Merge ~paelzer/ubuntu/+source/libtpms:0.9.3-JAMMY into ubuntu/+source/libtpms:ubuntu/jammy-devel
- Git
- lp:~paelzer/ubuntu/+source/libtpms
- 0.9.3-JAMMY
- Merge into ubuntu/jammy-devel
Status: | Merged | ||||
---|---|---|---|---|---|
Merge reported by: | Christian Ehrhardt | ||||
Merged at revision: | 655b6b57b3e02a940f50a68fd12a2a09944c56db | ||||
Proposed branch: | ~paelzer/ubuntu/+source/libtpms:0.9.3-JAMMY | ||||
Merge into: | ubuntu/+source/libtpms:ubuntu/jammy-devel | ||||
Diff against target: |
439 lines (+198/-44) 15 files modified
CHANGES (+12/-0) configure.ac (+7/-5) debian/changelog (+16/-0) debian/patches/do_not_inline_makeiv.patch (+23/-0) debian/patches/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch (+37/-0) debian/patches/lp-1948748-tpm2-Check-return-code-of-BN_div.patch (+36/-0) debian/patches/no_local_check.patch (+26/-0) debian/patches/series (+4/-2) dev/null (+0/-31) dist/libtpms.spec (+10/-1) dist/libtpms.spec.in (+9/-0) include/libtpms/tpm_library.h (+1/-1) src/tpm2/NVMarshal.c (+6/-1) src/tpm2/Time.c (+9/-0) src/tpm2/crypto/openssl/CryptRsa.c (+2/-3) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Andreas Hasenack | Approve | ||
Canonical Server | Pending | ||
git-ubuntu import | Pending | ||
Review via email: mp+417854@code.launchpad.net |
Commit message
Description of the change
- 75bd422... by Christian Ehrhardt
-
d/p/do_
not_inline_ makeiv. patch pull ppc64 fix from upstream as identified and added to debian 0.9.2-3 Signed-off-by: Christian Ehrhardt <email address hidden>
Christian Ehrhardt (paelzer) wrote : | # |
- 1b754c7... by Christian Ehrhardt
-
d/p/no_
local_check. patch pull ppc64 fix from upstream as identified and added to debian 0.9.2-3 Signed-off-by: Christian Ehrhardt <email address hidden>
Christian Ehrhardt (paelzer) wrote : | # |
Autopkgtest (I skipped the rather busy arm architectures) are still good:
https:/
https:/
Andreas Hasenack (ahasenack) wrote : | # |
Taking a look
Andreas Hasenack (ahasenack) : | # |
Christian Ehrhardt (paelzer) wrote : | # |
replied to Andreas (inline)
Andreas Hasenack (ahasenack) wrote : | # |
+1
- no ffe needed
- changes match upstream 0.9.3
- build is fine
no other concerns
- 8f2d086... by Christian Ehrhardt
-
drop d/p/uninitializ
ed-variable. patch: no more needed Signed-off-by: Christian Ehrhardt <email address hidden>
- 18776b3... by Christian Ehrhardt
-
changelog: drop d/p/uninitializ
ed-variable. patch Signed-off-by: Christian Ehrhardt <email address hidden>
Christian Ehrhardt (paelzer) wrote : | # |
After talking with the upstream maintainer we found that some former Delta for gcc issues is no more needed. Dropped that - otherwise the same.
Andreas Hasenack (ahasenack) wrote : | # |
And d/p/no_
Christian Ehrhardt (paelzer) wrote : | # |
Yes, I tried without, but both:
- d/p/no_
- d/p/do_
are still needed.
- 10048b1... by Christian Ehrhardt
-
d/p/lp-
1948748- tpm2-Check- return- code-of- BN_div. patch: fix coverity finding Signed-off-by: Christian Ehrhardt <email address hidden>
- 655b6b5... by Christian Ehrhardt
-
changelog: fix coverity finding
Signed-off-by: Christian Ehrhardt <email address hidden>
Christian Ehrhardt (paelzer) wrote : | # |
Rebuilds, Sanity tests and autopkgtests with the new version worked well.
