Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 2 Mar 2019 23:48:27 +0000 (UTC)
From:      Hiroki Sato <hrs@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r494466 - in head/security/openssl_tpm_engine: . files
Message-ID:  <201903022348.x22NmRXp006864@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: hrs
Date: Sat Mar  2 23:48:27 2019
New Revision: 494466
URL: https://svnweb.freebsd.org/changeset/ports/494466

Log:
  Update to v0.5.0 which supports OpenSSL 1.0.x/1.1.x.
  
  This is a forked version of OpenSSL TPM engine from the original
  upstream, TrouSerS project.

Added:
  head/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample
     - copied, changed from r494465, head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample
  head/security/openssl_tpm_engine/files/patch-src-e_tpm.c
     - copied, changed from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm.c
  head/security/openssl_tpm_engine/files/patch-src-e_tpm.h
     - copied, changed from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm.h
  head/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c
     - copied, changed from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm_err.c
Deleted:
  head/security/openssl_tpm_engine/files/patch-e_tpm.c
  head/security/openssl_tpm_engine/files/patch-e_tpm.h
  head/security/openssl_tpm_engine/files/patch-e_tpm_err.c
  head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample
Modified:
  head/security/openssl_tpm_engine/Makefile
  head/security/openssl_tpm_engine/distinfo
  head/security/openssl_tpm_engine/pkg-descr

Modified: head/security/openssl_tpm_engine/Makefile
==============================================================================
--- head/security/openssl_tpm_engine/Makefile	Sat Mar  2 23:43:01 2019	(r494465)
+++ head/security/openssl_tpm_engine/Makefile	Sat Mar  2 23:48:27 2019	(r494466)
@@ -2,10 +2,9 @@
 # $FreeBSD$
 
 PORTNAME=	openssl_tpm_engine
-PORTVERSION=	0.4.2
-PORTREVISION=	4
+PORTVERSION=	0.5.0
+DISTVERSIONPREFIX=	v
 CATEGORIES=	security
-MASTER_SITES=	SF/trousers/OpenSSL%20TPM%20Engine/${PORTVERSION}
 
 MAINTAINER=	hrs@FreeBSD.org
 COMMENT=	OpenSSL TPM engine
@@ -16,16 +15,16 @@ LICENSE_FILE=	${WRKSRC}/LICENSE
 RUN_DEPENDS=	${LOCALBASE}/sbin/tcsd:security/trousers
 LIB_DEPENDS=	libtspi.so:security/trousers
 
-USES=		autoreconf gmake libtool ssl
+USES=		autoreconf gmake libtool localbase ssl
+USE_GITHUB=	yes
 USE_LDCONFIG=	yes
+
+GH_ACCOUNT=	mgerstner
 GNU_CONFIGURE=	yes
-LDFLAGS+=	-L${OPENSSLLIB} -lcrypto -L${LOCALBASE}/lib
-CFLAGS+=	-I${OPENSSLINC} -I${LOCALBASE}/include
+CONFIGURE_ARGS=	--with-openssl="${OPENSSLBASE}"
 SUB_FILES=	pkg-message
 PLIST_FILES=	bin/create_tpm_key \
-		lib/openssl/engines/libtpm.so \
-		lib/openssl/engines/libtpm.so.0 \
-		lib/openssl/engines/libtpm.so.0.0.0
+		lib/openssl/engines/tpm.so
 INSTALL_TARGET=	install-strip
 PORTEXAMPLES=	openssl.cnf.sample
 
@@ -39,10 +38,11 @@ IGNORE=	Detected LibreSSL (RAND_METHOD structure unsup
 
 post-patch:
 	@${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' \
-	    ${WRKSRC}/openssl.cnf.sample
+	    ${WRKSRC}/dist/openssl.cnf.sample
 
 post-install-EXAMPLES-on:
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
-	${INSTALL_DATA} ${WRKSRC}/openssl.cnf.sample ${STAGEDIR}${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKSRC}/dist/openssl.cnf.sample \
+	    ${STAGEDIR}${EXAMPLESDIR}
 
