- zkey: Fix CCA host version detection for newer CCA versions (RHEL-105487)

- Resolves: RHEL-105487
2025-08-07 11:48:08 +02:00 · 2025-08-07 11:48:08 +02:00 · 5b9aabbcb2
commit 5b9aabbcb2
parent 062b0d57e5
2 changed files with 101 additions and 37 deletions
--- a/s390utils-2.29.0-rhel.patch
+++ b/s390utils-2.29.0-rhel.patch
@ -1,7 +1,7 @@
 From a32824922cb273703bacd44e6a29cbc33ae48cf5 Mon Sep 17 00:00:00 2001
 From: Ingo Franzki <ifranzki@linux.ibm.com>
 Date: Fri, 21 Jul 2023 14:06:18 +0200
-Subject: [PATCH 01/18] zkey: Support EP11 AES keys with prepended header to
+Subject: [PATCH 01/19] zkey: Support EP11 AES keys with prepended header to
 retain EP11 session (RHEL-11440)

 The pkey kernel module supports two key blob formats for EP11 AES keys.
@ -730,13 +730,13 @@ index 3000290..843e554 100644
 							"secure AES key");
 			}
 -- 
-2.44.0
+2.50.1


 From df0819ca69dbef1f99321f51cd9c4d33c6374992 Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Mon, 7 Aug 2023 16:56:54 +0200
-Subject: [PATCH 02/18] rust/Makefile: Fix use of Cargoflags for 'make clean'
+Subject: [PATCH 02/19] rust/Makefile: Fix use of Cargoflags for 'make clean'
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@ -763,13 +763,13 @@ index cf2fda7..420bafd 100644
 
 rust-test: .check-cargo .no-cross-compile
 -- 
-2.44.0
+2.50.1


 From b6ce8c7fc10c225c0b1d59af32edd323f5817ab7 Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Mon, 7 Aug 2023 16:56:55 +0200
-Subject: [PATCH 03/18] rust/README.md: Fix some typos
+Subject: [PATCH 03/19] rust/README.md: Fix some typos
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@ -833,13 +833,13 @@ index 2622bba..61b0af8 100644
 }
 ```
 -- 
-2.44.0
+2.50.1


 From 883d28afea6ea18b1001ebf9e3d921d86be9c593 Mon Sep 17 00:00:00 2001
 From: Marc Hartmayer <mhartmay@linux.ibm.com>
 Date: Mon, 4 Sep 2023 14:18:50 +0200
-Subject: [PATCH 04/18] rust/**/*.rs: fix `cargo clippy` findings
+Subject: [PATCH 04/19] rust/**/*.rs: fix `cargo clippy` findings
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@ -1205,13 +1205,13 @@ index 2b3e861..bf491c6 100644
 
     let exp = get_test_asset!("exp/asrcb/null_none_default_cuid_seven");
 -- 
-2.44.0
+2.50.1


 From 4c8072cebe9add441c42e62663d4089d14d32389 Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Wed, 25 Oct 2023 15:26:14 +0200
-Subject: [PATCH 05/18] rust/pv: fix Invalid write of size 1
+Subject: [PATCH 05/19] rust/pv: fix Invalid write of size 1

 Fix a valgrind finding. Fix an invalid read/write of one byte after the
 actual struct to clear. Not fixing this may result in a illegal write or
@ -1240,13 +1240,13 @@ index cdef9ef..88287c8 100644
         }
         std::sync::atomic::compiler_fence(std::sync::atomic::Ordering::SeqCst);
 -- 
-2.44.0
+2.50.1


 From 49eabe2d13ea3909f4c522fefaf8db998c7ab888 Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Wed, 4 Oct 2023 10:59:34 +0200
-Subject: [PATCH 06/18] rust: Create workspace
+Subject: [PATCH 06/19] rust: Create workspace

 A workspaces simplifies the build and packaging process significantly.
