From c229bb590250bd9769cb5a63918ab0f6c9386be7 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Mon, 20 Feb 2017 12:00:39 +0100
Subject: [PATCH 3/3] Allocate OpenSSL cipher contexts for seal/unseal

Cipher contexts need to be allocated before using EVP_EncryptInit or
EVP_DecryptInit. Using a NULL context is invalid.

Fixes: f50ab0949438 ("Support OpenSSL 1.1.0")
---
 lib/tpm_unseal.c        | 12 ++++++++++--
 src/cmds/tpm_sealdata.c | 11 +++++++++--
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/lib/tpm_unseal.c b/lib/tpm_unseal.c
index fc4a84906a..005dab7f8f 100644
--- a/lib/tpm_unseal.c
+++ b/lib/tpm_unseal.c
@@ -86,7 +86,7 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
 	int srkSecretLen;
 	unsigned char* res_data = NULL;
 	int res_size = 0;
-
+	EVP_CIPHER_CTX *ctx = NULL;
 	BIO *bdata = NULL, *b64 = NULL, *bmem = NULL;
 	int bioRc;
 
@@ -408,7 +408,12 @@ int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size,
 	}
 
 	/* Decode and decrypt the encrypted data */
-	EVP_CIPHER_CTX *ctx = NULL;
+	ctx = EVP_CIPHER_CTX_new();
+	if ( ctx == NULL ) {
+		rc = TPMSEAL_STD_ERROR;
+		tpm_errno = ENOMEM;
+		goto tss_out;
+	}
 	EVP_DecryptInit(ctx, EVP_aes_256_cbc(), symKey, (unsigned char *)TPMSEAL_IV);
 
 	/* Create a base64 BIO to decode the encrypted data */
@@ -459,6 +464,9 @@ out:
 	} else
 		free(res_data);
 
+	if (ctx)
+		EVP_CIPHER_CTX_free(ctx);
+
 	return rc;
 }
 
diff --git a/src/cmds/tpm_sealdata.c b/src/cmds/tpm_sealdata.c
index a2157f34b1..e25244a0f4 100644
--- a/src/cmds/tpm_sealdata.c
+++ b/src/cmds/tpm_sealdata.c
@@ -118,7 +118,7 @@ int main(int argc, char **argv)
 	char *passwd = NULL;
 	int pswd_len;
 	BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
-
+	EVP_CIPHER_CTX *ctx = NULL;
 	BIO *bin = NULL, *bdata=NULL, *b64=NULL;
 
 	initIntlSys();
@@ -343,7 +343,11 @@ int main(int argc, char **argv)
 	BIO_puts(bdata, TPMSEAL_ENC_STRING); 
 	bdata = BIO_push(b64, bdata);
 
-	EVP_CIPHER_CTX *ctx = NULL;
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx == NULL) {
+		logError(_("Unable to allocate cipher context\n"));
+		goto out_close;
+	}
 	EVP_EncryptInit(ctx, EVP_aes_256_cbc(), randKey, (unsigned char *)TPMSEAL_IV);
 
 	while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) {
@@ -375,5 +379,8 @@ out:
 		BIO_free(bdata);
 	if (b64)
 		BIO_free(b64);
+	if (ctx)
+		EVP_CIPHER_CTX_free(ctx);
+
 	return iRc;
 }
-- 
2.9.3