diff options
author | Mantas Mikulėnas | 2021-01-24 18:45:46 +0200 |
---|---|---|
committer | Mantas Mikulėnas | 2021-01-24 18:45:46 +0200 |
commit | e01ea4d3c17d8d2877f4f19ba7fc4110812c9dce (patch) | |
tree | 50d4bd64c250dea4e4a4b1d8d068a8757f002de9 /0001-try-well-known-authority-for-SRK-first.patch | |
parent | 60be0072bb3c1a8a9d7286e2fea6c9bfe2cfebe9 (diff) | |
download | aur-openssl-tpm-engine.tar.gz |
import patches from James Bottomley's fork
Diffstat (limited to '0001-try-well-known-authority-for-SRK-first.patch')
-rw-r--r-- | 0001-try-well-known-authority-for-SRK-first.patch | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/0001-try-well-known-authority-for-SRK-first.patch b/0001-try-well-known-authority-for-SRK-first.patch new file mode 100644 index 000000000000..95ecf4257427 --- /dev/null +++ b/0001-try-well-known-authority-for-SRK-first.patch @@ -0,0 +1,107 @@ +From 2d55917522a1a1e1a5159462a78d38334555ece0 Mon Sep 17 00:00:00 2001 +From: James Bottomley <James.Bottomley@HansenPartnership.com> +Date: Tue, 8 Nov 2016 08:27:33 -0800 +Subject: [PATCH 1/4] try well known authority for SRK first + +There's no way to give the well known authority via the password prompt, so +try it first. If that succeeds, we have the key authority and if not, we can +prompt for a password. + +This allows the engine and create_tpm_key to work on systems where the SRK has +the well known authority value. + +Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com> +--- + src/create_tpm_key.c | 28 ++++++++++++++++++++-------- + src/e_tpm.c | 9 +++++++++ + 2 files changed, 29 insertions(+), 8 deletions(-) + +diff --git a/src/create_tpm_key.c b/src/create_tpm_key.c +index a73d549..1f959c8 100644 +--- a/src/create_tpm_key.c ++++ b/src/create_tpm_key.c +@@ -83,6 +83,7 @@ usage(char *argv0) + } + + TSS_UUID SRK_UUID = TSS_UUID_SRK; ++static BYTE well_known[] = TSS_WELL_KNOWN_SECRET; + + void + openssl_print_errors() +@@ -299,20 +300,29 @@ int main(int argc, char **argv) + } + + if (srk_authusage) { +- char *authdata = calloc(1, 128); +- +- if (!authdata) { +- fprintf(stderr, "malloc failed.\n"); +- Tspi_Context_Close(hContext); +- exit(result); +- } ++ char *authdata; + + if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, + &srkUsagePolicy))) { + print_error("Tspi_GetPolicyObject", result); + Tspi_Context_CloseObject(hContext, hKey); + Tspi_Context_Close(hContext); +- free(authdata); ++ exit(result); ++ } ++ ++ /* first try the well known secret */ ++ if (Tspi_Policy_SetSecret(srkUsagePolicy, ++ TSS_SECRET_MODE_SHA1, ++ sizeof(well_known), ++ well_known) ++ == TSS_SUCCESS) ++ goto found_secret; ++ ++ authdata = calloc(1, 128); ++ ++ if (!authdata) { ++ fprintf(stderr, "malloc failed.\n"); ++ Tspi_Context_Close(hContext); + exit(result); + } + +@@ -335,6 +345,8 @@ int main(int argc, char **argv) + } + + free(authdata); ++ found_secret: ++ ; + } + + if (auth) { +diff --git a/src/e_tpm.c b/src/e_tpm.c +index f671771..9f6b0c6 100644 +--- a/src/e_tpm.c ++++ b/src/e_tpm.c +@@ -111,6 +111,7 @@ static TSS_HKEY hSRK = NULL_HKEY; + static TSS_HPOLICY hSRKPolicy = NULL_HPOLICY; + static TSS_HTPM hTPM = NULL_HTPM; + static TSS_UUID SRK_UUID = TSS_UUID_SRK; ++static BYTE well_known[] = TSS_WELL_KNOWN_SECRET; + static UINT32 secret_mode = TSS_SECRET_MODE_PLAIN; + + /* varibles used to get/set CRYPTO_EX_DATA values */ +@@ -313,6 +314,14 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) + return 0; + } + ++ /* first try the well known secret */ ++ if (Tspi_Policy_SetSecret(hSRKPolicy, ++ TSS_SECRET_MODE_SHA1, ++ sizeof(well_known), ++ well_known) ++ == TSS_SUCCESS) ++ return 1; ++ + if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ", + cb_data)) { + Tspi_Context_CloseObject(hContext, hSRK); +-- +2.30.0 + |