rpms/gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity

updated to 3.4.4

Browse Source 
Resolves: rhbz#1250020
This commit is contained in:
Nikos Mavrogiannopoulos 2015-08-10 10:00:22 +02:00
parent 6372546998
commit 9cf431bbd5
4 changed files with 9 additions and 674 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -53,3 +53,4 @@ gnutls-2.10.1-nosrp.tar.bz2
/gnutls-3.4.1-hobbled.tar.xz /gnutls-3.4.1-hobbled.tar.xz
/gnutls-3.4.2-hobbled.tar.xz /gnutls-3.4.2-hobbled.tar.xz
/gnutls-3.4.3-hobbled.tar.xz /gnutls-3.4.3-hobbled.tar.xz
/gnutls-3.4.4-hobbled.tar.xz

669
gnutls-3.4.3-no-trousers.patch
View File

@ -1,669 +0,0 @@
diff --git a/lib/Makefile.am b/lib/Makefile.am
index f19935d..9e5078d 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -137,7 +137,7 @@ libgnutls_la_LIBADD = ../gl/libgnu.la x509/libgnutls_x509.la \
auth/libgnutls_auth.la algorithms/libgnutls_alg.la \
extras/libgnutls_extras.la
thirdparty_libadd = $(LTLIBZ) $(LTLIBINTL) $(LIBSOCKET) $(LTLIBNSL) \
- $(LTLIBICONV) $(P11_KIT_LIBS) $(LIB_SELECT) $(TSS_LIBS)
+ $(LTLIBICONV) $(P11_KIT_LIBS) $(LIB_SELECT)
if HAVE_LIBIDN
thirdparty_libadd += $(LIBIDN_LIBS)
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 6c4e458..9838b75 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -288,6 +288,8 @@ static const gnutls_error_entry error_entries[] = {
ERROR_ENTRY(N_("TPM error."),
GNUTLS_E_TPM_ERROR),
+ ERROR_ENTRY(N_("The TPM library (trousers) cannot be found."),
+ GNUTLS_E_TPM_NO_LIB),
ERROR_ENTRY(N_("TPM is not initialized."),
GNUTLS_E_TPM_UNINITIALIZED),
ERROR_ENTRY(N_("TPM key was not found in persistent storage."),
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index f177405..0fc50db 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -402,6 +402,9 @@ static void _gnutls_global_deinit(unsigned destructor)
gnutls_pkcs11_deinit();
}
#endif
+#ifdef HAVE_TROUSERS
+ _gnutls_tpm_global_deinit();
+#endif
gnutls_mutex_deinit(&_gnutls_file_mutex);
gnutls_mutex_deinit(&_gnutls_pkcs11_mutex);
diff --git a/lib/gnutls_global.h b/lib/gnutls_global.h
index 31e759e..e1a8f2e 100644
--- a/lib/gnutls_global.h
+++ b/lib/gnutls_global.h
@@ -43,5 +43,6 @@ extern gnutls_audit_log_func _gnutls_audit_log_func;
extern int _gnutls_log_level;
extern int gnutls_crypto_init(void);
extern void gnutls_crypto_deinit(void);
+extern void _gnutls_tpm_global_deinit(void);
#endif
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 305ef0d..a1c688c 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -2510,6 +2510,7 @@ int gnutls_fips140_mode_enabled(void);
#define GNUTLS_E_TPM_SESSION_ERROR -332
#define GNUTLS_E_TPM_KEY_NOT_FOUND -333
#define GNUTLS_E_TPM_UNINITIALIZED -334
+#define GNUTLS_E_TPM_NO_LIB -335
#define GNUTLS_E_NO_CERTIFICATE_STATUS -340
#define GNUTLS_E_OCSP_RESPONSE_ERROR -341
diff --git a/lib/tpm.c b/lib/tpm.c
index 41a238b..f5613c5 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -3,6 +3,7 @@
*
* Copyright © 2012 Free Software Foundation.
* Copyright © 2008-2012 Intel Corporation.
+ * Copyright © 2015 Red Hat, Inc.
*
* Author: David Woodhouse <dwmw2@infradead.org>
* Author: Nikos Mavrogiannopoulos
@@ -43,9 +44,134 @@
#include <pin.h>
#include <c-ctype.h>
+#include <dlfcn.h>
#include <trousers/tss.h>
#include <trousers/trousers.h>
+typedef char *(*Trspi_Error_Layer_func)(TSS_RESULT);
+typedef char *(*Trspi_Error_String_func)(TSS_RESULT);
+typedef TSS_RESULT (*Trspi_Error_Code_func)(TSS_RESULT);
+
+typedef TSS_RESULT (*Tspi_Context_CloseObject_func)(TSS_HCONTEXT, TSS_HOBJECT);
+typedef TSS_RESULT (*Tspi_Context_Close_func)(TSS_HCONTEXT);
+typedef TSS_RESULT (*Tspi_Context_CreateObject_func)(TSS_HCONTEXT, TSS_FLAG, TSS_FLAG, TSS_HOBJECT*);
+typedef TSS_RESULT (*Tspi_Context_FreeMemory_func)(TSS_HCONTEXT, BYTE*);
+typedef TSS_RESULT (*Tspi_Context_GetTpmObject_func)(TSS_HCONTEXT, TSS_HTPM*);
+typedef TSS_RESULT (*Tspi_Context_LoadKeyByUUID_func)(TSS_HCONTEXT, TSS_FLAG, TSS_UUID, TSS_HKEY*);
+typedef TSS_RESULT (*Tspi_Context_RegisterKey_func)(TSS_HCONTEXT, TSS_HKEY, TSS_FLAG, TSS_UUID, TSS_FLAG, TSS_UUID);
+typedef TSS_RESULT (*Tspi_Context_UnregisterKey_func)(TSS_HCONTEXT, TSS_FLAG, TSS_UUID, TSS_HKEY*);
+typedef TSS_RESULT (*Tspi_Key_CreateKey_func)(TSS_HKEY, TSS_HKEY, TSS_HPCRS);
+typedef TSS_RESULT (*Tspi_Hash_SetHashValue_func)(TSS_HHASH, UINT32, BYTE*);
+typedef TSS_RESULT (*Tspi_Hash_Sign_func)(TSS_HHASH, TSS_HKEY, UINT32*, BYTE**);
+typedef TSS_RESULT (*Tspi_Policy_SetSecret_func)(TSS_HPOLICY, TSS_FLAG, UINT32, BYTE*);
+typedef TSS_RESULT (*Tspi_Context_Create_func)(TSS_HCONTEXT*);
+typedef TSS_RESULT (*Tspi_Context_Connect_func)(TSS_HCONTEXT, TSS_UNICODE*);
+typedef TSS_RESULT (*Tspi_GetPolicyObject_func)(TSS_HOBJECT, TSS_FLAG, TSS_HPOLICY*);
+typedef TSS_RESULT (*Tspi_DecodeBER_TssBlob_func)(UINT32, BYTE*, UINT32*, UINT32*, BYTE*);
+typedef TSS_RESULT (*Tspi_Context_LoadKeyByBlob_func)(TSS_HCONTEXT, TSS_HKEY, UINT32, BYTE*, TSS_HKEY*);
+typedef TSS_RESULT (*Tspi_Policy_AssignToObject_func)(TSS_HPOLICY, TSS_HOBJECT);
+typedef TSS_RESULT (*Tspi_GetAttribData_func)(TSS_HOBJECT, TSS_FLAG, TSS_FLAG, UINT32*, BYTE**);
+typedef TSS_RESULT (*Tspi_Context_GetTpmObject_func)(TSS_HCONTEXT, TSS_HTPM*);
+typedef TSS_RESULT (*Tspi_TPM_StirRandom_func)(TSS_HTPM, UINT32, BYTE*);
+typedef TSS_RESULT (*Tspi_SetAttribUint32_func)(TSS_HOBJECT, TSS_FLAG, TSS_FLAG, UINT32);
+typedef TSS_RESULT (*Tspi_EncodeDER_TssBlob_func)(UINT32, BYTE*, UINT32, UINT32*, BYTE*);
+typedef TSS_RESULT (*Tspi_Context_GetRegisteredKeysByUUID2_func)(TSS_HCONTEXT, TSS_FLAG, TSS_UUID*, UINT32*, TSS_KM_KEYINFO2**);
+
+static Tspi_Context_CloseObject_func pTspi_Context_CloseObject;
+static Tspi_Context_Close_func pTspi_Context_Close;
+static Tspi_Context_CreateObject_func pTspi_Context_CreateObject;
+static Tspi_Context_FreeMemory_func pTspi_Context_FreeMemory;
+static Tspi_Context_GetTpmObject_func pTspi_Context_GetTpmObject;
+static Tspi_Context_LoadKeyByUUID_func pTspi_Context_LoadKeyByUUID;
+static Tspi_Context_RegisterKey_func pTspi_Context_RegisterKey;
+static Tspi_Context_UnregisterKey_func pTspi_Context_UnregisterKey;
+static Tspi_Key_CreateKey_func pTspi_Key_CreateKey;
+static Tspi_Hash_SetHashValue_func pTspi_Hash_SetHashValue;
+static Tspi_Hash_Sign_func pTspi_Hash_Sign;
+static Tspi_Policy_SetSecret_func pTspi_Policy_SetSecret;
+static Tspi_Context_Create_func pTspi_Context_Create;
+static Tspi_Context_Connect_func pTspi_Context_Connect;
+static Tspi_GetPolicyObject_func pTspi_GetPolicyObject;
+static Tspi_DecodeBER_TssBlob_func pTspi_DecodeBER_TssBlob;
+static Tspi_Context_LoadKeyByBlob_func pTspi_Context_LoadKeyByBlob;
+static Tspi_Policy_AssignToObject_func pTspi_Policy_AssignToObject;
+static Tspi_GetAttribData_func pTspi_GetAttribData;
+static Tspi_Context_GetTpmObject_func pTspi_Context_GetTpmObject;
+static Tspi_TPM_StirRandom_func pTspi_TPM_StirRandom;
+static Tspi_SetAttribUint32_func pTspi_SetAttribUint32;
+static Tspi_EncodeDER_TssBlob_func pTspi_EncodeDER_TssBlob;
+static Tspi_Context_GetRegisteredKeysByUUID2_func pTspi_Context_GetRegisteredKeysByUUID2;
+
+static Trspi_Error_Layer_func pTrspi_Error_Layer;
+static Trspi_Error_String_func pTrspi_Error_String;
+static Trspi_Error_Code_func pTrspi_Error_Code;
+
+static void *tpm_dl = NULL;
+
+#define _DLSYM(dl, sym) \
+ p##sym = dlsym(dl, #sym); \
+ if (p##sym == NULL) { \
+ dlclose(dl); \
+ dl = NULL; \
+ return -1; \
+ }
+
+static int check_init(void)
+{
+ if (tpm_dl == NULL) {
+ tpm_dl = dlopen(TROUSERS_LIB, RTLD_LAZY);
+ if (tpm_dl == NULL) {
+ _gnutls_debug_log("couldn't open %s\n", TROUSERS_LIB);
+ return -1;
+ }
+
+ _DLSYM(tpm_dl,Tspi_Context_CloseObject);
+ _DLSYM(tpm_dl,Tspi_Context_Close);
+ _DLSYM(tpm_dl,Tspi_Context_CreateObject);
+ _DLSYM(tpm_dl,Tspi_Context_FreeMemory);
+ _DLSYM(tpm_dl,Tspi_Context_GetTpmObject);
+ _DLSYM(tpm_dl,Tspi_Context_LoadKeyByUUID);
+ _DLSYM(tpm_dl,Tspi_Context_RegisterKey);
+ _DLSYM(tpm_dl,Tspi_Context_UnregisterKey);
+ _DLSYM(tpm_dl,Tspi_Key_CreateKey);
+ _DLSYM(tpm_dl,Tspi_Hash_SetHashValue);
+ _DLSYM(tpm_dl,Tspi_Hash_Sign);
+ _DLSYM(tpm_dl,Tspi_Policy_SetSecret);
+ _DLSYM(tpm_dl,Tspi_Context_Create);
+ _DLSYM(tpm_dl,Tspi_Context_Connect);
+ _DLSYM(tpm_dl,Tspi_GetPolicyObject);
+ _DLSYM(tpm_dl,Tspi_DecodeBER_TssBlob);
+ _DLSYM(tpm_dl,Tspi_Context_LoadKeyByBlob);
+ _DLSYM(tpm_dl,Tspi_Policy_AssignToObject);
+ _DLSYM(tpm_dl,Tspi_GetAttribData);
+ _DLSYM(tpm_dl,Tspi_Context_GetTpmObject);
+ _DLSYM(tpm_dl,Tspi_TPM_StirRandom);
+ _DLSYM(tpm_dl,Tspi_SetAttribUint32);
+ _DLSYM(tpm_dl,Tspi_EncodeDER_TssBlob);
+ _DLSYM(tpm_dl,Tspi_Context_GetRegisteredKeysByUUID2);
+
+ _DLSYM(tpm_dl,Trspi_Error_Layer);
+ _DLSYM(tpm_dl,Trspi_Error_String);
+ _DLSYM(tpm_dl,Trspi_Error_Code);
+ }
+
+ return 0;
+}
+
+#define CHECK_INIT \
+ if (check_init() < 0) return gnutls_assert_val(GNUTLS_E_TPM_NO_LIB)
+
+#define CHECK_INIT_VOID \
+ if (check_init() < 0) return
+
+void _gnutls_tpm_global_deinit(void)
+{
+ if (tpm_dl) {
+ dlclose(tpm_dl);
+ tpm_dl = NULL;
+ }
+}
+
struct tpm_ctx_st {
TSS_HCONTEXT tpm_ctx;
TSS_HKEY tpm_key;
@@ -83,8 +209,8 @@ static int encode_tpmkey_url(char **url, const TSS_UUID * uuid,
static int tss_err_pwd(TSS_RESULT err, int pwd_error)
{
_gnutls_debug_log("TPM (%s) error: %s (%x)\n",
- Trspi_Error_Layer(err), Trspi_Error_String(err),
- (unsigned int) Trspi_Error_Code(err));
+ pTrspi_Error_Layer(err), pTrspi_Error_String(err),
+ (unsigned int) pTrspi_Error_Code(err));
switch (ERROR_LAYER(err)) {
case TSS_LAYER_TPM:
@@ -121,8 +247,8 @@ static void tpm_deinit_fn(gnutls_privkey_t key, void *_s)
{
struct tpm_ctx_st *s = _s;
- Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key_policy);
- Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key);
+ pTspi_Context_CloseObject(s->tpm_ctx, s->tpm_key_policy);
+ pTspi_Context_CloseObject(s->tpm_ctx, s->tpm_key);
tpm_close_session(s);
gnutls_free(s);
@@ -140,31 +266,31 @@ tpm_sign_fn(gnutls_privkey_t key, void *_s,
data->size);
err =
- Tspi_Context_CreateObject(s->tpm_ctx,
+ pTspi_Context_CreateObject(s->tpm_ctx,
TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER,
&hash);
if (err) {
gnutls_assert();
_gnutls_debug_log("Failed to create TPM hash object: %s\n",
- Trspi_Error_String(err));
+ pTrspi_Error_String(err));
return GNUTLS_E_PK_SIGN_FAILED;
}
- err = Tspi_Hash_SetHashValue(hash, data->size, data->data);
+ err = pTspi_Hash_SetHashValue(hash, data->size, data->data);
if (err) {
gnutls_assert();
_gnutls_debug_log
("Failed to set value in TPM hash object: %s\n",
- Trspi_Error_String(err));
- Tspi_Context_CloseObject(s->tpm_ctx, hash);
+ pTrspi_Error_String(err));
+ pTspi_Context_CloseObject(s->tpm_ctx, hash);
return GNUTLS_E_PK_SIGN_FAILED;
}
- err = Tspi_Hash_Sign(hash, s->tpm_key, &sig->size, &sig->data);
- Tspi_Context_CloseObject(s->tpm_ctx, hash);
+ err = pTspi_Hash_Sign(hash, s->tpm_key, &sig->size, &sig->data);
+ pTspi_Context_CloseObject(s->tpm_ctx, hash);
if (err) {
if (s->tpm_key_policy || err != TPM_E_AUTHFAIL)
_gnutls_debug_log
("TPM hash signature failed: %s\n",
- Trspi_Error_String(err));
+ pTrspi_Error_String(err));
if (err == TPM_E_AUTHFAIL)
return GNUTLS_E_TPM_KEY_PASSWORD_ERROR;
else
@@ -226,13 +352,13 @@ static TSS_RESULT myTspi_Policy_SetSecret(TSS_HPOLICY hPolicy,
{
if (rgbSecret == NULL) {
/* Well known NULL key */
- return Tspi_Policy_SetSecret(hPolicy,
+ return pTspi_Policy_SetSecret(hPolicy,
TSS_SECRET_MODE_SHA1,
sizeof(nullpass),
(BYTE *) nullpass);
} else { /* key is given */
- return Tspi_Policy_SetSecret(hPolicy,
+ return pTspi_Policy_SetSecret(hPolicy,
TSS_SECRET_MODE_PLAIN,
ulSecretLength, rgbSecret);
}
@@ -244,13 +370,13 @@ static int tpm_open_session(struct tpm_ctx_st *s, const char *srk_password)
{
int err, ret;
- err = Tspi_Context_Create(&s->tpm_ctx);
+ err = pTspi_Context_Create(&s->tpm_ctx);
if (err) {
gnutls_assert();
return tss_err(err);
}
- err = Tspi_Context_Connect(s->tpm_ctx, NULL);
+ err = pTspi_Context_Connect(s->tpm_ctx, NULL);
