rpms/tpm-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import tpm-tools-1.3.9.2-1.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-05-18 02:37:16 -04:00 committed by Andrew Lukoshko
parent e25458edce
commit 5c8cd0f6ca
8 changed files with 34 additions and 527 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/tpm-tools-1.3.9.tar.gz
SOURCES/tpm-tools-1.3.9.2.tar.gz

2
.tpm-tools.metadata
View File

@ -1 +1 @@
63d5cd42f464f7a200c508b551f5f2728f141a71 SOURCES/tpm-tools-1.3.9.tar.gz
ea481aab52e3cffa3a257ce848b07f3ea12b8923 SOURCES/tpm-tools-1.3.9.2.tar.gz

37
SOURCES/0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch
View File

@ -1,37 +0,0 @@
From 3acd773846a85d142e919e2f4eeeee1acea5ca3a Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Mon, 20 Feb 2017 10:28:33 +0100
Subject: [PATCH 1/3] Fix build with OpenSSL 1.1 due to EVP_PKEY being an
opaque struct
With OpenSSL 1.1 the build fails with:
data_import.c:375:26: error: dereferencing pointer to incomplete type
'EVP_PKEY {aka struct evp_pkey_st}'
The manual page[1] says:
Previous versions of this document suggested using
EVP_PKEY_type(pkey->type) to determine the type of a key. Since EVP_PKEY
is now opaque this is no longer possible: the equivalent is
EVP_PKEY_base_id(pkey).
[1] https://www.openssl.org/docs/man1.1.0/crypto/EVP_PKEY_base_id.html
---
src/data_mgmt/data_import.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c
index f534717f02..d4d2052bc6 100644
--- a/src/data_mgmt/data_import.c
+++ b/src/data_mgmt/data_import.c
@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile,
goto out;
}
- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
+ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) {
logError( TOKEN_RSA_KEY_ERROR );
X509_free( pX509 );
--
2.9.3

