Hello community, here is the log from the commit of package tpm-tools for openSUSE:Factory checked in at 2012-09-14 12:41:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm-tools (Old) and /work/SRC/openSUSE:Factory/.tpm-tools.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm-tools", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/tpm-tools/tpm-tools.changes 2012-04-12 09:54:37.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tpm-tools.new/tpm-tools.changes 2012-09-14 12:41:04.000000000 +0200 @@ -1,0 +2,7 @@ +Tue Jun 12 14:29:53 UTC 2012 - [email protected] + +- Updated to 1.3.8 + - bugfixes + - pcr/nvram sealing options + +------------------------------------------------------------------- Old: ---- tpm-tools-1.3.7.1.tar.gz New: ---- tpm-tools-1.3.8.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm-tools.spec ++++++ --- /var/tmp/diff_new_pack.yNZGSB/_old 2012-09-14 12:41:05.000000000 +0200 +++ /var/tmp/diff_new_pack.yNZGSB/_new 2012-09-14 12:41:05.000000000 +0200 @@ -22,7 +22,6 @@ BuildRequires: freetype2-devel BuildRequires: glib2-devel BuildRequires: gtk2-devel -BuildRequires: libtspi1 BuildRequires: openCryptoki-devel BuildRequires: openssl-devel BuildRequires: pango-devel @@ -32,7 +31,7 @@ Name: tpm-tools Url: http://trousers.sourceforge.net/ -Version: 1.3.7.1 +Version: 1.3.8 Release: 0 Summary: Trusted Platform Module (TPM) administration tools License: IPL-1.0 @@ -64,9 +63,6 @@ %if 0%{?suse_version} >= 1200 export CFLAGS="%{optflags} -Wno-unused-but-set-variable" %endif - -# please notify upstream -#export LIBS="-lcrypto -ldl" %configure --disable-static make ++++++ tpm-tools-1.3.7.1.tar.gz -> tpm-tools-1.3.8.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-tools-1.3.7.1/configure new/tpm-tools-1.3.8/configure --- old/tpm-tools-1.3.7.1/configure 2012-01-18 13:31:48.000000000 +0100 +++ new/tpm-tools-1.3.8/configure 2012-05-17 21:09:26.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for tpm-tools 1.3.7. +# Generated by GNU Autoconf 2.68 for tpm-tools 1.3.8. # # Report bugs to <[email protected]>. # @@ -570,8 +570,8 @@ # Identity of this package. PACKAGE_NAME='tpm-tools' PACKAGE_TARNAME='tpm-tools' -PACKAGE_VERSION='1.3.7' -PACKAGE_STRING='tpm-tools 1.3.7' +PACKAGE_VERSION='1.3.8' +PACKAGE_STRING='tpm-tools 1.3.8' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1323,7 +1323,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures tpm-tools 1.3.7 to adapt to many kinds of systems. +\`configure' configures tpm-tools 1.3.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1394,7 +1394,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of tpm-tools 1.3.7:";; + short | recursive ) echo "Configuration of tpm-tools 1.3.8:";; esac cat <<\_ACEOF @@ -1506,7 +1506,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -tpm-tools configure 1.3.7 +tpm-tools configure 1.3.8 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1929,7 +1929,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by tpm-tools $as_me 1.3.7, which was +It was created by tpm-tools $as_me 1.3.8, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2859,7 +2859,7 @@ # Define the identity of the package. PACKAGE='tpm-tools' - VERSION='1.3.7' + VERSION='1.3.8' cat >>confdefs.h <<_ACEOF @@ -14377,7 +14377,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by tpm-tools $as_me 1.3.7, which was +This file was extended by tpm-tools $as_me 1.3.8, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14443,7 +14443,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -tpm-tools config.status 1.3.7 +tpm-tools config.status 1.3.8 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-tools-1.3.7.1/configure.in new/tpm-tools-1.3.8/configure.in --- old/tpm-tools-1.3.7.1/configure.in 2012-01-18 13:25:01.000000000 +0100 +++ new/tpm-tools-1.3.8/configure.in 2012-05-17 21:09:20.000000000 +0200 @@ -21,7 +21,7 @@ # http://www.opensource.org/licenses/cpl1.0.php. # -AC_INIT(tpm-tools, 1.3.7, [email protected]) +AC_INIT(tpm-tools, 1.3.8, [email protected]) AC_PREREQ(2.12)dnl AC_CONFIG_SRCDIR(Makefile.am) AM_CONFIG_HEADER(config.h) @@ -110,7 +110,7 @@ AC_CHECK_LIB(crypto, PEM_read_X509, [OPENSSL_LIB="1"], [AC_MSG_ERROR([openssl lib not found: libcrypto.so])]) AC_CHECK_HEADER(openssl/evp.h, [OPENSSL_INC="1"], [AC_MSG_ERROR([openssl header not found: openssl/evp.h])]) -OPENCRYPTOKI="1" +OPENCRYPTOKI="0" AC_ARG_ENABLE(pkcs11_support, AC_HELP_STRING([--disable-pkcs11-support], [don't build data_mgmt commands [[default=no]]]), [disable_pkcs11_support="yes" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-tools-1.3.7.1/lib/tpm_unseal.c new/tpm-tools-1.3.8/lib/tpm_unseal.c --- old/tpm-tools-1.3.7.1/lib/tpm_unseal.c 2010-10-05 04:20:00.000000000 +0200 +++ new/tpm-tools-1.3.8/lib/tpm_unseal.c 2012-05-17 21:24:47.000000000 +0200 @@ -88,7 +88,7 @@ int res_size = 0; BIO *bdata = NULL, *b64 = NULL, *bmem = NULL; - int bioRc; + int bioRc = 0; if ( tss_data == NULL || tss_size == NULL ) { rc = TPMSEAL_STD_ERROR; @@ -185,6 +185,11 @@ BIO_free(b64); b64 = NULL; bioRc = BIO_reset(bmem); + if (bioRc != 1) { + tpm_errno = EIO; + rc = TPMSEAL_STD_ERROR; + goto out; + } /* Check for EVP Key Type Header */ BIO_gets(bdata, data, sizeof(data)); @@ -252,6 +257,11 @@ BIO_free(b64); b64 = NULL; bioRc = BIO_reset(bmem); + if (bioRc != 1) { + tpm_errno = EIO; + rc = TPMSEAL_STD_ERROR; + goto out; + } /* Read the base64 encrypted data into the memory BIO */ while ((rcLen = BIO_gets(bdata, data, sizeof(data))) > 0) { @@ -419,7 +429,13 @@ bmem = BIO_pop(b64); BIO_free(b64); b64 = NULL; + /* a BIO_reset failure shouldn't have an affect at this point */ bioRc = BIO_reset(bmem); + if (bioRc != 1) { + tpm_errno = EIO; + rc = TPMSEAL_STD_ERROR; + goto out; + } tss_out: Tspi_Context_Close(hContext); @@ -437,6 +453,11 @@ BIO_free(bmem); } + if (bioRc != 1) { + tpm_errno = EIO; + rc = TPMSEAL_STD_ERROR; + } + if ( evpKeyData ) free(evpKeyData); if ( tssKeyData ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-tools-1.3.7.1/po/tpm-tools.pot new/tpm-tools-1.3.8/po/tpm-tools.pot --- old/tpm-tools-1.3.7.1/po/tpm-tools.pot 2012-01-18 13:18:03.000000000 +0100 +++ new/tpm-tools-1.3.8/po/tpm-tools.pot 2012-05-17 19:55:05.000000000 +0200 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: [email protected]\n" -"POT-Creation-Date: 2012-01-18 10:18-0200\n" +"POT-Creation-Date: 2012-05-17 14:55-0300\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <[email