rpms / tpm-tools

Clone
Source Code
GIT

Files

el5 epel9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main rawhide
  1.   rawhide
  2.   0003-Allocate-OpenSSL-cipher-contexts-for-seal-unseal.patch
Blob Blame History Raw 
From c229bb590250bd9769cb5a63918ab0f6c9386be7 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Mon, 20 Feb 2017 12:00:39 +0100
Subject: [PATCH 3/3] Allocate OpenSSL cipher contexts for seal/unseal

Cipher contexts need to be allocated before using EVP_EncryptInit or
EVP_DecryptInit. Using a NULL context is invalid.

Fixes: f50ab0949438 ("Support OpenSSL 1.1.0")
---
 lib/tpm_unseal.c        | 12 ++++++++++--
 src/cmds/tpm_sealdata.c | 11 +++++++++--
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/lib/tpm_unseal.c b/lib/tpm_unseal.c
index fc4a84906a..005dab7f8f 100644
--- a/lib/tpm_unseal.c
+++ b/lib/tpm_unseal.c
@@ -86,7 +86,7 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
 	int srkSecretLen;
 	unsigned char* res_data = NULL;
 	int res_size = 0;
-
+	EVP_CIPHER_CTX *ctx = NULL;
 	BIO *bdata = NULL, *b64 = NULL, *bmem = NULL;
 	int bioRc;
 
@@ -408,7 +408,12 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
 	}
 
 	/* Decode and decrypt the encrypted data */
-	EVP_CIPHER_CTX *ctx = NULL;
+	ctx = EVP_CIPHER_CTX_new();
+	if ( ctx == NULL ) {
+		rc = TPMSEAL_STD_ERROR;
+		tpm_errno = ENOMEM;
+		goto tss_out;
+	}
 	EVP_DecryptInit(ctx, EVP_aes_256_cbc(), symKey, (unsigned char *)TPMSEAL_IV);
 
 	/* Create a base64 BIO to decode the encrypted data */
@@ -459,6 +464,9 @@ out:
 	} else
 		free(res_data);
 
+	if (ctx)
+		EVP_CIPHER_CTX_free(ctx);
+
 	return rc;
 }
 
diff --git a/src/cmds/tpm_sealdata.c b/src/cmds/tpm_sealdata.c
index a2157f34b1..e25244a0f4 100644
--- a/src/cmds/tpm_sealdata.c
+++ b/src/cmds/tpm_sealdata.c
@@ -118,7 +118,7 @@ int main(int argc, char **argv)
 	char *passwd = NULL;
 	int pswd_len;
 	BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
-
+	EVP_CIPHER_CTX *ctx = NULL;
 	BIO *bin = NULL, *bdata=NULL, *b64=NULL;
 
 	initIntlSys();
@@ -343,7 +343,11 @@ int main(int argc, char **argv)
 	BIO_puts(bdata, TPMSEAL_ENC_STRING); 
 	bdata = BIO_push(b64, bdata);
 
-	EVP_CIPHER_CTX *ctx = NULL;
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx == NULL) {
+		logError(_("Unable to allocate cipher context\n"));
+		goto out_close;
+	}
 	EVP_EncryptInit(ctx, EVP_aes_256_cbc(), randKey, (unsigned char *)TPMSEAL_IV);
 
 	while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) {
@@ -375,5 +379,8 @@ out:
 		BIO_free(bdata);
 	if (b64)
 		BIO_free(b64);
+	if (ctx)
+		EVP_CIPHER_CTX_free(ctx);
+
 	return iRc;
 }
-- 
2.9.3
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.