- Fix pkg-message.

- Use post-install-EXAMPLES-on: - Take maintainership.
author: Hiroki Sato <hrs@FreeBSD.org> 2016-05-18 17:47:45 +0000
committer: Hiroki Sato <hrs@FreeBSD.org> 2016-05-18 17:47:45 +0000
commit: 885198c68f97f9a78bbcf9f85c80ac8dc5d294c9 (patch)
tree: a6be3d1d401f1c6f2c3e0c47da91f3964463ef67 /security
parent: Update to 3.5. Notable changes are as follows: (diff)
7 files changed, 57 insertions, 62 deletions
diff --git a/security/openssl_tpm_engine/Makefile b/security/openssl_tpm_engine/Makefile
index 7971f9bc6eee..eebdf14afb64 100644
--- a/security/openssl_tpm_engine/Makefile
+++ b/security/openssl_tpm_engine/Makefile
@@ -3,11 +3,11 @@
 
 PORTNAME=	openssl_tpm_engine
 PORTVERSION=	0.4.2
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	security
 MASTER_SITES=	SF/trousers/OpenSSL%20TPM%20Engine/${PORTVERSION}
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	hrs@FreeBSD.org
 COMMENT=	OpenSSL TPM engine
 
 LICENSE=	OpenSSL
@@ -22,15 +22,20 @@ GNU_CONFIGURE=	yes
 LDFLAGS+=	-L${LOCALBASE}/lib -lcrypto
 CFLAGS+=	-I${LOCALBASE}/include
 SUB_FILES=	pkg-message
-PORTEXAMPLES=	openssl.cnf.sample
+PLIST_FILES=	bin/create_tpm_key \
+		lib/openssl/engines/libtpm.so \
+		lib/openssl/engines/libtpm.so.0 \
+		lib/openssl/engines/libtpm.so.0.0.0
 INSTALL_TARGET=	install-strip
+PORTEXAMPLES=	openssl.cnf.sample
 
 OPTIONS_DEFINE=	EXAMPLES
 
 post-patch:
-	@${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/openssl.cnf.sample
+	@${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' \
+	    ${WRKSRC}/openssl.cnf.sample
 
-post-install:
+post-install-EXAMPLES-on:
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
 	${INSTALL_DATA} ${WRKSRC}/openssl.cnf.sample ${STAGEDIR}${EXAMPLESDIR}
 
diff --git a/security/openssl_tpm_engine/files/patch-e_tpm.c b/security/openssl_tpm_engine/files/patch-e_tpm.c
index eea99acf2994..87cd1cd4b3b0 100644
--- a/security/openssl_tpm_engine/files/patch-e_tpm.c
+++ b/security/openssl_tpm_engine/files/patch-e_tpm.c
@@ -1,5 +1,5 @@
---- e_tpm.c.orig	2012-09-20 02:57:45.000000000 +0900
-+++ e_tpm.c	2013-07-26 00:25:21.000000000 +0900
+--- e_tpm.c.orig	2012-09-19 17:57:45 UTC
++++ e_tpm.c
 @@ -35,6 +35,7 @@
  #include <tss/tspi.h>
  
@@ -8,7 +8,7 @@
  
  #include "e_tpm.h"
  
-@@ -55,10 +56,10 @@
+@@ -55,10 +56,10 @@ static char *tpm_engine_get_auth(UI_METH
  /* rsa functions */
  static int tpm_rsa_init(RSA *rsa);
  static int tpm_rsa_finish(RSA *rsa);
@@ -23,7 +23,7 @@
  //static int tpm_rsa_sign(int, const unsigned char *, unsigned int, unsigned char *, unsigned int *, const RSA *);
  static int tpm_rsa_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
  #endif
-@@ -72,6 +73,7 @@
+@@ -72,6 +73,7 @@ static void tpm_rand_seed(const void *, 
  #define TPM_CMD_SO_PATH		ENGINE_CMD_BASE
  #define TPM_CMD_PIN		ENGINE_CMD_BASE+1
  #define TPM_CMD_SECRET_MODE	ENGINE_CMD_BASE+2
@@ -31,7 +31,7 @@
  static const ENGINE_CMD_DEFN tpm_cmd_defns[] = {
  	{TPM_CMD_SO_PATH,
  	 "SO_PATH",
-@@ -85,6 +87,10 @@
+@@ -85,6 +87,10 @@ static const ENGINE_CMD_DEFN tpm_cmd_def
  	 "SECRET_MODE",
  	 "The TSS secret mode for all secrets",
  	 ENGINE_CMD_FLAG_NUMERIC},
@@ -42,7 +42,7 @@
  	{0, NULL, NULL, 0}
  };
  
-@@ -167,6 +173,9 @@
+@@ -167,6 +173,9 @@ static unsigned int (*p_tspi_Hash_SetHas
  static unsigned int (*p_tspi_GetPolicyObject)();
  static unsigned int (*p_tspi_Policy_SetSecret)();
  static unsigned int (*p_tspi_Policy_AssignToObject)();
@@ -52,7 +52,7 @@
  
  /* Override the real function calls to use our indirect pointers */
  #define Tspi_Context_Create p_tspi_Context_Create
-@@ -193,6 +202,9 @@
+@@ -193,6 +202,9 @@ static unsigned int (*p_tspi_Policy_Assi
  #define Tspi_Hash_SetHashValue p_tspi_Hash_SetHashValue
  #define Tspi_Policy_SetSecret p_tspi_Policy_SetSecret
  #define Tspi_Policy_AssignToObject p_tspi_Policy_AssignToObject
@@ -62,7 +62,7 @@
  #endif /* DLOPEN_TSPI */
  
  /* This internal function is used by ENGINE_tpm() and possibly by the
-@@ -248,6 +260,7 @@
+@@ -248,6 +260,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
  	TSS_RESULT result;
  	UINT32 authusage;
  	BYTE *auth;
@@ -70,7 +70,7 @@
  
  	if (hSRK != NULL_HKEY) {
  		DBGFN("SRK is already loaded.");
-@@ -294,6 +307,7 @@
+@@ -294,6 +307,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
  		return 0;
  	}
  
@@ -78,7 +78,7 @@
  	if ((auth = calloc(1, 128)) == NULL) {
  		TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
  		return 0;
-@@ -319,6 +333,15 @@
+@@ -319,6 +333,15 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
  
  	free(auth);
  
@@ -94,7 +94,7 @@
  	return 1;
  }
  
-@@ -376,7 +399,10 @@
+@@ -376,7 +399,10 @@ static int tpm_engine_init(ENGINE * e)
  	    !bind_tspi_func(tpm_dso, Context_GetTpmObject) ||
  	    !bind_tspi_func(tpm_dso, GetAttribUint32) ||
  	    !bind_tspi_func(tpm_dso, SetAttribData) ||
@@ -106,7 +106,7 @@
  	    ) {
  		TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE);
  		goto err;
-@@ -438,6 +464,9 @@
+@@ -438,6 +464,9 @@ err:
  	p_tspi_Policy_AssignToObject = NULL;
  	p_tspi_TPM_StirRandom = NULL;
  	p_tspi_TPM_GetRandom = NULL;
@@ -116,7 +116,7 @@
  #endif
  	return 0;
  }
-@@ -566,6 +595,55 @@
+@@ -566,6 +595,55 @@ int fill_out_rsa_object(RSA *rsa, TSS_HK
  	return 1;
  }
  
@@ -172,7 +172,7 @@
  static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id,
  				     UI_METHOD *ui, void *cb_data)
  {
-@@ -580,7 +658,7 @@
+@@ -580,7 +658,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG
  
  	DBG("%s", __FUNCTION__);
  
@@ -181,7 +181,7 @@
  		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER);
  		return NULL;
  	}
-@@ -590,17 +668,27 @@
+@@ -590,17 +668,27 @@ static EVP_PKEY *tpm_engine_load_key(ENG
  		return NULL;
  	}
  
@@ -211,7 +211,7 @@
  		BIO_free(bf);
  		return NULL;
  	}
-@@ -611,7 +699,7 @@
+@@ -611,7 +699,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG
  						   blobstr->length,
  						   blobstr->data, &hKey))) {
  		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
@@ -220,7 +220,7 @@
  		return NULL;
  	}
  	ASN1_OCTET_STRING_free(blobstr);
-@@ -621,7 +709,7 @@
+@@ -621,7 +709,7 @@ static EVP_PKEY *tpm_engine_load_key(ENG
  					     &authusage))) {
  		Tspi_Context_CloseObject(hContext, hKey);
  		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
@@ -229,7 +229,7 @@
  		return NULL;
  	}
  
-@@ -726,7 +814,7 @@
+@@ -726,7 +814,7 @@ static int tpm_create_srk_policy(void *s
  							  TSS_POLICY_USAGE,
  							  &hSRKPolicy))) {
  			TSSerr(TPM_F_TPM_CREATE_SRK_POLICY,
@@ -238,7 +238,7 @@
  			return 0;
  		}
  	}
-@@ -740,6 +828,70 @@
+@@ -740,6 +828,70 @@ static int tpm_create_srk_policy(void *s
  	return 1;
  }
  
@@ -309,7 +309,7 @@
  static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
  {
  	int initialised = !!hContext;
-@@ -778,6 +930,8 @@
+@@ -778,6 +930,8 @@ static int tpm_engine_ctrl(ENGINE * e, i
  			return 1;
  		case TPM_CMD_PIN:
  			return tpm_create_srk_policy(p);
@@ -318,7 +318,7 @@
  		default:
  			break;
  	}
-@@ -832,7 +986,7 @@
+@@ -832,7 +986,7 @@ static int tpm_rsa_finish(RSA *rsa)
  }
  
  static int tpm_rsa_pub_dec(int flen,
@@ -327,7 +327,7 @@
  			   unsigned char *to,
  			   RSA *rsa,
  			   int padding)
-@@ -851,7 +1005,7 @@
+@@ -851,7 +1005,7 @@ static int tpm_rsa_pub_dec(int flen,
  }
  
  static int tpm_rsa_priv_dec(int flen,
@@ -336,7 +336,7 @@
  			    unsigned char *to,
  			    RSA *rsa,
  			    int padding)
-@@ -928,7 +1082,7 @@
+@@ -928,7 +1082,7 @@ static int tpm_rsa_priv_dec(int flen,
  }
  
  static int tpm_rsa_pub_enc(int flen,
@@ -345,7 +345,7 @@
  			   unsigned char *to,
  			   RSA *rsa,
  			   int padding)
-@@ -1035,7 +1189,7 @@
+@@ -1035,7 +1189,7 @@ static int tpm_rsa_pub_enc(int flen,
  }
  
  static int tpm_rsa_priv_enc(int flen,
@@ -354,7 +354,7 @@
  			    unsigned char *to,
  			    RSA *rsa,
  			    int padding)
-@@ -1080,7 +1234,10 @@
+@@ -1080,7 +1234,10 @@ static int tpm_rsa_priv_enc(int flen,
  	}
  
  	if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) {
diff --git a/security/openssl_tpm_engine/files/patch-e_tpm.h b/security/openssl_tpm_engine/files/patch-e_tpm.h
index 034bb5e0a1d9..f2f137fc9909 100644
--- a/security/openssl_tpm_engine/files/patch-e_tpm.h
+++ b/security/openssl_tpm_engine/files/patch-e_tpm.h
@@ -1,8 +1,8 @@
 http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com
 
---- e_tpm.h.orig	2006-08-04 04:22:05.000000000 +0900
-+++ e_tpm.h	2010-10-31 23:46:45.913856850 +0900
-@@ -74,6 +74,8 @@
+--- e_tpm.h.orig	2012-09-12 15:32:53 UTC
++++ e_tpm.h
+@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int rea
  #define TPM_F_TPM_FILL_RSA_OBJECT		116
  #define TPM_F_TPM_ENGINE_GET_AUTH		117
  #define TPM_F_TPM_CREATE_SRK_POLICY		118
@@ -11,7 +11,7 @@ http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.
  
  /* Reason codes. */
  #define TPM_R_ALREADY_LOADED			100
-@@ -104,6 +106,7 @@
+@@ -96,6 +98,7 @@ void ERR_TSS_error(int function, int rea
  #define TPM_R_ID_INVALID			125
  #define TPM_R_UI_METHOD_FAILED			126
  #define TPM_R_UNKNOWN_SECRET_MODE		127
@@ -19,7 +19,7 @@ http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.
  
  /* structure pointed to by the RSA object's app_data pointer */
  struct rsa_app_data
-@@ -115,6 +118,25 @@
+@@ -107,6 +110,25 @@ struct rsa_app_data
  	UINT32 sigScheme;
  };
  
diff --git a/security/openssl_tpm_engine/files/patch-e_tpm_err.c b/security/openssl_tpm_engine/files/patch-e_tpm_err.c
index 847c6a115388..59afec81d562 100644
--- a/security/openssl_tpm_engine/files/patch-e_tpm_err.c
+++ b/security/openssl_tpm_engine/files/patch-e_tpm_err.c
@@ -1,8 +1,8 @@
 http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com
 
