Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openssl_tpm2_engine for
openSUSE:Factory checked in at 2023-07-06 18:29:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl_tpm2_engine (Old)
and /work/SRC/openSUSE:Factory/.openssl_tpm2_engine.new.23466 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl_tpm2_engine"
Thu Jul 6 18:29:06 2023 rev:13 rq:1097006 version:4.0.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl_tpm2_engine/openssl_tpm2_engine.changes
2023-03-29 23:28:26.559855431 +0200
+++
/work/SRC/openSUSE:Factory/.openssl_tpm2_engine.new.23466/openssl_tpm2_engine.changes
2023-07-06 18:29:18.243376232 +0200
@@ -1,0 +2,10 @@
+Wed Jul 5 19:40:20 UTC 2023 - [email protected]
+
+- Update to version 4.0.1
+ * Fixes for intel-tss and openssl < 3
+ * Fix support for the non-reference swtpm (although you should use the
+ reference implementation for testing)
+ * Doc updates to the draft RFC to make it ready for ietf submission
+ * Fix openssl BOOLEAN issues
+
+-------------------------------------------------------------------
Old:
----
openssl_tpm2_engine-4.0.0.tar.gz
New:
----
openssl_tpm2_engine-4.0.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl_tpm2_engine.spec ++++++
--- /var/tmp/diff_new_pack.Fx3uGj/_old 2023-07-06 18:29:19.311382604 +0200
+++ /var/tmp/diff_new_pack.Fx3uGj/_new 2023-07-06 18:29:19.319382652 +0200
@@ -18,7 +18,7 @@
Name: openssl_tpm2_engine
-Version: 4.0.0
+Version: 4.0.1
Release: 0
Summary: OpenSSL TPM 2.0 interface engine plugin
License: LGPL-2.1-only
++++++ openssl_tpm2_engine-4.0.0.tar.gz -> openssl_tpm2_engine-4.0.1.tar.gz
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openssl_tpm2_engine-4.0.0/configure.ac
new/openssl_tpm2_engine-4.0.1/configure.ac
--- old/openssl_tpm2_engine-4.0.0/configure.ac 2023-03-29 15:05:46.000000000
+0200
+++ new/openssl_tpm2_engine-4.0.1/configure.ac 2023-07-05 21:32:10.000000000
+0200
@@ -2,7 +2,7 @@
# configure.in for the OpenSSL TPM engine project
#
-AC_INIT(openssl-tpm2-engine, 4.0.0, <[email protected]>)
+AC_INIT(openssl-tpm2-engine, 4.0.1, <[email protected]>)
AM_INIT_AUTOMAKE([foreign 1.6.3])
AC_CANONICAL_HOST
AM_CONDITIONAL(NATIVE_BUILD, test "x$cross_compiling" = "xno")
@@ -154,11 +154,11 @@
TSSTYPE=$tsslibs
AC_SUBST(TSSTYPE)
-if test -x "${SWTPM}" -a -x "${SWTPM_IOCTL}"; then
+if test -x "${TPMSERVER}"; then
+ testtpm=tpm_server
+elif test -x "${SWTPM}" -a -x "${SWTPM_IOCTL}"; then
testtpm=swtpm
unset TPMSERVER
-elif test -x "${TPMSERVER}"; then
- testtpm=tpm_server
else
testtpm=
fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openssl_tpm2_engine-4.0.0/doc/draft-bottomley-tpm2-keys.xml
new/openssl_tpm2_engine-4.0.1/doc/draft-bottomley-tpm2-keys.xml
--- old/openssl_tpm2_engine-4.0.0/doc/draft-bottomley-tpm2-keys.xml
2023-03-29 15:05:46.000000000 +0200
+++ new/openssl_tpm2_engine-4.0.1/doc/draft-bottomley-tpm2-keys.xml
2023-07-05 21:32:10.000000000 +0200
@@ -23,7 +23,7 @@
<email>[email protected]</email>
</address>
</author>
- <date month="March" year="2023"/>
+ <date month="June" year="2023"/>
<area>Security</area>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
@@ -101,18 +101,18 @@
specifications, which is why the TPMkey is not versioned.
