fuzz: Support build with -fsanitize=fuzzer instead of libFuzzer.a master
authorTobias Brunner <tobias@strongswan.org>
Wed, 17 Jul 2019 09:16:19 +0000 (11:16 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 17 Jul 2019 09:44:27 +0000 (11:44 +0200)
Recent clang versions (6.0+) include libFuzzer and OSS-Fuzz switched to
that mode a while ago.

15 files changed:
configure.ac
fuzz/Makefile.am
scripts/test.sh
src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c
src/libstrongswan/plugins/botan/botan_ec_private_key.c
src/libstrongswan/plugins/botan/botan_rsa_private_key.c
src/libstrongswan/plugins/botan/botan_rsa_public_key.c
src/libstrongswan/plugins/botan/botan_x25519.c
src/libstrongswan/tests/suites/test_rsa.c
src/libstrongswan/utils/leak_detective.c
src/libtpmtss/tpm_tss_tss2_v1.c
src/libtpmtss/tpm_tss_tss2_v2.c
testing/scripts/recipes/011_botan.mk
testing/testing.conf

index ffc17da..5dc1ae2 100644 (file)
@@ -19,7 +19,7 @@
 #  initialize & set some vars
 # ============================
 
-AC_INIT([strongSwan],[5.8.0])
+AC_INIT([strongSwan],[5.8.1dr1])
 AM_INIT_AUTOMAKE(m4_esyscmd([
        echo tar-ustar
        echo subdir-objects
@@ -63,7 +63,7 @@ ARG_WITH_SUBST([routing-table],      [220], [set routing table to use for IPsec
 ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])
 ARG_WITH_SUBST([ipsec-script],       [ipsec], [change the name of the ipsec script])
 ARG_WITH_SUBST([fips-mode],          [0], [set openssl FIPS mode: disabled(0), enabled(1), Suite B enabled(2)])
-ARG_WITH_SUBST([libfuzzer],          [], [path to libFuzzer.a])
+ARG_WITH_SUBST([libfuzzer],          [], [-fsanitize=fuzzer or path to libFuzzer.a, a local driver is used if not specified])
 ARG_WITH_SET([capabilities],         [no], [set capability dropping library. Currently supported values are "libcap" and "native"])
 ARG_WITH_SET([mpz_powm_sec],         [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
 ARG_WITH_SET([dev-headers],          [no], [install strongSwan development headers to directory.])
@@ -1294,18 +1294,26 @@ if test x$coverage = xtrue; then
 fi
 
 if test x$fuzzing = xtrue; then
-       if test x$libfuzzer = x; then
+       case "$libfuzzer" in
+       "")
                AC_MSG_NOTICE([fuzz targets enabled without libFuzzer, using local driver])
                CFLAGS="${CFLAGS} -fsanitize=address"
                libfuzzer="libFuzzerLocal.a"
-       else
+               ;;
+       "-fsanitize=fuzzer")
+               libfuzzer=""
+               FUZZING_CFLAGS="-fsanitize=fuzzer"
+               AC_SUBST(FUZZING_CFLAGS)
+               ;;
+       *)
                # required for libFuzzer
                FUZZING_LDFLAGS="-stdlib=libc++ -lstdc++"
                if test "$SANITIZER" = "coverage"; then
                        FUZZING_LDFLAGS="$FUZZING_LDFLAGS -lm"
                fi
                AC_SUBST(FUZZING_LDFLAGS)
-       fi
+               ;;
+       esac
 fi
 
 if test x$ruby_gems = xtrue; then
index df228d3..de0a260 100644 (file)
@@ -1,4 +1,5 @@
 AM_CPPFLAGS = @CPPFLAGS@ \
+       @FUZZING_CFLAGS@ \
        -I$(top_srcdir)/src/libstrongswan \
        -I$(top_srcdir)/src/libimcv \
        -I$(top_srcdir)/src/libtncif \
index 78b3feb..9271bb0 100755 (executable)
@@ -4,7 +4,7 @@
 build_botan()
 {
        # same revision used in the build recipe of the testing environment
-       BOTAN_REV=2.10.0
+       BOTAN_REV=2.11.0
        BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan
 
