From owner-svn-ports-all@freebsd.org Wed May 18 17:47:47 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4232FB41B45; Wed, 18 May 2016 17:47:47 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0BC3D1C1C; Wed, 18 May 2016 17:47:46 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u4IHlkkM068616; Wed, 18 May 2016 17:47:46 GMT (envelope-from hrs@FreeBSD.org) Received: (from hrs@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u4IHljEn068610; Wed, 18 May 2016 17:47:45 GMT (envelope-from hrs@FreeBSD.org) Message-Id: <201605181747.u4IHljEn068610@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: hrs set sender to hrs@FreeBSD.org using -f From: Hiroki Sato Date: Wed, 18 May 2016 17:47:45 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r415460 - in head/security/openssl_tpm_engine: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2016 17:47:47 -0000 Author: hrs Date: Wed May 18 17:47:45 2016 New Revision: 415460 URL: https://svnweb.freebsd.org/changeset/ports/415460 Log: - Fix pkg-message. - Use post-install-EXAMPLES-on: - Take maintainership. Deleted: head/security/openssl_tpm_engine/pkg-plist Modified: head/security/openssl_tpm_engine/Makefile head/security/openssl_tpm_engine/files/patch-e_tpm.c head/security/openssl_tpm_engine/files/patch-e_tpm.h head/security/openssl_tpm_engine/files/patch-e_tpm_err.c head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample head/security/openssl_tpm_engine/files/pkg-message.in Modified: head/security/openssl_tpm_engine/Makefile ============================================================================== --- head/security/openssl_tpm_engine/Makefile Wed May 18 17:22:59 2016 (r415459) +++ head/security/openssl_tpm_engine/Makefile Wed May 18 17:47:45 2016 (r415460) @@ -3,11 +3,11 @@ PORTNAME= openssl_tpm_engine PORTVERSION= 0.4.2 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= SF/trousers/OpenSSL%20TPM%20Engine/${PORTVERSION} -MAINTAINER= ports@FreeBSD.org +MAINTAINER= hrs@FreeBSD.org COMMENT= OpenSSL TPM engine LICENSE= OpenSSL @@ -22,15 +22,20 @@ GNU_CONFIGURE= yes LDFLAGS+= -L${LOCALBASE}/lib -lcrypto CFLAGS+= -I${LOCALBASE}/include SUB_FILES= pkg-message -PORTEXAMPLES= openssl.cnf.sample +PLIST_FILES= bin/create_tpm_key \ + lib/openssl/engines/libtpm.so \ + lib/openssl/engines/libtpm.so.0 \ + lib/openssl/engines/libtpm.so.0.0.0 INSTALL_TARGET= install-strip +PORTEXAMPLES= openssl.cnf.sample OPTIONS_DEFINE= EXAMPLES post-patch: - @${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/openssl.cnf.sample + @${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' \ + ${WRKSRC}/openssl.cnf.sample -post-install: +post-install-EXAMPLES-on: @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} ${INSTALL_DATA} ${WRKSRC}/openssl.cnf.sample ${STAGEDIR}${EXAMPLESDIR} Modified: head/security/openssl_tpm_engine/files/patch-e_tpm.c ============================================================================== --- head/security/openssl_tpm_engine/files/patch-e_tpm.c Wed May 18 17:22:59 2016 (r415459) +++ head/security/openssl_tpm_engine/files/patch-e_tpm.c Wed May 18 17:47:45 2016 (r415460) @@ -1,5 +1,5 @@ ---- e_tpm.c.orig 2012-09-20 02:57:45.000000000 +0900 -+++ e_tpm.c 2013-07-26 00:25:21.000000000 +0900 +--- e_tpm.c.orig 2012-09-19 17:57:45 UTC ++++ e_tpm.c @@ -35,6 +35,7 @@ #include @@ -8,7 +8,7 @@ #include "e_tpm.h" -@@ -55,10 +56,10 @@ +@@ -55,10 +56,10 @@ static char *tpm_engine_get_auth(UI_METH /* rsa functions */ static int tpm_rsa_init(RSA *rsa); static int tpm_rsa_finish(RSA *rsa); @@ -23,7 +23,7 @@ //static int tpm_rsa_sign(int, const unsigned char *, unsigned int, unsigned char *, unsigned int *, const RSA *); static int tpm_rsa_keygen(RSA *, int, BIGNUM *, BN_GENCB *); #endif -@@ -72,6 +73,7 @@ +@@ -72,6 +73,7 @@ static void tpm_rand_seed(const void *, #define TPM_CMD_SO_PATH ENGINE_CMD_BASE #define TPM_CMD_PIN ENGINE_CMD_BASE+1 #define TPM_CMD_SECRET_MODE ENGINE_CMD_BASE+2 @@ -31,7 +31,7 @@ static const ENGINE_CMD_DEFN tpm_cmd_defns[] = { {TPM_CMD_SO_PATH, "SO_PATH", -@@ -85,6 +87,10 @@ +@@ -85,6 +87,10 @@ static const ENGINE_CMD_DEFN tpm_cmd_def "SECRET_MODE", "The TSS secret mode for all secrets", ENGINE_CMD_FLAG_NUMERIC}, @@ -42,7 +42,7 @@ {0, NULL, NULL, 0} }; -@@ -167,6 +173,9 @@ +@@ -167,6 +173,9 @@ static unsigned int (*p_tspi_Hash_SetHas static unsigned int (*p_tspi_GetPolicyObject)(); static unsigned int (*p_tspi_Policy_SetSecret)(); static unsigned int (*p_tspi_Policy_AssignToObject)(); @@ -52,7 +52,7 @@ /* Override the real function calls to use our indirect pointers */ #define Tspi_Context_Create p_tspi_Context_Create -@@ -193,6 +202,9 @@ +@@ -193,6 +202,9 @@ static unsigned int (*p_tspi_Policy_Assi #define Tspi_Hash_SetHashValue p_tspi_Hash_SetHashValue #define Tspi_Policy_SetSecret p_tspi_Policy_SetSecret #define Tspi_Policy_AssignToObject p_tspi_Policy_AssignToObject @@ -62,7 +62,7 @@ #endif /* DLOPEN_TSPI */ /* This internal function is used by ENGINE_tpm() and possibly by the -@@ -248,6 +260,7 @@ +@@ -248,6 +260,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb TSS_RESULT result; UINT32 authusage; BYTE *auth; @@ -70,7 +70,7 @@ if (hSRK != NULL_HKEY) { DBGFN("SRK is already loaded."); -@@ -294,6 +307,7 @@ +@@ -294,6 +307,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb return 0; } @@ -78,7 +78,7 @@ if ((auth = calloc(1, 128)) == NULL) { TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); return 0; -@@ -319,6 +333,15 @@ +@@ -319,6 +333,15 @@ int tpm_load_srk(UI_METHOD *ui, void *cb free(auth); @@ -94,7 +94,7 @@ return 1; } -@@ -376,7 +399,10 @@ +@@ -376,7 +399,10 @@ static int tpm_engine_init(ENGINE * e) !bind_tspi_func(tpm_dso, Context_GetTpmObject) || !bind_tspi_func(tpm_dso, GetAttribUint32) || !bind_tspi_func(tpm_dso, SetAttribData) || @@ -106,7 +106,7 @@ ) { TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE); goto err; -@@ -438,6 +464,9 @@ +@@ -438,6 +464,9 @@ err: p_tspi_Policy_AssignToObject = NULL; p_tspi_TPM_StirRandom = NULL; p_tspi_TPM_GetRandom = NULL; @@ -116,7 +116,7 @@ #endif return 0; } -@@ -566,6 +595,55 @@ +@@ -566,6 +595,55 @@ int fill_out_rsa_object(RSA *rsa, TSS_HK return 1; } @@ -172,7 +172,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, UI_METHOD *ui, void *cb_data) { -@@ -580,7 +658,7 @@ +@@ -580,7 +658,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG DBG("%s", __FUNCTION__); @@ -181,7 +181,7 @@ TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER); return NULL; } -@@ -590,17 +668,27 @@ +@@ -590,17 +668,27 @@ static EVP_PKEY *tpm_engine_load_key(ENG return NULL; } @@ -211,7 +211,7 @@ BIO_free(bf); return NULL; } -@@ -611,7 +699,7 @@ +@@ -611,7 +699,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG blobstr->length, blobstr->data, &hKey))) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, @@ -220,7 +220,7 @@ return