diff --git a/src/tss2-fapi/api/Fapi_AuthorizePolicy.c b/src/tss2-fapi/api/Fapi_AuthorizePolicy.c index a923c0325..19bde9af0 100644 --- a/src/tss2-fapi/api/Fapi_AuthorizePolicy.c +++ b/src/tss2-fapi/api/Fapi_AuthorizePolicy.c @@ -366,7 +366,6 @@ Fapi_AuthorizePolicy_Finish( r = ifapi_cleanup_session(context); try_again_or_error_goto(r, "Cleanup", cleanup); - context->state = _FAPI_STATE_INIT; break; statecasedefault(context->state); @@ -383,6 +382,7 @@ Fapi_AuthorizePolicy_Finish( ifapi_cleanup_ifapi_object(&context->loadKey.auth_object); SAFE_FREE(command->policyPath); SAFE_FREE(command->signingKeyPath); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_ChangeAuth.c b/src/tss2-fapi/api/Fapi_ChangeAuth.c index b88078194..9ab798988 100644 --- a/src/tss2-fapi/api/Fapi_ChangeAuth.c +++ b/src/tss2-fapi/api/Fapi_ChangeAuth.c @@ -445,7 +445,6 @@ Fapi_ChangeAuth_Finish( r = ifapi_cleanup_session(context); try_again_or_error_goto(r, "Cleanup", error_cleanup); - context->state = _FAPI_STATE_INIT; LOG_TRACE("success"); break; @@ -609,5 +608,6 @@ Fapi_ChangeAuth_Finish( SAFE_FREE(command->pathlist); } LOG_TRACE("finished"); + context->state = _FAPI_STATE_INIT; return r; } diff --git a/src/tss2-fapi/api/Fapi_CreateKey.c b/src/tss2-fapi/api/Fapi_CreateKey.c index d5549f3d2..b26802ca2 100644 --- a/src/tss2-fapi/api/Fapi_CreateKey.c +++ b/src/tss2-fapi/api/Fapi_CreateKey.c @@ -307,6 +307,7 @@ Fapi_CreateKey_Finish( ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); ifapi_cleanup_ifapi_object(context->loadKey.key_object); ifapi_cleanup_ifapi_object(&context->loadKey.auth_object); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_Decrypt.c b/src/tss2-fapi/api/Fapi_Decrypt.c index d58224ac9..204815b26 100644 --- a/src/tss2-fapi/api/Fapi_Decrypt.c +++ b/src/tss2-fapi/api/Fapi_Decrypt.c @@ -409,6 +409,6 @@ Fapi_Decrypt_Finish( ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); ifapi_cleanup_ifapi_object(&context->loadKey.auth_object); ifapi_cleanup_ifapi_object(context->loadKey.key_object); - + context->state = _FAPI_STATE_INIT; return r; } diff --git a/src/tss2-fapi/api/Fapi_Delete.c b/src/tss2-fapi/api/Fapi_Delete.c index d0f2666c0..feb457543 100644 --- a/src/tss2-fapi/api/Fapi_Delete.c +++ b/src/tss2-fapi/api/Fapi_Delete.c @@ -550,7 +550,7 @@ Fapi_Delete_Finish( /* Load the object metadata from the keystore. */ r = ifapi_keystore_load_async(&context->keystore, &context->io, path); - return_if_error2(r, "Could not open: %s", path); + goto_if_error2(r, "Could not open: %s", error_cleanup, path); fallthrough; @@ -559,7 +559,7 @@ Fapi_Delete_Finish( TPM operations; e.g. persistent key or NV index. */ r = ifapi_keystore_load_finish(&context->keystore, &context->io, object); return_try_again(r); - return_if_error_reset_state(r, "read_finish failed"); + goto_if_error(r, "read_finish failed", error_cleanup); /* Initialize the ESYS object for the persistent key or NV Index. */ r = ifapi_initialize_object(context->esys, object); @@ -579,7 +579,7 @@ Fapi_Delete_Finish( /* Check whether hierarchy file has been read. */ if (authObject->objectType == IFAPI_OBJ_NONE) { r = ifapi_keystore_load_async(&context->keystore, &context->io, "/HS"); - return_if_error2(r, "Could not open hierarchy /HS"); + goto_if_error(r, "Could not open hierarchy /HS", error_cleanup); command->auth_index = ESYS_TR_RH_OWNER; } else { @@ -624,7 +624,7 @@ Fapi_Delete_Finish( statecase(context->state, ENTITY_DELETE_KEY); if (object->misc.key.persistent_handle) { r = ifapi_keystore_load_async(&context->keystore, &context->io, "/HS"); - return_if_error2(r, "Could not open hierarchy /HS"); + goto_if_error(r, "Could not open hierarchy /HS", error_cleanup); } fallthrough; @@ -632,7 +632,7 @@ Fapi_Delete_Finish( if (object->misc.key.persistent_handle) { r = ifapi_keystore_load_finish(&context->keystore, &context->io, authObject); return_try_again(r); - return_if_error(r, "read_finish failed"); + goto_if_error(r, "read_finish failed", error_cleanup); r = ifapi_initialize_object(context->esys, authObject); goto_if_error_reset_state(r, "Initialize hierarchy object", error_cleanup); @@ -786,5 +786,6 @@ Fapi_Delete_Finish( SAFE_FREE(command->pathlist); ifapi_session_clean(context); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); + context->state = _FAPI_STATE_INIT; return r; } diff --git a/src/tss2-fapi/api/Fapi_ExportPolicy.c b/src/tss2-fapi/api/Fapi_ExportPolicy.c index 1d978aff1..7f7f291da 100644 --- a/src/tss2-fapi/api/Fapi_ExportPolicy.c +++ b/src/tss2-fapi/api/Fapi_ExportPolicy.c @@ -287,14 +287,14 @@ Fapi_ExportPolicy_Finish( /* Load the key meta data from the keystore. */ r = ifapi_keystore_load_async(&context->keystore, &context->io, command->path); - return_if_error2(r, "Could not open: %s", command->path); + goto_if_error2(r, "Could not open: %s", error_cleanup, command->path); fallthrough; statecase(context->state, POLICY_EXPORT_READ_OBJECT_FINISH); r = ifapi_keystore_load_finish(&context->keystore, &context->io, &command->object); return_try_again(r); - return_if_error_reset_state(r, "read_finish failed"); + goto_if_error(r, "read_finish failed", error_cleanup); goto_if_null2(command->object.policy, "Object has no policy", diff --git a/src/tss2-fapi/api/Fapi_GetAppData.c b/src/tss2-fapi/api/Fapi_GetAppData.c index 5d5fe8d9a..4eccf308a 100644 --- a/src/tss2-fapi/api/Fapi_GetAppData.c +++ b/src/tss2-fapi/api/Fapi_GetAppData.c @@ -215,7 +215,6 @@ Fapi_GetAppData_Finish( if (appDataSize) *appDataSize = objAppData->size; - context->state = _FAPI_STATE_INIT; r = TSS2_RC_SUCCESS; break; @@ -228,6 +227,7 @@ Fapi_GetAppData_Finish( ifapi_cleanup_ifapi_object(&context->loadKey.auth_object); ifapi_cleanup_ifapi_object(context->loadKey.key_object); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_GetCertificate.c b/src/tss2-fapi/api/Fapi_GetCertificate.c index 1444185ef..e8652f57c 100644 --- a/src/tss2-fapi/api/Fapi_GetCertificate.c +++ b/src/tss2-fapi/api/Fapi_GetCertificate.c @@ -135,6 +135,10 @@ Fapi_GetCertificate_Async( check_not_null(context); check_not_null(path); + if (context->state != _FAPI_STATE_INIT) { + return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State"); + } + r = ifapi_non_tpm_mode_init(context); return_if_error(r, "Initialize GetCertificate"); diff --git a/src/tss2-fapi/api/Fapi_GetDescription.c b/src/tss2-fapi/api/Fapi_GetDescription.c index 035a2bba7..dad55929e 100644 --- a/src/tss2-fapi/api/Fapi_GetDescription.c +++ b/src/tss2-fapi/api/Fapi_GetDescription.c @@ -123,6 +123,10 @@ Fapi_GetDescription_Async( check_not_null(context); check_not_null(path); + if (context->state != _FAPI_STATE_INIT) { + return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State"); + } + /* Load the object metadata from keystore. */ r = ifapi_keystore_load_async(&context->keystore, &context->io, path); return_if_error2(r, "Could not open: %s", path); diff --git a/src/tss2-fapi/api/Fapi_GetEsysBlob.c b/src/tss2-fapi/api/Fapi_GetEsysBlob.c