Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ibmtss for openSUSE:Factory checked in at 2025-03-16 18:57:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ibmtss (Old) and /work/SRC/openSUSE:Factory/.ibmtss.new.19136 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ibmtss" Sun Mar 16 18:57:52 2025 rev:24 rq:1252679 version:2.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/ibmtss/ibmtss.changes 2024-12-04 15:26:47.516391773 +0100 +++ /work/SRC/openSUSE:Factory/.ibmtss.new.19136/ibmtss.changes 2025-03-16 18:58:00.747028201 +0100 @@ -1,0 +2,10 @@ +Tue Feb 25 10:42:23 UTC 2025 - Pedro Monreal <pmonr...@suse.com> + +- Update to 2.4.1: + * Issue new test EK CA root certificates with a longer validity period. + * Remove patches upstream: + - tss-Commit-changelog-and-autotools-version-update.patch + - utils-Update-.so-version-to-2.4.patch + - ibmtss-2.4.0-fix-FTBFS-2026.patch + +------------------------------------------------------------------- Old: ---- ibmtss-2.4.0-fix-FTBFS-2026.patch ibmtss-2.4.0.tar.gz tss-Commit-changelog-and-autotools-version-update.patch utils-Update-.so-version-to-2.4.patch New: ---- ibmtss-2.4.1.tar.gz BETA DEBUG BEGIN: Old: - utils-Update-.so-version-to-2.4.patch - ibmtss-2.4.0-fix-FTBFS-2026.patch Old: * Remove patches upstream: - tss-Commit-changelog-and-autotools-version-update.patch - utils-Update-.so-version-to-2.4.patch Old: - tss-Commit-changelog-and-autotools-version-update.patch - utils-Update-.so-version-to-2.4.patch - ibmtss-2.4.0-fix-FTBFS-2026.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ibmtss.spec ++++++ --- /var/tmp/diff_new_pack.6SKdNK/_old 2025-03-16 18:58:01.363053971 +0100 +++ /var/tmp/diff_new_pack.6SKdNK/_new 2025-03-16 18:58:01.363053971 +0100 @@ -1,7 +1,7 @@ # # spec file for package ibmtss # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,9 +19,8 @@ %define libversion 2 %define libname libibmtss %define libpkgname %{libname}%{libversion} - Name: ibmtss -Version: 2.4.0 +Version: 2.4.1 Release: 0 Summary: IBM's TPM 2.0 TSS License: BSD-3-Clause @@ -30,9 +29,6 @@ Source: https://github.com/kgoldman/ibmtss/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: 90-tpm-ibmtss.rules Patch1: ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch -Patch2: tss-Commit-changelog-and-autotools-version-update.patch -Patch3: utils-Update-.so-version-to-2.4.patch -Patch4: ibmtss-2.4.0-fix-FTBFS-2026.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: ibmswtpm2 @@ -58,8 +54,8 @@ %package base Summary: IBM's TPM 2.0 TSS shared files Group: Productivity/Security -BuildArch: noarch Requires(post): user(tss) +BuildArch: noarch %description base Includes IBM's TPM 2.0 TSS certificates and policy files. @@ -104,6 +100,7 @@ %post base %_bindir/udevadm trigger -s tpm -s tpmrm || : + %post -n %{libpkgname} -p /sbin/ldconfig %postun -n %{libpkgname} -p /sbin/ldconfig ++++++ ibmtss-2.4.0.tar.gz -> ibmtss-2.4.