Skip to content

Commit 6a3d0bb

Browse files
padelsbachpadelsbach
committed
Fix finding 345
1 parent 2c298c1 commit 6a3d0bb

1 file changed

Lines changed: 26 additions & 19 deletions

File tree

src/tpm2_wrap.c

Lines changed: 26 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -2682,7 +2682,7 @@ int wolfTPM2_ImportRsaPrivateKeySeed(WOLFTPM2_DEV* dev,
26822682
TPMI_ALG_RSA_SCHEME scheme, TPMI_ALG_HASH hashAlg, TPMA_OBJECT attributes,
26832683
byte* seed, word32 seedSz)
26842684
{
2685-
int rc = 0;
2685+
int rc = TPM_RC_SUCCESS;
26862686
TPM2B_PUBLIC pub;
26872687
TPM2B_SENSITIVE sens;
26882688
word32 digestSz;
@@ -2739,29 +2739,36 @@ int wolfTPM2_ImportRsaPrivateKeySeed(WOLFTPM2_DEV* dev,
27392739
#ifdef DEBUG_WOLFTPM
27402740
printf("Import RSA name alg size invalid! %d\n", digestSz);
27412741
#endif
2742-
return BUFFER_E;
2742+
rc = BUFFER_E;
27432743
}
2744-
if (seed != NULL) {
2745-
/* use custom seed */
2746-
if (seedSz != digestSz) {
2747-
#ifdef DEBUG_WOLFTPM
2748-
printf("Import RSA seed size invalid! %d != %d\n",
2749-
seedSz, digestSz);
2750-
#endif
2751-
return BAD_FUNC_ARG;
2744+
2745+
if (rc == TPM_RC_SUCCESS) {
2746+
if (seed != NULL) {
2747+
/* use custom seed */
2748+
if (seedSz != digestSz) {
2749+
#ifdef DEBUG_WOLFTPM
2750+
printf("Import RSA seed size invalid! %d != %d\n",
2751+
seedSz, digestSz);
2752+
#endif
2753+
rc = BAD_FUNC_ARG;
2754+
}
2755+
else {
2756+
sens.sensitiveArea.seedValue.size = seedSz;
2757+
XMEMCPY(sens.sensitiveArea.seedValue.buffer, seed, seedSz);
2758+
}
2759+
}
2760+
else {
2761+
/* assign random seed */
2762+
sens.sensitiveArea.seedValue.size = digestSz;
2763+
rc = TPM2_GetNonceNoLock(sens.sensitiveArea.seedValue.buffer,
2764+
sens.sensitiveArea.seedValue.size);
27522765
}
2753-
sens.sensitiveArea.seedValue.size = seedSz;
2754-
XMEMCPY(sens.sensitiveArea.seedValue.buffer, seed, seedSz);
2755-
}
2756-
else {
2757-
/* assign random seed */
2758-
sens.sensitiveArea.seedValue.size = digestSz;
2759-
rc = TPM2_GetNonceNoLock(sens.sensitiveArea.seedValue.buffer,
2760-
sens.sensitiveArea.seedValue.size);
27612766
}
2762-
if (rc == 0) {
2767+
if (rc == TPM_RC_SUCCESS) {
27632768
rc = wolfTPM2_ImportPrivateKey(dev, parentKey, keyBlob, &pub, &sens);
27642769
}
2770+
2771+
TPM2_ForceZero(&sens, sizeof(sens));
27652772
return rc;
27662773
}
27672774
int wolfTPM2_ImportRsaPrivateKey(WOLFTPM2_DEV* dev,

0 commit comments

Comments
 (0)