Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libica for openSUSE:Factory checked
in at 2023-10-13 23:15:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libica (Old)
and /work/SRC/openSUSE:Factory/.libica.new.20540 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libica"
Fri Oct 13 23:15:35 2023 rev:31 rq:1117652 version:4.2.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/libica/libica.changes 2023-05-24
20:22:49.696346198 +0200
+++ /work/SRC/openSUSE:Factory/.libica.new.20540/libica.changes 2023-10-13
23:16:32.607090035 +0200
@@ -1,0 +2,8 @@
+Fri Oct 6 07:08:03 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorgu...@suse.com>
+
+- Upgrade to version 4.2.3 (jsc#PED-5446)
+ * Add OPENSSL_init_crypto in libica constructor
+ * Remove deprecated ioctl Z90STAT_STATUS_MASK
+ * Bug fixes
+
+-------------------------------------------------------------------
Old:
----
libica-4.2.2.tar.gz
New:
----
libica-4.2.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libica.spec ++++++
--- /var/tmp/diff_new_pack.CO6Xhn/_old 2023-10-13 23:16:33.115108461 +0200
+++ /var/tmp/diff_new_pack.CO6Xhn/_new 2023-10-13 23:16:33.115108461 +0200
@@ -22,7 +22,7 @@
%endif
Name: libica
-Version: 4.2.2
+Version: 4.2.3
Release: 0
Summary: Library interface for the IBM Cryptographic Accelerator device
driver
License: CPL-1.0
@@ -42,6 +42,7 @@
BuildRequires: fipscheck
BuildRequires: gcc-c++
BuildRequires: libtool
+BuildRequires: openssl
BuildRequires: openssl-devel
Requires(post): %fillup_prereq
ExclusiveArch: s390 s390x
++++++ libica-4.2.2.tar.gz -> libica-4.2.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libica-4.2.2/ChangeLog new/libica-4.2.3/ChangeLog
--- old/libica-4.2.2/ChangeLog 2023-05-10 10:01:46.000000000 +0200
+++ new/libica-4.2.3/ChangeLog 2023-09-20 12:26:01.000000000 +0200
@@ -1,3 +1,7 @@
+v4.2.3
+ [PATCH] Add OPENSSL_init_crypto in libica constructor
+ [PATCH] remove deprecated ioctl Z90STAT_STATUS_MASK
+ [PATCH] bug fixes
v4.2.2
[UPDATE] syslog msgs only in error cases
[UPDATE] don't count statistics in fips power-on self tests
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libica-4.2.2/configure.ac
new/libica-4.2.3/configure.ac
--- old/libica-4.2.2/configure.ac 2023-05-10 10:01:46.000000000 +0200
+++ new/libica-4.2.3/configure.ac 2023-09-20 12:26:01.000000000 +0200
@@ -1,4 +1,4 @@
-AC_INIT([libica], [4.2.2], [https://github.com/opencryptoki/libica/issues],,
[https://github.com/opencryptoki/libica])
+AC_INIT([libica], [4.2.3], [https://github.com/opencryptoki/libica/issues],,
[https://github.com/opencryptoki/libica])
# save cmdline flags
cmdline_CFLAGS="$CFLAGS"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libica-4.2.2/libica.spec new/libica-4.2.3/libica.spec
--- old/libica-4.2.2/libica.spec 2023-05-10 10:01:46.000000000 +0200
+++ new/libica-4.2.3/libica.spec 2023-09-20 12:26:01.000000000 +0200
@@ -1,5 +1,5 @@
Name: libica
-Version: 4.2.2
+Version: 4.2.3
Release: 1%{?dist}
Summary: Interface library to the ICA device driver
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libica-4.2.2/src/Makefile.am
new/libica-4.2.3/src/Makefile.am
--- old/libica-4.2.2/src/Makefile.am 2023-05-10 10:01:46.000000000 +0200
+++ new/libica-4.2.3/src/Makefile.am 2023-09-20 12:26:01.000000000 +0200
@@ -1,4 +1,4 @@
-VERSION = 4:2:2
+VERSION = 4:2:3
AM_CFLAGS = @FLAGS@
MAJOR := `echo $(VERSION) | cut -d: -f1`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libica-4.2.2/src/ica_api.c
new/libica-4.2.3/src/ica_api.c
--- old/libica-4.2.2/src/ica_api.c 2023-05-10 10:01:46.000000000 +0200
+++ new/libica-4.2.3/src/ica_api.c 2023-09-20 12:26:01.000000000 +0200
@@ -345,12 +345,11 @@
unsigned int ica_open_adapter(ica_adapter_handle_t *adapter_handle)
{
- char *name, status_mask[64];
+ char *name;
if (!adapter_handle)
return EINVAL;
- *adapter_handle = DRIVER_NOT_LOADED;
name = getenv("LIBICA_CRYPT_DEVICE");
if (name)
*adapter_handle = open(name, O_RDWR);
@@ -361,12 +360,6 @@
if (*adapter_handle == -1)
*adapter_handle = open(DEFAULT3_CRYPT_DEVICE, O_RDWR);
}
- if (*adapter_handle != -1) {
- /* Test if character device is accessible. */
- if (!ioctl(*adapter_handle, Z90STAT_STATUS_MASK, &status_mask))
{
- return 0;
- }
- }
/*
* Do not fail if crypto device driver is not loaded and CPACF is not
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libica-4.2.2/src/icainfo.c
new/libica-4.2.3/src/icainfo.c
--- old/libica-4.2.2/src/icainfo.c 2023-05-10 10:01:46.000000000 +0200
+++ new/libica-4.2.3/src/icainfo.c 2023-09-20 12:26:01.000000000 +0200
@@ -39,7 +39,7 @@
#else
#define CMD_NAME "icainfo"
#endif
-#define COPYRIGHT "Copyright IBM Corp. 2007, 2022."
