forked from pool/tpm2.0-tools
Accepting request 926512 from home:aplanas:branches:security
- Update to version 5.2: + tpm2_nvextend: * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NV_Extend command to the TPM. + tpm2_nvread: * Added option --rphash=FILE to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NVRead command to the TPM. * Added option -S, --session to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. + tpm2_nvsetbits: * Added option --rphash=FILE to specify file path to record the hash of the response parameters. This is commonly termed as rpHash. * Added option -S, --session to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NV_SetBits command to the TPM. + tpm2_createprimary: * Support public-key output at creation time in various public-key formats. + tpm2_create: * Support public-key output at creation time in various public-key formats. + tpm2_print: * Support outputing public key in various public key formats over the default YAML output. Supports taking -u output from tpm2_create and converting it to a PEM or DER file format. + tpm2_import: * Add support for importing keys with sealed-data-blobs. + tpm2_rsaencrypt, tpm2_rsadecrypt: * Add support for specifying the hash algorithm with oaep. + tpm2_pcrread, tpm2_quote: * Add option -F, --pcrs_format to specify PCR format selection for the binary blob in the PCR output file. 'values' will output a binary blob of the PCR values. 'serialized' will output a binary blob of the PCR values in the form of serialized data structure in little endian format. + tpm2_eventlog: * Add support for decoding StartupLocality. * Add support for printing the partition information. * Add support for reading eventlogs longer than 64kb including from /sys/kernel/security/tpm0/binary_bios-measurements. + tpm2_duplicate: * Add option -L, --policy to specify an authorization policy to be associated with the duplicated object. * Added support for external key duplication without needing the TCTI. + tools: * Enhance error message on invalid passwords when sessions cannot be used. + lib/tpm2_options: * Add option to specify fake tcti which is required in cases where sapi ctx is required to be initialized for retrieving command parameters without invoking the tcti to talk to the TPM. + openssl: * Dropped support for OpenSSL < 1.1.0 * Add support for OpenSSL 3.0.0 + Support added to make the repository documentation and man pages available live on readthedocs. + Bug-fixes: * tpm2_import: Don't allow setting passwords for imported object with -p option as the tool doesn't modify the TPM2B_SENSITIVE structure. Added appropriate logging to indicate using tpm2_changeauth after import. * lib/tpm2_util.c: The function to calculate pHash algorithm returned error when input session is a password session and the only session in the command. * lib/tpm2_alg_util.c: Fix an error where oaep was parsed under ECC. * tpm2_sign: Fix segfaults when tool does not find TPM resources (TPM or RM). * tpm2_makecredential: Fix an issue where reading input from stdin could result in unsupported data size larger than the largest digest size. * tpm2_loadexternal: Fix an issue where restricted attribute could not be set. * lib/tpm2_nv_util.h: The NV index size is dependent on different data sets read from the GetCapability structures because there is a dependency on the NV operation type: Define vs Read vs Write vs Extend. Fix a sane default in the case where GetCapability fails or fails to report the specific property/ data set. This is especially true because some properties are TPM implementation dependent. * tpm2_createpolicy: Fix an issue where tool exited silently without reporting an error if wrong pcr string is specified. * lib/tpm2_alg_util: add error message on public init to prevent tools from dying silently, add an error message. * tpm2_import: fix an issue where an imported hmac object scheme was NULL. While allowed, it was inconsistent with other tools like tpm2_create which set the scheme as hmac->sha256 when generating a keyedhash object. - Drop patches already in upstream: + 0001-tpm2_checkquote-fix-uninitialized-variable.patch + 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch + 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch OBS-URL: https://build.opensuse.org/request/show/926512 OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=84
This commit is contained in:
parent
2daa4759e2
commit
a9b849d596
@ -1,37 +0,0 @@
|
||||
From 3d7edb1c70cba6c34c71c9b856c07b8adcebb15c Mon Sep 17 00:00:00 2001
|
||||
From: Alberto Planas <aplanas@suse.com>
|
||||
Date: Thu, 17 Jun 2021 11:07:25 +0200
|
||||
Subject: [PATCH] tpm2_checkquote: fix uninitialized variable
|
||||
|
||||
The variable `temp_pcrs` is uninitialized, and later partially
|
||||
uninitialized when reading the selection data from file.
|
||||
|
||||
When activating lto optimizations, this bug presents itself showing an
|
||||
error during the read of the quote:
|
||||
|
||||
ERROR: Malformed PCR file, pcr count cannot be greater than 32, got: ...
