Coverity fixes for new fwtpm code.

dgarske · dgarske · commit 34919d282981 · 2026-04-17T08:19:45.000-07:00
diff --git a/examples/pcr/policy.c b/examples/pcr/policy.c
@@ -61,6 +61,7 @@ int TPM2_PCR_Policy_Test(void* userCtx, int argc, char *argv[])
     TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
     WOLFTPM2_SESSION tpmSession;
     int i;
+    int hexRet;
     byte digest[32];
     word32 digestLen = 0;
     union {
@@ -108,7 +109,13 @@ int TPM2_PCR_Policy_Test(void* userCtx, int argc, char *argv[])
                 usage();
                 return 0;
             }
-            digestLen = hexToByte(digestStr, digest, digestLen / 2);
+            hexRet = hexToByte(digestStr, digest, digestLen / 2);
+            if (hexRet < 0) {
+                printf("Invalid hex digest string\n");
+                usage();
+                return 0;
+            }
+            digestLen = (word32)hexRet;
         }
         else if (argv[argc-1][0] != '-') {
             /* TODO: Allow selection of multiple PCR's SHA-1 or SHA2-256 */
diff --git a/src/fwtpm/fwtpm_command.c b/src/fwtpm/fwtpm_command.c
@@ -3587,7 +3587,7 @@ static TPM_RC FwCmd_Create(FWTPM_CTX* ctx, TPM2_Packet* cmd,
 
                 if (rc == 0 && sensDataSize > 0) {
                     /* Use caller-supplied key material */
-                    if (sensDataSize > (UINT16)FWTPM_MAX_PRIVKEY_DER) {
+                    if (sensDataSize > (UINT16)FWTPM_MAX_DATA_BUF) {
                         rc = TPM_RC_SIZE;
                     }
                     if (rc == 0) {
@@ -4090,7 +4090,7 @@ static TPM_RC FwCmd_LoadExternal(FWTPM_CTX* ctx, TPM2_Packet* cmd,
     if (rc == 0 && inPrivSize > 0 && sensitiveType == TPM_ALG_SYMCIPHER &&
             qSz > 0) {
         /* For SYMCIPHER, qBuf contains the raw AES key bytes */
-        if (qSz > (UINT16)FWTPM_MAX_PRIVKEY_DER) {
+        if (qSz > (UINT16)FWTPM_MAX_DER_SIG_BUF) {
             rc = TPM_RC_SIZE;
         }
         if (rc == 0) {
@@ -5459,7 +5459,7 @@ static TPM_RC FwCmd_CreateLoaded(FWTPM_CTX* ctx, TPM2_Packet* cmd,
                 }
 
                 if (rc == 0 && sensDataSize > 0) {
-                    if (sensDataSize > (UINT16)FWTPM_MAX_PRIVKEY_DER) {
+                    if (sensDataSize > (UINT16)FWTPM_MAX_DATA_BUF) {
                         rc = TPM_RC_SIZE;
                     }
                     if (rc == 0) {
@@ -5496,7 +5496,7 @@ static TPM_RC FwCmd_CreateLoaded(FWTPM_CTX* ctx, TPM2_Packet* cmd,
                 }
 
                 if (rc == 0 && sensDataSize > 0) {
-                    if (sensDataSize > (UINT16)FWTPM_MAX_PRIVKEY_DER) {
+                    if (sensDataSize > (UINT16)FWTPM_MAX_DATA_BUF) {
                         rc = TPM_RC_SIZE;
                     }
                     if (rc == 0) {
@@ -7339,6 +7339,9 @@ static TPM_RC FwCmd_StartAuthSession(FWTPM_CTX* ctx, TPM2_Packet* cmd,
                     XMEMCPY(&bindAuth, &bindObj->authValue, sizeof(TPM2B_AUTH));
                 }
             }
+            if (bindAuth.size > sizeof(bindAuth.buffer)) {
+                bindAuth.size = (UINT16)sizeof(bindAuth.buffer);
+            }
             if (bindAuth.size > 0) {
                 if (keyInSz + bindAuth.size <= (int)sizeof(keyIn)) {
                     XMEMCPY(keyIn + keyInSz, bindAuth.buffer, bindAuth.size);
@@ -11108,31 +11111,35 @@ static TPM_RC FwCmd_Quote(FWTPM_CTX* ctx, TPM2_Packet* cmd,
         wcH = FwGetWcHashType(pcrHashAlg);
         dSz = TPM2_GetHashDigestSize(pcrHashAlg);
         if (wcH != WC_HASH_TYPE_NONE && dSz > 0) {
-            wc_HashInit(hashCtx, wcH);
-            for (s = 0; s < numSel; s++) {
-                int bank = FwGetPcrBankIndex(selections[s].hashAlg);
-                int bankDSz = TPM2_GetHashDigestSize(
-                    selections[s].hashAlg);
-                UINT32 j;
-                if (bank < 0 || bankDSz == 0)
-                    continue;
-                for (j = 0; j < selections[s].sizeOfSelect; j++) {
-                    int pcr;
-                    for (pcr = 0; pcr < 8; pcr++) {
-                        if (selections[s].pcrSelect[j] & (1 << pcr)) {
-                            int pcrIdx = j * 8 + pcr;
-                            if (pcrIdx < IMPLEMENTATION_PCR) {
-                                wc_HashUpdate(hashCtx, wcH,
-                                    ctx->pcrDigest[pcrIdx][bank],
-                                    bankDSz);
+            if (wc_HashInit(hashCtx, wcH) != 0) {
+                rc = TPM_RC_FAILURE;
+            }
+            if (rc == 0) {
+                for (s = 0; s < numSel; s++) {
+                    int bank = FwGetPcrBankIndex(selections[s].hashAlg);
+                    int bankDSz = TPM2_GetHashDigestSize(
+                        selections[s].hashAlg);
+                    UINT32 j;
+                    if (bank < 0 || bankDSz == 0)
+                        continue;
+                    for (j = 0; j < selections[s].sizeOfSelect; j++) {
+                        int pcr;
+                        for (pcr = 0; pcr < 8; pcr++) {
+                            if (selections[s].pcrSelect[j] & (1 << pcr)) {
+                                int pcrIdx = j * 8 + pcr;
+                                if (pcrIdx < IMPLEMENTATION_PCR) {
+                                    wc_HashUpdate(hashCtx, wcH,
+                                        ctx->pcrDigest[pcrIdx][bank],
+                                        bankDSz);
+                                }
                             }
                         }
                     }
                 }
+                wc_HashFinal(hashCtx, wcH, pcrDigestBuf);
+                wc_HashFree(hashCtx, wcH);
+                pcrDigestSz = dSz;
             }
-            wc_HashFinal(hashCtx, wcH, pcrDigestBuf);
-            wc_HashFree(hashCtx, wcH);
-            pcrDigestSz = dSz;
         }
         TPM2_Packet_AppendU16(&attestPkt, (UINT16)pcrDigestSz);
         TPM2_Packet_AppendBytes(&attestPkt, pcrDigestBuf, pcrDigestSz);
@@ -11547,8 +11554,13 @@ static TPM_RC FwCmd_NV_Certify(FWTPM_CTX* ctx, TPM2_Packet* cmd,
         dSz = TPM2_GetHashDigestSize(nv->nvPublic.nameAlg);
         if (wcH != WC_HASH_TYPE_NONE && dSz > 0) {
             FwStoreU16BE(nvName.name, nv->nvPublic.nameAlg);
-            wc_Hash(wcH, nvPubBuf, tmpPkt.pos, nvName.name + 2, dSz);
-            nvName.size = (UINT16)(2 + dSz);
+            if (wc_Hash(wcH, nvPubBuf, tmpPkt.pos,
+                    nvName.name + 2, dSz) == 0) {
+                nvName.size = (UINT16)(2 + dSz);
+            }
+            else {
+                rc = TPM_RC_FAILURE;
+            }
         }
     }
 
