Tree - rpms/opencryptoki - CentOS Git server

rpms / opencryptoki

Blame SOURCES/opencryptoki-openssl3-4dd8a952fc00dd54cce090e4c053de408ba3884b.patch

Blob History Raw

		2c1758	`commit 4dd8a952fc00dd54cce090e4c053de408ba3884b`
		2c1758	`Author: Ingo Franzki <ifranzki@linux.ibm.com>`
		2c1758	`Date: Tue Aug 24 10:14:39 2021 +0200`
		2c1758
		2c1758	`SOFT: Detect unsupported EC curves with OpenSSL 3.0`
		2c1758
		2c1758	`OpenSSL 3.0 behaves different in reporting an error when an unsupported`
		2c1758	`EC curve is used to generate an EC key. OpenSSL 1.1.1 returns an error`
		2c1758	`at EVP_PKEY_CTX_set_ec_paramgen_curve_nid() already, but OpenSSL 3.0 returns`
		2c1758	`an error only at EVP_PKEY_keygen().`
		2c1758
		2c1758	`Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>`
		2c1758
		2c1758	`diff --git a/usr/lib/soft_stdll/soft_specific.c b/usr/lib/soft_stdll/soft_specific.c`
		2c1758	`index 43fd17c3..03767ec8 100644`
		2c1758	`--- a/usr/lib/soft_stdll/soft_specific.c`
		2c1758	`+++ b/usr/lib/soft_stdll/soft_specific.c`
		2c1758	`@@ -51,6 +51,7 @@`
		2c1758	`#include <openssl/cmac.h>`
		2c1758	`#include <openssl/ec.h>`
		2c1758	`#include <openssl/bn.h>`
		2c1758	`+#include <openssl/err.h>`
		2c1758	`#if OPENSSL_VERSION_PREREQ(3, 0)`
		2c1758	`#include <openssl/core_names.h>`
		2c1758	`#include <openssl/param_build.h>`
		2c1758	`@@ -4548,7 +4549,10 @@ CK_RV token_specific_ec_generate_keypair(STDLL_TokData_t *tokdata,`
		2c1758
		2c1758	`if (EVP_PKEY_keygen(ctx, &ec_pkey) <= 0) {`
		2c1758	`TRACE_ERROR("EVP_PKEY_keygen failed\n");`
		2c1758	`- rc = CKR_FUNCTION_FAILED;`
		2c1758	`+ if (ERR_GET_REASON(ERR_peek_last_error()) == EC_R_INVALID_CURVE)`
		2c1758	`+ rc = CKR_CURVE_NOT_SUPPORTED;`
		2c1758	`+ else`
		2c1758	`+ rc = CKR_FUNCTION_FAILED;`
		2c1758	`goto out;`
		2c1758	`}`
		2c1758

rpms / opencryptoki

Source Code

Blame SOURCES/opencryptoki-openssl3-4dd8a952fc00dd54cce090e4c053de408ba3884b.patch