mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-09 05:29:56 +00:00
Code Issues Projects Releases Wiki Activity

openssl-tpm-engine: update SRC_URI and update to 0.5.0

Browse Source 
change to a fork that is being maintained and that enabled openssl 1.1
Refresh patches
Drop one no longer needed

Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Armin Kuster
2018-09-15 09:27:00 -07:00
parent 49a7a7a8e1
commit 3bae06e29b
7 changed files with 91 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
+12 -12
View File
@@ -8,20 +8,20 @@ Add "-z" option to select well known password in create_tpm_key tool.
Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com> Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
diff --git a/create_tpm_key.c b/create_tpm_key.c Index: git/src/create_tpm_key.c
index fee917f..7b94d62 100644 ===================================================================
--- a/create_tpm_key.c --- git.orig/src/create_tpm_key.c
+++ b/create_tpm_key.c +++ git/src/create_tpm_key.c
@@ -46,6 +46,8 @@ @@ -48,6 +48,8 @@
#include <trousers/tss.h>
#include <trousers/trousers.h> #include "ssl_compat.h"
+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/ +#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/
+ +
#define print_error(a,b) \ #define print_error(a,b) \
fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \ fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \
a, b, Trspi_Error_String(b)) a, b, Trspi_Error_String(b))
@@ -70,6 +72,7 @@ usage(char *argv0) @@ -72,6 +74,7 @@ usage(char *argv0)
"\t\t-e|--enc-scheme encryption scheme to use [PKCSV15] or OAEP\n" "\t\t-e|--enc-scheme encryption scheme to use [PKCSV15] or OAEP\n"
"\t\t-q|--sig-scheme signature scheme to use [DER] or SHA1\n" "\t\t-q|--sig-scheme signature scheme to use [DER] or SHA1\n"
"\t\t-s|--key-size key size in bits [2048]\n" "\t\t-s|--key-size key size in bits [2048]\n"
@@ -29,7 +29,7 @@ index fee917f..7b94d62 100644
"\t\t-a|--auth require a password for the key [NO]\n" "\t\t-a|--auth require a password for the key [NO]\n"
"\t\t-p|--popup use TSS GUI popup dialogs to get the password " "\t\t-p|--popup use TSS GUI popup dialogs to get the password "
"for the\n\t\t\t\t key [NO] (implies --auth)\n" "for the\n\t\t\t\t key [NO] (implies --auth)\n"
@@ -147,6 +150,7 @@ int main(int argc, char **argv) @@ -154,6 +157,7 @@ int main(int argc, char **argv)
int asn1_len; int asn1_len;
char *filename, c, *openssl_key = NULL; char *filename, c, *openssl_key = NULL;
int option_index, auth = 0, popup = 0, wrap = 0; int option_index, auth = 0, popup = 0, wrap = 0;
@@ -37,7 +37,7 @@ index fee917f..7b94d62 100644
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER; UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
UINT32 key_size = 2048; UINT32 key_size = 2048;
@@ -154,12 +158,15 @@ int main(int argc, char **argv) @@ -161,12 +165,15 @@ int main(int argc, char **argv)
while (1) { while (1) {
option_index = 0; option_index = 0;
@@ -54,7 +54,7 @@ index fee917f..7b94d62 100644
case 'a': case 'a':
initFlags |= TSS_KEY_AUTHORIZATION; initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1; auth = 1;
@@ -293,6 +300,8 @@ int main(int argc, char **argv) @@ -300,6 +307,8 @@ int main(int argc, char **argv)
if (srk_authusage) { if (srk_authusage) {
char *authdata = calloc(1, 128); char *authdata = calloc(1, 128);
@@ -63,7 +63,7 @@ index fee917f..7b94d62 100644
if (!authdata) { if (!authdata) {
fprintf(stderr, "malloc failed.\n"); fprintf(stderr, "malloc failed.\n");
@@ -309,17 +318,26 @@ int main(int argc, char **argv) @@ -316,17 +325,26 @@ int main(int argc, char **argv)
exit(result); exit(result);
} }
meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch
+7 -7
View File
@@ -9,20 +9,20 @@ use "env TPM_SRK_PW=#WELLKNOWN#" to set well known password.
Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com> Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
diff --git a/e_tpm.c b/e_tpm.c Index: git/src/e_tpm.c
index f3e8bcf..7dcb75a 100644 ===================================================================
--- a/e_tpm.c --- git.orig/src/e_tpm.c
+++ b/e_tpm.c +++ git/src/e_tpm.c
@@ -38,6 +38,8 @@ @@ -38,6 +38,8 @@
#include "e_tpm.h" #include "e_tpm.h"
#include "ssl_compat.h"
+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/ +#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/
+ +
//#define DLOPEN_TSPI //#define DLOPEN_TSPI
#ifndef OPENSSL_NO_HW #ifndef OPENSSL_NO_HW
@@ -248,6 +250,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) @@ -262,6 +264,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
TSS_RESULT result; TSS_RESULT result;
UINT32 authusage; UINT32 authusage;
BYTE *auth; BYTE *auth;
@@ -33,7 +33,7 @@ index f3e8bcf..7dcb75a 100644
if (hSRK != NULL_HKEY) { if (hSRK != NULL_HKEY) {
DBGFN("SRK is already loaded."); DBGFN("SRK is already loaded.");
@@ -299,18 +305,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) @@ -313,18 +319,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
return 0; return 0;
} }
meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch
-25
View File
@@ -1,25 +0,0 @@
From 7848445a1f4c750ef73bf96f5e89d402f87a1756 Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com>
Date: Mon, 19 Jun 2017 14:54:28 +0800
Subject: [PATCH] Fix not building libtpm.la
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
---
Makefile.am | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index 6695656..634a7e6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -10,4 +10,6 @@ libtpm_la_LIBADD=-lcrypto -lc -ltspi
libtpm_la_SOURCES=e_tpm.c e_tpm.h e_tpm_err.c
create_tpm_key_SOURCES=create_tpm_key.c
-create_tpm_key_LDADD=-ltspi
+create_tpm_key_LDFLAGS=-ltspi
+
+LDADD=libtpm.la
--
2.7.5
meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch
+19 -22
View File
@@ -22,11 +22,11 @@ Signed-off-by: Meng Li <Meng.Li@windriver.com>
e_tpm_err.c | 4 ++ e_tpm_err.c | 4 ++
3 files changed, 164 insertions(+), 1 deletion(-) 3 files changed, 164 insertions(+), 1 deletion(-)
diff --git a/e_tpm.c b/e_tpm.c Index: git/src/e_tpm.c
index 7dcb75a..11bf74b 100644 ===================================================================
--- a/e_tpm.c --- git.orig/src/e_tpm.c
+++ b/e_tpm.c +++ git/src/e_tpm.c
@@ -245,6 +245,118 @@ void ENGINE_load_tpm(void) @@ -259,6 +259,118 @@ void ENGINE_load_tpm(void)
ERR_clear_error(); ERR_clear_error();
} }
@@ -145,7 +145,7 @@ index 7dcb75a..11bf74b 100644
int tpm_load_srk(UI_METHOD *ui, void *cb_data) int tpm_load_srk(UI_METHOD *ui, void *cb_data)
{ {
TSS_RESULT result; TSS_RESULT result;
@@ -305,8 +417,50 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) @@ -319,8 +431,50 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
return 0; return 0;
} }
@@ -197,7 +197,7 @@ index 7dcb75a..11bf74b 100644
if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) { if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) {
memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN); memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN);
secretMode = TSS_SECRET_MODE_SHA1; secretMode = TSS_SECRET_MODE_SHA1;
@@ -319,6 +473,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) @@ -333,6 +487,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
authlen = strlen(auth); authlen = strlen(auth);
} }
} }
@@ -205,11 +205,11 @@ index 7dcb75a..11bf74b 100644
else { else {
if (!tpm_engine_get_auth(ui, (char *)auth, 128, if (!tpm_engine_get_auth(ui, (char *)auth, 128,
"SRK authorization: ", cb_data)) { "SRK authorization: ", cb_data)) {
diff --git a/e_tpm.h b/e_tpm.h Index: git/src/e_tpm.h
index 6316e0b..56ff202 100644 ===================================================================
--- a/e_tpm.h --- git.orig/src/e_tpm.h
+++ b/e_tpm.h +++ git/src/e_tpm.h
