Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tpm2.0-tools for openSUSE:Factory checked in at 2023-02-17 16:44:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm2.0-tools (Old) and /work/SRC/openSUSE:Factory/.tpm2.0-tools.new.22824 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm2.0-tools" Fri Feb 17 16:44:00 2023 rev:38 rq:1066202 version:5.5 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm2.0-tools/tpm2.0-tools.changes 2023-01-05 15:00:18.680849009 +0100 +++ /work/SRC/openSUSE:Factory/.tpm2.0-tools.new.22824/tpm2.0-tools.changes 2023-02-17 16:44:04.782549973 +0100 @@ -1,0 +2,14 @@ +Thu Feb 16 14:28:55 UTC 2023 - Alberto Planas Dominguez <apla...@suse.com> + +- Update to version 5.5 + + Added: + * tpm2_createek: SM2 EK Support + * misc: SM2 support to internal OSSL format key routines. Fixes + --format flags for conversions. + + Fixed: + * echo_tcti.py: set to use python3 named executable in shebang. +- Drop already merged patches + + fix_bogus_warning.patch + + echo_tcti_call_python3_binary.patch + +------------------------------------------------------------------- Old: ---- echo_tcti_call_python3_binary.patch fix_bogus_warning.patch tpm2-tools-5.4.tar.gz tpm2-tools-5.4.tar.gz.asc New: ---- tpm2-tools-5.5.tar.gz tpm2-tools-5.5.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm2.0-tools.spec ++++++ --- /var/tmp/diff_new_pack.7GUY2G/_old 2023-02-17 16:44:06.126557542 +0100 +++ /var/tmp/diff_new_pack.7GUY2G/_new 2023-02-17 16:44:06.182557857 +0100 @@ -28,7 +28,7 @@ %bcond_with test %endif Name: tpm2.0-tools -Version: 5.4 +Version: 5.5 Release: 0 Summary: Trusted Platform Module (TPM) 2.0 administration tools License: BSD-3-Clause @@ -38,9 +38,6 @@ Source1: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz.asc # git show william-roberts-pub javier-martinez-pub joshua-lock-pub idesai-pub > tpm2-tools.keyring Source2: tpm2-tools.keyring -Patch0: fix_bogus_warning.patch -# PATCH-FIX-UPSTREAM add_missing_shut_down_call_on_cleanup.patch -- based on PR#3176 -Patch1: echo_tcti_call_python3_binary.patch BuildRequires: gcc-c++ BuildRequires: libcurl-devel BuildRequires: libopenssl-devel ++++++ tpm2-tools-5.4.tar.gz -> tpm2-tools-5.5.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/Makefile.in new/tpm2-tools-5.5/Makefile.in --- old/tpm2-tools-5.4/Makefile.in 2022-12-05 17:02:14.000000000 +0100 +++ new/tpm2-tools-5.5/Makefile.in 2023-02-13 16:09:40.000000000 +0100 @@ -17,7 +17,7 @@ # SPDX-License-Identifier: BSD-3-Clause # aminclude_static.am generated automatically by Autoconf -# from AX_AM_MACROS_STATIC on Mon Dec 5 10:02:13 CST 2022 +# from AX_AM_MACROS_STATIC on Mon Feb 13 09:09:40 CST 2023 @@ -5883,8 +5883,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@AUTOCONF_CODE_COVERAGE_2019_01_06_FALSE@distclean-local: @AUTOCONF_CODE_COVERAGE_2019_01_06_FALSE@clean-local: +@AUTOCONF_CODE_COVERAGE_2019_01_06_FALSE@distclean-local: clean: clean-am clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/VERSION new/tpm2-tools-5.5/VERSION --- old/tpm2-tools-5.4/VERSION 2022-12-05 17:01:49.000000000 +0100 +++ new/tpm2-tools-5.5/VERSION 2023-02-13 16:09:28.000000000 +0100 @@ -1 +1 @@ -5.4 +5.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/aminclude_static.am new/tpm2-tools-5.5/aminclude_static.am --- old/tpm2-tools-5.4/aminclude_static.am 2022-12-05 17:02:13.000000000 +0100 +++ new/tpm2-tools-5.5/aminclude_static.am 2023-02-13 16:09:40.000000000 +0100 @@ -1,6 +1,6 @@ # aminclude_static.am generated automatically by Autoconf -# from AX_AM_MACROS_STATIC on Mon Dec 5 10:02:13 CST 2022 +# from AX_AM_MACROS_STATIC on Mon Feb 13 09:09:40 CST 2023 # Code coverage diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/configure new/tpm2-tools-5.5/configure --- old/tpm2-tools-5.4/configure 2022-12-05 17:02:12.000000000 +0100 +++ new/tpm2-tools-5.5/configure 2023-02-13 16:09:39.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for tpm2-tools 5.4. +# Generated by GNU Autoconf 2.69 for tpm2-tools 5.5. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='tpm2-tools' PACKAGE_TARNAME='tpm2-tools' -PACKAGE_VERSION='5.4' -PACKAGE_STRING='tpm2-tools 5.4' +PACKAGE_VERSION='5.5' +PACKAGE_STRING='tpm2-tools 5.5' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1450,7 +1450,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures tpm2-tools 5.4 to adapt to many kinds of systems. +\`configure' configures tpm2-tools 5.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1521,7 +1521,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of tpm2-tools 5.4:";; + short | recursive ) echo "Configuration of tpm2-tools 5.5:";; esac cat <<\_ACEOF @@ -1702,7 +1702,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -tpm2-tools configure 5.4 +tpm2-tools configure 5.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1980,7 +1980,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by tpm2-tools $as_me 5.4, which was +It was created by tpm2-tools $as_me 5.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -11953,7 +11953,7 @@ # Define the identity of the package. PACKAGE='tpm2-tools' - VERSION='5.4' + VERSION='5.5' cat >>confdefs.h <<_ACEOF @@ -16986,7 +16986,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by tpm2-tools $as_me 5.4, which was +This file was extended by tpm2-tools $as_me 5.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17052,7 +17052,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -tpm2-tools config.status 5.4 +tpm2-tools config.status 5.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/docs/CHANGELOG.md new/tpm2-tools-5.5/docs/CHANGELOG.md --- old/tpm2-tools-5.4/docs/CHANGELOG.md 2022-12-05 16:32:16.000000000 +0100 +++ new/tpm2-tools-5.5/docs/CHANGELOG.md 2023-02-13 16:08:03.000000000 +0100 @@ -4,6 +4,19 @@ Starting with release 5.4, The format is based on [Keep a Changelog](http://keepachangelog.com/). +## 5.5 - 2022-02-13 + +### Added + * tpm2_createek: + - SM2 EK Support + + * misc: + - SM2 support to internal OSSL format key routines. Fixes --format + flags for conversions. + +### Fixed: + * echo_tcti.py: set to use python3 named executable in shebang. + ## 5.4 - 2022-12-05 ### Added: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/docs/CONTRIBUTING.md new/tpm2-tools-5.5/docs/CONTRIBUTING.md --- old/tpm2-tools-5.4/docs/CONTRIBUTING.md 2022-11-08 17:31:18.000000000 +0100 +++ new/tpm2-tools-5.5/docs/CONTRIBUTING.md 2023-02-13 16:07:07.000000000 +0100 @@ -5,7 +5,7 @@ <https://github.com/tpm2-software/tpm2-tools/issues> Security sensitive bugs should be handled per the instructions in the -[SECURITY.md](SECURITY.md) file. +[docs/SECURITY.md](docs/SECURITY.md) file. ## Guidelines for submitting changes: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/docs/MAINTAINERS.md new/tpm2-tools-5.5/docs/MAINTAINERS.md --- old/tpm2-tools-5.4/docs/MAINTAINERS.md 2022-11-08 17:31:18.000000000 +0100 +++ new/tpm2-tools-5.5/docs/MAINTAINERS.md 2023-02-13 16:07:14.000000000 +0100 @@ -1,4 +1,6 @@ ## Maintainers +* Juergen Repp <juergen_r...@web.de> +* Andreas Fuchs <andreas.fu...@infineon.com> * William Roberts <william.c.robe...@intel.com> * Imran Desai <imran.de...@intel.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/lib/tpm2_attr_util.c new/tpm2-tools-5.5/lib/tpm2_attr_util.c --- old/tpm2-tools-5.4/lib/tpm2_attr_util.c 2022-10-27 16:14:09.000000000 +0200 +++ new/tpm2-tools-5.5/lib/tpm2_attr_util.c 2023-02-13 16:07:07.000000000 +0100 @@ -202,7 +202,7 @@ static bool nt(TPMA_NV *nv, char *arg) { - uint16_t value; + uint16_t value = 0; bool result = tpm2_util_string_to_uint16(arg, &value); if (!result) { result = lookup_nt_friendly_name(arg, &value); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/lib/tpm2_convert.c new/tpm2-tools-5.5/lib/tpm2_convert.c --- old/tpm2-tools-5.4/lib/tpm2_convert.c 2022-11-08 17:31:18.000000000 +0100 +++ new/tpm2-tools-5.5/lib/tpm2_convert.c 2022-12-05 18:07:52.000000000 +0100 @@ -335,7 +335,11 @@ goto out; } - ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); + if (nid == NID_sm2) { + ctx = EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL); + } else { + ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); + } if (!ctx) { print_ssl_error("Failed to allocate EC key context"); goto out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/test/scripts/echo_tcti.py new/tpm2-tools-5.5/test/scripts/echo_tcti.py --- old/tpm2-tools-5.4/test/scripts/echo_tcti.py 2022-11-21 17:45:42.000000000 +0100 +++ new/tpm2-tools-5.5/test/scripts/echo_tcti.py 2022-12-12 21:46:26.