Update to v0.5.0 which supports OpenSSL 1.0.x/1.1.x.

This is a forked version of OpenSSL TPM engine from the original upstream, TrouSerS project.
svn path=/head/; revision=494466
2025-01-22 08:58:47 +00:00 · 2019-03-02 23:48:27 +00:00 · 2019-03-02 23:48:27 +00:00 · 20234d00b9 · 2021-03-31 03:12:20 +00:00
commit 20234d00b9
parent 840f456a20
7 changed files with 69 additions and 67 deletions
--- a/security/openssl_tpm_engine/Makefile
+++ b/security/openssl_tpm_engine/Makefile
@ -2,10 +2,9 @@
 # $FreeBSD$

 PORTNAME=	openssl_tpm_engine
-PORTVERSION=	0.4.2
-PORTREVISION=	4
+PORTVERSION=	0.5.0
+DISTVERSIONPREFIX=	v
 CATEGORIES=	security
-MASTER_SITES=	SF/trousers/OpenSSL%20TPM%20Engine/${PORTVERSION}

 MAINTAINER=	hrs@FreeBSD.org
 COMMENT=	OpenSSL TPM engine
@ -16,16 +15,16 @@ LICENSE_FILE=	${WRKSRC}/LICENSE
 RUN_DEPENDS=	${LOCALBASE}/sbin/tcsd:security/trousers
 LIB_DEPENDS=	libtspi.so:security/trousers

-USES=		autoreconf gmake libtool ssl
+USES=		autoreconf gmake libtool localbase ssl
+USE_GITHUB=	yes
 USE_LDCONFIG=	yes
+
+GH_ACCOUNT=	mgerstner
 GNU_CONFIGURE=	yes
-LDFLAGS+=	-L${OPENSSLLIB} -lcrypto -L${LOCALBASE}/lib
-CFLAGS+=	-I${OPENSSLINC} -I${LOCALBASE}/include
+CONFIGURE_ARGS=	--with-openssl="${OPENSSLBASE}"
 SUB_FILES=	pkg-message
 PLIST_FILES=	bin/create_tpm_key \
-		lib/openssl/engines/libtpm.so \
-		lib/openssl/engines/libtpm.so.0 \
-		lib/openssl/engines/libtpm.so.0.0.0
+		lib/openssl/engines/tpm.so
 INSTALL_TARGET=	install-strip
 PORTEXAMPLES=	openssl.cnf.sample

@ -39,10 +38,11 @@ IGNORE=	Detected LibreSSL (RAND_METHOD structure unsupported)

 post-patch:
 	@${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' \
-	    ${WRKSRC}/openssl.cnf.sample
+	    ${WRKSRC}/dist/openssl.cnf.sample

 post-install-EXAMPLES-on:
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
-	${INSTALL_DATA} ${WRKSRC}/openssl.cnf.sample ${STAGEDIR}${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKSRC}/dist/openssl.cnf.sample \
+	    ${STAGEDIR}${EXAMPLESDIR}

 .include <bsd.port.post.mk>
--- a/security/openssl_tpm_engine/distinfo
+++ b/security/openssl_tpm_engine/distinfo
@ -1,2 +1,3 @@
-SHA256 (openssl_tpm_engine-0.4.2.tar.gz) = 2df697e583053f7047a89daa4585e21fc67cf4397ee34ece94cf2d4b4f7ab49c
-SIZE (openssl_tpm_engine-0.4.2.tar.gz) = 528196
+TIMESTAMP = 1551568882
+SHA256 (mgerstner-openssl_tpm_engine-v0.5.0_GH0.tar.gz) = 328cc0ce0c1fd816c284efb79234be6157bb995d24a5e8065750f162aa72c060
+SIZE (mgerstner-openssl_tpm_engine-v0.5.0_GH0.tar.gz) = 25305
--- a/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample
+++ b/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample
@ -1,11 +1,11 @@
--- openssl.cnf.sample.orig	2012-09-19 17:56:45 UTC
-+++ openssl.cnf.sample
+--- dist/openssl.cnf.sample.orig	2017-12-18 15:45:34 UTC
+++ dist/openssl.cnf.sample
@@ -18,7 +18,7 @@ engines = engine_section
 foo = tpm_section
 
