Hello community,
here is the log from the commit of package tpm2-tss-engine for openSUSE:Factory
checked in at 2020-01-09 22:49:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tpm2-tss-engine (Old)
and /work/SRC/openSUSE:Factory/.tpm2-tss-engine.new.6675 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm2-tss-engine"
Thu Jan 9 22:49:48 2020 rev:3 rq:762168 version:1.0.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/tpm2-tss-engine/tpm2-tss-engine.changes
2019-03-10 09:34:52.248183491 +0100
+++
/work/SRC/openSUSE:Factory/.tpm2-tss-engine.new.6675/tpm2-tss-engine.changes
2020-01-09 22:49:51.814687335 +0100
@@ -1,0 +2,29 @@
+Tue Jan 07 10:15:39 UTC 2020 - [email protected]
+
+- Update to stable upstream version v1.0.1:
+ * Release v1.0.1
+ * test: use tpm2-tools 3.X
+ * Tests: Fix for latest tools
+ * Tests: Use long parameters for tpm2-tools
+ * test: migrate tpm2_create option from -A to -b
+ * build: link against tss2-mu
+ * Release v1.0.0
+ * Release v1.0.0-rc3
+ * Docu: Update Install.md
+ * Updates for 1.0.0-rc2
+ * TESTS: Add test for client auth
+ * Bump required version of tpm2-tss to >=2.2.2
+ * Build: Bump required tpm2-tss to 2.2
+ * Update for v1.0.0-rc1
+ * Dead code removal
+- This fixes the build against tpm2-0-tss version >= 2.3 (bsc#1160123)
+
+-------------------------------------------------------------------
+Fri Dec 20 13:19:08 UTC 2019 - [email protected]
+
+- move *.so files into the main package, not -devel. libtpm2tss.so is actually
+ the engine library itself, not a symlink. It's needed to actually use the
+ package. tpm2tss.so is probably a (backwards) compatiblity symlink. Both are
+ not intended for linking and therefore not suitable for the -devel package.
+
+-------------------------------------------------------------------
Old:
----
tpm2-tss-engine-0+git20190222.cef2c43.tar.gz
New:
----
tpm2-tss-engine-1.0.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tpm2-tss-engine.spec ++++++
--- /var/tmp/diff_new_pack.MlaKZP/_old 2020-01-09 22:49:53.206688032 +0100
+++ /var/tmp/diff_new_pack.MlaKZP/_new 2020-01-09 22:49:53.206688032 +0100
@@ -1,7 +1,7 @@
#
# spec file for package tpm2-tss-engine
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
# Find out where that is.
%define _ENGINE_DIR %(pkg-config --variable=enginesdir libcrypto)
Name: tpm2-tss-engine
-Version: 0+git20190222.cef2c43
+Version: 1.0.1
Release: 0
Summary: OpenSSL Engine for TPM2 devices
License: BSD-3-Clause
@@ -94,6 +94,8 @@
%{_mandir}/man3/tpm2tss_rsa_makekey.3%{?ext_man}
%{_mandir}/man3/tpm2tss_tpm2data_read.3%{?ext_man}
%{_mandir}/man3/tpm2tss_tpm2data_write.3%{?ext_man}
+%{_ENGINE_DIR}/libtpm2tss.so
+%{_ENGINE_DIR}/tpm2tss.so
%files bash-completion
%dir %{_datadir}/bash-completion
@@ -102,7 +104,5 @@
%files devel
%{_includedir}/tpm2-tss-engine.h
-%{_ENGINE_DIR}/libtpm2tss.so
-%{_ENGINE_DIR}/tpm2tss.so
