diff --git a/backport-CVE-2024-29040-FAPI-Fix-check-of-magic-.patch b/backport-CVE-2024-29040-FAPI-Fix-check-of-magic-.patch deleted file mode 100644 index 4f35fc35bd3d5cc3534bce1a0e0e950de04e0ceb..0000000000000000000000000000000000000000 --- a/backport-CVE-2024-29040-FAPI-Fix-check-of-magic-.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 710cd0b6adf3a063f34a8e92da46df7a107d9a99 Mon Sep 17 00:00:00 2001 -From: Juergen Repp -Date: Tue, 31 Oct 2023 11:08:41 +0100 -Subject: [PATCH] FAPI: Fix check of magic number in verify quote. - -After deserializing the quote info it was not checked whether -the magic number in the attest is equal TPM2_GENERATED_VALUE. -So an malicious attacker could generate arbitrary quote data -which was not detected by Fapi_VerifyQuote. -Now the number magic number is checket in verify quote and also -in the deserialization of TPM2_GENERATED. -The check is also added to the Unmarshal function for TPMS_ATTEST. - -Fixes: CVE-2024-29040 - -Signed-off-by: Juergen Repp -Signed-off-by: Andreas Fuchs ---- - src/tss2-fapi/api/Fapi_VerifyQuote.c | 5 +++++ - src/tss2-fapi/tpm_json_deserialize.c | 11 +++++++++-- - src/tss2-mu/tpms-types.c | 23 ++++++++++++++++++++++- - 3 files changed, 36 insertions(+), 3 deletions(-) - -diff --git a/src/tss2-fapi/api/Fapi_VerifyQuote.c b/src/tss2-fapi/api/Fapi_VerifyQuote.c -index 8a0e119c..50474c6b 100644 ---- a/src/tss2-fapi/api/Fapi_VerifyQuote.c -+++ b/src/tss2-fapi/api/Fapi_VerifyQuote.c -@@ -289,6 +289,11 @@ Fapi_VerifyQuote_Finish( - &command->fapi_quote_info); - goto_if_error(r, "Get quote info.", error_cleanup); - -+ if (command->fapi_quote_info.attest.magic != TPM2_GENERATED_VALUE) { -+ goto_error(r, TSS2_FAPI_RC_SIGNATURE_VERIFICATION_FAILED, -+ "Attest without TPM2 generated value", error_cleanup); -+ } -+ - /* Verify the signature over the attest2b structure. */ - r = ifapi_verify_signature_quote(&key_object, - command->signature, -diff --git a/src/tss2-fapi/tpm_json_deserialize.c b/src/tss2-fapi/tpm_json_deserialize.c -index 4c45458a..1b27a83f 100644 ---- a/src/tss2-fapi/tpm_json_deserialize.c -+++ b/src/tss2-fapi/tpm_json_deserialize.c -@@ -698,6 +698,7 @@ ifapi_json_TPM2_GENERATED_deserialize(json_object *jso, TPM2_GENERATED *out) - const char *s = json_object_get_string(jso); - const char *str = strip_prefix(s, "TPM_", "TPM2_", "GENERATED_", NULL); - LOG_TRACE("called for %s parsing %s", s, str); -+ TSS2_RC r; - - if (str) { - for (size_t i = 0; i < sizeof(tab) / sizeof(tab[0]); i++) { -@@ -707,8 +708,14 @@ ifapi_json_TPM2_GENERATED_deserialize(json_object *jso, TPM2_GENERATED *out) - } - } - } -- -- return ifapi_json_UINT32_deserialize(jso, out); -+ r = ifapi_json_UINT32_deserialize(jso, out); -+ return_if_error(r, "Could not deserialize UINT32"); -+ if (*out != TPM2_GENERATED_VALUE) { -+ return_error2(TSS2_FAPI_RC_BAD_VALUE, -+ "Value %x not equal TPM self generated value %x", -+ *out, TPM2_GENERATED_VALUE); -+ } -+ return TSS2_RC_SUCCESS; - } - - /** Deserialize a TPM2_ALG_ID json object. -diff --git a/src/tss2-mu/tpms-types.c b/src/tss2-mu/tpms-types.c -index 3ad72520..56aca0c3 100644 ---- a/src/tss2-mu/tpms-types.c -+++ b/src/tss2-mu/tpms-types.c -@@ -22,6 +22,27 @@ - #define VAL - #define TAB_SIZE(tab) (sizeof(tab) / sizeof(tab[0])) - -+static TSS2_RC -+TPM2_GENERATED_Unmarshal( -+ uint8_t const buffer[], -+ size_t buffer_size, -+ size_t *offset, -+ TPM2_GENERATED *magic) -+{ -+ TPM2_GENERATED mymagic = 0; -+ TSS2_RC rc = Tss2_MU_UINT32_Unmarshal(buffer, buffer_size, offset, &mymagic); -+ if (rc != TSS2_RC_SUCCESS) { -+ return rc; -+ } -+ if (mymagic != TPM2_GENERATED_VALUE) { -+ LOG_ERROR("Bad magic in tpms_attest"); -+ return TSS2_SYS_RC_BAD_VALUE; -+ } -+ if (magic != NULL) -+ *magic = mymagic; -+ return TSS2_RC_SUCCESS; -+} -+ - #define TPMS_PCR_MARSHAL(type, firstFieldMarshal) \ - TSS2_RC \ - Tss2_MU_##type##_Marshal(const type *src, uint8_t buffer[], \ -@@ -1219,7 +1240,7 @@ TPMS_MARSHAL_7_U(TPMS_ATTEST, - attested, ADDR, Tss2_MU_TPMU_ATTEST_Marshal) - - TPMS_UNMARSHAL_7_U(TPMS_ATTEST, -- magic, Tss2_MU_UINT32_Unmarshal, -+ magic, TPM2_GENERATED_Unmarshal, - type, Tss2_MU_TPM2_ST_Unmarshal, - qualifiedSigner, Tss2_MU_TPM2B_NAME_Unmarshal, - extraData, Tss2_MU_TPM2B_DATA_Unmarshal, --- -2.33.0 - diff --git a/tpm2-tss-4.0.1.tar.gz b/tpm2-tss-4.0.1.tar.gz deleted file mode 100644 index 30a661fc6f6759db93b7909ca4cc6d86d31ebce1..0000000000000000000000000000000000000000 Binary files a/tpm2-tss-4.0.1.tar.gz and /dev/null differ diff --git a/tpm2-tss-4.0.2.tar.gz b/tpm2-tss-4.0.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..c4d9f8230173616422dc31ca35b53948e4354e11 Binary files /dev/null and b/tpm2-tss-4.0.2.tar.gz differ diff --git a/tpm2-tss.spec b/tpm2-tss.spec index b57c08bb90952f03d7020a105b35162c8429f626..6e9c4e561b4ec656dc55855bbf090ebee1738df8 100644 --- a/tpm2-tss.spec +++ b/tpm2-tss.spec @@ -1,16 +1,26 @@ +%bcond_with tests + Name: tpm2-tss -Version: 4.0.1 -Release: 2 +Version: 4.0.2 +Release: 1 Summary: TPM2.0 Software Stack -License: BSD +License: BSD-2-Clause URL: https://github.com/tpm2-software/tpm2-tss Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz Patch0001: backport-FAPI-Skip-test-fapi-fix-provisioning-with-template-i.patch -Patch0002: backport-CVE-2024-29040-FAPI-Fix-check-of-magic-.patch -BuildRequires: gcc-c++ autoconf-archive libtool pkgconfig systemd libgcrypt-devel openssl-devel doxygen json-c-devel libcurl-devel util-linux-devel -BuildRequires: curl >= 7.80.0 libcmocka-devel iproute uthash-devel swtpm +BuildRequires: gcc-c++ make +BuildRequires: pkgconfig(cmocka) >= 1.0 +BuildRequires: pkgconfig(json-c) +BuildRequires: pkgconfig(libcrypto) >= 1.1.0 +BuildRequires: pkgconfig(libcurl) +BuildRequires: pkgconfig(uuid) +BuildRequires: libtpms-devel +BuildRequires: uthash-devel +BuildRequires: /usr/bin/swtpm +BuildRequires: /usr/sbin/ss +BuildRequires: doxygen %description tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system @@ -19,12 +29,11 @@ APIs which provides TPM2.0 specified APIs for applications to access TPM module %package devel Summary: Headers and libraries for building apps that use tpm2-tss Requires: %{name} = %{version}-%{release} +Obsoletes: %{name}-static < %{version}-%{release} + %description devel It contains headers and static libraries for tpm2-tss. -Provides: %{name}-static -Obsoletes: %{name}-static - %package_help %prep @@ -33,47 +42,39 @@ Obsoletes: %{name}-static %build %configure --disable-static --disable-silent-rules --with-udevrulesdir=%{_udevrulesdir} --with-udevrulesprefix=80- \ --with-runstatedir=%{_rundir} --with-tmpfilesdir=%{_tmpfilesdir} --with-sysusersdir=%{_sysusersdir} \ - --enable-unit --enable-integration + %{?with_tests:--enable-unit --enable-integration} %make_build %install -rm -rf %{buildroot} %make_install +%delete_la %check -make check - -%pre - -%preun - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig +%make_build check %files -%defattr(-,root,root) %doc README.md CHANGELOG.md %license LICENSE %{_sysconfdir}/tpm2-tss/ %{_sysusersdir}/tpm2-tss.conf %{_tmpfilesdir}/tpm2-tss-fapi.conf %{_libdir}/*.so.* -%{_libdir}/*.so %{_udevrulesdir}/80-tpm-udev.rules %files devel -%defattr(-,root,root) %{_includedir}/* -%{_libdir}/*.la +%{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %files help -%defattr(-,root,root) %{_mandir}/man*/* %changelog +* Thu Oct 03 2024 Funda Wang - 4.0.2-1 +- update to 4.0.2 +- disable test for now due to it produces linking errors when enabling LTO + * Wed May 8 2024 jinlun - 4.0.1-2 - fix CVE-2024-29040 and fix test check error diff --git a/tpm2-tss.yaml b/tpm2-tss.yaml index a6af7d3e3b28205b86adfd115b8472749dc54898..e9e6ace15236d0f6d6d00d492771491673cddfc6 100644 --- a/tpm2-tss.yaml +++ b/tpm2-tss.yaml @@ -1,4 +1,4 @@ version_control: github src_repo: "tpm2-software/tpm2-tss" tag_prefix: -seperator: +separator: