Upgrade package to libica 2.6.2

Please note ubuntu has been shipping 2.6.1-1 since 9th of March, thus only v2.6.2 changes are actually new.

Similar to previous upstream release 2.6.0 this point release breaks abi:

--- debian/libica2.symbols (libica2_2.6.2-1_s390x)
+++ dpkg-gensymbolsTLDHhr 2016-04-06 01:37:33.551495418 +0000
@@ -15,15 +15,15 @@
  ctr_inc_single@Base 2.5.0
  delete_all@Base 2.5.0
  des_switch@Base 2.5.0
- drbg_check_zmem@Base 2.6.1
+#MISSING: 2.6.2-1# drbg_check_zmem@Base 2.6.1
  drbg_generate@Base 2.6.1
  drbg_get_entropy_input@Base 2.6.1
  drbg_get_nonce@Base 2.6.1
  drbg_hash_df@Base 2.6.1
  drbg_health_test@Base 2.6.1
  drbg_instantiate@Base 2.6.1
- drbg_mech_valid@Base 2.6.1
- drbg_recursive_mutex_init@Base 2.6.1
+#MISSING: 2.6.2-1# drbg_mech_valid@Base 2.6.1
+#MISSING: 2.6.2-1# drbg_recursive_mutex_init@Base 2.6.1
  drbg_reseed@Base 2.6.1
  drbg_sha512_generate@Base 2.6.1
  drbg_sha512_generate_ppno@Base 2.6.1
@@ -34,7 +34,7 @@
  drbg_sha512_reseed_ppno@Base 2.6.1
  drbg_sha512_uninstantiate@Base 2.6.1
  drbg_uninstantiate@Base 2.6.1
- drbg_zmem@Base 2.6.1
+#MISSING: 2.6.2-1# drbg_zmem@Base 2.6.1
  end_sigill_section@Base 2.5.0
  generate_pkcs11_mech_list@Base 2.5.0
  get_next_usr@Base 2.5.0

The missing functions have been converted to be static inlines, thus breaking the library ABI.

Looking at the code changes, there is a lot of code refactor.
Is there a minimal patch of actual performance improvements?

I see a lot of variables moving about and getting assigned at declaration, and things simply renamed (s/LENGTH_FOO_HASH/FOO_HASH_LENGTH/). 16.04 is way past feature freeze to land code refactors which break library ABI.

------- Comment From <email address hidden> 2016-04-06 09:55 EDT-------
The API changes are only functions which where newly introduced with 2.6.0. There was never a libica 2.6.0 out in the public by Ubuntu and other distributions. So the API changes can't affect any existing code.

Anyway all these functions mentioned are not part of the official API. They are only used internal and not to be called by an application. They are not declared as static and thus visible from outside but are not part of the official API as it is declared in the ica_api.h. We are working on a better API model which should hide all these internal functions - but this will require a libica 3.x.

However, the differences between 2.6.1 and 2.6.2 are features/performance.
Nevertheless I'd like to see them in the very first ubuntu release as they give real benefit to the customer. On the other hand if you feel uncomfortable then leave libica on version 2.6.1 and ignore 2.6.2.

regards H.Freudenberger

2.6.0 was released publicly at https://sourceforge.net/projects/opencryptoki/files/libica/

The symbols removed in 2.6.2, were presented in 2.6.1 which is in Ubuntu and Debian today.

It is an abi break, to ship 2.6.2 I would have to change the soname to a debian specific one, that would be bad as shared code compiled on ubuntu/debian would then not link/run on other platforms and/or upstream builds.

16.04 had feature freeze in Februrary. If libica is so unstable and cannot maintain an abi, maybe we should not ship it all and wait for the 3.x release then?

The patch between 2.6.1 and 2.6.2 has a lot of noise which is not a clear performance regression bug fix. Thus falls out of scope. E.g:

- memcpy(&sha_context->shaHash, output_data, LENGTH_SHA_HASH);
+ memcpy(&sha_context->shaHash, output_data, SHA_HASH_LENGTH);

Cannot possibly be a performance improvement =)

If there is a clean patch, with just actual performance enhancement, without spurious refactors and wtihout breaking the ABI, it can be included. Otherwise, upstream need to make an abi breaking release and a new request for inclusion filed for the 16.10 release.

------- Comment From <email address hidden> 2016-04-08 07:23 EDT-------
OK, under this circumstances I would suggest to go with the libica version 2.6.1 for ubuntu 16.04. We will rework the performance improvements soon. Either without breaking the kabi or with bumping the major version.

------- Comment From <email address hidden> 2016-04-08 07:27 EDT-------
Due to the discussed problems, bugzilla will be closed. Performance fix will be addressed in a different way....

This bug was fixed in the package libica - 2.6.1-3

---------------
libica (2.6.1-3) unstable; urgency=medium

  * Cherry-pick upstream patch to stop reseeding global DRBG instance on
    every call. LP: #1608954
  * Cherry-pick ubuntu patches to skip icastats tests (fails)
  * Improve icastats test to pass the SW rng test
  * CHerry-pick ubuntu patch for a complete hw initialisation fix

 -- Dimitri John Ledkov <email address hidden> Mon, 22 Aug 2016 10:59:18 +0100