%changelog
++++++ _service ++++++
--- /var/tmp/diff_new_pack.MlaKZP/_old 2020-01-09 22:49:53.254688056 +0100
+++ /var/tmp/diff_new_pack.MlaKZP/_new 2020-01-09 22:49:53.258688057 +0100
@@ -4,7 +4,8 @@
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
<param name="filename">tpm2-tss-engine</param>
- <param name="versionformat">0+git%cd.%h</param>
+ <param name="revision">v1.0.1</param>
+ <param name="version">1.0.1</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">*.tar</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.MlaKZP/_old 2020-01-09 22:49:53.290688074 +0100
+++ /var/tmp/diff_new_pack.MlaKZP/_new 2020-01-09 22:49:53.294688076 +0100
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/tpm2-software/tpm2-tss-engine.git</param>
- <param
name="changesrevision">cef2c434a874bcca65c36b03e08445e4cbfc11d4</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">24f1383cc6befde44d6f01a51ea653304d844ffd</param></service></servicedata>
\ No newline at end of file
++++++ tpm2-tss-engine-0+git20190222.cef2c43.tar.gz ->
tpm2-tss-engine-1.0.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tpm2-tss-engine-0+git20190222.cef2c43/.travis.yml
new/tpm2-tss-engine-1.0.1/.travis.yml
--- old/tpm2-tss-engine-0+git20190222.cef2c43/.travis.yml 2019-02-22
10:39:58.000000000 +0100
+++ new/tpm2-tss-engine-1.0.1/.travis.yml 2019-07-25 13:12:48.000000000
+0200
@@ -8,9 +8,8 @@
env:
matrix:
- - OPENSSL_BRANCH=OpenSSL_1_0_2-stable TPM2TSS_BRANCH=2.2.0
- - OPENSSL_BRANCH=OpenSSL_1_1_0-stable TPM2TSS_BRANCH=2.1.0
- - OPENSSL_BRANCH=OpenSSL_1_1_0-stable TPM2TSS_BRANCH=2.2.0
+ - OPENSSL_BRANCH=OpenSSL_1_0_2-stable TPM2TSS_BRANCH=2.2.x
TPM2TOOLS_BRANCH=3.X
+ - OPENSSL_BRANCH=OpenSSL_1_1_0-stable TPM2TSS_BRANCH=2.2.x
TPM2TOOLS_BRANCH=3.X
global:
- TPM2TOOLS_TCTI=mssim
- PATH="${PWD}/installdir/usr/local/bin:${PATH}"
@@ -96,7 +95,7 @@
- rm ${PWD}/../installdir/usr/local/lib/*.la
- popd
# tpm2-tools
- - git clone --depth=1 https://github.com/tpm2-software/tpm2-tools.git
+ - git clone --depth=1 -b ${TPM2TOOLS_BRANCH}
https://github.com/tpm2-software/tpm2-tools.git
- pushd tpm2-tools
- mkdir m4 || true
- cp ../autoconf-archive-2017.09.28/m4/ax_code_coverage.m4 m4/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tpm2-tss-engine-0+git20190222.cef2c43/CHANGELOG.md
new/tpm2-tss-engine-1.0.1/CHANGELOG.md
--- old/tpm2-tss-engine-0+git20190222.cef2c43/CHANGELOG.md 2019-02-22
10:39:58.000000000 +0100
+++ new/tpm2-tss-engine-1.0.1/CHANGELOG.md 2019-07-25 13:12:48.000000000
+0200
@@ -4,7 +4,12 @@
The format is based on [Keep a
Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic
Versioning](https://semver.org/spec/v2.0.0.html).
-## [1.0.0_rc0] - 2019-02-21
+## [1.0.1] - 2019-07-25
+### Changed
+- Include pkg-config dependecy on libtss2-mu in order to work with tpm2-tss
2.3.
+- Use tpm2-tools 3.X stable branch for integration tests.
