fix error handling for failed policy commands

If the policy command of the key fails for any reason, we exit the
engine without flushing the policy session, which leads to a build up
of policy sessions leading to eventual failure.  Fix this by flushing
the policy session in tpm2_init_session() if there's any policy
failure.

Also add a test for this and fix up check_enhanced_auth.sh so that any
failed test exits the script.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

3 files changed, 22 insertions, 6 deletions

diff --git a/tests/check_enhanced_auth.sh b/tests/check_enhanced_auth.sh
index e8ab9d8..7006387 100755
--- a/tests/check_enhanced_auth.sh
+++ b/tests/check_enhanced_auth.sh
@@ -11,6 +11,16 @@ if [ ! -e ${tss_pcrreset_cmd} ] || [ ! -e ${tss_pcrextend_cmd} ]; then
 fi
 
 ##
+# check we can use a bogus policy 5 times without clogging up the TPM, so
+# we're properly flushing policy handles
+##
+${bindir}/create_tpm2_key key.tpm -c policies/policy_bogus.txt
+a=0; while [ $a -lt 5 ]; do
+    a=$[$a+1]
+    echo "This is a message" | openssl rsautl -sign -engine tpm2 -engine tpm2 -keyform engine -inkey key.tpm -out tmp.msg && exit 1
+done
+
+##
 # test is
 # 1. create TPM internal private key with PolicyAuthValue authorization
 # 2. get the corresponding public key from the engine
@@ -19,7 +29,7 @@ fi
 ${bindir}/create_tpm2_key -a -k passw0rd key2.tpm -c policies/policy_authvalue.txt && \
 openssl rsa -engine tpm2 -inform engine -passin pass:passw0rd -in key2.tpm -pubout -out key2.pub && \
 echo "This is a message" | openssl rsautl -sign -engine tpm2 -engine tpm2 -keyform engine -inkey key2.tpm -passin pass:passw0rd -out tmp.msg && \
-openssl rsautl -verify -in tmp.msg -inkey key2.pub -pubin
+openssl rsautl -verify -in tmp.msg -inkey key2.pub -pubin || exit 1
 
 ##
 # test is
@@ -34,7 +44,7 @@ ${tss_pcrextend_cmd} -ha 16 -ic aaa
 ${bindir}/create_tpm2_key key2.tpm -c policies/policy_pcr.txt && \
 openssl rsa -engine tpm2 -inform engine -in key2.tpm -pubout -out key2.pub && \
 echo "This is a message" | openssl rsautl -sign -engine tpm2 -engine tpm2 -keyform engine -inkey key2.tpm -out tmp.msg && \
-openssl rsautl -verify -in tmp.msg -inkey key2.pub -pubin
+openssl rsautl -verify -in tmp.msg -inkey key2.pub -pubin || exit 1
 
 ##
 # test is
@@ -66,7 +76,7 @@ ${tss_pcrextend_cmd} -ha 16 -ic aaa
 ${bindir}/create_tpm2_key -a -k passw0rd key2.tpm -c policies/policy_authvalue_pcr.txt && \
 openssl rsa -engine tpm2 -inform engine -passin pass:passw0rd -in key2.tpm -pubout -out key2.pub && \
 echo "This is a message" | openssl rsautl -sign -engine tpm2 -engine tpm2 -keyform engine -inkey key2.tpm -passin pass:passw0rd -out tmp.msg && \
-openssl rsautl -verify -in tmp.msg -inkey key2.pub -pubin
+openssl rsautl -verify -in tmp.msg -inkey key2.pub -pubin || exit 1
 
 ##
 # test is
diff --git a/tests/policies/policy_bogus.txt b/tests/policies/policy_bogus.txt
new file mode 100644
index 0000000..5b290d0
--- /dev/null
+++ b/tests/policies/policy_bogus.txt
@@ -0,0 +1 @@
+00000000
diff --git a/tpm2-common.c b/tpm2-common.c
index a32f5da..0b704f2 100644
--- a/tpm2-common.c
+++ b/tpm2-common.c
@@ -634,12 +634,13 @@ TPM_RC tpm2_init_session(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
 		default:
 			fprintf(stderr, "Unsupported policy command %d\n",
 				commands[i].code);
-			return TPM_RC_FAILURE;
+			rc = TPM_RC_FAILURE;
+			goto out_flush;
 		}
 
 		if (rc) {
 			tpm2_error(rc, "unmarshal");
-			return rc;
+			goto out_flush;
 		}
 
 		rc = TSS_Execute(tssContext,
@@ -650,11 +651,15 @@ TPM_RC tpm2_init_session(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
 				TPM_RH_NULL, NULL, 0);
 		if (rc) {
 			tpm2_error(rc, "policy command");
-			return rc;
+			goto out_flush;
 		}
 	}
 
 	return TPM_RC_SUCCESS;
+
+ out_flush:
+	tpm2_flush_handle(tssContext, handle);
+	return rc;
 }
 
 /*