- one more fix
This commit is contained in:
Dan Horák
parent
d89c4ad48e
commit
76acc0209e
@ -1,7 +1,7 @@
|
||||
From 2d9f0222076f6e243e68238c533b6bf0b6073138 Mon Sep 17 00:00:00 2001
|
||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Date: Mon, 17 Apr 2023 13:38:36 +0200
|
||||
Subject: [PATCH 1/5] configure: check for perl and perl-FindBin
|
||||
Subject: [PATCH 1/6] configure: check for perl and perl-FindBin
|
||||
|
||||
Perl as well as the perl module FindBin are required to run the IBMCA tests.
|
||||
Check for it during configuration and fail if it is not available.
|
||||
@ -43,7 +43,7 @@ index 39317c7..cea8ce8 100644
|
||||
From e8983a442f53e56e49c9143babeacb5c0206c1bd Mon Sep 17 00:00:00 2001
|
||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Date: Mon, 17 Apr 2023 13:43:59 +0200
|
||||
Subject: [PATCH 2/5] bootstrap: add --force option to autoreconf
|
||||
Subject: [PATCH 2/6] bootstrap: add --force option to autoreconf
|
||||
|
||||
Consider all files as obsolete and make all of them new.
|
||||
|
||||
@ -69,7 +69,7 @@ index 7800f7f..e60cda5 100755
|
||||
From 3ea8f4ed58e075e097856437c0732e11771931d0 Mon Sep 17 00:00:00 2001
|
||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Date: Wed, 19 Apr 2023 10:07:01 +0200
|
||||
Subject: [PATCH 3/5] engine: Only register those algos specified with
|
||||
Subject: [PATCH 3/6] engine: Only register those algos specified with
|
||||
default_algorithms
|
||||
|
||||
As part of OpenSSL initialization, the engine(s) configured in the OpenSSL
|
||||
@ -113,7 +113,7 @@ index fe21897..6cbf745 100644
|
||||
From f8a60b6678b1eb3ccadcb31f36bf7961ed8d5a9a Mon Sep 17 00:00:00 2001
|
||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Date: Tue, 25 Apr 2023 16:23:52 +0200
|
||||
Subject: [PATCH 4/5] provider: rsa: Check RSA keys with p < q at key
|
||||
Subject: [PATCH 4/6] provider: rsa: Check RSA keys with p < q at key
|
||||
generation and import
|
||||
|
||||
Since OpenSSL 3.0 the OpenSSL RSA key generation taking place within libica
|
||||
@ -174,7 +174,7 @@ index aabf9d2..f83d90a 100644
|
||||
From acba1d936bd84c7090ed7d3849b0bab3c7f18da0 Mon Sep 17 00:00:00 2001
|
||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Date: Fri, 7 Jul 2023 14:55:26 +0200
|
||||
Subject: [PATCH 5/5] provider: Support importing of RSA keys with just ME
|
||||
Subject: [PATCH 5/6] provider: Support importing of RSA keys with just ME
|
||||
components
|
||||
|
||||
RSA private keys may contain just CRT (p, q, dp, dq, qinv) or ME (d)
|
||||
@ -1199,3 +1199,43 @@ index cfc10a1..f7a0a91 100644
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 67efa9ad713e8283cb20111a15629f15a8ea8c86 Mon Sep 17 00:00:00 2001
|
||||
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Date: Tue, 25 Jul 2023 14:52:49 +0200
|
||||
Subject: [PATCH 6/6] provider: RSA: Fix get_params to retrieve max-size, bits,
|
||||
and security-bits
|
||||
|
||||
The RSA key management's get_params() function should be able to return the
|
||||
values for max-size, bits, and security-bits if at least the public key is
|
||||
available.
|
||||
|
||||
The detection whether the key is 'empty', i.e. has neither the public nor the
|
||||
private key components was wrong. This leads to the fact that those parameters
|
||||
were not returned when only the public key was available.
|
||||
|
||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
---
|
||||
src/provider/rsa_keymgmt.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/provider/rsa_keymgmt.c b/src/provider/rsa_keymgmt.c
|
||||
index 526f2aa..ce49c88 100644
|
||||
--- a/src/provider/rsa_keymgmt.c
|
||||
+++ b/src/provider/rsa_keymgmt.c
|
||||
@@ -1512,9 +1512,9 @@ static int ibmca_keymgmt_rsa_get_params(void *vkey, OSSL_PARAM params[])
|
||||
for (parm = params; parm != NULL && parm->key != NULL; parm++)
|
||||
ibmca_debug_key(key, "param: %s", parm->key);
|
||||
|
||||
- empty = (!ibmca_keymgmt_rsa_pub_valid(&key->rsa.public) ||
|
||||
- (!ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt) &&
|
||||
- !ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me)));
|
||||
+ empty = (!ibmca_keymgmt_rsa_pub_valid(&key->rsa.public) &&
|
||||
+ !ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt) &&
|
||||
+ !ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me));
|
||||
|
||||
if (!empty) {
|
||||
/* OSSL_PKEY_PARAM_BITS */
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
Summary: OpenSSL provider for IBMCA
|
||||
Name: openssl-ibmca
|
||||
Version: 2.4.0
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: Apache-2.0
|
||||
URL: https://github.com/opencryptoki
|
||||
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
@ -58,6 +58,9 @@ make check
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jul 26 2023 Dan Horák <dan@danny.cz> - 2.4.0-4
|
||||
- one more fix
|
||||
|
||||
* Wed Jul 26 2023 Dan Horák <dan@danny.cz> - 2.4.0-3
|
||||
- add post GA fixes
|
||||
- let provider log into /tmp
|
||||
|
||||
Loading…
Reference in New Issue
Block a user