From 81b951bb3fb6e957cc7afb6ae69729d7ab1afb351fe7523092d1b703c277ae86 Mon Sep 17 00:00:00 2001 From: Mark Post Date: Wed, 14 Nov 2018 20:37:20 +0000 Subject: [PATCH 1/2] - Upgraded to version 2.0.0 (Fate#325688) * openssl-ibmca 2.0.0 Add ECC support. Add check and distcheck make-targets. Project cleanup, code was broken into multiple files and coding style cleanup. Improvements to compat macros for openssl. Don't disable libica sw fallbacks. Fix dlclose logic. * openssl-ibmca 1.4.1 Fix structure size for aes-256-ecb/cbc/cfb/ofb Update man page Switch to ibmca.so filename to allow standalone use Switch off Libica fallback mode if available Make sure ibmca_init only runs once Provide simple macro for DEBUG_PRINTF possibility Cleanup and slight rework of function set_supported_meths - Did some cleanup to the spec file, based on spec-cleanup. OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=4 --- openssl-ibmca-1.4.0.tar.gz | 3 - openssl-ibmca-2.0.0.tar.gz | 3 + ...mca-sles15-Fix-lib-name-in-test-code.patch | 26 ------- ...so-filename-to-allow-a-standalone-us.patch | 50 -------------- ...s15-Update-lib-name-in-documentation.patch | 69 ------------------- openssl-ibmca.changes | 23 +++++-- openssl-ibmca.spec | 15 ++-- 7 files changed, 25 insertions(+), 164 deletions(-) delete mode 100644 openssl-ibmca-1.4.0.tar.gz create mode 100644 openssl-ibmca-2.0.0.tar.gz delete mode 100644 openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch delete mode 100644 openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch delete mode 100644 openssl-ibmca-sles15-Update-lib-name-in-documentation.patch diff --git a/openssl-ibmca-1.4.0.tar.gz b/openssl-ibmca-1.4.0.tar.gz deleted file mode 100644 index e26a544..0000000 --- a/openssl-ibmca-1.4.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ed410b45eacf92b395b89cad147177eb40c5a77971b91e08f4470cc0ee48ac76 -size 34103 diff --git a/openssl-ibmca-2.0.0.tar.gz b/openssl-ibmca-2.0.0.tar.gz new file mode 100644 index 0000000..0eb7928 --- /dev/null +++ b/openssl-ibmca-2.0.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ddfafd26bb81fac65642284e71f2585eee7dc4c71ba2b11dc1c264ca2bef91f8 +size 42857 diff --git a/openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch b/openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch deleted file mode 100644 index b00e375..0000000 --- a/openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 08d8261f3a39ae248a8f919af6b9b337f7ba0975 Mon Sep 17 00:00:00 2001 -From: Eduardo Barretto -Date: Thu, 25 Jan 2018 13:11:53 -0200 -Subject: [PATCH 01/32] Fix lib name in test code - -Signed-off-by: Eduardo Barretto ---- - src/test/ibmca_mechaList_test.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/test/ibmca_mechaList_test.c b/src/test/ibmca_mechaList_test.c -index f34d5aa..527bb89 100644 ---- a/src/test/ibmca_mechaList_test.c -+++ b/src/test/ibmca_mechaList_test.c -@@ -38,7 +38,7 @@ typedef struct{ - } id_map; - - #define AP_PATH "/sys/devices/ap" --#define IBMCA_PATH "/usr/lib64/openssl/engines/libibmca.so" -+#define IBMCA_PATH "/usr/lib64/openssl/engines/ibmca.so" - - - id_map ica_to_ssl_map[] = { --- -2.13.7 - diff --git a/openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch b/openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch deleted file mode 100644 index 4f051dd..0000000 --- a/openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 29c3157a895e8c6428100a3c0229fb405a978137 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20Hor=C3=A1k?= -Date: Wed, 17 Jan 2018 13:52:02 +0100 -Subject: [PATCH 79/79] switch to ibmca.so filename to allow a standalone use -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Dan HorĂ¡k ---- - src/Makefile.am | 10 +++++----- - src/openssl.cnf.sample | 2 +- - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 58e7f4e..ff27458 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -1,10 +1,10 @@ --lib_LTLIBRARIES=libibmca.la -+lib_LTLIBRARIES=ibmca.la - --libibmca_la_SOURCES=e_ibmca.c e_ibmca_err.c --libibmca_la_LIBADD=-ldl --libibmca_la_LDFLAGS=-module -version-info 0:2:0 -shared -no-undefined -avoid-version -+ibmca_la_SOURCES=e_ibmca.c e_ibmca_err.c -+ibmca_la_LIBADD=-ldl -+ibmca_la_LDFLAGS=-module -version-info 0:2:0 -shared -no-undefined -avoid-version - --dist_libibmca_la_SOURCES=e_ibmca_err.h e_os.h cryptlib.h -+dist_ibmca_la_SOURCES=e_ibmca_err.h