Author: David Smith <dds@google.com>
Description: Reset TPM datastructures on init, not just logout.
Forwarded: http://sourceforge.net/tracker/download.php?group_id=128009&atid=710344&file_id=391513&aid=3073688
Bug: http://sourceforge.net/tracker/index.php?func=detail&aid=3073688&group_id=128009&atid=710344
Bug-Ubuntu: https://launchpad.net/bugs/645576
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603104
---
 usr/lib/pkcs11/tpm_stdll/tpm_specific.c |   29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

Index: opencryptoki/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
===================================================================
--- opencryptoki.orig/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
+++ opencryptoki/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
@@ -143,6 +143,22 @@ int not_initialized = 0;
 CK_BYTE current_user_pin_sha[SHA1_HASH_SIZE];
 CK_BYTE current_so_pin_sha[SHA1_HASH_SIZE];
 
+static void
+clear_internal_structures()
+{
+	hSRK = NULL_HKEY;
+	hPrivateLeafKey = NULL_HKEY;
+	hPublicLeafKey = NULL_HKEY;
+	hPrivateRootKey = NULL_HKEY;
+	hPublicRootKey = NULL_HKEY;
+
+	memset(master_key_private, 0, MK_SIZE);
+	memset(current_so_pin_sha, 0, SHA1_HASH_SIZE);
+	memset(current_user_pin_sha, 0, SHA1_HASH_SIZE);
+
+	object_mgr_purge_private_token_objects();
+}
+
 CK_RV
 token_specific_rng(CK_BYTE *output, CK_ULONG bytes)
 {
@@ -310,7 +326,7 @@ token_wrap_sw_key(int size_n, unsigned c
 {
 	TSS_RESULT result;
 	TSS_HPOLICY hPolicy;
-	static TSS_BOOL get_srk_pub_key = TRUE;
+	TSS_BOOL get_srk_pub_key = TRUE;
 	UINT32 key_size;
 
 	key_size = util_get_keysize_flag(size_n * 8);
@@ -1752,16 +1768,11 @@ token_specific_logout()
 {
 	if (hPrivateLeafKey != NULL_HKEY) {
 		Tspi_Key_UnloadKey(hPrivateLeafKey);
-		hPrivateLeafKey = NULL_HKEY;
 	} else if (hPublicLeafKey != NULL_HKEY) {
 		Tspi_Key_UnloadKey(hPublicLeafKey);
-		hPublicLeafKey = NULL_HKEY;
 	}
 
-	memset(master_key_private, 0, MK_SIZE);
-	memset(current_so_pin_sha, 0, SHA1_HASH_SIZE);
-	memset(current_user_pin_sha, 0, SHA1_HASH_SIZE);
-
+	clear_internal_structures();
 	return CKR_OK;
 }
 
@@ -2159,6 +2170,7 @@ token_specific_final()
                 return CKR_FUNCTION_FAILED;
         }
 
+	clear_internal_structures();
 	return CKR_OK;
 }