@@ -11738,7 +11750,7 @@ static TPM_RC FwCmd_MakeCredential(FWTPM_CTX* ctx, TPM2_Packet* cmd,
         /* patch blob size */
         blobSz = rsp->pos - blobStart;
         if (blobSz < 0 || blobSz > 0xFFFF ||
-            encSeedSz < 0 || encSeedSz > 0xFFFF) {
+            encSeedSz < 0 || encSeedSz > (int)FWTPM_MAX_PUB_BUF) {
             rc = TPM_RC_SIZE;
         }
         if (rc == 0) {
@@ -11914,6 +11926,9 @@ static TPM_RC FwCmd_ActivateCredential(FWTPM_CTX* ctx, TPM2_Packet* cmd,
             objName->name, objName->size,
             credOut, (int)sizeof(credOut), &credSz);
     }
+    if (rc == 0 && credSz > (UINT16)sizeof(credOut)) {
+        rc = TPM_RC_SIZE;
+    }
 
     /* Build response: TPM2B_DIGEST */
     if (rc == 0) {
@@ -12849,7 +12864,6 @@ int FWTPM_ProcessCommand(FWTPM_CTX* ctx,
                     cmdAuthCnt++;
                 }
 
-                cmdPkt.pos = authEnd;
                 cpStart = authEnd; /* cpBuffer starts after auth area */
             }
         }
diff --git a/src/fwtpm/fwtpm_main.c b/src/fwtpm/fwtpm_main.c
@@ -108,7 +108,7 @@ int main(int argc, char* argv[])
     /* Delete NV state file if --clear was requested */
     if (clearNv) {
         printf("Clearing NV state file: %s\n", FWTPM_NV_FILE);
-        remove(FWTPM_NV_FILE);
+        (void)remove(FWTPM_NV_FILE);
     }
 
     /* Initialize fwTPM */
diff --git a/tests/fwtpm_unit_tests.c b/tests/fwtpm_unit_tests.c
@@ -2095,7 +2095,7 @@ int fwtpm_unit_tests(int argc, char *argv[])
     printf("fwTPM Unit Tests\n");
 
     /* Remove stale NV state to ensure clean test runs */
-    remove(FWTPM_NV_FILE);
+    (void)remove(FWTPM_NV_FILE);
 
     /* Lifecycle */
     test_fwtpm_init_cleanup();
@@ -2142,7 +2142,7 @@ int fwtpm_unit_tests(int argc, char *argv[])
      * state, so remove FWTPM_NV_FILE afterwards. */
     test_fwtpm_clock_sethal();
     test_fwtpm_nv_sethal_mock();
-    remove(FWTPM_NV_FILE);
+    (void)remove(FWTPM_NV_FILE);
 
     /* Key operations */
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ int main(int argc, char* argv[])`
`108`	`108`	`/* Delete NV state file if --clear was requested */`
`109`	`109`	`if (clearNv) {`
`110`	`110`	`printf("Clearing NV state file: %s\n", FWTPM_NV_FILE);`
`111`		`- remove(FWTPM_NV_FILE);`
	`111`	`+ (void)remove(FWTPM_NV_FILE);`
`112`	`112`	`}`
`113`	`113`
`114`	`114`	`/* Initialize fwTPM */`