From: Dan Streetman <ddstreet@ieee.org>
Date: Fri, 30 Jun 2023 16:57:23 +0000 (-0400)
Subject: tpm2: allow tpm2_make_encryption_session() without bind key
X-Git-Tag: v255-rc1~345^2~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=73592a7cca194a375d78e15df9e33c2d40f2ea74;p=thirdparty%2Fsystemd.git

tpm2: allow tpm2_make_encryption_session() without bind key

Allow providing no bind key, and use ESYS_TR_NONE instead.
---

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index ab7b58c34c2..638e2e390f4 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -2854,6 +2854,7 @@ static int tpm2_make_encryption_session(
         int r;
 
         assert(c);
+        assert(primary);
         assert(ret_session);
 
         log_debug("Starting HMAC encryption session.");
@@ -2869,7 +2870,7 @@ static int tpm2_make_encryption_session(
         rc = sym_Esys_StartAuthSession(
                         c->esys_context,
                         primary->esys_handle,
-                        bind_key->esys_handle,
+                        bind_key ? bind_key->esys_handle : ESYS_TR_NONE,
                         ESYS_TR_NONE,
                         ESYS_TR_NONE,
                         ESYS_TR_NONE,
@@ -4021,7 +4022,7 @@ int tpm2_seal(Tpm2Context *c,
         }
 
         _cleanup_(tpm2_handle_freep) Tpm2Handle *encryption_session = NULL;
-        r = tpm2_make_encryption_session(c, primary_handle, &TPM2_HANDLE_NONE, &encryption_session);
+        r = tpm2_make_encryption_session(c, primary_handle, /* bind_key= */ NULL, &encryption_session);
         if (r < 0)
                 return r;