rpms/libica
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- updated to 4.2.3 (RHEL-11411)

Browse Source 
- fix selfcheck in FIPS mode (RHEL-14892)
- Resolves: RHEL-11411 RHEL-14892
This commit is contained in:
Dan Horák 2023-10-27 11:36:44 +02:00
parent bd770c7d65
commit 778f847545
3 changed files with 46 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
libica-4.2.3-fips.patch Normal file
View File

@ -0,0 +1,35 @@
From ee365a11a4acc667c7a726fbdc3447ba550309b6 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Tue, 10 Oct 2023 14:10:22 +0200
Subject: [PATCH] fips: use openssl lib context in compute_file_hmac
Before calling any openssl EVP function, libica's own openssl lib ctx
must be made the current one. This was missing in compute_file_hmac.
Suggested-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
src/fips.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/fips.c b/src/fips.c
index f09dc77..3bbc325 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -400,6 +400,8 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
void *fdata = NULL;
struct stat fdata_stat;
+ BEGIN_OPENSSL_LIBCTX(openssl_libctx, rc);
+
pkey = get_pkey();
if (!pkey)
goto end;
@@ -438,6 +440,7 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
EVP_MD_CTX_destroy(mdctx);
OPENSSL_cleanse(tmp, sizeof(tmp));
+ END_OPENSSL_LIBCTX(rc);
return rc;
}

15
libica.spec
View File

@ -4,8 +4,8 @@
Summary: Library for accessing ICA hardware crypto on IBM z Systems Summary: Library for accessing ICA hardware crypto on IBM z Systems
Name: libica Name: libica
Version: 4.2.2 Version: 4.2.3
Release: 2%{?dist} Release: 1%{?dist}
License: CPL License: CPL
Group: System Environment/Libraries Group: System Environment/Libraries
URL: https://github.com/opencryptoki/ URL: https://github.com/opencryptoki/
@ -17,9 +17,9 @@ Patch0: %{name}-4.0.1-annotate.patch
# - reverted commit 4a3a77232ee85cf9f4eb7ac2d366b613013b9048 # - reverted commit 4a3a77232ee85cf9f4eb7ac2d366b613013b9048
# - partial revert of commit 56b9ac0669e4d204ecb3f23e5404c2351cca96a2 # - partial revert of commit 56b9ac0669e4d204ecb3f23e5404c2351cca96a2
Patch1: %{name}-4.1.1-revert-abi.patch Patch1: %{name}-4.1.1-revert-abi.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2223697 # https://issues.redhat.com/browse/RHEL-14892
# https://github.com/opencryptoki/libica/commit/f09f1d0b48f3bf541f1300716fa5bdbbbe80a4a1 # https//github.com/opencryptoki/libica/commit/ee365a11a4acc667c7a726fbdc3447ba550309b6
Patch2: %{name}-4.2.2-icastats-summary.patch Patch2: %{name}-4.2.3-fips.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: openssl BuildRequires: openssl
BuildRequires: openssl-devel BuildRequires: openssl-devel
@ -110,6 +110,11 @@ fi
%changelog %changelog
* Fri Oct 27 2023 Dan Horák <dhorak@redhat.com> - 4.2.3-1
- updated to 4.2.3 (RHEL-11411)
- fix selfcheck in FIPS mode (RHEL-14892)
- Resolves: RHEL-11411 RHEL-14892
* Wed Jul 19 2023 Dan Horák <dhorak@redhat.com> - 4.2.2-2 * Wed Jul 19 2023 Dan Horák <dhorak@redhat.com> - 4.2.2-2
- icastats: Fix summary option (#2223697) - icastats: Fix summary option (#2223697)
- Resolves: #2223697 - Resolves: #2223697

2
sources
View File

@ -1 +1 @@
SHA512 (libica-4.2.2.tar.gz) = 29dfe7b68017135867ebae162c2e0584711036b35611efe255c372497cfe69234ff8a7e9aa669ac467853423b7d700e690dd7cd340ab7c8d6119ea13729ff079 SHA512 (libica-4.2.3.tar.gz) = c370151bfddf58f397932b294394e50db3f6c61a2114315ba3176b8aaeb34253561192c717ca01185371715e9f008fa0ceee8e7ffc559377a51a67f4d47ae035