|
||||
|
||||
Fixes: #2767
|
||||
|
||||
Co-authored-by: Martin Liska <marxin.liska@gmail.com>
|
||||
Signed-off-by: Alberto Planas <aplanas@suse.com>
|
||||
---
|
||||
tools/misc/tpm2_checkquote.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tools/misc/tpm2_checkquote.c b/tools/misc/tpm2_checkquote.c
|
||||
index 53150857..8d780f11 100644
|
||||
--- a/tools/misc/tpm2_checkquote.c
|
||||
+++ b/tools/misc/tpm2_checkquote.c
|
||||
@@ -376,7 +376,7 @@ static tool_rc init(void) {
|
||||
TPM2B_ATTEST *msg = NULL;
|
||||
TPML_PCR_SELECTION pcr_select;
|
||||
tpm2_pcrs *pcrs;
|
||||
- tpm2_pcrs temp_pcrs;
|
||||
+ tpm2_pcrs temp_pcrs = {};
|
||||
tool_rc return_value = tool_rc_general_error;
|
||||
|
||||
msg = message_from_file(ctx.msg_file_path);
|
||||
--
|
||||
2.32.0
|
||||
|
@ -1,35 +0,0 @@
|
||||
From 24e193412eac3985baea5e83e3245a4315c86ebe Mon Sep 17 00:00:00 2001
|
||||
From: Alberto Planas <aplanas@suse.com>
|
||||
Date: Thu, 29 Jul 2021 16:02:50 +0200
|
||||
Subject: [PATCH 1/1] tpm2_eventlog: fix buffer offset when reading the event
|
||||
log
|
||||
|
||||
The event log is read in chunks of CHUNK_SIZE blocks (16KB), always
|
||||
checking when the EOF is reached, so it is compatible with virtual files
|
||||
that lives in securityfs and we do not know the full size. The current
|
||||
code is not taking care of adjusting the offset when the next chunk is
|
||||
read.
|
||||
|
||||
This patch add "size" to the base buffer where the event log is stored
|
||||
in memory.
|
||||
|
||||
Fix #2778
|
||||
|
||||
Signed-off-by: Alberto Planas <aplanas@suse.com>
|
||||
---
|
||||
tools/misc/tpm2_eventlog.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: tpm2-tools-5.1.1/tools/misc/tpm2_eventlog.c
|
||||
===================================================================
|
||||
--- tpm2-tools-5.1.1.orig/tools/misc/tpm2_eventlog.c
|
||||
+++ tpm2-tools-5.1.1/tools/misc/tpm2_eventlog.c
|
||||
@@ -90,7 +90,7 @@ static tool_rc tpm2_tool_onrun(ESYS_CONT
|
||||
}
|
||||
|
||||
unsigned long size = 0;
|
||||
- while (files_read_bytes_chunk(fileptr, eventlog, CHUNK_SIZE, &size)) {
|
||||
+ while (files_read_bytes_chunk(fileptr, eventlog + size, CHUNK_SIZE, &size)) {
|
||||
UINT8 *eventlog_tmp = realloc(eventlog, size + CHUNK_SIZE);
|
||||
if (eventlog_tmp == NULL){
|
||||
LOG_ERR("failed to allocate %lu bytes: %s", size + CHUNK_SIZE, strerror(errno));
|
@ -1,145 +0,0 @@
|
||||
From b95e41bccc64e488ca9c824e632b8ca5bc87db55 Mon Sep 17 00:00:00 2001
|
||||
From: Alberto Planas <aplanas@suse.com>
|
||||
Date: Fri, 18 Jun 2021 15:54:22 +0200
|
||||
Subject: [PATCH] tpm2_eventlog: read eventlog file in chunks
|
||||
|
||||
The eventlog file lives is securityfs, that do not return the file size.
|
||||
The current implementation first try to do a "fseek(fp, 0, SEEK_END)"
|
||||
for this file, and this will always return 0.
|
||||
|
||||
This generate an error, and tpm2_eventlog exit with:
|
||||
|
||||
ERROR: Unable to run tpm2_eventlog
|
||||
|
||||
This patch replace the reading logic, now reading in chunks of 16KB and
|
||||
reallocating the buffer if needed. Also introduces a new function in
|
||||
files.c ("files_read_bytes_chunk") that helps counting the total read
|
||||
size, that now is different from the ammount of allocated memory.
