diff --git a/SOURCES/0001-ESYS-Fix-initialization-of-app-data-in-Esys_Initiali.patch b/SOURCES/0001-ESYS-Fix-initialization-of-app-data-in-Esys_Initiali.patch new file mode 100644 index 0000000..da3d4ac --- /dev/null +++ b/SOURCES/0001-ESYS-Fix-initialization-of-app-data-in-Esys_Initiali.patch @@ -0,0 +1,39 @@ +From 285667d640b8dd7d2d80e0c5d5fcc44f6abad442 Mon Sep 17 00:00:00 2001 +From: Juergen Repp +Date: Mon, 27 Apr 2020 16:33:16 +0200 +Subject: [PATCH 1/4] ESYS: Fix initialization of app data in Esys_Initialize + (Fixes #1704). + +An unintended free of the tcti parameter in cleanup was possible. + +Signed-off-by: Juergen Repp +--- + src/tss2-esys/esys_context.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/tss2-esys/esys_context.c b/src/tss2-esys/esys_context.c +index b912a688..150a3495 100644 +--- a/src/tss2-esys/esys_context.c ++++ b/src/tss2-esys/esys_context.c +@@ -54,15 +54,15 @@ Esys_Initialize(ESYS_CONTEXT ** esys_context, TSS2_TCTI_CONTEXT * tcti, + *esys_context = calloc(1, sizeof(ESYS_CONTEXT)); + return_if_null(*esys_context, "Out of memory.", TSS2_ESYS_RC_MEMORY); + ++ /* Store the application provided tcti to be return on Esys_GetTcti(). */ ++ (*esys_context)->tcti_app_param = tcti; ++ + /* Allocate memory for the SYS context */ + syssize = Tss2_Sys_GetContextSize(0); + (*esys_context)->sys = calloc(1, syssize); + goto_if_null((*esys_context)->sys, "Error: During malloc.", + TSS2_ESYS_RC_MEMORY, cleanup_return); + +- /* Store the application provided tcti to be return on Esys_GetTcti(). */ +- (*esys_context)->tcti_app_param = tcti; +- + /* If no tcti was provided, initialize the default one. */ + if (tcti == NULL) { + r = Tss2_TctiLdr_Initialize (NULL, &tcti); +-- +2.41.0 + diff --git a/SOURCES/0001-tss2_rc-ensure-layer-number-is-in-bounds.patch b/SOURCES/0001-tss2_rc-ensure-layer-number-is-in-bounds.patch new file mode 100644 index 0000000..e363b27 --- /dev/null +++ b/SOURCES/0001-tss2_rc-ensure-layer-number-is-in-bounds.patch @@ -0,0 +1,139 @@ +From 79f62668a31a2da938f83d534a49ad7f9bc144ca Mon Sep 17 00:00:00 2001 +From: William Roberts +Date: Thu, 19 Jan 2023 11:53:06 -0600 +Subject: [PATCH] tss2_rc: ensure layer number is in bounds + +The layer handler array was defined as 255, the max number of uint8, +which is the size of the layer field, however valid values are 0-255 +allowing for 256 possibilities and thus the array was off by one and +needed to be sized to 256 entries. Update the size and add tests. + +Note: previous implementations incorrectly dropped bits on unknown error +output, ie TSS2_RC of 0xFFFFFF should yeild a string of 255:0xFFFFFF, +but earlier implementations returned 255:0xFFFF, dropping the middle +bits, this patch fixes that. + +Fixes: CVE-2023-22745 + +Signed-off-by: William Roberts +--- + src/tss2-rc/tss2_rc.c | 31 +++++++++++++++++++++---------- + test/unit/test_tss2_rc.c | 21 ++++++++++++++++++++- + 2 files changed, 41 insertions(+), 11 deletions(-) + +diff --git a/src/tss2-rc/tss2_rc.c b/src/tss2-rc/tss2_rc.c +index 93743048..0a64958f 100644 +--- a/src/tss2-rc/tss2_rc.c ++++ b/src/tss2-rc/tss2_rc.c +@@ -1,5 +1,8 @@ + /* SPDX-License-Identifier: BSD-2-Clause */ +- ++#ifdef HAVE_CONFIG_H ++#include "config.h" ++#endif ++#include + #include + #include + #include +@@ -777,7 +780,7 @@ sys_err_handler (TSS2_RC rc) + static struct { + char name[TSS2_ERR_LAYER_NAME_MAX]; + TSS2_RC_HANDLER handler; +-} layer_handler[TPM2_ERROR_TSS2_RC_LAYER_COUNT] = { ++} layer_handler[TPM2_ERROR_TSS2_RC_LAYER_COUNT + 1] = { + ADD_HANDLER("tpm" , tpm2_ehandler), + ADD_NULL_HANDLER, /* layer 1 is unused */ + ADD_NULL_HANDLER, /* layer 2 is unused */ +@@ -812,7 +815,7 @@ unknown_layer_handler(TSS2_RC rc) + static __thread char buf[32]; + + clearbuf(buf); +- catbuf(buf, "0x%X", tpm2_error_get(rc)); ++ catbuf(buf, "0x%X", rc); + + return buf; + } +@@ -909,19 +912,27 @@ Tss2_RC_Decode(TSS2_RC rc) + catbuf(buf, "%u:", layer); + } + +- handler = !handler ? unknown_layer_handler : handler; +- + /* + * Handlers only need the error bits. This way they don't + * need to concern themselves with masking off the layer + * bits or anything else. + */ +- UINT16 err_bits = tpm2_error_get(rc); +- const char *e = err_bits ? handler(err_bits) : "success"; +- if (e) { +- catbuf(buf, "%s", e); ++ if (handler) { ++ UINT16 err_bits = tpm2_error_get(rc); ++ const char *e = err_bits ? handler(err_bits) : "success"; ++ if (e) { ++ catbuf(buf, "%s", e); ++ } else { ++ catbuf(buf, "0x%X", err_bits); ++ } + } else { +- catbuf(buf, "0x%X", err_bits); ++ /* ++ * we don't want to drop any bits if we don't know what to do with it ++ * so drop the layer byte since we we already have that. ++ */ ++ const char *e = unknown_layer_handler(rc >> 8); ++ assert(e); ++ catbuf(buf, "%s", e); + } + + return buf; +diff --git a/test/unit/test_tss2_rc.c b/test/unit/test_tss2_rc.c +index 1c8d66c9..9369beda 100644 +--- a/test/unit/test_tss2_rc.c ++++ b/test/unit/test_tss2_rc.c +@@ -198,7 +198,7 @@ test_custom_handler(void **state) + * Test an unknown layer + */ + e = Tss2_RC_Decode(rc); +- assert_string_equal(e, "1:0x2A"); ++ assert_string_equal(e, "1:0x100"); + } + + static void +@@ -281,6 +281,23 @@ test_tcti(void **state) + assert_string_equal(e, "tcti:Fails to connect to next lower layer"); + } + ++static void ++test_all_FFs(void **state) ++{ ++ (void) state; ++ ++ const char *e = Tss2_RC_Decode(0xFFFFFFFF); ++ assert_string_equal(e, "255:0xFFFFFF"); ++} ++ ++static void ++test_all_FFs_set_handler(void **state) ++{ ++ (void) state; ++ Tss2_RC_SetHandler(0xFF, "garbage", custom_err_handler); ++ Tss2_RC_SetHandler(0xFF, NULL, NULL); ++} ++ + /* link required symbol, but tpm2_tool.c declares it AND main, which + * we have a main below for cmocka tests. + */ +@@ -312,6 +329,8 @@ main(int argc, char* argv[]) + cmocka_unit_test(test_esys), + cmocka_unit_test(test_mu), + cmocka_unit_test(test_tcti), ++ cmocka_unit_test(test_all_FFs), ++ cmocka_unit_test(test_all_FFs_set_handler) + }; + + return cmocka_run_group_tests(tests, NULL, NULL); +-- +2.40.1 + diff --git a/SOURCES/0002-esys-Shared-secret-calculation-is-not-spec-compliant.patch b/SOURCES/0002-esys-Shared-secret-calculation-is-not-spec-compliant.patch new file mode 100644 index 0000000..81a7e20 --- /dev/null +++ b/SOURCES/0002-esys-Shared-secret-calculation-is-not-spec-compliant.patch @@ -0,0 +1,31 @@ +From b94392537a1ed43918483a2bfa8a90e5fd05354d Mon Sep 17 00:00:00 2001 +From: Stefan Thom +Date: Fri, 5 Jun 2020 12:11:39 -0700 +Subject: [PATCH 2/4] esys: Shared secret calculation is not spec compliant. + +Refer to specification part 1 Architecture, Section 20.1 AuditSession +Introduction: If the session was bound when created (see 19.6.10 and +19.6.12), the bind value is lost and any further use of the session for +authorization will require that the authValue be used in the HMAC. + +Signed-off-by: Stefan Thom +--- + src/tss2-esys/esys_tr.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/tss2-esys/esys_tr.c b/src/tss2-esys/esys_tr.c +index c9ea537a..d14c7d35 100644 +--- a/src/tss2-esys/esys_tr.c ++++ b/src/tss2-esys/esys_tr.c +@@ -511,6 +511,8 @@ Esys_TRSess_SetAttributes(ESYS_CONTEXT * esys_context, ESYS_TR esys_handle, + esys_object->rsrc.misc.rsrc_session.sessionAttributes = + (esys_object->rsrc.misc.rsrc_session. + sessionAttributes & ~mask) | (flags & mask); ++ if (esys_object->rsrc.misc.rsrc_session.sessionAttributes & TPMA_SESSION_AUDIT) ++ esys_object->rsrc.misc.rsrc_session.bound_entity.size = 0; + return TSS2_RC_SUCCESS; + } + +-- +2.41.0 + diff --git a/SOURCES/0003-esys_iutil.c-Fix-issue-where-nonceTPM-was-included-t.patch b/SOURCES/0003-esys_iutil.c-Fix-issue-where-nonceTPM-was-included-t.patch new file mode 100644 index 0000000..7956601 --- /dev/null +++ b/SOURCES/0003-esys_iutil.c-Fix-issue-where-nonceTPM-was-included-t.patch @@ -0,0 +1,45 @@ +From 7a56b84b5990b07efd30b5bf79331c74d28df954 Mon Sep 17 00:00:00 2001 +From: Imran Desai +Date: Mon, 22 Mar 2021 16:43:36 -0700 +Subject: [PATCH 3/4] esys_iutil.c: Fix issue where nonceTPM was included twice + in hmac + +Fixes #2037 + +TPM2.0 Architecture 19.6.5 Note 7 + +If the same session (not the first session) is used for decrypt and +encrypt, its nonceTPM is only used once. If different sessions are +used for decrypt and encrypt, both nonceTPMs are included. + +Signed-off-by: Imran Desai +--- + src/tss2-esys/esys_iutil.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/tss2-esys/esys_iutil.c b/src/tss2-esys/esys_iutil.c +index 08a9b7df..1910c570 100644 +--- a/src/tss2-esys/esys_iutil.c ++++ b/src/tss2-esys/esys_iutil.c +@@ -1265,6 +1265,18 @@ iesys_gen_auths(ESYS_CONTEXT * esys_context, + &encryptNonce); + return_if_error(r, "More than one crypt session"); + ++ /* ++ * TPM2.0 Architecture 19.6.5 Note 7 ++ * ++ * If the same session (not the first session) is used for decrypt and ++ * encrypt, its nonceTPM is only used once. If different sessions are used ++ * for decrypt and encrypt, both nonceTPMs are included ++ */ ++ if (decryptNonceIdx && (decryptNonceIdx == encryptNonceIdx)) { ++ decryptNonceIdx = 0; ++ } ++ ++ + /* Compute cp hash values for command buffer for all used algorithms */ + + r = iesys_compute_cp_hashtab(esys_context, +-- +2.41.0 + diff --git a/SOURCES/0004-ESYS-Fix-buffer-overflow-in-xor-parameter-obfuscatio.patch b/SOURCES/0004-ESYS-Fix-buffer-overflow-in-xor-parameter-obfuscatio.patch