        if test -d "$BOTAN_DIR"; then
index 05cb599..f37d992 100644 (file)
@@ -829,7 +829,7 @@ static job_requeue_t initiate(private_android_service_t *this)
        if (!gateway || gateway->get_type(gateway) == ID_ANY)
        {
                DESTROY_IF(gateway);
-               gateway = identification_create_from_string(server);
+               gateway = identification_create_from_string(ike.remote);
                /* only use this if remote ID was not configured explicitly */
                auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
        }
index ed28b46..50234b2 100644 (file)
@@ -211,7 +211,7 @@ botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create(
                return NULL;
        }
 
-       if (botan_privkey_create_ecdh(&this->key, rng, this->curve_name))
+       if (botan_privkey_create(&this->key, "ECDH", this->curve_name, rng))
        {
                DBG1(DBG_LIB, "ECDH private key generation failed");
                botan_rng_destroy(rng);
index f8dbb66..d9469e9 100644 (file)
@@ -336,7 +336,7 @@ botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args)
 
        this = create_empty(oid);
 
-       if (botan_privkey_create_ecdsa(&this->key, rng, curve))
+       if (botan_privkey_create(&this->key, "ECDSA", curve, rng))
        {
                DBG1(DBG_LIB, "EC private key generation failed");
                botan_rng_destroy(rng);
index 02820b2..06a9345 100644 (file)
@@ -225,7 +225,7 @@ METHOD(private_key_t, get_keysize, int,
                return 0;
        }
 
-       if (botan_privkey_rsa_get_n(n, this->key) ||
+       if (botan_privkey_get_field(n, this->key, "n") ||
                botan_mp_num_bits(n, &bits))
        {
                botan_mp_destroy(n);
@@ -346,6 +346,7 @@ botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type,
 {
        private_botan_rsa_private_key_t *this;
        botan_rng_t rng;
+       char buf[BUF_LEN];
        u_int key_size = 0;
 
        while (TRUE)
@@ -375,7 +376,9 @@ botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type,
 
        this = create_empty();
 
-       if (botan_privkey_create_rsa(&this->key, rng, key_size))
+       snprintf(buf, sizeof(buf), "%u", key_size);
+
+       if (botan_privkey_create(&this->key, "RSA", buf, rng))
        {
                botan_rng_destroy(rng);
                free(this);
@@ -412,7 +415,7 @@ static bool calculate_pq(botan_mp_t *n, botan_mp_t *e, botan_mp_t *d,
        }
 
        /* k must be even */
-       if (!botan_mp_is_even(k))
+       if (botan_mp_get_bit(k, 0) != 0)
        {
                goto error;
        }
@@ -424,7 +427,7 @@ static bool calculate_pq(botan_mp_t *n, botan_mp_t *e, botan_mp_t *d,
                goto error;
        }
 
-       for (t = 0; !botan_mp_is_odd(r); t++)
+       for (t = 0; botan_mp_get_bit(r, 0) != 1; t++)
        {
                if (botan_mp_rshift(r, r, 1))
                {
index 244caa5..af573b7 100644 (file)
@@ -215,7 +215,7 @@ METHOD(public_key_t, get_keysize, int,
                return 0;
        }
 
-       if (botan_pubkey_rsa_get_n(n, this->key) ||
+       if (botan_pubkey_get_field(n, this->key, "n") ||
                botan_mp_num_bits(n, &bits))
        {
                botan_mp_destroy(n);
index 519f29f..8863f3f 100644 (file)
@@ -161,7 +161,7 @@ diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group)
                return NULL;
        }
 
