From nobody Sun Jul 02 07:34:47 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qv16H5vm0z4kdPP; Sun, 2 Jul 2023 07:34:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qv16H4vR8z3rGX; Sun, 2 Jul 2023 07:34:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1688283287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZmMY4bI5wX/Mjz3cOfvEgkm2uDJFPDNdqYeRTKhBGVk=; b=u+yK9l2Y4LU/L69CaunKVJh0s6Qw1YL7opmpuFU4kfvkTRm0V+O7wMC/8YTx6eahqihDtx XxAEpGoSOfd1yoCmtdppGEeIgSMMSNFQPWzO2Lyc078DBxKp1oBTmBlvFilXdtbX8/sWjP T7+/GfC/5EVAt1Hr4agxYC90cH8nSBq3XVg5E603OwTw0Vb6517/rznU5l42mLFmm37qLW vlHnACa5c8kadomkMH5/IMOxGt/UWVLhBn8ueDVD2C5xmcgqaUh909esw23BJ0vQ9vVgZY SQ9yVAk3VX5sBCCwjiMrtxMfHGxXpRzRzDq7dlsLeyCYVeMQn6VTLZxWyOZRHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1688283287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZmMY4bI5wX/Mjz3cOfvEgkm2uDJFPDNdqYeRTKhBGVk=; b=RGigCLAiBVytAyVEVam52geeUo5S/KDuTdyPkN42u9kAL9A8+CtvjEX0+AyeZGkwCjb6Wo wKSQC34bQO9XveBikq/HYrhSbX42qqtRp3r+vpYbwtJehJmToq8O6K2ECQraNhLjfqD3ve 7SrpxkvvrhKz0xe8ZafEz9a0uKNLn4irjsRUfVN7dpKnqULryH2VvqmnTCHiaE4u2BoaJc vVvA6X9SzeZ2rV2z4zYNoMWOVew2hCVGKvhh+gJ43bt0qTWCeEbzipAydCcBiQqduno7RO Y8fVz9DoC3DOqmzqrAyTOWhB3H/2PP7SHlM1spqwhAcvXXb4/wV9K1kiYs58Bg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1688283287; a=rsa-sha256; cv=none; b=q6cdJBYHnVjq1TR2gBPyYNtYDyFYpIMCIjKNYh56T70v8Bt4Usz4c6M407zMVGVYD3Gfdp JP1dcN0kwIfpFniLURCkJHKRvXakWpX7W0UfBodJMlpf3gmayIaTfXDTvufCxlMfF3Tvkn qlBZfCARh+BZd8azcURgpl73t3PGKVVXcNTf5oUZLu3lhOB+PCZX85y3Hve+yhMPgEIQkV 8ZrEqenLJWeHUUGsq52REk1BH11Fypvwz4Jx8Xwc0ZikqOG2t80Xgj2NvTQN1KShHSUdXU KGTuXBQt2CoCgtACZ+MMyg1+kP8PmDFKPtWtMrqlf55Sega5+yKeZXE7TAXNDg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Qv16H40CXz10QV; Sun, 2 Jul 2023 07:34:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3627Yl9O076576; Sun, 2 Jul 2023 07:34:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3627Ylbe076575; Sun, 2 Jul 2023 07:34:47 GMT (envelope-from git) Date: Sun, 2 Jul 2023 07:34:47 GMT Message-Id: <202307020734.3627Ylbe076575@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Muhammad Moinur Rahman Subject: git: 788dde9529dd - main - security/openssl_tpm_engine: Remove expired port List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bofh X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 788dde9529dd77fcb5d2433e0ff5522206af2643 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by bofh: URL: https://cgit.FreeBSD.org/ports/commit/?id=788dde9529dd77fcb5d2433e0ff5522206af2643 commit 788dde9529dd77fcb5d2433e0ff5522206af2643 Author: Muhammad Moinur Rahman AuthorDate: 2023-07-02 07:22:27 +0000 Commit: Muhammad Moinur Rahman CommitDate: 2023-07-02 07:34:32 +0000 security/openssl_tpm_engine: Remove expired port 2023-07-02 security/openssl_tpm_engine: Requires older openssl and upstream unmaintained since 2017 --- MOVED | 1 + security/Makefile | 1 - security/openssl_tpm_engine/Makefile | 64 ---- security/openssl_tpm_engine/distinfo | 3 - .../files/patch-dist-openssl.cnf.sample | 11 - .../openssl_tpm_engine/files/patch-src-e_tpm.c | 368 --------------------- .../openssl_tpm_engine/files/patch-src-e_tpm.h | 45 --- .../openssl_tpm_engine/files/patch-src-e_tpm_err.c | 18 - security/openssl_tpm_engine/files/pkg-message.in | 17 - security/openssl_tpm_engine/pkg-descr | 6 - 10 files changed, 1 insertion(+), 533 deletions(-) diff --git a/MOVED b/MOVED index b9479552a3b0..7cb4791c98aa 100644 --- a/MOVED +++ b/MOVED @@ -7757,3 +7757,4 @@ print/ghostscript8-x11||2023-06-30|Has expired: Obsolete and unsupported upstrea textproc/py-transifex-client|textproc/go-transifex-client|2023-06-30|Has expired: Upstream switched to go based api client (textproc/go-transifex-client) devel/google-cloud-cpp117|devel/google-cloud-cpp|2023-07-01|Has expired: Newer version is in the tree math/py-gmpy|math/py-gmpy2|2023-07-01|Has expired: EOLd, use math/py-gmpy2 instead +security/openssl_tpm_engine||2023-07-02|Has expired: Requires older openssl and upstream unmaintained since 2017 diff --git a/security/Makefile b/security/Makefile index 3665e5951e4d..6993f1a1dbc3 100644 --- a/security/Makefile +++ b/security/Makefile @@ -417,7 +417,6 @@ SUBDIR += openssl-unsafe SUBDIR += openssl30 SUBDIR += openssl31 - SUBDIR += openssl_tpm_engine SUBDIR += openvas SUBDIR += openvpn SUBDIR += openvpn-admin diff --git a/security/openssl_tpm_engine/Makefile b/security/openssl_tpm_engine/Makefile deleted file mode 100644 index 587074e17f56..000000000000 --- a/security/openssl_tpm_engine/Makefile +++ /dev/null @@ -1,64 +0,0 @@ -PORTNAME= openssl_tpm_engine -PORTVERSION= 0.5.0 -DISTVERSIONPREFIX= v -PORTREVISION= 2 -CATEGORIES= security - -MAINTAINER= hrs@FreeBSD.org -COMMENT= OpenSSL TPM engine -WWW= https://github.com/mgerstner/openssl_tpm_engine - -LICENSE= OpenSSL -LICENSE_FILE= ${WRKSRC}/LICENSE - -DEPRECATED= Requires older openssl and upstream unmaintained since 2017 -EXPIRATION_DATE= 2023-07-02 -BROKEN_SSL= openssl30 openssl31 -BROKEN_SSL_REASON= Requires openssl 1.0.x or 1.1.x -IGNORE_SSL= libressl libressl-devel -IGNORE_SSL_REASON= Detected LibreSSL (RAND_METHOD structure unsupported) - -LIB_DEPENDS= libtspi.so:security/trousers -RUN_DEPENDS= ${LOCALBASE}/sbin/tcsd:security/trousers - -USES= autoreconf gmake libtool localbase ssl pkgconfig -USE_GITHUB= yes -USE_LDCONFIG= yes - -GH_ACCOUNT= mgerstner -GNU_CONFIGURE= yes -CONFIGURE_ARGS= --with-openssl="${OPENSSLBASE}" \ - --with-enginedir="${PREFIX}/lib/openssl/engines" -SUB_FILES= pkg-message -PLIST_FILES= bin/create_tpm_key -INSTALL_TARGET= install-strip -PORTEXAMPLES= openssl.cnf.sample - -OPTIONS_DEFINE= EXAMPLES - -post-patch: - (${CAT} ${OPENSSLINC}/openssl/opensslv.h; \ - ${ECHO_CMD} "#if OPENSSL_VERSION_NUMBER < 0x10100000L"; \ - ${ECHO_CMD} "lib/openssl/engines/libtpm.so"; \ - ${ECHO_CMD} "#else"; \ - ${ECHO_CMD} "lib/openssl/engines/tpm.so"; \ - ${ECHO_CMD} "#endif"; \ - ) | ${CPP} | ${GREP} -v \# > ${WRKDIR}/.tpmso; \ - ${REINPLACE_CMD} "s|%%TPMSO%%|${PREFIX}/$$(cat ${WRKDIR}/.tpmso)|g" \ - ${WRKSRC}/dist/openssl.cnf.sample - -.if defined(INSTALL_AS_USER) -_T=|| ${TRUE} -.endif -post-install: - (${CAT} ${WRKDIR}/.tpmso; \ - ${ECHO_CMD} "@postexec /usr/sbin/service ldconfig restart > /dev/null ${_T}" >> ${TMPPLIST}; \ - ${ECHO_CMD} "@postunexec /usr/sbin/service ldconfig restart > /dev/null ${_T}" >> ${TMPPLIST}; \ - ) >> ${TMPPLIST} - -post-install-EXAMPLES-on: - @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} - ${INSTALL_DATA} ${WRKSRC}/dist/openssl.cnf.sample \ - ${STAGEDIR}${EXAMPLESDIR} - -.include diff --git a/security/openssl_tpm_engine/distinfo b/security/openssl_tpm_engine/distinfo deleted file mode 100644 index 9c4d910bf172..000000000000 --- a/security/openssl_tpm_engine/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1551568882 -SHA256 (mgerstner-openssl_tpm_engine-v0.5.0_GH0.tar.gz) = 328cc0ce0c1fd816c284efb79234be6157bb995d24a5e8065750f162aa72c060 -SIZE (mgerstner-openssl_tpm_engine-v0.5.0_GH0.tar.gz) = 25305 diff --git a/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample b/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample deleted file mode 100644 index d6cdfb1fcb34..000000000000 --- a/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample +++ /dev/null @@ -1,11 +0,0 @@ ---- dist/openssl.cnf.sample.orig 2017-12-18 15:45:34 UTC -+++ dist/openssl.cnf.sample -@@ -18,7 +18,7 @@ engines = engine_section - foo = tpm_section - - [tpm_section] --dynamic_path = /usr/local/ssl/lib/engines/libtpm.so -+dynamic_path = %%TPMSO%% - engine_id = tpm - default_algorithms = ALL - #default_algorithms = RAND,RSA diff --git a/security/openssl_tpm_engine/files/patch-src-e_tpm.c b/security/openssl_tpm_engine/files/patch-src-e_tpm.c deleted file mode 100644 index 69a7dac3dede..000000000000 --- a/security/openssl_tpm_engine/files/patch-src-e_tpm.c +++ /dev/null @@ -1,368 +0,0 @@ ---- src/e_tpm.c.orig 2017-12-18 15:45:34 UTC -+++ src/e_tpm.c -@@ -34,6 +34,7 @@ - #include - - #include // XXX DEBUG -+#include - - #include "e_tpm.h" - #include "ssl_compat.h" -@@ -55,10 +56,10 @@ static char *tpm_engine_get_auth(UI_METHOD *, char *, - /* rsa functions */ - static int tpm_rsa_init(RSA *rsa); - static int tpm_rsa_finish(RSA *rsa); --static int tpm_rsa_pub_dec(int, const unsigned char *, unsigned char *, RSA *, int); --static int tpm_rsa_pub_enc(int, const unsigned char *, unsigned char *, RSA *, int); --static int tpm_rsa_priv_dec(int, const unsigned char *, unsigned char *, RSA *, int); --static int tpm_rsa_priv_enc(int, const unsigned char *, unsigned char *, RSA *, int); -+static int tpm_rsa_pub_dec(int, unsigned char *, unsigned char *, RSA *, int); -+static int tpm_rsa_pub_enc(int, unsigned char *, unsigned char *, RSA *, int); -+static int tpm_rsa_priv_dec(int, unsigned char *, unsigned char *, RSA *, int); -+static int tpm_rsa_priv_enc(int, unsigned char *, unsigned char *, RSA *, int); - //static int tpm_rsa_sign(int, const unsigned char *, unsigned int, unsigned char *, unsigned int *, const RSA *); - static int tpm_rsa_keygen(RSA *, int, BIGNUM *, BN_GENCB *); - #endif -@@ -72,6 +73,7 @@ static RAND_SEED_RET_TYPE tpm_rand_seed(const void *, - #define TPM_CMD_SO_PATH ENGINE_CMD_BASE - #define TPM_CMD_PIN