Upgrade to 1.10.2 and remove trousers dependency

Also added second patch to remove call to EVP_PKEY_set_alias_type
for SSL3 compliance.

Resolves: rhbz#1922002
Resolves: rhbz#1870520
Resolves: rhbz#1927374
Signed-off-by: Tony Camuso <tcamuso@redhat.com>
This commit is contained in:
Tony Camuso 2021-06-21 12:55:34 -04:00
parent dce2b25ea1
commit 57f0c72c75
6 changed files with 120 additions and 52 deletions

5
.gitignore vendored
View File

@ -1 +1,4 @@
/tboot-1.9.*.tar.gz *.swp
.*
tboot*/
/tboot-*.tar.gz

View File

@ -0,0 +1,30 @@
From fb1b10586f293a39523cec835a8d2f102375bd0d Mon Sep 17 00:00:00 2001
From: Tony Camuso <tcamuso@redhat.com>
Date: Wed, 2 Jun 2021 06:57:41 -0400
Subject: [PATCH] Add -Wno-error=deprecated-declarations to Config.mk
For SSL3 build compatability. In the future, the code needs to be
made SSL3 compatable.
Signed-off-by: Tony Camuso <tcamuso@redhat.com>
---
Config.mk | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Config.mk b/Config.mk
index ba997b0..764e725 100644
--- a/Config.mk
+++ b/Config.mk
@@ -43,7 +43,8 @@ CFLAGS_WARN = -Wall -Wformat-security -Werror -Wstrict-prototypes \
-Wextra -Winit-self -Wswitch-default -Wunused-parameter \
-Wwrite-strings \
$(call cc-option,$(CC),-Wlogical-op,) \
- -Wno-missing-field-initializers -Wno-address-of-packed-member
+ -Wno-missing-field-initializers -Wno-address-of-packed-member \
+ -Wno-deprecated-declarations
AS ?= as
LD ?= ld
--
2.31.1

View File

@ -0,0 +1,63 @@
From 8486ee675c00c2662d261fbbf26cf013ccd118fd Mon Sep 17 00:00:00 2001
From: Tony Camuso <tcamuso@redhat.com>
Date: Wed, 23 Jun 2021 08:01:54 -0400
Subject: [PATCH] lcputils.c: remove call to EVP_PKEY_set_alias_type
This function was previously needed as a workaround for SM2. With
OpenSSL 3.0, this key type is internally recognized so the workaround
is no longer needed.
Signed-off-by: Tony Camuso <tcamuso@redhat.com>
---
lcptools-v2/lcputils.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/lcptools-v2/lcputils.c b/lcptools-v2/lcputils.c
index 9d4b976..4dbb2fc 100644
--- a/lcptools-v2/lcputils.c
+++ b/lcptools-v2/lcputils.c
@@ -775,6 +775,11 @@ bool verify_ec_signature(sized_buffer *data, sized_buffer *pubkey_x,
result = 0;
goto EXIT;
}
+// SSL3 removed function EVP_PKEY_set_alias_type
+// This function was previously needed as a workaround for SM2.
+// With OpenSSL 3.0, this key type is internally recognized so
+// the workaround is no longer needed.
+#if 0
if (sigalg == TPM_ALG_SM2) {
result = EVP_PKEY_set_alias_type(evp_key, EVP_PKEY_SM2);
if (result <= 0) {
@@ -782,6 +787,7 @@ bool verify_ec_signature(sized_buffer *data, sized_buffer *pubkey_x,
goto OPENSSL_ERROR;
}
}
+#endif
pctx = EVP_PKEY_CTX_new(evp_key, NULL);
if (pctx == NULL) {
ERROR("Error: failed to generate key context.\n");
@@ -915,6 +921,11 @@ bool ec_sign_data(sized_buffer *data, sized_buffer *r, sized_buffer *s, uint16_t
goto OPENSSL_ERROR;
}
+// SSL3 removed function EVP_PKEY_set_alias_type
+// This function was previously needed as a workaround for SM2.
+// With OpenSSL 3.0, this key type is internally recognized so
+// the workaround is no longer needed.
+#if 0
if (sigalg == TPM_ALG_SM2) {
result = EVP_PKEY_set_alias_type(evp_key, EVP_PKEY_SM2);
if (result <= 0) {
@@ -922,7 +933,8 @@ bool ec_sign_data(sized_buffer *data, sized_buffer *r, sized_buffer *s, uint16_t
goto OPENSSL_ERROR;
}
}
-
+#endif
+
pctx = EVP_PKEY_CTX_new(evp_key, NULL);
if (pctx == NULL) {
ERROR("Error: failed to allocate pkey context.\n");
--
2.31.1

View File

@ -1,25 +0,0 @@
From 1cf1c3e6af1f43555de7ec89cd1e8bc3ea0aaefe Mon Sep 17 00:00:00 2001
From: Yunying Sun <yunying.sun@intel.com>
Date: Mon, 13 May 2019 17:26:13 +0800
Subject: [PATCH] disable address of packed member warning
---
Config.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Config.mk b/Config.mk
index 6a64d1a..27bce1b 100644
--- a/Config.mk
+++ b/Config.mk
@@ -43,7 +43,7 @@ CFLAGS_WARN = -Wall -Wformat-security -Werror -Wstrict-prototypes \
-Wextra -Winit-self -Wswitch-default -Wunused-parameter \
-Wwrite-strings \
$(call cc-option,$(CC),-Wlogical-op,) \
- -Wno-missing-field-initializers
+ -Wno-missing-field-initializers -Wno-address-of-packed-member -Wno-error=deprecated-declarations
AS = as
LD = ld
--
2.21.0