 [tpm_section]
 -dynamic_path = /usr/local/ssl/lib/engines/libtpm.so
-+dynamic_path = %%PREFIX%%/lib/openssl/engines/libtpm.so
+dynamic_path = %%PREFIX%%/lib/openssl/engines/tpm.so
 engine_id = tpm
 default_algorithms = ALL
 #default_algorithms = RAND,RSA
--- a/security/openssl_tpm_engine/files/patch-src-e_tpm.c
+++ b/security/openssl_tpm_engine/files/patch-src-e_tpm.c
@ -1,14 +1,14 @@
--- e_tpm.c.orig	2012-09-19 17:57:45 UTC
-+++ e_tpm.c
-@@ -35,6 +35,7 @@
+--- src/e_tpm.c.orig	2017-12-18 15:45:34 UTC
+++ src/e_tpm.c
+@@ -34,6 +34,7 @@
 #include <tss/tspi.h>
 
 #include <trousers/trousers.h>  // XXX DEBUG
 +#include <trousers/tss.h>
 
 #include "e_tpm.h"
- 
-@@ -55,10 +56,10 @@ static char *tpm_engine_get_auth(UI_METH
+ #include "ssl_compat.h"
+@@ -55,10 +56,10 @@ static char *tpm_engine_get_auth(UI_METHOD *, char *, 
 /* rsa functions */
 static int tpm_rsa_init(RSA *rsa);
 static int tpm_rsa_finish(RSA *rsa);
@ -23,7 +23,7 @@
 //static int tpm_rsa_sign(int, const unsigned char *, unsigned int, unsigned char *, unsigned int *, const RSA *);
 static int tpm_rsa_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
 #endif
-@@ -72,6 +73,7 @@ static void tpm_rand_seed(const void *, 
+@@ -72,6 +73,7 @@ static RAND_SEED_RET_TYPE tpm_rand_seed(const void *, 
 #define TPM_CMD_SO_PATH		ENGINE_CMD_BASE
 #define TPM_CMD_PIN		ENGINE_CMD_BASE+1
 #define TPM_CMD_SECRET_MODE	ENGINE_CMD_BASE+2
@ -31,7 +31,7 @@
 static const ENGINE_CMD_DEFN tpm_cmd_defns[] = {
 	{TPM_CMD_SO_PATH,
 	 "SO_PATH",
-@@ -85,6 +87,10 @@ static const ENGINE_CMD_DEFN tpm_cmd_def
+@@ -85,6 +87,10 @@ static const ENGINE_CMD_DEFN tpm_cmd_defns[] = {
 	 "SECRET_MODE",
 	 "The TSS secret mode for all secrets",
 	 ENGINE_CMD_FLAG_NUMERIC},
@ -42,7 +42,7 @@
 	{0, NULL, NULL, 0}
 };
 
-@@ -167,6 +173,9 @@ static unsigned int (*p_tspi_Hash_SetHas
+@@ -151,6 +157,9 @@ static unsigned int (*p_tspi_Hash_SetHashValue)();
 static unsigned int (*p_tspi_GetPolicyObject)();
 static unsigned int (*p_tspi_Policy_SetSecret)();
 static unsigned int (*p_tspi_Policy_AssignToObject)();
@ -52,7 +52,7 @@
 
 /* Override the real function calls to use our indirect pointers */
 #define Tspi_Context_Create p_tspi_Context_Create
-@@ -193,6 +202,9 @@ static unsigned int (*p_tspi_Policy_Assi
+@@ -177,6 +186,9 @@ static unsigned int (*p_tspi_Policy_AssignToObject)();
 #define Tspi_Hash_SetHashValue p_tspi_Hash_SetHashValue
 #define Tspi_Policy_SetSecret p_tspi_Policy_SetSecret
 #define Tspi_Policy_AssignToObject p_tspi_Policy_AssignToObject
@ -61,8 +61,8 @@
 +#define	Tspi_NV_ReadValue p_tspi_NV_ReadValue
 #endif /* DLOPEN_TSPI */
 
- /* This internal function is used by ENGINE_tpm() and possibly by the
-@@ -248,6 +260,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
+ static int setup_rsa_method()
+@@ -262,6 +274,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
 	TSS_RESULT result;
 	UINT32 authusage;
 	BYTE *auth;
@ -70,7 +70,7 @@
 
 	if (hSRK != NULL_HKEY) {
 		DBGFN("SRK is already loaded.");
-@@ -294,6 +307,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
+@@ -308,6 +321,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
 		return 0;
 	}
 
@ -78,7 +78,7 @@
 	if ((auth = calloc(1, 128)) == NULL) {
 		TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
 		return 0;
-@@ -319,6 +333,15 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
+@@ -333,6 +347,15 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
 
 	free(auth);
 
