openssl-ibmca (2.4.0-0ubuntu2) mantic; urgency=medium
* Add selected commits/patches as requested here: LP: #2027809
- d/p/lp-2027809-engine-Only-register-those-algos-specified-with-defa.patch
To set the ENGINE_FLAGS_NO_REGISTER_ALL flag during IBMCA engine
initialization to avoid unconditional registration of all algorithms.
- d/p/lp-2027809-provider-rsa-Check-RSA-keys-with-p-q-at-key-generati.patch
To check and correct RSA keys where p < q (privileged form) right after
key generation or during import, so that p > q is assured whenever the key
is used afterwards, and no ica_rsa_crt() correction is applied later on.
- d/p/lp-2027809-provider-Support-importing-of-RSA-keys-with-just-ME-.patch
To let an RSA key also contain the private key components in ME format,
and use ica_rsa_mod_expo() only if the ME components are available.
- d/p/lp-2027809-provider-RSA-Fix-get_params-to-retrieve-max-size-bit.patch
To ensure (and fix) that the RSA key management's get_params() function
is able to return the values for max-size, bits, and security-bits (if
at least the public key is available).
- d/p/lp-2027809-provider-Default-debug-directory-to-tmp-but-make-it-.patch
To change the default log directory from /var/log/ibmca/ to /tmp which is
world-writable anyway, and to avoid making /var/log/ibmca/ world-
writable, which can cause security issues, since it's not known under
which user an application runs that uses the provider.
With that a world-writable directory under /var is avoided.
-- Frank Heimes <email address hidden> Thu, 27 Jul 2023 16:38:43 +0200