diff --git a/SOURCES/0001-Esys_CreateLoaded-fix-resource-name-calculation.patch b/SOURCES/0001-Esys_CreateLoaded-fix-resource-name-calculation.patch
new file mode 100644
index 0000000..a6db576
--- /dev/null
+++ b/SOURCES/0001-Esys_CreateLoaded-fix-resource-name-calculation.patch
@@ -0,0 +1,128 @@
+From 70e9fae7ef535e7cf27a72ddbc818dfefcbdbdbb Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@intel.com>
+Date: Wed, 18 Sep 2019 11:29:57 -0700
+Subject: [PATCH] Esys_CreateLoaded: fix resource name calculation
+
+The name calculated and cached for the ESYS_TR resource object was based
+on the user supplied TPMT_PUBLIC. However, this template is often
+missing data that the TPM fills in and returns in the TPM2B_PUBLIC
+structure. Because of this, the cached name returned from
+Esys_TR_GetName() and the name read from Esys_ReadPublic() would differ.
+
+Add a test to detect this condition and correct it by copying the
+returned TPM2B_PUBLIC to the ESYS_TR resource nodes TPM2B_PUBLIC cache
+and calculate the name off of that.
+
+Fixes: #1516
+
+Signed-off-by: William Roberts <william.c.roberts@intel.com>
+---
+ src/tss2-esys/api/Esys_CreateLoaded.c | 14 ++++-----
+ test/integration/esys-createloaded.int.c | 37 ++++++++++++++++++++++++
+ 2 files changed, 42 insertions(+), 9 deletions(-)
+
+diff --git a/src/tss2-esys/api/Esys_CreateLoaded.c b/src/tss2-esys/api/Esys_CreateLoaded.c
+index a92649cade27..44c4400fcff9 100644
+--- a/src/tss2-esys/api/Esys_CreateLoaded.c
++++ b/src/tss2-esys/api/Esys_CreateLoaded.c
+@@ -317,14 +317,6 @@ Esys_CreateLoaded_Finish(
+ goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
+ }
+
+- /* Update the meta data of the ESYS_TR object */
+- objectHandleNode->rsrc.rsrcType = IESYSC_KEY_RSRC;
+- size_t offset = 0;
+- r = Tss2_MU_TPMT_PUBLIC_Unmarshal(&esysContext->in.CreateLoaded.inPublic->buffer[0],
+- sizeof(TPMT_PUBLIC), &offset ,
+- &objectHandleNode->rsrc.misc.rsrc_key_pub.publicArea);
+- goto_if_error(r, "Unmarshal TPMT_PUBULIC", error_cleanup);
+-
+ /*Receive the TPM response and handle resubmissions if necessary. */
+ r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
+ if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
+@@ -386,8 +378,12 @@ Esys_CreateLoaded_Finish(
+ error_cleanup);
+
+
++ /* Update the meta data of the ESYS_TR object */
++ objectHandleNode->rsrc.rsrcType = IESYSC_KEY_RSRC;
++ objectHandleNode->rsrc.misc.rsrc_key_pub = *loutPublic;
++
+ /* Check name and outPublic for consistency */
+- if (!iesys_compare_name(loutPublic, &name))
++ if (!iesys_compare_name(&objectHandleNode->rsrc.misc.rsrc_key_pub, &name))
+ goto_error(r, TSS2_ESYS_RC_MALFORMED_RESPONSE,
+ "in Public name not equal name in response", error_cleanup);
+
+diff --git a/test/integration/esys-createloaded.int.c b/test/integration/esys-createloaded.int.c
+index ec8d68a0d43d..118f2a3bb1ff 100644
+--- a/test/integration/esys-createloaded.int.c
++++ b/test/integration/esys-createloaded.int.c
+@@ -8,6 +8,7 @@
+ #include <config.h>
+ #endif
+
++#include <stdbool.h>
+ #include <stdlib.h>
+
+ #include "tss2_esys.h"
+@@ -19,6 +20,35 @@
+ #include "util/log.h"
+ #include "util/aux_util.h"
+
++static bool check_name(ESYS_CONTEXT * esys_context, ESYS_TR object_handle)
++{
++ bool result = false;
++
++ TPM2B_NAME *read_name = NULL;
++ TPM2B_NAME *get_name = NULL;
++
++ TSS2_RC r = Esys_ReadPublic(esys_context, object_handle,
++ ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
++ NULL, &read_name, NULL);
++ goto_if_error(r, "Error esys readpublic", out);
++
++ r = Esys_TR_GetName(esys_context, object_handle, &get_name);
++ goto_if_error(r, "Error esys getname", out);
++
++ if (read_name->size != get_name->size) {
++ LOG_ERROR("name size mismatch %u != %u",
++ read_name->size, get_name->size);
++ goto out;
++ }
++
++ result = memcmp(read_name->name, get_name->name, get_name->size) == 0;
++
++out:
++ free(read_name);
++ free(get_name);
++
++ return result;
++}
+ /** This test is intended to test the ESAPI command CreateLoaded.
+ *
+ * We start by creating a primary key (Esys_CreatePrimary).
+@@ -29,6 +59,8 @@
+ * - Esys_CreatePrimary() (M)
+ * - Esys_FlushContext() (M)
+ * - Esys_StartAuthSession() (M)
++ * - Esys_TR_GetName() (M)
++ * - Esys_TR_ReadPublic() (M)
+ *
+ * Used compiler defines: TEST_SESSION
+ *
+@@ -239,6 +271,11 @@ test_esys_createloaded(ESYS_CONTEXT * esys_context)
+
+ goto_if_error(r, "Error During CreateLoaded", error);
+
++ bool names_match = check_name(esys_context, objectHandle);
++ if (!names_match) {
++ goto error;
++ }
++
+ r = Esys_FlushContext(esys_context, primaryHandle);
+ goto_if_error(r, "Flushing context", error);
+
+--
+2.27.0
+
diff --git a/SOURCES/0001-Return-proper-error-code-on-memory-allocation-failur.patch b/SOURCES/0001-Return-proper-error-code-on-memory-allocation-failur.patch
new file mode 100644
index 0000000..bb70296
--- /dev/null
+++ b/SOURCES/0001-Return-proper-error-code-on-memory-allocation-failur.patch
@@ -0,0 +1,25 @@
+From 93aab9433b5d66a916e28016a4b60c4a1c39acfc Mon Sep 17 00:00:00 2001
+From: Pieter Agten <pieter.agten@gmail.com>
+Date: Tue, 3 Dec 2019 20:52:29 +0100
+Subject: [PATCH] Return proper error code on memory allocation failure
+
+Signed-off-by: Pieter Agten <pieter.agten@gmail.com>
+---
+ src/tss2-tcti/tctildr.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/tss2-tcti/tctildr.c b/src/tss2-tcti/tctildr.c
+index ff967317b57b..1528f6e52fd0 100644
+--- a/src/tss2-tcti/tctildr.c
++++ b/src/tss2-tcti/tctildr.c
+@@ -421,6 +421,7 @@ Tss2_TctiLdr_Initialize_Ex (const char *name,
+ }
+ ldr_ctx = calloc (1, sizeof (TSS2_TCTILDR_CONTEXT));
+ if (ldr_ctx == NULL) {
++ rc = TSS2_TCTI_RC_MEMORY;
+ goto err;
+ }
+ TSS2_TCTI_MAGIC (ldr_ctx) = TCTILDR_MAGIC;
+--
+2.27.0
+
diff --git a/SOURCES/0001-build-update-exported-symbols-map-for-libtss2-mu.patch b/SOURCES/0001-build-update-exported-symbols-map-for-libtss2-mu.patch
new file mode 100644
index 0000000..07dde22
--- /dev/null
+++ b/SOURCES/0001-build-update-exported-symbols-map-for-libtss2-mu.patch
@@ -0,0 +1,51 @@
+From b27956422d1b5bb53a56366e9b7e978f6b95e2f9 Mon Sep 17 00:00:00 2001
+From: Erik Larsson <who+github@cnackers.org>
+Date: Mon, 2 Dec 2019 11:21:02 +0100
+Subject: [PATCH] build: update exported symbols map for libtss2-mu
+
+Signed-off-by: Erik Larsson <who+github@cnackers.org>
+---
+ lib/tss2-mu.def | 4 ++++
+ lib/tss2-mu.map | 4 ++--
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/lib/tss2-mu.def b/lib/tss2-mu.def
+index 36f4ba37b9fc..3c80cf225f77 100644
+--- a/lib/tss2-mu.def
++++ b/lib/tss2-mu.def
+@@ -226,6 +226,10 @@ EXPORTS
+ Tss2_MU_TPMU_PUBLIC_PARMS_Unmarshal
+ Tss2_MU_TPMU_PUBLIC_ID_Marshal
+ Tss2_MU_TPMU_PUBLIC_ID_Unmarshal
++ Tss2_MU_TPMU_NAME_Marshal
++ Tss2_MU_TPMU_NAME_Unmarshal
++ Tss2_MU_TPMU_ENCRYPTED_SECRET_Marshal
++ Tss2_MU_TPMU_ENCRYPTED_SECRET_Unmarshal
+ Tss2_MU_TPMT_HA_Marshal
+ Tss2_MU_TPMT_HA_Unmarshal
+ Tss2_MU_TPMT_SYM_DEF_Marshal
+diff --git a/lib/tss2-mu.map b/lib/tss2-mu.map
+index 8ac754ed096a..09d9317e6749 100644
+--- a/lib/tss2-mu.map
++++ b/lib/tss2-mu.map
+@@ -228,6 +228,8 @@
+ Tss2_MU_TPMU_PUBLIC_ID_Unmarshal;
+ Tss2_MU_TPMU_NAME_Marshal;
+ Tss2_MU_TPMU_NAME_Unmarshal;
++ Tss2_MU_TPMU_ENCRYPTED_SECRET_Marshal;
++ Tss2_MU_TPMU_ENCRYPTED_SECRET_Unmarshal;
+ Tss2_MU_TPMT_HA_Marshal;
+ Tss2_MU_TPMT_HA_Unmarshal;
+ Tss2_MU_TPMT_SYM_DEF_Marshal;
+@@ -274,8 +276,6 @@
+ Tss2_MU_TPM2_NT_Unmarshal;
+ Tss2_MU_TPMI_ALG_HASH_Marshal;
+ Tss2_MU_TPMI_ALG_HASH_Unmarshal;
+- Tss2_MU_TPMI_BYTE_Marshal;
+- Tss2_MU_TPMI_BYTE_Unmarshal;
+ local:
+ *;
+ };
+--
+2.27.0
+
diff --git a/SOURCES/0001-esys-Check-object-handle-node-before-calling-compute.patch b/SOURCES/0001-esys-Check-object-handle-node-before-calling-compute.patch
