tpm2: Filter-out unusable and runtime-disabled curves

Allow completely arbitrary TPM_ECC_CURVE's to be passed to RuntimeAlgorithmKeySizeCheckEnabled by checking that its value lies within the bitfield and if it doesn't return a FALSE. Out-of-bounds values passed to TEST_BIT would have caused a pAssert failure. Call this function now early from CryptCapGetOneECCCurve that now can pass any value as a TPM_ECC_CRUVE without causing a failure when filtering out disabled or runtime unusable curves. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2026-01-06 10:08:18 +00:00 · 2024-07-20 00:38:16 -04:00 · 2024-07-20 00:38:16 -04:00 · c47b17e209
commit c47b17e209
parent 3327a145fa
2 changed files with 11 additions and 1 deletions
--- a/src/tpm2/RuntimeAlgorithm.c
+++ b/src/tpm2/RuntimeAlgorithm.c
@ -536,7 +536,9 @@ RuntimeAlgorithmKeySizeCheckEnabled(struct RuntimeAlgorithm *RuntimeAlgorithm,
 	return FALSE;

    if (algId == TPM_ALG_ECC) {
-	if (!TEST_BIT(curveId, RuntimeAlgorithm->enabledEccCurves)) {
+	if ((curveId >> 3) >= sizeof(RuntimeAlgorithm->enabledEccCurves) ||
+	    !TestBit(curveId, RuntimeAlgorithm->enabledEccCurves,
+	             sizeof(RuntimeAlgorithm->enabledEccCurves))) {
 	    return FALSE;
 	}
    }
--- a/src/tpm2/crypto/openssl/CryptEccMain.c
+++ b/src/tpm2/crypto/openssl/CryptEccMain.c
@ -216,6 +216,14 @@ BOOL CryptCapGetOneECCCurve(TPM_ECC_CURVE curveID  // IN: the  ECC curve
 {
    UINT16 i;

+    if (!CryptEccIsCurveRuntimeUsable(curveID) ||	// libtpms added begin
+	!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,
+					     TPM_ALG_ECC,
+					     CryptEccGetKeySizeForCurve(curveID),
+					     curveID,
+					     g_RuntimeProfile.stateFormatLevel))
+	return FALSE;					// libtpms added end
+
    // Scan the eccCurveValues array
    for(i = 0; i < ECC_CURVE_COUNT; i++)
 	{