-       if (botan_privkey_create_ecdh(&this->key, rng, "curve25519"))
+       if (botan_privkey_create(&this->key, "Curve25519", "", rng))
        {
                DBG1(DBG_LIB, "x25519 private key generation failed");
                botan_rng_destroy(rng);
index c90196f..db6a09d 100644 (file)
@@ -157,8 +157,10 @@ START_TEST(test_gen)
        privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
                                                                 BUILD_KEY_SIZE, key_sizes[_i], BUILD_END);
        ck_assert(privkey != NULL);
+       ck_assert_int_eq(key_sizes[_i], privkey->get_keysize(privkey));
        pubkey = privkey->get_public_key(privkey);
        ck_assert(pubkey != NULL);
+       ck_assert_int_eq(key_sizes[_i], pubkey->get_keysize(pubkey));
 
        test_good_sig(privkey, pubkey);
 
index 63b7453..d4ebfea 100644 (file)
@@ -626,8 +626,7 @@ static char *whitelist[] = {
        "TNC_IMV_NotifyConnectionChange",
        /* Botan */
        "botan_public_key_load",
-       "botan_privkey_create_ecdsa",
-       "botan_privkey_create_ecdh",
+       "botan_privkey_create",
        "botan_privkey_load_ecdh",
        "botan_privkey_load",
 };
index 1c214af..0335fab 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2018 Tobias Brunner
- * Copyright (C) 2016-2018 Andreas Steffen
+ * Copyright (C) 2016-2019 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -22,6 +22,7 @@
 #include <asn1/asn1.h>
 #include <asn1/oid.h>
 #include <bio/bio_reader.h>
+#include <threading/mutex.h>
 
 #include <tpm20.h>
 
@@ -75,6 +76,11 @@ struct private_tpm_tss_tss2_t {
         */
        bool fips_186_4;
 
+       /**
+        * Mutex controlling access to the TPM 2.0 context
+        */
+       mutex_t *mutex;
+
 };
 
 /**
@@ -168,8 +174,10 @@ static bool get_algs_capability(private_tpm_tss_tss2_t *this)
        int written;
 
        /* get fixed properties */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_TPM_PROPERTIES,
                                                PT_FIXED, MAX_TPM_PROPERTIES, &more_data, &cap_data, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s GetCapability failed for TPM_CAP_TPM_PROPERTIES: 0x%06x",
@@ -222,8 +230,10 @@ static bool get_algs_capability(private_tpm_tss_tss2_t *this)
                 fips_140_2 ? "FIPS 140-2" : (this->fips_186_4 ? "FIPS 186-4" : ""));
 
        /* get supported algorithms */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_ALGS,
                                                0, TPM_PT_ALGORITHM_SET, &more_data, &cap_data, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s GetCapability failed for TPM_CAP_ALGS: 0x%06x",
@@ -251,8 +261,10 @@ static bool get_algs_capability(private_tpm_tss_tss2_t *this)
        DBG2(DBG_PTS, "%s algorithms:%s", LABEL, buf);
 
        /* get supported ECC curves */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_ECC_CURVES,
                                                0, TPM_PT_LOADED_CURVES, &more_data, &cap_data, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s GetCapability failed for TPM_ECC_CURVES: 0x%06x",
@@ -440,8 +452,10 @@ bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle,
        sessions_data.rspAuthsCount = 1;
 
        /* read public key for a given object handle from TPM 2.0 NVRAM */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_ReadPublic(this->sys_context, handle, 0, public, &name,
                                                           &qualified_name, &sessions_data);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s could not read public key from handle 0x%08x: 0x%06x",
@@ -704,8 +718,10 @@ METHOD(tpm_tss_t, read_pcr, bool,
        memset(&pcr_values, 0, sizeof(TPML_DIGEST));
 
        /* read the PCR value */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_PCR_Read(this->sys_context, 0, &pcr_selection,
                                &pcr_update_counter, &pcr_selection, &pcr_values, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s PCR bank could not be read: 0x%60x",
@@ -800,8 +816,10 @@ METHOD(tpm_tss_t, extend_pcr, bool,
        }
 
        /* extend PCR */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_PCR_Extend(this->sys_context, pcr_num, &sessions_data_cmd,
                                                           &digest_values, &sessions_data_rsp);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s PCR %02u could not be extended: 0x%06x",
@@ -866,9 +884,11 @@ METHOD(tpm_tss_t, quote, bool,
                return FALSE;
        }
 