new file mode 100644
index 0000000..2bee867
--- /dev/null
+++ b/SOURCES/0001-esys-Check-object-handle-node-before-calling-compute.patch
@@ -0,0 +1,1314 @@
+From f9a2e69bbc0e5f11ec2fe351ed8e610853857aba Mon Sep 17 00:00:00 2001
+From: Tadeusz Struk <tadeusz.struk@intel.com>
+Date: Thu, 9 Jan 2020 14:16:50 -0800
+Subject: [PATCH] esys: Check object handle node before calling
+ compute_session_value()
+
+Fixes: #1593
+Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
+---
+ src/tss2-esys/api/Esys_ActivateCredential.c | 15 +++++++++++----
+ src/tss2-esys/api/Esys_Certify.c | 12 ++++++++++--
+ src/tss2-esys/api/Esys_CertifyCreation.c | 8 ++++++--
+ src/tss2-esys/api/Esys_ChangeEPS.c | 8 ++++++--
+ src/tss2-esys/api/Esys_ChangePPS.c | 6 +++++-
+ src/tss2-esys/api/Esys_Clear.c | 6 +++++-
+ src/tss2-esys/api/Esys_ClearControl.c | 6 +++++-
+ src/tss2-esys/api/Esys_ClockRateAdjust.c | 8 ++++++--
+ src/tss2-esys/api/Esys_ClockSet.c | 6 +++++-
+ src/tss2-esys/api/Esys_Commit.c | 6 +++++-
+ src/tss2-esys/api/Esys_Create.c | 7 ++++++-
+ src/tss2-esys/api/Esys_CreateLoaded.c | 6 +++++-
+ src/tss2-esys/api/Esys_CreatePrimary.c | 6 +++++-
+ .../api/Esys_DictionaryAttackLockReset.c | 6 +++++-
+ .../api/Esys_DictionaryAttackParameters.c | 6 +++++-
+ src/tss2-esys/api/Esys_Duplicate.c | 6 +++++-
+ src/tss2-esys/api/Esys_ECDH_ZGen.c | 6 +++++-
+ src/tss2-esys/api/Esys_EncryptDecrypt.c | 6 +++++-
+ src/tss2-esys/api/Esys_EncryptDecrypt2.c | 6 +++++-
+ src/tss2-esys/api/Esys_EventSequenceComplete.c | 15 +++++++++++----
+ src/tss2-esys/api/Esys_EvictControl.c | 6 +++++-
+ src/tss2-esys/api/Esys_FieldUpgradeStart.c | 6 +++++-
+ src/tss2-esys/api/Esys_GetCommandAuditDigest.c | 6 +++++-
+ src/tss2-esys/api/Esys_GetSessionAuditDigest.c | 6 +++++-
+ src/tss2-esys/api/Esys_GetTime.c | 6 +++++-
+ src/tss2-esys/api/Esys_HMAC.c | 6 +++++-
+ src/tss2-esys/api/Esys_HMAC_Start.c | 6 +++++-
+ src/tss2-esys/api/Esys_HierarchyChangeAuth.c | 6 +++++-
+ src/tss2-esys/api/Esys_HierarchyControl.c | 6 +++++-
+ src/tss2-esys/api/Esys_Import.c | 6 +++++-
+ src/tss2-esys/api/Esys_Load.c | 6 +++++-
+ src/tss2-esys/api/Esys_NV_Certify.c | 12 ++++++++++--
+ src/tss2-esys/api/Esys_NV_ChangeAuth.c | 6 +++++-
+ src/tss2-esys/api/Esys_NV_DefineSpace.c | 6 +++++-
+ src/tss2-esys/api/Esys_NV_Extend.c | 6 +++++-
+ src/tss2-esys/api/Esys_NV_GlobalWriteLock.c | 6 +++++-
+ src/tss2-esys/api/Esys_NV_Increment.c | 6 +++++-
+ src/tss2-esys/api/Esys_NV_Read.c | 6 +++++-
+ src/tss2-esys/api/Esys_NV_ReadLock.c | 6 +++++-
+ src/tss2-esys/api/Esys_NV_SetBits.c | 6 +++++-
+ src/tss2-esys/api/Esys_NV_UndefineSpace.c | 6 +++++-
+ src/tss2-esys/api/Esys_NV_UndefineSpaceSpecial.c | 12 ++++++++++--
+ src/tss2-esys/api/Esys_NV_Write.c | 6 +++++-
+ src/tss2-esys/api/Esys_NV_WriteLock.c | 6 +++++-
+ src/tss2-esys/api/Esys_ObjectChangeAuth.c | 6 +++++-
+ src/tss2-esys/api/Esys_PCR_Allocate.c | 6 +++++-
+ src/tss2-esys/api/Esys_PCR_Event.c | 6 +++++-
+ src/tss2-esys/api/Esys_PCR_Extend.c | 6 +++++-
+ src/tss2-esys/api/Esys_PCR_Reset.c | 6 +++++-
+ src/tss2-esys/api/Esys_PCR_SetAuthPolicy.c | 6 +++++-
+ src/tss2-esys/api/Esys_PCR_SetAuthValue.c | 6 +++++-
+ src/tss2-esys/api/Esys_PP_Commands.c | 6 +++++-
+ src/tss2-esys/api/Esys_PolicyAuthorizeNV.c | 6 +++++-
+ src/tss2-esys/api/Esys_PolicyNV.c | 6 +++++-
+ src/tss2-esys/api/Esys_PolicySecret.c | 6 +++++-
+ src/tss2-esys/api/Esys_Quote.c | 6 +++++-
+ src/tss2-esys/api/Esys_RSA_Decrypt.c | 6 +++++-
+ src/tss2-esys/api/Esys_Rewrap.c | 6 +++++-
+ src/tss2-esys/api/Esys_SequenceComplete.c | 9 ++++++---
+ src/tss2-esys/api/Esys_SequenceUpdate.c | 9 ++++++---
+ src/tss2-esys/api/Esys_SetAlgorithmSet.c | 6 +++++-
+ .../api/Esys_SetCommandCodeAuditStatus.c | 6 +++++-
+ src/tss2-esys/api/Esys_SetPrimaryPolicy.c | 6 +++++-
+ src/tss2-esys/api/Esys_Sign.c | 6 +++++-
+ src/tss2-esys/api/Esys_Unseal.c | 6 +++++-
+ src/tss2-esys/api/Esys_ZGen_2Phase.c | 6 +++++-
+ 66 files changed, 363 insertions(+), 82 deletions(-)
+
+diff --git a/src/tss2-esys/api/Esys_ActivateCredential.c b/src/tss2-esys/api/Esys_ActivateCredential.c
+index 3d332521528e..9377ad2a0627 100644
+--- a/src/tss2-esys/api/Esys_ActivateCredential.c
++++ b/src/tss2-esys/api/Esys_ActivateCredential.c
+@@ -194,10 +194,17 @@ Esys_ActivateCredential_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
+- &activateHandleNode->rsrc.name, &activateHandleNode->auth);
+- iesys_compute_session_value(esysContext->session_tab[1],
+- &keyHandleNode->rsrc.name, &keyHandleNode->auth);
++ if (activateHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
++ &activateHandleNode->rsrc.name, &activateHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
++ if (keyHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[1],
++ &keyHandleNode->rsrc.name, &keyHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+ /* Generate the auth values and set them in the SAPI command buffer */
+diff --git a/src/tss2-esys/api/Esys_Certify.c b/src/tss2-esys/api/Esys_Certify.c
+index d34d70b88ff7..96c627606684 100644
+--- a/src/tss2-esys/api/Esys_Certify.c
++++ b/src/tss2-esys/api/Esys_Certify.c
+@@ -193,10 +193,18 @@ Esys_Certify_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (objectHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &objectHandleNode->rsrc.name, &objectHandleNode->auth);
+- iesys_compute_session_value(esysContext->session_tab[1],
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
++ if (signHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[1],
+ &signHandleNode->rsrc.name, &signHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+ /* Generate the auth values and set them in the SAPI command buffer */
+diff --git a/src/tss2-esys/api/Esys_CertifyCreation.c b/src/tss2-esys/api/Esys_CertifyCreation.c
+index 04c07a9bf33c..3135a49f77ca 100644
+--- a/src/tss2-esys/api/Esys_CertifyCreation.c
++++ b/src/tss2-esys/api/Esys_CertifyCreation.c
+@@ -209,8 +209,12 @@ Esys_CertifyCreation_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
+- &signHandleNode->rsrc.name, &signHandleNode->auth);
++ if (signHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
++ &signHandleNode->rsrc.name, &signHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_ChangeEPS.c b/src/tss2-esys/api/Esys_ChangeEPS.c
+index 954c442547f3..d76a613d417e 100644
+--- a/src/tss2-esys/api/Esys_ChangeEPS.c
++++ b/src/tss2-esys/api/Esys_ChangeEPS.c
+@@ -175,8 +175,12 @@ Esys_ChangeEPS_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
+- &authHandleNode->rsrc.name, &authHandleNode->auth);
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
++ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_ChangePPS.c b/src/tss2-esys/api/Esys_ChangePPS.c
+index c182533cebc5..ea0f9746c247 100644
+--- a/src/tss2-esys/api/Esys_ChangePPS.c
++++ b/src/tss2-esys/api/Esys_ChangePPS.c
+@@ -175,8 +175,12 @@ Esys_ChangePPS_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_Clear.c b/src/tss2-esys/api/Esys_Clear.c
+index 96ffb470309f..f5c0b827425a 100644
+--- a/src/tss2-esys/api/Esys_Clear.c
++++ b/src/tss2-esys/api/Esys_Clear.c
+@@ -174,8 +174,12 @@ Esys_Clear_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_ClearControl.c b/src/tss2-esys/api/Esys_ClearControl.c
+index a9fcd1b5e2e9..a4d8b4d0bab6 100644
+--- a/src/tss2-esys/api/Esys_ClearControl.c
++++ b/src/tss2-esys/api/Esys_ClearControl.c
+@@ -181,8 +181,12 @@ Esys_ClearControl_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authNode->rsrc.name, &authNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_ClockRateAdjust.c b/src/tss2-esys/api/Esys_ClockRateAdjust.c
+index cb25c8502d23..931645c95296 100644
+--- a/src/tss2-esys/api/Esys_ClockRateAdjust.c
