From df0b6810b594e4dfbee17f57a7429086d3de365f Mon Sep 17 00:00:00 2001
From: jiangfangjie 00559066 <jiangfangjie@huawei.com>
Date: Mon, 19 Apr 2021 18:02:21 +0800
Subject: [PATCH 1/2] tpm2: CryptSym: fix AES output IV

The TPM is supposed to provide the output IV in the ivInOut parameter in
CryptSymmetricEncrypt. In the case of using the openssl routines, the
output IV is missed, and the resulting output from the TPM is in the
input IV.

OpenSSL unfortunately does not export EVP_CIPHER_CTX_iv() until
tags/OpenSSL_1_1_0, so we have to fall back to the reference code for
previous OpenSSL versions.

Fixes: CVE-2021-3446
buglink:https://bugzilla.redhat.com/show_bug.cgi?id=1939664

Signed-off-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: jiangfangjie 00559066 <jiangfangjie@huawei.com>
---
 0001-tpm2-CryptSym-fix-AES-output-IV.patch | 85 ++++++++++++++++++++++
 libtpms.spec                               | 11 ++-
 2 files changed, 95 insertions(+), 1 deletion(-)
 create mode 100644 0001-tpm2-CryptSym-fix-AES-output-IV.patch

diff --git a/0001-tpm2-CryptSym-fix-AES-output-IV.patch b/0001-tpm2-CryptSym-fix-AES-output-IV.patch
new file mode 100644
index 0000000..f1c2c36
--- /dev/null
+++ b/0001-tpm2-CryptSym-fix-AES-output-IV.patch
@@ -0,0 +1,85 @@
+From 8a1716c3bb18bac169f68d24cdd095cf617eb908 Mon Sep 17 00:00:00 2001
+From: root <root@localhost.localdomain>
+Date: Tue, 6 Apr 2021 16:22:04 +0800
+Subject: [PATCH] tpm2: CryptSym: fix AES output IV The TPM is supposed to
+ provide the output IV in the ivInOut parameter in CryptSymmetricEncrypt. In
+ the case of using the openssl routines, the output IV is missed, and the
+ resulting output from the TPM is in the input IV.
+
+OpenSSL unfortunately does not export EVP_CIPHER_CTX_iv() until
+tags/OpenSSL_1_1_0, so we have to fall back to the reference code for
+previous OpenSSL versions.
+
+Signed-off-by: William Roberts <william.c.roberts@intel.com>
+Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
+---
+ configure.ac                       |  1 +
+ src/tpm2/crypto/openssl/CryptSym.c | 19 +++++++++++++++++++
+ 2 files changed, 20 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 1bb45d1..0c57ef3 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -165,6 +165,7 @@ AS_IF([test "x$enable_use_openssl_functions" != "xno"], [
+ 	AC_CHECK_LIB([crypto], [EVP_aes_128_cbc],, not_found=1)
+ 	AC_CHECK_LIB([crypto], [EVP_des_ede3_cbc],, not_found=1)
+ 	AC_CHECK_LIB([crypto], [DES_random_key],, not_found=1)
++	AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_iv],, not_found=1)
+ 	if test "x$not_found" = "x0"; then
+ 		use_openssl_functions_symmetric=1
+ 		use_openssl_functions_for="symmetric (AES, TDES) "
+diff --git a/src/tpm2/crypto/openssl/CryptSym.c b/src/tpm2/crypto/openssl/CryptSym.c
+index 7aa90da..856def6 100644
+--- a/src/tpm2/crypto/openssl/CryptSym.c
++++ b/src/tpm2/crypto/openssl/CryptSym.c
+@@ -531,6 +531,7 @@ CryptSymmetricEncrypt(
+     BYTE                 keyToUse[MAX_SYM_KEY_BYTES];
+     UINT16               keyToUseLen = (UINT16)sizeof(keyToUse);
+     TPM_RC               retVal = TPM_RC_SUCCESS;
++    int                  ivLen;
+ 
+     pAssert(dOut != NULL && key != NULL && dIn != NULL);
+     if(dSize == 0)
+@@ -595,6 +596,14 @@ CryptSymmetricEncrypt(
+     if (EVP_EncryptFinal_ex(ctx, pOut + outlen1, &outlen2) != 1)
+         ERROR_RETURN(TPM_RC_FAILURE);
+ 
++    if (ivInOut) {
++        ivLen = EVP_CIPHER_CTX_iv_length(ctx);
++        if (ivLen < 0 || (size_t)ivLen > sizeof(ivInOut->t.buffer))
++            ERROR_RETURN(TPM_RC_FAILURE);
++
++        ivInOut->t.size = ivLen;
++        memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size);
++    }
+  Exit:
+     if (retVal == TPM_RC_SUCCESS && pOut != dOut)
+         memcpy(dOut, pOut, outlen1 + outlen2);
+@@ -636,6 +645,7 @@ CryptSymmetricDecrypt(
+     BYTE                 keyToUse[MAX_SYM_KEY_BYTES];
+     UINT16               keyToUseLen = (UINT16)sizeof(keyToUse);
+     TPM_RC               retVal = TPM_RC_SUCCESS;
++    int                  ivLen;
+ 
+     // These are used but the compiler can't tell because they are initialized
+     // in case statements and it can't tell if they are always initialized
+@@ -707,6 +717,15 @@ CryptSymmetricDecrypt(
+ 
+     pAssert((int)buffersize >= outlen1 + outlen2);
+ 
++    if (ivInOut) {
++        ivLen = EVP_CIPHER_CTX_iv_length(ctx);
++        if (ivLen < 0 || (size_t)ivLen > sizeof(ivInOut->t.buffer))
++            ERROR_RETURN(TPM_RC_FAILURE);
++
++        ivInOut->t.size = ivLen;
++        memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size);
++    }
++
+  Exit:
+     if (retVal == TPM_RC_SUCCESS) {
+         pAssert(dSize >= outlen1 + outlen2);
+-- 
+2.27.0
+
diff --git a/libtpms.spec b/libtpms.spec
index 32e2dd5..44401dd 100644
--- a/libtpms.spec
+++ b/libtpms.spec
@@ -2,7 +2,7 @@
 
