Commit Graph

117 Commits

Author SHA256 Message Date
Ana Guerrero
eb8f219a88 Accepting request 1228239 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1228239
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=38
2024-12-04 14:27:45 +00:00
Nikolay Gueorguiev
d7e1827e78 - Amended the .spec file (bsc#1234117, bsc#1231999)
* downgraded libica tools requires down to recommends again
- Applied updated patches (bsc#1231302, bsc#1231303, bsc#1231304, bsc#1231305)
  * libica-02-fips-update-Change-service-indicator-implementation.patch
  * libica-03-fips-update-Dynamically-update-service-indicator-based-on-IV-usage.patch
  * libica-04-fips-update-provide-test-for-dynamic-service-indicator.patch
- Applied patches (bsc#1231302, bsc#1231303, bsc#1231304, bsc#1231305)
  * libica-01-fips-update-remove-sigVer-from-fips-ECDSA-kat.patch
  * libica-02-fips-update-Change-service-indicator-implementation.patch
- Upgrade libica to version 4.3.1 (jsc#PED-9560, jsc#PED-10289, jsc#PED-3276)
  *  Various bug fixes and housekeeping
- Removed obsolete patches
  * libica-4.3.0-01-disable-CEX-usage-in-OpenSSL-for-all-tests.patch
  * libica-4.3.0-02-correct-rc-handling-with-s390_pcc-function.patch
  * libica-4.3.0-03-Use-__asm__-instead-of-asm.patch
- Amended the .spec file (bsc#1231999)
  * Replaced Recommends libica-tools with Requires
- Applied patches
  * libica-4.3.0-01-disable-CEX-usage-in-OpenSSL-for-all-tests.patch
  * libica-4.3.0-02-correct-rc-handling-with-s390_pcc-function.patch
  * libica-4.3.0-03-Use-__asm__-instead-of-asm.patch
- Amended the .spec file to enable FIPS
- Upgrade libica to version 2.3.0 (jsc#PED-5446)
  * New API function ica_allow_external_gcm_iv_in_fips_mode
  * Bug fixes
- Upgrade to version 4.2.3 (jsc#PED-5446) 
  * Add OPENSSL_init_crypto in libica constructor
  * Remove deprecated ioctl Z90STAT_STATUS_MASK
  * Bug fixes
- Upgrade to version 4.2.2 (jsc#PED-3277, jsc#PED-3276)
  - [UPDATE] syslog msgs only in error cases
  - [UPDATE] don't count statistics in fips power-on self tests
  - [PATCH] various fixes and some new tests
- Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet
- Prefix /etc/libica with %dir to ensure we don't package
  unversioned files in libica4, as otherwise we violate SLPP.
- Add /etc/libica directory into %files section.
- Upgrade to version 4.2.1 (jsc#PED-2872)
  - [PATCH] fix regression opening shared memory
- Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365).
  - [FEATURE] Display build info via icainfo -v
  - [FEATURE] New API function ica_get_build_version()
  - [FEATURE] Display fips indication via icainfo -f
  - [FEATURE] New API function ica_get_fips_indicator()
  - [FEATURE] New API function ica_aes_gcm_initialize_fips()
  - [FEATURE] New API function ica_aes_gcm_kma_get_iv()
  - [FEATURE] New API function ica_get_msa_level()
  - [PATCH] icainfo: check for malloc error when getting functionlist
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
  v4.1.1
   - [PATCH] Fix aes-xts multi-part operations
     [PATCH] Fix make dist
  v4.1.0
   - [FEATURE] FIPS: make libica FIPS 140-3 compliant
     [FEATURE] New API function ica_ecdsa_sign_ex()
     [FEATURE] New icainfo output option -r
   - [PATCH] Various bug fixes
- Removed the following obsolete files:
  baselibs.conf
  icaioctl.h
- Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629)
  v4.0.3
   - [PATCH] Reduce the number of open file descriptors
   - [PATCH] Various bug fixes
  v4.0.2
   - [PATCH] Various bug fixes
  v4.0.1
   - [PATCH] Various bug fixes
   - [PATCH] Compute HMAC from installed library
  v4.0.0
   - [UPDATE] NO_SW_FALLBACKS is now the default for libica.so
     [UPDATE] Removed deprecated API functions including tests
     [UPDATE] Introduced 'const' for some API function parameters
     [FEATURE] icastats: new parm -k to display detailed counters
- Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated
  version named libica-sles15sp5-FIPS-hmac-key.patch.
- Updated the libica-rpmlintrc file to suppress warnings about the 
  libica-cex hmac files being hidden.
- Updated the spec file to properly both obsolete and provide two
  older versions of the package.
- Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564)
  - [FEATURE] Add support for OpenSSL 3.0
  - [FEATURE] icainfo: new parm -c to display available EC curves
- Replaced the obsolete PreReq: %fillup_prereq
  with                  Requires(post): %fillup_prereq
  in the spec file.
- Update to version 3.8.0 (jsc#SLE-18334)
  - [FEATURE] provide libica-cex module to satisfy special security requirements
  - [FEATURE] FIPS: enforce the HMAC check
- Remove upstreamed patches:
   - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
   - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
   - libica-sles15sp2-Zeroize-local-variables.patch
- Remove patches obsoleted by upstrea developent:
   * FIPS: Find libica from phdrs.
     - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
   * FIPS: enforce the hmac check
     - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
- Fix up tests and hmac generation
   + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
- Remove obsolete attributes from filelists
- Upgraded to version 3.7.0 (jsc#SLE-13708)
  * Version 3.7.0
    - [FEATURE] FIPS: Add HMAC based library integrity check
    - [PATCH] icainfo: bugfix for RSA and EC related info for software column.
    - [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests
    - [PATCH] FIPS: Fix DES and TDES key length
    - [PATCH] icastats: Fix stats counter format
  * Version 3.6.1
    - [PATCH] Fix x25519 and x448 handling of non-canonical values
- Removed the following obsolete patches
  * libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
  * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
  * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
  * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
  * libica-sles15sp2-Build-with-pthread-flag.patch
  * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
  * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
  * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
- Fix lack of SHA3 KATs in "make check" processing (bsc#1175277)
  * Added libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
  * Added libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
- Fix FIPS hmac check (bsc#1175356).
  * Update FIPS support to upstream
    - Refresh libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
      from upstream.
    - Add libica-sles15sp2-Build-with-pthread-flag.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
    - Add libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
  * FIPS check should fail when hmac is missing
    - Add libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
    - Create an hmac for the selftest
    - Check that selftest fails without a hmac
    - Hash libica.so.3 rather than libica.so.3.6.0
  * Fix hmac key format. It should be hexadecimal, not ASCII
    - Refresh libica-sles15sp2-FIPS-hmac-key.patch
- Fix Some internal variables used to store sensitive information
  (keys) were not zeroized before returning to the calling application.
  (bsc#1175357)
  * Added libica-sles15sp2-Zeroize-local-variables.patch
- Updated libica-rpmlintrc to eliminate the warning about the HMAC file
  being a hidden file. It is supposed to be hidden.
- Added the following patches for FIPS certification (bsc#1162533)
  * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
  * libica-sles15sp2-FIPS-hmac-key.patch
- Added a BuildRequires for the fipscheck package.
- Made a couple of changes to the spec file based upon recommendations
  by spec-cleaner.
- Added the following patches for FIPS certification.
  * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
    (bsc#1166071) Although a DES key has only 56 effective bits,
     all 64 bits must be considered, because the parity bits are
     spread over all 8 bytes of the key.
  * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
    (bsc#1166210) FIPS tests require the output iv to be the iv
    resulting from decrypting the last block with a zero iv as input.
  * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
    (bsc#1166224) The output from icainfo never shows 'yes' for
    RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN,
    due to the missing ICA_FLAG_SW flag in the icaList.
- Added libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
  (bsc#1156768)
- Upgraded to version 3.6.0 (jsc#SLE-7584)
  * [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448
- Upgraded to version 3.5.0 (Fate#327840)
  - [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify
- Reworked how libica-tools loads and unloads kernel modules to
  avoid spurious error messages (bsc#1134004):
  * Converted the boot.z90crypt sysV init script to a systemd unit
  file.
  * Removed any references to insserv in the spec file.
  * Updated the z90crypt script itself to properly load and unload
  the kernel modules as they exist today.
  * Eliminated the obsolete libica-SuSE.tar.bz2 archive.
- Updated the README.SUSE file to reflect the change from sysV init
  style script to systemd.
- Made numerous changes to the spec file, based on the output from
  the spec-cleaner command.
- Run testsuite during build
- Upgraded to version 3.4.0 (Fate#325690)
  * v3.4.0
    [FEATURE] Add SHA-512/224 and SHA-512/256 support
- Dropped obsolete patch Add-non-executable-gnu-stack-markings-in-the-assembl.patch
- Made numerous updates to spec file based on spec-cleanup run.
