import openssl-ibmca-2.3.0-1.el9_1.1
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
bec385aa3b
commit
aef68a24e6
117
SOURCES/openssl-ibmca-2.3.0-provider-config.patch
Normal file
117
SOURCES/openssl-ibmca-2.3.0-provider-config.patch
Normal file
@ -0,0 +1,117 @@
|
|||||||
|
From 072e32bb199ff772148f1cbe0b2faadf9ab33c12 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Juergen Christ <jchrist@linux.ibm.com>
|
||||||
|
Date: Thu, 27 Oct 2022 16:13:01 +0200
|
||||||
|
Subject: [PATCH 1/2] provider: Fix configuration script
|
||||||
|
|
||||||
|
Small typo in the configuration script created an invalid configuration.
|
||||||
|
|
||||||
|
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
|
||||||
|
---
|
||||||
|
src/provider/ibmca-provider-opensslconfig | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/provider/ibmca-provider-opensslconfig b/src/provider/ibmca-provider-opensslconfig
|
||||||
|
index 21ed6f6..d45428e 100755
|
||||||
|
--- a/src/provider/ibmca-provider-opensslconfig
|
||||||
|
+++ b/src/provider/ibmca-provider-opensslconfig
|
||||||
|
@@ -83,7 +83,7 @@ sub generate()
|
||||||
|
}
|
||||||
|
if ($providersect && $line =~ /\[\s*$providersect\s*\]/) {
|
||||||
|
print $oh "ibmca_provider = ibmca_provider_section\n";
|
||||||
|
- print $oh # Make sure that you have configured and activated at least one other provider!\n";
|
||||||
|
+ print $oh "# Make sure that you have configured and activated at least one other provider!\n";
|
||||||
|
print "WARNING: The IBMCA provider was added to section [$providersect].\n";
|
||||||
|
print "Make sure that you have configured and activated at least one other provider, e.g. the default provider!\n";
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
||||||
|
|
||||||
|
From e90203dbc9bf0d9a4488af470adf11852860991a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Juergen Christ <jchrist@linux.ibm.com>
|
||||||
|
Date: Wed, 2 Nov 2022 14:29:35 +0100
|
||||||
|
Subject: [PATCH 2/2] provider: Fix order of providers in configuration
|
||||||
|
|
||||||
|
Since libica requires a provider that supports HMAC to be loaded and
|
||||||
|
available, fix the order of providers loaded by our sample configuration
|
||||||
|
generator. The "default" provider has to come first such that libica can do
|
||||||
|
the file integrity test with a HMAC provided by this provider when being
|
||||||
|
loaded via the ibmca provider.
|
||||||
|
|
||||||
|
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
|
||||||
|
---
|
||||||
|
src/provider/ibmca-provider-opensslconfig | 23 +++++++++++++++--------
|
||||||
|
1 file changed, 15 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/provider/ibmca-provider-opensslconfig b/src/provider/ibmca-provider-opensslconfig
|
||||||
|
index d45428e..d87fa8e 100755
|
||||||
|
--- a/src/provider/ibmca-provider-opensslconfig
|
||||||
|
+++ b/src/provider/ibmca-provider-opensslconfig
|
||||||
|
@@ -30,7 +30,7 @@ use warnings;
|
||||||
|
sub generate()
|
||||||
|
{
|
||||||
|
my ($osslconfpath);
|
||||||
|
- my ($ih, $line, $oh, $defaultcnfsect, $indefaultsect, $providersect);
|
||||||
|
+ my ($ih, $line, $oh, $defaultcnfsect, $indefaultsect, $providersect, $inprovidersect);
|
||||||
|
my ($inalgsect, $algsection);
|
||||||
|
|
||||||
|
$osslconfpath = `openssl version -d` || die "Please install openssl binary";
|
||||||
|
@@ -43,6 +43,7 @@ sub generate()
|
||||||
|
$defaultcnfsect = undef;
|
||||||
|
$indefaultsect = 0;
|
||||||
|
$providersect = undef;
|
||||||
|
+ $inprovidersect = 0;
|
||||||
|
while ($line = <$ih>) {
|
||||||
|
if ($line =~ /openssl_conf\s*=\s*(.*)/) {
|
||||||
|
$defaultcnfsect = $1;
|
||||||
|
@@ -67,13 +68,22 @@ sub generate()
|
||||||
|
} elsif ($inalgsect) {
|
||||||
|
if ($line =~ /\[\s*\w+\s*\]/) {
