Accepting request 390328 from security
1 OBS-URL: https://build.opensuse.org/request/show/390328 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=24
This commit is contained in:
parent
ca089ef5ad
commit
e49ce50354
@ -1,68 +0,0 @@
|
|||||||
commit 83b8ed7b25c809fa36ec86d7041a6350dc516606
|
|
||||||
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
|
||||||
Date: Wed Mar 19 15:57:10 2014 -0500
|
|
||||||
|
|
||||||
openssl-ibmca: openssl speed -engine ibmca -evp des-ede3-ofb segfaults
|
|
||||||
|
|
||||||
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
|
||||||
|
|
||||||
diff --git a/e_ibmca.c b/e_ibmca.c
|
|
||||||
index b1ad975..0acbe5f 100644
|
|
||||||
--- a/e_ibmca.c
|
|
||||||
+++ b/e_ibmca.c
|
|
||||||
@@ -883,8 +883,7 @@ typedef unsigned int (*ica_sha256_t)(unsigned int, unsigned int, unsigned char *
|
|
||||||
sha256_context_t *, unsigned char *);
|
|
||||||
typedef unsigned int (*ica_des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
|
|
||||||
unsigned long data_length, const unsigned char *key,
|
|
||||||
- unsigned int key_length, unsigned char *iv,
|
|
||||||
- unsigned int direction);
|
|
||||||
+ unsigned char *iv, unsigned int direction);
|
|
||||||
typedef unsigned int (*ica_des_cfb_t)(const unsigned char *in_data, unsigned char *out_data,
|
|
||||||
unsigned long data_length, const unsigned char *key,
|
|
||||||
unsigned char *iv, unsigned int lcfb,
|
|
||||||
@@ -894,8 +893,7 @@ typedef unsigned int (*ica_3des_cfb_t)(const unsigned char *, unsigned char *,
|
|
||||||
unsigned int, unsigned int);
|
|
||||||
typedef unsigned int (*ica_3des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
|
|
||||||
unsigned long data_length, const unsigned char *key,
|
|
||||||
- unsigned int key_length, unsigned char *iv,
|
|
||||||
- unsigned int direction);
|
|
||||||
+ unsigned char *iv, unsigned int direction);
|
|
||||||
typedef unsigned int (*ica_aes_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
|
|
||||||
unsigned long data_length, const unsigned char *key,
|
|
||||||
unsigned int key_length, unsigned char *iv,
|
|
||||||
@@ -1197,7 +1195,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
|
|
||||||
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
|
|
||||||
8, ICA_ENCRYPT);
|
|
||||||
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
|
||||||
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
|
|
||||||
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
|
|
||||||
ICA_ENCRYPT);
|
|
||||||
} else {
|
|
||||||
rv = p_ica_des_encrypt(mode, len, (unsigned char *)in,
|
|
||||||
@@ -1223,7 +1221,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
|
|
||||||
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
|
|
||||||
8, ICA_DECRYPT);
|
|
||||||
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
|
||||||
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
|
|
||||||
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
|
|
||||||
ICA_DECRYPT);
|
|
||||||
} else {
|
|
||||||
/* Protect against decrypt in place */
|
|
||||||
@@ -1279,7 +1277,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
|
|
||||||
ctx->iv, 8, ICA_ENCRYPT);
|
|
||||||
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
|
||||||
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
|
|
||||||
- 8, ctx->iv, ICA_ENCRYPT);
|
|
||||||
+ ctx->iv, ICA_ENCRYPT);
|
|
||||||
} else {
|
|
||||||
rv = p_ica_3des_encrypt(mode, len, (unsigned char *)in,
|
|
||||||
(ica_des_vector_t *) ctx->iv,
|
|
||||||
@@ -1305,7 +1303,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
|
|
||||||
ctx->iv, 8, ICA_DECRYPT);
|
|
||||||
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
|
||||||
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
|
|
||||||
- 8, ctx->iv, ICA_DECRYPT);
|
|
||||||
+ ctx->iv, ICA_DECRYPT);
|
|
||||||
} else {
|
|
||||||
/* Protect against decrypt in place */
|
|
||||||
/* FIXME: Again, check if EVP_CIPHER_CTX_iv_length() should be used */
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:d36363798e69e19b203126106f0e3f1a08626f96523994dd3c06adfe9c6d27ad
|
|
||||||
size 26525
|
|
3
openssl-ibmca-1.3.0.tar.bz2
Normal file
3
openssl-ibmca-1.3.0.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:cdc5387ab229cf3d74b88fd17b60562c8f76f57dfe70514a35ef243791bcdfb0
|
||||||
|
size 274900
|
@ -1,65 +0,0 @@
|
|||||||
--- README
|
|
||||||
+++ README
|
|
||||||
@@ -7,45 +7,28 @@
|
|
||||||
|
|
||||||
ABOUT
|
|
||||||
|
|
||||||
-This package contains the dynamic IBMCA engine.
