Update patch for tpm2-tss

justsmth · Jul 11, 2024 · ed3f8ac · ed3f8ac
1 parent 4c8e80f
commit ed3f8ac
Showing 1 changed file with 12 additions and 21 deletions.
diff --git a/tests/ci/integration/tpm2_tss_patch/aws-lc-tpm2-tss.patch b/tests/ci/integration/tpm2_tss_patch/aws-lc-tpm2-tss.patch
@@ -1,17 +1,8 @@
-From 0b702b55bfece6c2910ea065bf0dffa9c1e1008e Mon Sep 17 00:00:00 2001
-From: Juergen Repp <[email protected]>
-Date: Fri, 10 May 2024 19:15:37 +0200
-Subject: [PATCH] FAPI: Improve the error message for self signed EK
- certificates.
+From e867fd70195c99a5d2d0f39f8bc7d4641304a53a Mon Sep 17 00:00:00 2001
+From: Justin W Smith <[email protected]>
+Date: Thu, 11 Jul 2024 09:49:35 -0400
+Subject: [PATCH] aws-lc-tpm2-tss.patch
 
-The error message
-"curl_url_set for CURUPART_URL failed: Unsupported URL scheme"
-was displayed if a self signed EK certificate was stored in the TPM.
-Now a better error message is displayed to explain that FAPI can
-be used if "ek_cert_less" is set to "yes" in the FAPI config file.
-Addresses: #2833
-
-Signed-off-by: Juergen Repp <[email protected]>
 ---
  configure.ac                     | 6 ------
  src/tss2-esys/esys_crypto_ossl.c | 2 +-
@@ -37,23 +28,23 @@ index eb6051ea..7051e51c 100644
             TSS2_ESYS_LDFLAGS_CRYPTO="$CRYPTO_LIBS"
         ], [test "x$with_crypto" = xmbed], [
 diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
-index 92625933..6b7166b4 100644
+index 15e534ce..75043897 100644
 --- a/src/tss2-esys/esys_crypto_ossl.c
 +++ b/src/tss2-esys/esys_crypto_ossl.c
-@@ -753,7 +753,7 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
+@@ -752,7 +752,7 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
                     "Could not duplicate OAEP label", cleanup);
      }
 
--    if (1 != EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label_copy, strlen(label_copy)+1)) {
+-    if (1 != EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label_copy, (int) strlen(label_copy)+1)) {
 +    if (1 != EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, (uint8_t*)label_copy, strlen(label_copy)+1)) {
          OPENSSL_free(label_copy);
          goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
                     "Could not set RSA label.", cleanup);
 diff --git a/src/tss2-fapi/ifapi_curl.c b/src/tss2-fapi/ifapi_curl.c
-index 35c04204..05839b86 100644
+index 18f4a9ff..d68450b8 100644
 --- a/src/tss2-fapi/ifapi_curl.c
 +++ b/src/tss2-fapi/ifapi_curl.c
-@@ -89,13 +89,13 @@ get_crl_from_cert(X509 *cert, X509_CRL **crl)
+@@ -88,13 +88,13 @@ get_crl_from_cert(X509 *cert, X509_CRL **crl)
      int curl_rc;
 
      *crl = NULL;
@@ -69,7 +60,7 @@ index 35c04204..05839b86 100644
              {
                  GENERAL_NAME *gen_name = sk_GENERAL_NAME_value(distpoint->name.fullname, j);
                  ASN1_IA5STRING *asn1_str = gen_name->d.uniformResourceIdentifier;
-@@ -172,7 +172,7 @@ ifapi_curl_verify_ek_cert(
+@@ -171,7 +171,7 @@ ifapi_curl_verify_ek_cert(
      X509_STORE_CTX *ctx = NULL;
      X509_CRL *crl_intermed = NULL;
      X509_CRL *crl_ek = NULL;
@@ -79,7 +70,7 @@ index 35c04204..05839b86 100644
      AUTHORITY_INFO_ACCESS *info = NULL;
      ASN1_IA5STRING *uri = NULL;
 diff --git a/test/unit/fapi-eventlog.c b/test/unit/fapi-eventlog.c
-index 995e9ebb..4de5408a 100644
+index 3b859e39..796894ee 100644
 --- a/test/unit/fapi-eventlog.c
 +++ b/test/unit/fapi-eventlog.c
 @@ -130,6 +130,7 @@ check_eventlog_pcr0(const char *file, uint32_t *pcr_list, size_t pcr_list_size,
@@ -123,5 +114,5 @@ index 995e9ebb..4de5408a 100644
      skip();
  #endif
 -- 
-2.39.3 (Apple Git-145)
+2.43.0