Ubuntu
libtpms package

Merge ~paelzer/ubuntu/+source/libtpms:0.9.3-JAMMY into ubuntu/+source/libtpms:ubuntu/jammy-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/libtpms
  3. 0.9.3-JAMMY
  4. Merge into ubuntu/jammy-devel
Proposed by Christian Ehrhardt 
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: 655b6b57b3e02a940f50a68fd12a2a09944c56db
Proposed branch: ~paelzer/ubuntu/+source/libtpms:0.9.3-JAMMY
Merge into: ubuntu/+source/libtpms:ubuntu/jammy-devel
Diff against target: 439 lines (+198/-44)
15 files modified
CHANGES (+12/-0)
configure.ac (+7/-5)
debian/changelog (+16/-0)
debian/patches/do_not_inline_makeiv.patch (+23/-0)
debian/patches/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch (+37/-0)
debian/patches/lp-1948748-tpm2-Check-return-code-of-BN_div.patch (+36/-0)
debian/patches/no_local_check.patch (+26/-0)
debian/patches/series (+4/-2)
dev/null (+0/-31)
dist/libtpms.spec (+10/-1)
dist/libtpms.spec.in (+9/-0)
include/libtpms/tpm_library.h (+1/-1)
src/tpm2/NVMarshal.c (+6/-1)
src/tpm2/Time.c (+9/-0)
src/tpm2/crypto/openssl/CryptRsa.c (+2/-3)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Pending
git-ubuntu import Pending
Review via email: mp+417854@code.launchpad.net
To post a comment you must log in.
~paelzer/ubuntu/+source/libtpms:0.9.3-JAMMY updated
75bd422... by Christian Ehrhardt 

d/p/do_not_inline_makeiv.patch pull ppc64 fix from upstream as identified and added to debian 0.9.2-3

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~paelzer/+archive/ubuntu/libtpms-jammy-0.9.3/+packages

~paelzer/ubuntu/+source/libtpms:0.9.3-JAMMY updated
1b754c7... by Christian Ehrhardt 

d/p/no_local_check.patch pull ppc64 fix from upstream as identified and added to debian 0.9.2-3

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Autopkgtest (I skipped the rather busy arm architectures) are still good:

https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-paelzer-libtpms-jammy-0.9.3/jammy/amd64/libt/libtpms/20220330_120730_f1dd2@/log.gz
https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-paelzer-libtpms-jammy-0.9.3/jammy/s390x/libt/libtpms/20220330_120906_7eb14@/log.gz

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Taking a look

Revision history for this message
Andreas Hasenack (ahasenack) :
review: Needs Information
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

replied to Andreas (inline)

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

- no ffe needed
- changes match upstream 0.9.3
- build is fine

no other concerns

review: Approve
~paelzer/ubuntu/+source/libtpms:0.9.3-JAMMY updated
8f2d086... by Christian Ehrhardt 

drop d/p/uninitialized-variable.patch: no more needed

Signed-off-by: Christian Ehrhardt <email address hidden>

18776b3... by Christian Ehrhardt 

changelog: drop d/p/uninitialized-variable.patch

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

After talking with the upstream maintainer we found that some former Delta for gcc issues is no more needed. Dropped that - otherwise the same.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

And d/p/no_local_check.patch. do we still need that for ppc64el, or was that also resolved by the gcc update in jammy that landed eventually?

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Yes, I tried without, but both:
- d/p/no_local_check.patch
- d/p/do_not_inline_makeiv.patch
are still needed.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

review: Approve
~paelzer/ubuntu/+source/libtpms:0.9.3-JAMMY updated
10048b1... by Christian Ehrhardt 

d/p/lp-1948748-tpm2-Check-return-code-of-BN_div.patch: fix coverity finding

Signed-off-by: Christian Ehrhardt <email address hidden>

655b6b5... by Christian Ehrhardt 

changelog: fix coverity finding

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Rebuilds, Sanity tests and autopkgtests with the new version worked well.
Uploading to get this ready for promotion to main next week.

https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-paelzer-libtpms-jammy-0.9.3/jammy/amd64/s/swtpm/20220401_082349_d55dd@/log.gz
https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-paelzer-libtpms-jammy-0.9.3/jammy/s390x/s/swtpm/20220401_082451_d55dd@/log.gz

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading libtpms_0.9.3-0ubuntu1.dsc: done.
  Uploading libtpms_0.9.3.orig.tar.gz: done.
  Uploading libtpms_0.9.3-0ubuntu1.debian.tar.xz: done.
  Uploading libtpms_0.9.3-0ubuntu1_source.buildinfo: done.
  Uploading libtpms_0.9.3-0ubuntu1_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/CHANGES b/CHANGES
2index 3030ad1..cc29036 100644
3--- a/CHANGES
4+++ b/CHANGES
5@@ -1,5 +1,17 @@
6 CHANGES - changes for libtpms
7
8+version 0.9.3:
9+ - build-sys: Add probing for -fstack-protector
10+ - tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size
11+ (OSSL 3)
12+
13+version 0.9.2:
14+ - tpm2: When writing state initialize s_ContextSlotMask if not set
15+
16+version 0.9.1:
17+ - tpm2: Do not write permanent state if only clock changed
18+ - tpm2: Fix "maybe-uninitialized" warning
19+
20 version 0.9.0:
21 - NOTE: Downgrade to previous versions is not possible. See below.
22 - The size of the context gap has been adjusted to 0xffff from 0xff.
23diff --git a/configure.ac b/configure.ac
24index 5f995a8..3fbdf67 100644
25--- a/configure.ac
26+++ b/configure.ac
27@@ -3,7 +3,7 @@
28 #
29 # See the LICENSE file for the license associated with this file.
30
31-AC_INIT([libtpms],[0.9.0])
32+AC_INIT([libtpms],[0.9.3])
33 AC_PREREQ([2.69])
34 AC_CONFIG_SRCDIR(Makefile.am)
35 AC_CONFIG_AUX_DIR([.])
36@@ -284,10 +284,12 @@ AC_ARG_ENABLE([hardening],
37 AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))
38
39 if test "x$enable_hardening" != "xno"; then
40- # Some versions of gcc fail with -Wstack-protector enabled
41- TMP="$($CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>&1)"
42- if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then
43- HARDENING_CFLAGS="-fstack-protector "
44+ # Some versions of gcc fail with -Wstack-protector,
45+ # some with -Wstack-protector-strong enabled
46+ if ! $CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>/dev/null; then
47+ if $CC -fstack-protector $srcdir/include/libtpms/tpm_error.h 2>/dev/null; then
48+ HARDENING_CFLAGS="-fstack-protector "
49+ fi
50 else
51 HARDENING_CFLAGS="-fstack-protector-strong "
52 fi
53diff --git a/debian/changelog b/debian/changelog
54index 171710d..39a3019 100644
55--- a/debian/changelog
56+++ b/debian/changelog
57@@ -1,3 +1,19 @@
58+libtpms (0.9.3-0ubuntu1) jammy; urgency=medium
59+
60+ * merge 0.9.3 from upstram to stabilize libtpms in jammy; related to
61+ but not fixing (LP: 1948748)
62+ - d/p/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch:
63+ avoid bad shift
64+ - drop d/p/fix-openssl3-compat.patch: part of 0.9.3
65+ - drop d/p/uninitialized-variable.patch: no more needed
66+ - ppc64 fixes from upstream as identified and added to debian 0.9.2-3
67+ + d/p/do_not_inline_makeiv.patch
68+ + d/p/no_local_check.patch
69+ - d/p/lp-1948748-tpm2-Check-return-code-of-BN_div.patch: fix
70+ coverity finding
71+
72+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 30 Mar 2022 09:04:10 +0200
73+
74 libtpms (0.9.0-0ubuntu4) jammy; urgency=medium
75
76 * d/p/fix-openssl3-compat.patch: Cherry-picked from upstream (LP: #1962601)
77diff --git a/debian/patches/do_not_inline_makeiv.patch b/debian/patches/do_not_inline_makeiv.patch
78new file mode 100644
79index 0000000..06bf2d0
80--- /dev/null
81+++ b/debian/patches/do_not_inline_makeiv.patch
82@@ -0,0 +1,23 @@
83+Description: Do not inline MakeIV due toppc64 compiler issue
84+ The ppc64 gcc compiler has an issue with MakeIv.
85+Forwarded: no
86+X-Not-Forwarded-Reason: only needed for a gcc bug in Ubuntu
87+Origin: https://github.com/stefanberger/libtpms/issues/297
88+Last-Update: 2022-03-30
89+
90+---
91+ src/tpm2/AlgorithmTests.c | 3 +++
92+ 1 file changed, 3 insertions(+)
93+
94+--- a/src/tpm2/AlgorithmTests.c
95++++ b/src/tpm2/AlgorithmTests.c
96+@@ -179,6 +179,9 @@
97+ /* 10.2.1.4.1 MakeIv() */
98+ /* Internal function to make the appropriate IV depending on the mode. */
99+ static UINT32
100++#if defined(__powerpc64__)
101++__attribute__((noinline))
102++#endif
103+ MakeIv(
104+ TPM_ALG_ID mode, // IN: symmetric mode
105+ UINT32 size, // IN: block size of the algorithm
106diff --git a/debian/patches/fix-openssl3-compat.patch b/debian/patches/fix-openssl3-compat.patch
107deleted file mode 100644
108index e318f12..0000000
109--- a/debian/patches/fix-openssl3-compat.patch
110+++ /dev/null
111@@ -1,35 +0,0 @@
112-From e4261984374556da65c9d46097d5a1200b335c0c Mon Sep 17 00:00:00 2001
113-From: Juergen Repp <juergen.repp@sit.fraunhofer.de>
114-Date: Sat, 19 Feb 2022 12:59:32 +0100
115-Origin: https://github.com/stefanberger/libtpms/pull/294
116-Subject: [PATCH] tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for
117- label of size 0 (OSSL 3)
118-
119-Openssl 3.0 did return an error if EVP_PKEY_CTX_set0_rsa_oaep_label was called
120-with label size 0. The function should only be called if the size of the label
121-is greater 0.
122-With this fix TPM2_RSA_Encrypt/Decrypt did work with OpenSSL 1.1 and 3.0
123-for encryption without label.
124-
125-Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
126----
127- src/tpm2/crypto/openssl/CryptRsa.c | 5 ++---
128- 1 file changed, 2 insertions(+), 3 deletions(-)
129-
130-diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
131-index 4ed04384f..b5d6b6c3b 100644
132---- a/src/tpm2/crypto/openssl/CryptRsa.c
133-+++ b/src/tpm2/crypto/openssl/CryptRsa.c
134-@@ -1356,10 +1356,9 @@ CryptRsaEncrypt(
135- if (tmp == NULL)
136- ERROR_RETURN(TPM_RC_FAILURE);
137- memcpy(tmp, label->buffer, label->size);
138-+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
139-+ ERROR_RETURN(TPM_RC_FAILURE);
140- }
141-- // label->size == 0 is supported
142-- if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
143-- ERROR_RETURN(TPM_RC_FAILURE);
144- tmp = NULL;
145- break;
146- default:
147diff --git a/debian/patches/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch b/debian/patches/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch
148new file mode 100644
149index 0000000..8d90d3e
150--- /dev/null
151+++ b/debian/patches/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch
152@@ -0,0 +1,37 @@
153+From d78a4520ba3157087e1e438b519618f26d85fae3 Mon Sep 17 00:00:00 2001
154+From: Stefan Berger <stefanb@linux.ibm.com>
155+Date: Wed, 16 Feb 2022 11:49:11 -0500
156+Subject: [PATCH] tpm2: Address Coverity Issue by casting '1' before shift (CID
157+ 1470813)
158+
159+Cast the '1' to UINT64 before shifting it.
160+
161+Since the shift value is always below 32 it would have never exceeded
162+the 32bit value it was using before the cast.
163+