if (err) {
gnutls_assert();
ret = tss_err(err);
@@ -258,7 +384,7 @@ static int tpm_open_session(struct tpm_ctx_st *s, const char *srk_password)
}
err =
- Tspi_Context_LoadKeyByUUID(s->tpm_ctx, TSS_PS_TYPE_SYSTEM,
+ pTspi_Context_LoadKeyByUUID(s->tpm_ctx, TSS_PS_TYPE_SYSTEM,
srk_uuid, &s->srk);
if (err) {
gnutls_assert();
@@ -267,7 +393,7 @@ static int tpm_open_session(struct tpm_ctx_st *s, const char *srk_password)
}
err =
- Tspi_GetPolicyObject(s->srk, TSS_POLICY_USAGE, &s->srk_policy);
+ pTspi_GetPolicyObject(s->srk, TSS_POLICY_USAGE, &s->srk_policy);
if (err) {
gnutls_assert();
ret = tss_err(err);
@@ -286,13 +412,13 @@ static int tpm_open_session(struct tpm_ctx_st *s, const char *srk_password)
return 0;
out_srkpol:
- Tspi_Context_CloseObject(s->tpm_ctx, s->srk_policy);
+ pTspi_Context_CloseObject(s->tpm_ctx, s->srk_policy);
s->srk_policy = 0;
out_srk:
- Tspi_Context_CloseObject(s->tpm_ctx, s->srk);
+ pTspi_Context_CloseObject(s->tpm_ctx, s->srk);
s->srk = 0;
out_tspi_ctx:
- Tspi_Context_Close(s->tpm_ctx);
+ pTspi_Context_Close(s->tpm_ctx);
s->tpm_ctx = 0;
return ret;
@@ -300,11 +426,11 @@ static int tpm_open_session(struct tpm_ctx_st *s, const char *srk_password)
static void tpm_close_session(struct tpm_ctx_st *s)
{
- Tspi_Context_CloseObject(s->tpm_ctx, s->srk_policy);
+ pTspi_Context_CloseObject(s->tpm_ctx, s->srk_policy);
s->srk_policy = 0;
- Tspi_Context_CloseObject(s->tpm_ctx, s->srk);
+ pTspi_Context_CloseObject(s->tpm_ctx, s->srk);
s->srk = 0;
- Tspi_Context_Close(s->tpm_ctx);
+ pTspi_Context_Close(s->tpm_ctx);
s->tpm_ctx = 0;
}
@@ -402,7 +528,7 @@ static int load_key(TSS_HCONTEXT tpm_ctx, TSS_HKEY srk,
tint2 = asn1.size;
err =
- Tspi_DecodeBER_TssBlob(fdata->size, fdata->data, &type,
+ pTspi_DecodeBER_TssBlob(fdata->size, fdata->data, &type,
&tint2, asn1.data);
if (err != 0) {
gnutls_assert();
@@ -414,7 +540,7 @@ static int load_key(TSS_HCONTEXT tpm_ctx, TSS_HKEY srk,
}
/* ... we get it here instead. */
- err = Tspi_Context_LoadKeyByBlob(tpm_ctx, srk,
+ err = pTspi_Context_LoadKeyByBlob(tpm_ctx, srk,
asn1.size, asn1.data, tpm_key);
if (err != 0) {
gnutls_assert();
@@ -465,7 +591,7 @@ import_tpm_key(gnutls_privkey_t pkey,
}
} else if (uuid) {
err =
- Tspi_Context_LoadKeyByUUID(s->tpm_ctx, storage,
+ pTspi_Context_LoadKeyByUUID(s->tpm_ctx, storage,
*uuid, &s->tpm_key);
if (err) {
@@ -493,7 +619,7 @@ import_tpm_key(gnutls_privkey_t pkey,
&tmp_sig);
if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR) {
if (!s->tpm_key_policy) {
- err = Tspi_Context_CreateObject(s->tpm_ctx,
+ err = pTspi_Context_CreateObject(s->tpm_ctx,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&s->
@@ -505,7 +631,7 @@ import_tpm_key(gnutls_privkey_t pkey,
}
err =
- Tspi_Policy_AssignToObject(s->tpm_key_policy,
+ pTspi_Policy_AssignToObject(s->tpm_key_policy,
s->tpm_key);
if (err) {
gnutls_assert();
@@ -530,10 +656,10 @@ import_tpm_key(gnutls_privkey_t pkey,
return 0;
out_key_policy:
- Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key_policy);
+ pTspi_Context_CloseObject(s->tpm_ctx, s->tpm_key_policy);
s->tpm_key_policy = 0;
out_key:
- Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key);
+ pTspi_Context_CloseObject(s->tpm_ctx, s->tpm_key);
s->tpm_key = 0;
out_session:
tpm_close_session(s);
@@ -569,6 +695,8 @@ gnutls_privkey_import_tpm_raw(gnutls_privkey_t pkey,
const char *srk_password,
const char *key_password, unsigned int flags)
{
+ CHECK_INIT;
+
if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
return import_tpm_key(pkey, fdata, format, NULL, 0,
srk_password, key_password);
@@ -845,6 +973,8 @@ gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey,
gnutls_datum_t fdata = { NULL, 0 };
int ret;
+ CHECK_INIT;
+
ret = decode_tpmkey_url(url, &durl);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -914,7 +1044,7 @@ static int read_pubkey(gnutls_pubkey_t pub, TSS_HKEY key_ctx,
/* read the public key */
- tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
+ tssret = pTspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
&tint, (void *) &tdata);
if (tssret != 0) {
@@ -925,12 +1055,12 @@ static int read_pubkey(gnutls_pubkey_t pub, TSS_HKEY key_ctx,
m.data = tdata;
m.size = tint;
- tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
+ tssret = pTspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT,
&tint, (void *) &tdata);
if (tssret != 0) {
gnutls_assert();
- Tspi_Context_FreeMemory(key_ctx, m.data);
+ pTspi_Context_FreeMemory(key_ctx, m.data);
return tss_err(tssret);
}
@@ -939,8 +1069,8 @@ static int read_pubkey(gnutls_pubkey_t pub, TSS_HKEY key_ctx,
ret = gnutls_pubkey_import_rsa_raw(pub, &m, &e);
- Tspi_Context_FreeMemory(key_ctx, m.data);
- Tspi_Context_FreeMemory(key_ctx, e.data);
+ pTspi_Context_FreeMemory(key_ctx, m.data);
+ pTspi_Context_FreeMemory(key_ctx, e.data);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -976,7 +1106,7 @@ import_tpm_pubkey(gnutls_pubkey_t pkey,
}
} else if (uuid) {
err =
- Tspi_Context_LoadKeyByUUID(s.tpm_ctx, storage,
+ pTspi_Context_LoadKeyByUUID(s.tpm_ctx, storage,
*uuid, &s.tpm_key);
if (err) {
gnutls_assert();
@@ -1064,6 +1194,8 @@ gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey,
gnutls_tpmkey_fmt_t format,
const char *srk_password, unsigned int flags)
{
+ CHECK_INIT;
+
if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
return import_tpm_pubkey_cb(pkey, fdata, format, NULL, 0,
srk_password);
@@ -1103,6 +1235,8 @@ gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey,
gnutls_datum_t fdata = { NULL, 0 };
int ret;
+ CHECK_INIT;
+
ret = decode_tpmkey_url(url, &durl);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -1210,6 +1344,8 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
TSS_HTPM htpm;
uint8_t buf[32];
+ CHECK_INIT;
+
privkey->data = NULL;
if (pubkey != NULL)
pubkey->data = NULL;
@@ -1244,7 +1380,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
/* put some randomness into TPM.
