|
 |
28cd4a |
From 1ec07af70925ece698b733d55dedd1d9878b70f2 Mon Sep 17 00:00:00 2001
|
|
|
28cd4a |
From: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
|
28cd4a |
Date: Fri, 24 Jan 2020 19:05:34 -0800
|
|
|
28cd4a |
Subject: [PATCH] esys: zero out ctx->salt after on startAuthSession_finish
|
|
|
28cd4a |
|
|
|
28cd4a |
The ctx->salt is used to calculate session key during
|
|
|
28cd4a |
startAuthSession call if the caller pass a valid tpmKey
|
|
|
28cd4a |
parameter. There salt is calculated in the _Async call
|
|
|
28cd4a |
and the the session key is calculated in the _Finish call.
|
|
|
28cd4a |
The problem is that if in the same context an unsalted
|
|
|
28cd4a |
session is created after a salted session the ctx->salt
|
|
|
28cd4a |
will still hold the old value and it will incorrectly
|
|
|
28cd4a |
be used for session key calculation in the the subsequent
|
|
|
28cd4a |
_Finish call. To fix this the salt needs to be set to
|
|
|
28cd4a |
cleaned after no longer needed.
|
|
|
28cd4a |
|
|
|
28cd4a |
Fixes: #1574
|
|
|
28cd4a |
|
|
|
28cd4a |
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
|
28cd4a |
---
|
|
|
28cd4a |
src/tss2-esys/api/Esys_StartAuthSession.c | 1 +
|
|
|
28cd4a |
1 file changed, 1 insertion(+)
|
|
|
28cd4a |
|
|
|
28cd4a |
diff --git a/src/tss2-esys/api/Esys_StartAuthSession.c b/src/tss2-esys/api/Esys_StartAuthSession.c
|
|
|
28cd4a |
index 1717928a717d..6367419d7c9a 100644
|
|
|
28cd4a |
--- a/src/tss2-esys/api/Esys_StartAuthSession.c
|
|
|
28cd4a |
+++ b/src/tss2-esys/api/Esys_StartAuthSession.c
|
|
|
28cd4a |
@@ -497,6 +497,7 @@ Esys_StartAuthSession_Finish(
|
|
|
28cd4a |
goto_if_error(r, "Marshal session name", error_cleanup);
|
|
|
28cd4a |
|
|
|
28cd4a |
sessionHandleNode->rsrc.name.size = offset;
|
|
|
28cd4a |
+ memset(&esysContext->salt, '\0', sizeof(esysContext->salt));
|
|
|
28cd4a |
esysContext->state = _ESYS_STATE_INIT;
|
|
|
28cd4a |
|
|
|
28cd4a |
return TSS2_RC_SUCCESS;
|
|
|
28cd4a |
--
|
|
|
28cd4a |
2.27.0
|
|
|
28cd4a |
|