commit a246a23a23b36cb95a5f3ce00ecdc0857bc07f64 Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:18:49 2019 -0400 Package init diff --git a/Fixed-failure-to-recognise-connections-from-localhos.patch b/Fixed-failure-to-recognise-connections-from-localhos.patch new file mode 100644 index 0000000..3bf4356 --- /dev/null +++ b/Fixed-failure-to-recognise-connections-from-localhos.patch @@ -0,0 +1,38 @@ +From d74889b409a52636cc831e283be7fdc1eda8dff4 Mon Sep 17 00:00:00 2001 +From: Vadim Penzin +Date: Tue, 28 Oct 2014 23:07:49 -0400 +Subject: [PATCH 06/28] Fixed failure to recognise connections from localhost + over IPv6 + +Misplaced closing curly bracket makes check for ::1 a dead code. +The attached patch fixes this issue. + +From https://sourceforge.net/p/trousers/trousers/ci/96a3a67e5ac023aaf8932ec8ac769a04523bd984/ +--- + src/tcs/rpc/tcstp/rpc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c +index 08deb84..cc8a085 100644 +--- a/src/tcs/rpc/tcstp/rpc.c ++++ b/src/tcs/rpc/tcstp/rpc.c +@@ -540,6 +540,7 @@ access_control(struct tcsd_thread_data *thread_data) + if (memcmp(&sa_in->sin_addr.s_addr, &nloopaddr, + sizeof(in_addr_t)) == 0) + is_localhost = 1; ++ } + else if (sa->sa_family == AF_INET6) { + struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa; + if (memcmp(&sa_in6->sin6_addr.s6_addr, &in6addr_loopback, +@@ -551,7 +552,7 @@ access_control(struct tcsd_thread_data *thread_data) + * approve it */ + if (is_localhost) + return 0; +- } else { ++ else { + while (tcsd_options.remote_ops[i]) { + if ((UINT32)tcsd_options.remote_ops[i] == thread_data->comm.hdr.u.ordinal) { + LogInfo("Accepted %s operation from %s", +-- +1.8.3.1 + diff --git a/Fixed-incorrect-check-of-the-result-of-getpeername-2.patch b/Fixed-incorrect-check-of-the-result-of-getpeername-2.patch new file mode 100644 index 0000000..50a788e --- /dev/null +++ b/Fixed-incorrect-check-of-the-result-of-getpeername-2.patch @@ -0,0 +1,27 @@ +From 104dc8e665c8b7f1f397b8dfbec4c3060ef12a0c Mon Sep 17 00:00:00 2001 +From: Vadim Penzin +Date: Tue, 28 Oct 2014 18:09:26 -0400 +Subject: [PATCH 03/28] Fixed incorrect check of the result of getpeername(2) + +From https://sourceforge.net/p/trousers/trousers/ci/104dc8e665c8b7f1f397b8dfbec4c3060ef12a0c/ +--- + src/tcs/rpc/tcstp/rpc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c +index 0fc7e83..a235a84 100644 +--- a/src/tcs/rpc/tcstp/rpc.c ++++ b/src/tcs/rpc/tcstp/rpc.c +@@ -524,7 +524,8 @@ access_control(struct tcsd_thread_data *thread_data) + struct sockaddr *sa; + socklen_t sas_len = sizeof(sas); + +- if (!getpeername(thread_data->sock, (struct sockaddr *)&sas, &sas_len)) { ++ if (getpeername(thread_data->sock, (struct sockaddr *)&sas, ++ &sas_len) == -1) { + LogError("Error retrieving local socket address: %s", strerror(errno)); + return 1; + } +-- +1.8.3.1 + diff --git a/Fixed-possible-double-free-when-freeing-context-memo.patch b/Fixed-possible-double-free-when-freeing-context-memo.patch new file mode 100644 index 0000000..d9b4e57 --- /dev/null +++ b/Fixed-possible-double-free-when-freeing-context-memo.patch @@ -0,0 +1,29 @@ +From 0317141799e03798d42a42cf84d7680159d63df3 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kotlenga +Date: Wed, 5 Nov 2014 18:02:01 -0500 +Subject: [PATCH 10/28] Fixed possible double free when freeing context memory + +Use the right free call or else it will crash when freeing context +memory and an owner evict key has been loaded. + +From https://sourceforge.net/p/trousers/trousers/ci/0317141799e03798d42a42cf84d7680159d63df3 +--- + src/tspi/tspi_ps.