You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71 lines
2.8 KiB
71 lines
2.8 KiB
10 months ago
|
From 23ad144b16077c4833f7bcdf3846ebbaa30ae053 Mon Sep 17 00:00:00 2001
|
||
|
From: Dan Streetman <ddstreet@ieee.org>
|
||
|
Date: Wed, 14 Jun 2023 12:09:35 -0400
|
||
|
Subject: [PATCH] tpm2: move local vars in tpm2_unseal() to point of use
|
||
|
|
||
|
No functional change; cosmetic only.
|
||
|
|
||
|
(cherry picked from commit 98497426d61acc3302505903460abb058142fa0d)
|
||
|
|
||
|
Related: RHEL-16182
|
||
|
---
|
||
|
src/shared/tpm2-util.c | 13 ++++++-------
|
||
|
1 file changed, 6 insertions(+), 7 deletions(-)
|
||
|
|
||
|
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
|
||
|
index 2d208479c3..92f1fdd962 100644
|
||
|
--- a/src/shared/tpm2-util.c
|
||
|
+++ b/src/shared/tpm2-util.c
|
||
|
@@ -3523,13 +3523,7 @@ int tpm2_unseal(const char *device,
|
||
|
void **ret_secret,
|
||
|
size_t *ret_secret_size) {
|
||
|
|
||
|
- _cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
|
||
|
- _cleanup_(erase_and_freep) char *secret = NULL;
|
||
|
- TPM2B_PRIVATE private = {};
|
||
|
- TPM2B_PUBLIC public = {};
|
||
|
- size_t offset = 0;
|
||
|
TSS2_RC rc;
|
||
|
- usec_t start;
|
||
|
int r;
|
||
|
|
||
|
assert(blob);
|
||
|
@@ -3554,10 +3548,12 @@ int tpm2_unseal(const char *device,
|
||
|
* decrypted if the seed and the PCR policy were right ("unsealing"). We then download the result,
|
||
|
* and use it to unlock the LUKS2 volume. */
|
||
|
|
||
|
- start = now(CLOCK_MONOTONIC);
|
||
|
+ usec_t start = now(CLOCK_MONOTONIC);
|
||
|
|
||
|
log_debug("Unmarshalling private part of HMAC key.");
|
||
|
|
||
|
+ TPM2B_PRIVATE private = {};
|
||
|
+ size_t offset = 0;
|
||
|
rc = sym_Tss2_MU_TPM2B_PRIVATE_Unmarshal(blob, blob_size, &offset, &private);
|
||
|
if (rc != TSS2_RC_SUCCESS)
|
||
|
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
||
|
@@ -3565,6 +3561,7 @@ int tpm2_unseal(const char *device,
|
||
|
|
||
|
log_debug("Unmarshalling public part of HMAC key.");
|
||
|
|
||
|
+ TPM2B_PUBLIC public = {};
|
||
|
rc = sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal(blob, blob_size, &offset, &public);
|
||
|
if (rc != TSS2_RC_SUCCESS)
|
||
|
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
||
|
@@ -3640,6 +3637,7 @@ int tpm2_unseal(const char *device,
|
||
|
if (r < 0)
|
||
|
return r;
|
||
|
|
||
|
+ _cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
|
||
|
for (unsigned i = RETRY_UNSEAL_MAX;; i--) {
|
||
|
_cleanup_(tpm2_handle_freep) Tpm2Handle *policy_session = NULL;
|
||
|
_cleanup_(Esys_Freep) TPM2B_DIGEST *policy_digest = NULL;
|
||
|
@@ -3691,6 +3689,7 @@ int tpm2_unseal(const char *device,
|
||
|
log_debug("A PCR value changed during the TPM2 policy session, restarting HMAC key unsealing (%u tries left).", i);
|
||
|
}
|
||
|
|
||
|
+ _cleanup_(erase_and_freep) char *secret = NULL;
|
||
|
secret = memdup(unsealed->buffer, unsealed->size);
|
||
|
explicit_bzero_safe(unsealed->buffer, unsealed->size);
|
||
|
if (!secret)
|