Address copilot review, add bounds checks, less than 0 checks

aidangarske · aidangarske · commit 599217e5927f · 2026-04-06T19:44:16.000+01:00
diff --git a/src/tpm2.c b/src/tpm2.c
@@ -3411,6 +3411,11 @@ TPM_RC TPM2_VerifySequenceComplete(VerifySequenceComplete_In* in,
             TPM2_Packet_ParseU16(&packet, &out->validation.tag);
             TPM2_Packet_ParseU32(&packet, &out->validation.hierarchy);
             TPM2_Packet_ParseU16(&packet, &out->validation.digest.size);
+            if (out->validation.digest.size >
+                    sizeof(out->validation.digest.buffer)) {
+                out->validation.digest.size =
+                    (UINT16)sizeof(out->validation.digest.buffer);
+            }
             TPM2_Packet_ParseBytes(&packet,
                         out->validation.digest.buffer,
                         out->validation.digest.size);
@@ -3509,6 +3514,11 @@ TPM_RC TPM2_VerifyDigestSignature(VerifyDigestSignature_In* in,
             TPM2_Packet_ParseU16(&packet, &out->validation.tag);
             TPM2_Packet_ParseU32(&packet, &out->validation.hierarchy);
             TPM2_Packet_ParseU16(&packet, &out->validation.digest.size);
+            if (out->validation.digest.size >
+                    sizeof(out->validation.digest.buffer)) {
+                out->validation.digest.size =
+                    (UINT16)sizeof(out->validation.digest.buffer);
+            }
             TPM2_Packet_ParseBytes(&packet,
                         out->validation.digest.buffer,
                         out->validation.digest.size);
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -4738,52 +4738,22 @@ int wolfTPM2_VerifySequenceComplete(WOLFTPM2_DEV* dev,
         XMEMCPY(signature.signature.rsassa.sig.buffer, sig, sigSz);
     }
 #ifdef WOLFTPM_V185
-    else {
-        /* For ML-DSA try to detect from signature */
-        TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_NULL;
-
-        /* Try to get scheme from key if available */
-        if (key->pub.publicArea.type == TPM_ALG_KEYEDHASH) {
-            /* KEYEDHASH keys may have ML-DSA scheme */
-            /* The scheme is in keyedHashDetail.scheme.scheme */
-            scheme = key->pub.publicArea.parameters.keyedHashDetail.scheme.scheme;
-        }
-
-        /* Check if it's an ML-DSA algorithm from key scheme */
-        if (scheme == TPM_ALG_MLDSA || scheme == TPM_ALG_HASH_MLDSA) {
-            signature.sigAlg = scheme;
-            /* ML-DSA signatures use SHA3-256, SHA3-384, or SHA3-512 typically */
-            /* Default to SHA3-256 if not specified */
-            signature.signature.mldsa.hash = TPM_ALG_SHA3_256;
-            if (sigSz > (int)sizeof(signature.signature.mldsa.signature.buffer)) {
-                return BUFFER_E;
-            }
-            signature.signature.mldsa.signature.size = (UINT16)sigSz;
-            XMEMCPY(signature.signature.mldsa.signature.buffer, sig, sigSz);
-        }
-        /* Fallback: detect ML-DSA from signature size if scheme not available */
-        else if (sigSz >= 2000 && sigSz <= 5000) {
-            /* Likely ML-DSA signature based on size */
-            /* ML-DSA-44: ~2420 bytes, ML-DSA-65: ~3309 bytes, ML-DSA-87: ~4627 bytes */
-            signature.sigAlg = TPM_ALG_MLDSA;
-            signature.signature.mldsa.hash = TPM_ALG_SHA3_256;
-            if (sigSz > (int)sizeof(signature.signature.mldsa.signature.buffer)) {
-                return BUFFER_E;
-            }
-            signature.signature.mldsa.signature.size = (UINT16)sigSz;
-            XMEMCPY(signature.signature.mldsa.signature.buffer, sig, sigSz);
-        }
-        else {
-            /* Unknown key type and signature doesn't match known formats */
-            return BAD_FUNC_ARG;
+    else if (key->pub.publicArea.type == TPM_ALG_MLDSA ||
+             key->pub.publicArea.type == TPM_ALG_HASH_MLDSA) {
+        /* ML-DSA signature - key type directly indicates algorithm */
+        signature.sigAlg = key->pub.publicArea.type;
+        signature.signature.mldsa.hash = TPM_ALG_SHA3_256;
+        if (sigSz > (int)sizeof(signature.signature.mldsa.signature.buffer)) {
+            return BUFFER_E;
         }
+        signature.signature.mldsa.signature.size = (UINT16)sigSz;
+        XMEMCPY(signature.signature.mldsa.signature.buffer, sig, sigSz);
     }
-#else
+#endif /* WOLFTPM_V185 */
     else {
-        /* For PQ algorithms or unknown types, return error */
+        /* Unknown key type */
         return BAD_FUNC_ARG;
     }
-#endif /* WOLFTPM_V185 */
     verifySeqCompleteIn.signature = signature;
 
