import libtpms-0.9.1-0.20211126git1ff6fe1f43.el9
This commit is contained in:
parent
69a9dc5b40
commit
d13e92b963
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/libtpms-20210301.tar.xz
|
||||
SOURCES/libtpms-20211126.tar.xz
|
||||
|
@ -1 +1 @@
|
||||
06f74377a865ce292372340b560c30984022d270 SOURCES/libtpms-20210301.tar.xz
|
||||
ae609402e34992590961b0d025e9ef1202d8dede SOURCES/libtpms-20211126.tar.xz
|
||||
|
@ -1,106 +0,0 @@
|
||||
From 16cd8fba849d1d95b247025aea7314165ffd8acf Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||
Date: Tue, 18 May 2021 17:10:52 +0400
|
||||
Subject: [PATCH] build-sys: leave CFLAGS/LDFLAGS for user to be defined
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This allows user to set specific flags during compilation, without
|
||||
overriding configure-time cflags necessary for compilation.
|
||||
|
||||
See also:
|
||||
https://www.gnu.org/software/automake/manual/html_node/User-Variables.html
|
||||
https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
|
||||
|
||||
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
---
|
||||
configure.ac | 13 ++++++++-----
|
||||
src/Makefile.am | 16 +++++++++-------
|
||||
2 files changed, 17 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 8559b66..95deab5 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -305,9 +305,12 @@ if test "x$enable_hardening" != "xno"; then
|
||||
AC_SUBST([HARDENING_LDFLAGS])
|
||||
fi
|
||||
|
||||
-CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign"
|
||||
-CFLAGS="$CFLAGS -Wmissing-prototypes"
|
||||
-LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
|
||||
+AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign"
|
||||
+AM_CFLAGS="$AM_CFLAGS -Wmissing-prototypes"
|
||||
+AM_LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
|
||||
+
|
||||
+AC_SUBST([AM_CFLAGS])
|
||||
+AC_SUBST([AM_LDFLAGS])
|
||||
|
||||
AC_CONFIG_FILES(Makefile \
|
||||
dist/libtpms.spec \
|
||||
@@ -330,10 +333,10 @@ if test -z "$with_tpm2"; then
|
||||
fi
|
||||
|
||||
echo
|
||||
-echo "CFLAGS=$CFLAGS"
|
||||
+echo "AM_CFLAGS=$AM_CFLAGS"
|
||||
echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
|
||||
echo "HARDENING_LDFLAGS=$HARDENING_LDFLAGS"
|
||||
-echo "LDFLAGS=$LDFLAGS"
|
||||
+echo "AM_LDFLAGS=$AM_LDFLAGS"
|
||||
echo
|
||||
echo "Version to build : $PACKAGE_VERSION"
|
||||
echo "Crypto library : $cryptolib"
|
||||
diff --git a/src/Makefile.am b/src/Makefile.am
|
||||
index 6594ddf..65910d8 100644
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -4,18 +4,20 @@
|
||||
# For the license, see the LICENSE file in the root directory.
|
||||
#
|
||||
|
||||
+AM_CFLAGS = @AM_CFLAGS@
|
||||
+AM_LDFLAGS = @AM_LDFLAGS@ $(HARDENING_LDFLAGS) $(SANITIZERS) $(FUZZER)
|
||||
+
|
||||
lib_LTLIBRARIES=libtpms.la
|
||||
|
||||
common_CFLAGS = -include tpm_library_conf.h \
|
||||
-I$(top_srcdir)/include/libtpms \
|
||||
-I$(top_builddir)/include/libtpms \
|
||||
+ $(AM_CFLAGS) \
|
||||
$(HARDENING_CFLAGS) \
|
||||
$(SANITIZERS) \
|
||||
$(FUZZER)
|
||||
|
||||
|
||||
-LDFLAGS += $(HARDENING_LDFLAGS) $(SANITIZERS) $(FUZZER)
|
||||
-
|
||||
#
|
||||
# TPM1.2
|
||||
#
|
||||
@@ -574,16 +576,16 @@ libtpms_la_SOURCES = \
|
||||
libtpms_la_CFLAGS = $(common_CFLAGS)
|
||||
|
||||
libtpms_la_LDFLAGS = -version-info $(LIBTPMS_VERSION_INFO) \
|
||||
- -no-undefined
|
||||
+ -no-undefined $(AM_LDFLAGS)
|
||||
|
||||
if HAVE_VERSION_SCRIPT
|
||||
libtpms_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libtpms.syms
|
||||
endif
|
||||
|
||||
-LDFLAGS_ARCH = $(findstring -m32, $(CFLAGS))
|
||||
-LDFLAGS_ARCH += $(findstring -m64, $(CFLAGS))
|
||||
-LDFLAGS_ARCH += $(findstring -m32, $(LDFLAGS))
|
||||
-LDFLAGS_ARCH += $(findstring -m64, $(LDFLAGS))
|
||||
+LDFLAGS_ARCH = $(findstring -m32, $(AM_CFLAGS))
|
||||
+LDFLAGS_ARCH += $(findstring -m64, $(AM_CFLAGS))
|
||||
+LDFLAGS_ARCH += $(findstring -m32, $(AM_LDFLAGS))
|
||||
+LDFLAGS_ARCH += $(findstring -m64, $(AM_LDFLAGS))
|
||||
|
||||
check-local: SHELL?="/usr/bin/env bash"
|
||||
check-local:
|
||||
--
|
||||
2.29.0
|
||||
|
@ -1,202 +0,0 @@
|
||||
From f16250b35aff6995e540143a9858c9cf0d1f9573 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
||||
Date: Mon, 21 Jun 2021 14:04:34 -0400
|
||||
Subject: [PATCH 1/3] tpm2: Reset TPM2B buffer sizes after test fails for valid
|
||||
buffer size
|
||||
|
||||
Reset the buffer size indicator in a TPM2B type of buffer after it failed
|
||||
the test for the maximum buffer size it allows. This prevents having bad
|
||||
buffer sizes in memory that can come to haunt us when writing the volatile
|
||||
state for example.
|
||||
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
src/tpm2/NVMarshal.c | 1 +
|
||||
src/tpm2/Unmarshal.c | 21 +++++++++++++++++++++
