90 строки
2.4 KiB
Diff
90 строки
2.4 KiB
Diff
From c229bb590250bd9769cb5a63918ab0f6c9386be7 Mon Sep 17 00:00:00 2001
|
|
From: Michal Schmidt <mschmidt@redhat.com>
|
|
Date: Mon, 20 Feb 2017 12:00:39 +0100
|
|
Subject: [PATCH 3/3] Allocate OpenSSL cipher contexts for seal/unseal
|
|
|
|
Cipher contexts need to be allocated before using EVP_EncryptInit or
|
|
EVP_DecryptInit. Using a NULL context is invalid.
|
|
|
|
Fixes: f50ab0949438 ("Support OpenSSL 1.1.0")
|
|
---
|
|
lib/tpm_unseal.c | 12 ++++++++++--
|
|
src/cmds/tpm_sealdata.c | 11 +++++++++--
|
|
2 files changed, 19 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/lib/tpm_unseal.c b/lib/tpm_unseal.c
|
|
index fc4a84906a..005dab7f8f 100644
|
|
--- a/lib/tpm_unseal.c
|
|
+++ b/lib/tpm_unseal.c
|
|
@@ -86,7 +86,7 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
|
|
int srkSecretLen;
|
|
unsigned char* res_data = NULL;
|
|
int res_size = 0;
|
|
-
|
|
+ EVP_CIPHER_CTX *ctx = NULL;
|
|
BIO *bdata = NULL, *b64 = NULL, *bmem = NULL;
|
|
int bioRc;
|
|
|
|
@@ -408,7 +408,12 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
|
|
}
|
|
|
|
/* Decode and decrypt the encrypted data */
|
|
- EVP_CIPHER_CTX *ctx = NULL;
|
|
+ ctx = EVP_CIPHER_CTX_new();
|
|
+ if ( ctx == NULL ) {
|
|
+ rc = TPMSEAL_STD_ERROR;
|
|
+ tpm_errno = ENOMEM;
|
|
+ goto tss_out;
|
|
+ }
|
|
EVP_DecryptInit(ctx, EVP_aes_256_cbc(), symKey, (unsigned char *)TPMSEAL_IV);
|
|
|
|
/* Create a base64 BIO to decode the encrypted data */
|
|
@@ -459,6 +464,9 @@ out:
|
|
} else
|
|
free(res_data);
|
|
|
|
+ if (ctx)
|
|
+ EVP_CIPHER_CTX_free(ctx);
|
|
+
|
|
return rc;
|
|
}
|
|
|
|
diff --git a/src/cmds/tpm_sealdata.c b/src/cmds/tpm_sealdata.c
|
|
index a2157f34b1..e25244a0f4 100644
|
|
--- a/src/cmds/tpm_sealdata.c
|
|
+++ b/src/cmds/tpm_sealdata.c
|
|
@@ -118,7 +118,7 @@ int main(int argc, char **argv)
|
|
char *passwd = NULL;
|
|
int pswd_len;
|
|
BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
|
|
-
|
|
+ EVP_CIPHER_CTX *ctx = NULL;
|
|
BIO *bin = NULL, *bdata=NULL, *b64=NULL;
|
|
|
|
initIntlSys();
|
|
@@ -343,7 +343,11 @@ int main(int argc, char **argv)
|
|
BIO_puts(bdata, TPMSEAL_ENC_STRING);
|
|
bdata = BIO_push(b64, bdata);
|
|
|
|
- EVP_CIPHER_CTX *ctx = NULL;
|
|
+ ctx = EVP_CIPHER_CTX_new();
|
|
+ if (ctx == NULL) {
|
|
+ logError(_("Unable to allocate cipher context\n"));
|
|
+ goto out_close;
|
|
+ }
|
|
EVP_EncryptInit(ctx, EVP_aes_256_cbc(), randKey, (unsigned char *)TPMSEAL_IV);
|
|
|
|
while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) {
|
|
@@ -375,5 +379,8 @@ out:
|
|
BIO_free(bdata);
|
|
if (b64)
|
|
BIO_free(b64);
|
|
+ if (ctx)
|
|
+ EVP_CIPHER_CTX_free(ctx);
|
|
+
|
|
return iRc;
|
|
}
|
|
--
|
|
2.9.3
|
|
|