232
SOURCES/0001-man-manpage-cleanup.patch
View File

@ -1,232 +0,0 @@
From 65ca7418b9a884bb5271e602cf63fc8845397988 Mon Sep 17 00:00:00 2001
From: Jerry Snitselaar <jsnitsel@redhat.com>
Date: Sun, 27 Jan 2019 21:55:19 -0700
Subject: [PATCH] man: manpage cleanup
tpm_restrictsrk and tpm_unsealdata are missing manpages.
Add missing options to tpm_nvdefine and tpm_setpresence.
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
---
man/man1/Makefile.am | 1 +
man/man1/tpm_unsealdata.1 | 60 +++++++++++++++++++++++++++++++++
man/man8/Makefile.am | 1 +
man/man8/tpm_nvdefine.8 | 13 ++++++--
man/man8/tpm_restrictsrk.8 | 68 ++++++++++++++++++++++++++++++++++++++
man/man8/tpm_setpresence.8 | 3 ++
6 files changed, 144 insertions(+), 2 deletions(-)
create mode 100644 man/man1/tpm_unsealdata.1
create mode 100644 man/man8/tpm_restrictsrk.8
diff --git a/man/man1/Makefile.am b/man/man1/Makefile.am
index ff8b571..f833363 100644
--- a/man/man1/Makefile.am
+++ b/man/man1/Makefile.am
@@ -22,6 +22,7 @@
#
man1_MANS = tpm_sealdata.1 \
+ tpm_unsealdata.1 \
tpm_version.1
if P11_SUPPORT
man1_MANS += tpmtoken_init.1 \
diff --git a/man/man1/tpm_unsealdata.1 b/man/man1/tpm_unsealdata.1
new file mode 100644
index 0000000..80e8f12
--- /dev/null
+++ b/man/man1/tpm_unsealdata.1
@@ -0,0 +1,60 @@
+.\" Copyright (C) 2019 International Business Machines Corporation
+.\"
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "tpm_unsealdata" 1 "2019-01-27" "TPM Management"
+.ce 1
+TPM Management - tpm_unsealdata
+.SH NAME
+tpm_unsealdata \- unseal input data with the SRK of the system's TPM
+.SH "SYNOPSIS"
+.ad l
+.hy 0
+.B tpm_unsealdata
+.RB [ OPTION ]
+
+.SH "DESCRIPTION"
+.PP
+\fBtpm_unsealdata\fR unseals sensitive data that was sealed the SRK of the system's TPM.
+
+.TP
+\fB\-h\fR, \fB\-\-help\fR
+Display command usage info.
+.TP
+\fB-v\fR, \fB\-\-version\fR
+Display command version info.
+.TP
+\fB-l\fR, \fB\-\-log\fR [none|error|info|debug]
+Set logging level.
+.TP
+\fB-i\fR, \fB\-\-infile FILE\fR
+File containing data to unseal.
+.TP
+\fB-o\fR, \fB\-\-outfile FILE\fR
+Filename to write unsealed data to. Default is STDOUT.
+.TP
+\fB-z\fR, \fB\-\-well-known\fR
+Use TSS_WELL_KNOWN_SECRET (20 zero bytes) as the SRK password. You will not be prompted for the SRK password with this option.
+
+.SH "SEE ALSO"
+.PP
+\fBtpm_sealdata\fR(1), \fBtpmUnsealFile\fR(3)
+
+.SH "REPORTING BUGS"
+Report bugs to <trousers-users@lists.sourceforge.net>
diff --git a/man/man8/Makefile.am b/man/man8/Makefile.am
index b38ac18..487a4c8 100644
--- a/man/man8/Makefile.am
+++ b/man/man8/Makefile.am
@@ -36,6 +36,7 @@ man8_MANS = tpm_changeownerauth.8 \
tpm_createek.8 \
tpm_getpubek.8 \
tpm_restrictpubek.8 \
+ tpm_restrictsrk.8 \
tpm_selftest.8 \
tpm_setactive.8 \
tpm_setclearable.8 \
diff --git a/man/man8/tpm_nvdefine.8 b/man/man8/tpm_nvdefine.8
index 13edb78..0eecc2a 100644
--- a/man/man8/tpm_nvdefine.8
+++ b/man/man8/tpm_nvdefine.8
@@ -161,8 +161,8 @@ using \s-1TSS\s0 popup boxes
.IP "\fB\-y, \-\-owner\-well\-known\fR" 4
.IX Item "-y, --owner-well-known"
Use a secret of all zeros (20 bytes of zeros) as the owner's secret.
-.IP "\fB\-z, \-\-area\-well\-known\fR" 4
-.IX Item "-z, --area-well-known"
+.IP "\fB\-z, \-\-data\-well\-known\fR" 4
+.IX Item "-z, --data-well-known"
Use a secret of all zeros (20 bytes of zeros) as the \s-1NVRAM\s0 area's secret.