Uploading to get this ready for promotion to main next week.
https:/
https:/
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading libtpms_
Uploading libtpms_
Uploading libtpms_
Uploading libtpms_
Uploading libtpms_
Successfully uploaded packages.
Preview Diff
1 | diff --git a/CHANGES b/CHANGES |
2 | index 3030ad1..cc29036 100644 |
3 | --- a/CHANGES |
4 | +++ b/CHANGES |
5 | @@ -1,5 +1,17 @@ |
6 | CHANGES - changes for libtpms |
7 | |
8 | +version 0.9.3: |
9 | + - build-sys: Add probing for -fstack-protector |
10 | + - tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size |
11 | + (OSSL 3) |
12 | + |
13 | +version 0.9.2: |
14 | + - tpm2: When writing state initialize s_ContextSlotMask if not set |
15 | + |
16 | +version 0.9.1: |
17 | + - tpm2: Do not write permanent state if only clock changed |
18 | + - tpm2: Fix "maybe-uninitialized" warning |
19 | + |
20 | version 0.9.0: |
21 | - NOTE: Downgrade to previous versions is not possible. See below. |
22 | - The size of the context gap has been adjusted to 0xffff from 0xff. |
23 | diff --git a/configure.ac b/configure.ac |
24 | index 5f995a8..3fbdf67 100644 |
25 | --- a/configure.ac |
26 | +++ b/configure.ac |
27 | @@ -3,7 +3,7 @@ |
28 | # |
29 | # See the LICENSE file for the license associated with this file. |
30 | |
31 | -AC_INIT([libtpms],[0.9.0]) |
32 | +AC_INIT([libtpms],[0.9.3]) |
33 | AC_PREREQ([2.69]) |
34 | AC_CONFIG_SRCDIR(Makefile.am) |
35 | AC_CONFIG_AUX_DIR([.]) |
36 | @@ -284,10 +284,12 @@ AC_ARG_ENABLE([hardening], |
37 | AS_HELP_STRING([--disable-hardening], [Disable hardening flags])) |
38 | |
39 | if test "x$enable_hardening" != "xno"; then |
40 | - # Some versions of gcc fail with -Wstack-protector enabled |
41 | - TMP="$($CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>&1)" |
42 | - if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then |
43 | - HARDENING_CFLAGS="-fstack-protector " |
44 | + # Some versions of gcc fail with -Wstack-protector, |
45 | + # some with -Wstack-protector-strong enabled |
46 | + if ! $CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>/dev/null; then |
47 | + if $CC -fstack-protector $srcdir/include/libtpms/tpm_error.h 2>/dev/null; then |
48 | + HARDENING_CFLAGS="-fstack-protector " |
49 | + fi |
50 | else |
51 | HARDENING_CFLAGS="-fstack-protector-strong " |
52 | fi |
53 | diff --git a/debian/changelog b/debian/changelog |
54 | index 171710d..39a3019 100644 |
55 | --- a/debian/changelog |
56 | +++ b/debian/changelog |
57 | @@ -1,3 +1,19 @@ |
58 | +libtpms (0.9.3-0ubuntu1) jammy; urgency=medium |
59 | + |
60 | + * merge 0.9.3 from upstram to stabilize libtpms in jammy; related to |
61 | + but not fixing (LP: 1948748) |
62 | + - d/p/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch: |
63 | + avoid bad shift |
64 | + - drop d/p/fix-openssl3-compat.patch: part of 0.9.3 |
65 | + - drop d/p/uninitialized-variable.patch: no more needed |
66 | + - ppc64 fixes from upstream as identified and added to debian 0.9.2-3 |
67 | + + d/p/do_not_inline_makeiv.patch |
68 | + + d/p/no_local_check.patch |
69 | + - d/p/lp-1948748-tpm2-Check-return-code-of-BN_div.patch: fix |
70 | + coverity finding |
71 | + |
72 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 30 Mar 2022 09:04:10 +0200 |
73 | + |
74 | libtpms (0.9.0-0ubuntu4) jammy; urgency=medium |
75 | |
76 | * d/p/fix-openssl3-compat.patch: Cherry-picked from upstream (LP: #1962601) |
77 | diff --git a/debian/patches/do_not_inline_makeiv.patch b/debian/patches/do_not_inline_makeiv.patch |
78 | new file mode 100644 |
79 | index 0000000..06bf2d0 |
80 | --- /dev/null |
81 | +++ b/debian/patches/do_not_inline_makeiv.patch |
82 | @@ -0,0 +1,23 @@ |
83 | +Description: Do not inline MakeIV due toppc64 compiler issue |
84 | + The ppc64 gcc compiler has an issue with MakeIv. |
85 | +Forwarded: no |
86 | +X-Not-Forwarded-Reason: only needed for a gcc bug in Ubuntu |
87 | +Origin: https://github.com/stefanberger/libtpms/issues/297 |
88 | +Last-Update: 2022-03-30 |
89 | + |
90 | +--- |
91 | + src/tpm2/AlgorithmTests.c | 3 +++ |
92 | + 1 file changed, 3 insertions(+) |
93 | + |
94 | +--- a/src/tpm2/AlgorithmTests.c |
95 | ++++ b/src/tpm2/AlgorithmTests.c |
96 | +@@ -179,6 +179,9 @@ |
97 | + /* 10.2.1.4.1 MakeIv() */ |
98 | + /* Internal function to make the appropriate IV depending on the mode. */ |
99 | + static UINT32 |
100 | ++#if defined(__powerpc64__) |
101 | ++__attribute__((noinline)) |
102 | ++#endif |
103 | + MakeIv( |
104 | + TPM_ALG_ID mode, // IN: symmetric mode |
105 | + UINT32 size, // IN: block size of the algorithm |
106 | diff --git a/debian/patches/fix-openssl3-compat.patch b/debian/patches/fix-openssl3-compat.patch |
107 | deleted file mode 100644 |
108 | index e318f12..0000000 |
109 | --- a/debian/patches/fix-openssl3-compat.patch |
110 | +++ /dev/null |
111 | @@ -1,35 +0,0 @@ |
112 | -From e4261984374556da65c9d46097d5a1200b335c0c Mon Sep 17 00:00:00 2001 |
113 | -From: Juergen Repp <juergen.repp@sit.fraunhofer.de> |
114 | -Date: Sat, 19 Feb 2022 12:59:32 +0100 |
115 | -Origin: https://github.com/stefanberger/libtpms/pull/294 |
116 | -Subject: [PATCH] tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for |
117 | - label of size 0 (OSSL 3) |
118 | - |
119 | -Openssl 3.0 did return an error if EVP_PKEY_CTX_set0_rsa_oaep_label was called |
120 | -with label size 0. The function should only be called if the size of the label |
121 | -is greater 0. |
122 | -With this fix TPM2_RSA_Encrypt/Decrypt did work with OpenSSL 1.1 and 3.0 |
123 | -for encryption without label. |
124 | - |
125 | -Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de> |
126 | ---- |
127 | - src/tpm2/crypto/openssl/CryptRsa.c | 5 ++--- |
128 | - 1 file changed, 2 insertions(+), 3 deletions(-) |
129 | - |
130 | -diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c |
131 | -index 4ed04384f..b5d6b6c3b 100644 |
132 | ---- a/src/tpm2/crypto/openssl/CryptRsa.c |
133 | -+++ b/src/tpm2/crypto/openssl/CryptRsa.c |
134 | -@@ -1356,10 +1356,9 @@ CryptRsaEncrypt( |
135 | - if (tmp == NULL) |
136 | - ERROR_RETURN(TPM_RC_FAILURE); |
137 | - memcpy(tmp, label->buffer, label->size); |
138 | -+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0) |
