packages/trousers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update code

Browse Source
This commit is contained in:
zhuchunyi 2019-11-06 19:54:47 +08:00
parent a246a23a23
commit 24d7849059
14 changed files with 11 additions and 861 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
Fixed-failure-to-recognise-connections-from-localhos.patch
View File

@ -1,38 +0,0 @@
From d74889b409a52636cc831e283be7fdc1eda8dff4 Mon Sep 17 00:00:00 2001
From: Vadim Penzin <vadimp@users.sf.net>
Date: Tue, 28 Oct 2014 23:07:49 -0400
Subject: [PATCH 06/28] Fixed failure to recognise connections from localhost
over IPv6
Misplaced closing curly bracket makes check for ::1 a dead code.
The attached patch fixes this issue.
From https://sourceforge.net/p/trousers/trousers/ci/96a3a67e5ac023aaf8932ec8ac769a04523bd984/
---
src/tcs/rpc/tcstp/rpc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c
index 08deb84..cc8a085 100644
--- a/src/tcs/rpc/tcstp/rpc.c
+++ b/src/tcs/rpc/tcstp/rpc.c
@@ -540,6 +540,7 @@ access_control(struct tcsd_thread_data *thread_data)
if (memcmp(&sa_in->sin_addr.s_addr, &nloopaddr,
sizeof(in_addr_t)) == 0)
is_localhost = 1;
+ }
else if (sa->sa_family == AF_INET6) {
struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa;
if (memcmp(&sa_in6->sin6_addr.s6_addr, &in6addr_loopback,
@@ -551,7 +552,7 @@ access_control(struct tcsd_thread_data *thread_data)
* approve it */
if (is_localhost)
return 0;
- } else {
+ else {
while (tcsd_options.remote_ops[i]) {
if ((UINT32)tcsd_options.remote_ops[i] == thread_data->comm.hdr.u.ordinal) {
LogInfo("Accepted %s operation from %s",
--
1.8.3.1

27
Fixed-incorrect-check-of-the-result-of-getpeername-2.patch
View File

@ -1,27 +0,0 @@
From 104dc8e665c8b7f1f397b8dfbec4c3060ef12a0c Mon Sep 17 00:00:00 2001
From: Vadim Penzin <vadimp@users.sf.net>
Date: Tue, 28 Oct 2014 18:09:26 -0400
Subject: [PATCH 03/28] Fixed incorrect check of the result of getpeername(2)
From https://sourceforge.net/p/trousers/trousers/ci/104dc8e665c8b7f1f397b8dfbec4c3060ef12a0c/
---
src/tcs/rpc/tcstp/rpc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c
index 0fc7e83..a235a84 100644
--- a/src/tcs/rpc/tcstp/rpc.c
+++ b/src/tcs/rpc/tcstp/rpc.c
@@ -524,7 +524,8 @@ access_control(struct tcsd_thread_data *thread_data)
struct sockaddr *sa;
socklen_t sas_len = sizeof(sas);
- if (!getpeername(thread_data->sock, (struct sockaddr *)&sas, &sas_len)) {
+ if (getpeername(thread_data->sock, (struct sockaddr *)&sas,
+ &sas_len) == -1) {
LogError("Error retrieving local socket address: %s", strerror(errno));
return 1;
}
--
1.8.3.1

29
Fixed-possible-double-free-when-freeing-context-memo.patch
View File

@ -1,29 +0,0 @@
From 0317141799e03798d42a42cf84d7680159d63df3 Mon Sep 17 00:00:00 2001
From: Krzysztof Kotlenga <k.kotlenga@sims.pl>
Date: Wed, 5 Nov 2014 18:02:01 -0500
Subject: [PATCH 10/28] Fixed possible double free when freeing context memory
Use the right free call or else it will crash when freeing context
memory and an owner evict key has been loaded.
From https://sourceforge.net/p/trousers/trousers/ci/0317141799e03798d42a42cf84d7680159d63df3
---
src/tspi/tspi_ps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tspi/tspi_ps.c b/src/tspi/tspi_ps.c
index bde3e53..237fadf 100644
--- a/src/tspi/tspi_ps.c
+++ b/src/tspi/tspi_ps.c
@@ -107,7 +107,7 @@ Tspi_Context_LoadKeyByUUID(TSS_HCONTEXT tspContext, /* in */
result = obj_rsakey_set_pubkey(*phKey, FALSE, rgbPubKey);
- free(rgbPubKey);
+ free_tspi(tspContext,rgbPubKey);
if (result != TSS_SUCCESS)
return result;
} else {
--
1.8.3.1

38
Fixed-the-wrong-type-used-while-comparing-IPv4-addre.patch
View File

@ -1,38 +0,0 @@
From b236ece1136ede77435f7af80b60a05e175678c6 Mon Sep 17 00:00:00 2001
From: Vadim Penzin <vadimp@users.sf.net>
Date: Tue, 28 Oct 2014 22:25:41 -0400
Subject: [PATCH 04/28] Fixed the wrong type used while comparing IPv4
addresses
src/tcs/rpc/tcstp/rpc.c:access_control() checks if peer's address is
INADDR_LOOPBACK. There are two issues with the current code:
1. For correctness, in_addr_t should be used instead of uint32_t.
2. memcmp(3) is passed sizeof(struct sockaddr_in) that is larger than
sizeof(in_add_r) (or sizeof(uin32_t) for that matter), so the call
always fails.
From https://sourceforge.net/p/trousers/trousers/ci/b236ece1136ede77435f7af80b60a05e175678c6/
---
src/tcs/rpc/tcstp/rpc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c
index a235a84..1573a8a 100644
--- a/src/tcs/rpc/tcstp/rpc.c
+++ b/src/tcs/rpc/tcstp/rpc.c
@@ -536,9 +536,9 @@ access_control(struct tcsd_thread_data *thread_data)
// Check if it's localhost for both inet protocols
if (sa->sa_family == AF_INET) {
struct sockaddr_in *sa_in = (struct sockaddr_in *)sa;
- uint32_t nloopaddr = htonl(INADDR_LOOPBACK);
+ in_addr_t nloopaddr = htonl(INADDR_LOOPBACK);
if (memcmp(&sa_in->sin_addr.s_addr, &nloopaddr,
- sizeof(struct sockaddr_in)) == 0)
+ sizeof(in_addr_t)) == 0)
is_localhost = 1;
else if (sa->sa_family == AF_INET6) {
struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa;
--
1.8.3.1

31
Fixed-the-wrong-type-used-while-comparing-IPv6-addre.patch
View File

@ -1,31 +0,0 @@
From 802563fd38d10a9233aa60ac5ac50ae3bd15a7ad Mon Sep 17 00:00:00 2001
From: Vadim Penzin <vadimp@users.sf.net>
Date: Tue, 28 Oct 2014 22:53:28 -0400
Subject: [PATCH 05/28] Fixed the wrong type used while comparing IPv6
addresses
src/tcs/rpc/tcstp/rpc.c:access_control() checks if peer's address
is in6addr_loopback. memcmp(3) is passed sizeof(struct sockaddr_in6)
that is larger than sizeof(struct in6_addr), so the call always fails.
From https://sourceforge.net/p/trousers/trousers/ci/802563fd38d10a9233aa60ac5ac50ae3bd15a7ad/
---
src/tcs/rpc/tcstp/rpc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c
index 1573a8a..08deb84 100644
--- a/src/tcs/rpc/tcstp/rpc.c
+++ b/src/tcs/rpc/tcstp/rpc.c
@@ -543,7 +543,7 @@ access_control(struct tcsd_thread_data *thread_data)
else if (sa->sa_family == AF_INET6) {
struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa;
if (memcmp(&sa_in6->sin6_addr.s6_addr, &in6addr_loopback,
- sizeof(struct sockaddr_in6)) == 0)
+ sizeof(struct in6_addr)) == 0)
is_localhost = 1;
}
--
1.8.3.1

37
PATCH-Fix-memory-leak-in-Tspi_Context_Connect.patch
View File

@ -1,37 +0,0 @@
From a09a0fd1a06714bae8d2febe2b637b6ed46cde1f Mon Sep 17 00:00:00 2001
From: "Hon Ching(Vicky) Lo" <honclo@linux.vnet.ibm.com>
Date: Wed, 7 Sep 2016 21:57:17 -0400
Subject: [PATCH 22/28] [PATCH] Fix memory leak in Tspi_Context_Connect
Should (wszDestination != NULL) and (RPC_OpenContext OR
obj_context_set_machine_name) fail, machine_name is leaked.
Signed-off-by: Chads <cjschr@users.sourceforge.net>
Reviewed-by: Hon Ching(Vicky) Lo <honclo@linux.vnet.ibm.com>
From https://sourceforge.net/p/trousers/trousers/ci/a09a0fd1a06714bae8d2febe2b637b6ed46cde1f
---
src/tspi/tspi_context.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c
index 6c6ad56..93ce3ed 100644
--- a/src/tspi/tspi_context.c
+++ b/src/tspi/tspi_context.c
@@ -89,9 +89,11 @@ Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */
}
if ((result = RPC_OpenContext(tspContext, machine_name,
- CONNECTION_TYPE_TCP_PERSISTANT)))
+ CONNECTION_TYPE_TCP_PERSISTANT))) {
+ free(machine_name);
return result;
-
+ }
+ free(machine_name);
if ((result = obj_context_set_machine_name(tspContext, machine_name,
strlen((char *)machine_name)+1)))
return result;
--
1.8.3.1

45
PATCH-Fix-more-memory-leaks-in-Tspi_Context_Connect.patch
View File

@ -1,45 +0,0 @@
From 21d3ca10d52ffadf5abcf57edc52a16d22975c8d Mon Sep 17 00:00:00 2001
From: "Hon Ching(Vicky) Lo" <honclo@linux.vnet.ibm.com>
Date: Wed, 7 Sep 2016 22:11:00 -0400
Subject: [PATCH 23/28] [PATCH] Fix more memory leaks in Tspi_Context_Connect
obj_context_get_machine_name allocated memory for the 'machine_name'.
'machine_name' needs to be freed inside the IF-block of the function,
regardless whether RPC_OpenContext succeeds or fails.
Signed-off-by: Hon Ching(Vicky) Lo <honclo@linux.vnet.ibm.com>
From https://sourceforge.net/p/trousers/trousers/ci/21d3ca10d52ffadf5abcf57edc52a16d22975c8d
---
src/tspi/tspi_context.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c
index 93ce3ed..f3e05cf 100644
--- a/src/tspi/tspi_context.c
+++ b/src/tspi/tspi_context.c
@@ -79,8 +79,11 @@ Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */
return result;
if ((result = RPC_OpenContext(tspContext, machine_name,
- CONNECTION_TYPE_TCP_PERSISTANT)))
+ CONNECTION_TYPE_TCP_PERSISTANT))) {
+ free(machine_name);
return result;
+ }
+
} else {
if ((machine_name =
Trspi_UNICODE_To_Native((BYTE *)wszDestination, NULL)) == NULL) {
@@ -99,6 +102,8 @@ Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */
return result;
}
+ free(machine_name);
+
if ((obj_tpm_add(tspContext, &hTpm)))
return TSPERR(TSS_E_INTERNAL_ERROR);
--
1.8.3.1

32
PATCH-Fix-uninitialized-memory-error.patch
View File

@ -1,32 +0,0 @@
From ef1ecb823c0be68cd0bb5529d9f9578db9f2165e Mon Sep 17 00:00:00 2001
From: "Hon Ching(Vicky) Lo" <honclo@linux.vnet.ibm.com>
Date: Thu, 8 Sep 2016 01:22:16 -0400
Subject: [PATCH 24/28] [PATCH] Fix uninitialized memory error
Fix access to uninitialized memory in src/tcsd/platform.c
platform_get_runlevel() Solaris implementation. Error found by
Parfait static code analyzer.
Signed-off-by: Dan Anderson <dananderson8@users.sourceforge.net>
From https://sourceforge.net/p/trousers/trousers/ci/ef1ecb823c0be68cd0bb5529d9f9578db9f2165e
---
src/tcsd/platform.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tcsd/platform.c b/src/tcsd/platform.c
index 8d7d96c..c9d5db0 100644
--- a/src/tcsd/platform.c
+++ b/src/tcsd/platform.c
@@ -113,7 +113,7 @@ MUTEX_DECLARE_INIT(utmp_lock);
char
platform_get_runlevel()
{
- char runlevel;
+ char runlevel = 'u'; /* unknown run level */
struct utmpx ut, *utp = NULL;
MUTEX_LOCK(utmp_lock);
--
1.8.3.1

