import tpm2-tools-4.1.1-5.el8

This commit is contained in:
CentOS Sources 2021-11-09 04:54:27 -05:00 committed by Stepan Oksanichenko
parent 92a60c9c8f
commit 68df1df00e
9 changed files with 334 additions and 1 deletions

View File

@ -0,0 +1,26 @@
From 012249ad9d06d7534a94690a33638691f5104839 Mon Sep 17 00:00:00 2001
From: Radoslav Gerganov <rgerganov@vmware.com>
Date: Wed, 26 Feb 2020 10:40:26 +0200
Subject: [PATCH] lib/files: fix an error message in files_load_##name
Signed-off-by: Radoslav Gerganov <rgerganov@vmware.com>
---
lib/files.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/files.c b/lib/files.c
index a6beea5b8ff2..ef2170b079e1 100644
--- a/lib/files.c
+++ b/lib/files.c
@@ -687,7 +687,7 @@ tool_rc files_save_ESYS_TR(ESYS_CONTEXT *ectx, ESYS_TR handle, const char *path)
size_t offset = 0; \
TSS2_RC rc = Tss2_MU_##type##_Unmarshal(buffer, size, &offset, name); \
if (rc != TSS2_RC_SUCCESS) { \
- LOG_ERR("Error serializing "str(name)" structure: 0x%x", rc); \
+ LOG_ERR("Error deserializing "str(name)" structure: 0x%x", rc); \
LOG_ERR("The input file needs to be a valid "xstr(type)" data structure"); \
return false; \
} \
--
2.31.0

View File

@ -0,0 +1,42 @@
From a20415d6f1d3fa09300ff1181646fe7e1785fd15 Mon Sep 17 00:00:00 2001
From: Imran Desai <imran.desai@intel.com>
Date: Sun, 29 Mar 2020 10:14:28 -0700
Subject: [PATCH] lib/files.c: Fix an issue where execution could not reach
function return
Signed-off-by: Imran Desai <imran.desai@intel.com>
---
lib/files.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/lib/files.c b/lib/files.c
index ef2170b079e1..501f88d11b48 100644
--- a/lib/files.c
+++ b/lib/files.c
@@ -607,9 +607,7 @@ bool files_load_bytes_from_buffer_or_file_or_stdin(const char *input_buffer,
return true;
}
-// printf("Reading file: %s\n", path);
-// printf("size: %u\n", *size);
-
+ bool retval = true;
/* Read from stdin */
if (!input_buffer && !path) {
UINT16 read_bytes = 0;
@@ -640,10 +638,10 @@ bool files_load_bytes_from_buffer_or_file_or_stdin(const char *input_buffer,
return true;
}
} else if (path) {
- return files_load_bytes_from_path(path, buf, size);
+ retval = files_load_bytes_from_path(path, buf, size);
}
- return false;
+ return retval;
}
tool_rc files_save_ESYS_TR(ESYS_CONTEXT *ectx, ESYS_TR handle, const char *path) {
--
2.31.0

View File

@ -0,0 +1,63 @@
From 77d4592e3eec9ec2c7932586f41f925b43ecc5ba Mon Sep 17 00:00:00 2001
From: Imran Desai <imran.desai@intel.com>
Date: Sun, 29 Mar 2020 10:22:42 -0700
Subject: [PATCH] tools/tpm2_nvcertify.c: Fix incompatible pointer cast that
may cause memory leak
Pointer "&ctx.size" and "&ctx.offset" points to an object whose effective type is
"unsigned short" (16 bits, unsigned) but is dereferenced as a wider
"unsigned int" (32 bits, unsigned). This may lead to memory corruption.
Signed-off-by: Imran Desai <imran.desai@intel.com>
---
tools/tpm2_nvcertify.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/tools/tpm2_nvcertify.c b/tools/tpm2_nvcertify.c
index b49f38dbff20..414cbea85574 100644
--- a/tools/tpm2_nvcertify.c
+++ b/tools/tpm2_nvcertify.c
@@ -80,6 +80,7 @@ static bool set_signature_format(char *value) {
static bool on_option(char key, char *value) {
bool result = true;
+ uint32_t input_value;
switch (key) {
case 'C':
@@ -110,18 +111,30 @@ static bool on_option(char key, char *value) {
ctx.policy_qualifier_arg = value;
break;
case 0:
- result = tpm2_util_string_to_uint32(value, (uint32_t*)&ctx.size);
+ result = tpm2_util_string_to_uint32(value, &input_value);
if (!result) {
LOG_ERR("Could not convert size to number, got: \"%s\"", value);
return false;
}
+ if (input_value > UINT16_MAX) {
+ LOG_ERR("Specified size is larger than that allowed by command");
+ return false;
+ } else {
+ ctx.size = input_value;
+ }
break;
case 1:
- result = tpm2_util_string_to_uint32(value, (uint32_t*)&ctx.offset);
+ result = tpm2_util_string_to_uint32(value, &input_value);
if (!result) {
LOG_ERR("Could not convert offset to number, got: \"%s\"", value);
return false;
}
+ if (input_value > UINT16_MAX) {
+ LOG_ERR("Specified offset is larger than that allowed by command");
+ return false;
+ } else {
+ ctx.offset = input_value;
+ }
break;
case 2:
ctx.certify_info_path = value;
--
2.31.0