.IP "\fB\-o, \-\-pwdo\fR (optional parameter)" 4
.IX Item "-o, --pwdo (optional parameter)"
@@ -189,6 +189,15 @@ To select the \s-1NVRAM\s0 area with index 0x100, the command line parameter sho
.IX Item "-s, --size"
The size of the \s-1NVRAM\s0 area.
The parameter must either be a decimal number or a hexadecimal number starting with '0x'.
+.IP "\fB\-r, \-\-rpcsr\fR" 4
+.IX Item "-r, --rpcrs"
+PCRs to seal the NVRAM area to for reading (use multiple times)
+.IP "\fB\-w, \-\-wpcrs\fR" 4
+.IX Item "-w, --wpcrs"
+PCRs to seal the NVRAM area to for writing (use multiple times)
+.IP "\fB\-f, \-\-filename\fR" 4
+.IX Item "-f, --filename"
+File containing PCR info for the NVRAM area.
.IP "\fB\-p, \-\-permissions\fR" 4
.IX Item "-p, --permissions"
The access permissions associated with the \s-1NVRAM\s0 area.
diff --git a/man/man8/tpm_restrictsrk.8 b/man/man8/tpm_restrictsrk.8
new file mode 100644
index 0000000..7935b7b
--- /dev/null
+++ b/man/man8/tpm_restrictsrk.8
@@ -0,0 +1,68 @@
+.\" Copyright (C) 2019 International Business Machines Corporation
+.\"
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "tpm_restrictsrk" 8 "2019-01-27" "TPM Management"
+.ce 1
+TPM Management - tpm_restrictsrk
+.SH NAME
+tpm_restrictsrk \- restrict the ability to access the Storage Root Key
+.SH "SYNOPSIS"
+.ad l
+.hy 0
+.B tpm_restrictsrk
+.RB [ OPTION ]
+
+.SH "DESCRIPTION"
+.PP
+\fBtpm_restrictsrk\fR reports the status of who can access the Storage Root Key. This is the default behavior and also available with the \fB\-\-status\fR option.
+This operation will be in effect until the owner is cleared and prompts for the owner passord. With the \fB\-\-restrict\fR option, the ability to access the Storage Root Key is resticted to the owner.
+The command prompts for the owner password to complete the operation. The \fB\-\-allow\fR and \fB\-\-restrict\fR options are mutually exclusive and the last one on the command line will be carried out.
+
+.TP
+\fB\-h\fR, \fB\-\-help\fR
+Display command usage info.
+.TP
+\fB-v\fR, \fB\-\-version\fR
+Display command version info.
+.TP
+\fB-l\fR, \fB\-\-log\fR [none|error|info|debug]
+Set logging level.
+.TP
+\fB-u\fR, \fB\-\-unicode\fR
+Use TSS UNICODE encoding for passwords to comply with applications using TSS popup boxes
+.TP
+\fB-a\fR, \fB\-\-allow\fR
+Allow SRK read access using SRK auth
+.TP
+\fB-s\fR, \fB\-\-status\fR
+Display the status of who can access the Storage Root Key
+.TP
+\fB-r\fR, \fB\-\-restrict\fR
+Restrict SRK read to owner only
+.TP
+\fB-z\fR, \fB\-\-well-known\fR
+Authenticate using 20 bytes of zeros as owner password (the default TSS Well Known Secret), instead of prompting for an owner password.
+
+.SH "SEE ALSO"
+.PP
+\fBtpm_version\fR(1), \fBtpm_takeownership\fR(8), \fBtcsd\fR(8)
+
+.SH "REPORTING BUGS"
+Report bugs to <trousers-users@lists.sourceforge.net>
diff --git a/man/man8/tpm_setpresence.8 b/man/man8/tpm_setpresence.8
index a04c70f..96670e0 100644
--- a/man/man8/tpm_setpresence.8
+++ b/man/man8/tpm_setpresence.8
@@ -46,6 +46,9 @@ Set logging level.
\fB-u\fR, \fB\-\-unicode\fR
Use TSS UNICODE encoding for passwords to comply with applications using TSS popup boxes
.TP
+\fB-s\fR, \fB\-\-status\fR
+Report current physical presence states.
+.TP
\fB-a\fR, \fB\-\-assert\fR
Assert that an admin is physically present at the machine.
.TP
--
2.20.1.98.gecbdaf0899

