Hello community,
here is the log from the commit of package libtpms for openSUSE:Factory checked
in at 2020-07-24 10:05:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libtpms (Old)
and /work/SRC/openSUSE:Factory/.libtpms.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libtpms"
Fri Jul 24 10:05:23 2020 rev:7 rq:822328 version:0.7.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/libtpms/libtpms.changes 2019-09-09
23:58:16.225228545 +0200
+++ /work/SRC/openSUSE:Factory/.libtpms.new.3592/libtpms.changes
2020-07-24 10:07:02.157997674 +0200
@@ -1,0 +2,30 @@
+Thu Jul 23 05:01:12 UTC 2020 - Kai Liu <kai....@suse.com>
+
+- Update to version 0.7.3
+ * Fixed the set of PCRs belonging to the TCB group. This affects
+ the pcrUpdateCounter in TPM2_Pcrread() responses, thus needs
+ latest `swtpm` (master, stable branches) for test cases to
+ succeed there.
+
+- Changes since version 0.7.2
+ * Fix output buffer parameter and size for RSA decryption that
+ could cause stack corruption under certain circumstances
+ * Set the RSA PSS salt length to the digest length rathern than
+ max. possible
+ * Fixes to symmetric decrytion related to input size check, defer
+ padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and to
+ always use a temporary malloc'ed buffer for decryption
+
+- Changes since version 0.7.1
+ * tpm2: Fix TDES key creation by adding missing un-/marshalling
+ functions
+ * tpm2: Fix a bug in CheckAuthSession
+ * compilation fixes for TPM 1.2 & TPM 2 and various architectures
+ and gcc versions
+ * Fix support for NIST curves P{192,224,521} and SM2 P256 and
+ BNP648 that would not work;
+ * Runtime filter elliptic curves (that OpenSSL does not support)
+ and do not advertise those curves as capabilities
+ * Removed unnecessary space in MANUFACTURER "IBM " -> "IBM"
+
+-------------------------------------------------------------------
Old:
----
v0.7.0.tar.gz
New:
----
v0.7.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libtpms.spec ++++++
--- /var/tmp/diff_new_pack.uxV92F/_old 2020-07-24 10:07:04.013999090 +0200
+++ /var/tmp/diff_new_pack.uxV92F/_new 2020-07-24 10:07:04.017999094 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libtpms
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,12 +18,12 @@
%define lname libtpms0
Name: libtpms
-Version: 0.7.0
+Version: 0.7.3
Release: 0
Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD-3-Clause
Group: Development/Libraries/C and C++
-Url: https://github.com/stefanberger/libtpms
+URL: https://github.com/stefanberger/libtpms
Source0:
https://github.com/stefanberger/libtpms/archive/v%{version}.tar.gz
BuildRequires: autoconf
BuildRequires: automake
++++++ v0.7.0.tar.gz -> v0.7.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/CHANGES new/libtpms-0.7.3/CHANGES
--- old/libtpms-0.7.0/CHANGES 2019-07-19 18:27:37.000000000 +0200
+++ new/libtpms-0.7.3/CHANGES 2020-07-09 20:26:39.000000000 +0200
@@ -1,5 +1,29 @@
CHANGES - changes for libtpms
+version 0.7.3
+ - Fixed the set of PCRs belonging to the TCB group. This affects the
+ pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
+ (master, stable branches) for test cases to succeed there.
+
+version 0.7.2
+ - Fix output buffer parameter and size for RSA decryption that could cause
+ stack corruption under certain circumstances
+ - Set the RSA PSS salt length to the digest length rathern than max. possible
+ - Fixes to symmetric decrytion related to input size check,
+ defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
+ to always use a temporary malloc'ed buffer for decryption
+
+version 0.7.1
+ - tpm2: Fix TDES key creation by adding missing un-/marshalling functions
+ - tpm2: Fix a bug in CheckAuthSession
+ - compilation fixes for TPM 1.2 & TPM 2 and various architectures and
+ gcc versions
+ - Fix support for NIST curves P{192,224,521} and SM2 P256 and BN P648
+ that would not work;
+ - Runtime filter elliptic curves (that OpenSSL does not support) and do
+ not advertise those curves as capabilities
+ - Removed unnecessary space in MANUFACTURER "IBM " -> "IBM"
+
version 0.7.0
- use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/configure.ac
new/libtpms-0.7.3/configure.ac
--- old/libtpms-0.7.0/configure.ac 2019-07-19 18:27:37.000000000 +0200
+++ new/libtpms-0.7.3/configure.ac 2020-07-09 20:26:39.000000000 +0200
@@ -3,7 +3,7 @@
#
# See the LICENSE file for the license associated with this file.
-AC_INIT([libtpms], [0.7.0])
+AC_INIT([libtpms], [0.7.3])
AC_PREREQ(2.12)
AC_CONFIG_SRCDIR(Makefile.am)
AC_CONFIG_AUX_DIR([.])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/debian/changelog
new/libtpms-0.7.3/debian/changelog
--- old/libtpms-0.7.0/debian/changelog 2019-07-19 18:27:37.000000000 +0200
+++ new/libtpms-0.7.3/debian/changelog 2020-07-09 20:26:39.000000000 +0200
@@ -1,9 +1,31 @@
+libtpms (0.7.3-1) RELEASED; urgency=medium
+
+ * Fixed set of PCRs belonging to TCB group
+
+ -- Stefan Berger <stef...@linux.ibm.com> Fri, 10 Jul 2020 12:01:00 -0500
+
+libtpms (0.7.2-1) RELEASE; urgency=high
+
+ * Bugfixes related to RSA signing, decryption, and symmetric decryption.
