rpms/libtpms
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libtpms-0.7.4-6.20201106git2452a24dab.module+el8.6.0+12861+13975d62

Browse Source
This commit is contained in:
CentOS Sources 2021-10-18 10:43:17 +00:00 committed by Stepan Oksanichenko
commit 6e389a7bf7
10 changed files with 1950 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/libtpms-20201106.tar.xz

1
.libtpms.metadata Normal file
View File

@ -0,0 +1 @@
5ee378fe91675d4cf84abe63665eb8a57e0ebf8b SOURCES/libtpms-20201106.tar.xz

91
SOURCES/0001-tpm2-CryptSym-fix-AES-output-IV.patch Normal file
View File

@ -0,0 +1,91 @@
From 28d8e756676c5efc6979a0606d82d0223558fbff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Wed, 17 Mar 2021 16:29:00 +0400
Subject: [PATCH] tpm2: CryptSym: fix AES output IV
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The TPM is supposed to provide the output IV in the ivInOut parameter in
CryptSymmetricEncrypt. In the case of using the openssl routines, the
output IV is missed, and the resulting output from the TPM is in the
input IV.
OpenSSL unfortunately does not export EVP_CIPHER_CTX_iv() until
tags/OpenSSL_1_1_0, so we have to fall back to the reference code for
previous OpenSSL versions.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
configure.ac | 1 +
src/tpm2/crypto/openssl/CryptSym.c | 19 +++++++++++++++++++
2 files changed, 20 insertions(+)
diff --git a/configure.ac b/configure.ac
index 2895bc9..f113f17 100644
--- a/configure.ac
+++ b/configure.ac
@@ -165,6 +165,7 @@ AS_IF([test "x$enable_use_openssl_functions" != "xno"], [
AC_CHECK_LIB([crypto], [EVP_aes_128_cbc],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_des_ede3_cbc],, not_found=1)
AC_CHECK_LIB([crypto], [DES_random_key],, not_found=1)
+ AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_iv],, not_found=1)
if test "x$not_found" = "x0"; then
use_openssl_functions_symmetric=1
use_openssl_functions_for="symmetric (AES, TDES) "
diff --git a/src/tpm2/crypto/openssl/CryptSym.c b/src/tpm2/crypto/openssl/CryptSym.c
index 7aa90da..856def6 100644
--- a/src/tpm2/crypto/openssl/CryptSym.c
+++ b/src/tpm2/crypto/openssl/CryptSym.c
@@ -531,6 +531,7 @@ CryptSymmetricEncrypt(
BYTE keyToUse[MAX_SYM_KEY_BYTES];
UINT16 keyToUseLen = (UINT16)sizeof(keyToUse);
TPM_RC retVal = TPM_RC_SUCCESS;
+ int ivLen;
pAssert(dOut != NULL && key != NULL && dIn != NULL);
if(dSize == 0)
@@ -595,6 +596,14 @@ CryptSymmetricEncrypt(
if (EVP_EncryptFinal_ex(ctx, pOut + outlen1, &outlen2) != 1)
ERROR_RETURN(TPM_RC_FAILURE);
+ if (ivInOut) {
+ ivLen = EVP_CIPHER_CTX_iv_length(ctx);
+ if (ivLen < 0 || (size_t)ivLen > sizeof(ivInOut->t.buffer))
+ ERROR_RETURN(TPM_RC_FAILURE);
+
+ ivInOut->t.size = ivLen;
+ memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size);
+ }
Exit:
if (retVal == TPM_RC_SUCCESS && pOut != dOut)
memcpy(dOut, pOut, outlen1 + outlen2);
@@ -636,6 +645,7 @@ CryptSymmetricDecrypt(
BYTE keyToUse[MAX_SYM_KEY_BYTES];
UINT16 keyToUseLen = (UINT16)sizeof(keyToUse);
TPM_RC retVal = TPM_RC_SUCCESS;
+ int ivLen;
// These are used but the compiler can't tell because they are initialized
// in case statements and it can't tell if they are always initialized
@@ -707,6 +717,15 @@ CryptSymmetricDecrypt(
pAssert((int)buffersize >= outlen1 + outlen2);
+ if (ivInOut) {
+ ivLen = EVP_CIPHER_CTX_iv_length(ctx);
+ if (ivLen < 0 || (size_t)ivLen > sizeof(ivInOut->t.buffer))
+ ERROR_RETURN(TPM_RC_FAILURE);
+
+ ivInOut->t.size = ivLen;
+ memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size);
+ }
+
Exit:
if (retVal == TPM_RC_SUCCESS) {
pAssert(dSize >= outlen1 + outlen2);
--
2.29.0

34
SOURCES/0001-tpm2-Initialize-a-whole-OBJECT-before-using-it.patch Normal file
View File

@ -0,0 +1,34 @@
From 4b1a4e5bfa4ad797050cbb323671b50d4a2367d5 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Thu, 22 Jul 2021 21:23:58 -0400
Subject: [PATCH 1/2] tpm2: Initialize a whole OBJECT before using it
Initialize a whole OBJECT before using it. This is necessary since
an OBJECT may also be used as a HASH_OBJECT via the ANY_OBJECT
union and that HASH_OBJECT can leave bad size inidicators in TPM2B
buffer in the OBJECT. To get rid of this problem we reset the whole
OBJECT to 0 before using it. This is as if the memory for the
OBJECT was just initialized.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/Object.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/tpm2/Object.c b/src/tpm2/Object.c
index a70254c..bd98fd9 100644
--- a/src/tpm2/Object.c
+++ b/src/tpm2/Object.c
@@ -284,7 +284,8 @@ FindEmptyObjectSlot(
if(handle)
*handle = i + TRANSIENT_FIRST;
// Initialize the object attributes
- MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES));
+ // MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES));
+ MemorySet(object, 0, sizeof(*object)); // libtpms added: Initialize the whole object
return object;
}
}
--
2.33.0.rc2

202
SOURCES/0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch Normal file
View File

@ -0,0 +1,202 @@
From 52a82f3eb6d61833c22294cb6377b8cad14e8c83 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Mon, 21 Jun 2021 14:04:34 -0400
Subject: [PATCH 1/3] tpm2: Reset TPM2B buffer sizes after test fails for valid
buffer size
Reset the buffer size indicator in a TPM2B type of buffer after it failed
the test for the maximum buffer size it allows. This prevents having bad
buffer sizes in memory that can come to haunt us when writing the volatile
state for example.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/NVMarshal.c | 1 +
src/tpm2/Unmarshal.c | 21 +++++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index 141550e..b9934d5 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -1440,6 +1440,7 @@ bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size)
"allocated %zu\n",
(size_t)data->size, (size_t)data->allocated);
rc = TPM_RC_SIZE;
+ data->size = 0;
}
}
diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c
index 9a1d723..bac7d76 100644
--- a/src/tpm2/Unmarshal.c
+++ b/src/tpm2/Unmarshal.c
@@ -137,6 +137,7 @@ TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size > targetSize) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1617,6 +1618,7 @@ TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *s
if ((target->sizeofSelect < PCR_SELECT_MIN) ||
(target->sizeofSelect > PCR_SELECT_MAX)) {
rc = TPM_RC_VALUE;
+ target->sizeofSelect = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1787,6 +1789,7 @@ TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_CC) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1824,6 +1827,7 @@ TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_CC) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1846,6 +1850,7 @@ TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_ALG_LIST_SIZE) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1868,6 +1873,7 @@ TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_HANDLES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1895,11 +1901,13 @@ TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size)
/* TPM side is hard coded to 2 minimum */
if (target->count < 2) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
if (target->count > 8) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1922,6 +1930,7 @@ TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > HASH_COUNT) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1944,6 +1953,7 @@ TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > HASH_COUNT) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1967,6 +1977,7 @@ TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *siz
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_ALGS) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1989,6 +2000,7 @@ TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buf
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_TPM_PROPERTIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2011,6 +2023,7 @@ TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buff
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_PCR_PROPERTIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2033,6 +2046,7 @@ TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_ECC_CURVES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2055,6 +2069,7 @@ TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_TAGGED_POLICIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2704,6 +2719,7 @@ TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer,
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -3462,6 +3478,7 @@ TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -3985,6 +4002,7 @@ TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL al
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -4080,6 +4098,7 @@ TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
}
@@ -4155,6 +4174,7 @@ TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->dataSize > MAX_NV_INDEX_SIZE) {
rc = TPM_RC_SIZE;
+ target->dataSize = 0; // libtpms added
}
}
return rc;
@@ -4185,6 +4205,7 @@ TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
--
2.29.0

35
SOURCES/0001-tpm2-Return-properly-sized-array-for-b-parameter-for.patch Normal file
View File

@ -0,0 +1,35 @@
From 8001ad0b968b18d4b002ea0ac6a5cd3fd8be3eeb Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Mon, 15 Feb 2021 09:44:51 -0500
Subject: [PATCH] tpm2: Return properly sized array for b parameter for NIST
P521 (HLK)
This patch ensures that the leading zeros in the b parameter for NIST P521
are being kept so that HLK accepts the returned parameters from
TPM2_ECC_Parameters. Now 66 bytes are reported for 'b' rather than only 65.
Do the same for the 'a' parameter, though that one was properly reported
already because it didn't have any leading zeros.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/crypto/openssl/CryptEccMain.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/tpm2/crypto/openssl/CryptEccMain.c b/src/tpm2/crypto/openssl/CryptEccMain.c
index d11f500..c59b2b4 100644
--- a/src/tpm2/crypto/openssl/CryptEccMain.c
+++ b/src/tpm2/crypto/openssl/CryptEccMain.c
@@ -403,8 +403,8 @@ CryptEccGetParameters(
parameters->kdf = curve->kdf;
parameters->sign = curve->sign;
BnTo2B(data->prime, &parameters->p.b, 0);
- BnTo2B(data->a, &parameters->a.b, 0);
- BnTo2B(data->b, &parameters->b.b, 0);
+ BnTo2B(data->a, &parameters->a.b, parameters->p.t.size /* libtpms changed for HLK */);
+ BnTo2B(data->b, &parameters->b.b, parameters->p.t.size /* libtpms changed for HLK */);
BnTo2B(data->base.x, &parameters->gX.b, parameters->p.t.size);
BnTo2B(data->base.y, &parameters->gY.b, parameters->p.t.size);
BnTo2B(data->order, &parameters->n.b, 0);
--
2.29.0