|
|
||||||
+This package contains the dynamic IBMCA engine. Note that, as of
|
|
||||||
+OpenSSL version 0.9.8, the IBMCA engine is shipped as a dynamic engine
|
|
||||||
+in a separate RPM.
|
|
||||||
|
|
||||||
BUILDING
|
|
||||||
|
|
||||||
Requirements: OpenSSL 0.9.8, libICA
|
|
||||||
|
|
||||||
- By default, the build will assume that you have a custom openssl installed
|
|
||||||
-in /usr/local/ssl.
|
|
||||||
-
|
|
||||||
- $ configure [--enable-debug] [--with-openssl=/path/to/custom/openssl] \
|
|
||||||
- [--with-engines-dir=/path/to/openssl/engines/directory]
|
|
||||||
- $ make
|
|
||||||
- # make install
|
|
||||||
-
|
|
||||||
-Included in this package is a sample openssl.cnf file (openssl.cnf.sample),
|
|
||||||
-which can be used to turn on use of the IBMCA engine in apps where OpenSSL
|
|
||||||
-config support is compiled in. In order to enable the IBMCA engine, the
|
|
||||||
-content from this file should be concatenated to the existing openssl.cnf file
|
|
||||||
-on the host.
|
|
||||||
-
|
|
||||||
-During the build process, the path to the engines/ directory is substituted in
|
|
||||||
-for the dynamic_path parameter in the ibmca section. By default, this path to
|
|
||||||
-the engines/ directory is relative to the OpenSSL installation target. With no
|
|
||||||
-parameters passed to the ./configure script, this target is /usr/local/ssl,
|
|
||||||
-and so the default entry in the sample openssl.cnf file is:
|
|
||||||
-
|
|
||||||
-dynamic_path = /usr/local/ssl/lib/engines/libibmca.so
|
|
||||||
-
|
|
||||||
-If OpenSSL is installed to a different location, then the --with-openssl=
|
|
||||||
-option should be passed to the ./configure script. For instance, if
|
|
||||||
---with-openssl=/usr is given, then the entry in the sample openssl.cnf file
|
|
||||||
-is:
|
|
||||||
+Included in this package is a sample openssl.cnf file
|
|
||||||
+(openssl.cnf.sample), which can be used to enable use of the IBMCA
|
|
||||||
+engine in apps where OpenSSL config support is compiled in. In order
|
|
||||||
+to enable the IBMCA engine, the content from this file should be
|
|
||||||
+concatenated to the existing openssl.cnf file on the host.
|
|
||||||
+
|
|
||||||
+The path to the engines/ directory is /usr/lib/engines; the dynamic
|
|
||||||
+path to the IBMCA engine for 32-bit binary RPM installations should
|
|
||||||
+be:
|
|
||||||
|
|
||||||
dynamic_path = /usr/lib/engines/libibmca.so
|
|
||||||
|
|
||||||
-If the OpenSSL engines directory is located elsewhere, then that location must
|
|
||||||
-be specified in the --with-engines-dir= option. For instance, if the engines/
|
|
||||||
-directory is under /usr/lib64, then the ./configure script will need the
|
|
||||||
-option --with-engines-dir=/usr/lib64/engines, which will produce this entry in
|
|
||||||
-the sample openssl.cnf file:
|
|
||||||
+The dynamic path to the IBMCA engine for 64-bit binary RPM
|
|
||||||
+installations should be:
|
|
||||||
+
|
|
||||||
+dynamic_path = /usr/lib64/engines/libibmca.so
|
|
||||||
|
|
||||||
-dynamic_path = /usr/lib64/engines/libibmca.so
|
|
||||||
\ No newline at end of file
|
|
@ -1,11 +1,11 @@
|
|||||||
--- configure.in
|
--- configure 2016-03-31 18:07:02.238114067 -0400
|
||||||
+++ configure.in
|
+++ configure 2016-03-31 18:09:16.168114067 -0400
|
||||||
@@ -28,7 +28,7 @@
|
@@ -11511,7 +11511,7 @@
|
||||||
