Compare commits

...

No commits in common. "c8s-stream-rhel" and "c9s" have entirely different histories.

11 changed files with 292 additions and 41 deletions

25
.gitignore vendored
View File

@ -1 +1,24 @@
SOURCES/libtpms-20211126.tar.xz /libtpms-0.5.1.tgz
/libtpms-0.5.1.tar.gz
/libtpms-0.5.2.tar.gz
/libtpms-20180914.tar.xz
/libtpms.spec
/make-git-snapshot.sh
/libtpms-20180917.tar.xz
/libtpms-20180918.tar.xz
/libtpms-20181031.tar.xz
/libtpms-20181211.tar.xz
/libtpms-20190121.tar.xz
/libtpms-20190510.tar.xz
/libtpms-20190719.tar.xz
/libtpms-20191008.tar.xz
/libtpms-20191018.tar.xz
/libtpms-20200520.tar.xz
/libtpms-20200527.tar.xz
/libtpms-20200731.tar.xz
/libtpms-20201031.tar.xz
/libtpms-20210218.tar.xz
/libtpms-20210227.tar.xz
/libtpms-20210301.tar.xz
/libtpms-20211004.tar.xz
/libtpms-20211126.tar.xz

View File

@ -1 +0,0 @@
ae609402e34992590961b0d025e9ef1202d8dede SOURCES/libtpms-20211126.tar.xz

View File

@ -0,0 +1,52 @@
From 324dbb4c27ae789c73b69dbf4611242267919dd4 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Mon, 20 Feb 2023 14:41:10 -0500
Subject: [PATCH] tpm2: Check size of buffer before accessing it (CVE-2023-1017
& -1018)
Check that there are sufficient bytes in the buffer before reading the
cipherSize from it. Also, reduce the bufferSize variable by the number
of bytes that make up the cipherSize to avoid reading and writing bytes
beyond the buffer in subsequent steps that do in-place decryption.
This fixes CVE-2023-1017 & CVE-2023-1018.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/CryptUtil.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 002fde0..8fae5b6 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -830,6 +830,10 @@ CryptParameterDecryption(
+ sizeof(session->sessionKey.t.buffer)));
TPM2B_HMAC_KEY key; // decryption key
UINT32 cipherSize = 0; // size of cipher text
+
+ if (leadingSizeInByte > bufferSize)
+ return TPM_RC_INSUFFICIENT;
+
// Retrieve encrypted data size.
if(leadingSizeInByte == 2)
{
@@ -837,6 +841,7 @@ CryptParameterDecryption(
// data to be decrypted
cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer);
buffer = &buffer[2]; // advance the buffer
+ bufferSize -= 2;
}
#ifdef TPM4B
else if(leadingSizeInByte == 4)
@@ -844,6 +849,7 @@ CryptParameterDecryption(
// the leading size is four bytes so get the four byte size field
cipherSize = BYTE_ARRAY_TO_UINT32(buffer);
buffer = &buffer[4]; //advance pointer
+ bufferSize -= 4;
}
#endif
else
--
2.39.2

View File

@ -0,0 +1,37 @@
From e4261984374556da65c9d46097d5a1200b335c0c Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen.repp@sit.fraunhofer.de>
Date: Sat, 19 Feb 2022 12:59:32 +0100
Subject: [PATCH] tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for
label of size 0 (OSSL 3)
Openssl 3.0 did return an error if EVP_PKEY_CTX_set0_rsa_oaep_label was called
with label size 0. The function should only be called if the size of the label
is greater 0.
With this fix TPM2_RSA_Encrypt/Decrypt did work with OpenSSL 1.1 and 3.0
for encryption without label.
Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
---
src/tpm2/crypto/openssl/CryptRsa.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
index 4ed04384feb0..b5d6b6c3be82 100644
--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1356,10 +1356,9 @@ CryptRsaEncrypt(
if (tmp == NULL)
ERROR_RETURN(TPM_RC_FAILURE);
memcpy(tmp, label->buffer, label->size);
+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
+ ERROR_RETURN(TPM_RC_FAILURE);
}
- // label->size == 0 is supported
- if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
- ERROR_RETURN(TPM_RC_FAILURE);
tmp = NULL;
break;
default:
--
2.36.0.44.g0f828332d5ac

View File

@ -0,0 +1,31 @@
From 3d2bbe2f1947784506ba0a7f9e8ab81eefb69929 Mon Sep 17 00:00:00 2001
From: Ross Lagerwall <ross.lagerwall@citrix.com>
Date: Mon, 23 May 2022 14:16:57 +0100
Subject: [PATCH] tpm2: Fix size check in CryptSecretDecrypt
Check the secret size against the size of the buffer, not the size
member that has not been set yet.
Reported by Coverity.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
src/tpm2/CryptUtil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 9879f918acb6..002fde0987a9 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -732,7 +732,7 @@ CryptSecretDecrypt(
nonceCaller->t.size);
}
// make sure secret will fit
- if(secret->t.size > data->t.size)
+ if(secret->t.size > sizeof(data->t.buffer))
return TPM_RC_FAILURE;
data->t.size = secret->t.size;
// CFB decrypt, using nonceCaller as iv
--
2.36.0.44.g0f828332d5ac

View File

@ -0,0 +1,31 @@
From 1b0b41293a0d49ff8063542fcb3a5ee1d4e10f7e Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Mon, 29 Jul 2024 10:19:00 -0400
Subject: [PATCH] tpm2: Return TPM_RC_VALUE upon decryption failure
When decryption fails then return TPM_RC_VALUE rather than TPM_RC_FAILURE.
The old error code could indicate to an application or driver that
something is wrong with the TPM (has possibly gone into failure mode) even
though only the decryption failed, possibly due to a wrong key.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/crypto/openssl/CryptRsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
index b5d6b6c3..88ee3bac 100644
--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1457,7 +1457,7 @@ CryptRsaDecrypt(
outlen = sizeof(buffer);
if (EVP_PKEY_decrypt(ctx, buffer, &outlen,
cIn->buffer, cIn->size) <= 0)
- ERROR_RETURN(TPM_RC_FAILURE);
+ ERROR_RETURN(TPM_RC_VALUE);
if (outlen > dOut->size)
ERROR_RETURN(TPM_RC_FAILURE);
--
2.41.0.28.gd7d8841f67

8
gating.yaml Normal file
View File

@ -0,0 +1,8 @@
# recipients: kvmqe-ci, yfu, qcheng
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
subject_type: brew-build
rules:
- !PassingTestCaseRule {test_case_name: kvm-ci.libtpms.x86_64.brew-build.gating.tier1.functional}

View File

@ -3,20 +3,22 @@
Name: libtpms Name: libtpms
Version: 0.9.1 Version: 0.9.1
Release: 1.%{gitdate}git%{gitversion}%{?dist} Release: 4.%{gitdate}git%{gitversion}%{?dist}
Summary: Library providing Trusted Platform Module (TPM) functionality Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD License: BSD
Url: http://github.com/stefanberger/libtpms Url: http://github.com/stefanberger/libtpms
Source0: libtpms-%{gitdate}.tar.xz Source0: libtpms-%{gitdate}.tar.xz
ExcludeArch: i686 Patch0001: 0001-tpm2-Do-not-call-EVP_PKEY_CTX_set0_rsa_oaep_label-fo.patch
Patch0002: 0001-tpm2-Fix-size-check-in-CryptSecretDecrypt.patch
Patch0003: 0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch Patch0003: 0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
Patch0004: 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
Patch0005: 0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: pkgconfig gawk sed BuildRequires: pkgconfig gawk sed
BuildRequires: automake autoconf libtool bash coreutils gcc-c++ BuildRequires: automake autoconf libtool bash coreutils gcc-c++
BuildRequires: git BuildRequires: make
BuildRequires: make
%description %description
A library providing TPM functionality for VMs. Targeted for integration A library providing TPM functionality for VMs. Targeted for integration
@ -30,7 +32,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
Libtpms header files and documentation. Libtpms header files and documentation.
%prep %prep
%autosetup -S git -n %{name}-%{gitdate} %autosetup -p1 -n %{name}-%{gitdate}
%build %build
NOCONFIGURE=1 sh autogen.sh NOCONFIGURE=1 sh autogen.sh
%configure --disable-static --with-tpm2 --without-tpm1 --with-openssl %configure --disable-static --with-tpm2 --without-tpm1 --with-openssl
@ -58,61 +60,105 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Thu Jul 28 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-1.20211126git1ff6fe1f43 * Wed Sep 04 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-4.20211126git1ff6fe1f43
- Backport "tpm2: Return TPM_RC_VALUE upon decryption failure"
Resolves: RHEL-58056
* Wed Mar 01 2023 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-3.20211126git1ff6fe1f43
- Backport "tpm2: Check size of buffer before accessing it" (CVE-2023-1017 & CVE-2023-1018)
Resolves: rhbz#2173960
Resolves: rhbz#2173967
* Mon Jun 20 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-2.20211126git1ff6fe1f43
- Backport s_ContextSlotMask initialization fix - Backport s_ContextSlotMask initialization fix
Resolves: rhbz#2111433 Resolves: rhbz#2035731
* Thu Dec 09 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-0.20211126git1ff6fe1f43 * Mon Jun 13 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-1.20211126git1ff6fe1f43
- Rebase to 0.9.1 (sync with RHEL9) - Backport RSA/OAEP fixes.
Resolves: rhbz#2029355 Resolves: rhbz#2093651
* Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-6.20201106git2452a24dab * Wed Dec 01 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-0.20211126git1ff6fe1f43
- Fix CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets - Rebase to 0.9.1
Resolves: rhbz#1999307 Resolves: rhbz#2027951
* Mon Jun 28 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-5.20201106git2452a24dab * Tue Nov 9 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-0.20211004gitdc4e3f6313
- Fix CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM - Rebase to 0.9.0, disable TPM 1.2
Fixes: rhbz#1976816 Resolves: rhbz#1990152 & rhbz#2021628
* Wed Mar 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-4.20201106git2452a24dab * Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.7
- tpm2: CryptSym: fix AES output IV - Fixes CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
Fixes: rhbz#1942904 Resolves: rhbz#1999303
* Fri Feb 19 2021 Eduardo Lima (Etrunko) <etrunko@redhat.com> - 0.7.4-3.20201106git2452a24dab * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.6
- Add git as build dependency - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1858821 Related: rhbz#1991688
* Wed Feb 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-2.20201106git2452a24dab * Wed Jun 30 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.5
- tpm2: Return properly sized array for b parameter for NIST P521 (HLK) #180 - Fixes CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM
Fixes: rhbz#1858821 Resolves: rhbz#1976814
* Fri Nov 6 18:46:36 +04 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-1.20201106git2452a24dab * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.4
- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes. - Rebuilt for RHEL 9 BETA for openssl 3.0
Fixes: rhbz#1893444 Related: rhbz#1971065
* Tue Aug 18 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.3-1.20200818git1d392d466a * Tue May 18 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.3
- Update to v0.7.3 stable, fixes rhbz#1868447 - Add -Wno-error=deprecated-declarations, to ignore OpenSSL 3.0 deprecation warnings.
- (includes "tpm2: fix PCRBelongsTCBGroup for PCClient") Fixes: rhbz#1958054
* Thu May 28 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.2-1.20200527git7325acb477 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.2
- Update to v0.7.2 stable snapshot, fixes rhbz#1809676 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
- exclude i686 build
* Mon Mar 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.2-0.20210301git729fc6a4ca
- tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue
* Sat Feb 27 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-0.20210227git5bf2746e47
- Fixed a context save and suspend/resume problem when public keys are loaded
* Thu Feb 18 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.7.5-0.20210218gite271498466
- Addressed UBSAN and cppcheck detected issues
- Return proper size of ECC Parameters to pass HLK tests
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.4-0.20201031git2452a24dab.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Oct 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.4-0.20201031git2452a24dab
- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes
* Fri Jul 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.3-0.20200731git1d392d466a
- Follow stable-0.7.0 branch to v0.7.3
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-0.20200527git7325acb477.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed May 27 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.2-0.20200527git7325acb477
- Following stable-0.7.0 branch for TPM 2 related fixes: RSA decryption, - Following stable-0.7.0 branch for TPM 2 related fixes: RSA decryption,
PSS salt length, symmetric decryption (padding) PSS salt length, symmetric decryption (padding)
- Under certain circumstances an RSA decryption could cause a buffer overflow causing - Under certain circumstances an RSA decryption could cause a buffer overflow causing
termination of the program (swtpm) termination of the program (swtpm)
* Wed May 20 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.1-0.20200520git8fe99d1fd0
- Following stable-0.7.0 branch for TPM 2 related fixes; v0.7.1 + gcc related patch - Following stable-0.7.0 branch for TPM 2 related fixes; v0.7.1 + gcc related patch
- elliptic curve fixes - elliptic curve fixes
- MANUFACTURER changed from "IBM " to "IBM" - MANUFACTURER changed from "IBM " to "IBM"
- gcc 10 related fix - gcc 10 related fix
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20191018gitdc116933b7.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Oct 18 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191018gitdc116933b7
- Following stable-0.7.0 branch for TPM 1.2 related bugfix - Following stable-0.7.0 branch for TPM 1.2 related bugfix
* Fri Oct 18 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-1.20191018gitdc116933b7 * Tue Oct 08 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191008gitc26e8f7b08
- RHEL8.1.1 update - Following stable-0.7.0 branch for bug fix
- Update to v0.7.0 stable snapshot
* Tue Apr 16 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.1-0.20190121git9dc915572b.2 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20190719gitd061d8065b.2
- RHEL8.1 build - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jul 19 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20190719gitd061d8065b
- Update to v0.7.0
* Fri May 10 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20190510gitb244bdf6e2
- Applied bugfix for CMAC
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-0.20190121git9dc915572b.1 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-0.20190121git9dc915572b.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

23
make-git-snapshot.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/sh
# Usage: ./make-git-snapshot.sh [COMMIT]
#
# to make a snapshot of the given tag/branch. Defaults to HEAD.
# Point env var REF to a local mesa repo to reduce clone time.
DIRNAME=libtpms-$( date +%Y%m%d )
echo REF ${REF:+--reference $REF}
echo DIRNAME $DIRNAME
echo HEAD ${1:-HEAD}
rm -rf $DIRNAME
git clone ${REF:+--reference $REF} \
https://github.com/stefanberger/libtpms $DIRNAME
set -x
GIT_DIR=$DIRNAME/.git git archive --format=tar --prefix=$DIRNAME/ ${1:-HEAD} \
| xz > $DIRNAME.tar.xz
# rm -rf $DIRNAME

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (libtpms-20211126.tar.xz) = 050b945ff538ba23746b08af8779ced944d6c911a046fa7705e5bd7cd8e6344adc85f341a5513c4b7db3e078aaf7ebcce743c45180206a6e001225e02ca242a2