create_tpm2_key: fix uninitialized data problem

pcr_lock is created as an on stack variable and then updated additively. On some platforms, the stack isn't zero, so it contains bogus PCR settings that are never cleared which show up as additional PCRs in the range the user hadn't requested. Fix this by zeroing the entire on-stack structure before using it. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
author: James Bottomley <James.Bottomley@HansenPartnership.com> 2022-12-01 16:24:15 -0500
committer: James Bottomley <James.Bottomley@HansenPartnership.com> 2022-12-01 16:36:58 -0500
commit: b29730578bc1cf072953e4ace0492d916588eaeb (patch)
tree: 1f29f28e4abcfca4b45244ff40c0a081520fd672
parent: b75b7d23351d3efb62317521fbbdf9177bacf1d4 (diff)
download: openssl_tpm2_engine-b29730578bc1cf072953e4ace0492d916588eaeb.tar.gz
1 files changed, 1 insertions, 3 deletions
diff --git a/create_tpm2_key.c b/create_tpm2_key.c
index 530512d..d73071e 100644
--- a/create_tpm2_key.c
+++ b/create_tpm2_key.c
@@ -821,11 +821,9 @@ int main(int argc, char **argv)
 	ENCRYPTED_SECRET_2B secret, *enc_secret = NULL;
 	int restricted = 0;
 	char *parent_str = NULL;
-	TPML_PCR_SELECTION pcr_lock;
+	TPML_PCR_SELECTION pcr_lock = { 0 };
 	int has_policy = 0;
 
-	pcr_lock.count = 0;
-
 	OpenSSL_add_all_digests();
 	/* may be needed to decrypt the key */
 	OpenSSL_add_all_ciphers();
author	James Bottomley <James.Bottomley@HansenPartnership.com>	2022-12-01 16:24:15 -0500
committer	James Bottomley <James.Bottomley@HansenPartnership.com>	2022-12-01 16:36:58 -0500
commit	b29730578bc1cf072953e4ace0492d916588eaeb (patch)
tree	1f29f28e4abcfca4b45244ff40c0a081520fd672
parent	b75b7d23351d3efb62317521fbbdf9177bacf1d4 (diff)
download	openssl_tpm2_engine-b29730578bc1cf072953e4ace0492d916588eaeb.tar.gz