From 0558e0870dcdaa1827f51efbc57633a9612f1c5a Mon Sep 17 00:00:00 2001
From: Sascha Tommasone <sascha@tommasone.me>
Date: Mon, 1 Jul 2024 13:55:39 +0200
Subject: [PATCH] [Assignment-7] security fix in sign_firmware

---
 Assignment 7 - SGX Hands-on/src/enclave/enclave.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/Assignment 7 - SGX Hands-on/src/enclave/enclave.c b/Assignment 7 - SGX Hands-on/src/enclave/enclave.c
index e0cb745..4f851ad 100644
--- a/Assignment 7 - SGX Hands-on/src/enclave/enclave.c	
+++ b/Assignment 7 - SGX Hands-on/src/enclave/enclave.c	
@@ -85,15 +85,20 @@ sgx_status_t sign_firmware(uint8_t *data, size_t data_size, uint8_t *signature,
     sgx_ec256_public_t public;
 
     sgx_status_t status;
-    if((status = sgx_ecc256_open_context(&ecc_handle)) != SGX_SUCCESS)
+    if((status = sgx_ecc256_open_context(&ecc_handle)) != SGX_SUCCESS) {
         return status;
+    }
     
-    if((status = sgx_ecc256_create_key_pair(&private, &public, ecc_handle)) != SGX_SUCCESS)
+    if((status = sgx_ecc256_create_key_pair(&private, &public, ecc_handle)) != SGX_SUCCESS) {
+        sgx_ecc256_close_context(ecc_handle);
         return status;
+    }  
     
     sgx_ec256_signature_t ecc_signature;
-    if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS)
+    if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
+        sgx_ecc256_close_context(ecc_handle);
         return status;
+    }
     
     memcpy(signature, ecc_signature.x, SGX_ECP256_KEY_SIZE);
     memcpy(signature + SGX_ECP256_KEY_SIZE, ecc_signature.y, SGX_ECP256_KEY_SIZE);