diff --git a/0002-Adapt-to-OpenSSL-3.0-for-SM3.patch b/0002-Adapt-to-OpenSSL-3.0-for-SM3.patch new file mode 100644 index 0000000000000000000000000000000000000000..d5cba1bcc677ec10f23ab9f8256c9fa293e6ce9b --- /dev/null +++ b/0002-Adapt-to-OpenSSL-3.0-for-SM3.patch @@ -0,0 +1,192 @@ +From 0d52f1654c18db30ff859eebd7dc521c75ffc7f4 Mon Sep 17 00:00:00 2001 +From: fly2x +Date: Tue, 8 Jul 2025 14:51:51 +0800 +Subject: [PATCH] Adapt to OpenSSL 3.0 for SM3 + +--- + src/tpm2/NVMarshal.c | 18 +++--- + src/tpm2/crypto/openssl/Helpers.c | 86 +++++++++++++++++++------ + src/tpm2/crypto/openssl/TpmToOsslHash.h | 8 ++- + 3 files changed, 85 insertions(+), 27 deletions(-) + +diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c +index e2f83de..cdf5cbb 100644 +--- a/src/tpm2/NVMarshal.c ++++ b/src/tpm2/NVMarshal.c +@@ -2045,8 +2045,11 @@ tpmHashStateSM3_256_Marshal(tpmHashStateSM3_256_t *data, BYTE **buffer, INT32 *s + UINT16 array_size; + SM3_CTX *sm3_ctx = NULL; + BLOCK_SKIP_INIT; ++ if (data->evp_md_ctx == NULL) { ++ return 1; ++ } ++ sm3_ctx = EVP_MD_CTX_md_data(data->evp_md_ctx); + +- sm3_ctx = EVP_MD_CTX_md_data(*data); + written = NV_HEADER_Marshal(buffer, size, + HASH_STATE_SM3_256_VERSION, + HASH_STATE_SM3_256_MAGIC, 1); +@@ -2083,14 +2086,13 @@ tpmHashStateSM3_256_Unmarshal(tpmHashStateSM3_256_t *data, BYTE **buffer, INT32 + UINT16 array_size; + NV_HEADER hdr; + SM3_CTX *sm3_ctx = NULL; +- +- (*data) = EVP_MD_CTX_new(); +- if ((*data) == NULL) { ++ if (sm3_init_ctx(data) != 1) { + rc = TPM_RC_FAILURE; +- } +- if (rc == TPM_RC_SUCCESS) { +- EVP_DigestInit_ex(*data, EVP_sm3(), NULL); +- sm3_ctx = EVP_MD_CTX_md_data(*data); ++ } else { ++ sm3_ctx = EVP_MD_CTX_md_data(data->evp_md_ctx); ++ if (sm3_ctx == NULL) { ++ rc = TPM_RC_FAILURE; ++ } + } + + if (rc == TPM_RC_SUCCESS) { +diff --git a/src/tpm2/crypto/openssl/Helpers.c b/src/tpm2/crypto/openssl/Helpers.c +index 1711496..d8a1e89 100644 +--- a/src/tpm2/crypto/openssl/Helpers.c ++++ b/src/tpm2/crypto/openssl/Helpers.c +@@ -634,17 +634,21 @@ static int SetSM4Key(const uint8_t *key, SM4_KEY *ks, int direction) + + *ks = EVP_CIPHER_CTX_new(); + if (*ks == NULL) { +- return SM4_FAIL; ++ return 1; + } + if (direction == SM4_ENCRYPT) { + rc = EVP_EncryptInit_ex(*ks, sm4Cipher, NULL, key, iv); + } else { + rc = EVP_DecryptInit_ex(*ks, sm4Cipher, NULL, key, iv); + } +- if (rc != SM4_SUCCESS) { +- return SM4_FAIL; ++ if (rc != 1) { ++ return 1; + } +- return SM4_SUCCESS; ++ rc = EVP_CIPHER_CTX_set_padding(*ks, 0); ++ if (rc != 1) { ++ return 1; ++ } ++ return 0; + } + + int SM4_set_encrypt_key(const uint8_t *key, SM4_KEY *ks) +@@ -688,30 +692,76 @@ void SM4_final(const SM4_KEY *ks) + } + #endif + #if ALG_SM3_256 +-int sm3_init(SM3_TPM_CTX *c) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++ ++int sm3_init_ctx(SM3_TPM_CTX *c) + { +- *c = EVP_MD_CTX_new(); +- if (*c == NULL) { +- return SM3_FAIL; ++ int rc; ++ c->evp_md_ctx = EVP_MD_CTX_new(); ++ if (c->evp_md_ctx == NULL) { ++ return 0; ++ } ++ c->evp_md = EVP_MD_meth_dup(EVP_sm3()); ++ if (c->evp_md == NULL) { ++ EVP_MD_CTX_destroy(c->evp_md_ctx); ++ c->evp_md_ctx = NULL; ++ return 0; + } +- return EVP_DigestInit_ex(*c, EVP_sm3(), NULL); ++ ++ EVP_MD_meth_set_app_datasize(c->evp_md, 256); ++ rc = EVP_DigestInit_ex(c->evp_md_ctx, c->evp_md, NULL); ++ if (rc != 1) { ++ EVP_MD_CTX_destroy(c->evp_md_ctx); ++ EVP_MD_meth_free(c->evp_md); ++ c->evp_md_ctx = NULL; ++ c->evp_md = NULL; ++ return 0; ++ } ++ return rc; ++} ++ ++#else ++ ++int sm3_init_ctx(SM3_TPM_CTX *c) ++{ ++ c->evp_md = NULL; ++ c->evp_md_ctx = EVP_MD_CTX_new(); ++ if (c->evp_md_ctx == NULL) { ++ return 0; ++ } ++ return EVP_DigestInit_ex(c->evp_md_ctx, EVP_sm3(), NULL); ++} ++ ++#endif ++ ++int sm3_init(SM3_TPM_CTX *c) ++{ ++ return sm3_init_ctx(c); + } + + int sm3_update(SM3_TPM_CTX *c, const void *data, size_t len) + { +- return EVP_DigestUpdate(*c, data, len); ++ if (c->evp_md_ctx == NULL) { ++ return 0; ++ } ++ return EVP_DigestUpdate(c->evp_md_ctx, data, len); + } + + int sm3_final(unsigned char *md, SM3_TPM_CTX *c) + { +- uint32_t len = SM3_256_DIGEST_SIZE; +- int ret = EVP_DigestFinal_ex(*c, md, &len); +- +- if (ret != SM3_SUCCESS || len != SM3_256_DIGEST_SIZE) { +- ret = SM3_FAIL; ++ int rc; ++ if (c->evp_md_ctx == NULL) { ++ return 0; + } +- EVP_MD_CTX_destroy(*c); +- *c = NULL; +- return SM3_SUCCESS; ++ rc = EVP_DigestFinal_ex(c->evp_md_ctx, md, NULL); ++ EVP_MD_CTX_destroy(c->evp_md_ctx); ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++ EVP_MD_meth_free(c->evp_md); ++ c->evp_md = NULL; ++#endif ++ c->evp_md_ctx = NULL; ++ return rc; + } ++ + #endif +diff --git a/src/tpm2/crypto/openssl/TpmToOsslHash.h b/src/tpm2/crypto/openssl/TpmToOsslHash.h +index ac10326..6eefcee 100644 +--- a/src/tpm2/crypto/openssl/TpmToOsslHash.h ++++ b/src/tpm2/crypto/openssl/TpmToOsslHash.h +@@ -88,7 +88,13 @@ typedef struct SM3state_st { + unsigned int num; + } SM3_CTX; + +-typedef EVP_MD_CTX* SM3_TPM_CTX; ++typedef struct SM3_TPM_EVP_MD_CTX { ++ EVP_MD_CTX* evp_md_ctx; ++ EVP_MD* evp_md; ++}SM3_TPM_EVP_MD_CTX; ++typedef SM3_TPM_EVP_MD_CTX SM3_TPM_CTX; ++ ++int sm3_init_ctx(SM3_TPM_CTX *c); + + int sm3_init(SM3_TPM_CTX *c); + int sm3_update(SM3_TPM_CTX *c, const void *data, size_t len); +-- +2.50.0 + diff --git a/libtpms.spec b/libtpms.spec index 48fa86d7d061d676dbb4b7bb6d447f66e2c4de66..6300c7211d2863cad78a5e9964b450a18a6608d3 100644 --- a/libtpms.spec +++ b/libtpms.spec @@ -2,7 +2,7 @@ %define name libtpms %define version 0.9.6 -%define release 2 +%define release 3 # Valid crypto subsystems are 'freebl' and 'openssl' %if "%{?crypto_subsystem}" == "" @@ -24,6 +24,7 @@ Provides: libtpms-%{crypto_subsystem} = %{version}-%{release} Patch0: 0000-tpm2-add-SM3-and-SM4-support.patch Patch1: 0001-tpm12-add-missing-openssl-includes.patch +Patch2: 0002-Adapt-to-OpenSSL-3.0-for-SM3.patch %if "%{crypto_subsystem}" == "openssl" BuildRequires: openssl-devel @@ -120,6 +121,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libtpms.la %postun -p /sbin/ldconfig %changelog +* Wed Jul 9 2025 zhanglongfei- - 0.9.6-3 +- Adapt to OpenSSL 3.0 for SM3 + * Tue Jul 16 2024 zhangxingrong- - 0.9.6-2 - tpm12: add missing openssl includes