rpms
/
libtpms
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:imports/c9/libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2
Branches Tags
rpms:c8s-stream-rhel
rpms:c8-beta-stream-rhel
rpms:stream-virt-rhel-rhel-8.10.0
rpms:stream-virt-rhel-rhel-8.9.0
rpms:c9s
rpms:c8-stream-rhel
rpms:c9
rpms:c9-beta
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-2.20211126git1ff6fe1f43.module_el8+310+72016cce
rpms:imports/c8-stream-rhel/libtpms-0.9.1-2.20211126git1ff6fe1f43.module+el8.8.0+18453+e0bf0d1d
rpms:imports/c9/libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.8.0+16781+9f4724c2
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.8.0+16781+9f4724c2
rpms:imports/c9/libtpms-0.9.1-2.20211126git1ff6fe1f43.el9
rpms:imports/c8-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16689+53d59bc2
rpms:imports/c9-beta/libtpms-0.9.1-2.20211126git1ff6fe1f43.el9
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16161+74369000
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16161+74369000
rpms:imports/c9/libtpms-0.9.1-0.20211126git1ff6fe1f43.el9
rpms:imports/c8-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+14480+c0a3aa0f
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949
rpms:imports/c9-beta/libtpms-0.9.1-0.20211126git1ff6fe1f43.el9
rpms:imports/c9-beta/libtpms-0.8.2-0.20210301git729fc6a4ca.el9.6
rpms:imports/c8s-stream-rhel/libtpms-0.7.4-6.20201106git2452a24dab.module+el8.6.0+12861+13975d62
...
compare: rpms:c8s-stream-rhel
Branches Tags
rpms:c8-beta-stream-rhel
rpms:stream-virt-rhel-rhel-8.10.0
rpms:stream-virt-rhel-rhel-8.9.0
rpms:c9s
rpms:c8-stream-rhel
rpms:c9
rpms:c8s-stream-rhel
rpms:c9-beta
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-2.20211126git1ff6fe1f43.module_el8+310+72016cce
rpms:imports/c8-stream-rhel/libtpms-0.9.1-2.20211126git1ff6fe1f43.module+el8.8.0+18453+e0bf0d1d
rpms:imports/c9/libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.8.0+16781+9f4724c2
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.8.0+16781+9f4724c2
rpms:imports/c9/libtpms-0.9.1-2.20211126git1ff6fe1f43.el9
rpms:imports/c8-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16689+53d59bc2
rpms:imports/c9-beta/libtpms-0.9.1-2.20211126git1ff6fe1f43.el9
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16161+74369000
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-1.20211126git1ff6fe1f43.module+el8.7.0+16161+74369000
rpms:imports/c9/libtpms-0.9.1-0.20211126git1ff6fe1f43.el9
rpms:imports/c8-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+14480+c0a3aa0f
rpms:imports/c8-beta-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949
rpms:imports/c8s-stream-rhel/libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949
rpms:imports/c9-beta/libtpms-0.9.1-0.20211126git1ff6fe1f43.el9
rpms:imports/c9-beta/libtpms-0.8.2-0.20210301git729fc6a4ca.el9.6
rpms:imports/c8s-stream-rhel/libtpms-0.7.4-6.20201106git2452a24dab.module+el8.6.0+12861+13975d62

No commits in common. "imports/c9/libtpms-0.9.1-3.20211126git1ff6fe1f43.el9_2" and "c8s-stream-rhel" have entirely different histories.
imports/c9 ... c8s-stream

4 changed files with 39 additions and 200 deletions
Show Stats Expand all files Collapse all files

52
SOURCES/0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
View File

@ -1,52 +0,0 @@
From 324dbb4c27ae789c73b69dbf4611242267919dd4 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Mon, 20 Feb 2023 14:41:10 -0500
Subject: [PATCH] tpm2: Check size of buffer before accessing it (CVE-2023-1017
& -1018)
Check that there are sufficient bytes in the buffer before reading the
cipherSize from it. Also, reduce the bufferSize variable by the number
of bytes that make up the cipherSize to avoid reading and writing bytes
beyond the buffer in subsequent steps that do in-place decryption.
This fixes CVE-2023-1017 & CVE-2023-1018.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/CryptUtil.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 002fde0..8fae5b6 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -830,6 +830,10 @@ CryptParameterDecryption(
+ sizeof(session->sessionKey.t.buffer)));
TPM2B_HMAC_KEY key; // decryption key
UINT32 cipherSize = 0; // size of cipher text
+
+ if (leadingSizeInByte > bufferSize)
+ return TPM_RC_INSUFFICIENT;
+
// Retrieve encrypted data size.
if(leadingSizeInByte == 2)
{
@@ -837,6 +841,7 @@ CryptParameterDecryption(
// data to be decrypted
cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer);
buffer = &buffer[2]; // advance the buffer
+ bufferSize -= 2;
}
#ifdef TPM4B
else if(leadingSizeInByte == 4)
@@ -844,6 +849,7 @@ CryptParameterDecryption(
// the leading size is four bytes so get the four byte size field
cipherSize = BYTE_ARRAY_TO_UINT32(buffer);
buffer = &buffer[4]; //advance pointer
+ bufferSize -= 4;
}
#endif
else
--
2.39.2