|
||||
|
||||
Fixes #2775
|
||||
|
||||
Signed-off-by: Alberto Planas <aplanas@suse.com>
|
||||
---
|
||||
lib/files.c | 9 +++++++++
|
||||
lib/files.h | 15 ++++++++++++++
|
||||
tools/misc/tpm2_eventlog.c | 40 +++++++++++++++++++-------------------
|
||||
3 files changed, 44 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/lib/files.c b/lib/files.c
|
||||
index 884dd23c..7f0fb39f 100644
|
||||
--- a/lib/files.c
|
||||
+++ b/lib/files.c
|
||||
@@ -564,6 +564,15 @@ bool files_read_bytes(FILE *out, UINT8 bytes[], size_t len) {
|
||||
return (readx(out, bytes, len) == len);
|
||||
}
|
||||
|
||||
+bool files_read_bytes_chunk(FILE *out, UINT8 bytes[], size_t len, size_t *read_len) {
|
||||
+
|
||||
+ BAIL_ON_NULL("FILE", out);
|
||||
+ BAIL_ON_NULL("bytes", bytes);
|
||||
+ size_t chunk_len = readx(out, bytes, len);
|
||||
+ *read_len += chunk_len;
|
||||
+ return (chunk_len == len);
|
||||
+}
|
||||
+
|
||||
bool files_write_bytes(FILE *out, uint8_t bytes[], size_t len) {
|
||||
|
||||
BAIL_ON_NULL("FILE", out);
|
||||
diff --git a/lib/files.h b/lib/files.h
|
||||
index 33022cbd..684b7eef 100644
|
||||
--- a/lib/files.h
|
||||
+++ b/lib/files.h
|
||||
@@ -571,6 +571,21 @@ bool files_read_64(FILE *out, UINT64 *data);
|
||||
*/
|
||||
bool files_read_bytes(FILE *out, UINT8 data[], size_t size);
|
||||
|
||||
+/**
|
||||
+ * Reads len bytes from a file and set the read length.
|
||||
+ * @param out
|
||||
+ * The file to read from.
|
||||
+ * @param data
|
||||
+ * The buffer to read into, only valid on a True return.
|
||||
+ * @param size
|
||||
+ * The number of bytes to read.
|
||||
+ * @param read_size
|
||||
+ * Total number of bytes readed.
|
||||
+ * @return
|
||||
+ * True on success, False otherwise.
|
||||
+ */
|
||||
+bool files_read_bytes_chunk(FILE *out, UINT8 data[], size_t size, size_t *read_size);
|
||||
+
|
||||
/**
|
||||
* Converts a TPM2B_ATTEST to a TPMS_ATTEST using libmu.
|
||||
* @param quoted
|
||||
diff --git a/tools/misc/tpm2_eventlog.c b/tools/misc/tpm2_eventlog.c
|
||||
index b51089bd..64ce6add 100644
|
||||
--- a/tools/misc/tpm2_eventlog.c
|
||||
+++ b/tools/misc/tpm2_eventlog.c
|
||||
@@ -12,6 +12,8 @@
|
||||
#include "tpm2_eventlog_yaml.h"
|
||||
#include "tpm2_tool.h"
|
||||
|
||||
+#define CHUNK_SIZE 16384
|
||||
+
|
||||
static char *filename = NULL;
|
||||
|
||||
/* Set the default YAML version */
|
||||
@@ -72,37 +74,35 @@ static tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) {
|
||||
return tool_rc_option_error;
|
||||
}
|
||||
|
||||
- /* Get file size */
|
||||
- unsigned long size = 0;
|
||||
- bool ret = files_get_file_size_path(filename, &size);
|
||||
- if (!ret || !size) {
|
||||
+ /* Read the file in chunks. Usually the file will reside in
|
||||
+ securityfs, and those files do not have a public file size */
|
||||
+ tool_rc rc = tool_rc_success;
|
||||
+ FILE *fileptr = fopen(filename, "rb");
|
||||
+ if (!fileptr) {
|
||||
return tool_rc_general_error;
|
||||
}
|
||||
|
||||
- /* Allocate buffer to read file data */
|
||||
- UINT8 *eventlog = calloc(1, size);
|
