tpm2-provider-pkey: fix handle decoding on 32b machines

Fixes: #74
tpm2-software · Jun 6, 2023 · ff40b6f · ff40b6f
1 parent 611facf
commit ff40b6f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 5 deletions.
diff --git a/src/tpm2-provider-encoder.c b/src/tpm2-provider-encoder.c
@@ -176,7 +176,8 @@ tpm2_get_rsa_pubkey(const TPM2_PKEY *pkey)
     if (!exponent)
         exponent = 0x10001;
 
-    if (!ASN1_INTEGER_set(tpk->e, exponent))
+    // note the ASN1_INTEGER_set is not reliable for uin32_t on 32-bit machines
+    if (!ASN1_INTEGER_set_uint64(tpk->e, exponent))
         goto error2;
 
     return tpk;

diff --git a/src/tpm2-provider-pkey.c b/src/tpm2-provider-pkey.c
@@ -74,11 +74,12 @@ tpm2_keydata_write(const TPM2_KEYDATA *keydata, BIO *bout, TPM2_PKEY_FORMAT form
     if (!tpk->type)
         goto error;
 
+    // note the ASN1_INTEGER_set is not reliable for uin32_t on 32-bit machines
     tpk->emptyAuth = ! !keydata->emptyAuth;
     if (keydata->parent != 0)
-        ASN1_INTEGER_set(tpk->parent, keydata->parent);
+        ASN1_INTEGER_set_uint64(tpk->parent, keydata->parent);
     else
-        ASN1_INTEGER_set(tpk->parent, TPM2_RH_OWNER);
+        ASN1_INTEGER_set_uint64(tpk->parent, TPM2_RH_OWNER);
 
     ASN1_STRING_set(tpk->privkey, &privbuf[0], privbuf_len);
     ASN1_STRING_set(tpk->pubkey, &pubbuf[0], pubbuf_len);
@@ -113,6 +114,7 @@ tpm2_keydata_write(const TPM2_KEYDATA *keydata, BIO *bout, TPM2_PKEY_FORMAT form
 int
 tpm2_keydata_read(BIO *bin, TPM2_KEYDATA *keydata, TPM2_PKEY_FORMAT format)
 {
+    uint64_t parent;
     TSSPRIVKEY *tpk = NULL;
     char type_oid[64];
 
@@ -132,9 +134,16 @@ tpm2_keydata_read(BIO *bin, TPM2_KEYDATA *keydata, TPM2_PKEY_FORMAT format)
     keydata->privatetype = KEY_TYPE_BLOB;
     keydata->emptyAuth = tpk->emptyAuth;
 
-    keydata->parent = ASN1_INTEGER_get(tpk->parent);
-    if (keydata->parent == 0)
+    // the ASN1_INTEGER_get on a 32-bit machine will fail for numbers of UINT32_MAX
+    if (!ASN1_INTEGER_get_uint64(&parent, tpk->parent))
+        goto error;
+
+    if (parent == 0)
         keydata->parent = TPM2_RH_OWNER;
+    else if (parent <= UINT32_MAX)
+        keydata->parent = parent;
+    else
+        goto error;
 
     if (!OBJ_obj2txt(type_oid, sizeof(type_oid), tpk->type, 1) ||
             strcmp(type_oid, OID_loadableKey))