From 0762267c8bf8934fedb9a8f5119691a844852757 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Tue, 3 Jan 2017 12:03:50 +0000 Subject: Import libica_3.0.1-3.debian.tar.xz [dgit import tarball libica 3.0.1-3 libica_3.0.1-3.debian.tar.xz] --- changelog | 79 ++++++ compat | 1 + control | 35 +++ copyright | 271 +++++++++++++++++++++ libica-dev.install | 2 + libica-utils.install | 2 + libica3.install | 2 + libica3.symbols | 66 +++++ ...-initialization-of-s390-hardware-switches.patch | 47 ++++ patches/0001-Fix-msa-level-detection.patch | 71 ++++++ ...lization-of-s390-hardware-switches-part-2.patch | 35 +++ ...0004-Make-test-suite-bail-out-upon-errors.patch | 22 ++ ...kip-generating-suite.out-report-to-stdout.patch | 100 ++++++++ patches/libica_v2.6.1_performance_fix.patch | 40 +++ patches/reset-rng.patch | 38 +++ patches/series | 1 + patches/skip-icastats-test.patch | 13 + patches/test-suite.patch | 42 ++++ rules | 16 ++ source/format | 1 + watch | 2 + 21 files changed, 886 insertions(+) create mode 100644 changelog create mode 100644 compat create mode 100644 control create mode 100644 copyright create mode 100644 libica-dev.install create mode 100644 libica-utils.install create mode 100644 libica3.install create mode 100644 libica3.symbols create mode 100644 patches/0001-Fix-initialization-of-s390-hardware-switches.patch create mode 100644 patches/0001-Fix-msa-level-detection.patch create mode 100644 patches/0002-Fix-initialization-of-s390-hardware-switches-part-2.patch create mode 100644 patches/0004-Make-test-suite-bail-out-upon-errors.patch create mode 100644 patches/0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch create mode 100644 patches/libica_v2.6.1_performance_fix.patch create mode 100644 patches/reset-rng.patch create mode 100644 patches/series create mode 100644 patches/skip-icastats-test.patch create mode 100644 patches/test-suite.patch create mode 100755 rules create mode 100644 source/format create mode 100644 watch diff --git a/changelog b/changelog new file mode 100644 index 0000000..2d4ac44 --- /dev/null +++ b/changelog @@ -0,0 +1,79 @@ +libica (3.0.1-3) unstable; urgency=medium + + * Upload to unstable + + -- Dimitri John Ledkov Tue, 03 Jan 2017 12:03:50 +0000 + +libica (3.0.1-2) experimental; urgency=medium + + * Fix broken -dev -> lib dependency. + + -- Dimitri John Ledkov Tue, 29 Nov 2016 13:19:06 +0000 + +libica (3.0.1-1) experimental; urgency=medium + + * New upstream release Closes: #835811 + + -- Dimitri John Ledkov Thu, 24 Nov 2016 16:48:43 +0000 + +libica (2.6.1-4) unstable; urgency=medium + + * Cherry-pick upstream patch to fix msa level detection. + LP: #1642639. Closes: #845056 + * Build-depend on libssl1.0-dev, upgrade to 1.1 requires v3.0 upstream + release. Closes: #835811 + + -- Dimitri John Ledkov Tue, 22 Nov 2016 16:13:12 +0000 + +libica (2.6.1-3) unstable; urgency=medium + + * Cherry-pick upstream patch to stop reseeding global DRBG instance on + every call. LP: #1608954 + * Cherry-pick ubuntu patches to skip icastats tests (fails) + * Improve icastats test to pass the SW rng test + * CHerry-pick ubuntu patch for a complete hw initialisation fix + + -- Dimitri John Ledkov Mon, 22 Aug 2016 10:59:18 +0100 + +libica (2.6.1-2) unstable; urgency=medium + + * Cherry pick upstream patch to fix symbol visibility and thus + initialization on s390. LP: #1566238 + + -- Dimitri John Ledkov Tue, 19 Apr 2016 10:59:03 +0100 + +libica (2.6.1-1) unstable; urgency=medium + + * New upstream release LP: #1548353. + * Disable icastats_test, fails with new RNG. + * Update libica2.symbols. + + -- Dimitri John Ledkov Tue, 08 Mar 2016 11:50:20 +0000 + +libica (2.5.0-2) unstable; urgency=medium + + * Bump standards version to 3.9.7. + * Add libica2.symbols file. + * Cherry-pick upstream fix for an off-by-one loop. + + -- Dimitri John Ledkov Mon, 22 Feb 2016 13:10:57 +0000 + +libica (2.5.0-1) unstable; urgency=medium + + * Initial release to Debian. Closes: #813765. + + -- Dimitri John Ledkov Fri, 05 Feb 2016 04:45:59 +0000 + +libica (2.5.0-0ubuntu2) xenial; urgency=high + + * Git format patches + * Add debian/watch file + * Include soname in the libica2 install globs + + -- Dimitri John Ledkov Wed, 27 Jan 2016 22:15:16 +0000 + +libica (2.5.0-0ubuntu1) xenial; urgency=low + + * Initial release + + -- Dimitri John Ledkov Thu, 07 Jan 2016 22:39:27 +0000 diff --git a/compat b/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +9 diff --git a/control b/control new file mode 100644 index 0000000..0dc6466 --- /dev/null +++ b/control @@ -0,0 +1,35 @@ +Source: libica +Priority: optional +Maintainer: Dimitri John Ledkov +Build-Depends: debhelper (>= 9), dh-autoreconf, libssl-dev, autoconf-archive +Standards-Version: 3.9.7 +Section: libs +Homepage: http://sourceforge.net/projects/opencryptoki/files/libica/ + +Package: libica-dev +Section: libdevel +Architecture: s390 s390x +Multi-Arch: same +Depends: libica3 (= ${binary:Version}), ${misc:Depends} +Description: hardware cryptography support for IBM System z hardware (dev package) + libica library provides hardware acceleration for cryptographic + functions and is part of the openCryptoki project. + . + This package contains development headers and library. + +Package: libica3 +Architecture: s390 s390x +Multi-Arch: same +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: hardware cryptography support for IBM System z hardware + libica library provides hardware acceleration for cryptographic + functions and is part of the openCryptoki project. + +Package: libica-utils +Architecture: s390 s390x +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: hardware cryptography support for Linux on z Systems (utils) + libica library provides hardware acceleration for cryptographic + functions and is part of the openCryptoki project. + . + This package contains icastats and icainfo utilities. diff --git a/copyright b/copyright new file mode 100644 index 0000000..42c19b0 --- /dev/null +++ b/copyright @@ -0,0 +1,271 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: libica +Source: http://sourceforge.net/projects/opencryptoki/files/libica/ + +Files: * +Copyright: 2001-2015 IBM Corp. +License: CPL + . + Common Public License - V1.0 + . + THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS COMMON + PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF + THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + . + 1. DEFINITIONS + . + "Contribution" means: + 1. in the case of the initial Contributor, the initial code and + documentation distributed under this Agreement, and + . + 2. in the case of each subsequent Contributor: + 1. changes to the Program, and + 2. additions to the Program; + . + where such changes and/or additions to the Program originate + from and are distributed by that particular Contributor. A + Contribution 'originates' from a Contributor if it was added to + the Program by such Contributor itself or anyone acting on such + Contributor's behalf. Contributions do not include additions to + the Program which: (i) are separate modules of software + distributed in conjunction with the Program under their own + license agreement, and (ii) are not derivative works of the + Program. + . + "Contributor" means any person or entity that distributes the Program. + . + "Licensed Patents " mean patent claims licensable by a Contributor + which are necessarily infringed by the use or sale of its Contribution + alone or when combined with the Program. + . + "Program" means the Contributions distributed in accordance with this + Agreement. + . + "Recipient" means anyone who receives the Program under this Agreement, + including all Contributors. + . + . + 2. GRANT OF RIGHTS + . + 1. Subject to the terms of this Agreement, each Contributor + hereby grants Recipient a non-exclusive, worldwide, + royalty-free copyright license to reproduce, prepare derivative + works of, publicly display, publicly perform, distribute and + sublicense the Contribution of such Contributor, if any, and + such derivative works, in source code and object code form. + . + 2. Subject to the terms of this Agreement, each Contributor + hereby grants Recipient a non-exclusive, worldwide, + royalty-free patent license under Licensed Patents to make, + use, sell, offer to sell, import and otherwise transfer the + Contribution of such Contributor, if any, in source code and + object code form. This patent license shall apply to the + combination of the Contribution and the Program if, at the time + the Contribution is added by the Contributor, such addition of + the Contribution causes such combination to be covered by the + Licensed Patents. The patent license shall not apply to any + other combinations which include the Contribution. No hardware + per se is licensed hereunder. + . + 3. Recipient understands that although each Contributor grants + the licenses to its Contributions set forth herein, no + assurances are provided by any Contributor that the Program + does not infringe the patent or other intellectual property + rights of any other entity. Each Contributor disclaims any + liability to Recipient for claims brought by any other entity + based on infringement of intellectual property rights or + otherwise. As a condition to exercising the rights and licenses + granted hereunder, each Recipient hereby assumes sole + responsibility to secure any other intellectual