1 From c229bb590250bd9769cb5a63918ab0f6c9386be7 Mon Sep 17 00:00:00 2001
2 From: Michal Schmidt <mschmidt@redhat.com>
3 Date: Mon, 20 Feb 2017 12:00:39 +0100
4 Subject: [PATCH 3/3] Allocate OpenSSL cipher contexts for seal/unseal
6 Cipher contexts need to be allocated before using EVP_EncryptInit or
7 EVP_DecryptInit. Using a NULL context is invalid.
9 Fixes: f50ab0949438 ("Support OpenSSL 1.1.0")
11 lib/tpm_unseal.c | 12 ++++++++++--
12 src/cmds/tpm_sealdata.c | 11 +++++++++--
13 2 files changed, 19 insertions(+), 4 deletions(-)
15 diff --git a/lib/tpm_unseal.c b/lib/tpm_unseal.c
16 index fc4a84906a..005dab7f8f 100644
17 --- a/lib/tpm_unseal.c
18 +++ b/lib/tpm_unseal.c
19 @@ -86,7 +86,7 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
21 unsigned char* res_data = NULL;
24 + EVP_CIPHER_CTX *ctx = NULL;
25 BIO *bdata = NULL, *b64 = NULL, *bmem = NULL;
28 @@ -408,7 +408,12 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
31 /* Decode and decrypt the encrypted data */
32 - EVP_CIPHER_CTX *ctx = NULL;
33 + ctx = EVP_CIPHER_CTX_new();
34 + if ( ctx == NULL ) {
35 + rc = TPMSEAL_STD_ERROR;
39 EVP_DecryptInit(ctx, EVP_aes_256_cbc(), symKey, (unsigned char *)TPMSEAL_IV);
41 /* Create a base64 BIO to decode the encrypted data */
42 @@ -459,6 +464,9 @@ out:
47 + EVP_CIPHER_CTX_free(ctx);
52 diff --git a/src/cmds/tpm_sealdata.c b/src/cmds/tpm_sealdata.c
53 index a2157f34b1..e25244a0f4 100644
54 --- a/src/cmds/tpm_sealdata.c
55 +++ b/src/cmds/tpm_sealdata.c
56 @@ -118,7 +118,7 @@ int main(int argc, char **argv)
59 BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
61 + EVP_CIPHER_CTX *ctx = NULL;
62 BIO *bin = NULL, *bdata=NULL, *b64=NULL;
65 @@ -343,7 +343,11 @@ int main(int argc, char **argv)
66 BIO_puts(bdata, TPMSEAL_ENC_STRING);
67 bdata = BIO_push(b64, bdata);
69 - EVP_CIPHER_CTX *ctx = NULL;
70 + ctx = EVP_CIPHER_CTX_new();
72 + logError(_("Unable to allocate cipher context\n"));
75 EVP_EncryptInit(ctx, EVP_aes_256_cbc(), randKey, (unsigned char *)TPMSEAL_IV);
77 while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) {
78 @@ -375,5 +379,8 @@ out:
83 + EVP_CIPHER_CTX_free(ctx);