[TrouSerS-tech] [tpm-tools PATCH 3/3] Allocate OpenSSL cipher contexts for seal/unseal

Mon, 20 Feb 2017 04:55:46 -0800 

Cipher contexts need to be allocated before using EVP_EncryptInit or
EVP_DecryptInit. Using a NULL context is invalid.

Fixes: f50ab0949438 ("Support OpenSSL 1.1.0")
---
 lib/tpm_unseal.c        | 12 ++++++++++--
 src/cmds/tpm_sealdata.c | 11 +++++++++--
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/lib/tpm_unseal.c b/lib/tpm_unseal.c
index fc4a84906a..005dab7f8f 100644
--- a/lib/tpm_unseal.c
+++ b/lib/tpm_unseal.c
@@ -86,7 +86,7 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, 
int* tss_size,
        int srkSecretLen;
        unsigned char* res_data = NULL;
        int res_size = 0;
-
+       EVP_CIPHER_CTX *ctx = NULL;
        BIO *bdata = NULL, *b64 = NULL, *bmem = NULL;
        int bioRc;
 
@@ -408,7 +408,12 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, 
int* tss_size,
        }
 
        /* Decode and decrypt the encrypted data */
-       EVP_CIPHER_CTX *ctx = NULL;
+       ctx = EVP_CIPHER_CTX_new();
+       if ( ctx == NULL ) {
+               rc = TPMSEAL_STD_ERROR;
+               tpm_errno = ENOMEM;
+               goto tss_out;
+       }
        EVP_DecryptInit(ctx, EVP_aes_256_cbc(), symKey, (unsigned char 
*)TPMSEAL_IV);
 
        /* Create a base64 BIO to decode the encrypted data */
@@ -459,6 +464,9 @@ out:
        } else
                free(res_data);
 
+       if (ctx)
+               EVP_CIPHER_CTX_free(ctx);
+
        return rc;
 }
 
diff --git a/src/cmds/tpm_sealdata.c b/src/cmds/tpm_sealdata.c
index a2157f34b1..e25244a0f4 100644
--- a/src/cmds/tpm_sealdata.c
+++ b/src/cmds/tpm_sealdata.c
@@ -118,7 +118,7 @@ int main(int argc, char **argv)
        char *passwd = NULL;
        int pswd_len;
        BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
-
+       EVP_CIPHER_CTX *ctx = NULL;
        BIO *bin = NULL, *bdata=NULL, *b64=NULL;
 
        initIntlSys();
@@ -343,7 +343,11 @@ int main(int argc, char **argv)
        BIO_puts(bdata, TPMSEAL_ENC_STRING); 
        bdata = BIO_push(b64, bdata);
 
-       EVP_CIPHER_CTX *ctx = NULL;
+       ctx = EVP_CIPHER_CTX_new();
+       if (ctx == NULL) {
+               logError(_("Unable to allocate cipher context\n"));
+               goto out_close;
+       }
        EVP_EncryptInit(ctx, EVP_aes_256_cbc(), randKey, (unsigned char 
*)TPMSEAL_IV);
 
        while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) {
@@ -375,5 +379,8 @@ out:
                BIO_free(bdata);
        if (b64)
                BIO_free(b64);
+       if (ctx)
+               EVP_CIPHER_CTX_free(ctx);
+
        return iRc;
 }
-- 
2.9.3


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech

Reply via email to