protected]>\n" @@ -86,7 +86,7 @@ msgid "%s failed: 0x%08x - layer=%s, code=%04x (%d), %s\n" msgstr "" -#: lib/tpm_log.c:126 src/data_mgmt/data_common.h:51 +#: lib/tpm_log.c:126 src/data_mgmt/data_common.h:52 #, c-format msgid "%s succeeded\n" msgstr "" @@ -441,7 +441,12 @@ msgid "Error, unable to open file %s: %s\n" msgstr "" -#: src/data_mgmt/data_common.h:52 +#: src/data_mgmt/data_common.h:50 +#, c-format +msgid "Error writing to file %s: %s\n" +msgstr "" + +#: src/data_mgmt/data_common.h:53 #, c-format msgid "%s failed\n" msgstr "" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-tools-1.3.7.1/src/data_mgmt/data_common.h new/tpm-tools-1.3.8/src/data_mgmt/data_common.h --- old/tpm-tools-1.3.7.1/src/data_mgmt/data_common.h 2010-09-30 19:28:09.000000000 +0200 +++ new/tpm-tools-1.3.8/src/data_mgmt/data_common.h 2012-05-17 19:49:58.000000000 +0200 @@ -47,6 +47,7 @@ #define TOKEN_MEMORY_ERROR _("Error, unable to allocate needed memory\n") #define TOKEN_OPENSSL_ERROR _("Error, OpenSSL error: %s\n") #define TOKEN_FILE_OPEN_ERROR _("Error, unable to open file %s: %s\n") +#define TOKEN_FILE_WRITE_ERROR _("Error writing to file %s: %s\n") #define TOKEN_CMD_SUCCESS _("%s succeeded\n") #define TOKEN_CMD_FAILED _("%s failed\n") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-tools-1.3.7.1/src/data_mgmt/data_protect.c new/tpm-tools-1.3.8/src/data_mgmt/data_protect.c --- old/tpm-tools-1.3.7.1/src/data_mgmt/data_protect.c 2010-09-30 19:28:09.000000000 +0200 +++ new/tpm-tools-1.3.8/src/data_mgmt/data_protect.c 2012-05-17 19:49:58.000000000 +0200 @@ -380,9 +380,15 @@ } // Write the previous buffer if there is one - if ( g_pbOutData && ( g_ulOutDataLen > 0 ) ) + if ( g_pbOutData && ( g_ulOutDataLen > 0 ) ) { tWriteCount = fwrite( g_pbOutData, 1, g_ulOutDataLen, g_pOutFile ); + if ( tWriteCount != g_ulOutDataLen ) { + logError(TOKEN_FILE_WRITE_ERROR, g_pOutFile, "short write"); + return -1; + } + } + if ( a_bMoreData ) { // Allocate a (new) buffer if necessary if ( a_ulDataLen > g_ulOutBuffLen ) { @@ -403,9 +409,15 @@ } else { // No more data so write the last piece of data - if ( a_ulDataLen > 0 ) + if ( a_ulDataLen > 0 ) { tWriteCount = fwrite( a_pbData, 1, a_ulDataLen, g_pOutFile ); + if ( tWriteCount != a_ulDataLen ) { + logError(TOKEN_FILE_WRITE_ERROR, g_pOutFile, "short write"); + return -1; + } + } + fclose( g_pOutFile ); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-tools-1.3.7.1/src/tpm_mgmt/tpm_nvdefine.c new/tpm-tools-1.3.8/src/tpm_mgmt/tpm_nvdefine.c --- old/tpm-tools-1.3.7.1/src/tpm_mgmt/tpm_nvdefine.c 2011-08-17 14:20:35.000000000 +0200 +++ new/tpm-tools-1.3.8/src/tpm_mgmt/tpm_nvdefine.c 2012-05-17 19:49:58.000000000 +0200 @@ -19,6 +19,8 @@ * http://www.opensource.org/licenses/cpl1.0.php. */ +#include <stdio.h> +#include <errno.h> #include <limits.h> #include "tpm_tspi.h" @@ -36,6 +38,11 @@ static BOOL dataWellKnown; static BOOL askDataPass; static int end; +static UINT32 selectedPcrsRead[24]; +static UINT32 selectedPcrsWrite[24]; +static UINT32 selectedPcrsReadLen = 0; +static UINT32 selectedPcrsWriteLen = 0; +static const char *filename; TSS_HCONTEXT hContext = 0; @@ -101,6 +108,24 @@ useUnicode = TRUE; break; + case 'r': + if (aArg && atoi(aArg) >= 0 && atoi(aArg) < 24) { + selectedPcrsRead[selectedPcrsReadLen++] = atoi(aArg); + } else + return -1; + break; + + case 'w': + if (aArg && atoi(aArg) >= 0 && atoi(aArg) < 24) { + selectedPcrsWrite[selectedPcrsWriteLen++] = atoi(aArg); + } else + return -1; + break; + + case 'f': + filename = aArg; + break; + default: return -1; } @@ -123,12 +148,92 @@ logNVIndexCmdOption(); logCmdOption("-s, --size", _("Size of the NVRAM area")); + logCmdOption("-r, --rpcrs", + _("PCRs to seal the NVRAM area to for reading (use multiple times)")); + logCmdOption("-w, --wpcrs", + _("PCRs to seal the NVRAM area to for writing (use multiple times)")); + logCmdOption("-f, --filename", + _("File containing PCR info for the NVRAM area")); + logCmdOption("-p, --permissions", _("Permissions of the NVRAM area")); - displayStringsAndValues(permvalues, " "); } +void logInvalidPcrInfoFile() +{ + logError(_("Invalid PCR info file. Format is:\n" + "[r/w] [PCR IDX] [SHA-1 ascii]\n\nExample:\n" + "r 9 00112233445566778899AABBCCDDEEFF00112233")); +} + +int +parseNVPermsFile(FILE *f, TSS_HCONTEXT *hContext, TSS_HNVSTORE *nvObject, + TSS_HPCRS *hPcrsRead, TSS_HPCRS *hPcrsWrite) +{ + UINT32 pcrSize; + char rw; + unsigned int pcr, n; + char hash_ascii[65], hash_bin[32], save; + int rc = -1; + + while (!feof(f)) { + errno = 0; + n = fscanf(f, "%c %u %s\n", &rw, &pcr, hash_ascii); + if (n != 3) { + logInvalidPcrInfoFile(); + goto out; + } else if (errno != 0) { + perror("fscanf"); + goto out; + } + + if (rw != 'r' && rw != 'w') { + logInvalidPcrInfoFile(); + goto out; + } + + if (pcr > 15) { + logError(_("Cannot seal NVRAM area to PCR > 15\n")); + goto out; + } + + for (n = 0; n < strlen(hash_ascii); n += 2) { + save = hash_ascii[n + 2]; + hash_ascii[n + 2] = '\0'; + hash_bin[n/2] = strtoul(&hash_ascii[n], NULL, 16); + hash_ascii[n + 2] = save; + } + pcrSize = n/2; + + if (rw == 'r') { + if (*hPcrsRead == NULL_HPCRS) + if (contextCreateObject(*hContext, TSS_OBJECT_TYPE_PCRS, + TSS_PCRS_STRUCT_INFO_SHORT, + hPcrsRead) != TSS_SUCCESS) + goto out; + + if (pcrcompositeSetPcrValue(*hPcrsRead, pcr, pcrSize, (BYTE *)hash_bin) + != TSS_SUCCESS) + goto out; + } else { + if (*hPcrsWrite == NULL_HPCRS) + if (contextCreateObject(*hContext, TSS_OBJECT_TYPE_PCRS, + TSS_PCRS_STRUCT_INFO_SHORT, + hPcrsWrite) != TSS_SUCCESS) + goto out; + + if (pcrcompositeSetPcrValue(*hPcrsWrite, pcr, pcrSize, (BYTE *)hash_bin) + != TSS_SUCCESS) + goto out; + } + } + + rc = 0; +out: + return rc; +} + int main(int argc, char **argv) { TSS_HTPM hTpm; @@ -139,10 +244,14 @@ BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; int opswd_len = -1; int dpswd_len = -1; + TSS_HPCRS hPcrsRead = 0, hPcrsWrite = 0; struct option hOpts[] = { {"index" , required_argument, NULL, 'i'}, {"size" , required_argument, NULL, 's'}, {"permissions" , required_argument, NULL, 'p'}, + {"rpcrs" , required_argument, NULL, 'r'}, + {"wpcrs" , required_argument, NULL, 'w'}, + {"filename" , required_argument, NULL, 'f'}, {"pwdo" , optional_argument, NULL, 'o'}, {"pwda" , optional_argument, NULL, 'a'}, {"use-unicode" , no_argument, NULL, 'u'}, @@ -150,11 +259,14 @@ {"owner-well-known", no_argument, NULL, 'y'}, {NULL , no_argument, NULL, 0}, }; + TSS_FLAG initFlag = TSS_PCRS_STRUCT_INFO_SHORT; + UINT32 localityValue = TPM_LOC_ZERO | TPM_LOC_ONE | TPM_LOC_TWO | + TPM_LOC_THREE | TPM_LOC_FOUR; initIntlSys(); if (genericOptHandler - (argc, argv, "i:s:p:o:a:yzu", hOpts, + (argc, argv, "i:s:p:o:a:r:w:f:yzu", hOpts, sizeof(hOpts) / sizeof(struct option), parse, help) != 0) goto out; @@ -269,8 +381,85 @@ nvsize) != TSS_SUCCESS) goto out_close_obj; - if (NVDefineSpace(nvObject, (TSS_HPCRS)0, (TSS_HPCRS)0) != - TSS_SUCCESS) + if (selectedPcrsReadLen) { + UINT32 pcrSize; + BYTE *pcrValue; + UINT32 i; + + for (i = 0; i < selectedPcrsReadLen; i++) { + if (selectedPcrsRead[i] > 15) { + logError(_("Cannot seal NVRAM area to PCR > 15\n")); + goto out_close; + } + } + + if (contextCreateObject(hContext, TSS_OBJECT_TYPE_PCRS, initFlag, + &hPcrsRead) != TSS_SUCCESS) + goto out_close; + + for (i = 0; i < selectedPcrsReadLen; i++) { + if (tpmPcrRead(hTpm, selectedPcrsRead[i], &pcrSize, &pcrValue) != + TSS_SUCCESS) + goto out_close; + + if (pcrcompositeSetPcrValue(hPcrsRead, selectedPcrsRead[i], + pcrSize, pcrValue) + != TSS_SUCCESS) + goto out_close; + } + } + + if (selectedPcrsWriteLen) { + UINT32 pcrSize; + BYTE *pcrValue; + UINT32 i; + + for (i = 0; i < selectedPcrsWriteLen; i++) { + if (selectedPcrsWrite[i] > 15) { + logError(_("Cannot seal NVRAM area to PCR > 15\n")); + goto out_close; + } + } + + if (contextCreateObject(hContext, TSS_OBJECT_TYPE_PCRS, initFlag, + &hPcrsWrite) != TSS_SUCCESS) + goto out_close; + + for (i = 0; i < selectedPcrsWriteLen; i++) { + if (tpmPcrRead(hTpm, selectedPcrsWrite[i], &pcrSize, &pcrValue) != + TSS_SUCCESS) + goto out_close; + + if (pcrcompositeSetPcrValue(hPcrsWrite, selectedPcrsWrite[i], + pcrSize, pcrValue) + != TSS_SUCCESS) + goto out_close; + } + } + + if (filename) { + FILE *f; + + f = fopen(filename, "r"); + if (!f) { + logError(_("Could not access file '%s'\n"), filename); + goto out_close_obj; + } + + if (parseNVPermsFile(f, &hContext, &nvObject, &hPcrsRead, &hPcrsWrite) + != TSS_SUCCESS) + goto out_close_obj; + } + + if (hPcrsRead) + if (pcrcompositeSetPcrLocality(hPcrsRead, localityValue) != TSS_SUCCESS) + goto out_close; + + if (hPcrsWrite) + if (pcrcompositeSetPcrLocality(hPcrsWrite, localityValue) != TSS_SUCCESS) + goto out_close; + + if (NVDefineSpace(nvObject, hPcrsRead, hPcrsWrite) != TSS_SUCCESS) goto out_close; logMsg(_("Successfully created NVRAM area at index 0x%x (%u).\n"), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-tools-1.3.7.1/src/tpm_mgmt/tpm_present.c new/tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c --- old/tpm-tools-1.3.7.1/src/tpm_mgmt/tpm_present.c 2010-09-30 19:28:09.000000000 +0200 +++ new/tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c 2012-05-17 19:49:58.000000000 +0200 @@ -228,7 +228,7 @@ scanCount = scanf("%5s", rsp); /* TRANSLATORS: this should be the affirmative letter that was prompted for in the message corresponding to: "Are you sure you want to continue?[y/N]" */ - if (strcmp(rsp, _("y")) == 0) { + if (scanCount >= 1 && strcmp(rsp, _("y")) == 0) { logMsg (_("Setting the lifetime lock was confirmed.\nContinuing.\n")); bRc = TRUE; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
