diff --git a/Add-openssl-3-support.patch b/Add-openssl-3-support.patch new file mode 100644 index 0000000..d0fabdc --- /dev/null +++ b/Add-openssl-3-support.patch @@ -0,0 +1,59 @@ +From 1130ef5b93a68f42c32de8081f1e8b28cc4f632e Mon Sep 17 00:00:00 2001 +From: James Bottomley +Date: Tue, 15 Feb 2022 08:26:11 -0500 +Subject: [PATCH] Add openssl-3 support + +This is just a bandaid at the moment to prevent -Werror from breaking +the compile on deprecated API warnings. Since the APIs will be +removed in the next release, this buys some time. The final solution +will likely have to be a conversion to the new provider interface. + +Signed-off-by: James Bottomley +--- + Makefile.am | 4 ++++ + configure.ac | 7 +++++++ + 2 files changed, 11 insertions(+) + +diff --git a/Makefile.am b/Makefile.am +index 33de0d95662..fa9079a0849 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -9,6 +9,10 @@ man1_MANS = create_tpm2_key.1 load_tpm2_key.1 seal_tpm2_data.1 \ + CLEANFILES = $(man1_MANS) + endif + ++if HAVE_OPENSSL3 ++CFLAGS+= -DOPENSSL_API_COMPAT=0x10100000L ++endif ++ + openssl_engine_LTLIBRARIES=libtpm2.la + bin_PROGRAMS=create_tpm2_key load_tpm2_key seal_tpm2_data unseal_tpm2_data + openssl_enginedir=@enginesdir@ +diff --git a/configure.ac b/configure.ac +index 9ca4b4adb38..07edc8da52e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -55,6 +55,11 @@ AC_ARG_WITH(openssl, + AC_SUBST(OPENSSL_INCLUDE_DIR)]) + + AC_LANG(C) ++ ++PKG_CHECK_MODULES([DEPS], [libcrypto >= 3.0.0], ++ [ac_have_openssl3=1], ++ [PKG_CHECK_MODULES([DEPS], [libcrypto])]) ++ + AC_ARG_WITH( + [enginesdir], + [AC_HELP_STRING([--with-enginesdir], [OpenSSL engines directory])], +@@ -90,6 +95,8 @@ AC_SEARCH_LIBS([TSS_Create], [tss ibmtss], [], [ + AC_MSG_ERROR([Unable to find the TSS2 library]) + ]) + ++AM_CONDITIONAL(HAVE_OPENSSL3, test "$ac_have_openssl3" = "1") ++ + AC_DISABLE_STATIC + AC_PROG_CC_STDC + AM_PROG_CC_C_O +-- +2.25.1 + diff --git a/openssl_tpm2_engine.spec b/openssl_tpm2_engine.spec index f678e66..553c579 100644 --- a/openssl_tpm2_engine.spec +++ b/openssl_tpm2_engine.spec @@ -19,12 +19,13 @@ Name: openssl_tpm2_engine Version: 2.4.2 -Release: 1 +Release: 2 Summary: OpenSSL TPM 2.0 interface engine plugin License: LGPL-2.1-only Group: Productivity/Security URL: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/ Source0: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/snapshot/%{name}-%{version}.tar.gz +Patch0: Add-openssl-3-support.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: help2man @@ -32,6 +33,7 @@ BuildRequires: tss2 BuildRequires: tss2-devel BuildRequires: libtool BuildRequires: openssl-devel +Requires: openssl-libs %description This package contains a plugin a for OpenSSL which connects it with the @@ -40,6 +42,7 @@ create_tpm2_key helper binary to create and extract a TPM key. %prep %setup -q +%patch0 -p1 %build autoreconf -fiv @@ -63,32 +66,35 @@ find * -name \*.so -printf "/%p\n" > $CWD/%{EXTRA_FILES} %changelog -Fri Jul 3 09:35:56 UTC 2020 - Pedro Monreal Gonzalez +* Tue Feb 7 11:48:56 CET 2023 - Roberto Sassu +- Add Add-openssl-3-support.patch to fix a build issue + +* Fri Jul 3 09:35:56 UTC 2020 - Pedro Monreal Gonzalez - Update tarball due to download_files error -Thu Jul 2 15:03:09 UTC 2020 - James.Bottomley@HansenPartnership.com +* Thu Jul 2 15:03:09 UTC 2020 - James.Bottomley@HansenPartnership.com - Update to version 2.4.2 * Add every TPM supported curve (as defined by the TCG) * Fix a bug with explicitly parametrised curve handling (needed for BN) * Update the tests to be able to use swtpm * Allow loading public key without password -Thu Mar 26 04:31:36 UTC 2020 - James.Bottomley@HansenPartnership.com +* Thu Mar 26 04:31:36 UTC 2020 - James.Bottomley@HansenPartnership.com - Update to version 2.4.1 * fixes for older OpenSSL and gcc * variable tpm_server location for testing -Fri Mar 6 00:47:24 UTC 2020 - James.Bottomley@HansenPartnership.com +* Fri Mar 6 00:47:24 UTC 2020 - James.Bottomley@HansenPartnership.com - Update to version 2.4.0 * data seal/unseal handling * PKCS12 wrapping support -Fri Jan 10 16:52:22 UTC 2020 - James.Bottomley@HansenPartnership.com +* Fri Jan 10 16:52:22 UTC 2020 - James.Bottomley@HansenPartnership.com - Update to version 2.3.1 * bug fixes * add handling for DER keys -Sun Feb 24 17:10:22 UTC 2019 - James.Bottomley@HansenPartnership.com +* Sun Feb 24 17:10:22 UTC 2019 - James.Bottomley@HansenPartnership.com - Update to version 2.3.0 * add the ability to produce restricted (storage) keys with defined symmetric seeds @@ -97,23 +103,22 @@ Sun Feb 24 17:10:22 UTC 2019 - James.Bottomley@HansenPartnership.com * Add support for non-PKCS1 padding * Fixups for engines and cross builds -Wed Nov 14 14:43:17 PST 2018 - James.Bottomley@HansenPartnership.com +* Wed Nov 14 14:43:17 PST 2018 - James.Bottomley@HansenPartnership.com - Update to version 2.1.0: * Add importable keys feature -Mon Nov 12 21:04:09 PST 2018 - James.Bottomley@HansenPartnership.com +* Mon Nov 12 21:04:09 PST 2018 - James.Bottomley@HansenPartnership.com - Update to version 2.0.1: * Fix name algorithm selection * Make policy correct for non sha256 name algorithms * add security to TPM decryption operations -Mon Nov 5 07:37:09 PST 2018 - James.Bottomley@HansenPartnership.com +* Mon Nov 5 07:37:09 PST 2018 - James.Bottomley@HansenPartnership.com - Update to version 2.0.0: * Licence changed from GPL to LGPL (fixes openssl compatibility) * Key format changed for interoperability * OIDs updated with input from the TCG (new format only) -Sat Aug 10 08:05:00 PDT 2018 - James.Bottomley@HansenPartnership.com +* Sat Aug 10 08:05:00 PDT 2018 - James.Bottomley@HansenPartnership.com - Update to version 1.2.1: * Policy file support (fixed) -