Add a caching layer to GetEVPCipher() to avoid having to call evpfn()
mulitple times. Instead, return the 'const EVP_CIPHER *' that a single
call to evpfn() (for a particular algorithm + mode + key size) returned
and cache it for subsequent calls.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Replace usage of deprecated DES_random_key() with EVP_CIPHER API calls.
These newer calls are much more time consuming than the deprecated call.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When building the tests with `make check` and slibtool the tests will
then all fail to load libtpms.so.0.
$ ./base64decode
/tmp/libtpms/tests/.libs/base64decode: error while loading shared libraries: libtpms.so.0: cannot open shared object file: No such file or directory
This happens because they are linked with -ltpms rather than the
libtpms.la file which has unexpected results with slibtool. GNU libtool
does some magic to make this work while slibtool fails to link the
dependency.
The correct way to link internal dependencies is directly with the
libtool archive (.la) files where the -lfoo linker flags should be only
used with external dependencies. Additionally -no-undefined is added to
the LDFLAGS to ensure there aren't undefined references in the future.
Note:
* This doesn't happen if libtpms is installed to the system and the tests
find the already installs libtpms rather than the newly built library.
* GNU libtool silently ignores -no-undefined, but slibtool will respect
it.
Signed-off-by: orbea <orbea@riseup.net>
This reverts commit 9afebc712a.
The issue is that opensslv.h is not included and thus the
OPENSSL_VERSION_NUMBER is not getting set.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Delay the creation of the EVP_PKEY in InitOpenSSLRSAPrivateKey
so that we can create the key with all the parameters at once.
We have to do this since with the OpenSSL 3.0 API we cannot set
parameters after the initial creation of the key anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Get the BIGNUMs N and E from an RSA key OBJECT. The purpose of
this refactoring is be able to reuse the new function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement BuildRSAKey for building an RSA EVP_PKEY from copies
of the BIGNUMs it gets passed. This way it is clear that the
caller has to free the BIGNUMs it passed itself also in case of
error returned by BuildRSAKey.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Exit the loop when the variable could not be filled with data from the
byte stream. This avoids accessing the variable 'element' in case it
wasn't initialized. The old could would have accessed the possibly
uninitialized variable but exited the loop immediately after.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Only access the entrysize variable if it was read from the buffer. In case
of an error just head towards the exit. Previously, an error would also
have lead the function to do no more useful processing and exited it with
an error code bug Coverity complains that the entrysize variable would be
access while it wasn't initialized.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Update the description of the tpm_io_getlocality() callback function
that the TPM 2 code invokes to get the currently active locality.
It is expected that the called software is trusted and returns a valid
locality number at all times and thus also always return TPM_SUCCESS.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check the secret size against the size of the buffer, not the size
member that has not been set yet.
Reported by Coverity.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
In TPM_NVRAM_LoadData(), there is an unlikely path where the function
will return an error code but still expect the caller to free the
allocated data. At least some of the callers don't handle this correctly
so ensure that the caller only needs to free data if the function
returns success.
Reported by Coverity.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
The build environment used by OSS-Fuzz reports this error.
In file included from /src/libtpms/src/tpm_debug.c:42:
/src/libtpms/src/tpm_debug.h:69:9: error: 'printf' macro redefined [-Werror,-Wmacro-redefined]
#define printf(...) TPMLIB_LogPrintf(__VA_ARGS__);
: ^
/usr/include/x86_64-linux-gnu/bits/stdio2.h:110:11: note: previous definition is here
# define printf(...) \
^
1 error generated.
The simple fix is to #undef printf in case it is #define'd.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
gcc 12.1 supports _FORTIFY_SOURCE=3. Modify the existing check for whether
_FORTIFY_SOURCE=2 can be used to test compile with the user provided
CFLAGS and only add _D_FORTIFY_SOURCE=2 to the HARDENING_CFLAGS if the
user doesn't provide anything that's not compatible.
Following an online article _FORTIFY_SOURCE=3 may add more overhead, so
we only go up to level 2 for now and let build servers or user provide
the higher level via the CFLAGS.
https://developers.redhat.com/blog/2021/04/16/broadening-compiler-checks-for-buffer-overflows-in-_fortify_source#what_s_next_for__fortify_source
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Address an issue reported by cppcheck that raises the issue that
tpm_state_path could be NULL when the #define TPM_NV_DISK is not set.
Require that the #define TPM_NV_DISK always be set.
Resolves: https://github.com/stefanberger/libtpms/issues/313
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Initialize a variable in ExecuteCommand following Coverity report
CID 1461252.
Down the callpath as reported in CID 1461252 in
TPMI_ST_COMMAND_TAG_Unmarshal() the passed-in value of
TPMI_ST_COMMAND_TAG *target is stored and possibly restored later on in
case of failure. Coverity complains that the variable is uninitialized.
While this is correct, there's no harm reading the uninitialized value
from the structure and possibly restoring it later on while not doing
anything else with it otherwise. Therefore, it's a false positive.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Initialize a variable in TPM2_PolicyAuthorizeNV() following Coverity
report CID 1470811.
Down the callpath as reported in CID 1470811 in TPMI_ALG_HASH_Unmarshal()
the passed-in value of TPMI_ALG_HASH *target is stored and possibly
restored later on in case of failure. Coverity complains that the variable
is uninitialized. While this is correct, there's no harm reading the
uninitialized value from the structure and possibly restoring it later
on while not doing anything else with it otherwise. Therefore, it's a
false positive.
Resolves: https://github.com/stefanberger/libtpms/issues/311
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Initialize a variable in USER_NVRAM_Unmarshal() follow Coverity
report CID 1470812.
Down the callpath as reported in CID 1470812 in TPMA_NV_Unmarshal() the
passed-in value of TPMA_NV *target is stored and possibly restored later
on in case of failure. Coverity complains that the variable is
uninitialized. While this is correct, there's no harm reading the
uninitialized value from the structure and possibly restoring it later
on while not doing anything else with it otherwise. Therefore, it's a
false positive.
Resolves: https://github.com/stefanberger/libtpms/issues/310
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add probing for -fstack-protector to the existing
-fstack-protector-strong since not all platforms support either one
of them.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Openssl 3.0 did return an error if EVP_PKEY_CTX_set0_rsa_oaep_label was called
with label size 0. The function should only be called if the size of the label
is greater 0.
With this fix TPM2_RSA_Encrypt/Decrypt did work with OpenSSL 1.1 and 3.0
for encryption without label.
Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
