[packages/tpm-tools] - updated to 1.3.9.2 - removed obsolete Fix-build-with-OpenSSL-1.1. patches - fixed broken Allocate-

qboosh qboosh at pld-linux.org
Sat Oct 22 10:18:02 CEST 2022 

commit f84ef36131a8ed00f05a6fbefaf5e14e7f418e43
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Sat Oct 22 10:19:07 2022 +0200

    - updated to 1.3.9.2
    - removed obsolete Fix-build-with-OpenSSL-1.1. patches
    - fixed broken Allocate-OpenSSL-cipher-contexts-for-seal-unseal patch

 ...ith-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch |  37 ----
 ...ith-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch | 192 ---------------------
 ...e-OpenSSL-cipher-contexts-for-seal-unseal.patch |  10 +-
 tpm-tools.spec                                     |  23 +--
 4 files changed, 18 insertions(+), 244 deletions(-)
---
diff --git a/tpm-tools.spec b/tpm-tools.spec
index becd7ab..cc31ea4 100644
--- a/tpm-tools.spec
+++ b/tpm-tools.spec
@@ -1,18 +1,16 @@
 Summary:	Management tools for the TPM hardware
 Summary(pl.UTF-8):	Narzędzia zarządzające sprzętem TPM
 Name:		tpm-tools
-Version:	1.3.9.1
-Release:	5
+Version:	1.3.9.2
+Release:	1
 License:	CPL v1.0+
 Group:		Applications/System
-Source0:	http://downloads.sourceforge.net/trousers/%{name}-%{version}.tar.gz
-# Source0-md5:	1532293aa632a0eaa7e60df87c779855
+Source0:	https://downloads.sourceforge.net/trousers/%{name}-%{version}.tar.gz
+# Source0-md5:	44091f5497996c6fd674c73b43f190ab
 Patch0:		%{name}-link.patch
 Patch1:		%{name}-x32.patch
-Patch2:		0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch
-Patch3:		0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch
 Patch4:		0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
-URL:		http://trousers.sourceforge.net/
+URL:		https://trousers.sourceforge.net/
 BuildRequires:	autoconf >= 2.12
 BuildRequires:	automake >= 1.6
 BuildRequires:	gettext-tools >= 0.15
@@ -42,7 +40,7 @@ Summary(pl.UTF-8):	Pliki nagłówkowe biblioteki tpm_unseal
 Group:		Development/Libraries
 Requires:	%{name} = %{version}-%{release}
 Requires:	trousers-devel >= 0.3.9
-Obsoletes:	tpm-tools-static
+Obsoletes:	tpm-tools-static < 1.3.5
 
 %description devel
 Header files for tpm_unseal library.
@@ -72,13 +70,16 @@ Narzędzia pozwalają importować klucze i certyfikaty, wypisywać listę
 obiektów w kontenerze i chronić dane.
 
 %prep
-%setup -q -c
+%setup -q
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
 %patch4 -p1
 
