Date: Thu, 25 Jul 2013 15:30:11 +0000 (UTC) From: Hiroki Sato <hrs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r323649 - in head/security/openssl_tpm_engine: . files Message-ID: <201307251530.r6PFUBo2077062@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hrs Date: Thu Jul 25 15:30:11 2013 New Revision: 323649 URL: http://svnweb.freebsd.org/changeset/ports/323649 Log: - Update to 0.4.2. - Take maintainership. Modified: head/security/openssl_tpm_engine/Makefile head/security/openssl_tpm_engine/distinfo head/security/openssl_tpm_engine/files/patch-e_tpm.c head/security/openssl_tpm_engine/pkg-plist (contents, props changed) Modified: head/security/openssl_tpm_engine/Makefile ============================================================================== --- head/security/openssl_tpm_engine/Makefile Thu Jul 25 15:08:14 2013 (r323648) +++ head/security/openssl_tpm_engine/Makefile Thu Jul 25 15:30:11 2013 (r323649) @@ -1,42 +1,42 @@ -# New ports collection makefile for: openssl_tpm_engine -# Date created: 18 Sep 2007 -# Whom: Sebastian Schuetz <sschuetz@fhm.edu> -# +# Created by: Sebastian Schuetz <sschuetz@fhm.edu> # $FreeBSD$ -# PORTNAME= openssl_tpm_engine -PORTVERSION= 0.4.1 -PORTREVISION= 1 +PORTVERSION= 0.4.2 CATEGORIES= security MASTER_SITES= SF/trousers/OpenSSL%20TPM%20Engine/${PORTVERSION} -MAINTAINER= ports@FreeBSD.org +MAINTAINER= hrs@FreeBSD.org COMMENT= OpenSSL TPM engine +LICENSE= GPLv2 + RUN_DEPENDS= ${LOCALBASE}/sbin/tcsd:${PORTSDIR}/security/trousers -LIB_DEPENDS= tspi.2:${PORTSDIR}/security/trousers +LIB_DEPENDS= tspi:${PORTSDIR}/security/trousers -USE_GMAKE= YES -GNU_CONFIGURE= YES -MAKE_JOBS_SAFE= YES +USES= gmake USE_AUTOTOOLS= autoconf libtool +USE_LDCONFIG= yes +GNU_CONFIGURE= yes +MAKE_JOBS_SAFE= yes LDFLAGS+= -L${LOCALBASE}/lib - +CFLAGS+= -I${LOCALBASE}/include SUB_FILES= pkg-message +PORTEXAMPLES= openssl.cnf.sample -LICENSE= GPLv2 -LICENSE_FILE= ${WRKSRC}/LICENSE +OPTIONS_DEFINE= EXAMPLES +OPTIONS_DEFAULT=EXAMPLES -.include <bsd.port.pre.mk> -CFLAGS+= -I${LOCALBASE}/include +.include <bsd.port.options.mk> post-patch: @${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/openssl.cnf.sample post-install: - @[ -d ${EXAMPLESDIR} ] || ${MKDIR} ${EXAMPLESDIR} - @${INSTALL_DATA} ${WRKSRC}/openssl.cnf.sample ${EXAMPLESDIR} +.if ${PORT_OPTIONS:MEXAMPLES} + ${MKDIR} ${EXAMPLESDIR} + ${INSTALL_DATA} ${WRKSRC}/openssl.cnf.sample ${EXAMPLESDIR} +.endif @${CAT} ${PKGMESSAGE} -.include <bsd.port.post.mk> +.include <bsd.port.mk> Modified: head/security/openssl_tpm_engine/distinfo ============================================================================== --- head/security/openssl_tpm_engine/distinfo Thu Jul 25 15:08:14 2013 (r323648) +++ head/security/openssl_tpm_engine/distinfo Thu Jul 25 15:30:11 2013 (r323649) @@ -1,2 +1,2 @@ -SHA256 (openssl_tpm_engine-0.4.1.tar.gz) = 01d1244f1985d5ba1720a64d04de9080acd9b1c08cc04a2f1b7beb6850deae67 -SIZE (openssl_tpm_engine-0.4.1.tar.gz) = 648249 +SHA256 (openssl_tpm_engine-0.4.2.tar.gz) = 2df697e583053f7047a89daa4585e21fc67cf4397ee34ece94cf2d4b4f7ab49c +SIZE (openssl_tpm_engine-0.4.2.tar.gz) = 528196 Modified: head/security/openssl_tpm_engine/files/patch-e_tpm.c ============================================================================== --- head/security/openssl_tpm_engine/files/patch-e_tpm.c Thu Jul 25 15:08:14 2013 (r323648) +++ head/security/openssl_tpm_engine/files/patch-e_tpm.c Thu Jul 25 15:30:11 2013 (r323649) @@ -1,193 +1,128 @@ -http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com -http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.camel%40macbook.infradead.org - ---- e_tpm.c.orig 2007-02-06 05:32:10.000000000 +0900 -+++ e_tpm.c 2010-11-21 06:54:21.792744937 +0900 -@@ -35,9 +35,6 @@ - #include <openssl/bn.h> - - #include <tss/platform.h> --#include <tss/tcpa_defines.h> --#include <tss/tcpa_typedef.h> --#include <tss/tcpa_struct.h> - #include <tss/tss_defines.h> - #include <tss/tss_typedef.h> - #include <tss/tss_structs.h> -@@ -45,6 +42,7 @@ +--- e_tpm.c.orig 2012-09-20 02:57:45.000000000 +0900 ++++ e_tpm.c 2013-07-26 00:25:21.000000000 +0900 +@@ -35,6 +35,7 @@ #include <tss/tspi.h> #include <trousers/trousers.h> // XXX DEBUG -+#include <trousers/tss.h> // XXX DEBUG ++#include <trousers/tss.h> #include "e_tpm.h" -@@ -77,6 +75,11 @@ - static const char *TPM_F_Policy_SetSecret = "Tspi_Policy_SetSecret"; - static const char *TPM_F_Policy_AssignToObject = "Tspi_Policy_AssignToObject"; - -+/* Added by c.hol...@sirrix.com */ -+static const char *TPM_F_PcrComposite_SelectPcrIndex = "Tspi_PcrComposite_SelectPcrIndex"; -+static const char *TPM_F_TPM_Quote = "Tspi_TPM_Quote"; -+static const char *TPM_F_NV_ReadValue = "Tspi_NV_ReadValue"; -+ - /* engine specific functions */ - static int tpm_engine_destroy(ENGINE *); - static int tpm_engine_init(ENGINE *); -@@ -106,6 +109,8 @@ +@@ -55,10 +56,10 @@ + /* rsa functions */ + static int tpm_rsa_init(RSA *rsa); + static int tpm_rsa_finish(RSA *rsa); +-static int tpm_rsa_pub_dec(int, const unsigned char *, unsigned char *, RSA *, int); +-static int tpm_rsa_pub_enc(int, const unsigned char *, unsigned char *, RSA *, int); +-static int tpm_rsa_priv_dec(int, const unsigned char *, unsigned char *, RSA *, int); +-static int tpm_rsa_priv_enc(int, const unsigned char *, unsigned char *, RSA *, int); ++static int tpm_rsa_pub_dec(int, unsigned char *, unsigned char *, RSA *, int); ++static int tpm_rsa_pub_enc(int, unsigned char *, unsigned char *, RSA *, int); ++static int tpm_rsa_priv_dec(int, unsigned char *, unsigned char *, RSA *, int); ++static int tpm_rsa_priv_enc(int, unsigned char *, unsigned char *, RSA *, int); + //static int tpm_rsa_sign(int, const unsigned char *, unsigned int, unsigned char *, unsigned int *, const RSA *); + static int tpm_rsa_keygen(RSA *, int, BIGNUM *, BN_GENCB *); + #endif +@@ -72,6 +73,7 @@ #define TPM_CMD_SO_PATH ENGINE_CMD_BASE #define TPM_CMD_PIN ENGINE_CMD_BASE+1 #define TPM_CMD_SECRET_MODE ENGINE_CMD_BASE+2 +#define TPM_CMD_QUOTE ENGINE_CMD_BASE+3 -+ static const ENGINE_CMD_DEFN tpm_cmd_defns[] = { {TPM_CMD_SO_PATH, "SO_PATH", -@@ -119,6 +124,10 @@ +@@ -85,6 +87,10 @@ "SECRET_MODE", "The TSS secret mode for all secrets", ENGINE_CMD_FLAG_NUMERIC}, + {TPM_CMD_QUOTE, -+ "QUOTE", -+ "Perform a TPM_Quote() with the given structure", -+ ENGINE_CMD_FLAG_NUMERIC}, ++ "QUOTE", ++ "Perform a TPM_Quote() with the given structure", ++ ENGINE_CMD_FLAG_NUMERIC}, {0, NULL, NULL, 0} }; -@@ -201,6 +210,11 @@ +@@ -167,6 +173,9 @@ + static unsigned int (*p_tspi_GetPolicyObject)(); static unsigned int (*p_tspi_Policy_SetSecret)(); static unsigned int (*p_tspi_Policy_AssignToObject)(); - -+/* Added by c.hol...