192
SOURCES/0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch
View File

@ -1,192 +0,0 @@
From 72fe7011fe981f90a04a62a3fb6ad33037390dff Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Mon, 20 Feb 2017 10:43:10 +0100
Subject: [PATCH 2/3] Fix build with OpenSSL 1.1 due to RSA being an opaque
struct
RSA is an opaque struct in OpenSSL 1.1. New getter functions must be
used to access the key components. The functions were not present in
OpenSSL 1.0, so add a compat header with the implementation of the
needed functions as suggested by the OpenSSL wiki [1] in order to allow
building tpm-tools with any version of OpenSSL.
[1] https://wiki.openssl.org/index.php/1.1_API_Changes
---
src/data_mgmt/Makefile.am | 3 ++-
src/data_mgmt/data_import.c | 52 ++++++++++++++++++++++---------------
src/data_mgmt/openssl_compat.h | 58 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 92 insertions(+), 21 deletions(-)
create mode 100644 src/data_mgmt/openssl_compat.h
diff --git a/src/data_mgmt/Makefile.am b/src/data_mgmt/Makefile.am
index de505e48ef..9457618ab9 100644
--- a/src/data_mgmt/Makefile.am
+++ b/src/data_mgmt/Makefile.am
@@ -32,7 +32,8 @@ noinst_HEADERS = data_common.h \
data_init.h \
data_object.h \
data_passwd.h \
- data_protect.h
+ data_protect.h \
+ openssl_compat.h
#
# Common build flags
diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c
index d4d2052bc6..532543f7d3 100644
--- a/src/data_mgmt/data_import.c
+++ b/src/data_mgmt/data_import.c
@@ -39,6 +39,7 @@
#include <openssl/evp.h>
#include <openssl/err.h>
+#include "openssl_compat.h"
/*
* Global variables
@@ -691,8 +692,11 @@ createRsaPubKeyObject( RSA *a_pRsa,
int rc = -1;
- int nLen = BN_num_bytes( a_pRsa->n );
- int eLen = BN_num_bytes( a_pRsa->e );
+ const BIGNUM *rsa_n, *rsa_e;
+ RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, NULL );
+
+ int nLen = BN_num_bytes( rsa_n );
+ int eLen = BN_num_bytes( rsa_e );
CK_RV rv;
@@ -732,8 +736,8 @@ createRsaPubKeyObject( RSA *a_pRsa,
}
// Get binary representations of the RSA key information
- BN_bn2bin( a_pRsa->n, n );
- BN_bn2bin( a_pRsa->e, e );
+ BN_bn2bin( rsa_n, n );
+ BN_bn2bin( rsa_e, e );
// Create the RSA public key object
rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
@@ -760,14 +764,22 @@ createRsaPrivKeyObject( RSA *a_pRsa,
int rc = -1;
- int nLen = BN_num_bytes( a_pRsa->n );
- int eLen = BN_num_bytes( a_pRsa->e );
- int dLen = BN_num_bytes( a_pRsa->d );
- int pLen = BN_num_bytes( a_pRsa->p );
- int qLen = BN_num_bytes( a_pRsa->q );
- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
- int iqmpLen = BN_num_bytes( a_pRsa->iqmp );
+ const BIGNUM *rsa_n, *rsa_e, *rsa_d;
+ const BIGNUM *rsa_p, *rsa_q;
+ const BIGNUM *rsa_dmp1, *rsa_dmq1, *rsa_iqmp;
+
+ RSA_get0_key( a_pRsa, &rsa_n, &rsa_e, &rsa_d );
+ RSA_get0_factors( a_pRsa, &rsa_p, &rsa_q );
+ RSA_get0_crt_params( a_pRsa, &rsa_dmp1, &rsa_dmq1, &rsa_iqmp );
+
+ int nLen = BN_num_bytes( rsa_n );
+ int eLen = BN_num_bytes( rsa_e );
+ int dLen = BN_num_bytes( rsa_d );
+ int pLen = BN_num_bytes( rsa_p );
+ int qLen = BN_num_bytes( rsa_q );
+ int dmp1Len = BN_num_bytes( rsa_dmp1 );
+ int dmq1Len = BN_num_bytes( rsa_dmq1 );
+ int iqmpLen = BN_num_bytes( rsa_iqmp );
CK_RV rv;
@@ -821,14 +833,14 @@ createRsaPrivKeyObject( RSA *a_pRsa,
}
// Get binary representations of the RSA key information
- BN_bn2bin( a_pRsa->n, n );
- BN_bn2bin( a_pRsa->e, e );
- BN_bn2bin( a_pRsa->d, d );
- BN_bn2bin( a_pRsa->p, p );
- BN_bn2bin( a_pRsa->q, q );
- BN_bn2bin( a_pRsa->dmp1, dmp1 );
- BN_bn2bin( a_pRsa->dmq1, dmq1 );
- BN_bn2bin( a_pRsa->iqmp, iqmp );
+ BN_bn2bin( rsa_n, n );
+ BN_bn2bin( rsa_e, e );
+ BN_bn2bin( rsa_d, d );
+ BN_bn2bin( rsa_p, p );
+ BN_bn2bin( rsa_q, q );
+ BN_bn2bin( rsa_dmp1, dmp1 );
+ BN_bn2bin( rsa_dmq1, dmq1 );
+ BN_bn2bin( rsa_iqmp, iqmp );
// Create the RSA private key object
rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
diff --git a/src/data_mgmt/openssl_compat.h b/src/data_mgmt/openssl_compat.h
new file mode 100644
index 0000000000..2a60fdf492
--- /dev/null
+++ b/src/data_mgmt/openssl_compat.h
@@ -0,0 +1,58 @@
+/*
+ * Getter functions for OpenSSL < 1.1 compatibility. Based on code from:
+ * https://wiki.openssl.org/index.php/1.1_API_Changes#Adding_forward-compatible_code_to_older_versions
+ * and therefore:
+ * Copyright OpenSSL 2016
+ * Contents licensed under the terms of the OpenSSL license
+ * See http://www.openssl.org/source/license.html for details
+ */
+
+#ifndef __OPENSSL_COMPAT_H
+#define __OPENSSL_COMPAT_H
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <openssl/engine.h>
+
+static inline void
+RSA_get0_key( const RSA *r,
+ const BIGNUM **n,
+ const BIGNUM **e,
+ const BIGNUM **d ) {
+
+ if ( n )
+ *n = r->n;
+ if ( e )
+ *e = r->e;
+ if ( d )
+ *d = r->d;
+}
+
+static inline void
+RSA_get0_factors( const RSA *r,
+ const BIGNUM **p,
+ const BIGNUM **q ) {
+
+ if ( p )
+ *p = r->p;
+ if ( q )
+ *q = r->q;
+}
+
+static inline void
+RSA_get0_crt_params( const RSA *r,
+ const BIGNUM **dmp1,
+ const BIGNUM **dmq1,
+ const BIGNUM **iqmp ) {
+
+ if ( dmp1 )
+ *dmp1 = r->dmp1;
+ if ( dmq1 )
+ *dmq1 = r->dmq1;
+ if ( iqmp )
+ *iqmp = r->iqmp;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER */
+
+#endif /* __OPENSSL_COMPAT_H */
--
2.9.3