index db67e2e42..53e2a36dc 100644 --- a/src/tss2-fapi/api/Fapi_GetEsysBlob.c +++ b/src/tss2-fapi/api/Fapi_GetEsysBlob.c @@ -401,5 +401,6 @@ Fapi_GetEsysBlob_Finish( ifapi_cleanup_ifapi_object(&context->loadKey.auth_object); ifapi_cleanup_ifapi_object(context->loadKey.key_object); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); + context->state = _FAPI_STATE_INIT; return r; } diff --git a/src/tss2-fapi/api/Fapi_GetRandom.c b/src/tss2-fapi/api/Fapi_GetRandom.c index bb7906400..ac6e8070c 100644 --- a/src/tss2-fapi/api/Fapi_GetRandom.c +++ b/src/tss2-fapi/api/Fapi_GetRandom.c @@ -263,6 +263,7 @@ Fapi_GetRandom_Finish( ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); ifapi_session_clean(context); SAFE_FREE(context->get_random.data); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_GetTpmBlobs.c b/src/tss2-fapi/api/Fapi_GetTpmBlobs.c index d5df8ccde..4f119a074 100644 --- a/src/tss2-fapi/api/Fapi_GetTpmBlobs.c +++ b/src/tss2-fapi/api/Fapi_GetTpmBlobs.c @@ -137,6 +137,10 @@ Fapi_GetTpmBlobs_Async( check_not_null(context); check_not_null(path); + if (context->state != _FAPI_STATE_INIT) { + return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State"); + } + /* Load the object from the key store. */ r = ifapi_keystore_load_async(&context->keystore, &context->io, path); return_if_error2(r, "Could not open: %s", path); @@ -270,5 +274,6 @@ Fapi_GetTpmBlobs_Finish( ifapi_cleanup_ifapi_object(context->loadKey.key_object); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); LOG_TRACE("finished"); + context->state = _FAPI_STATE_INIT; return r; } diff --git a/src/tss2-fapi/api/Fapi_Import.c b/src/tss2-fapi/api/Fapi_Import.c index a82b7b926..a4468f64d 100644 --- a/src/tss2-fapi/api/Fapi_Import.c +++ b/src/tss2-fapi/api/Fapi_Import.c @@ -668,5 +668,6 @@ Fapi_Import_Finish( ifapi_cleanup_ifapi_object(&context->loadKey.auth_object); ifapi_cleanup_ifapi_object(context->loadKey.key_object); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); + context->state = _FAPI_STATE_INIT; return r; } diff --git a/src/tss2-fapi/api/Fapi_NvExtend.c b/src/tss2-fapi/api/Fapi_NvExtend.c index d9bebed57..4c001bff7 100644 --- a/src/tss2-fapi/api/Fapi_NvExtend.c +++ b/src/tss2-fapi/api/Fapi_NvExtend.c @@ -370,7 +370,7 @@ Fapi_NvExtend_Finish( /* Compute Digest of the current event */ hashAlg = object->misc.nv.public.nvPublic.nameAlg; r = ifapi_crypto_hash_start(&cryptoContext, hashAlg); - return_if_error(r, "crypto hash start"); + goto_if_error(r, "crypto hash start", error_cleanup); HASH_UPDATE_BUFFER(cryptoContext, &auxData->buffer[0], auxData->size, @@ -380,7 +380,7 @@ Fapi_NvExtend_Finish( (uint8_t *) &event->digests.digests[0].digest, &hashSize); - return_if_error(r, "crypto hash finish"); + goto_if_error(r, "crypto hash finish", error_cleanup); event->digests.digests[0].hashAlg = hashAlg; event->digests.count = 1; @@ -448,7 +448,7 @@ Fapi_NvExtend_Finish( /* Finish writing the NV object to the key store */ r = ifapi_keystore_store_finish(&context->io); return_try_again(r); - return_if_error_reset_state(r, "write_finish failed"); + goto_if_error(r, "write_finish failed", error_cleanup); fallthrough; statecase(context->state, NV_EXTEND_CLEANUP) @@ -456,7 +456,6 @@ Fapi_NvExtend_Finish( r = ifapi_cleanup_session(context); try_again_or_error_goto(r, "Cleanup", error_cleanup); - context->state = _FAPI_STATE_INIT; r = TSS2_RC_SUCCESS; break; @@ -483,5 +482,6 @@ Fapi_NvExtend_Finish( SAFE_FREE(object->misc.nv.event_log); ifapi_session_clean(context); LOG_TRACE("finished"); + context->state = _FAPI_STATE_INIT; return r; } diff --git a/src/tss2-fapi/api/Fapi_NvIncrement.c b/src/tss2-fapi/api/Fapi_NvIncrement.c index cfb54cbba..3d98007d9 100644 --- a/src/tss2-fapi/api/Fapi_NvIncrement.c +++ b/src/tss2-fapi/api/Fapi_NvIncrement.c @@ -336,7 +336,6 @@ Fapi_NvIncrement_Finish( r = ifapi_cleanup_session(context); try_again_or_error_goto(r, "Cleanup", error_cleanup); - context->state = _FAPI_STATE_INIT; break; statecasedefault(context->state); @@ -351,6 +350,7 @@ Fapi_NvIncrement_Finish( SAFE_FREE(command->nvPath); SAFE_FREE(jso); ifapi_session_clean(context); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_NvRead.c b/src/tss2-fapi/api/Fapi_NvRead.c index 08debdafc..470e283cb 100644 --- a/src/tss2-fapi/api/Fapi_NvRead.c +++ b/src/tss2-fapi/api/Fapi_NvRead.c @@ -330,7 +330,6 @@ Fapi_NvRead_Finish( *data = command->rdata; if (size) *size = command->size; - context->state = _FAPI_STATE_INIT; break; statecasedefault(context->state); @@ -345,6 +344,7 @@ Fapi_NvRead_Finish( SAFE_FREE(command->nvPath); //SAFE_FREE(context->nv_cmd.tes); ifapi_session_clean(context); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_NvSetBits.c b/src/tss2-fapi/api/Fapi_NvSetBits.c index adf332e0f..40698b071 100644 --- a/src/tss2-fapi/api/Fapi_NvSetBits.c +++ b/src/tss2-fapi/api/Fapi_NvSetBits.c @@ -336,7 +336,7 @@ Fapi_NvSetBits_Finish( /* Finish writing the NV object to the key store */ r = ifapi_keystore_store_finish(&context->io); return_try_again(r); - return_if_error_reset_state(r, "write_finish failed"); + goto_if_error(r, "write_finish failed", error_cleanup); fallthrough; @@ -345,9 +345,7 @@ Fapi_NvSetBits_Finish( r = ifapi_cleanup_session(context); try_again_or_error_goto(r, "Cleanup", error_cleanup); - context->state = _FAPI_STATE_INIT; LOG_DEBUG("success"); - break; statecasedefault(context->state); @@ -362,6 +360,7 @@ Fapi_NvSetBits_Finish( ifapi_cleanup_ifapi_object(&context->loadKey.auth_object); ifapi_cleanup_ifapi_object(context->loadKey.key_object); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_NvWrite.c b/src/tss2-fapi/api/Fapi_NvWrite.c index e0380027d..c8df7cdf5 100644 --- a/src/tss2-fapi/api/Fapi_NvWrite.c +++ b/src/tss2-fapi/api/Fapi_NvWrite.c @@ -290,7 +290,6 @@ Fapi_NvWrite_Finish( r = ifapi_cleanup_session(context); try_again_or_error_goto(r, "Cleanup", error_cleanup); - context->state = _FAPI_STATE_INIT; break; statecasedefault(context->state); @@ -307,7 +306,7 @@ Fapi_NvWrite_Finish( SAFE_FREE(command->data); SAFE_FREE(jso); ifapi_session_clean(context); - + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_PcrExtend.c b/src/tss2-fapi/api/Fapi_PcrExtend.c index 7944f29e9..a0d974b09 100644 --- a/src/tss2-fapi/api/Fapi_PcrExtend.c +++ b/src/tss2-fapi/api/Fapi_PcrExtend.c @@ -258,7 +258,7 @@ Fapi_PcrExtend_Finish( /* Construct the filename for the eventlog file */ r = ifapi_asprintf(&command->event_log_file, "%s/%s%i", context->eventlog.log_dir, IFAPI_PCR_LOG_FILE, command->pcrIndex); - return_if_error(r, "Out of memory."); + return_if_error_reset_state(r, "Out of memory."); /* Check wheter the event log has to be read. */ if (ifapi_io_path_exists(command->event_log_file)) { @@ -296,7 +296,7 @@ Fapi_PcrExtend_Finish( r = Esys_PCR_Event_Async(context->esys, command->pcrIndex, context->session1, ESYS_TR_NONE, ESYS_TR_NONE, &command->event); - return_if_error(r, "Esys_PCR_Event_Async"); + goto_if_error(r, "Esys_PCR_Event_Async", error_cleanup); command->event_digests = NULL; fallthrough; @@ -333,7 +333,6 @@ Fapi_PcrExtend_Finish( r = ifapi_cleanup_session(context); try_again_or_error_goto(r, "Cleanup", error_cleanup); - context->state = _FAPI_STATE_INIT; break; statecasedefault(context->state); @@ -350,6 +349,7 @@ Fapi_PcrExtend_Finish( ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); ifapi_cleanup_event(pcrEvent); ifapi_session_clean(context); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_PcrRead.c b/src/tss2-fapi/api/Fapi_PcrRead.c index 3d826ed9f..b88616e4e 100644 --- a/src/tss2-fapi/api/Fapi_PcrRead.c +++ b/src/tss2-fapi/api/Fapi_PcrRead.c @@ -266,7 +266,6 @@ Fapi_PcrRead_Finish( *pcrValue = command->pcrValue; if (pcrValueSize) *pcrValueSize = command->pcrValueSize; - context->state = _FAPI_STATE_INIT; break; statecasedefault(context->state); @@ -279,6 +278,7 @@ Fapi_PcrRead_Finish( SAFE_FREE(command->pcrValue); } SAFE_FREE(command->pcrValues); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_Provision.c b/src/tss2-fapi/api/Fapi_Provision.c index 9f89b694a..9d2616427 100644 --- a/src/tss2-fapi/api/Fapi_Provision.c +++ b/src/tss2-fapi/api/Fapi_Provision.c @@ -906,9 +906,9 @@ Fapi_Provision_Finish(FAPI_CONTEXT *context) if (command->auth_state & TPMA_PERMANENT_LOCKOUTAUTHSET) { hierarchy_lockout->misc.hierarchy.with_auth = TPM2_YES; r = ifapi_get_description(hierarchy_lockout, &description); - return_if_error(r, "Get description"); + goto_if_error(r, "Get description", error_cleanup); r = ifapi_set_auth(context, hierarchy_lockout, description); - return_if_error(r, "Set auth value"); + goto_if_error(r, "Set auth value", error_cleanup); } else { hierarchy_lockout->misc.hierarchy.with_auth = TPM2_NO; } @@ -1269,7 +1269,7 @@ Fapi_Provision_Finish(FAPI_CONTEXT *context) /* Finish writing the endorsement hierarchy to the key store */ r = ifapi_keystore_store_finish(&context->io); return_try_again(r); - return_if_error_reset_state(r, "write_finish failed"); + goto_if_error_reset_state(r, "write_finish failed", error_cleanup); /* Write all endorsement hierarchies. */ command->hierarchy = hierarchy_he; @@ -1541,6 +1541,7 @@ Fapi_Provision_Finish(FAPI_CONTEXT *context) } SAFE_FREE(command->pathlist); } + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_Quote.c b/src/tss2-fapi/api/Fapi_Quote.c index 771a73a7d..52d2e7726 100644 --- a/src/tss2-fapi/api/Fapi_Quote.c +++ b/src/tss2-fapi/api/Fapi_Quote.c @@ -459,7 +459,6 @@ Fapi_Quote_Finish( *pcrLog = command->pcrLog; *signature = command->signature; *signatureSize = command->signatureSize; - context->state = _FAPI_STATE_INIT; break; statecasedefault(context->state); @@ -483,6 +482,7 @@ Fapi_Quote_Finish( if (command->handle != ESYS_TR_NONE) { Esys_FlushContext(context->esys, command->handle); } + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_SetAppData.c b/src/tss2-fapi/api/Fapi_SetAppData.c index 49ef82c3c..93039fb8d 100644 --- a/src/tss2-fapi/api/Fapi_SetAppData.c +++ b/src/tss2-fapi/api/Fapi_SetAppData.c @@ -139,6 +139,10 @@ Fapi_SetAppData_Async( check_not_null(context); check_not_null(path); + if (context->state != _FAPI_STATE_INIT) { + return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State"); + } + /* App data is restricted to 10MB. */ if (appDataSize > FAPI_MAX_APP_DATA_SIZE) { LOG_ERROR("Only 10MB are allowd for app data."); @@ -264,10 +268,9 @@ Fapi_SetAppData_Finish( /* Finish writing of object */ r = ifapi_keystore_store_finish(&context->io); return_try_again(r); - return_if_error_reset_state(r, "write_finish failed"); + goto_if_error(r, "write_finish failed", error_cleanup); ifapi_cleanup_ifapi_object(object); - context->state = _FAPI_STATE_INIT; r = TSS2_RC_SUCCESS; break; @@ -281,6 +284,7 @@ Fapi_SetAppData_Finish( ifapi_cleanup_ifapi_object(context->loadKey.key_object); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); SAFE_FREE(command->object_path); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_SetCertificate.c b/src/tss2-fapi/api/Fapi_SetCertificate.c index 94646e800..09427380b 100644 --- a/src/tss2-fapi/api/Fapi_SetCertificate.c +++ b/src/tss2-fapi/api/Fapi_SetCertificate.c @@ -138,6 +138,10 @@ Fapi_SetCertificate_Async( check_not_null(context); check_not_null(path); + if (context->state != _FAPI_STATE_INIT) { + return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State"); + } + /* Helpful alias pointers */ IFAPI_Key_SetCertificate * command = &context->cmd.Key_SetCertificate; @@ -250,9 +254,8 @@ Fapi_SetCertificate_Finish( /* Finish writing the object to the key store */ r = ifapi_keystore_store_finish(&context->io); return_try_again(r); - return_if_error_reset_state(r, "write_finish failed"); + goto_if_error_reset_state(r, "write_finish failed", error_cleanup); - context->state = _FAPI_STATE_INIT; r = TSS2_RC_SUCCESS; break; @@ -269,6 +272,7 @@ Fapi_SetCertificate_Finish( ifapi_cleanup_ifapi_object(&context->loadKey.auth_object); ifapi_cleanup_ifapi_object(context->loadKey.key_object); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_SetDescription.c b/src/tss2-fapi/api/Fapi_SetDescription.c index bbef27ec0..affe9d915 100644 --- a/src/tss2-fapi/api/Fapi_SetDescription.c +++ b/src/tss2-fapi/api/Fapi_SetDescription.c @@ -127,6 +127,10 @@ Fapi_SetDescription_Async( check_not_null(context); check_not_null(path); + if (context->state != _FAPI_STATE_INIT) { + return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State"); + } + /* Check for invalid parameters */ if (description && strlen(description) + 1 > 1024) { return_error(TSS2_FAPI_RC_BAD_VALUE, @@ -225,7 +229,6 @@ Fapi_SetDescription_Finish( return_try_again(r); return_if_error_reset_state(r, "write_finish failed"); - context->state = _FAPI_STATE_INIT; r = TSS2_RC_SUCCESS; break; @@ -239,6 +242,7 @@ Fapi_SetDescription_Finish( ifapi_cleanup_ifapi_object(context->loadKey.key_object); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); SAFE_FREE(command->object_path); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_Sign.c b/src/tss2-fapi/api/Fapi_Sign.c index 724f22fa5..0ea96b329 100644 --- a/src/tss2-fapi/api/Fapi_Sign.c +++ b/src/tss2-fapi/api/Fapi_Sign.c @@ -335,6 +335,7 @@ Fapi_Sign_Finish( SAFE_FREE(command->padding); ifapi_session_clean(context); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_Unseal.c b/src/tss2-fapi/api/Fapi_Unseal.c index 31c1504ff..fea9d109d 100644 --- a/src/tss2-fapi/api/Fapi_Unseal.c +++ b/src/tss2-fapi/api/Fapi_Unseal.c @@ -290,7 +290,6 @@ Fapi_Unseal_Finish( } SAFE_FREE(command->unseal_data); - context->state = _FAPI_STATE_INIT; break; statecasedefault(context->state); @@ -306,6 +305,7 @@ Fapi_Unseal_Finish( ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); ifapi_session_clean(context); SAFE_FREE(command->keyPath); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_VerifyQuote.c b/src/tss2-fapi/api/Fapi_VerifyQuote.c index 03a67459f..4c7271b09 100644 --- a/src/tss2-fapi/api/Fapi_VerifyQuote.c +++ b/src/tss2-fapi/api/Fapi_VerifyQuote.c @@ -175,6 +175,10 @@ Fapi_VerifyQuote_Async( check_not_null(quoteInfo); check_not_null(signature); + if (context->state != _FAPI_STATE_INIT) { + return_error(TSS2_FAPI_RC_BAD_SEQUENCE, "Invalid State"); + } + /* Check for invalid parameters */ if (qualifyingData == NULL && qualifyingDataSize != 0) { LOG_ERROR("qualifyingData is NULL but qualifyingDataSize is not 0"); @@ -323,7 +327,6 @@ Fapi_VerifyQuote_Finish( goto_if_error(r, "Verify event list.", error_cleanup); - context->state = _FAPI_STATE_INIT; break; statecasedefault(context->state); @@ -342,6 +345,7 @@ Fapi_VerifyQuote_Finish( SAFE_FREE(command->signature); SAFE_FREE(command->quoteInfo); SAFE_FREE(command->logData); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/api/Fapi_WriteAuthorizeNV.c b/src/tss2-fapi/api/Fapi_WriteAuthorizeNV.c index 0cf1c8871..470077e51 100644 --- a/src/tss2-fapi/api/Fapi_WriteAuthorizeNV.c +++ b/src/tss2-fapi/api/Fapi_WriteAuthorizeNV.c @@ -333,7 +333,6 @@ Fapi_WriteAuthorizeNv_Finish( /* Cleanup the session used for authorizing access to the NV index. */ r = ifapi_cleanup_session(context); try_again_or_error_goto(r, "Cleanup", error_cleanup); - context->state = _FAPI_STATE_INIT; break; statecasedefault(context->state); @@ -349,6 +348,7 @@ Fapi_WriteAuthorizeNv_Finish( ifapi_cleanup_ifapi_object(context->loadKey.key_object); ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object); ifapi_cleanup_ifapi_object(object); + context->state = _FAPI_STATE_INIT; LOG_TRACE("finished"); return r; } diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c index f78b3e408..4a3c6871d 100644 --- a/src/tss2-fapi/fapi_util.c +++ b/src/tss2-fapi/fapi_util.c @@ -63,9 +63,9 @@ ifapi_flush_object(FAPI_CONTEXT *context, ESYS_TR handle) if (base_rc(r) == TSS2_BASE_RC_TRY_AGAIN) return TSS2_FAPI_RC_TRY_AGAIN; + context->flush_object_state = FLUSH_INIT; return_if_error(r, "FlushContext"); - context->flush_object_state = FLUSH_INIT; return TSS2_RC_SUCCESS; statecasedefault(context->flush_object_state); @@ -1229,40 +1229,40 @@ ifapi_cleanup_session(FAPI_CONTEXT *context) context->session2 = ESYS_TR_NONE; } r = Esys_FlushContext_Async(context->esys, context->session1); - try_again_or_error(r, "Flush session."); + try_again_or_error_goto(r, "Flush session.", error); } fallthrough; statecase(context->cleanup_state, CLEANUP_SESSION1); if (context->session1 != ESYS_TR_NONE) { r = Esys_FlushContext_Finish(context->esys); - try_again_or_error(r, "Flush session."); + try_again_or_error_goto(r, "Flush session.", error); } context->session1 = ESYS_TR_NONE; if (context->session2 != ESYS_TR_NONE) { r = Esys_FlushContext_Async(context->esys, context->session2); - try_again_or_error(r, "Flush session."); + try_again_or_error_goto(r, "Flush session.", error); } fallthrough; statecase(context->cleanup_state, CLEANUP_SESSION2); if (context->session2 != ESYS_TR_NONE) { r = Esys_FlushContext_Finish(context->esys); - try_again_or_error(r, "Flush session."); + try_again_or_error_goto(r, "Flush session.", error); } context->session2 = ESYS_TR_NONE; if (!context->srk_persistent && context->srk_handle != ESYS_TR_NONE) { r = Esys_FlushContext_Async(context->esys, context->srk_handle); - try_again_or_error(r, "Flush SRK."); + try_again_or_error_goto(r, "Flush SRK.", error); } fallthrough; statecase(context->cleanup_state, CLEANUP_SRK); if (!context->srk_persistent && context->srk_handle != ESYS_TR_NONE) { r = Esys_FlushContext_Finish(context->esys); - try_again_or_error(r, "Flush SRK."); + try_again_or_error_goto(r, "Flush SRK.", error); context->srk_handle = ESYS_TR_NONE; context->srk_persistent = false; @@ -1272,6 +1272,9 @@ ifapi_cleanup_session(FAPI_CONTEXT *context) statecasedefault(context->state); } + error: + context->cleanup_state = CLEANUP_INIT; + return r; } /** Cleanup primary keys in error cases (non asynchronous). @@ -2292,13 +2295,13 @@ ifapi_nv_write( /* Prepare reading of the key from keystore. */ r = ifapi_keystore_load_async(&context->keystore, &context->io, context->nv_cmd.nvPath); - return_if_error2(r, "Could not open: %s", context->nv_cmd.nvPath); + goto_if_error2(r, "Could not open: %s", error_cleanup, context->nv_cmd.nvPath); fallthrough; statecase(context->nv_cmd.nv_write_state, NV2_WRITE_READ); r = ifapi_keystore_load_finish(&context->keystore, &context->io, object); return_try_again(r); - return_if_error(r, "read_finish failed"); + goto_if_error(r, "read_finish failed", error_cleanup); if (object->objectType != IFAPI_NV_OBJ) goto_error(r, TSS2_FAPI_RC_BAD_PATH, "%s is no NV object.", error_cleanup, @@ -2376,7 +2379,8 @@ ifapi_nv_write( IFAPI_OBJECT *auth_object = &context->nv_cmd.auth_object; char *description; r = ifapi_get_description(auth_object, &description); - return_if_error(r, "Get description"); + goto_if_error(r, "Get description", error_cleanup); + r = ifapi_set_auth(context, auth_object, description); SAFE_FREE(description); goto_if_error_reset_state(r, " Fapi_NvWrite_Finish", error_cleanup); @@ -2456,12 +2460,10 @@ ifapi_nv_write( /* Finish writing the NV object to the key store */ r = ifapi_keystore_store_finish(&context->io); return_try_again(r); - return_if_error_reset_state(r, "write_finish failed"); + goto_if_error_reset_state(r, "write_finish failed", error_cleanup); LOG_DEBUG("success"); r = TSS2_RC_SUCCESS; - - context->nv_cmd.nv_write_state = NV2_WRITE_INIT; break; statecasedefault(context->nv_cmd.nv_write_state); @@ -2471,6 +2473,7 @@ ifapi_nv_write( context->session2 = ESYS_TR_NONE; SAFE_FREE(nv_file_name); SAFE_FREE(context->nv_cmd.write_data); + context->nv_cmd.nv_write_state = NV2_WRITE_INIT; return r; } @@ -2626,7 +2629,6 @@ ifapi_nv_read( return TSS2_FAPI_RC_TRY_AGAIN; } else { *size = context->nv_cmd.data_idx; - context->nv_cmd.nv_read_state = NV_READ_INIT; LOG_DEBUG("success"); r = TSS2_RC_SUCCESS; break; @@ -2635,6 +2637,7 @@ ifapi_nv_read( } error_cleanup: + context->nv_cmd.nv_read_state = NV_READ_INIT; return r; } @@ -2807,7 +2810,6 @@ ifapi_load_key( return_try_again(r); goto_if_error_reset_state(r, " Load key.", error_cleanup); - context->loadKey.prepare_state = PREPARE_LOAD_KEY_INIT; break; statecase(context->loadKey.prepare_state, PREPARE_LOAD_KEY_INIT_KEY); @@ -2823,6 +2825,7 @@ ifapi_load_key( } error_cleanup: + context->loadKey.prepare_state = PREPARE_LOAD_KEY_INIT; return r; } @@ -2956,7 +2959,6 @@ ifapi_key_sign( strdup_check(*certificate, "", r, cleanup); } } - context->Key_Sign.state = SIGN_INIT; LOG_TRACE("success"); r = TSS2_RC_SUCCESS; break; @@ -2968,6 +2970,8 @@ ifapi_key_sign( if (context->Key_Sign.handle != ESYS_TR_NONE) Esys_FlushContext(context->esys, context->Key_Sign.handle); ifapi_cleanup_ifapi_object(context->Key_Sign.key_object); + context->Key_Sign.state = SIGN_INIT; + return r; } @@ -3865,6 +3869,7 @@ ifapi_change_auth_hierarchy( statecasedefault(context->hierarchy_state); } error: + context->hierarchy_state = HIERARCHY_CHANGE_AUTH_INIT; return r; }