Address the following Coverity complaint (1550494) by filtering out bad
input values:
"Expression i--, which is equal to 65535, where i is known to be equal
to 0, underflows the type that receives it, an unsigned integer 16 bits
wide."
aSize is typcially 2048 and n is always >= 1 per the input parameter.
Therefore no side-effects are expected from this filter.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint:
"Expression command->sessionNum - 1U, which is equal to 4294967295,
where command->sessionNum is known to be equal to 0, underflows the
type that receives it, an unsigned integer 32 bits wide."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint by removing assignment to offset:
"Assigning value from offset + 148UL to offset here, but that stored
value is overwritten before it can be used."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint:
"Using uninitialized value rsa3072_object. Field rsa3072_object._pad is
uninitialized when calling MemoryCopy."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Resolve the following Coverity complaint:
"Using uninitialized value eccPublic when calling TPMS_ECC_POINT_Unmarshal."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fedora Rawhide and CentOS 10 do not support OpenSSL engine anymore.
Therefore, replace include of engine.h with err.h since the engine is not
needed anyway but we only need the prototype of ERR_get_error_line_data.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Replace the check for several session attributes flags with a call
to IsCpHashUnionOccupied.
Note that the existing check for
session->u1.cpHash.b.size != 0 || session->attributes.isCpHashDefined
can be replaced with just session->attributes.isCpHashDefined since
isCpHashDefined is always assigned '1' (SET) when session.u1.cpHash
is given a value. isCpHashDefined is reset in SessionResetPolicyData()
as part of resetting all attribute flags and cpHash size is set to 0.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This fixes the build with LibreSSL 3.9.0 where many implicit
declarations for BN_, EVP_ and RSA_ functions occur which were
implicitly included before.
Signed-off-by: orbea <orbea@riseup.net>
Convert an OBJECT to a byte buffer suitable for writing into NVRAM
by calling NvObjectToBuffer and then copy the buffer into NVRAM.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Instead of copying an OBJECT directly from memory into NVRAM memory
determine the type of OBJECT (RSA vs. ECC etc.) and marshal the OBJECT
as ANY_OBJECT into a buffer and copy the buffer into NVRAM. To maintain
backwards compatibility copy RSA keys with size 3072 and smaller
directly into NVRAM (OBJECT is copied as before).
When reading an OBJECT out of NVRAM try to unmarshal it as an
ANY_OBJECT first and if this does not work it is with great likelyhood
an RSA3072_OBJECT that needs to be copied from NVRAM and than
transformed into an OBJECT.
The new marshalling of OBJECTS will only be used once RSA 4096 keys
are enabled or other changes to the code are made.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Introduce the #define MAX_MARSHALLED_OBJECT_SIZE to be used for a size of
a byte buffer that is supposed to hold a marshalled OBJECT. The number
is not exact but provides for a 'safe' size of a buffer.
Add a test case to check that MAX_MARSHALLED_OBJECT_SIZE is sufficient.
The test case needs access to ANY_OBJECT_Marshal, which is only available
when -static can be used for linking since otherwise the function is
private to the library. Static linking the test case does not work when
test-coverage is enabled, therefore disable statically linked test cases
in when test-coverage is enabled and give control to the user to disable
statically linked test cases in other cases as well.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Take a snapshot of the current OBJECT and call this RSA3072_OBJECT that
gets its own set of dependent datatypes that represent the current
OBJECT's dependent datatypes and only fit an RSA 3072 object (or smaller).
This allows for extension to RSA 4096 or possibly later on to
quantum-safe crypto keys that may also be stored in an OBJECT.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Only convert the private exponent for an RSA key and initialize
the privateExponent with zeros otherwise.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
After adding BOOL allowNull parameter to TPMI_ECC_CURVE_Unmarshal rearrange
the order in which this command is listed in the unmarshalArray so that the
caller passes an addtional parameter to this function now.
Also add a fuzzer test case.
Fixes: 44f0cb0535 ("rev180: Sync TPMI_ECC_CURVE_Unmarshal")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The new TPM 2 code casts bigNum's to Crypt_Int, which has an array 'd' of
type 'crypt_uword_t[2]' which then leads to the following types of errors
that we haven't found another solution for so far.
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-2675de6341d4e056d04ab49179b8e5b8bd456589
/src/libtpms/src/tpm2/crypto/openssl/CryptPrime.c:377:20: runtime error: index 23 out of bounds for type 'crypt_uword_t[2]' (aka 'unsigned long[2]')
#0 0x5b4196 in RsaAdjustPrimeCandidate_New libtpms/src/tpm2/crypto/openssl/CryptPrime.c:377:20
#1 0x5b4196 in RsaAdjustPrimeCandidate libtpms/src/tpm2/crypto/openssl/CryptPrime.c:405:9
#2 0x5b4366 in TpmRsa_GeneratePrimeForRSA libtpms/src/tpm2/crypto/openssl/CryptPrime.c:454:6
#3 0x590953 in CryptRsaGenerateKey libtpms/src/tpm2/crypto/openssl/CryptRsa.c:1433:9
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
NvReadObject knows how to read an OBJECT from NVRAM, so use it instead
of the low-level NvRead(). This prepares the code for possibly larger
OBJECTs in NVRAM in the future that may have been marshalled before
they were written into NVRAM (such as RSA 4096 keys or possibly keys
from QC if they will be stored in OBJECTs).
The call to NvReadObject() requires that the ref in NvReadObject points
to the handle of an NV_ENTRY_HEADER. An NV_ENTRY_HEADER looks like this:
typedef struct {
UINT32 size;
TPM_HANDLE handle;
} NV_ENTRY_HEADER;
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check -lcrypto for availability of the more recent
EC_POINT_get_affine_coordinates function and use a #define to call it
instead of the older EC_POINT_get_affine_coordinates_GFp. Make the
same change to EC_POINT_set_affine_coordinates_GFp.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