+
+ -- Stefan Berger <stef...@linux.ibm.com> Wed, 27 May 2020 7:53:00 -0500
+
+libtpms (0.7.1-1) RELEASE; urgency=medium
+
+ * Backports and other bugfixes.
+
+ -- Stefan Berger <stef...@linux.ibm.com> Mon, 18 May 2020 11:46:00 -0500
+
libtpms (0.7.0-1) RELEASE; urgency=medium
+ * Stable release
+
-- Stefan Berger <stef...@linux.ibm.com> Thu, 18 Jul 2019 16:26:00 -0500
libtpms (0.7.0~dev1) UNRELEASED; urgency=medium
+ * Developer release
+
-- Stefan Berger <stef...@linux.ibm.com> Mon, 14 Jan 2019 10:25:08 -0500
libtpms (0.6.0-1) RELEASED; urgency=medium
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/debian/control
new/libtpms-0.7.3/debian/control
--- old/libtpms-0.7.0/debian/control 2019-07-19 18:27:37.000000000 +0200
+++ new/libtpms-0.7.3/debian/control 2020-07-09 20:26:39.000000000 +0200
@@ -3,14 +3,15 @@
Section: libs
Priority: optional
Build-Depends: automake, autoconf, libtool, libssl-dev,
- gawk, dh-exec, debhelper, g++
+ gawk, dh-exec, debhelper (>= 9), g++
Package: libtpms0
Architecture: any
Multi-Arch: same
Depends: openssl,
${shlibs:Depends},
- ${misc:Pre-Depends}
+ ${misc:Pre-Depends},
+ ${misc:Depends}
Description: TPM emulation library
Libtpms is a library that provides TPM functionality.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/dist/libtpms.spec
new/libtpms-0.7.3/dist/libtpms.spec
--- old/libtpms-0.7.0/dist/libtpms.spec 2019-07-19 18:27:37.000000000 +0200
+++ new/libtpms-0.7.3/dist/libtpms.spec 2020-07-09 20:26:39.000000000 +0200
@@ -1,7 +1,7 @@
# --- libtpm rpm-spec ---
%define name libtpms
-%define version 0.7.0
+%define version 0.7.3
%define release 0
# Valid crypto subsystems are 'freebl' and 'openssl'
@@ -112,7 +112,16 @@
%postun -p /sbin/ldconfig
%changelog
-* Mon Jan 14 2018 Stefan Berger - 0.6.0-1
+* Fri Jul 10 2020 Stefan Berger - 0.7.3-1
+- Fixed set of PCRs belonging to TCB group
+
+* Wed May 27 2020 Stefan Berger - 0.7.2-1
+- Bugfixes related to RSA signing, decryption, and symmetric decryption.
+
+* Mon May 18 2020 Stefan Berger - 0.7.1-1
+- Backports and other bugfixes.
+
+* Mon Jan 15 2018 Stefan Berger - 0.6.0-1
- Release of version 0.6.0 with TPM 2.0 support
* Mon Jun 30 2014 Stefan Berger - 0.5.2-1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/dist/libtpms.spec.in
new/libtpms-0.7.3/dist/libtpms.spec.in
--- old/libtpms-0.7.0/dist/libtpms.spec.in 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/dist/libtpms.spec.in 2020-07-09 20:26:39.000000000
+0200
@@ -112,7 +112,16 @@
%postun -p /sbin/ldconfig
%changelog
-* Mon Jan 14 2018 Stefan Berger - 0.6.0-1
+* Fri Jul 10 2020 Stefan Berger - 0.7.3-1
+- Fixed set of PCRs belonging to TCB group
+
+* Wed May 27 2020 Stefan Berger - 0.7.2-1
+- Bugfixes related to RSA signing, decryption, and symmetric decryption.
+
+* Mon May 18 2020 Stefan Berger - 0.7.1-1
+- Backports and other bugfixes.
+
+* Mon Jan 15 2018 Stefan Berger - 0.6.0-1
- Release of version 0.6.0 with TPM 2.0 support
* Mon Jun 30 2014 Stefan Berger - 0.5.2-1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/include/libtpms/tpm_library.h
new/libtpms-0.7.3/include/libtpms/tpm_library.h
--- old/libtpms-0.7.0/include/libtpms/tpm_library.h 2019-07-19
18:27:37.000000000 +0200
+++ new/libtpms-0.7.3/include/libtpms/tpm_library.h 2020-07-09
20:26:39.000000000 +0200
@@ -50,7 +50,7 @@
#define TPM_LIBRARY_VER_MAJOR 0
#define TPM_LIBRARY_VER_MINOR 7
-#define TPM_LIBRARY_VER_MICRO 0
+#define TPM_LIBRARY_VER_MICRO 3
#define TPM_LIBRARY_VERSION_GEN(MAJ, MIN, MICRO) \
(( MAJ << 16 ) | ( MIN << 8 ) | ( MICRO ))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm12/tpm_delegate.c
new/libtpms-0.7.3/src/tpm12/tpm_delegate.c
--- old/libtpms-0.7.0/src/tpm12/tpm_delegate.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm12/tpm_delegate.c 2020-07-09 20:26:39.000000000
+0200
@@ -1629,7 +1629,7 @@
TPM_SECRET *hmacKey;
TPM_SECRET savedAuth; /* saved copy for
response */
TPM_DELEGATE_PUBLIC *delegatePublic; /* from DSAP
session */
- TPM_FAMILY_TABLE_ENTRY *familyRow; /* family table row
containing familyID */
+ TPM_FAMILY_TABLE_ENTRY *familyRow = NULL; /* family table row
containing familyID */
uint32_t nv1 =
tpm_state->tpm_permanent_data.noOwnerNVWrite;
/* temp for
noOwnerNVWrite, initialize to
silence compiler */
@@ -3360,7 +3360,7 @@
TPM_DELEGATE_INDEX d1DelegateIndex;
TPM_DELEGATE_OWNER_BLOB d1DelegateOwnerBlob;
TPM_DELEGATE_KEY_BLOB d1DelegateKeyBlob;
- TPM_DELEGATE_TABLE_ROW *d1DelegateTableRow;
+ TPM_DELEGATE_TABLE_ROW *d1DelegateTableRow = NULL;
TPM_FAMILY_ID familyID = 0;
TPM_FAMILY_TABLE_ENTRY *familyRow; /* family table row
containing familyID */
TPM_DELEGATE_PUBLIC *delegatePublic; /* from DSAP
session */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm12/tpm_nvfile.c
new/libtpms-0.7.3/src/tpm12/tpm_nvfile.c
--- old/libtpms-0.7.0/src/tpm12/tpm_nvfile.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm12/tpm_nvfile.c 2020-07-09 20:26:39.000000000
+0200
@@ -70,7 +70,8 @@
/* local prototypes */
-static void TPM_NVRAM_GetFilenameForName(char *filename,
+static TPM_RESULT TPM_NVRAM_GetFilenameForName(char *filename,
+ size_t filename_len,
uint32_t tpm_number,
const char *name);
@@ -189,7 +190,10 @@
/* open the file */
if (rc == 0) {
/* map name to the rooted filename */
- TPM_NVRAM_GetFilenameForName(filename, tpm_number, name);
+ rc = TPM_NVRAM_GetFilenameForName(filename, sizeof(filename),
+ tpm_number, name);
+ }
+ if (rc == 0) {
printf(" TPM_NVRAM_LoadData: Opening file %s\n", filename);
file = fopen(filename, "rb"); /* closed @1 */
if (file == NULL) { /* if failure, determine cause */
@@ -297,7 +301,10 @@
printf(" TPM_NVRAM_StoreData: To name %s\n", name);
if (rc == 0) {
/* map name to the rooted filename */
- TPM_NVRAM_GetFilenameForName(filename, tpm_number, name);
+ rc = TPM_NVRAM_GetFilenameForName(filename, sizeof(filename),
+ tpm_number, name);
+ }
+ if (rc == 0) {
/* open the file */
printf(" TPM_NVRAM_StoreData: Opening file %s\n", filename);
file = fopen(filename, "wb"); /* closed @1 */
@@ -339,14 +346,27 @@
state_directory/tpm_number.name
*/
-static void TPM_NVRAM_GetFilenameForName(char *filename, /* output:
rooted filename */
- uint32_t tpm_number,
- const char *name) /* input:
abstract name */
+static TPM_RESULT TPM_NVRAM_GetFilenameForName(char *filename, /*
output: rooted filename */
+ size_t filename_len,
+ uint32_t tpm_number,
+ const char *name) /*
input: abstract name */
{
+ int n;
+ TPM_RESULT rc = TPM_FAIL;
+
printf(" TPM_NVRAM_GetFilenameForName: For name %s\n", name);
- sprintf(filename, "%s/%02lx.%s", state_directory, (unsigned
long)tpm_number, name);
- printf(" TPM_NVRAM_GetFilenameForName: File name %s\n", filename);
- return;
+ n = snprintf(filename, filename_len,
+ "%s/%02lx.%s", state_directory, (unsigned long)tpm_number,
+ name);
+ if (n < 0) {
+ printf(" TPM_NVRAM_GetFilenameForName: Error (fatal), snprintf
failed\n");
+ } else if ((size_t)n >= filename_len) {
+ printf(" TPM_NVRAM_GetFilenameForName: Error (fatal), buffer too
small\n");
+ } else {
+ printf(" TPM_NVRAM_GetFilenameForName: File name %s\n", filename);
+ rc = TPM_SUCCESS;
+ }
+ return rc;
}
/* TPM_NVRAM_DeleteName() deletes the 'name' from NVRAM
@@ -380,7 +400,10 @@
printf(" TPM_NVRAM_DeleteName: Name %s\n", name);
/* map name to the rooted filename */
- TPM_NVRAM_GetFilenameForName(filename, tpm_number, name);
+ if (rc == 0) {
+ rc = TPM_NVRAM_GetFilenameForName(filename, sizeof(filename),
+ tpm_number, name);
+ }
if (rc == 0) {
irc = remove(filename);
if ((irc != 0) && /* if the remove failed */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm12/tpm_nvram.c
new/libtpms-0.7.3/src/tpm12/tpm_nvram.c
--- old/libtpms-0.7.0/src/tpm12/tpm_nvram.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm12/tpm_nvram.c 2020-07-09 20:26:39.000000000
+0200
@@ -1288,7 +1288,7 @@
TPM_BOOL ignore_auth = FALSE;
TPM_BOOL dir = FALSE;
TPM_BOOL physicalPresence;
- TPM_BOOL isGPIO;
+ TPM_BOOL isGPIO = FALSE;
BYTE *gpioData = NULL;
TPM_NV_DATA_SENSITIVE *d1NvdataSensitive;
uint32_t s1Last;
@@ -2000,7 +2000,7 @@
TPM_NV_DATA_SENSITIVE *d1NvdataSensitive;
uint32_t s1Last;
TPM_BOOL physicalPresence;
- TPM_BOOL isGPIO;
+ TPM_BOOL isGPIO = FALSE;
uint32_t nv1 =
tpm_state->tpm_permanent_data.noOwnerNVWrite;
/* temp for
noOwnerNVWrite, initialize to
silence compiler */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm12/tpm_process.c
new/libtpms-0.7.3/src/tpm12/tpm_process.c
--- old/libtpms-0.7.0/src/tpm12/tpm_process.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm12/tpm_process.c 2020-07-09 20:26:39.000000000
+0200
@@ -4844,7 +4844,7 @@
