import tpm2-tools-4.1.1-5.el8
This commit is contained in:
parent
5806ac66f3
commit
7308c3e89f
@ -0,0 +1,46 @@
|
||||
From c069e4f179d5e6653a84fb236816c375dca82515 Mon Sep 17 00:00:00 2001
|
||||
From: William Roberts <william.c.roberts@intel.com>
|
||||
Date: Fri, 21 May 2021 12:22:31 -0500
|
||||
Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
|
||||
|
||||
tpm2_import used a fixed AES key for the inner wrapper, which means that
|
||||
a MITM attack would be able to unwrap the imported key. Even the
|
||||
use of an encrypted session will not prevent this. The TPM only
|
||||
encrypts the first parameter which is the fixed symmetric key.
|
||||
|
||||
To fix this, ensure the key size is 16 bytes or bigger and use
|
||||
OpenSSL to generate a secure random AES key.
|
||||
|
||||
Fixes: #2738
|
||||
|
||||
Signed-off-by: William Roberts <william.c.roberts@intel.com>
|
||||
---
|
||||
tools/tpm2_import.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
|
||||
index cfb6f207ba9c..f44326c87e7e 100644
|
||||
--- a/tools/tpm2_import.c
|
||||
+++ b/tools/tpm2_import.c
|
||||
@@ -118,7 +118,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
|
||||
TPM2B_DATA enc_sensitive_key = {
|
||||
.size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
|
||||
};
|
||||
- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
|
||||
+
|
||||
+ if(enc_sensitive_key.size < 16) {
|
||||
+ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
|
||||
+ return tool_rc_general_error;
|
||||
+ }
|
||||
+
|
||||
+ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
|
||||
+ if (ossl_rc != 1) {
|
||||
+ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
|
||||
+ return tool_rc_general_error;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Calculate the object name.
|
||||
--
|
||||
2.31.0
|
||||
|
@ -1,6 +1,6 @@
|
||||
Name: tpm2-tools
|
||||
Version: 4.1.1
|
||||
Release: 3%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Summary: A TPM2.0 testing tool build upon TPM2.0-TSS
|
||||
|
||||
License: BSD
|
||||
@ -20,6 +20,7 @@ Patch10: 0001-tpm2_policycountertimer-Fix-an-issue-where-operandB-.patch
|
||||
Patch11: 0001-tools-tpm2_nvcertify.c-Fix-incompatible-pointer-cast.patch
|
||||
Patch12: 0001-tools-tpm2_nvreadpublic-Fix-resource-leak.patch
|
||||
Patch13: 0001-lib-files.c-Fix-an-issue-where-execution-could-not-r.patch
|
||||
Patch14: 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
|
||||
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libtool
|
||||
@ -60,6 +61,14 @@ tpm2-tools is a batch of testing tools for tpm2.0. It is based on tpm2-tss.
|
||||
%{_mandir}/man1/tpm2_*.1.gz
|
||||
|
||||
%changelog
|
||||
* Mon Aug 09 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-5
|
||||
- Bump nvr to trigger osci.
|
||||
resolves: rhbz#1965981
|
||||
|
||||
* Tue Jun 01 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-4
|
||||
- Fix CVE-2021-3565
|
||||
resolves: rhbz#1965981
|
||||
|
||||
* Fri May 14 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-3
|
||||
- Fix resource leak.
|
||||
- Fix to restrict policy digest size.
|
||||
|
Loading…
Reference in New Issue
Block a user