From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 20 Aug 2021 14:34:48 +0000 (+0200)
Subject: libtpmtss: Initialize library from all users
X-Git-Tag: 5.9.4dr1~1
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=5126e7c0fc136dfaef65b2eb2e9d835b05052c74;p=thirdparty%2Fstrongswan.git

libtpmtss: Initialize library from all users

Previously, only the tpm plugin initialized the library, so in order
to use a TPM 2.0 (a required TCTI library is loaded via init), it was
necessary to load it even if none of its actual features were used.
---

diff --git a/src/aikgen/aikgen.c b/src/aikgen/aikgen.c
index 3e2d444776..6ce8fdf5d1 100644
--- a/src/aikgen/aikgen.c
+++ b/src/aikgen/aikgen.c
@@ -137,7 +137,6 @@ static void exit_aikgen(err_t message, ...)
 		fprintf(stderr, "aikgen error: %s\n", m);
 		status = -1;
 	}
-	library_deinit();
 	exit(status);
 }
 
@@ -194,17 +193,23 @@ int main(int argc, char *argv[])
 	chunk_t aik_blob;
 	hasher_t *hasher;
 
-	atexit(library_deinit);
 	if (!library_init(NULL, "aikgen"))
 	{
 		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
 	}
+	atexit(library_deinit);
 	if (lib->integrity &&
 		!lib->integrity->check_file(lib->integrity, "aikgen", argv[0]))
 	{
 		fprintf(stderr, "integrity check of aikgen failed\n");
 		exit(SS_RC_DAEMON_INTEGRITY);
 	}
+	if (!libtpmtss_init())
+	{
+		fprintf(stderr, "libtpmtss initialization failed\n");
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+	atexit(libtpmtss_deinit);
 
 	/* initialize global variables */
 	options = options_create();
diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c
index ec6ea42888..0a4ae66a00 100644
--- a/src/libimcv/imcv.c
+++ b/src/libimcv/imcv.c
@@ -132,7 +132,7 @@ bool libimcv_init(bool is_imv)
 	if (lib)
 	{
 		/* did main program initialize libstrongswan? */
-		if (libstrongswan_ref == 0)
+		if (!ref_cur(&libstrongswan_ref))
 		{
 			ref_get(&libstrongswan_ref);
 		}
@@ -171,10 +171,12 @@ bool libimcv_init(bool is_imv)
 	lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins",
 								lib->ns);
 
-	if (libimcv_ref == 0)
+	if (!ref_cur(&libimcv_ref))
 	{
 		char *uri, *script;
 
+		libtpmtss_init();
+
 		/* initialize the PA-TNC attribute manager */
 	 	imcv_pa_tnc_attributes = pa_tnc_attr_manager_create();
 		imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF,
@@ -246,6 +248,8 @@ void libimcv_deinit(void)
 		DESTROY_IF(imcv_db);
 		DESTROY_IF(imcv_sessions);
 		DBG1(DBG_LIB, "libimcv terminated");
+
+		libtpmtss_deinit();
 	}
 	if (ref_put(&libstrongswan_ref))
 	{
diff --git a/src/libtpmtss/tpm_tss.c b/src/libtpmtss/tpm_tss.c
index 72fd45b813..4fe42f1cde 100644
--- a/src/libtpmtss/tpm_tss.c
+++ b/src/libtpmtss/tpm_tss.c
@@ -24,12 +24,22 @@
 #include "plugin_constructors.c"
 #endif
 
+/**
+ * Reference counter for library initialization
+ */
+static refcount_t libtpmtss_ref = 0;
+
 /**
  * Described in header.
  */
 bool libtpmtss_init(void)
 {
-	return tpm_tss_tss2_init();
+	if (ref_cur(&libtpmtss_ref) || tpm_tss_tss2_init())
+	{
+		ref_get(&libtpmtss_ref);
+		return TRUE;
+	}
+	return FALSE;
 }
 
 /**
@@ -37,7 +47,10 @@ bool libtpmtss_init(void)
  */
 void libtpmtss_deinit(void)
 {
-	tpm_tss_tss2_deinit();
+	if (ref_cur(&libtpmtss_ref) && ref_put(&libtpmtss_ref))
+	{
+		tpm_tss_tss2_deinit();
+	}
 }
 
 typedef tpm_tss_t*(*tpm_tss_create)(void);
diff --git a/src/libtpmtss/tpm_tss.h b/src/libtpmtss/tpm_tss.h
index e3dd033346..d6d8ee2b01 100644
--- a/src/libtpmtss/tpm_tss.h
+++ b/src/libtpmtss/tpm_tss.h
@@ -192,22 +192,22 @@ struct tpm_tss_t {
 };
 
 /**
- * Create a tpm_tss instance.
- *
- * @param version	TPM version that must be supported by TSS
- */
-tpm_tss_t *tpm_tss_probe(tpm_version_t version);
-
-/**
- * libtpmtss initialization function
+ * Initialize libtpmtss
  *
  * @return					TRUE if initialization was successful
  */
 bool libtpmtss_init(void);
 
 /**
- * libtpmtss de-initialization function
+ * Deinitialize libtpmtss
  */
 void libtpmtss_deinit(void);
 
+/**
+ * Create a tpm_tss instance.
+ *
+ * @param version			TPM version that must be supported by TSS
+ */
+tpm_tss_t *tpm_tss_probe(tpm_version_t version);
+
 #endif /** TPM_TSS_H_ @}*/
diff --git a/src/tpm_extendpcr/tpm_extendpcr.c b/src/tpm_extendpcr/tpm_extendpcr.c
index 31d0d3d252..23d652f129 100644
--- a/src/tpm_extendpcr/tpm_extendpcr.c
+++ b/src/tpm_extendpcr/tpm_extendpcr.c
@@ -117,7 +117,6 @@ static void exit_tpm_extendpcr(err_t message, ...)
 		fprintf(stderr, "tpm_extendpcr error: %s\n", m);
 		status = -1;
 	}
-	library_deinit();
 	exit(status);
 }
 
@@ -166,17 +165,23 @@ int main(int argc, char *argv[])
 	uint32_t pcr = 16;
 	bool hash = FALSE;
 
-	atexit(library_deinit);
 	if (!library_init(NULL, "tpm_extendpcr"))
 	{
 		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
 	}
+	atexit(library_deinit);
 	if (lib->integrity &&
 		!lib->integrity->check_file(lib->integrity, "tpm_extendpcr", argv[0]))
 	{
 		fprintf(stderr, "integrity check of tpm_extendpcr failed\n");
 		exit(SS_RC_DAEMON_INTEGRITY);
 	}
+	if (!libtpmtss_init())
+	{
+		fprintf(stderr, "libtpmtss initialization failed\n");
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+	atexit(libtpmtss_deinit);
 
 	for (;;)
 	{
@@ -250,7 +255,7 @@ int main(int argc, char *argv[])
 
 	if (!lib->plugins->load(lib->plugins,
 			lib->settings->get_str(lib->settings, "tpm_extendpcr.load",
-												  "tpm sha1 sha2")))
+												  "sha1 sha2")))
 	{
 		exit_tpm_extendpcr("plugin loading failed");
 	}