unsigned char * inParamEnd; /* ending point of inParam's */
TPM_DIGEST inParamDigest;
TPM_BOOL auditStatus; /* audit the ordinal */
- TPM_BOOL transportEncrypt; /* wrapped in encrypted
transport session */
+ TPM_BOOL transportEncrypt = FALSE;/* wrapped in encrypted
transport session */
TPM_BOOL authHandleValid = FALSE;
TPM_AUTH_SESSION_DATA *auth_session_data; /* session data for authHandle
*/
TPM_SECRET *hmacKey;
@@ -5144,7 +5144,7 @@
unsigned char * inParamEnd; /* ending point of inParam's */
TPM_DIGEST inParamDigest;
TPM_BOOL auditStatus; /* audit the ordinal */
- TPM_BOOL transportEncrypt; /* wrapped in encrypted
transport session */
+ TPM_BOOL transportEncrypt = FALSE;/* wrapped in encrypted
transport session */
TPM_BOOL authHandleValid = FALSE;
TPM_AUTH_SESSION_DATA *auth_session_data; /* session data for authHandle
*/
TPM_SECRET *hmacKey;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm12/tpm_session.c
new/libtpms-0.7.3/src/tpm12/tpm_session.c
--- old/libtpms-0.7.0/src/tpm12/tpm_session.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm12/tpm_session.c 2020-07-09 20:26:39.000000000
+0200
@@ -3044,7 +3044,7 @@
TPM_STORE_BUFFER b1_sbuffer; /* serialization of b1
*/
TPM_STCLEAR_DATA *v1StClearData = NULL;
TPM_KEY_HANDLE_ENTRY *tpm_key_handle_entry; /* key table entry for
the handle */
- TPM_AUTH_SESSION_DATA *tpm_auth_session_data; /* session table entry
for the handle */
+ TPM_AUTH_SESSION_DATA *tpm_auth_session_data = NULL; /* session table
entry for the handle */
TPM_TRANSPORT_INTERNAL *tpm_transport_internal; /* transport table
entry for the handle */
TPM_DAA_SESSION_DATA *tpm_daa_session_data; /* daa session table
entry for the handle */
TPM_NONCE *n1ContextNonce = NULL;
@@ -3053,7 +3053,7 @@
TPM_CONTEXT_SENSITIVE c1ContextSensitive;
TPM_CONTEXT_BLOB b1ContextBlob;
TPM_STORE_BUFFER c1_sbuffer; /* serialization of
c1ContextSensitive */
- uint32_t contextIndex; /* free index in
context list */
+ uint32_t contextIndex = 0; /* free index in
context list */
uint32_t space; /* free space in
context list */
TPM_BOOL isZero;
@@ -4931,7 +4931,7 @@
TPM_AUTH_SESSION_DATA *tpm_auth_session_data; /* session table entry
for the handle */
TPM_BOOL isZero; /* contextNonceSession
not set yet */
TPM_STCLEAR_DATA *v1StClearData = NULL;
- uint32_t contextIndex; /* free index in
context list */
+ uint32_t contextIndex = 0; /* free index in
context list */
uint32_t space; /* free space in
context list */
TPM_CONTEXT_SENSITIVE contextSensitive;
TPM_STORE_BUFFER contextSensitive_sbuffer; /* serialization of
contextSensitive */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm12/tpm_transport.c
new/libtpms-0.7.3/src/tpm12/tpm_transport.c
--- old/libtpms-0.7.0/src/tpm12/tpm_transport.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm12/tpm_transport.c 2020-07-09 20:26:39.000000000
+0200
@@ -2599,7 +2599,7 @@
TPM_BOOL authHandleValid = FALSE;
TPM_BOOL transHandleValid = FALSE;
TPM_AUTH_SESSION_DATA *auth_session_data = NULL; /* session data
for authHandle */
- TPM_TRANSPORT_INTERNAL *t1TpmTransportInternal;
+ TPM_TRANSPORT_INTERNAL *t1TpmTransportInternal = NULL;
TPM_SECRET *hmacKey;
TPM_KEY *sigKey = NULL; /* the key specified by
keyHandle */
TPM_BOOL parentPCRStatus;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm2/Marshal.c
new/libtpms-0.7.3/src/tpm2/Marshal.c
--- old/libtpms-0.7.0/src/tpm2/Marshal.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm2/Marshal.c 2020-07-09 20:26:39.000000000
+0200
@@ -1125,6 +1125,14 @@
return written;
}
+UINT16 // libtpms added begin
+TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32
*size)
+{
+ UINT16 written = 0;
+ written += TPM_KEY_BITS_Marshal(source, buffer, size);
+ return written;
+} // libtpms added end
+
/* Table 2:128 - Definition of TPMU_SYM_KEY_BITS Union (StructuresTable()) */
UINT16
@@ -1148,6 +1156,11 @@
written += TPMI_CAMELLIA_KEY_BITS_Marshal(&source->camellia, buffer,
size);
break;
#endif
+#if ALG_TDES // libtpms added begin
+ case TPM_ALG_TDES:
+ written += TPMI_TDES_KEY_BITS_Marshal(&source->tdes, buffer, size);
+ break;
+#endif // libtpms added end
#if ALG_XOR
case TPM_ALG_XOR:
written += TPMI_ALG_HASH_Marshal(&source->xorr, buffer, size);
@@ -1184,6 +1197,11 @@
written += TPMI_ALG_SYM_MODE_Marshal(&source->camellia, buffer, size);
break;
