Add the implementation for TPM2_ECC_Encrypt/Decrypt. It cannot be
easily enabled due to possible downgrading requirements and also
issues with size-expansion of the PERSISTENT_DATA.auditCommands from
14 to 15 bytes.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Sync with upstream to fix issue in CryptParameterEncryption() from TPM 2
errate v1.4 2.6.1:
"The functions CryptParameterEncryption() and CryptParameterDecryption() in
the reference code in Part 4, 10.2.6.6.5 and 10.2.6.6.6 do not correctly
check the size of the parameter buffer to be encrypted or decrypted. To fix
the issue, the functions should be corrected to check that the parameter
buffer (a TPM2B type field) is at least 2 bytes in length and should use
the function UINT16_Unmarshal() to read the size of the buffer instead of"
BYTE_ARRAY_TO_UINT16().
[...]
The fixed CryptParameterEncryption() function will enter failure mode and
return TPM_RC_FAILURE if the internal response buffer does not contain
enough data for the UINT16 size field."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix the following issue from TPM 2 errata v1.4 2.6.3:
"The function CryptGenerateKeyDes() in the reference code in Part 4,
0.2.9.2.3 does not correctly check the symmetric key size provided in the
sensitive parameter. To fix the issue, the function will check that the
size of the requested TDES key is a multiple of 8 bytes or otherwise the
TPM will return TPM_RC_SYMMETRIC."
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix the missing buffer size check that the TPM 2 errata v1.4 mentions in
2.6.2 by adding a buffer size check before reading 2 bytes from a
TPM2B_NAME buffer. There's no known CVE for this.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check that there are sufficient bytes in the buffer before reading the
cipherSize from it. Also, reduce the bufferSize variable by the number
of bytes that make up the cipherSize to avoid reading and writing bytes
beyond the buffer in subsequent steps that do in-place decryption.
This fixes CVE-2023-1017 & CVE-2023-1018.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a caching layer to GetEVPCipher() to avoid having to call evpfn()
mulitple times. Instead, return the 'const EVP_CIPHER *' that a single
call to evpfn() (for a particular algorithm + mode + key size) returned
and cache it for subsequent calls.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Replace usage of deprecated DES_random_key() with EVP_CIPHER API calls.
These newer calls are much more time consuming than the deprecated call.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This reverts commit 9afebc712a.
The issue is that opensslv.h is not included and thus the
OPENSSL_VERSION_NUMBER is not getting set.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Delay the creation of the EVP_PKEY in InitOpenSSLRSAPrivateKey
so that we can create the key with all the parameters at once.
We have to do this since with the OpenSSL 3.0 API we cannot set
parameters after the initial creation of the key anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Get the BIGNUMs N and E from an RSA key OBJECT. The purpose of
this refactoring is be able to reuse the new function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement BuildRSAKey for building an RSA EVP_PKEY from copies
of the BIGNUMs it gets passed. This way it is clear that the
caller has to free the BIGNUMs it passed itself also in case of
error returned by BuildRSAKey.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Exit the loop when the variable could not be filled with data from the
byte stream. This avoids accessing the variable 'element' in case it
wasn't initialized. The old could would have accessed the possibly
uninitialized variable but exited the loop immediately after.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Only access the entrysize variable if it was read from the buffer. In case
of an error just head towards the exit. Previously, an error would also
have lead the function to do no more useful processing and exited it with
an error code bug Coverity complains that the entrysize variable would be
access while it wasn't initialized.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check the secret size against the size of the buffer, not the size
member that has not been set yet.
Reported by Coverity.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
In TPM_NVRAM_LoadData(), there is an unlikely path where the function
will return an error code but still expect the caller to free the
allocated data. At least some of the callers don't handle this correctly
so ensure that the caller only needs to free data if the function
returns success.
Reported by Coverity.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
The build environment used by OSS-Fuzz reports this error.
In file included from /src/libtpms/src/tpm_debug.c:42:
/src/libtpms/src/tpm_debug.h:69:9: error: 'printf' macro redefined [-Werror,-Wmacro-redefined]
#define printf(...) TPMLIB_LogPrintf(__VA_ARGS__);
: ^
/usr/include/x86_64-linux-gnu/bits/stdio2.h:110:11: note: previous definition is here
# define printf(...) \
^
1 error generated.
The simple fix is to #undef printf in case it is #define'd.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Address an issue reported by cppcheck that raises the issue that
tpm_state_path could be NULL when the #define TPM_NV_DISK is not set.
Require that the #define TPM_NV_DISK always be set.
Resolves: https://github.com/stefanberger/libtpms/issues/313
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Initialize a variable in ExecuteCommand following Coverity report
CID 1461252.
Down the callpath as reported in CID 1461252 in
TPMI_ST_COMMAND_TAG_Unmarshal() the passed-in value of
TPMI_ST_COMMAND_TAG *target is stored and possibly restored later on in
case of failure. Coverity complains that the variable is uninitialized.
While this is correct, there's no harm reading the uninitialized value
from the structure and possibly restoring it later on while not doing
anything else with it otherwise. Therefore, it's a false positive.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Initialize a variable in TPM2_PolicyAuthorizeNV() following Coverity
report CID 1470811.
Down the callpath as reported in CID 1470811 in TPMI_ALG_HASH_Unmarshal()
the passed-in value of TPMI_ALG_HASH *target is stored and possibly
restored later on in case of failure. Coverity complains that the variable
is uninitialized. While this is correct, there's no harm reading the
uninitialized value from the structure and possibly restoring it later
on while not doing anything else with it otherwise. Therefore, it's a
false positive.
Resolves: https://github.com/stefanberger/libtpms/issues/311
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Initialize a variable in USER_NVRAM_Unmarshal() follow Coverity
report CID 1470812.
Down the callpath as reported in CID 1470812 in TPMA_NV_Unmarshal() the
passed-in value of TPMA_NV *target is stored and possibly restored later
on in case of failure. Coverity complains that the variable is
uninitialized. While this is correct, there's no harm reading the
uninitialized value from the structure and possibly restoring it later
on while not doing anything else with it otherwise. Therefore, it's a
false positive.
Resolves: https://github.com/stefanberger/libtpms/issues/310
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Openssl 3.0 did return an error if EVP_PKEY_CTX_set0_rsa_oaep_label was called
with label size 0. The function should only be called if the size of the label
is greater 0.
With this fix TPM2_RSA_Encrypt/Decrypt did work with OpenSSL 1.1 and 3.0
for encryption without label.
Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
