Toshaan Bharvani
3 years ago
commit
bd776e808e
13 changed files with 7135 additions and 0 deletions
@ -0,0 +1,62 @@ |
|||||||
|
From e0c1e3efd187a3cfa77906eef978fa6beada0b31 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Ken Goldman <kgoldman@us.ibm.com> |
||||||
|
Date: Thu, 1 Jul 2021 13:55:28 -0400 |
||||||
|
Subject: [PATCH] utils: Generate X509 certificate serial number using sha256 |
||||||
|
|
||||||
|
This is just a test certificate, not a real CA. Certificate serial |
||||||
|
numbers can be 20 octets maximum. Use a truncated sha256 because some |
||||||
|
'lint' programs are now scanning for sha1. |
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgoldman@us.ibm.com> |
||||||
|
--- |
||||||
|
utils/ekutils.c | 18 ++++++++++++++---- |
||||||
|
1 file changed, 14 insertions(+), 4 deletions(-) |
||||||
|
|
||||||
|
diff --git a/utils/ekutils.c b/utils/ekutils.c |
||||||
|
index a0a2734..aad6fba 100644 |
||||||
|
--- a/utils/ekutils.c |
||||||
|
+++ b/utils/ekutils.c |
||||||
|
@@ -61,6 +61,7 @@ |
||||||
|
|
||||||
|
#include <openssl/pem.h> |
||||||
|
#include <openssl/x509.h> |
||||||
|
+#include <openssl/evp.h> |
||||||
|
|
||||||
|
#include <ibmtss/tssresponsecode.h> |
||||||
|
#include <ibmtss/tssutils.h> |
||||||
|
@@ -1835,7 +1836,7 @@ TPM_RC startCertificate(X509 *x509Certificate, /* X509 certificate to be generat |
||||||
|
ASN1_TIME *arc; /* return code */ |
||||||
|
ASN1_INTEGER *x509Serial; /* certificate serial number in ASN1 */ |
||||||
|
BIGNUM *x509SerialBN; /* certificate serial number as a BIGNUM */ |
||||||
|
- unsigned char x509Serialbin[SHA1_DIGEST_SIZE]; /* certificate serial number in binary */ |
||||||
|
+ unsigned char x509Serialbin[EVP_MAX_MD_SIZE]; /* certificate serial number in binary */ |
||||||
|
X509_NAME *x509IssuerName; /* composite issuer name, key/value pairs */ |
||||||
|
X509_NAME *x509SubjectName; /* composite subject name, key/value pairs */ |
||||||
|
|
||||||
|
@@ -1855,11 +1856,20 @@ TPM_RC startCertificate(X509 *x509Certificate, /* X509 certificate to be generat |
||||||
|
add certificate serial number |
||||||
|
*/ |
||||||
|
if (rc == 0) { |
||||||
|
+ const EVP_MD *type; |
||||||
|
+ |
||||||
|
if (tssUtilsVerbose) printf("startCertificate: Adding certificate serial number\n"); |
||||||
|
/* to create a unique serial number, hash the key to be certified */ |
||||||
|
- SHA1(keyBuffer, keyLength, x509Serialbin); |
||||||
|
- /* convert the SHA1 digest to a BIGNUM */ |
||||||
|
- x509SerialBN = BN_bin2bn(x509Serialbin, SHA1_DIGEST_SIZE, x509SerialBN); |
||||||
|
+ type = EVP_sha256(); |
||||||
|
+ irc = EVP_Digest(keyBuffer, keyLength, x509Serialbin, NULL, type, NULL); |
||||||
|
+ if (irc == 0) { |
||||||
|
+ printf("startCertificate: Error in serial number EVP_Digest\n"); |
||||||
|
+ rc = TSS_RC_X509_ERROR; |
||||||
|
+ } |
||||||
|
+ } |
||||||
|
+ if (rc == 0) { |
||||||
|
+ /* convert the digest to a BIGNUM, use 20 octets */ |
||||||
|
+ x509SerialBN = BN_bin2bn(x509Serialbin, 20, x509SerialBN); |
||||||
|
if (x509SerialBN == NULL) { |
||||||
|
printf("startCertificate: Error in serial number BN_bin2bn\n"); |
||||||
|
rc = TSS_RC_X509_ERROR; |
||||||
|
-- |
||||||
|
2.34.1 |
||||||
|
|
||||||
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,54 @@ |
|||||||
|
From 87120cf7fedcfc063ba5cd28ae4571909209a547 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Ken Goldman <kgoldman@us.ibm.com> |
||||||
|
Date: Mon, 23 Aug 2021 17:30:56 -0400 |
||||||
|
Subject: [PATCH 2/7] utils: Remove unused variables from certifyx509 |
||||||
|
|
||||||
|
notBefore and notAfter are set driectly in the partialCertificate |
||||||
|
structure, and that is used to directly set the x509 structure. |
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgoldman@us.ibm.com> |
||||||
|
--- |
||||||
|
utils/certifyx509.c | 6 +----- |
||||||
|
1 file changed, 1 insertion(+), 5 deletions(-) |
||||||
|
|
||||||
|
diff --git a/utils/certifyx509.c b/utils/certifyx509.c |
||||||
|
index ed42ac0..44640aa 100644 |
||||||
|
--- a/utils/certifyx509.c |
||||||
|
+++ b/utils/certifyx509.c |
||||||
|
@@ -204,6 +204,7 @@ int main(int argc, char *argv[]) |
||||||
|
setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ |
||||||
|
TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); |
||||||
|
|
||||||
|
+ curveID = curveID; /* no longer used, get from parent */ |
||||||
|
/* command line argument defaults */ |
||||||
|
for (i=1 ; (i<argc) && (rc == 0) ; i++) { |
||||||
|
if (strcmp(argv[i],"-ho") == 0) { |
||||||
|
@@ -686,8 +687,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