+# prepare for gettextize
+%{__sed} -i -e '/po\/Makefile\.in/d' configure.ac
+mkdir -p m4
+touch m4/Makefile.am
+
 %build
 %{__gettextize}
 %{__libtoolize}
diff --git a/0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch b/0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch
deleted file mode 100644
index ed43ed0..0000000
--- a/0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 3acd773846a85d142e919e2f4eeeee1acea5ca3a Mon Sep 17 00:00:00 2001
-From: Michal Schmidt <mschmidt at redhat.com>
-Date: Mon, 20 Feb 2017 10:28:33 +0100
-Subject: [PATCH 1/3] Fix build with OpenSSL 1.1 due to EVP_PKEY being an
- opaque struct
-
-With OpenSSL 1.1 the build fails with:
-data_import.c:375:26: error: dereferencing pointer to incomplete type
-'EVP_PKEY {aka struct evp_pkey_st}'
-
-The manual page[1] says:
-  Previous versions of this document suggested using
-  EVP_PKEY_type(pkey->type) to determine the type of a key. Since EVP_PKEY
-  is now opaque this is no longer possible: the equivalent is
-  EVP_PKEY_base_id(pkey).
-
-[1] https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_base_id.html
----
- src/data_mgmt/data_import.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c
-index f534717f02..d4d2052bc6 100644
---- a/src/data_mgmt/data_import.c
-+++ b/src/data_mgmt/data_import.c
-@@ -372,7 +372,7 @@ readX509Cert( const char  *a_pszFile,
- 		goto out;
- 	}
- 
--	if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
-+	if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) {
- 		logError( TOKEN_RSA_KEY_ERROR );
- 
- 		X509_free( pX509 );
--- 
-2.9.3
-
diff --git a/0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch b/0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch
deleted file mode 100644
index 68d14bf..0000000
--- a/0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch
+++ /dev/null
@@ -1,192 +0,0 @@
-From 72fe7011fe981f90a04a62a3fb6ad33037390dff Mon Sep 17 00:00:00 2001
-From: Michal Schmidt <mschmidt at redhat.com>
-Date: Mon, 20 Feb 2017 10:43:10 +0100
-Subject: [PATCH 2/3] Fix build with OpenSSL 1.1 due to RSA being an opaque
- struct
-
-RSA is an opaque struct in OpenSSL 1.1. New getter functions must be
-used to access the key components. The functions were not present in
-OpenSSL 1.0, so add a compat header with the implementation of the
-needed functions as suggested by the OpenSSL wiki [1] in order to allow
-building tpm-tools with any version of OpenSSL.
-
-[1] https://wiki.openssl.org/index.php/1.1_API_Changes
----
- src/data_mgmt/Makefile.am      |  3 ++-
- src/data_mgmt/data_import.c    | 52 ++++++++++++++++++++++---------------
- src/data_mgmt/openssl_compat.h | 58 ++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 92 insertions(+), 21 deletions(-)
- create mode 100644 src/data_mgmt/openssl_compat.h
-
-diff --git a/src/data_mgmt/Makefile.am b/src/data_mgmt/Makefile.am
-index de505e48ef..9457618ab9 100644
---- a/src/data_mgmt/Makefile.am
-+++ b/src/data_mgmt/Makefile.am
-@@ -32,7 +32,8 @@ noinst_HEADERS =	data_common.h \
- 			data_init.h \
- 			data_object.h \
- 			data_passwd.h \
--			data_protect.h
-+			data_protect.h \
-+			openssl_compat.h
- 
- #
- # Common build flags
-diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c
-index d4d2052bc6..532543f7d3 100644
---- a/src/data_mgmt/data_import.c
-+++ b/src/data_mgmt/data_import.c
-@@ -39,6 +39,7 @@
- #include <openssl/evp.h>
- #include <openssl/err.h>
- 
-+#include "openssl_compat.h"
- 
- /*
-  * Global variables
-@@ -691,8 +692,11 @@ createRsaPubKeyObject( RSA               *a_pRsa,
- 
- 	int  rc = -1;
- 
--	int  nLen = BN_num_bytes( a_pRsa->n );
--	int  eLen = BN_num_bytes( a_pRsa->e );
-+	const BIGNUM *rsa_n, *rsa_e;
-+	RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, NULL );
-+
-+	int  nLen = BN_num_bytes( rsa_n );
-+	int  eLen = BN_num_bytes( rsa_e );
- 
- 	CK_RV  rv;
- 
-@@ -732,8 +736,8 @@ createRsaPubKeyObject( RSA               *a_pRsa,
- 	}
- 
- 	// Get binary representations of the RSA key information
--	BN_bn2bin( a_pRsa->n, n );
--	BN_bn2bin( a_pRsa->e, e );
-+	BN_bn2bin( rsa_n, n );
-+	BN_bn2bin( rsa_e, e );
- 
- 	// Create the RSA public key object
- 	rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
-@@ -760,14 +764,22 @@ createRsaPrivKeyObject( RSA               *a_pRsa,
- 
- 	int  rc = -1;
- 
--	int  nLen = BN_num_bytes( a_pRsa->n );
--	int  eLen = BN_num_bytes( a_pRsa->e );
--	int  dLen = BN_num_bytes( a_pRsa->d );
--	int  pLen = BN_num_bytes( a_pRsa->p );
--	int  qLen = BN_num_bytes( a_pRsa->q );
--	int  dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
--	int  dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
--	int  iqmpLen = BN_num_bytes( a_pRsa->iqmp );
-+	const BIGNUM *rsa_n, *rsa_e, *rsa_d;
-+	const BIGNUM *rsa_p, *rsa_q;
-+	const BIGNUM *rsa_dmp1, *rsa_dmq1, *rsa_iqmp;
-+
-+	RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, &rsa_d );
-+	RSA_get0_factors( a_pRsa, &rsa_p, &rsa_q );
-+	RSA_get0_crt_params( a_pRsa, &rsa_dmp1, &rsa_dmq1, &rsa_iqmp );
-+
-+	int  nLen = BN_num_bytes( rsa_n );
-+	int  eLen = BN_num_bytes( rsa_e );
-+	int  dLen = BN_num_bytes( rsa_d );
-+	int  pLen = BN_num_bytes( rsa_p );
-+	int  qLen = BN_num_bytes( rsa_q );
-+	int  dmp1Len = BN_num_bytes( rsa_dmp1 );
-+	int  dmq1Len = BN_num_bytes( rsa_dmq1 );
-+	int  iqmpLen = BN_num_bytes( rsa_iqmp );
- 
- 	CK_RV  rv;
- 
-@@ -821,14 +833,14 @@ createRsaPrivKeyObject( RSA               *a_pRsa,
- 	}
- 
- 	// Get binary representations of the RSA key information
--	BN_bn2bin( a_pRsa->n, n );
--	BN_bn2bin( a_pRsa->e, e );
--	BN_bn2bin( a_pRsa->d, d );
--	BN_bn2bin( a_pRsa->p, p );
--	BN_bn2bin( a_pRsa->q, q );
--	BN_bn2bin( a_pRsa->dmp1, dmp1 );
--	BN_bn2bin( a_pRsa->dmq1, dmq1 );
--	BN_bn2bin( a_pRsa->iqmp, iqmp );
-+	BN_bn2bin( rsa_n, n );
-+	BN_bn2bin( rsa_e, e );
-+	BN_bn2bin( rsa_d, d );
-+	BN_bn2bin( rsa_p, p );
-+	BN_bn2bin( rsa_q, q );
-+	BN_bn2bin( rsa_dmp1, dmp1 );
-+	BN_bn2bin( rsa_dmq1, dmq1 );
-+	BN_bn2bin( rsa_iqmp, iqmp );
- 
- 	// Create the RSA private key object
- 	rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
-diff --git a/src/data_mgmt/openssl_compat.h b/src/data_mgmt/openssl_compat.h
-new file mode 100644
-index 0000000000..2a60fdf492
---- /dev/null
-+++ b/src/data_mgmt/openssl_compat.h
-@@ -0,0 +1,58 @@
-+/*
-+ * Getter functions for OpenSSL < 1.1 compatibility. Based on code from:
-+ * https://wiki.openssl.org/index.php/1.1_API_Changes#Adding_forward-compatible_code_to_older_versions
-+ * and therefore:
-+ * Copyright OpenSSL 2016
-+ * Contents licensed under the terms of the OpenSSL license
-+ * See http://www.openssl.org/source/license.html for details
-+ */
-+
-+#ifndef __OPENSSL_COMPAT_H
-+#define __OPENSSL_COMPAT_H
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#include <openssl/engine.h>
-+
-+static inline void
-+RSA_get0_key( const RSA *r,
-+              const BIGNUM **n,
-+              const BIGNUM **e,
-+              const BIGNUM **d ) {
-+
-+	if ( n )
-+		*n = r->n;
-+	if ( e )
-+		*e = r->e;
-+	if ( d )
-+		*d = r->d;
-+}
-+
-+static inline void
-+RSA_get0_factors( const RSA *r,
-+                  const BIGNUM **p,
-+                  const BIGNUM **q ) {
-+
-+	if ( p )
-+		*p = r->p;
-+	if ( q )
-+		*q = r->q;
-+}
-+
-+static inline void
-+RSA_get0_crt_params( const RSA *r,
-+                     const BIGNUM **dmp1,
-+                     const BIGNUM **dmq1,
-+                     const BIGNUM **iqmp ) {
-+
-+	if ( dmp1 )
-+		*dmp1 = r->dmp1;
-+	if ( dmq1 )
-+		*dmq1 = r->dmq1;
-+	if ( iqmp )
-+		*iqmp = r->iqmp;
-+}
-+
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#endif /* __OPENSSL_COMPAT_H */
--- 
-2.9.3
-
diff --git a/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch b/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
index 3aaca68..1f18e8b 100644
--- a/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
+++ b/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
@@ -25,11 +25,12 @@ index fc4a84906a..005dab7f8f 100644
  	BIO *bdata = NULL, *b64 = NULL, *bmem = NULL;
  	int bioRc;
  