+
+## [1.0.0] - 2019-04-04
### Added
- Initial release of the OpenSSL engine for TPM2.0 using the TCG's TPM
Software Stack compliant tpm2-tss libraries.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tpm2-tss-engine-0+git20190222.cef2c43/INSTALL.md
new/tpm2-tss-engine-1.0.1/INSTALL.md
--- old/tpm2-tss-engine-0+git20190222.cef2c43/INSTALL.md 2019-02-22
10:39:58.000000000 +0100
+++ new/tpm2-tss-engine-1.0.1/INSTALL.md 2019-07-25 13:12:48.000000000
+0200
@@ -9,8 +9,9 @@
* C library development libraries and header files
* pkg-config
* OpenSSL >= 1.0.2
-* tpm2-tss >= 2.0
-* ronn
+* tpm2-tss >= 2.2.2
+* pandoc
+* expect
## Ubuntu
```
@@ -24,8 +25,9 @@
gcc \
pkg-config \
libssl-dev \
- ruby-ronn
-git clone --depth=1 http://www.github.com/tpm2-software/tpm2-tss
+ pandoc \
+ expect
+git clone -b 2.2.x --depth=1 http://www.github.com/tpm2-software/tpm2-tss
cd tpm2-tss
./bootstrap
./configure
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tpm2-tss-engine-0+git20190222.cef2c43/Makefile.am
new/tpm2-tss-engine-1.0.1/Makefile.am
--- old/tpm2-tss-engine-0+git20190222.cef2c43/Makefile.am 2019-02-22
10:39:58.000000000 +0100
+++ new/tpm2-tss-engine-1.0.1/Makefile.am 2019-07-25 13:12:48.000000000
+0200
@@ -33,9 +33,9 @@
INCLUDE_DIRS = -I$(srcdir)/include -I$(srcdir)/src
ACLOCAL_AMFLAGS = -I m4 --install
AM_CFLAGS = $(INCLUDE_DIRS) $(EXTRA_CFLAGS) $(TSS2_ESYS_CFLAGS) \
- $(CRYPTO_CFLAGS) $(CODE_COVERAGE_CFLAGS)
+ $(TSS2_MU_CFLAGS) $(CRYPTO_CFLAGS) $(CODE_COVERAGE_CFLAGS)
AM_LDFLAGS = $(EXTRA_LDFLAGS) $(CODE_COVERAGE_LIBS)
-AM_LDADD = $(TSS2_ESYS_LIBS) $(CRYPTO_LIBS) -ldl
+AM_LDADD = $(TSS2_ESYS_LIBS) $(TSS2_MU_LIBS) $(CRYPTO_LIBS) -ldl
AM_DISTCHECK_CONFIGURE_FLAGS = --with-enginesdir= --with-completionsdir= \
--enable-unit
@@ -123,7 +123,8 @@
test/rsasign_parent.sh \
test/rsasign_persistent.sh \
test/rsasign_persistent_emptyauth.sh \
- test/sserver.sh
+ test/sserver.sh \
+ test/sclient.sh
EXTRA_DIST += $(TESTS_SHELL)
if UNIT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tpm2-tss-engine-0+git20190222.cef2c43/RELEASE.md
new/tpm2-tss-engine-1.0.1/RELEASE.md
--- old/tpm2-tss-engine-0+git20190222.cef2c43/RELEASE.md 2019-02-22
10:39:58.000000000 +0100
+++ new/tpm2-tss-engine-1.0.1/RELEASE.md 2019-07-25 13:12:48.000000000
+0200
@@ -23,7 +23,7 @@
In the run up to a release the maintainers may create tags to identify progress
toward the release. In these cases we will append a string to the release
number
to indicate progress using the abbreviation `rc` for 'release candidate'. This
-string will take the form of `_rcX`. We append an incremental digit `X` in case
+string will take the form of `-rcX`. We append an incremental digit `X` in case
more than one release candidate is necessary to communicate progress as
development moves forward.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tpm2-tss-engine-0+git20190222.cef2c43/configure.ac
new/tpm2-tss-engine-1.0.1/configure.ac
--- old/tpm2-tss-engine-0+git20190222.cef2c43/configure.ac 2019-02-22
10:39:58.000000000 +0100
+++ new/tpm2-tss-engine-1.0.1/configure.ac 2019-07-25 13:12:48.000000000
+0200
@@ -31,7 +31,7 @@
AC_PREREQ([2.68])
AC_INIT([tpm2-tss-engine],
- [1.0.0-rc0],
+ [1.0.1],
[https://github.com/tpm2-software/tpm2-tss-engine/issues],
