Hi opencryptoki devs,
I found a bug in opencryptoki related to cached SRK & public/private
root/leaf keys when a caller attempts to close and open a new TPM
session in one process. I've attached a patch.
In the TPM backend, the global references to the SRK & public/private
root/leaf keys can become stale when the TSP context is closed. The
patch just sets them all to NULL in token_specific_final().
Please take a look,
- dds
commit cdebdf2850bd28a3c5cceb7d896d2f42538c69b7
Author: David Smith <david.daniel.sm...@gmail.com>
Date: Tue Oct 20 18:24:58 2009 +0900
Set cached SRK and public/private root/leaf keys to NULL when finalizing
Trousers will automatic flush these keys from the TPM when there are no
more references to them. If a caller closes and then opens a new session
with opencryptoki, these cached key references are stale. This is a simple
fix to reset them to NULL when the token is finalized.
Signed-off-by: David Smith <david.daniel.sm...@gmail.com>
diff --git a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
index d5708c3..a04943a 100644
--- a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
+++ b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
@@ -2005,6 +2005,13 @@ token_specific_final()
return CKR_FUNCTION_FAILED;
}
+ /* TSP key handles */
+ hSRK = NULL_HKEY;
+ hPublicRootKey = NULL_HKEY;
+ hPublicLeafKey = NULL_HKEY;
+ hPrivateRootKey = NULL_HKEY;
+ hPrivateLeafKey = NULL_HKEY;
+
return CKR_OK;
}
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
opencryptoki-users mailing list
opencryptoki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