++++ b/src/tss2-esys/api/Esys_ClockRateAdjust.c
+@@ -179,8 +179,12 @@ Esys_ClockRateAdjust_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
+- &authNode->rsrc.name, &authNode->auth);
++ if (authNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
++ &authNode->rsrc.name, &authNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_ClockSet.c b/src/tss2-esys/api/Esys_ClockSet.c
+index 7191576aec6b..b38219e7cbf3 100644
+--- a/src/tss2-esys/api/Esys_ClockSet.c
++++ b/src/tss2-esys/api/Esys_ClockSet.c
+@@ -179,8 +179,12 @@ Esys_ClockSet_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authNode->rsrc.name, &authNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_Commit.c b/src/tss2-esys/api/Esys_Commit.c
+index 52298e4c7c6c..8992c20ca419 100644
+--- a/src/tss2-esys/api/Esys_Commit.c
++++ b/src/tss2-esys/api/Esys_Commit.c
+@@ -190,8 +190,12 @@ Esys_Commit_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (signHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &signHandleNode->rsrc.name, &signHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_Create.c b/src/tss2-esys/api/Esys_Create.c
+index c7e59f7ed5ff..c21ed7bc7d42 100644
+--- a/src/tss2-esys/api/Esys_Create.c
++++ b/src/tss2-esys/api/Esys_Create.c
+@@ -204,8 +204,13 @@ Esys_Create_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++
++ if (parentHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &parentHandleNode->rsrc.name, &parentHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_CreateLoaded.c b/src/tss2-esys/api/Esys_CreateLoaded.c
+index a92649cade27..7b366045e5eb 100644
+--- a/src/tss2-esys/api/Esys_CreateLoaded.c
++++ b/src/tss2-esys/api/Esys_CreateLoaded.c
+@@ -210,8 +210,12 @@ Esys_CreateLoaded_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (parentHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &parentHandleNode->rsrc.name, &parentHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_CreatePrimary.c b/src/tss2-esys/api/Esys_CreatePrimary.c
+index 9eb19042e7bb..a9b9e8f2dfe6 100644
+--- a/src/tss2-esys/api/Esys_CreatePrimary.c
++++ b/src/tss2-esys/api/Esys_CreatePrimary.c
+@@ -223,8 +223,12 @@ Esys_CreatePrimary_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (primaryHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &primaryHandleNode->rsrc.name, &primaryHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_DictionaryAttackLockReset.c b/src/tss2-esys/api/Esys_DictionaryAttackLockReset.c
+index 1e8207fe7cfc..bada24bd3dbd 100644
+--- a/src/tss2-esys/api/Esys_DictionaryAttackLockReset.c
++++ b/src/tss2-esys/api/Esys_DictionaryAttackLockReset.c
+@@ -176,8 +176,12 @@ Esys_DictionaryAttackLockReset_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (lockHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &lockHandleNode->rsrc.name, &lockHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_DictionaryAttackParameters.c b/src/tss2-esys/api/Esys_DictionaryAttackParameters.c
+index f10aa2f06b46..a61a5b4d4f26 100644
+--- a/src/tss2-esys/api/Esys_DictionaryAttackParameters.c
++++ b/src/tss2-esys/api/Esys_DictionaryAttackParameters.c
+@@ -198,8 +198,12 @@ Esys_DictionaryAttackParameters_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (lockHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &lockHandleNode->rsrc.name, &lockHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_Duplicate.c b/src/tss2-esys/api/Esys_Duplicate.c
+index d0e5799897e2..c587fd740af7 100644
+--- a/src/tss2-esys/api/Esys_Duplicate.c
++++ b/src/tss2-esys/api/Esys_Duplicate.c
+@@ -202,8 +202,12 @@ Esys_Duplicate_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (objectHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &objectHandleNode->rsrc.name, &objectHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_ECDH_ZGen.c b/src/tss2-esys/api/Esys_ECDH_ZGen.c
+index 24e487363f0f..dad825960e62 100644
+--- a/src/tss2-esys/api/Esys_ECDH_ZGen.c
++++ b/src/tss2-esys/api/Esys_ECDH_ZGen.c
+@@ -171,8 +171,12 @@ Esys_ECDH_ZGen_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (keyHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &keyHandleNode->rsrc.name, &keyHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_EncryptDecrypt.c b/src/tss2-esys/api/Esys_EncryptDecrypt.c
+index 506f22e68317..e3b6cc64f58a 100644
+--- a/src/tss2-esys/api/Esys_EncryptDecrypt.c
++++ b/src/tss2-esys/api/Esys_EncryptDecrypt.c
+@@ -196,8 +196,12 @@ Esys_EncryptDecrypt_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (keyHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &keyHandleNode->rsrc.name, &keyHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_EncryptDecrypt2.c b/src/tss2-esys/api/Esys_EncryptDecrypt2.c
+index a6fa4b1f2185..bdbae8392f57 100644
+--- a/src/tss2-esys/api/Esys_EncryptDecrypt2.c
++++ b/src/tss2-esys/api/Esys_EncryptDecrypt2.c
+@@ -190,8 +190,12 @@ Esys_EncryptDecrypt2_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (keyHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &keyHandleNode->rsrc.name, &keyHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_EventSequenceComplete.c b/src/tss2-esys/api/Esys_EventSequenceComplete.c
+index c318a67a4369..6ee7904a358d 100644
+--- a/src/tss2-esys/api/Esys_EventSequenceComplete.c
++++ b/src/tss2-esys/api/Esys_EventSequenceComplete.c
+@@ -189,11 +189,18 @@ Esys_EventSequenceComplete_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (pcrHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &pcrHandleNode->rsrc.name, &pcrHandleNode->auth);
+- iesys_compute_session_value(esysContext->session_tab[1],
+- sequenceHandleNode ? &sequenceHandleNode->rsrc.name : NULL,
+- sequenceHandleNode ? &sequenceHandleNode->auth : NULL);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
++ if (sequenceHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[1],
++ &sequenceHandleNode->rsrc.name, &sequenceHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+ /* Generate the auth values and set them in the SAPI command buffer */
+diff --git a/src/tss2-esys/api/Esys_EvictControl.c b/src/tss2-esys/api/Esys_EvictControl.c
+index fe7aaaccf888..faade51c7060 100644
+--- a/src/tss2-esys/api/Esys_EvictControl.c
++++ b/src/tss2-esys/api/Esys_EvictControl.c
+@@ -209,8 +209,12 @@ Esys_EvictControl_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authNode->rsrc.name, &authNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_FieldUpgradeStart.c b/src/tss2-esys/api/Esys_FieldUpgradeStart.c
+index 27f963accf40..2e1a07e29700 100644
+--- a/src/tss2-esys/api/Esys_FieldUpgradeStart.c
++++ b/src/tss2-esys/api/Esys_FieldUpgradeStart.c
+@@ -196,8 +196,12 @@ Esys_FieldUpgradeStart_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authorizationNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authorizationNode->rsrc.name, &authorizationNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_GetCommandAuditDigest.c b/src/tss2-esys/api/Esys_GetCommandAuditDigest.c
+index 0c3b642b3c51..714b3706bf40 100644
+--- a/src/tss2-esys/api/Esys_GetCommandAuditDigest.c
++++ b/src/tss2-esys/api/Esys_GetCommandAuditDigest.c
+@@ -196,8 +196,12 @@ Esys_GetCommandAuditDigest_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (privacyHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &privacyHandleNode->rsrc.name, &privacyHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1],
+ &signHandleNode->rsrc.name, &signHandleNode->auth);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+diff --git a/src/tss2-esys/api/Esys_GetSessionAuditDigest.c b/src/tss2-esys/api/Esys_GetSessionAuditDigest.c
+index 9d7ef314a637..38a62787d892 100644
+--- a/src/tss2-esys/api/Esys_GetSessionAuditDigest.c
++++ b/src/tss2-esys/api/Esys_GetSessionAuditDigest.c
