import CS libtpms-0.9.1-4.20211126git1ff6fe1f43.el9_2

2024-11-12 08:36:10 +00:00 · 2024-11-12 08:36:10 +00:00 · 4c31d3a58c
commit 4c31d3a58c
parent 1a68baad4a
2 changed files with 37 additions and 1 deletions
--- a/SOURCES/0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
+++ b/SOURCES/0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
@ -0,0 +1,31 @@
+From 1b0b41293a0d49ff8063542fcb3a5ee1d4e10f7e Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.ibm.com>
+Date: Mon, 29 Jul 2024 10:19:00 -0400
+Subject: [PATCH] tpm2: Return TPM_RC_VALUE upon decryption failure
+
+When decryption fails then return TPM_RC_VALUE rather than TPM_RC_FAILURE.
+The old error code could indicate to an application or driver that
+something is wrong with the TPM (has possibly gone into failure mode) even
+though only the decryption failed, possibly due to a wrong key.
+
+Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
+---
+ src/tpm2/crypto/openssl/CryptRsa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
+index b5d6b6c3..88ee3bac 100644
+--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
+@@ -1457,7 +1457,7 @@ CryptRsaDecrypt(
+     outlen = sizeof(buffer);
+     if (EVP_PKEY_decrypt(ctx, buffer, &outlen,
+                          cIn->buffer, cIn->size) <= 0)
+-        ERROR_RETURN(TPM_RC_FAILURE);
+        ERROR_RETURN(TPM_RC_VALUE);
+ 
+     if (outlen > dOut->size)
+         ERROR_RETURN(TPM_RC_FAILURE);
+-- 
+2.41.0.28.gd7d8841f67
+
--- a/SPECS/libtpms.spec
+++ b/SPECS/libtpms.spec
@ -3,7 +3,7 @@

 Name:           libtpms
 Version:        0.9.1
-Release:        3.%{gitdate}git%{gitversion}%{?dist}
+Release:        4.%{gitdate}git%{gitversion}%{?dist}

 Summary: Library providing Trusted Platform Module (TPM) functionality
 License:        BSD
@ -13,6 +13,7 @@ Patch0001:      0001-tpm2-Do-not-call-EVP_PKEY_CTX_set0_rsa_oaep_label-fo.patch
 Patch0002:      0001-tpm2-Fix-size-check-in-CryptSecretDecrypt.patch
 Patch0003:      0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
 Patch0004:      0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
+Patch0005:      0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch

 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig gawk sed
@ -59,6 +60,10 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
 %{_mandir}/man3/*

 %changelog
+* Wed Sep 04 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-4.20211126git1ff6fe1f43
+- Backport "tpm2: Return TPM_RC_VALUE upon decryption failure"
+  Resolves: RHEL-58056
+
 * Wed Mar 01 2023 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-3.20211126git1ff6fe1f43
 - Backport "tpm2: Check size of buffer before accessing it" (CVE-2023-1017 & CVE-2023-1018)
  Resolves: rhbz#2173960