Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openssl_tpm2_engine for
openSUSE:Factory checked in at 2025-03-01 19:16:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl_tpm2_engine (Old)
and /work/SRC/openSUSE:Factory/.openssl_tpm2_engine.new.19136 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl_tpm2_engine"
Sat Mar 1 19:16:28 2025 rev:20 rq:1249302 version:4.4.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl_tpm2_engine/openssl_tpm2_engine.changes
2024-11-06 16:53:31.435978133 +0100
+++
/work/SRC/openSUSE:Factory/.openssl_tpm2_engine.new.19136/openssl_tpm2_engine.changes
2025-03-01 19:16:47.093672698 +0100
@@ -1,0 +2,7 @@
+Fri Feb 28 15:10:33 UTC 2025 - James Bottomley
<[email protected]>
+
+- Update to version 4.4.2
+ * Fix TLS certificate signing challenges
+ * Fix openvpn using the tpm2 provider
+
+-------------------------------------------------------------------
Old:
----
openssl_tpm2_engine-4.4.1.tar.gz
New:
----
openssl_tpm2_engine-4.4.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl_tpm2_engine.spec ++++++
--- /var/tmp/diff_new_pack.zoecHA/_old 2025-03-01 19:16:47.733699258 +0100
+++ /var/tmp/diff_new_pack.zoecHA/_new 2025-03-01 19:16:47.737699423 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openssl_tpm2_engine
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2017 [email protected]
#
# All modifications and additions to the file contributed by third parties
@@ -18,7 +18,7 @@
Name: openssl_tpm2_engine
-Version: 4.4.1
+Version: 4.4.2
Release: 0
Summary: OpenSSL TPM 2.0 interface engine plugin
License: LGPL-2.1-only
++++++ openssl_tpm2_engine-4.4.1.tar.gz -> openssl_tpm2_engine-4.4.2.tar.gz
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openssl_tpm2_engine-4.4.1/configure.ac
new/openssl_tpm2_engine-4.4.2/configure.ac
--- old/openssl_tpm2_engine-4.4.1/configure.ac 2024-11-05 15:15:24.000000000
+0100
+++ new/openssl_tpm2_engine-4.4.2/configure.ac 2025-02-28 16:04:33.000000000
+0100
@@ -2,7 +2,7 @@
# configure.in for the OpenSSL TPM engine project
#
-AC_INIT(openssl-tpm2-engine, 4.4.1, <[email protected]>)
+AC_INIT(openssl-tpm2-engine, 4.4.2, <[email protected]>)
AM_INIT_AUTOMAKE([foreign 1.6.3])
AC_CANONICAL_HOST
AM_CONDITIONAL(NATIVE_BUILD, test "x$cross_compiling" = "xno")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openssl_tpm2_engine-4.4.1/src/opensslmissing/signature.c
new/openssl_tpm2_engine-4.4.2/src/opensslmissing/signature.c
--- old/openssl_tpm2_engine-4.4.1/src/opensslmissing/signature.c
2024-11-05 15:15:24.000000000 +0100
+++ new/openssl_tpm2_engine-4.4.2/src/opensslmissing/signature.c
2025-02-28 16:04:33.000000000 +0100
@@ -248,10 +248,27 @@
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_PSS_SALTLEN);
if (p) {
- if (p->data_type != OSSL_PARAM_INTEGER)
- return 0;
- if (!OSSL_PARAM_get_int(p, &ctx->salt_len))
+ fprintf(stderr, "LOCATED saltlen\n");
+ if (p->data_type == OSSL_PARAM_INTEGER) {
+ if (!OSSL_PARAM_get_int(p, &ctx->salt_len))
+ return 0;
+ } else if (p->data_type == OSSL_PARAM_UTF8_STRING) {
+ if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST)
+ == 0)
+ ctx->salt_len = RSA_PSS_SALTLEN_DIGEST;
