From a6b7d25bd68b330b63e5d9471346a3f39d1eac0d Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Wed, 29 May 2024 20:49:05 -0500 Subject: user/yubikey-personalization: Patches * Update for GCC 10 compatibility. * Memory safety issues. --- user/yubikey-personalization/APKBUILD | 10 +- user/yubikey-personalization/gcc10.patch | 25 ++++ user/yubikey-personalization/uninit.patch | 204 ++++++++++++++++++++++++++++ user/yubikey-personalization/wipe-mem.patch | 29 ++++ 4 files changed, 266 insertions(+), 2 deletions(-) create mode 100644 user/yubikey-personalization/gcc10.patch create mode 100644 user/yubikey-personalization/uninit.patch create mode 100644 user/yubikey-personalization/wipe-mem.patch diff --git a/user/yubikey-personalization/APKBUILD b/user/yubikey-personalization/APKBUILD index b4db9bdd2..5f01b39bd 100644 --- a/user/yubikey-personalization/APKBUILD +++ b/user/yubikey-personalization/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Síle Ekaterin Liszka pkgname=yubikey-personalization pkgver=1.20.0 -pkgrel=1 +pkgrel=2 pkgdesc="Cross-platform library & tools for personalizing YubiKey devices" url="https://developers.yubico.com/yubikey-personalization/" arch="all" @@ -14,6 +14,9 @@ subpackages="$pkgname-dev $pkgname-doc" source="yubikey-personalization-$pkgver.tar.gz::https://github.com/Yubico/yubikey-personalization/archive/v$pkgver.tar.gz use-asciidoctor.patch json_c.patch + gcc10.patch + uninit.patch + wipe-mem.patch " prepare() { @@ -42,4 +45,7 @@ package() { sha512sums="a38b26700793f0a801e5f5889bbbce4a3f728d22aaecf8d0890f1b5135e67bed16a78b7a36dbc323c5d296901f6dd420fa658a982492a0cd9f0bbf95a5fbc823 yubikey-personalization-1.20.0.tar.gz d6777a43e5e57430268bb50ab704641465a7314b15fc821d8bfa7f0c6510829d0118ced426cd5f8730589efe6264df6b82fc70e8bfe3d8b7d735e51339a25af2 use-asciidoctor.patch -a8bc7ae71d0a05476688abfaea070ca7dc2eaa68e033524d4a1b2b6240eec2932d867e9eeaa248874a04f254618cd79bf9ebaa17421938b0c2e62502bf90c055 json_c.patch" +a8bc7ae71d0a05476688abfaea070ca7dc2eaa68e033524d4a1b2b6240eec2932d867e9eeaa248874a04f254618cd79bf9ebaa17421938b0c2e62502bf90c055 json_c.patch +063acafb26941bc061d8613187bcbffe3fd1ca19a7c5346b0c347e052a30e4b4c750f4a40bb59b479173dbc7b5458383f5d5e25e385539b127cf4d9636caa549 gcc10.patch +1d29331994f43a99e2cb854ff3ff8302800102e7c9eaef30228efa8ddf9a188279fdb4981b28f64141cfa5659af11af9325ecd249041b745c1cd0d55fe5fbd69 uninit.patch +cca0729be2337923ab758fcf4a225d40cf12ac79fce609904e536ff811abec4231ecf58d47096587c974223335b35ec6c63ab4fc872cbfabf1f49f76313c8541 wipe-mem.patch" diff --git a/user/yubikey-personalization/gcc10.patch b/user/yubikey-personalization/gcc10.patch new file mode 100644 index 000000000..0e09e821e --- /dev/null +++ b/user/yubikey-personalization/gcc10.patch @@ -0,0 +1,25 @@ +From 09ea16d9e2030e4da6ad00c1e5147e962aa7ff84 Mon Sep 17 00:00:00 2001 +From: Klas Lindfors +Date: Mon, 17 Feb 2020 08:58:33 +0100 +Subject: [PATCH] make header declarations extern + +fixes #155 +--- + ykpers-args.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ykpers-args.h b/ykpers-args.h +index 2a63268d..9ff455a7 100644 +--- a/ykpers-args.h ++++ b/ykpers-args.h +@@ -33,8 +33,8 @@ + + #include "ykpers.h" + +-const char *usage; +-const char *optstring; ++extern const char *usage; ++extern const char *optstring; + + int args_to_config(int argc, char **argv, YKP_CONFIG *cfg, char *oathid, + size_t oathid_len, const char **infname, diff --git a/user/yubikey-personalization/uninit.patch b/user/yubikey-personalization/uninit.patch new file mode 100644 index 000000000..713ce1699 --- /dev/null +++ b/user/yubikey-personalization/uninit.patch @@ -0,0 +1,204 @@ +From f86b334504693afe9ee6ec61416182d23c66e1ad Mon Sep 17 00:00:00 2001 +From: Gabriel Kihlman +Date: Mon, 27 Apr 2020 14:52:53 +0200 +Subject: [PATCH] Initialize bufs to 0 to avoid potentially leaking + uninitialized memory + +Based on a report from Christian Reitter doing fuzzing with MSAN. + +Extracts of logs: + +==16111==WARNING: MemorySanitizer: use-of-uninitialized-value + #0 0x4d59d4 in yk_write_to_key +/yubikey-personalization/ykcore/ykcore.c:715:8 + #1 0x4d9c00 in _yk_write /yubikey-personalization/ykcore/ykcore.c:233:7 + #2 0x4dc74d in yk_write_scan_map +/yubikey-personalization/ykcore/ykcore.c:357:9 + #3 0x4ce352 in ykpersonalize_main +/yubikey-personalization/ykpersonalize.c:423:9 +[...] + + Uninitialized value was stored to memory at + #0 0x45392b in __msan_memcpy +(/yubikey-personalization/.libs/ykpersonalize+0x45392b) + #1 0x4d52f7 in yk_write_to_key +/yubikey-personalization/ykcore/ykcore.c:689:2 + #2 0x4d9c00 in _yk_write /yubikey-personalization/ykcore/ykcore.c:233:7 + #3 0x4dc74d in yk_write_scan_map +/yubikey-personalization/ykcore/ykcore.c:357:9 + #4 0x4ce352 in ykpersonalize_main +/yubikey-personalization/ykpersonalize.c:423:9 +[...] + + Uninitialized value was created by an allocation of 'scan_codes' in +the stack frame of function 'ykpersonalize_main' +==18180==WARNING: MemorySanitizer: use-of-uninitialized-value + #0 0x4d5a24 in yk_write_to_key /yubikey-personalization/ykcore/ykcore.c:715:8 + #1 0x4d9c50 in _yk_write /yubikey-personalization/ykcore/ykcore.c:233:7 + #2 0x4dae6c in yk_write_command /yubikey-personalization/ykcore/ykcore.c:288:8 + #3 0x4cec93 in ykpersonalize_main /yubikey-personalization/ykpersonalize.c:440:10 + + Uninitialized value was stored to memory at + #0 0x45392b in __msan_memcpy (/yubikey-personalization/.libs/ykpersonalize+0x45392b) + #1 0x4d5347 in yk_write_to_key /yubikey-personalization/ykcore/ykcore.c:689:2 + #2 0x4d9c50 in _yk_write /yubikey-personalization/ykcore/ykcore.c:233:7 + #3 0x4dae6c in yk_write_command /yubikey-personalization/ykcore/ykcore.c:288:8 + #4 0x4cec93 in ykpersonalize_main /yubikey-personalization/ykpersonalize.c:440:10 + + Uninitialized value was stored to memory at + #0 0x45392b in __msan_memcpy (/yubikey-personalization/.libs/ykpersonalize+0x45392b) + #1 0x4dacdb in yk_write_command /yubikey-personalization/ykcore/ykcore.c:280:3 + #2 0x4cec93 in ykpersonalize_main /yubikey-personalization/ykpersonalize.c:440:10 + + Uninitialized value was stored to memory at + #0 0x45392b in __msan_memcpy (/yubikey-personalization/.libs/ykpersonalize+0x45392b) + #1 0x7f6fd2ea32f9 in ykp_set_fixed /yubikey-personalization/ykpers.c:787:1 + #2 0x50193c in _set_fixed /yubikey-personalization/ykpers-args.c:900:2 + #3 0x4ed040 in args_to_config /yubikey-personalization/ykpers-args.c:558:9 + #4 0x4c865c in ykpersonalize_main /yubikey-personalization/ykpersonalize.c:167:8 + + Uninitialized value was created by an allocation of 'fixedbin' in the stack frame of function '_set_fixed' + #0 0x501130 in _set_fixed /yubikey-personalization/ykpers-args.c:889 +--- + ykpers-args.c | 8 ++++---- + ykpers.c | 12 ++++++------ + ykpersonalize.c | 13 +++++++------ + 3 files changed, 17 insertions(+), 16 deletions(-) + +diff --git a/ykpers-args.c b/ykpers-args.c +index 53f7c22b..62ff7b2f 100644 +--- a/ykpers-args.c ++++ b/ykpers-args.c +@@ -548,7 +548,7 @@ int args_to_config(int argc, char **argv, YKP_CONFIG *cfg, char *oathid, + else if (strncmp(optarg, "uid", 3) == 0) { + char *uid = optarg+4; + size_t uidlen; +- unsigned char uidbin[256]; ++ unsigned char uidbin[256] = {0}; + size_t uidbinlen = 0; + int rc; + char *uidtmp = NULL; +@@ -787,7 +787,7 @@ int args_to_config(int argc, char **argv, YKP_CONFIG *cfg, char *oathid, + size_t key_bytes = (size_t)ykp_get_supported_key_length(cfg); + int res = 0; + char *key_tmp = NULL; +- char keybuf[20]; ++ char keybuf[20] = {0}; + + if(keylocation == 2) { + const char *prompt = " AES key, 16 bytes (32 characters hex) : "; +@@ -865,7 +865,7 @@ int args_to_config(int argc, char **argv, YKP_CONFIG *cfg, char *oathid, + static int _set_fixed(char *opt, YKP_CONFIG *cfg) { + const char *fixed = opt; + size_t fixedlen = strlen (fixed); +- unsigned char fixedbin[256]; ++ unsigned char fixedbin[256] = {0}; + size_t fixedbinlen = 0; + int rc = hex_modhex_decode(fixedbin, &fixedbinlen, + fixed, fixedlen, +@@ -898,7 +898,7 @@ static int _format_decimal_as_hex(uint8_t *dst, size_t dst_len, uint8_t *src) + /* For details, see YubiKey Manual 2010-09-16 section 5.3.4 - OATH-HOTP Token Identifier */ + static int _format_oath_id(uint8_t *dst, size_t dst_len, uint8_t vendor, uint8_t type, uint32_t mui) + { +- uint8_t buf[8 + 1]; ++ uint8_t buf[8 + 1] = {0}; + + if (mui > 99999999) + return 0; +diff --git a/ykpers.c b/ykpers.c +index 7941d0e3..81cb0dff 100644 +--- a/ykpers.c ++++ b/ykpers.c +@@ -264,7 +264,7 @@ int ykp_get_supported_key_length(const YKP_CONFIG *cfg) + + /* Decode 128 bit AES key into cfg->ykcore_config.key */ + int ykp_AES_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) { +- char aesbin[256]; ++ char aesbin[256] = {0}; + + /* Make sure that the hexkey is exactly 32 characters */ + if (strlen(hexkey) != 32) { +@@ -311,7 +311,7 @@ int ykp_HMAC_key_from_raw(YKP_CONFIG *cfg, const char *key) { + * and 32 bits into the first four bytes of cfg->ykcore_config.uid. + */ + int ykp_HMAC_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) { +- char aesbin[256]; ++ char aesbin[256] = {0}; + size_t i; + + /* Make sure that the hexkey is exactly 40 characters */ +@@ -351,9 +351,9 @@ int ykp_AES_key_from_passphrase(YKP_CONFIG *cfg, const char *passphrase, + 0 + }; + const char **random_place; +- uint8_t _salt[8]; ++ uint8_t _salt[8] = {0}; + size_t _salt_len = 0; +- unsigned char buf[sizeof(cfg->ykcore_config.key) + 4]; ++ unsigned char buf[sizeof(cfg->ykcore_config.key) + 4] = {0}; + int rc; + int key_bytes = ykp_get_supported_key_length(cfg); + YK_PRF_METHOD prf_method = {20, yk_hmac_sha1}; +@@ -931,7 +931,7 @@ static const char str_extended_flags[] = "extended_flags"; + + static int _ykp_legacy_export_config(const YKP_CONFIG *cfg, char *buf, size_t len) { + if (cfg) { +- char buffer[256]; ++ char buffer[256] = {0}; + struct map_st *p; + unsigned char t_flags; + bool key_bits_in_uid = false; +@@ -1131,7 +1131,7 @@ int ykp_write_config(const YKP_CONFIG *cfg, + void *userdata), + void *userdata) { + if(cfg) { +- char buffer[1024]; ++ char buffer[1024] = {0}; + int ret = _ykp_legacy_export_config(cfg, buffer, 1024); + if(ret) { + writer(buffer, strlen(buffer), userdata); +diff --git a/ykpersonalize.c b/ykpersonalize.c +index 15338c6a..2c991e32 100644 +--- a/ykpersonalize.c ++++ b/ykpersonalize.c +@@ -48,17 +48,17 @@ int main(int argc, char **argv) + FILE *outf = NULL; const char *outfname = NULL; + int data_format = YKP_FORMAT_LEGACY; + bool verbose = false; +- unsigned char access_code[256]; ++ unsigned char access_code[256] = {0}; + char *acc_code = NULL; + char *new_acc_code = NULL; +- unsigned char scan_codes[sizeof(SCAN_MAP)]; +- unsigned char device_info[128]; ++ unsigned char scan_codes[sizeof(SCAN_MAP)] = {0}; ++ unsigned char device_info[128] = {0}; + size_t device_info_len = 0; + YK_KEY *yk = 0; + YKP_CONFIG *cfg = ykp_alloc(); + YK_STATUS *st = ykds_alloc(); + bool autocommit = false; +- char data[1024]; ++ char data[1024] = {0}; + bool dry_run = false; + + /* Options */ +@@ -184,7 +184,7 @@ int main(int argc, char **argv) + } + } + if(new_acc_code) { +- unsigned char accbin[256]; ++ unsigned char accbin[256] = {0}; + size_t accbinlen = 0; + int rc = hex_modhex_decode (accbin, &accbinlen, + new_acc_code, strlen(new_acc_code), +@@ -261,7 +261,8 @@ int main(int argc, char **argv) + goto err; + } + } else { +- char commitbuf[256]; size_t commitlen; ++ char commitbuf[256] = {0}; ++ size_t commitlen; + + if (ykp_command(cfg) == SLOT_SWAP) { + fprintf(stderr, "Configuration in slot 1 and 2 will be swapped\n"); diff --git a/user/yubikey-personalization/wipe-mem.patch b/user/yubikey-personalization/wipe-mem.patch new file mode 100644 index 000000000..a5ef05e8d --- /dev/null +++ b/user/yubikey-personalization/wipe-mem.patch @@ -0,0 +1,29 @@ +From 13f69440ac7cca05a94bd9cf9011e2ea352dad68 Mon Sep 17 00:00:00 2001 +From: Gabriel Kihlman +Date: Mon, 27 Apr 2020 14:56:00 +0200 +Subject: [PATCH] Wipe stack memory containing key material before returning + +--- + ykpers.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ykpers.c b/ykpers.c +index 81cb0df..2413b35 100644 +--- a/ykpers.c ++++ b/ykpers.c +@@ -280,6 +280,7 @@ int ykp_AES_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) { + + yubikey_hex_decode(aesbin, hexkey, sizeof(aesbin)); + memcpy(cfg->ykcore_config.key, aesbin, sizeof(cfg->ykcore_config.key)); ++ insecure_memzero (aesbin, sizeof(aesbin)); + + return 0; + } +@@ -330,6 +331,7 @@ int ykp_HMAC_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) { + i = sizeof(cfg->ykcore_config.key); + memcpy(cfg->ykcore_config.key, aesbin, i); + memcpy(cfg->ykcore_config.uid, aesbin + i, 20 - i); ++ insecure_memzero (aesbin, sizeof(aesbin)); + + return 0; + } -- cgit v1.2.3-70-g09d2