35
Removed-misguided-attempt-to-free-memory-in-Tspi_Con.patch
View File

@ -1,35 +0,0 @@
From 46c3fd98d1031d13aa3e56c3bf81bf681969238a Mon Sep 17 00:00:00 2001
From: Krzysztof Kotlenga <k.kotlenga@sims.pl>
Date: Mon, 3 Nov 2014 16:31:41 -0500
Subject: [PATCH 09/28] Removed misguided attempt to free memory in
Tspi_Context_Close
The docs and note in the code state that Tspi_Context_FreeMemory
should be called explicitly before calling Close. Currently it
does not free memory anyway, because Tspi_Context_FreeMemory will
refuse to work on an already closed context.
Originally introduced in 6e789a06f34d51cd8c9da6138e17a5a8db35a129,
turned into no-op in 59af8e1b2d5537d82fce1d4990a880f7390fb248.
From https://sourceforge.net/p/trousers/trousers/ci/46c3fd98d1031d13aa3e56c3bf81bf681969238a/
---
src/tspi/tspi_context.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c
index 786787f..fe9317b 100644
--- a/src/tspi/tspi_context.c
+++ b/src/tspi/tspi_context.c
@@ -55,8 +55,6 @@ Tspi_Context_Close(TSS_HCONTEXT tspContext) /* in */
/* Destroy all objects */
obj_close_context(tspContext);
- Tspi_Context_FreeMemory(tspContext, NULL);
-
/* close the ps file */
PS_close();
--
1.8.3.1

70
trousers-0.3.13-noinline.patch
View File

@ -1,70 +0,0 @@
diff -up trousers-0.3.13/src/include/tcsps.h.noinline trousers-0.3.13/src/include/tcsps.h
--- trousers-0.3.13/src/include/tcsps.h.noinline 2014-04-24 20:05:44.000000000 +0200
+++ trousers-0.3.13/src/include/tcsps.h 2015-05-26 16:36:20.685075185 +0200
@@ -27,8 +27,8 @@ void ps_destroy();
TSS_RESULT read_data(int, void *, UINT32);
TSS_RESULT write_data(int, void *, UINT32);
#else
-inline TSS_RESULT read_data(int, void *, UINT32);
-inline TSS_RESULT write_data(int, void *, UINT32);
+TSS_RESULT read_data(int, void *, UINT32);
+TSS_RESULT write_data(int, void *, UINT32);
#endif
int write_key_init(int, UINT32, UINT32, UINT32);
TSS_RESULT cache_key(UINT32, UINT16, TSS_UUID *, TSS_UUID *, UINT16, UINT32, UINT32);
diff -up trousers-0.3.13/src/include/tspps.h.noinline trousers-0.3.13/src/include/tspps.h
--- trousers-0.3.13/src/include/tspps.h.noinline 2014-04-24 20:05:44.000000000 +0200
+++ trousers-0.3.13/src/include/tspps.h 2015-05-26 16:36:31.730325291 +0200
@@ -18,8 +18,8 @@
TSS_RESULT get_file(int *);
int put_file(int);
-inline TSS_RESULT read_data(int, void *, UINT32);
-inline TSS_RESULT write_data(int, void *, UINT32);
+TSS_RESULT read_data(int, void *, UINT32);
+TSS_RESULT write_data(int, void *, UINT32);
UINT32 psfile_get_num_keys(int);
TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *);
TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *);
diff -up trousers-0.3.13/src/tcs/ps/ps_utils.c.noinline trousers-0.3.13/src/tcs/ps/ps_utils.c
--- trousers-0.3.13/src/tcs/ps/ps_utils.c.noinline 2014-04-24 20:05:44.000000000 +0200
+++ trousers-0.3.13/src/tcs/ps/ps_utils.c 2015-05-26 16:38:33.626085483 +0200
@@ -45,7 +45,7 @@ struct key_disk_cache *key_disk_cache_he
#ifdef SOLARIS
TSS_RESULT
#else
-inline TSS_RESULT
+TSS_RESULT
#endif
read_data(int fd, void *data, UINT32 size)
{
@@ -67,7 +67,7 @@ read_data(int fd, void *data, UINT32 siz
#ifdef SOLARIS
TSS_RESULT
#else
-inline TSS_RESULT
+TSS_RESULT
#endif
write_data(int fd, void *data, UINT32 size)
{
diff -up trousers-0.3.13/src/tspi/ps/ps_utils.c.noinline trousers-0.3.13/src/tspi/ps/ps_utils.c
--- trousers-0.3.13/src/tspi/ps/ps_utils.c.noinline 2014-04-24 20:05:44.000000000 +0200
+++ trousers-0.3.13/src/tspi/ps/ps_utils.c 2015-05-26 16:39:30.881381965 +0200
@@ -22,7 +22,7 @@
#include "tspps.h"
#include "tsplog.h"
-inline TSS_RESULT
+TSS_RESULT
read_data(int fd, void *data, UINT32 size)
{
int rc;
@@ -39,7 +39,7 @@ read_data(int fd, void *data, UINT32 siz
return TSS_SUCCESS;
}
-inline TSS_RESULT
+TSS_RESULT
write_data(int fd, void *data, UINT32 size)
{
int rc;

