Import from CS git
This commit is contained in:
		
							parent
							
								
									a2683fa0b9
								
							
						
					
					
						commit
						e3b8fd109f
					
				
							
								
								
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -1 +1 @@ | ||||
| SOURCES/openssl-ibmca-2.4.0.tar.gz | ||||
| SOURCES/openssl-ibmca-2.4.1.tar.gz | ||||
|  | ||||
| @ -1 +1 @@ | ||||
| d1361eec709c4b6d1760171ac077fa0d21f5a698 SOURCES/openssl-ibmca-2.4.0.tar.gz | ||||
| 8e7fc23ec2253da7d2b6e3181c80843253fcb68c SOURCES/openssl-ibmca-2.4.1.tar.gz | ||||
|  | ||||
| @ -1,40 +0,0 @@ | ||||
| From 3ea8f4ed58e075e097856437c0732e11771931d0 Mon Sep 17 00:00:00 2001 | ||||
| From: Ingo Franzki <ifranzki@linux.ibm.com> | ||||
| Date: Wed, 19 Apr 2023 10:07:01 +0200 | ||||
| Subject: [PATCH] engine: Only register those algos specified with | ||||
|  default_algorithms | ||||
| 
 | ||||
| As part of OpenSSL initialization, the engine(s) configured in the OpenSSL | ||||
| config file are loaded, and its algorithms (methods) are registered according | ||||
| to the default_algorithms setting. | ||||
| 
 | ||||
| However, later during initialization, ENGINE_register_all_complete() is called | ||||
| which unconditionally registered all algorithms (methods) of the loaded engines | ||||
| again, unless the engine flag ENGINE_FLAGS_NO_REGISTER_ALL is set. | ||||
| 
 | ||||
| Set the ENGINE_FLAGS_NO_REGISTER_ALL flag during IBMCA engine initialization | ||||
| to avoid unconditional registration of all algorithms. We only want to register | ||||
| algorithms specified in the default_algorithms configuration setting. | ||||
| 
 | ||||
| Note that if the default_algorithms setting is omitted in the OpenSSL config | ||||
| file, then no algorithms will be registered. | ||||
| 
 | ||||
| Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> | ||||
| ---
 | ||||
|  src/engine/e_ibmca.c | 3 +++ | ||||
|  1 file changed, 3 insertions(+) | ||||
| 
 | ||||
| diff --git a/src/engine/e_ibmca.c b/src/engine/e_ibmca.c
 | ||||
| index fe21897..6cbf745 100644
 | ||||
| --- a/src/engine/e_ibmca.c
 | ||||
| +++ b/src/engine/e_ibmca.c
 | ||||
| @@ -642,6 +642,9 @@ static int set_supported_meths(ENGINE *e)
 | ||||
|          if (!ENGINE_set_pkey_meths(e, ibmca_engine_pkey_meths)) | ||||
|              goto out; | ||||
|   | ||||
| +    if (!ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL))
 | ||||
| +        goto out;
 | ||||
| +
 | ||||
|      rc = 1; | ||||
|  out: | ||||
|      free(pmech_list); | ||||
| @ -2,15 +2,12 @@ | ||||
| 
 | ||||
| Summary: A dynamic OpenSSL engine for IBMCA | ||||
| Name: openssl-ibmca | ||||
| Version: 2.4.0 | ||||
| Release: 2%{?dist} | ||||
| Version: 2.4.1 | ||||
| Release: 1%{?dist} | ||||
| License: ASL 2.0 | ||||
| Group: System Environment/Libraries | ||||
| URL: https://github.com/opencryptoki | ||||
| Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz | ||||
| # https://bugzilla.redhat.com/show_bug.cgi?id=2221891 | ||||
| # https://github.com/opencryptoki/openssl-ibmca/commit/3ea8f4ed58e075e097856437c0732e11771931d0 | ||||
| Patch0: %{name}-2.4.0-engine-defaults.patch | ||||
| Requires: libica >= 3.8.0 | ||||
| BuildRequires: gcc | ||||
| BuildRequires: libica-devel >= 3.8.0 | ||||
| @ -58,6 +55,10 @@ make check | ||||
| 
 | ||||
| 
 | ||||
| %changelog | ||||
| * Fri Oct 27 2023 Dan Horák <dhorak[at]redhat.com> - 2.4.1-1 | ||||
| - updated to 2.4.1 (RHEL-11410) | ||||
| - Resolves: RHEL-11410 | ||||
| 
 | ||||
| * Wed Jul 12 2023 Dan Horák <dhorak@redhat.com> - 2.4.0-2 | ||||
| - engine: Only register those algos specified with default_algorithms (#2221891) | ||||
| - Resolves: #2221891 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user