- Upgraded to version 3.3.3 (Fate#325690)
  * v3.3.3
    [PATCH] Various bug fixes
  * v3.3.2
    [PATCH] Skip ECC tests if required HW is not available
    [PATCH] Update spec file
  * v3.3.1
    [PATCH] Fix configure.ac to honour CFLAGS
  * v3.3.0
    [FEATURE] Add CEX supported elliptic-curve crypto interfaces
    [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces
    [FEATURE] Add interface to enable/disable SW fallbacks
    [FEATURE] Add 'make check' target, test-suite rework
  * v3.2.1
    [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG.
    [PATCH] Various bug fixes.
- Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch
- Removed COPYING from %files, since it is no longer in the tarball.
- Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch
  (bsc#1103493).
- Made multiple changes to the spec file based on the output of
  spec-cleaner
- Added "Obsoletes: libica-2_3_0" to the libica-tools package to
  fix a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1112655)
- Added "Obsoletes: libica2" to the libica-tools package to fix
  a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638)
- Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756)
- Updated boot.z90crypt script to fix a problem with the modprobe
  command not being found. (bsc#1040229).
- Added "Recommends: libica-tools" (bsc#1046435).
- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)
- Added "--enable-fips" to the %configure parms (Fate#324115)
- Upgraded to version 3.2 (Fate#321517)
  * v3.2.0
    [FEATURE] New AES-GCM interface.
    [UPDATE] Add symbol versioning.
  * v3.1.1
    [PATCH] Various bug fixes related to old and new AES-GCM implementations.
    [UPDATE] Add SHA3 test cases. Improved and extended test suite.
  * v3.1.0
    [FEATURE] Add KMA support for AES-GCM.
    [FEATURE] Add SHA-3 support.
    [PATCH] Reject RSA keys with invalid key-length.
    [PATCH] Allow zero output length for ica_random_number_generate.
    [PATCH] icastats: Correct owner of shared segment when root creates it.
  * Removed the following obsolete patches:
    libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    libica-3.0.2-03-fix-aes-ctr.patch
    libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567)
  - Added the following patches (bsc#1058567)
    - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    - libica-3.0.2-03-fix-aes-ctr.patch
    - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- baselibs.conf doesn't need any additional provides/conflicts for
  libica3.
- Update baselibs.conf with proper name for library package name,
  stop providing/obsoleting libica-2_1_0/libica-2_3-0.
- Upgraded to version 3.0.2 (Fate#322025).
  - v3.0.2
    - Fix locking callbacks for openSSL APIs.
  - v3.0.1
    - Fixed msa level detection on zEC/BC12 GA1 and predecessors.
  - v3.0.0
    - Added FIPS mode.
    - Sanitized exported symbols.
    - Removed deprecated APIs. Marked some APIs as deprecated.
    - Adapted to OpenSSL v1.1.0.
    - RSA key generation is thread-safe now.
- Removed the following obsolete patches:
  - fix-initialization-of-s390-hardware-switches-1.patch
  - fix-initialization-of-s390-hardware-switches-2.patch
  - fix-msa-level-detection.patch
  - fix-segfault-during-multithread-keygen.patch
  - rng-performance.patch
- Made the following packaging changes:
  - Implemented the shared library packaging guidelines.
  - Consolidated double invocation of %setup into just one.
  - Dropped redundant %ifarch, the package is already ExclusiveArch.
  - Updated descriptions.
- Added an libica-rpmlintrc file.
- Added the following two patches:
  - fix-segfault-during-multithread-keygen.patch (bsc#991485)
  - fix-msa-level-detection.patch (bsc#1010927)
- Added rng-performance.patch (bsc#990850).
- Updated baselibs.conf to obsolete prior versions of the 32bit
  package. (bsc#983897):
   provides "libica-<targettype> = <version>"
   obsoletes "libica-<targettype> < <version>"
   provides "libica-2_1_0-<targettype> = <version>"
   obsoletes "libica-2_1_0-<targettype> < <version>"
   provides "libica-2_3_0-<targettype> = <version>"
   obsoletes "libica-2_3_0-<targettype> < <version>"
- Added fix-initialization-of-s390-hardware-switches-1.patch and
  fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548)
- Upgraded to version 2.6.2 (FATE#319610).
- Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to
  naming standards.
- Found the original location of the icaioctl.h file and downloaded
  it to replace what we had previously.
- Removed the unnecessary libica2.la file
- Removed unnecessary Requires for glibc-devel
- Added Requires libica2 to the -devel package
- Converted call to configure to %configure macro
- Removed obsolete and unnecessary INSROOT and bindir parameters
  from the make install command
- Add Provides/Obsoletes for libica-2_3_0 so that the package from
  SLE12 GA is replaced (bsc#953096).
- move the .so file to the mainpackage, the openssl-ibmca engine
  will only load "libica.so" (bsc#952871)
- Update to libica v2.4.2 (FATE#318035)
- Removed outdated libica-aes_ccm-31-bit-compatibility.patch
- Moved init script into libica-SuSE.tar.bz2 archive
- sanitize release line in specfile
- Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root
- Removed libica-SuSE.tar.bz2
- z90crypt now starts and stops ap kernel module (bnc#888943)
- libica-aes_ccm-31-bit-compatibility.patch: AES_CCM:
  fixed 64/31 bit compatibility
- add obsoletes and provides for older libica versions 
- update to 2.3.0 (fate#315342) 
- obsolete/upstreamed patches:
  libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch
  libica-2_1_0-msa4-extension.patch
  libica-2_1_0-synchronize_shared_memory_ref_counting.patch
- Added COPYING to %files
- Fixed build dependency errors by requiring autoconf, automake
  and libtool
- Changed license to CPL-1.0
- Created devel package
- Support for MSA4 extension (bnc#794518, fate#314078)
- synchronize shared memory reference counting for library
  statistics (bnc#719659)
- fix temporary buffer allocation in ica_get_version() (bnc#719660)
- update -> 2.1.0 (fate#311914)
- Moved icainfo into /usr/bin (bnc#448643)
- obsolete old -XXbit packages (bnc#437293)
- fix build on all platforms 
- Added CPL license to include/z90crypt.h, removed GPL reference
  (This patch is upstream)
- Changed package name to libica-1_3_9 to conform to rpmlint
  requirements. (bnc#433432)
- Removed soname filter for rpmlint
- Several RPM fixes to help satisfy rpmlint
- Updated to libica 1.3.9
- added baselibs.conf file to build xxbit packages
  for multilib support
- remove inclusion of linux/config.h
- z90crypt: handle errors (bug #247799)
- Add gcc-c++ to BuildRequires.
- fix build for the rest of platforms 
- Update to libica 1.3.7 (#160036 - LTC22571)
- Increasing # of open handles with symmetric crypto support
  (#165323 - LTC23095)
- converted neededforbuild to BuildRequires
- include string.h and unistd.h in icalinux.c 
- Port package from SLES9 SP3
- Update to libica 1.3.6-rc3.
- Close all filehandles (#130060 - LTC19221).
- downgrade to libica 1.3.6-rc2 (contains AES software fallback,
  bug #117336)
- Update to libica 1.3.6 (#117336)
- fix implicit declaration 
- Changing the default value from 0 to -1 in rcz90crypt (#114371) 
- Finally fix 'reload' messages (#81824 - LTC15733).
- Fix sigill patch.
- Remove printf output from sigill patch (#81829 - LTC15731).
- Use correct default value for z90crypt (#81825 - LTC15732).
- Fix messages for 'reload' (#81824 - LTC15733).
- Fixed SIGILL on z900 (#46422).
- Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005).
- Fix module loading error (#42006).
- Add sysconfig variable to set the 'domain' parameter (#42005).
- update -> 1.3.5-3 (bug #42122)
- Update README.SuSE and correct name as well
- Use modprobe instead of insmod and fix module load error(#40526)
- Fix error checking for no hardware found case and hw error on load
- Update Readme again for the correct name (SUSE LINUX Server).
- Moved README.SuSE to README.SUSE.
- Update Readme to refer to the correct name (SUSE Linux Server).
- Update to 1.3.5-2 (#38511, #39693).
- Update Readme to refer to SUSE Linux Server instead of
  SuSE Linux Enterprise Server.
- Update to 1.3.5
- export CFLAGS & CPPFLAGS for configure
- Exclude S/390-specific files for other archs (#37183) 
- add "-I./include" to CFLAGS and use RPM_OPT_FLAGS
- fix build
- build as user
- update to 1.3.4
- update to 1.3.2
- update to 1.3.1:
  now supports DES, TDES and SHA, as well as RSA.
- throw libica.patch away, since autoversion and Makefile.am have
  similar changes now, and the renaming from _LINUX_S390_ to
  __s390__ is not really necessary
- use %defattr
- checked that icaioctl.h is still current
- dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone
  open source meanwhile and comes with the kernel sources
- added documentation how to set up crypto hardware support,
  esp. S/390 and zSeries. (#16011, #22056)
- upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5
  actually work. (#20737)
- Correct PreReq
- fixed src/Makefile.am and ugly ./autoversion to honor %_lib and
  to build on non-s390
- updated to current libica
- hacked in icaioctl.h for build, 'til we have the module in the
  kernel.
- add %run_ldconfig
- fix for current automake/autoconf
- removed old fillup-template and START_ variable 
- modified etc/init.d/z90crypt-script to report result at start.
- Added openssl to #neededforbuild, which is needed in addition to
  openssl-devel
- initial version

OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=29
2024-12-04 08:59:06 +00:00
Nikolay Gueorguiev
a3db504f08 - Amended the .spec file (bsc#1234117, bsc#1231999)
* moved .so symlink to main libica4 / libica4-openssl1 packages
  * downgraded libica tools requires down to recommends again

OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=28
2024-12-04 07:33:17 +00:00
Ana Guerrero
d6632a5ee5 Accepting request 1223882 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1223882
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=37
2024-11-13 14:29:20 +00:00
Nikolay Gueorguiev
7428af8575 - Applied updated patches (bsc#1231302, bsc#1231303, bsc#1231304, bsc#1231305)
* libica-02-fips-update-Change-service-indicator-implementation.patch
  * libica-03-fips-update-Dynamically-update-service-indicator-based-on-IV-usage.patch
  * libica-04-fips-update-provide-test-for-dynamic-service-indicator.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=26
2024-11-13 09:12:54 +00:00
Ana Guerrero
8937625a46 Accepting request 1221422 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1221422
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=36
2024-11-05 14:42:24 +00:00
Nikolay Gueorguiev
4af0aa7796 - Applied patches (bsc#1231302, bsc#1231303, bsc#1231304, bsc#1231305)
* libica-01-fips-update-remove-sigVer-from-fips-ECDSA-kat.patch
  * libica-02-fips-update-Change-service-indicator-implementation.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=24
2024-11-05 12:33:33 +00:00
Ana Guerrero
c29bfa8528 Accepting request 1218932 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1218932
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=35
2024-10-29 13:36:27 +00:00
Nikolay Gueorguiev
68657232eb - Upgrade libica to version 4.3.1 (jsc#PED-9560, jsc#PED-10289, jsc#PED-3276)
*  Various bug fixes and housekeeping
- Removed obsolete patches
  * libica-4.3.0-01-disable-CEX-usage-in-OpenSSL-for-all-tests.patch
  * libica-4.3.0-02-correct-rc-handling-with-s390_pcc-function.patch
  * libica-4.3.0-03-Use-__asm__-instead-of-asm.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=22
2024-10-29 06:41:24 +00:00
Ana Guerrero
dcaf84635d Accepting request 1217282 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1217282
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=34
2024-10-23 19:12:00 +00:00
Nikolay Gueorguiev
96a0b76e05 - Amended the .spec file (bsc#1231999)
* Replaced Recommends libica-tools with Requires

OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=20
2024-10-23 09:35:56 +00:00
Ana Guerrero
7870ea3fd9 Accepting request 1185106 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1185106
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=33
2024-07-03 18:30:45 +00:00
Nikolay Gueorguiev
03f2923765 - Applied patches
* libica-4.3.0-01-disable-CEX-usage-in-OpenSSL-for-all-tests.patch
  * libica-4.3.0-02-correct-rc-handling-with-s390_pcc-function.patch
  * libica-4.3.0-03-Use-__asm__-instead-of-asm.patch
- Amended the .spec file to enable FIPS

OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=18
2024-07-03 11:14:15 +00:00
Ana Guerrero
00d51c1b2e Accepting request 1142194 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1142194
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=32
2024-01-29 21:29:25 +00:00
Nikolay Gueorguiev
9db005d6c6 Accepting request 1142192 from home:ngueorguiev:branches:security:tls
Upgrade libica to 2.3.0 (jsc#PED-5446)

OBS-URL: https://build.opensuse.org/request/show/1142192
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=16
2024-01-29 08:53:17 +00:00
Ana Guerrero
0c6f4d173f Accepting request 1117652 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1117652
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=31
2023-10-13 21:15:35 +00:00
Nikolay Gueorguiev
88edd08c5b Accepting request 1117650 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.3 (jsc#PED-5446) 
  * Add OPENSSL_init_crypto in libica constructor
  * Remove deprecated ioctl Z90STAT_STATUS_MASK
  * Bug fixes

