rpms/libtpms
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libtpms-0.8.2-0.20210301git729fc6a4ca.el9.6

Browse Source
This commit is contained in:
CentOS Sources 2021-11-03 17:37:54 -04:00 committed by Stepan Oksanichenko
commit 69a9dc5b40
7 changed files with 1902 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/libtpms-20210301.tar.xz

1
.libtpms.metadata Normal file
View File

@ -0,0 +1 @@
06f74377a865ce292372340b560c30984022d270 SOURCES/libtpms-20210301.tar.xz

106
SOURCES/0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch Normal file
View File

@ -0,0 +1,106 @@
From 16cd8fba849d1d95b247025aea7314165ffd8acf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Tue, 18 May 2021 17:10:52 +0400
Subject: [PATCH] build-sys: leave CFLAGS/LDFLAGS for user to be defined
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This allows user to set specific flags during compilation, without
overriding configure-time cflags necessary for compilation.
See also:
https://www.gnu.org/software/automake/manual/html_node/User-Variables.html
https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
configure.ac | 13 ++++++++-----
src/Makefile.am | 16 +++++++++-------
2 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/configure.ac b/configure.ac
index 8559b66..95deab5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -305,9 +305,12 @@ if test "x$enable_hardening" != "xno"; then
AC_SUBST([HARDENING_LDFLAGS])
fi
-CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign"
-CFLAGS="$CFLAGS -Wmissing-prototypes"
-LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
+AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign"
+AM_CFLAGS="$AM_CFLAGS -Wmissing-prototypes"
+AM_LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
+
+AC_SUBST([AM_CFLAGS])
+AC_SUBST([AM_LDFLAGS])
AC_CONFIG_FILES(Makefile \
dist/libtpms.spec \
@@ -330,10 +333,10 @@ if test -z "$with_tpm2"; then
fi
echo
-echo "CFLAGS=$CFLAGS"
+echo "AM_CFLAGS=$AM_CFLAGS"
echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
echo "HARDENING_LDFLAGS=$HARDENING_LDFLAGS"
-echo "LDFLAGS=$LDFLAGS"
+echo "AM_LDFLAGS=$AM_LDFLAGS"
echo
echo "Version to build : $PACKAGE_VERSION"
echo "Crypto library : $cryptolib"
diff --git a/src/Makefile.am b/src/Makefile.am
index 6594ddf..65910d8 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -4,18 +4,20 @@
# For the license, see the LICENSE file in the root directory.
#
+AM_CFLAGS = @AM_CFLAGS@
+AM_LDFLAGS = @AM_LDFLAGS@ $(HARDENING_LDFLAGS) $(SANITIZERS) $(FUZZER)
+
lib_LTLIBRARIES=libtpms.la
common_CFLAGS = -include tpm_library_conf.h \
-I$(top_srcdir)/include/libtpms \
-I$(top_builddir)/include/libtpms \
+ $(AM_CFLAGS) \
$(HARDENING_CFLAGS) \
$(SANITIZERS) \
$(FUZZER)
-LDFLAGS += $(HARDENING_LDFLAGS) $(SANITIZERS) $(FUZZER)
-
#
# TPM1.2
#
@@ -574,16 +576,16 @@ libtpms_la_SOURCES = \
libtpms_la_CFLAGS = $(common_CFLAGS)
libtpms_la_LDFLAGS = -version-info $(LIBTPMS_VERSION_INFO) \
- -no-undefined
+ -no-undefined $(AM_LDFLAGS)
if HAVE_VERSION_SCRIPT
libtpms_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libtpms.syms
endif
-LDFLAGS_ARCH = $(findstring -m32, $(CFLAGS))
-LDFLAGS_ARCH += $(findstring -m64, $(CFLAGS))
-LDFLAGS_ARCH += $(findstring -m32, $(LDFLAGS))
-LDFLAGS_ARCH += $(findstring -m64, $(LDFLAGS))
+LDFLAGS_ARCH = $(findstring -m32, $(AM_CFLAGS))
+LDFLAGS_ARCH += $(findstring -m64, $(AM_CFLAGS))
+LDFLAGS_ARCH += $(findstring -m32, $(AM_LDFLAGS))
+LDFLAGS_ARCH += $(findstring -m64, $(AM_LDFLAGS))
check-local: SHELL?="/usr/bin/env bash"
check-local:
--
2.29.0

