diff --git a/.gitignore b/.gitignore index b758b2b..32b84c1 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libtpms-20201106.tar.xz +SOURCES/libtpms-20211126.tar.xz diff --git a/.libtpms.metadata b/.libtpms.metadata index 65df37a..020dc4b 100644 --- a/.libtpms.metadata +++ b/.libtpms.metadata @@ -1 +1 @@ -5ee378fe91675d4cf84abe63665eb8a57e0ebf8b SOURCES/libtpms-20201106.tar.xz +ae609402e34992590961b0d025e9ef1202d8dede SOURCES/libtpms-20211126.tar.xz diff --git a/SOURCES/0001-tpm2-CryptSym-fix-AES-output-IV.patch b/SOURCES/0001-tpm2-CryptSym-fix-AES-output-IV.patch deleted file mode 100644 index 135c33a..0000000 --- a/SOURCES/0001-tpm2-CryptSym-fix-AES-output-IV.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 28d8e756676c5efc6979a0606d82d0223558fbff Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Wed, 17 Mar 2021 16:29:00 +0400 -Subject: [PATCH] tpm2: CryptSym: fix AES output IV -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The TPM is supposed to provide the output IV in the ivInOut parameter in -CryptSymmetricEncrypt. In the case of using the openssl routines, the -output IV is missed, and the resulting output from the TPM is in the -input IV. - -OpenSSL unfortunately does not export EVP_CIPHER_CTX_iv() until -tags/OpenSSL_1_1_0, so we have to fall back to the reference code for -previous OpenSSL versions. - -Signed-off-by: William Roberts -Signed-off-by: Stefan Berger -Signed-off-by: Marc-André Lureau ---- - configure.ac | 1 + - src/tpm2/crypto/openssl/CryptSym.c | 19 +++++++++++++++++++ - 2 files changed, 20 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 2895bc9..f113f17 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -165,6 +165,7 @@ AS_IF([test "x$enable_use_openssl_functions" != "xno"], [ - AC_CHECK_LIB([crypto], [EVP_aes_128_cbc],, not_found=1) - AC_CHECK_LIB([crypto], [EVP_des_ede3_cbc],, not_found=1) - AC_CHECK_LIB([crypto], [DES_random_key],, not_found=1) -+ AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_iv],, not_found=1) - if test "x$not_found" = "x0"; then - use_openssl_functions_symmetric=1 - use_openssl_functions_for="symmetric (AES, TDES) " -diff --git a/src/tpm2/crypto/openssl/CryptSym.c b/src/tpm2/crypto/openssl/CryptSym.c -index 7aa90da..856def6 100644 ---- a/src/tpm2/crypto/openssl/CryptSym.c -+++ b/src/tpm2/crypto/openssl/CryptSym.c -@@ -531,6 +531,7 @@ CryptSymmetricEncrypt( - BYTE keyToUse[MAX_SYM_KEY_BYTES]; - UINT16 keyToUseLen = (UINT16)sizeof(keyToUse); - TPM_RC retVal = TPM_RC_SUCCESS; -+ int ivLen; - - pAssert(dOut != NULL && key != NULL && dIn != NULL); - if(dSize == 0) -@@ -595,6 +596,14 @@ CryptSymmetricEncrypt( - if (EVP_EncryptFinal_ex(ctx, pOut + outlen1, &outlen2) != 1) - ERROR_RETURN(TPM_RC_FAILURE); - -+ if (ivInOut) { -+ ivLen = EVP_CIPHER_CTX_iv_length(ctx); -+ if (ivLen < 0 || (size_t)ivLen > sizeof(ivInOut->t.buffer)) -+ ERROR_RETURN(TPM_RC_FAILURE); -+ -+ ivInOut->t.size = ivLen; -+ memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size); -+ } - Exit: - if (retVal == TPM_RC_SUCCESS && pOut != dOut) - memcpy(dOut, pOut, outlen1 + outlen2); -@@ -636,6 +645,7 @@ CryptSymmetricDecrypt( - BYTE keyToUse[MAX_SYM_KEY_BYTES]; - UINT16 keyToUseLen = (UINT16)sizeof(keyToUse); - TPM_RC retVal = TPM_RC_SUCCESS; -+ int ivLen; - - // These are used but the compiler can't tell because they are initialized - // in case statements and it can't tell if they are always initialized -@@ -707,6 +717,15 @@ CryptSymmetricDecrypt( - - pAssert((int)buffersize >= outlen1 + outlen2); - -+ if (ivInOut) { -+ ivLen = EVP_CIPHER_CTX_iv_length(ctx); -+ if (ivLen < 0 || (size_t)ivLen > sizeof(ivInOut->t.buffer)) -+ ERROR_RETURN(TPM_RC_FAILURE); -+ -+ ivInOut->t.size = ivLen; -+ memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size); -+ } -+ - Exit: - if (retVal == TPM_RC_SUCCESS) { - pAssert(dSize >= outlen1 + outlen2); --- -2.29.0 - diff --git a/SOURCES/0001-tpm2-Initialize-a-whole-OBJECT-before-using-it.patch b/SOURCES/0001-tpm2-Initialize-a-whole-OBJECT-before-using-it.patch deleted file mode 100644 index 7e051a6..0000000 --- a/SOURCES/0001-tpm2-Initialize-a-whole-OBJECT-before-using-it.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 4b1a4e5bfa4ad797050cbb323671b50d4a2367d5 Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Thu, 22 Jul 2021 21:23:58 -0400 -Subject: [PATCH 1/2] tpm2: Initialize a whole OBJECT before using it - -Initialize a whole OBJECT before using it. This is necessary since -an OBJECT may also be used as a HASH_OBJECT via the ANY_OBJECT -union and that HASH_OBJECT can leave bad size inidicators in TPM2B -buffer in the OBJECT. To get rid of this problem we reset the whole -OBJECT to 0 before using it. This is as if the memory for the -OBJECT was just initialized. - -Signed-off-by: Stefan Berger ---- - src/tpm2/Object.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/tpm2/Object.c b/src/tpm2/Object.c -index a70254c..bd98fd9 100644 ---- a/src/tpm2/Object.c -+++ b/src/tpm2/Object.c -@@ -284,7 +284,8 @@ FindEmptyObjectSlot( - if(handle) - *handle = i + TRANSIENT_FIRST; - // Initialize the object attributes -- MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES)); -+ // MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES)); -+ MemorySet(object, 0, sizeof(*object)); // libtpms added: Initialize the whole object - return object; - } - } --- -2.33.0.rc2 - diff --git a/SOURCES/0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch b/SOURCES/0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch deleted file mode 100644 index ab58d3e..0000000 --- a/SOURCES/0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch +++ /dev/null @@ -1,202 +0,0 @@ -From 52a82f3eb6d61833c22294cb6377b8cad14e8c83 Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Mon, 21 Jun 2021 14:04:34 -0400 -Subject: [PATCH 1/3] tpm2: Reset TPM2B buffer sizes after test fails for valid - buffer size - -Reset the buffer size indicator in a TPM2B type of buffer after it failed -the test for the maximum buffer size it allows. This prevents having bad -buffer sizes in memory that can come to haunt us when writing the volatile -state for example. - -Signed-off-by: Stefan Berger ---- - src/tpm2/NVMarshal.c | 1 + - src/tpm2/Unmarshal.c | 21 +++++++++++++++++++++ - 2 files changed, 22 insertions(+) - -diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c -index 141550e..b9934d5 100644 ---- a/src/tpm2/NVMarshal.c -+++ b/src/tpm2/NVMarshal.c -@@ -1440,6 +1440,7 @@ bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size) - "allocated %zu\n", - (size_t)data->size, (size_t)data->allocated); - rc = TPM_RC_SIZE; -+ data->size = 0; - } - } - -diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c -index 9a1d723..bac7d76 100644 ---- a/src/tpm2/Unmarshal.c -+++ b/src/tpm2/Unmarshal.c -@@ -137,6 +137,7 @@ TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->size > targetSize) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -1617,6 +1618,7 @@ TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *s - if ((target->sizeofSelect < PCR_SELECT_MIN) || - (target->sizeofSelect > PCR_SELECT_MAX)) { - rc = TPM_RC_VALUE; -+ target->sizeofSelect = 0; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -1787,6 +1789,7 @@ TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_CAP_CC) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1824,6 +1827,7 @@ TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_CAP_CC) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1846,6 +1850,7 @@ TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_ALG_LIST_SIZE) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1868,6 +1873,7 @@ TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_CAP_HANDLES) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1895,11 +1901,13 @@ TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size) - /* TPM side is hard coded to 2 minimum */ - if (target->count < 2) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { - if (target->count > 8) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1922,6 +1930,7 @@ TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *s - if (rc == TPM_RC_SUCCESS) { - if (target->count > HASH_COUNT) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1944,6 +1953,7 @@ TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *s - if (rc == TPM_RC_SUCCESS) { - if (target->count > HASH_COUNT) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1967,6 +1977,7 @@ TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *siz - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_CAP_ALGS) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1989,6 +2000,7 @@ TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buf - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_TPM_PROPERTIES) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -2011,6 +2023,7 @@ TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buff - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_PCR_PROPERTIES) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -2033,6 +2046,7 @@ TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_ECC_CURVES) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -2055,6 +2069,7 @@ TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *s - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_TAGGED_POLICIES) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -2704,6 +2719,7 @@ TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, - if (rc == TPM_RC_SUCCESS) { - if (target->size != startSize - *size) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - return rc; -@@ -3462,6 +3478,7 @@ TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->size != startSize - *size) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - return rc; -@@ -3985,6 +4002,7 @@ TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL al - if (rc == TPM_RC_SUCCESS) { - if (target->size != startSize - *size) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - return rc; -@@ -4080,6 +4098,7 @@ TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->size != startSize - *size) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - } -@@ -4155,6 +4174,7 @@ TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->dataSize > MAX_NV_INDEX_SIZE) { - rc = TPM_RC_SIZE; -+ target->dataSize = 0; // libtpms added - } - } - return rc; -@@ -4185,6 +4205,7 @@ TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->size != startSize - *size) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - return rc; --- -2.29.0 - diff --git a/SOURCES/0001-tpm2-Return-properly-sized-array-for-b-parameter-for.patch b/SOURCES/0001-tpm2-Return-properly-sized-array-for-b-parameter-for.patch deleted file mode 100644 index 9a02225..0000000 --- a/SOURCES/0001-tpm2-Return-properly-sized-array-for-b-parameter-for.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 8001ad0b968b18d4b002ea0ac6a5cd3fd8be3eeb Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Mon, 15 Feb 2021 09:44:51 -0500 -Subject: [PATCH] tpm2: Return properly sized array for b parameter for NIST - P521 (HLK) - -This patch ensures that the leading zeros in the b parameter for NIST P521 -are being kept so that HLK accepts the returned parameters from -TPM2_ECC_Parameters. Now 66 bytes are reported for 'b' rather than only 65. -Do the same for the 'a' parameter, though that one was properly reported -already because it didn't have any leading zeros. - -Signed-off-by: Stefan Berger ---- - src/tpm2/crypto/openssl/CryptEccMain.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/tpm2/crypto/openssl/CryptEccMain.c b/src/tpm2/crypto/openssl/CryptEccMain.c -index d11f500..c59b2b4 100644 ---- a/src/tpm2/crypto/openssl/CryptEccMain.c -+++ b/src/tpm2/crypto/openssl/CryptEccMain.c -@@ -403,8 +403,8 @@ CryptEccGetParameters( - parameters->kdf = curve->kdf; - parameters->sign = curve->sign; - BnTo2B(data->prime, ¶meters->p.b, 0); -- BnTo2B(data->a, ¶meters->a.b, 0); -- BnTo2B(data->b, ¶meters->b.b, 0); -+ BnTo2B(data->a, ¶meters->a.b, parameters->p.t.size /* libtpms changed for HLK */); -+ BnTo2B(data->b, ¶meters->b.b, parameters->p.t.size /* libtpms changed for HLK */); - BnTo2B(data->base.x, ¶meters->gX.b, parameters->p.t.size); - BnTo2B(data->base.y, ¶meters->gY.b, parameters->p.t.size); - BnTo2B(data->order, ¶meters->n.b, 0); --- -2.29.0 - diff --git a/SOURCES/0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch b/SOURCES/0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch deleted file mode 100644 index 4976e4d..0000000 --- a/SOURCES/0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch +++ /dev/null @@ -1,267 +0,0 @@ -From d29d80c8ca14f793ef9a572945b232a52aa72c54 Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Mon, 21 Jun 2021 15:10:14 -0400 -Subject: [PATCH 2/3] tpm2: Add maxSize parameter to TPM2B_Marshal for sanity - checks - -Add maxSize parameter to TPM2B_Marshal and assert on it checking -the size of the data intended to be marshaled versus the maximum -buffer size. - -Signed-off-by: Stefan Berger ---- - src/tpm2/Marshal.c | 38 ++++++++++++++++++++------------------ - src/tpm2/Marshal_fp.h | 2 +- - src/tpm2/NVMarshal.c | 18 +++++++++--------- - 3 files changed, 30 insertions(+), 28 deletions(-) - -diff --git a/src/tpm2/Marshal.c b/src/tpm2/Marshal.c -index d355096..b498b62 100644 ---- a/src/tpm2/Marshal.c -+++ b/src/tpm2/Marshal.c -@@ -61,6 +61,7 @@ - - /* rev 136 */ - -+#include // libtpms added - #include - - #include "Tpm.h" -@@ -178,9 +179,10 @@ Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size) - } - - UINT16 --TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size) -+TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -+ assert(source->size <= maxSize); // libtpms added - written += UINT16_Marshal(&(source->size), buffer, size); - written += Array_Marshal(source->buffer, source->size, buffer, size); - return written; -@@ -495,7 +497,7 @@ UINT16 - TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; --written += TPM2B_Marshal(&source->b, buffer, size); -+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -505,7 +507,7 @@ UINT16 - TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; --written += TPM2B_Marshal(&source->b, buffer, size); -+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -535,7 +537,7 @@ UINT16 - TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -545,7 +547,7 @@ UINT16 - TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -554,7 +556,7 @@ UINT16 - TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -564,7 +566,7 @@ UINT16 - TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -574,7 +576,7 @@ UINT16 - TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.name), buffer, size); // libtpms changed - return written; - } - -@@ -1111,7 +1113,7 @@ UINT16 - TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.attestationData), buffer, size); // libtpms changed - return written; - } - -@@ -1232,7 +1234,7 @@ UINT16 - TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -1253,7 +1255,7 @@ UINT16 - TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -1613,7 +1615,7 @@ UINT16 - TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -1633,7 +1635,7 @@ UINT16 - TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -1643,7 +1645,7 @@ UINT16 - TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -1879,7 +1881,7 @@ UINT16 - TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.secret), buffer, size); // libtpms changed - return written; - } - -@@ -2090,7 +2092,7 @@ UINT16 - TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -2100,7 +2102,7 @@ UINT16 - TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.credential), buffer, size); // libtpms changed - return written; - } - -@@ -2157,7 +2159,7 @@ UINT16 - TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -diff --git a/src/tpm2/Marshal_fp.h b/src/tpm2/Marshal_fp.h -index faf9d2b..53f4f7d 100644 ---- a/src/tpm2/Marshal_fp.h -+++ b/src/tpm2/Marshal_fp.h -@@ -79,7 +79,7 @@ extern "C" { - UINT16 - Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size); - UINT16 -- TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size); -+ TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size); // libtpms changed - UINT16 - TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size); - UINT16 -diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c -index b9934d5..1f96bcb 100644 ---- a/src/tpm2/NVMarshal.c -+++ b/src/tpm2/NVMarshal.c -@@ -255,7 +255,7 @@ UINT16 - TPM2B_PROOF_Marshal(TPM2B_PROOF *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); - return written; - } - -@@ -1332,7 +1332,7 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size) - STATE_RESET_DATA_VERSION, - STATE_RESET_DATA_MAGIC, 1); - written += TPM2B_PROOF_Marshal(&data->nullProof, buffer, size); -- written += TPM2B_Marshal(&data->nullSeed.b, buffer, size); -+ written += TPM2B_Marshal(&data->nullSeed.b, sizeof(data->nullSeed.t.buffer), buffer, size); - written += UINT32_Marshal(&data->clearCount, buffer, size); - written += UINT64_Marshal(&data->objectContextID, buffer, size); - -@@ -2115,7 +2115,7 @@ TPM2B_HASH_BLOCK_Marshal(TPM2B_HASH_BLOCK *data, BYTE **buffer, INT32 *size) - { - UINT16 written; - -- written = TPM2B_Marshal(&data->b, buffer, size); -+ written = TPM2B_Marshal(&data->b, sizeof(data->t.buffer), buffer, size); - - return written; - } -@@ -2980,9 +2980,9 @@ VolatileState_Marshal(BYTE **buffer, INT32 *size) - - /* tie the volatile state to the EP,SP, and PPSeed */ - NvRead(&pd, NV_PERSISTENT_DATA, sizeof(pd)); -- written += TPM2B_Marshal(&pd.EPSeed.b, buffer, size); -- written += TPM2B_Marshal(&pd.SPSeed.b, buffer, size); -- written += TPM2B_Marshal(&pd.PPSeed.b, buffer, size); -+ written += TPM2B_Marshal(&pd.EPSeed.b, sizeof(pd.EPSeed.t.buffer), buffer, size); -+ written += TPM2B_Marshal(&pd.SPSeed.b, sizeof(pd.SPSeed.t.buffer), buffer, size); -+ written += TPM2B_Marshal(&pd.PPSeed.b, sizeof(pd.PPSeed.t.buffer), buffer, size); - - written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size); /* v4 */ - -@@ -3799,9 +3799,9 @@ PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size) - written += TPM2B_AUTH_Marshal(&data->ownerAuth, buffer, size); - written += TPM2B_AUTH_Marshal(&data->endorsementAuth, buffer, size); - written += TPM2B_AUTH_Marshal(&data->lockoutAuth, buffer, size); -- written += TPM2B_Marshal(&data->EPSeed.b, buffer, size); -- written += TPM2B_Marshal(&data->SPSeed.b, buffer, size); -- written += TPM2B_Marshal(&data->PPSeed.b, buffer, size); -+ written += TPM2B_Marshal(&data->EPSeed.b, sizeof(data->EPSeed.t.buffer), buffer, size); -+ written += TPM2B_Marshal(&data->SPSeed.b, sizeof(data->SPSeed.t.buffer), buffer, size); -+ written += TPM2B_Marshal(&data->PPSeed.b, sizeof(data->PPSeed.t.buffer), buffer, size); - written += TPM2B_PROOF_Marshal(&data->phProof, buffer, size); - written += TPM2B_PROOF_Marshal(&data->shProof, buffer, size); - written += TPM2B_PROOF_Marshal(&data->ehProof, buffer, size); --- -2.29.0 - diff --git a/SOURCES/0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch b/SOURCES/0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch deleted file mode 100644 index e8716fe..0000000 --- a/SOURCES/0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 3f67c46626b4fcf523f27890388dbfc5e4a53987 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 31 Aug 2021 19:44:22 +0400 -Subject: [PATCH] tpm2: NVMarshal: Handle index orderly RAM without 0-sized - terminating node -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The NVRAM entries in s_indexOrderlyRam array do not need to contain a -0-sized terminating node. Instead, the entries may fill up this 512 -byte array so that no NV_RAM_HEADER structure fits anymore. The fact -that no more NV_RAM_HEADER structure fits is also an indicator for the -last entry. We need to account for this in the code marshalling and -unmarshalling the entries so that we stop marshalling the entries -then and similarly stop unmarshalling. - -Signed-off-by: Stefan Berger -[ backport with misc conflict fixes ] -Signed-off-by: Marc-André Lureau ---- - src/tpm2/NVMarshal.c | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c -index ae7d247..02c60ac 100644 ---- a/src/tpm2/NVMarshal.c -+++ b/src/tpm2/NVMarshal.c -@@ -4036,6 +4036,12 @@ INDEX_ORDERLY_RAM_Marshal(void *array, size_t array_size, - datasize, buffer, size); - } - offset += nrh->size; -+ if (offset + sizeof(NV_RAM_HEADER) > array_size) { -+ /* nothing will fit anymore and there won't be a 0-sized -+ * terminating node (@1). -+ */ -+ break; -+ } - } - - written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size); -@@ -4073,6 +4079,15 @@ INDEX_ORDERLY_RAM_Unmarshal(void *array, size_t array_size, - - while (rc == TPM_RC_SUCCESS) { - nrh = array + offset; -+ if (offset + sizeof(NV_RAM_HEADER) > sourceside_size) { -+ /* this case can occur with the previous entry filling up the -+ * space; in this case there will not be a 0-sized terminating -+ * node (see @1 above). We clear the rest of our space. -+ */ -+ if (array_size > offset) -+ memset(nrh, 0, array_size - offset); -+ break; -+ } - /* write the NVRAM header; - nrh->size holds the complete size including data; - nrh->size = 0 indicates the end */ --- -2.33.0.113.g6c40894d24 - diff --git a/SOURCES/0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch b/SOURCES/0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch deleted file mode 100644 index