</t>
<section anchor="tpmkey" title="TPMkey Syntax">
- <figure><artwork>
+ <sourcecode type="asn.1">
TPMKey ::= SEQUENCE {
- type OBJECT IDENTIFIER
- emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL
- policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL
- secret [2] EXPLICIT OCTET STRING OPTIONAL
- authPolicy [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL
- parent INTEGER
- pubkey OCTET STRING
+ type OBJECT IDENTIFIER,
+ emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL,
+ policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL,
+ secret [2] EXPLICIT OCTET STRING OPTIONAL,
+ authPolicy [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL,
+ parent INTEGER,
+ pubkey OCTET STRING,
privkey OCTET STRING
}
- </artwork></figure>
+ </sourcecode>
<t>
The fields of type TPMKey have the following meanings:
</t>
@@ -127,25 +127,25 @@
extracted with TPM2_Unseal). The TCG has reserved the
following OID prefix for this:
</t>
- <figure><artwork>
+ <sourcecode type="asn.1">
id-tpmkey OBJECT IDENTIFIER ::=
{joint-iso-itu-t(2) international-organizations(23) 133 10 1}
- </artwork></figure>
+ </sourcecode>
<t>
And the three key types are:
</t>
- <figure><artwork>
+ <sourcecode type="asn.1">
id-loadablekey OBJECT IDENTIFIER ::=
{id-tpmkey 3}
- </artwork></figure>
- <figure><artwork>
+ </sourcecode>
+ <sourcecode type="asn.1">
id-importablekey OBJECT IDENTIFIER ::=
{id-tpmkey 4}
- </artwork></figure>
- <figure><artwork>
+ </sourcecode>
+ <sourcecode type="asn.1">
id-sealedkey OBJECT IDENTIFIER ::=
{id-tpmkey 5}
- </artwork></figure>
+ </sourcecode>
</section>
<section title="emptyAuth">
<t>
@@ -192,7 +192,7 @@
This SHOULD be present if the TPMkey policy contains a
TPM2_PolicyAuthorize statement because it contains signed
policies that could be used to satisfy the TPM key policy.
- The forms of the auth{olicy statement are described in
+ The forms of the authPolicy statement are described in
<xref target="signed-policy"/>. If the TPM key
has no policy hash then this MUST NOT be present.
</t>
@@ -210,9 +210,11 @@
<t>
If a permanent handle (MSO 0x40) is specified then the
implementation MUST run TPM2_CreatePrimary on the handle
- using the TCG specified Elliptic Curve template for the
- NIST P-256 curve and use the primary key so generated as
- the parent.
+ using the TCG specified Elliptic Curve template <xref
+ target="TCG-Provision"/> (section 7.5.1 for the Storage
+ and other seeds or 7.4.1 for the endorsement seed) for
+ the NIST P-256 curve and use the primary key so generated
+ as the parent.
</t>
</section>
<section title="pubkey">
@@ -255,12 +257,12 @@
supported by this standard (such as TPM2_PolicyAuthorize).
</t>
<section anchor="TPMPolicy" title="TPMPolicy Syntax">
- <figure><artwork>
+ <sourcecode type="asn.1">
TPMPolicy ::= SEQUENCE {
- CommandCode [0] EXPLICIT INTEGER
- CommandPolicy [1] EXPLICIT OCTET STRING
+ commandCode [0] EXPLICIT INTEGER,
+ commandPolicy [1] EXPLICIT OCTET STRING
}
- </artwork></figure>
+ </sourcecode>
<t>
The Fields of type TPMPolicy have the following meanings:
</t>
@@ -392,12 +394,12 @@
policies.
