forked from pool/openssl-ibmca
Accepting request 291316 from security
1 OBS-URL: https://build.opensuse.org/request/show/291316 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-ibmca?expand=0&rev=23
This commit is contained in:
parent
c1b4002565
commit
ca089ef5ad
@ -1,67 +0,0 @@
|
|||||||
--- openssl-ibmca-1.0.0-rc2/configure.in 2006/03/28 08:09:45 1.1
|
|
||||||
+++ openssl-ibmca-1.0.0-rc2/configure.in 2006/03/28 08:09:54
|
|
||||||
@@ -21,39 +21,16 @@
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
-OPENSSL_LIB_DIR="/usr/local/ssl/lib"
|
|
||||||
+# OpenSSL location
|
|
||||||
+AC_MSG_CHECKING([OpenSSL])
|
|
||||||
+AC_CHECK_LIB(crypto, RAND_add, [LIBCRYPTO="-lcrypto"], \
|
|
||||||
+ AC_MSG_ERROR([*** libcrypto not found]))
|
|
||||||
|
|
||||||
# libica
|
|
||||||
AC_MSG_CHECKING([libICA])
|
|
||||||
AC_CHECK_LIB(ica, icaOpenAdapter, [LIBICA="-lica"], \
|
|
||||||
- AC_MSG_ERROR([*** libICA not found]))
|
|
||||||
-
|
|
||||||
-# OpenSSL location
|
|
||||||
-AC_MSG_CHECKING([OpenSSL location])
|
|
||||||
-AC_ARG_WITH(openssl,
|
|
||||||
- [ --with-openssl=PATH Location of openssl libs/includes],
|
|
||||||
- [OPENSSL_INCLUDE_DIR="$withval/include"
|
|
||||||
- OPENSSL_LIB_DIR="$withval/lib"
|
|
||||||
- if [[ ! -d $OPENSSL_INCLUDE_DIR -o ! -d $OPENSSL_LIB_DIR ]]; then
|
|
||||||
- AC_MSG_ERROR([$OPENSSL_INCLUDE_DIR or $OPENSSL_LIB_DIR doen't exist!])
|
|
||||||
- else
|
|
||||||
- AC_MSG_RESULT([yes])
|
|
||||||
- CFLAGS="$CFLAGS -L$OPENSSL_LIB_DIR -I$OPENSSL_INCLUDE_DIR"
|
|
||||||
- fi],
|
|
||||||
- [AC_MSG_RESULT([no])
|
|
||||||
- AC_SUBST([OPENSSL_LIB_DIR], [/usr/local/ssl/lib])
|
|
||||||
- AC_SUBST([OPENSSL_INCLUDE_DIR], [/usr/local/ssl/include]) ] )
|
|
||||||
-
|
|
||||||
-# Is the library specified?
|
|
||||||
-AC_MSG_CHECKING([Engines library directory])
|
|
||||||
-AC_ARG_WITH(engines-dir,
|
|
||||||
- [ --with-engines-dir=PATH Location of OpenSSL engines],
|
|
||||||
- [OPENSSL_ENGINES_DIR="$withval/"],
|
|
||||||
- [AC_MSG_RESULT([no])
|
|
||||||
- AC_SUBST([OPENSSL_ENGINES_DIR], [$OPENSSL_LIB_DIR/engines])])
|
|
||||||
+ AC_MSG_ERROR([*** libICA not found]),-lssl)
|
|
||||||
|
|
||||||
-# for the correct install target
|
|
||||||
-libdir=$OPENSSL_ENGINES_DIR
|
|
||||||
|
|
||||||
AC_DISABLE_STATIC
|
|
||||||
AC_PROG_CC
|
|
||||||
@@ -61,6 +38,8 @@
|
|
||||||
|
|
||||||
CFLAGS="$CFLAGS -Wall"
|
|
||||||
AC_SUBST(CFLAGS)
|
|
||||||
+AC_SUBST(LIBCRYPTO)
|
|
||||||
+AC_SUBST(LIBICA)
|
|
||||||
|
|
||||||
AC_OUTPUT(Makefile openssl.cnf.sample)
|
|
||||||
|
|
||||||
--- openssl-ibmca-1.0.0-rc2/Makefile.am 2006/03/28 08:06:46 1.1
|
|
||||||
+++ openssl-ibmca-1.0.0-rc2/Makefile.am 2006/03/28 08:07:34
|
|
||||||
@@ -1,7 +1,4 @@
|
|
||||||
lib_LTLIBRARIES=libibmca.la
|
|
||||||
|
|
||||||
-libibmca_la_LIBADD=@OPENSSL_LIB_DIR@/libcrypto.a
|
|
||||||
-libibmca_la_LDFLAGS=-lc
|
|
||||||
-libibmca_la_CFLAGS=-I@OPENSSL_INCLUDE_DIR@
|
|
||||||
-AM_CFLAGS=-I@OPENSSL_INCLUDE_DIR@
|
|
||||||
+libibmca_la_LDFLAGS=@LIBICA@ @LIBCRYPTO@ -lc
|
|
||||||
libibmca_la_SOURCES=e_ibmca.c e_ibmca.h e_ibmca_err.c
|
|
@ -1,202 +0,0 @@
|
|||||||
Index: openssl-ibmca-1.0.0-rc2/e_ibmca.c
|
|
||||||
===================================================================
|
|
||||||
--- openssl-ibmca-1.0.0-rc2.orig/e_ibmca.c 2005-12-16 14:45:43.000000000 -0600
|
|
||||||
+++ openssl-ibmca-1.0.0-rc2/e_ibmca.c 2007-01-14 18:03:31.000000000 -0600
|
|
||||||
@@ -1582,133 +1582,92 @@
|
|
||||||
} // end ibmca_sha256_cleanup
|
|
||||||
#endif // OPENSSL_NO_SHA256
|
|
||||||
|
|
||||||
-static int ibmca_mod_exp(BIGNUM * r, const BIGNUM * a, const BIGNUM * p,
|
|
||||||
- const BIGNUM * m, BN_CTX * ctx)
|
|
||||||
+static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|
||||||
+ const BIGNUM *m, BN_CTX *ctx)
|
|
||||||
{
|
|
||||||
- /* I need somewhere to store temporary serialised values for
|
|
||||||
- * use with the Ibmca API calls. A neat cheat - I'll use
|
|
||||||
- * BIGNUMs from the BN_CTX but access their arrays directly as
|
|
||||||
- * byte arrays <grin>. This way I don't have to clean anything
|
|
||||||
- * up. */
|
|
||||||
-
|
|
||||||
- BIGNUM *argument = NULL;
|
|
||||||
- BIGNUM *result = NULL;
|
|
||||||
- BIGNUM *key = NULL;
|
|
||||||
- int to_return;
|
|
||||||
+ char *argument;
|
|
||||||
+ char *result;
|
|
||||||
+ char *key;
|
|
||||||
+ ICA_KEY_RSA_MODEXPO *pubkey;
|
|
||||||
