diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-09-05 18:29:26 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-09-06 15:55:28 +0200 |
| commit | b52af7d243cb3e51b44622ee89c41bfec98599b6 (patch) | |
| tree | 1127b6c002998fcf7e89884d2736bdabae72c4ca /src | |
| parent | cryptenroll/cryptsetup: allow combined signed TPM2 PCR policy + pcrlock policy (diff) | |
| download | systemd-b52af7d243cb3e51b44622ee89c41bfec98599b6.tar.xz systemd-b52af7d243cb3e51b44622ee89c41bfec98599b6.zip | |
tpm2-util: introduce tpm2b_sensitive_data_erase_and_esys_freep() destructor
Let's make sure we erase TPM2B_SENSITIVE_DATA structures reliably in all
code paths.
Diffstat (limited to 'src')
| -rw-r--r-- | src/shared/tpm2-util.c | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index b93b744d8b..263acb8f9e 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -210,10 +210,22 @@ int dlopen_tpm2(void) { } void Esys_Freep(void *p) { + assert(p); + if (*(void**) p) sym_Esys_Free(*(void**) p); } +static void tpm2b_sensitive_data_erase_and_esys_freep(TPM2B_SENSITIVE_DATA **p) { + assert(p); + + if (!*p) + return; + + explicit_bzero_safe((*p)->buffer, (*p)->size); + sym_Esys_Free(*p); +} + /* Get a specific TPM capability (or capabilities). * * Returns 0 if there are no more capability properties of the requested type, or 1 if there are more, or < 0 @@ -5804,7 +5816,7 @@ int tpm2_unseal(Tpm2Context *c, log_debug("Unsealing HMAC key for shard %zu.", shard); - _cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL; + _cleanup_(tpm2b_sensitive_data_erase_and_esys_freep) TPM2B_SENSITIVE_DATA* unsealed = NULL; rc = sym_Esys_Unseal( c->esys_context, hmac_key->esys_handle, @@ -5823,8 +5835,6 @@ int tpm2_unseal(Tpm2Context *c, if (!iovec_append(&secret, &IOVEC_MAKE(unsealed->buffer, unsealed->size))) return log_oom_debug(); - - explicit_bzero_safe(unsealed->buffer, unsealed->size); } if (!retry) @@ -6105,7 +6115,7 @@ int tpm2_unseal_data( if (r < 0) return r; - _cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL; + _cleanup_(tpm2b_sensitive_data_erase_and_esys_freep) TPM2B_SENSITIVE_DATA* unsealed = NULL; rc = sym_Esys_Unseal( c->esys_context, what->esys_handle, @@ -6120,11 +6130,10 @@ int tpm2_unseal_data( return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to unseal data: %s", sym_Tss2_RC_Decode(rc)); - _cleanup_(iovec_done) struct iovec d = {}; - d = IOVEC_MAKE(memdup(unsealed->buffer, unsealed->size), unsealed->size); - - explicit_bzero_safe(unsealed->buffer, unsealed->size); - + _cleanup_(iovec_done) struct iovec d = { + .iov_base = memdup(unsealed->buffer, unsealed->size), + .iov_len = unsealed->size, + }; if (!d.iov_base) return log_oom_debug(); |