rpms/libtpms
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS libtpms-0.9.1-3.20211126git1ff6fe1f43.el8

Browse Source
This commit is contained in:
Andrew Lukoshko 2025-08-07 11:42:21 +00:00
parent 86b8f6f47d
commit 2e9a34e34d
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
SOURCES/0001-tpm2-CVE-2025-49133-fix.patch Normal file
View File

@ -0,0 +1,52 @@
From 0b1db4bd1c668c56f1d893c9ed19a94d46c228f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Wed, 11 Jun 2025 23:05:08 +0400
Subject: [PATCH] tpm2: CVE-2025-49133 fix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Based from upstream commit 04b2d8e9afc ("tpm2: Fix potential
out-of-bound access & abort due to HMAC signing issue")
Fix an HMAC signing issue that may causes an out-of-bounds access in a
TPM2B that in turn was running into an assert() in libtpms causing an
abort. The signing issue was due to an inconsistent pairing of the signKey
and signScheme parameters, where the signKey is ALG_KEYEDHASH key and
inScheme is an ECC or RSA scheme.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
src/tpm2/CryptUtil.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 9879f91..4154d50 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -79,12 +79,16 @@ CryptHmacSign(
{
HMAC_STATE hmacState;
UINT32 digestSize;
- digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg,
- &signKey->sensitive.sensitive.bits.b);
- CryptDigestUpdate2B(&hmacState.hashState, &hashData->b);
- CryptHmacEnd(&hmacState, digestSize,
- (BYTE *)&signature->signature.hmac.digest);
- return TPM_RC_SUCCESS;
+ if (signature->sigAlg == TPM_ALG_HMAC)
+ {
+ digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg,
+ &signKey->sensitive.sensitive.bits.b);
+ CryptDigestUpdate2B(&hmacState.hashState, &hashData->b);
+ CryptHmacEnd(&hmacState, digestSize,
+ (BYTE *)&signature->signature.hmac.digest);
+ return TPM_RC_SUCCESS;
+ }
+ return TPM_RC_SCHEME;
}
/* 10.2.6.3.2 CryptHMACVerifySignature() */
/* This function will verify a signature signed by a HMAC key. Note that a caller needs to prepare
--
2.49.0

7
SPECS/libtpms.spec
View File

@ -3,7 +3,7 @@
Name: libtpms Name: libtpms
Version: 0.9.1 Version: 0.9.1
Release: 2.%{gitdate}git%{gitversion}%{?dist} Release: 3.%{gitdate}git%{gitversion}%{?dist}
Summary: Library providing Trusted Platform Module (TPM) functionality Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD License: BSD
@ -12,6 +12,7 @@ Source0: libtpms-%{gitdate}.tar.xz
ExcludeArch: i686 ExcludeArch: i686
Patch0003: 0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch Patch0003: 0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
Patch0004: 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch Patch0004: 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
Patch0006: 0001-tpm2-CVE-2025-49133-fix.patch
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: pkgconfig gawk sed BuildRequires: pkgconfig gawk sed
@ -59,6 +60,10 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Tue Jun 17 2025 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-3.20211126git1ff6fe1f43
- Fix CVE-2025-49133
Resolves: RHEL-96251
* Tue Mar 21 2023 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-2.20211126git1ff6fe1f43 * Tue Mar 21 2023 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-2.20211126git1ff6fe1f43
- Backport "tpm2: Check size of buffer before accessing it" (CVE-2023-1017 & CVE-2023-1018) - Backport "tpm2: Check size of buffer before accessing it" (CVE-2023-1017 & CVE-2023-1018)
Resolves: rhbz#2173964 Resolves: rhbz#2173964