- updated to 1.3.9.2

- removed obsolete Fix-build-with-OpenSSL-1.1. patches
- fixed broken Allocate-OpenSSL-cipher-contexts-for-seal-unseal patch

diff --git a/0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch b/0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch
deleted file mode 100644 (file)
index ed43ed0..0000000
--- a/0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 3acd773846a85d142e919e2f4eeeee1acea5ca3a Mon Sep 17 00:00:00 2001
-From: Michal Schmidt <mschmidt@redhat.com>
-Date: Mon, 20 Feb 2017 10:28:33 +0100
-Subject: [PATCH 1/3] Fix build with OpenSSL 1.1 due to EVP_PKEY being an
- opaque struct
-
-With OpenSSL 1.1 the build fails with:
-data_import.c:375:26: error: dereferencing pointer to incomplete type
-'EVP_PKEY {aka struct evp_pkey_st}'
-
-The manual page[1] says:
-  Previous versions of this document suggested using
-  EVP_PKEY_type(pkey->type) to determine the type of a key. Since EVP_PKEY
-  is now opaque this is no longer possible: the equivalent is
-  EVP_PKEY_base_id(pkey).
-
-[1] https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_base_id.html
----
- src/data_mgmt/data_import.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c
-index f534717f02..d4d2052bc6 100644
---- a/src/data_mgmt/data_import.c
-+++ b/src/data_mgmt/data_import.c
-@@ -372,7 +372,7 @@ readX509Cert( const char  *a_pszFile,
-               goto out;
-       }
- 
--      if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
-+      if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) {
-               logError( TOKEN_RSA_KEY_ERROR );
- 
-               X509_free( pX509 );
--- 
-2.9.3
-