e_os.h cryptlib.h - EXTRA_DIST = openssl.cnf.sample - - ACLOCAL_AMFLAGS = -I m4 -diff --git a/src/openssl.cnf.sample b/src/openssl.cnf.sample -index 0094864..e483686 100644 ---- a/src/openssl.cnf.sample -+++ b/src/openssl.cnf.sample -@@ -23,7 +23,7 @@ ibmca = ibmca_section - # The openssl engine path for libibmca.so. - # Set the dynamic_path to where the libibmca.so engine - # resides on the system. --dynamic_path = /usr/local/lib/libibmca.so -+dynamic_path = /usr/local/lib/ibmca.so - engine_id = ibmca - init = 1 - --- -2.13.7 - diff --git a/openssl-ibmca-sles15-Update-lib-name-in-documentation.patch b/openssl-ibmca-sles15-Update-lib-name-in-documentation.patch deleted file mode 100644 index b4c1715..0000000 --- a/openssl-ibmca-sles15-Update-lib-name-in-documentation.patch +++ /dev/null @@ -1,69 +0,0 @@ -From ba9bef46d233314d34124bee1306b4335b8d0b42 Mon Sep 17 00:00:00 2001 -From: Eduardo Barretto -Date: Thu, 25 Jan 2018 13:11:19 -0200 -Subject: [PATCH 01/33] Update lib name in documentation - -Signed-off-by: Eduardo Barretto ---- - README.md | 8 ++++---- - src/doc/ibmca.man | 2 +- - src/openssl.cnf.sample | 4 ++-- - 3 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/README.md b/README.md -index b3f3501..7c0bdec 100644 ---- a/README.md -+++ b/README.md -@@ -27,8 +27,8 @@ $ sudo make install - ``` - - This will configure, build and install the package in a default location, --which is `/usr/local/lib`. It means that the libibmca.so will be installed in --`/usr/local/lib/libibmca.so` by default. If you want to install it anywhere -+which is `/usr/local/lib`. It means that the ibmca.so will be installed in -+`/usr/local/lib/ibmca.so` by default. If you want to install it anywhere - else, run "configure" passing the new location via prefix argument, for - example: - -@@ -48,8 +48,8 @@ in the host by the OpenSSL package. **WARNING:** you may want to save the - original `openssl.cnf` file before changing it. - - In `openssl.cnf.sample`, the *dynamic_path* variable is set to the default --location, which is `/usr/local/lib/libibmca.so` by default. However, if the --libibmca.so library has been installed anywhere else, then update the -+location, which is `/usr/local/lib/ibmca.so` by default. However, if the -+ibmca.so library has been installed anywhere else, then update the - *dynamic_path* variable. - - Locate where the `openssl.cnf` file has been installed in the host and append -diff --git a/src/doc/ibmca.man b/src/doc/ibmca.man -index dd163b5..9ec08bc 100644 ---- a/src/doc/ibmca.man -+++ b/src/doc/ibmca.man -@@ -24,7 +24,7 @@ discover control commands. - Options for the IBMCA section in openssl.cnf: - .PP - dynamic_path = --.I /path/to/libibmca.so -+.I /path/to/ibmca.so - .RS - Set the path to the IBMCA shared object file allowing OpenSSL to find the file. - .RE -diff --git a/src/openssl.cnf.sample b/src/openssl.cnf.sample -index e483686..e24dad4 100644 ---- a/src/openssl.cnf.sample -+++ b/src/openssl.cnf.sample -@@ -20,8 +20,8 @@ ibmca = ibmca_section - - [ibmca_section] - --# The openssl engine path for libibmca.so. --# Set the dynamic_path to where the libibmca.so engine -+# The openssl engine path for ibmca.so. -+# Set the dynamic_path to where the ibmca.so engine - # resides on the system. - dynamic_path = /usr/local/lib/ibmca.so - engine_id = ibmca --- -2.13.7 - diff --git a/openssl-ibmca.changes b/openssl-ibmca.changes index ba391bc..bfcc7cb 100644 --- a/openssl-ibmca.changes +++ b/openssl-ibmca.changes @@ -1,10 +1,23 @@ ------------------------------------------------------------------- -Fri Aug 31 19:37:39 UTC 2018 - mpost@suse.com +Wed Nov 14 20:18:07 UTC 2018 - mpost@suse.com -- Added the following patches for bsc#1097463 - * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch - * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch - * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch +- Upgraded to version 2.0.0 (Fate#325688) + * openssl-ibmca 2.0.0 + Add ECC support. + Add check and distcheck make-targets. + Project cleanup, code was broken into multiple files and coding style cleanup. + Improvements to compat macros for openssl. + Don't disable libica sw fallbacks. + Fix dlclose logic. + * openssl-ibmca 1.4.1 + Fix structure size for aes-256-ecb/cbc/cfb/ofb + Update man page + Switch to ibmca.so filename to allow standalone use + Switch off Libica