@ -94,7 +94,7 @@
 	return 1;
 }
 
-@@ -376,7 +399,10 @@ static int tpm_engine_init(ENGINE * e)
+@@ -390,7 +413,10 @@ static int tpm_engine_init(ENGINE * e)
 	    !bind_tspi_func(tpm_dso, Context_GetTpmObject) ||
 	    !bind_tspi_func(tpm_dso, GetAttribUint32) ||
 	    !bind_tspi_func(tpm_dso, SetAttribData) ||
@ -106,7 +106,7 @@
 	    ) {
 		TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE);
 		goto err;
-@@ -438,6 +464,9 @@ err:
+@@ -452,6 +478,9 @@ err:
 	p_tspi_Policy_AssignToObject = NULL;
 	p_tspi_TPM_StirRandom = NULL;
 	p_tspi_TPM_GetRandom = NULL;
@ -116,8 +116,8 @@
 #endif
 	return 0;
 }
-@@ -566,6 +595,55 @@ int fill_out_rsa_object(RSA *rsa, TSS_HK
- 	return 1;
+@@ -590,6 +619,55 @@ err:
+ 	return 0;
 }
 
 +/*
@ -172,7 +172,7 @@
 static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id,
 				     UI_METHOD *ui, void *cb_data)
 {
-@@ -580,7 +658,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG
+@@ -604,7 +682,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
 
 	DBG("%s", __FUNCTION__);
 
@ -181,7 +181,7 @@
 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 	}
-@@ -590,17 +668,27 @@ static EVP_PKEY *tpm_engine_load_key(ENG
+@@ -614,17 +692,27 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
 		return NULL;
 	}
 
@ -211,7 +211,7 @@
 		BIO_free(bf);
 		return NULL;
 	}
-@@ -611,7 +699,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG
+@@ -635,7 +723,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
 						   blobstr->length,
 						   blobstr->data, &hKey))) {
 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
@ -220,7 +220,7 @@
 		return NULL;
 	}
 	ASN1_OCTET_STRING_free(blobstr);
-@@ -621,7 +709,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG
+@@ -645,7 +733,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
 					     &authusage))) {
 		Tspi_Context_CloseObject(hContext, hKey);
 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
@ -229,7 +229,7 @@
 		return NULL;
 	}
 
-@@ -726,7 +814,7 @@ static int tpm_create_srk_policy(void *s
+@@ -747,7 +835,7 @@ static int tpm_create_srk_policy(void *secret)
 							  TSS_POLICY_USAGE,
 							  &hSRKPolicy))) {
 			TSSerr(TPM_F_TPM_CREATE_SRK_POLICY,
@ -238,7 +238,7 @@
 			return 0;
 		}
 	}
-@@ -740,6 +828,70 @@ static int tpm_create_srk_policy(void *s
+@@ -761,6 +849,70 @@ static int tpm_create_srk_policy(void *secret)
 	return 1;
 }
 
@ -309,7 +309,7 @@
 static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
 {
 	int initialised = !!hContext;
-@@ -778,6 +930,8 @@ static int tpm_engine_ctrl(ENGINE * e, i
+@@ -799,6 +951,8 @@ static int tpm_engine_ctrl(ENGINE * e, int cmd, long i
 			return 1;
 		case TPM_CMD_PIN:
 			return tpm_create_srk_policy(p);
@ -318,7 +318,7 @@
 		default:
 			break;
 	}
-@@ -832,7 +986,7 @@ static int tpm_rsa_finish(RSA *rsa)
+@@ -853,7 +1007,7 @@ static int tpm_rsa_finish(RSA *rsa)
 }
 
 static int tpm_rsa_pub_dec(int flen,
@ -327,7 +327,7 @@
 			   unsigned char *to,
 			   RSA *rsa,
 			   int padding)
-@@ -851,7 +1005,7 @@ static int tpm_rsa_pub_dec(int flen,
+@@ -872,7 +1026,7 @@ static int tpm_rsa_pub_dec(int flen,
 }
 
 static int tpm_rsa_priv_dec(int flen,
@ -336,7 +336,7 @@
 			    unsigned char *to,
 			    RSA *rsa,
 			    int padding)
-@@ -928,7 +1082,7 @@ static int tpm_rsa_priv_dec(int flen,
+@@ -949,7 +1103,7 @@ static int tpm_rsa_priv_dec(int flen,
 }
 