OBS-URL: https://build.opensuse.org/request/show/1117650
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=14
2023-10-13 10:44:47 +00:00
Dominique Leuenberger
63b7a0c64c Accepting request 1088689 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1088689
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=30
2023-05-24 18:22:26 +00:00
Nikolay Gueorguiev
7d0eadbc1e Accepting request 1088688 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.2 (jsc#PED-3277, jsc#PED-3276)
  - [UPDATE] syslog msgs only in error cases
  - [UPDATE] don't count statistics in fips power-on self tests
  - [PATCH] various fixes and some new tests
- Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet
- Prefix /etc/libica with %dir to ensure we don't package
  unversioned files in libica4, as otherwise we violate SLPP.
- Add /etc/libica directory into %files section.
- Upgrade to version 4.2.1 (jsc#PED-2872)
  - [PATCH] fix regression opening shared memory
- Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365).
  - [FEATURE] Display build info via icainfo -v
  - [FEATURE] New API function ica_get_build_version()
  - [FEATURE] Display fips indication via icainfo -f
  - [FEATURE] New API function ica_get_fips_indicator()
  - [FEATURE] New API function ica_aes_gcm_initialize_fips()
  - [FEATURE] New API function ica_aes_gcm_kma_get_iv()
  - [FEATURE] New API function ica_get_msa_level()
  - [PATCH] icainfo: check for malloc error when getting functionlist
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
  v4.1.1
   - [PATCH] Fix aes-xts multi-part operations
     [PATCH] Fix make dist
  v4.1.0
   - [FEATURE] FIPS: make libica FIPS 140-3 compliant
     [FEATURE] New API function ica_ecdsa_sign_ex()
     [FEATURE] New icainfo output option -r
   - [PATCH] Various bug fixes
- Removed the following obsolete files:
  baselibs.conf
  icaioctl.h
- Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629)
  v4.0.3
   - [PATCH] Reduce the number of open file descriptors
   - [PATCH] Various bug fixes
  v4.0.2
   - [PATCH] Various bug fixes
  v4.0.1
   - [PATCH] Various bug fixes
   - [PATCH] Compute HMAC from installed library
  v4.0.0
   - [UPDATE] NO_SW_FALLBACKS is now the default for libica.so
     [UPDATE] Removed deprecated API functions including tests
     [UPDATE] Introduced 'const' for some API function parameters
     [FEATURE] icastats: new parm -k to display detailed counters
- Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated
  version named libica-sles15sp5-FIPS-hmac-key.patch.
- Updated the libica-rpmlintrc file to suppress warnings about the 
  libica-cex hmac files being hidden.
- Updated the spec file to properly both obsolete and provide two
  older versions of the package.
- Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564)
  - [FEATURE] Add support for OpenSSL 3.0
  - [FEATURE] icainfo: new parm -c to display available EC curves
- Replaced the obsolete PreReq: %fillup_prereq
  with                  Requires(post): %fillup_prereq
  in the spec file.
- Update to version 3.8.0 (jsc#SLE-18334)
  - [FEATURE] provide libica-cex module to satisfy special security requirements
  - [FEATURE] FIPS: enforce the HMAC check
- Remove upstreamed patches:
   - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
   - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
   - libica-sles15sp2-Zeroize-local-variables.patch
- Remove patches obsoleted by upstrea developent:
   * FIPS: Find libica from phdrs.
     - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
   * FIPS: enforce the hmac check
     - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
- Fix up tests and hmac generation
   + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
- Remove obsolete attributes from filelists
- Upgraded to version 3.7.0 (jsc#SLE-13708)
  * Version 3.7.0
    - [FEATURE] FIPS: Add HMAC based library integrity check
    - [PATCH] icainfo: bugfix for RSA and EC related info for software column.
    - [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests
    - [PATCH] FIPS: Fix DES and TDES key length
    - [PATCH] icastats: Fix stats counter format
  * Version 3.6.1
    - [PATCH] Fix x25519 and x448 handling of non-canonical values
- Removed the following obsolete patches
  * libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
  * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
  * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
  * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
  * libica-sles15sp2-Build-with-pthread-flag.patch
  * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
  * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
  * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
- Fix lack of SHA3 KATs in "make check" processing (bsc#1175277)
  * Added libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
  * Added libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
- Fix FIPS hmac check (bsc#1175356).
  * Update FIPS support to upstream
    - Refresh libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
      from upstream.
    - Add libica-sles15sp2-Build-with-pthread-flag.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
    - Add libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
  * FIPS check should fail when hmac is missing
    - Add libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
    - Create an hmac for the selftest
    - Check that selftest fails without a hmac
    - Hash libica.so.3 rather than libica.so.3.6.0
  * Fix hmac key format. It should be hexadecimal, not ASCII
    - Refresh libica-sles15sp2-FIPS-hmac-key.patch
- Fix Some internal variables used to store sensitive information
  (keys) were not zeroized before returning to the calling application.
  (bsc#1175357)
  * Added libica-sles15sp2-Zeroize-local-variables.patch
- Updated libica-rpmlintrc to eliminate the warning about the HMAC file
  being a hidden file. It is supposed to be hidden.
- Added the following patches for FIPS certification (bsc#1162533)
  * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
  * libica-sles15sp2-FIPS-hmac-key.patch
- Added a BuildRequires for the fipscheck package.
- Made a couple of changes to the spec file based upon recommendations
  by spec-cleaner.
- Added the following patches for FIPS certification.
  * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
    (bsc#1166071) Although a DES key has only 56 effective bits,
     all 64 bits must be considered, because the parity bits are
     spread over all 8 bytes of the key.
  * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
    (bsc#1166210) FIPS tests require the output iv to be the iv
    resulting from decrypting the last block with a zero iv as input.
  * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
    (bsc#1166224) The output from icainfo never shows 'yes' for
    RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN,
    due to the missing ICA_FLAG_SW flag in the icaList.
- Added libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
  (bsc#1156768)
- Upgraded to version 3.6.0 (jsc#SLE-7584)
  * [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448
- Upgraded to version 3.5.0 (Fate#327840)
  - [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify
- Reworked how libica-tools loads and unloads kernel modules to
  avoid spurious error messages (bsc#1134004):
  * Converted the boot.z90crypt sysV init script to a systemd unit
  file.
  * Removed any references to insserv in the spec file.
  * Updated the z90crypt script itself to properly load and unload
  the kernel modules as they exist today.
  * Eliminated the obsolete libica-SuSE.tar.bz2 archive.
- Updated the README.SUSE file to reflect the change from sysV init
  style script to systemd.
- Made numerous changes to the spec file, based on the output from
  the spec-cleaner command.
- Run testsuite during build
- Upgraded to version 3.4.0 (Fate#325690)
  * v3.4.0
    [FEATURE] Add SHA-512/224 and SHA-512/256 support
- Dropped obsolete patch Add-non-executable-gnu-stack-markings-in-the-assembl.patch
- Made numerous updates to spec file based on spec-cleanup run.
- Upgraded to version 3.3.3 (Fate#325690)
  * v3.3.3
    [PATCH] Various bug fixes
  * v3.3.2
    [PATCH] Skip ECC tests if required HW is not available
    [PATCH] Update spec file
  * v3.3.1
    [PATCH] Fix configure.ac to honour CFLAGS
  * v3.3.0
    [FEATURE] Add CEX supported elliptic-curve crypto interfaces
    [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces
    [FEATURE] Add interface to enable/disable SW fallbacks
    [FEATURE] Add 'make check' target, test-suite rework
  * v3.2.1
    [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG.
    [PATCH] Various bug fixes.
- Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch
- Removed COPYING from %files, since it is no longer in the tarball.
- Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch
  (bsc#1103493).
- Made multiple changes to the spec file based on the output of
  spec-cleaner
- Added "Obsoletes: libica-2_3_0" to the libica-tools package to
  fix a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1112655)
- Added "Obsoletes: libica2" to the libica-tools package to fix
  a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638)
- Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756)
- Updated boot.z90crypt script to fix a problem with the modprobe
  command not being found. (bsc#1040229).
- Added "Recommends: libica-tools" (bsc#1046435).
- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)
- Added "--enable-fips" to the %configure parms (Fate#324115)
- Upgraded to version 3.2 (Fate#321517)
  * v3.2.0
    [FEATURE] New AES-GCM interface.
    [UPDATE] Add symbol versioning.
  * v3.1.1
    [PATCH] Various bug fixes related to old and new AES-GCM implementations.
    [UPDATE] Add SHA3 test cases. Improved and extended test suite.
  * v3.1.0
    [FEATURE] Add KMA support for AES-GCM.
    [FEATURE] Add SHA-3 support.
    [PATCH] Reject RSA keys with invalid key-length.
    [PATCH] Allow zero output length for ica_random_number_generate.
    [PATCH] icastats: Correct owner of shared segment when root creates it.
  * Removed the following obsolete patches:
    libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    libica-3.0.2-03-fix-aes-ctr.patch
    libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567)
  - Added the following patches (bsc#1058567)
    - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    - libica-3.0.2-03-fix-aes-ctr.patch
    - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- baselibs.conf doesn't need any additional provides/conflicts for
  libica3.
- Update baselibs.conf with proper name for library package name,
  stop providing/obsoleting libica-2_1_0/libica-2_3-0.
- Upgraded to version 3.0.2 (Fate#322025).
  - v3.0.2
    - Fix locking callbacks for openSSL APIs.
  - v3.0.1
    - Fixed msa level detection on zEC/BC12 GA1 and predecessors.
  - v3.0.0
    - Added FIPS mode.
    - Sanitized exported symbols.
    - Removed deprecated APIs. Marked some APIs as deprecated.
    - Adapted to OpenSSL v1.1.0.
    - RSA key generation is thread-safe now.
- Removed the following obsolete patches:
  - fix-initialization-of-s390-hardware-switches-1.patch
  - fix-initialization-of-s390-hardware-switches-2.patch
  - fix-msa-level-detection.patch
  - fix-segfault-during-multithread-keygen.patch
  - rng-performance.patch
- Made the following packaging changes:
  - Implemented the shared library packaging guidelines.
  - Consolidated double invocation of %setup into just one.
  - Dropped redundant %ifarch, the package is already ExclusiveArch.
  - Updated descriptions.
- Added an libica-rpmlintrc file.
- Added the following two patches:
  - fix-segfault-during-multithread-keygen.patch (bsc#991485)
  - fix-msa-level-detection.patch (bsc#1010927)
- Added rng-performance.patch (bsc#990850).
- Updated baselibs.conf to obsolete prior versions of the 32bit
  package. (bsc#983897):
   provides "libica-<targettype> = <version>"
   obsoletes "libica-<targettype> < <version>"
   provides "libica-2_1_0-<targettype> = <version>"
   obsoletes "libica-2_1_0-<targettype> < <version>"
   provides "libica-2_3_0-<targettype> = <version>"
   obsoletes "libica-2_3_0-<targettype> < <version>"
- Added fix-initialization-of-s390-hardware-switches-1.patch and
  fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548)
- Upgraded to version 2.6.2 (FATE#319610).
- Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to
  naming standards.
- Found the original location of the icaioctl.h file and downloaded
  it to replace what we had previously.
- Removed the unnecessary libica2.la file
- Removed unnecessary Requires for glibc-devel
- Added Requires libica2 to the -devel package
- Converted call to configure to %configure macro
- Removed obsolete and unnecessary INSROOT and bindir parameters
  from the make install command
- Add Provides/Obsoletes for libica-2_3_0 so that the package from
  SLE12 GA is replaced (bsc#953096).
- move the .so file to the mainpackage, the openssl-ibmca engine
  will only load "libica.so" (bsc#952871)
- Update to libica v2.4.2 (FATE#318035)
- Removed outdated libica-aes_ccm-31-bit-compatibility.patch
- Moved init script into libica-SuSE.tar.bz2 archive
- sanitize release line in specfile
- Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root
- Removed libica-SuSE.tar.bz2
- z90crypt now starts and stops ap kernel module (bnc#888943)
- libica-aes_ccm-31-bit-compatibility.patch: AES_CCM:
  fixed 64/31 bit compatibility
- add obsoletes and provides for older libica versions 
- update to 2.3.0 (fate#315342) 
- obsolete/upstreamed patches:
  libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch
  libica-2_1_0-msa4-extension.patch
  libica-2_1_0-synchronize_shared_memory_ref_counting.patch
- Added COPYING to %files
- Fixed build dependency errors by requiring autoconf, automake
  and libtool
- Changed license to CPL-1.0
- Created devel package
- Support for MSA4 extension (bnc#794518, fate#314078)
- synchronize shared memory reference counting for library
  statistics (bnc#719659)
- fix temporary buffer allocation in ica_get_version() (bnc#719660)
- update -> 2.1.0 (fate#311914)
- Moved icainfo into /usr/bin (bnc#448643)
- obsolete old -XXbit packages (bnc#437293)
- fix build on all platforms 
- Added CPL license to include/z90crypt.h, removed GPL reference
  (This patch is upstream)
- Changed package name to libica-1_3_9 to conform to rpmlint
  requirements. (bnc#433432)
- Removed soname filter for rpmlint
- Several RPM fixes to help satisfy rpmlint
- Updated to libica 1.3.9
- added baselibs.conf file to build xxbit packages
  for multilib support
- remove inclusion of linux/config.h
- z90crypt: handle errors (bug #247799)
- Add gcc-c++ to BuildRequires.
- fix build for the rest of platforms 
- Update to libica 1.3.7 (#160036 - LTC22571)
- Increasing # of open handles with symmetric crypto support
  (#165323 - LTC23095)
- converted neededforbuild to BuildRequires
- include string.h and unistd.h in icalinux.c 
- Port package from SLES9 SP3
- Update to libica 1.3.6-rc3.
- Close all filehandles (#130060 - LTC19221).
- downgrade to libica 1.3.6-rc2 (contains AES software fallback,
  bug #117336)
- Update to libica 1.3.6 (#117336)
- fix implicit declaration 
- Changing the default value from 0 to -1 in rcz90crypt (#114371) 
- Finally fix 'reload' messages (#81824 - LTC15733).
- Fix sigill patch.
- Remove printf output from sigill patch (#81829 - LTC15731).
- Use correct default value for z90crypt (#81825 - LTC15732).
- Fix messages for 'reload' (#81824 - LTC15733).
- Fixed SIGILL on z900 (#46422).
- Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005).
- Fix module loading error (#42006).
- Add sysconfig variable to set the 'domain' parameter (#42005).
- update -> 1.3.5-3 (bug #42122)
- Update README.SuSE and correct name as well
- Use modprobe instead of insmod and fix module load error(#40526)
- Fix error checking for no hardware found case and hw error on load
- Update Readme again for the correct name (SUSE LINUX Server).
- Moved README.SuSE to README.SUSE.
- Update Readme to refer to the correct name (SUSE Linux Server).
- Update to 1.3.5-2 (#38511, #39693).
- Update Readme to refer to SUSE Linux Server instead of
  SuSE Linux Enterprise Server.
- Update to 1.3.5
- export CFLAGS & CPPFLAGS for configure
- Exclude S/390-specific files for other archs (#37183) 
- add "-I./include" to CFLAGS and use RPM_OPT_FLAGS
- fix build
- build as user
- update to 1.3.4
- update to 1.3.2
- update to 1.3.1:
  now supports DES, TDES and SHA, as well as RSA.
- throw libica.patch away, since autoversion and Makefile.am have
  similar changes now, and the renaming from _LINUX_S390_ to
  __s390__ is not really necessary
- use %defattr
- checked that icaioctl.h is still current
- dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone
  open source meanwhile and comes with the kernel sources
- added documentation how to set up crypto hardware support,
  esp. S/390 and zSeries. (#16011, #22056)
- upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5
  actually work. (#20737)
- Correct PreReq
- fixed src/Makefile.am and ugly ./autoversion to honor %_lib and
  to build on non-s390
- updated to current libica
- hacked in icaioctl.h for build, 'til we have the module in the
  kernel.
- add %run_ldconfig
- fix for current automake/autoconf
- removed old fillup-template and START_ variable 
- modified etc/init.d/z90crypt-script to report result at start.
- Added openssl to #neededforbuild, which is needed in addition to
  openssl-devel
- initial version

