[PATCH 0/3] Allow syscalls for openssl engines

Eduardo Barretto ebarretto at linux.vnet.ibm.com
Wed May 10 03:27:12 AEST 2017


This patchset allow syscalls (flock, ipc, getuid, geteuid and ioctl), so
openssl engines, e.g. OpenSSL-ibmca and OpenSSL-ibmpkcs11, can work and
communicate with the crypto cards during ssh login.

1. The flock and ipc are allowed only for s390 architecture. They are needed
for openCryptoki project (PKCS#11 implementation), as the ibmpkcs11 engine
makes use of openCryptoki.
For more information, please check here:
https://sourceforge.net/projects/opencryptoki/

2. getuid and geteuid are allowed to any architecture as this is also needed
by the distros. libica and other crypto libraries use those syscalls.

3. The ioctl is allowed when an specific argument is passed. This argument
is from EP11 crypto card on s390 architecture.
For more information check here:
http://elixir.free-electrons.com/linux/latest/source/arch/s390/include/uapi/asm/zcrypt.h#L259



More information about the openssh-unix-dev mailing list