 All build artifacts and binaries are now built in a single location
@ -1492,13 +1492,13 @@ index 30bbbc8..215381b 100644
 +edition.workspace = true
 +license.workspace = true
 -- 
-2.44.0
+2.50.1


 From be47ce72f4ee7dc7ed2dafb9b89079b0c2b154fa Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Wed, 4 Oct 2023 11:08:20 +0200
-Subject: [PATCH 07/18] rust: Update dependency files
+Subject: [PATCH 07/19] rust: Update dependency files

 With the last patch introducing the rust workspace the location of
 Cargo.lock has changed. Therefore, remove all crate level lock-files and
@ -1912,13 +1912,13 @@ index 1db32c2..f7d1cf0 100644
 name = "winapi"
 version = "0.3.9"
 -- 
-2.44.0
+2.50.1


 From c25115c0d605c9c79efd8e17d4917a35603c0766 Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Tue, 21 Nov 2023 13:27:21 +0100
-Subject: [PATCH 08/18] rust: Sanitize minimal dependencies
+Subject: [PATCH 08/19] rust: Sanitize minimal dependencies

 The crate dependencies were a bit to slack. Due to the rust dependency
 resolver's strategy of always selecting the latest version this never
@ -2009,13 +2009,13 @@ index d1e75b1..e236c00 100644
 
 pv = { path = "../pv", features = ["uvsecret", "request"] }
 -- 
-2.44.0
+2.50.1


 From b6009c80b112ad85ca2aa649126b913af5af253c Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Wed, 29 Nov 2023 17:06:50 +0100
-Subject: [PATCH 09/18] rust: Use default panic behaviour
+Subject: [PATCH 09/19] rust: Use default panic behaviour

 Reviewed-by: Marc Hartmayer <marc@linux.ibm.com>
 Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
@ -2034,13 +2034,13 @@ index 65a70a9..7ba1faa 100644
 lto = true
 -panic = "abort"
 -- 
-2.44.0
+2.50.1


 From c4e48d060b7d92d7c6cd150728ecb55b301afa62 Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Thu, 30 Nov 2023 16:02:16 +0100
-Subject: [PATCH 10/18] rust/pv: Update mockito to version 1
+Subject: [PATCH 10/19] rust/pv: Update mockito to version 1

 Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
 (cherry picked from commit 21662d38e68b58bad033cdb1fca99987dd07cf78)
@ -2732,13 +2732,13 @@ index 1c0d2b5..5ca2e71 100644
         .with_body_from_file(res_path)
         .create()
 -- 
-2.44.0
+2.50.1


 From 66783f1901dcaca6f567ad13b05acc7dbe412ff0 Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Wed, 20 Dec 2023 13:31:18 +0100
-Subject: [PATCH 11/18] rust/Makefile: Fix CC/AR variables for TEST_TARGETS
+Subject: [PATCH 11/19] rust/Makefile: Fix CC/AR variables for TEST_TARGETS
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@ -2766,13 +2766,13 @@ index e4e9885..fa3cf04 100644
 $(PV_TARGETS): .check-dep-pvtools
 $(PV_TARGETS) $(CARGO_TARGETS): .check-cargo .no-cross-compile
 -- 
-2.44.0
+2.50.1


 From d54a8aa4d7b77338fd5511d895eadbb074b6024a Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Fri, 15 Dec 2023 11:30:14 +0100
-Subject: [PATCH 12/18] rust/pv: Provide access for SecretList members
+Subject: [PATCH 12/19] rust/pv: Provide access for SecretList members
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@ -3044,13 +3044,13 @@ index 6943bd3..72a05b2 100644
     fn dump_secret_entry() {
         const EXP: &[u8] = &[
 -- 
-2.44.0
+2.50.1


 From e75bbd754e5912d34c0aedfe35ccedd54ca850be Mon Sep 17 00:00:00 2001
 From: Harald Freudenberger <freude@linux.ibm.com>
 Date: Fri, 1 Dec 2023 12:10:20 +0100
-Subject: [PATCH 13/18] rust/pvapconfig: Introduce new tool pvapconfig
+Subject: [PATCH 13/19] rust/pvapconfig: Introduce new tool pvapconfig
