diff --git a/0001-tpm12-add-missing-openssl-includes.patch b/0001-tpm12-add-missing-openssl-includes.patch deleted file mode 100644 index 7393a5e979e409db8d2dcf7c22de3ec999d473aa..0000000000000000000000000000000000000000 --- a/0001-tpm12-add-missing-openssl-includes.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 36aab2de0671e4e4068daf46abcff0d63d8d400c Mon Sep 17 00:00:00 2001 -From: orbea -Date: Wed, 13 Mar 2024 10:01:49 -0700 -Subject: [PATCH] tpm12: add missing openssl includes - -This fixes the build with LibreSSL 3.9.0 where many implicit -declarations for BN_, EVP_ and RSA_ functions occur which were -implicitly included before. - -Signed-off-by: orbea ---- - src/tpm12/tpm_crypto.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/tpm12/tpm_crypto.c b/src/tpm12/tpm_crypto.c -index bcbaa7fc2..628e27cc2 100644 ---- a/src/tpm12/tpm_crypto.c -+++ b/src/tpm12/tpm_crypto.c -@@ -48,6 +48,8 @@ - #include - #include - #include -+#include -+#include - - #include "tpm_cryptoh.h" - #include "tpm_debug.h" diff --git a/0002-Adapt-to-OpenSSL-3.0-for-SM3.patch b/0002-Adapt-to-OpenSSL-3.0-for-SM3.patch deleted file mode 100644 index d5cba1bcc677ec10f23ab9f8256c9fa293e6ce9b..0000000000000000000000000000000000000000 --- a/0002-Adapt-to-OpenSSL-3.0-for-SM3.patch +++ /dev/null @@ -1,192 +0,0 @@ -From 0d52f1654c18db30ff859eebd7dc521c75ffc7f4 Mon Sep 17 00:00:00 2001 -From: fly2x -Date: Tue, 8 Jul 2025 14:51:51 +0800 -Subject: [PATCH] Adapt to OpenSSL 3.0 for SM3 - ---- - src/tpm2/NVMarshal.c | 18 +++--- - src/tpm2/crypto/openssl/Helpers.c | 86 +++++++++++++++++++------ - src/tpm2/crypto/openssl/TpmToOsslHash.h | 8 ++- - 3 files changed, 85 insertions(+), 27 deletions(-) - -diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c -index e2f83de..cdf5cbb 100644 ---- a/src/tpm2/NVMarshal.c -+++ b/src/tpm2/NVMarshal.c -@@ -2045,8 +2045,11 @@ tpmHashStateSM3_256_Marshal(tpmHashStateSM3_256_t *data, BYTE **buffer, INT32 *s - UINT16 array_size; - SM3_CTX *sm3_ctx = NULL; - BLOCK_SKIP_INIT; -+ if (data->evp_md_ctx == NULL) { -+ return 1; -+ } -+ sm3_ctx = EVP_MD_CTX_md_data(data->evp_md_ctx); - -- sm3_ctx = EVP_MD_CTX_md_data(*data); - written = NV_HEADER_Marshal(buffer, size, - HASH_STATE_SM3_256_VERSION, - HASH_STATE_SM3_256_MAGIC, 1); -@@ -2083,14 +2086,13 @@ tpmHashStateSM3_256_Unmarshal(tpmHashStateSM3_256_t *data, BYTE **buffer, INT32 - UINT16 array_size; - NV_HEADER hdr; - SM3_CTX *sm3_ctx = NULL; -- -- (*data) = EVP_MD_CTX_new(); -- if ((*data) == NULL) { -+ if (sm3_init_ctx(data) != 1) { - rc = TPM_RC_FAILURE; -- } -- if (rc == TPM_RC_SUCCESS) { -- EVP_DigestInit_ex(*data, EVP_sm3(), NULL); -- sm3_ctx = EVP_MD_CTX_md_data(*data); -+ } else { -+ sm3_ctx = EVP_MD_CTX_md_data(data->evp_md_ctx); -+ if (sm3_ctx == NULL) { -+ rc = TPM_RC_FAILURE; -+ } - } - - if (rc == TPM_RC_SUCCESS) { -diff --git a/src/tpm2/crypto/openssl/Helpers.c b/src/tpm2/crypto/openssl/Helpers.c -index 1711496..d8a1e89 100644 ---- a/src/tpm2/crypto/openssl/Helpers.c -+++ b/src/tpm2/crypto/openssl/Helpers.c -@@ -634,17 +634,21 @@ static int SetSM4Key(const uint8_t *key, SM4_KEY *ks, int direction) - - *ks = EVP_CIPHER_CTX_new(); - if (*ks == NULL) { -- return SM4_FAIL; -+ return 1; - } - if (direction == SM4_ENCRYPT) { - rc = EVP_EncryptInit_ex(*ks, sm4Cipher, NULL, key, iv); - } else { - rc = EVP_DecryptInit_ex(*ks, sm4Cipher, NULL, key, iv); - } -- if (rc != SM4_SUCCESS) { -- return SM4_FAIL; -+ if (rc != 1) { -+ return 1; - } -- return SM4_SUCCESS; -+ rc = EVP_CIPHER_CTX_set_padding(*ks, 0); -+ if (rc != 1) { -+ return 1; -+ } -+ return 0; - } - - int SM4_set_encrypt_key(const uint8_t *key, SM4_KEY *ks) -@@ -688,30 +692,76 @@ void SM4_final(const SM4_KEY *ks) - } - #endif - #if ALG_SM3_256 --int sm3_init(SM3_TPM_CTX *c) -+ -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ -+int sm3_init_ctx(SM3_TPM_CTX *c) - { -- *c = EVP_MD_CTX_new(); -- if (*c == NULL) { -- return SM3_FAIL; -+ int rc; -+ c->evp_md_ctx = EVP_MD_CTX_new(); -+ if (c->evp_md_ctx == NULL) { -+ return 0; -+ } -+ c->evp_md = EVP_MD_meth_dup(EVP_sm3()); -+ if (c->evp_md == NULL) { -+ EVP_MD_CTX_destroy(c->evp_md_ctx); -+ c->evp_md_ctx = NULL; -+ return 0; - } -- return EVP_DigestInit_ex(*c, EVP_sm3(), NULL); -+ -+ EVP_MD_meth_set_app_datasize(c->evp_md, 256); -+ rc = EVP_DigestInit_ex(c->evp_md_ctx, c->evp_md, NULL); -+ if (rc != 1) { -+ EVP_MD_CTX_destroy(c->evp_md_ctx); -+ EVP_MD_meth_free(c->evp_md); -+ c->evp_md_ctx = NULL; -+ c->evp_md = NULL; -+ return 0; -+ } -+ return rc; -+} -+ -+#else -+ -+int sm3_init_ctx(SM3_TPM_CTX *c) -+{ -+ c->evp_md = NULL; -+ c->evp_md_ctx = EVP_MD_CTX_new(); -+ if (c->evp_md_ctx == NULL) { -+ return 0; -+ } -+ return EVP_DigestInit_ex(c->evp_md_ctx, EVP_sm3(), NULL); -+} -+ -+#endif -+ -+int sm3_init(SM3_TPM_CTX *c) -+{ -+ return sm3_init_ctx(c); - } - - int sm3_update(SM3_TPM_CTX *c, const void *data, size_t len) - { -- return EVP_DigestUpdate(*c, data, len); -+ if (c->evp_md_ctx == NULL) { -+ return 0; -+ } -+ return EVP_DigestUpdate(c->evp_md_ctx, data, len); - } - - int sm3_final(unsigned char *md, SM3_TPM_CTX *c) - { -- uint32_t len = SM3_256_DIGEST_SIZE; -- int ret = EVP_DigestFinal_ex(*c, md, &len); -- -- if (ret != SM3_SUCCESS || len != SM3_256_DIGEST_SIZE) { -- ret = SM3_FAIL; -+ int rc; -+ if (c->evp_md_ctx == NULL) { -+ return 0; - } -- EVP_MD_CTX_destroy(*c); -- *c = NULL; -- return SM3_SUCCESS; -+ rc = EVP_DigestFinal_ex(c->evp_md_ctx, md, NULL); -+ EVP_MD_CTX_destroy(c->evp_md_ctx); -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ EVP_MD_meth_free(c->evp_md); -+ c->evp_md = NULL; -+#endif -+ c->evp_md_ctx = NULL; -+ return rc; - } -+ - #endif -diff --git a/src/tpm2/crypto/openssl/TpmToOsslHash.h b/src/tpm2/crypto/openssl/TpmToOsslHash.h -index ac10326..6eefcee 100644 ---- a/src/tpm2/crypto/openssl/TpmToOsslHash.h -+++ b/src/tpm2/crypto/openssl/TpmToOsslHash.h -@@ -88,7 +88,13 @@ typedef struct SM3state_st { - unsigned int num; - } SM3_CTX; - --typedef EVP_MD_CTX* SM3_TPM_CTX; -+typedef struct SM3_TPM_EVP_MD_CTX { -+ EVP_MD_CTX* evp_md_ctx; -+ EVP_MD* evp_md; -+}SM3_TPM_EVP_MD_CTX; -+typedef SM3_TPM_EVP_MD_CTX SM3_TPM_CTX; -+ -+int sm3_init_ctx(SM3_TPM_CTX *c); - - int sm3_init(SM3_TPM_CTX *c); - int sm3_update(SM3_TPM_CTX *c, const void *data, size_t len); --- -2.50.0 - diff --git a/libtpms-0.10.1.tar.gz b/libtpms-0.10.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..cbf9feaf560712ca9fdd3e2b3d8dfc5052482858 Binary files /dev/null and b/libtpms-0.10.1.tar.gz differ diff --git a/libtpms-0.9.6.tar.gz b/libtpms-0.9.6.tar.gz deleted file mode 100644 index dff25740329dca5ab64b917ba310f3d9b235f09f..0000000000000000000000000000000000000000 Binary files a/libtpms-0.9.6.tar.gz and /dev/null differ diff --git a/libtpms.spec b/libtpms.spec index 6300c7211d2863cad78a5e9964b450a18a6608d3..9c69fff09248bfb70da620345d7b93b5c33c301b 100644 --- a/libtpms.spec +++ b/libtpms.spec @@ -1,50 +1,23 @@ -# --- libtpm rpm-spec --- - -%define name libtpms -%define version 0.9.6 -%define release 3 - -# Valid crypto subsystems are 'freebl' and 'openssl' -%if "%{?crypto_subsystem}" == "" -%define crypto_subsystem openssl -%endif - # Valid build types are 'production' or 'debug' %define build_type production Summary: Library providing Trusted Platform Module (TPM) functionality -Name: %{name} -Version: %{version} -Release: %{release} -License: BSD +Name: libtpms +Version: 0.10.1 +Release: 1 +License: BSD-3-Clause Group: Development/Libraries -Url: http://github.com/stefanberger/libtpms -Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz -Provides: libtpms-%{crypto_subsystem} = %{version}-%{release} - -Patch0: 0000-tpm2-add-SM3-and-SM4-support.patch -Patch1: 0001-tpm12-add-missing-openssl-includes.patch -Patch2: 0002-Adapt-to-OpenSSL-3.0-for-SM3.patch - -%if "%{crypto_subsystem}" == "openssl" +Url: https://github.com/stefanberger/libtpms +Source0: https://github.com/stefanberger/libtpms/archive/v%{version}/%{name}-%{version}.tar.gz +Provides: libtpms-openssl = %{version}-%{release} +# Does not apply for 0.10.0 +# Patch0: 0000-tpm2-add-SM3-and-SM4-support.patch + +BuildRequires: make gcc-c++ +BuildRequires: automake autoconf libtool BuildRequires: openssl-devel -%else -BuildRequires: nss-devel >= 3.12.9-2 -BuildRequires: nss-softokn-freebl-devel >= 3.12.9-2 -%if 0%{?rhel} > 6 || 0%{?fedora} >= 13 -BuildRequires: nss-softokn-freebl-static >= 3.12.9-2 -%endif -BuildRequires: nss-softokn-devel >= 3.12.9-2, gmp-devel -%endif -BuildRequires: pkgconfig gawk sed -BuildRequires: automake autoconf libtool bash coreutils gcc-c++ - -%if "%{crypto_subsystem}" == "openssl" -Requires: openssl -%else -Requires: nss-softokn-freebl >= 3.12.9-2, nss-softokn >= 3.12.9-2 -%endif -Requires: gmp +BuildRequires: gawk +BuildRequires: sed %description A library providing TPM functionality for VMs. Targeted for integration @@ -59,23 +32,19 @@ Requires: %{name}%{?_isa} = %{version}-%{release} Libtpms header files and documentation. %files -%defattr(-, root, root, -) +%license LICENSE +%doc README CHANGES %{_libdir}/%{name}.so.%{version} %{_libdir}/%{name}.so.0 -%doc LICENSE README CHANGES %files devel -%defattr(-, root, root, -) - %{_libdir}/%{name}.so -%dir %{_includedir}/%{name} -%attr(644, root, root) %{_libdir}/pkgconfig/*.pc -%attr(644, root, root) %{_includedir}/%{name}/*.h -%attr(644, root, root) %{_mandir}/man3/* +%{_includedir}/%{name} +%{_libdir}/pkgconfig/*.pc +%{_mandir}/man3/* %prep -%setup -n %{name}-%{version} -%autopatch -p1 +%autosetup -p1 -n %{name}-%{version} %build @@ -83,10 +52,6 @@ Libtpms header files and documentation. export CFLAGS="${CFLAGS} -Wno-self-assign" %endif -%if "%{crypto_subsystem}" == "openssl" -%define _with_openssl --with-openssl -%endif - %if "%{build_type}" == "debug" %define _enable_debug --enable-debug %endif @@ -94,33 +59,30 @@ export CFLAGS="${CFLAGS} -Wno-self-assign" %if "%{build_type}" == "debug" CFLAGS=-O0 %endif -./autogen.sh \ + +NOCONFIGURE=yes ./autogen.sh + +%configure \ --with-tpm2 \ --disable-static \ - --prefix=/usr \ - --libdir=%{_libdir} \ - %{?_with_openssl} \ + --with-openssl \ %{?_enable_debug} -make %{?_smp_mflags} +%make_build %check -make check +%make_build check %install -install -d -m 0755 $RPM_BUILD_ROOT%{_libdir} -install -d -m 0755 $RPM_BUILD_ROOT%{_includedir}/libtpms -install -d -m 0755 $RPM_BUILD_ROOT%{_mandir}/man3 - -make %{?_smp_mflags} install DESTDIR=${RPM_BUILD_ROOT} - -rm -f $RPM_BUILD_ROOT%{_libdir}/libtpms.la - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig +%make_install +%delete_la %changelog +* Sat Jul 12 2025 Funda Wang - 0.10.1-1 +- update to 0.10.1 +- openssl crypto is required for tpm2 +- cleanup spec + * Wed Jul 9 2025 zhanglongfei- - 0.9.6-3 - Adapt to OpenSSL 3.0 for SM3 diff --git a/libtpms.yaml b/libtpms.yaml index 4bb62614a8ae1c23cbd3b07a550a2db9e374592f..b65c5cb326995beaab9013a8e620eb200820626e 100644 --- a/libtpms.yaml +++ b/libtpms.yaml @@ -1,3 +1,4 @@ version_control: github src_repo: stefanberger/libtpms -tag_prefix: "v" +tag_prefix: "^v" +separator: .