d8b5733ac7
The segfault was caused by calling tpm2 command on ppc64le without any additional arguments. Resolves: rhbz#1989617 Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
255 lines
6.8 KiB
Diff
255 lines
6.8 KiB
Diff
From 61989b4c0a2da337a5c8df56e68c83e73259ed75 Mon Sep 17 00:00:00 2001
|
|
From: Petr Gotthard <petr.gotthard@centrum.cz>
|
|
Date: Sat, 7 Aug 2021 11:39:52 +0200
|
|
Subject: [PATCH 04/17] openssl: Remove support for OpenSSL < 1.1.0
|
|
|
|
The OpenSSL 1.0.2 is no longer maintained. Supporting an EOL crypto
|
|
library is not a good idea.
|
|
|
|
- Compared to the upstream commit 1e439d85 changes related to functions
|
|
and features not previously backported were ommited.
|
|
|
|
Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
|
|
---
|
|
configure.ac | 2 +-
|
|
doc/CHANGELOG.md | 5 +++
|
|
doc/INSTALL.md | 2 +-
|
|
doc/RELEASE.md | 7 ----
|
|
lib/tpm2_openssl.c | 87 ----------------------------------------------
|
|
lib/tpm2_openssl.h | 10 ------
|
|
6 files changed, 7 insertions(+), 106 deletions(-)
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index a3988e15..9561fa86 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -58,7 +58,7 @@ PKG_CHECK_MODULES([TSS2_TCTILDR], [tss2-tctildr])
|
|
PKG_CHECK_MODULES([TSS2_MU], [tss2-mu])
|
|
PKG_CHECK_MODULES([TSS2_RC], [tss2-rc])
|
|
PKG_CHECK_MODULES([TSS2_SYS], [tss2-sys])
|
|
-PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.0.2g])
|
|
+PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.1.0])
|
|
PKG_CHECK_MODULES([CURL], [libcurl])
|
|
PKG_CHECK_MODULES([UUID], [uuid])
|
|
|
|
diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md
|
|
index 87573fd7..b244dfee 100644
|
|
--- a/doc/CHANGELOG.md
|
|
+++ b/doc/CHANGELOG.md
|
|
@@ -1,5 +1,10 @@
|
|
## Changelog
|
|
|
|
+### next
|
|
+
|
|
+ * openssl:
|
|
+ - Dropped support for OpenSSL < 1.1.0
|
|
+
|
|
### 5.0 - 2020-11-16
|
|
|
|
#### Non Backwards Compatible Changes
|
|
diff --git a/doc/INSTALL.md b/doc/INSTALL.md
|
|
index b23b8d61..ab160581 100644
|
|
--- a/doc/INSTALL.md
|
|
+++ b/doc/INSTALL.md
|
|
@@ -19,7 +19,7 @@ To build and install the tpm2-tools software the following software is required:
|
|
* C compiler
|
|
* C Library Development Libraries and Header Files (for pthreads headers)
|
|
* ESAPI - TPM2.0 TSS ESAPI library (tss2-esys) and header files
|
|
- * OpenSSL libcrypto library and header files
|
|
+ * OpenSSL libcrypto library and header files (version >= 1.1.0)
|
|
* Curl library and header files
|
|
* Universally Unique ID library (UUID)
|
|
|
|
diff --git a/doc/RELEASE.md b/doc/RELEASE.md
|
|
index e2c72a67..8769b57d 100644
|
|
--- a/doc/RELEASE.md
|
|
+++ b/doc/RELEASE.md
|
|
@@ -23,13 +23,6 @@ the next release.
|
|
- [3.0.X](https://github.com/tpm2-software/tpm2-tools/tree/3.0.X): EOL after
|
|
3.2.1 release.
|
|
|
|
-## OpenSSL
|
|
-
|
|
-tpm2-tools relies heavily on OpenSSL. OpenSSL will be EOL'ing 1.0.2 at the end
|
|
-of 2019, see: https://www.openssl.org/blog/blog/2018/05/18/new-lts/. When this
|
|
-occurs, we will remove OSSL 1.0.2 support from the tpm2-tools repository as
|
|
-supporting an EOL crypto library is not a good idea.
