diff --git a/Fixed-failure-to-recognise-connections-from-localhos.patch b/Fixed-failure-to-recognise-connections-from-localhos.patch deleted file mode 100644 index 3bf4356..0000000 --- a/Fixed-failure-to-recognise-connections-from-localhos.patch +++ /dev/null @@ -1,38 +0,0 @@ -From d74889b409a52636cc831e283be7fdc1eda8dff4 Mon Sep 17 00:00:00 2001 -From: Vadim Penzin -Date: Tue, 28 Oct 2014 23:07:49 -0400 -Subject: [PATCH 06/28] Fixed failure to recognise connections from localhost - over IPv6 - -Misplaced closing curly bracket makes check for ::1 a dead code. -The attached patch fixes this issue. - -From https://sourceforge.net/p/trousers/trousers/ci/96a3a67e5ac023aaf8932ec8ac769a04523bd984/ ---- - src/tcs/rpc/tcstp/rpc.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c -index 08deb84..cc8a085 100644 ---- a/src/tcs/rpc/tcstp/rpc.c -+++ b/src/tcs/rpc/tcstp/rpc.c -@@ -540,6 +540,7 @@ access_control(struct tcsd_thread_data *thread_data) - if (memcmp(&sa_in->sin_addr.s_addr, &nloopaddr, - sizeof(in_addr_t)) == 0) - is_localhost = 1; -+ } - else if (sa->sa_family == AF_INET6) { - struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa; - if (memcmp(&sa_in6->sin6_addr.s6_addr, &in6addr_loopback, -@@ -551,7 +552,7 @@ access_control(struct tcsd_thread_data *thread_data) - * approve it */ - if (is_localhost) - return 0; -- } else { -+ else { - while (tcsd_options.remote_ops[i]) { - if ((UINT32)tcsd_options.remote_ops[i] == thread_data->comm.hdr.u.ordinal) { - LogInfo("Accepted %s operation from %s", --- -1.8.3.1 - diff --git a/Fixed-incorrect-check-of-the-result-of-getpeername-2.patch b/Fixed-incorrect-check-of-the-result-of-getpeername-2.patch deleted file mode 100644 index 50a788e..0000000 --- a/Fixed-incorrect-check-of-the-result-of-getpeername-2.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 104dc8e665c8b7f1f397b8dfbec4c3060ef12a0c Mon Sep 17 00:00:00 2001 -From: Vadim Penzin -Date: Tue, 28 Oct 2014 18:09:26 -0400 -Subject: [PATCH 03/28] Fixed incorrect check of the result of getpeername(2) - -From https://sourceforge.net/p/trousers/trousers/ci/104dc8e665c8b7f1f397b8dfbec4c3060ef12a0c/ ---- - src/tcs/rpc/tcstp/rpc.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c -index 0fc7e83..a235a84 100644 ---- a/src/tcs/rpc/tcstp/rpc.c -+++ b/src/tcs/rpc/tcstp/rpc.c -@@ -524,7 +524,8 @@ access_control(struct tcsd_thread_data *thread_data) - struct sockaddr *sa; - socklen_t sas_len = sizeof(sas); - -- if (!getpeername(thread_data->sock, (struct sockaddr *)&sas, &sas_len)) { -+ if (getpeername(thread_data->sock, (struct sockaddr *)&sas, -+ &sas_len) == -1) { - LogError("Error retrieving local socket address: %s", strerror(errno)); - return 1; - } --- -1.8.3.1 - diff --git a/Fixed-possible-double-free-when-freeing-context-memo.patch b/Fixed-possible-double-free-when-freeing-context-memo.patch deleted file mode 100644 index d9b4e57..0000000 --- a/Fixed-possible-double-free-when-freeing-context-memo.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0317141799e03798d42a42cf84d7680159d63df3 Mon Sep 17 00:00:00 2001 -From: Krzysztof Kotlenga -Date: Wed, 5 Nov 2014 18:02:01 -0500 -Subject: [PATCH 10/28] Fixed possible double free when freeing context memory - -Use the right free call or else it will crash when freeing context -memory and an owner evict key has been loaded. - -From https://sourceforge.net/p/trousers/trousers/ci/0317141799e03798d42a42cf84d7680159d63df3 ---- - src/tspi/tspi_ps.