Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 069b6143 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus' of... 

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  trusted-keys: avoid scattring va_end()
  trusted-keys: check for NULL before using it
  trusted-keys: another free memory bugfix
  trusted-keys: free memory bugfix
parents b06ae1ea 154a96bf

security/keys/trusted_defined.c

+28 −23
Original line number Diff line number Diff line
@@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, 
		if (dlen == 0)

			break;

		data = va_arg(argp, unsigned char *);

		if (data == NULL)

			return -EINVAL;

		if (data == NULL) {

			ret = -EINVAL;

			break;

		}

		ret = crypto_shash_update(&sdesc->shash, data, dlen);

		if (ret < 0)

			goto out;

			break;

	}

	va_end(argp);

	if (!ret)
@@ -146,13 +148,16 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, 
		if (dlen == 0)

			break;

		data = va_arg(argp, unsigned char *);

		ret = crypto_shash_update(&sdesc->shash, data, dlen);

		if (ret < 0) {

			va_end(argp);

			goto out;

		if (!data) {

			ret = -EINVAL;

			break;

		}

		ret = crypto_shash_update(&sdesc->shash, data, dlen);

		if (ret < 0)

			break;

	}

	va_end(argp);

	if (!ret)

		ret = crypto_shash_final(&sdesc->shash, paramdigest);

	if (!ret)

		ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
@@ -222,12 +227,11 @@ static int TSS_checkhmac1(unsigned char *buffer, 
			break;

		dpos = va_arg(argp, unsigned int);

		ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);

		if (ret < 0) {

			va_end(argp);

			goto out;

		}

		if (ret < 0)

			break;

	}

	va_end(argp);

	if (!ret)

		ret = crypto_shash_final(&sdesc->shash, paramdigest);

	if (ret < 0)

		goto out;
@@ -316,12 +320,11 @@ static int TSS_checkhmac2(unsigned char *buffer, 
			break;

		dpos = va_arg(argp, unsigned int);

		ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);

		if (ret < 0) {

			va_end(argp);

			goto out;

		}

		if (ret < 0)

			break;

	}

	va_end(argp);

	if (!ret)

		ret = crypto_shash_final(&sdesc->shash, paramdigest);

	if (ret < 0)

		goto out;
@@ -511,7 +514,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, 
	/* get session for sealing key */

	ret = osap(tb, &sess, keyauth, keytype, keyhandle);

	if (ret < 0)

		return ret;

		goto out;

	dump_sess(&sess);



	/* calculate encrypted authorization value */
@@ -519,11 +522,11 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, 
	memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE);

	ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash);

	if (ret < 0)

		return ret;

		goto out;



	ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE);

	if (ret < 0)

		return ret;

		goto out;

	ordinal = htonl(TPM_ORD_SEAL);

	datsize = htonl(datalen);

	pcrsize = htonl(pcrinfosize);
@@ -552,7 +555,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, 
				   &datsize, datalen, data, 0, 0);

	}

	if (ret < 0)

		return ret;

		goto out;



	/* build and send the TPM request packet */

	INIT_BUF(tb);
@@ -572,7 +575,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, 


	ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);

	if (ret < 0)

		return ret;

		goto out;



	/* calculate the size of the returned Blob */

	sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t));
@@ -591,6 +594,8 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, 
		memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize);

		*bloblen = storedsize;

	}

out:

	kfree(td);

	return ret;

}