Sync from SUSE:SLFO:Main tpm2-tss-engine revision 551379753a32e49f216bd07ee877d619

2024-05-04 01:27:36 +02:00 · 2024-05-04 01:27:36 +02:00 · c81e7e1e05
commit c81e7e1e05
5 changed files with 314 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/tpm2-tss-engine-1.2.0.tar.gz
+++ b/tpm2-tss-engine-1.2.0.tar.gz
--- a/tpm2-tss-engine-1.2.0.tar.gz.asc
+++ b/tpm2-tss-engine-1.2.0.tar.gz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmO8LTMACgkQbeLpB44f
+UMGAgxAAzvCC2pGeHaYCnHIWVEBNwVgyBuTH2S2tfnvYbMMbEpi3MEaHP/aOhlLD
+WtYK1OQiWs1CSzNVLTf5dHfrBUyAQlOYprOzxSizpExBlU55JIE7CS6W6pGn7hDC
+XjGz4yGbZuj/Z7JBMW8cjgJCsmDW6ENRl4WhfBq0GpRqtE9WmH6AcjSS4f8BnvvC
+UWLFD3XKkbShDL28k5jspLKtkY1MfNgl+8YwWDsS5Ako7+mEPuUq7mzEQSy70ol8
+gnrXixFYGmbA9Zo4x/+FZ/iaHAvhbA6+9ekzGSLFaZic2AdsumUrSHJ+8F7jgiml
+uk6orfcim8k6abrBFetlzlq3pEwJhJbRSienyIDaRhCvuFP5x1/YA+dPC5vak6S/
+QcwFy9O0AXpvnDDR3pv7zIiWmjFctTJtne7UrwtcK0/m8Wmg/LKJIGcGNWGn4/9c
+/I6D3P8G5Il7l1oGMDDPKec3/re3aQxBQklTKcvKkCv0TfyqnFAgn6PHXRZABlrm
+aCRnwy39pvlu6nL0dW49J/9FaoMqK8fqiioL+PSlwnbDL1oMDZCQckNiITWjq9nN
+4VC5/igDKuecjUZZYIJTh1mOz7frAHTWrA857nmDu3HJxZlyFVd1IgMUKGvKiTQ7
+PWddzbYs8it+zp3xs3PoQEg9QOdPFnR7XGSfJMv4auEa2YUDwJo=
+=u5BH
+-----END PGP SIGNATURE-----
--- a/tpm2-tss-engine.changes
+++ b/tpm2-tss-engine.changes
@ -0,0 +1,164 @@
+-------------------------------------------------------------------
+Thu Jun  1 13:10:48 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
+
+- Fix download url and add gpg signature for tarball.
+
+-------------------------------------------------------------------
+Mon Feb  6 14:18:15 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to upstream version 1.2.0:
+  * Fixed:
+    - Updated minimal version of tpm2-tss to 2.4.x
+    - Fix encoding of emptyauth
+    - Fix some memory leaks
+    - Parent handle issues with signed representation by switching
+      parent handle to BIGNUM.
+    - Fixed RSA_NO_PADDING modes with OpenSSL 1.1.1
+    - Fixed autogen (bootstrap) call from release package by
+      embedding VERSION file.
+  * Added:
+    - Use of restricted keys for signing
+    - StirRandom
+    - Run tests using swtpm
+    - The ability to import key blobs from things like the
+      tpm2-tools project.
+    - Compatibility with openssl >=1.1.x
+    - Support for ECDH
+    - QNX support.
+    - Only set -Werror for non-release builds.
+    - Additional checks on TPM responses
+    - CODE_OF_CONDUCT
+    - SECURITY reporting instructions
+
+-------------------------------------------------------------------
+Wed Mar  3 12:29:05 UTC 2021 - Matthias Gerstner <matthias.gerstner@suse.com>
+
+- pass --disable-defaultflags to avoid breakage of our gcc-PIE profile (->
+  resulted in non-position-independent executable) (bsc#1183895).