int inLen, outLen, tmpLen;
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-
|
|
||||||
- ICA_KEY_RSA_MODEXPO *publKey = NULL;
|
|
||||||
unsigned int rc;
|
|
||||||
-
|
|
||||||
- to_return = 0; /* expect failure */
|
|
||||||
+ int to_return = 0; /* fail code set by default */
|
|
||||||
|
|
||||||
if (!ibmca_dso) {
|
|
||||||
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_NOT_LOADED);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
- /* Prepare the params */
|
|
||||||
- BN_CTX_start(ctx);
|
|
||||||
- argument = BN_CTX_get(ctx);
|
|
||||||
- result = BN_CTX_get(ctx);
|
|
||||||
- key = BN_CTX_get(ctx);
|
|
||||||
-
|
|
||||||
- if (!argument || !result || !key) {
|
|
||||||
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_BN_CTX_FULL);
|
|
||||||
- goto err;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
-
|
|
||||||
- if (!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||
|
|
||||||
- !bn_wexpand(key, sizeof(*publKey) / BN_BYTES)) {
|
|
||||||
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_BN_EXPAND_FAIL);
|
|
||||||
- goto err;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- publKey = (ICA_KEY_RSA_MODEXPO *) key->d;
|
|
||||||
-
|
|
||||||
- if (publKey == NULL) {
|
|
||||||
+ outLen = BN_num_bytes(m);
|
|
||||||
+ argument = malloc(outLen);
|
|
||||||
+ if (!argument) {
|
|
||||||
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_REQUEST_FAILED);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
- memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));
|
|
||||||
-
|
|
||||||
- publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE);
|
|
||||||
- publKey->keyLength =
|
|
||||||
- CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));
|
|
||||||
- publKey->expOffset =
|
|
||||||
- (char *) publKey->keyRecord - (char *) publKey;
|
|
||||||
-
|
|
||||||
- /* A quirk of the card: the exponent length has to be the same
|
|
||||||
- as the modulus (key) length */
|
|
||||||
-
|
|
||||||
- outLen = BN_num_bytes(m);
|
|
||||||
-
|
|
||||||
-/* check for modulus length SAB*/
|
|
||||||
- if (outLen > 256) {
|
|
||||||
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,
|
|
||||||
- IBMCA_R_MEXP_LENGTH_TO_LARGE);
|
|
||||||
+ result = malloc(outLen);
|
|
||||||
+ if (!result) {
|
|
||||||
+ free(argument);
|
|
||||||
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_REQUEST_FAILED);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
-/* check for modulus length SAB*/
|
|
||||||
-
|
|
||||||
-
|
|
||||||
- publKey->expLength = publKey->nLength = outLen;
|
|
||||||
-/* SAB Check for underflow condition
|
|
||||||
- the size of the exponent is less than the size of the parameter
|
|
||||||
- then we have a big problem and will underflow the keyRecord
|
|
||||||
- buffer. Bad stuff could happen then
|
|
||||||
-*/
|
|
||||||
- if (outLen < BN_num_bytes(p)) {
|
|
||||||
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,
|
|
||||||
- IBMCA_R_UNDERFLOW_KEYRECORD);
|
|
||||||
+ key = malloc(sizeof(*pubkey));
|
|
||||||
+ if (!key) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_REQUEST_FAILED);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
-/* SAB End check for underflow */
|
|
||||||
-
|
|
||||||
-
|
|
||||||
- BN_bn2bin(p, &publKey->keyRecord[publKey->expLength -
|
|
||||||
- BN_num_bytes(p)]);
|
|
||||||
- BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-
|
|
||||||
- publKey->modulusBitLength =
|
|
||||||
- CORRECT_ENDIANNESS(publKey->nLength * 8);
|
|
||||||
- publKey->nOffset =
|
|
||||||
- CORRECT_ENDIANNESS(publKey->expOffset + publKey->expLength);
|
|
||||||
-
|
|
||||||
- publKey->expOffset =
|
|
||||||
- CORRECT_ENDIANNESS((char *) publKey->keyRecord -
|
|
||||||
- (char *) publKey);
|
|
||||||
-
|
|
||||||
+ pubkey = (ICA_KEY_RSA_MODEXPO *)key;
|
|
||||||
+ memset(pubkey, 0, sizeof(*pubkey));
|
|
||||||
+ pubkey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE);
|
|
||||||
+ pubkey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));
|
|
||||||
+ pubkey->expOffset = (char *)pubkey->keyRecord - (char *)pubkey;
|
|
||||||
+#define IBMCA_MAX_EXP_LEN 256
|
|
||||||
+ if (outLen > IBMCA_MAX_EXP_LEN) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_MEXP_LENGTH_TO_LARGE);
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+ pubkey->expLength = pubkey->nLength = outLen;
|
|
||||||
+ if (outLen < BN_num_bytes(p)) { /* Key record underflow check */
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_UNDERFLOW_KEYRECORD);
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+ BN_bn2bin(p,
|
|
||||||
+ &pubkey->keyRecord[(pubkey->expLength - BN_num_bytes(p))]);
|
|
||||||
+ BN_bn2bin(m, &pubkey->keyRecord[pubkey->expLength]);
|
|
||||||
+ pubkey->modulusBitLength = CORRECT_ENDIANNESS((pubkey->nLength * 8));
|
|
||||||
+ pubkey->nOffset =
|
|
||||||
+ CORRECT_ENDIANNESS((pubkey->expOffset + pubkey->expLength));
|
|
||||||
+ pubkey->expOffset = CORRECT_ENDIANNESS(((char *)pubkey->keyRecord -
|
|
||||||
+ (char *)pubkey));
|
|
||||||
tmpLen = outLen;
|
|
||||||
- publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);
|
|
||||||
-
|
|
||||||
- /* Prepare the argument */
|
|
||||||
-
|
|
||||||
- memset(argument->d, 0, outLen);
|
|
||||||
- BN_bn2bin(a, (unsigned char *) argument->d + outLen -
|
|
||||||
- BN_num_bytes(a));
|
|
||||||
-
|
|
||||||
+ pubkey->expLength = pubkey->nLength = CORRECT_ENDIANNESS(tmpLen);
|
|
||||||
+ memset(argument, 0, outLen);
|
|
||||||
+ BN_bn2bin(a, ((unsigned char *)argument
|
|
||||||
+ + outLen
|
|
||||||
+ - BN_num_bytes(a)));
|
|
||||||
inLen = outLen;
|
|
||||||
-
|
|
||||||
- /* Perform the operation */
|
|
||||||
-
|
|
||||||
if ((rc = p_icaRsaModExpo(ibmca_handle, inLen,
|
|
||||||
- (unsigned char *) argument->d,
|
|
||||||
- publKey, &outLen,
|
|
||||||
- (unsigned char *) result->d)) != 0) {
|
|
||||||
+ (unsigned char *)argument,
|
|
||||||
+ pubkey, &outLen,
|
|
||||||
+ (unsigned char *)result)) != 0) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_REQUEST_FAILED);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
-
|
|
||||||
- /* Convert the response */
|
|
||||||
- BN_bin2bn((unsigned char *) result->d, outLen, r);
|
|
||||||
+ BN_bin2bn((unsigned char *)result, outLen, r);
|
|
||||||
to_return = 1;
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
err:
|
|
||||||
- BN_CTX_end(ctx);
|
|
||||||
return to_return;
|
|
||||||
}
|
|
||||||
|
|
@ -1,302 +0,0 @@
|
|||||||
Index: openssl-ibmca-1.0.0-rc2/e_ibmca.c
|
|
||||||
===================================================================
|
|
||||||
--- openssl-ibmca-1.0.0-rc2.orig/e_ibmca.c 2007-01-14 23:43:21.000000000 -0600
|
|
||||||
+++ openssl-ibmca-1.0.0-rc2/e_ibmca.c 2007-01-14 23:43:31.000000000 -0600
|
|
||||||
@@ -1711,95 +1711,78 @@
|
|
||||||
const BIGNUM * dmp1, const BIGNUM * dmq1,
|
|
||||||
const BIGNUM * iqmp, BN_CTX * ctx)
|
|
||||||
{
|
|
||||||
-
|
|
||||||
- BIGNUM *argument = NULL;
|
|
||||||
- BIGNUM *result = NULL;
|
|
||||||
- BIGNUM *key = NULL;
|
|
||||||
-
|
|
||||||
- int to_return = 0; /* expect failure */
|
|
||||||
-
|
|
||||||
- char *pkey = NULL;
|
|
||||||
- ICA_KEY_RSA_CRT *privKey = NULL;
|
|
||||||
+ char *argument;
|
|
||||||
+ char *result;
|
|
||||||
+ char *key;
|
|
||||||
+ unsigned char *pkey;
|
|
||||||
+ ICA_KEY_RSA_CRT *privkey;
|
|
||||||
int inLen, outLen;
|
|
||||||
-
|
|
||||||
int rc;
|
|
||||||
unsigned int offset, pSize, qSize;
|
|
||||||
- /* SAB New variables */
|
|
||||||
unsigned int keyRecordSize;
|
|
||||||
unsigned int pbytes = BN_num_bytes(p);
|
|
||||||
unsigned int qbytes = BN_num_bytes(q);
|
|
||||||
unsigned int dmp1bytes = BN_num_bytes(dmp1);
|
|
||||||
unsigned int dmq1bytes = BN_num_bytes(dmq1);
|
|
||||||
unsigned int iqmpbytes = BN_num_bytes(iqmp);
|
|
||||||
+ int to_return = 0;
|
|
||||||
|
|
||||||
- /* Prepare the params */
|
|
||||||
-
|
|
||||||
- BN_CTX_start(ctx);
|
|
||||||
- argument = BN_CTX_get(ctx);
|
|
||||||
- result = BN_CTX_get(ctx);
|
|
||||||
- key = BN_CTX_get(ctx);
|
|
||||||
-
|
|
||||||
- if (!argument || !result || !key) {
|
|
||||||
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_BN_CTX_FULL);
|
|
||||||
- goto err;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (!bn_wexpand(argument, p->top + q->top) ||
|
|
||||||
- !bn_wexpand(result, p->top + q->top) ||
|
|
||||||
- !bn_wexpand(key, sizeof(*privKey) / BN_BYTES)) {
|
|
||||||
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,
|
|
||||||
- IBMCA_R_BN_EXPAND_FAIL);
|
|
||||||
- goto err;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
-
|
|
||||||
- privKey = (ICA_KEY_RSA_CRT *) key->d;
|
|
||||||
- /* SAB Add check for total size in bytes of the parms does not
|
|
||||||
- * exceed the buffer space we have do this first
