commit 69a9dc5b40afbbf6728aeddbe5c878181673d073 Author: CentOS Sources Date: Wed Nov 3 17:37:54 2021 -0400 import libtpms-0.8.2-0.20210301git729fc6a4ca.el9.6 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e74a844 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libtpms-20210301.tar.xz diff --git a/.libtpms.metadata b/.libtpms.metadata new file mode 100644 index 0000000..f90db11 --- /dev/null +++ b/.libtpms.metadata @@ -0,0 +1 @@ +06f74377a865ce292372340b560c30984022d270 SOURCES/libtpms-20210301.tar.xz diff --git a/SOURCES/0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch b/SOURCES/0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch new file mode 100644 index 0000000..055c014 --- /dev/null +++ b/SOURCES/0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch @@ -0,0 +1,106 @@ +From 16cd8fba849d1d95b247025aea7314165ffd8acf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Tue, 18 May 2021 17:10:52 +0400 +Subject: [PATCH] build-sys: leave CFLAGS/LDFLAGS for user to be defined +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This allows user to set specific flags during compilation, without +overriding configure-time cflags necessary for compilation. + +See also: +https://www.gnu.org/software/automake/manual/html_node/User-Variables.html +https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html + +Signed-off-by: Marc-André Lureau +--- + configure.ac | 13 ++++++++----- + src/Makefile.am | 16 +++++++++------- + 2 files changed, 17 insertions(+), 12 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 8559b66..95deab5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -305,9 +305,12 @@ if test "x$enable_hardening" != "xno"; then + AC_SUBST([HARDENING_LDFLAGS]) + fi + +-CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign" +-CFLAGS="$CFLAGS -Wmissing-prototypes" +-LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS" ++AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign" ++AM_CFLAGS="$AM_CFLAGS -Wmissing-prototypes" ++AM_LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS" ++ ++AC_SUBST([AM_CFLAGS]) ++AC_SUBST([AM_LDFLAGS]) + + AC_CONFIG_FILES(Makefile \ + dist/libtpms.spec \ +@@ -330,10 +333,10 @@ if test -z "$with_tpm2"; then + fi + + echo +-echo "CFLAGS=$CFLAGS" ++echo "AM_CFLAGS=$AM_CFLAGS" + echo "HARDENING_CFLAGS=$HARDENING_CFLAGS" + echo "HARDENING_LDFLAGS=$HARDENING_LDFLAGS" +-echo "LDFLAGS=$LDFLAGS" ++echo "AM_LDFLAGS=$AM_LDFLAGS" + echo + echo "Version to build : $PACKAGE_VERSION" + echo "Crypto library : $cryptolib" +diff --git a/src/Makefile.am b/src/Makefile.am +index 6594ddf..65910d8 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -4,18 +4,20 @@ + # For the license, see the LICENSE file in the root directory. + # + ++AM_CFLAGS = @AM_CFLAGS@ ++AM_LDFLAGS = @AM_LDFLAGS@ $(HARDENING_LDFLAGS) $(SANITIZERS) $(FUZZER) ++ + lib_LTLIBRARIES=libtpms.la + + common_CFLAGS = -include tpm_library_conf.h \ + -I$(top_srcdir)/include/libtpms \ + -I$(top_builddir)/include/libtpms \ ++ $(AM_CFLAGS) \ + $(HARDENING_CFLAGS) \ + $(SANITIZERS) \ + $(FUZZER) + + +-LDFLAGS += $(HARDENING_LDFLAGS) $(SANITIZERS) $(FUZZER) +- + # + # TPM1.2 + # +@@ -574,16 +576,16 @@ libtpms_la_SOURCES = \ + libtpms_la_CFLAGS = $(common_CFLAGS) + + libtpms_la_LDFLAGS = -version-info $(LIBTPMS_VERSION_INFO) \ +- -no-undefined ++ -no-undefined $(AM_LDFLAGS) + + if HAVE_VERSION_SCRIPT + libtpms_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libtpms.syms + endif + +-LDFLAGS_ARCH = $(findstring -m32, $(CFLAGS)) +-LDFLAGS_ARCH += $(findstring -m64, $(CFLAGS)) +-LDFLAGS_ARCH += $(findstring -m32, $(LDFLAGS)) +-LDFLAGS_ARCH += $(findstring -m64, $(LDFLAGS)) ++LDFLAGS_ARCH = $(findstring -m32, $(AM_CFLAGS)) ++LDFLAGS_ARCH += $(findstring -m64, $(AM_CFLAGS)) ++LDFLAGS_ARCH += $(findstring -m32, $(AM_LDFLAGS)) ++LDFLAGS_ARCH += $(findstring -m64, $(AM_LDFLAGS)) + + check-local: SHELL?="/usr/bin/env bash" + check-local: +-- +2.29.0 + diff --git a/SOURCES/0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch b/SOURCES/0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch new file mode 100644 index 0000000..e2d0b8c --- /dev/null +++ b/SOURCES/0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch @@ -0,0 +1,202 @@ +From f16250b35aff6995e540143a9858c9cf0d1f9573 Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Mon, 21 Jun 2021 14:04:34 -0400 +Subject: [PATCH 1/3] tpm2: Reset TPM2B buffer sizes after test fails for valid + buffer size + +Reset the buffer size indicator in a TPM2B type of buffer after it failed +the test for the maximum buffer size it allows. This prevents having bad +buffer sizes in memory that can come to haunt us when writing the volatile +state for example. + +Signed-off-by: Stefan Berger +--- + src/tpm2/NVMarshal.c | 1 + + src/tpm2/Unmarshal.c | 21 +++++++++++++++++++++ + 2 files changed, 22 insertions(+) + +diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c +index efbab70..9f6d0f7 100644 +--- a/src/tpm2/NVMarshal.c ++++ b/src/tpm2/NVMarshal.c +@@ -1503,6 +1503,7 @@ bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size) + "allocated %zu\n", + (size_t)data->size, (size_t)data->allocated); + rc = TPM_RC_SIZE; ++ data->size = 0; + } + } + +diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c +index c692ccc..8e7a9b7 100644 +--- a/src/tpm2/Unmarshal.c ++++ b/src/tpm2/Unmarshal.c +@@ -136,6 +136,7 @@ TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->size > targetSize) { + rc = TPM_RC_SIZE; ++ target->size = 0; // libtpms added + } + } + if (rc == TPM_RC_SUCCESS) { +@@ -1686,6 +1687,7 @@ TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *s + if ((target->sizeofSelect < PCR_SELECT_MIN) || + (target->sizeofSelect > PCR_SELECT_MAX)) { + rc = TPM_RC_VALUE; ++ target->sizeofSelect = 0; // libtpms added + } + } + if (rc == TPM_RC_SUCCESS) { +@@ -1859,6 +1861,7 @@ TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_CAP_CC) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -1897,6 +1900,7 @@ TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_CAP_CC) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -1920,6 +1924,7 @@ TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_ALG_LIST_SIZE) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -1942,6 +1947,7 @@ TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_CAP_HANDLES) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -1970,11 +1976,13 @@ TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size) + /* TPM side is hard coded to 2 minimum */ + if (target->count < 2) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + if (rc == TPM_RC_SUCCESS) { + if (target->count > 8) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -1997,6 +2005,7 @@ TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *s + if (rc == TPM_RC_SUCCESS) { + if (target->count > HASH_COUNT) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -2019,6 +2028,7 @@ TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *s + if (rc == TPM_RC_SUCCESS) { + if (target->count > HASH_COUNT) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -2044,6 +2054,7 @@ TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *siz + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_CAP_ALGS) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -2066,6 +2077,7 @@ TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buf + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_TPM_PROPERTIES) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -2088,6 +2100,7 @@ TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buff + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_PCR_PROPERTIES) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -2110,6 +2123,7 @@ TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_ECC_CURVES) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -2132,6 +2146,7 @@ TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *s + if (rc == TPM_RC_SUCCESS) { + if (target->count > MAX_TAGGED_POLICIES) { + rc = TPM_RC_SIZE; ++ target->count = 0; // libtpms added + } + } + for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { +@@ -2781,6 +2796,7 @@ TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, + if (rc == TPM_RC_SUCCESS) { + if (target->size != startSize - *size) { + rc = TPM_RC_SIZE; ++ target->size = 0; // libtpms added + } + } + return rc; +@@ -3540,6 +3556,7 @@ TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->size != startSize - *size) { + rc = TPM_RC_SIZE; ++ target->size = 0; // libtpms added + } + } + return rc; +@@ -4063,6 +4080,7 @@ TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL al + if (rc == TPM_RC_SUCCESS) { + if (target->size != startSize - *size) { + rc = TPM_RC_SIZE; ++ target->size = 0; // libtpms added + } + } + return rc; +@@ -4158,6 +4176,7 @@ TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->size != startSize - *size) { + rc = TPM_RC_SIZE; ++ target->size = 0; // libtpms added + } + } + } +@@ -4233,6 +4252,7 @@ TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->dataSize > MAX_NV_INDEX_SIZE) { + rc = TPM_RC_SIZE; ++ target->dataSize = 0; // libtpms added + } + } + return rc; +@@ -4263,6 +4283,7 @@ TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->size != startSize - *size) { + rc = TPM_RC_SIZE; ++ target->size = 0; // libtpms added + } + } + return rc; +-- +2.29.0 + diff --git a/SOURCES/0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch b/SOURCES/0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch new file mode 100644 index 0000000..6237aca --- /dev/null +++ b/SOURCES/0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch @@ -0,0 +1,267 @@ +From 3ef9b26cb9f28bd64d738bff9505a20d4eb56acd Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Mon, 21 Jun 2021 15:10:14 -0400 +Subject: [PATCH 2/3] tpm2: Add maxSize parameter to TPM2B_Marshal for sanity + checks + +Add maxSize parameter to TPM2B_Marshal and assert on it checking +the size of the data intended to be marshaled versus the maximum +buffer size. + +Signed-off-by: Stefan Berger +--- + src/tpm2/Marshal.c | 38 ++++++++++++++++++++------------------ + src/tpm2/Marshal_fp.h | 2 +- + src/tpm2/NVMarshal.c | 18 +++++++++--------- + 3 files changed, 30 insertions(+), 28 deletions(-) + +diff --git a/src/tpm2/Marshal.c b/src/tpm2/Marshal.c +index 53c241e..c843224 100644 +--- a/src/tpm2/Marshal.c ++++ b/src/tpm2/Marshal.c +@@ -59,6 +59,7 @@ + /* */ + /********************************************************************************/ + ++#include // libtpms added + #include + + #include "Tpm.h" +@@ -176,9 +177,10 @@ Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size) + } + + UINT16 +-TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size) ++TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; ++ assert(source->size <= maxSize); // libtpms added + written += UINT16_Marshal(&(source->size), buffer, size); + written += Array_Marshal(source->buffer, source->size, buffer, size); + return written; +@@ -503,7 +505,7 @@ UINT16 + TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +-written += TPM2B_Marshal(&source->b, buffer, size); ++written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -513,7 +515,7 @@ UINT16 + TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +-written += TPM2B_Marshal(&source->b, buffer, size); ++written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -543,7 +545,7 @@ UINT16 + TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -553,7 +555,7 @@ UINT16 + TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -562,7 +564,7 @@ UINT16 + TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -572,7 +574,7 @@ UINT16 + TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -582,7 +584,7 @@ UINT16 + TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.name), buffer, size); // libtpms