From 39f0308cd8be267287b0d948c73748a17d74aec9534631f0af64efb86b36ec6f Mon Sep 17 00:00:00 2001 From: Michal Suchanek Date: Fri, 1 Dec 2023 16:04:22 +0000 Subject: [PATCH] Accepting request 1130291 from home:michals - Update to version 164-2020-192.2 * Implement the RSA 5 primes optimization. * Check command size for int32 overflow. * Add support for OpenSSL 3.1.x * Do not accept a NULL signKey in TPM2_CertifyX509 * Add Nuvoton to gcc makefile - New project URL - move to github - Drop usptreamed ibmswtpm2-OpenSSL-3.1.patch - drop ibmswtpm2-fix-ppc32.patch (upstream) OBS-URL: https://build.opensuse.org/request/show/1130291 OBS-URL: https://build.opensuse.org/package/show/security/ibmswtpm2?expand=0&rev=30 --- ibmswtpm2-164-2020-192.2.tar.gz | 3 ++ ...namic-Fix-use-of-uninitialized-value.patch | 31 +++++++++++++--- ibmswtpm2-OpenSSL-3.1.patch | 37 ------------------- ...Posix-Fix-use-of-uninitialized-value.patch | 13 ++++--- ibmswtpm2.changes | 14 ++++++- ibmswtpm2.spec | 12 +++--- ibmtpm1682.tar.gz | 3 -- 7 files changed, 55 insertions(+), 58 deletions(-) create mode 100644 ibmswtpm2-164-2020-192.2.tar.gz delete mode 100644 ibmswtpm2-OpenSSL-3.1.patch delete mode 100644 ibmtpm1682.tar.gz diff --git a/ibmswtpm2-164-2020-192.2.tar.gz b/ibmswtpm2-164-2020-192.2.tar.gz new file mode 100644 index 0000000..43aa0e1 --- /dev/null +++ b/ibmswtpm2-164-2020-192.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07352afe88f838c4c1b0a5adf41b6742b7724639b1474ea91c75292d60740491 +size 638913 diff --git a/ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch b/ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch index 0ba87a1..15cb01b 100644 --- a/ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch +++ b/ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch @@ -1,7 +1,26 @@ -diff -ur ibmswtpm2-1637.orig/src/NVDynamic.c ibmswtpm2-1637/src/NVDynamic.c ---- ibmswtpm2-1637.orig/src/NVDynamic.c 2020-03-26 23:15:48.000000000 +0100 -+++ ibmswtpm2-1637/src/NVDynamic.c 2020-08-20 16:37:09.481920068 +0200 -@@ -122,7 +122,7 @@ +From 8c160d2c7a17eb842fae82de3638b834976f2aa2 Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Thu, 20 Aug 2020 16:42:54 +0200 +Subject: [PATCH] NVDynamic: Fix use of uninitialized value. + +There is a theoretical possibility that the cycle in NvNextByType does +not run at all because NvNext fails immediately and never sets nvHandle. + +The cycle only runs and nvHandle is set on non-zero addr, and in that +case addr remains non-zero when breaking out of the cycle. + +Use nvHandle only when addr is non-zero. + +Signed-off-by: Michal Suchanek +--- + src/NVDynamic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/NVDynamic.c b/src/NVDynamic.c +index 8ede9e4..535ea03 100644 +--- a/src/NVDynamic.c ++++ b/src/NVDynamic.c +@@ -122,7 +122,7 @@ NvNextByType( if(HandleGetType(nvHandle) == type) break; } @@ -10,4 +29,6 @@ diff -ur ibmswtpm2-1637.orig/src/NVDynamic.c ibmswtpm2-1637/src/NVDynamic.c *handle = nvHandle; return addr; } -Only in ibmswtpm2-1637/src: NVDynamic.c~ +-- +2.42.0 + diff --git a/ibmswtpm2-OpenSSL-3.1.patch b/ibmswtpm2-OpenSSL-3.1.patch deleted file mode 100644 index 472cd49..0000000 --- a/ibmswtpm2-OpenSSL-3.1.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 4793486850b588ca5fd5f17896f5cf6bd4bb747c Mon Sep 17 00:00:00 2001 -From: Otto Hollmann -Date: Wed, 15 Mar 2023 09:51:57 +0100 -Subject: [PATCH] Add support for OpenSSL 3.1.x - ---- - src/TpmToOsslMath.h | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/TpmToOsslMath.h b/src/TpmToOsslMath.h -index 13e5070..eedec34 100644 ---- a/src/TpmToOsslMath.h -+++ b/src/TpmToOsslMath.h -@@ -72,16 +72,20 @@ - - #define SYMMETRIC_ALIGNMENT RADIX_BYTES - --#if OPENSSL_VERSION_NUMBER > 0x300000ffL -+/* -+ * As of release 3.0.0, OPENSSL_VERSION_NUMBER is a combination of the -+ * major (M), minor (NN) and patch (PP) version into a single integer 0xMNN00PP0L -+ */ -+#if OPENSSL_VERSION_NUMBER > 0x30100ff0L - // Check the bignum_st definition in crypto/bn/bn_lcl.h or crypto/bn/bn_local.h and either update - // the version check or provide the new definition for this