Changeset 98878 in vbox for trunk/src/libs
- Timestamp:
- Mar 8, 2023 12:37:11 PM (22 months ago)
- Location:
- trunk/src/libs
- Files:
-
- 1 deleted
- 17 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/libs/Makefile.kmk
r98735 r98878 82 82 && !defined(VBOX_ONLY_BUILD) \ 83 83 && ("$(SDK_VBoxLibTpms_INCS)" == "$(SDK_VBoxLibTpms_DEFAULT_INCS)") 84 include $(PATH_SUB_CURRENT)/libtpms-0.9. 0/Makefile.kmk84 include $(PATH_SUB_CURRENT)/libtpms-0.9.6/Makefile.kmk 85 85 endif 86 86 -
trunk/src/libs/libtpms-0.9.6
- Property svn:mergeinfo
-
old new 21 21 /branches/dsen/gui4/src/libs/libtpms-0.9.0:155183-155185,155187,155198,155200-155201,155205,155228,155235,155243,155248,155282,155285,155287-155288,155311,155316,155336,155342,155344,155437-155438,155441,155443,155488,155509-155513,155526-155527,155559,155572,155576-155577,155592-155593 22 22 /trunk/src/src/libs/libtpms-0.9.0:92342,154921 23 /vendor/libtpms/0.9.6:156204-156205 24 /vendor/libtpms/current:147277-156203
-
- Property svn:mergeinfo
-
trunk/src/libs/libtpms-0.9.6/CHANGES
r91612 r98878 1 1 CHANGES - changes for libtpms 2 3 version 0.9.6: 4 - tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018) 5 6 version 0.9.5: 7 - tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore 8 - tpm2: Fix a potential overflow expression (coverity) 9 - tpm2: Fix size check in CryptSecretDecrypt 10 11 version 0.9.4: 12 - tpm: #undef printf in case it is #define'd (OSS-Fuzz) 13 - tpm2: Check return code of BN_div() 14 - tpm2: Initialize variables due to gcc complaint (s390x, false positive) 15 - tpm12: Initialize variables due to gcc complaint (s390x, false positive) 16 - build-sys: Fix configure script to support _FORTIFY_SOURCE=3 17 18 version 0.9.3: 19 - build-sys: Add probing for -fstack-protector 20 - tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size 21 (OSSL 3) 22 23 version 0.9.2: 24 - tpm2: When writing state initialize s_ContextSlotMask if not set 25 26 version 0.9.1: 27 - tpm2: Do not write permanent state if only clock changed 28 - tpm2: Fix "maybe-uninitialized" warning 2 29 3 30 version 0.9.0: -
trunk/src/libs/libtpms-0.9.6/configure.ac
r91612 r98878 4 4 # See the LICENSE file for the license associated with this file. 5 5 6 AC_INIT([libtpms],[0.9. 0])6 AC_INIT([libtpms],[0.9.6]) 7 7 AC_PREREQ([2.69]) 8 8 AC_CONFIG_SRCDIR(Makefile.am) … … 285 285 286 286 if test "x$enable_hardening" != "xno"; then 287 # Some versions of gcc fail with -Wstack-protector enabled 288 TMP="$($CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>&1)" 289 if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then 290 HARDENING_CFLAGS="-fstack-protector " 287 # Some versions of gcc fail with -Wstack-protector, 288 # some with -Wstack-protector-strong enabled 289 if ! $CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>/dev/null; then 290 if $CC -fstack-protector $srcdir/include/libtpms/tpm_error.h 2>/dev/null; then 291 HARDENING_CFLAGS="-fstack-protector " 292 fi 291 293 else 292 294 HARDENING_CFLAGS="-fstack-protector-strong " 293 295 fi 294 296 295 dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2 296 TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')" 297 TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')" 298 if test -z "$TMP1" && test -n "$TPM2"; then 299 HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 " 297 dnl Only support -D_FORTIFY_SOURCE=2 and have higher levels passed in by user 298 dnl since they may create more overhead 299 if $CC $CFLAGS -Werror -D_FORTIFY_SOURCE=2 $srcdir/include/libtpms/tpm_library.h 2>/dev/null; then 300 HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2" 300 301 fi 301 302 dnl Check linker for 'relro' and 'now' -
trunk/src/libs/libtpms-0.9.6/debian/changelog
r91612 r98878 1 libtpms (0.9.6) RELEASED; urgency=high 2 3 - tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018) 4 5 -- Stefan Berger <[email protected]> Tue, 28 Feb 2023 09:00:00 -0500 6 7 libtpms (0.9.5) RELEASED; urgency=medium 8 9 - tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore 10 - tpm2: Fix a potential overflow expression (coverity) 11 - tpm2: Fix size check in CryptSecretDecrypt 12 13 -- Stefan Berger <[email protected]> Fri, 01 Jul 2022 09:00:00 -0500 14 15 libtpms (0.9.4) RELEASED; urgency=medium 16 17 - tpm: #undef printf in case it is #define'd (OSS-Fuzz) 18 - tpm2: Check return code of BN_div() 19 - tpm2: Initialize variables due to gcc complaint (s390x, false positive) 20 - tpm12: Initialize variables due to gcc complaint (s390x, false positive) 21 - build-sys: Fix configure script to support _FORTIFY_SOURCE=3 22 23 -- Stefan Berger <[email protected]> Mon, 25 Apr 2022 09:00:00 -0500 24 25 libtpms (0.9.3) RELEASED; urgency=medium 26 27 - build-sys: Add probing for -fstack-protector 28 - tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size (OSSL 3) 29 30 -- Stefan Berger <[email protected]> Mon, 07 Mar 2022 09:00:00 -0500 31 32 libtpms (0.9.2) RELEASED; urgency=medium 33 34 * tpm2: When writing state initialize s_ContextSlotMask if not set 35 36 -- Stefan Berger <[email protected]> Thu, 06 Jan 2022 09:00:00 -0500 37 38 libtpms (0.9.1) RELEASED; urgency=medium 39 40 * tpm2: Do not write permanent state if only clock changed 41 42 -- Stefan Berger <[email protected]> Wed, 24 Nov 2021 09:00:00 -0500 43 1 44 libtpms (0.9.0) RELEASED; urgency=medium 2 45 -
trunk/src/libs/libtpms-0.9.6/dist/libtpms.spec
r91612 r98878 2 2 3 3 %define name libtpms 4 %define version 0.9. 05 %define release 0~dev14 %define version 0.9.6 5 %define release 1 6 6 7 7 # Valid crypto subsystems are 'freebl' and 'openssl' … … 113 113 114 114 %changelog 115 * Tue Feb 28 2023 Stefan Berger - 0.9.6-1 116 - tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018) 117 118 * Fri Jul 01 2022 Stefan Berger - 0.9.5-1 119 - Release of version 0.9.5 120 121 * Mon Apr 25 2022 Stefan Berger - 0.9.4-1 122 - Release of version 0.9.4 123 124 * Mon Mar 07 2022 Stefan Berger - 0.9.3-1 125 - Release of version 0.9.3 126 127 * Thu Jan 06 2022 Stefan Berger - 0.9.2-1 128 - Release of version 0.9.2 129 130 * Wed Nov 24 2021 Stefan Berger - 0.9.1-1 131 - Release of version 0.9.1 132 115 133 * Wed Sep 29 2021 Stefan Berger - 0.9.0-1 116 134 - Release of version 0.9.0 (rev. 164) -
trunk/src/libs/libtpms-0.9.6/dist/libtpms.spec.in
r91612 r98878 3 3 %define name @PACKAGE@ 4 4 %define version @VERSION@ 5 %define release 0~dev15 %define release 1 6 6 7 7 # Valid crypto subsystems are 'freebl' and 'openssl' … … 113 113 114 114 %changelog 115 * Tue Feb 28 2023 Stefan Berger - 0.9.6-1 116 - tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018) 117 118 * Fri Jul 01 2022 Stefan Berger - 0.9.5-1 119 - Release of version 0.9.5 120 121 * Mon Apr 25 2022 Stefan Berger - 0.9.4-1 122 - Release of version 0.9.4 123 124 * Mon Mar 07 2022 Stefan Berger - 0.9.3-1 125 - Release of version 0.9.3 126 127 * Thu Jan 06 2022 Stefan Berger - 0.9.2-1 128 - Release of version 0.9.2 129 130 * Wed Nov 24 2021 Stefan Berger - 0.9.1-1 131 - Release of version 0.9.1 132 115 133 * Wed Sep 29 2021 Stefan Berger - 0.9.0-1 116 134 - Release of version 0.9.0 (rev. 164) -
trunk/src/libs/libtpms-0.9.6/include/libtpms/tpm_library.h
r91612 r98878 51 51 #define TPM_LIBRARY_VER_MAJOR 0 52 52 #define TPM_LIBRARY_VER_MINOR 9 53 #define TPM_LIBRARY_VER_MICRO 053 #define TPM_LIBRARY_VER_MICRO 6 54 54 55 55 #define TPM_LIBRARY_VERSION_GEN(MAJ, MIN, MICRO) \ -
trunk/src/libs/libtpms-0.9.6/src/tpm12/tpm_nvram.c