|
||||
2 files changed, 22 insertions(+)
|
||||
|
||||
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
|
||||
index efbab70..9f6d0f7 100644
|
||||
--- a/src/tpm2/NVMarshal.c
|
||||
+++ b/src/tpm2/NVMarshal.c
|
||||
@@ -1503,6 +1503,7 @@ bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size)
|
||||
"allocated %zu\n",
|
||||
(size_t)data->size, (size_t)data->allocated);
|
||||
rc = TPM_RC_SIZE;
|
||||
+ data->size = 0;
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c
|
||||
index c692ccc..8e7a9b7 100644
|
||||
--- a/src/tpm2/Unmarshal.c
|
||||
+++ b/src/tpm2/Unmarshal.c
|
||||
@@ -136,6 +136,7 @@ TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size > targetSize) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
@@ -1686,6 +1687,7 @@ TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *s
|
||||
if ((target->sizeofSelect < PCR_SELECT_MIN) ||
|
||||
(target->sizeofSelect > PCR_SELECT_MAX)) {
|
||||
rc = TPM_RC_VALUE;
|
||||
+ target->sizeofSelect = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
@@ -1859,6 +1861,7 @@ TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_CAP_CC) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -1897,6 +1900,7 @@ TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_CAP_CC) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -1920,6 +1924,7 @@ TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_ALG_LIST_SIZE) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -1942,6 +1947,7 @@ TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_CAP_HANDLES) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -1970,11 +1976,13 @@ TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size)
|
||||
/* TPM side is hard coded to 2 minimum */
|
||||
if (target->count < 2) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > 8) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -1997,6 +2005,7 @@ TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *s
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > HASH_COUNT) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2019,6 +2028,7 @@ TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *s
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > HASH_COUNT) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2044,6 +2054,7 @@ TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *siz
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_CAP_ALGS) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2066,6 +2077,7 @@ TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buf
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_TPM_PROPERTIES) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2088,6 +2100,7 @@ TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buff
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_PCR_PROPERTIES) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2110,6 +2123,7 @@ TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_ECC_CURVES) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2132,6 +2146,7 @@ TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *s
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_TAGGED_POLICIES) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2781,6 +2796,7 @@ TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer,
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size != startSize - *size) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
@@ -3540,6 +3556,7 @@ TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size != startSize - *size) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
@@ -4063,6 +4080,7 @@ TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL al
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size != startSize - *size) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
@@ -4158,6 +4176,7 @@ TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size != startSize - *size) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -4233,6 +4252,7 @@ TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->dataSize > MAX_NV_INDEX_SIZE) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->dataSize = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
@@ -4263,6 +4283,7 @@ TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size != startSize - *size) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
--
|
||||
2.29.0
|
||||
|
@ -1,267 +0,0 @@
|
||||
From 3ef9b26cb9f28bd64d738bff9505a20d4eb56acd Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
||||
Date: Mon, 21 Jun 2021 15:10:14 -0400
|
||||
Subject: [PATCH 2/3] tpm2: Add maxSize parameter to TPM2B_Marshal for sanity
|
||||
checks
|
||||
|
||||
Add maxSize parameter to TPM2B_Marshal and assert on it checking
|
||||
the size of the data intended to be marshaled versus the maximum
|
||||
buffer size.
