rpm/ibmtss
SHA256
1
0
Fork 0
forked from pool/ibmtss
Code Pull Requests Activity

Accepting request 866786 from home:pevik:branches:security

Browse Source 
- Update to upstream version 1.6.0
- Drop patches from this release
  - ibmtss-certifyx509-Fix-uninitialized-variable.patch
  - ibmtss-fix-dsa-regression.patch

OBS-URL: https://build.opensuse.org/request/show/866786
OBS-URL: https://build.opensuse.org/package/show/security/ibmtss?expand=0&rev=39
This commit is contained in:
Michal Suchanek 2021-01-26 11:19:30 +00:00 committed by Git OBS Bridge
parent cb4d660b2f
commit 734d58e171
6 changed files with 14 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ibmtss-certifyx509-Fix-uninitialized-variable.patch
View File

@ -1,11 +0,0 @@
--- a/utils/certifyx509.c 2020-05-14 20:44:20.000000000 +0200
+++ b/utils/certifyx509.c 2020-08-17 18:36:52.842956894 +0200
@@ -137,7 +137,7 @@
TPMI_DH_OBJECT objectHandle = 0;
TPMI_DH_OBJECT signHandle = 0;
unsigned int algCount = 0;
- TPMI_ALG_SIG_SCHEME scheme;
+ TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_ERROR;
TPMI_RSA_KEY_BITS keyBits = 0;
TPMI_ECC_CURVE curveID = 0;
TPMI_ALG_HASH halg = TPM_ALG_SHA256;

233
ibmtss-fix-dsa-regression.patch
View File

@ -1,233 +0,0 @@
This can be fixed by checking first to see if -rsa appears on its own
(either as the last option or followed by another option beginning
with '-') and if it does assuming the default value of 2048 for
keyBits. If a non options follows, parse it as a number which keeps
backwards compatibility with versions before 1.5 while still allowing
expanded rsa key sizes to be specified.
Signed-off-by: James Bottomley <James.Bottomley@...>
---
utils/certifyx509.c | 8 ++-----
utils/create.c | 8 ++-----
utils/createek.c | 46 +++++++++++++++++++----------------------
utils/createekcert.c | 42 +++++++++++++++++--------------------
utils/createloaded.c | 8 ++-----
utils/createprimary.c | 8 ++-----
utils/objecttemplates.c | 2 +-
7 files changed, 49 insertions(+), 73 deletions(-)
diff --git a/utils/certifyx509.c b/utils/certifyx509.c
index 2b763eb..3eabc45 100644
--- a/utils/certifyx509.c
+++ b/utils/certifyx509.c
@@ -233,14 +233,10 @@ int main(int argc, char *argv[])
else if (strcmp(argv[i], "-rsa") == 0) {
scheme = TPM_ALG_RSASSA;
algCount++;
- i++;
- if (i < argc) {
+ if (i + 1 < argc && argv[i+1][0] != '-') {
+ i++;
sscanf(argv[i],"%hu", &keyBits);
}
- else {
- printf("Missing keysize parameter for -rsa\n");
- printUsage();
- }
}
else if (strcmp(argv[i], "-ecc") == 0) {
scheme = TPM_ALG_ECDSA;
diff --git a/utils/create.c b/utils/create.c
index f1be83d..a707f2f 100644
--- a/utils/create.c
+++ b/utils/create.c
@@ -173,14 +173,10 @@ int main(int argc, char *argv[])
}
else if (strcmp(argv[i], "-rsa") == 0) {
algPublic = TPM_ALG_RSA;
- i++;
- if (i < argc) {
+ if (i + 1 < argc && argv[i+1][0] != '-') {
+ i++;
sscanf(argv[i],"%hu", &keyBits);
}
- else {
- printf("Missing parameter for -rsa\n");
- printUsage();
- }
}
else if (strcmp(argv[i], "-ecc") == 0) {
algPublic = TPM_ALG_ECC;
diff --git a/utils/createek.c b/utils/createek.c
index 602d9ce..f561f78 100644
--- a/utils/createek.c
+++ b/utils/createek.c
@@ -196,33 +196,29 @@ int main(int argc, char *argv[])
else if (strcmp(argv[i], "-rsa") == 0) {
algPublic = TPM_ALG_RSA;
algCount++;
- i++;
- if (i < argc) {
+ if (i + 1 < argc && argv[i+1][0] != '-') {
+ i++;
sscanf(argv[i],"%hu", &keyBits);
- switch (keyBits) {
- case 2048:
- if (range == LowRange) {
- ekCertIndex = EK_CERT_RSA_INDEX;
- ekNonceIndex = EK_NONCE_RSA_INDEX;
- ekTemplateIndex = EK_TEMPLATE_RSA_INDEX;
- }
- else { /* high range */
- ekCertIndex = EK_CERT_RSA_2048_INDEX_H1;
- }
- break;
- case 3072:
- ekCertIndex = EK_CERT_RSA_3072_INDEX_H6;
- break;
- case 4096:
- ekCertIndex = EK_CERT_RSA_4096_INDEX_H7;
- break;
- default:
- printf("Bad key size %s for -rsa\n", argv[i]);
- printUsage();
- }
}
- else {
- printf("Missing keysize parameter for -rsa\n");
+ switch (keyBits) {
+ case 2048:
+ if (range == LowRange) {
+ ekCertIndex = EK_CERT_RSA_INDEX;
+ ekNonceIndex = EK_NONCE_RSA_INDEX;
+ ekTemplateIndex = EK_TEMPLATE_RSA_INDEX;
+ }
+ else { /* high range */
+ ekCertIndex = EK_CERT_RSA_2048_INDEX_H1;
+ }
+ break;
+ case 3072:
+ ekCertIndex = EK_CERT_RSA_3072_INDEX_H6;
+ break;
+ case 4096:
+ ekCertIndex = EK_CERT_RSA_4096_INDEX_H7;
+ break;
+ default:
+ printf("Bad key size %s for -rsa\n", argv[i]);
printUsage();
}
}
diff --git a/utils/createekcert.c b/utils/createekcert.c
index 7049605..02d765c 100644
--- a/utils/createekcert.c
+++ b/utils/createekcert.c
@@ -179,31 +179,27 @@ int main(int argc, char *argv[])
else if (strcmp(argv[i], "-rsa") == 0) {
algPublic = TPM_ALG_RSA;
algCount++;
- i++;
- if (i < argc) {
+ if (i + 1 < argc && argv[i+1][0] != '-') {
+ i++;
sscanf(argv[i],"%hu", &keyBits);
- switch (keyBits) {
- case 2048:
- if (range == LowRange) {
- ekCertIndex = EK_CERT_RSA_INDEX;
- }
- else { /* high range */
- ekCertIndex = EK_CERT_RSA_2048_INDEX_H1;
- }
- break;
- case 3072:
- ekCertIndex = EK_CERT_RSA_3072_INDEX_H6;
- break;
- case 4096:
- ekCertIndex = EK_CERT_RSA_4096_INDEX_H7;
- break;
- default:
- printf("Bad key size %s for -rsa\n", argv[i]);
- printUsage();
- }
}
- else {
- printf("Missing keysize parameter for -rsa\n");
+ switch (keyBits) {
+ case 2048:
+ if (range == LowRange) {
+ ekCertIndex = EK_CERT_RSA_INDEX;
+ }
+ else { /* high range */
+ ekCertIndex = EK_CERT_RSA_2048_INDEX_H1;
+ }
+ break;
+ case 3072:
+ ekCertIndex = EK_CERT_RSA_3072_INDEX_H6;
+ break;
+ case 4096:
+ ekCertIndex = EK_CERT_RSA_4096_INDEX_H7;
+ break;
+ default:
+ printf("Bad key size %s for -rsa\n", argv[i]);
printUsage();
}
}
diff --git a/utils/createloaded.c b/utils/createloaded.c
index a481cb3..fe97ab4 100644
--- a/utils/createloaded.c
+++ b/utils/createloaded.c
@@ -167,14 +167,10 @@ int main(int argc, char *argv[])
}
else if (strcmp(argv[i], "-rsa") == 0) {
algPublic = TPM_ALG_RSA;
- i++;
- if (i < argc) {
+ if (i + 1 < argc && argv[i+1][0] != '-') {
+ i++;
sscanf(argv[i],"%hu", &keyBits);
}
- else {
- printf("Missing parameter for -rsa\n");
- printUsage();
- }
}
else if (strcmp(argv[i], "-ecc") == 0) {
algPublic = TPM_ALG_ECC;
diff --git a/utils/createprimary.c b/utils/createprimary.c
index 3c7676f..c805674 100644
--- a/utils/createprimary.c
+++ b/utils/createprimary.c
@@ -180,14 +180,10 @@ int main(int argc, char *argv[])
}
else if (strcmp(argv[i], "-rsa") == 0) {
algPublic = TPM_ALG_RSA;
- i++;
- if (i < argc) {
+ if (i + 1 < argc && argv[i+1][0] != '-') {
+ i++;
sscanf(argv[i],"%hu", &keyBits);
}
- else {
- printf("Missing parameter for -rsa\n");
- printUsage();
- }
}
else if (strcmp(argv[i], "-ecc") == 0) {
algPublic = TPM_ALG_ECC;
diff --git a/utils/objecttemplates.c b/utils/objecttemplates.c
index 06b07ef..f44398f 100644
--- a/utils/objecttemplates.c
+++ b/utils/objecttemplates.c
@@ -538,7 +538,7 @@ void printUsageTemplate(void)
{
printf("\t[Asymmetric Key Algorithm]\n");
printf("\n");
- printf("\t-rsa keybits (default)\n");
+ printf("\t-rsa [keybits] (default)\n");
printf("\t\t(2048 default)\n");
printf("\t-ecc curve\n");
printf("\t\tbnp256\n");
--
2.26.2

