[gentoo-commits] repo/proj/libressl:master commit in: app-crypt/tpm2-tss/files/, app-crypt/tpm2-tss/

orbea Thu, 13 Apr 2023 18:16:31 -0700

commit:     65f4a4e760d392a809b42270ad4c08b9866643fb
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Fri Apr 14 00:34:41 2023 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Fri Apr 14 00:36:56 2023 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=65f4a4e7


app-crypt/tpm2-tss: update patch + workaround test failure

Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380
Signed-off-by: orbea <orbea <AT> riseup.net>

 .../tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch   | 29 +++++++++++++---------
 app-crypt/tpm2-tss/tpm2-tss-3.2.0-r4.ebuild        |  5 +++-
 2 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch 
b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch
index 211424c..7a8f267 100644
--- a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch
+++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch
@@ -1,32 +1,37 @@
 Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380
 
-From bf6831c474334cbb923de0193d7431ad7805f484 Mon Sep 17 00:00:00 2001
 From: orbea <[email protected]>
-Date: Mon, 4 Jul 2022 23:55:18 -0700
+Date: Thu, 13 Apr 2023 17:11:07 -0700
 Subject: [PATCH] Support LibreSSL
 
 This works with LibreSSL 3.5.x.
 
+Still missing in LibreSSL:
+
+* RAND_OpenSSL
+* NID_sm2
+
 Signed-off-by: orbea <[email protected]>
 ---
- src/tss2-esys/esys_crypto_ossl.c | 13 ++++++++++---
+ src/tss2-esys/esys_crypto_ossl.c | 14 +++++++++++---
  src/tss2-fapi/fapi_crypto.c      |  4 ++--
- 2 files changed, 12 insertions(+), 5 deletions(-)
+ 2 files changed, 13 insertions(+), 5 deletions(-)
 
 diff --git a/src/tss2-esys/esys_crypto_ossl.c 
b/src/tss2-esys/esys_crypto_ossl.c
-index 89d312f70..961d7707f 100644
+index a92ecc46..2baae814 100644
 --- a/src/tss2-esys/esys_crypto_ossl.c
 +++ b/src/tss2-esys/esys_crypto_ossl.c
-@@ -392,7 +392,7 @@ iesys_cryptossl_hmac_start(ESYS_CRYPTO_CONTEXT_BLOB ** 
context,
+@@ -392,7 +392,8 @@ iesys_cryptossl_hmac_start(ESYS_CRYPTO_CONTEXT_BLOB ** 
context,
                     "Error EVP_MD_CTX_create", cleanup);
      }
  
 -#if OPENSSL_VERSION_NUMBER < 0x10101000L
-+#if OPENSSL_VERSION_NUMBER < 0x10101000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10101000L || \
++    ( defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 
0x3070000fL )
      if (!(hkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, size))) {
  #else
      /* this is preferred, but available since OpenSSL 1.1.1 only */
-@@ -558,7 +558,11 @@ iesys_cryptossl_random2b(
+@@ -558,7 +559,11 @@ iesys_cryptossl_random2b(
      int rc;
  #if OPENSSL_VERSION_NUMBER < 0x30000000L
      const RAND_METHOD *rand_save = RAND_get_rand_method();
@@ -38,7 +43,7 @@ index 89d312f70..961d7707f 100644
  #else
      OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
      if (!libctx)
-@@ -615,8 +619,11 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
+@@ -615,8 +620,11 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
      RSA *rsa_key = NULL;
      const EVP_MD * hashAlg = NULL;
      const RAND_METHOD *rand_save = RAND_get_rand_method();
@@ -51,7 +56,7 @@ index 89d312f70..961d7707f 100644
  #else
      OSSL_LIB_CTX *libctx = NULL;
      EVP_MD * hashAlg = NULL;
-@@ -919,7 +926,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,
+@@ -919,7 +927,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,
          curveId = NID_secp521r1;
          key_size = 66;
          break;
@@ -61,7 +66,7 @@ index 89d312f70..961d7707f 100644
          curveId = NID_sm2;
          key_size = 32;
 diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c
-index 2fe37c0c4..c1563237a 100644
+index 3f11b3d6..0d03c5b1 100644
 --- a/src/tss2-fapi/fapi_crypto.c
 +++ b/src/tss2-fapi/fapi_crypto.c
 @@ -544,7 +544,7 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, 
EVP_PKEY **evpPublicKey)
@@ -73,7 +78,7 @@ index 2fe37c0c4..c1563237a 100644
      case TPM2_ECC_SM2_P256:
          curveId = NID_sm2;
          break;
-@@ -1155,7 +1155,7 @@ get_ecc_tpm2b_public_from_evp(
+@@ -1195,7 +1195,7 @@ get_ecc_tpm2b_public_from_evp(
      case NID_secp521r1:
          tpmCurveId = TPM2_ECC_NIST_P521;
          break;

diff --git a/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r4.ebuild 
b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r4.ebuild
index 3d2a488..1064e7f 100644
--- a/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r4.ebuild
+++ b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r4.ebuild
@@ -65,6 +65,10 @@ multilib_src_configure() {
        # tests fail with LTO enabbled. See bug 865275 and 865279
        filter-lto
 
+       # Disable for libressl for now
+       # https://github.com/tpm2-software/tpm2-tss/pull/2380
+       # $(multilib_native_use_enable test self-generated-certificate) \
+
        ECONF_SOURCE=${S} econf \
                --localstatedir=/var \
                $(multilib_native_use_enable doc doxygen-doc) \
@@ -72,7 +76,6 @@ multilib_src_configure() {
                $(use_enable static-libs static) \
                $(multilib_native_use_enable test unit) \
                $(multilib_native_use_enable test integration) \
-               $(multilib_native_use_enable test self-generated-certificate) \
                --disable-tcti-libtpms \
                --disable-defaultflags \
                --disable-weakcrypto \

[gentoo-commits] repo/proj/libressl:master commit in: app-crypt/tpm2-tss/files/, app-crypt/tpm2-tss/

Reply via email to