import tpm2-tss-2.3.2-3.el8

This commit is contained in:
CentOS Sources 2021-05-18 02:40:29 -04:00 committed by Andrew Lukoshko
parent faeb832d1c
commit 7c41fa00ca
14 changed files with 1960 additions and 1 deletions

View File

@ -0,0 +1,128 @@
From 70e9fae7ef535e7cf27a72ddbc818dfefcbdbdbb Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Wed, 18 Sep 2019 11:29:57 -0700
Subject: [PATCH] Esys_CreateLoaded: fix resource name calculation
The name calculated and cached for the ESYS_TR resource object was based
on the user supplied TPMT_PUBLIC. However, this template is often
missing data that the TPM fills in and returns in the TPM2B_PUBLIC
structure. Because of this, the cached name returned from
Esys_TR_GetName() and the name read from Esys_ReadPublic() would differ.
Add a test to detect this condition and correct it by copying the
returned TPM2B_PUBLIC to the ESYS_TR resource nodes TPM2B_PUBLIC cache
and calculate the name off of that.
Fixes: #1516
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
src/tss2-esys/api/Esys_CreateLoaded.c | 14 ++++-----
test/integration/esys-createloaded.int.c | 37 ++++++++++++++++++++++++
2 files changed, 42 insertions(+), 9 deletions(-)
diff --git a/src/tss2-esys/api/Esys_CreateLoaded.c b/src/tss2-esys/api/Esys_CreateLoaded.c
index a92649cade27..44c4400fcff9 100644
--- a/src/tss2-esys/api/Esys_CreateLoaded.c
+++ b/src/tss2-esys/api/Esys_CreateLoaded.c
@@ -317,14 +317,6 @@ Esys_CreateLoaded_Finish(
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
- /* Update the meta data of the ESYS_TR object */
- objectHandleNode->rsrc.rsrcType = IESYSC_KEY_RSRC;
- size_t offset = 0;
- r = Tss2_MU_TPMT_PUBLIC_Unmarshal(&esysContext->in.CreateLoaded.inPublic->buffer[0],
- sizeof(TPMT_PUBLIC), &offset ,
- &objectHandleNode->rsrc.misc.rsrc_key_pub.publicArea);
- goto_if_error(r, "Unmarshal TPMT_PUBULIC", error_cleanup);
-
/*Receive the TPM response and handle resubmissions if necessary. */
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
@@ -386,8 +378,12 @@ Esys_CreateLoaded_Finish(
error_cleanup);
+ /* Update the meta data of the ESYS_TR object */
+ objectHandleNode->rsrc.rsrcType = IESYSC_KEY_RSRC;
+ objectHandleNode->rsrc.misc.rsrc_key_pub = *loutPublic;
+
/* Check name and outPublic for consistency */
- if (!iesys_compare_name(loutPublic, &name))
+ if (!iesys_compare_name(&objectHandleNode->rsrc.misc.rsrc_key_pub, &name))
goto_error(r, TSS2_ESYS_RC_MALFORMED_RESPONSE,
"in Public name not equal name in response", error_cleanup);
diff --git a/test/integration/esys-createloaded.int.c b/test/integration/esys-createloaded.int.c
index ec8d68a0d43d..118f2a3bb1ff 100644
--- a/test/integration/esys-createloaded.int.c
+++ b/test/integration/esys-createloaded.int.c
@@ -8,6 +8,7 @@
#include <config.h>
#endif
+#include <stdbool.h>
#include <stdlib.h>
#include "tss2_esys.h"
@@ -19,6 +20,35 @@
#include "util/log.h"
#include "util/aux_util.h"
+static bool check_name(ESYS_CONTEXT * esys_context, ESYS_TR object_handle)
+{
+ bool result = false;
+
+ TPM2B_NAME *read_name = NULL;
+ TPM2B_NAME *get_name = NULL;
+
+ TSS2_RC r = Esys_ReadPublic(esys_context, object_handle,
+ ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+ NULL, &read_name, NULL);
+ goto_if_error(r, "Error esys readpublic", out);
+
+ r = Esys_TR_GetName(esys_context, object_handle, &get_name);
+ goto_if_error(r, "Error esys getname", out);
+
+ if (read_name->size != get_name->size) {
+ LOG_ERROR("name size mismatch %u != %u",
+ read_name->size, get_name->size);
+ goto out;
+ }
+
+ result = memcmp(read_name->name, get_name->name, get_name->size) == 0;
+
+out:
+ free(read_name);
+ free(get_name);
+
+ return result;
+}
/** This test is intended to test the ESAPI command CreateLoaded.
*
* We start by creating a primary key (Esys_CreatePrimary).
@@ -29,6 +59,8 @@
* - Esys_CreatePrimary() (M)
* - Esys_FlushContext() (M)
* - Esys_StartAuthSession() (M)
+ * - Esys_TR_GetName() (M)
+ * - Esys_TR_ReadPublic() (M)
*
* Used compiler defines: TEST_SESSION
*
@@ -239,6 +271,11 @@ test_esys_createloaded(ESYS_CONTEXT * esys_context)
goto_if_error(r, "Error During CreateLoaded", error);
+ bool names_match = check_name(esys_context, objectHandle);
+ if (!names_match) {
+ goto error;
+ }
+
r = Esys_FlushContext(esys_context, primaryHandle);
goto_if_error(r, "Flushing context", error);
--
2.27.0

View File

@ -0,0 +1,25 @@
From 93aab9433b5d66a916e28016a4b60c4a1c39acfc Mon Sep 17 00:00:00 2001
From: Pieter Agten <pieter.agten@gmail.com>
Date: Tue, 3 Dec 2019 20:52:29 +0100
Subject: [PATCH] Return proper error code on memory allocation failure
Signed-off-by: Pieter Agten <pieter.agten@gmail.com>
---
src/tss2-tcti/tctildr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/tss2-tcti/tctildr.c b/src/tss2-tcti/tctildr.c
index ff967317b57b..1528f6e52fd0 100644
--- a/src/tss2-tcti/tctildr.c
+++ b/src/tss2-tcti/tctildr.c
@@ -421,6 +421,7 @@ Tss2_TctiLdr_Initialize_Ex (const char *name,
}
ldr_ctx = calloc (1, sizeof (TSS2_TCTILDR_CONTEXT));
if (ldr_ctx == NULL) {
+ rc = TSS2_TCTI_RC_MEMORY;
goto err;
}
TSS2_TCTI_MAGIC (ldr_ctx) = TCTILDR_MAGIC;
--
2.27.0

View File

@ -0,0 +1,51 @@
From b27956422d1b5bb53a56366e9b7e978f6b95e2f9 Mon Sep 17 00:00:00 2001
From: Erik Larsson <who+github@cnackers.org>
Date: Mon, 2 Dec 2019 11:21:02 +0100
Subject: [PATCH] build: update exported symbols map for libtss2-mu
Signed-off-by: Erik Larsson <who+github@cnackers.org>
---
lib/tss2-mu.def | 4 ++++
lib/tss2-mu.map | 4 ++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/tss2-mu.def b/lib/tss2-mu.def
index 36f4ba37b9fc..3c80cf225f77 100644
--- a/lib/tss2-mu.def
+++ b/lib/tss2-mu.def
@@ -226,6 +226,10 @@ EXPORTS
Tss2_MU_TPMU_PUBLIC_PARMS_Unmarshal
Tss2_MU_TPMU_PUBLIC_ID_Marshal
Tss2_MU_TPMU_PUBLIC_ID_Unmarshal
+ Tss2_MU_TPMU_NAME_Marshal
+ Tss2_MU_TPMU_NAME_Unmarshal
+ Tss2_MU_TPMU_ENCRYPTED_SECRET_Marshal
+ Tss2_MU_TPMU_ENCRYPTED_SECRET_Unmarshal
Tss2_MU_TPMT_HA_Marshal
Tss2_MU_TPMT_HA_Unmarshal
Tss2_MU_TPMT_SYM_DEF_Marshal
diff --git a/lib/tss2-mu.map b/lib/tss2-mu.map
index 8ac754ed096a..09d9317e6749 100644
--- a/lib/tss2-mu.map
+++ b/lib/tss2-mu.map
@@ -228,6 +228,8 @@
Tss2_MU_TPMU_PUBLIC_ID_Unmarshal;
Tss2_MU_TPMU_NAME_Marshal;
Tss2_MU_TPMU_NAME_Unmarshal;
+ Tss2_MU_TPMU_ENCRYPTED_SECRET_Marshal;
+ Tss2_MU_TPMU_ENCRYPTED_SECRET_Unmarshal;
Tss2_MU_TPMT_HA_Marshal;
Tss2_MU_TPMT_HA_Unmarshal;
Tss2_MU_TPMT_SYM_DEF_Marshal;
@@ -274,8 +276,6 @@
Tss2_MU_TPM2_NT_Unmarshal;
Tss2_MU_TPMI_ALG_HASH_Marshal;
Tss2_MU_TPMI_ALG_HASH_Unmarshal;
- Tss2_MU_TPMI_BYTE_Marshal;
- Tss2_MU_TPMI_BYTE_Unmarshal;
local:
*;
};
--
2.27.0