e097220..0000000 --- a/SOURCES/0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch +++ /dev/null @@ -1,998 +0,0 @@ -From a116d366871e2657243209930cc3bda68f9dd938 Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Wed, 23 Jun 2021 20:54:44 -0400 -Subject: [PATCH 3/3] tpm2: Restore original value if unmarshalled value was - illegal - -Restore the original value of the memory location where data from -a stream was unmarshalled and the unmarshalled value was found to -be illegal. The goal is to not keep illegal values in memory. - -Signed-off-by: Stefan Berger ---- - src/tpm2/Unmarshal.c | 122 +++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 122 insertions(+) - -diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c -index bac7d76..c839a68 100644 ---- a/src/tpm2/Unmarshal.c -+++ b/src/tpm2/Unmarshal.c -@@ -165,6 +165,7 @@ TPM_RC - TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_GENERATED orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal(target, buffer, size); -@@ -172,6 +173,7 @@ TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target != TPM_GENERATED_VALUE) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -197,6 +199,7 @@ TPM_RC - TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ECC_CURVE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT16_Unmarshal(target, buffer, size); -@@ -215,6 +218,7 @@ TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_CURVE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -240,6 +244,7 @@ TPM_RC - TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_CLOCK_ADJUST orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = INT8_Unmarshal(target, buffer, size); -@@ -256,6 +261,7 @@ TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -267,6 +273,7 @@ TPM_RC - TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_EO orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT16_Unmarshal(target, buffer, size); -@@ -288,6 +295,7 @@ TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -299,6 +307,7 @@ TPM_RC - TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ST orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT16_Unmarshal(target, buffer, size); -@@ -324,6 +333,7 @@ TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -335,6 +345,7 @@ TPM_RC - TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_SU orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT16_Unmarshal(target, buffer, size); -@@ -346,6 +357,7 @@ TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -357,6 +369,7 @@ TPM_RC - TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_SE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT8_Unmarshal(target, buffer, size); -@@ -369,6 +382,7 @@ TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -380,6 +394,7 @@ TPM_RC - TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_CAP orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal(target, buffer, size); -@@ -400,6 +415,7 @@ TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -450,6 +466,7 @@ TPM_RC - TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMA_ALGORITHM orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ -@@ -457,6 +474,7 @@ TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target & TPMA_ALGORITHM_reserved) { - rc = TPM_RC_RESERVED_BITS; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -468,6 +486,7 @@ TPM_RC - TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMA_OBJECT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ -@@ -475,6 +494,7 @@ TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target & TPMA_OBJECT_reserved) { - rc = TPM_RC_RESERVED_BITS; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -486,6 +506,7 @@ TPM_RC - TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMA_SESSION orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT8_Unmarshal((UINT8 *)target, buffer, size); /* libtpms changed */ -@@ -493,6 +514,7 @@ TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target & TPMA_SESSION_reserved) { - rc = TPM_RC_RESERVED_BITS; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -517,6 +539,7 @@ TPM_RC - TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMA_CC orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ -@@ -524,6 +547,7 @@ TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target & TPMA_CC_reserved) { - rc = TPM_RC_RESERVED_BITS; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -535,6 +559,7 @@ TPM_RC - TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_YES_NO orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT8_Unmarshal(target, buffer, size); -@@ -546,6 +571,7 @@ TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -557,6 +583,7 @@ TPM_RC - TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_OBJECT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -569,6 +596,7 @@ TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOO - isNotPersistent && - isNotLegalNull) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -580,6 +608,7 @@ TPM_RC - TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_PARENT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -598,6 +627,7 @@ TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOO - isNotEndorsement && - isNotLegalNull) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -609,6 +639,7 @@ TPM_RC - TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_PERSISTENT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -617,6 +648,7 @@ TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *s - BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST); - if (isNotPersistent) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -628,6 +660,7 @@ TPM_RC - TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_ENTITY orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -654,6 +687,7 @@ TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOO - isNotAuth && - isNotLegalNull) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -665,6 +699,7 @@ TPM_RC - TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_PCR orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -675,6 +710,7 @@ TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allo - if (isNotPcr && - isNotLegalNull) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -686,6 +722,7 @@ TPM_RC - TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL allowPwd) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_SH_AUTH_SESSION orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -698,6 +735,7 @@ TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT3 - isNotPolicySession && - isNotLegalPwd) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -709,6 +747,7 @@ TPM_RC - TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_SH_HMAC orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -717,6 +756,7 @@ TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size) - BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST); - if (isNotHmacSession) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -728,6 +768,7 @@ TPM_RC - TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_SH_POLICY orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -736,6 +777,7 @@ TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size) - BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST); - if (isNotPolicySession) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -747,6 +789,7 @@ TPM_RC - TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_CONTEXT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -759,6 +802,7 @@ TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size) - isNotPolicySession && - isNotTransient) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -770,6 +814,7 @@ TPM_RC - TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_SAVED orig_target = *target; // libtpms added - allowNull = allowNull; - - if (rc == TPM_RC_SUCCESS) { -@@ -787,6 +832,7 @@ TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size, BOOL - isNotSequenceObject && - isNotTransientStClear) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -798,6 +844,7 @@ TPM_RC - TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_HIERARCHY orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -814,6 +861,7 @@ TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *siz - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -825,6 +873,7 @@ TPM_RC - TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_ENABLES orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -842,6 +891,7 @@ TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, B - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -853,6 +903,7 @@ TPM_RC - TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_HIERARCHY_AUTH orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -866,6 +917,7 @@ TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -877,6 +929,7 @@ TPM_RC - TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_PLATFORM orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -887,6 +940,7 @@ TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -898,6 +952,7 @@ TPM_RC - TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_ENDORSEMENT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -912,6 +967,7 @@ TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -923,6 +979,7 @@ TPM_RC - TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_PROVISION orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -934,6 +991,7 @@ TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *siz - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -945,6 +1003,7 @@ TPM_RC - TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_CLEAR orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -956,6 +1015,7 @@ TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -967,6 +1027,7 @@ TPM_RC - TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_NV_AUTH orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -981,6 +1042,7 @@ TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size) - BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); - if (isNotNv) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - } -@@ -994,6 +1056,7 @@ TPM_RC - TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_LOCKOUT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -1004,6 +1067,7 @@ TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1015,6 +1079,7 @@ TPM_RC - TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_NV_INDEX orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -1023,6 +1088,7 @@ TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size) - BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); - if (isNotNv) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1034,6 +1100,7 @@ TPM_RC - TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_HASH orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1062,6 +1129,7 @@ TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL - } - default: - rc = TPM_RC_HASH; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1073,6 +1141,7 @@ TPM_RC - TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_SYM orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1101,6 +1170,7 @@ TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL al - } - default: - rc = TPM_RC_SYMMETRIC; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1112,6 +1182,7 @@ TPM_RC - TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_SYM_OBJECT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1137,6 +1208,7 @@ TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_SYMMETRIC; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1148,6 +1220,7 @@ TPM_RC - TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_SYM_MODE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1179,6 +1252,7 @@ TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *siz - } - default: - rc = TPM_RC_MODE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1190,6 +1264,7 @@ TPM_RC - TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_KDF orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1215,6 +1290,7 @@ TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL al - } - default: - rc = TPM_RC_KDF; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1226,6 +1302,7 @@ TPM_RC - TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_SIG_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1260,6 +1337,7 @@ TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_SCHEME; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1271,6 +1349,7 @@ TPM_RC - TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ECC_KEY_EXCHANGE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1293,6 +1372,7 @@ TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, IN - } - default: - rc = TPM_RC_SCHEME; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1305,6 +1385,7 @@ TPM_RC - TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ST_COMMAND_TAG orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(target, buffer, size); -@@ -1316,6 +1397,7 @@ TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 - break; - default: - rc = TPM_RC_BAD_TAG; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1327,6 +1409,7 @@ TPM_RC - TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_MAC_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1358,6 +1441,7 @@ TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_SYMMETRIC; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1369,6 +1453,7 @@ TPM_RC - TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_CIPHER_MODE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1397,6 +1482,7 @@ TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_MODE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1633,6 +1719,7 @@ TPM_RC - TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ST orig_tag = target->tag; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(&target->tag, buffer, size); -@@ -1640,6 +1727,7 @@ TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->tag != TPM_ST_CREATION) { - rc = TPM_RC_TAG; -+ target->tag = orig_tag; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -1657,6 +1745,7 @@ TPM_RC - TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ST orig_tag = target->tag; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(&target->tag, buffer, size); -@@ -1664,6 +1753,7 @@ TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->tag != TPM_ST_VERIFIED) { - rc = TPM_RC_TAG; -+ target->tag = orig_tag; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -1681,6 +1771,7 @@ TPM_RC - TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ST orig_tag = target->tag; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(&target->tag, buffer, size); -@@ -1689,6 +1780,7 @@ TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) - if ((target->tag != TPM_ST_AUTH_SIGNED) && - (target->tag != TPM_ST_AUTH_SECRET)) { - rc = TPM_RC_TAG; -+ target->tag = orig_tag; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -1706,6 +1798,7 @@ TPM_RC - TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ST orig_tag = target->tag; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(&target->tag, buffer, size); -@@ -1713,6 +1806,7 @@ TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *siz - if (rc == TPM_RC_SUCCESS) { - if (target->tag != TPM_ST_HASHCHECK) { - rc = TPM_RC_TAG; -+ target->tag = orig_tag; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -2303,6 +2397,7 @@ TPM_RC - TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ST_ATTEST orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(target, buffer, size); -@@ -2319,6 +2414,7 @@ TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_SELECTOR; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -2413,6 +2509,7 @@ TPM_RC - TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_AES_KEY_BITS orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); -@@ -2424,6 +2521,7 @@ TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *siz - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -2435,6 +2533,7 @@ TPM_RC - TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_CAMELLIA_KEY_BITS orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); -@@ -2445,6 +2544,7 @@ TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -2456,6 +2556,7 @@ TPM_RC - TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_SM4_KEY_BITS orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); -@@ -2466,6 +2567,7 @@ TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *siz - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -2477,6 +2579,7 @@ TPM_RC - TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_SM4_KEY_BITS orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); -@@ -2488,6 +2591,7 @@ TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *si - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -2760,6 +2864,7 @@ TPM_RC - TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_KEYEDHASH_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -2779,6 +2884,7 @@ TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **bu - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3163,6 +3269,7 @@ TPM_RC - TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_ASYM_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -3206,6 +3313,7 @@ TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT3 - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3284,6 +3392,7 @@ TPM_RC - TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_RSA_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -3309,6 +3418,7 @@ TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3336,6 +3446,7 @@ TPM_RC - TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_RSA_DECRYPT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -3355,6 +3466,7 @@ TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT3 - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3395,6 +3507,7 @@ TPM_RC - TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RSA_KEY_BITS orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); -@@ -3406,6 +3519,7 @@ TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *siz - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3490,6 +3604,7 @@ TPM_RC - TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_ECC_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -3521,6 +3636,7 @@ TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_SCHEME; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3532,6 +3648,7 @@ TPM_RC - TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ECC_CURVE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ECC_CURVE_Unmarshal(target, buffer, size); -@@ -3568,6 +3685,7 @@ TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_CURVE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3782,6 +3900,7 @@ TPM_RC - TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_PUBLIC orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -3803,6 +3922,7 @@ TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_TYPE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -4137,6 +4257,7 @@ TPM_RC - TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMA_NV orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ -@@ -4144,6 +4265,7 @@ TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target & TPMA_NV_RESERVED) { - rc = TPM_RC_RESERVED_BITS; -+ *target = orig_target; // libtpms added - } - } - return rc; --- -2.29.0 - diff --git a/SPECS/libtpms.spec b/SPECS/libtpms.spec index a2be806..69c687b 100644 --- a/SPECS/libtpms.spec +++ b/SPECS/libtpms.spec @@ -1,9 +1,9 @@ -%global gitdate 20201106 -%global gitversion 2452a24dab +%global gitdate 20211126 +%global gitversion 1ff6fe1f43 Name: libtpms -Version: 0.7.4 -Release: 6.%{gitdate}git%{gitversion}%{?dist} +Version: 0.9.1 +Release: 0.%{gitdate}git%{gitversion}%{?dist} Summary: Library providing Trusted Platform Module (TPM) functionality License: BSD @@ -15,14 +15,7 @@ BuildRequires: openssl-devel BuildRequires: pkgconfig gawk sed BuildRequires: automake autoconf libtool bash coreutils gcc-c++ BuildRequires: git - -Patch0001: 0001-tpm2-Return-properly-sized-array-for-b-parameter-for.patch -Patch0002: 0001-tpm2-CryptSym-fix-AES-output-IV.patch -Patch0003: 0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch -Patch0004: 0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch -Patch0005: 0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch -Patch0006: 0001-tpm2-Initialize-a-whole-OBJECT-before-using-it.patch -Patch0007: 0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch +BuildRequires: make %description A library providing TPM functionality for VMs. Targeted for integration @@ -39,14 +32,14 @@ Libtpms header files and documentation. %autosetup -S git -n %{name}-%{gitdate} %build NOCONFIGURE=1 sh autogen.sh -%configure --disable-static --with-tpm2 --with-openssl -make %{?_smp_mflags} +%configure --disable-static --with-tpm2 --without-tpm1 --with-openssl +%make_build %check make check %install -make DESTDIR="%{buildroot}" install +%make_install find %{buildroot} -type f -name '*.la' | xargs rm -f -- || : %ldconfig_scriptlets @@ -64,6 +57,10 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || : %{_mandir}/man3/* %changelog +* Thu Dec 09 2021 Marc-André Lureau - 0.9.1-0.20211126git1ff6fe1f43 +- Rebase to 0.9.1 (sync with RHEL9) + Resolves: rhbz#2029355 + * Tue Aug 31 2021 Marc-André Lureau - 0.7.4-6.20201106git2452a24dab - Fix CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets Resolves: rhbz#1999307