 .include <bsd.port.post.mk>

Modified: head/security/openssl_tpm_engine/distinfo
==============================================================================
--- head/security/openssl_tpm_engine/distinfo	Sat Mar  2 23:43:01 2019	(r494465)
+++ head/security/openssl_tpm_engine/distinfo	Sat Mar  2 23:48:27 2019	(r494466)
@@ -1,2 +1,3 @@
-SHA256 (openssl_tpm_engine-0.4.2.tar.gz) = 2df697e583053f7047a89daa4585e21fc67cf4397ee34ece94cf2d4b4f7ab49c
-SIZE (openssl_tpm_engine-0.4.2.tar.gz) = 528196
+TIMESTAMP = 1551568882
+SHA256 (mgerstner-openssl_tpm_engine-v0.5.0_GH0.tar.gz) = 328cc0ce0c1fd816c284efb79234be6157bb995d24a5e8065750f162aa72c060
+SIZE (mgerstner-openssl_tpm_engine-v0.5.0_GH0.tar.gz) = 25305

Copied and modified: head/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample (from r494465, head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample)
==============================================================================
--- head/security/openssl_tpm_engine/files/patch-openssl.cnf.sample	Sat Mar  2 23:43:01 2019	(r494465, copy source)
+++ head/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample	Sat Mar  2 23:48:27 2019	(r494466)
@@ -1,11 +1,11 @@
---- openssl.cnf.sample.orig	2012-09-19 17:56:45 UTC
-+++ openssl.cnf.sample
+--- dist/openssl.cnf.sample.orig	2017-12-18 15:45:34 UTC
++++ dist/openssl.cnf.sample
 @@ -18,7 +18,7 @@ engines = engine_section
  foo = tpm_section
  
  [tpm_section]
 -dynamic_path = /usr/local/ssl/lib/engines/libtpm.so
-+dynamic_path = %%PREFIX%%/lib/openssl/engines/libtpm.so
++dynamic_path = %%PREFIX%%/lib/openssl/engines/tpm.so
  engine_id = tpm
  default_algorithms = ALL
  #default_algorithms = RAND,RSA

Copied and modified: head/security/openssl_tpm_engine/files/patch-src-e_tpm.c (from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm.c)
==============================================================================
--- head/security/openssl_tpm_engine/files/patch-e_tpm.c	Sat Mar  2 23:43:01 2019	(r494465, copy source)
+++ head/security/openssl_tpm_engine/files/patch-src-e_tpm.c	Sat Mar  2 23:48:27 2019	(r494466)
@@ -1,14 +1,14 @@
---- e_tpm.c.orig	2012-09-19 17:57:45 UTC
-+++ e_tpm.c
-@@ -35,6 +35,7 @@
+--- src/e_tpm.c.orig	2017-12-18 15:45:34 UTC
++++ src/e_tpm.c
+@@ -34,6 +34,7 @@
  #include <tss/tspi.h>
  
  #include <trousers/trousers.h>  // XXX DEBUG
 +#include <trousers/tss.h>
  
  #include "e_tpm.h"
- 
-@@ -55,10 +56,10 @@ static char *tpm_engine_get_auth(UI_METH
+ #include "ssl_compat.h"
+@@ -55,10 +56,10 @@ static char *tpm_engine_get_auth(UI_METHOD *, char *, 
  /* rsa functions */
  static int tpm_rsa_init(RSA *rsa);
  static int tpm_rsa_finish(RSA *rsa);
@@ -23,7 +23,7 @@
  //static int tpm_rsa_sign(int, const unsigned char *, unsigned int, unsigned char *, unsigned int *, const RSA *);
  static int tpm_rsa_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
  #endif
-@@ -72,6 +73,7 @@ static void tpm_rand_seed(const void *, 
+@@ -72,6 +73,7 @@ static RAND_SEED_RET_TYPE tpm_rand_seed(const void *, 
  #define TPM_CMD_SO_PATH		ENGINE_CMD_BASE
  #define TPM_CMD_PIN		ENGINE_CMD_BASE+1
  #define TPM_CMD_SECRET_MODE	ENGINE_CMD_BASE+2
@@ -31,7 +31,7 @@
  static const ENGINE_CMD_DEFN tpm_cmd_defns[] = {
  	{TPM_CMD_SO_PATH,
  	 "SO_PATH",
-@@ -85,6 +87,10 @@ static const ENGINE_CMD_DEFN tpm_cmd_def
+@@ -85,6 +87,10 @@ static const ENGINE_CMD_DEFN tpm_cmd_defns[] = {
  	 "SECRET_MODE",
  	 "The TSS secret mode for all secrets",
  	 ENGINE_CMD_FLAG_NUMERIC},
@@ -42,7 +42,7 @@
  	{0, NULL, NULL, 0}
  };
  
