trousers: Rebase to 0.3.15 release

Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
4 years ago · b3294b7073
parent 3459d0cdf6
commit b3294b7073
8 changed files with 15 additions and 734 deletions
--- a/trousers-0.3.13-noinline.patch
+++ b/trousers-0.3.13-noinline.patch
@ -1,70 +0,0 @@
 diff -up trousers-0.3.13/src/include/tcsps.h.noinline trousers-0.3.13/src/include/tcsps.h
 --- trousers-0.3.13/src/include/tcsps.h.noinline	2014-04-24 20:05:44.000000000 +0200
 +++ trousers-0.3.13/src/include/tcsps.h	2015-05-26 16:36:20.685075185 +0200
@@ -27,8 +27,8 @@ void		   ps_destroy();
 TSS_RESULT  read_data(int, void *, UINT32);
 TSS_RESULT  write_data(int, void *, UINT32);
 #else
 -inline TSS_RESULT  read_data(int, void *, UINT32);
 -inline TSS_RESULT  write_data(int, void *, UINT32);
 +TSS_RESULT  read_data(int, void *, UINT32);
 +TSS_RESULT  write_data(int, void *, UINT32);
 #endif
 int		   write_key_init(int, UINT32, UINT32, UINT32);
 TSS_RESULT	   cache_key(UINT32, UINT16, TSS_UUID *, TSS_UUID *, UINT16, UINT32, UINT32);
 diff -up trousers-0.3.13/src/include/tspps.h.noinline trousers-0.3.13/src/include/tspps.h
 --- trousers-0.3.13/src/include/tspps.h.noinline	2014-04-24 20:05:44.000000000 +0200
 +++ trousers-0.3.13/src/include/tspps.h	2015-05-26 16:36:31.730325291 +0200
@@ -18,8 +18,8 @@
 TSS_RESULT	   get_file(int *);
 int		   put_file(int);
 -inline TSS_RESULT  read_data(int, void *, UINT32);
 -inline TSS_RESULT  write_data(int, void *, UINT32);
 +TSS_RESULT  read_data(int, void *, UINT32);
 +TSS_RESULT  write_data(int, void *, UINT32);
 UINT32		   psfile_get_num_keys(int);
 TSS_RESULT	   psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *);
 TSS_RESULT	   psfile_remove_key_by_uuid(int, TSS_UUID *);
 diff -up trousers-0.3.13/src/tcs/ps/ps_utils.c.noinline trousers-0.3.13/src/tcs/ps/ps_utils.c
 --- trousers-0.3.13/src/tcs/ps/ps_utils.c.noinline	2014-04-24 20:05:44.000000000 +0200
 +++ trousers-0.3.13/src/tcs/ps/ps_utils.c	2015-05-26 16:38:33.626085483 +0200
@@ -45,7 +45,7 @@ struct key_disk_cache *key_disk_cache_he
 #ifdef SOLARIS
 TSS_RESULT
 #else
 -inline TSS_RESULT
 +TSS_RESULT
 #endif
 read_data(int fd, void *data, UINT32 size)
 {
@@ -67,7 +67,7 @@ read_data(int fd, void *data, UINT32 siz
 #ifdef SOLARIS
 TSS_RESULT
 #else
 -inline TSS_RESULT
 +TSS_RESULT
 #endif
 write_data(int fd, void *data, UINT32 size)
 {
 diff -up trousers-0.3.13/src/tspi/ps/ps_utils.c.noinline trousers-0.3.13/src/tspi/ps/ps_utils.c
 --- trousers-0.3.13/src/tspi/ps/ps_utils.c.noinline	2014-04-24 20:05:44.000000000 +0200
 +++ trousers-0.3.13/src/tspi/ps/ps_utils.c	2015-05-26 16:39:30.881381965 +0200
@@ -22,7 +22,7 @@
 #include "tspps.h"
 #include "tsplog.h"
 -inline TSS_RESULT
 +TSS_RESULT
 read_data(int fd, void *data, UINT32 size)
 {
 	int rc;
@@ -39,7 +39,7 @@ read_data(int fd, void *data, UINT32 siz
 	return TSS_SUCCESS;
 }
 -inline TSS_RESULT
 +TSS_RESULT
 write_data(int fd, void *data, UINT32 size)
 {
 	int rc;
--- a/trousers-0.3.14-correct-security-issues.patch
+++ b/trousers-0.3.14-correct-security-issues.patch
@ -1,89 +0,0 @@
 From e74dd1d96753b0538192143adf58d04fcd3b242b Mon Sep 17 00:00:00 2001
 From: Matthias Gerstner <mgerstner@suse.de>
 Date: Fri, 14 Aug 2020 22:14:36 -0700
 Subject: [PATCH 1/2] Correct multiple security issues that are present if the
 tcsd is started by root instead of the tss user.
 Patch fixes the following 3 CVEs:
 CVE-2020-24332
 If the tcsd daemon is started with root privileges,
 the creation of the system.data file is prone to symlink attacks
 CVE-2020-24330
 If the tcsd daemon is started with root privileges,
 it fails to drop the root gid after it is no longer needed
 CVE-2020-24331
 If the tcsd daemon is started with root privileges,
 the tss user has read and write access to the /etc/tcsd.conf file
 Authored-by: Matthias Gerstner <mgerstner@suse.de>
 Signed-off-by: Debora Velarde Babb <debora@linux.ibm.com>
 ---
 src/tcs/ps/tcsps.c   |  2 +-
 src/tcsd/svrside.c   |  1 +
 src/tcsd/tcsd_conf.c | 10 +++++-----
 3 files changed, 7 insertions(+), 6 deletions(-)
 diff --git a/src/tcs/ps/tcsps.c b/src/tcs/ps/tcsps.c
 index e47154b20612..85d45a96b7c3 100644
 --- a/src/tcs/ps/tcsps.c
 +++ b/src/tcs/ps/tcsps.c
@@ -72,7 +72,7 @@ get_file()
 	}
 	/* open and lock the file */
 -	system_ps_fd = open(tcsd_options.system_ps_file, O_CREAT|O_RDWR, 0600);
 +	system_ps_fd = open(tcsd_options.system_ps_file, O_CREAT|O_RDWR|O_NOFOLLOW, 0600);
 	if (system_ps_fd < 0) {
 		LogError("system PS: open() of %s failed: %s",
 				tcsd_options.system_ps_file, strerror(errno));
 diff --git a/src/tcsd/svrside.c b/src/tcsd/svrside.c
 index 1ae1636f8730..1c12ff3afdd0 100644
 --- a/src/tcsd/svrside.c
 +++ b/src/tcsd/svrside.c
@@ -473,6 +473,7 @@ main(int argc, char **argv)
 		}
 		return TCSERR(TSS_E_INTERNAL_ERROR);
 	}
 +	setgid(pwd->pw_gid);
 	setuid(pwd->pw_uid);
 #endif
 #endif
 diff --git a/src/tcsd/tcsd_conf.c b/src/tcsd/tcsd_conf.c
 index a31503df3f1f..ea8ea13f5f16 100644
 --- a/src/tcsd/tcsd_conf.c
 +++ b/src/tcsd/tcsd_conf.c
@@ -743,7 +743,7 @@ conf_file_init(struct tcsd_config *conf)
 #ifndef SOLARIS
 	struct group *grp;
 	struct passwd *pw;
 -	mode_t mode = (S_IRUSR|S_IWUSR);
 +	mode_t mode = (S_IRUSR|S_IWUSR|S_IRGRP);
 #endif /* SOLARIS */
 	TSS_RESULT result;
@@ -798,15 +798,15 @@ conf_file_init(struct tcsd_config *conf)
 	}
 	/* make sure user/group TSS owns the conf file */
 -	if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) {
 +	if (stat_buf.st_uid != 0 || grp->gr_gid != stat_buf.st_gid) {
 		LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file,
 -				TSS_USER_NAME, TSS_GROUP_NAME);
 +				"root", TSS_GROUP_NAME);
 		return TCSERR(TSS_E_INTERNAL_ERROR);
 	}
 -	/* make sure only the tss user can manipulate the config file */
 +	/* make sure only the tss user can read (but not manipulate) the config file */
 	if (((stat_buf.st_mode & 0777) ^ mode) != 0) {
 -		LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file);
 +		LogError("TCSD config file (%s) must be mode 0640", tcsd_config_file);
 		return TCSERR(TSS_E_INTERNAL_ERROR);
 	}
 #endif /* SOLARIS */
 -- 
 2.27.0
--- a/trousers-0.3.14-double-free.patch
+++ b/trousers-0.3.14-double-free.patch
@ -1,27 +0,0 @@
 diff -ur trousers-0.3.14/src/tspi/tsp_auth.c trousers-0.3.14-new/src/tspi/tsp_auth.c
 --- trousers-0.3.14/src/tspi/tsp_auth.c	2014-07-23 12:42:45.000000000 -0700
 +++ trousers-0.3.14-new/src/tspi/tsp_auth.c	2019-05-27 13:41:57.316000945 -0700
@@ -1221,7 +1221,7 @@
 	}
 	*handles = handle;
 -    handles_track = handles;
 +	handles_track = handles;
     // Since the call tree of this function can possibly alloc memory 
     // (check RPC_ExecuteTransport_TP function), its better to keep track of
@@ -1229,9 +1229,11 @@
 	result = obj_context_transport_execute(tspContext, TPM_ORD_Terminate_Handle, 0, NULL,
 					       NULL, &handlesLen, &handles, NULL, NULL, NULL, NULL);
 -	free(handles);
 -    handles = NULL;
 -    free(handles_track);
 +	if (handles != handles_track) {
 +		free(handles);
 +	}
 +
 +	free(handles_track);
 	return result;
 }
--- a/trousers-0.3.14-no-optimize.patch
+++ b/trousers-0.3.14-no-optimize.patch
@ -1,49 +0,0 @@
 From 6edef3777f9b9a26e63168bb81c8d4f4ddb17017 Mon Sep 17 00:00:00 2001
 From: Jerry Snitselaar <jsnitsel@redhat.com>
 Date: Wed, 5 Jun 2019 11:51:33 -0700
 Subject: [PATCH 2/2] trousers: don't use __no_optimize
 The trousers is failing annocheck hardened check due to
 __no_optimize being used for __tspi_memset(). Instead of
 __no_optimize use a asm memory barrier.
 Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
 Signed-off-by: Debora Velarde Babb <debora@linux.ibm.com>
 ---
 src/include/spi_utils.h    | 2 +-
 src/tspi/tsp_context_mem.c | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)
 diff --git a/src/include/spi_utils.h b/src/include/spi_utils.h
 index 11255b20a21d..6ef21ce0cc83 100644
 --- a/src/include/spi_utils.h
 +++ b/src/include/spi_utils.h
@@ -53,7 +53,7 @@ MUTEX_DECLARE_EXTERN(mem_cache_lock);
 void *calloc_tspi(TSS_HCONTEXT, UINT32);
 TSS_RESULT free_tspi(TSS_HCONTEXT, void *);
