Hello community, here is the log from the commit of package openssl-ibmca for openSUSE:Factory checked in at 2018-11-22 13:25:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-ibmca (Old) and /work/SRC/openSUSE:Factory/.openssl-ibmca.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-ibmca" Thu Nov 22 13:25:00 2018 rev:31 rq:650567 version:2.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-ibmca/openssl-ibmca.changes 2018-11-15 12:41:54.270150661 +0100 +++ /work/SRC/openSUSE:Factory/.openssl-ibmca.new.19453/openssl-ibmca.changes 2018-11-22 13:25:06.822025747 +0100 @@ -1,0 +2,8 @@ +Thu Nov 15 20:17:04 UTC 2018 - mp...@suse.com + +- Upgraded to version 2.0.1 (Fate#325688) + * openssl-ibmca 2.0.1 + Dont fail when a libica symbol cannot be resolved. +- Made multiple changes to the spec file based on spec-cleaner output. + +------------------------------------------------------------------- Old: ---- openssl-ibmca-2.0.0.tar.gz New: ---- openssl-ibmca-2.0.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-ibmca.spec ++++++ --- /var/tmp/diff_new_pack.BmSmml/_old 2018-11-22 13:25:07.238025314 +0100 +++ /var/tmp/diff_new_pack.BmSmml/_new 2018-11-22 13:25:07.238025314 +0100 @@ -12,17 +12,17 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: openssl-ibmca -Version: 2.0.0 +Version: 2.0.1 Release: 0 Summary: The IBMCA OpenSSL dynamic engine License: Apache-2.0 Group: Hardware/Other -Url: https://github.com/opencryptoki/openssl-ibmca/ +URL: https://github.com/opencryptoki/openssl-ibmca/ Source: openssl-ibmca-%{version}.tar.gz Source1: baselibs.conf BuildRequires: autoconf @@ -115,6 +115,6 @@ %doc README.md %doc src/openssl.cnf.sample %{_ENGINE_DIR}/ibmca.* -%{_mandir}/man5/ibmca.5%{ext_man} +%{_mandir}/man5/ibmca.5%{?ext_man} %changelog ++++++ openssl-ibmca-2.0.0.tar.gz -> openssl-ibmca-2.0.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl-ibmca-2.0.0/ChangeLog new/openssl-ibmca-2.0.1/ChangeLog --- old/openssl-ibmca-2.0.0/ChangeLog 2018-06-08 15:47:56.000000000 +0200 +++ new/openssl-ibmca-2.0.1/ChangeLog 2018-11-15 16:49:56.000000000 +0100 @@ -1,3 +1,6 @@ +* openssl-ibmca 2.0.1 +- Dont fail when a libica symbol cannot be resolved. + * openssl-ibmca 2.0.0 - Add ECC support. - Add check and distcheck make-targets. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl-ibmca-2.0.0/configure.ac new/openssl-ibmca-2.0.1/configure.ac --- old/openssl-ibmca-2.0.0/configure.ac 2018-06-08 15:47:56.000000000 +0200 +++ new/openssl-ibmca-2.0.1/configure.ac 2018-11-15 16:49:56.000000000 +0100 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. # See autoconf and autoscan online documentation for details. -AC_INIT([openssl-ibmca], [2.0.0], [opencryptoki-us...@lists.sf.net]) +AC_INIT([openssl-ibmca], [2.0.1], [opencryptoki-us...