||||
+ /* Reserve the buffer for the first chunk */
|
||||
+ UINT8 *eventlog = calloc(1, CHUNK_SIZE);
|
||||
if (eventlog == NULL){
|
||||
- LOG_ERR("failed to allocate %lu bytes: %s", size, strerror(errno));
|
||||
+ LOG_ERR("failed to allocate %d bytes: %s", CHUNK_SIZE, strerror(errno));
|
||||
return tool_rc_general_error;
|
||||
}
|
||||
|
||||
- /* Load buffer with file data */
|
||||
- tool_rc rc = tool_rc_success;
|
||||
- FILE *fileptr = fopen(filename, "rb");
|
||||
- if (!fileptr) {
|
||||
- rc = tool_rc_general_error;
|
||||
- goto out;
|
||||
+ unsigned long size = 0;
|
||||
+ while (files_read_bytes_chunk(fileptr, eventlog, CHUNK_SIZE, &size)) {
|
||||
+ UINT8 *eventlog_tmp = realloc(eventlog, size + CHUNK_SIZE);
|
||||
+ if (eventlog_tmp == NULL){
|
||||
+ LOG_ERR("failed to allocate %lu bytes: %s", size + CHUNK_SIZE, strerror(errno));
|
||||
+ rc = tool_rc_general_error;
|
||||
+ goto out;
|
||||
+ }
|
||||
+ eventlog = eventlog_tmp;
|
||||
}
|
||||
-
|
||||
- ret = files_read_bytes(fileptr, eventlog, size);
|
||||
fclose(fileptr);
|
||||
- if (!ret) {
|
||||
- rc = tool_rc_general_error;
|
||||
- goto out;
|
||||
- }
|
||||
|
||||
/* Parse eventlog data */
|
||||
- ret = yaml_eventlog(eventlog, size, eventlog_version);
|
||||
+ bool ret = yaml_eventlog(eventlog, size, eventlog_version);
|
||||
if (!ret) {
|
||||
LOG_ERR("failed to parse tpm2 eventlog");
|
||||
rc = tool_rc_general_error;
|
||||
--
|
||||
2.32.0
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5500810f7af999391babb13216d75843bee9f3f9d1544feed5e503d801174a3b
|
||||
size 1044427
|
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmDQoIoACgkQbeLpB44f
|
||||
UMEidhAAqmjQ+JUI5dlp4hsU78cKpZpIC3ivS2vobHekdOrzlDqe9/GhFXQEo07O
|
||||
M7RI1zgguaXXGlNNatx+xU3vHZD3CjtwRxjt4OFEwL0yH8/8/5YDMgTbujmuprbu
|
||||
sF3uQ3+RUmY6UQPqXH5UTV6sri50psY0JSQg4CKSfu/KGAzu74dfkcq6k6zFwaTl
|
||||
Odj7orMw+5tzygeF6L308o07jIM0Z0Uiuf0nAkKAQX8iSrJDZZK89gfSLr5+rcBB
|
||||
ihAAWE087Mfkd7WgMi54Ozja5YfZ9RF9CNMqETLB1YEseu1Q8LqmR39DDUANAMGb
|
||||
eJx9ZP1+r3MPp2EqUjt6DWDvp9KUEepg6ZQfarhvBknJU4cXxpoK/qV9/QD8NaEP
|
||||
YY2SGOkb4O9OxENrCNGKKAW1yI+sx4kjxqVVq1Gz+nFDOhd6wOWxLOfOFrQTy0o8
|
||||
H76Zs3cJodgrSYTO690hLJzX4pEVn2qrtFq+eDmRmD6IktJXaU4dK7SlXRW3yfkH
|
||||
sSdsHy+HZ1tBsvEbLGRDJLFrt4rVyl42n1dl+yynliQ0Np/i6TMwPfoTUsZGqSbA
|
||||
ifMLZW774d204FDwZZzmAbRtILHNUDNKwyMVMFMHbZtjep5MwW3x3sC89tOgkCtM
|
||||
LLlxoiaHzhS7coAYDBUxYiL/wzsbIFYDyDLplxgoLfqzJCl8unY=
|
||||
=KI3b
|
||||
-----END PGP SIGNATURE-----
|
3
tpm2-tools-5.2.tar.gz
Normal file
3
tpm2-tools-5.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c0b402f6a7b3456e8eb2445211e2d41c46c7e769e05fe4d8909ff64119f7a630
|
||||
size 1072078
|
16
tpm2-tools-5.2.tar.gz.asc
Normal file
16
tpm2-tools-5.2.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEYxPm3EGq/DFah2CkFJhvaUSx9ysFAmFTUS4ACgkQFJhvaUSx
|
||||
9ysklQ/+JOGFQ3gNPcOsBRhXf/3FYDf3codr1LnmXGdosWL7VzP33zePGf7xr3rc
|
||||
c8qqbDHO9JHsFd2920oPawqlIBC22kT3fuX6g4pu+mcLeCzSFo5qr2A66mryRQpd
|
||||
xYeufu6mDlYmjs18xt2qtRu/uWxx6E0RH8cLVstfhHMfOUlG2xtWO70eXcS/R0z7
|
||||