267
SOURCES/0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch Normal file
View File

@ -0,0 +1,267 @@
From d29d80c8ca14f793ef9a572945b232a52aa72c54 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Mon, 21 Jun 2021 15:10:14 -0400
Subject: [PATCH 2/3] tpm2: Add maxSize parameter to TPM2B_Marshal for sanity
checks
Add maxSize parameter to TPM2B_Marshal and assert on it checking
the size of the data intended to be marshaled versus the maximum
buffer size.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/Marshal.c | 38 ++++++++++++++++++++------------------
src/tpm2/Marshal_fp.h | 2 +-
src/tpm2/NVMarshal.c | 18 +++++++++---------
3 files changed, 30 insertions(+), 28 deletions(-)
diff --git a/src/tpm2/Marshal.c b/src/tpm2/Marshal.c
index d355096..b498b62 100644
--- a/src/tpm2/Marshal.c
+++ b/src/tpm2/Marshal.c
@@ -61,6 +61,7 @@
/* rev 136 */
+#include <assert.h> // libtpms added
#include <string.h>
#include "Tpm.h"
@@ -178,9 +179,10 @@ Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size)
}
UINT16
-TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size)
+TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
+ assert(source->size <= maxSize); // libtpms added
written += UINT16_Marshal(&(source->size), buffer, size);
written += Array_Marshal(source->buffer, source->size, buffer, size);
return written;
@@ -495,7 +497,7 @@ UINT16
TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
-written += TPM2B_Marshal(&source->b, buffer, size);
+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -505,7 +507,7 @@ UINT16
TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
-written += TPM2B_Marshal(&source->b, buffer, size);
+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -535,7 +537,7 @@ UINT16
TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -545,7 +547,7 @@ UINT16
TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -554,7 +556,7 @@ UINT16
TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -564,7 +566,7 @@ UINT16
TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -574,7 +576,7 @@ UINT16
TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.name), buffer, size); // libtpms changed
return written;
}
@@ -1111,7 +1113,7 @@ UINT16
TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.attestationData), buffer, size); // libtpms changed
return written;
}
@@ -1232,7 +1234,7 @@ UINT16
TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1253,7 +1255,7 @@ UINT16
TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1613,7 +1615,7 @@ UINT16
TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1633,7 +1635,7 @@ UINT16
TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1643,7 +1645,7 @@ UINT16
TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1879,7 +1881,7 @@ UINT16
TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.secret), buffer, size); // libtpms changed
return written;
}
@@ -2090,7 +2092,7 @@ UINT16
TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -2100,7 +2102,7 @@ UINT16
TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.credential), buffer, size); // libtpms changed
return written;
}
@@ -2157,7 +2159,7 @@ UINT16
TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
diff --git a/src/tpm2/Marshal_fp.h b/src/tpm2/Marshal_fp.h
index faf9d2b..53f4f7d 100644
--- a/src/tpm2/Marshal_fp.h
+++ b/src/tpm2/Marshal_fp.h
@@ -79,7 +79,7 @@ extern "C" {
UINT16
Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size);
UINT16
- TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size);
+ TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size); // libtpms changed
UINT16
TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size);
UINT16
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index b9934d5..1f96bcb 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -255,7 +255,7 @@ UINT16
TPM2B_PROOF_Marshal(TPM2B_PROOF *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size);
return written;
}
@@ -1332,7 +1332,7 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
STATE_RESET_DATA_VERSION,
STATE_RESET_DATA_MAGIC, 1);
written += TPM2B_PROOF_Marshal(&data->nullProof, buffer, size);
- written += TPM2B_Marshal(&data->nullSeed.b, buffer, size);
+ written += TPM2B_Marshal(&data->nullSeed.b, sizeof(data->nullSeed.t.buffer), buffer, size);
written += UINT32_Marshal(&data->clearCount, buffer, size);
written += UINT64_Marshal(&data->objectContextID, buffer, size);
@@ -2115,7 +2115,7 @@ TPM2B_HASH_BLOCK_Marshal(TPM2B_HASH_BLOCK *data, BYTE **buffer, INT32 *size)
{
UINT16 written;
- written = TPM2B_Marshal(&data->b, buffer, size);
+ written = TPM2B_Marshal(&data->b, sizeof(data->t.buffer), buffer, size);
return written;
}
@@ -2980,9 +2980,9 @@ VolatileState_Marshal(BYTE **buffer, INT32 *size)
/* tie the volatile state to the EP,SP, and PPSeed */
NvRead(&pd, NV_PERSISTENT_DATA, sizeof(pd));
- written += TPM2B_Marshal(&pd.EPSeed.b, buffer, size);
- written += TPM2B_Marshal(&pd.SPSeed.b, buffer, size);
- written += TPM2B_Marshal(&pd.PPSeed.b, buffer, size);
+ written += TPM2B_Marshal(&pd.EPSeed.b, sizeof(pd.EPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&pd.SPSeed.b, sizeof(pd.SPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&pd.PPSeed.b, sizeof(pd.PPSeed.t.buffer), buffer, size);
written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size); /* v4 */
@@ -3799,9 +3799,9 @@ PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size)
written += TPM2B_AUTH_Marshal(&data->ownerAuth, buffer, size);
written += TPM2B_AUTH_Marshal(&data->endorsementAuth, buffer, size);
written += TPM2B_AUTH_Marshal(&data->lockoutAuth, buffer, size);
- written += TPM2B_Marshal(&data->EPSeed.b, buffer, size);
- written += TPM2B_Marshal(&data->SPSeed.b, buffer, size);
- written += TPM2B_Marshal(&data->PPSeed.b, buffer, size);
+ written += TPM2B_Marshal(&data->EPSeed.b, sizeof(data->EPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&data->SPSeed.b, sizeof(data->SPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&data->PPSeed.b, sizeof(data->PPSeed.t.buffer), buffer, size);
written += TPM2B_PROOF_Marshal(&data->phProof, buffer, size);
written += TPM2B_PROOF_Marshal(&data->shProof, buffer, size);
written += TPM2B_PROOF_Marshal(&data->ehProof, buffer, size);
--
2.29.0