OBS-URL: https://build.opensuse.org/request/show/1088688
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=12
2023-05-23 14:33:28 +00:00
Nikolay Gueorguiev
6ed506a7ab Accepting request 1088677 from home:ngueorguiev:branches:security:tls
jsc#PED-3277
  * [UPDATE] syslog msgs only in error cases
  * [UPDATE] don't count statistics in fips power-on self tests
  * [PATCH] various fixes and some new tests

OBS-URL: https://build.opensuse.org/request/show/1088677
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=11
2023-05-23 14:09:57 +00:00
Nikolay Gueorguiev
d894bcceca Accepting request 1088541 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.2 (jsc#PED-3277, jsc#PED-3276)
  - [UPDATE] syslog msgs only in error cases
  - [UPDATE] don't count statistics in fips power-on self tests
  - [PATCH] various fixes and some new tests
- Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet
- Prefix /etc/libica with %dir to ensure we don't package
  unversioned files in libica4, as otherwise we violate SLPP.
- Add /etc/libica directory into %files section.
- Upgrade to version 4.2.1 (jsc#PED-2872)
  - [PATCH] fix regression opening shared memory
- Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365).
  - [FEATURE] Display build info via icainfo -v
  - [FEATURE] New API function ica_get_build_version()
  - [FEATURE] Display fips indication via icainfo -f
  - [FEATURE] New API function ica_get_fips_indicator()
  - [FEATURE] New API function ica_aes_gcm_initialize_fips()
  - [FEATURE] New API function ica_aes_gcm_kma_get_iv()
  - [FEATURE] New API function ica_get_msa_level()
  - [PATCH] icainfo: check for malloc error when getting functionlist
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
  v4.1.1
   - [PATCH] Fix aes-xts multi-part operations
     [PATCH] Fix make dist
  v4.1.0
   - [FEATURE] FIPS: make libica FIPS 140-3 compliant
     [FEATURE] New API function ica_ecdsa_sign_ex()
     [FEATURE] New icainfo output option -r
   - [PATCH] Various bug fixes
- Removed the following obsolete files:
  baselibs.conf
  icaioctl.h
- Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629)
  v4.0.3
   - [PATCH] Reduce the number of open file descriptors
   - [PATCH] Various bug fixes
  v4.0.2
   - [PATCH] Various bug fixes
  v4.0.1
   - [PATCH] Various bug fixes
   - [PATCH] Compute HMAC from installed library
  v4.0.0
   - [UPDATE] NO_SW_FALLBACKS is now the default for libica.so
     [UPDATE] Removed deprecated API functions including tests
     [UPDATE] Introduced 'const' for some API function parameters
     [FEATURE] icastats: new parm -k to display detailed counters
- Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated
  version named libica-sles15sp5-FIPS-hmac-key.patch.
- Updated the libica-rpmlintrc file to suppress warnings about the 
  libica-cex hmac files being hidden.
- Updated the spec file to properly both obsolete and provide two
  older versions of the package.
- Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564)
  - [FEATURE] Add support for OpenSSL 3.0
  - [FEATURE] icainfo: new parm -c to display available EC curves
- Replaced the obsolete PreReq: %fillup_prereq
  with                  Requires(post): %fillup_prereq
  in the spec file.
- Update to version 3.8.0 (jsc#SLE-18334)
  - [FEATURE] provide libica-cex module to satisfy special security requirements
  - [FEATURE] FIPS: enforce the HMAC check
- Remove upstreamed patches:
   - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
   - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
   - libica-sles15sp2-Zeroize-local-variables.patch
- Remove patches obsoleted by upstrea developent:
   * FIPS: Find libica from phdrs.
     - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
   * FIPS: enforce the hmac check
     - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
- Fix up tests and hmac generation
   + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
- Remove obsolete attributes from filelists
- Upgraded to version 3.7.0 (jsc#SLE-13708)
  * Version 3.7.0
    - [FEATURE] FIPS: Add HMAC based library integrity check
    - [PATCH] icainfo: bugfix for RSA and EC related info for software column.
    - [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests
    - [PATCH] FIPS: Fix DES and TDES key length
    - [PATCH] icastats: Fix stats counter format
  * Version 3.6.1
    - [PATCH] Fix x25519 and x448 handling of non-canonical values
- Removed the following obsolete patches
  * libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
  * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
  * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
  * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
  * libica-sles15sp2-Build-with-pthread-flag.patch
  * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
  * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
  * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
- Fix lack of SHA3 KATs in "make check" processing (bsc#1175277)
  * Added libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
  * Added libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
- Fix FIPS hmac check (bsc#1175356).
  * Update FIPS support to upstream
    - Refresh libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
      from upstream.
    - Add libica-sles15sp2-Build-with-pthread-flag.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
    - Add libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
  * FIPS check should fail when hmac is missing
    - Add libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
    - Create an hmac for the selftest
    - Check that selftest fails without a hmac
    - Hash libica.so.3 rather than libica.so.3.6.0
  * Fix hmac key format. It should be hexadecimal, not ASCII
    - Refresh libica-sles15sp2-FIPS-hmac-key.patch
- Fix Some internal variables used to store sensitive information
  (keys) were not zeroized before returning to the calling application.
  (bsc#1175357)
  * Added libica-sles15sp2-Zeroize-local-variables.patch
- Updated libica-rpmlintrc to eliminate the warning about the HMAC file
  being a hidden file. It is supposed to be hidden.
- Added the following patches for FIPS certification (bsc#1162533)
  * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
  * libica-sles15sp2-FIPS-hmac-key.patch
- Added a BuildRequires for the fipscheck package.
- Made a couple of changes to the spec file based upon recommendations
  by spec-cleaner.
- Added the following patches for FIPS certification.
  * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
    (bsc#1166071) Although a DES key has only 56 effective bits,
     all 64 bits must be considered, because the parity bits are
     spread over all 8 bytes of the key.
  * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
    (bsc#1166210) FIPS tests require the output iv to be the iv
    resulting from decrypting the last block with a zero iv as input.
  * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
    (bsc#1166224) The output from icainfo never shows 'yes' for
    RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN,
    due to the missing ICA_FLAG_SW flag in the icaList.
- Added libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
  (bsc#1156768)
- Upgraded to version 3.6.0 (jsc#SLE-7584)
  * [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448
- Upgraded to version 3.5.0 (Fate#327840)
  - [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify
- Reworked how libica-tools loads and unloads kernel modules to
  avoid spurious error messages (bsc#1134004):
  * Converted the boot.z90crypt sysV init script to a systemd unit
  file.
  * Removed any references to insserv in the spec file.
  * Updated the z90crypt script itself to properly load and unload
  the kernel modules as they exist today.
  * Eliminated the obsolete libica-SuSE.tar.bz2 archive.
- Updated the README.SUSE file to reflect the change from sysV init
  style script to systemd.
- Made numerous changes to the spec file, based on the output from
  the spec-cleaner command.
- Run testsuite during build
- Upgraded to version 3.4.0 (Fate#325690)
  * v3.4.0
    [FEATURE] Add SHA-512/224 and SHA-512/256 support
- Dropped obsolete patch Add-non-executable-gnu-stack-markings-in-the-assembl.patch
- Made numerous updates to spec file based on spec-cleanup run.
- Upgraded to version 3.3.3 (Fate#325690)
  * v3.3.3
    [PATCH] Various bug fixes
  * v3.3.2
    [PATCH] Skip ECC tests if required HW is not available
    [PATCH] Update spec file
  * v3.3.1
    [PATCH] Fix configure.ac to honour CFLAGS
  * v3.3.0
    [FEATURE] Add CEX supported elliptic-curve crypto interfaces
    [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces
    [FEATURE] Add interface to enable/disable SW fallbacks
    [FEATURE] Add 'make check' target, test-suite rework
  * v3.2.1
    [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG.
    [PATCH] Various bug fixes.
- Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch
- Removed COPYING from %files, since it is no longer in the tarball.
- Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch
  (bsc#1103493).
- Made multiple changes to the spec file based on the output of
  spec-cleaner
- Added "Obsoletes: libica-2_3_0" to the libica-tools package to
  fix a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1112655)
- Added "Obsoletes: libica2" to the libica-tools package to fix
  a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638)
- Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756)
- Updated boot.z90crypt script to fix a problem with the modprobe
  command not being found. (bsc#1040229).
- Added "Recommends: libica-tools" (bsc#1046435).
- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)
- Added "--enable-fips" to the %configure parms (Fate#324115)
- Upgraded to version 3.2 (Fate#321517)
  * v3.2.0
    [FEATURE] New AES-GCM interface.
    [UPDATE] Add symbol versioning.
  * v3.1.1
    [PATCH] Various bug fixes related to old and new AES-GCM implementations.
    [UPDATE] Add SHA3 test cases. Improved and extended test suite.
  * v3.1.0
    [FEATURE] Add KMA support for AES-GCM.
    [FEATURE] Add SHA-3 support.
    [PATCH] Reject RSA keys with invalid key-length.
    [PATCH] Allow zero output length for ica_random_number_generate.
    [PATCH] icastats: Correct owner of shared segment when root creates it.
  * Removed the following obsolete patches:
    libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    libica-3.0.2-03-fix-aes-ctr.patch
    libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567)
  - Added the following patches (bsc#1058567)
    - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    - libica-3.0.2-03-fix-aes-ctr.patch
    - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- baselibs.conf doesn't need any additional provides/conflicts for
  libica3.
- Update baselibs.conf with proper name for library package name,
  stop providing/obsoleting libica-2_1_0/libica-2_3-0.
- Upgraded to version 3.0.2 (Fate#322025).
  - v3.0.2
    - Fix locking callbacks for openSSL APIs.
  - v3.0.1
    - Fixed msa level detection on zEC/BC12 GA1 and predecessors.
  - v3.0.0
    - Added FIPS mode.
    - Sanitized exported symbols.
    - Removed deprecated APIs. Marked some APIs as deprecated.
    - Adapted to OpenSSL v1.1.0.
    - RSA key generation is thread-safe now.
- Removed the following obsolete patches:
  - fix-initialization-of-s390-hardware-switches-1.patch
  - fix-initialization-of-s390-hardware-switches-2.patch
  - fix-msa-level-detection.patch
  - fix-segfault-during-multithread-keygen.patch
  - rng-performance.patch
- Made the following packaging changes:
  - Implemented the shared library packaging guidelines.
  - Consolidated double invocation of %setup into just one.
  - Dropped redundant %ifarch, the package is already ExclusiveArch.
  - Updated descriptions.
- Added an libica-rpmlintrc file.
- Added the following two patches:
  - fix-segfault-during-multithread-keygen.patch (bsc#991485)
  - fix-msa-level-detection.patch (bsc#1010927)
- Added rng-performance.patch (bsc#990850).
- Updated baselibs.conf to obsolete prior versions of the 32bit
  package. (bsc#983897):
   provides "libica-<targettype> = <version>"
   obsoletes "libica-<targettype> < <version>"
   provides "libica-2_1_0-<targettype> = <version>"
   obsoletes "libica-2_1_0-<targettype> < <version>"
   provides "libica-2_3_0-<targettype> = <version>"
   obsoletes "libica-2_3_0-<targettype> < <version>"
- Added fix-initialization-of-s390-hardware-switches-1.patch and
  fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548)
- Upgraded to version 2.6.2 (FATE#319610).
- Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to
  naming standards.
- Found the original location of the icaioctl.h file and downloaded
  it to replace what we had previously.
- Removed the unnecessary libica2.la file
- Removed unnecessary Requires for glibc-devel
- Added Requires libica2 to the -devel package
- Converted call to configure to %configure macro
- Removed obsolete and unnecessary INSROOT and bindir parameters
  from the make install command
- Add Provides/Obsoletes for libica-2_3_0 so that the package from
  SLE12 GA is replaced (bsc#953096).
- move the .so file to the mainpackage, the openssl-ibmca engine
  will only load "libica.so" (bsc#952871)
- Update to libica v2.4.2 (FATE#318035)
- Removed outdated libica-aes_ccm-31-bit-compatibility.patch
- Moved init script into libica-SuSE.tar.bz2 archive
- sanitize release line in specfile
- Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root
- Removed libica-SuSE.tar.bz2
- z90crypt now starts and stops ap kernel module (bnc#888943)
- libica-aes_ccm-31-bit-compatibility.patch: AES_CCM:
  fixed 64/31 bit compatibility
- add obsoletes and provides for older libica versions 
- update to 2.3.0 (fate#315342) 
- obsolete/upstreamed patches:
  libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch
  libica-2_1_0-msa4-extension.patch
  libica-2_1_0-synchronize_shared_memory_ref_counting.patch
- Added COPYING to %files
- Fixed build dependency errors by requiring autoconf, automake
  and libtool
- Changed license to CPL-1.0
- Created devel package
- Support for MSA4 extension (bnc#794518, fate#314078)
- synchronize shared memory reference counting for library
  statistics (bnc#719659)
- fix temporary buffer allocation in ica_get_version() (bnc#719660)
- update -> 2.1.0 (fate#311914)
- Moved icainfo into /usr/bin (bnc#448643)
- obsolete old -XXbit packages (bnc#437293)
- fix build on all platforms 
- Added CPL license to include/z90crypt.h, removed GPL reference
  (This patch is upstream)
- Changed package name to libica-1_3_9 to conform to rpmlint
  requirements. (bnc#433432)
- Removed soname filter for rpmlint
- Several RPM fixes to help satisfy rpmlint
- Updated to libica 1.3.9
- added baselibs.conf file to build xxbit packages
  for multilib support
- remove inclusion of linux/config.h
- z90crypt: handle errors (bug #247799)
- Add gcc-c++ to BuildRequires.
- fix build for the rest of platforms 
- Update to libica 1.3.7 (#160036 - LTC22571)
- Increasing # of open handles with symmetric crypto support
  (#165323 - LTC23095)
- converted neededforbuild to BuildRequires
- include string.h and unistd.h in icalinux.c 
- Port package from SLES9 SP3
- Update to libica 1.3.6-rc3.
- Close all filehandles (#130060 - LTC19221).
- downgrade to libica 1.3.6-rc2 (contains AES software fallback,
  bug #117336)
- Update to libica 1.3.6 (#117336)
- fix implicit declaration 
- Changing the default value from 0 to -1 in rcz90crypt (#114371) 
- Finally fix 'reload' messages (#81824 - LTC15733).
- Fix sigill patch.
- Remove printf output from sigill patch (#81829 - LTC15731).
- Use correct default value for z90crypt (#81825 - LTC15732).
- Fix messages for 'reload' (#81824 - LTC15733).
- Fixed SIGILL on z900 (#46422).
- Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005).
- Fix module loading error (#42006).
- Add sysconfig variable to set the 'domain' parameter (#42005).
- update -> 1.3.5-3 (bug #42122)
- Update README.SuSE and correct name as well
- Use modprobe instead of insmod and fix module load error(#40526)
- Fix error checking for no hardware found case and hw error on load
- Update Readme again for the correct name (SUSE LINUX Server).
- Moved README.SuSE to README.SUSE.
- Update Readme to refer to the correct name (SUSE Linux Server).
- Update to 1.3.5-2 (#38511, #39693).
- Update Readme to refer to SUSE Linux Server instead of
  SuSE Linux Enterprise Server.
- Update to 1.3.5
- export CFLAGS & CPPFLAGS for configure
- Exclude S/390-specific files for other archs (#37183) 
- add "-I./include" to CFLAGS and use RPM_OPT_FLAGS
- fix build
- build as user
- update to 1.3.4
- update to 1.3.2
- update to 1.3.1:
  now supports DES, TDES and SHA, as well as RSA.
- throw libica.patch away, since autoversion and Makefile.am have
  similar changes now, and the renaming from _LINUX_S390_ to
  __s390__ is not really necessary
- use %defattr
- checked that icaioctl.h is still current
- dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone
  open source meanwhile and comes with the kernel sources
- added documentation how to set up crypto hardware support,
  esp. S/390 and zSeries. (#16011, #22056)
- upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5
  actually work. (#20737)
- Correct PreReq
- fixed src/Makefile.am and ugly ./autoversion to honor %_lib and
  to build on non-s390
- updated to current libica
- hacked in icaioctl.h for build, 'til we have the module in the
  kernel.
- add %run_ldconfig
- fix for current automake/autoconf
- removed old fillup-template and START_ variable 
- modified etc/init.d/z90crypt-script to report result at start.
- Added openssl to #neededforbuild, which is needed in addition to
  openssl-devel
- initial version

