diff --git a/0001-Fix-build-against-OpenSSL-1.1.0.patch b/0001-Fix-build-against-OpenSSL-1.1.0.patch deleted file mode 100644 index bd783ba..0000000 --- a/0001-Fix-build-against-OpenSSL-1.1.0.patch +++ /dev/null @@ -1,220 +0,0 @@ -From e6ef35d6a7dd4ab3d755c9cde5a5f589146af9e7 Mon Sep 17 00:00:00 2001 -From: Matthias Gerstner -Date: Thu, 9 Nov 2017 17:53:30 +0100 -Subject: [PATCH] Fix build against OpenSSL 1.1.0 when P11 support is enabled - ---- - src/data_mgmt/data_import.c | 154 ++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 133 insertions(+), 21 deletions(-) - -diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c -index f534717..0ba4162 100644 ---- a/src/data_mgmt/data_import.c -+++ b/src/data_mgmt/data_import.c -@@ -39,6 +39,9 @@ - #include - #include - -+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL -+# define USE_OPENSSL_110_API -+#endif - - /* - * Global variables -@@ -58,6 +61,104 @@ CK_ULONG g_ulIdLen = 0; - CK_BYTE *g_pchName = NULL; // LABEL attribute value - CK_ULONG g_ulNameLen = 0; - -+static const BIGNUM* -+getRSAModulus( RSA *a_pRsa ) { -+#ifdef USE_OPENSSL_110_API -+ const BIGNUM *ret; -+ RSA_get0_key(a_pRsa, &ret, NULL, NULL); -+ return ret; -+#else -+ return a_pRsa->n; -+#endif -+} -+ -+static const BIGNUM* -+getRSAPublicExponent( RSA *a_pRsa ) { -+#ifdef USE_OPENSSL_110_API -+ const BIGNUM *ret = NULL; -+ RSA_get0_key(a_pRsa, NULL, &ret, NULL); -+ return ret; -+#else -+ return a_pRsa->e; -+#endif -+} -+ -+static const BIGNUM* -+getRSAPrivateExponent( RSA *a_pRsa ) { -+#ifdef USE_OPENSSL_110_API -+ const BIGNUM *ret = NULL; -+ RSA_get0_key(a_pRsa, NULL, NULL, &ret); -+ return ret; -+#else -+ return a_pRsa->d; -+#endif -+} -+ -+static const BIGNUM* -+getRSAFactorP( RSA *a_pRsa ) { -+#ifdef USE_OPENSSL_110_API -+ const BIGNUM *ret = NULL; -+ RSA_get0_factors(a_pRsa, &ret, NULL); -+ return ret; -+#else -+ return a_pRsa->p; -+#endif -+} -+ -+static const BIGNUM* -+getRSAFactorQ( RSA *a_pRsa ) { -+#ifdef USE_OPENSSL_110_API -+ const BIGNUM *ret = NULL; -+ RSA_get0_factors(a_pRsa, NULL, &ret); -+ return ret; -+#else -+ return a_pRsa->q; -+#endif -+} -+ -+static const BIGNUM* -+getRSACrtParamDmp1( RSA *a_pRsa ) { -+#ifdef USE_OPENSSL_110_API -+ const BIGNUM *ret = NULL; -+ RSA_get0_crt_params(a_pRsa, &ret, NULL, NULL); -+ return ret; -+#else -+ return a_pRsa->dmp1; -+#endif -+} -+ -+static const BIGNUM* -+getRSACrtParamDmq1( RSA *a_pRsa ) { -+#ifdef USE_OPENSSL_110_API -+ const BIGNUM *ret = NULL; -+ RSA_get0_crt_params(a_pRsa, NULL, &ret, NULL); -+ return ret; -+#else -+ return a_pRsa->dmq1; -+#endif -+} -+ -+static const BIGNUM* -+getRSACrtParamIqmp( RSA *a_pRsa ) { -+#ifdef USE_OPENSSL_110_API -+ const BIGNUM *ret = NULL; -+ RSA_get0_crt_params(a_pRsa, NULL, NULL, &ret); -+ return ret; -+#else -+ return a_pRsa->iqmp; -+#endif -+} -+ -+static int -+getEVPKeyType( EVP_PKEY *a_pKey ) { -+#ifdef USE_OPENSSL_110_API -+ return