[yocto] [meta-security][PATCH 15/25] tpm-tools: update to latest 1.3.9.1
Armin Kuster
akuster808 at gmail.com
Sun Sep 16 08:57:09 PDT 2018
refresh patch
backport debian fixes
Fix additional openssl 1.1 issue
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
.../tpm-tools/files/04-fix-FTBFS-clang.patch | 56 +++++++++
.../files/05-openssl1.1_fix_data_mgmt.patch | 110 ++++++++++++++++++
.../tpm-tools/files/openssl1.1_fix.patch | 18 +++
.../tpm-tools/files/tpm-tools-extendpcr.patch | 32 ++---
...{tpm-tools_git.bb => tpm-tools_1.3.9.1.bb} | 7 +-
5 files changed, 204 insertions(+), 19 deletions(-)
create mode 100644 meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch
create mode 100644 meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
create mode 100644 meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch
rename meta-tpm/recipes-tpm/tpm-tools/{tpm-tools_git.bb => tpm-tools_1.3.9.1.bb} (84%)
diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch b/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch
new file mode 100644
index 0000000..5018d45
--- /dev/null
+++ b/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch
@@ -0,0 +1,56 @@
+Title: Fix FTBFS with clang due to uninitialized values
+Date: 2015-06-28
+Author: Alexander <sanek23994 at gmail.com>
+Bug-Debian: http://bugs.debian.org/753063
+
+Upstream-Status: Backport
+tpm-tools_1.3.9.1-0.1.debian.tar
+
+Signed-off-by: Armin kuster <akuster808 at gmail.com>
+
+--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c 2012-05-17 21:49:58.000000000 +0400
++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_present.c 2014-06-29 01:01:11.502081468 +0400
+@@ -165,7 +165,7 @@
+
+ TSS_BOOL bCmd, bHwd;
+ BOOL bRc;
+- TSS_HPOLICY hTpmPolicy;
++ TSS_HPOLICY hTpmPolicy = 0;
+ char *pwd = NULL;
+ int pswd_len;
+ char rsp[5];
+--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_takeownership.c 2010-09-30 21:28:09.000000000 +0400
++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_takeownership.c 2014-06-29 01:01:51.069373655 +0400
+@@ -67,7 +67,7 @@
+ char *szSrkPasswd = NULL;
+ int tpm_len, srk_len;
+ TSS_HTPM hTpm;
+- TSS_HKEY hSrk;
++ TSS_HKEY hSrk = 0;
+ TSS_FLAG fSrkAttrs;
+ TSS_HPOLICY hTpmPolicy, hSrkPolicy;
+ int iRc = -1;
+--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_nvwrite.c 2011-08-17 16:20:35.000000000 +0400
++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_nvwrite.c 2014-06-29 01:02:45.836397172 +0400
+@@ -220,7 +220,7 @@
+ close(fd);
+ fd = -1;
+ } else if (fillvalue >= 0) {
+- if (length < 0) {
++ if (length == 0) {
+ logError(_("Requiring size parameter.\n"));
+ return -1;
+ }
+--- tpm-tools-1.3.8/src/data_mgmt/data_protect.c 2012-05-17 21:49:58.000000000 +0400
++++ tpm-tools-1.3.8-my/src/data_mgmt/data_protect.c 2014-06-29 01:03:49.863254459 +0400
+@@ -432,8 +432,8 @@
+
+ char *pszPin = NULL;
+
+- CK_RV rv;
+- CK_SESSION_HANDLE hSession;
++ CK_RV rv = 0;
++ CK_SESSION_HANDLE hSession = 0;
+ CK_OBJECT_HANDLE hObject;
+ CK_MECHANISM tMechanism = { CKM_AES_ECB, NULL, 0 };
+
diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch b/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
new file mode 100644
index 0000000..c2a264b
--- /dev/null
+++ b/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
@@ -0,0 +1,110 @@
+Author: Philipp Kern <pkern at debian.org>
+Subject: Fix openssl1.1 support in data_mgmt
+Date: Tue, 31 Jan 2017 22:40:10 +0100
+
+Upstream-Status: Backport
+tpm-tools_1.3.9.1-0.1.debian.tar
+
+Signed-off-by: Armin kuster <akuster808 at gmail.com>
+
+---
+ src/data_mgmt/data_import.c | 60 ++++++++++++++++++++++++++++----------------
+ 1 file changed, 39 insertions(+), 21 deletions(-)
+
+--- a/src/data_mgmt/data_import.c
++++ b/src/data_mgmt/data_import.c
+@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile,
+ goto out;
+ }
+
+- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
++ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) {
+ logError( TOKEN_RSA_KEY_ERROR );
+
+ X509_free( pX509 );
+@@ -691,8 +691,13 @@ createRsaPubKeyObject( RSA
+
+ int rc = -1;
+
+- int nLen = BN_num_bytes( a_pRsa->n );
+- int eLen = BN_num_bytes( a_pRsa->e );
++ const BIGNUM *bn;
++ const BIGNUM *be;
++
++ RSA_get0_key( a_pRsa, &bn, &be, NULL );
++
++ int nLen = BN_num_bytes( bn );
++ int eLen = BN_num_bytes( be );
+
+ CK_RV rv;
+
+@@ -732,8 +737,8 @@ createRsaPubKeyObject( RSA
+ }
+
+ // Get binary representations of the RSA key information
+- BN_bn2bin( a_pRsa->n, n );
+- BN_bn2bin( a_pRsa->e, e );
++ BN_bn2bin( bn, n );
++ BN_bn2bin( be, e );
+
+ // Create the RSA public key object
+ rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
+@@ -760,14 +765,27 @@ createRsaPrivKeyObject( RSA
+
+ int rc = -1;
+
+- int nLen = BN_num_bytes( a_pRsa->n );
+- int eLen = BN_num_bytes( a_pRsa->e );
+- int dLen = BN_num_bytes( a_pRsa->d );
+- int pLen = BN_num_bytes( a_pRsa->p );
+- int qLen = BN_num_bytes( a_pRsa->q );
+- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
+- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
+- int iqmpLen = BN_num_bytes( a_pRsa->iqmp );
++ const BIGNUM *bn;
++ const BIGNUM *be;
++ const BIGNUM *bd;
++ const BIGNUM *bp;
++ const BIGNUM *bq;
++ const BIGNUM *bdmp1;
++ const BIGNUM *bdmq1;
++ const BIGNUM *biqmp;
++
++ RSA_get0_key( a_pRsa, &bn, &be, &bd);
++ RSA_get0_factors( a_pRsa, &bp, &bq);
++ RSA_get0_crt_params( a_pRsa, &bdmp1, &bdmq1, &biqmp );
++
++ int nLen = BN_num_bytes( bn );
++ int eLen = BN_num_bytes( be );
++ int dLen = BN_num_bytes( bd );
++ int pLen = BN_num_bytes( bp );
++ int qLen = BN_num_bytes( bq );
++ int dmp1Len = BN_num_bytes( bdmp1 );
++ int dmq1Len = BN_num_bytes( bdmq1 );
++ int iqmpLen = BN_num_bytes( biqmp );
+
+ CK_RV rv;
+
+@@ -821,14 +839,14 @@ createRsaPrivKeyObject( RSA
+ }
+
+ // Get binary representations of the RSA key information
+- BN_bn2bin( a_pRsa->n, n );
+- BN_bn2bin( a_pRsa->e, e );
+- BN_bn2bin( a_pRsa->d, d );
+- BN_bn2bin( a_pRsa->p, p );
+- BN_bn2bin( a_pRsa->q, q );
+- BN_bn2bin( a_pRsa->dmp1, dmp1 );
+- BN_bn2bin( a_pRsa->dmq1, dmq1 );
+- BN_bn2bin( a_pRsa->iqmp, iqmp );
++ BN_bn2bin( bn, n );
++ BN_bn2bin( be, e );
++ BN_bn2bin( bd, d );
++ BN_bn2bin( bp, p );
++ BN_bn2bin( bq, q );
++ BN_bn2bin( bdmp1, dmp1 );
++ BN_bn2bin( bdmq1, dmq1 );
++ BN_bn2bin( biqmp, iqmp );
+
+ // Create the RSA private key object
+ rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch b/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch
new file mode 100644
index 0000000..9ae3f72
--- /dev/null
+++ b/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch
@@ -0,0 +1,18 @@
+Upstream-Status: Pending
+Update to build with openssl 1.1.x
+
+Signed-off-by: Armin Kuster <akuster808 at gmail.com>
+
+Index: git/src/cmds/tpm_extendpcr.c
+===================================================================
+--- git.orig/src/cmds/tpm_extendpcr.c
++++ git/src/cmds/tpm_extendpcr.c
+@@ -136,7 +136,7 @@ int main(int argc, char **argv)
+
+ unsigned char msg[EVP_MAX_MD_SIZE];
+ unsigned int msglen;
+- EVP_MD_CTX ctx;
++ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+ EVP_DigestInit(&ctx, EVP_sha1());
+ while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0)
+ EVP_DigestUpdate(&ctx, line, lineLen);
diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch b/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
index ab5e683..40150af 100644
--- a/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