-@@ -167,6 +173,9 @@ static unsigned int (*p_tspi_Hash_SetHas
+@@ -151,6 +157,9 @@ static unsigned int (*p_tspi_Hash_SetHashValue)();
  static unsigned int (*p_tspi_GetPolicyObject)();
  static unsigned int (*p_tspi_Policy_SetSecret)();
  static unsigned int (*p_tspi_Policy_AssignToObject)();
@@ -52,7 +52,7 @@
  
  /* Override the real function calls to use our indirect pointers */
  #define Tspi_Context_Create p_tspi_Context_Create
-@@ -193,6 +202,9 @@ static unsigned int (*p_tspi_Policy_Assi
+@@ -177,6 +186,9 @@ static unsigned int (*p_tspi_Policy_AssignToObject)();
  #define Tspi_Hash_SetHashValue p_tspi_Hash_SetHashValue
  #define Tspi_Policy_SetSecret p_tspi_Policy_SetSecret
  #define Tspi_Policy_AssignToObject p_tspi_Policy_AssignToObject
@@ -61,8 +61,8 @@
 +#define	Tspi_NV_ReadValue p_tspi_NV_ReadValue
  #endif /* DLOPEN_TSPI */
  
- /* This internal function is used by ENGINE_tpm() and possibly by the
-@@ -248,6 +260,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
+ static int setup_rsa_method()
+@@ -262,6 +274,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
  	TSS_RESULT result;
  	UINT32 authusage;
  	BYTE *auth;
@@ -70,7 +70,7 @@
  
  	if (hSRK != NULL_HKEY) {
  		DBGFN("SRK is already loaded.");
-@@ -294,6 +307,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
+@@ -308,6 +321,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
  		return 0;
  	}
  
@@ -78,7 +78,7 @@
  	if ((auth = calloc(1, 128)) == NULL) {
  		TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
  		return 0;
-@@ -319,6 +333,15 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
+@@ -333,6 +347,15 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
  
  	free(auth);
  
@@ -94,7 +94,7 @@
  	return 1;
  }
  
-@@ -376,7 +399,10 @@ static int tpm_engine_init(ENGINE * e)
+@@ -390,7 +413,10 @@ static int tpm_engine_init(ENGINE * e)
  	    !bind_tspi_func(tpm_dso, Context_GetTpmObject) ||
  	    !bind_tspi_func(tpm_dso, GetAttribUint32) ||
  	    !bind_tspi_func(tpm_dso, SetAttribData) ||
@@ -106,7 +106,7 @@
  	    ) {
  		TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE);
  		goto err;
-@@ -438,6 +464,9 @@ err:
+@@ -452,6 +478,9 @@ err:
  	p_tspi_Policy_AssignToObject = NULL;
  	p_tspi_TPM_StirRandom = NULL;
  	p_tspi_TPM_GetRandom = NULL;
@@ -116,8 +116,8 @@
  #endif
  	return 0;
  }
-@@ -566,6 +595,55 @@ int fill_out_rsa_object(RSA *rsa, TSS_HK
- 	return 1;
+@@ -590,6 +619,55 @@ err:
+ 	return 0;
  }
  
 +/*
@@ -172,7 +172,7 @@
  static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id,
  				     UI_METHOD *ui, void *cb_data)
  {
-@@ -580,7 +658,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG
+@@ -604,7 +682,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
  
  	DBG("%s", __FUNCTION__);
  
@@ -181,7 +181,7 @@
  		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER);
  		return NULL;
  	}
-@@ -590,17 +668,27 @@ static EVP_PKEY *tpm_engine_load_key(ENG
+@@ -614,17 +692,27 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
  		return NULL;
  	}
  