property rights + needed, if any. For example, if a third party patent license is + required to allow Recipient to distribute the Program, it is + Recipient's responsibility to acquire that license before + distributing the Program. + . + 4. Each Contributor represents that to its knowledge it has + sufficient copyright rights in its Contribution, if any, to + grant the copyright license set forth in this Agreement. + . + . + 3. REQUIREMENTS + . + A Contributor may choose to distribute the Program in object code form + under its own license agreement, provided that: + . + 1. it complies with the terms and conditions of this Agreement; + and + . + 2. its license agreement: + 1. effectively disclaims on behalf of all Contributors + all warranties and conditions, express and implied, + including warranties or conditions of title and + non-infringement, and implied warranties or conditions + of merchantability and fitness for a particular purpose; + . + 2. effectively excludes on behalf of all Contributors + all liability for damages, including direct, indirect, + special, incidental and consequential damages, such as + lost profits; + . + 3. states that any provisions which differ from this + Agreement are offered by that Contributor alone and not + by any other party; and + . + 4. states that source code for the Program is available + from such Contributor, and informs licensees how to + obtain it in a reasonable manner on or through a medium + customarily used for software exchange. + . + When the Program is made available in source code form: + 1. it must be made available under this Agreement; and + 2. a copy of this Agreement must be included with each + copy of the Program. + . + Contributors may not remove or alter any copyright notices + contained within the Program. + . + Each Contributor must identify itself as the originator of its + Contribution, if any, in a manner that reasonably allows + subsequent Recipients to identify the originator of the + Contribution. + . + . + 4. COMMERCIAL DISTRIBUTION + . + Commercial distributors of software may accept certain responsibilities + with respect to end users, business partners and the like. While this + license is intended to facilitate the commercial use of the Program, + the Contributor who includes the Program in a commercial product + offering should do so in a manner which does not create potential + liability for other Contributors. Therefore, if a Contributor includes + the Program in a commercial product offering, such Contributor + ("Commercial Contributor") hereby agrees to defend and indemnify every + other Contributor ("Indemnified Contributor") against any losses, + damages and costs (collectively "Losses") arising from claims, lawsuits + and other legal actions brought by a third party against the + Indemnified Contributor to the extent caused by the acts or omissions + of such Commercial Contributor in connection with its distribution of + the Program in a commercial product offering. The obligations in this + section do not apply to any claims or Losses relating to any actual or + alleged intellectual property infringement. In order to qualify, an + Indemnified Contributor must: a) promptly notify the Commercial + Contributor in writing of such claim, and b) allow the Commercial + Contributor to control, and cooperate with the Commercial Contributor + in, the defense and any related settlement negotiations. The + Indemnified Contributor may participate in any such claim at its own + expense. + . + For example, a Contributor might include the Program in a commercial + product offering, Product X. That Contributor is then a Commercial + Contributor. If that Commercial Contributor then makes performance + claims, or offers warranties related to Product X, those performance + claims and warranties are such Commercial Contributor's responsibility + alone. Under this section, the Commercial Contributor would have to + defend claims against the other Contributors related to those + performance claims and warranties, and if a court requires any other + Contributor to pay any damages as a result, the Commercial Contributor + must pay those damages. + . + . + 5. NO WARRANTY + . + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS + PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY + WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR + FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible + for determining the appropriateness of using and distributing the + Program and assumes all risks associated with its exercise of rights + under this Agreement, including but not limited to the risks and costs + of program errors, compliance