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_Quote(this->sys_context, aik_handle, &sessions_data_cmd,
                                                  &qualifying_data, &scheme, &pcr_selection,  &quoted,
                                                  &sig, &sessions_data_rsp);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM_RC_SUCCESS)
        {
                DBG1(DBG_PTS,"%s Tss2_Sys_Quote failed: 0x%06x", LABEL, rval);
@@ -1047,8 +1067,10 @@ METHOD(tpm_tss_t, sign, bool,
                memcpy(buffer.t.buffer, data.ptr, data.len);
                buffer.t.size = data.len;
 
+               this->mutex->lock(this->mutex);
                rval = Tss2_Sys_Hash(this->sys_context, 0, &buffer, alg_id, hierarchy,
                                                         &hash, &validation, 0);
+               this->mutex->unlock(this->mutex);
                if (rval != TPM_RC_SUCCESS)
                {
                        DBG1(DBG_PTS,"%s Tss2_Sys_Hash failed: 0x%06x", LABEL, rval);
@@ -1061,12 +1083,14 @@ METHOD(tpm_tss_t, sign, bool,
            TPM2B_AUTH null_auth;
 
                null_auth.t.size = 0;
+               this->mutex->lock(this->mutex);
                rval = Tss2_Sys_HashSequenceStart(this->sys_context, 0, &null_auth,
                                                                                  alg_id, &sequence_handle, 0);
                if (rval != TPM_RC_SUCCESS)
                {
                        DBG1(DBG_PTS,"%s Tss2_Sys_HashSequenceStart failed: 0x%06x",
                                 LABEL, rval);
+                       this->mutex->unlock(this->mutex);
                        return FALSE;
                }
 
@@ -1083,6 +1107,7 @@ METHOD(tpm_tss_t, sign, bool,
                        {
                                DBG1(DBG_PTS,"%s Tss2_Sys_SequenceUpdate failed: 0x%06x",
                                         LABEL, rval);
+                               this->mutex->unlock(this->mutex);
                                return FALSE;
                        }
                }
@@ -1091,6 +1116,7 @@ METHOD(tpm_tss_t, sign, bool,
                rval = Tss2_Sys_SequenceComplete(this->sys_context, sequence_handle,
                                                                                 &sessions_data_cmd, &buffer, hierarchy,
                                                                                 &hash, &validation, 0);
+               this->mutex->unlock(this->mutex);
                if (rval != TPM_RC_SUCCESS)
                {
                        DBG1(DBG_PTS,"%s Tss2_Sys_SequenceComplete failed: 0x%06x",
@@ -1099,8 +1125,10 @@ METHOD(tpm_tss_t, sign, bool,
                }
        }
 
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_Sign(this->sys_context, handle, &sessions_data_cmd, &hash,
                                                 &sig_scheme, &validation, &sig, &sessions_data_rsp);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM_RC_SUCCESS)
        {
                DBG1(DBG_PTS,"%s Tss2_Sys_Sign failed: 0x%06x", LABEL, rval);
@@ -1170,7 +1198,9 @@ METHOD(tpm_tss_t, get_random, bool,
        {
                len = min(bytes, random_len);
 
+               this->mutex->lock(this->mutex);
                rval = Tss2_Sys_GetRandom(this->sys_context, NULL, len, &random, NULL);
+               this->mutex->unlock(this->mutex);
                if (rval != TSS2_RC_SUCCESS)
                {
                        DBG1(DBG_PTS,"%s Tss2_Sys_GetRandom failed: 0x%06x", LABEL, rval);
@@ -1204,8 +1234,10 @@ METHOD(tpm_tss_t, get_data, bool,
        TPMS_AUTH_RESPONSE *session_data_rsp_array[1];
 