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/ChangeLog new/ibmtss-2.4.1/ChangeLog --- old/ibmtss-2.4.0/ChangeLog 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/ChangeLog 2024-10-28 15:22:32.000000000 +0100 @@ -1,4 +1,22 @@ ---------------- +Changes in 2.4.1 +---------------- + +Issue new test EK CA root certificates with a longer validity period. + +---------------- +Changes in 2.4.0 +---------------- + +Add support for SHA-256, SHA-384, and SHA-512 IMA event logs. Add +local command line support and update the API to support +attestation. Add known value test to event regression tests. Change +the -ty switch to -ealg for event log angorithms. + +Add support for EK intermediate certificates in the IWG standard +locations. + +---------------- Changes in 2.3 1 ---------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/configure.ac new/ibmtss-2.4.1/configure.ac --- old/ibmtss-2.4.0/configure.ac 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/configure.ac 2024-10-28 15:22:32.000000000 +0100 @@ -3,12 +3,12 @@ # Set package release version" # After committing set git tag version. -AC_INIT(ibmtss, 2.3.1, kg...@linux.ibm.com) +AC_INIT(ibmtss, 2.4.1, kg...@linux.ibm.com) AC_PREREQ([2.63]) # Convert major.minor.micro to libtool versioning (current-revision-age) TSSLIB_VER_MAJOR=2 -TSSLIB_VER_MINOR=3 +TSSLIB_VER_MINOR=4 TSSLIB_VER_MICRO=1 TSSLIB_VERSION_INFO=`expr $TSSLIB_VER_MAJOR + $TSSLIB_VER_MINOR`:$TSSLIB_VER_MICRO:$TSSLIB_VER_MINOR AC_SUBST([TSSLIB_VERSION_INFO], [$TSSLIB_VERSION_INFO]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/tss2.spec new/ibmtss-2.4.1/tss2.spec --- old/ibmtss-2.4.0/tss2.spec 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/tss2.spec 2024-10-28 15:22:32.000000000 +0100 @@ -7,7 +7,7 @@ Name: tss2 # this is the release of the TSS library -Version: 2.3.2 +Version: 2.4.0 # this is the release of the fedora package, goes back to 1 when version changes Release: 1%{?dist} Epoch: 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/utils/certificates/cacert.pem new/ibmtss-2.4.1/utils/certificates/cacert.pem --- old/ibmtss-2.4.0/utils/certificates/cacert.pem 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/utils/certificates/cacert.pem 2024-10-28 15:22:32.000000000 +0100 @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDbDCCAlKgAwIBAgIJALbpb8xivmmsMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoM -A0lCTTEOMAwGA1UEAwwFRUsgQ0EwHhcNMTYwNTIzMTkwNjExWhcNMjYwMjIwMTkw -NjExWjBLMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0 -b3duMQwwCgYDVQQKDANJQk0xDjAMBgNVBAMMBUVLIENBMIIBIzANBgkqhkiG9w0B -AQEFAAOCARAAMIIBCwKCAQICsUzdWU1yjZNL5QeJU/emaKBbOuHvZqdCvApjGM+T -31XO1s52BkxRtOjULxd+xiK0xogdxDwwsnh/o/YR9zmj7aDVFz068WCEBvjKkClf -KOk+1VpdAFzni+NNYMNESNul3ZWwEzpfBmghI7zJQrUBh1rn27PC9OtfTFhONzRT -XPq5K2vScvU3Wz0papT4+hEmsd8YyhMYJr00cjV2bDzphZ7wg9YNNpUMJZ4yipYy -4XLG+HVPb9DyERFQNpDooA/ZhCZVT8auDbdSvYyrO9q+Uxz30UeqXK3YnDCyk00k -JCBWmf3TobjWMKwZO3gUIRMrBuJ7UsEtkkh8+jLaJ7Qcl68CAwEAAaNQME4wHQYD -VR0OBBYEFMSPNuKcE6FeRlRc+DKJeakTyaDpMB8GA1UdIwQYMBaAFMSPNuKcE6Fe -RlRc+DKJeakTyaDpMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEDAAFr -xBCzqiAkYNofYGNidpGrkiP2T3xj/hUx57HjVVoWNlVDBGsxbnoB+WlBqzApJLZC -/XZs/zuvS4bnMiSUEw2v8v3/sAqkzMJN7VOg0US1etNjPSrlBmSeun/6HX0C+5M2 -wQ836P6Y49PePvJO6zGdxJ9SlZ8jKNgtQgQKyUSViSEj0N09CndQJMnOPYIYhc+T -/9/HPaNMymHu7Hep0/NgASoLnm8LzP+nzmR286L4DeZ47hKBHMbnTeNNlodEjh92 -AyI4yaGKjujRjPokTHWUWjFt6t1VXn1cc6Sdpj2YVeFCjkjB9NmDV+Msv9h4UAqy -K0wEax/1fsWqDeoom5I1NA== +MIIDejCCAmCgAwIBAgIUVOe6TM3djGkrJ/G+ttuqcW2o/ccwDQYJKoZIhvcNAQEL +BQAwSzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhZb3JrdG93 +bjEMMAoGA1UECgwDSUJNMQ4wDAYDVQQDDAVFSyBDQTAeFw0yNDEwMjIwNDAwNDJa +Fw00NDEwMTcwNDAwNDJaMEsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTERMA8G +A1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lCTTEOMAwGA1UEAwwFRUsgQ0EwggEj +MA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAgKxTN1ZTXKNk0vlB4lT96ZooFs6 +4e9mp0K8CmMYz5PfVc7WznYGTFG06NQvF37GIrTGiB3EPDCyeH+j9hH3OaPtoNUX +PTrxYIQG+MqQKV8o6T7VWl0AXOeL401gw0RI26XdlbATOl8GaCEjvMlCtQGHWufb +s8L0619MWE43NFNc+rkra9Jy9TdbPSlqlPj6ESax3xjKExgmvTRyNXZsPOmFnvCD +1g02lQwlnjKKljLhcsb4dU9v0PIREVA2kOigD9mEJlVPxq4Nt1K9jKs72r5THPfR +R6pcrdicMLKTTSQkIFaZ/dOhuNYwrBk7eBQhEysG4ntSwS2SSHz6MtontByXrwID +AQABo1MwUTAdBgNVHQ4EFgQUxI824pwToV5GVFz4Mol5qRPJoOkwHwYDVR0jBBgw +FoAUxI824pwToV5GVFz4Mol5qRPJoOkwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQMAADawHyUjkBDBEjf9ITGSbdWhhPFAZ5R1YNxVY7gERFNIqm2/ +K2C0Dj8L3eYr7dyGSafQfOaMZRHaDDx/LiIrrrGGfcDMoBLdCPNNp04etRIe6w+y +pSM3ebJm2RW415L8YrirXVO+cUEWvLZcotvszLgE4hzt+mFosmIy5U3/MQU7RyiW +LS066Nw2IXyisb2kKiwEqw+iC4eWvj6DWnjgHqZJ6/0zuV9RjJXDFEq5YvV6E13I +2OnvDaoq9FRadXHJmqdlSbpzuLMY4JOftXOTps1kfejMun303HUfzf7+LiA1bOf4 +UGt6LgzbOG72WRDQMKlhXNZcthNWtqU8ZCD0KQgP -----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/utils/certificates/cacertecc.pem new/ibmtss-2.4.1/utils/certificates/cacertecc.pem --- old/ibmtss-2.4.0/utils/certificates/cacertecc.pem 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/utils/certificates/cacertecc.pem 2024-10-28 15:22:32.000000000 +0100 @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- -MIIB4zCCAYmgAwIBAgIJALX8+MVL3dXPMAoGCCqGSM49BAMCME4xCzAJBgNVBAYT -AlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lC -TTERMA8GA1UEAwwIRUsgRUMgQ0EwHhcNMTcwMTEzMjAzOTE2WhcNMjcwMTExMjAz -OTE2WjBOMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0 -b3duMQwwCgYDVQQKDANJQk0xETAPBgNVBAMMCEVLIEVDIENBMFkwEwYHKoZIzj0C -AQYIKoZIzj0DAQcDQgAEahnfxuCQ+NsMcDIe8GZxIiFSX65CXICk6zc3NLRPbPvq -ToRdIanaP14TT6eu76FkNDzbtsY6PSMgVNTeAAnfGqNQME4wHQYDVR0OBBYEFAFk -p5Lu8Z+laxVYak8/WHhLsG+lMB8GA1UdIwQYMBaAFAFkp5Lu8Z+laxVYak8/WHhL -sG+lMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ9GClH24Y9NPpKdh -3HTwudrjYPYyjK8o5HQ9c8Xc9ecCIQD0NgIj1iUvkEzgNoXS7UP1RD0MpKdzywqM -5RyP15ckRA== +MIIB8TCCAZegAwIBAgIUNMOdoYR8km3U06frlHaKH3I94pIwCgYIKoZIzj0EAwIw +TjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhZb3JrdG93bjEM +MAoGA1UECgwDSUJNMREwDwYDVQQDDAhFSyBFQyBDQTAeFw0yNDEwMjMxNTAwMjFa +Fw00NDEwMTgxNTAwMjFaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTERMA8G +A1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lCTTERMA8GA1UEAwwIRUsgRUMgQ0Ew +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqGd/G4JD42wxwMh7wZnEiIVJfrkJc +gKTrNzc0tE9s++pOhF0hqdo/XhNPp67voWQ0PNu2xjo9IyBU1N4ACd8ao1MwUTAd +BgNVHQ4EFgQUAWSnku7xn6VrFVhqTz9YeEuwb6UwHwYDVR0jBBgwFoAUAWSnku7x +n6VrFVhqTz9YeEuwb6UwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBF +AiEAhLQDUXzw9zBXSgAM1PHdhKT9AcVN6DIOpZhniHwXnnQCIAM5Uzc7DrUpuWUM +aXcP5Jnwafl78umJOocN/R72zWqt -----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/utils/ekutils.c new/ibmtss-2.4.1/utils/ekutils.c --- old/ibmtss-2.4.0/utils/ekutils.c 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/utils/ekutils.c 2024-10-28 15:22:32.000000000 +0100 @@ -934,7 +934,7 @@ if (irc != 1) { printf("verifyCertificateI: " "Error in X509_STORE_CTX_init initializing verify context\n"); - rc = TSS_RC_RSA_SIGNATURE; + rc = TSS_RC_X509_ERROR; } } /* walk the certificate chain */ @@ -942,7 +942,7 @@ int irc = X509_verify_cert(verifyCtx); if (irc != 1) { printf("verifyCertificateI: Error in X509_verify_cert verifying certificate\n"); - rc = TSS_RC_RSA_SIGNATURE; + rc = TSS_RC_X509_ERROR; } else { if (print) printf("EK certificate verified against the root\n"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/utils/ibmtss/tsserror.h new/ibmtss-2.4.1/utils/ibmtss/tsserror.h --- old/ibmtss-2.4.0/utils/ibmtss/tsserror.h 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/utils/ibmtss/tsserror.h 2024-10-28 15:22:32.000000000 +0100 @@ -4,7 +4,7 @@ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* */ -/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* (c) Copyright IBM Corporation 2015 - 2024. */ /* */ /* All rights reserved. */ /* */ @@ -100,7 +100,7 @@ #define TSS_RC_EC_SIGNATURE 0x000b007b /* EC signature is bad */ #define TSS_RC_EC_KEY_CONVERT 0x000b007c /* EC key conversion failed */ #define TSS_RC_BAD_SIGNATURE_ALGORITHM 0x000b007d /* Unimplemented signature algorithm */ -#define TSS_RC_X509_ERROR 0x000b007e /* X509 parse error */ +#define TSS_RC_X509_ERROR 0x000b007e /* X509 parse or verify error */ #define TSS_RC_PEM_ERROR 0x000b007f /* PEM parse error */ #define TSS_RC_COMMAND_UNIMPLEMENTED 0x000b0080 /* Unimplemented command */ #define TSS_RC_IN_PARAMETER 0x000b0081 /* Bad in parameter to TSS_Execute */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/utils/makefile.nofile new/ibmtss-2.4.1/utils/makefile.nofile --- old/ibmtss-2.4.0/utils/makefile.nofile 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/utils/makefile.nofile 2024-10-28 15:22:32.000000000 +0100 @@ -90,7 +90,7 @@ LNALIBS += -libmtssutils -libmtssmin # versioned shared library -LIBTSSVERSIONED=libibmtssmin.so.2.1 +LIBTSSVERSIONED=libibmtssmin.so.2.4 # soname field of the shared library # which will be made symbolic link to the versioned shared library @@ -109,7 +109,7 @@ # TSS utilities shared library -LIBTSSUTILSVERSIONED=libibmtssutils.so.2.1 +LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4 LIBTSSUTILSSONAME=libibmtssutils.so.2 LIBTSSUTILS=libibmtssutils.so diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/utils/makefiletpm12 new/ibmtss-2.4.1/utils/makefiletpm12 --- old/ibmtss-2.4.0/utils/makefiletpm12 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/utils/makefiletpm12 2024-10-28 15:22:32.000000000 +0100 @@ -103,7 +103,7 @@ # shared library # versioned shared library -LIBTSSVERSIONED=libibmtss.so.2.1 +LIBTSSVERSIONED=libibmtss.so.2.4 # soname field of the shared library # which will be made symbolic link to the versioned shared library @@ -122,7 +122,7 @@ # TSS utilities shared library -LIBTSSUTILSVERSIONED=libibmtssutils.so.2.1 +LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4 LIBTSSUTILSSONAME=libibmtssutils.so.2 LIBTSSUTILS=libibmtssutils.so diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/utils/makefiletpm20 new/ibmtss-2.4.1/utils/makefiletpm20 --- old/ibmtss-2.4.0/utils/makefiletpm20 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/utils/makefiletpm20 2024-10-28 15:22:32.000000000 +0100 @@ -140,7 +140,7 @@ # shared library # versioned shared library -LIBTSSVERSIONED=libibmtss.so.2.3 +LIBTSSVERSIONED=libibmtss.so.2.4 # soname field of the shared library # which will be made symbolic link to the versioned shared library @@ -159,7 +159,7 @@ # TSS utilities shared library -LIBTSSUTILSVERSIONED=libibmtssutils.so.2.3 +LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4 LIBTSSUTILSSONAME=libibmtssutils.so.2 LIBTSSUTILS=libibmtssutils.so diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/utils/makefiletpmc