@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int reason, char *file, int line); @@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int rea
#define TPM_F_TPM_FILL_RSA_OBJECT 116 #define TPM_F_TPM_FILL_RSA_OBJECT 116
#define TPM_F_TPM_ENGINE_GET_AUTH 117 #define TPM_F_TPM_ENGINE_GET_AUTH 117
#define TPM_F_TPM_CREATE_SRK_POLICY 118 #define TPM_F_TPM_CREATE_SRK_POLICY 118
@@ -218,7 +218,7 @@ index 6316e0b..56ff202 100644
/* Reason codes. */ /* Reason codes. */
#define TPM_R_ALREADY_LOADED 100 #define TPM_R_ALREADY_LOADED 100
@@ -96,6 +98,8 @@ void ERR_TSS_error(int function, int reason, char *file, int line); @@ -96,6 +98,8 @@ void ERR_TSS_error(int function, int rea
#define TPM_R_ID_INVALID 125 #define TPM_R_ID_INVALID 125
#define TPM_R_UI_METHOD_FAILED 126 #define TPM_R_UI_METHOD_FAILED 126
#define TPM_R_UNKNOWN_SECRET_MODE 127 #define TPM_R_UNKNOWN_SECRET_MODE 127
@@ -227,11 +227,11 @@ index 6316e0b..56ff202 100644
/* structure pointed to by the RSA object's app_data pointer */ /* structure pointed to by the RSA object's app_data pointer */
struct rsa_app_data struct rsa_app_data
diff --git a/e_tpm_err.c b/e_tpm_err.c Index: git/src/e_tpm_err.c
index 25a5d0f..439e267 100644 ===================================================================
--- a/e_tpm_err.c --- git.orig/src/e_tpm_err.c
+++ b/e_tpm_err.c +++ git/src/e_tpm_err.c
@@ -235,6 +235,8 @@ static ERR_STRING_DATA TPM_str_functs[] = { @@ -234,6 +234,8 @@ static ERR_STRING_DATA TPM_str_functs[]
{ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"}, {ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"},
{ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"}, {ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"},
{ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"}, {ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"},
@@ -240,7 +240,7 @@ index 25a5d0f..439e267 100644
{0, NULL} {0, NULL}
}; };
@@ -265,6 +267,8 @@ static ERR_STRING_DATA TPM_str_reasons[] = { @@ -264,6 +266,8 @@ static ERR_STRING_DATA TPM_str_reasons[]
{TPM_R_FILE_READ_FAILED, "failed reading the key file"}, {TPM_R_FILE_READ_FAILED, "failed reading the key file"},
{TPM_R_ID_INVALID, "engine id doesn't match"}, {TPM_R_ID_INVALID, "engine id doesn't match"},
{TPM_R_UI_METHOD_FAILED, "ui function failed"}, {TPM_R_UI_METHOD_FAILED, "ui function failed"},
@@ -249,6 +249,3 @@ index 25a5d0f..439e267 100644
{0, NULL} {0, NULL}
}; };
--
2.9.3
meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch
+5 -8
View File
@@ -15,11 +15,11 @@ Signed-off-by: Meng Li <Meng.Li@windriver.com>
create_tpm_key.c | 3 ++- create_tpm_key.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-) 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/create_tpm_key.c b/create_tpm_key.c Index: git/src/create_tpm_key.c
index 7b94d62..f30af90 100644 ===================================================================
--- a/create_tpm_key.c --- git.orig/src/create_tpm_key.c
+++ b/create_tpm_key.c +++ git/src/create_tpm_key.c
@@ -148,7 +148,8 @@ int main(int argc, char **argv) @@ -155,7 +155,8 @@ int main(int argc, char **argv)
ASN1_OCTET_STRING *blob_str; ASN1_OCTET_STRING *blob_str;
unsigned char *blob_asn1 = NULL; unsigned char *blob_asn1 = NULL;
int asn1_len; int asn1_len;
@@ -29,6 +29,3 @@ index 7b94d62..f30af90 100644
int option_index, auth = 0, popup = 0, wrap = 0; int option_index, auth = 0, popup = 0, wrap = 0;
int wellknownkey = 0; int wellknownkey = 0;
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
--
1.7.9.5
meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch
+34
View File
@@ -0,0 +1,34 @@
Fix compiling for openssl 1.1
Upstream-Status: Pending
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Index: git/src/e_tpm.c
===================================================================
--- git.orig/src/e_tpm.c
+++ git/src/e_tpm.c
@@ -265,19 +265,20 @@ static int tpm_decode_base64(unsigned ch
int *out_len)
{
int total_len, len, ret;
- EVP_ENCODE_CTX dctx;
+ EVP_ENCODE_CTX *dctx;
- EVP_DecodeInit(&dctx);