</t>
<section title="TPMAuthPolicy Syntax">
- <figure><artwork>
+ <sourcecode type="asn.1">
TPMAuthPolicy ::= SEQUENCE {
- Name [0] EXPLICIT UTF8STRING OPTIONAL
- Policy [1] EXPLICIT SEQUENCE OF TPMPolicy
+ name [0] EXPLICIT UTF8String OPTIONAL,
+ policy [1] EXPLICIT SEQUENCE OF TPMPolicy
}
- </artwork></figure>
+ </sourcecode>
<t>
The Fields of type TPMAuthPolicy have the following meanings:
</t>
@@ -626,7 +628,6 @@
implementation.
</t>
</section>
-
</middle>
<back>
<references title="Normative References">
@@ -650,6 +651,15 @@
<date year="2015" month="August"/>
</front>
</reference>
+ <reference anchor="TCG-Provision"
target="https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/";>
+ <front>
+ <title>TCG TPM v2.0 Provisioning Guidance</title>
+ <author>
+ <organization>Trusted Computing Group</organization>
+ </author>
+ <date year="2017" month="March" day="15"/>
+ </front>
+ </reference>
</references>
<references title="Informative References">
<reference anchor="TPM GENIE"
target="https://www.nccgroup.com/globalassets/about-us/us/documents/tpm-genie.pdf";>
@@ -669,5 +679,55 @@
</front>
</reference>
</references>
+ <section anchor="asn1-module" title="ASN.1 Module">
+ <sourcecode type="asn.1">
+ TPM-Key-Module
+
+ DEFINITIONS IMPLICIT TAGS ::=
+ BEGIN
+
+ --
+ -- Should import this but TCG hasn't yet published it or .10
+ --
+ id-tpmkey OBJECT IDENTIFIER ::=
+ {joint-iso-itu-t(2) international-organizations(23) 133 10 1}
+
+ --
+ -- OIDs defined by this RFC
+ --
+ id-loadablekey OBJECT IDENTIFIER ::= {id-tpmkey 3}
+ id-importablekey OBJECT IDENTIFIER ::= {id-tpmkey 4}
+ id-sealedkey OBJECT IDENTIFIER ::= {id-tpmkey 5}
+
+ TPMPolicy ::= SEQUENCE {
+ commandCode [0] EXPLICIT INTEGER,
+ commandPolicy [1] EXPLICIT OCTET STRING
+ }
+
+ TPMAuthPolicy ::= SEQUENCE {
+ name [0] EXPLICIT UTF8String OPTIONAL,
+ policy [1] EXPLICIT SEQUENCE OF TPMPolicy
+ }
+
+ TPMKeyType ::= OBJECT IDENTIFIER (
+ id-loadablekey |
+ id-importablekey |
+ id-sealedkey
+ )
+
+ TPMKey ::= SEQUENCE {
+ type TPMKeyType,
+ emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL,
+ policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL,
+ secret [2] EXPLICIT OCTET STRING OPTIONAL,
+ authPolicy [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL,
+ parent INTEGER,
+ pubkey OCTET STRING,
+ privkey OCTET STRING
+ }
+
+ END
+ </sourcecode>
+ </section>
</back>
</rfc>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openssl_tpm2_engine-4.0.0/src/include/intel-tss.h
new/openssl_tpm2_engine-4.0.1/src/include/intel-tss.h
--- old/openssl_tpm2_engine-4.0.0/src/include/intel-tss.h 2023-03-29
15:05:46.000000000 +0200
+++ new/openssl_tpm2_engine-4.0.1/src/include/intel-tss.h 2023-07-05
21:32:10.000000000 +0200
@@ -276,7 +276,12 @@
*/
if (intType) {
if (strcmp("socsim", intType) == 0) {
- tctildr = "mssim";
+ char *swtpm = getenv("SWTPM");
+
+ if (!swtpm || strlen(swtpm) == 0)
+ tctildr = "mssim";
+ else
+ tctildr = "swtpm";
} else if (strcmp("dev", intType) == 0) {
tctildr = "device";
} else {
@@ -393,7 +398,7 @@
const EVP_MD *md; /* message digest method */
#if OPENSSL_VERSION_NUMBER < 0x10100000