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@ -5715,13 +5715,13 @@ index 0000000..2f98bd5
 +    }
 +}
 -- 
-2.44.0
+2.50.1


 From 6b69de3c519971a88c5953075586b322e1efdc3e Mon Sep 17 00:00:00 2001
 From: Joern Siglen <siglen@de.ibm.com>
 Date: Wed, 25 Oct 2023 15:01:11 +0200
-Subject: [PATCH 14/18] dbginfo.sh: enhance ethtool collection for ROCE
+Subject: [PATCH 14/19] dbginfo.sh: enhance ethtool collection for ROCE
 (RHEL-24110)
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
@ -5752,13 +5752,13 @@ index 9226a8b..f70cf6e 100755
 		else
 			pr_skip "ethtool: no devices"
 -- 
-2.44.0
+2.50.1


 From 90943f11e0feef6bc6cde3bf0b80ad0a21c55d72 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
 Date: Wed, 10 Apr 2024 11:27:58 +0200
-Subject: [PATCH 15/18] rust/pv: Support `Armonk` in IBM signing key subject
+Subject: [PATCH 15/19] rust/pv: Support `Armonk` in IBM signing key subject
 (RHEL-30398)

 New IBM signing keys will have Armonk as locality in the subject.
@ -6064,13 +6064,13 @@ index 5ca2e71..e4c60c5 100644
         verifier.verify(&hkd_exp),
         Err(Error::HkdVerify(AfterValidity))
 -- 
-2.44.0
+2.50.1


 From e1423607a66ee37f8ae581fbf5fa013f5ab80ae8 Mon Sep 17 00:00:00 2001
 From: Marc Hartmayer <mhartmay@linux.ibm.com>
 Date: Thu, 14 Mar 2024 16:05:09 +0000
-Subject: [PATCH 16/18] genprotimg: support `Armonk` in IBM signing key subject
+Subject: [PATCH 16/19] genprotimg: support `Armonk` in IBM signing key subject
 (RHEL-30398)

 New IBM signing certificates will have 'Armonk' as locality in the
@ -6396,13 +6396,13 @@ index fdf66de..e45e57d 100644
 WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BIO, BIO_free_all)
 WRAPPED_G_DEFINE_AUTOPTR_CLEANUP_FUNC(BN_CTX, BN_CTX_free)
 -- 
-2.44.0
+2.50.1


 From 1605e9c0033e245f8a6690e2ce95a27e383722df Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Tue, 12 Mar 2024 10:14:43 +0100
-Subject: [PATCH 17/18] libpv: Support `Armonk` in IBM signing key subject
+Subject: [PATCH 17/19] libpv: Support `Armonk` in IBM signing key subject
 (RHEL-30398)

 New IBM signing keys will have Armonk as locality in the subject.
@ -6645,13 +6645,13 @@ index c8bb8cc..f4774fc 100644
 	for (int i = 0; i < sk_X509_CRL_num(ret); i++) {
 		X509_CRL *crl = sk_X509_CRL_value(ret, i);
 -- 
-2.44.0
+2.50.1


 From 3bd5cce64692d4b630b313cf465a55595971bed4 Mon Sep 17 00:00:00 2001
 From: Steffen Eiden <seiden@linux.ibm.com>
 Date: Wed, 20 Mar 2024 15:36:52 +0100
-Subject: [PATCH 18/18] pvattest: Fix root-ca parsing (RHEL-30398)
+Subject: [PATCH 18/19] pvattest: Fix root-ca parsing (RHEL-30398)

 The parser setup falsely set the argument type as filename array, but
 code expected a single filename. Fixed by setting up the parser
@ -6691,5 +6691,62 @@ index fe5662f..5924ddc 100644
 
 /* NOTE REQUIRED */
 -- 
-2.44.0
+2.50.1
+
+
+From a1b83b44def87915acaf0d9668bdf96824d0e781 Mon Sep 17 00:00:00 2001
+From: Ingo Franzki <ifranzki@linux.ibm.com>
+Date: Thu, 3 Apr 2025 11:26:47 +0200
+Subject: [PATCH 19/19] zkey: Adjust CCA host library version detection for
+ newer CCA versions (RHEL-105487)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Newer CCA versions might report the version string with CSUACFV or CSUACFQ
+with keyword STATCCA using a different indicator character after the
+version information. Ignore the indication character and the remaining
+data entirely. Only the version information as such is of interest.