+
+-------------------------------------------------------------------
+Wed Mar  3 11:51:40 UTC 2021 - Matthias Gerstner <matthias.gerstner@suse.com>
+
+- Update to upstream version 1.1.0:
+  * Added:
+    - Configure option for ptpm tests
+    - Configure script AX_CHECK_ENABLE_DEBUG
+    - Option for setting tcti on executable
+    - TCTI-env variable used by default
+    - Support for parent key passwords
+    - openssl.cnf sample file
+  * Changed:
+    - Fix several build system, autotools and testing related issues
+      Now adhere to CFLAGS conventions
+    - Include pkg-config dependecy on libtss2-mu in order to work with tpm2-tss 2.3
+    - Enables parallel testing of integration tests:
+      Make integration tests use TPM simulator; instead of first TPM it finds
+      Use of different port numbers for TCP based tests
+    - Fix EC param info (using named curve format)
+    - Use tpm2-tools 4.X stable branch for integration tests
+    - Use libtss2-tctildr.so instead of custom code for tcti setup
+    - Fix manpages for -P/--parent option and correct engine name
+    - Fix TCTI env variable handling
+    - Set parent handle to OWNER
+
+-------------------------------------------------------------------
+Thu Apr 23 08:30:46 UTC 2020 - matthias.gerstner@suse.com
+
+- remove conditional pandoc BuildRequires for openSUSE. Nothing much is gained
+  from rebuilding the man pages. This shall help synchronizing SLE and
+  openSUSE package builds. (jsc#SLE-12137).
+
+-------------------------------------------------------------------
+Fri Jan 10 11:12:19 UTC 2020 - matthias.gerstner@suse.com
+
+- remove the _service file as requested in declined OBS sr#762653.
+  download_files seems to work also without the _service file.
+
+-------------------------------------------------------------------
+Fri Jan 10 09:57:10 UTC 2020 - Matthias Gerstner <matthias.gerstner@suse.com>
+
+- switch the _service approach from using tar_scm to using download_files. We
+  need to use the actual release tarball which contains the generated man
+  pages. The reason is that on SLE we can't generate the man pages using
+  pandoc, since pandoc is not available on SLE.
+- for the same reason make the pandoc BuildRequires conditional for openSUSE
+  vs. SLE.
+
+-------------------------------------------------------------------
+Tue Jan 07 10:15:39 UTC 2020 - matthias.gerstner@suse.com
+
+- Update to stable upstream version v1.0.1:
+  * Release v1.0.1
+  * test: use tpm2-tools 3.X
+  * Tests: Fix for latest tools
+  * Tests: Use long parameters for tpm2-tools
+  * test: migrate tpm2_create option from -A to -b
+  * build: link against tss2-mu
+  * Release v1.0.0
+  * Release v1.0.0-rc3
+  * Docu: Update Install.md
+  * Updates for 1.0.0-rc2
+  * TESTS: Add test for client auth
+  * Bump required version of tpm2-tss to >=2.2.2
+  * Build: Bump required tpm2-tss to 2.2
+  * Update for v1.0.0-rc1
+  * Dead code removal
+- This fixes the build against tpm2-0-tss version >= 2.3 (bsc#1160123)
+
+-------------------------------------------------------------------
+Fri Dec 20 13:19:08 UTC 2019 - matthias.gerstner@suse.com
+
+- move *.so files into the main package, not -devel. libtpm2tss.so is actually
+  the engine library itself, not a symlink. It's needed to actually use the
+  package. tpm2tss.so is probably a (backwards) compatiblity symlink. Both are
+  not intended for linking and therefore not suitable for the -devel package.
+
+-------------------------------------------------------------------
+Sun Mar 03 18:01:10 UTC 2019 - jsikes@suse.de
+
+- Update to version 0+git20190222.cef2c43:
+  * build: install existing man pages even if pandoc is not available
+  * Updated organizational files in preparation for release
+  * Add configure switch for unit and integration tests
+  * Silence clang warning on field initializers
+  * Fix parallel connections to TPM.
+  * Fix segfault on non-null auth'd persistent keys.
+  * Update tests to also run on physical TPMs
+  * build: install aclocal files
+  * build: update for ax_code_coverage.m4 version 2019.01.06
+  * ECDSA truncation and s_server test
+
+-------------------------------------------------------------------
+Thu Jan 31 22:46:46 UTC 2019 - Jason Sikes <jsikes@suse.de>
+
+- Now tpm2-tss-engine-bash-completion auto-installs only when bash-completion
+  is present.
+- Changed author of comment dated "Wed Jan 23 04:39:01 UTC 2019" from
+  opensuse-packaging@opensuse.org to me.
+
+-------------------------------------------------------------------
+Wed Jan 23 20:15:01 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Build bash-completion as noarch.
+
+-------------------------------------------------------------------
+Wed Jan 23 04:39:01 UTC 2019 - Jason Sikes <jsikes@suse.de>
+
+- Update to version 0+git20190115.6cfaeb7:
+  * Initialize/Finalize TCTI based on opts
+  * init_tpm_parent: use ESYS_AUXCONTEXT as 1st argument
+  * init_tpm_key: use ESYS_AUXCONTEXT as 1st argument
+  * tpm2-tss-engine-ecc.c: use ESYS_AUXCONTEXT
+  * tpm2-tss-engine-rsa.c: use ESYS_AUXCONTEXT
+  * tpm2-tss-engine-rand.c: use ESYS_AUXCONTEXT
+  * tpm2tss_tpm2data_readtpm: use ESYS_AUXCONTEXT
+  * tpm2-tss-engine-common.(c/h): Add ESYS_AUXCONTEXT
+  * Set TCTI option through an environment variable
+  * Add new engine control to set the TCTI option
+
+-------------------------------------------------------------------
+Mon Dec 24 02:08:33 UTC 2018 - Jason Sikes <jsikes@suse.de>
+
+- Initial import
+  * version 0.0+git20181128.c9061a7
+  * FATE 325619
--- a/tpm2-tss-engine.spec
+++ b/tpm2-tss-engine.spec
@ -0,0 +1,108 @@
+#
+# spec file for package tpm2-tss-engine
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define _bashcompletionsdir %{_datadir}/bash-completion/completions
+# The directory where crypto engines are located is owned by the libcrypto package.
+# Find out where that is.
+%define _ENGINE_DIR %(pkg-config --variable=enginesdir libcrypto)
+Name:           tpm2-tss-engine
+Version:        1.2.0
+Release:        0
+Summary:        OpenSSL Engine for TPM2 devices
+License:        BSD-3-Clause
+Group:          Productivity/Security
+URL:            https://github.com/tpm2-software
+Source0:        %{url}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
+Source1:        %{url}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
+BuildRequires:  autoconf-archive
+BuildRequires:  libgcrypt-devel
+BuildRequires:  libtool
+BuildRequires:  pkgconfig
+BuildRequires:  tpm2-0-tss-devel
+BuildRequires:  pkgconfig(libcrypto)
+
+%description
+The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for
+Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows
+the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the
+Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication.
+It supports RSA decryption and signatures as well as ECDSA signatures.
+
+%package bash-completion
+Summary:        Bash completion for tpm2-tss-engine
+Group:          System/Shells
+Requires:       %{name} = %{version}
+Requires:       bash-completion
+Supplements:    packageand(bash-completion:%{name})
+BuildArch:      noarch
+
+%description bash-completion
+Optional dependency offering bash completion for the tpm2-tss-engine project.
+
+%package devel
+Summary:        Devel files for %{name}
+Group:          Development/Libraries/C and C++
+Requires:       %{name} = %{version}
+
+%description devel
+Development files for tpm2-tss-engine, an OpenSSL engine for TPM2 devices.
+
+The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for
+Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows
+the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the
+Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication.
+It supports RSA decryption and signatures as well as ECDSA signatures.
+
+%prep
+%setup -q
+
+%build
+
+autoreconf -fvi
+%configure --with-enginesdir=%{_ENGINE_DIR} --disable-static --disable-defaultflags
+make V=1 %{?_smp_mflags}
+
+%install
+%make_install bash_completiondir=%{_bashcompletionsdir}
+rm %{buildroot}/%{_ENGINE_DIR}/libtpm2tss.la
+
+%files
+%doc CHANGELOG.md CONTRIBUTING.md INSTALL.md README.md
+%license LICENSE
+%{_bindir}/tpm2tss-genkey
+%{_mandir}/man1/tpm2tss-genkey.1%{?ext_man}
+%{_mandir}/man3/tpm2tss_ecc_genkey.3%{?ext_man}
+%{_mandir}/man3/tpm2tss_ecc_getappdata.3%{?ext_man}
+%{_mandir}/man3/tpm2tss_ecc_makekey.3%{?ext_man}
+%{_mandir}/man3/tpm2tss_ecc_setappdata.3%{?ext_man}
+%{_mandir}/man3/tpm2tss_rsa_genkey.3%{?ext_man}
+%{_mandir}/man3/tpm2tss_rsa_makekey.3%{?ext_man}
+%{_mandir}/man3/tpm2tss_tpm2data_read.3%{?ext_man}
+%{_mandir}/man3/tpm2tss_tpm2data_write.3%{?ext_man}
+%{_ENGINE_DIR}/libtpm2tss.so
+%{_ENGINE_DIR}/tpm2tss.so
+
+%files bash-completion
+%dir %{_datadir}/bash-completion
+%dir %{_datadir}/bash-completion/completions
+%{_bashcompletionsdir}/tpm2tss-genkey
+
+%files devel
+%{_includedir}/tpm2-tss-engine.h
+
+%changelog