|
|
||||||
- */
|
|
||||||
- keyRecordSize =
|
|
||||||
- pbytes + qbytes + dmp1bytes + dmq1bytes + iqmpbytes;
|
|
||||||
- if (keyRecordSize > sizeof(privKey->keyRecord)) {
|
|
||||||
+ argument = malloc((pbytes + qbytes));
|
|
||||||
+ if (!argument) {
|
|
||||||
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_REQUEST_FAILED);
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+ result = malloc((pbytes + qbytes));
|
|
||||||
+ if (!result) {
|
|
||||||
+ free(argument);
|
|
||||||
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_REQUEST_FAILED);
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+ key = malloc(sizeof(*privkey));
|
|
||||||
+ if (!key) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_REQUEST_FAILED);
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+ privkey = (ICA_KEY_RSA_CRT *)key;
|
|
||||||
+ keyRecordSize = (pbytes + qbytes + dmp1bytes + dmq1bytes + iqmpbytes);
|
|
||||||
+ if (keyRecordSize > sizeof(privkey->keyRecord)) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,
|
|
||||||
IBMCA_R_OPERANDS_TO_LARGE);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
if ((qbytes + dmq1bytes) > 256) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,
|
|
||||||
IBMCA_R_OPERANDS_TO_LARGE);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
if (pbytes + dmp1bytes > 256) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,
|
|
||||||
IBMCA_R_OPERANDS_TO_LARGE);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- /* end SAB additions */
|
|
||||||
-
|
|
||||||
- memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));
|
|
||||||
- privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE);
|
|
||||||
- privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));
|
|
||||||
- privKey->modulusBitLength =
|
|
||||||
- CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * p,dp & qInv are 1 QWORD Larger
|
|
||||||
- */
|
|
||||||
- privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p) + 8);
|
|
||||||
- privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));
|
|
||||||
- privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1) + 8);
|
|
||||||
- privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));
|
|
||||||
- privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp) + 8);
|
|
||||||
-
|
|
||||||
- offset = (char *) privKey->keyRecord - (char *) privKey;
|
|
||||||
-
|
|
||||||
- qSize = BN_num_bytes(q);
|
|
||||||
- pSize = qSize + 8; /* 1 QWORD larger */
|
|
||||||
-
|
|
||||||
-
|
|
||||||
+ memset(privkey, 0, sizeof(*privkey));
|
|
||||||
+ privkey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE);
|
|
||||||
+ privkey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));
|
|
||||||
+ privkey->modulusBitLength = CORRECT_ENDIANNESS(qbytes * 2 * 8);
|
|
||||||
+ privkey->pLength = CORRECT_ENDIANNESS(pbytes + 8);
|
|
||||||
+ privkey->qLength = CORRECT_ENDIANNESS(qbytes);
|
|
||||||
+ privkey->dpLength = CORRECT_ENDIANNESS(dmp1bytes + 8);
|
|
||||||
+ privkey->dqLength = CORRECT_ENDIANNESS(dmq1bytes);
|
|
||||||
+ privkey->qInvLength = CORRECT_ENDIANNESS(iqmpbytes + 8);
|
|
||||||
+ offset = ((char *)privkey->keyRecord - (char *)privkey);
|
|
||||||
+ qSize = qbytes;
|
|
||||||
+ pSize = (qSize + 8); /* 1 QWORD larger */
|
|
||||||
/* SAB probably aittle redundant, but we'll verify that each
|
|
||||||
* of the components which make up a key record sent ot the card
|
|
||||||
* does not exceed the space that is allocated for it. this
|
|
||||||
@@ -1808,105 +1791,96 @@
|
|
||||||
* could cause potential side affects on either the card or the
|
|
||||||
* result
|
|
||||||
*/
|
|
||||||
-
|
|
||||||
if ((pbytes > pSize) || (dmp1bytes > pSize) ||
|
|
||||||
(iqmpbytes > pSize) || (qbytes > qSize) ||
|
|
||||||
(dmq1bytes > qSize)) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,
|
|
||||||
IBMCA_R_OPERANDS_TO_LARGE);
|
|
||||||
goto err;
|
|
||||||
-
|
|
||||||
}
|
|
||||||
-
|
|
||||||
-
|
|
||||||
- privKey->dpOffset = CORRECT_ENDIANNESS(offset);
|
|
||||||
-
|
|
||||||
+ privkey->dpOffset = CORRECT_ENDIANNESS(offset);
|
|
||||||
offset += pSize;
|
|
||||||
- privKey->dqOffset = CORRECT_ENDIANNESS(offset);
|
|
||||||
-
|
|
||||||
+ privkey->dqOffset = CORRECT_ENDIANNESS(offset);
|
|
||||||
offset += qSize;
|
|
||||||
- privKey->pOffset = CORRECT_ENDIANNESS(offset);
|
|
||||||
-
|
|