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,45 @@
From 0bd19b61c8cd07d03b6efffc05f95d5ec427a3d6 Mon Sep 17 00:00:00 2001
From: Tadeusz Struk <tadeusz.struk@intel.com>
Date: Tue, 14 Jan 2020 10:55:20 -0800
Subject: [PATCH] esys: fix Esys_StartAuthSession called with optional params
For an HMAC session if any of the optional params are ESYS_TR_NONE
we need to use the same tpm2_handles TPM2_RH_NULL (0x40000007)
as in the prepare call to correctly calculate cpHash and HMAC
values for the session.
Fixes: #1590
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
---
src/tss2-esys/api/Esys_StartAuthSession.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/tss2-esys/api/Esys_StartAuthSession.c b/src/tss2-esys/api/Esys_StartAuthSession.c
index 313604a2077c..3ccd842a7572 100644
--- a/src/tss2-esys/api/Esys_StartAuthSession.c
+++ b/src/tss2-esys/api/Esys_StartAuthSession.c
@@ -260,7 +260,19 @@ Esys_StartAuthSession_Async(
iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
/* Generate the auth values and set them in the SAPI command buffer */
- r = iesys_gen_auths(esysContext, tpmKeyNode, bindNode, NULL, &auths);
+
+ RSRC_NODE_T none;
+ size_t offset = 0;
+ none.rsrc.handle = TPM2_RH_NULL;
+ none.rsrc.rsrcType = IESYSC_WITHOUT_MISC_RSRC;
+ r = Tss2_MU_TPM2_HANDLE_Marshal(TPM2_RH_NULL,
+ none.rsrc.name.name,
+ sizeof(none.rsrc.name.name),
+ &offset);
+ return_state_if_error(r, _ESYS_STATE_INIT, "Marshaling TPM handle.");
+ none.rsrc.name.size = offset;
+ r = iesys_gen_auths(esysContext, tpmKeyNode ? tpmKeyNode : &none,
+ bindNode ? bindNode : &none, NULL, &auths);
return_state_if_error(r, _ESYS_STATE_INIT,
"Error in computation of auth values");
--
2.27.0

View File

@ -0,0 +1,29 @@
From 76641c1e6b016979973fead7a24bb8fca4ee8325 Mon Sep 17 00:00:00 2001
From: Johannes Holland <johannes.holland@infineon.com>
Date: Thu, 26 Sep 2019 09:46:09 +0100
Subject: [PATCH] esys: fix keysize of ECC curve TPM2_ECC_NISTP224
In esys_crypto_ossl.c, for the ECC curve TPM2_ECC_NISTP244 a key size of
38 is selected. However, 224 bit / 8 bit/byte = 28 byte.
Signed-off-by: Johannes Holland <johannes.holland@infineon.com>
---
src/tss2-esys/esys_crypto_ossl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
index 124501964ae7..3c5d86d69705 100644
--- a/src/tss2-esys/esys_crypto_ossl.c
+++ b/src/tss2-esys/esys_crypto_ossl.c
@@ -804,7 +804,7 @@ iesys_cryptossl_get_ecdh_point(TPM2B_PUBLIC *key,
break;
case TPM2_ECC_NIST_P224:
curveId = NID_secp224r1;
- key_size = 38;
+ key_size = 28;
break;
case TPM2_ECC_NIST_P256:
curveId = NID_X9_62_prime256v1;
--
2.27.0