        /* query maximum TPM data transmission size */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_TPM_PROPERTIES,
                                TPM_PT_NV_BUFFER_MAX, 1, &more_data, &cap_data, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM_RC_SUCCESS)
        {
                DBG1(DBG_PTS,"%s Tss2_Sys_GetCapability failed for "
@@ -1216,8 +1248,10 @@ METHOD(tpm_tss_t, get_data, bool,
                                                MAX_NV_BUFFER_SIZE);
 
        /* get size of NV object */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_NV_ReadPublic(this->sys_context, handle, 0, &nv_public,
                                                                                                                                &nv_name, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM_RC_SUCCESS)
        {
                DBG1(DBG_PTS,"%s Tss2_Sys_NV_ReadPublic failed: 0x%06x", LABEL, rval);
@@ -1252,10 +1286,11 @@ METHOD(tpm_tss_t, get_data, bool,
        /* read NV data a maximum data size block at a time */
        while (nv_size > 0)
        {
+               this->mutex->lock(this->mutex);
                rval = Tss2_Sys_NV_Read(this->sys_context, hierarchy, handle,
                                        &sessions_data_cmd, min(nv_size, max_data_size),
                                        nv_offset, &nv_data, &sessions_data_rsp);
-
+               this->mutex->unlock(this->mutex);
                if (rval != TPM_RC_SUCCESS)
                {
                        DBG1(DBG_PTS,"%s Tss2_Sys_NV_Read failed: 0x%06x", LABEL, rval);
@@ -1274,6 +1309,7 @@ METHOD(tpm_tss_t, destroy, void,
        private_tpm_tss_tss2_t *this)
 {
        finalize_context(this);
+       this->mutex->destroy(this->mutex);
        free(this);
 }
 
@@ -1300,6 +1336,7 @@ tpm_tss_t *tpm_tss_tss2_create()
                        .get_data = _get_data,
                        .destroy = _destroy,
                },
+               .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
        );
 
        available = initialize_tcti_tabrmd_context(this);
index cac0dd6..e527443 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2018 Tobias Brunner
- * Copyright (C) 2018 Andreas Steffen
+ * Copyright (C) 2018-2019 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -22,6 +22,7 @@
 #include <asn1/asn1.h>
 #include <asn1/oid.h>
 #include <bio/bio_reader.h>
+#include <threading/mutex.h>
 
 #include <tss2/tss2_sys.h>
 
@@ -71,6 +72,11 @@ struct private_tpm_tss_tss2_t {
         */
        bool fips_186_4;
 
+       /**
+        * Mutex controlling access to the TPM 2.0 context
+        */
+       mutex_t *mutex;
+
 };
 
 /**
@@ -167,9 +173,11 @@ static bool get_algs_capability(private_tpm_tss_tss2_t *this)
        int written;
 
        /* get fixed properties */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_TPM_PROPERTIES,
                                                                  TPM2_PT_FIXED, TPM2_MAX_TPM_PROPERTIES,
                                                                  &more_data, &cap_data, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM2_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s GetCapability failed for TPM2_CAP_TPM_PROPERTIES: 0x%06x",
@@ -222,8 +230,10 @@ static bool get_algs_capability(private_tpm_tss_tss2_t *this)
                 fips_140_2 ? "FIPS 140-2" : (this->fips_186_4 ? "FIPS 186-4" : ""));
 
        /* get supported algorithms */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_ALGS,
                                                0, TPM2_PT_ALGORITHM_SET, &more_data, &cap_data, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM2_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s GetCapability failed for TPM2_CAP_ALGS: 0x%06x",
@@ -251,8 +261,10 @@ static bool get_algs_capability(private_tpm_tss_tss2_t *this)
        DBG2(DBG_PTS, "%s algorithms:%s", LABEL, buf);
 
        /* get supported ECC curves */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_ECC_CURVES,
                                                0, TPM2_PT_LOADED_CURVES, &more_data, &cap_data, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM2_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s GetCapability failed for TPM2_ECC_CURVES: 0x%06x",
@@ -394,8 +406,10 @@ bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle,
 
