From d61e6c9bf05099d5c7b36e31ee54c44f68ca9d181cee140b6f1a7f48680fc102 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Thu, 9 Nov 2017 14:39:53 +0000 Subject: [PATCH] Accepting request 540183 from home:vitezslav_cizek:branches:security - update to version 2.1.1 * Potential memory leak fix when tcti/sapi initialization fails. * tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to read * listpcrs: remove one redundant call to tpm get cap * listpcrs: fix for unsupported/disabled alg in -L * build: use supported comment to suppress GCC7 fallthrough warning * kdfa: allow to build with OpenSSL 1.1.x (bsc#1067392) - drop patches (upstream) * 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch * tpm2.0-tools-fix-gcc7.patch OBS-URL: https://build.opensuse.org/request/show/540183 OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=30 --- ...e-TPM2_GetCapability-to-determine-PC.patch | 119 ------------------ 2.1.0.zip | 3 - 2.1.1.zip | 3 + tpm2.0-tools-fix-gcc7.patch | 26 ---- tpm2.0-tools.changes | 14 +++ tpm2.0-tools.spec | 10 +- 6 files changed, 19 insertions(+), 156 deletions(-) delete mode 100644 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch delete mode 100644 2.1.0.zip create mode 100644 2.1.1.zip delete mode 100644 tpm2.0-tools-fix-gcc7.patch diff --git a/0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch b/0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch deleted file mode 100644 index 1349df0..0000000 --- a/0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch +++ /dev/null @@ -1,119 +0,0 @@ -From c2586d4116b29436baa6608c5c3a222aae8bf193 Mon Sep 17 00:00:00 2001 -From: Jerry Snitselaar -Date: Mon, 15 May 2017 14:01:24 -0700 -Subject: [PATCH] tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to - read - -Allow TPM to tell us PCRs that are available to be read in a bank -instead of assuming there will be 24. This resolves an issue on -a system where in the bios you can choose between hash functions -(sha1 and sha256 in this case). Both will show up as supported, -but when it tries reading the bank that isn't selected in the bios -it makes no progress, and then fails saying that there are too many -PCRs to read. - -This consolidates the pcr_selections init code into one function. - -Also a minor change to show_pcr_values to use sizeofSelect to -determine loop iteration instead of hardcoding 24. - -Signed-off-by: Jerry Snitselaar ---- - tools/tpm2_listpcrs.c | 55 +++++++++++++++++++++++++-------------------------- - 1 file changed, 27 insertions(+), 28 deletions(-) - -Index: tpm2-tools-2.1.0/tools/tpm2_listpcrs.c -=================================================================== ---- tpm2-tools-2.1.0.orig/tools/tpm2_listpcrs.c -+++ tpm2-tools-2.1.0/tools/tpm2_listpcrs.c -@@ -173,38 +173,35 @@ static bool read_pcr_values(listpcr_cont - return true; - } - --static void init_pcr_selection_from_algorithm(TPMI_ALG_HASH alg_id, -- TPML_PCR_SELECTION *pcr_selections) { -+static bool init_pcr_selection(TPMI_ALG_HASH alg_id, listpcr_context *context) { - -- pcr_selections->count = 1; -- pcr_selections->pcrSelections[0].hash = alg_id; -- set_pcr_select_size(&pcr_selections->pcrSelections[0], 3); -- clear_pcr_select_bits(&pcr_selections->pcrSelections[0]); -- -- UINT32 pcr_id; -- for (pcr_id = 0; pcr_id < 24; pcr_id++) { -- set_pcr_select_bit(&pcr_selections->pcrSelections[0], pcr_id); -+ TPMI_YES_NO moreData; -+ TPMS_CAPABILITY_DATA cap_data; -+ TPML_PCR_SELECTION *pcr_sel = &context->pcr_selections; -+ UINT32 rval, i, j; -+ -+ rval = Tss2_Sys_GetCapability(context->sapi_context, 0, TPM_CAP_PCRS, 0, 1, &moreData, &cap_data, 0); -+ if (rval != TPM_RC_SUCCESS) { -+ LOG_ERR("GetCapability: Get PCR allocation status Error. TPM Error:0x%x......\n", rval); -+ return false; - } --} - --/* XXX Could this internally call init_pcr_selection_from_algorithm to reduce duplicate code? */ --static void init_pcr_selection_all(tpm2_algorithm *algorithm, -- TPML_PCR_SELECTION *pcr_selections) { -- -- pcr_selections->count = 0; -- -- int i; -- for (i = 0; i < algorithm->count; i++) { -- pcr_selections->pcrSelections[i].hash = algorithm->alg[i]; -- set_pcr_select_size(&pcr_selections->pcrSelections[i], 3); -- clear_pcr_select_bits(&pcr_selections->pcrSelections[i]); -+ pcr_sel->count = 0; - -- UINT32 pcr_id; -- for (pcr_id = 0; pcr_id < 24; pcr_id++) { -- set_pcr_select_bit(&pcr_selections->pcrSelections[i], pcr_id); -- } -- pcr_selections->count++; -+ for (i = 0; i < cap_data.data.assignedPCR.count; i++) { -+ if (alg_id && (cap_data.data.assignedPCR.pcrSelections[i].hash != alg_id)) -+ continue; -+ pcr_sel->pcrSelections[pcr_sel->count].hash = cap_data.data.assignedPCR.pcrSelections[i].hash; -+ set_pcr_select_size(&pcr_sel->pcrSelections[pcr_sel->count], cap_data.data.assignedPCR.pcrSelections[i].sizeofSelect); -+ for (j = 0; j < pcr_sel->pcrSelections[pcr_sel->count].sizeofSelect; j++) -+ pcr_sel->pcrSelections[pcr_sel->count].pcrSelect[j] = cap_data.data.assignedPCR.pcrSelections[i].pcrSelect[j]; -+ pcr_sel->count++; - } -+ -+ if (pcr_sel->count == 0) -+ return false; -+ -+ return true; - } - - // show all PCR banks according to g_pcrSelection & g_pcrs-> -@@ -220,7 +217,7 @@ static bool show_pcr_values(listpcr_cont - context->pcr_selections.pcrSelections[i].hash); - - UINT32 pcr_id; -- for (pcr_id = 0; pcr_id < 24; pcr_id++) { -+ for (pcr_id = 0; pcr_id < context->pcr_selections.pcrSelections[i].sizeofSelect * 8; pcr_id++) { - if (!is_pcr_select_bit_set(&context->pcr_selections.pcrSelections[i], - pcr_id)) { - continue; -@@ -271,14 +268,16 @@ static bool show_selected_pcr_values(lis - - static bool show_all_pcr_values(listpcr_context *context) { - -- init_pcr_selection_all(&context->algs, &context->pcr_selections); -+ if (!init_pcr_selection(0, context)) -+ return false; - - return show_selected_pcr_values(context); - } - - static bool show_alg_pcr_values(listpcr_context *context, TPMI_ALG_HASH alg_id) { - -- init_pcr_selection_from_algorithm(alg_id, &context->pcr_selections); -+ if (!init_pcr_selection(alg_id, context)) -+ return false; - - return show_selected_pcr_values(context); - } diff --git a/2.1.0.zip b/2.1.0.zip deleted file mode 100644 index 6e2ed09..0000000 --- a/2.1.0.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d570da952af40584caf7bedd8adb3d7f2ed2deb273eba65cfe953ca67ec905f4 -size 321817 diff --git a/2.1.1.zip b/2.1.1.zip new file mode 100644 index 0000000..eb064d9 --- /dev/null +++ b/2.1.1.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:dde5c3da62813d03aaa25988ad3a0bd7426be04877f8aee5e7704a33d63b04ac +size 322464 diff --git a/tpm2.0-tools-fix-gcc7.patch b/tpm2.0-tools-fix-gcc7.patch deleted file mode 100644 index 44d7667..0000000 --- a/tpm2.0-tools-fix-gcc7.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: tpm2-tools-2.1.0/tools/main.c -=================================================================== ---- tpm2-tools-2.1.0.orig/tools/main.c -+++ tpm2-tools-2.1.0/tools/main.c -@@ -61,7 +61,7 @@ main (int argc, - execute_man (argv[0], envp); - fprintf (stderr, - "failed to load manpage, check your environment / PATH\n"); -- /* no break */ -+ /* FALLTHROUGH */ - case 2: - exit (1); - } -Index: tpm2-tools-2.1.0/tools/tpm2_dump_capability.c -=================================================================== ---- tpm2-tools-2.1.0.orig/tools/tpm2_dump_capability.c -+++ tpm2-tools-2.1.0/tools/tpm2_dump_capability.c -@@ -595,7 +595,7 @@ dump_tpm_capability (TPMU_CAPABILITIES - case TPM_CAP_COMMANDS: - dump_command_attr_array (capabilities->command.commandAttributes, - capabilities->command.count); -- /* no break */ -+ /* FALLTHROUGH */ - default: - return 1; - } diff --git a/tpm2.0-tools.changes b/tpm2.0-tools.changes index 89d716e..70f7559 100644 --- a/tpm2.0-tools.changes +++ b/tpm2.0-tools.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Nov 9 11:00:33 UTC 2017 - vcizek@suse.com + +- update to version 2.1.1 + * Potential memory leak fix when tcti/sapi initialization fails. + * tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to read + * listpcrs: remove one redundant call to tpm get cap + * listpcrs: fix for unsupported/disabled alg in -L + * build: use supported comment to suppress GCC7 fallthrough warning + * kdfa: allow to build with OpenSSL 1.1.x (bsc#1067392) +- drop patches (upstream) + * 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch + * tpm2.0-tools-fix-gcc7.patch + ------------------------------------------------------------------- Mon Aug 21 14:32:13 UTC 2017 - matthias.gerstner@suse.com diff --git a/tpm2.0-tools.spec b/tpm2.0-tools.spec index a2ba479..4075972 100644 --- a/tpm2.0-tools.spec +++ b/tpm2.0-tools.spec @@ -17,7 +17,7 @@ Name: tpm2.0-tools -Version: 2.1.0 +Version: 2.1.1 Release: 0 Summary: Trusted Platform Module (TPM) 2.0 administration tools License: BSD-3-Clause @@ -25,10 +25,6 @@ Group: Productivity/Security Url: https://github.com/01org/tpm2.0-tools Source0: https://github.com/01org/tpm2.0-tools/archive/%{version}.zip Patch0: tpm2.0-tools-fix-hardening.patch -Patch1: tpm2.0-tools-fix-gcc7.patch -# this fixes an error with an unexpectedly large number of PCRS (bnc#1044419) -# there's no release containing this fix yet -Patch2: 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -50,10 +46,8 @@ provides tools for enablement and configuration of the TPM 2.0 and associated interfaces. %prep -%setup -q -n tpm2-tools-2.1.0 +%setup -q -n tpm2-tools-%{version} %patch0 -p1 -%patch1 -p1 -%patch2 -p1 %build bash ./bootstrap