+ dctx = EVP_ENCODE_CTX_new();
+ EVP_DecodeInit(dctx);
total_len = 0;
- ret = EVP_DecodeUpdate(&dctx, outdata, &len, indata, in_len);
+ ret = EVP_DecodeUpdate(dctx, outdata, &len, indata, in_len);
if (ret < 0) {
TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED);
return 1;
}
total_len += len;
- ret = EVP_DecodeFinal(&dctx, outdata, &len);
+ ret = EVP_DecodeFinal(dctx, outdata, &len);
if (ret < 0) {
TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED);
return 1;
meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb → meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
+14 -27
View File
@@ -1,5 +1,5 @@
DESCRIPTION = "OpenSSL secure engine based on TPM hardware" DESCRIPTION = "OpenSSL secure engine based on TPM hardware"
HOMEPAGE = "https://sourceforge.net/projects/trousers/" HOMEPAGE = "https://github.com/mgerstner/openssl_tpm_engine"
SECTION = "security/tpm" SECTION = "security/tpm"
LICENSE = "openssl" LICENSE = "openssl"
@@ -8,18 +8,18 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52"
DEPENDS += "openssl trousers" DEPENDS += "openssl trousers"
SRC_URI = "\ SRC_URI = "\
git://git.code.sf.net/p/trousers/openssl_tpm_engine \ git://github.com/mgerstner/openssl_tpm_engine.git \
file://0001-create-tpm-key-support-well-known-key-option.patch \ file://0001-create-tpm-key-support-well-known-key-option.patch \
file://0002-libtpm-support-env-TPM_SRK_PW.patch \ file://0002-libtpm-support-env-TPM_SRK_PW.patch \
file://0003-Fix-not-building-libtpm.la.patch \
file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \ file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \
file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \ file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \
file://openssl11_build_fix.patch \
" "
SRCREV = "bbc2b1af809f20686e0d3553a62f0175742c0d60" SRCREV = "b28de5065e6eb9aa5d5afe2276904f7624c2cbaf"
S = "${WORKDIR}/git" S = "${WORKDIR}/git"
inherit autotools-brokensep inherit autotools-brokensep pkgconfig
# The definitions below are used to decrypt the srk password. # The definitions below are used to decrypt the srk password.
# It is allowed to define the values in 3 forms: string, hex number and # It is allowed to define the values in 3 forms: string, hex number and
@@ -41,35 +41,22 @@ CFLAGS_append += "-DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}"
#CFLAGS_append += "-DTPM_SRK_PLAIN_PW" #CFLAGS_append += "-DTPM_SRK_PLAIN_PW"
do_configure_prepend() { do_configure_prepend() {
cd "${S}" cd ${B}
cp LICENSE COPYING cp LICENSE COPYING
touch NEWS AUTHORS ChangeLog touch NEWS AUTHORS ChangeLog README
} }
do_install_append() { FILES_${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la"
install -m 0755 -d "${D}${libdir}/engines"
install -m 0755 -d "${D}${prefix}/local/ssl/lib/engines"
install -m 0755 -d "${D}${libdir}/ssl/engines"
cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/libtpm.so.0"
cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/engines/libtpm.so"
cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${prefix}/local/ssl/lib/engines/libtpm.so"
mv -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/ssl/engines/libtpm.so"
mv -f "${D}${libdir}/openssl/engines/libtpm.la" "${D}${libdir}/ssl/engines/libtpm.la"
rm -rf "${D}${libdir}/openssl"
}
FILES_${PN}-staticdev += "${libdir}/ssl/engines/libtpm.la"
FILES_${PN}-dbg += "\ FILES_${PN}-dbg += "\
${libdir}/ssl/engines/.debug \ ${libdir}/ssl/engines-1.1/.debug \
${libdir}/engines/.debug \ ${libdir}/engines-1.1/.debug \
${prefix}/local/ssl/lib/engines/.debug \ ${prefix}/local/ssl/lib/engines-1.1/.debug \
" "
FILES_${PN} += "\ FILES_${PN} += "\
${libdir}/ssl/engines/libtpm.so* \ ${libdir}/ssl/engines-1.1/tpm.so* \
${libdir}/engines/libtpm.so* \ ${libdir}/engines-1.1/tpm.so* \
${libdir}/libtpm.so* \ ${libdir}/libtpm.so* \
${prefix}/local/ssl/lib/engines/libtpm.so* \ ${prefix}/local/ssl/lib/engines-1.1/tpm.so* \
" "
RDEPENDS_${PN} += "libcrypto libtspi" RDEPENDS_${PN} += "libcrypto libtspi"