From 49146f057d91fb5cad8bcdcf91a21fe9686f2305 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 4 Dec 2016 09:56:13 +0100 Subject: In import_tpm_key_cb() fix the wrong password loop When calling import_tpm_key() once it initializes the key, but a second call fails due to the key being already initialized. Ensure that failure of import_tpm_key() leaves the key on a clear state. Reported by James Bottomley . --- lib/abstract_int.h | 2 ++ lib/privkey.c | 9 +++++++++ lib/tpm.c | 1 + 3 files changed, 12 insertions(+) diff --git a/lib/abstract_int.h b/lib/abstract_int.h index fa8f225ad8..3693d00074 100644 --- a/lib/abstract_int.h +++ b/lib/abstract_int.h @@ -82,6 +82,8 @@ struct gnutls_pubkey_st { int _gnutls_privkey_get_public_mpis(gnutls_privkey_t key, gnutls_pk_params_st *); +void _gnutls_privkey_cleanup(gnutls_privkey_t key); + unsigned pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params); int _gnutls_pubkey_compatible_with_sig(gnutls_session_t, gnutls_pubkey_t pubkey, diff --git a/lib/privkey.c b/lib/privkey.c index 030d72cb0c..76cef7ec79 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -360,6 +360,15 @@ void gnutls_privkey_deinit(gnutls_privkey_t key) gnutls_free(key); } +/* Will erase all private key information, except PIN */ +void _gnutls_privkey_cleanup(gnutls_privkey_t key) +{ + memset(&key->key, 0, sizeof(key->key)); + key->type = 0; + key->pk_algorithm = 0; + key->flags = 0; +} + /* will fail if the private key contains an actual key. */ static int check_if_clean(gnutls_privkey_t key) diff --git a/lib/tpm.c b/lib/tpm.c index 23e44799a5..aac83186a0 100644 --- a/lib/tpm.c +++ b/lib/tpm.c @@ -688,6 +688,7 @@ import_tpm_key(gnutls_privkey_t pkey, pTspi_Context_CloseObject(s->tpm_ctx, s->tpm_key); s->tpm_key = 0; out_session: + _gnutls_privkey_cleanup(pkey); tpm_close_session(s); out_ctx: gnutls_free(s); -- cgit v1.2.1