security/tpm: Use correct hash digest lengths
TPMU_HA is a union of all the different hash digests, and so sizeof(TPMU_HA) evaluates to 64 (the size of the largest one). This will lead to out-of-bounds writes when copying smaller digests, so use the specific digest size for each algorithm. Change-Id: Ic9101f157d5a19836b200ecd99f060de552498d2 Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Found-by: Coverity CID 14049{49,50,51,52,53,54,55,56,57,58,60,61,62} Reviewed-on: https://review.coreboot.org/c/coreboot/+/35287 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
This commit is contained in:
parent
5f1786fc9c
commit
c563d34fc1
|
@ -219,12 +219,12 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
|
||||||
case VB2_HASH_SHA1:
|
case VB2_HASH_SHA1:
|
||||||
tpml_digests.digests[0].hashAlg = TPM_ALG_SHA1;
|
tpml_digests.digests[0].hashAlg = TPM_ALG_SHA1;
|
||||||
memcpy(tpml_digests.digests[0].digest.sha1,
|
memcpy(tpml_digests.digests[0].digest.sha1,
|
||||||
digest, sizeof(TPMU_HA));
|
digest, SHA1_DIGEST_SIZE);
|
||||||
break;
|
break;
|
||||||
case VB2_HASH_SHA256:
|
case VB2_HASH_SHA256:
|
||||||
tpml_digests.digests[0].hashAlg = TPM_ALG_SHA256;
|
tpml_digests.digests[0].hashAlg = TPM_ALG_SHA256;
|
||||||
memcpy(tpml_digests.digests[0].digest.sha256,
|
memcpy(tpml_digests.digests[0].digest.sha256,
|
||||||
digest, sizeof(TPMU_HA));
|
digest, SHA256_DIGEST_SIZE);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
return TPM_E_IOERROR;
|
return TPM_E_IOERROR;
|
||||||
|
|
|
@ -148,27 +148,27 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
|
||||||
case TPM_ALG_SHA1:
|
case TPM_ALG_SHA1:
|
||||||
memcpy(pcr_ext_cmd.digests.digests[i].digest.sha1,
|
memcpy(pcr_ext_cmd.digests.digests[i].digest.sha1,
|
||||||
tpml_digests->digests[i].digest.sha1,
|
tpml_digests->digests[i].digest.sha1,
|
||||||
sizeof(TPMU_HA));
|
SHA1_DIGEST_SIZE);
|
||||||
break;
|
break;
|
||||||
case TPM_ALG_SHA256:
|
case TPM_ALG_SHA256:
|
||||||
memcpy(pcr_ext_cmd.digests.digests[i].digest.sha256,
|
memcpy(pcr_ext_cmd.digests.digests[i].digest.sha256,
|
||||||
tpml_digests->digests[i].digest.sha256,
|
tpml_digests->digests[i].digest.sha256,
|
||||||
sizeof(TPMU_HA));
|
SHA256_DIGEST_SIZE);
|
||||||
break;
|
break;
|
||||||
case TPM_ALG_SHA384:
|
case TPM_ALG_SHA384:
|
||||||
memcpy(pcr_ext_cmd.digests.digests[i].digest.sha384,
|
memcpy(pcr_ext_cmd.digests.digests[i].digest.sha384,
|
||||||
tpml_digests->digests[i].digest.sha384,
|
tpml_digests->digests[i].digest.sha384,
|
||||||
sizeof(TPMU_HA));
|
SHA384_DIGEST_SIZE);
|
||||||
break;
|
break;
|
||||||
case TPM_ALG_SHA512:
|
case TPM_ALG_SHA512:
|
||||||
memcpy(pcr_ext_cmd.digests.digests[i].digest.sha512,
|
memcpy(pcr_ext_cmd.digests.digests[i].digest.sha512,
|
||||||
tpml_digests->digests[i].digest.sha512,
|
tpml_digests->digests[i].digest.sha512,
|
||||||
sizeof(TPMU_HA));
|
SHA512_DIGEST_SIZE);
|
||||||
break;
|
break;
|
||||||
case TPM_ALG_SM3_256:
|
case TPM_ALG_SM3_256:
|
||||||
memcpy(pcr_ext_cmd.digests.digests[i].digest.sm3_256,
|
memcpy(pcr_ext_cmd.digests.digests[i].digest.sm3_256,
|
||||||
tpml_digests->digests[i].digest.sm3_256,
|
tpml_digests->digests[i].digest.sm3_256,
|
||||||
sizeof(TPMU_HA));
|
SM3_256_DIGEST_SIZE);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue