meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0002-ossl-require-version-1.1.0-or-greater.patch

From d33e5ef0b11125fe4683d7bfa17023e24997f587 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Fri, 3 Sep 2021 11:30:50 -0500
Subject: [PATCH 2/2] ossl: require version 1.1.0 or greater

THIS DROPS SUPPORT FOR OSSL 1.0.2.

Signed-off-by: William Roberts <william.c.roberts@intel.com>

Upstream-Status: Backport
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 configure.ac       |  2 +-
 src/lib/ssl_util.h | 43 +++++--------------------------------------
 2 files changed, 6 insertions(+), 39 deletions(-)

diff --git a/configure.ac b/configure.ac
index a7aeaf5..94fb5d4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -55,7 +55,7 @@ PKG_CHECK_EXISTS([tss2-esys >= 3.0],
 # require sqlite3 and libcrypto
 PKG_CHECK_MODULES([SQLITE3],     [sqlite3])
 PKG_CHECK_MODULES([YAML],        [yaml-0.1])
-PKG_CHECK_MODULES([CRYPTO],      [libcrypto >= 1.0.2g])
+PKG_CHECK_MODULES([CRYPTO],      [libcrypto >= 1.1.0])
 
 # check for pthread
 AX_PTHREAD([],[AC_MSG_ERROR([Cannot find pthread])])
diff --git a/src/lib/ssl_util.h b/src/lib/ssl_util.h
index 9909fd6..2591728 100644
--- a/src/lib/ssl_util.h
+++ b/src/lib/ssl_util.h
@@ -15,51 +15,18 @@
 #include "log.h"
 #include "twist.h"
 
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) /* OpenSSL 1.1.0 */
-#define LIB_TPM2_OPENSSL_OPENSSL_PRE11
-/* LibreSSL does not appear to have evperr.h, so their is no need to define this otherwise */
-#elif (OPENSSL_VERSION_NUMBER >= 0x1010100fL) /* OpenSSL 1.1.1 */
+#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL) /* OpenSSL 1.1.1 */
 #define LIB_TPM2_OPENSSL_OPENSSL_POST111 0x1010100f
 #endif
 
-#if (OPENSSL_VERSION_NUMBER >= 0x30000000) /* OpenSSL 3.0.0 */
-#define LIB_TPM2_OPENSSL_OPENSSL_POST300 0x1010100f
+#if defined(LIB_TPM2_OPENSSL_OPENSSL_POST111)
+#include <openssl/evperr.h>
 #endif
 
-/* OpenSSL Backwards Compat APIs */
-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
-#include <string.h>
-size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
-                          point_conversion_form_t form,
-                          unsigned char **pbuf, BN_CTX *ctx);
-
-const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
-
-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
-
-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-
-EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
-
-static inline void *OPENSSL_memdup(const void *dup, size_t l) {
-
-    void *p = OPENSSL_malloc(l);
-    if (!p) {
-        return NULL;
-    }
-
-    memcpy(p, dup, l);
-    return p;
-}
-
-#endif
-
-#ifndef RSA_PSS_SALTLEN_DIGEST
-#define RSA_PSS_SALTLEN_DIGEST -1
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000) /* OpenSSL 3.0.0 */
+#define LIB_TPM2_OPENSSL_OPENSSL_POST300 0x1010100f
 #endif
 
-/* Utility APIs */
-
 #define SSL_UTIL_LOGE(m) LOGE("%s: %s", m, ERR_error_string(ERR_get_error(), NULL));
 
 CK_RV ssl_util_attrs_to_evp(attr_list *attrs, EVP_PKEY **outpkey);
-- 
2.25.1