Accepting request 540183 from home:vitezslav_cizek:branches:security
- update to version 2.1.1 * Potential memory leak fix when tcti/sapi initialization fails. * tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to read * listpcrs: remove one redundant call to tpm get cap * listpcrs: fix for unsupported/disabled alg in -L * build: use supported comment to suppress GCC7 fallthrough warning * kdfa: allow to build with OpenSSL 1.1.x (bsc#1067392) - drop patches (upstream) * 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch * tpm2.0-tools-fix-gcc7.patch OBS-URL: https://build.opensuse.org/request/show/540183 OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=30
This commit is contained in:
Matthias Gerstner
Git OBS Bridge
parent
df8d6a816d
commit
d61e6c9bf0
@ -1,119 +0,0 @@
|
||||
From c2586d4116b29436baa6608c5c3a222aae8bf193 Mon Sep 17 00:00:00 2001
|
||||
From: Jerry Snitselaar <jsnitsel@redhat.com>
|
||||
Date: Mon, 15 May 2017 14:01:24 -0700
|
||||
Subject: [PATCH] tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to
|
||||
read
|
||||
|
||||
Allow TPM to tell us PCRs that are available to be read in a bank
|
||||
instead of assuming there will be 24. This resolves an issue on
|
||||
a system where in the bios you can choose between hash functions
|
||||
(sha1 and sha256 in this case). Both will show up as supported,
|
||||
but when it tries reading the bank that isn't selected in the bios
|
||||
it makes no progress, and then fails saying that there are too many
|
||||
PCRs to read.
|
||||
|
||||
This consolidates the pcr_selections init code into one function.
|
||||
|
||||
Also a minor change to show_pcr_values to use sizeofSelect to
|
||||
determine loop iteration instead of hardcoding 24.
|
||||
|
||||
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
|
||||
---
|
||||
tools/tpm2_listpcrs.c | 55 +++++++++++++++++++++++++--------------------------
|
||||
1 file changed, 27 insertions(+), 28 deletions(-)
|
||||
|
||||
Index: tpm2-tools-2.1.0/tools/tpm2_listpcrs.c
|
||||
===================================================================
|
||||
--- tpm2-tools-2.1.0.orig/tools/tpm2_listpcrs.c
|
||||
+++ tpm2-tools-2.1.0/tools/tpm2_listpcrs.c
|
||||
@@ -173,38 +173,35 @@ static bool read_pcr_values(listpcr_cont
|
||||
return true;
|
||||
}
|
||||
|
||||
-static void init_pcr_selection_from_algorithm(TPMI_ALG_HASH alg_id,
|
||||
- TPML_PCR_SELECTION *pcr_selections) {
|
||||
+static bool init_pcr_selection(TPMI_ALG_HASH alg_id, listpcr_context *context) {
|
||||
|
||||
- pcr_selections->count = 1;
|
||||
- pcr_selections->pcrSelections[0].hash = alg_id;
|
||||
- set_pcr_select_size(&pcr_selections->pcrSelections[0], 3);
|
||||
- clear_pcr_select_bits(&pcr_selections->pcrSelections[0]);
|
||||
-
|
||||
- UINT32 pcr_id;
|
||||
- for (pcr_id = 0; pcr_id < 24; pcr_id++) {
|
||||
- set_pcr_select_bit(&pcr_selections->pcrSelections[0], pcr_id);
|
||||
+ TPMI_YES_NO moreData;
|
||||
+ TPMS_CAPABILITY_DATA cap_data;
|
||||
+ TPML_PCR_SELECTION *pcr_sel = &context->pcr_selections;
|
||||
+ UINT32 rval, i, j;
|
||||
+
|
||||
+ rval = Tss2_Sys_GetCapability(context->sapi_context, 0, TPM_CAP_PCRS, 0, 1, &moreData, &cap_data, 0);
|
||||
+ if (rval != TPM_RC_SUCCESS) {
|
||||
+ LOG_ERR("GetCapability: Get PCR allocation status Error. TPM Error:0x%x......\n", rval);
|
||||
+ return false;
|
||||
}
|
||||
-}
|
||||
|
||||
-/* XXX Could this internally call init_pcr_selection_from_algorithm to reduce duplicate code? */
|
||||
-static void init_pcr_selection_all(tpm2_algorithm *algorithm,
|
||||
- TPML_PCR_SELECTION *pcr_selections) {
|
||||
-
|
||||
- pcr_selections->count = 0;
|
||||
-
|
||||
- int i;
|
||||
- for (i = 0; i < algorithm->count; i++) {
|
||||
- pcr_selections->pcrSelections[i].hash = algorithm->alg[i];
|
||||
- set_pcr_select_size(&pcr_selections->pcrSelections[i], 3);
|
||||
- clear_pcr_select_bits(&pcr_selections->pcrSelections[i]);
|
||||
+ pcr_sel->count = 0;
|
||||
|
||||
- UINT32 pcr_id;
|
||||
- for (pcr_id = 0; pcr_id < 24; pcr_id++) {
|
||||
- set_pcr_select_bit(&pcr_selections->pcrSelections[i], pcr_id);
|
||||
- }
|
||||
- pcr_selections->count++;
|
||||
+ for (i = 0; i < cap_data.data.assignedPCR.count; i++) {
|
||||
+ if (alg_id && (cap_data.data.assignedPCR.pcrSelections[i].hash != alg_id))
|
||||
+ continue;
|
||||
+ pcr_sel->pcrSelections[pcr_sel->count].hash = cap_data.data.assignedPCR.pcrSelections[i].hash;
|
||||
+ set_pcr_select_size(&pcr_sel->pcrSelections[pcr_sel->count], cap_data.data.assignedPCR.pcrSelections[i].sizeofSelect);
|
||||
+ for (j = 0; j < pcr_sel->pcrSelections[pcr_sel->count].sizeofSelect; j++)
|
||||
+ pcr_sel->pcrSelections[pcr_sel->count].pcrSelect[j] = cap_data.data.assignedPCR.pcrSelections[i].pcrSelect[j];
|
||||
+ pcr_sel->count++;
|
||||
}
|
||||
+
|
||||
+ if (pcr_sel->count == 0)
|
||||
+ return false;
|
||||
+
|
||||
+ return true;
|
||||
}
|
||||
|
||||
// show all PCR banks according to g_pcrSelection & g_pcrs->
|
||||
@@ -220,7 +217,7 @@ static bool show_pcr_values(listpcr_cont
|
||||
context->pcr_selections.pcrSelections[i].hash);
|
||||
|
||||
UINT32 pcr_id;
|
||||
- for (pcr_id = 0; pcr_id < 24; pcr_id++) {
|
||||
+ for (pcr_id = 0; pcr_id < context->pcr_selections.pcrSelections[i].sizeofSelect * 8; pcr_id++) {
|
||||
if (!is_pcr_select_bit_set(&context->pcr_selections.pcrSelections[i],
|
||||
pcr_id)) {
|
||||
continue;
|
||||
@@ -271,14 +268,16 @@ static bool show_selected_pcr_values(lis
|
||||
|
||||
static bool show_all_pcr_values(listpcr_context *context) {
|
||||
|
||||
- init_pcr_selection_all(&context->algs, &context->pcr_selections);
|
||||
+ if (!init_pcr_selection(0, context))
|
||||
+ return false;
|
||||
|
||||
return show_selected_pcr_values(context);
|
||||
}
|
||||
|
||||
static bool show_alg_pcr_values(listpcr_context *context, TPMI_ALG_HASH alg_id) {
|
||||
|
||||
- init_pcr_selection_from_algorithm(alg_id, &context->pcr_selections);
|
||||
+ if (!init_pcr_selection(alg_id, context))
|
||||
+ return false;
|
||||
|
||||
return show_selected_pcr_values(context);
|
||||
}
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d570da952af40584caf7bedd8adb3d7f2ed2deb273eba65cfe953ca67ec905f4
|
||||
size 321817
|
||||
3
2.1.1.zip
Normal file
3
2.1.1.zip
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:dde5c3da62813d03aaa25988ad3a0bd7426be04877f8aee5e7704a33d63b04ac
|
||||
size 322464
|
||||
@ -1,26 +0,0 @@
|
||||
Index: tpm2-tools-2.1.0/tools/main.c
|
||||
===================================================================
|
||||
--- tpm2-tools-2.1.0.orig/tools/main.c
|
||||
+++ tpm2-tools-2.1.0/tools/main.c
|
||||
@@ -61,7 +61,7 @@ main (int argc,
|
||||
execute_man (argv[0], envp);
|
||||
fprintf (stderr,
|
||||
"failed to load manpage, check your environment / PATH\n");
|
||||
- /* no break */
|
||||
+ /* FALLTHROUGH */
|
||||
case 2:
|
||||
exit (1);
|
||||
}
|
||||
Index: tpm2-tools-2.1.0/tools/tpm2_dump_capability.c
|
||||
===================================================================
|
||||
--- tpm2-tools-2.1.0.orig/tools/tpm2_dump_capability.c
|
||||
+++ tpm2-tools-2.1.0/tools/tpm2_dump_capability.c
|
||||
@@ -595,7 +595,7 @@ dump_tpm_capability (TPMU_CAPABILITIES
|
||||
case TPM_CAP_COMMANDS:
|
||||
dump_command_attr_array (capabilities->command.commandAttributes,
|
||||
capabilities->command.count);
|
||||
- /* no break */
|
||||
+ /* FALLTHROUGH */
|
||||
default:
|
||||
return 1;
|
||||
}
|
||||
@ -1,3 +1,17 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 9 11:00:33 UTC 2017 - vcizek@suse.com
|
||||
|
||||
- update to version 2.1.1
|
||||
* Potential memory leak fix when tcti/sapi initialization fails.
|
||||
* tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to read
|
||||
* listpcrs: remove one redundant call to tpm get cap
|
||||
* listpcrs: fix for unsupported/disabled alg in -L
|
||||
* build: use supported comment to suppress GCC7 fallthrough warning
|
||||
* kdfa: allow to build with OpenSSL 1.1.x (bsc#1067392)
|
||||
- drop patches (upstream)
|
||||
* 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch
|
||||
* tpm2.0-tools-fix-gcc7.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 21 14:32:13 UTC 2017 - matthias.gerstner@suse.com
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: tpm2.0-tools
|
||||
Version: 2.1.0
|
||||
Version: 2.1.1
|
||||
Release: 0
|
||||
Summary: Trusted Platform Module (TPM) 2.0 administration tools
|
||||
License: BSD-3-Clause
|
||||
@ -25,10 +25,6 @@ Group: Productivity/Security
|
||||
Url: https://github.com/01org/tpm2.0-tools
|
||||
Source0: https://github.com/01org/tpm2.0-tools/archive/%{version}.zip
|
||||
Patch0: tpm2.0-tools-fix-hardening.patch
|
||||
Patch1: tpm2.0-tools-fix-gcc7.patch
|
||||
# this fixes an error with an unexpectedly large number of PCRS (bnc#1044419)
|
||||
# there's no release containing this fix yet
|
||||
Patch2: 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake
|
||||
BuildRequires: gcc-c++
|
||||
@ -50,10 +46,8 @@ provides tools for enablement and configuration of the TPM 2.0 and
|
||||
associated interfaces.
|
||||
|
||||
%prep
|
||||
%setup -q -n tpm2-tools-2.1.0
|
||||
%setup -q -n tpm2-tools-%{version}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
bash ./bootstrap
|
||||
|
||||
Loading…
Reference in New Issue
Block a user