+#define COPYRIGHT "Copyright IBM Corp. 2007-2023."
#define CELL_SIZE 3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libica-4.2.2/src/icastats.c
new/libica-4.2.3/src/icastats.c
--- old/libica-4.2.2/src/icastats.c 2023-05-10 10:01:46.000000000 +0200
+++ new/libica-4.2.3/src/icastats.c 2023-09-20 12:26:01.000000000 +0200
@@ -27,7 +27,7 @@
#include "icastats.h"
#define CMD_NAME "icastats"
-#define COPYRIGHT "Copyright IBM Corp. 2009-2021"
+#define COPYRIGHT "Copyright IBM Corp. 2009-2023"
void print_version(void)
{
@@ -302,7 +302,7 @@
perror("malloc: ");
return EXIT_FAILURE;
}
- get_stats_data(entries);
+ get_stats_data(NULL, entries);
if (json) {
print_stats_json(entries, usr);
} else {
@@ -358,7 +358,7 @@
perror("malloc: ");
return EXIT_FAILURE;
}
- get_stats_data(stats);
+ get_stats_data(NULL, stats);
if (json) {
pswd = getpwuid(user == -1 ? geteuid() : (uid_t)user);
if (pswd == NULL) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libica-4.2.2/src/icastats_shared.c
new/libica-4.2.3/src/icastats_shared.c
--- old/libica-4.2.2/src/icastats_shared.c 2023-05-10 10:01:46.000000000
+0200
+++ new/libica-4.2.3/src/icastats_shared.c 2023-09-20 12:26:01.000000000
+0200
@@ -124,39 +124,46 @@
* @direction - valid values are ENCRYPT and DECRYPT
*/
-uint64_t stats_query(stats_fields_t field, int hardware, int direction)
+uint64_t stats_query(stats_entry_t *source, stats_fields_t field,
+ int hardware, int direction)
{
- if (stats == NULL)
+ if (source == NULL)
+ source = stats;
+
+ if (source == NULL)
return 0;
if (direction == ENCRYPT)
if (hardware == ALGO_HW)
- return stats[field].enc.hw;
+ return source[field].enc.hw;
else
- return stats[field].enc.sw;
+ return source[field].enc.sw;
else
if (hardware == ALGO_HW)
- return stats[field].dec.hw;
+ return source[field].dec.hw;
else
- return stats[field].dec.sw;
+ return source[field].dec.sw;
}
-static uint64_t calc_summary(stats_fields_t start, unsigned int num,
+static uint64_t calc_summary(stats_entry_t *source,
+ stats_fields_t start, unsigned int num,
int hardware, int direction)
{
unsigned int i;
uint64_t sum = 0;
for (i = 0; i < num; i++)
- sum += stats_query(start + i, hardware, direction);
+ sum += stats_query(source, start + i, hardware, direction);
return sum;
}
/* Returns the statistic data in a stats_entry_t array
+ * @source - source of the statistics data. If NULL, then the global stats
+ * are used, which must have been mapped via stats_mmap() before.
* @entries - Needs to be a array of size ICA_NUM_STATS.
