Compare commits
No commits in common. "c8-beta" and "c9-beta" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/ibmtss1331.tar.gz
|
SOURCES/ibmtss1.6.0.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
39a13864ad42cafae27683fa52bc1d5d21dad39c SOURCES/ibmtss1331.tar.gz
|
fcd86e864f69443f72ecbf18f26e39844aefee44 SOURCES/ibmtss1.6.0.tar.gz
|
||||||
|
37
SOURCES/0001-tss-Add-missing-parameter-union-members.patch
Normal file
37
SOURCES/0001-tss-Add-missing-parameter-union-members.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From 8e8c6777847825c5067b171c2e4ac8b33fe0d6bc Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?=
|
||||||
|
<shoracek@redhat.com>
|
||||||
|
Date: Sun, 1 May 2022 19:33:02 +0200
|
||||||
|
Subject: [PATCH 1/4] tss: Add missing parameter union members
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
|
||||||
|
---
|
||||||
|
utils/ibmtss/Parameters.h | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/utils/ibmtss/Parameters.h b/utils/ibmtss/Parameters.h
|
||||||
|
index 98a04ff..5b6c29a 100644
|
||||||
|
--- a/utils/ibmtss/Parameters.h
|
||||||
|
+++ b/utils/ibmtss/Parameters.h
|
||||||
|
@@ -182,6 +182,7 @@
|
||||||
|
typedef union {
|
||||||
|
ActivateCredential_In ActivateCredential;
|
||||||
|
CertifyCreation_In CertifyCreation;
|
||||||
|
+ CertifyX509_In CertifyX509;
|
||||||
|
Certify_In Certify;
|
||||||
|
ChangeEPS_In ChangeEPS;
|
||||||
|
ChangePPS_In ChangePPS;
|
||||||
|
@@ -313,6 +314,7 @@ typedef union
|
||||||
|
{
|
||||||
|
ActivateCredential_Out ActivateCredential;
|
||||||
|
CertifyCreation_Out CertifyCreation;
|
||||||
|
+ CertifyX509_Out CertifyX509;
|
||||||
|
Certify_Out Certify;
|
||||||
|
Commit_Out Commit;
|
||||||
|
ContextLoad_Out ContextLoad;
|
||||||
|
--
|
||||||
|
2.34.3
|
||||||
|
|
@ -1,31 +0,0 @@
|
|||||||
From 8f232900d3b8f8af65a029f49c17ee53d3cca122 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jerry Snitselaar <jsnitsel@redhat.com>
|
|
||||||
Date: Thu, 6 Jun 2019 14:53:18 -0700
|
|
||||||
Subject: [PATCH] tss2: fix bounds check in IMA_Event_PcrExtend
|
|
||||||
|
|
||||||
pcrs is declared with IMPLEMENTATION_PCR elements,
|
|
||||||
so the index bounds check should be >= IMPLEMENTATION_PCR
|
|
||||||
since indexing at value IMPLEMENTATION_PCR would be off the
|
|
||||||
end of the array. This was flagged by coverity.
|
|
||||||
|
|
||||||
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
|
|
||||||
---
|
|
||||||
utils/imalib.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/utils/imalib.c b/utils/imalib.c
|
|
||||||
index 4957c1b..a841cd6 100644
|
|
||||||
--- a/utils/imalib.c
|
|
||||||
+++ b/utils/imalib.c
|
|
||||||
@@ -1306,7 +1306,7 @@ uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR],
|
|
||||||
|
|
||||||
/* validate PCR number */
|
|
||||||
if (rc == 0) {
|
|
||||||
- if (imaEvent->pcrIndex > IMPLEMENTATION_PCR) {
|
|
||||||
+ if (imaEvent->pcrIndex >= IMPLEMENTATION_PCR) {
|
|
||||||
printf("ERROR: IMA_Event_PcrExtend: PCR number %u out of range\n", imaEvent->pcrIndex);
|
|
||||||
rc = TSS_RC_BAD_PROPERTY;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -0,0 +1,62 @@
|
|||||||
|
From e0c1e3efd187a3cfa77906eef978fa6beada0b31 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ken Goldman <kgoldman@us.ibm.com>
|
||||||
|
Date: Thu, 1 Jul 2021 13:55:28 -0400
|
||||||
|
Subject: [PATCH] utils: Generate X509 certificate serial number using sha256
|
||||||
|
|
||||||
|
This is just a test certificate, not a real CA. Certificate serial
|
||||||
|
numbers can be 20 octets maximum. Use a truncated sha256 because some
|
||||||
|
'lint' programs are now scanning for sha1.
|
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgoldman@us.ibm.com>
|
||||||
|
---
|
||||||
|
utils/ekutils.c | 18 ++++++++++++++----
|
||||||
|
1 file changed, 14 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/utils/ekutils.c b/utils/ekutils.c
|
||||||
|
index a0a2734..aad6fba 100644
|
||||||
|
--- a/utils/ekutils.c
|
||||||
|
+++ b/utils/ekutils.c
|
||||||
|
@@ -61,6 +61,7 @@
|
||||||
|
|
||||||
|
#include <openssl/pem.h>
|
||||||
|
#include <openssl/x509.h>
|
||||||
|
+#include <openssl/evp.h>
|
||||||
|
|
||||||
|
#include <ibmtss/tssresponsecode.h>
|
||||||
|
#include <ibmtss/tssutils.h>
|
||||||
|
@@ -1835,7 +1836,7 @@ TPM_RC startCertificate(X509 *x509Certificate, /* X509 certificate to be generat
|
||||||
|
ASN1_TIME *arc; /* return code */
|
||||||
|
ASN1_INTEGER *x509Serial; /* certificate serial number in ASN1 */
|
||||||
|
BIGNUM *x509SerialBN; /* certificate serial number as a BIGNUM */
|
||||||
|
- unsigned char x509Serialbin[SHA1_DIGEST_SIZE]; /* certificate serial number in binary */
|
||||||
|
+ unsigned char x509Serialbin[EVP_MAX_MD_SIZE]; /* certificate serial number in binary */
|
||||||
|
X509_NAME *x509IssuerName; /* composite issuer name, key/value pairs */
|
||||||
|
X509_NAME *x509SubjectName; /* composite subject name, key/value pairs */
|
||||||
|
|
||||||
|
@@ -1855,11 +1856,20 @@ TPM_RC startCertificate(X509 *x509Certificate, /* X509 certificate to be generat
|
||||||
|
add certificate serial number
|
||||||
|
*/
|
||||||
|
if (rc == 0) {
|
||||||
|
+ const EVP_MD *type;
|
||||||
|
+
|
||||||
|
if (tssUtilsVerbose) printf("startCertificate: Adding certificate serial number\n");
|
||||||
|
/* to create a unique serial number, hash the key to be certified */
|
||||||
|
- SHA1(keyBuffer, keyLength, x509Serialbin);
|
||||||
|
- /* convert the SHA1 digest to a BIGNUM */
|
||||||
|
- x509SerialBN = BN_bin2bn(x509Serialbin, SHA1_DIGEST_SIZE, x509SerialBN);
|
||||||
|
+ type = EVP_sha256();
|
||||||
|
+ irc = EVP_Digest(keyBuffer, keyLength, x509Serialbin, NULL, type, NULL);
|
||||||
|
+ if (irc == 0) {
|
||||||
|
+ printf("startCertificate: Error in serial number EVP_Digest\n");
|
||||||
|
+ rc = TSS_RC_X509_ERROR;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ /* convert the digest to a BIGNUM, use 20 octets */
|
||||||
|
+ x509SerialBN = BN_bin2bn(x509Serialbin, 20, x509SerialBN);
|
||||||
|
if (x509SerialBN == NULL) {
|
||||||
|
printf("startCertificate: Error in serial number BN_bin2bn\n");
|
||||||
|
rc = TSS_RC_X509_ERROR;
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
1453
SOURCES/0001-utils-Update-certifyx509-for-Openssl-3.0.0.patch
Normal file
1453
SOURCES/0001-utils-Update-certifyx509-for-Openssl-3.0.0.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,600 @@
|
|||||||
|
From 3e4c744cf09d43aba0ae9381c1527263e39a7c70 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?=
|
||||||
|
<shoracek@redhat.com>
|
||||||
|
Date: Mon, 18 Apr 2022 23:51:02 +0200
|
||||||
|
Subject: [PATCH 2/4] regtest: Update to SHA-256 without restricting the scope
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Signed-off-by: Å tÄ›pán HoráÄ<C2A1>ek <shoracek@redhat.com>
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
---
|
||||||
|
utils/policies/policycountertimer.bin | Bin 20 -> 32 bytes
|
||||||
|
utils/policies/policycphash.bin | Bin 20 -> 32 bytes
|
||||||
|
utils/policies/policycphash.txt | 2 +-
|
||||||
|
utils/policies/policycphashhash.bin | 2 +-
|
||||||
|
utils/policies/policynvargs.txt | Bin 13 -> 12 bytes
|
||||||
|
utils/policies/policynvnv.bin | Bin 20 -> 32 bytes
|
||||||
|
utils/policies/policynvnv.txt | 2 +-
|
||||||
|
utils/policies/policypcr.bin | 2 +-
|
||||||
|
utils/policies/policypcr0.txt | 2 +-
|
||||||
|
utils/policies/policypcrbm0.bin | Bin 20 -> 32 bytes
|
||||||
|
utils/policies/policywrittenset.bin | 2 +-
|
||||||
|
utils/reg.sh | 2 +
|
||||||
|
utils/regtests/testchangeauth.sh | 4 +-
|
||||||
|
utils/regtests/testevict.sh | 12 ++--
|
||||||
|
utils/regtests/testnv.sh | 6 +-
|
||||||
|
utils/regtests/testpolicy.sh | 80 +++++++++++++-------------
|
||||||
|
utils/regtests/testrsa.sh | 8 +--
|
||||||
|
utils/regtests/testsign.sh | 12 ++--
|
||||||
|
18 files changed, 69 insertions(+), 67 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/utils/policies/policycountertimer.bin b/utils/policies/policycountertimer.bin
|
||||||
|
index f767440113ab39251794257628b34f761ae05121..8937a155bdcdc535e5f013a03ce58fd5a193a6fd 100644
|
||||||
|
GIT binary patch
|
||||||
|
literal 32
|
||||||
|
ocmeBTv0vY?A&j>pRZ{#s$085m*E`r54EYbFMa|K0nsfat0L0V`*#H0l
|
||||||
|
|
||||||
|
literal 20
|
||||||
|
ccmaFX(x@JK!18iNvf_!!0jhUbsX5I80B48^c>n+a
|
||||||
|
|
||||||
|
diff --git a/utils/policies/policycphash.bin b/utils/policies/policycphash.bin
|
||||||
|
index 1c357a65cc7cf408bc27d0a2a5c6a0735778e5ed..0f998b85ac2b6620049e350b0c31cc38b2f7414a 100644
|
||||||
|
GIT binary patch
|
||||||
|
literal 32
|
||||||
|
qcmV+*0N?)`MNQmb<N(X@{1co_-#=a<IaKWOQl0d(fR)m3=&W@Mq7i=p
|
||||||
|
|
||||||
|
literal 20
|
||||||
|
ccmZR3lJoQPaee~<iJE0anHyTR1PSH?0A-{JC;$Ke
|
||||||
|
|
||||||
|
diff --git a/utils/policies/policycphash.txt b/utils/policies/policycphash.txt
|
||||||
|
index 52edeab..bc06262 100644
|
||||||
|
--- a/utils/policies/policycphash.txt
|
||||||
|
+++ b/utils/policies/policycphash.txt
|
||||||
|
@@ -1 +1 @@
|
||||||
|
-0000016eb5f919bbc01f0ebad02010169a67a8c158ec12f3
|
||||||
|
+0000016e58f8c9f3300b71c97c7c6ec3e18afba176e3f582d96ab67df29acb559fc7d34f
|
||||||
|
diff --git a/utils/policies/policycphashhash.bin b/utils/policies/policycphashhash.bin
|
||||||
|
index a30627d..e88c974 100644
|
||||||
|
--- a/utils/policies/policycphashhash.bin
|
||||||
|
+++ b/utils/policies/policycphashhash.bin
|
||||||
|
@@ -1 +1 @@
|
||||||
|
-µù»ÀºÐ šg¨ÁXìó
|
||||||
|
\ No newline at end of file
|
||||||
|
+XøÉó0qÉ||nÃáŠû¡vãõ‚Ùj¶}òšËUŸÇÓO
|
||||||
|
\ No newline at end of file
|
||||||
|
diff --git a/utils/policies/policynvargs.txt b/utils/policies/policynvargs.txt
|
||||||
|
index 4f4d97c4a15e2f16ef61e8b3d31182382bc88b6d..ce58bc9f84b9623e708de4eb8427a57d9f9a160f 100644
|
||||||
|
GIT binary patch
|
||||||
|
literal 12
|
||||||
|
KcmZQzKmY&$3;+QD
|
||||||
|
|
||||||
|
literal 13
|
||||||
|
LcmZQzKmaZP02crY
|
||||||
|
|
||||||
|
diff --git a/utils/policies/policynvnv.bin b/utils/policies/policynvnv.bin
|
||||||
|
index df080a73e76146d5474cc3d1b2ed1e09fad62e3d..bb54d249107c9ff17a8af7141d491f6bec88b001 100644
|
||||||
|
GIT binary patch
|
||||||
|
literal 32
|
||||||
|
qcmV+*0N?+4*1${A{L{NkNx*#e^i_%2jn+j)Ac{3i{<g<lL9fU}!V=B^
|
||||||
|
|
||||||
|
literal 20
|
||||||
|
ccmdlp+sD6}Ax$z`_U4>Pb!)?)%V_-p09oM)7XSbN
|
||||||
|
|
||||||
|
diff --git a/utils/policies/policynvnv.txt b/utils/policies/policynvnv.txt
|
||||||
|
index a124ea9..5d3d62e 100644
|
||||||
|
--- a/utils/policies/policynvnv.txt
|
||||||
|
+++ b/utils/policies/policynvnv.txt
|
||||||
|
@@ -1 +1 @@
|
||||||
|
-000001492c513f149e737ec4063fc1d37aee9beabc4b4bbf00042234b8df7cdf8605ee0a2088ac7dfe34c6566c5c
|
||||||
|
\ No newline at end of file
|
||||||
|
+0000014915ec7bf0b50732b49f8228e07d24365338f9e3ab994b00af08e5a3bffe55fd8b000b45a8f4283309cd5ef189746d7526786f712eb3df9960508ee343d3e63376bc6c
|
||||||
|
\ No newline at end of file
|
||||||
|
diff --git a/utils/policies/policypcr.bin b/utils/policies/policypcr.bin
|
||||||
|
index 8f69740..2597338 100644
|
||||||
|
--- a/utils/policies/policypcr.bin
|
||||||
|
+++ b/utils/policies/policypcr.bin
|
||||||
|
@@ -1 +1 @@
|
||||||
|
-…3ƒõè<`C4oŸ7!vŽ
|
||||||
|
\ No newline at end of file
|
||||||
|
+¿òÕŽ˜ù|ïÁOr<72>3¼p’ÖR·Èw•’T¯„6
|
||||||
|
\ No newline at end of file
|
||||||
|
diff --git a/utils/policies/policypcr0.txt b/utils/policies/policypcr0.txt
|
||||||
|
index b61f288..cd09bbf 100644
|
||||||
|
--- a/utils/policies/policypcr0.txt
|
||||||
|
+++ b/utils/policies/policypcr0.txt
|
||||||
|
@@ -1 +1 @@
|
||||||
|
-0000000000000000000000000000000000000000
|
||||||
|
\ No newline at end of file
|
||||||
|
+0000000000000000000000000000000000000000000000000000000000000000
|
||||||
|
diff --git a/utils/policies/policypcrbm0.bin b/utils/policies/policypcrbm0.bin
|
||||||
|
index bd0f292e05dc793b2831fec273c2eefa7b3a9672..666ea3c731d2f46d4d94768cab4464ff0bb0e5af 100644
|
||||||
|
GIT binary patch
|
||||||
|
literal 32
|
||||||
|
ocmb>Z5cE02?1^I8ss%e3mgaqqyRPviCuhr<=Bo*jp4^KQ0V0YJ<^TWy
|
||||||
|
|
||||||
|
literal 20
|
||||||
|
bcmd0`@U(b%wL7eEQs@+Ww#>9`zjTxVT?`1l
|
||||||
|
|
||||||
|
diff --git a/utils/policies/policywrittenset.bin b/utils/policies/policywrittenset.bin
|
||||||
|
index 4f6bb8c..4ed9066 100644
|
||||||
|
--- a/utils/policies/policywrittenset.bin
|
||||||
|
+++ b/utils/policies/policywrittenset.bin
|
||||||
|
@@ -1 +1 @@
|
||||||
|
-0sHß_ëíe”æý¬„"ã
|
||||||
|
\ No newline at end of file
|
||||||
|
+÷ˆ}ŠèÓ‹à¬Sózža‹õH…E<zTݰƦ;ë
|
||||||
|
\ No newline at end of file
|
||||||
|
diff --git a/utils/reg.sh b/utils/reg.sh
|
||||||
|
index 048863b..2d9d100 100755
|
||||||
|
--- a/utils/reg.sh
|
||||||
|
+++ b/utils/reg.sh
|
||||||
|
@@ -72,6 +72,8 @@ PREFIX=./
|
||||||
|
# hash algorithms to be used for testing
|
||||||
|
|
||||||
|
export ITERATE_ALGS="sha1 sha256 sha384 sha512"
|
||||||
|
+export ITERATE_ALGS_SIZES="20 32 48 64"
|
||||||
|
+export ITERATE_ALGS_COUNT=4
|
||||||
|
export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1"
|
||||||
|
|
||||||
|
printUsage ()
|
||||||
|
diff --git a/utils/regtests/testchangeauth.sh b/utils/regtests/testchangeauth.sh
|
||||||
|
index 303b318..b830a96 100755
|
||||||
|
--- a/utils/regtests/testchangeauth.sh
|
||||||
|
+++ b/utils/regtests/testchangeauth.sh
|
||||||
|
@@ -67,11 +67,11 @@ do
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Sign a digest with the original key ${SESS}"
|
||||||
|
- ${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig ${SESS} > run.out
|
||||||
|
+ ${PREFIX}sign -hk 80000001 -halg sha256 -if policies/aaa -os sig.bin -pwdk sig ${SESS} > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Sign a digest with the changed key"
|
||||||
|
- ${PREFIX}sign -hk 80000002 -halg sha1 -if policies/aaa -os sig.bin -pwdk xxx > run.out
|
||||||
|
+ ${PREFIX}sign -hk 80000002 -halg sha256 -if policies/aaa -os sig.bin -pwdk xxx > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Flush the key"
|
||||||
|
diff --git a/utils/regtests/testevict.sh b/utils/regtests/testevict.sh
|
||||||
|
index 761eaa8..8f2806f 100755
|
||||||
|
--- a/utils/regtests/testevict.sh
|
||||||
|
+++ b/utils/regtests/testevict.sh
|
||||||
|
@@ -58,11 +58,11 @@ ${PREFIX}evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Sign a digest with the transient key"
|
||||||
|
-${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
+${PREFIX}sign -hk 80000001 -halg sha256 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Sign a digest with the persistent key"
|
||||||
|
-${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
+${PREFIX}sign -hk 81800000 -halg sha256 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Flush the transient key"
|
||||||
|
@@ -74,11 +74,11 @@ ${PREFIX}flushcontext -ha 81800000 > run.out
|
||||||
|
checkFailure $?
