More peer review fixes

Author: dgarske

.github/workflows/sanitizer.yml

@@ -26,7 +26,8 @@ jobs:
         working-directory: ./wolfssl
         run: |
           ./autogen.sh
-          ./configure --enable-wolftpm --enable-pkcallbacks
+          ./configure --enable-wolftpm --enable-pkcallbacks --enable-keygen \
+            CFLAGS="-DWC_RSA_NO_PADDING"
           make -j$(nproc)
           sudo make install
           sudo ldconfig

src/fwtpm/fwtpm_command.c

@@ -8043,7 +8043,7 @@ static TPM_RC FwCmd_PolicyAuthorize(FWTPM_CTX* ctx, TPM2_Packet* cmd,
     int match = 0;
     FWTPM_DECLARE_VAR(hashCtx, wc_HashAlg);
     int hashInit = 0;
-    enum wc_HashType wcHash;
+    enum wc_HashType wcHash = WC_HASH_TYPE_NONE;
     byte ccBuf[4];
     UINT32 cc = TPM_CC_PolicyAuthorize;
     (void)cmdSize;

src/fwtpm/fwtpm_nv.c

@@ -451,7 +451,7 @@ static int FwNvUnmarshalNvIndex(const byte* buf, word32* pos, word32 maxSz,
 {
     int rc;
     UINT16 dataLen;
-    UINT8 written;
+    UINT8 written = 0;
 
     XMEMSET(nv, 0, sizeof(FWTPM_NvIndex));
     nv->inUse = 1;

src/fwtpm/fwtpm_tis.c

@@ -194,8 +194,9 @@ static void TisHandleRegAccess(FWTPM_CTX* ctx, FWTPM_TIS_REGS* regs)
                     FWTPM_STS_DATA_EXPECT,
                     FWTPM_TIS_BURST_COUNT);
 
-                /* If we have the TPM header (6 bytes), check if command
-                 * is complete based on the size field in bytes [2..5] */
+                /* If we have the full TPM header (TPM2_HEADER_SIZE bytes),
+                 * check if command is complete based on the size field
+                 * in bytes [2..5] */
                 if (regs->cmd_len >= TPM2_HEADER_SIZE) {
                     UINT32 cmdTotalSz = FwLoadU32BE(regs->cmd_buf + 2);
                     if (cmdTotalSz < TPM2_HEADER_SIZE ||

src/fwtpm/fwtpm_tis_shm.c

@@ -68,9 +68,14 @@ static int TisShmInit(void* ctx, FWTPM_TIS_REGS** regs)
 {
     FWTPM_TIS_SHM_CTX* shm = (FWTPM_TIS_SHM_CTX*)ctx;
     int fd;
+    int openFlags = O_CREAT | O_RDWR | O_TRUNC | O_NOFOLLOW;
+
+#ifdef O_CLOEXEC
+    openFlags |= O_CLOEXEC;
+#endif
 
     /* Create shared memory file */
-    fd = open(FWTPM_TIS_SHM_PATH, O_CREAT | O_RDWR | O_TRUNC | O_NOFOLLOW, 0600);
+    fd = open(FWTPM_TIS_SHM_PATH, openFlags, 0600);
     if (fd < 0) {
         fprintf(stderr, "fwTPM TIS: open(%s) failed: %d (%s)\n",
             FWTPM_TIS_SHM_PATH, errno, strerror(errno));

src/tpm2_swtpm.c

@@ -96,7 +96,7 @@ static TPM_RC SwTpmTransmit(TPM2_CTX* ctx, const void* buffer, ssize_t bufSz)
     TPM_RC rc = TPM_RC_SUCCESS;
     ssize_t wrc = 0;
     const char* ptr;
-    int remaining;
+    ssize_t remaining;
 
     if (ctx == NULL || ctx->tcpCtx.fd < 0 || buffer == NULL || bufSz <= 0) {
         return BAD_FUNC_ARG;
@@ -114,7 +114,7 @@ static TPM_RC SwTpmTransmit(TPM2_CTX* ctx, const void* buffer, ssize_t bufSz)
             rc = TPM_RC_FAILURE;
             break;
         }
-        remaining -= (int)wrc;
+        remaining -= wrc;
         ptr += wrc;
     }
 

src/tpm2_util.c

@@ -30,6 +30,7 @@
 
 #include <wolftpm/tpm2_types.h>
 #include <wolftpm/tpm2.h>
+#include <stdio.h>
 
 #ifndef WOLFTPM2_NO_WOLFCRYPT
 #include <wolfssl/wolfcrypt/hash.h>