diff --git a/package/libspdm/0001-cryptlib_openssl-x509-Remove-internal-OpenSSL-crypto.patch b/package/libspdm/0001-cryptlib_openssl-x509-Remove-internal-OpenSSL-crypto.patch deleted file mode 100644 index d5d233b7ab93..000000000000 --- a/package/libspdm/0001-cryptlib_openssl-x509-Remove-internal-OpenSSL-crypto.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 7db883cdb3369cfaf9f0890b0eda503f47a5ffa3 Mon Sep 17 00:00:00 2001 -From: Alistair Francis -Date: Fri, 11 Aug 2023 16:26:53 -0400 -Subject: [PATCH] cryptlib_openssl: x509: Remove internal OpenSSL crypto - include - -The OpenSSL source code describes the crypto include as: -"Internal EC functions for other submodules: not for application use" - - https://github.com/openssl/openssl/blob/master/include/crypto/ec.h - -Using the internal APIS makes it difficult to use libspdm as a library -with other packages. So let's remove the uses of the internal API and -instead use the public API. - -Signed-off-by: Alistair Francis -Upstream: https://github.com/DMTF/libspdm/commit/7db883cdb3369cfaf9f0890b0eda503f47a5ffa3 ---- - os_stub/cryptlib_openssl/pk/x509.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/os_stub/cryptlib_openssl/pk/x509.c b/os_stub/cryptlib_openssl/pk/x509.c -index c067f3d0ca..1a2736132b 100644 ---- a/os_stub/cryptlib_openssl/pk/x509.c -+++ b/os_stub/cryptlib_openssl/pk/x509.c -@@ -17,7 +17,6 @@ - #include - #include - #include --#include - - #if LIBSPDM_CERT_PARSE_SUPPORT - -@@ -2318,7 +2317,7 @@ bool libspdm_set_attribute_for_req(X509_REQ *req, uint8_t *req_info, size_t req_ - /*get subject name from req_info and set it to CSR*/ - x509_req_info = d2i_X509_REQ_INFO(NULL, (const unsigned char **)(&req_info), req_info_len); - if (x509_req_info) { -- X509_REQ_set_subject_name(req, x509_req_info->subject); -+ X509_REQ_set_subject_name(req, X509_REQ_get_subject_name((X509_REQ *)x509_req_info)); - X509_REQ_INFO_free(x509_req_info); - } else { - return false; --- -2.40.1 - diff --git a/package/libspdm/0002-cryptlib_openssl-ecd-Allow-disabling-code.patch b/package/libspdm/0002-cryptlib_openssl-ecd-Allow-disabling-code.patch deleted file mode 100644 index 0ab347b3e09e..000000000000 --- a/package/libspdm/0002-cryptlib_openssl-ecd-Allow-disabling-code.patch +++ /dev/null @@ -1,56 +0,0 @@ -From e87687d72688e980b929920b7d77dca26fff169e Mon Sep 17 00:00:00 2001 -From: Alistair Francis -Date: Mon, 21 Aug 2023 14:00:46 -0400 -Subject: [PATCH] cryptlib_openssl: ecd: Allow disabling code - -The OpenSSL source code describes the crypto include as: -"Internal EC functions for other submodules: not for application use" - - https://github.com/openssl/openssl/blob/master/include/crypto/ec.h - -Using the internal APIS makes it difficult to use libspdm as a library -with other packages. So let's remove the uses of the internal API and -instead use the public API. - -The current ECD code uses internal APIs, making it unsuitable for use in -production code or libraries. - -The supported way to do this is via OSSL params, either with -EVP_PKEY_fromdata() [1] or using