View File

@ -0,0 +1,25 @@
From 023ec5c0eafe8dfb5b71e400cb0c2c337fb8c108 Mon Sep 17 00:00:00 2001
From: Imran Desai <imran.desai@intel.com>
Date: Sun, 29 Mar 2020 10:49:12 -0700
Subject: [PATCH] tools/tpm2_nvreadpublic: Fix resource leak
Signed-off-by: Imran Desai <imran.desai@intel.com>
---
tools/tpm2_nvreadpublic.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/tpm2_nvreadpublic.c b/tools/tpm2_nvreadpublic.c
index 7f8e46cbf863..eca1fd715a79 100644
--- a/tools/tpm2_nvreadpublic.c
+++ b/tools/tpm2_nvreadpublic.c
@@ -41,6 +41,7 @@ static tool_rc print_nv_public(ESYS_CONTEXT *context, TPMI_RH_NV_INDEX index, TP
rc = tpm2_tr_get_name(context, tr_handle,
&name);
if (rc != tool_rc_success) {
+ free(attrs);
return rc;
}
--
2.31.0

View File

@ -0,0 +1,49 @@
From 8c72f7402d8977807f531b08976760d62676cf8a Mon Sep 17 00:00:00 2001
From: Imran Desai <imran.desai@intel.com>
Date: Thu, 23 Jan 2020 11:21:58 -0700
Subject: [PATCH] tpm2_getekcertificate: add default web address
Currently only Intel (R) PTT certificates are hosted online.
A default web address pointing to the endorsement key certificate
hosting will help reduce user input.
Signed-off-by: Imran Desai <imran.desai@intel.com>
---
test/integration/tests/getekcertificate.sh | 6 ++----
tools/tpm2_getekcertificate.c | 1 +
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/test/integration/tests/getekcertificate.sh b/test/integration/tests/getekcertificate.sh
index 33f4f8b2e4c0..e8c521756d2a 100755
--- a/test/integration/tests/getekcertificate.sh
+++ b/test/integration/tests/getekcertificate.sh
@@ -38,12 +38,10 @@ else
fi
fi
-tpm2_getekcertificate -u test_ek.pub -x -X -o ECcert.bin \
-https://ekop.intel.com/ekcertservice/
+tpm2_getekcertificate -u test_ek.pub -x -X -o ECcert.bin
# Test that stdoutput is the same
-tpm2_getekcertificate -u test_ek.pub -x https://ekop.intel.com/ekcertservice/ \
--X > ECcert2.bin
+tpm2_getekcertificate -u test_ek.pub -x -X > ECcert2.bin
# stdout file should match -E file.
cmp ECcert.bin ECcert2.bin
diff --git a/tools/tpm2_getekcertificate.c b/tools/tpm2_getekcertificate.c
index 233d04d8b3d7..6a8fe894bb1c 100644
--- a/tools/tpm2_getekcertificate.c
+++ b/tools/tpm2_getekcertificate.c
@@ -32,6 +32,7 @@ struct tpm_getekcertificate_ctx {
static tpm_getekcertificate_ctx ctx = {
.is_tpm2_device_active = true,
+ .ek_server_addr = "https://ekop.intel.com/ekcertservice/",
};
static unsigned char *hash_ek_public(void) {
--
2.31.0

View File

@ -0,0 +1,46 @@
From c069e4f179d5e6653a84fb236816c375dca82515 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Fri, 21 May 2021 12:22:31 -0500
Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. Even the
use of an encrypted session will not prevent this. The TPM only
encrypts the first parameter which is the fixed symmetric key.
To fix this, ensure the key size is 16 bytes or bigger and use
OpenSSL to generate a secure random AES key.
Fixes: #2738
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
tools/tpm2_import.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
index cfb6f207ba9c..f44326c87e7e 100644
--- a/tools/tpm2_import.c
+++ b/tools/tpm2_import.c
@@ -118,7 +118,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
TPM2B_DATA enc_sensitive_key = {
.size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
};
- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
+
+ if(enc_sensitive_key.size < 16) {
+ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
+ return tool_rc_general_error;
+ }
+
+ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
+ if (ossl_rc != 1) {
+ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
+ return tool_rc_general_error;
+ }
/*
* Calculate the object name.
--
2.31.0