139 | -+ ERROR_RETURN(TPM_RC_FAILURE); |
140 | - } |
141 | -- // label->size == 0 is supported |
142 | -- if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0) |
143 | -- ERROR_RETURN(TPM_RC_FAILURE); |
144 | - tmp = NULL; |
145 | - break; |
146 | - default: |
147 | diff --git a/debian/patches/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch b/debian/patches/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch |
148 | new file mode 100644 |
149 | index 0000000..8d90d3e |
150 | --- /dev/null |
151 | +++ b/debian/patches/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch |
152 | @@ -0,0 +1,37 @@ |
153 | +From d78a4520ba3157087e1e438b519618f26d85fae3 Mon Sep 17 00:00:00 2001 |
154 | +From: Stefan Berger <stefanb@linux.ibm.com> |
155 | +Date: Wed, 16 Feb 2022 11:49:11 -0500 |
156 | +Subject: [PATCH] tpm2: Address Coverity Issue by casting '1' before shift (CID |
157 | + 1470813) |
158 | + |
159 | +Cast the '1' to UINT64 before shifting it. |
160 | + |
161 | +Since the shift value is always below 32 it would have never exceeded |
162 | +the 32bit value it was using before the cast. |
163 | + |
164 | +Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> |
165 | + |
166 | +Origin: upstream, https://github.com/stefanberger/libtpms/commit/d78a4520ba31 |
167 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1948748 |
168 | +Last-Update: 2022-03-30 |
169 | + |
170 | +--- |
171 | + src/tpm2/NVMarshal.c | 2 +- |
172 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
173 | + |
174 | +diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c |
175 | +index c7cd1e0..cdac3e2 100644 |
176 | +--- a/src/tpm2/NVMarshal.c |
177 | ++++ b/src/tpm2/NVMarshal.c |
178 | +@@ -806,7 +806,7 @@ pcrbanks_algs_active(const TPML_PCR_SELECTION *pcrAllocated) |
179 | + for(i = 0; i < pcrAllocated->count; i++) { |
180 | + for (j = 0; j < pcrAllocated->pcrSelections[i].sizeofSelect; j++) { |
181 | + if (pcrAllocated->pcrSelections[i].pcrSelect[j]) { |
182 | +- algs_active |= 1 << pcrAllocated->pcrSelections[i].hash; |
183 | ++ algs_active |= ((UINT64)1 << pcrAllocated->pcrSelections[i].hash); |
184 | + break; |
185 | + } |
186 | + } |
187 | +-- |
188 | +2.35.1 |
189 | + |
190 | diff --git a/debian/patches/lp-1948748-tpm2-Check-return-code-of-BN_div.patch b/debian/patches/lp-1948748-tpm2-Check-return-code-of-BN_div.patch |
191 | new file mode 100644 |
192 | index 0000000..9fb17e6 |
193 | --- /dev/null |
194 | +++ b/debian/patches/lp-1948748-tpm2-Check-return-code-of-BN_div.patch |
195 | @@ -0,0 +1,36 @@ |
196 | +From 897c8f869754d01639741cecf9fee8f0a7b5d740 Mon Sep 17 00:00:00 2001 |
197 | +From: Stefan Berger <stefanb@linux.ibm.com> |
198 | +Date: Wed, 30 Mar 2022 10:14:51 -0400 |
199 | +Subject: [PATCH] tpm2: Check return code of BN_div() |
200 | + |
201 | +Check the return code of BN_div() when calculating Q and Qr of |
202 | +a private key. |
203 | + |
204 | +Resolves: https://github.com/stefanberger/libtpms/issues/304 |
205 | +Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> |
206 | + |
207 | +Origin: upstream, https://github.com/stefanberger/libtpms/commit/897c8f869754 |
