diff --git a/src/tss2-fapi/api/Fapi_ExportKey.c b/src/tss2-fapi/api/Fapi_ExportKey.c index 86eb88d04..87bc5a9cd 100644 --- a/src/tss2-fapi/api/Fapi_ExportKey.c +++ b/src/tss2-fapi/api/Fapi_ExportKey.c @@ -430,6 +430,8 @@ Fapi_ExportKey_Finish( return_try_again(r); goto_if_error(r, "Flush key", cleanup); + command->key_object->public.handle = ESYS_TR_NONE; + fallthrough; statecase(context->state, EXPORT_KEY_WAIT_FOR_FLUSH2); @@ -438,6 +440,8 @@ Fapi_ExportKey_Finish( return_try_again(r); goto_if_error(r, "Flush key", cleanup); + command->handle_ext_key = ESYS_TR_NONE; + fallthrough; statecase(context->state, EXPORT_KEY_CLEANUP) diff --git a/src/tss2-fapi/api/Fapi_Import.c b/src/tss2-fapi/api/Fapi_Import.c index ab6c34516..2aa5ed79f 100644 --- a/src/tss2-fapi/api/Fapi_Import.c +++ b/src/tss2-fapi/api/Fapi_Import.c @@ -652,6 +652,8 @@ Fapi_Import_Finish( if (!command->parent_object->misc.key.persistent_handle) { r = ifapi_flush_object(context, command->parent_object->public.handle); return_try_again(r); + + command->parent_object->public.handle = ESYS_TR_NONE; ifapi_cleanup_ifapi_object(command->parent_object); goto_if_error(r, "Flush key", error_cleanup); } else { diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c index f09d500e4..a7a263be7 100644 --- a/src/tss2-fapi/fapi_util.c +++ b/src/tss2-fapi/fapi_util.c @@ -1202,6 +1202,7 @@ ifapi_session_clean(FAPI_CONTEXT *context) { if (context->policy_session && context->policy_session != ESYS_TR_NONE) { Esys_FlushContext(context->esys, context->policy_session); + context->policy_session = ESYS_TR_NONE; } if (context->session1 != ESYS_TR_NONE && context->session1 != ESYS_TR_PASSWORD) { if (context->session1 == context->session2) { @@ -2229,6 +2230,7 @@ ifapi_authorize_object(FAPI_CONTEXT *context, IFAPI_OBJECT *object, ESYS_TR *ses error: /* No policy call was executed session can be flushed */ Esys_FlushContext(context->esys, *session); + *session = ESYS_TR_NONE; return r; } @@ -3717,6 +3719,8 @@ ifapi_key_create( r = ifapi_flush_object(context, context->loadKey.handle); return_try_again(r); goto_if_error(r, "Flush key", error_cleanup); + + context->loadKey.handle = ESYS_TR_NONE; } fallthrough; @@ -4892,6 +4896,8 @@ ifapi_create_primary( return_try_again(r); goto_if_error(r, "Flush key", error_cleanup); + context->cmd.Key_Create.handle = ESYS_TR_NONE; + fallthrough; statecase(context->cmd.Key_Create.state, KEY_CREATE_PRIMARY_WRITE_PREPARE); diff --git a/src/tss2-fapi/ifapi_policy_execute.c b/src/tss2-fapi/ifapi_policy_execute.c index e2fb4c2c6..e26d46713 100644 --- a/src/tss2-fapi/ifapi_policy_execute.c +++ b/src/tss2-fapi/ifapi_policy_execute.c @@ -574,8 +574,10 @@ execute_policy_signed( SAFE_FREE(current_policy->buffer); SAFE_FREE(current_policy->pem_key); /* In error cases object might not have been flushed. */ - if (current_policy->object_handle != ESYS_TR_NONE) + if (current_policy->object_handle != ESYS_TR_NONE) { Esys_FlushContext(esys_ctx, current_policy->object_handle); + current_policy->object_handle = ESYS_TR_NONE; + } return r; } @@ -745,9 +747,10 @@ execute_policy_authorize( } cleanup: /* In error cases object might not have been flushed. */ - if (current_policy->object_handle != ESYS_TR_NONE) + if (current_policy->object_handle != ESYS_TR_NONE) { Esys_FlushContext(esys_ctx, current_policy->object_handle); - + current_policy->object_handle = ESYS_TR_NONE; + } return r; } @@ -955,6 +958,7 @@ execute_policy_secret( statecase(current_policy->state, POLICY_FLUSH_KEY); r = Esys_FlushContext_Finish(esys_ctx); try_again_or_error(r, "Flush key finish."); + current_policy->auth_handle = ESYS_TR_NONE; current_policy->state = POLICY_EXECUTE_INIT; break; @@ -964,8 +968,9 @@ execute_policy_secret( return r; cleanup: - if (current_policy->flush_handle) { + if (current_policy->flush_handle && current_policy->auth_handle != ESYS_TR_NONE) { Esys_FlushContext(esys_ctx, current_policy->auth_handle); + current_policy->auth_handle = ESYS_TR_NONE; } SAFE_FREE(current_policy->nonceTPM); return r;