164+Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
165+
166+Origin: upstream, https://github.com/stefanberger/libtpms/commit/d78a4520ba31
167+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1948748
168+Last-Update: 2022-03-30
169+
170+---
171+ src/tpm2/NVMarshal.c | 2 +-
172+ 1 file changed, 1 insertion(+), 1 deletion(-)
173+
174+diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
175+index c7cd1e0..cdac3e2 100644
176+--- a/src/tpm2/NVMarshal.c
177++++ b/src/tpm2/NVMarshal.c
178+@@ -806,7 +806,7 @@ pcrbanks_algs_active(const TPML_PCR_SELECTION *pcrAllocated)
179+ for(i = 0; i < pcrAllocated->count; i++) {
180+ for (j = 0; j < pcrAllocated->pcrSelections[i].sizeofSelect; j++) {
181+ if (pcrAllocated->pcrSelections[i].pcrSelect[j]) {
182+- algs_active |= 1 << pcrAllocated->pcrSelections[i].hash;
183++ algs_active |= ((UINT64)1 << pcrAllocated->pcrSelections[i].hash);
184+ break;
185+ }
186+ }
187+--
188+2.35.1
189+
190diff --git a/debian/patches/lp-1948748-tpm2-Check-return-code-of-BN_div.patch b/debian/patches/lp-1948748-tpm2-Check-return-code-of-BN_div.patch
191new file mode 100644
192index 0000000..9fb17e6
193--- /dev/null
194+++ b/debian/patches/lp-1948748-tpm2-Check-return-code-of-BN_div.patch
195@@ -0,0 +1,36 @@
196+From 897c8f869754d01639741cecf9fee8f0a7b5d740 Mon Sep 17 00:00:00 2001
197+From: Stefan Berger <stefanb@linux.ibm.com>
198+Date: Wed, 30 Mar 2022 10:14:51 -0400
199+Subject: [PATCH] tpm2: Check return code of BN_div()
200+
201+Check the return code of BN_div() when calculating Q and Qr of
202+a private key.
203+
204+Resolves: https://github.com/stefanberger/libtpms/issues/304
205+Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
206+
207+Origin: upstream, https://github.com/stefanberger/libtpms/commit/897c8f869754
208+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1948748
209+Last-Update: 2022-04-01
210+
211+---
212+ src/tpm2/crypto/openssl/Helpers.c | 3 +--
213+ 1 file changed, 1 insertion(+), 2 deletions(-)
214+
215+diff --git a/src/tpm2/crypto/openssl/Helpers.c b/src/tpm2/crypto/openssl/Helpers.c
216+index f47cdbf..a923436 100644
217+--- a/src/tpm2/crypto/openssl/Helpers.c
218++++ b/src/tpm2/crypto/openssl/Helpers.c
219+@@ -521,8 +521,7 @@ InitOpenSSLRSAPrivateKey(OBJECT *rsaKey, // IN
220+ ERROR_RETURN(TPM_RC_FAILURE);
221+ /* Q = N/P; no remainder */
222+ BN_set_flags(P, BN_FLG_CONSTTIME); // P is secret
223+- BN_div(Q, Qr, N, P, ctx);
224+- if(!BN_is_zero(Qr))
225++ if (!BN_div(Q, Qr, N, P, ctx) || !BN_is_zero(Qr))
226+ ERROR_RETURN(TPM_RC_BINDING);
227+ BN_set_flags(Q, BN_FLG_CONSTTIME); // Q is secret
228+
229+--
230+2.35.1
231+
232diff --git a/debian/patches/no_local_check.patch b/debian/patches/no_local_check.patch
233new file mode 100644
234index 0000000..0e6f1da
235--- /dev/null
236+++ b/debian/patches/no_local_check.patch
237@@ -0,0 +1,26 @@
238+Description: Do not run check-local due to bug in ppc64 gcc on Jammy
239+
240+ppc64 gcc has a bug causing issued in check-local.
241+Therefore, do not run check-local while ppc64 gcc is broken
242+on Ubuntu Jammy.
243+
244+Forwarded: no
245+X-Not-Forwarded-Reason: only needed for a gcc bug in Ubuntu
246+Origin: https://github.com/stefanberger/libtpms/issues/298
247+Last-Update: 2022-03-30
248+
249+---
250+ src/Makefile.am | 2 +-
