From 835e95e5389ded68cec3be53103c4e1521e4a28f Mon Sep 17 00:00:00 2001
From: Yunying Sun <yunying.sun@intel.com>
Date: Tue, 15 Aug 2017 15:00:16 +0800
Subject: [PATCH] Add patch to fix build error with openssl-devel 1.1x

---
 .gitignore                              |  1 +
 allow-to-build-with-openssl-1.1.x.patch | 87 +++++++++++++++++++++++++
 sources                                 |  3 +-
 tpm2-tools.spec                         |  7 +-
 4 files changed, 95 insertions(+), 3 deletions(-)
 create mode 100644 allow-to-build-with-openssl-1.1.x.patch

diff --git a/.gitignore b/.gitignore
index f0a8877..737946d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /tpm2.0-tools-2.1.0.tar.gz
 /gcc7-implict-fallthrough-fix.patch
+/allow-to-build-with-openssl-1.1.x.patch
diff --git a/allow-to-build-with-openssl-1.1.x.patch b/allow-to-build-with-openssl-1.1.x.patch
new file mode 100644
index 0000000..d1ddf92
--- /dev/null
+++ b/allow-to-build-with-openssl-1.1.x.patch
@@ -0,0 +1,87 @@
+diff -ruN tpm2.0-tools-2.1.0-orig/lib/tpm_kdfa.c tpm2.0-tools-2.1.0/lib/tpm_kdfa.c
+--- tpm2.0-tools-2.1.0-orig/lib/tpm_kdfa.c	2017-07-25 01:50:33.000000000 +0800
++++ tpm2.0-tools-2.1.0/lib/tpm_kdfa.c	2017-08-15 10:48:23.063493627 +0800
+@@ -51,6 +51,34 @@
+     /* no return, not possible */
+ }
+ 
++static HMAC_CTX *hmac_alloc()
++{
++    HMAC_CTX *ctx;
++#if OPENSSL_VERSION_NUMBER < 0x1010000fL /* OpenSSL 1.1.0 */
++    ctx = malloc(sizeof(*ctx));
++#else
++    ctx = HMAC_CTX_new();
++#endif
++    if (!ctx)
++        return NULL;
++
++#if OPENSSL_VERSION_NUMBER < 0x1010000fL
++    HMAC_CTX_init(ctx);
++#endif
++
++    return ctx;
++}
++
++static void hmac_del(HMAC_CTX *ctx)
++{
++#if OPENSSL_VERSION_NUMBER < 0x1010000fL
++    HMAC_CTX_cleanup(ctx);
++    free(ctx);
++#else
++    HMAC_CTX_free(ctx);
++#endif
++}
++
+ TPM_RC tpm_kdfa(TPMI_ALG_HASH hashAlg,
+         TPM2B *key, char *label, TPM2B *contextU, TPM2B *contextV, UINT16 bits,
+         TPM2B_MAX_BUFFER  *resultKey )
+@@ -90,12 +118,17 @@
+         return TPM_RC_HASH;
+     }
+ 
+-    HMAC_CTX ctx;
+-    HMAC_CTX_init(&ctx);
+-    int rc = HMAC_Init_ex(&ctx, key->buffer, key->size, md, NULL);
++    HMAC_CTX *ctx = hmac_alloc();
++    if (!ctx) {
++        LOG_ERR("HMAC context allocation failed");
++        return TPM_RC_MEMORY;
++    }
++
++    int rc = HMAC_Init_ex(ctx, key->buffer, key->size, md, NULL);
+     if (!rc) {
+         LOG_ERR("HMAC Init failed: %s", ERR_error_string(rc, NULL));
+-        return TPM_RC_MEMORY;
++        rval = TPM_RC_MEMORY;
++        goto err;
+     }
+ 
+     // TODO Why is this a loop? It appears to only execute once.
+@@ -118,7 +151,7 @@
+         int c;
+         for(c=0; c < j; c++) {
+             TPM2B_DIGEST *digest = bufferList[c];
+-            int rc =  HMAC_Update(&ctx, digest->b.buffer, digest->b.size);
++            int rc =  HMAC_Update(ctx, digest->b.buffer, digest->b.size);
+             if (!rc) {
+                 LOG_ERR("HMAC Update failed: %s", ERR_error_string(rc, NULL));
+                 rval = TPM_RC_MEMORY;
+@@ -127,7 +160,7 @@
+         }
+ 
+         unsigned size = sizeof(tmpResult.t.buffer);
+-        int rc = HMAC_Final(&ctx, tmpResult.t.buffer, &size);
++        int rc = HMAC_Final(ctx, tmpResult.t.buffer, &size);
+         if (!rc) {
+             LOG_ERR("HMAC Final failed: %s", ERR_error_string(rc, NULL));
+             rval = TPM_RC_MEMORY;
+@@ -147,7 +180,7 @@
+     resultKey->t.size = bytes;
+ 
+ err:
+-    HMAC_CTX_cleanup(&ctx);
++    hmac_del(ctx);
+ 
+     return rval;
+ }
diff --git a/sources b/sources
index ae4e590..0df1a59 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-SHA512 (tpm2.0-tools-2.1.0.tar.gz) = 5488ffdc42a318fae9a307a333cdbce730a144cea847fe68546367c87689cd675d1376c1a638dc4eefa6231d4d7f7417215cc4eb606e999a757425f5097eb0c4
-SHA512 (gcc7-implict-fallthrough-fix.patch) = c936b6770e43fe6ab333b4f04d09c5be14a26f845f865c5744379569accc9cc681e9394161b406dcf942387b887a60e31200ffeea2d10d9dfd3487190c462c65
+SHA512 (allow-to-build-with-openssl-1.1.x.patch) = 8f2e9878c7444536b9883fa0c01821686d53f9bedf349fca0893b3266d89f4554aeffc6e164c9f6996d43b6a48c05501b30bfe66fd6726c885c60378a3dfc5b4
diff --git a/tpm2-tools.spec b/tpm2-tools.spec
index 227f6f6..684094c 100644
--- a/tpm2-tools.spec
+++ b/tpm2-tools.spec
@@ -1,6 +1,6 @@
 Name: tpm2-tools
 Version: 2.1.0 
-Release: 3%{?dist}
+Release: 4%{?dist}
 Summary: A TPM2.0 testing tool build upon TPM2.0-TSS
 
 %global pkg_prefix tpm2.0-tools
@@ -11,6 +11,8 @@ Source0: https://github.com/01org/tpm2.0-tools/archive/%{version}.tar.gz#/%{pkg_
 
 # https://github.com/01org/tpm2.0-tools/pull/381
 Patch0: gcc7-implict-fallthrough-fix.patch
+# https://github.com/01org/tpm2-tools/commit/5cee30cbc3da
+Patch1: allow-to-build-with-openssl-1.1.x.patch
 
 BuildRequires: gcc-c++
 BuildRequires: libtool
@@ -51,6 +53,9 @@ tpm2-tools is a batch of testing tools for tpm2.0. It is based on tpm2-tss.
 %{_mandir}/man8/tpm2_*.8.gz
 
 %changelog
+* Tue Aug 15 2017 Sun Yunying <yunying.sun@intel.com> - 2.1.0-4
+- Add patch to fix build error when openssl-devel is installed(RHBZ#1481236)
+
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild