Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package tpm2-0-tss for openSUSE:Factory checked in at 2021-02-01 13:25:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tpm2-0-tss (Old)
and /work/SRC/openSUSE:Factory/.tpm2-0-tss.new.28504 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm2-0-tss"
Mon Feb 1 13:25:56 2021 rev:25 rq:867410 version:3.0.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/tpm2-0-tss/tpm2-0-tss.changes 2020-10-28 09:58:47.723162099 +0100
+++ /work/SRC/openSUSE:Factory/.tpm2-0-tss.new.28504/tpm2-0-tss.changes 2021-02-01 13:26:06.133906933 +0100
@@ -1,0 +2,25 @@
+Thu Jan 28 09:18:58 UTC 2021 - Matthias Gerstner
+
+- update to 3.0.3:
+ - changes in 3.0.3:
+ * Fix Regression in Fapi_List
+ * Fix memory leak in policy calculation
+ - changes in 3.0.2:
+ * FAPI: Fix setting of the system flag of NV objects
+ * This will let NV object metadata be created system-wide always instead of
+ * locally in the user. Existing metadata will remain in the user directory.
+ * It can be moved to the corresponding systemstore manually if needed.
+ * FAPI: Fix policy searching, when a policyRef was provided
+ * FAPI: Accept EK-Certs without CRL dist point
+ * FAPI: Fix return codes of Fapi_List
+ * FAPI: Fix memleak in policy execution
+ * FAPI: Fix coverity NULL-pointer check
+ * FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
+ * FAPI: Fix deleting of policy files.
+ * FAPI: Fix wrong file loading during object search.
+ * Fapi: Fix memory leak
+ * Fapi: Fix potential NULL-Dereference
+ * Fapi: Remove superfluous NULL check
+ * Fix a memory leak in async keystore load.
+
+-------------------------------------------------------------------
Old:
----
tpm2-tss-3.0.1.tar.gz
New:
----
tpm2-tss-3.0.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tpm2-0-tss.spec ++++++
--- /var/tmp/diff_new_pack.7KMblM/_old 2021-02-01 13:26:07.253908676 +0100
+++ /var/tmp/diff_new_pack.7KMblM/_new 2021-02-01 13:26:07.257908682 +0100
@@ -1,7 +1,7 @@
#
# spec file for package tpm2-0-tss
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: tpm2-0-tss
-Version: 3.0.1
+Version: 3.0.3
Release: 0
Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips
License: BSD-2-Clause
@@ -268,12 +268,12 @@
%{_tmpfilesdir}/tpm2-tss-fapi.conf
# this would fix "tmpfile-not-in-filelist" warnings but when adding these
# entries then it complains about "directories not owned by a package:" for
-# /run/tpm2-0-tss & friends. When adding them as %ghost, too, then Leap15.1
+# /run/tpm2-0-tss & friends. When adding them as %%ghost, too, then Leap15.1
# complains about "found conflict of libtss2-fapi1-3.0.1-lp152.103.1.x86_64
# with libtss2-fapi1-3.0.1-lp152.103.1.x86_64". Thus leave it be for the
# moment, some insane circle of errors is involved here.
-#%%ghost %{_sharedstatedir}/%{name}/system/keystore
-#%%ghost %{_rundir}/%{name}/eventlog
+# %%ghost %%{_sharedstatedir}/%%{name}/system/keystore
+# %%ghost %%{_rundir}/%%{name}/eventlog
%files -n libtss2-tcti-cmd0
%defattr(-,root,root)
++++++ _service ++++++
--- /var/tmp/diff_new_pack.7KMblM/_old 2021-02-01 13:26:07.285908726 +0100
+++ /var/tmp/diff_new_pack.7KMblM/_new 2021-02-01 13:26:07.285908726 +0100
@@ -2,7 +2,7 @@
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/intel/tpm2-tss.git</param>
<param name="scm">git</param>
- <param name="revision">2.3.3</param>
+ <param name="revision">3.0.3</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">disable</param>
</service>
++++++ tpm2-tss-3.0.1.tar.gz -> tpm2-tss-3.0.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/AUTHORS new/tpm2-tss-3.0.3/AUTHORS
--- old/tpm2-tss-3.0.1/AUTHORS 2020-09-23 17:46:34.000000000 +0200
+++ new/tpm2-tss-3.0.3/AUTHORS 2020-11-25 15:11:20.000000000 +0100
@@ -48,6 +48,7 @@
Safayet N Ahmed
Michael Eckel
Juergen Repp
+John Andersen
Johannes Holland
Joe Richey
Jerry Snitselaar
@@ -65,6 +66,7 @@
Seunghun Han
Safayet Ahmed
root
+Roman Kagan
Richard Yoo
Michael Nix
Matthias Gerstner
@@ -78,7 +80,6 @@
lakshminarayanand
Julian Trzeciak
joselacour11@hotmail.com
-John Andersen
Jia Zhang
Imran Desai
genofire
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/CHANGELOG.md new/tpm2-tss-3.0.3/CHANGELOG.md
--- old/tpm2-tss-3.0.1/CHANGELOG.md 2020-09-23 17:45:47.000000000 +0200
+++ new/tpm2-tss-3.0.3/CHANGELOG.md 2020-11-25 15:10:56.000000000 +0100
@@ -3,6 +3,30 @@
The format is based on [Keep a Changelog](http://keepachangelog.com/)
+## [3.0.3] - 2020-11-25
+### Changed or Fixed
+- Fix Regression in Fapi_List
+- Fix memory leak in policy calculation
+
+## [3.0.2] - 2020-11-20
+### Changed or Fixed
+- FAPI: Fix setting of the system flag of NV objects
+ This will let NV object metadata be created system-wide always instead of
+ locally in the user. Existing metadata will remain in the user directory.
+ It can be moved to the corresponding systemstore manually if needed.
+- FAPI: Fix policy searching, when a policyRef was provided
+- FAPI: Accept EK-Certs without CRL dist point
+- FAPI: Fix return codes of Fapi_List
+- FAPI: Fix memleak in policy execution
+- FAPI: Fix coverity NULL-pointer check
+- FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
+- FAPI: Fix deleting of policy files.
+- FAPI: Fix wrong file loading during object search.
+- Fapi: Fix memory leak
+- Fapi: Fix potential NULL-Dereference
+- Fapi: Remove superfluous NULL check
+- Fix a memory leak in async keystore load.
+
## [3.0.1] - 2020-09-23
### Changed or Fixed
- Fix CVE-2020-24455 FAPI PolicyPCR not instatiating correctly
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/Makefile.in new/tpm2-tss-3.0.3/Makefile.in
--- old/tpm2-tss-3.0.1/Makefile.in 2020-09-23 17:47:04.000000000 +0200
+++ new/tpm2-tss-3.0.3/Makefile.in 2020-11-25 15:11:13.000000000 +0100
@@ -20,7 +20,7 @@
# All rights reserved.
# aminclude_static.am generated automatically by Autoconf
-# from AX_AM_MACROS_STATIC on Mi 23. Sep 17:47:02 CEST 2020
+# from AX_AM_MACROS_STATIC on Wed Nov 25 15:11:12 CET 2020
# SPDX-License-Identifier: BSD-2-Clause
# Copyright (c) 2015 - 2018 Intel Corporation
@@ -23909,8 +23909,8 @@
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
-@AUTOCONF_CODE_COVERAGE_2019_01_06_FALSE@distclean-local:
@AUTOCONF_CODE_COVERAGE_2019_01_06_FALSE@clean-local:
+@AUTOCONF_CODE_COVERAGE_2019_01_06_FALSE@distclean-local:
check-valgrind: check-valgrind-am
check-valgrind-am: check-valgrind-local
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/aminclude_static.am new/tpm2-tss-3.0.3/aminclude_static.am
--- old/tpm2-tss-3.0.1/aminclude_static.am 2020-09-23 17:47:02.000000000 +0200
+++ new/tpm2-tss-3.0.3/aminclude_static.am 2020-11-25 15:11:12.000000000 +0100
@@ -1,4 +1,4 @@
# aminclude_static.am generated automatically by Autoconf
-# from AX_AM_MACROS_STATIC on Mi 23. Sep 17:47:02 CEST 2020
+# from AX_AM_MACROS_STATIC on Wed Nov 25 15:11:12 CET 2020
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/configure new/tpm2-tss-3.0.3/configure
--- old/tpm2-tss-3.0.1/configure 2020-09-23 17:46:28.000000000 +0200
+++ new/tpm2-tss-3.0.3/configure 2020-11-25 15:11:11.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for tpm2-tss 3.0.1.
+# Generated by GNU Autoconf 2.69 for tpm2-tss 3.0.3.
#
# Report bugs to https://github.com/tpm2-software/tpm2-tss/issues.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='tpm2-tss'
PACKAGE_TARNAME='tpm2-tss'
-PACKAGE_VERSION='3.0.1'
-PACKAGE_STRING='tpm2-tss 3.0.1'
+PACKAGE_VERSION='3.0.3'
+PACKAGE_STRING='tpm2-tss 3.0.3'
PACKAGE_BUGREPORT='https://github.com/tpm2-software/tpm2-tss/issues'
PACKAGE_URL='https://github.com/tpm2-software/tpm2-tss'
@@ -1556,7 +1556,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures tpm2-tss 3.0.1 to adapt to many kinds of systems.
+\`configure' configures tpm2-tss 3.0.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1627,7 +1627,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of tpm2-tss 3.0.1:";;
+ short | recursive ) echo "Configuration of tpm2-tss 3.0.3:";;
esac
cat <<\_ACEOF
@@ -1835,7 +1835,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-tpm2-tss configure 3.0.1
+tpm2-tss configure 3.0.3
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2371,7 +2371,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by tpm2-tss $as_me 3.0.1, which was
+It was created by tpm2-tss $as_me 3.0.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3235,7 +3235,7 @@
# Define the identity of the package.
PACKAGE='tpm2-tss'
- VERSION='3.0.1'
+ VERSION='3.0.3'
cat >>confdefs.h <<_ACEOF
@@ -23329,7 +23329,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by tpm2-tss $as_me 3.0.1, which was
+This file was extended by tpm2-tss $as_me 3.0.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -23396,7 +23396,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-tpm2-tss config.status 3.0.1
+tpm2-tss config.status 3.0.3
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/configure.ac new/tpm2-tss-3.0.3/configure.ac
--- old/tpm2-tss-3.0.1/configure.ac 2020-09-23 17:45:29.000000000 +0200
+++ new/tpm2-tss-3.0.3/configure.ac 2020-11-25 15:10:56.000000000 +0100
@@ -4,7 +4,7 @@
# All rights reserved.
AC_INIT([tpm2-tss],
- [3.0.1],
+ [3.0.3],
[https://github.com/tpm2-software/tpm2-tss/issues],
[],
[https://github.com/tpm2-software/tpm2-tss])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/lib/tss2-esys.pc.in new/tpm2-tss-3.0.3/lib/tss2-esys.pc.in
--- old/tpm2-tss-3.0.1/lib/tss2-esys.pc.in 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/lib/tss2-esys.pc.in 2020-11-25 15:10:25.000000000 +0100
@@ -8,6 +8,6 @@
URL: https://github.com/tpm2-software/tpm2-tss
Version: @VERSION@
Requires.private: tss2-mu tss2-sys
-Cflags: -I${includedir} -I${includedir}/tss
+Cflags: -I${includedir} -I${includedir}/tss2
Libs: -ltss2-esys -L${libdir}
Libs.private: @LIBADD_DL@ @LIBSOCKET_LDFLAGS@ @TSS2_ESYS_LDFLAGS_CRYPTO@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/lib/tss2-fapi.pc.in new/tpm2-tss-3.0.3/lib/tss2-fapi.pc.in
--- old/tpm2-tss-3.0.1/lib/tss2-fapi.pc.in 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/lib/tss2-fapi.pc.in 2020-11-25 15:10:25.000000000 +0100
@@ -8,5 +8,5 @@
URL: https://github.com/tpm2-software/tpm2-tss
Version: @VERSION@
Requires.private: tss2-mu tss2-esys tss2-tctildr libcurl libcrypto json-c
-Cflags: -I${includedir} -I${includedir}/tss
+Cflags: -I${includedir} -I${includedir}/tss2
Libs: -ltss2-fapi -L${libdir}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/lib/tss2-mu.pc.in new/tpm2-tss-3.0.3/lib/tss2-mu.pc.in
--- old/tpm2-tss-3.0.1/lib/tss2-mu.pc.in 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/lib/tss2-mu.pc.in 2020-11-25 15:10:25.000000000 +0100
@@ -7,5 +7,5 @@
Description: TPM2 type marshaling and unmarshaling library.
URL: https://github.com/tpm2-software/tpm2-tss
Version: @VERSION@
-Cflags: -I${includedir} -I${includedir}/tss
+Cflags: -I${includedir} -I${includedir}/tss2
Libs: -ltss2-mu -L${libdir}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/lib/tss2-rc.pc.in new/tpm2-tss-3.0.3/lib/tss2-rc.pc.in
--- old/tpm2-tss-3.0.1/lib/tss2-rc.pc.in 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/lib/tss2-rc.pc.in 2020-11-25 15:10:25.000000000 +0100
@@ -7,5 +7,5 @@
Description: TPM2 error decoding library.
URL: https://github.com/tpm2-software/tpm2-tss
Version: @VERSION@
-Cflags: -I${includedir} -I${includedir}/tss
+Cflags: -I${includedir} -I${includedir}/tss2
Libs: -ltss2-rc -L${libdir}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/lib/tss2-sys.pc.in new/tpm2-tss-3.0.3/lib/tss2-sys.pc.in
--- old/tpm2-tss-3.0.1/lib/tss2-sys.pc.in 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/lib/tss2-sys.pc.in 2020-11-25 15:10:25.000000000 +0100
@@ -8,6 +8,6 @@
URL: https://github.com/tpm2-software/tpm2-tss
Version: @VERSION@
Requires.private: tss2-mu
-Cflags: -I${includedir} -I${includedir}/tss
+Cflags: -I${includedir} -I${includedir}/tss2
Libs: -ltss2-sys -L${libdir}
Libs.private: @LIBSOCKET_LDFLAGS@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/lib/tss2-tcti-cmd.pc.in new/tpm2-tss-3.0.3/lib/tss2-tcti-cmd.pc.in
--- old/tpm2-tss-3.0.1/lib/tss2-tcti-cmd.pc.in 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/lib/tss2-tcti-cmd.pc.in 2020-11-25 15:10:25.000000000 +0100
@@ -7,5 +7,5 @@
Description: TCTI library for communicating with a subproccess that can communicate with the TPM.
URL: https://github.com/tpm2-software/tpm2-tss
Version: @VERSION@
-Cflags: -I${includedir} -I${includedir}/tss
+Cflags: -I${includedir} -I${includedir}/tss2
Libs: -ltss2-tcti-cmd -L${libdir}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/lib/tss2-tcti-device.pc.in new/tpm2-tss-3.0.3/lib/tss2-tcti-device.pc.in
--- old/tpm2-tss-3.0.1/lib/tss2-tcti-device.pc.in 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/lib/tss2-tcti-device.pc.in 2020-11-25 15:10:25.000000000 +0100
@@ -8,5 +8,5 @@
URL: https://github.com/tpm2-software/tpm2-tss
Version: @VERSION@
Requires.private: tss2-mu
-Cflags: -I${includedir} -I${includedir}/tss
+Cflags: -I${includedir} -I${includedir}/tss2
Libs: -ltss2-tcti-device -L${libdir}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/lib/tss2-tcti-mssim.pc.in new/tpm2-tss-3.0.3/lib/tss2-tcti-mssim.pc.in
--- old/tpm2-tss-3.0.1/lib/tss2-tcti-mssim.pc.in 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/lib/tss2-tcti-mssim.pc.in 2020-11-25 15:10:25.000000000 +0100
@@ -8,5 +8,5 @@
URL: https://github.com/tpm2-software/tpm2-tss
Version: @VERSION@
Requires.private: tss2-mu
-Cflags: -I${includedir} -I${includedir}/tss
+Cflags: -I${includedir} -I${includedir}/tss2
Libs: -ltss2-tcti-mssim -L${libdir}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/lib/tss2-tcti-swtpm.pc.in new/tpm2-tss-3.0.3/lib/tss2-tcti-swtpm.pc.in
--- old/tpm2-tss-3.0.1/lib/tss2-tcti-swtpm.pc.in 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/lib/tss2-tcti-swtpm.pc.in 2020-11-25 15:10:25.000000000 +0100
@@ -8,5 +8,5 @@
URL: https://github.com/tpm2-software/tpm2-tss
Version: @VERSION@
Requires.private: tss2-mu
-Cflags: -I${includedir} -I${includedir}/tss
+Cflags: -I${includedir} -I${includedir}/tss2
Libs: -ltss2-tcti-swtpm -L${libdir}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/lib/tss2-tctildr.pc.in new/tpm2-tss-3.0.3/lib/tss2-tctildr.pc.in
--- old/tpm2-tss-3.0.1/lib/tss2-tctildr.pc.in 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/lib/tss2-tctildr.pc.in 2020-11-25 15:10:25.000000000 +0100
@@ -7,5 +7,5 @@
Description: Library to simplify management of TCTIs.
URL: https://github.com/tpm2-software/tpm2-tss
Version: @VERSION@
-Cflags: -I@includedir@ -I${includedir}/tss
+Cflags: -I@includedir@ -I${includedir}/tss2
Libs: -ltss2-tctildr -L@libdir@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/man/man7/tss2-tcti-swtpm.7 new/tpm2-tss-3.0.3/man/man7/tss2-tcti-swtpm.7
--- old/tpm2-tss-3.0.1/man/man7/tss2-tcti-swtpm.7 2020-09-23 17:47:08.000000000 +0200
+++ new/tpm2-tss-3.0.3/man/man7/tss2-tcti-swtpm.7 2020-11-25 15:11:20.000000000 +0100
@@ -25,7 +25,7 @@
.BR tcti-tabrmd (7),
.BR tpm2-abrmd (8)
.SH COLOPHON
-This page is part of release 3.0.1 of Open Source implementation of the
+This page is part of release 3.0.3 of Open Source implementation of the
TCG TPM2 Software Stack (TSS2). A description of the project, information
about reporting bugs, and the latest version of this page can be found at
\%https://github.com/tpm2-software/tpm2-tss/.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_CreateNv.c new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_CreateNv.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_CreateNv.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_CreateNv.c 2020-11-25 15:10:25.000000000 +0100
@@ -442,6 +442,9 @@
else
miscNv->with_auth = TPM2_NO;
+ /* NV objects will always be stored in the system store */
+ nvCmd->nv_object.system = TPM2_YES;
+
/* Perform esys serialization if necessary */
r = ifapi_esys_serialize_object(context->esys, &nvCmd->nv_object);
goto_if_error(r, "Prepare serialization", error_cleanup);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_Delete.c new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_Delete.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_Delete.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_Delete.c 2020-11-25 15:10:25.000000000 +0100
@@ -391,6 +391,13 @@
&command->numPaths);
goto_if_error(r, "get entities.", error_cleanup);
+ /* Check whether a path for exactly one policy was passed. */
+ if (command->numPaths == 0 && ifapi_path_type_p(path, IFAPI_POLICY_PATH)) {
+ command->numPaths = 1;
+ command->pathlist = calloc(1, sizeof(char *));
+ strdup_check(command->pathlist[0], path, r, error_cleanup);
+ }
+
command->path_idx = command->numPaths;
if (command->numPaths == 0) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_Import.c new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_Import.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_Import.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_Import.c 2020-11-25 15:10:25.000000000 +0100
@@ -622,9 +622,8 @@
ifapi_cleanup_ifapi_object(&command->object);
if (command->private) {
SAFE_FREE(command->private);
- if (newObject)
- /* Private buffer was already freed. */
- newObject->misc.key.private.buffer = NULL;
+ /* Private buffer was already freed. */
+ newObject->misc.key.private.buffer = NULL;
}
ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object);
if (context->loadKey.key_object){
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_List.c new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_List.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_List.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_List.c 2020-11-25 15:10:25.000000000 +0100
@@ -169,6 +169,7 @@
char **pathList)
{
LOG_TRACE("called for context:%p", context);
+ bool provision_check_ok;
TSS2_RC r = TSS2_RC_SUCCESS;
size_t sizePathList = 0;
@@ -188,7 +189,7 @@
goto_if_error(r, "get entities.", cleanup);
if (numPaths == 0)
- goto cleanup;
+ goto check_provisioning;
/* Determine size of char string to be returnded */
for (size_t i = 0; i < numPaths; i++)
@@ -208,25 +209,35 @@
strcat(*pathList, IFAPI_LIST_DELIM);
}
- LOG_TRACE("finished");
-
-cleanup:
- /* Cleanup any intermediate results and state stored in the context. */
- SAFE_FREE(command->searchPath);
+ check_provisioning:
if (numPaths == 0 && (r == TSS2_RC_SUCCESS)) {
- if (command->searchPath && strcmp(command->searchPath,"/") !=0) {
- LOG_ERROR("Path not found: %s", command->searchPath);
+ if (command->searchPath && (strcmp(command->searchPath,"/") == 0
+ || strcmp(command->searchPath,"") == 0)) {
+ LOG_WARNING("Path not found: %s", command->searchPath);
r = TSS2_FAPI_RC_NOT_PROVISIONED;
} else {
- LOG_ERROR("FAPI not provisioned.");
- r = TSS2_FAPI_RC_NOT_PROVISIONED;
+ r = ifapi_check_provisioned(&context->keystore, command->searchPath, &provision_check_ok);
+ goto_if_error(r, "Provisioning check.", cleanup);
+
+ if (provision_check_ok) {
+ LOG_WARNING("Path not found: %s", command->searchPath);
+ r = TSS2_FAPI_RC_PATH_NOT_FOUND;
+ } else {
+ LOG_WARNING("Profile of path not provisioned: %s", command->searchPath);
+ r = TSS2_FAPI_RC_NOT_PROVISIONED;
+ }
}
}
+ LOG_TRACE("finished");
+
+cleanup:
+ /* Cleanup any intermediate results and state stored in the context. */
if (numPaths > 0) {
for (size_t i = 0; i < numPaths; i++){
SAFE_FREE(pathArray[i]);
}
}
+ SAFE_FREE(command->searchPath);
SAFE_FREE(pathArray);
return r;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_NvExtend.c new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_NvExtend.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_NvExtend.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_NvExtend.c 2020-11-25 15:10:25.000000000 +0100
@@ -427,6 +427,9 @@
JSON_C_TO_STRING_PRETTY),
r, error_cleanup);
+ /* Set written bit in keystore */
+ context->nv_cmd.nv_object.misc.nv.public.nvPublic.attributes |= TPMA_NV_WRITTEN;
+
/* Perform esys serialization if necessary */
r = ifapi_esys_serialize_object(context->esys, &command->nv_object);
goto_if_error(r, "Prepare serialization", error_cleanup);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_NvIncrement.c new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_NvIncrement.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_NvIncrement.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_NvIncrement.c 2020-11-25 15:10:25.000000000 +0100
@@ -307,6 +307,9 @@
return_try_again(r);
goto_if_error_reset_state(r, "FAPI NV_Increment_Finish", error_cleanup);
+ /* Set written bit in keystore */
+ context->nv_cmd.nv_object.misc.nv.public.nvPublic.attributes |= TPMA_NV_WRITTEN;
+
/* Perform esys serialization if necessary */
r = ifapi_esys_serialize_object(context->esys, &command->nv_object);
goto_if_error(r, "Prepare serialization", error_cleanup);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_NvSetBits.c new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_NvSetBits.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_NvSetBits.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_NvSetBits.c 2020-11-25 15:10:25.000000000 +0100
@@ -317,6 +317,9 @@
return_try_again(r);
goto_if_error_reset_state(r, "FAPI NV_SetBits_Finish", error_cleanup);
+ /* Set written bit in keystore */
+ context->nv_cmd.nv_object.misc.nv.public.nvPublic.attributes |= TPMA_NV_WRITTEN;
+
/* Serialize the ESYS object for updating the metadata in the keystore. */
r = ifapi_esys_serialize_object(context->esys, object);
goto_if_error(r, "Prepare serialization", error_cleanup);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_Provision.c new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_Provision.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/api/Fapi_Provision.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/api/Fapi_Provision.c 2020-11-25 15:10:25.000000000 +0100
@@ -374,6 +374,11 @@
statecase(context->state, PROVISION_READ_HIERARCHY);
path = command->pathlist[command->path_idx];
+ if (path == NULL) {
+ goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "Wrong path.",
+ error_cleanup);
+ }
+
r = ifapi_keystore_load_finish(&context->keystore, &context->io,
&command->hierarchies[command->path_idx]);
return_try_again(r);
@@ -381,6 +386,11 @@
/* Search for slash followed by hierarchy after profile */
path = strchr(&path[1], '/');
+ if (path == NULL) {
+ goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE,
+ "Wrong path.",
+ error_cleanup);
+ }
/* Use the first appropriate hierarchy for provisioning. The first found
hierarchy will be copied into the provisioning context.*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/fapi_crypto.c new/tpm2-tss-3.0.3/src/tss2-fapi/fapi_crypto.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/fapi_crypto.c 2020-07-20 14:47:05.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/fapi_crypto.c 2020-11-25 14:00:15.000000000 +0100
@@ -1640,6 +1640,11 @@
}
}
+ /* No CRL dist point in the cert is legitimate */
+ if (url == NULL) {
+ goto cleanup;
+ }
+
curl_rc = ifapi_get_curl_buffer(url, &crl_buffer, &crl_buffer_size);
if (curl_rc != 0) {
goto_error(r, TSS2_FAPI_RC_NO_CERT, "Get crl.", cleanup);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/fapi_util.c new/tpm2-tss-3.0.3/src/tss2-fapi/fapi_util.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/fapi_util.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/fapi_util.c 2020-11-25 15:10:25.000000000 +0100
@@ -3390,6 +3390,9 @@
r = ifapi_get_name(&outPublic->publicArea, &object->misc.key.name);
goto_if_error(r, "Get key name", error_cleanup);
+ SAFE_FREE(outPrivate);
+ SAFE_FREE(outPublic);
+
if (object->misc.key.public.publicArea.type == TPM2_ALG_RSA)
object->misc.key.signing_scheme = context->cmd.Key_Create.profile->rsa_signing_scheme;
else
@@ -3402,10 +3405,16 @@
r = ifapi_authorize_object(context, &context->loadKey.auth_object, &auth_session);
FAPI_SYNC(r, "Authorize key.", error_cleanup);
+ TPM2B_PRIVATE private;
+ private.size = object->misc.key.private.size;
+ memcpy(&private.buffer[0], &object->misc.key.private.buffer[0],
+ private.size);
+
r = Esys_Load_Async(context->esys, context->loadKey.handle,
auth_session,
ESYS_TR_NONE, ESYS_TR_NONE,
- outPrivate, outPublic);
+ &private,
+ &object->misc.key.public);
goto_if_error(r, "Load key.", error_cleanup);
}
@@ -3489,9 +3498,6 @@
fallthrough;
statecase(context->cmd.Key_Create.state, KEY_CREATE_WRITE_PREPARE);
- SAFE_FREE(outPrivate);
- SAFE_FREE(outPublic);
-
if (template->persistent_handle) {
/* Compute the serialization, which will be used for the
reconstruction of the key object. */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_keystore.c new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_keystore.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_keystore.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_keystore.c 2020-11-25 15:10:25.000000000 +0100
@@ -61,8 +61,7 @@
* @retval TSS2_FAPI_RC_MEMORY: If memory for the path list could not be allocated.
* @retval TSS2_FAPI_RC_BAD_VALUE If no explicit path can be derived from the
* implicit path.
- * @retval TSS2_FAPI_RC_PATH_NOT_FOUND if a FAPI object path was not found
- * during authorization.