60
SOURCES/0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch Normal file
View File

@ -0,0 +1,60 @@
From 3f67c46626b4fcf523f27890388dbfc5e4a53987 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Tue, 31 Aug 2021 19:44:22 +0400
Subject: [PATCH] tpm2: NVMarshal: Handle index orderly RAM without 0-sized
terminating node
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The NVRAM entries in s_indexOrderlyRam array do not need to contain a
0-sized terminating node. Instead, the entries may fill up this 512
byte array so that no NV_RAM_HEADER structure fits anymore. The fact
that no more NV_RAM_HEADER structure fits is also an indicator for the
last entry. We need to account for this in the code marshalling and
unmarshalling the entries so that we stop marshalling the entries
then and similarly stop unmarshalling.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
[ backport with misc conflict fixes ]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
src/tpm2/NVMarshal.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index ae7d247..02c60ac 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -4036,6 +4036,12 @@ INDEX_ORDERLY_RAM_Marshal(void *array, size_t array_size,
datasize, buffer, size);
}
offset += nrh->size;
+ if (offset + sizeof(NV_RAM_HEADER) > array_size) {
+ /* nothing will fit anymore and there won't be a 0-sized
+ * terminating node (@1).
+ */
+ break;
+ }
}
written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
@@ -4073,6 +4079,15 @@ INDEX_ORDERLY_RAM_Unmarshal(void *array, size_t array_size,
while (rc == TPM_RC_SUCCESS) {
nrh = array + offset;
+ if (offset + sizeof(NV_RAM_HEADER) > sourceside_size) {
+ /* this case can occur with the previous entry filling up the
+ * space; in this case there will not be a 0-sized terminating
+ * node (see @1 above). We clear the rest of our space.
+ */
+ if (array_size > offset)
+ memset(nrh, 0, array_size - offset);
+ break;
+ }
/* write the NVRAM header;
nrh->size holds the complete size including data;
nrh->size = 0 indicates the end */
--
2.33.0.113.g6c40894d24

