pool/openssl-ibmca
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
107 Commits 3 Branches 0 Tags
factory
Commit Graph

107 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Dominique Leuenberger
9a178689e2 Accepting request 1296164 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1296164
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=59
 2025-07-30 09:42:25 +00:00
Nikolay Gueorguiev
8fdc8da117 - Amended the .spec file (bsc#1246931) 
* removed obsolete engine-related content(files), IBMCA engine is deprecated
  * removed sub-packages
    - openssl-ibmca-engine
    - openssl-ibmca-provider
- Removed multibuild and sources:
  * Source1:        engine_section.txt
  * Source2:        _multibuild

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=90
 2025-07-28 13:58:13 +00:00
Nikolay Gueorguiev
abb2b8dfc1 - Amended the .spec file (bsc#1246931) 
* removed obsolete engine-related content(files), IBMCA engine is depreciated
  * removed sub-packages
    - openssl-ibmca-engine
    - openssl-ibmca-provider
- Removed multibuild and sources:
  * Source1:        engine_section.txt
  * Source2:        _multibuild

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=89
 2025-07-28 06:44:38 +00:00
Ana Guerrero
08fa5d897b Accepting request 1272097 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1272097
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=58
 2025-04-23 13:19:05 +00:00
Nikolay Gueorguiev
72d56a316a - Upgrade openssl-ibmca to version 2.5.0 
* Provider: Add support for OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ on import
  * Provider: Add support for SignMessage and VerifyMessage API for ECDSA and RSA
  * Provider: Allow the DHKEM-IKM option for EC keygen, but use fallback provider
  * Provider: Allow ECDSA deterministic signatures, but use fallback
  * Engine: Enable external AES-GCM IV when libica is in FIPS mode
  * Bug fixes   
- Removed obsolete patches
  * openssl-ibmca-01-engine-Enable-external-AES-GCM-IV-when-libica-is-in-FIPS-mode.patch
  * openssl-ibmca-02-test-provider-Do-not-link-against-libica-use-dlopen-instead.patch
  * openssl-ibmca-03-test-provider-Explicitly-initialize-OpenSSL-after-setting-env-vars.patch
  * openssl-ibmca-04-engine-Fix-compile-error.patch
  * openssl-ibmca-05-provider-Fix-segfault-with-openssl-list-key-managers.patch
  * openssl-ibmca-06-Provider-Fix-segfault-with-openssl-list-signature-algorithms-verbose.patch
  * openssl-ibmca-07-engine-Fix-Do-not-report-errors-if-libica-does-not-support-EC.patch
  * openssl-ibmca-08-Fix-compiler-error-for-undefined-ERR_pop_to_mark.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=87
 2025-04-23 08:50:16 +00:00
Ana Guerrero
71b328ff0c Accepting request 1247090 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1247090
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=57
 2025-02-20 15:36:55 +00:00
Nikolay Gueorguiev
d87223ac22 Accepting request 1247089 from home:ngueorguiev:branches:security:tls 
- Applied additonal patches(bsc#1237344)
  * openssl-ibmca-07-engine-Fix-Do-not-report-errors-if-libica-does-not-support-EC.patch
  * openssl-ibmca-08-Fix-compiler-error-for-undefined-ERR_pop_to_mark.patch
- Applied additional patch (bsc#1236770)
 * openssl-ibmca-06-Provider-Fix-segfault-with-openssl-list-signature-algorithms-verbose.patch
   for Provider: Fix segfault with 'openssl list  -signature-algorithms -verbose'
- Applied a patch (bsc#1236770) 
  * openssl-ibmca-05-provider-Fix-segfault-with-openssl-list-key-managers.patch 
    for openssl list -key-managers -verbose causes core dump
- Adapted the openssl-ibmca package for the openssl-1_1 removal(bsc#1232570)
- Removed obsolete patch
  * openssl1-rename-libica-files.patch
- Applied patches(jsc#PED-10292)
  * openssl-ibmca-01-engine-Enable-external-AES-GCM-IV-when-libica-is-in-FIPS-mode.patch
  * openssl-ibmca-02-test-provider-Do-not-link-against-libica-use-dlopen-instead.patch
  * openssl-ibmca-03-test-provider-Explicitly-initialize-OpenSSL-after-setting-env-vars.patch
  * openssl-ibmca-04-engine-Fix-compile-error.patch 
- Amended the .spec file
  * Replaced hard-coded '/usr/share' with %{_datadir}  
- Amended the .spec file (bsc#1227537)
  * 'rpm.install.excludedocs = yes' in zypp.conf excludes the /usr/share/doc/.. 
  * Added a check, if there is is /usr/share/doc file to be editted.
- Amended the .spec file
- Changed the package names
  +-------------+---------------------------------+--------------------------+
  |  Flavor     | Package name                    | Note                     |
  +-------------+---------------------------------+--------------------------+
  |  ''         | openssl-ibmca                   | Both engine and provider |
  |  openssl1_1 | openssl1_1-ibmca                | openssl1 flavor          |
  |  engine     | openssl-ibmca-engine            | Only engine              |
  |  provider   | openssl-ibmca-provider          | Only provider            |
  +-------------+---------------------------------+--------------------------+
- Applied a patch for openssl1_1 (bsc#1221627)
  * openssl1-rename-libica-files.patch
- Re-implemented flavors (openssl3, engine, provider) (bsc#1221627) 
  +------------+---------------------------------+--------------------------+ 
  |  Flavor    | Package name                    | Note                     |
  +------------+---------------------------------+--------------------------+ 
  |  ''        | openssl-ibmca                   | openssl1 flavor          |
  |  engine    | openssl3-ibmca-engine           | Only engine              |
  |  provider  | openssl3-ibmca-provider         | Only provider            |
  |  openssl3  | openssl3-ibmca                  | Both engine and provider |        
  +------------+---------------------------------+--------------------------+ 
- Changing/editing 'dynamic_path' after the installation on the target system 
  * From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
    /usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig
    for openssl3 flavor
- Amended the .spec file (bsc#1221627)
  * Removed the flavors
  * Removed 'muiltibuild' environment
  * Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
  * Amended the .spec file to use modulesdir variable 
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
  * When provider is set to 1, it 'configures' the provider
  * When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
  * openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422) 
  * Provider: Change the default log directory to /tmp
  * Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
  * Requires:  libica4 >= 4
- Updated the .spec file
  * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries 
- Updated the .spec file as follow:
  * BuildRequires:  libica-devel >= 4.0.0
  * BuildRequires:  libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
  * BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
  * openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
  * openssl-ibmca 2.4.0
    - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 
    - Provider: Support RSA blinding
    - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
    - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
    - Provider: Adjustments in OpenSSL config generator and example configs
    - Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
    - Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
  'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files 
  * /usr/lib64/engines-3/ibmca-provider.la
  * /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
  * openssl-ibmca 2.3.1
    - Adjustments for libica 4.1.0
  * openssl-ibmca 2.3.0
    - First version including the provider
    - Fix for engine build without OpenSSL 3.0 sources
  * openssl-ibmca 2.2.3
    - Fix PKEY segfault with OpenSSL 3.0
  * openssl-ibmca 2.2.2
    - Fix tests with OpenSSL 3.0
    - Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
  need to know or care about how many lines are in either
  /etc/ssl/openssl.cnf, or the sample file at
  /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
  We're now using the ".include" directive for the openssl.cnf
  file, and only modifying that file the minimum necessary to
  implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
  * openssl-ibmca 2.2.1
    Bug fixes
  * openssl-ibmca 2.2.0
    Implement fallbacks based on OpenSSL
    Disable software fallbacks from libica
    Allow to specify default library (libica vs. libica-cex) to use
    Provide "libica" engine ctrl to switch library at load time
    Update README.md
    Remove libica link dependency
    Generate sample configuration files from system configuration
    Restructure registration global data
  * openssl-ibmca 2.1.3
    Bug fix
  * openssl-ibmca 2.1.2
    Bug fixes
- Modified spec file to
  * Define a global variable enginesdir the same was as IBM does
    instead of _ENGINE_DIR as we had been doing.
  * Implemented %make_build macro according to spec-cleaner
  * Changed the package description to match IBM's.
  * Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
  * Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
  Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
  * openssl-ibmca 2.0.3
    Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
  linking against the shared library. As a result, if the package
  containing libica.so.3 isn't installed, problems occur. Added
  a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
  from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
  An Apache HTTP Server was set up with mod_ssl and the openssl
  ibmca engine using libica and a CEX6A card. Whenever a worker
  process is cleaned up a segmentation fault occurs.
  (bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
  * openssl-ibmca 2.0.2
    Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
  * openssl-ibmca 2.0.1
    Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
  * openssl-ibmca 2.0.0
    Add ECC support.
    Add check and distcheck make-targets.
    Project cleanup, code was broken into multiple files and coding style cleanup.
    Improvements to compat macros for openssl.
    Don't disable libica sw fallbacks.
    Fix dlclose logic.
  * openssl-ibmca 1.4.1
    Fix structure size for aes-256-ecb/cbc/cfb/ofb
    Update man page
    Switch to ibmca.so filename to allow standalone use
    Switch off Libica fallback mode if available
    Make sure ibmca_init only runs once
    Provide simple macro for DEBUG_PRINTF possibility
    Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
  * Re-license to Apache License v2.0
  * Fix aes_gcm initialization.
  * Update man page.
  * Add macros for OpenSSL 0.9.8 compat.
  * Remove AC_FUNC_MALLOC from configure.ac
  * Add compat macro for OpenSSL 1.0.1e-fips.
  * Setting 'foreign' strictness for automake.
  * Add AES-GCM support.
  * Rework EVP_aes macros.
  * Remove dependency of old local OpenSSL headers.
  * Fix engine initialization to set function pointers only once.
  * Remove blank COPYING and NEWS files.
  * Remove INSTALL and move its content to README.md
  * Update README.md file to make use of markdown.
  * Rename README file to README.md to use markdown
  * Add CONTRIBUTING guidelines.
  * Adding coding style documentation.
  * Enable EVP_MD_FLAG_FIPS flag for SHA-*.
  * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
  * Fix SHA512 EVP digest struct to use 
    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
  * Fix wrong parenthesis
  * convert libica loading to dlopen() and friends
  * Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
  * Modified the spec file to query the libcrypto package
    for which directory to install the engine into.
  * Removed openssl-ibmca-fix-enginepath.patch. Replaced it
    with a sed command so that it will provide the correct
    versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
  be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
  same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
  - Updated openssl-ibmca-configure.patch to apply cleanly
  - Removed obsolete patches
    - openssl-ibmca-README.patch
    - openssl-ibmca-sha256-digest-length.patch
    - openssl-pkey.patch
    - openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
  of the ibmca configuration) every time the package is installed.
  (bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides 
  neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) 
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
  fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
  digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
  ibmca-configure.patch
  ibmca-segfault.fix.patch
  ibmca-sw-fix.patch
  openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
  is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le 
- fix build (add autoconf automake libtool to BuildRequires) 
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
  for multilib support
- added fixes by IBM (bug #243801):
  ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
  object
  ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
  object
  openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow

OBS-URL: https://build.opensuse.org/request/show/1247089
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=85
 2025-02-19 13:32:28 +00:00
Nikolay Gueorguiev
b093a2422a Accepting request 1247025 from home:ngueorguiev:branches:security:tls 
- Applied additonal patch(bsc#1237344)
  * openssl-ibmca-07-engine-Fix-Do-not-report-errors-if-libica-does-not-support-EC.patch

OBS-URL: https://build.opensuse.org/request/show/1247025
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=84
 2025-02-19 11:08:36 +00:00
Ana Guerrero
23724f7e5b Accepting request 1243312 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1243312
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=56
 2025-02-05 16:33:30 +00:00
Nikolay Gueorguiev
bc06faca48 - Applied additional patch (bsc#1236770) 
* openssl-ibmca-06-Provider-Fix-segfault-with-openssl-list-signature-algorithms-verbose.patch
   for Provider: Fix segfault with 'openssl list  -signature-algorithms -verbose'

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=82
 2025-02-05 10:45:07 +00:00
Ana Guerrero
90d7a798cc Accepting request 1243000 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1243000
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=55
 2025-02-04 17:13:30 +00:00
Nikolay Gueorguiev
fd06942dab - Applied a patch (bsc#1236770) 
* openssl-ibmca-05-provider-Fix-segfault-with-openssl-list-key-managers.patch 
    for openssl list -key-managers -verbose causes core dump

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=80
 2025-02-04 09:14:44 +00:00
Dominique Leuenberger
7afdef876e Accepting request 1219360 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1219360
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=54
 2024-10-30 16:38:24 +00:00
Nikolay Gueorguiev
bca8475b66 - Adapted the openssl-ibmca package for the openssl-1_1 removal(bsc#1232570) 
- Removed obsolete patch
  * openssl1-rename-libica-files.patch
- Applied patches(jsc#PED-10292)
  * openssl-ibmca-01-engine-Enable-external-AES-GCM-IV-when-libica-is-in-FIPS-mode.patch
  * openssl-ibmca-02-test-provider-Do-not-link-against-libica-use-dlopen-instead.patch
  * openssl-ibmca-03-test-provider-Explicitly-initialize-OpenSSL-after-setting-env-vars.patch
  * openssl-ibmca-04-engine-Fix-compile-error.patch 
- Amended the .spec file
  * Replaced hard-coded '/usr/share' with %{_datadir}  
- Amended the .spec file (bsc#1227537)
  * 'rpm.install.excludedocs = yes' in zypp.conf excludes the /usr/share/doc/.. 
  * Added a check, if there is is /usr/share/doc file to be editted.
- Amended the .spec file
- Changed the package names
  +-------------+---------------------------------+--------------------------+
  |  Flavor     | Package name                    | Note                     |
  +-------------+---------------------------------+--------------------------+
  |  ''         | openssl-ibmca                   | Both engine and provider |
  |  openssl1_1 | openssl1_1-ibmca                | openssl1 flavor          |
  |  engine     | openssl-ibmca-engine            | Only engine              |
  |  provider   | openssl-ibmca-provider          | Only provider            |
  +-------------+---------------------------------+--------------------------+
- Applied a patch for openssl1_1 (bsc#1221627)
  * openssl1-rename-libica-files.patch
- Re-implemented flavors (openssl3, engine, provider) (bsc#1221627) 
  +------------+---------------------------------+--------------------------+ 
  |  Flavor    | Package name                    | Note                     |
  +------------+---------------------------------+--------------------------+ 
  |  ''        | openssl-ibmca                   | openssl1 flavor          |
  |  engine    | openssl3-ibmca-engine           | Only engine              |
  |  provider  | openssl3-ibmca-provider         | Only provider            |
  |  openssl3  | openssl3-ibmca                  | Both engine and provider |        
  +------------+---------------------------------+--------------------------+ 
- Changing/editing 'dynamic_path' after the installation on the target system 
  * From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
    /usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig
    for openssl3 flavor
- Amended the .spec file (bsc#1221627)
  * Removed the flavors
  * Removed 'muiltibuild' environment
  * Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
  * Amended the .spec file to use modulesdir variable 
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
  * When provider is set to 1, it 'configures' the provider
  * When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
  * openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422) 
  * Provider: Change the default log directory to /tmp
  * Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
  * Requires:  libica4 >= 4
- Updated the .spec file
  * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries 
- Updated the .spec file as follow:
  * BuildRequires:  libica-devel >= 4.0.0
  * BuildRequires:  libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
  * BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
  * openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
  * openssl-ibmca 2.4.0
    - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 
    - Provider: Support RSA blinding
    - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
    - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
    - Provider: Adjustments in OpenSSL config generator and example configs
    - Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
    - Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
  'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files 
  * /usr/lib64/engines-3/ibmca-provider.la
  * /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
  * openssl-ibmca 2.3.1
    - Adjustments for libica 4.1.0
  * openssl-ibmca 2.3.0
    - First version including the provider
    - Fix for engine build without OpenSSL 3.0 sources
  * openssl-ibmca 2.2.3
    - Fix PKEY segfault with OpenSSL 3.0
  * openssl-ibmca 2.2.2
    - Fix tests with OpenSSL 3.0
    - Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
  need to know or care about how many lines are in either
  /etc/ssl/openssl.cnf, or the sample file at
  /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
  We're now using the ".include" directive for the openssl.cnf
  file, and only modifying that file the minimum necessary to
  implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
  * openssl-ibmca 2.2.1
    Bug fixes
  * openssl-ibmca 2.2.0
    Implement fallbacks based on OpenSSL
    Disable software fallbacks from libica
    Allow to specify default library (libica vs. libica-cex) to use
    Provide "libica" engine ctrl to switch library at load time
    Update README.md
    Remove libica link dependency
    Generate sample configuration files from system configuration
    Restructure registration global data
  * openssl-ibmca 2.1.3
    Bug fix
  * openssl-ibmca 2.1.2
    Bug fixes
- Modified spec file to
  * Define a global variable enginesdir the same was as IBM does
    instead of _ENGINE_DIR as we had been doing.
  * Implemented %make_build macro according to spec-cleaner
  * Changed the package description to match IBM's.
  * Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
  * Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
  Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
  * openssl-ibmca 2.0.3
    Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
  linking against the shared library. As a result, if the package
  containing libica.so.3 isn't installed, problems occur. Added
  a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
  from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
  An Apache HTTP Server was set up with mod_ssl and the openssl
  ibmca engine using libica and a CEX6A card. Whenever a worker
  process is cleaned up a segmentation fault occurs.
  (bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
  * openssl-ibmca 2.0.2
    Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
  * openssl-ibmca 2.0.1
    Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
  * openssl-ibmca 2.0.0
    Add ECC support.
    Add check and distcheck make-targets.
    Project cleanup, code was broken into multiple files and coding style cleanup.
    Improvements to compat macros for openssl.
    Don't disable libica sw fallbacks.
    Fix dlclose logic.
  * openssl-ibmca 1.4.1
    Fix structure size for aes-256-ecb/cbc/cfb/ofb
    Update man page
    Switch to ibmca.so filename to allow standalone use
    Switch off Libica fallback mode if available
    Make sure ibmca_init only runs once
    Provide simple macro for DEBUG_PRINTF possibility
    Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
  * Re-license to Apache License v2.0
  * Fix aes_gcm initialization.
  * Update man page.
  * Add macros for OpenSSL 0.9.8 compat.
  * Remove AC_FUNC_MALLOC from configure.ac
  * Add compat macro for OpenSSL 1.0.1e-fips.
  * Setting 'foreign' strictness for automake.
  * Add AES-GCM support.
  * Rework EVP_aes macros.
  * Remove dependency of old local OpenSSL headers.
  * Fix engine initialization to set function pointers only once.
  * Remove blank COPYING and NEWS files.
  * Remove INSTALL and move its content to README.md
  * Update README.md file to make use of markdown.
  * Rename README file to README.md to use markdown
  * Add CONTRIBUTING guidelines.
  * Adding coding style documentation.
  * Enable EVP_MD_FLAG_FIPS flag for SHA-*.
  * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
  * Fix SHA512 EVP digest struct to use 
    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
  * Fix wrong parenthesis
  * convert libica loading to dlopen() and friends
  * Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
  * Modified the spec file to query the libcrypto package
    for which directory to install the engine into.
  * Removed openssl-ibmca-fix-enginepath.patch. Replaced it
    with a sed command so that it will provide the correct
    versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
  be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
  same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
  - Updated openssl-ibmca-configure.patch to apply cleanly
  - Removed obsolete patches
    - openssl-ibmca-README.patch
    - openssl-ibmca-sha256-digest-length.patch
    - openssl-pkey.patch
    - openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
  of the ibmca configuration) every time the package is installed.
  (bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides 
  neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) 
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
  fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
  digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
  ibmca-configure.patch
  ibmca-segfault.fix.patch
  ibmca-sw-fix.patch
  openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
  is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le 
- fix build (add autoconf automake libtool to BuildRequires) 
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
  for multilib support
- added fixes by IBM (bug #243801):
  ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
  object
  ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
  object
  openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=78
 2024-10-30 08:57:11 +00:00
Nikolay Gueorguiev
2894c35cb4 - Adapted the openssl-ibmca package for the openssl-1_1 removal(bsc#1232570) 
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=77
 2024-10-30 08:42:35 +00:00
Ana Guerrero
b498c25b68 Accepting request 1219003 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1219003
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=53
 2024-10-29 13:37:02 +00:00
Nikolay Gueorguiev
10906683d5 - Applied patches(jsc#PED-10292) 
* openssl-ibmca-01-engine-Enable-external-AES-GCM-IV-when-libica-is-in-FIPS-mode.patch
  * openssl-ibmca-02-test-provider-Do-not-link-against-libica-use-dlopen-instead.patch
  * openssl-ibmca-03-test-provider-Explicitly-initialize-OpenSSL-after-setting-env-vars.patch
  * openssl-ibmca-04-engine-Fix-compile-error.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=75
 2024-10-29 11:12:32 +00:00
Ana Guerrero
a773986189 Accepting request 1187666 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1187666
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=52
 2024-07-16 20:04:07 +00:00
Nikolay Gueorguiev
bb2eb423a1 - Amended the .spec file 
* Replaced hard-coded '/usr/share' with %{_datadir}