ENGINE_CMD_BASE+1 - #define TPM_CMD_SECRET_MODE ENGINE_CMD_BASE+2 -+#define TPM_CMD_QUOTE ENGINE_CMD_BASE+3 - static const ENGINE_CMD_DEFN tpm_cmd_defns[] = { - {TPM_CMD_SO_PATH, - "SO_PATH", -@@ -85,6 +87,10 @@ static const ENGINE_CMD_DEFN tpm_cmd_defns[] = { - "SECRET_MODE", - "The TSS secret mode for all secrets", - ENGINE_CMD_FLAG_NUMERIC}, -+ {TPM_CMD_QUOTE, -+ "QUOTE", -+ "Perform a TPM_Quote() with the given structure", -+ ENGINE_CMD_FLAG_NUMERIC}, - {0, NULL, NULL, 0} - }; - -@@ -151,6 +157,9 @@ static unsigned int (*p_tspi_Hash_SetHashValue)(); - static unsigned int (*p_tspi_GetPolicyObject)(); - static unsigned int (*p_tspi_Policy_SetSecret)(); - static unsigned int (*p_tspi_Policy_AssignToObject)(); -+static unsigned int (*p_tspi_PcrComposite_SelectPcrIndex)(); -+static unsigned int (*p_tspi_TPM_Quote)(); -+static unsigned int (*p_tspi_NV_ReadValue)(); - - /* Override the real function calls to use our indirect pointers */ - #define Tspi_Context_Create p_tspi_Context_Create -@@ -177,6 +186,9 @@ static unsigned int (*p_tspi_Policy_AssignToObject)(); - #define Tspi_Hash_SetHashValue p_tspi_Hash_SetHashValue - #define Tspi_Policy_SetSecret p_tspi_Policy_SetSecret - #define Tspi_Policy_AssignToObject p_tspi_Policy_AssignToObject -+#define Tspi_PcrComposite_SelectPcrIndex p_tspi_PcrComposite_SelectPcrIndex -+#define Tspi_TPM_Quote p_tspi_TPM_Quote -+#define Tspi_NV_ReadValue p_tspi_NV_ReadValue - #endif /* DLOPEN_TSPI */ - - static int setup_rsa_method() -@@ -262,6 +274,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) - TSS_RESULT result; - UINT32 authusage; - BYTE *auth; -+ BYTE well_known[TPM_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET; - - if (hSRK != NULL_HKEY) { - DBGFN("SRK is already loaded."); -@@ -308,6 +321,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) - return 0; - } - -+ if (ui) { - if ((auth = calloc(1, 128)) == NULL) { - TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); - return 0; -@@ -333,6 +347,15 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) - - free(auth); - -+ } else { -+ if ((result = Tspi_Policy_SetSecret(hSRKPolicy, TSS_SECRET_MODE_SHA1, 20, well_known))) { -+ Tspi_Context_CloseObject(hContext, hSRK); -+ free(auth); -+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ } -+ - return 1; - } - -@@ -390,7 +413,10 @@ static int tpm_engine_init(ENGINE * e) - !bind_tspi_func(tpm_dso, Context_GetTpmObject) || - !bind_tspi_func(tpm_dso, GetAttribUint32) || - !bind_tspi_func(tpm_dso, SetAttribData) || -- !bind_tspi_func(tpm_dso, Policy_AssignToObject) -+ !bind_tspi_func(tpm_dso, Policy_AssignToObject) || -+ !bind_tspi_func(tpm_dso, PcrComposite_SelectPcrIndex) || -+ !bind_tspi_func(tpm_dso, TPM_Quote) || -+ !bind_tspi_func(tpm_dso, NV_ReadValue) - ) { - TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE); - goto err; -@@ -452,6 +478,9 @@ err: - p_tspi_Policy_AssignToObject = NULL; - p_tspi_TPM_StirRandom = NULL; - p_tspi_TPM_GetRandom = NULL; -+ p_tspi_PcrComposite_SelectPcrIndex = NULL; -+ p_tspi_TPM_Quote = NULL; -+ p_tspi_NV_ReadValue = NULL; - #endif - return 0; - } -@@ -590,6 +619,55 @@ err: - return 0; - } - -+/* -+ * Read a keyblob from NVRAM into an OpenSSL memory BIO -+ * by Christian Holler (c.hol...