- one more fix
This commit is contained in:
Dan Horák
parent
d89c4ad48e
commit
76acc0209e
@ -1,7 +1,7 @@
|
|||||||
From 2d9f0222076f6e243e68238c533b6bf0b6073138 Mon Sep 17 00:00:00 2001
|
From 2d9f0222076f6e243e68238c533b6bf0b6073138 Mon Sep 17 00:00:00 2001
|
||||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
Date: Mon, 17 Apr 2023 13:38:36 +0200
|
Date: Mon, 17 Apr 2023 13:38:36 +0200
|
||||||
Subject: [PATCH 1/5] configure: check for perl and perl-FindBin
|
Subject: [PATCH 1/6] configure: check for perl and perl-FindBin
|
||||||
|
|
||||||
Perl as well as the perl module FindBin are required to run the IBMCA tests.
|
Perl as well as the perl module FindBin are required to run the IBMCA tests.
|
||||||
Check for it during configuration and fail if it is not available.
|
Check for it during configuration and fail if it is not available.
|
||||||
@ -43,7 +43,7 @@ index 39317c7..cea8ce8 100644
|
|||||||
From e8983a442f53e56e49c9143babeacb5c0206c1bd Mon Sep 17 00:00:00 2001
|
From e8983a442f53e56e49c9143babeacb5c0206c1bd Mon Sep 17 00:00:00 2001
|
||||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
Date: Mon, 17 Apr 2023 13:43:59 +0200
|
Date: Mon, 17 Apr 2023 13:43:59 +0200
|
||||||
Subject: [PATCH 2/5] bootstrap: add --force option to autoreconf
|
Subject: [PATCH 2/6] bootstrap: add --force option to autoreconf
|
||||||
|
|
||||||
Consider all files as obsolete and make all of them new.
|
Consider all files as obsolete and make all of them new.
|
||||||
|
|
||||||
@ -69,7 +69,7 @@ index 7800f7f..e60cda5 100755
|
|||||||
From 3ea8f4ed58e075e097856437c0732e11771931d0 Mon Sep 17 00:00:00 2001
|
From 3ea8f4ed58e075e097856437c0732e11771931d0 Mon Sep 17 00:00:00 2001
|
||||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
Date: Wed, 19 Apr 2023 10:07:01 +0200
|
Date: Wed, 19 Apr 2023 10:07:01 +0200
|
||||||
Subject: [PATCH 3/5] engine: Only register those algos specified with
|
Subject: [PATCH 3/6] engine: Only register those algos specified with
|
||||||
default_algorithms
|
default_algorithms
|
||||||
|
|
||||||
As part of OpenSSL initialization, the engine(s) configured in the OpenSSL
|
As part of OpenSSL initialization, the engine(s) configured in the OpenSSL
|
||||||
@ -113,7 +113,7 @@ index fe21897..6cbf745 100644
|
|||||||
From f8a60b6678b1eb3ccadcb31f36bf7961ed8d5a9a Mon Sep 17 00:00:00 2001
|
From f8a60b6678b1eb3ccadcb31f36bf7961ed8d5a9a Mon Sep 17 00:00:00 2001
|
||||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
Date: Tue, 25 Apr 2023 16:23:52 +0200
|
Date: Tue, 25 Apr 2023 16:23:52 +0200
|
||||||
Subject: [PATCH 4/5] provider: rsa: Check RSA keys with p < q at key
|
Subject: [PATCH 4/6] provider: rsa: Check RSA keys with p < q at key
|
||||||
generation and import
|
generation and import
|
||||||
|
|
||||||
Since OpenSSL 3.0 the OpenSSL RSA key generation taking place within libica
|
Since OpenSSL 3.0 the OpenSSL RSA key generation taking place within libica
|
||||||
@ -174,7 +174,7 @@ index aabf9d2..f83d90a 100644
|
|||||||
From acba1d936bd84c7090ed7d3849b0bab3c7f18da0 Mon Sep 17 00:00:00 2001
|
From acba1d936bd84c7090ed7d3849b0bab3c7f18da0 Mon Sep 17 00:00:00 2001
|
||||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
Date: Fri, 7 Jul 2023 14:55:26 +0200
