Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openssl-ibmca for openSUSE:Factory checked in at 2025-02-05 17:33:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-ibmca (Old) and /work/SRC/openSUSE:Factory/.openssl-ibmca.new.2316 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-ibmca" Wed Feb 5 17:33:30 2025 rev:56 rq:1243312 version:2.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-ibmca/openssl-ibmca.changes 2025-02-04 18:14:50.429249839 +0100 +++ /work/SRC/openSUSE:Factory/.openssl-ibmca.new.2316/openssl-ibmca.changes 2025-02-05 17:33:32.915362195 +0100 @@ -1,0 +2,7 @@ +Wed Feb 5 10:28:31 UTC 2025 - Nikolay Gueorguiev <[email protected]> + +- Applied additional patch (bsc#1236770) + * openssl-ibmca-06-Provider-Fix-segfault-with-openssl-list-signature-algorithms-verbose.patch + for Provider: Fix segfault with 'openssl list -signature-algorithms -verbose' + +------------------------------------------------------------------- New: ---- openssl-ibmca-06-Provider-Fix-segfault-with-openssl-list-signature-algorithms-verbose.patch BETA DEBUG BEGIN: New:- Applied additional patch (bsc#1236770) * openssl-ibmca-06-Provider-Fix-segfault-with-openssl-list-signature-algorithms-verbose.patch for Provider: Fix segfault with 'openssl list -signature-algorithms -verbose' BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-ibmca.spec ++++++ --- /var/tmp/diff_new_pack.hSds0M/_old 2025-02-05 17:33:34.727437153 +0100 +++ /var/tmp/diff_new_pack.hSds0M/_new 2025-02-05 17:33:34.739437649 +0100 @@ -65,6 +65,7 @@ Patch12: openssl-ibmca-03-test-provider-Explicitly-initialize-OpenSSL-after-setting-env-vars.patch Patch13: openssl-ibmca-04-engine-Fix-compile-error.patch Patch14: openssl-ibmca-05-provider-Fix-segfault-with-openssl-list-key-managers.patch +Patch15: openssl-ibmca-06-Provider-Fix-segfault-with-openssl-list-signature-algorithms-verbose.patch ### %description ++++++ openssl-ibmca-06-Provider-Fix-segfault-with-openssl-list-signature-algorithms-verbose.patch ++++++ >From 85b8c528759df2ef09028bc49a5ec103142820fb Mon Sep 17 00:00:00 2001 From: Ingo Franzki <[email protected]> Date: Wed, 5 Feb 2025 10:16:17 +0100 Subject: [PATCH] provider: Fix segfault with 'openssl list -signature-algorithms -verbose' Command 'openssl list -signature-algorithms -verbose' calls OpenSSL function EVP_SIGNATURE_settable_ctx_params() which in turn calls the provider's settable_ctx_params() function, but with NULL for the operation context. This causes segfaults in IBMCAs settable_ctx_params() functions, as they assume that the operation context is not NULL. While at it, make sure that the settable/gettable_ctx_md_params() functions do not crash if called with a NULL context. Signed-off-by: Ingo Franzki <[email protected]> --- src/provider/ec_signature.c | 2 +- src/provider/p_context.c | 14 ++++++++------ src/provider/rsa_signature.c | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/provider/ec_signature.c b/src/provider/ec_signature.c index 8d87ddd9..069601e3 100644 --- a/src/provider/ec_signature.c +++ b/src/provider/ec_signature.c @@ -823,7 +823,7 @@ static const OSSL_PARAM *ibmca_signature_ec_settable_ctx_params( ibmca_debug_ctx(provctx, "ctx: %p", ctx); - if (ctx->ec.signature.set_md_allowed) + if (ctx == NULL || ctx->ec.signature.set_md_allowed) params = ibmca_signature_ec_settable_params; else params = ibmca_signature_ec_settable_params_no_digest; diff --git a/src/provider/p_context.c b/src/provider/p_context.c index 135690e7..58285ba9 100644 --- a/src/provider/p_context.c +++ b/src/provider/p_context.c @@ -392,9 +392,10 @@ const OSSL_PARAM *ibmca_gettable_ctx_md_params(const struct ibmca_op_ctx *ctx, ibmca_debug_op_ctx(ctx, "ctx: %p", ctx); if (md == NULL) { - put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM, - "Digest sign/verify context not initialized"); - return 0; + if (ctx != NULL) + put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM, + "Digest sign/verify context not initialized"); + return NULL; } params = EVP_MD_gettable_ctx_params(md); @@ -413,9 +414,10 @@ const OSSL_PARAM *ibmca_settable_ctx_md_params(const struct ibmca_op_ctx *ctx, ibmca_debug_op_ctx(ctx, "ctx: %p", ctx); if (md == NULL) { - put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM, - "Digest sign/verify context not initialized"); - return 0; + if (ctx != NULL) + put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM, + "Digest sign/verify context not initialized"); + return NULL; } params = EVP_MD_settable_ctx_params(md); diff --git a/src/provider/rsa_signature.c b/src/provider/rsa_signature.c index f7a0a91b..617bb999 100644 --- a/src/provider/rsa_signature.c +++ b/src/provider/rsa_signature.c @@ -1814,7 +1814,7 @@ static const OSSL_PARAM *ibmca_signature_rsa_settable_ctx_params( ibmca_debug_ctx(provctx, "ctx: %p", ctx); - if (ctx->rsa.signature.set_md_allowed) + if (ctx == NULL || ctx->rsa.signature.set_md_allowed) params = ibmca_signature_rsa_settable_params; else params = ibmca_signature_rsa_settable_params_no_digest;