changed + return written; + } + +@@ -1163,7 +1165,7 @@ UINT16 + TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.attestationData), buffer, size); // libtpms changed + return written; + } + +@@ -1294,7 +1296,7 @@ UINT16 + TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -1315,7 +1317,7 @@ UINT16 + TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -1673,7 +1675,7 @@ UINT16 + TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -1693,7 +1695,7 @@ UINT16 + TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -1703,7 +1705,7 @@ UINT16 + TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -1937,7 +1939,7 @@ UINT16 + TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.secret), buffer, size); // libtpms changed + return written; + } + +@@ -2148,7 +2150,7 @@ UINT16 + TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +@@ -2158,7 +2160,7 @@ UINT16 + TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.credential), buffer, size); // libtpms changed + return written; + } + +@@ -2215,7 +2217,7 @@ UINT16 + TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed + return written; + } + +diff --git a/src/tpm2/Marshal_fp.h b/src/tpm2/Marshal_fp.h +index 3ce6eb3..d52f497 100644 +--- a/src/tpm2/Marshal_fp.h ++++ b/src/tpm2/Marshal_fp.h +@@ -79,7 +79,7 @@ extern "C" { + UINT16 + Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size); + UINT16 +- TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size); ++ TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size); // libtpms changed + UINT16 + TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size); + UINT16 +diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c +index 9f6d0f7..f8a3798 100644 +--- a/src/tpm2/NVMarshal.c ++++ b/src/tpm2/NVMarshal.c +@@ -278,7 +278,7 @@ static UINT16 + TPM2B_PROOF_Marshal(TPM2B_PROOF *source, BYTE **buffer, INT32 *size) + { + UINT16 written = 0; +- written += TPM2B_Marshal(&source->b, buffer, size); ++ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); + return written; + } + +@@ -1390,7 +1390,7 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size) + STATE_RESET_DATA_VERSION, + STATE_RESET_DATA_MAGIC, 3); + written += TPM2B_PROOF_Marshal(&data->nullProof, buffer, size); +- written += TPM2B_Marshal(&data->nullSeed.b, buffer, size); ++ written += TPM2B_Marshal(&data->nullSeed.b, sizeof(data->nullSeed.t.buffer), buffer, size); + written += UINT32_Marshal(&data->clearCount, buffer, size); + written += UINT64_Marshal(&data->objectContextID, buffer, size); + +@@ -2178,7 +2178,7 @@ TPM2B_HASH_BLOCK_Marshal(TPM2B_HASH_BLOCK *data, BYTE **buffer, INT32 *size) + { + UINT16 written; + +- written = TPM2B_Marshal(&data->b, buffer, size); ++ written = TPM2B_Marshal(&data->b, sizeof(data->t.buffer), buffer, size); + + return written; + } +@@ -3062,9 +3062,9 @@ VolatileState_Marshal(BYTE **buffer, INT32 *size) + + /* tie the volatile state to the EP,SP, and PPSeed */ + NvRead(&pd, NV_PERSISTENT_DATA, sizeof(pd)); +- written += TPM2B_Marshal(&pd.EPSeed.b, buffer, size); +- written += TPM2B_Marshal(&pd.SPSeed.b, buffer, size); +- written += TPM2B_Marshal(&pd.PPSeed.b, buffer, size); ++ written += TPM2B_Marshal(&pd.EPSeed.b, sizeof(pd.EPSeed.t.buffer), buffer, size); ++ written += TPM2B_Marshal(&pd.SPSeed.b, sizeof(pd.SPSeed.t.buffer), buffer, size); ++ written += TPM2B_Marshal(&pd.PPSeed.b, sizeof(pd.PPSeed.t.buffer), buffer, size); + + written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size); /* v4 */ + +@@ -3881,9 +3881,9 @@ PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size) + written += TPM2B_AUTH_Marshal(&data->ownerAuth, buffer, size); + written += TPM2B_AUTH_Marshal(&data->endorsementAuth, buffer, size); + written += TPM2B_AUTH_Marshal(&data->lockoutAuth, buffer, size); +- written += TPM2B_Marshal(&data->EPSeed.b, buffer, size); +- written += TPM2B_Marshal(&data->SPSeed.b, buffer, size); +- written += TPM2B_Marshal(&data->PPSeed.b, buffer, size); ++ written += TPM2B_Marshal(&data->EPSeed.b, sizeof(data->EPSeed.t.buffer), buffer, size); ++ written += TPM2B_Marshal(&data->SPSeed.b, sizeof(data->SPSeed.t.buffer), buffer, size); ++ written += TPM2B_Marshal(&data->PPSeed.b, sizeof(data->PPSeed.t.buffer), buffer, size); + written += TPM2B_PROOF_Marshal(&data->phProof, buffer, size); + written += TPM2B_PROOF_Marshal(&data->shProof, buffer, size); + written += TPM2B_PROOF_Marshal(&data->ehProof, buffer, size); +-- +2.29.0 + diff --git a/SOURCES/0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch b/SOURCES/0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch new file mode 100644 index 0000000..f2431b0 --- /dev/null +++ b/SOURCES/0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch @@ -0,0 +1,1046 @@ +From 5cc98a62dc6f204dcf5b87c2ee83ac742a6a319b Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Wed, 23 Jun 2021 20:54:44 -0400 +Subject: [PATCH 3/3] tpm2: Restore original value if unmarshalled value was + illegal + +Restore the original value of the memory location where data from +a stream was unmarshalled and the unmarshalled value was found to +be illegal. The goal is to not keep illegal values in memory. + +Signed-off-by: Stefan Berger +--- + src/tpm2/Unmarshal.c | 128 +++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 128 insertions(+) + +diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c +index 8e7a9b7..e95d961 100644 +--- a/src/tpm2/Unmarshal.c ++++ b/src/tpm2/Unmarshal.c +@@ -165,6 +165,7 @@ TPM_RC + TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_GENERATED orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT32_Unmarshal(target, buffer, size); +@@ -172,6 +173,7 @@ TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (*target != TPM_GENERATED_VALUE) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -198,6 +200,7 @@ TPM_RC + TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_ECC_CURVE orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT16_Unmarshal(target, buffer, size); +@@ -216,6 +219,7 @@ TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_CURVE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -241,6 +245,7 @@ TPM_RC + TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_CLOCK_ADJUST orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = INT8_Unmarshal(target, buffer, size); +@@ -257,6 +262,7 @@ TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -268,6 +274,7 @@ TPM_RC + TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_EO orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT16_Unmarshal(target, buffer, size); +@@ -289,6 +296,7 @@ TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -300,6 +308,7 @@ TPM_RC + TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_ST orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT16_Unmarshal(target, buffer, size); +@@ -325,6 +334,7 @@ TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -336,6 +346,7 @@ TPM_RC + TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_SU orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT16_Unmarshal(target, buffer, size); +@@ -347,6 +358,7 @@ TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -358,6 +370,7 @@ TPM_RC + TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_SE orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT8_Unmarshal(target, buffer, size); +@@ -370,6 +383,7 @@ TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -381,6 +395,7 @@ TPM_RC + TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_CAP orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT32_Unmarshal(target, buffer, size); +@@ -402,6 +417,7 @@ TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -452,6 +468,7 @@ TPM_RC + TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMA_ALGORITHM orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ +@@ -459,6 +476,7 @@ TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (*target & TPMA_ALGORITHM_reserved) { + rc = TPM_RC_RESERVED_BITS; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -470,6 +488,7 @@ TPM_RC + TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMA_OBJECT orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ +@@ -477,6 +496,7 @@ TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (*target & TPMA_OBJECT_reserved) { + rc = TPM_RC_RESERVED_BITS; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -488,6 +508,7 @@ TPM_RC + TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMA_SESSION orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT8_Unmarshal((UINT8 *)target, buffer, size); /* libtpms changed */ +@@ -495,6 +516,7 @@ TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (*target & TPMA_SESSION_reserved) { + rc = TPM_RC_RESERVED_BITS; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -519,6 +541,7 @@ TPM_RC + TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMA_CC orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ +@@ -526,6 +549,7 @@ TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (*target & TPMA_CC_reserved) { + rc = TPM_RC_RESERVED_BITS; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -537,6 +561,7 @@ TPM_RC + TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_YES_NO orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT8_Unmarshal(target, buffer, size); +@@ -548,6 +573,7 @@ TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -559,6 +585,7 @@ TPM_RC + TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_DH_OBJECT orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -571,6 +598,7 @@ TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOO + isNotPersistent && + isNotLegalNull) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -582,6 +610,7 @@ TPM_RC + TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_DH_PARENT orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -600,6 +629,7 @@ TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOO + isNotEndorsement && + isNotLegalNull) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -611,6 +641,7 @@ TPM_RC + TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_DH_PERSISTENT orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -619,6 +650,7 @@ TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *s + BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST); + if (isNotPersistent) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -630,6 +662,7 @@ TPM_RC + TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_DH_ENTITY orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -656,6 +689,7 @@ TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOO + isNotAuth && + isNotLegalNull) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -667,6 +701,7 @@ TPM_RC + TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_DH_PCR orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -677,6 +712,7 @@ TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allo + if (isNotPcr && + isNotLegalNull) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -688,6 +724,7 @@ TPM_RC + TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL allowPwd) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_SH_AUTH_SESSION orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -700,6 +737,7 @@ TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT3 + isNotPolicySession && + isNotLegalPwd) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -711,6 +749,7 @@ TPM_RC + TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_SH_HMAC orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -719,6 +758,7 @@ TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size) + BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST); + if (isNotHmacSession) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -730,6 +770,7 @@ TPM_RC + TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_SH_POLICY orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -738,6 +779,7 @@ TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size) + BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST); + if (isNotPolicySession) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -749,6 +791,7 @@ TPM_RC + TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_DH_CONTEXT orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -761,6 +804,7 @@ TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size) + isNotPolicySession && + isNotTransient) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -772,6 +816,7 @@ TPM_RC + TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_DH_SAVED orig_target = *target; // libtpms added + allowNull = allowNull; + + if (rc == TPM_RC_SUCCESS) { +@@ -789,6 +834,7 @@ TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size, BOOL + isNotSequenceObject && + isNotTransientStClear) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -800,6 +846,7 @@ TPM_RC + TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_HIERARCHY orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -816,6 +863,7 @@ TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *siz + } + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -827,6 +875,7 @@ TPM_RC + TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_ENABLES orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -844,6 +893,7 @@ TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, B + } + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -855,6 +905,7 @@ TPM_RC + TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_HIERARCHY_AUTH orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -868,6 +919,7 @@ TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -879,6 +931,7 @@ TPM_RC + TPMI_RH_HIERARCHY_POLICY_Unmarshal(TPMI_RH_HIERARCHY_POLICY *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_HIERARCHY_POLICY orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -895,6 +948,7 @@ TPMI_RH_HIERARCHY_POLICY_Unmarshal(TPMI_RH_HIERARCHY_POLICY *target, BYTE **buff + BOOL isNotHP = (*target < TPM_RH_ACT_0) || (*target > TPM_RH_ACT_F); + if (isNotHP) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + } +@@ -908,6 +962,7 @@ TPM_RC + TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_PLATFORM orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -918,6 +973,7 @@ TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -929,6 +985,7 @@ TPM_RC + TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_ENDORSEMENT orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -943,6 +1000,7 @@ TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 + } + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -954,6 +1012,7 @@ TPM_RC + TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_PROVISION orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -965,6 +1024,7 @@ TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *siz + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -976,6 +1036,7 @@ TPM_RC + TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_CLEAR orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -987,6 +1048,7 @@ TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -998,6 +1060,7 @@ TPM_RC + TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_NV_AUTH orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -1012,6 +1075,7 @@ TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size) + BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); + if (isNotNv) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + } +@@ -1025,6 +1089,7 @@ TPM_RC + TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_LOCKOUT orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -1035,6 +1100,7 @@ TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1046,6 +1112,7 @@ TPM_RC + TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_NV_INDEX orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -1054,6 +1121,7 @@ TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size) + BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); + if (isNotNv) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1065,6 +1133,7 @@ TPM_RC + TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_AC orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -1073,6 +1142,7 @@ TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size) + BOOL isNotAC = (*target < AC_FIRST) || (*target > AC_LAST); + if (isNotAC) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1084,6 +1154,7 @@ TPM_RC + TPMI_RH_ACT_Unmarshal( TPMI_RH_ACT *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RH_ACT orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_HANDLE_Unmarshal(target, buffer, size); +@@ -1092,6 +1163,7 @@ TPMI_RH_ACT_Unmarshal( TPMI_RH_ACT *target, BYTE **buffer, INT32 *size) + BOOL isNotACT = (*target < TPM_RH_ACT_0) || (*target > TPM_RH_ACT_F); + if (isNotACT) { + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1103,6 +1175,7 @@ TPM_RC + TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_HASH orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -1131,6 +1204,7 @@ TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL + } + default: + rc = TPM_RC_HASH; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1142,6 +1216,7 @@ TPM_RC + TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_SYM orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -1170,6 +1245,7 @@ TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL al + } + default: + rc = TPM_RC_SYMMETRIC; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1181,6 +1257,7 @@ TPM_RC + TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_SYM_OBJECT orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -1206,6 +1283,7 @@ TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 + } + default: + rc = TPM_RC_SYMMETRIC; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1217,6 +1295,7 @@ TPM_RC + TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_SYM_MODE orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -1248,6 +1327,7 @@ TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *siz + } + default: + rc = TPM_RC_MODE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1259,6 +1339,7 @@ TPM_RC + TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_KDF orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -1284,6 +1365,7 @@ TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL al + } + default: + rc = TPM_RC_KDF; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1295,6 +1377,7 @@ TPM_RC + TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_SIG_SCHEME orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -1329,6 +1412,7 @@ TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 + } + default: + rc = TPM_RC_SCHEME; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1340,6 +1424,7 @@ TPM_RC + TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ECC_KEY_EXCHANGE orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -1362,6 +1447,7 @@ TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, IN + } + default: + rc = TPM_RC_SCHEME; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1374,6 +1460,7 @@ TPM_RC + TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ST_COMMAND_TAG orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ST_Unmarshal(target, buffer, size); +@@ -1385,6 +1472,7 @@ TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 + break; + default: + rc = TPM_RC_BAD_TAG; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1396,6 +1484,7 @@ TPM_RC + TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_MAC_SCHEME orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -1427,6 +1516,7 @@ TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 + } + default: + rc = TPM_RC_SYMMETRIC; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1438,6 +1528,7 @@ TPM_RC + TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_CIPHER_MODE orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -1466,6 +1557,7 @@ TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, INT32 + } + default: + rc = TPM_RC_MODE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -1702,6 +1794,7 @@ TPM_RC + TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_ST orig_tag = target->tag; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ST_Unmarshal(&target->tag, buffer, size); +@@ -1709,6 +1802,7 @@ TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->tag != TPM_ST_CREATION) { + rc = TPM_RC_TAG; ++ target->tag = orig_tag; // libtpms added + } + } + if (rc == TPM_RC_SUCCESS) { +@@ -1726,6 +1820,7 @@ TPM_RC + TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_ST orig_tag = target->tag; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ST_Unmarshal(&target->tag, buffer, size); +@@ -1733,6 +1828,7 @@ TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (target->tag != TPM_ST_VERIFIED) { + rc = TPM_RC_TAG; ++ target->tag = orig_tag; // libtpms added + } + } + if (rc == TPM_RC_SUCCESS) { +@@ -1750,6 +1846,7 @@ TPM_RC + TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_ST orig_tag = target->tag; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ST_Unmarshal(&target->tag, buffer, size); +@@ -1758,6 +1855,7 @@ TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) + if ((target->tag != TPM_ST_AUTH_SIGNED) && + (target->tag != TPM_ST_AUTH_SECRET)) { + rc = TPM_RC_TAG; ++ target->tag = orig_tag; // libtpms added + } + } + if (rc == TPM_RC_SUCCESS) { +@@ -1775,6 +1873,7 @@ TPM_RC + TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPM_ST orig_tag = target->tag; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ST_Unmarshal(&target->tag, buffer, size); +@@ -1782,6 +1881,7 @@ TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *siz + if (rc == TPM_RC_SUCCESS) { + if (target->tag != TPM_ST_HASHCHECK) { + rc = TPM_RC_TAG; ++ target->tag = orig_tag; // libtpms added + } + } + if (rc == TPM_RC_SUCCESS) { +@@ -2380,6 +2480,7 @@ TPM_RC + TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ST_ATTEST orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ST_Unmarshal(target, buffer, size); +@@ -2396,6 +2497,7 @@ TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_SELECTOR; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -2490,6 +2592,7 @@ TPM_RC + TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_AES_KEY_BITS orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); +@@ -2501,6 +2604,7 @@ TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *siz + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -2512,6 +2616,7 @@ TPM_RC + TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_CAMELLIA_KEY_BITS orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); +@@ -2522,6 +2627,7 @@ TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -2533,6 +2639,7 @@ TPM_RC + TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_SM4_KEY_BITS orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); +@@ -2543,6 +2650,7 @@ TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *siz + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -2554,6 +2662,7 @@ TPM_RC + TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_SM4_KEY_BITS orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); +@@ -2565,6 +2674,7 @@ TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *si + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -2837,6 +2947,7 @@ TPM_RC + TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_KEYEDHASH_SCHEME orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -2856,6 +2967,7 @@ TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **bu + } + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -3240,6 +3352,7 @@ TPM_RC + TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_ASYM_SCHEME orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -3283,6 +3396,7 @@ TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT3 + } + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -3361,6 +3475,7 @@ TPM_RC + TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_RSA_SCHEME orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -3386,6 +3501,7 @@ TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 + } + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -3413,6 +3529,7 @@ TPM_RC + TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_RSA_DECRYPT orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -3432,6 +3549,7 @@ TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT3 + } + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -3472,6 +3590,7 @@ TPM_RC + TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_RSA_KEY_BITS orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); +@@ -3484,6 +3603,7 @@ TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *siz + break; + default: + rc = TPM_RC_VALUE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -3568,6 +3688,7 @@ TPM_RC + TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_ECC_SCHEME orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -3599,6 +3720,7 @@ TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 + } + default: + rc = TPM_RC_SCHEME; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -3610,6 +3732,7 @@ TPM_RC + TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ECC_CURVE orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ECC_CURVE_Unmarshal(target, buffer, size); +@@ -3646,6 +3769,7 @@ TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_CURVE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -3860,6 +3984,7 @@ TPM_RC + TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMI_ALG_PUBLIC orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = TPM_ALG_ID_Unmarshal(target, buffer, size); +@@ -3881,6 +4006,7 @@ TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) + break; + default: + rc = TPM_RC_TYPE; ++ *target = orig_target; // libtpms added + } + } + return rc; +@@ -4215,6 +4341,7 @@ TPM_RC + TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) + { + TPM_RC rc = TPM_RC_SUCCESS; ++ TPMA_NV orig_target = *target; // libtpms added + + if (rc == TPM_RC_SUCCESS) { + rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ +@@ -4222,6 +4349,7 @@ TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) + if (rc == TPM_RC_SUCCESS) { + if (*target & TPMA_NV_RESERVED) { + rc = TPM_RC_RESERVED_BITS; ++ *target = orig_target; // libtpms added + } + } + return rc; +-- +2.29.0 + diff --git a/SPECS/libtpms.spec b/SPECS/libtpms.spec new file mode 100644 index 0000000..10d93b2 --- /dev/null +++ b/SPECS/libtpms.spec @@ -0,0 +1,279 @@ +%global gitdate 20210301 +%global gitversion 729fc6a4ca + +Name: libtpms +Version: 0.8.2 +Release: 0.%{gitdate}git%{gitversion}%{?dist}.6 + +Summary: Library providing Trusted Platform Module (TPM) functionality +License: BSD +Url: http://github.com/stefanberger/libtpms +Source0: libtpms-%{gitdate}.tar.xz +Patch0001: 0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch +Patch0002: 0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch +Patch0003: 0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch +Patch0004: 0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch + +BuildRequires: openssl-devel +BuildRequires: pkgconfig gawk sed +BuildRequires: automake autoconf libtool bash coreutils gcc-c++ +BuildRequires: make + +%description +A library providing TPM functionality for VMs. Targeted for integration +into Qemu. + +%package devel +Summary: Include files for libtpms +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +Libtpms header files and documentation. + +%prep +%autosetup -p1 -n %{name}-%{gitdate} +%build +NOCONFIGURE=1 sh autogen.sh +%configure --disable-static --with-tpm2 --with-openssl +make %{?_smp_mflags} CFLAGS=-Wno-error=deprecated-declarations + +%check +make check + +%install +make DESTDIR="%{buildroot}" install +find %{buildroot} -type f -name '*.la' | xargs rm -f -- || : + +%ldconfig_scriptlets + +%files +%license LICENSE +%doc README CHANGES +%{_libdir}/lib*.so.* + +%files devel +%dir %{_includedir}/%{name} +%{_includedir}/%{name}/*.h +%{_libdir}/lib*.so +%{_libdir}/pkgconfig/*.pc +%{_mandir}/man3/* + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 0.8.2-0.20210301git729fc6a4ca.6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jun 30 2021 Marc-André Lureau - 0.8.2-0.20210301git729fc6a4ca.5 +- Fixes CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM + Resolves: rhbz#1976814 + +* Wed Jun 16 2021 Mohan Boddu - 0.8.2-0.20210301git729fc6a4ca.4 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Tue May 18 2021 Marc-André Lureau - 0.8.2-0.20210301git729fc6a4ca.3 +- Add -Wno-error=deprecated-declarations, to ignore OpenSSL 3.0 deprecation warnings. + Fixes: rhbz#1958054 + +* Fri Apr 16 2021 Mohan Boddu - 0.8.2-0.20210301git729fc6a4ca.2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Mar 01 2021 Stefan Berger - 0.8.2-0.20210301git729fc6a4ca +- tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue + +* Sat Feb 27 2021 Stefan Berger - 0.8.1-0.20210227git5bf2746e47 +- Fixed a context save and suspend/resume problem when public keys are loaded + +* Thu Feb 18 2021 Stefan Berger - 0.7.5-0.20210218gite271498466 +- Addressed UBSAN and cppcheck detected issues +- Return proper size of ECC Parameters to pass HLK tests + +* Tue Jan 26 2021 Fedora Release Engineering - 0.7.4-0.20201031git2452a24dab.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sat Oct 31 2020 Stefan Berger - 0.7.4-0.20201031git2452a24dab +- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes + +* Fri Jul 31 2020 Stefan Berger - 0.7.3-0.20200731git1d392d466a +- Follow stable-0.7.0 branch to v0.7.3 + +* Tue Jul 28 2020 Fedora Release Engineering - 0.7.2-0.20200527git7325acb477.