[],
[https://github.com/tpm2-software/tpm2-tss-engine])
@@ -111,9 +111,8 @@
PKG_PROG_PKG_CONFIG([0.25])
PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.0.2g],
[ac_enginesdir=`$PKG_CONFIG --variable=enginesdir
libcrypto`])
-PKG_CHECK_MODULES([TSS2_ESYS], [tss2-esys >= 2.2],
- [AC_DEFINE(TSS22, [1], ["tpm2tss version >= 2.2"])],
- [PKG_CHECK_MODULES([TSS2_ESYS],[tss2-esys])])
+PKG_CHECK_MODULES([TSS2_ESYS], [tss2-esys >= 2.2.2])
+PKG_CHECK_MODULES([TSS2_MU], [tss2-mu])
AC_PATH_PROG([PANDOC], [pandoc])
AS_IF([test -z "$PANDOC"],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tpm2-tss-engine-0+git20190222.cef2c43/src/tpm2-tss-engine-common.c
new/tpm2-tss-engine-1.0.1/src/tpm2-tss-engine-common.c
--- old/tpm2-tss-engine-0+git20190222.cef2c43/src/tpm2-tss-engine-common.c
2019-02-22 10:39:58.000000000 +0100
+++ new/tpm2-tss-engine-1.0.1/src/tpm2-tss-engine-common.c 2019-07-25
13:12:48.000000000 +0200
@@ -241,7 +241,6 @@
goto error;
}
-#ifdef TSS22
/* If the persistent key has the NODA flag set, we check whether it does
have an empty authValue. If NODA is not set, then we don't check because
that would increment the DA lockout counter */
@@ -308,7 +307,6 @@
}
session_error:
-#endif /* TSS22 */
Esys_TR_Close(eactx.ectx, &keyHandle);
@@ -540,7 +538,8 @@
parent = ESYS_TR_NONE;
} else {
r = -1;
- ERRchktss(init_tpm_key, r, goto error);
+ ERR(init_tpm_key, TPM2TSS_R_TPM2DATA_READ_FAILED);
+ goto error;
}
r = Esys_TR_SetAuth(eactx_p->ectx, *keyHandle, &tpm2Data->userauth);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tpm2-tss-engine-0+git20190222.cef2c43/test/rsasign_parent.sh
new/tpm2-tss-engine-1.0.1/test/rsasign_parent.sh
--- old/tpm2-tss-engine-0+git20190222.cef2c43/test/rsasign_parent.sh
2019-02-22 10:39:58.000000000 +0100
+++ new/tpm2-tss-engine-1.0.1/test/rsasign_parent.sh 2019-07-25
13:12:48.000000000 +0200
@@ -15,12 +15,13 @@
tpm2_startup -c || true
-tpm2_createprimary -a o -g sha256 -G rsa -o ${PARENT_CTX}
-tpm2_flushcontext -t
+tpm2_createprimary --hierarchy=o --halg=sha256 --kalg=rsa \
+ --context=${PARENT_CTX}
+tpm2_flushcontext --transient-object
# Load primary key to persistent handle
-HANDLE=$(tpm2_evictcontrol -a o -c ${PARENT_CTX} | cut -d ' ' -f 2)
-tpm2_flushcontext -t
+HANDLE=$(tpm2_evictcontrol --auth=o --context=${PARENT_CTX}
--persistent=0x81010001 | cut -d ' ' -f 2 | head -n 1)
+tpm2_flushcontext --transient-object
# Generating a key underneath the persistent parent
tpm2tss-genkey -a rsa -s 2048 -p abc -P ${HANDLE} ${DIR}/mykey
@@ -31,7 +32,7 @@
echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey
${DIR}/mykey -sign -in ${DIR}/mydata.txt -out ${DIR}/mysig -passin stdin
# Release persistent HANDLE
-tpm2_evictcontrol -a o -c ${HANDLE} -p ${HANDLE}
+tpm2_evictcontrol --auth=o --handle=${HANDLE} --persistent=${HANDLE}
cat ${DIR}/mysig
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tpm2-tss-engine-0+git20190222.cef2c43/test/rsasign_persistent.sh
new/tpm2-tss-engine-1.0.1/test/rsasign_persistent.sh
--- old/tpm2-tss-engine-0+git20190222.cef2c43/test/rsasign_persistent.sh
2019-02-22 10:39:58.000000000 +0100
+++ new/tpm2-tss-engine-1.0.1/test/rsasign_persistent.sh 2019-07-25
13:12:48.000000000 +0200
@@ -15,31 +15,38 @@