998
SOURCES/0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch Normal file
View File

@ -0,0 +1,998 @@
From a116d366871e2657243209930cc3bda68f9dd938 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Wed, 23 Jun 2021 20:54:44 -0400
Subject: [PATCH 3/3] tpm2: Restore original value if unmarshalled value was
illegal
Restore the original value of the memory location where data from
a stream was unmarshalled and the unmarshalled value was found to
be illegal. The goal is to not keep illegal values in memory.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/Unmarshal.c | 122 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 122 insertions(+)
diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c
index bac7d76..c839a68 100644
--- a/src/tpm2/Unmarshal.c
+++ b/src/tpm2/Unmarshal.c
@@ -165,6 +165,7 @@ TPM_RC
TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_GENERATED orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal(target, buffer, size);
@@ -172,6 +173,7 @@ TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target != TPM_GENERATED_VALUE) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -197,6 +199,7 @@ TPM_RC
TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ECC_CURVE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT16_Unmarshal(target, buffer, size);
@@ -215,6 +218,7 @@ TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_CURVE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -240,6 +244,7 @@ TPM_RC
TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_CLOCK_ADJUST orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = INT8_Unmarshal(target, buffer, size);
@@ -256,6 +261,7 @@ TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -267,6 +273,7 @@ TPM_RC
TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_EO orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT16_Unmarshal(target, buffer, size);
@@ -288,6 +295,7 @@ TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -299,6 +307,7 @@ TPM_RC
TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ST orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT16_Unmarshal(target, buffer, size);
@@ -324,6 +333,7 @@ TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -335,6 +345,7 @@ TPM_RC
TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_SU orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT16_Unmarshal(target, buffer, size);
@@ -346,6 +357,7 @@ TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -357,6 +369,7 @@ TPM_RC
TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_SE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT8_Unmarshal(target, buffer, size);
@@ -369,6 +382,7 @@ TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -380,6 +394,7 @@ TPM_RC
TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_CAP orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal(target, buffer, size);
@@ -400,6 +415,7 @@ TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -450,6 +466,7 @@ TPM_RC
TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMA_ALGORITHM orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */
@@ -457,6 +474,7 @@ TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target & TPMA_ALGORITHM_reserved) {
rc = TPM_RC_RESERVED_BITS;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -468,6 +486,7 @@ TPM_RC
TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMA_OBJECT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */
@@ -475,6 +494,7 @@ TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target & TPMA_OBJECT_reserved) {
rc = TPM_RC_RESERVED_BITS;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -486,6 +506,7 @@ TPM_RC
TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMA_SESSION orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT8_Unmarshal((UINT8 *)target, buffer, size); /* libtpms changed */
@@ -493,6 +514,7 @@ TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target & TPMA_SESSION_reserved) {
rc = TPM_RC_RESERVED_BITS;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -517,6 +539,7 @@ TPM_RC
TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMA_CC orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */
@@ -524,6 +547,7 @@ TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target & TPMA_CC_reserved) {
rc = TPM_RC_RESERVED_BITS;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -535,6 +559,7 @@ TPM_RC
TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_YES_NO orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT8_Unmarshal(target, buffer, size);
@@ -546,6 +571,7 @@ TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -557,6 +583,7 @@ TPM_RC
TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_OBJECT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -569,6 +596,7 @@ TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOO
isNotPersistent &&
isNotLegalNull) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -580,6 +608,7 @@ TPM_RC
TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_PARENT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -598,6 +627,7 @@ TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOO
isNotEndorsement &&
isNotLegalNull) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -609,6 +639,7 @@ TPM_RC
TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_PERSISTENT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -617,6 +648,7 @@ TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *s
BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST);
if (isNotPersistent) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -628,6 +660,7 @@ TPM_RC
TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_ENTITY orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -654,6 +687,7 @@ TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOO
isNotAuth &&
isNotLegalNull) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -665,6 +699,7 @@ TPM_RC
TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_PCR orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -675,6 +710,7 @@ TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allo
if (isNotPcr &&
isNotLegalNull) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -686,6 +722,7 @@ TPM_RC
TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL allowPwd)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_SH_AUTH_SESSION orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -698,6 +735,7 @@ TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT3
isNotPolicySession &&
isNotLegalPwd) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -709,6 +747,7 @@ TPM_RC
TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_SH_HMAC orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -717,6 +756,7 @@ TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size)
BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST);
if (isNotHmacSession) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -728,6 +768,7 @@ TPM_RC
TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_SH_POLICY orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -736,6 +777,7 @@ TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size)
BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST);
if (isNotPolicySession) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -747,6 +789,7 @@ TPM_RC
TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_CONTEXT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -759,6 +802,7 @@ TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size)
isNotPolicySession &&
isNotTransient) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -770,6 +814,7 @@ TPM_RC
TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_SAVED orig_target = *target; // libtpms added
allowNull = allowNull;
if (rc == TPM_RC_SUCCESS) {
@@ -787,6 +832,7 @@ TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size, BOOL
isNotSequenceObject &&
isNotTransientStClear) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -798,6 +844,7 @@ TPM_RC
TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_HIERARCHY orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -814,6 +861,7 @@ TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *siz
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -825,6 +873,7 @@ TPM_RC
TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_ENABLES orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -842,6 +891,7 @@ TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, B
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -853,6 +903,7 @@ TPM_RC
TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_HIERARCHY_AUTH orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -866,6 +917,7 @@ TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer,
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -877,6 +929,7 @@ TPM_RC
TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_PLATFORM orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -887,6 +940,7 @@ TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -898,6 +952,7 @@ TPM_RC
TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_ENDORSEMENT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -912,6 +967,7 @@ TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -923,6 +979,7 @@ TPM_RC
TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_PROVISION orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -934,6 +991,7 @@ TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *siz
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -945,6 +1003,7 @@ TPM_RC
TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_CLEAR orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -956,6 +1015,7 @@ TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -967,6 +1027,7 @@ TPM_RC
TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_NV_AUTH orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -981,6 +1042,7 @@ TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size)
BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST);
if (isNotNv) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
}
@@ -994,6 +1056,7 @@ TPM_RC
TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_LOCKOUT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -1004,6 +1067,7 @@ TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1015,6 +1079,7 @@ TPM_RC
TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_NV_INDEX orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -1023,6 +1088,7 @@ TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size)
BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST);
if (isNotNv) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1034,6 +1100,7 @@ TPM_RC
TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_HASH orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1062,6 +1129,7 @@ TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL
}
default:
rc = TPM_RC_HASH;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1073,6 +1141,7 @@ TPM_RC
TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_SYM orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1101,6 +1170,7 @@ TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL al
}
default:
rc = TPM_RC_SYMMETRIC;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1112,6 +1182,7 @@ TPM_RC
TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_SYM_OBJECT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1137,6 +1208,7 @@ TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_SYMMETRIC;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1148,6 +1220,7 @@ TPM_RC
TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_SYM_MODE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1179,6 +1252,7 @@ TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *siz
}
default:
rc = TPM_RC_MODE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1190,6 +1264,7 @@ TPM_RC
TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_KDF orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1215,6 +1290,7 @@ TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL al
}
default:
rc = TPM_RC_KDF;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1226,6 +1302,7 @@ TPM_RC
TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_SIG_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1260,6 +1337,7 @@ TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_SCHEME;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1271,6 +1349,7 @@ TPM_RC
TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ECC_KEY_EXCHANGE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1293,6 +1372,7 @@ TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, IN
}
default:
rc = TPM_RC_SCHEME;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1305,6 +1385,7 @@ TPM_RC
TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ST_COMMAND_TAG orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(target, buffer, size);
@@ -1316,6 +1397,7 @@ TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32
break;
default:
rc = TPM_RC_BAD_TAG;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1327,6 +1409,7 @@ TPM_RC
TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_MAC_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1358,6 +1441,7 @@ TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_SYMMETRIC;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1369,6 +1453,7 @@ TPM_RC
TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_CIPHER_MODE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1397,6 +1482,7 @@ TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_MODE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1633,6 +1719,7 @@ TPM_RC
TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ST orig_tag = target->tag; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(&target->tag, buffer, size);
@@ -1640,6 +1727,7 @@ TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->tag != TPM_ST_CREATION) {
rc = TPM_RC_TAG;
+ target->tag = orig_tag; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1657,6 +1745,7 @@ TPM_RC
TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ST orig_tag = target->tag; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(&target->tag, buffer, size);
@@ -1664,6 +1753,7 @@ TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->tag != TPM_ST_VERIFIED) {
rc = TPM_RC_TAG;
+ target->tag = orig_tag; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1681,6 +1771,7 @@ TPM_RC
TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ST orig_tag = target->tag; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(&target->tag, buffer, size);
@@ -1689,6 +1780,7 @@ TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size)
if ((target->tag != TPM_ST_AUTH_SIGNED) &&
(target->tag != TPM_ST_AUTH_SECRET)) {
rc = TPM_RC_TAG;
+ target->tag = orig_tag; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1706,6 +1798,7 @@ TPM_RC
TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ST orig_tag = target->tag; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(&target->tag, buffer, size);
@@ -1713,6 +1806,7 @@ TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *siz
if (rc == TPM_RC_SUCCESS) {
if (target->tag != TPM_ST_HASHCHECK) {
rc = TPM_RC_TAG;
+ target->tag = orig_tag; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -2303,6 +2397,7 @@ TPM_RC
TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ST_ATTEST orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(target, buffer, size);
@@ -2319,6 +2414,7 @@ TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_SELECTOR;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -2413,6 +2509,7 @@ TPM_RC
TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_AES_KEY_BITS orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_KEY_BITS_Unmarshal(target, buffer, size);
@@ -2424,6 +2521,7 @@ TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *siz
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -2435,6 +2533,7 @@ TPM_RC
TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_CAMELLIA_KEY_BITS orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_KEY_BITS_Unmarshal(target, buffer, size);
@@ -2445,6 +2544,7 @@ TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer,
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -2456,6 +2556,7 @@ TPM_RC
TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_SM4_KEY_BITS orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_KEY_BITS_Unmarshal(target, buffer, size);
@@ -2466,6 +2567,7 @@ TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *siz
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -2477,6 +2579,7 @@ TPM_RC
TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_SM4_KEY_BITS orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_KEY_BITS_Unmarshal(target, buffer, size);
@@ -2488,6 +2591,7 @@ TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *si
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -2760,6 +2864,7 @@ TPM_RC
TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_KEYEDHASH_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -2779,6 +2884,7 @@ TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **bu
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3163,6 +3269,7 @@ TPM_RC
TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_ASYM_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -3206,6 +3313,7 @@ TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT3
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3284,6 +3392,7 @@ TPM_RC
TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_RSA_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -3309,6 +3418,7 @@ TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3336,6 +3446,7 @@ TPM_RC
TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_RSA_DECRYPT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -3355,6 +3466,7 @@ TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT3
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3395,6 +3507,7 @@ TPM_RC
TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RSA_KEY_BITS orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_KEY_BITS_Unmarshal(target, buffer, size);
@@ -3406,6 +3519,7 @@ TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *siz
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3490,6 +3604,7 @@ TPM_RC
TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_ECC_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -3521,6 +3636,7 @@ TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_SCHEME;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3532,6 +3648,7 @@ TPM_RC
TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ECC_CURVE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ECC_CURVE_Unmarshal(target, buffer, size);
@@ -3568,6 +3685,7 @@ TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_CURVE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3782,6 +3900,7 @@ TPM_RC
TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_PUBLIC orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -3803,6 +3922,7 @@ TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_TYPE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -4137,6 +4257,7 @@ TPM_RC
TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMA_NV orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */
@@ -4144,6 +4265,7 @@ TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target & TPMA_NV_RESERVED) {
rc = TPM_RC_RESERVED_BITS;
+ *target = orig_target; // libtpms added
}
}
return rc;
--
2.29.0

