From 23ad144b16077c4833f7bcdf3846ebbaa30ae053 Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@ieee.org>
Date: Wed, 14 Jun 2023 12:09:35 -0400
Subject: [PATCH] tpm2: move local vars in tpm2_unseal() to point of use

No functional change; cosmetic only.

(cherry picked from commit 98497426d61acc3302505903460abb058142fa0d)

Related: RHEL-16182
---
 src/shared/tpm2-util.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 2d208479c3..92f1fdd962 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -3523,13 +3523,7 @@ int tpm2_unseal(const char *device,
                 void **ret_secret,
                 size_t *ret_secret_size) {
 
-        _cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
-        _cleanup_(erase_and_freep) char *secret = NULL;
-        TPM2B_PRIVATE private = {};
-        TPM2B_PUBLIC public = {};
-        size_t offset = 0;
         TSS2_RC rc;
-        usec_t start;
         int r;
 
         assert(blob);
@@ -3554,10 +3548,12 @@ int tpm2_unseal(const char *device,
          * decrypted if the seed and the PCR policy were right ("unsealing"). We then download the result,
          * and use it to unlock the LUKS2 volume. */
 
-        start = now(CLOCK_MONOTONIC);
+        usec_t start = now(CLOCK_MONOTONIC);
 
         log_debug("Unmarshalling private part of HMAC key.");
 
+        TPM2B_PRIVATE private = {};
+        size_t offset = 0;
         rc = sym_Tss2_MU_TPM2B_PRIVATE_Unmarshal(blob, blob_size, &offset, &private);
         if (rc != TSS2_RC_SUCCESS)
                 return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
@@ -3565,6 +3561,7 @@ int tpm2_unseal(const char *device,
 
         log_debug("Unmarshalling public part of HMAC key.");
 
+        TPM2B_PUBLIC public = {};
         rc = sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal(blob, blob_size, &offset, &public);
         if (rc != TSS2_RC_SUCCESS)
                 return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
@@ -3640,6 +3637,7 @@ int tpm2_unseal(const char *device,
         if (r < 0)
                 return r;
 
+        _cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
         for (unsigned i = RETRY_UNSEAL_MAX;; i--) {
                 _cleanup_(tpm2_handle_freep) Tpm2Handle *policy_session = NULL;
                 _cleanup_(Esys_Freep) TPM2B_DIGEST *policy_digest = NULL;
@@ -3691,6 +3689,7 @@ int tpm2_unseal(const char *device,
                 log_debug("A PCR value changed during the TPM2 policy session, restarting HMAC key unsealing (%u tries left).", i);
         }
 
+        _cleanup_(erase_and_freep) char *secret = NULL;
         secret = memdup(unsealed->buffer, unsealed->size);
         explicit_bzero_safe(unsealed->buffer, unsealed->size);
         if (!secret)