     XMEMSET(&verifySeqCompleteOut, 0, sizeof(verifySeqCompleteOut));
@@ -4946,54 +4916,22 @@ int wolfTPM2_VerifyDigestSignature(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
         XMEMCPY(signature.signature.rsassa.sig.buffer, sig, sigSz);
     }
 #ifdef WOLFTPM_V185
-    else {
-        /* For ML-DSA and other PQ algorithms, try to detect from signature */
-        /* ML-DSA signatures are large: ML-DSA-44: ~2420 bytes, ML-DSA-65: ~3309 bytes, ML-DSA-87: ~4627 bytes */
-        /* First, check if key has a scheme that indicates ML-DSA */
-        TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_NULL;
-
-        /* Try to get scheme from key if available */
-        if (key->pub.publicArea.type == TPM_ALG_KEYEDHASH) {
-            /* KEYEDHASH keys may have ML-DSA scheme */
-            /* The scheme is in keyedHashDetail.scheme.scheme */
-            scheme = key->pub.publicArea.parameters.keyedHashDetail.scheme.scheme;
-        }
-
-        /* Check if it's an ML-DSA algorithm from key scheme */
-        if (scheme == TPM_ALG_MLDSA || scheme == TPM_ALG_HASH_MLDSA) {
-            signature.sigAlg = scheme;
-            /* ML-DSA signatures use SHA3-256, SHA3-384, or SHA3-512 typically */
-            /* Default to SHA3-256 if not specified */
-            signature.signature.mldsa.hash = TPM_ALG_SHA3_256;
-            if (sigSz > (int)sizeof(signature.signature.mldsa.signature.buffer)) {
-                return BUFFER_E;
-            }
-            signature.signature.mldsa.signature.size = (UINT16)sigSz;
-            XMEMCPY(signature.signature.mldsa.signature.buffer, sig, sigSz);
-        }
-        /* Fallback: detect ML-DSA from signature size if scheme not available */
-        else if (sigSz >= 2000 && sigSz <= 5000) {
-            /* Likely ML-DSA signature based on size */
-            /* ML-DSA-44: ~2420 bytes, ML-DSA-65: ~3309 bytes, ML-DSA-87: ~4627 bytes */
-            signature.sigAlg = TPM_ALG_MLDSA;
-            signature.signature.mldsa.hash = TPM_ALG_SHA3_256;
-            if (sigSz > (int)sizeof(signature.signature.mldsa.signature.buffer)) {
-                return BUFFER_E;
-            }
-            signature.signature.mldsa.signature.size = (UINT16)sigSz;
-            XMEMCPY(signature.signature.mldsa.signature.buffer, sig, sigSz);
-        }
-        else {
-            /* Unknown key type and signature doesn't match known formats */
-            return BAD_FUNC_ARG;
+    else if (key->pub.publicArea.type == TPM_ALG_MLDSA ||
+             key->pub.publicArea.type == TPM_ALG_HASH_MLDSA) {
+        /* ML-DSA signature - key type directly indicates algorithm */
+        signature.sigAlg = key->pub.publicArea.type;
+        signature.signature.mldsa.hash = TPM_ALG_SHA3_256;
+        if (sigSz > (int)sizeof(signature.signature.mldsa.signature.buffer)) {
+            return BUFFER_E;
         }
+        signature.signature.mldsa.signature.size = (UINT16)sigSz;
+        XMEMCPY(signature.signature.mldsa.signature.buffer, sig, sigSz);
     }
-#else
+#endif /* WOLFTPM_V185 */
     else {
-        /* For PQ algorithms or unknown types, return error */
+        /* Unknown key type */
         return BAD_FUNC_ARG;
     }
-#endif /* WOLFTPM_V185 */
     verifyDigestSigIn.signature = signature;
 
     verifyDigestSigIn.context.size = (UINT16)contextSz;
@@ -5047,6 +4985,9 @@ int wolfTPM2_Encapsulate(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
         }
     }
 
+    /* Clear sensitive shared secret from stack */
+    TPM2_ForceZero(&encapsulateOut.sharedSecret, sizeof(encapsulateOut.sharedSecret));
+
     return rc;
 }
 
@@ -5086,6 +5027,9 @@ int wolfTPM2_Decapsulate(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
         }
     }
 
+    /* Clear sensitive shared secret from stack */
+    TPM2_ForceZero(&decapsulateOut.sharedSecret, sizeof(decapsulateOut.sharedSecret));
+
     return rc;
 }
 