+
+Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
+(cherry picked from commit 33fc534a81b7c163936064c96f1fb902255f7ff1)
+---
+ zkey/cca.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/zkey/cca.c b/zkey/cca.c
+index 71c08ad..9d79c4b 100644
+--- a/zkey/cca.c
+++ b/zkey/cca.c
+@@ -91,7 +91,6 @@ static int get_cca_version(struct cca_lib *cca, bool verbose)
+ 	long return_code, reason_code;
+ 	long version_data_length;
+ 	long exit_data_len = 0;
+-	char date[20];
+ 
+ 	util_assert(cca != NULL, "Internal error: cca is NULL");
+ 
+@@ -111,8 +110,8 @@ static int get_cca_version(struct cca_lib *cca, bool verbose)
+ 	version_data[sizeof(version_data) - 1] = '\0';
+ 	pr_verbose(verbose, "CCA Version string: %s", version_data);
+ 
+-	if (sscanf((char *)version_data, "%u.%u.%uz%s", &cca->version.ver,
+-		   &cca->version.rel, &cca->version.mod, date) != 4) {
+	if (sscanf((char *)version_data, "%u.%u.%u", &cca->version.ver,
+		   &cca->version.rel, &cca->version.mod) != 3) {
+ 		warnx("CCA library version is invalid: %s", version_data);
+ 		return -EINVAL;
+ 	}
+@@ -536,7 +535,7 @@ static int get_cca_adapter_version(struct cca_lib *cca,
+ 
+ 	pr_verbose(verbose, "CCA firmware version string: %s", version_data);
+ 
+-	if (sscanf((char *)version_data, "%u.%u.%uz", &version->ver,
+	if (sscanf((char *)version_data, "%u.%u.%u", &version->ver,
+ 		   &version->rel, &version->mod) != 3) {
+ 		warnx("CCA formware version is invalid: %s", version_data);
+ 		return -EINVAL;
+-- 
+2.50.1

--- a/s390utils.spec
+++ b/s390utils.spec
@ -18,7 +18,7 @@
 Name:           s390utils
 Summary:        Utilities and daemons for IBM z Systems
 Version:        2.29.0
-Release:        3%{?dist}.1
+Release:        3%{?dist}.2
 Epoch:          2
 License:        MIT
 #URL:            http://www.ibm.com/developerworks/linux/linux390/s390-tools.html
@ -192,6 +192,7 @@ popd
 %build
 make \
        CFLAGS="%{build_cflags}" CXXFLAGS="%{build_cxxflags}" LDFLAGS="%{build_ldflags}" \
+        RUSTFLAGS="%{build_rustflags}" \
 %if %{without rust}
        HAVE_CARGO=0 \
 %endif
@ -221,6 +222,8 @@ popd

 %install
 make install \
+        CFLAGS="%{build_cflags}" CXXFLAGS="%{build_cxxflags}" LDFLAGS="%{build_ldflags}" \
+        RUSTFLAGS="%{build_rustflags}" \
 %if %{without rust}
        HAVE_CARGO=0 \
 %endif
@ -1171,6 +1174,10 @@ User-space development files for the s390/s390x architecture.


 %changelog
+* Thu Aug 07 2025 Dan Horák <dhorak@redhat.com> - 2:2.29.0-3.2
+- zkey: Fix CCA host version detection for newer CCA versions (RHEL-105487)
+- Resolves: RHEL-105487
+
 * Wed Apr 10 2024 Dan Horák <dhorak@redhat.com> - 2:2.29.0-3.1
 - SE-tooling: New IBM host-key subject locality (RHEL-30398)
 - dbginfo.sh: missing data of new ROCE cards (RHEL-24110)