+@@ -210,8 +210,12 @@ Esys_GetSessionAuditDigest_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (privacyAdminHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &privacyAdminHandleNode->rsrc.name, &privacyAdminHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1],
+ &signHandleNode->rsrc.name, &signHandleNode->auth);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+diff --git a/src/tss2-esys/api/Esys_GetTime.c b/src/tss2-esys/api/Esys_GetTime.c
+index 2142b8ec47df..6948dcbdcba6 100644
+--- a/src/tss2-esys/api/Esys_GetTime.c
++++ b/src/tss2-esys/api/Esys_GetTime.c
+@@ -194,8 +194,12 @@ Esys_GetTime_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (privacyAdminHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &privacyAdminHandleNode->rsrc.name, &privacyAdminHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1],
+ &signHandleNode->rsrc.name, &signHandleNode->auth);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+diff --git a/src/tss2-esys/api/Esys_HMAC.c b/src/tss2-esys/api/Esys_HMAC.c
+index 0d92f1c0c363..0e57c647d959 100644
+--- a/src/tss2-esys/api/Esys_HMAC.c
++++ b/src/tss2-esys/api/Esys_HMAC.c
+@@ -177,8 +177,12 @@ Esys_HMAC_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (handleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &handleNode->rsrc.name, &handleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_HMAC_Start.c b/src/tss2-esys/api/Esys_HMAC_Start.c
+index afecbfbaf0a6..b129be39a4d2 100644
+--- a/src/tss2-esys/api/Esys_HMAC_Start.c
++++ b/src/tss2-esys/api/Esys_HMAC_Start.c
+@@ -194,8 +194,12 @@ Esys_HMAC_Start_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (handleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &handleNode->rsrc.name, &handleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_HierarchyChangeAuth.c b/src/tss2-esys/api/Esys_HierarchyChangeAuth.c
+index 90d87bb5d76c..39672ed6823b 100644
+--- a/src/tss2-esys/api/Esys_HierarchyChangeAuth.c
++++ b/src/tss2-esys/api/Esys_HierarchyChangeAuth.c
+@@ -194,8 +194,12 @@ Esys_HierarchyChangeAuth_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_HierarchyControl.c b/src/tss2-esys/api/Esys_HierarchyControl.c
+index 16fd593a6484..55207f20e6d2 100644
+--- a/src/tss2-esys/api/Esys_HierarchyControl.c
++++ b/src/tss2-esys/api/Esys_HierarchyControl.c
+@@ -189,8 +189,12 @@ Esys_HierarchyControl_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_Import.c b/src/tss2-esys/api/Esys_Import.c
+index d7c36352b21f..8c24ed410c37 100644
+--- a/src/tss2-esys/api/Esys_Import.c
++++ b/src/tss2-esys/api/Esys_Import.c
+@@ -199,8 +199,12 @@ Esys_Import_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (parentHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &parentHandleNode->rsrc.name, &parentHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_Load.c b/src/tss2-esys/api/Esys_Load.c
+index b695991924c8..410d9c8bcc73 100644
+--- a/src/tss2-esys/api/Esys_Load.c
++++ b/src/tss2-esys/api/Esys_Load.c
+@@ -191,8 +191,12 @@ Esys_Load_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (parentHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &parentHandleNode->rsrc.name, &parentHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_NV_Certify.c b/src/tss2-esys/api/Esys_NV_Certify.c
+index 8f0eb6e65536..8b79fb69dae0 100644
+--- a/src/tss2-esys/api/Esys_NV_Certify.c
++++ b/src/tss2-esys/api/Esys_NV_Certify.c
+@@ -215,10 +215,18 @@ Esys_NV_Certify_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (signHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &signHandleNode->rsrc.name, &signHandleNode->auth);
+- iesys_compute_session_value(esysContext->session_tab[1],
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[1],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+ /* Generate the auth values and set them in the SAPI command buffer */
+diff --git a/src/tss2-esys/api/Esys_NV_ChangeAuth.c b/src/tss2-esys/api/Esys_NV_ChangeAuth.c
+index d2aced330113..3004a3dd4b1d 100644
+--- a/src/tss2-esys/api/Esys_NV_ChangeAuth.c
++++ b/src/tss2-esys/api/Esys_NV_ChangeAuth.c
+@@ -190,8 +190,12 @@ Esys_NV_ChangeAuth_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (nvIndexNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &nvIndexNode->rsrc.name, &nvIndexNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_NV_DefineSpace.c b/src/tss2-esys/api/Esys_NV_DefineSpace.c
+index 01b6a3e3fd7b..70ae2a73d0be 100644
+--- a/src/tss2-esys/api/Esys_NV_DefineSpace.c
++++ b/src/tss2-esys/api/Esys_NV_DefineSpace.c
+@@ -213,8 +213,12 @@ Esys_NV_DefineSpace_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_NV_Extend.c b/src/tss2-esys/api/Esys_NV_Extend.c
+index 23eeabddc24d..0b3d61b99405 100644
+--- a/src/tss2-esys/api/Esys_NV_Extend.c
++++ b/src/tss2-esys/api/Esys_NV_Extend.c
+@@ -194,8 +194,12 @@ Esys_NV_Extend_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_NV_GlobalWriteLock.c b/src/tss2-esys/api/Esys_NV_GlobalWriteLock.c
+index f84ec4f0994e..56a9b1171462 100644
+--- a/src/tss2-esys/api/Esys_NV_GlobalWriteLock.c
++++ b/src/tss2-esys/api/Esys_NV_GlobalWriteLock.c
+@@ -176,8 +176,12 @@ Esys_NV_GlobalWriteLock_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_NV_Increment.c b/src/tss2-esys/api/Esys_NV_Increment.c
+index 17504c6db1f1..6248b4b6c007 100644
+--- a/src/tss2-esys/api/Esys_NV_Increment.c
++++ b/src/tss2-esys/api/Esys_NV_Increment.c
+@@ -195,8 +195,12 @@ Esys_NV_Increment_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_NV_Read.c b/src/tss2-esys/api/Esys_NV_Read.c
+index f97784f72b85..40f54ec7fea4 100644
+--- a/src/tss2-esys/api/Esys_NV_Read.c
++++ b/src/tss2-esys/api/Esys_NV_Read.c
+@@ -192,8 +192,12 @@ Esys_NV_Read_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_NV_ReadLock.c b/src/tss2-esys/api/Esys_NV_ReadLock.c
+index ee15450f3e09..529446a02b30 100644
+--- a/src/tss2-esys/api/Esys_NV_ReadLock.c
++++ b/src/tss2-esys/api/Esys_NV_ReadLock.c
+@@ -195,8 +195,12 @@ Esys_NV_ReadLock_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_NV_SetBits.c b/src/tss2-esys/api/Esys_NV_SetBits.c
+index a3d5508c0cbe..17d769880e16 100644
+--- a/src/tss2-esys/api/Esys_NV_SetBits.c
++++ b/src/tss2-esys/api/Esys_NV_SetBits.c
+@@ -200,8 +200,12 @@ Esys_NV_SetBits_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_NV_UndefineSpace.c b/src/tss2-esys/api/Esys_NV_UndefineSpace.c
+index e816299dddbf..14a04789eb6e 100644
+--- a/src/tss2-esys/api/Esys_NV_UndefineSpace.c
++++ b/src/tss2-esys/api/Esys_NV_UndefineSpace.c
+@@ -193,8 +193,12 @@ Esys_NV_UndefineSpace_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_NV_UndefineSpaceSpecial.c b/src/tss2-esys/api/Esys_NV_UndefineSpaceSpecial.c
+index c3df73f80a25..bd5aa2ef838d 100644
+--- a/src/tss2-esys/api/Esys_NV_UndefineSpaceSpecial.c
++++ b/src/tss2-esys/api/Esys_NV_UndefineSpaceSpecial.c
+@@ -195,10 +195,18 @@ Esys_NV_UndefineSpaceSpecial_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (nvIndexNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &nvIndexNode->rsrc.name, &nvIndexNode->auth);
+- iesys_compute_session_value(esysContext->session_tab[1],
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
++ if (platformNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[1],
+ &platformNode->rsrc.name, &platformNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+ /* Generate the auth values and set them in the SAPI command buffer */
+diff --git a/src/tss2-esys/api/Esys_NV_Write.c b/src/tss2-esys/api/Esys_NV_Write.c
+index f18e9d9724d7..c132def44c4a 100644
+--- a/src/tss2-esys/api/Esys_NV_Write.c
++++ b/src/tss2-esys/api/Esys_NV_Write.c
+@@ -198,8 +198,12 @@ Esys_NV_Write_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_NV_WriteLock.c b/src/tss2-esys/api/Esys_NV_WriteLock.c