View File

@ -0,0 +1,47 @@
From 380d5f9ec3aa1f5e456598fe66d275467660177b Mon Sep 17 00:00:00 2001
From: Tadeusz Struk <tadeusz.struk@intel.com>
Date: Thu, 16 Jan 2020 09:27:04 -0800
Subject: [PATCH] esys: fixup compute_encrypted_salt err handling in
Esys_StartAuthSession
Use return_state_if_error() macro for compute_encrypted_salt()
error handling in Esys_StartAuthSession to maintain the correct
context state.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
---
src/tss2-esys/api/Esys_StartAuthSession.c | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/src/tss2-esys/api/Esys_StartAuthSession.c b/src/tss2-esys/api/Esys_StartAuthSession.c
index 3ccd842a7572..1717928a717d 100644
--- a/src/tss2-esys/api/Esys_StartAuthSession.c
+++ b/src/tss2-esys/api/Esys_StartAuthSession.c
@@ -223,20 +223,15 @@ Esys_StartAuthSession_Async(
TSS2_RC r2;
r2 = iesys_compute_encrypted_salt(esysContext, tpmKeyNode,
&encryptedSaltAux);
- return_if_error(r2, "Error in parameter encryption.");
+ return_state_if_error(r2, _ESYS_STATE_INIT, "Error in parameter encryption.");
if (nonceCaller == NULL) {
r2 = iesys_crypto_hash_get_digest_size(authHash,&authHash_size);
- if (r2 != TSS2_RC_SUCCESS) {
- LOG_ERROR("Error: initialize auth session (%x).", r2);
- return r2;
- }
+ return_state_if_error(r2, _ESYS_STATE_INIT, "Error in hash_get_digest_size.");
+
r2 = iesys_crypto_random2b(&esysContext->in.StartAuthSession.nonceCallerData,
authHash_size);
- if (r2 != TSS2_RC_SUCCESS) {
- LOG_ERROR("Error: initialize auth session (%x).", r2);
- return r2;
- }
+ return_state_if_error(r2, _ESYS_STATE_INIT, "Error in crypto_random2b.");
esysContext->in.StartAuthSession.nonceCaller
= &esysContext->in.StartAuthSession.nonceCallerData;
nonceCaller = esysContext->in.StartAuthSession.nonceCaller;
--
2.27.0

View File

@ -0,0 +1,38 @@
From 1ec07af70925ece698b733d55dedd1d9878b70f2 Mon Sep 17 00:00:00 2001
From: Tadeusz Struk <tadeusz.struk@intel.com>
Date: Fri, 24 Jan 2020 19:05:34 -0800
Subject: [PATCH] esys: zero out ctx->salt after on startAuthSession_finish
The ctx->salt is used to calculate session key during
startAuthSession call if the caller pass a valid tpmKey
parameter. There salt is calculated in the _Async call
and the the session key is calculated in the _Finish call.
The problem is that if in the same context an unsalted
session is created after a salted session the ctx->salt
will still hold the old value and it will incorrectly
be used for session key calculation in the the subsequent
_Finish call. To fix this the salt needs to be set to
cleaned after no longer needed.
Fixes: #1574
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
---
src/tss2-esys/api/Esys_StartAuthSession.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/tss2-esys/api/Esys_StartAuthSession.c b/src/tss2-esys/api/Esys_StartAuthSession.c
index 1717928a717d..6367419d7c9a 100644
--- a/src/tss2-esys/api/Esys_StartAuthSession.c
+++ b/src/tss2-esys/api/Esys_StartAuthSession.c
@@ -497,6 +497,7 @@ Esys_StartAuthSession_Finish(
goto_if_error(r, "Marshal session name", error_cleanup);
sessionHandleNode->rsrc.name.size = offset;
+ memset(&esysContext->salt, '\0', sizeof(esysContext->salt));
esysContext->state = _ESYS_STATE_INIT;
return TSS2_RC_SUCCESS;
--
2.27.0

