Hi Mimi,
On 7/22/21 2:02 AM, Mimi Zohar wrote:
Hi Tianjia,
On Wed, 2021-07-21 at 11:16 +0800, Tianjia Zhang wrote:
Keep in sync with the kernel IMA, IMA signature tool supports SM2/3
algorithm combination. Because in the current version of OpenSSL 1.1.1,
the SM2 algorithm and the public key using the EC algorithm share the
same ID 'EVP_PKEY_EC', and the specific algorithm can only be
distinguished by the curve name used. This patch supports this feature.
Secondly, the openssl 1.1.1 tool does not fully support the signature
of SM2/3 algorithm combination, so the openssl3 tool is used in the
test case, and there is no this problem with directly calling the
openssl 1.1.1 API in evmctl.
Signed-off-by: Tianjia Zhang <tianjia.zhang@xxxxxxxxxxxxxxxxx>
Other than the change noted below in .travis.yml, it's fine. It's now
queued in next-testing.
---
diff --git a/.travis.yml b/.travis.yml
index 7a76273..ab030e5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,7 +9,7 @@ matrix:
include:
# 32 bit build
- os: linux
- env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss
+ env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss COMPILE_SSL: openssl-3.0.0-beta1
"COMPILE_SSL: openssl-3.0.0-beta1" -> "COMPILE_SSL=openssl-3.0.0-
beta1"
thanks,
Mimi
I was careless, thanks for the change.
Best regards,
Tianjia
compiler: gcc
# cross compilation builds
@@ -32,7 +32,7 @@ matrix:
# glibc (gcc/clang)
- os: linux
- env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/runc --network=host"
+ env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/runc --network=host" COMPILE_SSL: openssl-3.0.0-beta1
compiler: clang
- os: linux
@@ -40,7 +40,7 @@ matrix:
compiler: gcc
- os: linux
- env: DISTRO=ubuntu:groovy TSS=ibmtss
+ env: DISTRO=ubuntu:groovy TSS=ibmtss COMPILE_SSL: openssl-3.0.0-beta1
compiler: gcc
- os: linux
