From d107b36d2118295c53ec7837028917ffa6d47595 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 9 Nov 2021 05:05:23 -0500 Subject: [PATCH] import tpm2-tss-2.3.2-4.el8 --- ...c-calculation-for-tpm2_clear-command.patch | 39 ++++++++ ...he-private-implementation-of-strndup.patch | 96 +++++++++++++++++++ SPECS/tpm2-tss.spec | 10 +- 3 files changed, 144 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0001-esys-fix-hmac-calculation-for-tpm2_clear-command.patch create mode 100644 SOURCES/0001-tctildr-remove-the-private-implementation-of-strndup.patch diff --git a/SOURCES/0001-esys-fix-hmac-calculation-for-tpm2_clear-command.patch b/SOURCES/0001-esys-fix-hmac-calculation-for-tpm2_clear-command.patch new file mode 100644 index 0000000..320ac43 --- /dev/null +++ b/SOURCES/0001-esys-fix-hmac-calculation-for-tpm2_clear-command.patch @@ -0,0 +1,39 @@ +From 3d3808c3eb02c27f1b114baddd03960892044909 Mon Sep 17 00:00:00 2001 +From: Tadeusz Struk +Date: Mon, 2 Mar 2020 14:45:52 -0800 +Subject: [PATCH] esys: fix hmac calculation for tpm2_clear command + +After tpm2_clear command is executed it sets all ownerAuth, +endorsementAuth, and lockoutAuth to the Empty Buffer and then +this is used for a response auth calculation. +This requires to recalculate the esys session auth value after +tpm2_clear is executed or the calculated response HMAC value +will be invalid and the command will fail with +err: 0x0007001b "Authorizing the TPM response failed" + +Fixes: #1641 + +Signed-off-by: Tadeusz Struk +--- + src/tss2-esys/api/Esys_Clear.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/tss2-esys/api/Esys_Clear.c b/src/tss2-esys/api/Esys_Clear.c +index f5c0b827425a..0f43f7e9b85f 100644 +--- a/src/tss2-esys/api/Esys_Clear.c ++++ b/src/tss2-esys/api/Esys_Clear.c +@@ -199,6 +199,11 @@ Esys_Clear_Async( + return_state_if_error(r, _ESYS_STATE_INTERNALERROR, + "Finish (Execute Async)"); + ++ /* If the command authorization is LOCKOUT we need to ++ * recompute session value with an empty auth */ ++ if (authHandle == ESYS_TR_RH_LOCKOUT) ++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL); ++ + esysContext->state = _ESYS_STATE_SENT; + + return r; +-- +2.30.1 + diff --git a/SOURCES/0001-tctildr-remove-the-private-implementation-of-strndup.patch b/SOURCES/0001-tctildr-remove-the-private-implementation-of-strndup.patch new file mode 100644 index 0000000..a62c8ac --- /dev/null +++ b/SOURCES/0001-tctildr-remove-the-private-implementation-of-strndup.patch @@ -0,0 +1,96 @@ +From 464da22b71e26421f55d4e8abc14711f89c89a28 Mon Sep 17 00:00:00 2001 +From: Tadeusz Struk +Date: Thu, 20 Feb 2020 14:11:43 -0800 +Subject: [PATCH] tctildr: remove the private implementation of strndup + +In fact the private implementation of strndup is only +needed for windows. + +Fixes: #1633 + +Signed-off-by: Tadeusz Struk +--- + configure.ac | 2 +- + src/tss2-tcti/tctildr.c | 37 +++++++++++++++++-------------------- + 2 files changed, 18 insertions(+), 21 deletions(-) + +diff --git a/configure.ac b/configure.ac +index