Make the #define RADIX_BITS dependent on #defines set by the
OpenSSL library: THIRTY_TWO_BIT and SIXTY_FOUR_BIT_LONG
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The Travis build of swtpm now has a problem due to missing ltmain.sh. Add
AC_CONFIG_AUX_DIR to configure.ac to resolve the issue.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
clang complains:
tpm12/tpm_init.c:666:9: error: variable 'tag' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
if (rc == 0) {
^~~~~~~
tpm12/tpm_init.c:746:9: note: uninitialized use occurs here
if (tag == TPM_TAG_STCLEAR_DATA) {
^~~
tpm12/tpm_init.c:666:5: note: remove the 'if' if its condition is always true
if (rc == 0) {
^~~~~~~~~~~~~
tpm12/tpm_init.c:662:28: note: initialize the variable 'tag' to silence this warning
TPM_STRUCTURE_TAG tag;
^
= 0
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
The permanent state has to be loaded before the volatile or save state blobs
can be tested since they are connected to the permanenent state.
We implement TPM_PermanentAll_NVLoad_Preserve that makes a copy of any
cached permanent state blobs before we load the permanent state via
TPM_PermanentAll_NVLoad, which would consume and free any cached state blob,
if there was one (would fall back to reading from file otherwise). We then
set the copy of any cached permanent state blob back so that it can be used
when the TPM 1.2 start.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Clear all the cached states blobs set using TPMLIB_SetState if one
of them cannot be accepted.
Signed-off-by: Stfean Berger <stefanb@linux.vnet.ibm.com>
Expose the two new API calls TPMLIB_GetState() and TPMLIB_SetState().
Fix one parameter in the TPMLIB_GetState() call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The permanent state has to be loaded before either the volatile
or the save state can be validated.
Also fix another bug that was testing for whether there was no
cached state. It should test whether there is a cached state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If the permanent state was set using SetState() write the permanent
state once we successfully read the volatile state and can use it.
This way we have the state in a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Modify TPM_NVRAM_LoadData() to try to get the cached state blob before trying
to read the state blob from the file. We clear the state blob as part of
passing it to the TPM.
A side effect is now that if TPMLIB_ValidateState is called on a blob that
this call would not remove the cached blob. So we have to save a copy before
reading (and parsing) the state blob so we still have it when TPM_MainInit()
is called.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch adds APIs for getting and setting all types of state
blobs. We cache these blobs and allow them to be picked up when
the TPM starts. It will get any of these state blobs, if they
were set, before we go out and try to read the state blob from
a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The EK certificates need information about the TPM specification that was
implemented. The best place to get the information from seems the TPM itself.
So we implement a function TPMLIB_GetInfo() to allow to query for the TPM
specification information and possibly other information in the future.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The logic for invoking the validation of the TPM 1.2 state was
broken. The validation of volatile and save state state requires
that the permanent state is available, so we always load it
first.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPMLIB_ValidateState(), which is supposed to be used
for checking usability of state blobs before TPMLIB_MainInit()
is called or TPM_Startup has been sent to the TPM.
This function is useful to be called once TPM state blobs
have been migrated to a destination and we need to check
whether libtpms can use these state blobs and if not
we have a chance to fall back to the migration source host.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the previous support of a fixed buffer size to work
with a minimum of 3k and a maximum of 4k.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Also allow to get the minimum and maximum supported buffer size
with the TPMLIB_SetBufferSize() call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPMLIB_SetBufferSize() for setting the size of the I/O buffer
that the TPM may advertise. For TPM 1.2 the size remains fixed since the
TIS interface can handle the current 4096 bytes.
This function will be important for TPM 2 with a CRB interface that cannot
handle 4096 bytes.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
When checking for missing symbols we need to add -lc to the libraries
passed to gcc otherwise we always see lots of missing symbols even if
there aren't any.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
LibreSSL on OpenBSD seems to not support the new API of OpenSSL 1.1.
So create a new #define OPENSSL_OLD_API that is set if the old API
is to be used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Integrate the Travis CI automated build & test with Coverity Scan.
Automatically submit a Coverity Scan if we push to the coverity_scan
branch.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Ignore *.log and *.trs files from the test suite.
Ignore compile and the 'missing' file.
Remove the depcomp file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
