Hello community,
here is the log from the commit of package tpm-quote-tools for openSUSE:Factory checked in at 2017-11-03 16:27:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tpm-quote-tools (Old)
and /work/SRC/openSUSE:Factory/.tpm-quote-tools.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm-quote-tools"
Fri Nov 3 16:27:57 2017 rev:2 rq:538363 version:1.0.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/tpm-quote-tools/tpm-quote-tools.changes 2017-06-29 15:04:27.107507210 +0200
+++ /work/SRC/openSUSE:Factory/.tpm-quote-tools.new/tpm-quote-tools.changes 2017-11-03 16:29:11.562727600 +0100
@@ -1,0 +2,7 @@
+Thu Nov 2 13:02:24 UTC 2017 - matthias.gerstner@suse.com
+
+- update to upstream version 1.0.4:
+ - this version fixes an issue with 'mkaik' when an SRK secret was
+ required. 'mkaik' always used the well-known secret as SRK.
+
+-------------------------------------------------------------------
Old:
----
tpm-quote-tools-1.0.3.tar.gz
New:
----
tpm-quote-tools-1.0.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tpm-quote-tools.spec ++++++
--- /var/tmp/diff_new_pack.LQTfwT/_old 2017-11-03 16:29:12.166705618 +0100
+++ /var/tmp/diff_new_pack.LQTfwT/_new 2017-11-03 16:29:12.166705618 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package tpm-tools
+# spec file for package tpm-quote-tools
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
@@ -17,7 +17,7 @@
Name: tpm-quote-tools
-Version: 1.0.3
+Version: 1.0.4
Release: 0
Summary: Trusted Platform Module (TPM) remote attestation tools
License: BSD-3-Clause
++++++ tpm-quote-tools-1.0.3.tar.gz -> tpm-quote-tools-1.0.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-quote-tools-1.0.3/ChangeLog new/tpm-quote-tools-1.0.4/ChangeLog
--- old/tpm-quote-tools-1.0.3/ChangeLog 2017-01-18 18:10:09.000000000 +0100
+++ new/tpm-quote-tools-1.0.4/ChangeLog 2017-05-26 15:25:17.000000000 +0200
@@ -1,3 +1,12 @@
+2017-05-26 Matthias Gerstner
+
+ * tpm_mkaik.c (setSecret): Fixed tpm_mkaik when SRK password is in
+ effect. The code before only set a TPM secret, the SRK secret was
+ always set to the well known one. This then failed with error code
+ 0x1 "authentication failed".
+
+ * configure.ac: Tagged as 1.0.4.
+
2017-01-18 John D. Ramsdell
* *.8: For each manual page, added a description of the documented
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-quote-tools-1.0.3/configure new/tpm-quote-tools-1.0.4/configure
--- old/tpm-quote-tools-1.0.3/configure 2017-01-18 18:10:55.000000000 +0100
+++ new/tpm-quote-tools-1.0.4/configure 2017-05-26 15:26:05.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for TPM Quote Tools 1.0.3.
+# Generated by GNU Autoconf 2.69 for TPM Quote Tools 1.0.4.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -577,8 +577,8 @@
# Identity of this package.
PACKAGE_NAME='TPM Quote Tools'
PACKAGE_TARNAME='tpm-quote-tools'
-PACKAGE_VERSION='1.0.3'
-PACKAGE_STRING='TPM Quote Tools 1.0.3'
+PACKAGE_VERSION='1.0.4'
+PACKAGE_STRING='TPM Quote Tools 1.0.4'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1273,7 +1273,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures TPM Quote Tools 1.0.3 to adapt to many kinds of systems.
+\`configure' configures TPM Quote Tools 1.0.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1343,7 +1343,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of TPM Quote Tools 1.0.3:";;
+ short | recursive ) echo "Configuration of TPM Quote Tools 1.0.4:";;
esac
cat <<\_ACEOF
@@ -1439,7 +1439,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-TPM Quote Tools configure 1.0.3
+TPM Quote Tools configure 1.0.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1737,7 +1737,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by TPM Quote Tools $as_me 1.0.3, which was
+It was created by TPM Quote Tools $as_me 1.0.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2603,7 +2603,7 @@