tpm2_startup -c || true
-tpm2_createprimary -a o -g sha256 -G rsa -o ${PARENT_CTX}
-tpm2_flushcontext -t
+tpm2_createprimary --hierarchy=o --halg=sha256 --kalg=rsa \
+ --context=${PARENT_CTX}
+tpm2_flushcontext --transient-object
# Create an RSA key pair
echo "Generating RSA key pair"
TPM_RSA_PUBKEY=${DIR}/rsakey.pub
TPM_RSA_KEY=${DIR}/rsakey
-tpm2_create -p abc -C ${PARENT_CTX} -g sha256 -G rsa -u ${TPM_RSA_PUBKEY} -r
${TPM_RSA_KEY} -A
sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda
-tpm2_flushcontext -t
+tpm2_create --pwdk=abc \
+ --context-parent=${PARENT_CTX} \
+ --halg=sha256 --kalg=rsa \
+ --pubfile=${TPM_RSA_PUBKEY} --privfile=${TPM_RSA_KEY} \
+
--object-attributes=sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda
+tpm2_flushcontext --transient-object
# Load Key to persistent handle
RSA_CTX=${DIR}/rsakey.ctx
-tpm2_load -C ${PARENT_CTX} -u ${TPM_RSA_PUBKEY} -r ${TPM_RSA_KEY} -o ${RSA_CTX}
-tpm2_flushcontext -t
+tpm2_load --context-parent=${PARENT_CTX} \
+ --pubfile=${TPM_RSA_PUBKEY} --privfile=${TPM_RSA_KEY} \
+ --context=${RSA_CTX}
+tpm2_flushcontext --transient-object
-HANDLE=$(tpm2_evictcontrol -a o -c ${RSA_CTX} | cut -d ' ' -f 2)
-tpm2_flushcontext -t
+HANDLE=$(tpm2_evictcontrol --auth=o --context=${RSA_CTX}
--persistent=0x81010001 | cut -d ' ' -f 2 | head -n 1)
+tpm2_flushcontext --transient-object
# Signing Data
echo "abc" | openssl pkeyutl -engine tpm2tss -keyform engine -inkey ${HANDLE}
-sign -in ${DIR}/mydata.txt -out ${DIR}/mysig -passin stdin
# Get public key of handle
-tpm2_readpublic -c ${HANDLE} -o ${DIR}/mykey.pem -f pem
+tpm2_readpublic --object=${HANDLE} --opu=${DIR}/mykey.pem --format=pem
# Release persistent HANDLE
-tpm2_evictcontrol -a o -c ${HANDLE}
+tpm2_evictcontrol --auth=o --handle=${HANDLE} --persistent=${HANDLE}
R="$(openssl pkeyutl -pubin -inkey ${DIR}/mykey.pem -verify -in
${DIR}/mydata.txt -sigfile ${DIR}/mysig || true)"
if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tpm2-tss-engine-0+git20190222.cef2c43/test/rsasign_persistent_emptyauth.sh
new/tpm2-tss-engine-1.0.1/test/rsasign_persistent_emptyauth.sh
---
old/tpm2-tss-engine-0+git20190222.cef2c43/test/rsasign_persistent_emptyauth.sh
2019-02-22 10:39:58.000000000 +0100
+++ new/tpm2-tss-engine-1.0.1/test/rsasign_persistent_emptyauth.sh
2019-07-25 13:12:48.000000000 +0200
@@ -15,23 +15,29 @@
tpm2_startup -c || true
-tpm2_createprimary -a o -g sha256 -G rsa -o ${PARENT_CTX}
-tpm2_flushcontext -t
+tpm2_createprimary --hierarchy=o --halg=sha256 --kalg=rsa \
+ --context=${PARENT_CTX}
+tpm2_flushcontext --transient-object
# Create an RSA key pair
echo "Generating RSA key pair"
TPM_RSA_PUBKEY=${DIR}/rsakey.pub
TPM_RSA_KEY=${DIR}/rsakey
-tpm2_create -C ${PARENT_CTX} -g sha256 -G rsa -u ${TPM_RSA_PUBKEY} -r
${TPM_RSA_KEY} -A
sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda
-tpm2_flushcontext -t
+tpm2_create --context-parent=${PARENT_CTX} \
+ --halg=sha256 --kalg=rsa \
+ --pubfile=${TPM_RSA_PUBKEY} --privfile=${TPM_RSA_KEY} \
+
--object-attributes=sign\|decrypt\|fixedtpm\|fixedparent\|sensitivedataorigin\|userwithauth\|noda
+tpm2_flushcontext --transient-object
# Load Key to persistent handle
RSA_CTX=${DIR}/rsakey.ctx
-tpm2_load -C ${PARENT_CTX} -u ${TPM_RSA_PUBKEY} -r ${TPM_RSA_KEY} -o ${RSA_CTX}
