1 files changed, 40 insertions, 0 deletions

diff --git a/debian/patches/libica_v2.6.1_performance_fix.patch b/debian/patches/libica_v2.6.1_performance_fix.patch
new file mode 100644
index 0000000..cf4df2b
--- /dev/null
+++ b/debian/patches/libica_v2.6.1_performance_fix.patch
@@ -0,0 +1,40 @@
+Description: ica_random_number_generate performance improvement
+ Changed the ica_random_number_generate function that asks the
+ global DRBG instance for random bytes to not reseed the
+ instance on every call.
+Origin: https://sourceforge.net/p/opencryptoki/libica/ci/3bcd3efb0aff364515ab9b3c39dd68fbbb1534d0/
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libica/+bug/1608954
+
+--- a/src/s390_prng.c	
++++ b/src/s390_prng.c	
+@@ -76,10 +76,9 @@ int s390_prng_init(void)
+ 	// available. However, the old prng is still initialized but
+ 	// only used as a fallback.
+ 	if(sha512_switch || sha512_drng_switch){
+-		const char *pers = "ica_drbg_global";
+ 		ica_drbg_instantiate(&ica_drbg_global, 256, true,
+-				     ICA_DRBG_SHA512, (unsigned char *)pers,
+-				     strlen(pers));
++				     ICA_DRBG_SHA512,
++				     (unsigned char *)"GLOBAL INSTANCE", 15);
+ 	}
+ 
+ 	// The old prng code starts here:
+@@ -181,7 +180,7 @@ int s390_prng(unsigned char *output_data
+ 		unsigned char *ptr = output_data;
+ 		size_t i = 0;
+ 		for(; i < q; i++){
+-			status = ica_drbg_generate(ica_drbg_global, 256, true,
++			status = ica_drbg_generate(ica_drbg_global, 256, false,
+ 						   NULL, 0, ptr,
+ 						   ICA_DRBG_SHA512
+ 						   ->max_no_of_bytes_per_req);
+@@ -191,7 +190,7 @@ int s390_prng(unsigned char *output_data
+ 			ptr += ICA_DRBG_SHA512->max_no_of_bytes_per_req;
+ 		}
+ 		if(!status){
+-			status = ica_drbg_generate(ica_drbg_global, 256, true,
++			status = ica_drbg_generate(ica_drbg_global, 256, false,
+ 						   NULL, 0, ptr, r);
+ 			if(!status)
+ 				return 0;