From 1b0b41293a0d49ff8063542fcb3a5ee1d4e10f7e Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Mon, 29 Jul 2024 10:19:00 -0400
Subject: [PATCH] tpm2: Return TPM_RC_VALUE upon decryption failure

When decryption fails then return TPM_RC_VALUE rather than TPM_RC_FAILURE.
The old error code could indicate to an application or driver that
something is wrong with the TPM (has possibly gone into failure mode) even
though only the decryption failed, possibly due to a wrong key.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/tpm2/crypto/openssl/CryptRsa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
index b5d6b6c3..88ee3bac 100644
--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1457,7 +1457,7 @@ CryptRsaDecrypt(
     outlen = sizeof(buffer);
     if (EVP_PKEY_decrypt(ctx, buffer, &outlen,
                          cIn->buffer, cIn->size) <= 0)
-        ERROR_RETURN(TPM_RC_FAILURE);
+        ERROR_RETURN(TPM_RC_VALUE);
 
     if (outlen > dOut->size)
         ERROR_RETURN(TPM_RC_FAILURE);
-- 
2.41.0.28.gd7d8841f67