import tpm2-tss-2.3.2-4.el8

This commit is contained in:
CentOS Sources 2021-11-09 05:05:23 -05:00 committed by Stepan Oksanichenko
parent 7c41fa00ca
commit d107b36d21
3 changed files with 144 additions and 1 deletions

View File

@ -0,0 +1,39 @@
From 3d3808c3eb02c27f1b114baddd03960892044909 Mon Sep 17 00:00:00 2001
From: Tadeusz Struk <tadeusz.struk@intel.com>
Date: Mon, 2 Mar 2020 14:45:52 -0800
Subject: [PATCH] esys: fix hmac calculation for tpm2_clear command
After tpm2_clear command is executed it sets all ownerAuth,
endorsementAuth, and lockoutAuth to the Empty Buffer and then
this is used for a response auth calculation.
This requires to recalculate the esys session auth value after
tpm2_clear is executed or the calculated response HMAC value
will be invalid and the command will fail with
err: 0x0007001b "Authorizing the TPM response failed"
Fixes: #1641
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
---
src/tss2-esys/api/Esys_Clear.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/tss2-esys/api/Esys_Clear.c b/src/tss2-esys/api/Esys_Clear.c
index f5c0b827425a..0f43f7e9b85f 100644
--- a/src/tss2-esys/api/Esys_Clear.c
+++ b/src/tss2-esys/api/Esys_Clear.c
@@ -199,6 +199,11 @@ Esys_Clear_Async(
return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
"Finish (Execute Async)");
+ /* If the command authorization is LOCKOUT we need to
+ * recompute session value with an empty auth */
+ if (authHandle == ESYS_TR_RH_LOCKOUT)
+ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
+
esysContext->state = _ESYS_STATE_SENT;
return r;
--
2.30.1

View File

@ -0,0 +1,96 @@
From 464da22b71e26421f55d4e8abc14711f89c89a28 Mon Sep 17 00:00:00 2001
From: Tadeusz Struk <tadeusz.struk@intel.com>
Date: Thu, 20 Feb 2020 14:11:43 -0800
Subject: [PATCH] tctildr: remove the private implementation of strndup
In fact the private implementation of strndup is only
needed for windows.
Fixes: #1633
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
---
configure.ac | 2 +-
src/tss2-tcti/tctildr.c | 37 +++++++++++++++++--------------------
2 files changed, 18 insertions(+), 21 deletions(-)
diff --git a/configure.ac b/configure.ac
index d7724805966b..aa4ffb1b78a1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -45,7 +45,6 @@ case "${host_os}" in
esac
AC_SUBST([LIBSOCKET_LDFLAGS])
-AC_CHECK_FUNCS([strndup])
AC_ARG_ENABLE([unit],
[AS_HELP_STRING([--enable-unit],
[build cmocka unit tests])],,
@@ -65,6 +64,7 @@ AC_ARG_ENABLE([esapi],
AM_CONDITIONAL(ESAPI, test "x$enable_esapi" = "xyes")
+AC_CHECK_FUNC([strndup],[],[AC_MSG_ERROR([strndup function not found])])
AC_ARG_ENABLE([tcti-device-async],
AS_HELP_STRING([--enable-tcti-device-async],
[Enable asynchronus operation on TCTI device
diff --git a/src/tss2-tcti/tctildr.c b/src/tss2-tcti/tctildr.c
index a46b301b3ea7..92af1d3a787d 100644
--- a/src/tss2-tcti/tctildr.c
+++ b/src/tss2-tcti/tctildr.c
@@ -15,8 +15,25 @@
#include <linux/limits.h>
#elif defined(_MSC_VER)
#include <windows.h>
+#include <limits.h>
#ifndef PATH_MAX
#define PATH_MAX MAX_PATH
+
+static char *strndup(const char* s, size_t n)
+{
+ char *dst = NULL;
+
+ if (n + 1 >= USHRT_MAX)
+ return NULL;
+
+ dst = calloc(1, n + 1);
+
+ if (dst == NULL)
+ return NULL;
+
+ memcpy(dst, s, n);
+ return dst;
+}
#endif
#else
#include <limits.h>
@@ -268,26 +285,6 @@ Tss2_TctiLdr_Finalize (TSS2_TCTI_CONTEXT **tctiContext)
*tctiContext = NULL;
}
-#if !defined(HAVE_STRNDUP)
-char*
-strndup (const char* s,
- size_t n)
-{
- char* dst = NULL;
-
- if (n + 1 < n) {
- return NULL;
- }
- dst = calloc(1, n + 1);
- if (dst == NULL) {
- return NULL;
- }
- memcpy(dst, s, n);
-
- return dst;
-}
-#endif /* HAVE_STRNDUP */
-
TSS2_RC
copy_info (const TSS2_TCTI_INFO *info_src,
TSS2_TCTI_INFO *info_dst)
--
2.30.1

View File

@ -1,6 +1,6 @@
Name: tpm2-tss Name: tpm2-tss
Version: 2.3.2 Version: 2.3.2
Release: 3%{?dist} Release: 4%{?dist}
Summary: TPM2.0 Software Stack Summary: TPM2.0 Software Stack
# The entire source code is under BSD except implementation.h and tpmb.h which # The entire source code is under BSD except implementation.h and tpmb.h which
@ -24,6 +24,8 @@ Patch10: 0001-esys-fix-keysize-of-ECC-curve-TPM2_ECC_NISTP224.patch
Patch11: 0001-Esys_CreateLoaded-fix-resource-name-calculation.patch Patch11: 0001-Esys_CreateLoaded-fix-resource-name-calculation.patch
Patch12: 0001-sys-match-counter-variable-type-for-cmdAuthsArray-co.patch Patch12: 0001-sys-match-counter-variable-type-for-cmdAuthsArray-co.patch
Patch13: 0001-Return-proper-error-code-on-memory-allocation-failur.patch Patch13: 0001-Return-proper-error-code-on-memory-allocation-failur.patch
Patch14: 0001-esys-fix-hmac-calculation-for-tpm2_clear-command.patch
Patch15: 0001-tctildr-remove-the-private-implementation-of-strndup.patch
%global udevrules_prefix 60- %global udevrules_prefix 60-
@ -36,6 +38,7 @@ BuildRequires: pkgconfig
BuildRequires: systemd BuildRequires: systemd
BuildRequires: libgcrypt-devel BuildRequires: libgcrypt-devel
BuildRequires: openssl-devel BuildRequires: openssl-devel
Requires(pre): shadow-utils
%description %description
tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system
@ -116,6 +119,11 @@ use tpm2-tss.
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%changelog %changelog
* Tue Apr 20 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 2.3.2-4
- Fix hmac calculation for tpm2_clear command.
- Remove private implementation of strndup.
resolves: rhbz#1920825 rhbz#1940861
* Mon Nov 16 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 2.3.2-3 * Mon Nov 16 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 2.3.2-3
- Add tss user if doesn't exist. - Add tss user if doesn't exist.
- Update exported symbols map for libtss2-mu - Update exported symbols map for libtss2-mu