Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libica4-openssl3-4.2.1-150500.3.3.9 RPM for s390x

From OpenSuSE Leap 15.6 for s390x

Name: libica4-openssl3 Distribution: SUSE Linux Enterprise 15
Version: 4.2.1 Vendor: SUSE LLC <>
Release: 150500.3.3.9 Build date: Sat Dec 2 13:07:27 2023
Group: System/Libraries Build host: s390zl34
Size: 446330 Source RPM: libica-openssl3-4.2.1-150500.3.3.9.src.rpm
Summary: Library interface for the IBM Cryptographic Accelerator

This package contains the interface library routines used by IBM
modules to interface with the IBM eServer Cryptographic Accelerator






* Fri Jun 23 2023
  - Rename the hmac files for the openssl3 flavor [bsc#1207472]
    * Add libica-openssl3.patch
    * Rebase libica-sles15sp5-FIPS-hmac-key.patch
* Tue Apr 25 2023
  - Add multibuild flavor to provide library compiled against openssl-3
* Fri Feb 17 2023
  - Upgrade to version 4.2.1 (jsc#PED-2872)
    - [PATCH] fix regression opening shared memory
* Mon Jan 16 2023
  - Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365).
    - [FEATURE] Display build info via icainfo -v
    - [FEATURE] New API function ica_get_build_version()
    - [FEATURE] Display fips indication via icainfo -f
    - [FEATURE] New API function ica_get_fips_indicator()
    - [FEATURE] New API function ica_aes_gcm_initialize_fips()
    - [FEATURE] New API function ica_aes_gcm_kma_get_iv()
    - [FEATURE] New API function ica_get_msa_level()
    - [PATCH] icainfo: check for malloc error when getting functionlist
* Tue Oct 11 2022
  - Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
    - [PATCH] Fix aes-xts multi-part operations
      [PATCH] Fix make dist
    - [FEATURE] FIPS: make libica FIPS 140-3 compliant
      [FEATURE] New API function ica_ecdsa_sign_ex()
      [FEATURE] New icainfo output option -r
    - [PATCH] Various bug fixes
  - Removed the following obsolete files:
* Mon Sep 12 2022
  - Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629)
    - [PATCH] Reduce the number of open file descriptors
    - [PATCH] Various bug fixes
    - [PATCH] Various bug fixes
    - [PATCH] Various bug fixes
    - [PATCH] Compute HMAC from installed library
    - [UPDATE] NO_SW_FALLBACKS is now the default for
      [UPDATE] Removed deprecated API functions including tests
      [UPDATE] Introduced 'const' for some API function parameters
      [FEATURE] icastats: new parm -k to display detailed counters
  - Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated
    version named libica-sles15sp5-FIPS-hmac-key.patch.
  - Updated the libica-rpmlintrc file to suppress warnings about the
    libica-cex hmac files being hidden.
  - Updated the spec file to properly both obsolete and provide two
    older versions of the package.
* Tue Oct 19 2021
  - Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564)
    - [FEATURE] Add support for OpenSSL 3.0
    - [FEATURE] icainfo: new parm -c to display available EC curves
  - Replaced the obsolete PreReq: %fillup_prereq
    with                  Requires(post): %fillup_prereq
    in the spec file.
* Mon Jun 07 2021
  - Update to version 3.8.0 (jsc#SLE-18334)
    - [FEATURE] provide libica-cex module to satisfy special security requirements
    - [FEATURE] FIPS: enforce the HMAC check
  - Remove upstreamed patches:
    - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
    - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
    - libica-sles15sp2-Zeroize-local-variables.patch
  - Remove patches obsoleted by upstrea developent:
    * FIPS: Find libica from phdrs.
    - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
    * FIPS: enforce the hmac check
    - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
  - Fix up tests and hmac generation
    + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
  - Remove obsolete attributes from filelists
* Fri Sep 18 2020
  - Upgraded to version 3.7.0 (jsc#SLE-13708)
    * Version 3.7.0
    - [FEATURE] FIPS: Add HMAC based library integrity check
    - [PATCH] icainfo: bugfix for RSA and EC related info for software column.
    - [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests
    - [PATCH] FIPS: Fix DES and TDES key length
    - [PATCH] icastats: Fix stats counter format
    * Version 3.6.1
    - [PATCH] Fix x25519 and x448 handling of non-canonical values
  - Removed the following obsolete patches
    * libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
    * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
    * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
    * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
    * libica-sles15sp2-Build-with-pthread-flag.patch
    * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
    * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
    * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
* Tue Sep 15 2020
  - Fix lack of SHA3 KATs in "make check" processing (bsc#1175277)
    * Added libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
    * Added libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
  - Fix FIPS hmac check (bsc#1175356).
    * Update FIPS support to upstream
    - Refresh libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
      from upstream.
    - Add libica-sles15sp2-Build-with-pthread-flag.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
    - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
    - Add libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
    * FIPS check should fail when hmac is missing
    - Add libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
    - Create an hmac for the selftest
    - Check that selftest fails without a hmac
    - Hash rather than
    * Fix hmac key format. It should be hexadecimal, not ASCII
    - Refresh libica-sles15sp2-FIPS-hmac-key.patch
  - Fix Some internal variables used to store sensitive information
    (keys) were not zeroized before returning to the calling application.
    * Added libica-sles15sp2-Zeroize-local-variables.patch
  - Updated libica-rpmlintrc to eliminate the warning about the HMAC file
    being a hidden file. It is supposed to be hidden.
* Thu May 07 2020
  - Added the following patches for FIPS certification (bsc#1162533)
    * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
    * libica-sles15sp2-FIPS-hmac-key.patch
  - Added a BuildRequires for the fipscheck package.
  - Made a couple of changes to the spec file based upon recommendations
    by spec-cleaner.
* Wed Apr 08 2020
  - Added the following patches for FIPS certification.
    * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
      (bsc#1166071) Although a DES key has only 56 effective bits,
      all 64 bits must be considered, because the parity bits are
      spread over all 8 bytes of the key.
    * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
      (bsc#1166210) FIPS tests require the output iv to be the iv
      resulting from decrypting the last block with a zero iv as input.
    * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
      (bsc#1166224) The output from icainfo never shows 'yes' for
      RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN,
      due to the missing ICA_FLAG_SW flag in the icaList.
* Thu Nov 14 2019
  - Added libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
* Tue Oct 15 2019
  - Upgraded to version 3.6.0 (jsc#SLE-7584)
    * [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448
* Fri Aug 30 2019
  - Upgraded to version 3.5.0 (Fate#327840)
    - [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify
  - Reworked how libica-tools loads and unloads kernel modules to
    avoid spurious error messages (bsc#1134004):
    * Converted the boot.z90crypt sysV init script to a systemd unit
    * Removed any references to insserv in the spec file.
    * Updated the z90crypt script itself to properly load and unload
    the kernel modules as they exist today.
    * Eliminated the obsolete libica-SuSE.tar.bz2 archive.
  - Updated the README.SUSE file to reflect the change from sysV init
    style script to systemd.
  - Made numerous changes to the spec file, based on the output from
    the spec-cleaner command.
* Wed Jul 24 2019
  - Run testsuite during build
* Thu Nov 15 2018
  - Upgraded to version 3.4.0 (Fate#325690)
    * v3.4.0
      [FEATURE] Add SHA-512/224 and SHA-512/256 support
  - Dropped obsolete patch Add-non-executable-gnu-stack-markings-in-the-assembl.patch
  - Made numerous updates to spec file based on spec-cleanup run.
* Wed Nov 14 2018
  - Upgraded to version 3.3.3 (Fate#325690)
    * v3.3.3
      [PATCH] Various bug fixes
    * v3.3.2
      [PATCH] Skip ECC tests if required HW is not available
      [PATCH] Update spec file
    * v3.3.1
      [PATCH] Fix to honour CFLAGS
    * v3.3.0
      [FEATURE] Add CEX supported elliptic-curve crypto interfaces
      [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces
      [FEATURE] Add interface to enable/disable SW fallbacks
      [FEATURE] Add 'make check' target, test-suite rework
    * v3.2.1
      [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG.
      [PATCH] Various bug fixes.
  - Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch
  - Removed COPYING from %files, since it is no longer in the tarball.
  - Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch
  - Made multiple changes to the spec file based on the output of
* Mon Oct 22 2018
  - Added "Obsoletes: libica-2_3_0" to the libica-tools package to
    fix a problem with upgrading from SLES12 SP2 to either SLES12
    SP3/SP4, or SLES15. (bsc#1112655)
* Tue Sep 11 2018
  - Added "Obsoletes: libica2" to the libica-tools package to fix
    a problem with upgrading from SLES12 SP2 to either SLES12
    SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638)
* Wed Apr 18 2018
  - Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756)
  - Updated boot.z90crypt script to fix a problem with the modprobe
    command not being found. (bsc#1040229).
  - Added "Recommends: libica-tools" (bsc#1046435).
* Thu Nov 23 2017
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Wed Oct 04 2017
  - Added "--enable-fips" to the %configure parms (Fate#324115)
* Fri Sep 22 2017
  - Upgraded to version 3.2 (Fate#321517)
    * v3.2.0
      [FEATURE] New AES-GCM interface.
      [UPDATE] Add symbol versioning.
    * v3.1.1
      [PATCH] Various bug fixes related to old and new AES-GCM implementations.
      [UPDATE] Add SHA3 test cases. Improved and extended test suite.
    * v3.1.0
      [FEATURE] Add KMA support for AES-GCM.
      [FEATURE] Add SHA-3 support.
      [PATCH] Reject RSA keys with invalid key-length.
      [PATCH] Allow zero output length for ica_random_number_generate.
      [PATCH] icastats: Correct owner of shared segment when root creates it.
    * Removed the following obsolete patches:
* Wed Sep 13 2017
  - libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567)
    - Added the following patches (bsc#1058567)
    - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    - libica-3.0.2-03-fix-aes-ctr.patch
    - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
* Thu Jun 01 2017
  - baselibs.conf doesn't need any additional provides/conflicts for
* Fri May 12 2017
  - Update baselibs.conf with proper name for library package name,
    stop providing/obsoleting libica-2_1_0/libica-2_3-0.
* Tue May 09 2017
  - Upgraded to version 3.0.2 (Fate#322025).
    - v3.0.2
    - Fix locking callbacks for openSSL APIs.
    - v3.0.1
    - Fixed msa level detection on zEC/BC12 GA1 and predecessors.
    - v3.0.0
    - Added FIPS mode.
    - Sanitized exported symbols.
    - Removed deprecated APIs. Marked some APIs as deprecated.
    - Adapted to OpenSSL v1.1.0.
    - RSA key generation is thread-safe now.
  - Removed the following obsolete patches:
    - fix-initialization-of-s390-hardware-switches-1.patch
    - fix-initialization-of-s390-hardware-switches-2.patch
    - fix-msa-level-detection.patch
    - fix-segfault-during-multithread-keygen.patch
    - rng-performance.patch
* Fri Mar 31 2017
  - Made the following packaging changes:
    - Implemented the shared library packaging guidelines.
    - Consolidated double invocation of %setup into just one.
    - Dropped redundant %ifarch, the package is already ExclusiveArch.
    - Updated descriptions.
  - Added an libica-rpmlintrc file.
* Wed Nov 30 2016
  - Added the following two patches:
    - fix-segfault-during-multithread-keygen.patch (bsc#991485)
    - fix-msa-level-detection.patch (bsc#1010927)
* Tue Aug 02 2016
  - Added rng-performance.patch (bsc#990850).
* Tue Jun 14 2016
  - Updated baselibs.conf to obsolete prior versions of the 32bit
    package. (bsc#983897):
    provides "libica-<targettype> = <version>"
    obsoletes "libica-<targettype> < <version>"
    provides "libica-2_1_0-<targettype> = <version>"
    obsoletes "libica-2_1_0-<targettype> < <version>"
    provides "libica-2_3_0-<targettype> = <version>"
    obsoletes "libica-2_3_0-<targettype> < <version>"
* Wed May 18 2016
  - Added fix-initialization-of-s390-hardware-switches-1.patch and
    fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548)
* Mon Feb 22 2016
  - Upgraded to version 2.6.2 (FATE#319610).
  - Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to
    naming standards.
  - Found the original location of the icaioctl.h file and downloaded
    it to replace what we had previously.
  - Removed the unnecessary file
  - Removed unnecessary Requires for glibc-devel
  - Added Requires libica2 to the -devel package
  - Converted call to configure to %configure macro
  - Removed obsolete and unnecessary INSROOT and bindir parameters
    from the make install command
* Fri Nov 06 2015
  - Add Provides/Obsoletes for libica-2_3_0 so that the package from
    SLE12 GA is replaced (bsc#953096).
* Wed Nov 04 2015
  - move the .so file to the mainpackage, the openssl-ibmca engine
    will only load "" (bsc#952871)
* Mon Aug 17 2015
  - Update to libica v2.4.2 (FATE#318035)
  - Removed outdated libica-aes_ccm-31-bit-compatibility.patch
  - Moved init script into libica-SuSE.tar.bz2 archive



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue May 21 23:57:58 2024