From ac941adb9fb0a312fee3a9adda335c31b4b4f70c Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Sat, 1 Aug 2020 09:22:20 -0400 Subject: [PATCH] Add patch to for passing certificate chain validation This patch fixes test errors on Fedora Rawhide due to the change in the min-verification-profile setting in gnutls.config. Signed-off-by: Stefan Berger --- ...ple-key-to-be-2048-bit-rather-than-o.patch | 56 +++++++++++++++++++ swtpm.spec | 3 +- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch diff --git a/0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch b/0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch new file mode 100644 index 0000000..95d5d76 --- /dev/null +++ b/0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch @@ -0,0 +1,56 @@ +From f5bd8ba14f5165bc5b7cd3b20a7ba07f6acbfffe Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Fri, 31 Jul 2020 10:47:27 -0400 +Subject: [PATCH] tests: Modify sample key to be 2048 bit rather than only 2033 + bit + +The generated sample keys started with 00010203, thus leaving the upper +15 bits of the key as '0', which in turn causes gnutls to think that the +key is only 2033 bit long, thus rejecting certificate verification once +the min-verification-profile is set to 'medium' in gnutls's config file +in /etc/crypto-policies/back-ends/gnutls.config. + +We now create sample keys starting with 800102, which sets the highest bit. + +This fixes test errors on Fedora Rawhide due to the change in the +min-verification-profile setting in gnutls.config. + +Signed-off-by: Stefan Berger +--- + tests/test_tpm2_samples_swtpm_localca | 4 ++-- + tests/test_tpm2_samples_swtpm_localca_pkcs11 | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tests/test_tpm2_samples_swtpm_localca b/tests/test_tpm2_samples_swtpm_localca +index 3611b9d2..11ad10ba 100755 +--- a/tests/test_tpm2_samples_swtpm_localca ++++ b/tests/test_tpm2_samples_swtpm_localca +@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca + + workdir=$(mktemp -d "/tmp/path with spaces.XXXXXX") + +-ek="" +-for ((i = 0; i < 256; i++)); do ++ek="80" # 2048 bit key must have highest bit set ++for ((i = 1; i < 256; i++)); do + ek="${ek}$(printf "%02x" $i)" + done + +diff --git a/tests/test_tpm2_samples_swtpm_localca_pkcs11 b/tests/test_tpm2_samples_swtpm_localca_pkcs11 +index 5d0d1d45..372a6391 100755 +--- a/tests/test_tpm2_samples_swtpm_localca_pkcs11 ++++ b/tests/test_tpm2_samples_swtpm_localca_pkcs11 +@@ -11,8 +11,8 @@ SWTPM_LOCALCA=${TOPSRC}/samples/swtpm-localca + + workdir=$(mktemp -d) + +-ek="" +-for ((i = 0; i < 256; i++)); do ++ek="80" # 2048 bit key must have highest bit set ++for ((i = 1; i < 256; i++)); do + ek="${ek}$(printf "%02x" $i)" + done + +-- +2.25.4 + diff --git a/swtpm.spec b/swtpm.spec index 1e14c81..8236ea6 100644 --- a/swtpm.spec +++ b/swtpm.spec @@ -12,12 +12,13 @@ Summary: TPM Emulator Name: swtpm Version: 0.3.0 -Release: 3.%{gitdate}git%{gitshortcommit}%{?dist} +Release: 4.%{gitdate}git%{gitshortcommit}%{?dist} License: BSD Url: http://github.com/stefanberger/swtpm Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz Patch0001: 0001-tests-Skip-test-4-of-derived-keys-in-case-an-allowed.patch +Patch0002: 0001-tests-Modify-sample-key-to-be-2048-bit-rather-than-o.patch BuildRequires: git-core BuildRequires: automake