| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <57e69d4fd5a40899cd779ee04f29f33009c97431.camel@HansenPartnership.com>
Date: Fri, 19 Dec 2025 15:54:47 -0500
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Jarkko Sakkinen <jarkko@...nel.org>, linux-integrity@...r.kernel.org
Cc: David Howells <dhowells@...hat.com>, Paul Moore <paul@...l-moore.com>,
James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>,
Mimi Zohar <zohar@...ux.ibm.com>, "open list:KEYS/KEYRINGS"
<keyrings@...r.kernel.org>, "open list:SECURITY SUBSYSTEM"
<linux-security-module@...r.kernel.org>, open list
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v8 07/12] KEYS: trusted: Remove dead branch from
tpm2_unseal_cmd
On Tue, 2025-12-16 at 11:21 +0200, Jarkko Sakkinen wrote:
> TPM2_Unseal requires TPM2_ST_SESSIONS, and tpm2_unseal_cmd() always
> does set up either password or HMAC session.
>
> Remove the branch in tpm2_unseal_cmd() conditionally setting
> TPM2_ST_NO_SESSIONS. It is faulty but luckily it is never exercised
> at run-time, and thus does not cause regressions.
Shouldn't that also be
Fixes: b7960b904861 ("tpm2-sessions: Open code tpm_buf_append_hmac_session()")
> Signed-off-by: Jarkko Sakkinen <jarkko@...nel.org>
> ---
> security/keys/trusted-keys/trusted_tpm2.c | 10 +---------
> 1 file changed, 1 insertion(+), 9 deletions(-)
>
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c
> b/security/keys/trusted-keys/trusted_tpm2.c
> index d3a5c5f2b926..3666e3e48eab 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -451,10 +451,8 @@ static int tpm2_unseal_cmd(struct tpm_chip
> *chip,
> struct trusted_key_options *options,
> u32 blob_handle)
> {
> - struct tpm_header *head;
> struct tpm_buf buf;
> u16 data_len;
> - int offset;
> u8 *data;
> int rc;
>
> @@ -495,14 +493,8 @@ static int tpm2_unseal_cmd(struct tpm_chip
> *chip,
> tpm_buf_append_u16(&buf, options->blobauth_len);
> tpm_buf_append(&buf, options->blobauth, options-
> >blobauth_len);
>
> - if (tpm2_chip_auth(chip)) {
> + if (tpm2_chip_auth(chip))
Since the statement above is that the if is always true, why do you
still have it here?
Regards,
James
Powered by blists - more mailing lists