OBS-URL: https://build.opensuse.org/request/show/1088541
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=10
2023-05-23 07:32:55 +00:00
Nikolay Gueorguiev
48135b8bf2 Accepting request 1088514 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.2 (jsc#PED-3277, jsc#PED-3276)
  - [UPDATE] syslog msgs only in error cases
  - [UPDATE] don't count statistics in fips power-on self tests
  - [PATCH] various fixes and some new tests
- Removed patches
  * libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
  * libica-sles15sp5-FIPS-hmac-key.patch
- Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet
- Prefix /etc/libica with %dir to ensure we don't package
  unversioned files in libica4, as otherwise we violate SLPP.
- Add /etc/libica directory into %files section.
- Upgrade to version 4.2.1 (jsc#PED-2872)
  - [PATCH] fix regression opening shared memory
- Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365).
  - [FEATURE] Display build info via icainfo -v
  - [FEATURE] New API function ica_get_build_version()
  - [FEATURE] Display fips indication via icainfo -f
  - [FEATURE] New API function ica_get_fips_indicator()
  - [FEATURE] New API function ica_aes_gcm_initialize_fips()
  - [FEATURE] New API function ica_aes_gcm_kma_get_iv()
  - [FEATURE] New API function ica_get_msa_level()
  - [PATCH] icainfo: check for malloc error when getting functionlist
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
  v4.1.1
   - [PATCH] Fix aes-xts multi-part operations
     [PATCH] Fix make dist
  v4.1.0
   - [FEATURE] FIPS: make libica FIPS 140-3 compliant
     [FEATURE] New API function ica_ecdsa_sign_ex()
     [FEATURE] New icainfo output option -r
   - [PATCH] Various bug fixes
- Removed the following obsolete files:
  baselibs.conf
  icaioctl.h
- Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629)
  v4.0.3
   - [PATCH] Reduce the number of open file descriptors
   - [PATCH] Various bug fixes
  v4.0.2
   - [PATCH] Various bug fixes
  v4.0.1
   - [PATCH] Various bug fixes
   - [PATCH] Compute HMAC from installed library
  v4.0.0
   - [UPDATE] NO_SW_FALLBACKS is now the default for libica.so
     [UPDATE] Removed deprecated API functions including tests
     [UPDATE] Introduced 'const' for some API function parameters
     [FEATURE] icastats: new parm -k to display detailed counters
- Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated
  version named libica-sles15sp5-FIPS-hmac-key.patch.
- Updated the libica-rpmlintrc file to suppress warnings about the 
  libica-cex hmac files being hidden.
- Updated the spec file to properly both obsolete and provide two
  older versions of the package.
- Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564)
  - [FEATURE] Add support for OpenSSL 3.0
  - [FEATURE] icainfo: new parm -c to display available EC curves
- Replaced the obsolete PreReq: %fillup_prereq
  with                  Requires(post): %fillup_prereq
  in the spec file.
- Update to version 3.8.0 (jsc#SLE-18334)
  - [FEATURE] provide libica-cex module to satisfy special security requirements
  - [FEATURE] FIPS: enforce the HMAC check
- Remove upstreamed patches:
   - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
   - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
   - libica-sles15sp2-Zeroize-local-variables.patch
- Remove patches obsoleted by upstrea developent:
   * FIPS: Find libica from phdrs.
     - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
   * FIPS: enforce the hmac check
     - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
- Fix up tests and hmac generation
   + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
- Remove obsolete attributes from filelists
- Upgraded to version 3.7.0 (jsc#SLE-13708)
  * Version 3.7.0
    - [FEATURE] FIPS: Add HMAC based library integrity check
    - [PATCH] icainfo: bugfix for RSA and EC related info for software column.
    - [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests
    - [PATCH] FIPS: Fix DES and TDES key length
    - [PATCH] icastats: Fix stats counter format
  * Version 3.6.1
    - [PATCH] Fix x25519 and x448 handling of non-canonical values
- Removed the following obsolete patches
  * libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
  * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
  * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
  * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
  * libica-sles15sp2-Build-with-pthread-flag.patch
  * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
  * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
  * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
- Fix lack of SHA3 KATs in "make check" processing (bsc#1175277)
  * Added libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
  * Added libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
- Fix FIPS hmac check (bsc#1175356).
  * Update FIPS support to upstream
    - Refresh libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
      from upstream.
    - Add libica-sles15sp2-Build-with-pthread-flag.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
    - Add libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
  * FIPS check should fail when hmac is missing
    - Add libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
    - Create an hmac for the selftest
    - Check that selftest fails without a hmac
    - Hash libica.so.3 rather than libica.so.3.6.0
  * Fix hmac key format. It should be hexadecimal, not ASCII
    - Refresh libica-sles15sp2-FIPS-hmac-key.patch
- Fix Some internal variables used to store sensitive information
  (keys) were not zeroized before returning to the calling application.
  (bsc#1175357)
  * Added libica-sles15sp2-Zeroize-local-variables.patch
- Updated libica-rpmlintrc to eliminate the warning about the HMAC file
  being a hidden file. It is supposed to be hidden.
- Added the following patches for FIPS certification (bsc#1162533)
  * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
  * libica-sles15sp2-FIPS-hmac-key.patch
- Added a BuildRequires for the fipscheck package.
- Made a couple of changes to the spec file based upon recommendations
  by spec-cleaner.
- Added the following patches for FIPS certification.
  * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
    (bsc#1166071) Although a DES key has only 56 effective bits,
     all 64 bits must be considered, because the parity bits are
     spread over all 8 bytes of the key.
  * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
    (bsc#1166210) FIPS tests require the output iv to be the iv
    resulting from decrypting the last block with a zero iv as input.
  * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
    (bsc#1166224) The output from icainfo never shows 'yes' for
    RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN,
    due to the missing ICA_FLAG_SW flag in the icaList.
- Added libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
  (bsc#1156768)
- Upgraded to version 3.6.0 (jsc#SLE-7584)
  * [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448
- Upgraded to version 3.5.0 (Fate#327840)
  - [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify
- Reworked how libica-tools loads and unloads kernel modules to
  avoid spurious error messages (bsc#1134004):
  * Converted the boot.z90crypt sysV init script to a systemd unit
  file.
  * Removed any references to insserv in the spec file.
  * Updated the z90crypt script itself to properly load and unload
  the kernel modules as they exist today.
  * Eliminated the obsolete libica-SuSE.tar.bz2 archive.
- Updated the README.SUSE file to reflect the change from sysV init
  style script to systemd.
- Made numerous changes to the spec file, based on the output from
  the spec-cleaner command.
- Run testsuite during build
- Upgraded to version 3.4.0 (Fate#325690)
  * v3.4.0
    [FEATURE] Add SHA-512/224 and SHA-512/256 support
- Dropped obsolete patch Add-non-executable-gnu-stack-markings-in-the-assembl.patch
- Made numerous updates to spec file based on spec-cleanup run.
- Upgraded to version 3.3.3 (Fate#325690)
  * v3.3.3
    [PATCH] Various bug fixes
  * v3.3.2
    [PATCH] Skip ECC tests if required HW is not available
    [PATCH] Update spec file
  * v3.3.1
    [PATCH] Fix configure.ac to honour CFLAGS
  * v3.3.0
    [FEATURE] Add CEX supported elliptic-curve crypto interfaces
    [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces
    [FEATURE] Add interface to enable/disable SW fallbacks
    [FEATURE] Add 'make check' target, test-suite rework
  * v3.2.1
    [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG.
    [PATCH] Various bug fixes.
- Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch
- Removed COPYING from %files, since it is no longer in the tarball.
- Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch
  (bsc#1103493).
- Made multiple changes to the spec file based on the output of
  spec-cleaner
- Added "Obsoletes: libica-2_3_0" to the libica-tools package to
  fix a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1112655)
- Added "Obsoletes: libica2" to the libica-tools package to fix
  a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638)
- Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756)
- Updated boot.z90crypt script to fix a problem with the modprobe
  command not being found. (bsc#1040229).
- Added "Recommends: libica-tools" (bsc#1046435).
- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)
- Added "--enable-fips" to the %configure parms (Fate#324115)
- Upgraded to version 3.2 (Fate#321517)
  * v3.2.0
    [FEATURE] New AES-GCM interface.
    [UPDATE] Add symbol versioning.
  * v3.1.1
    [PATCH] Various bug fixes related to old and new AES-GCM implementations.
    [UPDATE] Add SHA3 test cases. Improved and extended test suite.
  * v3.1.0
    [FEATURE] Add KMA support for AES-GCM.
    [FEATURE] Add SHA-3 support.
    [PATCH] Reject RSA keys with invalid key-length.
    [PATCH] Allow zero output length for ica_random_number_generate.
    [PATCH] icastats: Correct owner of shared segment when root creates it.
  * Removed the following obsolete patches:
    libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    libica-3.0.2-03-fix-aes-ctr.patch
    libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567)
  - Added the following patches (bsc#1058567)
    - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    - libica-3.0.2-03-fix-aes-ctr.patch
    - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- baselibs.conf doesn't need any additional provides/conflicts for
  libica3.
- Update baselibs.conf with proper name for library package name,
  stop providing/obsoleting libica-2_1_0/libica-2_3-0.
- Upgraded to version 3.0.2 (Fate#322025).
  - v3.0.2
    - Fix locking callbacks for openSSL APIs.
  - v3.0.1
    - Fixed msa level detection on zEC/BC12 GA1 and predecessors.
  - v3.0.0
    - Added FIPS mode.
    - Sanitized exported symbols.
    - Removed deprecated APIs. Marked some APIs as deprecated.
    - Adapted to OpenSSL v1.1.0.
    - RSA key generation is thread-safe now.
- Removed the following obsolete patches:
  - fix-initialization-of-s390-hardware-switches-1.patch
  - fix-initialization-of-s390-hardware-switches-2.patch
  - fix-msa-level-detection.patch
  - fix-segfault-during-multithread-keygen.patch
  - rng-performance.patch
- Made the following packaging changes:
  - Implemented the shared library packaging guidelines.
  - Consolidated double invocation of %setup into just one.
  - Dropped redundant %ifarch, the package is already ExclusiveArch.
  - Updated descriptions.
- Added an libica-rpmlintrc file.
- Added the following two patches:
  - fix-segfault-during-multithread-keygen.patch (bsc#991485)
  - fix-msa-level-detection.patch (bsc#1010927)
- Added rng-performance.patch (bsc#990850).
- Updated baselibs.conf to obsolete prior versions of the 32bit
  package. (bsc#983897):
   provides "libica-<targettype> = <version>"
   obsoletes "libica-<targettype> < <version>"
   provides "libica-2_1_0-<targettype> = <version>"
   obsoletes "libica-2_1_0-<targettype> < <version>"
   provides "libica-2_3_0-<targettype> = <version>"
   obsoletes "libica-2_3_0-<targettype> < <version>"
- Added fix-initialization-of-s390-hardware-switches-1.patch and
  fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548)
- Upgraded to version 2.6.2 (FATE#319610).
- Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to
  naming standards.
- Found the original location of the icaioctl.h file and downloaded
  it to replace what we had previously.
- Removed the unnecessary libica2.la file
- Removed unnecessary Requires for glibc-devel
- Added Requires libica2 to the -devel package
- Converted call to configure to %configure macro
- Removed obsolete and unnecessary INSROOT and bindir parameters
  from the make install command
- Add Provides/Obsoletes for libica-2_3_0 so that the package from
  SLE12 GA is replaced (bsc#953096).
- move the .so file to the mainpackage, the openssl-ibmca engine
  will only load "libica.so" (bsc#952871)
- Update to libica v2.4.2 (FATE#318035)
- Removed outdated libica-aes_ccm-31-bit-compatibility.patch
- Moved init script into libica-SuSE.tar.bz2 archive
- sanitize release line in specfile
- Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root
- Removed libica-SuSE.tar.bz2
- z90crypt now starts and stops ap kernel module (bnc#888943)
- libica-aes_ccm-31-bit-compatibility.patch: AES_CCM:
  fixed 64/31 bit compatibility
- add obsoletes and provides for older libica versions 
- update to 2.3.0 (fate#315342) 
- obsolete/upstreamed patches:
  libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch
  libica-2_1_0-msa4-extension.patch
  libica-2_1_0-synchronize_shared_memory_ref_counting.patch
- Added COPYING to %files
- Fixed build dependency errors by requiring autoconf, automake
  and libtool
- Changed license to CPL-1.0
- Created devel package
- Support for MSA4 extension (bnc#794518, fate#314078)
- synchronize shared memory reference counting for library
  statistics (bnc#719659)
- fix temporary buffer allocation in ica_get_version() (bnc#719660)
- update -> 2.1.0 (fate#311914)
- Moved icainfo into /usr/bin (bnc#448643)
- obsolete old -XXbit packages (bnc#437293)
- fix build on all platforms 
- Added CPL license to include/z90crypt.h, removed GPL reference
  (This patch is upstream)
- Changed package name to libica-1_3_9 to conform to rpmlint
  requirements. (bnc#433432)
- Removed soname filter for rpmlint
- Several RPM fixes to help satisfy rpmlint
- Updated to libica 1.3.9
- added baselibs.conf file to build xxbit packages
  for multilib support
- remove inclusion of linux/config.h
- z90crypt: handle errors (bug #247799)
- Add gcc-c++ to BuildRequires.
- fix build for the rest of platforms 
- Update to libica 1.3.7 (#160036 - LTC22571)
- Increasing # of open handles with symmetric crypto support
  (#165323 - LTC23095)
- converted neededforbuild to BuildRequires
- include string.h and unistd.h in icalinux.c 
- Port package from SLES9 SP3
- Update to libica 1.3.6-rc3.
- Close all filehandles (#130060 - LTC19221).
- downgrade to libica 1.3.6-rc2 (contains AES software fallback,
  bug #117336)
- Update to libica 1.3.6 (#117336)
- fix implicit declaration 
- Changing the default value from 0 to -1 in rcz90crypt (#114371) 
- Finally fix 'reload' messages (#81824 - LTC15733).
- Fix sigill patch.
- Remove printf output from sigill patch (#81829 - LTC15731).
- Use correct default value for z90crypt (#81825 - LTC15732).
- Fix messages for 'reload' (#81824 - LTC15733).
- Fixed SIGILL on z900 (#46422).
- Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005).
- Fix module loading error (#42006).
- Add sysconfig variable to set the 'domain' parameter (#42005).
- update -> 1.3.5-3 (bug #42122)
- Update README.SuSE and correct name as well
- Use modprobe instead of insmod and fix module load error(#40526)
- Fix error checking for no hardware found case and hw error on load
- Update Readme again for the correct name (SUSE LINUX Server).
- Moved README.SuSE to README.SUSE.
- Update Readme to refer to the correct name (SUSE Linux Server).
- Update to 1.3.5-2 (#38511, #39693).
- Update Readme to refer to SUSE Linux Server instead of
  SuSE Linux Enterprise Server.
- Update to 1.3.5
- export CFLAGS & CPPFLAGS for configure
- Exclude S/390-specific files for other archs (#37183) 
- add "-I./include" to CFLAGS and use RPM_OPT_FLAGS
- fix build
- build as user
- update to 1.3.4
- update to 1.3.2
- update to 1.3.1:
  now supports DES, TDES and SHA, as well as RSA.
- throw libica.patch away, since autoversion and Makefile.am have
  similar changes now, and the renaming from _LINUX_S390_ to
  __s390__ is not really necessary
- use %defattr
- checked that icaioctl.h is still current
- dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone
  open source meanwhile and comes with the kernel sources
- added documentation how to set up crypto hardware support,
  esp. S/390 and zSeries. (#16011, #22056)
- upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5
  actually work. (#20737)
- Correct PreReq
- fixed src/Makefile.am and ugly ./autoversion to honor %_lib and
  to build on non-s390
- updated to current libica
- hacked in icaioctl.h for build, 'til we have the module in the
  kernel.
- add %run_ldconfig
- fix for current automake/autoconf
- removed old fillup-template and START_ variable 
- modified etc/init.d/z90crypt-script to report result at start.
- Added openssl to #neededforbuild, which is needed in addition to
  openssl-devel
- initial version