@sirrix.com */ +static unsigned int (*p_tspi_PcrComposite_SelectPcrIndex)(); +static unsigned int (*p_tspi_TPM_Quote)(); +static unsigned int (*p_tspi_NV_ReadValue)(); -+ + + /* Override the real function calls to use our indirect pointers */ + #define Tspi_Context_Create p_tspi_Context_Create +@@ -193,6 +202,9 @@ + #define Tspi_Hash_SetHashValue p_tspi_Hash_SetHashValue + #define Tspi_Policy_SetSecret p_tspi_Policy_SetSecret + #define Tspi_Policy_AssignToObject p_tspi_Policy_AssignToObject ++#define Tspi_PcrComposite_SelectPcrIndex p_tspi_PcrComposite_SelectPcrIndex ++#define Tspi_TPM_Quote p_tspi_TPM_Quote ++#define Tspi_NV_ReadValue p_tspi_NV_ReadValue + #endif /* DLOPEN_TSPI */ + /* This internal function is used by ENGINE_tpm() and possibly by the - * "dynamic" ENGINE support too */ - static int bind_helper(ENGINE * e) -@@ -255,6 +269,9 @@ +@@ -248,6 +260,7 @@ + TSS_RESULT result; UINT32 authusage; BYTE *auth; - -+ /* Added by c.hol...@sirrix.com */ + BYTE well_known[TPM_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET; -+ + if (hSRK != NULL_HKEY) { DBGFN("SRK is already loaded."); - return 1; -@@ -300,29 +317,37 @@ +@@ -294,6 +307,7 @@ return 0; } -- if ((auth = calloc(1, 128)) == NULL) { -- TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); -- return 0; -- } -+ /* c.hol...@sirrix.com: If the UI method is NULL, use TSS_WELL_KNOWN_SECRET */ + if (ui) { -+ if ((auth = calloc(1, 128)) == NULL) { -+ TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } + if ((auth = calloc(1, 128)) == NULL) { + TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); + return 0; +@@ -319,6 +333,15 @@ -- if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ")) { -- p_tspi_Context_CloseObject(hContext, hSRK); -- free(auth); -- TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); -- } -+ if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ")) { -+ p_tspi_Context_CloseObject(hContext, hSRK); -+ free(auth); -+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); -+ } -+ /* secret_mode is a global that may be set by engine ctrl -+ * commands. By default, its set to TSS_SECRET_MODE_PLAIN */ -+ if ((result = p_tspi_Policy_SetSecret(hSRKPolicy, secret_mode, -+ strlen((char *)auth), auth))) { -+ p_tspi_Context_CloseObject(hContext, hSRK); -+ free(auth); -+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); -+ return 0; -+ } + free(auth); -- /* secret_mode is a global that may be set by engine ctrl -- * commands. By default, its set to TSS_SECRET_MODE_PLAIN */ -- if ((result = p_tspi_Policy_SetSecret(hSRKPolicy, secret_mode, -- strlen((char *)auth), auth))) { -- p_tspi_Context_CloseObject(hContext, hSRK); - free(auth); -- TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); -- return 0; + } else { -+ if (result = p_tspi_Policy_SetSecret(hSRKPolicy, TSS_SECRET_MODE_SHA1, 20, well_known)) { -+ p_tspi_Context_CloseObject(hContext, hSRK); ++ if ((result = Tspi_Policy_SetSecret(hSRKPolicy, TSS_SECRET_MODE_SHA1, 20, well_known))) { ++ Tspi_Context_CloseObject(hContext, hSRK); ++ free(auth); + TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); + return 0; + } - } - -- free(auth); -- ++ } ++ return 1; } -@@ -363,6 +388,12 @@ - void (*p22) (); - void (*p23) (); - void (*p24) (); -+ -+ /* Added by c.hol...