202
SOURCES/0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch Normal file
View File

@ -0,0 +1,202 @@
From f16250b35aff6995e540143a9858c9cf0d1f9573 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Mon, 21 Jun 2021 14:04:34 -0400
Subject: [PATCH 1/3] tpm2: Reset TPM2B buffer sizes after test fails for valid
buffer size
Reset the buffer size indicator in a TPM2B type of buffer after it failed
the test for the maximum buffer size it allows. This prevents having bad
buffer sizes in memory that can come to haunt us when writing the volatile
state for example.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/NVMarshal.c | 1 +
src/tpm2/Unmarshal.c | 21 +++++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index efbab70..9f6d0f7 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -1503,6 +1503,7 @@ bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size)
"allocated %zu\n",
(size_t)data->size, (size_t)data->allocated);
rc = TPM_RC_SIZE;
+ data->size = 0;
}
}
diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c
index c692ccc..8e7a9b7 100644
--- a/src/tpm2/Unmarshal.c
+++ b/src/tpm2/Unmarshal.c
@@ -136,6 +136,7 @@ TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size > targetSize) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1686,6 +1687,7 @@ TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *s
if ((target->sizeofSelect < PCR_SELECT_MIN) ||
(target->sizeofSelect > PCR_SELECT_MAX)) {
rc = TPM_RC_VALUE;
+ target->sizeofSelect = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1859,6 +1861,7 @@ TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_CC) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1897,6 +1900,7 @@ TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_CC) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1920,6 +1924,7 @@ TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_ALG_LIST_SIZE) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1942,6 +1947,7 @@ TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_HANDLES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1970,11 +1976,13 @@ TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size)
/* TPM side is hard coded to 2 minimum */
if (target->count < 2) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
if (target->count > 8) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1997,6 +2005,7 @@ TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > HASH_COUNT) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2019,6 +2028,7 @@ TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > HASH_COUNT) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2044,6 +2054,7 @@ TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *siz
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_ALGS) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2066,6 +2077,7 @@ TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buf
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_TPM_PROPERTIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2088,6 +2100,7 @@ TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buff
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_PCR_PROPERTIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2110,6 +2123,7 @@ TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_ECC_CURVES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2132,6 +2146,7 @@ TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_TAGGED_POLICIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2781,6 +2796,7 @@ TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer,
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -3540,6 +3556,7 @@ TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -4063,6 +4080,7 @@ TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL al
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -4158,6 +4176,7 @@ TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
}
@@ -4233,6 +4252,7 @@ TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->dataSize > MAX_NV_INDEX_SIZE) {
rc = TPM_RC_SIZE;
+ target->dataSize = 0; // libtpms added
}
}
return rc;
@@ -4263,6 +4283,7 @@ TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
--
2.29.0