# libica is dlopened, so do not add it to LIBS
|
$as_echo_n "(cached) " >&6
|
||||||
save_LIBS=$LIBS
|
else
|
||||||
AC_CHECK_LIB(ica, ica_open_adapter, [], \
|
ac_check_lib_save_LIBS=$LIBS
|
||||||
- AC_MSG_ERROR([*** libica-2.x library not found]), [-lssl])
|
-LIBS="-lica $LIBS"
|
||||||
+ AC_MSG_ERROR([*** libica-2.x library not found]), [-lssl -lrt -lcrypto -lpthread])
|
+LIBS="-lica -lpthread $LIBS"
|
||||||
LIBS=$save_LIBS
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
# OpenSSL location
|
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
commit f204aca935dfe45b736e9fb8f822c9e79ec9747c
|
|
||||||
Author: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
|
|
||||||
Date: Fri Mar 7 10:35:33 2014 +0100
|
|
||||||
|
|
||||||
SHA256: Fixed message digest length definition in sha256 template
|
|
||||||
|
|
||||||
Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
|
|
||||||
Acked-by: John Jolly <jjolly@suse.de>
|
|
||||||
|
|
||||||
diff --git a/e_ibmca.c b/e_ibmca.c
|
|
||||||
index 94c44a4..f3fad35 100644
|
|
||||||
--- a/e_ibmca.c
|
|
||||||
+++ b/e_ibmca.c
|
|
||||||
@@ -727,7 +727,7 @@ static const EVP_MD ibmca_sha1 = {
|
|
||||||
static const EVP_MD ibmca_sha256 = {
|
|
||||||
NID_sha256,
|
|
||||||
NID_sha256WithRSAEncryption,
|
|
||||||
- SHA_HASH_LENGTH,
|
|
||||||
+ SHA256_HASH_LENGTH,
|
|
||||||
0,
|
|
||||||
ibmca_sha256_init,
|
|
||||||
ibmca_sha256_update,
|
|
@ -1,3 +1,41 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Apr 6 19:07:43 UTC 2016 - mpluskal@suse.com
|
||||||
|
|
||||||
|
- Use macro for configure
|
||||||
|
- Use url for source
|
||||||
|
- Enable parallel building
|
||||||
|
- Cleanup spec file with spec-cleaner
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 31 21:20:34 UTC 2016 - mpost@suse.com
|
||||||
|
|
||||||
|
- Upgraded to version 1.3.0 (fate#319941)
|
||||||
|
- Updated openssl-ibmca-configure.patch to apply cleanly
|
||||||
|
- Removed obsolete patches
|
||||||
|
- openssl-ibmca-README.patch
|
||||||
|
- openssl-ibmca-sha256-digest-length.patch
|
||||||
|
- openssl-pkey.patch
|
||||||
|
- openssl-des-ede.patch
|
||||||
|
- Did some spec file cleanup.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 21 20:53:02 UTC 2016 - jjolly@suse.com
|
||||||
|
|
||||||
|
- Fixed %post script to update library path (the only dynamic part
|
||||||
|
of the ibmca configuration) every time the package is installed.
|
||||||
|
(bsc#966139)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Oct 27 06:36:06 UTC 2015 - jjolly@suse.com
|
||||||
|
|
||||||
|
- Updated AUTHORS, INSTALL, and README (bsc#942839)
|
||||||
|
- %post and %postun added to properly update openssl.cnf (bsc#942839)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Oct 27 03:46:00 UTC 2015 - jjolly@suse.com
|
||||||
|
|
||||||
|
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Mar 8 17:15:03 UTC 2015 - p.drouand@gmail.com
|
Sun Mar 8 17:15:03 UTC 2015 - p.drouand@gmail.com
|
||||||
|
|
||||||
@ -7,6 +45,11 @@ Sun Mar 8 17:15:03 UTC 2015 - p.drouand@gmail.com
|
|||||||
- Use %configure macro
|
- Use %configure macro
|
||||||
- Add openssl-ibmca-configure.patch
|
- Add openssl-ibmca-configure.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 3 09:22:24 UTC 2014 - meissner@suse.com
|
||||||
|
|
||||||
|
- the openssl engines moved to /%_lib/engines bnc#905480
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 14 13:03:44 UTC 2014 - jjolly@suse.com
