Hello community, here is the log from the commit of package tpm-tools for openSUSE:Factory checked in at 2017-11-11 14:21:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm-tools (Old) and /work/SRC/openSUSE:Factory/.tpm-tools.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm-tools" Sat Nov 11 14:21:26 2017 rev:32 rq:540420 version:1.3.9.1 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm-tools/tpm-tools.changes 2017-03-03 17:45:55.949280316 +0100 +++ /work/SRC/openSUSE:Factory/.tpm-tools.new/tpm-tools.changes 2017-11-11 14:22:51.344054210 +0100 @@ -1,0 +2,10 @@ +Thu Nov 9 17:14:32 UTC 2017 - [email protected] + +- 0001-Fix-build-against-OpenSSL-1.1.0.patch: fix openssl 1.1.0 build in the + P11 code. Upstream has not reacted to a pull request to fix this for some + months now. This is my own patch (that doesn't violate C89 declaration rules + and is backward compatible to openssl. 1.0.x)). + + For comparison see: https://sourceforge.net/p/trousers/tpm-tools/merge-requests/2/ + +------------------------------------------------------------------- New: ---- 0001-Fix-build-against-OpenSSL-1.1.0.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm-tools.spec ++++++ --- /var/tmp/diff_new_pack.D8xeJI/_old 2017-11-11 14:22:52.032028998 +0100 +++ /var/tmp/diff_new_pack.D8xeJI/_new 2017-11-11 14:22:52.036028852 +0100 @@ -32,6 +32,9 @@ BuildRequires: openssl-devel BuildRequires: trousers-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build +# upstream has already got a pull request for this problem but didn't react +# for some months... so this is my own patch to tackle the problem +Patch0: 0001-Fix-build-against-OpenSSL-1.1.0.patch %description Trusted Computing is a set of specifications published by the Trusted @@ -90,6 +93,7 @@ %prep %setup -q -c %{name}-%{version} +%patch0 -p1 %build autoreconf -fiv ++++++ 0001-Fix-build-against-OpenSSL-1.1.0.patch ++++++ >From e6ef35d6a7dd4ab3d755c9cde5a5f589146af9e7 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner <[email protected]> Date: Thu, 9 Nov 2017 17:53:30 +0100 Subject: [PATCH] Fix build against OpenSSL 1.1.0 when P11 support is enabled --- src/data_mgmt/data_import.c | 154 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 133 insertions(+), 21 deletions(-) diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c index f534717..0ba4162 100644 --- a/src/data_mgmt/data_import.c +++ b/src/data_mgmt/data_import.c @@ -39,6 +39,9 @@ #include <openssl/evp.h> #include <openssl/err.h> +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL +# define USE_OPENSSL_110_API +#endif /* * Global variables @@ -58,6 +61,104 @@ CK_ULONG g_ulIdLen = 0; CK_BYTE *g_pchName = NULL; // LABEL attribute value CK_ULONG g_ulNameLen = 0; +static const BIGNUM* +getRSAModulus( RSA *a_pRsa ) { +#ifdef USE_OPENSSL_110_API + const BIGNUM *ret; + RSA_get0_key(a_pRsa, &ret, NULL, NULL); + return ret; +#else + return a_pRsa->n; +#endif +} + +static const BIGNUM* +getRSAPublicExponent( RSA *a_pRsa ) { +#ifdef USE_OPENSSL_110_API + const BIGNUM *ret = NULL; + RSA_get0_key(a_pRsa, NULL, &ret, NULL); + return ret; +#else + return a_pRsa->e; +#endif +} + +static const BIGNUM* +getRSAPrivateExponent( RSA *a_pRsa ) { +#ifdef USE_OPENSSL_110_API + const BIGNUM *ret = NULL; + RSA_get0_key(a_pRsa, NULL, NULL, &ret); + return ret; +#else + return a_pRsa->d; +#endif +} + +static const BIGNUM* +getRSAFactorP( RSA *a_pRsa ) { +#ifdef USE_OPENSSL_110_API + const BIGNUM *ret = NULL; + RSA_get0_factors(a_pRsa, &ret, NULL); + return ret; +#else + return a_pRsa->p; +#endif +} + +static const BIGNUM* +getRSAFactorQ( RSA *a_pRsa ) { +#ifdef USE_OPENSSL_110_API + const BIGNUM *ret = NULL; + RSA_get0_factors(a_pRsa, NULL, &ret); + return ret; +#else + return a_pRsa->q; +#endif +} + +static const BIGNUM* +getRSACrtParamDmp1( RSA *a_pRsa ) { +#ifdef USE_OPENSSL_110_API + const BIGNUM *ret = NULL; + RSA_get0_crt_params(a_pRsa, &ret, NULL, NULL); + return ret; +#else + return a_pRsa->dmp1; +#endif +} + +static const BIGNUM* +getRSACrtParamDmq1( RSA *a_pRsa ) { +#ifdef USE_OPENSSL_110_API + const BIGNUM *ret = NULL; + RSA_get0_crt_params(a_pRsa, NULL, &ret, NULL); + return ret; +#else + return a_pRsa->dmq1; +#endif +} + +static const BIGNUM* +getRSACrtParamIqmp( RSA *a_pRsa ) { +#ifdef USE_OPENSSL_110_API + const BIGNUM *ret = NULL; + RSA_get0_crt_params(a_pRsa, NULL, NULL, &ret); + return ret; +#else + return a_pRsa->iqmp; +#endif +} + +static int +getEVPKeyType( EVP_PKEY *a_pKey ) { +#ifdef USE_OPENSSL_110_API + return EVP_PKEY_base_id( a_pKey ); +#else + return EVP_PKEY_type( a_pKey->type ); +#endif +} + + /* * parseCallback * Process the command specific options. @@ -372,7 +473,7 @@ readX509Cert( const char *a_pszFile, goto out; } - if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) { + if ( getEVPKeyType(pKey) != EVP_PKEY_RSA ) { logError( TOKEN_RSA_KEY_ERROR ); X509_free( pX509 ); @@ -690,9 +791,11 @@ createRsaPubKeyObject( RSA *a_pRsa, CK_OBJECT_HANDLE *a_hObject ) { int rc = -1; + const BIGNUM *bn_n = getRSAModulus(a_pRsa); + const BIGNUM *bn_e = getRSAPublicExponent(a_pRsa); - int nLen = BN_num_bytes( a_pRsa->n ); - int eLen = BN_num_bytes( a_pRsa->e ); + int nLen = BN_num_bytes( bn_n ); + int eLen = BN_num_bytes( bn_e ); CK_RV rv; @@ -732,8 +835,8 @@ createRsaPubKeyObject( RSA *a_pRsa, } // Get binary representations of the RSA key information - BN_bn2bin( a_pRsa->n, n ); - BN_bn2bin( a_pRsa->e, e ); + BN_bn2bin( bn_n, n ); + BN_bn2bin( bn_e, e ); // Create the RSA public key object rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); @@ -760,14 +863,23 @@ createRsaPrivKeyObject( RSA *a_pRsa, int rc = -1; - int nLen = BN_num_bytes( a_pRsa->n ); - int eLen = BN_num_bytes( a_pRsa->e ); - int dLen = BN_num_bytes( a_pRsa->d ); - int pLen = BN_num_bytes( a_pRsa->p ); - int qLen = BN_num_bytes( a_pRsa->q ); - int dmp1Len = BN_num_bytes( a_pRsa->dmp1 ); - int dmq1Len = BN_num_bytes( a_pRsa->dmq1 ); - int iqmpLen = BN_num_bytes( a_pRsa->iqmp ); + const BIGNUM *bn_n = getRSAModulus(a_pRsa); + const BIGNUM *bn_e = getRSAPublicExponent(a_pRsa); + const BIGNUM *bn_d = getRSAPrivateExponent(a_pRsa); + const BIGNUM *bn_p = getRSAFactorP(a_pRsa); + const BIGNUM *bn_q = getRSAFactorQ(a_pRsa); + const BIGNUM *bn_dmp1 = getRSACrtParamDmp1(a_pRsa); + const BIGNUM *bn_dmq1 = getRSACrtParamDmq1(a_pRsa); + const BIGNUM *bn_iqmp = getRSACrtParamIqmp(a_pRsa); + + int nLen = BN_num_bytes( bn_n ); + int eLen = BN_num_bytes( bn_e ); + int dLen = BN_num_bytes( bn_d ); + int pLen = BN_num_bytes( bn_p ); + int qLen = BN_num_bytes( bn_q ); + int dmp1Len = BN_num_bytes( bn_dmp1 ); + int dmq1Len = BN_num_bytes( bn_dmq1 ); + int iqmpLen = BN_num_bytes( bn_iqmp ); CK_RV rv; @@ -821,14 +933,14 @@ createRsaPrivKeyObject( RSA *a_pRsa, } // Get binary representations of the RSA key information - BN_bn2bin( a_pRsa->n, n ); - BN_bn2bin( a_pRsa->e, e ); - BN_bn2bin( a_pRsa->d, d ); - BN_bn2bin( a_pRsa->p, p ); - BN_bn2bin( a_pRsa->q, q ); - BN_bn2bin( a_pRsa->dmp1, dmp1 ); - BN_bn2bin( a_pRsa->dmq1, dmq1 ); - BN_bn2bin( a_pRsa->iqmp, iqmp ); + BN_bn2bin( bn_n, n ); + BN_bn2bin( bn_e, e ); + BN_bn2bin( bn_d, d ); + BN_bn2bin( bn_p, p ); + BN_bn2bin( bn_q, q ); + BN_bn2bin( bn_dmp1, dmp1 ); + BN_bn2bin( bn_dmq1, dmq1 ); + BN_bn2bin( bn_iqmp, iqmp ); // Create the RSA private key object rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); -- 2.13.6