|
||||||
|
|
||||||
|
echo "Sign a digest with the transient key- should fail"
|
||||||
|
-${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
+${PREFIX}sign -hk 80000001 -halg sha256 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
checkFailure $?
|
||||||
|
|
||||||
|
echo "Sign a digest with the persistent key"
|
||||||
|
-${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
+${PREFIX}sign -hk 81800000 -halg sha256 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Flush the persistent key"
|
||||||
|
@@ -86,11 +86,11 @@ ${PREFIX}evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Sign a digest with the persistent key - should fail"
|
||||||
|
-${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
+${PREFIX}sign -hk 81800000 -halg sha256 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
checkFailure $?
|
||||||
|
|
||||||
|
echo "Sign a digest with the transient key - should fail"
|
||||||
|
-${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
+${PREFIX}sign -hk 80000001 -halg sha256 -if policies/aaa -os sig.bin -pwdk sig > run.out
|
||||||
|
checkFailure $?
|
||||||
|
|
||||||
|
# ${PREFIX}getcapability -cap 1 -pr 80000000
|
||||||
|
diff --git a/utils/regtests/testnv.sh b/utils/regtests/testnv.sh
|
||||||
|
index b941f2e..39a9a18 100755
|
||||||
|
--- a/utils/regtests/testnv.sh
|
||||||
|
+++ b/utils/regtests/testnv.sh
|
||||||
|
@@ -56,7 +56,7 @@ checkSuccess $?
|
||||||
|
NALG=(${ITERATE_ALGS})
|
||||||
|
BADNALG=(${BAD_ITERATE_ALGS})
|
||||||
|
|
||||||
|
-for ((i = 0 ; i < 4; i++))
|
||||||
|
+for ((i = 0 ; i < ${ITERATE_ALGS_COUNT}; i++))
|
||||||
|
do
|
||||||
|
|
||||||
|
for SESS in "" "-se0 02000000 1"
|
||||||
|
@@ -212,10 +212,10 @@ checkSuccess $?
|
||||||
|
for SESS in "" "-se0 02000000 1"
|
||||||
|
do
|
||||||
|
|
||||||
|
- SZ=(20 32 48 64)
|
||||||
|
+ SZ=(${ITERATE_ALGS_SIZES})
|
||||||
|
HALG=(${ITERATE_ALGS})
|
||||||
|
|
||||||
|
- for ((i = 0 ; i < 4; i++))
|
||||||
|
+ for ((i = 0 ; i < ${ITERATE_ALGS_COUNT}; i++))
|
||||||
|
do
|
||||||
|
|
||||||
|
echo "NV Define Space ${HALG[$i]}"
|
||||||
|
diff --git a/utils/regtests/testpolicy.sh b/utils/regtests/testpolicy.sh
|
||||||
|
index e2e8bec..971e67f 100755
|
||||||
|
--- a/utils/regtests/testpolicy.sh
|
||||||
|
+++ b/utils/regtests/testpolicy.sh
|
||||||
|
@@ -752,17 +752,17 @@ echo "Policy PCR no select"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
# create AND term for policy PCR
|
||||||
|
-# > policymakerpcr -halg sha1 -bm 0 -v -pr -of policies/policypcr.txt
|
||||||
|
+# > policymakerpcr -halg sha256 -bm 0 -v -pr -of policies/policypcr.txt
|
||||||
|
# 0000017f00000001000403000000da39a3ee5e6b4b0d3255bfef95601890afd80709
|
||||||
|
|
||||||
|
# convert to binary policy
|
||||||
|
-# > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcrbm0.bin -pr -v
|
||||||
|
+# > policymaker -halg sha256 -if policies/policypcr.txt -of policies/policypcrbm0.bin -pr -v
|
||||||
|
|
||||||
|
# 6d 38 49 38 e1 d5 8b 56 71 92 55 94 3f 06 69 66
|
||||||
|
# b6 fa 2c 23
|
||||||
|
|
||||||
|
echo "Create a signing key with policy PCR no select"
|
||||||
|
-${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha1 -pol policies/policypcrbm0.bin > run.out
|
||||||
|
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha256 -pol policies/policypcrbm0.bin > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Load the signing key under the primary key"
|
||||||
|
@@ -770,11 +770,11 @@ ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Start a policy session"
|
||||||
|
-${PREFIX}startauthsession -halg sha1 -se p > run.out
|
||||||
|
+${PREFIX}startauthsession -halg sha256 -se p > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Policy PCR, update with the correct digest"
|
||||||
|
-${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 0 > run.out
|
||||||
|
+${PREFIX}policypcr -ha 03000000 -halg sha256 -bm 0 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Policy get digest - should be 6d 38 49 38 ... "
|
||||||
|
@@ -790,11 +790,11 @@ ${PREFIX}policyrestart -ha 03000000 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Policy PCR, update with the correct digest"
|
||||||
|
-${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 0 > run.out
|
||||||
|
+${PREFIX}policypcr -ha 03000000 -halg sha256 -bm 0 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "PCR extend PCR 0, updates pcr counter"
|
||||||
|
-${PREFIX}pcrextend -ha 0 -halg sha1 -if policies/aaa > run.out
|
||||||
|
+${PREFIX}pcrextend -ha 0 -halg sha256 -if policies/aaa > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Sign, should fail"
|
||||||
|
@@ -816,17 +816,17 @@ echo ""
|
||||||
|
# policypcr0.txt has 20 * 00
|
||||||
|
|
||||||
|
# create AND term for policy PCR
|
||||||
|
-# > policymakerpcr -halg sha1 -bm 010000 -if policies/policypcr0.txt -v -pr -of policies/policypcr.txt
|
||||||
|
+# > policymakerpcr -halg sha256 -bm 010000 -if policies/policypcr0.txt -v -pr -of policies/policypcr.txt
|
||||||
|
# 0000017f000000010004030000016768033e216468247bd031a0a2d9876d79818f8f
|
||||||
|
|
||||||
|
# convert to binary policy
|
||||||
|
-# > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcr.bin -pr -v
|
||||||
|
+# > policymaker -halg sha256 -if policies/policypcr.txt -of policies/policypcr.bin -pr -v
|
||||||
|
|
||||||
|
# 85 33 11 83 19 03 12 f5 e8 3c 60 43 34 6f 9f 37
|
||||||
|
# 21 04 76 8e
|
||||||
|
|
||||||
|
echo "Create a signing key with policy PCR PCR 16 zero"
|
||||||
|
-${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha1 -pol policies/policypcr.bin > run.out
|
||||||
|
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha256 -pol policies/policypcr.bin > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Load the signing key under the primary key"
|
||||||
|
@@ -838,11 +838,11 @@ ${PREFIX}pcrreset -ha 16 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Read PCR 16, should be 00 00 00 00 ..."
|
||||||
|
-${PREFIX}pcrread -ha 16 -halg sha1 > run.out
|
||||||
|
+${PREFIX}pcrread -ha 16 -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Start a policy session"
|
||||||
|
-${PREFIX}startauthsession -se p -halg sha1 > run.out
|
||||||
|
+${PREFIX}startauthsession -se p -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Sign, policy not satisfied - should fail"
|
||||||
|
@@ -850,7 +850,7 @@ ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
|
||||||
|
checkFailure $?
|
||||||
|
|
||||||
|
echo "Policy PCR, update with the correct digest"
|
||||||
|
-${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out
|
||||||
|
+${PREFIX}policypcr -ha 03000000 -halg sha256 -bm 10000 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Policy get digest - should be 85 33 11 83 ..."
|
||||||
|
@@ -862,19 +862,19 @@ ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "PCR extend PCR 16"
|
||||||
|
-${PREFIX}pcrextend -ha 16 -halg sha1 -if policies/aaa > run.out
|
||||||
|
+${PREFIX}pcrextend -ha 16 -halg sha256 -if policies/aaa > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Read PCR 0, should be 1d 47 f6 8a ..."
|
||||||
|
-${PREFIX}pcrread -ha 16 -halg sha1 > run.out
|
||||||
|
+${PREFIX}pcrread -ha 16 -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Start a policy session"
|
||||||
|
-${PREFIX}startauthsession -se p -halg sha1 > run.out
|
||||||
|
+${PREFIX}startauthsession -se p -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Policy PCR, update with the wrong digest"
|
||||||
|
-${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out
|
||||||
|
+${PREFIX}policypcr -ha 03000000 -halg sha256 -bm 10000 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Policy get digest - should be 66 dd e5 e3"
|
||||||
|
@@ -903,21 +903,21 @@ checkSuccess $?
|
||||||
|
#
|
||||||
|
# policynvargs.txt (binary)
|
||||||
|
# args = hash of 0000 0000 0000 0000 | 0000 | 0000 (eight bytes of zero | offset | op ==)
|
||||||
|
-# hash -hi n -halg sha1 -if policies/policynvargs.txt -v
|
||||||
|
-# openssl dgst -sha1 policies/policynvargs.txt
|
||||||
|
+# hash -hi n -halg sha256 -if policies/policynvargs.txt -v
|
||||||
|
+# openssl dgst -sha256 policies/policynvargs.txt
|
||||||
|
# 2c513f149e737ec4063fc1d37aee9beabc4b4bbf
|
||||||
|
#
|
||||||
|
# NV authorizing index
|
||||||
|
#
|
||||||
|
# after defining index and NV write to set written, use
|
||||||
|
-# ${PREFIX}nvreadpublic -ha 01000000 -nalg sha1
|
||||||
|
+# ${PREFIX}nvreadpublic -ha 01000000 -nalg sha256
|
||||||
|
# to get name
|
||||||
|
# 00042234b8df7cdf8605ee0a2088ac7dfe34c6566c5c
|
||||||
|
#
|
||||||
|
# append Name to policynvnv.txt
|
||||||
|
#
|
||||||
|
# convert to binary policy
|
||||||
|
-# > policymaker -halg sha1 -if policies/policynvnv.txt -of policies/policynvnv.bin -pr -v
|
||||||
|
+# > policymaker -halg sha256 -if policies/policynvnv.txt -of policies/policynvnv.bin -pr -v
|
||||||
|
# bc 9b 4c 4f 7b 00 66 19 5b 1d d9 9c 92 7e ad 57 e7 1c 2a fc
|
||||||
|
#
|
||||||
|
# file zero8.bin has 8 bytes of hex zero
|
||||||
|
@@ -927,11 +927,11 @@ echo "Policy NV, NV index authorizing"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
echo "Define a setbits index, authorizing index"
|
||||||
|
-${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -ty b > run.out
|
||||||
|
+${PREFIX}nvdefinespace -hi p -nalg sha256 -ha 01000000 -pwdn nnn -ty b > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "NV Read public, get Name, not written"
|
||||||
|
-${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out
|
||||||
|
+${PREFIX}nvreadpublic -ha 01000000 -nalg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "NV setbits to set written"
|
||||||
|
@@ -939,7 +939,7 @@ ${PREFIX}nvsetbits -ha 01000000 -pwdn nnn > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "NV Read public, get Name, written"
|
||||||
|
-${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out
|
||||||
|
+${PREFIX}nvreadpublic -ha 01000000 -nalg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "NV Read, should be zero"
|
||||||
|
@@ -947,11 +947,11 @@ ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Define an ordinary index, authorized index, policyNV"
|
||||||
|
-${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000001 -pwdn nnn -sz 2 -ty o -pol policies/policynvnv.bin > run.out
|
||||||
|
+${PREFIX}nvdefinespace -hi p -nalg sha256 -ha 01000001 -pwdn nnn -sz 2 -ty o -pol policies/policynvnv.bin > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "NV Read public, get Name, not written"
|
||||||
|
-${PREFIX}nvreadpublic -ha 01000001 -nalg sha1 > run.out
|
||||||
|
+${PREFIX}nvreadpublic -ha 01000001 -nalg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "NV write to set written"
|
||||||
|
@@ -959,7 +959,7 @@ ${PREFIX}nvwrite -ha 01000001 -pwdn nnn -ic aa > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Start policy session"
|
||||||
|
-${PREFIX}startauthsession -se p -halg sha1 > run.out
|
||||||
|
+${PREFIX}startauthsession -se p -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "NV write, policy not satisfied - should fail"
|
||||||
|
@@ -1015,15 +1015,15 @@ echo "Policy NV Written"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
echo "Define an ordinary index, authorized index, policyNV"
|
||||||
|
-${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -sz 2 -ty o -pol policies/policywrittenset.bin > run.out
|
||||||
|
+${PREFIX}nvdefinespace -hi p -nalg sha256 -ha 01000000 -pwdn nnn -sz 2 -ty o -pol policies/policywrittenset.bin > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "NV Read public, get Name, not written"
|
||||||
|
-${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out
|
||||||
|
+${PREFIX}nvreadpublic -ha 01000000 -nalg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Start policy session"
|
||||||
|
-${PREFIX}startauthsession -se p -halg sha1 > run.out
|
||||||
|
+${PREFIX}startauthsession -se p -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "NV write, policy not satisfied - should fail"
|
||||||
|
@@ -1043,7 +1043,7 @@ ${PREFIX}flushcontext -ha 03000000 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Start policy session"
|
||||||
|
-${PREFIX}startauthsession -se p -halg sha1 > run.out
|
||||||
|
+${PREFIX}startauthsession -se p -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Policy NV Written yes, satisfy policy"
|
||||||
|
@@ -1063,7 +1063,7 @@ ${PREFIX}nvwrite -ha 01000000 -ic aa -pwdn nnn > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Start policy session"
|
||||||
|
-${PREFIX}startauthsession -se p -halg sha1 > run.out
|
||||||
|
+${PREFIX}startauthsession -se p -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Policy NV Written yes, satisfy policy"
|
||||||
|
@@ -1079,7 +1079,7 @@ ${PREFIX}flushcontext -ha 03000000 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Start policy session"
|
||||||
|
-${PREFIX}startauthsession -se p -halg sha1 > run.out
|
||||||
|
+${PREFIX}startauthsession -se p -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Policy NV Written no"
|
||||||
|
@@ -1326,12 +1326,12 @@ checkSuccess $?
|
||||||
|
|
||||||
|
# test using clockrateadjust
|
||||||
|
# policycphashhash.txt is (hex) 00000130 4000000c 000
|
||||||
|
-# hash -if policycphashhash.txt -oh policycphashhash.bin -halg sha1 -v
|
||||||
|
-# openssl dgst -sha1 policycphashhash.txt
|
||||||
|
+# hash -if policycphashhash.txt -oh policycphashhash.bin -halg sha256 -v
|
||||||
|
+# openssl dgst -sha256 policycphashhash.txt
|
||||||
|
# cpHash is
|
||||||
|
# b5f919bbc01f0ebad02010169a67a8c158ec12f3
|
||||||
|
# append to policycphash.txt 00000163 + cpHash
|
||||||
|
-# policymaker -halg sha1 -if policies/policycphash.txt -of policies/policycphash.bin -pr
|
||||||
|
+# policymaker -halg sha256 -if policies/policycphash.txt -of policies/policycphash.bin -pr
|
||||||
|
# 06 e4 6c f9 f3 c7 0f 30 10 18 7c a6 72 69 b0 84 b4 52 11 6f
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
@@ -1339,7 +1339,7 @@ echo "Policy cpHash"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
echo "Set the platform policy to policy cpHash"
|
||||||
|
-${PREFIX}setprimarypolicy -hi p -pol policies/policycphash.bin -halg sha1 > run.out
|
||||||
|
+${PREFIX}setprimarypolicy -hi p -pol policies/policycphash.bin -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Clockrate adjust using wrong password - should fail"
|
||||||
|
@@ -1347,7 +1347,7 @@ ${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 > run.out
|
||||||
|
checkFailure $?
|
||||||
|
|
||||||
|
echo "Start policy session"
|
||||||
|
-${PREFIX}startauthsession -se p -halg sha1 > run.out
|
||||||
|
+${PREFIX}startauthsession -se p -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Clockrate adjust, policy not satisfied - should fail"
|
||||||
|
@@ -1690,7 +1690,7 @@ echo "Policy Counter Timer"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
echo "Set the platform policy to policy "
|
||||||
|
-${PREFIX}setprimarypolicy -hi p -pol policies/policycountertimer.bin -halg sha1 > run.out
|
||||||
|
+${PREFIX}setprimarypolicy -hi p -pol policies/policycountertimer.bin -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Clockrate adjust using wrong password - should fail"
|
||||||
|
@@ -1698,7 +1698,7 @@ ${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 > run.out
|
||||||
|
checkFailure $?
|
||||||
|
|
||||||
|
echo "Start policy session"
|
||||||
|
-${PREFIX}startauthsession -se p -halg sha1 > run.out
|
||||||
|
+${PREFIX}startauthsession -se p -halg sha256 > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Clockrate adjust, policy not satisfied - should fail"
|
||||||
|
diff --git a/utils/regtests/testrsa.sh b/utils/regtests/testrsa.sh
|
||||||
|
index 4f76522..6e25398 100755
|
||||||
|
--- a/utils/regtests/testrsa.sh
|
||||||
|
+++ b/utils/regtests/testrsa.sh
|
||||||
|
@@ -131,10 +131,10 @@ do
|
||||||
|
${PREFIX}load -hp 80000000 -ipu derrsa${BITS}pub.bin -ipr derrsa${BITS}priv.bin -pwdp sto > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
+ HSIZ=(${ITERATE_ALGS_SIZES})
|
||||||
|
HALG=(${ITERATE_ALGS})
|
||||||
|
- HSIZ=("20" "32" "48" "64")
|
||||||
|
|
||||||
|
- for ((i = 0 ; i < 4 ; i++))
|
||||||
|
+ for ((i = 0 ; i < ${ITERATE_ALGS_COUNT} ; i++))
|
||||||
|
do
|
||||||
|
|
||||||
|
echo "Decrypt/Sign with a caller specified OID - ${HALG[i]}"
|
||||||
|
@@ -298,7 +298,7 @@ echo "Encrypt with OpenSSL OAEP, decrypt with TPM"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
echo "Create OAEP encryption key"
|
||||||
|
-${PREFIX}create -hp 80000000 -pwdp sto -deo -kt f -kt p -halg sha1 -opr tmpprivkey.bin -opu tmppubkey.bin -opem tmppubkey.pem > run.out
|
||||||
|
+${PREFIX}create -hp 80000000 -pwdp sto -deo -kt f -kt p -halg sha256 -opr tmpprivkey.bin -opu tmppubkey.bin -opem tmppubkey.pem > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Load encryption key at 80000001"
|
||||||
|
@@ -306,7 +306,7 @@ ${PREFIX}load -hp 80000000 -pwdp sto -ipr tmpprivkey.bin -ipu tmppubkey.bin > r
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Encrypt using OpenSSL and the PEM public key"
|
||||||
|
-openssl rsautl -oaep -encrypt -inkey tmppubkey.pem -pubin -in policies/aaa -out enc.bin > run.out 2>&1
|
||||||
|
+openssl pkeyutl -encrypt -inkey tmppubkey.pem -pubin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -in policies/aaa -out enc.bin > run.out 2>&1
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Decrypt using TPM key at 80000001"
|
||||||
|
diff --git a/utils/regtests/testsign.sh b/utils/regtests/testsign.sh
|
||||||
|
index edfa014..8a99bbf 100755
|
||||||
|
--- a/utils/regtests/testsign.sh
|
||||||
|
+++ b/utils/regtests/testsign.sh
|
||||||
|
@@ -302,14 +302,14 @@ echo ""
|
||||||
|
# > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin
|
||||||
|
|
||||||
|
echo "Load external just the public part of PEM RSA"
|
||||||
|
-${PREFIX}loadexternal -halg sha1 -nalg sha1 -ipem policies/rsapubkey.pem > run.out
|
||||||
|
+${PREFIX}loadexternal -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Sign a test message with openssl RSA"
|
||||||
|
-openssl dgst -sha1 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin > run.out 2>&1
|
||||||
|
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin > run.out 2>&1
|
||||||
|
|
||||||
|
echo "Verify the RSA signature"
|
||||||
|
-${PREFIX}verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw > run.out
|
||||||
|
+${PREFIX}verifysignature -hk 80000001 -halg sha256 -if msg.bin -is pssig.bin -raw > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Flush the signing key"
|
||||||
|
@@ -328,14 +328,14 @@ for CURVE in p256 p384
|
||||||
|
do
|
||||||
|
|
||||||
|
echo "Load external just the public part of PEM ECC ${CURVE}"
|
||||||
|
- ${PREFIX}loadexternal -halg sha1 -nalg sha1 -ipem policies/${CURVE}pubkey.pem -ecc > run.out
|
||||||
|
+ ${PREFIX}loadexternal -halg sha256 -nalg sha256 -ipem policies/${CURVE}pubkey.pem -ecc > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Sign a test message with openssl ECC ${CURVE}"
|
||||||
|
- openssl dgst -sha1 -sign policies/${CURVE}privkey.pem -out pssig.bin msg.bin > run.out 2>&1
|
||||||
|
+ openssl dgst -sha256 -sign policies/${CURVE}privkey.pem -out pssig.bin msg.bin > run.out 2>&1
|
||||||
|
|
||||||
|
echo "Verify the ECC signature ${CURVE}"
|
||||||
|
- ${PREFIX}verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw -ecc > run.out
|
||||||
|
+ ${PREFIX}verifysignature -hk 80000001 -halg sha256 -if msg.bin -is pssig.bin -raw -ecc > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "Flush the ECC ${CURVE} signing key"
|
||||||
|
--
|
||||||
|
2.34.3
|
||||||
|
|
@ -0,0 +1,54 @@
|
|||||||
|
From 87120cf7fedcfc063ba5cd28ae4571909209a547 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ken Goldman <kgoldman@us.ibm.com>
|
||||||
|
Date: Mon, 23 Aug 2021 17:30:56 -0400
|
||||||
|
Subject: [PATCH 2/7] utils: Remove unused variables from certifyx509
|
||||||
|
|
||||||
|
notBefore and notAfter are set driectly in the partialCertificate
|
||||||
|
structure, and that is used to directly set the x509 structure.
|
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgoldman@us.ibm.com>
|
||||||
|
---
|
||||||
|
utils/certifyx509.c | 6 +-----
|
||||||
|
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/utils/certifyx509.c b/utils/certifyx509.c
|
||||||
|
index ed42ac0..44640aa 100644
|
||||||
|
--- a/utils/certifyx509.c
|
||||||
|
+++ b/utils/certifyx509.c
|
||||||
|
@@ -204,6 +204,7 @@ int main(int argc, char *argv[])
|
||||||
|
setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */
|
||||||
|
TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
|
||||||
|
|
||||||
|
+ curveID = curveID; /* no longer used, get from parent */
|
||||||
|
/* command line argument defaults */
|
||||||
|
for (i=1 ; (i<argc) && (rc == 0) ; i++) {
|
||||||
|
if (strcmp(argv[i],"-ho") == 0) {
|
||||||
|
@@ -686,8 +687,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
|
||||||
|
X509_NAME *x509SubjectName = NULL;/* composite subject name, key/value pairs */
|
||||||
|
size_t issuerEntriesSize = sizeof(issuerEntries)/sizeof(char *);
|
||||||
|
size_t subjectEntriesSize = sizeof(subjectEntries)/sizeof(char *);
|
||||||
|
- ASN1_TIME *notBefore = NULL;
|
||||||
|
- ASN1_TIME *notAfter = NULL;
|
||||||
|
uint8_t *tmpPartialDer = NULL; /* for the i2d */
|
||||||
|
|
||||||
|
/* add issuer */
|
||||||
|
@@ -717,8 +716,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
- /* can't fail, just returns a structure member */
|
||||||
|
- notBefore = X509_get_notBefore(x509Certificate);
|
||||||
|
irc = X509_set1_notBefore(x509Certificate, partialCertificate->validity->notBefore);
|
||||||
|
if (irc == 0) {
|
||||||
|
printf("createPartialCertificate: Error setting notBefore time\n");
|
||||||
|
@@ -737,7 +734,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (rc == 0) {
|
||||||
|
- notAfter = X509_get_notAfter(x509Certificate);
|
||||||
|
irc = X509_set1_notAfter(x509Certificate,partialCertificate->validity->notAfter);
|
||||||
|
if (irc == 0) {
|
||||||
|
printf("createPartialCertificate: Error setting notAfter time\n");
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
99
SOURCES/0003-Update-certifyx509-for-Windows.patch
Normal file
99
SOURCES/0003-Update-certifyx509-for-Windows.patch
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
From 1c462889a517d6dbab721aa3e0597878e9c237d5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
Date: Wed, 25 Aug 2021 18:02:11 -0400
|
||||||
|
Subject: [PATCH 3/7] : Update certifyx509 for Windows
|
||||||
|
|
||||||
|
Add static_ to the ASN1_SEQUENCE_END macros to suppress a gcc warning.
|
||||||
|
Change free to OPENSSL_free, required with i2d when OpenSSL is a dll.
|
||||||
|
|
||||||
|
Remove the tmpx509i file handling from the .bat file since certifyx509
|
||||||
|
no longer outputs it.
|
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
---
|
||||||
|
utils/certifyx509.c | 10 +++++-----
|
||||||
|
utils/regtests/testx509.bat | 5 -----
|
||||||
|
2 files changed, 5 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/utils/certifyx509.c b/utils/certifyx509.c
|
||||||
|
index 44640aa..5602f62 100644
|
||||||
|
--- a/utils/certifyx509.c
|
||||||
|
+++ b/utils/certifyx509.c
|
||||||
|
@@ -94,7 +94,7 @@ typedef struct {
|
||||||
|
ASN1_SEQUENCE(TPM_PARTIAL_CERT_VALIDITY) = {
|
||||||
|
ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notBefore, ASN1_TIME),
|
||||||
|
ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notAfter, ASN1_TIME),
|
||||||
|
-} ASN1_SEQUENCE_END(TPM_PARTIAL_CERT_VALIDITY)
|
||||||
|
+} static_ASN1_SEQUENCE_END(TPM_PARTIAL_CERT_VALIDITY)
|
||||||
|
|
||||||
|
/* the signature algorithm is optional while the extension list is mandatory */
|
||||||
|
ASN1_SEQUENCE(TPM_PARTIAL_CERT) = {
|
||||||
|
@@ -103,7 +103,7 @@ ASN1_SEQUENCE(TPM_PARTIAL_CERT) = {
|
||||||
|
ASN1_SIMPLE(TPM_PARTIAL_CERT, validity, TPM_PARTIAL_CERT_VALIDITY),
|
||||||
|
ASN1_SIMPLE(TPM_PARTIAL_CERT, subject, X509_NAME),
|
||||||
|
ASN1_EXP_SEQUENCE_OF(TPM_PARTIAL_CERT, extensions, X509_EXTENSION, 3),
|
||||||
|
-} ASN1_SEQUENCE_END(TPM_PARTIAL_CERT)
|
||||||
|
+} static_ASN1_SEQUENCE_END(TPM_PARTIAL_CERT)
|
||||||
|
|
||||||
|
DECLARE_ASN1_FUNCTIONS(TPM_PARTIAL_CERT)
|
||||||
|
IMPLEMENT_ASN1_FUNCTIONS(TPM_PARTIAL_CERT)
|
||||||
|
@@ -122,7 +122,7 @@ ASN1_SEQUENCE(TPM_ADDTOCERT) = {
|
||||||
|
ASN1_SIMPLE(TPM_ADDTOCERT, serialNumber, ASN1_INTEGER),
|
||||||
|
ASN1_SIMPLE(TPM_ADDTOCERT, signatureAlgorithm, X509_ALGOR),
|
||||||
|
ASN1_SIMPLE(TPM_ADDTOCERT, key, X509_PUBKEY),
|
||||||
|
-} ASN1_SEQUENCE_END(TPM_ADDTOCERT)
|
||||||
|
+} static_ASN1_SEQUENCE_END(TPM_ADDTOCERT)
|
||||||
|
|
||||||
|
DECLARE_ASN1_FUNCTIONS(TPM_ADDTOCERT)
|
||||||
|
IMPLEMENT_ASN1_FUNCTIONS(TPM_ADDTOCERT)
|
||||||
|
@@ -629,7 +629,7 @@ int main(int argc, char *argv[])
|
||||||
|
X509_free(x509Certificate); /* @1 */
|
||||||
|
}
|
||||||
|
free(x509Der); /* @2 */
|
||||||
|
- free(addToCert); /* @3 */
|
||||||
|
+ OPENSSL_free(addToCert); /* @3 */
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -808,7 +808,7 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
|
||||||
|
#endif
|
||||||
|
X509_NAME_free(x509IssuerName); /* @1 */
|
||||||
|
X509_NAME_free(x509SubjectName); /* @2 */
|
||||||
|
- free(tmpPartialDer); /* @3 */
|
||||||
|
+ OPENSSL_free(tmpPartialDer); /* @3 */
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/utils/regtests/testx509.bat b/utils/regtests/testx509.bat
|
||||||
|
index 0951ad6..17b69f6 100644
|
||||||
|
--- a/utils/regtests/testx509.bat
|
||||||
|
+++ b/utils/regtests/testx509.bat
|
||||||
|
@@ -80,8 +80,6 @@ for /L %%i in (1,1,!L!) do (
|
||||||
|
exit /B 1
|
||||||
|
)
|
||||||
|
|
||||||
|
- rem # dumpasn1 -a -l -d tmpx509i.bin > tmpx509i1.dump
|
||||||
|
- rem # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i1.dumphh
|
||||||
|
rem # dumpasn1 -a -l -d tmppart1.bin > tmppart1.dump
|
||||||
|
rem # dumpasn1 -a -l -d -hh tmppart1.bin > tmppart1.dumphh
|
||||||
|
rem # dumpasn1 -a -l -d tmpadd1.bin > tmpadd1.dump
|
||||||
|
@@ -102,8 +100,6 @@ for /L %%i in (1,1,!L!) do (
|
||||||
|
exit /B 1
|
||||||
|
)
|
||||||
|
|
||||||
|
-rem # dumpasn1 -a -l -d tmpx509i.bin > tmpx509i2.dump
|
||||||
|
-rem # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i2.dumphh
|
||||||
|
rem # dumpasn1 -a -l -d tmppart2.bin > tmppart2.dump
|
||||||
|
rem # dumpasn1 -a -l -d -hh tmppart2.bin > tmppart2.dumphhe
|
||||||
|
rem # dumpasn1 -a -l -d tmpadd2.bin > tmpadd2.dump
|
||||||
|
@@ -446,7 +442,6 @@ rm tmpsig1.bin
|
||||||
|
rm tmpx5091.bin
|
||||||
|
rm tmpx5091.pem
|
||||||
|
rm tmpx5092.pem
|
||||||
|
-rm tmpx509i.bin
|
||||||
|
rm tmppart2.bin
|
||||||
|
rm tmpadd2.bin
|
||||||
|
rm tmptbs2.bin
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
907
SOURCES/0003-tss-Restrict-usage-of-SHA-1.patch
Normal file
907
SOURCES/0003-tss-Restrict-usage-of-SHA-1.patch
Normal file
@ -0,0 +1,907 @@
|
|||||||
|
From 163843248ce6bb85fa5a3527f93610328877a1cf Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?=
|
||||||
|
<shoracek@redhat.com>
|
||||||
|
Date: Sat, 30 Apr 2022 22:15:43 +0200
|
||||||
|
Subject: [PATCH 3/4] tss: Restrict usage of SHA-1
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Due to SHA-1 not being considered secure, it should be not used for
|
||||||
|
cryptographical purposes. This commit disables the usage of SHA-1 in
|
||||||
|
cases where it is used in potentially exploitable situations, most
|
||||||
|
notably for creating signatures.
|
||||||
|
|
||||||
|
- Compared to the next branch commit af3154e2, changes related to
|
||||||
|
unimplemented ECC functionality are ommited.
|
||||||
|
|
||||||
|
Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
---
|
||||||
|
configure.ac | 24 +-
|
||||||
|
utils/Makefile.am | 16 +-
|
||||||
|
utils/cryptoutils.c | 4 +
|
||||||
|
utils/reg.sh | 20 +-
|
||||||
|
utils/regtests/testattest.sh | 3 +-
|
||||||
|
utils/regtests/testevent.sh | 2 +-
|
||||||
|
utils/tss20.c | 638 ++++++++++++++++++++++++++++-------
|
||||||
|
utils/tsscryptoh.c | 9 +-
|
||||||
|
8 files changed, 582 insertions(+), 134 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index ad870b1..c570cb0 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -123,6 +123,11 @@ AC_ARG_ENABLE(rmtpm,
|
||||||
|
AM_CONDITIONAL([CONFIG_RMTPM], [test "x$enable_rmtpm" = "xyes"])
|
||||||
|
AS_IF([test "$enable_rmtpm" != "yes"], [enable_rmtpm="no"])
|
||||||
|
|
||||||
|
+AC_ARG_ENABLE(nodeprecatedalgs,
|
||||||
|
+ AS_HELP_STRING([--enable-nodeprecatedalgs], [Restrict usage of SHA-1]))
|
||||||
|
+ AM_CONDITIONAL([CONFIG_TSS_NODEPRECATEDALGS], [test "x$enable_nodeprecatedalgs" = "xyes"])
|
||||||
|
+ AS_IF([test "$enable_nodeprecatedalgs" != "yes"], [enable_nodeprecatedalgs="no"])
|
||||||
|
+
|
||||||
|
AC_CONFIG_FILES([Makefile
|
||||||
|
utils/Makefile
|
||||||
|
utils12/Makefile
|
||||||
|
@@ -131,12 +136,13 @@ AC_OUTPUT
|
||||||
|
|
||||||
|
# Give some feedback
|
||||||
|
echo "Configuration:"
|
||||||
|
-echo " CFLAGS: $CFLAGS"
|
||||||
|
-echo " tpm12: $tpm12"
|
||||||
|
-echo " tpm20: $tpm20"
|
||||||
|
-echo " hwtpm: $enable_hwtpm"
|
||||||
|
-echo " rmtpm: $enable_rmtpm"
|
||||||
|
-echo " nofile: $enable_nofile"
|
||||||
|
-echo " noprint: $enable_noprint"
|
||||||
|
-echo " nocrypto: $enable_nocrypto"
|
||||||
|
-echo " noecc: $enable_noecc"
|
||||||
|
+echo " CFLAGS: $CFLAGS"
|
||||||
|
+echo " tpm12: $tpm12"
|
||||||
|
+echo " tpm20: $tpm20"
|
||||||
|
+echo " hwtpm: $enable_hwtpm"
|
||||||
|
+echo " rmtpm: $enable_rmtpm"
|
||||||
|
+echo " nofile: $enable_nofile"
|
||||||
|
+echo " noprint: $enable_noprint"
|
||||||
|
+echo " nocrypto: $enable_nocrypto"
|
||||||
|
+echo " noecc: $enable_noecc"
|
||||||
|
+echo " nodeprecatedalgs: $enable_nodeprecatedalgs"
|
||||||
|
diff --git a/utils/Makefile.am b/utils/Makefile.am
|
||||||
|
index d3af94e..53c53d9 100755
|
||||||
|
--- a/utils/Makefile.am
|
||||||
|
+++ b/utils/Makefile.am
|
||||||
|
@@ -60,6 +60,10 @@ if CONFIG_TSS_NOECC
|
||||||
|
libibmtss_la_CFLAGS += -DTPM_TSS_NOECC
|
||||||
|
endif
|
||||||
|
|
||||||
|
+if CONFIG_TSS_NODEPRECATEDALGS
|
||||||
|
+libibmtss_la_CFLAGS += -DTPM_TSS_NODEPRECATEDALGS
|
||||||
|
+endif
|
||||||
|
+
|
||||||
|
libibmtss_la_CCFLAGS = -Wall -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wformat=2 -Wold-style-definition -Wno-self-assign -ggdb
|
||||||
|
libibmtss_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@
|
||||||
|
|
||||||
|
@@ -78,6 +82,10 @@ if CONFIG_TSS_NOECC
|
||||||
|
libibmtssutils_la_CFLAGS += -DTPM_TSS_NOECC
|
||||||
|
endif
|
||||||
|
|
||||||
|
+if CONFIG_TSS_NODEPRECATEDALGS
|
||||||
|
+libibmtssutils_la_CFLAGS += -DTPM_TSS_NODEPRECATEDALGS
|
||||||
|
+endif
|
||||||
|
+
|
||||||
|
#current[:revision[:age]]
|
||||||
|
#result: [current-age].age.revision
|
||||||
|
libibmtssutils_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@
|
||||||
|
@@ -115,8 +123,14 @@ bin_PROGRAMS = activatecredential eventextend imaextend certify certifycreation
|
||||||
|
verifysignature zgen2phase signapp writeapp timepacket createek createekcert tpm2pem tpmpublic2eccpoint \
|
||||||
|
ntc2getconfig ntc2preconfig ntc2lockconfig publicname tpmcmd printattr
|
||||||
|
|
||||||
|
+UTILS_CFLAGS =
|
||||||
|
+
|
||||||
|
if CONFIG_TSS_NOECC
|
||||||
|
-UTILS_CFLAGS = -DTPM_TSS_NOECC
|
||||||
|
+UTILS_CFLAGS += -DTPM_TSS_NOECC
|
||||||
|
+endif
|
||||||
|
+
|
||||||
|
+if CONFIG_TSS_NODEPRECATEDALGS
|
||||||
|
+UTILS_CFLAGS += -DTPM_TSS_NODEPRECATEDALGS
|
||||||
|
endif
|
||||||
|
|
||||||
|
activatecredential_SOURCES = activatecredential.c
|
||||||
|
diff --git a/utils/cryptoutils.c b/utils/cryptoutils.c
|
||||||
|
index 7c4e931..9ac77a1 100644
|
||||||
|
--- a/utils/cryptoutils.c
|
||||||
|
+++ b/utils/cryptoutils.c
|
||||||
|
@@ -1834,9 +1834,11 @@ TPM_RC signRSAFromRSA(uint8_t *signature, size_t *signatureLength,
|
||||||
|
/* map the hash algorithm to the openssl NID */
|
||||||
|
if (rc == 0) {
|
||||||
|
switch (hashAlg) {
|
||||||
|
+#ifndef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
case TPM_ALG_SHA1:
|
||||||
|
nid = NID_sha1;
|
||||||
|
break;
|
||||||
|
+#endif
|
||||||
|
case TPM_ALG_SHA256:
|
||||||
|
nid = NID_sha256;
|
||||||
|
break;
|
||||||
|
@@ -1896,10 +1898,12 @@ TPM_RC verifyRSASignatureFromRSA(unsigned char *message,
|
||||||
|
/* map from hash algorithm to openssl nid */
|
||||||
|
if (rc == 0) {
|
||||||
|
switch (halg) {
|
||||||
|
+#ifndef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
case TPM_ALG_SHA1:
|
||||||
|
nid = NID_sha1;
|
||||||
|
md = EVP_sha1();
|
||||||
|
break;
|
||||||
|
+#endif
|
||||||
|
case TPM_ALG_SHA256:
|
||||||
|
nid = NID_sha256;
|
||||||
|
md = EVP_sha256();
|
||||||
|
diff --git a/utils/reg.sh b/utils/reg.sh
|
||||||
|
index 2d9d100..02d7d5f 100755
|
||||||
|
--- a/utils/reg.sh
|
||||||
|
+++ b/utils/reg.sh
|
||||||
|
@@ -69,12 +69,20 @@ PREFIX=./
|
||||||
|
|
||||||
|
#PREFIX="valgrind ./"
|
||||||
|
|
||||||
|
-# hash algorithms to be used for testing
|
||||||
|
-
|
||||||
|
-export ITERATE_ALGS="sha1 sha256 sha384 sha512"
|
||||||
|
-export ITERATE_ALGS_SIZES="20 32 48 64"
|
||||||
|
-export ITERATE_ALGS_COUNT=4
|
||||||
|
-export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1"
|
||||||
|
+# Hash algorithms to be used for testing. Uncomment or set shell env variable to restrict.
|
||||||
|
+# export TPM_TSS_NODEPRECATEDALGS=1
|
||||||
|
+if [ "${TPM_TSS_NODEPRECATEDALGS}" ]; then
|
||||||
|
+ export ITERATE_ALGS="sha256 sha384 sha512"
|
||||||
|
+ export ITERATE_ALGS_SIZES="32 48 64"
|
||||||
|
+ export ITERATE_ALGS_COUNT=3
|
||||||
|
+ export BAD_ITERATE_ALGS="sha384 sha512 sha256"
|
||||||
|
+else
|
||||||
|
+ export ITERATE_ALGS="sha1 sha256 sha384 sha512"
|
||||||
|
+ export ITERATE_ALGS_SIZES="20 32 48 64"
|
||||||
|
+ export ITERATE_ALGS_COUNT=4
|
||||||
|
+ export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1"
|
||||||
|
+fi
|
||||||
|
+export ITERATE_ALGS_WITH_SHA1="sha1 sha256 sha384 sha512"
|
||||||
|
|
||||||
|
printUsage ()
|
||||||
|
{
|
||||||
|
diff --git a/utils/regtests/testattest.sh b/utils/regtests/testattest.sh
|
||||||
|
index 2dacf88..4766554 100755
|
||||||
|
--- a/utils/regtests/testattest.sh
|
||||||
|
+++ b/utils/regtests/testattest.sh
|
||||||
|
@@ -381,9 +381,8 @@ echo ""
|
||||||
|
|
||||||
|
for HALG in ${ITERATE_ALGS}
|
||||||
|
do
|
||||||
|
-
|
||||||
|
echo "Start an audit session ${HALG}"
|
||||||
|
- ${PREFIX}startauthsession -se h -halg ${HALG} > run.out
|
||||||
|
+ ${PREFIX}startauthsession -se h -halg ${HALG} > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "PCR 16 reset"
|
||||||
|
diff --git a/utils/regtests/testevent.sh b/utils/regtests/testevent.sh
|
||||||
|
index 6336920..57a96d2 100755
|
||||||
|
--- a/utils/regtests/testevent.sh
|
||||||
|
+++ b/utils/regtests/testevent.sh
|
||||||
|
@@ -62,7 +62,7 @@ echo ""
|
||||||
|
|
||||||
|
for TYPE in "1" "2"
|
||||||
|
do
|
||||||
|
- for HALG in ${ITERATE_ALGS}
|
||||||
|
+ for HALG in ${ITERATE_ALGS_WITH_SHA1}
|
||||||
|
do
|
||||||
|
|
||||||
|
echo "Power cycle to reset IMA PCR"
|
||||||
|
diff --git a/utils/tss20.c b/utils/tss20.c
|
||||||
|
index c778069..6b1e79b 100644
|
||||||
|
--- a/utils/tss20.c
|
||||||
|
+++ b/utils/tss20.c
|
||||||
|
@@ -112,6 +112,7 @@ struct TSS_HMAC_CONTEXT {
|
||||||
|
|
||||||
|
/* functions for command pre- and post- processing */
|
||||||
|
|
||||||
|
+typedef TPM_RC (*TSS_CheckParametersFunction_t)(COMMAND_PARAMETERS *in);
|
||||||
|
typedef TPM_RC (*TSS_PreProcessFunction_t)(TSS_CONTEXT *tssContext,
|
||||||
|
COMMAND_PARAMETERS *in,
|
||||||
|
EXTRA_PARAMETERS *extra);
|
||||||
|
@@ -238,11 +239,378 @@ static TPM_RC TSS_PO_NV_ReadLock(TSS_CONTEXT *tssContext,
|
||||||
|
void *out,
|
||||||
|
void *extra);
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ Functions to check for usage of deprecated algorithms.