View File

@ -0,0 +1,62 @@
From 0bf42a4489973005ddd912a800dfb92eff2806e8 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Mon, 16 Sep 2019 17:12:23 -0700
Subject: [PATCH] esys_iutil: use memcmp in byte array comparison
Rather than a byte for byte forloop, use memcmp() so the compiler can
use architectural optimizations.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
src/tss2-esys/esys_iutil.c | 27 +++++----------------------
1 file changed, 5 insertions(+), 22 deletions(-)
diff --git a/src/tss2-esys/esys_iutil.c b/src/tss2-esys/esys_iutil.c
index 94d0332c5b7d..08a9b7dffcbd 100644
--- a/src/tss2-esys/esys_iutil.c
+++ b/src/tss2-esys/esys_iutil.c
@@ -35,23 +35,6 @@ cmp_UINT16(const UINT16 * in1, const UINT16 * in2)
}
}
-/**
- * Compare variables of type BYTE.
- * @param[in] in1 Variable to be compared with:
- * @param[in] in2
- */
-static bool
-cmp_BYTE(const BYTE * in1, const BYTE * in2)
-{
- LOG_TRACE("call");
- if (*in1 == *in2)
- return true;
- else {
- LOG_TRACE("cmp false");
- return false;
- }
-}
-
/**
* Compare two arrays of type BYTE.
* @param[in] in1 array to be compared with:.
@@ -65,12 +48,12 @@ cmp_BYTE_array(const BYTE * in1, size_t count1, const BYTE * in2, size_t count2)
LOG_TRACE("cmp false");
return false;
}
- for (size_t i = 0; i < count1; i++) {
- if (!cmp_BYTE(&in1[i], &in2[i])) {
- LOG_TRACE("cmp false");
- return false;
- }
+
+ if (memcmp(in1, in2, count2) != 0) {
+ LOG_TRACE("cmp false");
+ return false;
}
+
return true;
}
--
2.27.0

View File

@ -0,0 +1,71 @@
From 58ee0fd916671942e62ac9930f18225761a6dd66 Mon Sep 17 00:00:00 2001
From: Joe Richey <joerichey@google.com>
Date: Tue, 21 Jan 2020 20:04:45 -0800
Subject: [PATCH] mu: Remove use of VLAs for Marshalling TPML types
All of the `Tss2_MU_*_Marshal()` functions have the property that
`buffer` can be NULL, `offset` can be NULL, but both cannot be
NULL. Some Marshal functions check this directly (returning
`TSS2_MU_RC_BAD_REFERENCE` on error), but most do this by composing
existing Marshalling functions together.
The TMPL Marshal functions does things differently, it creates a local
VLA `local_buffer[buffer_size]` and uses that as the buffer pointer if
a NULL buffer is given. This is unnecessary, as this pointer is only
used for debug logging and passed to other Marshalling functions, which
will correctly handle a NULL buffer.
Note that the VLA in the existing code is of length `buffer_size` (the
length of the _entire_ buffer, _not_ the length of the data being
unmarshaled). This can potentially result in a very large stack
allocation, or stack overflow.
Signed-off-by: Joe Richey <joerichey@google.com>
---
src/tss2-mu/tpml-types.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/src/tss2-mu/tpml-types.c b/src/tss2-mu/tpml-types.c
index 9506a26efd14..ae1ed6177d75 100644
--- a/src/tss2-mu/tpml-types.c
+++ b/src/tss2-mu/tpml-types.c
@@ -29,8 +29,6 @@ TSS2_RC Tss2_MU_##type##_Marshal(type const *src, uint8_t buffer[], \
size_t local_offset = 0; \
UINT32 i, count = 0; \
TSS2_RC ret = TSS2_RC_SUCCESS; \
- uint8_t *buf_ptr = buffer; \
- uint8_t local_buffer[buffer_size]; \
\
if (offset != NULL) { \
LOG_TRACE("offset non-NULL, initial value: %zu", *offset); \
@@ -60,24 +58,21 @@ TSS2_RC Tss2_MU_##type##_Marshal(type const *src, uint8_t buffer[], \
LOG_WARNING("count too big"); \
return TSS2_SYS_RC_BAD_VALUE; \
} \
-\
- if (buf_ptr == NULL) \
- buf_ptr = local_buffer; \
\
LOG_DEBUG(\
"Marshalling " #type " from 0x%" PRIxPTR " to buffer 0x%" PRIxPTR \
" at index 0x%zx", \
(uintptr_t)&src, \
- (uintptr_t)buf_ptr, \
+ (uintptr_t)buffer, \
local_offset); \
\
- ret = Tss2_MU_UINT32_Marshal(src->count, buf_ptr, buffer_size, &local_offset); \
+ ret = Tss2_MU_UINT32_Marshal(src->count, buffer, buffer_size, &local_offset); \
if (ret) \
return ret; \
\
for (i = 0; i < src->count; i++) \
{ \
- ret = marshal_func(op src->buf_name[i], buf_ptr, buffer_size, &local_offset); \
+ ret = marshal_func(op src->buf_name[i], buffer, buffer_size, &local_offset); \
if (ret) \
return ret; \
} \
--
2.27.0

View File

@ -0,0 +1,29 @@
From 5ab8190843597ff6a255c59f91582e4dca117927 Mon Sep 17 00:00:00 2001
From: Jonas Witschel <diabonas@gmx.de>
Date: Thu, 21 Nov 2019 14:49:27 +0100
Subject: [PATCH] sys: match counter variable type for cmdAuthsArray->count
TSS2L_SYS_AUTH_COMMAND.count is defined as uint16_t, so the counter
variable should be uint16_t as well.
Signed-off-by: Jonas Witschel <diabonas@gmx.de>
---
src/tss2-sys/api/Tss2_Sys_SetCmdAuths.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tss2-sys/api/Tss2_Sys_SetCmdAuths.c b/src/tss2-sys/api/Tss2_Sys_SetCmdAuths.c
index 1bc3f3c2556f..d946c14e5cfb 100644
--- a/src/tss2-sys/api/Tss2_Sys_SetCmdAuths.c
+++ b/src/tss2-sys/api/Tss2_Sys_SetCmdAuths.c
@@ -20,7 +20,7 @@ TSS2_RC Tss2_Sys_SetCmdAuths(
const TSS2L_SYS_AUTH_COMMAND *cmdAuthsArray)
{
_TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
- uint8_t i;
+ uint16_t i;
UINT32 authSize = 0;
UINT32 newCmdSize = 0;
size_t authOffset;
--
2.27.0

View File

@ -0,0 +1,39 @@
From c42450a294c4267998aa16a477e9218ee5953aa9 Mon Sep 17 00:00:00 2001
From: Jeffrey Ferreira <jeffpferreira@gmail.com>
Date: Thu, 19 Sep 2019 13:32:00 -0700
Subject: [PATCH] tcti-device: getPollHandles should allow num_handles query
Signed-off-by: Jeffrey Ferreira <jeffpferreira@gmail.com>
---
src/tss2-tcti/tcti-device.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/tss2-tcti/tcti-device.c b/src/tss2-tcti/tcti-device.c
index 44c9fe2083d5..53a698cad061 100644
--- a/src/tss2-tcti/tcti-device.c
+++ b/src/tss2-tcti/tcti-device.c
@@ -368,12 +368,19 @@ tcti_device_get_poll_handles (
return TSS2_TCTI_RC_BAD_CONTEXT;
}
- if (handles == NULL || num_handles == NULL) {
+ if (num_handles == NULL) {
return TSS2_TCTI_RC_BAD_REFERENCE;
}
+ if (handles != NULL && *num_handles < 1) {
+ return TSS2_TCTI_RC_INSUFFICIENT_BUFFER;
+ }
+
*num_handles = 1;
- handles->fd = tcti_dev->fd;
+ if (handles != NULL) {
+ handles->fd = tcti_dev->fd;
+ }
+
return TSS2_RC_SUCCESS;
#else
(void)(tctiContext);
--
2.27.0

