Commit 069b6143 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-linus' of...

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  trusted-keys: avoid scattring va_end()
  trusted-keys: check for NULL before using it
  trusted-keys: another free memory bugfix
  trusted-keys: free memory bugfix
parents b06ae1ea 154a96bf
...@@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, ...@@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
if (dlen == 0) if (dlen == 0)
break; break;
data = va_arg(argp, unsigned char *); data = va_arg(argp, unsigned char *);
if (data == NULL) if (data == NULL) {
return -EINVAL; ret = -EINVAL;
break;
}
ret = crypto_shash_update(&sdesc->shash, data, dlen); ret = crypto_shash_update(&sdesc->shash, data, dlen);
if (ret < 0) if (ret < 0)
goto out; break;
} }
va_end(argp); va_end(argp);
if (!ret) if (!ret)
...@@ -146,13 +148,16 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, ...@@ -146,13 +148,16 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
if (dlen == 0) if (dlen == 0)
break; break;
data = va_arg(argp, unsigned char *); data = va_arg(argp, unsigned char *);
ret = crypto_shash_update(&sdesc->shash, data, dlen); if (!data) {
if (ret < 0) { ret = -EINVAL;
va_end(argp); break;
goto out;
} }
ret = crypto_shash_update(&sdesc->shash, data, dlen);
if (ret < 0)
break;
} }
va_end(argp); va_end(argp);
if (!ret)
ret = crypto_shash_final(&sdesc->shash, paramdigest); ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (!ret) if (!ret)
ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
...@@ -222,12 +227,11 @@ static int TSS_checkhmac1(unsigned char *buffer, ...@@ -222,12 +227,11 @@ static int TSS_checkhmac1(unsigned char *buffer,
break; break;
dpos = va_arg(argp, unsigned int); dpos = va_arg(argp, unsigned int);
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
if (ret < 0) { if (ret < 0)
va_end(argp); break;
goto out;
}
} }
va_end(argp); va_end(argp);
if (!ret)
ret = crypto_shash_final(&sdesc->shash, paramdigest); ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (ret < 0) if (ret < 0)
goto out; goto out;
...@@ -316,12 +320,11 @@ static int TSS_checkhmac2(unsigned char *buffer, ...@@ -316,12 +320,11 @@ static int TSS_checkhmac2(unsigned char *buffer,
break; break;
dpos = va_arg(argp, unsigned int); dpos = va_arg(argp, unsigned int);
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
if (ret < 0) { if (ret < 0)
va_end(argp); break;
goto out;
}
} }
va_end(argp); va_end(argp);
if (!ret)
ret = crypto_shash_final(&sdesc->shash, paramdigest); ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (ret < 0) if (ret < 0)
goto out; goto out;
...@@ -511,7 +514,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, ...@@ -511,7 +514,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
/* get session for sealing key */ /* get session for sealing key */
ret = osap(tb, &sess, keyauth, keytype, keyhandle); ret = osap(tb, &sess, keyauth, keytype, keyhandle);
if (ret < 0) if (ret < 0)
return ret; goto out;
dump_sess(&sess); dump_sess(&sess);
/* calculate encrypted authorization value */ /* calculate encrypted authorization value */
...@@ -519,11 +522,11 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, ...@@ -519,11 +522,11 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE); memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE);
ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash);
if (ret < 0) if (ret < 0)
return ret; goto out;
ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE); ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE);
if (ret < 0) if (ret < 0)
return ret; goto out;
ordinal = htonl(TPM_ORD_SEAL); ordinal = htonl(TPM_ORD_SEAL);
datsize = htonl(datalen); datsize = htonl(datalen);
pcrsize = htonl(pcrinfosize); pcrsize = htonl(pcrinfosize);
...@@ -552,7 +555,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, ...@@ -552,7 +555,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
&datsize, datalen, data, 0, 0); &datsize, datalen, data, 0, 0);
} }
if (ret < 0) if (ret < 0)
return ret; goto out;
/* build and send the TPM request packet */ /* build and send the TPM request packet */
INIT_BUF(tb); INIT_BUF(tb);
...@@ -572,7 +575,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, ...@@ -572,7 +575,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);
if (ret < 0) if (ret < 0)
return ret; goto out;
/* calculate the size of the returned Blob */ /* calculate the size of the returned Blob */
sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t)); sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t));
...@@ -591,6 +594,8 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, ...@@ -591,6 +594,8 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize); memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize);
*bloblen = storedsize; *bloblen = storedsize;
} }
out:
kfree(td);
return ret; return ret;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment