From 9a9224ac08ec23406a6c265b81d4b263d3d7b6b8 Mon Sep 17 00:00:00 2001 From: Juergen Repp Date: Wed, 18 Nov 2020 17:00:04 +0100 Subject: [PATCH 1/2] FAPI: Fix path error handling for not existing files. * Misleading error messages were changed. * The return code for not existing hierarchies was fixed. Signed-off-by: Juergen Repp --- src/tss2-fapi/ifapi_keystore.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/tss2-fapi/ifapi_keystore.c b/src/tss2-fapi/ifapi_keystore.c index b7e335613..82ff50be4 100644 --- a/src/tss2-fapi/ifapi_keystore.c +++ b/src/tss2-fapi/ifapi_keystore.c @@ -550,12 +550,12 @@ rel_path_to_abs_path( if (ifapi_path_type_p(rel_path, IFAPI_NV_PATH)) { /* NV directory does not exist. */ goto_error(r, TSS2_FAPI_RC_PATH_NOT_FOUND, - "FAPI not provisioned. File %s does not exist.", + "File %s does not exist.", cleanup, rel_path); } else if (ifapi_hierarchy_path_p(rel_path)) { /* Hierarchy which should be created during provisioning could not be loaded. */ - goto_error(r, TSS2_FAPI_RC_NOT_PROVISIONED, - "FAPI not provisioned. Hierarchy file %s does not exist.", + goto_error(r, TSS2_FAPI_RC_PATH_NOT_FOUND, + "Hierarchy file %s does not exist.", cleanup, rel_path); } else { /* Object file for key does not exist in keystore */ From 7dfee7e89edc3a322d19c77b901fe278ce120bf1 Mon Sep 17 00:00:00 2001 From: Jonas Witschel Date: Fri, 20 Nov 2020 17:04:37 +0100 Subject: [PATCH 2/2] FAPI: fix provisioning check in rel_path_to_abs_path() Commit 05d9ebd1c3ffe7011fc5062211c3a7013f9b33df added a provisioning check to rel_path_to_abs_path() that always returns early with TSS2_FAPI_RC_PATH_NOT_FOUND if the FAPI is provisioned. This leads to dead code in the rest of the function and possibly wrong return codes, breaking software that relies on a return value of TSS2_FAPI_RC_KEY_NOT_FOUND instead of TSS2_FAPI_RC_PATH_NOT_FOUND. Fixes: 05d9ebd1c3ffe7011fc5062211c3a7013f9b33df Signed-off-by: Jonas Witschel --- src/tss2-fapi/ifapi_keystore.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/tss2-fapi/ifapi_keystore.c b/src/tss2-fapi/ifapi_keystore.c index 82ff50be4..743de1339 100644 --- a/src/tss2-fapi/ifapi_keystore.c +++ b/src/tss2-fapi/ifapi_keystore.c @@ -537,10 +537,7 @@ rel_path_to_abs_path( r = ifapi_check_provisioned(keystore, rel_path, &provision_check_ok); goto_if_error(r, "Provisioning check.", cleanup); - if (provision_check_ok) { - goto_error(r, TSS2_FAPI_RC_PATH_NOT_FOUND, - "Path not found: %s.", cleanup, rel_path); - } else { + if (!provision_check_ok) { goto_error(r, TSS2_FAPI_RC_NOT_PROVISIONED, "FAPI not provisioned for path: %s.", cleanup, rel_path);