+ else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_MAX)
+ == 0)
+ ctx->salt_len = RSA_PSS_SALTLEN_MAX;
+ else if (strcmp(p->data,
OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO)
+ == 0)
+ ctx->salt_len = RSA_PSS_SALTLEN_AUTO;
+ else if (strcmp(p->data,
OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX) == 0)
+ ctx->salt_len = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX;
+ else
+ ctx->salt_len = atoi(p->data);
+ } else {
return 0;
+ }
}
return 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openssl_tpm2_engine-4.4.1/src/provider/decode_encode.c
new/openssl_tpm2_engine-4.4.2/src/provider/decode_encode.c
--- old/openssl_tpm2_engine-4.4.1/src/provider/decode_encode.c 2024-11-05
15:15:24.000000000 +0100
+++ new/openssl_tpm2_engine-4.4.2/src/provider/decode_encode.c 2025-02-28
16:04:33.000000000 +0100
@@ -199,13 +199,13 @@
/* only provide pretty print encoders. All other key saves
* are done by keymgmt export (which means only public keys) */
-const OSSL_ALGORITHM encoders[] = {
+const OSSL_ALGORITHM tpm2_encoders[] = {
{ "RSA", "provider=tpm2,output=text", encode_text_fns },
{ "EC", "provider=tpm2,output=text", encode_text_fns },
{ NULL, NULL, NULL }
};
-const OSSL_ALGORITHM decoders[] = {
+const OSSL_ALGORITHM tpm2_decoders[] = {
{ "DER", "provider=tpm2,input=pem", decode_pem_fns },
{ "RSA", "provider=tpm2,input=der,structure=TPM2", decode_rsa_fns },
{ "EC", "provider=tpm2,input=der,structure=TPM2", decode_ec_fns },
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openssl_tpm2_engine-4.4.1/src/provider/decryption.c
new/openssl_tpm2_engine-4.4.2/src/provider/decryption.c
--- old/openssl_tpm2_engine-4.4.1/src/provider/decryption.c 2024-11-05
15:15:24.000000000 +0100
+++ new/openssl_tpm2_engine-4.4.2/src/provider/decryption.c 2025-02-28
16:04:33.000000000 +0100
@@ -170,12 +170,12 @@
{ 0, NULL }
};
-const OSSL_ALGORITHM asymciphers[] = {
+const OSSL_ALGORITHM tpm2_asymciphers[] = {
{ "RSA", "provider=tpm2", asymcipher_fns },
{ NULL, NULL, NULL }
};
-const OSSL_ALGORITHM keyexchs[] = {
+const OSSL_ALGORITHM tpm2_keyexchs[] = {
{ "EC", "provider=tpm2", keyexch_fns },
{ NULL, NULL, NULL }
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openssl_tpm2_engine-4.4.1/src/provider/keymgmt.c
new/openssl_tpm2_engine-4.4.2/src/provider/keymgmt.c
--- old/openssl_tpm2_engine-4.4.1/src/provider/keymgmt.c 2024-11-05
15:15:24.000000000 +0100
+++ new/openssl_tpm2_engine-4.4.2/src/provider/keymgmt.c 2025-02-28
16:04:33.000000000 +0100
@@ -244,7 +244,7 @@
{ 0, NULL}
};
-const OSSL_ALGORITHM keymgmts[]= {
+const OSSL_ALGORITHM tpm2_keymgmts[]= {
{ "RSA", "provider=tpm2", rsa_keymgmt_fns },
{ "EC", "provider=tpm2", ec_keymgmt_fns },
{ NULL, NULL, NULL}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openssl_tpm2_engine-4.4.1/src/provider/provider.c
new/openssl_tpm2_engine-4.4.2/src/provider/provider.c
--- old/openssl_tpm2_engine-4.4.1/src/provider/provider.c 2024-11-05
15:15:24.000000000 +0100
+++ new/openssl_tpm2_engine-4.4.2/src/provider/provider.c 2025-02-28
16:04:33.000000000 +0100
@@ -67,13 +67,13 @@
const OSSL_ALGORITHM *alg;
const char *desc;
} queries[] = {
- QOP(OSSL_OP_DECODER, decoders),
- QOP(OSSL_OP_ENCODER, encoders),