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=73
 2024-07-16 06:29:46 +00:00
Ana Guerrero
c6f25595ca Accepting request 1187530 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1187530
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=51
 2024-07-15 17:49:55 +00:00
Nikolay Gueorguiev
dcb5b26c8a - Amended the .spec file (bsc#1227537) 
* 'rpm.install.excludedocs = yes' in zypp.conf excludes the /usr/share/doc/.. 
  * Added a check, if there is is /usr/share/doc file to be editted.

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=71
 2024-07-15 09:12:50 +00:00
Ana Guerrero
27508c4aee Accepting request 1168604 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1168604
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=50
 2024-04-18 20:12:04 +00:00
Nikolay Gueorguiev
57cb7f51b9 Accepting request 1168603 from home:ngueorguiev:branches:security:tls 
- Amended the .spec file
- Changed the package names
  +-------------+---------------------------------+--------------------------+
  |  Flavor     | Package name                    | Note                     |
  +-------------+---------------------------------+--------------------------+
  |  ''         | openssl-ibmca                   | Both engine and provider |
  |  openssl1_1 | openssl1_1-ibmca                | openssl1 flavor          |
  |  engine     | openssl-ibmca-engine            | Only engine              |
  |  provider   | openssl-ibmca-provider          | Only provider            |
  +-------------+---------------------------------+--------------------------+

