}
void Esys_Freep(void *p) {
+ assert(p);
+
if (*(void**) p)
sym_Esys_Free(*(void**) p);
}
+static void tpm2b_sensitive_data_erase_and_esys_freep(TPM2B_SENSITIVE_DATA **p) {
+ assert(p);
+
+ if (!*p)
+ return;
+
+ explicit_bzero_safe((*p)->buffer, (*p)->size);
+ sym_Esys_Free(*p);
+}
+
/* Get a specific TPM capability (or capabilities).
*
* Returns 0 if there are no more capability properties of the requested type, or 1 if there are more, or < 0
log_debug("Unsealing HMAC key for shard %zu.", shard);
- _cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
+ _cleanup_(tpm2b_sensitive_data_erase_and_esys_freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
rc = sym_Esys_Unseal(
c->esys_context,
hmac_key->esys_handle,
if (!iovec_append(&secret, &IOVEC_MAKE(unsealed->buffer, unsealed->size)))
return log_oom_debug();
-
- explicit_bzero_safe(unsealed->buffer, unsealed->size);
}
if (!retry)
if (r < 0)
return r;
- _cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
+ _cleanup_(tpm2b_sensitive_data_erase_and_esys_freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
rc = sym_Esys_Unseal(
c->esys_context,
what->esys_handle,
return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
"Failed to unseal data: %s", sym_Tss2_RC_Decode(rc));
- _cleanup_(iovec_done) struct iovec d = {};
- d = IOVEC_MAKE(memdup(unsealed->buffer, unsealed->size), unsealed->size);
-
- explicit_bzero_safe(unsealed->buffer, unsealed->size);
-
+ _cleanup_(iovec_done) struct iovec d = {
+ .iov_base = memdup(unsealed->buffer, unsealed->size),
+ .iov_len = unsealed->size,
+ };
if (!d.iov_base)
return log_oom_debug();
projects / thirdparty / systemd.git / commitdiff
