Date: Sat, 2 Mar 2019 23:48:27 +0000 (UTC) From: Hiroki Sato <hrs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r494466 - in head/security/openssl_tpm_engine: . files Message-ID: <201903022348.x22NmRXp006864@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hrs Date: Sat Mar 2 23:48:27 2019 New Revision: 494466 URL: https://svnweb.freebsd.org/changeset/ports/494466 Log: Update to v0.5.0 which supports OpenSSL 1.0.x/1.1.x. This is a forked version of OpenSSL TPM engine from the original upstream, TrouSerS project. Added: head/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample - copied, changed from r494465, head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample head/security/openssl_tpm_engine/files/patch-src-e_tpm.c - copied, changed from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm.c head/security/openssl_tpm_engine/files/patch-src-e_tpm.h - copied, changed from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm.h head/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c - copied, changed from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm_err.c Deleted: head/security/openssl_tpm_engine/files/patch-e_tpm.c head/security/openssl_tpm_engine/files/patch-e_tpm.h head/security/openssl_tpm_engine/files/patch-e_tpm_err.c head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample Modified: head/security/openssl_tpm_engine/Makefile head/security/openssl_tpm_engine/distinfo head/security/openssl_tpm_engine/pkg-descr Modified: head/security/openssl_tpm_engine/Makefile ============================================================================== --- head/security/openssl_tpm_engine/Makefile Sat Mar 2 23:43:01 2019 (r494465) +++ head/security/openssl_tpm_engine/Makefile Sat Mar 2 23:48:27 2019 (r494466) @@ -2,10 +2,9 @@ # $FreeBSD$ PORTNAME= openssl_tpm_engine -PORTVERSION= 0.4.2 -PORTREVISION= 4 +PORTVERSION= 0.5.0 +DISTVERSIONPREFIX= v CATEGORIES= security -MASTER_SITES= SF/trousers/OpenSSL%20TPM%20Engine/${PORTVERSION} MAINTAINER= hrs@FreeBSD.org COMMENT= OpenSSL TPM engine @@ -16,16 +15,16 @@ LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= ${LOCALBASE}/sbin/tcsd:security/trousers LIB_DEPENDS= libtspi.so:security/trousers -USES= autoreconf gmake libtool ssl +USES= autoreconf gmake libtool localbase ssl +USE_GITHUB= yes USE_LDCONFIG= yes + +GH_ACCOUNT= mgerstner GNU_CONFIGURE= yes -LDFLAGS+= -L${OPENSSLLIB} -lcrypto -L${LOCALBASE}/lib -CFLAGS+= -I${OPENSSLINC} -I${LOCALBASE}/include +CONFIGURE_ARGS= --with-openssl="${OPENSSLBASE}" SUB_FILES= pkg-message PLIST_FILES= bin/create_tpm_key \ - lib/openssl/engines/libtpm.so \ - lib/openssl/engines/libtpm.so.0 \ - lib/openssl/engines/libtpm.so.0.0.0 + lib/openssl/engines/tpm.so INSTALL_TARGET= install-strip PORTEXAMPLES= openssl.cnf.sample @@ -39,10 +38,11 @@ IGNORE= Detected LibreSSL (RAND_METHOD structure unsup post-patch: @${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' \ - ${WRKSRC}/openssl.cnf.sample + ${WRKSRC}/dist/openssl.cnf.sample post-install-EXAMPLES-on: @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} - ${INSTALL_DATA} ${WRKSRC}/openssl.cnf.sample ${STAGEDIR}${EXAMPLESDIR} + ${INSTALL_DATA} ${WRKSRC}/dist/openssl.cnf.sample \ + ${STAGEDIR}${EXAMPLESDIR} .include <bsd.port.post.mk> Modified: head/security/openssl_tpm_engine/distinfo ============================================================================== --- head/security/openssl_tpm_engine/distinfo Sat Mar 2 23:43:01 2019 (r494465) +++ head/security/openssl_tpm_engine/distinfo Sat Mar 2 23:48:27 2019 (r494466) @@ -1,2 +1,3 @@ -SHA256 (openssl_tpm_engine-0.4.2.tar.gz) = 2df697e583053f7047a89daa4585e21fc67cf4397ee34ece94cf2d4b4f7ab49c -SIZE (openssl_tpm_engine-0.4.2.tar.gz) = 528196 +TIMESTAMP = 1551568882 +SHA256 (mgerstner-openssl_tpm_engine-v0.5.0_GH0.tar.gz) = 328cc0ce0c1fd816c284efb79234be6157bb995d24a5e8065750f162aa72c060 +SIZE (mgerstner-openssl_tpm_engine-v0.5.0_GH0.tar.gz) = 25305 Copied and modified: head/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample (from r494465, head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample) ============================================================================== --- head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample Sat Mar 2 23:43:01 2019 (r494465, copy source) +++ head/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample Sat Mar 2 23:48:27 2019 (r494466) @@ -1,11 +1,11 @@ ---- openssl.cnf.sample.orig 2012-09-19 17:56:45 UTC -+++ openssl.cnf.sample +--- dist/openssl.cnf.sample.orig 2017-12-18 15:45:34 UTC ++++ dist/openssl.cnf.sample @@ -18,7 +18,7 @@ engines = engine_section foo = tpm_section [tpm_section] -dynamic_path = /usr/local/ssl/lib/engines/libtpm.so -+dynamic_path = %%PREFIX%%/lib/openssl/engines/libtpm.so ++dynamic_path = %%PREFIX%%/lib/openssl/engines/tpm.so engine_id = tpm default_algorithms = ALL #default_algorithms = RAND,RSA Copied and modified: head/security/openssl_tpm_engine/files/patch-src-e_tpm.c (from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm.c) ============================================================================== --- head/security/openssl_tpm_engine/files/patch-e_tpm.c Sat Mar 2 23:43:01 2019 (r494465, copy source) +++ head/security/openssl_tpm_engine/files/patch-src-e_tpm.c Sat Mar 2 23:48:27 2019 (r494466) @@ -1,14 +1,14 @@ ---- e_tpm.c.orig 2012-09-19 17:57:45 UTC -+++ e_tpm.c -@@ -35,6 +35,7 @@ +--- src/e_tpm.c.orig 2017-12-18 15:45:34 UTC ++++ src/e_tpm.c +@@ -34,6 +34,7 @@ #include <tss/tspi.h> #include <trousers/trousers.h> // XXX DEBUG +#include <trousers/tss.h> #include "e_tpm.h" - -@@ -55,10 +56,10 @@ static char *tpm_engine_get_auth(UI_METH + #include "ssl_compat.h" +@@ -55,10 +56,10 @@ static char *tpm_engine_get_auth(UI_METHOD *, char *, /* rsa functions */ static int tpm_rsa_init(RSA *rsa); static int tpm_rsa_finish(RSA *rsa); @@ -23,7 +23,7 @@ //static int tpm_rsa_sign(int, const unsigned char *, unsigned int, unsigned char *, unsigned int *, const RSA *); static int tpm_rsa_keygen(RSA *, int, BIGNUM *, BN_GENCB *); #endif -@@ -72,6 +73,7 @@ static void tpm_rand_seed(const void *, +@@ -72,6 +73,7 @@ static RAND_SEED_RET_TYPE tpm_rand_seed(const void *, #define TPM_CMD_SO_PATH ENGINE_CMD_BASE #define TPM_CMD_PIN ENGINE_CMD_BASE+1 #define TPM_CMD_SECRET_MODE ENGINE_CMD_BASE+2 @@ -31,7 +31,7 @@ static const ENGINE_CMD_DEFN tpm_cmd_defns[] = { {TPM_CMD_SO_PATH, "SO_PATH", -@@ -85,6 +87,10 @@ static const ENGINE_CMD_DEFN tpm_cmd_def +@@ -85,6 +87,10 @@ static const ENGINE_CMD_DEFN tpm_cmd_defns[] = { "SECRET_MODE", "The TSS secret mode for all secrets", ENGINE_CMD_FLAG_NUMERIC}, @@ -42,7 +42,7 @@ {0, NULL, NULL, 0} }; -@@ -167,6 +173,9 @@ static unsigned int (*p_tspi_Hash_SetHas +@@ -151,6 +157,9 @@ static unsigned int (*p_tspi_Hash_SetHashValue)(); static unsigned int (*p_tspi_GetPolicyObject)(); static unsigned int (*p_tspi_Policy_SetSecret)(); static unsigned int (*p_tspi_Policy_AssignToObject)(); @@ -52,7 +52,7 @@ /* Override the real function calls to use our indirect pointers */ #define Tspi_Context_Create p_tspi_Context_Create -@@ -193,6 +202,9 @@ static unsigned int (*p_tspi_Policy_Assi +@@ -177,6 +186,9 @@ static unsigned int (*p_tspi_Policy_AssignToObject)(); #define Tspi_Hash_SetHashValue p_tspi_Hash_SetHashValue #define Tspi_Policy_SetSecret p_tspi_Policy_SetSecret #define Tspi_Policy_AssignToObject p_tspi_Policy_AssignToObject @@ -61,8 +61,8 @@ +#define Tspi_NV_ReadValue p_tspi_NV_ReadValue #endif /* DLOPEN_TSPI */ - /* This internal function is used by ENGINE_tpm() and possibly by the -@@ -248,6 +260,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb + static int setup_rsa_method() +@@ -262,6 +274,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) TSS_RESULT result; UINT32 authusage; BYTE *auth; @@ -70,7 +70,7 @@ if (hSRK != NULL_HKEY) { DBGFN("SRK is already loaded."); -@@ -294,6 +307,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb +@@ -308,6 +321,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) return 