Hello community,
here is the log from the commit of package openssl_tpm_engine for
openSUSE:Factory checked in at 2017-12-06 09:00:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl_tpm_engine (Old)
and /work/SRC/openSUSE:Factory/.openssl_tpm_engine.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl_tpm_engine"
Wed Dec 6 09:00:13 2017 rev:19 rq:548608 version:0.4.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl_tpm_engine/openssl_tpm_engine.changes
2015-05-10 10:47:03.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.openssl_tpm_engine.new/openssl_tpm_engine.changes
2017-12-06 09:00:18.309216307 +0100
@@ -1,0 +2,20 @@
+Mon Dec 4 18:03:54 UTC 2017 - [email protected]
+
+- Adjustment to OpenSSL 1.1. I've developed these patches myself, since
+ upstream doesn't have anything yet (and it doesn't look like they will
+ soon). I'll offer it to upstream by way of a pull request soon.
+
+ By way of these patches the spec file becomes a little bit simpler. The
+ enginesdir should be recognized dynamically by the autotools setup via
+ pkg-config now. Code and spec should still be able to build against OpenSSL
+ 1.0 as well.
+
+ 0000-openssl-1.1-compatibility-preparation-remove-unneede.patch
+ 0001-openssl-1.1-compatibility-preparation-fix-warnings-a.patch
+ 0002-Explicitly-link-create_tpm_key-against-libcrypto.patch
+ 0003-OpenSSL-1.1-compatibility.patch
+ 0004-automake-add-linker-flags-to-explicitly-build-a-plug.patch
+ 0005-autotools-choose-engine-plugin-name-based-on-OpenSSL.patch
+ 0006-autotools-make-engine-plugin-installation-dir-config.patch
+
+-------------------------------------------------------------------
New:
----
0000-openssl-1.1-compatibility-preparation-remove-unneede.patch
0001-openssl-1.1-compatibility-preparation-fix-warnings-a.patch
0002-Explicitly-link-create_tpm_key-against-libcrypto.patch
0003-OpenSSL-1.1-compatibility.patch
0004-automake-add-linker-flags-to-explicitly-build-a-plug.patch
0005-autotools-choose-engine-plugin-name-based-on-OpenSSL.patch
0006-autotools-make-engine-plugin-installation-dir-config.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl_tpm_engine.spec ++++++
--- /var/tmp/diff_new_pack.M9I5r3/_old 2017-12-06 09:00:20.001154377 +0100
+++ /var/tmp/diff_new_pack.M9I5r3/_new 2017-12-06 09:00:20.001154377 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openssl_tpm_engine
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,11 +25,19 @@
Release: 0
Source0:
https://downloads.sourceforge.net/project/trousers/OpenSSL%20TPM%20Engine/%{version}/%{name}-%{version}.tar.gz
Patch0: openssl_tpm_engine-somodule.patch
+Patch1: 0000-openssl-1.1-compatibility-preparation-remove-unneede.patch
+Patch2: 0001-openssl-1.1-compatibility-preparation-fix-warnings-a.patch
+Patch3: 0002-Explicitly-link-create_tpm_key-against-libcrypto.patch
+Patch4: 0003-OpenSSL-1.1-compatibility.patch
+Patch5: 0004-automake-add-linker-flags-to-explicitly-build-a-plug.patch
+Patch6: 0005-autotools-choose-engine-plugin-name-based-on-OpenSSL.patch
+Patch7: 0006-autotools-make-engine-plugin-installation-dir-config.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: automake
BuildRequires: libopenssl-devel
BuildRequires: libtool
BuildRequires: trousers-devel
+%define enginesdir %(pkg-config libcrypto --variable=enginesdir)
%description
This package contains a plugin a for OpenSSL which connects it with the
@@ -39,6 +47,13 @@
%prep
%setup -q
%patch0 -p0
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
%build
mkdir m4
@@ -51,7 +66,7 @@
%install
make install DESTDIR=$RPM_BUILD_ROOT
-rm $RPM_BUILD_ROOT/%{_lib}/engines/libtpm.la
+rm $RPM_BUILD_ROOT/%{enginesdir}/tpm.la
%clean
rm -rf $RPM_BUILD_ROOT
@@ -60,7 +75,7 @@
%defattr(-, root, root)
%doc LICENSE README openssl.cnf.sample
%{_bindir}/create_tpm_key
-%dir /%{_lib}/engines
-/%{_lib}/engines/libtpm.so
+%dir %{enginesdir}
+%{enginesdir}/tpm.so
%changelog
++++++ 0000-openssl-1.1-compatibility-preparation-remove-unneede.patch ++++++
>From 592ecaa916bec4764c74fd378803252f13d0ec61 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <[email protected]>
Date: Thu, 30 Nov 2017 12:58:39 +0100
Subject: [PATCH] openssl 1.1 compatibility preparation: remove unneeded
setting of rsa->e
The fixed exponent is later set in fill_out_rsa_object. This piece of code is
thus useless.
