diff -ruN tpm2.0-tools-2.1.0-orig/lib/tpm_kdfa.c tpm2.0-tools-2.1.0/lib/tpm_kdfa.c

--- tpm2.0-tools-2.1.0-orig/lib/tpm_kdfa.c	2017-07-25 01:50:33.000000000 +0800

+++ tpm2.0-tools-2.1.0/lib/tpm_kdfa.c	2017-08-15 10:48:23.063493627 +0800

@@ -51,6 +51,34 @@

     /* no return, not possible */

 }

+static HMAC_CTX *hmac_alloc()

+{

+    HMAC_CTX *ctx;

+#if OPENSSL_VERSION_NUMBER < 0x1010000fL /* OpenSSL 1.1.0 */

+    ctx = malloc(sizeof(*ctx));

+#else

+    ctx = HMAC_CTX_new();

+#endif

+    if (!ctx)

+        return NULL;

+

+#if OPENSSL_VERSION_NUMBER < 0x1010000fL

+    HMAC_CTX_init(ctx);

+#endif

+

+    return ctx;

+}

+

+static void hmac_del(HMAC_CTX *ctx)

+{

+#if OPENSSL_VERSION_NUMBER < 0x1010000fL

+    HMAC_CTX_cleanup(ctx);

+    free(ctx);

+#else

+    HMAC_CTX_free(ctx);

+#endif

+}

+

 TPM_RC tpm_kdfa(TPMI_ALG_HASH hashAlg,

         TPM2B *key, char *label, TPM2B *contextU, TPM2B *contextV, UINT16 bits,

         TPM2B_MAX_BUFFER  *resultKey )

@@ -90,12 +118,17 @@

         return TPM_RC_HASH;

     }

-    HMAC_CTX ctx;

-    HMAC_CTX_init(&ctx;;

-    int rc = HMAC_Init_ex(&ctx, key->buffer, key->size, md, NULL);

+    HMAC_CTX *ctx = hmac_alloc();

+    if (!ctx) {

+        LOG_ERR("HMAC context allocation failed");

+        return TPM_RC_MEMORY;

+    }

+

+    int rc = HMAC_Init_ex(ctx, key->buffer, key->size, md, NULL);

     if (!rc) {

         LOG_ERR("HMAC Init failed: %s", ERR_error_string(rc, NULL));

-        return TPM_RC_MEMORY;

+        rval = TPM_RC_MEMORY;

+        goto err;

     }

     // TODO Why is this a loop? It appears to only execute once.

@@ -118,7 +151,7 @@

         int c;

         for(c=0; c < j; c++) {

             TPM2B_DIGEST *digest = bufferList[c];

-            int rc =  HMAC_Update(&ctx, digest->b.buffer, digest->b.size);

+            int rc =  HMAC_Update(ctx, digest->b.buffer, digest->b.size);

             if (!rc) {

                 LOG_ERR("HMAC Update failed: %s", ERR_error_string(rc, NULL));

                 rval = TPM_RC_MEMORY;

@@ -127,7 +160,7 @@

         }

         unsigned size = sizeof(tmpResult.t.buffer);

-        int rc = HMAC_Final(&ctx, tmpResult.t.buffer, &size);

+        int rc = HMAC_Final(ctx, tmpResult.t.buffer, &size);

         if (!rc) {

             LOG_ERR("HMAC Final failed: %s", ERR_error_string(rc, NULL));

             rval = TPM_RC_MEMORY;

@@ -147,7 +180,7 @@

     resultKey->t.size = bytes;

 err:

-    HMAC_CTX_cleanup(&ctx;;

+    hmac_del(ctx);

     return rval;

 }