In import_tpm_key_cb() fix the wrong password loop

When calling import_tpm_key() once it initializes the key, but
a second call fails due to the key being already initialized. Ensure
that failure of import_tpm_key() leaves the key on a clear state.

Reported by James Bottomley <James.Bottomley@HansenPartnership.com>.

3 files changed, 12 insertions, 0 deletions

diff --git a/lib/abstract_int.h b/lib/abstract_int.h
index fa8f225ad8..3693d00074 100644
--- a/lib/abstract_int.h
+++ b/lib/abstract_int.h
@@ -82,6 +82,8 @@ struct gnutls_pubkey_st {
 int _gnutls_privkey_get_public_mpis(gnutls_privkey_t key,
 				    gnutls_pk_params_st *);
 
+void _gnutls_privkey_cleanup(gnutls_privkey_t key);
+
 unsigned pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params);
 int _gnutls_pubkey_compatible_with_sig(gnutls_session_t,
 				       gnutls_pubkey_t pubkey,
diff --git a/lib/privkey.c b/lib/privkey.c
index 030d72cb0c..76cef7ec79 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -360,6 +360,15 @@ void gnutls_privkey_deinit(gnutls_privkey_t key)
 	gnutls_free(key);
 }
 
+/* Will erase all private key information, except PIN */
+void _gnutls_privkey_cleanup(gnutls_privkey_t key)
+{
+	memset(&key->key, 0, sizeof(key->key));
+	key->type = 0;
+	key->pk_algorithm = 0;
+	key->flags = 0;
+}
+
 /* will fail if the private key contains an actual key.
  */
 static int check_if_clean(gnutls_privkey_t key)
diff --git a/lib/tpm.c b/lib/tpm.c
index 23e44799a5..aac83186a0 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -688,6 +688,7 @@ import_tpm_key(gnutls_privkey_t pkey,
 	pTspi_Context_CloseObject(s->tpm_ctx, s->tpm_key);
 	s->tpm_key = 0;
       out_session:
+	_gnutls_privkey_cleanup(pkey);
 	tpm_close_session(s);
       out_ctx:
 	gnutls_free(s);