On Fri May 24, 2024 at 3:59 PM EEST, James Bottomley wrote:
> The new routine takes the OID enum instead of needing the u32 OID
> array explicitly which reduces duplication and the potential for
> mistakes.
>
> Signed-off-by: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
> ---
> security/keys/trusted-keys/trusted_tpm2.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
> index 9c7ac2e423d3..b6f34ff0ca5c 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -19,8 +19,6 @@
> #include "tpm2key.asn1.h"
> #include "tpm2-policy.h"
>
> -static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
> -
> static int tpm2_key_encode(struct trusted_key_payload *payload,
> struct trusted_key_options *options,
> u8 *src, u32 len)
> @@ -31,6 +29,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
> u8 *end_work = scratch + SCRATCH_SIZE;
> u8 *priv, *pub;
> u16 priv_len, pub_len;
> + int ret;
>
> priv_len = get_unaligned_be16(src) + 2;
> priv = src;
> @@ -43,8 +42,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
> if (!scratch)
> return -ENOMEM;
>
> - work = asn1_encode_oid(work, end_work, tpm2key_oid,
> - asn1_oid_len(tpm2key_oid));
> + ret = encode_OID(OID_TPMSealedData, work, end_work - work);
> + if (ret < 0)
> + return ret;
> + work += ret;
>
> if (options->blobauth_len == 0) {
> unsigned char bool[3], *w = bool;
Yupe, it's better this way.
BR, Jarkko