OBS-URL: https://build.opensuse.org/request/show/1088514
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=9
2023-05-23 06:31:36 +00:00
Nikolay Gueorguiev
d1c80be180 Accepting request 1088511 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.2 (jsc#PED-3277)
  - [UPDATE] syslog msgs only in error cases
  - [UPDATE] don't count statistics in fips power-on self tests
  - [PATCH] various fixes and some new tests
- Removed patches
  * libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
  * libica-sles15sp5-FIPS-hmac-key.patch
- Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet
- Prefix /etc/libica with %dir to ensure we don't package
  unversioned files in libica4, as otherwise we violate SLPP.
- Add /etc/libica directory into %files section.
- Upgrade to version 4.2.1 (jsc#PED-2872)
  - [PATCH] fix regression opening shared memory
- Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365).
  - [FEATURE] Display build info via icainfo -v
  - [FEATURE] New API function ica_get_build_version()
  - [FEATURE] Display fips indication via icainfo -f
  - [FEATURE] New API function ica_get_fips_indicator()
  - [FEATURE] New API function ica_aes_gcm_initialize_fips()
  - [FEATURE] New API function ica_aes_gcm_kma_get_iv()
  - [FEATURE] New API function ica_get_msa_level()
  - [PATCH] icainfo: check for malloc error when getting functionlist
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
  v4.1.1
   - [PATCH] Fix aes-xts multi-part operations
     [PATCH] Fix make dist
  v4.1.0
   - [FEATURE] FIPS: make libica FIPS 140-3 compliant
     [FEATURE] New API function ica_ecdsa_sign_ex()
     [FEATURE] New icainfo output option -r
   - [PATCH] Various bug fixes
- Removed the following obsolete files:
  baselibs.conf
  icaioctl.h
- Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629)
  v4.0.3
   - [PATCH] Reduce the number of open file descriptors
   - [PATCH] Various bug fixes
  v4.0.2
   - [PATCH] Various bug fixes
  v4.0.1
   - [PATCH] Various bug fixes
   - [PATCH] Compute HMAC from installed library
  v4.0.0
   - [UPDATE] NO_SW_FALLBACKS is now the default for libica.so
     [UPDATE] Removed deprecated API functions including tests
     [UPDATE] Introduced 'const' for some API function parameters
     [FEATURE] icastats: new parm -k to display detailed counters
- Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated
  version named libica-sles15sp5-FIPS-hmac-key.patch.
- Updated the libica-rpmlintrc file to suppress warnings about the 
  libica-cex hmac files being hidden.
- Updated the spec file to properly both obsolete and provide two
  older versions of the package.
- Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564)
  - [FEATURE] Add support for OpenSSL 3.0
  - [FEATURE] icainfo: new parm -c to display available EC curves
- Replaced the obsolete PreReq: %fillup_prereq
  with                  Requires(post): %fillup_prereq
  in the spec file.
- Update to version 3.8.0 (jsc#SLE-18334)
  - [FEATURE] provide libica-cex module to satisfy special security requirements
  - [FEATURE] FIPS: enforce the HMAC check
- Remove upstreamed patches:
   - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
   - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
   - libica-sles15sp2-Zeroize-local-variables.patch
- Remove patches obsoleted by upstrea developent:
   * FIPS: Find libica from phdrs.
     - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
   * FIPS: enforce the hmac check
     - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
- Fix up tests and hmac generation
   + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
- Remove obsolete attributes from filelists
- Upgraded to version 3.7.0 (jsc#SLE-13708)
  * Version 3.7.0
    - [FEATURE] FIPS: Add HMAC based library integrity check
    - [PATCH] icainfo: bugfix for RSA and EC related info for software column.
    - [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests
    - [PATCH] FIPS: Fix DES and TDES key length
    - [PATCH] icastats: Fix stats counter format
  * Version 3.6.1
    - [PATCH] Fix x25519 and x448 handling of non-canonical values
- Removed the following obsolete patches
  * libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
  * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
  * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
  * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
  * libica-sles15sp2-Build-with-pthread-flag.patch
  * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
  * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
  * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
- Fix lack of SHA3 KATs in "make check" processing (bsc#1175277)
  * Added libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
  * Added libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
- Fix FIPS hmac check (bsc#1175356).
  * Update FIPS support to upstream
    - Refresh libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
      from upstream.
    - Add libica-sles15sp2-Build-with-pthread-flag.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
    - Add libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
  * FIPS check should fail when hmac is missing
    - Add libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
    - Create an hmac for the selftest
    - Check that selftest fails without a hmac
    - Hash libica.so.3 rather than libica.so.3.6.0
  * Fix hmac key format. It should be hexadecimal, not ASCII
    - Refresh libica-sles15sp2-FIPS-hmac-key.patch
- Fix Some internal variables used to store sensitive information
  (keys) were not zeroized before returning to the calling application.
  (bsc#1175357)
  * Added libica-sles15sp2-Zeroize-local-variables.patch
- Updated libica-rpmlintrc to eliminate the warning about the HMAC file
  being a hidden file. It is supposed to be hidden.
- Added the following patches for FIPS certification (bsc#1162533)
  * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
  * libica-sles15sp2-FIPS-hmac-key.patch
- Added a BuildRequires for the fipscheck package.
- Made a couple of changes to the spec file based upon recommendations
  by spec-cleaner.
- Added the following patches for FIPS certification.
  * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
    (bsc#1166071) Although a DES key has only 56 effective bits,
     all 64 bits must be considered, because the parity bits are
     spread over all 8 bytes of the key.
  * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
    (bsc#1166210) FIPS tests require the output iv to be the iv
    resulting from decrypting the last block with a zero iv as input.
  * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
    (bsc#1166224) The output from icainfo never shows 'yes' for
    RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN,
    due to the missing ICA_FLAG_SW flag in the icaList.
- Added libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
  (bsc#1156768)
- Upgraded to version 3.6.0 (jsc#SLE-7584)
  * [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448
- Upgraded to version 3.5.0 (Fate#327840)
  - [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify
- Reworked how libica-tools loads and unloads kernel modules to
  avoid spurious error messages (bsc#1134004):
  * Converted the boot.z90crypt sysV init script to a systemd unit
  file.
  * Removed any references to insserv in the spec file.
  * Updated the z90crypt script itself to properly load and unload
  the kernel modules as they exist today.
  * Eliminated the obsolete libica-SuSE.tar.bz2 archive.
- Updated the README.SUSE file to reflect the change from sysV init
  style script to systemd.
- Made numerous changes to the spec file, based on the output from
  the spec-cleaner command.
- Run testsuite during build
- Upgraded to version 3.4.0 (Fate#325690)
  * v3.4.0
    [FEATURE] Add SHA-512/224 and SHA-512/256 support
- Dropped obsolete patch Add-non-executable-gnu-stack-markings-in-the-assembl.patch
- Made numerous updates to spec file based on spec-cleanup run.
- Upgraded to version 3.3.3 (Fate#325690)
  * v3.3.3
    [PATCH] Various bug fixes
  * v3.3.2
    [PATCH] Skip ECC tests if required HW is not available
    [PATCH] Update spec file
  * v3.3.1
    [PATCH] Fix configure.ac to honour CFLAGS
  * v3.3.0
    [FEATURE] Add CEX supported elliptic-curve crypto interfaces
    [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces
    [FEATURE] Add interface to enable/disable SW fallbacks
    [FEATURE] Add 'make check' target, test-suite rework
  * v3.2.1
    [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG.
    [PATCH] Various bug fixes.
- Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch
- Removed COPYING from %files, since it is no longer in the tarball.
- Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch
  (bsc#1103493).
- Made multiple changes to the spec file based on the output of
  spec-cleaner
- Added "Obsoletes: libica-2_3_0" to the libica-tools package to
  fix a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1112655)
- Added "Obsoletes: libica2" to the libica-tools package to fix
  a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638)
- Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756)
- Updated boot.z90crypt script to fix a problem with the modprobe
  command not being found. (bsc#1040229).
- Added "Recommends: libica-tools" (bsc#1046435).
- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)
- Added "--enable-fips" to the %configure parms (Fate#324115)
- Upgraded to version 3.2 (Fate#321517)
  * v3.2.0
    [FEATURE] New AES-GCM interface.
    [UPDATE] Add symbol versioning.
  * v3.1.1
    [PATCH] Various bug fixes related to old and new AES-GCM implementations.
    [UPDATE] Add SHA3 test cases. Improved and extended test suite.
  * v3.1.0
    [FEATURE] Add KMA support for AES-GCM.
    [FEATURE] Add SHA-3 support.
    [PATCH] Reject RSA keys with invalid key-length.
    [PATCH] Allow zero output length for ica_random_number_generate.
    [PATCH] icastats: Correct owner of shared segment when root creates it.
  * Removed the following obsolete patches:
    libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    libica-3.0.2-03-fix-aes-ctr.patch
    libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567)
  - Added the following patches (bsc#1058567)
    - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    - libica-3.0.2-03-fix-aes-ctr.patch
    - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- baselibs.conf doesn't need any additional provides/conflicts for
  libica3.
- Update baselibs.conf with proper name for library package name,
  stop providing/obsoleting libica-2_1_0/libica-2_3-0.
- Upgraded to version 3.0.2 (Fate#322025).
  - v3.0.2
    - Fix locking callbacks for openSSL APIs.
  - v3.0.1
    - Fixed msa level detection on zEC/BC12 GA1 and predecessors.
  - v3.0.0
    - Added FIPS mode.
    - Sanitized exported symbols.
    - Removed deprecated APIs. Marked some APIs as deprecated.
    - Adapted to OpenSSL v1.1.0.
    - RSA key generation is thread-safe now.
- Removed the following obsolete patches:
  - fix-initialization-of-s390-hardware-switches-1.patch
  - fix-initialization-of-s390-hardware-switches-2.patch
  - fix-msa-level-detection.patch
  - fix-segfault-during-multithread-keygen.patch
  - rng-performance.patch
- Made the following packaging changes:
  - Implemented the shared library packaging guidelines.
  - Consolidated double invocation of %setup into just one.
  - Dropped redundant %ifarch, the package is already ExclusiveArch.
  - Updated descriptions.
- Added an libica-rpmlintrc file.
- Added the following two patches:
  - fix-segfault-during-multithread-keygen.patch (bsc#991485)
  - fix-msa-level-detection.patch (bsc#1010927)
- Added rng-performance.patch (bsc#990850).
- Updated baselibs.conf to obsolete prior versions of the 32bit
  package. (bsc#983897):
   provides "libica-<targettype> = <version>"
   obsoletes "libica-<targettype> < <version>"
   provides "libica-2_1_0-<targettype> = <version>"
   obsoletes "libica-2_1_0-<targettype> < <version>"
   provides "libica-2_3_0-<targettype> = <version>"
   obsoletes "libica-2_3_0-<targettype> < <version>"
- Added fix-initialization-of-s390-hardware-switches-1.patch and
  fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548)
- Upgraded to version 2.6.2 (FATE#319610).
- Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to
  naming standards.
- Found the original location of the icaioctl.h file and downloaded
  it to replace what we had previously.
- Removed the unnecessary libica2.la file
- Removed unnecessary Requires for glibc-devel
- Added Requires libica2 to the -devel package
- Converted call to configure to %configure macro
- Removed obsolete and unnecessary INSROOT and bindir parameters
  from the make install command
- Add Provides/Obsoletes for libica-2_3_0 so that the package from
  SLE12 GA is replaced (bsc#953096).
- move the .so file to the mainpackage, the openssl-ibmca engine
  will only load "libica.so" (bsc#952871)
- Update to libica v2.4.2 (FATE#318035)
- Removed outdated libica-aes_ccm-31-bit-compatibility.patch
- Moved init script into libica-SuSE.tar.bz2 archive
- sanitize release line in specfile
- Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root
- Removed libica-SuSE.tar.bz2
- z90crypt now starts and stops ap kernel module (bnc#888943)
- libica-aes_ccm-31-bit-compatibility.patch: AES_CCM:
  fixed 64/31 bit compatibility
- add obsoletes and provides for older libica versions 
- update to 2.3.0 (fate#315342) 
- obsolete/upstreamed patches:
  libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch
  libica-2_1_0-msa4-extension.patch
  libica-2_1_0-synchronize_shared_memory_ref_counting.patch
- Added COPYING to %files
- Fixed build dependency errors by requiring autoconf, automake
  and libtool
- Changed license to CPL-1.0
- Created devel package
- Support for MSA4 extension (bnc#794518, fate#314078)
- synchronize shared memory reference counting for library
  statistics (bnc#719659)
- fix temporary buffer allocation in ica_get_version() (bnc#719660)
- update -> 2.1.0 (fate#311914)
- Moved icainfo into /usr/bin (bnc#448643)
- obsolete old -XXbit packages (bnc#437293)
- fix build on all platforms 
- Added CPL license to include/z90crypt.h, removed GPL reference
  (This patch is upstream)
- Changed package name to libica-1_3_9 to conform to rpmlint
  requirements. (bnc#433432)
- Removed soname filter for rpmlint
- Several RPM fixes to help satisfy rpmlint
- Updated to libica 1.3.9
- added baselibs.conf file to build xxbit packages
  for multilib support
- remove inclusion of linux/config.h
- z90crypt: handle errors (bug #247799)
- Add gcc-c++ to BuildRequires.
- fix build for the rest of platforms 
- Update to libica 1.3.7 (#160036 - LTC22571)
- Increasing # of open handles with symmetric crypto support
  (#165323 - LTC23095)
- converted neededforbuild to BuildRequires
- include string.h and unistd.h in icalinux.c 
- Port package from SLES9 SP3
- Update to libica 1.3.6-rc3.
- Close all filehandles (#130060 - LTC19221).
- downgrade to libica 1.3.6-rc2 (contains AES software fallback,
  bug #117336)
- Update to libica 1.3.6 (#117336)
- fix implicit declaration 
- Changing the default value from 0 to -1 in rcz90crypt (#114371) 
- Finally fix 'reload' messages (#81824 - LTC15733).
- Fix sigill patch.
- Remove printf output from sigill patch (#81829 - LTC15731).
- Use correct default value for z90crypt (#81825 - LTC15732).
- Fix messages for 'reload' (#81824 - LTC15733).
- Fixed SIGILL on z900 (#46422).
- Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005).
- Fix module loading error (#42006).
- Add sysconfig variable to set the 'domain' parameter (#42005).
- update -> 1.3.5-3 (bug #42122)
- Update README.SuSE and correct name as well
- Use modprobe instead of insmod and fix module load error(#40526)
- Fix error checking for no hardware found case and hw error on load
- Update Readme again for the correct name (SUSE LINUX Server).
- Moved README.SuSE to README.SUSE.
- Update Readme to refer to the correct name (SUSE Linux Server).
- Update to 1.3.5-2 (#38511, #39693).
- Update Readme to refer to SUSE Linux Server instead of
  SuSE Linux Enterprise Server.
- Update to 1.3.5
- export CFLAGS & CPPFLAGS for configure
- Exclude S/390-specific files for other archs (#37183) 
- add "-I./include" to CFLAGS and use RPM_OPT_FLAGS
- fix build
- build as user
- update to 1.3.4
- update to 1.3.2
- update to 1.3.1:
  now supports DES, TDES and SHA, as well as RSA.
- throw libica.patch away, since autoversion and Makefile.am have
  similar changes now, and the renaming from _LINUX_S390_ to
  __s390__ is not really necessary
- use %defattr
- checked that icaioctl.h is still current
- dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone
  open source meanwhile and comes with the kernel sources
- added documentation how to set up crypto hardware support,
  esp. S/390 and zSeries. (#16011, #22056)
- upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5
  actually work. (#20737)
- Correct PreReq
- fixed src/Makefile.am and ugly ./autoversion to honor %_lib and
  to build on non-s390
- updated to current libica
- hacked in icaioctl.h for build, 'til we have the module in the
  kernel.
- add %run_ldconfig
- fix for current automake/autoconf
- removed old fillup-template and START_ variable 
- modified etc/init.d/z90crypt-script to report result at start.
- Added openssl to #neededforbuild, which is needed in addition to
  openssl-devel
- initial version