||||||
+ privkey->pOffset = CORRECT_ENDIANNESS(offset);
|
|
||||||
offset += pSize;
|
|
||||||
- privKey->qOffset = CORRECT_ENDIANNESS(offset);
|
|
||||||
-
|
|
||||||
+ privkey->qOffset = CORRECT_ENDIANNESS(offset);
|
|
||||||
offset += qSize;
|
|
||||||
- privKey->qInvOffset = CORRECT_ENDIANNESS(offset);
|
|
||||||
-
|
|
||||||
- pkey = (char *) privKey->keyRecord;
|
|
||||||
-
|
|
||||||
-
|
|
||||||
- /* SAB first check that we don;t under flow the buffer */
|
|
||||||
+ privkey->qInvOffset = CORRECT_ENDIANNESS(offset);
|
|
||||||
+ pkey = (char *)privkey->keyRecord;
|
|
||||||
if (pSize < pbytes) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,
|
|
||||||
IBMCA_R_UNDERFLOW_CONDITION);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */
|
|
||||||
- pkey += pSize - BN_num_bytes(dmp1);
|
|
||||||
+ pkey += pSize - dmp1bytes;
|
|
||||||
BN_bn2bin(dmp1, pkey);
|
|
||||||
- pkey += BN_num_bytes(dmp1); /* move the pointer */
|
|
||||||
-
|
|
||||||
- BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */
|
|
||||||
-
|
|
||||||
- pkey += qSize; /* move pointer */
|
|
||||||
- pkey += pSize - BN_num_bytes(p); /* set up for zero padding of next field */
|
|
||||||
-
|
|
||||||
+ pkey += dmp1bytes;
|
|
||||||
+ BN_bn2bin(dmq1, pkey);
|
|
||||||
+ pkey += qSize;
|
|
||||||
+ pkey += pSize - pbytes; /* set up for zero padding of next field */
|
|
||||||
BN_bn2bin(p, pkey);
|
|
||||||
- pkey += BN_num_bytes(p); /* increment pointer by number of bytes moved */
|
|
||||||
-
|
|
||||||
+ pkey += pbytes;
|
|
||||||
BN_bn2bin(q, pkey);
|
|
||||||
- pkey += qSize; /* move the pointer */
|
|
||||||
- pkey += pSize - BN_num_bytes(iqmp); /* Adjust for padding */
|
|
||||||
+ pkey += qSize;
|
|
||||||
+ pkey += pSize - iqmpbytes; /* Adjust for padding */
|
|
||||||
BN_bn2bin(iqmp, pkey);
|
|
||||||
-
|
|
||||||
/* Prepare the argument and response */
|
|
||||||
-
|
|
||||||
- outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2; /* Correct endianess
|
|
||||||
- is used because the
|
|
||||||
- fields were converted
|
|
||||||
+ outLen = CORRECT_ENDIANNESS(privkey->qLength) * 2; /* Correct
|
|
||||||
+ endianess
|
|
||||||
+ is used
|
|
||||||
+ because
|
|
||||||
+ the
|
|
||||||
+ fields
|
|
||||||
+ were
|
|
||||||
+ converted
|
|
||||||
above */
|
|
||||||
-
|
|
||||||
if (outLen > 256) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,
|
|
||||||
IBMCA_R_OUTLEN_TO_LARGE);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
/* SAB check for underflow here on the argeument */
|
|
||||||
if (outLen < BN_num_bytes(a)) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,
|
|
||||||
IBMCA_R_UNDERFLOW_CONDITION);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- BN_bn2bin(a, (unsigned char *) argument->d + outLen -
|
|
||||||
- BN_num_bytes(a));
|
|
||||||
+ BN_bn2bin(a, ((unsigned char *)argument
|
|
||||||
+ + outLen
|
|
||||||
+ - BN_num_bytes(a)));
|
|
||||||
inLen = outLen;
|
|
||||||
-
|
|
||||||
- memset(result->d, 0, outLen);
|
|
||||||
-
|
|
||||||
- /* Perform the operation */
|
|
||||||
-
|
|
||||||
+ memset(result, 0, outLen);
|
|
||||||
if ((rc = p_icaRsaCrt(ibmca_handle, inLen,
|
|
||||||
- (unsigned char *) argument->d,
|
|
||||||
- privKey, &outLen,
|
|
||||||
- (unsigned char *) result->d)) != 0) {
|
|
||||||
+ (unsigned char *)argument,
|
|
||||||
+ privkey, &outLen,
|
|
||||||
+ (unsigned char *)result)) != 0) {
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,
|
|
||||||
IBMCA_R_REQUEST_FAILED);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- /* Convert the response */
|
|
||||||
-
|
|
||||||
- BN_bin2bn((unsigned char *) result->d, outLen, r);
|
|
||||||
+ BN_bin2bn((unsigned char *)result, outLen, r);
|
|
||||||
to_return = 1;
|
|
||||||
-
|
|
||||||
+ free(argument);
|
|
||||||
+ free(result);
|
|
||||||
+ free(key);
|
|
||||||
err:
|
|
||||||
- BN_CTX_end(ctx);
|
|
||||||
return to_return;
|
|
||||||
-
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_DSA
|
|
68
openssl-des-ede.patch
Normal file
68
openssl-des-ede.patch
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
commit 83b8ed7b25c809fa36ec86d7041a6350dc516606
|
||||||
|
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
||||||
|
Date: Wed Mar 19 15:57:10 2014 -0500
|
||||||
|
|
||||||
|
openssl-ibmca: openssl speed -engine ibmca -evp des-ede3-ofb segfaults
|
||||||
|
|
||||||
|