version. --// Currently safe for all 3.0.n.a -+// Currently safe for all 3.1.x - # error Untested OpenSSL version - #elif OPENSSL_VERSION_NUMBER >= 0x10100000L - // from crypto/bn/bn_lcl.h - struct bignum_st { - BN_ULONG *d; -- int top; -+ int top; - - int dmax; - int neg; diff --git a/ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch b/ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch index 2e779e5..864a07a 100644 --- a/ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch +++ b/ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch @@ -1,4 +1,4 @@ -From 03efa66788ca4828392664c4f6123ad4f190c865 Mon Sep 17 00:00:00 2001 +From 1f64c0bf768f05bfb1980fa354d99a29b26ce99a Mon Sep 17 00:00:00 2001 From: Michal Suchanek Date: Mon, 17 Aug 2020 19:28:51 +0200 Subject: [PATCH] TcpServerPosix: Fix use of uninitialized value. @@ -11,10 +11,10 @@ Signed-off-by: Michal Suchanek src/TcpServerPosix.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -Index: ibmswtpm2-1682/src/TcpServerPosix.c -=================================================================== ---- ibmswtpm2-1682.orig/src/TcpServerPosix.c -+++ ibmswtpm2-1682/src/TcpServerPosix.c +diff --git a/src/TcpServerPosix.c b/src/TcpServerPosix.c +index ca9e2fd..b776448 100644 +--- a/src/TcpServerPosix.c ++++ b/src/TcpServerPosix.c @@ -264,7 +264,8 @@ PlatformServer( { uint32_t actHandle; @@ -25,3 +25,6 @@ Index: ibmswtpm2-1682/src/TcpServerPosix.c break; } default: +-- +2.42.0 + diff --git a/ibmswtpm2.changes b/ibmswtpm2.changes index 74a06f9..8c0f7f0 100644 --- a/ibmswtpm2.changes +++ b/ibmswtpm2.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Fri Dec 1 15:34:44 UTC 2023 - Michal Suchanek + +- Update to version 164-2020-192.2 + * Implement the RSA 5 primes optimization. + * Check command size for int32 overflow. + * Add support for OpenSSL 3.1.x + * Do not accept a NULL signKey in TPM2_CertifyX509 + * Add Nuvoton to gcc makefile +- New project URL - move to github +- Drop usptreamed ibmswtpm2-OpenSSL-3.1.patch + ------------------------------------------------------------------- Wed Mar 15 08:21:19 UTC 2023 - Otto Hollmann @@ -19,7 +31,7 @@ Sat Sep 24 08:23:47 UTC 2022 - Dirk Müller * PlatformSvc: return error on control socket failure * main: set a return code if StartTcpServer fails * tpm: Add all updates to TPM specification 164. -- drop ibmswtpm2-fix-ppc32.patch (upstream) +- drop ibmswtpm2-fix-ppc32.patch (upstream) - makefile.patch: refresh ------------------------------------------------------------------- diff --git a/ibmswtpm2.spec b/ibmswtpm2.spec index c0ad692..9ee78de 100644 --- a/ibmswtpm2.spec +++ b/ibmswtpm2.spec @@ -17,24 +17,23 @@ %define suite ibmtss +%define download_version 164-2020-192.2 %ifarch ppc ppc64 s390 s390x %define extra_ccflags -DBIG_ENDIAN_TPM=1 %else %define extra_ccflags "" %endif Name: ibmswtpm2 -Version: 1682 +Version: %(echo %{download_version} | tr '-' '+') Release: 0 Summary: IBM's Software TPM 2.0 License: BSD-3-Clause Group: Development/Tools/Other -URL: https://sourceforge.net/projects/ibmswtpm2 -Source: https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm%{version}.tar.gz +URL: https://github.com/kgoldman/ibmswtpm2 +Source: https://github.com/kgoldman/ibmswtpm2/archive/rev%{download_version}.tar.gz#/%{name}-%{download_version}.tar.gz Patch0: makefile.patch Patch1: ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch Patch2: ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch -# PATCH-FIX-OPENSUSE: not yet merged https://github.com/kgoldman/ibmswtpm2/pull/9 -Patch3: ibmswtpm2-OpenSSL-3.1.patch BuildRequires: libopenssl-devel >= 1.0 %description @@ -49,8 +48,7 @@ It is probably not of much use other than testing the IBM TSS implementation because of this specific interface. %prep -%setup -q -c -%autopatch -p 1 +%autosetup -p 1 -n %{name}-rev%{download_version} %build cd src diff --git a/ibmtpm1682.tar.gz b/ibmtpm1682.tar.gz deleted file mode 100644 index c5f122a..0000000 --- a/ibmtpm1682.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3cb642f871a17b23d50b046e5f95f449c2287415fc1e7aeb4bdbb8920dbcb38f -size 639100