38
SOURCES/0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
View File

@ -1,35 +1,34 @@
From c229bb590250bd9769cb5a63918ab0f6c9386be7 Mon Sep 17 00:00:00 2001
From 105c0f43399d75645be59b3c6be68b57a711d84a Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Mon, 20 Feb 2017 12:00:39 +0100
Subject: [PATCH 3/3] Allocate OpenSSL cipher contexts for seal/unseal
Subject: [PATCH] Allocate OpenSSL cipher contexts for seal/unseal
Cipher contexts need to be allocated before using EVP_EncryptInit or
EVP_DecryptInit. Using a NULL context is invalid.
Fixes: f50ab0949438 ("Support OpenSSL 1.1.0")
---
lib/tpm_unseal.c | 12 ++++++++++--
src/cmds/tpm_sealdata.c | 11 +++++++++--
2 files changed, 19 insertions(+), 4 deletions(-)
lib/tpm_unseal.c | 11 ++++++++++-
src/cmds/tpm_sealdata.c | 10 +++++++++-
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/lib/tpm_unseal.c b/lib/tpm_unseal.c
index fc4a84906a..005dab7f8f 100644
index 4aadf21ec1bb..88f21cf40b72 100644
--- a/lib/tpm_unseal.c
+++ b/lib/tpm_unseal.c
@@ -86,7 +86,7 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
int srkSecretLen;
@@ -87,6 +87,7 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
unsigned char* res_data = NULL;
int res_size = 0;
-
+ EVP_CIPHER_CTX *ctx = NULL;
BIO *bdata = NULL, *b64 = NULL, *bmem = NULL;
int bioRc;
@@ -408,7 +408,12 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
@@ -408,7 +409,12 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
}
/* Decode and decrypt the encrypted data */
- EVP_CIPHER_CTX *ctx = NULL;
- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ ctx = EVP_CIPHER_CTX_new();
+ if ( ctx == NULL ) {
+ rc = TPMSEAL_STD_ERROR;
@ -39,7 +38,7 @@ index fc4a84906a..005dab7f8f 100644
EVP_DecryptInit(ctx, EVP_aes_256_cbc(), symKey, (unsigned char *)TPMSEAL_IV);
/* Create a base64 BIO to decode the encrypted data */
@@ -459,6 +464,9 @@ out:
@@ -459,6 +465,9 @@ out:
} else
free(res_data);
@ -50,23 +49,22 @@ index fc4a84906a..005dab7f8f 100644
}
diff --git a/src/cmds/tpm_sealdata.c b/src/cmds/tpm_sealdata.c
index a2157f34b1..e25244a0f4 100644
index 88f63ca0ef89..cd5c49a37f64 100644
--- a/src/cmds/tpm_sealdata.c
+++ b/src/cmds/tpm_sealdata.c
@@ -118,7 +118,7 @@ int main(int argc, char **argv)
char *passwd = NULL;
@@ -119,6 +119,7 @@ int main(int argc, char **argv)
int pswd_len;
BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
-
+ EVP_CIPHER_CTX *ctx = NULL;
BIO *bin = NULL, *bdata=NULL, *b64=NULL;
initIntlSys();
@@ -343,7 +343,11 @@ int main(int argc, char **argv)
@@ -343,7 +344,11 @@ int main(int argc, char **argv)
BIO_puts(bdata, TPMSEAL_ENC_STRING);
bdata = BIO_push(b64, bdata);
- EVP_CIPHER_CTX *ctx = NULL;
- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ logError(_("Unable to allocate cipher context\n"));
@ -75,7 +73,7 @@ index a2157f34b1..e25244a0f4 100644
EVP_EncryptInit(ctx, EVP_aes_256_cbc(), randKey, (unsigned char *)TPMSEAL_IV);
while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) {
@@ -375,5 +379,8 @@ out:
@@ -375,5 +380,8 @@ out:
BIO_free(bdata);
if (b64)
BIO_free(b64);
@ -85,5 +83,5 @@ index a2157f34b1..e25244a0f4 100644
return iRc;
}
--
2.9.3
2.27.0

