Skip to content

Commit 1d1a0bd

Browse files
dgarskedgarske
committed
Fix for TPM2_VerifySignature not using the correct hash algorithm (ZD 20296)
1 parent 3949138 commit 1d1a0bd

File tree

2 files changed

+24
-6
lines changed

2 files changed

+24
-6
lines changed

configure.ac

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -264,12 +264,13 @@ fi
264264

265265

266266
# STM ST33 Support
267-
AC_ARG_ENABLE([st33],,
267+
AC_ARG_ENABLE([st33],
268+
[AS_HELP_STRING([--enable-st33],[Enable ST ST33 TPM Support (default: disabled)])],
268269
[ ENABLED_ST33=$enableval ],
269270
[ ENABLED_ST33=no ]
270271
)
271272
AC_ARG_ENABLE([st],
272-
[AS_HELP_STRING([--enable-st],[Enable ST ST33 TPM Support (default: disabled)])],
273+
[AS_HELP_STRING([--enable-st],[Enable ST TPM Support (default: disabled)])],
273274
[ ENABLED_ST=$enableval ],
274275
[ ENABLED_ST=no ]
275276
)
@@ -307,7 +308,7 @@ then
307308
AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_NUVOTON"
308309
fi
309310

310-
# Infineon SLB9670/SLB9672
311+
# Infineon SLB9670/SLB9672/SLB9673
311312
AC_ARG_ENABLE([infineon],
312313
[AS_HELP_STRING([--enable-infineon],[Enable Infineon SLB9670/SLB9672 TPM Support (default: disabled)])],
313314
[ ENABLED_INFINEON=$enableval ],
@@ -319,7 +320,13 @@ then
319320
then
320321
AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_SLB9670"
321322
else
322-
AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_SLB9672"
323+
if test "x$ENABLED_INFINEON" = "xslb9673"
324+
then
325+
enable_i2c=yes
326+
AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_SLB9673"
327+
else
328+
AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_SLB9672"
329+
fi
323330
fi
324331
fi
325332

@@ -375,7 +382,8 @@ AC_ARG_ENABLE([autodetect],
375382
if test "x$ENABLED_AUTODETECT" = "xtest"
376383
then
377384
# If a module hasn't been selected then enable auto-detection
378-
if test "x$ENABLED_INFINEON" = "xno" && test "x$ENABLED_MCHP" = "xno" && test "x$ENABLED_ST33" = "xno" && test "x$ENABLED_NUVOTON" = "xno"
385+
if test "x$ENABLED_INFINEON" = "xno" && test "x$ENABLED_MCHP" = "xno" && test "x$ENABLED_MICROCHIP" = "xno" && \
386+
test "x$ENABLED_ST" = "xno" && test "x$ENABLED_ST33" = "xno" && test "x$ENABLED_NUVOTON" = "xno"
379387
then
380388
ENABLED_AUTODETECT=yes
381389
fi

src/tpm2_wrap.c

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4273,8 +4273,18 @@ int wolfTPM2_VerifyHash_ex(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
42734273
int wolfTPM2_VerifyHash(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
42744274
const byte* sig, int sigSz, const byte* digest, int digestSz)
42754275
{
4276+
int hashAlg = TPM_ALG_NULL;
4277+
4278+
/* detect hash algithm based on digest size*/
4279+
if (digestSz >= TPM_SHA512_DIGEST_SIZE)
4280+
hashAlg = TPM_ALG_SHA512;
4281+
else if (digestSz >= TPM_SHA384_DIGEST_SIZE)
4282+
hashAlg = TPM_ALG_SHA384;
4283+
else
4284+
hashAlg = TPM_ALG_SHA256;
4285+
42764286
return wolfTPM2_VerifyHashTicket(dev, key, sig, sigSz, digest, digestSz,
4277-
TPM_ALG_NULL, WOLFTPM2_WRAP_DIGEST, NULL);
4287+
TPM_ALG_NULL, hashAlg, NULL);
42784288
}
42794289

42804290
/* Generate ECC key-pair with NULL hierarchy and load (populates handle) */

0 commit comments

Comments
 (0)