with applicable laws, damage to or loss + of data, programs or equipment, and unavailability or interruption of + operations. + . + . + 6. DISCLAIMER OF LIABILITY + . + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR + ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING + WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR + DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED + HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + . + . + 7. GENERAL + . + If any provision of this Agreement is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability of + the remainder of the terms of this Agreement, and without further + action by the parties hereto, such provision shall be reformed to the + minimum extent necessary to make such provision valid and enforceable. + . + If Recipient institutes patent litigation against a Contributor with + respect to a patent applicable to software (including a cross-claim or + counterclaim in a lawsuit), then any patent licenses granted by that + Contributor to such Recipient under this Agreement shall terminate as + of the date such litigation is filed. In addition, if Recipient + institutes patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Program + itself (excluding combinations of the Program with other software or + hardware) infringes such Recipient's patent(s), then such Recipient's + rights granted under Section 2(b) shall terminate as of the date such + litigation is filed. + . + All Recipient's rights under this Agreement shall terminate if it fails + to comply with any of the material terms or conditions of this + Agreement and does not cure such failure in a reasonable period of time + after becoming aware of such noncompliance. If all Recipient's rights + under this Agreement terminate, Recipient agrees to cease use and + distribution of the Program as soon as reasonably practicable. However, + Recipient's obligations under this Agreement and any licenses granted + by Recipient relating to the Program shall continue and survive. + . + Everyone is permitted to copy and distribute copies of this Agreement, + but in order to avoid inconsistency the Agreement is copyrighted and + may only be modified in the following manner. The Agreement Steward + reserves the right to publish new versions (including revisions) of + this Agreement from time to time. No one other than the Agreement + Steward has the right to modify this Agreement. IBM is the initial + Agreement Steward. IBM may assign the responsibility to serve as the + Agreement Steward to a suitable separate entity. Each new version of + the Agreement will be given a distinguishing version number. The + Program (including Contributions) may always be distributed subject to + the version of the Agreement under which it was received. In addition, + after a new version of the Agreement is published, Contributor may + elect to distribute the Program (including its Contributions) under the + new version. Except as expressly stated in Sections 2(a) and 2(b) + above, Recipient receives no rights or licenses to the intellectual + property of any Contributor under this Agreement, whether expressly, by + implication, estoppel or otherwise. All rights in the Program not + expressly granted under this Agreement are reserved. + . + This Agreement is governed by the laws of the State of New York and the + intellectual property laws of the United States of America. No party to + this Agreement will bring a legal action under this Agreement more than + one year after the cause of action arose. Each party waives its rights + to a jury trial in any resulting litigation. + +Files: debian/* +Copyright: 2016 Canonical LTD +License: BSD-2-clause + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + . + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY + WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/libica-dev.install b/libica-dev.install new file mode 100644 index 0000000..f3800aa --- /dev/null +++ b/libica-dev.install @@ -0,0 +1,2 @@ +usr/include/* +usr/lib/*/lib*.so diff --git a/libica-utils.install b/libica-utils.install new file mode 100644 index 0000000..6cc411d --- /dev/null +++ b/libica-utils.install @@ -0,0 +1,2 @@ +usr/bin/* +usr/share/man* \ No newline at end of file diff --git a/libica3.install b/libica3.install new file mode 100644 index 0000000..f544402 --- /dev/null +++ b/libica3.install @@ -0,0 +1,2 @@ +usr/lib/*/lib*.so.3 +usr/lib/*/lib*.so.3.* diff --git a/libica3.symbols b/libica3.symbols new file mode 100644 index 0000000..abc7a65 --- /dev/null +++ b/libica3.symbols @@ -0,0 +1,66 @@ +libica.so.3 libica3 #MINVER# + ICA_DRBG_SHA512@Base 3.0.1 + ica_3des_cbc@Base 3.0.1 + ica_3des_cbc_cs@Base 3.0.1 + ica_3des_cfb@Base 3.0.1 + ica_3des_cmac@Base 3.0.1 + ica_3des_cmac_intermediate@Base 3.0.1 + ica_3des_cmac_last@Base 3.0.1 + ica_3des_ctr@Base 3.0.1 + ica_3des_ctrlist@Base 3.0.1 + ica_3des_decrypt@Base 3.0.1 + ica_3des_ecb@Base 3.0.1 + ica_3des_encrypt@Base 3.0.1 + ica_3des_ofb@Base 3.0.1 + ica_aes_cbc@Base 3.0.1 + ica_aes_cbc_cs@Base 3.0.1 + ica_aes_ccm@Base 3.0.1 + ica_aes_cfb@Base 3.0.1 + ica_aes_cmac@Base 3.0.1 + ica_aes_cmac_intermediate@Base 3.0.1 + ica_aes_cmac_last@Base 3.0.1 + ica_aes_ctr@Base 3.0.1 + ica_aes_ctrlist@Base 3.0.1 + ica_aes_decrypt@Base 3.0.1 + ica_aes_ecb@Base 3.0.1 + ica_aes_encrypt@Base 3.0.1 + ica_aes_gcm@Base 3.0.1 + ica_aes_gcm_initialize@Base 3.0.1 + ica_aes_gcm_intermediate@Base 3.0.1 + ica_aes_gcm_last@Base 3.0.1 + ica_aes_ofb@Base 3.0.1 + ica_aes_xts@Base 3.0.1 + ica_close_adapter@Base 3.0.1 + ica_des_cbc@Base 3.0.1 + ica_des_cbc_cs@Base 3.0.1 + ica_des_cfb@Base 3.0.1 + ica_des_cmac@Base 3.0.1 + ica_des_cmac_intermediate@Base 3.0.1 + ica_des_cmac_last@Base 3.0.1 + ica_des_ctr@Base 3.0.1 + ica_des_ctrlist@Base 3.0.1 + ica_des_decrypt@Base 3.0.1 + ica_des_ecb@Base 3.0.1 + ica_des_encrypt@Base 3.0.1 + ica_des_ofb@Base 3.0.1 + ica_drbg_generate@Base 3.0.1 + ica_drbg_health_test@Base 3.0.1 + ica_drbg_instantiate@Base 3.0.1 + ica_drbg_reseed@Base 3.0.1 + ica_drbg_uninstantiate@Base 3.0.1 + ica_get_functionlist@Base 3.0.1 + ica_get_version@Base 3.0.1 + ica_open_adapter@Base 3.0.1 + ica_random_number_generate@Base 3.0.1 + ica_rsa_crt@Base 3.0.1 + ica_rsa_crt_key_check@Base 3.0.1 + ica_rsa_key_generate_crt@Base 3.0.1 + ica_rsa_key_generate_mod_expo@Base 3.0.1 + ica_rsa_mod_expo@Base 3.0.1 + ica_sha1@Base 3.0.1 + ica_sha224@Base 3.0.1 + ica_sha256@Base 3.0.1 + ica_sha384@Base 3.0.1 + ica_sha512@Base 3.0.1 + s390_get_functionlist@Base 3.0.1 + s390_initialize_functionlist@Base 3.0.1 diff --git a/patches/0001-Fix-initialization-of-s390-hardware-switches.patch b/patches/0001-Fix-initialization-of-s390-hardware-switches.patch new file mode 100644 index 0000000..dbc1430 --- /dev/null +++ b/patches/0001-Fix-initialization-of-s390-hardware-switches.patch @@ -0,0 +1,47 @@ +From b73a9c6bcfded1f15cb02692fe5ed38fad05c8a0 Mon Sep 17 00:00:00 2001 +From: Ingo Tuchscherer +Date: Tue, 19 Apr 2016 10:55:50 +0200 +Subject: [PATCH 1/2] Fix initialization of s390 hardware switches + +The initialization of the hardware switches was not done correctly. +This could lead to illegal access and segmentation fault. + +Changed declaration of hardware switches to ensure uniqueness +across compile units and thereby proper initialization. + +Signed-off-by: Ingo Tuchscherer +--- + src/include/s390_crypto.h | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/include/s390_crypto.h b/src/include/s390_crypto.h +index 0f967f7..793a41f 100644 +--- a/src/include/s390_crypto.h ++++ b/src/include/s390_crypto.h +@@ -83,7 +83,7 @@ enum s390_crypto_function { + S390_CRYPTO_SHA512_DRNG_SEED = 0x03 | 0x80 + }; + +-unsigned int sha1_switch, sha256_switch, sha512_switch, des_switch, ++extern unsigned int sha1_switch, sha256_switch, sha512_switch, des_switch, + tdes_switch, aes128_switch, aes192_switch, aes256_switch, + prng_switch, tdea128_switch, tdea192_switch, sha512_drng_switch, + msa4_switch, msa5_switch; +@@ -119,10 +119,10 @@ typedef enum { + SHA512_DRNG_SEED + } ppno_functions_t; + +-s390_supported_function_t s390_kmc_functions[PRNG + 1]; +-s390_supported_function_t s390_msa4_functions[AES_256_XTS_DECRYPT + 1]; +-s390_supported_function_t s390_kimd_functions[GHASH + 1]; +-s390_supported_function_t s390_ppno_functions[SHA512_DRNG_SEED + 1]; ++extern s390_supported_function_t s390_kmc_functions[PRNG + 1]; ++extern s390_supported_function_t s390_msa4_functions[AES_256_XTS_DECRYPT + 1]; ++extern s390_supported_function_t s390_kimd_functions[GHASH + 1]; ++extern s390_supported_function_t s390_ppno_functions[SHA512_DRNG_SEED + 1]; + + void s390_crypto_switches_init(void); + +-- +2.7.4 + diff --git a/patches/0001-Fix-msa-level-detection.patch b/patches/0001-Fix-msa-level-detection.patch new file mode 100644 index 0000000..1f2035c --- /dev/null +++ b/patches/0001-Fix-msa-level-detection.patch @@ -0,0 +1,71 @@ +From eeb40e5aea7dd36580629e6b17cd7f03fb62549c Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Thu, 17 Nov 2016 14:39:29 +0100 +Subject: [PATCH] Fix msa level detection + +Fixed problem in library constructor that was leading to false positive +msa level detection resulting in illegal instruction. + +Signed-off-by: Patrick Steuer +--- + src/s390_crypto.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/s390_crypto.c b/src/s390_crypto.c +index f119202..17cc068 100644 +--- a/src/s390_crypto.c ++++ b/src/s390_crypto.c +@@ -146,6 +146,8 @@ void set_switches(int msa) + * kimd query and do not need to over the whole array. Therfore there + * is also no distict setting of the switch needed in form + * msa4_switch = 1. */ ++ ++ /* kmc query */ + memset(mask, 0, sizeof(mask)); + if (msa) { + if (begin_sigill_section(&oldact, &oldset) == 0) { +@@ -162,13 +164,14 @@ void set_switches(int msa) + *s390_kmc_functions[n].enabled = on; + } + ++ /* kimd query */ ++ memset(mask, 0, sizeof(mask)); + if (msa) { + if (begin_sigill_section(&oldact, &oldset) == 0) { + s390_kimd(S390_CRYPTO_QUERY, mask, (void *) 0, 0); + end_sigill_section(&oldact, &oldset); + } + } +- + for (n = 0; n < (sizeof(s390_kimd_functions) / + sizeof(s390_supported_function_t)); n++) { + if (S390_CRYPTO_TEST_MASK(mask, s390_kimd_functions[n].hw_fc)) +@@ -178,6 +181,8 @@ void set_switches(int msa) + *s390_kimd_functions[n].enabled = on; + } + ++ /* ppno query */ ++ memset(mask, 0, sizeof(mask)); + if (5 <= msa) { + msa5_switch = 1; + if (begin_sigill_section(&oldact, &oldset) == 0) { +@@ -185,7 +190,6 @@ void set_switches(int msa) + end_sigill_section(&oldact, &oldset); + } + } +- + for (n = 0; n < (sizeof(s390_ppno_functions) / + sizeof(s390_supported_function_t)); n++) { + if (S390_CRYPTO_TEST_MASK(mask, s390_ppno_functions[n].hw_fc)) +@@ -256,7 +260,7 @@ libica_func_list_element_int icaList[] = { + {RSA_KEY_GEN_ME, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl) + {RSA_KEY_GEN_CRT, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl) + +- {SHA512_DRNG, PPNO, SHA512_DRNG_GEN, ICA_FLAG_SHW | ICA_FLAG_SW, 0}, ++ {SHA512_DRNG, PPNO, SHA512_DRNG_GEN, ICA_FLAG_SW, 0}, + + /* available for the MSA4 instruction */ + /* available for the RSA instruction */ +-- +2.7.4 + diff --git a/patches/0002-Fix-initialization-of-s390-hardware-switches-part-2.patch b/patches/0002-Fix-initialization-of-s390-hardware-switches-part-2.patch new file mode 100644 index 0000000..5427706 --- /dev/null +++ b/patches/0002-Fix-initialization-of-s390-hardware-switches-part-2.patch @@ -0,0 +1,35 @@ +From 9a0ff895de3756c2e1b0815cf9d96b77278e8282 Mon Sep 17 00:00:00 2001 +From: Ingo Tuchscherer +Date: Tue, 19 Apr 2016 12:43:35 +0200 +Subject: [PATCH 2/2] Fix initialization of s390 hardware switches (part 2) + +The initialization of the hardware switches was not done correctly. +This could lead to illegal access and segmentation fault. + +Changed declaration of hardware switches to ensure uniqueness +across compile units and thereby proper initialization. + +Signed-off-by: Ingo Tuchscherer +--- + src/s390_crypto.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/s390_crypto.c b/src/s390_crypto.c +index 44fb40b..8424480 100644 +--- a/src/s390_crypto.c ++++ b/src/s390_crypto.c +@@ -26,6 +26,11 @@ + #include "s390_crypto.h" + #include "init.h" + ++unsigned int sha1_switch, sha256_switch, sha512_switch, des_switch, ++ tdes_switch, aes128_switch, aes192_switch, aes256_switch, ++ prng_switch, tdea128_switch, tdea192_switch, sha512_drng_switch, ++ msa4_switch, msa5_switch; ++ + s390_supported_function_t s390_kimd_functions[] = { + {SHA_1, S390_CRYPTO_SHA_1, &sha1_switch}, + {SHA_224, S390_CRYPTO_SHA_256, &sha256_switch}, +-- +2.7.4 + diff --git a/patches/0004-Make-test-suite-bail-out-upon-errors.patch b/patches/0004-Make-test-suite-bail-out-upon-errors.patch new file mode 100644 index 0000000..fb37a79 --- /dev/null +++ b/patches/0004-Make-test-suite-bail-out-upon-errors.patch @@ -0,0 +1,22 @@ +From ba05f6cff1de5ad8420d1364bb4c1d9187819cf8 Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov +Date: Wed, 27 Jan 2016 22:12:51 +0000 +Subject: [PATCH 4/5] Make test suite bail out upon errors. + +--- + src/tests/suite.run | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/tests/suite.run b/src/tests/suite.run +index 339e347..c53ac31 100755 +--- a/src/tests/suite.run ++++ b/src/tests/suite.run +@@ -1,4 +1,5 @@ + #!/bin/bash ++set -e + + # Libica test suite + # +-- +2.7.0.rc3 + diff --git a/patches/0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch b/patches/0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch new file mode 100644 index 0000000..f01d8aa --- /dev/null +++ b/patches/0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch @@ -0,0 +1,100 @@ +From 86f83dd8c34a9dac3c6638bfa2180cd95ca41fd5 Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov +Date: Wed, 27 Jan 2016 22:13:28 +0000 +Subject: [PATCH 5/5] ubuntu: skip generating suite.out, report to stdout. + +--- + src/tests/suite.run | 70 ++++++++++++++++++++++++++--------------------------- + 1 file changed, 35 insertions(+), 35 deletions(-) + +Index: libica/src/tests/suite.run +=================================================================== +--- libica.orig/src/tests/suite.run ++++ libica/src/tests/suite.run +@@ -9,50 +9,50 @@ silent=${1} + + echo -ne 'Starting libica test suite ...