diff options
Diffstat (limited to 'meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0002-ossl-require-version-1.1.0-or-greater.patch')
-rw-r--r-- | meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0002-ossl-require-version-1.1.0-or-greater.patch | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0002-ossl-require-version-1.1.0-or-greater.patch b/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0002-ossl-require-version-1.1.0-or-greater.patch new file mode 100644 index 0000000..ef0a6dc --- /dev/null +++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0002-ossl-require-version-1.1.0-or-greater.patch @@ -0,0 +1,93 @@ +From d33e5ef0b11125fe4683d7bfa17023e24997f587 Mon Sep 17 00:00:00 2001 +From: William Roberts <william.c.roberts@intel.com> +Date: Fri, 3 Sep 2021 11:30:50 -0500 +Subject: [PATCH 2/2] ossl: require version 1.1.0 or greater + +THIS DROPS SUPPORT FOR OSSL 1.0.2. + +Signed-off-by: William Roberts <william.c.roberts@intel.com> + +Upstream-Status: Backport +Signed-off-by: Armin Kuster <akuster808@gmail.com> +--- + configure.ac | 2 +- + src/lib/ssl_util.h | 43 +++++-------------------------------------- + 2 files changed, 6 insertions(+), 39 deletions(-) + +diff --git a/configure.ac b/configure.ac +index a7aeaf5..94fb5d4 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -55,7 +55,7 @@ PKG_CHECK_EXISTS([tss2-esys >= 3.0], + # require sqlite3 and libcrypto + PKG_CHECK_MODULES([SQLITE3], [sqlite3]) + PKG_CHECK_MODULES([YAML], [yaml-0.1]) +-PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.0.2g]) ++PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.1.0]) + + # check for pthread + AX_PTHREAD([],[AC_MSG_ERROR([Cannot find pthread])]) +diff --git a/src/lib/ssl_util.h b/src/lib/ssl_util.h +index 9909fd6..2591728 100644 +--- a/src/lib/ssl_util.h ++++ b/src/lib/ssl_util.h +@@ -15,51 +15,18 @@ + #include "log.h" + #include "twist.h" + +-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) /* OpenSSL 1.1.0 */ +-#define LIB_TPM2_OPENSSL_OPENSSL_PRE11 +-/* LibreSSL does not appear to have evperr.h, so their is no need to define this otherwise */ +-#elif (OPENSSL_VERSION_NUMBER >= 0x1010100fL) /* OpenSSL 1.1.1 */ ++#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL) /* OpenSSL 1.1.1 */ + #define LIB_TPM2_OPENSSL_OPENSSL_POST111 0x1010100f + #endif + +-#if (OPENSSL_VERSION_NUMBER >= 0x30000000) /* OpenSSL 3.0.0 */ +-#define LIB_TPM2_OPENSSL_OPENSSL_POST300 0x1010100f ++#if defined(LIB_TPM2_OPENSSL_OPENSSL_POST111) ++#include <openssl/evperr.h> + #endif + +-/* OpenSSL Backwards Compat APIs */ +-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) +-#include <string.h> +-size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, +- point_conversion_form_t form, +- unsigned char **pbuf, BN_CTX *ctx); +- +-const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); +- +-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +- +-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); +- +-EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +- +-static inline void *OPENSSL_memdup(const void *dup, size_t l) { +- +- void *p = OPENSSL_malloc(l); +- if (!p) { +- return NULL; +- } +- +- memcpy(p, dup, l); +- return p; +-} +- +-#endif +- +-#ifndef RSA_PSS_SALTLEN_DIGEST +-#define RSA_PSS_SALTLEN_DIGEST -1 ++#if (OPENSSL_VERSION_NUMBER >= 0x30000000) /* OpenSSL 3.0.0 */ ++#define LIB_TPM2_OPENSSL_OPENSSL_POST300 0x1010100f + #endif + +-/* Utility APIs */ +- + #define SSL_UTIL_LOGE(m) LOGE("%s: %s", m, ERR_error_string(ERR_get_error(), NULL)); + + CK_RV ssl_util_attrs_to_evp(attr_list *attrs, EVP_PKEY **outpkey); +-- +2.25.1 + |