 TSS_RESULT __tspi_add_mem_entry(TSS_HCONTEXT, void *);
 -void * __no_optimize __tspi_memset(void *, int, size_t);
 +void * __tspi_memset(void *, int, size_t);
 /* secrets.c */
 diff --git a/src/tspi/tsp_context_mem.c b/src/tspi/tsp_context_mem.c
 index 2982df9fed06..2769af3662b9 100644
 --- a/src/tspi/tsp_context_mem.c
 +++ b/src/tspi/tsp_context_mem.c
@@ -258,8 +258,10 @@ free_tspi(TSS_HCONTEXT tspContext, void *memPointer)
 }
 /* definition for a memset that cannot be optimized away */
 -void * __no_optimize
 +void *
 __tspi_memset(void *s, int c, size_t n)
 {
 -	return memset(s, c, n);
 +	memset(s, c, n);
 +	asm volatile("" ::: "memory");
 +	return s;
 }
 -- 
 2.27.0
--- a/trousers-0.3.14-noinline.patch
+++ b/trousers-0.3.14-noinline.patch
@ -1,6 +1,6 @@
-diff -ur a/src/include/tspps.h b/src/include/tspps.h
+diff -ur trousers-0.3.15/src/include/tspps.h trousers-0.3.15-new/src/include/tspps.h
--- a/src/include/tspps.h	2014-07-23 12:42:44.000000000 -0700
+--- trousers-0.3.15/src/include/tspps.h	2020-05-27 23:01:45.000000000 -0700
-+++ b/src/include/tspps.h	2018-08-01 19:33:42.454192873 -0700
+++ trousers-0.3.15-new/src/include/tspps.h	2020-11-06 17:46:53.796319788 -0700
@@ -18,8 +18,8 @@
 TSS_RESULT	   get_file(int *);
--- a/trousers-0.3.14-tcsd-header-fix.patch
+++ b/trousers-0.3.14-tcsd-header-fix.patch
@ -1,37 +0,0 @@
 From b692f86a93c8f7e6ac938277a9aec434b02c252b Mon Sep 17 00:00:00 2001
 From: Jerry Snitselaar <jsnitsel@redhat.com>
 Date: Wed, 18 Mar 2020 13:35:22 -0700
 Subject: [PATCH] trousers: resolve build failure
 The global variables tcsd_sa_chld and tcsd_sa_int in tcsd.h are
 causing build failures in latest Fedora release:
 /usr/bin/ld: ../../src/tcs/libtcs.a(libtcs_a-tcsi_changeauth.o):/builddir/build/BUILD/trousers-0.3.13/src/tcs/../include/tcsd.h:169: multiple definition of `tcsd_sa_chld'; tcsd-svrside.o:/builddir/build/BUILD/trousers-0.3.13/src/tcsd/../../src/include/tcsd.h:169: first defined here
 /usr/bin/ld: ../../src/tcs/libtcs.a(libtcs_a-tcsi_changeauth.o):/builddir/build/BUILD/trousers-0.3.13/src/tcs/../include/tcsd.h:168: multiple definition of `tcsd_sa_int'; tcsd-svrside.o:/builddir/build/BUILD/trousers-0.3.13/src/tcsd/../../src/include/tcsd.h:168: first defined here
 They are no longer used since 9b40e581470b ("Improved daemon's signal
 handling") so just remove them.
 Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
 ---
 src/include/tcsd.h | 6 ------
 1 file changed, 6 deletions(-)
 diff --git a/src/include/tcsd.h b/src/include/tcsd.h
 index 5b9462b85ed6..f5c286e01c86 100644
 --- a/src/include/tcsd.h
 +++ b/src/include/tcsd.h
@@ -164,10 +164,4 @@ TSS_RESULT tcsd_thread_create(int, char *);
 void	   *tcsd_thread_run(void *);
 void	   thread_signal_init();
 -/* signal handling */
 -#ifndef __APPLE__
 -struct sigaction tcsd_sa_int;
 -struct sigaction tcsd_sa_chld;
 -#endif
 -
 #endif
 -- 
 2.24.0
--- a/trousers-openssl1.1.patch
+++ b/trousers-openssl1.1.patch
@ -1,448 +0,0 @@
@@ -, +, @@ 
 ---
 src/tcs/crypto/openssl/crypto.c      | 15 ++++++---
 src/trspi/crypto/openssl/hash.c      | 17 ++++++----
 src/trspi/crypto/openssl/rsa.c       | 64 ++++++++++++++++++++++++++++++-----
 src/trspi/crypto/openssl/symmetric.c | 65 +++++++++++++++++++++---------------
 4 files changed, 115 insertions(+), 46 deletions(-)
 --- a/src/tcs/crypto/openssl/crypto.c	
 +++ a/src/tcs/crypto/openssl/crypto.c	
@@ -31,13 +31,17 @@ 
 TSS_RESULT
 Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
 {
 -	EVP_MD_CTX md_ctx;
 +	EVP_MD_CTX *md_ctx;
 	unsigned int result_size;
 	int rv;
 +	md_ctx = EVP_MD_CTX_new();
 +	if (md_ctx == NULL)
 +		return TSPERR(TSS_E_OUTOFMEMORY);
 +
 	switch (HashType) {
 		case TSS_HASH_SHA1:
 -			rv = EVP_DigestInit(&md_ctx, EVP_sha1());
 +			rv = EVP_DigestInit(md_ctx, EVP_sha1());
 			break;
 		default:
 			rv = TCSERR(TSS_E_BAD_PARAMETER);
@@ -50,19 +54,20 @@ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
 		goto out;
 	}
 -	rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
 +	rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
 	if (rv != EVP_SUCCESS) {
 		rv = TCSERR(TSS_E_INTERNAL_ERROR);
 		goto out;
 	}
 -	result_size = EVP_MD_CTX_size(&md_ctx);
 -	rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
 +	result_size = EVP_MD_CTX_size(md_ctx);
 +	rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
 	if (rv != EVP_SUCCESS) {
 		rv = TCSERR(TSS_E_INTERNAL_ERROR);
 	} else
 		rv = TSS_SUCCESS;
 out:
 +	EVP_MD_CTX_free(md_ctx);
 	return rv;
 }
 --- a/src/trspi/crypto/openssl/hash.c	
 +++ a/src/trspi/crypto/openssl/hash.c	
@@ -56,13 +56,17 @@ int MGF1(unsigned char *, long, const unsigned char *, long);
 TSS_RESULT
 Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
 {
 -	EVP_MD_CTX md_ctx;
 +	EVP_MD_CTX *md_ctx;
 	unsigned int result_size;
 	int rv;
 +	md_ctx = EVP_MD_CTX_new();
 +	if (md_ctx == NULL)
 +		return TSPERR(TSS_E_OUTOFMEMORY);
 +
 	switch (HashType) {
 		case TSS_HASH_SHA1:
 -			rv = EVP_DigestInit(&md_ctx, EVP_sha1());
 +			rv = EVP_DigestInit(md_ctx, EVP_sha1());
 			break;
 		default:
 			rv = TSPERR(TSS_E_BAD_PARAMETER);
@@ -75,14 +79,14 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
 		goto err;
 	}
 -	rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
 +	rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
 	if (rv != EVP_SUCCESS) {
 		rv = TSPERR(TSS_E_INTERNAL_ERROR);
 		goto err;
 	}
 -	result_size = EVP_MD_CTX_size(&md_ctx);
 -	rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
 +	result_size = EVP_MD_CTX_size(md_ctx);
 +	rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
 	if (rv != EVP_SUCCESS) {
 		rv = TSPERR(TSS_E_INTERNAL_ERROR);
 		goto err;
@@ -94,6 +98,7 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
 err:
 	DEBUG_print_openssl_errors();
 out:
 +	EVP_MD_CTX_free(md_ctx);
         return rv;
 }
