diff --git a/0001-tpm2_checkquote-fix-uninitialized-variable.patch b/0001-tpm2_checkquote-fix-uninitialized-variable.patch deleted file mode 100644 index 6b9dce0..0000000 --- a/0001-tpm2_checkquote-fix-uninitialized-variable.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3d7edb1c70cba6c34c71c9b856c07b8adcebb15c Mon Sep 17 00:00:00 2001 -From: Alberto Planas -Date: Thu, 17 Jun 2021 11:07:25 +0200 -Subject: [PATCH] tpm2_checkquote: fix uninitialized variable - -The variable `temp_pcrs` is uninitialized, and later partially -uninitialized when reading the selection data from file. - -When activating lto optimizations, this bug presents itself showing an -error during the read of the quote: - -ERROR: Malformed PCR file, pcr count cannot be greater than 32, got: ... - -Fixes: #2767 - -Co-authored-by: Martin Liska -Signed-off-by: Alberto Planas ---- - tools/misc/tpm2_checkquote.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/misc/tpm2_checkquote.c b/tools/misc/tpm2_checkquote.c -index 53150857..8d780f11 100644 ---- a/tools/misc/tpm2_checkquote.c -+++ b/tools/misc/tpm2_checkquote.c -@@ -376,7 +376,7 @@ static tool_rc init(void) { - TPM2B_ATTEST *msg = NULL; - TPML_PCR_SELECTION pcr_select; - tpm2_pcrs *pcrs; -- tpm2_pcrs temp_pcrs; -+ tpm2_pcrs temp_pcrs = {}; - tool_rc return_value = tool_rc_general_error; - - msg = message_from_file(ctx.msg_file_path); --- -2.32.0 - diff --git a/0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch b/0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch deleted file mode 100644 index ebd319b..0000000 --- a/0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 24e193412eac3985baea5e83e3245a4315c86ebe Mon Sep 17 00:00:00 2001 -From: Alberto Planas -Date: Thu, 29 Jul 2021 16:02:50 +0200 -Subject: [PATCH 1/1] tpm2_eventlog: fix buffer offset when reading the event - log - -The event log is read in chunks of CHUNK_SIZE blocks (16KB), always -checking when the EOF is reached, so it is compatible with virtual files -that lives in securityfs and we do not know the full size. The current -code is not taking care of adjusting the offset when the next chunk is -read. - -This patch add "size" to the base buffer where the event log is stored -in memory. - -Fix #2778 - -Signed-off-by: Alberto Planas ---- - tools/misc/tpm2_eventlog.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: tpm2-tools-5.1.1/tools/misc/tpm2_eventlog.c -=================================================================== ---- tpm2-tools-5.1.1.orig/tools/misc/tpm2_eventlog.c -+++ tpm2-tools-5.1.1/tools/misc/tpm2_eventlog.c -@@ -90,7 +90,7 @@ static tool_rc tpm2_tool_onrun(ESYS_CONT - } - - unsigned long size = 0; -- while (files_read_bytes_chunk(fileptr, eventlog, CHUNK_SIZE, &size)) { -+ while (files_read_bytes_chunk(fileptr, eventlog + size, CHUNK_SIZE, &size)) { - UINT8 *eventlog_tmp = realloc(eventlog, size + CHUNK_SIZE); - if (eventlog_tmp == NULL){ - LOG_ERR("failed to allocate %lu bytes: %s", size + CHUNK_SIZE, strerror(errno)); diff --git a/0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch b/0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch deleted file mode 100644 index d29174e..0000000 --- a/0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch +++ /dev/null @@ -1,145 +0,0 @@ -From b95e41bccc64e488ca9c824e632b8ca5bc87db55 Mon Sep 17 00:00:00 2001 -From: Alberto Planas -Date: Fri, 18 Jun 2021 15:54:22 +0200 -Subject: [PATCH] tpm2_eventlog: read eventlog file in chunks - -The eventlog file lives is securityfs, that do not return the file size. -The current implementation first try to do a "fseek(fp, 0, SEEK_END)" -for this file, and this will always return 0. - -This generate an error, and tpm2_eventlog exit with: - -ERROR: Unable to run tpm2_eventlog - -This patch replace the reading logic, now reading in chunks of 16KB and -reallocating the buffer if needed. Also introduces a new function in -files.c ("files_read_bytes_chunk") that helps counting the total read -size, that now is different from the ammount of allocated memory. - -Fixes #2775 - -Signed-off-by: Alberto Planas ---- - lib/files.c | 9 +++++++++ - lib/files.h | 15 ++++++++++++++ - tools/misc/tpm2_eventlog.c | 40 +++++++++++++++++++------------------- - 3 files changed, 44 insertions(+), 20 deletions(-) - -diff --git a/lib/files.c b/lib/files.c -index 884dd23c..7f0fb39f 100644 ---- a/lib/files.c -+++ b/lib/files.c -@@ -564,6 +564,15 @@ bool files_read_bytes(FILE *out, UINT8 bytes[], size_t len) { - return (readx(out, bytes, len) == len); - } - -+bool files_read_bytes_chunk(FILE *out, UINT8 bytes[], size_t len, size_t *read_len) { -+ -+ BAIL_ON_NULL("FILE", out); -+ BAIL_ON_NULL("bytes", bytes); -+ size_t chunk_len = readx(out, bytes, len); -+ *read_len += chunk_len; -+ return (chunk_len == len); -+} -+ - bool files_write_bytes(FILE *out, uint8_t bytes[], size_t len) { - - BAIL_ON_NULL("FILE", out); -diff --git a/lib/files.h b/lib/files.h -index 33022cbd..684b7eef 100644 ---- a/lib/files.h -+++ b/lib/files.h -@@ -571,6 +571,21 @@ bool files_read_64(FILE *out, UINT64 *data); - */ - bool files_read_bytes(FILE *out, UINT8 data[], size_t size); - -+/** -+ * Reads len bytes from a file and set the read length. -+ * @param out -+ * The file to read from. -+ * @param data -+ * The buffer to read into, only valid on a True return. -+ * @param size -+ * The number of bytes to read. -+ * @param read_size -+ * Total number of bytes readed. -+ * @return -+ * True on success, False otherwise. -+ */ -+bool files_read_bytes_chunk(FILE *out, UINT8 data[], size_t size, size_t *read_size); -+ - /** - * Converts a TPM2B_ATTEST to a TPMS_ATTEST using libmu. - * @param quoted -diff --git a/tools/misc/tpm2_eventlog.c b/tools/misc/tpm2_eventlog.c -index b51089bd..64ce6add 100644 ---- a/tools/misc/tpm2_eventlog.c -+++ b/tools/misc/tpm2_eventlog.c -@@ -12,6 +12,8 @@ - #include "tpm2_eventlog_yaml.h" - #include "tpm2_tool.h" - -+#define CHUNK_SIZE 16384 -+ - static char *filename = NULL; - - /* Set the default YAML version */ -@@ -72,37 +74,35 @@ static tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { - return tool_rc_option_error; - } - -- /* Get file size */ -- unsigned long size = 0; -- bool ret = files_get_file_size_path(filename, &size); -- if (!ret || !size) { -+ /* Read the file in chunks. Usually the file will reside in -+ securityfs, and those files do not have a public file size */ -+ tool_rc rc = tool_rc_success; -+ FILE *fileptr = fopen(filename, "rb"); -+ if (!fileptr) { - return tool_rc_general_error; - } - -- /* Allocate buffer to read file data */ -- UINT8 *eventlog = calloc(1, size); -+ /* Reserve the buffer for the first chunk */ -+ UINT8 *eventlog = calloc(1, CHUNK_SIZE); - if (eventlog == NULL){ -- LOG_ERR("failed to allocate %lu bytes: %s", size, strerror(errno)); -+ LOG_ERR("failed to allocate %d bytes: %s", CHUNK_SIZE, strerror(errno)); - return tool_rc_general_error; - } - -- /* Load buffer with file data */ -- tool_rc rc = tool_rc_success; -- FILE *fileptr = fopen(filename, "rb"); -- if (!fileptr) { -- rc = tool_rc_general_error; -- goto out; -+ unsigned long size = 0; -+ while (files_read_bytes_chunk(fileptr, eventlog, CHUNK_SIZE, &size)) { -+ UINT8 *eventlog_tmp = realloc(eventlog, size + CHUNK_SIZE); -+ if (eventlog_tmp == NULL){ -+ LOG_ERR("failed to allocate %lu bytes: %s", size + CHUNK_SIZE, strerror(errno)); -+ rc = tool_rc_general_error; -+ goto out; -+ } -+ eventlog = eventlog_tmp; - } -- -- ret = files_read_bytes(fileptr, eventlog, size); - fclose(fileptr); -- if (!ret) { -- rc = tool_rc_general_error; -- goto out; -- } - - /* Parse eventlog data */ -- ret = yaml_eventlog(eventlog, size, eventlog_version); -+ bool ret = yaml_eventlog(eventlog, size, eventlog_version); - if (!ret) { - LOG_ERR("failed to parse tpm2 eventlog"); - rc = tool_rc_general_error; --- -2.32.0 - diff --git a/tpm2-tools-5.1.1.tar.gz b/tpm2-tools-5.1.1.tar.gz deleted file mode 100644 index a628ff4..0000000 --- a/tpm2-tools-5.1.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5500810f7af999391babb13216d75843bee9f3f9d1544feed5e503d801174a3b -size 1044427 diff --git a/tpm2-tools-5.1.1.tar.gz.asc b/tpm2-tools-5.1.1.tar.gz.asc deleted file mode 100644 index e5fd431..0000000 --- a/tpm2-tools-5.1.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmDQoIoACgkQbeLpB44f -UMEidhAAqmjQ+JUI5dlp4hsU78cKpZpIC3ivS2vobHekdOrzlDqe9/GhFXQEo07O -M7RI1zgguaXXGlNNatx+xU3vHZD3CjtwRxjt4OFEwL0yH8/8/5YDMgTbujmuprbu -sF3uQ3+RUmY6UQPqXH5UTV6sri50psY0JSQg4CKSfu/KGAzu74dfkcq6k6zFwaTl -Odj7orMw+5tzygeF6L308o07jIM0Z0Uiuf0nAkKAQX8iSrJDZZK89gfSLr5+rcBB -ihAAWE087Mfkd7WgMi54Ozja5YfZ9RF9CNMqETLB1YEseu1Q8LqmR39DDUANAMGb -eJx9ZP1+r3MPp2EqUjt6DWDvp9KUEepg6ZQfarhvBknJU4cXxpoK/qV9/QD8NaEP -YY2SGOkb4O9OxENrCNGKKAW1yI+sx4kjxqVVq1Gz+nFDOhd6wOWxLOfOFrQTy0o8 -H76Zs3cJodgrSYTO690hLJzX4pEVn2qrtFq+eDmRmD6IktJXaU4dK7SlXRW3yfkH -sSdsHy+HZ1tBsvEbLGRDJLFrt4rVyl42n1dl+yynliQ0Np/i6TMwPfoTUsZGqSbA -ifMLZW774d204FDwZZzmAbRtILHNUDNKwyMVMFMHbZtjep5MwW3x3sC89tOgkCtM -LLlxoiaHzhS7coAYDBUxYiL/wzsbIFYDyDLplxgoLfqzJCl8unY= -=KI3b ------END PGP SIGNATURE----- diff --git a/tpm2-tools-5.2.tar.gz b/tpm2-tools-5.2.tar.gz new file mode 100644 index 0000000..108119d --- /dev/null +++ b/tpm2-tools-5.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c0b402f6a7b3456e8eb2445211e2d41c46c7e769e05fe4d8909ff64119f7a630 +size 1072078 diff --git a/tpm2-tools-5.2.tar.gz.asc b/tpm2-tools-5.2.tar.gz.asc new file mode 100644 index 0000000..339efd6 --- /dev/null +++ b/tpm2-tools-5.2.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEYxPm3EGq/DFah2CkFJhvaUSx9ysFAmFTUS4ACgkQFJhvaUSx +9ysklQ/+JOGFQ3gNPcOsBRhXf/3FYDf3codr1LnmXGdosWL7VzP33zePGf7xr3rc +c8qqbDHO9JHsFd2920oPawqlIBC22kT3fuX6g4pu+mcLeCzSFo5qr2A66mryRQpd +xYeufu6mDlYmjs18xt2qtRu/uWxx6E0RH8cLVstfhHMfOUlG2xtWO70eXcS/R0z7 +6E/U5ezBTcw/7nErlR8YIaLKUnlOYPObeL2oF+1tJVCEzP5ZS+0RcRKQGB9tMYui +WSXVGU8G4OslRnebG99OS45tQZgz3cdj371N9/b0DTrgrv+YLEVdAfCxfwdxC54q +DDmB0e/KpVpQ04A/zeUaNTBZxIXrR0XzSSoF9c/bdjCGB/qCw/psHvGOgKLkTJGw +8TlvaBftPSbR08aiKY0eSJPivQWMqOh6a1XLlGaMj9UbMYtbzKQTo9mkEZsNTq5q +NJ06pEfRdjCSKeflLzJt9jLunksKnSviIYLhHPZGT7eqq3yVF/XAqNf28I3614aW +bZmkJ35VxieIBy2h2oyg93Jqejjvx2+zEwOIQL6+HbqNmxhjeot7fFxVHNLQFfZS +mQ3mUqkLMVo08tcDkTbd36i7mQExpspXXnC4wOm8mNW8idV+ElepskiL9zSdkt1K +elTe2AvtVrS4XqTJmJyz6bShC1LBzJXeCxcimAMdYc0DyY5lWDM= +=M5xM +-----END PGP SIGNATURE----- diff --git a/tpm2.0-tools.changes b/tpm2.0-tools.changes index a8fee11..f5c2450 100644 --- a/tpm2.0-tools.changes +++ b/tpm2.0-tools.changes @@ -1,3 +1,111 @@ +------------------------------------------------------------------- +Wed Oct 20 08:53:37 UTC 2021 - Alberto Planas Dominguez + +- Update to version 5.2: + + tpm2_nvextend: + * Added option -n, --name to specify the name of the nvindex in + hex bytes. This is used when cpHash ought to be calculated + without dispatching the TPM2_NV_Extend command to the TPM. + + tpm2_nvread: + * Added option --rphash=FILE to specify ile path to record the + hash of the response parameters. This is commonly termed as + rpHash. + * Added option -n, --name to specify the name of the nvindex in + hex bytes. This is used when cpHash ought to be calculated + without dispatching the TPM2_NVRead command to the TPM. + * Added option -S, --session to specify to specify an auxiliary + session for auditing and or encryption/decryption of the + parameters. + + tpm2_nvsetbits: + * Added option --rphash=FILE to specify file path to record the + hash of the response parameters. This is commonly termed as + rpHash. + * Added option -S, --session to specify to specify an auxiliary + session for auditing and or encryption/decryption of the + parameters. + * Added option -n, --name to specify the name of the nvindex in + hex bytes. This is used when cpHash ought to be calculated + without dispatching the TPM2_NV_SetBits command to the TPM. + + tpm2_createprimary: + * Support public-key output at creation time in various public-key + formats. + + tpm2_create: + * Support public-key output at creation time in various public-key + formats. + + tpm2_print: + * Support outputing public key in various public key formats over + the default YAML output. Supports taking -u output from + tpm2_create and converting it to a PEM or DER file format. + + tpm2_import: + * Add support for importing keys with sealed-data-blobs. + + tpm2_rsaencrypt, tpm2_rsadecrypt: + * Add support for specifying the hash algorithm with oaep. + + tpm2_pcrread, tpm2_quote: + * Add option -F, --pcrs_format to specify PCR format selection for + the binary blob in the PCR output file. 'values' will output a + binary blob of the PCR values. 'serialized' will output a binary + blob of the PCR values in the form of serialized data structure + in little endian format. + + tpm2_eventlog: + * Add support for decoding StartupLocality. + * Add support for printing the partition information. + * Add support for reading eventlogs longer than 64kb including + from /sys/kernel/security/tpm0/binary_bios-measurements. + + tpm2_duplicate: + * Add option -L, --policy to specify an authorization policy to be + associated with the duplicated object. + * Added support for external key duplication without needing the + TCTI. + + tools: + * Enhance error message on invalid passwords when sessions cannot + be used. + + lib/tpm2_options: + * Add option to specify fake tcti which is required in cases where + sapi ctx is required to be initialized for retrieving command + parameters without invoking the tcti to talk to the TPM. + + openssl: + * Dropped support for OpenSSL < 1.1.0 + * Add support for OpenSSL 3.0.0 + + Support added to make the repository documentation and man pages + available live on readthedocs. + + Bug-fixes: + * tpm2_import: Don't allow setting passwords for imported object + with -p option as the tool doesn't modify the TPM2B_SENSITIVE + structure. Added appropriate logging to indicate using + tpm2_changeauth after import. + * lib/tpm2_util.c: The function to calculate pHash algorithm + returned error when input session is a password session and the + only session in the command. + * lib/tpm2_alg_util.c: Fix an error where oaep was parsed under + ECC. + * tpm2_sign: Fix segfaults when tool does not find TPM resources + (TPM or RM). + * tpm2_makecredential: Fix an issue where reading input from stdin + could result in unsupported data size larger than the largest + digest size. + * tpm2_loadexternal: Fix an issue where restricted attribute could + not be set. + * lib/tpm2_nv_util.h: The NV index size is dependent on different + data sets read from the GetCapability structures because there + is a dependency on the NV operation type: Define vs Read vs + Write vs Extend. Fix a sane default in the case where + GetCapability fails or fails to report the specific property/ + data set. This is especially true because some properties are + TPM implementation dependent. + * tpm2_createpolicy: Fix an issue where tool exited silently + without reporting an error if wrong pcr string is specified. + * lib/tpm2_alg_util: add error message on public init to prevent + tools from dying silently, add an error message. + * tpm2_import: fix an issue where an imported hmac object scheme + was NULL. While allowed, it was inconsistent with other tools + like tpm2_create which set the scheme as hmac->sha256 when + generating a keyedhash object. + +- Drop patches already in upstream: + + 0001-tpm2_checkquote-fix-uninitialized-variable.patch + + 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch + + 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch + ------------------------------------------------------------------- Thu Jul 29 14:15:11 UTC 2021 - Alberto Planas Dominguez diff --git a/tpm2.0-tools.spec b/tpm2.0-tools.spec index 10ec278..6814b8b 100644 --- a/tpm2.0-tools.spec +++ b/tpm2.0-tools.spec @@ -17,7 +17,7 @@ Name: tpm2.0-tools -Version: 5.1.1 +Version: 5.2 Release: 0 Summary: Trusted Platform Module (TPM) 2.0 administration tools License: BSD-3-Clause @@ -28,9 +28,6 @@ Source1: https://github.com/tpm2-software/tpm2-tools/releases/download/%{ # git show william-roberts-pub javier-martinez-pub joshua-lock-pub idesai-pub > tpm2-tools.keyring Source2: tpm2-tools.keyring Patch0: fix_bogus_warning.patch -Patch2: 0001-tpm2_checkquote-fix-uninitialized-variable.patch -Patch3: 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch -Patch4: 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch BuildRequires: gcc-c++ BuildRequires: libcurl-devel BuildRequires: libopenssl-devel @@ -83,7 +80,7 @@ find %{buildroot} -type f -name "*.la" -delete -print %files %defattr(-,root,root) -%doc README.md doc/CHANGELOG.md +%doc doc/README.md doc/CHANGELOG.md %license doc/LICENSE /usr/bin/tpm2* /usr/bin/tss2*