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
||||||
|
|
||||||
|
diff --git a/e_ibmca.c b/e_ibmca.c
|
||||||
|
index b1ad975..0acbe5f 100644
|
||||||
|
--- a/e_ibmca.c
|
||||||
|
+++ b/e_ibmca.c
|
||||||
|
@@ -883,8 +883,7 @@ typedef unsigned int (*ica_sha256_t)(unsigned int, unsigned int, unsigned char *
|
||||||
|
sha256_context_t *, unsigned char *);
|
||||||
|
typedef unsigned int (*ica_des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
|
||||||
|
unsigned long data_length, const unsigned char *key,
|
||||||
|
- unsigned int key_length, unsigned char *iv,
|
||||||
|
- unsigned int direction);
|
||||||
|
+ unsigned char *iv, unsigned int direction);
|
||||||
|
typedef unsigned int (*ica_des_cfb_t)(const unsigned char *in_data, unsigned char *out_data,
|
||||||
|
unsigned long data_length, const unsigned char *key,
|
||||||
|
unsigned char *iv, unsigned int lcfb,
|
||||||
|
@@ -894,8 +893,7 @@ typedef unsigned int (*ica_3des_cfb_t)(const unsigned char *, unsigned char *,
|
||||||
|
unsigned int, unsigned int);
|
||||||
|
typedef unsigned int (*ica_3des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
|
||||||
|
unsigned long data_length, const unsigned char *key,
|
||||||
|
- unsigned int key_length, unsigned char *iv,
|
||||||
|
- unsigned int direction);
|
||||||
|
+ unsigned char *iv, unsigned int direction);
|
||||||
|
typedef unsigned int (*ica_aes_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
|
||||||
|
unsigned long data_length, const unsigned char *key,
|
||||||
|
unsigned int key_length, unsigned char *iv,
|
||||||
|
@@ -1197,7 +1195,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
|
||||||
|
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
|
||||||
|
8, ICA_ENCRYPT);
|
||||||
|
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
||||||
|
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
|
||||||
|
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
|
||||||
|
ICA_ENCRYPT);
|
||||||
|
} else {
|
||||||
|
rv = p_ica_des_encrypt(mode, len, (unsigned char *)in,
|
||||||
|
@@ -1223,7 +1221,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
|
||||||
|
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
|
||||||
|
8, ICA_DECRYPT);
|
||||||
|
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
||||||
|
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
|
||||||
|
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
|
||||||
|
ICA_DECRYPT);
|
||||||
|
} else {
|
||||||
|
/* Protect against decrypt in place */
|
||||||
|
@@ -1279,7 +1277,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
|
||||||
|
ctx->iv, 8, ICA_ENCRYPT);
|
||||||
|
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
||||||
|
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
|
||||||
|
- 8, ctx->iv, ICA_ENCRYPT);
|
||||||
|
+ ctx->iv, ICA_ENCRYPT);
|
||||||
|
} else {
|
||||||
|
rv = p_ica_3des_encrypt(mode, len, (unsigned char *)in,
|
||||||
|
(ica_des_vector_t *) ctx->iv,
|
||||||
|
@@ -1305,7 +1303,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
|
||||||
|
ctx->iv, 8, ICA_DECRYPT);
|
||||||
|
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
||||||
|
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
|
||||||
|
- 8, ctx->iv, ICA_DECRYPT);
|
||||||
|
+ ctx->iv, ICA_DECRYPT);
|
||||||
|
} else {
|
||||||
|
/* Protect against decrypt in place */
|
||||||
|
/* FIXME: Again, check if EVP_CIPHER_CTX_iv_length() should be used */
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:d3b114bc78fe8180b0c5f5d4d687b0fe2b3b23942c1f03e70aebc99b253119c9
|
|
||||||
size 215240
|
|
@ -1,11 +0,0 @@
|
|||||||
diff -urpN openssl-ibmca-1.0.0-rc2/e_ibmca.c openssl-ibmca-1.0.0-rc2-memset_fix/e_ibmca.c
|
|
||||||
--- openssl-ibmca-1.0.0-rc2/e_ibmca.c 2007-01-22 17:23:20.000000000 +0100
|
|
||||||
+++ openssl-ibmca-1.0.0-rc2-memset_fix/e_ibmca.c 2007-01-22 17:27:09.000000000 +0100
|
|
||||||
@@ -1858,6 +1858,7 @@ static int ibmca_mod_exp_crt(BIGNUM * r,
|
|
||||||
IBMCA_R_UNDERFLOW_CONDITION);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
+ memset(argument, 0, pbytes + qbytes);
|
|
||||||
BN_bn2bin(a, ((unsigned char *)argument
|
|
||||||
+ outLen
|
|
||||||
- BN_num_bytes(a)));
|
|
3
openssl-ibmca-1.2.0.tar.gz
Normal file
3
openssl-ibmca-1.2.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:d36363798e69e19b203126106f0e3f1a08626f96523994dd3c06adfe9c6d27ad
|