||||||
|
X509_NAME *x509SubjectName = NULL;/* composite subject name, key/value pairs */ |
||||||
|
size_t issuerEntriesSize = sizeof(issuerEntries)/sizeof(char *); |
||||||
|
size_t subjectEntriesSize = sizeof(subjectEntries)/sizeof(char *); |
||||||
|
- ASN1_TIME *notBefore = NULL; |
||||||
|
- ASN1_TIME *notAfter = NULL; |
||||||
|
uint8_t *tmpPartialDer = NULL; /* for the i2d */ |
||||||
|
|
||||||
|
/* add issuer */ |
||||||
|
@@ -717,8 +716,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
||||||
|
} |
||||||
|
} |
||||||
|
if (rc == 0) { |
||||||
|
- /* can't fail, just returns a structure member */ |
||||||
|
- notBefore = X509_get_notBefore(x509Certificate); |
||||||
|
irc = X509_set1_notBefore(x509Certificate, partialCertificate->validity->notBefore); |
||||||
|
if (irc == 0) { |
||||||
|
printf("createPartialCertificate: Error setting notBefore time\n"); |
||||||
|
@@ -737,7 +734,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
||||||
|
} |
||||||
|
} |
||||||
|
if (rc == 0) { |
||||||
|
- notAfter = X509_get_notAfter(x509Certificate); |
||||||
|
irc = X509_set1_notAfter(x509Certificate,partialCertificate->validity->notAfter); |
||||||
|
if (irc == 0) { |
||||||
|
printf("createPartialCertificate: Error setting notAfter time\n"); |
||||||
|
-- |
||||||
|
2.34.1 |
||||||
|
|
||||||
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,99 @@ |
|||||||
|
From 1c462889a517d6dbab721aa3e0597878e9c237d5 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Ken Goldman <kgold@linux.ibm.com> |
||||||
|
Date: Wed, 25 Aug 2021 18:02:11 -0400 |
||||||
|
Subject: [PATCH 3/7] : Update certifyx509 for Windows |
||||||
|
|
||||||
|
Add static_ to the ASN1_SEQUENCE_END macros to suppress a gcc warning. |
||||||
|
Change free to OPENSSL_free, required with i2d when OpenSSL is a dll. |
||||||
|
|
||||||
|
Remove the tmpx509i file handling from the .bat file since certifyx509 |
||||||
|
no longer outputs it. |
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com> |
||||||
|
--- |
||||||
|
utils/certifyx509.c | 10 +++++----- |
||||||
|
utils/regtests/testx509.bat | 5 ----- |
||||||
|
2 files changed, 5 insertions(+), 10 deletions(-) |
||||||
|
|
||||||
|
diff --git a/utils/certifyx509.c b/utils/certifyx509.c |
||||||
|
index 44640aa..5602f62 100644 |
||||||
|
--- a/utils/certifyx509.c |
||||||
|
+++ b/utils/certifyx509.c |
||||||
|
@@ -94,7 +94,7 @@ typedef struct { |
||||||
|
ASN1_SEQUENCE(TPM_PARTIAL_CERT_VALIDITY) = { |
||||||
|
ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notBefore, ASN1_TIME), |
||||||
|
ASN1_SIMPLE(TPM_PARTIAL_CERT_VALIDITY, notAfter, ASN1_TIME), |
||||||
|
-} ASN1_SEQUENCE_END(TPM_PARTIAL_CERT_VALIDITY) |
||||||
|
+} static_ASN1_SEQUENCE_END(TPM_PARTIAL_CERT_VALIDITY) |
||||||
|
|
||||||
|
/* the signature algorithm is optional while the extension list is mandatory */ |
||||||
|
ASN1_SEQUENCE(TPM_PARTIAL_CERT) = { |
||||||
|
@@ -103,7 +103,7 @@ ASN1_SEQUENCE(TPM_PARTIAL_CERT) = { |
||||||
|
ASN1_SIMPLE(TPM_PARTIAL_CERT, validity, TPM_PARTIAL_CERT_VALIDITY), |
||||||
|
ASN1_SIMPLE(TPM_PARTIAL_CERT, subject, X509_NAME), |
||||||
|
ASN1_EXP_SEQUENCE_OF(TPM_PARTIAL_CERT, extensions, X509_EXTENSION, 3), |
||||||
|
-} ASN1_SEQUENCE_END(TPM_PARTIAL_CERT) |
||||||
|
+} static_ASN1_SEQUENCE_END(TPM_PARTIAL_CERT) |
||||||
|
|
||||||
|
DECLARE_ASN1_FUNCTIONS(TPM_PARTIAL_CERT) |
||||||
|
IMPLEMENT_ASN1_FUNCTIONS(TPM_PARTIAL_CERT) |
||||||
|
@@ -122,7 +122,7 @@ ASN1_SEQUENCE(TPM_ADDTOCERT) = { |
||||||
|
ASN1_SIMPLE(TPM_ADDTOCERT, serialNumber, ASN1_INTEGER), |
||||||
|
ASN1_SIMPLE(TPM_ADDTOCERT, signatureAlgorithm, X509_ALGOR), |
||||||
|
ASN1_SIMPLE(TPM_ADDTOCERT, key, X509_PUBKEY), |
||||||
|
-} ASN1_SEQUENCE_END(TPM_ADDTOCERT) |
||||||
|
+} static_ASN1_SEQUENCE_END(TPM_ADDTOCERT) |
||||||
|
|
||||||
|
DECLARE_ASN1_FUNCTIONS(TPM_ADDTOCERT) |
||||||
|
IMPLEMENT_ASN1_FUNCTIONS(TPM_ADDTOCERT) |
||||||
|
@@ -629,7 +629,7 @@ int main(int argc, char *argv[]) |
||||||
|
X509_free(x509Certificate); /* @1 */ |
||||||
|
} |
||||||
|
free(x509Der); /* @2 */ |
||||||
|
- free(addToCert); /* @3 */ |
||||||
|
+ OPENSSL_free(addToCert); /* @3 */ |
||||||
|
return rc; |
||||||
|
} |
||||||
|
|
||||||
|
@@ -808,7 +808,7 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
||||||
|
#endif |
||||||
|
X509_NAME_free(x509IssuerName); /* @1 */ |
||||||
|
X509_NAME_free(x509SubjectName); /* @2 */ |
||||||
|
- free(tmpPartialDer); /* @3 */ |
||||||
|
+ OPENSSL_free(tmpPartialDer); /* @3 */ |
||||||
|
return rc; |
||||||
|
} |
||||||
|
|
||||||
|
diff --git a/utils/regtests/testx509.bat b/utils/regtests/testx509.bat |
||||||
|
index 0951ad6..17b69f6 100644 |
||||||
|
--- a/utils/regtests/testx509.bat |
||||||
|
+++ b/utils/regtests/testx509.bat |
||||||
|
@@ -80,8 +80,6 @@ for /L %%i in (1,1,!L!) do ( |
||||||
|
exit /B 1 |
||||||
|
) |
||||||
|
|
||||||
|
- rem # dumpasn1 -a -l -d tmpx509i.bin > tmpx509i1.dump |
||||||
|
- rem # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i1.dumphh |
||||||
|
rem # dumpasn1 -a -l -d tmppart1.bin > tmppart1.dump |
||||||
|
rem # dumpasn1 -a -l -d -hh tmppart1.bin > tmppart1.dumphh |
||||||
|
rem # dumpasn1 -a -l -d tmpadd1.bin > tmpadd1.dump |
||||||
|
@@ -102,8 +100,6 @@ for /L %%i in (1,1,!L!) do ( |
||||||
|
exit /B 1 |
||||||
|
) |
||||||
|
|
||||||
|
-rem # dumpasn1 -a -l -d tmpx509i.bin > tmpx509i2.dump |
||||||
|
-rem # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i2.dumphh |
||||||
|
rem # dumpasn1 -a -l -d tmppart2.bin > tmppart2.dump |
||||||
|
rem # dumpasn1 -a -l -d -hh tmppart2.bin > tmppart2.dumphhe |
||||||
|
rem # dumpasn1 -a -l -d tmpadd2.bin > tmpadd2.dump |
||||||
|
@@ -446,7 +442,6 @@ rm tmpsig1.bin |
||||||
|
rm tmpx5091.bin |
||||||
|
rm tmpx5091.pem |
||||||
|
rm tmpx5092.pem |
||||||
|
-rm tmpx509i.bin |
||||||
|
rm tmppart2.bin |
||||||
|
rm tmpadd2.bin |
||||||
|
rm tmptbs2.bin |
||||||
|
-- |
||||||
|
2.34.1 |
||||||
|
|
||||||
@ -0,0 +1,136 @@ |
|||||||
|
From 506ae7f508cdcaca1cad7433725e8f4c115f843b Mon Sep 17 00:00:00 2001 |
||||||
|
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?= |
||||||
|
<shoracek@redhat.com> |
||||||
|
Date: Fri, 25 Feb 2022 15:28:28 +0100 |
||||||
|
Subject: [PATCH 4/4] Restrict SHA-1 in TSS |
||||||
|
MIME-Version: 1.0 |
||||||
|
Content-Type: text/plain; charset=UTF-8 |
||||||
|
Content-Transfer-Encoding: 8bit |
||||||
|
|
||||||
|
Signed-off-by: Štěpán Horáček <shoracek@redhat.com> |
||||||
|
--- |
||||||
|
utils/cryptoutils.c | 4 --- |
||||||
|
utils/tss20.c | 81 ++++++++++++++++++++++++++++++++++++++++++++- |
||||||
|
2 files changed, 80 insertions(+), 5 deletions(-) |
||||||
|
|
||||||
|
diff --git a/utils/cryptoutils.c b/utils/cryptoutils.c |
||||||
|
index 7b5de79..98396a7 100644 |
||||||
|
--- a/utils/cryptoutils.c |
||||||
|
+++ b/utils/cryptoutils.c |
||||||
|
@@ -2136,10 +2136,6 @@ TPM_RC verifyRSASignatureFromRSA(unsigned char *message, |
||||||
|
/* map from hash algorithm to openssl nid */ |
||||||
|
if (rc == 0) { |
||||||
|
switch (halg) { |
||||||
|
- case TPM_ALG_SHA1: |
||||||
|
- nid = NID_sha1; |
||||||
|
- md = EVP_sha1(); |
||||||
|
- break; |
||||||
|
case TPM_ALG_SHA256: |
||||||
|
nid = NID_sha256; |
||||||
|
md = EVP_sha256(); |
||||||
|
diff --git a/utils/tss20.c b/utils/tss20.c |
||||||
|
index c778069..bd05cf3 100644 |
||||||
|
--- a/utils/tss20.c |
||||||
|
+++ b/utils/tss20.c |
||||||
|
@@ -678,6 +678,76 @@ extern int tssVerbose; |
||||||
|
extern int tssVverbose; |
||||||
|
extern int tssFirstCall; |
||||||
|
|
||||||
|
+int TSS_CheckSha1_PublicArea(TPMT_PUBLIC *publicArea) |
||||||
|
+{ |
||||||
|
+ return publicArea->nameAlg == TPM_ALG_SHA1 || |
||||||
|
+ ((publicArea->type == TPM_ALG_RSA || publicArea->type == TPM_ALG_ECC) && |
||||||
|
+ publicArea->parameters.asymDetail.scheme.scheme != TPM_ALG_NULL && |
||||||
|
+ publicArea->parameters.asymDetail.scheme.details.anySig.hashAlg == TPM_ALG_SHA1); |
||||||
|
+} |
||||||
|
+ |
||||||
|
+int TSS_CheckSha1_SigScheme(TPMT_SIG_SCHEME *sigScheme) |
||||||
|
+{ |
||||||
|
+ return sigScheme->details.any.hashAlg == TPM_ALG_SHA1; |
||||||
|
+} |
||||||
|
+ |
||||||
|
+int TSS_CheckSha1(COMMAND_PARAMETERS *in, |
||||||
|
+ TPM_CC commandCode) |
||||||
|
+{ |
||||||
|
+ switch (commandCode) |
||||||
|
+ { |
||||||
|
+ case TPM_CC_Certify: |
||||||
|
+ return TSS_CheckSha1_SigScheme(&in->Certify.inScheme); |
||||||
|
+ case TPM_CC_CertifyCreation: |
||||||
|
+ return TSS_CheckSha1_SigScheme(&in->CertifyCreation.inScheme); |
||||||
|
+ case TPM_CC_Create: |
||||||
|
+ return TSS_CheckSha1_PublicArea(&in->Create.inPublic.publicArea); |
||||||
|
+ case TPM_CC_CreateLoaded: |
||||||
|
+ return TSS_CheckSha1_PublicArea(&in->Create.inPublic.publicArea); |
||||||
|
+ case TPM_CC_CreatePrimary: |
||||||
|
+ return TSS_CheckSha1_PublicArea(&in->CreatePrimary.inPublic.publicArea); |
||||||
|
+ case TPM_CC_GetCommandAuditDigest: |
||||||
|
+ return TSS_CheckSha1_SigScheme(&in->GetCommandAuditDigest.inScheme); |
||||||
|
+ case TPM_CC_GetSessionAuditDigest: |
||||||
|
+ return TSS_CheckSha1_SigScheme(&in->GetSessionAuditDigest.inScheme); |
||||||
|
+ case TPM_CC_GetTime: |
||||||
|
+ return TSS_CheckSha1_SigScheme(&in->GetTime.inScheme); |
||||||
|
