[gentoo-commits] repo/proj/libressl:master commit in: app-crypt/tpm2-tss/, app-crypt/tpm2-tss/files/ - gentoo-commits

From:	Quentin Retornaz <gentoo@××××××××.com>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/proj/libressl:master commit in: app-crypt/tpm2-tss/, app-crypt/tpm2-tss/files/
Date:	Tue, 05 Jul 2022 21:19:34
Message-Id:	`1657055925.0df6c8964f4fe0fff2aac033e5f1622be55a4cfe.quentin@gentoo`

1

commit:     0df6c8964f4fe0fff2aac033e5f1622be55a4cfe

2

Author:     orbea <orbea <AT> riseup <DOT> net>

3

AuthorDate: Tue Jul  5 07:01:35 2022 +0000

4

Commit:     Quentin Retornaz <gentoo <AT> retornaz <DOT> com>

5

CommitDate: Tue Jul  5 21:18:45 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=0df6c896

7

8

app-crypt/tpm2-tss: Add package

9

10

Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380

11

Signed-off-by: orbea <orbea <AT> riseup.net>

12

Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>

13

14

 app-crypt/tpm2-tss/Manifest                        |   1 +

15

 ...1.0-Dont-run-systemd-sysusers-in-Makefile.patch |  29 ++++++

16

 .../tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch   |  84 +++++++++++++++++

17

 app-crypt/tpm2-tss/metadata.xml                    |  20 +++++

18

 app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild        | 100 +++++++++++++++++++++

19

 5 files changed, 234 insertions(+)

20

21

diff --git a/app-crypt/tpm2-tss/Manifest b/app-crypt/tpm2-tss/Manifest

22

new file mode 100644

23

index 0000000..fbe1511

24

--- /dev/null

25

+++ b/app-crypt/tpm2-tss/Manifest

26

@@ -0,0 +1 @@

27

+DIST tpm2-tss-3.2.0.tar.gz 1629211 BLAKE2B a89aa4d89a50bdfb5a9652874d30e2138747bd022049f2be2d0b56e296329d0c41254033ec3a062dbd64fde54a62e952f54446c551e5788231827cd53fae045a SHA512 cabb411f074dfa94919ba914849aac77a0ac2f50622e28a1406cf575369148774748e0e2b7a7c566ec83561a96d4b883bac5a3b1763f4cf48668a0c5d68c0a23

28

29

diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch

30

new file mode 100644

31

index 0000000..b66b6e7

32

--- /dev/null

33

+++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch

34

@@ -0,0 +1,29 @@

35

+diff --git a/Makefile.am b/Makefile.am

36

+index 183289f7..c791896c 100644

37

+--- a/Makefile.am

38

++++ b/Makefile.am

39

+@@ -689,24 +689,6 @@ endif #FAPI

40

+ EXTRA_DIST += dist/tpm-udev.rules

41

+

42

+ install-dirs:

43

+-if HOSTOS_LINUX

44

+-if SYSD_SYSUSERS

45

+-	@echo "systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf"

46

+-	@systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf || echo "WARNING Failed to create the tss user and group"

47

+-else

48

+-	@echo "call make_tss_user_and_group"

49

+-	@$(call make_tss_user_and_group) || echo "WARNING Failed to create the tss user and group"

50

+-endif

51

+-if SYSD_TMPFILES

52

+-	@echo "systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf"

53

+-	@systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf|| echo "WARNING Failed to create the FAPI directories with the correct permissions"

54

+-else

55

+-	@echo "(call make_fapi_dirs) && (call set_fapi_permissions)"

56

+-	@-$(call make_fapi_dirs) && $(call set_fapi_permissions) || echo "WARNING Failed to create the FAPI directories with the correct permissions"

57

+-endif

58

+-	@echo "call check_fapi_dirs"

59

+-	@$(call check_fapi_dirs)