@lists.sf.net]) AC_CONFIG_SRCDIR([src/e_ibmca.c]) # sanity check AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl-ibmca-2.0.0/openssl-ibmca.spec new/openssl-ibmca-2.0.1/openssl-ibmca.spec --- old/openssl-ibmca-2.0.0/openssl-ibmca.spec 2018-06-08 15:47:56.000000000 +0200 +++ new/openssl-ibmca-2.0.1/openssl-ibmca.spec 2018-11-15 16:49:56.000000000 +0100 @@ -1,7 +1,7 @@ %global enginesdir %(pkg-config --variable=enginesdir libcrypto) Name: openssl-ibmca -Version: 2.0.0 +Version: 2.0.1 Release: 1%{?dist} Summary: An IBMCA OpenSSL dynamic engine @@ -44,6 +44,9 @@ %{_mandir}/man5/ibmca.5* %changelog +* Thu Nov 08 2018 Patrick Steuer <patrick.ste...@de.ibm.com> 2.0.1 +- Update Version + * Wed Jun 06 2018 Eduardo Barretto <ebarre...@linux.vnet.ibm.com> 2.0.0 - Update Version - Update libica version required for building ibmca diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl-ibmca-2.0.0/src/Makefile.am new/openssl-ibmca-2.0.1/src/Makefile.am --- old/openssl-ibmca-2.0.0/src/Makefile.am 2018-06-08 15:47:56.000000000 +0200 +++ new/openssl-ibmca-2.0.1/src/Makefile.am 2018-11-15 16:49:56.000000000 +0100 @@ -13,7 +13,7 @@ ibmca_la_LIBADD=-ldl ibmca_la_LDFLAGS=-module -version-info ${VERSION} -shared -no-undefined \ - -Wl,--version-script=${srcdir}/../ibmca.map + -avoid-version -Wl,--version-script=${srcdir}/../ibmca.map dist_ibmca_la_SOURCES=ibmca.h e_ibmca_err.h EXTRA_DIST = openssl.cnf.sample diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl-ibmca-2.0.0/src/e_ibmca.c new/openssl-ibmca-2.0.1/src/e_ibmca.c --- old/openssl-ibmca-2.0.0/src/e_ibmca.c 2018-06-08 15:47:56.000000000 +0200 +++ new/openssl-ibmca-2.0.1/src/e_ibmca.c 2018-11-15 16:49:56.000000000 +0100 @@ -43,7 +43,7 @@ #ifndef OPENSSL_NO_HW_IBMCA #define IBMCA_LIB_NAME "ibmca engine" -#define LIBICA_SHARED_LIB "libica.so" +#define LIBICA_SHARED_LIB "libica.so.3" #define AP_PATH "/sys/devices/ap" @@ -68,7 +68,7 @@ * implicitly. */ void *ibmca_dso = NULL; -ica_adapter_handle_t ibmca_handle = 0; +ica_adapter_handle_t ibmca_handle = DRIVER_NOT_LOADED; /* entry points into libica, filled out at DSO load time */ ica_get_functionlist_t p_ica_get_functionlist; @@ -259,8 +259,6 @@ #ifndef NO_EC ibmca_ec_destroy(); #endif - ERR_unload_IBMCA_strings(); - return 1; } @@ -626,45 +624,17 @@ return rc; } -/* utility function to obtain a context */ -static int get_context(ica_adapter_handle_t *p_handle) -{ - unsigned int status = 0; - - status = p_ica_open_adapter(p_handle); - if (status != 0) - return 0; - - return 1; -} - -/* similarly to release one. */ -static void release_context(ica_adapter_handle_t i_handle) -{ - p_ica_close_adapter(i_handle); -} - -/* initialisation functions. */ -#define BIND(dso, sym) (p_##sym = (sym##_t)dlsym(dso, #sym)) -static int ibmca_init(ENGINE *e) +__attribute__((constructor)) +static void ibmca_constructor(void) { static int init = 0; - if (init) /* Engine already loaded. */ - return 1; - init++; - DEBUG_PRINTF(">%s\n", __func__); - /* Attempt to load