diff --git a/0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch b/0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch
deleted file mode 100644 (file)
index 68d14bf..0000000
--- a/0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch
+++ /dev/null
@@ -1,192 +0,0 @@
-From 72fe7011fe981f90a04a62a3fb6ad33037390dff Mon Sep 17 00:00:00 2001
-From: Michal Schmidt <mschmidt@redhat.com>
-Date: Mon, 20 Feb 2017 10:43:10 +0100
-Subject: [PATCH 2/3] Fix build with OpenSSL 1.1 due to RSA being an opaque
- struct
-
-RSA is an opaque struct in OpenSSL 1.1. New getter functions must be
-used to access the key components. The functions were not present in
-OpenSSL 1.0, so add a compat header with the implementation of the
-needed functions as suggested by the OpenSSL wiki [1] in order to allow
-building tpm-tools with any version of OpenSSL.
-
-[1] https://wiki.openssl.org/index.php/1.1_API_Changes
----
- src/data_mgmt/Makefile.am      |  3 ++-
- src/data_mgmt/data_import.c    | 52 ++++++++++++++++++++++---------------
- src/data_mgmt/openssl_compat.h | 58 ++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 92 insertions(+), 21 deletions(-)
- create mode 100644 src/data_mgmt/openssl_compat.h
-
-diff --git a/src/data_mgmt/Makefile.am b/src/data_mgmt/Makefile.am
-index de505e48ef..9457618ab9 100644
---- a/src/data_mgmt/Makefile.am
-+++ b/src/data_mgmt/Makefile.am
-@@ -32,7 +32,8 @@ noinst_HEADERS =     data_common.h \
-                       data_init.h \
-                       data_object.h \
-                       data_passwd.h \
--                      data_protect.h
-+                      data_protect.h \
-+                      openssl_compat.h
- 
- #
- # Common build flags
-diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c
-index d4d2052bc6..532543f7d3 100644
---- a/src/data_mgmt/data_import.c
-+++ b/src/data_mgmt/data_import.c
-@@ -39,6 +39,7 @@
- #include <openssl/evp.h>
- #include <openssl/err.h>
- 
-+#include "openssl_compat.h"
- 
- /*
-  * Global variables
-@@ -691,8 +692,11 @@ createRsaPubKeyObject( RSA               *a_pRsa,
- 
-       int  rc = -1;
- 
--      int  nLen = BN_num_bytes( a_pRsa->n );
--      int  eLen = BN_num_bytes( a_pRsa->e );
-+      const BIGNUM *rsa_n, *rsa_e;
-+      RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, NULL );
-+
-+      int  nLen = BN_num_bytes( rsa_n );
-+      int  eLen = BN_num_bytes( rsa_e );
- 
-       CK_RV  rv;
- 
-@@ -732,8 +736,8 @@ createRsaPubKeyObject( RSA               *a_pRsa,
-       }
- 
-       // Get binary representations of the RSA key information
--      BN_bn2bin( a_pRsa->n, n );
--      BN_bn2bin( a_pRsa->e, e );
-+      BN_bn2bin( rsa_n, n );
-+      BN_bn2bin( rsa_e, e );
- 
-       // Create the RSA public key object
-       rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
-@@ -760,14 +764,22 @@ createRsaPrivKeyObject( RSA               *a_pRsa,
- 
-       int  rc = -1;
- 
--      int  nLen = BN_num_bytes( a_pRsa->n );
--      int  eLen = BN_num_bytes( a_pRsa->e );
--      int  dLen = BN_num_bytes( a_pRsa->d );
--      int  pLen = BN_num_bytes( a_pRsa->p );
--      int  qLen = BN_num_bytes( a_pRsa->q );
--      int  dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
--      int  dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
--      int  iqmpLen = BN_num_bytes( a_pRsa->iqmp );
-+      const BIGNUM *rsa_n, *rsa_e, *rsa_d;
-+      const BIGNUM *rsa_p, *rsa_q;
-+      const BIGNUM *rsa_dmp1, *rsa_dmq1, *rsa_iqmp;
-+
-+      RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, &rsa_d );
-+      RSA_get0_factors( a_pRsa, &rsa_p, &rsa_q );
-+      RSA_get0_crt_params( a_pRsa, &rsa_dmp1, &rsa_dmq1, &rsa_iqmp );
-+
-+      int  nLen = BN_num_bytes( rsa_n );
-+      int  eLen = BN_num_bytes( rsa_e );
-+      int  dLen = BN_num_bytes( rsa_d );
-+      int  pLen = BN_num_bytes( rsa_p );
-+      int  qLen = BN_num_bytes( rsa_q );
-+      int  dmp1Len = BN_num_bytes( rsa_dmp1 );
-+      int  dmq1Len = BN_num_bytes( rsa_dmq1 );
-+      int  iqmpLen = BN_num_bytes( rsa_iqmp );
- 
-       CK_RV  rv;
- 
-@@ -821,14 +833,14 @@ createRsaPrivKeyObject( RSA               *a_pRsa,
-       }
- 
-       // Get binary representations of the RSA key information
--      BN_bn2bin( a_pRsa->n, n );
--      BN_bn2bin( a_pRsa->e, e );
--      BN_bn2bin( a_pRsa->d, d );
--      BN_bn2bin( a_pRsa->p, p );
--      BN_bn2bin( a_pRsa->q, q );
--      BN_bn2bin( a_pRsa->dmp1, dmp1 );
--      BN_bn2bin( a_pRsa->dmq1, dmq1 );
--      BN_bn2bin( a_pRsa->iqmp, iqmp );
-+      BN_bn2bin( rsa_n, n );
-+      BN_bn2bin( rsa_e, e );
-+      BN_bn2bin( rsa_d, d );
-+      BN_bn2bin( rsa_p, p );
-+      BN_bn2bin( rsa_q, q );
-+      BN_bn2bin( rsa_dmp1, dmp1 );
-+      BN_bn2bin( rsa_dmq1, dmq1 );
-+      BN_bn2bin( rsa_iqmp, iqmp );
- 
-       // Create the RSA private key object
-       rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
-diff --git a/src/data_mgmt/openssl_compat.h b/src/data_mgmt/openssl_compat.h
-new file mode 100644
-index 0000000000..2a60fdf492
---- /dev/null
-+++ b/src/data_mgmt/openssl_compat.h
-@@ -0,0 +1,58 @@
-+/*
-+ * Getter functions for OpenSSL < 1.1 compatibility. Based on code from:
-+ * https://wiki.openssl.org/index.php/1.1_API_Changes#Adding_forward-compatible_code_to_older_versions
-+ * and therefore:
-+ * Copyright OpenSSL 2016
-+ * Contents licensed under the terms of the OpenSSL license
-+ * See http://www.openssl.org/source/license.html for details
-+ */
-+
-+#ifndef __OPENSSL_COMPAT_H
-+#define __OPENSSL_COMPAT_H
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#include <openssl/engine.h>
-+
-+static inline void
-+RSA_get0_key( const RSA *r,
-+              const BIGNUM **n,
-+              const BIGNUM **e,
-+              const BIGNUM **d ) {
-+
-+      if ( n )
-+              *n = r->n;
-+      if ( e )
-+              *e = r->e;
-+      if ( d )
-+              *d = r->d;
-+}
-+
-+static inline void
-+RSA_get0_factors( const RSA *r,
-+                  const BIGNUM **p,
-+                  const BIGNUM **q ) {
-+
-+      if ( p )
-+              *p = r->p;
-+      if ( q )
-+              *q = r->q;
-+}
-+
-+static inline void
-+RSA_get0_crt_params( const RSA *r,
-+                     const BIGNUM **dmp1,
-+                     const BIGNUM **dmq1,
-+                     const BIGNUM **iqmp ) {
-+
-+      if ( dmp1 )
-+              *dmp1 = r->dmp1;
-+      if ( dmq1 )
-+              *dmq1 = r->dmq1;
-+      if ( iqmp )
-+              *iqmp = r->iqmp;
-+}
-+
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#endif /* __OPENSSL_COMPAT_H */
--- 
-2.9.3
-