new/ibmtss-2.4.1/utils/makefiletpmc --- old/ibmtss-2.4.0/utils/makefiletpmc 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/utils/makefiletpmc 2024-10-28 15:22:32.000000000 +0100 @@ -108,7 +108,7 @@ # shared library # versioned shared library -LIBTSSVERSIONED=libibmtss.so.2.3 +LIBTSSVERSIONED=libibmtss.so.2.4 # soname field of the shared library # which will be made symbolic link to the versioned shared library @@ -127,7 +127,7 @@ # TSS utilities shared library -LIBTSSUTILSVERSIONED=libibmtssutils.so.2.3 +LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4 LIBTSSUTILSSONAME=libibmtssutils.so.2 LIBTSSUTILS=libibmtssutils.so diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/utils/regtests/testcredential.sh new/ibmtss-2.4.1/utils/regtests/testcredential.sh --- old/ibmtss-2.4.0/utils/regtests/testcredential.sh 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/utils/regtests/testcredential.sh 2024-10-28 15:22:32.000000000 +0100 @@ -7,7 +7,7 @@ # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # # -# (c) Copyright IBM Corporation 2015 - 2022 # +# (c) Copyright IBM Corporation 2015 - 2024 # # # # All rights reserved. # # # @@ -100,6 +100,27 @@ # It is not useful when the entire regression test runs, because a # later test generates a new EPS (endorsement primary seed), which # invalidates the EK and thus the certificate. +# +# The below notes are only for the regression test and for the TSS or +# command line utilities. +# +# The EK certificate tests depend on a test EK CA. The self signed +# root certificates for RSA and ECC were are created using openssl. +# +# openssl req -new -x509 -days 7300 -sha256 -pkeyopt rsa_keygen_bits:3072 -key cakey.pem -out certificates/cacert.pem -passin pass:rrrr +# openssl req -new -x509 -days 7300 -sha256 -key cakeyecc.pem -out certificates/cacertecc.pem -passin pass:rrrr +# +# They can be viewed using: +# +# openssl x509 -text -in certificates/cacert.pem -noout +# openssl x509 -text -in certificates/cacertecc.pem -noout +# +# The regression tests require these hard coded Issuer/Subject +# parameters for RSA and ECC: +# +# Issuer: C=US, ST=NY, L=Yorktown, O=IBM, CN=EK CA +# Issuer: C=US, ST=NY, L=Yorktown, O=IBM, CN=EK EC CA + # optional NV index for Policy C NVIDX=(01c07f01 01c07f02 01c07f03) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ibmtss-2.4.0/utils/tssresponsecode.c new/ibmtss-2.4.1/utils/tssresponsecode.c --- old/ibmtss-2.4.0/utils/tssresponsecode.c 2024-10-14 16:03:03.000000000 +0200 +++ new/ibmtss-2.4.1/utils/tssresponsecode.c 2024-10-28 15:22:32.000000000 +0100 @@ -4,7 +4,7 @@ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* */ -/* (c) Copyright IBM Corporation 2015 - 2019. */ +/* (c) Copyright IBM Corporation 2015 - 2024. */ /* */ /* All rights reserved. */ /* */ @@ -377,7 +377,7 @@ {TSS_RC_RSA_SIGNATURE, "TSS_RC_RSA_SIGNATURE - RSA signature is bad"}, {TSS_RC_EC_SIGNATURE, "TSS_RC_EC_SIGNATURE - EC signature is bad"}, {TSS_RC_EC_KEY_CONVERT, "TSS_RC_EC_KEY_CONVERT - EC key conversion failed"}, - {TSS_RC_X509_ERROR, "TSS_RC_X509_ERROR - X509 parse error"}, + {TSS_RC_X509_ERROR, "TSS_RC_X509_ERROR - X509 parse or verify error"}, {TSS_RC_PEM_ERROR, "TSS_RC_PEM_ERROR - PEM parse error"}, {TSS_RC_BAD_SIGNATURE_ALGORITHM, "TSS_RC_BAD_SIGNATURE_ALGORITHM - Unimplemented signature algorithm"}, {TSS_RC_COMMAND_UNIMPLEMENTED, "TSS_RC_COMMAND_UNIMPLEMENTED - Unimplemented command"},