|
|
-
|
|
# Release Information
|
|
|
|
Releases shall be tagged following semantic version guidelines found at:
|
|
diff --git a/lib/tpm2_openssl.c b/lib/tpm2_openssl.c
|
|
index e769d6df..877d2764 100644
|
|
--- a/lib/tpm2_openssl.c
|
|
+++ b/lib/tpm2_openssl.c
|
|
@@ -72,58 +72,6 @@ const EVP_MD *tpm2_openssl_halg_from_tpmhalg(TPMI_ALG_HASH algorithm) {
|
|
/* no return, not possible */
|
|
}
|
|
|
|
-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
|
|
-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
|
|
-
|
|
- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) {
|
|
- return 0;
|
|
- }
|
|
-
|
|
- if (n != NULL) {
|
|
- BN_free(r->n);
|
|
- r->n = n;
|
|
- }
|
|
-
|
|
- if (e != NULL) {
|
|
- BN_free(r->e);
|
|
- r->e = e;
|
|
- }
|
|
-
|
|
- if (d != NULL) {
|
|
- BN_free(r->d);
|
|
- r->d = d;
|
|
- }
|
|
-
|
|
- return 1;
|
|
-}
|
|
-
|
|
-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) {
|
|
- if(p) {
|
|
- *p = r->p;
|
|
- }
|
|
-
|
|
- if (q) {
|
|
- *q = r->q;
|
|
- }
|
|
-}
|
|
-
|
|
-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
|
|
-
|
|
- if (!r || !s) {
|
|
- return 0;
|
|
- }
|
|
-
|
|
- BN_clear_free(sig->r);
|
|
- BN_clear_free(sig->s);
|
|
-
|
|
- sig->r = r;
|
|
- sig->s = s;
|
|
-
|
|
- return 1;
|
|
-}
|
|
-
|
|
-#endif
|
|
-
|
|
bool tpm2_openssl_hash_compute_data(TPMI_ALG_HASH halg, BYTE *buffer,
|
|
UINT16 length, TPM2B_DIGEST *digest) {
|
|
|
|
@@ -422,54 +370,28 @@ out:
|
|
|
|
HMAC_CTX *tpm2_openssl_hmac_new() {
|
|
HMAC_CTX *ctx;
|
|
-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
|
|
- ctx = malloc(sizeof(*ctx));
|
|
-#else
|
|
ctx = HMAC_CTX_new();
|
|
-#endif
|
|
if (!ctx)
|
|
return NULL;
|
|
|
|
-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
|
|
- HMAC_CTX_init(ctx);
|
|
-#endif
|
|
-
|
|
return ctx;
|
|
}
|
|
|
|
void tpm2_openssl_hmac_free(HMAC_CTX *ctx) {
|
|
-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
|
|
- HMAC_CTX_cleanup(ctx);
|
|
- free(ctx);
|
|
-#else
|
|
HMAC_CTX_free(ctx);
|
|
-#endif
|
|
}
|
|
|
|
EVP_CIPHER_CTX *tpm2_openssl_cipher_new(void) {
|
|
EVP_CIPHER_CTX *ctx;
|
|
-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
|
|
- ctx = malloc(sizeof(*ctx));
|
|
-#else
|
|
ctx = EVP_CIPHER_CTX_new();
|
|
-#endif
|
|
if (!ctx)
|
|
return NULL;
|
|
|
|
-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
|
|
- EVP_CIPHER_CTX_init(ctx);
|
|
-#endif
|
|
-
|
|
return ctx;
|
|
}
|
|
|
|
void tpm2_openssl_cipher_free(EVP_CIPHER_CTX *ctx) {
|
|
-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
|
|
- EVP_CIPHER_CTX_cleanup(ctx);
|
|
- free(ctx);
|
|
-#else
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
-#endif
|
|
}
|
|
|
|
digester tpm2_openssl_halg_to_digester(TPMI_ALG_HASH halg) {
|
|
@@ -680,12 +602,7 @@ static bool load_public_RSA_from_key(RSA *k, TPM2B_PUBLIC *pub) {
|
|
const BIGNUM *n; /* modulus */
|
|
const BIGNUM *e; /* public key exponent */
|
|
|
|
-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
|
|
- n = k->n;
|
|
- e = k->e;
|
|
-#else
|
|
RSA_get0_key(k, &n, &e, NULL);
|
|
-#endif
|
|
|
|
/*
|
|
* The size of the modulus is the key size in RSA, store this as the
|
|
@@ -1006,11 +923,7 @@ static bool load_private_RSA_from_key(RSA *k, TPM2B_SENSITIVE *priv) {
|
|
|
|
const BIGNUM *p; /* the private key exponent */
|
|
|
|
-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
|
|
- p = k->p;
|
|
-#else
|
|
RSA_get0_factors(k, &p, NULL);
|
|
-#endif
|
|
|
|
TPMT_SENSITIVE *sa = &priv->sensitiveArea;
|
|
|
|
diff --git a/lib/tpm2_openssl.h b/lib/tpm2_openssl.h
|
|
index 46c8f9c0..8e3e0c17 100644
|
|
--- a/lib/tpm2_openssl.h
|
|
+++ b/lib/tpm2_openssl.h
|
|
@@ -13,10 +13,6 @@
|
|
|
|
#include "pcr.h"
|
|
|
|
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) /* OpenSSL 1.1.0 */
|
|
-#define LIB_TPM2_OPENSSL_OPENSSL_PRE11
|
|
-#endif
|
|
-
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
|
#define EC_POINT_set_affine_coordinates_tss(group, tpm_pub_key, bn_x, bn_y, dmy) \
|
|
EC_POINT_set_affine_coordinates(group, tpm_pub_key, bn_x, bn_y, dmy)
|
|
@@ -32,12 +28,6 @@
|
|
EC_POINT_get_affine_coordinates_GFp(group, tpm_pub_key, bn_x, bn_y, dmy)
|
|
#endif /* OPENSSL_VERSION_NUMBER >= 0x10101000L */
|
|
|
|
-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
|
|
-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
|
|
-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
|
|
-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
|
|
-#endif
|
|
-
|
|
/**
|
|
* Function prototype for a hashing routine.
|
|
*
|
|
--
|
|
2.31.1
|
|
|