+ * @retval TSS2_FAPI_RC_BAD_PATH if no valid key path could be created.
*/
static TSS2_RC
initialize_explicit_key_path(
@@ -119,7 +118,7 @@
hierarchy = "HS";
} else {
LOG_ERROR("Hierarchy cannot be determined.");
- r = TSS2_FAPI_RC_PATH_NOT_FOUND;
+ r = TSS2_FAPI_RC_BAD_PATH;
goto error;
}
/* Add the used hierarchy to the linked list. */
@@ -129,7 +128,7 @@
goto error;
}
if (list_node == NULL) {
- goto_error(r, TSS2_FAPI_RC_PATH_NOT_FOUND, "Explicit path can't be determined.",
+ goto_error(r, TSS2_FAPI_RC_BAD_PATH, "Explicit path can't be determined.",
error);
}
@@ -141,21 +140,21 @@
}
if (hierarchy && strcmp(hierarchy, "HS") == 0 && strcmp(list_node->str, "EK") == 0) {
- LOG_ERROR("Key EK cannot be create in the storage hierarchy.");
- r = TSS2_FAPI_RC_PATH_NOT_FOUND;
+ LOG_ERROR("Key EK cannot be created in the storage hierarchy.");
+ r = TSS2_FAPI_RC_BAD_PATH;
goto error;
}
if (hierarchy && strcmp(hierarchy, "HE") == 0 && strcmp(list_node->str, "SRK") == 0) {
LOG_ERROR("Key EK cannot be create in the endorsement hierarchy.");
- r = TSS2_FAPI_RC_PATH_NOT_FOUND;
+ r = TSS2_FAPI_RC_BAD_PATH;
goto error;
}
if (hierarchy && strcmp(hierarchy, "HN") == 0 &&
(strcmp(list_node->str, "SRK") == 0 || strcmp(list_node->str, "EK") == 0)) {
LOG_ERROR("Key EK and SRK cannot be created in NULL hierarchy.");
- r = TSS2_FAPI_RC_PATH_NOT_FOUND;
+ r = TSS2_FAPI_RC_BAD_PATH;
goto error;
}
@@ -511,6 +510,7 @@
{
TSS2_RC r;
char *directory = NULL;
+ bool provision_check_ok;
/* First expand path in user directory */
r = expand_path(keystore, rel_path, &directory);
@@ -533,16 +533,26 @@
goto cleanup;
}
+ /* Check whether provisioning was made for the path profile. */
+ r = ifapi_check_provisioned(keystore, rel_path, &provision_check_ok);
+ goto_if_error(r, "Provisioning check.", cleanup);
+
+ if (!provision_check_ok) {
+ goto_error(r, TSS2_FAPI_RC_NOT_PROVISIONED,
+ "FAPI not provisioned for path: %s.",
+ cleanup, rel_path);
+ }
+
/* Check type of object which does not exist. */
if (ifapi_path_type_p(rel_path, IFAPI_NV_PATH)) {
/* NV directory does not exist. */
goto_error(r, TSS2_FAPI_RC_PATH_NOT_FOUND,
- "FAPI not provisioned. File %s does not exist.",
+ "File %s does not exist.",
cleanup, rel_path);
} else if (ifapi_hierarchy_path_p(rel_path)) {
/* Hierarchy which should be created during provisioning could not be loaded. */
- goto_error(r, TSS2_FAPI_RC_NOT_PROVISIONED,
- "FAPI not provisioned. Hierarchy file %s does not exist.",
+ goto_error(r, TSS2_FAPI_RC_PATH_NOT_FOUND,
+ "Hierarchy file %s does not exist.",
cleanup, rel_path);
} else {
/* Object file for key does not exist in keystore */
@@ -603,6 +613,7 @@
return r;
error_cleanup:
+ SAFE_FREE(abs_path);
SAFE_FREE(keystore->rel_path);
return r;
}
@@ -1183,6 +1194,11 @@
path = keystore->key_search.pathlist[path_idx];
LOG_TRACE("Check file: %s %zu", path, keystore->key_search.path_idx);
+ /* Skip policy files. */
+ if (ifapi_path_type_p(path, IFAPI_POLICY_PATH)) {
+ return TSS2_FAPI_RC_TRY_AGAIN;
+ }
+
r = ifapi_keystore_load_async(keystore, io, path);
return_if_error2(r, "Could not open: %s", path);
@@ -1764,3 +1780,65 @@
}
}
}
+
+/** Check whether profile directory exists for a fapi path.
+ *
+ * It will be checked whether a profile directory exists for a path which starts
+ * with a profile name after fapi pathname expansion.
+ *
+ * @param[in] keystore The key directories and default profile.
+ * @param[in] rel_path The relative path to be checked.
+ * @param[out] ok The boolean value whether the check ok.
+ * @retval TSS2_RC_SUCCESS if the check could be made.
+ * @retval TSS2_FAPI_RC_MEMORY: if memory could not be allocated to compute
+ * the absolute paths.