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tspi/tspi_ps.c b/src/tspi/tspi_ps.c -index bde3e53..237fadf 100644 ---- a/src/tspi/tspi_ps.c -+++ b/src/tspi/tspi_ps.c -@@ -107,7 +107,7 @@ Tspi_Context_LoadKeyByUUID(TSS_HCONTEXT tspContext, /* in */ - - result = obj_rsakey_set_pubkey(*phKey, FALSE, rgbPubKey); - -- free(rgbPubKey); -+ free_tspi(tspContext,rgbPubKey); - if (result != TSS_SUCCESS) - return result; - } else { --- -1.8.3.1 - diff --git a/Fixed-the-wrong-type-used-while-comparing-IPv4-addre.patch b/Fixed-the-wrong-type-used-while-comparing-IPv4-addre.patch deleted file mode 100644 index ab92da1..0000000 --- a/Fixed-the-wrong-type-used-while-comparing-IPv4-addre.patch +++ /dev/null @@ -1,38 +0,0 @@ -From b236ece1136ede77435f7af80b60a05e175678c6 Mon Sep 17 00:00:00 2001 -From: Vadim Penzin -Date: Tue, 28 Oct 2014 22:25:41 -0400 -Subject: [PATCH 04/28] Fixed the wrong type used while comparing IPv4 - addresses - -src/tcs/rpc/tcstp/rpc.c:access_control() checks if peer's address is -INADDR_LOOPBACK. There are two issues with the current code: - -1. For correctness, in_addr_t should be used instead of uint32_t. -2. memcmp(3) is passed sizeof(struct sockaddr_in) that is larger than -sizeof(in_add_r) (or sizeof(uin32_t) for that matter), so the call -always fails. - -From https://sourceforge.net/p/trousers/trousers/ci/b236ece1136ede77435f7af80b60a05e175678c6/ ---- - src/tcs/rpc/tcstp/rpc.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c -index a235a84..1573a8a 100644 ---- a/src/tcs/rpc/tcstp/rpc.c -+++ b/src/tcs/rpc/tcstp/rpc.c -@@ -536,9 +536,9 @@ access_control(struct tcsd_thread_data *thread_data) - // Check if it's localhost for both inet protocols - if (sa->sa_family == AF_INET) { - struct sockaddr_in *sa_in = (struct sockaddr_in *)sa; -- uint32_t nloopaddr = htonl(INADDR_LOOPBACK); -+ in_addr_t nloopaddr = htonl(INADDR_LOOPBACK); - if (memcmp(&sa_in->sin_addr.s_addr, &nloopaddr, -- sizeof(struct sockaddr_in)) == 0) -+ sizeof(in_addr_t)) == 0) - is_localhost = 1; - else if (sa->sa_family == AF_INET6) { - struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa; --- -1.8.3.1 - diff --git a/Fixed-the-wrong-type-used-while-comparing-IPv6-addre.patch b/Fixed-the-wrong-type-used-while-comparing-IPv6-addre.patch deleted file mode 100644 index 65c8226..0000000 --- a/Fixed-the-wrong-type-used-while-comparing-IPv6-addre.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 802563fd38d10a9233aa60ac5ac50ae3bd15a7ad Mon Sep 17 00:00:00 2001 -From: Vadim Penzin -Date: Tue, 28 Oct 2014 22:53:28 -0400 -Subject: [PATCH 05/28] Fixed the wrong type used while comparing IPv6 - addresses - -src/tcs/rpc/tcstp/rpc.c:access_control() checks if peer's address -is in6addr_loopback. memcmp(3) is passed sizeof(struct sockaddr_in6) -that is larger than sizeof(struct in6_addr), so the call always fails. - -From https://sourceforge.net/p/trousers/trousers/ci/802563fd38d10a9233aa60ac5ac50ae3bd15a7ad/ ---- - src/tcs/rpc/tcstp/rpc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c -index 1573a8a..08deb84 100644 ---- a/src/tcs/rpc/tcstp/rpc.c -+++ b/src/tcs/rpc/tcstp/rpc.c -@@ -543,7 +543,7 @@ access_control(struct tcsd_thread_data *thread_data) - else if (sa->sa_family == AF_INET6) { - struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa; - if (memcmp(&sa_in6->sin6_addr.s6_addr, &in6addr_loopback, -- sizeof(struct sockaddr_in6)) == 0) -+ sizeof(struct in6_addr)) == 0) - is_localhost = 1; - } - --- -1.8.3.1 - diff --git a/PATCH-Fix-memory-leak-in-Tspi_Context_Connect.patch b/PATCH-Fix-memory-leak-in-Tspi_Context_Connect.patch deleted file mode 100644 index b949951..0000000 --- a/PATCH-Fix-memory-leak-in-Tspi_Context_Connect.patch +++ /dev/null @@ -1,37 +0,0 @@ -From a09a0fd1a06714bae8d2febe2b637b6ed46cde1f Mon Sep 17 00:00:00 2001 -From: "Hon Ching(Vicky) Lo" -Date: Wed, 7 Sep 2016 21:57:17 -0400 -Subject: [PATCH 22/28] [PATCH] Fix memory leak in Tspi_Context_Connect - -Should (wszDestination != NULL) and (RPC_OpenContext OR -obj_context_set_machine_name) fail, machine_name is leaked. - -Signed-off-by: Chads -Reviewed-by: Hon Ching(Vicky) Lo - -From https://sourceforge.net/p/trousers/trousers/ci/a09a0fd1a06714bae8d2febe2b637b6ed46cde1f ---- - src/tspi/tspi_context.