rpms/tpm2-tss
7
0
Fork 0
Code Issues Pull Requests Releases Activity
32e693db6f
tpm2-tss/0005-FAPI-Fix-missing-parameter-encryption-for-some-HMAC-.patch
Štěpán Horáček 94b2079a24 Rebase to 3.2.2 
Resolves: CVE-2023-22745
Resolves: rhbz#2160307
Resolves: rhbz#2162613

Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
2023-06-28 17:14:03 +02:00

60 lines
2.5 KiB
Diff
Raw Blame History

From c7cd976e7152e3f5aaa813aaebf4ab1e5d9b1f3e Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Sun, 5 Mar 2023 19:19:22 +0100
Subject: [PATCH 05/10] FAPI: Fix missing parameter encryption for some HMAC
sessions.
* For Fapi_CreateNv and Fap_NvSetBits the parameter encryption was not enabled.
* For Fapi_Unseal the response description was not enabled.
Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
src/tss2-fapi/api/Fapi_CreateNv.c | 2 +-
src/tss2-fapi/api/Fapi_NvSetBits.c | 2 +-
src/tss2-fapi/fapi_util.c | 3 ++-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/tss2-fapi/api/Fapi_CreateNv.c b/src/tss2-fapi/api/Fapi_CreateNv.c
index 45e72e33..8160b99d 100644
--- a/src/tss2-fapi/api/Fapi_CreateNv.c
+++ b/src/tss2-fapi/api/Fapi_CreateNv.c
@@ -399,7 +399,7 @@ Fapi_CreateNv_Finish(
context->primary_state = PRIMARY_INIT;
r = ifapi_get_sessions_async(context,
IFAPI_SESSION_GENEK | IFAPI_SESSION1,
- 0, 0);
+ TPMA_SESSION_DECRYPT, 0);
goto_if_error_reset_state(r, "Create sessions", error_cleanup);
fallthrough;
diff --git a/src/tss2-fapi/api/Fapi_NvSetBits.c b/src/tss2-fapi/api/Fapi_NvSetBits.c
index 0615aa12..adf332e0 100644
--- a/src/tss2-fapi/api/Fapi_NvSetBits.c
+++ b/src/tss2-fapi/api/Fapi_NvSetBits.c
@@ -282,7 +282,7 @@ Fapi_NvSetBits_Finish(
/* Prepare session for authorization */
r = ifapi_get_sessions_async(context,
IFAPI_SESSION_GENEK | IFAPI_SESSION1,
- 0, 0);
+ TPMA_SESSION_DECRYPT, 0);
goto_if_error_reset_state(r, "Create sessions", error_cleanup);
fallthrough;
diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c
index 55ce3327..ef4a92d0 100644
--- a/src/tss2-fapi/fapi_util.c
+++ b/src/tss2-fapi/fapi_util.c
@@ -2743,7 +2743,8 @@ ifapi_load_key(
/* Prepare the session creation. */
r = ifapi_get_sessions_async(context,
IFAPI_SESSION_GENEK | IFAPI_SESSION1,
- TPMA_SESSION_DECRYPT, 0);
+ TPMA_SESSION_DECRYPT | TPMA_SESSION_ENCRYPT,
+ 0);
goto_if_error_reset_state(r, "Create sessions", error_cleanup);
fallthrough;
--
2.41.0
Reference in New Issue View Git Blame Copy Permalink