251+ 1 file changed, 1 insertion(+), 1 deletion(-)
252+
253+--- a/src/Makefile.am
254++++ b/src/Makefile.am
255+@@ -599,7 +599,7 @@
256+ LDFLAGS_ARCH += $(findstring -m64, $(AM_LDFLAGS))
257+
258+ check-local: SHELL?="/usr/bin/env bash"
259+-check-local:
260++NO-check-local:
261+ @case $(host_os) in \
262+ openbsd*) ADDLIBS="-lc" ;; \
263+ darwin*|freebsd*) LDFLAGS_OS="-shared" ;; \
264diff --git a/debian/patches/series b/debian/patches/series
265index 06acd6e..363903c 100644
266--- a/debian/patches/series
267+++ b/debian/patches/series
268@@ -1,5 +1,7 @@
269 0002-fix-man-page-longline-typo.patch
270 0003-set-man-page-date-to-last-changelog.patch
271 0004-fix-ftbfs-bug.patch
272-uninitialized-variable.patch
273-fix-openssl3-compat.patch
274+lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch
275+do_not_inline_makeiv.patch
276+no_local_check.patch
277+lp-1948748-tpm2-Check-return-code-of-BN_div.patch
278diff --git a/debian/patches/uninitialized-variable.patch b/debian/patches/uninitialized-variable.patch
279deleted file mode 100644
280index 3b17222..0000000
281--- a/debian/patches/uninitialized-variable.patch
282+++ /dev/null
283@@ -1,31 +0,0 @@
284-Description: fix issues of variables that may be used before initialization
285- Detected by gcc on Ubuntu/s390x
286-Author: Steve Langasek <steve.langasek@ubuntu.com>
287-Last-Update: 2020-12-09
288-
289-Index: libtpms-0.8.2-1ubuntu1/src/tpm12/tpm_nvram.c
290-===================================================================
291---- libtpms-0.8.2-1ubuntu1.orig/src/tpm12/tpm_nvram.c
292-+++ libtpms-0.8.2-1ubuntu1/src/tpm12/tpm_nvram.c
293-@@ -1290,7 +1290,7 @@
294- TPM_BOOL physicalPresence;
295- TPM_BOOL isGPIO = FALSE;
296- BYTE *gpioData = NULL;
297-- TPM_NV_DATA_SENSITIVE *d1NvdataSensitive;
298-+ TPM_NV_DATA_SENSITIVE *d1NvdataSensitive = NULL;
299- uint32_t s1Last;
300-
301- /* output parameters */
302-Index: libtpms-0.8.2-1ubuntu1/src/tpm2/Marshal.c
303-===================================================================
304---- libtpms-0.8.2-1ubuntu1.orig/src/tpm2/Marshal.c
305-+++ libtpms-0.8.2-1ubuntu1/src/tpm2/Marshal.c
306-@@ -2193,7 +2193,7 @@
307- TPM2B_NV_PUBLIC_Marshal(TPM2B_NV_PUBLIC *source, BYTE **buffer, INT32 *size)
308- {
309- UINT16 written = 0;
310-- BYTE *sizePtr;
311-+ BYTE *sizePtr = NULL;
312-
313- if (buffer != NULL) {
314- sizePtr = *buffer;
315diff --git a/dist/libtpms.spec b/dist/libtpms.spec
316index 65a00ad..8635d17 100644
317--- a/dist/libtpms.spec
318+++ b/dist/libtpms.spec
319@@ -1,7 +1,7 @@
320 # --- libtpm rpm-spec ---
321
322 %define name libtpms
323-%define version 0.9.0
324+%define version 0.9.3
325 %define release 0~dev1
326
327 # Valid crypto subsystems are 'freebl' and 'openssl'
328@@ -112,6 +112,15 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libtpms.la
329 %postun -p /sbin/ldconfig
330
331 %changelog
332+* Mon Mar 07 2022 Stefan Berger - 0.9.3-1
333+- Release of version 0.9.3
334+
335+* Thu Jan 06 2022 Stefan Berger - 0.9.2-1
336+- Release of version 0.9.2
337+
338+* Wed Nov 24 2021 Stefan Berger - 0.9.1-1
339+- Release of version 0.9.1
340+
341 * Wed Sep 29 2021 Stefan Berger - 0.9.0-1
342 - Release of version 0.9.0 (rev. 164)
343
344diff --git a/dist/libtpms.spec.in b/dist/libtpms.spec.in
345index 79ac663..78546d6 100644