*/
-void get_stats_data(stats_entry_t *entries)
+void get_stats_data(stats_entry_t *source, stats_entry_t *entries)
{
unsigned int i;
for (i = 0; i < ICA_NUM_STATS; i++) {
@@ -168,58 +175,62 @@
case ICA_STATS_AES_CTR:
case ICA_STATS_AES_CMAC:
case ICA_STATS_AES_GCM:
- entries[i].enc.hw = calc_summary(i + 1, 3,
- ALGO_HW, ENCRYPT);
- entries[i].enc.sw = calc_summary(i + 1, 3,
- ALGO_SW, ENCRYPT);
- entries[i].dec.hw = calc_summary(i + 1, 3,
- ALGO_HW, DECRYPT);
- entries[i].dec.sw = calc_summary(i + 1, 3,
- ALGO_SW, DECRYPT);
+ entries[i].enc.hw = calc_summary(source, i + 1, 3,
+ ALGO_HW, ENCRYPT);
+ entries[i].enc.sw = calc_summary(source, i + 1, 3,
+ ALGO_SW, ENCRYPT);
+ entries[i].dec.hw = calc_summary(source, i + 1, 3,
+ ALGO_HW, DECRYPT);
+ entries[i].dec.sw = calc_summary(source, i + 1, 3,
+ ALGO_SW, DECRYPT);
break;
case ICA_STATS_AES_XTS:
- entries[i].enc.hw = calc_summary(i + 1, 2,
- ALGO_HW, ENCRYPT);
- entries[i].enc.sw = calc_summary(i + 1, 2,
- ALGO_SW, ENCRYPT);
- entries[i].dec.hw = calc_summary(i + 1, 2,
- ALGO_HW, DECRYPT);
- entries[i].dec.sw = calc_summary(i + 1, 2,
- ALGO_SW, DECRYPT);
+ entries[i].enc.hw = calc_summary(source, i + 1, 2,
+ ALGO_HW, ENCRYPT);
+ entries[i].enc.sw = calc_summary(source, i + 1, 2,
+ ALGO_SW, ENCRYPT);
+ entries[i].dec.hw = calc_summary(source, i + 1, 2,
+ ALGO_HW, DECRYPT);
+ entries[i].dec.sw = calc_summary(source, i + 1, 2,
+ ALGO_SW, DECRYPT);
break;
case ICA_STATS_RSA_ME:
case ICA_STATS_RSA_CRT:
- entries[i].enc.hw = calc_summary(i + 1, 4,
- ALGO_HW, ENCRYPT);
- entries[i].enc.sw = calc_summary(i + 1, 4,
- ALGO_SW, ENCRYPT);
- entries[i].dec.hw = calc_summary(i + 1, 4,
- ALGO_HW, DECRYPT);
- entries[i].dec.sw = calc_summary(i + 1, 4,
- ALGO_SW, DECRYPT);
+ entries[i].enc.hw = calc_summary(source, i + 1, 4,
+ ALGO_HW, ENCRYPT);
+ entries[i].enc.sw = calc_summary(source, i + 1, 4,
+ ALGO_SW, ENCRYPT);
+ entries[i].dec.hw = calc_summary(source, i + 1, 4,
+ ALGO_HW, DECRYPT);
+ entries[i].dec.sw = calc_summary(source, i + 1, 4,
+ ALGO_SW, DECRYPT);
break;
case ICA_STATS_ECDH:
case ICA_STATS_ECDSA_SIGN:
case ICA_STATS_ECDSA_VERIFY:
case ICA_STATS_ECKGEN:
- entries[i].enc.hw = calc_summary(i + 1, 8,
- ALGO_HW, ENCRYPT);
- entries[i].enc.sw = calc_summary(i + 1, 8,
- ALGO_SW, ENCRYPT);
- entries[i].dec.hw = calc_summary(i + 1, 8,
- ALGO_HW, DECRYPT);
- entries[i].dec.sw = calc_summary(i + 1, 8,
- ALGO_SW, DECRYPT);
+ entries[i].enc.hw = calc_summary(source, i + 1, 8,
+ ALGO_HW, ENCRYPT);
+ entries[i].enc.sw = calc_summary(source, i + 1, 8,
+ ALGO_SW, ENCRYPT);
+ entries[i].dec.hw = calc_summary(source, i + 1, 8,
+ ALGO_HW, DECRYPT);
+ entries[i].dec.sw = calc_summary(source, i + 1, 8,
+ ALGO_SW, DECRYPT);
break;
default:
- entries[i].enc.hw = stats_query(i, ALGO_HW, ENCRYPT);
- entries[i].enc.sw = stats_query(i, ALGO_SW, ENCRYPT);
- entries[i].dec.hw = stats_query(i, ALGO_HW, DECRYPT);
- entries[i].dec.sw = stats_query(i, ALGO_SW, DECRYPT);
+ entries[i].enc.hw = stats_query(source, i,
+ ALGO_HW, ENCRYPT);
+ entries[i].enc.sw = stats_query(source, i,
+ ALGO_SW, ENCRYPT);
+ entries[i].dec.hw = stats_query(source, i,
+ ALGO_HW, DECRYPT);
+ entries[i].dec.sw = stats_query(source, i,
+ ALGO_SW, DECRYPT);