diff --git a/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch b/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
index 3aaca68f799aa6e8727b139f8fa4a2519f54b391..1f18e8bfc9f128fea7eff7a7e0138c442a131e4b 100644 (file)
--- a/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
+++ b/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
@@ -25,11 +25,12 @@ index fc4a84906a..005dab7f8f 100644
        BIO *bdata = NULL, *b64 = NULL, *bmem = NULL;
        int bioRc;
  
-@@ -408,7 +408,11 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
+@@ -408,7 +408,12 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
        }
  
        /* Decode and decrypt the encrypted data */
--      EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+-      EVP_CIPHER_CTX *ctx = NULL;
++      ctx = EVP_CIPHER_CTX_new();
 +      if ( ctx == NULL ) {
 +              rc = TPMSEAL_STD_ERROR;
 +              tpm_errno = ENOMEM;
@@ -61,11 +62,12 @@ index a2157f34b1..e25244a0f4 100644
        BIO *bin = NULL, *bdata=NULL, *b64=NULL;
  
        initIntlSys();
-@@ -343,7 +343,10 @@ int main(int argc, char **argv)
+@@ -343,7 +343,11 @@ int main(int argc, char **argv)
        BIO_puts(bdata, TPMSEAL_ENC_STRING); 
        bdata = BIO_push(b64, bdata);
  
--      EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+-      EVP_CIPHER_CTX *ctx = NULL;
++      ctx = EVP_CIPHER_CTX_new();
 +      if (ctx == NULL) {
 +              logError(_("Unable to allocate cipher context\n"));
 +              goto out_close;

diff --git a/tpm-tools.spec b/tpm-tools.spec
index becd7ab8d7da612538240b512ea580e7835464ad..cc31ea45cc46e7aaf4e28967d5c6050345b225ac 100644 (file)
--- a/tpm-tools.spec
+++ b/tpm-tools.spec
@@ -1,18 +1,16 @@
 Summary:       Management tools for the TPM hardware
 Summary(pl.UTF-8):     Narzędzia zarządzające sprzętem TPM
 Name:          tpm-tools
-Version:       1.3.9.1
-Release:       5
+Version:       1.3.9.2
+Release:       1
 License:       CPL v1.0+
 Group:         Applications/System
-Source0:       http://downloads.sourceforge.net/trousers/%{name}-%{version}.tar.gz
-# Source0-md5: 1532293aa632a0eaa7e60df87c779855
+Source0:       https://downloads.sourceforge.net/trousers/%{name}-%{version}.tar.gz
+# Source0-md5: 44091f5497996c6fd674c73b43f190ab
 Patch0:                %{name}-link.patch
 Patch1:                %{name}-x32.patch
-Patch2:                0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch
-Patch3:                0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch
 Patch4:                0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
-URL:           http://trousers.sourceforge.net/
+URL:           https://trousers.sourceforge.net/
 BuildRequires: autoconf >= 2.12
 BuildRequires: automake >= 1.6
 BuildRequires: gettext-tools >= 0.15
@@ -42,7 +40,7 @@ Summary(pl.UTF-8):    Pliki nagłówkowe biblioteki tpm_unseal
 Group:         Development/Libraries
 Requires:      %{name} = %{version}-%{release}
 Requires:      trousers-devel >= 0.3.9
-Obsoletes:     tpm-tools-static
+Obsoletes:     tpm-tools-static < 1.3.5
 
 %description devel
 Header files for tpm_unseal library.
@@ -72,13 +70,16 @@ Narzędzia pozwalają importować klucze i certyfikaty, wypisywać listę
 obiektów w kontenerze i chronić dane.
 
 %prep
-%setup -q -c
+%setup -q
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
 %patch4 -p1
 
+# prepare for gettextize
+%{__sed} -i -e '/po\/Makefile\.in/d' configure.ac
+mkdir -p m4
+touch m4/Makefile.am
+
 %build
 %{__gettextize}
 %{__libtoolize}