Please upgrade to at least libtpms-0.7.2
12 views
Skip to first unread message
Stefan Berger
Jul 21, 2020, 9:46:14 PM7/21/20
to libtpms-...@googlegroups.com
Due to bugfixes in the TPM 2 code it is recommended to update to
libtpms-0.7.2 or later if using libtpms-0.7.x. The reason is that under
certain circumstances RSA decryption could cause stack corruption and
would terminate swtpm via a segfault in libtpms.
From the changelog of libtpms 0.7.2:
version 0.7.2
- Fix output buffer parameter and size for RSA decryption that could
cause
stack corruption under certain circumstances
- Set the RSA PSS salt length to the digest length rather than max.
possible
- Fixes to symmetric decryption related to input size check,
defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
to always use a temporary malloc'ed buffer for decryption
Regards,
Stefan
libtpms-0.7.2 or later if using libtpms-0.7.x. The reason is that under
certain circumstances RSA decryption could cause stack corruption and
would terminate swtpm via a segfault in libtpms.
From the changelog of libtpms 0.7.2:
version 0.7.2
- Fix output buffer parameter and size for RSA decryption that could
cause
stack corruption under certain circumstances
- Set the RSA PSS salt length to the digest length rather than max.
possible
- Fixes to symmetric decryption related to input size check,
defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
to always use a temporary malloc'ed buffer for decryption
Regards,
Stefan
Reply all
Reply to author
Forward
0 new messages