From c1ebcb135e0ce9482d750869b41159030758cc9534fb332cfabafddf4f287463 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 13:38:46 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main ibmswtpm2 revision 55d8dec5c03f8288a6d6a8e84111464f --- .gitattributes | 23 ++++ ibmswtpm2-164-2020-192.2.tar.gz | 3 + ibmswtpm2-Add-support-for-OpenSSL-3.2.x.patch | 29 +++++ ...namic-Fix-use-of-uninitialized-value.patch | 34 +++++ ...Posix-Fix-use-of-uninitialized-value.patch | 30 +++++ ibmswtpm2.changes | 118 ++++++++++++++++++ ibmswtpm2.spec | 68 ++++++++++ makefile.patch | 28 +++++ 8 files changed, 333 insertions(+) create mode 100644 .gitattributes create mode 100644 ibmswtpm2-164-2020-192.2.tar.gz create mode 100644 ibmswtpm2-Add-support-for-OpenSSL-3.2.x.patch create mode 100644 ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch create mode 100644 ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch create mode 100644 ibmswtpm2.changes create mode 100644 ibmswtpm2.spec create mode 100644 makefile.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/ibmswtpm2-164-2020-192.2.tar.gz b/ibmswtpm2-164-2020-192.2.tar.gz new file mode 100644 index 0000000..43aa0e1 --- /dev/null +++ b/ibmswtpm2-164-2020-192.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07352afe88f838c4c1b0a5adf41b6742b7724639b1474ea91c75292d60740491 +size 638913 diff --git a/ibmswtpm2-Add-support-for-OpenSSL-3.2.x.patch b/ibmswtpm2-Add-support-for-OpenSSL-3.2.x.patch new file mode 100644 index 0000000..95787c8 --- /dev/null +++ b/ibmswtpm2-Add-support-for-OpenSSL-3.2.x.patch @@ -0,0 +1,29 @@ +From beea0f97b3c95ec69f3e269df1af87eb2cdd3c46 Mon Sep 17 00:00:00 2001 +From: Otto Hollmann +Date: Tue, 12 Dec 2023 13:58:32 +0100 +Subject: [PATCH] Add support for OpenSSL 3.2.x + +--- + src/TpmToOsslMath.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/TpmToOsslMath.h b/src/TpmToOsslMath.h +index 0b18191..1271937 100644 +--- a/src/TpmToOsslMath.h ++++ b/src/TpmToOsslMath.h +@@ -76,10 +76,10 @@ + * As of release 3.0.0, OPENSSL_VERSION_NUMBER is a combination of the + * major (M), minor (NN) and patch (PP) version into a single integer 0xMNN00PP0L + */ +-#if OPENSSL_VERSION_NUMBER > 0x30100ff0L ++#if OPENSSL_VERSION_NUMBER > 0x30200ff0L + // Check the bignum_st definition in crypto/bn/bn_lcl.h or crypto/bn/bn_local.h and either update + // the version check or provide the new definition for this version. +-// Currently safe for all 3.1.x ++// Currently safe for all 3.2.x + # error Untested OpenSSL version + #elif OPENSSL_VERSION_NUMBER >= 0x10100000L + // from crypto/bn/bn_lcl.h +-- +2.42.0 + diff --git a/ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch b/ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch new file mode 100644 index 0000000..15cb01b --- /dev/null +++ b/ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch @@ -0,0 +1,34 @@ +From 8c160d2c7a17eb842fae82de3638b834976f2aa2 Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Thu, 20 Aug 2020 16:42:54 +0200 +Subject: [PATCH] NVDynamic: Fix use of uninitialized value. + +There is a theoretical possibility that the cycle in NvNextByType does +not run at all because NvNext fails immediately and never sets nvHandle. + +The cycle only runs and nvHandle is set on non-zero addr, and in that +case addr remains non-zero when breaking out of the cycle. + +Use nvHandle only when addr is non-zero. + +Signed-off-by: Michal Suchanek +--- + src/NVDynamic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/NVDynamic.c b/src/NVDynamic.c +index 8ede9e4..535ea03 100644 +--- a/src/NVDynamic.c ++++ b/src/NVDynamic.c +@@ -122,7 +122,7 @@ NvNextByType( + if(HandleGetType(nvHandle) == type) + break; + } +- if(handle != NULL) ++ if(addr && (handle != NULL)) + *handle = nvHandle; + return addr; + } +-- +2.42.0 + diff --git a/ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch b/ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch new file mode 100644 index 0000000..864a07a --- /dev/null +++ b/ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch @@ -0,0 +1,30 @@ +From 1f64c0bf768f05bfb1980fa354d99a29b26ce99a Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Mon, 17 Aug 2020 19:28:51 +0200 +Subject: [PATCH] TcpServerPosix: Fix use of uninitialized value. + +ReadUINT32 does not modify the output when it fails. Do not use the +output in that case. + +Signed-off-by: Michal Suchanek +--- + src/TcpServerPosix.