@@ -211,7 +211,7 @@
  		BIO_free(bf);
  		return NULL;
  	}
-@@ -611,7 +699,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG
+@@ -635,7 +723,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
  						   blobstr->length,
  						   blobstr->data, &hKey))) {
  		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
@@ -220,7 +220,7 @@
  		return NULL;
  	}
  	ASN1_OCTET_STRING_free(blobstr);
-@@ -621,7 +709,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG
+@@ -645,7 +733,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
  					     &authusage))) {
  		Tspi_Context_CloseObject(hContext, hKey);
  		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
@@ -229,7 +229,7 @@
  		return NULL;
  	}
  
-@@ -726,7 +814,7 @@ static int tpm_create_srk_policy(void *s
+@@ -747,7 +835,7 @@ static int tpm_create_srk_policy(void *secret)
  							  TSS_POLICY_USAGE,
  							  &hSRKPolicy))) {
  			TSSerr(TPM_F_TPM_CREATE_SRK_POLICY,
@@ -238,7 +238,7 @@
  			return 0;
  		}
  	}
-@@ -740,6 +828,70 @@ static int tpm_create_srk_policy(void *s
+@@ -761,6 +849,70 @@ static int tpm_create_srk_policy(void *secret)
  	return 1;
  }
  
@@ -309,7 +309,7 @@
  static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
  {
  	int initialised = !!hContext;
-@@ -778,6 +930,8 @@ static int tpm_engine_ctrl(ENGINE * e, i
+@@ -799,6 +951,8 @@ static int tpm_engine_ctrl(ENGINE * e, int cmd, long i
  			return 1;
  		case TPM_CMD_PIN:
  			return tpm_create_srk_policy(p);
@@ -318,7 +318,7 @@
  		default:
  			break;
  	}
-@@ -832,7 +986,7 @@ static int tpm_rsa_finish(RSA *rsa)
+@@ -853,7 +1007,7 @@ static int tpm_rsa_finish(RSA *rsa)
  }
  
  static int tpm_rsa_pub_dec(int flen,
@@ -327,7 +327,7 @@
  			   unsigned char *to,
  			   RSA *rsa,
  			   int padding)
-@@ -851,7 +1005,7 @@ static int tpm_rsa_pub_dec(int flen,
+@@ -872,7 +1026,7 @@ static int tpm_rsa_pub_dec(int flen,
  }
  
  static int tpm_rsa_priv_dec(int flen,
@@ -336,7 +336,7 @@
  			    unsigned char *to,
  			    RSA *rsa,
  			    int padding)
-@@ -928,7 +1082,7 @@ static int tpm_rsa_priv_dec(int flen,
+@@ -949,7 +1103,7 @@ static int tpm_rsa_priv_dec(int flen,
  }
  
  static int tpm_rsa_pub_enc(int flen,
@@ -345,7 +345,7 @@
  			   unsigned char *to,
  			   RSA *rsa,
  			   int padding)
-@@ -1035,7 +1189,7 @@ static int tpm_rsa_pub_enc(int flen,
+@@ -1056,7 +1210,7 @@ static int tpm_rsa_pub_enc(int flen,
  }
  
  static int tpm_rsa_priv_enc(int flen,
@@ -354,7 +354,7 @@
  			    unsigned char *to,
  			    RSA *rsa,
  			    int padding)
-@@ -1080,7 +1234,10 @@ static int tpm_rsa_priv_enc(int flen,
+@@ -1101,7 +1255,10 @@ static int tpm_rsa_priv_enc(int flen,
  	}
  
  	if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) {

Copied and modified: head/security/openssl_tpm_engine/files/patch-src-e_tpm.h (from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm.h)
==============================================================================
--- head/security/openssl_tpm_engine/files/patch-e_tpm.h	Sat Mar  2 23:43:01 2019	(r494465, copy source)
+++ head/security/openssl_tpm_engine/files/patch-src-e_tpm.h	Sat Mar  2 23:48:27 2019	(r494466)
@@ -1,8 +1,6 @@
-http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com
-
---- e_tpm.h.orig	2012-09-12 15:32:53 UTC
-+++ e_tpm.h
-@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int rea
+--- src/e_tpm.h.orig	2017-12-18 15:45:34 UTC
++++ src/e_tpm.h
+@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int reason, char *fil
  #define TPM_F_TPM_FILL_RSA_OBJECT		116
  #define TPM_F_TPM_ENGINE_GET_AUTH		117
  #define TPM_F_TPM_CREATE_SRK_POLICY		118
@@ -11,7 +9,7 @@ http://sourceforge.net/mailarchive/message.php?msg_nam
  
