rpms/openssl-ibmca
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Import from CS git

Browse Source
This commit is contained in:
eabdullin 2024-04-10 22:34:21 +03:00
parent a2683fa0b9
commit e3b8fd109f
4 changed files with 8 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/openssl-ibmca-2.4.0.tar.gz SOURCES/openssl-ibmca-2.4.1.tar.gz

2
.openssl-ibmca.metadata
View File

@ -1 +1 @@
d1361eec709c4b6d1760171ac077fa0d21f5a698 SOURCES/openssl-ibmca-2.4.0.tar.gz 8e7fc23ec2253da7d2b6e3181c80843253fcb68c SOURCES/openssl-ibmca-2.4.1.tar.gz

40
SOURCES/openssl-ibmca-2.4.0-engine-defaults.patch
View File

@ -1,40 +0,0 @@
From 3ea8f4ed58e075e097856437c0732e11771931d0 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 19 Apr 2023 10:07:01 +0200
Subject: [PATCH] engine: Only register those algos specified with
default_algorithms
As part of OpenSSL initialization, the engine(s) configured in the OpenSSL
config file are loaded, and its algorithms (methods) are registered according
to the default_algorithms setting.
However, later during initialization, ENGINE_register_all_complete() is called
which unconditionally registered all algorithms (methods) of the loaded engines
again, unless the engine flag ENGINE_FLAGS_NO_REGISTER_ALL is set.
Set the ENGINE_FLAGS_NO_REGISTER_ALL flag during IBMCA engine initialization
to avoid unconditional registration of all algorithms. We only want to register
algorithms specified in the default_algorithms configuration setting.
Note that if the default_algorithms setting is omitted in the OpenSSL config
file, then no algorithms will be registered.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
src/engine/e_ibmca.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/engine/e_ibmca.c b/src/engine/e_ibmca.c
index fe21897..6cbf745 100644
--- a/src/engine/e_ibmca.c
+++ b/src/engine/e_ibmca.c
@@ -642,6 +642,9 @@ static int set_supported_meths(ENGINE *e)
if (!ENGINE_set_pkey_meths(e, ibmca_engine_pkey_meths))
goto out;
+ if (!ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL))
+ goto out;
+
rc = 1;
out:
free(pmech_list);

11
SPECS/openssl-ibmca.spec
View File

@ -2,15 +2,12 @@
Summary: A dynamic OpenSSL engine for IBMCA Summary: A dynamic OpenSSL engine for IBMCA
Name: openssl-ibmca Name: openssl-ibmca
Version: 2.4.0 Version: 2.4.1
Release: 2%{?dist} Release: 1%{?dist}
License: ASL 2.0 License: ASL 2.0
Group: System Environment/Libraries Group: System Environment/Libraries
URL: https://github.com/opencryptoki URL: https://github.com/opencryptoki
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
# https://bugzilla.redhat.com/show_bug.cgi?id=2221891
# https://github.com/opencryptoki/openssl-ibmca/commit/3ea8f4ed58e075e097856437c0732e11771931d0
Patch0: %{name}-2.4.0-engine-defaults.patch
Requires: libica >= 3.8.0 Requires: libica >= 3.8.0
BuildRequires: gcc BuildRequires: gcc
BuildRequires: libica-devel >= 3.8.0 BuildRequires: libica-devel >= 3.8.0
@ -58,6 +55,10 @@ make check
%changelog %changelog
* Fri Oct 27 2023 Dan Horák <dhorak[at]redhat.com> - 2.4.1-1
- updated to 2.4.1 (RHEL-11410)
- Resolves: RHEL-11410
* Wed Jul 12 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-2 * Wed Jul 12 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-2
- engine: Only register those algos specified with default_algorithms (#2221891) - engine: Only register those algos specified with default_algorithms (#2221891)
- Resolves: #2221891 - Resolves: #2221891