EVP_PKEY_base_id( a_pKey ); -+#else -+ return EVP_PKEY_type( a_pKey->type ); -+#endif -+} -+ -+ - /* - * parseCallback - * Process the command specific options. -@@ -372,7 +473,7 @@ readX509Cert( const char *a_pszFile, - goto out; - } - -- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) { -+ if ( getEVPKeyType(pKey) != EVP_PKEY_RSA ) { - logError( TOKEN_RSA_KEY_ERROR ); - - X509_free( pX509 ); -@@ -690,9 +791,11 @@ createRsaPubKeyObject( RSA *a_pRsa, - CK_OBJECT_HANDLE *a_hObject ) { - - int rc = -1; -+ const BIGNUM *bn_n = getRSAModulus(a_pRsa); -+ const BIGNUM *bn_e = getRSAPublicExponent(a_pRsa); - -- int nLen = BN_num_bytes( a_pRsa->n ); -- int eLen = BN_num_bytes( a_pRsa->e ); -+ int nLen = BN_num_bytes( bn_n ); -+ int eLen = BN_num_bytes( bn_e ); - - CK_RV rv; - -@@ -732,8 +835,8 @@ createRsaPubKeyObject( RSA *a_pRsa, - } - - // Get binary representations of the RSA key information -- BN_bn2bin( a_pRsa->n, n ); -- BN_bn2bin( a_pRsa->e, e ); -+ BN_bn2bin( bn_n, n ); -+ BN_bn2bin( bn_e, e ); - - // Create the RSA public key object - rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); -@@ -760,14 +863,23 @@ createRsaPrivKeyObject( RSA *a_pRsa, - - int rc = -1; - -- int nLen = BN_num_bytes( a_pRsa->n ); -- int eLen = BN_num_bytes( a_pRsa->e ); -- int dLen = BN_num_bytes( a_pRsa->d ); -- int pLen = BN_num_bytes( a_pRsa->p ); -- int qLen = BN_num_bytes( a_pRsa->q ); -- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 ); -- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 ); -- int iqmpLen = BN_num_bytes( a_pRsa->iqmp ); -+ const BIGNUM *bn_n = getRSAModulus(a_pRsa); -+ const BIGNUM *bn_e = getRSAPublicExponent(a_pRsa); -+ const BIGNUM *bn_d = getRSAPrivateExponent(a_pRsa); -+ const BIGNUM *bn_p = getRSAFactorP(a_pRsa); -+ const BIGNUM *bn_q = getRSAFactorQ(a_pRsa); -+ const BIGNUM *bn_dmp1 = getRSACrtParamDmp1(a_pRsa); -+ const BIGNUM *bn_dmq1 = getRSACrtParamDmq1(a_pRsa); -+ const BIGNUM *bn_iqmp = getRSACrtParamIqmp(a_pRsa); -+ -+ int nLen = BN_num_bytes( bn_n ); -+ int eLen = BN_num_bytes( bn_e ); -+ int dLen = BN_num_bytes( bn_d ); -+ int pLen = BN_num_bytes( bn_p ); -+ int qLen = BN_num_bytes( bn_q ); -+ int dmp1Len = BN_num_bytes( bn_dmp1 ); -+ int dmq1Len = BN_num_bytes( bn_dmq1 ); -+ int iqmpLen = BN_num_bytes( bn_iqmp ); - - CK_RV rv; - -@@ -821,14 +933,14 @@ createRsaPrivKeyObject( RSA *a_pRsa, - } - - // Get binary representations of the RSA key information -- BN_bn2bin( a_pRsa->n, n ); -- BN_bn2bin( a_pRsa->e, e ); -- BN_bn2bin( a_pRsa->d, d ); -- BN_bn2bin( a_pRsa->p, p ); -- BN_bn2bin( a_pRsa->q, q ); -- BN_bn2bin( a_pRsa->dmp1, dmp1 ); -- BN_bn2bin( a_pRsa->dmq1, dmq1 ); -- BN_bn2bin( a_pRsa->iqmp, iqmp ); -+ BN_bn2bin( bn_n, n ); -+ BN_bn2bin( bn_e, e ); -+ BN_bn2bin( bn_d, d ); -+ BN_bn2bin( bn_p, p ); -+ BN_bn2bin( bn_q, q ); -+ BN_bn2bin( bn_dmp1, dmp1 ); -+ BN_bn2bin( bn_dmq1, dmq1 ); -+ BN_bn2bin( bn_iqmp, iqmp ); - - // Create the RSA private key object - rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); --- -2.13.6 - diff --git a/tpm-tools-1.3.9.1.tar.gz b/tpm-tools-1.3.9.1.tar.gz deleted file mode 100644 index 81f5de2..0000000 --- a/tpm-tools-1.3.9.