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c -index 6c6ad56..93ce3ed 100644 ---- a/src/tspi/tspi_context.c -+++ b/src/tspi/tspi_context.c -@@ -89,9 +89,11 @@ Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */ - } - - if ((result = RPC_OpenContext(tspContext, machine_name, -- CONNECTION_TYPE_TCP_PERSISTANT))) -+ CONNECTION_TYPE_TCP_PERSISTANT))) { -+ free(machine_name); - return result; -- -+ } -+ free(machine_name); - if ((result = obj_context_set_machine_name(tspContext, machine_name, - strlen((char *)machine_name)+1))) - return result; --- -1.8.3.1 - diff --git a/PATCH-Fix-more-memory-leaks-in-Tspi_Context_Connect.patch b/PATCH-Fix-more-memory-leaks-in-Tspi_Context_Connect.patch deleted file mode 100644 index f71ac4a..0000000 --- a/PATCH-Fix-more-memory-leaks-in-Tspi_Context_Connect.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 21d3ca10d52ffadf5abcf57edc52a16d22975c8d Mon Sep 17 00:00:00 2001 -From: "Hon Ching(Vicky) Lo" -Date: Wed, 7 Sep 2016 22:11:00 -0400 -Subject: [PATCH 23/28] [PATCH] Fix more memory leaks in Tspi_Context_Connect - -obj_context_get_machine_name allocated memory for the 'machine_name'. -'machine_name' needs to be freed inside the IF-block of the function, -regardless whether RPC_OpenContext succeeds or fails. - -Signed-off-by: Hon Ching(Vicky) Lo - -From https://sourceforge.net/p/trousers/trousers/ci/21d3ca10d52ffadf5abcf57edc52a16d22975c8d ---- - src/tspi/tspi_context.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c -index 93ce3ed..f3e05cf 100644 ---- a/src/tspi/tspi_context.c -+++ b/src/tspi/tspi_context.c -@@ -79,8 +79,11 @@ Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */ - return result; - - if ((result = RPC_OpenContext(tspContext, machine_name, -- CONNECTION_TYPE_TCP_PERSISTANT))) -+ CONNECTION_TYPE_TCP_PERSISTANT))) { -+ free(machine_name); - return result; -+ } -+ - } else { - if ((machine_name = - Trspi_UNICODE_To_Native((BYTE *)wszDestination, NULL)) == NULL) { -@@ -99,6 +102,8 @@ Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */ - return result; - } - -+ free(machine_name); -+ - if ((obj_tpm_add(tspContext, &hTpm))) - return TSPERR(TSS_E_INTERNAL_ERROR); - --- -1.8.3.1 - diff --git a/PATCH-Fix-uninitialized-memory-error.patch b/PATCH-Fix-uninitialized-memory-error.patch deleted file mode 100644 index d5bf993..0000000 --- a/PATCH-Fix-uninitialized-memory-error.patch +++ /dev/null @@ -1,32 +0,0 @@ -From ef1ecb823c0be68cd0bb5529d9f9578db9f2165e Mon Sep 17 00:00:00 2001 -From: "Hon Ching(Vicky) Lo" -Date: Thu, 8 Sep 2016 01:22:16 -0400 -Subject: [PATCH 24/28] [PATCH] Fix uninitialized memory error - -Fix access to uninitialized memory in src/tcsd/platform.c -platform_get_runlevel() Solaris implementation. Error found by -Parfait static code analyzer. - -Signed-off-by: Dan Anderson - -From https://sourceforge.net/p/trousers/trousers/ci/ef1ecb823c0be68cd0bb5529d9f9578db9f2165e ---- - src/tcsd/platform.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tcsd/platform.c b/src/tcsd/platform.c -index 8d7d96c..c9d5db0 100644 ---- a/src/tcsd/platform.c -+++ b/src/tcsd/platform.c -@@ -113,7 +113,7 @@ MUTEX_DECLARE_INIT(utmp_lock); - char - platform_get_runlevel() - { -- char runlevel; -+ char runlevel = 'u'; /* unknown run level */ - struct utmpx ut, *utp = NULL; - - MUTEX_LOCK(utmp_lock); --- -1.8.3.1 - diff --git a/Removed-misguided-attempt-to-free-memory-in-Tspi_Con.patch b/Removed-misguided-attempt-to-free-memory-in-Tspi_Con.patch deleted file mode 100644 index 8a6c485..0000000 --- a/Removed-misguided-attempt-to-free-memory-in-Tspi_Con.