EVP_PKEY_set_octet_string_param(). - -Unfortunately this isn't supported in OpenSSL and ed25519_set_params() -and ed448_set_params() will always return 1, indicating no support. - -As there doesn't appear to be a supported method in OpenSSL to set the -public and private keys, let's instead allow users to disable this -support so the library can be used with the regular OpenSSL libraries. - -https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html - -Signed-off-by: Alistair Francis -Upstream: https://github.com/DMTF/libspdm/commit/e87687d72688e980b929920b7d77dca26fff169e ---- - os_stub/cryptlib_openssl/pk/ecd.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/os_stub/cryptlib_openssl/pk/ecd.c b/os_stub/cryptlib_openssl/pk/ecd.c -index d7cc156d86..23dbd0390b 100644 ---- a/os_stub/cryptlib_openssl/pk/ecd.c -+++ b/os_stub/cryptlib_openssl/pk/ecd.c -@@ -12,6 +12,9 @@ - **/ - - #include "internal_crypt_lib.h" -+ -+#if (LIBSPDM_EDDSA_ED25519_SUPPORT) || (LIBSPDM_EDDSA_ED448_SUPPORT) -+ - #include - #include - -@@ -471,3 +474,4 @@ bool libspdm_eddsa_verify(const void *ecd_context, size_t hash_nid, - EVP_MD_CTX_free(ctx); - return true; - } -+#endif /* (LIBSPDM_EDDSA_ED25519_SUPPORT) || (LIBSPDM_EDDSA_ED448_SUPPORT) */ --- -2.40.1 - diff --git a/package/libspdm/0003-cryptlib_openssl-ec-Remove-internal-OpenSSL-crypto-i.patch b/package/libspdm/0003-cryptlib_openssl-ec-Remove-internal-OpenSSL-crypto-i.patch deleted file mode 100644 index aacda1478973..000000000000 --- a/package/libspdm/0003-cryptlib_openssl-ec-Remove-internal-OpenSSL-crypto-i.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 567b1c8ea731fe42650d43ede50a105b772dc7aa Mon Sep 17 00:00:00 2001 -From: Alistair Francis -Date: Fri, 11 Aug 2023 16:24:23 -0400 -Subject: [PATCH] cryptlib_openssl: ec: Remove internal OpenSSL crypto include - -The OpenSSL source code describes the crypto include as: -"Internal EC functions for other submodules: not for application use" - - https://github.com/openssl/openssl/blob/master/include/crypto/ec.h - -Using the internal APIS makes it difficult to use libspdm as a library -with other packages. So let's remove the uses of the internal API and -instead use the public API. - -Signed-off-by: Alistair Francis -Upstream: https://github.com/DMTF/libspdm/commit/567b1c8ea731fe42650d43ede50a105b772dc7aa ---- - os_stub/cryptlib_openssl/pk/ec.c | 26 ++++++++++++++++++++++---- - 1 file changed, 22 insertions(+), 4 deletions(-) - -diff --git a/os_stub/cryptlib_openssl/pk/ec.c b/os_stub/cryptlib_openssl/pk/ec.c -index 7dd9a8b0f8..09df0b9a25 100644 ---- a/os_stub/cryptlib_openssl/pk/ec.c -+++ b/os_stub/cryptlib_openssl/pk/ec.c -@@ -15,7 +15,6 @@ - #include - #include - #include --#include - - /** - * Allocates and Initializes one Elliptic Curve context for subsequent use -@@ -854,7 +853,7 @@ static int libspdm_ecdsa_sign_setup_random(EC_KEY *eckey, BIGNUM **kinvp, BIGNUM - uint8_t* random, size_t random_len) - { - BN_CTX *ctx = NULL; -- BIGNUM *k = NULL, *r = NULL, *X = NULL; -+ BIGNUM *k = NULL, *r = NULL, *X = NULL, *e = NULL; - const BIGNUM *order; - EC_POINT *tmp_point = NULL; - const EC_GROUP *group; -@@ -901,6 +900,11 @@ static int libspdm_ecdsa_sign_setup_random(EC_KEY *eckey, BIGNUM **kinvp, BIGNUM - goto err; - } - -+ e = BN_CTX_get(ctx); -+ if (e == NULL) { -+ return 0; -+ } -+ - /*random number*/ - k = BN_bin2bn(random, random_len, NULL); - -@@ -915,10 +919,24 @@ static int libspdm_ecdsa_sign_setup_random(EC_KEY *eckey, BIGNUM **kinvp, BIGNUM - goto err; - } - -- /* compute the inverse of k */ -- if (!ossl_ec_group_do_inverse_ord(group, k, k, ctx)) { -+ /* -+ * compute the inverse of k -+ * Based on ossl_ec_group_do_inverse_ord() from OpenSSL -+ */ -+ BN_CTX_start(ctx); -+ if (!BN_set_word(e, 2)) { -+ BN_CTX_end(ctx); -+ goto err; -+ } -+ if (!BN_sub(e, order, e)) { -+ BN_CTX_end(ctx); -+ goto err; -+ } -+ if (!BN_mod_exp_mont(k, k, e, order, ctx, EC_GROUP_get_mont_data(group))) { -+ BN_CTX_end(ctx); - goto err; - } -+ BN_CTX_end(ctx); - - /* clear old values if necessary */ - BN_clear_free(*rp); --- -2.40.1 - diff --git a/package/libspdm/0004-CMakeLists.txt-Allow-disabling-EDDSA-support-from-co.patch b/package/libspdm/0004-CMakeLists.txt-Allow-disabling-EDDSA-support-from-co.patch deleted file mode 100644 index fe616490f77d..000000000000 --- a/package/libspdm/0004-CMakeLists.txt-Allow-disabling-EDDSA-support-from-co.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 97611ce8279341205463ace6a5f2ff93c52fc417 Mon Sep 17 00:00:00 2001 -From: Alistair Francis -Date: Wed, 30 Aug 2023 13:37:07 +1000 -Subject: [PATCH] CMakeLists.txt: Allow disabling EDDSA support from command - line - -Signed-off-by: Alistair Francis -Upstream: https://github.com/DMTF/libspdm/pull/2330 ---- - CMakeLists.txt | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 8a18c467a5..47b93f8bb7 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -155,6 +155,11 @@ else() - MESSAGE(FATAL_ERROR "Unknown CRYPTO") - endif() - -+if(DISABLE_EDDSA STREQUAL "1") -+ add_definitions(-DLIBSPDM_EDDSA_ED25519_SUPPORT=0) -+ add_definitions(-DLIBSPDM_EDDSA_ED448_SUPPORT=0) -+endif() -+ - if(ENABLE_BINARY_BUILD STREQUAL "1") - if(NOT CRYPTO STREQUAL "openssl") - MESSAGE(FATAL_ERROR "enabling binary build not supported for non-openssl") --- -2.40.1 - diff --git a/package/libspdm/libspdm.hash b/package/libspdm/libspdm.hash index 5095d3c3b802..3280ebfb8885 100644 --- a/package/libspdm/libspdm.hash +++ b/package/libspdm/libspdm.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 3a40daa59f32843062c3d2699acee09bd0ee217eb8ebf0378ae12b60b6db0636 libspdm-3.0.0.tar.gz +sha256 73e0d7df3c91beeb9f61a50eaa0a44c8e32b7a62ce32ed3cab1f0fab406ed5b8 libspdm-3.1.0.tar.gz sha256 7dc072bff163df39209bbb63e0916f4667c2a84cf3c36ccc84ec7425bc3e4779 LICENSE.md diff --git a/package/libspdm/libspdm.mk b/package/libspdm/libspdm.mk index cbcbed29de82..b216d9809348 100644 --- a/package/libspdm/libspdm.mk +++ b/package/libspdm/libspdm.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBSPDM_VERSION = 3.0.0 +LIBSPDM_VERSION = 3.1.0 LIBSPDM_SITE = $(call github,DMTF,libspdm,$(LIBSPDM_VERSION)) LIBSPDM_LICENSE = BSD-3-Clause LIBSPDM_LICENSE_FILES = LICENSE.md