Accepting request 1088509 from home:ngueorguiev:branches:security:tls

- Upgrade to version 4.2.2 (jsc#PED-3277) - [UPDATE] syslog msgs only in error cases - [UPDATE] don't count statistics in fips power-on self tests - [PATCH] various fixes and some new tests OBS-URL: https://build.opensuse.org/request/show/1088509 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=7
2023-05-23 06:08:56 +00:00 · 2023-05-23 06:08:56 +00:00 · 8f54dd4884
commit 8f54dd4884
parent 28dea1df41
6 changed files with 14 additions and 78 deletions
--- a/libica-4.2.1.tar.gz
+++ b/libica-4.2.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b75b5813261b3969d5190a73555dd6eab894698613ceb48edbbeab3ecda3a51e
-size 564553
--- a/libica-4.2.2.tar.gz
+++ b/libica-4.2.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5a12a6a1d67f799b564266610a8f6af1ac4c574292e533a294c75eab9789edee
+size 574439
--- a/libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
+++ b/libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
@ -1,55 +0,0 @@
-From 88d54fd0b867d9ee29d2bb1043d014f93d3dffc9 Mon Sep 17 00:00:00 2001
-From: Michal Suchanek <msuchanek@suse.de>
-Date: Mon, 7 Jun 2021 21:12:01 +0200
-Subject: [PATCH] FIPS: make it possible to specify fipshmac binary.
-
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
- openssl-fipshmac | 12 ++++++++++++
- src/Makefile.am  |  4 ++--
- 2 files changed, 14 insertions(+), 2 deletions(-)
- create mode 100755 openssl-fipshmac
-
-diff --git a/openssl-fipshmac b/openssl-fipshmac
-new file mode 100755
-index 0000000..60fd505
--- /dev/null
-+++ b/openssl-fipshmac
-@@ -0,0 +1,12 @@
-+#!/bin/sh -e
-+
-+if [ "$#" -eq 0 ] ; then
-+    echo "No library to hash specified." >&2
-+    exit 22
-+fi
-+
-+while [ -n "$1" ] ; do
-+    dgst="$(openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 "$1")"
-+    echo "$dgst" | sed -e 's/^.* //' > "$(dirname "$1")/.$(basename "$1")".hmac
-+    shift
-+done
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 4a1ef14..2be01a5 100644
--- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -47,6 +47,7 @@
- 	./mp.pl mp.S
- 
- if ICA_FIPS
-+FIPSHMAC ?= ${top_srcdir}/openssl-fipshmac
- fipsinstall:
- 	$(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica.so.$(VERSION1).hmac
- 	$(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac
-@@ -58,8 +59,7 @@
- 	$(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac
- 
- hmac-file: libica.la libica-cex.la
-	$(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 ${top_builddir}/src/.libs/libica.so.$(VERSION1) | sed -e 's/^.* //' > ${top_builddir}/src/.libs/.libica.so.$(VERSION1).hmac
-	$(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 ${top_builddir}/src/.libs/libica-cex.so.$(VERSION1) | sed -e 's/^.* //' > ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION1).hmac
-+	$(AM_V_GEN) $(FIPSHMAC) ${top_builddir}/src/.libs/libica.so.$(VERSION1) ${top_builddir}/src/.libs/libica-cex.so.$(VERSION1)
- 
- hmac_files = hmac-file hmac-file-lnk
- 
-- 
-2.31.1
-
--- a/libica-sles15sp5-FIPS-hmac-key.patch
+++ b/libica-sles15sp5-FIPS-hmac-key.patch
@ -1,15 +0,0 @@
--- libica-4.3.0/src/fips.c	2020-05-04 17:01:23.238805001 -0400
-+++ libica-4.3.0/src/fips.c	2020-05-04 16:58:51.352241763 -0400
-@@ -65,10 +65,9 @@
-  * integrity test. The recommended key size for HMAC-SHA256 is 64 bytes.
-  * The known HMAC is supposed to be provided as hex string in a file
-  * .libica.so.VERSION.hmac in the same directory as the .so module.
- */
-+ /* HMAC key is hexidecimal for: "orboDeJITITejsirpADONivirpUkvarP" */
- static const char hmackey[] =
-	"0000000000000000000000000000000000000000000000000000000000000000"
-	"0000000000000000000000000000000000000000000000000000000000000000";
-+	"6f72626f44654a49544954656a7369727041444f4e6976697270556b76617250";
- 
- #endif /* ICA_INTERNAL_TEST */
- 
--- a/libica.changes
+++ b/libica.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue May 23 05:56:45 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
+
+- Upgrade to version 4.2.2 (jsc#PED-3277)
+  - [UPDATE] syslog msgs only in error cases
+  - [UPDATE] don't count statistics in fips power-on self tests
+  - [PATCH] various fixes and some new tests
+
 -------------------------------------------------------------------
 Fri Apr 28 09:20:08 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

--- a/libica.spec
+++ b/libica.spec
@ -22,21 +22,19 @@
 %endif

 Name:           libica
-Version:        4.2.1
+Version:        4.2.2
 Release:        0
 Summary:        Library interface for the IBM Cryptographic Accelerator device driver
 License:        CPL-1.0
 Group:          Hardware/Other
 URL:            https://github.com/opencryptoki/libica
-Source:         https://github.com/opencryptoki/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source:         https://github.com/opencryptoki/%{name}/releases/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        README.SUSE
 Source2:        sysconfig.z90crypt
 Source3:        z90crypt
 Source4:        z90crypt.service
 Source5:        %{name}-rpmlintrc
-Patch01:        libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
-Patch99:        libica-sles15sp5-FIPS-hmac-key.patch
-
+###
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  fipscheck