* Let's not trust it completely.
*/
- tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm);
+ tssret = pTspi_Context_GetTpmObject(s.tpm_ctx, &htpm);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
@@ -1258,13 +1394,13 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
goto err_cc;
}
- tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf);
+ tssret = pTspi_TPM_StirRandom(htpm, sizeof(buf), buf);
if (tssret) {
gnutls_assert();
}
tssret =
- Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY,
+ pTspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY,
tpm_flags, &key_ctx);
if (tssret != 0) {
gnutls_assert();
@@ -1273,7 +1409,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
}
tssret =
- Tspi_SetAttribUint32(key_ctx, TSS_TSPATTRIB_KEY_INFO,
+ pTspi_SetAttribUint32(key_ctx, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
TSS_SS_RSASSAPKCS1V15_DER);
if (tssret != 0) {
@@ -1285,7 +1421,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
/* set the password of the actual key */
if (key_password) {
tssret =
- Tspi_GetPolicyObject(key_ctx, TSS_POLICY_USAGE,
+ pTspi_GetPolicyObject(key_ctx, TSS_POLICY_USAGE,
&key_policy);
if (tssret != 0) {
gnutls_assert();
@@ -1303,7 +1439,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
}
}
- tssret = Tspi_Key_CreateKey(key_ctx, s.srk, 0);
+ tssret = pTspi_Key_CreateKey(key_ctx, s.srk, 0);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
@@ -1320,7 +1456,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
}
tssret =
- Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx,
+ pTspi_Context_RegisterKey(s.tpm_ctx, key_ctx,
storage_type, key_uuid,
TSS_PS_TYPE_SYSTEM, srk_uuid);
if (tssret != 0) {
@@ -1335,7 +1471,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
if (ret < 0) {
TSS_HKEY tkey;
- Tspi_Context_UnregisterKey(s.tpm_ctx, storage_type,
+ pTspi_Context_UnregisterKey(s.tpm_ctx, storage_type,
key_uuid, &tkey);
gnutls_assert();
goto err_sa;
@@ -1346,7 +1482,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
tssret =
- Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_KEY_BLOB,
+ pTspi_GetAttribData(key_ctx, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB, &tint,
(void *) &tdata);
if (tssret != 0) {
@@ -1387,7 +1523,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
tint2 = tmpkey.size;
tssret =
- Tspi_EncodeDER_TssBlob(tint, tdata,
+ pTspi_EncodeDER_TssBlob(tint, tdata,
TSS_BLOB_TYPE_PRIVATEKEY,
&tint2, tmpkey.data);
if (tssret != 0) {
@@ -1452,7 +1588,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
gnutls_free(tmpkey.data);
tmpkey.data = NULL;
err_sa:
- Tspi_Context_CloseObject(s.tpm_ctx, key_ctx);
+ pTspi_Context_CloseObject(s.tpm_ctx, key_ctx);
err_cc:
tpm_close_session(&s);
return ret;
@@ -1469,8 +1605,10 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
**/
void gnutls_tpm_key_list_deinit(gnutls_tpm_key_list_t list)
{
+ CHECK_INIT_VOID;
+
if (list->tpm_ctx != 0)
- Tspi_Context_Close(list->tpm_ctx);
+ pTspi_Context_Close(list->tpm_ctx);
gnutls_free(list);
}
@@ -1495,6 +1633,8 @@ int
gnutls_tpm_key_list_get_url(gnutls_tpm_key_list_t list, unsigned int idx,
char **url, unsigned int flags)
{
+ CHECK_INIT;
+
if (idx >= list->size)
return
gnutls_assert_val
@@ -1521,18 +1661,20 @@ int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list)
TSS_RESULT tssret;
int ret;
+ CHECK_INIT;
+
*list = gnutls_calloc(1, sizeof(struct tpm_key_list_st));