@@ -112,7 +117,7 @@ Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType)
 			break;
 	}
 -	if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL)
 +	if ((ctx->ctx = EVP_MD_CTX_new()) == NULL)
 		return TSPERR(TSS_E_OUTOFMEMORY);
 	rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md);
 --- a/src/trspi/crypto/openssl/rsa.c	
 +++ a/src/trspi/crypto/openssl/rsa.c	
@@ -38,6 +38,25 @@ 
 #define DEBUG_print_openssl_errors()
 #endif
 +#if OPENSSL_VERSION_NUMBER < 0x10100001L
 +static int
 +RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
 +{
 +	if (n != NULL) {
 +		BN_free(r->n);
 +		r->n = n;
 +	}
 +	if (e != NULL) {
 +		BN_free(r->e);
 +		r->e = e;
 +	}
 +	if (d != NULL) {
 +		BN_free(r->d);
 +		r->d = d;
 +	}
 +	return 1;
 +}
 +#endif
 /*
  * Hopefully this will make the code clearer since
@@ -61,6 +80,7 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
 	RSA *rsa = RSA_new();
 	BYTE encodedData[256];
 	int encodedDataLen;
 +	BIGNUM *rsa_n = NULL, *rsa_e = NULL;
 	if (rsa == NULL) {
 		rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -68,12 +88,20 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
 	}
 	/* set the public key value in the OpenSSL object */
 -	rsa->n = BN_bin2bn(publicKey, keysize, rsa->n);
 +	rsa_n = BN_bin2bn(publicKey, keysize, NULL);
 	/* set the public exponent */
 -	rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
 +	rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
 -	if (rsa->n == NULL || rsa->e == NULL) {
 +	if (rsa_n == NULL || rsa_e == NULL) {
 		rv = TSPERR(TSS_E_OUTOFMEMORY);
 +		BN_free(rsa_n);
 +		BN_free(rsa_e);
 +		goto err;
 +	}
 +	if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
 +		rv = TSPERR(TSS_E_FAIL);
 +		BN_free(rsa_n);
 +		BN_free(rsa_e);
 		goto err;
 	}
@@ -123,6 +151,7 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
 	unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */
 	unsigned char buf[256];
 	RSA *rsa = RSA_new();
 +	BIGNUM *rsa_n = NULL, *rsa_e = NULL;
 	if (rsa == NULL) {
 		rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -146,12 +175,20 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
 	}
 	/* set the public key value in the OpenSSL object */
 -	rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n);
 +	rsa_n = BN_bin2bn(pModulus, iKeyLength, NULL);
 	/* set the public exponent */
 -	rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
 +	rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
 -	if (rsa->n == NULL || rsa->e == NULL) {
 +	if (rsa_n == NULL || rsa_e == NULL) {
 		rv = TSPERR(TSS_E_OUTOFMEMORY);
 +		BN_free(rsa_n);
 +		BN_free(rsa_e);
 +		goto err;
 +	}
 +	if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
 +		rv = TSPERR(TSS_E_FAIL);
 +		BN_free(rsa_n);
 +		BN_free(rsa_e);
 		goto err;
 	}
@@ -195,6 +232,7 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
 	int rv, e_size = 3;
 	unsigned char exp[] = { 0x01, 0x00, 0x01 };
 	RSA *rsa = RSA_new();
 +	BIGNUM *rsa_n = NULL, *rsa_e = NULL;
 	if (rsa == NULL) {
 		rv = TSPERR(TSS_E_OUTOFMEMORY);
@@ -237,12 +275,20 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
 	}
 	/* set the public key value in the OpenSSL object */
 -	rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n);
 +	rsa_n = BN_bin2bn(pubkey, pubsize, NULL);
 	/* set the public exponent */
 -	rsa->e = BN_bin2bn(exp, e_size, rsa->e);
 +	rsa_e = BN_bin2bn(exp, e_size, NULL);
 -	if (rsa->n == NULL || rsa->e == NULL) {
 +	if (rsa_n == NULL || rsa_e == NULL) {
 		rv = TSPERR(TSS_E_OUTOFMEMORY);
 +		BN_free(rsa_n);
 +		BN_free(rsa_e);
