: Juergen Christ <jchrist@linux.ibm.com>
-Date: Fri, 23 Apr 2021 15:09:36 +0200
-Subject: [PATCH] Fix for multiple loading of the engine.
-
-The ibmca engine global state gets destroyed if the engine is loaded multiple
-times.  This happens, e.g., during a git clone via https where first
-git-remote-https loads the engine and initializes it, and the libcurl loads
-the engine a second time, does not initialize it, but then destroy its second
-copy.  During destruction, OpenSSL calls into the ibmca_destroy function when
-then manipulates global state that is shared with the first engine (the one
-loaded by git-remote-https which is still actively used).
-
-Furthermore, the second load changes some global variables which causes the
-engine to not have any pkey methods registered anymore.
-
-To fix this, add a load count and only destroy global state once the load
-count drops to zero.  Also move the setting of the engine properties from the
-load phase (where OpenSSL only creates a structural reference) to the
-initialization phase (where OpenSSL create a functional reference).  This
-prevents another overwrite of global variables.
-
-Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
---
- src/e_ibmca.c | 29 +++++++++++++++++++++++++----
- 1 file changed, 25 insertions(+), 4 deletions(-)
-
-diff --git a/src/e_ibmca.c b/src/e_ibmca.c
-index b448e2c..a9b8a10 100644
--- a/src/e_ibmca.c
-+++ b/src/e_ibmca.c
-@@ -1,5 +1,5 @@
- /*
- * Copyright [2005-2018] International Business Machines Corp.
-+ * Copyright [2005-2021] International Business Machines Corp.
-  *
-  * Licensed under the Apache License, Version 2.0 (the "License");
-  * you may not use this file except in compliance with the License.
-@@ -175,6 +175,10 @@ static size_t size_cipher_list = 0;
- static size_t size_digest_list = 0;
- static size_t size_pkey_meths_list = 0;
- 
-+static CRYPTO_ONCE bindcountlockinitonce = CRYPTO_ONCE_STATIC_INIT;
-+static CRYPTO_RWLOCK *bindcountlock = NULL;
-+static int bindcount = 0;
-+
- static struct crypto_pair ibmca_cipher_lists;
- static struct crypto_pair ibmca_digest_lists;
- static struct crypto_pair ibmca_pkey_meths_lists;
-@@ -189,6 +193,11 @@ static int ibmca_engine_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
-                                    const int **nids, int nid);
- static int ibmca_usable_pkey_meths(const int **nids);
- 
-+static void bindcountlockinit(void)
-+{
-+    bindcountlock = CRYPTO_THREAD_lock_new();
-+}
-+
- /* RAND stuff */
- static int ibmca_rand_bytes(unsigned char *buf, int num);
- static int ibmca_rand_status(void);
-@@ -217,6 +226,10 @@ static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {
- /* Destructor (complements the "ENGINE_ibmca()" constructor) */
- static int ibmca_destroy(ENGINE *e)
- {
-+    int newbindcount;
-+    CRYPTO_atomic_add(&bindcount, -1, &newbindcount, bindcountlock);
-+    if (newbindcount)
-+        return 1;
-     /* Unload the ibmca error strings so any error state including our
-      * functs or reasons won't lead to a segfault (they simply get displayed
-      * without corresponding string data because none will be found).
-@@ -785,6 +798,9 @@ static void ibmca_destructor(void)
-     }
- 
-     p_ica_close_adapter(ibmca_handle);
-+
-+    if (bindcountlock)
-+        CRYPTO_THREAD_lock_free(bindcountlock);
- }
- 
- static int ibmca_init(ENGINE *e)
-@@ -792,6 +808,9 @@ static int ibmca_init(ENGINE *e)
-     if (ibmca_dso == NULL)
-         return 0;
- 
-+    if (!set_supported_meths(e))
-+        return 0;
-+
-     return 1;
- }
- 
-@@ -829,6 +848,11 @@ static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ())
-  */
- static int bind_helper(ENGINE *e)
- {
-+    int ignored;
-+
-+    CRYPTO_THREAD_run_once(&bindcountlockinitonce, bindcountlockinit);
-+    
-+    CRYPTO_atomic_add(&bindcount, 1, &ignored, bindcountlock);
-     ERR_load_IBMCA_strings();
- 
-     if (!ENGINE_set_id(e, engine_ibmca_id) ||
-@@ -843,9 +867,6 @@ static int bind_helper(ENGINE *e)
-     if (ibmca_dso == NULL)
-         return 0;
- 
-    if (!set_supported_meths(e))
-        return 0;
-
-     return 1;
- }
- 
--- a/SPECS/openssl-ibmca.spec
+++ b/SPECS/openssl-ibmca.spec
@ -2,18 +2,17 @@

 Summary: A dynamic OpenSSL engine for IBMCA
 Name: openssl-ibmca
-Version: 2.1.1
-Release: 1%{?dist}.1
+Version: 2.3.1
+Release: 1%{?dist}
 License: ASL 2.0
 Group: System Environment/Libraries
 URL: https://github.com/opencryptoki
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
-# https://github.com/opencryptoki/openssl-ibmca/commit/40928425d848827fa8427d677e37178ab3b57e50
-Patch0: %{name}-multi.patch
-Requires: libica >= 3.6.0
+Requires: libica >= 3.8.0
 BuildRequires: gcc
-BuildRequires: libica-devel >= 3.6.0
+BuildRequires: libica-devel >= 3.8.0
 BuildRequires: automake libtool
+BuildRequires: openssl
 ExclusiveArch: s390 s390x


@ -28,7 +27,7 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM z Systems machines.


 %build
-%configure --libdir=%{enginesdir}
+%configure --libdir=%{enginesdir} --with-libica-version=3
 make %{?_smp_mflags}


@ -36,22 +35,46 @@ make %{?_smp_mflags}
 %make_install
 rm -f $RPM_BUILD_ROOT%{enginesdir}/*.la

-pushd src
+pushd src/engine
 sed -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample > openssl.cnf.sample.%{_arch}
 popd

+# remove generated sample configs
+rm -rf %{buildroot}%{_datadir}/%{name}
+
+
+%check
+make check
+

 %files
 %license LICENSE
-%doc ChangeLog README.md src/openssl.cnf.sample.%{_arch}
+%doc ChangeLog README.md src/engine/openssl.cnf.sample.%{_arch}
 %{enginesdir}/ibmca.so
 %{_mandir}/man5/ibmca.5*


 %changelog
-* Tue May 11 2021 Dan Horák <dhorak[at]redhat.com> - 2.1.1-1.1
- Fix for multiple loading of the engine (#1957153)
- Resolves: #1957153
+* Fri Jan 06 2023 Dan Horák <dhorak[at]redhat.com> - 2.3.1-1
+- updated to 2.3.1 (#2110379)
+- Resolves: #2110379
+
+* Tue Mar 29 2022 Dan Horák <dhorak[at]redhat.com> - 2.3.0-1
+- updated to 2.3.0 (#2043842)
+- Resolves: #2043842
+
+* Wed Oct 06 2021 Dan Horák <dhorak[at]redhat.com> - 2.2.1-1
+- updated to 2.2.1 (#1984971)
+- Resolves: #1984971
+
+* Mon Aug 09 2021 Dan Horák <dhorak[at]redhat.com> - 2.2.0-2
+- fix DSA and DH registration (#1989064)
+- Resolves: #1989064
+
+* Tue Jul 13 2021 Dan Horák <dhorak[at]redhat.com> - 2.2.0-1
+- updated to 2.2.0 (#1919222)
+- do not use libica software fallbacks (#1922204)
+- Resolves: #1919222 #1922204

 * Thu May 21 2020 Dan Horák <dhorak[at]redhat.com> - 2.1.1-1
 - updated to 2.1.1 (#1780306)
Author	SHA1	Message	Date
CentOS Sources	c4e12b6d64	import openssl-ibmca-2.3.1-1.el8	2023-05-17 02:26:53 +00:00
CentOS Sources	c80a380a9f	import openssl-ibmca-2.3.0-1.el8	2022-11-08 06:59:24 +00:00
CentOS Sources	c21ea2f0a7	import openssl-ibmca-2.2.1-1.el8	2022-05-10 11:06:42 +00:00
CentOS Sources	5e3860b553	import openssl-ibmca-2.2.0-2.el8	2022-02-04 16:26:50 +00:00