libtpmtss: Initialize library from all users

Previously, only the tpm plugin initialized the library, so in order to use a TPM 2.0 (a required TCTI library is loaded via init), it was necessary to load it even if none of its actual features were used.
2025-10-05 00:00:45 -04:00 · 2021-08-20 16:34:48 +02:00 · 2021-08-20 16:34:48 +02:00 · 5126e7c0fc
commit 5126e7c0fc
parent 6c1210dcf6
5 changed files with 45 additions and 18 deletions
--- a/src/aikgen/aikgen.c
+++ b/src/aikgen/aikgen.c
@ -137,7 +137,6 @@ static void exit_aikgen(err_t message, ...)
 		fprintf(stderr, "aikgen error: %s\n", m);
 		status = -1;
 	}
-	library_deinit();
 	exit(status);
 }

@ -194,17 +193,23 @@ int main(int argc, char *argv[])
 	chunk_t aik_blob;
 	hasher_t *hasher;

-	atexit(library_deinit);
 	if (!library_init(NULL, "aikgen"))
 	{
 		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
 	}
+	atexit(library_deinit);
 	if (lib->integrity &&
 		!lib->integrity->check_file(lib->integrity, "aikgen", argv[0]))
 	{
 		fprintf(stderr, "integrity check of aikgen failed\n");
 		exit(SS_RC_DAEMON_INTEGRITY);
 	}
+	if (!libtpmtss_init())
+	{
+		fprintf(stderr, "libtpmtss initialization failed\n");
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+	atexit(libtpmtss_deinit);

 	/* initialize global variables */
 	options = options_create();
--- a/src/libimcv/imcv.c
+++ b/src/libimcv/imcv.c
@ -132,7 +132,7 @@ bool libimcv_init(bool is_imv)
 	if (lib)
 	{
 		/* did main program initialize libstrongswan? */
-		if (libstrongswan_ref == 0)
+		if (!ref_cur(&libstrongswan_ref))
 		{
 			ref_get(&libstrongswan_ref);
 		}
@ -171,10 +171,12 @@ bool libimcv_init(bool is_imv)
 	lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins",
 								lib->ns);

-	if (libimcv_ref == 0)
+	if (!ref_cur(&libimcv_ref))
 	{
 		char *uri, *script;

+		libtpmtss_init();
+
 		/* initialize the PA-TNC attribute manager */
 	 	imcv_pa_tnc_attributes = pa_tnc_attr_manager_create();
 		imcv_pa_tnc_attributes->add_vendor(imcv_pa_tnc_attributes, PEN_IETF,
@ -246,6 +248,8 @@ void libimcv_deinit(void)
 		DESTROY_IF(imcv_db);
 		DESTROY_IF(imcv_sessions);
 		DBG1(DBG_LIB, "libimcv terminated");
+
+		libtpmtss_deinit();
 	}
 	if (ref_put(&libstrongswan_ref))
 	{
--- a/src/libtpmtss/tpm_tss.c
+++ b/src/libtpmtss/tpm_tss.c
@ -24,12 +24,22 @@
 #include "plugin_constructors.c"
 #endif

+/**
+ * Reference counter for library initialization
+ */
+static refcount_t libtpmtss_ref = 0;
+
 /**
 * Described in header.
 */
 bool libtpmtss_init(void)
 {
-	return tpm_tss_tss2_init();
+	if (ref_cur(&libtpmtss_ref) || tpm_tss_tss2_init())
+	{
+		ref_get(&libtpmtss_ref);
+		return TRUE;
+	}
+	return FALSE;
 }

 /**
@ -37,7 +47,10 @@ bool libtpmtss_init(void)
 */
 void libtpmtss_deinit(void)
 {
-	tpm_tss_tss2_deinit();
+	if (ref_cur(&libtpmtss_ref) && ref_put(&libtpmtss_ref))
+	{
+		tpm_tss_tss2_deinit();
+	}
 }

 typedef tpm_tss_t*(*tpm_tss_create)(void);
--- a/src/libtpmtss/tpm_tss.h
+++ b/src/libtpmtss/tpm_tss.h
@ -192,22 +192,22 @@ struct tpm_tss_t {
 };

 /**
- * Create a tpm_tss instance.
- *
- * @param version	TPM version that must be supported by TSS
- */
-tpm_tss_t *tpm_tss_probe(tpm_version_t version);
-
-/**
- * libtpmtss initialization function
+ * Initialize libtpmtss
 *
 * @return					TRUE if initialization was successful
 */
 bool libtpmtss_init(void);

 /**
- * libtpmtss de-initialization function
+ * Deinitialize libtpmtss
 */
 void libtpmtss_deinit(void);

+/**
+ * Create a tpm_tss instance.
+ *
+ * @param version			TPM version that must be supported by TSS
+ */
+tpm_tss_t *tpm_tss_probe(tpm_version_t version);
+
 #endif /** TPM_TSS_H_ @}*/
--- a/src/tpm_extendpcr/tpm_extendpcr.c
+++ b/src/tpm_extendpcr/tpm_extendpcr.c
@ -117,7 +117,6 @@ static void exit_tpm_extendpcr(err_t message, ...)
 		fprintf(stderr, "tpm_extendpcr error: %s\n", m);
 		status = -1;
 	}
-	library_deinit();
 	exit(status);
 }

@ -166,17 +165,23 @@ int main(int argc, char *argv[])
 	uint32_t pcr = 16;
 	bool hash = FALSE;

-	atexit(library_deinit);
 	if (!library_init(NULL, "tpm_extendpcr"))
 	{
 		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
 	}
+	atexit(library_deinit);
 	if (lib->integrity &&
 		!lib->integrity->check_file(lib->integrity, "tpm_extendpcr", argv[0]))
 	{
 		fprintf(stderr, "integrity check of tpm_extendpcr failed\n");
 		exit(SS_RC_DAEMON_INTEGRITY);
 	}
+	if (!libtpmtss_init())
+	{
+		fprintf(stderr, "libtpmtss initialization failed\n");
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+	atexit(libtpmtss_deinit);

 	for (;;)
 	{
@ -250,7 +255,7 @@ int main(int argc, char *argv[])

 	if (!lib->plugins->load(lib->plugins,
 			lib->settings->get_str(lib->settings, "tpm_extendpcr.load",
-												  "tpm sha1 sha2")))
+												  "sha1 sha2")))
 	{
 		exit_tpm_extendpcr("plugin loading failed");
 	}