fallback mode if available + Make sure ibmca_init only runs once + Provide simple macro for DEBUG_PRINTF possibility + Cleanup and slight rework of function set_supported_meths +- Did some cleanup to the spec file, based on spec-cleanup. ------------------------------------------------------------------- Fri Sep 22 18:07:10 UTC 2017 - mpost@suse.com diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec index c873ca1..6fb9556 100644 --- a/openssl-ibmca.spec +++ b/openssl-ibmca.spec @@ -17,7 +17,7 @@ Name: openssl-ibmca -Version: 1.4.0 +Version: 2.0.0 Release: 0 Summary: The IBMCA OpenSSL dynamic engine License: Apache-2.0 @@ -25,10 +25,6 @@ Group: Hardware/Other Url: https://github.com/opencryptoki/openssl-ibmca/ Source: openssl-ibmca-%{version}.tar.gz Source1: baselibs.conf -Patch1: openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch -Patch2: openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch -Patch3: openssl-ibmca-sles15-Update-lib-name-in-documentation.patch - BuildRequires: autoconf BuildRequires: automake BuildRequires: libica-devel >= 3.1.1 @@ -36,7 +32,6 @@ BuildRequires: libica-tools >= 2.4.0 BuildRequires: libtool BuildRequires: openssl-devel Requires: openssl -BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: s390 s390x %description @@ -45,9 +40,6 @@ IBM eServer Cryptographic Accelerator (ICA). %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 %build # The directory where crypto engines are located is owned by the libcrypto package. @@ -66,7 +58,7 @@ make %{?_smp_mflags} # to the correct version of the engines directory. sed -i -e "/^dynamic_path/s, = .*/, = %{_ENGINE_DIR}/," src/openssl.cnf.sample -make %{?_smp_mflags} DESTDIR=%{buildroot} install +%make_install rm %{buildroot}/%{_ENGINE_DIR}/ibmca.la %post @@ -119,7 +111,8 @@ fi %files %defattr(-, root, root) -%doc README.md LICENSE +%license LICENSE +%doc README.md %doc src/openssl.cnf.sample %{_ENGINE_DIR}/ibmca.* %{_mandir}/man5/ibmca.5%{ext_man} From 20a31e680efee04c066c3648071da6edadd6e03d52cf642bc4779da2c17f2598 Mon Sep 17 00:00:00 2001 From: Mark Post Date: Wed, 14 Nov 2018 22:44:10 +0000 Subject: [PATCH 2/2] Accepting request 649102 from home:markkp:branches:security:tls - Upgraded to version 2.0.0 (Fate#325688) * openssl-ibmca 2.0.0 Add ECC support. Add check and distcheck make-targets. Project cleanup, code was broken into multiple files and coding style cleanup. Improvements to compat macros for openssl. Don't disable libica sw fallbacks. Fix dlclose logic. * openssl-ibmca 1.4.1 Fix structure size for aes-256-ecb/cbc/cfb/ofb Update man page Switch to ibmca.so filename to allow standalone use Switch off Libica fallback mode if available Make sure ibmca_init only runs once Provide simple macro for DEBUG_PRINTF possibility Cleanup and slight rework of function set_supported_meths - Did some cleanup to the spec file, based on spec-cleanup. - Removed the following obsolete patches: * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch - Added the following patches for bsc#1097463 * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch - Upgraded to version 1.4.0 * Re-license to Apache License v2.0 * Fix aes_gcm initialization. * Update man page. * Add macros for OpenSSL 0.9.8 compat. * Remove AC_FUNC_MALLOC from configure.ac * Add compat macro for OpenSSL 1.0.1e-fips. * Setting 'foreign' strictness for automake. * Add AES-GCM support. * Rework EVP_aes macros. * Remove dependency of old local OpenSSL headers. * Fix engine initialization to set function pointers only once. * Remove blank COPYING and NEWS files. * Remove INSTALL and move its content to README.md * Update README.md file to make use of markdown. * Rename README file to README.md to use markdown * Add CONTRIBUTING guidelines. * Adding coding style documentation. * Enable EVP_MD_FLAG_FIPS flag for SHA-*. * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0 * Fix SHA512 EVP digest struct to use EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0 * Fix wrong parenthesis * convert libica loading to dlopen() and friends * Add support to DSO on new API of OpenSSL-1.1.0 - Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch - Added BuildRequires for autoconf, automake, and libtool. - Updated BuildRequires for libica-devel to be >= 3.1.1 - Now that the openSSL engines directory is versioned: * Modified the spec file to