8
ibmtss.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Jan 26 09:19:47 UTC 2021 - Petr Vorel <pvorel@suse.cz>
- Update to upstream version 1.6.0
- Drop patches from this release
- ibmtss-certifyx509-Fix-uninitialized-variable.patch
- ibmtss-fix-dsa-regression.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Oct 1 19:24:56 UTC 2020 - Pedro Monreal Gonzalez <pmonreal@suse.com> Thu Oct 1 19:24:56 UTC 2020 - Pedro Monreal Gonzalez <pmonreal@suse.com>

8
ibmtss.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package ibmtss # spec file for package ibmtss
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -18,12 +18,12 @@
# #
%define libversion 1 %define libversion 1
%define libversion_full 1.5.0 %define libversion_full 1.6.0
%define libname libibmtss %define libname libibmtss
%define libpkgname %{libname}%{libversion} %define libpkgname %{libname}%{libversion}
Name: ibmtss Name: ibmtss
Version: 1.5.0 Version: 1.6.0
Release: 0 Release: 0
Summary: IBM's TPM 2.0 TSS Summary: IBM's TPM 2.0 TSS
License: BSD-3-Clause License: BSD-3-Clause
@ -32,8 +32,6 @@ URL: https://sourceforge.net/projects/ibmtpm20tss
Source: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz Source: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
Source1: 90-tpm-ibmtss.rules Source1: 90-tpm-ibmtss.rules
Patch1: ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch Patch1: ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
Patch2: ibmtss-certifyx509-Fix-uninitialized-variable.patch
Patch3: ibmtss-fix-dsa-regression.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: ibmswtpm2 BuildRequires: ibmswtpm2

3
ibmtss1.5.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:22d14871b9cfb1c7ddbcc0e5b379ddc065660d9a7c7b3a4a21a3ba13f1a8ddb1
size 1037930

3
ibmtss1.6.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:83bebb0d36ef9ced6cf3be2be9f0b4463a692d67254df31216271a916aaba851
size 1255456