|
Thu Aug 14 13:03:44 UTC 2014 - jjolly@suse.com
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package openssl-ibmca
|
# spec file for package openssl-ibmca
|
||||||
#
|
#
|
||||||
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -17,29 +17,21 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: openssl-ibmca
|
Name: openssl-ibmca
|
||||||
BuildRequires: autoconf
|
Version: 1.3.0
|
||||||
BuildRequires: automake
|
Release: 0
|
||||||
BuildRequires: libica-2_3_0-devel
|
|
||||||
BuildRequires: libtool
|
|
||||||
BuildRequires: openssl-devel
|
|
||||||
Summary: The IBMCA OpenSSL dynamic engine
|
Summary: The IBMCA OpenSSL dynamic engine
|
||||||
License: IPL-1.0
|
License: IPL-1.0
|
||||||
Group: Hardware/Other
|
Group: Hardware/Other
|
||||||
Version: 1.2.0
|
|
||||||
Release: 0
|
|
||||||
Source: openssl-ibmca-1.2.0.tar.gz
|
|
||||||
Source2: baselibs.conf
|
|
||||||
Patch1: openssl-ibmca-README.patch
|
|
||||||
Patch2: openssl-ibmca-configure.patch
|
|
||||||
Patch3: openssl-ibmca-sha256-digest-length.patch
|
|
||||||
Patch4: openssl-pkey.patch
|
|
||||||
Patch5: openssl-des-ede.patch
|
|
||||||
Url: http://sourceforge.net/projects/opencryptoki
|
Url: http://sourceforge.net/projects/opencryptoki
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
Source: http://sourceforge.net/projects/opencryptoki/files/libica%%20OpenSSL%%20Engine/ibmca-%{version}/openssl-ibmca-%{version}.tar.bz2
|
||||||
Requires: libica-2_3_0
|
Source1: baselibs.conf
|
||||||
|
Patch1: openssl-ibmca-configure.patch
|
||||||
|
BuildRequires: libica2-devel >= 2.4.0
|
||||||
|
BuildRequires: openssl-devel
|
||||||
|
Requires: libica2 >= 2.4.0
|
||||||
Requires: openssl
|
Requires: openssl
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
ExclusiveArch: s390 s390x
|
ExclusiveArch: s390 s390x
|
||||||
#
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains a shared object OpenSSL dynamic engine for the
|
This package contains a shared object OpenSSL dynamic engine for the
|
||||||
@ -48,26 +40,71 @@ IBM eServer Cryptographic Accelerator (ICA).
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch1
|
%patch1
|
||||||
%patch2
|
|
||||||
%patch3 -p1
|
|
||||||
%patch4 -p1
|
|
||||||
%patch5 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf --force --install
|
export CFLAGS="%{optflags}"
|
||||||
%configure --with-engines-dir=%_libdir/engines --libdir=%_libdir/engines
|
export CPPFLAGS="%{optflags}"
|
||||||
make
|
%configure \
|
||||||
|
--libdir=/%{_lib}/engines
|
||||||
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%makeinstall
|
make %{?_smp_mflags} DESTDIR=%{buildroot} install
|
||||||
#(cd $RPM_BUILD_ROOT; libtool --finish ./%_libdir/engines)
|
rm %{buildroot}/%{_lib}/engines/libibmca.la
|
||||||
rm ${RPM_BUILD_ROOT}%{_libdir}/engines/libibmca.la
|
|
||||||
|
%post
|
||||||
|
#Original fix for bsc#942839 was to update on first install
|
||||||
|
#For bsc#966139 update if openssl_def not found
|
||||||
|
SSLCNF=%{_sysconfdir}/ssl/openssl.cnf
|
||||||
|
SSLSMP=%{_docdir}/${name}/openssl.cnf.sample
|
||||||
|
|
||||||
|
if [ -f ${SSLCNF} -a -f ${SSLSMP} ]; then
|
||||||
|
if grep '^openssl_conf[[:space:]]*=[[:space:]]*openssl_def$' ${SSLCNF} >/dev/null 2>&1; then
|
||||||
|
# Config already installed. Update library path if necessary
|
||||||
|
SECTSTART=$(grep -n '\[ibmca_section\]' ${SSLCNF} | head -n1 | cut -d':' -f1)
|
||||||
|