HMAC_CTX ctx;
-#elsif OPENSSL_VERSION < 0x30000000
+#elif OPENSSL_VERSION_NUMBER < 0x30000000
HMAC_CTX *ctx;
#else
EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
@@ -412,7 +417,7 @@
#if OPENSSL_VERSION_NUMBER < 0x10100000
HMAC_CTX_init(&ctx);
-#elsif OPENSSL_VERSION < 0x30000000
+#elif OPENSSL_VERSION_NUMBER < 0x30000000
ctx = HMAC_CTX_new();
#else
ctx = EVP_MAC_CTX_new(mac);
@@ -426,7 +431,7 @@
hmacKey->buffer, hmacKey->size, /* HMAC key */
md, /* message
digest method */
NULL);
-#elsif OPENSSL_VERSION < 0x30000000
+#elif OPENSSL_VERSION_NUMBER < 0x30000000
rc = HMAC_Init_ex(ctx,
hmacKey->buffer, hmacKey->size, /* HMAC key */
md, /* message
digest method */
@@ -452,7 +457,7 @@
}
#if OPENSSL_VERSION_NUMBER < 0x10100000
rc = HMAC_Update(&ctx, buffer, length);
-#elsif OPENSSL_VERSION < 0x30000000
+#elif OPENSSL_VERSION_NUMBER < 0x30000000
rc = HMAC_Update(ctx, buffer, length);
#else
rc = EVP_MAC_update(ctx, buffer, length);
@@ -466,7 +471,7 @@
#if OPENSSL_VERSION_NUMBER < 0x10100000
rc = HMAC_Final(&ctx, (uint8_t *)&digest->digest, NULL);
-#elsif OPENSSL_VERSION < 0x30000000
+#elif OPENSSL_VERSION_NUMBER < 0x30000000
rc = HMAC_Final(ctx, (uint8_t *)&digest->digest, NULL);
#else
rc = EVP_MAC_final(ctx, (uint8_t *)&digest->digest, NULL,
TSS_GetDigestSize(digest->hashAlg));
@@ -479,7 +484,7 @@
out_free:
#if OPENSSL_VERSION_NUMBER < 0x10100000
HMAC_CTX_cleanup(&ctx);
-#elsif OPENSSL_VERSION < 0x30000000
+#elif OPENSSL_VERSION_NUMBER < 0x30000000
HMAC_CTX_free(ctx);
#else
EVP_MAC_CTX_free(ctx);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openssl_tpm2_engine-4.0.0/src/libcommon/tpm2-common.c
new/openssl_tpm2_engine-4.0.1/src/libcommon/tpm2-common.c
--- old/openssl_tpm2_engine-4.0.0/src/libcommon/tpm2-common.c 2023-03-29
15:05:46.000000000 +0200
+++ new/openssl_tpm2_engine-4.0.1/src/libcommon/tpm2-common.c 2023-07-05
21:32:10.000000000 +0200
@@ -70,116 +70,6 @@
* openssl support (this excludes BN P256)
*/
struct tpm2_ECC_Curves tpm2_supported_curves[] = {
- { .name = "prime192v1",
- .nid = NID_X9_62_prime192v1,
- .curve = TPM_ECC_NIST_P192,
- /* p */
- .C[0].s = 24,
- .C[0].b = (BYTE [])
- {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- },
- /* a */
- .C[1].s = 24,
- .C[1].b = (BYTE [])
- {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
- },
- /* b */
- .C[2].s = 24,
- .C[2].b = (BYTE [])
- {
- 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7,
- 0x0F, 0xA7, 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49,
- 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1,
- },
- /* gX */
- .C[3].s = 24,
- .C[3].b = (BYTE [])
- {
- 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6,
- 0x7C, 0xBF, 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00,
- 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12,
- },
- /* gY */
- .C[4].s = 24,
- .C[4].b = (BYTE [])
- {
- 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78,
- 0x63, 0x10, 0x11, 0xed, 0x6b, 0x24, 0xcd, 0xd5,
- 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11,
- },
- /* order */
- .C[5].s = 24,
- .C[5].b = (BYTE [])
- {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36,