r91612 r98878 1291 1291 TPM_BOOL isGPIO = FALSE; 1292 1292 BYTE *gpioData = NULL; 1293 TPM_NV_DATA_SENSITIVE *d1NvdataSensitive ;1293 TPM_NV_DATA_SENSITIVE *d1NvdataSensitive = NULL; 1294 1294 uint32_t s1Last; 1295 1295 -
trunk/src/libs/libtpms-0.9.6/src/tpm2/BnMath.c
r91612 r98878 427 427 while(bn->size <= offset) 428 428 bn->d[bn->size++] = 0; 429 bn->d[offset] |= ( crypt_uword_t)(1 << RADIX_MOD(bitNum));429 bn->d[offset] |= ((crypt_uword_t)1 << RADIX_MOD(bitNum)); 430 430 return TRUE; 431 431 } -
trunk/src/libs/libtpms-0.9.6/src/tpm2/CryptUtil.c
r91612 r98878 733 733 } 734 734 // make sure secret will fit 735 if(secret->t.size > data->t.size)735 if(secret->t.size > sizeof(data->t.buffer)) 736 736 return TPM_RC_FAILURE; 737 737 data->t.size = secret->t.size; … … 831 831 TPM2B_HMAC_KEY key; // decryption key 832 832 UINT32 cipherSize = 0; // size of cipher text 833 834 if (leadingSizeInByte > bufferSize) 835 return TPM_RC_INSUFFICIENT; 836 833 837 // Retrieve encrypted data size. 834 838 if(leadingSizeInByte == 2) … … 838 842 cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); 839 843 buffer = &buffer[2]; // advance the buffer 844 bufferSize -= 2; 840 845 } 841 846 #ifdef TPM4B … … 845 850 cipherSize = BYTE_ARRAY_TO_UINT32(buffer); 846 851 buffer = &buffer[4]; //advance pointer 852 bufferSize -= 4; 847 853 } 848 854 #endif -
trunk/src/libs/libtpms-0.9.6/src/tpm2/Marshal.c
r91612 r98878 2196 2196 { 2197 2197 UINT16 written = 0; 2198 BYTE *sizePtr ;2198 BYTE *sizePtr = NULL; 2199 2199 2200 2200 if (buffer != NULL) { -
trunk/src/libs/libtpms-0.9.6/src/tpm2/NVMarshal.c
r91612 r98878 1435 1435 for (i = 0; i < array_size; i++) 1436 1436 written += UINT16_Marshal(&data->contextArray[i], buffer, size); 1437 1438 if (s_ContextSlotMask != 0x00ff && s_ContextSlotMask != 0xffff) { 1439 /* TPM wasn't initialized, so s_ContextSlotMask wasn't set */ 1440 s_ContextSlotMask = 0xffff; 1441 } 1437 1442 written += UINT16_Marshal(&s_ContextSlotMask, buffer, size); 1438 1443 … … 3893 3898 NV_HEADER hdr; 3894 3899 UINT32 array_size; 3895 UINT32 exp_array_size ;3900 UINT32 exp_array_size = 0; 3896 3901 3897 3902 if (rc == TPM_RC_SUCCESS) { -
trunk/src/libs/libtpms-0.9.6/src/tpm2/Time.c
r91612 r98878 137 137 // update the time 138 138 go.clock = newTime; 139 140 /* libtpms: Changing the clock alone does not cause the permanent 141 * state to be written to storage, there must be other 142 * reasons as well. 143 */ 144 UPDATE_TYPE old_g_updateNV = g_updateNV; // libtpms added 145 139 146 NvWrite(NV_ORDERLY_DATA, sizeof(go), &go); 147 148 g_updateNV = old_g_updateNV; // libtpms added 140 149 } 141 150 else -
trunk/src/libs/libtpms-0.9.6/src/tpm2/crypto/openssl/CryptRsa.c
r91612 r98878 1357 1357 ERROR_RETURN(TPM_RC_FAILURE); 1358 1358 memcpy(tmp, label->buffer, label->size); 1359 if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0) 1360 ERROR_RETURN(TPM_RC_FAILURE); 1359 1361 } 1360 // label->size == 0 is supported1361 if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)1362 ERROR_RETURN(TPM_RC_FAILURE);1363 1362 tmp = NULL; 1364 1363 break; -
trunk/src/libs/libtpms-0.9.6/src/tpm2/crypto/openssl/Helpers.c
r91612 r98878 440 440 ERROR_RETURN(TPM_RC_FAILURE) 441 441 442 RSA_set_flags(rsakey, RSA_FLAG_NO_BLINDING);443 444 442 retVal = TPM_RC_SUCCESS; 445 443 … … 522 520 /* Q = N/P; no remainder */ 523 521 BN_set_flags(P, BN_FLG_CONSTTIME); // P is secret 524 BN_div(Q, Qr, N, P, ctx); 525 if(!BN_is_zero(Qr)) 522 if (!BN_div(Q, Qr, N, P, ctx) || !BN_is_zero(Qr)) 526 523 ERROR_RETURN(TPM_RC_BINDING); 527 524 BN_set_flags(Q, BN_FLG_CONSTTIME); // Q is secret -
trunk/src/libs/libtpms-0.9.6/src/tpm_debug.h
r91612 r98878 67 67 #endif 68 68 69 #ifdef printf 70 # undef printf 71 #endif 69 72 #define printf(...) TPMLIB_LogPrintf(__VA_ARGS__); 70 73
Note:
See TracChangeset
for help on using the changeset viewer.