30
SOURCES/tpm-tools-1.3.9-memset.patch
View File

@ -1,30 +0,0 @@
diff -ur tpm-tools-1.3.9/include/tpm_utils.h tpm-tools-1.3.9-new/include/tpm_utils.h
--- tpm-tools-1.3.9/include/tpm_utils.h 2014-07-23 13:37:12.000000000 -0700
+++ tpm-tools-1.3.9-new/include/tpm_utils.h 2019-06-05 11:13:55.474783996 -0700
@@ -71,7 +71,7 @@
#define __no_optimize
#endif
-void * __no_optimize __memset(void *s, int c, size_t n);
+void * __memset(void *s, int c, size_t n);
typedef int (*CmdOptParser)( const int aOpt, const char *aOptArg );
typedef void (*CmdHelpFunction)( const char *aCmd );
diff -ur tpm-tools-1.3.9/lib/tpm_utils.c tpm-tools-1.3.9-new/lib/tpm_utils.c
--- tpm-tools-1.3.9/lib/tpm_utils.c 2014-07-23 13:37:12.000000000 -0700
+++ tpm-tools-1.3.9-new/lib/tpm_utils.c 2019-06-05 11:13:41.570968364 -0700
@@ -134,10 +134,12 @@
return 0;
}
-void * __no_optimize
+void *
__memset(void *s, int c, size_t n)
{
- return memset(s, c, n);
+ memset(s, c, n);
+ asm volatile("" ::: "memory");
+ return s;
}
/*

28
SPECS/tpm-tools.spec
View File

@ -1,21 +1,15 @@
Name: tpm-tools
Summary: Management tools for the TPM hardware
Version: 1.3.9
Release: 7%{?dist}
Version: 1.3.9.2
Release: 1%{?dist}
License: CPL
URL: http://trousers.sourceforge.net
Source0: http://downloads.sourceforge.net/trousers/%{name}-%{version}.tar.gz
BuildRequires: trousers-devel openssl-devel opencryptoki-devel
Patch0001: 0001-Fix-build-with-OpenSSL-1.1-due-to-EVP_PKEY-being-an-.patch
Patch0002: 0002-Fix-build-with-OpenSSL-1.1-due-to-RSA-being-an-opaqu.patch
Patch0003: 0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
# Patches 4 & 5 submitted upstream by SUSE
Patch0004: 0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch
Patch0005: 0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch
# submitted upstream
Patch0006: 0001-man-manpage-cleanup.patch
Patch0007: 0001-tpm-tools-fix-outdated-function-signature-in-tpmUnse.patch
Patch0008: tpm-tools-1.3.9-memset.patch
BuildRequires: trousers-devel openssl-devel opencryptoki-devel gettext-devel autoconf automake libtool
Patch0001: 0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
Patch0002: 0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch
Patch0003: 0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch
Patch0004: 0001-tpm-tools-fix-outdated-function-signature-in-tpmUnse.patch
%description
tpm-tools is a group of tools to manage and utilize the Trusted Computing
@ -43,9 +37,11 @@ tpm-tools-devel is a package that contains the libraries and headers necessary
for developing tpm-tools applications.
%prep
%autosetup -p1 -c %{name}-%{version}
%autosetup -p1 %{name}-%{version}
%build
chmod +x ./bootstrap.sh
./bootstrap.sh
%configure --disable-static --disable-rpath --disable-silent-rules
%make_build
@ -82,6 +78,10 @@ cp -p man/man8/tpm_restrictsrk.8 %{buildroot}/%{_mandir}/man8
%{_mandir}/man3/tpmUnseal*
%changelog
* Tue Nov 03 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 1.3.9.2-1
- Rebase to 1.3.9.2 release.
resolves: rhbz#1725781
* Wed Jun 12 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1.3.9-7
- Make sure new manpages get installed.
resolves: rhbz#1669892