2007-01-16 00:28:17 +01:00
|
|
|
#
|
2011-03-30 11:49:22 +02:00
|
|
|
# spec file for package openssl-ibmca
|
2007-01-16 00:28:17 +01:00
|
|
|
#
|
2020-09-23 23:24:00 +02:00
|
|
|
# Copyright (c) 2020 SUSE LLC
|
2007-01-16 00:28:17 +01:00
|
|
|
#
|
2009-01-09 01:43:14 +01:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
2019-10-15 23:16:34 +02:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2007-01-16 00:28:17 +01:00
|
|
|
#
|
|
|
|
|
2008-04-10 15:18:46 +02:00
|
|
|
|
2007-01-16 00:28:17 +01:00
|
|
|
Name: openssl-ibmca
|
Accepting request 835921 from home:markkp:branches:security:tls
- Upgrade to version 2.1.1 (jsc#SLE-14468)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/835921
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=22
2020-09-21 22:06:08 +02:00
|
|
|
Version: 2.1.1
|
2016-04-28 16:54:31 +02:00
|
|
|
Release: 0
|
2007-01-16 00:28:17 +01:00
|
|
|
Summary: The IBMCA OpenSSL dynamic engine
|
2019-10-15 21:56:26 +02:00
|
|
|
License: Apache-2.0
|
2007-01-16 00:28:17 +01:00
|
|
|
Group: Hardware/Other
|
2019-10-15 23:16:34 +02:00
|
|
|
URL: https://github.com/opencryptoki/openssl-ibmca
|
2019-09-07 00:24:57 +02:00
|
|
|
Source: https://github.com/opencryptoki/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
2016-04-28 16:54:31 +02:00
|
|
|
Source1: baselibs.conf
|
2019-09-07 00:24:57 +02:00
|
|
|
|
2017-10-02 16:53:42 +02:00
|
|
|
BuildRequires: autoconf
|
|
|
|
BuildRequires: automake
|
|
|
|
BuildRequires: libica-devel >= 3.1.1
|
2017-04-14 13:41:49 +02:00
|
|
|
BuildRequires: libica-tools >= 2.4.0
|
2017-10-02 16:53:42 +02:00
|
|
|
BuildRequires: libtool
|
2016-04-28 16:54:31 +02:00
|
|
|
BuildRequires: openssl-devel
|
2019-09-07 00:24:57 +02:00
|
|
|
Requires: libica3
|
2013-12-13 11:59:53 +01:00
|
|
|
Requires: openssl
|
2019-09-07 00:24:57 +02:00
|
|
|
ExclusiveArch: s390x
|
2007-01-16 00:28:17 +01:00
|
|
|
|
|
|
|
%description
|
|
|
|
This package contains a shared object OpenSSL dynamic engine for the
|
|
|
|
IBM eServer Cryptographic Accelerator (ICA).
|
|
|
|
|
|
|
|
%prep
|
2019-09-07 00:24:57 +02:00
|
|
|
%autosetup
|
|
|
|
./bootstrap.sh
|
2007-01-16 00:28:17 +01:00
|
|
|
|
|
|
|
%build
|
2017-09-23 21:36:11 +02:00
|
|
|
# The directory where crypto engines are located is owned by the libcrypto package.
|
|
|
|
# Find out where that is for this version of the distribution.
|
|
|
|
%define _ENGINE_DIR %(pkg-config --variable=enginesdir libcrypto)
|
|
|
|
|
2017-10-02 16:53:42 +02:00
|
|
|
autoreconf --force --install
|
2016-04-28 16:54:31 +02:00
|
|
|
export CFLAGS="%{optflags}"
|
|
|
|
export CPPFLAGS="%{optflags}"