- QOP(OSSL_OP_KEYMGMT, keymgmts),
- QOP(OSSL_OP_SIGNATURE, signatures),
- QOP(OSSL_OP_ASYM_CIPHER, asymciphers),
- QOP(OSSL_OP_KEYEXCH, keyexchs),
- QOP(OSSL_OP_STORE, stores),
+ QOP(OSSL_OP_DECODER, tpm2_decoders),
+ QOP(OSSL_OP_ENCODER, tpm2_encoders),
+ QOP(OSSL_OP_KEYMGMT, tpm2_keymgmts),
+ QOP(OSSL_OP_SIGNATURE, tpm2_signatures),
+ QOP(OSSL_OP_ASYM_CIPHER, tpm2_asymciphers),
+ QOP(OSSL_OP_KEYEXCH, tpm2_keyexchs),
+ QOP(OSSL_OP_STORE, tpm2_stores),
};
static const OSSL_ALGORITHM *p_query(void *provctx, int operation_id,
@@ -132,7 +132,7 @@
if (nvprefix[i] == ':')
nvprefix[i] = 0;
- stores[0].algorithm_names = nvprefix;
+ tpm2_stores[0].algorithm_names = nvprefix;
libctx = OSSL_LIB_CTX_new_from_dispatch(handle, in);
if (libctx == NULL) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openssl_tpm2_engine-4.4.1/src/provider/provider.h
new/openssl_tpm2_engine-4.4.2/src/provider/provider.h
--- old/openssl_tpm2_engine-4.4.1/src/provider/provider.h 2024-11-05
15:15:24.000000000 +0100
+++ new/openssl_tpm2_engine-4.4.2/src/provider/provider.h 2025-02-28
16:04:33.000000000 +0100
@@ -25,28 +25,28 @@
int *size);
/* decode_encode.c */
-extern const OSSL_ALGORITHM encoders[];
-extern const OSSL_ALGORITHM decoders[];
+extern const OSSL_ALGORITHM tpm2_encoders[];
+extern const OSSL_ALGORITHM tpm2_decoders[];
/* keymgmt.c */
-extern const OSSL_ALGORITHM keymgmts[];
+extern const OSSL_ALGORITHM tpm2_keymgmts[];
void *tpm2_keymgmt_new(void *pctx); /* needed by decode_encode.c */
void tpm2_keymgmt_free(void *ref); /* needed by decryption.c */
/* signatures.c */
-extern const OSSL_ALGORITHM signatures[];
+extern const OSSL_ALGORITHM tpm2_signatures[];
/* decryption.c */
-extern const OSSL_ALGORITHM asymciphers[];
-extern const OSSL_ALGORITHM keyexchs[];
+extern const OSSL_ALGORITHM tpm2_asymciphers[];
+extern const OSSL_ALGORITHM tpm2_keyexchs[];
/* store.c */
-extern OSSL_ALGORITHM stores[];
+extern OSSL_ALGORITHM tpm2_stores[];
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openssl_tpm2_engine-4.4.1/src/provider/signatures.c
new/openssl_tpm2_engine-4.4.2/src/provider/signatures.c
--- old/openssl_tpm2_engine-4.4.1/src/provider/signatures.c 2024-11-05
15:15:24.000000000 +0100
+++ new/openssl_tpm2_engine-4.4.2/src/provider/signatures.c 2025-02-28
16:04:33.000000000 +0100
@@ -174,7 +174,7 @@
{ 0, NULL }
};
-const OSSL_ALGORITHM signatures[] = {
+const OSSL_ALGORITHM tpm2_signatures[] = {
{ "RSA", "provider=tpm2", signature_fns },
{ "EC", "provider=tpm2", signature_fns },
{ NULL, NULL, NULL }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openssl_tpm2_engine-4.4.1/src/provider/store.c
new/openssl_tpm2_engine-4.4.2/src/provider/store.c
--- old/openssl_tpm2_engine-4.4.1/src/provider/store.c 2024-11-05
15:15:24.000000000 +0100
+++ new/openssl_tpm2_engine-4.4.2/src/provider/store.c 2025-02-28
16:04:33.000000000 +0100
@@ -179,7 +179,7 @@
* the scheme can be modified by a config file parameter, so set it NULL here
* and then set it after we collect the parameters in OSSL_provider_init()
*/
-OSSL_ALGORITHM stores[] = {
+OSSL_ALGORITHM tpm2_stores[] = {
{ NULL, "provider=tpm2", store_fns },
{ NULL, NULL, NULL }
};
