Ubuntu
openssl-ibmca package

[22.10 FEAT] openssl-ibmca: openSSL 3.0 provider (crypto)

Bug #1959763 reported by bugproxy on 2022-02-02

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu on IBM z Systems	Fix Released	High	Skipper Bug Screeners
	openssl-ibmca (Ubuntu)	Fix Released	High	Skipper Bug Screeners

Bug Description

openssl-ibmca: openSSL 3.0 provider (crypto)

Description:
openSSL 3.0 replaces the engine framework by a provider framework.
Therefore the ibmca engine needs to be converted into an ibmca provider.

Tags:

bugproxy (bugproxy) on 2022-02-02

tags:	added: architecture-s39064 bugnameltc-196296 severity-high targetmilestone-inin2204
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-02-02:

I guess a version newer than the current v2.2.2 will be made available?

affects:	linux (Ubuntu) → openssl-ibmca (Ubuntu)
Changed in ubuntu-z-systems:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in openssl-ibmca (Ubuntu):
importance:	Undecided → High
Changed in ubuntu-z-systems:
importance:	Undecided → High
Changed in openssl-ibmca (Ubuntu):
status:	New → Incomplete
Changed in ubuntu-z-systems:
status:	New → Incomplete

Revision history for this message

bugproxy (bugproxy) wrote on 2022-02-04: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2022-02-03 09:35 EDT-------
This might have a requirement for a to be created bugfix release of libica 4.0.1 (@Joerg Schmidbauer).
Do we need to request this for 22.04 also/separately?

------- Comment From <email address hidden> 2022-02-04 04:40 EDT-------
The Libica 4.0.1 bugfix release is available as of today.

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-03-21: Re: [22.04 FEAT] openssl-ibmca: openSSL 3.0 provider (crypto)

Since libica4 v4.0.1 in jammy:
libica4 | 4.0.1-0ubuntu1 | jammy/universe | s390x
is it sufficient to close this ticket, or is an openssl-ibmca patch needed on top?

Revision history for this message

bugproxy (bugproxy) wrote on 2022-03-21: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2022-03-21 04:21 EDT-------
The provider will be released in Version 2.3.0. The release was planned for last week, but we did not make it. Fingers crossed for this week...

Revision history for this message

bugproxy (bugproxy) wrote on 2022-07-27:

------- Comment From <email address hidden> 2022-07-26 21:12 EDT-------
Upstream in openssl-ibmca 2.3.0, see
https://github.com/opencryptoki/openssl-ibmca/releases/tag/v2.3.0

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-07-27: Re: [22.04 FEAT] openssl-ibmca: openSSL 3.0 provider (crypto)

We plan to add this to 22.10/kinetic by dumping the version to 2.3.0.

Changed in ubuntu-z-systems:
status:	Incomplete → New
Changed in openssl-ibmca (Ubuntu):
status:	Incomplete → New
summary:	- [22.04 FEAT] openssl-ibmca: openSSL 3.0 provider (crypto) + [22.10 FEAT] openssl-ibmca: openSSL 3.0 provider (crypto)

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-08-14:

debdiff openssl-ibmca kinetic from 2.2.3-0ubuntu1 to 2.3.0-0ubuntu1 Edit (1.4 MiB, text/plain)

There are quite some significant changes with the move from openssl-ibmca 2.2.3-0ubuntu1 to 2.3.0-0ubuntu1, since code and folder structure was restructured and in addition to the existing 'engine' also support for 'providers' added.
(For more details see the changelog).

A test package was build in PPA:
https://launchpad.net/~fheimes/+archive/ubuntu/lp1959763

The testsuite is executed as part of the package build:
https://launchpadlibrarian.net/618159494/buildlog_ubuntu-kinetic-s390x.openssl-ibmca_2.3.0-0ubuntu1_BUILDING.txt.gz
and the results are like expected, for the "engine":
"
Testsuite summary for openssl-ibmca 2.3.0
=========================================
# TOTAL: 34
# PASS: 26
# SKIP: 8
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
"
and for the (new) "provider":
"
Testsuite summary for openssl-ibmca 2.3.0
=========================================
# TOTAL: 13
# PASS: 10
# SKIP: 3
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
"

openssl-ibmca has no reverse dependencies.