37
SOURCES/0001-tpm2-Do-not-call-EVP_PKEY_CTX_set0_rsa_oaep_label-fo.patch
View File

@ -1,37 +0,0 @@
From e4261984374556da65c9d46097d5a1200b335c0c Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen.repp@sit.fraunhofer.de>
Date: Sat, 19 Feb 2022 12:59:32 +0100
Subject: [PATCH] tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for
label of size 0 (OSSL 3)
Openssl 3.0 did return an error if EVP_PKEY_CTX_set0_rsa_oaep_label was called
with label size 0. The function should only be called if the size of the label
is greater 0.
With this fix TPM2_RSA_Encrypt/Decrypt did work with OpenSSL 1.1 and 3.0
for encryption without label.
Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
---
src/tpm2/crypto/openssl/CryptRsa.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
index 4ed04384feb0..b5d6b6c3be82 100644
--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1356,10 +1356,9 @@ CryptRsaEncrypt(
if (tmp == NULL)
ERROR_RETURN(TPM_RC_FAILURE);
memcpy(tmp, label->buffer, label->size);
+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
+ ERROR_RETURN(TPM_RC_FAILURE);
}
- // label->size == 0 is supported
- if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
- ERROR_RETURN(TPM_RC_FAILURE);
tmp = NULL;
break;
default:
--
2.36.0.44.g0f828332d5ac

31
SOURCES/0001-tpm2-Fix-size-check-in-CryptSecretDecrypt.patch
View File

@ -1,31 +0,0 @@
From 3d2bbe2f1947784506ba0a7f9e8ab81eefb69929 Mon Sep 17 00:00:00 2001
From: Ross Lagerwall <ross.lagerwall@citrix.com>
Date: Mon, 23 May 2022 14:16:57 +0100
Subject: [PATCH] tpm2: Fix size check in CryptSecretDecrypt
Check the secret size against the size of the buffer, not the size
member that has not been set yet.
Reported by Coverity.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
src/tpm2/CryptUtil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 9879f918acb6..002fde0987a9 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -732,7 +732,7 @@ CryptSecretDecrypt(
nonceCaller->t.size);
}
// make sure secret will fit
- if(secret->t.size > data->t.size)
+ if(secret->t.size > sizeof(data->t.buffer))
return TPM_RC_FAILURE;
data->t.size = secret->t.size;
// CFB decrypt, using nonceCaller as iv
--
2.36.0.44.g0f828332d5ac