+ case TPM_CC_Hash: |
||||||
|
+ return in->Hash.hashAlg == TPM_ALG_SHA1; |
||||||
|
+ case TPM_CC_HashSequenceStart: |
||||||
|
+ return in->HashSequenceStart.hashAlg == TPM_ALG_SHA1; |
||||||
|
+ case TPM_CC_HMAC: |
||||||
|
+ return in->HMAC.hashAlg == TPM_ALG_SHA1; |
||||||
|
+ case TPM_CC_HMAC_Start: |
||||||
|
+ return in->HMAC_Start.hashAlg == TPM_ALG_SHA1; |
||||||
|
+ case TPM_CC_Import: |
||||||
|
+ return TSS_CheckSha1_PublicArea(&in->Import.objectPublic.publicArea); |
||||||
|
+ case TPM_CC_LoadExternal: |
||||||
|
+ return TSS_CheckSha1_PublicArea(&in->LoadExternal.inPublic.publicArea); |
||||||
|
+ case TPM_CC_NV_Certify: |
||||||
|
+ return TSS_CheckSha1_SigScheme(&in->NV_Certify.inScheme); |
||||||
|
+ case TPM_CC_NV_DefineSpace: |
||||||
|
+ return in->NV_DefineSpace.publicInfo.nvPublic.nameAlg == TPM_ALG_SHA1; |
||||||
|
+ case TPM_CC_PolicySigned: |
||||||
|
+ return in->PolicySigned.auth.signature.any.hashAlg == TPM_ALG_SHA1; |
||||||
|
+ case TPM_CC_Quote: |
||||||
|
+ return TSS_CheckSha1_SigScheme(&in->Quote.inScheme); |
||||||
|
+ case TPM_CC_RSA_Decrypt: |
||||||
|
+ return TSS_CheckSha1_SigScheme(&in->RSA_Decrypt.inScheme); |
||||||
|
+ case TPM_CC_SetCommandCodeAuditStatus: |
||||||
|
+ return in->SetCommandCodeAuditStatus.auditAlg == TPM_ALG_SHA1; |
||||||
|
+ case TPM_CC_SetPrimaryPolicy: |
||||||
|
+ return in->SetPrimaryPolicy.hashAlg == TPM_ALG_SHA1; |
||||||
|
+ case TPM_CC_Sign: |
||||||
|
+ return TSS_CheckSha1_SigScheme(&in->Sign.inScheme); |
||||||
|
+ case TPM_CC_StartAuthSession: |
||||||
|
+ return in->StartAuthSession.authHash == TPM_ALG_SHA1; |
||||||
|
+ case TPM_CC_VerifySignature: |
||||||
|
+ return in->VerifySignature.signature.signature.any.hashAlg == TPM_ALG_SHA1; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ return 0; |
||||||
|
+} |
||||||
|
|
||||||
|
TPM_RC TSS_Execute20(TSS_CONTEXT *tssContext, |
||||||
|
RESPONSE_PARAMETERS *out, |
||||||
|
@@ -687,11 +757,20 @@ TPM_RC TSS_Execute20(TSS_CONTEXT *tssContext, |
||||||
|
va_list ap) |
||||||
|
{ |
||||||
|
TPM_RC rc = 0; |
||||||
|
- |
||||||
|
+ |
||||||
|
+#ifdef RESTRICTED_HASH_ALG |
||||||
|
+ if (rc == 0) { |
||||||
|
+ if (TSS_CheckSha1(in, commandCode)) { |
||||||
|
+ rc = TPM_RC_HASH; |
||||||
|
+ } |
||||||
|
+ } |
||||||
|
+#endif /* RESTRICTED_HASH_ALG */ |
||||||
|
+ |
||||||
|
/* create a TSS authorization context */ |
||||||
|
if (rc == 0) { |
||||||
|
TSS_InitAuthContext(tssContext->tssAuthContext); |
||||||
|
} |
||||||
|
+ |
||||||
|
/* handle any command specific command pre-processing */ |
||||||
|
if (rc == 0) { |
||||||
|
rc = TSS_Command_PreProcessor(tssContext, |
||||||
|
-- |
||||||
|
2.34.1 |
||||||
|
|
||||||
@ -0,0 +1,111 @@ |
|||||||
|
From d77514273aa88f67b85c398a222ab2195c42f5fd Mon Sep 17 00:00:00 2001 |
||||||
|
From: Ken Goldman <kgold@linux.ibm.com> |
||||||
|
Date: Tue, 31 Aug 2021 13:45:21 -0400 |
||||||
|
Subject: [PATCH 4/7] utils: Clean up certifyx509 memory allocation |
||||||
|
|
||||||
|
Make TPM_ADDTOCERT input const. Annotate malloc and free calls. Free |
||||||
|
TPM_PARTIAL_CERT. Use TPM_ADDTOCERT_free. Remove unused |
||||||
|
x509IssuerName and x509SubjectName and their frees. Free |
||||||
|
TPM_PARTIAL_CERT issuer and subject because createX509Name() mallocs. |
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com> |
||||||
|
--- |
||||||
|
utils/certifyx509.c | 26 +++++++++++++++++--------- |
||||||
|
1 file changed, 17 insertions(+), 9 deletions(-) |
||||||
|
|
||||||
|
diff --git a/utils/certifyx509.c b/utils/certifyx509.c |
||||||
|
index 5602f62..8ac5abd 100644 |
||||||
|
--- a/utils/certifyx509.c |
||||||
|
+++ b/utils/certifyx509.c |
||||||
|
@@ -147,7 +147,7 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *certificate, |
||||||
|
TPM_RC reformCertificate(X509 *x509Certificate, |
||||||
|
TPMI_ALG_HASH halg, |
||||||
|
TPMI_ALG_SIG_SCHEME scheme, |
||||||
|
- TPM_ADDTOCERT *addToCert, |
||||||
|
+ const TPM_ADDTOCERT *addToCert, |
||||||
|
TPMT_SIGNATURE *tSignature); |
||||||
|
TPM_RC addSignatureRsa(X509 *x509Certificate, |
||||||
|
TPMI_ALG_HASH halg, |
||||||
|
@@ -618,7 +618,7 @@ int main(int argc, char *argv[]) |
||||||
|
if (rc == 0) { |
||||||
|
if (verbose) X509_print_fp(stdout, x509Certificate); /* for debug */ |
||||||
|
rc = convertX509ToDer(&x509DerLength, |
||||||
|
- &x509Der, /* freed @2 */ |
||||||
|
+ &x509Der, /* freed @4 */ |
||||||
|
x509Certificate); |
||||||
|
} |
||||||
|
if ((rc == 0) && (outCertificateFilename != NULL)) { |
||||||
|
@@ -628,8 +628,13 @@ int main(int argc, char *argv[]) |
||||||
|
if (x509Certificate != NULL) { |
