[Bug 2752] New: Allow syscalls for openssl engines on s390x

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Jul 29 05:59:54 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2752

            Bug ID: 2752
           Summary: Allow syscalls for openssl engines on s390x
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ebarretto at linux.vnet.ibm.com

Created attachment 3025
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3025&action=edit
tarball containing the 3 patches

This patchset allow syscalls (flock, ipc, getuid, geteuid and ioctl),
so
openssl engines, e.g. OpenSSL-ibmca and OpenSSL-ibmpkcs11, can work and
communicate with the crypto cards during ssh login and scp.

1. The flock and ipc are allowed only for s390 architecture. They are
needed for openCryptoki project (PKCS#11 implementation), as the
ibmpkcs11 engine makes use of openCryptoki.
For more information, please check here:
https://github.com/opencryptoki/opencryptoki

2. getuid and geteuid are allowed to any architecture as this is also
needed by the distros. libica and other crypto libraries use those
syscalls.

3. The ioctl is allowed when an specific argument is passed. This
argument
is from EP11 crypto card on s390 architecture.
For more information check here:
http://elixir.free-electrons.com/linux/latest/source/arch/s390/include/uapi/asm/zcrypt.h#L259

The patches were sent to the mailing list as well:
https://www.spinics.net/lists/openssh-unix-dev/msg04133.html

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list