commit: 22da0bdd0547668548cd1c0ef73f95d538a6356c Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Sat Apr 15 00:48:24 2023 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Sat Apr 15 00:48:24 2023 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=22da0bdd
app-crypt/tpm2-tss: Fix tests Disables two tests that create certificates which doesn't currently work with libressl. Uptream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2585 Signed-off-by: orbea <orbea <AT> riseup.net> .../tpm2-tss-4.0.0-libressl-no-cert-tests.patch | 90 ++++++++++++++++++++++ app-crypt/tpm2-tss/tpm2-tss-4.0.0.ebuild | 1 + app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild | 1 + 3 files changed, 92 insertions(+) diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-libressl-no-cert-tests.patch b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-libressl-no-cert-tests.patch new file mode 100644 index 0000000..d402822 --- /dev/null +++ b/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-libressl-no-cert-tests.patch @@ -0,0 +1,90 @@ +Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2585 + +From 59d5382e94a2ace2292cb0add68c5e94cf1c071c Mon Sep 17 00:00:00 2001 +From: Juergen Repp <[email protected]> +Date: Wed, 22 Mar 2023 10:54:59 +0100 +Subject: [PATCH] FAPI: Skip test fapi-fix-provisioning-with template if no + certificate is available. + +If the configure option --enable-self-generated-certificate is not used this +test can't be executed because no certificate will be stored in NV ram. The +test will be skipped if no certificate is available. +Fixes: #2558 + +Signed-off-by: Juergen Repp <[email protected]> +--- + .../fapi-provisioning-with-template.int.c | 40 ++++++++++++++++++- + 1 file changed, 39 insertions(+), 1 deletion(-) + +diff --git a/test/integration/fapi-provisioning-with-template.int.c b/test/integration/fapi-provisioning-with-template.int.c +index 27f8e579d..ddef2a8e1 100644 +--- a/test/integration/fapi-provisioning-with-template.int.c ++++ b/test/integration/fapi-provisioning-with-template.int.c +@@ -4,6 +4,8 @@ + #endif + + #include <stdlib.h> ++#include <stdio.h> ++#include <unistd.h> + + #include "tss2_esys.h" + #include "tss2_fapi.h" +@@ -31,6 +33,39 @@ + * @retval EXIT_SKIP + * + */ ++static bool ++fapi_ek_certless() ++{ ++ FILE *stream = NULL; ++ long config_size; ++ char *config = NULL; ++ char *fapi_config_file = getenv("TSS2_FAPICONF"); ++ ++ stream = fopen(fapi_config_file, "r"); ++ if (!stream) { ++ LOG_ERROR("File %s does not exist", fapi_config_file); ++ return NULL; ++ } ++ fseek(stream, 0L, SEEK_END); ++ config_size = ftell(stream); ++ fclose(stream); ++ config = malloc(config_size + 1); ++ stream = fopen(fapi_config_file, "r"); ++ ssize_t ret = read(fileno(stream), config, config_size); ++ if (ret != config_size) { ++ LOG_ERROR("IO error %s.", fapi_config_file); ++ return NULL; ++ } ++ config[config_size] = '\0'; ++ if (strstr(config, "\"ek_cert_less\": \"yes\"") == NULL) { ++ SAFE_FREE(config); ++ return false; ++ } else { ++ SAFE_FREE(config); ++ return true; ++ } ++} ++ + int + test_fapi_provision_template(FAPI_CONTEXT *context) + { +@@ -148,6 +183,9 @@ test_fapi_provision_template(FAPI_CONTEXT *context) + TPM2B_AUTH auth = { .size = 0, .buffer = {} }; + TPM2B_MAX_NV_BUFFER nv_data; + ++ if (fapi_ek_certless()) ++ return EXIT_SKIP; ++ + if (strcmp(FAPI_PROFILE, "P_ECC") == 0) { + nv_template_idx = ecc_nv_template_idx; + nv_nonce_idx = ecc_nv_nonce_idx; +@@ -166,7 +204,7 @@ test_fapi_provision_template(FAPI_CONTEXT *context) + r = Esys_Initialize(&esys_ctx, tcti, NULL); + goto_if_error(r, "Error Esys_Initialize", error); + +- /* ++ /* + * Store template (marshaled TPMT_PUBLIC) in NV ram. + */ + r = Tss2_MU_TPMT_PUBLIC_Marshal(&in_public, &nv_data.buffer[0], diff --git a/app-crypt/tpm2-tss/tpm2-tss-4.0.0.ebuild b/app-crypt/tpm2-tss/tpm2-tss-4.0.0.ebuild index a3e6f01..375dce6 100644 --- a/app-crypt/tpm2-tss/tpm2-tss-4.0.0.ebuild +++ b/app-crypt/tpm2-tss/tpm2-tss-4.0.0.ebuild @@ -38,6 +38,7 @@ BDEPEND="sys-apps/acl PATCHES=( "${FILESDIR}/${PN}-3.2.0-libressl.patch" + "${FILESDIR}/${PN}-4.0.0-libressl-no-cert-tests.patch" "${FILESDIR}/${PN}-4.0.0-Dont-install-files-into-run.patch" ) diff --git a/app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild b/app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild index 4cf21aa..664e42c 100644 --- a/app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild +++ b/app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild @@ -39,6 +39,7 @@ BDEPEND="sys-apps/acl PATCHES=( "${FILESDIR}/${PN}-3.2.0-libressl.patch" + "${FILESDIR}/${PN}-4.0.0-libressl-no-cert-tests.patch" "${FILESDIR}/${PN}-4.0.0-Dont-install-files-into-run.patch" )
