diff options
Diffstat (limited to 'meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-Drop-support-for-OpenSSL-1.1.0.patch')
-rw-r--r-- | meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-Drop-support-for-OpenSSL-1.1.0.patch | 252 |
1 files changed, 252 insertions, 0 deletions
diff --git a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-Drop-support-for-OpenSSL-1.1.0.patch b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-Drop-support-for-OpenSSL-1.1.0.patch new file mode 100644 index 0000000..e1ce4c5 --- /dev/null +++ b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-Drop-support-for-OpenSSL-1.1.0.patch | |||
@@ -0,0 +1,252 @@ | |||
1 | From a53f01711b840ba6ab2f127ea4f0512e60a56728 Mon Sep 17 00:00:00 2001 | ||
2 | From: Petr Gotthard <petr.gotthard@centrum.cz> | ||
3 | Date: Sun, 18 Jul 2021 20:21:01 +0200 | ||
4 | Subject: [PATCH] Drop support for OpenSSL < 1.1.0 | ||
5 | |||
6 | Delete code written to support OpenSSL < 1.1.0 | ||
7 | |||
8 | Delete functions that have no effect in OpenSSL >= 1.1.0 | ||
9 | - ENGINE_load_builtin_engines() | ||
10 | - OpenSSL_add_all_algorithms() | ||
11 | - ERR_load_crypto_strings() | ||
12 | - EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE) | ||
13 | |||
14 | Switch AppVeyor to use pre-built OpenSSL 1.1.0 | ||
15 | |||
16 | Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz> | ||
17 | |||
18 | Upstream-Status: Backport | ||
19 | [https://github.com/tpm2-software/tpm2-tss/commit/73d25d6834ad362f9a9a907cb78452deaa336ec0] | ||
20 | |||
21 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
22 | --- | ||
23 | src/tss2-esys/esys_crypto_ossl.c | 19 ---------------- | ||
24 | src/tss2-fapi/fapi_crypto.c | 37 -------------------------------- | ||
25 | test/helper/tpm_getek.c | 11 ---------- | ||
26 | test/helper/tpm_getek_ecc.c | 9 -------- | ||
27 | 4 files changed, 76 deletions(-) | ||
28 | |||
29 | diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c | ||
30 | index 2746856..12dc6d9 100644 | ||
31 | --- a/src/tss2-esys/esys_crypto_ossl.c | ||
32 | +++ b/src/tss2-esys/esys_crypto_ossl.c | ||
33 | @@ -525,11 +525,7 @@ iesys_cryptossl_random2b(TPM2B_NONCE * nonce, size_t num_bytes) | ||
34 | nonce->size = num_bytes; | ||
35 | } | ||
36 | |||
37 | -#if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||
38 | RAND_set_rand_method(RAND_OpenSSL()); | ||
39 | -#else | ||
40 | - RAND_set_rand_method(RAND_SSLeay()); | ||
41 | -#endif | ||
42 | if (1 != RAND_bytes(&nonce->buffer[0], nonce->size)) { | ||
43 | RAND_set_rand_method(rand_save); | ||
44 | return_error(TSS2_ESYS_RC_GENERAL_FAILURE, | ||
45 | @@ -563,11 +559,7 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key, | ||
46 | size_t * out_size, const char *label) | ||
47 | { | ||
48 | const RAND_METHOD *rand_save = RAND_get_rand_method(); | ||
49 | -#if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||
50 | RAND_set_rand_method(RAND_OpenSSL()); | ||
51 | -#else | ||
52 | - RAND_set_rand_method(RAND_SSLeay()); | ||
53 | -#endif | ||
54 | |||
55 | TSS2_RC r = TSS2_RC_SUCCESS; | ||
56 | const EVP_MD * hashAlg = NULL; | ||
57 | @@ -630,14 +622,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key, | ||
58 | goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, | ||
59 | "Could not create evp key.", cleanup); | ||
60 | } | ||
61 | -#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
62 | - if (!BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer, | ||
63 | - pub_tpm_key->publicArea.unique.rsa.size, | ||
64 | - rsa_key->n)) { | ||
65 | - goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, | ||
66 | - "Could not create rsa n.", cleanup); | ||
67 | - } | ||
68 | -#else | ||
69 | BIGNUM *n = NULL; | ||
70 | if (!(n = BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer, | ||
