From f84ef36131a8ed00f05a6fbefaf5e14e7f418e43 Mon Sep 17 00:00:00 2001 From: Jakub Bogusz Date: Sat, 22 Oct 2022 10:19:07 +0200 Subject: [PATCH] - updated to 1.3.9.2 - removed obsolete Fix-build-with-OpenSSL-1.1. patches - fixed broken Allocate-OpenSSL-cipher-contexts-for-seal-unseal patch --- ...penSSL-1.1-due-to-EVP_PKEY-being-an-.patch | 37 ---- ...penSSL-1.1-due-to-RSA-being-an-opaqu.patch | 192 ------------------ ...nSSL-cipher-contexts-for-seal-unseal.patch | 10 +- tpm-tools.spec | 23 ++- 4 files changed, 18 insertions(+), 244 deletions(-) delete mode 100644 0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch delete mode 100644 0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch diff --git a/0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch b/0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch deleted file mode 100644 index ed43ed0..0000000 --- a/0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3acd773846a85d142e919e2f4eeeee1acea5ca3a Mon Sep 17 00:00:00 2001 -From: Michal Schmidt -Date: Mon, 20 Feb 2017 10:28:33 +0100 -Subject: [PATCH 1/3] Fix build with OpenSSL 1.1 due to EVP_PKEY being an - opaque struct - -With OpenSSL 1.1 the build fails with: -data_import.c:375:26: error: dereferencing pointer to incomplete type -'EVP_PKEY {aka struct evp_pkey_st}' - -The manual page[1] says: - Previous versions of this document suggested using - EVP_PKEY_type(pkey->type) to determine the type of a key. Since EVP_PKEY - is now opaque this is no longer possible: the equivalent is - EVP_PKEY_base_id(pkey). - -[1] https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_base_id.html ---- - src/data_mgmt/data_import.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c -index f534717f02..d4d2052bc6 100644 ---- a/src/data_mgmt/data_import.c -+++ b/src/data_mgmt/data_import.c -@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile, - goto out; - } - -- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) { -+ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) { - logError( TOKEN_RSA_KEY_ERROR ); - - X509_free( pX509 ); --- -2.9.3 - diff --git a/0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch b/0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch deleted file mode 100644 index 68d14bf..0000000 --- a/0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch +++ /dev/null @@ -1,192 +0,0 @@ -From 72fe7011fe981f90a04a62a3fb6ad33037390dff Mon Sep 17 00:00:00 2001 -From: Michal Schmidt -Date: Mon, 20 Feb 2017 10:43:10 +0100 -Subject: [PATCH 2/3] Fix build with OpenSSL 1.1 due to RSA being an opaque - struct - -RSA is an opaque struct in OpenSSL 1.1. New getter functions must be -used to access the key components. The functions were not present in -OpenSSL 1.0, so add a compat header with the implementation of the -needed functions as suggested by the OpenSSL wiki [1] in order to allow -building tpm-tools with any version of OpenSSL. - -[1] https://wiki.openssl.org/index.php/1.1_API_Changes ---- - src/data_mgmt/Makefile.am | 3 ++- - src/data_mgmt/data_import.c | 52 ++++++++++++++++++++++--------------- - src/data_mgmt/openssl_compat.h | 58 ++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 92 insertions(+), 21 deletions(-) - create mode 100644 src/data_mgmt/openssl_compat.h - -diff --git a/src/data_mgmt/Makefile.am b/src/data_mgmt/Makefile.am -index de505e48ef..9457618ab9 100644 ---- a/src/data_mgmt/Makefile.am -+++ b/src/data_mgmt/Makefile.am -@@ -32,7 +32,8 @@ noinst_HEADERS = data_common.h \ - data_init.h \ - data_object.h \ - data_passwd.h \ -- data_protect.h -+ data_protect.h \ -+ openssl_compat.h - - # - # Common build flags -diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c -index d4d2052bc6..532543f7d3 100644 ---- a/src/data_mgmt/data_import.c -+++ b/src/data_mgmt/data_import.c -@@ -39,6 +39,7 @@ - #include - #include - -+#include "openssl_compat.h" - - /* - * Global variables -@@ -691,8 +692,11 @@ createRsaPubKeyObject( RSA *a_pRsa, - - int rc = -1; - -- int nLen = BN_num_bytes( a_pRsa->n ); -- int eLen = BN_num_bytes( a_pRsa->e ); -+ const BIGNUM *rsa_n, *rsa_e; -+ RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, NULL ); -+ -+ int nLen = BN_num_bytes( rsa_n ); -+ int eLen = BN_num_bytes( rsa_e ); - - CK_RV rv; - -@@ -732,8 +736,8 @@ createRsaPubKeyObject( RSA *a_pRsa, - } - - // Get binary representations of the RSA key information -- BN_bn2bin( a_pRsa->n, n ); -- BN_bn2bin( a_pRsa->e, e ); -+ BN_bn2bin( rsa_n, n ); -+ BN_bn2bin( rsa_e, e ); - - // Create the RSA public key object - rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); -@@ -760,14 +764,22 @@ createRsaPrivKeyObject( RSA *a_pRsa, - - int rc = -1; - -- int nLen = BN_num_bytes( a_pRsa->n ); -- int eLen = BN_num_bytes( a_pRsa->e ); -- int dLen = BN_num_bytes( a_pRsa->d ); -- int pLen = BN_num_bytes( a_pRsa->p ); -- int qLen = BN_num_bytes( a_pRsa->q ); -- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 ); -- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 ); -- int iqmpLen = BN_num_bytes( a_pRsa->iqmp ); -+ const BIGNUM *rsa_n, *rsa_e, *rsa_d; -+ const BIGNUM *rsa_p, *rsa_q; -+ const BIGNUM *rsa_dmp1, *rsa_dmq1, *rsa_iqmp; -+ -+ RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, &rsa_d ); -+ RSA_get0_factors( a_pRsa, &rsa_p, &rsa_q ); -+ RSA_get0_crt_params( a_pRsa, &rsa_dmp1, &rsa_dmq1, &rsa_iqmp ); -+ -+ int nLen = BN_num_bytes( rsa_n ); -+ int eLen = BN_num_bytes( rsa_e ); -+ int dLen = BN_num_bytes( rsa_d ); -+ int pLen = BN_num_bytes( rsa_p ); -+ int qLen = BN_num_bytes( rsa_q ); -+ int dmp1Len = BN_num_bytes( rsa_dmp1 ); -+ int dmq1Len = BN_num_bytes( rsa_dmq1 ); -+ int iqmpLen = BN_num_bytes( rsa_iqmp ); - - CK_RV rv; - -@@ -821,14 +833,14 @@ createRsaPrivKeyObject( RSA *a_pRsa, - } - - // Get binary representations of the RSA key information -- BN_bn2bin( a_pRsa->n, n ); -- BN_bn2bin( a_pRsa->e, e ); -- BN_bn2bin( a_pRsa->d, d ); -- BN_bn2bin( a_pRsa->p, p ); -- BN_bn2bin( a_pRsa->q, q ); -- BN_bn2bin( a_pRsa->dmp1, dmp1 ); -- BN_bn2bin( a_pRsa->dmq1, dmq1 ); -- BN_bn2bin( a_pRsa->iqmp, iqmp ); -+ BN_bn2bin( rsa_n, n ); -+ BN_bn2bin( rsa_e, e ); -+ BN_bn2bin( rsa_d, d ); -+ BN_bn2bin( rsa_p, p ); -+ BN_bn2bin( rsa_q, q ); -+ BN_bn2bin( rsa_dmp1, dmp1 ); -+ BN_bn2bin( rsa_dmq1, dmq1 ); -+ BN_bn2bin( rsa_iqmp, iqmp ); - - // Create the RSA private key object - rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); -diff --git a/src/data_mgmt/openssl_compat.h b/src/data_mgmt/openssl_compat.h -new file mode 100644 -index 0000000000..2a60fdf492 ---- /dev/null -+++ b/src/data_mgmt/openssl_compat.h -@@ -0,0 +1,58 @@ -+/* -+ * Getter functions for OpenSSL < 1.1 compatibility. Based on code from: -+ * https://wiki.openssl.org/index.php/1.1_API_Changes#Adding_forward-compatible_code_to_older_versions -+ * and therefore: -+ * Copyright OpenSSL 2016 -+ * Contents licensed under the terms of the OpenSSL license -+ * See http://www.openssl.org/source/license.html for details -+ */ -+ -+#ifndef __OPENSSL_COMPAT_H -+#define __OPENSSL_COMPAT_H -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ -+#include -+ -+static inline void -+RSA_get0_key( const RSA *r, -+ const BIGNUM **n, -+ const BIGNUM **e, -+ const BIGNUM **d ) { -+ -+ if ( n ) -+ *n = r->n; -+ if ( e ) -+ *e = r->e; -+ if ( d ) -+ *d = r->d; -+} -+ -+static inline void -+RSA_get0_factors( const RSA *r, -+ const BIGNUM **p, -+ const BIGNUM **q ) { -+ -+ if ( p ) -+ *p = r->p; -+ if ( q ) -+ *q = r->q; -+} -+ -+static inline void -+RSA_get0_crt_params( const RSA *r, -+ const BIGNUM **dmp1, -+ const BIGNUM **dmq1, -+ const BIGNUM **iqmp ) { -+ -+ if ( dmp1 ) -+ *dmp1 = r->dmp1; -+ if ( dmq1 ) -+ *dmq1 = r->dmq1; -+ if ( iqmp ) -+ *iqmp = r->iqmp; -+} -+ -+#endif /* OPENSSL_VERSION_NUMBER */ -+ -+#endif /* __OPENSSL_COMPAT_H */ --- -2.9.3 - diff --git a/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch b/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch index 3aaca68..1f18e8b 100644 --- a/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch +++ b/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch @@ -25,11 +25,12 @@ index fc4a84906a..005dab7f8f 100644 BIO *bdata = NULL, *b64 = NULL, *bmem = NULL; int bioRc; -@@ -408,7 +408,11 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size, +@@ -408,7 +408,12 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size, } /* Decode and decrypt the encrypted data */ -- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); +- EVP_CIPHER_CTX *ctx = NULL; ++ ctx = EVP_CIPHER_CTX_new(); + if ( ctx == NULL ) { + rc = TPMSEAL_STD_ERROR; + tpm_errno = ENOMEM; @@ -61,11 +62,12 @@ index a2157f34b1..e25244a0f4 100644 BIO *bin = NULL, *bdata=NULL, *b64=NULL; initIntlSys(); -@@ -343,7 +343,10 @@ int main(int argc, char **argv) +@@ -343,7 +343,11 @@ int main(int argc, char **argv) BIO_puts(bdata, TPMSEAL_ENC_STRING); bdata = BIO_push(b64, bdata); -- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); +- EVP_CIPHER_CTX *ctx = NULL; ++ ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + logError(_("Unable to allocate cipher context\n")); + goto out_close; diff --git a/tpm-tools.spec b/tpm-tools.spec index becd7ab..cc31ea4 100644 --- a/tpm-tools.spec +++ b/tpm-tools.spec @@ -1,18 +1,16 @@ Summary: Management tools for the TPM hardware Summary(pl.UTF-8): Narzędzia zarządzające sprzętem TPM Name: tpm-tools -Version: 1.3.9.1 -Release: 5 +Version: 1.3.9.2 +Release: 1 License: CPL v1.0+ Group: Applications/System -Source0: http://downloads.sourceforge.net/trousers/%{name}-%{version}.tar.gz -# Source0-md5: 1532293aa632a0eaa7e60df87c779855 +Source0: https://downloads.sourceforge.net/trousers/%{name}-%{version}.tar.gz +# Source0-md5: 44091f5497996c6fd674c73b43f190ab Patch0: %{name}-link.patch Patch1: %{name}-x32.patch -Patch2: 0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch -Patch3: 0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch Patch4: 0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch -URL: http://trousers.sourceforge.net/ +URL: https://trousers.sourceforge.net/ BuildRequires: autoconf >= 2.12 BuildRequires: automake >= 1.6 BuildRequires: gettext-tools >= 0.15 @@ -42,7 +40,7 @@ Summary(pl.UTF-8): Pliki nagłówkowe biblioteki tpm_unseal Group: Development/Libraries Requires: %{name} = %{version}-%{release} Requires: trousers-devel >= 0.3.9 -Obsoletes: tpm-tools-static +Obsoletes: tpm-tools-static < 1.3.5 %description devel Header files for tpm_unseal library. @@ -72,13 +70,16 @@ Narzędzia pozwalają importować klucze i certyfikaty, wypisywać listę obiektów w kontenerze i chronić dane. %prep -%setup -q -c +%setup -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 %patch4 -p1 +# prepare for gettextize +%{__sed} -i -e '/po\/Makefile\.in/d' configure.ac +mkdir -p m4 +touch m4/Makefile.am + %build %{__gettextize} %{__libtoolize} -- 2.44.0