#endif
+#if ALG_TDES // libtpms added begin
+ case TPM_ALG_TDES:
+ written += TPMI_ALG_SYM_MODE_Marshal(&source->tdes, buffer, size);
+ break;
+#endif // libtpms added end
#if ALG_XOR
case TPM_ALG_XOR:
#endif
@@ -2002,7 +2020,7 @@
TPM2B_PUBLIC_Marshal(TPM2B_PUBLIC *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- BYTE *sizePtr;
+ BYTE *sizePtr = NULL; // libtpms changes for ppc64el gcc-5 -O3
if (buffer != NULL) {
sizePtr = *buffer;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm2/NVDynamic.c
new/libtpms-0.7.3/src/tpm2/NVDynamic.c
--- old/libtpms-0.7.0/src/tpm2/NVDynamic.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm2/NVDynamic.c 2020-07-09 20:26:39.000000000
+0200
@@ -115,7 +115,7 @@
)
{
NV_REF addr;
- TPM_HANDLE nvHandle;
+ TPM_HANDLE nvHandle = 0; // libtpms changed: gcc 10.1.0 complaint
while((addr = NvNext(iter, &nvHandle)) != 0)
{
// addr: the address of the location containing the handle of the
value
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm2/PCR.c
new/libtpms-0.7.3/src/tpm2/PCR.c
--- old/libtpms-0.7.0/src/tpm2/PCR.c 2019-07-19 18:27:37.000000000 +0200
+++ new/libtpms-0.7.3/src/tpm2/PCR.c 2020-07-09 20:26:39.000000000 +0200
@@ -163,6 +163,7 @@
)
{
#if ENABLE_PCR_NO_INCREMENT == YES
+#if 0
// Platform specification decides if a PCR belongs to a TCB group. In this
// implementation, we assume PCR[20-22] belong to TCB group. If the
platform
// specification requires differently, the implementation should be
@@ -170,6 +171,12 @@
if(handle >= 20 && handle <= 22)
return TRUE;
#endif
+ /* kgold - changed for PC Client, 16, 21-23 no increment */
+ if ((handle == 16) ||
+ ((handle >= 21) && (handle <= 23))) {
+ return TRUE;
+ }
+#endif
return FALSE;
}
/* 8.7.3.4 PCRPolicyIsAvailable() */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm2/SessionProcess.c
new/libtpms-0.7.3/src/tpm2/SessionProcess.c
--- old/libtpms-0.7.0/src/tpm2/SessionProcess.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm2/SessionProcess.c 2020-07-09 20:26:39.000000000
+0200
@@ -3,7 +3,7 @@
/* Process the Authorization Sessions
*/
/* Written by Ken Goldman
*/
/* IBM Thomas J. Watson Research Center
*/
-/* $Id: SessionProcess.c 1262 2018-07-11 21:03:43Z kgoldman $
*/
+/* $Id: SessionProcess.c 1493 2019-09-04 13:31:35Z kgoldman $
*/
/*
*/
/* Licenses and Notices
*/
/*
*/
@@ -1235,7 +1235,10 @@
TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex];
TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex];
TPM_HT sessionHandleType = HandleGetType(sessionHandle);
+ BOOL authUsed;
+
pAssert(sessionHandle != TPM_RH_UNASSIGNED);
+
// Take care of physical presence
if(associatedHandle == TPM_RH_PLATFORM)
{
@@ -1265,11 +1268,14 @@
session->attributes.includeAuth =
!IsSessionBindEntity(s_associatedHandles[sessionIndex],
session);
}
+ authUsed = session->attributes.includeAuth;
}
+ else
+ // Password session
+ authUsed = TRUE;
// If the authorization session is going to use an authValue, then make
sure
// that access to that authValue isn't locked out.
- // Note: session == NULL for a PW session.
- if(session == NULL || session->attributes.includeAuth)
+ if(authUsed)
{
// See if entity is subject to lockout.
if(!IsDAExempted(associatedHandle))
@@ -1310,19 +1316,16 @@
else
result = CheckSessionHMAC(command, sessionIndex);
// Do processing for PIN Indexes are only three possibilities for 'result'
at
- // this point.
- // TPM_RC_SUCCESS
- // TPM_RC_AUTH_FAIL
- // TPM_RC_BAD_AUTH
+ // this point: TPM_RC_SUCCESS, TPM_RC_AUTH_FAIL, TPM_RC_BAD_AUTH
// For all these cases, we would have to process a PIN index if the
// authValue of the index was used for authorization.
- // See if we need to do anything to a PIN index
- if(TPM_HT_NV_INDEX == HandleGetType(associatedHandle))
+ if((TPM_HT_NV_INDEX == HandleGetType(associatedHandle)) && authUsed)
{
NV_REF locator;
NV_INDEX *nvIndex = NvGetIndexInfo(associatedHandle,
&locator);
NV_PIN pinData;
TPMA_NV nvAttributes;
+
pAssert(nvIndex != NULL);
nvAttributes = nvIndex->publicArea.attributes;
// If this is a PIN FAIL index and the value has been written
@@ -1338,7 +1341,7 @@
NvWriteUINT64Data(nvIndex, pinData.intVal);
}
// If this is a PIN PASS Index, increment if we have used the
- // authorization value for anything other than NV_Read.
+ // authorization value.
