[prev in list] [next in list] [prev in thread] [next in thread]
List: trousers-tech
Subject: [TrouSerS-tech] [tpm-tools PATCH] Verify allocation of cipher context and free after use
From: Jerry Snitselaar <jsnitsel () redhat ! com>
Date: 2017-05-04 17:35:51
Message-ID: 20170504173551.19315-1-jsnitsel () redhat ! com
[Download RAW message or body]
Check that context was actually allocated by EVP_CIPHER_CTX_new,
and call EVP_CIPHER_CTX_free when done using context.
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
---
lib/tpm_unseal.c | 7 +++++++
src/cmds/tpm_sealdata.c | 5 +++++
2 files changed, 12 insertions(+)
diff --git a/lib/tpm_unseal.c b/lib/tpm_unseal.c
index 4aadf21..ca32bd1 100644
--- a/lib/tpm_unseal.c
+++ b/lib/tpm_unseal.c
@@ -409,12 +409,18 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
/* Decode and decrypt the encrypted data */
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ if (!ctx) {
+ tpm_errno = ENOMEM;
+ rc = TPMSEAL_STD_ERROR;
+ goto tss_out;
+ }
EVP_DecryptInit(ctx, EVP_aes_256_cbc(), symKey, (unsigned char *)TPMSEAL_IV);
/* Create a base64 BIO to decode the encrypted data */
if ((b64 = BIO_new(BIO_f_base64())) == NULL) {
tpm_errno = EAGAIN;
rc = TPMSEAL_STD_ERROR;
+ EVP_CIPHER_CTX_free(ctx);
goto tss_out;
}
@@ -425,6 +431,7 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
res_size += rcLen;
}
EVP_DecryptFinal(ctx, res_data+res_size, &rcLen);
+ EVP_CIPHER_CTX_free(ctx);
res_size += rcLen;
bmem = BIO_pop(b64);
BIO_free(b64);
diff --git a/src/cmds/tpm_sealdata.c b/src/cmds/tpm_sealdata.c
index 88f63ca..dda7320 100644
--- a/src/cmds/tpm_sealdata.c
+++ b/src/cmds/tpm_sealdata.c
@@ -344,6 +344,10 @@ int main(int argc, char **argv)
bdata = BIO_push(b64, bdata);
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ if (!ctx) {
+ logError(_("Unable to allocate cipher context\n"));
+ goto out_close;
+ }
EVP_EncryptInit(ctx, EVP_aes_256_cbc(), randKey, (unsigned char *)TPMSEAL_IV);
while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) {
@@ -353,6 +357,7 @@ int main(int argc, char **argv)
}
EVP_EncryptFinal(ctx, encData, &encDataLen);
+ EVP_CIPHER_CTX_free(ctx);
BIO_write(bdata, encData, encDataLen);
if (BIO_flush(bdata) != 1) {
logError(_("Unable to flush output\n"));
--
2.13.0.rc0.45.ge2cb6ab84
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TrouSerS-tech mailing list
TrouSerS-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-tech
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic