Dominique Leuenberger 2016-04-28 14:54:31 +00:00 committed by Git OBS Bridge
parent ca089ef5ad
commit e49ce50354
9 changed files with 124 additions and 230 deletions

View File

@ -1,68 +0,0 @@
commit 83b8ed7b25c809fa36ec86d7041a6350dc516606
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
Date: Wed Mar 19 15:57:10 2014 -0500
openssl-ibmca: openssl speed -engine ibmca -evp des-ede3-ofb segfaults
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
diff --git a/e_ibmca.c b/e_ibmca.c
index b1ad975..0acbe5f 100644
--- a/e_ibmca.c
+++ b/e_ibmca.c
@@ -883,8 +883,7 @@ typedef unsigned int (*ica_sha256_t)(unsigned int, unsigned int, unsigned char *
sha256_context_t *, unsigned char *);
typedef unsigned int (*ica_des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
- unsigned int key_length, unsigned char *iv,
- unsigned int direction);
+ unsigned char *iv, unsigned int direction);
typedef unsigned int (*ica_des_cfb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
unsigned char *iv, unsigned int lcfb,
@@ -894,8 +893,7 @@ typedef unsigned int (*ica_3des_cfb_t)(const unsigned char *, unsigned char *,
unsigned int, unsigned int);
typedef unsigned int (*ica_3des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
- unsigned int key_length, unsigned char *iv,
- unsigned int direction);
+ unsigned char *iv, unsigned int direction);
typedef unsigned int (*ica_aes_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
unsigned int key_length, unsigned char *iv,
@@ -1197,7 +1195,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
8, ICA_ENCRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
ICA_ENCRYPT);
} else {
rv = p_ica_des_encrypt(mode, len, (unsigned char *)in,
@@ -1223,7 +1221,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
8, ICA_DECRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
ICA_DECRYPT);
} else {
/* Protect against decrypt in place */
@@ -1279,7 +1277,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
ctx->iv, 8, ICA_ENCRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
- 8, ctx->iv, ICA_ENCRYPT);
+ ctx->iv, ICA_ENCRYPT);
} else {
rv = p_ica_3des_encrypt(mode, len, (unsigned char *)in,
(ica_des_vector_t *) ctx->iv,
@@ -1305,7 +1303,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
ctx->iv, 8, ICA_DECRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
- 8, ctx->iv, ICA_DECRYPT);
+ ctx->iv, ICA_DECRYPT);
} else {
/* Protect against decrypt in place */
/* FIXME: Again, check if EVP_CIPHER_CTX_iv_length() should be used */

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d36363798e69e19b203126106f0e3f1a08626f96523994dd3c06adfe9c6d27ad
size 26525

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cdc5387ab229cf3d74b88fd17b60562c8f76f57dfe70514a35ef243791bcdfb0
size 274900

View File

@ -1,65 +0,0 @@
--- README
+++ README
@@ -7,45 +7,28 @@
ABOUT
-This package contains the dynamic IBMCA engine.
+This package contains the dynamic IBMCA engine. Note that, as of
+OpenSSL version 0.9.8, the IBMCA engine is shipped as a dynamic engine
+in a separate RPM.
BUILDING
Requirements: OpenSSL 0.9.8, libICA
- By default, the build will assume that you have a custom openssl installed
-in /usr/local/ssl.
-
- $ configure [--enable-debug] [--with-openssl=/path/to/custom/openssl] \
- [--with-engines-dir=/path/to/openssl/engines/directory]
- $ make
- # make install
-
-Included in this package is a sample openssl.cnf file (openssl.cnf.sample),
-which can be used to turn on use of the IBMCA engine in apps where OpenSSL
-config support is compiled in. In order to enable the IBMCA engine, the
-content from this file should be concatenated to the existing openssl.cnf file
-on the host.
-
-During the build process, the path to the engines/ directory is substituted in
-for the dynamic_path parameter in the ibmca section. By default, this path to
-the engines/ directory is relative to the OpenSSL installation target. With no
-parameters passed to the ./configure script, this target is /usr/local/ssl,
-and so the default entry in the sample openssl.cnf file is:
-
-dynamic_path = /usr/local/ssl/lib/engines/libibmca.so
-
-If OpenSSL is installed to a different location, then the --with-openssl=
-option should be passed to the ./configure script. For instance, if
---with-openssl=/usr is given, then the entry in the sample openssl.cnf file
-is:
+Included in this package is a sample openssl.cnf file
+(openssl.cnf.sample), which can be used to enable use of the IBMCA
+engine in apps where OpenSSL config support is compiled in. In order
+to enable the IBMCA engine, the content from this file should be
+concatenated to the existing openssl.cnf file on the host.
+
+The path to the engines/ directory is /usr/lib/engines; the dynamic
+path to the IBMCA engine for 32-bit binary RPM installations should
+be:
dynamic_path = /usr/lib/engines/libibmca.so
-If the OpenSSL engines directory is located elsewhere, then that location must
-be specified in the --with-engines-dir= option. For instance, if the engines/
-directory is under /usr/lib64, then the ./configure script will need the
-option --with-engines-dir=/usr/lib64/engines, which will produce this entry in
-the sample openssl.cnf file:
+The dynamic path to the IBMCA engine for 64-bit binary RPM
+installations should be:
+
+dynamic_path = /usr/lib64/engines/libibmca.so
-dynamic_path = /usr/lib64/engines/libibmca.so
\ No newline at end of file