60

+-endif

61

+

62

+ install-data-hook: install-dirs

63

+ 	-if [ ! -z "$(udevrulesprefix)" ]; then \

64

65

diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch

66

new file mode 100644

67

index 0000000..211424c

68

--- /dev/null

69

+++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch

70

@@ -0,0 +1,84 @@

71

+Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380

72

+

73

+From bf6831c474334cbb923de0193d7431ad7805f484 Mon Sep 17 00:00:00 2001

74

+From: orbea <orbea@××××××.net>

75

+Date: Mon, 4 Jul 2022 23:55:18 -0700

76

+Subject: [PATCH] Support LibreSSL

77

+

78

+This works with LibreSSL 3.5.x.

79

+

80

+Signed-off-by: orbea <orbea@××××××.net>

81

+---

82

+ src/tss2-esys/esys_crypto_ossl.c | 13 ++++++++++---

83

+ src/tss2-fapi/fapi_crypto.c      |  4 ++--

84

+ 2 files changed, 12 insertions(+), 5 deletions(-)

85

+

86

+diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c

87

+index 89d312f70..961d7707f 100644

88

+--- a/src/tss2-esys/esys_crypto_ossl.c

89

++++ b/src/tss2-esys/esys_crypto_ossl.c

90

+@@ -392,7 +392,7 @@ iesys_cryptossl_hmac_start(ESYS_CRYPTO_CONTEXT_BLOB ** context,

91

+                    "Error EVP_MD_CTX_create", cleanup);

92

+     }

93

+

94

+-#if OPENSSL_VERSION_NUMBER < 0x10101000L

95

++#if OPENSSL_VERSION_NUMBER < 0x10101000L || defined(LIBRESSL_VERSION_NUMBER)

96

+     if (!(hkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, size))) {

97

+ #else

98

+     /* this is preferred, but available since OpenSSL 1.1.1 only */

99

+@@ -558,7 +558,11 @@ iesys_cryptossl_random2b(

100

+     int rc;

101

+ #if OPENSSL_VERSION_NUMBER < 0x30000000L

102

+     const RAND_METHOD *rand_save = RAND_get_rand_method();

103

++#ifdef LIBRESSL_VERSION_NUMBER

104

++    RAND_set_rand_method(RAND_SSLeay());

105

++#else

106

+     RAND_set_rand_method(RAND_OpenSSL());

107

++#endif

108

+ #else

109

+     OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();

110

+     if (!libctx)

111

+@@ -615,8 +619,11 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,

112

+     RSA *rsa_key = NULL;

113

+     const EVP_MD * hashAlg = NULL;

114

+     const RAND_METHOD *rand_save = RAND_get_rand_method();

115

+-

116

++#ifdef LIBRESSL_VERSION_NUMBER

117

++    RAND_set_rand_method(RAND_SSLeay());

118

++#else

119

+     RAND_set_rand_method(RAND_OpenSSL());

120

++#endif

121

+ #else

122

+     OSSL_LIB_CTX *libctx = NULL;

123

+     EVP_MD * hashAlg = NULL;

124

+@@ -919,7 +926,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,

125

+         curveId = NID_secp521r1;

126

+         key_size = 66;

127

+         break;

128

+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L

129

++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)

130

+     case TPM2_ECC_SM2_P256:

131

+         curveId = NID_sm2;

132

+         key_size = 32;

133

+diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c

134

+index 2fe37c0c4..c1563237a 100644

135

+--- a/src/tss2-fapi/fapi_crypto.c

136

++++ b/src/tss2-fapi/fapi_crypto.c

137

+@@ -544,7 +544,7 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY **evpPublicKey)

138

+     case TPM2_ECC_NIST_P521:

139

+         curveId = NID_secp521r1;

140

+         break;

141

+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L

142

++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)

143

+     case TPM2_ECC_SM2_P256:

144

+         curveId = NID_sm2;

145

+         break;

146

+@@ -1155,7 +1155,7 @@ get_ecc_tpm2b_public_from_evp(

147

+     case NID_secp521r1:

