Merge pull request #24811 from yuwata/build-without-openssl

meson,tpm2: fix build without openssl
2024-11-27 12:13:33 +08:00 · 2022-09-25 10:51:45 +01:00 · 2022-09-25 10:51:45 +01:00 · be807dcc5e
commit be807dcc5e
parent e56074a212 395c1d9a85
2 changed files with 19 additions and 4 deletions
--- a/meson.build
+++ b/meson.build
@ -1440,9 +1440,16 @@ conf.set10('HAVE_P11KIT', have)

 want_libfido2 = get_option('libfido2')
 if want_libfido2 != 'false' and not skip_deps
-        libfido2 = dependency('libfido2',
-                              required : want_libfido2 == 'true')
-        have = libfido2.found()
+        if conf.get('HAVE_OPENSSL') == 1
+                libfido2 = dependency('libfido2',
+                                      required : want_libfido2 == 'true')
+                have = libfido2.found()
+        elif want_libfido2 == 'true'
+                error('libfido2=true requires openssl')
+        else
+                have = false
+                libfido2 = []
+        endif
 else
        have = false
        libfido2 = []
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@ -802,6 +802,7 @@ static int tpm2_make_encryption_session(
        return 0;
 }

+#if HAVE_OPENSSL
 static int openssl_pubkey_to_tpm2_pubkey(EVP_PKEY *input, TPM2B_PUBLIC *output) {
 #if OPENSSL_VERSION_MAJOR >= 3
        _cleanup_(BN_freep) BIGNUM *n = NULL, *e = NULL;
@ -981,6 +982,7 @@ static int find_signature(

        return log_error_errno(SYNTHETIC_ERRNO(ENXIO), "Couldn't find signature for this PCR bank, PCR index and public key.");
 }
+#endif

 static int tpm2_make_policy_session(
                ESYS_CONTEXT *c,
@ -1005,7 +1007,6 @@ static int tpm2_make_policy_session(
        };
        _cleanup_(Esys_Freep) TPM2B_DIGEST *policy_digest = NULL;
        ESYS_TR session = ESYS_TR_NONE, pubkey_handle = ESYS_TR_NONE;
-        _cleanup_(EVP_PKEY_freep) EVP_PKEY *pk = NULL;
        TSS2_RC rc;
        int r;

@ -1045,6 +1046,8 @@ static int tpm2_make_policy_session(
                }
        }

+#if HAVE_OPENSSL
+        _cleanup_(EVP_PKEY_freep) EVP_PKEY *pk = NULL;
        if (pubkey_size > 0) {
                /* If a pubkey is specified, load it to validate it, even if the PCR mask for this is actually zero, and we are thus not going to use it. */
                _cleanup_fclose_ FILE *f = fmemopen((void*) pubkey, pubkey_size, "r");
@ -1055,6 +1058,7 @@ static int tpm2_make_policy_session(
                if (!pk)
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse PEM public key.");
        }
+#endif

        rc = sym_Esys_StartAuthSession(
                        c,
@ -1073,6 +1077,7 @@ static int tpm2_make_policy_session(
                                       "Failed to open session in TPM: %s", sym_Tss2_RC_Decode(rc));

        if (pubkey_pcr_mask != 0) {
+#if HAVE_OPENSSL
                log_debug("Configuring public key based PCR policy.");

                /* First: load public key into the TPM */
@ -1221,6 +1226,9 @@ static int tpm2_make_policy_session(
                                            "Failed to push Authorize policy into TPM: %s", sym_Tss2_RC_Decode(rc));
                        goto finish;
                }
+#else
+                return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "OpenSSL support is disabled.");
+#endif
        }

        if (hash_pcr_mask != 0) {