From 57385aa2049f7614763ecf26bad0887eaa686160 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Sun, 12 Jun 2022 16:33:16 -0400
Subject: [PATCH] tpm2: Allow to runtime-disable AES by key sizes

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/tpm2/Unmarshal.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c
index bcbd0e8f..04a28740 100644
--- a/src/tpm2/Unmarshal.c
+++ b/src/tpm2/Unmarshal.c
@@ -2713,12 +2713,21 @@ TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *siz
 #if AES_256	// libtpms added end
 	  case 256:
 #endif		// libtpms added
+	    if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,	// libtpms added begin
+						     TPM_ALG_AES,
+						     *target,
+						     TPM_ECC_NONE,
+						     g_RuntimeProfile.stateFormatLevel)) {
+		rc = TPM_RC_VALUE;
+	    }											// libtpms added end
 	    break;
 	  default:
 	    rc = TPM_RC_VALUE;
-	    *target = orig_target; // libtpms added
 	}
     }
+    if (rc != TPM_RC_SUCCESS) {	// libtpms added begin
+	*target = orig_target;
+    }				// libtpms added end
     return rc;
 }
 #endif