+index b2a8f646aaf4..c8b7ef4d2bc6 100644
+--- a/src/tss2-esys/api/Esys_NV_WriteLock.c
++++ b/src/tss2-esys/api/Esys_NV_WriteLock.c
+@@ -195,8 +195,12 @@ Esys_NV_WriteLock_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_ObjectChangeAuth.c b/src/tss2-esys/api/Esys_ObjectChangeAuth.c
+index e7e018893f68..408b354f057a 100644
+--- a/src/tss2-esys/api/Esys_ObjectChangeAuth.c
++++ b/src/tss2-esys/api/Esys_ObjectChangeAuth.c
+@@ -183,8 +183,12 @@ Esys_ObjectChangeAuth_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (objectHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &objectHandleNode->rsrc.name, &objectHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_PCR_Allocate.c b/src/tss2-esys/api/Esys_PCR_Allocate.c
+index ea82b45182ae..d9a426ce8bab 100644
+--- a/src/tss2-esys/api/Esys_PCR_Allocate.c
++++ b/src/tss2-esys/api/Esys_PCR_Allocate.c
+@@ -194,8 +194,12 @@ Esys_PCR_Allocate_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_PCR_Event.c b/src/tss2-esys/api/Esys_PCR_Event.c
+index 30ef453adc17..a01335629141 100644
+--- a/src/tss2-esys/api/Esys_PCR_Event.c
++++ b/src/tss2-esys/api/Esys_PCR_Event.c
+@@ -176,8 +176,12 @@ Esys_PCR_Event_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (pcrHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &pcrHandleNode->rsrc.name, &pcrHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_PCR_Extend.c b/src/tss2-esys/api/Esys_PCR_Extend.c
+index bbb1e4133aa2..8e2d4ad39403 100644
+--- a/src/tss2-esys/api/Esys_PCR_Extend.c
++++ b/src/tss2-esys/api/Esys_PCR_Extend.c
+@@ -179,8 +179,12 @@ Esys_PCR_Extend_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (pcrHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &pcrHandleNode->rsrc.name, &pcrHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_PCR_Reset.c b/src/tss2-esys/api/Esys_PCR_Reset.c
+index ed5a9aa49089..178a7924632c 100644
+--- a/src/tss2-esys/api/Esys_PCR_Reset.c
++++ b/src/tss2-esys/api/Esys_PCR_Reset.c
+@@ -175,8 +175,12 @@ Esys_PCR_Reset_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (pcrHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &pcrHandleNode->rsrc.name, &pcrHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_PCR_SetAuthPolicy.c b/src/tss2-esys/api/Esys_PCR_SetAuthPolicy.c
+index a98817d36cd6..a7197c945103 100644
+--- a/src/tss2-esys/api/Esys_PCR_SetAuthPolicy.c
++++ b/src/tss2-esys/api/Esys_PCR_SetAuthPolicy.c
+@@ -184,8 +184,12 @@ Esys_PCR_SetAuthPolicy_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_PCR_SetAuthValue.c b/src/tss2-esys/api/Esys_PCR_SetAuthValue.c
+index 8bd1e37b3bc5..68e7c8a6d95f 100644
+--- a/src/tss2-esys/api/Esys_PCR_SetAuthValue.c
++++ b/src/tss2-esys/api/Esys_PCR_SetAuthValue.c
+@@ -175,8 +175,12 @@ Esys_PCR_SetAuthValue_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (pcrHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &pcrHandleNode->rsrc.name, &pcrHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_PP_Commands.c b/src/tss2-esys/api/Esys_PP_Commands.c
+index 188a5a459124..a7b803482a19 100644
+--- a/src/tss2-esys/api/Esys_PP_Commands.c
++++ b/src/tss2-esys/api/Esys_PP_Commands.c
+@@ -189,8 +189,12 @@ Esys_PP_Commands_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authNode->rsrc.name, &authNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_PolicyAuthorizeNV.c b/src/tss2-esys/api/Esys_PolicyAuthorizeNV.c
+index bf52ec0d7041..4b71768872d7 100644
+--- a/src/tss2-esys/api/Esys_PolicyAuthorizeNV.c
++++ b/src/tss2-esys/api/Esys_PolicyAuthorizeNV.c
+@@ -199,8 +199,12 @@ Esys_PolicyAuthorizeNV_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_PolicyNV.c b/src/tss2-esys/api/Esys_PolicyNV.c
+index 752856e2eda7..cfff5fc33da1 100644
+--- a/src/tss2-esys/api/Esys_PolicyNV.c
++++ b/src/tss2-esys/api/Esys_PolicyNV.c
+@@ -206,8 +206,12 @@ Esys_PolicyNV_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_PolicySecret.c b/src/tss2-esys/api/Esys_PolicySecret.c
+index 671c40cdba0c..c755578e9da7 100644
+--- a/src/tss2-esys/api/Esys_PolicySecret.c
++++ b/src/tss2-esys/api/Esys_PolicySecret.c
+@@ -208,8 +208,12 @@ Esys_PolicySecret_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_Quote.c b/src/tss2-esys/api/Esys_Quote.c
+index 3c3f7f10f852..44ba57f2fe1a 100644
+--- a/src/tss2-esys/api/Esys_Quote.c
++++ b/src/tss2-esys/api/Esys_Quote.c
+@@ -185,8 +185,12 @@ Esys_Quote_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (signHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &signHandleNode->rsrc.name, &signHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_RSA_Decrypt.c b/src/tss2-esys/api/Esys_RSA_Decrypt.c
+index 30ec54e3d0d2..a4c953be1f3b 100644
+--- a/src/tss2-esys/api/Esys_RSA_Decrypt.c
++++ b/src/tss2-esys/api/Esys_RSA_Decrypt.c
+@@ -182,8 +182,12 @@ Esys_RSA_Decrypt_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (keyHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &keyHandleNode->rsrc.name, &keyHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_Rewrap.c b/src/tss2-esys/api/Esys_Rewrap.c
+index f31538d008fc..f1127ce47706 100644
+--- a/src/tss2-esys/api/Esys_Rewrap.c
++++ b/src/tss2-esys/api/Esys_Rewrap.c
+@@ -197,8 +197,12 @@ Esys_Rewrap_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (oldParentNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &oldParentNode->rsrc.name, &oldParentNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_SequenceComplete.c b/src/tss2-esys/api/Esys_SequenceComplete.c
+index c6afd9097366..2227afc1f453 100644
+--- a/src/tss2-esys/api/Esys_SequenceComplete.c
++++ b/src/tss2-esys/api/Esys_SequenceComplete.c
+@@ -190,9 +190,12 @@ Esys_SequenceComplete_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
+- sequenceHandleNode ? &sequenceHandleNode->rsrc.name : NULL,
+- sequenceHandleNode ? &sequenceHandleNode->auth : NULL);
++ if (sequenceHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
++ &sequenceHandleNode->rsrc.name, &sequenceHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_SequenceUpdate.c b/src/tss2-esys/api/Esys_SequenceUpdate.c
+index add3ec4f33bf..c1bc93daeb03 100644
+--- a/src/tss2-esys/api/Esys_SequenceUpdate.c
++++ b/src/tss2-esys/api/Esys_SequenceUpdate.c
+@@ -175,9 +175,12 @@ Esys_SequenceUpdate_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
+- sequenceHandleNode ? &sequenceHandleNode->rsrc.name : NULL,
+- sequenceHandleNode ? &sequenceHandleNode->auth : NULL);
++ if (sequenceHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
++ &sequenceHandleNode->rsrc.name, &sequenceHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_SetAlgorithmSet.c b/src/tss2-esys/api/Esys_SetAlgorithmSet.c
+index d73771e3f74a..4716f04b8793 100644
+--- a/src/tss2-esys/api/Esys_SetAlgorithmSet.c
++++ b/src/tss2-esys/api/Esys_SetAlgorithmSet.c
+@@ -182,8 +182,12 @@ Esys_SetAlgorithmSet_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_SetCommandCodeAuditStatus.c b/src/tss2-esys/api/Esys_SetCommandCodeAuditStatus.c
+index 1290a87b7563..38268b94e1cb 100644
+--- a/src/tss2-esys/api/Esys_SetCommandCodeAuditStatus.c
++++ b/src/tss2-esys/api/Esys_SetCommandCodeAuditStatus.c
+@@ -196,8 +196,12 @@ Esys_SetCommandCodeAuditStatus_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authNode->rsrc.name, &authNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_SetPrimaryPolicy.c b/src/tss2-esys/api/Esys_SetPrimaryPolicy.c
+index 51272d57c8e2..73b676870704 100644
+--- a/src/tss2-esys/api/Esys_SetPrimaryPolicy.c
++++ b/src/tss2-esys/api/Esys_SetPrimaryPolicy.c
+@@ -183,8 +183,12 @@ Esys_SetPrimaryPolicy_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (authHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &authHandleNode->rsrc.name, &authHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_Sign.c b/src/tss2-esys/api/Esys_Sign.c
