A security issue was found in libtpms before version 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. Upgrading to a fixed release (0.8.0+) is not sufficient. The only way to fix it is to unseal all data, delete the old TPM state file, generate a new one, then reseal the data.
A security issue was found in libtpms before version 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. Upgrading to a fixed release (0.8.0+) is not sufficient. The only way to fix it is to unseal all data, delete the old TPM state file, generate a new one, then reseal the data.
https://bugzilla.redhat.com/show_bug.cgi?id=1950046 https://github.com/stefanberger/libtpms/issues/183 https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8 https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b
Vulmon