The opensuse-tumbleweed build jobs currently fail with:
/builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.c: In function
'rsa_private':
/builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.c:56:7: error:
the comparison will always evaluate as 'true' for the address of 'p' will never
be NULL [-Werror=address]
56 | if (!key->p || !key->q || !key->u) {
| ^
In file included from
/builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.c:17:
/builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.h:28:12: note:
'p' declared here
28 | tpm_bn_t p;
| ^
This is because all tpm_bn_t's are 1-element arrays (of either a GMP or
OpenSSL BIGNUM flavour). The author was probably meaning to do value checks,
but that's not what the code does.
Adjust it to compile. No functional change.
Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
---
CC: George Dunlap <george.dun...@eu.citrix.com>
CC: Jan Beulich <jbeul...@suse.com>
CC: Stefano Stabellini <sstabell...@kernel.org>
CC: Wei Liu <w...@xen.org>
CC: Julien Grall <jul...@xen.org>
CC: Juergen Gross <jgr...@suse.com>
CC: Marek Marczykowski-Górecki <marma...@invisiblethingslab.com>
CC: Jason Andryuk <jandr...@gmail.com>
CC: Daniel Smith <dpsm...@apertussolutions.com>
CC: Christopher Clark <christopher.w.cl...@gmail.com>
While I've confirmed this to fix the build issue:
https://gitlab.com/xen-project/people/andyhhp/xen/-/pipelines/955160430
I'm -1 overall to the change, and would prefer to disable vtpm-stubdom
entirely.
It's TPM 1.2 only, using decades-old libs, and some stuff in the upstream
https://github.com/PeterHuewe/tpm-emulator (which is still abandaonded as of
2018) is just as concerning as the basic error here in rsa_private().
vtpm-stubdom isn't credibly component of a Xen system, and we're wasting loads
of CI cycles testing it...
---
stubdom/Makefile | 1 +
stubdom/vtpm-tpm_bn_t-addr.patch | 18 ++++++++++++++++++
2 files changed, 19 insertions(+)
create mode 100644 stubdom/vtpm-tpm_bn_t-addr.patch
diff --git a/stubdom/Makefile b/stubdom/Makefile
index a21e1c3fa3a8..d5fb354e7e37 100644
--- a/stubdom/Makefile
+++ b/stubdom/Makefile
@@ -243,6 +243,7 @@ tpm_emulator-$(XEN_TARGET_ARCH):
tpm_emulator-$(TPMEMU_VERSION).tar.gz
patch -d $@ -p1 < vtpm_extern.patch
patch -d $@ -p1 < vtpm-microsecond-duration.patch
patch -d $@ -p1 < vtpm-command-duration.patch
+ patch -d $@ -p1 < vtpm-tpm_bn_t-addr.patch
mkdir $@/build
cd $@/build; CC=${CC} $(CMAKE) .. -DCMAKE_C_FLAGS:STRING="-std=c99
-DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS)
-Wno-declaration-after-statement"
touch $@
diff --git a/stubdom/vtpm-tpm_bn_t-addr.patch b/stubdom/vtpm-tpm_bn_t-addr.patch
new file mode 100644
index 000000000000..53172ae1c244
--- /dev/null
+++ b/stubdom/vtpm-tpm_bn_t-addr.patch
@@ -0,0 +1,18 @@
+All tpm_bn_t's are a 1-element array of one form or another, meaning the code
+below is tautological and triggers -Werror=address.
+
+diff -ru tpm_emulator-x86_64.orig/crypto/rsa.c tpm_emulator-x86_64/crypto/rsa.c
+--- tpm_emulator-x86_64.orig/crypto/rsa.c 2011-12-20 18:30:06.000000000
+0000
++++ tpm_emulator-x86_64/crypto/rsa.c 2023-08-03 20:44:17.379166284 +0100
+@@ -53,10 +53,7 @@
+ tpm_bn_init2(c, key->size);
+ tpm_bn_import(p, in_len, 1, in);
+
+- if (!key->p || !key->q || !key->u) {
+- /* c = p ^ d mod n */
+- tpm_bn_powm(c, p, key->d, key->n);
+- } else {
++ {
+ tpm_bn_init2(m1, key->size / 2);
+ tpm_bn_init2(m2, key->size / 2);
+ tpm_bn_init2(h, key->size);
base-commit: 092cae024ab6cd9bd5788eb6ca3ae1a05e796c0a
--
2.30.2