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tspi/tspi_ps.c b/src/tspi/tspi_ps.c +index bde3e53..237fadf 100644 +--- a/src/tspi/tspi_ps.c ++++ b/src/tspi/tspi_ps.c +@@ -107,7 +107,7 @@ Tspi_Context_LoadKeyByUUID(TSS_HCONTEXT tspContext, /* in */ + + result = obj_rsakey_set_pubkey(*phKey, FALSE, rgbPubKey); + +- free(rgbPubKey); ++ free_tspi(tspContext,rgbPubKey); + if (result != TSS_SUCCESS) + return result; + } else { +-- +1.8.3.1 + diff --git a/Fixed-the-wrong-type-used-while-comparing-IPv4-addre.patch b/Fixed-the-wrong-type-used-while-comparing-IPv4-addre.patch new file mode 100644 index 0000000..ab92da1 --- /dev/null +++ b/Fixed-the-wrong-type-used-while-comparing-IPv4-addre.patch @@ -0,0 +1,38 @@ +From b236ece1136ede77435f7af80b60a05e175678c6 Mon Sep 17 00:00:00 2001 +From: Vadim Penzin +Date: Tue, 28 Oct 2014 22:25:41 -0400 +Subject: [PATCH 04/28] Fixed the wrong type used while comparing IPv4 + addresses + +src/tcs/rpc/tcstp/rpc.c:access_control() checks if peer's address is +INADDR_LOOPBACK. There are two issues with the current code: + +1. For correctness, in_addr_t should be used instead of uint32_t. +2. memcmp(3) is passed sizeof(struct sockaddr_in) that is larger than +sizeof(in_add_r) (or sizeof(uin32_t) for that matter), so the call +always fails. + +From https://sourceforge.net/p/trousers/trousers/ci/b236ece1136ede77435f7af80b60a05e175678c6/ +--- + src/tcs/rpc/tcstp/rpc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c +index a235a84..1573a8a 100644 +--- a/src/tcs/rpc/tcstp/rpc.c ++++ b/src/tcs/rpc/tcstp/rpc.c +@@ -536,9 +536,9 @@ access_control(struct tcsd_thread_data *thread_data) + // Check if it's localhost for both inet protocols + if (sa->sa_family == AF_INET) { + struct sockaddr_in *sa_in = (struct sockaddr_in *)sa; +- uint32_t nloopaddr = htonl(INADDR_LOOPBACK); ++ in_addr_t nloopaddr = htonl(INADDR_LOOPBACK); + if (memcmp(&sa_in->sin_addr.s_addr, &nloopaddr, +- sizeof(struct sockaddr_in)) == 0) ++ sizeof(in_addr_t)) == 0) + is_localhost = 1; + else if (sa->sa_family == AF_INET6) { + struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa; +-- +1.8.3.1 + diff --git a/Fixed-the-wrong-type-used-while-comparing-IPv6-addre.patch b/Fixed-the-wrong-type-used-while-comparing-IPv6-addre.patch new file mode 100644 index 0000000..65c8226 --- /dev/null +++ b/Fixed-the-wrong-type-used-while-comparing-IPv6-addre.patch @@ -0,0 +1,31 @@ +From 802563fd38d10a9233aa60ac5ac50ae3bd15a7ad Mon Sep 17 00:00:00 2001 +From: Vadim Penzin +Date: Tue, 28 Oct 2014 22:53:28 -0400 +Subject: [PATCH 05/28] Fixed the wrong type used while comparing IPv6 + addresses + +src/tcs/rpc/tcstp/rpc.c:access_control() checks if peer's address +is in6addr_loopback. memcmp(3) is passed sizeof(struct sockaddr_in6) +that is larger than sizeof(struct in6_addr), so the call always fails. + +From https://sourceforge.net/p/trousers/trousers/ci/802563fd38d10a9233aa60ac5ac50ae3bd15a7ad/ +--- + src/tcs/rpc/tcstp/rpc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tcs/rpc/tcstp/rpc.c b/src/tcs/rpc/tcstp/rpc.c +index 1573a8a..08deb84 100644 +--- a/src/tcs/rpc/tcstp/rpc.c ++++ b/src/tcs/rpc/tcstp/rpc.c +@@ -543,7 +543,7 @@ access_control(struct tcsd_thread_data *thread_data) + else if (sa->sa_family == AF_INET6) { + struct sockaddr_in6 *sa_in6 = (struct sockaddr_in6 *)sa; + if (memcmp(&sa_in6->sin6_addr.s6_addr, &in6addr_loopback, +- sizeof(struct sockaddr_in6)) == 0) ++ sizeof(struct in6_addr)) == 0) + is_localhost = 1; + } + +-- +1.8.3.1 + diff --git a/PATCH-Fix-memory-leak-in-Tspi_Context_Connect.patch b/PATCH-Fix-memory-leak-in-Tspi_Context_Connect.patch new file mode 100644 index 0000000..b949951 --- /dev/null +++ b/PATCH-Fix-memory-leak-in-Tspi_Context_Connect.patch @@ -0,0 +1,37 @@ +From a09a0fd1a06714bae8d2febe2b637b6ed46cde1f Mon Sep 17 00:00:00 2001 +From: "Hon Ching(Vicky) Lo" +Date: Wed, 7 Sep 2016 21:57:17 -0400 +Subject: [PATCH 22/28] [PATCH] Fix memory leak in Tspi_Context_Connect + +Should (wszDestination != NULL) and (RPC_OpenContext OR +obj_context_set_machine_name) fail, machine_name is leaked. + +Signed-off-by: Chads +Reviewed-by: Hon Ching(Vicky) Lo + +From https://sourceforge.net/p/trousers/trousers/ci/a09a0fd1a06714bae8d2febe2b637b6ed46cde1f +--- + src/tspi/tspi_context.