rpms/openssl-ibmca
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- updated to 2.4.1 (RHEL-11410)

Browse Source 
- Resolves: RHEL-11410
This commit is contained in:
Dan Horák 2023-10-27 15:45:50 +02:00
parent 687eb1ae32
commit 2d24368848
3 changed files with 7 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
openssl-ibmca-2.4.0-engine-defaults.patch
View File

@ -1,40 +0,0 @@
From 3ea8f4ed58e075e097856437c0732e11771931d0 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 19 Apr 2023 10:07:01 +0200
Subject: [PATCH] engine: Only register those algos specified with
default_algorithms
As part of OpenSSL initialization, the engine(s) configured in the OpenSSL
config file are loaded, and its algorithms (methods) are registered according
to the default_algorithms setting.
However, later during initialization, ENGINE_register_all_complete() is called
which unconditionally registered all algorithms (methods) of the loaded engines
again, unless the engine flag ENGINE_FLAGS_NO_REGISTER_ALL is set.
Set the ENGINE_FLAGS_NO_REGISTER_ALL flag during IBMCA engine initialization
to avoid unconditional registration of all algorithms. We only want to register
algorithms specified in the default_algorithms configuration setting.
Note that if the default_algorithms setting is omitted in the OpenSSL config
file, then no algorithms will be registered.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/engine/e_ibmca.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/engine/e_ibmca.c b/src/engine/e_ibmca.c
index fe21897..6cbf745 100644
--- a/src/engine/e_ibmca.c
+++ b/src/engine/e_ibmca.c
@@ -642,6 +642,9 @@ static int set_supported_meths(ENGINE *e)
if (!ENGINE_set_pkey_meths(e, ibmca_engine_pkey_meths))
goto out;
+ if (!ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL))
+ goto out;
+
rc = 1;
out:
free(pmech_list);

11
openssl-ibmca.spec
View File

@ -2,15 +2,12 @@
Summary: A dynamic OpenSSL engine for IBMCA Summary: A dynamic OpenSSL engine for IBMCA
Name: openssl-ibmca Name: openssl-ibmca
Version: 2.4.0 Version: 2.4.1
Release: 2%{?dist} Release: 1%{?dist}
License: ASL 2.0 License: ASL 2.0
Group: System Environment/Libraries Group: System Environment/Libraries
URL: https://github.com/opencryptoki URL: https://github.com/opencryptoki
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
# https://bugzilla.redhat.com/show_bug.cgi?id=2221891
# https://github.com/opencryptoki/openssl-ibmca/commit/3ea8f4ed58e075e097856437c0732e11771931d0
Patch0: %{name}-2.4.0-engine-defaults.patch
Requires: libica >= 3.8.0 Requires: libica >= 3.8.0
BuildRequires: gcc BuildRequires: gcc
BuildRequires: libica-devel >= 3.8.0 BuildRequires: libica-devel >= 3.8.0
@ -58,6 +55,10 @@ make check
%changelog %changelog
* Fri Oct 27 2023 Dan Horák <dhorak[at]redhat.com> - 2.4.1-1
- updated to 2.4.1 (RHEL-11410)
- Resolves: RHEL-11410
* Wed Jul 12 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-2 * Wed Jul 12 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-2
- engine: Only register those algos specified with default_algorithms (#2221891) - engine: Only register those algos specified with default_algorithms (#2221891)
- Resolves: #2221891 - Resolves: #2221891

2
sources
View File

@ -1 +1 @@
SHA512 (openssl-ibmca-2.4.0.tar.gz) = ec886a89e6537bcda5f40c96dd66a6b3e19563c006434e65e5da7b3bdf7526a1cca7b454d3da1df2455625ffd970a9093ca4a0c7deb5e32e69bed9575f20f811 SHA512 (openssl-ibmca-2.4.1.tar.gz) = e48b3fae04b0169001c52b1b959a855314f2e7314c6bd9df5ae31dc4a23525619ccca8c3465bad2966a63e32e3fe2c8f05ede84f8bf3d08386c7898d238331a6