@sirrix.com), Sirrix AG -+ */ -+int BIO_from_nvram(unsigned int index, unsigned int length, BIO** bio) -+{ -+ TSS_RESULT result; -+ TSS_HNVSTORE hNVStore; -+ BYTE *dataRead = NULL; -+ -+ //unsigned int blobLength = 559; -+ -+ BIO *mem = BIO_new(BIO_s_mem()); -+ -+ /* Create TPM NV object */ -+ result = p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0, -+ &hNVStore); -+ -+ if (result != TSS_SUCCESS) { -+ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, -+ TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ -+ /* Set the index to be read */ -+ result = p_tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0, -+ (UINT32) index); -+ -+ if (result != TSS_SUCCESS) { -+ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, -+ TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ -+ result = p_tspi_NV_ReadValue(hNVStore, 0, &length, &dataRead); -+ BIO_write(mem, dataRead, length); -+ p_tspi_Context_FreeMemory(hContext, dataRead); -+ -+ if (result != TSS_SUCCESS ) { -+ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, -+ TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ -+ *bio = mem; -+ -+ return 1; -+} -+ - static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, - UI_METHOD *ui, void *cb_data) - { -@@ -604,7 +682,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const - - DBG("%s", __FUNCTION__); - -- if (!key_id) { -+ if (!key_id && !cb_data) { - TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } -@@ -614,17 +692,27 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const - return NULL; - } - -+ if (cb_data) { -+ struct nvram_request *nvreq = cb_data; -+ -+ if (!BIO_from_nvram(nvreq->index, nvreq->length, &bf)) { -+ TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, -+ TPM_R_NVRAM_FAILED); -+ return NULL; -+ } -+ } else { - if ((bf = BIO_new_file(key_id, "r")) == NULL) { - TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, -- TPM_R_FILE_NOT_FOUND); -+ TPM_R_FILE_NOT_FOUND); - return NULL; - } -+ } - - blobstr = PEM_ASN1_read_bio((void *)d2i_ASN1_OCTET_STRING, - "TSS KEY BLOB", bf, NULL, NULL, NULL); - if (!blobstr) { - TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, -- TPM_R_FILE_READ_FAILED); -+ TPM_R_FILE_READ_FAILED); - BIO_free(bf); - return NULL; - } -@@ -635,7 +723,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const - blobstr->length, - blobstr->data, &hKey))) { - TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, -- TPM_R_REQUEST_FAILED); -+ TPM_R_REQUEST_FAILED); - return NULL; - } - ASN1_OCTET_STRING_free(blobstr); -@@ -645,7 +733,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const - &authusage))) { - Tspi_Context_CloseObject(hContext, hKey); - TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, -- TPM_R_REQUEST_FAILED); -+ TPM_R_REQUEST_FAILED); - return NULL; - } - -@@ -747,7 +835,7 @@ static int tpm_create_srk_policy(void *secret) - TSS_POLICY_USAGE, - &hSRKPolicy))) { - TSSerr(TPM_F_TPM_CREATE_SRK_POLICY, -- TPM_R_REQUEST_FAILED); -+ TPM_R_REQUEST_FAILED); - return 0; - } - } -@@ -761,6 +849,70 @@ static int tpm_create_srk_policy(void *secret) - return 1; - } - -+static int tpm_quote(void* p) { -+ TSS_RESULT result; -+ TSS_HPCRS hPcrComposite; -+ TSS_VALIDATION tssVal; -+ -+ unsigned int i = 0; -+ -+ struct quote_request *request = p; -+ -+ struct rsa_app_data *app_data = RSA_get_ex_data(request->rsa, ex_app_data); -+ -+ /* No app_data, this is not a TPM Key and we cannot use it for quote */ -+ if (!app_data) { -+ return 0; -+ } -+ -+ /* Key is invalid */ -+ if (app_data->hKey == NULL_HKEY) { -+ TSSerr(TPM_F_TPM_QUOTE, TPM_R_INVALID_KEY); -+ return 0; -+ } -+ -+ /* Set up PcrComposite Structure, this is a set -+ * of PCRs which will be used for the quote */ -+ result = -+ p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, -+ TSS_PCRS_STRUCT_INFO, &hPcrComposite); -+ if (result != TSS_SUCCESS) { -+ TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ -+ /* Add all PCR values to be used to PcrComposite structure */ -+ for (i = 0; i < request->PCRSelLength; i++) { -+ if (request->PCRSel[i]) { -+ result = p_tspi_PcrComposite_SelectPcrIndex(hPcrComposite, i); -+ -+ if (result != TSS_SUCCESS) { -+ TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ } -+ } -+ -+ /* Set the nonce */ -+ tssVal.rgbExternalData = request->nonce; -+ tssVal.ulExternalDataLength = SHA_DIGEST_LENGTH; -+ -+ result = p_tspi_TPM_Quote(hTPM, app_data->hKey, hPcrComposite, &tssVal); -+ -+ if (result != TSS_SUCCESS) { -+ TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ -+ request->rgbData = tssVal.rgbData; -+ request->ulValidationDataLength = tssVal.ulValidationDataLength; -+ request->rgbValidationData = tssVal.rgbValidationData; -+ -+ p_tspi_Context_CloseObject(hContext, hPcrComposite); -+ -+ return 1; -+} -+ - static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ()) - { - int initialised = !!hContext; -@@ -799,6 +951,8 @@ static int tpm_engine_ctrl(ENGINE * e, int cmd, long i - return 1; - case TPM_CMD_PIN: - return tpm_create_srk_policy(p); -+ case TPM_CMD_QUOTE: -+ return tpm_quote(p); - default: - break; - } -@@ -853,7 +1007,7 @@ static int tpm_rsa_finish(RSA *rsa) - } - - static int tpm_rsa_pub_dec(int flen, -- const unsigned char *from, -+ unsigned char *from, - unsigned char *to, - RSA *rsa, - int padding) -@@ -872,7 +1026,7 @@ static int tpm_rsa_pub_dec(int flen, - } - - static int tpm_rsa_priv_dec(int flen, -- const unsigned char *from, -+ unsigned char *from, - unsigned char *to, - RSA *rsa, - int padding) -@@ -949,7 +1103,7 @@ static int tpm_rsa_priv_dec(int flen, - } - - static int tpm_rsa_pub_enc(int flen, -- const unsigned char *from, -+ unsigned char *from, - unsigned char *to, - RSA *rsa, - int padding) -@@ -1056,7 +1210,7 @@ static int tpm_rsa_pub_enc(int flen, - } - - static int tpm_rsa_priv_enc(int flen, -- const unsigned char *from, -+ unsigned char *from, - unsigned char *to, - RSA *rsa, - int padding) -@@ -1101,7 +1255,10 @@ static int tpm_rsa_priv_enc(int