||||||
|
size 26525
|
11
openssl-ibmca-configure.patch
Normal file
11
openssl-ibmca-configure.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- configure.in
|
||||||
|
+++ configure.in
|
||||||
|
@@ -28,7 +28,7 @@
|
||||||
|
# libica is dlopened, so do not add it to LIBS
|
||||||
|
save_LIBS=$LIBS
|
||||||
|
AC_CHECK_LIB(ica, ica_open_adapter, [], \
|
||||||
|
- AC_MSG_ERROR([*** libica-2.x library not found]), [-lssl])
|
||||||
|
+ AC_MSG_ERROR([*** libica-2.x library not found]), [-lssl -lrt -lcrypto -lpthread])
|
||||||
|
LIBS=$save_LIBS
|
||||||
|
|
||||||
|
# OpenSSL location
|
22
openssl-ibmca-sha256-digest-length.patch
Normal file
22
openssl-ibmca-sha256-digest-length.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
commit f204aca935dfe45b736e9fb8f822c9e79ec9747c
|
||||||
|
Author: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
|
||||||
|
Date: Fri Mar 7 10:35:33 2014 +0100
|
||||||
|
|
||||||
|
SHA256: Fixed message digest length definition in sha256 template
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
|
||||||
|
Acked-by: John Jolly <jjolly@suse.de>
|
||||||
|
|
||||||
|
diff --git a/e_ibmca.c b/e_ibmca.c
|
||||||
|
index 94c44a4..f3fad35 100644
|
||||||
|
--- a/e_ibmca.c
|
||||||
|
+++ b/e_ibmca.c
|
||||||
|
@@ -727,7 +727,7 @@ static const EVP_MD ibmca_sha1 = {
|
||||||
|
static const EVP_MD ibmca_sha256 = {
|
||||||
|
NID_sha256,
|
||||||
|
NID_sha256WithRSAEncryption,
|
||||||
|
- SHA_HASH_LENGTH,
|
||||||
|
+ SHA256_HASH_LENGTH,
|
||||||
|
0,
|
||||||
|
ibmca_sha256_init,
|
||||||
|
ibmca_sha256_update,
|
@ -1,3 +1,60 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Mar 8 17:15:03 UTC 2015 - p.drouand@gmail.com
|
||||||
|
|
||||||
|
- Remove dependency on fillup anf insserv; the package provides
|
||||||
|
neither sysconfig file nor sysvinit script
|
||||||
|
- Remove depreciated AUTHORS section
|
||||||
|
- Use %configure macro
|
||||||
|
- Add openssl-ibmca-configure.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Aug 14 13:03:44 UTC 2014 - jjolly@suse.com
|
||||||
|
|
||||||
|
- Forced requirement of libica-2_3_0 (bnc#890824)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 26 07:35:34 UTC 2014 - meissner@suse.com
|
||||||
|
|
||||||
|
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
|
||||||
|
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
|
||||||
|
fips self-test during EC key creation (bnc#879922)
|
||||||
|
- spec file cleaned up a bit
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Mar 18 12:33:49 UTC 2014 - jjolly@suse.com
|
||||||
|
|
||||||
|
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
|
||||||
|
digest length definition in sha256 template (bnc#868275)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Mar 5 18:51:25 CET 2014 - ro@suse.de
|
||||||
|
|
||||||
|
- update to 1.2.0
|
||||||
|
- removed patches:
|
||||||
|
ibmca-configure.patch
|
||||||
|
ibmca-segfault.fix.patch
|
||||||
|
ibmca-sw-fix.patch
|
||||||
|
openssl-ibmca-1.0.0.rc2-memset-fix.patch
|
||||||
|
- make it exclusivearch for s390/s390x as the required libica
|
||||||
|
is only available for s390/s390x
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Feb 19 14:02:44 UTC 2014 - jjolly@suse.com
|
||||||
|
|
||||||
|
- Made required libica-2_1_0 s390 specific
|
||||||
|
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
|
||||||
|
- Removed libica requirement - allowing build process to find it
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Feb 19 06:10:42 UTC 2014 - jjolly@suse.com
|
||||||
|
|
||||||
|
- Added COPYING to %files
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 18 14:47:27 UTC 2014 - jjolly@suse.com
|
||||||
|
|
||||||
|
- Requiring libica 2.1.0 or greater
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Dec 10 20:55:24 UTC 2013 - dvaleev@suse.com
|
Tue Dec 10 20:55:24 UTC 2013 - dvaleev@suse.com
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package openssl-ibmca
|
# spec file for package openssl-ibmca
|
||||||
#
|
#
|
||||||
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -19,58 +19,43 @@
|
|||||||
Name: openssl-ibmca
|
Name: openssl-ibmca
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: libica
|
BuildRequires: libica-2_3_0-devel
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
Summary: The IBMCA OpenSSL dynamic engine
|
Summary: The IBMCA OpenSSL dynamic engine
|
||||||