148

+         tpmCurveId = TPM2_ECC_NIST_P521;

149

+         break;

150

+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L

151

++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)

152

+     case NID_sm2:

153

+         tpmCurveId = TPM2_ECC_SM2_P256;

154

+         break;

155

156

diff --git a/app-crypt/tpm2-tss/metadata.xml b/app-crypt/tpm2-tss/metadata.xml

157

new file mode 100644

158

index 0000000..0a726fa

159

--- /dev/null

160

+++ b/app-crypt/tpm2-tss/metadata.xml

161

@@ -0,0 +1,20 @@

162

+<?xml version="1.0" encoding="UTF-8"?>

163

+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">

164

+<pkgmetadata>

165

+	<maintainer type="person" proxied="yes">

166

+		<email>salah.coronya@×××××.com</email>

167

+		<name>Christopher Byrne</name>

168

+	</maintainer>

169

+	<maintainer type="project" proxied="proxy">

170

+		<email>proxy-maint@g.o</email>

171

+		<name>Proxy Maintainers</name>

172

+	</maintainer>

173

+	<use>

174

+		<flag name="fapi">Enable feature API (requires openssl as crypto backend)</flag>

175

+		<flag name="mbedtls">Use <pkg>net-libs/mbedtls</pkg> as crypto engine</flag>

176

+		<flag name="openssl">Use <pkg>dev-libs/openssl</pkg> as crypto engine</flag>

177

+	</use>

178

+	<upstream>

179

+		<remote-id type="github">tpm2-software/tpm2-tss</remote-id>

180

+	</upstream>

181

+</pkgmetadata>

182

183

diff --git a/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild

184

new file mode 100644

185

index 0000000..bc8875b

186

--- /dev/null

187

+++ b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild

188

@@ -0,0 +1,100 @@

189

+# Copyright 1999-2022 Gentoo Authors

190

+# Distributed under the terms of the GNU General Public License v2

191

+

192

+EAPI=7

193

+

194

+inherit autotools linux-info multilib-minimal tmpfiles udev

195

+

196

+DESCRIPTION="TCG Trusted Platform Module 2.0 Software Stack"

197

+HOMEPAGE="https://github.com/tpm2-software/tpm2-tss"

198

+SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz"

199

+

200

+LICENSE="BSD-2"

201

+SLOT="0/3"

202

+KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86"

203

+IUSE="doc +fapi +openssl mbedtls static-libs test"

204

+

205

+RESTRICT="!test? ( test )"

206

+

207

+REQUIRED_USE="^^ ( mbedtls openssl )

208

+		fapi? ( openssl !mbedtls )"

209

+

210

+RDEPEND="acct-group/tss

211

+	acct-user/tss

212

+	fapi? ( dev-libs/json-c:=[${MULTILIB_USEDEP}]

213

+		>=net-misc/curl-7.80.0[${MULTILIB_USEDEP}] )

214

+	mbedtls? ( net-libs/mbedtls:=[${MULTILIB_USEDEP}] )

215

+	openssl? ( dev-libs/openssl:=[${MULTILIB_USEDEP}] )"

216

+

217

+DEPEND="${RDEPEND}

218

+	test? ( app-crypt/swtpm

219

+		dev-libs/uthash

220

+		dev-util/cmocka

221

+		fapi? ( >=net-misc/curl-7.80.0 ) )"

222

+BDEPEND="sys-apps/acl

223

+	virtual/pkgconfig

224

+	doc? ( app-doc/doxygen )"

225

+

226

+PATCHES=(

227

+	"${FILESDIR}/${PN}-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch"

228

+	"${FILESDIR}/${P}-libressl.patch"

229

+)

230

+

231

+pkg_setup() {

232

+	local CONFIG_CHECK=" \

233

+		~TCG_TPM

234

+	"

235

+	linux-info_pkg_setup

236

+	kernel_is ge 4 12 0 || ewarn "At least kernel 4.12.0 is required"

237

+}

238

+

239

+src_prepare() {

240

+	default

241

+

242

+	# See bug #833887 (and similar); eautoreconf means .pc file gets wrong version.