-@@ -408,7 +408,11 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
+@@ -408,7 +408,12 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
  	}
  
  	/* Decode and decrypt the encrypted data */
--	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+-	EVP_CIPHER_CTX *ctx = NULL;
++	ctx = EVP_CIPHER_CTX_new();
 +	if ( ctx == NULL ) {
 +		rc = TPMSEAL_STD_ERROR;
 +		tpm_errno = ENOMEM;
@@ -61,11 +62,12 @@ index a2157f34b1..e25244a0f4 100644
  	BIO *bin = NULL, *bdata=NULL, *b64=NULL;
  
  	initIntlSys();
-@@ -343,7 +343,10 @@ int main(int argc, char **argv)
+@@ -343,7 +343,11 @@ int main(int argc, char **argv)
  	BIO_puts(bdata, TPMSEAL_ENC_STRING); 
  	bdata = BIO_push(b64, bdata);
  
--	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+-	EVP_CIPHER_CTX *ctx = NULL;
++	ctx = EVP_CIPHER_CTX_new();
 +	if (ctx == NULL) {
 +		logError(_("Unable to allocate cipher context\n"));
 +		goto out_close;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/tpm-tools.git/commitdiff/f84ef36131a8ed00f05a6fbefaf5e14e7f418e43

More information about the pld-cvs-commit mailing list