 %define name      libtpms
 %define version   0.7.3
-%define release   1
+%define release   2
 
 # Valid crypto subsystems are 'freebl' and 'openssl'
 %if "%{?crypto_subsystem}" == ""
@@ -22,6 +22,8 @@ Url:            http://github.com/stefanberger/libtpms
 Source:         libtpms-%{version}.tar.gz
 Provides:       libtpms-%{crypto_subsystem} = %{version}-%{release}
 
+Patch0: 0001-tpm2-CryptSym-fix-AES-output-IV.patch
+
 %if "%{crypto_subsystem}" == "openssl"
 BuildRequires:  openssl-devel
 %else
@@ -71,6 +73,7 @@ Libtpms header files and documentation.
 
 %prep
 %setup -q
+%autopatch -p1
 
 %build
 
@@ -112,6 +115,12 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libtpms.la
 %postun -p /sbin/ldconfig
 
 %changelog
+* Mon Apr 5 2021 jiangfangjie <jiangfangjie@huawei.com> - 0.7.3-3
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DESC: fix CVE-2021-3446
+
 * Fri Aug 21 2020 jiangfangjie <jiangfangjie@huawei.com> - 0.7.3-1
 - Package init
 - Version of library is now 0.7.3
-- 
Gitee


From 0cfde26d9a38b93ff3041adf953f32e7e5a58007 Mon Sep 17 00:00:00 2001
From: JackJF <jiangfangjie@huawei.com>
Date: Thu, 16 Sep 2021 02:59:23 +0000
Subject: [PATCH 2/2] update libtpms.spec.

---
 libtpms.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libtpms.spec b/libtpms.spec
index 44401dd..4cc9bda 100644
--- a/libtpms.spec
+++ b/libtpms.spec
@@ -115,7 +115,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libtpms.la
 %postun -p /sbin/ldconfig
 
 %changelog
-* Mon Apr 5 2021 jiangfangjie <jiangfangjie@huawei.com> - 0.7.3-3
+* Mon Apr 5 2021 jiangfangjie <jiangfangjie@huawei.com> - 0.7.3-2
 - Type:CVE
 - ID:NA
 - SUG:NA
-- 
Gitee