View File

@ -0,0 +1,39 @@
From ffca561b2de43df0a9f7f9c0e717fca943f2c38b Mon Sep 17 00:00:00 2001
From: Johannes Holland <joh.ho@gmx.de>
Date: Tue, 20 Aug 2019 16:58:09 +0200
Subject: [PATCH] tctildr: fix segmentation fault if name_conf is too big
When strlen(name_conf) is too big and logging is set to at least DEBUG,
tctildr_conf_parse will cause a segmentation fault. This happens when
the unit tests are run with logging set to DEBUG. Hence, the logging
call has to be done after the check for strlen(name_conf).
Signed-off-by: Johannes Holland <joh.ho@gmx.de>
---
src/tss2-tcti/tctildr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/tss2-tcti/tctildr.c b/src/tss2-tcti/tctildr.c
index 76248f358860..ff967317b57b 100644
--- a/src/tss2-tcti/tctildr.c
+++ b/src/tss2-tcti/tctildr.c
@@ -117,7 +117,6 @@ tctildr_conf_parse (const char *name_conf,
char *split;
size_t combined_length;
- LOG_DEBUG ("name_conf: \"%s\"", name_conf);
if (name_conf == NULL) {
LOG_ERROR ("'name_conf' param may NOT be NULL");
return TSS2_TCTI_RC_BAD_REFERENCE;
@@ -127,6 +126,8 @@ tctildr_conf_parse (const char *name_conf,
LOG_ERROR ("combined conf length must be between 0 and PATH_MAX");
return TSS2_TCTI_RC_BAD_VALUE;
}
+
+ LOG_DEBUG ("name_conf: \"%s\"", name_conf);
if (combined_length == 0)
return TSS2_RC_SUCCESS;
split = strchr (name_conf, ':');
--
2.27.0

View File

@ -1,6 +1,6 @@
Name: tpm2-tss
Version: 2.3.2
Release: 2%{?dist}
Release: 3%{?dist}
Summary: TPM2.0 Software Stack
# The entire source code is under BSD except implementation.h and tpmb.h which
@ -10,6 +10,20 @@ URL: https://github.com/tpm2-software/tpm2-tss
Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz
# patch submitted upstream https://github.com/tpm2-software/tpm2-tss/pull/1707
Patch0: 0001-man-Clean-up-libmandoc-parser-warnings.patch
# Upstream patches
Patch1: 0001-esys-Check-object-handle-node-before-calling-compute.patch
Patch2: 0001-build-update-exported-symbols-map-for-libtss2-mu.patch
Patch3: 0001-esys-fix-Esys_StartAuthSession-called-with-optional-.patch
Patch4: 0001-esys-fixup-compute_encrypted_salt-err-handling-in-Es.patch
Patch5: 0001-esys-zero-out-ctx-salt-after-on-startAuthSession_fin.patch
Patch6: 0001-mu-Remove-use-of-VLAs-for-Marshalling-TPML-types.patch
Patch7: 0001-esys_iutil-use-memcmp-in-byte-array-comparison.patch
Patch8: 0001-tcti-device-getPollHandles-should-allow-num_handles-.patch
Patch9: 0001-tctildr-fix-segmentation-fault-if-name_conf-is-too-b.patch
Patch10: 0001-esys-fix-keysize-of-ECC-curve-TPM2_ECC_NISTP224.patch
Patch11: 0001-Esys_CreateLoaded-fix-resource-name-calculation.patch
Patch12: 0001-sys-match-counter-variable-type-for-cmdAuthsArray-co.patch
Patch13: 0001-Return-proper-error-code-on-memory-allocation-failur.patch
%global udevrules_prefix 60-
@ -45,6 +59,17 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
%make_install
find %{buildroot}%{_libdir} -type f -name \*.la -delete
%pre
getent group tss >/dev/null || groupadd -f -g 59 -r tss
if ! getent passwd tss >/dev/null ; then
if ! getent passwd 59 >/dev/null ; then
useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
else
useradd -r -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
fi
fi
exit 0
%files
%doc README.md CHANGELOG.md
%license LICENSE
@ -91,6 +116,23 @@ use tpm2-tss.
%postun -p /sbin/ldconfig
%changelog
* Mon Nov 16 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 2.3.2-3
- Add tss user if doesn't exist.
- Update exported symbols map for libtss2-mu
- esys: Check object handle node before calling compute_session_value
- esys: fix resource name calculation
- esys: fix Esys_StartAuthSession called with optional params
- esys: fix keysize of ECC curve TPM2_ECC_NISTP224
- esys: fixup compute_encrypted_salt error handling
- esys: use memcmp in byte array comparison
- esys: zero out ctx->salt after startAuthSession_finish
- mu: Remove use of VLAs for Marshalling TPML types
- return proper error code on memory allocation failure
- sys: match counter variable type for cmdAuthsArray->count
- tcti-device: getPollHandles should allow num_handles query
- tctildr: fix segmentation fault if name_conf is too big
resolves: rhbz#1879071 rhbz#1855180
* Mon Apr 27 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 2.3.2-2
- Clean up libmandoc parser errors.
resolves: rhbz#1789684