On Tue, 2024-07-16 at 17:07 +0300, Jarkko Sakkinen wrote: > On Tue Jul 16, 2024 at 2:53 PM EEST, Jarkko Sakkinen wrote: > > > - u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE]; > > > + u8 name[AUTH_MAX_NAMES][2 + HASH_MAX_DIGESTSIZE]; > > Ouch, we definitely do not want 2-dimensional arrays. I missed this > in the hmac review. > > Why this is based on count (AUTH_MAX_NAMES) rather than space? Is > that value from the specs? Yes, it's based on the maximum number of session handles a command can have. It's architecturally defined in Trusted Platform Module Library Part 1: Architecture chapter 18 (TPM Command/Response Structure) where it says in 18.1 "an Authorization Area containing one to three session structures" Although if I look at our code we really only use a maximum of two for all the commands the kernel does. > You could just as well replace name and name_h with a single tpm_buf > instance in "sized" mode and return -E2BIG from the functions that > use it. Right, those don't return anything but void, which should be > also fixed. I'll look into that: it would get us out of the buf->handles spat. James