+index 06a0a451e4d9..374c17d35543 100644
+--- a/src/tss2-esys/api/Esys_Sign.c
++++ b/src/tss2-esys/api/Esys_Sign.c
+@@ -188,8 +188,12 @@ Esys_Sign_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (keyHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &keyHandleNode->rsrc.name, &keyHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_Unseal.c b/src/tss2-esys/api/Esys_Unseal.c
+index 1ac785809fe8..b3203a0e5aae 100644
+--- a/src/tss2-esys/api/Esys_Unseal.c
++++ b/src/tss2-esys/api/Esys_Unseal.c
+@@ -172,8 +172,12 @@ Esys_Unseal_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (itemHandleNode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &itemHandleNode->rsrc.name, &itemHandleNode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+diff --git a/src/tss2-esys/api/Esys_ZGen_2Phase.c b/src/tss2-esys/api/Esys_ZGen_2Phase.c
+index cb30880c3c71..c59996d35aea 100644
+--- a/src/tss2-esys/api/Esys_ZGen_2Phase.c
++++ b/src/tss2-esys/api/Esys_ZGen_2Phase.c
+@@ -190,8 +190,12 @@ Esys_ZGen_2Phase_Async(
+ /* Calculate the cpHash Values */
+ r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
+- iesys_compute_session_value(esysContext->session_tab[0],
++ if (keyANode != NULL)
++ iesys_compute_session_value(esysContext->session_tab[0],
+ &keyANode->rsrc.name, &keyANode->auth);
++ else
++ iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
++
+ iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+--
+2.27.0
+
diff --git a/SOURCES/0001-esys-fix-Esys_StartAuthSession-called-with-optional-.patch b/SOURCES/0001-esys-fix-Esys_StartAuthSession-called-with-optional-.patch
new file mode 100644
index 0000000..5299421
--- /dev/null
+++ b/SOURCES/0001-esys-fix-Esys_StartAuthSession-called-with-optional-.patch
@@ -0,0 +1,45 @@
+From 0bd19b61c8cd07d03b6efffc05f95d5ec427a3d6 Mon Sep 17 00:00:00 2001
+From: Tadeusz Struk <tadeusz.struk@intel.com>
+Date: Tue, 14 Jan 2020 10:55:20 -0800
+Subject: [PATCH] esys: fix Esys_StartAuthSession called with optional params
+
+For an HMAC session if any of the optional params are ESYS_TR_NONE
+we need to use the same tpm2_handles TPM2_RH_NULL (0x40000007)
+as in the prepare call to correctly calculate cpHash and HMAC
+values for the session.
+
+Fixes: #1590
+
+Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
+---
+ src/tss2-esys/api/Esys_StartAuthSession.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/tss2-esys/api/Esys_StartAuthSession.c b/src/tss2-esys/api/Esys_StartAuthSession.c
+index 313604a2077c..3ccd842a7572 100644
+--- a/src/tss2-esys/api/Esys_StartAuthSession.c
++++ b/src/tss2-esys/api/Esys_StartAuthSession.c
+@@ -260,7 +260,19 @@ Esys_StartAuthSession_Async(
+ iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
+
+ /* Generate the auth values and set them in the SAPI command buffer */
+- r = iesys_gen_auths(esysContext, tpmKeyNode, bindNode, NULL, &auths);
++
++ RSRC_NODE_T none;
++ size_t offset = 0;
++ none.rsrc.handle = TPM2_RH_NULL;
++ none.rsrc.rsrcType = IESYSC_WITHOUT_MISC_RSRC;
++ r = Tss2_MU_TPM2_HANDLE_Marshal(TPM2_RH_NULL,
++ none.rsrc.name.name,
++ sizeof(none.rsrc.name.name),
++ &offset);
++ return_state_if_error(r, _ESYS_STATE_INIT, "Marshaling TPM handle.");
++ none.rsrc.name.size = offset;
++ r = iesys_gen_auths(esysContext, tpmKeyNode ? tpmKeyNode : &none,
++ bindNode ? bindNode : &none, NULL, &auths);
+ return_state_if_error(r, _ESYS_STATE_INIT,
+ "Error in computation of auth values");
+
+--
+2.27.0
+
diff --git a/SOURCES/0001-esys-fix-keysize-of-ECC-curve-TPM2_ECC_NISTP224.patch b/SOURCES/0001-esys-fix-keysize-of-ECC-curve-TPM2_ECC_NISTP224.patch
new file mode 100644
index 0000000..71accc8
--- /dev/null
+++ b/SOURCES/0001-esys-fix-keysize-of-ECC-curve-TPM2_ECC_NISTP224.patch
@@ -0,0 +1,29 @@
+From 76641c1e6b016979973fead7a24bb8fca4ee8325 Mon Sep 17 00:00:00 2001
+From: Johannes Holland <johannes.holland@infineon.com>
+Date: Thu, 26 Sep 2019 09:46:09 +0100
+Subject: [PATCH] esys: fix keysize of ECC curve TPM2_ECC_NISTP224
+
+In esys_crypto_ossl.c, for the ECC curve TPM2_ECC_NISTP244 a key size of
+38 is selected. However, 224 bit / 8 bit/byte = 28 byte.
+
+Signed-off-by: Johannes Holland <johannes.holland@infineon.com>
+---
+ src/tss2-esys/esys_crypto_ossl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
+index 124501964ae7..3c5d86d69705 100644
+--- a/src/tss2-esys/esys_crypto_ossl.c
++++ b/src/tss2-esys/esys_crypto_ossl.c
+@@ -804,7 +804,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,
+ break;
+ case TPM2_ECC_NIST_P224:
+ curveId = NID_secp224r1;
+- key_size = 38;
++ key_size = 28;
+ break;
+ case TPM2_ECC_NIST_P256:
+ curveId = NID_X9_62_prime256v1;
+--
+2.27.0
+
diff --git a/SOURCES/0001-esys-fixup-compute_encrypted_salt-err-handling-in-Es.patch b/SOURCES/0001-esys-fixup-compute_encrypted_salt-err-handling-in-Es.patch
new file mode 100644
index 0000000..3b4fc20
--- /dev/null
+++ b/SOURCES/0001-esys-fixup-compute_encrypted_salt-err-handling-in-Es.patch
@@ -0,0 +1,47 @@
+From 380d5f9ec3aa1f5e456598fe66d275467660177b Mon Sep 17 00:00:00 2001
+From: Tadeusz Struk <tadeusz.struk@intel.com>
+Date: Thu, 16 Jan 2020 09:27:04 -0800
+Subject: [PATCH] esys: fixup compute_encrypted_salt err handling in
+ Esys_StartAuthSession
+
+Use return_state_if_error() macro for compute_encrypted_salt()
+error handling in Esys_StartAuthSession to maintain the correct
+context state.
+
+Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
+---
+ src/tss2-esys/api/Esys_StartAuthSession.c | 13 ++++---------
+ 1 file changed, 4 insertions(+), 9 deletions(-)
+
+diff --git a/src/tss2-esys/api/Esys_StartAuthSession.c b/src/tss2-esys/api/Esys_StartAuthSession.c
+index 3ccd842a7572..1717928a717d 100644
+--- a/src/tss2-esys/api/Esys_StartAuthSession.c
++++ b/src/tss2-esys/api/Esys_StartAuthSession.c
+@@ -223,20 +223,15 @@ Esys_StartAuthSession_Async(
+ TSS2_RC r2;
+ r2 = iesys_compute_encrypted_salt(esysContext, tpmKeyNode,
+ &encryptedSaltAux);
+- return_if_error(r2, "Error in parameter encryption.");
++ return_state_if_error(r2, _ESYS_STATE_INIT, "Error in parameter encryption.");
+
+ if (nonceCaller == NULL) {
+ r2 = iesys_crypto_hash_get_digest_size(authHash,&authHash_size);
+- if (r2 != TSS2_RC_SUCCESS) {
+- LOG_ERROR("Error: initialize auth session (%x).", r2);
+- return r2;
+- }
++ return_state_if_error(r2, _ESYS_STATE_INIT, "Error in hash_get_digest_size.");
++
+ r2 = iesys_crypto_random2b(&esysContext->in.StartAuthSession.nonceCallerData,
+ authHash_size);
+- if (r2 != TSS2_RC_SUCCESS) {
+- LOG_ERROR("Error: initialize auth session (%x).", r2);
+- return r2;
+- }
++ return_state_if_error(r2, _ESYS_STATE_INIT, "Error in crypto_random2b.");
+ esysContext->in.StartAuthSession.nonceCaller
+ = &esysContext->in.StartAuthSession.nonceCallerData;
+ nonceCaller = esysContext->in.StartAuthSession.nonceCaller;
+--
+2.27.0
+
diff --git a/SOURCES/0001-esys-zero-out-ctx-salt-after-on-startAuthSession_fin.patch b/SOURCES/0001-esys-zero-out-ctx-salt-after-on-startAuthSession_fin.patch
new file mode 100644
index 0000000..eed03d3
--- /dev/null
+++ b/SOURCES/0001-esys-zero-out-ctx-salt-after-on-startAuthSession_fin.patch
@@ -0,0 +1,38 @@
+From 1ec07af70925ece698b733d55dedd1d9878b70f2 Mon Sep 17 00:00:00 2001
+From: Tadeusz Struk <tadeusz.struk@intel.com>
+Date: Fri, 24 Jan 2020 19:05:34 -0800
+Subject: [PATCH] esys: zero out ctx->salt after on startAuthSession_finish
+
+The ctx->salt is used to calculate session key during
+startAuthSession call if the caller pass a valid tpmKey
+parameter. There salt is calculated in the _Async call
+and the the session key is calculated in the _Finish call.
