Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR exposes several previously-internal TPM helper routines under a test-focused visibility macro and adds new unit tests, while also hardening PCR-related packet parsing and ensuring sensitive inputs are wiped on error paths.
Changes:
- Introduces
WOLFTPM_TEST_APIand uses it to expose selected internal functions for unit testing. - Adds unit tests for constant-time compare, HMAC calculation behavior, and parameter encryption/decryption (XOR/AES-CFB).
- Hardens parsing of PCR selection/property lists by consuming overflow entries and adds
TPM2_ForceZeroon failure returns.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| wolftpm/visibility.h | Adds WOLFTPM_TEST_API to control symbol visibility for test-only exports. |
| wolftpm/tpm2_param_enc.h | Exposes HMAC and low-level param enc/dec APIs for tests. |
| wolftpm/tpm2.h | Exposes TPM2_ConstantCompare for unit testing via WOLFTPM_TEST_API. |
| tests/unit_tests.c | Adds coverage for constant-compare, HMAC, and param enc/dec round-trips. |
| src/tpm2_wrap.c | Clears sensitive createIn.inSensitive on early error returns. |
| src/tpm2_param_enc.c | Makes low-level param enc/dec helpers externally linkable (for tests). |
| src/tpm2_packet.c | Improves robustness of PCR selection parsing when wire count exceeds capacity. |
| src/tpm2.c | Improves robustness of PCR property parsing when wire count exceeds capacity. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 9 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #477
Scan targets checked: wolftpm-bugs, wolftpm-consttime, wolftpm-defaults, wolftpm-mutation, wolftpm-proptest, wolftpm-src, wolftpm-zeroize
Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
dgarske
force-pushed
the
fenrir_20260408
branch
from
6c25a5e to
48d1644
Compare
Fenrir fixes: F-2513, F-2514, F-2529, F-2534, F-2522, F-2515, F-2516, F-2520, F-2521