 
        /* read public key for a given object handle from TPM 2.0 NVRAM */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_ReadPublic(this->sys_context, handle, 0, public, &name,
                                                           &qualified_name, &auth_rsp);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM2_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s could not read public key from handle 0x%08x: 0x%06x",
@@ -658,8 +672,10 @@ METHOD(tpm_tss_t, read_pcr, bool,
        memset(&pcr_values, 0, sizeof(TPML_DIGEST));
 
        /* read the PCR value */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_PCR_Read(this->sys_context, 0, &pcr_selection,
                                &pcr_update_counter, &pcr_selection, &pcr_values, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM2_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s PCR bank could not be read: 0x%60x",
@@ -737,8 +753,10 @@ METHOD(tpm_tss_t, extend_pcr, bool,
        }
 
        /* extend PCR */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_PCR_Extend(this->sys_context, pcr_num, &auth_cmd,
                                                           &digest_values, &auth_rsp);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM2_RC_SUCCESS)
        {
                DBG1(DBG_PTS, "%s PCR %02u could not be extended: 0x%06x",
@@ -786,9 +804,11 @@ METHOD(tpm_tss_t, quote, bool,
                return FALSE;
        }
 
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_Quote(this->sys_context, aik_handle, &auth_cmd,
                                                  &qualifying_data, &scheme, &pcr_selection,  &quoted,
                                                  &sig, &auth_rsp);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM2_RC_SUCCESS)
        {
                DBG1(DBG_PTS,"%s Tss2_Sys_Quote failed: 0x%06x", LABEL, rval);
@@ -951,8 +971,10 @@ METHOD(tpm_tss_t, sign, bool,
                memcpy(buffer.buffer, data.ptr, data.len);
                buffer.size = data.len;
 
+               this->mutex->lock(this->mutex);
                rval = Tss2_Sys_Hash(this->sys_context, 0, &buffer, alg_id, hierarchy,
                                                         &hash, &validation, 0);
+               this->mutex->unlock(this->mutex);
                if (rval != TPM2_RC_SUCCESS)
                {
                        DBG1(DBG_PTS,"%s Tss2_Sys_Hash failed: 0x%06x", LABEL, rval);
@@ -965,12 +987,14 @@ METHOD(tpm_tss_t, sign, bool,
            TPM2B_AUTH null_auth;
 
                null_auth.size = 0;
+               this->mutex->lock(this->mutex);
                rval = Tss2_Sys_HashSequenceStart(this->sys_context, 0, &null_auth,
                                                                                  alg_id, &sequence_handle, 0);
                if (rval != TPM2_RC_SUCCESS)
                {
                        DBG1(DBG_PTS,"%s Tss2_Sys_HashSequenceStart failed: 0x%06x",
                                 LABEL, rval);
+                       this->mutex->unlock(this->mutex);
                        return FALSE;
                }
 
@@ -987,6 +1011,7 @@ METHOD(tpm_tss_t, sign, bool,
                        {
                                DBG1(DBG_PTS,"%s Tss2_Sys_SequenceUpdate failed: 0x%06x",
                                         LABEL, rval);
+                               this->mutex->unlock(this->mutex);
                                return FALSE;
                        }
                }
@@ -995,6 +1020,7 @@ METHOD(tpm_tss_t, sign, bool,
                rval = Tss2_Sys_SequenceComplete(this->sys_context, sequence_handle,
                                                                                 &auth_cmd, &buffer, hierarchy,
                                                                                 &hash, &validation, 0);
+               this->mutex->unlock(this->mutex);
                if (rval != TPM2_RC_SUCCESS)
                {
                        DBG1(DBG_PTS,"%s Tss2_Sys_SequenceComplete failed: 0x%06x",
@@ -1003,8 +1029,10 @@ METHOD(tpm_tss_t, sign, bool,
                }
        }
 
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_Sign(this->sys_context, handle, &auth_cmd, &hash,
                                                 &sig_scheme, &validation, &sig, &auth_rsp);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM2_RC_SUCCESS)
        {
                DBG1(DBG_PTS,"%s Tss2_Sys_Sign failed: 0x%06x", LABEL, rval);
@@ -1074,7 +1102,9 @@ METHOD(tpm_tss_t, get_random, bool,
        {
                len = min(bytes, random_len);
 