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # # This TCTI is designed to use with the subprocess TCTI and echo the contents diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/tools/tpm2_createek.c new/tpm2-tools-5.5/tools/tpm2_createek.c --- old/tpm2-tools-5.4/tools/tpm2_createek.c 2022-11-08 17:31:18.000000000 +0100 +++ new/tpm2-tools-5.5/tools/tpm2_createek.c 2022-12-05 18:07:52.000000000 +0100 @@ -18,6 +18,7 @@ #define RSA_EK_TEMPLATE_NV_INDEX 0x01c00004 #define ECC_EK_NONCE_NV_INDEX 0x01c0000b #define ECC_EK_TEMPLATE_NV_INDEX 0x01c0000c +#define ECC_SM2_EK_TEMPLATE_NV_INDEX 0x01c0001b #define DEFAULT_KEY_ALG "rsa2048" @@ -175,7 +176,8 @@ public->publicArea.authPolicy = *m->policy; if (public->publicArea.type == TPM2_ALG_ECC && - public->publicArea.parameters.eccDetail.curveID == TPM2_ECC_NIST_P256) { + (public->publicArea.parameters.eccDetail.curveID == TPM2_ECC_NIST_P256 || + public->publicArea.parameters.eccDetail.curveID == TPM2_ECC_SM2_P256)) { public->publicArea.unique.ecc.x.size = 32; public->publicArea.unique.ecc.y.size = 32; } else if (public->publicArea.type == TPM2_ALG_RSA && @@ -195,8 +197,17 @@ nonce_nv_index = RSA_EK_NONCE_NV_INDEX; break; case TPM2_ALG_ECC: - template_nv_index = ECC_EK_TEMPLATE_NV_INDEX; - nonce_nv_index = ECC_EK_NONCE_NV_INDEX; + if (input_public->publicArea.parameters.eccDetail.curveID == TPM2_ECC_NIST_P256) { + template_nv_index = ECC_EK_TEMPLATE_NV_INDEX; + nonce_nv_index = ECC_EK_NONCE_NV_INDEX; + } else if (input_public->publicArea.parameters.eccDetail.curveID == TPM2_ECC_SM2_P256) { + template_nv_index = ECC_SM2_EK_TEMPLATE_NV_INDEX; + // EK Nonces SHALL NOT be Populated in any NV Index in the High Range. + nonce_nv_index = 0; + } else { + template_nv_index = ECC_EK_TEMPLATE_NV_INDEX; + nonce_nv_index = ECC_EK_NONCE_NV_INDEX; + } break; default: LOG_ERR("EK template and EK nonce for algorithm type input(%4.4x)" @@ -228,11 +239,13 @@ // Read EK nonce UINT16 nonce_size = 0; - rc = tpm2_util_nv_read(ectx, nonce_nv_index, 0, 0, - &ctx.auth_owner_hierarchy.object, &nonce, &nonce_size, &cp_hash, - &rp_hash, TPM2_ALG_SHA256, 0, ESYS_TR_NONE, ESYS_TR_NONE, NULL); - if (rc != tool_rc_success) { - goto out; + if (nonce_nv_index) { + rc = tpm2_util_nv_read(ectx, nonce_nv_index, 0, 0, + &ctx.auth_owner_hierarchy.object, &nonce, &nonce_size, &cp_hash, + &rp_hash, TPM2_ALG_SHA256, 0, ESYS_TR_NONE, ESYS_TR_NONE, NULL); + if (rc != tool_rc_success) { + goto out; + } } if (input_public->publicArea.type == TPM2_ALG_RSA) { @@ -240,9 +253,11 @@ input_public->publicArea.unique.rsa.size = 256; } else { // ECC is only other supported algorithm - memcpy(&input_public->publicArea.unique.ecc.x.buffer, &nonce, nonce_size); - input_public->publicArea.unique.ecc.x.size = 32; - input_public->publicArea.unique.ecc.y.size = 32; + if (nonce_size) { + memcpy(&input_public->publicArea.unique.ecc.x.buffer, &nonce, nonce_size); + input_public->publicArea.unique.ecc.x.size = 32; + input_public->publicArea.unique.ecc.y.size = 32; + } } out: if (template) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm2-tools-5.4/tools/tpm2_sessionconfig.c new/tpm2-tools-5.5/tools/tpm2_sessionconfig.c --- old/tpm2-tools-5.4/tools/tpm2_sessionconfig.c 2022-11-21 17:32:28.000000000 +0100 +++ new/tpm2-tools-5.5/tools/tpm2_sessionconfig.c 2022-12-12 21:46:26.000000000 +0100 @@ -64,9 +64,6 @@ } tpm2_tool_output("Session-Handle: 0x%.8"PRIx32"\n", tpm_handle); - if (rc != tool_rc_success) { - return rc; - } bool is_attr_set = false; tpm2_tool_output("Session-Attributes: ");
