[TrouSerS-tech] [tpm-tools PATCH] Verify allocation of cipher context and free after use

Thu, 04 May 2017 10:36:43 -0700 

Check that context was actually allocated by EVP_CIPHER_CTX_new,
and call EVP_CIPHER_CTX_free when done using context.

Signed-off-by: Jerry Snitselaar <[email protected]>
---
 lib/tpm_unseal.c        | 7 +++++++
 src/cmds/tpm_sealdata.c | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/lib/tpm_unseal.c b/lib/tpm_unseal.c
index 4aadf21..ca32bd1 100644
--- a/lib/tpm_unseal.c
+++ b/lib/tpm_unseal.c
@@ -409,12 +409,18 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, 
int* tss_size,
 
        /* Decode and decrypt the encrypted data */
        EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+       if (!ctx) {
+               tpm_errno = ENOMEM;
+               rc = TPMSEAL_STD_ERROR;
+               goto tss_out;
+       }
        EVP_DecryptInit(ctx, EVP_aes_256_cbc(), symKey, (unsigned char 
*)TPMSEAL_IV);
 
        /* Create a base64 BIO to decode the encrypted data */
        if ((b64 = BIO_new(BIO_f_base64())) == NULL) {
                tpm_errno = EAGAIN;
                rc = TPMSEAL_STD_ERROR;
+               EVP_CIPHER_CTX_free(ctx);
                goto tss_out;
        }
 
@@ -425,6 +431,7 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, 
int* tss_size,
                res_size += rcLen;
        }
        EVP_DecryptFinal(ctx, res_data+res_size, &rcLen);
+       EVP_CIPHER_CTX_free(ctx);
        res_size += rcLen;
        bmem = BIO_pop(b64);
        BIO_free(b64);
diff --git a/src/cmds/tpm_sealdata.c b/src/cmds/tpm_sealdata.c
index 88f63ca..dda7320 100644
--- a/src/cmds/tpm_sealdata.c
+++ b/src/cmds/tpm_sealdata.c
@@ -344,6 +344,10 @@ int main(int argc, char **argv)
        bdata = BIO_push(b64, bdata);
 
        EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+       if (!ctx) {
+               logError(_("Unable to allocate cipher context\n"));
+               goto out_close;
+       }
        EVP_EncryptInit(ctx, EVP_aes_256_cbc(), randKey, (unsigned char 
*)TPMSEAL_IV);
 
        while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) {
@@ -353,6 +357,7 @@ int main(int argc, char **argv)
        }
 
        EVP_EncryptFinal(ctx, encData, &encDataLen);
+       EVP_CIPHER_CTX_free(ctx);
        BIO_write(bdata, encData, encDataLen);
        if (BIO_flush(bdata) != 1) {
                logError(_("Unable to flush output\n"));
-- 
2.13.0.rc0.45.ge2cb6ab84


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech

Reply via email to