119
SPECS/libtpms.spec
View File

@ -3,21 +3,20 @@
Name: libtpms
Version: 0.9.1
Release: 3.%{gitdate}git%{gitversion}%{?dist}
Release: 1.%{gitdate}git%{gitversion}%{?dist}
Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD
Url: http://github.com/stefanberger/libtpms
Source0: libtpms-%{gitdate}.tar.xz
Patch0001: 0001-tpm2-Do-not-call-EVP_PKEY_CTX_set0_rsa_oaep_label-fo.patch
Patch0002: 0001-tpm2-Fix-size-check-in-CryptSecretDecrypt.patch
ExcludeArch: i686
Patch0003: 0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
Patch0004: 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
BuildRequires: openssl-devel
BuildRequires: pkgconfig gawk sed
BuildRequires: automake autoconf libtool bash coreutils gcc-c++
BuildRequires: make
BuildRequires: git
BuildRequires: make
%description
A library providing TPM functionality for VMs. Targeted for integration
@ -31,7 +30,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
Libtpms header files and documentation.
%prep
%autosetup -p1 -n %{name}-%{gitdate}
%autosetup -S git -n %{name}-%{gitdate}
%build
NOCONFIGURE=1 sh autogen.sh
%configure --disable-static --with-tpm2 --without-tpm1 --with-openssl
@ -59,101 +58,61 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
%{_mandir}/man3/*
%changelog
* Wed Mar 01 2023 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-3.20211126git1ff6fe1f43
- Backport "tpm2: Check size of buffer before accessing it" (CVE-2023-1017 & CVE-2023-1018)
Resolves: rhbz#2173960
Resolves: rhbz#2173967
* Mon Jun 20 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-2.20211126git1ff6fe1f43
* Thu Jul 28 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-1.20211126git1ff6fe1f43
- Backport s_ContextSlotMask initialization fix
Resolves: rhbz#2035731
Resolves: rhbz#2111433
* Mon Jun 13 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-1.20211126git1ff6fe1f43
- Backport RSA/OAEP fixes.
Resolves: rhbz#2093651
* Thu Dec 09 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-0.20211126git1ff6fe1f43
- Rebase to 0.9.1 (sync with RHEL9)
Resolves: rhbz#2029355
* Wed Dec 01 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-0.20211126git1ff6fe1f43
- Rebase to 0.9.1
Resolves: rhbz#2027951
* Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-6.20201106git2452a24dab
- Fix CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
Resolves: rhbz#1999307
* Tue Nov 9 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-0.20211004gitdc4e3f6313
- Rebase to 0.9.0, disable TPM 1.2
Resolves: rhbz#1990152 & rhbz#2021628
* Mon Jun 28 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-5.20201106git2452a24dab
- Fix CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM
Fixes: rhbz#1976816
* Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.7
- Fixes CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
Resolves: rhbz#1999303
* Wed Mar 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-4.20201106git2452a24dab
- tpm2: CryptSym: fix AES output IV
Fixes: rhbz#1942904
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Feb 19 2021 Eduardo Lima (Etrunko) <etrunko@redhat.com> - 0.7.4-3.20201106git2452a24dab
- Add git as build dependency
Related: rhbz#1858821
* Wed Jun 30 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.5
- Fixes CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM
Resolves: rhbz#1976814
* Wed Feb 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-2.20201106git2452a24dab
- tpm2: Return properly sized array for b parameter for NIST P521 (HLK) #180
Fixes: rhbz#1858821
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.4
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Nov 6 18:46:36 +04 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-1.20201106git2452a24dab
- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes.
Fixes: rhbz#1893444
* Tue May 18 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.3
- Add -Wno-error=deprecated-declarations, to ignore OpenSSL 3.0 deprecation warnings.
Fixes: rhbz#1958054
* Tue Aug 18 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.3-1.20200818git1d392d466a
- Update to v0.7.3 stable, fixes rhbz#1868447
- (includes "tpm2: fix PCRBelongsTCBGroup for PCClient")
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Mar 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.2-0.20210301git729fc6a4ca
- tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue
* Sat Feb 27 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-0.20210227git5bf2746e47
- Fixed a context save and suspend/resume problem when public keys are loaded
* Thu Feb 18 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.7.5-0.20210218gite271498466
- Addressed UBSAN and cppcheck detected issues
- Return proper size of ECC Parameters to pass HLK tests
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.4-0.20201031git2452a24dab.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Oct 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.4-0.20201031git2452a24dab
- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes
* Fri Jul 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.3-0.20200731git1d392d466a
- Follow stable-0.7.0 branch to v0.7.3
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-0.20200527git7325acb477.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed May 27 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.2-0.20200527git7325acb477
* Thu May 28 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.2-1.20200527git7325acb477
- Update to v0.7.2 stable snapshot, fixes rhbz#1809676
- exclude i686 build
- Following stable-0.7.0 branch for TPM 2 related fixes: RSA decryption,
PSS salt length, symmetric decryption (padding)
- Under certain circumstances an RSA decryption could cause a buffer overflow causing
termination of the program (swtpm)
* Wed May 20 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.1-0.20200520git8fe99d1fd0
- Following stable-0.7.0 branch for TPM 2 related fixes; v0.7.1 + gcc related patch
- elliptic curve fixes
- MANUFACTURER changed from "IBM " to "IBM"
- gcc 10 related fix
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20191018gitdc116933b7.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Oct 18 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191018gitdc116933b7
- Following stable-0.7.0 branch for TPM 1.2 related bugfix
* Tue Oct 08 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191008gitc26e8f7b08
- Following stable-0.7.0 branch for bug fix
* Fri Oct 18 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-1.20191018gitdc116933b7
- RHEL8.1.1 update
- Update to v0.7.0 stable snapshot
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20190719gitd061d8065b.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jul 19 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20190719gitd061d8065b
- Update to v0.7.0
* Fri May 10 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20190510gitb244bdf6e2
- Applied bugfix for CMAC
* Tue Apr 16 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.1-0.20190121git9dc915572b.2
- RHEL8.1 build
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-0.20190121git9dc915572b.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild