diff --git a/.gitignore b/.gitignore index 206c9cf..4173caa 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ /libtpms-20210218.tar.xz /libtpms-20210227.tar.xz /libtpms-20210301.tar.xz +/libtpms-20211004.tar.xz diff --git a/0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch b/0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch deleted file mode 100644 index 055c014..0000000 --- a/0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 16cd8fba849d1d95b247025aea7314165ffd8acf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 18 May 2021 17:10:52 +0400 -Subject: [PATCH] build-sys: leave CFLAGS/LDFLAGS for user to be defined -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This allows user to set specific flags during compilation, without -overriding configure-time cflags necessary for compilation. - -See also: -https://www.gnu.org/software/automake/manual/html_node/User-Variables.html -https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html - -Signed-off-by: Marc-André Lureau ---- - configure.ac | 13 ++++++++----- - src/Makefile.am | 16 +++++++++------- - 2 files changed, 17 insertions(+), 12 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 8559b66..95deab5 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -305,9 +305,12 @@ if test "x$enable_hardening" != "xno"; then - AC_SUBST([HARDENING_LDFLAGS]) - fi - --CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign" --CFLAGS="$CFLAGS -Wmissing-prototypes" --LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS" -+AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign" -+AM_CFLAGS="$AM_CFLAGS -Wmissing-prototypes" -+AM_LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS" -+ -+AC_SUBST([AM_CFLAGS]) -+AC_SUBST([AM_LDFLAGS]) - - AC_CONFIG_FILES(Makefile \ - dist/libtpms.spec \ -@@ -330,10 +333,10 @@ if test -z "$with_tpm2"; then - fi - - echo --echo "CFLAGS=$CFLAGS" -+echo "AM_CFLAGS=$AM_CFLAGS" - echo "HARDENING_CFLAGS=$HARDENING_CFLAGS" - echo "HARDENING_LDFLAGS=$HARDENING_LDFLAGS" --echo "LDFLAGS=$LDFLAGS" -+echo "AM_LDFLAGS=$AM_LDFLAGS" - echo - echo "Version to build : $PACKAGE_VERSION" - echo "Crypto library : $cryptolib" -diff --git a/src/Makefile.am b/src/Makefile.am -index 6594ddf..65910d8 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -4,18 +4,20 @@ - # For the license, see the LICENSE file in the root directory. - # - -+AM_CFLAGS = @AM_CFLAGS@ -+AM_LDFLAGS = @AM_LDFLAGS@ $(HARDENING_LDFLAGS) $(SANITIZERS) $(FUZZER) -+ - lib_LTLIBRARIES=libtpms.la - - common_CFLAGS = -include tpm_library_conf.h \ - -I$(top_srcdir)/include/libtpms \ - -I$(top_builddir)/include/libtpms \ -+ $(AM_CFLAGS) \ - $(HARDENING_CFLAGS) \ - $(SANITIZERS) \ - $(FUZZER) - - --LDFLAGS += $(HARDENING_LDFLAGS) $(SANITIZERS) $(FUZZER) -- - # - # TPM1.2 - # -@@ -574,16 +576,16 @@ libtpms_la_SOURCES = \ - libtpms_la_CFLAGS = $(common_CFLAGS) - - libtpms_la_LDFLAGS = -version-info $(LIBTPMS_VERSION_INFO) \ -- -no-undefined -+ -no-undefined $(AM_LDFLAGS) - - if HAVE_VERSION_SCRIPT - libtpms_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libtpms.syms - endif - --LDFLAGS_ARCH = $(findstring -m32, $(CFLAGS)) --LDFLAGS_ARCH += $(findstring -m64, $(CFLAGS)) --LDFLAGS_ARCH += $(findstring -m32, $(LDFLAGS)) --LDFLAGS_ARCH += $(findstring -m64, $(LDFLAGS)) -+LDFLAGS_ARCH = $(findstring -m32, $(AM_CFLAGS)) -+LDFLAGS_ARCH += $(findstring -m64, $(AM_CFLAGS)) -+LDFLAGS_ARCH += $(findstring -m32, $(AM_LDFLAGS)) -+LDFLAGS_ARCH += $(findstring -m64, $(AM_LDFLAGS)) - - check-local: SHELL?="/usr/bin/env bash" - check-local: --- -2.29.0 - diff --git a/0001-tpm2-Initialize-a-whole-OBJECT-before-using-it.patch b/0001-tpm2-Initialize-a-whole-OBJECT-before-using-it.patch deleted file mode 100644 index ba7c802..0000000 --- a/0001-tpm2-Initialize-a-whole-OBJECT-before-using-it.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 33a03986e0a09dde439985e0312d1c8fb3743aab Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Thu, 22 Jul 2021 21:23:58 -0400 -Subject: [PATCH 1/2] tpm2: Initialize a whole OBJECT before using it - -Initialize a whole OBJECT before using it. This is necessary since -an OBJECT may also be used as a HASH_OBJECT via the ANY_OBJECT -union and that HASH_OBJECT can leave bad size inidicators in TPM2B -buffer in the OBJECT. To get rid of this problem we reset the whole -OBJECT to 0 before using it. This is as if the memory for the -OBJECT was just initialized. - -Signed-off-by: Stefan Berger ---- - src/tpm2/Object.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/tpm2/Object.c b/src/tpm2/Object.c -index 8e8b3ee..8406d8f 100644 ---- a/src/tpm2/Object.c -+++ b/src/tpm2/Object.c -@@ -276,7 +276,8 @@ FindEmptyObjectSlot( - if(handle) - *handle = i + TRANSIENT_FIRST; - // Initialize the object attributes -- MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES)); -+ // MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES)); -+ MemorySet(object, 0, sizeof(*object)); // libtpms added: Initialize the whole object - return object; - } - } --- -2.33.0.rc2 - diff --git a/0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch b/0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch deleted file mode 100644 index e2d0b8c..0000000 --- a/0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch +++ /dev/null @@ -1,202 +0,0 @@ -From f16250b35aff6995e540143a9858c9cf0d1f9573 Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Mon, 21 Jun 2021 14:04:34 -0400 -Subject: [PATCH 1/3] tpm2: Reset TPM2B buffer sizes after test fails for valid - buffer size - -Reset the buffer size indicator in a TPM2B type of buffer after it failed -the test for the maximum buffer size it allows. This prevents having bad -buffer sizes in memory that can come to haunt us when writing the volatile -state for example. - -Signed-off-by: Stefan Berger ---- - src/tpm2/NVMarshal.c | 1 + - src/tpm2/Unmarshal.c | 21 +++++++++++++++++++++ - 2 files changed, 22 insertions(+) - -diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c -index efbab70..9f6d0f7 100644 ---- a/src/tpm2/NVMarshal.c -+++ b/src/tpm2/NVMarshal.c -@@ -1503,6 +1503,7 @@ bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size) - "allocated %zu\n", - (size_t)data->size, (size_t)data->allocated); - rc = TPM_RC_SIZE; -+ data->size = 0; - } - } - -diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c -index c692ccc..8e7a9b7 100644 ---- a/src/tpm2/Unmarshal.c -+++ b/src/tpm2/Unmarshal.c -@@ -136,6 +136,7 @@ TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->size > targetSize) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -1686,6 +1687,7 @@ TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *s - if ((target->sizeofSelect < PCR_SELECT_MIN) || - (target->sizeofSelect > PCR_SELECT_MAX)) { - rc = TPM_RC_VALUE; -+ target->sizeofSelect = 0; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -1859,6 +1861,7 @@ TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_CAP_CC) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1897,6 +1900,7 @@ TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_CAP_CC) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1920,6 +1924,7 @@ TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_ALG_LIST_SIZE) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1942,6 +1947,7 @@ TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_CAP_HANDLES) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1970,11 +1976,13 @@ TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size) - /* TPM side is hard coded to 2 minimum */ - if (target->count < 2) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { - if (target->count > 8) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -1997,6 +2005,7 @@ TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *s - if (rc == TPM_RC_SUCCESS) { - if (target->count > HASH_COUNT) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -2019,6 +2028,7 @@ TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *s - if (rc == TPM_RC_SUCCESS) { - if (target->count > HASH_COUNT) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -2044,6 +2054,7 @@ TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *siz - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_CAP_ALGS) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -2066,6 +2077,7 @@ TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buf - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_TPM_PROPERTIES) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -2088,6 +2100,7 @@ TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buff - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_PCR_PROPERTIES) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -2110,6 +2123,7 @@ TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_ECC_CURVES) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -2132,6 +2146,7 @@ TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *s - if (rc == TPM_RC_SUCCESS) { - if (target->count > MAX_TAGGED_POLICIES) { - rc = TPM_RC_SIZE; -+ target->count = 0; // libtpms added - } - } - for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { -@@ -2781,6 +2796,7 @@ TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, - if (rc == TPM_RC_SUCCESS) { - if (target->size != startSize - *size) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - return rc; -@@ -3540,6 +3556,7 @@ TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->size != startSize - *size) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - return rc; -@@ -4063,6 +4080,7 @@ TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL al - if (rc == TPM_RC_SUCCESS) { - if (target->size != startSize - *size) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - return rc; -@@ -4158,6 +4176,7 @@ TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->size != startSize - *size) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - } -@@ -4233,6 +4252,7 @@ TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->dataSize > MAX_NV_INDEX_SIZE) { - rc = TPM_RC_SIZE; -+ target->dataSize = 0; // libtpms added - } - } - return rc; -@@ -4263,6 +4283,7 @@ TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->size != startSize - *size) { - rc = TPM_RC_SIZE; -+ target->size = 0; // libtpms added - } - } - return rc; --- -2.29.0 - diff --git a/0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch b/0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch deleted file mode 100644 index 6237aca..0000000 --- a/0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch +++ /dev/null @@ -1,267 +0,0 @@ -From 3ef9b26cb9f28bd64d738bff9505a20d4eb56acd Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Mon, 21 Jun 2021 15:10:14 -0400 -Subject: [PATCH 2/3] tpm2: Add maxSize parameter to TPM2B_Marshal for sanity - checks - -Add maxSize parameter to TPM2B_Marshal and assert on it checking -the size of the data intended to be marshaled versus the maximum -buffer size. - -Signed-off-by: Stefan Berger ---- - src/tpm2/Marshal.c | 38 ++++++++++++++++++++------------------ - src/tpm2/Marshal_fp.h | 2 +- - src/tpm2/NVMarshal.c | 18 +++++++++--------- - 3 files changed, 30 insertions(+), 28 deletions(-) - -diff --git a/src/tpm2/Marshal.c b/src/tpm2/Marshal.c -index 53c241e..c843224 100644 ---- a/src/tpm2/Marshal.c -+++ b/src/tpm2/Marshal.c -@@ -59,6 +59,7 @@ - /* */ - /********************************************************************************/ - -+#include // libtpms added - #include - - #include "Tpm.h" -@@ -176,9 +177,10 @@ Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size) - } - - UINT16 --TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size) -+TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -+ assert(source->size <= maxSize); // libtpms added - written += UINT16_Marshal(&(source->size), buffer, size); - written += Array_Marshal(source->buffer, source->size, buffer, size); - return written; -@@ -503,7 +505,7 @@ UINT16 - TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; --written += TPM2B_Marshal(&source->b, buffer, size); -+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -513,7 +515,7 @@ UINT16 - TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; --written += TPM2B_Marshal(&source->b, buffer, size); -+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -543,7 +545,7 @@ UINT16 - TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -553,7 +555,7 @@ UINT16 - TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -562,7 +564,7 @@ UINT16 - TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -572,7 +574,7 @@ UINT16 - TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -582,7 +584,7 @@ UINT16 - TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.name), buffer, size); // libtpms changed - return written; - } - -@@ -1163,7 +1165,7 @@ UINT16 - TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.attestationData), buffer, size); // libtpms changed - return written; - } - -@@ -1294,7 +1296,7 @@ UINT16 - TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -1315,7 +1317,7 @@ UINT16 - TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -1673,7 +1675,7 @@ UINT16 - TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -1693,7 +1695,7 @@ UINT16 - TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -1703,7 +1705,7 @@ UINT16 - TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -1937,7 +1939,7 @@ UINT16 - TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.secret), buffer, size); // libtpms changed - return written; - } - -@@ -2148,7 +2150,7 @@ UINT16 - TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -@@ -2158,7 +2160,7 @@ UINT16 - TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.credential), buffer, size); // libtpms changed - return written; - } - -@@ -2215,7 +2217,7 @@ UINT16 - TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed - return written; - } - -diff --git a/src/tpm2/Marshal_fp.h b/src/tpm2/Marshal_fp.h -index 3ce6eb3..d52f497 100644 ---- a/src/tpm2/Marshal_fp.h -+++ b/src/tpm2/Marshal_fp.h -@@ -79,7 +79,7 @@ extern "C" { - UINT16 - Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size); - UINT16 -- TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size); -+ TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size); // libtpms changed - UINT16 - TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size); - UINT16 -diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c -index 9f6d0f7..f8a3798 100644 ---- a/src/tpm2/NVMarshal.c -+++ b/src/tpm2/NVMarshal.c -@@ -278,7 +278,7 @@ static UINT16 - TPM2B_PROOF_Marshal(TPM2B_PROOF *source, BYTE **buffer, INT32 *size) - { - UINT16 written = 0; -- written += TPM2B_Marshal(&source->b, buffer, size); -+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); - return written; - } - -@@ -1390,7 +1390,7 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size) - STATE_RESET_DATA_VERSION, - STATE_RESET_DATA_MAGIC, 3); - written += TPM2B_PROOF_Marshal(&data->nullProof, buffer, size); -- written += TPM2B_Marshal(&data->nullSeed.b, buffer, size); -+ written += TPM2B_Marshal(&data->nullSeed.b, sizeof(data->nullSeed.t.buffer), buffer, size); - written += UINT32_Marshal(&data->clearCount, buffer, size); - written += UINT64_Marshal(&data->objectContextID, buffer, size); - -@@ -2178,7 +2178,7 @@ TPM2B_HASH_BLOCK_Marshal(TPM2B_HASH_BLOCK *data, BYTE **buffer, INT32 *size) - { - UINT16 written; - -- written = TPM2B_Marshal(&data->b, buffer, size); -+ written = TPM2B_Marshal(&data->b, sizeof(data->t.buffer), buffer, size); - - return written; - } -@@ -3062,9 +3062,9 @@ VolatileState_Marshal(BYTE **buffer, INT32 *size) - - /* tie the volatile state to the EP,SP, and PPSeed */ - NvRead(&pd, NV_PERSISTENT_DATA, sizeof(pd)); -- written += TPM2B_Marshal(&pd.EPSeed.b, buffer, size); -- written += TPM2B_Marshal(&pd.SPSeed.b, buffer, size); -- written += TPM2B_Marshal(&pd.PPSeed.b, buffer, size); -+ written += TPM2B_Marshal(&pd.EPSeed.b, sizeof(pd.EPSeed.t.buffer), buffer, size); -+ written += TPM2B_Marshal(&pd.SPSeed.b, sizeof(pd.SPSeed.t.buffer), buffer, size); -+ written += TPM2B_Marshal(&pd.PPSeed.b, sizeof(pd.PPSeed.t.buffer), buffer, size); - - written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size); /* v4 */ - -@@ -3881,9 +3881,9 @@ PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size) - written += TPM2B_AUTH_Marshal(&data->ownerAuth, buffer, size); - written += TPM2B_AUTH_Marshal(&data->endorsementAuth, buffer, size); - written += TPM2B_AUTH_Marshal(&data->lockoutAuth, buffer, size); -- written += TPM2B_Marshal(&data->EPSeed.b, buffer, size); -- written += TPM2B_Marshal(&data->SPSeed.b, buffer, size); -- written += TPM2B_Marshal(&data->PPSeed.b, buffer, size); -+ written += TPM2B_Marshal(&data->EPSeed.b, sizeof(data->EPSeed.t.buffer), buffer, size); -+ written += TPM2B_Marshal(&data->SPSeed.b, sizeof(data->SPSeed.t.buffer), buffer, size); -+ written += TPM2B_Marshal(&data->PPSeed.b, sizeof(data->PPSeed.t.buffer), buffer, size); - written += TPM2B_PROOF_Marshal(&data->phProof, buffer, size); - written += TPM2B_PROOF_Marshal(&data->shProof, buffer, size); - written += TPM2B_PROOF_Marshal(&data->ehProof, buffer, size); --- -2.29.0 - diff --git a/0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch b/0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch deleted file mode 100644 index e849939..0000000 --- a/0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch +++ /dev/null @@ -1,56 +0,0 @@ -From aaef222e8682cc2e0f9ea7124220c5fe44fab62b Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Fri, 23 Jul 2021 13:29:00 -0400 -Subject: [PATCH 2/2] tpm2: NVMarshal: Handle index orderly RAM without 0-sized - terminating node - -The NVRAM entries in s_indexOrderlyRam array do not need to contain a -0-sized terminating node. Instead, the entries may fill up this 512 -byte array so that no NV_RAM_HEADER structure fits anymore. The fact -that no more NV_RAM_HEADER structure fits is also an indicator for the -last entry. We need to account for this in the code marshalling and -unmarshalling the entries so that we stop marshalling the entries -then and similarly stop unmarshalling. - -Signed-off-by: Stefan Berger ---- - src/tpm2/NVMarshal.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c -index f8a3798..935a76c 100644 ---- a/src/tpm2/NVMarshal.c -+++ b/src/tpm2/NVMarshal.c -@@ -4244,6 +4244,12 @@ INDEX_ORDERLY_RAM_Marshal(void *array, size_t array_size, - datasize, buffer, size); - } - offset += nrh.size; -+ if (offset + sizeof(NV_RAM_HEADER) > array_size) { -+ /* nothing will fit anymore and there won't be a 0-sized -+ * terminating node (@1). -+ */ -+ break; -+ } - } - - written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size); -@@ -4286,6 +4292,16 @@ INDEX_ORDERLY_RAM_Unmarshal(void *array, size_t array_size, - */ - nrhp = array + offset; - -+ if (offset + sizeof(NV_RAM_HEADER) > sourceside_size) { -+ /* this case can occur with the previous entry filling up the -+ * space; in this case there will not be a 0-sized terminating -+ * node (see @1 above). We clear the rest of our space. -+ */ -+ if (array_size > offset) -+ memset(nrhp, 0, array_size - offset); -+ break; -+ } -+ - /* write the NVRAM header; - nrh->size holds the complete size including data; - nrh->size = 0 indicates the end */ --- -2.33.0.rc2 - diff --git a/0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch b/0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch deleted file mode 100644 index f2431b0..0000000 --- a/0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch +++ /dev/null @@ -1,1046 +0,0 @@ -From 5cc98a62dc6f204dcf5b87c2ee83ac742a6a319b Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Wed, 23 Jun 2021 20:54:44 -0400 -Subject: [PATCH 3/3] tpm2: Restore original value if unmarshalled value was - illegal - -Restore the original value of the memory location where data from -a stream was unmarshalled and the unmarshalled value was found to -be illegal. The goal is to not keep illegal values in memory. - -Signed-off-by: Stefan Berger ---- - src/tpm2/Unmarshal.c | 128 +++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 128 insertions(+) - -diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c -index 8e7a9b7..e95d961 100644 ---- a/src/tpm2/Unmarshal.c -+++ b/src/tpm2/Unmarshal.c -@@ -165,6 +165,7 @@ TPM_RC - TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_GENERATED orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal(target, buffer, size); -@@ -172,6 +173,7 @@ TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target != TPM_GENERATED_VALUE) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -198,6 +200,7 @@ TPM_RC - TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ECC_CURVE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT16_Unmarshal(target, buffer, size); -@@ -216,6 +219,7 @@ TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_CURVE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -241,6 +245,7 @@ TPM_RC - TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_CLOCK_ADJUST orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = INT8_Unmarshal(target, buffer, size); -@@ -257,6 +262,7 @@ TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -268,6 +274,7 @@ TPM_RC - TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_EO orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT16_Unmarshal(target, buffer, size); -@@ -289,6 +296,7 @@ TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -300,6 +308,7 @@ TPM_RC - TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ST orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT16_Unmarshal(target, buffer, size); -@@ -325,6 +334,7 @@ TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -336,6 +346,7 @@ TPM_RC - TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_SU orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT16_Unmarshal(target, buffer, size); -@@ -347,6 +358,7 @@ TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -358,6 +370,7 @@ TPM_RC - TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_SE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT8_Unmarshal(target, buffer, size); -@@ -370,6 +383,7 @@ TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -381,6 +395,7 @@ TPM_RC - TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_CAP orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal(target, buffer, size); -@@ -402,6 +417,7 @@ TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -452,6 +468,7 @@ TPM_RC - TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMA_ALGORITHM orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ -@@ -459,6 +476,7 @@ TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target & TPMA_ALGORITHM_reserved) { - rc = TPM_RC_RESERVED_BITS; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -470,6 +488,7 @@ TPM_RC - TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMA_OBJECT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ -@@ -477,6 +496,7 @@ TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target & TPMA_OBJECT_reserved) { - rc = TPM_RC_RESERVED_BITS; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -488,6 +508,7 @@ TPM_RC - TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMA_SESSION orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT8_Unmarshal((UINT8 *)target, buffer, size); /* libtpms changed */ -@@ -495,6 +516,7 @@ TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target & TPMA_SESSION_reserved) { - rc = TPM_RC_RESERVED_BITS; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -519,6 +541,7 @@ TPM_RC - TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMA_CC orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ -@@ -526,6 +549,7 @@ TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target & TPMA_CC_reserved) { - rc = TPM_RC_RESERVED_BITS; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -537,6 +561,7 @@ TPM_RC - TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_YES_NO orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT8_Unmarshal(target, buffer, size); -@@ -548,6 +573,7 @@ TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -559,6 +585,7 @@ TPM_RC - TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_OBJECT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -571,6 +598,7 @@ TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOO - isNotPersistent && - isNotLegalNull) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -582,6 +610,7 @@ TPM_RC - TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_PARENT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -600,6 +629,7 @@ TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOO - isNotEndorsement && - isNotLegalNull) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -611,6 +641,7 @@ TPM_RC - TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_PERSISTENT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -619,6 +650,7 @@ TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *s - BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST); - if (isNotPersistent) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -630,6 +662,7 @@ TPM_RC - TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_ENTITY orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -656,6 +689,7 @@ TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOO - isNotAuth && - isNotLegalNull) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -667,6 +701,7 @@ TPM_RC - TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_PCR orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -677,6 +712,7 @@ TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allo - if (isNotPcr && - isNotLegalNull) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -688,6 +724,7 @@ TPM_RC - TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL allowPwd) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_SH_AUTH_SESSION orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -700,6 +737,7 @@ TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT3 - isNotPolicySession && - isNotLegalPwd) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -711,6 +749,7 @@ TPM_RC - TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_SH_HMAC orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -719,6 +758,7 @@ TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size) - BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST); - if (isNotHmacSession) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -730,6 +770,7 @@ TPM_RC - TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_SH_POLICY orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -738,6 +779,7 @@ TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size) - BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST); - if (isNotPolicySession) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -749,6 +791,7 @@ TPM_RC - TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_CONTEXT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -761,6 +804,7 @@ TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size) - isNotPolicySession && - isNotTransient) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -772,6 +816,7 @@ TPM_RC - TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_DH_SAVED orig_target = *target; // libtpms added - allowNull = allowNull; - - if (rc == TPM_RC_SUCCESS) { -@@ -789,6 +834,7 @@ TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size, BOOL - isNotSequenceObject && - isNotTransientStClear) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -800,6 +846,7 @@ TPM_RC - TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_HIERARCHY orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -816,6 +863,7 @@ TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *siz - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -827,6 +875,7 @@ TPM_RC - TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_ENABLES orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -844,6 +893,7 @@ TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, B - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -855,6 +905,7 @@ TPM_RC - TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_HIERARCHY_AUTH orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -868,6 +919,7 @@ TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -879,6 +931,7 @@ TPM_RC - TPMI_RH_HIERARCHY_POLICY_Unmarshal(TPMI_RH_HIERARCHY_POLICY *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_HIERARCHY_POLICY orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -895,6 +948,7 @@ TPMI_RH_HIERARCHY_POLICY_Unmarshal(TPMI_RH_HIERARCHY_POLICY *target, BYTE **buff - BOOL isNotHP = (*target < TPM_RH_ACT_0) || (*target > TPM_RH_ACT_F); - if (isNotHP) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - } -@@ -908,6 +962,7 @@ TPM_RC - TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_PLATFORM orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -918,6 +973,7 @@ TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -929,6 +985,7 @@ TPM_RC - TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_ENDORSEMENT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -943,6 +1000,7 @@ TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -954,6 +1012,7 @@ TPM_RC - TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_PROVISION orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -965,6 +1024,7 @@ TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *siz - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -976,6 +1036,7 @@ TPM_RC - TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_CLEAR orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -987,6 +1048,7 @@ TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -998,6 +1060,7 @@ TPM_RC - TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_NV_AUTH orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -1012,6 +1075,7 @@ TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size) - BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); - if (isNotNv) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - } -@@ -1025,6 +1089,7 @@ TPM_RC - TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_LOCKOUT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -1035,6 +1100,7 @@ TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1046,6 +1112,7 @@ TPM_RC - TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_NV_INDEX orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -1054,6 +1121,7 @@ TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size) - BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); - if (isNotNv) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1065,6 +1133,7 @@ TPM_RC - TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_AC orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -1073,6 +1142,7 @@ TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size) - BOOL isNotAC = (*target < AC_FIRST) || (*target > AC_LAST); - if (isNotAC) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1084,6 +1154,7 @@ TPM_RC - TPMI_RH_ACT_Unmarshal( TPMI_RH_ACT *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RH_ACT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_HANDLE_Unmarshal(target, buffer, size); -@@ -1092,6 +1163,7 @@ TPMI_RH_ACT_Unmarshal( TPMI_RH_ACT *target, BYTE **buffer, INT32 *size) - BOOL isNotACT = (*target < TPM_RH_ACT_0) || (*target > TPM_RH_ACT_F); - if (isNotACT) { - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1103,6 +1175,7 @@ TPM_RC - TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_HASH orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1131,6 +1204,7 @@ TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL - } - default: - rc = TPM_RC_HASH; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1142,6 +1216,7 @@ TPM_RC - TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_SYM orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1170,6 +1245,7 @@ TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL al - } - default: - rc = TPM_RC_SYMMETRIC; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1181,6 +1257,7 @@ TPM_RC - TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_SYM_OBJECT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1206,6 +1283,7 @@ TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_SYMMETRIC; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1217,6 +1295,7 @@ TPM_RC - TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_SYM_MODE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1248,6 +1327,7 @@ TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *siz - } - default: - rc = TPM_RC_MODE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1259,6 +1339,7 @@ TPM_RC - TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_KDF orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1284,6 +1365,7 @@ TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL al - } - default: - rc = TPM_RC_KDF; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1295,6 +1377,7 @@ TPM_RC - TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_SIG_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1329,6 +1412,7 @@ TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_SCHEME; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1340,6 +1424,7 @@ TPM_RC - TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ECC_KEY_EXCHANGE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1362,6 +1447,7 @@ TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, IN - } - default: - rc = TPM_RC_SCHEME; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1374,6 +1460,7 @@ TPM_RC - TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ST_COMMAND_TAG orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(target, buffer, size); -@@ -1385,6 +1472,7 @@ TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 - break; - default: - rc = TPM_RC_BAD_TAG; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1396,6 +1484,7 @@ TPM_RC - TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_MAC_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1427,6 +1516,7 @@ TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_SYMMETRIC; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1438,6 +1528,7 @@ TPM_RC - TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_CIPHER_MODE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -1466,6 +1557,7 @@ TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_MODE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -1702,6 +1794,7 @@ TPM_RC - TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ST orig_tag = target->tag; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(&target->tag, buffer, size); -@@ -1709,6 +1802,7 @@ TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->tag != TPM_ST_CREATION) { - rc = TPM_RC_TAG; -+ target->tag = orig_tag; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -1726,6 +1820,7 @@ TPM_RC - TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ST orig_tag = target->tag; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(&target->tag, buffer, size); -@@ -1733,6 +1828,7 @@ TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (target->tag != TPM_ST_VERIFIED) { - rc = TPM_RC_TAG; -+ target->tag = orig_tag; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -1750,6 +1846,7 @@ TPM_RC - TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ST orig_tag = target->tag; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(&target->tag, buffer, size); -@@ -1758,6 +1855,7 @@ TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) - if ((target->tag != TPM_ST_AUTH_SIGNED) && - (target->tag != TPM_ST_AUTH_SECRET)) { - rc = TPM_RC_TAG; -+ target->tag = orig_tag; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -1775,6 +1873,7 @@ TPM_RC - TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPM_ST orig_tag = target->tag; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(&target->tag, buffer, size); -@@ -1782,6 +1881,7 @@ TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *siz - if (rc == TPM_RC_SUCCESS) { - if (target->tag != TPM_ST_HASHCHECK) { - rc = TPM_RC_TAG; -+ target->tag = orig_tag; // libtpms added - } - } - if (rc == TPM_RC_SUCCESS) { -@@ -2380,6 +2480,7 @@ TPM_RC - TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ST_ATTEST orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ST_Unmarshal(target, buffer, size); -@@ -2396,6 +2497,7 @@ TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_SELECTOR; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -2490,6 +2592,7 @@ TPM_RC - TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_AES_KEY_BITS orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); -@@ -2501,6 +2604,7 @@ TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *siz - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -2512,6 +2616,7 @@ TPM_RC - TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_CAMELLIA_KEY_BITS orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); -@@ -2522,6 +2627,7 @@ TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -2533,6 +2639,7 @@ TPM_RC - TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_SM4_KEY_BITS orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); -@@ -2543,6 +2650,7 @@ TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *siz - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -2554,6 +2662,7 @@ TPM_RC - TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_SM4_KEY_BITS orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); -@@ -2565,6 +2674,7 @@ TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *si - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -2837,6 +2947,7 @@ TPM_RC - TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_KEYEDHASH_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -2856,6 +2967,7 @@ TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **bu - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3240,6 +3352,7 @@ TPM_RC - TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_ASYM_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -3283,6 +3396,7 @@ TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT3 - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3361,6 +3475,7 @@ TPM_RC - TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_RSA_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -3386,6 +3501,7 @@ TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3413,6 +3529,7 @@ TPM_RC - TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_RSA_DECRYPT orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -3432,6 +3549,7 @@ TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT3 - } - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3472,6 +3590,7 @@ TPM_RC - TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_RSA_KEY_BITS orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); -@@ -3484,6 +3603,7 @@ TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *siz - break; - default: - rc = TPM_RC_VALUE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3568,6 +3688,7 @@ TPM_RC - TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_ECC_SCHEME orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -3599,6 +3720,7 @@ TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 - } - default: - rc = TPM_RC_SCHEME; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3610,6 +3732,7 @@ TPM_RC - TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ECC_CURVE orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ECC_CURVE_Unmarshal(target, buffer, size); -@@ -3646,6 +3769,7 @@ TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_CURVE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -3860,6 +3984,7 @@ TPM_RC - TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMI_ALG_PUBLIC orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = TPM_ALG_ID_Unmarshal(target, buffer, size); -@@ -3881,6 +4006,7 @@ TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) - break; - default: - rc = TPM_RC_TYPE; -+ *target = orig_target; // libtpms added - } - } - return rc; -@@ -4215,6 +4341,7 @@ TPM_RC - TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) - { - TPM_RC rc = TPM_RC_SUCCESS; -+ TPMA_NV orig_target = *target; // libtpms added - - if (rc == TPM_RC_SUCCESS) { - rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */ -@@ -4222,6 +4349,7 @@ TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) - if (rc == TPM_RC_SUCCESS) { - if (*target & TPMA_NV_RESERVED) { - rc = TPM_RC_RESERVED_BITS; -+ *target = orig_target; // libtpms added - } - } - return rc; --- -2.29.0 - diff --git a/libtpms.spec b/libtpms.spec index 153e27f..b35506b 100644 --- a/libtpms.spec +++ b/libtpms.spec @@ -1,20 +1,14 @@ -%global gitdate 20210301 -%global gitversion 729fc6a4ca +%global gitdate 20211004 +%global gitversion dc4e3f6313 Name: libtpms -Version: 0.8.2 -Release: 0.%{gitdate}git%{gitversion}%{?dist}.7 +Version: 0.9.0 +Release: 0.%{gitdate}git%{gitversion}%{?dist} Summary: Library providing Trusted Platform Module (TPM) functionality License: BSD Url: http://github.com/stefanberger/libtpms Source0: libtpms-%{gitdate}.tar.xz -Patch0001: 0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch -Patch0002: 0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch -Patch0003: 0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch -Patch0004: 0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch -Patch0005: 0001-tpm2-Initialize-a-whole-OBJECT-before-using-it.patch -Patch0006: 0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch BuildRequires: openssl-devel BuildRequires: pkgconfig gawk sed @@ -36,14 +30,14 @@ Libtpms header files and documentation. %autosetup -p1 -n %{name}-%{gitdate} %build NOCONFIGURE=1 sh autogen.sh -%configure --disable-static --with-tpm2 --with-openssl -make %{?_smp_mflags} CFLAGS=-Wno-error=deprecated-declarations +%configure --disable-static --with-tpm2 --without-tpm1 --with-openssl +%make_build %check make check %install -make DESTDIR="%{buildroot}" install +%make_install find %{buildroot} -type f -name '*.la' | xargs rm -f -- || : %ldconfig_scriptlets @@ -61,6 +55,10 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || : %{_mandir}/man3/* %changelog +* Tue Nov 9 2021 Marc-André Lureau - 0.9.0-0.20211004gitdc4e3f6313 +- Rebase to 0.9.0, disable TPM 1.2 + Resolves: rhbz#1990152 & rhbz#2021628 + * Tue Aug 31 2021 Marc-André Lureau - 0.8.2-0.20210301git729fc6a4ca.7 - Fixes CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets Resolves: rhbz#1999303 diff --git a/sources b/sources index a92cc05..a628934 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libtpms-20210301.tar.xz) = b43484aff359ef2d155b7418f20bba7bd365b66df63b571e9997685f080f5b3f72e1be73129de3dd4b3f12d64d1d16ad1b5d4011c84fc3556ed6b21b39631878 +SHA512 (libtpms-20211004.tar.xz) = 7664b896229fd6916c48adb316a260e4b98ef0b6e4d70e8463b528ea5c14846f7f965102223526183dd0f5cb99cd53fec793c6d92ccc9d8322c0601a1490762a