aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/keys/trusted_defined.c51
1 files changed, 28 insertions, 23 deletions
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
index 975e9f29a52c..2836c6dc18a3 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c
@@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
101 if (dlen == 0) 101 if (dlen == 0)
102 break; 102 break;
103 data = va_arg(argp, unsigned char *); 103 data = va_arg(argp, unsigned char *);
104 if (data == NULL) 104 if (data == NULL) {
105 return -EINVAL; 105 ret = -EINVAL;
106 break;
107 }
106 ret = crypto_shash_update(&sdesc->shash, data, dlen); 108 ret = crypto_shash_update(&sdesc->shash, data, dlen);
107 if (ret < 0) 109 if (ret < 0)
108 goto out; 110 break;
109 } 111 }
110 va_end(argp); 112 va_end(argp);
111 if (!ret) 113 if (!ret)
@@ -146,14 +148,17 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
146 if (dlen == 0) 148 if (dlen == 0)
147 break; 149 break;
148 data = va_arg(argp, unsigned char *); 150 data = va_arg(argp, unsigned char *);
149 ret = crypto_shash_update(&sdesc->shash, data, dlen); 151 if (!data) {
150 if (ret < 0) { 152 ret = -EINVAL;
151 va_end(argp); 153 break;
152 goto out;
153 } 154 }
155 ret = crypto_shash_update(&sdesc->shash, data, dlen);
156 if (ret < 0)
157 break;
154 } 158 }
155 va_end(argp); 159 va_end(argp);
156 ret = crypto_shash_final(&sdesc->shash, paramdigest); 160 if (!ret)
161 ret = crypto_shash_final(&sdesc->shash, paramdigest);
157 if (!ret) 162 if (!ret)
158 ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, 163 ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
159 paramdigest, TPM_NONCE_SIZE, h1, 164 paramdigest, TPM_NONCE_SIZE, h1,
@@ -222,13 +227,12 @@ static int TSS_checkhmac1(unsigned char *buffer,
222 break; 227 break;
223 dpos = va_arg(argp, unsigned int); 228 dpos = va_arg(argp, unsigned int);
224 ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); 229 ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
225 if (ret < 0) { 230 if (ret < 0)
226 va_end(argp); 231 break;
227 goto out;
228 }
229 } 232 }
230 va_end(argp); 233 va_end(argp);
231 ret = crypto_shash_final(&sdesc->shash, paramdigest); 234 if (!ret)
235 ret = crypto_shash_final(&sdesc->shash, paramdigest);
232 if (ret < 0) 236 if (ret < 0)
233 goto out; 237 goto out;
234 238
@@ -316,13 +320,12 @@ static int TSS_checkhmac2(unsigned char *buffer,
316 break; 320 break;
317 dpos = va_arg(argp, unsigned int); 321 dpos = va_arg(argp, unsigned int);
318 ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); 322 ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
319 if (ret < 0) { 323 if (ret < 0)
320 va_end(argp); 324 break;
321 goto out;
322 }
323 } 325 }
324 va_end(argp); 326 va_end(argp);
325 ret = crypto_shash_final(&sdesc->shash, paramdigest); 327 if (!ret)
328 ret = crypto_shash_final(&sdesc->shash, paramdigest);
326 if (ret < 0) 329 if (ret < 0)
327 goto out; 330 goto out;
328 331
@@ -511,7 +514,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
511 /* get session for sealing key */ 514 /* get session for sealing key */
512 ret = osap(tb, &sess, keyauth, keytype, keyhandle); 515 ret = osap(tb, &sess, keyauth, keytype, keyhandle);
513 if (ret < 0) 516 if (ret < 0)
514 return ret; 517 goto out;
515 dump_sess(&sess); 518 dump_sess(&sess);
516 519
517 /* calculate encrypted authorization value */ 520 /* calculate encrypted authorization value */
@@ -519,11 +522,11 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
519 memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE); 522 memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE);
520 ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); 523 ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash);
521 if (ret < 0) 524 if (ret < 0)
522 return ret; 525 goto out;
523 526
524 ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE); 527 ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE);
525 if (ret < 0) 528 if (ret < 0)
526 return ret; 529 goto out;
527 ordinal = htonl(TPM_ORD_SEAL); 530 ordinal = htonl(TPM_ORD_SEAL);
528 datsize = htonl(datalen); 531 datsize = htonl(datalen);
529 pcrsize = htonl(pcrinfosize); 532 pcrsize = htonl(pcrinfosize);
@@ -552,7 +555,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
552 &datsize, datalen, data, 0, 0); 555 &datsize, datalen, data, 0, 0);
553 } 556 }
554 if (ret < 0) 557 if (ret < 0)
555 return ret; 558 goto out;
556 559
557 /* build and send the TPM request packet */ 560 /* build and send the TPM request packet */
558 INIT_BUF(tb); 561 INIT_BUF(tb);
@@ -572,7 +575,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
572 575
573 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); 576 ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);
574 if (ret < 0) 577 if (ret < 0)
575 return ret; 578 goto out;
576 579
577 /* calculate the size of the returned Blob */ 580 /* calculate the size of the returned Blob */
578 sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t)); 581 sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t));
@@ -591,6 +594,8 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
591 memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize); 594 memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize);
592 *bloblen = storedsize; 595 *bloblen = storedsize;
593 } 596 }
597out:
598 kfree(td);
594 return ret; 599 return ret;
595} 600}
596 601
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-07 07:03:24 -0500