1 files changed, 84 insertions, 0 deletions

diff --git a/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch
new file mode 100644
index 0000000..211424c
--- /dev/null
+++ b/app-crypt/tpm2-tss/files/tpm2-tss-3.2.0-libressl.patch
@@ -0,0 +1,84 @@
+Upstream-PR: https://github.com/tpm2-software/tpm2-tss/pull/2380
+
+From bf6831c474334cbb923de0193d7431ad7805f484 Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Mon, 4 Jul 2022 23:55:18 -0700
+Subject: [PATCH] Support LibreSSL
+
+This works with LibreSSL 3.5.x.
+
+Signed-off-by: orbea <orbea@riseup.net>
+---
+ src/tss2-esys/esys_crypto_ossl.c | 13 ++++++++++---
+ src/tss2-fapi/fapi_crypto.c      |  4 ++--
+ 2 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
+index 89d312f70..961d7707f 100644
+--- a/src/tss2-esys/esys_crypto_ossl.c
++++ b/src/tss2-esys/esys_crypto_ossl.c
+@@ -392,7 +392,7 @@ iesys_cryptossl_hmac_start(ESYS_CRYPTO_CONTEXT_BLOB ** context,
+                    "Error EVP_MD_CTX_create", cleanup);
+     }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10101000L
++#if OPENSSL_VERSION_NUMBER < 0x10101000L || defined(LIBRESSL_VERSION_NUMBER)
+     if (!(hkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, size))) {
+ #else
+     /* this is preferred, but available since OpenSSL 1.1.1 only */
+@@ -558,7 +558,11 @@ iesys_cryptossl_random2b(
+     int rc;
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
+     const RAND_METHOD *rand_save = RAND_get_rand_method();
++#ifdef LIBRESSL_VERSION_NUMBER
++    RAND_set_rand_method(RAND_SSLeay());
++#else
+     RAND_set_rand_method(RAND_OpenSSL());
++#endif
+ #else
+     OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
+     if (!libctx)
+@@ -615,8 +619,11 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
+     RSA *rsa_key = NULL;
+     const EVP_MD * hashAlg = NULL;
+     const RAND_METHOD *rand_save = RAND_get_rand_method();
+-
++#ifdef LIBRESSL_VERSION_NUMBER
++    RAND_set_rand_method(RAND_SSLeay());
++#else
+     RAND_set_rand_method(RAND_OpenSSL());
++#endif
+ #else
+     OSSL_LIB_CTX *libctx = NULL;
+     EVP_MD * hashAlg = NULL;
+@@ -919,7 +926,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,
+         curveId = NID_secp521r1;
+         key_size = 66;
+         break;
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+     case TPM2_ECC_SM2_P256:
+         curveId = NID_sm2;
+         key_size = 32;
+diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c
+index 2fe37c0c4..c1563237a 100644
+--- a/src/tss2-fapi/fapi_crypto.c
++++ b/src/tss2-fapi/fapi_crypto.c
+@@ -544,7 +544,7 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY **evpPublicKey)
+     case TPM2_ECC_NIST_P521:
+         curveId = NID_secp521r1;
+         break;
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+     case TPM2_ECC_SM2_P256:
+         curveId = NID_sm2;
+         break;
+@@ -1155,7 +1155,7 @@ get_ecc_tpm2b_public_from_evp(
+     case NID_secp521r1:
+         tpmCurveId = TPM2_ECC_NIST_P521;
+         break;
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+     case NID_sm2:
+         tpmCurveId = TPM2_ECC_SM2_P256;
+         break;