diff options
Diffstat (limited to '')
| -rw-r--r-- | security/keys/trusted.c (renamed from security/keys/trusted_defined.c) | 54 |
1 files changed, 30 insertions, 24 deletions
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted.c index 975e9f29a52c..83fc92e297cd 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted.c @@ -29,7 +29,7 @@ #include <linux/tpm.h> #include <linux/tpm_command.h> -#include "trusted_defined.h" +#include "trusted.h" static const char hmac_alg[] = "hmac(sha1)"; static const char hash_alg[] = "sha1"; @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, if (dlen == 0) break; data = va_arg(argp, unsigned char *); - if (data == NULL) - return -EINVAL; + if (data == NULL) { + ret = -EINVAL; + break; + } ret = crypto_shash_update(&sdesc->shash, data, dlen); if (ret < 0) - goto out; + break; } va_end(argp); if (!ret) @@ -146,14 +148,17 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, if (dlen == 0) break; data = va_arg(argp, unsigned char *); - ret = crypto_shash_update(&sdesc->shash, data, dlen); - if (ret < 0) { - va_end(argp); - goto out; + if (!data) { + ret = -EINVAL; + break; } + ret = crypto_shash_update(&sdesc->shash, data, dlen); + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (!ret) ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, h1, @@ -222,13 +227,12 @@ static int TSS_checkhmac1(unsigned char *buffer, break; dpos = va_arg(argp, unsigned int); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (ret < 0) goto out; @@ -316,13 +320,12 @@ static int TSS_checkhmac2(unsigned char *buffer, break; dpos = va_arg(argp, unsigned int); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (ret < 0) goto out; @@ -511,7 +514,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, /* get session for sealing key */ ret = osap(tb, &sess, keyauth, keytype, keyhandle); if (ret < 0) - return ret; + goto out; dump_sess(&sess); /* calculate encrypted authorization value */ @@ -519,11 +522,11 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE); ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); if (ret < 0) - return ret; + goto out; ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE); if (ret < 0) - return ret; + goto out; ordinal = htonl(TPM_ORD_SEAL); datsize = htonl(datalen); pcrsize = htonl(pcrinfosize); @@ -552,7 +555,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, &datsize, datalen, data, 0, 0); } if (ret < 0) - return ret; + goto out; /* build and send the TPM request packet */ INIT_BUF(tb); @@ -572,7 +575,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); if (ret < 0) - return ret; + goto out; /* calculate the size of the returned Blob */ sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t)); @@ -591,6 +594,8 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize); *bloblen = storedsize; } +out: + kfree(td); return ret; } @@ -1027,6 +1032,7 @@ static int trusted_update(struct key *key, const void *data, size_t datalen) ret = datablob_parse(datablob, new_p, new_o); if (ret != Opt_update) { ret = -EINVAL; + kfree(new_p); goto out; } /* copy old key values, and reseal with new pcrs */ |