71 | pub_tpm_key->publicArea.unique.rsa.size, | ||
72 | @@ -650,7 +634,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key, | ||
73 | goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, | ||
74 | "Could not set rsa n.", cleanup); | ||
75 | } | ||
76 | -#endif | ||
77 | |||
78 | if (1 != EVP_PKEY_set1_RSA(evp_rsa_key, rsa_key)) { | ||
79 | goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, | ||
80 | @@ -1129,7 +1112,5 @@ iesys_cryptossl_sym_aes_decrypt(uint8_t * key, | ||
81 | */ | ||
82 | TSS2_RC | ||
83 | iesys_cryptossl_init() { | ||
84 | - ENGINE_load_builtin_engines(); | ||
85 | - OpenSSL_add_all_algorithms(); | ||
86 | return TSS2_RC_SUCCESS; | ||
87 | } | ||
88 | diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c | ||
89 | index ea68197..5e8fbc8 100644 | ||
90 | --- a/src/tss2-fapi/fapi_crypto.c | ||
91 | +++ b/src/tss2-fapi/fapi_crypto.c | ||
92 | @@ -333,12 +333,7 @@ ifapi_tpm_ecc_sig_to_der( | ||
93 | tpmSignature->signature.ecdsa.signatureR.size, NULL); | ||
94 | goto_if_null(bnr, "Out of memory", TSS2_FAPI_RC_MEMORY, cleanup); | ||
95 | |||
96 | -#if OPENSSL_VERSION_NUMBER < 0x10100000 | ||
97 | - ecdsaSignature->s = bns; | ||
98 | - ecdsaSignature->r = bnr; | ||
99 | -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
100 | ECDSA_SIG_set0(ecdsaSignature, bnr, bns); | ||
101 | -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
102 | |||
103 | osslRC = i2d_ECDSA_SIG(ecdsaSignature, NULL); | ||
104 | if (osslRC == -1) { | ||
105 | @@ -424,20 +419,9 @@ ossl_rsa_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey) | ||
106 | "Could not set exponent.", error_cleanup); | ||
107 | } | ||
108 | |||
109 | -#if OPENSSL_VERSION_NUMBER < 0x10100000 | ||
110 | - rsa->e = e; | ||
111 | - rsa->n = n; | ||
112 | - rsa->d = d; | ||
113 | - rsa->p = p; | ||
114 | - rsa->q = q; | ||
115 | - rsa->dmp1 = dmp1; | ||
116 | - rsa->dmq1 = dmq1; | ||
117 | - rsa->iqmp = iqmp; | ||
118 | -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
119 | RSA_set0_key(rsa, n, e, d); | ||
120 | RSA_set0_factors(rsa, p, q); | ||
121 | RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); | ||
122 | -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
123 | |||
124 | /* Assign the parameters to the key */ | ||
125 | if (!EVP_PKEY_assign_RSA(evpPublicKey, rsa)) { | ||
126 | @@ -541,8 +525,6 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey) | ||
127 | goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "Assign ecc key", | ||
128 | error_cleanup); | ||
129 | } | ||
130 | - /* Needed for older OSSL versions. */ | ||
131 | - EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE); | ||
132 | OSSL_FREE(y, BN); | ||
133 | OSSL_FREE(x, BN); | ||
134 | return TSS2_RC_SUCCESS; | ||
135 | @@ -654,24 +636,14 @@ ifapi_ecc_der_sig_to_tpm( | ||
136 | |||
137 | /* Initialize the ECDSA signature components */ | ||
138 | ECDSA_SIG *ecdsaSignature = NULL; | ||
139 | -#if OPENSSL_VERSION_NUMBER < 0x10100000 | ||
140 | - BIGNUM *bnr; | ||
141 | - BIGNUM *bns; | ||
142 | -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
143 | const BIGNUM *bnr; | ||
144 | const BIGNUM *bns; | ||
145 | -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
146 | |||
147 | d2i_ECDSA_SIG(&ecdsaSignature, &signature, signatureSize); | ||
148 | return_if_null(ecdsaSignature, "Invalid DER signature", | ||
149 | TSS2_FAPI_RC_GENERAL_FAILURE); | ||
150 | |||
151 | -#if OPENSSL_VERSION_NUMBER < 0x10100000 | ||
152 | - bns = ecdsaSignature->s; | ||
153 | - bnr = ecdsaSignature->r; | ||
154 | -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
155 | ECDSA_SIG_get0(ecdsaSignature, &bnr, &bns); | ||
156 | -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
157 | |||
158 | /* Writing them to the TPM format signature */ | ||