View File

@ -1 +1 @@
SHA512 (tboot-1.9.11.tar.gz) = 5c2466438ad3ab95ca66fe4d460f4e6b31ccd3c6ac79221b129883df4180fce4878dd07a5f180bb79fae13b59fa90c05aeda7339159d1d950011a59645024b8a SHA512 (tboot-1.10.2.tar.gz) = a906617b733411f0e672bfea28edb65cf7b586e100c3b6af45a8a0a0088fdc103b8c27518f1d6421537653c6b4ed48d78993a2df44188ddeaa5dc536cc272060

View File

@ -1,19 +1,19 @@
Summary: Performs a verified launch using Intel TXT Summary: Performs a verified launch using Intel TXT
Name: tboot Name: tboot
Version: 1.9.11 Version: 1.10.2
Release: 9%{?dist} Release: 1%{?dist}
Epoch: 1 Epoch: 1
License: BSD License: BSD
URL: http://sourceforge.net/projects/tboot/ URL: http://sourceforge.net/projects/tboot/
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Patch0: disable-address-of-packed-member-warning.patch Patch0: 0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch
Patch1: tboot-gcc11.patch Patch1: 0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
BuildRequires: trousers-devel BuildRequires: perl
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: zlib-devel BuildRequires: zlib-devel
ExclusiveArch: %{ix86} x86_64 ExclusiveArch: %{ix86} x86_64
@ -33,40 +33,37 @@ make debug=y %{?_smp_mflags}
%install %install
make debug=y DISTDIR=$RPM_BUILD_ROOT install make debug=y DISTDIR=$RPM_BUILD_ROOT install
%files %files
%doc README COPYING docs/* lcptools/Linux_LCP_Tools_User_Manual.pdf %doc README.md COPYING docs/* lcptools-v2/lcptools.txt
%config %{_sysconfdir}/grub.d/20_linux_tboot %config %{_sysconfdir}/grub.d/20_linux_tboot
%config %{_sysconfdir}/grub.d/20_linux_xen_tboot %config %{_sysconfdir}/grub.d/20_linux_xen_tboot
%{_sbindir}/acminfo %{_sbindir}/txt-acminfo
%{_sbindir}/lcp_readpol
%{_sbindir}/lcp_writepol
%{_sbindir}/lcp2_crtpol %{_sbindir}/lcp2_crtpol
%{_sbindir}/lcp2_crtpolelt %{_sbindir}/lcp2_crtpolelt
%{_sbindir}/lcp2_crtpollist %{_sbindir}/lcp2_crtpollist
%{_sbindir}/lcp2_mlehash %{_sbindir}/lcp2_mlehash
%{_sbindir}/parse_err %{_sbindir}/txt-parse_err
%{_sbindir}/tb_polgen %{_sbindir}/tb_polgen
%{_sbindir}/tpmnv_defindex
%{_sbindir}/tpmnv_getcap
%{_sbindir}/tpmnv_lock
%{_sbindir}/tpmnv_relindex
%{_sbindir}/txt-stat %{_sbindir}/txt-stat
%{_mandir}/man8/acminfo.8.gz %{_mandir}/man8/txt-acminfo.8.gz
%{_mandir}/man8/lcp_crtpconf.8.gz
%{_mandir}/man8/lcp_crtpol.8.gz
%{_mandir}/man8/lcp_crtpol2.8.gz
%{_mandir}/man8/lcp_crtpolelt.8.gz
%{_mandir}/man8/lcp_crtpollist.8.gz
%{_mandir}/man8/lcp_mlehash.8.gz
%{_mandir}/man8/lcp_readpol.8.gz
%{_mandir}/man8/lcp_writepol.8.gz
%{_mandir}/man8/tb_polgen.8.gz %{_mandir}/man8/tb_polgen.8.gz
%{_mandir}/man8/txt-stat.8.gz %{_mandir}/man8/txt-stat.8.gz
%{_mandir}/man8/lcp2_crtpol.8.gz
%{_mandir}/man8/lcp2_crtpolelt.8.gz
%{_mandir}/man8/lcp2_crtpollist.8.gz
%{_mandir}/man8/lcp2_mlehash.8.gz
%{_mandir}/man8/txt-parse_err.8.gz
/boot/tboot.gz /boot/tboot.gz
/boot/tboot-syms /boot/tboot-syms
%changelog %changelog
* Mon Jun 21 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.2-1
Upgrade to latest upstream.
Remove trousers dependency.
Resolves: rhbz#1922002
Resolves: rhbz#1870520
Resolves: rhbz#1927374
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.9.11-9 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.9.11-9
- Rebuilt for RHEL 9 BETA for openssl 3.0 - Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065 Related: rhbz#1971065