Support LibreSSL

This works with LibreSSL 3.5.x. Missing in LibreSSL: * RAND_OpenSSL (Deprecated in OpenSSL >= 3.0) * NID_sm2 Signed-off-by: orbea <orbea@riseup.net>
tpm2-software · Apr 20, 2023 · 24e2d97 · 24e2d97
1 parent 91ee009
commit 24e2d97
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 2 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -85,6 +85,27 @@ jobs:
       - name: failure
         if: ${{ failure() }}
         run: cat $(find ../ -name test-suite.log) || true
+  test-libressl:
+    runs-on: ubuntu-latest
+    if: "!contains(github.ref, 'coverity_scan')"
+    strategy:
+      matrix:
+        docker_image: [fedora-34-libressl]
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v2
+        with:
+            fetch-depth: 0
+      - name: Launch Action
+        uses:
+          tpm2-software/ci/runCI@main
+        with:
+          CC: gcc
+          DOCKER_IMAGE: ${{ matrix.docker_image }}
+          PROJECT_NAME: ${{ github.event.repository.name }}
+      - name: failure
+        if: ${{ failure() }}
+        run: cat $(find ../ -name test-suite.log) || true
   test-no-crypto-build:
     runs-on: ubuntu-latest
     if: "!contains(github.ref, 'coverity_scan')"

diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
@@ -392,7 +392,8 @@ iesys_cryptossl_hmac_start(ESYS_CRYPTO_CONTEXT_BLOB ** context,
                    "Error EVP_MD_CTX_create", cleanup);
     }
 
-#if OPENSSL_VERSION_NUMBER < 0x10101000L
+#if OPENSSL_VERSION_NUMBER < 0x10101000L || \
+    ( defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3070000fL )
     if (!(hkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, size))) {
 #else
     /* this is preferred, but available since OpenSSL 1.1.1 only */
@@ -558,7 +559,9 @@ iesys_cryptossl_random2b(
     int rc;
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
     const RAND_METHOD *rand_save = RAND_get_rand_method();
+#ifndef LIBRESSL_VERSION_NUMBER
     RAND_set_rand_method(RAND_OpenSSL());
+#endif
 #else
     OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
     if (!libctx)
@@ -615,8 +618,9 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
     RSA *rsa_key = NULL;
     const EVP_MD * hashAlg = NULL;
     const RAND_METHOD *rand_save = RAND_get_rand_method();
-
+#ifndef LIBRESSL_VERSION_NUMBER
     RAND_set_rand_method(RAND_OpenSSL());
+#endif
 #else
     OSSL_LIB_CTX *libctx = NULL;
     EVP_MD * hashAlg = NULL;