|
|
|
|
%configure \
|
2017-09-23 21:36:11 +02:00
|
|
|
--libdir=%{_ENGINE_DIR}
|
2016-04-28 16:54:31 +02:00
|
|
|
make %{?_smp_mflags}
|
2007-01-16 00:28:17 +01:00
|
|
|
|
|
|
|
%install
|
2017-09-23 21:36:11 +02:00
|
|
|
# Update the sample config file so that the dynamic path points
|
|
|
|
# to the correct version of the engines directory.
|
|
|
|
sed -i -e "/^dynamic_path/s, = .*/, = %{_ENGINE_DIR}/," src/openssl.cnf.sample
|
|
|
|
|
2018-11-14 21:37:20 +01:00
|
|
|
%make_install
|
2018-09-03 10:35:56 +02:00
|
|
|
rm %{buildroot}/%{_ENGINE_DIR}/ibmca.la
|
2016-04-28 16:54:31 +02:00
|
|
|
|
|
|
|
%post
|
|
|
|
#Original fix for bsc#942839 was to update on first install
|
|
|
|
#For bsc#966139 update if openssl_def not found
|
|
|
|
SSLCNF=%{_sysconfdir}/ssl/openssl.cnf
|
2016-10-18 10:41:29 +02:00
|
|
|
SSLSMP=%{_docdir}/%{name}/openssl.cnf.sample
|
2016-04-28 16:54:31 +02:00
|
|
|
|
|
|
|
if [ -f ${SSLCNF} -a -f ${SSLSMP} ]; then
|
|
|
|
if grep '^openssl_conf[[:space:]]*=[[:space:]]*openssl_def$' ${SSLCNF} >/dev/null 2>&1; then
|
|
|
|
# Config already installed. Update library path if necessary
|
|
|
|
SECTSTART=$(grep -n '\[ibmca_section\]' ${SSLCNF} | head -n1 | cut -d':' -f1)
|
|
|
|
REPLINE=""
|
|
|
|
if [ "z${SECTSTART}" != "z" ]; then
|
|
|
|
REPLINE=$((SECTSTART - 1 + $(tail -n+${SECTSTART} ${SSLCNF} | grep -n 'dynamic_path' | head -n1 | cut -d':' -f1) ))
|
|
|
|
fi
|
|
|
|
if [ "z${REPLINE}" != "z" ]; then
|
|
|
|
head -n$((REPLINE - 1)) ${SSLCNF} > ${SSLCNF}.temp
|
|
|
|
grep 'dynamic_path' ${SSLSMP} >> ${SSLCNF}.temp
|
|
|
|
tail -n+$((REPLINE + 1)) ${SSLCNF} >> ${SSLCNF}.temp
|
|
|
|
mv ${SSLCNF}.temp ${SSLCNF}
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
CNFSZE=350 # Size in lines of original openssl.cnf
|
2016-10-18 10:41:29 +02:00
|
|
|
SMPSZE=52 # Size in lines of original sample config file
|
2016-04-28 16:54:31 +02:00
|
|
|
CNFINS=9 # Line number in openssl.cnf to insert new line
|
|
|
|
SMPUSE=11 # Line number in sample to copy from
|
|
|
|
if [ $(wc -l ${SSLCNF} | cut -d ' ' -f 1) -ne ${CNFSZE} ]; then
|
|
|
|
echo Original ${SSLCNF} incorrect size. Please manually update from ${SSLSMP}
|
|
|
|
elif [ $(wc -l ${SSLSMP} | cut -d ' ' -f 1) -ne ${SMPSZE} ]; then
|
|
|
|
echo Original ${SSLSMP} incorrect size. Please manually update to ${SSLCNF}
|
|
|
|
else
|
|
|
|
mv ${SSLCNF} ${SSLCNF}.orig
|
|
|
|
head -n ${CNFINS} ${SSLCNF}.orig > ${SSLCNF}
|
|
|
|
head -n ${SMPUSE} ${SSLSMP} | tail -n 1 >> ${SSLCNF}
|
|
|
|
tail -n $((CNFSZE - CNFINS)) ${SSLCNF}.orig >> ${SSLCNF}
|
|
|
|
head -n $((SMPUSE - 1)) ${SSLSMP} >> ${SSLCNF}
|
|
|
|
tail -n $((SMPSZE - SMPUSE)) ${SSLSMP} >> ${SSLCNF}
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
%postun
|
2017-04-14 13:41:49 +02:00
|
|
|
if [ $1 -eq 0 ]; then # last uninstall, modify %%{_sysconfdir}/openssl.cnf (bsc#942839)
|
2016-04-28 16:54:31 +02:00
|
|
|
SSLCNF=%{_sysconfdir}/ssl/openssl.cnf
|
|
|
|
if [ -f ${SSLCNF}.orig ]; then
|
|
|
|
mv ${SSLCNF}.orig ${SSLCNF}
|
|
|
|
fi
|
|
|
|
fi
|
2007-01-16 00:28:17 +01:00
|
|
|
|
|
|
|
%files
|
2018-11-14 21:37:20 +01:00
|
|
|
%license LICENSE
|
|
|
|
%doc README.md
|
2016-04-28 16:54:31 +02:00
|
|
|
%doc src/openssl.cnf.sample
|
2018-09-03 10:35:56 +02:00
|
|
|
%{_ENGINE_DIR}/ibmca.*
|
2018-11-21 00:36:22 +01:00
|
|
|
%{_mandir}/man5/ibmca.5%{?ext_man}
|
2007-01-16 00:28:17 +01:00
|
|
|
|
2008-04-10 15:18:46 +02:00
|
|
|
%changelog
|