// NOTE: If the counter has already hit the limit, then we
// would not get here because the authorization value would not
// be available and the TPM would have returned before it gets here
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm2/Unmarshal.c
new/libtpms-0.7.3/src/tpm2/Unmarshal.c
--- old/libtpms-0.7.0/src/tpm2/Unmarshal.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm2/Unmarshal.c 2020-07-09 20:26:39.000000000
+0200
@@ -41,7 +41,9 @@
#include <string.h>
+#include "Tpm.h" // libtpms added
#include "Unmarshal_fp.h"
+#include "CryptEccMain_fp.h" // libtpms added
TPM_RC
UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size)
@@ -1085,6 +1087,9 @@
#if ALG_CAMELLIA
case TPM_ALG_CAMELLIA:
#endif
+#if ALG_TDES // libtpms added begin
+ case TPM_ALG_TDES:
+#endif // libtpms added end
#if ALG_XOR
case TPM_ALG_XOR:
#endif
@@ -1121,6 +1126,9 @@
#if ALG_CAMELLIA
case TPM_ALG_CAMELLIA:
#endif
+#if ALG_TDES // libtpms added begin
+ case TPM_ALG_TDES:
+#endif // iibtpms added end
break;
case TPM_ALG_NULL:
if (allowNull) {
@@ -2449,6 +2457,28 @@
}
#endif
+#if ALG_TDES // libtpms added begin
+TPM_RC
+TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32
*size)
+{
+ TPM_RC rc = TPM_RC_SUCCESS;
+
+ if (rc == TPM_RC_SUCCESS) {
+ rc = TPM_KEY_BITS_Unmarshal(target, buffer, size);
+ }
+ if (rc == TPM_RC_SUCCESS) {
+ switch (*target) {
+ case 128:
+ case 192:
+ break;
+ default:
+ rc = TPM_RC_VALUE;
+ }
+ }
+ return rc;
+}
+#endif // libtpms added end
+
/* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */
TPM_RC
@@ -2472,6 +2502,11 @@
rc = TPMI_CAMELLIA_KEY_BITS_Unmarshal(&target->camellia, buffer, size);
break;
#endif
+#if ALG_TDES // libtpms added beging
+ case TPM_ALG_TDES:
+ rc = TPMI_TDES_KEY_BITS_Unmarshal(&target->tdes, buffer, size);
+ break;
+#endif // libtpms added end
#if ALG_XOR
case TPM_ALG_XOR:
rc = TPMI_ALG_HASH_Unmarshal(&target->xorr, buffer, size, NO);
@@ -2508,6 +2543,11 @@
rc = TPMI_ALG_SYM_MODE_Unmarshal(&target->camellia, buffer, size, YES);
break;
#endif
+#if ALG_TDES // libtpms added begin
+ case TPM_ALG_TDES:
+ rc = TPMI_ALG_SYM_MODE_Unmarshal(&target->tdes, buffer, size, YES);
+ break;
+#endif // libtpms added end
case TPM_ALG_XOR:
case TPM_ALG_NULL:
break;
@@ -3484,12 +3524,30 @@
#if ECC_BN_P256
case TPM_ECC_BN_P256:
#endif
+#if ECC_BN_P638 // libtpms added begin
+ case TPM_ECC_BN_P638:
+#endif
+#if ECC_NIST_P192
+ case TPM_ECC_NIST_P192:
+#endif
+#if ECC_NIST_P224
+ case TPM_ECC_NIST_P224:
+#endif // libtpms added end
#if ECC_NIST_P256
case TPM_ECC_NIST_P256:
#endif
#if ECC_NIST_P384
case TPM_ECC_NIST_P384:
#endif
+#if ECC_NIST_P521 // libtpms added begin
+ case TPM_ECC_NIST_P521:
+#endif
+#if ECC_SM2_P256
+ case TPM_ECC_SM2_P256:
+#endif
+ if (!CryptEccIsCurveRuntimeUsable(*target))
+ rc = TPM_RC_CURVE;
+ // libtpms added end
break;
default:
rc = TPM_RC_CURVE;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm2/VendorString.h
new/libtpms-0.7.3/src/tpm2/VendorString.h
--- old/libtpms-0.7.0/src/tpm2/VendorString.h 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm2/VendorString.h 2020-07-09 20:26:39.000000000
+0200
@@ -65,7 +65,7 @@
/* Define up to 4-byte values for MANUFACTURER. This value defines the
response for
TPM_PT_MANUFACTURER in TPM2_GetCapability(). The following line should be
un-commented and a
vendor specific string should be provided here. */
-#define MANUFACTURER "IBM "
+#define MANUFACTURER "IBM"
/* The following #if macro may be deleted after a proper MANUFACTURER is
provided. */
#ifndef MANUFACTURER
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm2/Volatile.c
new/libtpms-0.7.3/src/tpm2/Volatile.c
--- old/libtpms-0.7.0/src/tpm2/Volatile.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/src/tpm2/Volatile.c 2020-07-09 20:26:39.000000000
+0200
@@ -62,6 +62,9 @@
UINT16 hashAlg = TPM_ALG_SHA1;
if (rc == TPM_RC_SUCCESS) {
+ if ((UINT32)*size < sizeof(hash))
+ return TPM_RC_INSUFFICIENT;
+
CryptHashBlock(hashAlg, *size - sizeof(hash), *buffer,
sizeof(acthash), acthash);
rc = VolatileState_Unmarshal(buffer, size);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm2/crypto/CryptEccMain_fp.h
new/libtpms-0.7.3/src/tpm2/crypto/CryptEccMain_fp.h
--- old/libtpms-0.7.0/src/tpm2/crypto/CryptEccMain_fp.h 2019-07-19
18:27:37.000000000 +0200
+++ new/libtpms-0.7.3/src/tpm2/crypto/CryptEccMain_fp.h 2020-07-09
20:26:39.000000000 +0200
@@ -216,5 +216,11 @@
// RNG state
);
+// libtpms added begin
+LIB_EXPORT BOOL
+CryptEccIsCurveRuntimeUsable(
+ TPMI_ECC_CURVE curveId
+ );
+// libtpms added end
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm2/crypto/openssl/CryptEccMain.c
new/libtpms-0.7.3/src/tpm2/crypto/openssl/CryptEccMain.c
--- old/libtpms-0.7.0/src/tpm2/crypto/openssl/CryptEccMain.c 2019-07-19
18:27:37.000000000 +0200
+++ new/libtpms-0.7.3/src/tpm2/crypto/openssl/CryptEccMain.c 2020-07-09
20:26:39.000000000 +0200
@@ -244,6 +244,8 @@
// If curveID is less than the starting curveID, skip it
if(curve < curveID)
continue;
+ if (!CryptEccIsCurveRuntimeUsable(curve)) // libtpms added: runtime
filter supported curves
+ continue;
if(curveList->count < maxCount)
{
// If we have not filled up the return list, add more
curves to
@@ -779,4 +781,21 @@
CURVE_FREE(E);
return retVal;
}
+
+// libtpms added begin
+// Support for some curves may be compiled in but they may not be
+// supported by openssl's crypto library.