+ */
+TSS2_RC
+ifapi_check_provisioned(
+ IFAPI_KEYSTORE *keystore,
+ const char *rel_path,
+ bool *ok)
+{
+ TSS2_RC r = TSS2_RC_SUCCESS;
+ char *directory = NULL;
+ char *profile_dir = NULL;
+ char *end_profile;
+
+ *ok = false;
+
+ /* First expand path in user directory */
+ r = expand_path(keystore, rel_path, &directory);
+ goto_if_error(r, "Expand path", cleanup);
+
+ /* Check whether the path starts with a profile. */
+ if (directory && (strncmp(directory, "P_", 2) != 0 || strncmp(directory, "/P_", 2) != 0)) {
+ end_profile = strchr(&directory[1], '/');
+ if (end_profile) {
+ end_profile[0] = '\0';
+ }
+ /* Compute user path of the profile. */
+ r = ifapi_asprintf(&profile_dir, "%s/%s", keystore->userdir, directory);
+ goto_if_error2(r, "Profile path could not be created.", cleanup);
+
+ if (ifapi_io_path_exists(profile_dir)) {
+ *ok = true;
+ goto cleanup;
+ }
+ /* Compute system path of the profile. */
+ SAFE_FREE(profile_dir);
+ r = ifapi_asprintf(&profile_dir, "%s/%s", keystore->systemdir, directory);
+ goto_if_error2(r, "Profile path could not be created.", cleanup);
+
+ if (ifapi_io_path_exists(profile_dir)) {
+ *ok = true;
+ goto cleanup;
+ }
+ } else {
+ /* No check needed because no profile found in the path. */
+ *ok = true;
+ }
+ cleanup:
+ SAFE_FREE(profile_dir);
+ SAFE_FREE(directory);
+ return r;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_keystore.h new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_keystore.h
--- old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_keystore.h 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_keystore.h 2020-11-25 15:10:25.000000000 +0100
@@ -280,4 +280,10 @@
ifapi_cleanup_ifapi_object(
IFAPI_OBJECT *object);
+TSS2_RC
+ifapi_check_provisioned(
+ IFAPI_KEYSTORE *keystore,
+ const char *rel_path,
+ bool *ok);
+
#endif /* IFAPI_KEYSTORE_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy.c new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy.c 2020-11-25 15:10:25.000000000 +0100
@@ -116,6 +116,8 @@
r = ifapi_policyeval_instantiate_finish(&context->policy.eval_ctx);
FAPI_SYNC(r, "Instantiate policy.", cleanup);
ifapi_free_node_list(context->policy.eval_ctx.policy_elements);
+ context->policy.eval_ctx.policy_elements = NULL;
+
if (!(*hash_size = ifapi_hash_get_digest_size(hash_alg))) {
goto_error(r, TSS2_FAPI_RC_BAD_VALUE,
"Unsupported hash algorithm (%" PRIu16 ")", cleanup,
@@ -151,6 +153,8 @@
statecasedefault(context->policy.state);
}
cleanup:
+ ifapi_free_node_list(context->policy.eval_ctx.policy_elements);
+ context->policy.eval_ctx.policy_elements = NULL;
context->policy.state = POLICY_INIT;
return r;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_calculate.c new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_calculate.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_calculate.c 2020-03-11 12:36:05.000000000 +0100
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_calculate.c 2020-11-23 11:02:14.000000000 +0100
@@ -1065,6 +1065,10 @@
memset(&nv_name, 0, sizeof(TPM2B_NAME));
+ /* Written flag has to be set for policy calculation, because during
+ policy execution it will be set. */
+ policy->nvPublic.nvPublic.attributes |= TPMA_NV_WRITTEN;
+
/* Compute NV name from public info */
r = ifapi_nv_get_name(&policy->nvPublic, &nv_name);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_callbacks.c new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_callbacks.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_callbacks.c 2020-09-22 14:16:50.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_callbacks.c 2020-11-25 15:10:25.000000000 +0100
@@ -712,6 +712,27 @@
return TSS2_RC_SUCCESS;
}
+static bool
+cmp_policy_ref(TPM2B_NONCE *ref1, TPM2B_NONCE *ref2)
+{
+ if ((!ref1 || !ref1->size) && (!ref2 || !ref2->size)) {
+ return true;
+ }
+ if (!ref1 || !ref1->size || !ref2 || !ref2->size) {
+ return false;
+ }
+
+ if (ref1->size != ref2->size) {
+ return false;
+ }
+
+ if (memcmp(&ref1->buffer[0], &ref2->buffer[0], ref1->size) != 0) {
+ return false;
+ }
+
+ return true;
+}
+
/** Check whether public data of key is assigned to policy.
*
* It will be checked whether policy was authorized by abort key with public
@@ -719,26 +740,29 @@
*
* @param[in] policy The policy to be checked.
* @param[in] publicVoid The public information of the key.
- * @param[in] nameAlgVoid Not used for this compare function.
+ * @param[in] policyReferenceVoid The policy reverence to be compared.
* @param[out] equal Switch whether check was successful.