---- e_tpm_err.c.orig	2005-10-06 04:02:16.000000000 +0900
-+++ e_tpm_err.c	2010-10-31 23:44:32.217860972 +0900
-@@ -246,6 +246,7 @@
+--- e_tpm_err.c.orig	2011-01-20 18:24:04 UTC
++++ e_tpm_err.c
+@@ -235,6 +235,7 @@ static ERR_STRING_DATA TPM_str_functs[] 
  	{ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"},
  	{ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"},
  	{ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"},
@@ -10,7 +10,7 @@ http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.
  	{0, NULL}
  };
  
-@@ -276,6 +277,7 @@
+@@ -265,6 +266,7 @@ static ERR_STRING_DATA TPM_str_reasons[]
  	{TPM_R_FILE_READ_FAILED, "failed reading the key file"},
  	{TPM_R_ID_INVALID, "engine id doesn't match"},
  	{TPM_R_UI_METHOD_FAILED, "ui function failed"},
diff --git a/security/openssl_tpm_engine/files/patch-openssl.cnf.sample b/security/openssl_tpm_engine/files/patch-openssl.cnf.sample
index b871fe4c1d86..eb69c75fc433 100644
--- a/security/openssl_tpm_engine/files/patch-openssl.cnf.sample
+++ b/security/openssl_tpm_engine/files/patch-openssl.cnf.sample
@@ -1,6 +1,6 @@
---- openssl.cnf.sample.orig	2005-09-30 00:02:58.000000000 +0900
-+++ openssl.cnf.sample	2010-11-07 00:53:39.968569790 +0900
-@@ -18,7 +18,7 @@
+--- openssl.cnf.sample.orig	2012-09-19 17:56:45 UTC
++++ openssl.cnf.sample
+@@ -18,7 +18,7 @@ engines = engine_section
  foo = tpm_section
  
  [tpm_section]
diff --git a/security/openssl_tpm_engine/files/pkg-message.in b/security/openssl_tpm_engine/files/pkg-message.in
index 4947c3aa6917..68bdf78fb393 100644
--- a/security/openssl_tpm_engine/files/pkg-message.in
+++ b/security/openssl_tpm_engine/files/pkg-message.in
@@ -1,17 +1,11 @@
-A sample openssl.cnf was copied to
-	%%PREFIX%%/share/examples/tpm/openssl.cnf.sample
+A sample configuration which has to be added into /etc/ssl/openssl.cnf
+to enable "tpm" engine in OpenSSL can be found at
+%%EXAMPLESDIR%%/openssl.cnf.sample.
+Note that tcsd daemon in security/trousers must be running.  If not,
+you might get the following error messages:
 
-To use 'tpm' openssl engine, please add above sample configuration
-to /etc/ssl/openssl.cnf.
-
-If you setup tpm engine to openssl.cnf, please start always tcsd
-daemon (ports/security/trousers), or many applications using openssl
-like sshd/httpd doesn't work soon / you get following messages like:
-
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Auto configuration failed
-65738:error:80066070:tpm engine:TPM_ENGINE_INIT:unit failure:e_tpm.c:484:
-65738:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_table.c:161:
-65738:error:260BC065:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_cnf.c:204:section=tpm_section, name=default_algorithms, value=ALL
-65738:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_mod.c:235:module=engines, value=engine_section, retcode=-1      
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ | Auto configuration failed
+ | 65738:error:80066070:tpm engine:TPM_ENGINE_INIT:unit failure:e_tpm.c:484:
+ | 65738:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_table.c:161:
+ | 65738:error:260BC065:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_cnf.c:204:section=tpm_section, name=default_algorithms, value=ALL
+ | 65738:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_mod.c:235:module=engines, value=engine_section, retcode=-1      
diff --git a/security/openssl_tpm_engine/pkg-plist b/security/openssl_tpm_engine/pkg-plist
deleted file mode 100644
index 5751cf17ceb6..000000000000
--- a/security/openssl_tpm_engine/pkg-plist
+++ /dev/null
@@ -1,4 +0,0 @@
-bin/create_tpm_key
-lib/openssl/engines/libtpm.so
-lib/openssl/engines/libtpm.so.0
-lib/openssl/engines/libtpm.so.0.0.0
author	Hiroki Sato <hrs@FreeBSD.org>	2016-05-18 17:47:45 +0000
committer	Hiroki Sato <hrs@FreeBSD.org>	2016-05-18 17:47:45 +0000
commit	885198c68f97f9a78bbcf9f85c80ac8dc5d294c9 (patch)
tree	a6be3d1d401f1c6f2c3e0c47da91f3964463ef67 /security
parent	Update to 3.5. Notable changes are as follows: (diff)