|
||||||
|
+*/
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CheckSha1_PublicArea(TPMT_PUBLIC *publicArea)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (publicArea->nameAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (((publicArea->type == TPM_ALG_RSA) || (publicArea->type == TPM_ALG_ECC)) &&
|
||||||
|
+ (publicArea->parameters.asymDetail.scheme.scheme != TPM_ALG_NULL) &&
|
||||||
|
+ (publicArea->parameters.asymDetail.scheme.details.anySig.hashAlg == TPM_ALG_SHA1)) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CheckSha1_SigScheme(TPMT_SIG_SCHEME *sigScheme)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (sigScheme->details.any.hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_StartAuthSession(StartAuthSession_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->authHash == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Create(Create_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Load(Load_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_LoadExternal(LoadExternal_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_CreateLoaded(CreateLoaded_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+ uint32_t size = sizeof(in->inPublic.t.buffer);
|
||||||
|
+ uint8_t *buffer = in->inPublic.t.buffer;
|
||||||
|
+ TPMT_PUBLIC publicArea;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_TPMT_PUBLIC_Unmarshalu(&publicArea, &buffer, &size, TRUE);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Import(Import_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&in->objectPublic.publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_RSA_Encrypt(RSA_Encrypt_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->inScheme.details.anySig.hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_RSA_Decrypt(RSA_Decrypt_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->inScheme.details.anySig.hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Hash(Hash_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_HMAC(HMAC_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_HMAC_Start(HMAC_Start_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_HashSequenceStart(HashSequenceStart_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Certify(Certify_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_CertifyX509(CertifyX509_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_CertifyCreation(CertifyCreation_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Quote(Quote_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_GetSessionAuditDigest(GetSessionAuditDigest_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_GetCommandAuditDigest(GetCommandAuditDigest_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_GetTime(GetTime_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_VerifySignature(VerifySignature_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->signature.signature.any.hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Sign(Sign_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_SetCommandCodeAuditStatus(SetCommandCodeAuditStatus_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->auditAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_PolicySigned(PolicySigned_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->auth.signature.any.hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_CreatePrimary(CreatePrimary_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_SetPrimaryPolicy(SetPrimaryPolicy_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_NV_DefineSpace(NV_DefineSpace_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->publicInfo.nvPublic.nameAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_NV_Certify(NV_Certify_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
typedef struct TSS_TABLE {
|
||||||
|
- TPM_CC commandCode;
|
||||||
|
- TSS_PreProcessFunction_t preProcessFunction;
|
||||||
|
- TSS_ChangeAuthFunction_t changeAuthFunction;
|
||||||
|
- TSS_PostProcessFunction_t postProcessFunction;
|
||||||
|
+ TPM_CC commandCode;
|
||||||
|
+ TSS_CheckParametersFunction_t checkParametersFunction;
|
||||||
|
+ TSS_PreProcessFunction_t preProcessFunction;
|
||||||
|
+ TSS_ChangeAuthFunction_t changeAuthFunction;
|
||||||
|
+ TSS_PostProcessFunction_t postProcessFunction;
|
||||||
|
} TSS_TABLE;
|
||||||
|
|
||||||
|
/* This table indexes from the command to pre- and post- processing functions. A missing entry is
|
||||||
|
@@ -250,116 +618,116 @@ typedef struct TSS_TABLE {
|
||||||
|
|
||||||
|
static const TSS_TABLE tssTable [] = {
|
||||||
|
|
||||||
|
- {TPM_CC_Startup, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Shutdown, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_SelfTest, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_IncrementalSelfTest, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetTestResult, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_StartAuthSession, (TSS_PreProcessFunction_t)TSS_PR_StartAuthSession, NULL, (TSS_PostProcessFunction_t)TSS_PO_StartAuthSession},
|
||||||
|
- {TPM_CC_PolicyRestart, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Create, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Load, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_Load},
|
||||||
|
- {TPM_CC_LoadExternal, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_LoadExternal},
|
||||||
|
- {TPM_CC_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ReadPublic},
|
||||||
|
- {TPM_CC_ActivateCredential, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_MakeCredential, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Unseal, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ObjectChangeAuth, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_CreateLoaded, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreateLoaded},
|
||||||
|
- {TPM_CC_Duplicate, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Rewrap, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Import, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_RSA_Encrypt, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_RSA_Decrypt, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ECDH_KeyGen, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ECDH_ZGen, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ECC_Parameters, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ZGen_2Phase, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_EncryptDecrypt, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_EncryptDecrypt2, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Hash, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_HMAC, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetRandom, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_StirRandom, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_HMAC_Start, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HMAC_Start},
|
||||||
|
- {TPM_CC_HashSequenceStart, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HashSequenceStart},
|
||||||
|
- {TPM_CC_SequenceUpdate, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_SequenceComplete, NULL,NULL, (TSS_PostProcessFunction_t)TSS_PO_SequenceComplete},
|
||||||
|
- {TPM_CC_EventSequenceComplete, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EventSequenceComplete},
|
||||||
|
- {TPM_CC_Certify, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_CertifyX509, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_CertifyCreation, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Quote, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetSessionAuditDigest, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetCommandAuditDigest, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetTime, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Commit, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_EC_Ephemeral, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_VerifySignature, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Sign, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_SetCommandCodeAuditStatus, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_Extend, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_Event, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_Read, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_Allocate, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_SetAuthPolicy, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_SetAuthValue, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_Reset, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicySigned, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicySecret, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyTicket, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyOR, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyPCR, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyLocality, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyNV, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyAuthorizeNV, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyCounterTimer, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyCommandCode, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyPhysicalPresence, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyCpHash, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyNameHash, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyDuplicationSelect, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyAuthorize, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyAuthValue, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyAuthValue},
|
||||||
|
- {TPM_CC_PolicyPassword, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyPassword},
|
||||||
|
- {TPM_CC_PolicyGetDigest, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyNvWritten, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyTemplate, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_CreatePrimary, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreatePrimary},
|
||||||
|
- {TPM_CC_HierarchyControl, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_SetPrimaryPolicy, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ChangePPS, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ChangeEPS, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Clear, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ClearControl, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_HierarchyChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_HierarchyChangeAuth, NULL},
|
||||||
|
- {TPM_CC_DictionaryAttackLockReset, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_DictionaryAttackParameters, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PP_Commands, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_SetAlgorithmSet, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ContextSave, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextSave},
|
||||||
|
- {TPM_CC_ContextLoad, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextLoad},
|
||||||
|
- {TPM_CC_FlushContext, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_FlushContext},
|
||||||
|
- {TPM_CC_EvictControl, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EvictControl},
|
||||||
|
- {TPM_CC_ReadClock, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ClockSet, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ClockRateAdjust, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetCapability, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_TestParms, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_NV_DefineSpace, (TSS_PreProcessFunction_t)TSS_PR_NV_DefineSpace, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_DefineSpace},
|
||||||
|
- {TPM_CC_NV_UndefineSpace, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpace},
|
||||||
|
- {TPM_CC_NV_UndefineSpaceSpecial, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_UndefineSpaceSpecial, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpaceSpecial},
|
||||||
|
- {TPM_CC_NV_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadPublic},
|
||||||
|
- {TPM_CC_NV_Write, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
- {TPM_CC_NV_Increment, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
- {TPM_CC_NV_Extend, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
- {TPM_CC_NV_SetBits, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
- {TPM_CC_NV_WriteLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_WriteLock},
|
||||||
|
- {TPM_CC_NV_GlobalWriteLock, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_NV_Read, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_NV_ReadLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadLock},
|
||||||
|
- {TPM_CC_NV_ChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_ChangeAuth, NULL},
|
||||||
|
- {TPM_CC_NV_Certify, NULL, NULL, NULL}
|
||||||
|
+ {TPM_CC_Startup, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Shutdown, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_SelfTest, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_IncrementalSelfTest, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetTestResult, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_StartAuthSession, (TSS_CheckParametersFunction_t)TSS_CH_StartAuthSession, (TSS_PreProcessFunction_t)TSS_PR_StartAuthSession, NULL, (TSS_PostProcessFunction_t)TSS_PO_StartAuthSession},
|
||||||
|
+ {TPM_CC_PolicyRestart, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Create, (TSS_CheckParametersFunction_t)TSS_CH_Create, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Load, (TSS_CheckParametersFunction_t)TSS_CH_Load, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_Load},
|
||||||
|
+ {TPM_CC_LoadExternal, (TSS_CheckParametersFunction_t)TSS_CH_LoadExternal, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_LoadExternal},
|
||||||
|
+ {TPM_CC_ReadPublic, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ReadPublic},
|
||||||
|
+ {TPM_CC_ActivateCredential, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_MakeCredential, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Unseal, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ObjectChangeAuth, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_CreateLoaded, (TSS_CheckParametersFunction_t)TSS_CH_CreateLoaded, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreateLoaded},
|
||||||
|
+ {TPM_CC_Duplicate, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Rewrap, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Import, (TSS_CheckParametersFunction_t)TSS_CH_Import, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_RSA_Encrypt, (TSS_CheckParametersFunction_t)TSS_CH_RSA_Encrypt, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_RSA_Decrypt, (TSS_CheckParametersFunction_t)TSS_CH_RSA_Decrypt, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ECDH_KeyGen, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ECDH_ZGen, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ECC_Parameters, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ZGen_2Phase, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_EncryptDecrypt, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_EncryptDecrypt2, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Hash, (TSS_CheckParametersFunction_t)TSS_CH_Hash, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_HMAC, (TSS_CheckParametersFunction_t)TSS_CH_HMAC, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetRandom, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_StirRandom, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_HMAC_Start, (TSS_CheckParametersFunction_t)TSS_CH_HMAC_Start, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HMAC_Start},
|
||||||
|
+ {TPM_CC_HashSequenceStart, (TSS_CheckParametersFunction_t)TSS_CH_HashSequenceStart, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HashSequenceStart},
|
||||||
|
+ {TPM_CC_SequenceUpdate, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_SequenceComplete, NULL, NULL,NULL, (TSS_PostProcessFunction_t)TSS_PO_SequenceComplete},
|
||||||
|
+ {TPM_CC_EventSequenceComplete, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EventSequenceComplete},
|
||||||
|
+ {TPM_CC_Certify, (TSS_CheckParametersFunction_t)TSS_CH_Certify, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_CertifyX509, (TSS_CheckParametersFunction_t)TSS_CH_CertifyX509, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_CertifyCreation, (TSS_CheckParametersFunction_t)TSS_CH_CertifyCreation, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Quote, (TSS_CheckParametersFunction_t)TSS_CH_Quote, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetSessionAuditDigest, (TSS_CheckParametersFunction_t)TSS_CH_GetSessionAuditDigest, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetCommandAuditDigest, (TSS_CheckParametersFunction_t)TSS_CH_GetCommandAuditDigest, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetTime, (TSS_CheckParametersFunction_t)TSS_CH_GetTime, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Commit, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_EC_Ephemeral, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_VerifySignature, (TSS_CheckParametersFunction_t)TSS_CH_VerifySignature, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Sign, (TSS_CheckParametersFunction_t)TSS_CH_Sign, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_SetCommandCodeAuditStatus, (TSS_CheckParametersFunction_t)TSS_CH_SetCommandCodeAuditStatus, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_Extend, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_Event, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_Read, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_Allocate, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_SetAuthPolicy, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_SetAuthValue, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_Reset, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicySigned, (TSS_CheckParametersFunction_t)TSS_CH_PolicySigned, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicySecret, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyTicket, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyOR, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyPCR, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyLocality, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyNV, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyAuthorizeNV, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyCounterTimer, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyCommandCode, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyPhysicalPresence, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyCpHash, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyNameHash, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyDuplicationSelect, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyAuthorize, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyAuthValue, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyAuthValue},
|
||||||
|
+ {TPM_CC_PolicyPassword, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyPassword},
|
||||||
|
+ {TPM_CC_PolicyGetDigest, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyNvWritten, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyTemplate, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_CreatePrimary, (TSS_CheckParametersFunction_t)TSS_CH_CreatePrimary, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreatePrimary},
|
||||||
|
+ {TPM_CC_HierarchyControl, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_SetPrimaryPolicy, (TSS_CheckParametersFunction_t)TSS_CH_SetPrimaryPolicy, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ChangePPS, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ChangeEPS, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Clear, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ClearControl, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_HierarchyChangeAuth, NULL, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_HierarchyChangeAuth, NULL},
|
||||||
|
+ {TPM_CC_DictionaryAttackLockReset, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_DictionaryAttackParameters, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PP_Commands, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_SetAlgorithmSet, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ContextSave, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextSave},
|
||||||
|
+ {TPM_CC_ContextLoad, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextLoad},
|
||||||
|
+ {TPM_CC_FlushContext, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_FlushContext},
|
||||||
|
+ {TPM_CC_EvictControl, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EvictControl},
|
||||||
|
+ {TPM_CC_ReadClock, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ClockSet, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ClockRateAdjust, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetCapability, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_TestParms, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_NV_DefineSpace, (TSS_CheckParametersFunction_t)TSS_CH_NV_DefineSpace, (TSS_PreProcessFunction_t)TSS_PR_NV_DefineSpace, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_DefineSpace},
|
||||||
|
+ {TPM_CC_NV_UndefineSpace, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpace},
|
||||||
|
+ {TPM_CC_NV_UndefineSpaceSpecial, NULL, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_UndefineSpaceSpecial, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpaceSpecial},
|
||||||
|
+ {TPM_CC_NV_ReadPublic, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadPublic},
|
||||||