@sirrix.com */ -+ void (*p25) (); -+ void (*p26) (); -+ void (*p27) (); -+ - TSS_RESULT result; - - DBG("%s", __FUNCTION__); -@@ -400,6 +431,12 @@ - !(p21 = DSO_bind_func(tpm_dso, TPM_F_Context_GetTpmObject)) || - !(p22 = DSO_bind_func(tpm_dso, TPM_F_GetAttribUint32)) || - !(p23 = DSO_bind_func(tpm_dso, TPM_F_SetAttribData)) || -+ -+ /* Added by c.hol...@sirrix.com */ -+ !(p25 = DSO_bind_func(tpm_dso, TPM_F_TPM_Quote)) || -+ !(p26 = DSO_bind_func(tpm_dso, TPM_F_PcrComposite_SelectPcrIndex)) || -+ !(p27 = DSO_bind_func(tpm_dso, TPM_F_NV_ReadValue)) || -+ - !(p24 = DSO_bind_func(tpm_dso, TPM_F_Policy_AssignToObject)) +@@ -376,7 +399,10 @@ + !bind_tspi_func(tpm_dso, Context_GetTpmObject) || + !bind_tspi_func(tpm_dso, GetAttribUint32) || + !bind_tspi_func(tpm_dso, SetAttribData) || +- !bind_tspi_func(tpm_dso, Policy_AssignToObject) ++ !bind_tspi_func(tpm_dso, Policy_AssignToObject) || ++ !bind_tspi_func(tpm_dso, PcrComposite_SelectPcrIndex) || ++ !bind_tspi_func(tpm_dso, TPM_Quote) || ++ !bind_tspi_func(tpm_dso, NV_ReadValue) ) { TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE); -@@ -432,6 +469,11 @@ - p_tspi_SetAttribData = (unsigned int (*) ()) p23; - p_tspi_Policy_AssignToObject = (unsigned int (*) ()) p24; - -+ /* Added by c.hol...@sirrix.com */ -+ p_tspi_TPM_Quote = (unsigned int (*) ()) p25; -+ p_tspi_PcrComposite_SelectPcrIndex = (unsigned int (*) ()) p26; -+ p_tspi_NV_ReadValue = (unsigned int (*) ()) p27; -+ - if ((result = p_tspi_Context_Create(&hContext))) { - TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE); goto err; -@@ -487,6 +529,11 @@ +@@ -438,6 +464,9 @@ + p_tspi_Policy_AssignToObject = NULL; p_tspi_TPM_StirRandom = NULL; p_tspi_TPM_GetRandom = NULL; - -+ /* Added by c.hol...@sirrix.com */ -+ p_tspi_TPM_Quote = NULL; + p_tspi_PcrComposite_SelectPcrIndex = NULL; ++ p_tspi_TPM_Quote = NULL; + p_tspi_NV_ReadValue = NULL; -+ + #endif return 0; } - -@@ -612,6 +659,55 @@ +@@ -566,6 +595,55 @@ return 1; } +/* -+ * Read a keyblob from NVRAM into an OpenSSL memory BIO -+ * by Christian Holler (c.hol...@sirrix.com), Sirrix AG ++ * Read a keyblob from NVRAM into an OpenSSL memory BIO ++ * by Christian Holler (c.hol...@sirrix.com), Sirrix AG + */ +int BIO_from_nvram(unsigned int index, unsigned int length, BIO** bio) +{ @@ -201,22 +136,22 @@ http://sourceforge.net/mailarchive/messa + + /* Create TPM NV object */ + result = p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0, -+ &hNVStore); -+ ++ &hNVStore); ++ + if (result != TSS_SUCCESS) { -+ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, -+ TPM_R_REQUEST_FAILED); -+ return 0; ++ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, ++ TPM_R_REQUEST_FAILED); ++ return 0; + } -+ ++ + /* Set the index to be read */ + result = p_tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0, -+ (UINT32) index); ++ (UINT32) index); + + if (result != TSS_SUCCESS) { -+ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, -+ TPM_R_REQUEST_FAILED); -+ return 0; ++ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, ++ TPM_R_REQUEST_FAILED); ++ return 0; + } + + result = p_tspi_NV_ReadValue(hNVStore, 0, &length, &dataRead); @@ -224,9 +159,9 @@ http://sourceforge.net/mailarchive/messa + p_tspi_Context_FreeMemory(hContext, dataRead); + + if (result != TSS_SUCCESS ) { -+ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, -+ TPM_R_REQUEST_FAILED); -+ return 0; ++ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, ++ TPM_R_REQUEST_FAILED); ++ return 0; + } + + *bio = mem; @@ -237,7 +172,7 @@ http://sourceforge.net/mailarchive/messa static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, UI_METHOD *ui, void *cb_data) { -@@ -627,7 +723,7 @@ +@@ -580,7 +658,7 @@ DBG("%s", __FUNCTION__); @@ -246,42 +181,64 @@ http://sourceforge.net/mailarchive/messa TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER); return NULL; } -@@ -637,10 +733,21 @@ +@@ -590,17 +668,27 @@ return NULL; } -- if ((bf = BIO_new_file(key_id, "r")) == NULL) { -- TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, -- TPM_R_FILE_NOT_FOUND); -- return NULL; + if (cb_data) { + struct nvram_request *nvreq = cb_data; + + if (!BIO_from_nvram(nvreq->index, nvreq->length, &bf)) { + TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, -+ TPM_R_NVRAM_FAILED); ++ TPM_R_NVRAM_FAILED); + return NULL; + } + } else { -+ -+ if ((bf = BIO_new_file(key_id, "r")) == NULL) { -+ TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, -+ TPM_R_FILE_NOT_FOUND); -+ return NULL; -+ } - } - retry: - if ((rc = BIO_read(bf, &blob_buf[0], 4096)) < 0) { -@@ -746,6 +853,8 @@ + if ((bf = BIO_new_file(key_id, "r")) == NULL) { + TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, +- TPM_R_FILE_NOT_FOUND); ++ TPM_R_FILE_NOT_FOUND); return NULL; } ++ } -+ EVP_PKEY_assign_RSA(pkey, rsa); -+ - return pkey; - } + blobstr = PEM_ASN1_read_bio((void *)d2i_ASN1_OCTET_STRING, + "TSS KEY BLOB", bf, NULL, NULL, NULL); + if (!blobstr) { + TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, +- TPM_R_FILE_READ_FAILED); ++ TPM_R_FILE_READ_FAILED); + BIO_free(bf); + return NULL; + } +@@ -611,7 +699,7 @@ + blobstr->length, + blobstr->data, &hKey))) { + TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, +- TPM_R_REQUEST_FAILED); ++ TPM_R_REQUEST_FAILED); + return NULL; + } + ASN1_OCTET_STRING_free(blobstr); +@@ -621,7 +709,7 @@ + &authusage))) { + Tspi_Context_CloseObject(hContext, hKey); + TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, +- TPM_R_REQUEST_FAILED); ++ TPM_R_REQUEST_FAILED); + return NULL; + } -@@ -782,6 +891,70 @@ +@@ -726,7 +814,7 @@ + TSS_POLICY_USAGE, + &hSRKPolicy))) { + TSSerr(TPM_F_TPM_CREATE_SRK_POLICY, +- TPM_R_REQUEST_FAILED); ++ TPM_R_REQUEST_FAILED); + return 0; + } + } +@@ -740,6 +828,70 @@ return 1; } @@ -289,7 +246,7 @@ http://sourceforge.net/mailarchive/messa + TSS_RESULT result; + TSS_HPCRS hPcrComposite; + TSS_VALIDATION tssVal; -+ ++ + unsigned int i = 0; + + struct quote_request *request = p; @@ -298,35 +255,35 @@ http://sourceforge.net/mailarchive/messa + + /* No app_data, this is not a TPM Key and we cannot use it for quote */ + if (!app_data) { -+ return 0; ++ return 0; + } + + /* Key is invalid */ + if (app_data->hKey == NULL_HKEY) { -+ TSSerr(TPM_F_TPM_QUOTE, TPM_R_INVALID_KEY); -+ return 0; ++ TSSerr(TPM_F_TPM_QUOTE, TPM_R_INVALID_KEY); ++ return 0; + } + -+ /* Set up PcrComposite Structure, this is a set ++ /* Set up PcrComposite Structure, this is a set + * of PCRs which will be used for the quote */ + result = -+ p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, -+ TSS_PCRS_STRUCT_INFO, &hPcrComposite); ++ p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, ++ TSS_PCRS_STRUCT_INFO, &hPcrComposite); + if (result != TSS_SUCCESS) { + TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED); -+ return 0; ++ return 0; + } + + /* Add all PCR values to be used to PcrComposite structure */ + for (i = 0; i < request->PCRSelLength; i++) { -+ if (request->PCRSel[i]) { -+ result = p_tspi_PcrComposite_SelectPcrIndex(hPcrComposite, i); ++ if (request->PCRSel[i]) { ++ result = p_tspi_PcrComposite_SelectPcrIndex(hPcrComposite, i); + -+ if (result != TSS_SUCCESS) { -+ TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ } ++ if (result != TSS_SUCCESS) { ++ TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED); ++ return 0; ++ } ++ } + } + + /* Set the nonce */ @@ -336,8 +293,8 @@ http://sourceforge.net/mailarchive/messa + result = p_tspi_TPM_Quote(hTPM, app_data->hKey, hPcrComposite, &tssVal); + + if (result != TSS_SUCCESS) { -+ TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED); -+ return 0; ++ TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED); ++ return 0; + } + + request->rgbData = tssVal.rgbData; @@ -351,8 +308,8 @@ http://sourceforge.net/mailarchive/messa + static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ()) { - int initialised = ((tpm_dso == NULL) ? 0 : 1); -@@ -820,6 +993,8 @@ + int initialised = !!hContext; +@@ -778,6 +930,8 @@ return 1; case TPM_CMD_PIN: return tpm_create_srk_policy(p); @@ -361,13 +318,47 @@ http://sourceforge.net/mailarchive/messa default: break; } -@@ -1104,7 +1279,12 @@ +@@ -832,7 +986,7 @@ + } + + static int tpm_rsa_pub_dec(int flen, +- const unsigned char *from, ++ unsigned char *from, + unsigned char *to, + RSA *rsa, + int padding) +@@ -851,7 +1005,7 @@ + } + + static int tpm_rsa_priv_dec(int flen, +- const unsigned char *from, ++ unsigned char *from, + unsigned char *to, + RSA *rsa, + int padding) +@@ -928,7 +1082,7 @@ + } + + static int tpm_rsa_pub_enc(int flen, +- const unsigned char *from, ++ unsigned char *from, + unsigned char *to, + RSA *rsa, + int padding) +@@ -1035,7 +1189,7 @@ + } + + static int tpm_rsa_priv_enc(int flen, +- const unsigned char *from, ++ unsigned char *from, + unsigned char *to, + RSA *rsa, + int padding) +@@ -1080,7 +1234,10 @@ } if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) { - if (flen != SHA_DIGEST_LENGTH) { -+ /* c.hol...@sirrix.com: Ugly hack, OpenSSL passes PKCS1v1.5 wrapped hash, -+ * original SHA1 is last 20 bytes */ + if (flen == SHA_DIGEST_LENGTH+15) { + from += 15; + flen = SHA_DIGEST_LENGTH; Modified: head/security/openssl_tpm_engine/pkg-plist ============================================================================== --- head/security/openssl_tpm_engine/pkg-plist Thu Jul 25 15:08:14 2013 (r323648) +++ head/security/openssl_tpm_engine/pkg-plist Thu Jul 25 15:30:11 2013 (r323649) @@ -1,9 +1,8 @@ +@comment $FreeBSD$ bin/create_tpm_key lib/openssl/engines/libtpm.a lib/openssl/engines/libtpm.la lib/openssl/engines/libtpm.so lib/openssl/engines/libtpm.so.0 -%%EXAMPLESDIR%%/openssl.cnf.sample @dirrm lib/openssl/engines @dirrm lib/openssl -@dirrm %%EXAMPLESDIR%%
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307251530.r6PFUBo2077062>