[Bug 2752] New: Allow syscalls for openssl engines on s390x
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Jul 29 05:59:54 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Bug ID: 2752
Summary: Allow syscalls for openssl engines on s390x
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: ebarretto at linux.vnet.ibm.com
Created attachment 3025
--> https://bugzilla.mindrot.org/attachment.cgi?id=3025&action=edit
tarball containing the 3 patches
This patchset allow syscalls (flock, ipc, getuid, geteuid and ioctl),
so
openssl engines, e.g. OpenSSL-ibmca and OpenSSL-ibmpkcs11, can work and
communicate with the crypto cards during ssh login and scp.
1. The flock and ipc are allowed only for s390 architecture. They are
needed for openCryptoki project (PKCS#11 implementation), as the
ibmpkcs11 engine makes use of openCryptoki.
For more information, please check here:
https://github.com/opencryptoki/opencryptoki
2. getuid and geteuid are allowed to any architecture as this is also
needed by the distros. libica and other crypto libraries use those
syscalls.
3. The ioctl is allowed when an specific argument is passed. This
argument
is from EP11 crypto card on s390 architecture.
For more information check here:
http://elixir.free-electrons.com/linux/latest/source/arch/s390/include/uapi/asm/zcrypt.h#L259
The patches were sent to the mailing list as well:
https://www.spinics.net/lists/openssh-unix-dev/msg04133.html
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list