Fix Fenrir findings #342, #354, #539, #540, #548, #549, #550, #551, #552, #881, #882, #887

   - #342: Add ForceZero for rsaKey/rng in wolfTPM2_EncryptSecret_RSA
   - #354: Reorder NULL checks in wolfTPM2_EncryptSecret
   - #539: Fix incorrect ASN.1 version tag validation in TPM2_ASN_DecodeX509Cert
   - #540: Add buffer size check in tpm2_ifx_cap_vendor_get
   - #548: Add ForceZero for inPad in wolfTPM2_PK_RsaSign
   - #549: Fix integer overflow in wolfTPM2_UnloadHandles loop
   - #550: Add minimum size check in TPM2_ASN_RsaUnpadPkcsv15
   - #551: Limit multi-byte ASN.1 length to 3 bytes in TPM2_ASN_GetLength_ex
   - #552: Add NULL checks for out/outSz in wolfTPM2_ExportPublicKeyBuffer
   - #881: Remove dead code in wolfTPM2_NVCreateAuthPolicy
   - #882: Fix printf format specifier (0x%d -> 0x%x) in wolfTPM2_NVCreateAuthPolicy
   - #887: Add bounds check for GPIO config count in TPM2_GPIO_Config

Author: aidangarske

src/tpm2.c

@@ -5558,7 +5558,8 @@ int TPM2_GPIO_Config(GpioConfig_In* in)
     TPM2_CTX* ctx = TPM2_GetActiveCtx();
     UINT32 i;
 
-    if (ctx == NULL || in == NULL || ctx->session == NULL)
+    if (ctx == NULL || in == NULL || ctx->session == NULL ||
+        in->config.count > MAX_GPIO_COUNT)
         return BAD_FUNC_ARG;
 
     rc = TPM2_AcquireLock(ctx);

src/tpm2_asn.c

@@ -56,7 +56,7 @@ int TPM2_ASN_GetLength_ex(const uint8_t* input, word32* inOutIdx, int* len,
     b = input[idx++];
     if (b >= TPM2_ASN_LONG_LENGTH) {
         word32 bytes = b & 0x7F;
-        if ((idx + bytes) > maxIdx) {
+        if (bytes > 3 || (idx + bytes) > maxIdx) {
             return TPM_RC_INSUFFICIENT;
         }
         while (bytes--) {
@@ -188,8 +188,8 @@ int TPM2_ASN_DecodeX509Cert(uint8_t* input, int inputSz,
     }
 
     if (rc >= 0) {
-        /* check version == 1 */
-        if (input[idx] != TPM2_ASN_INTEGER && input[idx] != 1) {
+        /* check version tag is INTEGER */
+        if (input[idx] != TPM2_ASN_INTEGER) {
             rc = TPM_RC_VALUE;
         }
     }
@@ -356,6 +356,8 @@ int TPM2_ASN_RsaUnpadPkcsv15(uint8_t** pSig, int* sigSz)
     uint8_t* sig = *pSig;
     int idx = 0;
 
+    if (*sigSz < 3) return rc;
+
     if (sig[idx++] == 0x00 && sig[idx++] == 0x01) {
         while (idx < *sigSz) {
             if (sig[idx] != 0xFF)

src/tpm2_cryptocb.c

@@ -856,6 +856,7 @@ int wolfTPM2_PK_RsaSign(WOLFSSL* ssl,
                     inPad, inPadSz,
                     out, (int*)outSz);
             }
+            TPM2_ForceZero(inPad, sizeof(inPad));
         }
         wc_FreeRsaKey(&rsapub);
     }

src/tpm2_wrap.c

@@ -810,7 +810,7 @@ static int tpm2_ifx_cap_vendor_get(WOLFTPM2_CAPS* cap, uint32_t property,
     if (rc == TPM_RC_SUCCESS) {
         TPM2B_MAX_BUFFER* buf = &out.capabilityData.data.vendor;
         /* 4 bytes=count + 2 bytes=len + vendor value */
-        if (buf->buffer[3] == 1 && buf->buffer[5] == valSz) {
+        if (buf->size >= (int)(6 + valSz) && buf->buffer[3] == 1 && buf->buffer[5] == valSz) {
             XMEMCPY(val, &buf->buffer[6], valSz);
             if (valSz == 2) {
                 *((uint16_t*)val) = be16_to_cpu(*((uint16_t*)val));
@@ -1615,6 +1615,8 @@ static int wolfTPM2_EncryptSecret_RSA(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* tpm
 
     wc_FreeRsaKey(&rsaKey);
     wc_FreeRng(&rng);
+    TPM2_ForceZero(&rsaKey, sizeof(rsaKey));
+    TPM2_ForceZero(&rng, sizeof(rng));
 
     if (rc > 0) {
         rc = (rc == secret->size) ? 0 /* success */ : BUFFER_E /* fail */;
@@ -1630,15 +1632,15 @@ int wolfTPM2_EncryptSecret(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* tpmKey,
 {
     int rc = NOT_COMPILED_IN;
 
+    if (dev == NULL || data == NULL || secret == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
     /* if a tpmKey is not present then we are using an unsalted session */
     if (tpmKey == NULL) {
         return TPM_RC_SUCCESS;
     }
 
-    if (dev == NULL || data == NULL || secret == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
 #ifdef DEBUG_WOLFTPM
     printf("Encrypt secret: Alg %s, Label %s\n",
         TPM2_GetAlgName(tpmKey->pub.publicArea.type), label);
@@ -3275,7 +3277,7 @@ int wolfTPM2_ExportPublicKeyBuffer(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
     #endif
     } key;
 
-    if (dev == NULL || tpmKey == NULL) {
+    if (dev == NULL || tpmKey == NULL || out == NULL || outSz == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -4995,17 +4997,14 @@ int wolfTPM2_NVCreateAuthPolicy(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* parent,
     #endif
         return rc;
     }
-    if (rc == TPM_RC_SUCCESS && alreadyExists)
-        rc = TPM_RC_NV_DEFINED;
-
     /* compute NV object with name */
     XMEMSET(nv, 0, sizeof(*nv));
     rctmp = wolfTPM2_NVOpen(dev, nv, nvIndex, auth, authSz);
     if (rctmp != TPM_RC_SUCCESS)
         rc = rctmp;
 
 #ifdef DEBUG_WOLFTPM
-    printf("TPM2_NV_DefineSpace: Auth 0x%x, Idx 0x%x, Attribs 0x%d, Size %d\n",
+    printf("TPM2_NV_DefineSpace: Auth 0x%x, Idx 0x%x, Attribs 0x%x, Size %d\n",
         (word32)in.authHandle,
         (word32)in.publicInfo.nvPublic.nvIndex,
         (word32)in.publicInfo.nvPublic.attributes,
@@ -6291,16 +6290,16 @@ int wolfTPM2_UnloadHandles(WOLFTPM2_DEV* dev, word32 handleStart,
     word32 handleCount)
 {
     int rc = TPM_RC_SUCCESS;
-    word32 hndl;
+    word32 i;
     WOLFTPM2_HANDLE handle;
     if (dev == NULL) {
         return BAD_FUNC_ARG;
     }
     XMEMSET(&handle, 0, sizeof(handle));
     wolfTPM2_CopyAuth(&handle.auth, &dev->session[0].auth);
 
-    for (hndl=handleStart; hndl < handleStart+handleCount; hndl++) {
-        handle.hndl = hndl;
+    for (i = 0; i < handleCount; i++) {
+        handle.hndl = handleStart + i;
         /* ignore return code failures */
         (void)wolfTPM2_UnloadHandle(dev, &handle);
     }