From fcde77c2bf51470786e397acd301bc556e378f1e Mon Sep 17 00:00:00 2001 From: Aidan Garske Date: Thu, 26 Feb 2026 11:12:08 -0800 Subject: [PATCH 1/4] Fix coverity scan issues in wolfTPM --- examples/attestation/activate_credential.c | 12 ++++++++ examples/attestation/make_credential.c | 4 +++ examples/pcr/extend.c | 9 +++--- src/tpm2_linux.c | 12 ++------ src/tpm2_param_enc.c | 32 ++++++++++++++++++++++ src/tpm2_wrap.c | 2 ++ 6 files changed, 58 insertions(+), 13 deletions(-) diff --git a/examples/attestation/activate_credential.c b/examples/attestation/activate_credential.c index d83d8ba7..ae4fba12 100644 --- a/examples/attestation/activate_credential.c +++ b/examples/attestation/activate_credential.c @@ -192,6 +192,18 @@ int TPM2_ActivateCredential_Example(void* userCtx, int argc, char *argv[]) } printf("Read credential blob and secret from %s, %d bytes\n", input, dataSize); + /* Validate sizes from file data to prevent buffer overrun */ + if (activCredIn.credentialBlob.size > + sizeof(activCredIn.credentialBlob.buffer)) { + printf("Credential blob size %d exceeds buffer\n", + activCredIn.credentialBlob.size); + goto exit; + } + if (activCredIn.secret.size > sizeof(activCredIn.secret.secret)) { + printf("Secret size %d exceeds buffer\n", + activCredIn.secret.size); + goto exit; + } #else printf("Can not load credential. File support not enabled\n"); goto exit; diff --git a/examples/attestation/make_credential.c b/examples/attestation/make_credential.c index 5a9ac64a..c666714a 100644 --- a/examples/attestation/make_credential.c +++ b/examples/attestation/make_credential.c @@ -156,6 +156,10 @@ int TPM2_MakeCredential_Example(void* userCtx, int argc, char *argv[]) wolfTPM2_GetRandom(&dev, makeCredIn.credential.buffer, makeCredIn.credential.size); /* Set the object name */ + if (name.size > sizeof(makeCredIn.objectName.name)) { + printf("Name size %d exceeds buffer\n", name.size); + goto exit; + } makeCredIn.objectName.size = name.size; XMEMCPY(makeCredIn.objectName.name, name.name, makeCredIn.objectName.size); diff --git a/examples/pcr/extend.c b/examples/pcr/extend.c index 69cb78df..fab5e8af 100644 --- a/examples/pcr/extend.c +++ b/examples/pcr/extend.c @@ -153,15 +153,16 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[]) if (fp != XBADFILE) { rc = TPM2_GetHashType(alg); hashType = (enum wc_HashType)rc; - wc_HashInit(&dig, hashType); - while (!XFEOF(fp)) { + rc = wc_HashInit(&dig, hashType); + while (rc == 0 && !XFEOF(fp)) { len = XFREAD(dataBuffer, 1, sizeof(dataBuffer), fp); if (len > 0) { - wc_HashUpdate(&dig, hashType, dataBuffer, (int)len); + rc = wc_HashUpdate(&dig, hashType, dataBuffer, (int)len); } } XFCLOSE(fp); - wc_HashFinal(&dig, hashType, hash); + if (rc == 0) + rc = wc_HashFinal(&dig, hashType, hash); XMEMCPY(cmdIn.pcrExtend.digests.digests[0].digest.H, hash, hashSz); diff --git a/src/tpm2_linux.c b/src/tpm2_linux.c index 591953d5..26e4d492 100644 --- a/src/tpm2_linux.c +++ b/src/tpm2_linux.c @@ -144,17 +144,11 @@ int TPM2_LINUX_SendCommand(TPM2_CTX* ctx, TPM2_Packet* packet) rspSz = (int)ret; rc = TPM_RC_SUCCESS; } - else if (ret == 0) { - #ifdef DEBUG_WOLFTPM - printf("Received EOF(0) from %s: errno %d = %s\n", - TPM2_LINUX_DEV, errno, strerror(errno)); - #endif - rc = TPM_RC_FAILURE; - } else { #ifdef DEBUG_WOLFTPM - printf("Failed to read from %s: errno %d = %s\n", - TPM2_LINUX_DEV, errno, strerror(errno)); + printf("Failed to read from %s (ret %zd): errno %d" + " = %s\n", TPM2_LINUX_DEV, ret, errno, + strerror(errno)); #endif rc = TPM_RC_FAILURE; } diff --git a/src/tpm2_param_enc.c b/src/tpm2_param_enc.c index 090206af..571052c9 100644 --- a/src/tpm2_param_enc.c +++ b/src/tpm2_param_enc.c @@ -209,6 +209,14 @@ static int TPM2_ParamEnc_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey, return BUFFER_E; } + /* Validate source key sizes to prevent overrun of source buffers */ + if (sessKey->size > sizeof(sessKey->buffer)) { + return BUFFER_E; + } + if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) { + return BUFFER_E; + } + /* Validate key sizes before copy to prevent buffer overflow */ if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) { return BUFFER_E; @@ -264,6 +272,14 @@ static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey, return BUFFER_E; } + /* Validate source key sizes to prevent overrun of source buffers */ + if (sessKey->size > sizeof(sessKey->buffer)) { + return BUFFER_E; + } + if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) { + return BUFFER_E; + } + /* Validate key sizes before copy to prevent buffer overflow */ if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) { return BUFFER_E; @@ -321,6 +337,14 @@ static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey, return BUFFER_E; } + /* Validate source key sizes to prevent overrun of source buffers */ + if (sessKey->size > sizeof(sessKey->buffer)) { + return BUFFER_E; + } + if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) { + return BUFFER_E; + } + /* Validate key sizes before copy to prevent buffer overflow */ if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) { return BUFFER_E; @@ -387,6 +411,14 @@ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* sessKey, return BUFFER_E; } + /* Validate source key sizes to prevent overrun of source buffers */ + if (sessKey->size > sizeof(sessKey->buffer)) { + return BUFFER_E; + } + if (bindKey != NULL && bindKey->size > sizeof(bindKey->buffer)) { + return BUFFER_E; + } + /* Validate key sizes before copy to prevent buffer overflow */ if (sessKey->size + bindKeySz > sizeof(keyIn.buffer)) { return BUFFER_E; diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index dc6cfdb1..1580c55c 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -123,7 +123,9 @@ static int wolfTPM2_Init_ex(TPM2_CTX* ctx, TPM2HalIoCb ioCb, void* userCtx, rc = TPM2_Init_ex(ctx, ioCb, userCtx, timeoutTries); #endif if (rc != TPM_RC_SUCCESS) { + #ifdef DEBUG_WOLFTPM printf("TPM2_Init failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc)); + #endif return rc; } #ifdef DEBUG_WOLFTPM From fa3587d5b433c7997209395f18497cf40658d1aa Mon Sep 17 00:00:00 2001 From: Aidan Garske Date: Thu, 26 Feb 2026 11:23:05 -0800 Subject: [PATCH 2/4] Address minor feedback --- examples/attestation/activate_credential.c | 2 ++ examples/attestation/make_credential.c | 1 + examples/pcr/extend.c | 4 ++++ src/tpm2_linux.c | 11 ++++++++--- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/examples/attestation/activate_credential.c b/examples/attestation/activate_credential.c index ae4fba12..70bb404f 100644 --- a/examples/attestation/activate_credential.c +++ b/examples/attestation/activate_credential.c @@ -197,11 +197,13 @@ int TPM2_ActivateCredential_Example(void* userCtx, int argc, char *argv[]) sizeof(activCredIn.credentialBlob.buffer)) { printf("Credential blob size %d exceeds buffer\n", activCredIn.credentialBlob.size); + rc = BAD_FUNC_ARG; goto exit; } if (activCredIn.secret.size > sizeof(activCredIn.secret.secret)) { printf("Secret size %d exceeds buffer\n", activCredIn.secret.size); + rc = BAD_FUNC_ARG; goto exit; } #else diff --git a/examples/attestation/make_credential.c b/examples/attestation/make_credential.c index c666714a..fbea8a44 100644 --- a/examples/attestation/make_credential.c +++ b/examples/attestation/make_credential.c @@ -158,6 +158,7 @@ int TPM2_MakeCredential_Example(void* userCtx, int argc, char *argv[]) /* Set the object name */ if (name.size > sizeof(makeCredIn.objectName.name)) { printf("Name size %d exceeds buffer\n", name.size); + rc = BAD_FUNC_ARG; goto exit; } makeCredIn.objectName.size = name.size; diff --git a/examples/pcr/extend.c b/examples/pcr/extend.c index fab5e8af..44d99161 100644 --- a/examples/pcr/extend.c +++ b/examples/pcr/extend.c @@ -163,6 +163,10 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[]) XFCLOSE(fp); if (rc == 0) rc = wc_HashFinal(&dig, hashType, hash); + if (rc != 0) { + printf("Hash operation failed %d\n", rc); + goto exit; + } XMEMCPY(cmdIn.pcrExtend.digests.digests[0].digest.H, hash, hashSz); diff --git a/src/tpm2_linux.c b/src/tpm2_linux.c index 26e4d492..cf3dc7cb 100644 --- a/src/tpm2_linux.c +++ b/src/tpm2_linux.c @@ -146,9 +146,14 @@ int TPM2_LINUX_SendCommand(TPM2_CTX* ctx, TPM2_Packet* packet) } else { #ifdef DEBUG_WOLFTPM - printf("Failed to read from %s (ret %zd): errno %d" - " = %s\n", TPM2_LINUX_DEV, ret, errno, - strerror(errno)); + if (ret == 0) { + printf("Received EOF from %s\n", TPM2_LINUX_DEV); + } + else { + printf("Failed to read from %s (ret %zd):" + " errno %d = %s\n", TPM2_LINUX_DEV, ret, + errno, strerror(errno)); + } #endif rc = TPM_RC_FAILURE; } From 21f1d4926a78e04ba10461c411a1edfb41a8346a Mon Sep 17 00:00:00 2001 From: aidan garske Date: Thu, 26 Feb 2026 14:47:52 -0800 Subject: [PATCH 3/4] Add free hash here --- examples/pcr/extend.c | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/pcr/extend.c b/examples/pcr/extend.c index 44d99161..64f251ab 100644 --- a/examples/pcr/extend.c +++ b/examples/pcr/extend.c @@ -163,6 +163,7 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[]) XFCLOSE(fp); if (rc == 0) rc = wc_HashFinal(&dig, hashType, hash); + wc_HashFree(&dig, hashType); if (rc != 0) { printf("Hash operation failed %d\n", rc); goto exit; From 6768834c5a381cace4bab11ccf9f905294d69cf8 Mon Sep 17 00:00:00 2001 From: aidan garske Date: Thu, 26 Feb 2026 15:24:31 -0800 Subject: [PATCH 4/4] Add check for dig here --- examples/pcr/extend.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/examples/pcr/extend.c b/examples/pcr/extend.c index 64f251ab..d1b288c2 100644 --- a/examples/pcr/extend.c +++ b/examples/pcr/extend.c @@ -74,6 +74,7 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[]) BYTE dataBuffer[1024]; enum wc_HashType hashType; wc_HashAlg dig; + int hashInitialized = 0; #endif union { @@ -154,6 +155,8 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[]) rc = TPM2_GetHashType(alg); hashType = (enum wc_HashType)rc; rc = wc_HashInit(&dig, hashType); + if (rc == 0) + hashInitialized = 1; while (rc == 0 && !XFEOF(fp)) { len = XFREAD(dataBuffer, 1, sizeof(dataBuffer), fp); if (len > 0) { @@ -163,7 +166,8 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[]) XFCLOSE(fp); if (rc == 0) rc = wc_HashFinal(&dig, hashType, hash); - wc_HashFree(&dig, hashType); + if (hashInitialized) + wc_HashFree(&dig, hashType); if (rc != 0) { printf("Hash operation failed %d\n", rc); goto exit;