+LIB_EXPORT BOOL
+CryptEccIsCurveRuntimeUsable(
+ TPMI_ECC_CURVE curveId
+ )
+{
+ CURVE_INITIALIZED(E, curveId);
+ if (E == NULL)
+ return FALSE;
+ CURVE_FREE(E);
+ return TRUE;
+}
+// libtpms added end
+
#endif // TPM_ALG_ECC
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm2/crypto/openssl/CryptRsa.c
new/libtpms-0.7.3/src/tpm2/crypto/openssl/CryptRsa.c
--- old/libtpms-0.7.0/src/tpm2/crypto/openssl/CryptRsa.c 2019-07-19
18:27:37.000000000 +0200
+++ new/libtpms-0.7.3/src/tpm2/crypto/openssl/CryptRsa.c 2020-07-09
20:26:39.000000000 +0200
@@ -1318,6 +1318,7 @@
const char *digestname;
size_t outlen;
unsigned char *tmp = NULL;
+ unsigned char buffer[MAX_RSA_KEY_BYTES];
// Make sure that the necessary parameters are provided
pAssert(cIn != NULL && dOut != NULL && key != NULL);
@@ -1372,11 +1373,16 @@
break;
}
- outlen = cIn->size;
- if (EVP_PKEY_decrypt(ctx, dOut->buffer, &outlen,
+ /* cannot use cOut->buffer */
+ outlen = sizeof(buffer);
+ if (EVP_PKEY_decrypt(ctx, buffer, &outlen,
cIn->buffer, cIn->size) <= 0)
ERROR_RETURN(TPM_RC_FAILURE);
+ if (outlen > dOut->size)
+ ERROR_RETURN(TPM_RC_FAILURE);
+
+ memcpy(dOut->buffer, buffer, outlen);
dOut->size = outlen;
retVal = TPM_RC_SUCCESS;
@@ -1453,6 +1459,16 @@
EVP_PKEY_CTX_set_signature_md(ctx, md) <= 0)
ERROR_RETURN(TPM_RC_FAILURE);
+ /* careful with PSS padding: Use salt length = hash length (-1) if
+ * length(digest) + length(hash-to-sign) + 2 <= modSize
+ * otherwise use the max. possible salt length, which is the default (-2)
+ * test case: 1024 bit key PSS signing sha512 hash
+ */
+ if (padding == RSA_PKCS1_PSS_PADDING &&
+ EVP_MD_size(md) + hIn->b.size + 2 <= modSize && /* OSSL:
RSA_padding_add_PKCS1_PSS_mgf1 */
+ EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, -1) <= 0)
+ ERROR_RETURN(TPM_RC_FAILURE);
+
outlen = sigOut->signature.rsapss.sig.t.size;
if (EVP_PKEY_sign(ctx,
sigOut->signature.rsapss.sig.t.buffer, &outlen,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/src/tpm2/crypto/openssl/CryptSym.c
new/libtpms-0.7.3/src/tpm2/crypto/openssl/CryptSym.c
--- old/libtpms-0.7.0/src/tpm2/crypto/openssl/CryptSym.c 2019-07-19
18:27:37.000000000 +0200
+++ new/libtpms-0.7.3/src/tpm2/crypto/openssl/CryptSym.c 2020-07-09
20:26:39.000000000 +0200
@@ -631,8 +631,7 @@
EVP_CIPHER_CTX *ctx = NULL;
int outlen1 = 0;
int outlen2 = 0;
- BYTE *pOut = dOut;
- BYTE *buffer = NULL;
+ BYTE *buffer;
UINT32 buffersize = 0;
BYTE keyToUse[MAX_SYM_KEY_BYTES];
UINT16 keyToUseLen = (UINT16)sizeof(keyToUse);
@@ -660,23 +659,35 @@
else
iv = defaultIv;
+ switch(mode)
+ {
+#if ALG_CBC || ALG_ECB
+ case ALG_CBC_VALUE:
+ case ALG_ECB_VALUE:
+ // For ECB and CBC, the data size must be an even multiple of the
+ // cipher block size
+ if((dSize % blockSize) != 0)
+ return TPM_RC_SIZE;
+ break;
+#endif
+ default:
+ break;
+ }
+
evpfn = GetEVPCipher(algorithm, keySizeInBits, mode, key,
keyToUse, &keyToUseLen);
if (evpfn == NULL)
return TPM_RC_FAILURE;
- if (dIn == dOut) {
- // in-place encryption; we use a temp buffer
- buffersize = TPM2_ROUNDUP(dSize, blockSize);
- buffer = malloc(buffersize);
- if (buffer == NULL)
- ERROR_RETURN(TPM_RC_FAILURE);
- pOut = buffer;
- }
+ /* a buffer with a 'safety margin' for EVP_DecryptUpdate */