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c +index 6c6ad56..93ce3ed 100644 +--- a/src/tspi/tspi_context.c ++++ b/src/tspi/tspi_context.c +@@ -89,9 +89,11 @@ Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */ + } + + if ((result = RPC_OpenContext(tspContext, machine_name, +- CONNECTION_TYPE_TCP_PERSISTANT))) ++ CONNECTION_TYPE_TCP_PERSISTANT))) { ++ free(machine_name); + return result; +- ++ } ++ free(machine_name); + if ((result = obj_context_set_machine_name(tspContext, machine_name, + strlen((char *)machine_name)+1))) + return result; +-- +1.8.3.1 + diff --git a/PATCH-Fix-more-memory-leaks-in-Tspi_Context_Connect.patch b/PATCH-Fix-more-memory-leaks-in-Tspi_Context_Connect.patch new file mode 100644 index 0000000..f71ac4a --- /dev/null +++ b/PATCH-Fix-more-memory-leaks-in-Tspi_Context_Connect.patch @@ -0,0 +1,45 @@ +From 21d3ca10d52ffadf5abcf57edc52a16d22975c8d Mon Sep 17 00:00:00 2001 +From: "Hon Ching(Vicky) Lo" +Date: Wed, 7 Sep 2016 22:11:00 -0400 +Subject: [PATCH 23/28] [PATCH] Fix more memory leaks in Tspi_Context_Connect + +obj_context_get_machine_name allocated memory for the 'machine_name'. +'machine_name' needs to be freed inside the IF-block of the function, +regardless whether RPC_OpenContext succeeds or fails. + +Signed-off-by: Hon Ching(Vicky) Lo + +From https://sourceforge.net/p/trousers/trousers/ci/21d3ca10d52ffadf5abcf57edc52a16d22975c8d +--- + src/tspi/tspi_context.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c +index 93ce3ed..f3e05cf 100644 +--- a/src/tspi/tspi_context.c ++++ b/src/tspi/tspi_context.c +@@ -79,8 +79,11 @@ Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */ + return result; + + if ((result = RPC_OpenContext(tspContext, machine_name, +- CONNECTION_TYPE_TCP_PERSISTANT))) ++ CONNECTION_TYPE_TCP_PERSISTANT))) { ++ free(machine_name); + return result; ++ } ++ + } else { + if ((machine_name = + Trspi_UNICODE_To_Native((BYTE *)wszDestination, NULL)) == NULL) { +@@ -99,6 +102,8 @@ Tspi_Context_Connect(TSS_HCONTEXT tspContext, /* in */ + return result; + } + ++ free(machine_name); ++ + if ((obj_tpm_add(tspContext, &hTpm))) + return TSPERR(TSS_E_INTERNAL_ERROR); + +-- +1.8.3.1 + diff --git a/PATCH-Fix-uninitialized-memory-error.patch b/PATCH-Fix-uninitialized-memory-error.patch new file mode 100644 index 0000000..d5bf993 --- /dev/null +++ b/PATCH-Fix-uninitialized-memory-error.patch @@ -0,0 +1,32 @@ +From ef1ecb823c0be68cd0bb5529d9f9578db9f2165e Mon Sep 17 00:00:00 2001 +From: "Hon Ching(Vicky) Lo" +Date: Thu, 8 Sep 2016 01:22:16 -0400 +Subject: [PATCH 24/28] [PATCH] Fix uninitialized memory error + +Fix access to uninitialized memory in src/tcsd/platform.c +platform_get_runlevel() Solaris implementation. Error found by +Parfait static code analyzer. + +Signed-off-by: Dan Anderson + +From https://sourceforge.net/p/trousers/trousers/ci/ef1ecb823c0be68cd0bb5529d9f9578db9f2165e +--- + src/tcsd/platform.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tcsd/platform.c b/src/tcsd/platform.c +index 8d7d96c..c9d5db0 100644 +--- a/src/tcsd/platform.c ++++ b/src/tcsd/platform.c +@@ -113,7 +113,7 @@ MUTEX_DECLARE_INIT(utmp_lock); + char + platform_get_runlevel() + { +- char runlevel; ++ char runlevel = 'u'; /* unknown run level */ + struct utmpx ut, *utp = NULL; + + MUTEX_LOCK(utmp_lock); +-- +1.8.3.1 + diff --git a/Removed-misguided-attempt-to-free-memory-in-Tspi_Con.patch b/Removed-misguided-attempt-to-free-memory-in-Tspi_Con.patch new file mode 100644 index 0000000..8a6c485 --- /dev/null +++ b/Removed-misguided-attempt-to-free-memory-in-Tspi_Con.patch @@ -0,0 +1,35 @@ +From 46c3fd98d1031d13aa3e56c3bf81bf681969238a Mon Sep 17 00:00:00 2001 +From: Krzysztof Kotlenga +Date: Mon, 3 Nov 2014 16:31:41 -0500 +Subject: [PATCH 09/28] Removed misguided attempt to free memory in + Tspi_Context_Close + +The docs and note in the code state that Tspi_Context_FreeMemory +should be called explicitly before calling Close. Currently it +does not free memory anyway, because Tspi_Context_FreeMemory will +refuse to work on an already closed context. + +Originally introduced in 6e789a06f34d51cd8c9da6138e17a5a8db35a129, +turned into no-op in 59af8e1b2d5537d82fce1d4990a880f7390fb248. + +From https://sourceforge.net/p/trousers/trousers/ci/46c3fd98d1031d13aa3e56c3bf81bf681969238a/ +--- + src/tspi/tspi_context.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/tspi/tspi_context.c b/src/tspi/tspi_context.c +index 786787f..fe9317b 100644 +--- a/src/tspi/tspi_context.c ++++ b/src/tspi/tspi_context.c +@@ -55,8 +55,6 @@ Tspi_Context_Close(TSS_HCONTEXT tspContext) /* in */ + /* Destroy all objects */ + obj_close_context(tspContext); + +- Tspi_Context_FreeMemory(tspContext, NULL); +- + /* close the ps file */ + PS_close(); + +-- +1.8.3.1 + diff --git a/tcsd.service b/tcsd.service new file mode 100644 index 0000000..dd76a33 --- /dev/null +++ b/tcsd.service @@ -0,0 +1,10 @@ +[Unit] +Description=TCG Core Services Daemon + +[Service] +Type=forking +ExecStart=/sbin/tcsd + +[Install] +WantedBy=multi-user.target + diff --git a/trousers-0.3.13-noinline.patch b/trousers-0.3.13-noinline.patch new file mode 100644 index 0000000..da1b09c --- /dev/null +++ b/trousers-0.3.13-noinline.patch @@ -0,0 +1,70 @@ +diff -up trousers-0.3.13/src/include/tcsps.h.noinline trousers-0.3.13/src/include/tcsps.h +--- trousers-0.3.13/src/include/tcsps.h.noinline 2014-04-24 20:05:44.000000000 +0200 ++++ trousers-0.3.13/src/include/tcsps.h 2015-05-26 16:36:20.685075185 +0200 +@@ -27,8 +27,8 @@ void ps_destroy(); + TSS_RESULT read_data(int, void *, UINT32); + TSS_RESULT write_data(int, void *, UINT32); + #else +-inline TSS_RESULT read_data(int, void *, UINT32); +-inline TSS_RESULT write_data(int, void *, UINT32); ++TSS_RESULT read_data(int, void *, UINT32); ++TSS_RESULT write_data(int, void *, UINT32); + #endif + int write_key_init(int, UINT32, UINT32, UINT32); + TSS_RESULT cache_key(UINT32, UINT16, TSS_UUID *, TSS_UUID *, UINT16, UINT32, UINT32); +diff -up trousers-0.3.13/src/include/tspps.h.noinline trousers-0.3.13/src/include/tspps.h +--- trousers-0.3.13/src/include/tspps.h.noinline 2014-04-24 20:05:44.000000000 +0200 ++++ trousers-0.3.13/src/include/tspps.h 2015-05-26 16:36:31.730325291 +0200 +@@ -18,8 +18,8 @@ + + TSS_RESULT get_file(int *); + int put_file(int); +-inline TSS_RESULT read_data(int, void *, UINT32); +-inline TSS_RESULT write_data(int, void *, UINT32); ++TSS_RESULT read_data(int, void *, UINT32); ++TSS_RESULT write_data(int, void *, UINT32); + UINT32 psfile_get_num_keys(int); + TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *); + TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *); +diff -up trousers-0.3.13/src/tcs/ps/ps_utils.c.noinline trousers-0.3.13/src/tcs/ps/ps_utils.c +--- trousers-0.3.13/src/tcs/ps/ps_utils.c.noinline 2014-04-24 20:05:44.000000000 +0200 ++++ trousers-0.3.13/src/tcs/ps/ps_utils.c 2015-05-26 16:38:33.626085483 +0200 +@@ -45,7 +45,7 @@ struct key_disk_cache *key_disk_cache_he + #ifdef SOLARIS + TSS_RESULT + #else +-inline TSS_RESULT ++TSS_RESULT + #endif + read_data(int fd, void *data, UINT32 size) + { +@@ -67,7 +67,7 @@ read_data(int fd, void *data, UINT32 siz + #ifdef SOLARIS + TSS_RESULT + #else +-inline TSS_RESULT ++TSS_RESULT + #endif + write_data(int fd, void *data, UINT32 size) + { +diff -up trousers-0.3.13/src/tspi/ps/ps_utils.c.noinline trousers-0.3.13/src/tspi/ps/ps_utils.c +--- trousers-0.3.13/src/tspi/ps/ps_utils.c.noinline 2014-04-24 20:05:44.000000000 +0200 ++++ trousers-0.3.13/src/tspi/ps/ps_utils.c 2015-05-26 16:39:30.881381965 +0200 +@@ -22,7 +22,7 @@ + #include "tspps.h" + #include "tsplog.h" + +-inline TSS_RESULT ++TSS_RESULT + read_data(int fd, void *data, UINT32 size) + { + int rc; +@@ -39,7 +39,7 @@ read_data(int fd, void *data, UINT32 siz + return TSS_SUCCESS; + } + +-inline TSS_RESULT ++TSS_RESULT + write_data(int fd, void *data, UINT32 size) + { + int rc; diff --git a/trousers-0.3.13.tar.gz b/trousers-0.3.13.tar.gz new file mode 100644 index 0000000..48d2e48 Binary files /dev/null and b/trousers-0.3.13.tar.gz differ diff --git a/trousers-openssl1.1.patch b/trousers-openssl1.1.patch new file mode 100644 index 0000000..1fa2ebc --- /dev/null +++ b/trousers-openssl1.1.patch @@ -0,0 +1,448 @@ +@@ -, +, @@ +--- + src/tcs/crypto/openssl/crypto.c | 15 ++++++--- + src/trspi/crypto/openssl/hash.c | 17 ++++++---- + src/trspi/crypto/openssl/rsa.c | 64 ++++++++++++++++++++++++++++++----- + src/trspi/crypto/openssl/symmetric.c | 65 +++++++++++++++++++++--------------- + 4 files changed, 115 insertions(+), 46 deletions(-) +--- a/src/tcs/crypto/openssl/crypto.c ++++ a/src/tcs/crypto/openssl/crypto.c +@@ -31,13 +31,17 @@ + TSS_RESULT + Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) + { +- EVP_MD_CTX md_ctx; ++ EVP_MD_CTX *md_ctx; + unsigned int result_size; + int rv; + ++ md_ctx = EVP_MD_CTX_new(); ++ if (md_ctx == NULL) ++ return TSPERR(TSS_E_OUTOFMEMORY); ++ + switch (HashType) { + case TSS_HASH_SHA1: +- rv = EVP_DigestInit(&md_ctx, EVP_sha1()); ++ rv = EVP_DigestInit(md_ctx, EVP_sha1()); + break; + default: + rv = TCSERR(TSS_E_BAD_PARAMETER); +@@ -50,19 +54,20 @@ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) + goto out; + } + +- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize); ++ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize); + if (rv != EVP_SUCCESS) { + rv = TCSERR(TSS_E_INTERNAL_ERROR); + goto out; + } + +- result_size = EVP_MD_CTX_size(&md_ctx); +- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size); ++ result_size = EVP_MD_CTX_size(md_ctx); ++ rv = EVP_DigestFinal(md_ctx, Digest, &result_size); + if (rv != EVP_SUCCESS) { + rv = TCSERR(TSS_E_INTERNAL_ERROR); + } else + rv = TSS_SUCCESS; + + out: ++ EVP_MD_CTX_free(md_ctx); + return rv; + } +--- a/src/trspi/crypto/openssl/hash.c ++++ a/src/trspi/crypto/openssl/hash.c +@@ -56,13 +56,17 @@ int MGF1(unsigned char *, long, const unsigned char *, long); + TSS_RESULT + Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) + { +- EVP_MD_CTX md_ctx; ++ EVP_MD_CTX *md_ctx; + unsigned int result_size; + int rv; + ++ md_ctx = EVP_MD_CTX_new(); ++ if (md_ctx == NULL) ++ return TSPERR(TSS_E_OUTOFMEMORY); ++ + switch (HashType) { + case TSS_HASH_SHA1: +- rv = EVP_DigestInit(&md_ctx, EVP_sha1()); ++ rv = EVP_DigestInit(md_ctx, EVP_sha1()); + break; + default: + rv = TSPERR(TSS_E_BAD_PARAMETER); +@@ -75,14 +79,14 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) + goto err; + } + +- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize); ++ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize); + if (rv != EVP_SUCCESS) { + rv = TSPERR(TSS_E_INTERNAL_ERROR); + goto err; + } + +- result_size = EVP_MD_CTX_size(&md_ctx); +- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size); ++ result_size = EVP_MD_CTX_size(md_ctx); ++ rv = EVP_DigestFinal(md_ctx, Digest, &result_size); + if (rv != EVP_SUCCESS) { + rv = TSPERR(TSS_E_INTERNAL_ERROR); + goto err; +@@ -94,6 +98,7 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest) + err: + DEBUG_print_openssl_errors(); + out: ++ EVP_MD_CTX_free(md_ctx); + return rv; + } + +@@ -112,7 +117,7 @@ Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType) + break; + } + +- if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL) ++ if ((ctx->ctx = EVP_MD_CTX_new()) == NULL) + return TSPERR(TSS_E_OUTOFMEMORY); + + rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md); +--- a/src/trspi/crypto/openssl/rsa.c ++++ a/src/trspi/crypto/openssl/rsa.c +@@ -38,6 +38,25 @@ + #define DEBUG_print_openssl_errors() + #endif + ++#if OPENSSL_VERSION_NUMBER < 0x10100001L ++static int ++RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) ++{ ++ if (n != NULL) { ++ BN_free(r->n); ++ r->n = n; ++ } ++ if (e != NULL) { ++ BN_free(r->e); ++ r->e = e; ++ } ++ if (d != NULL) { ++ BN_free(r->d); ++ r->d = d; ++ } ++ return 1; ++} ++#endif + + /* + * Hopefully this will make the code clearer since +@@ -61,6 +80,7 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */ + RSA *rsa = RSA_new(); + BYTE encodedData[256]; + int encodedDataLen; ++ BIGNUM *rsa_n = NULL, *rsa_e = NULL; + + if (rsa == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); +@@ -68,12 +88,20 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */ + } + + /* set the public key value in the OpenSSL object */ +- rsa->n = BN_bin2bn(publicKey, keysize, rsa->n); ++ rsa_n = BN_bin2bn(publicKey, keysize, NULL); + /* set the public exponent */ +- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e); ++ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL); + +- if (rsa->n == NULL || rsa->e == NULL) { ++ if (rsa_n == NULL || rsa_e == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); ++ BN_free(rsa_n); ++ BN_free(rsa_e); ++ goto err; ++ } ++ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) { ++ rv = TSPERR(TSS_E_FAIL); ++ BN_free(rsa_n); ++ BN_free(rsa_e); + goto err; + } + +@@ -123,6 +151,7 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength, + unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */ + unsigned char buf[256]; + RSA *rsa = RSA_new(); ++ BIGNUM *rsa_n = NULL, *rsa_e = NULL; + + if (rsa == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); +@@ -146,12 +175,20 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength, + } + + /* set the public key value in the OpenSSL object */ +- rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n); ++ rsa_n = BN_bin2bn(pModulus, iKeyLength, NULL); + /* set the public exponent */ +- rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e); ++ rsa_e = BN_bin2bn(exp, sizeof(exp), NULL); + +- if (rsa->n == NULL || rsa->e == NULL) { ++ if (rsa_n == NULL || rsa_e == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); ++ BN_free(rsa_n); ++ BN_free(rsa_e); ++ goto err; ++ } ++ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) { ++ rv = TSPERR(TSS_E_FAIL); ++ BN_free(rsa_n); ++ BN_free(rsa_e); + goto err; + } + +@@ -195,6 +232,7 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen, + int rv, e_size = 3; + unsigned char exp[] = { 0x01, 0x00, 0x01 }; + RSA *rsa = RSA_new(); ++ BIGNUM *rsa_n = NULL, *rsa_e = NULL; + + if (rsa == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); +@@ -237,12 +275,20 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen, + } + + /* set the public key value in the OpenSSL object */ +- rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n); ++ rsa_n = BN_bin2bn(pubkey, pubsize, NULL); + /* set the public exponent */ +- rsa->e = BN_bin2bn(exp, e_size, rsa->e); ++ rsa_e = BN_bin2bn(exp, e_size, NULL); + +- if (rsa->n == NULL || rsa->e == NULL) { ++ if (rsa_n == NULL || rsa_e == NULL) { + rv = TSPERR(TSS_E_OUTOFMEMORY); ++ BN_free(rsa_n); ++ BN_free(rsa_e); ++ goto err; ++ } ++ if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) { ++ rv = TSPERR(TSS_E_FAIL); ++ BN_free(rsa_n); ++ BN_free(rsa_e); + goto err; + } + +--- a/src/trspi/crypto/openssl/symmetric.c ++++ a/src/trspi/crypto/openssl/symmetric.c +@@ -52,7 +52,7 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, + UINT32 *out_len) + { + TSS_RESULT result = TSS_SUCCESS; +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx = NULL; + UINT32 tmp; + + switch (alg) { +@@ -64,33 +64,37 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, + break; + } + +- EVP_CIPHER_CTX_init(&ctx); ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ result = TSPERR(TSS_E_OUTOFMEMORY); ++ goto done; ++ } + +- if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) { ++ if (!EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + +- if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) { ++ if (*out_len < in_len + EVP_CIPHER_CTX_block_size(ctx) - 1) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + +- if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) { ++ if (!EVP_EncryptUpdate(ctx, out, (int *)out_len, in, in_len)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + +- if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) { ++ if (!EVP_EncryptFinal(ctx, out + *out_len, (int *)&tmp)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + *out_len += tmp; + done: +- EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_free(ctx); + return result; + } + +@@ -99,7 +103,7 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, + UINT32 *out_len) + { + TSS_RESULT result = TSS_SUCCESS; +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx = NULL; + UINT32 tmp; + + switch (alg) { +@@ -111,28 +115,32 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out, + break; + } + +- EVP_CIPHER_CTX_init(&ctx); ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ result = TSPERR(TSS_E_OUTOFMEMORY); ++ goto done; ++ } + +- if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) { ++ if (!EVP_DecryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + +- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) { ++ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, in, in_len)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + +- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) { ++ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + *out_len += tmp; + done: +- EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_free(ctx); + return result; + } + +@@ -255,7 +263,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 + UINT32 *out_len) + { + TSS_RESULT result = TSS_SUCCESS; +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher; + BYTE *def_iv = NULL, *outiv_ptr; + UINT32 tmp; +@@ -269,7 +277,9 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 + if ((cipher = get_openssl_cipher(alg, mode)) == NULL) + return TSPERR(TSS_E_INTERNAL_ERROR); + +- EVP_CIPHER_CTX_init(&ctx); ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) ++ return TSPERR(TSS_E_OUTOFMEMORY); + + /* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */ + iv_len = EVP_CIPHER_iv_length(cipher); +@@ -289,25 +299,25 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 + outiv_ptr = out; + } + +- if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) { ++ if (!EVP_EncryptInit(ctx, (const EVP_CIPHER *)cipher, key, def_iv)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + +- if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) { ++ if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(ctx) * 2) - 1) { + LogDebug("Not enough space to do symmetric encryption"); + result = TSPERR(TSS_E_INTERNAL_ERROR); + goto done; + } + +- if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) { ++ if (!EVP_EncryptUpdate(ctx, outiv_ptr, &outiv_len, in, in_len)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + +- if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) { ++ if (!EVP_EncryptFinal(ctx, outiv_ptr + outiv_len, (int *)&tmp)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; +@@ -320,7 +330,7 @@ done: + *out_len += iv_len; + free(def_iv); + } +- EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_free(ctx); + return result; + } + +@@ -329,7 +339,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 + UINT32 *out_len) + { + TSS_RESULT result = TSS_SUCCESS; +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *cipher; + BYTE *def_iv = NULL, *iniv_ptr; + UINT32 tmp; +@@ -341,7 +351,10 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 + if ((cipher = get_openssl_cipher(alg, mode)) == NULL) + return TSPERR(TSS_E_INTERNAL_ERROR); + +- EVP_CIPHER_CTX_init(&ctx); ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ return TSPERR(TSS_E_OUTOFMEMORY); ++ } + + /* If the iv is NULL, assume that its prepended to the ciphertext */ + if (iv == NULL) { +@@ -361,19 +374,19 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 + iniv_len = in_len; + } + +- if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) { ++ if (!EVP_DecryptInit(ctx, cipher, key, def_iv)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + +- if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) { ++ if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, iniv_ptr, iniv_len)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; + } + +- if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) { ++ if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) { + result = TSPERR(TSS_E_INTERNAL_ERROR); + DEBUG_print_openssl_errors(); + goto done; +@@ -383,6 +396,6 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32 + done: + if (def_iv != iv) + free(def_iv); +- EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_free(ctx); + return result; + } +-- diff --git a/trousers.spec b/trousers.spec new file mode 100644 index 0000000..21c07de --- /dev/null +++ b/trousers.spec @@ -0,0 +1,111 @@ +Name: trousers +Version: 0.3.13 +Release: 12 +Summary: The open-source TCG Software Stack +License: BSD +Url: http://trousers.sourceforge.net +Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz +#Acknowledge Source1 from Fedora. +Source1: tcsd.service +#Acknowledge Patch1 & Patch2 from Fedora. +Patch0001: trousers-0.3.13-noinline.patch +Patch0002: trousers-openssl1.1.patch + +Patch9000: Fixed-incorrect-check-of-the-result-of-getpeername-2.patch +Patch9001: Fixed-the-wrong-type-used-while-comparing-IPv4-addre.patch +Patch9002: Fixed-the-wrong-type-used-while-comparing-IPv6-addre.patch +Patch9003: Fixed-failure-to-recognise-connections-from-localhos.patch +Patch9004: Removed-misguided-attempt-to-free-memory-in-Tspi_Con.patch +Patch9005: Fixed-possible-double-free-when-freeing-context-memo.patch +Patch9006: PATCH-Fix-memory-leak-in-Tspi_Context_Connect.patch +Patch9007: PATCH-Fix-more-memory-leaks-in-Tspi_Context_Connect.patch +Patch9008: PATCH-Fix-uninitialized-memory-error.patch + +BuildRequires: libtool openssl-devel systemd +Requires: shadow-utils systemd-units + +Provides: trousers-lib +Obsoletes: trousers-lib +%description +Trousers is an Trusted Computing Software Stack. By using trousers you +can develop applications based on the Trusted Platform Module(TPM). The +TPM enables more secure storage. It provides hardware-based protection +of data because the private key used to protect the data is never exposed +in the clear outside of the TPM's own internal memory area. + +%package devel +Summary: Trousers header files, documentation and trousers tCG device driver library +Requires: %{name} = %{version}-%{release} + +Provides: trousers-static +Obsoletes: trousers-static + +%description devel +Includes header files, static library and other development files using trousers. + +%package help +Summary: Documents for trousers + +%description help +Man pages and other related documents. + + + + + +%prep +%autosetup -n %{name}-%{version} -p1 + + +%build +%configure --with-gui=openssl +%make_build -k + +%install +mkdir -p %{buildroot}/%{_localstatedir}/lib/tpm +%make_install +rm -f %{buildroot}/%{_libdir}/libtspi.la +mkdir -p %{buildroot}%{_unitdir} +install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/ + +%pre + +%post +%systemd_post tcsd.service +/sbin/ldconfig + +%preun +%systemd_preun tcsd.service + +%postun +%systemd_postun_with_restart tcsd.service +/sbin/ldconfig + +%files +%doc README ChangeLog +%license LICENSE +%{_sbindir}/tcsd +%config(noreplace) %attr(0600, tss, tss) %{_sysconfdir}/tcsd.conf +%attr(0644,root,root) %{_unitdir}/tcsd.service +%attr(0700, tss, tss) %{_localstatedir}/lib/tpm/ +%{_libdir}/libtspi.so.* + +%files devel +%doc doc/LTC-TSS_LLD_08_r2.pdf doc/TSS_programming_SNAFUs.txt +%attr(0755, root, root) %{_libdir}/libtspi.so +%{_includedir}/tss/ +%{_includedir}/trousers/ +%{_libdir}/libtddl.a + +%files help +%{_mandir}/man3/Tspi_* +%{_mandir}/man5/* +%{_mandir}/man8/* + + + + + +%changelog +* Wed Sep 4 2019 Zaiwang Li - 0.3.13-12 +- Init package