[gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Aug 9 10:43:15 CEST 2019
David Woodhouse commented:
There is some confusion around the allocation of the `tpm2_info_st`. You allocate two, fill one, free the good one. This makes it work for TLSv1.2 for me:
```
diff --git a/lib/tpm2.c b/lib/tpm2.c
index f16374e292..09c0072bb9 100644
--- a/lib/tpm2.c
+++ b/lib/tpm2.c
@@ -251,7 +251,7 @@ int _gnutls_load_tpm2_key(gnutls_privkey_t pkey, const gnutls_datum_t *fdata)
out_tpmkey:
asn1_delete_structure(&tpmkey);
- release_tpm2_ctx(info);
+// release_tpm2_ctx(info);
out_asn1:
free(asn1.data);
return ret;
diff --git a/lib/tpm2_esys.c b/lib/tpm2_esys.c
index 26a927def3..7046518371 100644
--- a/lib/tpm2_esys.c
+++ b/lib/tpm2_esys.c
@@ -284,7 +284,7 @@ static int init_tpm2_key(ESYS_CONTEXT **ctx, ESYS_TR *keyHandle,
gnutls_assert();
goto error;
}
- } else {
+ } else { printf("PArent %x at %p not generated?\n", info->parent, info);
r = Esys_TR_FromTPMPublic(*ctx, info->parent,
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, &parentHandle);
if (r) {
@@ -534,12 +534,14 @@ int install_tpm2_key(struct tpm2_info_st *info, gnutls_privkey_t pkey,
return GNUTLS_E_TPM_ERROR;
}
+#if 0
info = calloc(1, sizeof(*info));
if (!info)
return GNUTLS_E_MEMORY_ERROR;
+#endif
info->parent = parent;
-
+ printf("parent %x in info at %p\n", info->parent, info);
r = Tss2_MU_TPM2B_PRIVATE_Unmarshal(privdata->data, privdata->size, NULL,
&info->priv);
if (r) {
```
TLSv1.3 gives me:
`|<1>| The hash size used in signature (20) is less than the expected (32)`
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_201929152
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190809/caffa67c/attachment.html>
More information about the Gnutls-devel
mailing list