View File

@ -1,11 +1,11 @@
--- configure.in --- configure 2016-03-31 18:07:02.238114067 -0400
+++ configure.in +++ configure 2016-03-31 18:09:16.168114067 -0400
@@ -28,7 +28,7 @@ @@ -11511,7 +11511,7 @@
# libica is dlopened, so do not add it to LIBS $as_echo_n "(cached) " >&6
save_LIBS=$LIBS else
AC_CHECK_LIB(ica, ica_open_adapter, [], \ ac_check_lib_save_LIBS=$LIBS
- AC_MSG_ERROR([*** libica-2.x library not found]), [-lssl]) -LIBS="-lica $LIBS"
+ AC_MSG_ERROR([*** libica-2.x library not found]), [-lssl -lrt -lcrypto -lpthread]) +LIBS="-lica -lpthread $LIBS"
LIBS=$save_LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
# OpenSSL location

View File

@ -1,22 +0,0 @@
commit f204aca935dfe45b736e9fb8f822c9e79ec9747c
Author: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Date: Fri Mar 7 10:35:33 2014 +0100
SHA256: Fixed message digest length definition in sha256 template
Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
Acked-by: John Jolly <jjolly@suse.de>
diff --git a/e_ibmca.c b/e_ibmca.c
index 94c44a4..f3fad35 100644
--- a/e_ibmca.c
+++ b/e_ibmca.c
@@ -727,7 +727,7 @@ static const EVP_MD ibmca_sha1 = {
static const EVP_MD ibmca_sha256 = {
NID_sha256,
NID_sha256WithRSAEncryption,
- SHA_HASH_LENGTH,
+ SHA256_HASH_LENGTH,
0,
ibmca_sha256_init,
ibmca_sha256_update,

View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Wed Apr 6 19:07:43 UTC 2016 - mpluskal@suse.com
- Use macro for configure
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
-------------------------------------------------------------------
Thu Mar 31 21:20:34 UTC 2016 - mpost@suse.com
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
-------------------------------------------------------------------
Mon Mar 21 20:53:02 UTC 2016 - jjolly@suse.com
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
-------------------------------------------------------------------
Tue Oct 27 06:36:06 UTC 2015 - jjolly@suse.com
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
-------------------------------------------------------------------
Tue Oct 27 03:46:00 UTC 2015 - jjolly@suse.com
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Mar 8 17:15:03 UTC 2015 - p.drouand@gmail.com Sun Mar 8 17:15:03 UTC 2015 - p.drouand@gmail.com
@ -7,6 +45,11 @@ Sun Mar 8 17:15:03 UTC 2015 - p.drouand@gmail.com
- Use %configure macro - Use %configure macro
- Add openssl-ibmca-configure.patch - Add openssl-ibmca-configure.patch
-------------------------------------------------------------------
Wed Dec 3 09:22:24 UTC 2014 - meissner@suse.com
- the openssl engines moved to /%_lib/engines bnc#905480
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Aug 14 13:03:44 UTC 2014 - jjolly@suse.com Thu Aug 14 13:03:44 UTC 2014 - jjolly@suse.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package openssl-ibmca # spec file for package openssl-ibmca
# #
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,29 +17,21 @@
Name: openssl-ibmca Name: openssl-ibmca
BuildRequires: autoconf Version: 1.3.0
BuildRequires: automake Release: 0
BuildRequires: libica-2_3_0-devel
BuildRequires: libtool
BuildRequires: openssl-devel
Summary: The IBMCA OpenSSL dynamic engine Summary: The IBMCA OpenSSL dynamic engine
License: IPL-1.0 License: IPL-1.0
Group: Hardware/Other Group: Hardware/Other
Version: 1.2.0
Release: 0
Source: openssl-ibmca-1.2.0.tar.gz
Source2: baselibs.conf
Patch1: openssl-ibmca-README.patch
Patch2: openssl-ibmca-configure.patch
Patch3: openssl-ibmca-sha256-digest-length.patch
Patch4: openssl-pkey.patch
Patch5: openssl-des-ede.patch
Url: http://sourceforge.net/projects/opencryptoki Url: http://sourceforge.net/projects/opencryptoki
BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: http://sourceforge.net/projects/opencryptoki/files/libica%%20OpenSSL%%20Engine/ibmca-%{version}/openssl-ibmca-%{version}.tar.bz2
Requires: libica-2_3_0 Source1: baselibs.conf
Patch1: openssl-ibmca-configure.patch
BuildRequires: libica2-devel >= 2.4.0
BuildRequires: openssl-devel
Requires: libica2 >= 2.4.0
Requires: openssl Requires: openssl
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: s390 s390x ExclusiveArch: s390 s390x
#
%description %description
This package contains a shared object OpenSSL dynamic engine for the This package contains a shared object OpenSSL dynamic engine for the
@ -48,26 +40,71 @@ IBM eServer Cryptographic Accelerator (ICA).
%prep %prep
%setup -q %setup -q
%patch1 %patch1
%patch2
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build %build
autoreconf --force --install export CFLAGS="%{optflags}"
%configure --with-engines-dir=%_libdir/engines --libdir=%_libdir/engines export CPPFLAGS="%{optflags}"
make %configure \
--libdir=/%{_lib}/engines
make %{?_smp_mflags}
%install %install
%makeinstall make %{?_smp_mflags} DESTDIR=%{buildroot} install
#(cd $RPM_BUILD_ROOT; libtool --finish ./%_libdir/engines) rm %{buildroot}/%{_lib}/engines/libibmca.la
rm ${RPM_BUILD_ROOT}%{_libdir}/engines/libibmca.la
%post
#Original fix for bsc#942839 was to update on first install
#For bsc#966139 update if openssl_def not found
SSLCNF=%{_sysconfdir}/ssl/openssl.cnf
SSLSMP=%{_docdir}/${name}/openssl.cnf.sample
if [ -f ${SSLCNF} -a -f ${SSLSMP} ]; then
if grep '^openssl_conf[[:space:]]*=[[:space:]]*openssl_def$' ${SSLCNF} >/dev/null 2>&1; then
# Config already installed. Update library path if necessary
SECTSTART=$(grep -n '\[ibmca_section\]' ${SSLCNF} | head -n1 | cut -d':' -f1)
REPLINE=""
if [ "z${SECTSTART}" != "z" ]; then
REPLINE=$((SECTSTART - 1 + $(tail -n+${SECTSTART} ${SSLCNF} | grep -n 'dynamic_path' | head -n1 | cut -d':' -f1) ))
fi
if [ "z${REPLINE}" != "z" ]; then
head -n$((REPLINE - 1)) ${SSLCNF} > ${SSLCNF}.temp
grep 'dynamic_path' ${SSLSMP} >> ${SSLCNF}.temp
tail -n+$((REPLINE + 1)) ${SSLCNF} >> ${SSLCNF}.temp
mv ${SSLCNF}.temp ${SSLCNF}
fi
else
CNFSZE=350 # Size in lines of original openssl.cnf
SMPSZE=46 # Size in lines of original sample config file
CNFINS=9 # Line number in openssl.cnf to insert new line
SMPUSE=11 # Line number in sample to copy from
if [ $(wc -l ${SSLCNF} | cut -d ' ' -f 1) -ne ${CNFSZE} ]; then
echo Original ${SSLCNF} incorrect size. Please manually update from ${SSLSMP}
elif [ $(wc -l ${SSLSMP} | cut -d ' ' -f 1) -ne ${SMPSZE} ]; then
echo Original ${SSLSMP} incorrect size. Please manually update to ${SSLCNF}
else
mv ${SSLCNF} ${SSLCNF}.orig
head -n ${CNFINS} ${SSLCNF}.orig > ${SSLCNF}
head -n ${SMPUSE} ${SSLSMP} | tail -n 1 >> ${SSLCNF}
tail -n $((CNFSZE - CNFINS)) ${SSLCNF}.orig >> ${SSLCNF}
head -n $((SMPUSE - 1)) ${SSLSMP} >> ${SSLCNF}
tail -n $((SMPSZE - SMPUSE)) ${SSLSMP} >> ${SSLCNF}
fi
fi
fi
%postun
if [ $1 -eq 0 ]; then #last uninstall, modify %{_sysconfdir}/openssl.cnf (bsc#942839)
SSLCNF=%{_sysconfdir}/ssl/openssl.cnf
if [ -f ${SSLCNF}.orig ]; then
mv ${SSLCNF}.orig ${SSLCNF}
fi
fi
%files %files
%defattr(-, root, root) %defattr(-, root, root)
%doc README COPYING %doc README COPYING
%doc openssl.cnf.sample %doc src/openssl.cnf.sample
%dir %{_libdir}/engines /%{_lib}/engines/libibmca.*
%{_libdir}/engines/libibmca.* %{_mandir}/man5/ibmca.5%{ext_man}
%changelog %changelog

View File

@ -1,31 +0,0 @@
commit 6cdca2c3d655ef19d022fb3d8bcbf63491b79db2
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
Date: Wed Mar 19 12:50:14 2014 -0500
Add flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE to EVP_MD so that signing method
comes from key type.
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
diff --git a/e_ibmca.c b/e_ibmca.c
index f3fad35..9353470 100644
--- a/e_ibmca.c
+++ b/e_ibmca.c
@@ -711,7 +711,7 @@ static const EVP_MD ibmca_sha1 = {
NID_sha1,
NID_sha1WithRSAEncryption,
SHA_HASH_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
ibmca_sha1_init,
ibmca_sha1_update,
ibmca_sha1_final,
@@ -728,7 +728,7 @@ static const EVP_MD ibmca_sha256 = {
NID_sha256,
NID_sha256WithRSAEncryption,
SHA256_HASH_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
ibmca_sha256_init,
ibmca_sha256_update,
ibmca_sha256_final,