import CS libtpms-0.9.1-5.20211126git1ff6fe1f43.el9
This commit is contained in:
parent
4c31d3a58c
commit
45c3905432
52
SOURCES/0001-tpm2-CVE-2025-49133-fix.patch
Normal file
52
SOURCES/0001-tpm2-CVE-2025-49133-fix.patch
Normal file
@ -0,0 +1,52 @@
|
||||
From 0b1db4bd1c668c56f1d893c9ed19a94d46c228f7 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||
Date: Wed, 11 Jun 2025 23:05:08 +0400
|
||||
Subject: [PATCH] tpm2: CVE-2025-49133 fix
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Based from upstream commit 04b2d8e9afc ("tpm2: Fix potential
|
||||
out-of-bound access & abort due to HMAC signing issue")
|
||||
|
||||
Fix an HMAC signing issue that may causes an out-of-bounds access in a
|
||||
TPM2B that in turn was running into an assert() in libtpms causing an
|
||||
abort. The signing issue was due to an inconsistent pairing of the signKey
|
||||
and signScheme parameters, where the signKey is ALG_KEYEDHASH key and
|
||||
inScheme is an ECC or RSA scheme.
|
||||
|
||||
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
---
|
||||
src/tpm2/CryptUtil.c | 16 ++++++++++------
|
||||
1 file changed, 10 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
|
||||
index 9879f91..4154d50 100644
|
||||
--- a/src/tpm2/CryptUtil.c
|
||||
+++ b/src/tpm2/CryptUtil.c
|
||||
@@ -79,12 +79,16 @@ CryptHmacSign(
|
||||
{
|
||||
HMAC_STATE hmacState;
|
||||
UINT32 digestSize;
|
||||
- digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg,
|
||||
- &signKey->sensitive.sensitive.bits.b);
|
||||
- CryptDigestUpdate2B(&hmacState.hashState, &hashData->b);
|
||||
- CryptHmacEnd(&hmacState, digestSize,
|
||||
- (BYTE *)&signature->signature.hmac.digest);
|
||||
- return TPM_RC_SUCCESS;
|
||||
+ if (signature->sigAlg == TPM_ALG_HMAC)
|
||||
+ {
|
||||
+ digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg,
|
||||
+ &signKey->sensitive.sensitive.bits.b);
|
||||
+ CryptDigestUpdate2B(&hmacState.hashState, &hashData->b);
|
||||
+ CryptHmacEnd(&hmacState, digestSize,
|
||||
+ (BYTE *)&signature->signature.hmac.digest);
|
||||
+ return TPM_RC_SUCCESS;
|
||||
+ }
|
||||
+ return TPM_RC_SCHEME;
|
||||
}
|
||||
/* 10.2.6.3.2 CryptHMACVerifySignature() */
|
||||
/* This function will verify a signature signed by a HMAC key. Note that a caller needs to prepare
|
||||
--
|
||||
2.49.0
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
Name: libtpms
|
||||
Version: 0.9.1
|
||||
Release: 4.%{gitdate}git%{gitversion}%{?dist}
|
||||
Release: 5.%{gitdate}git%{gitversion}%{?dist}
|
||||
|
||||
Summary: Library providing Trusted Platform Module (TPM) functionality
|
||||
License: BSD
|
||||
@ -14,6 +14,7 @@ Patch0002: 0001-tpm2-Fix-size-check-in-CryptSecretDecrypt.patch
|
||||
Patch0003: 0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
|
||||
Patch0004: 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
|
||||
Patch0005: 0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
|
||||
Patch0006: 0001-tpm2-CVE-2025-49133-fix.patch
|
||||
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pkgconfig gawk sed
|
||||
@ -60,6 +61,10 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Mon Jun 16 2025 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-5.20211126git1ff6fe1f43
|
||||
- Fix CVE-2025-49133
|
||||
Resolves: RHEL-96258
|
||||
|
||||
* Wed Sep 04 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-4.20211126git1ff6fe1f43
|
||||
- Backport "tpm2: Return TPM_RC_VALUE upon decryption failure"
|
||||
Resolves: RHEL-58056
|
||||
|
||||
Loading…
Reference in New Issue
Block a user