208 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1948748 |
209 | +Last-Update: 2022-04-01 |
210 | + |
211 | +--- |
212 | + src/tpm2/crypto/openssl/Helpers.c | 3 +-- |
213 | + 1 file changed, 1 insertion(+), 2 deletions(-) |
214 | + |
215 | +diff --git a/src/tpm2/crypto/openssl/Helpers.c b/src/tpm2/crypto/openssl/Helpers.c |
216 | +index f47cdbf..a923436 100644 |
217 | +--- a/src/tpm2/crypto/openssl/Helpers.c |
218 | ++++ b/src/tpm2/crypto/openssl/Helpers.c |
219 | +@@ -521,8 +521,7 @@ InitOpenSSLRSAPrivateKey(OBJECT *rsaKey, // IN |
220 | + ERROR_RETURN(TPM_RC_FAILURE); |
221 | + /* Q = N/P; no remainder */ |
222 | + BN_set_flags(P, BN_FLG_CONSTTIME); // P is secret |
223 | +- BN_div(Q, Qr, N, P, ctx); |
224 | +- if(!BN_is_zero(Qr)) |
225 | ++ if (!BN_div(Q, Qr, N, P, ctx) || !BN_is_zero(Qr)) |
226 | + ERROR_RETURN(TPM_RC_BINDING); |
227 | + BN_set_flags(Q, BN_FLG_CONSTTIME); // Q is secret |
228 | + |
229 | +-- |
230 | +2.35.1 |
231 | + |
232 | diff --git a/debian/patches/no_local_check.patch b/debian/patches/no_local_check.patch |
233 | new file mode 100644 |
234 | index 0000000..0e6f1da |
235 | --- /dev/null |
236 | +++ b/debian/patches/no_local_check.patch |
237 | @@ -0,0 +1,26 @@ |
238 | +Description: Do not run check-local due to bug in ppc64 gcc on Jammy |
239 | + |
240 | +ppc64 gcc has a bug causing issued in check-local. |
241 | +Therefore, do not run check-local while ppc64 gcc is broken |
242 | +on Ubuntu Jammy. |
243 | + |
244 | +Forwarded: no |
245 | +X-Not-Forwarded-Reason: only needed for a gcc bug in Ubuntu |
246 | +Origin: https://github.com/stefanberger/libtpms/issues/298 |
247 | +Last-Update: 2022-03-30 |
248 | + |
249 | +--- |
250 | + src/Makefile.am | 2 +- |
251 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
252 | + |
253 | +--- a/src/Makefile.am |
254 | ++++ b/src/Makefile.am |
255 | +@@ -599,7 +599,7 @@ |
256 | + LDFLAGS_ARCH += $(findstring -m64, $(AM_LDFLAGS)) |
257 | + |
258 | + check-local: SHELL?="/usr/bin/env bash" |
259 | +-check-local: |
260 | ++NO-check-local: |
261 | + @case $(host_os) in \ |
262 | + openbsd*) ADDLIBS="-lc" ;; \ |
263 | + darwin*|freebsd*) LDFLAGS_OS="-shared" ;; \ |
264 | diff --git a/debian/patches/series b/debian/patches/series |
265 | index 06acd6e..363903c 100644 |
266 | --- a/debian/patches/series |
267 | +++ b/debian/patches/series |
268 | @@ -1,5 +1,7 @@ |
269 | 0002-fix-man-page-longline-typo.patch |
270 | 0003-set-man-page-date-to-last-changelog.patch |
271 | 0004-fix-ftbfs-bug.patch |
272 | -uninitialized-variable.patch |
273 | -fix-openssl3-compat.patch |
274 | +lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch |
275 | +do_not_inline_makeiv.patch |
276 | +no_local_check.patch |
277 | +lp-1948748-tpm2-Check-return-code-of-BN_div.patch |
278 | diff --git a/debian/patches/uninitialized-variable.patch b/debian/patches/uninitialized-variable.patch |
279 | deleted file mode 100644 |
280 | index 3b17222..0000000 |
281 | --- a/debian/patches/uninitialized-variable.patch |
282 | +++ /dev/null |
283 | @@ -1,31 +0,0 @@ |