new file mode 100644 index 0000000..ffd947b --- /dev/null +++ b/SOURCES/0004-ESYS-Fix-buffer-overflow-in-xor-parameter-obfuscatio.patch @@ -0,0 +1,42 @@ +From 3a540d570d265c80dca31bfec23d267cdfa1c294 Mon Sep 17 00:00:00 2001 +From: Juergen Repp +Date: Mon, 12 Jul 2021 10:52:53 +0200 +Subject: [PATCH 4/4] ESYS: Fix buffer overflow in xor parameter obfuscation. + +If trace is activated LOGBLOB_TRACE is called with a wrong pointer to display +the obfuscated data. Fixes #2115. + +Signed-off-by: Juergen Repp +--- + src/tss2-esys/esys_crypto.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/tss2-esys/esys_crypto.c b/src/tss2-esys/esys_crypto.c +index aef3e50b..a2b7b937 100644 +--- a/src/tss2-esys/esys_crypto.c ++++ b/src/tss2-esys/esys_crypto.c +@@ -499,6 +499,7 @@ iesys_xor_parameter_obfuscation(TPM2_ALG_ID hash_alg, + size_t data_size_bits = data_size * 8; + size_t rest_size = data_size; + BYTE *kdfa_byte_ptr; ++ BYTE *data_start = data; + + if (key == NULL || data == NULL) { + LOG_ERROR("Bad reference"); +@@ -514,11 +515,11 @@ iesys_xor_parameter_obfuscation(TPM2_ALG_ID hash_alg, + return_if_error(r, "iesys_crypto_KDFa failed"); + /* XOR next data sub block with KDFa result */ + kdfa_byte_ptr = kdfa_result; +- LOGBLOB_TRACE(data, data_size, "Parameter data before XOR"); ++ LOGBLOB_TRACE(data_start, data_size, "Parameter data before XOR"); + for(size_t i = digest_size < rest_size ? digest_size : rest_size; i > 0; + i--) + *data++ ^= *kdfa_byte_ptr++; +- LOGBLOB_TRACE(data, data_size, "Parameter data after XOR"); ++ LOGBLOB_TRACE(data_start, data_size, "Parameter data after XOR"); + rest_size = rest_size < digest_size ? 0 : rest_size - digest_size; + } + return TSS2_RC_SUCCESS; +-- +2.41.0 + diff --git a/SPECS/tpm2-tss.spec b/SPECS/tpm2-tss.spec index d91c61c..9a767f5 100644 --- a/SPECS/tpm2-tss.spec +++ b/SPECS/tpm2-tss.spec @@ -1,6 +1,6 @@ Name: tpm2-tss Version: 2.3.2 -Release: 4%{?dist} +Release: 5%{?dist} Summary: TPM2.0 Software Stack # The entire source code is under BSD except implementation.h and tpmb.h which @@ -26,6 +26,11 @@ Patch12: 0001-sys-match-counter-variable-type-for-cmdAuthsArray-co.patch Patch13: 0001-Return-proper-error-code-on-memory-allocation-failur.patch Patch14: 0001-esys-fix-hmac-calculation-for-tpm2_clear-command.patch Patch15: 0001-tctildr-remove-the-private-implementation-of-strndup.patch +Patch16: 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch +Patch17: 0001-ESYS-Fix-initialization-of-app-data-in-Esys_Initiali.patch +Patch18: 0002-esys-Shared-secret-calculation-is-not-spec-compliant.patch +Patch19: 0003-esys_iutil.c-Fix-issue-where-nonceTPM-was-included-t.patch +Patch20: 0004-ESYS-Fix-buffer-overflow-in-xor-parameter-obfuscatio.patch %global udevrules_prefix 60- @@ -119,6 +124,11 @@ use tpm2-tss. %postun -p /sbin/ldconfig %changelog +* Wed Jun 7 2023 Štěpán Horáček - 2.3.2-5 +- Ensure layer number is in bounds + Resolves: rhbz#2160302 + Resolves: rhbz#2162611 + * Tue Apr 20 2021 Jerry Snitselaar - 2.3.2-4 - Fix hmac calculation for tpm2_clear command. - Remove private implementation of strndup.