!36 uptdate to version 5.4

From: @yunjia_w Reviewed-by: @huangzq6 Signed-off-by: @huangzq6
2022-12-21 09:43:30 +00:00 · 2022-12-21 09:43:30 +00:00 · 2564681824
commit 2564681824
parent c87aaa27c5 d0a4bcb1cf
5 changed files with 7 additions and 95 deletions
--- a/backport-CVE-2021-3565.patch
+++ b/backport-CVE-2021-3565.patch
@ -1,46 +0,0 @@
 From c069e4f179d5e6653a84fb236816c375dca82515 Mon Sep 17 00:00:00 2001
 From: William Roberts <william.c.roberts@intel.com>
 Date: Fri, 21 May 2021 12:22:31 -0500
 Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
 tpm2_import used a fixed AES key for the inner wrapper, which means that
 a MITM attack would be able to unwrap the imported key. Even the
 use of an encrypted session will not prevent this. The TPM only
 encrypts the first parameter which is the fixed symmetric key.
 To fix this, ensure the key size is 16 bytes or bigger and use
 OpenSSL to generate a secure random AES key.
 Fixes: #2738
 Signed-off-by: William Roberts <william.c.roberts@intel.com>
 ---
 tools/tpm2_import.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)
 diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
 index cfb6f20..f44326c 100644
 --- a/tools/tpm2_import.c
 +++ b/tools/tpm2_import.c
@@ -118,7 +118,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
     TPM2B_DATA enc_sensitive_key = {
         .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
     };
 -    memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
 +
 +    if(enc_sensitive_key.size < 16) {
 +        LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
 +        return tool_rc_general_error;
 +    }
 +
 +    int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
 +    if (ossl_rc != 1) {
 +        LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
 +        return tool_rc_general_error;
 +    }
     /*
      * Calculate the object name.
 -- 
 1.8.3.1
--- a/backport-Don-t-assume-end-of-argv-is-NULL.patch
+++ b/backport-Don-t-assume-end-of-argv-is-NULL.patch
@ -1,43 +0,0 @@
 From fb1e0d98eca5279bf33304deedd9019b0130393a Mon Sep 17 00:00:00 2001
 From: Erik Larsson <who+github@cnackers.org>
 Date: Sat, 21 Nov 2020 10:59:13 +0100
 Subject: [PATCH] Don't assume end of argv is NULL
 On a musl based system argv[optind] && strcmp(...) where optind > argc might read random memory and segfault.
 Signed-off-by: Erik Larsson <who+github@cnackers.org>
 ---
 lib/tpm2_options.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/lib/tpm2_options.c b/lib/tpm2_options.c
 index e9aaa0364..9fa583c60 100644
 --- a/lib/tpm2_options.c
 +++ b/lib/tpm2_options.c
@@ -300,7 +300,7 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv,
             if (argv[optind - 1]) {
                 if (!strcmp(argv[optind - 1], "--help=no-man") ||
                     !strcmp(argv[optind - 1], "-h=no-man") ||
 -                    (argv[optind] && !strcmp(argv[optind], "no-man"))) {
 +                    (argc < optind && !strcmp(argv[optind], "no-man"))) {
                     manpager = false;
                     optind++;
                 /*
@@ -309,7 +309,7 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv,
                  */
                 } else if (!strcmp(argv[optind - 1], "--help=man") ||
                            !strcmp(argv[optind - 1], "-h=man") ||
 -                           (argv[optind] && !strcmp(argv[optind], "man"))) {
 +                           (argc < optind && !strcmp(argv[optind], "man"))) {
                     manpager = true;
                     explicit_manpager = true;
                     optind++;
@@ -318,7 +318,7 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv,
                      * argv[0] = "tool name"
                      * argv[1] = "--help" argv[2] = 0
                      */
 -                    if (!argv[optind] && argc == 2) {
 +                    if (optind >= argc && argc == 2) {
                         manpager = false;
                     } else {
                         /*
--- a/tpm2-tools-5.0.tar.gz
+++ b/tpm2-tools-5.0.tar.gz
--- a/tpm2-tools-5.4.tar.gz
+++ b/tpm2-tools-5.4.tar.gz
--- a/tpm2-tools.spec
+++ b/tpm2-tools.spec
@ -1,13 +1,11 @@
 Name:          tpm2-tools
-Version:       5.0
+Version:       5.4
-Release:       5
+Release:       1
 Summary:       A TPM2.0 testing tool based on TPM2.0-TSS
 License:       BSD
 URL:           https://github.com/tpm2-software/tpm2-tools
 Source0:       https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/%{name}-%{version}.tar.gz
 Patch0:        backport-Don-t-assume-end-of-argv-is-NULL.patch
 Patch1:        backport-CVE-2021-3565.patch
 BuildRequires: gcc-c++ libtool autoconf-archive pkgconfig(cmocka) pkgconfig(libcurl) pkgconfig(openssl)
 BuildRequires: pkgconfig(tss2-mu) pkgconfig(tss2-sys) pkgconfig(tss2-esys) pkgconfig(uuid) libgcrypt
@ -49,16 +47,19 @@ make check
 %files
 %defattr(-,root,root)
-%license doc/LICENSE
+%license docs/LICENSE
 %{_bindir}/*
 %{_datadir}/bash-completion/completions/tpm2*
 %{_datadir}/bash-completion/completions/tss2*
 %files help
-%doc README.md doc/CHANGELOG.md
+%doc docs/README.md docs/CHANGELOG.md
 %{_mandir}/*/*
 %changelog
 * Tue Dec 20 2022 wangyunjia <yunjia.wang@huawei.com> - 5.4-1
 - update to 5.4
 * Mon Sep 27 2021 fuanan <fuanan3@huawei.com> - 5.0-5
 - fix CVE-2021-3565