+ buffersize = TPM2_ROUNDUP(dSize + blockSize, blockSize);
+ buffer = malloc(buffersize);
+ if (buffer == NULL)
+ ERROR_RETURN(TPM_RC_FAILURE);
#if ALG_TDES && ALG_CTR
if (algorithm == TPM_ALG_TDES && mode == ALG_CTR_VALUE) {
- TDES_CTR(keyToUse, keyToUseLen * 8, dSize, dIn, iv, pOut, blockSize);
+ TDES_CTR(keyToUse, keyToUseLen * 8, dSize, dIn, iv, buffer, blockSize);
outlen1 = dSize;
ERROR_RETURN(TPM_RC_SUCCESS);
}
@@ -685,17 +696,22 @@
ctx = EVP_CIPHER_CTX_new();
if (!ctx ||
EVP_DecryptInit_ex(ctx, evpfn(), NULL, keyToUse, iv) != 1 ||
- EVP_DecryptUpdate(ctx, pOut, &outlen1, dIn, dSize) != 1)
+ EVP_CIPHER_CTX_set_padding(ctx, 0) != 1 ||
+ EVP_DecryptUpdate(ctx, buffer, &outlen1, dIn, dSize) != 1)
ERROR_RETURN(TPM_RC_FAILURE);
- pAssert(outlen1 <= dSize || dSize >= outlen1 + blockSize);
+ pAssert((int)buffersize >= outlen1);
- if (EVP_DecryptFinal(ctx, pOut + outlen1, &outlen2) != 1)
+ if (EVP_DecryptFinal(ctx, &buffer[outlen1], &outlen2) != 1)
ERROR_RETURN(TPM_RC_FAILURE);
+ pAssert((int)buffersize >= outlen1 + outlen2);
+
Exit:
- if (retVal == TPM_RC_SUCCESS && pOut != dOut)
- memcpy(dOut, pOut, outlen1 + outlen2);
+ if (retVal == TPM_RC_SUCCESS) {
+ pAssert(dSize >= outlen1 + outlen2);
+ memcpy(dOut, buffer, outlen1 + outlen2);
+ }
clear_and_free(buffer, buffersize);
EVP_CIPHER_CTX_free(ctx);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.7.0/tests/tpm2_pcr_read.c
new/libtpms-0.7.3/tests/tpm2_pcr_read.c
--- old/libtpms-0.7.0/tests/tpm2_pcr_read.c 2019-07-19 18:27:37.000000000
+0200
+++ new/libtpms-0.7.3/tests/tpm2_pcr_read.c 2020-07-09 20:26:39.000000000
+0200
@@ -7,6 +7,19 @@
#include <libtpms/tpm_error.h>
#include <libtpms/tpm_memory.h>
+static void dump_array(const char *h, const unsigned char *d, size_t dlen)
+{
+ size_t i;
+
+ fprintf(stderr, "%s\n", h);
+ for (i = 0; i < dlen; i++) {
+ fprintf(stderr, "%02x ", d[i]);
+ if ((i & 0xf) == 0xf)
+ fprintf(stderr, "\n");
+ }
+ fprintf(stderr, "\n");
+}
+
int main(void)
{
unsigned char *rbuffer = NULL;
@@ -43,7 +56,7 @@
};
const unsigned char tpm2_pcr_read_exp_resp[] = {
0x80, 0x01, 0x00, 0x00, 0x01, 0x86, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00,
0x00, 0x04, 0x00, 0x04, 0x03, 0x01, 0x00, 0x10,
0x00, 0x0b, 0x03, 0x01, 0x00, 0x10, 0x00, 0x0c,
0x03, 0x01, 0x00, 0x10, 0x00, 0x0d, 0x03, 0x01,
@@ -127,6 +140,8 @@
if (memcmp(rbuffer, tpm2_pcr_read_exp_resp, rlength)) {
fprintf(stderr, "Expected response is different than received one.\n");
+ dump_array("actual:", rbuffer, rlength);
+ dump_array("expected:", tpm2_pcr_read_exp_resp,
sizeof(tpm2_pcr_read_exp_resp));
goto exit;
}
@@ -167,7 +182,7 @@
const unsigned char tpm2_pcr10_read_resp[] = {
0x80, 0x01, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00,
0x00, 0x01, 0x00, 0x0b, 0x03, 0x00, 0x04, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x20, 0x1f, 0x7f,
0xb1, 0x00, 0xe1, 0xb2, 0xd1, 0x95, 0x19, 0x4b,
@@ -178,6 +193,8 @@
if (memcmp(tpm2_pcr10_read_resp, rbuffer, rlength)) {
fprintf(stderr, "TPM2_PCRRead(PCR10) did not return expected
result\n");
+ dump_array("actual:", rbuffer, rlength);
+ dump_array("expected:", tpm2_pcr10_read_resp,
sizeof(tpm2_pcr10_read_resp));
goto exit;
}