libica.so. Needs to be - * changed unfortunately because the Ibmca drivers don't have - * standard library names that can be platform-translated well. */ - /* TODO: Work out how to actually map to the names the Ibmca - * drivers really use - for now a symbollic link needs to be - * created on the host system from libica.so to ica.so on - * unix variants. */ + if (init) + return; - /* WJH XXX check name translation */ + ERR_load_IBMCA_strings(); ibmca_dso = dlopen(LIBICA_SHARED_LIB, RTLD_NOW); if (ibmca_dso == NULL) { @@ -673,75 +643,89 @@ goto err; } +#define BIND(dso, sym) (p_##sym = (sym##_t)dlsym(dso, #sym)) + if (!BIND(ibmca_dso, ica_open_adapter) || !BIND(ibmca_dso, ica_close_adapter) - || !BIND(ibmca_dso, ica_rsa_mod_expo) - || !BIND(ibmca_dso, ica_rsa_crt) - || !BIND(ibmca_dso, ica_random_number_generate) - || !BIND(ibmca_dso, ica_sha1) - || !BIND(ibmca_dso, ica_sha256) - || !BIND(ibmca_dso, ica_sha512) - || !BIND(ibmca_dso, ica_aes_ecb) - || !BIND(ibmca_dso, ica_des_ecb) - || !BIND(ibmca_dso, ica_3des_ecb) - || !BIND(ibmca_dso, ica_aes_cbc) - || !BIND(ibmca_dso, ica_des_cbc) - || !BIND(ibmca_dso, ica_3des_cbc) - || !BIND(ibmca_dso, ica_aes_ofb) - || !BIND(ibmca_dso, ica_des_ofb) - || !BIND(ibmca_dso, ica_3des_ofb) - || !BIND(ibmca_dso, ica_aes_cfb) - || !BIND(ibmca_dso, ica_des_cfb) - || !BIND(ibmca_dso, ica_3des_cfb) - || !BIND(ibmca_dso, ica_get_functionlist) -#ifndef OPENSSL_NO_AES_GCM - || !BIND(ibmca_dso, ica_aes_gcm_initialize) - || !BIND(ibmca_dso, ica_aes_gcm_intermediate) - || !BIND(ibmca_dso, ica_aes_gcm_last) -#endif -#ifndef OPENSSL_NO_EC - || !BIND(ibmca_dso, ica_ec_key_new) - || !BIND(ibmca_dso, ica_ec_key_init) - || !BIND(ibmca_dso, ica_ec_key_generate) - || !BIND(ibmca_dso, ica_ecdh_derive_secret) - || !BIND(ibmca_dso, ica_ecdsa_sign) - || !BIND(ibmca_dso, ica_ecdsa_verify) - || !BIND(ibmca_dso, ica_ec_key_get_public_key) - || !BIND(ibmca_dso, ica_ec_key_get_private_key) - || !BIND(ibmca_dso, ica_ec_key_free) -#endif - ) { + || !BIND(ibmca_dso, ica_get_functionlist)) { IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE); DEBUG_PRINTF("%s: function bind failed\n", __func__); goto err; } - - /* disable fallbacks on Libica */ + BIND(ibmca_dso, ica_rsa_mod_expo); + BIND(ibmca_dso, ica_rsa_crt); + BIND(ibmca_dso, ica_random_number_generate); + BIND(ibmca_dso, ica_sha1); + BIND(ibmca_dso, ica_sha256); + BIND(ibmca_dso, ica_sha512); + BIND(ibmca_dso, ica_aes_ecb); + BIND(ibmca_dso, ica_des_ecb); + BIND(ibmca_dso, ica_3des_ecb); + BIND(ibmca_dso, ica_aes_cbc); + BIND(ibmca_dso, ica_des_cbc); + BIND(ibmca_dso, ica_3des_cbc); + BIND(ibmca_dso, ica_aes_ofb); + BIND(ibmca_dso, ica_des_ofb); + BIND(ibmca_dso, ica_3des_ofb); + BIND(ibmca_dso, ica_aes_cfb); + BIND(ibmca_dso, ica_des_cfb); + BIND(ibmca_dso, ica_3des_cfb); +#ifndef OPENSSL_NO_AES_GCM + BIND(ibmca_dso, ica_aes_gcm_initialize); + BIND(ibmca_dso, ica_aes_gcm_intermediate); + BIND(ibmca_dso, ica_aes_gcm_last); +#endif +#ifndef OPENSSL_NO_EC + BIND(ibmca_dso, ica_ec_key_new); + BIND(ibmca_dso, ica_ec_key_init); + BIND(ibmca_dso, ica_ec_key_generate); + BIND(ibmca_dso, ica_ecdh_derive_secret); + BIND(ibmca_dso, ica_ecdsa_sign); + BIND(ibmca_dso, ica_ecdsa_verify); + BIND(ibmca_dso, ica_ec_key_get_public_key); + BIND(ibmca_dso, ica_ec_key_get_private_key); + BIND(ibmca_dso, ica_ec_key_free); +#endif #if DISABLE_SW_FALLBACKS + /* disable fallbacks on Libica */ if (BIND(ibmca_dso, ica_set_fallback_mode)) p_ica_set_fallback_mode(0); #endif - if (!set_supported_meths(e)) - goto err; - - if (!get_context(&ibmca_handle)) { + if (p_ica_open_adapter(&ibmca_handle)) { IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_UNIT_FAILURE); goto err; } DEBUG_PRINTF("<%s success\n", __func__); - return 1; + return; + err: - if (ibmca_dso) { + DEBUG_PRINTF("<%s failure\n", __func__); + + if (ibmca_dso) dlclose(ibmca_dso); - ibmca_dso = NULL; - } + + ibmca_dso = NULL; + p_ica_open_adapter = NULL; p_ica_close_adapter = NULL; + p_ica_rsa_mod_expo = NULL; - p_ica_random_number_generate = NULL; p_ica_rsa_crt = NULL; +#ifndef OPENSSL_NO_EC + p_ica_ec_key_new = NULL; + p_ica_ec_key_init = NULL; + p_ica_ec_key_generate = NULL; + p_ica_ecdh_derive_secret = NULL; + p_ica_ecdsa_sign = NULL; + p_ica_ecdsa_verify = NULL; + p_ica_ec_key_get_public_key = NULL; + p_ica_ec_key_get_private_key = NULL; + p_ica_ec_key_free = NULL; +#endif + + p_ica_random_number_generate = NULL; p_ica_sha1 = NULL; p_ica_sha256 = NULL; p_ica_sha512 = NULL; @@ -762,34 +746,36 @@ p_ica_aes_gcm_intermediate = NULL; p_ica_aes_gcm_last = NULL; #endif -#ifndef OPENSSL_NO_EC - p_ica_ec_key_new = NULL; - p_ica_ec_key_init = NULL; - p_ica_ec_key_generate = NULL; - p_ica_ecdh_derive_secret = NULL; - p_ica_ecdsa_sign = NULL; - p_ica_ecdsa_verify = NULL; - p_ica_ec_key_get_public_key = NULL; - p_ica_ec_key_get_private_key = NULL; - p_ica_ec_key_free = NULL; -#endif - - return 0; } -static int ibmca_finish(ENGINE *e) +__attribute__((destructor)) +static void ibmca_destructor(void) { + ERR_unload_IBMCA_strings(); + if (ibmca_dso == NULL) { IBMCAerr(IBMCA_F_IBMCA_FINISH, IBMCA_R_NOT_LOADED); - return 0; + return; } - release_context(ibmca_handle); + if (dlclose(ibmca_dso)) { IBMCAerr(IBMCA_F_IBMCA_FINISH, IBMCA_R_DSO_FAILURE); - return 0; + return; } - ibmca_dso = NULL; + p_ica_close_adapter(ibmca_handle); +} + +static int ibmca_init(ENGINE *e) +{ + if (ibmca_dso == NULL) + return 0; + + return 1; +} + +static int ibmca_finish(ENGINE *e) +{ return 1; } @@ -831,10 +817,11 @@ !ENGINE_set_cmd_defns(e, ibmca_cmd_defns)) return 0; - /* Ensure the ibmca error handling is set up */ - ERR_load_IBMCA_strings(); - /* initialize the engine implizit */ - ibmca_init(e); + if (ibmca_dso == NULL) + return 0; + + if (!set_supported_meths(e)) + return 0; return 1; }