f1630a9c53
When compiled with LTO and FORTIFY_SOURCE=3 enabled together, tpm2_makecredential outputs corrupted data which cannot be used with tpm2_activatecredential. This can be avoided by disabling compiler optimization for part of the code using pragma. This patch was obtained upstream from: https://github.com/tpm2-software/tpm2-tools/pull/3219 This fixes the upstream issue: https://github.com/tpm2-software/tpm2-tools/issues/3210 Resolves: rhbz#2171376 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
58 lines
1.5 KiB
Diff
58 lines
1.5 KiB
Diff
From 43b24bb6d1bbc65e80bd1de1d679922ba70ce5c0 Mon Sep 17 00:00:00 2001
|
|
From: Juergen Repp <juergen_repp@web.de>
|
|
Date: Mon, 6 Mar 2023 12:16:05 +0100
|
|
Subject: [PATCH] kdfa.c Fix problem with FORTIFY_SOURCE on Fedora
|
|
|
|
The original kdfa implementation did produce an error caused by the flags
|
|
-flto -_FORTIFY_SOURCE=2 on Fedora rawhide.
|
|
This error can be avoided by switching off the optimization with pragma.
|
|
Fixes: #3210.
|
|
|
|
Signed-off-by: Juergen Repp <juergen_repp@web.de>
|
|
---
|
|
lib/tpm2_kdfa.c | 20 +++++++++++++++++++-
|
|
1 file changed, 19 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/tpm2_kdfa.c b/lib/tpm2_kdfa.c
|
|
index 5eb8d558c..9db0467e4 100644
|
|
--- a/lib/tpm2_kdfa.c
|
|
+++ b/lib/tpm2_kdfa.c
|
|
@@ -1,7 +1,6 @@
|
|
/* SPDX-License-Identifier: BSD-3-Clause */
|
|
|
|
#include <string.h>
|
|
-
|
|
#include <openssl/evp.h>
|
|
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
#include <openssl/hmac.h>
|
|
@@ -13,6 +12,15 @@
|
|
#include "tpm2_kdfa.h"
|
|
#include "tpm2_openssl.h"
|
|
|
|
+/*
|
|
+ * Disable optimazation because of an error in FORTIFY_SOURCE
|
|
+ */
|
|
+
|
|
+#ifdef _FORTIFY_SOURCE
|
|
+#pragma GCC push_options
|
|
+#pragma GCC optimize ("O0")
|
|
+#endif
|
|
+
|
|
TSS2_RC tpm2_kdfa(TPMI_ALG_HASH hash_alg, TPM2B *key, char *label,
|
|
TPM2B *context_u, TPM2B *context_v, UINT16 bits,
|
|
TPM2B_MAX_BUFFER *result_key) {
|
|
@@ -139,3 +147,13 @@ TSS2_RC tpm2_kdfa(TPMI_ALG_HASH hash_alg, TPM2B *key, char *label,
|
|
|
|
return rval;
|
|
}
|
|
+#ifdef _FORTIFY_SOURCE
|
|
+
|
|
+#endif
|
|
+
|
|
+#ifdef _FORTIFY_SOURCE
|
|
+#pragma GCC pop_options
|
|
+#endif
|
|
+
|
|
+
|
|
+
|