Closed ifranzki closed 2 years ago
commit title: Prepare provider for implementing cryto operations -> crypto
commit title: Prepare provider for implementing cryto operations -> crypto
fixed
In general, the Copyright year is everywhere 2021. Should include 2022
Fixed, did not think about updating the Copyright year when the new year stated...
Made /var/og/ibmca 777 to allow anyone to write trace files.
@juergenchrist I am ready with the changes. Please take a look again and let me know if there is anything else you want me to change.
Some files (mostly test files) still miss a copyright header. Could you please add this.
Will do. You should then also update the Engine test files and add a copyright header there as well.
Now I see a copyright header, but with year 2018?
LOL copy & paste ... Will fix.
Couldn't we alternatively specify the full path to the provider library?
Thats what I wanted to say with the sentence "Set the name and optionally the path to the IBMCA provider shared object file". I read somewhere the on some platforms the path can be specified here, but not on all platforms. I guess on Linux you can.
Also, the environment variable is only usable in non-setuid-root binaries.
Right, added "(ignored in set-user-ID and set-group-ID programs)" as it is stated in the OpenSSL man page for that environment variable.
@juergenchrist Force pushed, please take a look.
Changed test.pm to not use fork() for the tls.pl testcase. Fork causes problems with closing file descriptors when running in the CI where stdin is a socket connection.
Fixed a bug in ibmca_keyexch_dh_derive_x942_kdf() to use the resulting plain secret length for applying the KDF, not the prime size.
Please note that there still might be a bug in the OpenSSL provider implementation regarding the use of padded vs un-padded plain secret with X9.42 KDF, see https://github.com/openssl/openssl/issues/17834 If they fix this, the IBMCA provider needs to be fixed as well. Currently the IBMCA provider behaves the same as the default provider (otherwise the dhkey testcase would fail).
rebased to current master
Rebased again to current master.
Also fixed bug in DH keyexch related to a bug fixed in OpenSSL with PR https://github.com/openssl/openssl/pull/17859. Note that the dhkey
testcase will fail until that OpenSSL PR is merged.
FYI: OpenSSL PR https://github.com/openssl/openssl/pull/17859 has just been merged.
Things to discuss: