Rebase to 0.9.0, disable TPM 1.2
Resolves: rhbz#1990152 & rhbz#2021628 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
This commit is contained in:
parent
ea6f273178
commit
fdc4c4f3f0
1
.gitignore
vendored
1
.gitignore
vendored
@ -20,3 +20,4 @@
|
||||
/libtpms-20210218.tar.xz
|
||||
/libtpms-20210227.tar.xz
|
||||
/libtpms-20210301.tar.xz
|
||||
/libtpms-20211004.tar.xz
|
||||
|
@ -1,106 +0,0 @@
|
||||
From 16cd8fba849d1d95b247025aea7314165ffd8acf Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||
Date: Tue, 18 May 2021 17:10:52 +0400
|
||||
Subject: [PATCH] build-sys: leave CFLAGS/LDFLAGS for user to be defined
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This allows user to set specific flags during compilation, without
|
||||
overriding configure-time cflags necessary for compilation.
|
||||
|
||||
See also:
|
||||
https://www.gnu.org/software/automake/manual/html_node/User-Variables.html
|
||||
https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
|
||||
|
||||
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
---
|
||||
configure.ac | 13 ++++++++-----
|
||||
src/Makefile.am | 16 +++++++++-------
|
||||
2 files changed, 17 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 8559b66..95deab5 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -305,9 +305,12 @@ if test "x$enable_hardening" != "xno"; then
|
||||
AC_SUBST([HARDENING_LDFLAGS])
|
||||
fi
|
||||
|
||||
-CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign"
|
||||
-CFLAGS="$CFLAGS -Wmissing-prototypes"
|
||||
-LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
|
||||
+AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign"
|
||||
+AM_CFLAGS="$AM_CFLAGS -Wmissing-prototypes"
|
||||
+AM_LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
|
||||
+
|
||||
+AC_SUBST([AM_CFLAGS])
|
||||
+AC_SUBST([AM_LDFLAGS])
|
||||
|
||||
AC_CONFIG_FILES(Makefile \
|
||||
dist/libtpms.spec \
|
||||
@@ -330,10 +333,10 @@ if test -z "$with_tpm2"; then
|
||||
fi
|
||||
|
||||
echo
|
||||
-echo "CFLAGS=$CFLAGS"
|
||||
+echo "AM_CFLAGS=$AM_CFLAGS"
|
||||
echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
|
||||
echo "HARDENING_LDFLAGS=$HARDENING_LDFLAGS"
|
||||
-echo "LDFLAGS=$LDFLAGS"
|
||||
+echo "AM_LDFLAGS=$AM_LDFLAGS"
|
||||
echo
|
||||
echo "Version to build : $PACKAGE_VERSION"
|
||||
echo "Crypto library : $cryptolib"
|
||||
diff --git a/src/Makefile.am b/src/Makefile.am
|
||||
index 6594ddf..65910d8 100644
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -4,18 +4,20 @@
|
||||
# For the license, see the LICENSE file in the root directory.
|
||||
#
|
||||
|
||||
+AM_CFLAGS = @AM_CFLAGS@
|
||||
+AM_LDFLAGS = @AM_LDFLAGS@ $(HARDENING_LDFLAGS) $(SANITIZERS) $(FUZZER)
|
||||
+
|
||||
lib_LTLIBRARIES=libtpms.la
|
||||
|
||||
common_CFLAGS = -include tpm_library_conf.h \
|
||||
-I$(top_srcdir)/include/libtpms \
|
||||
-I$(top_builddir)/include/libtpms \
|
||||
+ $(AM_CFLAGS) \
|
||||
$(HARDENING_CFLAGS) \
|
||||
$(SANITIZERS) \
|
||||
$(FUZZER)
|
||||
|
||||
|
||||
-LDFLAGS += $(HARDENING_LDFLAGS) $(SANITIZERS) $(FUZZER)
|
||||
-
|
||||
#
|
||||
# TPM1.2
|
||||
#
|
||||
@@ -574,16 +576,16 @@ libtpms_la_SOURCES = \
|
||||
libtpms_la_CFLAGS = $(common_CFLAGS)
|
||||
|
||||
libtpms_la_LDFLAGS = -version-info $(LIBTPMS_VERSION_INFO) \
|
||||
- -no-undefined
|
||||
+ -no-undefined $(AM_LDFLAGS)
|
||||
|
||||
if HAVE_VERSION_SCRIPT
|
||||
libtpms_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libtpms.syms
|
||||
endif
|
||||
|
||||
-LDFLAGS_ARCH = $(findstring -m32, $(CFLAGS))
|
||||
-LDFLAGS_ARCH += $(findstring -m64, $(CFLAGS))
|
||||
-LDFLAGS_ARCH += $(findstring -m32, $(LDFLAGS))
|
||||
-LDFLAGS_ARCH += $(findstring -m64, $(LDFLAGS))
|
||||
+LDFLAGS_ARCH = $(findstring -m32, $(AM_CFLAGS))
|
||||
+LDFLAGS_ARCH += $(findstring -m64, $(AM_CFLAGS))
|
||||
+LDFLAGS_ARCH += $(findstring -m32, $(AM_LDFLAGS))
|
||||
+LDFLAGS_ARCH += $(findstring -m64, $(AM_LDFLAGS))
|
||||
|
||||
check-local: SHELL?="/usr/bin/env bash"
|
||||
check-local:
|
||||
--
|
||||
2.29.0
|
||||
|
@ -1,34 +0,0 @@
|
||||
From 33a03986e0a09dde439985e0312d1c8fb3743aab Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
||||
Date: Thu, 22 Jul 2021 21:23:58 -0400
|
||||
Subject: [PATCH 1/2] tpm2: Initialize a whole OBJECT before using it
|
||||
|
||||
Initialize a whole OBJECT before using it. This is necessary since
|
||||
an OBJECT may also be used as a HASH_OBJECT via the ANY_OBJECT
|
||||
union and that HASH_OBJECT can leave bad size inidicators in TPM2B
|
||||
buffer in the OBJECT. To get rid of this problem we reset the whole
|
||||
OBJECT to 0 before using it. This is as if the memory for the
|
||||
OBJECT was just initialized.
|
||||
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
src/tpm2/Object.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/tpm2/Object.c b/src/tpm2/Object.c
|
||||
index 8e8b3ee..8406d8f 100644
|
||||
--- a/src/tpm2/Object.c
|
||||
+++ b/src/tpm2/Object.c
|
||||
@@ -276,7 +276,8 @@ FindEmptyObjectSlot(
|
||||
if(handle)
|
||||
*handle = i + TRANSIENT_FIRST;
|
||||
// Initialize the object attributes
|
||||
- MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES));
|
||||
+ // MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES));
|
||||
+ MemorySet(object, 0, sizeof(*object)); // libtpms added: Initialize the whole object
|
||||
return object;
|
||||
}
|
||||
}
|
||||
--
|
||||
2.33.0.rc2
|
||||
|
@ -1,202 +0,0 @@
|
||||
From f16250b35aff6995e540143a9858c9cf0d1f9573 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
||||
Date: Mon, 21 Jun 2021 14:04:34 -0400
|
||||
Subject: [PATCH 1/3] tpm2: Reset TPM2B buffer sizes after test fails for valid
|
||||
buffer size
|
||||
|
||||
Reset the buffer size indicator in a TPM2B type of buffer after it failed
|
||||
the test for the maximum buffer size it allows. This prevents having bad
|
||||
buffer sizes in memory that can come to haunt us when writing the volatile
|
||||
state for example.
|
||||
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
src/tpm2/NVMarshal.c | 1 +
|
||||
src/tpm2/Unmarshal.c | 21 +++++++++++++++++++++
|
||||
2 files changed, 22 insertions(+)
|
||||
|
||||
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
|
||||
index efbab70..9f6d0f7 100644
|
||||
--- a/src/tpm2/NVMarshal.c
|
||||
+++ b/src/tpm2/NVMarshal.c
|
||||
@@ -1503,6 +1503,7 @@ bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size)
|
||||
"allocated %zu\n",
|
||||
(size_t)data->size, (size_t)data->allocated);
|
||||
rc = TPM_RC_SIZE;
|
||||
+ data->size = 0;
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c
|
||||
index c692ccc..8e7a9b7 100644
|
||||
--- a/src/tpm2/Unmarshal.c
|
||||
+++ b/src/tpm2/Unmarshal.c
|
||||
@@ -136,6 +136,7 @@ TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size > targetSize) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
@@ -1686,6 +1687,7 @@ TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *s
|
||||
if ((target->sizeofSelect < PCR_SELECT_MIN) ||
|
||||
(target->sizeofSelect > PCR_SELECT_MAX)) {
|
||||
rc = TPM_RC_VALUE;
|
||||
+ target->sizeofSelect = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
@@ -1859,6 +1861,7 @@ TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_CAP_CC) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -1897,6 +1900,7 @@ TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_CAP_CC) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -1920,6 +1924,7 @@ TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_ALG_LIST_SIZE) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -1942,6 +1947,7 @@ TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_CAP_HANDLES) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -1970,11 +1976,13 @@ TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size)
|
||||
/* TPM side is hard coded to 2 minimum */
|
||||
if (target->count < 2) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > 8) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -1997,6 +2005,7 @@ TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *s
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > HASH_COUNT) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2019,6 +2028,7 @@ TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *s
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > HASH_COUNT) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2044,6 +2054,7 @@ TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *siz
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_CAP_ALGS) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2066,6 +2077,7 @@ TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buf
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_TPM_PROPERTIES) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2088,6 +2100,7 @@ TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buff
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_PCR_PROPERTIES) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2110,6 +2123,7 @@ TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_ECC_CURVES) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2132,6 +2146,7 @@ TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *s
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->count > MAX_TAGGED_POLICIES) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->count = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
|
||||
@@ -2781,6 +2796,7 @@ TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer,
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size != startSize - *size) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
@@ -3540,6 +3556,7 @@ TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size != startSize - *size) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
@@ -4063,6 +4080,7 @@ TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL al
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size != startSize - *size) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
@@ -4158,6 +4176,7 @@ TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size != startSize - *size) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -4233,6 +4252,7 @@ TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->dataSize > MAX_NV_INDEX_SIZE) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->dataSize = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
@@ -4263,6 +4283,7 @@ TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
if (target->size != startSize - *size) {
|
||||
rc = TPM_RC_SIZE;
|
||||
+ target->size = 0; // libtpms added
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
--
|
||||
2.29.0
|
||||
|
@ -1,267 +0,0 @@
|
||||
From 3ef9b26cb9f28bd64d738bff9505a20d4eb56acd Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
||||
Date: Mon, 21 Jun 2021 15:10:14 -0400
|
||||
Subject: [PATCH 2/3] tpm2: Add maxSize parameter to TPM2B_Marshal for sanity
|
||||
checks
|
||||
|
||||
Add maxSize parameter to TPM2B_Marshal and assert on it checking
|
||||
the size of the data intended to be marshaled versus the maximum
|
||||
buffer size.
|
||||
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
src/tpm2/Marshal.c | 38 ++++++++++++++++++++------------------
|
||||
src/tpm2/Marshal_fp.h | 2 +-
|
||||
src/tpm2/NVMarshal.c | 18 +++++++++---------
|
||||
3 files changed, 30 insertions(+), 28 deletions(-)
|
||||
|
||||
diff --git a/src/tpm2/Marshal.c b/src/tpm2/Marshal.c
|
||||
index 53c241e..c843224 100644
|
||||
--- a/src/tpm2/Marshal.c
|
||||
+++ b/src/tpm2/Marshal.c
|
||||
@@ -59,6 +59,7 @@
|
||||
/* */
|
||||
/********************************************************************************/
|
||||
|
||||
+#include <assert.h> // libtpms added
|
||||
#include <string.h>
|
||||
|
||||
#include "Tpm.h"
|
||||
@@ -176,9 +177,10 @@ Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size)
|
||||
}
|
||||
|
||||
UINT16
|
||||
-TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size)
|
||||
+TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
+ assert(source->size <= maxSize); // libtpms added
|
||||
written += UINT16_Marshal(&(source->size), buffer, size);
|
||||
written += Array_Marshal(source->buffer, source->size, buffer, size);
|
||||
return written;
|
||||
@@ -503,7 +505,7 @@ UINT16
|
||||
TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
-written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -513,7 +515,7 @@ UINT16
|
||||
TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
-written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -543,7 +545,7 @@ UINT16
|
||||
TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -553,7 +555,7 @@ UINT16
|
||||
TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -562,7 +564,7 @@ UINT16
|
||||
TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -572,7 +574,7 @@ UINT16
|
||||
TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -582,7 +584,7 @@ UINT16
|
||||
TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.name), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1163,7 +1165,7 @@ UINT16
|
||||
TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.attestationData), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1294,7 +1296,7 @@ UINT16
|
||||
TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1315,7 +1317,7 @@ UINT16
|
||||
TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1673,7 +1675,7 @@ UINT16
|
||||
TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1693,7 +1695,7 @@ UINT16
|
||||
TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1703,7 +1705,7 @@ UINT16
|
||||
TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1937,7 +1939,7 @@ UINT16
|
||||
TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.secret), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -2148,7 +2150,7 @@ UINT16
|
||||
TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -2158,7 +2160,7 @@ UINT16
|
||||
TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.credential), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -2215,7 +2217,7 @@ UINT16
|
||||
TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
|
||||
return written;
|
||||
}
|
||||
|
||||
diff --git a/src/tpm2/Marshal_fp.h b/src/tpm2/Marshal_fp.h
|
||||
index 3ce6eb3..d52f497 100644
|
||||
--- a/src/tpm2/Marshal_fp.h
|
||||
+++ b/src/tpm2/Marshal_fp.h
|
||||
@@ -79,7 +79,7 @@ extern "C" {
|
||||
UINT16
|
||||
Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size);
|
||||
UINT16
|
||||
- TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size);
|
||||
+ TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size); // libtpms changed
|
||||
UINT16
|
||||
TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size);
|
||||
UINT16
|
||||
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
|
||||
index 9f6d0f7..f8a3798 100644
|
||||
--- a/src/tpm2/NVMarshal.c
|
||||
+++ b/src/tpm2/NVMarshal.c
|
||||
@@ -278,7 +278,7 @@ static UINT16
|
||||
TPM2B_PROOF_Marshal(TPM2B_PROOF *source, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written = 0;
|
||||
- written += TPM2B_Marshal(&source->b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size);
|
||||
return written;
|
||||
}
|
||||
|
||||