 +		goto err;
 +	}
 +	if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
 +		rv = TSPERR(TSS_E_FAIL);
 +		BN_free(rsa_n);
 +		BN_free(rsa_e);
 		goto err;
 	}
 --- a/src/trspi/crypto/openssl/symmetric.c	
 +++ a/src/trspi/crypto/openssl/symmetric.c	
@@ -52,7 +52,7 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
 		  UINT32 *out_len)
 {
 	TSS_RESULT result = TSS_SUCCESS;
 -	EVP_CIPHER_CTX ctx;
 +	EVP_CIPHER_CTX *ctx = NULL;
 	UINT32 tmp;
 	switch (alg) {
@@ -64,33 +64,37 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
 			break;
 	}
 -	EVP_CIPHER_CTX_init(&ctx);
 +	ctx = EVP_CIPHER_CTX_new();
 +	if (ctx == NULL) {
 +		result = TSPERR(TSS_E_OUTOFMEMORY);
 +		goto done;
 +	}
 -	if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
 +	if (!EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
 	}
 -	if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) {
 +	if (*out_len < in_len + EVP_CIPHER_CTX_block_size(ctx) - 1) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		goto done;
 	}
 -	if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
 +	if (!EVP_EncryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
 	}
 -	if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
 +	if (!EVP_EncryptFinal(ctx, out + *out_len, (int *)&tmp)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
 	}
 	*out_len += tmp;
 done:
 -	EVP_CIPHER_CTX_cleanup(&ctx);
 +	EVP_CIPHER_CTX_free(ctx);
 	return result;
 }
@@ -99,7 +103,7 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
 		  UINT32 *out_len)
 {
 	TSS_RESULT result = TSS_SUCCESS;
 -	EVP_CIPHER_CTX ctx;
 +	EVP_CIPHER_CTX *ctx = NULL;
 	UINT32 tmp;
 	switch (alg) {
@@ -111,28 +115,32 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
 			break;
 	}
 -	EVP_CIPHER_CTX_init(&ctx);
 +	ctx = EVP_CIPHER_CTX_new();
 +	if (ctx == NULL) {
 +		result = TSPERR(TSS_E_OUTOFMEMORY);
 +		goto done;
 +	}
 -	if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
 +	if (!EVP_DecryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
 	}
 -	if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
 +	if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
 	}
 -	if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
 +	if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
 	}
 	*out_len += tmp;
 done:
 -	EVP_CIPHER_CTX_cleanup(&ctx);
 +	EVP_CIPHER_CTX_free(ctx);
 	return result;
 }
@@ -255,7 +263,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
 		 UINT32 *out_len)
 {
 	TSS_RESULT result = TSS_SUCCESS;
 -	EVP_CIPHER_CTX ctx;
 +	EVP_CIPHER_CTX *ctx;
 	EVP_CIPHER *cipher;
 	BYTE *def_iv = NULL, *outiv_ptr;
 	UINT32 tmp;
@@ -269,7 +277,9 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
 	if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
 		return TSPERR(TSS_E_INTERNAL_ERROR);
 -	EVP_CIPHER_CTX_init(&ctx);
 +	ctx = EVP_CIPHER_CTX_new();
 +	if (ctx == NULL)
 +		return TSPERR(TSS_E_OUTOFMEMORY);
 	/* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */
 	iv_len = EVP_CIPHER_iv_length(cipher);
@@ -289,25 +299,25 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
 		outiv_ptr = out;
 	}
 -	if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
 +	if (!EVP_EncryptInit(ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
 	}
 -	if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) {
 +	if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(ctx) * 2) - 1) {
 		LogDebug("Not enough space to do symmetric encryption");
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		goto done;
 	}