6E/U5ezBTcw/7nErlR8YIaLKUnlOYPObeL2oF+1tJVCEzP5ZS+0RcRKQGB9tMYui
|
||||
WSXVGU8G4OslRnebG99OS45tQZgz3cdj371N9/b0DTrgrv+YLEVdAfCxfwdxC54q
|
||||
DDmB0e/KpVpQ04A/zeUaNTBZxIXrR0XzSSoF9c/bdjCGB/qCw/psHvGOgKLkTJGw
|
||||
8TlvaBftPSbR08aiKY0eSJPivQWMqOh6a1XLlGaMj9UbMYtbzKQTo9mkEZsNTq5q
|
||||
NJ06pEfRdjCSKeflLzJt9jLunksKnSviIYLhHPZGT7eqq3yVF/XAqNf28I3614aW
|
||||
bZmkJ35VxieIBy2h2oyg93Jqejjvx2+zEwOIQL6+HbqNmxhjeot7fFxVHNLQFfZS
|
||||
mQ3mUqkLMVo08tcDkTbd36i7mQExpspXXnC4wOm8mNW8idV+ElepskiL9zSdkt1K
|
||||
elTe2AvtVrS4XqTJmJyz6bShC1LBzJXeCxcimAMdYc0DyY5lWDM=
|
||||
=M5xM
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +1,111 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 20 08:53:37 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
|
||||
|
||||
- Update to version 5.2:
|
||||
+ tpm2_nvextend:
|
||||
* Added option -n, --name to specify the name of the nvindex in
|
||||
hex bytes. This is used when cpHash ought to be calculated
|
||||
without dispatching the TPM2_NV_Extend command to the TPM.
|
||||
+ tpm2_nvread:
|
||||
* Added option --rphash=FILE to specify ile path to record the
|
||||
hash of the response parameters. This is commonly termed as
|
||||
rpHash.
|
||||
* Added option -n, --name to specify the name of the nvindex in
|
||||
hex bytes. This is used when cpHash ought to be calculated
|
||||
without dispatching the TPM2_NVRead command to the TPM.
|
||||
* Added option -S, --session to specify to specify an auxiliary
|
||||
session for auditing and or encryption/decryption of the
|
||||
parameters.
|
||||
+ tpm2_nvsetbits:
|
||||
* Added option --rphash=FILE to specify file path to record the
|
||||
hash of the response parameters. This is commonly termed as
|
||||
rpHash.
|
||||
* Added option -S, --session to specify to specify an auxiliary
|
||||
session for auditing and or encryption/decryption of the
|
||||
parameters.
|
||||
* Added option -n, --name to specify the name of the nvindex in
|
||||
hex bytes. This is used when cpHash ought to be calculated
|
||||
without dispatching the TPM2_NV_SetBits command to the TPM.
|
||||
+ tpm2_createprimary:
|
||||
* Support public-key output at creation time in various public-key
|
||||
formats.
|
||||
+ tpm2_create:
|
||||
* Support public-key output at creation time in various public-key
|
||||
formats.
|
||||
+ tpm2_print:
|
||||
* Support outputing public key in various public key formats over
|
||||
the default YAML output. Supports taking -u output from
|
||||
tpm2_create and converting it to a PEM or DER file format.
|
||||
+ tpm2_import:
|
||||
* Add support for importing keys with sealed-data-blobs.
|
||||
+ tpm2_rsaencrypt, tpm2_rsadecrypt:
|
||||
* Add support for specifying the hash algorithm with oaep.
|
||||
+ tpm2_pcrread, tpm2_quote:
|
||||
* Add option -F, --pcrs_format to specify PCR format selection for
|
||||
the binary blob in the PCR output file. 'values' will output a
|
||||
binary blob of the PCR values. 'serialized' will output a binary
|
||||
blob of the PCR values in the form of serialized data structure
|
||||
in little endian format.
