- updated to 4.2.3 (RHEL-11411)
- fix selfcheck in FIPS mode (RHEL-14892) - Resolves: RHEL-11411 RHEL-14892
This commit is contained in:
parent
bd770c7d65
commit
778f847545
35
libica-4.2.3-fips.patch
Normal file
35
libica-4.2.3-fips.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From ee365a11a4acc667c7a726fbdc3447ba550309b6 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Tue, 10 Oct 2023 14:10:22 +0200
|
||||
Subject: [PATCH] fips: use openssl lib context in compute_file_hmac
|
||||
|
||||
Before calling any openssl EVP function, libica's own openssl lib ctx
|
||||
must be made the current one. This was missing in compute_file_hmac.
|
||||
|
||||
Suggested-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/fips.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/fips.c b/src/fips.c
|
||||
index f09dc77..3bbc325 100644
|
||||
--- a/src/fips.c
|
||||
+++ b/src/fips.c
|
||||
@@ -400,6 +400,8 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
|
||||
void *fdata = NULL;
|
||||
struct stat fdata_stat;
|
||||
|
||||
+ BEGIN_OPENSSL_LIBCTX(openssl_libctx, rc);
|
||||
+
|
||||
pkey = get_pkey();
|
||||
if (!pkey)
|
||||
goto end;
|
||||
@@ -438,6 +440,7 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
|
||||
OPENSSL_cleanse(tmp, sizeof(tmp));
|
||||
+ END_OPENSSL_LIBCTX(rc);
|
||||
|
||||
return rc;
|
||||
}
|
15
libica.spec
15
libica.spec
@ -4,8 +4,8 @@
|
||||
|
||||
Summary: Library for accessing ICA hardware crypto on IBM z Systems
|
||||
Name: libica
|
||||
Version: 4.2.2
|
||||
Release: 2%{?dist}
|
||||
Version: 4.2.3
|
||||
Release: 1%{?dist}
|
||||
License: CPL
|
||||
Group: System Environment/Libraries
|
||||
URL: https://github.com/opencryptoki/
|
||||
@ -17,9 +17,9 @@ Patch0: %{name}-4.0.1-annotate.patch
|
||||
# - reverted commit 4a3a77232ee85cf9f4eb7ac2d366b613013b9048
|
||||
# - partial revert of commit 56b9ac0669e4d204ecb3f23e5404c2351cca96a2
|
||||
Patch1: %{name}-4.1.1-revert-abi.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2223697
|
||||
# https://github.com/opencryptoki/libica/commit/f09f1d0b48f3bf541f1300716fa5bdbbbe80a4a1
|
||||
Patch2: %{name}-4.2.2-icastats-summary.patch
|
||||
# https://issues.redhat.com/browse/RHEL-14892
|
||||
# https//github.com/opencryptoki/libica/commit/ee365a11a4acc667c7a726fbdc3447ba550309b6
|
||||
Patch2: %{name}-4.2.3-fips.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: openssl
|
||||
BuildRequires: openssl-devel
|
||||
@ -110,6 +110,11 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Oct 27 2023 Dan Horák <dhorak@redhat.com> - 4.2.3-1
|
||||
- updated to 4.2.3 (RHEL-11411)
|
||||
- fix selfcheck in FIPS mode (RHEL-14892)
|
||||
- Resolves: RHEL-11411 RHEL-14892
|
||||
|
||||
* Wed Jul 19 2023 Dan Horák <dhorak@redhat.com> - 4.2.2-2
|
||||
- icastats: Fix summary option (#2223697)
|
||||
- Resolves: #2223697
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (libica-4.2.2.tar.gz) = 29dfe7b68017135867ebae162c2e0584711036b35611efe255c372497cfe69234ff8a7e9aa669ac467853423b7d700e690dd7cd340ab7c8d6119ea13729ff079
|
||||
SHA512 (libica-4.2.3.tar.gz) = c370151bfddf58f397932b294394e50db3f6c61a2114315ba3176b8aaeb34253561192c717ca01185371715e9f008fa0ceee8e7ffc559377a51a67f4d47ae035
|
||||
|
Loading…
Reference in New Issue
Block a user