OBS-URL: https://build.opensuse.org/request/show/1168603
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=69
 2024-04-17 14:49:52 +00:00
Nikolay Gueorguiev
450c38b5ae Accepting request 1168592 from home:ngueorguiev:branches:security:tls 
- Amended the .spec file
- Changed the package names
  +-------------+---------------------------------+--------------------------+
  |  Flavor     | Package name                    | Note                     |
  +-------------+---------------------------------+--------------------------+
  |  ''         | openssl-ibmca                   | Both engine and provider |
  |  openssl1_1 | openssl1_1-ibmca                | openssl1 flavor          |
  |  engine     | openssl-ibmca-engine            | Only engine              |
  |  provider   | openssl-ibmca-provider          | Only provider            |
  +-------------+---------------------------------+--------------------------+
- Applied a patch for openssl1_1 (bsc#1221627)
  * openssl1-rename-libica-files.patch
- Re-implemented flavors (openssl3, engine, provider) (bsc#1221627) 
  +------------+---------------------------------+--------------------------+ 
  |  Flavor    | Package name                    | Note                     |
  +------------+---------------------------------+--------------------------+ 
  |  ''        | openssl-ibmca                   | openssl1 flavor          |
  |  engine    | openssl3-ibmca-engine           | Only engine              |
  |  provider  | openssl3-ibmca-provider         | Only provider            |
  |  openssl3  | openssl3-ibmca                  | Both engine and provider |        
  +------------+---------------------------------+--------------------------+ 
- Changing/editing 'dynamic_path' after the installation on the target system 
  * From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
    /usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig
    for openssl3 flavor
- Amended the .spec file (bsc#1221627)
  * Removed the flavors
  * Removed 'muiltibuild' environment
  * Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
  * Amended the .spec file to use modulesdir variable 
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
  * When provider is set to 1, it 'configures' the provider
  * When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
  * openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422) 
  * Provider: Change the default log directory to /tmp
  * Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
  * Requires:  libica4 >= 4
- Updated the .spec file
  * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries 
- Updated the .spec file as follow:
  * BuildRequires:  libica-devel >= 4.0.0
  * BuildRequires:  libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
  * BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
  * openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
  * openssl-ibmca 2.4.0
    - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 
    - Provider: Support RSA blinding
    - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
    - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
    - Provider: Adjustments in OpenSSL config generator and example configs
    - Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
    - Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
  'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files 
  * /usr/lib64/engines-3/ibmca-provider.la
  * /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
  * openssl-ibmca 2.3.1
    - Adjustments for libica 4.1.0
  * openssl-ibmca 2.3.0
    - First version including the provider
    - Fix for engine build without OpenSSL 3.0 sources
  * openssl-ibmca 2.2.3
    - Fix PKEY segfault with OpenSSL 3.0
  * openssl-ibmca 2.2.2
    - Fix tests with OpenSSL 3.0
    - Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
  need to know or care about how many lines are in either
  /etc/ssl/openssl.cnf, or the sample file at
  /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
  We're now using the ".include" directive for the openssl.cnf
  file, and only modifying that file the minimum necessary to
  implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
  * openssl-ibmca 2.2.1
    Bug fixes
  * openssl-ibmca 2.2.0
    Implement fallbacks based on OpenSSL
    Disable software fallbacks from libica
    Allow to specify default library (libica vs. libica-cex) to use
    Provide "libica" engine ctrl to switch library at load time
    Update README.md
    Remove libica link dependency
    Generate sample configuration files from system configuration
    Restructure registration global data
  * openssl-ibmca 2.1.3
    Bug fix
  * openssl-ibmca 2.1.2
    Bug fixes
- Modified spec file to
  * Define a global variable enginesdir the same was as IBM does
    instead of _ENGINE_DIR as we had been doing.
  * Implemented %make_build macro according to spec-cleaner
  * Changed the package description to match IBM's.
  * Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
  * Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
  Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
  * openssl-ibmca 2.0.3
    Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
  linking against the shared library. As a result, if the package
  containing libica.so.3 isn't installed, problems occur. Added
  a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
  from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
  An Apache HTTP Server was set up with mod_ssl and the openssl
  ibmca engine using libica and a CEX6A card. Whenever a worker
  process is cleaned up a segmentation fault occurs.
  (bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
  * openssl-ibmca 2.0.2
    Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
  * openssl-ibmca 2.0.1
    Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
  * openssl-ibmca 2.0.0
    Add ECC support.
    Add check and distcheck make-targets.
    Project cleanup, code was broken into multiple files and coding style cleanup.
    Improvements to compat macros for openssl.
    Don't disable libica sw fallbacks.
    Fix dlclose logic.
  * openssl-ibmca 1.4.1
    Fix structure size for aes-256-ecb/cbc/cfb/ofb
    Update man page
    Switch to ibmca.so filename to allow standalone use
    Switch off Libica fallback mode if available
    Make sure ibmca_init only runs once
    Provide simple macro for DEBUG_PRINTF possibility
    Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
  * Re-license to Apache License v2.0
  * Fix aes_gcm initialization.
  * Update man page.
  * Add macros for OpenSSL 0.9.8 compat.
  * Remove AC_FUNC_MALLOC from configure.ac
  * Add compat macro for OpenSSL 1.0.1e-fips.
  * Setting 'foreign' strictness for automake.
  * Add AES-GCM support.
  * Rework EVP_aes macros.
  * Remove dependency of old local OpenSSL headers.
  * Fix engine initialization to set function pointers only once.
  * Remove blank COPYING and NEWS files.
  * Remove INSTALL and move its content to README.md
  * Update README.md file to make use of markdown.
  * Rename README file to README.md to use markdown
  * Add CONTRIBUTING guidelines.
  * Adding coding style documentation.
  * Enable EVP_MD_FLAG_FIPS flag for SHA-*.
  * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
  * Fix SHA512 EVP digest struct to use 
    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
  * Fix wrong parenthesis
  * convert libica loading to dlopen() and friends
  * Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
  * Modified the spec file to query the libcrypto package
    for which directory to install the engine into.
  * Removed openssl-ibmca-fix-enginepath.patch. Replaced it
    with a sed command so that it will provide the correct
    versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
  be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
  same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
  - Updated openssl-ibmca-configure.patch to apply cleanly
  - Removed obsolete patches
    - openssl-ibmca-README.patch
    - openssl-ibmca-sha256-digest-length.patch
    - openssl-pkey.patch
    - openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
  of the ibmca configuration) every time the package is installed.
  (bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides 
  neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) 
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
  fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
  digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
  ibmca-configure.patch
  ibmca-segfault.fix.patch
  ibmca-sw-fix.patch
  openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
  is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le 
- fix build (add autoconf automake libtool to BuildRequires) 
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
  for multilib support
- added fixes by IBM (bug #243801):
  ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
  object
  ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
  object
  openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow

OBS-URL: https://build.opensuse.org/request/show/1168592
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=68
 2024-04-17 14:35:05 +00:00
Nikolay Gueorguiev
01268ca482 Accepting request 1168552 from home:ngueorguiev:branches:security:tls 
- Amended the .spec file
- Changed the package names
  +------------+---------------------------------+--------------------------+
  |  Flavor    | Package name                    | Note                     |
  +------------+---------------------------------+--------------------------+
  |  ''        | openssl1_1-ibmca                | openssl1 flavor          |
  |  engine    | openssl-ibmca-engine            | Only engine              |
  |  provider  | openssl-ibmca-provider          | Only provider            |
  |  openssl3  | openssl-ibmca                   | Both engine and provider |
  +------------+---------------------------------+--------------------------+
- Applied a patch for openssl1_1 (bsc#1221627)
  * openssl1-rename-libica-files.patch

OBS-URL: https://build.opensuse.org/request/show/1168552
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=67
 2024-04-17 13:04:59 +00:00
Nikolay Gueorguiev
a4456cfb82 Accepting request 1168543 from home:ngueorguiev:branches:security:tls 
- Amended the .spec file
- Changed the package names
  +------------+---------------------------------+--------------------------+
  |  Flavor    | Package name                    | Note                     |
  +------------+---------------------------------+--------------------------+
  |  ''        | openssl1_1-ibmca                | openssl1 flavor          |
  |  engine    | openssl-ibmca-engine            | Only engine              |
  |  provider  | openssl-ibmca-provider          | Only provider            |
  |  openssl3  | openssl-ibmca                   | Both engine and provider |
  +------------+---------------------------------+--------------------------+
- Applied a patch for openssl1_1 (bsc#1221627)
  * openssl1-rename-libica-files.patch

OBS-URL: https://build.opensuse.org/request/show/1168543
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=66
 2024-04-17 12:50:11 +00:00
Nikolay Gueorguiev
1c1bc15f2d Accepting request 1166593 from home:ngueorguiev:branches:security:tls 
Re-implemented flavors (openssl3, engine, provider)