0; } @@ -78,7 +78,7 @@ if ((auth = calloc(1, 128)) == NULL) { TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); return 0; -@@ -319,6 +333,15 @@ int tpm_load_srk(UI_METHOD *ui, void *cb +@@ -333,6 +347,15 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) free(auth); @@ -94,7 +94,7 @@ return 1; } -@@ -376,7 +399,10 @@ static int tpm_engine_init(ENGINE * e) +@@ -390,7 +413,10 @@ static int tpm_engine_init(ENGINE * e) !bind_tspi_func(tpm_dso, Context_GetTpmObject) || !bind_tspi_func(tpm_dso, GetAttribUint32) || !bind_tspi_func(tpm_dso, SetAttribData) || @@ -106,7 +106,7 @@ ) { TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE); goto err; -@@ -438,6 +464,9 @@ err: +@@ -452,6 +478,9 @@ err: p_tspi_Policy_AssignToObject = NULL; p_tspi_TPM_StirRandom = NULL; p_tspi_TPM_GetRandom = NULL; @@ -116,8 +116,8 @@ #endif return 0; } -@@ -566,6 +595,55 @@ int fill_out_rsa_object(RSA *rsa, TSS_HK - return 1; +@@ -590,6 +619,55 @@ err: + return 0; } +/* @@ -172,7 +172,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, UI_METHOD *ui, void *cb_data) { -@@ -580,7 +658,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG +@@ -604,7 +682,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const DBG("%s", __FUNCTION__); @@ -181,7 +181,7 @@ TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER); return NULL; } -@@ -590,17 +668,27 @@ static EVP_PKEY *tpm_engine_load_key(ENG +@@ -614,17 +692,27 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const return NULL; } @@ -211,7 +211,7 @@ BIO_free(bf); return NULL; } -@@ -611,7 +699,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG +@@ -635,7 +723,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const blobstr->length, blobstr->data, &hKey))) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, @@ -220,7 +220,7 @@ return NULL; } ASN1_OCTET_STRING_free(blobstr); -@@ -621,7 +709,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG +@@ -645,7 +733,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const &authusage))) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, @@ -229,7 +229,7 @@ return NULL; } -@@ -726,7 +814,7 @@ static int tpm_create_srk_policy(void *s +@@ -747,7 +835,7 @@ static int tpm_create_srk_policy(void *secret) TSS_POLICY_USAGE, &hSRKPolicy))) { TSSerr(TPM_F_TPM_CREATE_SRK_POLICY, @@ -238,7 +238,7 @@ return 0; } } -@@ -740,6 +828,70 @@ static int tpm_create_srk_policy(void *s +@@ -761,6 +849,70 @@ static int tpm_create_srk_policy(void *secret) return 1; } @@ -309,7 +309,7 @@ static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ()) { int initialised = !!hContext; -@@ -778,6 +930,8 @@ static int tpm_engine_ctrl(ENGINE * e, i +@@ -799,6 +951,8 @@ static int tpm_engine_ctrl(ENGINE * e, int cmd, long i return 1; case TPM_CMD_PIN: return tpm_create_srk_policy(p); @@ -318,7 +318,7 @@ default: break; } -@@ -832,7 +986,7 @@ static int tpm_rsa_finish(RSA *rsa) +@@ -853,7 +1007,7 @@ static int tpm_rsa_finish(RSA *rsa) } static int tpm_rsa_pub_dec(int flen, @@ -327,7 +327,7 @@ unsigned char *to, RSA *rsa, int padding) -@@ -851,7 +1005,7 @@ static int tpm_rsa_pub_dec(int flen, +@@ -872,7 +1026,7 @@ static int tpm_rsa_pub_dec(int flen, } static int tpm_rsa_priv_dec(int flen, @@ -336,7 +336,7 @@ unsigned char *to, RSA *rsa, int padding) -@@ -928,7 +1082,7 @@ static int tpm_rsa_priv_dec(int flen, +@@ -949,7 +1103,7 @@ static int tpm_rsa_priv_dec(int flen, } static int tpm_rsa_pub_enc(int flen, @@ -345,7 +345,7 @@ unsigned char *to, RSA *rsa, int padding) -@@ -1035,7 +1189,7 @@ static int tpm_rsa_pub_enc(int flen, +@@ -1056,7 +1210,7 @@ static int tpm_rsa_pub_enc(int flen, } static int tpm_rsa_priv_enc(int flen, @@ -354,7 +354,7 @@ unsigned char *to, RSA *rsa, int padding) -@@ -1080,7 +1234,10 @@ static int tpm_rsa_priv_enc(int flen, +@@ -1101,7 +1255,10 @@ static int tpm_rsa_priv_enc(int flen, } if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) { Copied and modified: head/security/openssl_tpm_engine/files/patch-src-e_tpm.h (from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm.h) ============================================================================== --- head/security/openssl_tpm_engine/files/patch-e_tpm.h Sat Mar 2 23:43:01 2019 (r494465, copy source) +++ head/security/openssl_tpm_engine/files/patch-src-e_tpm.h Sat Mar 2 23:48:27 2019 (r494466) @@ -1,8 +1,6 @@ -http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com - ---- e_tpm.h.orig 2012-09-12 15:32:53 UTC -+++ e_tpm.h -@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int rea +--- src/e_tpm.h.orig 2017-12-18 15:45:34 UTC ++++ src/e_tpm.h +@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int reason, char *fil #define TPM_F_TPM_FILL_RSA_OBJECT 116 #define TPM_F_TPM_ENGINE_GET_AUTH 117 #define TPM_F_TPM_CREATE_SRK_POLICY 118 @@ -11,7 +9,7 @@ http://sourceforge.net/mailarchive/message.php?msg_nam /* Reason codes. */ #define TPM_R_ALREADY_LOADED 100 -@@ -96,6 +98,7 @@ void ERR_TSS_error(int function, int rea +@@ -96,6 +98,7 @@ void ERR_TSS_error(int function, int reason, char *fil #define TPM_R_ID_INVALID 125 #define TPM_R_UI_METHOD_FAILED 126 #define TPM_R_UNKNOWN_SECRET_MODE 127 @@ -19,10 +17,12 @@ http://sourceforge.net/mailarchive/message.php?msg_nam /* structure pointed to by the RSA object's app_data pointer */ struct rsa_app_data -@@ -107,6 +110,25 @@ struct rsa_app_data +@@ -105,6 +108,25 @@ struct rsa_app_data + TSS_HENCDATA hEncData; + UINT32 encScheme; UINT32 sigScheme; - }; - ++}; ++ +/* Added by c.hol...@sirrix.com */ +struct quote_request +{ @@ -40,8 +40,6 @@ http://sourceforge.net/mailarchive/message.php?msg_nam +{ + unsigned int index; + unsigned int length; -+}; -+ - #define TPM_ENGINE_EX_DATA_UNINIT -1 - #define RSA_PKCS1_OAEP_PADDING_SIZE (2 * SHA_DIGEST_LENGTH + 2) + }; + #define TPM_ENGINE_EX_DATA_UNINIT -1 Copied and modified: head/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c (from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm_err.c) ============================================================================== --- head/security/openssl_tpm_engine/files/patch-e_tpm_err.c Sat Mar 2 23:43:01 2019 (r494465, copy source) +++ head/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c Sat Mar 2 23:48:27 2019 (r494466) @@ -1,8 +1,6 @@ -http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com - ---- e_tpm_err.c.orig 2011-01-20 18:24:04 UTC -+++ e_tpm_err.c -@@ -235,6 +235,7 @@ static ERR_STRING_DATA TPM_str_functs[] +--- src/e_tpm_err.c.orig 2017-12-18 15:45:34 UTC ++++ src/e_tpm_err.c +@@ -234,6 +234,7 @@ static ERR_STRING_DATA TPM_str_functs[] = { {ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"}, {ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"}, {ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"}, @@ -10,7 +8,7 @@ http://sourceforge.net/mailarchive/message.php?msg_nam {0, NULL} }; -@@ -265,6 +266,7 @@ static ERR_STRING_DATA TPM_str_reasons[] +@@ -264,6 +265,7 @@ static ERR_STRING_DATA TPM_str_reasons[] = { {TPM_R_FILE_READ_FAILED, "failed reading the key file"}, {TPM_R_ID_INVALID, "engine id doesn't match"}, {TPM_R_UI_METHOD_FAILED, "ui function failed"}, Modified: head/security/openssl_tpm_engine/pkg-descr ============================================================================== --- head/security/openssl_tpm_engine/pkg-descr Sat Mar 2 23:43:01 2019 (r494465) +++ head/security/openssl_tpm_engine/pkg-descr Sat Mar 2 23:48:27 2019 (r494466) @@ -1,3 +1,8 @@ -This package contains 2 sets of code, a command-line utility used to -generate a TSS key blob and write it to disk and an OpenSSL engine -which interfaces with the TSS API. +This is a forked version of OpenSSL TPM engine from the original +upstream, TrouSerS project. + +This package contains two sets of code, a command-line utility used to +generate a TSS key blob and write it to disk and an OpenSSL engine which +interfaces with the TSS API. + +WWW: https://github.com/mgerstner/openssl_tpm_engine
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903022348.x22NmRXp006864>