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed May 27 2020 Stefan Berger - 0.7.2-0.20200527git7325acb477 +- Following stable-0.7.0 branch for TPM 2 related fixes: RSA decryption, + PSS salt length, symmetric decryption (padding) +- Under certain circumstances an RSA decryption could cause a buffer overflow causing + termination of the program (swtpm) + +* Wed May 20 2020 Stefan Berger - 0.7.1-0.20200520git8fe99d1fd0 +- Following stable-0.7.0 branch for TPM 2 related fixes; v0.7.1 + gcc related patch +- elliptic curve fixes +- MANUFACTURER changed from "IBM " to "IBM" +- gcc 10 related fix + +* Wed Jan 29 2020 Fedora Release Engineering - 0.7.0-0.20191018gitdc116933b7.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Oct 18 2019 Stefan Berger - 0.7.0-0.20191018gitdc116933b7 +- Following stable-0.7.0 branch for TPM 1.2 related bugfix + +* Tue Oct 08 2019 Stefan Berger - 0.7.0-0.20191008gitc26e8f7b08 +- Following stable-0.7.0 branch for bug fix + +* Thu Jul 25 2019 Fedora Release Engineering - 0.7.0-0.20190719gitd061d8065b.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Jul 19 2019 Stefan Berger - 0.7.0-0.20190719gitd061d8065b +- Update to v0.7.0 + +* Fri May 10 2019 Stefan Berger - 0.6.1-0.20190510gitb244bdf6e2 +- Applied bugfix for CMAC + +* Fri Feb 01 2019 Fedora Release Engineering - 0.6.1-0.20190121git9dc915572b.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 21 2019 Stefan Berger - 0.6.1-0.20190121git9dc915572b +- Libtpms was updated to rev. 150 of TPM 2.0 code +- following branch stable-0.6.0 + +* Tue Dec 11 2018 Stefan Berger - 0.6.0-0.20181211gitba56737b93 +- Following bugfixes in libtpms + +* Wed Oct 31 2018 Stefan Berger - 0.6.0-0.20181031git0466fcf6a4 +- Following improvements in libtpms + +* Tue Sep 18 2018 Stefan Berger - 0.6.0-0.20180914git4111bd1bcf +- Build snapshot from git, simplify spec + +* Fri Jul 13 2018 Fedora Release Engineering - 0.5.2-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 0.5.2-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 0.5.2-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.5.2-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0.5.2-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Feb 04 2016 Fedora Release Engineering - 0.5.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 0.5.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 0.5.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Aug 16 2014 Stefan Berger - 0.5.2-3 +- do not include libtpms.la in rpm + +* Mon Jul 14 2014 Stefan Berger - 0.5.2-2 +- Added patches + +* Mon Jun 30 2014 Stefan Berger - 0.5.2-1 +- Updated to version 0.5.2 +- coverity fixes +- fixes for ARM64 using __aarch64__ + +* Sat Jun 07 2014 Fedora Release Engineering - 0.5.1-20.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 0.5.1-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Mar 25 2013 Stefan Berger - 0.5.1-18 +- Ran autoreconf for support of aarch64 +- Checking for __arm64__ in code + +* Thu Feb 14 2013 Fedora Release Engineering - 0.5.1-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Jul 19 2012 Fedora Release Engineering - 0.5.1-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Feb 17 2012 Peter Robinson - 0.5.1-15 +- Add dist tag as required by package guidelines + +* Fri Jan 27 2012 Stefan Berger - 0.5.1-14 +- fix gcc-4.7 compilation problem + +* Fri Jan 13 2012 Fedora Release Engineering - 0.5.1-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Dec 20 2011 Dan Horák - 0.5.1-12 +- fix build on secondary arches + +* Wed Nov 2 2011 Stefan Berger - 0.5.1-11 +- added (lib)gmp as runtime dependency + +* Sat Oct 8 2011 Stefan Berger - 0.5.1-10 +- internal fixes; callback fixes + +* Tue Aug 30 2011 Stefan Berger - 0.5.1-9 +- new directory structure and build process + +* Tue Jul 12 2011 Stefan Berger - 0.5.1-8 +- added pkgconfig as build dependency +- enabling __powerpc__ build following Bz 728220 + +* Wed May 25 2011 Stefan Berger - 0.5.1-7 +- increasing NVRAM area space to have enough room for certificates + +* Wed May 25 2011 Stefan Berger - 0.5.1-6 +- adding libtpms.pc pkg-config file + +* Wed Apr 13 2011 Stefan Berger - 0.5.1-5 +- adding BuildRequires for nss-softokn-freebl-static +- several libtpms-internal changes around state serialization and + deserialization +- fixes to libtpms makefile (makefile-libtpms) +- adding build_type to generate a debug or production build +- need nss-devel to have nss-config + +* Tue Mar 08 2011 Stefan Berger - 0.5.1-4 +- small fixes to libtpms makefile + +* Fri Feb 25 2011 Stefan Berger - 0.5.1-3 +- removing release from tar ball name +- Use {?_smp_mflags} for make rather than hardcoding it +- Fixing post and postun scripts; removing the scripts for devel package +- Fixing usage of defattr +- Adding version information into the changelog headers and spaces between the changelog entries +- Adding LICENSE, README and CHANGELOG file into tar ball and main rpm +- Removing clean section +- removed command to clean the build root +- adding library version to the libries required for building and during + runtime +- Extended Requires in devel package with {?_isa} + +* Fri Feb 18 2011 Stefan Berger - 0.5.1-2 +- make rpmlint happy by replacing tabs with spaces +- providing a valid URL for the tgz file +- release is now 2 -> 0.5.1-2 + +* Mon Jan 17 2011 Stefan Berger - 0.5.1-1 +- Update version to 0.5.1 + +* Fri Jan 14 2011 Stefan Berger - 0.5.0-1 +- Changes following Fedora review comments + +* Thu Dec 2 2010 Stefan Berger +- Small tweaks after reading the FedoreCore packaging requirements + +* Tue Nov 16 2010 Stefan Berger +- Created initial version of rpm spec files +- Version of library is now 0.5.0 +- Debuginfo rpm is built but empty -- seems to be a known problem + Check https://bugzilla.redhat.com/show_bug.cgi?id=209316