From 4e0c343def77c06550eaae55f5d2d0c5e9fd0a4344a8e2457dda65260db3031e Mon Sep 17 00:00:00 2001 From: William Brown Date: Fri, 27 Oct 2023 04:46:45 +0000 Subject: [PATCH] Accepting request 1118389 from home:firstyear:branches:security ## Added * Added support for ECDH with a KDF, which is used by ECC-based CMS (S/MIME). * Added retrieval of OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY for EC keys and retrieval of TLS-GROUP provider capabilities to enable mTLS authentication (thanks to @rshearman). * Added mTLS example to documentation (thanks to @hoinmic). * Added missing RAND parameters: 'state' and 'strength' (thanks to @mccarey). * Added ability to run tests in a container (thanks to @afreof). * Added Visual Studio properties to simplify the Windows build (thanks to @philippun1). ## Changed * Symmetric operations are disabled by default. In most situations these are not needed and cause a huge performance penalty. To enable, configure with --enable-op-digest or --enable-op-cipher. ## Removed * Removed unofficial support for tpm2-tss < 3.2.0, which do not support the openssl 3.x. ## Fixed * Fixed key export: the private keys are not exportable, which shall fix some TPM-based sign operations (thanks to @fhars). * Fixed handle related operations on 32b machines (thanks to @dezgeg). * Fixed OSSL_FUNC_KEYMGMT_HAS operations with NULL keys. * Fixed a heap exception on some machines (thanks to @philippun1). * Fixed build warnings when building on the Fedora Linux. * In documentation and tests applied a correct order of providers (thanks to @hoinmic). * Modified documentation: the user-space resource manager (abrmd) is almost mandatory for complex scenarios such as SSL or X.509 operations. OBS-URL: https://build.opensuse.org/request/show/1118389 OBS-URL: https://build.opensuse.org/package/show/security/tpm2-openssl?expand=0&rev=3 --- tpm2-openssl-1.1.1.tar.gz | 3 --- tpm2-openssl-1.1.1.tar.gz.asc | 14 -------------- tpm2-openssl-1.2.0.tar.gz | 3 +++ tpm2-openssl-1.2.0.tar.gz.asc | 14 ++++++++++++++ tpm2-openssl.changes | 34 ++++++++++++++++++++++++++++++++++ tpm2-openssl.spec | 3 ++- 6 files changed, 53 insertions(+), 18 deletions(-) delete mode 100644 tpm2-openssl-1.1.1.tar.gz delete mode 100644 tpm2-openssl-1.1.1.tar.gz.asc create mode 100644 tpm2-openssl-1.2.0.tar.gz create mode 100644 tpm2-openssl-1.2.0.tar.gz.asc diff --git a/tpm2-openssl-1.1.1.tar.gz b/tpm2-openssl-1.1.1.tar.gz deleted file mode 100644 index 664d6ac..0000000 --- a/tpm2-openssl-1.1.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5a9bb0c6c61d026272b8843cbc291b5dfa9a55c1661a513b1c980807ad2dad01 -size 415093 diff --git a/tpm2-openssl-1.1.1.tar.gz.asc b/tpm2-openssl-1.1.1.tar.gz.asc deleted file mode 100644 index 9eec41c..0000000 --- a/tpm2-openssl-1.1.1.tar.gz.asc +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQGzBAABCgAdFiEEtyAf6AMbB68R9UI8YynPy2vm/XYFAmNDEwMACgkQYynPy2vm -/XZfbQv/diTxkQsI3QFXam6/MIiJMChuEHSrPlBAsP53oYS/cGS5N+D7HUW5yBjY -UJoD04tM/1JYuh5yzjCEH4MDd7ZpKU5J1vyOtcpdRU2Wm5ek9LqreoqvfXl4pO33 -lv74J8AqQ/9VMw1924zgJ29jeklajUsEK2ImX81h13Flow/ZzemVKc/0wKlWAbJT -kGbRP9q8vkYNEt2eiS4LcUyIsBWaYLpI7YDDptTYMyGG9siT+uNb6iFM4wbcfj6p -bfxOaeXkX7TqeXFjrKYL5foLShhkw/qFabmpvrCFcjnR4ZCbhyX2QJCNZ2jdFMrp -UqLdsTgXWKTGGyLTA5QVL0Khecc18jfFtEIZ204rY4ZJXZ7aiEE7gx4+tvgXSqHe -+zXF595oKKFB+s9nrE3Llepr6nw1SSWAhIKft6v+UKQrIlN37IxfivakDC3IiChN -8Sx8l1eRixRY5VYzhAOEj0c/z3BTmiA3y3JLcpUbFS4OELmn04Xg3JyuOhIZZd0d -zjrDRyi0 -=yqFe ------END PGP SIGNATURE----- diff --git a/tpm2-openssl-1.2.0.tar.gz b/tpm2-openssl-1.2.0.tar.gz new file mode 100644 index 0000000..beed34b --- /dev/null +++ b/tpm2-openssl-1.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2ee15da2dceae1466ffba868e75a00b119d752babc1b6a2792286336a3324fb0 +size 424967 diff --git a/tpm2-openssl-1.2.0.tar.gz.asc b/tpm2-openssl-1.2.0.tar.gz.asc new file mode 100644 index 0000000..a91fed7 --- /dev/null +++ b/tpm2-openssl-1.2.0.tar.gz.asc @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCAAdFiEEtyAf6AMbB68R9UI8YynPy2vm/XYFAmUqV6AACgkQYynPy2vm +/XaVMwv/Ytg3IjyniOdu4s3ct3E+Mj6ahw5KedqlOh4tSFFkHqRvwsVYDjBOeByM +i1F0FsngJWh4gSrUTeUrpsFYwL6NUKV8TDHQoO1bJUfwZSFQCPRBatk8XM3eGVlo +x3J1VTn59DHlqhaAtGtCuq18Dk9PfBYSgveuPPQHc3AybRKHu+7BVdmNqt8l17oG +k9yXFxspKI0WW/arnR0lBJ2iIblaNSqdUfThPHYnjqjX6nJckW9uwPTozwqNMJUV +L1xTaqw5ymh3AiVFbNcHFqyWS5TPV6PCfzXLVFMVlXCdSWt4n1KT/fN8EsAVN9VS +Om8kOzhyqdxpXqHwfjycfpj1jr1LLzJzvAd6ZP8bgULLxO61GZuljtP0hkMNpk1J +BjwzdW0W+NYWjlulZ6WRFDr/X+ejlJfyNxdJ8o/iPAezv45xmPwC66x62VJCEGkH +lMakTYlavwbpbjmSqFi3LDCQ/pYn4IIljaq2y1KzBu2hrIZ2yl1YU28atNLl+lpr +SOV/3zvk +=GGPd +-----END PGP SIGNATURE----- diff --git a/tpm2-openssl.changes b/tpm2-openssl.changes index 5284ba4..8476237 100644 --- a/tpm2-openssl.changes +++ b/tpm2-openssl.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Tue Oct 17 23:58:21 UTC 2023 - William Brown + +## Added +* Added support for ECDH with a KDF, which is used by ECC-based CMS (S/MIME). +* Added retrieval of OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY for EC keys and retrieval + of TLS-GROUP provider capabilities to enable mTLS authentication (thanks to @rshearman). +* Added mTLS example to documentation (thanks to @hoinmic). +* Added missing RAND parameters: 'state' and 'strength' (thanks to @mccarey). +* Added ability to run tests in a container (thanks to @afreof). +* Added Visual Studio properties to simplify the Windows build (thanks to @philippun1). + +## Changed + +* Symmetric operations are disabled by default. In most situations these are not needed and + cause a huge performance penalty. To enable, configure with --enable-op-digest or + --enable-op-cipher. + +## Removed + +* Removed unofficial support for tpm2-tss < 3.2.0, which do not support the openssl 3.x. + +## Fixed + +* Fixed key export: the private keys are not exportable, which shall fix some TPM-based sign + operations (thanks to @fhars). +* Fixed handle related operations on 32b machines (thanks to @dezgeg). +* Fixed OSSL_FUNC_KEYMGMT_HAS operations with NULL keys. +* Fixed a heap exception on some machines (thanks to @philippun1). +* Fixed build warnings when building on the Fedora Linux. +* In documentation and tests applied a correct order of providers (thanks to @hoinmic). +* Modified documentation: the user-space resource manager (abrmd) is almost mandatory for complex + scenarios such as SSL or X.509 operations. + ------------------------------------------------------------------- Mon Jun 5 05:29:23 UTC 2023 - William Brown diff --git a/tpm2-openssl.spec b/tpm2-openssl.spec index a7f48e6..997ca5f 100644 --- a/tpm2-openssl.spec +++ b/tpm2-openssl.spec @@ -15,10 +15,11 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # + %define _MODULES_DIR %(pkg-config --variable=modulesdir libcrypto) Name: tpm2-openssl -Version: 1.1.1 +Version: 1.2.0 Release: 0 Summary: OpenSSL 3 Engine for TPM2 devices License: BSD-3-Clause