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9cb714e2650826e2e932f65bc0ba9d61b927dc5fea47f2c2a2b64f0fdfcbfa68 -size 482859 diff --git a/tpm-tools-1.3.9.2.tar.gz b/tpm-tools-1.3.9.2.tar.gz new file mode 100644 index 0000000..8a5f753 --- /dev/null +++ b/tpm-tools-1.3.9.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8af837949a2ec30b195389ac8a2b31bc49fe315050751b7d4d0d432bf7812a97 +size 431930 diff --git a/tpm-tools.changes b/tpm-tools.changes index 20dda35..e9c5c98 100644 --- a/tpm-tools.changes +++ b/tpm-tools.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Mar 3 11:29:22 UTC 2021 - Matthias Gerstner + +- upgrade to minor version 1.3.9.2: + - upstream now provide openssl 1.1 compatibility on their own +- dropped 0001-Fix-build-against-OpenSSL-1.1.0.patch since the tarbal is now + compatible. + ------------------------------------------------------------------- Thu Nov 9 17:14:32 UTC 2017 - matthias.gerstner@suse.com diff --git a/tpm-tools.spec b/tpm-tools.spec index 57b1df2..9d345ba 100644 --- a/tpm-tools.spec +++ b/tpm-tools.spec @@ -1,7 +1,7 @@ # # spec file for package tpm-tools # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,18 +12,18 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define lib_name libtpm_unseal1 Name: tpm-tools -Version: 1.3.9.1 +Version: 1.3.9.2 Release: 0 Summary: Trusted Platform Module (TPM) administration tools License: IPL-1.0 Group: Productivity/Security -Url: http://trousers.sourceforge.net/ +URL: http://trousers.sourceforge.net/ Source0: http://downloads.sourceforge.net/project/trousers/tpm-tools/%{version}/tpm-tools-%{version}.tar.gz BuildRequires: autoconf BuildRequires: automake @@ -32,9 +32,6 @@ BuildRequires: openCryptoki-devel BuildRequires: openssl-devel BuildRequires: trousers-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build -# upstream has already got a pull request for this problem but didn't react -# for some months... so this is my own patch to tackle the problem -Patch0: 0001-Fix-build-against-OpenSSL-1.1.0.patch %description Trusted Computing is a set of specifications published by the Trusted @@ -88,15 +85,14 @@ provides tools for enablement and configuration of the TPM and associated interfaces. Also look inside the trousers package for more software for TC. -This package contains the libraries and headers necessary for developing +This package contains the libraries and headers necessary for developing tpm-tools applications. %prep -%setup -q -c %{name}-%{version} -%patch0 -p1 +%setup -q -n %{name}-%{version} %build -autoreconf -fiv +sh bootstrap.sh # Disable unused-but-set warnings with gcc >= 4.6 %configure \ --disable-static