Since the old openssl-ibmca version 2.2.3-0ubuntu1 has issues with the latest libica 4.0.3 (LP#1986437) (https://launchpadlibrarian.net/618094777/buildlog_ubuntu-kinetic-s390x.openssl-ibmca_2.2.3-0ubuntu2_BUILDING.txt.gz) and openssl, it's needed that this new and fixed openssl-ibmca version 2.3.0-0ubuntu1 should be updated with the new libica 4.0.3 (LP#1986437) at the same time.

Changed in openssl-ibmca (Ubuntu):
status:	New → In Progress
Changed in ubuntu-z-systems:
status:	New → In Progress
information type:	Private → Public

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-08-15:

new_debdiff_openssl-ibmca_kinetic_from_2.2.3-0ubuntu1_to_2.3.0-0ubuntu1.diff Edit (1.4 MiB, text/plain)

Since a patch for the provider/tests was made available and was brought upstream on very short notice (thx to Jürgen and Ingo), I'll use this:
https://github.com/opencryptoki/openssl-ibmca/commit/89b4e6f664b8ada4b14644859a18945f229fc5b4
instead of my workaround in debian/rules.

So please use this updated debdiff (notice the leading 'new_':
"new_debdiff_openssl-ibmca_kinetic_from_2.2.3-0ubuntu1_to_2.3.0-0ubuntu1.diff"

Revision history for this message

Simon Chopin (schopin) wrote on 2022-08-16:

Uploaded, thanks for your work :)

Changed in openssl-ibmca (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-08-16:

#10

This bug was fixed in the package openssl-ibmca - 2.3.0-0ubuntu1

---------------
openssl-ibmca (2.3.0-0ubuntu1) kinetic; urgency=medium

  * New upstream release. LP: #1959763
    - update d/p/openssl-config.patch
      since code moved from src to src/engine
    - update d/p/testconf-openssl3.patch
      since code moved from test to test/engine
      and context adjustment in test/engine/Makefile.am
    - remove d/p/e59cce5-Fix-compilation-for-OpenSSL-3.0.patch
      since this patch/commit is incl. in the new upstream version
    - due to the refactoring (engine/provider) path adjustments needed in
      d/rules and d/openssl-ibmca.install
    - add ibmca-provider-opensslconfig to
      d/rules and d/openssl-ibmca.install
    - modify d/rules to configure for engine and provider using full libica
    - expand d/examples with openssl.cnf.provider.sample
    - add d/p/lp-1959763-Adjust-to-new-libica.patch
      to be compliiant with latest libica
    - add d/p/lp-1959763-Support-tests-in-remote-builds.patch
      to make tests more decent
    - add d/p/lp-1959763-provider-Adapt-keymgmt_match-implementations.patch
      to adapt the provider's match functions
    - add d/p/lp-1959763-tests-skip-tests-if-libica-does-not-support.patch
      skip tests if unsupported by libica
    - add d/p/lp-1959763-Provider-Fix-parallel-test-runs.patch
      without this esp. the provider tests will not properly work

-- Frank Heimes <email address hidden> Fri, 05 Aug 2022 16:37:13 +0200

Changed in openssl-ibmca (Ubuntu):
status:	Fix Committed → Fix Released

Frank Heimes (fheimes) on 2022-08-16

Changed in ubuntu-z-systems:
status:	In Progress → Fix Released

bugproxy (bugproxy) on 2022-09-13

tags:

added: targetmilestone-inin2210
removed: targetmilestone-inin2204

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenssl-ibmca package

[22.10 FEAT] openssl-ibmca: openSSL 3.0 provider (crypto)

Bug Description

Other bug subscribers

Patches

Remote bug watches

Ubuntu
openssl-ibmca package