\n' + echo -ne '-------------------------------------------------- (0%)\r' +-./icastats_test $silent > ./suite.out ++./icastats_test $silent + echo -ne '#------------------------------------------------- (2%)\r' +-./libica_3des_cbc_test $silent >> ./suite.out +-./libica_3des_cfb_test $silent >> ./suite.out +-./libica_3des_ctr_test $silent >> ./suite.out +-./libica_3des_ecb_test $silent >> ./suite.out +-./libica_3des_ofb_test $silent >> ./suite.out ++./libica_3des_cbc_test $silent ++./libica_3des_cfb_test $silent ++./libica_3des_ctr_test $silent ++./libica_3des_ecb_test $silent ++./libica_3des_ofb_test $silent + echo -ne '#######------------------------------------------ (15%)\r' +-./libica_aes128_test $silent >> ./suite.out +-./libica_aes192_test $silent >> ./suite.out +-./libica_aes256_test $silent >> ./suite.out +-./libica_aes_cbc_test $silent >> ./suite.out +-./libica_aes_cfb_test $silent >> ./suite.out +-./libica_aes_ctr_test $silent >> ./suite.out +-./libica_aes_ecb_test $silent >> ./suite.out +-./libica_aes_gcm_test $silent >> ./suite.out +-./libica_aes_ofb_test $silent >> ./suite.out +-./libica_aes_xts_test $silent >> ./suite.out ++./libica_aes128_test $silent ++./libica_aes192_test $silent ++./libica_aes256_test $silent ++./libica_aes_cbc_test $silent ++./libica_aes_cfb_test $silent ++./libica_aes_ctr_test $silent ++./libica_aes_ecb_test $silent ++./libica_aes_gcm_test $silent ++./libica_aes_ofb_test $silent ++./libica_aes_xts_test $silent + echo -ne '###############---------------------------------- (30%)\r' +-./libica_cbccs_test $silent >> ./suite.out +-./libica_ccm_test $silent >> ./suite.out +-./libica_cmac_test $silent >> ./suite.out ++./libica_cbccs_test $silent ++./libica_ccm_test $silent ++./libica_cmac_test $silent + echo -ne '######################--------------------------- (45%)\r' +-./libica_des_cbc_test $silent >> ./suite.out +-./libica_des_cfb_test $silent >> ./suite.out +-./libica_des_ctr_test $silent >> ./suite.out +-./libica_des_ecb_test $silent >> ./suite.out +-./libica_des_ofb_test $silent >> ./suite.out ++./libica_des_cbc_test $silent ++./libica_des_cfb_test $silent ++./libica_des_ctr_test $silent ++./libica_des_ecb_test $silent ++./libica_des_ofb_test $silent + echo -ne '#############################-------------------- (60%)\r' +-./libica_get_functionlist $silent >> ./suite.out +-./libica_get_version $silent >> ./suite.out +-./libica_keygen_test 512 r $silent >> ./suite.out +-./libica_keygen_test 1024 r $silent >> ./suite.out +-./libica_keygen_test 2048 r $silent >> ./suite.out +-./libica_keygen_test 4096 r $silent >> ./suite.out +-./libica_keygen_test 1234 r $silent >> ./suite.out +-./libica_rng_test $silent >> ./suite.out ++./libica_get_functionlist $silent ++./libica_get_version $silent ++./libica_keygen_test 512 r $silent ++./libica_keygen_test 1024 r $silent ++./libica_keygen_test 2048 r $silent ++./libica_keygen_test 4096 r $silent ++./libica_keygen_test 1234 r $silent ++./libica_rng_test $silent + echo -ne '#####################################------------ (70%)\r' +-./libica_rsa_test $silent >> ./suite.out +-./libica_rsa_key_check_test $silent >> ./suite.out ++./libica_rsa_test $silent ++./libica_rsa_key_check_test $silent + echo -ne '############################################----- (80%)\r' + PARMS="libica_sha_test/sha_test_vectors/*" +-./libica_sha_test/libica_sha_test $silent $PARMS >> ./suite.out ++./libica_sha_test/libica_sha_test $silent $PARMS + #./libica_sha_test/libica_sha_test 'libica_sha_test/sha_test_vectors/*' +-./libica_drbg_test $silent >> ./suite.out ++./libica_drbg_test $silent + echo -ne '################################################# (100%) Done\r' + echo -ne '\n' diff --git a/patches/libica_v2.6.1_performance_fix.patch b/patches/libica_v2.6.1_performance_fix.patch new file mode 100644 index 0000000..cf4df2b --- /dev/null +++ b/patches/libica_v2.6.1_performance_fix.patch @@ -0,0 +1,40 @@ +Description: ica_random_number_generate performance improvement + Changed the ica_random_number_generate function that asks the + global DRBG instance for random bytes to not reseed the + instance on every call. +Origin: https://sourceforge.net/p/opencryptoki/libica/ci/3bcd3efb0aff364515ab9b3c39dd68fbbb1534d0/ +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libica/+bug/1608954 + +--- a/src/s390_prng.c ++++ b/src/s390_prng.c +@@ -76,10 +76,9 @@ int s390_prng_init(void) + // available. However, the old prng is still initialized but + // only used as