systemd/SOURCES/0549-tpm2-move-local-vars-in-tpm2_unseal-to-point-of-use.patch

71 lines
2.8 KiB
Diff

From 23ad144b16077c4833f7bcdf3846ebbaa30ae053 Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@ieee.org>
Date: Wed, 14 Jun 2023 12:09:35 -0400
Subject: [PATCH] tpm2: move local vars in tpm2_unseal() to point of use
No functional change; cosmetic only.
(cherry picked from commit 98497426d61acc3302505903460abb058142fa0d)
Related: RHEL-16182
---
src/shared/tpm2-util.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 2d208479c3..92f1fdd962 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -3523,13 +3523,7 @@ int tpm2_unseal(const char *device,
void **ret_secret,
size_t *ret_secret_size) {
- _cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
- _cleanup_(erase_and_freep) char *secret = NULL;
- TPM2B_PRIVATE private = {};
- TPM2B_PUBLIC public = {};
- size_t offset = 0;
TSS2_RC rc;
- usec_t start;
int r;
assert(blob);
@@ -3554,10 +3548,12 @@ int tpm2_unseal(const char *device,
* decrypted if the seed and the PCR policy were right ("unsealing"). We then download the result,
* and use it to unlock the LUKS2 volume. */
- start = now(CLOCK_MONOTONIC);
+ usec_t start = now(CLOCK_MONOTONIC);
log_debug("Unmarshalling private part of HMAC key.");
+ TPM2B_PRIVATE private = {};
+ size_t offset = 0;
rc = sym_Tss2_MU_TPM2B_PRIVATE_Unmarshal(blob, blob_size, &offset, &private);
if (rc != TSS2_RC_SUCCESS)
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
@@ -3565,6 +3561,7 @@ int tpm2_unseal(const char *device,
log_debug("Unmarshalling public part of HMAC key.");
+ TPM2B_PUBLIC public = {};
rc = sym_Tss2_MU_TPM2B_PUBLIC_Unmarshal(blob, blob_size, &offset, &public);
if (rc != TSS2_RC_SUCCESS)
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
@@ -3640,6 +3637,7 @@ int tpm2_unseal(const char *device,
if (r < 0)
return r;
+ _cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
for (unsigned i = RETRY_UNSEAL_MAX;; i--) {
_cleanup_(tpm2_handle_freep) Tpm2Handle *policy_session = NULL;
_cleanup_(Esys_Freep) TPM2B_DIGEST *policy_digest = NULL;
@@ -3691,6 +3689,7 @@ int tpm2_unseal(const char *device,
log_debug("A PCR value changed during the TPM2 policy session, restarting HMAC key unsealing (%u tries left).", i);
}
+ _cleanup_(erase_and_freep) char *secret = NULL;
secret = memdup(unsealed->buffer, unsealed->size);
explicit_bzero_safe(unsealed->buffer, unsealed->size);
if (!secret)