License: IPL-1.0
|
License: IPL-1.0
|
||||||
Group: Hardware/Other
|
Group: Hardware/Other
|
||||||
Version: 1.0.0
|
Version: 1.2.0
|
||||||
Release: 0
|
Release: 0
|
||||||
Source: openssl-ibmca-1.0.0-rc2.tar.bz2
|
Source: openssl-ibmca-1.2.0.tar.gz
|
||||||
Source2: baselibs.conf
|
Source2: baselibs.conf
|
||||||
Patch: ibmca-configure.patch
|
|
||||||
Patch1: openssl-ibmca-README.patch
|
Patch1: openssl-ibmca-README.patch
|
||||||
Patch2: ibmca-segfault.fix.patch
|
Patch2: openssl-ibmca-configure.patch
|
||||||
Patch3: ibmca-sw-fix.patch
|
Patch3: openssl-ibmca-sha256-digest-length.patch
|
||||||
Patch4: openssl-ibmca-1.0.0.rc2-memset-fix.patch
|
Patch4: openssl-pkey.patch
|
||||||
|
Patch5: openssl-des-ede.patch
|
||||||
Url: http://sourceforge.net/projects/opencryptoki
|
Url: http://sourceforge.net/projects/opencryptoki
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
PreReq: %fillup_prereq %insserv_prereq
|
Requires: libica-2_3_0
|
||||||
Requires: libica
|
|
||||||
Requires: openssl
|
Requires: openssl
|
||||||
# bug437293
|
ExclusiveArch: s390 s390x
|
||||||
%ifarch ppc64
|
|
||||||
Obsoletes: openssl-ibmca-64bit
|
|
||||||
%endif
|
|
||||||
#
|
#
|
||||||
%define ibmca_64bit_arch s390x ppc64 ppc64le
|
|
||||||
%define ibmca_32bit_arch %ix86 s390 ppc %arm
|
|
||||||
ExclusiveArch: %ibmca_32bit_arch %ibmca_64bit_arch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains a shared object OpenSSL dynamic engine for the
|
This package contains a shared object OpenSSL dynamic engine for the
|
||||||
IBM eServer Cryptographic Accelerator (ICA).
|
IBM eServer Cryptographic Accelerator (ICA).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Authors:
|
|
||||||
--------
|
|
||||||
Mike Halcrow <mhalcrow@us.ibm.com>
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -n openssl-ibmca-1.0.0-rc2
|
%setup -q
|
||||||
%patch -p1
|
|
||||||
%patch1
|
%patch1
|
||||||
%patch2 -p1
|
%patch2
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf --force --install
|
autoreconf --force --install
|
||||||
export CFLAGS="$RPM_OPT_FLAGS"
|
%configure --with-engines-dir=%_libdir/engines --libdir=%_libdir/engines
|
||||||
export CPPFLAGS="$RPM_OPT_FLAGS"
|
|
||||||
./configure --with-engines-dir=%_libdir/engines --libdir=%_libdir/engines
|
|
||||||
make
|
make
|
||||||
|
|
||||||
%install
|
%install
|
||||||
@ -78,14 +63,9 @@ make
|
|||||||
#(cd $RPM_BUILD_ROOT; libtool --finish ./%_libdir/engines)
|
#(cd $RPM_BUILD_ROOT; libtool --finish ./%_libdir/engines)
|
||||||
rm ${RPM_BUILD_ROOT}%{_libdir}/engines/libibmca.la
|
rm ${RPM_BUILD_ROOT}%{_libdir}/engines/libibmca.la
|
||||||
|
|
||||||
%post
|
|
||||||
%run_ldconfig
|
|
||||||
|
|
||||||
%postun
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-, root, root)
|
%defattr(-, root, root)
|
||||||
%doc README
|
%doc README COPYING
|
||||||
%doc openssl.cnf.sample
|
%doc openssl.cnf.sample
|
||||||
%dir %{_libdir}/engines
|
%dir %{_libdir}/engines
|
||||||
%{_libdir}/engines/libibmca.*
|
%{_libdir}/engines/libibmca.*
|
||||||
|
31
openssl-pkey.patch
Normal file
31
openssl-pkey.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
commit 6cdca2c3d655ef19d022fb3d8bcbf63491b79db2
|
||||||
|
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
||||||
|
Date: Wed Mar 19 12:50:14 2014 -0500
|
||||||
|
|
||||||
|
Add flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE to EVP_MD so that signing method
|
||||||
|
comes from key type.
|
||||||
|
|
||||||
|
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
||||||
|
|
||||||
|
diff --git a/e_ibmca.c b/e_ibmca.c
|
||||||
|
index f3fad35..9353470 100644
|
||||||
|
--- a/e_ibmca.c
|
||||||
|
+++ b/e_ibmca.c
|
||||||
|
@@ -711,7 +711,7 @@ static const EVP_MD ibmca_sha1 = {
|
||||||
|
NID_sha1,
|
||||||
|
NID_sha1WithRSAEncryption,
|
||||||
|
SHA_HASH_LENGTH,
|
||||||
|
- 0,
|
||||||
|
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
|
||||||
|
ibmca_sha1_init,
|
||||||
|
ibmca_sha1_update,
|
||||||
|
ibmca_sha1_final,
|
||||||
|
@@ -728,7 +728,7 @@ static const EVP_MD ibmca_sha256 = {
|
||||||
|
NID_sha256,
|
||||||
|
NID_sha256WithRSAEncryption,
|
||||||
|
SHA256_HASH_LENGTH,
|
||||||
|
- 0,
|
||||||
|
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
|
||||||
|
ibmca_sha256_init,
|
||||||
|
ibmca_sha256_update,
|
||||||
|
ibmca_sha256_final,
|
Loading…
Reference in New Issue
Block a user