a fallback. + if(sha512_switch || sha512_drng_switch){ +- const char *pers = "ica_drbg_global"; + ica_drbg_instantiate(&ica_drbg_global, 256, true, +- ICA_DRBG_SHA512, (unsigned char *)pers, +- strlen(pers)); ++ ICA_DRBG_SHA512, ++ (unsigned char *)"GLOBAL INSTANCE", 15); + } + + // The old prng code starts here: +@@ -181,7 +180,7 @@ int s390_prng(unsigned char *output_data + unsigned char *ptr = output_data; + size_t i = 0; + for(; i < q; i++){ +- status = ica_drbg_generate(ica_drbg_global, 256, true, ++ status = ica_drbg_generate(ica_drbg_global, 256, false, + NULL, 0, ptr, + ICA_DRBG_SHA512 + ->max_no_of_bytes_per_req); +@@ -191,7 +190,7 @@ int s390_prng(unsigned char *output_data + ptr += ICA_DRBG_SHA512->max_no_of_bytes_per_req; + } + if(!status){ +- status = ica_drbg_generate(ica_drbg_global, 256, true, ++ status = ica_drbg_generate(ica_drbg_global, 256, false, + NULL, 0, ptr, r); + if(!status) + return 0; diff --git a/patches/reset-rng.patch b/patches/reset-rng.patch new file mode 100644 index 0000000..add97a6 --- /dev/null +++ b/patches/reset-rng.patch @@ -0,0 +1,38 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + libica (2.6.1-3) yakkety; urgency=medium + . + * Cherry-pick upstream patch to stop reseeding global DRBG instance on + every call. LP: #1608954 +Author: Dimitri John Ledkov +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1608954 + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: https://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- libica-2.6.1.orig/src/tests/icastats_test.c ++++ libica-2.6.1/src/tests/icastats_test.c +@@ -87,6 +87,8 @@ int main (int argc, char **argv) + * Reset Counters + **/ + system("icastats -r"); ++ sha512_switch = 0; ++ sha512_drng_switch = 0; + rc = ica_random_number_generate(AES_CIPHER_BLOCK, ctr); + if (rc) + exit(handle_ica_error(rc, "ica_random_number_generate")); diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..ddf50ca --- /dev/null +++ b/patches/series @@ -0,0 +1 @@ +test-suite.patch diff --git a/patches/skip-icastats-test.patch b/patches/skip-icastats-test.patch new file mode 100644 index 0000000..9fad6d1 --- /dev/null +++ b/patches/skip-icastats-test.patch @@ -0,0 +1,13 @@ +Index: libica/src/tests/suite.run +=================================================================== +--- libica.orig/src/tests/suite.run ++++ libica/src/tests/suite.run +@@ -9,7 +9,7 @@ silent=${1} + + echo -ne 'Starting libica test suite ...\n' + echo -ne '-------------------------------------------------- (0%)\r' +-./icastats_test $silent ++./icastats_test $silent || : + echo -ne '#------------------------------------------------- (2%)\r' + ./libica_3des_cbc_test $silent + ./libica_3des_cfb_test $silent diff --git a/patches/test-suite.patch b/patches/test-suite.patch new file mode 100644 index 0000000..a2c9d53 --- /dev/null +++ b/patches/test-suite.patch @@ -0,0 +1,42 @@ +--- a/src/tests/suite.run ++++ b/src/tests/suite.run +@@ -1,4 +1,6 @@ + #!/bin/bash ++set -x ++set -e + + # + # Libica test suite +@@ -13,7 +15,6 @@ + + "libica_get_functionlist $verbosity" + "libica_get_version $verbosity" +-"icastats_test $verbosity" + + "libica_drbg_test $verbosity" + +@@ -44,10 +45,10 @@ + "libica_ccm_test $verbosity" + "libica_cmac_test $verbosity" + +-"libica_keygen_test $verbosity 1024 r" +-"libica_keygen_test $verbosity 2048 r" +-"libica_keygen_test $verbosity 3072 r" +-"libica_keygen_test $verbosity 4096 r" ++"libica_keygen_test 1024 r" ++"libica_keygen_test 2048 r" ++"libica_keygen_test 3072 r" ++"libica_keygen_test 4096 r" + "libica_rsa_key_check_test $verbosity" + "libica_rsa_test $verbosity" + +@@ -57,7 +58,7 @@ + echo -ne "" &> $out; + for (( i=1; i <= ${#testcases[@]}; i++ )) + do +- echo -ne "Running libica test suite (writing to "$out") ... "$i"/"${#testcases[@]}"\r"; +- ./${testcases[i-1]} >> $out 2>&1; ++ ./${testcases[i-1]} 2>&1; + done ++./icastats_test 2>&1 || : + echo -ne "\n"; diff --git a/rules b/rules new file mode 100755 index 0000000..bb69bc0 --- /dev/null +++ b/rules @@ -0,0 +1,16 @@ +#!/usr/bin/make -f +%: + dh $@ --with autoreconf + +override_dh_auto_configure: + dh_auto_configure -- --enable-testcases + +override_dh_install: + rm debian/tmp/usr/lib/*/libica.a + rm debian/tmp/usr/lib/*/libica.la + dh_install --list-missing + +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) +override_dh_auto_test: + cd src/tests && LD_LIBRARY_PATH=$(CURDIR)/src/.libs PATH=$(CURDIR)/src:$$PATH ./suite.run silent +endif diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/watch b/watch new file mode 100644 index 0000000..a93a4bc --- /dev/null +++ b/watch @@ -0,0 +1,2 @@ +version=3 +http://sf.net/opencryptoki/libica-(.+)\.tgz -- cgit v1.2.3