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/TcpServerPosix.c b/src/TcpServerPosix.c +index ca9e2fd..b776448 100644 +--- a/src/TcpServerPosix.c ++++ b/src/TcpServerPosix.c +@@ -264,7 +264,8 @@ PlatformServer( + { + uint32_t actHandle; + ok = ReadUINT32(s, &actHandle); +- WriteUINT32(s, _rpc__ACT_GetSignaled(actHandle)); ++ if(ok) ++ WriteUINT32(s, _rpc__ACT_GetSignaled(actHandle)); + break; + } + default: +-- +2.42.0 + diff --git a/ibmswtpm2.changes b/ibmswtpm2.changes new file mode 100644 index 0000000..329590c --- /dev/null +++ b/ibmswtpm2.changes @@ -0,0 +1,118 @@ +------------------------------------------------------------------- +Tue Dec 12 14:06:34 UTC 2023 - Otto Hollmann + +- Add support for OpenSSL 3.2.x + * Add ibmswtpm2-Add-support-for-OpenSSL-3.2.x.patch + +------------------------------------------------------------------- +Fri Dec 1 15:34:44 UTC 2023 - Michal Suchanek + +- Update to version 164-2020-192.2 + * Implement the RSA 5 primes optimization. + * Check command size for int32 overflow. + * Add support for OpenSSL 3.1.x + * Do not accept a NULL signKey in TPM2_CertifyX509 + * Add Nuvoton to gcc makefile +- New project URL - move to github +- Drop usptreamed ibmswtpm2-OpenSSL-3.1.patch + +------------------------------------------------------------------- +Wed Mar 15 08:21:19 UTC 2023 - Otto Hollmann + +- Add support for OpenSSL 3.1.x + * Add ibmswtpm2-OpenSSL-3.1.patch + +------------------------------------------------------------------- +Sat Sep 24 08:23:47 UTC 2022 - Dirk Müller + +- update to 1682: + * tpm: Fix cast in BnSetBit. + * tpm2: Fix size check in CryptSecretDecrypt + * tpm: Port Windows code for OpenSSL 3.0 + * tpm: Update to openssl 3.0.2 + * tpm: Add command and handle tracing + * tpm: Update for openssl 3.0.1 + * tpm: Add ECC encrypt and decrypt commands + * Fix compilation on RISC-V + * PlatformSvc: return error on control socket failure + * main: set a return code if StartTcpServer fails + * tpm: Add all updates to TPM specification 164. +- drop ibmswtpm2-fix-ppc32.patch (upstream) +- makefile.patch: refresh + +------------------------------------------------------------------- +Tue Sep 1 12:34:41 UTC 2020 - Michal Suchanek + +- Fix ppc32 build. + + ibmswtpm2-fix-ppc32.patch + +------------------------------------------------------------------- +Mon Aug 17 16:59:04 UTC 2020 - Michal Suchanek + +- Update to upstream version 1637 + * fixes build of ibmtss 1.5.0 + * Refresh makefile.patch + * Drop upstreamed patches + - ibmswtpm2-fix-uninitialized.patch + - ibmswtpm2-fix-empty-decrypt.patch + * Fix use of uninitialized value: + + ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch + + ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch + +------------------------------------------------------------------- +Mon Dec 23 12:06:22 UTC 2019 - mgerstner + +- Add ibmswtpm2-fix-empty-decrypt.patch: Fix a corner case in the emulator + that causes an error when trying to RSA-decrypt an empty message + (bsc#1159510). This fix was confirmed to be by the upstream author and is + supposed to be contained in the next release. + +------------------------------------------------------------------- +Thu Jul 4 17:02:41 UTC 2019 - Michal Suchanek + +- Update to upstream version 1332 + * fixes build of ibmtpm v1470 + * add ibmswtpm2-fix-uninitialized.patch + * run through spec-cleaner + +------------------------------------------------------------------- +Thu Jan 18 08:31:26 UTC 2018 - msuchanek@suse.com + +- Enable bigendian build + +------------------------------------------------------------------- +Tue