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 46c3fd98d1031d13aa3e56c3bf81bf681969238a Mon Sep 17 00:00:00 2001 -From: Krzysztof Kotlenga -Date: Mon, 3 Nov 2014 16:31:41 -0500 -Subject: [PATCH 09/28] Removed misguided attempt to free memory in - Tspi_Context_Close - -The docs and note in the code state that Tspi_Context_FreeMemory -should be called explicitly before calling Close. Currently it -does not free memory anyway, because Tspi_Context_FreeMemory will -refuse to work on an already closed context. - -Originally introduced in 6e789a06f34d51cd8c9da6138e17a5a8db35a129, -turned into no-op in 59af8e1b2d5537d82fce1d4990a880f7390fb248. - -From https://sourceforge.net/p/trousers/trousers/ci/46c3fd98d1031d13aa3e56c3bf81bf681969238a/ ---- - src/tspi/tspi_context.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c -index 786787f..fe9317b 100644 ---- a/src/tspi/tspi_context.c -+++ b/src/tspi/tspi_context.c -@@ -55,8 +55,6 @@ Tspi_Context_Close(TSS_HCONTEXT tspContext) /* in */ - /* Destroy all objects */ - obj_close_context(tspContext); - -- Tspi_Context_FreeMemory(tspContext, NULL); -- - /* close the ps file */ - PS_close(); - --- -1.8.3.1 - diff --git a/trousers-0.3.13-noinline.patch b/trousers-0.3.13-noinline.patch deleted file mode 100644 index da1b09c..0000000 --- a/trousers-0.3.13-noinline.patch +++ /dev/null @@ -1,70 +0,0 @@ -diff -up trousers-0.3.13/src/include/tcsps.h.noinline trousers-0.3.13/src/include/tcsps.h ---- trousers-0.3.13/src/include/tcsps.h.noinline 2014-04-24 20:05:44.000000000 +0200 -+++ trousers-0.3.13/src/include/tcsps.h 2015-05-26 16:36:20.685075185 +0200 -@@ -27,8 +27,8 @@ void ps_destroy(); - TSS_RESULT read_data(int, void *, UINT32); - TSS_RESULT write_data(int, void *, UINT32); - #else --inline TSS_RESULT read_data(int, void *, UINT32); --inline TSS_RESULT write_data(int, void *, UINT32); -+TSS_RESULT read_data(int, void *, UINT32); -+TSS_RESULT write_data(int, void *, UINT32); - #endif - int write_key_init(int, UINT32, UINT32, UINT32); - TSS_RESULT cache_key(UINT32, UINT16, TSS_UUID *, TSS_UUID *, UINT16, UINT32, UINT32); -diff -up trousers-0.3.13/src/include/tspps.h.noinline trousers-0.3.13/src/include/tspps.h ---- trousers-0.3.13/src/include/tspps.h.noinline 2014-04-24 20:05:44.000000000 +0200 -+++ trousers-0.3.13/src/include/tspps.h 2015-05-26 16:36:31.730325291 +0200 -@@ -18,8 +18,8 @@ - - TSS_RESULT get_file(int *); - int put_file(int); --inline TSS_RESULT read_data(int, void *, UINT32); --inline TSS_RESULT write_data(int, void *, UINT32); -+TSS_RESULT read_data(int, void *, UINT32); -+TSS_RESULT write_data(int, void *, UINT32); - UINT32 psfile_get_num_keys(int); - TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *); - TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *); -diff -up trousers-0.3.13/src/tcs/ps/ps_utils.c.noinline trousers-0.3.13/src/tcs/ps/ps_utils.c ---- trousers-0.3.13/src/tcs/ps/ps_utils.c.noinline 2014-04-24 20:05:44.000000000 +0200 -+++ trousers-0.3.13/src/tcs/ps/ps_utils.c 2015-05-26 16:38:33.626085483 +0200 -@@ -45,7 +45,7 @@ struct key_disk_cache *key_disk_cache_he - #ifdef SOLARIS - TSS_RESULT - #else --inline TSS_RESULT -+TSS_RESULT - #endif - read_data(int fd, void *data, UINT32 size) - { -@@ -67,7 +67,7 @@ read_data(int fd, void *data, UINT32 siz - #ifdef SOLARIS - TSS_RESULT - #else --inline TSS_RESULT -+TSS_RESULT - #endif - write_data(int fd, void *data, UINT32 size) - { -diff -up trousers-0.3.13/src/tspi/ps/ps_utils.c.noinline trousers-0.3.13/src/tspi/ps/ps_utils.c ---- trousers-0.3.13/src/tspi/ps/ps_utils.c.noinline 2014-04-24 20:05:44.000000000 +0200 -+++ trousers-0.3.13/src/tspi/ps/ps_utils.c 2015-05-26 16:39:30.881381965 +0200 -@@ -22,7 +22,7 @@ - #include "tspps.h" - #include "tsplog.h" - --inline TSS_RESULT -+TSS_RESULT - read_data(int fd, void *data, UINT32 size) - { - int rc; -@@ -39,7 +39,7 @@ read_data(int fd, void *data, UINT32 siz - return TSS_SUCCESS; - } - --inline TSS_RESULT -+TSS_RESULT - write_data(int fd, void *data, UINT32 size) - { - int rc; diff --git a/trousers-0.3.13.tar.gz