diff --git a/openssl-ibmca-2.4.0-fixes.patch b/openssl-ibmca-2.4.0-fixes.patch index 7cafa5a..62fe880 100644 --- a/openssl-ibmca-2.4.0-fixes.patch +++ b/openssl-ibmca-2.4.0-fixes.patch @@ -1,7 +1,7 @@ From 2d9f0222076f6e243e68238c533b6bf0b6073138 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Mon, 17 Apr 2023 13:38:36 +0200 -Subject: [PATCH 1/5] configure: check for perl and perl-FindBin +Subject: [PATCH 1/6] configure: check for perl and perl-FindBin Perl as well as the perl module FindBin are required to run the IBMCA tests. Check for it during configuration and fail if it is not available. @@ -43,7 +43,7 @@ index 39317c7..cea8ce8 100644 From e8983a442f53e56e49c9143babeacb5c0206c1bd Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Mon, 17 Apr 2023 13:43:59 +0200 -Subject: [PATCH 2/5] bootstrap: add --force option to autoreconf +Subject: [PATCH 2/6] bootstrap: add --force option to autoreconf Consider all files as obsolete and make all of them new. @@ -69,7 +69,7 @@ index 7800f7f..e60cda5 100755 From 3ea8f4ed58e075e097856437c0732e11771931d0 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Wed, 19 Apr 2023 10:07:01 +0200 -Subject: [PATCH 3/5] engine: Only register those algos specified with +Subject: [PATCH 3/6] engine: Only register those algos specified with default_algorithms As part of OpenSSL initialization, the engine(s) configured in the OpenSSL @@ -113,7 +113,7 @@ index fe21897..6cbf745 100644 From f8a60b6678b1eb3ccadcb31f36bf7961ed8d5a9a Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Tue, 25 Apr 2023 16:23:52 +0200 -Subject: [PATCH 4/5] provider: rsa: Check RSA keys with p < q at key +Subject: [PATCH 4/6] provider: rsa: Check RSA keys with p < q at key generation and import Since OpenSSL 3.0 the OpenSSL RSA key generation taking place within libica @@ -174,7 +174,7 @@ index aabf9d2..f83d90a 100644 From acba1d936bd84c7090ed7d3849b0bab3c7f18da0 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Fri, 7 Jul 2023 14:55:26 +0200 -Subject: [PATCH 5/5] provider: Support importing of RSA keys with just ME +Subject: [PATCH 5/6] provider: Support importing of RSA keys with just ME components RSA private keys may contain just CRT (p, q, dp, dq, qinv) or ME (d) @@ -1199,3 +1199,43 @@ index cfc10a1..f7a0a91 100644 -- 2.41.0 + +From 67efa9ad713e8283cb20111a15629f15a8ea8c86 Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Tue, 25 Jul 2023 14:52:49 +0200 +Subject: [PATCH 6/6] provider: RSA: Fix get_params to retrieve max-size, bits, + and security-bits + +The RSA key management's get_params() function should be able to return the +values for max-size, bits, and security-bits if at least the public key is +available. + +The detection whether the key is 'empty', i.e. has neither the public nor the +private key components was wrong. This leads to the fact that those parameters +were not returned when only the public key was available. + +Signed-off-by: Ingo Franzki +--- + src/provider/rsa_keymgmt.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/provider/rsa_keymgmt.c b/src/provider/rsa_keymgmt.c +index 526f2aa..ce49c88 100644 +--- a/src/provider/rsa_keymgmt.c ++++ b/src/provider/rsa_keymgmt.c +@@ -1512,9 +1512,9 @@ static int ibmca_keymgmt_rsa_get_params(void *vkey, OSSL_PARAM params[]) + for (parm = params; parm != NULL && parm->key != NULL; parm++) + ibmca_debug_key(key, "param: %s", parm->key); + +- empty = (!ibmca_keymgmt_rsa_pub_valid(&key->rsa.public) || +- (!ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt) && +- !ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me))); ++ empty = (!ibmca_keymgmt_rsa_pub_valid(&key->rsa.public) && ++ !ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt) && ++ !ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me)); + + if (!empty) { + /* OSSL_PKEY_PARAM_BITS */ +-- +2.41.0 + diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec index cc69de4..f86e3aa 100644 --- a/openssl-ibmca.spec +++ b/openssl-ibmca.spec @@ -3,7 +3,7 @@ Summary: OpenSSL provider for IBMCA Name: openssl-ibmca Version: 2.4.0 -Release: 3%{?dist} +Release: 4%{?dist} License: Apache-2.0 URL: https://github.com/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz @@ -58,6 +58,9 @@ make check %changelog +* Wed Jul 26 2023 Dan Horák - 2.4.0-4 +- one more fix + * Wed Jul 26 2023 Dan Horák - 2.4.0-3 - add post GA fixes - let provider log into /tmp