OpenSSL engine that uses the libica library under s390x to accelerate cryptographic operations.
The build requirements are:
- openssl-devel >= 0.9.8
- libica-devel >= 3.3.0
- autoconf
- automake
- libtool
The runtime requirements are:
- openssl >= 0.9.8
- libica >= 3.3.0
$ ./configure [--enable-debug]
$ make
$ sudo make install
This will configure, build and install the package in a default location,
which is /usr/local/lib. It means that the ibmca.so will be installed in
/usr/local/lib/ibmca.so by default. If you want to install it anywhere
else, run "configure" passing the new location via prefix argument, for
example:
$ ./configure --prefix=/usr --libdir=/usr/lib64/openssl/engines
Apps with compiled-in OpenSSL config support can enable the engine via
an OpenSSL configuration file. Refer to config(5). A sample OpenSSL
configuration file (openssl.cnf.sample) is included in this package.
If the engine is configured properly, the command below should return the IBMCA engine and all the supported cryptographic methods.
$ openssl engine -c
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
[RAND, DES-ECB, DES-CBC, DES-OFB, DES-CFB, DES-EDE3, DES-EDE3-CBC, DES-EDE3-OFB,
DES-EDE3-CFB, AES-128-ECB, AES-192-ECB, AES-256-ECB, AES-128-CBC, AES-192-CBC,
AES-256-CBC, AES-128-OFB, AES-192-OFB, AES-256-OFB, AES-128-CFB, AES-192-CFB,
AES-256-CFB, id-aes128-GCM, id-aes192-GCM, id-aes256-GCM, SHA1, SHA256, SHA512]
$
To report a bug please submit a ticket including the following information in the issue description:
- bug description
- distro release
- openssl-ibmca package version
- libica package version
- steps to reproduce the bug
Regarding technical or usage questions, send email to opencryptoki-tech or opencryptoki-users mailing list respectively.
The ibmca engine's cipher and digest implementations do not support the processing of messages in arbitrary chunk sizes. All chunks, except the final one, are required to be a multiple of the primitive's block size.
See CONTRIBUTING.md.