||||||
|
X509_free(x509Certificate); /* @1 */ |
||||||
|
} |
||||||
|
- free(x509Der); /* @2 */ |
||||||
|
- OPENSSL_free(addToCert); /* @3 */ |
||||||
|
+ if (partialCertificate != NULL) { |
||||||
|
+ TPM_PARTIAL_CERT_free(partialCertificate); /* @2 */ |
||||||
|
+ } |
||||||
|
+ if (addToCert != NULL) { |
||||||
|
+ TPM_ADDTOCERT_free(addToCert); /* @3 */ |
||||||
|
+ } |
||||||
|
+ free(x509Der); /* @4 */ |
||||||
|
return rc; |
||||||
|
} |
||||||
|
|
||||||
|
@@ -683,8 +688,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
||||||
|
int irc; |
||||||
|
ASN1_TIME *arc; /* return code */ |
||||||
|
|
||||||
|
- X509_NAME *x509IssuerName = NULL; /* composite issuer name, key/value pairs */ |
||||||
|
- X509_NAME *x509SubjectName = NULL;/* composite subject name, key/value pairs */ |
||||||
|
size_t issuerEntriesSize = sizeof(issuerEntries)/sizeof(char *); |
||||||
|
size_t subjectEntriesSize = sizeof(subjectEntries)/sizeof(char *); |
||||||
|
uint8_t *tmpPartialDer = NULL; /* for the i2d */ |
||||||
|
@@ -693,6 +696,9 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
||||||
|
if (rc == 0) { |
||||||
|
if (verbose) printf("createPartialCertificate: Adding issuer, size %lu\n", |
||||||
|
(unsigned long)issuerEntriesSize); |
||||||
|
+ /* _new allocates the member. free it because createX509Name() allocates a new structure */ |
||||||
|
+ X509_NAME_free(partialCertificate->issuer); |
||||||
|
+ partialCertificate->issuer = NULL; |
||||||
|
rc = createX509Name(&partialCertificate->issuer, /* freed @1 */ |
||||||
|
issuerEntriesSize, |
||||||
|
issuerEntries); |
||||||
|
@@ -746,6 +752,8 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
||||||
|
if (!subeqiss) { |
||||||
|
if (verbose) printf("createPartialCertificate: Adding subject, size %lu\n", |
||||||
|
(unsigned long)subjectEntriesSize); |
||||||
|
+ X509_NAME_free(partialCertificate->subject); |
||||||
|
+ partialCertificate->subject = NULL; |
||||||
|
rc = createX509Name(&partialCertificate->subject, /* freed @2 */ |
||||||
|
subjectEntriesSize, |
||||||
|
subjectEntries); |
||||||
|
@@ -754,6 +762,8 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
||||||
|
else { |
||||||
|
if (verbose) printf("createPartialCertificate: Adding subject (issuer), size %lu\n", |
||||||
|
(unsigned long)issuerEntriesSize); |
||||||
|
+ X509_NAME_free(partialCertificate->subject); |
||||||
|
+ partialCertificate->subject = NULL; |
||||||
|
rc = createX509Name(&partialCertificate->subject, /* freed @2 */ |
||||||
|
issuerEntriesSize, |
||||||
|
issuerEntries); |
||||||
|
@@ -806,8 +816,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / |
||||||
|
if (verbose) X509_print_fp(stdout, x509Certificate); |
||||||
|
} |
||||||
|
#endif |
||||||
|
- X509_NAME_free(x509IssuerName); /* @1 */ |
||||||
|
- X509_NAME_free(x509SubjectName); /* @2 */ |
||||||
|
OPENSSL_free(tmpPartialDer); /* @3 */ |
||||||
|
return rc; |
||||||
|
} |
||||||
|
@@ -956,7 +964,7 @@ TPM_RC addPartialCertExtensionTpmaOid(TPM_PARTIAL_CERT *partialCertificate, |
||||||
|
TPM_RC reformCertificate(X509 *x509Certificate, |
||||||
|
TPMI_ALG_HASH halg, |
||||||
|
TPMI_ALG_SIG_SCHEME scheme, |
||||||
|
- TPM_ADDTOCERT *addToCert, |
||||||
|
+ const TPM_ADDTOCERT *addToCert, |
||||||
|
TPMT_SIGNATURE *tSignature) |
||||||
|
{ |
||||||
|
TPM_RC rc = 0; |
||||||
|
-- |
||||||
|
2.34.1 |
||||||
|
|
||||||
@ -0,0 +1,91 @@ |
|||||||
|
From bcbc2f0400cfc2f596283e8c528aed4576bfea69 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Ken Goldman <kgold@linux.ibm.com> |
||||||
|
Date: Fri, 3 Sep 2021 14:58:20 -0400 |
||||||
|
Subject: [PATCH 5/7] utils: Fix errors detected by gcc asan |
||||||
|
|
||||||
|
In Uint32_Convert(), case the byte to uint32_t before the left shift |
||||||
|
24 to suppress a warning. |
||||||
|
|
||||||
|
In TSS_EFI_GetNameIndex(), do not compare data if the length does not |
||||||
|
match, because this could cause a buffer overflow. Test should be &&, |
||||||
|
not &. |
||||||
|
|
||||||
|
TSS_Delete should only memset sessionData if the pointer is not NULL. |
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com> |
||||||
|
--- |
||||||
|
utils/efilib.c | 11 +++++++---- |
||||||
|
utils/eventlib.c | 10 +++++----- |
||||||
|
utils/tss.c | 6 ++++-- |
||||||
|
3 files changed, 16 insertions(+), 11 deletions(-) |
||||||
|
|
||||||
|
diff --git a/utils/efilib.c b/utils/efilib.c |
||||||
|
index 201a1f5..ab8177b 100644 |
||||||
|
--- a/utils/efilib.c |
||||||
|
+++ b/utils/efilib.c |
||||||
|
@@ -399,16 +399,19 @@ static void TSS_EFI_GetNameIndex(size_t *index, |
||||||
|