|
Date: Fri, 7 Jul 2023 14:55:26 +0200
|
||||||
Subject: [PATCH 5/5] provider: Support importing of RSA keys with just ME
|
Subject: [PATCH 5/6] provider: Support importing of RSA keys with just ME
|
||||||
components
|
components
|
||||||
|
|
||||||
RSA private keys may contain just CRT (p, q, dp, dq, qinv) or ME (d)
|
RSA private keys may contain just CRT (p, q, dp, dq, qinv) or ME (d)
|
||||||
@ -1199,3 +1199,43 @@ index cfc10a1..f7a0a91 100644
|
|||||||
--
|
--
|
||||||
2.41.0
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
|
From 67efa9ad713e8283cb20111a15629f15a8ea8c86 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Date: Tue, 25 Jul 2023 14:52:49 +0200
|
||||||
|
Subject: [PATCH 6/6] provider: RSA: Fix get_params to retrieve max-size, bits,
|
||||||
|
and security-bits
|
||||||
|
|
||||||
|
The RSA key management's get_params() function should be able to return the
|
||||||
|
values for max-size, bits, and security-bits if at least the public key is
|
||||||
|
available.
|
||||||
|
|
||||||
|
The detection whether the key is 'empty', i.e. has neither the public nor the
|
||||||
|
private key components was wrong. This leads to the fact that those parameters
|
||||||
|
were not returned when only the public key was available.
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
---
|
||||||
|
src/provider/rsa_keymgmt.c | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/provider/rsa_keymgmt.c b/src/provider/rsa_keymgmt.c
|
||||||
|
index 526f2aa..ce49c88 100644
|
||||||
|
--- a/src/provider/rsa_keymgmt.c
|
||||||
|
+++ b/src/provider/rsa_keymgmt.c
|
||||||
|
@@ -1512,9 +1512,9 @@ static int ibmca_keymgmt_rsa_get_params(void *vkey, OSSL_PARAM params[])
|
||||||
|
for (parm = params; parm != NULL && parm->key != NULL; parm++)
|
||||||
|
ibmca_debug_key(key, "param: %s", parm->key);
|
||||||
|
|
||||||
|
- empty = (!ibmca_keymgmt_rsa_pub_valid(&key->rsa.public) ||
|
||||||
|
- (!ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt) &&
|
||||||
|
- !ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me)));
|
||||||
|
+ empty = (!ibmca_keymgmt_rsa_pub_valid(&key->rsa.public) &&
|
||||||
|
+ !ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt) &&
|
||||||
|
+ !ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me));
|
||||||
|
|
||||||
|
if (!empty) {
|
||||||
|
/* OSSL_PKEY_PARAM_BITS */
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
Summary: OpenSSL provider for IBMCA
|
Summary: OpenSSL provider for IBMCA
|
||||||
Name: openssl-ibmca
|
Name: openssl-ibmca
|
||||||
Version: 2.4.0
|
Version: 2.4.0
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
URL: https://github.com/opencryptoki
|
URL: https://github.com/opencryptoki
|
||||||
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||||
@ -58,6 +58,9 @@ make check
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 26 2023 Dan Horák <dan@danny.cz> - 2.4.0-4
|
||||||
|
- one more fix
|
||||||
|
|
||||||
* Wed Jul 26 2023 Dan Horák <dan@danny.cz> - 2.4.0-3
|
* Wed Jul 26 2023 Dan Horák <dan@danny.cz> - 2.4.0-3
|
||||||
- add post GA fixes
|
- add post GA fixes
|
||||||
- let provider log into /tmp
|
- let provider log into /tmp
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user