REPLINE=""
|
||||||
|
if [ "z${SECTSTART}" != "z" ]; then
|
||||||
|
REPLINE=$((SECTSTART - 1 + $(tail -n+${SECTSTART} ${SSLCNF} | grep -n 'dynamic_path' | head -n1 | cut -d':' -f1) ))
|
||||||
|
fi
|
||||||
|
if [ "z${REPLINE}" != "z" ]; then
|
||||||
|
head -n$((REPLINE - 1)) ${SSLCNF} > ${SSLCNF}.temp
|
||||||
|
grep 'dynamic_path' ${SSLSMP} >> ${SSLCNF}.temp
|
||||||
|
tail -n+$((REPLINE + 1)) ${SSLCNF} >> ${SSLCNF}.temp
|
||||||
|
mv ${SSLCNF}.temp ${SSLCNF}
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
CNFSZE=350 # Size in lines of original openssl.cnf
|
||||||
|
SMPSZE=46 # Size in lines of original sample config file
|
||||||
|
CNFINS=9 # Line number in openssl.cnf to insert new line
|
||||||
|
SMPUSE=11 # Line number in sample to copy from
|
||||||
|
if [ $(wc -l ${SSLCNF} | cut -d ' ' -f 1) -ne ${CNFSZE} ]; then
|
||||||
|
echo Original ${SSLCNF} incorrect size. Please manually update from ${SSLSMP}
|
||||||
|
elif [ $(wc -l ${SSLSMP} | cut -d ' ' -f 1) -ne ${SMPSZE} ]; then
|
||||||
|
echo Original ${SSLSMP} incorrect size. Please manually update to ${SSLCNF}
|
||||||
|
else
|
||||||
|
mv ${SSLCNF} ${SSLCNF}.orig
|
||||||
|
head -n ${CNFINS} ${SSLCNF}.orig > ${SSLCNF}
|
||||||
|
head -n ${SMPUSE} ${SSLSMP} | tail -n 1 >> ${SSLCNF}
|
||||||
|
tail -n $((CNFSZE - CNFINS)) ${SSLCNF}.orig >> ${SSLCNF}
|
||||||
|
head -n $((SMPUSE - 1)) ${SSLSMP} >> ${SSLCNF}
|
||||||
|
tail -n $((SMPSZE - SMPUSE)) ${SSLSMP} >> ${SSLCNF}
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
%postun
|
||||||
|
if [ $1 -eq 0 ]; then #last uninstall, modify %{_sysconfdir}/openssl.cnf (bsc#942839)
|
||||||
|
SSLCNF=%{_sysconfdir}/ssl/openssl.cnf
|
||||||
|
if [ -f ${SSLCNF}.orig ]; then
|
||||||
|
mv ${SSLCNF}.orig ${SSLCNF}
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-, root, root)
|
%defattr(-, root, root)
|
||||||
%doc README COPYING
|
%doc README COPYING
|
||||||
%doc openssl.cnf.sample
|
%doc src/openssl.cnf.sample
|
||||||
%dir %{_libdir}/engines
|
/%{_lib}/engines/libibmca.*
|
||||||
%{_libdir}/engines/libibmca.*
|
%{_mandir}/man5/ibmca.5%{ext_man}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
@ -1,31 +0,0 @@
|
|||||||
commit 6cdca2c3d655ef19d022fb3d8bcbf63491b79db2
|
|
||||||
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
|
||||||
Date: Wed Mar 19 12:50:14 2014 -0500
|
|
||||||
|
|
||||||
Add flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE to EVP_MD so that signing method
|
|
||||||
comes from key type.
|
|
||||||
|
|
||||||
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
|
||||||
|
|
||||||
diff --git a/e_ibmca.c b/e_ibmca.c
|
|
||||||
index f3fad35..9353470 100644
|
|
||||||
--- a/e_ibmca.c
|
|
||||||
+++ b/e_ibmca.c
|
|
||||||
@@ -711,7 +711,7 @@ static const EVP_MD ibmca_sha1 = {
|
|
||||||
NID_sha1,
|
|
||||||
NID_sha1WithRSAEncryption,
|
|
||||||
SHA_HASH_LENGTH,
|
|
||||||
- 0,
|
|
||||||
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
|
|
||||||
ibmca_sha1_init,
|
|
||||||
ibmca_sha1_update,
|
|
||||||
ibmca_sha1_final,
|
|
||||||
@@ -728,7 +728,7 @@ static const EVP_MD ibmca_sha256 = {
|
|
||||||
NID_sha256,
|
|
||||||
NID_sha256WithRSAEncryption,
|
|
||||||
SHA256_HASH_LENGTH,
|
|
||||||
- 0,
|
|
||||||
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
|
|
||||||
ibmca_sha256_init,
|
|
||||||
ibmca_sha256_update,
|
|
||||||
ibmca_sha256_final,
|
|
Loading…
Reference in New Issue
Block a user