  /* Reason codes. */
  #define TPM_R_ALREADY_LOADED			100
-@@ -96,6 +98,7 @@ void ERR_TSS_error(int function, int rea
+@@ -96,6 +98,7 @@ void ERR_TSS_error(int function, int reason, char *fil
  #define TPM_R_ID_INVALID			125
  #define TPM_R_UI_METHOD_FAILED			126
  #define TPM_R_UNKNOWN_SECRET_MODE		127
@@ -19,10 +17,12 @@ http://sourceforge.net/mailarchive/message.php?msg_nam
  
  /* structure pointed to by the RSA object's app_data pointer */
  struct rsa_app_data
-@@ -107,6 +110,25 @@ struct rsa_app_data
+@@ -105,6 +108,25 @@ struct rsa_app_data
+ 	TSS_HENCDATA hEncData;
+ 	UINT32 encScheme;
  	UINT32 sigScheme;
- };
- 
++};
++
 +/* Added by c.hol...@sirrix.com */
 +struct quote_request
 +{
@@ -40,8 +40,6 @@ http://sourceforge.net/mailarchive/message.php?msg_nam
 +{
 +	unsigned int index;
 +	unsigned int length;
-+};
-+
- #define TPM_ENGINE_EX_DATA_UNINIT		-1
- #define RSA_PKCS1_OAEP_PADDING_SIZE		(2 * SHA_DIGEST_LENGTH + 2)
+ };
  
+ #define TPM_ENGINE_EX_DATA_UNINIT		-1

Copied and modified: head/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c (from r494465, head/security/openssl_tpm_engine/files/patch-e_tpm_err.c)
==============================================================================
--- head/security/openssl_tpm_engine/files/patch-e_tpm_err.c	Sat Mar  2 23:43:01 2019	(r494465, copy source)
+++ head/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c	Sat Mar  2 23:48:27 2019	(r494466)
@@ -1,8 +1,6 @@
-http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com
-
---- e_tpm_err.c.orig	2011-01-20 18:24:04 UTC
-+++ e_tpm_err.c
-@@ -235,6 +235,7 @@ static ERR_STRING_DATA TPM_str_functs[] 
+--- src/e_tpm_err.c.orig	2017-12-18 15:45:34 UTC
++++ src/e_tpm_err.c
+@@ -234,6 +234,7 @@ static ERR_STRING_DATA TPM_str_functs[] = {
  	{ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"},
  	{ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"},
  	{ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"},
@@ -10,7 +8,7 @@ http://sourceforge.net/mailarchive/message.php?msg_nam
  	{0, NULL}
  };
  
-@@ -265,6 +266,7 @@ static ERR_STRING_DATA TPM_str_reasons[]
+@@ -264,6 +265,7 @@ static ERR_STRING_DATA TPM_str_reasons[] = {
  	{TPM_R_FILE_READ_FAILED, "failed reading the key file"},
  	{TPM_R_ID_INVALID, "engine id doesn't match"},
  	{TPM_R_UI_METHOD_FAILED, "ui function failed"},

Modified: head/security/openssl_tpm_engine/pkg-descr
==============================================================================
--- head/security/openssl_tpm_engine/pkg-descr	Sat Mar  2 23:43:01 2019	(r494465)
+++ head/security/openssl_tpm_engine/pkg-descr	Sat Mar  2 23:48:27 2019	(r494466)
@@ -1,3 +1,8 @@
-This package contains 2 sets of code, a command-line utility used to
-generate a TSS key blob and write it to disk and an OpenSSL engine
-which interfaces with the TSS API.
+This is a forked version of OpenSSL TPM engine from the original
+upstream, TrouSerS project.
+
+This package contains two sets of code, a command-line utility used to
+generate a TSS key blob and write it to disk and an OpenSSL engine which
+interfaces with the TSS API.
+
+WWW: https://github.com/mgerstner/openssl_tpm_engine



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903022348.x22NmRXp006864>