+The problem is that if in the same context an unsalted
+session is created after a salted session the ctx->salt
+will still hold the old value and it will incorrectly
+be used for session key calculation in the the subsequent
+_Finish call. To fix this the salt needs to be set to
+cleaned after no longer needed.
+
+Fixes: #1574
+
+Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
+---
+ src/tss2-esys/api/Esys_StartAuthSession.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/tss2-esys/api/Esys_StartAuthSession.c b/src/tss2-esys/api/Esys_StartAuthSession.c
+index 1717928a717d..6367419d7c9a 100644
+--- a/src/tss2-esys/api/Esys_StartAuthSession.c
++++ b/src/tss2-esys/api/Esys_StartAuthSession.c
+@@ -497,6 +497,7 @@ Esys_StartAuthSession_Finish(
+ goto_if_error(r, "Marshal session name", error_cleanup);
+
+ sessionHandleNode->rsrc.name.size = offset;
++ memset(&esysContext->salt, '\0', sizeof(esysContext->salt));
+ esysContext->state = _ESYS_STATE_INIT;
+
+ return TSS2_RC_SUCCESS;
+--
+2.27.0
+
diff --git a/SOURCES/0001-esys_iutil-use-memcmp-in-byte-array-comparison.patch b/SOURCES/0001-esys_iutil-use-memcmp-in-byte-array-comparison.patch
new file mode 100644
index 0000000..511378f
--- /dev/null
+++ b/SOURCES/0001-esys_iutil-use-memcmp-in-byte-array-comparison.patch
@@ -0,0 +1,62 @@
+From 0bf42a4489973005ddd912a800dfb92eff2806e8 Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@intel.com>
+Date: Mon, 16 Sep 2019 17:12:23 -0700
+Subject: [PATCH] esys_iutil: use memcmp in byte array comparison
+
+Rather than a byte for byte forloop, use memcmp() so the compiler can
+use architectural optimizations.
+
+Signed-off-by: William Roberts <william.c.roberts@intel.com>
+---
+ src/tss2-esys/esys_iutil.c | 27 +++++----------------------
+ 1 file changed, 5 insertions(+), 22 deletions(-)
+
+diff --git a/src/tss2-esys/esys_iutil.c b/src/tss2-esys/esys_iutil.c
+index 94d0332c5b7d..08a9b7dffcbd 100644
+--- a/src/tss2-esys/esys_iutil.c
++++ b/src/tss2-esys/esys_iutil.c
+@@ -35,23 +35,6 @@ cmp_UINT16(const UINT16 * in1, const UINT16 * in2)
+ }
+ }
+
+-/**
+- * Compare variables of type BYTE.
+- * @param[in] in1 Variable to be compared with:
+- * @param[in] in2
+- */
+-static bool
+-cmp_BYTE(const BYTE * in1, const BYTE * in2)
+-{
+- LOG_TRACE("call");
+- if (*in1 == *in2)
+- return true;
+- else {
+- LOG_TRACE("cmp false");
+- return false;
+- }
+-}
+-
+ /**
+ * Compare two arrays of type BYTE.
+ * @param[in] in1 array to be compared with:.
+@@ -65,12 +48,12 @@ cmp_BYTE_array(const BYTE * in1, size_t count1, const BYTE * in2, size_t count2)
+ LOG_TRACE("cmp false");
+ return false;
+ }
+- for (size_t i = 0; i < count1; i++) {
+- if (!cmp_BYTE(&in1[i], &in2[i])) {
+- LOG_TRACE("cmp false");
+- return false;
+- }
++
++ if (memcmp(in1, in2, count2) != 0) {
++ LOG_TRACE("cmp false");
++ return false;
+ }
++
+ return true;
+ }
+
+--
+2.27.0
+
diff --git a/SOURCES/0001-mu-Remove-use-of-VLAs-for-Marshalling-TPML-types.patch b/SOURCES/0001-mu-Remove-use-of-VLAs-for-Marshalling-TPML-types.patch
new file mode 100644
index 0000000..867293b
--- /dev/null
+++ b/SOURCES/0001-mu-Remove-use-of-VLAs-for-Marshalling-TPML-types.patch
@@ -0,0 +1,71 @@
+From 58ee0fd916671942e62ac9930f18225761a6dd66 Mon Sep 17 00:00:00 2001
+From: Joe Richey <joerichey@google.com>
+Date: Tue, 21 Jan 2020 20:04:45 -0800
+Subject: [PATCH] mu: Remove use of VLAs for Marshalling TPML types
+
+All of the `Tss2_MU_*_Marshal()` functions have the property that
+`buffer` can be NULL, `offset` can be NULL, but both cannot be
+NULL. Some Marshal functions check this directly (returning
+`TSS2_MU_RC_BAD_REFERENCE` on error), but most do this by composing
+existing Marshalling functions together.
+
+The TMPL Marshal functions does things differently, it creates a local
+VLA `local_buffer[buffer_size]` and uses that as the buffer pointer if
+a NULL buffer is given. This is unnecessary, as this pointer is only
+used for debug logging and passed to other Marshalling functions, which
+will correctly handle a NULL buffer.
+
+Note that the VLA in the existing code is of length `buffer_size` (the
+length of the _entire_ buffer, _not_ the length of the data being
+unmarshaled). This can potentially result in a very large stack
+allocation, or stack overflow.
+
+Signed-off-by: Joe Richey <joerichey@google.com>
+---
+ src/tss2-mu/tpml-types.c | 11 +++--------
+ 1 file changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/src/tss2-mu/tpml-types.c b/src/tss2-mu/tpml-types.c
+index 9506a26efd14..ae1ed6177d75 100644
+--- a/src/tss2-mu/tpml-types.c
++++ b/src/tss2-mu/tpml-types.c
+@@ -29,8 +29,6 @@ TSS2_RC Tss2_MU_##type##_Marshal(type const *src, uint8_t buffer[], \
+ size_t local_offset = 0; \
+ UINT32 i, count = 0; \
+ TSS2_RC ret = TSS2_RC_SUCCESS; \
+- uint8_t *buf_ptr = buffer; \
+- uint8_t local_buffer[buffer_size]; \
+ \
+ if (offset != NULL) { \
+ LOG_TRACE("offset non-NULL, initial value: %zu", *offset); \
+@@ -60,24 +58,21 @@ TSS2_RC Tss2_MU_##type##_Marshal(type const *src, uint8_t buffer[], \
+ LOG_WARNING("count too big"); \
+ return TSS2_SYS_RC_BAD_VALUE; \
+ } \
+-\
+- if (buf_ptr == NULL) \
+- buf_ptr = local_buffer; \
+ \
+ LOG_DEBUG(\
+ "Marshalling " #type " from 0x%" PRIxPTR " to buffer 0x%" PRIxPTR \
+ " at index 0x%zx", \
+ (uintptr_t)&src, \
+- (uintptr_t)buf_ptr, \
++ (uintptr_t)buffer, \
+ local_offset); \
+ \
+- ret = Tss2_MU_UINT32_Marshal(src->count, buf_ptr, buffer_size, &local_offset); \
++ ret = Tss2_MU_UINT32_Marshal(src->count, buffer, buffer_size, &local_offset); \
+ if (ret) \
+ return ret; \
+ \
+ for (i = 0; i < src->count; i++) \
+ { \
+- ret = marshal_func(op src->buf_name[i], buf_ptr, buffer_size, &local_offset); \
++ ret = marshal_func(op src->buf_name[i], buffer, buffer_size, &local_offset); \
+ if (ret) \
+ return ret; \
+ } \
+--
+2.27.0
+
diff --git a/SOURCES/0001-sys-match-counter-variable-type-for-cmdAuthsArray-co.patch b/SOURCES/0001-sys-match-counter-variable-type-for-cmdAuthsArray-co.patch
new file mode 100644
index 0000000..b8e4098
--- /dev/null
+++ b/SOURCES/0001-sys-match-counter-variable-type-for-cmdAuthsArray-co.patch
@@ -0,0 +1,29 @@
+From 5ab8190843597ff6a255c59f91582e4dca117927 Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas@gmx.de>
+Date: Thu, 21 Nov 2019 14:49:27 +0100
+Subject: [PATCH] sys: match counter variable type for cmdAuthsArray->count
+
+TSS2L_SYS_AUTH_COMMAND.count is defined as uint16_t, so the counter
+variable should be uint16_t as well.
+
+Signed-off-by: Jonas Witschel <diabonas@gmx.de>
+---
+ src/tss2-sys/api/Tss2_Sys_SetCmdAuths.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tss2-sys/api/Tss2_Sys_SetCmdAuths.c b/src/tss2-sys/api/Tss2_Sys_SetCmdAuths.c
+index 1bc3f3c2556f..d946c14e5cfb 100644
+--- a/src/tss2-sys/api/Tss2_Sys_SetCmdAuths.c
++++ b/src/tss2-sys/api/Tss2_Sys_SetCmdAuths.c
+@@ -20,7 +20,7 @@ TSS2_RC Tss2_Sys_SetCmdAuths(
+ const TSS2L_SYS_AUTH_COMMAND *cmdAuthsArray)
+ {
+ _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
+- uint8_t i;
++ uint16_t i;
+ UINT32 authSize = 0;
+ UINT32 newCmdSize = 0;
+ size_t authOffset;
+--
+2.27.0
+
diff --git a/SOURCES/0001-tcti-device-getPollHandles-should-allow-num_handles-.patch b/SOURCES/0001-tcti-device-getPollHandles-should-allow-num_handles-.patch
new file mode 100644
index 0000000..776d11b
--- /dev/null
+++ b/SOURCES/0001-tcti-device-getPollHandles-should-allow-num_handles-.patch
@@ -0,0 +1,39 @@
+From c42450a294c4267998aa16a477e9218ee5953aa9 Mon Sep 17 00:00:00 2001
+From: Jeffrey Ferreira <jeffpferreira@gmail.com>
+Date: Thu, 19 Sep 2019 13:32:00 -0700
+Subject: [PATCH] tcti-device: getPollHandles should allow num_handles query
+
+Signed-off-by: Jeffrey Ferreira <jeffpferreira@gmail.com>
+---
+ src/tss2-tcti/tcti-device.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/tss2-tcti/tcti-device.c b/src/tss2-tcti/tcti-device.c
+index 44c9fe2083d5..53a698cad061 100644
+--- a/src/tss2-tcti/tcti-device.c
++++ b/src/tss2-tcti/tcti-device.c
+@@ -368,12 +368,19 @@ tcti_device_get_poll_handles (
+ return TSS2_TCTI_RC_BAD_CONTEXT;
+ }
+
+- if (handles == NULL || num_handles == NULL) {
++ if (num_handles == NULL) {
+ return TSS2_TCTI_RC_BAD_REFERENCE;
+ }
+
++ if (handles != NULL && *num_handles < 1) {
++ return TSS2_TCTI_RC_INSUFFICIENT_BUFFER;
++ }
++
+ *num_handles = 1;
+- handles->fd = tcti_dev->fd;
++ if (handles != NULL) {
++ handles->fd = tcti_dev->fd;
++ }
++
+ return TSS2_RC_SUCCESS;
+ #else
+ (void)(tctiContext);
+--
+2.27.0
+
diff --git a/SOURCES/0001-tctildr-fix-segmentation-fault-if-name_conf-is-too-b.patch b/SOURCES/0001-tctildr-fix-segmentation-fault-if-name_conf-is-too-b.patch
new file mode 100644
index 0000000..3a0f962
--- /dev/null
+++ b/SOURCES/0001-tctildr-fix-segmentation-fault-if-name_conf-is-too-b.patch
@@ -0,0 +1,39 @@
+From ffca561b2de43df0a9f7f9c0e717fca943f2c38b Mon Sep 17 00:00:00 2001
+From: Johannes Holland <joh.ho@gmx.de>
+Date: Tue, 20 Aug 2019 16:58:09 +0200
+Subject: [PATCH] tctildr: fix segmentation fault if name_conf is too big
+
+When strlen(name_conf) is too big and logging is set to at least DEBUG,
+tctildr_conf_parse will cause a segmentation fault. This happens when
+the unit tests are run with logging set to DEBUG. Hence, the logging
+call has to be done after the check for strlen(name_conf).
+
+Signed-off-by: Johannes Holland <joh.ho@gmx.de>
+---
+ src/tss2-tcti/tctildr.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/tss2-tcti/tctildr.c b/src/tss2-tcti/tctildr.c
+index 76248f358860..ff967317b57b 100644
+--- a/src/tss2-tcti/tctildr.c
++++ b/src/tss2-tcti/tctildr.c
+@@ -117,7 +117,6 @@ tctildr_conf_parse (const char *name_conf,
+ char *split;
+ size_t combined_length;
+
+- LOG_DEBUG ("name_conf: \"%s\"", name_conf);
+ if (name_conf == NULL) {
+ LOG_ERROR ("'name_conf' param may NOT be NULL");
+ return TSS2_TCTI_RC_BAD_REFERENCE;
+@@ -127,6 +126,8 @@ tctildr_conf_parse (const char *name_conf,
+ LOG_ERROR ("combined conf length must be between 0 and PATH_MAX");
+ return TSS2_TCTI_RC_BAD_VALUE;
+ }
++
++ LOG_DEBUG ("name_conf: \"%s\"", name_conf);
+ if (combined_length == 0)
+ return TSS2_RC_SUCCESS;
+ split = strchr (name_conf, ':');
+--
+2.27.0
+
diff --git a/SPECS/tpm2-tss.spec b/SPECS/tpm2-tss.spec
index 26cb23c..d51a096 100644
--- a/SPECS/tpm2-tss.spec
+++ b/SPECS/tpm2-tss.spec
@@ -1,6 +1,6 @@
Name: tpm2-tss
Version: 2.3.2
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: TPM2.0 Software Stack
# The entire source code is under BSD except implementation.h and tpmb.h which
@@ -10,6 +10,20 @@ URL: https://github.com/tpm2-software/tpm2-tss
Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz
# patch submitted upstream https://github.com/tpm2-software/tpm2-tss/pull/1707
Patch0: 0001-man-Clean-up-libmandoc-parser-warnings.patch
+# Upstream patches
+Patch1: 0001-esys-Check-object-handle-node-before-calling-compute.patch
+Patch2: 0001-build-update-exported-symbols-map-for-libtss2-mu.patch
+Patch3: 0001-esys-fix-Esys_StartAuthSession-called-with-optional-.patch
+Patch4: 0001-esys-fixup-compute_encrypted_salt-err-handling-in-Es.patch
+Patch5: 0001-esys-zero-out-ctx-salt-after-on-startAuthSession_fin.patch
+Patch6: 0001-mu-Remove-use-of-VLAs-for-Marshalling-TPML-types.patch
+Patch7: 0001-esys_iutil-use-memcmp-in-byte-array-comparison.patch
+Patch8: 0001-tcti-device-getPollHandles-should-allow-num_handles-.patch
+Patch9: 0001-tctildr-fix-segmentation-fault-if-name_conf-is-too-b.patch
+Patch10: 0001-esys-fix-keysize-of-ECC-curve-TPM2_ECC_NISTP224.patch
+Patch11: 0001-Esys_CreateLoaded-fix-resource-name-calculation.patch
+Patch12: 0001-sys-match-counter-variable-type-for-cmdAuthsArray-co.patch
+Patch13: 0001-Return-proper-error-code-on-memory-allocation-failur.patch
%global udevrules_prefix 60-
@@ -45,6 +59,17 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
%make_install
find %{buildroot}%{_libdir} -type f -name \*.la -delete
+%pre
+getent group tss >/dev/null || groupadd -f -g 59 -r tss
+if ! getent passwd tss >/dev/null ; then
+ if ! getent passwd 59 >/dev/null ; then
+ useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
+ else
+ useradd -r -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
+ fi
+fi
+exit 0
+
%files
%doc README.md CHANGELOG.md
%license LICENSE
@@ -91,6 +116,23 @@ use tpm2-tss.
%postun -p /sbin/ldconfig
%changelog
+* Mon Nov 16 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 2.3.2-3
+- Add tss user if doesn't exist.
+- Update exported symbols map for libtss2-mu
+- esys: Check object handle node before calling compute_session_value
+- esys: fix resource name calculation
+- esys: fix Esys_StartAuthSession called with optional params
+- esys: fix keysize of ECC curve TPM2_ECC_NISTP224
+- esys: fixup compute_encrypted_salt error handling
+- esys: use memcmp in byte array comparison
+- esys: zero out ctx->salt after startAuthSession_finish
+- mu: Remove use of VLAs for Marshalling TPML types
+- return proper error code on memory allocation failure
+- sys: match counter variable type for cmdAuthsArray->count
+- tcti-device: getPollHandles should allow num_handles query
+- tctildr: fix segmentation fault if name_conf is too big
+resolves: rhbz#1879071 rhbz#1855180
+
* Mon Apr 27 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 2.3.2-2
- Clean up libmandoc parser errors.
resolves: rhbz#1789684