From f2d987fcbc4e247fba3b7c8c37d4bf4deb5b6da596e408f38d59ac48c0905083 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.com>
Date: Thu, 9 Nov 2017 14:20:14 +0000
Subject: [PATCH] Accepting request 540233 from
 home:mgerstner:branches:security

- tboot-openssl-1-1-0.patch: make package compatible with OpenSSL 1.1.0.
  There's no upstream release containing this patch yet. The patch builds
  against OpenSSL 1.0.x as well. This is for SLE-15 support (bnc#1067229).

OBS-URL: https://build.opensuse.org/request/show/540233
OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=67
---
 tboot-openssl-1-1-0.patch | 32 ++++++++++++++++++++++++++++++++
 tboot.changes             |  7 +++++++
 tboot.spec                |  2 ++
 3 files changed, 41 insertions(+)
 create mode 100644 tboot-openssl-1-1-0.patch

diff --git a/tboot-openssl-1-1-0.patch b/tboot-openssl-1-1-0.patch
new file mode 100644
index 0000000..d3a0af7
--- /dev/null
+++ b/tboot-openssl-1-1-0.patch
@@ -0,0 +1,32 @@
+changeset:   503:2bb331ec268d
+user:        Ning Sun <ning.sun@intel.com>
+date:        Mon Aug 28 02:10:28 2017 -0700
+summary:     port to openssl-1.1.0
+
+diff -r e57efe410a90 -r 2bb331ec268d lcptools/hash.c
+--- a/lcptools/hash.c	Mon Jul 24 05:34:17 2017 -0700
++++ b/lcptools/hash.c	Mon Aug 28 02:10:28 2017 -0700
+@@ -74,13 +74,18 @@
+         return false;
+ 
+     if ( hash_alg == TB_HALG_SHA1_LG ) {
+-        EVP_MD_CTX ctx;
++        EVP_MD_CTX *ctx = EVP_MD_CTX_create();
++        if (ctx == NULL) {
++            fprintf(stderr, "%s(): EVP_MD_CTX_create() failed.\n", __func__);
++            return false;
++        }
+         const EVP_MD *md;
+ 
+         md = EVP_sha1();
+-        EVP_DigestInit(&ctx, md);
+-        EVP_DigestUpdate(&ctx, buf, size);
+-        EVP_DigestFinal(&ctx, hash->sha1, NULL);
++        EVP_DigestInit(ctx, md);
++        EVP_DigestUpdate(ctx, buf, size);
++        EVP_DigestFinal(ctx, hash->sha1, NULL);
++        EVP_MD_CTX_destroy(ctx);
+         return true;
+     }
+     else
+
diff --git a/tboot.changes b/tboot.changes
index 1e2fbe4..03cef6a 100644
--- a/tboot.changes
+++ b/tboot.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Nov  9 14:08:59 UTC 2017 - matthias.gerstner@suse.com
+
+- tboot-openssl-1-1-0.patch: make package compatible with OpenSSL 1.1.0.
+  There's no upstream release containing this patch yet. The patch builds
+  against OpenSSL 1.0.x as well. This is for SLE-15 support (bnc#1067229).
+
 -------------------------------------------------------------------
 Tue Jul 18 11:10:29 UTC 2017 - matthias.gerstner@suse.com
 
diff --git a/tboot.spec b/tboot.spec
index ef8ca2e..3c1afd1 100644
--- a/tboot.spec
+++ b/tboot.spec
@@ -27,6 +27,7 @@ Url:            http://sourceforge.net/projects/tboot/
 Source0:        http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
 Patch3:         tboot-grub2-fix-menu-in-xen-host-server.patch
 Patch4:         tboot-grub2-fix-xen-submenu-name.patch
+Patch5:         tboot-openssl-1-1-0.patch
 # PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/tboot/code/merge-requests/1/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  openssl-devel
@@ -42,6 +43,7 @@ verified launch of an OS kernel/VMM.
 %setup -q -n %name-%ver
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 
 %build
 export CFLAGS="%{optflags}"