284 | -Description: fix issues of variables that may be used before initialization |
285 | - Detected by gcc on Ubuntu/s390x |
286 | -Author: Steve Langasek <steve.langasek@ubuntu.com> |
287 | -Last-Update: 2020-12-09 |
288 | - |
289 | -Index: libtpms-0.8.2-1ubuntu1/src/tpm12/tpm_nvram.c |
290 | -=================================================================== |
291 | ---- libtpms-0.8.2-1ubuntu1.orig/src/tpm12/tpm_nvram.c |
292 | -+++ libtpms-0.8.2-1ubuntu1/src/tpm12/tpm_nvram.c |
293 | -@@ -1290,7 +1290,7 @@ |
294 | - TPM_BOOL physicalPresence; |
295 | - TPM_BOOL isGPIO = FALSE; |
296 | - BYTE *gpioData = NULL; |
297 | -- TPM_NV_DATA_SENSITIVE *d1NvdataSensitive; |
298 | -+ TPM_NV_DATA_SENSITIVE *d1NvdataSensitive = NULL; |
299 | - uint32_t s1Last; |
300 | - |
301 | - /* output parameters */ |
302 | -Index: libtpms-0.8.2-1ubuntu1/src/tpm2/Marshal.c |
303 | -=================================================================== |
304 | ---- libtpms-0.8.2-1ubuntu1.orig/src/tpm2/Marshal.c |
305 | -+++ libtpms-0.8.2-1ubuntu1/src/tpm2/Marshal.c |
306 | -@@ -2193,7 +2193,7 @@ |
307 | - TPM2B_NV_PUBLIC_Marshal(TPM2B_NV_PUBLIC *source, BYTE **buffer, INT32 *size) |
308 | - { |
309 | - UINT16 written = 0; |
310 | -- BYTE *sizePtr; |
311 | -+ BYTE *sizePtr = NULL; |
312 | - |
313 | - if (buffer != NULL) { |
314 | - sizePtr = *buffer; |
315 | diff --git a/dist/libtpms.spec b/dist/libtpms.spec |
316 | index 65a00ad..8635d17 100644 |
317 | --- a/dist/libtpms.spec |
318 | +++ b/dist/libtpms.spec |
319 | @@ -1,7 +1,7 @@ |
320 | # --- libtpm rpm-spec --- |
321 | |
322 | %define name libtpms |
323 | -%define version 0.9.0 |
324 | +%define version 0.9.3 |
325 | %define release 0~dev1 |
326 | |
327 | # Valid crypto subsystems are 'freebl' and 'openssl' |
328 | @@ -112,6 +112,15 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libtpms.la |
329 | %postun -p /sbin/ldconfig |
330 | |
331 | %changelog |
332 | +* Mon Mar 07 2022 Stefan Berger - 0.9.3-1 |
333 | +- Release of version 0.9.3 |
334 | + |
335 | +* Thu Jan 06 2022 Stefan Berger - 0.9.2-1 |
336 | +- Release of version 0.9.2 |
337 | + |
338 | +* Wed Nov 24 2021 Stefan Berger - 0.9.1-1 |
339 | +- Release of version 0.9.1 |
340 | + |
341 | * Wed Sep 29 2021 Stefan Berger - 0.9.0-1 |
342 | - Release of version 0.9.0 (rev. 164) |
343 | |
344 | diff --git a/dist/libtpms.spec.in b/dist/libtpms.spec.in |
345 | index 79ac663..78546d6 100644 |
346 | --- a/dist/libtpms.spec.in |
347 | +++ b/dist/libtpms.spec.in |
348 | @@ -112,6 +112,15 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libtpms.la |
349 | %postun -p /sbin/ldconfig |
350 | |
351 | %changelog |
352 | +* Mon Mar 07 2022 Stefan Berger - 0.9.3-1 |
353 | +- Release of version 0.9.3 |
354 | + |
355 | +* Thu Jan 06 2022 Stefan Berger - 0.9.2-1 |
356 | +- Release of version 0.9.2 |
357 | + |
358 | +* Wed Nov 24 2021 Stefan Berger - 0.9.1-1 |
359 | +- Release of version 0.9.1 |
360 | + |
361 | * Wed Sep 29 2021 Stefan Berger - 0.9.0-1 |
362 | - Release of version 0.9.0 (rev. 164) |
363 | |
364 | diff --git a/include/libtpms/tpm_library.h b/include/libtpms/tpm_library.h |
365 | index 3c7d23d..181e226 100644 |
366 | --- a/include/libtpms/tpm_library.h |
367 | +++ b/include/libtpms/tpm_library.h |
368 | @@ -50,7 +50,7 @@ extern "C" { |
369 | |
370 | #define TPM_LIBRARY_VER_MAJOR 0 |
371 | #define TPM_LIBRARY_VER_MINOR 9 |
372 | -#define TPM_LIBRARY_VER_MICRO 0 |
373 | +#define TPM_LIBRARY_VER_MICRO 3 |
374 | |
375 | #define TPM_LIBRARY_VERSION_GEN(MAJ, MIN, MICRO) \ |
376 | (( MAJ << 16 ) | ( MIN << 8 ) | ( MICRO )) |
377 | diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c |
378 | index 2173e41..c7cd1e0 100644 |
379 | --- a/src/tpm2/NVMarshal.c |
380 | +++ b/src/tpm2/NVMarshal.c |
381 | @@ -1422,6 +1422,11 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size) |
382 | written += UINT16_Marshal(&array_size, buffer, size); |
383 | for (i = 0; i < array_size; i++) |
384 | written += UINT16_Marshal(&data->contextArray[i], buffer, size); |
385 | + |
386 | + if (s_ContextSlotMask != 0x00ff && s_ContextSlotMask != 0xffff) { |
387 | + /* TPM wasn't initialized, so s_ContextSlotMask wasn't set */ |
388 | + s_ContextSlotMask = 0xffff; |
389 | + } |
390 | written += UINT16_Marshal(&s_ContextSlotMask, buffer, size); |
391 | |
392 | written += UINT64_Marshal(&data->contextCounter, buffer, size); |
393 | @@ -3880,7 +3885,7 @@ PACompileConstants_Unmarshal(BYTE **buffer, INT32 *size) |
394 | unsigned i; |
395 | NV_HEADER hdr; |
396 | UINT32 array_size; |
397 | - UINT32 exp_array_size; |
398 | + UINT32 exp_array_size = 0; |
399 | |
400 | if (rc == TPM_RC_SUCCESS) { |
401 | rc = NV_HEADER_Unmarshal(&hdr, buffer, size, |
402 | diff --git a/src/tpm2/Time.c b/src/tpm2/Time.c |
403 | index d13d744..9ff1bb5 100644 |
404 | --- a/src/tpm2/Time.c |
405 | +++ b/src/tpm2/Time.c |
406 | @@ -136,7 +136,16 @@ TimeClockUpdate( |
407 | go.clockSafe = YES; |
408 | // update the time |
409 | go.clock = newTime; |
410 | + |
411 | + /* libtpms: Changing the clock alone does not cause the permanent |
412 | + * state to be written to storage, there must be other |
413 | + * reasons as well. |
414 | + */ |
415 | + UPDATE_TYPE old_g_updateNV = g_updateNV; // libtpms added |
416 | + |
417 | NvWrite(NV_ORDERLY_DATA, sizeof(go), &go); |
418 | + |
419 | + g_updateNV = old_g_updateNV; // libtpms added |
420 | } |
421 | else |
422 | // No NV update needed so just update |
423 | diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c |
424 | index 4ed0438..b5d6b6c 100644 |
425 | --- a/src/tpm2/crypto/openssl/CryptRsa.c |
426 | +++ b/src/tpm2/crypto/openssl/CryptRsa.c |
427 | @@ -1356,10 +1356,9 @@ CryptRsaEncrypt( |
428 | if (tmp == NULL) |
429 | ERROR_RETURN(TPM_RC_FAILURE); |
430 | memcpy(tmp, label->buffer, label->size); |
431 | + if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0) |
432 | + ERROR_RETURN(TPM_RC_FAILURE); |
433 | } |
434 | - // label->size == 0 is supported |
435 | - if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0) |
436 | - ERROR_RETURN(TPM_RC_FAILURE); |
437 | tmp = NULL; |
438 | break; |
439 | default: |
PPA: https:/ /launchpad. net/~paelzer/ +archive/ ubuntu/ libtpms- jammy-0. 9.3/+packages