|
+ {TPM_CC_NV_Write, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
+ {TPM_CC_NV_Increment, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
+ {TPM_CC_NV_Extend, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
+ {TPM_CC_NV_SetBits, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
+ {TPM_CC_NV_WriteLock, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_WriteLock},
|
||||||
|
+ {TPM_CC_NV_GlobalWriteLock, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_NV_Read, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_NV_ReadLock, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadLock},
|
||||||
|
+ {TPM_CC_NV_ChangeAuth, NULL, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_ChangeAuth, NULL},
|
||||||
|
+ {TPM_CC_NV_Certify, (TSS_CheckParametersFunction_t)TSS_CH_NV_Certify, NULL, NULL, NULL}
|
||||||
|
};
|
||||||
|
|
||||||
|
#ifndef TPM_TSS_NO_PRINT
|
||||||
|
@@ -646,6 +1014,10 @@ static TPM_RC TSS_Command_ChangeAuthProcessor(TSS_CONTEXT *tssContext,
|
||||||
|
COMMAND_PARAMETERS *in);
|
||||||
|
#endif /* TPM_TSS_NOCRYPTO */
|
||||||
|
|
||||||
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
+static TPM_RC TSS_Command_CheckParameters(TPM_CC commandCode,
|
||||||
|
+ COMMAND_PARAMETERS *in);
|
||||||
|
+#endif
|
||||||
|
static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext,
|
||||||
|
TPM_CC commandCode,
|
||||||
|
COMMAND_PARAMETERS *in,
|
||||||
|
@@ -688,6 +1060,12 @@ TPM_RC TSS_Execute20(TSS_CONTEXT *tssContext,
|
||||||
|
{
|
||||||
|
TPM_RC rc = 0;
|
||||||
|
|
||||||
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_Command_CheckParameters(commandCode, in);
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/* create a TSS authorization context */
|
||||||
|
if (rc == 0) {
|
||||||
|
TSS_InitAuthContext(tssContext->tssAuthContext);
|
||||||
|
@@ -3751,6 +4129,38 @@ static TPM_RC TSS_CA_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext,
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
+static TPM_RC TSS_Command_CheckParameters(TPM_CC commandCode,
|
||||||
|
+ COMMAND_PARAMETERS *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+ size_t index;
|
||||||
|
+ int found;
|
||||||
|
+ TSS_CheckParametersFunction_t checkParametersFunction = NULL;
|
||||||
|
+
|
||||||
|
+ /* search the table for a check parameters function */
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ found = FALSE;
|
||||||
|
+ for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) {
|
||||||
|
+ if (tssTable[index].commandCode == commandCode) {
|
||||||
|
+ found = TRUE;
|
||||||
|
+ break; /* don't increment index if found */
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ /* found false means there is no check parameters function. This permits the table to be smaller
|
||||||
|
+ if desired. */
|
||||||
|
+ if ((rc == 0) && found) {
|
||||||
|
+ checkParametersFunction = tssTable[index].checkParametersFunction;
|
||||||
|
+ /* call the check parameters function if there is one */
|
||||||
|
+ if (checkParametersFunction != NULL) {
|
||||||
|
+ rc = checkParametersFunction(in);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
Command Pre-Processor
|
||||||
|
*/
|
||||||
|
diff --git a/utils/tsscryptoh.c b/utils/tsscryptoh.c
|
||||||
|
index 197549d..52f4616 100644
|
||||||
|
--- a/utils/tsscryptoh.c
|
||||||
|
+++ b/utils/tsscryptoh.c
|
||||||
|
@@ -454,7 +454,14 @@ TPM_RC TSS_RSA_padding_add_PKCS1_OAEP(unsigned char *em, uint32_t emLen,
|
||||||
|
unsigned char *maskedSeed;
|
||||||
|
|
||||||
|
uint16_t hlen = TSS_GetDigestSize(halg);
|
||||||
|
- em[0] = 0x00; /* firsr byte is 0x00 per the standard */
|
||||||
|
+ em[0] = 0x00; /* first byte is 0x00 per the standard */
|
||||||
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (halg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
/* 1.a. If the length of L is greater than the input limitation for */
|
||||||
|
/* the hash function (2^61-1 octets for SHA-1) then output "parameter */
|
||||||
|
/* string too long" and stop. */
|
||||||
|
--
|
||||||
|
2.34.3
|
||||||
|
|
@ -0,0 +1,593 @@
|
|||||||
|
From df5038caa1785d2661d283e6eeb1d6d5184d5272 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?=
|
||||||
|
<shoracek@redhat.com>
|
||||||
|
Date: Mon, 2 May 2022 23:51:15 +0200
|
||||||
|
Subject: [PATCH 4/4] man: Include information about possible hash restriction
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
---
|
||||||
|
utils/certify.c | 2 ++
|
||||||
|
utils/certifycreation.c | 2 ++
|
||||||
|
utils/create.c | 2 ++
|
||||||
|
utils/createloaded.c | 2 ++
|
||||||
|
utils/createprimary.c | 2 ++
|
||||||
|
utils/getcommandauditdigest.c | 2 ++
|
||||||
|
utils/getsessionauditdigest.c | 2 ++
|
||||||
|
utils/gettime.c | 2 ++
|
||||||
|
utils/hash.c | 2 ++
|
||||||
|
utils/hashsequencestart.c | 2 ++
|
||||||
|
utils/hmac.c | 2 ++
|
||||||
|
utils/hmacstart.c | 2 ++
|
||||||
|
utils/importpem.c | 2 ++
|
||||||
|
utils/loadexternal.c | 2 ++
|
||||||
|
utils/man/man1/tsscertify.1 | 2 ++
|
||||||
|
utils/man/man1/tsscertifycreation.1 | 2 ++
|
||||||
|
utils/man/man1/tsscreate.1 | 2 ++
|
||||||
|
utils/man/man1/tsscreateloaded.1 | 2 ++
|
||||||
|
utils/man/man1/tsscreateprimary.1 | 2 ++
|
||||||
|
utils/man/man1/tssgetcommandauditdigest.1 | 2 ++
|
||||||
|
utils/man/man1/tssgetsessionauditdigest.1 | 2 ++
|
||||||
|
utils/man/man1/tssgettime.1 | 2 ++
|
||||||
|
utils/man/man1/tsshash.1 | 2 ++
|
||||||
|
utils/man/man1/tsshashsequencestart.1 | 2 ++
|
||||||
|
utils/man/man1/tsshmac.1 | 2 ++
|
||||||
|
utils/man/man1/tsshmacstart.1 | 2 ++
|
||||||
|
utils/man/man1/tssimportpem.1 | 2 ++
|
||||||
|
utils/man/man1/tssloadexternal.1 | 2 ++
|
||||||
|
utils/man/man1/tssnvcertify.1 | 2 ++
|
||||||
|
utils/man/man1/tssnvdefinespace.1 | 2 ++
|
||||||
|
utils/man/man1/tsspolicysigned.1 | 2 ++
|
||||||
|
utils/man/man1/tssquote.1 | 2 ++
|
||||||
|
utils/man/man1/tssrsadecrypt.1 | 2 ++
|
||||||
|
utils/man/man1/tsssetcommandcodeauditstatus.1 | 2 ++
|
||||||
|
utils/man/man1/tsssetprimarypolicy.1 | 2 ++
|
||||||
|
utils/man/man1/tsssign.1 | 2 ++
|
||||||
|
utils/man/man1/tssstartauthsession.1 | 2 ++
|
||||||
|
utils/man/man1/tssverifysignature.1 | 2 ++
|
||||||
|
utils/nvcertify.c | 2 ++
|
||||||
|
utils/nvdefinespace.c | 2 ++
|
||||||
|
utils/policysigned.c | 2 ++
|
||||||
|
utils/quote.c | 2 ++
|
||||||
|
utils/rsadecrypt.c | 2 ++
|
||||||
|
utils/setcommandcodeauditstatus.c | 2 ++
|
||||||
|
utils/setprimarypolicy.c | 2 ++
|
||||||
|
utils/sign.c | 2 ++
|
||||||
|
utils/startauthsession.c | 2 ++
|
||||||
|
utils/verifysignature.c | 2 ++
|
||||||
|
48 files changed, 96 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/utils/certify.c b/utils/certify.c
|
||||||
|
index f1f54d0..f9a07c5 100644
|
||||||
|
--- a/utils/certify.c
|
||||||
|
+++ b/utils/certify.c
|
||||||
|
@@ -407,5 +407,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/certifycreation.c b/utils/certifycreation.c
|
||||||
|
index ab54c0a..b4fa095 100644
|
||||||
|
--- a/utils/certifycreation.c
|
||||||
|
+++ b/utils/certifycreation.c
|
||||||
|
@@ -449,5 +449,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/create.c b/utils/create.c
|
||||||
|
index a8b805c..880af28 100644
|
||||||
|
--- a/utils/create.c
|
||||||
|
+++ b/utils/create.c
|
||||||
|
@@ -710,5 +710,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/createloaded.c b/utils/createloaded.c
|
||||||
|
index d54f791..5bcf69e 100644
|
||||||
|
--- a/utils/createloaded.c
|
||||||
|
+++ b/utils/createloaded.c
|
||||||
|
@@ -628,5 +628,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/createprimary.c b/utils/createprimary.c
|
||||||
|
index 52ae083..81cc91d 100644
|
||||||
|
--- a/utils/createprimary.c
|
||||||
|
+++ b/utils/createprimary.c
|
||||||
|
@@ -799,5 +799,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/getcommandauditdigest.c b/utils/getcommandauditdigest.c
|
||||||
|
index a219785..6412d90 100644
|
||||||
|
--- a/utils/getcommandauditdigest.c
|
||||||
|
+++ b/utils/getcommandauditdigest.c
|
||||||
|
@@ -391,5 +391,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/getsessionauditdigest.c b/utils/getsessionauditdigest.c
|
||||||
|
index 61b12e6..4138bc7 100644
|
||||||
|
--- a/utils/getsessionauditdigest.c
|
||||||
|
+++ b/utils/getsessionauditdigest.c
|
||||||
|
@@ -387,5 +387,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/gettime.c b/utils/gettime.c
|
||||||
|
index b07baf1..547faa9 100644
|
||||||
|
--- a/utils/gettime.c
|
||||||
|
+++ b/utils/gettime.c
|
||||||
|
@@ -391,5 +391,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/hash.c b/utils/hash.c
|
||||||
|
index 71b8a7c..5a0df6a 100644
|
||||||
|
--- a/utils/hash.c
|
||||||
|
+++ b/utils/hash.c
|
||||||
|
@@ -306,5 +306,7 @@ static void printUsage(void)
|
||||||
|
printf("\t[-ns\tno space, no text, no newlines]\n");
|
||||||
|
printf("\t[-oh\thash file name (default do not save)]\n");
|
||||||
|
printf("\t[-tk\tticket file name (default do not save)]\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/hashsequencestart.c b/utils/hashsequencestart.c
|
||||||
|
index d54fadd..88d15fc 100644
|
||||||
|
--- a/utils/hashsequencestart.c
|
||||||
|
+++ b/utils/hashsequencestart.c
|
||||||
|
@@ -249,5 +249,7 @@ static void printUsage(void)
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default NULL)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/hmac.c b/utils/hmac.c
|
||||||
|
index be63e1b..7ab2b34 100644
|
||||||
|
--- a/utils/hmac.c
|
||||||
|
+++ b/utils/hmac.c
|
||||||
|
@@ -352,5 +352,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/hmacstart.c b/utils/hmacstart.c
|
||||||
|
index 3fdd0f9..171af6c 100644
|
||||||
|
--- a/utils/hmacstart.c
|
||||||
|
+++ b/utils/hmacstart.c
|
||||||
|
@@ -274,5 +274,7 @@ static void printUsage(void)
|
||||||
|
printf("\n");
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/importpem.c b/utils/importpem.c
|
||||||
|
index 38ad125..75c8cb2 100644
|
||||||
|
--- a/utils/importpem.c
|
||||||
|
+++ b/utils/importpem.c
|
||||||
|
@@ -486,5 +486,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/loadexternal.c b/utils/loadexternal.c
|
||||||
|
index 877501c..ff4b46f 100644
|
||||||
|
--- a/utils/loadexternal.c
|
||||||
|
+++ b/utils/loadexternal.c
|
||||||
|
@@ -538,5 +538,7 @@ static void printUsage(void)
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
printf("\t80\taudit\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/man/man1/tsscertify.1 b/utils/man/man1/tsscertify.1
|
||||||
|
index 6895ee7..7b34e2f 100644
|
||||||
|
--- a/utils/man/man1/tsscertify.1
|
||||||
|
+++ b/utils/man/man1/tsscertify.1
|
||||||
|
@@ -44,3 +44,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsscertifycreation.1 b/utils/man/man1/tsscertifycreation.1
|
||||||
|
index 4382ed9..5f51d05 100644
|
||||||
|
--- a/utils/man/man1/tsscertifycreation.1
|
||||||
|
+++ b/utils/man/man1/tsscertifycreation.1
|
||||||
|
@@ -47,3 +47,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsscreate.1 b/utils/man/man1/tsscreate.1
|
||||||
|
index b4eda75..92f53a7 100644
|
||||||
|
--- a/utils/man/man1/tsscreate.1
|
||||||
|
+++ b/utils/man/man1/tsscreate.1
|
||||||
|
@@ -125,3 +125,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsscreateloaded.1 b/utils/man/man1/tsscreateloaded.1
|
||||||
|
index ccd3d73..7e6c422 100644
|
||||||
|
--- a/utils/man/man1/tsscreateloaded.1
|
||||||
|
+++ b/utils/man/man1/tsscreateloaded.1
|
||||||
|
@@ -126,3 +126,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsscreateprimary.1 b/utils/man/man1/tsscreateprimary.1
|
||||||
|
index 895a42e..c189f17 100644
|
||||||
|
--- a/utils/man/man1/tsscreateprimary.1
|
||||||
|
+++ b/utils/man/man1/tsscreateprimary.1
|
||||||
|
@@ -129,3 +129,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssgetcommandauditdigest.1 b/utils/man/man1/tssgetcommandauditdigest.1
|
||||||
|
index 34711e0..e67adac 100644
|
||||||
|
--- a/utils/man/man1/tssgetcommandauditdigest.1
|
||||||
|
+++ b/utils/man/man1/tssgetcommandauditdigest.1
|
||||||
|
@@ -41,3 +41,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssgetsessionauditdigest.1 b/utils/man/man1/tssgetsessionauditdigest.1
|
||||||
|
index d09c78b..272127e 100644
|
||||||
|
--- a/utils/man/man1/tssgetsessionauditdigest.1
|
||||||
|
+++ b/utils/man/man1/tssgetsessionauditdigest.1
|
||||||
|
@@ -44,3 +44,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssgettime.1 b/utils/man/man1/tssgettime.1
|
||||||
|
index bec0627..1cb46f6 100644
|
||||||
|
--- a/utils/man/man1/tssgettime.1
|
||||||
|
+++ b/utils/man/man1/tssgettime.1
|
||||||
|
@@ -41,3 +41,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsshash.1 b/utils/man/man1/tsshash.1
|
||||||
|
index 6eff929..0a9c54e 100644
|
||||||
|
--- a/utils/man/man1/tsshash.1
|
||||||
|
+++ b/utils/man/man1/tsshash.1
|
||||||
|
@@ -28,3 +28,5 @@ hash file name (default do not save)]
|
||||||
|
.TP
|
||||||
|
[\-tk
|
||||||
|
ticket file name (default do not save)]
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsshashsequencestart.1 b/utils/man/man1/tsshashsequencestart.1
|
||||||
|
index f6d7f52..663ae69 100644
|
||||||
|
--- a/utils/man/man1/tsshashsequencestart.1
|
||||||
|
+++ b/utils/man/man1/tsshashsequencestart.1
|
||||||
|
@@ -21,3 +21,5 @@ continue
|
||||||
|
.TP
|
||||||
|
20
|
||||||
|
command decrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsshmac.1 b/utils/man/man1/tsshmac.1
|
||||||
|
index e64a861..70d2632 100644
|
||||||
|
--- a/utils/man/man1/tsshmac.1
|
||||||
|
+++ b/utils/man/man1/tsshmac.1
|
||||||
|
@@ -35,3 +35,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsshmacstart.1 b/utils/man/man1/tsshmacstart.1
|
||||||
|
index 65d4ab6..64bcf2f 100644
|
||||||
|
--- a/utils/man/man1/tsshmacstart.1
|
||||||
|
+++ b/utils/man/man1/tsshmacstart.1
|
||||||
|
@@ -23,3 +23,5 @@ password for sequence (default empty)
|
||||||
|
.TP
|
||||||
|
01
|
||||||
|
continue
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssimportpem.1 b/utils/man/man1/tssimportpem.1
|
||||||
|
index 21c362e..bf79c92 100644
|
||||||
|
--- a/utils/man/man1/tssimportpem.1
|
||||||
|
+++ b/utils/man/man1/tssimportpem.1
|
||||||
|
@@ -67,3 +67,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssloadexternal.1 b/utils/man/man1/tssloadexternal.1
|
||||||
|
index e32a251..2a9ba66 100644
|
||||||
|
--- a/utils/man/man1/tssloadexternal.1
|
||||||
|
+++ b/utils/man/man1/tssloadexternal.1
|
||||||
|
@@ -71,3 +71,5 @@ response encrypt
|
||||||
|
.TP
|
||||||
|
80
|
||||||
|
audit
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssnvcertify.1 b/utils/man/man1/tssnvcertify.1
|
||||||
|
index c55f6dc..83d2380 100644
|
||||||
|
--- a/utils/man/man1/tssnvcertify.1
|
||||||
|
+++ b/utils/man/man1/tssnvcertify.1
|
||||||
|
@@ -50,3 +50,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssnvdefinespace.1 b/utils/man/man1/tssnvdefinespace.1
|
||||||
|
index 0f378e9..642508b 100644
|
||||||
|
--- a/utils/man/man1/tssnvdefinespace.1
|
||||||
|
+++ b/utils/man/man1/tssnvdefinespace.1
|
||||||
|
@@ -99,3 +99,5 @@ continue
|
||||||
|
.TP
|
||||||
|
20
|
||||||
|
command decrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsspolicysigned.1 b/utils/man/man1/tsspolicysigned.1
|
||||||
|
index f50b81a..2f745c0 100644
|
||||||
|
--- a/utils/man/man1/tsspolicysigned.1
|
||||||
|
+++ b/utils/man/man1/tsspolicysigned.1
|
||||||
|
@@ -44,3 +44,5 @@ ticket file name]
|
||||||
|
.TP
|
||||||
|
[\-to
|
||||||
|
timeout file name]
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssquote.1 b/utils/man/man1/tssquote.1
|
||||||
|
index 04a2e60..fef5c39 100644
|
||||||
|
--- a/utils/man/man1/tssquote.1
|
||||||
|
+++ b/utils/man/man1/tssquote.1
|
||||||
|
@@ -44,3 +44,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssrsadecrypt.1 b/utils/man/man1/tssrsadecrypt.1
|
||||||
|
index 6c35e42..ab77103 100644
|
||||||
|
--- a/utils/man/man1/tssrsadecrypt.1
|
||||||
|
+++ b/utils/man/man1/tssrsadecrypt.1
|
||||||
|
@@ -31,3 +31,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsssetcommandcodeauditstatus.1 b/utils/man/man1/tsssetcommandcodeauditstatus.1
|
||||||
|
index c4d19dc..7d44fb2 100644
|
||||||
|
--- a/utils/man/man1/tsssetcommandcodeauditstatus.1
|
||||||
|
+++ b/utils/man/man1/tsssetcommandcodeauditstatus.1
|
||||||
|
@@ -29,3 +29,5 @@ continue
|
||||||
|
.TP
|
||||||
|
20
|
||||||
|
command decrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsssetprimarypolicy.1 b/utils/man/man1/tsssetprimarypolicy.1
|
||||||
|
index c67c1f9..a3db8d2 100644
|
||||||
|
--- a/utils/man/man1/tsssetprimarypolicy.1
|
||||||
|
+++ b/utils/man/man1/tsssetprimarypolicy.1
|
||||||
|
@@ -26,3 +26,5 @@ continue
|
||||||
|
.TP
|
||||||
|
20
|
||||||
|
command decrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsssign.1 b/utils/man/man1/tsssign.1
|
||||||
|
index d5ad351..83d3cfa 100644
|
||||||
|
--- a/utils/man/man1/tsssign.1
|
||||||
|
+++ b/utils/man/man1/tsssign.1
|
||||||
|
@@ -46,3 +46,5 @@ continue
|
||||||
|
.TP
|
||||||
|
20
|
||||||
|
command decrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssstartauthsession.1 b/utils/man/man1/tssstartauthsession.1
|
||||||
|
index 3e944bb..0bb5022 100644
|
||||||
|
--- a/utils/man/man1/tssstartauthsession.1
|
||||||
|
+++ b/utils/man/man1/tssstartauthsession.1
|
||||||
|
@@ -35,3 +35,5 @@ bind password for bind handle (default empty)]
|
||||||
|
.TP
|
||||||
|
[\-on
|
||||||
|
nonceTPM file for policy session (default do not save)]
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssverifysignature.1 b/utils/man/man1/tssverifysignature.1
|
||||||
|
index e2d6460..67b7ff5 100644
|
||||||
|
--- a/utils/man/man1/tssverifysignature.1
|
||||||
|
+++ b/utils/man/man1/tssverifysignature.1
|
||||||
|
@@ -57,3 +57,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
80
|
||||||
|
audit
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/nvcertify.c b/utils/nvcertify.c
|
||||||
|
index 81bde69..6882bfb 100644
|
||||||
|
--- a/utils/nvcertify.c
|
||||||
|
+++ b/utils/nvcertify.c
|
||||||
|
@@ -445,5 +445,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/nvdefinespace.c b/utils/nvdefinespace.c
|
||||||
|
index 18ce6ea..94e6cbd 100644
|
||||||
|
--- a/utils/nvdefinespace.c
|
||||||
|
+++ b/utils/nvdefinespace.c
|
||||||
|
@@ -590,5 +590,7 @@ static void printUsage(void)
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/policysigned.c b/utils/policysigned.c
|
||||||
|
index 469cec9..8283464 100644
|
||||||
|
--- a/utils/policysigned.c
|
||||||
|
+++ b/utils/policysigned.c
|
||||||
|
@@ -452,5 +452,7 @@ static void printUsage(void)
|
||||||
|
printf("\t[-pwdk\tsigning key password (default null)]\n");
|
||||||
|
printf("\t[-tk\tticket file name]\n");
|
||||||
|
printf("\t[-to\ttimeout file name]\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/quote.c b/utils/quote.c
|
||||||
|
index c29fad0..7523578 100644
|
||||||
|
--- a/utils/quote.c
|
||||||
|
+++ b/utils/quote.c
|
||||||
|
@@ -435,5 +435,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/rsadecrypt.c b/utils/rsadecrypt.c
|
||||||
|
index e2846af..fe5086a 100644
|
||||||
|
--- a/utils/rsadecrypt.c
|
||||||
|
+++ b/utils/rsadecrypt.c
|
||||||
|
@@ -507,5 +507,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/setcommandcodeauditstatus.c b/utils/setcommandcodeauditstatus.c
|
||||||
|
index 7a880ae..ddecad5 100644
|
||||||
|
--- a/utils/setcommandcodeauditstatus.c
|
||||||
|
+++ b/utils/setcommandcodeauditstatus.c
|
||||||
|
@@ -294,5 +294,7 @@ static void printUsage(void)
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/setprimarypolicy.c b/utils/setprimarypolicy.c
|
||||||
|
index 619937f..c03883f 100644
|
||||||
|
--- a/utils/setprimarypolicy.c
|
||||||
|
+++ b/utils/setprimarypolicy.c
|
||||||
|
@@ -296,5 +296,7 @@ static void printUsage(void)
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/sign.c b/utils/sign.c
|
||||||
|
index 0635366..f31196b 100644
|
||||||
|
--- a/utils/sign.c
|
||||||
|
+++ b/utils/sign.c
|
||||||
|
@@ -485,5 +485,7 @@ static void printUsage(void)
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/startauthsession.c b/utils/startauthsession.c
|
||||||
|
index d47c731..e6ddd5a 100644
|
||||||
|
--- a/utils/startauthsession.c
|
||||||
|
+++ b/utils/startauthsession.c
|
||||||
|
@@ -297,5 +297,7 @@ static void printUsage(void)
|
||||||
|
printf("\t[-pwdb\tbind password for bind handle (default empty)]\n");
|
||||||
|
printf("\t[-sym\t(xor, aes) symmetric parameter encryption algorithm (default xor)]\n");
|
||||||
|
printf("\t[-on\tnonceTPM file for policy session (default do not save)]\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/verifysignature.c b/utils/verifysignature.c
|
||||||
|
index 57978d5..41ba05b 100644
|
||||||
|
--- a/utils/verifysignature.c
|
||||||
|
+++ b/utils/verifysignature.c
|
||||||
|
@@ -484,5 +484,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t80\taudit\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.34.3
|
||||||
|
|
111
SOURCES/0004-utils-Clean-up-certifyx509-memory-allocation.patch
Normal file
111
SOURCES/0004-utils-Clean-up-certifyx509-memory-allocation.patch
Normal file
@ -0,0 +1,111 @@
|
|||||||
|
From d77514273aa88f67b85c398a222ab2195c42f5fd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
Date: Tue, 31 Aug 2021 13:45:21 -0400
|
||||||
|
Subject: [PATCH 4/7] utils: Clean up certifyx509 memory allocation
|
||||||
|
|
||||||
|
Make TPM_ADDTOCERT input const. Annotate malloc and free calls. Free
|
||||||
|
TPM_PARTIAL_CERT. Use TPM_ADDTOCERT_free. Remove unused
|
||||||
|
x509IssuerName and x509SubjectName and their frees. Free
|
||||||
|
TPM_PARTIAL_CERT issuer and subject because createX509Name() mallocs.