---
e_tpm.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/e_tpm.c b/e_tpm.c
index f3e8bcf..924a4e0 100644
--- a/e_tpm.c
+++ b/e_tpm.c
@@ -1137,13 +1137,6 @@ static int tpm_rsa_keygen(RSA *rsa, int bits, BIGNUM *e,
BN_GENCB *cb)
return 0;
}
- /* set e in the RSA object as done in the built-in openssl function */
- if (!rsa->e && ((rsa->e = BN_new()) == NULL)) {
- TSSerr(TPM_F_TPM_RSA_KEYGEN, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- BN_copy(rsa->e, e);
-
switch (bits) {
case 512:
initFlags |= TSS_KEY_SIZE_512;
--
2.13.6
++++++ 0001-openssl-1.1-compatibility-preparation-fix-warnings-a.patch ++++++
>From 3d8e897df7bfb2766a3ac7b8c7e36144fa23583b Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <[email protected]>
Date: Thu, 30 Nov 2017 13:07:59 +0100
Subject: [PATCH] openssl 1.1 compatibility preparation: fix warnings about
losing const qualifier
---
e_tpm.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/e_tpm.c b/e_tpm.c
index 924a4e0..0ebf636 100644
--- a/e_tpm.c
+++ b/e_tpm.c
@@ -908,7 +908,7 @@ static int tpm_rsa_priv_dec(int flen,
if ((result = Tspi_SetAttribData(app_data->hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
- in_len, from))) {
+ in_len, (BYTE*)from))) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
@@ -1010,7 +1010,7 @@ static int tpm_rsa_pub_enc(int flen,
app_data->hEncData, in_len);
if ((result = Tspi_Data_Bind(app_data->hEncData, app_data->hKey,
- in_len, from))) {
+ in_len, (BYTE*)from))) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED);
DBG("result = 0x%x (%s)", result,
Trspi_Error_String(result));
@@ -1094,7 +1094,8 @@ static int tpm_rsa_priv_enc(int flen,
return 0;
}
- if ((result = Tspi_Hash_SetHashValue(app_data->hHash, flen, from))) {
+ if ((result = Tspi_Hash_SetHashValue(
+ app_data->hHash, flen, (BYTE*)from))) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED);
return 0;
}
@@ -1263,7 +1264,8 @@ static void tpm_rand_seed(const void *buf, int num)
/* There's a hard maximum of 255 bytes allowed to be sent to the TPM on
a TPM_StirRandom
* call. Use all the bytes in buf, but break them in to 255 or
smaller byte chunks */
while (num - total_stirred > 255) {
- if ((result = Tspi_TPM_StirRandom(hTPM, 255, buf +
total_stirred))) {
+ if ((result = Tspi_TPM_StirRandom(hTPM, 255,
+ ((BYTE*)buf) + total_stirred)))
{
TSSerr(TPM_F_TPM_RAND_SEED, TPM_R_REQUEST_FAILED);
return;
}
@@ -1271,7 +1273,8 @@ static void tpm_rand_seed(const void *buf, int num)
total_stirred += 255;
}
- if ((result = Tspi_TPM_StirRandom(hTPM, num - total_stirred, buf +
total_stirred))) {
+ if ((result = Tspi_TPM_StirRandom(hTPM, num - total_stirred,
+ ((BYTE*)buf) + total_stirred))) {
TSSerr(TPM_F_TPM_RAND_SEED, TPM_R_REQUEST_FAILED);
}
--
2.13.6
++++++ 0002-Explicitly-link-create_tpm_key-against-libcrypto.patch ++++++
>From e2b6c1e0a107fd0b3c2eaff30961eae5bbe9797e Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <[email protected]>
Date: Thu, 30 Nov 2017 13:48:16 +0100
Subject: [PATCH] Explicitly link create_tpm_key against libcrypto
---
Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index 6695656..53bd3e6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -10,4 +10,4 @@ libtpm_la_LIBADD=-lcrypto -lc -ltspi
libtpm_la_SOURCES=e_tpm.c e_tpm.h e_tpm_err.c
create_tpm_key_SOURCES=create_tpm_key.c
-create_tpm_key_LDADD=-ltspi
+create_tpm_key_LDADD=-ltspi -lcrypto
--
2.13.6
++++++ 0003-OpenSSL-1.1-compatibility.patch ++++++
++++ 645 lines (skipped)
++++++ 0004-automake-add-linker-flags-to-explicitly-build-a-plug.patch ++++++
>From 62277287b042e849fc656a81e3412212dcc0cfed Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <[email protected]>
Date: Fri, 1 Dec 2017 17:22:07 +0100
Subject: [PATCH] automake: add linker flags to explicitly build a plugin