346--- a/dist/libtpms.spec.in
347+++ b/dist/libtpms.spec.in
348@@ -112,6 +112,15 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libtpms.la
349 %postun -p /sbin/ldconfig
350
351 %changelog
352+* Mon Mar 07 2022 Stefan Berger - 0.9.3-1
353+- Release of version 0.9.3
354+
355+* Thu Jan 06 2022 Stefan Berger - 0.9.2-1
356+- Release of version 0.9.2
357+
358+* Wed Nov 24 2021 Stefan Berger - 0.9.1-1
359+- Release of version 0.9.1
360+
361 * Wed Sep 29 2021 Stefan Berger - 0.9.0-1
362 - Release of version 0.9.0 (rev. 164)
363
364diff --git a/include/libtpms/tpm_library.h b/include/libtpms/tpm_library.h
365index 3c7d23d..181e226 100644
366--- a/include/libtpms/tpm_library.h
367+++ b/include/libtpms/tpm_library.h
368@@ -50,7 +50,7 @@ extern "C" {
369
370 #define TPM_LIBRARY_VER_MAJOR 0
371 #define TPM_LIBRARY_VER_MINOR 9
372-#define TPM_LIBRARY_VER_MICRO 0
373+#define TPM_LIBRARY_VER_MICRO 3
374
375 #define TPM_LIBRARY_VERSION_GEN(MAJ, MIN, MICRO) \
376 (( MAJ << 16 ) | ( MIN << 8 ) | ( MICRO ))
377diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
378index 2173e41..c7cd1e0 100644
379--- a/src/tpm2/NVMarshal.c
380+++ b/src/tpm2/NVMarshal.c
381@@ -1422,6 +1422,11 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
382 written += UINT16_Marshal(&array_size, buffer, size);
383 for (i = 0; i < array_size; i++)
384 written += UINT16_Marshal(&data->contextArray[i], buffer, size);
385+
386+ if (s_ContextSlotMask != 0x00ff && s_ContextSlotMask != 0xffff) {
387+ /* TPM wasn't initialized, so s_ContextSlotMask wasn't set */
388+ s_ContextSlotMask = 0xffff;
389+ }
390 written += UINT16_Marshal(&s_ContextSlotMask, buffer, size);
391
392 written += UINT64_Marshal(&data->contextCounter, buffer, size);
393@@ -3880,7 +3885,7 @@ PACompileConstants_Unmarshal(BYTE **buffer, INT32 *size)
394 unsigned i;
395 NV_HEADER hdr;
396 UINT32 array_size;
397- UINT32 exp_array_size;
398+ UINT32 exp_array_size = 0;
399
400 if (rc == TPM_RC_SUCCESS) {
401 rc = NV_HEADER_Unmarshal(&hdr, buffer, size,
402diff --git a/src/tpm2/Time.c b/src/tpm2/Time.c
403index d13d744..9ff1bb5 100644
404--- a/src/tpm2/Time.c
405+++ b/src/tpm2/Time.c
406@@ -136,7 +136,16 @@ TimeClockUpdate(
407 go.clockSafe = YES;
408 // update the time
409 go.clock = newTime;
410+
411+ /* libtpms: Changing the clock alone does not cause the permanent
412+ * state to be written to storage, there must be other
413+ * reasons as well.
414+ */
415+ UPDATE_TYPE old_g_updateNV = g_updateNV; // libtpms added
416+
417 NvWrite(NV_ORDERLY_DATA, sizeof(go), &go);
418+
419+ g_updateNV = old_g_updateNV; // libtpms added
420 }
421 else
422 // No NV update needed so just update
423diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
424index 4ed0438..b5d6b6c 100644
425--- a/src/tpm2/crypto/openssl/CryptRsa.c
426+++ b/src/tpm2/crypto/openssl/CryptRsa.c
427@@ -1356,10 +1356,9 @@ CryptRsaEncrypt(
428 if (tmp == NULL)
429 ERROR_RETURN(TPM_RC_FAILURE);
430 memcpy(tmp, label->buffer, label->size);
431+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
432+ ERROR_RETURN(TPM_RC_FAILURE);
433 }
434- // label->size == 0 is supported
435- if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
436- ERROR_RETURN(TPM_RC_FAILURE);
437 tmp = NULL;
438 break;
439 default:

Subscribers

People subscribed via source and target branches