OBS-URL: https://build.opensuse.org/request/show/1166593
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=65
 2024-04-10 08:01:09 +00:00
Nikolay Gueorguiev
f97e95c8e8 Accepting request 1166481 from home:ngueorguiev:branches:security:tls 
- Re-implemented flavors (openssl3, engine, provider) (bsc#1221627) 
  +------------+---------------------------------+--------------------------+ 
  |  Flavor    | Package name                    | Note                     |
  +------------+---------------------------------+--------------------------+ 
  |  ''        | openssl-ibmca                   | openssl1 flavor          |
  |  engine    | openssl3-ibmca-engine           | Only engine              |
  |  provider  | openssl3-ibmca-provider         | Only provider            |
  |  openssl3  | openssl3-ibmca                  | Both engine and provider |        
  +------------+---------------------------------+--------------------------+ 
- Changing/editing 'dynamic_path' after the installation on the target system 
  * From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
    /usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig
    for openssl3 flavor
- Amended the .spec file (bsc#1221627)
  * Removed the flavors
  * Removed 'muiltibuild' environment
  * Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
  * Amended the .spec file to use modulesdir variable 
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
  * When provider is set to 1, it 'configures' the provider
  * When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
  * openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422) 
  * Provider: Change the default log directory to /tmp
  * Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
  * Requires:  libica4 >= 4
- Updated the .spec file
  * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries 
- Updated the .spec file as follow:
  * BuildRequires:  libica-devel >= 4.0.0
  * BuildRequires:  libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
  * BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
  * openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
  * openssl-ibmca 2.4.0
    - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 
    - Provider: Support RSA blinding
    - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
    - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
    - Provider: Adjustments in OpenSSL config generator and example configs
    - Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
    - Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
  'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files 
  * /usr/lib64/engines-3/ibmca-provider.la
  * /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
  * openssl-ibmca 2.3.1
    - Adjustments for libica 4.1.0
  * openssl-ibmca 2.3.0
    - First version including the provider
    - Fix for engine build without OpenSSL 3.0 sources
  * openssl-ibmca 2.2.3
    - Fix PKEY segfault with OpenSSL 3.0
  * openssl-ibmca 2.2.2
    - Fix tests with OpenSSL 3.0
    - Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
  need to know or care about how many lines are in either
  /etc/ssl/openssl.cnf, or the sample file at
  /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
  We're now using the ".include" directive for the openssl.cnf
  file, and only modifying that file the minimum necessary to
  implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
  * openssl-ibmca 2.2.1
    Bug fixes
  * openssl-ibmca 2.2.0
    Implement fallbacks based on OpenSSL
    Disable software fallbacks from libica
    Allow to specify default library (libica vs. libica-cex) to use
    Provide "libica" engine ctrl to switch library at load time
    Update README.md
    Remove libica link dependency
    Generate sample configuration files from system configuration
    Restructure registration global data
  * openssl-ibmca 2.1.3
    Bug fix
  * openssl-ibmca 2.1.2
    Bug fixes
- Modified spec file to
  * Define a global variable enginesdir the same was as IBM does
    instead of _ENGINE_DIR as we had been doing.
  * Implemented %make_build macro according to spec-cleaner
  * Changed the package description to match IBM's.
  * Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
  * Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
  Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
  * openssl-ibmca 2.0.3
    Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
  linking against the shared library. As a result, if the package
  containing libica.so.3 isn't installed, problems occur. Added
  a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
  from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
  An Apache HTTP Server was set up with mod_ssl and the openssl
  ibmca engine using libica and a CEX6A card. Whenever a worker
  process is cleaned up a segmentation fault occurs.
  (bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
  * openssl-ibmca 2.0.2
    Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
  * openssl-ibmca 2.0.1
    Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
  * openssl-ibmca 2.0.0
    Add ECC support.
    Add check and distcheck make-targets.
    Project cleanup, code was broken into multiple files and coding style cleanup.
    Improvements to compat macros for openssl.
    Don't disable libica sw fallbacks.
    Fix dlclose logic.
  * openssl-ibmca 1.4.1
    Fix structure size for aes-256-ecb/cbc/cfb/ofb
    Update man page
    Switch to ibmca.so filename to allow standalone use
    Switch off Libica fallback mode if available
    Make sure ibmca_init only runs once
    Provide simple macro for DEBUG_PRINTF possibility
    Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
  * Re-license to Apache License v2.0
  * Fix aes_gcm initialization.
  * Update man page.
  * Add macros for OpenSSL 0.9.8 compat.
  * Remove AC_FUNC_MALLOC from configure.ac
  * Add compat macro for OpenSSL 1.0.1e-fips.
  * Setting 'foreign' strictness for automake.
  * Add AES-GCM support.
  * Rework EVP_aes macros.
  * Remove dependency of old local OpenSSL headers.
  * Fix engine initialization to set function pointers only once.
  * Remove blank COPYING and NEWS files.
  * Remove INSTALL and move its content to README.md
  * Update README.md file to make use of markdown.
  * Rename README file to README.md to use markdown
  * Add CONTRIBUTING guidelines.
  * Adding coding style documentation.
  * Enable EVP_MD_FLAG_FIPS flag for SHA-*.
  * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
  * Fix SHA512 EVP digest struct to use 
    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
  * Fix wrong parenthesis
  * convert libica loading to dlopen() and friends
  * Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
  * Modified the spec file to query the libcrypto package
    for which directory to install the engine into.
  * Removed openssl-ibmca-fix-enginepath.patch. Replaced it
    with a sed command so that it will provide the correct
    versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
  be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
  same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
  - Updated openssl-ibmca-configure.patch to apply cleanly
  - Removed obsolete patches
    - openssl-ibmca-README.patch
    - openssl-ibmca-sha256-digest-length.patch
    - openssl-pkey.patch
    - openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
  of the ibmca configuration) every time the package is installed.
  (bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides 
  neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) 
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
  fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
  digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
  ibmca-configure.patch
  ibmca-segfault.fix.patch
  ibmca-sw-fix.patch
  openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
  is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le 
- fix build (add autoconf automake libtool to BuildRequires) 
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
  for multilib support
- added fixes by IBM (bug #243801):
  ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
  object
  ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
  object
  openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow

OBS-URL: https://build.opensuse.org/request/show/1166481
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=64
 2024-04-09 16:08:01 +00:00
Nikolay Gueorguiev
5fb994c222 Accepting request 1165422 from home:ngueorguiev:branches:security:tls 
- Changing/editing 'dynamic_path' after the installation on the target system 
  * From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
    /usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig
- Amended the .spec file (bsc#1221627)
  * Removed the flavors
  * Removed 'muiltibuild' environment
  * Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
  * Amended the .spec file to use modulesdir variable 
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
  * When provider is set to 1, it 'configures' the provider
  * When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
  * openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422) 
  * Provider: Change the default log directory to /tmp
  * Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
  * Requires:  libica4 >= 4
- Updated the .spec file
  * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries 
- Updated the .spec file as follow:
  * BuildRequires:  libica-devel >= 4.0.0
  * BuildRequires:  libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
  * BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
  * openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
  * openssl-ibmca 2.4.0
    - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 
    - Provider: Support RSA blinding
    - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
    - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
    - Provider: Adjustments in OpenSSL config generator and example configs
    - Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
    - Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
  'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files 
  * /usr/lib64/engines-3/ibmca-provider.la
  * /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
  * openssl-ibmca 2.3.1
    - Adjustments for libica 4.1.0
  * openssl-ibmca 2.3.0
    - First version including the provider
    - Fix for engine build without OpenSSL 3.0 sources
  * openssl-ibmca 2.2.3
    - Fix PKEY segfault with OpenSSL 3.0
  * openssl-ibmca 2.2.2
    - Fix tests with OpenSSL 3.0
    - Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
  need to know or care about how many lines are in either
  /etc/ssl/openssl.cnf, or the sample file at
  /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
  We're now using the ".include" directive for the openssl.cnf
  file, and only modifying that file the minimum necessary to
  implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
  * openssl-ibmca 2.2.1
    Bug fixes
  * openssl-ibmca 2.2.0
    Implement fallbacks based on OpenSSL
    Disable software fallbacks from libica
    Allow to specify default library (libica vs. libica-cex) to use
    Provide "libica" engine ctrl to switch library at load time
    Update README.md
    Remove libica link dependency
    Generate sample configuration files from system configuration
    Restructure registration global data
  * openssl-ibmca 2.1.3
    Bug fix
  * openssl-ibmca 2.1.2
    Bug fixes
- Modified spec file to
  * Define a global variable enginesdir the same was as IBM does
    instead of _ENGINE_DIR as we had been doing.
  * Implemented %make_build macro according to spec-cleaner
  * Changed the package description to match IBM's.
  * Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
  * Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
  Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
  * openssl-ibmca 2.0.3
    Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
  linking against the shared library. As a result, if the package
  containing libica.so.3 isn't installed, problems occur. Added
  a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
  from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
  An Apache HTTP Server was set up with mod_ssl and the openssl
  ibmca engine using libica and a CEX6A card. Whenever a worker
  process is cleaned up a segmentation fault occurs.
  (bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
  * openssl-ibmca 2.0.2
    Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
  * openssl-ibmca 2.0.1
    Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
  * openssl-ibmca 2.0.0
    Add ECC support.
    Add check and distcheck make-targets.
    Project cleanup, code was broken into multiple files and coding style cleanup.
    Improvements to compat macros for openssl.
    Don't disable libica sw fallbacks.
    Fix dlclose logic.
  * openssl-ibmca 1.4.1
    Fix structure size for aes-256-ecb/cbc/cfb/ofb
    Update man page
    Switch to ibmca.so filename to allow standalone use
    Switch off Libica fallback mode if available
    Make sure ibmca_init only runs once
    Provide simple macro for DEBUG_PRINTF possibility
    Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
  * Re-license to Apache License v2.0
  * Fix aes_gcm initialization.
  * Update man page.
  * Add macros for OpenSSL 0.9.8 compat.
  * Remove AC_FUNC_MALLOC from configure.ac
  * Add compat macro for OpenSSL 1.0.1e-fips.
  * Setting 'foreign' strictness for automake.
  * Add AES-GCM support.
  * Rework EVP_aes macros.
  * Remove dependency of old local OpenSSL headers.
  * Fix engine initialization to set function pointers only once.
  * Remove blank COPYING and NEWS files.
  * Remove INSTALL and move its content to README.md
  * Update README.md file to make use of markdown.
  * Rename README file to README.md to use markdown
  * Add CONTRIBUTING guidelines.
  * Adding coding style documentation.
  * Enable EVP_MD_FLAG_FIPS flag for SHA-*.
  * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
  * Fix SHA512 EVP digest struct to use 
    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
  * Fix wrong parenthesis
  * convert libica loading to dlopen() and friends
  * Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
  * Modified the spec file to query the libcrypto package
    for which directory to install the engine into.
  * Removed openssl-ibmca-fix-enginepath.patch. Replaced it
    with a sed command so that it will provide the correct
    versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
  be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
  same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
  - Updated openssl-ibmca-configure.patch to apply cleanly
  - Removed obsolete patches
    - openssl-ibmca-README.patch
    - openssl-ibmca-sha256-digest-length.patch
    - openssl-pkey.patch
    - openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
  of the ibmca configuration) every time the package is installed.
  (bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides 
  neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) 
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
  fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
  digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
  ibmca-configure.patch
  ibmca-segfault.fix.patch
  ibmca-sw-fix.patch
  openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
  is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le 
- fix build (add autoconf automake libtool to BuildRequires) 
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
  for multilib support
- added fixes by IBM (bug #243801):
  ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
  object
  ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
  object
  openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow

OBS-URL: https://build.opensuse.org/request/show/1165422
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=63
 2024-04-05 06:41:44 +00:00
Nikolay Gueorguiev
81a2f2876e Accepting request 1164961 from home:ngueorguiev:branches:security:tls 
- Amended the .spec file (bsc#1221627)
  * Removed the flavors
  * Removed 'muiltibuild' environment
  * Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
  * Amended the .spec file to use modulesdir variable 
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
  * When provider is set to 1, it 'configures' the provider
  * When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
  * openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422) 
  * Provider: Change the default log directory to /tmp
  * Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
  * Requires:  libica4 >= 4
- Updated the .spec file
  * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries 
- Updated the .spec file as follow:
  * BuildRequires:  libica-devel >= 4.0.0
  * BuildRequires:  libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
  * BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
  * openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
  * openssl-ibmca 2.4.0
    - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 
    - Provider: Support RSA blinding
    - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
    - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
    - Provider: Adjustments in OpenSSL config generator and example configs
    - Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
    - Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
  'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files 
  * /usr/lib64/engines-3/ibmca-provider.la
  * /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
  * openssl-ibmca 2.3.1
    - Adjustments for libica 4.1.0
  * openssl-ibmca 2.3.0
    - First version including the provider
    - Fix for engine build without OpenSSL 3.0 sources
  * openssl-ibmca 2.2.3
    - Fix PKEY segfault with OpenSSL 3.0
  * openssl-ibmca 2.2.2
    - Fix tests with OpenSSL 3.0
    - Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
  need to know or care about how many lines are in either
  /etc/ssl/openssl.cnf, or the sample file at
  /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
  We're now using the ".include" directive for the openssl.cnf
  file, and only modifying that file the minimum necessary to
  implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
  * openssl-ibmca 2.2.1
    Bug fixes
  * openssl-ibmca 2.2.0
    Implement fallbacks based on OpenSSL
    Disable software fallbacks from libica
    Allow to specify default library (libica vs. libica-cex) to use
    Provide "libica" engine ctrl to switch library at load time
    Update README.md
    Remove libica link dependency
    Generate sample configuration files from system configuration
    Restructure registration global data
  * openssl-ibmca 2.1.3
    Bug fix
  * openssl-ibmca 2.1.2
    Bug fixes
- Modified spec file to
  * Define a global variable enginesdir the same was as IBM does
    instead of _ENGINE_DIR as we had been doing.
  * Implemented %make_build macro according to spec-cleaner
  * Changed the package description to match IBM's.
  * Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
  * Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
  Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
  * openssl-ibmca 2.0.3
    Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
  linking against the shared library. As a result, if the package
  containing libica.so.3 isn't installed, problems occur. Added
  a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
  from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
  An Apache HTTP Server was set up with mod_ssl and the openssl
  ibmca engine using libica and a CEX6A card. Whenever a worker
  process is cleaned up a segmentation fault occurs.
  (bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
  * openssl-ibmca 2.0.2
    Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
  * openssl-ibmca 2.0.1
    Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
  * openssl-ibmca 2.0.0
    Add ECC support.
    Add check and distcheck make-targets.
    Project cleanup, code was broken into multiple files and coding style cleanup.
    Improvements to compat macros for openssl.
    Don't disable libica sw fallbacks.
    Fix dlclose logic.
  * openssl-ibmca 1.4.1
    Fix structure size for aes-256-ecb/cbc/cfb/ofb
    Update man page
    Switch to ibmca.so filename to allow standalone use
    Switch off Libica fallback mode if available
    Make sure ibmca_init only runs once
    Provide simple macro for DEBUG_PRINTF possibility
    Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
  * Re-license to Apache License v2.0
  * Fix aes_gcm initialization.
  * Update man page.
  * Add macros for OpenSSL 0.9.8 compat.
  * Remove AC_FUNC_MALLOC from configure.ac
  * Add compat macro for OpenSSL 1.0.1e-fips.
  * Setting 'foreign' strictness for automake.
  * Add AES-GCM support.
  * Rework EVP_aes macros.
  * Remove dependency of old local OpenSSL headers.
  * Fix engine initialization to set function pointers only once.
  * Remove blank COPYING and NEWS files.
  * Remove INSTALL and move its content to README.md
  * Update README.md file to make use of markdown.
  * Rename README file to README.md to use markdown
  * Add CONTRIBUTING guidelines.
  * Adding coding style documentation.
  * Enable EVP_MD_FLAG_FIPS flag for SHA-*.
  * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
  * Fix SHA512 EVP digest struct to use 
    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
  * Fix wrong parenthesis
  * convert libica loading to dlopen() and friends
  * Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
  * Modified the spec file to query the libcrypto package
    for which directory to install the engine into.
  * Removed openssl-ibmca-fix-enginepath.patch. Replaced it
    with a sed command so that it will provide the correct
    versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
  be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
  same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
  - Updated openssl-ibmca-configure.patch to apply cleanly
  - Removed obsolete patches
    - openssl-ibmca-README.patch
    - openssl-ibmca-sha256-digest-length.patch
    - openssl-pkey.patch
    - openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
  of the ibmca configuration) every time the package is installed.
  (bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides 
  neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) 
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
  fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
  digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
  ibmca-configure.patch
  ibmca-segfault.fix.patch
  ibmca-sw-fix.patch
  openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
  is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le 
- fix build (add autoconf automake libtool to BuildRequires) 
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
  for multilib support
- added fixes by IBM (bug #243801):
  ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
  object
  ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
  object
  openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow

OBS-URL: https://build.opensuse.org/request/show/1164961
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=62
 2024-04-04 14:16:32 +00:00
Nikolay Gueorguiev
57d149fac0 Accepting request 1164500 from home:ngueorguiev:branches:security:tls 
- Amended the .spec file (bsc#1221627)
  * Removed the flavors
  * Removed 'muiltibuild' environment
  * Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
  * Amended the .spec file to use modulesdir variable 
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
  * When provider is set to 1, it 'configures' the provider
  * When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
  * openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422) 
  * Provider: Change the default log directory to /tmp
  * Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
  * Requires:  libica4 >= 4
- Updated the .spec file
  * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries 
- Updated the .spec file as follow:
  * BuildRequires:  libica-devel >= 4.0.0
  * BuildRequires:  libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
  * BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
  * openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
  * openssl-ibmca 2.4.0
    - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 
    - Provider: Support RSA blinding
    - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
    - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
    - Provider: Adjustments in OpenSSL config generator and example configs
    - Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
    - Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
  'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files 
  * /usr/lib64/engines-3/ibmca-provider.la
  * /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
  * openssl-ibmca 2.3.1
    - Adjustments for libica 4.1.0
  * openssl-ibmca 2.3.0
    - First version including the provider
    - Fix for engine build without OpenSSL 3.0 sources
  * openssl-ibmca 2.2.3
    - Fix PKEY segfault with OpenSSL 3.0
  * openssl-ibmca 2.2.2
    - Fix tests with OpenSSL 3.0
    - Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
  need to know or care about how many lines are in either
  /etc/ssl/openssl.cnf, or the sample file at
  /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
  We're now using the ".include" directive for the openssl.cnf
  file, and only modifying that file the minimum necessary to
  implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
  * openssl-ibmca 2.2.1
    Bug fixes
  * openssl-ibmca 2.2.0
    Implement fallbacks based on OpenSSL
    Disable software fallbacks from libica
    Allow to specify default library (libica vs. libica-cex) to use
    Provide "libica" engine ctrl to switch library at load time
    Update README.md
    Remove libica link dependency
    Generate sample configuration files from system configuration
    Restructure registration global data
  * openssl-ibmca 2.1.3
    Bug fix
  * openssl-ibmca 2.1.2
    Bug fixes
- Modified spec file to
  * Define a global variable enginesdir the same was as IBM does
    instead of _ENGINE_DIR as we had been doing.
  * Implemented %make_build macro according to spec-cleaner
  * Changed the package description to match IBM's.
  * Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
  * Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
  Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
  * openssl-ibmca 2.0.3
    Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
  linking against the shared library. As a result, if the package
  containing libica.so.3 isn't installed, problems occur. Added
  a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
  from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
  An Apache HTTP Server was set up with mod_ssl and the openssl
  ibmca engine using libica and a CEX6A card. Whenever a worker
  process is cleaned up a segmentation fault occurs.
  (bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
  * openssl-ibmca 2.0.2
    Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
  * openssl-ibmca 2.0.1
    Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
  * openssl-ibmca 2.0.0
    Add ECC support.
    Add check and distcheck make-targets.
    Project cleanup, code was broken into multiple files and coding style cleanup.
    Improvements to compat macros for openssl.
    Don't disable libica sw fallbacks.
    Fix dlclose logic.
  * openssl-ibmca 1.4.1
    Fix structure size for aes-256-ecb/cbc/cfb/ofb
    Update man page
    Switch to ibmca.so filename to allow standalone use
    Switch off Libica fallback mode if available
    Make sure ibmca_init only runs once
    Provide simple macro for DEBUG_PRINTF possibility
    Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
  * Re-license to Apache License v2.0
  * Fix aes_gcm initialization.
  * Update man page.
  * Add macros for OpenSSL 0.9.8 compat.
  * Remove AC_FUNC_MALLOC from configure.ac
  * Add compat macro for OpenSSL 1.0.1e-fips.
  * Setting 'foreign' strictness for automake.
  * Add AES-GCM support.
  * Rework EVP_aes macros.
  * Remove dependency of old local OpenSSL headers.
  * Fix engine initialization to set function pointers only once.
  * Remove blank COPYING and NEWS files.
  * Remove INSTALL and move its content to README.md
  * Update README.md file to make use of markdown.
  * Rename README file to README.md to use markdown
  * Add CONTRIBUTING guidelines.
  * Adding coding style documentation.
  * Enable EVP_MD_FLAG_FIPS flag for SHA-*.
  * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
  * Fix SHA512 EVP digest struct to use 
    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
  * Fix wrong parenthesis
  * convert libica loading to dlopen() and friends
  * Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
  * Modified the spec file to query the libcrypto package
    for which directory to install the engine into.
  * Removed openssl-ibmca-fix-enginepath.patch. Replaced it
    with a sed command so that it will provide the correct
    versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
  be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
  same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
  - Updated openssl-ibmca-configure.patch to apply cleanly
  - Removed obsolete patches
    - openssl-ibmca-README.patch
    - openssl-ibmca-sha256-digest-length.patch
    - openssl-pkey.patch
    - openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
  of the ibmca configuration) every time the package is installed.
  (bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides 
  neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) 
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
  fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
  digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
  ibmca-configure.patch
  ibmca-segfault.fix.patch
  ibmca-sw-fix.patch
  openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
  is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le 
- fix build (add autoconf automake libtool to BuildRequires) 
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
  for multilib support
- added fixes by IBM (bug #243801):
  ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
  object
  ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
  object
  openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow

OBS-URL: https://build.opensuse.org/request/show/1164500
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=61
 2024-04-04 07:21:13 +00:00
Nikolay Gueorguiev
6345fc1b78 Accepting request 1164459 from home:ngueorguiev:branches:security:tls 
- Amended the .spec file (bsc#1221627)
  * Removed the flavors

OBS-URL: https://build.opensuse.org/request/show/1164459
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=60
 2024-04-04 05:23:49 +00:00
Ana Guerrero
41fec090e3 Accepting request 1159245 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1159245
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=49
 2024-03-19 16:32:26 +00:00
Nikolay Gueorguiev
b35925491c Accepting request 1159244 from home:ngueorguiev:branches:security:tls 
Updated the .spec file.

OBS-URL: https://build.opensuse.org/request/show/1159244
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=58
 2024-03-19 07:45:06 +00:00
Nikolay Gueorguiev
821561cda7 Accepting request 1159117 from home:ngueorguiev:branches:security:tls 
- Updated the .spec file (bsc#1218933, bsc#1221627)
  * Amended the .spec file to use modulesdir variable 
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
  * When provider is set to 1, it 'configures' the provider
  * When provider is set to 0, it 'configures' the engine

OBS-URL: https://build.opensuse.org/request/show/1159117
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=57
 2024-03-18 19:33:34 +00:00
Ana Guerrero
a2b4c89bce Accepting request 1117655 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1117655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=48
 2023-10-13 21:15:52 +00:00
Nikolay Gueorguiev
3f2f0b2b75 Accepting request 1117654 from home:ngueorguiev:branches:security:tls 
- Removed an obsolete patch (implemented in the version 2.4.1)
  * openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422) 
  * Provider: Change the default log directory to /tmp
  * Bug fixes

OBS-URL: https://build.opensuse.org/request/show/1117654
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=55
 2023-10-13 10:56:35 +00:00
Nikolay Gueorguiev
8672afbd14 Accepting request 1088271 from home:ngueorguiev:branches:security:tls 
- Updated the .spec file, amended to use libica4 instead of libica
  * Requires:  libica4 >= 4
- Updated the .spec file
  * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries 
- Updated the .spec file as follow:
  * BuildRequires:  libica-devel >= 4.0.0
  * BuildRequires:  libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
  * BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
  * openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
  * openssl-ibmca 2.4.0
    - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 
    - Provider: Support RSA blinding
    - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
    - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
    - Provider: Adjustments in OpenSSL config generator and example configs
    - Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
    - Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
  'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files 
  * /usr/lib64/engines-3/ibmca-provider.la
  * /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
  * openssl-ibmca 2.3.1
    - Adjustments for libica 4.1.0
  * openssl-ibmca 2.3.0
    - First version including the provider
    - Fix for engine build without OpenSSL 3.0 sources
  * openssl-ibmca 2.2.3
    - Fix PKEY segfault with OpenSSL 3.0
  * openssl-ibmca 2.2.2
    - Fix tests with OpenSSL 3.0
    - Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
  need to know or care about how many lines are in either
  /etc/ssl/openssl.cnf, or the sample file at
  /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
  We're now using the ".include" directive for the openssl.cnf
  file, and only modifying that file the minimum necessary to
  implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
  * openssl-ibmca 2.2.1
    Bug fixes
  * openssl-ibmca 2.2.0
    Implement fallbacks based on OpenSSL
    Disable software fallbacks from libica
    Allow to specify default library (libica vs. libica-cex) to use
    Provide "libica" engine ctrl to switch library at load time
    Update README.md
    Remove libica link dependency
    Generate sample configuration files from system configuration
    Restructure registration global data
  * openssl-ibmca 2.1.3
    Bug fix
  * openssl-ibmca 2.1.2
    Bug fixes
- Modified spec file to
  * Define a global variable enginesdir the same was as IBM does
    instead of _ENGINE_DIR as we had been doing.
  * Implemented %make_build macro according to spec-cleaner
  * Changed the package description to match IBM's.
  * Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
  * Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
  Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
  * openssl-ibmca 2.0.3
    Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
  linking against the shared library. As a result, if the package
  containing libica.so.3 isn't installed, problems occur. Added
  a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
  from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
  An Apache HTTP Server was set up with mod_ssl and the openssl
  ibmca engine using libica and a CEX6A card. Whenever a worker
  process is cleaned up a segmentation fault occurs.
  (bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
  * openssl-ibmca 2.0.2
    Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
  * openssl-ibmca 2.0.1
    Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
  * openssl-ibmca 2.0.0
    Add ECC support.
    Add check and distcheck make-targets.
    Project cleanup, code was broken into multiple files and coding style cleanup.
    Improvements to compat macros for openssl.
    Don't disable libica sw fallbacks.
    Fix dlclose logic.
  * openssl-ibmca 1.4.1
    Fix structure size for aes-256-ecb/cbc/cfb/ofb
    Update man page
    Switch to ibmca.so filename to allow standalone use
    Switch off Libica fallback mode if available
    Make sure ibmca_init only runs once
    Provide simple macro for DEBUG_PRINTF possibility
    Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
  * Re-license to Apache License v2.0
  * Fix aes_gcm initialization.
  * Update man page.
  * Add macros for OpenSSL 0.9.8 compat.
  * Remove AC_FUNC_MALLOC from configure.ac
  * Add compat macro for OpenSSL 1.0.1e-fips.
  * Setting 'foreign' strictness for automake.
  * Add AES-GCM support.
  * Rework EVP_aes macros.
  * Remove dependency of old local OpenSSL headers.
  * Fix engine initialization to set function pointers only once.
  * Remove blank COPYING and NEWS files.
  * Remove INSTALL and move its content to README.md
  * Update README.md file to make use of markdown.
  * Rename README file to README.md to use markdown
  * Add CONTRIBUTING guidelines.
  * Adding coding style documentation.
  * Enable EVP_MD_FLAG_FIPS flag for SHA-*.
  * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
  * Fix SHA512 EVP digest struct to use 
    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
  * Fix wrong parenthesis
  * convert libica loading to dlopen() and friends
  * Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
  * Modified the spec file to query the libcrypto package
    for which directory to install the engine into.
  * Removed openssl-ibmca-fix-enginepath.patch. Replaced it
    with a sed command so that it will provide the correct
    versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
  be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
  same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
  - Updated openssl-ibmca-configure.patch to apply cleanly
  - Removed obsolete patches
    - openssl-ibmca-README.patch
    - openssl-ibmca-sha256-digest-length.patch
    - openssl-pkey.patch
    - openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
  of the ibmca configuration) every time the package is installed.
  (bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides 
  neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) 
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
  fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
  digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
  ibmca-configure.patch
  ibmca-segfault.fix.patch
  ibmca-sw-fix.patch
  openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
  is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le 
- fix build (add autoconf automake libtool to BuildRequires) 
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
  for multilib support
- added fixes by IBM (bug #243801):
  ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
  object
  ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
  object
  openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow

OBS-URL: https://build.opensuse.org/request/show/1088271
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=54
 2023-05-22 07:24:10 +00:00
Nikolay Gueorguiev
0183033f85 Accepting request 1087780 from home:ngueorguiev:branches:security:tls 
- Updated the .spec file, amended to use libica4 instead of libica
  * BuildRequires:  libica4 >= 4
  * Requires:  libica4 >= 4

OBS-URL: https://build.opensuse.org/request/show/1087780
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=53
 2023-05-18 11:02:28 +00:00
Dominique Leuenberger
ed36411023 Accepting request 1083948 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1083948
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=47
 2023-05-02 14:19:12 +00:00
Dominique Leuenberger
c848043467 Accepting request 1083237 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1083237
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=46
 2023-05-02 14:18:42 +00:00
Nikolay Gueorguiev
c919c280fe Accepting request 1083947 from home:ngueorguiev:branches:security:tls 
- Updated the .spec file
  * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries

OBS-URL: https://build.opensuse.org/request/show/1083947
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=49
 2023-05-02 07:54:47 +00:00
Nikolay Gueorguiev
1b6da356a1 Accepting request 1083236 from home:ngueorguiev:branches:security:tls 
- Updated the .spec file as follow:
  * BuildRequires:  libica-devel >= 4.0.0
  * BuildRequires:  libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
  * BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
  * openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
  * openssl-ibmca 2.4.0
    - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 
    - Provider: Support RSA blinding
    - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
    - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
    - Provider: Adjustments in OpenSSL config generator and example configs
    - Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
    - Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
  'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files 
  * /usr/lib64/engines-3/ibmca-provider.la
  * /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
  * openssl-ibmca 2.3.1
    - Adjustments for libica 4.1.0
  * openssl-ibmca 2.3.0
    - First version including the provider
    - Fix for engine build without OpenSSL 3.0 sources
  * openssl-ibmca 2.2.3
    - Fix PKEY segfault with OpenSSL 3.0
  * openssl-ibmca 2.2.2
    - Fix tests with OpenSSL 3.0
    - Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
  need to know or care about how many lines are in either
  /etc/ssl/openssl.cnf, or the sample file at
  /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
  We're now using the ".include" directive for the openssl.cnf
  file, and only modifying that file the minimum necessary to
  implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
  * openssl-ibmca 2.2.1
    Bug fixes
  * openssl-ibmca 2.2.0
    Implement fallbacks based on OpenSSL
    Disable software fallbacks from libica
    Allow to specify default library (libica vs. libica-cex) to use
    Provide "libica" engine ctrl to switch library at load time
    Update README.md
    Remove libica link dependency
    Generate sample configuration files from system configuration
    Restructure registration global data
  * openssl-ibmca 2.1.3
    Bug fix
  * openssl-ibmca 2.1.2
    Bug fixes
- Modified spec file to
  * Define a global variable enginesdir the same was as IBM does
    instead of _ENGINE_DIR as we had been doing.
  * Implemented %make_build macro according to spec-cleaner
  * Changed the package description to match IBM's.
  * Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
  * Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
  Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
  * openssl-ibmca 2.0.3
    Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
  linking against the shared library. As a result, if the package
  containing libica.so.3 isn't installed, problems occur. Added
  a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
  from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
  An Apache HTTP Server was set up with mod_ssl and the openssl
  ibmca engine using libica and a CEX6A card. Whenever a worker
  process is cleaned up a segmentation fault occurs.
  (bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
  * openssl-ibmca 2.0.2
    Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
  * openssl-ibmca 2.0.1
    Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
  * openssl-ibmca 2.0.0
    Add ECC support.
    Add check and distcheck make-targets.
    Project cleanup, code was broken into multiple files and coding style cleanup.
    Improvements to compat macros for openssl.
    Don't disable libica sw fallbacks.
    Fix dlclose logic.
  * openssl-ibmca 1.4.1
    Fix structure size for aes-256-ecb/cbc/cfb/ofb
    Update man page
    Switch to ibmca.so filename to allow standalone use
    Switch off Libica fallback mode if available
    Make sure ibmca_init only runs once
    Provide simple macro for DEBUG_PRINTF possibility
    Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
  * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
  * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
  * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
  * Re-license to Apache License v2.0
  * Fix aes_gcm initialization.
  * Update man page.
  * Add macros for OpenSSL 0.9.8 compat.
  * Remove AC_FUNC_MALLOC from configure.ac
  * Add compat macro for OpenSSL 1.0.1e-fips.
  * Setting 'foreign' strictness for automake.
  * Add AES-GCM support.
  * Rework EVP_aes macros.
  * Remove dependency of old local OpenSSL headers.
  * Fix engine initialization to set function pointers only once.
  * Remove blank COPYING and NEWS files.
  * Remove INSTALL and move its content to README.md
  * Update README.md file to make use of markdown.
  * Rename README file to README.md to use markdown
  * Add CONTRIBUTING guidelines.
  * Adding coding style documentation.
  * Enable EVP_MD_FLAG_FIPS flag for SHA-*.
  * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
  * Fix SHA512 EVP digest struct to use 
    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
  * Fix wrong parenthesis
  * convert libica loading to dlopen() and friends
  * Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
  * Modified the spec file to query the libcrypto package
    for which directory to install the engine into.
  * Removed openssl-ibmca-fix-enginepath.patch. Replaced it
    with a sed command so that it will provide the correct
    versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
  be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
  same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
  - Updated openssl-ibmca-configure.patch to apply cleanly
  - Removed obsolete patches
    - openssl-ibmca-README.patch
    - openssl-ibmca-sha256-digest-length.patch
    - openssl-pkey.patch
    - openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
  of the ibmca configuration) every time the package is installed.
  (bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides 
  neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) 
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
  fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
  digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
  ibmca-configure.patch
  ibmca-segfault.fix.patch
  ibmca-sw-fix.patch
  openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
  is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le 
- fix build (add autoconf automake libtool to BuildRequires) 
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
  for multilib support
- added fixes by IBM (bug #243801):
  ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
  object
  ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
  object
  openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow

OBS-URL: https://build.opensuse.org/request/show/1083236
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=48
 2023-04-27 09:54:16 +00:00
Dominique Leuenberger
369e6366a1 Accepting request 1082896 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1082896
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=45
 2023-04-26 15:26:18 +00:00
Nikolay Gueorguiev
b32f0b33a8 Accepting request 1082895 from home:ngueorguiev:branches:security:tls 
- Updated the .spec file as follow:
  * BuildRequires:  libica-devel >= 4.0.0
  * BuildRequires:  libica-tools >= 4.0.0

OBS-URL: https://build.opensuse.org/request/show/1082895
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=46
 2023-04-26 07:39:43 +00:00
Dominique Leuenberger
88134080e3 Accepting request 1082459 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1082459
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=44
 2023-04-24 20:31:36 +00:00
Nikolay Gueorguiev
98cd51e90c Accepting request 1082458 from home:ngueorguiev:branches:security:tls 
- Added dependency on libica4 (bsc#1209038)
  * BuildRequires and Requires statements in .spec file for libica4

OBS-URL: https://build.opensuse.org/request/show/1082458
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=44
 2023-04-24 09:37:08 +00:00
Dominique Leuenberger
63379767f2 Accepting request 1080297 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1080297
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=43
 2023-04-19 15:44:55 +00:00
Nikolay Gueorguiev
8d6a266310 Accepting request 1080296 from home:ngueorguiev:branches:security:tls 
- Applies a patch (bsc#1210359)
  * openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.

OBS-URL: https://build.opensuse.org/request/show/1080296
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=42
 2023-04-19 11:08:00 +00:00
Dominique Leuenberger
624becd10b Accepting request 1077683 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1077683
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=42
 2023-04-06 13:57:36 +00:00