From ea68ece7a7a67142d8cea1094af6a18dab4d5bbe Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Fri, 26 Jul 2024 13:03:48 -0400
Subject: [PATCH] tpm2: Disable curves whose keysize is too small and than can
 be disabled

When ecc-min-size is given use it to disable all curves whose keysize is
too small and that can be disabled.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/tpm2/RuntimeAlgorithm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/tpm2/RuntimeAlgorithm.c b/src/tpm2/RuntimeAlgorithm.c
index f8e2db3a..d59dec94 100644
--- a/src/tpm2/RuntimeAlgorithm.c
+++ b/src/tpm2/RuntimeAlgorithm.c
@@ -440,6 +440,11 @@ RuntimeAlgorithmSetProfile(struct RuntimeAlgorithm  *RuntimeAlgorithm,
 	    retVal = TPM_RC_VALUE;
 	    goto exit;
 	}
+	/* disable curves that can be disabled and not meet min. keysize */
+        if (RuntimeAlgorithm->algosMinimumKeySizes[TPM_ALG_ECC] >
+               s_EccAlgorithmProperties[curveId].keySize &&
+            s_EccAlgorithmProperties[curveId].canBeDisabled)
+            CLEAR_BIT(curveId, RuntimeAlgorithm->enabledEccCurves);
     }
 
     /* some consistency checks */