From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 6 May 2024 14:12:04 +0000 (+0200)
Subject: tpm2-util: tweak JSON condition check
X-Git-Tag: v256-rc2~91^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3f2402171b26e9257f41417d749fe207fc329085;p=thirdparty%2Fsystemd.git

tpm2-util: tweak JSON condition check

As for the other fields let's check if the actual variable we serialize
is set before serializing it.

This shouldn't make any difference, since the pubkey and the PCR mask
should always be set together or neither, but I think it's easier to
grok this way, and makes the function nicely "dumb": it serializes what
is specified, without trying to be smart by suppressng specified fields.
---

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index e0c2c63878d..3afeb095169 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -7382,7 +7382,7 @@ int tpm2_make_luks2_json(
                                        JSON_BUILD_PAIR("tpm2-pin", JSON_BUILD_BOOLEAN(flags & TPM2_FLAGS_USE_PIN)),
                                        JSON_BUILD_PAIR("tpm2_pcrlock", JSON_BUILD_BOOLEAN(flags & TPM2_FLAGS_USE_PCRLOCK)),
                                        JSON_BUILD_PAIR_CONDITION(pubkey_pcr_mask != 0, "tpm2_pubkey_pcrs", JSON_BUILD_VARIANT(pkmj)),
-                                       JSON_BUILD_PAIR_CONDITION(pubkey_pcr_mask != 0, "tpm2_pubkey", JSON_BUILD_IOVEC_BASE64(pubkey)),
+                                       JSON_BUILD_PAIR_CONDITION(iovec_is_set(pubkey), "tpm2_pubkey", JSON_BUILD_IOVEC_BASE64(pubkey)),
                                        JSON_BUILD_PAIR_CONDITION(iovec_is_set(salt), "tpm2_salt", JSON_BUILD_IOVEC_BASE64(salt)),
                                        JSON_BUILD_PAIR_CONDITION(iovec_is_set(srk), "tpm2_srk", JSON_BUILD_IOVEC_BASE64(srk)),
                                        JSON_BUILD_PAIR_CONDITION(iovec_is_set(pcrlock_nv), "tpm2_pcrlock_nv", JSON_BUILD_IOVEC_BASE64(pcrlock_nv))));