BIN
trousers-0.3.13.tar.gz
View File

Binary file not shown.

BIN
trousers-0.3.14.tar.gz Normal file
View File

Binary file not shown.

448
trousers-openssl1.1.patch
View File

@ -1,448 +0,0 @@
@@ -, +, @@
---
src/tcs/crypto/openssl/crypto.c | 15 ++++++---
src/trspi/crypto/openssl/hash.c | 17 ++++++----
src/trspi/crypto/openssl/rsa.c | 64 ++++++++++++++++++++++++++++++-----
src/trspi/crypto/openssl/symmetric.c | 65 +++++++++++++++++++++---------------
4 files changed, 115 insertions(+), 46 deletions(-)
--- a/src/tcs/crypto/openssl/crypto.c
+++ a/src/tcs/crypto/openssl/crypto.c
@@ -31,13 +31,17 @@
TSS_RESULT
Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
{
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
unsigned int result_size;
int rv;
+ md_ctx = EVP_MD_CTX_new();
+ if (md_ctx == NULL)
+ return TSPERR(TSS_E_OUTOFMEMORY);
+
switch (HashType) {
case TSS_HASH_SHA1:
- rv = EVP_DigestInit(&md_ctx, EVP_sha1());
+ rv = EVP_DigestInit(md_ctx, EVP_sha1());
break;
default:
rv = TCSERR(TSS_E_BAD_PARAMETER);
@@ -50,19 +54,20 @@ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
goto out;
}
- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
+ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
if (rv != EVP_SUCCESS) {
rv = TCSERR(TSS_E_INTERNAL_ERROR);
goto out;
}
- result_size = EVP_MD_CTX_size(&md_ctx);
- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
+ result_size = EVP_MD_CTX_size(md_ctx);
+ rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
if (rv != EVP_SUCCESS) {
rv = TCSERR(TSS_E_INTERNAL_ERROR);
} else
rv = TSS_SUCCESS;
out:
+ EVP_MD_CTX_free(md_ctx);
return rv;
}
--- a/src/trspi/crypto/openssl/hash.c
+++ a/src/trspi/crypto/openssl/hash.c
@@ -56,13 +56,17 @@ int MGF1(unsigned char *, long, const unsigned char *, long);
TSS_RESULT
Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
{
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
unsigned int result_size;
int rv;
+ md_ctx = EVP_MD_CTX_new();
+ if (md_ctx == NULL)
+ return TSPERR(TSS_E_OUTOFMEMORY);
+
switch (HashType) {
case TSS_HASH_SHA1:
- rv = EVP_DigestInit(&md_ctx, EVP_sha1());
+ rv = EVP_DigestInit(md_ctx, EVP_sha1());
break;
default:
rv = TSPERR(TSS_E_BAD_PARAMETER);
@@ -75,14 +79,14 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
goto err;
}
- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
+ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
if (rv != EVP_SUCCESS) {
rv = TSPERR(TSS_E_INTERNAL_ERROR);
goto err;
}
- result_size = EVP_MD_CTX_size(&md_ctx);
- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
+ result_size = EVP_MD_CTX_size(md_ctx);
+ rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
if (rv != EVP_SUCCESS) {
rv = TSPERR(TSS_E_INTERNAL_ERROR);
goto err;
@@ -94,6 +98,7 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
err:
DEBUG_print_openssl_errors();
out:
+ EVP_MD_CTX_free(md_ctx);
return rv;
}
@@ -112,7 +117,7 @@ Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType)
break;
}
- if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL)
+ if ((ctx->ctx = EVP_MD_CTX_new()) == NULL)
return TSPERR(TSS_E_OUTOFMEMORY);
rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md);
--- a/src/trspi/crypto/openssl/rsa.c
+++ a/src/trspi/crypto/openssl/rsa.c
@@ -38,6 +38,25 @@
#define DEBUG_print_openssl_errors()
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100001L
+static int
+RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+ if (n != NULL) {
+ BN_free(r->n);
+ r->n = n;
+ }
+ if (e != NULL) {
+ BN_free(r->e);
+ r->e = e;
+ }
+ if (d != NULL) {
+ BN_free(r->d);
+ r->d = d;
+ }
+ return 1;
+}
+#endif
/*
* Hopefully this will make the code clearer since
@@ -61,6 +80,7 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
RSA *rsa = RSA_new();
BYTE encodedData[256];
int encodedDataLen;
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -68,12 +88,20 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(publicKey, keysize, rsa->n);
+ rsa_n = BN_bin2bn(publicKey, keysize, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
@@ -123,6 +151,7 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */
unsigned char buf[256];
RSA *rsa = RSA_new();
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -146,12 +175,20 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n);
+ rsa_n = BN_bin2bn(pModulus, iKeyLength, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
+ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
@@ -195,6 +232,7 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
int rv, e_size = 3;
unsigned char exp[] = { 0x01, 0x00, 0x01 };
RSA *rsa = RSA_new();
+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
if (rsa == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -237,12 +275,20 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
}
/* set the public key value in the OpenSSL object */
- rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n);
+ rsa_n = BN_bin2bn(pubkey, pubsize, NULL);
/* set the public exponent */
- rsa->e = BN_bin2bn(exp, e_size, rsa->e);
+ rsa_e = BN_bin2bn(exp, e_size, NULL);
- if (rsa->n == NULL || rsa->e == NULL) {
+ if (rsa_n == NULL || rsa_e == NULL) {
rv = TSPERR(TSS_E_OUTOFMEMORY);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
+ goto err;
+ }
+ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
+ rv = TSPERR(TSS_E_FAIL);
+ BN_free(rsa_n);
+ BN_free(rsa_e);
goto err;
}
--- a/src/trspi/crypto/openssl/symmetric.c
+++ a/src/trspi/crypto/openssl/symmetric.c
@@ -52,7 +52,7 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
UINT32 tmp;
switch (alg) {
@@ -64,33 +64,37 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
break;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ result = TSPERR(TSS_E_OUTOFMEMORY);
+ goto done;
+ }
- if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
+ if (!EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) {
+ if (*out_len < in_len + EVP_CIPHER_CTX_block_size(ctx) - 1) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
goto done;
}
- if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
+ if (!EVP_EncryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_EncryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
*out_len += tmp;
done:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -99,7 +103,7 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
UINT32 tmp;
switch (alg) {
@@ -111,28 +115,32 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
break;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ result = TSPERR(TSS_E_OUTOFMEMORY);
+ goto done;
+ }
- if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
+ if (!EVP_DecryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
*out_len += tmp;
done:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -255,7 +263,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
EVP_CIPHER *cipher;
BYTE *def_iv = NULL, *outiv_ptr;
UINT32 tmp;
@@ -269,7 +277,9 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
return TSPERR(TSS_E_INTERNAL_ERROR);
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL)
+ return TSPERR(TSS_E_OUTOFMEMORY);
/* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */
iv_len = EVP_CIPHER_iv_length(cipher);
@@ -289,25 +299,25 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
outiv_ptr = out;
}
- if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
+ if (!EVP_EncryptInit(ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) {
+ if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(ctx) * 2) - 1) {
LogDebug("Not enough space to do symmetric encryption");
result = TSPERR(TSS_E_INTERNAL_ERROR);
goto done;
}
- if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) {
+ if (!EVP_EncryptUpdate(ctx, outiv_ptr, &outiv_len, in, in_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
+ if (!EVP_EncryptFinal(ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
@@ -320,7 +330,7 @@ done:
*out_len += iv_len;
free(def_iv);
}
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
@@ -329,7 +339,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
UINT32 *out_len)
{
TSS_RESULT result = TSS_SUCCESS;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER *cipher;
BYTE *def_iv = NULL, *iniv_ptr;
UINT32 tmp;
@@ -341,7 +351,10 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
return TSPERR(TSS_E_INTERNAL_ERROR);
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ return TSPERR(TSS_E_OUTOFMEMORY);
+ }
/* If the iv is NULL, assume that its prepended to the ciphertext */
if (iv == NULL) {
@@ -361,19 +374,19 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
iniv_len = in_len;
}
- if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) {
+ if (!EVP_DecryptInit(ctx, cipher, key, def_iv)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
+ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
}
- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
+ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
result = TSPERR(TSS_E_INTERNAL_ERROR);
DEBUG_print_openssl_errors();
goto done;
@@ -383,6 +396,6 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
done:
if (def_iv != iv)
free(def_iv);
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return result;
}
--

42
trousers.spec
View File

@ -1,31 +1,19 @@
Name: trousers
Version: 0.3.13
Release: 12
Version: 0.3.14
Release: 1
Summary: The open-source TCG Software Stack
License: BSD
Url: http://trousers.sourceforge.net
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Source0: https://sourceforge.net/projects/trousers/files/trousers/0.3.14/trousers-0.3.14.tar.gz
#Acknowledge Source1 from Fedora.
Source1: tcsd.service
#Acknowledge Patch1 & Patch2 from Fedora.
Patch0001: trousers-0.3.13-noinline.patch
Patch0002: trousers-openssl1.1.patch
Patch9000: Fixed-incorrect-check-of-the-result-of-getpeername-2.patch
Patch9001: Fixed-the-wrong-type-used-while-comparing-IPv4-addre.patch
Patch9002: Fixed-the-wrong-type-used-while-comparing-IPv6-addre.patch
Patch9003: Fixed-failure-to-recognise-connections-from-localhos.patch
Patch9004: Removed-misguided-attempt-to-free-memory-in-Tspi_Con.patch
Patch9005: Fixed-possible-double-free-when-freeing-context-memo.patch
Patch9006: PATCH-Fix-memory-leak-in-Tspi_Context_Connect.patch
Patch9007: PATCH-Fix-more-memory-leaks-in-Tspi_Context_Connect.patch
Patch9008: PATCH-Fix-uninitialized-memory-error.patch
BuildRequires: libtool openssl-devel systemd
Requires: shadow-utils systemd-units
Requires: shadow systemd
Provides: trousers-lib
Obsoletes: trousers-lib
%description
Trousers is an Trusted Computing Software Stack. By using trousers you
can develop applications based on the Trusted Platform Module(TPM). The
@ -43,15 +31,7 @@ Obsoletes: trousers-static
%description devel
Includes header files, static library and other development files using trousers.
%package help
Summary: Documents for trousers
%description help
Man pages and other related documents.
%package_help
%prep
%autosetup -n %{name}-%{version} -p1
@ -64,7 +44,7 @@ Man pages and other related documents.
%install
mkdir -p %{buildroot}/%{_localstatedir}/lib/tpm
%make_install
rm -f %{buildroot}/%{_libdir}/libtspi.la
%delete_la
mkdir -p %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
@ -82,7 +62,7 @@ install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
/sbin/ldconfig
%files
%doc README ChangeLog
%doc README ChangeLog AUTHORS
%license LICENSE
%{_sbindir}/tcsd
%config(noreplace) %attr(0600, tss, tss) %{_sysconfdir}/tcsd.conf
@ -103,9 +83,9 @@ install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
%{_mandir}/man8/*
%changelog
* Mon Oct 14 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.9.8-1
- update to 0.3.13
* Wed Sep 4 2019 Zaiwang Li<lizaiwang1@huawei.com> - 0.3.13-12
- Init package