- 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31,
- },
- },
- { .name = "secp224r1",
- .nid = NID_secp224r1,
- .curve = TPM_ECC_NIST_P224,
- /* p */
- .C[0].s = 28,
- .C[0].b = (BYTE [])
- {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01,
- },
- /* a */
- .C[1].s = 28,
- .C[1].b = (BYTE [])
- {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFE,
- },
- /* b */
- .C[2].s = 28,
- .C[2].b = (BYTE [])
- {
- 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB,
- 0xF5, 0x41, 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7,
- 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
- 0x23, 0x55, 0xFF, 0xB4,
- },
- /* gX */
- .C[3].s = 28,
- .C[3].b = (BYTE [])
- {
- 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F,
- 0x32, 0x13, 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3,
- 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
- 0x11, 0x5C, 0x1D, 0x21,
- },
- /* gY */
- .C[4].s = 28,
- .C[4].b = (BYTE [])
- {
- 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb,
- 0x4c, 0x22, 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0,
- 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
- 0x85, 0x00, 0x7e, 0x34,
- },
- /* order */
- .C[5].s = 28,
- .C[5].b = (BYTE [])
- {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2,
- 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
- 0x5C, 0x5C, 0x2A, 0x3D
- },
- },
{ .name = "prime256v1",
.nid = NID_X9_62_prime256v1,
.curve = TPM_ECC_NIST_P256,
@@ -2285,7 +2175,8 @@
}
if (version == 0) {
k.tssl.type = OBJ_txt2obj(OID_OldloadableKey, 1);
- k.tssl.emptyAuth = empty_auth;
+ /* standard requires true or not present */
+ k.tssl.emptyAuth = empty_auth ? 0xff : -1;
k.tssl.parent = ASN1_INTEGER_new();
ASN1_INTEGER_set(k.tssl.parent, parent);
@@ -2311,7 +2202,8 @@
secret->size);
}
- k.tpk.emptyAuth = empty_auth;
+ /* standard requires true or not present */
+ k.tpk.emptyAuth = empty_auth ? 0xff : -1;
k.tpk.parent = ASN1_INTEGER_new();
ASN1_INTEGER_set(k.tpk.parent, parent);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openssl_tpm2_engine-4.0.0/src/tools/create_tpm2_key.c
new/openssl_tpm2_engine-4.0.1/src/tools/create_tpm2_key.c
--- old/openssl_tpm2_engine-4.0.0/src/tools/create_tpm2_key.c 2023-03-29
15:05:46.000000000 +0200
+++ new/openssl_tpm2_engine-4.0.1/src/tools/create_tpm2_key.c 2023-07-05
21:32:10.000000000 +0200
@@ -378,7 +378,7 @@
if (name)
printf("%s\n", name);
else
- printf("Curve %d Unsupported\n", c->eccCurves[i]);
+ fprintf(stderr, "Curve %d Unsupported\n",
c->eccCurves[i]);
}
return;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openssl_tpm2_engine-4.0.0/tests/create_nonopenssl_ecc.sh
new/openssl_tpm2_engine-4.0.1/tests/create_nonopenssl_ecc.sh
--- old/openssl_tpm2_engine-4.0.0/tests/create_nonopenssl_ecc.sh
2023-03-29 15:05:46.000000000 +0200
+++ new/openssl_tpm2_engine-4.0.1/tests/create_nonopenssl_ecc.sh
2023-07-05 21:32:10.000000000 +0200
@@ -1,5 +1,10 @@
#!/bin/bash
+# swtpm doesn't have a correct implementation of the Barreto-Naehrig curves
+# which are the only openssl unparametrised ones, so skip the test
+if [ -x "${SWTPM}" ]; then
+ exit 77;
+fi
##
# test is
