diff options
| author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-06-29 10:04:54 -0400 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-06-29 10:07:27 -0400 |
| commit | ccf5b65b8e7842b40c5ff759a8846e16d040b3d0 (patch) | |
| tree | 78cae8eb5fdd62176dbf442e1e6a1df80149f1e7 | |
| parent | a813f3db695d0d5d889474d203722d9f9641998b (diff) | |
| download | openssl_tpm2_engine-ccf5b65b8e7842b40c5ff759a8846e16d040b3d0.tar.gz | |
tpm2-common: fix for openssl Boolean problems
The ASN.1 standard strictly requires a Boolean to be 0xff for true or
0 for false. Apparently openssl simply writes the value it was given
without checking (which is usually a C value true or false), so a lot
of our BOOLEANS are ending up with the illegal value 1. Redo the
setting of this variable to be either 0xff for true or absent for
false (as the standard recommends).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
| -rw-r--r-- | src/libcommon/tpm2-common.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/libcommon/tpm2-common.c b/src/libcommon/tpm2-common.c index a9f72ec..41a073a 100644 --- a/src/libcommon/tpm2-common.c +++ b/src/libcommon/tpm2-common.c @@ -2175,7 +2175,8 @@ int tpm2_write_tpmfile(const char *file, BYTE *pubkey, int pubkey_len, } if (version == 0) { k.tssl.type = OBJ_txt2obj(OID_OldloadableKey, 1); - k.tssl.emptyAuth = empty_auth; + /* standard requires true or not present */ + k.tssl.emptyAuth = empty_auth ? 0xff : -1; k.tssl.parent = ASN1_INTEGER_new(); ASN1_INTEGER_set(k.tssl.parent, parent); @@ -2201,7 +2202,8 @@ int tpm2_write_tpmfile(const char *file, BYTE *pubkey, int pubkey_len, secret->size); } - k.tpk.emptyAuth = empty_auth; + /* standard requires true or not present */ + k.tpk.emptyAuth = empty_auth ? 0xff : -1; k.tpk.parent = ASN1_INTEGER_new(); ASN1_INTEGER_set(k.tpk.parent, parent); |