Jan 16 11:33:14 UTC 2018 - vcizek@suse.com + +- Update to upstream version 1119 + * adds openssl 1.1 support (bsc#1066916) +- drop patches (upstream): + * bits.patch + * fix_unreferenced_macro-gcc7.patch + +------------------------------------------------------------------- +Wed Nov 8 15:04:35 UTC 2017 - msuchanek@suse.com + +- Update to upstream version 974 + - deal with openssl 1.0 vs 1.1 split (bsc#1066916) + +------------------------------------------------------------------- +Mon Jun 5 11:49:18 UTC 2017 - msuchanek@suse.com + +- fix build with gcc7: fix_unreferenced_macro-gcc7.patch + +------------------------------------------------------------------- +Tue Feb 14 12:16:37 UTC 2017 - msuchanek@suse.com + +- Drop a pointer cast hack in bits.patch. It builds without the hack. + +------------------------------------------------------------------- +Wed Feb 8 09:38:18 UTC 2017 - jengelh@inai.de + +- Wrap description, drop empty scriptlets. + +------------------------------------------------------------------- +Fri Jan 27 11:49:20 UTC 2017 - msuchanek@suse.com + +- Import version 832 (FATE#321601) +- bits.patch: handle some 32/64bit issues +- makefile.patch: some compiler flag adjustments diff --git a/ibmswtpm2.spec b/ibmswtpm2.spec new file mode 100644 index 0000000..4730e19 --- /dev/null +++ b/ibmswtpm2.spec @@ -0,0 +1,68 @@ +# +# spec file for package ibmswtpm2 +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define suite ibmtss +%define download_version 164-2020-192.2 +%ifarch ppc ppc64 s390 s390x +%define extra_ccflags -DBIG_ENDIAN_TPM=1 +%else +%define extra_ccflags "" +%endif +Name: ibmswtpm2 +Version: %(echo %{download_version} | tr '-' '+') +Release: 0 +Summary: IBM's Software TPM 2.0 +License: BSD-3-Clause +Group: Development/Tools/Other +URL: https://github.com/kgoldman/ibmswtpm2 +Source: https://github.com/kgoldman/ibmswtpm2/archive/rev%{download_version}.tar.gz#/%{name}-%{download_version}.tar.gz +Patch0: makefile.patch +Patch1: ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch +Patch2: ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch +# PATCH-FIX-UPSTREAM https://github.com/kgoldman/ibmswtpm2/pull/13 +Patch3: ibmswtpm2-Add-support-for-OpenSSL-3.2.x.patch +BuildRequires: libopenssl-devel >= 1.0 + +%description +An implementation of the TCG TPM 2.0 specification. It is based on +the TPM specification Parts 3 and 4 source code donated by Microsoft, +with additional files to complete the implementation. + +This TPM emulator listens on TCP ports (default 2321 and 2322) and +saves state to the file "NVChip" in the current directory. + +It is probably not of much use other than testing the IBM TSS +implementation because of this specific interface. + +%prep +%autosetup -p 1 -n %{name}-rev%{download_version} + +%build +cd src +CCFLAGS="%{optflags} "%{extra_ccflags} make %{?_smp_mflags} + +%install +cd src +install -m 755 -D -t %{buildroot}/%{_libexecdir}/%{suite} tpm_server + +%files +%dir %{_libexecdir}/%{suite} +%{_libexecdir}/%{suite}/tpm_server +%doc ibmtpm.doc + +%changelog diff --git a/makefile.patch b/makefile.patch new file mode 100644 index 0000000..790d196 --- /dev/null +++ b/makefile.patch @@ -0,0 +1,28 @@ +Index: ibmswtpm2-1682/src/makefile +=================================================================== +--- ibmswtpm2-1682.orig/src/makefile ++++ ibmswtpm2-1682/src/makefile +@@ -40,11 +40,11 @@ + + CC = /usr/bin/gcc + +-CCFLAGS = -Wall \ ++CCFLAGS += -fno-strict-aliasing -fno-aggressive-loop-optimizations -Wno-unused-result \ + -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \ +- -Werror -Wsign-compare \ ++ -Werror -Wsign-compare -Wno-unused-value -Wno-aggressive-loop-optimizations \ + -Wno-deprecated-declarations \ +- -c -ggdb -O0 \ ++ -c -ggdb \ + -DTPM_POSIX \ + -D_POSIX_ \ + -DTPM_NUVOTON +@@ -55,7 +55,7 @@ CCFLAGS = -Wall \ + # --coverage \ + # -fprofile-arcs -ftest-coverage + +-LNFLAGS = -ggdb \ ++LNFLAGS += -ggdb \ + -lcrypto \ + -lpthread \ + -lrt \