const uint8_t *name, |
||||||
|
uint64_t nameLength) /* half the total bytes in array */ |
||||||
|
{ |
||||||
|
- int m1,m2; |
||||||
|
+ int m1 = 0; |
||||||
|
+ int m2 = 0; |
||||||
|
for (*index = 0 ; |
||||||
|
*index < sizeof(tagTable) / sizeof(TAG_TABLE) ; |
||||||
|
(*index)++) { |
||||||
|
|
||||||
|
/* length match */ |
||||||
|
m1 = (nameLength * 2) == tagTable[*index].nameLength; |
||||||
|
- /* string match */ |
||||||
|
- m2 = memcmp(name, tagTable[*index].name, (size_t)(nameLength * 2)) == 0; |
||||||
|
- if (m1 & m2) { |
||||||
|
+ if (m1) { |
||||||
|
+ /* string match */ |
||||||
|
+ m2 = memcmp(name, tagTable[*index].name, (size_t)(nameLength * 2)) == 0; |
||||||
|
+ } |
||||||
|
+ if (m1 && m2) { |
||||||
|
return; |
||||||
|
} |
||||||
|
} |
||||||
|
diff --git a/utils/eventlib.c b/utils/eventlib.c |
||||||
|
index 0c2801c..c56a22f 100644 |
||||||
|
--- a/utils/eventlib.c |
||||||
|
+++ b/utils/eventlib.c |
||||||
|
@@ -1346,12 +1346,12 @@ static uint32_t Uint32_Convert(uint32_t in) |
||||||
|
{ |
||||||
|
uint32_t out = 0; |
||||||
|
unsigned char *inb = (unsigned char *)∈ |
||||||
|
- |
||||||
|
+ |
||||||
|
/* little endian input */ |
||||||
|
- out = (inb[0] << 0) | |
||||||
|
- (inb[1] << 8) | |
||||||
|
- (inb[2] << 16) | |
||||||
|
- (inb[3] << 24); |
||||||
|
+ out = ((((uint32_t)inb[0]) << 0) | |
||||||
|
+ (((uint32_t)inb[1]) << 8) | |
||||||
|
+ (((uint32_t)inb[2]) << 16) | |
||||||
|
+ (((uint32_t)inb[3]) << 24)); |
||||||
|
return out; |
||||||
|
} |
||||||
|
#endif /* TPM_TSS_NOFILE */ |
||||||
|
diff --git a/utils/tss.c b/utils/tss.c |
||||||
|
index 574c448..6f0eede 100644 |
||||||
|
--- a/utils/tss.c |
||||||
|
+++ b/utils/tss.c |
||||||
|
@@ -179,8 +179,10 @@ TPM_RC TSS_Delete(TSS_CONTEXT *tssContext) |
||||||
|
for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) { |
||||||
|
tssContext->sessions[i].sessionHandle = TPM_RH_NULL; |
||||||
|
/* erase any secrets */ |
||||||
|
- memset(tssContext->sessions[i].sessionData, |
||||||
|
- 0, tssContext->sessions[i].sessionDataLength); |
||||||
|
+ if (tssContext->sessions[i].sessionData != NULL) { |
||||||
|
+ memset(tssContext->sessions[i].sessionData, |
||||||
|
+ 0, tssContext->sessions[i].sessionDataLength); |
||||||
|
+ } |
||||||
|
free(tssContext->sessions[i].sessionData); |
||||||
|
tssContext->sessions[i].sessionData = NULL; |
||||||
|
tssContext->sessions[i].sessionDataLength = 0; |
||||||
|
-- |
||||||
|
2.34.1 |
||||||
|
|
||||||
@ -0,0 +1,103 @@ |
|||||||
|
From 7128994537a7103b25acb1df238db747d7cb3274 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Ken Goldman <kgold@linux.ibm.com> |
||||||
|
Date: Fri, 10 Sep 2021 16:33:10 -0400 |
||||||
|
Subject: [PATCH 6/7] tss: Port HMAC operations to openssl 3.0 |
||||||
|
|
||||||
|
Replace the deprecated APIs. |
||||||
|
|
||||||
|
- Compared to the next branch commit 6e22032d, changes related to HMAC are |
||||||
|
ommited. |
||||||
|
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com> |
||||||
|
--- |
||||||
|
utils/tsscrypto.c | 58 ++++++++++++++++++++++++++++++----------------- |
||||||
|
1 file changed, 37 insertions(+), 21 deletions(-) |
||||||
|
|
||||||
|
diff --git a/utils/tsscrypto.c b/utils/tsscrypto.c |
||||||
|
index 23d3b6e..1974563 100644 |
||||||
|
--- a/utils/tsscrypto.c |
||||||
|
+++ b/utils/tsscrypto.c |
||||||
|
@@ -79,6 +79,7 @@ extern int tssVerbose; |
||||||
|
|
||||||
|
/* local prototypes */ |
||||||
|
|
||||||
|
+static TPM_RC TSS_Hash_GetOsslString(const char **str, TPMI_ALG_HASH hashAlg); |
||||||
|
static TPM_RC TSS_Hash_GetMd(const EVP_MD **md, |
||||||
|
TPMI_ALG_HASH hashAlg); |
||||||
|
|
||||||
|
@@ -129,36 +130,51 @@ TPM_RC TSS_Crypto_Init(void) |
||||||
|
Digests |
||||||
|
*/ |
||||||
|
|
||||||
|
-static TPM_RC TSS_Hash_GetMd(const EVP_MD **md, |
||||||
|
- TPMI_ALG_HASH hashAlg) |
||||||
|
+/* TSS_Hash_GetString() maps from the TCG hash algorithm to the OpenSSL string */ |
||||||
|
+ |
||||||
|
+static TPM_RC TSS_Hash_GetOsslString(const char **str, TPMI_ALG_HASH hashAlg) |
||||||
|
{ |
||||||
|
- TPM_RC rc = 0; |
||||||
|
+ TPM_RC rc = 0; |
||||||
|
|
||||||
|
- if (rc == 0) { |
||||||
|
- switch (hashAlg) { |
||||||
|
+ switch (hashAlg) { |
||||||
|
#ifdef TPM_ALG_SHA1 |
||||||
|
- case TPM_ALG_SHA1: |
||||||
|
- *md = EVP_get_digestbyname("sha1"); |
||||||
|
- break; |
||||||
|
+ case TPM_ALG_SHA1: |
||||||
|
+ *str = "sha1"; |
||||||
|
+ break; |
||||||
|
#endif |
||||||
|
-#ifdef TPM_ALG_SHA256 |
||||||
|
- case TPM_ALG_SHA256: |
||||||
|
- *md = EVP_get_digestbyname("sha256"); |
||||||
|
- break; |
||||||
|
+#ifdef TPM_ALG_SHA256 |