|
||||
+ tpm2_eventlog:
|
||||
* Add support for decoding StartupLocality.
|
||||
* Add support for printing the partition information.
|
||||
* Add support for reading eventlogs longer than 64kb including
|
||||
from /sys/kernel/security/tpm0/binary_bios-measurements.
|
||||
+ tpm2_duplicate:
|
||||
* Add option -L, --policy to specify an authorization policy to be
|
||||
associated with the duplicated object.
|
||||
* Added support for external key duplication without needing the
|
||||
TCTI.
|
||||
+ tools:
|
||||
* Enhance error message on invalid passwords when sessions cannot
|
||||
be used.
|
||||
+ lib/tpm2_options:
|
||||
* Add option to specify fake tcti which is required in cases where
|
||||
sapi ctx is required to be initialized for retrieving command
|
||||
parameters without invoking the tcti to talk to the TPM.
|
||||
+ openssl:
|
||||
* Dropped support for OpenSSL < 1.1.0
|
||||
* Add support for OpenSSL 3.0.0
|
||||
+ Support added to make the repository documentation and man pages
|
||||
available live on readthedocs.
|
||||
+ Bug-fixes:
|
||||
* tpm2_import: Don't allow setting passwords for imported object
|
||||
with -p option as the tool doesn't modify the TPM2B_SENSITIVE
|
||||
structure. Added appropriate logging to indicate using
|
||||
tpm2_changeauth after import.
|
||||
* lib/tpm2_util.c: The function to calculate pHash algorithm
|
||||
returned error when input session is a password session and the
|
||||
only session in the command.
|
||||
* lib/tpm2_alg_util.c: Fix an error where oaep was parsed under
|
||||
ECC.
|
||||
* tpm2_sign: Fix segfaults when tool does not find TPM resources
|
||||
(TPM or RM).
|
||||
* tpm2_makecredential: Fix an issue where reading input from stdin
|
||||
could result in unsupported data size larger than the largest
|
||||
digest size.
|
||||
* tpm2_loadexternal: Fix an issue where restricted attribute could
|
||||
not be set.
|
||||
* lib/tpm2_nv_util.h: The NV index size is dependent on different
|
||||
data sets read from the GetCapability structures because there
|
||||
is a dependency on the NV operation type: Define vs Read vs
|
||||
Write vs Extend. Fix a sane default in the case where
|
||||
GetCapability fails or fails to report the specific property/
|
||||
data set. This is especially true because some properties are
|
||||
TPM implementation dependent.
|
||||
* tpm2_createpolicy: Fix an issue where tool exited silently
|
||||
without reporting an error if wrong pcr string is specified.
|
||||
* lib/tpm2_alg_util: add error message on public init to prevent
|
||||
tools from dying silently, add an error message.
|
||||
* tpm2_import: fix an issue where an imported hmac object scheme
|
||||
was NULL. While allowed, it was inconsistent with other tools
|
||||
like tpm2_create which set the scheme as hmac->sha256 when
|
||||
generating a keyedhash object.
|
||||
|
||||
- Drop patches already in upstream:
|
||||
+ 0001-tpm2_checkquote-fix-uninitialized-variable.patch
|
||||
+ 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch
|
||||
+ 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 29 14:15:11 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: tpm2.0-tools
|
||||
Version: 5.1.1
|
||||
Version: 5.2
|
||||
Release: 0
|
||||
Summary: Trusted Platform Module (TPM) 2.0 administration tools
|
||||
License: BSD-3-Clause
|
||||
@ -28,9 +28,6 @@ Source1: https://github.com/tpm2-software/tpm2-tools/releases/download/%{
|
||||
# git show william-roberts-pub javier-martinez-pub joshua-lock-pub idesai-pub > tpm2-tools.keyring
|
||||
Source2: tpm2-tools.keyring
|
||||
Patch0: fix_bogus_warning.patch
|
||||
Patch2: 0001-tpm2_checkquote-fix-uninitialized-variable.patch
|
||||
Patch3: 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch
|
||||
Patch4: 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libcurl-devel
|
||||
BuildRequires: libopenssl-devel
|
||||
@ -83,7 +80,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc README.md doc/CHANGELOG.md
|
||||
%doc doc/README.md doc/CHANGELOG.md
|
||||
%license doc/LICENSE
|
||||
/usr/bin/tpm2*
|
||||
/usr/bin/tss2*
|
||||
|
Loading…
Reference in New Issue
Block a user