Improved error handling to ensure TPM handles are cleared. Added build option to test TLS client without mutual auth.

2019-02-07 13:14:48 -08:00 · 2019-02-07 13:14:48 -08:00 · 0c86a92ac1
parent 6c41516cb1
commit 0c86a92ac1
3 changed files with 19 additions and 3 deletions
--- a/examples/tls/tls_client.c
+++ b/examples/tls/tls_client.c
@ -267,6 +267,7 @@ int TPM2_TLS_Client(void* userCtx)
 #endif /* !NO_FILESYSTEM */
 #endif

+#ifndef NO_TLS_MUTUAL_AUTH
 #ifdef NO_FILESYSTEM
    /* example loading from buffer */
    #if 0
@ -311,6 +312,7 @@ int TPM2_TLS_Client(void* userCtx)
    }
 #endif
 #endif /* !NO_FILESYSTEM */
+#endif /* !NO_TLS_MUTUAL_AUTH */

 #ifdef TLS_CIPHER_SUITE
    /* Optionally choose the cipher suite */
--- a/examples/tls/tls_common.h
+++ b/examples/tls/tls_common.h
@ -55,6 +55,10 @@
    #endif
 #endif

+/* disable mutual auth for client */
+#if 0
+    #define NO_TLS_MUTUAL_AUTH
+#endif
 /* enable for testing ECC key/cert when RSA is enabled */
 #if 0
    #define TLS_USE_ECC
--- a/src/tpm2_wrap.c
+++ b/src/tpm2_wrap.c
@ -2111,6 +2111,10 @@ int wolfTPM2_HashFinish(WOLFTPM2_DEV* dev, WOLFTPM2_HASH* hash,
    in.sequenceHandle = hash->handle.hndl;
    in.hierarchy = TPM_RH_NULL;
    rc = TPM2_SequenceComplete(&in, &out);
+
+    /* mark hash handle as done */
+    hash->handle.hndl = TPM_RH_NULL;
+
    if (rc != TPM_RC_SUCCESS) {
    #ifdef DEBUG_WOLFTPM
        printf("TPM2_SequenceComplete failed 0x%x: %s: Handle 0x%x\n", rc,
@ -2146,7 +2150,7 @@ static int wolfTPM2_ComputeSymmetricUnique(WOLFTPM2_DEV* dev, int hashAlg,
    int hashSz;
 #endif

-    if (sensitive == NULL || unique == NULL) {
+    if (dev == NULL || sensitive == NULL || unique == NULL) {
        return BAD_FUNC_ARG;
    }

@ -2166,6 +2170,10 @@ static int wolfTPM2_ComputeSymmetricUnique(WOLFTPM2_DEV* dev, int hashAlg,
            rc = wolfTPM2_HashFinish(dev, &hash, unique->buffer, &uniqueSz);
            unique->size = uniqueSz;
        }
+        else {
+            /* Make sure hash if free'd on failure */
+            wolfTPM2_UnloadHandle(dev, &hash.handle);
+        }
    }
 #elif !defined(WOLFTPM2_NO_WOLFCRYPT)
    rc = TPM2_GetHashType(hashAlg);
@ -2191,13 +2199,12 @@ static int wolfTPM2_ComputeSymmetricUnique(WOLFTPM2_DEV* dev, int hashAlg,
            if (rc == 0)
                unique->size = hashSz;
        }
-
        wc_HashFree(&hash, hashType);
    }
 #else
-    (void)unique;
    rc = NOT_COMPILED_IN;
 #endif
+
    return rc;
 }

@ -3179,6 +3186,8 @@ int wolfTPM2_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                }
                hashCtx = NULL;
            }
+            /* Make sure hash if free'd in case of failure */
+            wolfTPM2_UnloadHandle(tlsCtx->dev, &hash.handle);
        }

        /* save hashCtx to hash structure */
@ -3265,6 +3274,7 @@ int wolfTPM2_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)

        /* clean hmac context */
        if (rc != 0 || info->hmac.digest != NULL) {
+            wolfTPM2_UnloadHandle(tlsCtx->dev, &hmacCtx->hash.handle);
            wolfTPM2_UnloadHandle(tlsCtx->dev, &hmacCtx->key.handle);
            XFREE(hmacCtx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
            hmacCtx = NULL;