||||||
|
+ case TPM_ALG_SHA256: |
||||||
|
+ *str = "sha256"; |
||||||
|
+ break; |
||||||
|
#endif |
||||||
|
#ifdef TPM_ALG_SHA384 |
||||||
|
- case TPM_ALG_SHA384: |
||||||
|
- *md = EVP_get_digestbyname("sha384"); |
||||||
|
- break; |
||||||
|
+ case TPM_ALG_SHA384: |
||||||
|
+ *str = "sha384"; |
||||||
|
+ break; |
||||||
|
#endif |
||||||
|
#ifdef TPM_ALG_SHA512 |
||||||
|
- case TPM_ALG_SHA512: |
||||||
|
- *md = EVP_get_digestbyname("sha512"); |
||||||
|
- break; |
||||||
|
+ case TPM_ALG_SHA512: |
||||||
|
+ *str = "sha512"; |
||||||
|
+ break; |
||||||
|
#endif |
||||||
|
- default: |
||||||
|
- rc = TSS_RC_BAD_HASH_ALGORITHM; |
||||||
|
- } |
||||||
|
+ default: |
||||||
|
+ *str = NULL; |
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM; |
||||||
|
+ } |
||||||
|
+ return rc; |
||||||
|
+} |
||||||
|
+ |
||||||
|
+static TPM_RC TSS_Hash_GetMd(const EVP_MD **md, |
||||||
|
+ TPMI_ALG_HASH hashAlg) |
||||||
|
+{ |
||||||
|
+ TPM_RC rc = 0; |
||||||
|
+ const char *str = NULL; |
||||||
|
+ |
||||||
|
+ if (rc == 0) { |
||||||
|
+ rc = TSS_Hash_GetOsslString(&str, hashAlg); |
||||||
|
+ } |
||||||
|
+ if (rc == 0) { |
||||||
|
+ *md = EVP_get_digestbyname(str); |
||||||
|
} |
||||||
|
return rc; |
||||||
|
} |
||||||
|
-- |
||||||
|
2.34.1 |
||||||
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,187 @@ |
|||||||
|
# |
||||||
|
# Spec file for IBM's TSS for the TPM 2.0 |
||||||
|
# |
||||||
|
%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro} |
||||||
|
|
||||||
|
%global incname ibmtss |
||||||
|
|
||||||
|
Name: tss2 |
||||||
|
Version: 1.6.0 |
||||||
|
Release: 6%{?dist} |
||||||
|
Epoch: 1 |
||||||
|
Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities |
||||||
|
|
||||||
|
License: BSD |
||||||
|
URL: http://sourceforge.net/projects/ibmtpm20tss/ |
||||||
|
Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz |
||||||
|
Patch0: tss2-1.6.0-manpage-cleanup.patch |
||||||
|
Patch1: 0001-utils-Update-certifyx509-for-Openssl-3.0.0.patch |
||||||
|
Patch2: 0002-utils-Remove-unused-variables-from-certifyx509.patch |
||||||
|
Patch3: 0003-Update-certifyx509-for-Windows.patch |
||||||
|
Patch4: 0004-utils-Clean-up-certifyx509-memory-allocation.patch |
||||||
|
Patch5: 0005-utils-Fix-errors-detected-by-gcc-asan.patch |
||||||
|
Patch6: 0006-tss-Port-HMAC-operations-to-openssl-3.0.patch |
||||||
|
Patch7: 0007-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch |
||||||
|
Patch8: 0001-utils-Generate-X509-certificate-serial-number-using-.patch |
||||||
|
Patch9: 0002-Update-SHA-1-to-SHA-256-in-tests-without-restricting.patch |
||||||
|
Patch10: 0003-Restrict-the-usage-of-SHA-1-in-code-examples.patch |
||||||
|
Patch11: 0004-Restrict-SHA-1-in-TSS.patch |
||||||
|
|
||||||
|
|
||||||
|
BuildRequires: automake |
||||||
|
BuildRequires: autoconf |
||||||
|
BuildRequires: libtool |
||||||
|
BuildRequires: gcc |
||||||
|
BuildRequires: openssl-devel |
||||||
|
BuildRequires: git |
||||||
|
Requires: openssl |
||||||
|
|
||||||
|
%description |
||||||
|
TSS2 is a user space Trusted Computing Group's Software Stack (TSS) for |
||||||
|
TPM 2.0. It implements the functionality equivalent to the TCG TSS |
||||||
|
working group's ESAPI, SAPI, and TCTI layers (and perhaps more) but with |
||||||
|
a hopefully far simpler interface. |
||||||
|
|
||||||
|
It comes with about 80 "TPM tools" that can be used for rapid prototyping, |
||||||
|
education and debugging. |
||||||
|
|
||||||
|
%package devel |
||||||
|
Summary: Development libraries and headers for IBM's TSS 2.0 |
||||||
|
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} |
||||||
|
|
||||||
|
%description devel |
||||||
|
Development libraries and headers for IBM's TSS 2.0. You will need this in |
||||||
|
order to build TSS 2.0 applications. |
||||||
|
|
||||||
|
%prep |
||||||
|
%autosetup -S git -p1 -c %{name}-%{version} |
||||||
|
|
||||||
|
%build |
||||||
|
autoreconf -vi |
||||||
|
%configure --disable-static --disable-tpm-1.2 --program-prefix=tss --enable-restricted-hash-alg |
||||||
|
CCFLAGS="%{optflags}" \ |
||||||
|
LNFLAGS="%{__global_ldflags}" \ |
||||||
|
%{make_build} |
||||||
|
|
||||||
|
%install |
||||||
|
%make_install |
||||||
|
find %{buildroot} -type f -name "*.la" -delete -print |
||||||
|
|
||||||
|
%ldconfig_scriptlets |
||||||
|
|
||||||
|
%files |
||||||
|
%license LICENSE |
||||||
|
%{_bindir}/tss* |
||||||
|
%{_libdir}/libibmtss.so.* |
||||||
|
%{_libdir}/libibmtssutils.so.* |
||||||
|
%attr(0644, root, root) %{_mandir}/man1/tss*.1* |
||||||
|
|
||||||
|
%files devel |
||||||
|
%{_includedir}/%{incname} |
