Upgrade to 1.10.2 and remove trousers dependency

Also added second patch to remove call to EVP_PKEY_set_alias_type for SSL3 compliance. Resolves: rhbz#1922002 Resolves: rhbz#1870520 Resolves: rhbz#1927374 Signed-off-by: Tony Camuso <tcamuso@redhat.com>
2021-06-21 12:55:34 -04:00 · 2021-06-21 12:55:34 -04:00 · 57f0c72c75
commit 57f0c72c75
parent dce2b25ea1
6 changed files with 120 additions and 52 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,4 @@
-/tboot-1.9.*.tar.gz
+*.swp
+.*
+tboot*/
+/tboot-*.tar.gz
--- a/0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch
+++ b/0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch
@ -0,0 +1,30 @@
+From fb1b10586f293a39523cec835a8d2f102375bd0d Mon Sep 17 00:00:00 2001
+From: Tony Camuso <tcamuso@redhat.com>
+Date: Wed, 2 Jun 2021 06:57:41 -0400
+Subject: [PATCH] Add -Wno-error=deprecated-declarations to Config.mk
+
+For SSL3 build compatability. In the future, the code needs to be
+made SSL3 compatable.
+
+Signed-off-by: Tony Camuso <tcamuso@redhat.com>
+---
+ Config.mk | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/Config.mk b/Config.mk
+index ba997b0..764e725 100644
+--- a/Config.mk
+++ b/Config.mk
+@@ -43,7 +43,8 @@ CFLAGS_WARN       = -Wall -Wformat-security -Werror -Wstrict-prototypes \
+ 	            -Wextra -Winit-self -Wswitch-default -Wunused-parameter \
+ 	            -Wwrite-strings \
+ 	            $(call cc-option,$(CC),-Wlogical-op,) \
+-	            -Wno-missing-field-initializers -Wno-address-of-packed-member
+	            -Wno-missing-field-initializers -Wno-address-of-packed-member \
+	            -Wno-deprecated-declarations
+ 
+ AS         ?= as
+ LD         ?= ld
+-- 
+2.31.1
+
--- a/0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch
+++ b/0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch
@ -0,0 +1,63 @@
+From 8486ee675c00c2662d261fbbf26cf013ccd118fd Mon Sep 17 00:00:00 2001
+From: Tony Camuso <tcamuso@redhat.com>
+Date: Wed, 23 Jun 2021 08:01:54 -0400
+Subject: [PATCH] lcputils.c: remove call to EVP_PKEY_set_alias_type
+
+This function was previously needed as a workaround for SM2. With
+OpenSSL 3.0, this key type is internally recognized so the workaround
+is no longer needed.
+
+Signed-off-by: Tony Camuso <tcamuso@redhat.com>
+---
+ lcptools-v2/lcputils.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/lcptools-v2/lcputils.c b/lcptools-v2/lcputils.c
+index 9d4b976..4dbb2fc 100644
+--- a/lcptools-v2/lcputils.c
+++ b/lcptools-v2/lcputils.c
+@@ -775,6 +775,11 @@ bool verify_ec_signature(sized_buffer *data, sized_buffer *pubkey_x,
+         result = 0;
+         goto EXIT;
+     }
+// SSL3 removed function EVP_PKEY_set_alias_type
+// This function was previously needed as a workaround for SM2.
+// With OpenSSL 3.0, this key type is internally recognized so
+// the workaround is no longer needed.
+#if 0
+     if (sigalg == TPM_ALG_SM2) {
+         result = EVP_PKEY_set_alias_type(evp_key, EVP_PKEY_SM2);
+         if (result <= 0) {
+@@ -782,6 +787,7 @@ bool verify_ec_signature(sized_buffer *data, sized_buffer *pubkey_x,
+             goto OPENSSL_ERROR;
+         }
+     }
+#endif
+     pctx = EVP_PKEY_CTX_new(evp_key, NULL);
+     if (pctx == NULL) {
+         ERROR("Error: failed to generate key context.\n");
+@@ -915,6 +921,11 @@ bool ec_sign_data(sized_buffer *data, sized_buffer *r, sized_buffer *s, uint16_t
+         goto OPENSSL_ERROR;
+     }
+ 
+// SSL3 removed function EVP_PKEY_set_alias_type
+// This function was previously needed as a workaround for SM2.
+// With OpenSSL 3.0, this key type is internally recognized so
+// the workaround is no longer needed.
+#if 0
+     if (sigalg == TPM_ALG_SM2) {
+         result = EVP_PKEY_set_alias_type(evp_key, EVP_PKEY_SM2);
+         if (result <= 0) {
+@@ -922,7 +933,8 @@ bool ec_sign_data(sized_buffer *data, sized_buffer *r, sized_buffer *s, uint16_t
+             goto OPENSSL_ERROR;
+         }
+     }
+-    
+#endif
+
+     pctx = EVP_PKEY_CTX_new(evp_key, NULL);
+     if (pctx == NULL) {
+         ERROR("Error: failed to allocate pkey context.\n");
+-- 
+2.31.1
+
--- a/disable-address-of-packed-member-warning.patch
+++ b/disable-address-of-packed-member-warning.patch
@ -1,25 +0,0 @@
-From 1cf1c3e6af1f43555de7ec89cd1e8bc3ea0aaefe Mon Sep 17 00:00:00 2001
-From: Yunying Sun <yunying.sun@intel.com>
-Date: Mon, 13 May 2019 17:26:13 +0800
-Subject: [PATCH] disable address of packed member warning
-
---
- Config.mk | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Config.mk b/Config.mk
-index 6a64d1a..27bce1b 100644
--- a/Config.mk
-+++ b/Config.mk
-@@ -43,7 +43,7 @@ CFLAGS_WARN       = -Wall -Wformat-security -Werror -Wstrict-prototypes \
- 	            -Wextra -Winit-self -Wswitch-default -Wunused-parameter \
- 	            -Wwrite-strings \
- 	            $(call cc-option,$(CC),-Wlogical-op,) \
-	            -Wno-missing-field-initializers
-+	            -Wno-missing-field-initializers -Wno-address-of-packed-member -Wno-error=deprecated-declarations
- 
- AS         = as
- LD         = ld
-- 
-2.21.0
-
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (tboot-1.9.11.tar.gz) = 5c2466438ad3ab95ca66fe4d460f4e6b31ccd3c6ac79221b129883df4180fce4878dd07a5f180bb79fae13b59fa90c05aeda7339159d1d950011a59645024b8a
+SHA512 (tboot-1.10.2.tar.gz) = a906617b733411f0e672bfea28edb65cf7b586e100c3b6af45a8a0a0088fdc103b8c27518f1d6421537653c6b4ed48d78993a2df44188ddeaa5dc536cc272060
--- a/tboot.spec
+++ b/tboot.spec
@ -1,19 +1,19 @@
 Summary:        Performs a verified launch using Intel TXT
 Name:           tboot
-Version:        1.9.11
-Release:        9%{?dist}
+Version:        1.10.2
+Release:        1%{?dist}
 Epoch:          1

 License:        BSD
 URL:            http://sourceforge.net/projects/tboot/
 Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz

-Patch0:         disable-address-of-packed-member-warning.patch
-Patch1:         tboot-gcc11.patch
+Patch0:         0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch
+Patch1:         0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch

 BuildRequires:  make
 BuildRequires:  gcc
-BuildRequires:  trousers-devel
+BuildRequires:  perl
 BuildRequires:  openssl-devel
 BuildRequires:  zlib-devel
 ExclusiveArch:  %{ix86} x86_64
@ -33,40 +33,37 @@ make debug=y %{?_smp_mflags}
 %install
 make debug=y DISTDIR=$RPM_BUILD_ROOT install

-
 %files
-%doc README COPYING docs/* lcptools/Linux_LCP_Tools_User_Manual.pdf
+%doc README.md COPYING docs/* lcptools-v2/lcptools.txt
 %config %{_sysconfdir}/grub.d/20_linux_tboot
 %config %{_sysconfdir}/grub.d/20_linux_xen_tboot
-%{_sbindir}/acminfo
-%{_sbindir}/lcp_readpol
-%{_sbindir}/lcp_writepol
+%{_sbindir}/txt-acminfo
 %{_sbindir}/lcp2_crtpol
 %{_sbindir}/lcp2_crtpolelt
 %{_sbindir}/lcp2_crtpollist
 %{_sbindir}/lcp2_mlehash
-%{_sbindir}/parse_err
+%{_sbindir}/txt-parse_err
 %{_sbindir}/tb_polgen
-%{_sbindir}/tpmnv_defindex
-%{_sbindir}/tpmnv_getcap
-%{_sbindir}/tpmnv_lock
-%{_sbindir}/tpmnv_relindex
 %{_sbindir}/txt-stat
-%{_mandir}/man8/acminfo.8.gz
-%{_mandir}/man8/lcp_crtpconf.8.gz
-%{_mandir}/man8/lcp_crtpol.8.gz
-%{_mandir}/man8/lcp_crtpol2.8.gz
-%{_mandir}/man8/lcp_crtpolelt.8.gz
-%{_mandir}/man8/lcp_crtpollist.8.gz
-%{_mandir}/man8/lcp_mlehash.8.gz
-%{_mandir}/man8/lcp_readpol.8.gz
-%{_mandir}/man8/lcp_writepol.8.gz
+%{_mandir}/man8/txt-acminfo.8.gz
 %{_mandir}/man8/tb_polgen.8.gz
 %{_mandir}/man8/txt-stat.8.gz
+%{_mandir}/man8/lcp2_crtpol.8.gz
+%{_mandir}/man8/lcp2_crtpolelt.8.gz
+%{_mandir}/man8/lcp2_crtpollist.8.gz
+%{_mandir}/man8/lcp2_mlehash.8.gz
+%{_mandir}/man8/txt-parse_err.8.gz
 /boot/tboot.gz
 /boot/tboot-syms

 %changelog
+* Mon Jun 21 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.2-1
+  Upgrade to latest upstream.
+  Remove trousers dependency.
+  Resolves: rhbz#1922002
+  Resolves: rhbz#1870520
+  Resolves: rhbz#1927374
+
 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.9.11-9
 - Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065