tpm-luks: add openssl1.1 patch
This commit is contained in:
parent
b689d71b9c
commit
78be12d315
3 changed files with 83 additions and 0 deletions
|
@ -10,6 +10,11 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "1ms2v57f13r9km6mvf9rha5ndmlmjvrz3mcikai6nzhpj0nrjz0w";
|
||||
};
|
||||
|
||||
patches = [
|
||||
./openssl-1.1.patch
|
||||
./signed-ptr.patch
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook ];
|
||||
buildInputs = [ gawk trousers cryptsetup openssl ];
|
||||
|
||||
|
|
63
pkgs/tools/security/tpm-luks/openssl-1.1.patch
Normal file
63
pkgs/tools/security/tpm-luks/openssl-1.1.patch
Normal file
|
@ -0,0 +1,63 @@
|
|||
diff --git a/swtpm-utils/lib/hmac.c b/swtpm-utils/lib/hmac.c
|
||||
index 5545375..f9bedea 100644
|
||||
--- a/swtpm-utils/lib/hmac.c
|
||||
+++ b/swtpm-utils/lib/hmac.c
|
||||
@@ -381,15 +381,19 @@ uint32_t TSS_authhmac(unsigned char *digest, unsigned char *key, unsigned int ke
|
||||
/****************************************************************************/
|
||||
uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...)
|
||||
{
|
||||
- HMAC_CTX hmac;
|
||||
+ HMAC_CTX* hmac;
|
||||
unsigned int dlen;
|
||||
unsigned char *data;
|
||||
va_list argp;
|
||||
-
|
||||
-#ifdef HAVE_HMAC_CTX_CLEANUP
|
||||
- HMAC_CTX_init(&hmac);
|
||||
-#endif
|
||||
- HMAC_Init(&hmac,key,keylen,EVP_sha1());
|
||||
+
|
||||
+ hmac = HMAC_CTX_new();
|
||||
+
|
||||
+ if (hmac == NULL)
|
||||
+ {
|
||||
+ return ERR_MEM_ERR;
|
||||
+ }
|
||||
+
|
||||
+ HMAC_Init_ex(hmac,key,keylen,EVP_sha1(),NULL);
|
||||
|
||||
va_start(argp,keylen);
|
||||
for (;;)
|
||||
@@ -398,15 +402,11 @@ uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned i
|
||||
if (dlen == 0) break;
|
||||
data = (unsigned char *)va_arg(argp,unsigned char *);
|
||||
if (data == NULL) return ERR_NULL_ARG;
|
||||
- HMAC_Update(&hmac,data,dlen);
|
||||
+ HMAC_Update(hmac,data,dlen);
|
||||
}
|
||||
- HMAC_Final(&hmac,digest,&dlen);
|
||||
+ HMAC_Final(hmac,digest,&dlen);
|
||||
|
||||
-#ifdef HAVE_HMAC_CTX_CLEANUP
|
||||
- HMAC_CTX_cleanup(&hmac);
|
||||
-#else
|
||||
- HMAC_cleanup(&hmac);
|
||||
-#endif
|
||||
+ HMAC_CTX_free(hmac);
|
||||
va_end(argp);
|
||||
return 0;
|
||||
}
|
||||
diff --git a/swtpm-utils/lib/keys.c b/swtpm-utils/lib/keys.c
|
||||
index 99691b6..6627a1f 100644
|
||||
--- a/swtpm-utils/lib/keys.c
|
||||
+++ b/swtpm-utils/lib/keys.c
|
||||
@@ -1249,8 +1249,7 @@ RSA *TSS_convpubkey(pubkeydata *k)
|
||||
exp);
|
||||
}
|
||||
/* set up the RSA public key structure */
|
||||
- rsa->n = mod;
|
||||
- rsa->e = exp;
|
||||
+ RSA_set0_key(rsa, mod, exp, NULL);
|
||||
return rsa;
|
||||
}
|
||||
|
15
pkgs/tools/security/tpm-luks/signed-ptr.patch
Normal file
15
pkgs/tools/security/tpm-luks/signed-ptr.patch
Normal file
|
@ -0,0 +1,15 @@
|
|||
diff --git a/swtpm-utils/getcapability.c b/swtpm-utils/getcapability.c
|
||||
index 7359ba3..17b4324 100644
|
||||
--- a/swtpm-utils/getcapability.c
|
||||
+++ b/swtpm-utils/getcapability.c
|
||||
@@ -480,7 +480,8 @@ int main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
if (c) {
|
||||
- char pcrmap[4], *pf;
|
||||
+ char pcrmap[4];
|
||||
+ unsigned char *pf;
|
||||
|
||||
memcpy(pcrmap, ndp.pcrInfoRead.pcrSelection.pcrSelect,
|
||||
ndp.pcrInfoRead.pcrSelection.sizeOfSelect);
|
||||
|
Loading…
Reference in a new issue