From 780e52e57898934be14069c17acb71a8078e8075 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= Date: Mon, 21 Mar 2022 17:28:10 +0100 Subject: [PATCH] - updated to 2.2.3 --- ...ce5af547cc4cbda2a1bce1eb2b89e959ae99.patch | 72 +++++++++++++++++++ openssl-ibmca.spec | 7 +- sources | 2 +- 3 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 e59cce5af547cc4cbda2a1bce1eb2b89e959ae99.patch diff --git a/e59cce5af547cc4cbda2a1bce1eb2b89e959ae99.patch b/e59cce5af547cc4cbda2a1bce1eb2b89e959ae99.patch new file mode 100644 index 0000000..833311a --- /dev/null +++ b/e59cce5af547cc4cbda2a1bce1eb2b89e959ae99.patch @@ -0,0 +1,72 @@ +From e59cce5af547cc4cbda2a1bce1eb2b89e959ae99 Mon Sep 17 00:00:00 2001 +From: Juergen Christ +Date: Mon, 21 Mar 2022 15:27:40 +0100 +Subject: [PATCH] Fix compilation for OpenSSL 3.0 + +ECX_KEY structure as used by engine is not public API in OpenSSL 3.0 and +should not be included via a private header. This forced the engine to only +compile if the OpenSSL 3.0 source tree is present. While this might be the +cleaner solution, we now copy out the defines to be used. This makes the +engine compile even without OpenSSL 3.0 source tree. + +Signed-off-by: Juergen Christ +--- + src/engine/openssl-compat.h | 36 ++++++++++++++++++++++++++++-------- + 1 file changed, 28 insertions(+), 8 deletions(-) + +diff --git a/src/openssl-compat.h b/src/openssl-compat.h +index 0013365b..aae40dab 100644 +--- a/src/openssl-compat.h ++++ b/src/openssl-compat.h +@@ -19,9 +19,36 @@ + + #include + ++typedef enum { ++ ECX_KEY_TYPE_X25519, ++ ECX_KEY_TYPE_X448, ++ ECX_KEY_TYPE_ED25519, ++ ECX_KEY_TYPE_ED448 ++} ECX_KEY_TYPE; ++ + #ifdef OPENSSL_VERSION_PREREQ + /* This is 3.x */ +-#include ++ ++# define X25519_KEYLEN 32 ++# define X448_KEYLEN 56 ++# define ED25519_KEYLEN 32 ++# define ED448_KEYLEN 57 ++ ++# define MAX_KEYLEN ED448_KEYLEN ++ ++typedef int CRYPTO_REF_COUNT; ++ ++typedef struct ecx_key_st { ++ OSSL_LIB_CTX *libctx; ++ char *propq; ++ unsigned int haspubkey:1; ++ unsigned char pubkey[MAX_KEYLEN]; ++ unsigned char *privkey; ++ size_t keylen; ++ ECX_KEY_TYPE type; ++ CRYPTO_REF_COUNT references; ++ CRYPTO_RWLOCK *lock; ++} ECX_KEY; + + static inline ECX_KEY *ossl_ecx_key_new_simple(ECX_KEY_TYPE type) + { +@@ -94,13 +121,6 @@ typedef struct { + unsigned char *priv; + } ECX_KEY; + +-typedef enum { +- ECX_KEY_TYPE_X25519, +- ECX_KEY_TYPE_X448, +- ECX_KEY_TYPE_ED25519, +- ECX_KEY_TYPE_ED448 +-} ECX_KEY_TYPE; +- + static inline ECX_KEY *ossl_ecx_key_new_simple(ECX_KEY_TYPE type) + { + return calloc(1, sizeof(ECX_KEY)); diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec index a46d313..d76defa 100644 --- a/openssl-ibmca.spec +++ b/openssl-ibmca.spec @@ -2,11 +2,13 @@ Summary: A dynamic OpenSSL engine for IBMCA Name: openssl-ibmca -Version: 2.2.2 +Version: 2.2.3 Release: 1%{?dist} License: ASL 2.0 URL: https://github.com/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz +# fix build with openssl 3.0 +Patch0: https://github.com/opencryptoki/openssl-ibmca/commit/e59cce5af547cc4cbda2a1bce1eb2b89e959ae99.patch Requires: libica >= 4.0.0 BuildRequires: make BuildRequires: gcc @@ -55,6 +57,9 @@ make check %changelog +* Mon Mar 21 2022 Dan Horák - 2.2.3-1 +- updated to 2.2.3 + * Mon Jan 31 2022 Dan Horák - 2.2.2-1 - updated to 2.2.2 diff --git a/sources b/sources index 92008d0..933ff89 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-ibmca-2.2.2.tar.gz) = c9f2ea35671b9d3915d561b3ce495d9ba8e29c2623f076f291c9165bd118585d023cd39310508cff32d4c8c0acb688b3ade59d5d59b20cb3ac98bc79017c1795 +SHA512 (openssl-ibmca-2.2.3.tar.gz) = aee69bc392d6656a52a228cebb3aa8f4a28c23ae56e90a910244dfa7571713e9a65912ac41118e8df96e8a0ae6e622ff4ebf45879a2b8f69051422f11999a6ac