break;
}
}
@@ -280,6 +291,7 @@
}
}
closedir(shmDir);
+ get_stats_data(sum, sum);
return 1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libica-4.2.2/src/include/icastats.h
new/libica-4.2.3/src/include/icastats.h
--- old/libica-4.2.2/src/include/icastats.h 2023-05-10 10:01:46.000000000
+0200
+++ new/libica-4.2.3/src/include/icastats.h 2023-09-20 12:26:01.000000000
+0200
@@ -286,8 +286,9 @@
int stats_mmap(int user);
void stats_munmap(int user, int unlink);
-uint64_t stats_query(stats_fields_t field, int hardware, int direction);
-void get_stats_data(stats_entry_t *entries);
+uint64_t stats_query(stats_entry_t *source, stats_fields_t field,
+ int hardware, int direction);
+void get_stats_data(stats_entry_t *source, stats_entry_t *entries);
void stats_increment(stats_fields_t field, int hardware, int direction);
int get_stats_sum(stats_entry_t *sum);
char *get_next_usr();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libica-4.2.2/src/init.c new/libica-4.2.3/src/init.c
--- old/libica-4.2.2/src/init.c 2023-05-10 10:01:46.000000000 +0200
+++ new/libica-4.2.3/src/init.c 2023-09-20 12:26:01.000000000 +0200
@@ -118,7 +118,15 @@
* OpenSSL >= 3.0:
* Create a separate library context for libica's use of OpenSSL
services
* and explicitly load the 'default' or 'fips' provider for this
context.
+ *
+ * Ensure OpenSSL is initialized and the OpenSSL config is loaded
+ * BEFORE creating the library context. Otherwise the OpenSSL config
+ * is loaded later, which may cause that all configured providers
+ * are also loaded into the library context. We need to make sure that
+ * only the default or fips provider is loaded in the library context.
*/
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
openssl_libctx = OSSL_LIB_CTX_new();
if (openssl_libctx == NULL) {
syslog(LOG_ERR, "Libica: failed to create openssl lib
context\n");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libica-4.2.2/test/Makefile.am
new/libica-4.2.3/test/Makefile.am
--- old/libica-4.2.2/test/Makefile.am 2023-05-10 10:01:46.000000000 +0200
+++ new/libica-4.2.3/test/Makefile.am 2023-09-20 12:26:01.000000000 +0200
@@ -83,11 +83,14 @@
rsa_key_check_test rsa_test rsa_test_x ec_keygen_test ecdh_test ecdsa_test
mp_test \
eddsa_test x_test get_functionlist_cex_test adapter_handle_test
-EXTRA_DIST = testdata testcase.h rsa_test.h aes_gcm_test.h ecdsa1_test.sh \
-sha2_test.sh ecdh1_test.sh ecdsa2_test.sh ecdh2_test.sh eddsa_test.h \
-drbg_birthdays_test.pl sha3_test.sh ec_keygen1_test.sh ec_keygen2_test.sh \
-rsa_keygen2048_test.sh rsa_keygen1024_test.sh rsa_keygen4096_test.sh \
-rsa_keygen3072_test.sh rsa_keygen_test.sh icastats_test.c.in icastats_test.sh
+EXTRA_DIST = testdata icastats_test.c.in
+
+noinst_HEADERS = testcase.h rsa_test.h aes_gcm_test.h ecdsa_test.h eddsa_test.h
+
+dist_check_SCRIPTS = ecdsa1_test.sh icastats_test.sh sha2_test.sh
ecdh1_test.sh \
+ecdsa2_test.sh ecdh2_test.sh drbg_birthdays_test.pl sha3_test.sh
ec_keygen1_test.sh \
+ec_keygen2_test.sh rsa_keygen2048_test.sh rsa_keygen1024_test.sh \
+rsa_keygen4096_test.sh rsa_keygen3072_test.sh rsa_keygen_test.sh
icastats_test.c: icastats_test.c.in
@SED@ -e s!\@builddir\@!"@abs_top_builddir@/src/"!g < $< > $@-t