||||||
|
%{_libdir}/libibmtss.so |
||||||
|
%{_libdir}/libibmtssutils.so |
||||||
|
%doc ibmtss.doc |
||||||
|
|
||||||
|
%changelog |
||||||
|
* Thu Feb 24 2022 Stepan Horacek <shoracek@redhat.com> - 1:1.6.0-6 |
||||||
|
- Restrict SHA-1 usage |
||||||
|
Resolves: rhbz#1935450 |
||||||
|
|
||||||
|
* Fri Jan 28 2022 Stepan Horacek <shoracek@redhat.com> - 1:1.6.0-5 |
||||||
|
- Fix failures introduced with OpenSSL 3 |
||||||
|
Resolves: rhbz#1984621 |
||||||
|
Resolves: rhbz#1992339 |
||||||
|
|
||||||
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.6.0-4 |
||||||
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags |
||||||
|
Related: rhbz#1991688 |
||||||
|
|
||||||
|
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.6.0-3 |
||||||
|
- Rebuilt for RHEL 9 BETA for openssl 3.0 |
||||||
|
Related: rhbz#1971065 |
||||||
|
|
||||||
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.6.0-2 |
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 |
||||||
|
|
||||||
|
* Mon Feb 8 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 1.6.0-1 |
||||||
|
- Rebase to v1.6.0 release. |
||||||
|
- Manpage cleanup. |
||||||
|
|
||||||
|
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1331-7 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1331-6 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Feb 14 2020 Tom Stellard <tstellar@redhat.com> - 1331-5 |
||||||
|
- Use make_build macro |
||||||
|
- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make |
||||||
|
|
||||||
|
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1331-4 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Jan 17 2020 Jeff Law <law@redhat.com> - 1331-3 |
||||||
|
- Ensure tssprintcmd has the compilation compilation flags, |
||||||
|
PIC in particular |
||||||
|
|
||||||
|
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1331-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild |
||||||
|
|
||||||
|
* Thu May 30 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-1 |
||||||
|
- Rebase to version 1331 |
||||||
|
|
||||||
|
* Tue May 28 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-4 |
||||||
|
- Fix covscan issues |
||||||
|
- Fix compile and linker flag issues |
||||||
|
|
||||||
|
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1234-3 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild |
||||||
|
|
||||||
|
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1234-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Jun 18 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 1234-1 |
||||||
|
- Version bump. |
||||||
|
|
||||||
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1027-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Jan 19 2018 Merlin Mathesius <mmathesi@redhat.com> - 1027-1 |
||||||
|
- Version bump. Now supported for all architectures. |
||||||
|
- Generate man pages since they are no longer included in source archive. |
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 713-10 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild |
||||||
|
|
||||||
|
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 713-9 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild |
||||||
|
|
||||||
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 713-8 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Oct 05 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-7 |
||||||
|
- Removed defattr from the devel subpackage |
||||||
|
|
||||||
|
* Mon Sep 26 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-6 |
||||||
|
- Added s390x arch as another "ExcludeArch" |
||||||
|
|
||||||
|
* Mon Sep 26 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-5 |
||||||
|
- Replaced ExclusiveArch with ExcludeArch |
||||||
|
|
||||||
|
* Mon Sep 19 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-4 |
||||||
|
- Used ExclusiveArch instead of BuildArch tag |
||||||
|
- Removed attr from symlink in devel subpackage |
||||||
|
- Added manpages and modified the Source0 |
||||||
|
- Added CCFLAGS and LNFLAGS to enforce hardening and optimization |
||||||
|
|
||||||
|
* Wed Aug 17 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-3 |
||||||
|
- Modified supported arch to ppc64le |
||||||
|
|
||||||
|
* Sat Aug 13 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-2 |
||||||
|
- Minor spec fixes |
||||||
|
|
||||||
|
* Tue Aug 09 2016 Hon Ching(Vicky) Lo <lo1@us.ibm.com> - 713-1 |
||||||
|
- Updated for initial submission |
||||||
|
|
||||||
|
* Fri Mar 20 2015 George Wilson <gcwilson@us.ibm.com> |
||||||
|
- Initial implementation |
||||||
Loading…
Reference in new issue