- updated to 2.2.3

2022-03-21 17:28:10 +01:00 · 2022-03-21 17:28:10 +01:00 · 780e52e578
commit 780e52e578
parent 333e3d9cb8
3 changed files with 79 additions and 2 deletions
--- a/e59cce5af547cc4cbda2a1bce1eb2b89e959ae99.patch
+++ b/e59cce5af547cc4cbda2a1bce1eb2b89e959ae99.patch
@ -0,0 +1,72 @@
+From e59cce5af547cc4cbda2a1bce1eb2b89e959ae99 Mon Sep 17 00:00:00 2001
+From: Juergen Christ <jchrist@linux.ibm.com>
+Date: Mon, 21 Mar 2022 15:27:40 +0100
+Subject: [PATCH] Fix compilation for OpenSSL 3.0
+
+ECX_KEY structure as used by engine is not public API in OpenSSL 3.0 and
+should not be included via a private header.  This forced the engine to only
+compile if the OpenSSL 3.0 source tree is present.  While this might be the
+cleaner solution, we now copy out the defines to be used.  This makes the
+engine compile even without OpenSSL 3.0 source tree.
+
+Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
+---
+ src/engine/openssl-compat.h | 36 ++++++++++++++++++++++++++++--------
+ 1 file changed, 28 insertions(+), 8 deletions(-)
+
+diff --git a/src/openssl-compat.h b/src/openssl-compat.h
+index 0013365b..aae40dab 100644
+--- a/src/openssl-compat.h
+++ b/src/openssl-compat.h
+@@ -19,9 +19,36 @@
+ 
+ #include <openssl/opensslv.h>
+ 
+typedef enum {
+    ECX_KEY_TYPE_X25519,
+    ECX_KEY_TYPE_X448,
+    ECX_KEY_TYPE_ED25519,
+    ECX_KEY_TYPE_ED448
+} ECX_KEY_TYPE;
+
+ #ifdef OPENSSL_VERSION_PREREQ
+ /* This is 3.x */
+-#include <crypto/evp.h>
+
+#  define X25519_KEYLEN         32
+#  define X448_KEYLEN           56
+#  define ED25519_KEYLEN        32
+#  define ED448_KEYLEN          57
+
+#  define MAX_KEYLEN  ED448_KEYLEN
+
+typedef int CRYPTO_REF_COUNT;
+
+typedef struct ecx_key_st {
+    OSSL_LIB_CTX *libctx;
+    char *propq;
+    unsigned int haspubkey:1;
+    unsigned char pubkey[MAX_KEYLEN];
+    unsigned char *privkey;
+    size_t keylen;
+    ECX_KEY_TYPE type;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+} ECX_KEY;
+ 
+ static inline ECX_KEY *ossl_ecx_key_new_simple(ECX_KEY_TYPE type)
+ {
+@@ -94,13 +121,6 @@ typedef struct {
+     unsigned char *priv;
+ } ECX_KEY;
+ 
+-typedef enum {
+-    ECX_KEY_TYPE_X25519,
+-    ECX_KEY_TYPE_X448,
+-    ECX_KEY_TYPE_ED25519,
+-    ECX_KEY_TYPE_ED448
+-} ECX_KEY_TYPE;
+-
+ static inline ECX_KEY *ossl_ecx_key_new_simple(ECX_KEY_TYPE type)
+ {
+     return calloc(1, sizeof(ECX_KEY));
--- a/openssl-ibmca.spec
+++ b/openssl-ibmca.spec
@ -2,11 +2,13 @@

 Summary: A dynamic OpenSSL engine for IBMCA
 Name: openssl-ibmca
-Version: 2.2.2
+Version: 2.2.3
 Release: 1%{?dist}
 License: ASL 2.0
 URL: https://github.com/opencryptoki
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
+# fix build with openssl 3.0
+Patch0: https://github.com/opencryptoki/openssl-ibmca/commit/e59cce5af547cc4cbda2a1bce1eb2b89e959ae99.patch
 Requires: libica >= 4.0.0
 BuildRequires: make
 BuildRequires: gcc
@ -55,6 +57,9 @@ make check


 %changelog
+* Mon Mar 21 2022 Dan Horák <dan@danny.cz> - 2.2.3-1
+- updated to 2.2.3
+
 * Mon Jan 31 2022 Dan Horák <dan@danny.cz> - 2.2.2-1
 - updated to 2.2.2

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-ibmca-2.2.2.tar.gz) = c9f2ea35671b9d3915d561b3ce495d9ba8e29c2623f076f291c9165bd118585d023cd39310508cff32d4c8c0acb688b3ade59d5d59b20cb3ac98bc79017c1795
+SHA512 (openssl-ibmca-2.2.3.tar.gz) = aee69bc392d6656a52a228cebb3aa8f4a28c23ae56e90a910244dfa7571713e9a65912ac41118e8df96e8a0ae6e622ff4ebf45879a2b8f69051422f11999a6ac