|
||||
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
src/tpm2/Marshal.c | 38 ++++++++++++++++++++------------------
|
||||
src/tpm2/Marshal_fp.h | 2 +-
|
||||
src/tpm2/NVMarshal.c | 18 +++++++++---------
|
||||
3 files changed, 30 insertions(+), 28 deletions(-)
|
||||
|
||||
diff --git a/src/tpm2/Marshal.c b/src/tpm2/Marshal.c
|
||||
index 53c241e..c843224 100644
|
||||
--- a/src/tpm2/Marshal.c
|
||||
+++ b/src/tpm2/Marshal.c
|
||||
@@ -59,6 +59,7 @@
|
||||
/* */
|
||||
/********************************************************************************/
|
||||
|
||||
+#include <assert.h> // libtpms added
|
||||
#include <string.h>
|
||||
|
||||
#include "Tpm.h"
|
||||
@@ -176,9 +177,10 @@ Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size)
|
||||
}
|
||||
|
||||
UINT16
|
||||
-TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size)
|
||||
+TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
+ assert(source->size <= maxSize); // libtpms added
|
||||
written += UINT16_Marshal(&(source->size), buffer, size);
|
||||
written += Array_Marshal(source->buffer, source->size, buffer, size);
|
||||
return written;
|
||||
@@ -503,7 +505,7 @@ UINT16
|
||||
TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
-written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -513,7 +515,7 @@ UINT16
|
||||
TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
-written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -543,7 +545,7 @@ UINT16
|
||||
TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -553,7 +555,7 @@ UINT16
|
||||
TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -562,7 +564,7 @@ UINT16
|
||||
TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -572,7 +574,7 @@ UINT16
|
||||
TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -582,7 +584,7 @@ UINT16
|
||||
TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.name), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1163,7 +1165,7 @@ UINT16
|
||||
TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.attestationData), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1294,7 +1296,7 @@ UINT16
|
||||
TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1315,7 +1317,7 @@ UINT16
|
||||
TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1673,7 +1675,7 @@ UINT16
|
||||
TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1693,7 +1695,7 @@ UINT16
|
||||
TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1703,7 +1705,7 @@ UINT16
|
||||
TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1937,7 +1939,7 @@ UINT16
|
||||
TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.secret), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -2148,7 +2150,7 @@ UINT16
|
||||
TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -2158,7 +2160,7 @@ UINT16
|
||||
TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.credential), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -2215,7 +2217,7 @@ UINT16
|
||||
TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
diff --git a/src/tpm2/Marshal_fp.h b/src/tpm2/Marshal_fp.h
|
||||
index 3ce6eb3..d52f497 100644
|
||||
--- a/src/tpm2/Marshal_fp.h
|
||||
+++ b/src/tpm2/Marshal_fp.h
|
||||
@@ -79,7 +79,7 @@ extern "C" {
|
||||
UINT16
|
||||
Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size);
|
||||
UINT16
|
||||
- TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size);
|
||||
+ TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size); // libtpms changed
|
||||
UINT16
|
||||
TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size);
|
||||
UINT16
|
||||
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
|
||||
index 9f6d0f7..f8a3798 100644
|
||||
--- a/src/tpm2/NVMarshal.c
|
||||
+++ b/src/tpm2/NVMarshal.c
|
||||
@@ -278,7 +278,7 @@ static UINT16
|
||||
TPM2B_PROOF_Marshal(TPM2B_PROOF *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size);
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1390,7 +1390,7 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
|
||||
STATE_RESET_DATA_VERSION,
|
||||
STATE_RESET_DATA_MAGIC, 3);
|
||||
written += TPM2B_PROOF_Marshal(&data->nullProof, buffer, size);
|
||||
- written += TPM2B_Marshal(&data->nullSeed.b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&data->nullSeed.b, sizeof(data->nullSeed.t.buffer), buffer, size);
|
||||
written += UINT32_Marshal(&data->clearCount, buffer, size);
|
||||
written += UINT64_Marshal(&data->objectContextID, buffer, size);
|