|
||||||
|
print $oh "default_properties = ?provider=ibmca\n";
|
||||||
|
+ $inalgsect = 0;
|
||||||
|
} elsif ($line =~ /^\s*default_properties\s*=\s*(\w+)\s*/) {
|
||||||
|
print $oh "default_properties = ?provider=ibmca\n";
|
||||||
|
print $oh "# The following was commented out by ibmca-provider-opensslconfig script\n";
|
||||||
|
print "WARNING: The default_properties in $algsection was modified by this script.\n";
|
||||||
|
$line = "# $line";
|
||||||
|
}
|
||||||
|
- }
|
||||||
|
+ } elsif ($inprovidersect) {
|
||||||
|
+ if ($line =~ /\[\s*\w+\s*\]/) {
|
||||||
|
+ $inprovidersect = 0;
|
||||||
|
+ print $oh "ibmca_provider = ibmca_provider_section\n";
|
||||||
|
+ print $oh "# Make sure that you have configured and activated at least one other provider!\n";
|
||||||
|
+ print "WARNING: The IBMCA provider was added to section [$providersect].\n";
|
||||||
|
+ print "Make sure that you have configured and activated at least one other provider, e.g. the default provider!\n";
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
print $oh "$line";
|
||||||
|
if ($defaultcnfsect && $line =~ /\[\s*$defaultcnfsect\s*\]/) {
|
||||||
|
$indefaultsect = 1;
|
||||||
|
@@ -81,11 +91,8 @@ sub generate()
|
||||||
|
if ($algsection && $line =~ /\[\s*$algsection\s*\]/) {
|
||||||
|
$inalgsect = 1;
|
||||||
|
}
|
||||||
|
- if ($providersect && $line =~ /\[\s*$providersect\s*\]/) {
|
||||||
|
- print $oh "ibmca_provider = ibmca_provider_section\n";
|
||||||
|
- print $oh "# Make sure that you have configured and activated at least one other provider!\n";
|
||||||
|
- print "WARNING: The IBMCA provider was added to section [$providersect].\n";
|
||||||
|
- print "Make sure that you have configured and activated at least one other provider, e.g. the default provider!\n";
|
||||||
|
+ if ($providersect && $line =~ /\[\s*$providersect\s*\]/) {
|
||||||
|
+ $inprovidersect = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -100,8 +107,8 @@ providers = provider_section
|
||||||
|
if (!$providersect) {
|
||||||
|
print $oh qq|
|
||||||
|
[provider_section]
|
||||||
|
-ibmca_provider = ibmca_provider_section
|
||||||
|
default = default_sect
|
||||||
|
+ibmca_provider = ibmca_provider_section
|
||||||
|
|
||||||
|
[default_sect]
|
||||||
|
activate = 1
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
||||||
@ -13,12 +13,15 @@
|
|||||||
Summary: A dynamic OpenSSL engine for IBMCA
|
Summary: A dynamic OpenSSL engine for IBMCA
|
||||||
Name: openssl-ibmca
|
Name: openssl-ibmca
|
||||||
Version: 2.3.0
|
Version: 2.3.0
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}.1
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: https://github.com/opencryptoki
|
URL: https://github.com/opencryptoki
|
||||||
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||||
# post GA fixes
|
# post GA fixes
|
||||||
Patch0: %{name}-%{version}-fixes.patch
|
Patch0: %{name}-%{version}-fixes.patch
|
||||||
|
# fix provider config script
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2160761
|
||||||
|
Patch1: %{name}-2.3.0-provider-config.patch
|
||||||
Requires: libica >= 4.0.0
|
Requires: libica >= 4.0.0
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -80,6 +83,10 @@ make check
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 18 2023 Dan Horák <dhorak@redhat.com> - 2.3.0-1.1
|
||||||
|
- fix provider config script (#2160761)
|
||||||
|
- Resolves: #2160761
|
||||||
|
|
||||||
* Thu May 19 2022 Dan Horák <dhorak@redhat.com> - 2.3.0-1
|
* Thu May 19 2022 Dan Horák <dhorak@redhat.com> - 2.3.0-1
|
||||||
- updated to 2.3.0 (#2044177)
|
- updated to 2.3.0 (#2044177)
|
||||||
- add provider for openssl 3.x (#2044185)
|
- add provider for openssl 3.x (#2044185)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user