159 | tpmSignature->signature.ecdsa.hash = hashAlgorithm; | ||
160 | @@ -933,12 +905,7 @@ get_rsa_tpm2b_public_from_evp( | ||
161 | const BIGNUM *e = NULL, *n = NULL; | ||
162 | int rsaKeySize = RSA_size(rsaKey); | ||
163 | |||
164 | -#if OPENSSL_VERSION_NUMBER < 0x10100000 | ||
165 | - e = rsaKey->e; | ||
166 | - n = rsaKey->n; | ||
167 | -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
168 | RSA_get0_key(rsaKey, &n, &e, NULL); | ||
169 | -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
170 | tpmPublic->publicArea.unique.rsa.size = rsaKeySize; | ||
171 | if (1 != ifapi_bn2binpad(n, &tpmPublic->publicArea.unique.rsa.buffer[0], | ||
172 | rsaKeySize)) { | ||
173 | @@ -1650,8 +1617,6 @@ get_crl_from_cert(X509 *cert, X509_CRL **crl) | ||
174 | goto_error(r, TSS2_FAPI_RC_NO_CERT, "Get crl.", cleanup); | ||
175 | } | ||
176 | |||
177 | - OpenSSL_add_all_algorithms(); | ||
178 | - | ||
179 | unsigned const char* tmp_ptr1 = crl_buffer; | ||
180 | unsigned const char** tmp_ptr2 = &tmp_ptr1; | ||
181 | |||
182 | @@ -1935,7 +1900,6 @@ ifapi_verify_ek_cert( | ||
183 | r, TSS2_FAPI_RC_BAD_VALUE, cleanup); | ||
184 | } else { | ||
185 | /* Get uri for ek intermediate certificate. */ | ||
186 | - OpenSSL_add_all_algorithms(); | ||
187 | info = X509_get_ext_d2i(ek_cert, NID_info_access, NULL, NULL); | ||
188 | |||
189 | for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) { | ||
190 | @@ -1955,7 +1919,6 @@ ifapi_verify_ek_cert( | ||
191 | goto_if_null2(cert_buffer, "No certificate downloaded", r, | ||
192 | TSS2_FAPI_RC_NO_CERT, cleanup); | ||
193 | |||
194 | - OpenSSL_add_all_algorithms(); | ||
195 | intermed_cert = get_cert_from_buffer(cert_buffer, cert_buffer_size); | ||
196 | |||
197 | SAFE_FREE(cert_buffer); | ||
198 | diff --git a/test/helper/tpm_getek.c b/test/helper/tpm_getek.c | ||
199 | index 02d88b0..3cd7b9f 100644 | ||
200 | --- a/test/helper/tpm_getek.c | ||
201 | +++ b/test/helper/tpm_getek.c | ||
202 | @@ -134,20 +134,9 @@ main (int argc, char *argv[]) | ||
203 | exp = out_public.publicArea.parameters.rsaDetail.exponent; | ||
204 | BN_set_word(e, exp); | ||
205 | |||
206 | -#if OPENSSL_VERSION_NUMBER < 0x10100000 | ||
207 | - rsa->e = e; | ||
208 | - rsa->n = n; | ||
209 | - rsa->d = d; | ||
210 | - rsa->p = p; | ||
211 | - rsa->q = q; | ||
212 | - rsa->dmp1 = dmp1; | ||
213 | - rsa->dmq1 = dmq1; | ||
214 | - rsa->iqmp = iqmp; | ||
215 | -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
216 | RSA_set0_key(rsa, n, e, d); | ||
217 | RSA_set0_factors(rsa, p, q); | ||
218 | RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); | ||
219 | -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ | ||
220 | |||
221 | EVP_PKEY_assign_RSA(evp, rsa); | ||
222 | |||
223 | diff --git a/test/helper/tpm_getek_ecc.c b/test/helper/tpm_getek_ecc.c | ||
224 | index e7f3dec..e389f18 100644 | ||
225 | --- a/test/helper/tpm_getek_ecc.c | ||
226 | +++ b/test/helper/tpm_getek_ecc.c | ||
227 | @@ -128,14 +128,6 @@ main (int argc, char *argv[]) | ||
228 | /* Convert the key from out_public to PEM */ | ||
229 | |||
230 | EVP_PKEY *evp = EVP_PKEY_new(); | ||
231 | - | ||
232 | - OpenSSL_add_all_algorithms(); | ||
233 | - | ||
234 | - OpenSSL_add_all_algorithms(); | ||
235 | - | ||
236 | - ERR_load_crypto_strings(); | ||
237 | - | ||
238 | - | ||
239 | EC_KEY *ecc_key = EC_KEY_new(); | ||
240 | BIGNUM *x = NULL, *y = NULL; | ||
241 | BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE); | ||
242 | @@ -147,7 +139,6 @@ main (int argc, char *argv[]) | ||
243 | if (!EC_KEY_set_group(ecc_key, ecgroup)) | ||
244 | exit(1); | ||
245 | |||
246 | - EC_KEY_set_asn1_flag(ecc_key, OPENSSL_EC_NAMED_CURVE); | ||
247 | EC_GROUP_free(ecgroup); | ||
248 | |||
249 | /* Set the ECC parameters in the OpenSSL key */ | ||
250 | -- | ||
251 | 2.17.1 | ||
252 | |||