243

+	sed -i \

244

+	"s/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/" \

245

+		"configure.ac" || die

246

+

247

+	eautoreconf

248

+}

249

+

250

+multilib_src_configure() {

251

+	ECONF_SOURCE=${S} econf \

252

+		--localstatedir=/var \

253

+		$(use_enable doc doxygen-doc) \

254

+		$(use_enable fapi) \

255

+		$(use_enable static-libs static) \

256

+		$(multilib_native_use_enable test unit) \

257

+		$(multilib_native_use_enable test integration) \

258

+		$(multilib_native_use_enable test self-generated-certificate) \

259

+		--disable-tcti-libtpms \

260

+		--disable-defaultflags \

261

+		--disable-weakcrypto \

262

+		--with-crypto="$(usex mbedtls mbed ossl)" \

263

+		--with-runstatedir=/run \

264

+		--with-udevrulesdir="$(get_udevdir)/rules.d" \

265

+		--with-udevrulesprefix=60- \

266

+		--with-sysusersdir="/usr/lib/sysusers.d" \

267

+		--with-tmpfilesdir="/usr/lib/tmpfiles.d"

268

+}

269

+

270

+multilib_src_install() {

271

+	default

272

+

273

+	if [[ ${PV} != $(sed -n -e 's/^Version: //p' "${ED}/usr/$(get_libdir)/pkgconfig/tss2-sys.pc" || die) ]] ; then

274

+		# Safeguard for bug #833887

275

+		die "pkg-config file version doesn't match ${PV}! Please report a bug!"

276

+	fi

277

+

278

+	find "${D}" -name '*.la' -delete || die

279

+}

280

+

281

+pkg_postinst() {

282

+	tmpfiles_process tpm2-tss-fapi.conf

283

+	udev_reload

284

+}

285

+

286

+pkg_postrm() {

287

+	udev_reload

288

+}

1	commit: 0df6c8964f4fe0fff2aac033e5f1622be55a4cfe
2	Author: orbea <orbea <AT> riseup <DOT> net>
3	AuthorDate: Tue Jul 5 07:01:35 2022 +0000
4	Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
5	CommitDate: Tue Jul 5 21:18:45 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=0df6c896
7
8	app-crypt/tpm2-tss: Add package
9
10	Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380
11	Signed-off-by: orbea <orbea <AT> riseup.net>
12	Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
13
14	app-crypt/tpm2-tss/Manifest \| 1 +
15	...1.0-Dont-run-systemd-sysusers-in-Makefile.patch \| 29 ++++++
16	.../tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch \| 84 +++++++++++++++++
17	app-crypt/tpm2-tss/metadata.xml \| 20 +++++
18	app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild \| 100 +++++++++++++++++++++
19	5 files changed, 234 insertions(+)
20
21	diff --git a/app-crypt/tpm2-tss/Manifest b/app-crypt/tpm2-tss/Manifest
22	new file mode 100644
23	index 0000000..fbe1511
24	--- /dev/null
25	+++ b/app-crypt/tpm2-tss/Manifest
26	@@ -0,0 +1 @@
27	+DIST tpm2-tss-3.2.0.tar.gz 1629211 BLAKE2B a89aa4d89a50bdfb5a9652874d30e2138747bd022049f2be2d0b56e296329d0c41254033ec3a062dbd64fde54a62e952f54446c551e5788231827cd53fae045a SHA512 cabb411f074dfa94919ba914849aac77a0ac2f50622e28a1406cf575369148774748e0e2b7a7c566ec83561a96d4b883bac5a3b1763f4cf48668a0c5d68c0a23
28
29	diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch
30	new file mode 100644
31	index 0000000..b66b6e7
32	--- /dev/null
33	+++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch
34	@@ -0,0 +1,29 @@
35	+diff --git a/Makefile.am b/Makefile.am
36	+index 183289f7..c791896c 100644
37	+--- a/Makefile.am
38	++++ b/Makefile.am
39	+@@ -689,24 +689,6 @@ endif #FAPI
40	+ EXTRA_DIST += dist/tpm-udev.rules
41	+
42	+ install-dirs:
43	+-if HOSTOS_LINUX
44	+-if SYSD_SYSUSERS
45	+- @echo "systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf"
46	+- @systemd-sysusers $(DESTDIR)$(sysconfdir)/sysusers.d/tpm2-tss.conf \|\| echo "WARNING Failed to create the tss user and group"
47	+-else
48	+- @echo "call make_tss_user_and_group"
49	+- @$(call make_tss_user_and_group) \|\| echo "WARNING Failed to create the tss user and group"
50	+-endif
51	+-if SYSD_TMPFILES
52	+- @echo "systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf"
53	+- @systemd-tmpfiles --create $(DESTDIR)$(sysconfdir)/tmpfiles.d/tpm2-tss-fapi.conf\|\| echo "WARNING Failed to create the FAPI directories with the correct permissions"
54	+-else
55	+- @echo "(call make_fapi_dirs) && (call set_fapi_permissions)"
56	+- @-$(call make_fapi_dirs) && $(call set_fapi_permissions) \|\| echo "WARNING Failed to create the FAPI directories with the correct permissions"
57	+-endif
58	+- @echo "call check_fapi_dirs"
59	+- @$(call check_fapi_dirs)
60	+-endif
61	+
62	+ install-data-hook: install-dirs
63	+ -if [ ! -z "$(udevrulesprefix)" ]; then \
64
65	diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch
66	new file mode 100644
67	index 0000000..211424c
68	--- /dev/null
69	+++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch
70	@@ -0,0 +1,84 @@
71	+Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380
72	+
73	+From bf6831c474334cbb923de0193d7431ad7805f484 Mon Sep 17 00:00:00 2001
74	+From: orbea <orbea@××××××.net>
75	+Date: Mon, 4 Jul 2022 23:55:18 -0700
76	+Subject: [PATCH] Support LibreSSL
77	+
