Hello community, here is the log from the commit of package tpm-quote-tools for openSUSE:Factory checked in at 2017-11-03 16:27:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm-quote-tools (Old) and /work/SRC/openSUSE:Factory/.tpm-quote-tools.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm-quote-tools" Fri Nov 3 16:27:57 2017 rev:2 rq:538363 version:1.0.4 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm-quote-tools/tpm-quote-tools.changes 2017-06-29 15:04:27.107507210 +0200 +++ /work/SRC/openSUSE:Factory/.tpm-quote-tools.new/tpm-quote-tools.changes 2017-11-03 16:29:11.562727600 +0100 @@ -1,0 +2,7 @@ +Thu Nov 2 13:02:24 UTC 2017 - [email protected] + +- update to upstream version 1.0.4: + - this version fixes an issue with 'mkaik' when an SRK secret was + required. 'mkaik' always used the well-known secret as SRK. + +------------------------------------------------------------------- Old: ---- tpm-quote-tools-1.0.3.tar.gz New: ---- tpm-quote-tools-1.0.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm-quote-tools.spec ++++++ --- /var/tmp/diff_new_pack.LQTfwT/_old 2017-11-03 16:29:12.166705618 +0100 +++ /var/tmp/diff_new_pack.LQTfwT/_new 2017-11-03 16:29:12.166705618 +0100 @@ -1,5 +1,5 @@ # -# spec file for package tpm-tools +# spec file for package tpm-quote-tools # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # @@ -17,7 +17,7 @@ Name: tpm-quote-tools -Version: 1.0.3 +Version: 1.0.4 Release: 0 Summary: Trusted Platform Module (TPM) remote attestation tools License: BSD-3-Clause ++++++ tpm-quote-tools-1.0.3.tar.gz -> tpm-quote-tools-1.0.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-quote-tools-1.0.3/ChangeLog new/tpm-quote-tools-1.0.4/ChangeLog --- old/tpm-quote-tools-1.0.3/ChangeLog 2017-01-18 18:10:09.000000000 +0100 +++ new/tpm-quote-tools-1.0.4/ChangeLog 2017-05-26 15:25:17.000000000 +0200 @@ -1,3 +1,12 @@ +2017-05-26 Matthias Gerstner <[email protected]> + + * tpm_mkaik.c (setSecret): Fixed tpm_mkaik when SRK password is in + effect. The code before only set a TPM secret, the SRK secret was + always set to the well known one. This then failed with error code + 0x1 "authentication failed". + + * configure.ac: Tagged as 1.0.4. + 2017-01-18 John D. Ramsdell <[email protected]> * *.8: For each manual page, added a description of the documented diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-quote-tools-1.0.3/configure new/tpm-quote-tools-1.0.4/configure --- old/tpm-quote-tools-1.0.3/configure 2017-01-18 18:10:55.000000000 +0100 +++ new/tpm-quote-tools-1.0.4/configure 2017-05-26 15:26:05.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for TPM Quote Tools 1.0.3. +# Generated by GNU Autoconf 2.69 for TPM Quote Tools 1.0.4. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='TPM Quote Tools' PACKAGE_TARNAME='tpm-quote-tools' -PACKAGE_VERSION='1.0.3' -PACKAGE_STRING='TPM Quote Tools 1.0.3' +PACKAGE_VERSION='1.0.4' +PACKAGE_STRING='TPM Quote Tools 1.0.4' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1273,7 +1273,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures TPM Quote Tools 1.0.3 to adapt to many kinds of systems. +\`configure' configures TPM Quote Tools 1.0.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1343,7 +1343,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of TPM Quote Tools 1.0.3:";; + short | recursive ) echo "Configuration of TPM Quote Tools 1.0.4:";; esac cat <<\_ACEOF @@ -1439,7 +1439,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -TPM Quote Tools configure 1.0.3 +TPM Quote Tools configure 1.0.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1737,7 +1737,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by TPM Quote Tools $as_me 1.0.3, which was +It was created by TPM Quote Tools $as_me 1.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2603,7 +2603,7 @@ # Define the identity of the package. PACKAGE='tpm-quote-tools' - VERSION='1.0.3' + VERSION='1.0.4' cat >>confdefs.h <<_ACEOF @@ -5310,7 +5310,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by TPM Quote Tools $as_me 1.0.3, which was +This file was extended by TPM Quote Tools $as_me 1.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -5376,7 +5376,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -TPM Quote Tools config.status 1.0.3 +TPM Quote Tools config.status 1.0.