if (*list == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- tssret = Tspi_Context_Create(&(*list)->tpm_ctx);
+ tssret = pTspi_Context_Create(&(*list)->tpm_ctx);
if (tssret) {
gnutls_assert();
ret = tss_err(tssret);
goto cleanup;
}
- tssret = Tspi_Context_Connect((*list)->tpm_ctx, NULL);
+ tssret = pTspi_Context_Connect((*list)->tpm_ctx, NULL);
if (tssret) {
gnutls_assert();
ret = tss_err(tssret);
@@ -1540,7 +1682,7 @@ int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list)
}
tssret =
- Tspi_Context_GetRegisteredKeysByUUID2((*list)->tpm_ctx,
+ pTspi_Context_GetRegisteredKeysByUUID2((*list)->tpm_ctx,
TSS_PS_TYPE_SYSTEM, NULL,
&(*list)->size,
&(*list)->ki);
@@ -1578,6 +1720,8 @@ int gnutls_tpm_privkey_delete(const char *url, const char *srk_password)
TSS_HKEY tkey;
int ret;
+ CHECK_INIT;
+
ret = decode_tpmkey_url(url, &durl);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -1590,7 +1734,7 @@ int gnutls_tpm_privkey_delete(const char *url, const char *srk_password)
return gnutls_assert_val(ret);
tssret =
- Tspi_Context_UnregisterKey(s.tpm_ctx, durl.storage, durl.uuid,
+ pTspi_Context_UnregisterKey(s.tpm_ctx, durl.storage, durl.uuid,
&tkey);
if (tssret != 0) {
gnutls_assert();

11
gnutls.spec
View File

@ -2,8 +2,8 @@
%bcond_without guile %bcond_without guile
Summary: A TLS protocol implementation Summary: A TLS protocol implementation
Name: gnutls Name: gnutls
Version: 3.4.3 Version: 3.4.4
Release: 2%{?dist} Release: 1%{?dist}
# The libraries are LGPLv2.1+, utilities are GPLv3+ # The libraries are LGPLv2.1+, utilities are GPLv3+
License: GPLv3+ and LGPLv2+ License: GPLv3+ and LGPLv2+
Group: System Environment/Libraries Group: System Environment/Libraries
@ -37,7 +37,6 @@ Patch1: gnutls-3.2.7-rpath.patch
Patch3: gnutls-3.1.11-nosrp.patch Patch3: gnutls-3.1.11-nosrp.patch
Patch4: gnutls-3.4.1-default-policy.patch Patch4: gnutls-3.4.1-default-policy.patch
Patch5: gnutls-3.4.2-no-now-guile.patch Patch5: gnutls-3.4.2-no-now-guile.patch
Patch6: gnutls-3.4.3-no-trousers.patch
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib) = 20130424 Provides: bundled(gnulib) = 20130424
@ -141,7 +140,6 @@ This package contains Guile bindings for the library.
%patch3 -p1 -b .nosrp %patch3 -p1 -b .nosrp
%patch4 -p1 -b .default-policy %patch4 -p1 -b .default-policy
%patch5 -p1 -b .guile %patch5 -p1 -b .guile
%patch6 -p1 -b .no-trousers
sed 's/gnutls_srp.c//g' -i lib/Makefile.in sed 's/gnutls_srp.c//g' -i lib/Makefile.in
sed 's/gnutls_srp.lo//g' -i lib/Makefile.in sed 's/gnutls_srp.lo//g' -i lib/Makefile.in
@ -279,6 +277,11 @@ fi
%endif %endif
%changelog %changelog
* Wed Aug 10 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.4-1
- new upstream release
- no longer requires trousers patch
- fixes issue in gnutls_x509_privkey_import (#1250020)
* Mon Jul 13 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.3-2 * Mon Jul 13 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.3-2
- Don't link against trousers but rather dlopen() it when available. - Don't link against trousers but rather dlopen() it when available.
That avoids a dependency on openssl by the main library. That avoids a dependency on openssl by the main library.

2
sources
View File

@ -1 +1 @@
8b9b5605b83fcdcd29c2cccbda6d2bbb gnutls-3.4.3-hobbled.tar.xz 312509864029648108bd4473155e6b46 gnutls-3.4.4-hobbled.tar.xz