78	+This works with LibreSSL 3.5.x.
79	+
80	+Signed-off-by: orbea <orbea@××××××.net>
81	+---
82	+ src/tss2-esys/esys_crypto_ossl.c \| 13 ++++++++++---
83	+ src/tss2-fapi/fapi_crypto.c \| 4 ++--
84	+ 2 files changed, 12 insertions(+), 5 deletions(-)
85	+
86	+diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
87	+index 89d312f70..961d7707f 100644
88	+--- a/src/tss2-esys/esys_crypto_ossl.c
89	++++ b/src/tss2-esys/esys_crypto_ossl.c
90	+@@ -392,7 +392,7 @@ iesys_cryptossl_hmac_start(ESYS_CRYPTO_CONTEXT_BLOB ** context,
91	+ "Error EVP_MD_CTX_create", cleanup);
92	+ }
93	+
94	+-#if OPENSSL_VERSION_NUMBER < 0x10101000L
95	++#if OPENSSL_VERSION_NUMBER < 0x10101000L \|\| defined(LIBRESSL_VERSION_NUMBER)
96	+ if (!(hkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, size))) {
97	+ #else
98	+ /* this is preferred, but available since OpenSSL 1.1.1 only */
99	+@@ -558,7 +558,11 @@ iesys_cryptossl_random2b(
100	+ int rc;
101	+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
102	+ const RAND_METHOD *rand_save = RAND_get_rand_method();
103	++#ifdef LIBRESSL_VERSION_NUMBER
104	++ RAND_set_rand_method(RAND_SSLeay());
105	++#else
106	+ RAND_set_rand_method(RAND_OpenSSL());
107	++#endif
108	+ #else
109	+ OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
110	+ if (!libctx)
111	+@@ -615,8 +619,11 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
112	+ RSA *rsa_key = NULL;
113	+ const EVP_MD * hashAlg = NULL;
114	+ const RAND_METHOD *rand_save = RAND_get_rand_method();
115	+-
116	++#ifdef LIBRESSL_VERSION_NUMBER
117	++ RAND_set_rand_method(RAND_SSLeay());
118	++#else
119	+ RAND_set_rand_method(RAND_OpenSSL());
120	++#endif
121	+ #else
122	+ OSSL_LIB_CTX *libctx = NULL;
123	+ EVP_MD * hashAlg = NULL;
124	+@@ -919,7 +926,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,
125	+ curveId = NID_secp521r1;
126	+ key_size = 66;
127	+ break;
128	+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
129	++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
130	+ case TPM2_ECC_SM2_P256:
131	+ curveId = NID_sm2;
132	+ key_size = 32;
133	+diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c
134	+index 2fe37c0c4..c1563237a 100644
135	+--- a/src/tss2-fapi/fapi_crypto.c
136	++++ b/src/tss2-fapi/fapi_crypto.c
137	+@@ -544,7 +544,7 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC tpmPublicKey, EVP_PKEY *evpPublicKey)
138	+ case TPM2_ECC_NIST_P521:
139	+ curveId = NID_secp521r1;
140	+ break;
141	+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
142	++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
143	+ case TPM2_ECC_SM2_P256:
144	+ curveId = NID_sm2;
145	+ break;
146	+@@ -1155,7 +1155,7 @@ get_ecc_tpm2b_public_from_evp(
147	+ case NID_secp521r1:
148	+ tpmCurveId = TPM2_ECC_NIST_P521;
149	+ break;
150	+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
151	++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
152	+ case NID_sm2:
153	+ tpmCurveId = TPM2_ECC_SM2_P256;
154	+ break;
155
156	diff --git a/app-crypt/tpm2-tss/metadata.xml b/app-crypt/tpm2-tss/metadata.xml
157	new file mode 100644
158	index 0000000..0a726fa
159	--- /dev/null
160	+++ b/app-crypt/tpm2-tss/metadata.xml
161	@@ -0,0 +1,20 @@
162	+<?xml version="1.0" encoding="UTF-8"?>
163	+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
164	+<pkgmetadata>
165	+ <maintainer type="person" proxied="yes">
166	+ <email>salah.coronya@×××××.com</email>
167	+ <name>Christopher Byrne</name>
168	+ </maintainer>
169	+ <maintainer type="project" proxied="proxy">
170	+ <email>proxy-maint@g.o</email>
171	+ <name>Proxy Maintainers</name>
172	+ </maintainer>
173	+ <use>
174	+ <flag name="fapi">Enable feature API (requires openssl as crypto backend)</flag>
175	+ <flag name="mbedtls">Use <pkg>net-libs/mbedtls</pkg> as crypto engine</flag>
176	+ <flag name="openssl">Use <pkg>dev-libs/openssl</pkg> as crypto engine</flag>
177	+ </use>
178	+ <upstream>
179	+ <remote-id type="github">tpm2-software/tpm2-tss</remote-id>
180	+ </upstream>
181	+</pkgmetadata>
182
183	diff --git a/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild
184	new file mode 100644
185	index 0000000..bc8875b
186	--- /dev/null
187	+++ b/app-crypt/tpm2-tss/tpm2-tss-3.2.0-r3.ebuild
188	@@ -0,0 +1,100 @@
189	+# Copyright 1999-2022 Gentoo Authors
190	+# Distributed under the terms of the GNU General Public License v2
191	+
192	+EAPI=7
193	+
194	+inherit autotools linux-info multilib-minimal tmpfiles udev
195	+
196	+DESCRIPTION="TCG Trusted Platform Module 2.0 Software Stack"
197	+HOMEPAGE="https://github.com/tpm2-software/tpm2-tss"
198	+SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz"
199	+
200	+LICENSE="BSD-2"
201	+SLOT="0/3"
202	+KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86"
203	+IUSE="doc +fapi +openssl mbedtls static-libs test"
204	+
205	+RESTRICT="!test? ( test )"
206	+
207	+REQUIRED_USE="^^ ( mbedtls openssl )
208	+ fapi? ( openssl !mbedtls )"
209	+
210	+RDEPEND="acct-group/tss
211	+ acct-user/tss
212	+ fapi? ( dev-libs/json-c:=[${MULTILIB_USEDEP}]
213	+ >=net-misc/curl-7.80.0[${MULTILIB_USEDEP}] )
214	+ mbedtls? ( net-libs/mbedtls:=[${MULTILIB_USEDEP}] )
215	+ openssl? ( dev-libs/openssl:=[${MULTILIB_USEDEP}] )"
216	+
217	+DEPEND="${RDEPEND}
218	+ test? ( app-crypt/swtpm
219	+ dev-libs/uthash
220	+ dev-util/cmocka
221	+ fapi? ( >=net-misc/curl-7.80.0 ) )"
222	+BDEPEND="sys-apps/acl
223	+ virtual/pkgconfig
224	+ doc? ( app-doc/doxygen )"
225	+
226	+PATCHES=(
227	+ "${FILESDIR}/${PN}-3.1.0-Dont-run-systemd-sysusers-in-Makefile.patch"
228	+ "${FILESDIR}/${P}-libressl.patch"
229	+)
230	+
231	+pkg_setup() {
232	+ local CONFIG_CHECK=" \
233	+ ~TCG_TPM
234	+ "
235	+ linux-info_pkg_setup
236	+ kernel_is ge 4 12 0 \|\| ewarn "At least kernel 4.12.0 is required"
237	+}
238	+
239	+src_prepare() {
240	+ default
241	+
242	+ # See bug #833887 (and similar); eautoreconf means .pc file gets wrong version.
243	+ sed -i \
244	+ "s/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/" \
245	+ "configure.ac" \|\| die
246	+
247	+ eautoreconf
248	+}
249	+
250	+multilib_src_configure() {
251	+ ECONF_SOURCE=${S} econf \
252	+ --localstatedir=/var \
253	+ $(use_enable doc doxygen-doc) \
254	+ $(use_enable fapi) \
255	+ $(use_enable static-libs static) \
256	+ $(multilib_native_use_enable test unit) \
257	+ $(multilib_native_use_enable test integration) \
258	+ $(multilib_native_use_enable test self-generated-certificate) \
259	+ --disable-tcti-libtpms \
260	+ --disable-defaultflags \
261	+ --disable-weakcrypto \
262	+ --with-crypto="$(usex mbedtls mbed ossl)" \
263	+ --with-runstatedir=/run \
264	+ --with-udevrulesdir="$(get_udevdir)/rules.d" \
265	+ --with-udevrulesprefix=60- \
266	+ --with-sysusersdir="/usr/lib/sysusers.d" \
267	+ --with-tmpfilesdir="/usr/lib/tmpfiles.d"
268	+}
269	+
270	+multilib_src_install() {
271	+ default
272	+
273	+ if [[ ${PV} != $(sed -n -e 's/^Version: //p' "${ED}/usr/$(get_libdir)/pkgconfig/tss2-sys.pc" \|\| die) ]] ; then
274	+ # Safeguard for bug #833887
275	+ die "pkg-config file version doesn't match ${PV}! Please report a bug!"
276	+ fi
277	+
278	+ find "${D}" -name '*.la' -delete \|\| die
279	+}
280	+
281	+pkg_postinst() {
282	+ tmpfiles_process tpm2-tss-fapi.conf
283	+ udev_reload
284	+}
285	+
286	+pkg_postrm() {
287	+ udev_reload
288	+}

Gentoo Archives: gentoo-commits