NULL; } ASN1_OCTET_STRING_free(blobstr); -@@ -621,7 +709,7 @@ +@@ -621,7 +709,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG &authusage))) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, @@ -229,7 +229,7 @@ return NULL; } -@@ -726,7 +814,7 @@ +@@ -726,7 +814,7 @@ static int tpm_create_srk_policy(void *s TSS_POLICY_USAGE, &hSRKPolicy))) { TSSerr(TPM_F_TPM_CREATE_SRK_POLICY, @@ -238,7 +238,7 @@ return 0; } } -@@ -740,6 +828,70 @@ +@@ -740,6 +828,70 @@ static int tpm_create_srk_policy(void *s return 1; } @@ -309,7 +309,7 @@ static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ()) { int initialised = !!hContext; -@@ -778,6 +930,8 @@ +@@ -778,6 +930,8 @@ static int tpm_engine_ctrl(ENGINE * e, i return 1; case TPM_CMD_PIN: return tpm_create_srk_policy(p); @@ -318,7 +318,7 @@ default: break; } -@@ -832,7 +986,7 @@ +@@ -832,7 +986,7 @@ static int tpm_rsa_finish(RSA *rsa) } static int tpm_rsa_pub_dec(int flen, @@ -327,7 +327,7 @@ unsigned char *to, RSA *rsa, int padding) -@@ -851,7 +1005,7 @@ +@@ -851,7 +1005,7 @@ static int tpm_rsa_pub_dec(int flen, } static int tpm_rsa_priv_dec(int flen, @@ -336,7 +336,7 @@ unsigned char *to, RSA *rsa, int padding) -@@ -928,7 +1082,7 @@ +@@ -928,7 +1082,7 @@ static int tpm_rsa_priv_dec(int flen, } static int tpm_rsa_pub_enc(int flen, @@ -345,7 +345,7 @@ unsigned char *to, RSA *rsa, int padding) -@@ -1035,7 +1189,7 @@ +@@ -1035,7 +1189,7 @@ static int tpm_rsa_pub_enc(int flen, } static int tpm_rsa_priv_enc(int flen, @@ -354,7 +354,7 @@ unsigned char *to, RSA *rsa, int padding) -@@ -1080,7 +1234,10 @@ +@@ -1080,7 +1234,10 @@ static int tpm_rsa_priv_enc(int flen, } if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) { Modified: head/security/openssl_tpm_engine/files/patch-e_tpm.h ============================================================================== --- head/security/openssl_tpm_engine/files/patch-e_tpm.h Wed May 18 17:22:59 2016 (r415459) +++ head/security/openssl_tpm_engine/files/patch-e_tpm.h Wed May 18 17:47:45 2016 (r415460) @@ -1,8 +1,8 @@ http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com ---- e_tpm.h.orig 2006-08-04 04:22:05.000000000 +0900 -+++ e_tpm.h 2010-10-31 23:46:45.913856850 +0900 -@@ -74,6 +74,8 @@ +--- e_tpm.h.orig 2012-09-12 15:32:53 UTC ++++ e_tpm.h +@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int rea #define TPM_F_TPM_FILL_RSA_OBJECT 116 #define TPM_F_TPM_ENGINE_GET_AUTH 117 #define TPM_F_TPM_CREATE_SRK_POLICY 118 @@ -11,7 +11,7 @@ http://sourceforge.net/mailarchive/messa /* Reason codes. */ #define TPM_R_ALREADY_LOADED 100 -@@ -104,6 +106,7 @@ +@@ -96,6 +98,7 @@ void ERR_TSS_error(int function, int rea #define TPM_R_ID_INVALID 125 #define TPM_R_UI_METHOD_FAILED 126 #define TPM_R_UNKNOWN_SECRET_MODE 127 @@ -19,7 +19,7 @@ http://sourceforge.net/mailarchive/messa /* structure pointed to by the RSA object's app_data pointer */ struct rsa_app_data -@@ -115,6 +118,25 @@ +@@ -107,6 +110,25 @@ struct rsa_app_data UINT32 sigScheme; }; Modified: head/security/openssl_tpm_engine/files/patch-e_tpm_err.c ============================================================================== --- head/security/openssl_tpm_engine/files/patch-e_tpm_err.c Wed May 18 17:22:59 2016 (r415459) +++ head/security/openssl_tpm_engine/files/patch-e_tpm_err.c Wed May 18 17:47:45 2016 (r415460) @@ -1,8 +1,8 @@ http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com ---- e_tpm_err.c.orig 2005-10-06 04:02:16.000000000 +0900 -+++ e_tpm_err.c 2010-10-31 23:44:32.217860972 +0900 -@@ -246,6 +246,7 @@ +--- e_tpm_err.c.orig 2011-01-20 18:24:04 UTC ++++ e_tpm_err.c +@@ -235,6 +235,7 @@ static ERR_STRING_DATA TPM_str_functs[] {ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"}, {ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"}, {ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"}, @@ -10,7 +10,7 @@ http://sourceforge.net/mailarchive/messa {0, NULL} }; -@@ -276,6 +277,7 @@ +@@ -265,6 +266,7 @@ static ERR_STRING_DATA TPM_str_reasons[] {TPM_R_FILE_READ_FAILED, "failed reading the key file"}, {TPM_R_ID_INVALID, "engine id doesn't match"}, {TPM_R_UI_METHOD_FAILED, "ui function failed"}, Modified: head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample ============================================================================== --- head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample Wed May 18 17:22:59 2016 (r415459) +++ head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample Wed May 18 17:47:45 2016 (r415460) @@ -1,6 +1,6 @@ ---- openssl.cnf.sample.orig 2005-09-30 00:02:58.000000000 +0900 -+++ openssl.cnf.sample 2010-11-07 00:53:39.968569790 +0900 -@@ -18,7 +18,7 @@ +--- openssl.cnf.sample.orig 2012-09-19 17:56:45 UTC ++++ openssl.cnf.sample +@@ -18,7 +18,7 @@ engines = engine_section foo = tpm_section [tpm_section] Modified: head/security/openssl_tpm_engine/files/pkg-message.in ============================================================================== --- head/security/openssl_tpm_engine/files/pkg-message.in Wed May 18 17:22:59 2016 (r415459) +++ head/security/openssl_tpm_engine/files/pkg-message.in Wed May 18 17:47:45 2016 (r415460) @@ -1,17 +1,11 @@ -A sample openssl.cnf was copied to - %%PREFIX%%/share/examples/tpm/openssl.cnf.sample +A sample configuration which has to be added into /etc/ssl/openssl.cnf +to enable "tpm" engine in OpenSSL can be found at +%%EXAMPLESDIR%%/openssl.cnf.sample. +Note that tcsd daemon in security/trousers must be running. If not, +you might get the following error messages: -To use 'tpm' openssl engine, please add above sample configuration -to /etc/ssl/openssl.cnf. - -If you setup tpm engine to openssl.cnf, please start always tcsd -daemon (ports/security/trousers), or many applications using openssl -like sshd/httpd doesn't work soon / you get following messages like: - -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Auto configuration failed -65738:error:80066070:tpm engine:TPM_ENGINE_INIT:unit failure:e_tpm.c:484: -65738:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_table.c:161: -65738:error:260BC065:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_cnf.c:204:section=tpm_section, name=default_algorithms, value=ALL -65738:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_mod.c:235:module=engines, value=engine_section, retcode=-1 -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | Auto configuration failed + | 65738:error:80066070:tpm engine:TPM_ENGINE_INIT:unit failure:e_tpm.c:484: + | 65738:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_table.c:161: + | 65738:error:260BC065:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_cnf.c:204:section=tpm_section, name=default_algorithms, value=ALL + | 65738:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_mod.c:235:module=engines, value=engine_section, retcode=-1