instead of a regular library
---
Makefile.am | 1 +
1 file changed, 1 insertion(+)
diff --git a/Makefile.am b/Makefile.am
index 53bd3e6..44a8888 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -8,6 +8,7 @@ openssl_enginedir=@libdir@/openssl/engines
libtpm_la_LIBADD=-lcrypto -lc -ltspi
libtpm_la_SOURCES=e_tpm.c e_tpm.h e_tpm_err.c
+libtpm_la_LDFLAGS=-avoid-version -module -shared -export-dynamic
create_tpm_key_SOURCES=create_tpm_key.c
create_tpm_key_LDADD=-ltspi -lcrypto
--
2.13.6
++++++ 0005-autotools-choose-engine-plugin-name-based-on-OpenSSL.patch ++++++
>From 1e411dced371babfda2dc29cfc86bfc844f23f05 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <[email protected]>
Date: Fri, 1 Dec 2017 17:27:18 +0100
Subject: [PATCH] autotools: choose engine plugin name based on OpenSSL version
In OpenSSL 1.1 engines are no longer prefixed with "lib" and also won't
be found if installed as lib<engine>.so. So this change checks for the
OpenSSL version we're compiling against and conditionally sets up
libtpm.so or just tpm.so.
---
Makefile.am | 27 +++++++++++++++++++++++----
configure.in | 19 +++++++++++++++++++
2 files changed, 42 insertions(+), 4 deletions(-)
Index: openssl_tpm_engine-0.4.2/Makefile.am
===================================================================
--- openssl_tpm_engine-0.4.2.orig/Makefile.am
+++ openssl_tpm_engine-0.4.2/Makefile.am
@@ -2,13 +2,32 @@ SUBDIRS=. test
EXTRA_DIST = README openssl.cnf.sample
-openssl_engine_LTLIBRARIES=libtpm.la
bin_PROGRAMS=create_tpm_key
openssl_enginedir=@libdir@/openssl/engines
-libtpm_la_LIBADD=-lcrypto -lc -ltspi
-libtpm_la_SOURCES=e_tpm.c e_tpm.h e_tpm_err.c
-libtpm_la_LDFLAGS=-avoid-version -module -shared -export-dynamic
+engine_libs=-lcrypto -lc -ltspi
+engine_sources=e_tpm.c e_tpm.h e_tpm_err.c
+engine_ldflags=-avoid-version -module -shared -export-dynamic
+
+# in OpenSSL 1.1 engine modules have been stripped of the lib prefix so we
+# need to adust the library name accordingly.
+#
+# sadly there seems to be no elegant way to change the library name based on a
+# configure check outcome, so we have to explicitly define both variants like
+# this
+if OPENSSL_11
+engine_base=tpm.la
+tpm_la_LIBADD=$(engine_libs)
+tpm_la_LDFLAGS=$(engine_ldflags)
+tpm_la_SOURCES=$(engine_sources)
+else
+engine_base=libtpm.la
+libtpm_la_LIBADD=$(engine_libs)
+libtpm_la_LDFLAGS=$(engine_ldflags)
+libtpm_la_SOURCES=$(engine_sources)
+endif
+
+openssl_engine_LTLIBRARIES=$(engine_base)
create_tpm_key_SOURCES=create_tpm_key.c
create_tpm_key_LDADD=-ltspi -lcrypto
Index: openssl_tpm_engine-0.4.2/configure.in
===================================================================
--- openssl_tpm_engine-0.4.2.orig/configure.in
+++ openssl_tpm_engine-0.4.2/configure.in
@@ -51,6 +51,25 @@ AC_USE_SYSTEM_EXTENSIONS
AC_SYS_LARGEFILE
AC_PROG_LIBTOOL
+AC_MSG_CHECKING([for OpenSSL 1.1])
+AC_TRY_COMPILE(
+ [#include <openssl/opensslv.h>],
+ [
+ #if OPENSSL_VERSION_NUMBER < 0x1010000fL
+ # error "old ssl"
+ #else
+ # warning "new openssl"
+ #endif
+ ],
+ [AC_MSG_RESULT(yes)
+ openssl_11=true
+ ],
+ [AC_MSG_RESULT(no)
+ openssl_11=false
+ ]
+)
+AM_CONDITIONAL([OPENSSL_11], [test x$openssl_11 = xtrue])
+
CFLAGS="$CFLAGS -Wall"
AC_SUBST(CFLAGS)
++++++ 0006-autotools-make-engine-plugin-installation-dir-config.patch ++++++
>From 415c8fea14862a02ae1b6f405327ddbb659c7edc Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <[email protected]>
Date: Mon, 4 Dec 2017 17:54:12 +0100
Subject: [PATCH] autotools: make engine plugin installation pkg-config aware
and configurable
If a pkg-config enginesdir variable can be found, use that as default
engines installation dir. As a fallback use the previously hard coded
path.