# Define the identity of the package.
PACKAGE='tpm-quote-tools'
- VERSION='1.0.3'
+ VERSION='1.0.4'
cat >>confdefs.h <<_ACEOF
@@ -5310,7 +5310,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by TPM Quote Tools $as_me 1.0.3, which was
+This file was extended by TPM Quote Tools $as_me 1.0.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -5376,7 +5376,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-TPM Quote Tools config.status 1.0.3
+TPM Quote Tools config.status 1.0.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-quote-tools-1.0.3/configure.ac new/tpm-quote-tools-1.0.4/configure.ac
--- old/tpm-quote-tools-1.0.3/configure.ac 2017-01-18 18:10:09.000000000 +0100
+++ new/tpm-quote-tools-1.0.4/configure.ac 2017-05-26 15:25:17.000000000 +0200
@@ -1,4 +1,4 @@
-AC_INIT(TPM Quote Tools, 1.0.3,, tpm-quote-tools)
+AC_INIT(TPM Quote Tools, 1.0.4,, tpm-quote-tools)
AC_CONFIG_SRCDIR(tpm_mkaik.c)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-quote-tools-1.0.3/tpm-quote-tools.spec.in new/tpm-quote-tools-1.0.4/tpm-quote-tools.spec.in
--- old/tpm-quote-tools-1.0.3/tpm-quote-tools.spec.in 2017-01-18 18:10:09.000000000 +0100
+++ new/tpm-quote-tools-1.0.4/tpm-quote-tools.spec.in 2017-05-26 15:25:17.000000000 +0200
@@ -37,6 +37,9 @@
%{_mandir}/man8/*
%changelog
+* Fri May 26 2017 Matthias Gerstner - 1.0.4-1
+- Fixed tpm_mkaik when SRK password is in effect.
+
* Wed Jan 18 2017 John D. Ramsdell - 1.0.3-1
- Added program descriptions to NAME sections in manual pages
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-quote-tools-1.0.3/tpm_mkaik.c new/tpm-quote-tools-1.0.4/tpm_mkaik.c
--- old/tpm-quote-tools-1.0.3/tpm_mkaik.c 2017-01-18 18:10:09.000000000 +0100
+++ new/tpm-quote-tools-1.0.4/tpm_mkaik.c 2017-05-26 15:25:17.000000000 +0200
@@ -53,6 +53,50 @@
}
#endif
+static int setSecret(const char *label, TSS_HCONTEXT hContext, TSS_HPOLICY hPolicy, int well_known, int utf16le)
+{
+ if( well_known )
+ {
+ BYTE wks[] = TSS_WELL_KNOWN_SECRET;
+ return Tspi_Policy_SetSecret(
+ hPolicy,
+ TSS_SECRET_MODE_SHA1,
+ sizeof wks,
+ wks
+ );
+ }
+
+#if defined USE_OPENSSL_UI
+ int bufSize = UI_MAX_SECRET_STRING_LENGTH;
+ char buf[bufSize];
+ if (getpasswd(label, buf, bufSize) < 0)
+ return tidy(hContext, tss_err(TSS_E_FAIL, "getting owner password"));
+# if defined HAVE_ICONV_H
+ if (utf16le) {
+ char *passwd = toutf16le(buf);
+ if (!passwd)
+ return tidy(
+ hContext,
+ tss_err(TSS_E_FAIL, "converting password to UTF16LE")
+ );
+ size_t passwdLen = utf16lelen(passwd);
+ return Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN,
+ passwdLen, (BYTE *)passwd);
+ free(passwd);
+ }
+ else
+ return Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN,
+ strlen(buf), (BYTE *)buf);
+# else // ICONV
+ return Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN,
+ strlen(buf), (BYTE *)buf);
+# endif // ICONV
+ memset(buf, 0, bufSize);
+#else // USE_OPENSSL_UI
+ return Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_POPUP, 0, NULL);
+#endif
+}
+
static int usage(const char *prog)
{
const char text[] =
@@ -129,9 +173,7 @@
if (rc != TSS_SUCCESS)
return tidy(hContext, tss_err(rc, "getting SRK policy"));
- BYTE srkSecret[] = TSS_WELL_KNOWN_SECRET;
- rc = Tspi_Policy_SetSecret(hSrkPolicy, TSS_SECRET_MODE_SHA1,
- sizeof srkSecret, srkSecret);
+ rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known, utf16le);
if (rc != TSS_SUCCESS)
return tidy(hContext, tss_err(rc, "setting SRK secret"));
@@ -151,39 +193,7 @@
if (rc != TSS_SUCCESS)
return tidy(hContext, tss_err(rc, "assigning TPM policy"));
- if (well_known)
- rc = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_SHA1,
- sizeof srkSecret, srkSecret);
- else
-#if defined USE_OPENSSL_UI
- {
- int bufSize = UI_MAX_SECRET_STRING_LENGTH;
- char buf[bufSize];
- if (getpasswd("Enter owner password: ", buf, bufSize) < 0)
- return tidy(hContext, tss_err(TSS_E_FAIL, "getting owner password"));
-#if defined HAVE_ICONV_H
- if (utf16le) {
- char *passwd = toutf16le(buf);
- if (!passwd)
- return tidy(hContext,
- tss_err(TSS_E_FAIL, "converting password to UTF16LE"));
- size_t passwdLen = utf16lelen(passwd);
- rc = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN,
- passwdLen, (BYTE *)passwd);
- free(passwd);
- }
- else
- rc = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN,
- strlen(buf), (BYTE *)buf);
-#else
- rc = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN,
- strlen(buf), (BYTE *)buf);
-#endif
- memset(buf, 0, bufSize);
- }
-#else
- rc = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_POPUP, 0, NULL);
-#endif
+ rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known, utf16le);
if (rc != TSS_SUCCESS)
return tidy(hContext, tss_err(rc, "setting TPM policy secret"));