+++ b/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
@@ -1,8 +1,8 @@
-Index: tpm-tools-1.3.8/include/tpm_tspi.h
+Index: git/include/tpm_tspi.h
===================================================================
---- tpm-tools-1.3.8.orig/include/tpm_tspi.h 2011-08-17 08:20:35.000000000 -0400
-+++ tpm-tools-1.3.8/include/tpm_tspi.h 2013-01-05 23:26:31.571598217 -0500
-@@ -117,6 +117,10 @@
+--- git.orig/include/tpm_tspi.h
++++ git/include/tpm_tspi.h
+@@ -117,6 +117,10 @@ TSS_RESULT tpmPcrRead(TSS_HTPM a_hTpm, U
UINT32 *a_PcrSize, BYTE **a_PcrValue);
TSS_RESULT pcrcompositeSetPcrValue(TSS_HPCRS a_hPcrs, UINT32 a_Idx,
UINT32 a_PcrSize, BYTE *a_PcrValue);
@@ -13,11 +13,11 @@ Index: tpm-tools-1.3.8/include/tpm_tspi.h
#ifdef TSS_LIB_IS_12
TSS_RESULT unloadVersionInfo(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v);
TSS_RESULT pcrcompositeSetPcrLocality(TSS_HPCRS a_hPcrs, UINT32 localityValue);
-Index: tpm-tools-1.3.8/lib/tpm_tspi.c
+Index: git/lib/tpm_tspi.c
===================================================================
---- tpm-tools-1.3.8.orig/lib/tpm_tspi.c 2011-08-17 08:20:35.000000000 -0400
-+++ tpm-tools-1.3.8/lib/tpm_tspi.c 2013-01-05 23:27:37.731593490 -0500
-@@ -594,6 +594,20 @@
+--- git.orig/lib/tpm_tspi.c
++++ git/lib/tpm_tspi.c
+@@ -594,6 +594,20 @@ pcrcompositeSetPcrValue(TSS_HPCRS a_hPcr
return result;
}
@@ -38,10 +38,10 @@ Index: tpm-tools-1.3.8/lib/tpm_tspi.c
#ifdef TSS_LIB_IS_12
/*
* These getPasswd functions will wrap calls to the other functions and check to see if the TSS
-Index: tpm-tools-1.3.8/src/cmds/Makefile.am
+Index: git/src/cmds/Makefile.am
===================================================================
---- tpm-tools-1.3.8.orig/src/cmds/Makefile.am 2011-08-15 13:52:08.000000000 -0400
-+++ tpm-tools-1.3.8/src/cmds/Makefile.am 2013-01-05 23:30:46.223593698 -0500
+--- git.orig/src/cmds/Makefile.am
++++ git/src/cmds/Makefile.am
@@ -22,6 +22,7 @@
#
@@ -50,16 +50,16 @@ Index: tpm-tools-1.3.8/src/cmds/Makefile.am
tpm_unsealdata
if TSS_LIB_IS_12
-@@ -33,4 +34,5 @@
- LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi $(top_builddir)/lib/libtpm_unseal.la -ltpm_unseal -lcrypto
+@@ -33,4 +34,5 @@ endif
+ LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi $(top_builddir)/lib/libtpm_unseal.la -ltpm_unseal -lcrypto @INTLLIBS@
tpm_sealdata_SOURCES = tpm_sealdata.c
+tpm_extendpcr_SOURCES = tpm_extendpcr.c
tpm_unsealdata_SOURCES = tpm_unsealdata.c
-Index: tpm-tools-1.3.8/src/cmds/tpm_extendpcr.c
+Index: git/src/cmds/tpm_extendpcr.c
===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ tpm-tools-1.3.8/src/cmds/tpm_extendpcr.c 2013-01-05 23:37:43.403585514 -0500
+--- /dev/null
++++ git/src/cmds/tpm_extendpcr.c
@@ -0,0 +1,181 @@
+/*
+ * The Initial Developer of the Original Code is International
diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
similarity index 84%
rename from meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb
rename to meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
index f670bff..88ef19f 100644
--- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb
+++ b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
@@ -12,14 +12,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"
DEPENDS = "libtspi openssl"
DEPENDS_class-native = "trousers-native"
-SRCREV = "5c5126bedf2da97906358adcfb8c43c86e7dd0ee"
+SRCREV = "bdf9f1bc8f63cd6fc370c2deb58d03ac55079e84"
SRC_URI = " \
git://git.code.sf.net/p/trousers/tpm-tools \
file://tpm-tools-extendpcr.patch \
+ file://04-fix-FTBFS-clang.patch \
+ file://05-openssl1.1_fix_data_mgmt.patch \
+ file://openssl1.1_fix.patch \
"
-PV = "1.3.9.1+git${SRCPV}"
-
inherit autotools-brokensep gettext
S = "${WORKDIR}/git"
--
2.17.1
More information about the yocto
mailing list