|
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
---
|
||||||
|
utils/certifyx509.c | 26 +++++++++++++++++---------
|
||||||
|
1 file changed, 17 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/utils/certifyx509.c b/utils/certifyx509.c
|
||||||
|
index 5602f62..8ac5abd 100644
|
||||||
|
--- a/utils/certifyx509.c
|
||||||
|
+++ b/utils/certifyx509.c
|
||||||
|
@@ -147,7 +147,7 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *certificate,
|
||||||
|
TPM_RC reformCertificate(X509 *x509Certificate,
|
||||||
|
TPMI_ALG_HASH halg,
|
||||||
|
TPMI_ALG_SIG_SCHEME scheme,
|
||||||
|
- TPM_ADDTOCERT *addToCert,
|
||||||
|
+ const TPM_ADDTOCERT *addToCert,
|
||||||
|
TPMT_SIGNATURE *tSignature);
|
||||||
|
TPM_RC addSignatureRsa(X509 *x509Certificate,
|
||||||
|
TPMI_ALG_HASH halg,
|
||||||
|
@@ -618,7 +618,7 @@ int main(int argc, char *argv[])
|
||||||
|
if (rc == 0) {
|
||||||
|
if (verbose) X509_print_fp(stdout, x509Certificate); /* for debug */
|
||||||
|
rc = convertX509ToDer(&x509DerLength,
|
||||||
|
- &x509Der, /* freed @2 */
|
||||||
|
+ &x509Der, /* freed @4 */
|
||||||
|
x509Certificate);
|
||||||
|
}
|
||||||
|
if ((rc == 0) && (outCertificateFilename != NULL)) {
|
||||||
|
@@ -628,8 +628,13 @@ int main(int argc, char *argv[])
|
||||||
|
if (x509Certificate != NULL) {
|
||||||
|
X509_free(x509Certificate); /* @1 */
|
||||||
|
}
|
||||||
|
- free(x509Der); /* @2 */
|
||||||
|
- OPENSSL_free(addToCert); /* @3 */
|
||||||
|
+ if (partialCertificate != NULL) {
|
||||||
|
+ TPM_PARTIAL_CERT_free(partialCertificate); /* @2 */
|
||||||
|
+ }
|
||||||
|
+ if (addToCert != NULL) {
|
||||||
|
+ TPM_ADDTOCERT_free(addToCert); /* @3 */
|
||||||
|
+ }
|
||||||
|
+ free(x509Der); /* @4 */
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -683,8 +688,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
|
||||||
|
int irc;
|
||||||
|
ASN1_TIME *arc; /* return code */
|
||||||
|
|
||||||
|
- X509_NAME *x509IssuerName = NULL; /* composite issuer name, key/value pairs */
|
||||||
|
- X509_NAME *x509SubjectName = NULL;/* composite subject name, key/value pairs */
|
||||||
|
size_t issuerEntriesSize = sizeof(issuerEntries)/sizeof(char *);
|
||||||
|
size_t subjectEntriesSize = sizeof(subjectEntries)/sizeof(char *);
|
||||||
|
uint8_t *tmpPartialDer = NULL; /* for the i2d */
|
||||||
|
@@ -693,6 +696,9 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
|
||||||
|
if (rc == 0) {
|
||||||
|
if (verbose) printf("createPartialCertificate: Adding issuer, size %lu\n",
|
||||||
|
(unsigned long)issuerEntriesSize);
|
||||||
|
+ /* _new allocates the member. free it because createX509Name() allocates a new structure */
|
||||||
|
+ X509_NAME_free(partialCertificate->issuer);
|
||||||
|
+ partialCertificate->issuer = NULL;
|
||||||
|
rc = createX509Name(&partialCertificate->issuer, /* freed @1 */
|
||||||
|
issuerEntriesSize,
|
||||||
|
issuerEntries);
|
||||||
|
@@ -746,6 +752,8 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
|
||||||
|
if (!subeqiss) {
|
||||||
|
if (verbose) printf("createPartialCertificate: Adding subject, size %lu\n",
|
||||||
|
(unsigned long)subjectEntriesSize);
|
||||||
|
+ X509_NAME_free(partialCertificate->subject);
|
||||||
|
+ partialCertificate->subject = NULL;
|
||||||
|
rc = createX509Name(&partialCertificate->subject, /* freed @2 */
|
||||||
|
subjectEntriesSize,
|
||||||
|
subjectEntries);
|
||||||
|
@@ -754,6 +762,8 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
|
||||||
|
else {
|
||||||
|
if (verbose) printf("createPartialCertificate: Adding subject (issuer), size %lu\n",
|
||||||
|
(unsigned long)issuerEntriesSize);
|
||||||
|
+ X509_NAME_free(partialCertificate->subject);
|
||||||
|
+ partialCertificate->subject = NULL;
|
||||||
|
rc = createX509Name(&partialCertificate->subject, /* freed @2 */
|
||||||
|
issuerEntriesSize,
|
||||||
|
issuerEntries);
|
||||||
|
@@ -806,8 +816,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
|
||||||
|
if (verbose) X509_print_fp(stdout, x509Certificate);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
- X509_NAME_free(x509IssuerName); /* @1 */
|
||||||
|
- X509_NAME_free(x509SubjectName); /* @2 */
|
||||||
|
OPENSSL_free(tmpPartialDer); /* @3 */
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
@@ -956,7 +964,7 @@ TPM_RC addPartialCertExtensionTpmaOid(TPM_PARTIAL_CERT *partialCertificate,
|
||||||
|
TPM_RC reformCertificate(X509 *x509Certificate,
|
||||||
|
TPMI_ALG_HASH halg,
|
||||||
|
TPMI_ALG_SIG_SCHEME scheme,
|
||||||
|
- TPM_ADDTOCERT *addToCert,
|
||||||
|
+ const TPM_ADDTOCERT *addToCert,
|
||||||
|
TPMT_SIGNATURE *tSignature)
|
||||||
|
{
|
||||||
|
TPM_RC rc = 0;
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
91
SOURCES/0005-utils-Fix-errors-detected-by-gcc-asan.patch
Normal file
91
SOURCES/0005-utils-Fix-errors-detected-by-gcc-asan.patch
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
From bcbc2f0400cfc2f596283e8c528aed4576bfea69 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
Date: Fri, 3 Sep 2021 14:58:20 -0400
|
||||||
|
Subject: [PATCH 5/7] utils: Fix errors detected by gcc asan
|
||||||
|
|
||||||
|
In Uint32_Convert(), case the byte to uint32_t before the left shift
|
||||||
|
24 to suppress a warning.
|
||||||
|
|
||||||
|
In TSS_EFI_GetNameIndex(), do not compare data if the length does not
|
||||||
|
match, because this could cause a buffer overflow. Test should be &&,
|
||||||
|
not &.
|
||||||
|
|
||||||
|
TSS_Delete should only memset sessionData if the pointer is not NULL.
|
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
---
|
||||||
|
utils/efilib.c | 11 +++++++----
|
||||||
|
utils/eventlib.c | 10 +++++-----
|
||||||
|
utils/tss.c | 6 ++++--
|
||||||
|
3 files changed, 16 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/utils/efilib.c b/utils/efilib.c
|
||||||
|
index 201a1f5..ab8177b 100644
|
||||||
|
--- a/utils/efilib.c
|
||||||
|
+++ b/utils/efilib.c
|
||||||
|
@@ -399,16 +399,19 @@ static void TSS_EFI_GetNameIndex(size_t *index,
|
||||||
|
const uint8_t *name,
|
||||||
|
uint64_t nameLength) /* half the total bytes in array */
|
||||||
|
{
|
||||||
|
- int m1,m2;
|
||||||
|
+ int m1 = 0;
|
||||||
|
+ int m2 = 0;
|
||||||
|
for (*index = 0 ;
|
||||||
|
*index < sizeof(tagTable) / sizeof(TAG_TABLE) ;
|
||||||
|
(*index)++) {
|
||||||
|
|
||||||
|
/* length match */
|
||||||
|
m1 = (nameLength * 2) == tagTable[*index].nameLength;
|
||||||
|
- /* string match */
|
||||||
|
- m2 = memcmp(name, tagTable[*index].name, (size_t)(nameLength * 2)) == 0;
|
||||||
|
- if (m1 & m2) {
|
||||||
|
+ if (m1) {
|
||||||
|
+ /* string match */
|
||||||
|
+ m2 = memcmp(name, tagTable[*index].name, (size_t)(nameLength * 2)) == 0;
|
||||||
|
+ }
|
||||||
|
+ if (m1 && m2) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/utils/eventlib.c b/utils/eventlib.c
|
||||||
|
index 0c2801c..c56a22f 100644
|
||||||
|
--- a/utils/eventlib.c
|
||||||
|
+++ b/utils/eventlib.c
|
||||||
|
@@ -1346,12 +1346,12 @@ static uint32_t Uint32_Convert(uint32_t in)
|
||||||
|
{
|
||||||
|
uint32_t out = 0;
|
||||||
|
unsigned char *inb = (unsigned char *)∈
|
||||||
|
-
|
||||||
|
+
|
||||||
|
/* little endian input */
|
||||||
|
- out = (inb[0] << 0) |
|
||||||
|
- (inb[1] << 8) |
|
||||||
|
- (inb[2] << 16) |
|
||||||
|
- (inb[3] << 24);
|
||||||
|
+ out = ((((uint32_t)inb[0]) << 0) |
|
||||||
|
+ (((uint32_t)inb[1]) << 8) |
|
||||||
|
+ (((uint32_t)inb[2]) << 16) |
|
||||||
|
+ (((uint32_t)inb[3]) << 24));
|
||||||
|
return out;
|
||||||
|
}
|
||||||
|
#endif /* TPM_TSS_NOFILE */
|
||||||
|
diff --git a/utils/tss.c b/utils/tss.c
|
||||||
|
index 574c448..6f0eede 100644
|
||||||
|
--- a/utils/tss.c
|
||||||
|
+++ b/utils/tss.c
|
||||||
|
@@ -179,8 +179,10 @@ TPM_RC TSS_Delete(TSS_CONTEXT *tssContext)
|
||||||
|
for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) {
|
||||||
|
tssContext->sessions[i].sessionHandle = TPM_RH_NULL;
|
||||||
|
/* erase any secrets */
|
||||||
|
- memset(tssContext->sessions[i].sessionData,
|
||||||
|
- 0, tssContext->sessions[i].sessionDataLength);
|
||||||
|
+ if (tssContext->sessions[i].sessionData != NULL) {
|
||||||
|
+ memset(tssContext->sessions[i].sessionData,
|
||||||
|
+ 0, tssContext->sessions[i].sessionDataLength);
|
||||||
|
+ }
|
||||||
|
free(tssContext->sessions[i].sessionData);
|
||||||
|
tssContext->sessions[i].sessionData = NULL;
|
||||||
|
tssContext->sessions[i].sessionDataLength = 0;
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
103
SOURCES/0006-tss-Port-HMAC-operations-to-openssl-3.0.patch
Normal file
103
SOURCES/0006-tss-Port-HMAC-operations-to-openssl-3.0.patch
Normal file
@ -0,0 +1,103 @@
|
|||||||
|
From 7128994537a7103b25acb1df238db747d7cb3274 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
Date: Fri, 10 Sep 2021 16:33:10 -0400
|
||||||
|
Subject: [PATCH 6/7] tss: Port HMAC operations to openssl 3.0
|
||||||
|
|
||||||
|
Replace the deprecated APIs.
|
||||||
|
|
||||||
|
- Compared to the next branch commit 6e22032d, changes related to HMAC are
|
||||||
|
ommited.