261
SPECS/libtpms.spec Normal file
View File

@ -0,0 +1,261 @@
%global gitdate 20201106
%global gitversion 2452a24dab
Name: libtpms
Version: 0.7.4
Release: 6.%{gitdate}git%{gitversion}%{?dist}
Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD
Url: http://github.com/stefanberger/libtpms
Source0: libtpms-%{gitdate}.tar.xz
ExcludeArch: i686
BuildRequires: openssl-devel
BuildRequires: pkgconfig gawk sed
BuildRequires: automake autoconf libtool bash coreutils gcc-c++
BuildRequires: git
Patch0001: 0001-tpm2-Return-properly-sized-array-for-b-parameter-for.patch
Patch0002: 0001-tpm2-CryptSym-fix-AES-output-IV.patch
Patch0003: 0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch
Patch0004: 0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch
Patch0005: 0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch
Patch0006: 0001-tpm2-Initialize-a-whole-OBJECT-before-using-it.patch
Patch0007: 0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch
%description
A library providing TPM functionality for VMs. Targeted for integration
into Qemu.
%package devel
Summary: Include files for libtpms
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
Libtpms header files and documentation.
%prep
%autosetup -S git -n %{name}-%{gitdate}
%build
NOCONFIGURE=1 sh autogen.sh
%configure --disable-static --with-tpm2 --with-openssl
make %{?_smp_mflags}
%check
make check
%install
make DESTDIR="%{buildroot}" install
find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
%ldconfig_scriptlets
%files
%license LICENSE
%doc README CHANGES
%{_libdir}/lib*.so.*
%files devel
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/*.h
%{_libdir}/lib*.so
%{_libdir}/pkgconfig/*.pc
%{_mandir}/man3/*
%changelog
* Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-6.20201106git2452a24dab
- Fix CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
Resolves: rhbz#1999307
* Mon Jun 28 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-5.20201106git2452a24dab
- Fix CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM
Fixes: rhbz#1976816
* Wed Mar 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-4.20201106git2452a24dab
- tpm2: CryptSym: fix AES output IV
Fixes: rhbz#1942904
* Fri Feb 19 2021 Eduardo Lima (Etrunko) <etrunko@redhat.com> - 0.7.4-3.20201106git2452a24dab
- Add git as build dependency
Related: rhbz#1858821
* Wed Feb 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-2.20201106git2452a24dab
- tpm2: Return properly sized array for b parameter for NIST P521 (HLK) #180
Fixes: rhbz#1858821
* Fri Nov 6 18:46:36 +04 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-1.20201106git2452a24dab
- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes.
Fixes: rhbz#1893444
* Tue Aug 18 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.3-1.20200818git1d392d466a
- Update to v0.7.3 stable, fixes rhbz#1868447
- (includes "tpm2: fix PCRBelongsTCBGroup for PCClient")
* Thu May 28 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.2-1.20200527git7325acb477
- Update to v0.7.2 stable snapshot, fixes rhbz#1809676
- exclude i686 build
- Following stable-0.7.0 branch for TPM 2 related fixes: RSA decryption,
PSS salt length, symmetric decryption (padding)
- Under certain circumstances an RSA decryption could cause a buffer overflow causing
termination of the program (swtpm)
- Following stable-0.7.0 branch for TPM 2 related fixes; v0.7.1 + gcc related patch
- elliptic curve fixes
- MANUFACTURER changed from "IBM " to "IBM"
- gcc 10 related fix
- Following stable-0.7.0 branch for TPM 1.2 related bugfix
* Fri Oct 18 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-1.20191018gitdc116933b7
- RHEL8.1.1 update
- Update to v0.7.0 stable snapshot
* Tue Apr 16 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.1-0.20190121git9dc915572b.2
- RHEL8.1 build
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-0.20190121git9dc915572b.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 21 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20190121git9dc915572b
- Libtpms was updated to rev. 150 of TPM 2.0 code
- following branch stable-0.6.0
* Tue Dec 11 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-0.20181211gitba56737b93
- Following bugfixes in libtpms
* Wed Oct 31 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-0.20181031git0466fcf6a4
- Following improvements in libtpms
* Tue Sep 18 2018 Stefan Berger <stefanb@linux.vnet.ibm.com - 0.6.0-0.20180918gite8e8633089
- Fixed changelog
* Mon Sep 17 2018 Stefan Berger <stefanb@linux.vnet.ibm.com - 0.6.0-0.20180917gite8e8633089
- Build snapshot from git after libtpms fix.
* Fri Sep 14 2018 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.0-0.20180914git4111bd1bcf
- Build snapshot from git, simplify spec
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Aug 16 2014 Stefan Berger - 0.5.2-3
- do not include libtpms.la in rpm
* Mon Jul 14 2014 Stefan Berger - 0.5.2-2
- Added patches
* Mon Jun 30 2014 Stefan Berger - 0.5.2-1
- Updated to version 0.5.2
- coverity fixes
- fixes for ARM64 using __aarch64__
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-20.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Mar 25 2013 Stefan Berger - 0.5.1-18
- Ran autoreconf for support of aarch64
- Checking for __arm64__ in code
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Feb 17 2012 Peter Robinson <pbrobinson@fedoraproject.org> - 0.5.1-15
- Add dist tag as required by package guidelines
* Fri Jan 27 2012 Stefan Berger - 0.5.1-14
- fix gcc-4.7 compilation problem
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec 20 2011 Dan Horák <dan[at]danny.cz> - 0.5.1-12
- fix build on secondary arches
* Wed Nov 2 2011 Stefan Berger - 0.5.1-11
- added (lib)gmp as runtime dependency
* Sat Oct 8 2011 Stefan Berger - 0.5.1-10
- internal fixes; callback fixes
* Tue Aug 30 2011 Stefan Berger - 0.5.1-9
- new directory structure and build process
* Tue Jul 12 2011 Stefan Berger - 0.5.1-8
- added pkgconfig as build dependency
- enabling __powerpc__ build following Bz 728220
* Wed May 25 2011 Stefan Berger - 0.5.1-7
- increasing NVRAM area space to have enough room for certificates
* Wed May 25 2011 Stefan Berger - 0.5.1-6
- adding libtpms.pc pkg-config file
* Wed Apr 13 2011 Stefan Berger - 0.5.1-5
- adding BuildRequires for nss-softokn-freebl-static
- several libtpms-internal changes around state serialization and
deserialization
- fixes to libtpms makefile (makefile-libtpms)
- adding build_type to generate a debug or production build
- need nss-devel to have nss-config
* Tue Mar 08 2011 Stefan Berger - 0.5.1-4
- small fixes to libtpms makefile
* Fri Feb 25 2011 Stefan Berger - 0.5.1-3
- removing release from tar ball name
- Use {?_smp_mflags} for make rather than hardcoding it
- Fixing post and postun scripts; removing the scripts for devel package
- Fixing usage of defattr
- Adding version information into the changelog headers and spaces between the changelog entries
- Adding LICENSE, README and CHANGELOG file into tar ball and main rpm
- Removing clean section
- removed command to clean the build root
- adding library version to the libries required for building and during
runtime
- Extended Requires in devel package with {?_isa}
* Fri Feb 18 2011 Stefan Berger - 0.5.1-2
- make rpmlint happy by replacing tabs with spaces
- providing a valid URL for the tgz file
- release is now 2 -> 0.5.1-2
* Mon Jan 17 2011 Stefan Berger - 0.5.1-1
- Update version to 0.5.1
* Fri Jan 14 2011 Stefan Berger - 0.5.0-1
- Changes following Fedora review comments
* Thu Dec 2 2010 Stefan Berger
- Small tweaks after reading the FedoreCore packaging requirements
* Tue Nov 16 2010 Stefan Berger
- Created initial version of rpm spec files
- Version of library is now 0.5.0
- Debuginfo rpm is built but empty -- seems to be a known problem
Check https://bugzilla.redhat.com/show_bug.cgi?id=209316