d7724805966b..aa4ffb1b78a1 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -45,7 +45,6 @@ case "${host_os}" in + esac + AC_SUBST([LIBSOCKET_LDFLAGS]) + +-AC_CHECK_FUNCS([strndup]) + AC_ARG_ENABLE([unit], + [AS_HELP_STRING([--enable-unit], + [build cmocka unit tests])],, +@@ -65,6 +64,7 @@ AC_ARG_ENABLE([esapi], + + AM_CONDITIONAL(ESAPI, test "x$enable_esapi" = "xyes") + ++AC_CHECK_FUNC([strndup],[],[AC_MSG_ERROR([strndup function not found])]) + AC_ARG_ENABLE([tcti-device-async], + AS_HELP_STRING([--enable-tcti-device-async], + [Enable asynchronus operation on TCTI device +diff --git a/src/tss2-tcti/tctildr.c b/src/tss2-tcti/tctildr.c +index a46b301b3ea7..92af1d3a787d 100644 +--- a/src/tss2-tcti/tctildr.c ++++ b/src/tss2-tcti/tctildr.c +@@ -15,8 +15,25 @@ + #include + #elif defined(_MSC_VER) + #include ++#include + #ifndef PATH_MAX + #define PATH_MAX MAX_PATH ++ ++static char *strndup(const char* s, size_t n) ++{ ++ char *dst = NULL; ++ ++ if (n + 1 >= USHRT_MAX) ++ return NULL; ++ ++ dst = calloc(1, n + 1); ++ ++ if (dst == NULL) ++ return NULL; ++ ++ memcpy(dst, s, n); ++ return dst; ++} + #endif + #else + #include +@@ -268,26 +285,6 @@ Tss2_TctiLdr_Finalize (TSS2_TCTI_CONTEXT **tctiContext) + *tctiContext = NULL; + } + +-#if !defined(HAVE_STRNDUP) +-char* +-strndup (const char* s, +- size_t n) +-{ +- char* dst = NULL; +- +- if (n + 1 < n) { +- return NULL; +- } +- dst = calloc(1, n + 1); +- if (dst == NULL) { +- return NULL; +- } +- memcpy(dst, s, n); +- +- return dst; +-} +-#endif /* HAVE_STRNDUP */ +- + TSS2_RC + copy_info (const TSS2_TCTI_INFO *info_src, + TSS2_TCTI_INFO *info_dst) +-- +2.30.1 + diff --git a/SPECS/tpm2-tss.spec b/SPECS/tpm2-tss.spec index d51a096..d91c61c 100644 --- a/SPECS/tpm2-tss.spec +++ b/SPECS/tpm2-tss.spec @@ -1,6 +1,6 @@ Name: tpm2-tss Version: 2.3.2 -Release: 3%{?dist} +Release: 4%{?dist} Summary: TPM2.0 Software Stack # The entire source code is under BSD except implementation.h and tpmb.h which @@ -24,6 +24,8 @@ Patch10: 0001-esys-fix-keysize-of-ECC-curve-TPM2_ECC_NISTP224.patch Patch11: 0001-Esys_CreateLoaded-fix-resource-name-calculation.patch Patch12: 0001-sys-match-counter-variable-type-for-cmdAuthsArray-co.patch Patch13: 0001-Return-proper-error-code-on-memory-allocation-failur.patch +Patch14: 0001-esys-fix-hmac-calculation-for-tpm2_clear-command.patch +Patch15: 0001-tctildr-remove-the-private-implementation-of-strndup.patch %global udevrules_prefix 60- @@ -36,6 +38,7 @@ BuildRequires: pkgconfig BuildRequires: systemd BuildRequires: libgcrypt-devel BuildRequires: openssl-devel +Requires(pre): shadow-utils %description tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system @@ -116,6 +119,11 @@ use tpm2-tss. %postun -p /sbin/ldconfig %changelog +* Tue Apr 20 2021 Jerry Snitselaar - 2.3.2-4 +- Fix hmac calculation for tpm2_clear command. +- Remove private implementation of strndup. +resolves: rhbz#1920825 rhbz#1940861 + * Mon Nov 16 2020 Jerry Snitselaar - 2.3.2-3 - Add tss user if doesn't exist. - Update exported symbols map for libtss2-mu