|
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
---
|
||||||
|
utils/tsscrypto.c | 58 ++++++++++++++++++++++++++++++-----------------
|
||||||
|
1 file changed, 37 insertions(+), 21 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/utils/tsscrypto.c b/utils/tsscrypto.c
|
||||||
|
index 23d3b6e..1974563 100644
|
||||||
|
--- a/utils/tsscrypto.c
|
||||||
|
+++ b/utils/tsscrypto.c
|
||||||
|
@@ -79,6 +79,7 @@ extern int tssVerbose;
|
||||||
|
|
||||||
|
/* local prototypes */
|
||||||
|
|
||||||
|
+static TPM_RC TSS_Hash_GetOsslString(const char **str, TPMI_ALG_HASH hashAlg);
|
||||||
|
static TPM_RC TSS_Hash_GetMd(const EVP_MD **md,
|
||||||
|
TPMI_ALG_HASH hashAlg);
|
||||||
|
|
||||||
|
@@ -129,36 +130,51 @@ TPM_RC TSS_Crypto_Init(void)
|
||||||
|
Digests
|
||||||
|
*/
|
||||||
|
|
||||||
|
-static TPM_RC TSS_Hash_GetMd(const EVP_MD **md,
|
||||||
|
- TPMI_ALG_HASH hashAlg)
|
||||||
|
+/* TSS_Hash_GetString() maps from the TCG hash algorithm to the OpenSSL string */
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_Hash_GetOsslString(const char **str, TPMI_ALG_HASH hashAlg)
|
||||||
|
{
|
||||||
|
- TPM_RC rc = 0;
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
|
||||||
|
- if (rc == 0) {
|
||||||
|
- switch (hashAlg) {
|
||||||
|
+ switch (hashAlg) {
|
||||||
|
#ifdef TPM_ALG_SHA1
|
||||||
|
- case TPM_ALG_SHA1:
|
||||||
|
- *md = EVP_get_digestbyname("sha1");
|
||||||
|
- break;
|
||||||
|
+ case TPM_ALG_SHA1:
|
||||||
|
+ *str = "sha1";
|
||||||
|
+ break;
|
||||||
|
#endif
|
||||||
|
-#ifdef TPM_ALG_SHA256
|
||||||
|
- case TPM_ALG_SHA256:
|
||||||
|
- *md = EVP_get_digestbyname("sha256");
|
||||||
|
- break;
|
||||||
|
+#ifdef TPM_ALG_SHA256
|
||||||
|
+ case TPM_ALG_SHA256:
|
||||||
|
+ *str = "sha256";
|
||||||
|
+ break;
|
||||||
|
#endif
|
||||||
|
#ifdef TPM_ALG_SHA384
|
||||||
|
- case TPM_ALG_SHA384:
|
||||||
|
- *md = EVP_get_digestbyname("sha384");
|
||||||
|
- break;
|
||||||
|
+ case TPM_ALG_SHA384:
|
||||||
|
+ *str = "sha384";
|
||||||
|
+ break;
|
||||||
|
#endif
|
||||||
|
#ifdef TPM_ALG_SHA512
|
||||||
|
- case TPM_ALG_SHA512:
|
||||||
|
- *md = EVP_get_digestbyname("sha512");
|
||||||
|
- break;
|
||||||
|
+ case TPM_ALG_SHA512:
|
||||||
|
+ *str = "sha512";
|
||||||
|
+ break;
|
||||||
|
#endif
|
||||||
|
- default:
|
||||||
|
- rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
- }
|
||||||
|
+ default:
|
||||||
|
+ *str = NULL;
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_Hash_GetMd(const EVP_MD **md,
|
||||||
|
+ TPMI_ALG_HASH hashAlg)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+ const char *str = NULL;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_Hash_GetOsslString(&str, hashAlg);
|
||||||
|
+ }
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ *md = EVP_get_digestbyname(str);
|
||||||
|
}
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -1,33 +0,0 @@
|
|||||||
diff -ur tss2-1234/utils/makefile-common tss2-1234-new/utils/makefile-common
|
|
||||||
--- tss2-1234/utils/makefile-common 2018-05-29 12:00:46.000000000 -0700
|
|
||||||
+++ tss2-1234-new/utils/makefile-common 2018-10-02 15:10:20.783078580 -0700
|
|
||||||
@@ -44,7 +44,7 @@
|
|
||||||
CCFLAGS += \
|
|
||||||
-Wall -W -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
|
|
||||||
-Wformat=2 -Wold-style-definition -Wno-self-assign \
|
|
||||||
- -ggdb -O0 -c
|
|
||||||
+ -ggdb -c
|
|
||||||
|
|
||||||
# to compile with optimizations on (warning will result)
|
|
||||||
# -O3 -c
|
|
||||||
diff -ur tss2-1234/utils/makefile.fedora tss2-1234-new/utils/makefile.fedora
|
|
||||||
--- tss2-1234/utils/makefile.fedora 2018-05-15 10:07:20.000000000 -0700
|
|
||||||
+++ tss2-1234-new/utils/makefile.fedora 2018-10-02 15:11:33.909083615 -0700
|
|
||||||
@@ -71,7 +71,7 @@
|
|
||||||
|
|
||||||
# compile - common flags for TSS library and applications
|
|
||||||
|
|
||||||
-CCFLAGS += -DTPM_POSIX
|
|
||||||
+CCFLAGS += -DTPM_POSIX -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" -DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\""
|
|
||||||
|
|
||||||
# example of pointing to a locally built openssl 1.1
|
|
||||||
# CCFLAGS += -I/home/kgold/openssl-1.1.0c/include
|
|
||||||
@@ -119,7 +119,7 @@
|
|
||||||
LNLFLAGS += -shared -Wl,-z,now
|
|
||||||
|
|
||||||
# This is an alternative to using the bfd linker on Ubuntu
|
|
||||||
-# LNLLIBS += -lcrypto
|
|
||||||
+LNLLIBS += -lcrypto
|
|
||||||
|
|
||||||
# link - for applications, TSS path, TSS and OpenSSl libraries
|
|
||||||
|
|
@ -1,18 +0,0 @@
|
|||||||
diff -ur tss2-1234/utils/policymaker.c tss2-1234-new/utils/policymaker.c
|
|
||||||
--- tss2-1234/utils/policymaker.c 2018-10-18 12:16:59.742439220 -0700
|
|
||||||
+++ tss2-1234-new/utils/policymaker.c 2018-10-18 12:34:34.991755536 -0700
|
|
||||||
@@ -208,10 +208,10 @@
|
|
||||||
}
|
|
||||||
/* hash extend */
|
|
||||||
if ((rc == 0) && (prc != NULL)) {
|
|
||||||
- TSS_Hash_Generate(&digest,
|
|
||||||
- startSizeInBytes, (uint8_t *)&digest.digest, /* extend */
|
|
||||||
- lineLength /2, lineBinary,
|
|
||||||
- 0, NULL);
|
|
||||||
+ rc = TSS_Hash_Generate(&digest,
|
|
||||||
+ startSizeInBytes, (uint8_t *)&digest.digest, /* extend */
|
|
||||||
+ lineLength /2, lineBinary,
|
|
||||||
+ 0, NULL);
|
|
||||||
}
|
|
||||||
if ((rc == 0) && (prc != NULL)) {
|
|
||||||
if (verbose) TSS_PrintAll("intermediate policy digest",
|
|
1534
SOURCES/tss2-1.6.0-manpage-cleanup.patch
Normal file
1534
SOURCES/tss2-1.6.0-manpage-cleanup.patch
Normal file
File diff suppressed because it is too large
Load Diff
152
SPECS/tss2.spec
152
SPECS/tss2.spec
@ -3,25 +3,38 @@
|
|||||||
#
|
#
|
||||||
%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}
|
%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}
|
||||||
|
|
||||||
|
%global incname ibmtss
|
||||||
|
|
||||||
Name: tss2
|
Name: tss2
|
||||||
Version: 1331
|
Version: 1.6.0
|
||||||
Release: 2%{?dist}
|
Release: 7%{?dist}
|
||||||
|
Epoch: 1
|
||||||
Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
|
Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
|
||||||
|
|
||||||
Group: Applications/System
|
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: http://sourceforge.net/projects/ibmtpm20tss/
|
URL: http://sourceforge.net/projects/ibmtpm20tss/
|
||||||
Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
|
Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
|
||||||
|
Patch0: tss2-1.6.0-manpage-cleanup.patch
|
||||||
|
Patch1: 0001-utils-Update-certifyx509-for-Openssl-3.0.0.patch
|
||||||
|
Patch2: 0002-utils-Remove-unused-variables-from-certifyx509.patch
|
||||||
|
Patch3: 0003-Update-certifyx509-for-Windows.patch
|
||||||
|
Patch4: 0004-utils-Clean-up-certifyx509-memory-allocation.patch
|
||||||
|
Patch5: 0005-utils-Fix-errors-detected-by-gcc-asan.patch
|
||||||
|
Patch6: 0006-tss-Port-HMAC-operations-to-openssl-3.0.patch
|
||||||
|
Patch7: 0007-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch
|
||||||
|
Patch8: 0001-utils-Generate-X509-certificate-serial-number-using-.patch
|
||||||
|
Patch9: 0001-tss-Add-missing-parameter-union-members.patch
|
||||||
|
Patch10: 0002-regtest-Update-to-SHA-256-without-restricting-the-sc.patch
|
||||||
|
Patch11: 0003-tss-Restrict-usage-of-SHA-1.patch
|
||||||
|
Patch12: 0004-man-Include-information-about-possible-hash-restrict.patch
|
||||||
|
|
||||||
Patch4: flags-fixup.patch
|
|
||||||
# reported upstream https://sourceforge.net/p/ibmtpm20tss/mailman/message/36444738/
|
|
||||||
# and reported fixed, but not yet pushed to sourceforge.
|
|
||||||
Patch5: hash_generate.patch
|
|
||||||
# Submitted upstream
|
|
||||||
Patch6: 0001-tss2-fix-bounds-check-in-IMA_Event_PcrExtend.patch
|
|
||||||
|
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: automake
|
||||||
|
BuildRequires: autoconf
|
||||||
|
BuildRequires: libtool
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
|
BuildRequires: openssl-devel
|
||||||
|
BuildRequires: git
|
||||||
Requires: openssl
|
Requires: openssl
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -35,90 +48,99 @@ education and debugging.
|
|||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development libraries and headers for IBM's TSS 2.0
|
Summary: Development libraries and headers for IBM's TSS 2.0
|
||||||
Group: Development/Libraries
|
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
Development libraries and headers for IBM's TSS 2.0. You will need this in
|
Development libraries and headers for IBM's TSS 2.0. You will need this in
|
||||||
order to build TSS 2.0 applications.
|
order to build TSS 2.0 applications.
|
||||||
|
|
||||||
%define incname ibmtss
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p1 -c %{name}-%{version}
|
%autosetup -S git -p1 -c %{name}-%{version}
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# nonstandard variable names are used in place of CFLAGS and LDFLAGS
|
autoreconf -vi
|
||||||
pushd utils
|
%configure --disable-static --disable-tpm-1.2 --program-prefix=tss --enable-nodeprecatedalgs
|
||||||
CCFLAGS="%{optflags}" \
|
CCFLAGS="%{optflags}" \
|
||||||
LNFLAGS="%{__global_ldflags}" \
|
LNFLAGS="%{__global_ldflags}" \
|
||||||
make -f makefile.fedora %{?_smp_mflags}
|
%{make_build}
|
||||||
popd
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
# Prefix for namespacing
|
%make_install
|
||||||
BIN_PREFIX=tss
|
find %{buildroot} -type f -name "*.la" -delete -print
|
||||||
mkdir -p %{buildroot}/%{_bindir}
|
|
||||||
mkdir -p %{buildroot}/%{_libdir}
|
|
||||||
mkdir -p %{buildroot}/%{_includedir}/%{incname}/
|
|
||||||
mkdir -p %{buildroot}/%{_mandir}/man1
|
|
||||||
pushd utils
|
|
||||||
# Pick out executables and copy with namespacing
|
|
||||||
for f in *; do
|
|
||||||
if [[ -x $f && -f $f && ! $f =~ .*\..* ]]; then
|
|
||||||
cp -p $f %{buildroot}/%{_bindir}/${BIN_PREFIX}$f
|
|
||||||
fi;
|
|
||||||
done
|
|
||||||
cp -p *.so.1.1 %{buildroot}/%{_libdir}
|
|
||||||
cp -p %{incname}/*.h %{buildroot}/%{_includedir}/%{incname}/
|
|
||||||
cp -p man/man1/tss*.1 %{buildroot}/%{_mandir}/man1/
|
|
||||||
popd
|
|
||||||
|
|
||||||
|
%ldconfig_scriptlets
|
||||||
# Make symbolic links to the shared lib
|
|
||||||
pushd %{buildroot}/%{_libdir}
|
|
||||||
rm -f libibmtss.so.1
|
|
||||||
ln -sf libibmtss.so.1.1 libibmtss.so.1
|
|
||||||
rm -f libibmtss.so
|
|
||||||
ln -sf libibmtss.so.1 libibmtss.so
|
|
||||||
popd
|
|
||||||
|
|
||||||
%post -p /sbin/ldconfig
|
|
||||||
%postun -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%license LICENSE
|
%license LICENSE
|
||||||
%{_bindir}/tss*
|
%{_bindir}/tss*
|
||||||
%{_libdir}/libibmtss.so.1
|
%{_libdir}/libibmtss.so.*
|
||||||
%{_libdir}/libibmtss.so.1.*
|
%{_libdir}/libibmtssutils.so.*
|
||||||
%attr(0644, root, root) %{_mandir}/man1/tss*.1*
|
%attr(0644, root, root) %{_mandir}/man1/tss*.1*
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%{_includedir}/%{incname}
|
%{_includedir}/%{incname}
|
||||||
%{_libdir}/libibmtss.so
|
%{_libdir}/libibmtss.so
|
||||||
|
%{_libdir}/libibmtssutils.so
|
||||||
%doc ibmtss.doc
|
%doc ibmtss.doc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Jun 06 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-2
|
* Fri Jul 8 2022 Stepan Horacek <shoracek@redhat.com> - 1:1.6.0-7
|
||||||
- Fix bounds check in IMA_Event_PcrExtend
|
- Version bump
|
||||||
resolves: rhbz#1669239
|
Resolves: rhbz#2060768
|
||||||
|
|
||||||
|
* Wed Jun 29 2022 Stepan Horacek <shoracek@redhat.com> - 1:1.6.0-6
|
||||||
|
- Restrict SHA-1 usage
|
||||||
|
Resolves: rhbz#2060768
|
||||||
|
|
||||||
|
* Fri Jan 28 2022 Stepan Horacek <shoracek@redhat.com> - 1:1.6.0-5
|
||||||
|
- Fix failures introduced with OpenSSL 3
|
||||||
|
Resolves: rhbz#1984621
|
||||||
|
Resolves: rhbz#1992339
|
||||||
|
|
||||||
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.6.0-4
|
||||||
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
|
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.6.0-3
|
||||||
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||||
|
Related: rhbz#1971065
|
||||||
|
|
||||||
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.6.0-2
|
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Mon Feb 8 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 1.6.0-1
|
||||||
|
- Rebase to v1.6.0 release.
|
||||||
|
- Manpage cleanup.
|
||||||
|
|
||||||
|
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1331-7
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1331-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Feb 14 2020 Tom Stellard <tstellar@redhat.com> - 1331-5
|
||||||
|
- Use make_build macro
|
||||||
|
- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
|
||||||
|
|
||||||
|
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1331-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jan 17 2020 Jeff Law <law@redhat.com> - 1331-3
|
||||||
|
- Ensure tssprintcmd has the compilation compilation flags,
|
||||||
|
PIC in particular
|
||||||
|
|
||||||
|
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1331-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
* Thu May 30 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-1
|
* Thu May 30 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-1
|
||||||
- Rebase to v1331
|
- Rebase to version 1331
|
||||||
- Add initial CI gating support
|
|
||||||
resolves: rhbz#1669239
|
|
||||||
|
|
||||||
* Fri Oct 05 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-5
|
* Tue May 28 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-4
|
||||||
- Move header files to ibmtss directory.
|
- Fix covscan issues
|
||||||
- Check return value of TSS_Hash_Generate.
|
- Fix compile and linker flag issues
|
||||||
resolves: rhbz#1636245
|
|
||||||
|
|
||||||
* Tue Oct 02 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-4
|
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1234-3
|
||||||
- Fix compile and link flags
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
resolves: rhbz#1624182
|
|
||||||
|
|
||||||
* Thu Jul 19 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-3
|
|
||||||
- Clean up covscan issues.
|
|
||||||
|
|
||||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1234-2
|
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1234-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
Loading…
Reference in New Issue
Block a user