 static int tpm_rsa_pub_enc(int flen,
@ -345,7 +345,7 @@
 			   unsigned char *to,
 			   RSA *rsa,
 			   int padding)
-@@ -1035,7 +1189,7 @@ static int tpm_rsa_pub_enc(int flen,
+@@ -1056,7 +1210,7 @@ static int tpm_rsa_pub_enc(int flen,
 }
 
 static int tpm_rsa_priv_enc(int flen,
@ -354,7 +354,7 @@
 			    unsigned char *to,
 			    RSA *rsa,
 			    int padding)
-@@ -1080,7 +1234,10 @@ static int tpm_rsa_priv_enc(int flen,
+@@ -1101,7 +1255,10 @@ static int tpm_rsa_priv_enc(int flen,
 	}
 
 	if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) {
--- a/security/openssl_tpm_engine/files/patch-src-e_tpm.h
+++ b/security/openssl_tpm_engine/files/patch-src-e_tpm.h
@ -1,8 +1,6 @@
-http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com
-
--- e_tpm.h.orig	2012-09-12 15:32:53 UTC
-+++ e_tpm.h
-@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int rea
+--- src/e_tpm.h.orig	2017-12-18 15:45:34 UTC
+++ src/e_tpm.h
+@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int reason, char *fil
 #define TPM_F_TPM_FILL_RSA_OBJECT		116
 #define TPM_F_TPM_ENGINE_GET_AUTH		117
 #define TPM_F_TPM_CREATE_SRK_POLICY		118
@ -11,7 +9,7 @@ http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.
 
 /* Reason codes. */
 #define TPM_R_ALREADY_LOADED			100
-@@ -96,6 +98,7 @@ void ERR_TSS_error(int function, int rea
+@@ -96,6 +98,7 @@ void ERR_TSS_error(int function, int reason, char *fil
 #define TPM_R_ID_INVALID			125
 #define TPM_R_UI_METHOD_FAILED			126
 #define TPM_R_UNKNOWN_SECRET_MODE		127
@ -19,10 +17,12 @@ http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.
 
 /* structure pointed to by the RSA object's app_data pointer */
 struct rsa_app_data
-@@ -107,6 +110,25 @@ struct rsa_app_data
+@@ -105,6 +108,25 @@ struct rsa_app_data
+ 	TSS_HENCDATA hEncData;
+ 	UINT32 encScheme;
 	UINT32 sigScheme;
- };
- 
+};
+
 +/* Added by c.hol...@sirrix.com */
 +struct quote_request
 +{
@ -40,8 +40,6 @@ http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.
 +{
 +	unsigned int index;
 +	unsigned int length;
-+};
-+
- #define TPM_ENGINE_EX_DATA_UNINIT		-1
- #define RSA_PKCS1_OAEP_PADDING_SIZE		(2 * SHA_DIGEST_LENGTH + 2)
+ };
 
+ #define TPM_ENGINE_EX_DATA_UNINIT		-1
--- a/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c
+++ b/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c
@ -1,8 +1,6 @@
-http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com
-
--- e_tpm_err.c.orig	2011-01-20 18:24:04 UTC
-+++ e_tpm_err.c
-@@ -235,6 +235,7 @@ static ERR_STRING_DATA TPM_str_functs[] 
+--- src/e_tpm_err.c.orig	2017-12-18 15:45:34 UTC
+++ src/e_tpm_err.c
+@@ -234,6 +234,7 @@ static ERR_STRING_DATA TPM_str_functs[] = {
 	{ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"},
 	{ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"},
 	{ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"},
@ -10,7 +8,7 @@ http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.
 	{0, NULL}
 };
 
-@@ -265,6 +266,7 @@ static ERR_STRING_DATA TPM_str_reasons[]
+@@ -264,6 +265,7 @@ static ERR_STRING_DATA TPM_str_reasons[] = {
 	{TPM_R_FILE_READ_FAILED, "failed reading the key file"},
 	{TPM_R_ID_INVALID, "engine id doesn't match"},
 	{TPM_R_UI_METHOD_FAILED, "ui function failed"},
--- a/security/openssl_tpm_engine/pkg-descr
+++ b/security/openssl_tpm_engine/pkg-descr
@ -1,3 +1,8 @@
-This package contains 2 sets of code, a command-line utility used to
-generate a TSS key blob and write it to disk and an OpenSSL engine
-which interfaces with the TSS API.
+This is a forked version of OpenSSL TPM engine from the original
+upstream, TrouSerS project.
+
+This package contains two sets of code, a command-line utility used to
+generate a TSS key blob and write it to disk and an OpenSSL engine which
+interfaces with the TSS API.
+
+WWW: https://github.com/mgerstner/openssl_tpm_engine