+               this->mutex->lock(this->mutex);
                rval = Tss2_Sys_GetRandom(this->sys_context, NULL, len, &random, NULL);
+               this->mutex->unlock(this->mutex);
                if (rval != TSS2_RC_SUCCESS)
                {
                        DBG1(DBG_PTS,"%s Tss2_Sys_GetRandom failed: 0x%06x", LABEL, rval);
@@ -1105,8 +1135,10 @@ METHOD(tpm_tss_t, get_data, bool,
        TSS2L_SYS_AUTH_RESPONSE auth_rsp;
 
        /* query maximum TPM data transmission size */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_TPM_PROPERTIES,
                                TPM2_PT_NV_BUFFER_MAX, 1, &more_data, &cap_data, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM2_RC_SUCCESS)
        {
                DBG1(DBG_PTS,"%s Tss2_Sys_GetCapability failed for "
@@ -1117,8 +1149,10 @@ METHOD(tpm_tss_t, get_data, bool,
                                                TPM2_MAX_NV_BUFFER_SIZE);
 
        /* get size of NV object */
+       this->mutex->lock(this->mutex);
        rval = Tss2_Sys_NV_ReadPublic(this->sys_context, handle, 0, &nv_public,
                                                                                                                                &nv_name, 0);
+       this->mutex->unlock(this->mutex);
        if (rval != TPM2_RC_SUCCESS)
        {
                DBG1(DBG_PTS,"%s Tss2_Sys_NV_ReadPublic failed: 0x%06x", LABEL, rval);
@@ -1140,9 +1174,10 @@ METHOD(tpm_tss_t, get_data, bool,
        /* read NV data a maximum data size block at a time */
        while (nv_size > 0)
        {
+               this->mutex->lock(this->mutex);
                rval = Tss2_Sys_NV_Read(this->sys_context, hierarchy, handle, &auth_cmd,
                                        min(nv_size, max_data_size), nv_offset, &nv_data, &auth_rsp);
-
+               this->mutex->unlock(this->mutex);
                if (rval != TPM2_RC_SUCCESS)
                {
                        DBG1(DBG_PTS,"%s Tss2_Sys_NV_Read failed: 0x%06x", LABEL, rval);
@@ -1161,6 +1196,7 @@ METHOD(tpm_tss_t, destroy, void,
        private_tpm_tss_tss2_t *this)
 {
        finalize_context(this);
+       this->mutex->destroy(this->mutex);
        free(this);
 }
 
@@ -1187,6 +1223,7 @@ tpm_tss_t *tpm_tss_tss2_create()
                        .get_data = _get_data,
                        .destroy = _destroy,
                },
+               .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
        );
 
        available = initialize_tcti_context(this);
index 98c6d7c..cb2dd2a 100644 (file)
@@ -2,7 +2,7 @@
 
 PKG = botan
 SRC = https://github.com/randombit/$(PKG).git
-REV = 2.10.0
+REV = 2.11.0
 
 NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)
 
index b533302..0810eca 100644 (file)
@@ -24,14 +24,14 @@ fi
 : ${TESTDIR=/srv/strongswan-testing}
 
 # Kernel configuration
-: ${KERNELVERSION=5.1.3}
+: ${KERNELVERSION=5.1.15}
 : ${KERNEL=linux-$KERNELVERSION}
 : ${KERNELTARBALL=$KERNEL.tar.xz}
 : ${KERNELCONFIG=$DIR/../config/kernel/config-5.1}
 : ${KERNELPATCH=ha-5.0-abicompat.patch.bz2}
 
 # strongSwan version used in tests
-: ${SWANVERSION=5.8.0}
+: ${SWANVERSION=5.8.1dr1}
 
 # Build directory where the guest kernel and images will be built
 : ${BUILDDIR=$TESTDIR/build}