OBS-URL: https://build.opensuse.org/request/show/1088511
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=8
2023-05-23 06:22:08 +00:00
Nikolay Gueorguiev
8f54dd4884 Accepting request 1088509 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.2 (jsc#PED-3277)
  - [UPDATE] syslog msgs only in error cases
  - [UPDATE] don't count statistics in fips power-on self tests
  - [PATCH] various fixes and some new tests

OBS-URL: https://build.opensuse.org/request/show/1088509
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=7
2023-05-23 06:08:56 +00:00
Dominique Leuenberger
3753113a93 Accepting request 1084581 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1084581
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=29
2023-05-04 15:11:08 +00:00
Nikolay Gueorguiev
28dea1df41 Accepting request 1084580 from home:ohollmann:branches:security:tls
- Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet

OBS-URL: https://build.opensuse.org/request/show/1084580
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=5
2023-05-04 09:41:09 +00:00
Dominique Leuenberger
7c47619fb7 Accepting request 1083312 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1083312
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=28
2023-04-27 18:02:58 +00:00
Martin Pluskal
6942a62dec Accepting request 1083306 from home:dimstar:Factory
- Prefix /etc/libica with %dir to ensure we don't package
  unversioned files in libica4, as otherwise we violate SLPP.

OBS-URL: https://build.opensuse.org/request/show/1083306
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=3
2023-04-27 17:17:25 +00:00
Nikolay Gueorguiev
282bb6840e Accepting request 1083286 from home:ohollmann:branches:security:tls
- Add /etc/libica directory into %files section.

OBS-URL: https://build.opensuse.org/request/show/1083286
OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=2
2023-04-27 15:13:17 +00:00
Otto Hollmann
c46ed2cfab OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=1 2023-04-27 14:02:16 +00:00
Dominique Leuenberger
8d94bc3fc9 Accepting request 1066752 from devel:openSUSE:Factory
OBS-URL: https://build.opensuse.org/request/show/1066752
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=27
2023-02-20 16:46:23 +00:00
Nikolay Gueorguiev
b00258baac Accepting request 1066751 from home:ngueorguiev:branches:devel:openSUSE:Factory
Update to libica ver. 4.2.1 (jsc#PED-2872)

OBS-URL: https://build.opensuse.org/request/show/1066751
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=86
2023-02-20 09:38:22 +00:00
Dominique Leuenberger
4cae5bd51b Accepting request 1059994 from devel:openSUSE:Factory
- Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365).
  - [FEATURE] Display build info via icainfo -v
  - [FEATURE] New API function ica_get_build_version()
  - [FEATURE] Display fips indication via icainfo -f
  - [FEATURE] New API function ica_get_fips_indicator()
  - [FEATURE] New API function ica_aes_gcm_initialize_fips()
  - [FEATURE] New API function ica_aes_gcm_kma_get_iv()
  - [FEATURE] New API function ica_get_msa_level()
  - [PATCH] icainfo: check for malloc error when getting functionlist

OBS-URL: https://build.opensuse.org/request/show/1059994
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=26
2023-01-20 16:39:59 +00:00
Mark Post
848af2cce4 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=84 2023-01-20 14:43:29 +00:00
Mark Post
c2dd9c26f1 Accepting request 1058740 from home:msmeissn:branches:devel:openSUSE:Factory
- Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365).
  - [FEATURE] Display build info via icainfo -v
  - [FEATURE] New API function ica_get_build_version()
  - [FEATURE] Display fips indication via icainfo -f
  - [FEATURE] New API function ica_get_fips_indicator()
  - [FEATURE] New API function ica_aes_gcm_initialize_fips()
  - [FEATURE] New API function ica_aes_gcm_kma_get_iv()
  - [FEATURE] New API function ica_get_msa_level()
  - [PATCH] icainfo: check for malloc error when getting functionlist

OBS-URL: https://build.opensuse.org/request/show/1058740
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=83
2023-01-20 14:42:02 +00:00
Dominique Leuenberger
97fc0d45ba Accepting request 1010295 from devel:openSUSE:Factory
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
  v4.1.1
   - [PATCH] Fix aes-xts multi-part operations
     [PATCH] Fix make dist
  v4.1.0
   - [FEATURE] FIPS: make libica FIPS 140-3 compliant
     [FEATURE] New API function ica_ecdsa_sign_ex()
     [FEATURE] New icainfo output option -r
   - [PATCH] Various bug fixes
- Removed the following obsolete files:
  baselibs.conf
  icaioctl.h

OBS-URL: https://build.opensuse.org/request/show/1010295
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=25
2022-10-13 13:53:31 +00:00
Mark Post
1ca5af5a9a OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=81 2022-10-12 17:09:04 +00:00
Mark Post
4e07d6323f OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=80 2022-10-12 17:07:40 +00:00
Mark Post
0a7811427a OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=78 2022-10-11 21:43:30 +00:00
Mark Post
1b2b69b8aa OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=77 2022-10-11 21:42:29 +00:00
Mark Post
9ec2c60729 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=76 2022-10-11 21:42:09 +00:00
Mark Post
c200870eac OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=75 2022-10-11 21:40:32 +00:00
Mark Post
2808cf7b88 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=74 2022-10-11 21:40:09 +00:00
Mark Post
eb885c7177 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=73 2022-10-11 21:37:14 +00:00
Mark Post
5cdffa907b OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=72 2022-10-11 21:36:01 +00:00
Mark Post
a6fc88507b Accepting request 1009943 from home:markkp:branches:devel:openSUSE:Factory
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
  v4.1.1
   - [PATCH] Fix aes-xts multi-part operations
     [PATCH] Fix make dist
  v4.1.0
   - [FEATURE] FIPS: make libica FIPS 140-3 compliant
     [FEATURE] New API function ica_ecdsa_sign_ex()
     [FEATURE] New icainfo output option -r
   - [PATCH] Various bug fixes
- Removed the following obsolete files:
  baselibs.conf
  icaioctl.h

OBS-URL: https://build.opensuse.org/request/show/1009943
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=71
2022-10-11 21:20:10 +00:00
Dominique Leuenberger
b04da4e52e Accepting request 1003633 from devel:openSUSE:Factory
Updated package for jsc#PED-581, jsc#PED-621, jsc#PED-629

OBS-URL: https://build.opensuse.org/request/show/1003633
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=24
2022-09-15 20:58:37 +00:00
Mark Post
462d552a0a Accepting request 1003632 from home:markkp:branches:devel:openSUSE:Factory
Updated package for jsc#PED-581, jsc#PED-621, jsc#PED-629

OBS-URL: https://build.opensuse.org/request/show/1003632
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=69
2022-09-14 22:40:22 +00:00
Mark Post
6d110f7032 Accepting request 1003630 from home:markkp:branches:devel:openSUSE:Factory
Updated package for jsc#PED-581, jsc#PED-621, jsc#PED-629

OBS-URL: https://build.opensuse.org/request/show/1003630
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=68
2022-09-14 22:27:14 +00:00
Mark Post
42eb8cd899 Accepting request 1003628 from home:markkp:branches:devel:openSUSE:Factory
Updated package for jsc#PED-581, jsc#PED-621, and jsc#PED-629

OBS-URL: https://build.opensuse.org/request/show/1003628
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=67
2022-09-14 22:15:28 +00:00