||||
|
||||
@@ -2178,7 +2178,7 @@ TPM2B_HASH_BLOCK_Marshal(TPM2B_HASH_BLOCK *data, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written;
|
||||
|
||||
- written = TPM2B_Marshal(&data->b, buffer, size);
|
||||
+ written = TPM2B_Marshal(&data->b, sizeof(data->t.buffer), buffer, size);
|
||||
|
||||
return written;
|
||||
}
|
||||
@@ -3062,9 +3062,9 @@ VolatileState_Marshal(BYTE **buffer, INT32 *size)
|
||||
|
||||
/* tie the volatile state to the EP,SP, and PPSeed */
|
||||
NvRead(&pd, NV_PERSISTENT_DATA, sizeof(pd));
|
||||
- written += TPM2B_Marshal(&pd.EPSeed.b, buffer, size);
|
||||
- written += TPM2B_Marshal(&pd.SPSeed.b, buffer, size);
|
||||
- written += TPM2B_Marshal(&pd.PPSeed.b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&pd.EPSeed.b, sizeof(pd.EPSeed.t.buffer), buffer, size);
|
||||
+ written += TPM2B_Marshal(&pd.SPSeed.b, sizeof(pd.SPSeed.t.buffer), buffer, size);
|
||||
+ written += TPM2B_Marshal(&pd.PPSeed.b, sizeof(pd.PPSeed.t.buffer), buffer, size);
|
||||
|
||||
written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size); /* v4 */
|
||||
|
||||
@@ -3881,9 +3881,9 @@ PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size)
|
||||
written += TPM2B_AUTH_Marshal(&data->ownerAuth, buffer, size);
|
||||
written += TPM2B_AUTH_Marshal(&data->endorsementAuth, buffer, size);
|
||||
written += TPM2B_AUTH_Marshal(&data->lockoutAuth, buffer, size);
|
||||
- written += TPM2B_Marshal(&data->EPSeed.b, buffer, size);
|
||||
- written += TPM2B_Marshal(&data->SPSeed.b, buffer, size);
|
||||
- written += TPM2B_Marshal(&data->PPSeed.b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&data->EPSeed.b, sizeof(data->EPSeed.t.buffer), buffer, size);
|
||||
+ written += TPM2B_Marshal(&data->SPSeed.b, sizeof(data->SPSeed.t.buffer), buffer, size);
|
||||
+ written += TPM2B_Marshal(&data->PPSeed.b, sizeof(data->PPSeed.t.buffer), buffer, size);
|
||||
written += TPM2B_PROOF_Marshal(&data->phProof, buffer, size);
|
||||
written += TPM2B_PROOF_Marshal(&data->shProof, buffer, size);
|
||||
written += TPM2B_PROOF_Marshal(&data->ehProof, buffer, size);
|
||||
--
|
||||
2.29.0
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,18 +1,14 @@
|
||||
%global gitdate 20210301
|
||||
%global gitversion 729fc6a4ca
|
||||
%global gitdate 20211126
|
||||
%global gitversion 1ff6fe1f43
|
||||
|
||||
Name: libtpms
|
||||
Version: 0.8.2
|
||||
Release: 0.%{gitdate}git%{gitversion}%{?dist}.6
|
||||
Version: 0.9.1
|
||||
Release: 0.%{gitdate}git%{gitversion}%{?dist}
|
||||
|
||||
Summary: Library providing Trusted Platform Module (TPM) functionality
|
||||
License: BSD
|
||||
Url: http://github.com/stefanberger/libtpms
|
||||
Source0: libtpms-%{gitdate}.tar.xz
|
||||
Patch0001: 0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch
|
||||
Patch0002: 0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch
|
||||
Patch0003: 0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch
|
||||
Patch0004: 0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch
|
||||
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pkgconfig gawk sed
|
||||
@ -34,14 +30,14 @@ Libtpms header files and documentation.
|
||||
%autosetup -p1 -n %{name}-%{gitdate}
|
||||
%build
|
||||
NOCONFIGURE=1 sh autogen.sh
|
||||
%configure --disable-static --with-tpm2 --with-openssl
|
||||
make %{?_smp_mflags} CFLAGS=-Wno-error=deprecated-declarations
|
||||
%configure --disable-static --with-tpm2 --without-tpm1 --with-openssl
|
||||
%make_build
|
||||
|
||||
%check
|
||||
make check
|
||||
|
||||
%install
|
||||
make DESTDIR="%{buildroot}" install
|
||||
%make_install
|
||||
find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
|
||||
|
||||
%ldconfig_scriptlets
|
||||
@ -59,6 +55,18 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Wed Dec 01 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-0.20211126git1ff6fe1f43
|
||||
- Rebase to 0.9.1
|
||||
Resolves: rhbz#2027951
|
||||
|
||||
* Tue Nov 9 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-0.20211004gitdc4e3f6313
|
||||
- Rebase to 0.9.0, disable TPM 1.2
|
||||
Resolves: rhbz#1990152 & rhbz#2021628
|
||||
|
||||
* Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.7
|
||||
- Fixes CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
|
||||
Resolves: rhbz#1999303
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.6
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
Loading…
Reference in New Issue
Block a user