Using --with-enginedir=/my/engine/dir the user can now choose the
target installation directory explicitly.
Some distributions like SUSE are placing engine plugins into different
directories for OpenSSL 1.0 and OpenSSL 1.1. This switch makes this
easier and allows packagers to drop custom patches.
---
Makefile.am | 2 +-
configure.in | 11 +++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
Index: openssl_tpm_engine-0.4.2/Makefile.am
===================================================================
--- openssl_tpm_engine-0.4.2.orig/Makefile.am
+++ openssl_tpm_engine-0.4.2/Makefile.am
@@ -3,7 +3,7 @@ SUBDIRS=. test
EXTRA_DIST = README openssl.cnf.sample
bin_PROGRAMS=create_tpm_key
-openssl_enginedir=@libdir@/openssl/engines
+openssl_enginedir=@enginedir@
engine_libs=-lcrypto -lc -ltspi
engine_sources=e_tpm.c e_tpm.h e_tpm_err.c
Index: openssl_tpm_engine-0.4.2/configure.in
===================================================================
--- openssl_tpm_engine-0.4.2.orig/configure.in
+++ openssl_tpm_engine-0.4.2/configure.in
@@ -70,6 +70,17 @@ AC_TRY_COMPILE(
)
AM_CONDITIONAL([OPENSSL_11], [test x$openssl_11 = xtrue])
+PKG_CHECK_MODULES([libcrypto], [libcrypto],
+ [libcrypto_enginesdir=`$PKG_CONFIG --variable=enginesdir
libcrypto`],
+ [libcrypto_enginesdir="\${libdir}/openssl/engines"]
+)
+
+AC_ARG_WITH([enginedir],
+ [AS_HELP_STRING([--with-enginedir=DIR], [engine directory])],
+ [enginedir=$withval],
+ [enginedir="$libcrypto_enginesdir"])
+AC_SUBST([enginedir], [$enginedir])
+
CFLAGS="$CFLAGS -Wall"
AC_SUBST(CFLAGS)
++++++ openssl_tpm_engine-somodule.patch ++++++
--- /var/tmp/diff_new_pack.M9I5r3/_old 2017-12-06 09:00:20.105150570 +0100
+++ /var/tmp/diff_new_pack.M9I5r3/_new 2017-12-06 09:00:20.105150570 +0100
@@ -1,34 +1,3 @@
-Index: Makefile.in
-===================================================================
---- Makefile.in.orig
-+++ Makefile.in
-@@ -299,6 +299,7 @@ openssl_engine_LTLIBRARIES = libtpm.la
- openssl_enginedir = @libdir@/openssl/engines
- libtpm_la_LIBADD = -lcrypto -lc -ltspi
- libtpm_la_SOURCES = e_tpm.c e_tpm.h e_tpm_err.c
-+libtpm_la_LDFLAGS=-avoid-version -module
- create_tpm_key_SOURCES = create_tpm_key.c
- create_tpm_key_LDADD = -ltspi
- all: all-recursive
-Index: Makefile.am
-===================================================================
---- Makefile.am.orig
-+++ Makefile.am
-@@ -4,10 +4,11 @@ EXTRA_DIST = README openssl.cnf.sample
-
- openssl_engine_LTLIBRARIES=libtpm.la
- bin_PROGRAMS=create_tpm_key
--openssl_enginedir=@libdir@/openssl/engines
-+openssl_enginedir=@libdir@/engines
-
--libtpm_la_LIBADD=-lcrypto -lc -ltspi
-+libtpm_la_LDFLAGS= -no-undefined -avoid-version
-+libtpm_la_LIBADD=-lcrypto -ltspi
- libtpm_la_SOURCES=e_tpm.c e_tpm.h e_tpm_err.c
-
- create_tpm_key_SOURCES=create_tpm_key.c
--create_tpm_key_LDADD=-ltspi
-+create_tpm_key_LDADD=-ltspi -lcrypto
Index: configure.in
===================================================================
--- configure.in.orig