flen, - } - - if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) { -- if (flen != SHA_DIGEST_LENGTH) { -+ if (flen == SHA_DIGEST_LENGTH+15) { -+ from += 15; -+ flen = SHA_DIGEST_LENGTH; -+ } else if (flen != SHA_DIGEST_LENGTH) { - TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE); - return 0; - } diff --git a/security/openssl_tpm_engine/files/patch-src-e_tpm.h b/security/openssl_tpm_engine/files/patch-src-e_tpm.h deleted file mode 100644 index f4d003e77a49..000000000000 --- a/security/openssl_tpm_engine/files/patch-src-e_tpm.h +++ /dev/null @@ -1,45 +0,0 @@ ---- src/e_tpm.h.orig 2017-12-18 15:45:34 UTC -+++ src/e_tpm.h -@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int reason, char *fil - #define TPM_F_TPM_FILL_RSA_OBJECT 116 - #define TPM_F_TPM_ENGINE_GET_AUTH 117 - #define TPM_F_TPM_CREATE_SRK_POLICY 118 -+#define TPM_F_TPM_BIO_FROM_NVRAM 119 -+#define TPM_F_TPM_QUOTE 120 - - /* Reason codes. */ - #define TPM_R_ALREADY_LOADED 100 -@@ -96,6 +98,7 @@ void ERR_TSS_error(int function, int reason, char *fil - #define TPM_R_ID_INVALID 125 - #define TPM_R_UI_METHOD_FAILED 126 - #define TPM_R_UNKNOWN_SECRET_MODE 127 -+#define TPM_R_NVRAM_FAILED 128 - - /* structure pointed to by the RSA object's app_data pointer */ - struct rsa_app_data -@@ -105,6 +108,25 @@ struct rsa_app_data - TSS_HENCDATA hEncData; - UINT32 encScheme; - UINT32 sigScheme; -+}; -+ -+/* Added by c.hol...@sirrix.com */ -+struct quote_request -+{ -+ RSA* rsa; -+ unsigned int PCRSel[256]; -+ unsigned int PCRSelLength; -+ const unsigned char* nonce; -+ unsigned int nonceLen; -+ unsigned char* rgbData; -+ unsigned int ulValidationDataLength; -+ unsigned char* rgbValidationData; -+}; -+ -+struct nvram_request -+{ -+ unsigned int index; -+ unsigned int length; - }; - - #define TPM_ENGINE_EX_DATA_UNINIT -1 diff --git a/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c b/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c deleted file mode 100644 index 754885dde0e0..000000000000 --- a/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c +++ /dev/null @@ -1,18 +0,0 @@ ---- src/e_tpm_err.c.orig 2017-12-18 15:45:34 UTC -+++ src/e_tpm_err.c -@@ -234,6 +234,7 @@ static ERR_STRING_DATA TPM_str_functs[] = { - {ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"}, - {ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"}, - {ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"}, -+ {ERR_PACK(0, TPM_F_TPM_BIO_FROM_NVRAM, 0), "TPM_BIO_FROM_NVRAM"}, - {0, NULL} - }; - -@@ -264,6 +265,7 @@ static ERR_STRING_DATA TPM_str_reasons[] = { - {TPM_R_FILE_READ_FAILED, "failed reading the key file"}, - {TPM_R_ID_INVALID, "engine id doesn't match"}, - {TPM_R_UI_METHOD_FAILED, "ui function failed"}, -+ {TPM_R_NVRAM_FAILED, "nvram failure"}, - {0, NULL} - }; - diff --git a/security/openssl_tpm_engine/files/pkg-message.in b/security/openssl_tpm_engine/files/pkg-message.in deleted file mode 100644 index 991b707e091f..000000000000 --- a/security/openssl_tpm_engine/files/pkg-message.in +++ /dev/null @@ -1,17 +0,0 @@ -[ -{ type: install - message: <