*/
static TSS2_RC
equal_policy_authorization(
TPMS_POLICY *policy,
void *publicVoid,
- void *nameAlgVoid,
+ void *policyRefVoid,
bool *equal)
{
TPMT_PUBLIC *public = publicVoid;
- (void)nameAlgVoid;
+ TPM2B_NONCE *policyRef = policyRefVoid;
size_t i;
TPML_POLICYAUTHORIZATIONS *authorizations = policy->policyAuthorizations;
*equal = false;
+
if (authorizations) {
for (i = 0; i < authorizations->count; i++) {
- if (ifapi_TPMT_PUBLIC_cmp
- (public, &authorizations->authorizations[i].key)) {
+ /* Check public information if key and policyRef */
+ if (ifapi_TPMT_PUBLIC_cmp(public, &authorizations->authorizations[i].key) &&
+ cmp_policy_ref(policyRef,
+ &authorizations->authorizations[i].policyRef)) {
*equal = true;
return TSS2_RC_SUCCESS;
}
@@ -1005,6 +1029,7 @@
for (i = 0; i < policy->policyAuthorizations->count; i++) {
if (ifapi_TPMT_PUBLIC_cmp(public,
&policy->policyAuthorizations->authorizations[i].key)) {
+ /* The public info was already stored in the policy. */
*signature = policy->policyAuthorizations->authorizations[i].signature;
return TSS2_RC_SUCCESS;
}
@@ -1075,6 +1100,7 @@
TPMT_PUBLIC *key_public,
TPMI_ALG_HASH hash_alg,
TPM2B_DIGEST *digest,
+ TPM2B_NONCE *policyRef,
TPMT_SIGNATURE *signature,
void *userdata)
{
@@ -1113,7 +1139,7 @@
statecase(cb_ctx->cb_state, POL_CB_SEARCH_POLICY)
r = search_policy(fapi_ctx,
equal_policy_authorization, true,
- key_public, NULL,
+ key_public, policyRef,
¤t_policy->policy_list);
FAPI_SYNC(r, "Search policy", cleanup);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_callbacks.h new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_callbacks.h
--- old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_callbacks.h 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_callbacks.h 2020-11-25 15:10:25.000000000 +0100
@@ -93,6 +93,7 @@
TPMT_PUBLIC *key_public,
TPMI_ALG_HASH hash_alg,
TPM2B_DIGEST *digest,
+ TPM2B_NONCE *policyRef,
TPMT_SIGNATURE *signature,
void *userdata);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_execute.c new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_execute.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_execute.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_execute.c 2020-11-25 15:10:25.000000000 +0100
@@ -524,6 +524,7 @@
statecasedefault(current_policy->state);
}
cleanup:
+ SAFE_FREE(current_policy->nonceTPM);
SAFE_FREE(current_policy->pem_key);
SAFE_FREE(signature_ossl);
SAFE_FREE(current_policy->buffer);
@@ -608,6 +609,7 @@
/* Execute authorized policy. */
ifapi_policyeval_EXEC_CB *cb = ¤t_policy->callbacks;
r = cb->cbauthpol(&policy->keyPublic, hash_alg, &policy->approvedPolicy,
+ &policy->policyRef,
&policy->signature, cb->cbauthpol_userdata);
return_try_again(r);
goto_if_error(r, "Execute authorized policy.", cleanup);
@@ -888,7 +890,7 @@
r = Esys_PolicySecret_Finish(esys_ctx, NULL,
NULL);
return_try_again(r);
- goto_if_error(r, "FAPI PolicyAuthorizeNV_Finish", cleanup);
+ goto_if_error(r, "FAPI PolicyAuthorizeNV_Finish", error_cleanup);
break;
statecasedefault(current_policy->state);
@@ -896,6 +898,10 @@
cleanup:
return r;
+
+ error_cleanup:
+ SAFE_FREE(current_policy->nonceTPM);
+ return r;
}
/** Execute a policy depending on the TPM timers.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_execute.h new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_execute.h
--- old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_execute.h 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_execute.h 2020-11-25 15:10:25.000000000 +0100
@@ -77,6 +77,7 @@
TPMT_PUBLIC *key_public,
TPMI_ALG_HASH hash_alg,
TPM2B_DIGEST *digest,
+ TPM2B_NONCE *policyRef,
TPMT_SIGNATURE *signature,
void *userdata);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_instantiate.c new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_instantiate.c
--- old/tpm2-tss-3.0.1/src/tss2-fapi/ifapi_policy_instantiate.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/src/tss2-fapi/ifapi_policy_instantiate.c 2020-11-25 15:10:25.000000000 +0100
@@ -35,6 +35,10 @@
TSS2_RC r = TSS2_RC_SUCCESS;
size_t i, j;
+ if (!policy) {
+ return_error(TSS2_FAPI_RC_GENERAL_FAILURE, "Bad policy pointer");
+ }
+
for (i = 0; i < policy->count; i++) {
if (policy->elements[i].type == POLICYOR) {
/* Policy with sub policies */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/test/integration/fapi-check-wrong-paths.int.c new/tpm2-tss-3.0.3/test/integration/fapi-check-wrong-paths.int.c
--- old/tpm2-tss-3.0.1/test/integration/fapi-check-wrong-paths.int.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/test/integration/fapi-check-wrong-paths.int.c 2020-11-25 15:10:25.000000000 +0100
@@ -53,7 +53,7 @@
goto error;
}
- if (r != TSS2_FAPI_RC_PATH_NOT_FOUND) {
+ if (r != TSS2_FAPI_RC_BAD_PATH) {
goto_if_error(r, "Wrong return code", error);
}
@@ -64,7 +64,7 @@
goto error;
}
- if (r != TSS2_FAPI_RC_PATH_NOT_FOUND) {
+ if (r != TSS2_FAPI_RC_BAD_PATH) {
goto_if_error(r, "Wrong return code", error);
}
@@ -75,7 +75,7 @@
goto error;
}
- if (r != TSS2_FAPI_RC_PATH_NOT_FOUND) {
+ if (r != TSS2_FAPI_RC_BAD_PATH) {
goto_if_error(r, "Error Fapi_CreateKey", error);
}
@@ -86,7 +86,7 @@
goto error;
}
- if (r != TSS2_FAPI_RC_PATH_NOT_FOUND) {
+ if (r != TSS2_FAPI_RC_BAD_PATH) {
goto_if_error(r, "Error Fapi_CreateNv", error);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tss-3.0.1/test/integration/fapi-get-random.int.c new/tpm2-tss-3.0.3/test/integration/fapi-get-random.int.c
--- old/tpm2-tss-3.0.1/test/integration/fapi-get-random.int.c 2020-09-22 14:16:18.000000000 +0200
+++ new/tpm2-tss-3.0.3/test/integration/fapi-get-random.int.c 2020-11-25 15:10:25.000000000 +0100
@@ -42,6 +42,7 @@
size_t bytesRequested = sizeof(TPMU_HA) + 10;
uint8_t *randomBytes = NULL;
+
r = Fapi_Provision(context, NULL, NULL, NULL);
goto_if_error(r, "Error Fapi_Provision", error);