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-quote-tools-1.0.3/configure.ac new/tpm-quote-tools-1.0.4/configure.ac --- old/tpm-quote-tools-1.0.3/configure.ac 2017-01-18 18:10:09.000000000 +0100 +++ new/tpm-quote-tools-1.0.4/configure.ac 2017-05-26 15:25:17.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT(TPM Quote Tools, 1.0.3,, tpm-quote-tools) +AC_INIT(TPM Quote Tools, 1.0.4,, tpm-quote-tools) AC_CONFIG_SRCDIR(tpm_mkaik.c) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-quote-tools-1.0.3/tpm-quote-tools.spec.in new/tpm-quote-tools-1.0.4/tpm-quote-tools.spec.in --- old/tpm-quote-tools-1.0.3/tpm-quote-tools.spec.in 2017-01-18 18:10:09.000000000 +0100 +++ new/tpm-quote-tools-1.0.4/tpm-quote-tools.spec.in 2017-05-26 15:25:17.000000000 +0200 @@ -37,6 +37,9 @@ %{_mandir}/man8/* %changelog +* Fri May 26 2017 Matthias Gerstner <[email protected]> - 1.0.4-1 +- Fixed tpm_mkaik when SRK password is in effect. + * Wed Jan 18 2017 John D. Ramsdell <[email protected]> - 1.0.3-1 - Added program descriptions to NAME sections in manual pages diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tpm-quote-tools-1.0.3/tpm_mkaik.c new/tpm-quote-tools-1.0.4/tpm_mkaik.c --- old/tpm-quote-tools-1.0.3/tpm_mkaik.c 2017-01-18 18:10:09.000000000 +0100 +++ new/tpm-quote-tools-1.0.4/tpm_mkaik.c 2017-05-26 15:25:17.000000000 +0200 @@ -53,6 +53,50 @@ } #endif +static int setSecret(const char *label, TSS_HCONTEXT hContext, TSS_HPOLICY hPolicy, int well_known, int utf16le) +{ + if( well_known ) + { + BYTE wks[] = TSS_WELL_KNOWN_SECRET; + return Tspi_Policy_SetSecret( + hPolicy, + TSS_SECRET_MODE_SHA1, + sizeof wks, + wks + ); + } + +#if defined USE_OPENSSL_UI + int bufSize = UI_MAX_SECRET_STRING_LENGTH; + char buf[bufSize]; + if (getpasswd(label, buf, bufSize) < 0) + return tidy(hContext, tss_err(TSS_E_FAIL, "getting owner password")); +# if defined HAVE_ICONV_H + if (utf16le) { + char *passwd = toutf16le(buf); + if (!passwd) + return tidy( + hContext, + tss_err(TSS_E_FAIL, "converting password to UTF16LE") + ); + size_t passwdLen = utf16lelen(passwd); + return Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN, + passwdLen, (BYTE *)passwd); + free(passwd); + } + else + return Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN, + strlen(buf), (BYTE *)buf); +# else // ICONV + return Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN, + strlen(buf), (BYTE *)buf); +# endif // ICONV + memset(buf, 0, bufSize); +#else // USE_OPENSSL_UI + return Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_POPUP, 0, NULL); +#endif +} + static int usage(const char *prog) { const char text[] = @@ -129,9 +173,7 @@ if (rc != TSS_SUCCESS) return tidy(hContext, tss_err(rc, "getting SRK policy")); - BYTE srkSecret[] = TSS_WELL_KNOWN_SECRET; - rc = Tspi_Policy_SetSecret(hSrkPolicy, TSS_SECRET_MODE_SHA1, - sizeof srkSecret, srkSecret); + rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known, utf16le); if (rc != TSS_SUCCESS) return tidy(hContext, tss_err(rc, "setting SRK secret")); @@ -151,39 +193,7 @@ if (rc != TSS_SUCCESS) return tidy(hContext, tss_err(rc, "assigning TPM policy")); - if (well_known) - rc = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_SHA1, - sizeof srkSecret, srkSecret); - else -#if defined USE_OPENSSL_UI - { - int bufSize = UI_MAX_SECRET_STRING_LENGTH; - char buf[bufSize]; - if (getpasswd("Enter owner password: ", buf, bufSize) < 0) - return tidy(hContext, tss_err(TSS_E_FAIL, "getting owner password")); -#if defined HAVE_ICONV_H - if (utf16le) { - char *passwd = toutf16le(buf); - if (!passwd) - return tidy(hContext, - tss_err(TSS_E_FAIL, "converting password to UTF16LE")); - size_t passwdLen = utf16lelen(passwd); - rc = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN, - passwdLen, (BYTE *)passwd); - free(passwd); - } - else - rc = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN, - strlen(buf), (BYTE *)buf); -#else - rc = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN, - strlen(buf), (BYTE *)buf); -#endif - memset(buf, 0, bufSize); - } -#else - rc = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_POPUP, 0, NULL); -#endif + rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known, utf16le); if (rc != TSS_SUCCESS) return tidy(hContext, tss_err(rc, "setting TPM policy secret"));