@@ -1390,7 +1390,7 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
|
||||
STATE_RESET_DATA_VERSION,
|
||||
STATE_RESET_DATA_MAGIC, 3);
|
||||
written += TPM2B_PROOF_Marshal(&data->nullProof, buffer, size);
|
||||
- written += TPM2B_Marshal(&data->nullSeed.b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&data->nullSeed.b, sizeof(data->nullSeed.t.buffer), buffer, size);
|
||||
written += UINT32_Marshal(&data->clearCount, buffer, size);
|
||||
written += UINT64_Marshal(&data->objectContextID, buffer, size);
|
||||
|
||||
@@ -2178,7 +2178,7 @@ TPM2B_HASH_BLOCK_Marshal(TPM2B_HASH_BLOCK *data, BYTE **buffer, INT32 *size)
|
||||
{
|
||||
UINT16 written;
|
||||
|
||||
- written = TPM2B_Marshal(&data->b, buffer, size);
|
||||
+ written = TPM2B_Marshal(&data->b, sizeof(data->t.buffer), buffer, size);
|
||||
|
||||
return written;
|
||||
}
|
||||
@@ -3062,9 +3062,9 @@ VolatileState_Marshal(BYTE **buffer, INT32 *size)
|
||||
|
||||
/* tie the volatile state to the EP,SP, and PPSeed */
|
||||
NvRead(&pd, NV_PERSISTENT_DATA, sizeof(pd));
|
||||
- written += TPM2B_Marshal(&pd.EPSeed.b, buffer, size);
|
||||
- written += TPM2B_Marshal(&pd.SPSeed.b, buffer, size);
|
||||
- written += TPM2B_Marshal(&pd.PPSeed.b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&pd.EPSeed.b, sizeof(pd.EPSeed.t.buffer), buffer, size);
|
||||
+ written += TPM2B_Marshal(&pd.SPSeed.b, sizeof(pd.SPSeed.t.buffer), buffer, size);
|
||||
+ written += TPM2B_Marshal(&pd.PPSeed.b, sizeof(pd.PPSeed.t.buffer), buffer, size);
|
||||
|
||||
written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size); /* v4 */
|
||||
|
||||
@@ -3881,9 +3881,9 @@ PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size)
|
||||
written += TPM2B_AUTH_Marshal(&data->ownerAuth, buffer, size);
|
||||
written += TPM2B_AUTH_Marshal(&data->endorsementAuth, buffer, size);
|
||||
written += TPM2B_AUTH_Marshal(&data->lockoutAuth, buffer, size);
|
||||
- written += TPM2B_Marshal(&data->EPSeed.b, buffer, size);
|
||||
- written += TPM2B_Marshal(&data->SPSeed.b, buffer, size);
|
||||
- written += TPM2B_Marshal(&data->PPSeed.b, buffer, size);
|
||||
+ written += TPM2B_Marshal(&data->EPSeed.b, sizeof(data->EPSeed.t.buffer), buffer, size);
|
||||
+ written += TPM2B_Marshal(&data->SPSeed.b, sizeof(data->SPSeed.t.buffer), buffer, size);
|
||||
+ written += TPM2B_Marshal(&data->PPSeed.b, sizeof(data->PPSeed.t.buffer), buffer, size);
|
||||
written += TPM2B_PROOF_Marshal(&data->phProof, buffer, size);
|
||||
written += TPM2B_PROOF_Marshal(&data->shProof, buffer, size);
|
||||
written += TPM2B_PROOF_Marshal(&data->ehProof, buffer, size);
|
||||
--
|
||||
2.29.0
|
||||
|
@ -1,56 +0,0 @@
|
||||
From aaef222e8682cc2e0f9ea7124220c5fe44fab62b Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
||||
Date: Fri, 23 Jul 2021 13:29:00 -0400
|
||||
Subject: [PATCH 2/2] tpm2: NVMarshal: Handle index orderly RAM without 0-sized
|
||||
terminating node
|
||||
|
||||
The NVRAM entries in s_indexOrderlyRam array do not need to contain a
|
||||
0-sized terminating node. Instead, the entries may fill up this 512
|
||||
byte array so that no NV_RAM_HEADER structure fits anymore. The fact
|
||||
that no more NV_RAM_HEADER structure fits is also an indicator for the
|
||||
last entry. We need to account for this in the code marshalling and
|
||||
unmarshalling the entries so that we stop marshalling the entries
|
||||
then and similarly stop unmarshalling.
|
||||
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
src/tpm2/NVMarshal.c | 16 ++++++++++++++++
|
||||
1 file changed, 16 insertions(+)
|
||||
|
||||
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
|
||||
index f8a3798..935a76c 100644
|
||||
--- a/src/tpm2/NVMarshal.c
|
||||
+++ b/src/tpm2/NVMarshal.c
|
||||
@@ -4244,6 +4244,12 @@ INDEX_ORDERLY_RAM_Marshal(void *array, size_t array_size,
|
||||
datasize, buffer, size);
|
||||
}
|
||||
offset += nrh.size;
|
||||
+ if (offset + sizeof(NV_RAM_HEADER) > array_size) {
|
||||
+ /* nothing will fit anymore and there won't be a 0-sized
|
||||
+ * terminating node (@1).
|
||||
+ */
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
|
||||
written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
|
||||
@@ -4286,6 +4292,16 @@ INDEX_ORDERLY_RAM_Unmarshal(void *array, size_t array_size,
|
||||
*/
|
||||
nrhp = array + offset;
|
||||
|
||||
+ if (offset + sizeof(NV_RAM_HEADER) > sourceside_size) {
|
||||
+ /* this case can occur with the previous entry filling up the
|
||||
+ * space; in this case there will not be a 0-sized terminating
|
||||
+ * node (see @1 above). We clear the rest of our space.
|
||||
+ */
|
||||
+ if (array_size > offset)
|
||||
+ memset(nrhp, 0, array_size - offset);
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
/* write the NVRAM header;
|
||||
nrh->size holds the complete size including data;
|
||||
nrh->size = 0 indicates the end */
|
||||
--
|
||||
2.33.0.rc2
|
||||
|
File diff suppressed because it is too large
Load Diff
24
libtpms.spec
24
libtpms.spec
@ -1,20 +1,14 @@
|
||||
%global gitdate 20210301
|
||||
%global gitversion 729fc6a4ca
|
||||
%global gitdate 20211004
|
||||
%global gitversion dc4e3f6313
|
||||
|
||||
Name: libtpms
|
||||
Version: 0.8.2
|
||||
Release: 0.%{gitdate}git%{gitversion}%{?dist}.7
|
||||
Version: 0.9.0
|
||||
Release: 0.%{gitdate}git%{gitversion}%{?dist}
|
||||
|
||||
Summary: Library providing Trusted Platform Module (TPM) functionality
|
||||
License: BSD
|
||||
Url: http://github.com/stefanberger/libtpms
|
||||
Source0: libtpms-%{gitdate}.tar.xz
|
||||
Patch0001: 0001-build-sys-leave-CFLAGS-LDFLAGS-for-user-to-be-define.patch
|
||||
Patch0002: 0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch
|
||||
Patch0003: 0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch
|
||||
Patch0004: 0003-tpm2-Restore-original-value-if-unmarshalled-value-wa.patch
|
||||
Patch0005: 0001-tpm2-Initialize-a-whole-OBJECT-before-using-it.patch
|
||||
Patch0006: 0002-tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch
|
||||
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pkgconfig gawk sed
|
||||
@ -36,14 +30,14 @@ Libtpms header files and documentation.
|
||||
%autosetup -p1 -n %{name}-%{gitdate}
|
||||
%build
|
||||
NOCONFIGURE=1 sh autogen.sh
|
||||
%configure --disable-static --with-tpm2 --with-openssl
|
||||
make %{?_smp_mflags} CFLAGS=-Wno-error=deprecated-declarations
|
||||
%configure --disable-static --with-tpm2 --without-tpm1 --with-openssl
|
||||
%make_build
|
||||
|
||||
%check
|
||||
make check
|
||||
|
||||
%install
|
||||
make DESTDIR="%{buildroot}" install
|
||||
%make_install
|
||||
find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
|
||||
|
||||
%ldconfig_scriptlets
|
||||
@ -61,6 +55,10 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Tue Nov 9 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-0.20211004gitdc4e3f6313
|
||||
- Rebase to 0.9.0, disable TPM 1.2
|
||||
Resolves: rhbz#1990152 & rhbz#2021628
|
||||
|
||||
* Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.7
|
||||
- Fixes CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
|
||||
Resolves: rhbz#1999303
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (libtpms-20210301.tar.xz) = b43484aff359ef2d155b7418f20bba7bd365b66df63b571e9997685f080f5b3f72e1be73129de3dd4b3f12d64d1d16ad1b5d4011c84fc3556ed6b21b39631878
|
||||
SHA512 (libtpms-20211004.tar.xz) = 7664b896229fd6916c48adb316a260e4b98ef0b6e4d70e8463b528ea5c14846f7f965102223526183dd0f5cb99cd53fec793c6d92ccc9d8322c0601a1490762a
|
||||
|
Loading…
Reference in New Issue
Block a user