query the libcrypto package for which directory to install the engine into. * Removed openssl-ibmca-fix-enginepath.patch. Replaced it with a sed command so that it will provide the correct versioned engines directory - Removed openssl-ibmca-configure.patch. It doesn't seem to be needed any longer. - Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113) - Added libica-tools to the BuildRequires due to repackaging of libica. - Renamed BuildRequires from libica2-devel to libica-devel for the same reason. - Tweaked a comment to get rid of an rpmlint warning message. - fixed ssl configuration merging (bsc#1004463) - openssl-ibmca-fix-enginepath.patch: fix the engine path - Use macro for configure (fate#319941) - Use url for source - Enable parallel building - Cleanup spec file with spec-cleaner - Upgraded to version 1.3.0 (fate#319941) - Updated openssl-ibmca-configure.patch to apply cleanly - Removed obsolete patches - openssl-ibmca-README.patch - openssl-ibmca-sha256-digest-length.patch - openssl-pkey.patch - openssl-des-ede.patch - Did some spec file cleanup. - Fixed %post script to update library path (the only dynamic part of the ibmca configuration) every time the package is installed. (bsc#966139) - Updated AUTHORS, INSTALL, and README (bsc#942839) - %post and %postun added to properly update openssl.cnf (bsc#942839) - Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138) - Remove dependency on fillup anf insserv; the package provides neither sysconfig file nor sysvinit script - Remove depreciated AUTHORS section - Use %configure macro - Add openssl-ibmca-configure.patch - the openssl engines moved to /%_lib/engines bnc#905480 - Forced requirement of libica-2_3_0 (bnc#890824) - openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) - openssl-pkey.patch: defer HMAC signing to pkey framework, fixes fips self-test during EC key creation (bnc#879922) - spec file cleaned up a bit - openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message digest length definition in sha256 template (bnc#868275) - update to 1.2.0 - removed patches: ibmca-configure.patch ibmca-segfault.fix.patch ibmca-sw-fix.patch openssl-ibmca-1.0.0.rc2-memset-fix.patch - make it exclusivearch for s390/s390x as the required libica is only available for s390/s390x - Made required libica-2_1_0 s390 specific - Added x86_64 to ExclusiveArch as %ix86 doesn't do it - Removed libica requirement - allowing build process to find it - Added COPYING to %files - Requiring libica 2.1.0 or greater - enable ppc64le - fix build (add autoconf automake libtool to BuildRequires) - disable libtool --finish call - own engines directory - package baselibs.conf - obsolete old -XXbit packages (bnc#437293) - added baselibs.conf file to build xxbit packages for multilib support - added fixes by IBM (bug #243801): ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM object ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM object openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem - updated README (bug #185508) - Fixed configure.in to build correctly - Fixed spec file - Initial version from Mike Halcrow OBS-URL: https://build.opensuse.org/request/show/649102 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=5 --- openssl-ibmca.changes | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/openssl-ibmca.changes b/openssl-ibmca.changes index bfcc7cb..31e5641 100644 --- a/openssl-ibmca.changes +++ b/openssl-ibmca.changes @@ -18,6 +18,18 @@ Wed Nov 14 20:18:07 UTC 2018 - mpost@suse.com Provide simple macro for DEBUG_PRINTF possibility Cleanup and slight rework of function set_supported_meths - Did some cleanup to the spec file, based on spec-cleanup. +- Removed the following obsolete patches: + * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch + * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch + * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch + +------------------------------------------------------------------- +Fri Aug 31 19:37:39 UTC 2018 - mpost@suse.com + +- Added the following patches for bsc#1097463 + * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch + * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch + * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch ------------------------------------------------------------------- Fri Sep 22 18:07:10 UTC 2017 - mpost@suse.com