-tpm2_flushcontext -t
+tpm2_load --context-parent=${PARENT_CTX} \
+ --pubfile=${TPM_RSA_PUBKEY} --privfile=${TPM_RSA_KEY} \
+ --context=${RSA_CTX}
+tpm2_flushcontext --transient-object
-HANDLE=$(tpm2_evictcontrol -a o -c ${RSA_CTX} | cut -d ' ' -f 2)
-tpm2_flushcontext -t
+HANDLE=$(tpm2_evictcontrol --auth=o --context=${RSA_CTX}
--persistent=0x81010001 | cut -d ' ' -f 2 | head -n 1)
+tpm2_flushcontext --transient-object
# Signing Data
#Actually signing should not require an auth value
@@ -46,10 +52,10 @@
fi
# Get public key of handle
-tpm2_readpublic -c ${HANDLE} -o ${DIR}/mykey.pem -f pem
+tpm2_readpublic --object=${HANDLE} --opu=${DIR}/mykey.pem --format=pem
# Release persistent HANDLE
-tpm2_evictcontrol -a o -c ${HANDLE} -p ${HANDLE}
+tpm2_evictcontrol --auth=o --handle=${HANDLE} --persistent=${HANDLE}
R="$(openssl pkeyutl -pubin -inkey ${DIR}/mykey.pem -verify -in
${DIR}/mydata.txt -sigfile ${DIR}/mysig || true)"
if ! echo $R | grep "Signature Verified Successfully" >/dev/null; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tpm2-tss-engine-0+git20190222.cef2c43/test/sclient.sh
new/tpm2-tss-engine-1.0.1/test/sclient.sh
--- old/tpm2-tss-engine-0+git20190222.cef2c43/test/sclient.sh 1970-01-01
01:00:00.000000000 +0100
+++ new/tpm2-tss-engine-1.0.1/test/sclient.sh 2019-07-25 13:12:48.000000000
+0200
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+set -eufx
+
+export LANG=C
+export OPENSSL_ENGINES=${PWD}/.libs
+export LD_LIBRARY_PATH=$OPENSSL_ENGINES:${LD_LIBRARY_PATH-}
+export PATH=${PWD}:${PATH}
+#The following is for DESTDIR-installations of openssl
+export OPENSSL_CONF=$(find $(dirname $(which openssl))/../../ -name
openssl.cnf | head -n 1)
+
+if openssl version | grep "OpenSSL 1.0.2" >/dev/null; then
+ echo "OpenSSL 1.0.2 does not load the certificate; private key mismatch
???"
+ exit 77
+fi
+
+DIR=$(mktemp -d)
+
+echo -en "SSL CONNECTION WORKING\n">${DIR}/test.html
+
+function cleanup()
+{
+ kill -term $SERVER || true
+}
+
+openssl ecparam -genkey -name prime256v1 -noout -out ${DIR}/ca.key
+
+echo -e "\n\n\n\n\n\n\n" | openssl req -new -x509 -batch -extensions v3_ca
-key ${DIR}/ca.key -out ${DIR}/ca.crt
+
+echo -e "\n\n\n\n\n\n\n\n\n" | openssl req -new -newkey rsa:2048 -nodes
-keyout ${DIR}/server.key -out ${DIR}/server.csr
+
+openssl x509 -req -in ${DIR}/server.csr -CA ${DIR}/ca.crt -CAkey ${DIR}/ca.key
-CAcreateserial -out ${DIR}/server.crt
+
+tpm2tss-genkey -a rsa ${DIR}/client.tpm.key
+
+echo -e "\n\n\n\n\n\n\n\n\n" | openssl req -new -key ${DIR}/client.tpm.key
-keyform engine -engine tpm2tss -out ${DIR}/client.csr
+
+openssl x509 -req -in ${DIR}/client.csr -CA ${DIR}/ca.crt -CAkey ${DIR}/ca.key
-CAcreateserial -out ${DIR}/client.crt
+
+pushd ${DIR}
+openssl s_server -cert ${DIR}/server.crt -key ${DIR}/server.key -accept 8443
-verify 1 -CAfile ${DIR}/ca.crt -WWW &
+SERVER=$!
+popd
+
+sleep 1
+
+kill -0 $!
+
+trap "cleanup" EXIT
+
+# We have to sleep, such that the pipe stays open until the command is
finished.
+(echo -e "GET /test.html HTTP/1.1\r\n\r\n" && sleep 1) | openssl s_client
-connect 127.0.0.1:8443 -cert ${DIR}/client.crt -key ${DIR}/client.tpm.key
-engine tpm2tss -keyform engine -CAfile ${DIR}/ca.crt
+
+echo "SUCCESS"