 -	if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) {
 +	if (!EVP_EncryptUpdate(ctx, outiv_ptr, &outiv_len, in, in_len)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
 	}
 -	if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
 +	if (!EVP_EncryptFinal(ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
@@ -320,7 +330,7 @@ done:
 		*out_len += iv_len;
 		free(def_iv);
 	}
 -	EVP_CIPHER_CTX_cleanup(&ctx);
 +	EVP_CIPHER_CTX_free(ctx);
 	return result;
 }
@@ -329,7 +339,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
 		 UINT32 *out_len)
 {
 	TSS_RESULT result = TSS_SUCCESS;
 -	EVP_CIPHER_CTX ctx;
 +	EVP_CIPHER_CTX *ctx = NULL;
 	EVP_CIPHER *cipher;
 	BYTE *def_iv = NULL, *iniv_ptr;
 	UINT32 tmp;
@@ -341,7 +351,10 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
 	if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
 		return TSPERR(TSS_E_INTERNAL_ERROR);
 -	EVP_CIPHER_CTX_init(&ctx);
 +	ctx = EVP_CIPHER_CTX_new();
 +	if (ctx == NULL) {
 +		return TSPERR(TSS_E_OUTOFMEMORY);
 +	}
 	/* If the iv is NULL, assume that its prepended to the ciphertext */
 	if (iv == NULL) {
@@ -361,19 +374,19 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
 		iniv_len = in_len;
 	}
 -	if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) {
 +	if (!EVP_DecryptInit(ctx, cipher, key, def_iv)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
 	}
 -	if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
 +	if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
 	}
 -	if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
 +	if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
 		result = TSPERR(TSS_E_INTERNAL_ERROR);
 		DEBUG_print_openssl_errors();
 		goto done;
@@ -383,6 +396,6 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
 done:
 	if (def_iv != iv)
 		free(def_iv);
 -	EVP_CIPHER_CTX_cleanup(&ctx);
 +	EVP_CIPHER_CTX_free(ctx);
 	return result;
 }
 -- 
--- a/trousers.spec
+++ b/trousers.spec
@ -1,7 +1,7 @@
 Name: trousers
 Summary: TCG's Software Stack v1.2
-Version: 0.3.14
+Version: 0.3.15
-Release: 4%{?dist}
+Release: 1%{?dist}
 License: BSD
 Url: http://trousers.sourceforge.net
@ -11,13 +11,9 @@ Patch1:  trousers-0.3.14-noinline.patch
 # submitted upstream
 Patch2: trousers-0.3.14-unlock-in-err-path.patch
 Patch3: trousers-0.3.14-fix-indent-obj_policy.patch
-Patch4: trousers-0.3.14-double-free.patch
+Patch4: trousers-0.3.14-fix-indent-tspi_key.patch
 Patch5: trousers-0.3.14-fix-indent-tspi_key.patch
 Patch6: trousers-0.3.14-tcsd-header-fix.patch
 Patch7: trousers-0.3.14-correct-security-issues.patch
 Patch8: trousers-0.3.14-no-optimize.patch
-BuildRequires: libtool, openssl-devel
+BuildRequires: libtool openssl-devel gettext-devel autoconf automake
 BuildRequires: systemd
 Requires(pre): shadow-utils
 Requires(post): systemd-units
@ -59,11 +55,13 @@ Header files and man pages for use in creating Trusted Computing enabled
 applications.
 %prep
-%autosetup -c -p1
+%autosetup -p1
 # fix man page paths
 sed -i -e 's|/var/tpm|/var/lib/tpm|g' -e 's|/usr/local/var|/var|g' man/man5/tcsd.conf.5.in man/man8/tcsd.8.in
 %build
 chmod +x ./bootstrap.sh
 ./bootstrap.sh
 %configure --with-gui=openssl
 make -k %{?_smp_mflags}
@ -120,6 +118,9 @@ exit 0
 %{_libdir}/libtddl.a
 %changelog
 * Fri Nov 06 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 0.3.15-1
 - Rebase to 0.3.15 release.
 * Thu Oct 29 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 0.3.14-4
 - Fix for CVE-2020-24330 (RHBZ#1874824)
 - Fix for CVE-2020-24331 (RHBZ#1870057)