267
SOURCES/0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch Normal file
View File

@ -0,0 +1,267 @@
From 3ef9b26cb9f28bd64d738bff9505a20d4eb56acd Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Mon, 21 Jun 2021 15:10:14 -0400
Subject: [PATCH 2/3] tpm2: Add maxSize parameter to TPM2B_Marshal for sanity
checks
Add maxSize parameter to TPM2B_Marshal and assert on it checking
the size of the data intended to be marshaled versus the maximum
buffer size.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/Marshal.c | 38 ++++++++++++++++++++------------------
src/tpm2/Marshal_fp.h | 2 +-
src/tpm2/NVMarshal.c | 18 +++++++++---------
3 files changed, 30 insertions(+), 28 deletions(-)
diff --git a/src/tpm2/Marshal.c b/src/tpm2/Marshal.c
index 53c241e..c843224 100644
--- a/src/tpm2/Marshal.c
+++ b/src/tpm2/Marshal.c
@@ -59,6 +59,7 @@
/* */
/********************************************************************************/
+#include <assert.h> // libtpms added
#include <string.h>
#include "Tpm.h"
@@ -176,9 +177,10 @@ Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size)
}
UINT16
-TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size)
+TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
+ assert(source->size <= maxSize); // libtpms added
written += UINT16_Marshal(&(source->size), buffer, size);
written += Array_Marshal(source->buffer, source->size, buffer, size);
return written;
@@ -503,7 +505,7 @@ UINT16
TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
-written += TPM2B_Marshal(&source->b, buffer, size);
+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -513,7 +515,7 @@ UINT16
TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
-written += TPM2B_Marshal(&source->b, buffer, size);
+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -543,7 +545,7 @@ UINT16
TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -553,7 +555,7 @@ UINT16
TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -562,7 +564,7 @@ UINT16
TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -572,7 +574,7 @@ UINT16
TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -582,7 +584,7 @@ UINT16
TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.name), buffer, size); // libtpms changed
return written;
}
@@ -1163,7 +1165,7 @@ UINT16
TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.attestationData), buffer, size); // libtpms changed
return written;
}
@@ -1294,7 +1296,7 @@ UINT16
TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1315,7 +1317,7 @@ UINT16
TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1673,7 +1675,7 @@ UINT16
TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1693,7 +1695,7 @@ UINT16
TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1703,7 +1705,7 @@ UINT16
TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1937,7 +1939,7 @@ UINT16
TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.secret), buffer, size); // libtpms changed
return written;
}
@@ -2148,7 +2150,7 @@ UINT16
TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -2158,7 +2160,7 @@ UINT16
TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.credential), buffer, size); // libtpms changed
return written;
}
@@ -2215,7 +2217,7 @@ UINT16
TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
diff --git a/src/tpm2/Marshal_fp.h b/src/tpm2/Marshal_fp.h
index 3ce6eb3..d52f497 100644
--- a/src/tpm2/Marshal_fp.h
+++ b/src/tpm2/Marshal_fp.h
@@ -79,7 +79,7 @@ extern "C" {
UINT16
Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size);
UINT16
- TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size);
+ TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size); // libtpms changed
UINT16
TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size);
UINT16
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index 9f6d0f7..f8a3798 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -278,7 +278,7 @@ static UINT16
TPM2B_PROOF_Marshal(TPM2B_PROOF *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size);
return written;
}
@@ -1390,7 +1390,7 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
STATE_RESET_DATA_VERSION,
STATE_RESET_DATA_MAGIC, 3);
written += TPM2B_PROOF_Marshal(&data->nullProof, buffer, size);
- written += TPM2B_Marshal(&data->nullSeed.b, buffer, size);
+ written += TPM2B_Marshal(&data->nullSeed.b, sizeof(data->nullSeed.t.buffer), buffer, size);
written += UINT32_Marshal(&data->clearCount, buffer, size);
written += UINT64_Marshal(&data->objectContextID, buffer, size);
@@ -2178,7 +2178,7 @@ TPM2B_HASH_BLOCK_Marshal(TPM2B_HASH_BLOCK *data, BYTE **buffer, INT32 *size)
{
UINT16 written;
- written = TPM2B_Marshal(&data->b, buffer, size);
+ written = TPM2B_Marshal(&data->b, sizeof(data->t.buffer), buffer, size);
return written;
}
@@ -3062,9 +3062,9 @@ VolatileState_Marshal(BYTE **buffer, INT32 *size)
/* tie the volatile state to the EP,SP, and PPSeed */
NvRead(&pd, NV_PERSISTENT_DATA, sizeof(pd));
- written += TPM2B_Marshal(&pd.EPSeed.b, buffer, size);
- written += TPM2B_Marshal(&pd.SPSeed.b, buffer, size);
- written += TPM2B_Marshal(&pd.PPSeed.b, buffer, size);
+ written += TPM2B_Marshal(&pd.EPSeed.b, sizeof(pd.EPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&pd.SPSeed.b, sizeof(pd.SPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&pd.PPSeed.b, sizeof(pd.PPSeed.t.buffer), buffer, size);
written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size); /* v4 */
@@ -3881,9 +3881,9 @@ PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size)
written += TPM2B_AUTH_Marshal(&data->ownerAuth, buffer, size);
written += TPM2B_AUTH_Marshal(&data->endorsementAuth, buffer, size);
written += TPM2B_AUTH_Marshal(&data->lockoutAuth, buffer, size);
- written += TPM2B_Marshal(&data->EPSeed.b, buffer, size);
- written += TPM2B_Marshal(&data->SPSeed.b, buffer, size);
- written += TPM2B_Marshal(&data->PPSeed.b, buffer, size);
+ written += TPM2B_Marshal(&data->EPSeed.b, sizeof(data->EPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&data->SPSeed.b, sizeof(data->SPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&data->PPSeed.b, sizeof(data->PPSeed.t.buffer), buffer, size);
written += TPM2B_PROOF_Marshal(&data->phProof, buffer, size);
written += TPM2B_PROOF_Marshal(&data->shProof, buffer, size);
written += TPM2B_PROOF_Marshal(&data->ehProof, buffer, size);
--
2.29.0

1046
SOURCES/0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch Normal file
View File

File diff suppressed because it is too large Load Diff

279
SPECS/libtpms.spec Normal file
View File

@ -0,0 +1,279 @@
%global gitdate 20210301
%global gitversion 729fc6a4ca
Name: libtpms
Version: 0.8.2
Release: 0.%{gitdate}git%{gitversion}%{?dist}.6
Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD
Url: http://github.com/stefanberger/libtpms
Source0: libtpms-%{gitdate}.tar.xz
Patch0001: 0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch
Patch0002: 0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch
Patch0003: 0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch
Patch0004: 0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch
BuildRequires: openssl-devel
BuildRequires: pkgconfig gawk sed
BuildRequires: automake autoconf libtool bash coreutils gcc-c++
BuildRequires: make
%description
A library providing TPM functionality for VMs. Targeted for integration
into Qemu.
%package devel
Summary: Include files for libtpms
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
Libtpms header files and documentation.
%prep
%autosetup -p1 -n %{name}-%{gitdate}
%build
NOCONFIGURE=1 sh autogen.sh
%configure --disable-static --with-tpm2 --with-openssl
make %{?_smp_mflags} CFLAGS=-Wno-error=deprecated-declarations
%check
make check
%install
make DESTDIR="%{buildroot}" install
find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
%ldconfig_scriptlets
%files
%license LICENSE
%doc README CHANGES
%{_libdir}/lib*.so.*
%files devel
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/*.h
%{_libdir}/lib*.so
%{_libdir}/pkgconfig/*.pc
%{_mandir}/man3/*
%changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jun 30 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.5
- Fixes CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM
Resolves: rhbz#1976814
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.4
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Tue May 18 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.3
- Add -Wno-error=deprecated-declarations, to ignore OpenSSL 3.0 deprecation warnings.
Fixes: rhbz#1958054
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Mar 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.2-0.20210301git729fc6a4ca
- tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue
* Sat Feb 27 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-0.20210227git5bf2746e47
- Fixed a context save and suspend/resume problem when public keys are loaded
* Thu Feb 18 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.7.5-0.20210218gite271498466
- Addressed UBSAN and cppcheck detected issues
- Return proper size of ECC Parameters to pass HLK tests
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.4-0.20201031git2452a24dab.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Oct 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.4-0.20201031git2452a24dab
- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes
* Fri Jul 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.3-0.20200731git1d392d466a
- Follow stable-0.7.0 branch to v0.7.3
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-0.20200527git7325acb477.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed May 27 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.2-0.20200527git7325acb477
- Following stable-0.7.0 branch for TPM 2 related fixes: RSA decryption,
PSS salt length, symmetric decryption (padding)
- Under certain circumstances an RSA decryption could cause a buffer overflow causing
termination of the program (swtpm)
* Wed May 20 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.1-0.20200520git8fe99d1fd0
- Following stable-0.7.0 branch for TPM 2 related fixes; v0.7.1 + gcc related patch
- elliptic curve fixes
- MANUFACTURER changed from "IBM " to "IBM"
- gcc 10 related fix
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20191018gitdc116933b7.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Oct 18 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191018gitdc116933b7
- Following stable-0.7.0 branch for TPM 1.2 related bugfix
* Tue Oct 08 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191008gitc26e8f7b08
- Following stable-0.7.0 branch for bug fix
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20190719gitd061d8065b.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jul 19 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20190719gitd061d8065b
- Update to v0.7.0
* Fri May 10 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20190510gitb244bdf6e2
- Applied bugfix for CMAC
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-0.20190121git9dc915572b.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 21 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20190121git9dc915572b
- Libtpms was updated to rev. 150 of TPM 2.0 code
- following branch stable-0.6.0
* Tue Dec 11 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-0.20181211gitba56737b93
- Following bugfixes in libtpms
* Wed Oct 31 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-0.20181031git0466fcf6a4
- Following improvements in libtpms
* Tue Sep 18 2018 Stefan Berger <stefanb@linux.vnet.ibm.com - 0.6.0-0.20180918gite8e8633089
- Fixed changelog
* Mon Sep 17 2018 Stefan Berger <stefanb@linux.vnet.ibm.com - 0.6.0-0.20180917gite8e8633089
- Build snapshot from git after libtpms fix.
* Fri Sep 14 2018 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.0-0.20180914git4111bd1bcf
- Build snapshot from git, simplify spec
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Aug 16 2014 Stefan Berger - 0.5.2-3
- do not include libtpms.la in rpm
* Mon Jul 14 2014 Stefan Berger - 0.5.2-2
- Added patches
* Mon Jun 30 2014 Stefan Berger - 0.5.2-1
- Updated to version 0.5.2
- coverity fixes
- fixes for ARM64 using __aarch64__
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-20.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Mar 25 2013 Stefan Berger - 0.5.1-18
- Ran autoreconf for support of aarch64
- Checking for __arm64__ in code
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Feb 17 2012 Peter Robinson <pbrobinson@fedoraproject.org> - 0.5.1-15
- Add dist tag as required by package guidelines
* Fri Jan 27 2012 Stefan Berger - 0.5.1-14
- fix gcc-4.7 compilation problem
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec 20 2011 Dan Horák <dan[at]danny.cz> - 0.5.1-12
- fix build on secondary arches
* Wed Nov 2 2011 Stefan Berger - 0.5.1-11
- added (lib)gmp as runtime dependency
* Sat Oct 8 2011 Stefan Berger - 0.5.1-10
- internal fixes; callback fixes
* Tue Aug 30 2011 Stefan Berger - 0.5.1-9
- new directory structure and build process
* Tue Jul 12 2011 Stefan Berger - 0.5.1-8
- added pkgconfig as build dependency
- enabling __powerpc__ build following Bz 728220
* Wed May 25 2011 Stefan Berger - 0.5.1-7
- increasing NVRAM area space to have enough room for certificates
* Wed May 25 2011 Stefan Berger - 0.5.1-6
- adding libtpms.pc pkg-config file
* Wed Apr 13 2011 Stefan Berger - 0.5.1-5
- adding BuildRequires for nss-softokn-freebl-static
- several libtpms-internal changes around state serialization and
deserialization
- fixes to libtpms makefile (makefile-libtpms)
- adding build_type to generate a debug or production build
- need nss-devel to have nss-config
* Tue Mar 08 2011 Stefan Berger - 0.5.1-4
- small fixes to libtpms makefile
* Fri Feb 25 2011 Stefan Berger - 0.5.1-3
- removing release from tar ball name
- Use {?_smp_mflags} for make rather than hardcoding it
- Fixing post and postun scripts; removing the scripts for devel package
- Fixing usage of defattr
- Adding version information into the changelog headers and spaces between the changelog entries
- Adding LICENSE, README and CHANGELOG file into tar ball and main rpm
- Removing clean section
- removed command to clean the build root
- adding library version to the libries required for building and during
runtime
- Extended Requires in devel package with {?_isa}
* Fri Feb 18 2011 Stefan Berger - 0.5.1-2
- make rpmlint happy by replacing tabs with spaces
- providing a valid URL for the tgz file
- release is now 2 -> 0.5.1-2
* Mon Jan 17 2011 Stefan Berger - 0.5.1-1
- Update version to 0.5.1
* Fri Jan 14 2011 Stefan Berger - 0.5.0-1
- Changes following Fedora review comments
* Thu Dec 2 2010 Stefan Berger
- Small tweaks after reading the FedoreCore packaging requirements
* Tue Nov 16 2010 Stefan Berger
- Created initial version of rpm spec files
- Version of library is now 0.5.0
- Debuginfo rpm is built but empty -- seems to be a known problem
Check https://bugzilla.redhat.com/show_bug.cgi?id=209316