View File

@ -0,0 +1,28 @@
From e556da0a2099573f82391c16477fba08584a7a12 Mon Sep 17 00:00:00 2001
From: Imran Desai <imran.desai@intel.com>
Date: Tue, 10 Mar 2020 09:15:55 -0700
Subject: [PATCH] tpm2_policy.c: restrict policy digest size
Fixes #1916
Signed-off-by: Imran Desai <imran.desai@intel.com>
---
lib/tpm2_policy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm2_policy.c b/lib/tpm2_policy.c
index 6c352b2b41ae..01387ba01645 100644
--- a/lib/tpm2_policy.c
+++ b/lib/tpm2_policy.c
@@ -163,7 +163,7 @@ tool_rc tpm2_policy_build_policyauthorize(ESYS_CONTEXT *ectx,
bool result = true;
TPM2B_DIGEST approved_policy = { .size = 0 };
if (policy_digest_path) {
- approved_policy.size = UINT16_MAX;
+ approved_policy.size = sizeof(TPMU_HA);
result = files_load_bytes_from_path(policy_digest_path,
approved_policy.buffer, &approved_policy.size);
}
--
2.31.0

View File

@ -0,0 +1,30 @@
From cab7b3edcc6a44aece0642c0c2621a4bb70d449b Mon Sep 17 00:00:00 2001
From: Imran Desai <imran.desai@intel.com>
Date: Tue, 10 Mar 2020 18:19:04 -0700
Subject: [PATCH] tpm2_policycountertimer: Fix an issue where operandB array
was reversed
Signed-off-by: Imran Desai <imran.desai@intel.com>
---
tools/tpm2_policycountertimer.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/tpm2_policycountertimer.c b/tools/tpm2_policycountertimer.c
index 1c72d525dab7..170a544f2203 100644
--- a/tools/tpm2_policycountertimer.c
+++ b/tools/tpm2_policycountertimer.c
@@ -81,7 +81,10 @@ static bool convert_keyvalue_to_operand_buffer(const char *value,
}
ctx.operand_b.size = size;
- memcpy(ctx.operand_b.buffer, &data.b, size);
+ size_t i = 0;
+ for (i = 0; i < size; i++) {
+ ctx.operand_b.buffer[i] = *(&data.b + size - i - 1);
+ }
return true;
}
--
2.31.0

View File

@ -1,6 +1,6 @@
Name: tpm2-tools
Version: 4.1.1
Release: 2%{?dist}
Release: 5%{?dist}
Summary: A TPM2.0 testing tool build upon TPM2.0-TSS
License: BSD
@ -13,6 +13,14 @@ Patch3: 0001-tpm2_alg_util.c-fix-a-bug-where-the-string-rsa3072-w.patch
Patch4: 0001-Fix-ESYS_TR-hierarchy-transition.patch
Patch5: 0001-Refactor-fix_esys_hierarchies.patch
Patch6: 0001-tpm2_create.c-Fix-an-issue-where-userwithauth-attr-c.patch
Patch7: 0001-tpm2_getekcertificate-add-default-web-address.patch
Patch8: 0001-lib-files-fix-an-error-message-in-files_load_-name.patch
Patch9: 0001-tpm2_policy.c-restrict-policy-digest-size.patch
Patch10: 0001-tpm2_policycountertimer-Fix-an-issue-where-operandB-.patch
Patch11: 0001-tools-tpm2_nvcertify.c-Fix-incompatible-pointer-cast.patch
Patch12: 0001-tools-tpm2_nvreadpublic-Fix-resource-leak.patch
Patch13: 0001-lib-files.c-Fix-an-issue-where-execution-could-not-r.patch
Patch14: 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
BuildRequires: gcc-c++
BuildRequires: libtool
@ -53,6 +61,22 @@ tpm2-tools is a batch of testing tools for tpm2.0. It is based on tpm2-tss.
%{_mandir}/man1/tpm2_*.1.gz
%changelog
* Mon Aug 09 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-5
- Bump nvr to trigger osci.
resolves: rhbz#1965981
* Tue Jun 01 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-4
- Fix CVE-2021-3565
resolves: rhbz#1965981
* Fri May 14 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-3
- Fix resource leak.
- Fix to restrict policy digest size.
- Fix incompatible pointer cast.
- Fix error message in files_load_##name
- Fix issue where execution couldn't reach function return.
resolves: rhbz#1920821
* Mon Nov 16 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-2
- Fix ESYS_TR hierarchy transition.
- Refactor fix_esys_hierarchies to return actual TSS2_RC return code.