- Set proper key signature flag (#1075474)

openssl-ibmca-1.2.0-sha256-length.patch

@@ -1,6 +1,15 @@
-diff -up openssl-ibmca-1.2.0/e_ibmca.c.1074976 openssl-ibmca-1.2.0/e_ibmca.c
---- openssl-ibmca-1.2.0/e_ibmca.c.1074976	2014-03-12 16:17:01.662178599 +0100
-+++ openssl-ibmca-1.2.0/e_ibmca.c	2014-03-12 16:17:25.582178365 +0100
+commit f204aca935dfe45b736e9fb8f822c9e79ec9747c
+Author: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
+Date:   Fri Mar 7 10:35:33 2014 +0100
+
+    SHA256: Fixed message digest length definition in sha256 template
+    
+    Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
+
+diff --git a/e_ibmca.c b/e_ibmca.c
+index 94c44a4..f3fad35 100644
+--- a/e_ibmca.c
++++ b/e_ibmca.c
 @@ -727,7 +727,7 @@ static const EVP_MD ibmca_sha1 = {
  static const EVP_MD ibmca_sha256 = {
  	NID_sha256,

openssl-ibmca-1.2.0-signature-flag.patch

@@ -0,0 +1,31 @@
+commit 6cdca2c3d655ef19d022fb3d8bcbf63491b79db2
+Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
+Date:   Wed Mar 19 12:50:14 2014 -0500
+
+    Add flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE to EVP_MD so that signing method
+    comes from key type.
+    
+    Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
+
+diff --git a/e_ibmca.c b/e_ibmca.c
+index f3fad35..9353470 100644
+--- a/e_ibmca.c
++++ b/e_ibmca.c
+@@ -711,7 +711,7 @@ static const EVP_MD ibmca_sha1 = {
+ 	NID_sha1,
+ 	NID_sha1WithRSAEncryption,
+ 	SHA_HASH_LENGTH,
+-	0,
++	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+ 	ibmca_sha1_init,
+ 	ibmca_sha1_update,
+ 	ibmca_sha1_final,
+@@ -728,7 +728,7 @@ static const EVP_MD ibmca_sha256 = {
+ 	NID_sha256,
+ 	NID_sha256WithRSAEncryption,
+ 	SHA256_HASH_LENGTH,
+-	0,
++	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+ 	ibmca_sha256_init,
+ 	ibmca_sha256_update,
+ 	ibmca_sha256_final,

openssl-ibmca.spec

@@ -1,7 +1,7 @@
 Summary: A dynamic OpenSSL engine for IBMCA
 Name: openssl-ibmca
 Version: 1.2.0
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: OpenSSL
 Group: System Environment/Libraries
 URL: http://sourceforge.net/projects/opencryptoki
@@ -11,8 +11,9 @@ Patch0: openssl-ibmca-1.2.0-libica-soname.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=749638
 Patch1: openssl-ibmca-1.2.0-ofb.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1074976
-# https://sourceforge.net/p/opencryptoki/ibmca/ci/f204aca935dfe45b736e9fb8f822c9e79ec9747c/
 Patch2: openssl-ibmca-1.2.0-sha256-length.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1075474
+Patch3: openssl-ibmca-1.2.0-signature-flag.patch
 Requires: libica >= 2.1.0
 BuildRequires: libica-devel >= 2.1.0
 BuildRequires: automake libtool
@@ -27,6 +28,7 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM zSeries machines.
 %patch0 -p1 -b .libica-soname
 %patch1 -p0 -b .ofb
 %patch2 -p1 -b .1074976
+%patch3 -p1 -b .1075474
 
 sh ./bootstrap.sh
 
@@ -51,6 +53,9 @@ mv openssl.cnf.sample openssl.cnf.sample.%{_arch}
 
 
 %changelog
+* Wed Mar 19 2014 Dan Horák <dan[at]danny.cz - 1.2.0-8
+- Set proper key signature flag (#1075474)
+
 * Fri Mar 14 2014 Dan Horák <dan[at]danny.cz - 1.2.0-7
 - Fix multilib conflict in sample config file (#1076423)
 - Fixed message digest length definition in sha256 template (#1074976)