b/trousers-0.3.13.tar.gz deleted file mode 100644 index 48d2e48..0000000 Binary files a/trousers-0.3.13.tar.gz and /dev/null differ diff --git a/trousers-0.3.14.tar.gz b/trousers-0.3.14.tar.gz new file mode 100644 index 0000000..3e26da1 Binary files /dev/null and b/trousers-0.3.14.tar.gz differ diff --git a/trousers-openssl1.1.patch b/trousers-openssl1.1.patch deleted file mode 100644 index 1fa2ebc..0000000 --- a/trousers-openssl1.1.patch +++ /dev/null @@ -1,448 +0,0 @@ -@@ -, +, @@ ---- - src/tcs/crypto/openssl/crypto.c | 15 ++++++--- - src/trspi/crypto/openssl/hash.c | 17 ++++++---- - src/trspi/crypto/openssl/rsa.c | 64 ++++++++++++++++++++++++++++++----- - src/trspi/crypto/openssl/symmetric.c | 65 +++++++++++++++++++++--------------- - 4 files changed, 115 insertions(+), 46 deletions(-) ---- a/src/tcs/crypto/openssl/crypto.c -+++ a/src/tcs/crypto/openssl/crypto.c -@@ -31,13 +31,17 @@ - TSS_RESULT - Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) - { -- EVP_MD_CTX md_ctx; -+ EVP_MD_CTX *md_ctx; - unsigned int result_size; - int rv; - -+ md_ctx = EVP_MD_CTX_new(); -+ if (md_ctx == NULL) -+ return TSPERR(TSS_E_OUTOFMEMORY); -+ - switch (HashType) { - case TSS_HASH_SHA1: -- rv = EVP_DigestInit(&md_ctx, EVP_sha1()); -+ rv = EVP_DigestInit(md_ctx, EVP_sha1()); - break; - default: - rv = TCSERR(TSS_E_BAD_PARAMETER); -@@ -50,19 +54,20 @@ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) - goto out; - } - -- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize); -+ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize); - if (rv != EVP_SUCCESS) { - rv = TCSERR(TSS_E_INTERNAL_ERROR); - goto out; - } - -- result_size = EVP_MD_CTX_size(&md_ctx); -- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size); -+ result_size = EVP_MD_CTX_size(md_ctx); -+ rv = EVP_DigestFinal(md_ctx, Digest, &result_size); - if (rv != EVP_SUCCESS) { - rv = TCSERR(TSS_E_INTERNAL_ERROR); - } else - rv = TSS_SUCCESS; - - out: -+ EVP_MD_CTX_free(md_ctx); - return rv; - } ---- a/src/trspi/crypto/openssl/hash.c -+++ a/src/trspi/crypto/openssl/hash.c -@@ -56,13 +56,17 @@ int MGF1(unsigned char *, long, const unsigned char *, long); - TSS_RESULT - Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) - { -- EVP_MD_CTX md_ctx; -+ EVP_MD_CTX *md_ctx; - unsigned int result_size; - int rv; - -+ md_ctx = EVP_MD_CTX_new(); -+ if (md_ctx == NULL) -+ return TSPERR(TSS_E_OUTOFMEMORY); -+ - switch (HashType) { - case TSS_HASH_SHA1: -- rv = EVP_DigestInit(&md_ctx, EVP_sha1()); -+ rv = EVP_DigestInit(md_ctx, EVP_sha1()); - break; - default: - rv = TSPERR(TSS_E_BAD_PARAMETER); -@@ -75,14 +79,14 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) - goto err; - } - -- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize); -+ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize); - if (rv != EVP_SUCCESS) { - rv = TSPERR(TSS_E_INTERNAL_ERROR); - goto err; - } - -- result_size = EVP_MD_CTX_size(&md_ctx); -- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size); -+ result_size = EVP_MD_CTX_size(md_ctx); -+ rv = EVP_DigestFinal(md_ctx, Digest, &result_size); - if (rv != EVP_SUCCESS) { - rv = TSPERR(TSS_E_INTERNAL_ERROR); - goto err; -@@ -94,6 +98,7 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) - err: - DEBUG_print_openssl_errors(); - out: -+ EVP_MD_CTX_free(md_ctx); - return rv; - } - -@@ -112,7 +117,7 @@ Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType) - break; - } - -- if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL) -+ if ((ctx->ctx = EVP_MD_CTX_new()) == NULL) - return TSPERR(TSS_E_OUTOFMEMORY); - - rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md); ---- a/src/trspi/crypto/openssl/rsa.c -+++ a/src/trspi/crypto/openssl/rsa.c -@@ -38,6 +38,25 @@ - #define DEBUG_print_openssl_errors() - #endif - -+#if OPENSSL_VERSION_NUMBER < 0x10100001L -+static int -+RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) -+{ -+ if (n != NULL) { -+ BN_free(r->n); -+ r->n = n; -+ } -+ if (e != NULL) { -+ BN_free(r->e); -+ r->e = e; -+ } -+ if (d != NULL) { -+ BN_free(r->d); -+ r->d = d; -+ } -+ return 1; -+} -+#endif - - /* - * Hopefully this will make the code clearer since -@@ -61,6 +80,7 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */ - RSA *rsa = RSA_new(); - BYTE encodedData[256]; - int encodedDataLen; -+ BIGNUM *rsa_n = NULL, *rsa_e = NULL; - - if (rsa == NULL) { - rv = TSPERR(TSS_E_OUTOFMEMORY); -@@ -68,12 +88,20 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */ - } - - /* set the public key value in the OpenSSL object */ -- rsa->n = BN_bin2bn(publicKey, keysize, rsa->n); -+ rsa_n = BN_bin2bn(publicKey, keysize, NULL); - /* set the public exponent */ -- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e); -+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL); - -- if (rsa->n == NULL || rsa->e == NULL) { -+ if (rsa_n == NULL || rsa_e == NULL) { - rv = TSPERR(TSS_E_OUTOFMEMORY); -+ BN_free(rsa_n); -+ BN_free(rsa_e); -+ goto err; -+ } -+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) { -+ rv = TSPERR(TSS_E_FAIL); -+ BN_free(rsa_n); -+ BN_free(rsa_e); - goto err; - } - -@@ -123,6 +151,7 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength, - unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */ - unsigned char buf[256]; - RSA *rsa = RSA_new(); -+ BIGNUM *rsa_n = NULL, *rsa_e = NULL; - - if (rsa == NULL) { - rv = TSPERR(TSS_E_OUTOFMEMORY); -@@ -146,12 +175,20 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength, - } - - /* set the public key value in the OpenSSL object */ -- rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n); -+ rsa_n = BN_bin2bn(pModulus, iKeyLength, NULL); - /* set the public exponent */ -- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e); -+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL); - -- if (rsa->n == NULL || rsa->e == NULL) { -+ if (rsa_n == NULL || rsa_e == NULL) { - rv = TSPERR(TSS_E_OUTOFMEMORY); -+ BN_free(rsa_n); -+ BN_free(rsa_e); -+ goto err; -+ } -+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) { -+ rv = TSPERR(TSS_E_FAIL); -+ BN_free(rsa_n); -+ BN_free(rsa_e); - goto err; - } - -@@ -195,6 +232,7 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen, - int rv, e_size = 3; - unsigned char exp[] = { 0x01, 0x00, 0x01 }; - RSA *rsa = RSA_new(); -+ BIGNUM *rsa_n = NULL, *rsa_e = NULL; - - if (rsa == NULL) { - rv = TSPERR(TSS_E_OUTOFMEMORY); -@@ -237,12 +275,20 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen, - } - - /* set the public key value in the OpenSSL object */ -- rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n); -+ rsa_n = BN_bin2bn(pubkey, pubsize, NULL); - /* set the public exponent */ -- rsa->e = BN_bin2bn(exp, e_size, rsa->e); -+ rsa_e = BN_bin2bn(exp, e_size, NULL); - -- if (rsa->n == NULL || rsa->e == NULL) { -+ if (rsa_n == NULL || rsa_e == NULL) { - rv = TSPERR(TSS_E_OUTOFMEMORY); -+ BN_free(rsa_n); -+ BN_free(rsa_e); -+ goto err; -+ } -+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) { -+ rv = TSPERR(TSS_E_FAIL); -+ BN_free(rsa_n); -+ BN_free(rsa_e); - goto err; - } - ---- a/src/trspi/crypto/openssl/symmetric.c -+++ a/src/trspi/crypto/openssl/symmetric.c -@@ -52,7 +52,7 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, - UINT32 *out_len) - { - TSS_RESULT result = TSS_SUCCESS; -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx = NULL; - UINT32 tmp; - - switch (alg) { -@@ -64,33 +64,37 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, - break; - } - -- EVP_CIPHER_CTX_init(&ctx); -+ ctx = EVP_CIPHER_CTX_new(); -+ if (ctx == NULL) { -+ result = TSPERR(TSS_E_OUTOFMEMORY); -+ goto done; -+ } - -- if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) { -+ if (!EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; - } - -- if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) { -+ if (*out_len < in_len + EVP_CIPHER_CTX_block_size(ctx) - 1) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - goto done; - } - -- if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) { -+ if (!EVP_EncryptUpdate(ctx, out, (int *)out_len, in, in_len)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; - } - -- if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) { -+ if (!EVP_EncryptFinal(ctx, out + *out_len, (int *)&tmp)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; - } - *out_len += tmp; - done: -- EVP_CIPHER_CTX_cleanup(&ctx); -+ EVP_CIPHER_CTX_free(ctx); - return result; - } - -@@ -99,7 +103,7 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, - UINT32 *out_len) - { - TSS_RESULT result = TSS_SUCCESS; -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx = NULL; - UINT32 tmp; - - switch (alg) { -@@ -111,28 +115,32 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, - break; - } - -- EVP_CIPHER_CTX_init(&ctx); -+ ctx = EVP_CIPHER_CTX_new(); -+ if (ctx == NULL) { -+ result = TSPERR(TSS_E_OUTOFMEMORY); -+ goto done; -+ } - -- if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) { -+ if (!EVP_DecryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; - } - -- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) { -+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, in, in_len)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; - } - -- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) { -+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; - } - *out_len += tmp; - done: -- EVP_CIPHER_CTX_cleanup(&ctx); -+ EVP_CIPHER_CTX_free(ctx); - return result; - } - -@@ -255,7 +263,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 - UINT32 *out_len) - { - TSS_RESULT result = TSS_SUCCESS; -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx; - EVP_CIPHER *cipher; - BYTE *def_iv = NULL, *outiv_ptr; - UINT32 tmp; -@@ -269,7 +277,9 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 - if ((cipher = get_openssl_cipher(alg, mode)) == NULL) - return TSPERR(TSS_E_INTERNAL_ERROR); - -- EVP_CIPHER_CTX_init(&ctx); -+ ctx = EVP_CIPHER_CTX_new(); -+ if (ctx == NULL) -+ return TSPERR(TSS_E_OUTOFMEMORY); - - /* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */ - iv_len = EVP_CIPHER_iv_length(cipher); -@@ -289,25 +299,25 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 - outiv_ptr = out; - } - -- if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) { -+ if (!EVP_EncryptInit(ctx, (const EVP_CIPHER *)cipher, key, def_iv)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; - } - -- if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) { -+ if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(ctx) * 2) - 1) { - LogDebug("Not enough space to do symmetric encryption"); - result = TSPERR(TSS_E_INTERNAL_ERROR); - goto done; - } - -- if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) { -+ if (!EVP_EncryptUpdate(ctx, outiv_ptr, &outiv_len, in, in_len)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; - } - -- if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) { -+ if (!EVP_EncryptFinal(ctx, outiv_ptr + outiv_len, (int *)&tmp)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; -@@ -320,7 +330,7 @@ done: - *out_len += iv_len; - free(def_iv); - } -- EVP_CIPHER_CTX_cleanup(&ctx); -+ EVP_CIPHER_CTX_free(ctx); - return result; - } - -@@ -329,7 +339,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 - UINT32 *out_len) - { - TSS_RESULT result = TSS_SUCCESS; -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx = NULL; - EVP_CIPHER *cipher; - BYTE *def_iv = NULL, *iniv_ptr; - UINT32 tmp; -@@ -341,7 +351,10 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 - if ((cipher = get_openssl_cipher(alg, mode)) == NULL) - return TSPERR(TSS_E_INTERNAL_ERROR); - -- EVP_CIPHER_CTX_init(&ctx); -+ ctx = EVP_CIPHER_CTX_new(); -+ if (ctx == NULL) { -+ return TSPERR(TSS_E_OUTOFMEMORY); -+ } - - /* If the iv is NULL, assume that its prepended to the ciphertext */ - if (iv == NULL) { -@@ -361,19 +374,19 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 - iniv_len = in_len; - } - -- if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) { -+ if (!EVP_DecryptInit(ctx, cipher, key, def_iv)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; - } - -- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) { -+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, iniv_ptr, iniv_len)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; - } - -- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) { -+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) { - result = TSPERR(TSS_E_INTERNAL_ERROR); - DEBUG_print_openssl_errors(); - goto done; -@@ -383,6 +396,6 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 - done: - if (def_iv != iv) - free(def_iv); -- EVP_CIPHER_CTX_cleanup(&ctx); -+ EVP_CIPHER_CTX_free(ctx); - return result; - } --- diff --git a/trousers.spec b/trousers.spec index 21c07de..7d2c62f 100644 --- a/trousers.spec +++ b/trousers.spec @@ -1,31 +1,19 @@ Name: trousers -Version: 0.3.13 -Release: 12 +Version: 0.3.14 +Release: 1 Summary: The open-source TCG Software Stack License: BSD Url: http://trousers.sourceforge.net -Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz +Source0: https://sourceforge.net/projects/trousers/files/trousers/0.3.14/trousers-0.3.14.tar.gz #Acknowledge Source1 from Fedora. Source1: tcsd.service -#Acknowledge Patch1 & Patch2 from Fedora. -Patch0001: trousers-0.3.13-noinline.patch -Patch0002: trousers-openssl1.1.patch - -Patch9000: Fixed-incorrect-check-of-the-result-of-getpeername-2.patch -Patch9001: Fixed-the-wrong-type-used-while-comparing-IPv4-addre.patch -Patch9002: Fixed-the-wrong-type-used-while-comparing-IPv6-addre.patch -Patch9003: Fixed-failure-to-recognise-connections-from-localhos.patch -Patch9004: Removed-misguided-attempt-to-free-memory-in-Tspi_Con.patch -Patch9005: Fixed-possible-double-free-when-freeing-context-memo.patch -Patch9006: PATCH-Fix-memory-leak-in-Tspi_Context_Connect.patch -Patch9007: PATCH-Fix-more-memory-leaks-in-Tspi_Context_Connect.patch -Patch9008: PATCH-Fix-uninitialized-memory-error.patch BuildRequires: libtool openssl-devel systemd -Requires: shadow-utils systemd-units +Requires: shadow systemd Provides: trousers-lib Obsoletes: trousers-lib + %description Trousers is an Trusted Computing Software Stack. By using trousers you can develop applications based on the Trusted Platform Module(TPM). The @@ -43,15 +31,7 @@ Obsoletes: trousers-static %description devel Includes header files, static library and other development files using trousers. -%package help -Summary: Documents for trousers - -%description help -Man pages and other related documents. - - - - +%package_help %prep %autosetup -n %{name}-%{version} -p1 @@ -64,7 +44,7 @@ Man pages and other related documents. %install mkdir -p %{buildroot}/%{_localstatedir}/lib/tpm %make_install -rm -f %{buildroot}/%{_libdir}/libtspi.la +%delete_la mkdir -p %{buildroot}%{_unitdir} install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/ @@ -82,7 +62,7 @@ install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/ /sbin/ldconfig %files -%doc README ChangeLog +%doc README ChangeLog AUTHORS %license LICENSE %{_sbindir}/tcsd %config(noreplace) %attr(0600, tss, tss) %{_sysconfdir}/tcsd.conf @@ -103,9 +83,9 @@ install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/ %{_mandir}/man8/* - - - %changelog +* Mon Oct 14 2019 openEuler Buildteam - 1.9.8-1 +- update to 0.3.13 + * Wed Sep 4 2019 Zaiwang Li - 0.3.13-12 - Init package