Avoid LTO + FORTIFY_SOURCE=3 issue

When compiled with LTO and FORTIFY_SOURCE=3 enabled together, tpm2_makecredential outputs corrupted data which cannot be used with tpm2_activatecredential. This can be avoided by disabling compiler optimization for part of the code using pragma. This patch was obtained upstream from: https://github.com/tpm2-software/tpm2-tools/pull/3219 This fixes the upstream issue: https://github.com/tpm2-software/tpm2-tools/issues/3210 Resolves: rhbz#2171376 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2023-04-18 12:02:48 +02:00 · 2023-04-18 12:02:48 +02:00 · f1630a9c53
parent 5234b538c4
commit f1630a9c53
2 changed files with 67 additions and 1 deletions
--- a/tpm2-tools-fix-fortify.patch
+++ b/tpm2-tools-fix-fortify.patch
@ -0,0 +1,57 @@
+From 43b24bb6d1bbc65e80bd1de1d679922ba70ce5c0 Mon Sep 17 00:00:00 2001
+From: Juergen Repp <juergen_repp@web.de>
+Date: Mon, 6 Mar 2023 12:16:05 +0100
+Subject: [PATCH] kdfa.c Fix problem with FORTIFY_SOURCE on Fedora
+
+The original kdfa implementation did produce an error caused by the flags
+-flto -_FORTIFY_SOURCE=2 on Fedora rawhide.
+This error can be avoided by switching off the optimization with pragma.
+Fixes: #3210.
+
+Signed-off-by: Juergen Repp <juergen_repp@web.de>
+---
+ lib/tpm2_kdfa.c | 20 +++++++++++++++++++-
+ 1 file changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/lib/tpm2_kdfa.c b/lib/tpm2_kdfa.c
+index 5eb8d558c..9db0467e4 100644
+--- a/lib/tpm2_kdfa.c
+++ b/lib/tpm2_kdfa.c
+@@ -1,7 +1,6 @@
+ /* SPDX-License-Identifier: BSD-3-Clause */
+ 
+ #include <string.h>
+-
+ #include <openssl/evp.h>
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
+ #include <openssl/hmac.h>
+@@ -13,6 +12,15 @@
+ #include "tpm2_kdfa.h"
+ #include "tpm2_openssl.h"
+ 
+/*
+ * Disable optimazation because of an error in FORTIFY_SOURCE
+ */
+ 
+#ifdef _FORTIFY_SOURCE
+#pragma GCC push_options
+#pragma GCC optimize ("O0")
+#endif
+
+ TSS2_RC tpm2_kdfa(TPMI_ALG_HASH hash_alg, TPM2B *key, char *label,
+         TPM2B *context_u, TPM2B *context_v, UINT16 bits,
+         TPM2B_MAX_BUFFER *result_key) {
+@@ -139,3 +147,13 @@ TSS2_RC tpm2_kdfa(TPMI_ALG_HASH hash_alg, TPM2B *key, char *label,
+ 
+     return rval;
+ }
+#ifdef _FORTIFY_SOURCE
+
+#endif
+
+#ifdef _FORTIFY_SOURCE
+#pragma GCC pop_options
+#endif
+
+
+
--- a/tpm2-tools.spec
+++ b/tpm2-tools.spec
@ -2,13 +2,18 @@

 Name:    tpm2-tools
 Version: 5.5
-Release: 2%{?candidate:.%{candidate}}%{?dist}
+Release: 3%{?candidate:.%{candidate}}%{?dist}
 Summary: A bunch of TPM testing toolS build upon tpm2-tss

 License: BSD
 URL:     https://github.com/tpm2-software/tpm2-tools
 Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz

+# Disable optimization to avoid LTO + FORTIFY_SOURCE=3 issue:
+# https://bugzilla.redhat.com/show_bug.cgi?id=2171376
+# https://github.com/tpm2-software/tpm2-tools/issues/3210
+Patch0: tpm2-tools-fix-fortify.patch
+
 BuildRequires: make
 BuildRequires: gcc-c++
 BuildRequires: libtool
@ -55,6 +60,10 @@ tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss.
 %{_mandir}/man1/tss2_*.1.gz

 %changelog
+* Mon Apr 17 2023 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 5.5-3
+- Disable compiler optimization to fix LTO + FORTIFY_SOURCE=3 issue
+  Resolves rhbz#2171376
+
 * Tue Feb 21 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 5.5-2
 - Disable manpage regeneration in RHEL/ELN builds